fix: Matrix server fix

feat: Update to latest nix
feat: Added matrix
2026-02-11 03:55:29 +05:30 · 2026-02-10 23:14:12 +05:30 · 2026-02-10 22:25:37 +05:30 · 2026-02-10 14:24:39 +05:30
22 changed files with 402 additions and 831 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -217,11 +217,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1769428758,
-        "narHash": "sha256-0G/GzF7lkWs/yl82bXuisSqPn6sf8YGTnbEdFOXvOfU=",
+        "lastModified": 1770411700,
+        "narHash": "sha256-VpeOlyospHF+vxE+xEGEy0utMN0d/FUDvD2dOg9ZiIo=",
        "owner": "hyprwm",
        "repo": "aquamarine",
-        "rev": "def5e74c97370f15949a67c62e61f1459fcb0e15",
+        "rev": "b91f570bb7885df9e4a512d6e95a13960a5bdca0",
        "type": "github"
      },
      "original": {
@@ -436,11 +436,11 @@
    },
    "crane_3": {
      "locked": {
-        "lastModified": 1769737823,
-        "narHash": "sha256-DrBaNpZ+sJ4stXm+0nBX7zqZT9t9P22zbk6m5YhQxS4=",
+        "lastModified": 1770419512,
+        "narHash": "sha256-o8Vcdz6B6bkiGUYkZqFwH3Pv1JwZyXht3dMtS7RchIo=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "b2f45c3830aa96b7456a4c4bc327d04d7a43e1ba",
+        "rev": "2510f2cbc3ccd237f700bb213756a8f35c32d8d7",
        "type": "github"
      },
      "original": {
@@ -521,10 +521,10 @@
    "crates-io-index": {
      "flake": false,
      "locked": {
-        "lastModified": 1770382813,
-        "narHash": "sha256-u0/nmEjtbHrDlXtpbQAEDd1Ry7sGc0nDAi/7RwBkNUk=",
+        "lastModified": 1770742742,
+        "narHash": "sha256-UbbBZtLHnTEb4uQK6Bq/ISG+awckYSMupZ8xscuFG0E=",
        "ref": "refs/heads/master",
-        "rev": "59f68c46f1c53b597a6378424d5ef06c0cf261f6",
+        "rev": "54ba84454081fb1af67158516b80d26ff62ed86c",
        "shallow": true,
        "type": "git",
        "url": "https://github.com/rust-lang/crates.io-index"
@@ -558,11 +558,11 @@
    "csshacks": {
      "flake": false,
      "locked": {
-        "lastModified": 1768572660,
-        "narHash": "sha256-VlxdEeMqgRclKQqnKDhBXQ+19ce35ZFdC6SaKg2skUk=",
+        "lastModified": 1770449357,
+        "narHash": "sha256-GwF3Z3ZE7zEQiZ8qgUZOVY4TVYdz4V9sKj1b3A0vKxc=",
        "owner": "MrOtherGuy",
        "repo": "firefox-csshacks",
-        "rev": "bcb85f04764802557fc1d1dff6f53461065e4893",
+        "rev": "4d1fbb167913664f8414d0211078ebd271af5762",
        "type": "github"
      },
      "original": {
@@ -684,11 +684,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770369171,
-        "narHash": "sha256-7n0QQ0uAp6rmNLa34G2k2HCHo6rEyeepZ5ioGV4pZPQ=",
+        "lastModified": 1770733463,
+        "narHash": "sha256-LA2SmNxTEP1MM1K44ADc7P+VtXxCJNHYqpIHjWMv//A=",
        "owner": "christo-auer",
        "repo": "eilmeldung",
-        "rev": "3b2ebc95618a79e3e0a601b82f09158c1bf87e2c",
+        "rev": "30b28cbc3795a7f71a137a61cee2c2e76a2b9464",
        "type": "github"
      },
      "original": {
@@ -972,7 +972,7 @@
    "flake-parts_10": {
      "inputs": {
        "nixpkgs-lib": [
-          "stylix",
+          "stylix-stable",
          "nixpkgs"
        ]
      },
@@ -992,28 +992,7 @@
    },
    "flake-parts_11": {
      "inputs": {
-        "nixpkgs-lib": [
-          "stylix-stable",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1767609335,
-        "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "rev": "250481aafeb741edfe23d29195671c19b36b6dca",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "type": "github"
-      }
-    },
-    "flake-parts_12": {
-      "inputs": {
-        "nixpkgs-lib": "nixpkgs-lib_6"
+        "nixpkgs-lib": "nixpkgs-lib_5"
      },
      "locked": {
        "lastModified": 1768135262,
@@ -1108,23 +1087,6 @@
      "inputs": {
        "nixpkgs-lib": "nixpkgs-lib_4"
      },
-      "locked": {
-        "lastModified": 1767609335,
-        "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "rev": "250481aafeb741edfe23d29195671c19b36b6dca",
-        "type": "github"
-      },
-      "original": {
-        "id": "flake-parts",
-        "type": "indirect"
-      }
-    },
-    "flake-parts_7": {
-      "inputs": {
-        "nixpkgs-lib": "nixpkgs-lib_5"
-      },
      "locked": {
        "lastModified": 1769996383,
        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
@@ -1139,7 +1101,7 @@
        "type": "github"
      }
    },
-    "flake-parts_8": {
+    "flake-parts_7": {
      "inputs": {
        "nixpkgs-lib": [
          "nixvim",
@@ -1160,7 +1122,7 @@
        "type": "github"
      }
    },
-    "flake-parts_9": {
+    "flake-parts_8": {
      "inputs": {
        "nixpkgs-lib": [
          "nur",
@@ -1181,6 +1143,27 @@
        "type": "github"
      }
    },
+    "flake-parts_9": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "stylix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1767609335,
+        "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "250481aafeb741edfe23d29195671c19b36b6dca",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
    "flake-utils": {
      "inputs": {
        "systems": "systems_2"
@@ -1544,11 +1527,11 @@
        "zon2nix": "zon2nix"
      },
      "locked": {
-        "lastModified": 1770319677,
-        "narHash": "sha256-K2T07Lro9TBPZmWDet72HWG4doAO9w9JlIP9HsJh6CE=",
+        "lastModified": 1770681729,
+        "narHash": "sha256-YWvUP9K+K34t8wgEksXfIWjNoAdKaZ2g94chE6ruN1A=",
        "owner": "ghostty-org",
        "repo": "ghostty",
-        "rev": "3cc01155bf3c903d533e6896aa378e36357bd278",
+        "rev": "41924c2d0ec50a4268250b90cf46d7b4e60b61ba",
        "type": "github"
      },
      "original": {
@@ -1701,11 +1684,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770354686,
-        "narHash": "sha256-5Z5IjaNFi1PYPsWnwQCQKdB62G1VknZGRSWTl2yki+I=",
+        "lastModified": 1770567116,
+        "narHash": "sha256-jM6Y8cZJRE62YPekbWn92HJaPBW99ddOXsyaXiLEdxI=",
        "owner": "tale",
        "repo": "headplane",
-        "rev": "fad0c99fc92ddd00b7b982493ad90a4361eb6fb1",
+        "rev": "931a7f8d142655744087896dca1b0495a1f94379",
        "type": "github"
      },
      "original": {
@@ -1722,11 +1705,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768068402,
-        "narHash": "sha256-bAXnnJZKJiF7Xr6eNW6+PhBf1lg2P1aFUO9+xgWkXfA=",
+        "lastModified": 1770586272,
+        "narHash": "sha256-Ucci8mu8QfxwzyfER2DQDbvW9t1BnTUJhBmY7ybralo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "8bc5473b6bc2b6e1529a9c4040411e1199c43b4c",
+        "rev": "b1f916ba052341edc1f80d4b2399f1092a4873ca",
        "type": "github"
      },
      "original": {
@@ -1763,11 +1746,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770318660,
-        "narHash": "sha256-yFVde8QZK7Dc0Xa8eQDsmxLX4NJNfL1NKfctSyiQgMY=",
+        "lastModified": 1770654520,
+        "narHash": "sha256-mg5WZMIPGsFu9MxSrUcuJUPMbfMsF77el5yb/7rc10k=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "471e6a065f9efed51488d7c51a9abbd387df91b8",
+        "rev": "6c4fdbe1ad198fac36c320fd45c5957324a80b8e",
        "type": "github"
      },
      "original": {
@@ -1842,11 +1825,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1769284023,
-        "narHash": "sha256-xG34vwYJ79rA2wVC8KFuM8r36urJTG6/csXx7LiiSYU=",
+        "lastModified": 1770511807,
+        "narHash": "sha256-suKmSbSk34uPOJDTg/GbPrKEJutzK08vj0VoTvAFBCA=",
        "owner": "hyprwm",
        "repo": "hyprgraphics",
-        "rev": "13c536659d46893596412d180449353a900a1d31",
+        "rev": "7c75487edd43a71b61adb01cae8326d277aab683",
        "type": "github"
      },
      "original": {
@@ -1903,11 +1886,11 @@
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1770330959,
-        "narHash": "sha256-OPmJ6dBL615GGX7ENJXtJm4zeMv5uXDjmO8WB1MI5wM=",
+        "lastModified": 1770736405,
+        "narHash": "sha256-8PO3KC7WRVQLXLgosKY4pgXkh0qTiQFyBVDkE0KiEGE=",
        "owner": "hyprwm",
        "repo": "Hyprland",
-        "rev": "562171ab668e7ee98a9d2bbb62a9477ad2b1e24e",
+        "rev": "5b6c42ca70c3fbc0986760c2d0be8ab7c8b833b9",
        "type": "github"
      },
      "original": {
@@ -2156,11 +2139,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766253372,
-        "narHash": "sha256-1+p4Kw8HdtMoFSmJtfdwjxM4bPxDK9yg27SlvUMpzWA=",
+        "lastModified": 1770139857,
+        "narHash": "sha256-bCqxcXjavgz5KBJ/1CBLqnagMMf9JvU1m9HmYVASKoc=",
        "owner": "hyprwm",
        "repo": "hyprutils",
-        "rev": "51a4f93ce8572e7b12b7284eb9e6e8ebf16b4be9",
+        "rev": "9038eec033843c289b06b83557a381a2648d8fa5",
        "type": "github"
      },
      "original": {
@@ -2206,11 +2189,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1763640274,
-        "narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=",
+        "lastModified": 1770501770,
+        "narHash": "sha256-NWRM6+YxTRv+bT9yvlhhJ2iLae1B1pNH3mAL5wi2rlQ=",
        "owner": "hyprwm",
        "repo": "hyprwayland-scanner",
-        "rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671",
+        "rev": "0bd8b6cde9ec27d48aad9e5b4deefb3746909d40",
        "type": "github"
      },
      "original": {
@@ -2260,11 +2243,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1769202094,
-        "narHash": "sha256-gdJr/vWWLRW85ucatSjoBULPB2dqBJd/53CZmQ9t91Q=",
+        "lastModified": 1770203293,
+        "narHash": "sha256-PR/KER+yiHabFC/h1Wjb+9fR2Uy0lWM3Qld7jPVaWkk=",
        "owner": "hyprwm",
        "repo": "hyprwire",
-        "rev": "a45ca05050d22629b3c7969a926d37870d7dd75c",
+        "rev": "37bc90eed02b0c8b5a77a0b00867baf3005cfb98",
        "type": "github"
      },
      "original": {
@@ -2278,11 +2261,11 @@
        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
-        "lastModified": 1770238404,
-        "narHash": "sha256-/ajGYszaZxjboxwNsMaw/EBn+BEp1YIe6geFthy/M6A=",
+        "lastModified": 1770408363,
+        "narHash": "sha256-ocMI5t0EBxao7dRRnQi7Aa9jpBvtSZmOpPbXx8fbOjw=",
        "owner": "JPyke3",
        "repo": "hytale-launcher-nix",
-        "rev": "bfb52bff72c572f71f621ea7654ea760bc848118",
+        "rev": "89db7a709e20525f145ea8ba729f32f8c6b43ac6",
        "type": "github"
      },
      "original": {
@@ -2299,11 +2282,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770371304,
-        "narHash": "sha256-XmgVIW3YiG+ISPn8ar68gZoXcRjCQbEL9pn8p2spJuc=",
+        "lastModified": 1770650416,
+        "narHash": "sha256-VlQQjYBxJZs1Xy9MxfCLhsskhmNVhoIvjrnsFFqTnPg=",
        "owner": "ikawrakow",
        "repo": "ik_llama.cpp",
-        "rev": "c5d74f66e2291903ace95f72b4f46ceea5102e52",
+        "rev": "1fdbc0dafed3d3e6fae0adb14e08f262d7f412b8",
        "type": "github"
      },
      "original": {
@@ -2345,11 +2328,11 @@
        "rust-overlay": "rust-overlay_5"
      },
      "locked": {
-        "lastModified": 1770064250,
-        "narHash": "sha256-3HB6gfnKZnwDoH77lnJktJtQWEZ+D35Oi53pNF6YwO4=",
+        "lastModified": 1770734117,
+        "narHash": "sha256-PNXSnK507MRj+hYMgnUR7InNJzVCmOfsjHV4YXZgpwQ=",
        "owner": "nix-community",
        "repo": "lanzaboote",
-        "rev": "9985b98c74dcc7b1c7ccfe8693daf37caa4ed2ea",
+        "rev": "2038a9a19adb886eccba775321b055fdbdc5029d",
        "type": "github"
      },
      "original": {
@@ -2380,27 +2363,6 @@
        "type": "github"
      }
    },
-    "mixid": {
-      "inputs": {
-        "flake-parts": "flake-parts_6",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1768471435,
-        "narHash": "sha256-gf0oCl8LrBDaEVxtDLa9eR8wNC7ropbsYsI2ILXPjWk=",
-        "owner": "leguteape",
-        "repo": "MixiD",
-        "rev": "32d049213cdf4d4d25f310609749daa72f26cf65",
-        "type": "github"
-      },
-      "original": {
-        "owner": "leguteape",
-        "repo": "MixiD",
-        "type": "github"
-      }
-    },
    "music-player": {
      "inputs": {
        "advisory-db": "advisory-db_3",
@@ -2534,18 +2496,18 @@
    },
    "nix-auth": {
      "inputs": {
-        "flake-parts": "flake-parts_7",
+        "flake-parts": "flake-parts_6",
        "nixpkgs": [
          "nixpkgs"
        ],
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1770347447,
-        "narHash": "sha256-aUYkK2CgIIcBLX3kUsm+sYXB9h3rDVniuzmTWnvG81U=",
+        "lastModified": 1770607034,
+        "narHash": "sha256-kXsl3BQdgXrJwwlhxS/s58rEx4EFbNoyQThmJ6AJO9I=",
        "owner": "numtide",
        "repo": "nix-auth",
-        "rev": "765091d6e0c1fb97b1e6a1a724c1cabf980f4db2",
+        "rev": "d867419fc5f8f1831798d7df8ffd62b13a1fd63b",
        "type": "github"
      },
      "original": {
@@ -2561,11 +2523,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770184146,
-        "narHash": "sha256-DsqnN6LvXmohTRaal7tVZO/AKBuZ02kPBiZKSU4qa/k=",
+        "lastModified": 1770736414,
+        "narHash": "sha256-x5xdJgUxNflO9j2sJHIHnPujDy6eAWJPCMQml5y9XB4=",
        "owner": "LnL7",
        "repo": "nix-darwin",
-        "rev": "0d7874ef7e3ba02d58bebb871e6e29da36fa1b37",
+        "rev": "7c952d9a524ffbbd5b5edca38fe6d943499585cc",
        "type": "github"
      },
      "original": {
@@ -2683,11 +2645,11 @@
        "systems": "systems_16"
      },
      "locked": {
-        "lastModified": 1770172907,
-        "narHash": "sha256-rqYl9B+4shcM5b6OYjT+qdsdQNJ7SY64/xcPIb96NzU=",
+        "lastModified": 1770520993,
+        "narHash": "sha256-ks1ZFBYlBmQ4CAM4WSmCFUtkUJzbmJ0VJH/JkKVMPqY=",
        "owner": "Infinidoge",
        "repo": "nix-minecraft",
-        "rev": "8958a5a4259e1aebf4916823bf463faaf2538566",
+        "rev": "b32f4325880b4fac47b8736161a8f032dd248b70",
        "type": "github"
      },
      "original": {
@@ -2815,21 +2777,6 @@
      }
    },
    "nixpkgs-lib_4": {
-      "locked": {
-        "lastModified": 1765674936,
-        "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "type": "github"
-      }
-    },
-    "nixpkgs-lib_5": {
      "locked": {
        "lastModified": 1769909678,
        "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
@@ -2844,7 +2791,7 @@
        "type": "github"
      }
    },
-    "nixpkgs-lib_6": {
+    "nixpkgs-lib_5": {
      "locked": {
        "lastModified": 1765674936,
        "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
@@ -2861,11 +2808,11 @@
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1770380644,
-        "narHash": "sha256-P7dWMHRUWG5m4G+06jDyThXO7kwSk46C1kgjEWcybkE=",
+        "lastModified": 1770742498,
+        "narHash": "sha256-ree7fFZebEUNtRE17RPBLTKba9Q1tzq+8joNVuty3mc=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "ae67888ff7ef9dff69b3cf0cc0fbfbcd3a722abe",
+        "rev": "47ceb79aa04d337054647b4b1340b9224cca4e95",
        "type": "github"
      },
      "original": {
@@ -2877,11 +2824,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1770136044,
-        "narHash": "sha256-tlFqNG/uzz2++aAmn4v8J0vAkV3z7XngeIIB3rM3650=",
+        "lastModified": 1770617025,
+        "narHash": "sha256-1jZvgZoAagZZB6NwGRv2T2ezPy+X6EFDsJm+YSlsvEs=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "e576e3c9cf9bad747afcddd9e34f51d18c855b4e",
+        "rev": "2db38e08fdadcc0ce3232f7279bab59a15b94482",
        "type": "github"
      },
      "original": {
@@ -2903,11 +2850,11 @@
        "treefmt-nix": "treefmt-nix_2"
      },
      "locked": {
-        "lastModified": 1770084921,
-        "narHash": "sha256-BfbUL69IOa+LnnAaxt2/ylbC/KhMGr3soe8n11avJME=",
+        "lastModified": 1770545338,
+        "narHash": "sha256-cB/ARkxz+dcGgXJGbBardJdiuzXM/nKbXzZMUDtuD60=",
        "owner": "nix-community",
        "repo": "nixpkgs-xr",
-        "rev": "88eabef1f8415752a0a3ea537e4c62a62b353205",
+        "rev": "a491d518a767077a88a8c0c0b512704dc6dccf2e",
        "type": "github"
      },
      "original": {
@@ -2918,11 +2865,11 @@
    },
    "nixpkgs_10": {
      "locked": {
-        "lastModified": 1770169770,
-        "narHash": "sha256-awR8qIwJxJJiOmcEGgP2KUqYmHG4v/z8XpL9z8FnT1A=",
+        "lastModified": 1770380644,
+        "narHash": "sha256-P7dWMHRUWG5m4G+06jDyThXO7kwSk46C1kgjEWcybkE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "aa290c9891fa4ebe88f8889e59633d20cc06a5f2",
+        "rev": "ae67888ff7ef9dff69b3cf0cc0fbfbcd3a722abe",
        "type": "github"
      },
      "original": {
@@ -2966,11 +2913,11 @@
    },
    "nixpkgs_13": {
      "locked": {
-        "lastModified": 1770197578,
-        "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=",
+        "lastModified": 1770562336,
+        "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2",
+        "rev": "d6c71932130818840fc8fe9509cf50be8c64634f",
        "type": "github"
      },
      "original": {
@@ -2998,11 +2945,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1768032153,
-        "narHash": "sha256-zvxtwlM8ZlulmZKyYCQAPpkm5dngSEnnHjmjV7Teloc=",
-        "rev": "3146c6aa9995e7351a398e17470e15305e6e18ff",
+        "lastModified": 1770537093,
+        "narHash": "sha256-XV30uo8tXuxdzuV8l3sojmlPRLd/8tpMsOp4lNzLGUo=",
+        "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51",
        "type": "tarball",
-        "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre925418.3146c6aa9995/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre942631.fef9403a3e4d/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
@@ -3027,11 +2974,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1770115704,
-        "narHash": "sha256-KHFT9UWOF2yRPlAnSXQJh6uVcgNcWlFqqiAZ7OVlHNc=",
+        "lastModified": 1770197578,
+        "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e6eae2ee2110f3d31110d5c222cd395303343b08",
+        "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2",
        "type": "github"
      },
      "original": {
@@ -3107,11 +3054,11 @@
    },
    "nixpkgs_9": {
      "locked": {
-        "lastModified": 1770197578,
-        "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=",
+        "lastModified": 1770562336,
+        "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2",
+        "rev": "d6c71932130818840fc8fe9509cf50be8c64634f",
        "type": "github"
      },
      "original": {
@@ -3123,16 +3070,16 @@
    },
    "nixvim": {
      "inputs": {
-        "flake-parts": "flake-parts_8",
+        "flake-parts": "flake-parts_7",
        "nixpkgs": "nixpkgs_10",
        "systems": "systems_18"
      },
      "locked": {
-        "lastModified": 1770382346,
-        "narHash": "sha256-p7IPuVdkOPMx4gjnitE24lRcvn+ABFTeBc3DPiz08gg=",
+        "lastModified": 1770630823,
+        "narHash": "sha256-5SEmOnJ61vmbap39vzWEsCX5UQ+3Ul8J4mXWKdqSn3w=",
        "owner": "nix-community",
        "repo": "nixvim",
-        "rev": "84eb6452937804c4ee8ee6ffc7c481e234560aab",
+        "rev": "6acc964664ac916c64fe4e394edd467af4d90790",
        "type": "github"
      },
      "original": {
@@ -3153,11 +3100,11 @@
        "norg-meta": "norg-meta"
      },
      "locked": {
-        "lastModified": 1770256801,
-        "narHash": "sha256-f+ZIddTw5bA5ALUiCSPdOFibZJ0Q6G49THpf5u6WeiQ=",
+        "lastModified": 1770575720,
+        "narHash": "sha256-qOY9yiJe7WjqIDS8dqB5rCuOgPz+lsnQ2UOm0R7Um8U=",
        "owner": "nvim-neorg",
        "repo": "nixpkgs-neorg-overlay",
-        "rev": "cf06a40ed073f4f21f3d317aa0e4f2a7d2ca244e",
+        "rev": "5d00faace5a0c1829cab8965ec374fc793a395c6",
        "type": "github"
      },
      "original": {
@@ -3209,15 +3156,15 @@
    },
    "nur": {
      "inputs": {
-        "flake-parts": "flake-parts_9",
+        "flake-parts": "flake-parts_8",
        "nixpkgs": "nixpkgs_13"
      },
      "locked": {
-        "lastModified": 1770376919,
-        "narHash": "sha256-HIl5WjXWG5BByt3p72/pPgawlxZnTQ3ipWb2/SJpjlE=",
+        "lastModified": 1770739601,
+        "narHash": "sha256-4uVNFZtsvXSHSxA8l6VuoTtOi26R5nociCLwtyGn/b0=",
        "owner": "nix-community",
        "repo": "nur",
-        "rev": "34df4251f8540cc17fe55e635a937b6b34b58aaf",
+        "rev": "6218df09299ada44145a6a9a0a5574cde2e76a1b",
        "type": "github"
      },
      "original": {
@@ -3392,11 +3339,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1769069492,
-        "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=",
+        "lastModified": 1769939035,
+        "narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23",
+        "rev": "a8ca480175326551d6c4121498316261cbb5b260",
        "type": "github"
      },
      "original": {
@@ -3451,7 +3398,6 @@
        "ironbar": "ironbar",
        "lanzaboote": "lanzaboote",
        "llama-cpp": "llama-cpp",
-        "mixid": "mixid",
        "music-player": "music-player",
        "musnix": "musnix",
        "navigator": "navigator",
@@ -3617,11 +3563,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770001842,
-        "narHash": "sha256-ZAyTeILfdWwDp1nuF0RK3McBduMi49qnJvrS+3Ezpac=",
+        "lastModified": 1770520253,
+        "narHash": "sha256-6rWuHgSENXKnC6HGGAdRolQrnp/8IzscDn7FQEo1uEQ=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "5018343419ea808f8a413241381976b7e60951f2",
+        "rev": "ebb8a141f60bb0ec33836333e0ca7928a072217f",
        "type": "github"
      },
      "original": {
@@ -3664,11 +3610,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770347142,
-        "narHash": "sha256-uz+ZSqXpXEPtdRPYwvgsum/CfNq7AUQ/0gZHqTigiPM=",
+        "lastModified": 1770693064,
+        "narHash": "sha256-Pomhlz+3/6uRJUhKz/kJwmJUux8GTWbXlCX4/RxlXLo=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "2859683cd9ef7858d324c5399b0d8d6652bf4044",
+        "rev": "a5f6d8a6a6868db2a3055cfe2b5dd01422780433",
        "type": "github"
      },
      "original": {
@@ -3726,11 +3672,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770145881,
-        "narHash": "sha256-ktjWTq+D5MTXQcL9N6cDZXUf9kX8JBLLBLT0ZyOTSYY=",
+        "lastModified": 1770683991,
+        "narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "17eea6f3816ba6568b8c81db8a4e6ca438b30b7c",
+        "rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033",
        "type": "github"
      },
      "original": {
@@ -3746,7 +3692,7 @@
        "base16-helix": "base16-helix",
        "base16-vim": "base16-vim",
        "firefox-gnome-theme": "firefox-gnome-theme",
-        "flake-parts": "flake-parts_10",
+        "flake-parts": "flake-parts_9",
        "gnome-shell": "gnome-shell",
        "nixpkgs": [
          "nixpkgs"
@@ -3760,11 +3706,11 @@
        "tinted-zed": "tinted-zed"
      },
      "locked": {
-        "lastModified": 1770382623,
-        "narHash": "sha256-NB9j2JsIcSPcY7FzzoIqJA04p4xSdJpgyLAwzzzncpc=",
+        "lastModified": 1770587906,
+        "narHash": "sha256-N9ZTG3ia7l4iQO+9JlOj+sX4yu6gl7a3aozrlhSIJwQ=",
        "owner": "nix-community",
        "repo": "stylix",
-        "rev": "05c798e0074296df9bfc6ef3df0e936b878b835a",
+        "rev": "72e6483a88d51471a6c55e1d43e7ed2bc47a76a4",
        "type": "github"
      },
      "original": {
@@ -3780,7 +3726,7 @@
        "base16-helix": "base16-helix_2",
        "base16-vim": "base16-vim_2",
        "firefox-gnome-theme": "firefox-gnome-theme_2",
-        "flake-parts": "flake-parts_11",
+        "flake-parts": "flake-parts_10",
        "gnome-shell": "gnome-shell_2",
        "nixpkgs": [
          "nixpkgs-stable"
@@ -4404,11 +4350,11 @@
    "tree-sitter-just": {
      "flake": false,
      "locked": {
-        "lastModified": 1770056803,
-        "narHash": "sha256-H8aAmI8/D2/3eeR4Nn/q8JNPbJjKEyV6/QX608Ikbm4=",
+        "lastModified": 1770661194,
+        "narHash": "sha256-cul4U1V42l/nYcCvs2eVA09qSrPi34t0eJ/Pr/Ewfhc=",
        "owner": "IndianBoy42",
        "repo": "tree-sitter-just",
-        "rev": "fe94f5230d97ff9fc7bee8c57e650dff615ed7cc",
+        "rev": "60df3d5b3fda2a22fdb3621226cafab50b763663",
        "type": "github"
      },
      "original": {
@@ -4491,11 +4437,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1769691507,
-        "narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=",
+        "lastModified": 1770228511,
+        "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b",
+        "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7",
        "type": "github"
      },
      "original": {
@@ -4544,11 +4490,11 @@
        "systems": "systems_24"
      },
      "locked": {
-        "lastModified": 1770341176,
-        "narHash": "sha256-ZS3WnNMOuH/h7aKno2aDGvfs96nItfVJB/HHDwJfODQ=",
+        "lastModified": 1770723197,
+        "narHash": "sha256-l7NgMCr9paBM8IhvEb7lthpcxfBbyBJUybBmX9shZ4I=",
        "owner": "vicinaehq",
        "repo": "vicinae",
-        "rev": "49c452bf0cd6083de91ca22113397b4e31c9dccf",
+        "rev": "6fed5fe7c2ec4b9435885b963b8cfc7f9eec5579",
        "type": "github"
      },
      "original": {
@@ -4575,7 +4521,7 @@
    },
    "wivrn": {
      "inputs": {
-        "flake-parts": "flake-parts_12",
+        "flake-parts": "flake-parts_11",
        "nixpkgs": [
          "nixpkgs"
        ]
@@ -4659,11 +4605,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770382887,
-        "narHash": "sha256-on4vg7ctpMPzKWcvXPtV095aal6KUPDSKV9+I8HhQtY=",
+        "lastModified": 1770707140,
+        "narHash": "sha256-3ZRA2+o5p1+FKWx988WbwB1SQ2Mz5aL95zxhL5iD+O0=",
        "owner": "0xc000022070",
        "repo": "zen-browser-flake",
-        "rev": "58aa8fb418e2853382d52453a6a7739125f2b8e0",
+        "rev": "db14437f8667f7f09784e2a4e73c105bdc1c7023",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -252,10 +252,6 @@
    hytale-launcher = {
      url = "github:JPyke3/hytale-launcher-nix";
    };
-    mixid = {
-      url = "github:leguteape/MixiD";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
  };

  outputs = {
--- a/home/apps/default.nix
+++ b/home/apps/default.nix
@@ -32,6 +32,7 @@ lib.optionalAttrs device.hasGui {
    ./lmstudio.nix
    ./mpv.nix
    ./nextcloud.nix
+    ./matrix.nix
    ./obs-studio.nix
    ./orcaslicer.nix
    ./prismlauncher.nix
--- a/home/apps/matrix.nix
+++ b/home/apps/matrix.nix
@@ -0,0 +1,7 @@
+{pkgs, ...}: {
+  home.packages = [
+    pkgs.fluffychat
+    pkgs.fractal
+    # pkgs.quaternion
+  ];
+}
--- a/home/programs/default.nix
+++ b/home/programs/default.nix
@@ -4,7 +4,25 @@
  ...
 }: {
  imports = [
+    # ./bluetui.nix
+    # ./goread.nix
+    # ./helix.nix
+    # ./magika.nix
+    # ./mpd.nix
+    # ./mpris-scrobbler.nix
+    # ./ncmpcpp.nix
+    # ./newsboat.nix
+    # ./nh.nix
+    # ./ryujinx.nix
+    # ./sxiv.nix
+    # ./tea.nix
+    # ./template.nix
+    # ./tuifeed.nix
+    # ./xh.nix
+    # ./zellij.nix
+
    ../../modules
+
    ./1password-cli.nix
    ./aichat.nix
    ./alejandra.nix
@@ -60,21 +78,5 @@
    ./yazi.nix
    ./yt-dlp.nix
    ./zoxide.nix
-    # ./bluetui.nix
-    # ./goread.nix
-    # ./helix.nix
-    # ./magika.nix
-    # ./mpd.nix
-    # ./mpris-scrobbler.nix
-    # ./ncmpcpp.nix
-    # ./newsboat.nix
-    # ./nh.nix
-    # ./ryujinx.nix
-    # ./sxiv.nix
-    # ./tea.nix
-    # ./template.nix
-    # ./tuifeed.nix
-    # ./xh.nix
-    # ./zellij.nix
  ];
 }
--- a/home/services/hyprpaper.nix
+++ b/home/services/hyprpaper.nix
@@ -9,6 +9,7 @@
    nextcloudWallpapers = name: config.home.homeDirectory + "/Nextcloud/Wallpapers/" + name;
    # silksongFleas = nextcloudWallpapers "silksong-fleas.jpg";
    bocchiVertical = nextcloudWallpapers "bocchi-vertical.jpg";
+    silksongShadeLord = nextcloudWallpapers "silksong-shadelord.jpg";
  in {
    enable = device.is "ryu";
    settings = {
@@ -16,7 +17,7 @@
      wallpaper = [
        {
          monitor = device.monitors.primary;
-          path = wallpapers.skull;
+          path = silksongShadeLord;
          fit_mode = "cover";
        }
        {
--- a/2
+++ b/2
@@ -41,3 +41,5 @@ add program:
    alejandra fmt home/programs/{{program}}.nix home/programs/default.nix
    git add home/programs/{{program}}.nix 

+# add-secret secret:
+#     openssl rand -hex 32 | tr -d '\n' | jq -sR | sops set --value-stdin secrets/secrets.yaml {{secret}}
--- a/modules/nixos/caddy/default.nix
+++ b/modules/nixos/caddy/default.nix
@@ -1,480 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-with lib; let
-  cfg = config.services.caddy;
-
-  certs = config.security.acme.certs;
-  virtualHosts = attrValues cfg.virtualHosts;
-  acmeEnabledVhosts = filter (hostOpts: hostOpts.useACMEHost != null) virtualHosts;
-  vhostCertNames = unique (map (hostOpts: hostOpts.useACMEHost) acmeEnabledVhosts);
-  dependentCertNames = filter (cert: certs.${cert}.dnsProvider == null) vhostCertNames; # those that might depend on the HTTP server
-  independentCertNames = filter (cert: certs.${cert}.dnsProvider != null) vhostCertNames; # those that don't depend on the HTTP server
-
-  mkVHostConf = hostOpts: let
-    sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory;
-  in ''
-    ${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} {
-      ${optionalString (
-      hostOpts.listenAddresses != []
-    ) "bind ${concatStringsSep " " hostOpts.listenAddresses}"}
-      ${optionalString (
-      hostOpts.useACMEHost != null
-    ) "tls ${sslCertDir}/cert.pem ${sslCertDir}/key.pem"}
-      log {
-        ${hostOpts.logFormat}
-      }
-
-      ${hostOpts.extraConfig}
-    }
-  '';
-
-  settingsFormat = pkgs.formats.json {};
-
-  configFile =
-    if cfg.settings != {}
-    then settingsFormat.generate "caddy.json" cfg.settings
-    else let
-      Caddyfile = pkgs.writeTextDir "Caddyfile" ''
-        {
-          ${cfg.globalConfig}
-        }
-        ${cfg.extraConfig}
-        ${concatMapStringsSep "\n" mkVHostConf virtualHosts}
-      '';
-
-      Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" {} ''
-        mkdir -p $out
-        cp --no-preserve=mode ${Caddyfile}/Caddyfile $out/Caddyfile
-        ${lib.getExe cfg.package} fmt --overwrite $out/Caddyfile
-      '';
-    in "${
-      if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform
-      then Caddyfile-formatted
-      else Caddyfile
-    }/Caddyfile";
-
-  etcConfigFile = "caddy/caddy_config";
-
-  configPath = "/etc/${etcConfigFile}";
-
-  mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix lib;
-in {
-  imports = [
-    (mkRemovedOptionModule [
-      "services"
-      "caddy"
-      "agree"
-    ] "this option is no longer necessary for Caddy 2")
-    (mkRenamedOptionModule ["services" "caddy" "ca"] ["services" "caddy" "acmeCA"])
-    (mkRenamedOptionModule ["services" "caddy" "config"] ["services" "caddy" "extraConfig"])
-  ];
-
-  # interface
-  options.services.caddy = {
-    enable = mkEnableOption "Caddy web server";
-
-    user = mkOption {
-      default = "caddy";
-      type = types.str;
-      description = ''
-        User account under which caddy runs.
-
-        ::: {.note}
-        If left as the default value this user will automatically be created
-        on system activation, otherwise you are responsible for
-        ensuring the user exists before the Caddy service starts.
-        :::
-      '';
-    };
-
-    group = mkOption {
-      default = "caddy";
-      type = types.str;
-      description = ''
-        Group under which caddy runs.
-
-        ::: {.note}
-        If left as the default value this group will automatically be created
-        on system activation, otherwise you are responsible for
-        ensuring the group exists before the Caddy service starts.
-        :::
-      '';
-    };
-
-    package = mkPackageOption pkgs "caddy" {};
-
-    dataDir = mkOption {
-      type = types.path;
-      default = "/var/lib/caddy";
-      description = ''
-        The data directory for caddy.
-
-        ::: {.note}
-        If left as the default value this directory will automatically be created
-        before the Caddy server starts, otherwise you are responsible for ensuring
-        the directory exists with appropriate ownership and permissions.
-
-        Caddy v2 replaced `CADDYPATH` with XDG directories.
-        See <https://caddyserver.com/docs/conventions#file-locations>.
-        :::
-      '';
-    };
-
-    logDir = mkOption {
-      type = types.path;
-      default = "/var/log/caddy";
-      description = ''
-        Directory for storing Caddy access logs.
-
-        ::: {.note}
-        If left as the default value this directory will automatically be created
-        before the Caddy server starts, otherwise the sysadmin is responsible for
-        ensuring the directory exists with appropriate ownership and permissions.
-        :::
-      '';
-    };
-
-    logFormat = mkOption {
-      type = types.lines;
-      default = ''
-        level ERROR
-      '';
-      example = literalExpression ''
-        mkForce "level INFO";
-      '';
-      description = ''
-        Configuration for the default logger. See
-        <https://caddyserver.com/docs/caddyfile/options#log>
-        for details.
-      '';
-    };
-
-    configFile = mkOption {
-      type = types.path;
-      default = configFile;
-      defaultText = "A Caddyfile automatically generated by values from services.caddy.*";
-      example = literalExpression ''
-        pkgs.writeText "Caddyfile" '''
-          example.com
-
-          root * /var/www/wordpress
-          php_fastcgi unix//run/php/php-version-fpm.sock
-          file_server
-        ''';
-      '';
-      description = ''
-        Override the configuration file used by Caddy. By default,
-        NixOS generates one automatically.
-
-        The configuration file is exposed at {file}`${configPath}`.
-      '';
-    };
-
-    adapter = mkOption {
-      default =
-        if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile")
-        then "caddyfile"
-        else null;
-      defaultText = literalExpression ''
-        if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile") then "caddyfile" else null
-      '';
-      example = literalExpression "nginx";
-      type = with types; nullOr str;
-      description = ''
-        Name of the config adapter to use.
-        See <https://caddyserver.com/docs/config-adapters>
-        for the full list.
-
-        If `null` is specified, the `--adapter` argument is omitted when
-        starting or restarting Caddy. Notably, this allows specification of a
-        configuration file in Caddy's native JSON format, as long as the
-        filename does not start with `Caddyfile` (in which case the `caddyfile`
-        adapter is implicitly enabled). See
-        <https://caddyserver.com/docs/command-line#caddy-run> for details.
-
-        ::: {.note}
-        Any value other than `null` or `caddyfile` is only valid when providing
-        your own `configFile`.
-        :::
-      '';
-    };
-
-    resume = mkOption {
-      default = false;
-      type = types.bool;
-      description = ''
-        Use saved config, if any (and prefer over any specified configuration passed with `--config`).
-      '';
-    };
-
-    globalConfig = mkOption {
-      type = types.lines;
-      default = "";
-      example = ''
-        debug
-        servers {
-          protocol {
-            experimental_http3
-          }
-        }
-      '';
-      description = ''
-        Additional lines of configuration appended to the global config section
-        of the `Caddyfile`.
-
-        Refer to <https://caddyserver.com/docs/caddyfile/options#global-options>
-        for details on supported values.
-      '';
-    };
-
-    extraConfig = mkOption {
-      type = types.lines;
-      default = "";
-      example = ''
-        example.com {
-          encode gzip
-          log
-          root /srv/http
-        }
-      '';
-      description = ''
-        Additional lines of configuration appended to the automatically
-        generated `Caddyfile`.
-      '';
-    };
-
-    virtualHosts = mkOption {
-      type = with types; attrsOf (submodule (import ./vhost-options.nix {inherit cfg;}));
-      default = {};
-      example = literalExpression ''
-        {
-          "hydra.example.com" = {
-            serverAliases = [ "www.hydra.example.com" ];
-            extraConfig = '''
-              encode gzip
-              root * /srv/http
-            ''';
-          };
-        };
-      '';
-      description = ''
-        Declarative specification of virtual hosts served by Caddy.
-      '';
-    };
-
-    acmeCA = mkOption {
-      default = null;
-      example = "https://acme-v02.api.letsencrypt.org/directory";
-      type = with types; nullOr str;
-      description = ''
-        ::: {.note}
-        Sets the [`acme_ca` option](https://caddyserver.com/docs/caddyfile/options#acme-ca)
-        in the global options block of the resulting Caddyfile.
-        :::
-
-        The URL to the ACME CA's directory. It is strongly recommended to set
-        this to `https://acme-staging-v02.api.letsencrypt.org/directory` for
-        Let's Encrypt's [staging endpoint](https://letsencrypt.org/docs/staging-environment/)
-        while testing or in development.
-
-        Value `null` should be prefered for production setups,
-        as it omits the `acme_ca` option to enable
-        [automatic issuer fallback](https://caddyserver.com/docs/automatic-https#issuer-fallback).
-      '';
-    };
-
-    email = mkOption {
-      default = null;
-      type = with types; nullOr str;
-      description = ''
-        Your email address. Mainly used when creating an ACME account with your
-        CA, and is highly recommended in case there are problems with your
-        certificates.
-      '';
-    };
-
-    enableReload = mkOption {
-      default = true;
-      type = types.bool;
-      description = ''
-        Reload Caddy instead of restarting it when configuration file changes.
-
-        Note that enabling this option requires the [admin API](https://caddyserver.com/docs/caddyfile/options#admin)
-        to not be turned off.
-
-        If you enable this option, consider setting [`grace_period`](https://caddyserver.com/docs/caddyfile/options#grace-period)
-        to a non-infinite value in {option}`services.caddy.globalConfig`
-        to prevent Caddy waiting for active connections to finish,
-        which could delay the reload essentially indefinitely.
-      '';
-    };
-
-    settings = mkOption {
-      type = settingsFormat.type;
-      default = {};
-      description = ''
-        Structured configuration for Caddy to generate a Caddy JSON configuration file.
-        See <https://caddyserver.com/docs/json/> for available options.
-
-        ::: {.warning}
-        Using a [Caddyfile](https://caddyserver.com/docs/caddyfile) instead of a JSON config is highly recommended by upstream.
-        There are only very few exception to this.
-
-        Please use a Caddyfile via {option}`services.caddy.configFile`, {option}`services.caddy.virtualHosts` or
-        {option}`services.caddy.extraConfig` with {option}`services.caddy.globalConfig` instead.
-        :::
-
-        ::: {.note}
-        Takes presence over most `services.caddy.*` options, such as {option}`services.caddy.configFile` and {option}`services.caddy.virtualHosts`, if specified.
-        :::
-      '';
-    };
-
-    environmentFile = mkOption {
-      type = with types; nullOr path;
-      default = null;
-      example = "/run/secrets/caddy.env";
-      description = ''
-        Environment file as defined in {manpage}`systemd.exec(5)`.
-
-        You can use environment variables to pass secrets to the service without adding
-        them to the world-redable nix store.
-
-        ```
-        # in configuration.nix
-        services.caddy.environmentFile = "/run/secrets/caddy.env";
-        services.caddy.globalConfig = '''
-          {
-            acme_ca https://acme.zerossl.com/v2/DV90
-            acme_eab {
-              key_id {$EAB_KEY_ID}
-              mac_key {$EAB_MAC_KEY}
-            }
-          }
-        ''';
-        ```
-
-        ```
-        # in /run/secrets/caddy.env
-        EAB_KEY_ID=secret
-        EAB_MAC_KEY=secret
-        ```
-
-        Find more examples
-        [here](https://caddyserver.com/docs/caddyfile/concepts#environment-variables)
-      '';
-    };
-  };
-
-  # implementation
-  config = mkIf cfg.enable {
-    assertions =
-      [
-        {
-          assertion = cfg.configFile == configFile -> cfg.adapter == "caddyfile" || cfg.adapter == null;
-          message = "To specify an adapter other than 'caddyfile' please provide your own configuration via `services.caddy.configFile`";
-        }
-      ]
-      ++ map (
-        name:
-          mkCertOwnershipAssertion {
-            cert = config.security.acme.certs.${name};
-            groups = config.users.groups;
-            services = [config.systemd.services.caddy];
-          }
-      )
-      vhostCertNames;
-
-    services.caddy.globalConfig = ''
-      ${optionalString (cfg.email != null) "email ${cfg.email}"}
-      ${optionalString (cfg.acmeCA != null) "acme_ca ${cfg.acmeCA}"}
-      log {
-        ${cfg.logFormat}
-      }
-    '';
-
-    # https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
-    boot.kernel.sysctl."net.core.rmem_max" = mkDefault 2500000;
-    boot.kernel.sysctl."net.core.wmem_max" = mkDefault 2500000;
-
-    systemd.packages = [cfg.package];
-    systemd.services.caddy = {
-      wants = map (certName: "acme-finished-${certName}.target") vhostCertNames;
-      after =
-        map (certName: "acme-selfsigned-${certName}.service") vhostCertNames
-        ++ map (certName: "acme-${certName}.service") independentCertNames; # avoid loading self-signed key w/ real cert, or vice-versa
-      before = map (certName: "acme-${certName}.service") dependentCertNames;
-
-      wantedBy = ["multi-user.target"];
-      startLimitIntervalSec = 14400;
-      startLimitBurst = 10;
-      reloadTriggers = optional cfg.enableReload cfg.configFile;
-      restartTriggers = optional (!cfg.enableReload) cfg.configFile;
-
-      serviceConfig = let
-        runOptions = ''--config ${configPath} ${
-            optionalString (cfg.adapter != null) "--adapter ${cfg.adapter}"
-          }'';
-      in {
-        # Override the `ExecStart` line from upstream's systemd unit file by our own:
-        # https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
-        # If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
-        ExecStart = [
-          ""
-          ''${lib.getExe cfg.package} run ${runOptions} ${optionalString cfg.resume "--resume"}''
-        ];
-        # Validating the configuration before applying it ensures we’ll get a proper error that will be reported when switching to the configuration
-        ExecReload =
-          [
-            ""
-          ]
-          ++ lib.optional cfg.enableReload "${lib.getExe cfg.package} reload ${runOptions} --force";
-        User = cfg.user;
-        Group = cfg.group;
-        ReadWritePaths = [cfg.dataDir];
-        StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") ["caddy"];
-        LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") ["caddy"];
-        Restart = "on-failure";
-        RestartPreventExitStatus = 1;
-        RestartSec = "5s";
-        EnvironmentFile = optional (cfg.environmentFile != null) cfg.environmentFile;
-
-        # TODO: attempt to upstream these options
-        NoNewPrivileges = true;
-        PrivateDevices = true;
-        ProtectHome = true;
-      };
-    };
-
-    users.users = optionalAttrs (cfg.user == "caddy") {
-      caddy = {
-        group = cfg.group;
-        uid = config.ids.uids.caddy;
-        home = cfg.dataDir;
-      };
-    };
-
-    users.groups = optionalAttrs (cfg.group == "caddy") {
-      caddy.gid = config.ids.gids.caddy;
-    };
-
-    security.acme.certs = let
-      certCfg =
-        map (
-          certName:
-            nameValuePair certName {
-              group = mkDefault cfg.group;
-              reloadServices = ["caddy.service"];
-            }
-        )
-        vhostCertNames;
-    in
-      listToAttrs certCfg;
-
-    environment.etc.${etcConfigFile}.source = cfg.configFile;
-  };
-}
--- a/modules/nixos/caddy/vhost-options.nix
+++ b/modules/nixos/caddy/vhost-options.nix
@@ -1,83 +0,0 @@
-{cfg}: {
-  config,
-  lib,
-  name,
-  ...
-}: let
-  inherit (lib) literalExpression mkOption types;
-in {
-  options = {
-    hostName = mkOption {
-      type = types.str;
-      default = name;
-      description = "Canonical hostname for the server.";
-    };
-
-    serverAliases = mkOption {
-      type = with types; listOf str;
-      default = [];
-      example = [
-        "www.example.org"
-        "example.org"
-      ];
-      description = ''
-        Additional names of virtual hosts served by this virtual host configuration.
-      '';
-    };
-
-    listenAddresses = mkOption {
-      type = with types; listOf str;
-      description = ''
-        A list of host interfaces to bind to for this virtual host.
-      '';
-      default = [];
-      example = [
-        "127.0.0.1"
-        "::1"
-      ];
-    };
-
-    useACMEHost = mkOption {
-      type = types.nullOr types.str;
-      default = null;
-      description = ''
-        A host of an existing Let's Encrypt certificate to use.
-        This is mostly useful if you use DNS challenges but Caddy does not
-        currently support your provider.
-
-        *Note that this option does not create any certificates, nor
-        does it add subdomains to existing ones – you will need to create them
-        manually using [](#opt-security.acme.certs).*
-      '';
-    };
-
-    logFormat = mkOption {
-      type = types.lines;
-      default = ''
-        output file ${cfg.logDir}/access-${lib.replaceStrings ["/" " "] ["_" "_"] config.hostName}.log
-      '';
-      defaultText = ''
-        output file ''${config.services.caddy.logDir}/access-''${hostName}.log
-      '';
-      example = literalExpression ''
-        mkForce '''
-          output discard
-        ''';
-      '';
-      description = ''
-        Configuration for HTTP request logging (also known as access logs). See
-        <https://caddyserver.com/docs/caddyfile/directives/log#log>
-        for details.
-      '';
-    };
-
-    extraConfig = mkOption {
-      type = types.lines;
-      default = "";
-      description = ''
-        Additional lines of configuration appended to this virtual host in the
-        automatically generated `Caddyfile`.
-      '';
-    };
-  };
-}
--- a/nixos/ryu/apps/default.nix
+++ b/nixos/ryu/apps/default.nix
@@ -6,7 +6,6 @@
  imports = [
    # ./alvr.nix
    ./easyeffects.nix
-    ./mixid.nix
    ./vr.nix
    ./helvum.nix
  ];
--- a/nixos/ryu/apps/mixid.nix
+++ b/nixos/ryu/apps/mixid.nix
@@ -1,4 +0,0 @@
-{pkgs, ...}: {
-  environment.systemPackages = with pkgs; [mixid];
-  services.udev.packages = with pkgs; [mixid];
-}
--- a/nixos/ryu/configuration.nix
+++ b/nixos/ryu/configuration.nix
@@ -157,12 +157,31 @@
          Name = "Ryu";
          Enable = "Source,Sink,Media,Socket";
          ControllerMode = "dual";
-          FactConnectable = "true";
-          Experimental = "true";
+          FactConnectable = true;
+          Experimental = true;
        };
      };
    };
  };
+  boot.extraModprobeConfig = ''
+    # Keep Bluetooth coexistence disabled for better BT audio stability
+    options iwlwifi bt_coex_active=0
+
+    # Enable software crypto (helps BT coexistence sometimes)
+    options iwlwifi swcrypto=1
+
+    # Disable power saving on Wi-Fi module to reduce radio state changes that might disrupt BT
+    options iwlwifi power_save=0
+
+    # Disable Unscheduled Automatic Power Save Delivery (U-APSD) to improve BT audio stability
+    options iwlwifi uapsd_disable=1
+
+    # Disable D0i3 power state to avoid problematic power transitions
+    options iwlwifi d0i3_disable=1
+
+    # Set power scheme for performance (iwlmvm)
+    options iwlmvm power_scheme=1
+  '';

  networking = {
    interfaces.eno1.wakeOnLan = {
--- a/nixos/ryu/hardware/default.nix
+++ b/nixos/ryu/hardware/default.nix
--- a/nixos/tako/services/default.nix
+++ b/nixos/tako/services/default.nix
@@ -24,6 +24,7 @@
    ./searxng.nix
    ./tailscale.nix
    ./kellnr.nix
+    ./matrix
  ];
  services = {
    nix-serve = {
--- a/nixos/tako/services/excalidraw.nix
+++ b/nixos/tako/services/excalidraw.nix
@@ -10,21 +10,20 @@
    };
  };
  services.caddy.virtualHosts."draw.darksailor.dev".extraConfig = ''
-    import auth
    reverse_proxy localhost:5959
  '';
-  services.authelia = {
-    instances.darksailor = {
-      settings = {
-        access_control = {
-          rules = [
-            {
-              domain = "draw.darksailor.dev";
-              policy = "one_factor";
-            }
-          ];
-        };
-      };
-    };
-  };
+  # services.authelia = {
+  #   instances.darksailor = {
+  #     settings = {
+  #       access_control = {
+  #         rules = [
+  #           {
+  #             domain = "draw.darksailor.dev";
+  #             policy = "one_factor";
+  #           }
+  #         ];
+  #       };
+  #     };
+  #   };
+  # };
 }
--- a/nixos/tako/services/matrix/default.nix
+++ b/nixos/tako/services/matrix/default.nix
@@ -0,0 +1,7 @@
+{...}: {
+  imports = [
+    ./tuwunel.nix
+    # ./signal.nix // libolm deprecated
+    # ./discord.nix
+  ];
+}
--- a/nixos/tako/services/matrix/discord.nix
+++ b/nixos/tako/services/matrix/discord.nix
@@ -0,0 +1,19 @@
+{...}: {
+  services.mautrix-discord = {
+    enable = true;
+    settings = {
+      homeserver = {
+        address = "http://localhost:6167";
+        domain = "darksailor.dev";
+      };
+      appservice.public = {
+        prefix = "/public";
+        external = "https://matrix.darksailor.dev/public";
+      };
+      bridge.permissions = {
+        "darksailor.dev" = "user";
+        "@servius:darksailor.dev" = "admin";
+      };
+    };
+  };
+}
--- a/nixos/tako/services/matrix/signal.nix
+++ b/nixos/tako/services/matrix/signal.nix
@@ -0,0 +1,5 @@
+{...}: {
+  services.mautrix-signal = {
+    enable = true;
+  };
+}
--- a/nixos/tako/services/matrix/tuwunel.nix
+++ b/nixos/tako/services/matrix/tuwunel.nix
@@ -0,0 +1,131 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+  port = 6167;
+  base_domain = "darksailor.dev";
+  client_id = "tuwunel";
+  elementConfig = builtins.toJSON {
+    default_server_config = {
+      "m.homeserver" = {
+        base_url = "https://matrix.${base_domain}";
+      };
+    };
+    sso_redirect_options = {
+      immediate = false;
+      on_welcome_page = true;
+      on_login_page = true;
+    };
+  };
+  elementConfigFile = pkgs.writeText "element-config.json" elementConfig;
+in {
+  sops = {
+    secrets."tuwunel/client_id" = {
+      owner = config.services.matrix-tuwunel.user;
+      group = config.systemd.services.authelia-darksailor.serviceConfig.Group;
+      mode = "0440";
+    };
+    secrets."tuwunel/client_secret" = {
+      owner = config.services.matrix-tuwunel.user;
+      group = config.systemd.services.authelia-darksailor.serviceConfig.Group;
+      mode = "0440";
+    };
+    secrets."tuwunel/registration_token".owner = config.services.matrix-tuwunel.user;
+  };
+  services.matrix-tuwunel = {
+    enable = true;
+    settings.global = {
+      server_name = "${base_domain}";
+      address = ["127.0.0.1"];
+      port = [port];
+      allow_registration = true;
+      registration_token_file = config.sops.secrets."tuwunel/registration_token".path;
+      single_sso = true;
+      identity_provider = [
+        {
+          inherit client_id;
+          brand = "Authelia";
+          name = "Authelia";
+          default = true;
+          issuer_url = "https://auth.${base_domain}";
+          client_secret_file = config.sops.secrets."tuwunel/client_secret".path;
+          callback_url = "https://matrix.${base_domain}/_matrix/client/unstable/login/sso/callback/${client_id}";
+        }
+      ];
+      well_known = {
+        client = "https://matrix.${base_domain}";
+        server = "matrix.${base_domain}:443";
+      };
+    };
+    package = pkgs.matrix-tuwunel;
+  };
+  services.caddy.virtualHosts = {
+    "matrix.${base_domain}".extraConfig = ''
+      reverse_proxy /_matrix/* localhost:${toString port}
+      handle_path /config.json  {
+        file_server
+        root ${elementConfigFile}
+      }
+      root * ${pkgs.element-web}
+      file_server
+    '';
+    "${base_domain}".extraConfig = ''
+      reverse_proxy /.well-known/* localhost:${toString port}
+    '';
+    # "matrix.${base_domain}:8448".extraConfig = ''
+    #   reverse_proxy /_matrix/* localhost:${toString port}
+    # '';
+  };
+  networking.firewall.allowedTCPPorts = [8448];
+
+  users.users.${config.services.caddy.user}.extraGroups = [config.services.matrix-tuwunel.group];
+
+  services = {
+    authelia = {
+      instances.darksailor = {
+        settings = {
+          identity_providers = {
+            oidc = {
+              claims_policies = {
+                tuwunel = {
+                  id_token = [
+                    "email"
+                    "name"
+                    "groups"
+                    "preferred_username"
+                  ];
+                };
+              };
+              clients = [
+                {
+                  inherit client_id;
+                  client_name = "Matrix: Darksailor";
+                  client_secret = ''{{ secret "${config.sops.secrets."tuwunel/client_secret".path}" }}'';
+                  public = false;
+                  authorization_policy = "one_factor";
+                  require_pkce = false;
+                  # pkce_challenge_method = "S256";
+                  redirect_uris = [
+                    "https://matrix.${base_domain}/_matrix/client/unstable/login/sso/callback/${client_id}"
+                  ];
+                  scopes = [
+                    "openid"
+                    "groups"
+                    "email"
+                    "profile"
+                  ];
+                  response_types = ["code"];
+                  response_modes = ["form_post"];
+                  grant_types = ["refresh_token" "authorization_code"];
+                  userinfo_signed_response_alg = "none";
+                  token_endpoint_auth_method = "client_secret_post";
+                }
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/nixos/tako/services/monitoring.nix
+++ b/nixos/tako/services/monitoring.nix
@@ -382,21 +382,21 @@ in {
  };

  # Docker cAdvisor for container metrics
-  virtualisation.oci-containers.containers.cadvisor = {
-    image = "gcr.io/cadvisor/cadvisor:v0.49.1";
-    ports = ["127.0.0.1:${toString ports.cadvisor}:8080"];
-    volumes = [
-      "/:/rootfs:ro"
-      "/var/run:/var/run:ro"
-      "/sys:/sys:ro"
-      "/var/lib/docker/:/var/lib/docker:ro"
-      "/dev/disk/:/dev/disk:ro"
-    ];
-    extraOptions = [
-      "--privileged"
-      "--device=/dev/kmsg"
-    ];
-  };
+  # virtualisation.oci-containers.containers.cadvisor = {
+  #   image = "gcr.io/cadvisor/cadvisor:v0.49.1";
+  #   ports = ["127.0.0.1:${toString ports.cadvisor}:8080"];
+  #   volumes = [
+  #     "/:/rootfs:ro"
+  #     "/var/run:/var/run:ro"
+  #     "/sys:/sys:ro"
+  #     "/var/lib/docker/:/var/lib/docker:ro"
+  #     "/dev/disk/:/dev/disk:ro"
+  #   ];
+  #   extraOptions = [
+  #     "--privileged"
+  #     "--device=/dev/kmsg"
+  #   ];
+  # };

  # Link dashboard files from Nix store to Grafana's expected location
  systemd.tmpfiles.rules = let
--- a/overlays.nix
+++ b/overlays.nix
@@ -291,7 +291,6 @@ in
    inputs.headplane.overlays.default
    inputs.vicinae.overlays.default
    inputs.eilmeldung.overlays.default
-    inputs.mixid.overlays.default
    jellyfin
    libfprint
    misc-applications
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -83,6 +83,10 @@ nas:
 kellnr:
    token: ENC[AES256_GCM,data:te5psUTLr8+NLsliJAgz71j8AT3BUkJ8f0eGgnsRbbk2zF9fH3cCfZbry+mmxwvhmwL8ktNexaPUixatNDrWpA==,iv:Ao6Iqr3z8/3azo9H9lPUeVwto7nQMlMuAZp4Q9fIwJE=,tag:r2FXoxgrvlaCnQlngg12qg==,type:str]
    password: ENC[AES256_GCM,data:OZkfHckKHu/EM6+PquknU+aKmyyFw5o25ZENqNGc0d/vYiNBo4FBdCZwj1W0efo43+hTgsxVj7QCDSxFgROdOg==,iv:2G3fy5dIufL7tXEgRaOGBFNaVoKbfKqcFnRiZN1I1F4=,tag:iyHQD5oXy44tL18W7Fw35g==,type:str]
+tuwunel:
+    client_id: ENC[AES256_GCM,data:25wSM5POfSJTmAaP/3vVqqbqa46vF21hZgCuJ1qfh8pHl8K6fMLdd0Q4GeVH1tgsBHKY0zStqYIc/RIgmerSVw==,iv:tWCw4jWymrSWR+xj37Bt7Qx60bRhpWQ+UEZ2dDJRGQo=,tag:PBa/P66bWexmlUEIaCtEKw==,type:str]
+    client_secret: ENC[AES256_GCM,data:cH/zkBj46u/07XiSd/4DsLYImkQwxNT8jQDjOuESi5dED6KEXwCjNNPzVvQuEuM7r4enZeIfb3cQztcxQJwTSA==,iv:eD5DKLUvTaK0ce1MJCLJHEl44hwtKx8rQ93eohqcUNE=,tag:FkkYHjAOaEu2gs8v7+EVgA==,type:str]
+    registration_token: ENC[AES256_GCM,data:A0Wd9DTruGnCoPosKUHrd3AgN3T9JbkW/6fTJyzcryV0COqLSjOqCD4W2PXPwnk83MFeQ84RpJ3J4tuvYv2JuQ==,iv:7JIQUwfeEN03N0F35z6VipN66DpErqnY6aQrLznnw8g=,tag:RF2gB8kVKT3ioPVVRyj4aQ==,type:str]
 sops:
    age:
        - recipient: age1pw7kluxp7872c63ne4jecq75glj060jkmqwzkk6esatuyck9egfswufdpk
@@ -94,7 +98,7 @@ sops:
            VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
            ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-02-01T23:10:21Z"
-    mac: ENC[AES256_GCM,data:mwhesovdna7rekGUtT2AbM9ihGlX2hv3TjXMd894YyptHe/N5crPne+E2ti3O7yOIZhMIC4j09AeIRxEgi7Ygob0fpoH8LmbYul8JtcTwZYCFhs2f3RIMNcOSW358eZa4HK6UIx8i+nvSKXJEikep3rIYQlmhOwEXwP6Ltsls2s=,iv:mt6ZMfuOxjfg9gGPm4C1sNaXPUbanpdktNBplhiyTLU=,tag:qZMPp3RyLwfcgD9n44o24g==,type:str]
+    lastmodified: "2026-02-10T14:49:29Z"
+    mac: ENC[AES256_GCM,data:ua8maqTc3KkkNni+fNnQLqP4PwRVVh5FuUjsAN5+w+ad3sD/+QunnAkHAMKUajAlwXKS/PIAqz6p0iwSn80ip3yXxMZPRG134+q729m5rwkGcV4FzyR2wIYVP5vRbZEMuMbfomMMjUyJk/Gsg4CY8iecgvvoMkWvK2INSH07TcE=,iv:GiyicPX4YAZAXuKXxJskuJyzi8ukQ/vv2aOncKf/Qew=,tag:tAmz6F6WMMzLLYmBlsrxvQ==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0
Author	SHA1	Message	Date
servius	3a97de6af2	fix: Matrix server fix Some checks failed Flake checker / Build Nix targets (push) Has been cancelled Details	2026-02-11 03:55:29 +05:30
servius	66b7a31943	feat: Update to latest nix	2026-02-10 23:14:12 +05:30
servius	ddb53d879e	feat: Added matrix	2026-02-10 22:25:37 +05:30
servius	e403e47c28	feat: Added tuwunel	2026-02-10 14:24:39 +05:30