working 1

feat(authentik): fixing some fail2ban things
feat(www): fixing fail2ban and other minor tweaks
2025-10-05 10:11:40 +02:00 · 2025-10-01 18:00:55 +02:00 · 2025-09-30 18:16:49 +02:00 · 2025-09-29 19:31:23 +02:00 · 2025-09-29 19:28:33 +02:00 · 2025-09-29 17:10:38 +02:00
38 changed files with 702 additions and 959 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -29,11 +29,11 @@
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1758645700,
+        "lastModified": 1758874004,
-        "narHash": "sha256-7VHPjP/FDqx3EctIXqUssh8GC9ldXq/eNMX21uVkI8c=",
+        "narHash": "sha256-+RUCBtT01Z595NpGc6Tvms+dJ/C/cn1zdjT9+gE6dbU=",
        "owner": "anyrun-org",
        "repo": "anyrun",
-        "rev": "8cf7bd9de48e50cf1d662a56af28c0d13da91761",
+        "rev": "3c571bc1514c4211d1d6c011a1d482f97efd9c5f",
        "type": "github"
      },
      "original": {
@@ -50,11 +50,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758040471,
+        "lastModified": 1758817837,
-        "narHash": "sha256-jsFBGoLiciAFRs5Fi4eOvbsXtf2tLyYh+OiRhV6BGI4=",
+        "narHash": "sha256-J3Jl4Z8SJHj+ogyohPeypT5LmQtCupdBteFezwiEZ9E=",
        "owner": "anyrun-org",
        "repo": "anyrun-provider",
-        "rev": "6631af0ecb8f245cbf88e972d1522f747d6cd883",
+        "rev": "b20650aa1bf80ae86b5bf5253d21fc0ddb7985c7",
        "type": "github"
      },
      "original": {
@@ -83,11 +83,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1755946532,
+        "lastModified": 1759499898,
-        "narHash": "sha256-POePremlUY5GyA1zfbtic6XLxDaQcqHN6l+bIxdT5gc=",
+        "narHash": "sha256-UNzYHLWfkSzLHDep5Ckb5tXc0fdxwPIrT+MY4kpQttM=",
        "owner": "hyprwm",
        "repo": "aquamarine",
-        "rev": "81584dae2df6ac79f6b6dae0ecb7705e95129ada",
+        "rev": "655e067f96fd44b3f5685e17f566b0e4d535d798",
        "type": "github"
      },
      "original": {
@@ -114,11 +114,11 @@
        "uv2nix": "uv2nix"
      },
      "locked": {
-        "lastModified": 1758177015,
+        "lastModified": 1759322529,
-        "narHash": "sha256-PCUWdbaxayY3YfSjVlyddBMYoGvSaRysd5AmZ8gqSFs=",
+        "narHash": "sha256-yiv/g/tiJI3PI95F7vhTnaf1TDsIkFLrmmFTjWfb6pQ=",
        "owner": "nix-community",
        "repo": "authentik-nix",
-        "rev": "4c626ed84cc0f1278bfba0f534efd6cba2788d75",
+        "rev": "69fac057b2e553ee17c9a09b822d735823d65a6c",
        "type": "github"
      },
      "original": {
@@ -130,16 +130,16 @@
    "authentik-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1758035356,
+        "lastModified": 1759190535,
-        "narHash": "sha256-DkvxDwHCfSqEpZ9rRXNR8MP0Mz/y1kHAr38exrHQ39c=",
+        "narHash": "sha256-pIzDaoDWc58cY/XhsyweCwc4dfRvkaT/zqsV1gDSnCI=",
        "owner": "goauthentik",
        "repo": "authentik",
-        "rev": "680feaefa17934471a6b33ebc35caf5b64120404",
+        "rev": "8d3a289d12c7de2f244c76493af7880f70d08af2",
        "type": "github"
      },
      "original": {
        "owner": "goauthentik",
-        "ref": "version/2025.8.3",
+        "ref": "version/2025.8.4",
        "repo": "authentik",
        "type": "github"
      }
@@ -153,11 +153,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1758642505,
+        "lastModified": 1759532138,
-        "narHash": "sha256-056XfEHlYdBKU2RtN4R+9m2nzL588TCZ8AsIviWONRg=",
+        "narHash": "sha256-sLQIlgDwMP3mEY2PwjGW+cL56QQ2n2WXoZ3GpG5QWOY=",
        "owner": "chaotic-cx",
        "repo": "nyx",
-        "rev": "0fe60fa161631289a051fef36dfaab28465ddc7b",
+        "rev": "bad02bbca5b5c6d45539a0d740ad0e21b1ba9afc",
        "type": "github"
      },
      "original": {
@@ -212,11 +212,11 @@
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
-        "lastModified": 1758695884,
+        "lastModified": 1759646430,
-        "narHash": "sha256-rnHjtBRkcwRkrUZxg0RqN1qWTG+QC/gj4vn9uzEkBww=",
+        "narHash": "sha256-V8mjmGzi9nS7BZfhpzYAOUg3BcCsC6MrEh9xlKq3+7s=",
        "owner": "nix-community",
        "repo": "fenix",
-        "rev": "9cdb79384d02234fb2868eba6c7d390253ef6f83",
+        "rev": "b326bea4d58c9a58b346f17c710538eac00f71d1",
        "type": "github"
      },
      "original": {
@@ -312,11 +312,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1754487366,
+        "lastModified": 1756770412,
-        "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
+        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
+        "rev": "4524271976b625a4a605beefd893f270620fd751",
        "type": "github"
      },
      "original": {
@@ -332,11 +332,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1756770412,
+        "lastModified": 1759362264,
-        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
+        "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "4524271976b625a4a605beefd893f270620fd751",
+        "rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
        "type": "github"
      },
      "original": {
@@ -392,11 +392,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1756770412,
+        "lastModified": 1759362264,
-        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
+        "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "4524271976b625a4a605beefd893f270620fd751",
+        "rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
        "type": "github"
      },
      "original": {
@@ -491,11 +491,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758108966,
+        "lastModified": 1759523803,
-        "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=",
+        "narHash": "sha256-PTod9NG+i3XbbnBKMl/e5uHDBYpwIWivQ3gOWSEuIEM=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b",
+        "rev": "cfc9f7bb163ad8542029d303e599c0f7eee09835",
        "type": "github"
      },
      "original": {
@@ -571,11 +571,11 @@
    },
    "hardware": {
      "locked": {
-        "lastModified": 1758663926,
+        "lastModified": 1759582739,
-        "narHash": "sha256-6CFdj7Xs616t1W4jLDH7IohAAvl5Dyib3qEv/Uqw1rk=",
+        "narHash": "sha256-spZegilADH0q5OngM86u6NmXxduCNv5eX9vCiUPhOYc=",
        "owner": "nixos",
        "repo": "nixos-hardware",
-        "rev": "170ff93c860b2a9868ed1e1102d4e52cb3d934e1",
+        "rev": "3441b5242af7577230a78ffb03542add264179ab",
        "type": "github"
      },
      "original": {
@@ -590,11 +590,11 @@
        "rust-overlay": "rust-overlay_2"
      },
      "locked": {
-        "lastModified": 1758722153,
+        "lastModified": 1759605748,
-        "narHash": "sha256-q0t19uo2qGy9iA+pvhQ97jQ4jMWJfG3a3diLspPeBAQ=",
+        "narHash": "sha256-qALSaIE4fbTo0wbPjEp7RZKbtFk1cDhRZ0BYOHW0JwQ=",
        "owner": "helix-editor",
        "repo": "helix",
-        "rev": "ed08fbd4102e320bf96f2af2854b9de77df7a104",
+        "rev": "6fffaf6a7ded9a12fb2d5715a4eb83787a5e6402",
        "type": "github"
      },
      "original": {
@@ -610,11 +610,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758719930,
+        "lastModified": 1759573136,
-        "narHash": "sha256-DgHe1026Ob49CPegPMiWj1HNtlMTGQzfSZQQVlHC950=",
+        "narHash": "sha256-ILSPD0Dm8p0w0fCVzOx98ZH8yFDrR75GmwmH3fS2VnE=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "142acd7a7d9eb7f0bb647f053b4ddfd01fdfbf1d",
+        "rev": "5f06ceafc6c9b773a776b9195c3f47bbe1defa43",
        "type": "github"
      },
      "original": {
@@ -652,11 +652,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758464306,
+        "lastModified": 1759337100,
-        "narHash": "sha256-i56XRXqjwJRdVYmpzVUQ0ktqBBHqNzQHQMQvFRF/acQ=",
+        "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "939e91e1cff1f99736c5b02529658218ed819a2a",
+        "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3",
        "type": "github"
      },
      "original": {
@@ -710,11 +710,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758192433,
+        "lastModified": 1759490292,
-        "narHash": "sha256-CR6RnqEJSTiFgA6KQY4TTLUWbZ8RBnb+hxQqesuQNzQ=",
+        "narHash": "sha256-T6iWzDOXp8Wv0KQOCTHpBcmAOdHJ6zc/l9xaztW6Ivc=",
        "owner": "hyprwm",
        "repo": "hyprgraphics",
-        "rev": "c44e749dd611521dee940d00f7c444ee0ae4cfb7",
+        "rev": "9431db625cd9bb66ac55525479dce694101d6d7a",
        "type": "github"
      },
      "original": {
@@ -803,11 +803,11 @@
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1758654510,
+        "lastModified": 1759530922,
-        "narHash": "sha256-V4hLuM9uB4ecz0sFnnrt0idxpw0kGIw+6tLmBw2X0u8=",
+        "narHash": "sha256-9NgZKpibALekGTPDc2O8lP8vFealQSZkXe+L+S7MMZU=",
        "owner": "hyprwm",
        "repo": "hyprland",
-        "rev": "ec9a72d9fbe8372c4cc4e86966f6b13d178b0bba",
+        "rev": "76d998743ac10e712238c1016db4d8e8d16f1049",
        "type": "github"
      },
      "original": {
@@ -824,11 +824,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758531979,
+        "lastModified": 1759613406,
-        "narHash": "sha256-iRv5afKzuu6SkwztqMwZ33161CzBJsyeRHp0uviN9TI=",
+        "narHash": "sha256-PzgQJydp+RlKvwDi807pXPlURdIAVqLppZDga3DwPqg=",
        "owner": "hyprwm",
        "repo": "contrib",
-        "rev": "de79078fd59140067e53cd00ebdf17f96ce27846",
+        "rev": "32e1a75b65553daefb419f0906ce19e04815aa3a",
        "type": "github"
      },
      "original": {
@@ -942,11 +942,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1757694755,
+        "lastModified": 1759080228,
-        "narHash": "sha256-j+w5QUUr2QT/jkxgVKecGYV8J7fpzXCMgzEEr6LG9ug=",
+        "narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=",
        "owner": "hyprwm",
        "repo": "hyprland-qtutils",
-        "rev": "5ffdfc13ed03df1dae5084468d935f0a3f2c9a4c",
+        "rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7",
        "type": "github"
      },
      "original": {
@@ -971,11 +971,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1756810301,
+        "lastModified": 1758927902,
-        "narHash": "sha256-wgZ3VW4VVtjK5dr0EiK9zKdJ/SOqGIBXVG85C3LVxQA=",
+        "narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=",
        "owner": "hyprwm",
        "repo": "hyprlang",
-        "rev": "3d63fb4a42c819f198deabd18c0c2c1ded1de931",
+        "rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da",
        "type": "github"
      },
      "original": {
@@ -1006,11 +1006,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758124489,
+        "lastModified": 1759572448,
-        "narHash": "sha256-YiVF/8Me3vVKJBEgGpQhn0HF09EWfXZGaWLzAaJBrO4=",
+        "narHash": "sha256-o+r44fqPQM+/hQdjFy9qV9C51Jhty6M4icFVYocyJfA=",
        "owner": "hyprwm",
        "repo": "hyprlock",
-        "rev": "7f769fa993cb492982d7bf25676c68ddbcc0268e",
+        "rev": "c8a6768dca626cf7d7cbc333095f048bc007b6d9",
        "type": "github"
      },
      "original": {
@@ -1069,11 +1069,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1756117388,
+        "lastModified": 1759490926,
-        "narHash": "sha256-oRDel6pNl/T2tI+nc/USU9ZP9w08dxtl7hiZxa0C/Wc=",
+        "narHash": "sha256-7IbZGJ5qAAfZsGhBHIsP8MBsfuFYS0hsxYHVkkeDG5Q=",
        "owner": "hyprwm",
        "repo": "hyprutils",
-        "rev": "b2ae3204845f5f2f79b4703b441252d8ad2ecfd0",
+        "rev": "94cce794344538c4d865e38682684ec2bbdb2ef3",
        "type": "github"
      },
      "original": {
@@ -1191,11 +1191,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1757230583,
+        "lastModified": 1759387127,
-        "narHash": "sha256-4uqu7sFPOaVTCogsxaGMgbzZ2vK40GVGMfUmrvK3/LY=",
+        "narHash": "sha256-uuwJAP92SkHmnI1zo7rrK/gEuHtb97vFZcMa5w+0SZA=",
        "owner": "Jovian-Experiments",
        "repo": "Jovian-NixOS",
-        "rev": "fc3960e6c32c9d4f95fff2ef84444284d24d3bea",
+        "rev": "0cc290e05882745060fccfe6d7d073f913e0cce7",
        "type": "github"
      },
      "original": {
@@ -1229,11 +1229,11 @@
    },
    "mnw": {
      "locked": {
-        "lastModified": 1756659871,
+        "lastModified": 1758834834,
-        "narHash": "sha256-v6Rh4aQ6RKjM2N02kK9Usn0Ix7+OY66vNpeklc1MnGE=",
+        "narHash": "sha256-Y7IvY4F8vajZyp3WGf+KaiIVwondEkMFkt92Cr9NZmg=",
        "owner": "Gerg-L",
        "repo": "mnw",
-        "rev": "ed6cc3e48557ba18266e598a5ebb6602499ada16",
+        "rev": "cfbc7d1cc832e318d0863a5fc91d940a96034001",
        "type": "github"
      },
      "original": {
@@ -1268,62 +1268,6 @@
        "type": "github"
      }
    },
    "niri": {
      "inputs": {
        "niri-stable": "niri-stable",
        "niri-unstable": "niri-unstable",
        "nixpkgs": "nixpkgs_8",
        "nixpkgs-stable": "nixpkgs-stable",
        "xwayland-satellite-stable": "xwayland-satellite-stable",
        "xwayland-satellite-unstable": "xwayland-satellite-unstable"
      },
      "locked": {
        "lastModified": 1758697829,
        "narHash": "sha256-1pO4A16ssvjHNyHilpvxo15mBkAifCSOiLs3hBlrYdU=",
        "owner": "sodiboo",
        "repo": "niri-flake",
        "rev": "9dbeb8f613d2da107bff8375c2db7182a2bb79bb",
        "type": "github"
      },
      "original": {
        "owner": "sodiboo",
        "repo": "niri-flake",
        "type": "github"
      }
    },
    "niri-stable": {
      "flake": false,
      "locked": {
        "lastModified": 1756556321,
        "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=",
        "owner": "YaLTeR",
        "repo": "niri",
        "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294",
        "type": "github"
      },
      "original": {
        "owner": "YaLTeR",
        "ref": "v25.08",
        "repo": "niri",
        "type": "github"
      }
    },
    "niri-unstable": {
      "flake": false,
      "locked": {
        "lastModified": 1758691861,
        "narHash": "sha256-CYgoGrY/Fx+hjzp8graTxJw1M7mn1f2jBkK26M04T0s=",
        "owner": "YaLTeR",
        "repo": "niri",
        "rev": "e837e39623457dc5ad29c34a5ce4d4616e5fbf1e",
        "type": "github"
      },
      "original": {
        "owner": "YaLTeR",
        "repo": "niri",
        "type": "github"
      }
    },
    "nix-gaming": {
      "inputs": {
        "flake-parts": [
@@ -1334,11 +1278,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758678659,
+        "lastModified": 1759629535,
-        "narHash": "sha256-Ff5IFCEABf3CStKvf8MqJe7jwrHk2J8swdYTrwOj9dk=",
+        "narHash": "sha256-VIXcJ2ahRgoqIUySwAz3r5mtITO2dp6tXGCVKVW6FmA=",
        "owner": "fufexan",
        "repo": "nix-gaming",
-        "rev": "6418c314274a8ce27078402ab1fbac7c06da7a36",
+        "rev": "df388c42b54714bd121796a9cec9322b7fa2894e",
        "type": "github"
      },
      "original": {
@@ -1401,45 +1345,13 @@
        "type": "github"
      }
    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1758589230,
        "narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "d1d883129b193f0b495d75c148c2c3a7d95789a0",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_10": {
      "locked": {
        "lastModified": 1756696532,
        "narHash": "sha256-6FWagzm0b7I/IGigOv9pr6LL7NQ86mextfE8g8Q6HBg=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "58dcbf1ec551914c3756c267b8b9c8c86baa1b2f",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1755186698,
+        "lastModified": 1758690382,
-        "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
+        "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
+        "rev": "e643668fd71b949c53f8626614b21ff71a07379d",
        "type": "github"
      },
      "original": {
@@ -1451,11 +1363,11 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1758633633,
+        "lastModified": 1759147044,
-        "narHash": "sha256-20FVSEcXWV0P1A/1EDMUH7UVFvktg/ltBNqHJmoQTO8=",
+        "narHash": "sha256-3ZPFytJOcLjTChljeaGgoaNj+tOqzgEpqZAvRe3bU90=",
        "owner": "PedroHLC",
        "repo": "nixpkgs",
-        "rev": "36740bcdb7ea5625132575da3c627032b812c236",
+        "rev": "18e83bbe13aa50992777832b52bd0e0d8585fb3b",
        "type": "github"
      },
      "original": {
@@ -1499,11 +1411,11 @@
    },
    "nixpkgs_6": {
      "locked": {
-        "lastModified": 1758198701,
+        "lastModified": 1759381078,
-        "narHash": "sha256-7To75JlpekfUmdkUZewnT6MoBANS0XVypW6kjUOXQwc=",
+        "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "0147c2f1d54b30b5dd6d4a8c8542e8d7edf93b5d",
+        "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
        "type": "github"
      },
      "original": {
@@ -1531,11 +1443,11 @@
    },
    "nixpkgs_8": {
      "locked": {
-        "lastModified": 1758427187,
+        "lastModified": 1759381078,
-        "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=",
+        "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46",
+        "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
        "type": "github"
      },
      "original": {
@@ -1547,16 +1459,16 @@
    },
    "nixpkgs_9": {
      "locked": {
-        "lastModified": 1758427187,
+        "lastModified": 1759386674,
-        "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=",
+        "narHash": "sha256-wg1Lz/1FC5Q13R+mM5a2oTV9TA9L/CHHTm3/PiLayfA=",
-        "owner": "NixOS",
+        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46",
+        "rev": "625ad6366178f03acd79f9e3822606dd7985b657",
        "type": "github"
      },
      "original": {
-        "owner": "NixOS",
+        "owner": "nixos",
-        "ref": "nixos-unstable",
+        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
@@ -1566,15 +1478,15 @@
        "flake-compat": "flake-compat_5",
        "flake-parts": "flake-parts_5",
        "mnw": "mnw",
-        "nixpkgs": "nixpkgs_10",
+        "nixpkgs": "nixpkgs_9",
        "systems": "systems_5"
      },
      "locked": {
-        "lastModified": 1758271661,
+        "lastModified": 1759469269,
-        "narHash": "sha256-ENqd2/33uP5vB44ClDjjAV+J78oF8q1er4QUZuT8Z7g=",
+        "narHash": "sha256-DP833ejGUNRRHsJOB3WRTaWWXLNucaDga2ju/fGe+sc=",
        "owner": "notashelf",
        "repo": "nvf",
-        "rev": "b7571df4d6e9ac08506a738ddceeec0b141751b0",
+        "rev": "e48638aef3a95377689de0ef940443c64f870a09",
        "type": "github"
      },
      "original": {
@@ -1702,9 +1614,8 @@
        "hyprlock": "hyprlock",
        "hyprpaper": "hyprpaper",
        "lanzaboote": "lanzaboote",
        "niri": "niri",
        "nix-gaming": "nix-gaming",
-        "nixpkgs": "nixpkgs_9",
+        "nixpkgs": "nixpkgs_8",
        "nvf": "nvf",
        "systems": "systems_6",
        "treefmt-nix": "treefmt-nix",
@@ -1715,11 +1626,11 @@
    "rust-analyzer-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1758620797,
+        "lastModified": 1759601486,
-        "narHash": "sha256-Ly4rHgrixFMBnkbMursVt74mxnntnE6yVdF5QellJ+A=",
+        "narHash": "sha256-ZywfLIFtRr907us1tONwUJLeg3ssO4D01XBFHx7RdAo=",
        "owner": "rust-lang",
        "repo": "rust-analyzer",
-        "rev": "905641f3520230ad6ef421bcf5da9c6b49f2479b",
+        "rev": "4ae99f0150c94f4bdf7192b4447f512ece3546fd",
        "type": "github"
      },
      "original": {
@@ -1737,11 +1648,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758422215,
+        "lastModified": 1759458749,
-        "narHash": "sha256-JvF5SXhp1wBHbfEVAWgJCDVSO8iknfDqXfqMch5YWg0=",
+        "narHash": "sha256-WKnbJnm1B2+TO2ZUudgS39EzecQeLl4/bnRtd3y46LI=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "6f3988eb5885f1e2efa874a480d91de09a7f9f0b",
+        "rev": "bbc3a8ae797d1700e57a4f4bcc4e79af727d4138",
        "type": "github"
      },
      "original": {
@@ -2005,39 +1916,6 @@
        "type": "github"
      }
    },
    "xwayland-satellite-stable": {
      "flake": false,
      "locked": {
        "lastModified": 1755491097,
        "narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=",
        "owner": "Supreeeme",
        "repo": "xwayland-satellite",
        "rev": "388d291e82ffbc73be18169d39470f340707edaa",
        "type": "github"
      },
      "original": {
        "owner": "Supreeeme",
        "ref": "v0.7",
        "repo": "xwayland-satellite",
        "type": "github"
      }
    },
    "xwayland-satellite-unstable": {
      "flake": false,
      "locked": {
        "lastModified": 1758577423,
        "narHash": "sha256-sB2GAOjhjoWnjU6A/uHNJiY6O3UeztV5pJAN2g1FkXU=",
        "owner": "Supreeeme",
        "repo": "xwayland-satellite",
        "rev": "03368548ba745e17a85bd631613a59cb2d8469a4",
        "type": "github"
      },
      "original": {
        "owner": "Supreeeme",
        "repo": "xwayland-satellite",
        "type": "github"
      }
    },
    "zen-browser": {
      "inputs": {
        "nixpkgs": [
@@ -2045,11 +1923,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758575291,
+        "lastModified": 1759590499,
-        "narHash": "sha256-Y/sVWFUNVI663tnNvMZ/n3bLsg8V7idA4M2eaoHxmhs=",
+        "narHash": "sha256-EBToRzqe5WMz4DQyxOp9/CP+rWjdaZ2EUwbItfNf3VI=",
        "ref": "refs/heads/main",
-        "rev": "ee14b24cfe16dd9bc02aa25409a2a4349ed361c9",
+        "rev": "6e606c8bfa6a88209488790388b1005bc489fa66",
-        "revCount": 131,
+        "revCount": 136,
        "type": "git",
        "url": "https://git.sr.ht/~canasta/zen-browser-flake"
      },
--- a/flake.nix
+++ b/flake.nix
@@ -1,8 +1,9 @@
 {
  description = "cnix nix";
-  outputs = inputs:
+  outputs =
-    inputs.flake-parts.lib.mkFlake {inherit inputs;} {
+    inputs:
    inputs.flake-parts.lib.mkFlake { inherit inputs; } {
      systems = [
        "x86_64-linux"
        "aarch64-linux"
@@ -16,11 +17,13 @@
        ./fmt-hooks.nix
      ];
-      perSystem = {
+      perSystem =
        {
          config,
          pkgs,
          ...
-      }: {
+        }:
        {
          devShells.default = pkgs.mkShell {
            packages = [
              pkgs.git
@@ -144,8 +147,6 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    niri.url = "github:sodiboo/niri-flake";
    # Custom
    tuirun = {
      url = "git+https://git.sr.ht/~canasta/tuirun";
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -4,8 +4,10 @@
  homeImports,
  self,
  ...
-}: {
+}:
-  flake.nixosConfigurations = let
+{
  flake.nixosConfigurations =
    let
      cLib = import ../lib inputs.nixpkgs.lib;
      userConfig = "${self}/home";
      systemConfig = "${self}/system";
@@ -35,7 +37,8 @@
          smodPath
          ;
      };
-  in {
+    in
    {
      kima = nixosSystem {
        inherit specialArgs;
        modules = [
--- a/hosts/kima/modules.nix
+++ b/hosts/kima/modules.nix
@@ -5,6 +5,7 @@
        variant = "latest";
        hardware = [ "amd" ];
        extraKernelParams = [ ];
        amdOverdrive.enable = true;
      };
      loader = {
        default = {
@@ -214,6 +215,9 @@
        scheduler = "scx_lavd";
        flags = "--performance";
      };
      tailscale = {
        enable = true;
      };
      udisks = {
        enable = true;
      };
--- a/hosts/sobotka/default.nix
+++ b/hosts/sobotka/default.nix
@@ -39,6 +39,7 @@ in {
      "share"
      "jellyfin"
      "render"
      "traefik"
    ];
  };
--- a/hosts/sobotka/modules.nix
+++ b/hosts/sobotka/modules.nix
@@ -3,8 +3,8 @@
    boot = {
      kernel = {
        variant = "latest";
-        hardware = [ "amd" ];
+        hardware = ["amd"];
-        extraKernelParams = [ ];
+        extraKernelParams = [];
      };
      loader = {
        default = {
@@ -213,6 +213,9 @@
        scheduler = "scx_lavd";
        flags = "--performance";
      };
      tailscale = {
        enable = true;
      };
      udisks = {
        enable = true;
      };
--- a/hosts/sobotka/server.nix
+++ b/hosts/sobotka/server.nix
@@ -8,25 +8,15 @@
    uid = 994;
    gid = 993;
    authentik = {
      enable = true;
    };
    traefik = {
      enable = true;
    };
    www = {
      enable = true;
      url = "cnst.dev";
    };
    gitea = {
      enable = true;
    };
    unbound = {
      enable = true;
    };
    acme = {
      enable = false;
    };
    homepage-dashboard = {
      enable = true;
    };
@@ -65,6 +55,22 @@
        credentialsFile = config.age.secrets.vaultwardenCloudflared.path;
      };
    };
    www = {
      enable = true;
      url = "cnst.dev";
      cloudflared = {
        tunnelId = "e5076186-efb7-405a-998c-6155af7fb221";
        credentialsFile = config.age.secrets.wwwCloudflared.path;
      };
    };
    authentik = {
      enable = true;
      url = "auth.cnst.dev";
      cloudflared = {
        tunnelId = "b66f9368-db9e-4302-8b48-527cda34a635";
        credentialsFile = config.age.secrets.authentikCloudflared.path;
      };
    };
    nextcloud = {
      enable = true;
      adminpassFile = config.age.secrets.nextcloudAdminPass.path;
--- a/hosts/ziggy/server.nix
+++ b/hosts/ziggy/server.nix
@@ -11,9 +11,6 @@
    unbound = {
      enable = true;
    };
    acme = {
      enable = true;
    };
    homepage-dashboard = {
      enable = false;
    };
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -100,7 +100,6 @@
        ./nixos/services/virtualisation
        ./nixos/services/locate
        ./nixos/services/mullvad
        ./nixos/services/mullvad-netns
        ./nixos/services/nfs
        ./nixos/services/nix-ld
        ./nixos/services/openssh
@@ -114,6 +113,7 @@
        ./nixos/services/udisks
        ./nixos/services/xserver
        ./nixos/services/zram
        ./nixos/services/tailscale
        ./nixos/system/fonts
        ./nixos/system/locale
@@ -123,7 +123,6 @@
    server = {
      imports = [
        ./server
        ./server/acme
        ./server/fail2ban
        ./server/homepage-dashboard
        ./server/nextcloud
--- a/modules/home/programs/mpv/default.nix
+++ b/modules/home/programs/mpv/default.nix
@@ -7,6 +7,9 @@
 let
  inherit (lib) mkIf mkEnableOption;
  cfg = config.home.programs.mpv;
  inherit (config.xdg.userDirs) videos;
  inherit (config.home) homeDirectory;
  shaders_dir = "${pkgs.mpv-shim-default-shaders}/share/mpv-shim-default-shaders/shaders";
 in
 {
  options = {
@@ -15,8 +18,71 @@ in
  config = mkIf cfg.enable {
    programs.mpv = {
      enable = true;
-      defaultProfiles = [ "gpu-hq" ];
+      config = {
-      scripts = [ pkgs.mpvScripts.mpris ];
+        profile = "gpu-hq";
        gpu-context = "wayland";
        vo = "gpu-next";
        video-sync = "display-resample";
        interpolation = true;
        tscale = "oversample";
        fullscreen = false;
        keep-open = true;
        sub-auto = "fuzzy";
        sub-font = "Noto Sans Medium";
        sub-blur = 10;
        screenshot-format = "png";
        title = "\${filename} - mpv";
        script-opts = "osc-title=\${filename},osc-boxalpha=150,osc-visibility=never,osc-boxvideo=yes";
        ytdl-format = "bestvideo[height<=?1440]+bestaudio/best";
        ao = "pipewire";
        alang = "eng,en";
        slang = "eng,en,enUS";
        glsl-shader = "${homeDirectory}/.config/mpv/shaders/FSR.glsl";
        scale = "lanczos";
        cscale = "lanczos";
        dscale = "mitchell";
        deband = "yes";
        scale-antiring = 1;
        osc = "no";
        osd-on-seek = "no";
        osd-bar = "no";
        osd-bar-w = 30;
        osd-bar-h = "0.2";
        osd-duration = 750;
        really-quiet = "yes";
        autofit = "65%";
      };
      bindings = {
        "ctrl+a" = "script-message osc-visibility cycle";
      };
      scripts = with pkgs.mpvScripts; [
        mpris
        uosc
        thumbfast
        sponsorblock
        autocrop
      ];
    };
    programs.yt-dlp = {
      enable = true;
      extraConfig = ''
        -o ${videos}/youtube/%(title)s.%(ext)s
      '';
    };
    home = {
      file = {
        ".config/mpv/shaders/FSR.glsl".source = "${shaders_dir}/FSR.glsl";
      };
      packages = with pkgs; [
        jellyfin-mpv-shim
      ];
    };
  };
 }
--- a/modules/nixos/boot/kernel/default.nix
+++ b/modules/nixos/boot/kernel/default.nix
@@ -5,7 +5,12 @@
  ...
 }:
 let
-  inherit (lib) mkOption types;
+  inherit (lib)
    mkOption
    types
    mkEnableOption
    mkIf
    ;
  cfg = config.nixos.boot.kernel;
  hasHardware = hw: builtins.elem hw cfg.hardware;
@@ -37,8 +42,11 @@ in
        );
        default = [ ];
        description = "List of hardware types (e.g. GPU and CPU vendors) to configure kernel settings for.";
      };
      amdOverdrive.enable = mkEnableOption "Enable AMD pstate/overdrive";
      extraKernelParams = mkOption {
        type = types.listOf types.str;
        default = [ ];
@@ -74,7 +82,7 @@ in
        "quiet"
        "splash"
      ]
-      ++ (if hasHardware "amd" then [ "amd_pstate=active" ] else [ ])
+      ++ (if hasHardware "amd" then [ ] else [ ])
      ++ (if hasHardware "intel" then [ ] else [ ])
      ++ (if hasHardware "nvidia" then [ ] else [ ])
      ++ cfg.extraKernelParams;
@@ -85,5 +93,6 @@ in
        ++ (if hasHardware "nvidia" then [ "nouveau" ] else [ ])
        ++ cfg.extraBlacklistedModules;
    };
    hardware.amdgpu.overdrive.enable = mkIf cfg.amdOverdrive.enable true;
  };
 }
--- a/modules/nixos/hardware/graphics/default.nix
+++ b/modules/nixos/hardware/graphics/default.nix
@@ -89,7 +89,8 @@ in
  config = mkIf cfg.enable (mkMerge [
    {
-      hardware.graphics = {
+      hardware = {
        graphics = {
          enable = true;
          enable32Bit = true;
          extraPackages = flatten (
@@ -121,6 +122,7 @@ in
          extraPackages32 = flatten (concatMap (_: commonPackages32) cfg.vendors);
        };
      };
      environment.systemPackages = flatten (
        concatMap (
@@ -145,10 +147,6 @@ in
      );
    }
    (mkIf (hasVendor "amd") {
      hardware.amdgpu.overdrive.enable = true;
    })
    (mkIf (hasVendor "nvidia") {
      hardware.nvidia = {
        package =
--- a/modules/nixos/programs/niri/default.nix
+++ b/modules/nixos/programs/niri/default.nix
@@ -1,6 +1,5 @@
 {
  config,
  inputs,
  lib,
  pkgs,
  ...
@@ -14,22 +13,22 @@ in
    nixos.programs.niri.enable = mkEnableOption "Enables niri";
  };
  config = mkIf cfg.enable {
    nixpkgs.overlays = [ inputs.niri.overlays.niri ];
    environment = {
      variables = {
        DISPLAY = ":0";
        NIXOS_OZONE_WL = "1";
        QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
      };
      systemPackages = with pkgs; [
-        xwayland-satellite-unstable
+        xwayland-satellite
        wl-clipboard
        wayland-utils
        xdg-utils
      ];
    };
    systemd.user.services.niri-flake-polkit.enable = false;
    programs.niri = {
      enable = true;
      package = pkgs.niri-unstable;
    };
  };
 }
--- a/modules/nixos/services/agenix/default.nix
+++ b/modules/nixos/services/agenix/default.nix
@@ -74,19 +74,11 @@ in {
          wgCredentials.file = "${self}/secrets/wgCredentials.age";
          wgSobotkaPrivateKey.file = "${self}/secrets/wgSobotkaPrivateKey.age";
          gluetunEnvironment.file = "${self}/secrets/gluetunEnvironment.age";
          nextcloudAdminPass.file = "${self}/secrets/nextcloudAdminPass.age";
          nextcloudCloudflared.file = "${self}/secrets/nextcloudCloudflared.age";
          vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
          vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
          homepageEnvironment.file = "${self}/secrets/homepageEnvironment.age";
          pihole.file = "${self}/secrets/pihole.age";
          slskd.file = "${self}/secrets/slskd.age";
        };
      })
      (mkIf cfg.ziggy.enable {
        secrets = {
          cloudflareDnsCredentialsZiggy.file = "${self}/secrets/cloudflareDnsCredentialsZiggy.age";
          piholeZiggy.file = "${self}/secrets/piholeZiggy.age";
        };
      })
      (mkIf cfg.toothpc.enable {
--- a/modules/nixos/services/greetd/default.nix
+++ b/modules/nixos/services/greetd/default.nix
@@ -63,7 +63,7 @@ in
          settings = rec {
            tuigreet_session =
              let
-                session = "${pkgs.niri-unstable}/bin/niri-session";
+                session = "${pkgs.niri}/bin/niri-session";
                tuigreet = "${lib.getExe pkgs.tuigreet}";
              in
              {
--- a/modules/nixos/services/mullvad-netns/default.nix
+++ b/modules/nixos/services/mullvad-netns/default.nix
@@ -1,50 +0,0 @@
 { self, pkgs, ... }:
 {
  age.secrets.wgCredentials = {
    file = "${self}/secrets/wgCredentials.age";
    mode = "0400";
    owner = "root";
    group = "root";
    path = "/etc/wireguard/mullvad.conf";
  };
  systemd.services.mullvad-netns = {
    description = "WireGuard Mullvad netns for VMs";
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
      ExecStart = "${pkgs.writeShellScript "mullvad-netns-up" ''
        set -euo pipefail
        ip netns add mullvad || true
        ip link add veth0 type veth peer name veth1 || true
        ip link set veth1 netns mullvad
        ip addr add 10.250.0.1/24 dev veth0 || true
        ip link set veth0 up
        ip netns exec mullvad ip addr add 10.250.0.2/24 dev veth1 || true
        ip netns exec mullvad ip link set veth1 up
        ip netns exec mullvad wg-quick up /etc/wireguard/mullvad.conf
        ip netns exec mullvad ip route add default dev wg0 || true
        nft add table ip mullvad-nat || true
        nft add chain ip mullvad-nat postrouting { type nat hook postrouting priority 100 \; } || true
        nft add rule ip mullvad-nat postrouting ip saddr 10.250.0.0/24 oif "wg0" masquerade || true
      ''}";
      ExecStop = "${pkgs.writeShellScript "mullvad-netns-down" ''
        set -euo pipefail
        ip netns exec mullvad wg-quick down /etc/wireguard/mullvad.conf || true
        ip link delete veth0 || true
        ip netns delete mullvad || true
        nft delete table ip mullvad-nat || true
      ''}";
    };
    # no wantedBy here -> won't start at boot
  };
 }
--- a/modules/nixos/services/tailscale/default.nix
+++ b/modules/nixos/services/tailscale/default.nix
@@ -0,0 +1,16 @@
 {
  config,
  lib,
  ...
 }:
 with lib; let
  cfg = config.nixos.services.tailscale;
 in {
  options.nixos.services.tailscale = {
    enable = mkEnableOption "Enable tailscale";
  };
  config = mkIf cfg.enable {
    services.tailscale.enable = true;
  };
 }
--- a/modules/nixos/system/xdg/default.nix
+++ b/modules/nixos/system/xdg/default.nix
@@ -30,13 +30,19 @@ in
      enable = true;
      xdgOpenUsePortal = cfg.xdgOpenUsePortal;
      config = {
-        common.default = [ "gtk" ];
+        common.default = [
          "gtk"
          "gnome"
        ];
        hyprland.default = [
          "gtk"
          "hyprland"
        ];
      };
-      extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
+      extraPortals = with pkgs; [
        xdg-desktop-portal-gtk
        xdg-desktop-portal-gnome
      ];
    };
  };
 }
--- a/modules/server/acme/default.nix
+++ b/modules/server/acme/default.nix
@@ -1,84 +0,0 @@
 {
  config,
  lib,
  ...
 }: let
  inherit (lib) mkIf mkEnableOption;
  cfg = config.server.acme;
  getCloudflareCredentials = hostname:
    if hostname == "ziggy"
    then config.age.secrets.cloudflareDnsCredentialsZiggy.path
    else if hostname == "sobotka"
    then config.age.secrets.cloudflareDnsCredentials.path
    else throw "Unknown hostname: ${hostname}";
 in {
  options = {
    server.acme.enable = mkEnableOption "Enables ACME";
  };
  config = mkIf cfg.enable {
    networking.firewall = let
      ports = [
        80
        443
      ];
    in {
      allowedTCPPorts = ports;
    };
    security.acme = {
      acceptTerms = true;
      defaults.email = config.server.email;
      certs.${config.server.domain} = {
        reloadServices = ["caddy.service"];
        domain = "${config.server.domain}";
        extraDomainNames = ["*.${config.server.domain}"];
        dnsProvider = "cloudflare";
        dnsResolver = "1.1.1.1:53";
        dnsPropagationCheck = true;
        group = config.services.caddy.group;
        environmentFile = getCloudflareCredentials config.networking.hostName;
      };
      certs.${config.server.www.url} = {
        reloadServices = ["caddy.service"];
        domain = "${config.server.www.url}";
        extraDomainNames = ["*.${config.server.www.url}"];
        dnsProvider = "cloudflare";
        dnsResolver = "1.1.1.1:53";
        dnsPropagationCheck = true;
        group = config.services.caddy.group;
        environmentFile = getCloudflareCredentials config.networking.hostName;
      };
    };
    services.caddy = {
      enable = true;
      globalConfig = ''
        auto_https off
      '';
      virtualHosts = {
        "http://${config.server.domain}" = {
          extraConfig = ''
            redir https://{host}{uri}
          '';
        };
        "http://*.${config.server.domain}" = {
          extraConfig = ''
            redir https://{host}{uri}
          '';
        };
        "http://${config.server.www.url}" = {
          extraConfig = ''
            redir https://{host}{uri}
          '';
        };
        "http://*.${config.server.www.url}" = {
          extraConfig = ''
            redir https://{host}{uri}
          '';
        };
      };
    };
  };
 }
--- a/modules/server/authentik/default.nix
+++ b/modules/server/authentik/default.nix
@@ -15,7 +15,21 @@ in {
    };
    url = lib.mkOption {
      type = lib.types.str;
-      default = "auth.${srv.domain}";
+      default = "auth.${srv.www.domain}";
    };
    cloudflared = {
      credentialsFile = lib.mkOption {
        type = lib.types.str;
        example = lib.literalExpression ''
          pkgs.writeText "cloudflare-credentials.json" '''
          {"AccountTag":"secret"."TunnelSecret":"secret","TunnelID":"secret"}
          '''
        '';
      };
      tunnelId = lib.mkOption {
        type = lib.types.str;
        example = "00000000-0000-0000-0000-000000000000";
      };
    };
    homepage.name = lib.mkOption {
      type = lib.types.str;
@@ -36,10 +50,28 @@ in {
  };
  config = lib.mkIf cfg.enable {
-    age.secrets.authentikEnv = {
+    age.secrets = {
      authentikEnv = {
        file = "${self}/secrets/authentikEnv.age";
        owner = "authentik";
      };
      authentikCloudflared = {
        file = "${self}/secrets/authentikCloudflared.age";
        owner = "authentik";
      };
    };
    server = {
      fail2ban = lib.mkIf cfg.enable {
        jails = {
          authentik = {
            serviceName = "authentik";
            failRegex = "^.*Username or password is incorrect.*IP:\s*<HOST>";
          };
        };
      };
    };
    services = {
      authentik = {
        enable = true;
@@ -52,6 +84,15 @@ in {
        };
      };
      cloudflared = {
        enable = true;
        tunnels.${cfg.cloudflared.tunnelId} = {
          credentialsFile = cfg.cloudflared.credentialsFile;
          default = "http_status:404";
          ingress."${cfg.url}".service = "http://127.0.0.1:9000";
        };
      };
      traefik = {
        dynamicConfigOptions = {
          http = {
@@ -89,7 +130,7 @@ in {
            routers = {
              auth = {
                entryPoints = ["websecure"];
-                rule = "Host(`${cfg.url}`) || HostRegexp(`{subdomain:[a-z0-9]+}.${srv.domain}`) && PathPrefix(`/outpost.goauthentik.io/`)";
+                rule = "Host(`${cfg.url}`) || HostRegexp(`{subdomain:[a-z0-9]+}.${srv.www.url}`) && PathPrefix(`/outpost.goauthentik.io/`)";
                service = "auth";
                tls.certResolver = "letsencrypt";
              };
--- a/modules/server/fail2ban/default.nix
+++ b/modules/server/fail2ban/default.nix
@@ -4,11 +4,9 @@
  config,
  pkgs,
  ...
-}:
+}: let
 let
  cfg = config.server.fail2ban;
-in
+in {
 {
  options.server.fail2ban = {
    enable = lib.mkEnableOption {
      description = "Enable cloudflare fail2ban";
@@ -17,7 +15,7 @@ in
      description = "File containing your API key, scoped to Firewall Rules: Edit";
      type = lib.types.str;
      example = lib.literalExpression ''
-        Authorization: Bearer Qj06My1wXJEzcW46QCyjFbSMgVtwIGfX63Ki3NOj79o=
+        Authorization: Bearer vH6-p0y=i4w3n7TjKqZ@x8D_lR!A9b2cOezXgUuJdE5F
        '''
      '';
    };
@@ -57,10 +55,11 @@ in
        pkgs.jq
      ];
-      jails = lib.attrsets.mapAttrs (name: value: {
+      jails =
        lib.attrsets.mapAttrs (name: value: {
          settings = {
-          bantime = "30d";
+            bantime = "24h";
-          findtime = "1h";
+            findtime = "10m";
            enabled = true;
            backend = "systemd";
            journalmatch = "_SYSTEMD_UNIT=${value.serviceName}.service";
@@ -69,27 +68,26 @@ in
            maxretry = 3;
            action = "cloudflare-token-agenix";
          };
-      }) cfg.jails;
+        })
        cfg.jails;
    };
    environment.etc = lib.attrsets.mergeAttrsList [
      (lib.attrsets.mapAttrs' (
-        name: value:
+          name: value: (lib.nameValuePair "fail2ban/filter.d/${name}.conf" {
        (lib.nameValuePair "fail2ban/filter.d/${name}.conf" {
            text = ''
              [Definition]
              failregex = ${value.failRegex}
              ignoreregex = ${value.ignoreRegex}
            '';
          })
-      ) cfg.jails)
+        )
        cfg.jails)
      {
-        "fail2ban/action.d/cloudflare-token-agenix.conf".text =
+        "fail2ban/action.d/cloudflare-token-agenix.conf".text = let
          let
          notes = "Fail2Ban on ${config.networking.hostName}";
          cfapi = "https://api.cloudflare.com/client/v4/zones/${cfg.zoneId}/firewall/access_rules/rules";
-          in
+        in ''
          ''
          [Definition]
          actionstart =
          actionstop =
--- a/modules/server/gitea/default.nix.bak
+++ b/modules/server/gitea/default.nix.bak
@@ -1,119 +0,0 @@
 # taken from @jtojnar
 {
  config,
  lib,
  ...
 }: let
  unit = "gitea";
  srv = config.server;
  cfg = config.server.${unit};
 in {
  options.server.${unit} = {
    enable = lib.mkEnableOption {
      description = "Enable ${unit}";
    };
    url = lib.mkOption {
      type = lib.types.str;
      default = "git.${srv.domain}";
    };
    port = lib.mkOption {
      type = lib.types.int;
      default = 5003;
      description = "The port to host Gitea on.";
    };
    homepage.name = lib.mkOption {
      type = lib.types.str;
      default = "Gitea";
    };
    homepage.description = lib.mkOption {
      type = lib.types.str;
      default = "Git with a cup of tea";
    };
    homepage.icon = lib.mkOption {
      type = lib.types.str;
      default = "gitea.svg";
    };
    homepage.category = lib.mkOption {
      type = lib.types.str;
      default = "Services";
    };
  };
  config = lib.mkIf cfg.enable {
    services.${unit} = {
      enable = true;
      appName = "cnix code forge";
      database = {
        type = "postgres";
        socket = "/run/postgresql";
        name = "gitea";
        user = "gitea";
        createDatabase = false;
      };
      lfs = {
        enable = true;
      };
      settings = {
        cors = {
          ENABLED = true;
          SCHEME = "https";
          ALLOW_DOMAIN = cfg.url;
        };
        log = {
          MODE = "console";
        };
        mailer = {
          ENABLED = false;
          MAILER_TYPE = "sendmail";
          FROM = "noreply+adam@cnst.dev";
          SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
        };
        picture = {
          DISABLE_GRAVATAR = true;
        };
        repository = {
          DEFAULT_BRANCH = "main";
          DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
          DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true;
        };
        indexer = {
          REPO_INDEXER_ENABLED = true;
        };
        server = {
          DOMAIN = cfg.url;
          LANDING_PAGE = "explore";
          HTTP_PORT = cfg.port;
          ROOT_URL = "https://${cfg.url}/";
        };
        security = {
          DISABLE_GIT_HOOKS = false;
        };
        service = {
          DISABLE_REGISTRATION = true;
        };
        session = {
          COOKIE_SECURE = true;
        };
      };
    };
    services.traefik.dynamicConfigOptions.http.routers."${unit}" = {
      rule = "Host(`" + cfg.url + "`)";
      service = "${unit}-service";
      entryPoints = ["websecure"];
      tls = {};
    };
    services.traefik.dynamicConfigOptions.http.services."${unit}-service".loadBalancer.servers = [
      {url = "http://127.0.0.1:${toString cfg.port}";}
    ];
    server.postgresql.databases = [
      {
        database = "gitea";
      }
    ];
  };
 }
--- a/modules/server/homepage-dashboard/default.nix
+++ b/modules/server/homepage-dashboard/default.nix
@@ -1,6 +1,7 @@
 {
  config,
  lib,
  self,
  ...
 }: let
  unit = "homepage-dashboard";
@@ -36,11 +37,16 @@ in {
    };
  };
  config = lib.mkIf cfg.enable {
    age.secrets = {
      homepageEnvironment = {
        file = "${self}/secrets/homepageEnvironment.age";
      };
    };
    services = {
      glances.enable = true;
      ${unit} = {
        enable = true;
-        allowedHosts = srv.domain;
+        environmentFile = config.age.secrets.homepageEnvironment.path;
        settings = {
          layout = [
            {
@@ -79,7 +85,6 @@ in {
          statusStyle = "dot";
          hideVersion = "true";
        };
        widgets = [
          {
            openmeteo = {
@@ -91,32 +96,21 @@ in {
              longitude = 16.324541;
            };
          }
          {
            datetime = {
              text_size = "x1";
              format = {
                hour12 = false;
                timeStyle = "short";
                dateStyle = "long";
              };
            };
          }
          {
            resources = {
-              label = "";
+              label = "SYSTEM";
              memory = true;
-              disk = ["/"];
+              cpu = true;
              uptime = true;
            };
          }
        ];
        services = let
          homepageCategories = [
            "Arr"
            "Media"
            "Downloads"
            "Services"
            "Smart Home"
          ];
          hl = config.server;
          mergedServices = hl // hl.podman;
@@ -222,7 +216,9 @@ in {
      traefik = {
        dynamicConfigOptions = {
          http = {
-            services.homepage.loadBalancer.servers = [{url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}";}];
+            services.homepage.loadBalancer.servers = [
              {url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}";}
            ];
            routers = {
              homepage = {
                entryPoints = ["websecure"];
--- a/modules/server/nextcloud/default.nix
+++ b/modules/server/nextcloud/default.nix
@@ -2,6 +2,7 @@
  config,
  pkgs,
  lib,
  self,
  ...
 }: let
  unit = "nextcloud";
@@ -45,6 +46,11 @@ in {
    };
  };
  config = lib.mkIf cfg.enable {
    age.secrets = {
      nextcloudAdminPass.file = "${self}/secrets/nextcloudAdminPass.age";
      nextcloudCloudflared.file = "${self}/secrets/nextcloudCloudflared.age";
    };
    server.fail2ban = lib.mkIf config.server.fail2ban.enable {
      jails = {
        nextcloud = {
--- a/modules/server/podman/default.nix
+++ b/modules/server/podman/default.nix
@@ -2,6 +2,7 @@
  config,
  lib,
  pkgs,
  self,
  ...
 }: let
  srv = config.server;
@@ -121,6 +122,11 @@ in {
  };
  config = lib.mkIf cfg.enable {
    age.secrets = {
      pihole.file = "${self}/secrets/${config.networking.hostName}Pihole.age";
      slskd.file = "${self}/secrets/slskd.age";
    };
    virtualisation = {
      containers.enable = true;
      podman.enable = true;
--- a/modules/server/vaultwarden/default.nix
+++ b/modules/server/vaultwarden/default.nix
@@ -2,14 +2,13 @@
 {
  config,
  lib,
  self,
  ...
-}:
+}: let
 let
  inherit (lib) mkIf mkEnableOption;
  vcfg = config.services.vaultwarden.config;
  cfg = config.server.vaultwarden;
-in
+in {
 {
  options = {
    server.vaultwarden = {
      enable = mkEnableOption "Enables vaultwarden";
@@ -35,6 +34,11 @@ in
  };
  config = mkIf cfg.enable {
    age.secrets = {
      vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
      vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
    };
    server = {
      fail2ban = lib.mkIf config.server.fail2ban.enable {
        jails = {
--- a/modules/server/www/default.nix
+++ b/modules/server/www/default.nix
@@ -2,6 +2,7 @@
  lib,
  config,
  pkgs,
  self,
  ...
 }: let
  inherit (lib) mkOption mkEnableOption mkIf types;
@@ -16,29 +17,115 @@ in {
      default = "";
      type = types.str;
      description = ''
-        Public domain name to be used to access the server services via Caddy reverse proxy
+        Public domain name to be used to access the server services via Traefik reverse proxy
      '';
    };
    cloudflared = {
      credentialsFile = lib.mkOption {
        type = lib.types.str;
        example = lib.literalExpression ''
          pkgs.writeText "cloudflare-credentials.json" '''
          {"AccountTag":"secret"."TunnelSecret":"secret","TunnelID":"secret"}
          '''
        '';
      };
      tunnelId = lib.mkOption {
        type = lib.types.str;
        example = "00000000-0000-0000-0000-000000000000";
      };
    };
  };
  config = mkIf cfg.enable {
    age.secrets = {
      wwwCloudflared.file = "${self}/secrets/wwwCloudflared.age";
    };
    server = {
      fail2ban = lib.mkIf config.server.www.enable {
        jails = {
          nginx-404 = {
            serviceName = "nginx";
            failRegex = ''^.*\[error\].*directory index of.* is forbidden.*client: <HOST>.*$'';
            ignoreRegex = "";
            maxRetry = 5;
          };
        };
      };
    };
    services = {
      nginx = {
        enable = true;
        defaultListen = [
          {
            addr = "127.0.0.1";
            port = 8283;
          }
        ];
        virtualHosts."webfinger" = {
          forceSSL = false;
          serverName = cfg.url;
          root = "/var/www/webfinger";
          locations."= /.well-known/webfinger" = {
            root = "/var/www/webfinger";
            extraConfig = ''
              default_type application/jrd+json;
              try_files /.well-known/webfinger =404;
            '';
          };
          locations."= /robots.txt" = {
            root = "/var/www/webfinger";
            extraConfig = ''
              default_type text/plain;
              try_files /robots.txt =404;
            '';
          };
        };
-  config = mkIf cfg.enable {
+      };
-    services.caddy.virtualHosts."${cfg.url}" = {
+
-      useACMEHost = cfg.url;
+      cloudflared = {
-      extraConfig = ''
+        enable = true;
-          handle_path /.well-known/webfinger {
+        tunnels.${cfg.cloudflared.tunnelId} = {
-          header Content-Type application/jrd+json
+          credentialsFile = cfg.cloudflared.credentialsFile;
-          respond `{
+          default = "http_status:404";
          ingress."${cfg.url}".service = "http://127.0.0.1:8283";
        };
      };
    };
    environment.etc = {
      "webfinger/.well-known/webfinger".text = ''
        {
          "subject": "acct:adam@${cfg.url}",
          "links": [
            {
              "rel": "http://openid.net/specs/connect/1.0/issuer",
-                "href": "https://login.${cfg.url}/realms/cnix"
+              "href": "https://auth.${cfg.url}/application/o/tailscale/"
            }
          ]
          }`
        }
        reverse_proxy http://127.0.0.1:8283
      '';
      "webfinger/robots.txt".text = ''
        User-agent: *
        Disallow: /
      '';
    };
    services.traefik.dynamicConfigOptions.http = {
      routers.webfinger = {
        entryPoints = ["websecure"];
        rule = "Host(`${cfg.url}`) && Path(`/.well-known/webfinger`)";
        service = "webfinger";
        tls.certResolver = "letsencrypt";
      };
      services.webfinger.loadBalancer.servers = [
        {url = "http://127.0.0.1:8283";}
      ];
    };
  };
 }
--- a/secrets/authentikCloudflared.age
+++ b/secrets/authentikCloudflared.age
@@ -0,0 +1,14 @@
 age-encryption.org/v1
 -> ssh-ed25519 t9iOEg 2oTh42u4hxJGAypwwLJwDCPMngauHB8BhKA83xAXr1M
 Sr6Hbfnd52F0dUk5RO3wxxJ7RGi3+NUCBq/MzDbKR7s
 -> ssh-ed25519 KUYMFA O2j6gYY1QR1ZlFiWw+7y6nKUeE658Wp3PdV6dsMqwTU
 NYwnTkZX5PHnNtL1vqJqIsYzIFUY43AVso8ecMAHvWs
 -> ssh-ed25519 76RhUQ VTzoQh0fHrG41Gr0YnPY7Jz7yFFugigm/DpUUE/Ny18
 SITvKJf5+ql4DhpJoPVvEXdLGIBeKnlLlm8u4QPr0RY
 -> ssh-ed25519 Jf8sqw oVI2y3zqpswvyZoNwklrKI1ZbxMJ5a1kzc43RErkbD8
 aHNuHMH2XNQ7+9sfsA8LMhBSgTDmvmI1wY26V2j+lsE
 --- 0UL0vxM2f5IeVhDO1Cg7SUmhuvpFh+GsEEW4g5JEORU
 <EFBFBD>)q<>$*<2A><><EFBFBD>b<10>X<EFBFBD><58><EFBFBD>`<60>	%f
 _<EFBFBD>%%1ݗ<><DD97><EFBFBD>)<29><>fT<66>٧&<26>`+<2B>K<EFBFBD><4B>q<EFBFBD><71>I<><EEADBE><EFBFBD><EFBFBD><EFBFBD><19><><03>\=<3D>M<EFBFBD><4D><18>
 !<21><>7<EFBFBD>b<EFBFBD>]<5D>X<>_lri<72>_<EFBFBD><03><>;<3B>R
 <EFBFBD>)<29><>c<EFBFBD>H<><48>5.p<>:m<>_<EFBFBD>&Vj/<2F><01><>Ra|MU<4D><55>b<EFBFBD><62><02>y<EFBFBD><79><EFBFBD><EFBFBD>El<45>nS<6E>9"<11><>گ+<<3C>
--- a/secrets/homepageEnvironment.age
+++ b/secrets/homepageEnvironment.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,7 +1,11 @@
 let
  # --- Users ---
-  cnst = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUub8vbzUn2f39ILhAJ2QeH8xxLSjiyUuo8xvHGx/VB adam@cnst.dev";
+  ukima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUub8vbzUn2f39ILhAJ2QeH8xxLSjiyUuo8xvHGx/VB adam@cnst.dev";
-  kima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix";
+  rkima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix";
  # --- Hosts: bunk ---
  ubunk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXCjkKouZrsMoswMIeueO8X/c3kuY3Gb0E9emvkqwUv cnst@cnixpad";
  rbunk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH72llEVDSHH/FZnjLVCe6zfdkdJRRVg2QL+ifHiPXXk root@cnix";
  # --- Hosts: sobotka ---
  usobotka = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG5ydTeaWcowmNXdDNqIa/lb5l9w5CAzyF2Kg6U5PSSu cnst@sobotka";
@@ -12,9 +16,13 @@ let
  rziggy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHnca8xg1MZ4Hx5k5SVFSxcPnWc1O6r7w7JGYzX9aQm8 root@nixos";
  # --- Groups ---
-  core = [
+  kima = [
-    cnst
+    ukima
-    kima
+    rkima
  ];
  bunk = [
    ubunk
    rbunk
  ];
  sobotka = [
    usobotka
@@ -24,38 +32,40 @@ let
    uziggy
    rziggy
  ];
-  all = core ++ sobotka ++ ziggy;
+  all = kima ++ bunk ++ sobotka ++ ziggy;
 in {
  # Generic
-  "cnstssh.age".publicKeys = core;
+  "cnstssh.age".publicKeys = kima;
-  "cnixssh.age".publicKeys = core;
+  "cnixssh.age".publicKeys = kima;
-  "certpem.age".publicKeys = core;
+  "certpem.age".publicKeys = kima;
-  "keypem.age".publicKeys = core;
+  "keypem.age".publicKeys = kima;
-  "mailpwd.age".publicKeys = core;
+  "mailpwd.age".publicKeys = kima;
-  "gcapi.age".publicKeys = core;
+  "gcapi.age".publicKeys = kima;
-  # Shared between core + sobotka
+  # Shared between kima + sobotka
-  "cloudflareEnvironment.age".publicKeys = core ++ sobotka;
+  "cloudflareEnvironment.age".publicKeys = kima ++ sobotka;
-  "vaultwardenEnvironment.age".publicKeys = core ++ sobotka;
+  "vaultwardenEnvironment.age".publicKeys = kima ++ sobotka;
-  "homepageEnvironment.age".publicKeys = core ++ sobotka;
+  "homepageEnvironment.age".publicKeys = kima ++ sobotka;
-  "cloudflareFirewallApiKey.age".publicKeys = core ++ sobotka;
+  "cloudflareFirewallApiKey.age".publicKeys = kima ++ sobotka;
-  "vaultwardenCloudflared.age".publicKeys = core ++ sobotka;
+  "vaultwardenCloudflared.age".publicKeys = kima ++ sobotka;
-  "nextcloudCloudflared.age".publicKeys = core ++ sobotka;
+  "nextcloudCloudflared.age".publicKeys = kima ++ sobotka;
-  "nextcloudAdminPass.age".publicKeys = core ++ sobotka;
+  "nextcloudAdminPass.age".publicKeys = kima ++ sobotka;
-  "cloudflareDnsApiToken.age".publicKeys = core ++ sobotka;
+  "cloudflareDnsApiToken.age".publicKeys = kima ++ sobotka;
-  "cloudflareDnsCredentials.age".publicKeys = core ++ sobotka;
+  "cloudflareDnsCredentials.age".publicKeys = kima ++ sobotka;
-  "wgCredentials.age".publicKeys = core ++ sobotka;
+  "wgCredentials.age".publicKeys = kima ++ sobotka;
-  "wgSobotkaPrivateKey.age".publicKeys = core ++ sobotka;
+  "wgSobotkaPrivateKey.age".publicKeys = kima ++ sobotka;
-  "gluetunEnvironment.age".publicKeys = core ++ sobotka;
+  "gluetunEnvironment.age".publicKeys = kima ++ sobotka;
-  "pihole.age".publicKeys = core ++ sobotka;
+  "sobotkaPihole.age".publicKeys = kima ++ sobotka;
-  "slskd.age".publicKeys = core ++ sobotka;
+  "slskd.age".publicKeys = kima ++ sobotka;
-  "authentikEnv.age".publicKeys = core ++ sobotka;
+  "authentikEnv.age".publicKeys = kima ++ sobotka;
-  "traefikEnv.age".publicKeys = core ++ sobotka;
+  "traefikEnv.age".publicKeys = kima ++ sobotka;
  "wwwCloudflared.age".publicKeys = kima ++ sobotka;
  "authentikCloudflared.age".publicKeys = kima ++ sobotka;
  # Ziggy-specific
-  "cloudflareDnsCredentialsZiggy.age".publicKeys = core ++ ziggy;
+  "cloudflareDnsCredentialsZiggy.age".publicKeys = kima ++ ziggy;
-  "piholeZiggy.age".publicKeys = core ++ ziggy;
+  "ziggyPihole.age".publicKeys = kima ++ ziggy;
  # Both sobotka + ziggy (for HA stuff like keepalived)
-  "keepalived.age".publicKeys = core ++ sobotka ++ ziggy;
+  "keepalived.age".publicKeys = kima ++ sobotka ++ ziggy;
 }
--- a/secrets/sobotkaPihole.age
+++ b/secrets/sobotkaPihole.age
--- a/secrets/wwwCloudflared.age
+++ b/secrets/wwwCloudflared.age
@@ -0,0 +1,11 @@
 age-encryption.org/v1
 -> ssh-ed25519 t9iOEg CWarcJM8RPjJW+e3BQ99KEUnOZQUDEIIeygeh/8MZUw
 xux60KMmyOVvgiuEqyEPXM1Wr2ne8AyHT6CAWKMOcKo
 -> ssh-ed25519 KUYMFA AThOlxHT41vsczkSGzJmT+VmWC2dAnLiIcTJP+YySkc
 Jy8HyRuzIFtGYMimxsQNm2NnbluVwS6ZuXhq4uRfabY
 -> ssh-ed25519 76RhUQ dKyDJ4DCNtYWQ2+cC7gwa+14aw99S+mU38tpQrlOmFc
 0mD5Qcv8b8Bh1e4mbqdH26UtCJaUe7C7dDDSXJd1iRY
 -> ssh-ed25519 Jf8sqw To2I/347gMqYx0PxMgYqbGekUpfqWOQwtgJ+0AFilTw
 nIo4dH9JnOuWo48a17Kjyee5sQV8HN+PNXCWDT4fjIg
 --- SuE6Z9ipbuWhxoaULMf6OGtG3BNkQ1BpWXkgfAI7Y6Y
 <EFBFBD>R<EFBFBD>u1<12><><16><><EFBFBD>d<EFBFBD>ژdʋ(s<0B>)<29>M0v<30>ѹ<EFBFBD><D1B9><EFBFBD>Z<EFBFBD>V<EFBFBD><56><10>q<05>i<EFBFBD>i<EFBFBD><69>Ec*	<09>{<7B>~teP<65><50><EFBFBD>{<1C>D<>mA~Ŭ<><1B>c.<2E>TbƝ<62>}<<3C><><EFBFBD><EFBFBD><EFBFBD>e0<65>Vq<0C><><EFBFBD>k<EFBFBD><6B><EFBFBD>b<>T<1F><>*Y<><59>$<24><>t<EFBFBD><74>:<3A><>^<1C><>+<2B><1D><>;<3B>1<EFBFBD><31><EFBFBD>ۤ<EFBFBD><DBA4>Ӎ<12>X<EFBFBD>H<EFBFBD><03><>u<EFBFBD><75><EFBFBD>g<EFBFBD>߄<EFBFBD>o<EFBFBD>/<2F>G<EFBFBD><0E><><16>Kl<4B>I<EFBFBD>C<EFBFBD><43>==A<><11><>Y<EFBFBD><59><EFBFBD>U<EFBFBD><55><EFBFBD><EFBFBD>
--- a/secrets/ziggyPihole.age
+++ b/secrets/ziggyPihole.age
--- a/users/cnst/default.nix
+++ b/users/cnst/default.nix
@@ -23,6 +23,5 @@
    json.enable = false;
    manpages.enable = false;
  };
  programs.home-manager.enable = true;
 }
--- a/users/cnst/modules/bunkmod.nix
+++ b/users/cnst/modules/bunkmod.nix
@@ -131,7 +131,7 @@
        enable = true;
      };
      syncthing = {
-        enable = true;
+        enable = false;
      };
      udiskie = {
        enable = true;
--- a/users/cnst/modules/kimamod.nix
+++ b/users/cnst/modules/kimamod.nix
@@ -132,7 +132,7 @@
        enable = true;
      };
      syncthing = {
-        enable = true;
+        enable = false;
      };
      udiskie = {
        enable = true;
--- a/users/cnst/modules/sobotkamod.nix
+++ b/users/cnst/modules/sobotkamod.nix
@@ -1,154 +0,0 @@
 {
  home = {
    programs = {
      aerc = {
        enable = false;
      };
      alacritty = {
        enable = false;
      };
      bash = {
        enable = true;
      };
      chromium = {
        enable = false;
      };
      discord = {
        enable = false;
      };
      eza = {
        enable = true;
      };
      floorp = {
        enable = false;
      };
      firefox = {
        enable = false;
      };
      fish = {
        enable = true;
      };
      foot = {
        enable = false;
      };
      fuzzel = {
        enable = false;
      };
      git = {
        enable = true;
      };
      ghostty = {
        enable = false;
      };
      helix = {
        enable = true;
      };
      hyprlock = {
        enable = false;
      };
      jujutsu = {
        enable = false;
      };
      kitty = {
        enable = false;
      };
      mpv = {
        enable = false;
      };
      neovim = {
        enable = false;
      };
      nvf = {
        enable = false;
      };
      nwg-bar = {
        enable = false;
      };
      pkgs = {
        enable = true;
      };
      rofi = {
        enable = false;
      };
      ssh = {
        enable = true;
      };
      tuirun = {
        enable = false;
      };
      vscode = {
        enable = false;
      };
      waybar = {
        enable = false;
      };
      wezterm = {
        enable = false;
      };
      yazi = {
        enable = false;
      };
      zathura = {
        enable = false;
      };
      zed-editor = {
        enable = false;
      };
      zellij = {
        enable = false;
      };
      zen = {
        enable = false;
      };
      zsh = {
        enable = false;
      };
    };
    services = {
      blueman-applet = {
        enable = false;
      };
      copyq = {
        enable = false;
      };
      dconf = {
        settings = {
          color-scheme = "prefer-dark";
        };
      };
      dunst = {
        enable = false;
      };
      gpg = {
        enable = true;
      };
      gtk = {
        enable = false;
      };
      hypridle = {
        enable = false;
      };
      hyprpaper = {
        enable = false;
      };
      mako = {
        enable = false;
      };
      nix-index = {
        enable = true;
      };
      protonmail-bridge = {
        enable = false;
      };
      syncthing = {
        enable = false;
      };
      udiskie = {
        enable = false;
      };
      xdg = {
        enable = false;
      };
    };
  };
 }
--- a/users/cnst/variables/default.nix
+++ b/users/cnst/variables/default.nix
@@ -14,8 +14,8 @@ let
        BROWSER = "zen";
        EDITOR = "hx";
        TERM = "xterm-256color";
-        VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json";
+        # VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json";
-        STEAM_EXTRA_COMPAT_TOOLS_PATHS = "/home/cnst/.steam/root/compatibilitytools.d";
+        # STEAM_EXTRA_COMPAT_TOOLS_PATHS = "/home/cnst/.steam/root/compatibilitytools.d";
        QT_QPA_PLATFORM = "wayland";
        XDG_SESSION_TYPE = "wayland";
      };
Author	SHA1	Message	Date
cnst	f2386a851e	working 1	2025-10-05 10:11:40 +02:00
cnst	923c810972	feat(authentik): fixing some fail2ban things	2025-10-01 18:00:55 +02:00
cnst	6ab35f4e91	feat(www): fixing fail2ban and other minor tweaks	2025-09-30 18:16:49 +02:00
cnst	593f0e619c	chore(ded): remove dead code	2025-09-29 19:31:23 +02:00
cnst	688e23d229	feat(pstate): opt in changes and sooooo	2025-09-29 19:28:33 +02:00
cnst	725a3ed27e	chore(niri): go to nixpkgs niri release	2025-09-29 17:10:38 +02:00
cnst	e45dc0d223	feat(homelab): fixing cf tunnels, authentik and tailscale!	2025-09-28 18:27:17 +02:00
cnst	bc78dd7302	chore(?): hm	2025-09-28 16:24:32 +02:00
cnst	94c34f8675	chore(update): flake lock	2025-09-28 08:03:38 +02:00
cnst	fda7d972c4	chore(age): adding bunk credentials to agenix	2025-09-27 19:54:03 +02:00
cnst	f6bb6672bb	chore(agenix): refactor some secrets	2025-09-27 14:35:04 +02:00
cnst	68f1cb9b09	chore(misc): removing dead code and small insignificant changes	2025-09-26 20:41:26 +02:00
cnst	e721a2088b	feat(homepage-dashboard): adding some disk info	2025-09-26 17:41:19 +02:00