feat(elcafe): add new server configuration

fix: change invalid types.string to types.str
feat: more AI-related tools
2025-11-05 05:01:58 +01:00 · 2025-11-05 05:01:58 +01:00 · 2025-11-05 05:01:58 +01:00 · 2025-11-05 05:01:58 +01:00 · 2025-11-05 05:01:58 +01:00 · 2025-11-05 05:01:58 +01:00
66 changed files with 881 additions and 314 deletions
--- a/.envrc
+++ b/.envrc
@@ -1,3 +1,4 @@
+# -*- mode: sh; -*-
 if ! has nix_direnv_version || ! nix_direnv_version 2.2.1; then
  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.2.1/direnvrc" "sha256-zelF0vLbEl5uaqrfIzbgNzJWGmLzCmYAkInj/LNxvKs="
 fi
--- a/flake.lock
+++ b/flake.lock
@@ -6,7 +6,8 @@
          "devenv"
        ],
        "flake-compat": [
-          "devenv"
+          "devenv",
+          "flake-compat"
        ],
        "git-hooks": [
          "devenv",
@@ -18,11 +19,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748883665,
-        "narHash": "sha256-R0W7uAg+BLoHjMRMQ8+oiSbTq8nkGz5RDpQ+ZfxxP3A=",
+        "lastModified": 1760971495,
+        "narHash": "sha256-IwnNtbNVrlZIHh7h4Wz6VP0Furxg9Hh0ycighvL5cZc=",
        "owner": "cachix",
        "repo": "cachix",
-        "rev": "f707778d902af4d62d8dd92c269f8e70de09acbe",
+        "rev": "c5bfd933d1033672f51a863c47303fc0e093c2d2",
        "type": "github"
      },
      "original": {
@@ -32,10 +33,32 @@
        "type": "github"
      }
    },
+    "claude-desktop": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1761825061,
+        "narHash": "sha256-AeRQZKr8+1XQer+WmbwtQaQBy05UDgeNNE7YZjNLuS0=",
+        "owner": "k3d3",
+        "repo": "claude-desktop-linux-flake",
+        "rev": "791cd93cfe216ad06ab740f0fdc142119b1d6ec2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "k3d3",
+        "repo": "claude-desktop-linux-flake",
+        "type": "github"
+      }
+    },
    "devenv": {
      "inputs": {
        "cachix": "cachix",
        "flake-compat": "flake-compat",
+        "flake-parts": "flake-parts",
        "git-hooks": "git-hooks",
        "nix": "nix",
        "nixpkgs": [
@@ -43,11 +66,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1753300020,
-        "narHash": "sha256-jRO3ELwG+FfYDBTDDhBJNjGuJjB4IgziuB1JWoz6l1A=",
+        "lastModified": 1761922975,
+        "narHash": "sha256-j4EB5ku/gDm7h7W7A+k70RYj5nUiW/l9wQtXMJUD2hg=",
        "owner": "cachix",
        "repo": "devenv",
-        "rev": "90266818017f7a6885edc75eb4a13b68862675ea",
+        "rev": "c9f0b47815a4895fadac87812de8a4de27e0ace1",
        "type": "github"
      },
      "original": {
@@ -59,11 +82,11 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1747046372,
-        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "lastModified": 1761588595,
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
        "type": "github"
      },
      "original": {
@@ -76,16 +99,15 @@
      "inputs": {
        "nixpkgs-lib": [
          "devenv",
-          "nix",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1733312601,
-        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "lastModified": 1760948891,
+        "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
        "type": "github"
      },
      "original": {
@@ -112,6 +134,24 @@
        "type": "github"
      }
    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
    "git-hooks": {
      "inputs": {
        "flake-compat": [
@@ -125,11 +165,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1750779888,
-        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
+        "lastModified": 1760663237,
+        "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
+        "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37",
        "type": "github"
      },
      "original": {
@@ -167,11 +207,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1753373145,
-        "narHash": "sha256-UhuUj46dobD/POOdVNxKvAvP3luI2T0MZPm2IXl266Y=",
+        "lastModified": 1761878381,
+        "narHash": "sha256-lCRaipHgszaFZ1Cs8fdGJguVycCisBAf2HEFgip5+xU=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "64796151f79e6f3834bfc55f07c5487708bb5b3f",
+        "rev": "4ac96eb21c101a3e5b77ba105febc5641a8959aa",
        "type": "github"
      },
      "original": {
@@ -186,7 +226,10 @@
          "devenv",
          "flake-compat"
        ],
-        "flake-parts": "flake-parts",
+        "flake-parts": [
+          "devenv",
+          "flake-parts"
+        ],
        "git-hooks-nix": [
          "devenv",
          "git-hooks"
@@ -203,16 +246,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1752773918,
-        "narHash": "sha256-dOi/M6yNeuJlj88exI+7k154z+hAhFcuB8tZktiW7rg=",
+        "lastModified": 1761648602,
+        "narHash": "sha256-H97KSB/luq/aGobKRuHahOvT1r7C03BgB6D5HBZsbN8=",
        "owner": "cachix",
        "repo": "nix",
-        "rev": "031c3cf42d2e9391eee373507d8c12e0f9606779",
+        "rev": "3e5644da6830ef65f0a2f7ec22830c46285bfff6",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
-        "ref": "devenv-2.30",
+        "ref": "devenv-2.30.6",
        "repo": "nix",
        "type": "github"
      }
@@ -224,11 +267,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752985182,
-        "narHash": "sha256-sX8Neff8lp3TCHai6QmgLr5AD8MdsQQX3b52C1DVXR8=",
+        "lastModified": 1761451000,
+        "narHash": "sha256-qBJL6xEIjqYq9zOcG2vf2nPTeVBppNJzvO0LuQWMwMo=",
        "owner": "nix-community",
        "repo": "nix-index-database",
-        "rev": "fafdcb505ba605157ff7a7eeea452bc6d6cbc23c",
+        "rev": "ed6b293161b378a7368cda38659eb8d3d9a0dac4",
        "type": "github"
      },
      "original": {
@@ -239,11 +282,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1753250450,
-        "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=",
+        "lastModified": 1761907660,
+        "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf",
+        "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15",
        "type": "github"
      },
      "original": {
@@ -255,7 +298,7 @@
    },
    "pumo-system-info": {
      "inputs": {
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
        "nixpkgs": [
          "nixpkgs"
        ],
@@ -282,21 +325,22 @@
        ]
      },
      "locked": {
-        "lastModified": 1753335654,
-        "narHash": "sha256-XpegouCfuzYNECDpH0+J3UEdearlYhRkRgOZ97l16E8=",
+        "lastModified": 1761897390,
+        "narHash": "sha256-er4gYrIoThYLjlsOMTysoRfn67d1Gci+ZpqDrtQxrA0=",
        "ref": "refs/heads/master",
-        "rev": "f90bef2d994c88f075dbc2fcd81140e160351328",
-        "revCount": 654,
+        "rev": "fc704e6b5d445899a1565955268c91942a4f263f",
+        "revCount": 700,
        "type": "git",
-        "url": "https://git.outfoxxed.me/outfoxxed/quickshell"
+        "url": "https://git.outfoxxed.me/quickshell/quickshell"
      },
      "original": {
        "type": "git",
-        "url": "https://git.outfoxxed.me/outfoxxed/quickshell"
+        "url": "https://git.outfoxxed.me/quickshell/quickshell"
      }
    },
    "root": {
      "inputs": {
+        "claude-desktop": "claude-desktop",
        "devenv": "devenv",
        "home-manager": "home-manager",
        "nix-index-database": "nix-index-database",
@@ -335,11 +379,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752544651,
-        "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=",
+        "lastModified": 1760998189,
+        "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "2c8def626f54708a9c38a5861866660395bb3461",
+        "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
        "type": "github"
      },
      "original": {
@@ -363,6 +407,21 @@
        "type": "github"
      }
    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
    "zen-browser": {
      "inputs": {
        "nixpkgs": [
@@ -370,11 +429,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752725859,
-        "narHash": "sha256-kjpmc7Y164ajPdscAZLFQTtzXP5sEE2dR30NuHe5lQY=",
+        "lastModified": 1761883599,
+        "narHash": "sha256-ntnfAAqSuXI/+uqXAWUjbY5arB7sRK9cpgFbHbCZgK8=",
        "owner": "youwen5",
        "repo": "zen-browser-flake",
-        "rev": "2276ddce91a949e0819d9e8c4b171c40ce770390",
+        "rev": "5355c0dc6857a2aa34b126fb4a93a454ed702f52",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -25,7 +25,7 @@
    };

    quickshell = {
-      url = "git+https://git.outfoxxed.me/outfoxxed/quickshell";
+      url = "git+https://git.outfoxxed.me/quickshell/quickshell";
      inputs.nixpkgs.follows = "nixpkgs";
    };

@@ -34,6 +34,11 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

+    claude-desktop = {
+      url = "github:k3d3/claude-desktop-linux-flake";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    zen-browser = {
      url = "github:youwen5/zen-browser-flake";
      inputs.nixpkgs.follows = "nixpkgs";
@@ -83,42 +88,33 @@
      ];
    };

-    homeConfigurations = {
+    homeConfigurations = let
+      extraSpecialArgs = {inherit inputs outputs system;};
+      pkgs = nixpkgs.legacyPackages.x86_64-linux;
+    in {
      "phundrak@alys" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-        };
+        inherit extraSpecialArgs pkgs;
        modules = [
          ./users/phundrak/host/alys.nix
          inputs.sops-nix.homeManagerModules.sops
        ];
      };
      "phundrak@marpa" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-        };
+        inherit extraSpecialArgs pkgs;
        modules = [
          ./users/phundrak/host/marpa.nix
          inputs.sops-nix.homeManagerModules.sops
        ];
      };
      "phundrak@gampo" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-        };
+        inherit extraSpecialArgs pkgs;
        modules = [
          ./users/phundrak/host/gampo.nix
          inputs.sops-nix.homeManagerModules.sops
        ];
      };
      "phundrak@tilo" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-        };
+        inherit extraSpecialArgs pkgs;
        modules = [
          ./users/phundrak/host/tilo.nix
          inputs.sops-nix.homeManagerModules.sops
@@ -126,30 +122,39 @@
      };
    };

-    nixosConfigurations = {
+    nixosConfigurations = let
+      specialArgs = {inherit inputs outputs;};
+    in {
      alys = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+        inherit specialArgs;
        modules = [
          ./hosts/alys/configuration.nix
          inputs.sops-nix.nixosModules.sops
        ];
      };
+      elcafe = nixpkgs.lib.nixosSystem {
+        inherit specialArgs;
+        modules = [
+          ./hosts/elcafe/configuration.nix
+          inputs.sops-nix.nixosModules.sops
+        ];
+      };
      gampo = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+        inherit specialArgs;
        modules = [
          ./hosts/gampo/configuration.nix
          inputs.sops-nix.nixosModules.sops
        ];
      };
      marpa = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+        inherit specialArgs;
        modules = [
          ./hosts/marpa/configuration.nix
          inputs.sops-nix.nixosModules.sops
        ];
      };
      tilo = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+        inherit specialArgs;
        modules = [
          ./hosts/tilo/configuration.nix
          inputs.sops-nix.nixosModules.sops
--- a/hosts/alys/configuration.nix
+++ b/hosts/alys/configuration.nix
@@ -5,7 +5,7 @@
    ../../system
  ];

-  system = {
+  mySystem = {
    boot = {
      kernel.hardened = true;
      systemd-boot = false;
--- a/hosts/elcafe/configuration.nix
+++ b/hosts/elcafe/configuration.nix
@@ -0,0 +1,74 @@
+{
+  inputs,
+  config,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+    inputs.home-manager.nixosModules.default
+    ../../system
+  ];
+
+  sops.secrets = {
+    "elcafe/traefik/env".restartUnits = ["traefik.service"];
+    "elcafe/traefik/dynamic".restartUnits = ["traefik.service"];
+  };
+
+  mySystem = {
+    boot = {
+      kernel = {
+        hardened = true;
+        cpuVendor = "intel";
+      };
+      zfs = {
+        enable = true;
+        pools = ["tank"];
+      };
+    };
+    dev.docker = {
+      enable = true;
+      extraDaemonSettings.data-root = "/tank/docker/";
+    };
+    misc.keymap = "fr";
+    networking = {
+      hostname = "elcafe";
+      id = "501c7fb9";
+    };
+    packages.nix = {
+      gc.automatic = true;
+      trusted-users = [
+        "root"
+        "phundrak"
+      ];
+    };
+    services = {
+      endlessh.enable = true;
+      plex = {
+        enable = true;
+        dataDir = "/tank/web/plex-config";
+      };
+      ssh = {
+        enable = true;
+        allowedUsers = ["phundrak"];
+        passwordAuthentication = false;
+      };
+      traefik = {
+        enable = true;
+        envFiles = [config.sops.secrets."elcafe/traefik/env".path];
+        dynConf = config.sops.secrets."elcafe/traefik/dynamic".path;
+      };
+    };
+    users = {
+      root.disablePassword = true;
+      phundrak.enable = true;
+    };
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.11"; # Did you read the comment?
+}
--- a/hosts/elcafe/hardware-configuration.nix
+++ b/hosts/elcafe/hardware-configuration.nix
@@ -0,0 +1,42 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = ["ahci" "xhci_pci" "ehci_pci" "megaraid_sas" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
+      kernelModules = [];
+    };
+    kernelModules = ["kvm-intel"];
+    extraModulePackages = [];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/d2e703f7-90e0-43e7-9872-ce036f201c4b";
+    fsType = "ext4";
+  };
+
+  swapDevices = [];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno4.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/gampo/configuration.nix
+++ b/hosts/gampo/configuration.nix
@@ -7,11 +7,10 @@
  imports = [
    inputs.sops-nix.nixosModules.sops
    ./hardware-configuration.nix
-    # ./services
    ../../system
  ];

-  system = {
+  mySystem = {
    boot = {
      plymouth.enable = true;
      kernel = {
--- a/hosts/gampo/services/default.nix
+++ b/hosts/gampo/services/default.nix
@@ -1,15 +0,0 @@
-{
-  # imports = [
-  #   ./gnome.nix
-  # ];
-
-  services = {
-    # Enable CUPS to print documents.
-    printing.enable = true;
-    openssh.enable = true;
-    fwupd.enable = true;
-    udev.extraRules = ''
-      ATTRS{name}=="*TPPS/2 IBM TrackPoint", ENV{ID_INPUT}="", ENV{ID_INPUT_MOUSE}="", ENV{ID_INPUT_POINTINGSTICK}=""
-    '';
-  };
-}
--- a/hosts/gampo/services/gnome.nix
+++ b/hosts/gampo/services/gnome.nix
@@ -1,11 +0,0 @@
-{
-  services.xserver = {
-    enable = true;
-    displayManager.gdm.enable = true;
-    desktopManager.gnome.enable = true;
-    xkb = {
-      layout = "fr";
-      variant = "bepo";
-    };
-  };
-}
--- a/hosts/marpa/configuration.nix
+++ b/hosts/marpa/configuration.nix
@@ -5,11 +5,11 @@
 }: {
  imports = [
    inputs.sops-nix.nixosModules.sops
-    ./system/hardware-configuration.nix
+    ./hardware-configuration.nix
    ../../system
  ];

-  system = {
+  mySystem = {
    boot = {
      extraModprobeConfig = ''
        options snd_usb_audio vid=0x1235 pid=0x8212 device_setup=1
@@ -21,15 +21,19 @@
    desktop = {
      hyprland.enable = true;
      niri.enable = true;
+      waydroid.enable = true;
      xserver = {
        enable = true;
        de = "gnome";
      };
    };
-    dev.docker = {
-      enable = true;
-      podman.enable = true;
-      autoprune.enable = true;
+    dev = {
+      docker = {
+        enable = true;
+        podman.enable = true;
+        autoprune.enable = true;
+      };
+      qemu.enable = true;
    };
    hardware = {
      amdgpu.enable = true;
@@ -72,6 +76,7 @@
        enable = true;
        autostart = true;
      };
+      languagetool.enable = true;
    };
    users = {
      root.disablePassword = true;
--- a/hosts/marpa/system/hardware-configuration.nix
+++ b/hosts/marpa/system/hardware-configuration.nix
--- a/hosts/tilo/configuration.nix
+++ b/hosts/tilo/configuration.nix
@@ -9,7 +9,7 @@
    ./services
  ];

-  system = {
+  mySystem = {
    boot = {
      kernel = {
        hardened = true;
@@ -31,10 +31,6 @@
          443 # HTTPS
          25565 # Minecraft
        ];
-        extraCommands = ''
-          iptables -I INPUT 1 -i 172.16.0.0/12 -p tcp -d 172.17.0.1 -j ACCEPT
-          iptables -I INPUT 1 -i 172.16.0.0/12 -p tcp -d 172.17.0.1 -j ACCEPT
-        '';
      };
    };
    packages.nix = {
@@ -42,7 +38,13 @@
      trusted-users = ["root" "phundrak"];
    };
    services = {
+      calibre.enable = true;
      endlessh.enable = true;
+      jellyfin.enable = true;
+      plex = {
+        enable = true;
+        dataDir = "/tank/web/stacks/plex/plex-config";
+      };
      ssh = {
        enable = true;
        allowedUsers = ["phundrak"];
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -1,10 +1,14 @@
-extraHosts: ENC[AES256_GCM,data:nuEU+Tlj9BBEO/459B7u74WEdlDmvn3coWkk3JG5uqWXR1G4tk6H8EvQAY/xAuqcM01T4psaeqQTxZA+U626zMQ++vOsYwI8cch8m0xIkKKJ3Ztyqeip8egK2xPywdJp69Z5XhweF3RlxPBTroMcCoqHG0rFQmPuwaWrM/DJ6HQBGqKA3wmaYXAC4OLFVGNzLNLfWD85PAxK1YTJnClaerFdwsxm9tq+HNg7zEnOUVyQjm2l16MKkV1kybddNFc6SKHmm2e/XYNQ85eRm1ALq1v1WRPLaa87MsPLM6svwNy5hEMX+AQKfGBL4hLUKOw+yPktfSnGhj8uDO6IUTjySzkgdYIu37E8ozN8CZ2m+5wYDjf1NU34/yUo2p3RZISuy52qEhGE0jsIeDiC6KMPs6/dHKpxbkRVhe7ZWpZvee7dhWyAkW4lk+MA1p3OklCBdTn8JcrAlVcKf0n1+XyK5ua0q5ja6UKg1Q5Y1LGFPInt+styJ65HdvqBcdLiG7DCQYHGpWGIeSNglbAKPMCeBCablN/2gLLYOK08RXwwSAj1V5lCXAKoc3FfnX73ELRelzLwE2MNJZCn0DqnqP0vOnzXM9ftWVODCjcIEmLUX+CL7hBNLrWcp+Q3ALQcSZsAVejpP8Iajo85R/Hc+2OtqfXijoJNacaMgKCX/5ZWOFEwNUdto3xSRQXu2Ck//F4F/0Ez6yqOFux1byjdyHDbGGdFz02DTZUkOtsPVssyqz1nEHepDQM0EmAAxAR6D8hHOnZGesfqbS+5Xd3+KlfxyFC2mHDxK4WZPCHTAEsenWEiQTGfaOT+1bpbimRfUcqiRXukSUeHY2cKf/reNw0MT7t5n1mvidihP3sJuc573ViUlG+Ts8ctyZ/+tKU2aCMz3wevPzZNiIVqXsB2lC8c,iv:MnbM30XhdQFOPmc4x/a7YaDmnCDCFHS2Nm8plh+raSo=,tag:SpHUqyeSVdtf8uk4SyjmOA==,type:str]
+elcafe:
+    traefik:
+        env: ENC[AES256_GCM,data:Mfm4Wt/7UWrpWGGa/rmC1wY6QtI2G/a6cbZiNjZz1gOTrREehFBZxH5JJ9ZgsxCMSuh/XCQa/75cPg==,iv:nrtTmtdFfTrCYzxFHDVMuaDdoa8SDi+pn4kghP4r9xE=,tag:gjlv8ohv1aDx2PB1rwx6fQ==,type:str]
+        dynamic: ENC[AES256_GCM,data:AYUojopOSi2kZ4ORxs4KrWHgqXZTMVtShb7T2iQ4JDyrlrIWCTpynt8/El9uoDaSryTgqxM8z3g4DIe5nrovh7pcFGVm/QYXfsfAx4kIm//7CwL9UISiyERirJo053Ilut0/lAdw3rlqa9aBYC2fS6AlrHN1ZFzqBttTeyykvZe0qmiW4hPNZ3axXW66juXwe9cxm24bE9bJZuuV9RYbafQ2Om76p/92E42hu6twWaUz/n6QgwaE2ymCekroKaq8+Umohj1XL6UdEEcLSnmc1qRblshhhSssNEtzbKERujt2SH/ppf/LLoohp8v4VbSpVOkx+6fqvyKWvbi2RU3C7eusee+gnBe2mGxGj34Q35iU4RM6dEwwmvzfmCAYy+27SlNVffI8yo8JXACp1aLxqBxLDDU7LokoSUb62/w/mX3NlzYf5a6NeIrHzoh+qHmEXUq63+gsNJaiJPp6DxtAKByg23t1LxSpFhxW7LaYIjh+KjaYZgNYTFR1BerqDu2pyzIrzZQTdtCveX3eiEZ3p9SJxfiuBVKlfQ2FpvJ9JPl9ACTFK6AI4s61ZgiNEeXzqQwo9zt8QrruiixdxPaclOfrBrFxq1mWGBGGXaAryiuZjo4G0KlNVvg/s5YiecYi8prQxXVozti7YI0sGJdGVjDiHwXfnUn+eQD2YBrOH9FlRwO3Vd/yd+42Xf06Hv7IbbYMogcu5y9ZbiXWesVd/TgB+Hu2oWkWxBU3sn6i3rMiZ0z+V/74xCwmfElugGCQ97ga6tQ92UbSBbteoiXpZiH7Z7Wja39rWKPyypH1h71Sccy1rSWrcEVHLC9swtLcB4dzt2JvVdXQ37pmEElfusY0yEb/y0W20vxNArDy035gCXdhUyP65NfrlhcAXoiKQaayL3NO81vBLP+X9+zgKsAV/eINPzM3gsF12QJaaQSL6CIlIF7qdwX8GZwoIg60rE2ogR0XxLcN9CGdMMuILpB9UsSOoPNwgMZd3KIwEB2LJabLKtUwuyKuA0iF6ZwHSghpnkxAIkIGFsbIxslvgCLkVihoSR97lhFpOJbC6n8u408wLD6qxoS6IRAXbIbErkyNyrt9PvbwSiHyWRjF8APCZD2WuQ22GmfBK0t6lM2hF8q7vRKN+SFOvLpql6NFT4n8/Odfr7i+4JqJahRH33RnDqYtRiqgqSSZtq3DOn1aYCivfEMKZrVxP+c6COqpPELDpjBfGWjLhqE/rV48N9x7UZNQKflBlMtaGnB1uEcVuMuZfTRFYQLqYs2p8f5vVXXWF7vSP9mBSHB3oz0seEfLd65y2hppF3J/8F/+QlAyGDrAZFhCYYMRE4eY2dy2cxLNP2M9tGVZMXQSNfys5cDnkYZzvofK7b2scgC9HcCUmBKv8ZxoSa4qyIOzH9XJupY4rlemlJbJQ9paXgAiiTdvLPcncVVnlCPRbEngCDKvoplVnzH9Hd6mIgRCZLyyIeAR8FwikGuZEuQETWanbe4S60KdMpofGM/ysz6eD67q9iVKL1zHCDtpzYQAhKurFUfgcxNOXnWYi8MWdRY9CAvIUJgRgg+IHOV76Nl8ljV6wpgn0qFR0IoQPblI3W8zJ4UASSgvUkf0meR9KLN3pA1D/AnYxi+Zblcz6SuXqBBARkXfW84iJOVanbNxyZpJDEnio6cJmNXX8VJxP0zqlA80FpcMNAvNOYsKx5yEwx3MEAlP7lLU35xgMx/BOgErf9f8XfbxINXPH0an+xQqAm99gbaKamflNQqpXXV+1ViWVWlx7xwqSUq0qy7A2sjs6prZRTR1sTt4i7MONEaRN65zgaPtL8zbO3BCbUecUdzCTmBy/XVnfa2krF8dN4LjBs6/ZswW/KYqc8TU6udiCb6Y1H9kXKsg3l9/5+ftcFB/YC6LzS9ynpOYhw12BJtjEuIuwiKa5J/UTp3IULQDZ2rCKBL09GT1/DGwB5AU8Dc9E9X2OOvWowme/eyYiiX9q+B9yLMYxP6rTsq7vJ8cjwnNRCz8UJbVzTlM9MwntUnyqv1L8E8xD438m0P+soqOc99NwXsuM/aJ6ndctfFNwHYfuau7BJrMRPfjc65yMiayfCxUJmnAsp309ODNS9D6VZkf/l5cBzbd+9xsnK/WA8I7f9bTZgi2/HSNOdEAlwBfRZXrLQAbeixG4qNmRqtOjILYkSkb13Ug/Yx+IFlMIgTxiZzXMduxbloNQU4VqEVY6Qrogu4qlaCWsqICX0SabXFZXUFUHgwswkNqV0G8977QSFTyYkMNr7FZTuFegYjzZZHaOtCJ/2FAJFX/e76rWcoz8GK7lsEqvQnCrqDfGtaSDF0LcJojKXEFg2E6rwENuMumdDJzkHj5dFzGdsf2ogeHqB2+sKpaHAgVjWzfk8CevSKnPDR/6UMhNoi2luW+xbV/DmDLJ5GzO6uGdcSmaQsFcNuFsuQZkC/q3zTf/TqbfH/V/eXR6YS0Etn73/xwVh9b59KazNb7JJ+rXahVHP3aUWocpu7/92Qwh/Odf3qGBJ/KT4a2VWYfBXLq6N0H8g1SI/aRJIAe3JCq2j+ln1PRegcqmwFqJpwp3TebdJEroCZU63Cl6vXm0XHm75MVXz7kYXBnOWeYv63oVyCvRc/yoOTBsCYPiyRxaoLXHUI2e0zCrbSAmAmb5WOUqxq4dJKGZXYYzHlR+aAjBbqmLFyCm92DW0sWlXPBhEeXysOK6IP8NEHatdyCnkpiHsQZyuBITw==,iv:Ooq6tK6nMGuRFJ1ElGCJhOMQVyMNtGBSguQVFSm71fA=,tag:iJviKci+i3tif+sH8UxRZg==,type:str]
+extraHosts: ENC[AES256_GCM,data:YRHvHINgAQv4z+8awMzHY1uZS/K9qSaFsk8G5J2zF5P5YOt4x62eefXgmhWeKZzJI5AIi0312iMQl5qGv+lAkP+VC7j/h1rh7peBDEBU6LvcMgFU2XqxidM/CoKfMkJF8+/4bb+3r1LC/rEeXITTUQsOmoacdyCeKe5yxLaHyic/FaZIJq13wCg/QQSLfenc2Db0Pbxv5/cbRILhKT+ssElVipA40aZpgL7QmD542vObSEa6K4fZd0rawF/nOyibfpPN7Ak8DrYvfygNMw/QAGKY2XosxC86tjxhrIBHRakqmWpV+smoUO6XBFjU2sbwalafYVFdrvYL9BVAPtMZ25Sc5QMm87RCHqzqYdQHKs8C3JpVBHWnyL+0e5DNQrFrml0/FD5nFYsT6zDKVb/rN3YmxvTvKl7FpPKpv3Kke9WG+HnPs90hPy8Jpmg52vLMhaybx6dpJxzcF+ctBSI3J78hfweOCGvNGshCKpME1dujMPctH/kfYcm2j/ixKLjl0ZSbYeI9+l9oURBDwKzmKjAqhwnjuo3sL++ZsRU5Ue1zz9gsxS40R9eYevbq7JiQPX331pY2du1SRoKOxvPpXsDqe+CY5pW2RgPszjEIuDxyoveZolXg/zjlk0Ic/cOxrbflp7bTfQCQqEC7YJ5tRmtctk2lRGQkOFIg9Tn8ReifFxfhDrPFzc8X5vZgH73aqZSd/OkVybI3vEILV5uas0fPL7AHAKnBmeDV3mBNvF8aoZhD5CG8iRd1otta/3AQ660QV8IDoauq8fySC8Kee5B3kG75sqHvwF4Gu6CpSChXkjpiIqVmW0PntJueVHifuGJYkvhkX/CTHK7xm1HhtANnGrk6cr2APjWk1vpOaCmjFNqKTOV9d1HjaNWYTz4AZ+Uq2Za3UzN3oZCtZb96,iv:Z64+4oR/AfSgA7oZ/NPDLOtcmcXO5B4OQIGjOEK1Pf4=,tag:0I/1gXnBH7u6HTbQUz5Fpw==,type:str]
 mopidy:
    spotify: ENC[AES256_GCM,data:SaDT0iSWhsgVOi1s+Nzbr0Mur3t2Zd9z/KIUshGWtbPfkXXIoiJeJFtoZIz5NL/t5FooYsNfU1mGYgDeVYSD4BPibW8hiCYrX6L6OX+Q6ZEWXXx/1eBEs2/q0BrWGvy7frcurq/Px4R3ax0dXJe/YKbpAtU7+bQl,iv:F2zT+uMVBMnSEZqgcRmV8/fc3G/g2fKDuHuBzkyBRN0=,tag:CD8fuOQfe6QCrj4BUh0/xw==,type:str]
    bandcamp: ENC[AES256_GCM,data:diEx2fbkOR1oUav81jU5bNt/KNmbOaVzLV+G3zBUVXE7nEQpZNqVom0rgNrEVDGzH3u/IaA5eqG5ce9lE0BomeY8Z4MWI1xujhX5KsXdv21aw4UwsNgyLPuWhkN2POUMfCJlvekc/TFfFvJHyysx8aKxeI4dsg==,iv:cxx0cVkjOPG+hMD8JctJHdcICJt7ozpfRBVSCDBo6Ro=,tag:JRjwwvieGaGZJ+k56HWFaw==,type:str]
 emailPassword: ENC[AES256_GCM,data:LALAvyuNN9bfa8D6ZK1YiFXRfxLOBi9kXA0N0Kr7h18eAI4hWQ==,iv:WtidILFfWCMKylax52JP+X57GfZyYlxJtiwrC6SADik=,tag:NvOrsL3fbmxQZp06GZhUZA==,type:str]
 ssh:
-    hosts: ENC[AES256_GCM,data:X/MrxeaqJnggoL9X8Y0+15A52FoihVRFp4vBZNr/QlJAKRn0B1eH6LI4wVzNokMbPUGlmYEElShy38ce+7EehL5HJcbwpEquvgQpLN2lZ4FhMLbW7yN3Q8DdZKqv4RNsm8vjuJPGwHGEVOhdvvnyM6IVpvLvMuH7MLJg4hLSArBzX7N0i5qg8piWI3pHqoPV4yO7kysSSF7D13HXen3fX+dbpBno/n0U+Xq8gcFyUKAqN6h65frkH2pyQcxIrCYcsFoJcU2jIzUY94xCSZZT7ocItzKD5YtVRki6F4Gh0/QgFeFcCn20Z0w8B7WvkjcR98FE+i5D9128uv2iiKEyeNaB4hc14dFCG4iZWW1KcSUojBnXHpFj22aByJaxjcFVg5BIVyde8L4hEinztWjNwbRzi1d9b34qeARcEzDQ3fwSNL/XFrlTvNZp565y/rPBLceksELewpWyX4Te3fuNOOw7hQqX3cjbGfw/FNuBVI/jnkEC+acGi23HnwmnDz87KCGZ738OAQ78F5awuoHnHhePvj0bUe3DTdW9Uj8amnaq1IeIu/BBcutewgez7ZHWamIWiOuVaZUISD6wrYk4pe5KqAZieUdotxbx7eihpw0ozEzQaNU3WBwQ8YxIyEnzcnsAihXCcgbm1/8FzWxghN3elA48UqVwaa4ZHK01l8+jD5yGjuCTCcpmSkVZBg8XrH7VWm+pZMCt3FRus3vFWq/iLsapIu6YSWG+mCYCjEK5hhbZs7ELxpdIzCw6Hiqm+P4nWVwA0ddbtSA7Rhu33CTKzdc0/KIQN78U0P+AsV0tVy7oLboIEZhpsj6XXYwQv5q9d0eJw/hibsqHdRb144Zn0hJDqxe/R+vCDk2iC3OYx5pG4oFbBG8V487QC67TG4Q+ztGCL8+W8+ZoVjK+atfA2LVHVWobFWNmqAE9CbVu8cbW3BhAtWrBZGgUMW5noFi64U411QEPS88odXtaqhUoN77rMhYCtVBxSSkGMWvwY2VZn6UvY8NZTExD5rJmDU9rRHmCNHq4WaAjxUg1rzwd4VO9CDnCf2gSeF466blpf2JEky8=,iv:0laLebvzVUMrKT30Jx/HaRS426PsWD3oFTesV4tnnDg=,tag:DApK5SSAriLib00FTz+jcg==,type:str]
+    hosts: ENC[AES256_GCM,data:j7+Ua5G8dePL5GO+Tf8+hnoJsSfKo2z4I0OcVfSyJ3dc6yyYZVho8iG9bqPAqVR5d7SJr391zCLMJp/jRDpDFLkzQB54udVKI8ob0C2w2xBznPZJsC7qZMptQ+n4IHO1ZROSi/vBadCUfEWKNO9e8gsroBYmliy/31M5IlA85Vx6q4Zx0qIFylfIhBDto3jD2DRcbjWP8NvjJcY7YLrN2sv8RR7QqX1q+0ZxpgFhg+W+a5Dz8JBVsPEdjNJqFAKAmUGKXf4bpEIS5lLUxxZweizEiWgo4nYJgA0kqVYEOiErOPgtpnBKiJlR+fLGuVwdGxVOUMvttZtyIgHc4CWgOJ0h67h4eVii+zeLn0GPJl3i2g5bjOArHKLfkKGduqii4n/1p9VvVTAOn5dj0/NtD2JNJF9kUDr1nMyMa1xA35gzv1vp/U55L6ZU/BRpBPzka6i8nGnCkDVdoUG0DKhN9ooXRpUS9L+W1iz480fzb6i/tfmlhx7Ms1T9VybYFkGLNkxnsrt5Oc24o0XD5/A1j8bJgNWo6aWSA748ZWtN0mXDzB5sH4TVtaZAGlyU9r/x5oCuWPN2qhZ8d2i7g5rceZW5ang/uyXNt8Le5cKvLw3Rhf4BTFhQ6+VJ4/SpdfnLZ17djjbwZO1DT5Nb0RUObcilcwbmUwqvmLbcrdmsfQMOcetRwFpIdoX6MjkRiC1WZ4cz8bMU7ArnK/n15dsIdaiiUfuOJAiBYut1PaJBoZDe8pXzOE6U1s57sejUf1T7NHp2epyevCAYuVG71dAFLn1oLM+FWXuBm6ogFLujoFh7XCVVqdf6j348/ekzBxDIemzS4G1+zflG3AteLWcslGVTNmx0rb3GlSHGNVNZoeHvYAHIIEyWpY4Yd01R8RhjrFXQo9comnpoQXSlFDvuUGTxuUpsariAof4wKLdpqj8Dc4ZaDvd1pAGVh7RBqR4rn4kClbWUVcSFy7QWs9T5Sw0fU/bLL76N6x9Y44P5NQLAJvZ0z8rhIPl0u8OwIhhEwkhWdFLSulk/N7+DVqrRpj7bB5hB8jZWspsl44IdiZWY3UPs7zs=,iv:3q4FYxDWPGyMqeKoSTRxSPvqZXzwg/NeHZh70d38HYM=,tag:jA8/5yi74/mOuu/b83WEeg==,type:str]
 sops:
    age:
        - recipient: age1ajemtm502nn2n4q7v4j8meyd5mxtcqngkkedxq2pqzuwu78zp93qnw8q48
@@ -61,7 +65,7 @@ sops:
            QmJKNDJUY0RSakhwNWlkOVpib0trc1kK0tQxD9I82pjfs54eruu+IjzVUmcVBCPw
            9mp1xKiYRRMXt3YQn6MPiyuuX3l3UB5MH0RJMNtRq0D961rs+iiS5A==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-06T19:20:04Z"
-    mac: ENC[AES256_GCM,data:59Mu6RlGEXV7BsNsX0yIr/zUgl9gvk77o2moF4D7GgPwllSVFLRB8Y3LvE7+NXLIjLj19nrK6b99CiH08NmWhSBO37+xXU/eYQ/W2wIEVIxfmhVcF9ePIZPwVuegLZ707S8jZDOcYzPOQuURe9hhbxJJPgHzzPzYoh7yushYUME=,iv:h6DCciUZtRMZFGB7PMfg4xnOWxyKQS/vfnOG1tqVfrI=,tag:q65pnHbLcUG+Gxo7K3Ca1w==,type:str]
+    lastmodified: "2025-11-02T00:42:02Z"
+    mac: ENC[AES256_GCM,data:0rYURFETR06JRNY/vE89jEI+dovFNxsjSOalf1Id3H+yzl4UYdsHN1T3mD1EfssFwCloBxOo+188RkUe7JlNV7hC+tvO3nBrDNuqjzFBQu/IHEz+nTI3mwB7ZsywubvFMG65dohM8H9hB2bUXSSqtEUpFEiz7Ugn2BfGyex4BbI=,iv:vFJk6mz60d6CzSetd+bNvxTEWfGBPaBS4sYj/AiYbq4=,tag:2nHBGQ5P3mxLyzllvstBqg==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.11.0
--- a/system/boot/boot.nix
+++ b/system/boot/boot.nix
@@ -5,9 +5,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.boot;
+  cfg = config.mySystem.boot;
 in {
-  options.system.boot = {
+  options.mySystem.boot = {
    extraModprobeConfig = mkOption {
      type = types.lines;
      default = "";
@@ -51,7 +51,7 @@ in {
  };

  config.boot = {
-    initrd.kernelModules = lists.optional config.system.hardware.amdgpu.enable "amdgpu";
+    initrd.kernelModules = lists.optional config.mySystem.hardware.amdgpu.enable "amdgpu";
    loader = {
      systemd-boot.enable = cfg.systemd-boot;
      efi.canTouchEfiVariables = cfg.systemd-boot;
--- a/system/boot/plymouth.nix
+++ b/system/boot/plymouth.nix
@@ -5,9 +5,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.boot.plymouth;
+  cfg = config.mySystem.boot.plymouth;
 in {
-  options.system.boot.plymouth.enable = mkEnableOption "Enables Plymouth at system boot";
+  options.mySystem.boot.plymouth.enable = mkEnableOption "Enables Plymouth at system boot";
  config.boot = mkIf cfg.enable {
    plymouth = {
      inherit (cfg) enable;
--- a/system/boot/zram.nix
+++ b/system/boot/zram.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.boot.zram;
+  cfg = config.mySystem.boot.zram;
 in {
-  options.system.boot.zram = {
+  options.mySystem.boot.zram = {
    enable = mkEnableOption "Enable ZRAM";
    memoryMax = mkOption {
      type = types.int;
--- a/system/default.nix
+++ b/system/default.nix
@@ -4,7 +4,7 @@
  ...
 }:
 with lib; let
-  cfg = config.system.misc;
+  cfg = config.mySystem.misc;
 in {
  imports = [
    ./boot
@@ -19,7 +19,7 @@ in {
    ./users
  ];

-  options.system.misc = {
+  options.mySystem.misc = {
    timezone = mkOption {
      type = types.str;
      default = "Europe/Paris";
--- a/system/desktop/default.nix
+++ b/system/desktop/default.nix
@@ -1,3 +1,8 @@
 {
-  imports = [./hyprland.nix ./niri.nix ./xserver.nix];
+  imports = [
+    ./hyprland.nix
+    ./niri.nix
+    ./waydroid.nix
+    ./xserver.nix
+  ];
 }
--- a/system/desktop/hyprland.nix
+++ b/system/desktop/hyprland.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.desktop.hyprland;
+  cfg = config.mySystem.desktop.hyprland;
 in {
-  options.system.desktop.hyprland.enable = mkEnableOption "Enables Hyprland";
+  options.mySystem.desktop.hyprland.enable = mkEnableOption "Enables Hyprland";
  config.programs.hyprland = mkIf cfg.enable {
    inherit (cfg) enable;
    withUWSM = true;
--- a/system/desktop/niri.nix
+++ b/system/desktop/niri.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.desktop.niri;
+  cfg = config.mySystem.desktop.niri;
 in {
-  options.system.desktop.niri.enable = mkEnableOption "Enables Niri";
+  options.mySystem.desktop.niri.enable = mkEnableOption "Enables Niri";
  config.programs.niri = mkIf cfg.enable {
    inherit (cfg) enable;
  };
--- a/system/desktop/waydroid.nix
+++ b/system/desktop/waydroid.nix
@@ -0,0 +1,15 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.desktop.waydroid;
+in {
+  options.mySystem.desktop.waydroid.enable = mkEnableOption "Enables Waydroid";
+  config = mkIf cfg.enable {
+    virtualisation.waydroid.enable = cfg.enable;
+    environment.systemPackages = [pkgs.waydroid-helper];
+  };
+}
--- a/system/desktop/xserver.nix
+++ b/system/desktop/xserver.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.desktop.xserver;
+  cfg = config.mySystem.desktop.xserver;
 in {
-  options.system.desktop.xserver = {
+  options.mySystem.desktop.xserver = {
    enable = mkEnableOption "Enables xserver";
    de = mkOption {
      type = types.enum ["gnome" "kde"];
@@ -35,7 +35,7 @@ in {

    xserver = {
      inherit (cfg) enable;
-      videoDrivers = lists.optional config.system.hardware.amdgpu.enable "amdgpu";
+      videoDrivers = lists.optional config.mySystem.hardware.amdgpu.enable "amdgpu";
      xkb = {
        layout = "fr";
        variant = "bepo_afnor";
--- a/system/dev/default.nix
+++ b/system/dev/default.nix
@@ -1,3 +1,3 @@
 {
-  imports = [./docker.nix];
+  imports = [./docker.nix ./qemu.nix];
 }
--- a/system/dev/docker.nix
+++ b/system/dev/docker.nix
@@ -1,21 +1,33 @@
 {
  lib,
  config,
+  pkgs,
  ...
 }:
 with lib; let
-  cfg = config.system.dev.docker;
+  cfg = config.mySystem.dev.docker;
 in {
-  options.system.dev.docker = {
+  options.mySystem.dev.docker = {
    enable = mkEnableOption "Enable Docker";
+    extraDaemonSettings = mkOption {
+      type = types.nullOr (types.attrsOf types.str);
+      default = {};
+      example = {
+        data-root = "/custom/path";
+      };
+    };
    podman.enable = mkEnableOption "Enable Podman rather than Docker";
    nvidia.enable = mkEnableOption "Activate Nvidia support";
    autoprune.enable = mkEnableOption "Enable autoprune";
  };

  config = {
-    virtualisation = {
-      docker = mkIf (cfg.enable && !cfg.podman.enable) {
+    environment.systemPackages = mkIf cfg.podman.enable [
+      pkgs.podman-desktop
+      pkgs.podman-compose
+    ];
+    virtualisation = mkIf cfg.enable {
+      docker = mkIf (!cfg.podman.enable) {
        enable = true;
        enableNvidia = cfg.nvidia.enable;
        autoPrune.enable = cfg.autoprune.enable;
--- a/system/dev/qemu.nix
+++ b/system/dev/qemu.nix
@@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.dev.qemu;
+in {
+  options.mySystem.dev.qemu = {
+    enable = mkEnableOption "Enable QEMU";
+    users = mkOption {
+      type = types.listOf types.str;
+      default = ["phundrak"];
+      example = ["user1" "user2"];
+    };
+  };
+  config = mkIf cfg.enable {
+    programs.virt-manager.enable = true;
+    users.groups.libvirtd.members = cfg.users;
+    virtualisation = {
+      libvirtd.enable = true;
+      spiceUSBRedirection.enable = true;
+    };
+    environment.systemPackages = with pkgs; [
+      qemu
+      quickemu
+      swtpm
+    ];
+    systemd.tmpfiles.rules = ["L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware"];
+    boot.binfmt.emulatedSystems = ["aarch64-linux"];
+  };
+}
--- a/system/hardware/amdgpu.nix
+++ b/system/hardware/amdgpu.nix
@@ -5,18 +5,58 @@
  ...
 }:
 with lib; let
-  cfg = config.system.hardware.amdgpu;
+  cfg = config.mySystem.hardware.amdgpu;
 in {
-  options.system.hardware.amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
+  options.mySystem.hardware.amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = [
-      "L+    /opt/rocm/hip   -    -    -     -    ${pkgs.rocmPackages.clr}"
-    ];
-    hardware.graphics.extraPackages = with pkgs; [rocmPackages.clr.icd];
+    hardware = {
+      graphics = {
+        enable = true;
+        enable32Bit = true;
+        extraPackages = with pkgs; [
+          mesa # Mesa drivers for AMD GPUs
+          rocmPackages.clr # common language runtime for ROCm
+          rocmPackages.clr.icd # ROCm ICD for OpenCL
+          rocmPackages.rocblas # ROCm BLAS library
+          rocmPackages.hipblas #
+          rocmPackages.rpp # High-performance computer vision library
+          nvtopPackages.amd # GPU utilization monitoring
+        ];
+      };
+      amdgpu = {
+        initrd.enable = true;
+        opencl.enable = true;
+      };
+    };
    environment.systemPackages = with pkgs; [
      clinfo
      amdgpu_top
      nvtopPackages.amd
    ];
+    systemd = {
+      packages = with pkgs; [lact];
+      services.lactd.wantedBy = ["multi-user.target"];
+      tmpfiles.rules = let
+        rocmEnv = pkgs.symlinkJoin {
+          name = "rocm-combined";
+          paths = with pkgs.rocmPackages; [
+            clr
+            clr.icd
+            rocblas
+            hipblas
+            rpp
+          ];
+        };
+      in [
+        "L+    /opt/rocm   -    -    -     -    ${rocmEnv}"
+      ];
+    };
+    environment.variables = {
+      ROCM_PATH = "/opt/rocm"; # Set ROCm path
+      HIP_VISIBLE_DEVICES = "1"; # Use only the eGPU (ID 1)
+      ROCM_VISIBLE_DEVICES = "1"; # Optional: ROCm equivalent for visibility
+      # LD_LIBRARY_PATH = "/opt/rocm/lib";         # Add ROCm libraries
+      HSA_OVERRIDE_GFX_VERSION = "10.3.0"; # Set GFX version override
+    };
  };
 }
--- a/system/hardware/bluetooth.nix
+++ b/system/hardware/bluetooth.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.hardware.bluetooth;
+  cfg = config.mySystem.hardware.bluetooth;
 in {
-  options.system.hardware.bluetooth.enable = mkEnableOption "Enable bluetooth";
+  options.mySystem.hardware.bluetooth.enable = mkEnableOption "Enable bluetooth";
  config = mkIf cfg.enable {
    hardware.bluetooth.enable = cfg.enable;
    services.blueman.enable = cfg.enable;
--- a/system/hardware/corne.nix
+++ b/system/hardware/corne.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.hardware.corne;
+  cfg = config.mySystem.hardware.corne;
 in {
-  options.system.hardware.corne.allowHidAccess = mkEnableOption "Enable HID access to the corne keyboard";
+  options.mySystem.hardware.corne.allowHidAccess = mkEnableOption "Enable HID access to the corne keyboard";
  config.services.udev = mkIf cfg.allowHidAccess {
    extraRules = ''
      KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
--- a/system/hardware/default.nix
+++ b/system/hardware/default.nix
@@ -1,3 +1,4 @@
+{lib, ...}:
 {
  imports = [
    ./amdgpu.nix
@@ -7,4 +8,5 @@
    ./opentablet.nix
    ./sound.nix
  ];
+  hardware.enableRedistributableFirmware = lib.mkDefault true;
 }
--- a/system/hardware/ibm-trackpoint.nix
+++ b/system/hardware/ibm-trackpoint.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.hardware.ibmTrackpoint;
+  cfg = config.mySystem.hardware.ibmTrackpoint;
 in {
-  options.system.hardware.ibmTrackpoint.disable = mkEnableOption "Disable IBM’s trackpoint on ThinkPad";
+  options.mySystem.hardware.ibmTrackpoint.disable = mkEnableOption "Disable IBM’s trackpoint on ThinkPad";
  config.services.udev = mkIf cfg.disable {
    extraRules = ''
      ATTRS{name}=="*TPPS/2 IBM TrackPoint", ENV{ID_INPUT}="", ENV{ID_INPUT_MOUSE}="", ENV{ID_INPUT_POINTINGSTICK}=""
--- a/system/hardware/opentablet.nix
+++ b/system/hardware/opentablet.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.hardware.opentablet;
+  cfg = config.mySystem.hardware.opentablet;
 in {
-  options.system.hardware.opentablet.enable = mkEnableOption "Enables OpenTablet drivers";
+  options.mySystem.hardware.opentablet.enable = mkEnableOption "Enables OpenTablet drivers";
  config.hardware.opentabletdriver = mkIf cfg.enable {
    inherit (cfg) enable;
    daemon.enable = true;
--- a/system/hardware/sound.nix
+++ b/system/hardware/sound.nix
@@ -5,9 +5,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.hardware.sound;
+  cfg = config.mySystem.hardware.sound;
 in {
-  options.system.hardware.sound = {
+  options.mySystem.hardware.sound = {
    enable = mkEnableOption "Whether to enable sounds with Pipewire";
    scarlett.enable = mkEnableOption "Activate support for Scarlett sound card";
    alsa = mkOption {
@@ -40,5 +40,8 @@ in {
      };
      jack.enable = mkDefault cfg.jack;
    };
+    programs.noisetorch = mkIf cfg.enable {
+      inherit (cfg) enable;
+    };
  };
 }
--- a/system/network/default.nix
+++ b/system/network/default.nix
@@ -1,5 +1,6 @@
 {
  imports = [
    ./networking.nix
+    ./tailscale.nix
  ];
 }
--- a/system/network/networking.nix
+++ b/system/network/networking.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.networking;
+  cfg = config.mySystem.networking;
 in {
-  options.system.networking = with types; {
+  options.mySystem.networking = with types; {
    hostname = mkOption {
      type = str;
      example = "gampo";
--- a/system/network/tailscale.nix
+++ b/system/network/tailscale.nix
@@ -0,0 +1,16 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.network.tailscale;
+in {
+  options.mySystem.network.tailscale = {
+    enable = mkOption {
+      type = types.bool;
+      default = true;
+    };
+  };
+  config.services.tailscale.enable = cfg.enable;
+}
--- a/system/packages/appimage.nix
+++ b/system/packages/appimage.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.packages.appimage;
+  cfg = config.mySystem.packages.appimage;
 in {
-  options.system.packages.appimage.enable = mkEnableOption "Enables AppImage support";
+  options.mySystem.packages.appimage.enable = mkEnableOption "Enables AppImage support";
  config.programs.appimage = mkIf cfg.enable {
    inherit (cfg) enable;
    binfmt = true;
--- a/system/packages/flatpak.nix
+++ b/system/packages/flatpak.nix
@@ -5,9 +5,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.packages.flatpak;
+  cfg = config.mySystem.packages.flatpak;
 in {
-  options.system.packages.flatpak = {
+  options.mySystem.packages.flatpak = {
    enable = mkEnableOption "Enable Flatpak support";
    builder.enable = mkEnableOption "Enable Flatpak builder";
  };
--- a/system/packages/nix.nix
+++ b/system/packages/nix.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.packages.nix;
+  cfg = config.mySystem.packages.nix;
 in {
-  options.system.packages.nix = {
+  options.mySystem.packages.nix = {
    allowUnfree = mkEnableOption "Enable unfree packages";
    disableSandbox = mkEnableOption "Disable Nix sandbox";
    gc = {
--- a/system/packages/steam.nix
+++ b/system/packages/steam.nix
@@ -5,9 +5,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.programs.steam;
+  cfg = config.mySystem.programs.steam;
 in {
-  options.system.programs.steam.enable = mkEnableOption "Enables Steam and Steam hardware";
+  options.mySystem.programs.steam.enable = mkEnableOption "Enables Steam and Steam hardware";
  config = mkIf cfg.enable {
    programs = {
      steam = {
--- a/system/services/calibre.nix
+++ b/system/services/calibre.nix
@@ -0,0 +1,38 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.calibre;
+in {
+  options.mySystem.services.calibre = {
+    enable = mkEnableOption "Enable Calibre Web";
+    user = mkOption {
+      type = types.str;
+      default = "phundrak";
+    };
+    group = mkOption {
+      type = types.str;
+      default = "users";
+    };
+    dataDir = mkOption {
+      type = types.str;
+      example = "/tank/calibre/conf";
+      default = "/tank/calibre/conf";
+    };
+    library = mkOption {
+      type = types.str;
+      example = "/tank/calibre/library";
+      default = "/tank/calibre/library";
+    };
+  };
+  config.services.calibre-web = mkIf cfg.enable {
+    inherit (cfg) enable user dataDir group;
+    options = {
+      calibreLibrary = cfg.library;
+      enableBookConversion = true;
+      enableBookUploading = true;
+    };
+  };
+}
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -1,9 +1,14 @@
 {
  imports = [
+    ./calibre.nix
    ./endlessh.nix
    ./fwupd.nix
+    ./jellyfin.nix
+    ./languagetool.nix
+    ./plex.nix
    ./printing.nix
    ./ssh.nix
    ./sunshine.nix
+    ./traefik.nix
  ];
 }
--- a/system/services/endlessh.nix
+++ b/system/services/endlessh.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.services.endlessh;
+  cfg = config.mySystem.services.endlessh;
 in {
-  options.system.services.endlessh = {
+  options.mySystem.services.endlessh = {
    enable = mkEnableOption "Enables endlessh.";
    port = mkOption {
      type = types.port;
--- a/system/services/fwupd.nix
+++ b/system/services/fwupd.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.services.fwupd;
+  cfg = config.mySystem.services.fwupd;
 in {
-  options.system.services.fwupd.enable = mkEnableOption "Enable fwupd";
+  options.mySystem.services.fwupd.enable = mkEnableOption "Enable fwupd";
  config.services.fwupd = mkIf cfg.enable {
    inherit (cfg) enable;
  };
--- a/system/services/jellyfin.nix
+++ b/system/services/jellyfin.nix
@@ -0,0 +1,28 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.jellyfin;
+in {
+  options.mySystem.services.jellyfin = {
+    enable = mkEnableOption "Enable Jellyfin";
+    dataDir = mkOption {
+      type = types.str;
+      default = "/tank/jellyfin/data";
+      example = "/tank/jellyfin/data";
+    };
+    user = mkOption {
+      type = types.str;
+      default = "phundrak";
+    };
+    group = mkOption {
+      type = types.str;
+      default = "users";
+    };
+  };
+  config.services.jellyfin = mkIf cfg.enable {
+    inherit (cfg) enable group user dataDir;
+  };
+}
--- a/system/services/languagetool.nix
+++ b/system/services/languagetool.nix
@@ -0,0 +1,20 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.languagetool;
+in {
+  options.mySystem.services.languagetool = {
+    enable = mkEnableOption "Enables languagetool";
+    port = mkOption {
+      type = types.port;
+      default = 8081;
+      example = 80;
+    };
+  };
+  config.services.languagetool = mkIf cfg.enable {
+    inherit (cfg) enable port;
+  };
+}
--- a/system/services/plex.nix
+++ b/system/services/plex.nix
@@ -0,0 +1,35 @@
+{
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.plex;
+in {
+  options.mySystem.services.plex = {
+    enable = mkEnableOption "Enable Plex";
+    group = mkOption {
+      type = types.str;
+      default = "users";
+      example = "users";
+      description = "Group under which Plex runs";
+    };
+    dataDir = mkOption {
+      type = types.str;
+      example = "/tank/plex-config";
+    };
+    user = mkOption {
+      type = types.str;
+      default = "phundrak";
+    };
+  };
+  config = {
+    services.plex = mkIf cfg.enable {
+      inherit (cfg) enable user group dataDir;
+      openFirewall = cfg.enable;
+    };
+    boot.kernel.sysctl = {
+      "kernel.unprivileged_userns_clone" = 1;
+    };
+  };
+}
--- a/system/services/printing.nix
+++ b/system/services/printing.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.services.printing;
+  cfg = config.mySystem.services.printing;
 in {
-  options.system.services.printing.enable = mkEnableOption "Enable printing with CUPS";
+  options.mySystem.services.printing.enable = mkEnableOption "Enable printing with CUPS";
  config.services.printing = mkIf cfg.enable {
    inherit (cfg) enable;
  };
--- a/system/services/ssh.nix
+++ b/system/services/ssh.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.services.ssh;
+  cfg = config.mySystem.services.ssh;
 in {
-  options.system.services.ssh = {
+  options.mySystem.services.ssh = {
    enable = mkEnableOption "Enables OpenSSH";
    allowedUsers = mkOption {
      type = types.listOf types.str;
--- a/system/services/sunshine.nix
+++ b/system/services/sunshine.nix
@@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.services.sunshine;
+  cfg = config.mySystem.services.sunshine;
 in {
-  options.system.services.sunshine = {
+  options.mySystem.services.sunshine = {
    enable = mkEnableOption "Enables Sunshine";
    autostart = mkEnableOption "Enables autostart";
  };
@@ -15,6 +15,34 @@ in {
    autoStart = cfg.autostart;
    capSysAdmin = true;
    openFirewall = true;
-    settings.sunshine_name = config.system.networking.hostname;
+    settings.sunshine_name = config.mySystem.networking.hostname;
+    applications.apps = [
+      {
+        name = "Desktop";
+        image-path = "desktop.png";
+      }
+      {
+        name = "Low Res Desktop";
+        image-path = "desktop.png";
+      }
+      {
+        name = "Steam Big Picture";
+        detached = ["setsid steam steam://open/bigpicture"];
+        prep-cmd = {
+          do = "";
+          undo = "setsid steam steam://close/bigpicture";
+        };
+        image-path = "steam.png";
+      }
+      {
+        name = "OpenTTD";
+        cmd = "openttd";
+        image-path = "/home/phundrak/.config/sunshine/covers/igdb_18074.png";
+      }
+      {
+        name = "OpenMW";
+        cmd = "openmw";
+      }
+    ];
  };
 }
--- a/system/services/traefik.nix
+++ b/system/services/traefik.nix
@@ -0,0 +1,65 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.traefik;
+in {
+  options.mySystem.services.traefik = {
+    enable = mkEnableOption "Enable Traefikse";
+    email = mkOption {
+      type = types.str;
+      default = "lucien@phundrak.com";
+      example = "admin@example.com";
+    };
+    envFiles = mkOption {
+      type = types.listOf types.path;
+      example = ["/run/secrets/traefik.env"];
+      default = [];
+    };
+    dynConf = mkOption {
+      type = types.path;
+      example = "/var/traefik/dynamic.yaml";
+    };
+  };
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [80 443];
+    services.traefik = {
+      inherit (cfg) enable;
+      environmentFiles = cfg.envFiles;
+      dynamicConfigFile = cfg.dynConf;
+      staticConfigOptions = {
+        log = {
+          level = "WARN";
+          filePath = "/var/log/traefik/traefik.log";
+        };
+        accessLog.filePath = "/var/log/traefik/access.log";
+        api.dashboard = true;
+        entryPoints = {
+          web = {
+            address = ":80";
+            http.redirections.entryPoint = {
+              to = "websecure";
+              scheme = "https";
+            };
+          };
+          websecure.address = ":443";
+        };
+        certificatesResolvers.cloudflare.acme = {
+          inherit (cfg) email;
+          storage = "/var/lib/traefik/acme.json";
+          dnsChallenge = {
+            provider = "cloudflare";
+            resolvers = ["1.1.1.1:53" "1.0.0.1:53"];
+            propagation.delayBeforeChecks = 60;
+          };
+        };
+        providers.docker = {
+          endpoint = "unix:///var/run/docker.sock";
+          exposedByDefault = false;
+        };
+      };
+    };
+  };
+}
--- a/system/users/phundrak.nix
+++ b/system/users/phundrak.nix
@@ -5,9 +5,9 @@
  ...
 }:
 with lib; let
-  cfg = config.system.users;
+  cfg = config.mySystem.users;
 in {
-  options.system.users = {
+  options.mySystem.users = {
    root.disablePassword = mkEnableOption "Disables root password";
    phundrak.enable = mkEnableOption "Enables users phundrak";
  };
--- a/users/modules/cli/bat.nix
+++ b/users/modules/cli/bat.nix
@@ -19,7 +19,6 @@ in {
    extraPackages = mkIf cfg.extras (with pkgs.bat-extras; [
      batman
      batpipe
-      batgrep
    ]);
  };
 }
--- a/users/modules/desktop/hyprland.nix
+++ b/users/modules/desktop/hyprland.nix
@@ -20,7 +20,6 @@ in {
    emacsPkg = mkOption {
      type = types.package;
      default = config.home.dev.editors.emacs.package or pkgs.emacs;
-      # default = pkgs.emacs;
      example = pkgs.emacs;
    };
    host = mkOption {
@@ -63,6 +62,8 @@ in {
            "marpa" = [
              "DP-1, 3440x1440@144, 1080x550, 1"
              "DP-2, 2560x1080@60, 0x0, 1, transform, 1"
+              # "DP-2, 1366x768@60, 0x0, 1"
+              # "DP-2, 1829x1143@60, 0x0, 1"
            ];
            "gampo" = [];
          }."${cfg.host}";
@@ -272,19 +273,13 @@ in {
    };
    services = {
      blueman-applet.enable = true;
-      wpaperd = {
+      hyprpaper = {
        enable = true;
        settings = {
-          default = {
-            path = "/home/phundrak/Pictures/Wallpapers/nord";
-            duration = "5m";
-            sorting = "random";
-            mode = "center";
-            recursive = true;
-          };
-          DP-3 = {
-            mode = "fit-border-color";
-          };
+          ipc = "on";
+          splash = false;
+          preload = "/home/phundrak/Pictures/Wallpapers/nord/Nordic6.jpg";
+          wallpaper = ", /home/phundrak/Pictures/Wallpapers/nord/Nordic6.jpg";
        };
      };
    };
--- a/users/modules/dev/ai/claude.nix
+++ b/users/modules/dev/ai/claude.nix
@@ -0,0 +1,18 @@
+{
+  config,
+  lib,
+  inputs,
+  system,
+  ...
+}:
+with lib; let
+  cfg = config.home.dev.ai.claude;
+in {
+  options.home.dev.ai.claude.enable = mkEnableOption "Enables Claude-related packages";
+  config = mkIf cfg.enable {
+    home.packages = [inputs.claude-desktop.packages.${system}.claude-desktop-with-fhs];
+    programs.claude-code = {
+      inherit (cfg) enable;
+    };
+  };
+}
--- a/users/modules/dev/ai/default.nix
+++ b/users/modules/dev/ai/default.nix
@@ -0,0 +1,19 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home.dev.ai;
+in {
+  imports = [
+    ./ollama.nix
+    ./claude.nix
+  ];
+
+  options.home.dev.ai.enable = mkEnableOption "Enables AI features";
+  config.home.dev.ai = mkIf cfg.enable {
+    ollama.enable = mkDefault cfg.enable;
+    claude.enable = mkDefault cfg.enable;
+  };
+}
--- a/users/modules/dev/ai/ollama.nix
+++ b/users/modules/dev/ai/ollama.nix
@@ -4,20 +4,21 @@
  ...
 }:
 with lib; let
-  cfg = config.home.dev.ollama;
+  cfg = config.home.dev.ai.ollama;
 in {
-  options.home.dev.ollama = {
+  options.home.dev.ai.ollama = {
    enable = mkEnableOption "Enables Ollama";
    gpu = mkOption {
-      type = types.nullOr types.enum ["none" "amd" "nvidia"];
-      example = "amd";
-      default = "none";
+      type = types.nullOr (types.enum [false "rocm" "cuda"]);
+      example = "rocm";
+      default = null;
      description = "Which type of GPU should be used for hardware acceleration";
    };
  };

  config.services.ollama = mkIf cfg.enable {
    inherit (cfg) enable;
+    acceleration = cfg.gpu;
    environmentVariables = {
      OLLAMA_CONTEXT_LENGTH = "8192";
    };
--- a/users/modules/dev/default.nix
+++ b/users/modules/dev/default.nix
@@ -7,8 +7,8 @@ with lib; let
  cfg = config.home.dev;
 in {
  imports = [
+    ./ai
    ./editors
-    ./ollama.nix
    ./vcs
  ];

--- a/users/modules/dev/editors/emacs.nix
+++ b/users/modules/dev/editors/emacs.nix
@@ -5,7 +5,7 @@
  ...
 }:
 with lib; let
-  emacsDefaultPackage = with pkgs; ((emacsPackagesFor emacsNativeComp).emacsWithPackages (
+  emacsDefaultPackage = with pkgs; ((emacsPackagesFor emacs).emacsWithPackages (
    epkgs: [
      epkgs.mu4e
      epkgs.pdf-tools
--- a/users/modules/dev/vcs/git.nix
+++ b/users/modules/dev/vcs/git.nix
@@ -90,9 +90,47 @@ in {
        else cfg.sendmail.user;
    in {
      enable = true;
-      userEmail = cfg.email;
-      userName = cfg.name;
-      extraConfig = {
+      ignores = [
+        ".env"
+        ".direnv/"
+
+        "*~"
+        "\#*\#"
+        "*.elc"
+        "auto-save-list"
+        ".\#*"
+        "*_flymake.*"
+        "/auto/"
+        ".projectile"
+        ".dir-locals.el"
+
+        "# Org mode files"
+        ".org-id-locations"
+        "*_archive"
+
+        "*.out"
+        "*.o"
+        "*.so"
+
+        "# Archives"
+        "*.7zz"
+        "*.dmg"
+        "*.gz"
+        "*.iso"
+        "*.jar"
+        "*.rar"
+        "*.tar"
+        "*.zip"
+
+        "*.log"
+        "*.sqlite"
+
+        "dist/"
+      ];
+      settings = {
+        user = {
+          inherit (cfg) name email;
+        };
        color.ui = "auto";
        column.ui = "auto";
        tag.sort = "version:refname";
@@ -180,99 +218,62 @@ in {
            insteadOf = "labs:";
          };
        };
-      };
-      ignores = [
-        ".env"
-        ".direnv/"
-
-        "*~"
-        "\#*\#"
-        "*.elc"
-        "auto-save-list"
-        ".\#*"
-        "*_flymake.*"
-        "/auto/"
-        ".projectile"
-        ".dir-locals.el"
-
-        "# Org mode files"
-        ".org-id-locations"
-        "*_archive"
-
-        "*.out"
-        "*.o"
-        "*.so"
-
-        "# Archives"
-        "*.7zz"
-        "*.dmg"
-        "*.gz"
-        "*.iso"
-        "*.jar"
-        "*.rar"
-        "*.tar"
-        "*.zip"
-
-        "*.log"
-        "*.sqlite"
-
-        "dist/"
-      ];
-      aliases = {
-        a = "add --all";
-        aca = "!git add --all && git commit --amend";
-        acan = "!git add --all && git commit --amend --no-edit";
-        ap = "add --patch";
-        b = "branch";
-        bd = "branch -d";
-        bdd = "branch -D";
-        c = "commit -S";
-        ca = "commit -Sa";
-        can = "commit -Sa --no-edit";
-        cm = "commit -Sm";
-        cam = "commit -Sam";
-        co = "checkout";
-        cob = "checkout -b";
-        cod = "checkout develop";
-        cl = "clone";
-        cl1 = "clone --depth 1";
-        f = "fetch";
-        fp = "fetch --prune";
-        ps = "push";
-        psf = "push --force-with-lease";
-        pso = "push origin";
-        psfo = "push --force-with-lease origin";
-        pushall = "!git remote \vert{} xargs -L1 git push";
-        psl = "!git remote \vert{} xargs -L1 git push";
-        pullall = "!git remote \vert{} xargs -L1 git pull";
-        pll = "!git remote \vert{} xargs -L1 git pull";
-        pl = "pull";
-        pb = "pull --rebase";
-        r = "rebase";
-        ra = "rebase --abort";
-        rc = "rebase --continue";
-        rd = "rebase develop";
-        ri = "rebase -i";
-        rmf = "rm -f";
-        rmd = "rm -r";
-        rmdf = "rm -rf";
-        sm = "submodule";
-        sms = "submodule status";
-        sma = "submodule add";
-        smu = "submodule update";
-        smui = "submodule update --init";
-        smuir = "submodule update --init --recursive";
-        st = "stash";
-        stc = "stash clear";
-        stp = "stash pop";
-        stw = "stash show";
-        u = "reset --";
-        d = "diff -w";
-        l = "log --all --oneline --graph --decorate --pretty=format':%C(magenta)%h %C(white) %an %ar%C(auto) %D%n%s%n'";
-        s = "status";
-        staged = "diff --cached";
-        upstream = "!git push -u origin HEAD";
-        unstage = "reset --";
+        alias = {
+          a = "add --all";
+          aca = "!git add --all && git commit --amend";
+          acan = "!git add --all && git commit --amend --no-edit";
+          ap = "add --patch";
+          b = "branch";
+          bd = "branch -d";
+          bdd = "branch -D";
+          c = "commit -S";
+          ca = "commit -Sa";
+          can = "commit -Sa --no-edit";
+          cm = "commit -Sm";
+          cam = "commit -Sam";
+          co = "checkout";
+          cob = "checkout -b";
+          cod = "checkout develop";
+          cl = "clone";
+          cl1 = "clone --depth 1";
+          f = "fetch";
+          fp = "fetch --prune";
+          ps = "push";
+          psf = "push --force-with-lease";
+          pso = "push origin";
+          psfo = "push --force-with-lease origin";
+          pushall = "!git remote \vert{} xargs -L1 git push";
+          psl = "!git remote \vert{} xargs -L1 git push";
+          pullall = "!git remote \vert{} xargs -L1 git pull";
+          pll = "!git remote \vert{} xargs -L1 git pull";
+          pl = "pull";
+          pb = "pull --rebase";
+          r = "rebase";
+          ra = "rebase --abort";
+          rc = "rebase --continue";
+          rd = "rebase develop";
+          ri = "rebase -i";
+          rmf = "rm -f";
+          rmd = "rm -r";
+          rmdf = "rm -rf";
+          sm = "submodule";
+          sms = "submodule status";
+          sma = "submodule add";
+          smu = "submodule update";
+          smui = "submodule update --init";
+          smuir = "submodule update --init --recursive";
+          st = "stash";
+          stc = "stash clear";
+          stp = "stash pop";
+          stw = "stash show";
+          u = "reset --";
+          d = "diff -w";
+          l = "log --all --oneline --graph --decorate --pretty=format':%C(magenta)%h %C(white) %an %ar%C(auto) %D%n%s%n'";
+          s = "status";
+          staged = "diff --cached";
+          upstream = "!git push -u origin HEAD";
+          unstage = "reset --";
+        };
      };
    };
  };
--- a/users/modules/dev/vcs/jujutsu.nix
+++ b/users/modules/dev/vcs/jujutsu.nix
@@ -45,6 +45,9 @@ in {
        default-command = "st";
        pager = ":builtin";
        show-cryptographic-signatures = true;
+        conflict-marker-style = "git"; # Support for vc-jj.el
+        diff-formatter = ":git"; # Support for vc-jj.el
+        diff-editor = ":builtin";
        inherit (cfg) editor;
      };
      signing = mkIf cfg.signing.enable {
@@ -55,12 +58,41 @@ in {
        backends."ssh.program" = "${pkgs.openssh}/bin/ssh-keygen";
      };
      aliases = {
+        blame = ["file" "annotate"];
+        consume = ["squash" "--into" "@" "--from"];
+        eject = ["squash" "--from" "@" "--into"];
+        d = ["diff"];
+        dm = ["desc" "-m"];
        l = ["log"];
        lc = ["log" "-r" "(remote_bookmarks()..@)::"];
+        ll = ["log" "-T" "builtin_log_detailed"];
+        open = ["log" "-r" "open()"];
        n = ["new"];
-        dm = ["desc" "-m"];
+        nd = ["new" "dev()"];
+        nt = ["new" "trunk()"];
+        s = ["show"];
        tug = ["bookmark" "move" "--from" "heads(::@- & bookmarks())" "--to" "@-"];
      };
+      revset-aliases = {
+        "user(x)" = "author(x) | committer(x)";
+        "gh_pages()" = "ancestors(remote_bookmarks(exact:\"gh-pages\"))";
+        "trunk()" = "latest((present(main) | present(master)) & remote_bookmarks())";
+        "dev()" = "latest((present(dev) | present(develop)) & remote_bookmarks())";
+        "wip()" = "description(glob:\"wip:*\")";
+        "private()" = "description(glob:\"private:*\")";
+        "blacklist()" = "wip() | private()";
+        # stack(x, n) is the set of mutable commits reachable from
+        # 'x', with 'n' parents. 'n' is often useful to customize the
+        # display and return set for certain operations. 'x' can be
+        # used to target the set of 'roots' to traverse, e.g. @ is the
+        # current stack.
+        "stack()" = "ancestors(reachable(@, mutable()), 2)";
+        "stack(x)" = "ancestors(reachable(x, mutable()), 2)";
+        "stack(x, n)" = "ancestors(reachable(x, mutable()), n)";
+
+        "open()" = "stack(dev().. & mine(), 1)";
+        "ready()" = "open() ~ blacklist()::";
+      };
    };
  };
 }
--- a/users/modules/security/ssh.nix
+++ b/users/modules/security/ssh.nix
@@ -17,6 +17,7 @@ in {
  config = {
    programs.ssh = mkIf cfg.enable {
      enable = true;
+      enableDefaultConfig = false;
      includes = lists.optional (cfg.hosts != null) cfg.hosts;
    };
  };
--- a/users/phundrak/home.nix
+++ b/users/phundrak/home.nix
@@ -11,7 +11,7 @@
  ];

  config = let
-    emacsPkg = with pkgs; ((emacsPackagesFor emacsNativeComp).emacsWithPackages (
+    emacsPkg = with pkgs; ((emacsPackagesFor emacs).emacsWithPackages (
      epkgs: [
        epkgs.mu4e
        epkgs.pdf-tools
@@ -37,10 +37,7 @@
      };

      desktop.waybar.style = ./config/waybar/style.css;
-      dev.ollama = {
-        enable = true;
-        gpu = "amd";
-      };
+      dev.ai.claude.enable = true;
      fullDesktop = true;
      shell.fish.enable = true;
    };
--- a/users/phundrak/host/gampo.nix
+++ b/users/phundrak/host/gampo.nix
@@ -1,11 +1,10 @@
 {config, ...}: {
  imports = [../home.nix];
  home = {
-    cli.nh.flake = "${config.home.homeDirectory}/nixos";
+    cli.nh.flake = "${config.home.homeDirectory}/.dotfiles";
    desktop.hyprland.host = "gampo";
    phundrak.sshKey = {
      content = builtins.readFile ../../../keys/id_gampo.pub;
-      # file = "${config.home.homeDirectory}/.ssh/id_ed25519.pub";
    };
  };
 }
--- a/users/phundrak/host/marpa.nix
+++ b/users/phundrak/host/marpa.nix
@@ -1,11 +1,14 @@
 {config, ...}: {
  imports = [../home.nix];
  home = {
-    cli.nh.flake = "${config.home.homeDirectory}/nixos";
+    cli.nh.flake = "${config.home.homeDirectory}/.dotfiles";
+    dev.ai.ollama = {
+      enable = true;
+      gpu = "rocm";
+    };
    desktop.hyprland.host = "marpa";
    phundrak.sshKey = {
      content = builtins.readFile ../../../keys/id_marpa.pub;
-      # file = "${config.home.homeDirectory}/.ssh/id_ed25519.pub";
    };
  };
 }
--- a/users/phundrak/host/tilo.nix
+++ b/users/phundrak/host/tilo.nix
@@ -1,10 +1,7 @@
-{config, ...}: {
+{
  imports = [../light-home.nix];
  home = {
-    cli.nh.flake = "${config.home.homeDirectory}/nixos";
-    phundrak.sshKey = {
-      content = builtins.readFile ../../../keys/id_tilo.pub;
-      # file = "${config.home.homeDirectory}/.ssh/id_ed25519.pub";
-    };
+    cli.nh.flake = "/tank/phundrak/nixos";
+    phundrak.sshKey.content = builtins.readFile ../../../keys/id_tilo.pub;
  };
 }
--- a/users/phundrak/packages.nix
+++ b/users/phundrak/packages.nix
@@ -36,11 +36,11 @@ with lib; {
    signal-desktop-bin

    # Misc
-    bitwarden
+    bitwarden-desktop
    gplates
    libnotify
    nextcloud-client
-    onlyoffice-bin
+    onlyoffice-desktopeditors
    scrcpy
    syncthing
    watchmate
@@ -51,7 +51,6 @@ with lib; {
    # Games
    atlauncher
    heroic
-    modrinth-app
    openmw
    openttd-jgrpp
    moonlight-qt
@@ -66,18 +65,13 @@ with lib; {
    # Graphics
    inkscape
    gimp
-    gimpPlugins.fourier
-    gimpPlugins.farbfeld
+    gimpPlugins.gmic

    # Dev
    devenv
    dive # A tool for exploring each layer in a docker image
    grype # Vulnerability scanner for container images and filesystems
-    kicad # Working on my custom keyboard
-    podman-desktop
-    podman-compose
    tectonic # better LaTeX engine
-    virt-manager
    zeal

    ## LSP servers
Author	SHA1	Message	Date
Lucien Cartier-Tilet	22e21be60a	feat(elcafe): add new server configuration	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	4658b8392e	fix: change invalid types.string to types.str	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	e65c27a81f	feat: more AI-related tools	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	7eccc1a627	feat(qemu): improve QEMU configuration	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	7e9b84d0ea	chore: update flakes to latest version	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	5b2582afdd	style: formatting fixes	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	7d198f1996	feat(jujutsu): compatibility with jj-vc.el in Emacs	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	2e84738c9f	feat(AMDGPU): better config for my AMD GPU and using AI with it	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	a76bf52727	feat(hyprland): add commented out screen resolutions for Moonlight Add a screen resolution for when logging in remotely from Moonlight, namely from my Thinkpad x220 and my FydeTab Duo.	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	1f811718c8	fix(docker): better configuration handling, add back podman-compose	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	c07c872c91	feat(user/packages): remove broken Gimp packages, add Gmic	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	8b3864084f	feat(languagetool): add languagetool service to marpa	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	30e3fa2b08	chore: upgrade flake lockfile	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	dbb5973c46	feat(hyprland): replace wpaperd with hyprpaper	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	ffa6af675d	feat(tailscale): make tailscale togglable, defaults to enabled	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	075ece2829	feat(packages): remove Modrintth and KiCad They take a long time compiling on my laptop, so I’ll install them through flatpak instead.	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	349cbfa263	feat(waydroid): add waydroid configuration	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	f3f390aae4	feat(qemu): add qemu configuration	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	73ed248c12	refactor(docker podman): better docker and podman configuration	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	24f42ee146	chore: update flakes	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	c0ad5ed316	style(home/tilo): better format file	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	ca4d08e799	feat(jujutsu): better jujutsu configuration	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	5affe511ce	feat(sunshine): customise apps available in Sunshine	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	975a92eaae	feat(networking): enable tailscale	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	28c430568d	chore: update flakes	2025-11-05 05:01:58 +01:00
Lucien Cartier-Tilet	3737a61fa5	feat(sound): add noisetorch when sound is enabled	2025-11-05 05:01:57 +01:00
Lucien Cartier-Tilet	0c8e2c702d	fix(marpa): fix location of dotfiles	2025-11-05 05:01:57 +01:00
Lucien Cartier-Tilet	2a12de6682	feat(secrets): update private SSH config	2025-11-05 05:01:57 +01:00
Lucien Cartier-Tilet	ca8496b606	feat(packages): remove Modrinth Tired of compiling it every time I update my laptop, I’ll install it with Flatpak instead.	2025-11-05 05:01:57 +01:00
Lucien Cartier-Tilet	ec5c8ff820	fix(gampo): correctly set dotfiles location	2025-11-05 05:01:57 +01:00
Lucien Cartier-Tilet	4f78af4181	feat(tilo): add jellyfin configuration	2025-11-05 05:01:52 +01:00
Lucien Cartier-Tilet	21a2587c13	feat(tilo): add calibre configuration	2025-11-05 05:01:13 +01:00
Lucien Cartier-Tilet	a786c3bd99	feat(tilo): add Plex configuration for Tilo	2025-11-05 05:01:11 +01:00
Lucien Cartier-Tilet	50ebd68e57	fix: correct values for host Tilo	2025-11-05 05:01:12 +01:00
Lucien Cartier-Tilet	4f3b94d5f3	docs: update README to reflect refactor	2025-11-05 05:01:11 +01:00
Lucien Cartier-Tilet	d200079cdb	chore: refactor user modules	2025-11-05 05:01:10 +01:00
Lucien Cartier-Tilet	af1a606c1a	chore: refactor system modules	2025-11-05 05:01:08 +01:00
Lucien Cartier-Tilet	d054442c28	feat(jujutsu): update my config with new aliases	2025-11-05 05:01:09 +01:00