big revert

flake lock
chore(ded): remove dead code
2025-10-04 20:49:00 +02:00 · 2025-10-04 20:42:31 +02:00 · 2025-09-29 19:31:23 +02:00 · 2025-09-29 19:28:33 +02:00 · 2025-09-29 17:10:38 +02:00 · 2025-09-28 18:27:17 +02:00
43 changed files with 675 additions and 918 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -29,11 +29,11 @@
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1758645700,
+        "lastModified": 1758874004,
-        "narHash": "sha256-7VHPjP/FDqx3EctIXqUssh8GC9ldXq/eNMX21uVkI8c=",
+        "narHash": "sha256-+RUCBtT01Z595NpGc6Tvms+dJ/C/cn1zdjT9+gE6dbU=",
        "owner": "anyrun-org",
        "repo": "anyrun",
-        "rev": "8cf7bd9de48e50cf1d662a56af28c0d13da91761",
+        "rev": "3c571bc1514c4211d1d6c011a1d482f97efd9c5f",
        "type": "github"
      },
      "original": {
@@ -50,11 +50,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758040471,
+        "lastModified": 1758817837,
-        "narHash": "sha256-jsFBGoLiciAFRs5Fi4eOvbsXtf2tLyYh+OiRhV6BGI4=",
+        "narHash": "sha256-J3Jl4Z8SJHj+ogyohPeypT5LmQtCupdBteFezwiEZ9E=",
        "owner": "anyrun-org",
        "repo": "anyrun-provider",
-        "rev": "6631af0ecb8f245cbf88e972d1522f747d6cd883",
+        "rev": "b20650aa1bf80ae86b5bf5253d21fc0ddb7985c7",
        "type": "github"
      },
      "original": {
@@ -83,11 +83,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1755946532,
+        "lastModified": 1759499898,
-        "narHash": "sha256-POePremlUY5GyA1zfbtic6XLxDaQcqHN6l+bIxdT5gc=",
+        "narHash": "sha256-UNzYHLWfkSzLHDep5Ckb5tXc0fdxwPIrT+MY4kpQttM=",
        "owner": "hyprwm",
        "repo": "aquamarine",
-        "rev": "81584dae2df6ac79f6b6dae0ecb7705e95129ada",
+        "rev": "655e067f96fd44b3f5685e17f566b0e4d535d798",
        "type": "github"
      },
      "original": {
@@ -114,11 +114,11 @@
        "uv2nix": "uv2nix"
      },
      "locked": {
-        "lastModified": 1758177015,
+        "lastModified": 1759322529,
-        "narHash": "sha256-PCUWdbaxayY3YfSjVlyddBMYoGvSaRysd5AmZ8gqSFs=",
+        "narHash": "sha256-yiv/g/tiJI3PI95F7vhTnaf1TDsIkFLrmmFTjWfb6pQ=",
        "owner": "nix-community",
        "repo": "authentik-nix",
-        "rev": "4c626ed84cc0f1278bfba0f534efd6cba2788d75",
+        "rev": "69fac057b2e553ee17c9a09b822d735823d65a6c",
        "type": "github"
      },
      "original": {
@@ -130,16 +130,16 @@
    "authentik-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1758035356,
+        "lastModified": 1759190535,
-        "narHash": "sha256-DkvxDwHCfSqEpZ9rRXNR8MP0Mz/y1kHAr38exrHQ39c=",
+        "narHash": "sha256-pIzDaoDWc58cY/XhsyweCwc4dfRvkaT/zqsV1gDSnCI=",
        "owner": "goauthentik",
        "repo": "authentik",
-        "rev": "680feaefa17934471a6b33ebc35caf5b64120404",
+        "rev": "8d3a289d12c7de2f244c76493af7880f70d08af2",
        "type": "github"
      },
      "original": {
        "owner": "goauthentik",
-        "ref": "version/2025.8.3",
+        "ref": "version/2025.8.4",
        "repo": "authentik",
        "type": "github"
      }
@@ -153,11 +153,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1758642505,
+        "lastModified": 1759532138,
-        "narHash": "sha256-056XfEHlYdBKU2RtN4R+9m2nzL588TCZ8AsIviWONRg=",
+        "narHash": "sha256-sLQIlgDwMP3mEY2PwjGW+cL56QQ2n2WXoZ3GpG5QWOY=",
        "owner": "chaotic-cx",
        "repo": "nyx",
-        "rev": "0fe60fa161631289a051fef36dfaab28465ddc7b",
+        "rev": "bad02bbca5b5c6d45539a0d740ad0e21b1ba9afc",
        "type": "github"
      },
      "original": {
@@ -212,11 +212,11 @@
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
-        "lastModified": 1758695884,
+        "lastModified": 1759560021,
-        "narHash": "sha256-rnHjtBRkcwRkrUZxg0RqN1qWTG+QC/gj4vn9uzEkBww=",
+        "narHash": "sha256-J/rtMKVUAEqOFj0ogvcHKK8HbaKhw+tiNrDOpEM+ZDY=",
        "owner": "nix-community",
        "repo": "fenix",
-        "rev": "9cdb79384d02234fb2868eba6c7d390253ef6f83",
+        "rev": "6ffcbf59c119b0c6384c7d98f18cea06a9af7e9c",
        "type": "github"
      },
      "original": {
@@ -312,11 +312,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1754487366,
+        "lastModified": 1756770412,
-        "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
+        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
+        "rev": "4524271976b625a4a605beefd893f270620fd751",
        "type": "github"
      },
      "original": {
@@ -332,11 +332,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1756770412,
+        "lastModified": 1759362264,
-        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
+        "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "4524271976b625a4a605beefd893f270620fd751",
+        "rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
        "type": "github"
      },
      "original": {
@@ -392,11 +392,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1756770412,
+        "lastModified": 1759362264,
-        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
+        "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "4524271976b625a4a605beefd893f270620fd751",
+        "rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
        "type": "github"
      },
      "original": {
@@ -491,11 +491,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758108966,
+        "lastModified": 1759523803,
-        "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=",
+        "narHash": "sha256-PTod9NG+i3XbbnBKMl/e5uHDBYpwIWivQ3gOWSEuIEM=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b",
+        "rev": "cfc9f7bb163ad8542029d303e599c0f7eee09835",
        "type": "github"
      },
      "original": {
@@ -571,11 +571,11 @@
    },
    "hardware": {
      "locked": {
-        "lastModified": 1758663926,
+        "lastModified": 1759582739,
-        "narHash": "sha256-6CFdj7Xs616t1W4jLDH7IohAAvl5Dyib3qEv/Uqw1rk=",
+        "narHash": "sha256-spZegilADH0q5OngM86u6NmXxduCNv5eX9vCiUPhOYc=",
        "owner": "nixos",
        "repo": "nixos-hardware",
-        "rev": "170ff93c860b2a9868ed1e1102d4e52cb3d934e1",
+        "rev": "3441b5242af7577230a78ffb03542add264179ab",
        "type": "github"
      },
      "original": {
@@ -590,11 +590,11 @@
        "rust-overlay": "rust-overlay_2"
      },
      "locked": {
-        "lastModified": 1758722153,
+        "lastModified": 1759201995,
-        "narHash": "sha256-q0t19uo2qGy9iA+pvhQ97jQ4jMWJfG3a3diLspPeBAQ=",
+        "narHash": "sha256-3STv6fITv8Ar/kl0H7vIA7VV0d2gyLh8UL0BOiVacXg=",
        "owner": "helix-editor",
        "repo": "helix",
-        "rev": "ed08fbd4102e320bf96f2af2854b9de77df7a104",
+        "rev": "bfcbef10c513108c7b43317569416c2eefc4ed44",
        "type": "github"
      },
      "original": {
@@ -610,11 +610,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758719930,
+        "lastModified": 1759573136,
-        "narHash": "sha256-DgHe1026Ob49CPegPMiWj1HNtlMTGQzfSZQQVlHC950=",
+        "narHash": "sha256-ILSPD0Dm8p0w0fCVzOx98ZH8yFDrR75GmwmH3fS2VnE=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "142acd7a7d9eb7f0bb647f053b4ddfd01fdfbf1d",
+        "rev": "5f06ceafc6c9b773a776b9195c3f47bbe1defa43",
        "type": "github"
      },
      "original": {
@@ -652,11 +652,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758464306,
+        "lastModified": 1759337100,
-        "narHash": "sha256-i56XRXqjwJRdVYmpzVUQ0ktqBBHqNzQHQMQvFRF/acQ=",
+        "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "939e91e1cff1f99736c5b02529658218ed819a2a",
+        "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3",
        "type": "github"
      },
      "original": {
@@ -710,11 +710,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758192433,
+        "lastModified": 1759490292,
-        "narHash": "sha256-CR6RnqEJSTiFgA6KQY4TTLUWbZ8RBnb+hxQqesuQNzQ=",
+        "narHash": "sha256-T6iWzDOXp8Wv0KQOCTHpBcmAOdHJ6zc/l9xaztW6Ivc=",
        "owner": "hyprwm",
        "repo": "hyprgraphics",
-        "rev": "c44e749dd611521dee940d00f7c444ee0ae4cfb7",
+        "rev": "9431db625cd9bb66ac55525479dce694101d6d7a",
        "type": "github"
      },
      "original": {
@@ -803,11 +803,11 @@
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1758654510,
+        "lastModified": 1759530922,
-        "narHash": "sha256-V4hLuM9uB4ecz0sFnnrt0idxpw0kGIw+6tLmBw2X0u8=",
+        "narHash": "sha256-9NgZKpibALekGTPDc2O8lP8vFealQSZkXe+L+S7MMZU=",
        "owner": "hyprwm",
        "repo": "hyprland",
-        "rev": "ec9a72d9fbe8372c4cc4e86966f6b13d178b0bba",
+        "rev": "76d998743ac10e712238c1016db4d8e8d16f1049",
        "type": "github"
      },
      "original": {
@@ -824,11 +824,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758531979,
+        "lastModified": 1759238633,
-        "narHash": "sha256-iRv5afKzuu6SkwztqMwZ33161CzBJsyeRHp0uviN9TI=",
+        "narHash": "sha256-4/AtRCQKXuU49ozZZouWuC+T7vCjQh9HAz3N8Tt5OZE=",
        "owner": "hyprwm",
        "repo": "contrib",
-        "rev": "de79078fd59140067e53cd00ebdf17f96ce27846",
+        "rev": "513d71d3f42c05d6a38e215382c5a6ce971bd77d",
        "type": "github"
      },
      "original": {
@@ -942,11 +942,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1757694755,
+        "lastModified": 1759080228,
-        "narHash": "sha256-j+w5QUUr2QT/jkxgVKecGYV8J7fpzXCMgzEEr6LG9ug=",
+        "narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=",
        "owner": "hyprwm",
        "repo": "hyprland-qtutils",
-        "rev": "5ffdfc13ed03df1dae5084468d935f0a3f2c9a4c",
+        "rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7",
        "type": "github"
      },
      "original": {
@@ -971,11 +971,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1756810301,
+        "lastModified": 1758927902,
-        "narHash": "sha256-wgZ3VW4VVtjK5dr0EiK9zKdJ/SOqGIBXVG85C3LVxQA=",
+        "narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=",
        "owner": "hyprwm",
        "repo": "hyprlang",
-        "rev": "3d63fb4a42c819f198deabd18c0c2c1ded1de931",
+        "rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da",
        "type": "github"
      },
      "original": {
@@ -1006,11 +1006,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758124489,
+        "lastModified": 1759572448,
-        "narHash": "sha256-YiVF/8Me3vVKJBEgGpQhn0HF09EWfXZGaWLzAaJBrO4=",
+        "narHash": "sha256-o+r44fqPQM+/hQdjFy9qV9C51Jhty6M4icFVYocyJfA=",
        "owner": "hyprwm",
        "repo": "hyprlock",
-        "rev": "7f769fa993cb492982d7bf25676c68ddbcc0268e",
+        "rev": "c8a6768dca626cf7d7cbc333095f048bc007b6d9",
        "type": "github"
      },
      "original": {
@@ -1069,11 +1069,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1756117388,
+        "lastModified": 1759490926,
-        "narHash": "sha256-oRDel6pNl/T2tI+nc/USU9ZP9w08dxtl7hiZxa0C/Wc=",
+        "narHash": "sha256-7IbZGJ5qAAfZsGhBHIsP8MBsfuFYS0hsxYHVkkeDG5Q=",
        "owner": "hyprwm",
        "repo": "hyprutils",
-        "rev": "b2ae3204845f5f2f79b4703b441252d8ad2ecfd0",
+        "rev": "94cce794344538c4d865e38682684ec2bbdb2ef3",
        "type": "github"
      },
      "original": {
@@ -1191,11 +1191,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1757230583,
+        "lastModified": 1759387127,
-        "narHash": "sha256-4uqu7sFPOaVTCogsxaGMgbzZ2vK40GVGMfUmrvK3/LY=",
+        "narHash": "sha256-uuwJAP92SkHmnI1zo7rrK/gEuHtb97vFZcMa5w+0SZA=",
        "owner": "Jovian-Experiments",
        "repo": "Jovian-NixOS",
-        "rev": "fc3960e6c32c9d4f95fff2ef84444284d24d3bea",
+        "rev": "0cc290e05882745060fccfe6d7d073f913e0cce7",
        "type": "github"
      },
      "original": {
@@ -1229,11 +1229,11 @@
    },
    "mnw": {
      "locked": {
-        "lastModified": 1756659871,
+        "lastModified": 1758834834,
-        "narHash": "sha256-v6Rh4aQ6RKjM2N02kK9Usn0Ix7+OY66vNpeklc1MnGE=",
+        "narHash": "sha256-Y7IvY4F8vajZyp3WGf+KaiIVwondEkMFkt92Cr9NZmg=",
        "owner": "Gerg-L",
        "repo": "mnw",
-        "rev": "ed6cc3e48557ba18266e598a5ebb6602499ada16",
+        "rev": "cfbc7d1cc832e318d0863a5fc91d940a96034001",
        "type": "github"
      },
      "original": {
@@ -1268,62 +1268,6 @@
        "type": "github"
      }
    },
    "niri": {
      "inputs": {
        "niri-stable": "niri-stable",
        "niri-unstable": "niri-unstable",
        "nixpkgs": "nixpkgs_8",
        "nixpkgs-stable": "nixpkgs-stable",
        "xwayland-satellite-stable": "xwayland-satellite-stable",
        "xwayland-satellite-unstable": "xwayland-satellite-unstable"
      },
      "locked": {
        "lastModified": 1758697829,
        "narHash": "sha256-1pO4A16ssvjHNyHilpvxo15mBkAifCSOiLs3hBlrYdU=",
        "owner": "sodiboo",
        "repo": "niri-flake",
        "rev": "9dbeb8f613d2da107bff8375c2db7182a2bb79bb",
        "type": "github"
      },
      "original": {
        "owner": "sodiboo",
        "repo": "niri-flake",
        "type": "github"
      }
    },
    "niri-stable": {
      "flake": false,
      "locked": {
        "lastModified": 1756556321,
        "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=",
        "owner": "YaLTeR",
        "repo": "niri",
        "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294",
        "type": "github"
      },
      "original": {
        "owner": "YaLTeR",
        "ref": "v25.08",
        "repo": "niri",
        "type": "github"
      }
    },
    "niri-unstable": {
      "flake": false,
      "locked": {
        "lastModified": 1758691861,
        "narHash": "sha256-CYgoGrY/Fx+hjzp8graTxJw1M7mn1f2jBkK26M04T0s=",
        "owner": "YaLTeR",
        "repo": "niri",
        "rev": "e837e39623457dc5ad29c34a5ce4d4616e5fbf1e",
        "type": "github"
      },
      "original": {
        "owner": "YaLTeR",
        "repo": "niri",
        "type": "github"
      }
    },
    "nix-gaming": {
      "inputs": {
        "flake-parts": [
@@ -1334,11 +1278,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758678659,
+        "lastModified": 1759455985,
-        "narHash": "sha256-Ff5IFCEABf3CStKvf8MqJe7jwrHk2J8swdYTrwOj9dk=",
+        "narHash": "sha256-8qDv7NXH3fj1CDXed7c7vJLtrRKDZSo0x6TaWSfelVg=",
        "owner": "fufexan",
        "repo": "nix-gaming",
-        "rev": "6418c314274a8ce27078402ab1fbac7c06da7a36",
+        "rev": "eb5ab503cbd3cb386e8d85a55a9faed73ec7dc37",
        "type": "github"
      },
      "original": {
@@ -1401,45 +1345,13 @@
        "type": "github"
      }
    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1758589230,
        "narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "d1d883129b193f0b495d75c148c2c3a7d95789a0",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_10": {
      "locked": {
        "lastModified": 1756696532,
        "narHash": "sha256-6FWagzm0b7I/IGigOv9pr6LL7NQ86mextfE8g8Q6HBg=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "58dcbf1ec551914c3756c267b8b9c8c86baa1b2f",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1755186698,
+        "lastModified": 1758690382,
-        "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
+        "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
+        "rev": "e643668fd71b949c53f8626614b21ff71a07379d",
        "type": "github"
      },
      "original": {
@@ -1451,11 +1363,11 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1758633633,
+        "lastModified": 1759147044,
-        "narHash": "sha256-20FVSEcXWV0P1A/1EDMUH7UVFvktg/ltBNqHJmoQTO8=",
+        "narHash": "sha256-3ZPFytJOcLjTChljeaGgoaNj+tOqzgEpqZAvRe3bU90=",
        "owner": "PedroHLC",
        "repo": "nixpkgs",
-        "rev": "36740bcdb7ea5625132575da3c627032b812c236",
+        "rev": "18e83bbe13aa50992777832b52bd0e0d8585fb3b",
        "type": "github"
      },
      "original": {
@@ -1499,11 +1411,11 @@
    },
    "nixpkgs_6": {
      "locked": {
-        "lastModified": 1758198701,
+        "lastModified": 1759381078,
-        "narHash": "sha256-7To75JlpekfUmdkUZewnT6MoBANS0XVypW6kjUOXQwc=",
+        "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "0147c2f1d54b30b5dd6d4a8c8542e8d7edf93b5d",
+        "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
        "type": "github"
      },
      "original": {
@@ -1531,11 +1443,11 @@
    },
    "nixpkgs_8": {
      "locked": {
-        "lastModified": 1758427187,
+        "lastModified": 1759381078,
-        "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=",
+        "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46",
+        "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
        "type": "github"
      },
      "original": {
@@ -1547,16 +1459,16 @@
    },
    "nixpkgs_9": {
      "locked": {
-        "lastModified": 1758427187,
+        "lastModified": 1759386674,
-        "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=",
+        "narHash": "sha256-wg1Lz/1FC5Q13R+mM5a2oTV9TA9L/CHHTm3/PiLayfA=",
-        "owner": "NixOS",
+        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46",
+        "rev": "625ad6366178f03acd79f9e3822606dd7985b657",
        "type": "github"
      },
      "original": {
-        "owner": "NixOS",
+        "owner": "nixos",
-        "ref": "nixos-unstable",
+        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
@@ -1566,15 +1478,15 @@
        "flake-compat": "flake-compat_5",
        "flake-parts": "flake-parts_5",
        "mnw": "mnw",
-        "nixpkgs": "nixpkgs_10",
+        "nixpkgs": "nixpkgs_9",
        "systems": "systems_5"
      },
      "locked": {
-        "lastModified": 1758271661,
+        "lastModified": 1759469269,
-        "narHash": "sha256-ENqd2/33uP5vB44ClDjjAV+J78oF8q1er4QUZuT8Z7g=",
+        "narHash": "sha256-DP833ejGUNRRHsJOB3WRTaWWXLNucaDga2ju/fGe+sc=",
        "owner": "notashelf",
        "repo": "nvf",
-        "rev": "b7571df4d6e9ac08506a738ddceeec0b141751b0",
+        "rev": "e48638aef3a95377689de0ef940443c64f870a09",
        "type": "github"
      },
      "original": {
@@ -1702,9 +1614,8 @@
        "hyprlock": "hyprlock",
        "hyprpaper": "hyprpaper",
        "lanzaboote": "lanzaboote",
        "niri": "niri",
        "nix-gaming": "nix-gaming",
-        "nixpkgs": "nixpkgs_9",
+        "nixpkgs": "nixpkgs_8",
        "nvf": "nvf",
        "systems": "systems_6",
        "treefmt-nix": "treefmt-nix",
@@ -1715,11 +1626,11 @@
    "rust-analyzer-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1758620797,
+        "lastModified": 1759301569,
-        "narHash": "sha256-Ly4rHgrixFMBnkbMursVt74mxnntnE6yVdF5QellJ+A=",
+        "narHash": "sha256-7StxDed3v2fAWLkl+Hse9FlpjT7Dk7Cn/4vxTFyEhIg=",
        "owner": "rust-lang",
        "repo": "rust-analyzer",
-        "rev": "905641f3520230ad6ef421bcf5da9c6b49f2479b",
+        "rev": "472037b789cf593172d6adf3b8d9f7a429f6cd9b",
        "type": "github"
      },
      "original": {
@@ -1737,11 +1648,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758422215,
+        "lastModified": 1759458749,
-        "narHash": "sha256-JvF5SXhp1wBHbfEVAWgJCDVSO8iknfDqXfqMch5YWg0=",
+        "narHash": "sha256-WKnbJnm1B2+TO2ZUudgS39EzecQeLl4/bnRtd3y46LI=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "6f3988eb5885f1e2efa874a480d91de09a7f9f0b",
+        "rev": "bbc3a8ae797d1700e57a4f4bcc4e79af727d4138",
        "type": "github"
      },
      "original": {
@@ -2005,39 +1916,6 @@
        "type": "github"
      }
    },
    "xwayland-satellite-stable": {
      "flake": false,
      "locked": {
        "lastModified": 1755491097,
        "narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=",
        "owner": "Supreeeme",
        "repo": "xwayland-satellite",
        "rev": "388d291e82ffbc73be18169d39470f340707edaa",
        "type": "github"
      },
      "original": {
        "owner": "Supreeeme",
        "ref": "v0.7",
        "repo": "xwayland-satellite",
        "type": "github"
      }
    },
    "xwayland-satellite-unstable": {
      "flake": false,
      "locked": {
        "lastModified": 1758577423,
        "narHash": "sha256-sB2GAOjhjoWnjU6A/uHNJiY6O3UeztV5pJAN2g1FkXU=",
        "owner": "Supreeeme",
        "repo": "xwayland-satellite",
        "rev": "03368548ba745e17a85bd631613a59cb2d8469a4",
        "type": "github"
      },
      "original": {
        "owner": "Supreeeme",
        "repo": "xwayland-satellite",
        "type": "github"
      }
    },
    "zen-browser": {
      "inputs": {
        "nixpkgs": [
@@ -2045,11 +1923,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758575291,
+        "lastModified": 1759590499,
-        "narHash": "sha256-Y/sVWFUNVI663tnNvMZ/n3bLsg8V7idA4M2eaoHxmhs=",
+        "narHash": "sha256-EBToRzqe5WMz4DQyxOp9/CP+rWjdaZ2EUwbItfNf3VI=",
        "ref": "refs/heads/main",
-        "rev": "ee14b24cfe16dd9bc02aa25409a2a4349ed361c9",
+        "rev": "6e606c8bfa6a88209488790388b1005bc489fa66",
-        "revCount": 131,
+        "revCount": 136,
        "type": "git",
        "url": "https://git.sr.ht/~canasta/zen-browser-flake"
      },
--- a/flake.nix
+++ b/flake.nix
@@ -1,8 +1,9 @@
 {
  description = "cnix nix";
-  outputs = inputs:
+  outputs =
-    inputs.flake-parts.lib.mkFlake {inherit inputs;} {
+    inputs:
    inputs.flake-parts.lib.mkFlake { inherit inputs; } {
      systems = [
        "x86_64-linux"
        "aarch64-linux"
@@ -16,23 +17,25 @@
        ./fmt-hooks.nix
      ];
-      perSystem = {
+      perSystem =
-        config,
+        {
-        pkgs,
+          config,
-        ...
+          pkgs,
-      }: {
+          ...
-        devShells.default = pkgs.mkShell {
+        }:
-          packages = [
+        {
-            pkgs.git
+          devShells.default = pkgs.mkShell {
-            config.packages.repl
+            packages = [
-          ];
+              pkgs.git
-          name = "dots";
+              config.packages.repl
-          env.DIRENV_LOG_FORMAT = "";
+            ];
-          shellHook = ''
+            name = "dots";
-            ${config.pre-commit.installationScript}
+            env.DIRENV_LOG_FORMAT = "";
-          '';
+            shellHook = ''
              ${config.pre-commit.installationScript}
            '';
          };
        };
      };
    };
  inputs = {
@@ -144,8 +147,6 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    niri.url = "github:sodiboo/niri-flake";
    # Custom
    tuirun = {
      url = "git+https://git.sr.ht/~canasta/tuirun";
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -4,111 +4,114 @@
  homeImports,
  self,
  ...
-}: {
+}:
-  flake.nixosConfigurations = let
+{
-    cLib = import ../lib inputs.nixpkgs.lib;
+  flake.nixosConfigurations =
-    userConfig = "${self}/home";
+    let
-    systemConfig = "${self}/system";
+      cLib = import ../lib inputs.nixpkgs.lib;
-    hostConfig = "${self}/hosts";
+      userConfig = "${self}/home";
      systemConfig = "${self}/system";
      hostConfig = "${self}/hosts";
-    cnstConfig = "${self}/users/cnst";
+      cnstConfig = "${self}/users/cnst";
-    toothpickConfig = "${self}/users/toothpick";
+      toothpickConfig = "${self}/users/toothpick";
-    umodPath = "${self}/modules/home";
+      umodPath = "${self}/modules/home";
-    smodPath = "${self}/modules/system";
+      smodPath = "${self}/modules/system";
-    inherit (inputs.nixpkgs.lib) nixosSystem;
+      inherit (inputs.nixpkgs.lib) nixosSystem;
-    inherit (self) outputs;
+      inherit (self) outputs;
-    specialArgs = {
+      specialArgs = {
-      inherit
+        inherit
-        cLib
+          cLib
-        inputs
+          inputs
-        outputs
+          outputs
-        self
+          self
-        userConfig
+          userConfig
-        systemConfig
+          systemConfig
-        hostConfig
+          hostConfig
-        cnstConfig
+          cnstConfig
-        toothpickConfig
+          toothpickConfig
-        umodPath
+          umodPath
-        smodPath
+          smodPath
-        ;
+          ;
      };
    in
    {
      kima = nixosSystem {
        inherit specialArgs;
        modules = [
          ./kima
          "${self}/nix"
          {
            home-manager = {
              users.cnst.imports = homeImports."cnst@kima";
              extraSpecialArgs = specialArgs;
            };
          }
          self.nixosModules.nixos
          self.nixosModules.settings
          inputs.chaotic.nixosModules.default
          inputs.agenix.nixosModules.default
        ];
      };
      bunk = nixosSystem {
        inherit specialArgs;
        modules = [
          ./bunk
          "${self}/nix"
          {
            home-manager = {
              users.cnst.imports = homeImports."cnst@bunk";
              extraSpecialArgs = specialArgs;
            };
          }
          self.nixosModules.nixos
          self.nixosModules.settings
          inputs.chaotic.nixosModules.default
          inputs.agenix.nixosModules.default
        ];
      };
      sobotka = nixosSystem {
        inherit specialArgs;
        modules = [
          ./sobotka
          "${self}/nix"
          self.nixosModules.nixos
          self.nixosModules.settings
          self.nixosModules.server
          inputs.agenix.nixosModules.default
          inputs.authentik.nixosModules.default
        ];
      };
      ziggy = nixosSystem {
        inherit specialArgs;
        modules = [
          ./ziggy
          "${self}/nix"
          self.nixosModules.nixos
          self.nixosModules.settings
          self.nixosModules.server
          inputs.agenix.nixosModules.default
        ];
      };
      toothpc = nixosSystem {
        inherit specialArgs;
        modules = [
          ./toothpc
          "${self}/nix"
          {
            home-manager = {
              users.toothpick.imports = homeImports."toothpick@toothpc";
              extraSpecialArgs = specialArgs;
            };
          }
          self.nixosModules.nixos
          self.nixosModules.settings
          inputs.chaotic.nixosModules.default
          inputs.agenix.nixosModules.default
        ];
      };
    };
  in {
    kima = nixosSystem {
      inherit specialArgs;
      modules = [
        ./kima
        "${self}/nix"
        {
          home-manager = {
            users.cnst.imports = homeImports."cnst@kima";
            extraSpecialArgs = specialArgs;
          };
        }
        self.nixosModules.nixos
        self.nixosModules.settings
        inputs.chaotic.nixosModules.default
        inputs.agenix.nixosModules.default
      ];
    };
    bunk = nixosSystem {
      inherit specialArgs;
      modules = [
        ./bunk
        "${self}/nix"
        {
          home-manager = {
            users.cnst.imports = homeImports."cnst@bunk";
            extraSpecialArgs = specialArgs;
          };
        }
        self.nixosModules.nixos
        self.nixosModules.settings
        inputs.chaotic.nixosModules.default
        inputs.agenix.nixosModules.default
      ];
    };
    sobotka = nixosSystem {
      inherit specialArgs;
      modules = [
        ./sobotka
        "${self}/nix"
        self.nixosModules.nixos
        self.nixosModules.settings
        self.nixosModules.server
        inputs.agenix.nixosModules.default
        inputs.authentik.nixosModules.default
      ];
    };
    ziggy = nixosSystem {
      inherit specialArgs;
      modules = [
        ./ziggy
        "${self}/nix"
        self.nixosModules.nixos
        self.nixosModules.settings
        self.nixosModules.server
        inputs.agenix.nixosModules.default
      ];
    };
    toothpc = nixosSystem {
      inherit specialArgs;
      modules = [
        ./toothpc
        "${self}/nix"
        {
          home-manager = {
            users.toothpick.imports = homeImports."toothpick@toothpc";
            extraSpecialArgs = specialArgs;
          };
        }
        self.nixosModules.nixos
        self.nixosModules.settings
        inputs.chaotic.nixosModules.default
        inputs.agenix.nixosModules.default
      ];
    };
  };
 }
--- a/hosts/kima/modules.nix
+++ b/hosts/kima/modules.nix
@@ -5,6 +5,7 @@
        variant = "latest";
        hardware = [ "amd" ];
        extraKernelParams = [ ];
        amdOverdrive.enable = true;
      };
      loader = {
        default = {
@@ -214,6 +215,9 @@
        scheduler = "scx_lavd";
        flags = "--performance";
      };
      tailscale = {
        enable = true;
      };
      udisks = {
        enable = true;
      };
--- a/hosts/sobotka/default.nix
+++ b/hosts/sobotka/default.nix
@@ -39,6 +39,7 @@ in {
      "share"
      "jellyfin"
      "render"
      "traefik"
    ];
  };
--- a/hosts/sobotka/modules.nix
+++ b/hosts/sobotka/modules.nix
@@ -3,8 +3,8 @@
    boot = {
      kernel = {
        variant = "latest";
-        hardware = [ "amd" ];
+        hardware = ["amd"];
-        extraKernelParams = [ ];
+        extraKernelParams = [];
      };
      loader = {
        default = {
@@ -213,6 +213,9 @@
        scheduler = "scx_lavd";
        flags = "--performance";
      };
      tailscale = {
        enable = true;
      };
      udisks = {
        enable = true;
      };
--- a/hosts/sobotka/server.nix
+++ b/hosts/sobotka/server.nix
@@ -8,25 +8,15 @@
    uid = 994;
    gid = 993;
    authentik = {
      enable = true;
    };
    traefik = {
      enable = true;
    };
    www = {
      enable = true;
      url = "cnst.dev";
    };
    gitea = {
      enable = true;
    };
    unbound = {
      enable = true;
    };
    acme = {
      enable = false;
    };
    homepage-dashboard = {
      enable = true;
    };
@@ -65,6 +55,22 @@
        credentialsFile = config.age.secrets.vaultwardenCloudflared.path;
      };
    };
    www = {
      enable = true;
      url = "cnst.dev";
      cloudflared = {
        tunnelId = "e5076186-efb7-405a-998c-6155af7fb221";
        credentialsFile = config.age.secrets.wwwCloudflared.path;
      };
    };
    authentik = {
      enable = true;
      url = "auth.cnst.dev";
      cloudflared = {
        tunnelId = "b66f9368-db9e-4302-8b48-527cda34a635";
        credentialsFile = config.age.secrets.authentikCloudflared.path;
      };
    };
    nextcloud = {
      enable = true;
      adminpassFile = config.age.secrets.nextcloudAdminPass.path;
--- a/hosts/ziggy/server.nix
+++ b/hosts/ziggy/server.nix
@@ -11,9 +11,6 @@
    unbound = {
      enable = true;
    };
    acme = {
      enable = true;
    };
    homepage-dashboard = {
      enable = false;
    };
--- a/lib/theme/bgs.nix
+++ b/lib/theme/bgs.nix
@@ -1,11 +1,11 @@
 lib: {
  bgs = rec {
    files = {
-      wallpaper_1 = "~/media/images/bg_1.jpg";
+      wallpaper_1 = "~/media/images/bgs/bg_1.jpg";
-      wallpaper_2 = "~/media/images/bg_2.jpg";
+      wallpaper_2 = "~/media/images/bgs/bg_2.jpg";
-      wallpaper_3 = "~/media/images/bg_3.jpg";
+      wallpaper_3 = "~/media/images/bgs/bg_3.jpg";
-      wallpaper_4 = "~/media/images/waterwindow.jpg";
+      wallpaper_4 = "~/media/images/bgs/waterwindow.jpg";
-      wallpaper_5 = "~/media/images/barngreet.png";
+      wallpaper_5 = "~/media/images/bgs/barngreet.png";
    };
    list = builtins.attrNames files;
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -100,7 +100,6 @@
        ./nixos/services/virtualisation
        ./nixos/services/locate
        ./nixos/services/mullvad
        ./nixos/services/mullvad-netns
        ./nixos/services/nfs
        ./nixos/services/nix-ld
        ./nixos/services/openssh
@@ -114,6 +113,7 @@
        ./nixos/services/udisks
        ./nixos/services/xserver
        ./nixos/services/zram
        ./nixos/services/tailscale
        ./nixos/system/fonts
        ./nixos/system/locale
@@ -123,7 +123,6 @@
    server = {
      imports = [
        ./server
        ./server/acme
        ./server/fail2ban
        ./server/homepage-dashboard
        ./server/nextcloud
--- a/modules/home/programs/alacritty/default.nix
+++ b/modules/home/programs/alacritty/default.nix
@@ -74,7 +74,7 @@ in
        ];
        window = {
          dynamic_title = true;
-          opacity = 0.9;
+          opacity = 0.95;
          padding = {
            x = 5;
            y = 5;
--- a/modules/home/programs/mpv/default.nix
+++ b/modules/home/programs/mpv/default.nix
@@ -7,6 +7,9 @@
 let
  inherit (lib) mkIf mkEnableOption;
  cfg = config.home.programs.mpv;
  inherit (config.xdg.userDirs) videos;
  inherit (config.home) homeDirectory;
  shaders_dir = "${pkgs.mpv-shim-default-shaders}/share/mpv-shim-default-shaders/shaders";
 in
 {
  options = {
@@ -15,8 +18,71 @@ in
  config = mkIf cfg.enable {
    programs.mpv = {
      enable = true;
-      defaultProfiles = [ "gpu-hq" ];
+      config = {
-      scripts = [ pkgs.mpvScripts.mpris ];
+        profile = "gpu-hq";
        gpu-context = "wayland";
        vo = "gpu-next";
        video-sync = "display-resample";
        interpolation = true;
        tscale = "oversample";
        fullscreen = false;
        keep-open = true;
        sub-auto = "fuzzy";
        sub-font = "Noto Sans Medium";
        sub-blur = 10;
        screenshot-format = "png";
        title = "\${filename} - mpv";
        script-opts = "osc-title=\${filename},osc-boxalpha=150,osc-visibility=never,osc-boxvideo=yes";
        ytdl-format = "bestvideo[height<=?1440]+bestaudio/best";
        ao = "pipewire";
        alang = "eng,en";
        slang = "eng,en,enUS";
        glsl-shader = "${homeDirectory}/.config/mpv/shaders/FSR.glsl";
        scale = "lanczos";
        cscale = "lanczos";
        dscale = "mitchell";
        deband = "yes";
        scale-antiring = 1;
        osc = "no";
        osd-on-seek = "no";
        osd-bar = "no";
        osd-bar-w = 30;
        osd-bar-h = "0.2";
        osd-duration = 750;
        really-quiet = "yes";
        autofit = "65%";
      };
      bindings = {
        "ctrl+a" = "script-message osc-visibility cycle";
      };
      scripts = with pkgs.mpvScripts; [
        mpris
        uosc
        thumbfast
        sponsorblock
        autocrop
      ];
    };
    programs.yt-dlp = {
      enable = true;
      extraConfig = ''
        -o ${videos}/youtube/%(title)s.%(ext)s
      '';
    };
    home = {
      file = {
        ".config/mpv/shaders/FSR.glsl".source = "${shaders_dir}/FSR.glsl";
      };
      packages = with pkgs; [
        jellyfin-mpv-shim
      ];
    };
  };
 }
--- a/modules/nixos/boot/kernel/default.nix
+++ b/modules/nixos/boot/kernel/default.nix
@@ -5,7 +5,12 @@
  ...
 }:
 let
-  inherit (lib) mkOption types;
+  inherit (lib)
    mkOption
    types
    mkEnableOption
    mkIf
    ;
  cfg = config.nixos.boot.kernel;
  hasHardware = hw: builtins.elem hw cfg.hardware;
@@ -37,8 +42,11 @@ in
        );
        default = [ ];
        description = "List of hardware types (e.g. GPU and CPU vendors) to configure kernel settings for.";
      };
      amdOverdrive.enable = mkEnableOption "Enable AMD pstate/overdrive";
      extraKernelParams = mkOption {
        type = types.listOf types.str;
        default = [ ];
@@ -74,7 +82,7 @@ in
        "quiet"
        "splash"
      ]
-      ++ (if hasHardware "amd" then [ "amd_pstate=active" ] else [ ])
+      ++ (if hasHardware "amd" then [ ] else [ ])
      ++ (if hasHardware "intel" then [ ] else [ ])
      ++ (if hasHardware "nvidia" then [ ] else [ ])
      ++ cfg.extraKernelParams;
@@ -85,5 +93,6 @@ in
        ++ (if hasHardware "nvidia" then [ "nouveau" ] else [ ])
        ++ cfg.extraBlacklistedModules;
    };
    hardware.amdgpu.overdrive.enable = mkIf cfg.amdOverdrive.enable true;
  };
 }
--- a/modules/nixos/hardware/graphics/default.nix
+++ b/modules/nixos/hardware/graphics/default.nix
@@ -89,37 +89,39 @@ in
  config = mkIf cfg.enable (mkMerge [
    {
-      hardware.graphics = {
+      hardware = {
-        enable = true;
+        graphics = {
-        enable32Bit = true;
+          enable = true;
-        extraPackages = flatten (
+          enable32Bit = true;
-          concatMap (
+          extraPackages = flatten (
-            vendor:
+            concatMap (
-            if vendor == "amd" then
+              vendor:
-              commonPackages ++ mesaVulkanPackages
+              if vendor == "amd" then
-            else if vendor == "intel" then
+                commonPackages ++ mesaVulkanPackages
-              commonPackages
+              else if vendor == "intel" then
-              ++ mesaVulkanPackages
+                commonPackages
-              ++ (with pkgs; [
+                ++ mesaVulkanPackages
-                vpl-gpu-rt
+                ++ (with pkgs; [
-                intel-media-driver
+                  vpl-gpu-rt
-                intel-compute-runtime
+                  intel-media-driver
-                intel-vaapi-driver
+                  intel-compute-runtime
-              ])
+                  intel-vaapi-driver
-            else if vendor == "nvidia" then
+                ])
-              commonPackages
+              else if vendor == "nvidia" then
-              ++ (with pkgs; [
+                commonPackages
-                nvidiaOffloadScript
+                ++ (with pkgs; [
-                intel-media-driver
+                  nvidiaOffloadScript
-                nvidia-vaapi-driver
+                  intel-media-driver
-                vulkan-tools
+                  nvidia-vaapi-driver
-              ])
+                  vulkan-tools
-            else
+                ])
-              [ ]
+              else
-          ) cfg.vendors
+                [ ]
-        );
+            ) cfg.vendors
          );
-        extraPackages32 = flatten (concatMap (_: commonPackages32) cfg.vendors);
+          extraPackages32 = flatten (concatMap (_: commonPackages32) cfg.vendors);
        };
      };
      environment.systemPackages = flatten (
@@ -145,10 +147,6 @@ in
      );
    }
    (mkIf (hasVendor "amd") {
      hardware.amdgpu.overdrive.enable = true;
    })
    (mkIf (hasVendor "nvidia") {
      hardware.nvidia = {
        package =
--- a/modules/nixos/programs/niri/default.nix
+++ b/modules/nixos/programs/niri/default.nix
@@ -1,6 +1,5 @@
 {
  config,
  inputs,
  lib,
  pkgs,
  ...
@@ -14,22 +13,22 @@ in
    nixos.programs.niri.enable = mkEnableOption "Enables niri";
  };
  config = mkIf cfg.enable {
    nixpkgs.overlays = [ inputs.niri.overlays.niri ];
    environment = {
      variables = {
        DISPLAY = ":0";
        NIXOS_OZONE_WL = "1";
        QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
      };
      systemPackages = with pkgs; [
-        xwayland-satellite-unstable
+        xwayland-satellite
        wl-clipboard
        wayland-utils
        xdg-utils
      ];
    };
    systemd.user.services.niri-flake-polkit.enable = false;
    programs.niri = {
      enable = true;
      package = pkgs.niri-unstable;
    };
  };
 }
--- a/modules/nixos/services/agenix/default.nix
+++ b/modules/nixos/services/agenix/default.nix
@@ -74,19 +74,11 @@ in {
          wgCredentials.file = "${self}/secrets/wgCredentials.age";
          wgSobotkaPrivateKey.file = "${self}/secrets/wgSobotkaPrivateKey.age";
          gluetunEnvironment.file = "${self}/secrets/gluetunEnvironment.age";
          nextcloudAdminPass.file = "${self}/secrets/nextcloudAdminPass.age";
          nextcloudCloudflared.file = "${self}/secrets/nextcloudCloudflared.age";
          vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
          vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
          homepageEnvironment.file = "${self}/secrets/homepageEnvironment.age";
          pihole.file = "${self}/secrets/pihole.age";
          slskd.file = "${self}/secrets/slskd.age";
        };
      })
      (mkIf cfg.ziggy.enable {
        secrets = {
          cloudflareDnsCredentialsZiggy.file = "${self}/secrets/cloudflareDnsCredentialsZiggy.age";
          piholeZiggy.file = "${self}/secrets/piholeZiggy.age";
        };
      })
      (mkIf cfg.toothpc.enable {
--- a/modules/nixos/services/greetd/default.nix
+++ b/modules/nixos/services/greetd/default.nix
@@ -63,7 +63,7 @@ in
          settings = rec {
            tuigreet_session =
              let
-                session = "${pkgs.niri-unstable}/bin/niri-session";
+                session = "${pkgs.niri}/bin/niri-session";
                tuigreet = "${lib.getExe pkgs.tuigreet}";
              in
              {
--- a/modules/nixos/services/mullvad-netns/default.nix
+++ b/modules/nixos/services/mullvad-netns/default.nix
@@ -1,50 +0,0 @@
 { self, pkgs, ... }:
 {
  age.secrets.wgCredentials = {
    file = "${self}/secrets/wgCredentials.age";
    mode = "0400";
    owner = "root";
    group = "root";
    path = "/etc/wireguard/mullvad.conf";
  };
  systemd.services.mullvad-netns = {
    description = "WireGuard Mullvad netns for VMs";
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
      ExecStart = "${pkgs.writeShellScript "mullvad-netns-up" ''
        set -euo pipefail
        ip netns add mullvad || true
        ip link add veth0 type veth peer name veth1 || true
        ip link set veth1 netns mullvad
        ip addr add 10.250.0.1/24 dev veth0 || true
        ip link set veth0 up
        ip netns exec mullvad ip addr add 10.250.0.2/24 dev veth1 || true
        ip netns exec mullvad ip link set veth1 up
        ip netns exec mullvad wg-quick up /etc/wireguard/mullvad.conf
        ip netns exec mullvad ip route add default dev wg0 || true
        nft add table ip mullvad-nat || true
        nft add chain ip mullvad-nat postrouting { type nat hook postrouting priority 100 \; } || true
        nft add rule ip mullvad-nat postrouting ip saddr 10.250.0.0/24 oif "wg0" masquerade || true
      ''}";
      ExecStop = "${pkgs.writeShellScript "mullvad-netns-down" ''
        set -euo pipefail
        ip netns exec mullvad wg-quick down /etc/wireguard/mullvad.conf || true
        ip link delete veth0 || true
        ip netns delete mullvad || true
        nft delete table ip mullvad-nat || true
      ''}";
    };
    # no wantedBy here -> won't start at boot
  };
 }
--- a/modules/nixos/services/tailscale/default.nix
+++ b/modules/nixos/services/tailscale/default.nix
@@ -0,0 +1,16 @@
 {
  config,
  lib,
  ...
 }:
 with lib; let
  cfg = config.nixos.services.tailscale;
 in {
  options.nixos.services.tailscale = {
    enable = mkEnableOption "Enable tailscale";
  };
  config = mkIf cfg.enable {
    services.tailscale.enable = true;
  };
 }
--- a/modules/nixos/system/xdg/default.nix
+++ b/modules/nixos/system/xdg/default.nix
@@ -30,13 +30,19 @@ in
      enable = true;
      xdgOpenUsePortal = cfg.xdgOpenUsePortal;
      config = {
-        common.default = [ "gtk" ];
+        common.default = [
          "gtk"
          "gnome"
        ];
        hyprland.default = [
          "gtk"
          "hyprland"
        ];
      };
-      extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
+      extraPortals = with pkgs; [
        xdg-desktop-portal-gtk
        xdg-desktop-portal-gnome
      ];
    };
  };
 }
--- a/modules/server/acme/default.nix
+++ b/modules/server/acme/default.nix
@@ -1,84 +0,0 @@
 {
  config,
  lib,
  ...
 }: let
  inherit (lib) mkIf mkEnableOption;
  cfg = config.server.acme;
  getCloudflareCredentials = hostname:
    if hostname == "ziggy"
    then config.age.secrets.cloudflareDnsCredentialsZiggy.path
    else if hostname == "sobotka"
    then config.age.secrets.cloudflareDnsCredentials.path
    else throw "Unknown hostname: ${hostname}";
 in {
  options = {
    server.acme.enable = mkEnableOption "Enables ACME";
  };
  config = mkIf cfg.enable {
    networking.firewall = let
      ports = [
        80
        443
      ];
    in {
      allowedTCPPorts = ports;
    };
    security.acme = {
      acceptTerms = true;
      defaults.email = config.server.email;
      certs.${config.server.domain} = {
        reloadServices = ["caddy.service"];
        domain = "${config.server.domain}";
        extraDomainNames = ["*.${config.server.domain}"];
        dnsProvider = "cloudflare";
        dnsResolver = "1.1.1.1:53";
        dnsPropagationCheck = true;
        group = config.services.caddy.group;
        environmentFile = getCloudflareCredentials config.networking.hostName;
      };
      certs.${config.server.www.url} = {
        reloadServices = ["caddy.service"];
        domain = "${config.server.www.url}";
        extraDomainNames = ["*.${config.server.www.url}"];
        dnsProvider = "cloudflare";
        dnsResolver = "1.1.1.1:53";
        dnsPropagationCheck = true;
        group = config.services.caddy.group;
        environmentFile = getCloudflareCredentials config.networking.hostName;
      };
    };
    services.caddy = {
      enable = true;
      globalConfig = ''
        auto_https off
      '';
      virtualHosts = {
        "http://${config.server.domain}" = {
          extraConfig = ''
            redir https://{host}{uri}
          '';
        };
        "http://*.${config.server.domain}" = {
          extraConfig = ''
            redir https://{host}{uri}
          '';
        };
        "http://${config.server.www.url}" = {
          extraConfig = ''
            redir https://{host}{uri}
          '';
        };
        "http://*.${config.server.www.url}" = {
          extraConfig = ''
            redir https://{host}{uri}
          '';
        };
      };
    };
  };
 }
--- a/modules/server/authentik/default.nix
+++ b/modules/server/authentik/default.nix
@@ -15,7 +15,21 @@ in {
    };
    url = lib.mkOption {
      type = lib.types.str;
-      default = "auth.${srv.domain}";
+      default = "auth.${srv.www.domain}";
    };
    cloudflared = {
      credentialsFile = lib.mkOption {
        type = lib.types.str;
        example = lib.literalExpression ''
          pkgs.writeText "cloudflare-credentials.json" '''
          {"AccountTag":"secret"."TunnelSecret":"secret","TunnelID":"secret"}
          '''
        '';
      };
      tunnelId = lib.mkOption {
        type = lib.types.str;
        example = "00000000-0000-0000-0000-000000000000";
      };
    };
    homepage.name = lib.mkOption {
      type = lib.types.str;
@@ -36,10 +50,28 @@ in {
  };
  config = lib.mkIf cfg.enable {
-    age.secrets.authentikEnv = {
+    age.secrets = {
-      file = "${self}/secrets/authentikEnv.age";
+      authentikEnv = {
-      owner = "authentik";
+        file = "${self}/secrets/authentikEnv.age";
        owner = "authentik";
      };
      authentikCloudflared = {
        file = "${self}/secrets/authentikCloudflared.age";
        owner = "authentik";
      };
    };
    server = {
      fail2ban = lib.mkIf cfg.enable {
        jails = {
          authentik = {
            serviceName = "${cfg.url}";
            failRegex = "^.*Username or password is incorrect. Try again. IP: <HOST>. Username: <F-USER>.*</F-USER>.$";
          };
        };
      };
    };
    services = {
      authentik = {
        enable = true;
@@ -52,6 +84,15 @@ in {
        };
      };
      cloudflared = {
        enable = true;
        tunnels.${cfg.cloudflared.tunnelId} = {
          credentialsFile = cfg.cloudflared.credentialsFile;
          default = "http_status:404";
          ingress."${cfg.url}".service = "http://127.0.0.1:9000";
        };
      };
      traefik = {
        dynamicConfigOptions = {
          http = {
@@ -89,7 +130,7 @@ in {
            routers = {
              auth = {
                entryPoints = ["websecure"];
-                rule = "Host(`${cfg.url}`) || HostRegexp(`{subdomain:[a-z0-9]+}.${srv.domain}`) && PathPrefix(`/outpost.goauthentik.io/`)";
+                rule = "Host(`${cfg.url}`) || HostRegexp(`{subdomain:[a-z0-9]+}.${srv.www.url}`) && PathPrefix(`/outpost.goauthentik.io/`)";
                service = "auth";
                tls.certResolver = "letsencrypt";
              };
--- a/modules/server/gitea/default.nix.bak
+++ b/modules/server/gitea/default.nix.bak
@@ -1,119 +0,0 @@
 # taken from @jtojnar
 {
  config,
  lib,
  ...
 }: let
  unit = "gitea";
  srv = config.server;
  cfg = config.server.${unit};
 in {
  options.server.${unit} = {
    enable = lib.mkEnableOption {
      description = "Enable ${unit}";
    };
    url = lib.mkOption {
      type = lib.types.str;
      default = "git.${srv.domain}";
    };
    port = lib.mkOption {
      type = lib.types.int;
      default = 5003;
      description = "The port to host Gitea on.";
    };
    homepage.name = lib.mkOption {
      type = lib.types.str;
      default = "Gitea";
    };
    homepage.description = lib.mkOption {
      type = lib.types.str;
      default = "Git with a cup of tea";
    };
    homepage.icon = lib.mkOption {
      type = lib.types.str;
      default = "gitea.svg";
    };
    homepage.category = lib.mkOption {
      type = lib.types.str;
      default = "Services";
    };
  };
  config = lib.mkIf cfg.enable {
    services.${unit} = {
      enable = true;
      appName = "cnix code forge";
      database = {
        type = "postgres";
        socket = "/run/postgresql";
        name = "gitea";
        user = "gitea";
        createDatabase = false;
      };
      lfs = {
        enable = true;
      };
      settings = {
        cors = {
          ENABLED = true;
          SCHEME = "https";
          ALLOW_DOMAIN = cfg.url;
        };
        log = {
          MODE = "console";
        };
        mailer = {
          ENABLED = false;
          MAILER_TYPE = "sendmail";
          FROM = "noreply+adam@cnst.dev";
          SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
        };
        picture = {
          DISABLE_GRAVATAR = true;
        };
        repository = {
          DEFAULT_BRANCH = "main";
          DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
          DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true;
        };
        indexer = {
          REPO_INDEXER_ENABLED = true;
        };
        server = {
          DOMAIN = cfg.url;
          LANDING_PAGE = "explore";
          HTTP_PORT = cfg.port;
          ROOT_URL = "https://${cfg.url}/";
        };
        security = {
          DISABLE_GIT_HOOKS = false;
        };
        service = {
          DISABLE_REGISTRATION = true;
        };
        session = {
          COOKIE_SECURE = true;
        };
      };
    };
    services.traefik.dynamicConfigOptions.http.routers."${unit}" = {
      rule = "Host(`" + cfg.url + "`)";
      service = "${unit}-service";
      entryPoints = ["websecure"];
      tls = {};
    };
    services.traefik.dynamicConfigOptions.http.services."${unit}-service".loadBalancer.servers = [
      {url = "http://127.0.0.1:${toString cfg.port}";}
    ];
    server.postgresql.databases = [
      {
        database = "gitea";
      }
    ];
  };
 }
--- a/modules/server/homepage-dashboard/default.nix
+++ b/modules/server/homepage-dashboard/default.nix
@@ -1,6 +1,7 @@
 {
  config,
  lib,
  self,
  ...
 }: let
  unit = "homepage-dashboard";
@@ -36,11 +37,16 @@ in {
    };
  };
  config = lib.mkIf cfg.enable {
    age.secrets = {
      homepageEnvironment = {
        file = "${self}/secrets/homepageEnvironment.age";
      };
    };
    services = {
      glances.enable = true;
      ${unit} = {
        enable = true;
-        allowedHosts = srv.domain;
+        environmentFile = config.age.secrets.homepageEnvironment.path;
        settings = {
          layout = [
            {
@@ -79,7 +85,6 @@ in {
          statusStyle = "dot";
          hideVersion = "true";
        };
        widgets = [
          {
            openmeteo = {
@@ -91,32 +96,21 @@ in {
              longitude = 16.324541;
            };
          }
          {
            datetime = {
              text_size = "x1";
              format = {
                hour12 = false;
                timeStyle = "short";
                dateStyle = "long";
              };
            };
          }
          {
            resources = {
-              label = "";
+              label = "SYSTEM";
              memory = true;
-              disk = ["/"];
+              cpu = true;
              uptime = true;
            };
          }
        ];
        services = let
          homepageCategories = [
            "Arr"
            "Media"
            "Downloads"
            "Services"
            "Smart Home"
          ];
          hl = config.server;
          mergedServices = hl // hl.podman;
@@ -222,7 +216,9 @@ in {
      traefik = {
        dynamicConfigOptions = {
          http = {
-            services.homepage.loadBalancer.servers = [{url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}";}];
+            services.homepage.loadBalancer.servers = [
              {url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}";}
            ];
            routers = {
              homepage = {
                entryPoints = ["websecure"];
--- a/modules/server/nextcloud/default.nix
+++ b/modules/server/nextcloud/default.nix
@@ -2,6 +2,7 @@
  config,
  pkgs,
  lib,
  self,
  ...
 }: let
  unit = "nextcloud";
@@ -45,6 +46,11 @@ in {
    };
  };
  config = lib.mkIf cfg.enable {
    age.secrets = {
      nextcloudAdminPass.file = "${self}/secrets/nextcloudAdminPass.age";
      nextcloudCloudflared.file = "${self}/secrets/nextcloudCloudflared.age";
    };
    server.fail2ban = lib.mkIf config.server.fail2ban.enable {
      jails = {
        nextcloud = {
--- a/modules/server/podman/default.nix
+++ b/modules/server/podman/default.nix
@@ -2,6 +2,7 @@
  config,
  lib,
  pkgs,
  self,
  ...
 }: let
  srv = config.server;
@@ -121,6 +122,11 @@ in {
  };
  config = lib.mkIf cfg.enable {
    age.secrets = {
      pihole.file = "${self}/secrets/${config.networking.hostName}Pihole.age";
      slskd.file = "${self}/secrets/slskd.age";
    };
    virtualisation = {
      containers.enable = true;
      podman.enable = true;
--- a/modules/server/vaultwarden/default.nix
+++ b/modules/server/vaultwarden/default.nix
@@ -2,14 +2,13 @@
 {
  config,
  lib,
  self,
  ...
-}:
+}: let
 let
  inherit (lib) mkIf mkEnableOption;
  vcfg = config.services.vaultwarden.config;
  cfg = config.server.vaultwarden;
-in
+in {
 {
  options = {
    server.vaultwarden = {
      enable = mkEnableOption "Enables vaultwarden";
@@ -35,6 +34,11 @@ in
  };
  config = mkIf cfg.enable {
    age.secrets = {
      vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
      vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
    };
    server = {
      fail2ban = lib.mkIf config.server.fail2ban.enable {
        jails = {
--- a/modules/server/www/default.nix
+++ b/modules/server/www/default.nix
@@ -2,6 +2,7 @@
  lib,
  config,
  pkgs,
  self,
  ...
 }: let
  inherit (lib) mkOption mkEnableOption mkIf types;
@@ -16,29 +17,97 @@ in {
      default = "";
      type = types.str;
      description = ''
-        Public domain name to be used to access the server services via Caddy reverse proxy
+        Public domain name to be used to access the server services via Traefik reverse proxy
      '';
    };
    cloudflared = {
      credentialsFile = lib.mkOption {
        type = lib.types.str;
        example = lib.literalExpression ''
          pkgs.writeText "cloudflare-credentials.json" '''
          {"AccountTag":"secret"."TunnelSecret":"secret","TunnelID":"secret"}
          '''
        '';
      };
      tunnelId = lib.mkOption {
        type = lib.types.str;
        example = "00000000-0000-0000-0000-000000000000";
      };
    };
  };
  config = mkIf cfg.enable {
    services.caddy.virtualHosts."${cfg.url}" = {
      useACMEHost = cfg.url;
      extraConfig = ''
          handle_path /.well-known/webfinger {
          header Content-Type application/jrd+json
          respond `{
            "subject": "acct:adam@${cfg.url}",
            "links": [
              {
                "rel": "http://openid.net/specs/connect/1.0/issuer",
                "href": "https://login.${cfg.url}/realms/cnix"
              }
            ]
          }`
        }
-        reverse_proxy http://127.0.0.1:8283
+  config = mkIf cfg.enable {
-      '';
+    age.secrets = {
      wwwCloudflared.file = "${self}/secrets/wwwCloudflared.age";
    };
    server = {
      fail2ban = lib.mkIf config.server.www.enable {
        jails = {
          www = {
            serviceName = "cnst.dev";
            failRegex = "^.*Username or password is incorrect. Try again. IP: <HOST>. Username: <F-USER>.*</F-USER>.$";
          };
        };
      };
    };
    services = {
      nginx = {
        enable = true;
        defaultListen = [
          {
            addr = "127.0.0.1";
            port = 8283;
          }
        ];
        virtualHosts."webfinger" = {
          forceSSL = false;
          serverName = cfg.url;
          root = "/etc/webfinger";
          locations."= /.well-known/webfinger" = {
            root = "/etc/webfinger";
            extraConfig = ''
              default_type application/jrd+json;
              try_files /.well-known/webfinger =404;
            '';
          };
        };
      };
      cloudflared = {
        enable = true;
        tunnels.${cfg.cloudflared.tunnelId} = {
          credentialsFile = cfg.cloudflared.credentialsFile;
          default = "http_status:404";
          ingress."${cfg.url}".service = "http://127.0.0.1:8283";
        };
      };
    };
    environment.etc."webfinger/.well-known/webfinger".text = ''
      {
        "subject": "acct:adam@${cfg.url}",
        "links": [
          {
            "rel": "http://openid.net/specs/connect/1.0/issuer",
            "href": "https://auth.${cfg.url}/application/o/tailscale/"
          }
        ]
      }
    '';
    services.traefik.dynamicConfigOptions.http = {
      routers.webfinger = {
        entryPoints = ["websecure"];
        rule = "Host(`${cfg.url}`) && Path(`/.well-known/webfinger`)";
        service = "webfinger";
        tls.certResolver = "letsencrypt";
      };
      services.webfinger.loadBalancer.servers = [
        {url = "http://127.0.0.1:8283";}
      ];
    };
  };
 }
--- a/scripts/bin/choosepaper.sh
+++ b/scripts/bin/choosepaper.sh
@@ -0,0 +1,5 @@
 export bg_dir="$HOME/media/images/bgs/"
 find "$bg_dir" -type f | fzf --reverse --preview 'pistol {}' | while read -r img; do
  pkill swaybg || true
  swaybg -m fill -o '*' -i "$img" &
 done
--- a/scripts/default.nix
+++ b/scripts/default.nix
@@ -33,6 +33,20 @@ in
        );
      };
      ".local/bin/choosepaper.sh" = {
        source = getExe (
          pkgs.writeShellApplication {
            name = "spawn";
            runtimeInputs = with pkgs; [
              fzf
              swaybg
              pistol
            ];
            text = readFile ./bin/choosepaper.sh;
          }
        );
      };
      ".local/bin/pavucontrol-toggle.sh" = {
        source = getExe (
          pkgs.writeShellApplication {
--- a/secrets/authentikCloudflared.age
+++ b/secrets/authentikCloudflared.age
@@ -0,0 +1,14 @@
 age-encryption.org/v1
 -> ssh-ed25519 t9iOEg 2oTh42u4hxJGAypwwLJwDCPMngauHB8BhKA83xAXr1M
 Sr6Hbfnd52F0dUk5RO3wxxJ7RGi3+NUCBq/MzDbKR7s
 -> ssh-ed25519 KUYMFA O2j6gYY1QR1ZlFiWw+7y6nKUeE658Wp3PdV6dsMqwTU
 NYwnTkZX5PHnNtL1vqJqIsYzIFUY43AVso8ecMAHvWs
 -> ssh-ed25519 76RhUQ VTzoQh0fHrG41Gr0YnPY7Jz7yFFugigm/DpUUE/Ny18
 SITvKJf5+ql4DhpJoPVvEXdLGIBeKnlLlm8u4QPr0RY
 -> ssh-ed25519 Jf8sqw oVI2y3zqpswvyZoNwklrKI1ZbxMJ5a1kzc43RErkbD8
 aHNuHMH2XNQ7+9sfsA8LMhBSgTDmvmI1wY26V2j+lsE
 --- 0UL0vxM2f5IeVhDO1Cg7SUmhuvpFh+GsEEW4g5JEORU
 <EFBFBD>)q<>$*<2A><><EFBFBD>b<10>X<EFBFBD><58><EFBFBD>`<60>	%f
 _<EFBFBD>%%1ݗ<><DD97><EFBFBD>)<29><>fT<66>٧&<26>`+<2B>K<EFBFBD><4B>q<EFBFBD><71>I<><EEADBE><EFBFBD><EFBFBD><EFBFBD><19><><03>\=<3D>M<EFBFBD><4D><18>
 !<21><>7<EFBFBD>b<EFBFBD>]<5D>X<>_lri<72>_<EFBFBD><03><>;<3B>R
 <EFBFBD>)<29><>c<EFBFBD>H<><48>5.p<>:m<>_<EFBFBD>&Vj/<2F><01><>Ra|MU<4D><55>b<EFBFBD><62><02>y<EFBFBD><79><EFBFBD><EFBFBD>El<45>nS<6E>9"<11><>گ+<<3C>
--- a/secrets/homepageEnvironment.age
+++ b/secrets/homepageEnvironment.age
--- a/secrets/nginxEnv.age
+++ b/secrets/nginxEnv.age
@@ -0,0 +1,11 @@
 age-encryption.org/v1
 -> ssh-ed25519 t9iOEg pfPhWigjvnJ5tfVv8qPpk3VYvLH9I01HVVbpu+r2NjY
 Kaj8aZv+9pSYjwoE7EHWGHfsZIPFZOgUVaKf8VxWKcQ
 -> ssh-ed25519 KUYMFA 9Xy82Cl3HUQcFDcJMxxnnIfLOngW8xLfVE0S1wRliGg
 mOOcyJp5+ZqFwdkZkHC63+cMA0ToGcuI6kqMjAJ9jJk
 -> ssh-ed25519 76RhUQ +OvUSQwpy6+xxlom8bJFn8CBdSKECa9YY0U+YYNYdGM
 MWfmfGzd6/lOPvggUG8uJgBAp1CTqSdk+NDkk7vSQEQ
 -> ssh-ed25519 Jf8sqw jQR/wT/+f63cJdFzR/Ogw6pdiYXoyVNu1+UCni2BYSM
 Iicwg/XJJskvWFmAbxFDh3gSJyjid5fw9JXmDJPhzkU
 --- xK8vBWioTgSDPHkKh7SJxstCzYtUSmTz6QuN/+niFME
 <08><>f<<3C>`VR<56><52>p<><70>)>|<7C>+aئI<D8A6>g<08><0B><><EFBFBD><EFBFBD><EFBFBD><19><>x<EFBFBD><78>HH+<2B>緭<EFBFBD><E7B7AD>o>$4H<><48><EFBFBD>缂<EFBFBD>B?<3F>l6TSqμ<71>Ǿ<EFBFBD><C7BE>Kj-l
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,7 +1,11 @@
 let
  # --- Users ---
-  cnst = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUub8vbzUn2f39ILhAJ2QeH8xxLSjiyUuo8xvHGx/VB adam@cnst.dev";
+  ukima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUub8vbzUn2f39ILhAJ2QeH8xxLSjiyUuo8xvHGx/VB adam@cnst.dev";
-  kima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix";
+  rkima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix";
  # --- Hosts: bunk ---
  ubunk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXCjkKouZrsMoswMIeueO8X/c3kuY3Gb0E9emvkqwUv cnst@cnixpad";
  rbunk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH72llEVDSHH/FZnjLVCe6zfdkdJRRVg2QL+ifHiPXXk root@cnix";
  # --- Hosts: sobotka ---
  usobotka = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG5ydTeaWcowmNXdDNqIa/lb5l9w5CAzyF2Kg6U5PSSu cnst@sobotka";
@@ -12,9 +16,13 @@ let
  rziggy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHnca8xg1MZ4Hx5k5SVFSxcPnWc1O6r7w7JGYzX9aQm8 root@nixos";
  # --- Groups ---
-  core = [
+  kima = [
-    cnst
+    ukima
-    kima
+    rkima
  ];
  bunk = [
    ubunk
    rbunk
  ];
  sobotka = [
    usobotka
@@ -24,38 +32,40 @@ let
    uziggy
    rziggy
  ];
-  all = core ++ sobotka ++ ziggy;
+  all = kima ++ bunk ++ sobotka ++ ziggy;
 in {
  # Generic
-  "cnstssh.age".publicKeys = core;
+  "cnstssh.age".publicKeys = kima;
-  "cnixssh.age".publicKeys = core;
+  "cnixssh.age".publicKeys = kima;
-  "certpem.age".publicKeys = core;
+  "certpem.age".publicKeys = kima;
-  "keypem.age".publicKeys = core;
+  "keypem.age".publicKeys = kima;
-  "mailpwd.age".publicKeys = core;
+  "mailpwd.age".publicKeys = kima;
-  "gcapi.age".publicKeys = core;
+  "gcapi.age".publicKeys = kima;
-  # Shared between core + sobotka
+  # Shared between kima + sobotka
-  "cloudflareEnvironment.age".publicKeys = core ++ sobotka;
+  "cloudflareEnvironment.age".publicKeys = kima ++ sobotka;
-  "vaultwardenEnvironment.age".publicKeys = core ++ sobotka;
+  "vaultwardenEnvironment.age".publicKeys = kima ++ sobotka;
-  "homepageEnvironment.age".publicKeys = core ++ sobotka;
+  "homepageEnvironment.age".publicKeys = kima ++ sobotka;
-  "cloudflareFirewallApiKey.age".publicKeys = core ++ sobotka;
+  "cloudflareFirewallApiKey.age".publicKeys = kima ++ sobotka;
-  "vaultwardenCloudflared.age".publicKeys = core ++ sobotka;
+  "vaultwardenCloudflared.age".publicKeys = kima ++ sobotka;
-  "nextcloudCloudflared.age".publicKeys = core ++ sobotka;
+  "nextcloudCloudflared.age".publicKeys = kima ++ sobotka;
-  "nextcloudAdminPass.age".publicKeys = core ++ sobotka;
+  "nextcloudAdminPass.age".publicKeys = kima ++ sobotka;
-  "cloudflareDnsApiToken.age".publicKeys = core ++ sobotka;
+  "cloudflareDnsApiToken.age".publicKeys = kima ++ sobotka;
-  "cloudflareDnsCredentials.age".publicKeys = core ++ sobotka;
+  "cloudflareDnsCredentials.age".publicKeys = kima ++ sobotka;
-  "wgCredentials.age".publicKeys = core ++ sobotka;
+  "wgCredentials.age".publicKeys = kima ++ sobotka;
-  "wgSobotkaPrivateKey.age".publicKeys = core ++ sobotka;
+  "wgSobotkaPrivateKey.age".publicKeys = kima ++ sobotka;
-  "gluetunEnvironment.age".publicKeys = core ++ sobotka;
+  "gluetunEnvironment.age".publicKeys = kima ++ sobotka;
-  "pihole.age".publicKeys = core ++ sobotka;
+  "sobotkaPihole.age".publicKeys = kima ++ sobotka;
-  "slskd.age".publicKeys = core ++ sobotka;
+  "slskd.age".publicKeys = kima ++ sobotka;
-  "authentikEnv.age".publicKeys = core ++ sobotka;
+  "authentikEnv.age".publicKeys = kima ++ sobotka;
-  "traefikEnv.age".publicKeys = core ++ sobotka;
+  "traefikEnv.age".publicKeys = kima ++ sobotka;
  "wwwCloudflared.age".publicKeys = kima ++ sobotka;
  "authentikCloudflared.age".publicKeys = kima ++ sobotka;
  # Ziggy-specific
-  "cloudflareDnsCredentialsZiggy.age".publicKeys = core ++ ziggy;
+  "cloudflareDnsCredentialsZiggy.age".publicKeys = kima ++ ziggy;
-  "piholeZiggy.age".publicKeys = core ++ ziggy;
+  "ziggyPihole.age".publicKeys = kima ++ ziggy;
  # Both sobotka + ziggy (for HA stuff like keepalived)
-  "keepalived.age".publicKeys = core ++ sobotka ++ ziggy;
+  "keepalived.age".publicKeys = kima ++ sobotka ++ ziggy;
 }
--- a/secrets/sobotkaPihole.age
+++ b/secrets/sobotkaPihole.age
--- a/secrets/traefikEnv.age
+++ b/secrets/traefikEnv.age
--- a/secrets/wwwCloudflared.age
+++ b/secrets/wwwCloudflared.age
@@ -0,0 +1,11 @@
 age-encryption.org/v1
 -> ssh-ed25519 t9iOEg CWarcJM8RPjJW+e3BQ99KEUnOZQUDEIIeygeh/8MZUw
 xux60KMmyOVvgiuEqyEPXM1Wr2ne8AyHT6CAWKMOcKo
 -> ssh-ed25519 KUYMFA AThOlxHT41vsczkSGzJmT+VmWC2dAnLiIcTJP+YySkc
 Jy8HyRuzIFtGYMimxsQNm2NnbluVwS6ZuXhq4uRfabY
 -> ssh-ed25519 76RhUQ dKyDJ4DCNtYWQ2+cC7gwa+14aw99S+mU38tpQrlOmFc
 0mD5Qcv8b8Bh1e4mbqdH26UtCJaUe7C7dDDSXJd1iRY
 -> ssh-ed25519 Jf8sqw To2I/347gMqYx0PxMgYqbGekUpfqWOQwtgJ+0AFilTw
 nIo4dH9JnOuWo48a17Kjyee5sQV8HN+PNXCWDT4fjIg
 --- SuE6Z9ipbuWhxoaULMf6OGtG3BNkQ1BpWXkgfAI7Y6Y
 <EFBFBD>R<EFBFBD>u1<12><><16><><EFBFBD>d<EFBFBD>ژdʋ(s<0B>)<29>M0v<30>ѹ<EFBFBD><D1B9><EFBFBD>Z<EFBFBD>V<EFBFBD><56><10>q<05>i<EFBFBD>i<EFBFBD><69>Ec*	<09>{<7B>~teP<65><50><EFBFBD>{<1C>D<>mA~Ŭ<><1B>c.<2E>TbƝ<62>}<<3C><><EFBFBD><EFBFBD><EFBFBD>e0<65>Vq<0C><><EFBFBD>k<EFBFBD><6B><EFBFBD>b<>T<1F><>*Y<><59>$<24><>t<EFBFBD><74>:<3A><>^<1C><>+<2B><1D><>;<3B>1<EFBFBD><31><EFBFBD>ۤ<EFBFBD><DBA4>Ӎ<12>X<EFBFBD>H<EFBFBD><03><>u<EFBFBD><75><EFBFBD>g<EFBFBD>߄<EFBFBD>o<EFBFBD>/<2F>G<EFBFBD><0E><><16>Kl<4B>I<EFBFBD>C<EFBFBD><43>==A<><11><>Y<EFBFBD><59><EFBFBD>U<EFBFBD><55><EFBFBD><EFBFBD>
--- a/secrets/ziggyPihole.age
+++ b/secrets/ziggyPihole.age
--- a/users/cnst/default.nix
+++ b/users/cnst/default.nix
@@ -23,6 +23,5 @@
    json.enable = false;
    manpages.enable = false;
  };
  programs.home-manager.enable = true;
 }
--- a/users/cnst/modules/bunkmod.nix
+++ b/users/cnst/modules/bunkmod.nix
@@ -131,7 +131,7 @@
        enable = true;
      };
      syncthing = {
-        enable = true;
+        enable = false;
      };
      udiskie = {
        enable = true;
--- a/users/cnst/modules/kimamod.nix
+++ b/users/cnst/modules/kimamod.nix
@@ -132,7 +132,7 @@
        enable = true;
      };
      syncthing = {
-        enable = true;
+        enable = false;
      };
      udiskie = {
        enable = true;
--- a/users/cnst/modules/sobotkamod.nix
+++ b/users/cnst/modules/sobotkamod.nix
@@ -1,154 +0,0 @@
 {
  home = {
    programs = {
      aerc = {
        enable = false;
      };
      alacritty = {
        enable = false;
      };
      bash = {
        enable = true;
      };
      chromium = {
        enable = false;
      };
      discord = {
        enable = false;
      };
      eza = {
        enable = true;
      };
      floorp = {
        enable = false;
      };
      firefox = {
        enable = false;
      };
      fish = {
        enable = true;
      };
      foot = {
        enable = false;
      };
      fuzzel = {
        enable = false;
      };
      git = {
        enable = true;
      };
      ghostty = {
        enable = false;
      };
      helix = {
        enable = true;
      };
      hyprlock = {
        enable = false;
      };
      jujutsu = {
        enable = false;
      };
      kitty = {
        enable = false;
      };
      mpv = {
        enable = false;
      };
      neovim = {
        enable = false;
      };
      nvf = {
        enable = false;
      };
      nwg-bar = {
        enable = false;
      };
      pkgs = {
        enable = true;
      };
      rofi = {
        enable = false;
      };
      ssh = {
        enable = true;
      };
      tuirun = {
        enable = false;
      };
      vscode = {
        enable = false;
      };
      waybar = {
        enable = false;
      };
      wezterm = {
        enable = false;
      };
      yazi = {
        enable = false;
      };
      zathura = {
        enable = false;
      };
      zed-editor = {
        enable = false;
      };
      zellij = {
        enable = false;
      };
      zen = {
        enable = false;
      };
      zsh = {
        enable = false;
      };
    };
    services = {
      blueman-applet = {
        enable = false;
      };
      copyq = {
        enable = false;
      };
      dconf = {
        settings = {
          color-scheme = "prefer-dark";
        };
      };
      dunst = {
        enable = false;
      };
      gpg = {
        enable = true;
      };
      gtk = {
        enable = false;
      };
      hypridle = {
        enable = false;
      };
      hyprpaper = {
        enable = false;
      };
      mako = {
        enable = false;
      };
      nix-index = {
        enable = true;
      };
      protonmail-bridge = {
        enable = false;
      };
      syncthing = {
        enable = false;
      };
      udiskie = {
        enable = false;
      };
      xdg = {
        enable = false;
      };
    };
  };
 }
--- a/users/cnst/variables/default.nix
+++ b/users/cnst/variables/default.nix
@@ -14,8 +14,8 @@ let
        BROWSER = "zen";
        EDITOR = "hx";
        TERM = "xterm-256color";
-        VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json";
+        # VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json";
-        STEAM_EXTRA_COMPAT_TOOLS_PATHS = "/home/cnst/.steam/root/compatibilitytools.d";
+        # STEAM_EXTRA_COMPAT_TOOLS_PATHS = "/home/cnst/.steam/root/compatibilitytools.d";
        QT_QPA_PLATFORM = "wayland";
        XDG_SESSION_TYPE = "wayland";
      };
Author	SHA1	Message	Date
cnst	3d1e0991ae	big revert	2025-10-04 20:49:00 +02:00
cnst	99b18de995	flake lock	2025-10-04 20:42:31 +02:00
cnst	593f0e619c	chore(ded): remove dead code	2025-09-29 19:31:23 +02:00
cnst	688e23d229	feat(pstate): opt in changes and sooooo	2025-09-29 19:28:33 +02:00
cnst	725a3ed27e	chore(niri): go to nixpkgs niri release	2025-09-29 17:10:38 +02:00
cnst	e45dc0d223	feat(homelab): fixing cf tunnels, authentik and tailscale!	2025-09-28 18:27:17 +02:00
cnst	bc78dd7302	chore(?): hm	2025-09-28 16:24:32 +02:00
cnst	94c34f8675	chore(update): flake lock	2025-09-28 08:03:38 +02:00
cnst	fda7d972c4	chore(age): adding bunk credentials to agenix	2025-09-27 19:54:03 +02:00
cnst	f6bb6672bb	chore(agenix): refactor some secrets	2025-09-27 14:35:04 +02:00
cnst	68f1cb9b09	chore(misc): removing dead code and small insignificant changes	2025-09-26 20:41:26 +02:00
cnst	e721a2088b	feat(homepage-dashboard): adding some disk info	2025-09-26 17:41:19 +02:00
cnst	551a47989c	Merge pull request 'feat(swaybg) adding swaybg and some script' (#5 ) from wutwut into main Reviewed-on: https://git.cnix.dev/cnst/cnix/pulls/5	2025-09-25 17:30:37 +02:00
cnst	4666731676	feat(swaybg) adding swaybg and some script	2025-09-25 17:17:49 +02:00