kak: add scss formatter

amdgpu: add custom fan control
factorio: automate updating server
2024-11-07 13:01:19 -03:00 · 2024-11-03 15:43:53 -03:00 · 2024-10-31 19:59:35 -03:00 · 2024-10-31 01:40:45 -03:00 · 2024-10-31 01:40:13 -03:00 · 2024-10-30 20:51:43 -03:00
173 changed files with 4080 additions and 13844 deletions
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@ -1,46 +1,50 @@
 {
  description = "My system config";
  inputs = {
-    nixpkgs.url = "nixpkgs/nixos-23.11";
+    nixpkgs.url = "nixpkgs/nixos-24.05";
-    home-manager.url = "github:nix-community/home-manager/release-23.11";
+    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
    home-manager.url = "github:nix-community/home-manager/release-24.05";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
    vpsadminos.url = "github:vpsfreecz/vpsadminos";
    nix-index-database = {
      url = "github:Mic92/nix-index-database";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    hyprland = {
      url = "github:hyprwm/Hyprland";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    ranger-icons.url = "github:alexanderjeurissen/ranger_devicons";
    ranger-icons.flake = false;
    material-wifi-icons.url = "github:dcousens/material-wifi-icons";
    material-wifi-icons.flake = false;
    plymouth-themes.url = "github:adi1090x/plymouth-themes";
    plymouth-themes.flake = false;
    lipsum.url = "github:hannenz/lipsum";
    lipsum.flake = false;
    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.home-manager.follows = "home-manager";
    };
    nixos-mailserver = {
      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.nixpkgs-24_05.follows = "nixpkgs";
    };
    dzgui-nix = {
      url = "github:lelgenio/dzgui-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    tlauncher = {
-      url = "github:lelgenio/tlauncher-nix";
+      url = "git+https://git.lelgenio.xyz/lelgenio/tlauncher-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    disko.url = "github:nix-community/disko";
    disko.inputs.nixpkgs.follows = "nixpkgs";
    # my stuff
    dhist = {
      url = "github:lelgenio/dhist";
@ -50,59 +54,70 @@
      url = "github:lelgenio/demoji";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    maildir-notify-daemon = {
      url = "github:lelgenio/maildir-notify-daemon";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    wl-crosshair = {
      url = "github:lelgenio/wl-crosshair";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    nixpkgs-fixed-steam.url = "github:lelgenio/nixpkgs/test-steam-fix";
+    warthunder-leak-counter = {
-
+      url = "git+https://git.lelgenio.com/lelgenio/warthunder-leak-counter";
-    # gnome stuff
+      inputs.nixpkgs.follows = "nixpkgs";
    nixos-conf-editor.url = "github:vlinkz/nixos-conf-editor";
    nix-software-center.url = "github:vlinkz/nix-software-center";
    };
-  outputs = inputs:
+    made-you-look = {
      url = "git+https://git.lelgenio.com/lelgenio/made-you-look";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    catboy-spinner = {
      url = "git+https://git.lelgenio.com/lelgenio/catboy-spinner";
      flake = false;
    };
    tomater = {
      url = "git+https://git.lelgenio.com/lelgenio/tomater";
      flake = false;
    };
    youre-wrong = {
      url = "git+https://git.lelgenio.com/lelgenio/youre-wrong";
      flake = false;
    };
    hello-fonts = {
      url = "git+https://git.lelgenio.com/lelgenio/hello-fonts";
      flake = false;
    };
  };
  outputs =
    inputs:
    let
      nixpkgsConfig = {
        inherit system;
-        config = { allowUnfree = true; };
+        config = {
-        overlays = old_overlays.all;
+          allowUnfree = true;
        };
-
+        overlays = old_overlays.all;
      bootstrapPkgs = import inputs.nixpkgs nixpkgsConfig;
      nixpkgs = bootstrapPkgs.applyPatches {
        name = "patched-nixpkgs";
        src = inputs.nixpkgs;
        patches = lib.mapAttrsToList (k: v: ./patches/nixpkgs/${k})
          (builtins.readDir ./patches/nixpkgs);
      };
      inherit (import ./user/variables.nix) desktop;
      system = "x86_64-linux";
-      pkgs = import nixpkgs nixpkgsConfig;
+      pkgs = import inputs.nixpkgs nixpkgsConfig;
      lib = inputs.nixpkgs.lib;
      packages = import ./pkgs { inherit pkgs inputs; };
      old_overlays = (import ./overlays { inherit packages inputs; });
-      specialArgs = { inherit inputs; };
+      specialArgs = {
-      common_modules = [
+        inherit inputs;
      };
      common_modules =
        [
          { nixpkgs.pkgs = pkgs; }
          ./system/configuration.nix
          ./system/secrets.nix
        ./system/specialisation.nix
          ./system/greetd.nix
-        { login-manager.greetd.enable = desktop == "sway" || desktop == "hyprland"; }
+          { login-manager.greetd.enable = desktop == "sway"; }
          inputs.agenix.nixosModules.default
        inputs.hyprland.nixosModules.default
          inputs.dzgui-nix.nixosModules.default
        { programs.hyprland.enable = (desktop == "hyprland"); }
          inputs.home-manager.nixosModules.home-manager
          inputs.disko.nixosModules.disko
          {
            home-manager.useGlobalPkgs = true;
            home-manager.useUserPackages = true;
@ -110,34 +125,33 @@
            home-manager.backupFileExtension = "bkp";
            # Optionally, use home-manager.extraSpecialArgs to pass
            # arguments to home.nix
-          home-manager.extraSpecialArgs = { inherit inputs; };
+            home-manager.extraSpecialArgs = {
              inherit inputs;
            };
          }
        ]
        ++ lib.optional (desktop == "gnome") ./system/gnome.nix
        ++ lib.optional (desktop == "kde") ./system/kde.nix;
    in
    {
      checks."${system}" = {
        disko-format-i15 = pkgs.callPackage ./hosts/i15/partitions-test.nix { };
      };
      nixosConfigurations = {
        i15 = lib.nixosSystem {
          inherit system specialArgs;
-          modules = [ ./hosts/i15.nix ] ++ common_modules;
+          modules = [ ./hosts/i15 ] ++ common_modules;
        };
        monolith = lib.nixosSystem {
          inherit system specialArgs;
          modules = [
-            ./hosts/monolith.nix
+            ./hosts/monolith
            ./system/monolith-gitlab-runner.nix
            ./system/monolith-forgejo-runner.nix
            ./system/nix-serve.nix
            ./system/steam.nix
          ] ++ common_modules;
        };
        rainbow = lib.nixosSystem {
          inherit system specialArgs;
          modules = [
            ./hosts/rainbow.nix
            ./system/rainbow-gitlab-runner.nix
          ] ++ common_modules;
        };
        double-rainbow = lib.nixosSystem {
          inherit system specialArgs;
          modules = [
@ -147,15 +161,23 @@
        };
        pixie = lib.nixosSystem {
          inherit system specialArgs;
-          modules = [ ./hosts/pixie.nix ] ++ common_modules ++ [{
+          modules =
            [ ./hosts/pixie.nix ]
            ++ common_modules
            ++ [
              {
                packages.media-packages.enable = lib.mkOverride 0 false;
                programs.steam.enable = lib.mkOverride 0 false;
                services.flatpak.enable = lib.mkOverride 0 false;
-          }];
+              }
            ];
        };
-        ghost = lib.nixosSystem {
+        phantom = lib.nixosSystem {
          inherit system specialArgs;
-          modules = [ ./hosts/ghost ];
+          modules = [
            { nixpkgs.pkgs = pkgs; }
            ./hosts/phantom
          ];
        };
      };
@ -172,6 +194,6 @@
      packages.${system} = pkgs // packages;
-      formatter.${system} = pkgs.nixpkgs-fmt;
+      formatter.${system} = pkgs.nixfmt-rfc-style;
    };
 }
--- a/hosts/double-rainbow.nix
+++ b/hosts/double-rainbow.nix
@ -1,13 +1,32 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 let
-  btrfs_options = [ "compress=zstd:3" "noatime" "x-systemd.device-timeout=0" ];
+  btrfs_options = [
-  btrfs_ssd = [ "ssd" "discard=async" ];
+    "compress=zstd:3"
    "noatime"
    "x-systemd.device-timeout=0"
  ];
  btrfs_ssd = [
    "ssd"
    "discard=async"
  ];
 in
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-  boot.initrd.availableKernelModules =
+  boot.initrd.availableKernelModules = [
-    [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
+    "xhci_pci"
    "ahci"
    "nvme"
    "usb_storage"
    "usbhid"
    "sd_mod"
  ];
  boot.initrd.kernelModules = [ "i915" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
@ -18,15 +37,20 @@ in
    options = [ "subvol=@" ] ++ btrfs_options ++ btrfs_ssd;
  };
-  boot.initrd.luks.devices."luks-d6573cf8-25f0-4ffc-8046-ac3a4db1e964".device =
+  boot.initrd.luks.devices."luks-d6573cf8-25f0-4ffc-8046-ac3a4db1e964".device = "/dev/disk/by-uuid/d6573cf8-25f0-4ffc-8046-ac3a4db1e964";
    "/dev/disk/by-uuid/d6573cf8-25f0-4ffc-8046-ac3a4db1e964";
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/97EB-7DB5";
    fsType = "vfat";
  };
-  swapDevices = [ ];
+  swapDevices = [ { device = "/swapfile"; } ];
  services.udev.extraRules = ''
    # Force all disks to use mq-deadline scheduler
    # For some reason "noop" is used by default which is kinda bad when io is saturated
    ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ATTR{../queue/scheduler}="mq-deadline"
  '';
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
@ -37,8 +61,7 @@ in
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
-  hardware.cpu.intel.updateMicrocode =
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
    lib.mkDefault config.hardware.enableRedistributableFirmware;
  networking.hostName = "double-rainbow"; # Define your hostname.
 }
--- a/hosts/ghost/default.nix
+++ b/hosts/ghost/default.nix
@ -1,33 +0,0 @@
 { config, pkgs, inputs, ... }: {
  imports = [
    "${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix"
    inputs.agenix.nixosModules.default
    ../../system/nix.nix
    ./hardware-config.nix
    ./mastodon.nix
    ./nextcloud.nix
    ./nginx.nix
    ./syncthing.nix
    ./users.nix
    ./writefreely.nix
    ./renawiki.nix
  ];
  # Use more aggressive compression then the default.
  virtualisation.digitalOceanImage.compressionMethod = "bzip2";
  # Enable networking
  networking.networkmanager.enable = true;
  # Set your time zone.
  time.timeZone = "America/Sao_Paulo";
  # Select internationalisation properties.
  i18n.defaultLocale = "pt_BR.utf8";
  boot.kernel.sysctl."fs.inotify.max_user_watches" = 1048576;
  age = {
    identityPaths = [ "/root/.ssh/id_rsa" ];
  };
  system.stateVersion = "23.05"; # Never change this
 }
--- a/hosts/ghost/hardware-config.nix
+++ b/hosts/ghost/hardware-config.nix
@ -1,13 +0,0 @@
 { config, pkgs, inputs, ... }: {
  swapDevices = [{
    device = "/swap/swapfile";
    size = (1024 * 2); # 2 GB
  }];
  fileSystems."/var" = {
    device = "/dev/disk/by-uuid/b19e7272-8fd1-4999-93eb-abc6d5c0a1cc";
    fsType = "btrfs";
    options = [ "subvol=@var" ];
  };
 }
--- a/hosts/ghost/mastodon.nix
+++ b/hosts/ghost/mastodon.nix
@ -1,16 +0,0 @@
 { config, pkgs, inputs, ... }: {
  services.mastodon = {
    enable = true;
    localDomain = "social.lelgenio.xyz";
    configureNginx = true;
    smtp.fromAddress = "lelgenio@disroot.org";
    extraConfig.SINGLE_USER_MODE = "true";
    streamingProcesses = 2;
  };
  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
    forceSSL = true;
    enableACME = true;
  };
 }
--- a/hosts/ghost/nextcloud.nix
+++ b/hosts/ghost/nextcloud.nix
@ -1,22 +0,0 @@
 { config, pkgs, inputs, ... }: {
  services.nextcloud = {
    enable = true;
    package = pkgs.nextcloud27;
    hostName = "cloud.lelgenio.xyz";
    https = true;
    config = {
      adminpassFile = config.age.secrets.ghost-nextcloud.path;
    };
  };
  age = {
    secrets.ghost-nextcloud = {
      file = ../../secrets/ghost-nextcloud.age;
      mode = "400";
      owner = "nextcloud";
      group = "nextcloud";
    };
  };
 }
--- a/hosts/ghost/nginx.nix
+++ b/hosts/ghost/nginx.nix
@ -1,15 +0,0 @@
 { config, pkgs, inputs, ... }: {
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "lelgenio@disroot.org";
  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }
--- a/hosts/ghost/renawiki.nix
+++ b/hosts/ghost/renawiki.nix
@ -1,23 +0,0 @@
 { config, pkgs, inputs, ... }: {
  services.mediawiki = {
    enable = true;
    name = "Rena Wiki";
    webserver = "nginx";
    nginx.hostName = "renawiki.lelgenio.xyz";
    passwordFile = config.age.secrets.ghost-renawiki.path;
    extensions.VisualEditor = null;
  };
  services.nginx.virtualHosts."renawiki.lelgenio.xyz" = {
    enableACME = true;
    forceSSL = true;
  };
  age.secrets.ghost-renawiki = {
    file = ../../secrets/ghost-renawiki.age;
    mode = "400";
    owner = "mediawiki";
  };
 }
--- a/hosts/i15.nix
+++ b/hosts/i15.nix
@ -1,15 +1,30 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 let
-  btrfs_options = [ "compress=zstd:3" "noatime" "x-systemd.device-timeout=0" ];
+  btrfs_options = [
    "compress=zstd:3"
    "noatime"
    "x-systemd.device-timeout=0"
  ];
 in
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-  boot.initrd.availableKernelModules =
+  boot.initrd.availableKernelModules = [
-    [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
+    "xhci_pci"
    "ahci"
    "usb_storage"
    "sd_mod"
    "rtsx_usb_sdmmc"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
@ -45,10 +60,12 @@ in
    options = [ "subvol=@swap" ] ++ btrfs_options;
  };
-  swapDevices = [{
+  swapDevices = [
    {
      device = "/swap/swapfile";
      size = (1024 * 8) + (1024 * 2); # RAM size + 2 GB
-  }];
+    }
  ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
@ -59,7 +76,6 @@ in
  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
-  hardware.cpu.intel.updateMicrocode =
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
    lib.mkDefault config.hardware.enableRedistributableFirmware;
  networking.hostName = "i15"; # Define your hostname.
 }
--- a/hosts/i15/default.nix
+++ b/hosts/i15/default.nix
@ -0,0 +1,38 @@
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
  networking.hostName = "i15"; # Define your hostname.
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "ahci"
    "usb_storage"
    "sd_mod"
    "rtsx_usb_sdmmc"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  disko.devices = (import ./partitions.nix { disks = [ "/dev/sda" ]; });
  boot.loader.efi.efiSysMountPoint = "/boot/efi";
  swapDevices = [
    {
      device = "/swap/swapfile";
      size = (1024 * 8) + (1024 * 2); # RAM size + 2 GB
    }
  ];
  networking.useDHCP = lib.mkDefault true;
  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/i15/partitions-test.nix
+++ b/hosts/i15/partitions-test.nix
@ -0,0 +1,19 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 pkgs.makeDiskoTest {
  name = "test-disko-i15";
  disko-config = ./partitions.nix;
  enableOCR = true;
  bootCommands = ''
    machine.wait_for_text("[Pp]assphrase for")
    machine.send_chars("secretsecret\n")
  '';
  extraTestScript = ''
    machine.succeed("cryptsetup isLuks /dev/vda2");
    machine.succeed("mountpoint /home");
  '';
 }
--- a/hosts/i15/partitions.nix
+++ b/hosts/i15/partitions.nix
@ -0,0 +1,73 @@
 {
  disks ? [ "/dev/sda" ],
  ...
 }:
 let
  btrfs_options = [
    "compress=zstd:3"
    "noatime"
  ];
 in
 {
  disk.sda = {
    type = "disk";
    device = builtins.elemAt disks 0;
    content = {
      type = "table";
      format = "gpt";
      partitions = [
        {
          type = "partition";
          name = "NIX_BOOT";
          start = "1MiB";
          end = "300MiB";
          bootable = true;
          content = {
            type = "filesystem";
            extraArgs = [
              "-n"
              "BOOT_I15"
            ];
            format = "vfat";
            mountpoint = "/boot";
            # options = [ "defaults" ];
          };
        }
        {
          type = "partition";
          name = "CRYPT_I15";
          start = "300MiB";
          end = "100%";
          content = {
            type = "luks";
            name = "main";
            keyFile = "/tmp/secret.key";
            content = {
              type = "btrfs";
              extraArgs = [
                "--label"
                "ROOT_I15"
              ];
              subvolumes =
                let
                  mountOptions = btrfs_options;
                in
                {
                  "/home" = {
                    inherit mountOptions;
                  };
                  "/nixos" = {
                    inherit mountOptions;
                    mountpoint = "/";
                  };
                  "/swap" = {
                    inherit mountOptions;
                  };
                };
            };
          };
        }
      ];
    };
  };
 }
--- a/hosts/monolith.nix
+++ b/hosts/monolith.nix
@ -1,131 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 let
  btrfs_options = [ "compress=zstd:3" "noatime" "x-systemd.device-timeout=0" ];
  btrfs_ssd = [ "ssd" "discard=async" ];
 in
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot.initrd.availableKernelModules =
    [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
  boot.extraModulePackages = with config.boot.kernelPackages; [
    zenpower
  ];
  boot.initrd.kernelModules = [ "amdgpu" ];
  boot.kernelModules = [
    "kvm-amd"
    "amdgpu"
    "zenpower"
  ];
  boot.kernelParams = [
    "video=DP-1:1920x1080@144"
    # hibernation
    "resume=LABEL=BTRFS_ROOT" # findmnt -o LABEL --noheadings /swap/
    "resume_offset=36709632" # btrfs inspect-internal map-swapfile -r /swap/swapfile
  ];
  systemd.sleep.extraConfig = ''
    HibernateDelaySec=30s
    SuspendState=mem
  '';
  hardware.opengl.driSupport = true;
  # # For 32 bit applications
  hardware.opengl.driSupport32Bit = true;
  hardware.opengl.extraPackages = with pkgs; [
    libva
    libvdpau
    vaapiVdpau
  ];
  programs.corectrl.enable = true;
  virtualisation.virtualbox.host.enable = true;
  fileSystems."/" = {
    device = "/dev/disk/by-label/BTRFS_ROOT";
    fsType = "btrfs";
    options = [ "subvol=nixos" ] ++ btrfs_options ++ btrfs_ssd;
  };
  # boot.initrd.luks.reusePassphrases = true;
  boot.initrd.luks.devices = {
    "main" = {
      bypassWorkqueues = true;
      device = "/dev/disk/by-label/CRYPT_ROOT";
    };
    "data" = {
      bypassWorkqueues = true;
      device = "/dev/disk/by-label/CRYPT_DATA";
    };
    "bigboy" = {
      bypassWorkqueues = true;
      device = "/dev/disk/by-label/CRYPT_BIGBOY";
    };
  };
  boot.loader.efi.efiSysMountPoint = "/boot/efi";
  fileSystems."/boot/efi" = {
    device = "/dev/disk/by-label/NIXBOOT";
    fsType = "vfat";
  };
  fileSystems."/home" = {
    device = "/dev/disk/by-label/BTRFS_ROOT";
    fsType = "btrfs";
    options = [ "subvol=home" ] ++ btrfs_options ++ btrfs_ssd;
  };
  fileSystems."/home/lelgenio/Games" = {
    device = "/dev/disk/by-label/BTRFS_DATA";
    fsType = "btrfs";
    options = [ "subvol=@games" "nofail" ] ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/Downloads/Torrents" = {
    device = "/dev/disk/by-label/BTRFS_DATA";
    fsType = "btrfs";
    options = [ "subvol=@torrents" "nofail" ] ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/Música" = {
    device = "/dev/disk/by-label/BTRFS_DATA";
    fsType = "btrfs";
    options = [ "subvol=@music" "nofail" ] ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/.local/mount/data" = {
    device = "/dev/disk/by-label/BTRFS_DATA";
    fsType = "btrfs";
    options = [ "subvol=@data" "nofail" ] ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/.local/mount/bigboy" = {
    device = "/dev/disk/by-label/BTRFS_BIGBOY";
    fsType = "btrfs";
    options = [ "nofail" ] ++ btrfs_options ++ btrfs_ssd;
  };
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
  powerManagement.cpuFreqGovernor = "ondemand";
  hardware.cpu.amd.updateMicrocode =
    lib.mkDefault config.hardware.enableRedistributableFirmware;
  networking.hostName = "monolith"; # Define your hostname.
  # Fix broken suspend with Logitech USB dongle
  # `lsusb | grep Logitech` will return "vendor:product"
  services.udev.extraRules = ''
    ACTION=="add" SUBSYSTEM=="usb" ATTR{idVendor}=="046d" ATTR{idProduct}=="c547" ATTR{power/wakeup}="disabled"
  '';
  # swap
  fileSystems."/swap" = {
    device = "/dev/disk/by-label/BTRFS_ROOT";
    fsType = "btrfs";
    # Note these options effect the entire BTRFS filesystem and not just this volume,
    # with the exception of `"subvol=swap"`, the other options are repeated in my other `fileSystem` mounts
    options = [ "subvol=swap" ] ++ btrfs_options ++ btrfs_ssd;
  };
  swapDevices = [{
    device = "/swap/swapfile";
    size = (1024 * 16) + (1024 * 2); # RAM size + 2 GB
  }];
 }
--- a/hosts/monolith/amdgpu.nix
+++ b/hosts/monolith/amdgpu.nix
@ -0,0 +1,44 @@
 { pkgs, lib, ... }:
 let
  undervoltGpu = pkgs.writeShellScript "undervolt-gpu" ''
    set -xe
    cd $1
    echo "manual" > power_dpm_force_performance_level
    echo "1" > pp_power_profile_mode
    test -e pp_od_clk_voltage
    echo "vo -120" > pp_od_clk_voltage
    echo "c" > pp_od_clk_voltage
  '';
 in
 {
  boot.initrd.kernelModules = [ "amdgpu" ];
  boot.kernelParams = [
    "amdgpu.dcdebugmask=0x10" # amdgpu undervolting bug
    "video=DP-1:1920x1080@144"
    "amdgpu.ppfeaturemask=0xfffd7fff" # enable undervolting
  ];
  systemd.services.amd-fan-control = {
    script = ''
      ${lib.getExe pkgs.amd-fan-control} /sys/class/drm/card1/device 60 85
    '';
    wantedBy = [ "multi-user.target" ];
  };
  hardware.opengl.driSupport = true;
  # # For 32 bit applications
  hardware.opengl.driSupport32Bit = true;
  hardware.opengl.extraPackages = with pkgs; [
    libva
    libvdpau
    vaapiVdpau
    rocm-opencl-icd
    rocm-opencl-runtime
    rocmPackages.rocm-smi
  ];
  services.udev.extraRules = ''
    ACTION=="add", SUBSYSTEM=="hwmon", ATTR{name}=="amdgpu", ATTR{power1_cap}="186000000", RUN+="${undervoltGpu} %S%p/device"
  '';
 }
--- a/hosts/monolith/default.nix
+++ b/hosts/monolith/default.nix
@ -0,0 +1,164 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 let
  btrfs_options = [
    "compress=zstd:3"
    "noatime"
    "x-systemd.device-timeout=0"
  ];
  btrfs_ssd = [
    "ssd"
    "discard=async"
  ];
 in
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    ./partition.nix
    ./amdgpu.nix
    ./factorio-server.nix
  ];
  boot.initrd.availableKernelModules = [
    "nvme"
    "xhci_pci"
    "ahci"
    "usb_storage"
    "usbhid"
    "sd_mod"
  ];
  hardware.opentabletdriver.enable = true;
  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.extraModulePackages = with config.boot.kernelPackages; [ zenpower ];
  boot.initrd.kernelModules = [ "amdgpu" ];
  boot.kernelModules = [
    "kvm-amd"
    "amdgpu"
    "zenpower"
  ];
  systemd.sleep.extraConfig = ''
    HibernateDelaySec=30s
    SuspendState=mem
  '';
  fileSystems."/mnt/old" = {
    device = "/dev/disk/by-label/BTRFS_ROOT";
    fsType = "btrfs";
    options = [ "nofail" ] ++ btrfs_options ++ btrfs_ssd;
  };
  # boot.initrd.luks.reusePassphrases = true;
  boot.initrd.luks.devices = {
    "old" = {
      bypassWorkqueues = true;
      device = "/dev/disk/by-label/CRYPT_ROOT";
    };
    "data" = {
      bypassWorkqueues = true;
      device = "/dev/disk/by-label/CRYPT_DATA";
    };
    # "bigboy" = {
    #   bypassWorkqueues = true;
    #   device = "/dev/disk/by-label/CRYPT_BIGBOY";
    # };
  };
  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
  # fileSystems."/boot/efi" = {
  #   device = "/dev/disk/by-label/NIXBOOT";
  #   fsType = "vfat";
  # };
  # fileSystems."/home" = {
  #   device = "/dev/disk/by-label/BTRFS_ROOT";
  #   fsType = "btrfs";
  #   options = [ "subvol=home" ] ++ btrfs_options ++ btrfs_ssd;
  # };
  fileSystems."/home/lelgenio/Games" = {
    device = "/dev/disk/by-label/BTRFS_DATA";
    fsType = "btrfs";
    options = [
      "subvol=@games"
      "nofail"
    ] ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/Downloads/Torrents" = {
    device = "/dev/disk/by-label/BTRFS_DATA";
    fsType = "btrfs";
    options = [
      "subvol=@torrents"
      "nofail"
    ] ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/Música" = {
    device = "/dev/disk/by-label/BTRFS_DATA";
    fsType = "btrfs";
    options = [
      "subvol=@music"
      "nofail"
    ] ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/.local/mount/data" = {
    device = "/dev/disk/by-label/BTRFS_DATA";
    fsType = "btrfs";
    options = [
      "subvol=@data"
      "nofail"
    ] ++ btrfs_options;
  };
  fileSystems."/home/lelgenio/.local/mount/old" = {
    device = "/dev/disk/by-label/BTRFS_ROOT";
    fsType = "btrfs";
    options = [ "nofail" ] ++ btrfs_options ++ btrfs_ssd;
  };
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
  powerManagement.cpuFreqGovernor = "ondemand";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  networking.hostName = "monolith"; # Define your hostname.
  virtualisation.virtualbox.host.enable = true;
  services.udev.extraRules = ''
    # Fix broken suspend with Logitech USB dongle
    # `lsusb | grep Logitech` will return "vendor:product"
    ACTION=="add" SUBSYSTEM=="usb" ATTR{idVendor}=="046d" ATTR{idProduct}=="c547" ATTR{power/wakeup}="disabled"
    # Force all disks to use mq-deadline scheduler
    # For some reason "noop" is used by default which is kinda bad when io is saturated
    ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ATTR{../queue/scheduler}="mq-deadline"
  '';
  boot.tmp = {
    cleanOnBoot = true;
    useTmpfs = true;
  };
  # swap
  # fileSystems."/swap" = {
  #   device = "/dev/disk/by-label/BTRFS_ROOT";
  #   fsType = "btrfs";
  #   # Note these options effect the entire BTRFS filesystem and not just this volume,
  #   # with the exception of `"subvol=swap"`, the other options are repeated in my other `fileSystem` mounts
  #   options = [ "subvol=swap" ] ++ btrfs_options ++ btrfs_ssd;
  # };
  # swapDevices = [
  #   {
  #     device = "/swap/swapfile";
  #     size = (1024 * 16) + (1024 * 2); # RAM size + 2 GB
  #   }
  # ];
 }
--- a/hosts/monolith/factorio-server.nix
+++ b/hosts/monolith/factorio-server.nix
@ -0,0 +1,17 @@
 { config, pkgs, ... }:
 {
  services.factorio = {
    enable = true;
    package = pkgs.factorio-headless; # I override this in ./pkgs
    public = true;
    lan = true;
    openFirewall = true;
    admins = [ "lelgenio" ];
    extraSettingsFile = config.age.secrets.factorio-settings.path;
  };
  age.secrets.factorio-settings = {
    file = ../../secrets/factorio-settings.age;
    mode = "777";
  };
 }
--- a/hosts/monolith/partition.nix
+++ b/hosts/monolith/partition.nix
@ -0,0 +1,68 @@
 let
  btrfs_options = [
    "compress=zstd:3"
    "noatime"
    "x-systemd.device-timeout=0"
  ];
  btrfs_ssd = btrfs_options ++ [
    "ssd"
    "discard=async"
  ];
 in
 {
  disko.devices = {
    disk = {
      bigboy_disk = {
        type = "disk";
        device = "/dev/nvme0n1";
        content = {
          type = "gpt";
          partitions = {
            ESP = {
              size = "2G";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
                mountOptions = [ "defaults" ];
              };
            };
            luks = {
              size = "100%";
              content = {
                type = "luks";
                name = "bigboy";
                # disable settings.keyFile if you want to use interactive password entry
                passwordFile = "/tmp/secret.key"; # Interactive
                # settings = {
                #   allowDiscards = true;
                #   keyFile = "/tmp/secret.key";
                # };
                # additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
                content = {
                  type = "btrfs";
                  extraArgs = [ "-f" ];
                  subvolumes = {
                    "/@nixos" = {
                      mountpoint = "/";
                      mountOptions = btrfs_ssd;
                    };
                    "/@home" = {
                      mountpoint = "/home";
                      mountOptions = btrfs_ssd;
                    };
                    "/@swap" = {
                      mountpoint = "/.swapvol";
                      swap.swapfile.size = "32G";
                    };
                  };
                };
              };
            };
          };
        };
      };
    };
  };
 }
--- a/hosts/phantom/davi.nix
+++ b/hosts/phantom/davi.nix
@ -0,0 +1,26 @@
 { pkgs, ... }:
 {
  users.users.davikiwi = {
    isNormalUser = true;
    description = "Davi";
    hashedPassword = "$y$j9T$0e/rczjOVCy7PuwC3pG0V/$gTHZhfO4wQSlFvbDyfghbCnGI2uDI0a52zSrQ/yOA5A";
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGgZDBnj+gVMHqoNvjpx2T/HqnxUDbLPshu+t7301gXd Davi@DESKTOP-EVHFGJ9"
    ];
    extraGroups = [ "docker" ];
    packages = with pkgs; [
      (pkgs.python3.withPackages (python-pkgs: [
        python-pkgs.pip
        python-pkgs.wheel
      ]))
    ];
  };
  services.nginx.virtualHosts."davikiwi.lelgenio.com" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://127.0.0.1:24618";
    };
  };
 }
--- a/hosts/phantom/default.nix
+++ b/hosts/phantom/default.nix
@ -0,0 +1,92 @@
 {
  config,
  pkgs,
  inputs,
  ...
 }:
 {
  imports = [
    inputs.vpsadminos.nixosConfigurations.container
    inputs.agenix.nixosModules.default
    ../../system/nix.nix
    ./hardware-config.nix
    ./mastodon.nix
    ./nextcloud.nix
    ./nginx.nix
    ./syncthing.nix
    ./users.nix
    ./writefreely.nix
    ./email.nix
    ./forgejo.nix
    ./invidious.nix
    ./davi.nix
    ./goofs.nix
  ];
  networking.hostName = "phantom";
  services.nginx.virtualHosts."lelgenio.com" = {
    enableACME = true;
    forceSSL = true;
    root = pkgs.runCommand "www-dir" { } ''
      mkdir -p $out
      cat > $out/index.html <<EOF
        <!DOCTYPE html>
        <html lang="en">
        <body>
          <h1>
              Nothing to see here!
          <h1>
        </body>
        </html>
      EOF
    '';
  };
  # # Enable networking
  # networking.networkmanager.enable = true;
  # Set your time zone.
  time.timeZone = "America/Sao_Paulo";
  # Select internationalisation properties.
  i18n.defaultLocale = "pt_BR.utf8";
  boot.kernel.sysctl."fs.inotify.max_user_watches" = 1048576;
  age = {
    identityPaths = [ "/root/.ssh/id_rsa" ];
  };
  virtualisation.docker = {
    enable = true;
    daemon.settings = {
      # needed by bitbucket runner ???
      log-driver = "json-file";
      log-opts = {
        max-size = "10m";
        max-file = "3";
      };
    };
  };
  nix.settings = {
    cores = 1;
    max-jobs = 1;
  };
  system.autoUpgrade = {
    enable = true;
    dates = "04:40";
    operation = "switch";
    flags = [
      "--update-input"
      "nixpkgs"
      "--no-write-lock-file"
      "--print-build-logs"
    ];
    flake = "git+https://git.lelgenio.com/lelgenio/nixos-config#phantom";
  };
  networking.firewall.allowedTCPPorts = [ 8745 ];
  system.stateVersion = "23.05"; # Never change this
 }
--- a/hosts/phantom/email.nix
+++ b/hosts/phantom/email.nix
@ -0,0 +1,58 @@
 {
  pkgs,
  inputs,
  config,
  ...
 }:
 {
  imports = [ inputs.nixos-mailserver.nixosModules.mailserver ];
  mailserver = {
    enable = true;
    fqdn = "lelgenio.com";
    domains = [
      "lelgenio.xyz"
      "git.lelgenio.xyz"
      "lelgenio.com"
      "git.lelgenio.com"
      "social.lelgenio.com"
    ];
    certificateScheme = "acme-nginx";
    # Create passwords with
    # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
    loginAccounts = {
      "lelgenio@lelgenio.com" = {
        hashedPassword = "$2y$05$z5s7QCXcs5uTFsfyYpwNJeWzb3RmzgWxNgcPCr0zjSytkLFF/qZmS";
        aliases = [
          "postmaster@lelgenio.com"
          "lelgenio@lelgenio.xyz"
          "lelgenio@lelgenio.xyz"
        ];
      };
      "noreply@git.lelgenio.com" = {
        hashedPassword = "$2b$05$TmR1R7ZwXfec7yrOfeBL7u3ZtyXf0up5dEO6uMWSvb/O7LPEm.j0.";
      };
      "noreply@social.lelgenio.com" = {
        hashedPassword = "$2b$05$DcA9xMdvHqqQMZw2.zybI.vfKsQAJtaQ/JB.t9AHu6psstWq97m2C";
      };
    };
  };
  # Prefer ipv4 and use main ipv6 to avoid reverse DNS issues
  services.postfix.extraConfig = ''
    smtp_address_preference = ipv4
  '';
  # Webmail
  services.roundcube = {
    enable = true;
    package = pkgs.roundcube.withPlugins (p: [ p.carddav ]);
    hostName = "mail.lelgenio.com";
    extraConfig = ''
      $config['smtp_host'] = "tls://${config.mailserver.fqdn}:587";
      $config['smtp_user'] = "%u";
      $config['smtp_pass'] = "%p";
      $config['plugins'] = [ "carddav", "archive" ];
    '';
  };
 }
--- a/hosts/phantom/forgejo.nix
+++ b/hosts/phantom/forgejo.nix
@ -0,0 +1,53 @@
 {
  lib,
  pkgs,
  config,
  ...
 }:
 let
  cfg = config.services.forgejo;
  srv = cfg.settings.server;
 in
 {
  services.nginx = {
    virtualHosts.${cfg.settings.server.DOMAIN} = {
      forceSSL = true;
      enableACME = true;
      locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
    };
  };
  services.forgejo = {
    enable = true;
    database.type = "postgres";
    lfs.enable = true;
    settings = {
      service.DISABLE_REGISTRATION = true;
      actions = {
        ENABLED = true;
        DEFAULT_ACTIONS_URL = "github";
      };
      repository = {
        ENABLE_PUSH_CREATE_USER = true;
      };
      server = {
        DOMAIN = "git.lelgenio.com";
        HTTP_PORT = 3000;
        ROOT_URL = "https://${srv.DOMAIN}/";
      };
      mailer = {
        ENABLED = true;
        SMTP_ADDR = "lelgenio.com";
        FROM = "noreply@git.lelgenio.com";
        USER = "noreply@git.lelgenio.com";
      };
    };
    mailerPasswordFile = config.age.secrets.phantom-forgejo-mailer-password.path;
  };
  age.secrets.phantom-forgejo-mailer-password = {
    file = ../../secrets/phantom-forgejo-mailer-password.age;
    mode = "400";
    owner = "forgejo";
  };
 }
--- a/hosts/phantom/goofs.nix
+++ b/hosts/phantom/goofs.nix
@ -0,0 +1,46 @@
 { inputs, config, ... }:
 {
  imports = [
    inputs.warthunder-leak-counter.nixosModules.default
    inputs.made-you-look.nixosModules.default
  ];
  services.warthunder-leak-counter.enable = true;
  services.nginx.virtualHosts."warthunder-leak-counter.lelgenio.com" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://127.0.0.1:${toString config.services.warthunder-leak-counter.port}";
    };
  };
  services.made-you-look.enable = true;
  services.nginx.virtualHosts."coolest-thing-ever.lelgenio.com" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://127.0.0.1:${toString config.services.made-you-look.port}";
    };
  };
  services.nginx.virtualHosts."catboy-spinner.lelgenio.com" = {
    enableACME = true;
    forceSSL = true;
    root = inputs.catboy-spinner;
  };
  services.nginx.virtualHosts."tomater.lelgenio.com" = {
    enableACME = true;
    forceSSL = true;
    root = inputs.tomater;
  };
  services.nginx.virtualHosts."youre-wrong.lelgenio.com" = {
    enableACME = true;
    forceSSL = true;
    root = inputs.youre-wrong;
  };
  services.nginx.virtualHosts."hello-fonts.lelgenio.com" = {
    enableACME = true;
    forceSSL = true;
    root = inputs.hello-fonts;
  };
 }
--- a/hosts/phantom/hardware-config.nix
+++ b/hosts/phantom/hardware-config.nix
@ -0,0 +1,20 @@
 {
  config,
  pkgs,
  inputs,
  ...
 }:
 {
  fileSystems."/var/lib/syncthing-data" = {
    device = "172.16.130.7:/nas/5749/syncthinng_data";
    fsType = "nfs";
    options = [ "nofail" ];
  };
  swapDevices = [
    {
      device = "/swap/swapfile";
      size = (1024 * 2); # 2 GB
    }
  ];
 }
--- a/hosts/phantom/invidious.nix
+++ b/hosts/phantom/invidious.nix
@ -0,0 +1,40 @@
 {
  inputs,
  pkgs,
  config,
  ...
 }:
 {
  # Replace with unstable, since 24.05 does not have sig-helper
  disabledModules = [ "services/web-apps/invidious.nix" ];
  imports = [ (inputs.nixpkgs-unstable + "/nixos/modules/services/web-apps/invidious.nix") ];
  services.invidious = {
    enable = true;
    domain = "invidious.lelgenio.com";
    nginx.enable = true;
    port = 10601;
    http3-ytproxy.enable = true;
    sig-helper = {
      enable = true;
      package = pkgs.unstable.inv-sig-helper;
    };
    # {
    #     "visitor_data": "...",
    #     "po_token": "..."
    # }
    extraSettingsFile = config.age.secrets.phantom-invidious-settings.path;
    settings = {
      force_resolve = "ipv6";
      db = {
        user = "invidious";
        dbname = "invidious";
      };
    };
  };
  age.secrets.phantom-invidious-settings = {
    file = ../../secrets/phantom-invidious-settings.age;
    mode = "666";
  };
 }
--- a/hosts/phantom/mastodon.nix
+++ b/hosts/phantom/mastodon.nix
@ -0,0 +1,29 @@
 {
  config,
  pkgs,
  inputs,
  ...
 }:
 {
  services.mastodon = {
    enable = true;
    configureNginx = true;
    localDomain = "social.lelgenio.com";
    smtp = {
      authenticate = true;
      host = "lelgenio.com";
      fromAddress = "noreply@social.lelgenio.com";
      user = "noreply@social.lelgenio.com";
      passwordFile = config.age.secrets.phantom-mastodon-mailer-password.path;
    };
    streamingProcesses = 2;
    extraConfig.SINGLE_USER_MODE = "true";
    mediaAutoRemove.olderThanDays = 5;
  };
  age.secrets.phantom-mastodon-mailer-password = {
    file = ../../secrets/phantom-mastodon-mailer-password.age;
    mode = "400";
    owner = "mastodon";
  };
 }
--- a/hosts/phantom/nextcloud.nix
+++ b/hosts/phantom/nextcloud.nix
@ -0,0 +1,31 @@
 {
  config,
  pkgs,
  inputs,
  ...
 }:
 {
  services.nextcloud = {
    enable = true;
    package = pkgs.nextcloud29;
    hostName = "cloud.lelgenio.com";
    https = true;
    config = {
      adminpassFile = config.age.secrets.phantom-nextcloud.path;
    };
  };
  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
    forceSSL = true;
    enableACME = true;
  };
  age = {
    secrets.phantom-nextcloud = {
      file = ../../secrets/phantom-nextcloud.age;
      mode = "400";
      owner = "nextcloud";
      group = "nextcloud";
    };
  };
 }
--- a/hosts/phantom/nginx.nix
+++ b/hosts/phantom/nginx.nix
@ -0,0 +1,47 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    clientMaxBodySize = "512M";
  };
  # Redirect *lelgenio.xyz -> *lelgenio.com
  services.nginx.virtualHosts =
    lib.mapAttrs' (key: value: lib.nameValuePair "${key}lelgenio.xyz" value)
      (
        lib.genAttrs
          [
            ""
            "social."
            "blog."
            "cloud."
            "mail."
            "git."
            "syncthing."
          ]
          (name: {
            enableACME = true;
            forceSSL = true;
            locations."/".return = "301 $scheme://${name}lelgenio.com$request_uri";
          })
      );
  security.acme = {
    acceptTerms = true;
    defaults.email = "lelgenio@disroot.org";
  };
  networking.firewall.allowedTCPPorts = [
    80
    443
  ];
 }
--- a/hosts/phantom/syncthing.nix
+++ b/hosts/phantom/syncthing.nix
@ -1,4 +1,10 @@
-{ config, pkgs, inputs, ... }: {
+{
  config,
  pkgs,
  inputs,
  ...
 }:
 {
  services.syncthing = {
    enable = true;
@ -7,18 +13,17 @@
    openDefaultPorts = true;
  };
-  services.nginx.virtualHosts."syncthing.lelgenio.xyz" = {
+  services.nginx.virtualHosts."syncthing.lelgenio.com" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://127.0.0.1:8384";
      extraConfig =
        # required when the target is also TLS server with multiple hosts
-        "proxy_ssl_server_name on;" +
+        "proxy_ssl_server_name on;"
        +
          # required when the server wants to use HTTP Authentication
-        "proxy_pass_header Authorization;"
+          "proxy_pass_header Authorization;";
      ;
    };
  };
 }
--- a/hosts/phantom/users.nix
+++ b/hosts/phantom/users.nix
@ -1,8 +1,12 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
 {
  security.rtkit.enable = true;
  services.openssh = {
    enable = true;
-    ports = [ 9022 ];
+    ports = [
      9022
      22
    ];
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
@ -15,7 +19,15 @@
    isNormalUser = true;
    description = "Leonardo Eugênio";
    hashedPassword = "$y$j9T$0e/rczjOVCy7PuwC3pG0V/$gTHZhfO4wQSlFvbDyfghbCnGI2uDI0a52zSrQ/yOA5A";
-    extraGroups = [ "networkmanager" "wheel" "docker" "adbusers" "bluetooth" "corectrl" "vboxusers" ];
+    extraGroups = [
      "networkmanager"
      "wheel"
      "docker"
      "adbusers"
      "bluetooth"
      "corectrl"
      "vboxusers"
    ];
    shell = pkgs.fish;
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15"
@ -28,11 +40,10 @@
    ];
    initialHashedPassword = "$y$j9T$E3aBBSSq0Gma8hZD9L7ov0$iCGDW4fqrXWfHO0qodBYYgMFA9CpIraoklHcPbJJrM3";
  };
  security.sudo.wheelNeedsPassword = false;
  programs.fish.enable = true;
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages = with pkgs; [ git ];
    git
  ];
 }
--- a/hosts/phantom/writefreely.nix
+++ b/hosts/phantom/writefreely.nix
@ -1,12 +1,18 @@
-{ config, pkgs, inputs, ... }: {
+{
  config,
  pkgs,
  inputs,
  ...
 }:
 {
  services.writefreely = {
    enable = true;
    acme.enable = true;
    nginx.enable = true;
    nginx.forceSSL = true;
-    host = "blog.lelgenio.xyz";
+    host = "blog.lelgenio.com";
    admin.name = "lelgenio";
-    admin.initialPasswordFile = config.age.secrets.ghost-writefreely.path;
+    admin.initialPasswordFile = config.age.secrets.phantom-writefreely.path;
    settings.app = {
      site_name = "Leo's blog";
      single_user = true;
@ -14,12 +20,11 @@
  };
  age = {
-    secrets.ghost-writefreely = {
+    secrets.phantom-writefreely = {
-      file = ../../secrets/ghost-writefreely.age;
+      file = ../../secrets/phantom-writefreely.age;
      mode = "400";
      owner = "writefreely";
      group = "writefreely";
    };
  };
 }
--- a/hosts/pixie/default.nix
+++ b/hosts/pixie/default.nix
@ -1,13 +1,25 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-  boot.initrd.availableKernelModules =
+  boot.initrd.availableKernelModules = [
-    [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+    "nvme"
    "xhci_pci"
    "ahci"
    "usb_storage"
    "usbhid"
    "sd_mod"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
@ -18,8 +30,7 @@
    options = [ "subvol=nixos" ];
  };
-  boot.initrd.luks.devices."pixie".device =
+  boot.initrd.luks.devices."pixie".device = "/dev/disk/by-uuid/f4ae5858-d2d6-4cd1-a054-bf5147a9a928";
    "/dev/disk/by-uuid/f4ae5858-d2d6-4cd1-a054-bf5147a9a928";
  fileSystems."/home" = {
    device = "/dev/mapper/pixie";
@ -46,8 +57,7 @@
  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
  # networking.interfaces.veth74f3ffc.useDHCP = lib.mkDefault true;
-  hardware.cpu.amd.updateMicrocode =
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
    lib.mkDefault config.hardware.enableRedistributableFirmware;
  networking.hostName = "pixie"; # Define your hostname.
 }
--- a/hosts/rainbow.nix
+++ b/hosts/rainbow.nix
@ -1,66 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 let
  btrfs_options = [ "compress=zstd:3" "noatime" "x-systemd.device-timeout=0" ];
  btrfs_ssd = [ "ssd" "discard=async" ];
 in
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot.initrd.availableKernelModules =
    [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ "i915" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" = {
    device = "/dev/disk/by-label/BTRFS_ROOT";
    fsType = "btrfs";
    options = [ "subvol=@nixos" ] ++ btrfs_options ++ btrfs_ssd;
  };
  boot.initrd.luks.devices = {
    "main" = {
      bypassWorkqueues = true;
      device = "/dev/disk/by-label/CRYPT_ROOT";
    };
  };
  fileSystems."/home" = {
    device = "/dev/disk/by-label/BTRFS_ROOT";
    fsType = "btrfs";
    options = [ "subvol=@home" ] ++ btrfs_options ++ btrfs_ssd;
  };
  boot.loader.efi.efiSysMountPoint = "/boot/efi";
  fileSystems."/boot/efi" = {
    device = "/dev/disk/by-uuid/DC3B-5753";
    fsType = "vfat";
  };
  fileSystems."/swap" = {
    device = "/dev/disk/by-label/BTRFS_ROOT";
    fsType = "btrfs";
    options = [ "subvol=@swap" ] ++ btrfs_ssd;
  };
  swapDevices = [{
    device = "/swap/swapfile";
    size = (1024 * 8);
  }];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
  hardware.cpu.intel.updateMicrocode =
    lib.mkDefault config.hardware.enableRedistributableFirmware;
  networking.hostName = "rainbow"; # Define your hostname.
 }
--- a/install/i15.sh
+++ b/install/i15.sh
@ -1,63 +0,0 @@
 #!/bin/sh
 set -xe
 settle() {
    udevadm trigger --subsystem-match=block
    udevadm settle
 }
 lsblk
 echo 'Enter the name of the device to WIPE and install (something like "sda"):'
 read DRIVE_ID
 echo 'Enter a passphrase to encrypt the disk:'
 read -s DRIVE_PASSPHRASE
 echo "Creating partition table..."
 parted -s "/dev/${DRIVE_ID}" -- mklabel gpt
 echo "Creating EFI system partition..."
 parted -s "/dev/${DRIVE_ID}" -- mkpart ESP 1MiB 1GiB
 parted -s "/dev/${DRIVE_ID}" -- set 1 boot on
 mkfs.fat -F32 "/dev/${DRIVE_ID}1" -n NIX_BOOT
 echo "Creating encrypted root partition..."
 parted -s "/dev/${DRIVE_ID}" -- mkpart luks 1GiB 100%
 echo "$DRIVE_PASSPHRASE" | cryptsetup --batch-mode luksFormat --label CRYPT_ROOT "/dev/${DRIVE_ID}2"
 settle
 echo "$DRIVE_PASSPHRASE" | cryptsetup luksOpen /dev/disk/by-label/CRYPT_ROOT "crypt_root"
 echo "Creating btrfs partition..."
 mkfs.btrfs --quiet --label NIX_ROOT /dev/mapper/"crypt_root"
 MNTPOINT=$(mktemp -d)
 mount /dev/mapper/"crypt_root" "$MNTPOINT"
 echo "Creating subvolumes..."
 btrfs subvolume create "$MNTPOINT"/@nixos
 btrfs subvolume create "$MNTPOINT"/@home
 btrfs subvolume create "$MNTPOINT"/@swap
 echo "Closing btrfs partition..."
 umount -Rl "$MNTPOINT"
 rm -rf "$MNTPOINT"
 echo "Mounting root btrfs submodule to '$MNTPOINT' ..."
 MNTPOINT=$(mktemp -d)
 mount /dev/disk/by-label/NIX_ROOT "$MNTPOINT" -o subvol=@nixos,noatime,compress=zstd
 echo "Creating and mounting EFI system partition mountpoint..."
 mkdir -p "$MNTPOINT/boot"
 mount /dev/disk/by-label/NIX_BOOT "$MNTPOINT/boot"
 echo "Creating home partition mountpoint..."
 mkdir -p "$MNTPOINT/home"
 mount /dev/disk/by-label/NIX_ROOT "$MNTPOINT/home" -o subvol=@home,noatime,compress=zstd
 echo "Swapfile"
 mkdir -p "$MNTPOINT/swap"
 mount /dev/disk/by-label/NIX_ROOT "$MNTPOINT/swap" -o subvol=@swap,noatime
 # echo "Installing system..."
 nixos-generate-config --root "$MNTPOINT"
 # nixos-install --root "$MNTPOINT"
--- a/overlays/default.nix
+++ b/overlays/default.nix
@ -1,64 +1,69 @@
-{ inputs, packages, ... }: rec {
+{ inputs, packages, ... }:
 rec {
  all = [
    scripts
-    sway
+    unstable
    themes
    new-packages
    patches
    variables
    lib_extended
    disko
  ];
  scripts = (import ../scripts);
-  sway = (import ./sway.nix);
+  unstable = final: prev: {
-
+    unstable = import inputs.nixpkgs-unstable { inherit (final) system config; };
  themes = (final: prev: {
    material-wifi-icons = final.stdenv.mkDerivation rec {
      name = "material-wifi-icons";
      src = inputs.material-wifi-icons;
      installPhase = ''
        install -D material-wifi.ttf $out/share/fonts/${name}
      '';
  };
    papirus_red = (final.papirus-icon-theme.override { color = "red"; });
    orchis_theme_compact = (final.orchis-theme.override {
      border-radius = 0;
      tweaks = [ "compact" "solid" ];
    });
    nerdfonts_fira_hack = (final.nerdfonts.override { fonts = [ "FiraCode" "Hack" ]; });
  });
-  new-packages = (final: prev: packages // {
+  themes = (
    final: prev: {
      papirus_red = (final.papirus-icon-theme.override { color = "red"; });
      orchis_theme_compact = (
        final.orchis-theme.override {
          border-radius = 0;
          tweaks = [
            "compact"
            "solid"
          ];
        }
      );
      nerdfonts_fira_hack = (
        final.nerdfonts.override {
          fonts = [
            "FiraCode"
            "Hack"
          ];
        }
      );
    }
  );
  new-packages = (
    final: prev:
    packages
    // {
      dhist = inputs.dhist.packages.${prev.system}.dhist;
      demoji = inputs.demoji.packages.${prev.system}.default;
      tlauncher = inputs.tlauncher.packages.${prev.system}.tlauncher;
    maildir-notify-daemon = inputs.maildir-notify-daemon.packages.${prev.system}.default;
      wl-crosshair = inputs.wl-crosshair.packages.${prev.system}.default;
    }
  );
-    webcord = (prev.webcord.overrideAttrs (old: {
+  patches = (
-      patches = (old.patches or [ ]) ++ [ ../patches/webcord/fix-reading-config.patch ];
+    final: prev: {
-    }));
+      mySway = prev.sway.override {
-  });
+        withBaseWrapper = true;
-
+        withGtkWrapper = true;
  patches = (final: prev: {
    bemenu = prev.bemenu.overrideAttrs (o: {
      postPatch = ''
        substituteInPlace lib/renderers/wayland/window.c \
          --replace ZWLR_LAYER_SHELL_V1_LAYER_TOP ZWLR_LAYER_SHELL_V1_LAYER_OVERLAY
      '';
    });
        sway-unwrapped = prev.sway-unwrapped.overrideAttrs (old: {
-      patches = old.patches
+          patches = old.patches ++ [ ../patches/sway/fix-hide_cursor-clearing-focus.patch ];
        ++ [ ../patches/sway/fix-hide_cursor-clearing-focus.patch ];
    });
        });
      };
    }
  );
-  variables = (final: prev: {
+  lib_extended = (
-    uservars = import ../user/variables.nix;
+    final: prev: {
  });
  lib_extended = (final: prev: {
      lib = prev.lib // rec {
        # Utility function
        # Input: [{v1=1;} {v2=2;}]
@ -70,5 +75,15 @@
        # Output: {v1=1;v2=2;}
        forEachMerge = list: func: mergeAttrsSet (prev.lib.forEach list func);
      };
-  });
+    }
  );
  disko = final: prev: {
    makeDiskoTest =
      let
        makeTest = import (prev.path + "/nixos/tests/make-test-python.nix");
        eval-config = import (prev.path + "/nixos/lib/eval-config.nix");
      in
      (prev.callPackage "${inputs.disko}/tests/lib.nix" { inherit makeTest eval-config; }).makeDiskoTest;
  };
 }
--- a/overlays/sway.nix
+++ b/overlays/sway.nix
@ -1,19 +0,0 @@
 (pkgs: _: {
  # bash script to let dbus know about important env variables and
  # propogate them to relevent services run at the end of sway config
  # see
  # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist
  # note: this is pretty much the same as  /etc/sway/config.d/nixos.conf but also restarts
  # some user services to make sure they have the correct environment variables
  dbus-sway-environment = pkgs.writeTextFile {
    name = "dbus-sway-environment";
    destination = "/bin/dbus-sway-environment";
    executable = true;
    text = ''
      systemctl --user import-environment
      dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
      # systemctl --user stop pipewire wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
      # systemctl --user start pipewire wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
    '';
  };
 })
--- a/patches/nixpkgs/fix-steam-generation-after-generation-switch.patch
+++ b/patches/nixpkgs/fix-steam-generation-after-generation-switch.patch
@ -1,27 +0,0 @@
 From ac4d51306af54a088e29e2e5efcfac5dfe87d95c Mon Sep 17 00:00:00 2001
 From: lelgenio <lelgenio@disroot.org>
 Date: Fri, 4 Aug 2023 01:25:04 -0300
 Subject: [PATCH] HACK: fix steam after generation switch
 ---
 pkgs/build-support/build-fhsenv-bubblewrap/default.nix | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/pkgs/build-support/build-fhsenv-bubblewrap/default.nix b/pkgs/build-support/build-fhsenv-bubblewrap/default.nix
 index 3500e5e9216f..4d7ac0aa7618 100644
 --- a/pkgs/build-support/build-fhsenv-bubblewrap/default.nix
 +++ b/pkgs/build-support/build-fhsenv-bubblewrap/default.nix
@@ -152,6 +152,10 @@ let
       fi
       if [[ -L $i ]]; then
         symlinks+=(--symlink "$(${coreutils}/bin/readlink "$i")" "$i")
 +      elif [[ -f $i && -r $i ]]; then
 +        SNAPSHOT=$(mktemp --dry-run)
 +        cp "$i" "$SNAPSHOT"
 +        ro_mounts+=(--ro-bind-try "$SNAPSHOT" "$i")
       else
         ro_mounts+=(--ro-bind-try "$i" "$i")
       fi
 -- 
 2.42.0
--- a/patches/qutebrowser/tree-style-tabs.patch
+++ b/patches/qutebrowser/tree-style-tabs.patch
--- a/patches/webcord/fix-reading-config.patch
+++ b/patches/webcord/fix-reading-config.patch
@ -1,14 +0,0 @@
 diff --git a/sources/code/main/modules/config.ts b/sources/code/main/modules/config.ts
 index caf51df..41faabe 100644
 --- a/sources/code/main/modules/config.ts
 +++ b/sources/code/main/modules/config.ts
@@ -158,6 +158,9 @@ class Config<T> {
   #read(): unknown {
     const encodedData = readFileSync(this.#path+this.#pathExtension);
     let decodedData = encodedData.toString();
 +    if (decodedData === "")
 +        return {};
 +
     if(this.#pathExtension === FileExt.Encrypted)
       decodedData = safeStorage.decryptString(encodedData);
     return JSON.parse(decodedData);
--- a/pkgs/cargo-checkmate.nix
+++ b/pkgs/cargo-checkmate.nix
@ -1,11 +1,12 @@
-{ lib
+{
-, rustPlatform
+  lib,
-, fetchFromGitHub
+  rustPlatform,
-, pkg-config
+  fetchFromGitHub,
-, openssl
+  pkg-config,
-, zlib
+  openssl,
-, stdenv
+  zlib,
-, Security ? null
+  stdenv,
  Security ? null,
 }:
 rustPlatform.buildRustPackage rec {
@ -22,9 +23,7 @@ rustPlatform.buildRustPackage rec {
  cargoSha256 = "sha256-hOB84u55ishahIFSqBnqccqH3OlC9J8mCYzsd23jTyA=";
  nativeBuildInputs = [ pkg-config ];
-  buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [
+  buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [ Security ];
    Security
  ];
  meta = with lib; {
    description = "Check all the things.";
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -1,8 +1,14 @@
 # Custom packages, that can be defined similarly to ones from nixpkgs
 # You can build them using 'nix build .#example' or (legacy) 'nix-build -A example'
-{ pkgs, inputs }: {
+{ pkgs, inputs }:
 rec {
  cargo-checkmate = pkgs.callPackage ./cargo-checkmate.nix { };
-  lipsum = pkgs.callPackage ./lipsum.nix { inherit inputs; };
+  lipsum = pkgs.callPackage ./lipsum.nix { };
  emmet-cli = pkgs.callPackage ./emmet-cli.nix { };
  material-wifi-icons = pkgs.callPackage ./material-wifi-icons.nix { };
  gnome-pass-search-provider = pkgs.callPackage ./gnome-pass-search-provider.nix { };
  factorio-headless = pkgs.callPackage ./factorio-headless {
    inherit (pkgs.unstable) factorio-headless;
  };
 }
--- a/pkgs/emmet-cli.nix
+++ b/pkgs/emmet-cli.nix
@ -1,6 +1,7 @@
-{ lib
+{
-, buildNpmPackage
+  lib,
-, fetchFromGitHub
+  buildNpmPackage,
  fetchFromGitHub,
 }:
 buildNpmPackage rec {
--- a/pkgs/factorio-headless/default.nix
+++ b/pkgs/factorio-headless/default.nix
@ -0,0 +1,10 @@
 { factorio-headless, pkgs }:
 factorio-headless.overrideAttrs (_: rec {
  version = "2.0.13";
  src = pkgs.fetchurl {
    name = "factorio_headless_x64-${version}.tar.xz";
    url = "https://www.factorio.com/get-download/${version}/headless/linux64";
    hash = "sha256-J7NpAaOeWTrfKEGMAoYULGx6n4PRVpY8c2m9QFolx9E=";
  };
 })
--- a/pkgs/factorio-headless/update.sh
+++ b/pkgs/factorio-headless/update.sh
@ -0,0 +1,14 @@
 #!/bin/sh
 set -xe
 cd "$(dirname $0)"
 current_version="$(rg '^.*?version\s*=\s*"(.+)".*?$' --replace '$1' ./default.nix)"
 current_hash="$(rg '^.*?hash\s*=\s*"(.+)".*?$' --replace '$1' ./default.nix)"
 new_version="$(curl https://factorio.com/api/latest-releases | jq -r .stable.headless)"
 new_hash="$(nix-hash --to-sri --type sha256 $(nix-prefetch-url --type sha256 https://www.factorio.com/get-download/${new_version}/headless/linux64))"
 sd "$current_version" "$new_version" ./default.nix
 sd "$current_hash" "$new_hash" ./default.nix
--- a/pkgs/gnome-pass-search-provider.nix
+++ b/pkgs/gnome-pass-search-provider.nix
@ -0,0 +1,64 @@
 {
  stdenv,
  fetchFromGitHub,
  python3Packages,
  wrapGAppsHook,
  gtk3,
  gobject-introspection,
  gnome,
 }:
 let
  inherit (python3Packages)
    dbus-python
    pygobject3
    fuzzywuzzy
    levenshtein
    ;
 in
 stdenv.mkDerivation rec {
  pname = "gnome-pass-search-provider";
  version = "1.4.0";
  src = fetchFromGitHub {
    owner = "jle64";
    repo = "gnome-pass-search-provider";
    rev = version;
    hash = "sha256-PDR8fbDoT8IkHiTopQp0zd4DQg7JlacA6NdKYKYmrWw=";
  };
  nativeBuildInputs = [
    python3Packages.wrapPython
    wrapGAppsHook
  ];
  propagatedBuildInputs = [
    dbus-python
    pygobject3
    fuzzywuzzy
    levenshtein
    gtk3
    gobject-introspection
  ];
  env = {
    LIBDIR = builtins.placeholder "out" + "/lib";
    DATADIR = builtins.placeholder "out" + "/share";
  };
  postPatch = ''
    substituteInPlace  conf/org.gnome.Pass.SearchProvider.service.{dbus,systemd} \
      --replace-fail "/usr/lib" "$LIBDIR"
  '';
  installPhase = ''
    bash ./install.sh
  '';
  postFixup = ''
    makeWrapperArgs=( "''${gappsWrapperArgs[@]}" )
    wrapPythonProgramsIn "$out/lib" "$out $propagatedBuildInputs"
  '';
 }
--- a/pkgs/lipsum.nix
+++ b/pkgs/lipsum.nix
@ -1,19 +1,28 @@
-{ pkgs, inputs }:
+{
-pkgs.stdenv.mkDerivation rec {
+  stdenv,
  fetchFromGitHub,
  pkg-config,
  vala,
  wrapGAppsHook,
 }:
 stdenv.mkDerivation rec {
  pname = "lipsum";
  version = "0.0.1";
-  src = inputs.lipsum;
+  src = fetchFromGitHub {
    owner = "hannenz";
    repo = "lipsum";
    rev = "0fb31e6ede10fbd78d7652f5fb21670cddd8e3ed";
    hash = "sha256-a6uv0tJulN9cAGWxvQr8B0PUJEY8Rx4e759xzS66Xlo=";
  };
-  nativeBuildInputs = with pkgs; [
+  nativeBuildInputs = [
    pkg-config
    vala
    wrapGAppsHook
  ];
-  makeFlags = [
+  makeFlags = [ "PRG=${pname}" ];
    "PRG=${pname}"
  ];
  installPhase = ''
    install -Dm 755 "$pname" "$out/bin/$pname"
@ -21,4 +30,3 @@ pkgs.stdenv.mkDerivation rec {
    glib-compile-schemas "$out/share/glib-2.0/schemas/"
  '';
 }
--- a/pkgs/material-wifi-icons.nix
+++ b/pkgs/material-wifi-icons.nix
@ -0,0 +1,16 @@
 { stdenv, fetchFromGitHub }:
 stdenv.mkDerivation rec {
  pname = "material-wifi-icons";
  version = "0.0.1";
  src = fetchFromGitHub {
    owner = "dcousens";
    repo = "material-wifi-icons";
    rev = "2daf6b3d96d65beb2a3e37a9a53556aab3826d97";
    hash = "sha256-KykU5J7SdpBDG+6rkD//XeHd+6pK3qabe+88RduhwKc=";
  };
  installPhase = ''
    install -D material-wifi.ttf $out/share/fonts/${pname}
  '';
 }
--- a/scripts/_diffr
+++ b/scripts/_diffr
--- a/scripts/_sway_idle_toggle
+++ b/scripts/_sway_idle_toggle
--- a/scripts/amd-fan-control
+++ b/scripts/amd-fan-control
@ -0,0 +1,50 @@
 #!/usr/bin/env bash
 set -e
 DEVICE="$1" # eg: /sys/class/drm/card1/device
 HWMON=$(echo "$DEVICE"/hwmon/hwmon*)
 exit() {
    echo "Setting controll to auto" >&2
    echo 2 > "$HWMON/pwm1_enable"
 }
 trap exit EXIT INT
 bail() {
    echo "Error: $@" >&2
    echo "Exiting..." >&2
    exit 1
 }
 if ! [ -d $HWMON ]; then
    bail "Invalid HWMON"
 fi
 TEMP_INPUT="$HWMON/temp2_input"
 if ! [ -f $TEMP_INPUT ]; then
    bail "Invalid TEMP_INPUT"
 fi
 MIN="$2"
 MAX="$3"
 echo "Running..." >&2
 while true; do
    TEMPERATURE_RAW=$(cat "$TEMP_INPUT")
    TEMPERATURE="$(( $TEMPERATURE_RAW / 1000 ))"
    # Remap from a number between 60_000..90_000 to 0..255
    PWM=$(( ($TEMPERATURE - $MIN) * 255 / ($MAX - $MIN) ))
    if [ "$PWM" -gt 255 ]; then
        PWM=255
    elif [ "$PWM" -lt 0 ]; then
        PWM=0
    fi
    echo 1 > "$HWMON/pwm1_enable"
    echo "$PWM" > "$HWMON/pwm1"
    sleep .1s
 done
--- a/scripts/bmenu
+++ b/scripts/bmenu
--- a/scripts/br
+++ b/scripts/br
--- a/scripts/controller-battery
+++ b/scripts/controller-battery
@ -0,0 +1,38 @@
 #!/bin/sh
 set -e
 CONTROLLER=$(find /sys/class/power_supply -maxdepth 1 -name '*controller*' || true)
 if test -z "$CONTROLLER"; then
    echo
    exit 0
 fi
 CAPACITY=$(cat "$CONTROLLER/capacity")
 echo -n '󰊴'
 if test "$CAPACITY" -ge 90; then
    echo '󰁹'
 elif test "$CAPACITY" -ge 90; then
    echo '󰂂'
 elif test "$CAPACITY" -ge 80; then
    echo '󰂁'
 elif test "$CAPACITY" -ge 70; then
    echo '󰂀'
 elif test "$CAPACITY" -ge 60; then
    echo '󰁿'
 elif test "$CAPACITY" -ge 50; then
    echo '󰁾'
 elif test "$CAPACITY" -ge 40; then
    echo '󰁽'
 elif test "$CAPACITY" -ge 30; then
    echo '󰁼'
 elif test "$CAPACITY" -ge 20; then
    echo '󰁻'
 elif test "$CAPACITY" -ge 10; then
    echo '󰁺'
 else
    echo '󰂎'
 fi
--- a/scripts/default.nix
+++ b/scripts/default.nix
@ -1,57 +1,142 @@
-(final: prev:
+(
-with prev;
+  final: prev:
 let
  import_script = (_: path: import (path) { inherit pkgs lib; });
  create_script = (name: text: runtimeInputs:
  let
-      script_body = pkgs.writeTextFile {
+    lib = prev.lib;
        inherit name;
        executable = true;
        text = ''
          ${builtins.readFile text}
        '';
      };
    in
    (pkgs.writeShellApplication {
      inherit name runtimeInputs;
      text = ''exec ${script_body} "$@"'';
      checkPhase = "";
    }));
  create_scripts =
    lib.mapAttrs (name: deps: create_script name ./${name} deps);
-  pass = pkgs.pass.withExtensions (ex: with ex; [
+    importScript = (_: path: import (path) { inherit (final) pkgs lib; });
-    pass-otp
+    wrapScript =
-  ]);
+      name: text: runtimeInputs:
-in
+      final.runCommand name
 create_scripts
        {
          nativeBuildInputs = [ final.makeWrapper ];
          meta.mainProgram = name;
        }
        ''
          mkdir -p $out/bin
          cp ${text} $out/bin/${name}
          wrapProgram $out/bin/${name} \
              --suffix PATH : ${lib.makeBinPath runtimeInputs}
        '';
    createScripts = lib.mapAttrs (name: deps: wrapScript name ./${name} deps);
    myPass = final.pass.withExtensions (ex: with ex; [ pass-otp ]);
  in
  with final;
  createScripts {
    amd-fan-control = [ bash ];
    br = [ ];
-    bmenu = [ final.bemenu final.dhist fish j4-dmenu-desktop jq sway ];
+    bmenu = [
-    down_meme = [ wl-clipboard yt-dlp libnotify ];
+      bemenu
-    wl-copy-file = [ wl-clipboard fish ];
+      dhist
      fish
      j4-dmenu-desktop
      jq
      sway
    ];
    down_meme = [
      wl-clipboard
      yt-dlp
      libnotify
    ];
    wl-copy-file = [
      wl-clipboard
      fish
    ];
    _diffr = [ diffr ];
-    _thunar-terminal = [ final.terminal ];
+    _thunar-terminal = [ terminal ];
-    _sway_idle_toggle = [ final.swayidle ];
+    _sway_idle_toggle = [ swayidle ];
-    kak-pager = [ fish final._diffr ];
+    kak-pager = [
-    kak-man-pager = [ final.kak-pager ];
+      fish
-    helix-pager = [ fish final._diffr ];
+      _diffr
-    helix-man-pager = [ final.helix-pager ];
+    ];
-    musmenu = [ mpc-cli final.wdmenu trash-cli xdg-user-dirs libnotify sd wl-clipboard ];
+    kak-man-pager = [ kak-pager ];
-    showkeys =
+    helix-pager = [
-      [ ]; # This will not work unless programs.wshowkeys is enabled systemwide
+      fish
      _diffr
    ];
    helix-man-pager = [ helix-pager ];
    musmenu = [
      mpc-cli
      wdmenu
      trash-cli
      xdg-user-dirs
      libnotify
      sd
      wl-clipboard
    ];
    showkeys = [ ]; # This will not work unless programs.wshowkeys is enabled systemwide
    terminal = [ alacritty ];
    playerctl-status = [ playerctl ];
-    wpass = [ final.wdmenu fd pass sd wl-clipboard wtype ];
+    pass-export = [
-    screenshotsh =
+      pass2csv
-      [ capitaine-cursors grim slurp jq sway wl-clipboard xdg-user-dirs ];
+      gnupg
-    volumesh = [ pulseaudio libnotify ];
+      sd
-    pulse_sink = [ pulseaudio pamixer final.wdmenu ];
+    ];
-    color_picker = [ grim slurp wl-clipboard libnotify imagemagick ];
+    wpass = [
-    dzadd = [ procps libnotify final.wdmenu jq mpv pqiv python3Packages.deemix mpc-cli final.mpdDup ];
+      wdmenu
-    mpdDup = [ mpc-cli perl ];
+      fd
-  } // lib.mapAttrs import_script {
+      myPass
      sd
      wl-clipboard
      wtype
    ];
    screenshotsh = [
      capitaine-cursors
      grim
      slurp
      jq
      sway
      wl-clipboard
      xdg-user-dirs
    ];
    volumesh = [
      pulseaudio
      libnotify
    ];
    pulse_sink = [
      pulseaudio
      pamixer
      wdmenu
    ];
    color_picker = [
      grim
      slurp
      wl-clipboard
      libnotify
      imagemagick
    ];
    dzadd = [
      procps
      libnotify
      wdmenu
      jq
      mpv
      pqiv
      python3Packages.deemix
      mpc-cli
      mpdDup
    ];
    mpdDup = [
      mpc-cli
      perl
    ];
    readQrCode = [
      grim
      zbar
      wl-clipboard
    ];
    pint-fmt = [ ];
    powerplay-led-idle = [
      bash
      libinput
      libratbag
    ];
    vrr-fullscreen = [ ];
    controller-battery = [ ];
  }
  // lib.mapAttrs importScript {
    wdmenu = ./wdmenu.nix;
    wlauncher = ./wlauncher.nix;
    _gpg-unlock = ./_gpg-unlock.nix;
-})
+  }
 )
--- a/scripts/helix-pager
+++ b/scripts/helix-pager
--- a/scripts/kak-pager
+++ b/scripts/kak-pager
--- a/scripts/pass-export
+++ b/scripts/pass-export
@ -0,0 +1,13 @@
 #!/bin/sh
 if test -z "$PASSWORD_STORE_DIR"; then
  PASSWORD_STORE_DIR="$HOME/.password-store"
 fi
 pass2csv "$PASSWORD_STORE_DIR" "$HOME/passwords.csv" \
  -f User '(user|login)(:\s*)?' \
  -f TOTP 'otpauth(:)?' \
  -f URL 'url(:\s*)?'
 # Fix TOTP format for keepass
 sd '"//totp/.*?secret=(.*?)(&.*?)?"' '"$1"' "$HOME/passwords.csv"
--- a/scripts/pint-fmt
+++ b/scripts/pint-fmt
@ -0,0 +1,7 @@
 #!/bin/sh
 file="$(mktemp)"
 cat - >"$file"
 ./vendor/bin/pint --quiet "$file"
 cat "$file"
 rm "$file"
--- a/scripts/playerctl-status
+++ b/scripts/playerctl-status
--- a/scripts/powerplay-led-idle
+++ b/scripts/powerplay-led-idle
@ -0,0 +1,79 @@
 #!/usr/bin/env bash
 set -e
 # Constants
 SECONDS_UNTIL_FADE=$(( 1 * 60))
 SECONDS_UNTIL_OFF=$(( 6 * 60))
 COLOR_ON=ff0000
 COLOR_FADE=880000
 COLOR_OFF=000000
 # Logging
 if [[ "$1" = "debug" ]]; then
    echo "Running with debugging" >&2
    DEBUG="true"
    SECONDS_UNTIL_FADE=$(( 3 ))
    SECONDS_UNTIL_OFF=$(( 5 ))
 fi
 log() {
    if [[ "$DEBUG" = "true" ]]; then
        echo "$@" >&2
    fi
 }
 # Implementation
 main() {
    CURRENT_STATE="UNKNOWN"
    LAST_POINTER_MOTION="$(date +%s)"
    if [ "$(ratbagctl list | wc -l)" -ne 1 ]; then
        echo "Not exactly one device found, exiting..."
        exit 1
    fi
    DEVICE="$(ratbagctl list | cut -d: -f1)"
    while true; do
        while read line; do
            LAST_POINTER_MOTION="$(date +%s)"
            break
        done < <(
            timeout 5s \
                libinput debug-events \
                | grep POINTER_MOTION
        )
        TIME_SINCE_LAST=$(( "$(date +%s)" - "$LAST_POINTER_MOTION" ))
        log "Last pointer motion was $TIME_SINCE_LAST seconds ago"
        if [ "$TIME_SINCE_LAST" -gt "$SECONDS_UNTIL_OFF" ]; then
            setState OFF "$COLOR_OFF"
        elif [ "$TIME_SINCE_LAST" -gt "$SECONDS_UNTIL_FADE" ]; then
            setState FADE "$COLOR_FADE"
        else
            setState ON "$COLOR_ON"
        fi
    done
 }
 setState() {
    STATE="$1"
    COLOR="$2"
    MODE="$3"
    if [[ "$STATE" = "$CURRENT_STATE" ]]; then
        log "Already in $STATE state"
        return
    fi
    log "Changing state to $STATE"
    CURRENT_STATE="$STATE"
    ratbagctl "$DEVICE" led 0 set mode on
    ratbagctl "$DEVICE" led 0 set color "$COLOR"
 }
 main
--- a/scripts/pulse_sink
+++ b/scripts/pulse_sink
--- a/scripts/readQrCode
+++ b/scripts/readQrCode
@ -0,0 +1,18 @@
 #!/bin/sh
 set -o pipefail
 main() {
    if wl-paste | zbarimg -q --raw - | wl-copy
    then
        notify-send "Copied" "QrCode was copied to clipboard"
        rm "$LOGFILE"
    else
        notify-send "Failed to read QrCode" "Log file is '$LOGFILE'"
    fi
 }
 LOGFILE=$(mktemp /tmp/qrcode-XXXXXXXX.log)
 main > "$LOGFILE" 2>&1
--- a/scripts/screenshotsh
+++ b/scripts/screenshotsh
--- a/scripts/showkeys
+++ b/scripts/showkeys
--- a/scripts/terminal
+++ b/scripts/terminal
--- a/scripts/vrr-fullscreen
+++ b/scripts/vrr-fullscreen
@ -0,0 +1,28 @@
 #!/usr/bin/env bash
 # List of supported outputs for VRR
 output_vrr_whitelist=(
    "DP-1"
    "DP-2"
 )
 # Toggle VRR for fullscreened apps in prespecified displays to avoid stutters while in desktop
 swaymsg -t subscribe -m '[ "window" ]' | while read window_json; do
    window_event=$(echo ${window_json} | jq -r '.change')
    # Process only focus change and fullscreen toggle
    if [[ $window_event = "focus" || $window_event = "fullscreen_mode" ]]; then
        output_json=$(swaymsg -t get_outputs | jq -r '.[] | select(.focused == true)')
        output_name=$(echo ${output_json} | jq -r '.name')
        # Use only VRR in whitelisted outputs
        if [[ ${output_vrr_whitelist[*]} =~ ${output_name} ]]; then
            output_vrr_status=$(echo ${output_json} | jq -r '.adaptive_sync_status')
            window_fullscreen_status=$(echo ${window_json} | jq -r '.container.fullscreen_mode')
            # Only update output if nesseccary to avoid flickering
            [[ $output_vrr_status = "disabled" && $window_fullscreen_status = "1" ]] && swaymsg output "${output_name}" adaptive_sync 1
            [[ $output_vrr_status = "enabled" && $window_fullscreen_status = "0" ]] && swaymsg output "${output_name}" adaptive_sync 0
        fi
    fi
 done
--- a/scripts/wdmenu.nix
+++ b/scripts/wdmenu.nix
@ -1,12 +1,4 @@
 { pkgs, ... }:
 let
  inherit (pkgs.uservars) dmenu;
  available_menus = {
    bmenu = "bmenu";
    rofi = "rofi -dmenu -sort";
  };
  menu_cmd = available_menus.${dmenu};
 in
 pkgs.writeShellScriptBin "wdmenu" ''
-  exec ${menu_cmd} "$@"
+  exec bmenu "$@"
 ''
--- a/scripts/wfile-picker.nix
+++ b/scripts/wfile-picker.nix
@ -1,6 +1,6 @@
 { pkgs, ... }:
 let
-  inherit (pkgs.uservars) dmenu;
+  inherit (config.my) dmenu;
  available_menus = {
    bmenu = "bmenu run";
    rofi = "rofi -show drun -sort";
--- a/scripts/wl-copy-file
+++ b/scripts/wl-copy-file
@ -10,12 +10,13 @@ if test (count $argv) != 1
 end
 set -a file (realpath $argv[1])
 set -a url (string escape --style=url "$file")
 set -e argv[1]
 if test -d "$file"
    die 1 "Cannot copy directories" >&2
 else if test -f "$file"
-    wl-copy $argv -t text/uri-list "file:///$file"
+    wl-copy $argv -t text/uri-list "file:///$url"
 else
    die 2 "No file found" >&2
 end
--- a/scripts/wlauncher.nix
+++ b/scripts/wlauncher.nix
@ -1,12 +1,4 @@
 { pkgs, ... }:
 let
  inherit (pkgs.uservars) dmenu;
  available_menus = {
    bmenu = "bmenu run";
    rofi = "rofi -show drun -sort";
  };
  menu_cmd = available_menus.${dmenu};
 in
 pkgs.writeShellScriptBin "wlauncher" ''
-  exec ${menu_cmd} "$@"
+  exec bmenu run "$@"
 ''
--- a/scripts/wpass
+++ b/scripts/wpass
@ -50,10 +50,6 @@ main() {
 }
 autotype(){
    if pgrep qutebrowser >/dev/null; then
        qutebrowser ":mode-enter insert"
    fi
    env wtype -s 100 "$username"
    env wtype -s 100 -k tab
    env wtype -s 100 "$password"
--- a/secrets/factorio-settings.age
+++ b/secrets/factorio-settings.age
--- a/secrets/monolith-forgejo-runner-token.age
+++ b/secrets/monolith-forgejo-runner-token.age
--- a/secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age
+++ b/secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age
--- a/secrets/phantom-forgejo-mailer-password.age
+++ b/secrets/phantom-forgejo-mailer-password.age
--- a/secrets/phantom-invidious-settings.age
+++ b/secrets/phantom-invidious-settings.age
@ -0,0 +1,16 @@
 age-encryption.org/v1
 -> ssh-rsa BwwxHg
 iTcgtxF1IxopbtF+aw7V8IQfH7tWiMk9lE/eWlVHVjeaRvER5W6Y3xZNOFCjtbqY
 VwEyV6ibfZ4GJt1jRu2icEH/AnLUJFFGQnxu/K/rtoZ3tqSIk9WCBv3aPo4oZRiU
 uaaxi2gD8qo1RLyl/Ij7Djw4i/isUOO1EON5sgx1d39k6qUD4Mak0DSU4EtGdTsr
 OaxDAc0kAxhxZQOUH/QlKa0HLonaFcy1LHqvttOcw3UZuZnaYfZiPlcqe3USS9cm
 96aIC5cS9pHr4JFrqRYvfpla2TY5jlCB/xBGw3KjGEIQoBPXSsJZA6BCMZyp00++
 tdfS2aomt9HFmb1wZDS0jWAxkVF6nXXBbolFVih+58h0nYLljtHIQ3SizRoXY459
 x3JE9NReHp2OO3SlIeO03Kv8YMBvj7nSSd1C1PMpu+hJ/eCXi1WQxD6QY+40muk6
 KhqE3PZ8BCY2b+VpywUF5gVH28mo3jscqAzhf2dZ3SQlzldI+hFyKPxTdAqkfUOH
 --- cinb+wzjVfTkpfm1CtFIFaepwoQVCj1MquB5rAC45Ew
 ¾
 6
 ZCþHS07ïºÖóýE¼X*Àqb=üOßíÛÉwu¥¤³Pºþ¹ÙçÇ–Ñ³/£ómvòÞ×Ë2VœÄ«
 ÁŠxvç[“£‚µ£±”Ì‚A~ evdÓåÙ0¢Œni³1Ò›¹Qý„"í@Ù¹§ÞÔ{KpÐ:åÏµuµsÊÎBñò(X…r[ÂQVg¢Tš¤°ðœîËï@Ä*ÇõÿíB«<>.§¯žhEé²ŸèÐë’÷½¥Žûzlz|kã`l8‘´8¼M›cch<63>îáZ`ƒ ?yeoƒ+ÈM-:/–À**ìè¦ÊcŸÎZD¡2Ñá¼é&·÷¾Ç¢¹£e¤ï*Hnç"Þ~+|ua(û6óËJ
--- a/secrets/phantom-mastodon-mailer-password.age
+++ b/secrets/phantom-mastodon-mailer-password.age
@ -0,0 +1,13 @@
 age-encryption.org/v1
 -> ssh-rsa BwwxHg
 Mnc+/tJ0QqxHkg2nl9gEkz5Oj1RgxtOZnD5gRv66ISUOqZhNm1+F+xVEdKn843/q
 /WzH0f1cTF9NXP8vIaEo//bMmp50obJAd+JNovJxV+0gb9L55Nu7ayvK+eyk6j5n
 eb8TxUnwh5BPkEyc6akDh/O49GXzLlVoFD6Ik/0f3YCqUDNAYOl2bsssXtevCeK/
 WEPoCFGhZfNUrOo/0eAhiujZZ5zVb0CWNqXi8VTe2eWOE20VJULcN13TEyO3ZePx
 bAPBmDfS5GgGlV4INWxVLaIMDrzlm0tYozbBNNUbdLFFOhIOrgvay9RWxdk0u2hJ
 MPKoKsJ96EFxrbZJdS0W7a+aZk/Q3A3Civ2rtPx+5UANhmlY8e1lUHa26e1vA4K7
 ApoMtDyCbuZ9FbLurwl9zO64wWP68aKzuyKOIw+wpy41NQ/PcViSY8KNG9Pt7A2N
 CcOkByx+rwz+JdNHbOF8O4FFG4fNSWn7SvVtu5ymGgVi1bOd8PdJpjDR+6Is0SX7
 --- DHNyITb7ZseEV58MOD/zHeH5vff0hhlbKg27rlYECGk
 ÆJ…¨Úãè·<hUs/¿ïš}ó´Zi`ˆ‘ 'ÂJŸ°z5ùÃgõãŸ%€ì‡`¤º%/˜‚±<01>ˆ„á-Î<x—íõÉ’|
--- a/secrets/phantom-nextcloud.age
+++ b/secrets/phantom-nextcloud.age
--- a/secrets/phantom-renawiki.age
+++ b/secrets/phantom-renawiki.age
--- a/secrets/phantom-writefreely.age
+++ b/secrets/phantom-writefreely.age
--- a/secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age
+++ b/secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -2,12 +2,21 @@ let
  main_ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15";
 in
 {
-  "rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
+  "rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [
-  "monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
+    main_ssh_public_key
  ];
  "monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [
    main_ssh_public_key
  ];
  "gitlab-runner-thoreb-telemetria-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
  "monolith-forgejo-runner-token.age".publicKeys = [ main_ssh_public_key ];
  "lelgenio-cachix.age".publicKeys = [ main_ssh_public_key ];
  "monolith-nix-serve-privkey.age".publicKeys = [ main_ssh_public_key ];
-  "ghost-nextcloud.age".publicKeys = [ main_ssh_public_key ];
+  "factorio-settings.age".publicKeys = [ main_ssh_public_key ];
-  "ghost-writefreely.age".publicKeys = [ main_ssh_public_key ];
+  "phantom-nextcloud.age".publicKeys = [ main_ssh_public_key ];
-  "ghost-renawiki.age".publicKeys = [ main_ssh_public_key ];
+  "phantom-writefreely.age".publicKeys = [ main_ssh_public_key ];
  "phantom-renawiki.age".publicKeys = [ main_ssh_public_key ];
  "phantom-forgejo-mailer-password.age".publicKeys = [ main_ssh_public_key ];
  "phantom-mastodon-mailer-password.age".publicKeys = [ main_ssh_public_key ];
  "phantom-invidious-settings.age".publicKeys = [ main_ssh_public_key ];
 }
--- a/settings/default.nix
+++ b/settings/default.nix
@ -0,0 +1,6 @@
 { lib, ... }:
 {
  options = {
    my = lib.mkOption { };
  };
 }
--- a/11
+++ b/11
@ -1,9 +1,12 @@
 #!/usr/bin/env bash
-sudo nice ionice \
+nix fmt
-    nixos-rebuild \
+
 git --no-pager diff
 nixos-rebuild \
    switch \
-    --verbose \
+    --use-remote-sudo \
    --print-build-logs \
    --flake .# \
-    $@
+    "$@"
--- a/12
+++ b/12
@ -0,0 +1,12 @@
 #!/bin/sh
 nix fmt
 git --no-pager diff
 nixos-rebuild switch --flake .#phantom \
  --update-input nixpkgs \
  --no-write-lock-file \
  --build-host phantom \
  --target-host phantom \
  "$@"
--- a/system/bluetooth.nix
+++ b/system/bluetooth.nix
@ -0,0 +1,17 @@
 { pkgs, ... }:
 {
  services.blueman.enable = true;
  hardware.bluetooth = {
    enable = true;
    settings = {
      General = {
        DiscoverableTimeout = 0;
        Discoverable = true;
        AlwaysPairable = true;
      };
      Policy = {
        AutoEnable = true;
      };
    };
  };
 }
--- a/system/boot.nix
+++ b/system/boot.nix
@ -1,4 +1,11 @@
-{ config, pkgs, lib, inputs, ... }: {
+{
  config,
  pkgs,
  lib,
  inputs,
  ...
 }:
 {
  console = {
    font = "${pkgs.terminus_font}/share/consolefonts/ter-120n.psf.gz";
    packages = [ pkgs.terminus_font ];
@ -36,11 +43,9 @@
    };
    plymouth = {
      enable = true;
-      theme = lib.mkIf (pkgs.uservars.desktop == "sway") "red_loader";
+      theme = lib.mkIf (config.my.desktop == "sway") "red_loader";
      themePackages = with pkgs; [
-        (adi1090x-plymouth-themes.override {
+        (adi1090x-plymouth-themes.override { selected_themes = [ "red_loader" ]; })
          selected_themes = [ "red_loader" ];
        })
      ];
    };
  };
--- a/system/cachix.nix
+++ b/system/cachix.nix
@ -1,4 +1,10 @@
-{ pkgs, lib, config, ... }: {
+{
  pkgs,
  lib,
  config,
  ...
 }:
 {
  services.cachix-watch-store = {
    enable = true;
    cacheName = "lelgenio";
--- a/system/configuration.nix
+++ b/system/configuration.nix
@ -1,7 +1,13 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
-{ config, pkgs, inputs, ... }: {
+{
  config,
  pkgs,
  inputs,
  ...
 }:
 {
  imports = [
    ./gamemode.nix
    ./cachix.nix
@ -9,119 +15,29 @@
    ./boot.nix
    ./thunar.nix
    ./nix.nix
    ./fonts.nix
    ./sound.nix
    ./bluetooth.nix
    ./mouse.nix
    ./locale.nix
    ./users.nix
    ./containers.nix
    ./network.nix
    ../settings
  ];
  my = import ../user/variables.nix;
  zramSwap.enable = true;
  programs.adb.enable = true;
  services.udev.packages = [ pkgs.android-udev-rules ];
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
  # Enable networking
  networking.networkmanager.enable = true;
  # Open kde connect ports
  programs.kdeconnect.enable = true;
  networking.firewall.allowedTCPPorts = [ 55201 ];
  # Set your time zone.
  time.timeZone = "America/Sao_Paulo";
  environment.variables.TZ = config.time.timeZone;
  # Select internationalisation properties.
  i18n.defaultLocale = "pt_BR.utf8";
  # Enable the GNOME Desktop Environment.
  # services.xserver.displayManager.gdm.enable = true;
  # services.xserver.desktopManager.gnome.enable = true;
  # services.xserver.displayManager.autologin.user = "lelgenio";
  # Configure keymap in X11
  services.xserver = {
    layout = "us";
    xkbVariant = "colemak";
  };
  console.keyMap = "colemak";
  # Enable CUPS to print documents.
  # services.printing.enable = true;
  services.flatpak.enable = true;
  virtualisation.docker.enable = true;
  virtualisation.docker.autoPrune.enable = true;
  virtualisation.docker.autoPrune.dates = "monthly";
  virtualisation.docker.autoPrune.flags = [ "--all --volumes" ];
  programs.extra-container.enable = true;
  programs.firejail.enable = true;
  security.rtkit.enable = true;
  services.openssh = {
    enable = true;
    ports = [ 9022 ];
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
    };
  };
  # programs.ssh = {
  #   startAgent = true;
  #   extraConfig = ''
  #     AddKeysToAgent yes
  #   '';
  # };
  ## Enable sound with pipewire.
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  services.pipewire = {
    enable = true;
    wireplumber.enable = true;
    pulse.enable = true;
    alsa.enable = true;
    jack.enable = true;
  };
  services.blueman.enable = true;
  hardware.bluetooth = {
    enable = true;
    settings = {
      General = {
        DiscoverableTimeout = 0;
        # Discoverable = true;
        AlwaysPairable = true;
      };
      Policy = { AutoEnable = true; };
    };
  };
  # Enable touchpad support (enabled default in most desktopManager).
-  services.xserver.libinput.enable = true;
+  services.libinput.enable = true;
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.mutableUsers = false;
  users.users.lelgenio = {
    isNormalUser = true;
    description = "Leonardo Eugênio";
    hashedPassword = "$y$j9T$0e/rczjOVCy7PuwC3pG0V/$gTHZhfO4wQSlFvbDyfghbCnGI2uDI0a52zSrQ/yOA5A";
    extraGroups = [ "networkmanager" "wheel" "docker" "adbusers" "bluetooth" "corectrl" "vboxusers" ];
    shell = pkgs.fish;
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15"
    ];
  };
  users.users.root.initialHashedPassword = "$y$j9T$E3aBBSSq0Gma8hZD9L7ov0$iCGDW4fqrXWfHO0qodBYYgMFA9CpIraoklHcPbJJrM3";
  # services.getty.autologinUser = "lelgenio";
  programs.fish.enable = true;
  programs.dzgui.enable = true;
  programs.dzgui.package = inputs.dzgui-nix.packages.${pkgs.system}.default;
  packages.media-packages.enable = true;
  environment.systemPackages = with pkgs; [
    pinentry-curses
    pavucontrol
    glib # gsettings
@ -130,27 +46,20 @@
    gnome3.adwaita-icon-theme # default gnome cursors
  ];
  fonts.enableDefaultPackages = true;
  fonts.packages = with pkgs; [
    noto-fonts
    noto-fonts-cjk
    noto-fonts-emoji
    nerdfonts_fira_hack
  ];
  services.geoclue2.enable = true;
  # programs.qt5ct.enable = true;
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  services.pcscd.enable = true;
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
    pinentryFlavor = "curses";
  };
  security.sudo.wheelNeedsPassword = false;
  # Workaround for nm-wait-online hanging??
  # Ref: https://github.com/NixOS/nixpkgs/issues/180175
  systemd.services.NetworkManager-wait-online = {
    serviceConfig.ExecStart = [
      ""
      "${pkgs.networkmanager}/bin/nm-online -q"
    ];
  };
  systemd.extraConfig = ''
    DefaultTimeoutStopSec=10s
  '';
  services.logind.extraConfig = ''
    HandlePowerKey=suspend
  '';
--- a/system/containers.nix
+++ b/system/containers.nix
@ -0,0 +1,28 @@
 { pkgs, ... }:
 {
  services.flatpak.enable = true;
  virtualisation.docker = {
    enable = true;
    autoPrune = {
      enable = true;
      dates = "monthly";
      flags = [
        "--all"
        "--volumes"
      ];
    };
    daemon.settings = {
      # needed by bitbucket runner ???
      log-driver = "json-file";
      log-opts = {
        max-size = "10m";
        max-file = "3";
      };
    };
  };
  programs.extra-container.enable = true;
  programs.firejail.enable = true;
 }
--- a/system/fonts.nix
+++ b/system/fonts.nix
@ -0,0 +1,10 @@
 { pkgs, ... }:
 {
  fonts.enableDefaultPackages = true;
  fonts.packages = with pkgs; [
    noto-fonts
    noto-fonts-cjk
    noto-fonts-emoji
    nerdfonts_fira_hack
  ];
 }
--- a/system/gamemode.nix
+++ b/system/gamemode.nix
@ -1,8 +1,16 @@
-{ config, pkgs, inputs, ... }: {
+{
  config,
  pkgs,
  inputs,
  ...
 }:
 {
  programs.gamemode.enable = true;
  programs.gamemode.enableRenice = true;
  programs.gamemode.settings = {
-    general = { renice = 10; };
+    general = {
      renice = 10;
    };
    # Warning: GPU optimisations have the potential to damage hardware
    gpu = {
--- a/system/gitlab-runner.nix
+++ b/system/gitlab-runner.nix
@ -1,9 +1,11 @@
-{ pkgs, lib, ... }: {
+{ pkgs, lib, ... }:
-  mkNixRunner = registrationConfigFile: with lib; rec {
+{
  mkNixRunner =
    authenticationTokenConfigFile: with lib; rec {
      # File should contain at least these two variables:
      # `CI_SERVER_URL`
      # `REGISTRATION_TOKEN`
-    inherit registrationConfigFile; # 2
+      inherit authenticationTokenConfigFile; # 2
      dockerImage = "alpine:3.18.2";
      dockerAllowedImages = [ dockerImage ];
      dockerVolumes = [
@ -26,7 +28,17 @@
        . ${pkgs.nix}/etc/profile.d/nix.sh
-      ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
+        ${pkgs.nix}/bin/nix-env -i ${
          concatStringsSep " " (
            with pkgs;
            [
              nix
              cacert
              git
              openssh
            ]
          )
        }
      '';
      environmentVariables = {
        ENV = "/etc/profile";
@ -35,6 +47,5 @@
        PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
        NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
      };
    tagList = [ "nix" ];
    };
 }
--- a/system/gnome.nix
+++ b/system/gnome.nix
@ -1,25 +1,47 @@
-# Edit this configuration file to define what should be installed on
+{ pkgs, lib, ... }:
-# your system.  Help is available in the configuration.nix(5) man page
+{
-# and in the NixOS manual (accessible by running ‘nixos-help’).
+  services.xserver = {
-{ config, pkgs, ... }: {
+    enable = true;
-  # Enable the X11 windowing system.
+    desktopManager.gnome = {
-  services.xserver.enable = true;
+      enable = true;
-  # Enable the GNOME Desktop Environment.
+      # Enable VRR (Variable Refresh Rate)
-  services.xserver.displayManager.gdm.enable = true;
+      extraGSettingsOverridePackages = with pkgs; [ gnome.mutter ];
-  services.xserver.desktopManager.gnome.enable = true;
+      extraGSettingsOverrides = ''
        [org.gnome.mutter]
        experimental-features=['variable-refresh-rate', 'scale-monitor-framebuffer']
      '';
    };
    displayManager.gdm.enable = true;
  };
-  services.xserver.displayManager.autoLogin = {
+  # Workaround for https://github.com/NixOS/nixpkgs/issues/103746
  systemd.services."getty@tty1".enable = false;
  systemd.services."autovt@tty1".enable = false;
  services.displayManager.autoLogin = {
    enable = true;
    user = "lelgenio";
  };
  programs.kdeconnect = {
    enable = true;
    package = pkgs.gnomeExtensions.gsconnect;
  };
  hardware.opentabletdriver.enable = lib.mkForce false;
  programs.gpaste.enable = true;
  # services.xserver.displayManager.autologin.user = "lelgenio";
-  environment.systemPackages = with pkgs; with gnome; [
+  environment.systemPackages =
    with pkgs;
    with gnome;
    [
      gnome-tweaks
      dconf-editor
      chrome-gnome-shell
    gnomeExtensions.gsconnect
      gnomeExtensions.quick-settings-audio-devices-hider
      gnome-pass-search-provider
    ];
 }
--- a/system/greetd.nix
+++ b/system/greetd.nix
@ -1,6 +1,17 @@
-{ lib, pkgs, config, ... }:
+{
  lib,
  pkgs,
  config,
  ...
 }:
 let
-  inherit (pkgs.uservars) key accent font theme desktop;
+  inherit (config.my)
    key
    accent
    font
    theme
    desktop
    ;
  cfg = config.login-manager.greetd;
 in
@ -17,6 +28,7 @@ in
    # enable sway window manager
    programs.sway = {
      enable = true;
      package = pkgs.mySway;
      wrapperFeatures.gtk = true;
    };
@ -33,7 +45,6 @@ in
    services.greetd =
      let
        greetd_main_script = pkgs.writeShellScriptBin "main" ''
          ${pkgs.dbus-sway-environment}/bin/dbus-sway-environment
          export XDG_CURRENT_DESKTOP=sway GTK_THEME="${theme.gtk_theme}" XCURSOR_THEME="${theme.cursor_theme}"
          ${pkgs.greetd.gtkgreet}/bin/gtkgreet -l -c ${desktop}
          swaymsg exit
@ -59,7 +70,7 @@ in
        enable = true;
        settings = {
          initial_session = {
-            command = "${pkgs.sway}/bin/sway";
+            command = desktop;
            user = "lelgenio";
          };
          default_session = {
--- a/system/kde.nix
+++ b/system/kde.nix
@ -1,4 +1,5 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, ... }:
 {
  # Enable the X11 windowing system.
  services.xserver.enable = true;
  # Enable the KDE Desktop Environment.
--- a/system/locale.nix
+++ b/system/locale.nix
@ -0,0 +1,13 @@
 { pkgs, config, ... }:
 {
  time.timeZone = "America/Sao_Paulo";
  environment.variables.TZ = config.time.timeZone;
  i18n.defaultLocale = "pt_BR.utf8";
  # Configure keymap in X11
  services.xserver.xkb = {
    layout = "us";
    variant = "colemak";
  };
  console.keyMap = "colemak";
 }
--- a/system/media-packages.nix
+++ b/system/media-packages.nix
@ -1,6 +1,13 @@
-{ config, pkgs, lib, ... }:
+{
-let cfg = config.packages.media-packages;
+  config,
-in {
+  pkgs,
  lib,
  ...
 }:
 let
  cfg = config.packages.media-packages;
 in
 {
  options.packages.media-packages = {
    enable = lib.mkEnableOption "media packages";
  };
@ -16,8 +23,10 @@ in {
      gimp
      inkscape
      krita
-      kdenlive
+      kdePackages.breeze
-      blender
+      kdePackages.kdenlive
      pitivi
      blender-hip
      libreoffice
      godot_4
    ];
--- a/system/monolith-forgejo-runner.nix
+++ b/system/monolith-forgejo-runner.nix
@ -0,0 +1,20 @@
 { pkgs, config, ... }:
 {
  services.gitea-actions-runner = {
    package = pkgs.forgejo-actions-runner;
    instances.default = {
      enable = true;
      name = "monolith";
      url = "https://git.lelgenio.com";
      tokenFile = config.age.secrets.monolith-forgejo-runner-token.path;
      labels = [
        # provide a debian base with nodejs for actions
        "debian-latest:docker://node:18-bullseye"
        # fake the ubuntu name, because node provides no ubuntu builds
        "ubuntu-latest:docker://node:18-bullseye"
        # provide native execution on the host
        #"native:host"
      ];
    };
  };
 }
--- a/system/monolith-gitlab-runner.nix
+++ b/system/monolith-gitlab-runner.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 let
  inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner;
 in
@ -7,19 +12,8 @@ in
  virtualisation.docker.enable = true;
  services.gitlab-runner = {
    enable = true;
-    settings.concurrent = 4;
+    settings.concurrent = 12;
    services = {
      # ci_test = {
      #   registrationConfigFile = "/srv/gitlab-runner/env/ci_test";
      #   dockerImage = "debian";
      #   dockerPrivileged = true;
      # };
      thoreb_builder = {
        registrationConfigFile = config.age.secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.path;
        dockerImage = "debian";
        dockerPrivileged = true;
      };
      # runner for building in docker via host's nix-daemon
      # nix store will be readable in runner, might be insecure
      thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path;
--- a/Show more
+++ b/Show more