WIP: laptop: refactor home manager modules

laptop: add initial config for Yura-TPX13
updates: nixpkgs, home-manager, plasma-manager
2025-05-31 00:29:53 -07:00 · 2025-05-30 18:30:05 -07:00 · 2025-05-29 13:47:11 -07:00 · 2025-05-20 23:30:14 -07:00 · 2025-05-20 21:58:24 -07:00 · 2025-05-18 01:07:48 -07:00
24 changed files with 877 additions and 348 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1 @@
 private.nix  filter=crypt diff=crypt merge=crypt
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1745001336,
+        "lastModified": 1748529677,
-        "narHash": "sha256-R4HuzrgYtOYBNmB3lfRxcieHEBO4uSfgHNz4MzWkZ5M=",
+        "narHash": "sha256-MJEX3Skt5EAIs/aGHD8/aXXZPcceMMHheyIGSjvxZN0=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "fc09cb7aaadb70d6c4898654ffc872f0d2415df9",
+        "rev": "da282034f4d30e787b8a10722431e8b650a907ef",
        "type": "github"
      },
      "original": {
@@ -43,11 +43,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1742568034,
+        "lastModified": 1747663185,
-        "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
+        "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
+        "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
        "type": "github"
      },
      "original": {
@@ -58,11 +58,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1744932701,
+        "lastModified": 1748370509,
-        "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=",
+        "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef",
+        "rev": "4faa5f5321320e49a78ae7848582f684d64783e9",
        "type": "github"
      },
      "original": {
@@ -82,11 +82,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1742765550,
+        "lastModified": 1748196248,
-        "narHash": "sha256-2vVIh2JrL6GAGfgCeY9e6iNKrBjs0Hw3bGQEAbwVs68=",
+        "narHash": "sha256-1iHjsH6/5UOerJEoZKE+Gx1BgAoge/YcnUsOA4wQ/BU=",
        "owner": "nix-community",
        "repo": "plasma-manager",
-        "rev": "b70be387276e632fe51232887f9e04e2b6ef8c16",
+        "rev": "b7697abe89967839b273a863a3805345ea54ab56",
        "type": "github"
      },
      "original": {
@@ -100,7 +100,28 @@
        "home-manager": "home-manager",
        "nixos-generators": "nixos-generators",
        "nixpkgs": "nixpkgs",
-        "plasma-manager": "plasma-manager"
+        "plasma-manager": "plasma-manager",
        "secrix": "secrix"
      }
    },
    "secrix": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1746643487,
        "narHash": "sha256-dcB/DArJObCvqE/ZEdQSDW2BZMeDyF83Se5KPfJvz60=",
        "owner": "Platonic-Systems",
        "repo": "secrix",
        "rev": "4c64203fa5b377953b1fb6d5388187df8b60c6d5",
        "type": "github"
      },
      "original": {
        "owner": "Platonic-Systems",
        "repo": "secrix",
        "type": "github"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@@ -18,9 +18,15 @@
      url = "github:nix-community/nixos-generators";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    secrix = {
      url = "github:Platonic-Systems/secrix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
-  outputs = { self, nixpkgs, home-manager, plasma-manager, nixos-generators }: {
+  outputs = { self, nixpkgs, home-manager, plasma-manager, nixos-generators, secrix }: {
    apps.x86_64-linux.secrix = secrix.secrix self;
    nixosConfigurations = {
      Yura-PC = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
@@ -28,6 +34,27 @@
          ./modules
          ./hosts/common.nix
          ./hosts/Yura-PC
          ./users/cazzzer
          # https://nix-community.github.io/home-manager/index.xhtml#sec-flakes-nixos-module
          home-manager.nixosModules.home-manager
          {
            home-manager.useGlobalPkgs = true;
            home-manager.useUserPackages = true;
            home-manager.sharedModules = [ plasma-manager.homeManagerModules.plasma-manager ];
            home-manager.users.cazzzer = import ./home;
            # Optionally, use home-manager.extraSpecialArgs to pass
            # arguments to home.nix
          }
        ];
      };
      Yura-TPX13 = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
          ./modules
          ./hosts/common.nix
          ./hosts/Yura-TPX13
          ./users/cazzzer
          # https://nix-community.github.io/home-manager/index.xhtml#sec-flakes-nixos-module
          home-manager.nixosModules.home-manager
          {
@@ -46,15 +73,19 @@
        modules = [
          ./modules
          ./hosts/common.nix
          ./hosts/hw-vm.nix
          ./hosts/vm
          ./users/cazzzer
        ];
      };
      router = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
          secrix.nixosModules.default
          ./modules
          ./hosts/common.nix
          ./hosts/router
          ./users/cazzzer
        ];
      };
    };
@@ -65,11 +96,25 @@
        modules = [
          ./modules
          ./hosts/common.nix
-          ./hosts/vm/proxmox.nix
+          ./hosts/hw-proxmox.nix
          ./hosts/vm
          ./users/cazzzer
        ];
        format = "proxmox";
      };
      vm-proxmox = let
        image = nixpkgs.lib.nixosSystem {
          system = "x86_64-linux";
          modules = [
            ./modules
            ./hosts/common.nix
            ./hosts/hw-proxmox.nix
            ./hosts/vm
            ./users/cazzzer
          ];
        };
      in
        image.config.system.build.VMA;
    };
  };
 }
--- a/home/default.nix
+++ b/home/default.nix
@@ -1,15 +1,18 @@
 { config, lib, pkgs, ... }:
 let
-  defaultFont = {
+  username = "cazzzer";
    family = "Noto Sans";
    pointSize = 14;
  };
 in
 {
  imports = [
    ./fish.nix
    ./starship.nix
    ./plasma.nix
  ];
  # Home Manager needs a bit of information about you and the paths it should
  # manage.
-  home.username = "cazzzer";
+  home.username = username;
-  home.homeDirectory = "/home/cazzzer";
+  home.homeDirectory = "/home/${username}";
  # Let Home Manager install and manage itself.
  programs.home-manager.enable = true;
@@ -19,12 +22,6 @@ in
    SHELL = "fish";
  };
  # TODO: remove (replace by bitwarden-desktop)
  services.gnome-keyring = {
    enable = true;
    components = [ "pkcs11" "ssh" ];
  };
  services.darkman = {
    enable = true;
    settings = {
@@ -39,143 +36,6 @@ in
    };
  };
  programs.fish = {
    enable = true;
    shellInit = "set fish_greeting";
    shellAliases = {
      # Replace ls with exa
      ls = "exa -al --color=always --group-directories-first --icons"; # preferred listing
      la = "exa -a --color=always --group-directories-first --icons";  # all files and dirs
      ll = "exa -l --color=always --group-directories-first --icons";  # long format
      lt = "exa -aT --color=always --group-directories-first --icons"; # tree listing
      "l." = "exa -a | rg '^\.'";                                      # show only dotfiles
      # Replace cat with bat
      cat = "bat";
    };
    # alias for nix shell with flake packages
    functions.add.body = ''
      set -x packages 'nixpkgs#'$argv
      nix shell $packages
    '';
    interactiveShellInit = ''
      fastfetch
    '';
  };
  programs.starship = {
    enable = true;
    enableFishIntegration = true;
    settings = {
      format = lib.concatStrings [
        "$all"
        "$time"
        "$cmd_duration"
        "$line_break"
        "$jobs"
        "$status"
        "$character"
      ];
      username = {
        format = " [╭─$user]($style)@";
        style_user = "bold red";
        style_root = "bold red";
        show_always = true;
      };
      hostname = {
        format = "[$hostname]($style) in ";
        style = "bold dimmed red";
        ssh_only = false;
      };
      directory = {
        style = "purple";
        truncation_length = 0;
        truncate_to_repo = true;
        truncation_symbol = "repo: ";
      };
      git_status = {
        style = "white";
        ahead = "⇡\${count}";
        diverged = "⇕⇡\${ahead_count}⇣\${behind_count}";
        behind = "⇣\${count}";
        deleted = "x";
      };
      cmd_duration = {
        min_time = 1000;
        format = "took [$duration]($style) ";
      };
      time = {
        format = " 🕙 $time($style) ";
        time_format = "%T";
        style = "bright-white";
        disabled = false;
      };
      character = {
        success_symbol = " [╰─λ](bold red)";
        error_symbol = " [×](bold red)";
      };
      status = {
        symbol = "🔴";
        format = "[\\[$symbol$status_common_meaning$status_signal_name$status_maybe_int\\]]($style)";
        map_symbol = true;
        disabled = false;
      };
    };
  };
  programs.plasma = {
    enable = true;
    overrideConfig = true;
    workspace.iconTheme = "Tela-circle";
    fonts = {
      general = defaultFont;
      fixedWidth = defaultFont // { family = "Hack"; };
      small = defaultFont // { pointSize = defaultFont.pointSize - 2; };
      toolbar = defaultFont;
      menu = defaultFont;
      windowTitle = defaultFont;
    };
    input.keyboard.layouts = [
      { layout = "us"; displayName = "us"; }
      { layout = "minimak-4"; displayName = "us4"; }
      { layout = "ru"; displayName = "ru"; }
    ];
    kwin.virtualDesktops.number = 2;
    session.sessionRestore.restoreOpenApplicationsOnLogin = "startWithEmptySession";
    shortcuts = {
      # kmix.mic_mute = "ScrollLock";
      kmix.mic_mute = ["Microphone Mute" "ScrollLock" "Meta+Volume Mute,Microphone Mute" "Meta+Volume Mute,Mute Microphone"];
      plasmashell.show-barcode = "Meta+M";
      kwin."Window Maximize" = [ "Meta+F" "Meta+PgUp,Maximize Window" ];
      "KDE Keyboard Layout Switcher"."Switch to Next Keyboard Layout" = "Meta+Space";
    };
    hotkeys.commands."launch-konsole" = {
      name = "Launch Konsole";
      key = "Meta+Alt+C";
      command = "konsole";
    };
    configFile = {
      kdeglobals.KDE.AnimationDurationFactor = 0.5;
      kdeglobals.General.accentColorFromWallpaper = true;
      kwinrc.Wayland.InputMethod = {
        value = "org.fcitx.Fcitx5.desktop";
        shellExpand = true;
      };
      dolphinrc.General.ShowFullPath = true;
      dolphinrc.DetailsMode.PreviewSize.persistent = true;
      kactivitymanagerdrc = {
        activities."809dc779-bf5b-49e6-8e3f-cbe283cb05b6" = "Default";
        activities."b34a506d-ac4f-4797-8c08-6ef45bc49341" = "Fun";
        activities-icons."809dc779-bf5b-49e6-8e3f-cbe283cb05b6" = "keyboard";
        activities-icons."b34a506d-ac4f-4797-8c08-6ef45bc49341" = "preferences-desktop-gaming";
      };
    };
  };
  xdg.configFile = {
    "fcitx5/conf/wayland.conf".text = "Allow Overriding System XKB Settings=False";
  };
  # This value determines the Home Manager release that your configuration is
  # compatible with. This helps avoid breakage when a new Home Manager release
  # introduces backwards incompatible changes.
@@ -220,24 +80,4 @@ in
    #   org.gradle.daemon.idletimeout=3600000
    # '';
  # };
  # Home Manager can also manage your environment variables through
  # 'home.sessionVariables'. These will be explicitly sourced when using a
  # shell provided by Home Manager. If you don't want to manage your shell
  # through Home Manager then you have to manually source 'hm-session-vars.sh'
  # located at either
  #
  #  ~/.nix-profile/etc/profile.d/hm-session-vars.sh
  #
  # or
  #
  #  ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
  #
  # or
  #
  #  /etc/profiles/per-user/cazzzer/etc/profile.d/hm-session-vars.sh
  #
  # home.sessionVariables = {
    # EDITOR = "emacs";
  # };
 }
--- a/home/fish.nix
+++ b/home/fish.nix
@@ -0,0 +1,27 @@
 { config, lib, pkgs, ... }:
 {
  programs.fish = {
    enable = true;
    shellInit = "set fish_greeting";
    shellAliases = {
      # Replace ls with exa
      ls = "exa -al --color=always --group-directories-first --icons"; # preferred listing
      la = "exa -a --color=always --group-directories-first --icons";  # all files and dirs
      ll = "exa -l --color=always --group-directories-first --icons";  # long format
      lt = "exa -aT --color=always --group-directories-first --icons"; # tree listing
      "l." = "exa -a | rg '^\.'";                                      # show only dotfiles
      # Replace cat with bat
      cat = "bat";
    };
    # alias for nix shell with flake packages
    functions.add.body = ''
      set -x packages 'nixpkgs#'$argv
      nix shell $packages
    '';
    interactiveShellInit = ''
      fastfetch
    '';
  };
 }
--- a/home/plasma.nix
+++ b/home/plasma.nix
@@ -0,0 +1,61 @@
 { config, lib, pkgs, osConfig, ... }:
 {
  programs.plasma = {
    enable = true;
    overrideConfig = true;
    workspace.iconTheme = if builtins.elem pkgs.tela-circle-icon-theme osConfig.environment.systemPackages then "Tela-circle" else null;
    fonts = let
      defaultFont = {
        family = "Noto Sans";
        pointSize = 14;
      };
    in {
      general = defaultFont;
      fixedWidth = defaultFont // { family = "Hack"; };
      small = defaultFont // { pointSize = defaultFont.pointSize - 2; };
      toolbar = defaultFont;
      menu = defaultFont;
      windowTitle = defaultFont;
    };
    input.keyboard.layouts = [
      { layout = "us"; displayName = "us"; }
      { layout = "minimak-4"; displayName = "us4"; }
      { layout = "ru"; displayName = "ru"; }
    ];
    kwin.virtualDesktops.number = 2;
    session.sessionRestore.restoreOpenApplicationsOnLogin = "startWithEmptySession";
    shortcuts = {
      # kmix.mic_mute = "ScrollLock";
      kmix.mic_mute = ["Microphone Mute" "ScrollLock" "Meta+Volume Mute,Microphone Mute" "Meta+Volume Mute,Mute Microphone"];
      plasmashell.show-barcode = "Meta+M";
      kwin."Window Maximize" = [ "Meta+F" "Meta+PgUp,Maximize Window" ];
      "KDE Keyboard Layout Switcher"."Switch to Next Keyboard Layout" = "Meta+Space";
    };
    hotkeys.commands."launch-konsole" = {
      name = "Launch Konsole";
      key = "Meta+Alt+C";
      command = "konsole";
    };
    configFile = {
      kdeglobals.KDE.AnimationDurationFactor = 0.5;
      kdeglobals.General.accentColorFromWallpaper = true;
      kwinrc.Wayland.InputMethod = {
        value = "org.fcitx.Fcitx5.desktop";
        shellExpand = true;
      };
      dolphinrc.General.ShowFullPath = true;
      dolphinrc.DetailsMode.PreviewSize.persistent = true;
      kactivitymanagerdrc = {
        activities."809dc779-bf5b-49e6-8e3f-cbe283cb05b6" = "Default";
        activities."b34a506d-ac4f-4797-8c08-6ef45bc49341" = "Fun";
        activities-icons."809dc779-bf5b-49e6-8e3f-cbe283cb05b6" = "keyboard";
        activities-icons."b34a506d-ac4f-4797-8c08-6ef45bc49341" = "preferences-desktop-gaming";
      };
    };
  };
  xdg.configFile = {
    "fcitx5/conf/wayland.conf".text = "Allow Overriding System XKB Settings=False";
  };
 }
--- a/home/starship.nix
+++ b/home/starship.nix
@@ -0,0 +1,63 @@
 { config, lib, pkgs, ... }:
 {
  programs.starship = {
    enable = true;
    enableFishIntegration = true;
    settings = {
      format = lib.concatStrings [
        "$all"
        "$time"
        "$cmd_duration"
        "$line_break"
        "$jobs"
        "$status"
        "$character"
      ];
      username = {
        format = " [╭─$user]($style)@";
        style_user = "bold red";
        style_root = "bold red";
        show_always = true;
      };
      hostname = {
        format = "[$hostname]($style) in ";
        style = "bold dimmed red";
        ssh_only = false;
      };
      directory = {
        style = "purple";
        truncation_length = 0;
        truncate_to_repo = true;
        truncation_symbol = "repo: ";
      };
      git_status = {
        style = "white";
        ahead = "⇡\${count}";
        diverged = "⇕⇡\${ahead_count}⇣\${behind_count}";
        behind = "⇣\${count}";
        deleted = "x";
      };
      cmd_duration = {
        min_time = 1000;
        format = "took [$duration]($style) ";
      };
      time = {
        format = " 🕙 $time($style) ";
        time_format = "%T";
        style = "bright-white";
        disabled = false;
      };
      character = {
        success_symbol = " [╰─λ](bold red)";
        error_symbol = " [×](bold red)";
      };
      status = {
        symbol = "🔴";
        format = "[\\[$symbol$status_common_meaning$status_signal_name$status_maybe_int\\]]($style)";
        map_symbol = true;
        disabled = false;
      };
    };
  };
 }
--- a/hosts/Yura-PC/default.nix
+++ b/hosts/Yura-PC/default.nix
@@ -32,7 +32,7 @@
  boot.loader.timeout = 3;
  boot.loader.systemd-boot.configurationLimit = 5;
-  boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_13;
+  boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_14;
  # https://nixos.wiki/wiki/Accelerated_Video_Playback
  hardware.graphics = {
@@ -88,7 +88,7 @@
  services.openssh.enable = true;
  services.flatpak.enable = true;
  # services.geoclue2.enable = true;
-  location.provider = "geoclue2";
+  # location.provider = "geoclue2";
  # services.gnome.gnome-keyring.enable = true;
  security.pam.services.sddm.enableGnomeKeyring = true;
  # security.pam.services.sddm.gnupg.enable = true;
@@ -97,42 +97,6 @@
  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.groups = {
    cazzzer = {
      gid = 1000;
    };
  };
  users.users.cazzzer = {
    isNormalUser = true;
    description = "Yura";
    uid = 1000;
    group = "cazzzer";
    extraGroups = [ "networkmanager" "wheel" "docker" "wireshark" "geoclue" ];
    packages = with pkgs; [
      # Python
      python3
      poetry
      # Haskell
      haskellPackages.ghc
      haskellPackages.stack
      # Node
      nodejs_22
      pnpm
      bun
      # Nix
      nixd
      nil
      # Gleam
      gleam
      beamMinimal26Packages.erlang
    ];
  };
  hardware.bluetooth.enable = true;
  hardware.bluetooth.powerOnBoot = false;
  # Install firefox.
@@ -168,9 +132,6 @@
    # };
  # };
  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;
  # List packages installed in system profile. To search, run:
  # $ nix search wget
@@ -216,9 +177,11 @@
    fd
    helix
    micro
    openssl
    ripgrep
    starship
    tealdeer
    transcrypt
  ] ++ [
    efibootmgr
    ffmpeg
--- a/hosts/Yura-TPX13/default.nix
+++ b/hosts/Yura-TPX13/default.nix
@@ -0,0 +1,211 @@
 { config, lib, pkgs, ... }:
 {
  imports =
    [
      ./hardware-configuration.nix
    ];
  mods.kb-input.enable = true;
  # Bootloader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  # boot.plymouth.enable = true;
  # boot.plymouth.theme = "breeze";
  boot.kernelParams = [
    "sysrq_always_enabled=1"
  ];
  boot.loader.timeout = 3;
  boot.loader.systemd-boot.configurationLimit = 5;
  boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_14;
  # https://nixos.wiki/wiki/Accelerated_Video_Playback
  hardware.graphics.enable = true;
  environment.etc.hosts.mode = "0644";
  networking.hostName = "Yura-TPX13"; # Define your hostname.
  networking.hostId = "8425e349"; # Required for ZFS.
  # Enable networking
  networking.networkmanager.enable = true;
  # Enable the X11 windowing system.
  # You can disable this if you're only using the Wayland session.
  services.xserver.enable = false;
  # Enable the KDE Plasma Desktop Environment.
  services.displayManager.sddm.enable = true;
  services.displayManager.sddm.wayland.enable = true;
  services.desktopManager.plasma6.enable = true;
  # Enable CUPS to print documents.
  services.printing.enable = true;
  # Enable sound with pipewire.
  services.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    # If you want to use JACK applications, uncomment this
    #jack.enable = true;
  };
  services.openssh.enable = true;
  services.flatpak.enable = true;
  # services.geoclue2.enable = true;
  # location.provider = "geoclue2";
  # services.gnome.gnome-keyring.enable = true;
  security.pam.services.sddm.enableGnomeKeyring = true;
  # security.pam.services.sddm.gnupg.enable = true;
  services.fprintd.enable = true;
  hardware.bluetooth.enable = true;
  hardware.bluetooth.powerOnBoot = false;
  # Install firefox.
  programs.firefox.enable = true;
  programs.kdeconnect.enable = true;
  programs.fish.enable = true;
  programs.git.enable = true;
  programs.git.lfs.enable = true;
  # https://nixos.wiki/wiki/Git
  programs.git.package = pkgs.git.override { withLibsecret = true; };
  programs.lazygit.enable = true;
  programs.neovim.enable = true;
  programs.gnupg.agent.enable = true;
  programs.gnupg.agent.pinentryPackage = pkgs.pinentry-qt;
  # programs.starship.enable = true;
  programs.wireshark.enable = true;
  programs.wireshark.package = pkgs.wireshark; # wireshark-cli by default
  programs.bat.enable = true;
  programs.htop.enable = true;
  # https://nixos.wiki/wiki/Docker
  virtualisation.docker.enable = true;
  virtualisation.docker.enableOnBoot = false;
  virtualisation.docker.package = pkgs.docker_28;
  # https://github.com/flatpak/flatpak/issues/2861
  xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
  workarounds.flatpak.enable = true;
  fonts.packages = with pkgs; [
    fantasque-sans-mono
    nerd-fonts.fantasque-sans-mono
    noto-fonts
    noto-fonts-emoji
    noto-fonts-cjk-sans
    noto-fonts-cjk-serif
    jetbrains-mono
   ];
  environment.systemPackages = with pkgs; [
    dust
    eza
    fastfetch
    fd
    helix
    micro
    openssl
    ripgrep
    starship
    tealdeer
    transcrypt
  ] ++ [
    efibootmgr
    ffmpeg
    file
    fq
    gnumake
    ijq
    jq
    ldns
    mediainfo
    rbw
    restic
    resticprofile
    rclone
    ripgrep-all
    rustscan
    whois
    yt-dlp
  ] ++ [
    bitwarden-desktop
    darkman
    host-spawn # for flatpaks
    kdePackages.filelight
    kdePackages.flatpak-kcm
    kdePackages.kate
    kdePackages.yakuake
    # TODO: remove (replace by bitwarden-desktop)
    gcr
    gnome-keyring # config for this and some others
    mpv
    nextcloud-client
    lxqt.pavucontrol-qt
    pinentry
    tela-circle-icon-theme
    virt-viewer
    waypipe
  ] ++ [
    # jetbrains.rust-rover
    # jetbrains.goland
    jetbrains.clion
    jetbrains.idea-ultimate
    jetbrains.pycharm-professional
    jetbrains.webstorm
    android-studio
    rustup
    zed-editor
  ] ++ [
    # Python
    python3
    poetry
    # Haskell
    haskellPackages.ghc
    haskellPackages.stack
    # Node
    nodejs_22
    pnpm
    bun
    # Nix
    nil
    nixd
    nixfmt-rfc-style
    # Gleam
    gleam
    beamMinimal26Packages.erlang
  ];
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };
  # Open ports in the firewall.
  # networking.nftables.enable = true;
  # networking.firewall.allowedTCPPorts = [ ];
  # networking.firewall.allowedUDPPorts = [ ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "24.11"; # Did you read the comment?
 }
--- a/hosts/Yura-TPX13/hardware-configuration.nix
+++ b/hosts/Yura-TPX13/hardware-configuration.nix
@@ -5,21 +5,21 @@
 {
  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
+    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
-  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/da85e220-e2b0-443a-9a0c-a9516b8e5030";
+    { device = "zroot/e/ROOT/nixos/default";
-      fsType = "ext4";
+      fsType = "zfs";
    };
  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/3F96-8974";
+    { device = "/dev/disk/by-uuid/C6A4-8931";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };
@@ -31,7 +31,9 @@
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp6s18.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/hw-proxmox.nix
+++ b/hosts/hw-proxmox.nix
@@ -0,0 +1,16 @@
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports = [
    "${modulesPath}/virtualisation/proxmox-image.nix"
  ];
  # boot.kernelParams = [ "console=tty0" ];
  proxmox.qemuConf.bios = "ovmf";
  proxmox.qemuExtraConf = {
    machine = "q35";
    # efidisk0 = "local-lvm:vm-9999-disk-1";
    cpu = "host";
  };
  proxmox.cloudInit.enable = false;
 }
--- a/hosts/hw-vm.nix
+++ b/hosts/hw-vm.nix
@@ -0,0 +1,26 @@
 { config, lib, pkgs, modulesPath, ... }: {
  imports = [
    "${modulesPath}/profiles/qemu-guest.nix"
  ];
  boot.initrd.availableKernelModules = lib.mkDefault [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
  fileSystems."/" = lib.mkDefault {
    device = "/dev/disk/by-label/nixos";
    autoResize = true;
    fsType = "ext4";
  };
  fileSystems."/boot" = lib.mkDefault {
    device = "/dev/disk/by-label/ESP";
    fsType = "vfat";
  };
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp6s18.useDHCP = lib.mkDefault true;
  # nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/hosts/router/default.nix
+++ b/hosts/router/default.nix
@@ -1,5 +1,8 @@
 { config, lib, pkgs, ... }:
-
+let
  vars = import ./vars.nix;
  enableDesktop = false;
 in
 {
  imports =
    [ # Include the results of the hardware scan.
@@ -8,8 +11,11 @@
      ./firewall.nix
      ./dns.nix
      ./kea.nix
      ./glance.nix
      ./services.nix
    ];
  # Secrix for secrets management
  secrix.hostPubKey = vars.pubkey;
  # Bootloader.
  boot.loader.systemd-boot.enable = true;
@@ -31,10 +37,10 @@
  # Enable the KDE Plasma Desktop Environment.
  # Useful for debugging with wireshark.
  # services.displayManager.sddm.enable = true;
  hardware.graphics.enable = true;
-  services.displayManager.sddm.wayland.enable = true;
+  services.displayManager.sddm.enable = enableDesktop;
-  services.desktopManager.plasma6.enable = true;
+  services.displayManager.sddm.wayland.enable = enableDesktop;
  services.desktopManager.plasma6.enable = enableDesktop;
  # No need for audio in VM
  services.pipewire.enable = false;
@@ -47,24 +53,6 @@
  security.sudo.wheelNeedsPassword = false;
  users.groups = {
    cazzzer = {
      gid = 1000;
    };
  };
  users.users.cazzzer = {
    password = "";
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWgEzbEjbbu96MVQzkiuCrw+UGYAXN4sRe2zM6FVopq cazzzer@Yura-PC"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIApFeLVi3BOquL0Rt+gQK2CutNHaBDQ0m4PcGWf9Bc43 cazzzer@Yura-TPX13"
    ];
    isNormalUser = true;
    description = "Yura";
    uid = 1000;
    group = "cazzzer";
    extraGroups = [ "wheel" "wireshark" ];
  };
  programs.firefox.enable = true;
  programs.fish.enable = true;
  programs.git.enable = true;
@@ -79,17 +67,17 @@
    eza
    fastfetch
    fd
    kdePackages.filelight
    kdePackages.kate
    kdePackages.yakuake
    ldns
    lsof
    micro
    mpv
    openssl
    ripgrep
    rustscan
    starship
    tealdeer
    transcrypt
    waypipe
    whois
  ];
--- a/hosts/router/dns.nix
+++ b/hosts/router/dns.nix
@@ -42,8 +42,12 @@ in
  services.adguardhome.enable = true;
  services.adguardhome.mutableSettings = false;
  # https://github.com/AdguardTeam/Adguardhome/wiki/Configuration
  services.adguardhome.settings = {
    dns = {
      # Disable rate limit, default of 20 is too low
      # https://github.com/AdguardTeam/AdGuardHome/issues/6726
      ratelimit = 0;
      bootstrap_dns = [ "1.1.1.1" "9.9.9.9" ];
      upstream_dns = [
        # Default upstreams
--- a/hosts/router/firewall.nix
+++ b/hosts/router/firewall.nix
@@ -4,54 +4,96 @@ let
  links = vars.links;
  ifs = vars.ifs;
  pdFromWan = vars.pdFromWan;
  nftIdentifiers = ''
    define ZONE_WAN_IFS = { ${ifs.wan.name} }
    define ZONE_LAN_IFS = {
        ${ifs.lan.name},
        ${ifs.lan10.name},
        ${ifs.lan20.name},
        ${ifs.lan30.name},
        ${ifs.lan40.name},
        ${ifs.lan50.name},
    }
    define OPNSENSE_NET6 = ${vars.extra.opnsense.net6}
    define ZONE_LAN_EXTRA_NET6 = {
        # TODO: reevaluate this statement
        ${ifs.lan20.net6},  # needed since packets can come in from wan on these addrs
        $OPNSENSE_NET6,
    }
    define RFC1918 = { 10.0.0.0/8, 172.12.0.0/12, 192.168.0.0/16 }
    define CLOUDFLARE_NET6 = {
        # https://www.cloudflare.com/ips-v6
        # TODO: figure out a better way to get addrs dynamically from url
        # perhaps building a nixos module/package that fetches the ips?
        2400:cb00::/32,
        2606:4700::/32,
        2803:f800::/32,
        2405:b500::/32,
        2405:8100::/32,
        2a06:98c0::/29,
        2c0f:f248::/32,
    }
  '';
 in
 {
  networking.firewall.enable = false;
  networking.nftables.enable = true;
-  networking.nftables.tables.firewall = {
+  # networking.nftables.ruleset = nftIdentifiers; #doesn't work because it's appended to the end
-    family = "inet";
+  networking.nftables.tables.nat4 = {
    family = "ip";
    content = ''
-      define ZONE_WAN_IFS = { ${ifs.wan.name} }
+      ${nftIdentifiers}
-      define ZONE_LAN_IFS = {
+      map port_forward {
          ${ifs.lan.name},
          ${ifs.lan10.name},
          ${ifs.lan20.name},
          ${ifs.lan30.name},
          ${ifs.lan40.name},
          ${ifs.lan50.name},
      }
      define OPNSENSE_NET6 = ${vars.extra.opnsense.net6}
      define ZONE_LAN_EXTRA_NET6 = {
          # TODO: reevaluate this statement
          ${ifs.lan20.net6},  # needed since packets can come in from wan on these addrs
          $OPNSENSE_NET6,
      }
      define RFC1918 = { 10.0.0.0/8, 172.12.0.0/12, 192.168.0.0/16 }
      define CLOUDFLARE_NET6 = {
          # https://www.cloudflare.com/ips-v6
          # TODO: figure out a better way to get addrs dynamically from url
          # perhaps building a nixos module/package that fetches the ips?
          2400:cb00::/32,
          2606:4700::/32,
          2803:f800::/32,
          2405:b500::/32,
          2405:8100::/32,
          2a06:98c0::/29,
          2c0f:f248::/32,
      }
      define ALLOWED_TCP_PORTS = { ssh, https }
      define ALLOWED_UDP_PORTS = { bootps, dhcpv6-server, domain }
      map port_forward_v4 {
          type inet_proto . inet_service : ipv4_addr . inet_service
          elements = {
              tcp . 8006 : ${ifs.lan50.p4}.10 . 8006
          }
      }
      chain prerouting {
          # Initial step, accept by default
          type nat hook prerouting priority dstnat; policy accept;
          # Port forwarding
          fib daddr type local dnat ip to meta l4proto . th dport map @port_forward
      }
      chain postrouting {
          # Last step, accept by default
          type nat hook postrouting priority srcnat; policy accept;
          # Masquerade LAN addrs
          oifname $ZONE_WAN_IFS ip saddr $RFC1918 masquerade
      }
    '';
  };
  # Optional IPv6 masquerading (big L if enabled, don't forget to allow forwarding)
  networking.nftables.tables.nat6 = {
    family = "ip6";
    enable = false;
    content = ''
      ${nftIdentifiers}
      chain postrouting {
          type nat hook postrouting priority srcnat; policy accept;
          oifname $ZONE_WAN_IFS ip6 saddr fd00::/8 masquerade
      }
    '';
  };
  networking.nftables.tables.firewall = {
    family = "inet";
    content = ''
      ${nftIdentifiers}
      define ALLOWED_TCP_PORTS = { ssh, https }
      define ALLOWED_UDP_PORTS = { bootps, dhcpv6-server, domain, https }
      set port_forward_v6 {
          type inet_proto . ipv6_addr . inet_service
-          # elements = {}
+          elements = {
              # syncthing on alpina
              tcp . ${ifs.lan.p6}::11:1 . 22000 ,
              udp . ${ifs.lan.p6}::11:1 . 22000 ,
          }
      }
      set cloudflare_forward_v6 {
          type ipv6_addr
@@ -94,7 +136,7 @@ in
          # WAN zone input rules
          iifname $ZONE_WAN_IFS jump zone_wan_input
          # LAN zone input rules
-          iifname $ZONE_LAN_IFS accept
+          # iifname $ZONE_LAN_IFS accept
          iifname $ZONE_LAN_IFS jump zone_lan_input
          ip6 saddr $ZONE_LAN_EXTRA_NET6 jump zone_lan_input
@@ -160,25 +202,6 @@ in
          # NAT reflection
          # oif lo ip daddr != 127.0.0.0/8 dnat ip to meta l4proto . th dport map @port_forward_v4
      }
      chain prerouting {
          # Initial step, accept by default
          type nat hook prerouting priority dstnat; policy accept;
          # Port forwarding
          fib daddr type local dnat ip to meta l4proto . th dport map @port_forward_v4
      }
      chain postrouting {
          # Last step, accept by default
          type nat hook postrouting priority srcnat; policy accept;
          # Masquerade LAN addrs
          oifname $ZONE_WAN_IFS ip saddr $RFC1918 masquerade
          # Optional IPv6 masquerading (big L if enabled, don't forget to allow forwarding)
          # oifname $ZONE_WAN_IFS ip6 saddr fd00::/8 masquerade
      }
    '';
  };
 }
--- a/hosts/router/glance.nix
+++ b/hosts/router/glance.nix
@@ -0,0 +1,166 @@
 { config, lib, pkgs, ... }:
 let
  vars = import ./vars.nix;
  domain = vars.domain;
 in
 {
  # Glance dashboard
  services.glance.enable = true;
  services.glance.settings.pages = [
    {
      name = "Home";
      # hideDesktopNavigation = true; # Uncomment if needed
      columns = [
        {
          size = "small";
          widgets = [
            {
              type = "calendar";
              firstDayOfWeek = "monday";
            }
            {
              type = "rss";
              limit = 10;
              collapseAfter = 3;
              cache = "12h";
              feeds = [
                { url = "https://rtk0c.pages.dev/index.xml"; }
                { url = "https://www.yegor256.com/rss.xml"; }
                { url = "https://selfh.st/rss/"; title = "selfh.st"; }
                { url = "https://ciechanow.ski/atom.xml"; }
                { url = "https://www.joshwcomeau.com/rss.xml"; title = "Josh Comeau"; }
                { url = "https://samwho.dev/rss.xml"; }
                { url = "https://ishadeed.com/feed.xml"; title = "Ahmad Shadeed"; }
              ];
            }
            {
              type = "twitch-channels";
              channels = [
                "theprimeagen"
                "j_blow"
                "piratesoftware"
                "cohhcarnage"
                "christitustech"
                "EJ_SA"
              ];
            }
          ];
        }
        {
          size = "full";
          widgets = [
            {
              type = "group";
              widgets = [
                { type = "hacker-news"; }
                { type = "lobsters"; }
              ];
            }
            {
              type = "videos";
              channels = [
                "UCXuqSBlHAE6Xw-yeJA0Tunw" # Linus Tech Tips
                "UCR-DXc1voovS8nhAvccRZhg" # Jeff Geerling
                "UCsBjURrPoezykLs9EqgamOA" # Fireship
                "UCBJycsmduvYEL83R_U4JriQ" # Marques Brownlee
                "UCHnyfMqiRRG1u-2MsSQLbXA" # Veritasium
              ];
            }
            {
              type = "group";
              widgets = [
                {
                  type = "reddit";
                  subreddit = "technology";
                  showThumbnails = true;
                }
                {
                  type = "reddit";
                  subreddit = "selfhosted";
                  showThumbnails = true;
                }
              ];
            }
          ];
        }
        {
          size = "small";
          widgets = [
            {
              type = "weather";
              location = "San Jose, California, United States";
              units = "metric";
              hourFormat = "12h";
              # hideLocation = true; # Uncomment if needed
            }
            {
              type = "markets";
              markets = [
                { symbol = "SPY"; name = "S&P 500"; }
                { symbol = "BTC-USD"; name = "Bitcoin"; }
                { symbol = "NVDA"; name = "NVIDIA"; }
                { symbol = "AAPL"; name = "Apple"; }
                { symbol = "MSFT"; name = "Microsoft"; }
              ];
            }
            {
              type = "releases";
              cache = "1d";
              # token = "..."; # Uncomment and set if needed
              repositories = [
                "glanceapp/glance"
                "go-gitea/gitea"
                "immich-app/immich"
                "syncthing/syncthing"
              ];
            }
          ];
        }
      ];
    }
    {
      name = "Infrastructure";
      columns = [
        {
          size = "small";
          widgets = [
            {
              type = "server-stats";
              servers = [
                {
                  type = "local";
                  name = "Router";
                  mountpoints."/nix/store".hide = true;
                }
              ];
            }
          ];
        }
        {
          size = "full";
          widgets = [
            {
              type = "iframe";
              title = "Grafana";
              title-url = "/grafana/";
              source = "/grafana/d-solo/rYdddlPWk/node-exporter-full?orgId=1&from=1747211119196&to=1747297519196&timezone=browser&var-datasource=PBFA97CFB590B2093&var-job=node&var-node=localhost:9100&var-diskdevices=%5Ba-z%5D%2B%7Cnvme%5B0-9%5D%2Bn%5B0-9%5D%2B%7Cmmcblk%5B0-9%5D%2B&refresh=1m&panelId=74&__feature.dashboardSceneSolo";
              height = 400;
            }
          ];
        }
        {
          size = "small";
          widgets = [
            {
              type = "dns-stats";
              service = "adguard";
              url = "http://localhost:${toString config.services.adguardhome.port}";
              username = "";
              password = "";
            }
          ];
        }
      ];
    }
  ];
 }
--- a/hosts/router/private.nix
+++ b/hosts/router/private.nix
@@ -0,0 +1,2 @@
 U2FsdGVkX1/98w32OE1ppwT0I5A3UOTKCLJfvk+TQdrbf0TLfYNZ9TC9n8cH2hC9
 ObKVuFlOLwHlzeBy7MXaLg==
--- a/hosts/router/services.nix
+++ b/hosts/router/services.nix
@@ -4,6 +4,10 @@ let
  domain = vars.domain;
 in
 {
  # vnStat for tracking network interface stats
  services.vnstat.enable = true;
  # https://wiki.nixos.org/wiki/Prometheus
  services.prometheus = {
    enable = true;
@@ -27,7 +31,15 @@ in
  # https://wiki.nixos.org/wiki/Grafana#Declarative_configuration
  services.grafana = {
    enable = true;
-    settings.server.http_port = 3001;
+    settings = {
      security.allow_embedding = true;
      server = {
        http_port = 3001;
        domain = "grouter.${domain}";
        root_url = "https://%(domain)s/grafana/";
        serve_from_sub_path = true;
      };
    };
    provision = {
      enable = true;
      datasources.settings.datasources = [
@@ -40,11 +52,34 @@ in
    };
  };
  secrix.system.secrets.cf-api-key.encrypted.file = ../../secrets/cf_api_key.age;
  systemd.services.caddy.serviceConfig.EnvironmentFile = config.secrix.system.secrets.cf-api-key.decrypted.path;
  services.caddy = {
    enable = true;
    package = pkgs.caddy.withPlugins {
      plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ];
      hash = "sha256-Gsuo+ripJSgKSYOM9/yl6Kt/6BFCA6BuTDvPdteinAI=";
    };
    virtualHosts."grouter.${domain}".extraConfig = ''
-      reverse_proxy localhost:${toString config.services.grafana.settings.server.http_port}
+      encode
-      tls internal
+      tls {
          dns cloudflare {env.CF_API_KEY}
          resolvers 1.1.1.1
      }
      @grafana path /grafana /grafana/*
      handle @grafana {
          reverse_proxy localhost:${toString config.services.grafana.settings.server.http_port}
      }
      redir /adghome /adghome/
      handle_path /adghome/* {
          reverse_proxy localhost:${toString config.services.adguardhome.port}
          basic_auth {
              Bob $2a$14$HsWmmzQTN68K3vwiRAfiUuqIjKoXEXaj9TOLUtG2mO1vFpdovmyBy
          }
      }
      handle /* {
          reverse_proxy localhost:${toString config.services.glance.settings.server.port}
      }
    '';
  };
 }
--- a/hosts/router/vars.nix
+++ b/hosts/router/vars.nix
@@ -1,4 +1,6 @@
 let
  private = import ./private.nix;
  mkIfConfig = {
    name_,
    domain_,
@@ -31,6 +33,7 @@ let
    };
 in
 rec {
  pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFobB87yYVwhuYrA+tfztLuks3s9jZOqEFktwGw1mo83 root@grouter";
  domain = "cazzzer.com";
  ldomain = "l.${domain}";
  sysdomain = "sys.${domain}";
@@ -42,7 +45,7 @@ rec {
  };
  p4 = "10.17";                      # .0.0/16
-  pdFromWan = "";  # ::/60
+  pdFromWan = private.pdFromWan;  # ::/60
  ulaPrefix = "fdab:07d3:581d";      # ::/48
  ifs = rec {
    wan = rec {
--- a/hosts/vm/default.nix
+++ b/hosts/vm/default.nix
@@ -7,7 +7,7 @@
 {
  imports =
    [ # Include the results of the hardware scan.
-#      ./hardware-configuration-vm.nix
+      # ./hardware-configuration.nix
    ];
  mods.kb-input.enable = false;
@@ -47,8 +47,8 @@
  services.flatpak.enable = true;
  # VM services
-  services.cloud-init.enable = true;
+  # services.cloud-init.enable = false;
-#  services.cloud-init.network.enable = false;
+  # services.cloud-init.network.enable = false;
  services.qemuGuest.enable = true;
  services.spice-vdagentd.enable = true;
  services.openssh.enable = true;
@@ -57,24 +57,6 @@
  security.sudo.wheelNeedsPassword = false;
  users.groups = {
    cazzzer = {
      gid = 1000;
    };
  };
  users.users.cazzzer = {
    password = "";
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWgEzbEjbbu96MVQzkiuCrw+UGYAXN4sRe2zM6FVopq cazzzer@Yura-PC"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIApFeLVi3BOquL0Rt+gQK2CutNHaBDQ0m4PcGWf9Bc43 cazzzer@Yura-TPX13"
    ];
    isNormalUser = true;
    description = "Yura";
    uid = 1000;
    group = "cazzzer";
    extraGroups = [ "wheel" "docker" "wireshark" ];
  };
  # Install firefox.
  programs.firefox.enable = true;
  programs.fish.enable = true;
@@ -113,9 +95,11 @@
    ldns
    micro
    mpv
    openssl
    ripgrep
    starship
    tealdeer
    transcrypt
    waypipe
    whois
    zfs
--- a/hosts/vm/proxmox.nix
+++ b/hosts/vm/proxmox.nix
@@ -1,11 +0,0 @@
 { ... }:
 {
 #  boot.kernelParams = [ "console=tty0" ];
  proxmox.qemuConf.bios = "ovmf";
  proxmox.qemuExtraConf = {
    machine = "q35";
 #    efidisk0 = "local-lvm:vm-9999-disk-1";
    cpu = "host";
  };
 }
--- a/renovate.json
+++ b/renovate.json
@@ -0,0 +1,12 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "config:recommended"
  ],
  "lockFileMaintenance": {
    "enabled": true
  },
  "nix": {
    "enabled": true
  }
 }
--- a/secrets/cf_api_key.age
+++ b/secrets/cf_api_key.age
@@ -0,0 +1,5 @@
 age-encryption.org/v1
 -> ssh-ed25519 D2MY/A Kj69kavxx+ATNHP5pX0JtGggU76f9uRwkZp2HbjwiWc
 SbU3jIcQzUzaQjRHzVSoW1WKiUj+1ijbkUKqVb406fY
 --- vMV0TcchFvxw1xetQQZ0xVi2KwjLFRfZBM1gl7BGbGI
 <EFBFBD><EFBFBD>1<10><><EFBFBD><EFBFBD>K<EFBFBD><<3C>
--- a/users/cazzzer/default.nix
+++ b/users/cazzzer/default.nix
@@ -0,0 +1,42 @@
 { config, lib, pkgs, ... }: {
  users.groups.cazzzer.gid = 1000;
  users.users.cazzzer = {
    uid = 1000;
    isNormalUser = true;
    description = "Yura";
    group = "cazzzer";
    extraGroups = [ "wheel" ]
      ++ lib.optionals config.networking.networkmanager.enable [ "networkmanager" ]
      ++ lib.optionals config.virtualisation.docker.enable [ "docker" ]
      ++ lib.optionals config.programs.wireshark.enable [ "wireshark" ]
    ;
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE02AhJIZtrtZ+5sZhna39LUUCEojQzmz2BDWguT9ZHG yuri@tati.sh"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHczlipzGWv8c6oYwt2/9ykes5ElfneywDXBTOYbfSfn Pixel7Pro"
    ];
    # TODO: think of a better way to do this
    packages = with pkgs; lib.optionals (config.networking.hostName == "Yura-PC") [
      # Python
      python3
      poetry
      # Haskell
      haskellPackages.ghc
      haskellPackages.stack
      # Node
      nodejs_22
      pnpm
      bun
      # Nix
      nil
      nixd
      nixfmt-rfc-style
      # Gleam
      gleam
      beamMinimal26Packages.erlang
    ];
  };
 }
Author	SHA1	Message	Date
Yuri Tatishchev	5116dd160d	WIP: laptop: refactor home manager modules	2025-05-31 00:29:53 -07:00
Yuri Tatishchev	2f85b081ab	laptop: add initial config for Yura-TPX13	2025-05-30 18:30:05 -07:00
Yuri Tatishchev	eae016b50c	updates: nixpkgs, home-manager, plasma-manager	2025-05-29 13:47:11 -07:00
Yuri Tatishchev	fce994ae9f	flake: fix vm-proxmox package	2025-05-20 23:30:14 -07:00
Yuri Tatishchev	e0af380656	updates: linux 6.14, nixpkgs, home-manager, nixos-generators	2025-05-20 21:58:24 -07:00
Yuri Tatishchev	585ff678b8	refactor: add encrypted private.nix to hold private values	2025-05-18 01:07:48 -07:00
Yuri Tatishchev	80b7bf0ed4	refactor: move user configs into separate dir	2025-05-18 00:00:00 -07:00
Yuri Tatishchev	4807a091c4	router: add glance (very pretty)	2025-05-15 01:32:38 -07:00
Yuri Tatishchev	9cee4d75c4	router: dns: remove default adguard rate limit to fix intermittent slow queries	2025-05-13 02:10:38 -07:00
Yuri Tatishchev	4ffdb4da4f	router: caddy http3 and compression	2025-05-12 00:11:03 -07:00
Yuri Tatishchev	4fce23e446	renovate: add nix lock file to config	2025-05-11 21:41:34 -07:00
Yuri Tatishchev	49c781c1a8	router: option to disable desktop to save space # Conflicts: # hosts/router/default.nix	2025-05-11 21:36:28 -07:00
Yuri Tatishchev	1fbba65785	router: add secrix for secrets; add cloudflare api key	2025-05-11 21:35:03 -07:00
Yuri Tatishchev	bb633e5bce	router: services: caddy acme dns provider cloudflare	2025-05-11 20:29:16 -07:00
Yuri Tatishchev	2aa3d87184	router: services: caddy subpath proxies for grafana and adguardhome	2025-05-11 18:41:59 -07:00
Yuri Tatishchev	05d558e836	router: refactor firewall nftables config	2025-05-11 17:56:17 -07:00
Yuri Tatishchev	8f7e00f27a	router: add vnStat service	2025-05-11 15:58:51 -07:00
renovate[bot]	5e023e2982	Add renovate.json	2025-05-06 00:27:13 -07:00
Yuri Tatishchev	0674c870c7	updates: nixpkgs, home-manager; add texlive	2025-04-30 16:58:15 -07:00
		`@@ -0,0 +1 @@`
							`private.nix filter=crypt diff=crypt merge=crypt`
		`@@ -0,0 +1,2 @@`
							`U2FsdGVkX1/98w32OE1ppwT0I5A3UOTKCLJfvk+TQdrbf0TLfYNZ9TC9n8cH2hC9`
							`ObKVuFlOLwHlzeBy7MXaLg==`