feat(pumo): add config for phone pumo

feat(nix): add marpa as binary cache for Nix
feat(packages): add QGIS
2026-05-01 16:27:56 +02:00 · 2026-05-01 16:27:56 +02:00 · 2026-05-01 15:24:44 +02:00 · 2026-05-01 15:24:44 +02:00 · 2026-04-28 10:47:38 +02:00 · 2026-04-12 18:07:33 +02:00
213 changed files with 7684 additions and 6900 deletions
--- a/.envrc
+++ b/.envrc
@@ -1,10 +1,7 @@
-if ! has nix_direnv_version || ! nix_direnv_version 2.2.1; then
+# -*- mode: sh; -*-
  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.2.1/direnvrc" "sha256-zelF0vLbEl5uaqrfIzbgNzJWGmLzCmYAkInj/LNxvKs="
 fi
 watch_file flake.nix
 watch_file flake.lock
 if ! use flake . --no-pure-eval
 then
-  echo "devenv could not be built. The devenv environment was not loaded. Make the necessary changes to devenv.nix and hit enter to try again." >&2
+  echo "dev shell could not be built. The environment was not loaded. Make the necessary changes to flake.nix and hit enter to try again." >&2
 fi
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,10 +1,14 @@
 keys:
  - &elcafe age1tkywsvddjj6r6ukuqgz9aql92jfx85rz57dhmkkndysh6yx6p5rs0zj0qr
  - &elcafe-host age17p69ktg7yfzgdsk00f32mupe4n4fevdpw2wsv7ft30yvpeseau6s7t0zdg
  - &gampo age1ajemtm502nn2n4q7v4j8meyd5mxtcqngkkedxq2pqzuwu78zp93qnw8q48
  - &gampo-host age197lfdanym647wdaz9uy8hrfqjwj9fs8rm7vs3fsrctceu8mr9gms2jedhz
  - &marpa age17pn6suvz2f7zmrm9zxj5hr0putvcvdamqxqt7ewhncgg6ccgmp2qr00xm2
  - &marpa-host age1cnnpnglkvgw5ffv8qpgwpqvj203lh4uwt698y9mxjwklxt8nysmsa8hepn
  - &tilo age1g68hxv73llkyc7etzh499ztcrt93pwawy0n8p93px4taqu58mehsp88vjq
  - &tilo-host age1awytvphvty4f9wmdn86xnjg9kgetqjx8qlwj5d2882t4fyyzy58s3vg5k4
  - &NaroMk3 age1erkn7dd022e90ktyj66aux9j9xvl0uzd6ru5cmrjsvcm5rtr5pfs7q6k9h
  - &NaroMk3-host age16crkeglm3j3f6rveylytuerptjf9mwtv3hl89ywkmnnvdkntfchsuvrsk5
 creation_rules:
  - path_regex: secrets/secrets.yaml$
    key_groups:
@@ -15,3 +19,7 @@ creation_rules:
      - *marpa-host
      - *tilo
      - *tilo-host
      - *NaroMk3
      - *NaroMk3-host
      - *elcafe
      - *elcafe-host
--- a/README.md
+++ b/README.md
@@ -0,0 +1,68 @@
 <h1 align="center">NixOS Configuration</h1>
 <div align="center">
 <strong>
   Personal NixOS configuration for my machines, using Nix Flakes for reproducible and shareable setups.
 </strong>
 </div>
 <br/>
 <div align="center">
  <!-- Wakapi -->
  <img alt="Coding Time Badge" src="https://clock.phundrak.com/api/badge/phundrak/interval:any/project:.dotfiles">
  <!-- Emacs -->
  <a href="https://www.gnu.org/software/emacs/"><img src="https://img.shields.io/badge/Emacs-30.2-blueviolet.svg?style=flat-square&logo=GNU%20Emacs&logoColor=white" /></a>
 </div>
 ## Repository Structure
 - **flake.nix**: Main entry point for the Nix Flake, defining NixOS and home-manager configurations.
 - **hosts/**: Contains the host-specific NixOS configurations.
 - **system/**: Holds system-wide configuration modules that can be shared across different hosts. This includes things like boot settings, desktop environments, hardware configurations, networking, packages, security, and system services.
 - **users/**: Manages user-specific configurations. It's split into `modules` for reusable home-manager configurations and `phundrak` for my personal configuration.
 - **secrets/**: Encrypted secrets managed with `sops-nix`.
 ## Usage
 ### System Management
 Update flake dependencies:
 ```bash
 nix flake update
 ```
 Build and switch to a new system configuration:
 ```bash
 sudo nixos-rebuild switch --flake .#<hostname>
 ```
 Using the Nix Helper (nh) tool:
 ```bash
 # Build and activate a new configuration, making it the boot default
 nh os switch
 # Build a new configuration and make it the boot default
 nh os boot
 # Build and activate a new configuration (without making it the boot default)
 nh os test
 # Just build a new configuration
 nh os build
 ```
 ### Home Configuration
 Update and switch to a new home configuration:
 ```bash
 nh home switch
 ```
 Format Nix files (using Alejandra):
 ```bash
 nix fmt .
 ```
 ## Contributing
 Feel free to fork this repository and make your own changes. If you have any improvements or suggestions, please open an issue or submit a pull request.
--- a/README.org
+++ b/README.org
@@ -1,37 +0,0 @@
 #+title: NixOS Configuration
 #+author: Lucien Cartier-Tilet <lucien@phundrak.com>
 This repository contains the NixOS configuration for my personal
 setup. It uses Nix Flakes to manache the configuration, making it
 reproducible and easy to share across my different machines.
 * Repository Structure
 - =flake.nix= :: The main entry point for the Nix Flake. It defines my
  NixOS configurations as well as a dev shell which installs the tools
  needed for testing and building my configurations.
 - =hosts/= :: Directory containing host-specific configurations. Each
  host has its own directory with at least a =configuration.nix= file.
 - =modules/= :: Custom NixOS modules that can be reused across different
  hosts.
 - =programs/= :: Programs shared across hosts at the system level that
  are not made into configurable modules.
 - =secrets/= :: Contains secret values that I cannot or will not share
  publicly.
 - =system/= :: Common system-level configuration shared across hosts
  that are not made into configurable modules.
 - =users/phundrak/= :: My home-manager configuration, containing
  user-specific settings and applications.
 - =users/modules/= :: Custom user NixOS modules that can be reused
  across different users.
 - =user/scripts/= :: Custom shell scripts shared across users.
 * Updating and Rebuilding the Configuration
 In this repository, there are two helper scripts:
 - =update.sh= :: Updates the Flake’s lockfile.
 - =rebuild.sh= :: Rebuilds the configuration and switch to it
  immediately.
 * Contributing
 Feel free to fork this repository and make your own changes. If you
 have any improvements or suggestions, please open an issue or submit a
 pull request.
--- a/flake.lock
+++ b/flake.lock
@@ -1,24 +1,57 @@
 {
  "nodes": {
    "alejandra": {
      "inputs": {
        "fenix": "fenix",
        "flakeCompat": "flakeCompat",
        "nixpkgs": [
          "jj-cz",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1744324181,
        "narHash": "sha256-Oi1n2ncF4/AWeY6X55o2FddIRICokbciqFYK64XorYk=",
        "owner": "kamadorueda",
        "repo": "alejandra",
        "rev": "3e2a85506627062313e131bf8a85315f3387c8e0",
        "type": "github"
      },
      "original": {
        "owner": "kamadorueda",
        "ref": "4.0.0",
        "repo": "alejandra",
        "type": "github"
      }
    },
    "cachix": {
      "inputs": {
        "devenv": [
          "jj-cz",
          "devenv"
        ],
        "flake-compat": [
-          "devenv"
+          "jj-cz",
          "devenv",
          "flake-compat"
        ],
        "git-hooks": [
-          "devenv"
+          "jj-cz",
          "devenv",
          "git-hooks"
        ],
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": [
          "jj-cz",
          "devenv",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1744206633,
+        "lastModified": 1760971495,
-        "narHash": "sha256-pb5aYkE8FOoa4n123slgHiOf1UbNSnKe5pEZC+xXD5g=",
+        "narHash": "sha256-IwnNtbNVrlZIHh7h4Wz6VP0Furxg9Hh0ycighvL5cZc=",
        "owner": "cachix",
        "repo": "cachix",
-        "rev": "8a60090640b96f9df95d1ab99e5763a586be1404",
+        "rev": "c5bfd933d1033672f51a863c47303fc0e093c2d2",
        "type": "github"
      },
      "original": {
@@ -28,20 +61,92 @@
        "type": "github"
      }
    },
    "caelestia-cli": {
      "inputs": {
        "caelestia-shell": [
          "caelestia-shell"
        ],
        "nixpkgs": [
          "caelestia-shell",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1772764582,
        "narHash": "sha256-hSwjmpXHFqzSXrndVekA0IheKrbC7wi0IbfZTYwlmXw=",
        "owner": "caelestia-dots",
        "repo": "cli",
        "rev": "4bcd42f482d038b98145b0b03388244b68b7d35d",
        "type": "github"
      },
      "original": {
        "owner": "caelestia-dots",
        "repo": "cli",
        "type": "github"
      }
    },
    "caelestia-shell": {
      "inputs": {
        "caelestia-cli": "caelestia-cli",
        "nixpkgs": [
          "nixpkgs"
        ],
        "quickshell": "quickshell"
      },
      "locked": {
        "lastModified": 1775660122,
        "narHash": "sha256-qMKB06TE0MY1anDQKBrzZEpktNPyvMxQQzTEEwWAA6I=",
        "owner": "caelestia-dots",
        "repo": "shell",
        "rev": "aa2b08dd45963dc9558de94dbff5e1615e347d02",
        "type": "github"
      },
      "original": {
        "owner": "caelestia-dots",
        "repo": "shell",
        "type": "github"
      }
    },
    "copyparty": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1775334496,
        "narHash": "sha256-dUopEMj5KhH1vnv43o29kMsayp0Ki+9EfIn4UAE9sAU=",
        "owner": "9001",
        "repo": "copyparty",
        "rev": "ede692925edfc6fca7a52f483414d543e9303237",
        "type": "github"
      },
      "original": {
        "owner": "9001",
        "repo": "copyparty",
        "type": "github"
      }
    },
    "devenv": {
      "inputs": {
        "cachix": "cachix",
        "flake-compat": "flake-compat",
        "flake-parts": "flake-parts",
        "git-hooks": "git-hooks",
        "nix": "nix",
-        "nixpkgs": "nixpkgs_3"
+        "nixd": "nixd",
        "nixpkgs": [
          "jj-cz",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1747717470,
+        "lastModified": 1770304289,
-        "narHash": "sha256-tk2mRZAf8C5uOkMVJHemJ3ld09CYVp/z94/lHqsQ8ZA=",
+        "narHash": "sha256-+g+XMyB1zi50h2N38GE32l7ZONX4oW7Nw6QSXzfNiwk=",
        "owner": "cachix",
        "repo": "devenv",
-        "rev": "c7f2256ee4a4a4ee9cbf1e82a6e49b253c374995",
+        "rev": "fd777e39027d393346e4df672d51ad2bf44b2a12",
        "type": "github"
      },
      "original": {
@@ -50,14 +155,37 @@
        "type": "github"
      }
    },
    "fenix": {
      "inputs": {
        "nixpkgs": [
          "jj-cz",
          "alejandra",
          "nixpkgs"
        ],
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
        "lastModified": 1730615655,
        "narHash": "sha256-2HBR3zLn57LXKNRtxBb+O+uDqHM4n0pz51rPayMl4cg=",
        "owner": "nix-community",
        "repo": "fenix",
        "rev": "efeb50e2535b17ffd4a135e6e3e5fd60a525180c",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "fenix",
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1733328505,
+        "lastModified": 1761588595,
-        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
        "type": "github"
      },
      "original": {
@@ -69,17 +197,17 @@
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
          "jj-cz",
          "devenv",
          "nix",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1712014858,
+        "lastModified": 1760948891,
-        "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
+        "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
+        "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
        "type": "github"
      },
      "original": {
@@ -88,23 +216,126 @@
        "type": "github"
      }
    },
    "flake-root": {
      "locked": {
        "lastModified": 1723604017,
        "narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=",
        "owner": "srid",
        "repo": "flake-root",
        "rev": "b759a56851e10cb13f6b8e5698af7b59c44be26e",
        "type": "github"
      },
      "original": {
        "owner": "srid",
        "repo": "flake-root",
        "type": "github"
      }
    },
    "flake-utils": {
      "locked": {
        "lastModified": 1678901627,
        "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_2": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_3": {
      "inputs": {
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_4": {
      "inputs": {
        "systems": "systems_3"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flakeCompat": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "git-hooks": {
      "inputs": {
        "flake-compat": [
-          "devenv"
+          "jj-cz",
          "devenv",
          "flake-compat"
        ],
        "gitignore": "gitignore",
        "nixpkgs": [
          "jj-cz",
          "devenv",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1746537231,
+        "lastModified": 1760663237,
-        "narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=",
+        "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "fa466640195d38ec97cf0493d6d6882bc4d14969",
+        "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37",
        "type": "github"
      },
      "original": {
@@ -116,6 +347,7 @@
    "gitignore": {
      "inputs": {
        "nixpkgs": [
          "jj-cz",
          "devenv",
          "git-hooks",
          "nixpkgs"
@@ -142,11 +374,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748134483,
+        "lastModified": 1775683737,
-        "narHash": "sha256-5PBK1nV8X39K3qUj8B477Aa2RdbLq3m7wRxUKRtggX4=",
+        "narHash": "sha256-oBYyowo6yfgb95Z78s3uTnAd9KkpJpwzjJbfnpLaM2Y=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "c1e671036224089937e111e32ea899f59181c383",
+        "rev": "7ba4ee4228ed36123c7cb75d50524b43514ef992",
        "type": "github"
      },
      "original": {
@@ -155,51 +387,88 @@
        "type": "github"
      }
    },
-    "libgit2": {
+    "jj-cz": {
      "inputs": {
        "alejandra": "alejandra",
        "devenv": "devenv",
        "flake-utils": "flake-utils_3",
        "nixpkgs": [
          "nixpkgs"
        ],
        "rust-overlay": "rust-overlay"
      },
      "locked": {
        "lastModified": 1775400071,
        "narHash": "sha256-uFoqOUB1wbqqDKRdHNEYdgyRQECYWhJBq4Oxjm3Dx9M=",
        "ref": "refs/heads/develop",
        "rev": "3da214ae4c14f57dc5f6ecd480330936f00e1a4f",
        "revCount": 35,
        "type": "git",
        "url": "https://labs.phundrak.com/phundrak/jj-cz"
      },
      "original": {
        "type": "git",
        "url": "https://labs.phundrak.com/phundrak/jj-cz"
      }
    },
    "mobile-nixos": {
      "flake": false,
      "locked": {
-        "lastModified": 1697646580,
+        "lastModified": 1772289954,
-        "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=",
+        "narHash": "sha256-iDdtwk/dFb6AsXMtcOpZixxXl6C1HNUPe6cglxxHO7M=",
-        "owner": "libgit2",
+        "owner": "mobile-nixos",
-        "repo": "libgit2",
+        "repo": "mobile-nixos",
-        "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5",
+        "rev": "1a9e0af79dc7b5e29ed772f1a8a76fcbd9d45fdf",
        "type": "github"
      },
      "original": {
-        "owner": "libgit2",
+        "owner": "mobile-nixos",
-        "repo": "libgit2",
+        "repo": "mobile-nixos",
        "type": "github"
      }
    },
    "nix": {
      "inputs": {
        "flake-compat": [
-          "devenv"
+          "jj-cz",
          "devenv",
          "flake-compat"
        ],
        "flake-parts": [
          "jj-cz",
          "devenv",
          "flake-parts"
        ],
        "git-hooks-nix": [
          "jj-cz",
          "devenv",
          "git-hooks"
        ],
        "nixpkgs": [
          "jj-cz",
          "devenv",
          "nixpkgs"
        ],
        "flake-parts": "flake-parts",
        "libgit2": "libgit2",
        "nixpkgs": "nixpkgs_2",
        "nixpkgs-23-11": [
          "jj-cz",
          "devenv"
        ],
        "nixpkgs-regression": [
-          "devenv"
+          "jj-cz",
        ],
        "pre-commit-hooks": [
          "devenv"
        ]
      },
      "locked": {
-        "lastModified": 1745930071,
+        "lastModified": 1769708679,
-        "narHash": "sha256-bYyjarS3qSNqxfgc89IoVz8cAFDkF9yPE63EJr+h50s=",
+        "narHash": "sha256-uFKkp2/SjIqbu5HtINg/hwHN6qaqcxLIbL/om7dT3kI=",
-        "owner": "domenkozar",
+        "owner": "cachix",
        "repo": "nix",
-        "rev": "b455edf3505f1bf0172b39a735caef94687d0d9c",
+        "rev": "72bec37fabbfe378d677868ec42eeb83acf07a4c",
        "type": "github"
      },
      "original": {
-        "owner": "domenkozar",
+        "owner": "cachix",
-        "ref": "devenv-2.24",
+        "ref": "devenv-2.32",
        "repo": "nix",
        "type": "github"
      }
@@ -211,11 +480,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748145500,
+        "lastModified": 1775365369,
-        "narHash": "sha256-t9fx0l61WOxtWxXCqlXPWSuG/0XMF9DtE2T7KXgMqJw=",
+        "narHash": "sha256-DgH5mveLoau20CuTnaU5RXZWgFQWn56onQ4Du2CqYoI=",
        "owner": "nix-community",
        "repo": "nix-index-database",
-        "rev": "a98adbf54d663395df0b9929f6481d4d80fc8927",
+        "rev": "cef5cf82671e749ac87d69aadecbb75967e6f6c3",
        "type": "github"
      },
      "original": {
@@ -224,61 +493,42 @@
        "type": "github"
      }
    },
    "nixd": {
      "inputs": {
        "flake-parts": [
          "jj-cz",
          "devenv",
          "flake-parts"
        ],
        "flake-root": "flake-root",
        "nixpkgs": [
          "jj-cz",
          "devenv",
          "nixpkgs"
        ],
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
        "lastModified": 1763964548,
        "narHash": "sha256-JTRoaEWvPsVIMFJWeS4G2isPo15wqXY/otsiHPN0zww=",
        "owner": "nix-community",
        "repo": "nixd",
        "rev": "d4bf15e56540422e2acc7bc26b20b0a0934e3f5e",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nixd",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1733212471,
+        "lastModified": 1775423009,
-        "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
+        "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1717432640,
        "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "release-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1746807397,
        "narHash": "sha256-zU2z0jlkJGWLhdNr/8AJSxqK8XD0IlQgHp3VZcP56Aw=",
        "owner": "cachix",
        "repo": "devenv-nixpkgs",
        "rev": "c5208b594838ea8e6cca5997fbf784b7cca1ca90",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
        "ref": "rolling",
        "repo": "devenv-nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_4": {
      "locked": {
        "lastModified": 1748026106,
        "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c",
+        "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
        "type": "github"
      },
      "original": {
@@ -288,19 +538,41 @@
        "type": "github"
      }
    },
    "opencode": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1775336060,
        "narHash": "sha256-KkjMN2xA8jGBnj96UtzffvOeYJJZM05/5T36nSdpZkE=",
        "owner": "anomalyco",
        "repo": "opencode",
        "rev": "930e94a3ea098b9d56fcb6d08b545256d2546a82",
        "type": "github"
      },
      "original": {
        "owner": "anomalyco",
        "ref": "v1.3.15",
        "repo": "opencode",
        "type": "github"
      }
    },
    "pumo-system-info": {
      "inputs": {
        "flake-utils": "flake-utils_4",
        "nixpkgs": [
          "nixpkgs"
        ],
-        "rust-overlay": "rust-overlay"
+        "rust-overlay": "rust-overlay_2"
      },
      "locked": {
-        "lastModified": 1748127405,
+        "lastModified": 1748984111,
-        "narHash": "sha256-5Xh7VXmjeK5m8Dxt2bti8A2HdkpmPftHc2+WXH3tQH8=",
+        "narHash": "sha256-SP1/+cCHnPg0UqylHCzeKNx61wGapLrYRn5UKiiDicc=",
        "ref": "refs/heads/develop",
-        "rev": "06fa652f9626590a9727f3ec8b48330ad3fcb78f",
+        "rev": "f9fe233b6cb669a718a0ddb529793159d39ba32e",
-        "revCount": 6,
+        "revCount": 9,
        "type": "git",
        "url": "https://labs.phundrak.com/phundrak/pumo-system-info"
      },
@@ -309,18 +581,84 @@
        "url": "https://labs.phundrak.com/phundrak/pumo-system-info"
      }
    },
    "quickshell": {
      "inputs": {
        "nixpkgs": [
          "caelestia-shell",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1772925576,
        "narHash": "sha256-mMoiXABDtkSJxCYDrkhJ/TrrJf5M46oUfIlJvv2gkZ0=",
        "ref": "refs/heads/master",
        "rev": "15a84097653593dd15fad59a56befc2b7bdc270d",
        "revCount": 750,
        "type": "git",
        "url": "https://git.outfoxxed.me/outfoxxed/quickshell"
      },
      "original": {
        "type": "git",
        "url": "https://git.outfoxxed.me/outfoxxed/quickshell"
      }
    },
    "root": {
      "inputs": {
-        "devenv": "devenv",
+        "caelestia-shell": "caelestia-shell",
        "copyparty": "copyparty",
        "flake-utils": "flake-utils_2",
        "home-manager": "home-manager",
        "jj-cz": "jj-cz",
        "mobile-nixos": "mobile-nixos",
        "nix-index-database": "nix-index-database",
-        "nixpkgs": "nixpkgs_4",
+        "nixpkgs": "nixpkgs",
        "opencode": "opencode",
        "pumo-system-info": "pumo-system-info",
        "sops-nix": "sops-nix",
        "spicetify": "spicetify",
        "srvos": "srvos",
        "zen-browser": "zen-browser"
      }
    },
    "rust-analyzer-src": {
      "flake": false,
      "locked": {
        "lastModified": 1730555913,
        "narHash": "sha256-KNHZUlqsEibg3YtfUyOFQSofP8hp1HKoY+laoesBxRM=",
        "owner": "rust-lang",
        "repo": "rust-analyzer",
        "rev": "f17a5bbfd0969ba2e63a74505a80e55ecb174ed9",
        "type": "github"
      },
      "original": {
        "owner": "rust-lang",
        "ref": "nightly",
        "repo": "rust-analyzer",
        "type": "github"
      }
    },
    "rust-overlay": {
      "inputs": {
        "nixpkgs": [
          "jj-cz",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1770260791,
        "narHash": "sha256-ADTBfENFjRVDQMcCycyX/pAy6NFI/Ct6Mrar3gsmXI0=",
        "owner": "oxalica",
        "repo": "rust-overlay",
        "rev": "42ec85352e419e601775c57256a52f6d48a39906",
        "type": "github"
      },
      "original": {
        "owner": "oxalica",
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "rust-overlay_2": {
      "inputs": {
        "nixpkgs": [
          "pumo-system-info",
@@ -328,11 +666,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748054080,
+        "lastModified": 1748918260,
-        "narHash": "sha256-rwFiLLNCwkj9bqePtH1sMqzs1xmohE0Ojq249piMzF4=",
+        "narHash": "sha256-KhXNXQ5IDLvwwYfJ0pXDjwIuisZ2qM6F7fcXjIGZy/4=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "2221d8d53c128beb69346fa3ab36da3f19bb1691",
+        "rev": "c9736155bc1eb7c7cf3a925920850e61c07ab22a",
        "type": "github"
      },
      "original": {
@@ -348,11 +686,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747603214,
+        "lastModified": 1775682595,
-        "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
+        "narHash": "sha256-0E9PohY/VuESLq0LR4doaH7hTag513sDDW5n5qmHd1Q=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
+        "rev": "d2e8438d5886e92bc5e7c40c035ab6cae0c41f76",
        "type": "github"
      },
      "original": {
@@ -361,6 +699,130 @@
        "type": "github"
      }
    },
    "spicetify": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ],
        "systems": "systems_4"
      },
      "locked": {
        "lastModified": 1775421933,
        "narHash": "sha256-JkEbzFDFTsUlVtHEzA8Y4r3O9LInhb96eOCbtGjGnbM=",
        "owner": "Gerg-L",
        "repo": "spicetify-nix",
        "rev": "ec8d73085fdf807d55765335dc8126e14e7b2096",
        "type": "github"
      },
      "original": {
        "owner": "Gerg-L",
        "repo": "spicetify-nix",
        "type": "github"
      }
    },
    "srvos": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1775701952,
        "narHash": "sha256-xj9u8fz2hTTTELMorqox0hPWrmAvGRnQUEnlj+vCjFo=",
        "owner": "nix-community",
        "repo": "srvos",
        "rev": "f56f1053ae9f878501d3a8ae1961c73d1d7abce3",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "srvos",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "systems_3": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "systems_4": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
          "jj-cz",
          "devenv",
          "nixd",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1734704479,
        "narHash": "sha256-MMi74+WckoyEWBRcg/oaGRvXC9BVVxDZNRMpL+72wBI=",
        "owner": "numtide",
        "repo": "treefmt-nix",
        "rev": "65712f5af67234dad91a5a4baee986a8b62dbf8f",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "treefmt-nix",
        "type": "github"
      }
    },
    "zen-browser": {
      "inputs": {
        "nixpkgs": [
@@ -368,11 +830,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748059546,
+        "lastModified": 1775710180,
-        "narHash": "sha256-e0jy8RU8ofOdeS5gF9Hir+M5Wn0q7D8MkpeQXsOJdu4=",
+        "narHash": "sha256-sCokvdNvl8zIzsnjgG0TN5h3RUI7GJyWW9ErfmEj0rM=",
        "owner": "youwen5",
        "repo": "zen-browser-flake",
-        "rev": "716a5af28d686d67146d01b14112c919b6133a84",
+        "rev": "2c138beb648d1cbbfae76695a8230ee04e4db25a",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -2,18 +2,43 @@
  description = "Home Manager configuration of phundrak";
  inputs = {
-    # Specify the source of Home Manager and Nixpkgs.
+    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nix-index-database = {
      url = "github:nix-community/nix-index-database";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    devenv.url = "github:cachix/devenv";
+    caelestia-shell = {
      url = "github:caelestia-dots/shell";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    copyparty = {
      url = "github:9001/copyparty";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    jj-cz = {
      url = "git+https://labs.phundrak.com/phundrak/jj-cz";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    mobile-nixos = {
      url = "github:mobile-nixos/mobile-nixos";
      flake = false; # It is not as a flake
    };
    opencode = {
      url = "github:anomalyco/opencode/v1.3.15";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    pumo-system-info = {
      url = "git+https://labs.phundrak.com/phundrak/pumo-system-info";
@@ -25,6 +50,16 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    spicetify = {
      url = "github:Gerg-L/spicetify-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    srvos = {
      url = "github:nix-community/srvos";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    zen-browser = {
      url = "github:youwen5/zen-browser-flake";
      inputs.nixpkgs.follows = "nixpkgs";
@@ -32,106 +67,136 @@
  };
  nixConfig = {
-    extra-trusted-public-keys = "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=";
+    extra-trusted-public-keys = [
-    extra-substituters = "https://devenv.cachix.org";
+      "marpa-local:XoO+dFN4PeauF52pYuy3Vh4Sdtl2qIdxu5aUasWKv6Q="
      "phundrak.cachix.org-1:osJAkYO0ioTOPqaQCIXMfIRz1/+YYlVFkup3R2KSexk="
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
    ];
    extra-substituters = [
      "http://marpa:5000?priority=5"
      "https://phundrak.cachix.org?priority=10"
      "https://nix-community.cachix.org?priority=20"
      "https://cache.nixos.org?priority=40"
    ];
    extra-experimental-features = [
      "nix-command"
      "flakes"
    ];
    http-connections = 128;
  };
  outputs = {
    self,
    nixpkgs,
    flake-utils,
    home-manager,
-    devenv,
+    mobile-nixos,
    srvos,
    ...
-  } @ inputs: let
+  } @ inputs:
-    inherit (self) outputs;
+    flake-utils.lib.eachDefaultSystem (
-    system = "x86_64-linux";
+      system: let
-    pkgs = nixpkgs.legacyPackages.${system};
+        inherit (self) outputs;
-  in {
+        pkgs = nixpkgs.legacyPackages.${system};
-    formatter.${system} = pkgs.alejandra;
+      in {
        formatter = pkgs.alejandra;
        devShells.default = pkgs.mkShell {
          buildInputs = [
            pkgs.nh
            pkgs.jujutsu
            pkgs.git
          ];
        };
-    packages.${system} = {
+        packages = {
-      devenv-up = self.devShells.${system}.default.config.procfileScript;
+          homeConfigurations = let
-      devenv-test = self.devShells.${system}.default.config.test;
+            extraSpecialArgs = {inherit inputs outputs system;};
-    };
+            pkgs = nixpkgs.legacyPackages.x86_64-linux;
-
+            defaultUserModules = [
-    devShells.${system}.default = devenv.lib.mkShell {
+              inputs.sops-nix.homeManagerModules.sops
-      inherit inputs pkgs;
+              inputs.spicetify.homeManagerModules.default
-      modules = [
+              inputs.caelestia-shell.homeManagerModules.default
-        (
+            ];
-          {pkgs, ...}: {
+            withUserModules = modules: nixpkgs.lib.lists.flatten (defaultUserModules ++ [modules]);
-            packages = [pkgs.nh];
+          in {
-            git-hooks.hooks = {
+            "phundrak@alys" = home-manager.lib.homeManagerConfiguration {
-              alejandra.enable = true;
+              inherit extraSpecialArgs pkgs;
-              commitizen.enable = true;
+              modules = withUserModules ./users/phundrak/host/alys.nix;
              detect-private-keys.enable = true;
              end-of-file-fixer.enable = true;
              deadnix.enable = true;
              ripsecrets.enable = true;
              statix.enable = true;
            };
-          }
+            "creug@elcafe" = home-manager.lib.homeManagerConfiguration {
-        )
+              inherit extraSpecialArgs pkgs;
-      ];
+              modules = withUserModules ./users/creug/host/elcafe.nix;
-    };
+            };
            "phundrak@elcafe" = home-manager.lib.homeManagerConfiguration {
              inherit extraSpecialArgs pkgs;
              modules = withUserModules ./users/phundrak/host/elcafe.nix;
            };
            "phundrak@gampo" = home-manager.lib.homeManagerConfiguration {
              inherit extraSpecialArgs pkgs;
              modules = withUserModules ./users/phundrak/host/gampo.nix;
            };
            "phundrak@marpa" = home-manager.lib.homeManagerConfiguration {
              inherit extraSpecialArgs pkgs;
              modules = withUserModules ./users/phundrak/host/marpa.nix;
            };
            "phundrak@NaroMk3" = home-manager.lib.homeManagerConfiguration {
              inherit extraSpecialArgs pkgs;
              modules = withUserModules ./users/phundrak/host/naromk3.nix;
            };
            "phundrak@tilo" = home-manager.lib.homeManagerConfiguration {
              inherit extraSpecialArgs pkgs;
              modules = withUserModules ./users/phundrak/host/tilo.nix;
            };
          };
-    homeConfigurations = {
+          nixosConfigurations = let
-      "phundrak@marpa" = home-manager.lib.homeManagerConfiguration {
+            specialArgs = {inherit inputs outputs;};
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
+            defaultSystemModules = [
-        extraSpecialArgs = {
+              inputs.sops-nix.nixosModules.sops
-          inherit inputs outputs;
+              inputs.copyparty.nixosModules.default
-          home-conf = "fullHome";
+            ];
            withSystemModules = modules: nixpkgs.lib.lists.flatten (defaultSystemModules ++ [modules]);
          in {
            alys = nixpkgs.lib.nixosSystem {
              inherit specialArgs;
              modules = withSystemModules ./hosts/alys/configuration.nix;
            };
            elcafe = nixpkgs.lib.nixosSystem {
              inherit specialArgs;
              modules = withSystemModules ./hosts/elcafe/configuration.nix;
            };
            gampo = nixpkgs.lib.nixosSystem {
              inherit specialArgs;
              modules = withSystemModules ./hosts/gampo/configuration.nix;
            };
            marpa = nixpkgs.lib.nixosSystem {
              inherit specialArgs;
              modules = withSystemModules ./hosts/marpa;
            };
            NaroMk3 = nixpkgs.lib.nixosSystem {
              inherit specialArgs;
              modules = withSystemModules [
                srvos.nixosModules.server
                srvos.nixosModules.hardware-hetzner-cloud
                srvos.nixosModules.mixins-terminfo
                ./hosts/naromk3/configuration.nix
              ];
            };
            pumo = nixpkgs.lib.nixosSystem {
              system = "aarch64-linux";
              inherit specialArgs;
              modules = withSystemModules [
                (import "${mobile-nixos}/lib/configuration.nix" {device = "oneplus-enchilada";})
                ./hosts/pumo
              ];
            };
            tilo = nixpkgs.lib.nixosSystem {
              inherit specialArgs;
              modules = withSystemModules ./hosts/tilo/configuration.nix;
            };
          };
        };
-        modules = [
+      }
-          ./users/phundrak/marpa.nix
+    );
          inputs.sops-nix.homeManagerModules.sops
        ];
      };
      "phundrak@gampo" = home-manager.lib.homeManagerConfiguration {
        pkgs = nixpkgs.legacyPackages.x86_64-linux;
        extraSpecialArgs = {
          inherit inputs outputs;
          home-conf = "fullHome";
        };
        modules = [
          ./users/phundrak/gampo.nix
          inputs.sops-nix.homeManagerModules.sops
        ];
      };
      "phundrak@tilo" = home-manager.lib.homeManagerConfiguration {
        pkgs = nixpkgs.legacyPackages.x86_64-linux;
        extraSpecialArgs = {
          inherit inputs outputs;
          home-conf = "minimal";
        };
        modules = [
          ./users/phundrak/tilo.nix
          inputs.sops-nix.homeManagerModules.sops
        ];
      };
    };
    nixosConfigurations = {
      gampo = nixpkgs.lib.nixosSystem {
        specialArgs = {inherit inputs outputs;};
        modules = [
          ./hosts/gampo/configuration.nix
          inputs.sops-nix.nixosModules.sops
        ];
      };
      marpa = nixpkgs.lib.nixosSystem {
        specialArgs = {inherit inputs outputs;};
        modules = [
          ./hosts/marpa/configuration.nix
          inputs.sops-nix.nixosModules.sops
        ];
      };
      tilo = nixpkgs.lib.nixosSystem {
        specialArgs = {inherit inputs outputs;};
        modules = [
          ./hosts/tilo/configuration.nix
          inputs.sops-nix.nixosModules.sops
        ];
      };
    };
  };
 }
--- a/hosts/alys/configuration.nix
+++ b/hosts/alys/configuration.nix
@@ -0,0 +1,41 @@
 {inputs, ...}: {
  imports = [
    ./hardware-configuration.nix
    inputs.home-manager.nixosModules.default
    ../../system
  ];
  mySystem = {
    boot = {
      kernel.hardened = true;
      systemd-boot = false;
      zram = {
        enable = true;
        memoryMax = 512;
      };
    };
    dev.docker.enable = true;
    networking = {
      hostname = "alys";
      domain = "phundrak.com";
      id = "41157110";
    };
    packages.nix.gc.automatic = true;
    services = {
      endlessh.enable = true;
      ssh = {
        enable = true;
        allowedUsers = ["phundrak"];
        passwordAuthentication = false;
      };
    };
    users = {
      root.disablePassword = true;
      phundrak = {
        enable = true;
        trusted = true;
      };
    };
  };
  system.stateVersion = "23.11";
 }
--- a/hosts/alys/hardware-configuration.nix
+++ b/hosts/alys/hardware-configuration.nix
@@ -0,0 +1,28 @@
 {
  modulesPath,
  lib,
  ...
 }: {
  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
  boot = {
    loader.grub = {
      efiSupport = true;
      efiInstallAsRemovable = true;
      device = "nodev";
    };
    initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
    initrd.kernelModules = ["nvme"];
  };
  fileSystems = {
    "/" = {
      device = "/dev/vda1";
      fsType = "ext4";
    };
    "/boot" = {
      device = "/dev/disk/by-uuid/F137-8D01";
      fsType = "vfat";
    };
  };
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/hosts/elcafe/configuration.nix
+++ b/hosts/elcafe/configuration.nix
@@ -0,0 +1,90 @@
 {
  inputs,
  config,
  ...
 }: {
  imports = [
    ./hardware-configuration.nix
    inputs.home-manager.nixosModules.default
    ../../system
  ];
  sops.secrets = {
    "elcafe/traefik/env".restartUnits = ["traefik.service"];
    "elcafe/traefik/dynamic".restartUnits = ["traefik.service"];
    # "elcafe/copyparty/passwords/creug" = {
    #   restartUnits = ["copyparty.service"];
    #   owner = "creug";
    # };
    # "elcafe/copyparty/passwords/phundrak" = {
    #   restartUnits = ["copyparty.service"];
    #   owner = "phundrak";
    # };
  };
  mySystem = {
    boot = {
      kernel = {
        hardened = true;
        cpuVendor = "intel";
      };
      grub = {
        enable = true;
        device = "/dev/sdh";
      };
      zfs = {
        enable = true;
        pools = ["tank"];
      };
    };
    dev.docker = {
      enable = true;
      storage = "/tank/docker/";
    };
    misc.keymap = "fr";
    networking = {
      hostname = "elcafe";
      id = "501c7fb9";
    };
    packages.nix.gc.automatic = true;
    services = {
      endlessh.enable = true;
      ssh = {
        enable = true;
        allowedUsers = ["phundrak"];
        passwordAuthentication = true;
      };
      traefik = {
        enable = false;
        environmentFiles = [config.sops.secrets."elcafe/traefik/env".path];
        dynamicConfigFile = config.sops.secrets."elcafe/traefik/dynamic".path;
      };
    };
    users = {
      root.disablePassword = true;
      phundrak = {
        enable = true;
        trusted = true;
      };
      creug = {
        enable = true;
        sudo = true;
      };
    };
  };
  # services.copyparty = import ./copyparty.nix {
  #   passwordFiles = {
  #     creug = config.sops.secrets."elcafe/copyparty/passwords/creug".path;
  #     phundrak = config.sops.secrets."elcafe/copyparty/passwords/phundrak".path;
  #   };
  # };
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It's perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.11"; # Did you read the comment?
 }
--- a/hosts/elcafe/copyparty.nix
+++ b/hosts/elcafe/copyparty.nix
@@ -0,0 +1,23 @@
 {passwordFiles}: {
  enable = true;
  user = "creug";
  group = "users";
  accounts = {
    creug.passwordFile = passwordFiles.creug;
    phundrak.passwordFile = passwordFiles.phundrak;
  };
  volumes = {
    "/plex" = {
      path = "/plex";
      access.rwmd = ["creug" "phundrak"];
      flags = {
        e2dsa = true;
        e2ts = true;
        xdev = true;
        xvol = true;
        dedup = true;
        nohash = "\\.iso$";
      };
    };
  };
 }
--- a/hosts/elcafe/hardware-configuration.nix
+++ b/hosts/elcafe/hardware-configuration.nix
@@ -0,0 +1,42 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  modulesPath,
  ...
 }: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot = {
    initrd = {
      availableKernelModules = ["ahci" "xhci_pci" "ehci_pci" "megaraid_sas" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
      kernelModules = [];
    };
    kernelModules = ["kvm-intel"];
    extraModulePackages = [];
  };
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/d2e703f7-90e0-43e7-9872-ce036f201c4b";
    fsType = "ext4";
  };
  swapDevices = [];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno3.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno4.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/gampo/configuration.nix
+++ b/hosts/gampo/configuration.nix
@@ -7,52 +7,76 @@
  imports = [
    inputs.sops-nix.nixosModules.sops
    ./hardware-configuration.nix
-    ./services
+    ../../system
    ../../modules/opentablet.nix
    ../../modules/sops.nix
    ../../modules/system.nix
    ../../programs/flatpak.nix
    ../../programs/hyprland.nix
    ../../programs/steam.nix
  ];
  mySystem = {
    boot = {
      plymouth.enable = true;
      kernel = {
        cpuVendor = "intel";
        package = pkgs.linuxPackages;
      };
      systemd-boot = true;
    };
    desktop = {
      hyprland.enable = true;
      xserver = {
        enable = true;
        de = "gnome";
      };
    };
    dev.docker = {
      enable = true;
      podman.enable = true;
      autoprune.enable = true;
    };
    hardware = {
      bluetooth.enable = true;
      fingerprint.enable = true;
      input = {
        corne.allowHidAccess = true;
        ibmTrackpoint.disable = true;
        opentablet.enable = true;
      };
      sound.enable = true;
    };
    i18n.input.enable = true;
    misc.keymap = "fr-bepo";
    networking = {
      hostname = "gampo";
      id = "0630b33f";
    };
    packages = {
      appimage.enable = true;
      flatpak.enable = true;
      nix = {
        gc.automatic = true;
        nix-ld.enable = true;
      };
    };
    programs.steam.enable = true;
    services = {
      fwupd.enable = true;
      ssh.enable = true;
    };
    users = {
      root.disablePassword = true;
      phundrak = {
        enable = true;
        trusted = true;
      };
    };
  };
  sops.secrets.extraHosts = {
    inherit (config.users.users.root) group;
    owner = config.users.users.phundrak.name;
    mode = "0440";
  };
  boot.initrd.kernelModules = ["i915"];
  system = {
    boot.plymouth.enable = true;
    docker = {
      enable = true;
      autoprune.enable = true;
      podman.enable = true;
    };
    networking = {
      hostname = "gampo";
      id = "0630b33f";
      hostFiles = [config.sops.secrets.extraHosts.path];
    };
    sound.enable = true;
  };
  modules.hyprland.enable = true;
  security.rtkit.enable = true;
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    curl
    openssl
    wget
  ];
  nix.settings.trusted-users = ["root" "phundrak"];
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database
  # versions on your system were taken. It‘s perfectly fine and
--- a/hosts/gampo/services/default.nix
+++ b/hosts/gampo/services/default.nix
@@ -1,15 +0,0 @@
 {
  imports = [
    ./gnome.nix
  ];
  services = {
    # Enable CUPS to print documents.
    printing.enable = true;
    openssh.enable = true;
    fwupd.enable = true;
    udev.extraRules = ''
      ATTRS{name}=="*TPPS/2 IBM TrackPoint", ENV{ID_INPUT}="", ENV{ID_INPUT_MOUSE}="", ENV{ID_INPUT_POINTINGSTICK}=""
    '';
  };
 }
--- a/hosts/gampo/services/gnome.nix
+++ b/hosts/gampo/services/gnome.nix
@@ -1,11 +0,0 @@
 {
  services.xserver = {
    enable = true;
    displayManager.gdm.enable = true;
    desktopManager.gnome.enable = true;
    xkb = {
      layout = "fr";
      variant = "bepo";
    };
  };
 }
--- a/hosts/marpa/configuration.nix
+++ b/hosts/marpa/configuration.nix
@@ -1,85 +0,0 @@
 {
  config,
  pkgs,
  inputs,
  ...
 }: {
  imports = [
    inputs.sops-nix.nixosModules.sops
    ./system/hardware-configuration.nix
    ./services
    ../../modules/opentablet.nix
    ../../modules/sops.nix
    ../../modules/system.nix
    ../../programs/flatpak.nix
    ../../programs/hyprland.nix
    ../../programs/steam.nix
  ];
  sops.secrets.extraHosts = {
    inherit (config.users.users.root) group;
    owner = config.users.users.phundrak.name;
    mode = "0440";
  };
  security.polkit.enable = true;
  fileSystems."/games" = {
    device = "/dev/disk/by-uuid/77d32db8-2e85-4593-b6b8-55d4f9d14e1a";
    fsType = "ext4";
  };
  system = {
    amdgpu.enable = true;
    boot.plymouth.enable = true;
    docker = {
      enable = true;
      podman.enable = true;
      autoprune.enable = true;
    };
    networking = {
      hostname = "marpa";
      id = "7EA4A111";
      hostFiles = [config.sops.secrets.extraHosts.path];
      firewall.openPortRanges = [
        {
          # Sunshine
          from = 1714;
          to = 1764;
        }
      ];
    };
    sound = {
      enable = true;
      jack = true;
    };
  };
  modules.hyprland.enable = true;
  security.rtkit.enable = true;
  nix.settings.trusted-users = ["root" "phundrak"];
  environment.systemPackages = with pkgs; [
    clinfo # AMD
    curl
    openssl
    wget
    alsa-scarlett-gui
  ];
  boot.extraModprobeConfig = ''
    options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
  '';
  programs.nix-ld.enable = true;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.11"; # Did you read the comment?
 }
--- a/hosts/marpa/default.nix
+++ b/hosts/marpa/default.nix
@@ -0,0 +1,157 @@
 {
  config,
  inputs,
  ...
 }: {
  imports = [
    inputs.sops-nix.nixosModules.sops
    ./hardware-configuration.nix
    ../../system
  ];
  fileSystems = {
    "/home".options = [
      "compress=zstd:3" # Good balance of compression vs speed
      "space_cache=v2" # Better performance
      "noatime" # Don't update access times (less writes)
    ];
    "/mnt/ai" = {
      device = "/dev/disk/by-uuid/47e87286-caaa-4e43-b2fd-b9eceac90fe9";
      fsType = "btrfs";
      options = [
        "compress=zstd:3" # Good balance of compression vs speed
        "space_cache=v2" # Better performance
        "noatime" # Don't update access times (less writes)
      ];
    };
    "/mnt/games" = {
      device = "/dev/disk/by-uuid/a8453133-76dc-44bd-a825-444c3305fd9b";
      fsType = "btrfs";
      options = [
        "compress=zstd:3" # Good balance of compression vs speed
        "space_cache=v2" # Better performance
        "noatime" # Don't update access times (less writes)
      ];
    };
    "/games" = {
      device = "/dev/disk/by-uuid/77d32db8-2e85-4593-b6b8-55d4f9d14e1a";
      fsType = "ext4";
    };
  };
  services.displayManager.autoLogin = {
    user = "phundrak";
    enable = true;
  };
  mySystem = {
    boot = {
      plymouth.enable = true;
      kernel = {
        cpuVendor = "amd";
        v4l2loopback.enable = true;
        extraModprobeConfig = ''
          options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
        '';
      };
      systemd-boot = true;
    };
    desktop = {
      hyprland.enable = true;
      niri.enable = true;
      waydroid.enable = true;
      xserver = {
        enable = true;
        de = "gnome";
      };
    };
    dev = {
      docker = {
        enable = true;
        podman.enable = true;
        autoprune.enable = true;
      };
      qemu.enable = true;
    };
    hardware = {
      amdgpu.enable = true;
      bluetooth.enable = true;
      input = {
        corne.allowHidAccess = true;
        opentablet.enable = true;
      };
      sound = {
        enable = true;
        jack = true;
        scarlett.enable = true;
      };
    };
    i18n.input.enable = true;
    misc.keymap = "fr-bepo";
    networking = {
      hostname = "marpa";
      id = "7EA4A111";
      firewall.openPortRanges = [
        {
          # Sunshine
          from = 1714;
          to = 1764;
        }
      ];
    };
    packages = {
      appimage.enable = true;
      flatpak.enable = true;
      nix.nix-ld.enable = true;
    };
    programs.steam.enable = true;
    services = {
      fwupd.enable = true;
      harmonia = {
        enable = true;
        signKeyPaths = [config.sops.secrets."marpa/nix-cache-priv-key".path];
      };
      languagetool.enable = true;
      printing.enable = true;
      ssh.enable = true;
      sunshine = {
        enable = true;
        autostart = true;
      };
    };
    users = {
      root.disablePassword = true;
      phundrak = {
        enable = true;
        trusted = true;
      };
    };
  };
  sops.secrets = {
    "marpa/nix-cache-priv-key" = {};
    extraHosts = {
      inherit (config.users.users.root) group;
      owner = config.users.users.phundrak.name;
      mode = "0440";
    };
  };
  services.udev.extraHwdb = ''
    mouse:usb:047d:80a6:*
     LIBINPUT_MIDDLE_EMULATION_ENABLED=1
  '';
  security = {
    polkit.enable = true;
    rtkit.enable = true;
  };
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.11"; # Did you read the comment?
 }
--- a/hosts/marpa/system/hardware-configuration.nix
+++ b/hosts/marpa/system/hardware-configuration.nix
--- a/hosts/marpa/services/default.nix
+++ b/hosts/marpa/services/default.nix
@@ -1,24 +1,24 @@
 {
-  imports = [
+  # imports = [
-    ../../../modules/ssh.nix
+  #   ./logind.nix
-    ../../../modules/sunshine.nix
+  #   ../../../system
-    ../../../modules/xserver.nix
+  # ];
-  ];
+  # imports = [
  #   ./logind.nix
  #   ../../../modules/ssh.nix
  #   ../../../modules/sunshine.nix
  # ];
-  modules = {
+  # modules = {
-    sunshine = {
+  #   sunshine = {
-      enable = true;
+  #     enable = true;
-      autostart = true;
+  #     autostart = true;
-    };
+  #   };
-    xserver = {
+  # };
-      amdgpu.enable = true;
+  # services = {
-      de = "gnome";
+  #   blueman.enable = true;
-    };
+  #   fwupd.enable = true;
-  };
+  #   printing.enable = true;
-  services = {
+  #   openssh.enable = true;
-    blueman.enable = true;
+  # };
    fwupd.enable = true;
    printing.enable = true;
    openssh.enable = true;
  };
 }
--- a/hosts/marpa/services/logind.nix
+++ b/hosts/marpa/services/logind.nix
@@ -0,0 +1,6 @@
 {
  services.logind = {
    powerKey = "ignore";
    powerKeyLongPress = "ignore";
  };
 }
--- a/hosts/naromk3/configuration.nix
+++ b/hosts/naromk3/configuration.nix
@@ -0,0 +1,75 @@
 {inputs, ...}: {
  imports = [
    ./hardware-configuration.nix
    inputs.home-manager.nixosModules.default
    ../../system
  ];
  mySystem = {
    boot = {
      kernel = {
        hardened = true;
        cpuVendor = "amd";
      };
      grub = {
        enable = true;
        device = "/dev/sdb";
      };
    };
    dev.docker.enable = true;
    misc.keymap = "fr-bepo";
    networking = {
      hostname = "NaroMk3";
      id = "0003beef";
      firewall = {
        openPorts = [
          22 # Gitea SSH
          80 # HTTP
          443 # HTTPS
        ];
      };
    };
    packages.nix.gc.automatic = true;
    services = {
      endlessh.enable = false;
      ssh = {
        enable = true;
        allowedUsers = ["phundrak"];
        passwordAuthentication = false;
        port = 2222; # port 22 will be used by Gitea
      };
    };
    users = {
      root.disablePassword = true;
      phundrak = {
        enable = true;
        trusted = true;
      };
    };
  };
  # This option defines the first version of NixOS you have installed
  # on this particular machine, and is used to maintain compatibility
  # with application data (e.g. databases) created on older NixOS
  # versions.
  #
  # Most users should NEVER change this value after the initial
  # install, for any reason, even if you've upgraded your system to a
  # new NixOS release.
  #
  # This value does NOT affect the Nixpkgs version your packages and
  # OS are pulled from, so changing it will NOT upgrade your system -
  # see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
  # to actually do that.
  #
  # This value being lower than the current NixOS release does NOT
  # mean your system is out of date, out of support, or vulnerable.
  #
  # Do NOT change this value unless you have manually inspected all
  # the changes it would make to your configuration, and migrated your
  # data accordingly.
  #
  # For more information, see `man configuration.nix` or
  # https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion
  system.stateVersion = "25.05"; # Did you read the comment?
 }
--- a/hosts/naromk3/hardware-configuration.nix
+++ b/hosts/naromk3/hardware-configuration.nix
@@ -0,0 +1,50 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  lib,
  modulesPath,
  ...
 }: {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
  boot = {
    initrd = {
      availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
      kernelModules = [];
    };
    kernelModules = [];
    extraModulePackages = [];
  };
  fileSystems = {
    "/" = {
      device = "/dev/disk/by-uuid/28b965a5-940b-4990-87fe-039c9f373bf0";
      fsType = "ext4";
    };
    "/boot" = {
      device = "/dev/disk/by-uuid/EBAD-6B85";
      fsType = "vfat";
      options = ["fmask=0022" "dmask=0022"];
    };
    "/tank" = {
      device = "/dev/disk/by-uuid/ed00871e-a14a-428f-b6e4-5b56febd756a";
      fsType = "ext4";
    };
  };
  swapDevices = [];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/hosts/pumo/default.nix
+++ b/hosts/pumo/default.nix
@@ -0,0 +1,91 @@
 # Minimal configuration for OnePlus 6 (enchilada) NixOS Mobile
 # Focus on essentials: SSH, wireless, and basic tools
 {
  pkgs,
  inputs,
  ...
 }: {
  imports = [
    inputs.sops-nix.nixosModules.sops
    ../../system
  ];
  nixpkgs.config.permittedInsecurePackages = ["olm-3.2.16"];
  mySystem = {
    desktop = {
      hyprland.enable = true;
      niri.enable = true;
      waydroid.enable = true;
      xserver = {
        enable = true;
        de = "gnome";
      };
    };
    dev.docker = {
      enable = true;
      podman.enable = true;
      autoprune.enable = true;
    };
    hardware = {
      bluetooth.enable = true;
      sound = {
        enable = true;
        usePulseaudio = true;
      };
    };
    i18n.input.enable = true;
    misc = {
      keymap = "fr-bepo";
      mobile = true;
    };
    networking = {
      hostname = "pumo";
      id = "93595b88";
    };
    packages = {
      appimage.enable = true;
      flatpak.enable = true;
      nix.nix-ld.enable = true;
    };
    services = {
      languagetool.enable = true;
      printing.enable = true;
      ssh.enable = true;
    };
    users = {
      root.disablePassword = true;
      phundrak = {
        enable = true;
        trusted = true;
        extraGroups = ["feedbackd"];
      };
    };
  };
  programs = {
    dconf.enable = true;
    calls.enable = true;
    zsh.enable = true;
  };
  hardware.sensor.iio.enable = true;
  # Minimal essential packages
  environment.systemPackages = with pkgs; [
    chatty # IM and SMS
    epiphany
    nixd
    git
    vim
    emacs
    wget
    curl
    jujutsu
    firefox
    kitty
  ];
  system.stateVersion = "25.11";
 }
--- a/hosts/tilo/configuration.nix
+++ b/hosts/tilo/configuration.nix
@@ -1,23 +1,12 @@
-# Edit this configuration file to define what should be installed on your
+{inputs, ...}: {
 # system.  Help is available in the configuration.nix(5) man page and in
 # the NixOS manual (accessible by running ‘nixos-help’).
 {
  pkgs,
  inputs,
  ...
 }: {
  imports = [
    ./hardware-configuration.nix
    inputs.home-manager.nixosModules.default
-    ../../modules/locale.nix
+    ../../system
-    ../../modules/system.nix
+    ./services
    ../../modules/ssh.nix
    ../../modules/endlessh.nix
    ../../programs/nano.nix
  ];
-  system = {
+  mySystem = {
    amdgpu.enable = false;
    boot = {
      kernel = {
        hardened = true;
@@ -28,51 +17,43 @@
        pools = ["tank"];
      };
    };
-    docker.enable = true;
+    dev.docker.enable = true;
    misc.keymap = "fr-bepo";
    networking = {
      hostname = "tilo";
      id = "7110b33f";
      firewall = {
        openPorts = [
          22 # SSH
          80 # HTTP
          443 # HTTPS
          2222 # endlessh
          25565 # Minecraft
        ];
        extraCommands = ''
          iptables -I INPUT 1 -i 172.16.0.0/12 -p tcp -d 172.17.0.1 -j ACCEPT
          iptables -I INPUT 1 -i 172.16.0.0/12 -p tcp -d 172.17.0.1 -j ACCEPT
        '';
      };
    };
-    nix.gc.automatic = true;
+    packages.nix.gc.automatic = true;
-    sound.enable = false;
+    services = {
      calibre.enable = true;
      endlessh.enable = true;
      jellyfin.enable = true;
      plex = {
        enable = true;
        dataDir = "/tank/web/stacks/plex/plex-config";
      };
      ssh = {
        enable = true;
        allowedUsers = ["phundrak"];
        passwordAuthentication = false;
      };
    };
    users = {
      root.disablePassword = true;
-      phundrak = true;
+      phundrak = {
        enable = true;
        trusted = true;
      };
    };
    console.keyMap = "fr-bepo";
  };
  modules = {
    ssh = {
      enable = true;
      allowedUsers = ["phundrak"];
      passwordAuthentication = false;
    };
    endlessh.enable = true;
  };
  nixpkgs.config.allowUnfree = true;
  environment.systemPackages = [pkgs.openssl];
  # imports = [
  #   # Include the results of the hardware scan.
  #   ./services.nix
  # ];
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/hosts/tilo/services/default.nix
+++ b/hosts/tilo/services/default.nix
@@ -0,0 +1,3 @@
 {
  imports = [./nextcloud-cron.nix];
 }
--- a/hosts/tilo/services/nextcloud-cron.nix
+++ b/hosts/tilo/services/nextcloud-cron.nix
@@ -0,0 +1,33 @@
 {pkgs, ...}: {
  systemd = {
    timers."nextcloud-cron" = {
      wantedBy = ["timers.target"];
      timerConfig = {
        OnBootSec = "20m";
        OnUnitActiveSec = "20m";
        Unit = "nextcloud-cron.service";
      };
    };
    services."nextcloud-cron" = {
      script = ''
        CONTAINER_NAME="nextcloud-nextcloud-1"
        is_container_running() {
          ${pkgs.docker}/bin/docker inspect -f '{{.State.Running}}' "$CONTAINER_NAME" 2>/dev/null | grep -q "true"
        }
        while ! is_container_running; do
            echo "Waiting for $CONTAINER_NAME to start..."
            sleep 10
        done
        echo "$CONTAINER_NAME is running. Executing CRON job..."
        ${pkgs.docker}/bin/docker exec -u www-data -it nextcloud-nextcloud-1 php /var/www/html/cron.php
      '';
      serviceConfig = {
        Type = "oneshot";
        User = "root";
      };
    };
  };
 }
--- a/modules/amdgpu.nix
+++ b/modules/amdgpu.nix
@@ -1,17 +0,0 @@
 {
  pkgs,
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.modules.amdgpu;
 in {
  options.modules.amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
  config = mkIf cfg.enable {
    systemd.tmpfiles.rules = [
      "L+    /opt/rocm/hip   -    -    -     -    ${pkgs.rocmPackages.clr}"
    ];
    hardware.graphics.extraPackages = with pkgs; [rocmPackages.clr.icd];
  };
 }
--- a/modules/dev/docker.nix
+++ b/modules/dev/docker.nix
@@ -1,32 +0,0 @@
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.modules.docker;
 in {
  options.modules.docker = {
    enable = mkEnableOption "Enable Docker";
    podman.enable = mkEnableOption "Enable Podman rather than Docker";
    nvidia.enable = mkEnableOption "Activate Nvidia support";
    autoprune.enable = mkEnableOption "Enable autoprune";
  };
  config = {
    virtualisation = {
      docker = mkIf (cfg.enable && !cfg.podman.enable) {
        enable = true;
        enableNvidia = cfg.nvidia.enable;
        autoPrune.enable = cfg.autoprune.enable;
      };
      podman = mkIf cfg.podman.enable {
        enable = true;
        dockerCompat = cfg.enable;
        enableNvidia = cfg.nvidia.enable;
        dockerSocket.enable = cfg.enable;
        autoPrune.enable = cfg.autoprune.enable;
      };
    };
  };
 }
--- a/modules/opentablet.nix
+++ b/modules/opentablet.nix
@@ -1,6 +0,0 @@
 {
  hardware.opentabletdriver = {
    enable = true;
    daemon.enable = true;
  };
 }
--- a/modules/sound.nix
+++ b/modules/sound.nix
@@ -1,40 +0,0 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 with lib; let
  cfg = config.modules.sound;
 in {
  options.modules.sound = {
    enable = mkEnableOption "Whether to enable sounds with Pipewire";
    alsa = mkOption {
      type = types.bool;
      example = true;
      default = true;
      description = "Whether to enable ALSA support with Pipewire";
    };
    jack = mkOption {
      type = types.bool;
      example = true;
      default = false;
      description = "Whether to enable JACK support with Pipewire";
    };
    package = mkOption {
      type = types.package;
      example = pkgs.pulseaudio;
      default = pkgs.pulseaudioFull;
      description = "Which base package to use for PulseAudio";
    };
  };
  config.services.pipewire = mkIf cfg.enable {
    enable = true;
    alsa = mkIf cfg.alsa {
      enable = mkDefault true;
      support32Bit = mkDefault true;
    };
    jack.enable = mkDefault cfg.jack;
  };
 }
--- a/modules/sunshine.nix
+++ b/modules/sunshine.nix
@@ -1,22 +0,0 @@
 {
  config,
  lib,
  ...
 }:
 with lib; let
  cfg = config.modules.sunshine;
 in {
  options.modules.sunshine = {
    enable = mkEnableOption "Enables moonlight";
    autostart = mkEnableOption "Enables autostart";
  };
  config.services.sunshine = mkIf cfg.enable {
    enable = true;
    autoStart = cfg.autostart;
    capSysAdmin = true;
    openFirewall = true;
    settings = {
      sunshine_name = "marpa";
    };
  };
 }
--- a/modules/system.nix
+++ b/modules/system.nix
@@ -1,171 +0,0 @@
 {
  pkgs,
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.system;
 in {
  imports = [
    ./amdgpu.nix
    ./boot.nix
    ./locale.nix
    ./networking.nix
    ./nix.nix
    ./plymouth.nix
    ./sound.nix
    ./users.nix
    ./dev/docker.nix
  ];
  options.system = {
    amdgpu.enable = mkEnableOption "Enables AMD GPU support";
    boot = {
      kernel = {
        package = mkOption {
          type = types.raw;
          default = pkgs.linuxPackages_zen;
        };
        modules = mkOption {
          type = types.listOf types.str;
          default = [];
        };
        cpuVendor = mkOption {
          description = "Intel or AMD?";
          type = types.enum ["intel" "amd"];
          default = "amd";
        };
        v4l2loopback = mkOption {
          description = "Enables v4l2loopback";
          type = types.bool;
          default = true;
        };
        hardened = mkEnableOption "Enables hardened Linux kernel";
      };
      plymouth.enable = mkEnableOption "Enables Plymouth";
      zfs = {
        enable = mkEnableOption "Enables ZFS";
        pools = mkOption {
          type = types.listOf types.str;
          default = [];
        };
      };
    };
    docker = {
      enable = mkEnableOption "Enable Docker";
      podman.enable = mkEnableOption "Enable Podman rather than Docker";
      nvidia.enable = mkEnableOption "Activate Nvidia support";
      autoprune.enable = mkEnableOption "Enable autoprune";
    };
    networking = {
      hostname = mkOption {
        type = types.str;
        example = "gampo";
      };
      id = mkOption {
        type = types.str;
        example = "deadb33f";
      };
      hostFiles = mkOption {
        type = types.listOf types.path;
        example = [/path/to/hostFile];
        default = [];
      };
      firewall = {
        openPorts = mkOption {
          type = types.listOf types.int;
          example = [22 80 443];
          default = [];
        };
        openPortRanges = mkOption {
          type = types.listOf (types.attrsOf types.port);
          default = [];
          example = [
            {
              from = 8080;
              to = 8082;
            }
          ];
          description = ''
            A range of TCP and UDP ports on which incoming connections are
            accepted.
          '';
        };
        extraCommands = mkOption {
          type = types.nullOr types.lines;
          example = "iptables -A INPUTS -p icmp -j ACCEPT";
          default = null;
        };
      };
    };
    nix = {
      disableSandbox = mkOption {
        type = types.bool;
        default = false;
      };
      gc = {
        automatic = mkOption {
          type = types.bool;
          default = true;
        };
        dates = mkOption {
          type = types.str;
          default = "Monday 01:00 UTC";
        };
        options = mkOption {
          type = types.str;
          default = "--delete-older-than 30d";
        };
      };
    };
    sound = {
      enable = mkEnableOption "Whether to enable sounds with Pipewire";
      alsa = mkOption {
        type = types.bool;
        example = true;
        default = true;
        description = "Whether to enable ALSA support with Pipewire";
      };
      jack = mkOption {
        type = types.bool;
        example = true;
        default = false;
        description = "Whether to enable JACK support with Pipewire";
      };
      package = mkOption {
        type = types.package;
        example = pkgs.pulseaudio;
        default = pkgs.pulseaudioFull;
        description = "Which base package to use for PulseAudio";
      };
    };
    users = {
      root.disablePassword = mkEnableOption "Disables root password";
      phundrak = mkOption {
        type = types.bool;
        default = true;
      };
    };
    timezone = mkOption {
      type = types.str;
      default = "Europe/Paris";
    };
    console.keyMap = mkOption {
      type = types.str;
      default = "fr";
    };
  };
  config = {
    time.timeZone = cfg.timezone;
    console.keyMap = cfg.console.keyMap;
    modules = {
      boot = {
        inherit (cfg) amdgpu;
        inherit (cfg.boot) kernel plymouth zfs;
      };
      inherit (cfg) sound users networking docker amdgpu;
    };
  };
 }
--- a/modules/users.nix
+++ b/modules/users.nix
@@ -1,39 +0,0 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 with lib; let
  cfg = config.modules.users;
 in {
  options.modules.users = {
    root.disablePassword = mkEnableOption "Disables root password";
    phundrak = mkOption {
      type = types.bool;
      default = true;
    };
  };
  config = {
    users.users = {
      root = {
        hashedPassword = mkIf cfg.root.disablePassword "*";
        shell = pkgs.zsh;
      };
      phundrak = {
        isNormalUser = true;
        description = "Lucien Cartier-Tilet";
        extraGroups = ["networkmanager" "wheel" "docker" "dialout" "podman"];
        shell = pkgs.zsh;
        openssh.authorizedKeys.keyFiles = [
          ./keys/id_gampo.pub
          ./keys/id_marpa.pub
          ./keys/id_tilo.pub
          ./keys/id_opn4.pub
        ];
      };
    };
    programs.zsh.enable = true;
  };
 }
--- a/modules/xserver.nix
+++ b/modules/xserver.nix
@@ -1,41 +0,0 @@
 {
  config,
  lib,
  ...
 }:
 with lib; let
  cfg = config.modules.xserver;
 in {
  options.modules.xserver = {
    amdgpu.enable = mkEnableOption "Enables AMD GPU support";
    de = mkOption {
      type = types.enum ["gnome" "kde"];
      default = "gnome";
      example = "kde";
      description = "Which DE to enable";
    };
  };
  config.services = {
    displayManager.sddm.enable = mkIf (cfg.de == "kde") true;
    desktopManager.plasma6.enable = mkIf (cfg.de == "kde") true;
    gnome = mkIf (cfg.de == "gnome") {
      gnome-browser-connector.enable = true;
      games.enable = false;
      gnome-remote-desktop.enable = true;
      gnome-online-accounts.enable = true;
      sushi.enable = true;
    };
    xserver = {
      enable = true;
      displayManager.gdm.enable = mkIf (cfg.de == "gnome") true;
      desktopManager.gnome.enable = mkIf (cfg.de == "gnome") true;
      videoDrivers = lists.optional cfg.amdgpu.enable "amdgpu";
      xkb = {
        layout = "fr";
        variant = "bepo_afnor";
      };
    };
  };
 }
--- a/packages/handy.nix
+++ b/packages/handy.nix
@@ -0,0 +1,24 @@
 # https://handy.computer/
 {
  appimageTools,
  fetchurl,
  lib,
 }: let
  name = "Handy";
  pname = lib.strings.toLower name;
  version = "0.8.0";
  src = fetchurl {
    url = "https://github.com/cjpais/${name}/releases/download/v${version}/${name}_${version}_amd64.AppImage";
    hash = "sha256-PLcssfd6iMx51mglAJ7D4+67HFazwfhJMImgU9WiNDk=";
  };
  appimageContent = appimageTools.extractType2 {inherit pname version src;};
 in
  appimageTools.wrapType2 {
    inherit pname version src;
    extraPkgs = pkgs: [pkgs.wtype];
    extraInstallCommands = ''
      install -m 444 -D ${appimageContent}/${name}.desktop $out/share/applications/${name}.desktop
      install -m 444 -D ${appimageContent}/${name}.png $out/share/icons/hicolor/256x256/apps/${name}.png
      install -m 444 -D ${appimageContent}/${pname}.png $out/share/icons/hicolor/256x256/apps/${pname}.png
    '';
  }
--- a/packages/inkdrop.nix
+++ b/packages/inkdrop.nix
@@ -0,0 +1,149 @@
 # https://www.inkdrop.app/
 {
  lib,
  fetchurl,
  stdenv,
  autoPatchelfHook,
  makeWrapper,
  wrapGAppsHook3,
  alsa-lib,
  at-spi2-atk,
  at-spi2-core,
  cairo,
  cups,
  dbus,
  expat,
  gdk-pixbuf,
  glib,
  gtk3,
  libdrm,
  libnotify,
  libpulseaudio,
  libsecret,
  libuuid,
  libxkbcommon,
  mesa,
  nspr,
  nss,
  pango,
  systemd,
  libx11,
  libxscrnsaver,
  libxcomposite,
  libxcursor,
  libxdamage,
  libxext,
  libxfixes,
  libxi,
  libxrandr,
  libxrender,
  libxtst,
  libxcb,
  libxkbfile,
  libxshmfence,
 }:
 stdenv.mkDerivation rec {
  pname = "inkdrop";
  version = "5.11.8";
  src = fetchurl {
    url = "https://dist.inkdrop.app/v${version}/${pname}_${version}_amd64.deb";
    hash = "sha256-8aJSeUi5K9PgNJvfYAtnRnI2t+vM10jiqVAZmX+zni0=";
  };
  nativeBuildInputs = [
    autoPatchelfHook
    makeWrapper
    wrapGAppsHook3
  ];
  buildInputs = [
    alsa-lib
    at-spi2-atk
    at-spi2-core
    cairo
    cups
    dbus
    expat
    gdk-pixbuf
    glib
    gtk3
    libdrm
    libnotify
    libpulseaudio
    libsecret
    libuuid
    libxkbcommon
    mesa
    nspr
    nss
    pango
    systemd
    libx11
    libxscrnsaver
    libxcomposite
    libxcursor
    libxdamage
    libxext
    libxfixes
    libxi
    libxrandr
    libxrender
    libxtst
    libxcb
    libxkbfile
    libxshmfence
  ];
  dontBuild = true;
  dontConfigure = true;
  # Ignore musl dependency since we're using glibc
  autoPatchelfIgnoreMissingDeps = ["libc.musl-x86_64.so.1"];
  unpackPhase = ''
    runHook preUnpack
    # Extract deb file manually to avoid setuid issues
    ar x $src
    tar xf data.tar.xz --no-same-permissions --no-same-owner
    runHook postUnpack
  '';
  installPhase = ''
    runHook preInstall
    # Create output directories
    mkdir -p $out/bin $out/share
    # Copy the main application
    cp -r usr/lib/inkdrop $out/share/inkdrop
    # Copy desktop file and icon
    cp -r usr/share/applications $out/share/
    cp -r usr/share/pixmaps $out/share/
    # Fix desktop file to use absolute paths
    substituteInPlace $out/share/applications/inkdrop.desktop \
      --replace-quiet "Exec=inkdrop" "Exec=$out/bin/inkdrop" \
      --replace-quiet "Icon=inkdrop" "Icon=$out/share/pixmaps/inkdrop.png"
    # Create wrapper script in bin
    makeWrapper $out/share/inkdrop/inkdrop $out/bin/inkdrop \
      --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
      --set-default ELECTRON_IS_DEV 0 \
      --inherit-argv0
    runHook postInstall
  '';
  meta = with lib; {
    description = "Notebook app for Markdown lovers";
    homepage = "https://www.inkdrop.app/";
    license = licenses.unfree;
    maintainers = [];
    platforms = ["x86_64-linux"];
    mainProgram = "inkdrop";
  };
 }
--- a/programs/flatpak.nix
+++ b/programs/flatpak.nix
@@ -1,3 +0,0 @@
 {
  services.flatpak.enable = true;
 }
--- a/programs/steam.nix
+++ b/programs/steam.nix
@@ -1,21 +0,0 @@
 {pkgs, ...}: {
  programs = {
    steam = {
      enable = true;
      protontricks.enable = true;
      remotePlay.openFirewall = true;
      localNetworkGameTransfers.openFirewall = true;
      gamescopeSession.enable = true;
      extraCompatPackages = [pkgs.proton-ge-bin];
    };
    gamescope = {
      enable = true;
      capSysNice = true;
      args = [
        "--rt"
        "--expose-wayland"
      ];
    };
  };
  hardware.steam-hardware.enable = true;
 }
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -1,67 +1,113 @@
-extraHosts: ENC[AES256_GCM,data:nuEU+Tlj9BBEO/459B7u74WEdlDmvn3coWkk3JG5uqWXR1G4tk6H8EvQAY/xAuqcM01T4psaeqQTxZA+U626zMQ++vOsYwI8cch8m0xIkKKJ3Ztyqeip8egK2xPywdJp69Z5XhweF3RlxPBTroMcCoqHG0rFQmPuwaWrM/DJ6HQBGqKA3wmaYXAC4OLFVGNzLNLfWD85PAxK1YTJnClaerFdwsxm9tq+HNg7zEnOUVyQjm2l16MKkV1kybddNFc6SKHmm2e/XYNQ85eRm1ALq1v1WRPLaa87MsPLM6svwNy5hEMX+AQKfGBL4hLUKOw+yPktfSnGhj8uDO6IUTjySzkgdYIu37E8ozN8CZ2m+5wYDjf1NU34/yUo2p3RZISuy52qEhGE0jsIeDiC6KMPs6/dHKpxbkRVhe7ZWpZvee7dhWyAkW4lk+MA1p3OklCBdTn8JcrAlVcKf0n1+XyK5ua0q5ja6UKg1Q5Y1LGFPInt+styJ65HdvqBcdLiG7DCQYHGpWGIeSNglbAKPMCeBCablN/2gLLYOK08RXwwSAj1V5lCXAKoc3FfnX73ELRelzLwE2MNJZCn0DqnqP0vOnzXM9ftWVODCjcIEmLUX+CL7hBNLrWcp+Q3ALQcSZsAVejpP8Iajo85R/Hc+2OtqfXijoJNacaMgKCX/5ZWOFEwNUdto3xSRQXu2Ck//F4F/0Ez6yqOFux1byjdyHDbGGdFz02DTZUkOtsPVssyqz1nEHepDQM0EmAAxAR6D8hHOnZGesfqbS+5Xd3+KlfxyFC2mHDxK4WZPCHTAEsenWEiQTGfaOT+1bpbimRfUcqiRXukSUeHY2cKf/reNw0MT7t5n1mvidihP3sJuc573ViUlG+Ts8ctyZ/+tKU2aCMz3wevPzZNiIVqXsB2lC8c,iv:MnbM30XhdQFOPmc4x/a7YaDmnCDCFHS2Nm8plh+raSo=,tag:SpHUqyeSVdtf8uk4SyjmOA==,type:str]
+elcafe:
    copyparty:
        passwords:
            creug: ENC[AES256_GCM,data:bWiDsIB9xbCC8N3VNzoXQ/ciyh5LyX5gaH5HrCR1n18=,iv:UOUUs/dXMQ4gF5x1UZuSs/DZh14OErWq1EJjv1B5+No=,tag:gMrL7RlaIegw+gXE4Du0KQ==,type:str]
            phundrak: ENC[AES256_GCM,data:0kdrtlw2KeF4ZGqhejdnf1j59Lm5Gchh+wka2lOf8jU=,iv:4XG7M6oqRL0ZQiWMBe4oQ+mHjONkvuIXGa6m2Zqfd/A=,tag:A54LlE+7W2wXYn3HfCfBDw==,type:str]
    traefik:
        env: ENC[AES256_GCM,data:HUdWGYoEPp2v8dnDuVsl7YmPxuBfHmXzGrvKWeiqPlmAwMqVZrZ1j8on/7QKvYDJoTJ40XY2qNynSA==,iv:Vgc/fZERnNp7hSMeRd9EgB3IenKAFTAhwC0bk8CX4DE=,tag:SdfhOST/o29Lt1zRdXXRyQ==,type:str]
        dynamic: ENC[AES256_GCM,data:BKsjTfqpZhrocHOUfxjCNS61DVb1oSdPW99IrwmNjpFcs68WvyfD0+QZ9F362L88CQDTnDSXWAbc7mcBtxhqfhkjtsdxkhtLHMGG0WxlnYungTnROh9EDJRLNyjy/RCYWOIVOXIEUE5lLwnQkboZLEiruw1Ri+r27WYmGpD5DaR4XWDankb6BQPJA6f2ziPyynjNYZaRhMIQUDFLM3QRAXPYD00eaYIQtx253z8Uocz4LpOw2JReAQkI2zc+6Oe1O4fP/Cg8klF0owR6NkNUWoIUVwLqFmU7Yr45VO+T/f96Ev0hlDaMklxYJGNOS8kRbSqpaiuMCmL2mQ6rsZGFVfdMdImSL2j51lrPFJCsg/hNGXHAxQ0/OpHtcZz/cwn5nSHBXg6gX21kOpkWGY1+BRA15X0k5sUqXkZWjkP9wkSCV6pQTbr8a3GrX2VvGwguAC4EpTCkCobXw/d9a7bMfZFeJqFhwjpU/dfBi6OjF7bniOQ7k3+5RZRDqAxJiPaBk7NKVN1FzUCvFBjKifbfICOJaPJr1CmayNuBZtsSlj0MXBYx8D8oShzhsCo/+pyni4poMYyfNC9jQKWCBsjKEa6eWb1+TfOHv4W+lSlBFg3vGm4NDxCPnACKWlhKB4WoJGRHqnp809XF2fqP4lZN8S7+sB2rhNlr2CICk9oM80FNmW/8TTtIgbpfEeFeJwNTM+S95cFSqaIRg3kfcqB/bHG37BYthcL1SC85/lxhL2LJ/O0qXxbioyxVAaBIumAO8BB1qrdbOozHZZAU1IIKylDWMWUoJMyMdhMGnOxxxWcbV2jPUXUv03DYNp3G/5F2Hlr+h0bPIJEFZ2kb14wTK+25MsgfBgky26f8qjNwROqKA+bPeB2yUKSSCJb//PzzE4xyqu1mq2/1zTal0eSRTCEnAUCj0wDqCLBMO6GnL0PS4PtGJ9n/IbOjFXZeixWGJzUTcmxPAmsClH6FV8brEMVs5bfrjLieXQvcn0b8b9/1W2jV4dJGUE1TxUQ2B92VG7PrA39O/FO8tQJZrAMXO9iMv495w0Nxbt0HYN6wsFTUwlQ+3DCXxgmmVBqVSf1OtHuhxcznl1oR+sgPSgBRLVB22mv5677ErQGCWp1luyPSF6xvhIaKe9BDwxBwJ+RsqSn4w5t1qJM9uYqFunSJPY5439B4zWG+lUy1ZDNn1oHUaX3hZUhzc9tEm+0CWFNXxH2hiRFb2nYP6Pv/GNqjZCsflY0YYty0UJBqRELGpUO3Sd+zbyJmWtvDjto726/0jHB/jb0RVThUem0PzWmmIUth0ucKp0M7zqEWNyVPbvWOK6rWQW9eaW87bFeMhrD1PC+U0ilq9DKG1J3ldc0lEBrguc4fk72T3I62pw5KdGnsmB+FjAc8kdTFKhM52ylChsAnJGFu0LyBUgjGIzZ03XkO8RbYs/wzc9VQOvyikvB67wImXMu8PJDzMxXnu58y7C4U86kvLdUfYm5bz+MxZmXsDA1L7C4si6oLf7rOCfLLc4A1a/X/aMSk330SARW/UAZ/NaFDXhotYXZUSbr41Z6b0qRPZjjZfOkdeKxTp+r07+8oJpPOaIaaOIlNRkGyRCnbCGvJ4CuUfTQuywIefBHlawGzhsDvOKorWYTuim7MbJcd19bYMG6k8qqTQlNeHjZJaDLKJ/rnSAIGDSNYRP4uUUo0gqSp82E9bXUUn5VuFSPcJ55uvFXZD0f6tLZGIyUuG5tqw3xNQF2cA+4ZXzbxi6VIZQ+ahZELkoBR+dVXQ0yGkDJusNf61A1lfI2bd7JQnJ7YVhbF1gXNnDXdWO0F8zsnZyhSSJY3ZoXLdYn+v39+AxQvE3mpX7zNsk7+0WUHuqAh6JG6OBt7jF5OVwD3bfuQfDhPlfD7YOU5/C+rekDGXmfZOMXxadvQgWFcpHdgbV7NwKqdgj6pJDVoGO8/4HGtlb94/o6dtXzfheSLUhCUZ2Im81yduu8386fCYLHX/ZsP+CuuC2wlXQaSCgoODRXXDz7jsRcQNfW2ohmFT9iDn95NI5ylCgt49t2Cr06ft7Pd0tWjh69VQ8TjNlfqm3Sxlf/Gb9ihwOOytmbDv4bNKhpRIPC0jIZv3aaA7vgdLCbySVeMo1tfMx3Xvf6q8XqlsQ/HgwBxAMmjakIAukNwtU74oJ2AYpIO/Oc47081JR2sVtGWer6l7C8KMy9O0xYtABsofkc9kHQWtAvn82sSQTuI/UgD5ttfdfVZZaanHek3vgJyTYI3sPQDVJ6SXrC0a+fqMlTL7Jux/0B70gK1z46j5C54IBCChNa4CwXhvxofyoDgyF6DVC2qZxoKXGl1veQKJh68q9hCiDlYEpiwuRCs3j6uSUG4Rssc9TKfdY3AQltVrhykEORVEgZe1HWmlms=,iv:3G3geSZRziwGiKcUMVNZ7j5s/4YA6Uk7wCSb4aFNSMo=,tag:FxARskR9+wdV7/xCKP8UdA==,type:str]
 marpa:
    nix-cache-priv-key: ENC[AES256_GCM,data:H5VsN0nOogvgxWHXHF66BbzJe17zelZCG6mU4vmVJqBoi7a5cQxzU7WnV4k1EOpMJPDj6floVmrsG4DM86FthxcTwixCNDINmaemwAXQnUkgWXFKYY7Ovzten81UVKrtkN4n1S8=,iv:pxnHD5YqyTeNZnxyEJeXAUixZEz8Uq9b2HFZZBsMOzk=,tag:xI+4tFG+Q4Z5IVxlATayJA==,type:str]
 extraHosts: ENC[AES256_GCM,data:4lp7w0snYle7vGVLJq3zlTxoC8eVpaSreW3P8Aq+O6oRJoWo3IASpwi7zSx6nxmLo5LGPeupVXfy3xOkG9d5QFNU2uU6vXKvOnnm6wrpS+UcYp/4U/z+R3rFnFsI5PsCgmlL1bSUFCFkXlrLDIyoW50Q/DLXDS8QaUYAtto1DcRUXc9j8RnunYF38HFlAOD/Xa4DY048pvZu8TMsmLQjM5txZnZBq4+P8aBjY3SF+K9cqZ+SgQkU+gdGo0/S/N5OUZJ3ATJ6mglPl/Nplw/Dh9HvC7jEMJZKrVzWiYquTOn0/IytqOCS2SkhsmVMRqf06hpvhlz6sFXzkDfxKMIRTULEkjZDkZ7QioSbLeqmQePSg7xs28SvToiVKSpg0PxeH5LvJE73hgX3ATUXA2BmRvqQuqBwLaDU6TPm8xkYe7qbabaN5oFtXCI/XydZTao5Glqw/BZQRTise/qGgn3Bfl/ieMYQOqCMEdHzR0Beipur6spliGFC4YnwL3Nh4CO6qOB/j61a7rqY6nLyo54jWtjvHX42pTuGWhvhGH1z4NRZqcKks+KCMB4PcCXgul1hrb04wLXYVu7R/7QqOACp4SZBUFZCj+izcsnB1sKdKliL87VBUkwOSF+1JUCY,iv:5A3jCWLkooCkuOMiybbeQ9+TRA7CoiW3qbzmJLVarSc=,tag:qLsGhrFHs65Vesj4Ot4I/g==,type:str]
 mopidy:
-    spotify: ENC[AES256_GCM,data:SaDT0iSWhsgVOi1s+Nzbr0Mur3t2Zd9z/KIUshGWtbPfkXXIoiJeJFtoZIz5NL/t5FooYsNfU1mGYgDeVYSD4BPibW8hiCYrX6L6OX+Q6ZEWXXx/1eBEs2/q0BrWGvy7frcurq/Px4R3ax0dXJe/YKbpAtU7+bQl,iv:F2zT+uMVBMnSEZqgcRmV8/fc3G/g2fKDuHuBzkyBRN0=,tag:CD8fuOQfe6QCrj4BUh0/xw==,type:str]
+    spotify: ENC[AES256_GCM,data:6i9BzQmlndnROuT1H2zgN/3I6hBiFf14BlcS+XL2PbTiiEQZe2yE3tnZo3KXU9S5CjS3MwxsVdytKOFMQt2s1bVjcibBhJzoKEQByaapdzn1mK3kQLdJfhPf4Hf9YZV9Dlc60ngS7ESLZakdFVlj4rlbV5XReLhK,iv:fYd78r4U0kTyq1TZjBVXkjdNiOQ29gLJ53kwTXsi8W0=,tag:oWaeOuzdHWS4joZAdeA2pg==,type:str]
-    bandcamp: ENC[AES256_GCM,data:diEx2fbkOR1oUav81jU5bNt/KNmbOaVzLV+G3zBUVXE7nEQpZNqVom0rgNrEVDGzH3u/IaA5eqG5ce9lE0BomeY8Z4MWI1xujhX5KsXdv21aw4UwsNgyLPuWhkN2POUMfCJlvekc/TFfFvJHyysx8aKxeI4dsg==,iv:cxx0cVkjOPG+hMD8JctJHdcICJt7ozpfRBVSCDBo6Ro=,tag:JRjwwvieGaGZJ+k56HWFaw==,type:str]
+    bandcamp: ENC[AES256_GCM,data:3uWlk1W6pgExsUkLpqpFXpMceYEdMfWMxNUq8iGEyq8/P3OAjzg7pvvPBGcVwmh4jSgNilRiqmmGrtYLwdqPUMlmbFB56K6ZLDIcC2yg2SRfulYcObvimOkIkx7ITr1u6jSzjMkTR5ekIlzlPBxFQzEfBbgdrQ==,iv:IY1VH/8vjNCPz8LGbYbyr5U3FcmhV+YhK3fHnLfWiak=,tag:lB78PRuEuFen54csc7jHIQ==,type:str]
-emailPassword: ENC[AES256_GCM,data:LALAvyuNN9bfa8D6ZK1YiFXRfxLOBi9kXA0N0Kr7h18eAI4hWQ==,iv:WtidILFfWCMKylax52JP+X57GfZyYlxJtiwrC6SADik=,tag:NvOrsL3fbmxQZp06GZhUZA==,type:str]
+emailPassword: ENC[AES256_GCM,data:RUuXzEfkqu1hEg12vBko17MtvdcFIxPofB+nFOuuMdWqjqJgEg==,iv:725/ttk8jHmSIj16gqvLykOu8D8rUbzzvOyxyZx8Jds=,tag:jv1ZO14WsKyWFsfqzRzZPg==,type:str]
 ssh:
-    hosts: ENC[AES256_GCM,data:jLLehzuBuBh22ZukRlqjQJNBg0ri8go58SJfs4GjNqNdvI/H0NWRS0apqLPzERkbpPipex3kUiFIc6BH+usSSpfh/MWico8qZDKVD7Ekx6F8k45I2Pq+mbLsMEo3XfjcnfYgDWn2I7/jyidBsvA+m9VnjU8/Cnk5O/YeIZQRvfOZ4xc8zw7C/vqmxsNi2KZr+2N23L+eetoKM4J6AigmINH41wAL3/RlB0oCpjSHSkbp7Glu2LlyJygS52p9m5pq4QBXtoiu5AJ6qG17LrypmDjfxE2zU2R3Zu6VLbs4zWQY2+W36j33Fm5nMkMMPJAEdRR27HPxM2EAEuH4OI1Jbup669sln9nJxnO2zYveplNPsAb3a16D4L9rwSzUd1s2W+NlqBSYdyAktuvtPWf1vAg9+Fob9jUgUFGTQpNF8Xj1n+DqvXlLQknsB/7EhNSSnYyQS36wHF9KBHJwexpYbhnGiMuLjN6KXbr/YYawocSA/5o8s6X/tRXKMkXtZjoEsyr1aNMj+4gSHaSUOG78r3VwAHLOXNez67xFpKMa/IQfQhj2Zng8142hhL4hPyNtuTOK3oVvPjZtAfbfxesUi+Zx2VhaJsnmj6J4gAOWU9nVpol67V0hNSD4LMUOZwwPst11IyJsXjkKKY0iy7ykFMTk6KalkVUqlYOmQRIXtBE9sD4esC+FGH1ONi3n0tbG7YivmV3YSmxk0RvQ/YlKGOchKpPH/bzN/X+NZh6A3Uk5uDsqU+GOjfDY2yIgetw4FAQ42YMxNmTJjq6MpcaETb5eQm8wee4QaVODocXHyknfWs6FYGNUjQpYp3+zxKJovHuKQcFgug3t8Si5hKnQz6KDZNaoDE0UMBR2ABbAX1Bcvu0lLHzaPXpGfXyoAe+B3MwF9/TTVkCNNYhNKm63P7qUuIbKLLCDXH6e4y5YiIF8Sl9jF/kR8v8MbLgrAROx8NlTm5CqNhQWOPQQyQXvXEl5hwHyF9ptrXUB9wIe,iv:6Lzbf+DBTfaZj7NhTJ07dVPuaViP61V4N2QHPTEFzMQ=,tag:8t4c0DJmAwg/0qRLBW4vCQ==,type:str]
+    hosts: ENC[AES256_GCM,data:WTgCxNIyKTwFxDVlWkJcxrvUjYuVionDQSWgSqSc0SZ5mGbl228mv7Z6mXvwbN78+jIwTuuUtfmTsDoaUaSqyIReaXFsrIHAoCGoSMbJ10RiAbyDfCEH9vbHamAX22Ccfnyh7eUOb3AsAQo/pJs/95bdCpKEPy4SXcpB0tc+KpgrEijVLpRJFyB6UGl+2qg/hVfo8no5l4tZMUBxzS5KEU7pEEcA/SLfdVMM/4+aeVmJudxJPi3RsqnA8qORVpvJC0y/ln71OrFdRVrX4e47NEXzX2Hfr+hiFbW190xBp6a/kZypQl4vk4fzn8RUathQMOVmf1r4v7eJOYRWeGeZinZtQNe7SFWtiYc0pTbQ6GNyOMwzk3bMjlyzhlrTe1MqFqVbAHSsKk6ydpcjtXt4DgQ93IL4BU6emJu7HBFBOuQ9QWEvDubhB/0Y68BWUqGqY/2lPdllGJrXL87h5KJrLHSMyUX4mF9Je84aC0cv1N3d78kepo2wCz7jrfsxixT+qN7ufu/TurLloC6y2skOCmB+gcRo79Jzk4LRi+Zf+RWnWiXw5HsZWwO7so5JIDlgApkERif6vwup12jhdu+ZxcqFfjMt1wEFceS8YGNvUl0XWPgvmM9kdqn/4XXOYCnysbpcfZaBMGDOBUlbhLUybHdDzvGYV/kMU5m8xoXAjA==,iv:Gf2f71TluSEQtiHf7CIHE2tFX8N4Y17AjP1PnNuWuNA=,tag:sGmZR1lKbbOeEhPvrHHO8Q==,type:str]
 sops:
    age:
        - recipient: age1ajemtm502nn2n4q7v4j8meyd5mxtcqngkkedxq2pqzuwu78zp93qnw8q48
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiYU1MR2w4Njh2cVBocmJq
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2S3VaTmg3b2QxMGtVeStr
-            YkxvSmVsWDdGT0h0S3NSbDYxb21EVTlxT21nCjB3WlVmK0hkR1B6Z2lhbndvNFdC
+            WWRpb0RhVFNWM3RJNEV4ZTdRVmJUa2d6YVZrCnFTOWwwTlNhc2hqM2pwZ1hkcWd1
-            aE9YMHphU1JoV2hwZ0RITXhHZnJmeTAKLS0tIDk4akc0T1FvbURLRFpXNHlRQ3Vx
+            QlE2N0FtSGFFR1NHbzFOSzI5Um4rVTQKLS0tIEFaMHprc3Jlclk3MGtvc2NzZ3cr
-            TUZMTENMbVNjeVFxMGVSc2FpZ0dXcDgKcacaFS2diAKeKwmVz7KghKjkNI2ij4Ns
+            blMrcWVSVFB3TVc0aTQ0RUYvbDFJS0kKmGisf9VDK2RPA1uQCK5udt7sdeDyh344
-            fYSd8sq/bEDTvn1wNpF1zLmzX9jmoXc5iORuRKaYcT8OaoUX7SsFvQ==
+            IKhPHzEHAHjKEkE6sWc6TB/l8K3IfL9zdHQZ9ZqTvCiS8CBZOwPQeg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age197lfdanym647wdaz9uy8hrfqjwj9fs8rm7vs3fsrctceu8mr9gms2jedhz
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNlhkZzFoa21tR244dVJ0
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTRzRqTzlzVWpGMVFEbjV5
-            cXJWbDA0eVBrZWU4QVRVQm85bVVScFdYbHdnCjRWQWRNajIyQ0JoYTFFQ3RsOFA4
+            R1RXS1RBMzZGaGZjUkFZc3RLb2JkSzlRQlJZCnp5c0pMOHBZUkhralArcUhLSmx5
-            cTZGNVhCN2k0NHBMb1Z4VmVqRzNjbEkKLS0tIFhJTVBCM0E4dTkweld6WUx5Z1hQ
+            Uk41cGRUR3RxR1FYVHBWU3d6ZXJpcFUKLS0tIFdLclpadHV0QlRuYmJhYVZGWVc5
-            WXdwVFJ3cXQzUnFPUnV2NzdqcWwwZkkKqS9IQpB/MjnsVQ4IfIRtH6FESzLkdHq/
+            eHRMV2o0TXhoVkcyaXZqU0tsR0o2eDQKdYwEuPeQ1fntKQKIlOlxet+SJ0rT5I1y
-            GJnMHt0VcLt/gYrz+lrPc1ecQwNvVGH2Qt++BbSJxUFftoDLdEMlig==
+            WDpfGZUVvghx5dwdd6EMq3sQUeoFSfjrlgIAwNtHRwMC19A68ubzhQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age17pn6suvz2f7zmrm9zxj5hr0putvcvdamqxqt7ewhncgg6ccgmp2qr00xm2
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcVZPWVNBc1pFWm8zN3hm
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxUEtOZ3Zac01HTjVZVXNF
-            M1RtenlCbGl3Q0xhWlRWN1BmOUNDK3I0cVQwCk82Vm5IcmZZeVRBdlVUb0NtTXdz
+            endFNVprclpJMmh1eTA2ZmVJRTJlbjI3dEVNCjA4K2U5QWlOdkI0R3JwbVpNRWJG
-            QTlVMEhCWkpJN0JOM09mSGtqbzl5ZUkKLS0tIE4vTGhEQlRDZ1Vma0VEQ0xtcU9V
+            T0VQWS9uS2UrRVk0YU9VcGhSUkJ6S2sKLS0tIGJZY1VSM1o3QUR5Mk9vNmhsRWxr
-            MitPc29VYUV3UmJSNXdmMUhwck9MOXMKLXHEKpNvzModiTR1Q6cE1xKSGewV/9PJ
+            YURQR2kxdExKR00vYVJMVVQxekdVOE0KDkPOMeCo1MoM5R89t1rsMWR/bGIx592Z
-            rEbTgsa0E9C4vm5sDKjSjuvpSF9tNOSByf5So5kzX0ZTxgjdTjsFbw==
+            wvbVmE/El4Z0QzuvXl0XK3CFlKGuwgNw5TvtQ9QZP1aAL3yN0+T5oQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1cnnpnglkvgw5ffv8qpgwpqvj203lh4uwt698y9mxjwklxt8nysmsa8hepn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkeUlIL2QxQlhGN3RqOFZR
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQQTV1dkxMK3dxbGhiTGJG
-            K1p1bjc5R00yclEzL0hYY0c2OFJhRmN4Y0JvCkpIL0Q4Y1Nic3pFYjNIM1hMK2w2
+            bkVQTUFOU1I4SXAyV21PdThSZFNOTTA0cmpFCkpXcmRXdlE0eVRYWWErQUxSWFN4
-            cFNGNVhHcW85R2loZ3JveVVZNGptd1kKLS0tIGYvYjlTMzRzUUNlM3padDJHNkFm
+            bjI5bkU1NE84V1FTNVZiYUpLSnhSL2cKLS0tIFl6YmxmM1JLSlpxcDcxTnRnT1k3
-            VGJHL2c4Z05pTWlxellFMG4rRlp1MkUK4mwb2jMlfHb0ISInZKwbm9+EqBzWfZNU
+            M25EQU5zckVMa1VSK29iYW5PbHRJcVEK6+gstHbcPBdeRNvZa21nZB5sT1SdHWHs
-            +L/WahvTo4Fe9uSOJffpSMleH0ZJS35loCJE5WIdmGnRQB6Mw7LWag==
+            8St5tYl5I3CxNWFgFjOrHqteRKc+ZTcj3euAJ6Wathbw0YMiA3gz0Q==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1g68hxv73llkyc7etzh499ztcrt93pwawy0n8p93px4taqu58mehsp88vjq
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIR3FWcElFL2RBRmdFS1cy
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYRGYyUGhlL2NJelZTQ1g0
-            emRTM201a1ltWndUcDJ5RXptd1RTNHdvWXpNCkxBTXZCNUxvd1dXMDhHK0ZFVUI1
+            UEhJMFlkVmdlU1E2cGE2UHF2dytVYmhQMlIwCmdrOEZjUUFrQjMzK2FxVjF0NGY1
-            c2VkRlJJbDNYSzF0djJXN0J4YXltam8KLS0tIEFTZjdWd0NQTVEyU1Q4UCtQVGhy
+            UStNT3ZXbEJlUGxzSXlBTmYwUzRIalEKLS0tIHFuWWIrTGN6eUxyNEhybHIydzRp
-            K3VUdlpjd0M3RVBHOVVjc04yZzV4UkUKcB8r+FiqZqwsxj40hCtVePnfIZ3S8DFR
+            cUFid1RwRXA4cExWd3poK2hEaVd5Q00KjjiEiQw2OxcGv/qDudLmbM6aysYhLTxi
-            tgSRDMp8eEm6vXHbbf49E/cpV4iBwVel9zAe64tYs7atk9dcgMmOpw==
+            Qjmh133pyznFs+pLVLdYnId42zvojAeuJD9cJYxuwwgPA2ZlKdSVrg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1awytvphvty4f9wmdn86xnjg9kgetqjx8qlwj5d2882t4fyyzy58s3vg5k4
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0TkVLUnFDMnVoT3BUM0kr
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRbUs1Qm1hUnJldDNZNUR0
-            ZU5hZE1teGF1M21SbmY5MHZTMytKeWpkYnk0CmkwNXlBMDR1cEp2MkZPeWUyU0hZ
+            N3d0YXp5NWtjV0xvc1ZrM3ArZllIbmJtRXpnCnp2TVRyQVFqNC9kWXpBa0NnbW9X
-            Wlp4SFIwZUNQa25BRENsYWNoZmZoNjQKLS0tIEtIU3NRVS94SW80VXVGZy9hRkNQ
+            VVFONnNleG9wN2IwdkhSWjBObmVGd3cKLS0tIHVDVmVNazdLWUpOQVlTNFRwL1c5
-            QmJKNDJUY0RSakhwNWlkOVpib0trc1kK0tQxD9I82pjfs54eruu+IjzVUmcVBCPw
+            bkdsaXNINEZpZjdMdHAwdElpWFQ0aW8K0guO/BF8hp1LDToVBFY5JKdz8WXOwK2P
-            9mp1xKiYRRMXt3YQn6MPiyuuX3l3UB5MH0RJMNtRq0D961rs+iiS5A==
+            prGKdxPsTAfW8xTq97LHHRsLC7+4TVXnjF4LS4SM8EXIX9KCl5FIGA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-05-04T01:05:13Z"
+        - recipient: age1erkn7dd022e90ktyj66aux9j9xvl0uzd6ru5cmrjsvcm5rtr5pfs7q6k9h
-    mac: ENC[AES256_GCM,data:/wuo0bg48xlbP074JJ0rtmclWMG9vjlJnWjJnUaz45m+Gqj4IzA5ctSZdNnFTb7/CXkynJdFHme4/Nz8I/6+zzTFBeo/nVw43s1n0XmMqVYb2U/FTikvCMowHNnfMTY5Q83jD1MtE3XsRSCzxe649D4Zbcja8XG42v5rOt3geMA=,iv:n/yFp5f+LK8JaikifjRuieNtmcazl2VNz8rIzbvgBO8=,tag:Fs4+St1lxMn+VdEoP+Eo8g==,type:str]
+          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ZEVtVzM0dFhJYWd5UXZO
            ajIzSFp1VENuSjlaYSs4ZUdBSS90aEoyM25JCnhrd0lyUVN0dEV5a2tQUjZwSlFx
            eVlLT1kyejhuZDdGeHpDQnRMTllCSHMKLS0tIHZVS1JDVzBaaG1Oend1eDFiT1F4
            NU1vREt6SXBWYU1xdW1JSm1uUGZQRVEKtaDeDNo817rXXoMkBHo0MZWtm4LayqwC
            NN8vbhGcgT+M+ehnmZ1HdPk8VWRvlQ+SMpG+a6DjK8BjYtAWcO16RQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age16crkeglm3j3f6rveylytuerptjf9mwtv3hl89ywkmnnvdkntfchsuvrsk5
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6eUFYSC82YVM1WVEwc2Fz
            aEl3TG5oOFU5MUFhQ0JhbC9yRVYxOFo0bUVJCnpwQzMyZmN4ZTlNVW5pZTY5bkdY
            bjhaSnFxS0Vrb3pHTlJkWjVvczBSOG8KLS0tIHlsbjhxODdvcnd4c21aWUNpK01M
            ZW1hTUFtVE15QzVIVU93ZExlUWZjYzAKUZj+/NtMHCPjFFqbJ/8b2ASljV6GEk6p
            FbqV9LezRZrfl9GXBVUpB4Oeb9v2yp151aSda07/AG5YO0/jRAV/Bg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1tkywsvddjj6r6ukuqgz9aql92jfx85rz57dhmkkndysh6yx6p5rs0zj0qr
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxdjFYN01HcXZMNVBJckVm
            eklKZHAxeWgvVlcwWk9yWUJpcFFBUnpUV0FZCi85dGE2L3d3OS9CdW5sL0pZTTM2
            SFJkcUN0emh6S3hMenhCcXBhNWF6eVUKLS0tIExwNEVyRmpGRXRLMjgxY1dqbkxQ
            bk04K1luNnJVTjZQY25KRXNSVG0venMK7uM4tqqmq/o4QgMlE/x/FXkQsPRkofNO
            I6C93RYgp1OcGPH14Kmp5lXtK4/pdToaRnVXPGenDQJsFhwWCEI+Fg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age17p69ktg7yfzgdsk00f32mupe4n4fevdpw2wsv7ft30yvpeseau6s7t0zdg
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOTFXaHE0SDRCTnE4di9N
            S2JIbHF2a1pzNzU4UFIvQmpZMVpOUjJqd0RJClVxcTd3d05aRDN1RGVmWVpQS2lI
            L1RVU3FUM3d4SU9pYXlwSko2RW5uWjgKLS0tIEplR1l1bGlad3p1ZkNBbFY3YmlM
            dUpXZis2N2VyN0ZFbjlPRXdwRFQ1aHMKm1Mk6MPKxFmwdATCYUANRSY5rHKgmQer
            LBlqqWKt1JiIUAYtazQeQ6KYxmjVlQPY7AZw2t+EhBEPrqbTL3vOiw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2026-05-01T13:20:34Z"
    mac: ENC[AES256_GCM,data:OueL0eHYmFKWfSyCZxburRJ2FS1xkowx7ha/Zv7r++26D85GSHDeIL9HdfByI5a1OhH90rH3WLxZrJgT3FiwBw27HhhHtS7Fs6MBFvTuPmSA7ZtMeGMWBRVjwbGAWN17BZAhJzMlZHq2nPX0xXIKT0HuTLVRPLuVCSlvDzMXsTE=,iv:+JN4Vzs8o8PJAam/uKBbUXt3ArxC88D6xR7rMeeGglg=,tag:S+OtbxLhVKFnqBZtyKDGyA==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.12.2
--- a/system/boot/boot.nix
+++ b/system/boot/boot.nix
@@ -5,10 +5,9 @@
  ...
 }:
 with lib; let
-  cfg = config.modules.boot;
+  cfg = config.mySystem.boot;
 in {
-  options.modules.boot = {
+  options.mySystem.boot = {
    amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
    kernel = {
      package = mkOption {
        type = types.raw;
@@ -23,12 +22,28 @@ in {
        type = types.enum ["intel" "amd"];
        default = "amd";
      };
-      v4l2loopback = mkOption {
+      v4l2loopback.enable = mkEnableOption "Enables v4l2loopback kernel module";
        description = "Enables v4l2loopback";
        type = types.bool;
        default = true;
      };
      hardened = mkEnableOption "Enables hardened Linux kernel";
      extraModprobeConfig = mkOption {
        type = types.lines;
        default = "";
        example = ''
          options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
        '';
      };
    };
    systemd-boot = mkOption {
      type = types.bool;
      default = !cfg.grub.enable;
      description = "Does the system use systemd-boot?";
    };
    grub = {
      enable = mkEnableOption "Does the system use GRUB? (Disables systemd-boot)";
      device = mkOption {
        type = types.path;
        description = "The GRUB device";
        default = "";
      };
    };
    zfs = {
      enable = mkEnableOption "Enables ZFS";
@@ -39,22 +54,29 @@ in {
    };
  };
-  config.boot = {
+  config.boot = mkIf (! config.mySystem.misc.mobile) {
-    initrd.kernelModules = lists.optional cfg.amdgpu.enable "amdgpu";
+    initrd.kernelModules = lib.lists.singleton (
      if config.mySystem.hardware.amdgpu.enable
      then "amdgpu"
      else "i915"
    );
    extraModprobeConfig =
      strings.concatLines
      ([cfg.kernel.extraModprobeConfig]
        ++ lists.optional cfg.kernel.v4l2loopback.enable ''options v4l2loopback exclusive_caps=1 devices=1 video_nr=0 card_label="OBS Studio"'');
    loader = {
-      systemd-boot.enable = true;
+      systemd-boot.enable = cfg.systemd-boot;
-      efi.canTouchEfiVariables = true;
+      efi.canTouchEfiVariables = cfg.systemd-boot;
      grub = mkIf cfg.grub.enable {
        inherit (cfg.grub) enable device;
      };
    };
    supportedFilesystems = mkIf cfg.zfs.enable ["zfs"];
    zfs.extraPools = mkIf cfg.zfs.enable cfg.zfs.pools;
-    kernelPackages =
+    kernelPackages = cfg.kernel.package;
      if cfg.kernel.hardened
      then pkgs.linuxPackages_hardened
      else cfg.kernel.package;
    kernelModules =
      cfg.kernel.modules
      ++ ["kvm-${cfg.kernel.cpuVendor}"]
      ++ lists.optional cfg.kernel.v4l2loopback "v4l2loopback"
      ++ lists.optional cfg.kernel.hardened "tcp_bbr";
    kernel.sysctl = mkIf cfg.kernel.hardened {
      "kernel.sysrq" = 0; # Disable magic SysRq key
--- a/system/boot/default.nix
+++ b/system/boot/default.nix
@@ -0,0 +1,7 @@
 {
  imports = [
    ./boot.nix
    ./plymouth.nix
    ./zram.nix
  ];
 }
--- a/system/boot/plymouth.nix
+++ b/system/boot/plymouth.nix
@@ -5,9 +5,9 @@
  ...
 }:
 with lib; let
-  cfg = config.modules.boot.plymouth;
+  cfg = config.mySystem.boot.plymouth;
 in {
-  options.modules.boot.plymouth.enable = mkEnableOption "Enables Plymouth at system boot";
+  options.mySystem.boot.plymouth.enable = mkEnableOption "Enables Plymouth at system boot";
  config.boot = mkIf cfg.enable {
    plymouth = {
      inherit (cfg) enable;
--- a/system/boot/zram.nix
+++ b/system/boot/zram.nix
@@ -0,0 +1,21 @@
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.boot.zram;
 in {
  options.mySystem.boot.zram = {
    enable = mkEnableOption "Enable ZRAM";
    memoryMax = mkOption {
      type = types.int;
      example = "512";
      description = "Maximum size allocated to ZRAM in MiB";
    };
  };
  config.zramSwap = mkIf cfg.enable {
    inherit (cfg) enable;
    memoryMax = cfg.memoryMax * 1024 * 1024;
  };
 }
--- a/system/default.nix
+++ b/system/default.nix
@@ -0,0 +1,69 @@
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.misc;
 in {
  imports = [
    ./boot
    ./desktop
    ./dev
    ./hardware
    ./i18n
    ./network
    ./packages
    ./security
    ./services
    ./users
  ];
  options.mySystem.misc = {
    timezone = mkOption {
      type = types.str;
      default = "Europe/Paris";
    };
    keymap = mkOption {
      type = types.str;
      default = "fr";
      example = "fr-bepo";
      description = "Keymap to use in the TTY console";
    };
    mobile = mkEnableOption "Enable if using Mobile NixOS";
  };
  config = {
    boot.tmp.cleanOnBoot = true;
    console.keyMap = cfg.keymap;
    time.timeZone = cfg.timezone;
    environment.pathsToLink = [
      "/share/bash-completion"
      "/share/zsh"
    ];
    services = {
      orca.enable = false;
      envfs.enable = true;
    };
    nix.settings = {
      substituters = [
        "http://marpa:5000?priority=5"
        "https://phundrak.cachix.org?priority=10"
        "https://nix-community.cachix.org?priority=20"
        "https://cache.nixos.org?priority=40"
      ];
      trusted-public-keys = [
        "marpa-local:XoO+dFN4PeauF52pYuy3Vh4Sdtl2qIdxu5aUasWKv6Q="
        "phundrak.cachix.org-1:osJAkYO0ioTOPqaQCIXMfIRz1/+YYlVFkup3R2KSexk="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
      ];
      http-connections = 128;
      experimental-features = [
        "nix-command"
        "flakes"
      ];
    };
  };
 }
--- a/system/desktop/default.nix
+++ b/system/desktop/default.nix
@@ -0,0 +1,8 @@
 {
  imports = [
    ./hyprland.nix
    ./niri.nix
    ./waydroid.nix
    ./xserver.nix
  ];
 }
--- a/system/desktop/hyprland.nix
+++ b/system/desktop/hyprland.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.modules.hyprland;
+  cfg = config.mySystem.desktop.hyprland;
 in {
-  options.modules.hyprland.enable = mkEnableOption "Enables Hyprland";
+  options.mySystem.desktop.hyprland.enable = mkEnableOption "Enables Hyprland";
  config.programs.hyprland = mkIf cfg.enable {
    inherit (cfg) enable;
    withUWSM = true;
--- a/system/desktop/niri.nix
+++ b/system/desktop/niri.nix
@@ -0,0 +1,13 @@
 {
  config,
  lib,
  ...
 }:
 with lib; let
  cfg = config.mySystem.desktop.niri;
 in {
  options.mySystem.desktop.niri.enable = mkEnableOption "Enables Niri";
  config.programs.niri = mkIf cfg.enable {
    inherit (cfg) enable;
  };
 }
--- a/system/desktop/waydroid.nix
+++ b/system/desktop/waydroid.nix
@@ -0,0 +1,15 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 with lib; let
  cfg = config.mySystem.desktop.waydroid;
 in {
  options.mySystem.desktop.waydroid.enable = mkEnableOption "Enables Waydroid";
  config = mkIf cfg.enable {
    virtualisation.waydroid.enable = cfg.enable;
    environment.systemPackages = [pkgs.waydroid-helper];
  };
 }
--- a/system/desktop/xserver.nix
+++ b/system/desktop/xserver.nix
@@ -0,0 +1,46 @@
 {
  config,
  lib,
  ...
 }:
 with lib; let
  cfg = config.mySystem.desktop.xserver;
 in {
  options.mySystem.desktop.xserver = {
    enable = mkEnableOption "Enables xserver";
    de = mkOption {
      type = types.enum ["gnome" "kde"];
      default = "gnome";
      example = "kde";
      description = "Which DE to enable";
    };
  };
  config.services = mkIf cfg.enable {
    displayManager = {
      sddm.enable = mkIf (cfg.de == "kde") true;
      gdm.enable = mkIf (cfg.de == "gnome") true;
    };
    desktopManager = {
      plasma6.enable = mkIf (cfg.de == "kde") true;
      gnome.enable = mkIf (cfg.de == "gnome") true;
    };
    gnome = mkIf (cfg.de == "gnome") {
      gnome-browser-connector.enable = true;
      games.enable = false;
      gnome-remote-desktop.enable = true;
      gnome-online-accounts.enable = true;
      gnome-keyring.enable = true;
      sushi.enable = true;
    };
    xserver = {
      inherit (cfg) enable;
      videoDrivers = lists.optional config.mySystem.hardware.amdgpu.enable "amdgpu";
      xkb = {
        layout = "fr";
        variant = "bepo_afnor";
      };
    };
  };
 }
--- a/system/dev/default.nix
+++ b/system/dev/default.nix
@@ -0,0 +1,3 @@
 {
  imports = [./docker.nix ./qemu.nix];
 }
--- a/system/dev/docker.nix
+++ b/system/dev/docker.nix
@@ -0,0 +1,50 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 with lib; let
  cfg = config.mySystem.dev.docker;
 in {
  options.mySystem.dev.docker = {
    enable = mkEnableOption "Enable Docker";
    podman.enable = mkEnableOption "Enable Podman rather than Docker";
    nvidia.enable = mkEnableOption "Activate Nvidia support";
    autoprune.enable = mkEnableOption "Enable autoprune";
    storage = mkOption {
      type = types.nullOr types.path;
      default = null;
      example = "/path/to/docker/storage";
    };
  };
  config = mkIf cfg.enable {
    environment.systemPackages = with pkgs;
      [
        dive # A tool for exploring each layer in a docker image
        grype # Vulnerability scanner for container images and filesystems
      ]
      ++ lists.optionals cfg.podman.enable [
        podman-compose
        podman-desktop
      ];
    virtualisation = mkIf cfg.enable {
      docker = mkIf (!cfg.podman.enable) {
        enable = true;
        enableNvidia = cfg.nvidia.enable;
        autoPrune.enable = cfg.autoprune.enable;
        daemon.settings = mkIf (cfg.storage != null) {
          "data-root" = cfg.storage;
        };
      };
      podman = mkIf cfg.podman.enable {
        enable = true;
        dockerCompat = cfg.enable;
        enableNvidia = cfg.nvidia.enable;
        dockerSocket.enable = cfg.enable;
        autoPrune.enable = cfg.autoprune.enable;
      };
    };
  };
 }
--- a/system/dev/qemu.nix
+++ b/system/dev/qemu.nix
@@ -0,0 +1,33 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 with lib; let
  cfg = config.mySystem.dev.qemu;
 in {
  options.mySystem.dev.qemu = {
    enable = mkEnableOption "Enable QEMU";
    users = mkOption {
      type = types.listOf types.str;
      default = ["phundrak"];
      example = ["user1" "user2"];
    };
  };
  config = mkIf cfg.enable {
    programs.virt-manager.enable = true;
    users.groups.libvirtd.members = cfg.users;
    virtualisation = {
      libvirtd.enable = true;
      spiceUSBRedirection.enable = true;
    };
    environment.systemPackages = with pkgs; [
      qemu
      quickemu
      swtpm
    ];
    systemd.tmpfiles.rules = ["L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware"];
    boot.binfmt.emulatedSystems = ["aarch64-linux"];
  };
 }
--- a/system/hardware/amdgpu.nix
+++ b/system/hardware/amdgpu.nix
@@ -0,0 +1,62 @@
 {
  pkgs,
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.hardware.amdgpu;
 in {
  options.mySystem.hardware.amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
  config = mkIf cfg.enable {
    hardware = {
      graphics = {
        enable = true;
        enable32Bit = true;
        extraPackages = with pkgs; [
          mesa # Mesa drivers for AMD GPUs
          rocmPackages.clr # common language runtime for ROCm
          rocmPackages.clr.icd # ROCm ICD for OpenCL
          rocmPackages.rocblas # ROCm BLAS library
          rocmPackages.hipblas #
          rocmPackages.rpp # High-performance computer vision library
          nvtopPackages.amd # GPU utilization monitoring
        ];
      };
      amdgpu = {
        initrd.enable = true;
        opencl.enable = true;
      };
    };
    environment.systemPackages = with pkgs; [
      clinfo
      amdgpu_top
      nvtopPackages.amd
    ];
    systemd = {
      packages = with pkgs; [lact];
      services.lactd.wantedBy = ["multi-user.target"];
      tmpfiles.rules = let
        rocmEnv = pkgs.symlinkJoin {
          name = "rocm-combined";
          paths = with pkgs.rocmPackages; [
            clr
            clr.icd
            rocblas
            hipblas
            rpp
          ];
        };
      in [
        "L+    /opt/rocm   -    -    -     -    ${rocmEnv}"
      ];
    };
    environment.variables = {
      ROCM_PATH = "/opt/rocm"; # Set ROCm path
      HIP_VISIBLE_DEVICES = "1"; # Use only the eGPU (ID 1)
      ROCM_VISIBLE_DEVICES = "1"; # Optional: ROCm equivalent for visibility
      # LD_LIBRARY_PATH = "/opt/rocm/lib";         # Add ROCm libraries
      HSA_OVERRIDE_GFX_VERSION = "10.3.0"; # Set GFX version override
    };
  };
 }
--- a/system/hardware/bluetooth.nix
+++ b/system/hardware/bluetooth.nix
@@ -0,0 +1,14 @@
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.hardware.bluetooth;
 in {
  options.mySystem.hardware.bluetooth.enable = mkEnableOption "Enable bluetooth";
  config = mkIf cfg.enable {
    hardware.bluetooth.enable = cfg.enable;
    services.blueman.enable = cfg.enable;
  };
 }
--- a/system/hardware/default.nix
+++ b/system/hardware/default.nix
@@ -0,0 +1,11 @@
 {lib, ...}: {
  imports = [
    ./amdgpu.nix
    ./bluetooth.nix
    ./fingerprint.nix
    ./sound.nix
    ./input
  ];
  hardware.enableAllFirmware = lib.mkDefault true;
 }
--- a/system/hardware/fingerprint.nix
+++ b/system/hardware/fingerprint.nix
@@ -0,0 +1,13 @@
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.hardware.fingerprint;
 in {
  options.mySystem.hardware.fingerprint.enable = mkEnableOption "Enable fingerprint reader";
  config = mkIf cfg.enable {
    hardware.facter.detected.fingerprint.enable = cfg.enable;
  };
 }
--- a/system/hardware/input/corne.nix
+++ b/system/hardware/input/corne.nix
@@ -0,0 +1,15 @@
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.hardware.input.corne;
 in {
  options.mySystem.hardware.input.corne.allowHidAccess = mkEnableOption "Enable HID access to the corne keyboard";
  config.services.udev = mkIf cfg.allowHidAccess {
    extraRules = ''
      KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
    '';
  };
 }
--- a/system/hardware/input/default.nix
+++ b/system/hardware/input/default.nix
@@ -0,0 +1,8 @@
 {
  imports = [
    ./corne.nix
    ./ibm-trackpoint.nix
    ./opentablet.nix
    ./trackball.nix
  ];
 }
--- a/system/hardware/input/ibm-trackpoint.nix
+++ b/system/hardware/input/ibm-trackpoint.nix
@@ -0,0 +1,15 @@
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.hardware.input.ibmTrackpoint;
 in {
  options.mySystem.hardware.input.ibmTrackpoint.disable = mkEnableOption "Disable IBM’s trackpoint on ThinkPad";
  config.services.udev = mkIf cfg.disable {
    extraRules = ''
      ATTRS{name}=="*TPPS/2 IBM TrackPoint", ENV{ID_INPUT}="", ENV{ID_INPUT_MOUSE}="", ENV{ID_INPUT_POINTINGSTICK}=""
    '';
  };
 }
--- a/system/hardware/input/opentablet.nix
+++ b/system/hardware/input/opentablet.nix
@@ -0,0 +1,14 @@
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.hardware.input.opentablet;
 in {
  options.mySystem.hardware.input.opentablet.enable = mkEnableOption "Enables OpenTablet drivers";
  config.hardware.opentabletdriver = mkIf cfg.enable {
    inherit (cfg) enable;
    daemon.enable = true;
  };
 }
--- a/system/hardware/input/trackball.nix
+++ b/system/hardware/input/trackball.nix
@@ -0,0 +1,3 @@
 {
  services.libinput.mouse.middleEmulation = true;
 }
--- a/system/hardware/sound.nix
+++ b/system/hardware/sound.nix
@@ -0,0 +1,49 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 with lib; let
  cfg = config.mySystem.hardware.sound;
 in {
  options.mySystem.hardware.sound = {
    enable = mkEnableOption "Whether to enable sounds";
    usePulseaudio = mkEnableOption "Activate sound support with pulseaudio";
    scarlett.enable = mkEnableOption "Activate support for Scarlett sound card";
    alsa = mkOption {
      type = types.bool;
      example = true;
      default = true;
      description = "Whether to enable ALSA support with Pipewire";
    };
    jack = mkOption {
      type = types.bool;
      example = true;
      default = false;
      description = "Whether to enable JACK support with Pipewire";
    };
    package = mkOption {
      type = types.package;
      example = pkgs.pulseaudio;
      default = pkgs.pulseaudioFull;
      description = "Which base package to use for PulseAudio";
    };
  };
  config = {
    environment.systemPackages = mkIf cfg.scarlett.enable [pkgs.alsa-scarlett-gui];
    services = {
      pipewire.enable = mkForce (cfg.enable && ! cfg.usePulseaudio);
      pipewire.alsa = {
        enable = mkDefault true;
        support32Bit = mkDefault true;
      };
      pipewire.jack.enable = cfg.jack;
      pulseaudio.enable = cfg.usePulseaudio;
    };
    programs.noisetorch = mkIf cfg.enable {
      inherit (cfg) enable;
    };
  };
 }
--- a/system/i18n/default.nix
+++ b/system/i18n/default.nix
@@ -0,0 +1,6 @@
 {
  imports = [
    ./input.nix
    ./locale.nix
  ];
 }
--- a/system/i18n/input.nix
+++ b/system/i18n/input.nix
@@ -0,0 +1,25 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 with lib; let
  cfg = config.mySystem.i18n.input;
 in {
  options.mySystem.i18n.input.enable = mkEnableOption "Enable i18n input with fcitx5";
  config.i18n.inputMethod = mkIf cfg.enable {
    enable = true;
    type = "fcitx5";
    fcitx5.addons = with pkgs; [
      fcitx5-gtk
      fcitx5-mozc-ut # Japanese input support
      fcitx5-nord
      fcitx5-table-other # X-SAMPA to IPA support
      qt6Packages.fcitx5-chinese-addons # allow to load table addons
      qt6Packages.fcitx5-configtool
      qt6Packages.fcitx5-with-addons
    ];
  };
 }
--- a/system/i18n/locale.nix
+++ b/system/i18n/locale.nix
--- a/system/network/default.nix
+++ b/system/network/default.nix
@@ -0,0 +1,6 @@
 {
  imports = [
    ./networking.nix
    ./tailscale.nix
  ];
 }
--- a/system/network/networking.nix
+++ b/system/network/networking.nix
@@ -4,30 +4,35 @@
  ...
 }:
 with lib; let
-  cfg = config.modules.networking;
+  cfg = config.mySystem.networking;
 in {
-  options.modules.networking = {
+  options.mySystem.networking = with types; {
    hostname = mkOption {
-      type = types.str;
+      type = str;
      example = "gampo";
    };
    id = mkOption {
-      type = types.str;
+      type = str;
      example = "deadb33f";
    };
    domain = mkOption {
      type = nullOr str;
      example = "phundrak.com";
      default = null;
    };
    hostFiles = mkOption {
-      type = types.listOf types.path;
+      type = listOf path;
      example = [/path/to/hostFile];
      default = [];
    };
    firewall = {
      openPorts = mkOption {
-        type = types.listOf types.int;
+        type = listOf int;
        example = [22 80 443];
        default = [];
      };
      openPortRanges = mkOption {
-        type = types.listOf (types.attrsOf types.port);
+        type = listOf (attrsOf port);
        default = [];
        example = [
          {
@@ -41,7 +46,7 @@ in {
        '';
      };
      extraCommands = mkOption {
-        type = types.nullOr types.lines;
+        type = nullOr lines;
        example = "iptables -A INPUTS -p icmp -j ACCEPT";
        default = null;
      };
@@ -52,7 +57,7 @@ in {
    hostName = cfg.hostname; # Define your hostname.
    hostId = cfg.id;
    networkmanager.enable = true;
-    inherit (cfg) hostFiles;
+    inherit (cfg) hostFiles domain;
    firewall = {
      enable = true;
      allowedTCPPorts = cfg.firewall.openPorts;
--- a/system/network/tailscale.nix
+++ b/system/network/tailscale.nix
@@ -0,0 +1,23 @@
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.network.tailscale;
 in {
  options.mySystem.network.tailscale = {
    enable = mkOption {
      type = types.bool;
      default = true;
    };
  };
  config.services.tailscale = {
    inherit (cfg) enable;
    extraSetFlags = [
      "--accept-dns"
      "--accept-routes"
      "--ssh"
    ];
  };
 }
--- a/system/packages/appimage.nix
+++ b/system/packages/appimage.nix
@@ -0,0 +1,14 @@
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.packages.appimage;
 in {
  options.mySystem.packages.appimage.enable = mkEnableOption "Enables AppImage support";
  config.programs.appimage = mkIf cfg.enable {
    inherit (cfg) enable;
    binfmt = true;
  };
 }
--- a/system/packages/default.nix
+++ b/system/packages/default.nix
@@ -0,0 +1,15 @@
 {pkgs, ...}: {
  imports = [
    ./appimage.nix
    ./flatpak.nix
    ./nano.nix
    ./nix.nix
    ./steam.nix
  ];
  environment.systemPackages = with pkgs; [
    curl
    openssl
    wget
  ];
 }
--- a/system/packages/flatpak.nix
+++ b/system/packages/flatpak.nix
@@ -0,0 +1,16 @@
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.packages.flatpak;
 in {
  options.mySystem.packages.flatpak = {
    enable = mkEnableOption "Enable Flatpak support";
    builder.enable = mkEnableOption "Enable Flatpak builder";
  };
  config.services.flatpak = mkIf cfg.enable {
    inherit (cfg) enable;
  };
 }
--- a/system/packages/nano.nix
+++ b/system/packages/nano.nix
--- a/system/packages/nix.nix
+++ b/system/packages/nix.nix
@@ -4,10 +4,11 @@
  ...
 }:
 with lib; let
-  cfg = config.modules.nix;
+  cfg = config.mySystem.packages.nix;
 in {
-  options.modules.nix = {
+  options.mySystem.packages.nix = {
-    disableSandbox = mkEnableOption "Disables Nix sandbox";
+    allowUnfree = mkEnableOption "Enable unfree packages";
    disableSandbox = mkEnableOption "Disable Nix sandbox";
    gc = {
      automatic = mkOption {
        type = types.bool;
@@ -22,17 +23,27 @@ in {
        default = "--delete-older-than 30d";
      };
    };
    nix-ld.enable = mkEnableOption "Enable unpatched binaries support";
    trusted-users = mkOption {
      type = types.listOf types.str;
      example = ["alice" "bob"];
      default = [];
    };
  };
  config = {
    nix = {
      inherit (cfg) gc;
      settings = {
        inherit (cfg) trusted-users;
        sandbox = cfg.disableSandbox;
        experimental-features = ["nix-command" "flakes"];
        auto-optimise-store = true;
      };
      inherit (cfg) gc;
    };
    nixpkgs.config.allowUnfree = true;
    programs = {
      inherit (cfg) nix-ld;
    };
  };
 }
--- a/system/packages/steam.nix
+++ b/system/packages/steam.nix
@@ -0,0 +1,48 @@
 {
  pkgs,
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.programs.steam;
 in {
  options.mySystem.programs.steam.enable = mkEnableOption "Enables Steam and Steam hardware";
  config = mkIf cfg.enable {
    programs = {
      steam = {
        inherit (cfg) enable;
        protontricks.enable = true;
        remotePlay.openFirewall = true;
        localNetworkGameTransfers.openFirewall = true;
        gamescopeSession.enable = true;
        extraCompatPackages = [pkgs.proton-ge-bin];
        package = pkgs.steam.override {
          extraEnv = {
            MANGOHUD = true;
            OBS_VKCAPTURE = true;
            RADV_TEX_ANISO = 16;
          };
          extraLibraries = p: with p; [atk];
          extraPkgs = pkgs:
            with pkgs; [
              qt5.qtmultimedia
              qt5.qtbase
              libpulseaudio
            ];
        };
      };
      gamescope = {
        enable = true;
        capSysNice = true;
        args = [
          "--rt"
          "--expose-wayland"
        ];
      };
    };
    hardware.steam-hardware = {
      inherit (cfg) enable;
    };
  };
 }
--- a/system/security/default.nix
+++ b/system/security/default.nix
@@ -0,0 +1,5 @@
 {
  imports = [
    ./sops.nix
  ];
 }
--- a/system/security/sops.nix
+++ b/system/security/sops.nix
@@ -1,6 +1,6 @@
 {
  sops = {
-    defaultSopsFile = ../secrets/secrets.yaml;
+    defaultSopsFile = ../../secrets/secrets.yaml;
    defaultSopsFormat = "yaml";
    age = {
      # automatically import user SSH keys as age keys
--- a/system/services/calibre.nix
+++ b/system/services/calibre.nix
@@ -0,0 +1,38 @@
 {
  config,
  lib,
  ...
 }:
 with lib; let
  cfg = config.mySystem.services.calibre;
 in {
  options.mySystem.services.calibre = {
    enable = mkEnableOption "Enable Calibre Web";
    user = mkOption {
      type = types.str;
      default = "phundrak";
    };
    group = mkOption {
      type = types.str;
      default = "users";
    };
    dataDir = mkOption {
      type = types.str;
      example = "/tank/calibre/conf";
      default = "/tank/calibre/conf";
    };
    library = mkOption {
      type = types.str;
      example = "/tank/calibre/library";
      default = "/tank/calibre/library";
    };
  };
  config.services.calibre-web = mkIf cfg.enable {
    inherit (cfg) enable user dataDir group;
    options = {
      calibreLibrary = cfg.library;
      enableBookConversion = true;
      enableBookUploading = true;
    };
  };
 }
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -0,0 +1,15 @@
 {
  imports = [
    ./calibre.nix
    ./endlessh.nix
    ./fwupd.nix
    ./harmonia.nix
    ./jellyfin.nix
    ./languagetool.nix
    ./plex.nix
    ./printing.nix
    ./ssh.nix
    ./sunshine.nix
    ./traefik.nix
  ];
 }
--- a/system/services/endlessh.nix
+++ b/system/services/endlessh.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.modules.endlessh;
+  cfg = config.mySystem.services.endlessh;
 in {
-  options.modules.endlessh = {
+  options.mySystem.services.endlessh = {
    enable = mkEnableOption "Enables endlessh.";
    port = mkOption {
      type = types.port;
--- a/system/services/fwupd.nix
+++ b/system/services/fwupd.nix
@@ -0,0 +1,13 @@
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.services.fwupd;
 in {
  options.mySystem.services.fwupd.enable = mkEnableOption "Enable fwupd";
  config.services.fwupd = mkIf cfg.enable {
    inherit (cfg) enable;
  };
 }
--- a/system/services/harmonia.nix
+++ b/system/services/harmonia.nix
@@ -0,0 +1,36 @@
 {
  config,
  lib,
  ...
 }:
 with lib; let
  cfg = config.mySystem.services.harmonia;
 in {
  options.mySystem.services.harmonia = {
    enable = mkEnableOption "Harmonia Nix binary cache server";
    port = mkOption {
      type = types.port;
      default = 5000;
      description = "Port to listen on";
    };
    priority = mkOption {
      type = types.ints.between 0 100;
      default = 50;
      description = "Cache priority (lower = higher priority, 0-100)";
    };
    signKeyPaths = mkOption {
      type = types.listOf types.path;
      description = "Paths to the signing keys to use for signing the cache.";
    };
  };
  config = mkIf cfg.enable {
    services.harmonia.cache = {
      enable = true;
      inherit (cfg) signKeyPaths;
      settings = {
        inherit (cfg) priority;
        bind = "[::]:${toString cfg.port}";
      };
    };
  };
 }
--- a/system/services/jellyfin.nix
+++ b/system/services/jellyfin.nix
@@ -0,0 +1,28 @@
 {
  config,
  lib,
  ...
 }:
 with lib; let
  cfg = config.mySystem.services.jellyfin;
 in {
  options.mySystem.services.jellyfin = {
    enable = mkEnableOption "Enable Jellyfin";
    dataDir = mkOption {
      type = types.str;
      default = "/tank/jellyfin/data";
      example = "/tank/jellyfin/data";
    };
    user = mkOption {
      type = types.str;
      default = "phundrak";
    };
    group = mkOption {
      type = types.str;
      default = "users";
    };
  };
  config.services.jellyfin = mkIf cfg.enable {
    inherit (cfg) enable group user dataDir;
  };
 }
--- a/system/services/languagetool.nix
+++ b/system/services/languagetool.nix
@@ -0,0 +1,20 @@
 {
  config,
  lib,
  ...
 }:
 with lib; let
  cfg = config.mySystem.services.languagetool;
 in {
  options.mySystem.services.languagetool = {
    enable = mkEnableOption "Enables languagetool";
    port = mkOption {
      type = types.port;
      default = 8081;
      example = 80;
    };
  };
  config.services.languagetool = mkIf cfg.enable {
    inherit (cfg) enable port;
  };
 }
--- a/system/services/plex.nix
+++ b/system/services/plex.nix
@@ -0,0 +1,35 @@
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.services.plex;
 in {
  options.mySystem.services.plex = {
    enable = mkEnableOption "Enable Plex";
    group = mkOption {
      type = types.str;
      default = "users";
      example = "users";
      description = "Group under which Plex runs";
    };
    dataDir = mkOption {
      type = types.str;
      example = "/tank/plex-config";
    };
    user = mkOption {
      type = types.str;
      default = "phundrak";
    };
  };
  config = {
    services.plex = mkIf cfg.enable {
      inherit (cfg) enable user group dataDir;
      openFirewall = cfg.enable;
    };
    boot.kernel.sysctl = {
      "kernel.unprivileged_userns_clone" = 1;
    };
  };
 }
--- a/system/services/printing.nix
+++ b/system/services/printing.nix
@@ -0,0 +1,13 @@
 {
  lib,
  config,
  ...
 }:
 with lib; let
  cfg = config.mySystem.services.printing;
 in {
  options.mySystem.services.printing.enable = mkEnableOption "Enable printing with CUPS";
  config.services.printing = mkIf cfg.enable {
    inherit (cfg) enable;
  };
 }
--- a/system/services/ssh.nix
+++ b/system/services/ssh.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.modules.ssh;
+  cfg = config.mySystem.services.ssh;
 in {
-  options.modules.ssh = {
+  options.mySystem.services.ssh = {
    enable = mkEnableOption "Enables OpenSSH";
    allowedUsers = mkOption {
      type = types.listOf types.str;
@@ -18,9 +18,14 @@ in {
      example = true;
      default = false;
    };
    port = mkOption {
      type = types.int;
      default = 22;
    };
  };
  config.services.openssh = mkIf cfg.enable {
-    enable = true;
+    inherit (cfg) enable;
    ports = [cfg.port];
    settings = {
      AllowUsers = cfg.allowedUsers;
      PermitRootLogin = "no";
--- a/system/services/sunshine.nix
+++ b/system/services/sunshine.nix
@@ -0,0 +1,68 @@
 {
  config,
  lib,
  ...
 }:
 with lib; let
  cfg = config.mySystem.services.sunshine;
 in {
  options.mySystem.services.sunshine = {
    enable = mkEnableOption "Enables Sunshine";
    autostart = mkEnableOption "Enables autostart";
  };
  config.services.sunshine = mkIf cfg.enable {
    inherit (cfg) enable;
    autoStart = cfg.autostart;
    capSysAdmin = true;
    openFirewall = true;
    settings = {
      sunshine_name = config.mySystem.networking.hostname;
      locale = "en_GB";
      system_tray = "enabled";
      output_name = 1;
    };
    applications.apps = let
      defaultPrep = [
        {
          do = "sh -c \"hyprctl -i 0 keyword monitor \\\"DP-2,\${SUNSHINE_CLIENT_WIDTH}x\${SUNSHINE_CLIENT_HEIGHT}@\${SUNSHINE_CLIENT_FPS},0x0,1\\\"\"";
          undo = "sh -c \"hyprctl -i 0 keyword monitor 'DP-2,2560x1080@60,0x0,1,transform,1'\"";
        }
      ];
    in [
      {
        name = "Desktop";
        image-path = "desktop.png";
        prep-cmd = defaultPrep;
      }
      {
        name = "Low Res Desktop";
        image-path = "desktop.png";
        prep-cmd = defaultPrep;
      }
      {
        name = "Steam Big Picture";
        detached = ["setsid steam steam://open/bigpicture"];
        prep-cmd = defaultPrep;
        image-path = "steam.png";
      }
      {
        name = "OpenTTD";
        cmd = "openttd";
        image-path = "/home/phundrak/.config/sunshine/covers/igdb_18074.png";
        prep-cmd = defaultPrep;
      }
      {
        name = "OpenMW";
        cmd = "openmw";
        image-path = "/home/phundrak/.config/sunshine/covers/igdb_24775.png";
        prep-cmd = defaultPrep;
      }
      {
        name = "Vintage Story";
        cmd = "flatpak run at.vintagestory.VintageStory";
        image-path = "/home/phundrak/.config/sunshine/covers/igdb_69547.png";
        prep-cmd = defaultPrep;
      }
    ];
  };
 }
--- a/system/services/traefik.nix
+++ b/system/services/traefik.nix
@@ -0,0 +1,71 @@
 {
  config,
  lib,
  ...
 }:
 with lib; let
  cfg = config.mySystem.services.traefik;
 in {
  options.mySystem.services.traefik = {
    enable = mkEnableOption "Enable Traefik";
    email = mkOption {
      type = types.str;
      default = "";
    };
    dataDir = mkOption {
      type = types.path;
      default = "/tank/traefik";
      example = "/path/to/traefik/data";
    };
    environmentFiles = mkOption {
      type = types.listOf types.path;
      example = ["/var/traefik/traefik.env"];
      default = [];
    };
    dynamicConfigFile = mkOption {
      type = types.path;
      default = "${cfg.dataDir}/traefik.yaml";
      example = "/var/traefik/dynamic.yaml";
    };
  };
  config.services.traefik = {
    inherit (cfg) enable dynamicConfigFile environmentFiles;
    staticConfigOptions = {
      api.dashboard = true;
      log = {
        level = "INFO";
        filePath = "${cfg.dataDir}/traefik.log";
        format = "json";
      };
      accessLog.filePath = "${cfg.dataDir}/access.log";
      entryPoints = {
        web = {
          address = ":80";
          asDefault = true;
          http.redirections.entrypoint = {
            to = "websecure";
            scheme = "https";
          };
        };
        websecure = {
          address = ":443";
          asDefault = true;
          httpChallenge.entryPoint = "websecure";
        };
      };
      providers.docker = {
        endpoint = "unix:///var/run/docker.sock";
        exposedByDefault = false;
      };
      certificatesResolvers.cloudflare.acme = {
        inherit (cfg) email;
        storage = "${cfg.dataDir}/acme.json";
        dnsChallenge = {
          provider = "cloudflare";
          resolvers = ["1.1.1.1:53" "1.0.0.1:53"];
          propagation.delayBeforeChecks = 60;
        };
      };
    };
  };
 }
--- a/system/users/creug.nix
+++ b/system/users/creug.nix
@@ -0,0 +1,36 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 with lib; let
  cfg = config.mySystem.users.creug;
 in {
  options.mySystem.users.creug = {
    enable = mkEnableOption "Enables user creug";
    sudo = mkEnableOption "Make the user a superuser";
    trusted = mkOption {
      description = "Mark the user as trusted by Nix";
      default = cfg.sudo;
      example = true;
    };
  };
  config = {
    users.users.creug = mkIf cfg.enable {
      isNormalUser = true;
      description = "Greg";
      extraGroups =
        ["networkmanager" "dialout" "games" "audio" "input"]
        ++ lists.optional config.mySystem.dev.docker.enable "docker"
        ++ lists.optional config.mySystem.dev.docker.podman.enable "podman"
        ++ lists.optional cfg.sudo "wheel";
      shell = pkgs.zsh;
      openssh.authorizedKeys.keyFiles = lib.filesystem.listFilesRecursive ../../users/creug/keys;
    };
    nix.settings = mkIf cfg.trusted {
      trusted-users = ["creug"];
    };
  };
 }
--- a/system/users/default.nix
+++ b/system/users/default.nix
@@ -0,0 +1,8 @@
 {
  imports = [
    ./creug.nix
    ./phundrak.nix
    ./root.nix
  ];
  programs.zsh.enable = true;
 }
--- a/system/users/phundrak.nix
+++ b/system/users/phundrak.nix
@@ -0,0 +1,32 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 with lib; let
  cfg = config.mySystem.users.phundrak;
 in {
  options.mySystem.users.phundrak = {
    enable = mkEnableOption "Enables user phundrak";
    trusted = mkEnableOption "Mark the user as trusted by Nix";
    extraGroups = mkOption {
      type = types.listOf types.str;
      default = [];
      example = ["feedbackd"];
    };
  };
  config = {
    users.users.phundrak = mkIf cfg.enable {
      isNormalUser = true;
      description = "Lucien Cartier-Tilet";
      extraGroups = ["networkmanager" "wheel" "docker" "dialout" "podman" "plugdev" "games" "audio" "input"] ++ cfg.extraGroups;
      shell = pkgs.zsh;
      openssh.authorizedKeys.keyFiles = lib.filesystem.listFilesRecursive ../../users/phundrak/keys;
    };
    nix.settings = mkIf cfg.trusted {
      trusted-users = ["phundrak"];
    };
  };
 }
--- a/system/users/root.nix
+++ b/system/users/root.nix
@@ -0,0 +1,17 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 with lib; let
  cfg = config.mySystem.users.root;
 in {
  options.mySystem.users.root.disablePassword = mkEnableOption "Disables root password";
  config = {
    users.users.root = {
      hashedPassword = mkIf cfg.disablePassword "*";
      shell = pkgs.zsh;
    };
  };
 }
--- a/users/creug/home.nix
+++ b/users/creug/home.nix
@@ -0,0 +1,66 @@
 {
  lib,
  pkgs,
  config,
  ...
 }:
 with lib; let
  cfg = config.home.creug;
 in {
  imports = [../modules];
  options.home.creug = {
    sshKey = {
      content = mkOption {
        type = types.nullOr types.str;
        example = "ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
        default = null;
      };
      file = mkOption {
        type = with types; nullOr path;
        default = "/home/creug/.ssh/id_ed25519.pub";
      };
    };
  };
  config = {
    nixpkgs.config.allowUnfree = true;
    home = {
      username = "creug";
      homeDirectory = "/home/creug";
      packages = [pkgs.tree pkgs.ncdu];
      preferXdgDirectories = true;
      creug.sshKey.file = "${config.home.homeDirectory}/.ssh/id_ed25519.pub";
      dev.vcs = {
        name = "Creug";
        email = "gregory.foulachon@gmail.com";
        editor = "${pkgs.nano}/bin/nano";
        jj = {
          enable = true;
          cz = {
            enable = true;
            alias = true;
          };
        };
        git.enable = true;
        publicKey = cfg.sshKey;
      };
      security.ssh.enable = true;
      shell = {
        bash.enable = true;
        zsh.enable = true;
        starship.enable = true;
        tmux.enable = false;
        zoxide.enable = false;
      };
      stateVersion = "24.11"; # Do not modify!
    };
    manual.manpages.enable = true;
  };
 }
--- a/users/creug/host/elcafe.nix
+++ b/users/creug/host/elcafe.nix
@@ -0,0 +1,8 @@
 {
  imports = [../home.nix];
  home = {
    cli.nh.flake = "/home/creug/.dotfiles";
    dev.editors.emacs.enable = false;
    creug.sshKey.content = builtins.readFile ../keys/id_elcafe.pub;
  };
 }
--- a/users/creug/keys/id_elcafe.pub
+++ b/users/creug/keys/id_elcafe.pub
@@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBdd4cNNhONjhuH4jWZ8Z8K1gbBmeDNqRybKRHMQEvZj gregoryfoulachon@googlemail.com
--- a/users/modules/cli/bat.nix
+++ b/users/modules/cli/bat.nix
@@ -5,9 +5,9 @@
  ...
 }:
 with lib; let
-  cfg = config.modules.bat;
+  cfg = config.home.cli.bat;
 in {
-  options.modules.bat.extras = mkEnableOption "Enables extra packages for bat.";
+  options.home.cli.bat.extras = mkEnableOption "Enables extra packages for bat.";
  config.programs.bat = {
    enable = true;
    config = {
@@ -19,7 +19,6 @@ in {
    extraPackages = mkIf cfg.extras (with pkgs.bat-extras; [
      batman
      batpipe
      batgrep
    ]);
  };
 }
--- a/users/modules/cli/btop.nix
+++ b/users/modules/cli/btop.nix
@@ -1,10 +1,20 @@
-{pkgs, ...}: {
+{
  pkgs,
  config,
  ...
 }: let
  inherit (config.home) gpuType;
 in {
  programs.btop = {
    enable = true;
-    package = pkgs.btop.override {
+    package =
-      rocmSupport = true;
+      if gpuType != null
-      cudaSupport = true;
+      then
-    };
+        pkgs.btop.override {
          rocmSupport = gpuType == "amd";
          cudaSupport = gpuType == "nvidia";
        }
      else pkgs.btop;
    settings = {
      color_theme = "${pkgs.btop}/share/btop/themes/nord.theme";
      cpu_bottom = false;
--- a/users/modules/cli/default.nix
+++ b/users/modules/cli/default.nix
@@ -0,0 +1,29 @@
 {
  config,
  lib,
  ...
 }:
 with lib; let
  cfg = config.home.cli;
 in {
  imports = [
    ./bat.nix
    ./btop.nix
    ./direnv.nix
    ./eza.nix
    ./mu.nix
    ./nh.nix
    ./nix-index.nix
    ./scripts
    ./tealdeer.nix
    ./yt-dlp.nix
  ];
  options.home.cli.fullDesktop = mkEnableOption "Enable all optional modules and options";
  config.home.cli = {
    bat.extras = mkDefault cfg.fullDesktop;
    mu.enable = mkDefault cfg.fullDesktop;
    scripts.enable = mkDefault cfg.fullDesktop;
    yt-dlp.enable = mkDefault cfg.fullDesktop;
  };
 }
--- a/users/modules/cli/direnv.nix
+++ b/users/modules/cli/direnv.nix
--- a/users/modules/cli/eza.nix
+++ b/users/modules/cli/eza.nix
--- a/users/modules/cli/mu.nix
+++ b/users/modules/cli/mu.nix
@@ -0,0 +1,11 @@
 {
  config,
  lib,
  ...
 }:
 with lib; let
  cfg = config.home.cli.mu;
 in {
  options.home.cli.mu.enable = mkEnableOption "Enable mu";
  config.programs.mu.enable = cfg.enable;
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Lucien Cartier-Tilet	800d0adeea	feat(pumo): add config for phone pumo	2026-05-01 16:27:56 +02:00
Lucien Cartier-Tilet	5514d347c7	feat(nix): add marpa as binary cache for Nix	2026-05-01 16:27:56 +02:00
Lucien Cartier-Tilet	06519d555b	feat(packages): add QGIS	2026-05-01 15:24:44 +02:00
Lucien Cartier-Tilet	ce94f09dd4	feat(i18n): proper multilingual input Use fcitx5 to switch between different inputs. Installed mozc-ut for Japanese input with the bepo layout, as well as fcitx5-chinese to load table-defined layouts for the IPA/X-SAMPA input method. Currently, mozc_server and fcitx5 need to be launched by the compositor (only Hyprland for now), auto-launching from module options needs to be implemented in the future.	2026-05-01 15:24:44 +02:00
Lucien Cartier-Tilet	171d635b72	fix(gampo): refer to proper home config	2026-04-28 10:47:38 +02:00
Lucien Cartier-Tilet	3bc4e3dd15	feat(vcs): jj config for Creug	2026-04-12 18:07:33 +02:00
Lucien Cartier-Tilet	4b7a64c8ac	fix(copyparty): disable copyparty for elcafe for now	2026-04-12 15:18:38 +02:00
Lucien Cartier-Tilet	9024d2c744	fix(kernel): remove reference to deprecated hardened kernel	2026-04-12 15:09:52 +02:00
Lucien Cartier-Tilet	d13d81c60a	feat(devshell): add jj and git to dev environment	2026-04-12 15:02:17 +02:00
Lucien Cartier-Tilet	88cf103332	chore(lockfile): update lockfile	2026-04-12 15:00:14 +02:00
Lucien Cartier-Tilet	9431a71539	feat(ai): add opencode to AI packages	2026-04-12 15:00:14 +02:00
Lucien Cartier-Tilet	6fa865644a	feat(wl-kbptr): package wl-kbptr for NixOS as home module	2026-04-12 14:58:02 +02:00
Lucien Cartier-Tilet	154d0e4ddb	chore(flake): update flake lock, remove devenv input	2026-04-12 14:58:02 +02:00
Lucien Cartier-Tilet	cae0357dbe	feat(claude-code): add sox for voice mode	2026-04-12 14:58:02 +02:00
Lucien Cartier-Tilet	477a0b7372	feat(firefox): dedicated module and tridactyl config	2026-04-12 14:57:58 +02:00
Lucien Cartier-Tilet	5b12250fd5	feat(handy): upgrade to handy 0.8.0	2026-03-28 22:32:47 +01:00
Lucien Cartier-Tilet	b8c88cae25	chore(flakes): update flakes	2026-03-28 22:32:47 +01:00
Lucien Cartier-Tilet	63bd1471d8	feat(system): add additional substituters	2026-03-26 11:24:49 +01:00
Lucien Cartier-Tilet	647432314d	feat(jujutsu): add jj-cz options to jujutsu module	2026-03-26 11:24:49 +01:00
Lucien Cartier-Tilet	bfaaee0f36	feat(zellij): add zellij configuration	2026-03-26 11:24:49 +01:00
Lucien Cartier-Tilet	ab089afefd	feat(spotify): re-enable Spicetify	2026-03-14 14:21:52 +01:00
Lucien Cartier-Tilet	79e3156bb3	feat(copyparty): create copyparty service for elcafe	2026-03-07 18:50:58 +01:00
Lucien Cartier-Tilet	5e8db88008	chore(packages): update signal desktop name and remove gplates	2026-03-07 18:03:33 +01:00
Lucien Cartier-Tilet	ff39f983f9	chore(mpv): update mpv script name	2026-03-07 18:03:33 +01:00
Lucien Cartier-Tilet	6088946973	chore(handy): update Handy from 0.7.6 to 0.7.7	2026-03-07 18:03:33 +01:00
Lucien Cartier-Tilet	0f213ed01f	chore(flake): update flake lockfile	2026-03-07 18:03:33 +01:00
Lucien Cartier-Tilet	097ce13793	feat(packages): package inkdrop	2026-02-26 19:42:40 +01:00
Lucien Cartier-Tilet	efa9be4314	fix(sunshine): automatically set screen resolution for sunshine	2026-02-24 13:04:10 +01:00
Lucien Cartier-Tilet	7223b63fca	chore(flake): update flakes	2026-02-24 01:46:26 +01:00
Lucien Cartier-Tilet	32b3c81b46	feat(handy): package Handy for Nix	2026-02-22 19:31:27 +01:00
Lucien Cartier-Tilet	5e934f87a3	feat(spotify): disable spicetify for now	2026-02-22 19:31:27 +01:00
Lucien Cartier-Tilet	0927313f6d	fix(hyprland): fix cursor size on XWayland windows	2026-02-22 19:31:27 +01:00
Lucien Cartier-Tilet	8fa1d2e111	style: formatting	2026-02-22 19:31:27 +01:00
Lucien Cartier-Tilet	54e8beecfd	feat(caelestia): improve configuration for caelestia	2026-02-22 19:31:27 +01:00
Lucien Cartier-Tilet	21e85fc77b	feat: improve GPU support for modules	2026-02-22 19:31:27 +01:00
Lucien Cartier-Tilet	b4a57a8f64	feat: improve v4l2loopback support	2026-02-22 19:31:23 +01:00
Lucien Cartier-Tilet	b8ed5984df	feat(scripts): enable plock to use Caelestia’s lock screen This commit also adds the wlr-which-key shortcut for plock.	2026-02-22 18:01:45 +01:00
Lucien Cartier-Tilet	a35d536b75	feat: add possibility to use fingerprint reader	2026-02-22 18:01:42 +01:00
Lucien Cartier-Tilet	0815dd3a30	feat(elcafe): add creug user	2026-02-13 09:08:21 +01:00
Lucien Cartier-Tilet	35541ea5ae	feat(elcafe): add new server configuration	2026-02-08 16:45:58 +01:00
Lucien Cartier-Tilet	e90fb1fa0d	feat(user/email): add Eittlandic translation to email signature	2026-02-08 00:19:15 +01:00
Lucien Cartier-Tilet	c8fd643085	feat(user/jj): improve jj configuration	2026-02-08 00:18:53 +01:00
Lucien Cartier-Tilet	5d9efbb651	feat(shell): improve shell completion	2026-02-08 00:18:30 +01:00
Lucien Cartier-Tilet	582460d8f4	docs(README): nicer Readme header	2026-02-05 20:51:33 +01:00
Lucien Cartier-Tilet	76d1a33a78	feat: prefer XDG directories	2026-01-25 05:03:53 +01:00
Lucien Cartier-Tilet	f5fa1683b4	feat(emacs): improve configuration	2026-01-25 05:03:30 +01:00
Lucien Cartier-Tilet	36d5c90017	fix(gampo): early video drivers load	2026-01-25 05:03:13 +01:00
Lucien Cartier-Tilet	5c9c3d199b	fix(hosts): temporarily fix hosts file issue	2026-01-25 05:03:13 +01:00
Lucien Cartier-Tilet	be51aa7cc5	feat(theme): better theming	2026-01-25 05:03:09 +01:00
Lucien Cartier-Tilet	f6fe7945bb	chore(flakes): update flakes lockfile	2026-01-24 20:08:19 +01:00
Lucien Cartier-Tilet	f0398f4d9c	feat(spotify): use Spicetify with Spotify	2026-01-24 13:24:12 +01:00
Lucien Cartier-Tilet	a1842b22db	feat(starship): remove most git info in jj repos	2026-01-24 13:23:38 +01:00
Lucien Cartier-Tilet	615909867e	feat(AI): replace opencode with LM Studio	2026-01-24 12:57:37 +01:00
Lucien Cartier-Tilet	a632ebbf07	fix(wlr-which-key): add forgotten logout command	2026-01-24 12:57:04 +01:00
Lucien Cartier-Tilet	51f2c77c02	feat(hyprland): adapt to new Hyprland config and caelestia	2026-01-24 12:56:33 +01:00
Lucien Cartier-Tilet	e0226af16a	feat(marpa): auto login on Marpa’s startup	2026-01-24 12:56:08 +01:00
Lucien Cartier-Tilet	7a1465bc3b	refactor: some code cleanup	2026-01-24 12:55:52 +01:00
Lucien Cartier-Tilet	87a7fc00fe	feat(secrets): update secrets	2026-01-24 12:54:48 +01:00
Lucien Cartier-Tilet	c6b3abd1a7	chore(flakes): update flake lockfile	2026-01-24 12:54:13 +01:00
Lucien Cartier-Tilet	32c57b0671	feat: switch frow waybar to quickshell and caelestia	2025-12-24 19:22:58 +01:00
Lucien Cartier-Tilet	22bd5c7b2a	feat(packages): remove some GNOME stuff, add bun and nixfmt	2025-12-22 01:50:07 +01:00
Lucien Cartier-Tilet	813fc3026c	feat(shell): better handling of additional shell aliases/abbreviations	2025-12-22 01:49:21 +01:00
Lucien Cartier-Tilet	5497d6df51	fix(AI): remove claude desktop, fixes for ollama	2025-12-22 01:48:48 +01:00
Lucien Cartier-Tilet	1a43dcdad4	fix(gpg): fix password requests when signing with SSH keys	2025-12-22 01:42:22 +01:00
Lucien Cartier-Tilet	93f009852f	feat(tailscale): better defaults	2025-12-22 01:38:20 +01:00
Lucien Cartier-Tilet	9071957b4c	feat(hosts): add NaroMk3 to the existing hosts	2025-12-07 13:31:57 +01:00
Lucien Cartier-Tilet	473a6f5b75	feat(home): switch to nemo with extensions	2025-12-04 14:11:30 +01:00
Lucien Cartier-Tilet	521193d91d	feat(wlr-which-key): add logout option to power menu	2025-12-04 14:11:30 +01:00
Lucien Cartier-Tilet	8adeeff9eb	chore: remove unused hyprland keybinds	2025-12-04 14:11:30 +01:00
Lucien Cartier-Tilet	57788942b2	feat(hyprland): enable US keyboard layout as second layout Also add it to my Waybar config	2025-12-04 14:11:16 +01:00
Lucien Cartier-Tilet	6261e4f490	feat(phundrak): additional groups	2025-12-04 14:10:46 +01:00
Lucien Cartier-Tilet	e975e069d1	fix(hyprland): enable polkit on login	2025-12-04 14:10:46 +01:00
Lucien Cartier-Tilet	6936ebeaf7	feat(ollama): better Ollama configuration	2025-12-04 14:10:46 +01:00
Lucien Cartier-Tilet	5952720feb	feat(system): disable orca, enable envfs envfs enables compatibility on NixOS for scripts which assume the prensence of some files, such as /bin/bash, which are usually present on other *Nix systems.	2025-12-04 14:10:46 +01:00
Lucien Cartier-Tilet	299d08a16a	feat(steam): better steam installation	2025-12-04 14:10:42 +01:00
Lucien Cartier-Tilet	ea0af9342c	feat: update secrets	2025-12-04 14:00:36 +01:00
Lucien Cartier-Tilet	7780f62cb5	refactor(flakes): nicer helper functions	2025-12-04 13:57:40 +01:00
Lucien Cartier-Tilet	d98bb6cbdd	feat(marpa): update and add disk mountpoints	2025-12-04 13:56:44 +01:00
Lucien Cartier-Tilet	405485f122	chore(flakes): update flake.lock file	2025-12-04 13:55:53 +01:00
Lucien Cartier-Tilet	a7214db68c	feat(home/packages): add new dev packages	2025-11-16 14:50:06 +01:00
Lucien Cartier-Tilet	49eeb9fe76	feat(shell): add podman abbreviations and aliases	2025-11-16 14:49:22 +01:00
Lucien Cartier-Tilet	76f3efe1b4	feat(Hyprland): change vertically split workspace from 4 to 10	2025-11-16 14:48:39 +01:00
Lucien Cartier-Tilet	823d8b9bb6	fix(Hyprland): fix wlr-which-key and hyprpaper scripts	2025-11-16 14:48:02 +01:00
Lucien Cartier-Tilet	ba9a3c7168	refactor(docker): move all Docker tools to Docker module	2025-11-16 14:46:20 +01:00
Lucien Cartier-Tilet	1aef3db69d	feat(hardware): move hardware inputs to dedicated module	2025-11-16 14:35:26 +01:00
Lucien Cartier-Tilet	fc2407940c	fix: sign again with jujutsu	2025-11-05 05:10:35 +01:00
Lucien Cartier-Tilet	87047b5b1b	feat: add wlr-which module and config	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	b309aa3893	feat(secrets): update SSH hosts	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	019149b39b	feat(emacs): better tree-sitter configuration	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	f59f0ea20a	feat: hyprpaper separate config with auto wallpaper	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	9105831fbb	feat: restore rofi instead of wofi	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	4658b8392e	fix: change invalid types.string to types.str	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	e65c27a81f	feat: more AI-related tools	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	7eccc1a627	feat(qemu): improve QEMU configuration	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	7e9b84d0ea	chore: update flakes to latest version	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	5b2582afdd	style: formatting fixes	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	7d198f1996	feat(jujutsu): compatibility with jj-vc.el in Emacs	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	2e84738c9f	feat(AMDGPU): better config for my AMD GPU and using AI with it	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	a76bf52727	feat(hyprland): add commented out screen resolutions for Moonlight Add a screen resolution for when logging in remotely from Moonlight, namely from my Thinkpad x220 and my FydeTab Duo.	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	1f811718c8	fix(docker): better configuration handling, add back podman-compose	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	c07c872c91	feat(user/packages): remove broken Gimp packages, add Gmic	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	8b3864084f	feat(languagetool): add languagetool service to marpa	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	30e3fa2b08	chore: upgrade flake lockfile	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	dbb5973c46	feat(hyprland): replace wpaperd with hyprpaper	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	ffa6af675d	feat(tailscale): make tailscale togglable, defaults to enabled	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	075ece2829	feat(packages): remove Modrintth and KiCad They take a long time compiling on my laptop, so I’ll install them through flatpak instead.	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	349cbfa263	feat(waydroid): add waydroid configuration	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	f3f390aae4	feat(qemu): add qemu configuration	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	73ed248c12	refactor(docker podman): better docker and podman configuration	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	24f42ee146	chore: update flakes	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	c0ad5ed316	style(home/tilo): better format file	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	ca4d08e799	feat(jujutsu): better jujutsu configuration	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	5affe511ce	feat(sunshine): customise apps available in Sunshine	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	975a92eaae	feat(networking): enable tailscale	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	28c430568d	chore: update flakes	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	3737a61fa5	feat(sound): add noisetorch when sound is enabled	2025-11-05 05:01:57 +01:00
Lucien Cartier-Tilet	0c8e2c702d	fix(marpa): fix location of dotfiles	2025-11-05 05:01:57 +01:00
Lucien Cartier-Tilet	2a12de6682	feat(secrets): update private SSH config	2025-11-05 05:01:57 +01:00
Lucien Cartier-Tilet	ca8496b606	feat(packages): remove Modrinth Tired of compiling it every time I update my laptop, I’ll install it with Flatpak instead.	2025-11-05 05:01:57 +01:00
Lucien Cartier-Tilet	ec5c8ff820	fix(gampo): correctly set dotfiles location	2025-11-05 05:01:57 +01:00
Lucien Cartier-Tilet	4f78af4181	feat(tilo): add jellyfin configuration	2025-11-05 05:01:52 +01:00
Lucien Cartier-Tilet	21a2587c13	feat(tilo): add calibre configuration	2025-11-05 05:01:13 +01:00
Lucien Cartier-Tilet	a786c3bd99	feat(tilo): add Plex configuration for Tilo	2025-11-05 05:01:11 +01:00
Lucien Cartier-Tilet	50ebd68e57	fix: correct values for host Tilo	2025-11-05 05:01:12 +01:00
Lucien Cartier-Tilet	4f3b94d5f3	docs: update README to reflect refactor	2025-11-05 05:01:11 +01:00
Lucien Cartier-Tilet	d200079cdb	chore: refactor user modules	2025-11-05 05:01:10 +01:00
Lucien Cartier-Tilet	af1a606c1a	chore: refactor system modules	2025-11-05 05:01:08 +01:00
Lucien Cartier-Tilet	d054442c28	feat(jujutsu): update my config with new aliases	2025-11-05 05:01:09 +01:00
Lucien Cartier-Tilet	13723ef4d1	fix(hyprland): adapt my monitor settings to my new setup	2025-07-26 21:53:14 +02:00
Lucien Cartier-Tilet	087a148378	chore: update flakes	2025-07-26 21:52:25 +02:00
Lucien Cartier-Tilet	823d92dab5	feat(user packages): add OpenMW to installed packages	2025-07-26 21:51:34 +02:00
Lucien Cartier-Tilet	6c1be6629b	chore: update flake lockfile	2025-07-06 22:26:32 +02:00
Lucien Cartier-Tilet	958a98ef81	feat(alys): add alys host configuration	2025-07-06 21:29:09 +02:00
Lucien Cartier-Tilet	3de874f873	feat: add new packages: pavucontrol and kicad	2025-07-05 00:03:32 +02:00
Lucien Cartier-Tilet	09e42de38f	chore: update flake inputs	2025-07-05 00:03:32 +02:00
Lucien Cartier-Tilet	dd94b9003d	feat(marpa): disable power button	2025-07-05 00:03:32 +02:00
Lucien Cartier-Tilet	1ff6cf25ef	feat: add appimage support for marpa and gampo	2025-07-05 00:03:32 +02:00
Lucien Cartier-Tilet	2409d80f81	feat(home): enable blanket	2025-07-05 00:03:32 +02:00
Lucien Cartier-Tilet	2d213a5d64	feat(email): update email signature	2025-07-05 00:03:32 +02:00
Lucien Cartier-Tilet	0fb94b064e	feat(waybar): enable battery	2025-06-14 19:35:10 +02:00
Lucien Cartier-Tilet	a7f280cf30	feat(tilo): enable cron job for Nextcloud docker container	2025-06-14 19:35:10 +02:00
Lucien Cartier-Tilet	683796549f	feat(quickshell): install quickshell	2025-06-14 18:44:19 +02:00
Lucien Cartier-Tilet	0221eddf79	refactor(packages): reorder user packages	2025-06-14 18:44:19 +02:00
Lucien Cartier-Tilet	6ce606dbba	feat(waybar): change order of audio group	2025-06-14 18:44:19 +02:00
Lucien Cartier-Tilet	6581396ed3	refactor(hyprland): clean up Hyprland configuration	2025-06-14 18:44:19 +02:00
Lucien Cartier-Tilet	0f6e372345	feat(vcs): add support for git-cliff	2025-06-14 18:44:19 +02:00
Lucien Cartier-Tilet	f47962d025	feat(ollama): add ollama service	2025-06-14 18:44:19 +02:00
Lucien Cartier-Tilet	c16d189164	docs(README): update README	2025-06-13 14:22:11 +02:00
		`@@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBdd4cNNhONjhuH4jWZ8Z8K1gbBmeDNqRybKRHMQEvZj gregoryfoulachon@googlemail.com`