Lock file maintenance

Update DeterminateSystems/update-flake-lock action to v27
2025-07-27 02:07:00 +00:00 · 2025-07-26 02:07:07 +00:00 · 2025-07-20 04:02:49 +02:00 · 2025-07-20 02:02:44 +00:00 · 2025-07-19 02:09:21 +00:00 · 2025-07-16 02:07:28 +00:00
123 changed files with 3462 additions and 1931 deletions
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -0,0 +1,38 @@
+name: Nix Build
+
+on: 
+  pull_request:
+  push:
+  workflow_run:
+    workflows: []
+    types: [completed]
+  workflow_dispatch:
+
+jobs:
+  build-nixos:
+    runs-on: ubuntu-latest
+    steps: 
+      - uses: actions/checkout@v4
+      
+      - name: "Install Nix ❄️"
+        uses: cachix/install-nix-action@v31
+
+    #  - uses: DeterminateSystems/nix-installer-action@v4
+      - uses: DeterminateSystems/magic-nix-cache-action@v13
+      - uses: DeterminateSystems/flake-checker-action@v12
+
+      - name: "Install Cachix ❄️"
+        uses: cachix/cachix-action@v16
+        with:
+          name: helcel
+          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
+          
+
+      - name: "Build NixOS CI config ❄️"
+        run: |
+          nix build .#nixosConfigurations.ci.config.system.build.toplevel
+
+      - name: "Build NixOS Sandbox config ❄️"
+        run: |
+          nix build .#nixosConfigurations.sandbox.config.system.build.toplevel
+          
--- a/.gitea/workflows/update.yml
+++ b/.gitea/workflows/update.yml
@@ -0,0 +1,30 @@
+name: update-flake-lock
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 2 * * 6,7'
+
+
+env:
+  USER: "runner"
+
+jobs:
+  lockfile:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Install nix
+        uses: DeterminateSystems/nix-installer-action@v19
+        with:
+          github-token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
+          extra_nix_config: |
+            experimental-features = nix-command flakes            
+      - name: Update flake.lock
+        uses: DeterminateSystems/update-flake-lock@v27
+        with:
+          token: ${{ secrets.GT_TOKEN_FOR_UPDATES }}
+          pr-title: "[chore] Update flake.lock"
+          pr-labels: |
+            dependencies
+            automated    
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 result
 age-key.txt
 .decrypted~common.yaml
+.decrypted*
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -4,38 +4,55 @@ keys:
    - &sora 4E241635F8EDD2919D2FB44CA362EA0491E2EEA0
  # Hosts
  - &hosts:
+    - &ci age13qv9dn9806paqgpjwmmkwtdzvv4qpv0ulksq0epnn8ufaxeug5zskyas3z
    - &iriy age1ms8f0ysv6vakxepvt69fejczs6tddexepesdv4rkgtheehj3nu4sc6290s
    - &avalon age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
    - &valinor age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
    - &asgard age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg

 creation_rules:
-  - path_regex: modules/nixos/system/security/sops/iriy.ya?ml$
+  - path_regex: modules/shared/sops/private/iriy.[a-z]+
    key_groups:
    - age:
      - *iriy
      pgp:
      - *sora
-  - path_regex: modules/nixos/system/security/sops/avalon.ya?ml$
+  - path_regex: modules/shared/sops/private/avalon.[a-z]+
    key_groups:
    - age:
      - *avalon
      pgp:
      - *sora
-  - path_regex: modules/nixos/system/security/sops/valinor.ya?ml$
+  - path_regex: modules/shared/sops/private/valinor.[a-z]+
    key_groups:
    - age:
      - *valinor
      pgp:
      - *sora
-  - path_regex: modules/nixos/system/security/sops/asgard.ya?ml$
+  - path_regex: modules/shared/sops/private/asgard.[a-z]+
    key_groups:
    - age:
      - *asgard
      pgp:
      - *sora

-  - path_regex: modules/nixos/system/security/sops/common.yaml$
+  - path_regex: modules/shared/sops/common.[a-z]+
+    key_groups:
+    - age:
+      - *valinor
+      - *iriy
+      - *avalon
+      - *asgard
+      pgp:
+      - *sora
+  
+  - path_regex: modules/shared/sops/mock.[a-z]+
+    key_groups:
+    - age:
+      - *ci
+
+
+  - path_regex: modules/server/sops/server.[a-z]+
    key_groups:
    - age:
      - *valinor
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,27 @@
 {
  "nodes": {
+    "arion": {
+      "inputs": {
+        "flake-parts": "flake-parts",
+        "haskell-flake": "haskell-flake",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1745165725,
+        "narHash": "sha256-OnHV8Us04vRsWM0uL1cQez8DumhRi6yE+4K4VLtH6Ws=",
+        "owner": "hercules-ci",
+        "repo": "arion",
+        "rev": "4f59059633b14364b994503b179a701f5e6cfb90",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "arion",
+        "type": "github"
+      }
+    },
    "base16-schemes": {
      "flake": false,
      "locked": {
@@ -23,11 +45,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1711763326,
-        "narHash": "sha256-sXcesZWKXFlEQ8oyGHnfk4xc9f2Ip0X/+YZOq3sKviI=",
+        "lastModified": 1751313918,
+        "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "36524adc31566655f2f4d55ad6b875fb5c1a4083",
+        "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf",
        "type": "github"
      },
      "original": {
@@ -37,13 +59,55 @@
        "type": "github"
      }
    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "arion",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733312601,
+        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-parts_2": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "nur",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733312601,
+        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
    "hardware": {
      "locked": {
-        "lastModified": 1712324865,
-        "narHash": "sha256-+BatEWd4HlMeK7Ora+gYIkarjxFVCg9oKrIeybHIIX4=",
+        "lastModified": 1753122741,
+        "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=",
        "owner": "nixos",
        "repo": "nixos-hardware",
-        "rev": "f3b959627bca46a9f7052b8fbc464b8323e68c2c",
+        "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22",
        "type": "github"
      },
      "original": {
@@ -52,6 +116,22 @@
        "type": "github"
      }
    },
+    "haskell-flake": {
+      "locked": {
+        "lastModified": 1675296942,
+        "narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=",
+        "owner": "srid",
+        "repo": "haskell-flake",
+        "rev": "c2cafce9d57bfca41794dc3b99c593155006c71e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "srid",
+        "ref": "0.1.0",
+        "repo": "haskell-flake",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@@ -59,144 +139,20 @@
        ]
      },
      "locked": {
-        "lastModified": 1712317700,
-        "narHash": "sha256-rnkQ6qMhlxfjpCECkTMlFXHU/88QvC5KpdJWq5H6F1E=",
+        "lastModified": 1753479839,
+        "narHash": "sha256-E/rPVh7vyPMJUFl2NAew+zibNGfVbANr8BP8nLRbLkQ=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "782eed8bb64b27acaeb7c17be4a095c85e65717f",
+        "rev": "0b9bf983db4d064764084cd6748efb1ab8297d1e",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
+        "ref": "release-25.05",
        "repo": "home-manager",
        "type": "github"
      }
    },
-    "hyprcursor": {
-      "inputs": {
-        "hyprlang": "hyprlang",
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1711466786,
-        "narHash": "sha256-sArxGyUBiCA1in+q6t0QqT+ZJiZ1PyBp7cNPKLmREM0=",
-        "owner": "hyprwm",
-        "repo": "hyprcursor",
-        "rev": "d3876f34779cc03ee51e4aafc0d00a4f187c7544",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprcursor",
-        "type": "github"
-      }
-    },
-    "hyprland": {
-      "inputs": {
-        "hyprcursor": "hyprcursor",
-        "hyprland-protocols": "hyprland-protocols",
-        "hyprlang": "hyprlang_2",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "systems": "systems_2",
-        "wlroots": "wlroots",
-        "xdph": "xdph"
-      },
-      "locked": {
-        "lastModified": 1712348608,
-        "narHash": "sha256-iyS1dSTknppuJP+S9dLmOJctRO3aENWIHuMtid3dJ1A=",
-        "owner": "hyprwm",
-        "repo": "Hyprland",
-        "rev": "dab149e4a6291dd412b594c0faba2c44f9a74263",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "Hyprland",
-        "type": "github"
-      }
-    },
-    "hyprland-protocols": {
-      "inputs": {
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1691753796,
-        "narHash": "sha256-zOEwiWoXk3j3+EoF3ySUJmberFewWlagvewDRuWYAso=",
-        "owner": "hyprwm",
-        "repo": "hyprland-protocols",
-        "rev": "0c2ce70625cb30aef199cb388f99e19a61a6ce03",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprland-protocols",
-        "type": "github"
-      }
-    },
-    "hyprlang": {
-      "inputs": {
-        "nixpkgs": [
-          "hyprland",
-          "hyprcursor",
-          "nixpkgs"
-        ],
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1709914708,
-        "narHash": "sha256-bR4o3mynoTa1Wi4ZTjbnsZ6iqVcPGriXp56bZh5UFTk=",
-        "owner": "hyprwm",
-        "repo": "hyprlang",
-        "rev": "a685493fdbeec01ca8ccdf1f3655c044a8ce2fe2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprlang",
-        "type": "github"
-      }
-    },
-    "hyprlang_2": {
-      "inputs": {
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1711250455,
-        "narHash": "sha256-LSq1ZsTpeD7xsqvlsepDEelWRDtAhqwetp6PusHXJRo=",
-        "owner": "hyprwm",
-        "repo": "hyprlang",
-        "rev": "b3e430f81f3364c5dd1a3cc9995706a4799eb3fa",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprlang",
-        "type": "github"
-      }
-    },
    "nix-colors": {
      "inputs": {
        "base16-schemes": "base16-schemes",
@@ -216,18 +172,34 @@
        "type": "github"
      }
    },
-    "nixpkgs": {
+    "nixUnstable": {
      "locked": {
-        "lastModified": 1712163089,
-        "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
+        "lastModified": 1753432016,
+        "narHash": "sha256-cnL5WWn/xkZoyH/03NNUS7QgW5vI7D1i74g48qplCvg=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
+        "rev": "6027c30c8e9810896b92429f0092f624f7b1aace",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-unstable",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1753345091,
+        "narHash": "sha256-CdX2Rtvp5I8HGu9swBmYuq+ILwRxpXdJwlpg8jvN4tU=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "3ff0e34b1383648053bba8ed03f201d3466f90c9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
@@ -247,13 +219,33 @@
        "type": "github"
      }
    },
-    "nur": {
+    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1712360699,
-        "narHash": "sha256-QEPOGtvowv3X0cVJbm+0Z9RKE+4ftbVv3eJACy9smcQ=",
+        "lastModified": 1753429684,
+        "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nur": {
+      "inputs": {
+        "flake-parts": "flake-parts_2",
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1753562419,
+        "narHash": "sha256-hSutp1wLoj2DBGdhkFUCy8gJHu7YJ8Nt/OgsYrQ/O50=",
        "owner": "nix-community",
        "repo": "nur",
-        "rev": "1f0b37a2631a99495e0efc6f96285992f74fd358",
+        "rev": "294f62a0da32efbda589682cc1f038e773530959",
        "type": "github"
      },
      "original": {
@@ -264,11 +256,12 @@
    },
    "root": {
      "inputs": {
+        "arion": "arion",
        "darwin": "darwin",
        "hardware": "hardware",
        "home-manager": "home-manager",
-        "hyprland": "hyprland",
        "nix-colors": "nix-colors",
+        "nixUnstable": "nixUnstable",
        "nixpkgs": "nixpkgs",
        "nur": "nur",
        "sops-nix": "sops-nix"
@@ -278,17 +271,14 @@
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
-        ],
-        "nixpkgs-stable": [
-          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1711855048,
-        "narHash": "sha256-HxegAPnQJSC4cbEbF4Iq3YTlFHZKLiNTk8147EbLdGg=",
+        "lastModified": 1752544651,
+        "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "99b1e37f9fc0960d064a7862eb7adfb92e64fa10",
+        "rev": "2c8def626f54708a9c38a5861866660395bb3461",
        "type": "github"
      },
      "original": {
@@ -296,88 +286,6 @@
        "repo": "sops-nix",
        "type": "github"
      }
-    },
-    "systems": {
-      "locked": {
-        "lastModified": 1689347949,
-        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "type": "github"
-      }
-    },
-    "systems_2": {
-      "locked": {
-        "lastModified": 1689347949,
-        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default-linux",
-        "type": "github"
-      }
-    },
-    "wlroots": {
-      "flake": false,
-      "locked": {
-        "host": "gitlab.freedesktop.org",
-        "lastModified": 1709983277,
-        "narHash": "sha256-wXWIJLd4F2JZeMaihWVDW/yYXCLEC8OpeNJZg9a9ly8=",
-        "owner": "wlroots",
-        "repo": "wlroots",
-        "rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b",
-        "type": "gitlab"
-      },
-      "original": {
-        "host": "gitlab.freedesktop.org",
-        "owner": "wlroots",
-        "repo": "wlroots",
-        "rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b",
-        "type": "gitlab"
-      }
-    },
-    "xdph": {
-      "inputs": {
-        "hyprland-protocols": [
-          "hyprland",
-          "hyprland-protocols"
-        ],
-        "hyprlang": [
-          "hyprland",
-          "hyprlang"
-        ],
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1709299639,
-        "narHash": "sha256-jYqJM5khksLIbqSxCLUUcqEgI+O2LdlSlcMEBs39CAU=",
-        "owner": "hyprwm",
-        "repo": "xdg-desktop-portal-hyprland",
-        "rev": "2d2fb547178ec025da643db57d40a971507b82fe",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "xdg-desktop-portal-hyprland",
-        "type": "github"
-      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@@ -1,13 +1,14 @@
 {
  description = "SoraFlake";
-
  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    # Trick renovate into working: "github:NixOS/nixpkgs/nixpkgs-unstable"
+    nixUnstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
    hardware.url = "github:nixos/nixos-hardware";
    nur.url = "github:nix-community/nur";

    home-manager = {
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager/release-25.05";
      inputs.nixpkgs.follows = "nixpkgs";
    };

@@ -16,66 +17,38 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

-    hyprland = {
-      url = "github:hyprwm/Hyprland";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
+    # hyprland = {
+    #   url = "github:hyprwm/Hyprland";
+    #   inputs.nixpkgs.follows = "nixpkgs";
+    # };
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
-      inputs.nixpkgs-stable.follows = "nixpkgs";
    };
    nix-colors.url = "github:misterio77/nix-colors";

+    arion.url = "github:hercules-ci/arion";
+    arion.inputs.nixpkgs.follows = "nixpkgs";
+
  };

  outputs = inputs:
-
    let gen = import ./generator.nix { inherit inputs; };
    in {
      devShells = import ./shells { inherit inputs; };

      nixosConfigurations = {
-        valinor = gen.generate {
-          type = "nixos";
-          system = "x86_64-linux";
-          host = "valinor";
-        };
-        iriy = gen.generate {
-          type = "nixos";
-          system = "x86_64-linux";
-          host = "iriy";
-        };
-        efir = gen.generate {
-          type = "nixos";
-          system = "x86_64-linux";
-          host = "efir";
-        };
-        avalon = gen.generate {
-          type = "nixos";
-          system = "x86_64-linux";
-          host = "avalon";
-        };
-
-      };
-      darwinConfigurations = {
-        asgard = gen.generate {
-          type = "macos";
-          system = "x86_64-darwin";
-          host = "asgard";
-        };
+        valinor = gen.generate { host = "valinor"; };
+        iriy = gen.generate { host = "iriy"; };
+        efir = gen.generate { host = "efir"; };
+        avalon = gen.generate { host = "avalon"; };
+        ci = gen.generate { host = "ci"; };
+        sandbox = gen.generate { host = "sandbox"; };
      };
+      darwinConfigurations = { asgard = gen.generate { host = "asgard"; }; };
      homeConfigurations = {
-        yomi = gen.generate {
-          type = "home";
-          system = "arm-64";
-          host = "example";
-        };
-        example = gen.generate {
-          type = "home";
-          system = "-"; # supports any
-          host = "example";
-        };
+        yomi = gen.generate { host = "example"; };
+        example = gen.generate { host = "example"; };
      };
    };

--- a/generator.nix
+++ b/generator.nix
@@ -1,51 +1,68 @@
 { inputs, ... }: {
-  generate = { type, system, host }:
-    ({
+  generate = { host }:
+    let
+      syscfg = import ./systems/${host}/cfg.nix;
+      nameValuePair = name: value: { inherit name value; };
+    in ({
      "nixos" = inputs.nixpkgs.lib.nixosSystem {
-        system = system;
+        system = syscfg.syscfg.system;
+        specialArgs = { inherit inputs; };
        modules = [
-          inputs.sops-nix.nixosModules.sops
+          ./modules/shared/syscfg
+          ./modules/shared/sops
          ./modules/nixos
+          syscfg
          ./systems/${host}
+          inputs.arion.nixosModules.arion
+          inputs.sops-nix.nixosModules.sops
          inputs.home-manager.nixosModules.home-manager
          {
            home-manager.useGlobalPkgs = true;
            home-manager.useUserPackages = true;
            home-manager.extraSpecialArgs = { inherit inputs; };
-            home-manager.users.sora = {
-              imports = [
-                ./modules/home
-                inputs.nix-colors.homeManagerModule
-                inputs.hyprland.homeManagerModules.default
-                ./systems/${host}/home.nix
-              ];
-            };
+            home-manager.users = builtins.listToAttrs (map (userConfig:
+              nameValuePair userConfig.username {
+                imports = [
+                  ./modules/shared/syscfg
+                  ./modules/shared/colors
+                  ./modules/home
+                  syscfg
+                  { usercfg = userConfig; }
+                  inputs.nix-colors.homeManagerModule
+                  # inputs.hyprland.homeManagerModules.default
+                  inputs.sops-nix.homeManagerModules.sops
+                ];
+              }) syscfg.syscfg.users);
          }
        ];
      };
+
      "macos" = inputs.darwin.lib.darwinSystem {
-        system = system;
+        system = syscfg.system;
        modules = [
-          inputs.sops-nix.nixosModules.sops
+          ./modules/shared/syscfg
+          ./modules/shared/sops
+          syscfg
          ./systems/${host}
+          inputs.sops-nix.nixosModules.sops
          inputs.home-manager.darwinModules.home-manager
          {
            home-manager.useGlobalPkgs = true;
            home-manager.useUserPackages = true;
            home-manager.extraSpecialArgs = { inherit inputs; };
-            home-manager.users.sora = {
-              imports = [
-                inputs.nix-colors.homeManagerModule
-                inputs.hyprland.homeManagerModules.default
-                ./systems/${host}/home.nix
-              ];
-            };
+            home-manager.users = builtins.listToAttrs (map (userConfig:
+              nameValuePair userConfig.username {
+                imports = [
+                  inputs.nix-colors.homeManagerModule
+                  inputs.sops-nix.homeManagerModules.sops
+                ];
+              }) syscfg.syscfg.users);
          }
        ];
      };
      "home" = inputs.home-manager.lib.homeManagerConfiguration {
-        modules = [ ./modules/home ./systems/${host}/home.nix ];
+        modules = [ ./modules/home ];
      };
      _ = throw "Unsupported system";
-    }.${type});
+    }.${syscfg.syscfg.type});
 }
--- a/modules/home/base/default.nix
+++ b/modules/home/base/default.nix
@@ -1,12 +1,21 @@
 { lib, config, ... }: {

+  #environment.sessionVariables.SOPS_AGE_KEY_FILE = keyFilePath;
  systemd.user.startServices = "sd-switch";
  programs.home-manager.enable = true;

  home = {
-    username = "${config.homecfg.username}";
-    homeDirectory = "/home/${config.homecfg.username}";
+    username = "${config.usercfg.username}";
+    homeDirectory = "/home/${config.usercfg.username}";

-    stateVersion = "23.11";
+    stateVersion = "24.11";
  };
+
+
+  #SOPS
+  # sops.defaultSopsFile = ./sops/${config.usercfg.username}.yaml;
+  # sops.age.keyFile = "/var/lib/sops-nix/age-key.txt";
+  # sops.age.generateKey = true;
+  # sops.secrets."github_user_key" = { };
+  # sops.secrets."curse_forge_key" = { };
 }
--- a/modules/home/base/sops/sora.yaml
+++ b/modules/home/base/sops/sora.yaml
@@ -0,0 +1,69 @@
+curse_forge_key: ENC[AES256_GCM,data:PhhwPhUys/WDzXb40iFlrUcwFEJVzi49vDlm5Hpc7IUwbBiQI1Zvi6115THMvarnGESDyouPfoZP0wha,iv:x//EzR4QwdD0UxqV97yUepc39DopoqiDT21unpF9R2E=,tag:5jM1EibWo0wI+PS70+kb/Q==,type:str]
+github_user_key: ENC[AES256_GCM,data:RvBsQjWGd2qRCvBzcpMv8FIXGY/GiPd9o0x2Oq+NlbXxR2NMqNBNLw==,iv:99AcmOWFft7XQAn7YrGjZuCvz0M5wUkYeInsWwyeUFM=,tag:wkw2YQGi9j/8XtOFd8KhdQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBraWFDRFUxQ2l5OWV1OXNK
+            UExEbWZkM0kzVk1rZG4yY3pBLzdMVWVJS0UwCnhlWFJ5T2lZUXJyNkg1ejQxaU1t
+            L3F2RUhldTY3N2xXL0hwczNKRzNjcncKLS0tIEkycHoxcDBGNyt2V3RDY29wNGVp
+            TGg5Rk05VkRsaXM1Q0NxMmtMajRORDAKqjFldiAYJKjmnkeDkwanjYvhL6645DZ5
+            dVXExjqO/DG733ge8HFyKzpfpkzRymV1giUwxBdII1dd0mJ2ncINeA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ms8f0ysv6vakxepvt69fejczs6tddexepesdv4rkgtheehj3nu4sc6290s
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3UkRjblIvYStZUzQyRHA1
+            ZGVXeHhrN0kyVkxZdms5U3gwVFlPMW12MVJjCjRkVURpZXBzb0tYenB4dGxKamh6
+            VXVBMmo1Ujkvd2VTRExyWE5MbVJaclUKLS0tIDVhRkYzZmEzUG00Q2IwOWZUMVVt
+            ODVIbytpcjN1cVMyaG1qVVdkRmtaMzQKNsvD9DpK/raDBob+IcuNk72tQDts36kJ
+            QhtoLy8MvUymi49PdEWrgyf68w5XwRO/U4iINhR0qzm0glg/XcyHjA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJc3hKWkk3ckNOY2UyTVhG
+            MmtLaEd0K04yaGxiOUoxMXkzOEFnYis4VkhnCktDRFM2bS8vb05OWDdwa0RwRlNO
+            cmlZemtxVGZ6S0tNTDV1cmE1N0pVWnMKLS0tIE9EZllycHJpcEY2R1pwOFhOZEU3
+            L01IcytDd3BPb0VOTW9DQ2lUdUVJS0kKiD+C+3mK1b/eIwCEFanFgYGLNk3JNPQ7
+            i1UqzbHVxSd0q/YVwdKAcj0jA6EezGm275tgq7IVsy2sHkvRMaEDtQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAweVU3TkxFZzRnd2I2clN2
+            ZTlTWmhwQkhVc1hnOXFvZVVDSWpHMVh1TGtrCkc3M1pUTnZCMHpvYXB5ZVhreGxa
+            ZVY2cG5Ja2ltL3k2Q1VEalc5TTNFMXcKLS0tIGd5UWl0RGVXT211Zm51dlB6WFZ1
+            STRtTVpVTCtVZ1FUNENqWFFVNTNuaVUKN6HRiZjTdENeif8dJ29urBxPXDaosjjY
+            InN4Ko6YUaGfvB1DTrKIzrxOpsHS+XjisoGfT71tJwwEOoREklEO/A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-12-23T18:05:22Z"
+    mac: ENC[AES256_GCM,data:YSi2xIwz50VxUDL3QzGVUwRWUgZhvudSLCKgwIbWm8gkuAJ/V2sVRhJNVQJ1YvLO44ob5hmrgR4wSnOdAbS7FrpbLcJuoYBjVUTDjy+j6otnIDxEcYeciHhZ1pV/OiydBmJC+lZ4+SRdWdokL2HaXRKgc9QT9e/MdAbFIzI1x90=,iv:8rj8yEqHTMgoGu31RVskYizmROB/5I0ajZJ/EcmlVfE=,tag:PILFCyXY8sXYGxCEHS7qCg==,type:str]
+    pgp:
+        - created_at: "2023-04-20T10:20:17Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            wcFMA6R3Y9nD7qMBAQ/8CVWQaYKfOzvPIllZyyWpUjHRLLXaR8MNJ8U5WI/tdwdN
+            9UScDYJFuYRW7Q9s4Mt961kBGpaHqe9MUZBxUDlYX59+EN3FbO/eMQ5OqI05ESmL
+            TvZB4+S9C5o73nuypSDNvYz+Lgq6DO25ZPhXdtPhx2DE4G31/wft/LpxhjalIjI8
+            MU0Dv22R4qC+glJbe4GIF2IJ8XoxnnzjiGeSqiyv0QIBM0SzOtA5sKwNohWBnW7g
+            7vxOTm5+kyzG0dDjt3tFApgPDaA1wjofzhRuuveF52VBsuIA2opFdpqkyICvK6rn
+            NB5kUaPlY6A0m+n0oHSfY5wm/AnHNE4Oob/ifumAaB0EAJVUTRauI5M8SeJF0ya1
+            U0IQ9N2lb7Y6q4pqHywIa6fnylsqCfxInAYKMuslRq8f9t/qakb4/MYcnPrwpzjw
+            73/naiNoJmG6NVTkM52qTtOqZAmsaQd5cigTuPW2Z2CJq1yLZEVGSSd1DUGUjBDK
+            nQGucpVVVpD+ifrIPz+Iqwy+5NoZZm/Oa9pKJGFzqXinnDNZaqtgpmTw9QxcSeaP
+            VvGZG9CDd89MtAm1VQyuqi1bQ2faq3G0xNrLl7xUsfmjx4ofW+JXR87OzvGfLPhu
+            Sjl3kS9j5/MEBRBg3n9gNkgSu5Sy3ilhckY3yjTgAT9Gw2giDhCiUXi1/7KrGprS
+            UQHPCSsjyWsyuYVa3lAP/WPdVclc4WOdfYcetUCXBVP7LQr0bq+IG+2J0nnY3mDt
+            Va5k4sP1qu6Ecrs2JioQ1V2H+VmcrRykBWnMXl1tDSWKMA==
+            =pS8X
+            -----END PGP MESSAGE-----
+          fp: 4E241635F8EDD2919D2FB44CA362EA0491E2EEA0
+    unencrypted_suffix: _unencrypted
+    version: 3.9.2
--- a/modules/home/cli/git/default.nix
+++ b/modules/home/cli/git/default.nix
@@ -2,10 +2,10 @@

  programs.git = {
    enable = true;
-    userEmail = "${config.homecfg.git.email}";
-    userName = "${config.homecfg.git.username}";
+    userEmail = "${config.usercfg.git.email}";
+    userName = "${config.usercfg.git.username}";
    signing = {
-      key = "${config.homecfg.git.key}";
+      key = "${config.usercfg.git.key}";
      signByDefault = true;
    };
    ignores = [ "*result*" ".direnv" "node_modules" ];
--- a/modules/home/cli/other/default.nix
+++ b/modules/home/cli/other/default.nix
@@ -12,7 +12,7 @@
    cbonsai
    pipes-rs
    cmatrix
-    cava
+    #cava
    sl
  ];
 }
--- a/modules/home/cli/zsh/default.nix
+++ b/modules/home/cli/zsh/default.nix
@@ -14,5 +14,9 @@ in {
      "ssh" = "TERM=xterm-256color  ${pkgs.openssh}/bin/ssh";
      "top" = "btop";
    };
+    initContent = ''
+      sopsu() {nix-shell -p sops --run "sops updatekeys $1";}
+      sopsn() {nix-shell -p sops --run "sops $1";}
+    '';
  };
 }
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@@ -1 +1 @@
-{ ... }: { imports = [ ./base ./cli ./gui ./homecfg ./wayland ./xdg ./xorg ]; }
+{ ... }: { imports = [ ./base ./cli ./gui ./wayland ./xdg ./xorg ]; }
--- a/modules/home/gui/apps/default.nix
+++ b/modules/home/gui/apps/default.nix
@@ -1,3 +1,3 @@
 { ... }: {
-  imports = [ ./develop ./firefox ./images ./mpv ./pipewire ./vosk ./zathura ];
+  imports = [ ./develop ./firefox ./images ./mpv ./pipewire ./zathura ];
 }
--- a/modules/home/gui/apps/develop/default.nix
+++ b/modules/home/gui/apps/develop/default.nix
@@ -1,7 +1,7 @@
 { lib, config, pkgs, ... }: {
  imports = [ ./vscodium ];

-  config = lib.mkIf (config.homecfg.make.develop) {
-    home.packages = with pkgs; [ blender godot_4 ];
+  config = lib.mkIf (config.syscfg.make.develop) {
+    home.packages = with pkgs; [ blender godot_4 openscad-unstable bambu-studio ];
  };
 }
--- a/modules/home/gui/apps/develop/vscodium/default.nix
+++ b/modules/home/gui/apps/develop/vscodium/default.nix
@@ -1,17 +1,19 @@
 { lib, config, pkgs, ... }: {

-  config = lib.mkIf (config.homecfg.make.develop) {
+  config = lib.mkIf (config.syscfg.make.develop) {
    programs.vscode = {
      enable = true;
      package = pkgs.vscodium;
-      extensions = with pkgs.vscode-extensions; [
-        bbenoist.nix
-        esbenp.prettier-vscode
-        golang.go
-        ms-python.vscode-pylance
-        ms-vscode.cpptools
-        dbaeumer.vscode-eslint
-      ];
+      #profiles.default = {
+        profiles.default.extensions = with pkgs.vscode-extensions; [
+          bbenoist.nix
+          esbenp.prettier-vscode
+          golang.go
+          ms-python.vscode-pylance
+          ms-vscode.cpptools
+          dbaeumer.vscode-eslint
+        ];
+      #};
    };
  };
 }
--- a/modules/home/gui/apps/firefox/default.nix
+++ b/modules/home/gui/apps/firefox/default.nix
@@ -1,5 +1,5 @@
 { lib, config, ... }: {
-  config = lib.mkIf (config.homecfg.make.gui) {
+  config = lib.mkIf (config.syscfg.make.gui) {
    programs.firefox = {
      enable = true;
      profiles = {
--- a/modules/home/gui/apps/images/default.nix
+++ b/modules/home/gui/apps/images/default.nix
@@ -1,6 +1,6 @@
 { lib, config, pkgs, ... }: {

-  config = lib.mkIf (config.homecfg.make.gui) {
+  config = lib.mkIf (config.syscfg.make.gui) {
    programs.imv.enable = true;

    programs.obs-studio.enable = true;
--- a/modules/home/gui/apps/mpv/default.nix
+++ b/modules/home/gui/apps/mpv/default.nix
@@ -1,6 +1,6 @@
 { lib, config, pkgs, ... }: {

-  config = lib.mkIf (config.homecfg.make.gui) {
+  config = lib.mkIf (config.syscfg.make.gui) {
    programs.mpv = {
      enable = true;
      scripts = with pkgs; [ mpvScripts.mpris ];
--- a/modules/home/gui/apps/pipewire/default.nix
+++ b/modules/home/gui/apps/pipewire/default.nix
@@ -1,6 +1,6 @@
 { lib, config, ... }: {

-  config = lib.mkIf (config.homecfg.make.gui) {
+  config = lib.mkIf (config.syscfg.make.gui) {
    xdg.configFile."pipewire/pipewire-pulse.conf.d/desktop.conf".text = ''
      context.modules = [
        {   name = libpipewire-module-loopback
--- a/modules/home/gui/apps/vosk/default.nix
+++ b/modules/home/gui/apps/vosk/default.nix
@@ -1,6 +1,6 @@
 { lib, config, pkgs, ... }: {

-  config = lib.mkIf (config.homecfg.make.gui) {
+  config = lib.mkIf (config.syscfg.make.gui) {
    home.packages = with pkgs; [
      custom.vosk.base
      jq
--- a/modules/home/gui/apps/zathura/default.nix
+++ b/modules/home/gui/apps/zathura/default.nix
@@ -1,6 +1,6 @@
 { lib, config, ... }: {

-  config = lib.mkIf (config.homecfg.make.gui) {
+  config = lib.mkIf (config.syscfg.make.gui) {
    programs.zathura = {
      enable = true;
      extraConfig = ''
--- a/modules/home/gui/base/default.nix
+++ b/modules/home/gui/base/default.nix
@@ -1,6 +1,6 @@
 { lib, config, pkgs, ... }: {

-  config = lib.mkIf (config.homecfg.make.gui) {
+  config = lib.mkIf (config.syscfg.make.gui) {
    services.nextcloud-client.enable = true;

    home.packages = with pkgs; [
@@ -10,9 +10,13 @@
      xfce.tumbler

      telegram-desktop
+      discord-canary
      pavucontrol
      keepassxc
+      nextcloud-client
+
      gramps
+      sweethome3d.application
    ];
  };
 }
--- a/modules/home/gui/games/default.nix
+++ b/modules/home/gui/games/default.nix
@@ -1,11 +1,10 @@
-{ lib, config, pkgs, ... }: {
+{ inputs, lib, config, pkgs, ... }: {

-  imports = [ ./openttd.nix ];
+  imports = [ ./openttd.nix ./wow.nix ];

-  config = lib.mkIf (config.homecfg.make.game) {
+  config = lib.mkIf (config.syscfg.make.game) {

    home.packages = with pkgs; [
-      # custom.simc

      #games
      steam
@@ -15,6 +14,9 @@
      prismlauncher
      openttd-jgrpp
      bottles
+      lutris
+      unstable.umu-launcher
+      wine
    ];
  };

--- a/modules/home/gui/games/openttd.nix
+++ b/modules/home/gui/games/openttd.nix
@@ -1,6 +1,6 @@
 { lib, config, ... }: {

-  config = lib.mkIf (config.homecfg.make.game) {
+  config = lib.mkIf (config.syscfg.make.game) {
    xdg.configFile."openttd/openttd.cfg".text = ''
      [misc]
      display_opt = SHOW_TOWN_NAMES|SHOW_STATION_NAMES|SHOW_SIGNS|FULL_ANIMATION|FULL_DETAIL|WAYPOINTS|SHOW_COMPETITOR_SIGNS
--- a/modules/home/gui/games/wow.nix
+++ b/modules/home/gui/games/wow.nix
@@ -0,0 +1,81 @@
+{ pkgs, lib, config, sops, ... }: {
+
+  config = lib.mkIf (config.syscfg.make.game) {
+
+    home.packages = with pkgs;
+      [
+        # custom.simc
+      ];
+
+    # templates buggy currently
+    #xdg.configFile."instawow/config.json" = ''${config.sops.templates."instawow_config.json".path}'';
+    sops.templates."instawow_config.json".content = ''
+       {
+            "auto_update_check": true,
+            "access_tokens": {
+              "cfcore": "${config.sops.placeholder.curse_forge_key}",
+              "github": "${config.sops.placeholder.github_user_key}",
+              "wago_addons": null
+            }
+        }'';
+
+# curse:master-plan
+# curse:raretrackercore-rt
+# curse:raretrackerdragonflight-rtd
+# curse:raretrackermaw-rtmw
+# curse:raretrackermechagon-rtm
+# curse:raretrackerthewarwithin-rtww
+# curse:raretrackertimelessisle-rtti
+# curse:raretrackeruldum-rtu
+# curse:raretrackervale-rtv
+# curse:raretrackerworldbosses-rtwb
+# curse:raretrackerzerethmortis-rtz
+# curse:venture-plan
+# curse:war-plan
+# github:nevcairiel/bartender4
+# github:cidan/betterbags
+# github:bigwigsmods/bigwigs
+# github:bigwigsmods/bigwigs_battleforazeroth
+# github:bigwigsmods/bigwigs_burningcrusade
+# github:bigwigsmods/bigwigs_cataclysm
+# github:bigwigsmods/bigwigs_classic
+# github:bigwigsmods/bigwigs_dragonflight
+# github:bigwigsmods/bigwigs_legion
+# github:bigwigsmods/bigwigs_mistsofpandaria
+# github:bigwigsmods/bigwigs_shadowlands
+# github:bigwigsmods/bigwigs_warlordsofdraenor
+# github:bigwigsmods/bigwigs_wrathofthelichking
+# github:nezroy/demodal
+# github:curseforge-mirror/details
+# github:edusperoni/details_elitism
+# github:curseforge-mirror/elitismhelper
+# github:michaelnpsp/grid2
+# github:jods-gh/groupfinderrio
+# github:nevcairiel/handynotes
+# github:hekili/hekili
+# github:thekrowi/krowi_achievementfilter
+# github:bigwigsmods/littlewigs
+# github:nnoggie/mythicdungeontools
+# github:tullamods/omnicc
+# github:tercioo/plater-nameplates
+# github:curseforge-mirror/quest_completist
+# github:raiderio/raiderio-addon
+# github:wowrarity/rarity
+# github:nevcairiel/shadowedunitframes
+# github:simulationcraft/simc-addon
+# github:curseforge-mirror/tomcats
+# github:weakauras/weakauras2
+# github:kemayo/wow-handynotes-battleforazerothtreasures
+# github:kemayo/wow-handynotes-dragonflight
+# github:kemayo/wow-handynotes-legiontreasures
+# github:kemayo/wow-handynotes-longforgottenhippogryph
+# github:kemayo/wow-handynotes-lostandfound
+# github:kemayo/wow-handynotes-secretfish
+# github:kemayo/wow-handynotes-shadowlandstreasures
+# github:kemayo/wow-handynotes-stygia
+# github:kemayo/wow-handynotes-treasurehunter
+# github:kemayo/wow-handynotes-warwithin
+# wowi:7032-tomtom
+
+  };
+}
--- a/modules/home/gui/theme/default.nix
+++ b/modules/home/gui/theme/default.nix
@@ -5,7 +5,7 @@ let
  wallpaperGen = import ./wallpaper-gen.nix { inherit pkgs config; };
 in {

-  config = lib.mkIf (config.homecfg.make.gui) {
+  config = lib.mkIf (config.syscfg.make.gui) {
    home.pointerCursor = {
      package = pkgs.bibata-cursors;
      name = "Bibata-Modern-Classic";
@@ -17,7 +17,7 @@ in {
    gtk = {
      enable = true;
      theme = {
-        name = "${config.colorscheme.slug}";
+        name = "${config.colorscheme.slug}-Dark";
        package = gtkThemeFromScheme;
      };
      iconTheme = {
@@ -28,7 +28,7 @@ in {

    qt = {
      enable = true;
-      platformTheme = "gtk";
+      platformTheme.name = "gtk";
    };

    home.packages = [ wallpaperGen pkgs.swww ];
--- a/modules/home/gui/theme/gtk-theme-gen.nix
+++ b/modules/home/gui/theme/gtk-theme-gen.nix
@@ -9,60 +9,89 @@ let
 in pkgs.stdenv.mkDerivation rec {
  name = "generated-gtk-theme-${scheme.slug}";
  src = pkgs.fetchFromGitHub {
-    owner = "nana-4";
-    repo = "materia-theme";
-    rev = "6e5850388a25f424b8193fe4523504d1dc364175";
-    sha256 = "sha256-I6hpH0VTmftU4+/pRbztuTQcBKcOFBFbNZXJL/2bcgU=";
+    owner = "vinceliuice";
+    repo = "Orchis-theme";
+    rev = "5b73376721cf307101e22d7031c1f4b1344d1f63";
+    sha256 = "sha256-+2/CsgJ+rdDpCp+r5B/zys3PtFgtnu+ohTEUOtJNd1Y=";
  };
-  buildInputs = with pkgs; [
-    sassc
-    bc
-    which
-    rendersvg
-    meson
-    ninja
-    nodePackages.sass
-    gtk4.dev
-    optipng
-  ];
-  phases = [ "unpackPhase" "installPhase" ];
-  installPhase = ''
-    HOME=/build
-    chmod 777 -R .
-    patchShebangs .
-    mkdir -p $out/share/themes
-    mkdir bin
-    sed -e 's/handle-horz-.*//' -e 's/handle-vert-.*//' -i ./src/gtk-2.0/assets.txt

-    cat > /build/gtk-colors << EOF
-      BG=${scheme.palette.base00}
-      FG=${scheme.palette.base07}
-      HDR_BG=${scheme.palette.base00}
-      HDR_FG=${scheme.palette.base07}
-      SEL_BG=${scheme.palette.base03}
-      SEL_FG=${scheme.palette.base07}
-      TXT_BG=${scheme.palette.base01}
-      TXT_FG=${scheme.palette.base07}
-      BTN_BG=${scheme.palette.base01}
-      BTN_FG=${scheme.palette.base07}
-      HDR_BTN_BG=${scheme.palette.base01}
-      HDR_BTN_FG=${scheme.palette.base07}
-      MENU_BG=${scheme.palette.base00}
-      MENU_FG=${scheme.palette.base07}
-      ACCENT_BG=${scheme.palette.base0C}
-      ACCENT_FG=${scheme.palette.base00}
-      MATERIA_SURFACE=${scheme.palette.base01}
-      MATERIA_VIEW=${scheme.palette.base00}
-      WM_BORDER_FOCUS=${scheme.palette.base02}
-      WM_BORDER_UNFOCUS=${scheme.palette.base02}
-      UNITY_DEFAULT_LAUNCHER_STYLE=False
-      ROUNDNESS=7
-      NAME=${scheme.slug}
-      MATERIA_STYLE_COMPACT=True
+  nativeBuildInputs = with pkgs; [ gtk3 sassc ];
+  buildInputs = with pkgs; [ gnome-themes-extra ];
+  propagatedUserEnvPkgs = with pkgs; [ gtk-engine-murrine ];
+
+  preInstall = ''
+    mkdir -p $out/share/themes
+    cat > src/_sass/_color-palette-${scheme.slug}.scss << 'EOF'
+      $red-light: #${scheme.palette.low0F};
+      $red-dark: #${scheme.palette.high0F};
+
+      $pink-light: #${scheme.palette.low0E};
+      $pink-dark: #${scheme.palette.high0E};
+
+      $purple-light: #${scheme.palette.low0D};
+      $purple-dark: #${scheme.palette.high0D};
+
+      $blue-light: #${scheme.palette.low0C};
+      $blue-dark: #${scheme.palette.high0C};
+
+      $teal-light: #${scheme.palette.low0B};
+      $teal-dark: #${scheme.palette.high0B};
+
+      $green-light: #${scheme.palette.low0A};
+      $green-dark: #${scheme.palette.high0A};
+      $sea-light: #${scheme.palette.alt_low0B};
+      $sea-dark: #${scheme.palette.alt_high0B};
+
+      $yellow-light: #${scheme.palette.low09};
+      $yellow-dark: #${scheme.palette.low09};
+
+      $orange-light: #${scheme.palette.low08};
+      $orange-dark: #${scheme.palette.high08};
+
+      $grey-050: #${scheme.palette.base07};
+      $grey-100: #${scheme.palette.base07};
+      $grey-150: #${scheme.palette.base06};
+      $grey-200: #${scheme.palette.base06};
+      $grey-250: #${scheme.palette.base05};
+      $grey-300: #${scheme.palette.base05};
+      $grey-350: #${scheme.palette.base04};
+      $grey-400: #${scheme.palette.base04};
+      $grey-450: #${scheme.palette.base03};
+      $grey-500: #${scheme.palette.base03};
+      $grey-550: #${scheme.palette.base02};
+      $grey-600: #${scheme.palette.base02};
+      $grey-650: #${scheme.palette.base02};
+      $grey-700: #${scheme.palette.base01};
+      $grey-750: #${scheme.palette.base01};
+      $grey-800: #${scheme.palette.base01};
+      $grey-850: #${scheme.palette.base00};
+      $grey-900: #${scheme.palette.base00};
+      $grey-950: #${scheme.palette.base00};
+
+      $white: #${scheme.palette.base07};
+      $black: #${scheme.palette.base00};
+
+      $button-close: #${scheme.palette.base0F};
+      $button-max: #${scheme.palette.base0A};
+      $button-min: #${scheme.palette.base08};
    EOF

-    echo "Changing colours:"
-    ./change_color.sh -o ${scheme.slug} /build/gtk-colors -i False -t "$out/share/themes"
-    chmod 555 -R .
+    sed -i "/\@import/s/color-palette-default/color-palette-${scheme.slug}/" src/_sass/_tweaks.scss
+    sed -i "/\$colorscheme:/s/default/${scheme.slug}/" src/_sass/_tweaks.scss
+
  '';
+
+  installPhase = ''
+    runHook preInstall
+    bash install.sh -d $out/share/themes \
+      -t default \
+      -n ${scheme.slug} \
+      -c ${scheme.variant} \
+      -s standard \
+      --tweaks primary \
+      --round ${scheme.palette.border-radius}px
+
+    runHook postInstall
+  '';
+
 }
--- a/modules/home/homecfg/default.nix
+++ b/modules/home/homecfg/default.nix
@@ -1,43 +0,0 @@
-{ inputs, lib, config, ... }:
-with lib; {
-  options.homecfg = {
-    username = mkOption { type = types.str; };
-    wm = mkOption {
-      type = types.enum [ "Wayland" "X11" ];
-      default = "Wayland";
-    };
-    make = {
-      cli = mkOption {
-        type = types.bool;
-        default = true;
-      };
-      gui = mkOption {
-        type = types.bool;
-        default = false;
-      };
-      develop = mkOption {
-        type = types.bool;
-        default = false;
-      };
-      game = mkOption {
-        type = types.bool;
-        default = false;
-      };
-      power = mkOption {
-        type = types.bool;
-        default = false;
-      };
-    };
-    git = {
-      username = mkOption { type = types.str; };
-      email = mkOption { type = types.str; };
-      key = mkOption { type = types.str; };
-    };
-  };
-
-  imports = with inputs; [
-    nix-colors.homeManagerModules.default
-    ../../shared/colors
-  ];
-
-}
--- a/modules/home/wayland/apps/dunst/default.nix
+++ b/modules/home/wayland/apps/dunst/default.nix
@@ -1,6 +1,6 @@
 { lib, config, pkgs, ... }: {

-  config = lib.mkIf (config.homecfg.wm == "Wayland") {
+  config = lib.mkIf (config.usercfg.wm == "Wayland") {
    home.packages = with pkgs; [ libnotify ];
    services.dunst = {
      enable = true;
--- a/modules/home/wayland/apps/eww/bar/css/_clock.scss
+++ b/modules/home/wayland/apps/eww/bar/css/_clock.scss
@@ -17,7 +17,8 @@ calendar {
    font-weight: bold;
  }

-  .button {
+  label {
+    font-size: 20pt;
    color: $base0C;
  }

@@ -35,9 +36,6 @@ calendar {
  margin-top: -4pt;
 }

-.minute, .hour, .day, .month {
-  font-size: 20pt;
-}

 .date {
  color: $base0C;
@@ -47,5 +45,4 @@ calendar {

 .datetime {
  padding: $gaps-window;
-  
 }
--- a/modules/home/wayland/apps/eww/bar/css/_systray.scss
+++ b/modules/home/wayland/apps/eww/bar/css/_systray.scss
@@ -0,0 +1,35 @@
+.tray * {
+    padding: $border-width 0px;
+}
+.tray menu {
+    background-color: $base01;
+    color: $base07;
+    @include border-radius;
+    @include border-active;
+
+
+	padding: 10px 0px;
+
+	>menuitem {
+        margin: 2px $border-width;
+		padding: 0px 10px;
+
+		&:disabled label {
+			color: $base04;
+		}
+
+		&:hover {
+			background-color: $base0C;
+		}
+	}
+
+	separator {
+		background-color: $base03;
+		padding-top: 1px;
+        margin:10px 0px;
+
+		&:last-child {
+			padding: unset;
+		}
+	}
+}
--- a/modules/home/wayland/apps/eww/bar/eww.scss
+++ b/modules/home/wayland/apps/eww/bar/eww.scss
@@ -13,6 +13,8 @@
 }

@mixin border-active {
+  border-width: $border-width;
+  border-style: solid;
  border-color: $base04;
 }

@@ -99,6 +101,9 @@ tooltip {
 }
 .modevent:hover {
  @include border-active;
+  border-right-style: none;
+  border-bottom-right-radius: 0;
+  border-top-right-radius: 0;
 }

 .modinner {
@@ -115,6 +120,7 @@ tooltip {
@import 'css/clock';
@import 'css/radio';
@import 'css/powermenu';
+@import 'css/systray';


 /* BAR */
--- a/modules/home/wayland/apps/eww/bar/eww.yuck
+++ b/modules/home/wayland/apps/eww/bar/eww.yuck
@@ -2,6 +2,7 @@

 (include "modules/sys.yuck")
 (include "modules/net.yuck")
+(include "modules/systray.yuck")
 (include "modules/clock.yuck")

 (include "windows/calendar.yuck")
@@ -26,6 +27,7 @@
    :valign "end"
    (sys-mod)
    (net-mod)
+    (systray-mod)
    (clock-mod)))

 (defwidget center []
--- a/modules/home/wayland/apps/eww/bar/modules/clock.yuck
+++ b/modules/home/wayland/apps/eww/bar/modules/clock.yuck
@@ -5,28 +5,30 @@
    (eventbox
      :onhover "${EWW_CMD} update date_rev=true"
      :onhoverlost "${EWW_CMD} update date_rev=false"
+      :onclick "(sleep 0.1 && ${EWW_CMD} open --toggle calendar)"
+      :onrightclick "(sleep 0.1 && ${EWW_CMD} open --toggle powermenu)"
      (box
        :class "datetime"
        (overlay
          (box
            :orientation "v"
-            (button
-              :class "hour" hour)
-            (button
-              :class "minute" minute))
+            (label :show-truncated false 
+              :class "hour" 
+              :text {hour})
+            (label :show-truncated false
+            :class "minute"
+              :text {minute}))
          (revealer
            :reveal date_rev
            (box
              :class "date"
              :orientation "v"
-              (button
-                :onclick "${EWW_CMD} open --toggle calendar"
-                :onrightclick "${EWW_CMD} open --toggle powermenu"
-                :class "day" day)
-              (button
-                :onclick "${EWW_CMD} open --toggle calendar"
-                :onrightclick "${EWW_CMD} open --toggle powermenu"
-                :class "month" month))
+              (label :show-truncated "false" 
+                :class "day"
+                :text {day})
+              (label :show-truncated "false"
+                :class "month" 
+                :text {month}))
          )
        )
      )
--- a/modules/home/wayland/apps/eww/bar/modules/sys.yuck
+++ b/modules/home/wayland/apps/eww/bar/modules/sys.yuck
@@ -6,23 +6,21 @@

 (defwidget sys-mod []
  (module
-    (button
-      :class "module"
-      :onclick "${EWW_CMD} open --toggle sys"
+    (eventbox
+      :onclick "(sleep 0.1 && ${EWW_CMD} open --toggle sys)"
      (box
-      :orientation "v"
-        (circular-progress
-          :value {EWW_CPU.avg}
-          :class "cpubar"
-          :thickness 6
-          (label :class "icon-text" :text "C"))
-
-        (circular-progress
-          :value {gpu.devices[0].GRBM2?.CommandProcessor-Graphics?.value?:0}
-          :class "gpubar"
-          :thickness 6
-          (label :class "icon-text" :text "G"))
+        :orientation "v"
+          (circular-progress
+            :value {EWW_CPU.avg}
+            :class "cpubar"
+            :thickness 6
+            (label :class "icon-text" :text "C"))

+          (circular-progress
+            :value {gpu.devices[0].GRBM2?.CommandProcessor-Graphics?.value?:0}
+            :class "gpubar"
+            :thickness 6
+            (label :class "icon-text" :text "G"))
        (circular-progress
          :value {100*memory.used/memory.total}
          :class "membar"
--- a/modules/home/wayland/apps/eww/bar/modules/systray.yuck
+++ b/modules/home/wayland/apps/eww/bar/modules/systray.yuck
@@ -0,0 +1,15 @@
+
+(defwidget systray-mod []
+  (module
+    (box
+      :orientation "v"
+      (systray
+        :class "tray"
+        :space-evenly "true"
+        :orientation "v"
+        :icon-size 20
+        :prepend-new "false"
+        )
+    )
+  )
+)
--- a/modules/home/wayland/apps/eww/bar/modules/workspaces.yuck
+++ b/modules/home/wayland/apps/eww/bar/modules/workspaces.yuck
@@ -11,6 +11,7 @@
 					(button
 						:onclick "hyprctl dispatch workspace ${ws.number}"
 						(label 
+							:show-truncated false
 							:class "icon-text  ${ws.color}"
 							:text `${ws.focused ? "󰜗" : "󰝥"}`
 						)
--- a/modules/home/wayland/apps/eww/bar/scripts/workspaces
+++ b/modules/home/wayland/apps/eww/bar/scripts/workspaces
@@ -64,7 +64,7 @@ done
 generate

 # main loop
-socat -u UNIX-CONNECT:/tmp/hypr/"$HYPRLAND_INSTANCE_SIGNATURE"/.socket2.sock - | rg --line-buffered "workspace|mon(itor)?" | while read -r line; do
+socat -u UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/"$HYPRLAND_INSTANCE_SIGNATURE"/.socket2.sock - | rg --line-buffered "workspace|mon(itor)?" | while read -r line; do
  case ${line%>>*} in
  "workspace")
    focusedws=${line#*>>}
--- a/modules/home/wayland/apps/eww/bar/windows/radio.yuck
+++ b/modules/home/wayland/apps/eww/bar/windows/radio.yuck
@@ -100,8 +100,11 @@
    (box
      :orientation "v"
      (button
-        :onclick "${EWW_CMD} open --toggle --no-daemonize radio"
-        (label :class "icon-text" :text "󰝚")
+        :onclick "(sleep 0.1 && ${EWW_CMD} open --toggle --no-daemonize radio)"
+        (label 
+          :show-truncated false
+          :class "icon-text" 
+          :text "󰝚")
      )
    )
  )
--- a/modules/home/wayland/apps/eww/default.nix
+++ b/modules/home/wayland/apps/eww/default.nix
@@ -1,7 +1,7 @@
 { lib, config, pkgs, ... }: {

-  config = lib.mkIf (config.homecfg.wm == "Wayland") {
-    home.packages = with pkgs; [ eww jaq custom.amdgpu_top ];
+  config = lib.mkIf (config.usercfg.wm == "Wayland") {
+    home.packages = with pkgs; [ eww jq jaq custom.amdgpu_top ];

    xdg.configFile."eww" = {
      source = lib.cleanSourceWith {
--- a/modules/home/wayland/apps/kanshi/default.nix
+++ b/modules/home/wayland/apps/kanshi/default.nix
@@ -1,93 +1,101 @@
-{ ... }: {
+{ config, lib, ... }: {

-  services.kanshi = {
-    enable = true;
-    systemdTarget = "graphical-session.target";
-    profiles = {
-      tower_0 = {
-        outputs = [{
-          criteria = "CEX CX133 0x00000001";
-          mode = "1920x1200@59.972";
-          position = "0,0";
-          scale = 1.0;
-          status = "enable";
-        }];
-      };
-      tower_1 = {
-        outputs = [{
-          criteria = "AOC 16G3 1DDP7HA000348";
-          mode = "1920x1080@144.000";
-          position = "0,0";
-          status = "enable";
-          scale = 1.0;
-          adaptiveSync = true;
-        }];
-      };
-      tower_2 = {
-        outputs = [
-          {
-            criteria = "AOC 16G3 1DDP7HA000348";
-            mode = "1920x1080@144.000";
-            position = "0,0";
-            status = "enable";
-            scale = 1.0;
-            adaptiveSync = true;
-          }
-          {
+  config = lib.mkIf (config.usercfg.wm == "Wayland") {
+    services.kanshi = {
+      enable = true;
+      systemdTarget = "graphical-session.target";
+      settings = [
+        {
+          profile.name = "tower_0";
+          profile.outputs = [{
            criteria = "CEX CX133 0x00000001";
            mode = "1920x1200@59.972";
-            position = "0,1080";
-            scale = 1.0;
-            status = "enable";
-          }
-        ];
-      };
-      laptop_0 = {
-        outputs = [{
-          criteria = "LG Display 0x060A Unknown";
-          mode = "1920x1080@60.020";
-          position = "0,0";
-          scale = 1.0;
-          status = "enable";
-        }];
-      };
-      laptop_1 = {
-        outputs = [
-          {
-            criteria = "CEX CX133 0x00000001";
-            mode = "2560x1600@59.972";
            position = "0,0";
            scale = 1.0;
            status = "enable";
-          }
-          {
-            criteria = "LG Display 0x060A Unknown";
-            mode = "1920x1080@60.020";
-            position = "2560,0";
-            scale = 1.0;
-            status = "enable";
-          }
-        ];
-      };
-      laptop_2 = {
-        outputs = [
-          {
+          }];
+        }
+        {
+          profile.name = "tower_1";
+          profile.outputs = [{
            criteria = "AOC 16G3 1DDP7HA000348";
            mode = "1920x1080@144.000";
            position = "0,0";
            status = "enable";
            scale = 1.0;
            adaptiveSync = true;
-          }
-          {
+          }];
+        }
+        {
+          profile.name = "tower_2";
+          profile.outputs = [
+            {
+              criteria = "AOC 16G3 1DDP7HA000348";
+              mode = "1920x1080@144.000";
+              position = "0,0";
+              status = "enable";
+              scale = 1.0;
+              adaptiveSync = true;
+            }
+            {
+              criteria = "CEX CX133 0x00000001";
+              mode = "1920x1200@59.972";
+              position = "0,1080";
+              scale = 1.0;
+              status = "enable";
+            }
+          ];
+        }
+        {
+          profile.name = "laptop_0";
+          profile.outputs = [{
            criteria = "LG Display 0x060A Unknown";
            mode = "1920x1080@60.020";
-            position = "1920,0";
+            position = "0,0";
            scale = 1.0;
            status = "enable";
-          }
-        ];
-      };
+          }];
+        }
+        {
+          profile.name = "laptop_1";
+          profile.outputs = [
+            {
+              criteria = "CEX CX133 0x00000001";
+              mode = "2560x1600@59.972";
+              position = "0,0";
+              scale = 1.0;
+              status = "enable";
+            }
+            {
+              criteria = "LG Display 0x060A Unknown";
+              mode = "1920x1080@60.020";
+              position = "2560,0";
+              scale = 1.0;
+              status = "enable";
+            }
+          ];
+        }
+        {
+          profile.name = "laptop_2";
+          profile.outputs = [
+            {
+              criteria = "AOC 16G3 1DDP7HA000348";
+              mode = "1920x1080@144.000";
+              position = "0,0";
+              status = "enable";
+              scale = 1.0;
+              adaptiveSync = true;
+            }
+            {
+              criteria = "LG Display 0x060A Unknown";
+              mode = "1920x1080@60.020";
+              position = "1920,0";
+              scale = 1.0;
+              status = "enable";
+            }
+          ];
+        }
+      ];
    };
  };
 }
--- a/modules/home/wayland/apps/waybar/default.nix
+++ b/modules/home/wayland/apps/waybar/default.nix
@@ -17,7 +17,7 @@ let
      ''
    }/bin/waybar-${name}";
 in {
-  config = lib.mkIf (config.homecfg.wm == "Wayland") {
+  config = lib.mkIf (config.usercfg.wm == "Wayland") {

    home.packages = [ pkgs.custom.amdgpu_top pkgs.jq ];

--- a/modules/home/wayland/apps/waylock/default.nix
+++ b/modules/home/wayland/apps/waylock/default.nix
@@ -1,10 +1,12 @@
 { lib, pkgs, config, ... }: {
-  config = lib.mkIf (config.homecfg.wm == "Wayland") {
+  config = lib.mkIf (config.usercfg.wm == "Wayland") {

    home.packages = with pkgs; [ swayidle swaylock-effects ];

    xdg.configFile."swaylock/config".text = ''
      screenshots
+      grace-no-mouse
+      grace-no-touch
      grace=5
      effect-pixelate=5
      fade-in=0.2
--- a/modules/home/wayland/apps/wofi/default.nix
+++ b/modules/home/wayland/apps/wofi/default.nix
@@ -1,6 +1,6 @@
 { lib, config, pkgs, ... }: {

-  config = lib.mkIf (config.homecfg.wm == "Wayland") {
+  config = lib.mkIf (config.usercfg.wm == "Wayland") {
    home.packages = with pkgs; [ wofi ];
    xdg.configFile."wofi/config".text = ''
      width=280
--- a/modules/home/wayland/base/default.nix
+++ b/modules/home/wayland/base/default.nix
@@ -11,7 +11,7 @@ let
    '';
  };
 in {
-  config = lib.mkIf (config.homecfg.wm == "Wayland") {
+  config = lib.mkIf (config.usercfg.wm == "Wayland") {

    home.packages = with pkgs; [
      dbus-hyprland-environment
@@ -42,6 +42,8 @@ in {
          [ "discord-402572971681644545.desktop" ];
        "x-scheme-handler/discord-696343075731144724" =
          [ "discord-696343075731144724.desktop" ];
+        "x-scheme-handler/tg" = [ "org.telegram.desktop.desktop" ];
+        "x-scheme-handler/tonsite" = [ "org.telegram.desktop.desktop" ];
        "x-scheme-handler/http" = [ "firefox.desktop" ];
        "x-scheme-handler/https" = [ "firefox.desktop" ];
        "x-scheme-handler/chrome" = [ "firefox.desktop" ];
--- a/modules/home/wayland/hyprland/config.nix
+++ b/modules/home/wayland/hyprland/config.nix
@@ -1,11 +1,12 @@
 { lib, config, pkgs, ... }: {
-  config = lib.mkIf (config.homecfg.wm == "Wayland") {
+  config = lib.mkIf (config.usercfg.wm == "Wayland") {
+
    wayland.windowManager.hyprland = {
      enable = true;
      xwayland.enable = true;
      extraConfig = ''
        monitor=,preferred,auto,auto
-
+        env=bitdepth,10
        input {
            kb_layout = us, ru
            kb_variant = intl, phonetic
@@ -13,7 +14,7 @@

            follow_mouse = 1

-            sensitivity = 0 # -0.5 # -1.0 - 1.0, 0 means no modification.
+            sensitivity = 0
                        
            touchpad {
                natural_scroll=no
@@ -60,10 +61,10 @@
            fullscreen_opacity = 1.0
                                      
            # shadow
-            drop_shadow = no
-            shadow_range = 60
-            shadow_offset = 0 5
-            shadow_render_power = 4
+            # drop_shadow = no
+            # shadow_range = 60
+            # shadow_offset = 0 5
+            # shadow_render_power = 4
            #col.shadow = rgba(00000099)
        }
                        
@@ -85,7 +86,7 @@
        }

        master {
-            new_is_master = true
+            new_status = master
        }

        gestures {
@@ -145,6 +146,11 @@
        windowrulev2 = float,class:^(org.telegram.desktop)$,title:^(Media viewer)$
        windowrulev2 = center,class:^(org.telegram.desktop)$,title:^(Media viewer)$

+        #SPECIAL NO SLEEP
+        windowrulev2 = idleinhibit fullscreen, class:^(.*)
+        windowrulev2 = idleinhibit focus, class:^(steam_app_.*)$
+        windowrulev2 = idleinhibit focus, class:^(mpv)$
+
        layerrule = blur,^(eww-blur)

        #binds
--- a/modules/home/wayland/hyprland/default.nix
+++ b/modules/home/wayland/hyprland/default.nix
@@ -1,6 +1,6 @@
 { lib, config, pkgs, ... }: {
  imports = [ ./config.nix ];
-  config = lib.mkIf (config.homecfg.wm == "Wayland") {
+  config = lib.mkIf (config.usercfg.wm == "Wayland") {
    wayland.windowManager.hyprland = { enable = true; };
  };
 }
--- a/modules/home/xorg/bspwm/config.nix
+++ b/modules/home/xorg/bspwm/config.nix
@@ -1,5 +1,5 @@
 { lib, config, ... }: {
-  config = lib.mkIf (config.homecfg.wm == "X11") {
+  config = lib.mkIf (config.usercfg.wm == "X11") {
    xsession.windowManager.bspwm.extraConfig = ''
          #! /bin/bash

--- a/modules/home/xorg/bspwm/default.nix
+++ b/modules/home/xorg/bspwm/default.nix
@@ -2,7 +2,7 @@

  imports = [ ./config.nix ./script.nix ./xressources.nix ];

-  config = lib.mkIf (config.homecfg.wm == "X11") {
+  config = lib.mkIf (config.usercfg.wm == "X11") {
    xsession.windowManager.bspwm = { enable = true; };
    services.sxhkd = { enable = true; };
    home.packages = with pkgs; [ xrandr arandr flameshot xtrlock i3lock ];
--- a/modules/home/xorg/bspwm/script.nix
+++ b/modules/home/xorg/bspwm/script.nix
@@ -1,5 +1,5 @@
 { lib, config, ... }: {
-  config = lib.mkIf (config.homecfg.wm == "X11") {
+  config = lib.mkIf (config.usercfg.wm == "X11") {
    xdg.configFile."script/lock.sh".text = ''
      #!/bin/bash
      TMPBG=/tmp/screen.png
--- a/modules/home/xorg/bspwm/xressources.nix
+++ b/modules/home/xorg/bspwm/xressources.nix
@@ -1,5 +1,5 @@
 { lib, config, ... }: {
-  config = lib.mkIf (config.homecfg.wm == "X11") {
+  config = lib.mkIf (config.usercfg.wm == "X11") {
    xresources.extraConfig = ''

      #define white #ffffff
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -1 +1 @@
-{ ... }: { imports = [ ./cli ./gui ./hostcfg ./system ./tools ./users ]; }
+{ ... }: { imports = [ ./cli ./gui ./system ./tools ./users ]; }
--- a/modules/nixos/gui/audio/default.nix
+++ b/modules/nixos/gui/audio/default.nix
@@ -1,10 +1,10 @@
 { lib, config, pkgs, ... }:
-let cfg = config.hostcfg.make.gui;
+let cfg = config.syscfg.make.gui;
 in {
  config = lib.mkIf cfg {
-    sound.enable = true;
-    hardware.pulseaudio.enable = false;
+    # sound.enable = true;
    security.rtkit.enable = true;
+    services.pulseaudio.enable = false; #25.05 change to services
    services.pipewire = {
      enable = true;
      alsa.enable = true;
@@ -13,6 +13,6 @@ in {
      # wireplumber.enable = true;
    };

-    environment.systemPackages = with pkgs; [ easyeffects ];
+    environment.systemPackages = with pkgs; [ easyeffects alsa-utils ];
  };
 }
--- a/modules/nixos/gui/games/default.nix
+++ b/modules/nixos/gui/games/default.nix
@@ -1,5 +1,5 @@
 { lib, config, pkgs, ... }:
-let cfg = config.hostcfg.make.game;
+let cfg = config.syscfg.make.game;
 in {
  config = lib.mkIf cfg {
    programs.steam = {
--- a/modules/nixos/gui/greet/default.nix
+++ b/modules/nixos/gui/greet/default.nix
@@ -1,14 +1,12 @@
-{ lib, config, pkgs, ... }:
-let cfg = config.hostcfg.make.gui;
-in {
-  config = lib.mkIf cfg {
+{ lib, config, pkgs, ... }: {
+  config = lib.mkIf (config.syscfg.make.gui) {

    services.greetd = {
      enable = true;
      settings = rec {
        initial_session = {
          command = "zsh";
-          user = "${config.hostcfg.username}";
+          user = "${config.syscfg.defaultUser}";
        };
        default_session = initial_session;
      };
--- a/modules/nixos/gui/xserver/default.nix
+++ b/modules/nixos/gui/xserver/default.nix
@@ -1,7 +1,6 @@
-{ lib, config, pkgs, ... }:
-let cfg = config.hostcfg.make.gui;
-in {
-  config = lib.mkIf cfg {
+{ lib, config, pkgs, ... }: {
+  config = lib.mkIf (config.syscfg.make.gui) {
+    programs.xwayland.enable = true;
    services.xserver = {
      enable = true;
      videoDrivers = [ "amd" ];
--- a/modules/nixos/hostcfg/default.nix
+++ b/modules/nixos/hostcfg/default.nix
@@ -1,48 +0,0 @@
-{ lib, config, ... }:
-with lib; {
-  options.hostcfg = {
-    hostname = mkOption { type = types.str; };
-    username = mkOption { type = types.str; };
-    make = {
-      cli = mkOption {
-        type = types.bool;
-        default = true;
-      };
-      gui = mkOption {
-        type = types.bool;
-        default = false;
-      };
-      virt = mkOption {
-        type = types.bool;
-        default = true;
-      };
-      power = mkOption {
-        type = types.bool;
-        default = false;
-      };
-      game = mkOption {
-        type = types.bool;
-        default = false;
-      };
-      develop = mkOption {
-        type = types.bool;
-        default = false;
-      };
-    };
-    net = {
-      wlp = {
-        enable = mkOption { type = types.bool; };
-        nif = mkOption { type = types.str; };
-      };
-      wg = {
-        enable = mkOption {
-          type = types.bool;
-          default = true;
-        };
-        ip4 = mkOption { type = types.str; };
-        ip6 = mkOption { type = types.str; };
-        pk = mkOption { type = types.str; };
-      };
-    };
-  };
-}
--- a/modules/nixos/system/hw/boot/default.nix
+++ b/modules/nixos/system/hw/boot/default.nix
@@ -1,12 +1,16 @@
-{ ... }: {
-  boot.loader = {
-    systemd-boot = {
-      enable = true;
-      configurationLimit = 8;
-    };
-    efi = {
-      canTouchEfiVariables = true;
-      efiSysMountPoint = "/boot/efi";
+{ lib, config, ... }:
+let isSANDBOX = builtins.elem config.syscfg.hostname [ "sandbox" ];
+in {
+  config = lib.mkIf (!isSANDBOX) {
+    boot.loader = {
+      systemd-boot = {
+        enable = true;
+        configurationLimit = 8;
+      };
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot/efi";
+      };
    };
  };
 }
--- a/modules/nixos/system/hw/default.nix
+++ b/modules/nixos/system/hw/default.nix
@@ -1 +1 @@
-{ ... }: { imports = [ ./base ./boot ./fs ./opengl ./power ./udev ./virt ]; }
+{ ... }: { imports = [ ./base ./boot ./fs ./graphics ./power ./udev ./virt ]; }
--- a/modules/nixos/system/hw/graphics/default.nix
+++ b/modules/nixos/system/hw/graphics/default.nix
@@ -0,0 +1,4 @@
+{ ... }: {
+  hardware.graphics.enable = true;
+  hardware.graphics.enable32Bit = true;
+}
--- a/modules/nixos/system/hw/opengl/default.nix
+++ b/modules/nixos/system/hw/opengl/default.nix
@@ -1,5 +0,0 @@
-{ ... }: {
-  hardware.opengl.enable = true;
-  hardware.opengl.driSupport = true;
-  hardware.opengl.driSupport32Bit = true;
-}
--- a/modules/nixos/system/hw/power/default.nix
+++ b/modules/nixos/system/hw/power/default.nix
@@ -1,7 +1,5 @@
-{ lib, config, pkgs, ... }:
-let cfg = config.hostcfg.make.power;
-in {
-  config = lib.mkIf cfg {
+{ lib, config, pkgs, ... }: {
+  config = lib.mkIf (config.syscfg.make.power) {
    services.tlp = {
      enable = true;
      settings = {
@@ -9,8 +7,24 @@ in {
        STOP_CHARGE_THRESH_BAT0 = 90;
        CPU_SCALING_GOVERNOR_ON_AC = "performance";
        CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
+        MEM_SLEEP_ON_BAT = "deep";
      };
    };
+    
+    powerManagement.enable = true;
+    # suspend to RAM (deep) rather than `s2idle`
+    boot.kernelParams = [ "mem_sleep_default=deep" ];
+    # suspend-then-hibernate
+    systemd.sleep.extraConfig = ''
+      HibernateDelaySec=30m
+      SuspendState=mem
+    '';
+
+    services.logind.lidSwitch = "suspend-then-hibernate";
+    # Hibernate on power button pressed
+    services.logind.powerKey = "hibernate";
+    services.logind.powerKeyLongPress = "poweroff";
+

    systemd.user.services.battery_monitor = {
      wants = [ "display-manager.service" ];
--- a/modules/nixos/system/hw/virt/default.nix
+++ b/modules/nixos/system/hw/virt/default.nix
@@ -1,18 +1,19 @@
-{ lib, config, pkgs, ... }:
-let cfg = config.hostcfg.make.virt;
-in {
-  config = lib.mkIf cfg {
-
-    environment.systemPackages = [ pkgs.qemu ];
+{ lib, config, pkgs, ... }: {
+  config = lib.mkIf (config.syscfg.make.virt) {
+    #environment.systemPackages = [ pkgs.qemu ];
    virtualisation = {
-      libvirtd.enable = true;
+      #libvirtd.enable = true;
      # waydroid.enable = true;
      # lxd.enable = true;
-      docker = {
+      docker.enable = false;
+      podman = {
        enable = true;
-        rootless = {
-          enable = true;
-          setSocketVariable = true;
+        dockerSocket.enable = true;
+        dockerCompat = true;
+        defaultNetwork.settings = {
+          dnsname.enable = true;
+          internal = true;
+          name = "internal";
        };
      };
    };
--- a/modules/nixos/system/network/base/default.nix
+++ b/modules/nixos/system/network/base/default.nix
@@ -1,6 +1,6 @@
 { config, ... }: {
  networking = {
-    hostName = config.hostcfg.hostname;
+    hostName = config.syscfg.hostname;
    useDHCP = true;
    nameservers = [ "1.1.1.1" "9.9.9.9" ];

--- a/modules/nixos/system/network/bluetooth/default.nix
+++ b/modules/nixos/system/network/bluetooth/default.nix
@@ -1,5 +1,7 @@
-{ pkgs, ... }: {
-  hardware.bluetooth.enable = true;
-  services.blueman.enable = true;
-  environment.systemPackages = with pkgs; [ bluez bluez-tools ];
+{ config, lib, pkgs, ... }: {
+  config = lib.mkIf (config.syscfg.net.ble.enable) {
+    hardware.bluetooth.enable = true;
+    services.blueman.enable = true;
+    environment.systemPackages = with pkgs; [ bluez bluez-tools ];
+  };
 }
--- a/modules/nixos/system/network/wifi/default.nix
+++ b/modules/nixos/system/network/wifi/default.nix
@@ -1,9 +1,7 @@
-{ lib, config, ... }:
-let cfg = config.hostcfg.net.wlp;
-in {
-  config = lib.mkIf cfg.enable {
+{ lib, config, ... }: {
+  config = lib.mkIf (config.syscfg.net.wlp.enable) {
    networking.supplicant = {
-      "${cfg.nif}" = {
+      "${config.syscfg.net.wlp.nif}" = {
        configFile.path = config.sops.secrets.wifi.path;
        extraConf = ''
          network={
--- a/modules/nixos/system/network/wireguard/default.nix
+++ b/modules/nixos/system/network/wireguard/default.nix
@@ -1,18 +1,21 @@
-{ config, ... }: {
-  networking.wireguard = {
-    enable = true;
-    interfaces = {
-      wg0 = {
-        ips = [ config.hostcfg.net.wg.ip4 config.hostcfg.net.wg.ip6 ];
-        privateKeyFile = config.hostcfg.net.wg.pk;
-        listenPort = 1515;
-        mtu = 1340;
-        peers = [{
-          allowedIPs = [ "10.10.1.0/24" "fd10:10:10::0/64" ];
-          endpoint = "vpn.helcel.net:1515";
-          publicKey = "NFBJvYXZC+bd62jhrKnM7/pugidWhgR6+C5qIiUiq3Q=";
-          persistentKeepalive = 30;
-        }];
+{ config, lib, ... }: {
+  config = lib.mkIf (config.syscfg.net.wg.enable) {
+    networking.wireguard = {
+      enable = true;
+      interfaces = {
+        wg0 = {
+          ips = [ config.syscfg.net.wg.ip4 config.syscfg.net.wg.ip6 ];
+          privateKeyFile =
+            config.sops.secrets."${config.syscfg.hostname}_wg_priv".path;
+          listenPort = 1515;
+          mtu = 1340;
+          peers = [{
+            allowedIPs = [ "10.10.1.0/24" "fd10:10:10::0/64" ];
+            endpoint = "vpn.helcel.net:1515";
+            publicKey = "NFBJvYXZC+bd62jhrKnM7/pugidWhgR6+C5qIiUiq3Q=";
+            persistentKeepalive = 30;
+          }];
+        };
      };
    };
  };
--- a/modules/nixos/system/nix/default.nix
+++ b/modules/nixos/system/nix/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{ inputs, pkgs, ... }: {
  nixpkgs.config = {
    permittedInsecurePackages = [ ];
    allowUnfree = true;
@@ -8,9 +8,9 @@
    };

  };
-  nixpkgs.overlays = import ../../../../overlays { inherit pkgs; };
+  nixpkgs.overlays = import ../../../../overlays { inherit inputs pkgs; };
  nix = {
-    package = pkgs.nixFlakes;
+    package = pkgs.nixVersions.stable;
    extraOptions = ''
      experimental-features = nix-command flakes
      warn-dirty = false
@@ -25,13 +25,17 @@
    settings = {
      auto-optimise-store = true;
      builders-use-substitutes = true;
-      substituters =
-        [ "https://hyprland.cachix.org" "https://cache.nixos.org" ];
+      substituters = [
+        "https://hyprland.cachix.org"
+        "https://cache.nixos.org"
+        "https://helcel.cachix.org"
+      ];
      trusted-public-keys = [
        "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "helcel.cachix.org-1:95s8D+N2xIHwzmkuu7jMUp9t3rtN4EimafR73jO7GLg="
      ];
    };
  };
-  system.stateVersion = "23.11";
+  system.stateVersion = "24.11";
 }
--- a/modules/nixos/system/security/default.nix
+++ b/modules/nixos/system/security/default.nix
@@ -1 +1 @@
-{ ... }: { imports = [ ./gpg ./polkit ./sops ./ssh ]; }
+{ ... }: { imports = [ ./gpg ./polkit ./ssh ]; }
--- a/modules/nixos/system/security/sops/common.yaml
+++ b/modules/nixos/system/security/sops/common.yaml
@@ -1,93 +0,0 @@
-valinor_ssh_priv: ENC[AES256_GCM,data:+eeVw/05eU5VW29KhT9+eGXcf+Ola2n0ISbj5Lzyj/bB/8OWDGXkqxWjgZv3cbL9v265AbyqcHfYX94BynTtMITfM6Cwz3D0EcUmIyP3rgjrJZdnksLu41a30dUjLnfVqiPwZaxxccZb6/JNAgXrg4hjkTsrCiZeSGpPl2VqECVt0tfJ3nmJwX+7C95QMvzxCw5S6CbN53AZBPmqBqzmxperc0LegMR+2lXviuqTEL2ZH3mzo0YeJQS/yCVVQL6TWx/wyM4fKD4kavg07sCAoj7E4V9RL4DY75uIbEz2+hvw9yE4nCtg2UgLu2hmragbH5ZseD/BWu+d2JGQeAnSLJBr6lZj/LGsiCe5vdnNqh2igZ9EI8Bhjv2ed2ajAxPYxJ1cAT9noxx6E+KU6sjWaSeKhLsnO/X3Ht1ADiUP4i/j39aE/4U7Gmk8Gs+3LBF0FXS88M06HV1cCKkd8RLkD0v6uKpOd6deOkKZRRGT8XzrF6JGY6fMXksF7GCqYqKhHEvU3nd3MQ/XjZuSycIr6NKdo31iezwjFCELUf2XQCIEtLe77vxfZQQ9lhddLhM7FJVDwlIuVLjN0lzrUoCywOZOG/ipenkCLDD5JmPqbkgyqFEIKpLW3weqlIFPTQblwaW724kKB80E+0lvW+0mG8oiyeqBuFufhtaUEwmg93aCzPW7wJuP7rzBm2i0FPl4Mg0f1d7iJtrHaIcnncw7vzeo+LOq1zvlcCVO3lt/JTRhTbxMEDzzQvvuRnFVExQbNCd9BKErpZAIia/l+5/PYClqapQYuBsx+Y4jUC/ct6PicSz/YtdXgTQc3jqmsLJ46R7Y3qkeaYJvsFDbTtjG1GlQdisNPZEhtkWgvyIcxl62/SSqLJr+ZxWh2ldToVpnX4g9JKcHbHyvsD/JJRsSD8fHlGBlnpXpL4onkQNbtZQ9HUBpaz6rQvp7klM5iI1trpdnv8nf3H0G54mz5c4FY81VIXcy+2nEgadhWNdKlI0rjruvXyJKUvCPmh3ZyPZPL+7rkLI+ywj+0Gz7QGKcDsOy2L1UsHSpCJGRe0ZJO8vuq1relbMF2pz5eQHa+9S3NNG/v5WNWVw4BcCaX8tfuac467mZ+sr2CKAKn+ojhBAkSVWHWg95bURX1NUpjw6d2dPSJbLjen7FDZ1NiZsvW+eNIPnuaOAIoNKW9H2XXmXagJASOnwd+BwNWWB7APlQz/YfQycDG4TjAWCg22aoTagmXoPtiqNqo0gq7NljSbq5EY2hn1RUV7umMR/cqY4XmdBsVqSwnjBtuHGQArn2QRbAYJcHkrxpAzMfJSWNx176ARBFhQDITpI8Y2ROyF+tZaOcNOYuXfAjktV7Elgt5dNypxdo4a/qFt0IkjxRF8WGGTKU3eRnC0EvaVc3xifLIcjrihqiVnB3jb58pT7lSeTH8pnuTS2+jOVphvok+8ddKd+Q5Po2yw8e0PswzPK7dYdMjNNKhbg/W41Bxf5ZKWxGZjxMbwNndzPext/+QWZqTJDw+Cf3rCMpaAU3nRSW7b5TD9fYrmajSbkzHBy9ggt1y+IofLEWlsMkiisxqnggsbVyDlxMb2q5iOFYMWtG/VPE6e5yDUVlwsd1l+Mv+vASCJW0J2i5BJzpYVTnazcQabbVeK/t3t8oA7/aO7omZxbPYDcfBAfc8+ibx3iBW4tIrwe0EvsqkdhTt4C5jpxynfBnvUL4+O5IYFSyz29EKNPZ+2RQti6tMCZYi4/IDBg93WQHGMrUd0pyANwP0vYVH8QGtD3X94nwOjoJO3GXqD3qcGsCrmBmmJtHTYBZ39KZpxxujsYDeccUuRbV9Ivq9vydkjO4fkIKCtlSFWRtkgU6cl4IxoO7alRDvJzadWrBdW5k3ubZG3qV05+iV9KSdh520YrRzxGb0yd8Ii0pgJU38oEywWyLUL9+/Ov5UZALtflS90cLANodWfzNtAxcZP6C+XR3aRyI8dZp5ZcOwwbj9aieSImLDwnC0l1cdtxSu8Iwm29/yeh4v4JXl6t1bBsTkyCoirQnkyBC3lHLCbwE3vfB34BTcChR+qWhiM92rnr6be8M89AtnEfNsdpZAWD96craURM8wfmMh9tM66gjjHyYuJbi1186x4LAtST4VZMHnw6NoG3XK5sMoVZq8jFWfUqrpS6ZMRu1UV0qL1jNbcZifwOlDgmoFXhFMZ6CGax0Up+cFPI2BJ7wGQwsTszifSXah/XgFhrOWgu9Hs5YJYbTxs26yEhG2K9j1J/4dtNdowmPI05iMynybTzrQkB8T/lVE5w9o1wumNhftyXie10+Nc8U1Ok3JugGG1CoM35eLAPTA8vHZzj6819apBCtw2vGeHio9k27164gHhsZUdAhyfC8hxmR/V857ipCchBNGg6aQOh2hVs9+4mNaap1UXGlAOJZMp/O7BNknYi6LVuGOtiS01W86pgPtCrbb8/24RHcybSLXhS4spTDf/LfBHaEWiklQHyq7YU6hsTOcmTkMNLCFuNVbPXPFze30KWtPhyZyQNYPqEwo8dZ8InN3RNBaYCMgYel7kNcmCO/0HlL1Kqjc4i2mguFiw23Tz0YRmUpwDjEe9gfOjlm9EZQs0GQQyB2gNfaoH1oyiM5yvQ9MrY9OADGpos0334ZqW9mykUpjkhrCWKLmVLAzWejbqMw1ZDq7FRa+l6Uyt+2XFPar7dta/TsWYKv6kTqoz1JHMwf5EoGEgCszcwnqkcqd5T9NHoVNwwpkEN/7axF0OqT25NSpXkAcacSHo70998jL3zbdKFVamUmpF/hN6ioniJyKAelESPym7KpjZKBEsHGTzU30t1GgsGlYUwtR07O5FnRVViDiMyQHYAq1PXa1EbCS0b7bbdMYGcExJzHvlT8VmeKnJ1RoOvKWyil2habXd+TbxEWtfAOuWtJzLYwXWKPppsq/EwKxUGNla01hVrfAbm3QNP45gDGFZ0+piA8PLNq6PNFoSlINc/6/Z3WaENpGhxL0mKS2IS/d76AzHjUV+Hw6ylFUdYEjAPp2lR5woslQnxpO5n3oKpFl3jevzJmcNJKuZZEYzGU1leyddx30hzmVMfTliybA5I1GVTIigbdKwuRWL8uYQA1mHUeO5pEPGMv1X4GcoT5BDrdcFAaU6vjhXbjVhCNcPBbjxKHisfOBUr6nx1M/n3AHndhilimrPP5adOGpG2CFqKQtINb0UmpqPQJRB488tuVE3fTPgqNi+PEES1tIumBVdt5m95p+BNHPyVwLloMeGkCVqsTid2251NSpFd/n0BVAOR0zZP1hGRRzgU2tNPK4VAVuvuPQdPw7ZUbVSe/VvphOLXAG72M27W9IbLrsnnmaNeh5ur/9fl5yI52py53z0Zrp6WNociqyeC03xzPAwmYF9BFMG+j9Kto2OfbxOCUdWxhlCGDuUqODcAsvfKNQddq4Fha0HSLjvGOtfEuWmJNTzmfIeO3vg==,iv:pTQbb6nLHJ8BXTIYdiSe4vc5+1hpNuHhQhDkIAsZ9HI=,tag:jyO99VXSsCQlQD+Hh+gtvg==,type:str]
-valinor_ssh_pub: ENC[AES256_GCM,data:c9s+tEjn+aZAjsxU7+dWmKLVc3dFdtna3ilDJrEb4k9TToyYY5VYEW6exxpbBl6MMAe98/KXgLPI5kTmq3gCqQe2dBnOB3C4f212DOmVyoYGj4AiqzU+Oo0pfg6DRw5BCjYGY7B+zJopqQgDvlIRTdJzAhQe3ZRuJFXKupVpJ+pEx56bo/memAf+BBZgIXChFrYadqze90rMmlw0D5V3L3lmTnqjoniXTXj5QoHh2f873qFAQ72+fSNlJCkasNavSiXKWVPcS3xMmgfiaffkqdO6pte1m/IgevKkKfciIOBbKskgsTZdy9iPGdELLH1wMzO45+vX3h2ATy/v5Hqq/yWlrDbvFFUKoaCb6n7/5O3MhaLwa78Uk09Dvbno2Wb8C5BBZlXBZ/BSooosDFUG/2IG8nKM+FrHJvtwgugCGa3ZQYKQr6iJ9g6tN83YRTEgKTCsZPnSNg+vXSBAib5ABHl8z7oHVB2hJFBnEn7Im99b/GRsCRD+/y9Y+4wF8nzznJgSrqInM59//EJHmwOWrHzSIpyV+cY67cCUXlkYB/ufx510XtEjijr2SOJXKmdAmme0EICkP/LY80Yrsoz2ee/A6w6ZP3HDHuxUVNeGNJvdoFhIyt9pEiRBwl7K2XKYCh/lRiE6E19EM6SmwplEM0+uAWTY+NUKZba2JSqFZLMlBFfWSLHgOHFLPatkZRUTkoNa4BOhtUlAYfuN/uHHimnL7H4O814OnjU5exqHca63VkDDhA==,iv:YT0ZN/Rt6CbMSFU1wZDbrenlwXCh7e4C06YbVL5J/VU=,tag:BqVtzOC1ViEkHHTXbgDJHw==,type:str]
-valinor_wg_priv: ENC[AES256_GCM,data:1izZF+6G2Uc2MRBH56A07lexZEkyOiiFI4zltyoZco0+Y9EPhH1nJ4sWzs0=,iv:OIBIQvMsrq93/o0r8V6eSzfU63xtCzgQFf8NKXsjRk0=,tag:wdcQOfdaoxe7Vw0QWmngwA==,type:str]
-valinor_wg_pub: ENC[AES256_GCM,data:noAhVF91HUwpU3lHl4knlmGkV0Zjbuc4TQhFhF7HjCbv1hdSycO17TDfgcw=,iv:82v169pOoCOwnOaqPTOMvtvOUJJEcXjPI9BzogC+UaI=,tag:NHIcOYD5mSnZ6kwZBAnXGg==,type:str]
-iriy_ssh_priv: ENC[AES256_GCM,data:tLViFTWE62aJ7sCHVs2OxqewFI4QQVEoMdWV6l26FBFlbP9sQC0IWhtwkYVeQ7yFRlEjiB2RWcxG9KkLZm55JqAG6dX6AocG341u68PPWgcWYxYxI2056e/NYN2dlNE9SX0ImkT41/zQIG4b/7xRsFlBKJ0LUpbzWg6Bmo1Giu66NZhLLIkVRPqH7KzvUlyBiCAiIuMlVIBomxKwmeNn3SnaVDrfCbqhXwiJvGHZE09mtZnZMVd9vIo89+4PReykVUjEI04QhnSzv+ET62yw1AOk4k7yBWykhMi+KirlNL8qoHY/HSOaqndQpHc/GzCjClcWHeBjsouTnqx7YjZ77WpiVKuFIVNK18fZIwxIqW0cwftJpfMTlOfGIhfAjIebxOc1G7tAON7BWSZQNBtM9aQ5qmF5wwYKj1m2NxtqzD6Vwhd2XubgzFPCssYs/WZcF4NeJwYE9077NrMeLjE+kP8d7IJKwDuXTA0zldFaRURzKCy+NFnHIle/Bw5V08w/FeJsWAT7SeJM2V9yGYaysBTly2eh0YtW0vHdoijhZQ95jAD9ixfHiZ2Uz60F5L2s8DJ58i46OShT6ItJ98NeSxFT/cOIZQ7jd7mxmgZdQc4uXBk2ly9zlF86gti9MLdvbugkfLKnrCoHLec/g5wWyowRfriDgqzFgzcj0tGshhLr/Y7GsIj6ZzMCbHPhEz9oEqUR7tVmBXfyEisCBdujYaUByl9EgTnLx505LpuaqYJuiPq7YULCndye3EHdQWSiVQA6ncPpcqnKgAyqsBlRXa/2dsr4XJmdIOHTRQ11m+8jJ9R6gmiGIdjj7hq/kr9tCZWPSF/Idz2ml04nw9zjlroeq2CmiPAVskKmJohpWvrD+J5tz6pQSITbiQWnq+W2/7BT5LvkIewwegyckP2hvCpnsHvT1llD6gzf5kNkoNvHnrFOjPa83WLPUO20rykyuD1+5s04vw4j2+tcKEll54kB757yWUdn7af+vs7uvthc2Wen1vXXPHoZnDVDddO2vDsNMRCl1w6NE9Ey+bsLhgZ5hwvwi+i/cGg6XHoFtRMS8PKk7kpRqS5oTMxbhI6uVy2BLz2Mtot6VxA29NV9fngxoD6VU8bcen8P6Tt+QJs9FqN5Pik3mLuaZEp8xiarSe8vDoLHv+UZVLFgDc+6LegYUttM0vHf3oKBHSX8qduJOZrZ2UlgcU4b2AKfGkpRVg4tKb73kCZi8D9R9aMA3grMK2mEPGKjqoT0DbOa+CCpC3DGUg2LkZl4jvFMfX82lU86cQscnHNh0ajFgmxmmmrDiLVpZLRroslEntuvXmj3lQgZmsyrGdQ3Wy7W2TvcbqcEt095hU9jJu1dlj73ofP+ltxxF706//OU1ToTqKOoPXhwQNmGhHLdBOflyXy/SMF5Ymvelc6FI6ct9h7y8P955ZyX/IFurX0/XUvuxtDqb8xq5Jm378W8Wuh9Zq0FRwfcagEUMo8auqzVOSHx9yB60qsLoi3WEH54/CClwOelvDhD1nCQ9Dxr4oYmfIiRUcvYDlCvgwc8ZKWb+8eTTA7+aVEZ9HhIhV2yovykYcWE8hPFUITA6lUhdEtUotq4T9UofJ8S79U6DFCUX1BdMYGKSMxOPuQ0liviVh2pnXIN+4DH0OOz828dGmb21ClkwT+kvA/80XeSxrU59XT1IGRoNjPCRxZzuLnsfCA5rrIarz8y3gbL+CFY4rsoPTWfqWR8HUg7pUapdG/FiW4HCfK+BwtLowaxyF0Kj+eTf+1EPx7ReYiHo6Yzes3XVPJid0e/DRkKqpEHSv/xQssQlq3Zqxfjg6DsTQ/dpA05VSZowe4VxouVpV2kib0HZQt77AtR1y9bznED7BDM4X2f95PiRMeYKvSqCHkhakrMCmPlboFJn5vpsvlf/k3v3zpADfwvx5DZWhRYg9WfmG2XSEXrdIHKcDqQME4Ka/yHNBvYuI3SYvrUusZcxjqPXctSRCGGEd9zfGbkA01BQ2anA/xLvWQMzgnKDHRLpQ2cQcEUi3nrrODHaYu/myo5XJDMncPVUidfC/XrnqlalnI3MD1o58fBV7UA4AO2aLEZf/59Qp6NtdUQBppdNiFqXBP3841hAg6W991Lau24S8Z5e7zAjfu/16JYA/M1NeqSkLQOFVibs6SJRIkPm4JPw+sBAwPLmZyjvlbYdk6686vRa4Ibnl3WkaozIqpioyLyujwNfv2OAK6dN26PT+xM7L/3s5xhP0K5TFDKyzqvjjI0uFP07h+xiXZuEl7nP3EfzWT8/il4aSr284vZ9Aqd0FsgfuNPuo+A12aUBmSUjuy/ComwB+/vxbkNlWtMPvkCfdS1eXImigxm5IVQ30Ba3gNTmPQhUUw0AkQPd68g5PZDN0iIx4APhXOowBUEAy/YNTGC2MHUDGo3lWNXEBbE457x/Kq/CleDlHHG2lBAPBHBC+HxdsnyvaF15cmg69IIM5YU08cILY1sxQVDXhIWBlKg9pjZU9BJVR6cdRAXccL6XXRD3P5rJUkyBS6SmTmkXnQetrrQVt07lzfApSErslPqaIGEAuPTT7brQFylvi0eWo2mXDF9oBr1BGTUEGaswz8q8DUuBXA0U3apJoFoDQbJk0uRwv0CrdK9kjGHzf4wntf3qNc6fH0foEvpMaLxsBUyvL2+2WZYNz2+rDjgOtNO5yAd4ILL4JqZKcNr1zymEtFU4WGTOHUeT7no345NZjoTn88Y+12ApWd1NtPkLfpAkuogAJOUK6LCgLPRDQIkzagGCWjDmfbc18LM2MV/4Us1TdfBzENmTHCsLDhIy7Y6fIwteJ5oUuWhTeB+MdFSO/WBhS/v1rjHfE75GXvQBZrlkknKaDwS1sJaet/0OBSWK61Sk2821V9E6qSS6U0qSNQbwlVjG4JMCXsNITICTR+uTa2cUk+PiDe6uZohu3M2B8FiiH9/XNKpyywxhCWjz9K+rt59tiHO7MbPCG7Lzi86BtEIZ2B6fFfhCdooZTE4oelhitnH3R4LXUc8kiJ6KPFINbf6yEGnskYP+aEy/3XfR1Miw3LG6+FVTvldDy5EmInPv7Dw8K074imghLYkvcuWtj6qMo+EI4rGoH39OPhqyd3tDgKVDEWOHKE3Ictt2Ci4cxedS/NieqxZf5tUHiO3YZoYyylJcJ5mU0HoVFhtfmg/GsK5mywmt6B20x8XyMBMLolcWYNMzdWgPQ1ieKb87tCgNRIOnPuwZcUGq+L+cLpRR4yhfSYPPao4dG0dxsEQJiSHnRDea71bR7URhJeo6aanwnulYwsuhji+3+XFoY+2e8wrEoJG38se1tafnd1dQHpvfiEYKTSCYuHG3uZWHvlHW06YrAwnrQrMOs+dquuQhMLK4wlsjg0MzsEZRkZ/JopxVRkjS0N1UVDQuzIZMqf6gKoiUVaC5BsjhTwcYQrMx/DFhAnhL2iGwJfuEQrrIjNVz7FLPQ==,iv:cM6fDDPdHQ0Xamv41gKvCQ3Oh70hCRaijXLA8n2rEEA=,tag:7CsbqkiNGv7W5lCrPK3CmQ==,type:str]
-iriy_ssh_pub: ENC[AES256_GCM,data:zjET00BIFhSI3/3bHO9d99VZLNqpGwWYuqhFvZAk6hYejOFRReCn3WKxXwEJh/IS8PYw1ARnj8DOpfYoRwhdofg+ap2/XMLE858B2cmgGQE5XZNftUryjmBV/WpWVECmAa/Dd6w71MACqZ9TDnt8Kkg5c0jtiGT7zg62/gMcjm/k531y1NDi4e8Jf7MFN9A/5nMpVDCpspZe42N2Lv+w0M2lhDrP4bjYTE9p7Klo27C7lt3vGahlNAjQBvx3o+309+4bSnE2hwTUkgwjN8YPx9qpV8v5XAfPEA3Syz4Qmhi6YpDnEsNPIVrmuGdNhrnprDQHJ8G04bHv51DXURf7Wtf8HSQUNVWXJoGb1jw5xzyiYEBB1Cu6VrRRHytQGtMMbQsIldoW7ISSo1jzRIPWJRMCYrY/4fneoALAXPN6u6VsYM+wtO6/1+A02KIz4uhHvt9c+iv2BNiJrwgHSdH2aY3JaOLEAI+wVQaf47WBfPIjfTzYsDx+kDNiflmBhENNWSqRnrXXLiAG0oVbbz0iuzA+C6w/gNc/t4L4foiMbeF3m9jVfFm3LrCmR1FJrGeA7ZSUAEQ6v55an+IbDMv7P9lUxgd7rsCj2M0elG2iDizV9vziFPOSJkplqzygxXZdo+In0pmRHUfWj06epacZjNdDxJHrakfhmWpGBvrwYRRp4/5p7/k2CToqj6UqedYen0S8M09JseHjNndr9/Oe2yJZYlzRhfq0ZDB1pzdVIiePcQ==,iv:nWWm3vecA7c5pv8bYrjjZk3VLHjKJI7c7ZPkK+pUqU4=,tag:Gfa5Izk6I3s/spA3GkXufQ==,type:str]
-iriy_wg_priv: ENC[AES256_GCM,data:inng2niJrTXF3ld2T5Xs9t/64oDC8haJhpK1Iajpc60hMHWbenpqGRis7NM=,iv:E/cW6iwjbC3iKulvgBD5vXsjxh9A6nGO7Acr2DXAQps=,tag:CfHqE8u87xGDkzArZg3BnA==,type:str]
-iriy_wg_pub: ENC[AES256_GCM,data:/4yPr9+NKyU/84L1heVhVa5Mzu6/9bTRciL4V8v31J99Fh5ratZDufNt8AY=,iv:1PzTUsgt1YQPQAywSQqBUVm08++EA9rTdQF/puRJMs8=,tag:ew+bmkZmlj74/mzdBPiSDA==,type:str]
-avalon_ssh_priv: ENC[AES256_GCM,data:wTAQKXU=,iv:7x+5AnmbNde6lsr+y5MlkR7KoaOUSCGTCVwLECYxPHI=,tag:DkrosVUFtURFBuqQI0LxaQ==,type:bool]
-avalon_ssh_pub: ENC[AES256_GCM,data:22S09ak=,iv:Q5SU6BQw9j4HMyohQorIeNwGL0xLx8erm10gvPpHmCc=,tag:o02ZcLBSz35sqY9INyOMRw==,type:bool]
-avalon_wg_priv: ENC[AES256_GCM,data:Urf0hCzMoyo3IiV+0zhiHGhh3vfinrMAFbX9JwFgkXiW+3+AXN2b1b785JE=,iv:TV0zwPssXOEVSxiVo0jZwFCmZJiTSXXXctFXFX0H97s=,tag:YDNaw6dRBcbyMSjXTRIJmw==,type:str]
-avalon_wg_pub: ENC[AES256_GCM,data:Lc8LIn3UX6mpN8WWum18OVI5LWjBLoW2Qles4Bv/cKP6yOfKTLXPkAYzmFU=,iv:P3UJr5aHkW07HVH0oy500HdsumZpcwwuRdRKx/Efgjo=,tag:U9G9Ja+7mS1x6no+MVptiQ==,type:str]
-asgard_ssh_priv: ENC[AES256_GCM,data:PflBgd0=,iv:OvKG6iGAtvcx7Nw/CT3mJos69ECG0k5CasZMzg/xWo8=,tag:X9iQY/nDBb5Dz9a+rnN9Rg==,type:bool]
-asgard_ssh_pub: ENC[AES256_GCM,data:+M50sSY=,iv:fWVBRPlz/ACENHhOJ5zabu0eqOAAH/AH9+HBqUZZQU8=,tag:UPdE0aLWnhj/zlXpKbdoGw==,type:bool]
-asgard_wg_priv: ENC[AES256_GCM,data:YxlKrwQ=,iv:1xnNKjzkJ0KPglLQy35i3FZ6kaJIgf7u0vT4aciDQI8=,tag:Jg5a/215Ifxj/XXMkSHwMg==,type:bool]
-asgard_wg_pub: ENC[AES256_GCM,data:7ojknU8=,iv:Rk2otESlMbnVItBS0Xo2JeoSjOiDusUnsMVMw9/4oU4=,tag:FD0S6AfDfvVgvgy0coF/Uw==,type:bool]
-efir_ssh_priv: ENC[AES256_GCM,data:lfC0LrU=,iv:QCNZWYj1bokbZwVbPanuWzljwTv8k1yRvJJYzXiffRw=,tag:1r0myqf+wk0paT3ODStB6A==,type:bool]
-efir_ssh_pub: ENC[AES256_GCM,data:s2CtFco=,iv:5ckMLWh/OrANzuN7dChi87jJqp8ulbTuhefteVijVeU=,tag:0Ojvf/u6Vs0tKiPzLnaHuQ==,type:bool]
-efir_wg_priv: ENC[AES256_GCM,data:jxmtVME=,iv:4SJC/lexF/oxgZp4QDAA+MhLU50K6G7g4IgQmbXl81s=,tag:wC7h+uCgBfGFynIZlyaOng==,type:bool]
-efir_wg_pub: ENC[AES256_GCM,data:lYCUem4=,iv:FmIo/U0Zo9O2pbiehLLbTe9bWKzRRjEJHP53zXPvhAU=,tag:nQKx887kvTKaoKIXTR+/EA==,type:bool]
-vpn_ssh_priv: ENC[AES256_GCM,data:RQhNAZg=,iv:PHdobW9HIEITGaIq86YbOFhyf7OTeTzhgjWVKo0YgNs=,tag:EhSAJz8N2OAuHC7sbvBj+w==,type:bool]
-vpn_ssh_pub: ENC[AES256_GCM,data:K7+ZMxQ=,iv:xp1ghLqP5sk91feAIxC1JpHOkCzBfYBO9rHW9ghfqAM=,tag:eX8s7hGITevnerFo1VpfRg==,type:bool]
-vpn_wg_priv: ENC[AES256_GCM,data:YS2NMqSZdH6gTQq89sWNLna6sLFIzR+uDFurFP1s+3Pe1+QP/SAiX81PZfc=,iv:Ovm3ir8ia5793yYPsKrscpqc4A6B6r270hpx9pWmR1o=,tag:asWYQrENr5ip8kHdb2mkYw==,type:str]
-vpn_wg_pub: ENC[AES256_GCM,data:orLTPlTD5Y6bimDcc+BFJytQFER2POfgcOFEk6zcKkvuq/GyU8bKgKLxuyM=,iv:TVHw+yVhlDJFz/8HYqI3qT85hGzgx+3Bj7mT0mr3dFE=,tag:EKDs8gE8RJMGQVfcYLj9Jw==,type:str]
-pgp_key: ENC[AES256_GCM,data:nEMur/Uq,iv:2KXW/AAAWDX09Ich2S6LQ7618ZBAY61KZcGkIabqCLs=,tag:Q7o8fz3dFFuqeMpzu9U/Fg==,type:str]
-wifi: ENC[AES256_GCM,data:Zw1jPS/bDDXuwk+0TV8qGwWgdQp8XcDX254lwByLLyf5YCGdBIxYWdTDkIggxHSgSmovg7TwQnIYcxvpqjzm0/nbaHiRvm1tBnO9KIKs0nQhnIdNmjxGXpW9Nv9ZGrTp9/ymNNbG3AxHUT74Eemy09jP+k3h5AsVuCMsMYv2y1Hj9O6CTzV+yU9+WmqCZaTX0PnyVRGYkhcHYTZM0V7I0zZbS5Uzk6AHXVmdTT0KL/1OJ3UlRAQbYMyYJM8gAOXLub6U3nCREBVIl9DydniWy2YTqKWeJcMTPe5JGDdPaUzOSTxNKVm0C1jkIOyfCgHMZfVlfAMXsDpbi9kl6Bwb41R2uS/w1VNCUUtnD9TJ29pdOW6sqEApbdbXri/P7ZK5ogGUhei8+Se1WJNmV/cKii7YYQpWCuGj1PKUj2NLel6loDO2+bps0ejWOkQgPED5tT0rn9Wst2SQKA6wMVjCB6vrry973Hhp4oi9jZ5b3eLnIg1G95JVT/O/2ygS4PLsS+GH8a7OzL2Vy1kYisphuC8sFp6P/aY1ye6WLR0bjaLYUiXHP95RUEDAwbPP4dwPCpsQSRdAqllWJ51c7GIb+nHOQSlDVNurQhbJXH0SD7o6yTKiEeSXoUt4q5oFSJ8GRFYOf8s7+cluKUUv8y306qHj/rh97benRxUTWmAL5/Nn/v6lez6WIhoNaD+MFg1/e5CjnaozOGXx3Ew6ZyI/avKwVk+ni+/o2+HmxTCKShpH5F7eZb3FMmgzIQNM+3C884GehtM1ffZmLlWOZN+nM+Uq3pQ26jgS3aV4AkgCHsNq+Xq+qnOaS2ocl3u/X9hQNoFqbyoS7nbcH9NMjU8NA4XhX922ij5QANj9I0sGlqI3EQ2zZV9zx2YcpY1qMjoMZXA1g0nIfCd63SWa8l8j/FuUbDknE2meFGqgGdvg2YPrgz0CINeKNwkg82xY1bUQMmkUQSyZV5X4Hs810P4IZIIypsyalEiNoS1VegUtG4a4xDLk6ZCXdhxV8bFbBHDdm9t87G0WCc+dyDZo6gvEQQ1gBBAQ3A==,iv:5mBedTqbzgrLUZ4HZGBrz+h3JAT7DUIP++TI+5j7/M8=,tag:XAWSPoSGepULdfn0W/StzQ==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBraWFDRFUxQ2l5OWV1OXNK
-            UExEbWZkM0kzVk1rZG4yY3pBLzdMVWVJS0UwCnhlWFJ5T2lZUXJyNkg1ejQxaU1t
-            L3F2RUhldTY3N2xXL0hwczNKRzNjcncKLS0tIEkycHoxcDBGNyt2V3RDY29wNGVp
-            TGg5Rk05VkRsaXM1Q0NxMmtMajRORDAKqjFldiAYJKjmnkeDkwanjYvhL6645DZ5
-            dVXExjqO/DG733ge8HFyKzpfpkzRymV1giUwxBdII1dd0mJ2ncINeA==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1ms8f0ysv6vakxepvt69fejczs6tddexepesdv4rkgtheehj3nu4sc6290s
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3UkRjblIvYStZUzQyRHA1
-            ZGVXeHhrN0kyVkxZdms5U3gwVFlPMW12MVJjCjRkVURpZXBzb0tYenB4dGxKamh6
-            VXVBMmo1Ujkvd2VTRExyWE5MbVJaclUKLS0tIDVhRkYzZmEzUG00Q2IwOWZUMVVt
-            ODVIbytpcjN1cVMyaG1qVVdkRmtaMzQKNsvD9DpK/raDBob+IcuNk72tQDts36kJ
-            QhtoLy8MvUymi49PdEWrgyf68w5XwRO/U4iINhR0qzm0glg/XcyHjA==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJc3hKWkk3ckNOY2UyTVhG
-            MmtLaEd0K04yaGxiOUoxMXkzOEFnYis4VkhnCktDRFM2bS8vb05OWDdwa0RwRlNO
-            cmlZemtxVGZ6S0tNTDV1cmE1N0pVWnMKLS0tIE9EZllycHJpcEY2R1pwOFhOZEU3
-            L01IcytDd3BPb0VOTW9DQ2lUdUVJS0kKiD+C+3mK1b/eIwCEFanFgYGLNk3JNPQ7
-            i1UqzbHVxSd0q/YVwdKAcj0jA6EezGm275tgq7IVsy2sHkvRMaEDtQ==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAweVU3TkxFZzRnd2I2clN2
-            ZTlTWmhwQkhVc1hnOXFvZVVDSWpHMVh1TGtrCkc3M1pUTnZCMHpvYXB5ZVhreGxa
-            ZVY2cG5Ja2ltL3k2Q1VEalc5TTNFMXcKLS0tIGd5UWl0RGVXT211Zm51dlB6WFZ1
-            STRtTVpVTCtVZ1FUNENqWFFVNTNuaVUKN6HRiZjTdENeif8dJ29urBxPXDaosjjY
-            InN4Ko6YUaGfvB1DTrKIzrxOpsHS+XjisoGfT71tJwwEOoREklEO/A==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-18T07:35:26Z"
-    mac: ENC[AES256_GCM,data:jnLJi3ZhQfeLO/GmOnUL/HuWoet83V79GGZzoqxWeImQDN9jjSAqrRPULPAREHFD+hc+n2JAW7MZrZD86jcFFy2F+wGhcDAY+25dV6d2CSi34u/dBG5ETHsn/rRV5aAOQWldna/CEpnyi69Oz/oJcQrkHDyeUWsFG/ele6aPmB4=,iv:z+zSX9W/exvEJa37VlFBJ6S2173x7KQ6qnwZw/QAp7A=,tag:ge9klDIulMFv8Szjj6+gzw==,type:str]
-    pgp:
-        - created_at: "2023-04-20T10:20:17Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            wcFMA6R3Y9nD7qMBAQ/8CVWQaYKfOzvPIllZyyWpUjHRLLXaR8MNJ8U5WI/tdwdN
-            9UScDYJFuYRW7Q9s4Mt961kBGpaHqe9MUZBxUDlYX59+EN3FbO/eMQ5OqI05ESmL
-            TvZB4+S9C5o73nuypSDNvYz+Lgq6DO25ZPhXdtPhx2DE4G31/wft/LpxhjalIjI8
-            MU0Dv22R4qC+glJbe4GIF2IJ8XoxnnzjiGeSqiyv0QIBM0SzOtA5sKwNohWBnW7g
-            7vxOTm5+kyzG0dDjt3tFApgPDaA1wjofzhRuuveF52VBsuIA2opFdpqkyICvK6rn
-            NB5kUaPlY6A0m+n0oHSfY5wm/AnHNE4Oob/ifumAaB0EAJVUTRauI5M8SeJF0ya1
-            U0IQ9N2lb7Y6q4pqHywIa6fnylsqCfxInAYKMuslRq8f9t/qakb4/MYcnPrwpzjw
-            73/naiNoJmG6NVTkM52qTtOqZAmsaQd5cigTuPW2Z2CJq1yLZEVGSSd1DUGUjBDK
-            nQGucpVVVpD+ifrIPz+Iqwy+5NoZZm/Oa9pKJGFzqXinnDNZaqtgpmTw9QxcSeaP
-            VvGZG9CDd89MtAm1VQyuqi1bQ2faq3G0xNrLl7xUsfmjx4ofW+JXR87OzvGfLPhu
-            Sjl3kS9j5/MEBRBg3n9gNkgSu5Sy3ilhckY3yjTgAT9Gw2giDhCiUXi1/7KrGprS
-            UQHPCSsjyWsyuYVa3lAP/WPdVclc4WOdfYcetUCXBVP7LQr0bq+IG+2J0nnY3mDt
-            Va5k4sP1qu6Ecrs2JioQ1V2H+VmcrRykBWnMXl1tDSWKMA==
-            =pS8X
-            -----END PGP MESSAGE-----
-          fp: 4E241635F8EDD2919D2FB44CA362EA0491E2EEA0
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1
--- a/modules/nixos/system/security/sops/default.nix
+++ b/modules/nixos/system/security/sops/default.nix
@@ -1,26 +0,0 @@
-{ config, pkgs, ... }:
-let keyFilePath = "/var/lib/sops-nix/age-key.txt";
-in {
-  sops.defaultSopsFile = ./common.yaml;
-  sops.age.keyFile = keyFilePath;
-  sops.age.generateKey = true;
-
-  sops.secrets.wifi = { };
-
-  sops.secrets."${config.hostcfg.hostname}_ssh_priv" = {
-    mode = "0400";
-    owner = config.users.users.sora.name;
-    group = config.users.users.sora.group;
-  };
-  sops.secrets."${config.hostcfg.hostname}_ssh_pub" = {
-    mode = "0400";
-    owner = config.users.users.sora.name;
-    group = config.users.users.sora.group;
-  };
-  sops.secrets."${config.hostcfg.hostname}_wg_priv" = { };
-  sops.secrets."${config.hostcfg.hostname}_wg_pub" = { };
-
-  environment.systemPackages = with pkgs; [ sops ];
-  environment.sessionVariables.OPS_AGE_KEY_FILE = keyFilePath;
-
-}
--- a/modules/nixos/system/security/ssh/default.nix
+++ b/modules/nixos/system/security/ssh/default.nix
@@ -2,7 +2,7 @@
  programs.ssh = {
    extraConfig = ''
      IdentityFile ${
-        config.sops.secrets."${config.hostcfg.hostname}_ssh_priv".path
+        config.sops.secrets."${config.syscfg.hostname}_ssh_priv".path
      }
    '';
  };
--- a/modules/nixos/system/xdg/default.nix
+++ b/modules/nixos/system/xdg/default.nix
@@ -1,60 +1,68 @@
-{ pkgs, ... }: {
+{ config, lib, pkgs, ... }: {
+  config = lib.mkMerge [
+    (lib.mkIf (config.syscfg.make.gui) {
+      xdg.portal = {
+        enable = true;
+        # wlr.enable = true;
+        extraPortals = with pkgs; [
+          xdg-desktop-portal-hyprland
+          xdg-desktop-portal-gtk
+        ];
+        config.common.default = [ "hyprland" "gtk" ];
+      };

-  xdg.portal = {
-    enable = true;
-    # wlr.enable = true;
-    extraPortals = with pkgs; [
-      xdg-desktop-portal-hyprland
-      xdg-desktop-portal-gtk
-    ];
-    config.common.default = [ "hyprland" "gtk" ];
-  };
+      environment.sessionVariables = rec {
+        GBM_BACKEND = "amd-drm";
+        __GL_GSYNC_ALLOWED = "0";
+        __GL_VRR_ALLOWED = "1";
+        __GLX_VENDOR_LIBRARY_NAME = "amd";
+        WLR_DRM_NO_ATOMIC = "1";
+        _JAVA_AWT_WM_NONREPARENTING = "1";
+        QT_QPA_PLATFORM = "wayland";
+        QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
+        # GDK_BACKEND = "wayland";
+        WLR_NO_HARDWARE_CURSORS = "1";
+        MOZ_ENABLE_WAYLAND = "1";
+        # WLR_BACKEND = "vulkan";
+        # WLR_RENDERER = "vulkan";
+        XCURSOR_SIZE = "24";
+        NIXOS_OZONE_WL = "1";
+      };
+    })
+    ({

-  environment.sessionVariables = rec {
-    GBM_BACKEND = "amd-drm";
-    __GL_GSYNC_ALLOWED = "0";
-    __GL_VRR_ALLOWED = "1";
-    WLR_DRM_NO_ATOMIC = "1";
-    __GLX_VENDOR_LIBRARY_NAME = "amd";
-    _JAVA_AWT_WM_NONREPARENTING = "1";
-    QT_QPA_PLATFORM = "wayland";
-    QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
-    GDK_BACKEND = "wayland";
-    WLR_NO_HARDWARE_CURSORS = "1";
-    MOZ_ENABLE_WAYLAND = "1";
-    WLR_BACKEND = "vulkan";
-    WLR_RENDERER = "vulkan";
-    XCURSOR_SIZE = "24";
-    NIXOS_OZONE_WL = "1";
-    PATH = [ "$HOME/.local/bin/:$PATH" ];
-    XDG_CACHE_HOME = "$HOME/.cache";
-    XDG_CONFIG_HOME = "$HOME/.config";
-    XDG_DATA_HOME = "$HOME/.local/share";
-    XDG_STATE_HOME = "$HOME/.local/state";
-    XDG_BIN_HOME = "$HOME/.local/bin";
-    XDG_DESKTOP_DIR = "$HOME/desktop";
-    XDG_DOCUMENTS_DIR = "$HOME/files";
-    XDG_DOWNLOAD_DIR = "$HOME/download";
-    XDG_MUSIC_DIR = "$HOME/media/music";
-    XDG_PICTURES_DIR = "$HOME/media/photo";
-    XDG_PUBLICSHARE_DIR = "$HOME/pub";
-    XDG_TEMPLATES_DIR = "$HOME/media/templates";
-    XDG_VIDEOS_DIR = "$HOME/media/video";
-  };
+      environment.sessionVariables = rec {
+        PATH = [ "$HOME/.local/bin/:$PATH" ];
+        XDG_CACHE_HOME = "$HOME/.cache";
+        XDG_CONFIG_HOME = "$HOME/.config";
+        XDG_DATA_HOME = "$HOME/.local/share";
+        XDG_STATE_HOME = "$HOME/.local/state";
+        XDG_BIN_HOME = "$HOME/.local/bin";
+        XDG_DESKTOP_DIR = "$HOME/desktop";
+        XDG_DOCUMENTS_DIR = "$HOME/files";
+        XDG_DOWNLOAD_DIR = "$HOME/download";
+        XDG_MUSIC_DIR = "$HOME/media/music";
+        XDG_PICTURES_DIR = "$HOME/media/photo";
+        XDG_PUBLICSHARE_DIR = "$HOME/pub";
+        XDG_TEMPLATES_DIR = "$HOME/media/templates";
+        XDG_VIDEOS_DIR = "$HOME/media/video";
+      };

-  environment.etc."xdg/user-dirs.defaults".text = ''
-    XDG_CACHE_HOME="$HOME/.cache"
-    XDG_CONFIG_HOME="$HOME/.config"
-    XDG_DATA_HOME="$HOME/.local/share"
-    XDG_STATE_HOME="$HOME/.local/state"
-    XDG_BIN_HOME="$HOME/.local/bin"
-    XDG_DESKTOP_DIR="$HOME/desktop"
-    XDG_DOCUMENTS_DIR="$HOME/files"
-    XDG_DOWNLOAD_DIR="$HOME/download"
-    XDG_MUSIC_DIR="$HOME/media/music"
-    XDG_PICTURES_DIR="$HOME/media/photo"
-    XDG_PUBLICSHARE_DIR="$HOME/pub"
-    XDG_TEMPLATES_DIR="$HOME/media/templates"
-    XDG_VIDEOS_DIR="$HOME/media/video"
-  '';
+      environment.etc."xdg/user-dirs.defaults".text = ''
+        XDG_CACHE_HOME="$HOME/.cache"
+        XDG_CONFIG_HOME="$HOME/.config"
+        XDG_DATA_HOME="$HOME/.local/share"
+        XDG_STATE_HOME="$HOME/.local/state"
+        XDG_BIN_HOME="$HOME/.local/bin"
+        XDG_DESKTOP_DIR="$HOME/desktop"
+        XDG_DOCUMENTS_DIR="$HOME/files"
+        XDG_DOWNLOAD_DIR="$HOME/download"
+        XDG_MUSIC_DIR="$HOME/media/music"
+        XDG_PICTURES_DIR="$HOME/media/photo"
+        XDG_PUBLICSHARE_DIR="$HOME/pub"
+        XDG_TEMPLATES_DIR="$HOME/media/templates"
+        XDG_VIDEOS_DIR="$HOME/media/video"
+      '';
+    })
+  ];
 }
--- a/modules/nixos/tools/debug/default.nix
+++ b/modules/nixos/tools/debug/default.nix
@@ -1,6 +1,9 @@
-{ pkgs, config, ... }: {
-  programs.adb.enable = true;
-  programs.wireshark.enable = true;
+{ pkgs, config, lib, ... }: {

-  environment.systemPackages = with pkgs; [ wget dconf wireshark ];
+  config = lib.mkIf (config.syscfg.make.develop) {
+    programs.adb.enable = true;
+    programs.wireshark.enable = true;
+
+    environment.systemPackages = with pkgs; [ wget dconf wireshark ];
+  };
 }
--- a/modules/nixos/tools/default.nix
+++ b/modules/nixos/tools/default.nix
@@ -1 +1,64 @@
-{ ... }: { imports = [ ./debug ./develop ]; }
+{ pkgs, ... }: {
+  imports = [ ./debug ./develop ];
+
+  # services.telegraf = {
+  #     enable = true;
+  #     extraConfig = {
+  #         agent = {
+  #             interval = "10s";
+  #             round_interval = true;
+  #             metric_batch_size = 1000;
+  #             metric_buffer_limit = 10000;
+  #             collection_jitter = "0s";
+  #             flush_interval = "10s";
+  #             flush_jitter = "0s";
+  #             precision = "";
+  #             hostname = "valinor";
+  #             omit_hostname = false;
+  #         };
+
+  #         inputs.cpu = {
+  #             percpu = true;
+  #             totalcpu = true;
+  #             collect_cpu_time = false;
+  #             report_active = false;
+  #         };
+
+  #         inputs.mem = {};
+  #         inputs.swap = {};
+  #         inputs.system = {};
+  #         inputs.disk = {
+  #             ignore_fs = ["tmpfs" "devtmpfs" "devfs"];
+  #         };
+
+  #         inputs.net = {};
+  #         inputs.netstat = {};
+
+  #         inputs.ping = {
+  #             urls = ["8.8.8.8" "8.8.4.4"];
+  #             count = 4;
+  #             interval = "60s";
+  #             binary = "${pkgs.iputils.out}/bin/ping";
+  #         };
+
+  #         inputs.internet_speed = {
+  #             interval = "2m";
+  #         };
+
+  #         inputs.net_response = {
+  #             protocol = "tcp";
+  #             address = "google.com:80";
+  #             timeout = "5s";
+  #             read_timeout = "5s";
+  #             interval = "30s";
+  #         };
+
+  #         outputs.influxdb_v2 = {
+  #             urls = [""];
+  #             token = "";
+  #             organization = "";
+  #             bucket = "";
+  #         };
+  #     };
+  # };
+}
--- a/modules/nixos/tools/develop/default.nix
+++ b/modules/nixos/tools/develop/default.nix
@@ -6,10 +6,11 @@ let
    includeEmulator = false;
  };
 in {
-  config = lib.mkIf (config.hostcfg.make.develop) {
-    environment.systemPackages = with pkgs; [
-      android-tools
-      androidStudioPackages.canary
-    ];
+  config = lib.mkIf (config.syscfg.make.develop) {
+    environment.systemPackages = with pkgs;
+      [
+        # android-tools
+        # androidStudioPackages.canary
+      ];
  };
 }
--- a/modules/nixos/users/default.nix
+++ b/modules/nixos/users/default.nix
@@ -1,23 +1,28 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, lib, ... }:
+let nameValuePair = name: value: { inherit name value; };
+in {
  programs.zsh.enable = true;
  users = {
    defaultUserShell = pkgs.zsh;
-    users.${config.hostcfg.username} = {
-      isNormalUser = true;
-      description = "${config.hostcfg.username}";
-      extraGroups = [
-        "networkmanager"
-        "wheel"
-        "vboxsf"
-        "adbusers"
-        "libvirtd"
-        "kvm"
-        "lp"
-        "audio"
-        "video"
-        "docker"
-        "wireshark"
-      ];
-    };
+    users = builtins.listToAttrs (map (userConfig:
+      nameValuePair userConfig.username {
+        isNormalUser = true;
+        description = "${userConfig.username}";
+        extraGroups = [
+          "networkmanager"
+          "wheel"
+          "dialout"
+          "vboxsf"
+          "adbusers"
+          "libvirtd"
+          "kvm"
+          "lp"
+          "audio"
+          "video"
+          "docker"
+          "podman"
+          "wireshark"
+        ];
+      }) config.syscfg.users);
  };
 }
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, lib, ... }:
+let
+in {
+  imports = [ ./sops ];
+  environment.systemPackages = with pkgs; [ arion ];
+  virtualisation.arion = {
+    backend = "podman-socket";
+    projects = {
+      cloud.settings = import ./docker/cloud.nix { inherit config pkgs lib; };
+      authentik.settings =
+        import ./docker/authentik.nix { inherit config pkgs lib; };
+    };
+  };
+
+}
--- a/systems/avalon/server/docker/authentik.nix
+++ b/systems/avalon/server/docker/authentik.nix
@@ -1,18 +1,17 @@
-{ pkgs, ... }:
-let
-  HOST_DOMAIN = "helcel.net";
-  MAIL_HOST_DOMAIN = "norereply.${HOST_DOMAIN}";
-  MAIL_SERVER_DOMAIN = "mail.infomaniak.com";
-  DATA_PATH = "/media/data/";
+{ config, pkgs, lib, ... }:
+let serverCfg = config.syscfg.server;
 in {
-  project.name = "Authentik";
+  project.name = "authentik";

  networks = {
    internal = {
+      name = lib.mkForce "internal";
      internal = true;
-      external = false;
    };
-    external = { external = true; };
+    external = {
+      name = lib.mkForce "external";
+      internal = false;
+    };
  };

  services = {
@@ -46,8 +45,8 @@ in {
      restart = "unless-stopped";
      networks = [ "internal" "external" ];
      volumes = [
-        "${DATA_PATH}/authentik/media:/media"
-        "${DATA_PATH}/authentik/templates:/templates"
+        "${serverCfg.dataPath}/authentik/media:/media"
+        "${serverCfg.dataPath}/authentik/templates:/templates"
      ];
      environment = {
        "AUTHENTIK_REDIS__HOST" = "auth_redis";
@@ -56,25 +55,25 @@ in {
        "AUTHENTIK_POSTGRESQL__NAME" = "authentik";
        "AUTHENTIK_POSTGRESQL__PASSWORD" = "AUTHENTIK_DB_PASSWORD";
        "AUTHENTIK_SECRET_KEY" = "AUTHENTIK_SECRET_KEY";
-        "AUTHENTIK_EMAIL__HOST" = "${MAIL_SERVER_DOMAIN}";
+        "AUTHENTIK_EMAIL__HOST" = "${serverCfg.mailDomain}";
        "AUTHENTIK_EMAIL__PORT" = "587";
-        "AUTHENTIK_EMAIL__USERNAME" = "noreply@${MAIL_HOST_DOMAIN}";
+        "AUTHENTIK_EMAIL__USERNAME" = "noreply@${serverCfg.hostDomain}";
        "AUTHENTIK_EMAIL__PASSWORD" = "AUTHENTIK_EMAIL_PASSWORD";
        "AUTHENTIK_EMAIL__USE_TLS" = "true";
        "AUTHENTIK_EMAIL__USE_SSL" = "false";
        "AUTHENTIK_EMAIL__TIMEOUT" = "10";
-        "AUTHENTIK_EMAIL__FROM" = "sso@noreply.${MAIL_HOST_DOMAIN}";
+        "AUTHENTIK_EMAIL__FROM" = "sso@noreply.${serverCfg.hostDomain}";
      };
      labels = {
        "traefik.enable" = "true";
        "traefik.http.routers.sso.entrypoints" = "web-secure";
-        "traefik.http.routers.sso.rule" = "Host(`sso.${HOST_DOMAIN}`)";
+        "traefik.http.routers.sso.rule" = "Host(`sso.${serverCfg.hostDomain}`)";
        "traefik.http.routers.sso.tls" = "true";
        "traefik.http.services.sso.loadbalancer.server.port" = "9000";
        "traefik.docker.network" = "external";
      };
      command = "server";
-      service.ports = [
+      ports = [
        "9999:9000" # host:container
      ];
    };
@@ -85,8 +84,8 @@ in {
      restart = "unless-stopped";
      networks = [ "internal" ];
      volumes = [
-        "${DATA_PATH}/authentik/media:/media"
-        "${DATA_PATH}/authentik/templates:/templates"
+        "${serverCfg.dataPath}/authentik/media:/media"
+        "${serverCfg.dataPath}/authentik/templates:/templates"
        "/var/run/docker.sock:/var/run/docker.sock"
      ];
      environment = {
--- a/systems/avalon/server/docker/cloud.nix
+++ b/systems/avalon/server/docker/cloud.nix
@@ -1,20 +1,17 @@
-{ pkgs, ... }:
-let
-  HOST_DOMAIN = "helcel.net";
-  DB_HOST = "10.10.1.2";
-  DB_PORT = "3306";
-  MAIL_HOST_DOMAIN = "norereply.${HOST_DOMAIN}";
-  MAIL_SERVER_DOMAIN = "mail.infomaniak.com";
-  DATA_PATH = "/media/data/";
+{ config, pkgs, lib, ... }:
+let serverCfg = config.syscfg.server;
 in {
-  project.name = "Cloud";
+  project.name = "cloud";

  networks = {
    internal = {
+      name = lib.mkForce "internal";
      internal = true;
-      external = false;
    };
-    external = { external = true; };
+    external = {
+      name = lib.mkForce "external";
+      internal = false;
+    };
  };

  services = {
@@ -25,16 +22,17 @@ in {
      restart = "unless-stopped";
      networks = [ "external" ];
      volumes = [
-        "${DATA_PATH}/data/nextcloud:/var/www/html"
-        "${DATA_PATH}/data/music:/media/music"
-        "${DATA_PATH}/data/video:/media/video"
-        "${DATA_PATH}/data/photo:/media/photo"
+        "${serverCfg.configPath}/data/nextcloud:/var/www/html"
+        "${serverCfg.dataPath}/data/music:/media/music"
+        "${serverCfg.dataPath}/data/video:/media/video"
+        "${serverCfg.dataPath}/data/photo:/media/photo"
      ];
      tmpfs = [ "/tmp" ];
      labels = {
        "traefik.enable" = "true";
        "traefik.http.routers.nextcloud.entrypoints" = "web-secure";
-        "traefik.http.routers.nextcloud.rule" = "Host(`cloud.${HOST_DOMAIN}`)";
+        "traefik.http.routers.nextcloud.rule" =
+          "Host(`cloud.${serverCfg.hostDomain}`)";
        "traefik.http.routers.nextcloud.tls" = "true";
        "traefik.http.routers.nextcloud.middlewares" =
          "sts_headers,nextcloud-caldav";
@@ -60,21 +58,22 @@ in {
      environment = {
        username = "COLLABORA_USER";
        password = "COLLABORA_PASSWORD";
-        aliasgroup1 = "https://cloud.${HOST_DOMAIN}";
-        server_name = "office.${HOST_DOMAIN}";
-        VIRTUAL_HOST = "office.${HOST_DOMAIN}";
+        aliasgroup1 = "https://cloud.${serverCfg.hostDomain}";
+        server_name = "office.${serverCfg.hostDomain}";
+        VIRTUAL_HOST = "office.${serverCfg.hostDomain}";
        VIRTUAL_PORT = "9980";
        VIRTUAL_PROTO = "http";
        DONT_GEN_SSL_CERT = "true";
        RESOLVE_TO_PROXY_IP = "true";
        NETWORK_ACCESS = "internal";
        extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
-        dictionaries = "en fr de jp no";
+        dictionaries = "en fr de jp";
      };
      labels = {
        "traefik.enable" = "true";
        "traefik.http.routers.collabora.entrypoints" = "web-secure";
-        "traefik.http.routers.collabora.rule" = "Host(`office.${HOST_DOMAIN}`)";
+        "traefik.http.routers.collabora.rule" =
+          "Host(`office.${serverCfg.hostDomain}`)";
        "traefik.http.routers.collabora.tls" = "true";
      };
    };
@@ -85,15 +84,15 @@ in {
      restart = "unless-stopped";
      networks = [ "external" ];
      volumes = [
-        "${DATA_PATH}/ether/etherpad/data:/opt/etherpad-lite/var"
-        "/${DATA_PATH}/ether/etherpad/APIKEY.txt:/opt/etherpad-lite/APIKEY.txt"
+        "${serverCfg.dataPath}/ether/etherpad/data:/opt/etherpad-lite/var"
+        "${serverCfg.dataPath}/ether/etherpad/APIKEY.txt:/opt/etherpad-lite/APIKEY.txt"
      ];
      environment = {
        NODE_ENV = "production";
        TITLE = "Helcel-Pad";
        DB_TYPE = "mysql";
-        DB_HOST = DB_HOST;
-        DB_PORT = DB_PORT;
+        DB_HOST = serverCfg.dbHost;
+        DB_PORT = serverCfg.dbPort;
        DB_NAME = "etherpad";
        DB_USER = "ETHERPAD_DB_USER";
        DB_PASS = "ETHERPAD_DB_PASSWORD";
@@ -107,7 +106,8 @@ in {
      labels = {
        "traefik.enable" = "true";
        "traefik.http.routers.etherpad.entrypoints" = "web-secure";
-        "traefik.http.routers.etherpad.rule" = "Host(`pad.${HOST_DOMAIN}`)";
+        "traefik.http.routers.etherpad.rule" =
+          "Host(`pad.${serverCfg.hostDomain}`)";
        "traefik.http.routers.etherpad.tls" = "true";
      };
    };
@@ -118,13 +118,13 @@ in {
      restart = "unless-stopped";
      networks = [ "external" "internal" ];
      volumes = [
-        "${DATA_PATH}/ether/etherpad/data:/opt/etherpad-lite/var"
-        "/${DATA_PATH}/ether/etherpad/APIKEY.txt:/opt/etherpad-lite/APIKEY.txt"
+        "${serverCfg.dataPath}/ether/etherpad/data:/opt/etherpad-lite/var"
+        "${serverCfg.dataPath}/ether/etherpad/APIKEY.txt:/opt/etherpad-lite/APIKEY.txt"
      ];
      environment = {
        NODE_ENV = "production";
        TITLE = "Helcel-Calc";
-        REDIS_PORT_6379_TCP_ADDR = "redis";
+        REDIS_PORT_6379_TCP_ADDR = "ethercalc-redis";
        REDIS_PORT_6379_TCP_PORT = "6379";
        ADMIN_PASSWORD = "ETHERPAD_ADMIN_PASSWORD";
        SKIN_VARIANTS = "super-dark-toolbar light-editor dark-background";
@@ -132,7 +132,8 @@ in {
      labels = {
        "traefik.enable" = "true";
        "traefik.http.routers.ethercalc.entrypoints" = "web-secure";
-        "traefik.http.routers.ethercalc.rule" = "Host(`calc.${HOST_DOMAIN}`)";
+        "traefik.http.routers.ethercalc.rule" =
+          "Host(`calc.${serverCfg.hostDomain}`)";
        "traefik.http.routers.ethercalc.tls" = "true";
      };
    };
@@ -142,7 +143,7 @@ in {
      container_name = "ethercalc-redis";
      restart = "unless-stopped";
      networks = [ "internal" ];
-      volumes = [ "${DATA_PATH}/ether/ethercalc/redis:/data" ];
+      volumes = [ "${serverCfg.dataPath}/ether/ethercalc/redis:/data" ];
      environment = { };
      labels = { "traefik.enable" = "false"; };
    };
--- a/systems/avalon/server/docker/sample.nix
+++ b/systems/avalon/server/docker/sample.nix
@@ -1,20 +1,17 @@
-{ pkgs, ... }:
-let
-  HOST_DOMAIN = "helcel.net";
-  DB_HOST = "10.10.1.2";
-  DB_PORT = "3306";
-  MAIL_HOST_DOMAIN = "norereply.${HOST_DOMAIN}";
-  MAIL_SERVER_DOMAIN = "mail.infomaniak.com";
-  DATA_PATH = "/media/data/";
+{ config, pkgs, lib, ... }:
+let serverCfg = config.syscfg.server;
 in {
-  project.name = "NEW";
+  project.name = "name";

  networks = {
    internal = {
+      name = lib.mkForce "internal";
      internal = true;
-      external = false;
    };
-    external = { external = true; };
+    external = {
+      name = lib.mkForce "external";
+      internal = false;
+    };
  };

  services = {
--- a/modules/server/docker/traefik.nix
+++ b/modules/server/docker/traefik.nix
@@ -0,0 +1,81 @@
+{ config, pkgs, ... }: {
+  project.name = "traefik";
+
+  networks = {
+    internal = {
+      name = lib.mkForce "internal";
+      internal = true;
+    };
+    external = {
+      name = lib.mkForce "external";
+      internal = false;
+    };
+  };
+
+  services = {
+
+    traefik.service = {
+      image = "traefik:latest";
+      container_name = "traefik";
+      restart = "unless-stopped";
+      networks = [ "internal" "external" ];
+      command = [
+        "--api"
+        "--providers.docker=true"
+        "--entrypoints.web.address=:80"
+        "--entrypoints.web-secure.address=:443"
+      ];
+      port = [ "443" "80" ];
+      volumes = [
+        "/var/run/docker.sock:/var/run/docker.sock:ro"
+        "${serverCfg.configPath}/traefik/traefik.yaml:/etc/traefik/traefik.yaml"
+        "${serverCfg.configPath}/traefik/access.log:/etc/traefik/access.log"
+        "${serverCfg.configPath}/traefik/acme.json:/acme.json"
+      ];
+      environment = {
+        "INFOMANIAK_ACCESS_TOKEN" = config.sops.secrets.INFOMANIAK_API_KEY.path;
+      };
+      labels = { "traefik.enable" = "false"; };
+    };
+
+    matomo.service = {
+      image = "matomo:latest";
+      container_name = "matomo";
+      restart = "unless-stopped";
+      networks = [ "external" ];
+      volumes = [
+        "/etc/localtime:/etc/localtime:ro"
+        "${serverCfg.configPath}/matomo:/var/www/html/config:rw"
+        "${serverCfg.configPath}/traefik/access.log:/var/log/taccess.log:ro"
+      ];
+      environment = { };
+      labels = {
+        "traefik.http.routers.matomo.rule" =
+          "Host(`matomo.${serverCfg.hostDomain}`)";
+        "traefik.http.routers.matomo.entrypoints" = "web-secure";
+        "traefik.http.routers.matomo.tls" = "true";
+      };
+    };
+
+    searx.service = {
+      image = "searxng/searxng:latest";
+      container_name = "searx";
+      restart = "unless-stopped";
+      networks = [ "external" ];
+      volumes = [ "/etc/localtime:/etc/localtime:ro" ];
+      environment = {
+        "BASE_URL" = "https://searx.${serverCfg.hostDomain}";
+        "AUTOCOMPLETE" = "true";
+        "INSTANCE_NAME" = "searx${serverCfg.shortName}";
+      };
+      labels = {
+        "traefik.http.routers.matomo.rule" =
+          "Host(`searx.${serverCfg.hostDomain}`)";
+        "traefik.http.routers.matomo.entrypoints" = "web-secure";
+        "traefik.http.routers.matomo.tls" = "true";
+      };
+    };
+
+  };
+}
+
--- a/modules/server/sops/default.nix
+++ b/modules/server/sops/default.nix
@@ -0,0 +1,10 @@
+{ config, pkgs, ... }: {
+  sops.secrets.INFOMANIAK_API_KEY = { sopsFile = ./server.yaml; };
+  sops.secrets."${config.syscfg.hostname}_ssh_pub" = {
+    mode = "0400";
+    owner = config.users.users.${config.syscfg.defaultUser}.name;
+    group = config.users.users.${config.syscfg.defaultUser}.group;
+  };
+  sops.secrets."${config.syscfg.hostname}_wg_priv" = { };
+  sops.secrets."${config.syscfg.hostname}_wg_pub" = { };
+}
--- a/modules/server/sops/server.yaml
+++ b/modules/server/sops/server.yaml
@@ -0,0 +1,68 @@
+INFOMANIAK_API_KEY: ENC[AES256_GCM,data:QhjQoCMxogXAPtvUbf/EWkqsFAndn73LBuTqj5essjruekynH287D/CYN/cwfcnDqZoh6Z4A9p08uUmXzqmTiralAhsCoc+Ljb/monmsruc=,iv:8rMGNc9398jnFXZm34fOht6fMNDAcDZ68B1jwoQPn2Q=,tag:ZlQnPaxkCktpwiC6HzmFVg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZk1VY3NEZmRkS0J6dU03
+            OUtETWpHL2hLN09kRytNUEhmVnA5WW9yVXlNCmZaZnQ2YUlMMmlrZ2dEZDVFMHA5
+            OUpqOTJJbHVVREtpSFUyaDJDbXltaTgKLS0tIFY0ZkF3Ym5oeHViN3J4eW4vSVYz
+            QkhuU0NLWElyVXpZd2ZpOHhwam04R28KFuaI35e8pB25M2dlP19gApso12ZYJ3ld
+            BpMnp97ShX0I8bZRIYxSHpSrB/J+tt1V4pfGdJq7uWZM7XacPy666A==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ms8f0ysv6vakxepvt69fejczs6tddexepesdv4rkgtheehj3nu4sc6290s
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuZXNjRzJsdFpTdDZhSkRB
+            eW1qSStnZHN5Tzh3bFA1azZIRk42V1RzSTJJCi9MV0k5ZXNQOWJFYnlXdnB3azBL
+            NzNldkFLWlEyT01MeWlFU3RKODU4dWcKLS0tIFJXL1ZsNDgydTgxVGRMYWxyQTNT
+            K1M0TDd1eGd1V3pOcjl1M1VrdDUvbG8KpsWlrr14MOh/8mG+rXpswPPFE3VnpKGt
+            03DWUII3+MMEWLJPLxkNJ9BzCm4Kl1QNHSbJ7Ex6df0b7nB6Ed6Hvw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5U1VjTjlIMTdLRFQ5R1Av
+            SVBLMFZtV3ppK2VXWjdYelNGTGFOZUJaMndBCjYyZ0IveXFiVDlSUEtNOXk2L3g3
+            UmFIRE1GMEs2QVhUcFJkTHpCWmhhbG8KLS0tIG94NStMUnFZRTRsK2w4cDd4Rms5
+            M1MwTEtJNEFDdjRLVFRseThxNGJUQ0kKKN7QX9qUojNQBknbInaXslaKsAAhEj5y
+            QMXAU6TxlHMv+wZy2RQwMe/zE7RP24TypnX894iV0usTHujyxvfk3w==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUHFYMWdVczRPdEFSbFR5
+            VmcxeEU4YWxwRTlDUkRkNVY0dFh5cjVUNjNnCkRSblNaS214dkdrd3JnNE5rZnR3
+            S0JVeXova1h2VnB2ODY0SUYxZm45TjAKLS0tIFN1QXFyTkt3SmV0UVhGMlMxTmpN
+            VW83cnd2TnQwWlVCUnpzZ29NRE1SekUKBGVCaijugxR6eSxvk19nncR9X6bmSSUq
+            VoxtHBkJbz/4mcQ/SUb4Wv1Rt5875tLWygS7qKmh8jzoP7JI4E9qWQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-05-08T16:05:46Z"
+    mac: ENC[AES256_GCM,data:X6AUVWJRcwH45W9NoQxI8Lp6l+5RFpgCNB6cdUZZODHDdTUMt9a6wr9YfU56C7QkdlxXdj6xCOCscJtw/WY2Y+XchWXaUVZZsoZ9xUo28aksUtHSyE9WJBHCeSqss79IW6k/GeDPiDOfz4om+udDvtdpyKbtvbw2a+K5st+62d4=,iv:REGTavU8DkalUbfO1J2+VccYnRRrOqstSFq/RU7Co5Q=,tag:2t8mwqa76kVQyeWS85zXsA==,type:str]
+    pgp:
+        - created_at: "2024-05-08T15:46:52Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA6R3Y9nD7qMBAQ//bYK5gdxv8fNvG6P4GrD27gQRQXhLGF2+hS54sqEqjeN8
+            NZpHVbNNRR3AggOkT7QY1JO8bOhWscefH1vvBmBuODzh5Fw42t4zNPEDjWZEetxa
+            rClbLEvo7Kz8UKCNb9JIeYx7cr8sPWCmg4GvV1wGjhjr+u5ovuheORnHl+qoLsqv
+            P12PV7VzwC52v92GWiu9LRJqfqZra5GjUXGVXzBcZ9i6CnUDejzssWjhO/fmzKum
+            GbGIi9sf3RmVYsUASDgRBmVAZC3KF7RLi0L6WY0etRocAaWSAgnU1lZ04E8ZtLjk
+            DlCtIpreJ1H0Ym+5EXB94PG0KZjayxKc20YDQ+yYwwSmiCVaUCLlYX2BOoncUYFF
+            MxVgWYwn14R5jyGbh4NyiBxPGHvIUx5RCIo70pMgS6W5ALZYTcNDLF82mj1xTOTy
+            bcuaa7FCuXJif457LCe5TcAa5WYDgKX8pUKzFRhWIckcGwgFCUB0Z7+L9L7F0yt/
+            YZd71cY0Lxlwi61CnWgZZMx2FFpHyBCEmF1A180KUtB1jSkS/AVmlM2z9I0QsR62
+            fTFIaqimPMjUzbuTs0QjUXf8OJZo0/cwo9XeGyCBtJTg7cLdsOFouqfvXhvkdCrR
+            xCLE2Ke5jwmoPKs1t+YpwMMzB57j/rluZCgiz45w7YDXKf4gEp2ra9siFiC/y9PS
+            XgEPymUiDZY0w9S5oGr94cNc6LQId16Zgt1vWHLzgg8QZqkxLTBjUXXc7aoCISQp
+            AwUE62KJucVvWjB3kcgDbNvaDWWC5O48zUavmzkmmP1sqKf0gO/XG52PDG/DF3Y=
+            =cs0r
+            -----END PGP MESSAGE-----
+          fp: 4E241635F8EDD2919D2FB44CA362EA0491E2EEA0
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/modules/shared/colors/default.nix
+++ b/modules/shared/colors/default.nix
@@ -1,5 +1,5 @@
 { config, ... }: {
-  imports = [ ./sorahiro_soft.nix ];
+  imports = [ ./sorahiro.nix ];

  colorScheme.palette.border-radius = "#8";
  colorScheme.palette.border-width = "#2";
--- a/modules/shared/colors/sorahiro.nix
+++ b/modules/shared/colors/sorahiro.nix
@@ -0,0 +1,67 @@
+{ nix-colors, ... }: 
+let use_pastelle = true;
+in{
+  # usage:  a = "#${config.colorScheme.palette.base00}";
+
+  colorScheme = {
+    slug = "sorahiro";
+    name = "sorahiro";
+    author = "Soraefir @ Helcel";
+    variant = "dark";
+    palette = rec {
+      # Format: Name, Pantone, RAL
+      base00 = "#000000"; # Black / 419C / 9005
+      base01 = "#060a0f"; # Rich Black / 532C / 9005
+      base02 = "#212c38"; # Yankees Blue / 433C / 5011
+      base03 = "#3f5268"; # Police Blue  / 432C / 5000
+      base04 = "#617b9a"; # Slate Gray  / 5415C / 5014
+      base05 = "#90a7c1"; # Pewter Blue / 535C / 5024
+      base06 = "#c9d3df"; # Columbia Blue / 538C / 7047
+      base07 = "#fcfcfc"; # Lotion / 663C / 9016
+      alt00 = "#000000"; # Black / 419C / 9005
+      alt01 = "#0c0906"; # Vampire Black  / 419C / 9005
+      alt02 = "#312920"; # Pine Tree / 440C / 6022
+      alt03 = "#5b4e3e"; # Olive Drab Camouflage / 411C / 7013
+      alt04 = "#887660"; # Shadow / 404C / 7002
+      alt05 = "#b8a083"; # Pale Taupe / 480C / 1019
+      alt06 = "#e1cfb9"; # Desert Sand / 482C / 1015
+      alt07 = "#fcfcfc"; # Lotion / 663C / 9016
+
+      base08 = if use_pastelle then low08 else high08;
+      base09 = if use_pastelle then low09 else high09;
+      base0A = if use_pastelle then low0A else high0A;
+      base0B = if use_pastelle then low0B else high0B;
+      base0C = if use_pastelle then low0C else high0C;
+      base0D = if use_pastelle then low0D else high0D;
+      base0E = if use_pastelle then low0E else high0E;
+      base0F = if use_pastelle then low0F else high0F;
+
+      high08 = "#f09732"; # Deep Saffron / 804C / 1033
+      high09 = "#f2d831"; # Dandelion / 114C / 1016
+      high0A = "#98f12f"; # Green Lizard  / 375C / 6038
+      high0B = "#34f4f0"; # Fluorescent Blue  / 3252C / 6027
+      high0C = "#3193f5"; # Brilliant Azure / 2727C / 5015
+      high0D = "#c156f6"; # Blue-Violet / 2592C / 4006
+      high0E = "#f62ac0"; # Royal Pink / 807C / 4010
+      high0F = "#f42060"; # Deep Carmine Pink / 1925C / 3018
+      alt_high08 = "#f66824"; # Orange-Red / 165C / 2008
+      alt_high0B = "#41f3a4"; # Eucalyptus / 3395C / 6037
+      alt_high0C = "#2abef8"; # Spiro Disco Ball / 298C / 5012
+      alt_high0D = "#837ff5"; # Violets Are Blue / 814C / 4005
+
+      low08 = "#ffac56"; # Rajah  / 150C / 1017
+      low09 = "#feea74"; # Shandy  / 127C / 1016
+      low0A = "#bffe8a"; # Menthol  / 374C / 6018
+      low0B = "#4cfefa"; # Electric Blue / 3252C / 6027
+      low0C = "#62acfd"; # Blue Jeans / 279C / 5012
+      low0D = "#9b9bfd"; # Maximum Blue Purple  / 2715C / 4005
+      low0E = "#fe9bda"; # Lavender Rose / 223C / 4003
+      low0F = "#fc8999"; # Tulip / 1775C / 3014
+      alt_low08 = "#fe946a"; # Atomic Tangerine / 811C / 1034
+      alt_low0B = "#87febf"; # Aquamarine / 353C / 6019
+      alt_low0C = "#38c3fd"; # Picton Blue / 298C / 5012
+      alt_low0D = "#dca2ff"; # Mauve / 2572C / 4005
+
+    };
+  };
+}
--- a/modules/shared/colors/sorahiro_hard.nix
+++ b/modules/shared/colors/sorahiro_hard.nix
@@ -1,29 +0,0 @@
-{ nix-colors, ... }: {
-  # usage:  a = "#${config.colorScheme.palette.base00}";
-
-  colorScheme = {
-    slug = "sorahiro-hard";
-    name = "sorahiro-hard";
-    author = "Soraefir @ Helcel";
-    variant = "dark";
-    palette = {
-      # Format: Name, Pantone, RAL
-      base00 = "#030B12"; # Rich Black / 6C / 000-15-00
-      base01 = "#0C1D2E"; # Maastricht Blue / 5395C / 270-20-15
-      base02 = "#203A53"; # Japanese Indigo / 534C / 260-20-20
-      base03 = "#425F7C"; # Deep Space Sparkle / 7699C / 260-40-20
-      base04 = "#93A9BE"; # Pewter Blue / 535C / 260-70-15
-      base05 = "#B6C5D5"; # Pastel Blue / 5445C / 260-80-10
-      base06 = "#D6DFE8"; # Gainsboro / 642C / 260-90-05
-      base07 = "#F0F3F7"; # White / 656C / 290-92-05
-      base08 = "#F59331"; # Deep Saffron / 715C / 070-70-70
-      base09 = "#F5F531"; # Maximum Yellow / 394C / 100-80-80
-      base0A = "#93F531"; # French Lime / 7488C / 120-70-75
-      base0B = "#31F593"; # Eucalyptus / 3385C / 160-70-50
-      base0C = "#3193F5"; # Brilliant Azure / 2727C / 280-50-40
-      baseOD = "#9331F5"; # Blue-Violet / 7442C / 300-40-45
-      base0E = "#F53193"; # Royal Pink / 232C / 350-50-50
-      base0F = "#F53131"; # Deep Carmine Pink / 1788C / 040-50-70
-    };
-  };
-}
--- a/modules/shared/colors/sorahiro_soft.nix
+++ b/modules/shared/colors/sorahiro_soft.nix
@@ -1,29 +0,0 @@
-{ nix-colors, ... }: {
-  # usage:  a = "#${config.colorScheme.palette.base00}";
-
-  colorScheme = {
-    slug = "sorahiro-soft";
-    name = "sorahiro-soft";
-    author = "Soraefir @ Helcel";
-    variant = "dark";
-    palette = {
-      # Format: Name, Pantone, RAL
-      base00 = "#030B12"; # Rich Black / 6C / 000-15-00
-      base01 = "#0C1D2E"; # Maastricht Blue / 5395C / 270-20-15
-      base02 = "#203A53"; # Japanese Indigo / 534C / 260-20-20
-      base03 = "#425F7C"; # Deep Space Sparkle / 7699C / 260-40-20
-      base04 = "#93A9BE"; # Pewter Blue / 535C / 260-70-15
-      base05 = "#B6C5D5"; # Pastel Blue / 5445C / 260-80-10
-      base06 = "#D6DFE8"; # Gainsboro / 642C / 260-90-05
-      base07 = "#F0F3F7"; # White / 656C / 290-92-05
-      base08 = "#F5B97D"; # Mellow Apricot / 156C / 070-80-40
-      base09 = "#F5F57D"; # Sunny / 393C / 100-90-50
-      base0A = "#B9F57D"; # Yellow-Green / 373C / 120-80-60
-      base0B = "#7DF5B9"; # Aquamarine / 3375C / 150-80-40
-      base0C = "#7DB9F5"; # Light Azure / 278C / 250-70-30
-      base0D = "#B97DF5"; # Lavender / 2572C / 310-60-35
-      base0E = "#F57DB9"; # Persian Pink / 211C / 350-60-45
-      base0F = "#F57D7D"; # Light Coral / 170C / 030-60-50
-    };
-  };
-}
--- a/modules/shared/sops/common.yaml
+++ b/modules/shared/sops/common.yaml
--- a/modules/shared/sops/default.nix
+++ b/modules/shared/sops/default.nix
@@ -0,0 +1,32 @@
+{ config, pkgs, ... }:
+let
+  isCI = builtins.elem config.syscfg.hostname [ "ci" "sandbox" ];
+  keyFilePath = (if isCI then
+    "/var/lib/sops-nix/mock-key.txt"
+  else
+    "/var/lib/sops-nix/age-key.txt");
+  sopsFilePath = (if isCI then ./mock.yaml else ./common.yaml);
+in {
+  environment.systemPackages = with pkgs; [ sops ];
+  environment.sessionVariables.SOPS_AGE_KEY_FILE = keyFilePath;
+
+  sops.defaultSopsFile = sopsFilePath;
+  sops.age.keyFile = keyFilePath;
+  sops.age.generateKey = true;
+
+  sops.secrets.wifi = { };
+
+  sops.secrets."${config.syscfg.hostname}_ssh_priv" = {
+    mode = "0400";
+    owner = config.users.users.${config.syscfg.defaultUser}.name;
+    group = config.users.users.${config.syscfg.defaultUser}.group;
+  };
+  sops.secrets."${config.syscfg.hostname}_ssh_pub" = {
+    mode = "0400";
+    owner = config.users.users.${config.syscfg.defaultUser}.name;
+    group = config.users.users.${config.syscfg.defaultUser}.group;
+  };
+  sops.secrets."${config.syscfg.hostname}_wg_priv" = { };
+  sops.secrets."${config.syscfg.hostname}_wg_pub" = { };
+
+}
--- a/modules/shared/sops/mock-key.txt
+++ b/modules/shared/sops/mock-key.txt
@@ -0,0 +1,3 @@
+# created: 2024-04-14T10:26:26+02:00
+# public key: age13qv9dn9806paqgpjwmmkwtdzvv4qpv0ulksq0epnn8ufaxeug5zskyas3z
+AGE-SECRET-KEY-19S8CC56JLVRDNAUR9TVXEDWAV7MLVPDY3JMQUEAZSQNUGE53VJMS6EET89
--- a/modules/shared/sops/mock.yaml
+++ b/modules/shared/sops/mock.yaml
@@ -0,0 +1,30 @@
+ci_ssh_priv: ENC[AES256_GCM,data:3Fd7HtFzD+0Pm0qnmaNeivSrEJnH6A3CzLrSyYD4J1rpdHCYdFB2hbZAB5HF3yeCMlyqnApGHxi+9jN8FI54SzwqJQAgSZvKrkBhrs4JIQxPU0ZhOQHvneWYnA==,iv:NbLyzilDIH5cT3SC0SLaOn0alxXSIyZ/4Tr1zSBjIjI=,tag:xGfI8QRlkj4OZDVuV21Kcg==,type:str]
+ci_ssh_pub: ENC[AES256_GCM,data:6BVY3GS9lMLR/dYNxyldcBJe1DrjG/yHjqfCIw==,iv:VZOA/Q9zmbMnf9DsXN90er+tSnJ+syg3QabDuDal92Q=,tag:+xwHADgq22cV5ai9xd6ceQ==,type:str]
+ci_wg_priv: ENC[AES256_GCM,data:uA4eiEhQbbhLkrTyhRX4Tg==,iv:uHbrAq/mSQ6TtMqGhJez3d13u9ZK1S92w49ntXvbA3g=,tag:KwjiYrnuQxrydVKKV4xN4A==,type:str]
+ci_wg_pub: ENC[AES256_GCM,data:MBIdTEkyJBvbTtYrQYS8,iv:GD3xmJEyD9yZaV72GubGCBi8BW74zmSr2hOl123g0mM=,tag:ekUniuYPCSxwlmB1yUbo4w==,type:str]
+sandbox_ssh_priv: ENC[AES256_GCM,data:OG5ZsSQFEbUKLXtHF9MAHWYwnxBM0EyVyj54sPs9XEsFaRXq3WDa+ANnpVqBLtw6cPodLQHyJ5tY/Hr1rdINNGyLPEz/Zm3K7vz6iXUeThAKDhYaCH4vccFFtQ==,iv:2NbVjpKTyyiY4rtC/A6s2nABo5p0VAWtzC6b6TrHkvI=,tag:sO+SUMws8HncC9dmeiJPSg==,type:str]
+sandbox_ssh_pub: ENC[AES256_GCM,data:6bwJAmLuN0dhC8OiBW8qL2Ejt70a2ar02YTAqimnhcez,iv:/QMFyKaa3nOq1GrLNydq+Q8kS52fK6wsB3MioZN/qVM=,tag:XxcTX/REbHl5MKtRecjM2g==,type:str]
+sandbox_wg_priv: ENC[AES256_GCM,data:8d+WCtyGoEH3/4q1DZImUw==,iv:3efDzVFVCqv6yCNgBEXfQ19oh2bZLPO8my33uBgviW0=,tag:+WNPB7b6tVTzDlSVziDO2w==,type:str]
+sandbox_wg_pub: ENC[AES256_GCM,data:rpxkijFKzyKx3uhEa/+j,iv:UULKRJvU0lktwmKGcIP/sRAZb0j2e0iL40o3DkSv/+U=,tag:OWHbfFPbTY6l3Bu/og78Bg==,type:str]
+PGP_KEY: ENC[AES256_GCM,data:IVhL/l0JSPcefX1z,iv:/tOEukP7LiNhhdSw870vPeUGhN2lse2v1pZ5fJQglc0=,tag:++NUJeRhsDE9eRsbKu8Ldw==,type:str]
+wifi: ENC[AES256_GCM,data:SV3yNB/0dBqggh0kOKU98Nodd0VS4K8kTqg7aLyeAg==,iv:w4nspNxswHl2CZ7diPUzupzotfjskzp91NIq4f0v0UM=,tag:7nUHijRlEgyliWn2ZuZo/Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age13qv9dn9806paqgpjwmmkwtdzvv4qpv0ulksq0epnn8ufaxeug5zskyas3z
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZd0c5ZjZCb0Z6ZXlKaFph
+            S25LcnFaM3NueUdxOEkwQWRVYjZwNEx1TnpVCkJ1RnJsV2IwNWd5RVJBU2pOUnRa
+            UEcrdDVHUnZ3Zng4UVNWZjNhSzRmRGcKLS0tIEpMMGJCZmkrcnFwWjM4ZVF6VmJN
+            aFplU05pYXpPQWZRY202bVhFd3pHdHcKfauUQhzuUwpoaSlky+PlsOTrVQjyCSxi
+            NYlJ7ScbxzJsqTqJbZnD+lbSdWK2XVKXy1Vn4hR0C0WF7g2Y7CU7tg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-04-14T21:03:55Z"
+    mac: ENC[AES256_GCM,data:W9kM3AaHcZcqVtT4qRpMRYKgmA9pBikAPhdKiPR/Y+0MSjY4c9LPeTBeS1vZzUaTgRHmNh/ns6I9SBO36Hio5qI6m/pjNdr9GfFbBpbnY+5mer6YTitq47TVySC9v+BRkES4A34h1Ky5yvJSDlz2kJfO/WVWllaQd0dxq8rgAU8=,iv:cRxgGKhD6KqXKpK4E12lWIIj99hBFSmGzSIv9LmYEyg=,tag:QXcswnB7GavGrBy1dFpQlQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/modules/shared/syscfg/default.nix
+++ b/modules/shared/syscfg/default.nix
@@ -0,0 +1,125 @@
+{ inputs, lib, ... }:
+let
+  userOpt = with lib; {
+    username = mkOption { type = types.str; };
+    wm = mkOption {
+      type = types.enum [ "Wayland" "X11" "-" ];
+      default = "-";
+    };
+    git = {
+      username = mkOption { type = types.str; };
+      email = mkOption { type = types.str; };
+      key = mkOption { type = types.str; };
+    };
+  };
+  netOpt = with lib; {
+    ble = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+      };
+    };
+    wlp = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+      };
+      nif = mkOption {
+        type = types.str;
+        default = "";
+      };
+    };
+    wg = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+      };
+      ip4 = mkOption {
+        type = types.str;
+        default = "";
+      };
+      ip6 = mkOption {
+        type = types.str;
+        default = "";
+      };
+    };
+  };
+  makeOpt = with lib; {
+    cli = mkOption {
+      type = types.bool;
+      default = true;
+    };
+    gui = mkOption {
+      type = types.bool;
+      default = false;
+    };
+    virt = mkOption {
+      type = types.bool;
+      default = true;
+    };
+    power = mkOption {
+      type = types.bool;
+      default = false;
+    };
+    game = mkOption {
+      type = types.bool;
+      default = false;
+    };
+    develop = mkOption {
+      type = types.bool;
+      default = false;
+    };
+  };
+  serverOpt = with lib; {
+    hostDomain = mkOption { type = types.str; };
+    shortName = mkOption { type = types.str; };
+    mailDomain = mkOption { type = types.str; };
+    mailServer = mkOption { type = types.str; };
+
+    dbHost = mkOption {
+      type = types.str;
+      default = "localhost";
+    };
+    dbPort = mkOption {
+      type = types.str;
+      default = "3306";
+    };
+
+    configPath = mkOption {
+      type = types.str;
+      default = "/media/config";
+    };
+    dataPath = mkOption {
+      type = types.str;
+      default = "/media/data";
+    };
+
+  };
+in with lib; {
+  options.usercfg = userOpt;
+  options.syscfg = {
+    hostname = mkOption { type = types.str; };
+    type = mkOption {
+      type = types.enum [ "nixos" "macos" "home" ];
+      default = "nixos";
+    };
+    system = mkOption {
+      type = types.enum [ "x86_64-linux" "x86_64-darwin" "-" ];
+      default = "x86_64-linux";
+    };
+    defaultUser = mkOption { type = types.str; };
+    make = makeOpt;
+    net = netOpt;
+    users = mkOption {
+      type = types.listOf (types.submodule { options = userOpt; });
+      default = [ ];
+    };
+    server = mkOption {
+      type = types.oneOf [
+        (types.attrs)
+        (types.submodule { options = serverOpt; })
+      ];
+      default = { };
+    };
+  };
+}
--- a/overlays/bambu-studio/default.nix
+++ b/overlays/bambu-studio/default.nix
@@ -0,0 +1,10 @@
+{ final, prev, ... }:
+prev.bambu-studio.overrideAttrs (oldAttrs: rec{
+    version = "02.00.01.50";
+    src = prev.fetchFromGitHub {
+        owner = "bambulab";
+        repo = "BambuStudio";
+        rev = "v${version}";
+        hash = "sha256-7mkrPl2CQSfc1lRjl1ilwxdYcK5iRU//QGKmdCicK30=";
+    };
+})
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -1,7 +1,14 @@
-{ pkgs, ... }:
+{ inputs, pkgs, ... }:
 [
  (final: prev: {
    openttd-jgrpp = import ./openttd-jgrpp { inherit final prev; };
    yarn-berry = import ./yarn-berry { inherit final prev; };
+    eww = import ./eww { inherit final prev; };
+    bambu-studio = import ./bambu-studio { inherit final prev; };
+    wine = final.unstable.wineWow64Packages.unstableFull;
+    unstable = import inputs.nixUnstable {
+      system = final.system;
+      config.allowUnfree = true;
+    };
  })
 ]
--- a/overlays/eww/default.nix
+++ b/overlays/eww/default.nix
@@ -0,0 +1,23 @@
+{ final, prev, ... }:
+let old = prev.eww;
+in final.rustPlatform.buildRustPackage rec {
+  pname = "eww";
+  version = "98c220126d912b935987766f56650b55f3e226eb";
+
+  src = prev.fetchFromGitHub {
+    owner = "elkowar";
+    repo = "eww";
+    rev = "${version}";
+    hash = "sha256-zi+5G05aakh8GBdfHL1qcNo/15VEm5mXtHGgKMAyp1U=";
+  };
+
+  cargoHash = "sha256-SEdr9nW5nBm1g6fjC5fZhqPbHQ7H6Kk0RL1V6OEQRdA=";
+
+  nativeBuildInputs = old.nativeBuildInputs;
+  buildInputs = old.buildInputs ++ [ final.libdbusmenu-gtk3 ];
+
+  cargoBuildFlags = old.cargoBuildFlags;
+  cargoTestFlags = old.cargoTestFlags;
+
+  RUSTC_BOOTSTRAP = 1;
+}
--- a/overlays/openttd-jgrpp/default.nix
+++ b/overlays/openttd-jgrpp/default.nix
@@ -1,10 +1,10 @@
 { final, prev, ... }:
 prev.openttd-jgrpp.overrideAttrs (old: rec {
-  version = "0.55.3";
+  version = "0.65.3";
  src = prev.fetchFromGitHub rec {
    owner = "JGRennison";
    repo = "OpenTTD-patches";
    rev = "jgrpp-${version}";
-    hash = "sha256-E1+pXpXNHOu9nPTGSY8baVaKf1Um6IGDjpi1MmENez8=";
+    hash = "sha256-lmDkYrk7qjUSTtCQQCN/pbuLDt3+2RI1K8A1H1GJRjw=";
  };
 })
--- a/overlays/yarn-berry/default.nix
+++ b/overlays/yarn-berry/default.nix
@@ -1,10 +1,10 @@
 { final, prev, ... }:
 prev.yarn-berry.overrideAttrs (old: rec {
-  version = "3.6.3";
+  version = "4.4.0";
  src = prev.fetchFromGitHub {
    owner = "yarnpkg";
    repo = "berry";
    rev = "@yarnpkg/cli/${version}";
-    hash = "sha256-5QEnFalOEMs1bKYDYpFGnF1YwiGuW3ZxstyJAjz1/KQ=";
+    hash = "sha256-X/axXgRsxek2EJ+B4EogAsaTWTZDEF1m5dXOTZ4OnQQ=";
  };
 })
--- a/packages/amdgpu_top/Cargo.lock
+++ b/packages/amdgpu_top/Cargo.lock
--- a/Show More
+++ b/Show More