mangohud: update config, make it easy to tweak

This reverts commit a0cea50099.

.sops.yaml

@@ -4,6 +4,7 @@ keys:
   - &monolith-ssh age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
   - &double-rainbow-ssh age1026d4c8nqyapcsy4jz57szt6zw3ejcgv3ecyvz0s89t7w7z964fqdqv52h
   - &phantom-ssh age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y
+  - &stonehenge-ssh age13y65zemwlfnf5pszspeh87utv5jrfm35varxjdsh78xhfhs7la3scm9l9g
 
 creation_rules:
   - path_regex: secrets/[^/]+\.(yaml|json|env|ini|gpg)$
@@ -35,3 +36,10 @@ creation_rules:
       age:
       - *lelgenio-ssh
       - *phantom-ssh
+  - path_regex: secrets/stonehenge/[^/]+\.(yaml|json|env|ini|gpg)$
+    key_groups:
+    - pgp:
+      - *lelgenio-gpg
+      age:
+      - *lelgenio-ssh
+      - *stonehenge-ssh

flake.lock

@@ -297,11 +297,11 @@
     "flake-compat_2": {
       "flake": false,
       "locked": {
-        "lastModified": 1747046372,
+        "lastModified": 1761588595,
-        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
         "type": "github"
       },
       "original": {
@@ -446,11 +446,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742649964,
+        "lastModified": 1763319842,
-        "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
+        "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
+        "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761",
         "type": "github"
       },
       "original": {
@@ -504,16 +504,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1763992789,
+        "lastModified": 1767280655,
-        "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=",
+        "narHash": "sha256-YmaYMduV5ko8zURUT1VLGDbVC1L/bxHS0NsiPoZ6bBM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3",
+        "rev": "d49d2543f02dbd789ed032188c84570d929223cb",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-25.05",
+        "ref": "release-25.11",
         "repo": "home-manager",
         "type": "github"
       }
@@ -585,20 +585,19 @@
         "git-hooks": "git-hooks",
         "nixpkgs": [
           "nixpkgs"
-        ],
+        ]
-        "nixpkgs-25_05": "nixpkgs-25_05"
       },
       "locked": {
-        "lastModified": 1763302796,
+        "lastModified": 1766537863,
-        "narHash": "sha256-mEc3SBjRYfMcbNFLxmCc5tRtlu3j+1q7zRz+nRraSFE=",
+        "narHash": "sha256-HEt+wbazRgJYeY+lgj65bxhPyVc4x7NEB2bs5NU6DF8=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "5b38fb599f50e9d78325d1d2706e36303c166047",
+        "rev": "23f0a53ca6e58e61e1ea2b86791c69b79c91656d",
         "type": "gitlab"
       },
       "original": {
         "owner": "simple-nixos-mailserver",
-        "ref": "nixos-25.05",
+        "ref": "nixos-25.11",
         "repo": "nixos-mailserver",
         "type": "gitlab"
       }
@@ -619,22 +618,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-25_05": {
-      "locked": {
-        "lastModified": 1747610100,
-        "narHash": "sha256-rpR5ZPMkWzcnCcYYo3lScqfuzEw5Uyfh+R0EKZfroAc=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "ca49c4304acf0973078db0a9d200fd2bae75676d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-25.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixpkgs-unstable": {
       "locked": {
         "lastModified": 1764242076,
@@ -698,16 +681,16 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1764316264,
+        "lastModified": 1767047869,
-        "narHash": "sha256-82L+EJU+40+FIdeG4gmUlOF1jeSwlf2AwMarrpdHF6o=",
+        "narHash": "sha256-tzYsEzXEVa7op1LTnrLSiPGrcCY6948iD0EcNLWcmzo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9a7b80b6f82a71ea04270d7ba11b48855681c4b0",
+        "rev": "89dbf01df72eb5ebe3b24a86334b12c27d68016a",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-25.05",
+        "ref": "nixos-25.11",
         "type": "indirect"
       }
     },

flake.nix

@@ -1,10 +1,10 @@
 {
   description = "My system config";
   inputs = {
-    nixpkgs.url = "nixpkgs/nixos-25.05";
+    nixpkgs.url = "nixpkgs/nixos-25.11";
     nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
 
-    home-manager.url = "github:nix-community/home-manager/release-25.05";
+    home-manager.url = "github:nix-community/home-manager/release-25.11";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
 
     vpsadminos.url = "github:vpsfreecz/vpsadminos";
@@ -32,7 +32,7 @@
     };
 
     nixos-mailserver = {
-      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05";
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
@@ -187,6 +187,14 @@
             ./hosts/phantom
           ];
         };
+        stonehenge = lib.nixosSystem {
+          inherit system specialArgs;
+          modules = [
+            { nixpkgs.pkgs = pkgs; }
+            ./hosts/stonehenge
+            inputs.sops-nix.nixosModules.default
+          ];
+        };
       };
 
       homeConfigurations.lelgenio = inputs.home-manager.lib.homeManagerConfiguration {

hosts/phantom/email.nix

@@ -38,12 +38,14 @@
     };
 
     enableManageSieve = true;
+
+    stateVersion = 3;
   };
 
   # Prefer ipv4 and use main ipv6 to avoid reverse DNS issues
-  services.postfix.extraConfig = ''
+  services.postfix.settings.main = {
-    smtp_address_preference = ipv4
+    smtp_address_preference = "ipv4";
-  '';
+  };
 
   # Webmail
   services.roundcube = {

hosts/stonehenge/default.nix

@@ -0,0 +1,145 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+    ./gitlab-runner.nix
+    ./nebula-vpn.nix
+    ./vagrant.nix
+
+    ../../system/sops.nix
+    ../../system/nix.nix
+  ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "stonehenge"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "America/Sao_Paulo";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "pt_BR.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "pt_BR.UTF-8";
+    LC_IDENTIFICATION = "pt_BR.UTF-8";
+    LC_MEASUREMENT = "pt_BR.UTF-8";
+    LC_MONETARY = "pt_BR.UTF-8";
+    LC_NAME = "pt_BR.UTF-8";
+    LC_NUMERIC = "pt_BR.UTF-8";
+    LC_PAPER = "pt_BR.UTF-8";
+    LC_TELEPHONE = "pt_BR.UTF-8";
+    LC_TIME = "pt_BR.UTF-8";
+  };
+
+  # Enable the X11 windowing system.
+  # You can disable this if you're only using the Wayland session.
+  # services.xserver.enable = true;
+
+  # Enable the KDE Plasma Desktop Environment.
+  services.displayManager.sddm.enable = true;
+  services.desktopManager.plasma6.enable = true;
+
+  # Configure keymap in X11
+  services.xserver.xkb = {
+    layout = "us";
+    variant = "colemak";
+  };
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable sound with pipewire.
+  services.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    #jack.enable = true;
+
+    # use the example session manager (no others are packaged yet so this is enabled by default,
+    # no need to redefine it in your config for now)
+    #media-session.enable = true;
+  };
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.user = {
+    isNormalUser = true;
+    description = "user";
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+    ];
+    packages = with pkgs; [
+      # kdePackages.kate
+      #  thunderbird
+    ];
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+
+  virtualisation.virtualbox.host.enable = true;
+
+  # Install firefox.
+  programs.firefox.enable = true;
+
+  # # Allow unfree packages
+  # nixpkgs.config.allowUnfree = true;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    #  wget
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
+
+}

hosts/stonehenge/gitlab-runner.nix

@@ -0,0 +1,36 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+let
+  inherit (pkgs.callPackage ../../system/gitlab-runner.nix { }) mkNixRunnerFull;
+in
+{
+  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
+  virtualisation.docker.enable = true;
+  services.gitlab-runner = {
+    enable = true;
+    settings.concurrent = 4;
+    services = {
+      wopus-gitlab-nix = mkNixRunnerFull {
+        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
+        # nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path;
+        # nixCacheSshPublicKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pub".path;
+      };
+    };
+  };
+  systemd.services.gitlab-runner.serviceConfig.Nice = 10;
+
+  sops.secrets = {
+    "gitlab-runners/wopus-gitlab-nix" = {
+      sopsFile = ../../secrets/stonehenge/default.yaml;
+    };
+    "gitlab-runners/wopus-ssh-nix-cache-pk" = {
+      sopsFile = ../../secrets/stonehenge/default.yaml;
+    };
+    "gitlab-runners/wopus-ssh-nix-cache-pub" = {
+      sopsFile = ../../secrets/stonehenge/default.yaml;
+    };
+  };
+}

hosts/stonehenge/hardware-configuration.nix

@@ -0,0 +1,48 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "usb_storage"
+    "usbhid"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/d22f00a1-af56-4468-a041-96523befe151";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/FE31-5AA5";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/533ceee7-721c-4bdc-9212-6043bf05b205"; }
+  ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/stonehenge/nebula-vpn.nix

@@ -0,0 +1,61 @@
+{ pkgs, config, ... }:
+let
+  s = config.sops.secrets;
+
+  secretConfig = {
+    owner = "nebula-wopus";
+    group = "nebula-wopus";
+    restartUnits = [ "nebula@wopus.service" ];
+    sopsFile = ../../secrets/stonehenge/default.yaml;
+  };
+in
+{
+  environment.systemPackages = with pkgs; [ nebula ];
+
+  services.nebula.networks.wopus = {
+    enable = true;
+    isLighthouse = false;
+    lighthouses = [
+      "192.168.88.1"
+      "192.168.88.2"
+      "192.168.88.3"
+    ];
+    settings = {
+      cipher = "aes";
+    };
+    cert = s."nebula-wopus-vpn/stonehenge-crt".path;
+    key = s."nebula-wopus-vpn/stonehenge-key".path;
+    ca = s."nebula-wopus-vpn/ca-crt".path;
+    staticHostMap = {
+      "192.168.88.1" = [
+        "neubla-vpn.wopus.dev:4242"
+      ];
+      "192.168.88.2" = [
+        "82.25.77.78:4242"
+      ];
+      "192.168.88.3" = [
+        "72.60.60.221:4242"
+      ];
+    };
+    firewall.outbound = [
+      {
+        host = "any";
+        port = "any";
+        proto = "any";
+      }
+    ];
+    firewall.inbound = [
+      {
+        host = "any";
+        port = "any";
+        proto = "any";
+      }
+    ];
+  };
+
+  sops.secrets = {
+    "nebula-wopus-vpn/ca-crt" = secretConfig;
+    "nebula-wopus-vpn/stonehenge-crt" = secretConfig;
+    "nebula-wopus-vpn/stonehenge-key" = secretConfig;
+  };
+}

hosts/stonehenge/vagrant.nix

@@ -0,0 +1,57 @@
+{ pkgs, ... }:
+let
+  vagrantScript = pkgs.writeScriptBin "vagrant-vnode-05" ''
+    #!${pkgs.bash}/bin/bash
+    set -euo pipefail
+
+    export PATH="${
+      pkgs.lib.makeBinPath (
+        with pkgs;
+        [
+          vagrant
+          curl
+          openssh
+          virtualbox
+        ]
+      )
+    }:$PATH"
+    export VNODE_NAME=vnode-05
+
+    cd /home/user/kubernetes-cluster/vnodes
+    exec ${pkgs.vagrant}/bin/vagrant up
+  '';
+in
+{
+  environment.systemPackages = with pkgs; [
+    vagrant
+    curl
+    openssh
+  ];
+
+  users.users.user.extraGroups = [ "vboxusers" ];
+
+  systemd.services.vagrant-vnode-05 = {
+    description = "Vagrant vnode-05 service";
+    after = [ "network-online.target" ];
+    wants = [ "network-online.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStart = "${vagrantScript}/bin/vagrant-vnode-05";
+      User = "user";
+      WorkingDirectory = "/home/user/kubernetes-cluster/vnodes";
+      Environment = "PATH=${
+        pkgs.lib.makeBinPath (
+          with pkgs;
+          [
+            vagrant
+            curl
+            openssh
+            virtualbox
+          ]
+        )
+      }:$PATH";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+}

pkgs/caffeinated/default.nix

@@ -11,6 +11,7 @@
   libbsd,
   wayland,
   wayland-protocols,
+  libcap,
 }:
 
 stdenv.mkDerivation {
@@ -35,6 +36,7 @@ stdenv.mkDerivation {
     libbsd
     wayland
     wayland-protocols
+    libcap
   ];
 
   makeFlags = [ "WAYLAND=1" ];

pkgs/gnome-pass-search-provider.nix

@@ -2,7 +2,7 @@
   stdenv,
   fetchFromGitHub,
   python3Packages,
-  wrapGAppsHook,
+  wrapGAppsHook3,
   gtk3,
   gobject-introspection,
 }:
@@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
 
   nativeBuildInputs = [
     python3Packages.wrapPython
-    wrapGAppsHook
+    wrapGAppsHook3
   ];
 
   propagatedBuildInputs = [

pkgs/lipsum.nix

@@ -3,7 +3,7 @@
   fetchFromGitHub,
   pkg-config,
   vala,
-  wrapGAppsHook,
+  wrapGAppsHook3,
 }:
 stdenv.mkDerivation rec {
   pname = "lipsum";
@@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [
     pkg-config
     vala
-    wrapGAppsHook
+    wrapGAppsHook3
   ];
 
   makeFlags = [ "PRG=${pname}" ];

scripts/default.nix

@@ -55,7 +55,7 @@
     helix-man-pager = [ helix-pager ];
     bcrypt = [ apacheHttpd ];
     musmenu = [
-      mpc-cli
+      mpc
       wdmenu
       trash-cli
       xdg-user-dirs
@@ -113,11 +113,11 @@
       mpv
       pqiv
       python3Packages.deemix
-      mpc-cli
+      mpc
       mpdDup
     ];
     mpdDup = [
-      mpc-cli
+      mpc
       perl
     ];
     readQrCode = [

secrets/stonehenge/default.yaml

@@ -0,0 +1,48 @@
+gitlab-runners:
+    wopus-gitlab-nix: ENC[AES256_GCM,data:u+FYWx3yluA+zFk8VV7RB4TW1AP81K8Ntgd7QDHwb2w0bzQH7URmfF1PrQgZGu/r5Q4zOFgmyUkL6EML9KFFu+3QpilIOTXitiEoi/McOn0DnAOTLhW1Fbg42jKd3gTU9OyLDijlQs3ktyRRSg+1TIEsYNc=,iv:LjRyav0YVKtG79roC8KRS99cVVfu8IJRpAQ9w79PFa0=,tag:K2rjIn823sER+zHezFyAZw==,type:str]
+    wopus-ssh-nix-cache-pk: ENC[AES256_GCM,data:hAAMdGvTduLQe+e6g0BVrvDATsVuRX5LxLQA2LqFPrdeNVPNzlWt5dNY4PjDuGKKeOyIjfTP2a4R2tLhjzQzSmoUZZVCEijohIsoDLbTfXgDDSOwXiTTr2nj3Hw4+TiuMH/VRgpIzZVjJSweuDK2UmwhbJ3wtahE7iNYD0gZet9Ibnu3iHVW4NdZs0K9joVxJoAaY8ZQi95QC0NYV/8RZ3GQFm2sQK/I1XKEAZGZ9GK5TbRUxGh3HihX68xsxBv5avpXwURp4K/CXW6VCyhAiU21+kpTPxV1x6ZiUfmPqDUmqqV57HL6+z1g6bLb+XGBNU15L0xqItmGpc3ENV2MpTP79MXA8C2eXgkBr0ylnsoFjlrkff+oJbDtHUkWaRHEQvkQtD3JKPgi97PtuBt0qWlpXRsCXnKwH565pfgKu6SGZHZ+VHpAGI3fjtroLhnoCeV6tBpibHk/ADr826IicVJWAVzxTSRfiMA7o4wji7MJxLYf2p3PRixSpQ9oXCsUPykQ1a2jfDs+J0ov+p0u,iv:AXNYaZS6fGz/Jr2zNhvmKOYKj010wtwcatItB8hRs+c=,tag:DixvP6ZaqX9l8Z8KegkvUw==,type:str]
+    wopus-ssh-nix-cache-pub: ENC[AES256_GCM,data:5G+qIs/J8mwZxGyWkK0nts9E+iqbCe8Or4C4+HHuSr3dyJTmKxmA3a+DpxmbyQ0IKjKQgiz+uJbbRGR7ptzmJr7JvpNhaJO2/CR3MKvsoCpmgynenO2QIqsEidU1h1gqMV6OEDI3pDY3OE6K2M8D2jdYLqMXo5RRa7emEQhXhdQZ98OFgVrLFtrB72Fi/rTJE/tP,iv:JAopM5dwItYl68GDAQublg+C1S0Md3S3G/7GJ11azxQ=,tag:WAqEju2azXgerpIBrk+krw==,type:str]
+nebula-wopus-vpn:
+    ca-crt: ENC[AES256_GCM,data:hV4V9wqOVUhkx6EtNOz1Dd+JzOuWFwwVwFAqkZIOdF4zIAOUvJHN2iUq1bMVLJOWpMcaxTTuXKXTKPbujs8K8TDzpRQzM22SD5o8aZAyPfif/GDUFFaLBygZropM7lUD9WDbjOucCRBKoj9cbazLsabixF1gVR/lZxyPBaquoIlBWvUiFbF5P3CLQGZ5ENprHvHRuFPciiw0JqJJNme/gaz2CBXRbEYxjVFCjwFEYQrxcMxhRw+p/eHCVzUmnOBo+09HFYpBZvIY5Q8F+MPxstWIaeEzn3Spfiw9lRGw7/r6V+Vd8ppKcKWQfgVYynY=,iv:CQjMsZc4oFP4ZDifvynVrh0w1zvXX+g93HOOsdEV2WE=,tag:gRSKJbgkzyLJyHhRqVBL9A==,type:str]
+    stonehenge-crt: ENC[AES256_GCM,data:y1FQvKI3AOvp8K04qghseuhvaL/yYfjl1lTX2z0f1u61VfLMOPj7R0jR48D5bHXfrTD6exxny6wEy3wuWP105rkLD8oxehzNuT2jgUu85OB3w3yZHdPmW+8lftZcd21BwO0uPTab8EOB19wOCMYuGnO7JL/IRwPTFXVOmKx99+jD5mh5370yB05VVMflSlmA4iCbCvvhTmB1eHFc9a5g687Rwi5PlPEhaaEUDnjyZByO7Uu1nrBBtd5koQIDshIhuQKsVeB4AIOF6EER8dYlLSu9G6GS1cVKuaNoMiUfXLn0Y9kdDDRqetuCteGEd8euwUWGq5XVFIhlOfU6cZOR/wUskrUYWQ+3MApk6TJQQd9HBSU9SoARJZXPXX/RgCIFczeW/dIc1oPRfagnKECS4g==,iv:HSIcmYJib6SsuTbDV4zFePBryCIy0nzV8O5NSAjwuQs=,tag:bonhzMDsyvC/Gn5HLHrJkQ==,type:str]
+    stonehenge-key: ENC[AES256_GCM,data:HstlV1VXX6edP5XrPUanUfO8yK20imHXwYsV/q/W4IyA+yEH9inYt4oiw3cIvGawx7gfvOpsqU4IUxLsNr4EE83qg3YqkMrnGjYuHTe1LfGsktGhibbCqw4+kcqb12bywuXmPLb9EI4KBCzUi7EQTh4sLEGsqiujS0aUC4qutQ==,iv:RKT2ZM1NeA4MmfbyVvIQ96lNvErSydF8668oHyo4LHg=,tag:EhZlHF7PdAQ0whu/JxIbWw==,type:str]
+sops:
+    age:
+        - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWXZkSWUwZ0t0ekhBckxS
+            M0lIQ1FpWkY2dXhTVmZuYjJxeXhQSW85Ulg0Cm9GV1BqS29wU2FkaEVzazcwbCs1
+            Zy9tV0ZxcFBwbFFaMzRwUWFHWUZadDAKLS0tIFdoMkVkZitjNmJhTUVMUjBQdjdi
+            TjFMZnZDelY2NWtwd1dETFUrUE44eGsKdRVF1QWlhO3obls8Fm+PSs/yzJOUbQ80
+            GoWMqeD8qPVhO99Cy9DT0GWOk3DJQNQ55I7w6ctrhJ3XuZHzTyAqlg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age13y65zemwlfnf5pszspeh87utv5jrfm35varxjdsh78xhfhs7la3scm9l9g
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5TEIyU1dtK0ZWQmJLY0Z0
+            cThwbTdmUkF5ZGgraFBSMjZRUmpiSkxZUFdJCnhBTDd2THlmczk1SE1qZ2VnRk5a
+            ejZGY2U1L1IxZ3BrdURNTURwRUJCaWsKLS0tIFdEUW5Kcmw5eGE5cFJYejRXTDYr
+            dC9MaDUvcG96djVFU1Fpb1NKZThNaUEKkxPikf5+veTmrXHU4sxtJO/LsQ3YB4j+
+            vkIWWw4qV8zRrh+XxFXrFUURhDp11m/nlpzPERxjNzRs13VS2tXTrw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-01-01T22:54:16Z"
+    mac: ENC[AES256_GCM,data:OF2RLQTbuiW3ba9VBhmJCq3UUlVACe/lxhY9RAjctaZBXTutjH84JuYG9idXiJkZkkG5l9OIez3WueLsU44RG1UgkbHAM5d6RrXsvsleVux0hViH0CIAB4K7NaeA+urgM3TQbXlBVgY2w18bA/BpcbxH3HiMC+9/iOWWJMBZ0RM=,iv:MtRBqhc71fzjLXE8S54woNnCL+0iqFhQ28N+Zz9RSyM=,tag:Aa+wJcyaTjamZ0fA2P9oQg==,type:str]
+    pgp:
+        - created_at: "2026-01-01T21:36:47Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQEMAzy6JxafzLr5AQf+I8mDQ00zcPxP4GJh5ldaVJSZ95OF7Pk0TmNmtQLaBHqE
+            Gj8MPa3CE8MyZBtFrWjt52yKcg0wIznd1Uo0HGteW2cMxGezCqioTIqNgXSQ+h/V
+            T751kH0MBOVscJUoEx3D7sdCsvk70WwnN2FdkFpA1NIDqsoHCT4MXGzcAMVTv/+K
+            Y630VFguV0Fcmy16Kry1EFVDSorio6BxwBnK2PG/uAQOEjTA8fLTVutc+h7glqjU
+            iiNPsv6MtB5gTp/Q+IPHgGmPpyCP2vN7i0ArVNFRQ2tf9tIeo/5FfgmWCH8CTcr5
+            deK/UPwJ3u2o4OsVLQryx9TBVnBcFG31f+/kwIG4CNJcAZxl1w0DbS+zHtIu1Bo5
+            oRAxj00EeM8Vp7FFA70Z38HSzFyvawomSrtzRNhRPoLOPemG59WH4621BL1HC9Rz
+            8lhSEVRdw/BjmtNRRcLsw9NrAjGsHkkhkEluY1U=
+            =bhCO
+            -----END PGP MESSAGE-----
+          fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0

switch-stonehenge

@@ -0,0 +1 @@
+nixos-rebuild switch --flake .#stonehenge -L --target-host stonehenge-lan --build-host stonehenge-lan --sudo

system/android.nix

@@ -12,6 +12,5 @@
     programs.kdeconnect.enable = true;
 
     programs.adb.enable = true;
-    services.udev.packages = [ pkgs.android-udev-rules ];
   };
 }

system/configuration.nix

@@ -43,12 +43,12 @@
 
   services.geoclue2.enable = true;
 
-  systemd.extraConfig = ''
+  systemd.settings.Manager = {
-    DefaultTimeoutStopSec=10s
+    DefaultTimeoutStopSec = "10s";
-  '';
+  };
-  services.logind.extraConfig = ''
+  services.logind.settings.Login = {
-    HandlePowerKey=suspend
+    HandlePowerKey = "suspend";
-  '';
+  };
   services.upower.enable = true;
 
   # This value determines the NixOS release from which the default

system/fonts.nix

@@ -4,7 +4,7 @@
   fonts.packages = with pkgs; [
     noto-fonts
     noto-fonts-cjk-sans
-    noto-fonts-emoji
+    noto-fonts-color-emoji
     nerd-fonts.fira-code
     nerd-fonts.hack
   ];

system/greetd.nix

@@ -42,9 +42,13 @@ in
     };
     services.greetd =
       let
+        start-sway = pkgs.writeShellScriptBin "start-sway" ''
+          mkdir -p ~/.local/share/sway
+          exec sway 2>&1 | tee -a ~/.local/share/sway/sway.log
+        '';
         greetd_main_script = pkgs.writeShellScriptBin "main" ''
           export XDG_CURRENT_DESKTOP=sway GTK_THEME="${theme.gtk_theme}" XCURSOR_THEME="${theme.cursor_theme}"
-          ${pkgs.greetd.gtkgreet}/bin/gtkgreet -l -c ${desktop}
+          ${pkgs.greetd.gtkgreet}/bin/gtkgreet -l -c ${lib.getExe start-sway}
           swaymsg exit
         '';
         swayConfig = pkgs.writeText "greetd-sway-config" ''
@@ -68,7 +72,7 @@ in
         enable = true;
         settings = {
           initial_session = {
-            command = desktop;
+            command = lib.getExe start-sway;
             user = "lelgenio";
           };
           default_session = {

system/media-packages.nix

@@ -18,7 +18,7 @@ in
       ffmpeg
       obs-studio
       imagemagick
-      mpc-cli
+      mpc
       helvum
       gimp
       inkscape

system/monolith-forgejo-runner.nix

@@ -1,7 +1,7 @@
 { pkgs, config, ... }:
 {
   services.gitea-actions-runner = {
-    package = pkgs.forgejo-actions-runner;
+    package = pkgs.forgejo-runner;
     instances.default = {
       enable = true;
       name = "monolith";

system/mouse.nix

@@ -10,6 +10,6 @@
     MatchBus=usb
     MatchVendor=0x046D
     MatchProduct=0x4099
-    AttrEventCode=-REL_WHEEL_HI_RES
+    AttrEventCode=-REL_WHEEL_HI_RES;-REL_HWHEEL_HI_RES;
   '';
 }

user/chat.nix

@@ -15,7 +15,7 @@
   };
 
   home.packages = with pkgs; [
-    tdesktop
+    telegram-desktop
     discord-canary
     thunderbird
     element-desktop

user/gaming.nix

@@ -17,7 +17,7 @@ in
       # steam # It's enabled in the system config
       tlauncher
       gamescope
-      glxinfo
+      mesa-demos
       vulkan-tools
     ];
   };

user/home.nix

@@ -73,7 +73,7 @@
     gavin-bc
     file
     jq
-    du-dust
+    dust
     p7zip
     tealdeer
     micro

user/kakoune/default.nix

@@ -130,7 +130,7 @@ in
       terminal
       ranger
       bmenu
-      kak-lsp
+      kakoune-lsp
       kak-tree-sitter
       kak-pager
       kak-man-pager

user/mangohud.nix

@@ -1,71 +1,97 @@
-{ config, lib, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 let
   cfg = config.my.mangohud;
+
+  settings = {
+    # Display
+    no_display = true; # Hidden by default
+    toggle_hud = "Shift_R+F12";
+    font_size = "20";
+
+    # GPU
+    pci_dev = "0:03:00.0";
+    gpu_text = "RX 7800 XT";
+    gpu_stats = true;
+    gpu_load_change = true;
+    gpu_load_value = "50,90";
+    gpu_load_color = "FFFFFF,FFAA7F,CC0000";
+    gpu_voltage = true;
+    throttling_status = true;
+    gpu_core_clock = true;
+    gpu_mem_clock = true;
+    gpu_temp = true;
+    gpu_mem_temp = true;
+    gpu_junction_temp = true;
+    gpu_fan = true;
+    gpu_power = true;
+
+    # CPU
+    cpu_text = "R7 8700G";
+    cpu_stats = true;
+    core_load = true;
+    core_bars = true;
+    cpu_load_change = true;
+    cpu_load_value = "50,90";
+    cpu_load_color = "FFFFFF,FFAA7F,CC0000";
+    cpu_mhz = true;
+    cpu_temp = true;
+    cpu_power = true;
+    io_read = true;
+    io_write = true;
+
+    # RAM
+    swap = true;
+    vram = true;
+    vram_color = "AD64C1";
+    ram = true;
+    ram_color = "C26693";
+    procmem = true;
+
+    # FPS
+    fps = true;
+    fps_metrics = "avg,0.01";
+    frame_timing = true;
+    frametime_color = "FFFFFF";
+    throttling_status_graph = true;
+    show_fps_limit = true;
+    fps_limit = "240,144,120,90,60,30,0";
+
+    # Extra
+    resolution = true;
+    fsr = true;
+    winesync = true;
+    present_mode = true;
+    fps_color_change = true;
+    fps_color = "B22222,FDFD09,39F900";
+    fps_value = "60,144";
+  };
+
 in
 {
   options.my.mangohud.enable = lib.mkEnableOption { };
 
-  config.programs.mangohud = lib.mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
+    programs.mangohud = {
       enable = true;
       enableSessionWide = true;
-    settings = {
+      inherit settings;
-      full = true;
+    };
-      # histogram = true;
-      no_display = true;
-      fps_limit = "0,30,60,72,90,120,144,240,288,320";
-      toggle_fps_limit = "Shift_R+F10";
-      toggle_preset = "Control_R+F9";
-      fps_metrics = "Control_R+F8";
 
-      media_player = false;
+    # Have the config file be a regular file and not a symlink, so it's easy to tinker with it
-      battery = false;
+    xdg.configFile."MangoHud/MangoHud.conf" = {
-
+      target = "MangoHud/MangoHud.conf.tmp";
-      # legacy_layout = "false";
+      onChange = ''
-      # gpu_stats = true;
+        mkdir -p "${config.xdg.configHome}/MangoHud"
-      # gpu_temp = true;
+        if [ -L "${config.xdg.configHome}/MangoHud/MangoHud.conf" ]; then
-      # gpu_core_clock = true;
+          rm "${config.xdg.configHome}/MangoHud/MangoHud.conf"
-      # gpu_mem_clock = true;
+        fi
-      # gpu_power = true;
+        ${pkgs.coreutils}/bin/cp --dereference "${config.xdg.configHome}/MangoHud/MangoHud.conf.tmp" "${config.xdg.configHome}/MangoHud/MangoHud.conf"
-      # gpu_load_change = true;
+      '';
-      # gpu_load_value = "50,90";
-      gpu_load_color = "FFFFFF,FFAA7F,CC0000";
-      # gpu_text = "GPU";
-      # cpu_stats = true;
-      # cpu_temp = true;
-      # cpu_power = true;
-      # cpu_mhz = true;
-      # cpu_load_change = true;
-      # core_load_change = true;
-      # cpu_load_value = "50,90";
-      cpu_load_color = "FFFFFF,FFAA7F,CC0000";
-      cpu_color = "2e97cb";
-      # cpu_text = "CPU";
-      # io_stats = true;
-      # io_read = true;
-      # io_write = true;
-      io_color = "a491d3";
-      # swap = true;
-      # vram = true;
-      vram_color = "ad64c1";
-      # ram = true;
-      ram_color = "c26693";
-      # fps = true;
-      engine_color = "eb5b5b";
-      gpu_color = "2e9762";
-      wine_color = "eb5b5b";
-      # frame_timing = "1";
-      frametime_color = "00ff00";
-      media_player_color = "ffffff";
-      background_alpha = "0.8";
-      font_size = "24";
-
-      background_color = "020202";
-      position = "top-left";
-      # text_color = "ffffff";
-      round_corners = "10";
-      toggle_hud = "Shift_R+F12";
-      # toggle_logging = "Shift_L+F12";
-      # output_folder = "/home/lelgenio";
     };
   };
 }

user/ranger/default.nix

@@ -19,7 +19,7 @@
     wl-clipboard
 
     highlight # syntax highlight
-    poppler_utils # pdf preview
+    poppler-utils # pdf preview
     ffmpeg # audio preview
     ffmpegthumbnailer # video preview
     fontforge # font preview

user/rofi.nix

@@ -18,7 +18,7 @@ in
   config = {
     programs.rofi = {
       enable = true;
-      package = pkgs.rofi-wayland.override {
+      package = pkgs.rofi.override {
         plugins = with pkgs; [
           rofi-emoji
           rofi-file-browser

user/sway/swayidle.nix

@@ -22,7 +22,7 @@ in
       {
         timeout = 1800;
         command = asScript "swayidle-suspend-monitors" ''
-          ${pkgs.mpc_cli}/bin/mpc status | grep "^[playing]" > /dev/null || ${pkgs.sway}/bin/swaymsg "output * dpms off"
+          ${pkgs.mpc}/bin/mpc status | grep "^[playing]" > /dev/null || ${pkgs.sway}/bin/swaymsg "output * dpms off"
         '';
         resumeCommand = asScript "swayidle-wakeup-monitors" ''
           ${pkgs.sway}/bin/swaymsg "output * dpms on"

user/waybar/default.nix

@@ -136,7 +136,7 @@ in
           };
           mpd =
             let
-              mpc = "${pkgs.mpc-cli}/bin/mpc";
+              mpc = "${pkgs.mpc}/bin/mpc";
             in
             {
               format = "{stateIcon} {title} - {artist}";