Lock file maintenance

2024-09-12 00:03:12 +00:00
83 changed files with 944 additions and 1250 deletions
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -12,17 +12,17 @@ jobs:
  build-nixos:
    runs-on: ubuntu-latest
    steps: 
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4
      - name: "Install Nix ❄️"
-        uses: cachix/install-nix-action@v31
+        uses: cachix/install-nix-action@v27
    #  - uses: DeterminateSystems/nix-installer-action@v4
-      - uses: DeterminateSystems/magic-nix-cache-action@v13
+      - uses: DeterminateSystems/magic-nix-cache-action@v7
-      - uses: DeterminateSystems/flake-checker-action@v12
+      - uses: DeterminateSystems/flake-checker-action@v9
      - name: "Install Cachix ❄️"
-        uses: cachix/cachix-action@v17
+        uses: cachix/cachix-action@v15
        with:
          name: helcel
          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
--- a/.gitea/workflows/update.yml
+++ b/.gitea/workflows/update.yml
@@ -13,15 +13,15 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      - name: Install nix
-        uses: DeterminateSystems/nix-installer-action@v22
+        uses: DeterminateSystems/nix-installer-action@v14
        with:
          github-token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
          extra_nix_config: |
            experimental-features = nix-command flakes            
      - name: Update flake.lock
-        uses: DeterminateSystems/update-flake-lock@v28
+        uses: DeterminateSystems/update-flake-lock@v24
        with:
          token: ${{ secrets.GT_TOKEN_FOR_UPDATES }}
          pr-title: "[chore] Update flake.lock"
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -9,57 +9,55 @@ keys:
    - &avalon age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
    - &valinor age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
    - &asgard age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
    - &gateway age1lqvnzlendlmtwgstzrj4xzrwpatwx56k5az5au78fyg99yecwfzs3s6xn6
    - &sandbox age1pf4auk6u2tmefuqpuc6mntr26cp4wcsmlhnn98arzxsp3753ruqsj0jqk3
 creation_rules:
  - path_regex: modules/shared/sops/private/iriy.[a-z]+
    key_groups:
-      - age:
+    - age:
-          - *iriy
+      - *iriy
-        pgp:
+      pgp:
-          - *sora
+      - *sora
  - path_regex: modules/shared/sops/private/avalon.[a-z]+
    key_groups:
-      - age:
+    - age:
-          - *avalon
+      - *avalon
-        pgp:
+      pgp:
-          - *sora
+      - *sora
  - path_regex: modules/shared/sops/private/valinor.[a-z]+
    key_groups:
-      - age:
+    - age:
-          - *valinor
+      - *valinor
-        pgp:
+      pgp:
-          - *sora
+      - *sora
  - path_regex: modules/shared/sops/private/asgard.[a-z]+
    key_groups:
-      - age:
+    - age:
-          - *asgard
+      - *asgard
-        pgp:
+      pgp:
-          - *sora
+      - *sora
  - path_regex: modules/shared/sops/common.[a-z]+
    key_groups:
-      - age:
+    - age:
-          - *valinor
+      - *valinor
-          - *iriy
+      - *iriy
-          - *avalon
+      - *avalon
-          - *asgard
+      - *asgard
-          - *gateway
+      pgp:
-        pgp:
+      - *sora
-          - *sora
+  
  - path_regex: modules/shared/sops/mock.[a-z]+
    key_groups:
-      - age:
+    - age:
-          - *ci
+      - *ci
-          - *sandbox
+
  - path_regex: modules/server/sops/server.[a-z]+
    key_groups:
-      - age:
+    - age:
-          - *avalon
+      - *valinor
-          - *sandbox
+      - *iriy
-
+      - *avalon
-        pgp:
+      - *asgard
-          - *sora
+      pgp:
      - *sora
--- a/flake.lock
+++ b/flake.lock
@@ -1,19 +1,53 @@
 {
  "nodes": {
    "aquamarine": {
      "inputs": {
        "hyprutils": [
          "hyprland",
          "hyprutils"
        ],
        "hyprwayland-scanner": [
          "hyprland",
          "hyprwayland-scanner"
        ],
        "nixpkgs": [
          "hyprland",
          "nixpkgs"
        ],
        "systems": [
          "hyprland",
          "systems"
        ]
      },
      "locked": {
        "lastModified": 1725753098,
        "narHash": "sha256-/NO/h/qD/eJXAQr/fHA4mdDgYsNT9thHQ+oT6KPi2ac=",
        "owner": "hyprwm",
        "repo": "aquamarine",
        "rev": "e4a13203112a036fc7f437d391c7810f3dd5ab52",
        "type": "github"
      },
      "original": {
        "owner": "hyprwm",
        "repo": "aquamarine",
        "type": "github"
      }
    },
    "arion": {
      "inputs": {
        "flake-parts": "flake-parts",
        "haskell-flake": "haskell-flake",
        "hercules-ci-effects": "hercules-ci-effects",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1770259557,
+        "lastModified": 1722825873,
-        "narHash": "sha256-EvZ09k9+mzXAngPzU2K7oLLUDlKoT1numb4bDb3Gtl4=",
+        "narHash": "sha256-bFNXkD+s9NuidZePiJAjjFUnsMOwXb7hEZ4JEDdSALw=",
        "owner": "hercules-ci",
        "repo": "arion",
-        "rev": "9b24cf65c72cb0e9616e437d55e1ac8e5c6bc715",
+        "rev": "90bc85532767c785245f5c1e29ebfecb941cf8c9",
        "type": "github"
      },
      "original": {
@@ -45,11 +79,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1777780666,
+        "lastModified": 1726032244,
-        "narHash": "sha256-8wURyQMdDkGUarSTKOGdCuFfYiwa3HbzwscUfn3STDE=",
+        "narHash": "sha256-3VvRGPkpBJobQrFD3slQzMAwZlo4/UwxT8933U5tRVM=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "8c62fba0854ba15c8917aed18894dbccb48a3777",
+        "rev": "f4f18f3d7229845e1c9d517457b7a0b90a38b728",
        "type": "github"
      },
      "original": {
@@ -67,11 +101,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1769996383,
+        "lastModified": 1722555600,
-        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
+        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
+        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
        "type": "github"
      },
      "original": {
@@ -83,31 +117,31 @@
    "flake-parts_2": {
      "inputs": {
        "nixpkgs-lib": [
-          "nur",
+          "arion",
          "hercules-ci-effects",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1733312601,
+        "lastModified": 1712014858,
-        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
        "type": "github"
      },
      "original": {
-        "owner": "hercules-ci",
+        "id": "flake-parts",
-        "repo": "flake-parts",
+        "type": "indirect"
        "type": "github"
      }
    },
    "hardware": {
      "locked": {
-        "lastModified": 1778143761,
+        "lastModified": 1725885300,
-        "narHash": "sha256-lkesY6x2X2qxlqLM7CT2iM/0rP2JB7fruPN3h8POXmI=",
+        "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=",
        "owner": "nixos",
        "repo": "nixos-hardware",
-        "rev": "3bcaa367d4c550d687a17ac792fd5cda214ee871",
+        "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e",
        "type": "github"
      },
      "original": {
@@ -132,6 +166,28 @@
        "type": "github"
      }
    },
    "hercules-ci-effects": {
      "inputs": {
        "flake-parts": "flake-parts_2",
        "nixpkgs": [
          "arion",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1719226092,
        "narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=",
        "owner": "hercules-ci",
        "repo": "hercules-ci-effects",
        "rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "hercules-ci-effects",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@@ -139,20 +195,183 @@
        ]
      },
      "locked": {
-        "lastModified": 1777851538,
+        "lastModified": 1726036828,
-        "narHash": "sha256-Gp8qwTEYNoy2yvmErVGlvLOQvrtEECCAKbonW7VJef8=",
+        "narHash": "sha256-ZQHbpyti0jcAKnwQY1lwmooecLmSG6wX1JakQ/eZNeM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "cc09c0f9b7eaa95c2d9827338a5eb03d32505ca5",
+        "rev": "8a1671642826633586d12ac3158e463c7a50a112",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-25.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "hyprcursor": {
      "inputs": {
        "hyprlang": [
          "hyprland",
          "hyprlang"
        ],
        "nixpkgs": [
          "hyprland",
          "nixpkgs"
        ],
        "systems": [
          "hyprland",
          "systems"
        ]
      },
      "locked": {
        "lastModified": 1722623071,
        "narHash": "sha256-sLADpVgebpCBFXkA1FlCXtvEPu1tdEsTfqK1hfeHySE=",
        "owner": "hyprwm",
        "repo": "hyprcursor",
        "rev": "912d56025f03d41b1ad29510c423757b4379eb1c",
        "type": "github"
      },
      "original": {
        "owner": "hyprwm",
        "repo": "hyprcursor",
        "type": "github"
      }
    },
    "hyprland": {
      "inputs": {
        "aquamarine": "aquamarine",
        "hyprcursor": "hyprcursor",
        "hyprlang": "hyprlang",
        "hyprutils": "hyprutils",
        "hyprwayland-scanner": "hyprwayland-scanner",
        "nixpkgs": [
          "nixpkgs"
        ],
        "systems": "systems",
        "xdph": "xdph"
      },
      "locked": {
        "lastModified": 1726071051,
        "narHash": "sha256-eZPhLQ8DM8AsP+zM1KmUzxWQaiTpOUbFS1xeOyjgwvg=",
        "ref": "refs/heads/main",
        "rev": "8b9e385943d1a9fd0f8c6070fa1eae507ae26145",
        "revCount": 5213,
        "submodules": true,
        "type": "git",
        "url": "https://github.com/hyprwm/Hyprland"
      },
      "original": {
        "submodules": true,
        "type": "git",
        "url": "https://github.com/hyprwm/Hyprland"
      }
    },
    "hyprland-protocols": {
      "inputs": {
        "nixpkgs": [
          "hyprland",
          "xdph",
          "nixpkgs"
        ],
        "systems": [
          "hyprland",
          "xdph",
          "systems"
        ]
      },
      "locked": {
        "lastModified": 1721326555,
        "narHash": "sha256-zCu4R0CSHEactW9JqYki26gy8h9f6rHmSwj4XJmlHgg=",
        "owner": "hyprwm",
        "repo": "hyprland-protocols",
        "rev": "5a11232266bf1a1f5952d5b179c3f4b2facaaa84",
        "type": "github"
      },
      "original": {
        "owner": "hyprwm",
        "repo": "hyprland-protocols",
        "type": "github"
      }
    },
    "hyprlang": {
      "inputs": {
        "hyprutils": [
          "hyprland",
          "hyprutils"
        ],
        "nixpkgs": [
          "hyprland",
          "nixpkgs"
        ],
        "systems": [
          "hyprland",
          "systems"
        ]
      },
      "locked": {
        "lastModified": 1725997860,
        "narHash": "sha256-d/rZ/fHR5l1n7PeyLw0StWMNLXVU9c4HFyfskw568so=",
        "owner": "hyprwm",
        "repo": "hyprlang",
        "rev": "dfeb5811dd6485490cce18d6cc1e38a055eea876",
        "type": "github"
      },
      "original": {
        "owner": "hyprwm",
        "repo": "hyprlang",
        "type": "github"
      }
    },
    "hyprutils": {
      "inputs": {
        "nixpkgs": [
          "hyprland",
          "nixpkgs"
        ],
        "systems": [
          "hyprland",
          "systems"
        ]
      },
      "locked": {
        "lastModified": 1724966483,
        "narHash": "sha256-WXDgKIbzjYKczxSZOsJplCS1i1yrTUpsDPuJV/xpYLo=",
        "owner": "hyprwm",
        "repo": "hyprutils",
        "rev": "8976e3f6a5357da953a09511d0c7f6a890fb6ec2",
        "type": "github"
      },
      "original": {
        "owner": "hyprwm",
        "repo": "hyprutils",
        "type": "github"
      }
    },
    "hyprwayland-scanner": {
      "inputs": {
        "nixpkgs": [
          "hyprland",
          "nixpkgs"
        ],
        "systems": [
          "hyprland",
          "systems"
        ]
      },
      "locked": {
        "lastModified": 1721324119,
        "narHash": "sha256-SOOqIT27/X792+vsLSeFdrNTF+OSRp5qXv6Te+fb2Qg=",
        "owner": "hyprwm",
        "repo": "hyprwayland-scanner",
        "rev": "a048a6cb015340bd82f97c1f40a4b595ca85cc30",
        "type": "github"
      },
      "original": {
        "owner": "hyprwm",
        "repo": "hyprwayland-scanner",
        "type": "github"
      }
    },
    "nix-colors": {
      "inputs": {
        "base16-schemes": "base16-schemes",
@@ -172,34 +391,18 @@
        "type": "github"
      }
    },
    "nixUnstable": {
      "locked": {
        "lastModified": 1778274207,
        "narHash": "sha256-I4puXmX1iovcCHZlRmztO3vW0mAbbRvq4F8wgIMQ1MM=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "b3da656039dc7a6240f27b2ef8cc6a3ef3bccae7",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1778003029,
+        "lastModified": 1725983898,
-        "narHash": "sha256-q/nkKLDtHIyLjZpKhWk3cSK5IYsFqtMd6UtXF3ddjgA=",
+        "narHash": "sha256-4b3A9zPpxAxLnkF9MawJNHDtOOl6ruL0r6Og1TEDGCE=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "0c88e1f2bdb93d5999019e99cb0e61e1fe2af4c5",
+        "rev": "1355a0cbfeac61d785b7183c0caaec1f97361b43",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-25.11",
+        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
@@ -219,33 +422,13 @@
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1777954456,
        "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nur": {
      "inputs": {
        "flake-parts": "flake-parts_2",
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1778376280,
+        "lastModified": 1726094006,
-        "narHash": "sha256-pL2F2FF2FN7zWr5o/vG7GiYOSjp+DUNyPIYqNaLQFFs=",
+        "narHash": "sha256-YwlRlFQFLpc9IRuO+8D14FIq3CcwnBKUXdRgkBDKWlE=",
        "owner": "nix-community",
        "repo": "nur",
-        "rev": "828688994167eb57628c98fd1d7e1223b079cda1",
+        "rev": "8210b7ea5ea9898784e06367b88658e3f14312e9",
        "type": "github"
      },
      "original": {
@@ -260,8 +443,8 @@
        "darwin": "darwin",
        "hardware": "hardware",
        "home-manager": "home-manager",
        "hyprland": "hyprland",
        "nix-colors": "nix-colors",
        "nixUnstable": "nixUnstable",
        "nixpkgs": "nixpkgs",
        "nur": "nur",
        "sops-nix": "sops-nix"
@@ -271,14 +454,17 @@
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ],
        "nixpkgs-stable": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1777944972,
+        "lastModified": 1725922448,
-        "narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
+        "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
+        "rev": "cede1a08039178ac12957733e97ab1006c6b6892",
        "type": "github"
      },
      "original": {
@@ -286,6 +472,51 @@
        "repo": "sops-nix",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1689347949,
        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
        "owner": "nix-systems",
        "repo": "default-linux",
        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default-linux",
        "type": "github"
      }
    },
    "xdph": {
      "inputs": {
        "hyprland-protocols": "hyprland-protocols",
        "hyprlang": [
          "hyprland",
          "hyprlang"
        ],
        "nixpkgs": [
          "hyprland",
          "nixpkgs"
        ],
        "systems": [
          "hyprland",
          "systems"
        ]
      },
      "locked": {
        "lastModified": 1726046979,
        "narHash": "sha256-6SEsjurq9cdTkITA6d49ncAJe4O/8CgRG5/F//s6Xh8=",
        "owner": "hyprwm",
        "repo": "xdg-desktop-portal-hyprland",
        "rev": "e695669fd8e1d1be9eaae40f35e00f8bd8b64c18",
        "type": "github"
      },
      "original": {
        "owner": "hyprwm",
        "repo": "xdg-desktop-portal-hyprland",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@@ -1,14 +1,13 @@
 {
  description = "SoraFlake";
  inputs = {
-    # Trick renovate into working: "github:NixOS/nixpkgs/nixpkgs-unstable"
+# Trick renovate into working: "github:NixOS/nixpkgs/nixpkgs-unstable"
-    nixUnstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
    hardware.url = "github:nixos/nixos-hardware";
    nur.url = "github:nix-community/nur";
    home-manager = {
-      url = "github:nix-community/home-manager/release-25.11";
+      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
@@ -17,13 +16,14 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    # hyprland = {
+    hyprland = {
-    #   url = "github:hyprwm/Hyprland";
+      url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
-    #   inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs.follows = "nixpkgs";
-    # };
+    };
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.nixpkgs-stable.follows = "nixpkgs";
    };
    nix-colors.url = "github:misterio77/nix-colors";
@@ -44,7 +44,6 @@
        avalon = gen.generate { host = "avalon"; };
        ci = gen.generate { host = "ci"; };
        sandbox = gen.generate { host = "sandbox"; };
        gateway = gen.generate { host = "gateway"; };
      };
      darwinConfigurations = { asgard = gen.generate { host = "asgard"; }; };
      homeConfigurations = {
--- a/generator.nix
+++ b/generator.nix
@@ -6,7 +6,6 @@
    in ({
      "nixos" = inputs.nixpkgs.lib.nixosSystem {
        system = syscfg.syscfg.system;
        specialArgs = { inherit inputs; };
        modules = [
          ./modules/shared/syscfg
          ./modules/shared/sops
@@ -29,8 +28,7 @@
                  syscfg
                  { usercfg = userConfig; }
                  inputs.nix-colors.homeManagerModule
-                  # inputs.hyprland.homeManagerModules.default
+                  inputs.hyprland.homeManagerModules.default
                  inputs.sops-nix.homeManagerModules.sops
                ];
              }) syscfg.syscfg.users);
          }
@@ -54,7 +52,7 @@
              nameValuePair userConfig.username {
                imports = [
                  inputs.nix-colors.homeManagerModule
-                  inputs.sops-nix.homeManagerModules.sops
+                  inputs.hyprland.homeManagerModules
                ];
              }) syscfg.syscfg.users);
          }
--- a/modules/home/base/default.nix
+++ b/modules/home/base/default.nix
@@ -1,6 +1,5 @@
 { lib, config, ... }: {
  #environment.sessionVariables.SOPS_AGE_KEY_FILE = keyFilePath;
  systemd.user.startServices = "sd-switch";
  programs.home-manager.enable = true;
@@ -8,14 +7,6 @@
    username = "${config.usercfg.username}";
    homeDirectory = "/home/${config.usercfg.username}";
-    stateVersion = "24.11";
+    stateVersion = "23.11";
  };
  #SOPS
  # sops.defaultSopsFile = ./sops/${config.usercfg.username}.yaml;
  # sops.age.keyFile = "/var/lib/sops-nix/age-key.txt";
  # sops.age.generateKey = true;
  # sops.secrets."github_user_key" = { };
  # sops.secrets."curse_forge_key" = { };
 }
--- a/modules/home/base/sops/sora.yaml
+++ b/modules/home/base/sops/sora.yaml
@@ -1,69 +0,0 @@
 curse_forge_key: ENC[AES256_GCM,data:PhhwPhUys/WDzXb40iFlrUcwFEJVzi49vDlm5Hpc7IUwbBiQI1Zvi6115THMvarnGESDyouPfoZP0wha,iv:x//EzR4QwdD0UxqV97yUepc39DopoqiDT21unpF9R2E=,tag:5jM1EibWo0wI+PS70+kb/Q==,type:str]
 github_user_key: ENC[AES256_GCM,data:RvBsQjWGd2qRCvBzcpMv8FIXGY/GiPd9o0x2Oq+NlbXxR2NMqNBNLw==,iv:99AcmOWFft7XQAn7YrGjZuCvz0M5wUkYeInsWwyeUFM=,tag:wkw2YQGi9j/8XtOFd8KhdQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBraWFDRFUxQ2l5OWV1OXNK
            UExEbWZkM0kzVk1rZG4yY3pBLzdMVWVJS0UwCnhlWFJ5T2lZUXJyNkg1ejQxaU1t
            L3F2RUhldTY3N2xXL0hwczNKRzNjcncKLS0tIEkycHoxcDBGNyt2V3RDY29wNGVp
            TGg5Rk05VkRsaXM1Q0NxMmtMajRORDAKqjFldiAYJKjmnkeDkwanjYvhL6645DZ5
            dVXExjqO/DG733ge8HFyKzpfpkzRymV1giUwxBdII1dd0mJ2ncINeA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1ms8f0ysv6vakxepvt69fejczs6tddexepesdv4rkgtheehj3nu4sc6290s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3UkRjblIvYStZUzQyRHA1
            ZGVXeHhrN0kyVkxZdms5U3gwVFlPMW12MVJjCjRkVURpZXBzb0tYenB4dGxKamh6
            VXVBMmo1Ujkvd2VTRExyWE5MbVJaclUKLS0tIDVhRkYzZmEzUG00Q2IwOWZUMVVt
            ODVIbytpcjN1cVMyaG1qVVdkRmtaMzQKNsvD9DpK/raDBob+IcuNk72tQDts36kJ
            QhtoLy8MvUymi49PdEWrgyf68w5XwRO/U4iINhR0qzm0glg/XcyHjA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJc3hKWkk3ckNOY2UyTVhG
            MmtLaEd0K04yaGxiOUoxMXkzOEFnYis4VkhnCktDRFM2bS8vb05OWDdwa0RwRlNO
            cmlZemtxVGZ6S0tNTDV1cmE1N0pVWnMKLS0tIE9EZllycHJpcEY2R1pwOFhOZEU3
            L01IcytDd3BPb0VOTW9DQ2lUdUVJS0kKiD+C+3mK1b/eIwCEFanFgYGLNk3JNPQ7
            i1UqzbHVxSd0q/YVwdKAcj0jA6EezGm275tgq7IVsy2sHkvRMaEDtQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAweVU3TkxFZzRnd2I2clN2
            ZTlTWmhwQkhVc1hnOXFvZVVDSWpHMVh1TGtrCkc3M1pUTnZCMHpvYXB5ZVhreGxa
            ZVY2cG5Ja2ltL3k2Q1VEalc5TTNFMXcKLS0tIGd5UWl0RGVXT211Zm51dlB6WFZ1
            STRtTVpVTCtVZ1FUNENqWFFVNTNuaVUKN6HRiZjTdENeif8dJ29urBxPXDaosjjY
            InN4Ko6YUaGfvB1DTrKIzrxOpsHS+XjisoGfT71tJwwEOoREklEO/A==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-12-23T18:05:22Z"
    mac: ENC[AES256_GCM,data:YSi2xIwz50VxUDL3QzGVUwRWUgZhvudSLCKgwIbWm8gkuAJ/V2sVRhJNVQJ1YvLO44ob5hmrgR4wSnOdAbS7FrpbLcJuoYBjVUTDjy+j6otnIDxEcYeciHhZ1pV/OiydBmJC+lZ4+SRdWdokL2HaXRKgc9QT9e/MdAbFIzI1x90=,iv:8rj8yEqHTMgoGu31RVskYizmROB/5I0ajZJ/EcmlVfE=,tag:PILFCyXY8sXYGxCEHS7qCg==,type:str]
    pgp:
        - created_at: "2023-04-20T10:20:17Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
            wcFMA6R3Y9nD7qMBAQ/8CVWQaYKfOzvPIllZyyWpUjHRLLXaR8MNJ8U5WI/tdwdN
            9UScDYJFuYRW7Q9s4Mt961kBGpaHqe9MUZBxUDlYX59+EN3FbO/eMQ5OqI05ESmL
            TvZB4+S9C5o73nuypSDNvYz+Lgq6DO25ZPhXdtPhx2DE4G31/wft/LpxhjalIjI8
            MU0Dv22R4qC+glJbe4GIF2IJ8XoxnnzjiGeSqiyv0QIBM0SzOtA5sKwNohWBnW7g
            7vxOTm5+kyzG0dDjt3tFApgPDaA1wjofzhRuuveF52VBsuIA2opFdpqkyICvK6rn
            NB5kUaPlY6A0m+n0oHSfY5wm/AnHNE4Oob/ifumAaB0EAJVUTRauI5M8SeJF0ya1
            U0IQ9N2lb7Y6q4pqHywIa6fnylsqCfxInAYKMuslRq8f9t/qakb4/MYcnPrwpzjw
            73/naiNoJmG6NVTkM52qTtOqZAmsaQd5cigTuPW2Z2CJq1yLZEVGSSd1DUGUjBDK
            nQGucpVVVpD+ifrIPz+Iqwy+5NoZZm/Oa9pKJGFzqXinnDNZaqtgpmTw9QxcSeaP
            VvGZG9CDd89MtAm1VQyuqi1bQ2faq3G0xNrLl7xUsfmjx4ofW+JXR87OzvGfLPhu
            Sjl3kS9j5/MEBRBg3n9gNkgSu5Sy3ilhckY3yjTgAT9Gw2giDhCiUXi1/7KrGprS
            UQHPCSsjyWsyuYVa3lAP/WPdVclc4WOdfYcetUCXBVP7LQr0bq+IG+2J0nnY3mDt
            Va5k4sP1qu6Ecrs2JioQ1V2H+VmcrRykBWnMXl1tDSWKMA==
            =pS8X
            -----END PGP MESSAGE-----
          fp: 4E241635F8EDD2919D2FB44CA362EA0491E2EEA0
    unencrypted_suffix: _unencrypted
    version: 3.9.2
--- a/modules/home/cli/git/default.nix
+++ b/modules/home/cli/git/default.nix
@@ -1,17 +1,15 @@
-{ config, lib, pkgs, ... }: {
+{ config, pkgs, ... }: {
  programs.git = {
    enable = true;
-    signing = lib.mkIf (config.usercfg.git.key != null) {
+    userEmail = "${config.usercfg.git.email}";
-      key = config.usercfg.git.key;
+    userName = "${config.usercfg.git.username}";
    signing = {
      key = "${config.usercfg.git.key}";
      signByDefault = true;
    };
    ignores = [ "*result*" ".direnv" "node_modules" ];
-    settings = {
+    extraConfig = { core.hooksPath = "./.dev/hooks"; };
      core.hooksPath = "./.dev/hooks"; 
      user.email = "${config.usercfg.git.email}";
      user.name = "${config.usercfg.git.username}";
    };
  };
  home.packages = with pkgs; [ tig ];
--- a/modules/home/cli/other/default.nix
+++ b/modules/home/cli/other/default.nix
@@ -12,7 +12,7 @@
    cbonsai
    pipes-rs
    cmatrix
-    #cava
+    cava
    sl
  ];
 }
--- a/modules/home/cli/zsh/default.nix
+++ b/modules/home/cli/zsh/default.nix
@@ -9,14 +9,12 @@ in {
      "sudo" = "sudo ";
      "devsh" =
        "nix develop --profile /tmp/devsh-env ${nixflake_url}#devsh -c zsh";
      "cdevsh" =
        "nix develop --profile /tmp/devsh-env -c zsh";
      "nixb" = "(sudo nixos-rebuild switch --flake ${nixflake_url})";
      "nixgc" = "sudo nix-collect-garbage -d && nix-collect-garbage -d";
      "ssh" = "TERM=xterm-256color  ${pkgs.openssh}/bin/ssh";
      "top" = "btop";
    };
-    initContent = ''
+    initExtra = ''
      sopsu() {nix-shell -p sops --run "sops updatekeys $1";}
      sopsn() {nix-shell -p sops --run "sops $1";}
    '';
--- a/modules/home/gui/apps/develop/default.nix
+++ b/modules/home/gui/apps/develop/default.nix
@@ -2,6 +2,6 @@
  imports = [ ./vscodium ];
  config = lib.mkIf (config.syscfg.make.develop) {
-    home.packages = with pkgs; [ blender godot_4 openscad-unstable orca-slicer pandoc claude-code];
+    home.packages = with pkgs; [ blender godot_4 ];
  };
 }
--- a/modules/home/gui/apps/develop/vscodium/default.nix
+++ b/modules/home/gui/apps/develop/vscodium/default.nix
@@ -4,17 +4,14 @@
    programs.vscode = {
      enable = true;
      package = pkgs.vscodium;
-      #profiles.default = {
+      extensions = with pkgs.vscode-extensions; [
-        profiles.default.extensions = with pkgs.vscode-extensions; [
+        bbenoist.nix
-          bbenoist.nix
+        esbenp.prettier-vscode
-          esbenp.prettier-vscode
+        golang.go
-          golang.go
+        ms-python.vscode-pylance
-          ms-python.vscode-pylance
+        ms-vscode.cpptools
-          ms-vscode.cpptools
+        dbaeumer.vscode-eslint
-          dbaeumer.vscode-eslint
+      ];
          continue.continue 
        ];
      #};
    };
  };
 }
--- a/modules/home/gui/apps/pipewire/default.nix
+++ b/modules/home/gui/apps/pipewire/default.nix
@@ -25,20 +25,6 @@
                }
            }
        }
        {   name = "libpipewire-module-loopback"
            args = {
                node.description = "Virtual Loopback"
                audio.position = [ FL FR ]
                capture.props = {
                    media.class = "Audio/Sink"
                    node.name = "vloopback_sink"
                }
                playback.props = {
                    media.class = "Audio/Source"
                    node.name = "vloopback_source"
                }
            }
        }
      ]
    '';
  };
--- a/modules/home/gui/base/default.nix
+++ b/modules/home/gui/base/default.nix
@@ -10,11 +10,9 @@
      xfce.tumbler
      telegram-desktop
      discord-canary
      pavucontrol
      keepassxc
      nextcloud-client
      gramps
    ];
  };
--- a/modules/home/gui/games/default.nix
+++ b/modules/home/gui/games/default.nix
@@ -1,22 +1,20 @@
-{ inputs, lib, config, pkgs, ... }: {
+{ lib, config, pkgs, ... }: {
-  imports = [ ./openttd.nix ./wow.nix ];
+  imports = [ ./openttd.nix ];
  config = lib.mkIf (config.syscfg.make.game) {
    home.packages = with pkgs; [
      # custom.simc
      #games
-      # steam
+      steam
      gamemode
-      #gamescope
+      gamescope
-      #mangohud
+      mangohud
      prismlauncher
      openttd-jgrpp
-      #bottles
+      bottles
      lutris
      unstable.umu-launcher
      # wine
    ];
  };
--- a/modules/home/gui/games/wow.nix
+++ b/modules/home/gui/games/wow.nix
@@ -1,23 +0,0 @@
 { pkgs, lib, config, sops, ... }: {
  config = lib.mkIf (config.syscfg.make.game) {
    home.packages = with pkgs;
      [
        # custom.simc
        unstable.instawow
      ];
    # templates buggy currently
    #xdg.configFile."instawow/config.json" = ''${config.sops.templates."instawow_config.json".path}'';
    sops.templates."instawow_config.json".content = ''
       {
            "auto_update_check": true,
            "access_tokens": {
              "cfcore": "${config.sops.placeholder.curse_forge_key}",
              "github": "${config.sops.placeholder.github_user_key}",
              "wago_addons": null
            }
        }'';
  };
 }
--- a/modules/home/gui/theme/gtk-theme-gen.nix
+++ b/modules/home/gui/theme/gtk-theme-gen.nix
@@ -11,8 +11,8 @@ in pkgs.stdenv.mkDerivation rec {
  src = pkgs.fetchFromGitHub {
    owner = "vinceliuice";
    repo = "Orchis-theme";
-    rev = "5b73376721cf307101e22d7031c1f4b1344d1f63";
+    rev = "be8b0aff92ed0741174b74c2ee10c74b15be0474";
-    sha256 = "sha256-+2/CsgJ+rdDpCp+r5B/zys3PtFgtnu+ohTEUOtJNd1Y=";
+    sha256 = "sha256-m7xh/1uIDh2BM0hTPA5QymXQt6yV7mM7Ivg5VaF2PvM=";
  };
  nativeBuildInputs = with pkgs; [ gtk3 sassc ];
@@ -22,43 +22,43 @@ in pkgs.stdenv.mkDerivation rec {
  preInstall = ''
    mkdir -p $out/share/themes
    cat > src/_sass/_color-palette-${scheme.slug}.scss << 'EOF'
-      $red-light: #${scheme.palette.low0F};
+      $red-light: #${scheme.palette.base0F};
-      $red-dark: #${scheme.palette.high0F};
+      $red-dark: #${scheme.palette.base0F};
-      $pink-light: #${scheme.palette.low0E};
+      $pink-light: #${scheme.palette.base0E};
-      $pink-dark: #${scheme.palette.high0E};
+      $pink-dark: #${scheme.palette.base0E};
-      $purple-light: #${scheme.palette.low0D};
+      $purple-light: #${scheme.palette.base0D};
-      $purple-dark: #${scheme.palette.high0D};
+      $purple-dark: #${scheme.palette.base0D};
-      $blue-light: #${scheme.palette.low0C};
+      $blue-light: #${scheme.palette.base0C};
-      $blue-dark: #${scheme.palette.high0C};
+      $blue-dark: #${scheme.palette.base0C};
-      $teal-light: #${scheme.palette.low0B};
+      $teal-light: #${scheme.palette.base0B};
-      $teal-dark: #${scheme.palette.high0B};
+      $teal-dark: #${scheme.palette.base0B};
-      $green-light: #${scheme.palette.low0A};
+      $green-light: #${scheme.palette.base0A};
-      $green-dark: #${scheme.palette.high0A};
+      $green-dark: #${scheme.palette.base0A};
-      $sea-light: #${scheme.palette.alt_low0B};
+      $sea-light: #${scheme.palette.base0B};
-      $sea-dark: #${scheme.palette.alt_high0B};
+      $sea-dark: #${scheme.palette.base0B};
-      $yellow-light: #${scheme.palette.low09};
+      $yellow-light: #${scheme.palette.base09};
-      $yellow-dark: #${scheme.palette.low09};
+      $yellow-dark: #${scheme.palette.base09};
-      $orange-light: #${scheme.palette.low08};
+      $orange-light: #${scheme.palette.base08};
-      $orange-dark: #${scheme.palette.high08};
+      $orange-dark: #${scheme.palette.base08};
      $grey-050: #${scheme.palette.base07};
      $grey-100: #${scheme.palette.base07};
-      $grey-150: #${scheme.palette.base06};
+      $grey-150: #${scheme.palette.base07};
      $grey-200: #${scheme.palette.base06};
-      $grey-250: #${scheme.palette.base05};
+      $grey-250: #${scheme.palette.base06};
      $grey-300: #${scheme.palette.base05};
-      $grey-350: #${scheme.palette.base04};
+      $grey-350: #${scheme.palette.base05};
      $grey-400: #${scheme.palette.base04};
-      $grey-450: #${scheme.palette.base03};
+      $grey-450: #${scheme.palette.base04};
      $grey-500: #${scheme.palette.base03};
-      $grey-550: #${scheme.palette.base02};
+      $grey-550: #${scheme.palette.base03};
      $grey-600: #${scheme.palette.base02};
      $grey-650: #${scheme.palette.base02};
      $grey-700: #${scheme.palette.base01};
--- a/modules/home/wayland/apps/eww/bar/eww.yuck
+++ b/modules/home/wayland/apps/eww/bar/eww.yuck
@@ -48,7 +48,7 @@
 (defwindow bar
-    :monitor 1
+    :monitor 0
    :geometry (geometry
      :x "0%"
      :y "0%"
--- a/modules/home/wayland/apps/eww/bar/windows/calendar.yuck
+++ b/modules/home/wayland/apps/eww/bar/windows/calendar.yuck
@@ -1,5 +1,5 @@
 (defwindow calendar
-  :monitor 1
+  :monitor 0
  :geometry (geometry
    :x "0%"
    :y "0%"
--- a/modules/home/wayland/apps/eww/bar/windows/powermenu.yuck
+++ b/modules/home/wayland/apps/eww/bar/windows/powermenu.yuck
@@ -34,7 +34,7 @@
 )
 (defwindow powermenu
-    :monitor 1
+    :monitor 0
    :stacking "overlay"
    :geometry (geometry 
                    :anchor "center"
--- a/modules/home/wayland/apps/eww/bar/windows/radio.yuck
+++ b/modules/home/wayland/apps/eww/bar/windows/radio.yuck
@@ -2,7 +2,7 @@
 (defvar radio_rev false)
 (defwindow radio
-  :monitor 1
+  :monitor 0
  :geometry (geometry
    :x "0%"
    :y "0%"
--- a/modules/home/wayland/apps/eww/bar/windows/sys.yuck
+++ b/modules/home/wayland/apps/eww/bar/windows/sys.yuck
@@ -129,7 +129,7 @@
 )
 (defwindow sys
-  :monitor 1
+  :monitor 0
  :stacking "overlay"
  :geometry (geometry
    :x "0%"
--- a/modules/home/wayland/apps/kanshi/default.nix
+++ b/modules/home/wayland/apps/kanshi/default.nix
@@ -7,52 +7,43 @@
      settings = [
        {
          profile.name = "tower_0";
-          profile.outputs = [
+          profile.outputs = [{
-            {
+            criteria = "CEX CX133 0x00000001";
-              criteria = "AOC 24E1W1 GNSKCHA086899";
+            mode = "1920x1200@59.972";
-              mode = "1920x1080@60.000";
+            position = "0,0";
-              position = "0,0";
+            scale = 1.0;
-              status = "enable";
+            status = "enable";
-              scale = 1.0;
+          }];
              adaptiveSync = true;
            }
            {
              criteria = "AOC 24E1W1 GNSKBHA080346";
              mode = "1920x1080@60.000";
              position = "1920,0";
              status = "enable";
              scale = 1.0;
              adaptiveSync = true;
            }
          ];
        }
        {
          profile.name = "tower_1";
          profile.outputs = [{
            criteria = "AOC 16G3 1DDP7HA000348";
            mode = "1920x1080@144.000";
            position = "0,0";
            status = "enable";
            scale = 1.0;
            adaptiveSync = true;
          }];
        }
        {
          profile.name = "tower_2";
          profile.outputs = [
            {
-              criteria = "AOC 24E1W1 GNSKCHA086899";
+              criteria = "AOC 16G3 1DDP7HA000348";
              mode = "1920x1080@60.000";
              position = "0,0";
              status = "enable";
              scale = 1.0;
              adaptiveSync = true;
            }
            {
              criteria = "AOC 24E1W1 GNSKBHA080346";
              mode = "1920x1080@60.000";
              position = "0,0";
              status = "enable";
              scale = 1.0;
              adaptiveSync = true;
            }
            {
              criteria = "LG UNKNOWN_TBD";
              mode = "1920x1080@144.000";
              position = "0,0";
              status = "enable";
              scale = 1.0;
              adaptiveSync = true;
            }
            {
              criteria = "CEX CX133 0x00000001";
              mode = "1920x1200@59.972";
              position = "0,1080";
              scale = 1.0;
              status = "enable";
            }
          ];
        }
        {
--- a/modules/home/wayland/apps/waylock/default.nix
+++ b/modules/home/wayland/apps/waylock/default.nix
@@ -5,8 +5,6 @@
    xdg.configFile."swaylock/config".text = ''
      screenshots
      grace-no-mouse
      grace-no-touch
      grace=5
      effect-pixelate=5
      fade-in=0.2
--- a/modules/home/wayland/base/default.nix
+++ b/modules/home/wayland/base/default.nix
@@ -17,12 +17,8 @@ in {
      dbus-hyprland-environment
      wayland
-      hyprpicker
+      grim
      hyprshot
      slurp
      satty
      swappy
      cliphist
      wl-clipboard
@@ -46,8 +42,6 @@ in {
          [ "discord-402572971681644545.desktop" ];
        "x-scheme-handler/discord-696343075731144724" =
          [ "discord-696343075731144724.desktop" ];
        "x-scheme-handler/tg" = [ "org.telegram.desktop.desktop" ];
        "x-scheme-handler/tonsite" = [ "org.telegram.desktop.desktop" ];
        "x-scheme-handler/http" = [ "firefox.desktop" ];
        "x-scheme-handler/https" = [ "firefox.desktop" ];
        "x-scheme-handler/chrome" = [ "firefox.desktop" ];
--- a/modules/home/wayland/hyprland/config.nix
+++ b/modules/home/wayland/hyprland/config.nix
@@ -6,7 +6,7 @@
      xwayland.enable = true;
      extraConfig = ''
        monitor=,preferred,auto,auto
-        env=bitdepth,10
+
        input {
            kb_layout = us, ru
            kb_variant = intl, phonetic
@@ -61,10 +61,10 @@
            fullscreen_opacity = 1.0
            # shadow
-            # drop_shadow = no
+            drop_shadow = no
-            # shadow_range = 60
+            shadow_range = 60
-            # shadow_offset = 0 5
+            shadow_offset = 0 5
-            # shadow_render_power = 4
+            shadow_render_power = 4
            #col.shadow = rgba(00000099)
        }
@@ -89,7 +89,9 @@
            new_status = master
        }
-        gesture = 3, vertical, workspace
+        gestures {
            workspace_swipe = off
        }
        exec-once = eww open bar
        #exec-once = waybar
@@ -164,7 +166,7 @@
        bind = SUPER SHIFT,D,exec, ~/.config/hypr/themes/apatheia/eww/launch_bar 
        bind = SUPER, V, exec, cliphist list | wofi -dmenu | cliphist decode | wl-copy
-        bind = , PRINT, exec, hyprshot -m region --raw | satty --filename - --early-exit --action-on-enter save-to-clipboard --copy-command 'wl-copy'
+        bind =  , Print, exec, grim -g "$(slurp -d)" - | swappy -f -
        bind = SUPER, L, exec, swaylock 
--- a/modules/home/xorg/bspwm/config.nix
+++ b/modules/home/xorg/bspwm/config.nix
@@ -110,7 +110,7 @@
      telegram-desktop &
      nextcloud &
      jellyfin-mpv-shim &
-      #flameshot &
+      flameshot &
      sleep 2
@@ -265,7 +265,7 @@
      # Screenshots
      Print
-      	hyprshot -m region
+      	flameshot gui
      # Lock Desktop
      super + l
--- a/modules/home/xorg/bspwm/default.nix
+++ b/modules/home/xorg/bspwm/default.nix
@@ -5,7 +5,7 @@
  config = lib.mkIf (config.usercfg.wm == "X11") {
    xsession.windowManager.bspwm = { enable = true; };
    services.sxhkd = { enable = true; };
-    home.packages = with pkgs; [ xrandr arandr hyprshot xtrlock i3lock ];
+    home.packages = with pkgs; [ xrandr arandr flameshot xtrlock i3lock ];
  };
 }
--- a/modules/nixos/gui/audio/default.nix
+++ b/modules/nixos/gui/audio/default.nix
@@ -3,8 +3,8 @@ let cfg = config.syscfg.make.gui;
 in {
  config = lib.mkIf cfg {
    # sound.enable = true;
    hardware.pulseaudio.enable = false;
    security.rtkit.enable = true;
    services.pulseaudio.enable = false; #25.05 change to services
    services.pipewire = {
      enable = true;
      alsa.enable = true;
--- a/modules/nixos/gui/games/default.nix
+++ b/modules/nixos/gui/games/default.nix
@@ -5,9 +5,6 @@ in {
    programs.steam = {
      enable = true;
      remotePlay.openFirewall = true;
      extraCompatPackages = with pkgs;  [proton-ge-bin];
    };
    programs.gamemode.enable = true;
  };
 }
--- a/modules/nixos/system/hw/boot/default.nix
+++ b/modules/nixos/system/hw/boot/default.nix
@@ -9,7 +9,7 @@ in {
      };
      efi = {
        canTouchEfiVariables = true;
-        efiSysMountPoint = "/boot";
+        efiSysMountPoint = "/boot/efi";
      };
    };
  };
--- a/modules/nixos/system/hw/power/default.nix
+++ b/modules/nixos/system/hw/power/default.nix
@@ -7,23 +7,8 @@
        STOP_CHARGE_THRESH_BAT0 = 90;
        CPU_SCALING_GOVERNOR_ON_AC = "performance";
        CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
        MEM_SLEEP_ON_BAT = "deep";
      };
    };
    powerManagement.enable = true;
    # suspend to RAM (deep) rather than `s2idle`
    boot.kernelParams = [ "mem_sleep_default=deep" ];
    # suspend-then-hibernate
    systemd.sleep.extraConfig = ''
      HibernateDelaySec=30m
      SuspendState=mem
    '';
    services.logind.settings.Login.HandleLidSwitch = "suspend-then-hibernate";
    # Hibernate on power button pressed
    services.logind.settings.Login.HandlePowerKey = "hibernate";
    services.logind.settings.Login.HandlePowerKeyLongPress = "poweroff";
    systemd.user.services.battery_monitor = {
      wants = [ "display-manager.service" ];
--- a/modules/nixos/system/hw/virt/default.nix
+++ b/modules/nixos/system/hw/virt/default.nix
@@ -11,10 +11,9 @@
        dockerSocket.enable = true;
        dockerCompat = true;
        defaultNetwork.settings = {
-          #dnsname.enable = true;
+          dnsname.enable = true;
-          dns_enabled = true;
+          internal = true;
-          #internal = true;
+          name = "internal";
          #name = "internal";
        };
      };
    };
--- a/modules/nixos/system/network/base/default.nix
+++ b/modules/nixos/system/network/base/default.nix
@@ -4,15 +4,6 @@
    useDHCP = true;
    nameservers = [ "1.1.1.1" "9.9.9.9" ];
-    firewall = { 
+    firewall = { enable = true; };
      enable = true;
      allowedUDPPorts = 
        (if config.syscfg.server ? wireguard then [ 1515 ] else [ ]) ++ 
        [ ];
      allowedTCPPorts = 
        (if config.syscfg.server ? web       then [ 80 443 22 ] else [ ]) ++ 
        [ ];
    };
  };
 }
--- a/modules/nixos/system/network/wireguard/default.nix
+++ b/modules/nixos/system/network/wireguard/default.nix
@@ -1,12 +1,4 @@
-{ config, lib, pkgs, ... }: let
+{ config, lib, ... }: {
  isValidPeer = p: 
    (p ? syscfg.net.wg.enable) && 
    (p.syscfg.net.wg.enable == true) && 
    (p.syscfg.net.wg.pubkey != config.syscfg.net.wg.pubkey);
  activePeers = builtins.filter isValidPeer config.syscfg.peers;
 in
 {
  config = lib.mkIf (config.syscfg.net.wg.enable) {
    networking.wireguard = {
      enable = true;
@@ -17,26 +9,14 @@ in
            config.sops.secrets."${config.syscfg.hostname}_wg_priv".path;
          listenPort = 1515;
          mtu = 1340;
-          peers = 
+          peers = [{
-            if (config.syscfg.server ? wireguard && config.syscfg.server.wireguard) then
+            allowedIPs = [ "10.10.1.0/24" "fd10:10:10::0/64" ];
-              map (p: {
+            endpoint = "vpn.helcel.net:1515";
-                name = p.syscfg.hostname;
+            publicKey = "NFBJvYXZC+bd62jhrKnM7/pugidWhgR6+C5qIiUiq3Q=";
-                publicKey = p.syscfg.net.wg.pubkey;
+            persistentKeepalive = 30;
-                allowedIPs = [ p.syscfg.net.wg.ip4 p.syscfg.net.wg.ip6 ];
+          }];
              }) activePeers
            else
              [{
                allowedIPs = [ "10.10.1.0/24" "fd10:10:10::0/64" ];
                endpoint = "vpn.helcel.net:1515";
                publicKey = "NFBJvYXZC+bd62jhrKnM7/pugidWhgR6+C5qIiUiq3Q=";
                persistentKeepalive = 30;
              }];
        };
      };
    };
    systemd.services."wireguard-wg0" = {
      after = [ "network-online.target" "nss-lookup.target" ];
      wants = [ "network-online.target" "nss-lookup.target" ];
    };
  };
 }
--- a/modules/nixos/system/nix/default.nix
+++ b/modules/nixos/system/nix/default.nix
@@ -1,4 +1,4 @@
-{ inputs, pkgs, ... }: {
+{ pkgs, ... }: {
  nixpkgs.config = {
    permittedInsecurePackages = [ ];
    allowUnfree = true;
@@ -8,9 +8,9 @@
    };
  };
-  nixpkgs.overlays = import ../../../../overlays { inherit inputs pkgs; };
+  nixpkgs.overlays = import ../../../../overlays { inherit pkgs; };
  nix = {
-    package = pkgs.nixVersions.stable;
+    package = pkgs.nixFlakes;
    extraOptions = ''
      experimental-features = nix-command flakes
      warn-dirty = false
@@ -37,5 +37,5 @@
      ];
    };
  };
-  system.stateVersion = "24.11";
+  system.stateVersion = "24.05";
 }
--- a/modules/nixos/tools/debug/default.nix
+++ b/modules/nixos/tools/debug/default.nix
@@ -2,9 +2,6 @@
  config = lib.mkIf (config.syscfg.make.develop) {
    programs.adb.enable = true;
    # services.udev.packages = [
    #   pkgs.android-udev-rules
    # ];
    programs.wireshark.enable = true;
    environment.systemPackages = with pkgs; [ wget dconf wireshark ];
--- a/modules/nixos/tools/default.nix
+++ b/modules/nixos/tools/default.nix
@@ -1,64 +1,64 @@
-{ pkgs, ... }: {
+{ pkgs,... }: { 
-  imports = [ ./debug ./develop ];
+    imports = [ ./debug ./develop ];
-  # services.telegraf = {
+    # services.telegraf = {
-  #     enable = true;
+    #     enable = true;
-  #     extraConfig = {
+    #     extraConfig = {
-  #         agent = {
+    #         agent = {
-  #             interval = "10s";
+    #             interval = "10s";
-  #             round_interval = true;
+    #             round_interval = true;
-  #             metric_batch_size = 1000;
+    #             metric_batch_size = 1000;
-  #             metric_buffer_limit = 10000;
+    #             metric_buffer_limit = 10000;
-  #             collection_jitter = "0s";
+    #             collection_jitter = "0s";
-  #             flush_interval = "10s";
+    #             flush_interval = "10s";
-  #             flush_jitter = "0s";
+    #             flush_jitter = "0s";
-  #             precision = "";
+    #             precision = "";
-  #             hostname = "valinor";
+    #             hostname = "valinor";
-  #             omit_hostname = false;
+    #             omit_hostname = false;
-  #         };
+    #         };
-  #         inputs.cpu = {
+    #         inputs.cpu = {
-  #             percpu = true;
+    #             percpu = true;
-  #             totalcpu = true;
+    #             totalcpu = true;
-  #             collect_cpu_time = false;
+    #             collect_cpu_time = false;
-  #             report_active = false;
+    #             report_active = false;
-  #         };
+    #         };
-  #         inputs.mem = {};
+    #         inputs.mem = {};
-  #         inputs.swap = {};
+    #         inputs.swap = {};
-  #         inputs.system = {};
+    #         inputs.system = {};
-  #         inputs.disk = {
+    #         inputs.disk = {
-  #             ignore_fs = ["tmpfs" "devtmpfs" "devfs"];
+    #             ignore_fs = ["tmpfs" "devtmpfs" "devfs"];
-  #         };
+    #         };
-  #         inputs.net = {};
+    #         inputs.net = {};
-  #         inputs.netstat = {};
+    #         inputs.netstat = {};
-  #         inputs.ping = {
+    #         inputs.ping = {
-  #             urls = ["8.8.8.8" "8.8.4.4"];
+    #             urls = ["8.8.8.8" "8.8.4.4"];
-  #             count = 4;
+    #             count = 4;
-  #             interval = "60s";
+    #             interval = "60s";
-  #             binary = "${pkgs.iputils.out}/bin/ping";
+    #             binary = "${pkgs.iputils.out}/bin/ping";
-  #         };
+    #         };
-  #         inputs.internet_speed = {
+    #         inputs.internet_speed = {
-  #             interval = "2m";
+    #             interval = "2m";
-  #         };
+    #         };
    #         inputs.net_response = {
    #             protocol = "tcp";
    #             address = "google.com:80";
    #             timeout = "5s";
    #             read_timeout = "5s";
    #             interval = "30s";
    #         };
-  #         inputs.net_response = {
+    #         outputs.influxdb_v2 = {
-  #             protocol = "tcp";
+    #             urls = [""];
-  #             address = "google.com:80";
+    #             token = "";
-  #             timeout = "5s";
+    #             organization = "";
-  #             read_timeout = "5s";
+    #             bucket = "";
-  #             interval = "30s";
+    #         };
-  #         };
+    #     };
-
+    # };
-  #         outputs.influxdb_v2 = {
+ }
  #             urls = [""];
  #             token = "";
  #             organization = "";
  #             bucket = "";
  #         };
  #     };
  # };
 }
--- a/modules/nixos/tools/develop/default.nix
+++ b/modules/nixos/tools/develop/default.nix
@@ -6,13 +6,10 @@ let
    includeEmulator = false;
  };
 in {
  imports = [ ./ollama ];
  config = lib.mkIf (config.syscfg.make.develop) {
-    environment.systemPackages = with pkgs;
+    environment.systemPackages = with pkgs; [
-      [
+      android-tools
-        # android-tools
+      androidStudioPackages.canary
-        unstable.androidStudioPackages.canary
+    ];
      ];
  };
 }
--- a/modules/nixos/tools/develop/ollama/default.nix
+++ b/modules/nixos/tools/develop/ollama/default.nix
@@ -1,16 +0,0 @@
 { lib, config, pkgs, ... }: 
 let 
 ollamaPkg = pkgs.ollama-rocm;
 in{
  config = lib.mkIf (config.syscfg.make.develop) {
    services.ollama = {
        enable = true;
        package = ollamaPkg;
        acceleration = "rocm"; 
        loadModels = [ "deepseek-v2:lite" "qwen2.5-coder:7b" "qwen2.5-coder:1.5b" ];
        syncModels = true;
    };
    environment.systemPackages = with pkgs; [ ollamaPkg ];
  };
 }
--- a/modules/nixos/users/default.nix
+++ b/modules/nixos/users/default.nix
@@ -22,7 +22,6 @@ in {
          "docker"
          "podman"
          "wireshark"
          "gamemode"
        ];
      }) config.syscfg.users);
  };
--- a/modules/server/containers/default.nix
+++ b/modules/server/containers/default.nix
@@ -1,40 +0,0 @@
 { config, pkgs, lib, ... }:
 let
  cfg = config.syscfg.server.containers;
  enabledConfigs = lib.filterAttrs (name: c: c.enable) cfg;
  containerSetsList = lib.mapAttrsToList (name: containerCfg:
    import (./defs + "/${name}.nix") {
      inherit config pkgs lib  containerCfg;
    }
  ) enabledConfigs;
  mergedContainers = lib.attrsets.mergeAttrsList  (lib.map(e: e.containers) containerSetsList);
  allPathConfigs = lib.flatten (lib.map (e: e.paths or []) containerSetsList);
 in
 {
  config = lib.mkIf ( enabledConfigs != {} ) {
    virtualisation.oci-containers = {
      backend = "podman";
      containers = mergedContainers;
    };
    systemd.services.podman-gc = {
      description = "Podman garbage collection";
      serviceConfig.Type = "oneshot";
      script = ''
        ${pkgs.podman}/bin/podman container prune -f
        ${pkgs.podman}/bin/podman image prune -f
      '';
      startAt = "weekly";
    };
    system.activationScripts.container-setup-dirs = {
      deps = [ "users" "groups" ];
      text = lib.concatStringsSep "\n" (map (cfg: ''
        mkdir -p "${cfg.path}"
        chown ${cfg.owner} "${cfg.path}"
        chmod ${cfg.mode} "${cfg.path}"
      '') allPathConfigs);
    };
  };
 }
--- a/modules/server/containers/defs/authentik.nix
+++ b/modules/server/containers/defs/authentik.nix
@@ -1,84 +0,0 @@
 { config, containerCfg, pkgs, lib, ... }:
 let 
 serverCfg = config.syscfg.server;
 in {
  paths = [{
    path="${serverCfg.dataPath}/authentik/media";
    owner = "1000:1000";
    mode = "0755";
  }{
    path="${serverCfg.dataPath}/authentik/templates";
    owner = "1000:1000";
    mode = "0755";
  }];
  containers = {
    auth_server = {
      image = "ghcr.io/goauthentik/server:latest";
      hostname = "auth_server";
      volumes = [
        "${serverCfg.dataPath}/authentik/media:/media"
        "${serverCfg.dataPath}/authentik/templates:/templates"
      ];
      environmentFiles = [
        config.sops.secrets."AUTHENTIK".path
      ];
      environment = {
        "AUTHENTIK_REDIS__HOST" = "host.containers.internal";
        "AUTHENTIK_POSTGRESQL__HOST" = "host.containers.internal";
        "AUTHENTIK_POSTGRESQL__USER" = "authentik_user";
        "AUTHENTIK_POSTGRESQL__NAME" = "authentik_db";
        "AUTHENTIK_EMAIL__HOST" = "${serverCfg.mailDomain}";
        "AUTHENTIK_EMAIL__PORT" = "587";
        "AUTHENTIK_EMAIL__USERNAME" = "noreply@${serverCfg.hostDomain}";
        "AUTHENTIK_EMAIL__USE_TLS" = "true";
        "AUTHENTIK_EMAIL__USE_SSL" = "false";
        "AUTHENTIK_EMAIL__TIMEOUT" = "10";
        "AUTHENTIK_EMAIL__FROM" = "sso@noreply.${serverCfg.hostDomain}";
      };
      labels = {
        "traefik.enable" = "true";
        "traefik.http.routers.sso.entrypoints" = "web-secure";
        "traefik.http.routers.sso.rule" = "Host(`sso.${serverCfg.hostDomain}`)";
        "traefik.http.routers.sso.tls" = "true";
        "traefik.http.services.sso.loadbalancer.server.port" = "${toString containerCfg.port}";
      };
      cmd = [ "server" ];
      extraOptions = [
        "--add-host=host.containers.internal:host-gateway"
        "--replace"
        "--rm"
        "--ip=${containerCfg.ip}"
      ];
      ports = [
        "9999:${toString containerCfg.port}"
      ];
    };
    auth_worker = {
      image = "ghcr.io/goauthentik/server:latest";
      hostname = "auth_worker";
      volumes = [
        "${serverCfg.dataPath}/authentik/media:/media"
        "${serverCfg.dataPath}/authentik/templates:/templates"
        "/var/run/docker.sock:/var/run/docker.sock"
      ];
      environmentFiles = [
        config.sops.secrets."AUTHENTIK".path
      ];
      environment = {
        "AUTHENTIK_REDIS__HOST" = "host.containers.internal";
        "AUTHENTIK_POSTGRESQL__HOST" = "host.containers.internal";
        "AUTHENTIK_POSTGRESQL__USER" = "authentik_user";
        "AUTHENTIK_POSTGRESQL__NAME" = "authentik_db";
      };
      extraOptions = [
        "--add-host=host.containers.internal:host-gateway"
        "--replace"
        "--rm"
      ];
      cmd = [ "worker" ];
    };
  };
 }
--- a/modules/server/database/default.nix
+++ b/modules/server/database/default.nix
@@ -1,76 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  listNames = config.syscfg.server.db;
  containerNames = lib.mapAttrsToList 
    (name: cfg: name) 
    (lib.filterAttrs (name: cfg: cfg.db or false) config.syscfg.server.containers);
  allApps = lib.unique (listNames ++ containerNames);
 in {
  config = lib.mkIf ( builtins.length allApps > 0) {
    services.postgresql = {
      enable = true;
      enableTCPIP = true; # Required to listen on network interfaces
      settings = {
        listen_addresses = lib.mkForce "*"; 
      };
      authentication = pkgs.lib.mkOverride 10 ''
         # TYPE  DATABASE        USER            ADDRESS                 METHOD
         local   all             all                                     trust
         host    all             all             127.0.0.1/32            trust
         host    all             all             ::1/128                 trust
         host    all             all             10.0.0.0/8              scram-sha-256
         host    all             all             169.254.0.0/16          scram-sha-256
      '';
      ensureDatabases = map (name: "${name}_db") allApps;
      ensureUsers = map (name: { name = "${name}_user"; }) allApps;
    };
    services.postgresqlBackup = {
      enable = true;
      location = "/var/lib/postgresql/backups";
      startAt = "*-*-* 04:00:00"; # Runs every day at 4 AM
      backupAll = true; # Backs up all databases and roles
    };
    services.redis.servers."main" = {
      enable = true;
      port = 6379;
      bind = "*";
      settings.protected-mode = "no";
    };
    systemd.services.postgresql-init = {
      description = "Custom Postgres Setup (Ownership & Passwords)";
      after = [ "postgresql.service" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        Type = "oneshot";
        User = "postgres";
        RemainAfterExit = true;
      };
      script = ''
        ${pkgs.coreutils}/bin/sleep 2
        PSQL="${pkgs.postgresql}/bin/psql"
        ${lib.concatMapStringsSep "\n" (name: ''
          $PSQL -tAc "ALTER DATABASE ${name}_db OWNER TO ${name}_user;"
          if [ -f "${config.sops.secrets."${lib.toUpper name}".path}" ]; then
            PASS=$(grep "^DB_PASSWORD=" "${config.sops.secrets."${lib.toUpper name}".path}" | cut -d'=' -f2-)
            echo $PASS
            if $PSQL -tAc "ALTER USER ${name}_user WITH PASSWORD '$PASS';" ; then
                echo "✅ Successfully set password for ${name}_user"
            else
                echo "❌ FAILED to set password for ${name}_user"
            fi
          fi
        '') allApps}
      '';
    };
  };
 }
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@@ -1,3 +1,15 @@
-{ config, pkgs, lib, ... }:{
+{ config, pkgs, lib, ... }:
-  imports = [ ./containers ./database ./nftables ./openssh ./sops ];
+let
 in {
  imports = [ ./sops ];
  environment.systemPackages = with pkgs; [ arion ];
  virtualisation.arion = {
    backend = "podman-socket";
    projects = {
      cloud.settings = import ./docker/cloud.nix { inherit config pkgs lib; };
      authentik.settings =
        import ./docker/authentik.nix { inherit config pkgs lib; };
    };
  };
 }
--- a/modules/server/docker/authentik.nix
+++ b/modules/server/docker/authentik.nix
@@ -0,0 +1,104 @@
 { config, pkgs, lib, ... }:
 let serverCfg = config.syscfg.server;
 in {
  project.name = "authentik";
  networks = {
    internal = {
      name = lib.mkForce "internal";
      internal = true;
    };
    external = {
      name = lib.mkForce "external";
      internal = false;
    };
  };
  services = {
    auth_postgresql.service = {
      image = "postgres:14-alpine";
      container_name = "auth_postgresql";
      restart = "unless-stopped";
      networks = [ "internal" ];
      volumes = [ ];
      environment = {
        POSTGRES_PASSWORD = "/run/secrets/AUTHENTIK_POSTGRESQL__PASSWORD";
        POSTGRES_USER = "authentik";
        POSTGRES_DB = "authentik";
      };
    };
    auth_redis.service = {
      image = "redis:alpine";
      container_name = "auth_redis";
      restart = "unless-stopped";
      networks = [ "internal" ];
      volumes = [ ];
      environment = { };
      labels = { "traefik.enable" = "false"; };
    };
    auth_server.service = {
      image = "ghcr.io/goauthentik/server:latest";
      container_name = "auth_server";
      restart = "unless-stopped";
      networks = [ "internal" "external" ];
      volumes = [
        "${serverCfg.dataPath}/authentik/media:/media"
        "${serverCfg.dataPath}/authentik/templates:/templates"
      ];
      environment = {
        "AUTHENTIK_REDIS__HOST" = "auth_redis";
        "AUTHENTIK_POSTGRESQL__HOST" = "auth_postgresql";
        "AUTHENTIK_POSTGRESQL__USER" = "authentik";
        "AUTHENTIK_POSTGRESQL__NAME" = "authentik";
        "AUTHENTIK_POSTGRESQL__PASSWORD" = "AUTHENTIK_DB_PASSWORD";
        "AUTHENTIK_SECRET_KEY" = "AUTHENTIK_SECRET_KEY";
        "AUTHENTIK_EMAIL__HOST" = "${serverCfg.mailDomain}";
        "AUTHENTIK_EMAIL__PORT" = "587";
        "AUTHENTIK_EMAIL__USERNAME" = "noreply@${serverCfg.hostDomain}";
        "AUTHENTIK_EMAIL__PASSWORD" = "AUTHENTIK_EMAIL_PASSWORD";
        "AUTHENTIK_EMAIL__USE_TLS" = "true";
        "AUTHENTIK_EMAIL__USE_SSL" = "false";
        "AUTHENTIK_EMAIL__TIMEOUT" = "10";
        "AUTHENTIK_EMAIL__FROM" = "sso@noreply.${serverCfg.hostDomain}";
      };
      labels = {
        "traefik.enable" = "true";
        "traefik.http.routers.sso.entrypoints" = "web-secure";
        "traefik.http.routers.sso.rule" = "Host(`sso.${serverCfg.hostDomain}`)";
        "traefik.http.routers.sso.tls" = "true";
        "traefik.http.services.sso.loadbalancer.server.port" = "9000";
        "traefik.docker.network" = "external";
      };
      command = "server";
      ports = [
        "9999:9000" # host:container
      ];
    };
    auth_worker.service = {
      image = "ghcr.io/goauthentik/server:latest";
      container_name = "auth_worker";
      restart = "unless-stopped";
      networks = [ "internal" ];
      volumes = [
        "${serverCfg.dataPath}/authentik/media:/media"
        "${serverCfg.dataPath}/authentik/templates:/templates"
        "/var/run/docker.sock:/var/run/docker.sock"
      ];
      environment = {
        "AUTHENTIK_REDIS__HOST" = "auth_redis";
        "AUTHENTIK_POSTGRESQL__HOST" = "auth_postgresql";
        "AUTHENTIK_POSTGRESQL__USER" = "authentik";
        "AUTHENTIK_POSTGRESQL__NAME" = "authentik";
        "AUTHENTIK_POSTGRESQL__PASSWORD" = "AUTHENTIK_DB_PASSWORD";
        "AUTHENTIK_SECRET_KEY" = "AUTHENTIK_SECRET_KEY";
      };
      labels = { "traefik.enable" = "false"; };
      command = "worker";
      user = "root";
    };
  };
 }
--- a/modules/server/containers/defs/cloud.nix
+++ b/modules/server/containers/defs/cloud.nix
--- a/modules/server/containers/defs/sample.nix
+++ b/modules/server/containers/defs/sample.nix
--- a/modules/server/containers/defs/traefik.nix
+++ b/modules/server/containers/defs/traefik.nix
--- a/modules/server/nftables/default.nix
+++ b/modules/server/nftables/default.nix
@@ -1,47 +0,0 @@
 { config, lib, ... }:{
  config = lib.mkIf (config.syscfg.server.nftables.enable) {
    boot.kernel.sysctl = {
      "net.ipv4.ip_forward" = 1;
      "net.ipv6.conf.all.forwarding" = 1;
    };
    networking.nftables.enable = true;
    networking.nftables.ruleset = ''
      table inet filter {
        chain input {
          type filter hook input priority filter; policy accept;
          tcp dport {5432, 6379} ip saddr { 10.0.0.0/8 169.254.0.0/16 } accept
        }
      }
      table inet nat {
        chain prerouting {
          type nat hook prerouting priority dstnat; policy accept;
          ${lib.concatMapStringsSep "\n" (rule:
            let
              srcInt = builtins.elemAt rule 0;
              dstAddr4 = builtins.elemAt rule 1;
              dstAddr6 = builtins.elemAt rule 2;
              srcPort = toString (builtins.elemAt rule 3);
              dstPort = toString (builtins.elemAt rule 4);
            in ''
                iifname "${srcInt}" tcp dport ${srcPort} counter dnat ip to ${dstAddr4}:${dstPort}
                iifname "${srcInt}" udp dport ${srcPort} counter dnat ip to ${dstAddr4}:${dstPort}
                iifname "${srcInt}" tcp dport ${srcPort} counter dnat ip6 to [${dstAddr6}]:${dstPort}
                iifname "${srcInt}" udp dport ${srcPort} counter dnat ip6 to [${dstAddr6}]:${dstPort}
            ''
          ) config.syscfg.server.nftables.ports}
        }
        chain postrouting {
          type nat hook postrouting priority srcnat; policy accept;
          oifname { ${lib.concatMapStringsSep ", " (iface: ''"${iface}"'') config.syscfg.server.nftables.ifs} } masquerade
        }
      }
    '';
  };
 }
--- a/modules/server/openssh/default.nix
+++ b/modules/server/openssh/default.nix
@@ -1,27 +0,0 @@
 { config, lib, ... }: 
 let
  allUsers = lib.concatMap (peer: if peer.syscfg ? users then peer.syscfg.users else []) config.syscfg.peers;
  groupedUsers = lib.groupBy (u: u.username) allUsers;
  allowedUsernames = map (u: u.username) config.syscfg.users;
  activeUsers = lib.filterAttrs (name: _: lib.elem name allowedUsernames) groupedUsers;
 in {
  config = lib.mkIf (config.syscfg.server.openssh) {
    services.openssh = {
        enable = true;
        ports = [ 422 ];
        banner = "";
        settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "no";
        ClientAliveInterval = 60;
        ClientAliveCountMax = 3;
        TCPKeepAlive = true;
        };
    };
    users.users = lib.mapAttrs (name: userList: {
        openssh.authorizedKeys.keys = lib.unique (
        lib.concatMap (u: if u ? pubssh then [ u.pubssh ] else []) userList
        );
    }) activeUsers;
    };
 }
--- a/modules/server/sops/default.nix
+++ b/modules/server/sops/default.nix
@@ -1,16 +1,10 @@
-{ config, lib, pkgs, ... }:
+{ config, pkgs, ... }: {
-let
+  sops.secrets.INFOMANIAK_API_KEY = { sopsFile = ./server.yaml; };
- listNames = config.syscfg.server.db;
+  sops.secrets."${config.syscfg.hostname}_ssh_pub" = {
-  containerNames = lib.mapAttrsToList (name: cfg: name) 
+    mode = "0400";
-    (lib.filterAttrs (name: cfg: cfg.db or false) config.syscfg.server.containers);
+    owner = config.users.users.${config.syscfg.defaultUser}.name;
-  allApps = lib.unique (listNames ++ containerNames);
+    group = config.users.users.${config.syscfg.defaultUser}.group;
 in{
  config = lib.mkIf (config.syscfg.server.sops) {
    sops.secrets = {
      INFOMANIAK_API_KEY = { sopsFile = ./server.yaml; };
    } // (lib.genAttrs (map (name: "${lib.toUpper name}") allApps) (name: {
      owner = "postgres";
      sopsFile = ./server.yaml;
    }));
  };
  sops.secrets."${config.syscfg.hostname}_wg_priv" = { };
  sops.secrets."${config.syscfg.hostname}_wg_pub" = { };
 }
--- a/modules/server/sops/server.yaml
+++ b/modules/server/sops/server.yaml
@@ -1,47 +1,68 @@
 INFOMANIAK_API_KEY: ENC[AES256_GCM,data:QhjQoCMxogXAPtvUbf/EWkqsFAndn73LBuTqj5essjruekynH287D/CYN/cwfcnDqZoh6Z4A9p08uUmXzqmTiralAhsCoc+Ljb/monmsruc=,iv:8rMGNc9398jnFXZm34fOht6fMNDAcDZ68B1jwoQPn2Q=,tag:ZlQnPaxkCktpwiC6HzmFVg==,type:str]
 AUTHENTIK: ENC[AES256_GCM,data:jNcqbLEMbaQ7mmn4dK4LFguecDDxrBsQZaqfQeQ+iGel6mD4jAC6rNdGC8H8NepRWmc0ZjNC6Fe4EaGllbjq/50SqlB47DtyuuCwOZFP6fiU4sD13B7t0Fg/7xMomqnRnJ+3UyVzt6PgEzzQNoPPpHxVGpR+TJnROhflcmCKi/JdAR6dspNqJEbrjp4LVk28Rp9Od6lbsOGphRb79z/DKA1QYRPuE7QU7Edzqqy09g5nKjGxIxjWNEYPt0WiD3537eBICfWm5krs8jxyf6TSiGasHSgSDyJSbnoNkPzSf9A5Jwtulu1jFgjvY/v+qhs9649USp1MzogSAfDZBNC4irge/lb5EPPIQ31EC/Dybza9dX/h6cR/KyQm5GsxBBJzm33rzC/4aCCRlcsAl5eO4JZn4MZta4yHss2UQHQ48i15OSdBwwTbTt240UbrIIje0hfOM6R+Uk3VOY/+VtBV/D+0ks2SUEKMvWgqJDhDh4FVqeR0a9dpLhOAvaWryAAETjlHljOrcF3Q3WooZbBDvLyMMtsHIeF1JDqwghI3,iv:8RdNbsnVVu4awW6yrpLGxAtM7o6uN5vgZIotmT6osW8=,tag:rNaCeG6STXINm42x1b2jcw==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4Rzc3ak4vRVZiNWxNZEN3
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZk1VY3NEZmRkS0J6dU03
-            N21rSjZqUm9XVWF5TUxNTXVybEMzNCtod0NnClNjODB6VWhzU1VHeVdlZ3hEaE5D
+            OUtETWpHL2hLN09kRytNUEhmVnA5WW9yVXlNCmZaZnQ2YUlMMmlrZ2dEZDVFMHA5
-            MW9WWWYvYmt5TmNzMzNudDhLSW12RnMKLS0tIDdjc2ZOK3QxaTFJMFdpTHFzcklr
+            OUpqOTJJbHVVREtpSFUyaDJDbXltaTgKLS0tIFY0ZkF3Ym5oeHViN3J4eW4vSVYz
-            clZnQXpPbWs5aXZJeUlxOWhJNmIrOFkKZfZ19Y4yfCJi1GrxLsv76JyBmuxW/glF
+            QkhuU0NLWElyVXpZd2ZpOHhwam04R28KFuaI35e8pB25M2dlP19gApso12ZYJ3ld
-            BCJCvmdSSOJx5JW26Y3Y3LwiIuL8yboKR+8ZAwU2fG5OQfs+2czFdQ==
+            BpMnp97ShX0I8bZRIYxSHpSrB/J+tt1V4pfGdJq7uWZM7XacPy666A==
            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1pf4auk6u2tmefuqpuc6mntr26cp4wcsmlhnn98arzxsp3753ruqsj0jqk3
+        - recipient: age1ms8f0ysv6vakxepvt69fejczs6tddexepesdv4rkgtheehj3nu4sc6290s
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1cEpsb2gvbDJ0aG5BRWNS
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuZXNjRzJsdFpTdDZhSkRB
-            WXgydFo3ZkF3SmVIU1EvaHVjb3RvK3BxVDJrCis2ME9zUEVGQURFdmJXS2lTSklk
+            eW1qSStnZHN5Tzh3bFA1azZIRk42V1RzSTJJCi9MV0k5ZXNQOWJFYnlXdnB3azBL
-            V3ZONHpTZVJqMUxOVkd5ZDlqVTRNdzgKLS0tIGwwR0k1Vll6bEdmZVZvVktzMTRN
+            NzNldkFLWlEyT01MeWlFU3RKODU4dWcKLS0tIFJXL1ZsNDgydTgxVGRMYWxyQTNT
-            S1NaTVFTL0FCdm1EQmRsUnlhclZNZlEKEgIe60qkvY8+UocjQU+WM2dTL/1y3Kqk
+            K1M0TDd1eGd1V3pOcjl1M1VrdDUvbG8KpsWlrr14MOh/8mG+rXpswPPFE3VnpKGt
-            d4RrlLP9NSozwVsPYI4ntygvMSApbT4v0YvoO7gV90lkGWEvW1YDfA==
+            03DWUII3+MMEWLJPLxkNJ9BzCm4Kl1QNHSbJ7Ex6df0b7nB6Ed6Hvw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-05-06T01:10:20Z"
+        - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
-    mac: ENC[AES256_GCM,data:O4RLfEE6z0uDRpZdL47Or+z/PTeJ+zgzXN9kJS6Nebs9Uhw0XUJUPGhAocLokiMin5sQcpxXG5Q8oc2rAkq2GDbtna4u26dtNkd2Q/vtly6DqUaIRXXt3TL5cfJwMNa76fp+ERKLwGbBG+/BFWajzYJtcE257I8t3X4UmAdqYmE=,iv:uYLh8LnGobf7t3Ur7drEiA6n3Vv0e0yhlja6Uww8jiU=,tag:ZK3OCCsiMPtKl28lrGKtqQ==,type:str]
+          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5U1VjTjlIMTdLRFQ5R1Av
            SVBLMFZtV3ppK2VXWjdYelNGTGFOZUJaMndBCjYyZ0IveXFiVDlSUEtNOXk2L3g3
            UmFIRE1GMEs2QVhUcFJkTHpCWmhhbG8KLS0tIG94NStMUnFZRTRsK2w4cDd4Rms5
            M1MwTEtJNEFDdjRLVFRseThxNGJUQ0kKKN7QX9qUojNQBknbInaXslaKsAAhEj5y
            QMXAU6TxlHMv+wZy2RQwMe/zE7RP24TypnX894iV0usTHujyxvfk3w==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUHFYMWdVczRPdEFSbFR5
            VmcxeEU4YWxwRTlDUkRkNVY0dFh5cjVUNjNnCkRSblNaS214dkdrd3JnNE5rZnR3
            S0JVeXova1h2VnB2ODY0SUYxZm45TjAKLS0tIFN1QXFyTkt3SmV0UVhGMlMxTmpN
            VW83cnd2TnQwWlVCUnpzZ29NRE1SekUKBGVCaijugxR6eSxvk19nncR9X6bmSSUq
            VoxtHBkJbz/4mcQ/SUb4Wv1Rt5875tLWygS7qKmh8jzoP7JI4E9qWQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-05-08T16:05:46Z"
    mac: ENC[AES256_GCM,data:X6AUVWJRcwH45W9NoQxI8Lp6l+5RFpgCNB6cdUZZODHDdTUMt9a6wr9YfU56C7QkdlxXdj6xCOCscJtw/WY2Y+XchWXaUVZZsoZ9xUo28aksUtHSyE9WJBHCeSqss79IW6k/GeDPiDOfz4om+udDvtdpyKbtvbw2a+K5st+62d4=,iv:REGTavU8DkalUbfO1J2+VccYnRRrOqstSFq/RU7Co5Q=,tag:2t8mwqa76kVQyeWS85zXsA==,type:str]
    pgp:
-        - created_at: "2026-05-05T23:46:27Z"
+        - created_at: "2024-05-08T15:46:52Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
-            hQIMA6R3Y9nD7qMBAQ/+JdTDmQhL1+iX7yeyGs1kt9yQeMYkJ+bQD3LqlQVh6Xea
+            hQIMA6R3Y9nD7qMBAQ//bYK5gdxv8fNvG6P4GrD27gQRQXhLGF2+hS54sqEqjeN8
-            yPIdcMBjAf1CNlkJKeJ4QK3f8rsZkxHmUFVDz7yCXctsp81hNBMZ0sauBM50OU4W
+            NZpHVbNNRR3AggOkT7QY1JO8bOhWscefH1vvBmBuODzh5Fw42t4zNPEDjWZEetxa
-            gQsDailZHgG5qCqKx91qSyVLtzVy4zcoTXy8TWLrSwztCt9qqX9LFZTKyZzNTiHW
+            rClbLEvo7Kz8UKCNb9JIeYx7cr8sPWCmg4GvV1wGjhjr+u5ovuheORnHl+qoLsqv
-            DHYSwaJdTteXY89pZjPAQ6UtIdoVWaVfvCgaSZAxr3K8IJmobvMhhk/Fgm3CoE6Y
+            P12PV7VzwC52v92GWiu9LRJqfqZra5GjUXGVXzBcZ9i6CnUDejzssWjhO/fmzKum
-            mfQd4lQhoqxrn2M/FKc30vg0yKVsiW3qlfnJCVHCxYUtQLVs3cF05lmj7CYy+0Mu
+            GbGIi9sf3RmVYsUASDgRBmVAZC3KF7RLi0L6WY0etRocAaWSAgnU1lZ04E8ZtLjk
-            7eZlfVj84hCLmd4ccOITkrOTqcBKWKQ5EpE8DGvWlLPEZt407MjaphEJ7dYhkfr/
+            DlCtIpreJ1H0Ym+5EXB94PG0KZjayxKc20YDQ+yYwwSmiCVaUCLlYX2BOoncUYFF
-            x4HrahZoeVbYX2Va0++picut+cE/NL9F/QMfqP4QhdHQhe74FlQcxpGDtcUIQep5
+            MxVgWYwn14R5jyGbh4NyiBxPGHvIUx5RCIo70pMgS6W5ALZYTcNDLF82mj1xTOTy
-            8MvbEAhUpGL4sErg6afmIapxXi3euIXcBDYPatgoAlsH7E8rUTX1Sd4VOgV89kEJ
+            bcuaa7FCuXJif457LCe5TcAa5WYDgKX8pUKzFRhWIckcGwgFCUB0Z7+L9L7F0yt/
-            pkl4OOwcaiF+brqtDiTGZf5l6AOugiYTp2Rtq9KMcGEGEmXFLcFKVjNEkZIxNxt3
+            YZd71cY0Lxlwi61CnWgZZMx2FFpHyBCEmF1A180KUtB1jSkS/AVmlM2z9I0QsR62
-            EtrXrNmOCVJm71yOn2ruD9n2EXzFULfeyOhup7eYVfynkEWYlCQNHeaqMy2q656m
+            fTFIaqimPMjUzbuTs0QjUXf8OJZo0/cwo9XeGyCBtJTg7cLdsOFouqfvXhvkdCrR
-            LWVd89AUzWLcsmY8naWpfekU9K//hLHxRLBzqfouYXJ+Ji/HOvfRj7NZBg6UtgfS
+            xCLE2Ke5jwmoPKs1t+YpwMMzB57j/rluZCgiz45w7YDXKf4gEp2ra9siFiC/y9PS
-            XgFOJg3EaLAZEyvEZKWpnWlf3gBTRK3ffaLzs+eddSgzYUutzlOYUZb7v3iEdjta
+            XgEPymUiDZY0w9S5oGr94cNc6LQId16Zgt1vWHLzgg8QZqkxLTBjUXXc7aoCISQp
-            4Ik4F1M+kOGieyVxxLHOHMrOn09+WMmFIiPpBtCIcZmtwOzXNdhbZdFWNx5qPhU=
+            AwUE62KJucVvWjB3kcgDbNvaDWWC5O48zUavmzkmmP1sqKf0gO/XG52PDG/DF3Y=
-            =wXdG
+            =cs0r
            -----END PGP MESSAGE-----
          fp: 4E241635F8EDD2919D2FB44CA362EA0491E2EEA0
    unencrypted_suffix: _unencrypted
-    version: 3.12.1
+    version: 3.8.1
--- a/modules/shared/colors/default.nix
+++ b/modules/shared/colors/default.nix
@@ -1,5 +1,5 @@
 { config, ... }: {
-  imports = [ ./sorahiro.nix ];
+  imports = [ ./sorahiro_soft.nix ];
  colorScheme.palette.border-radius = "#8";
  colorScheme.palette.border-width = "#2";
--- a/modules/shared/colors/sorahiro.nix
+++ b/modules/shared/colors/sorahiro.nix
@@ -1,67 +0,0 @@
 { nix-colors, ... }: 
 let use_pastelle = true;
 in{
  # usage:  a = "#${config.colorScheme.palette.base00}";
  colorScheme = {
    slug = "sorahiro";
    name = "sorahiro";
    author = "Soraefir @ Helcel";
    variant = "dark";
    palette = rec {
      # Format: Name, Pantone, RAL
      base00 = "#000000"; # Black / 419C / 9005
      base01 = "#060a0f"; # Rich Black / 532C / 9005
      base02 = "#212c38"; # Yankees Blue / 433C / 5011
      base03 = "#3f5268"; # Police Blue  / 432C / 5000
      base04 = "#617b9a"; # Slate Gray  / 5415C / 5014
      base05 = "#90a7c1"; # Pewter Blue / 535C / 5024
      base06 = "#c9d3df"; # Columbia Blue / 538C / 7047
      base07 = "#fcfcfc"; # Lotion / 663C / 9016
      alt00 = "#000000"; # Black / 419C / 9005
      alt01 = "#0c0906"; # Vampire Black  / 419C / 9005
      alt02 = "#312920"; # Pine Tree / 440C / 6022
      alt03 = "#5b4e3e"; # Olive Drab Camouflage / 411C / 7013
      alt04 = "#887660"; # Shadow / 404C / 7002
      alt05 = "#b8a083"; # Pale Taupe / 480C / 1019
      alt06 = "#e1cfb9"; # Desert Sand / 482C / 1015
      alt07 = "#fcfcfc"; # Lotion / 663C / 9016
      base08 = if use_pastelle then low08 else high08;
      base09 = if use_pastelle then low09 else high09;
      base0A = if use_pastelle then low0A else high0A;
      base0B = if use_pastelle then low0B else high0B;
      base0C = if use_pastelle then low0C else high0C;
      base0D = if use_pastelle then low0D else high0D;
      base0E = if use_pastelle then low0E else high0E;
      base0F = if use_pastelle then low0F else high0F;
      high08 = "#f09732"; # Deep Saffron / 804C / 1033
      high09 = "#f2d831"; # Dandelion / 114C / 1016
      high0A = "#98f12f"; # Green Lizard  / 375C / 6038
      high0B = "#34f4f0"; # Fluorescent Blue  / 3252C / 6027
      high0C = "#3193f5"; # Brilliant Azure / 2727C / 5015
      high0D = "#c156f6"; # Blue-Violet / 2592C / 4006
      high0E = "#f62ac0"; # Royal Pink / 807C / 4010
      high0F = "#f42060"; # Deep Carmine Pink / 1925C / 3018
      alt_high08 = "#f66824"; # Orange-Red / 165C / 2008
      alt_high0B = "#41f3a4"; # Eucalyptus / 3395C / 6037
      alt_high0C = "#2abef8"; # Spiro Disco Ball / 298C / 5012
      alt_high0D = "#837ff5"; # Violets Are Blue / 814C / 4005
      low08 = "#ffac56"; # Rajah  / 150C / 1017
      low09 = "#feea74"; # Shandy  / 127C / 1016
      low0A = "#bffe8a"; # Menthol  / 374C / 6018
      low0B = "#4cfefa"; # Electric Blue / 3252C / 6027
      low0C = "#62acfd"; # Blue Jeans / 279C / 5012
      low0D = "#9b9bfd"; # Maximum Blue Purple  / 2715C / 4005
      low0E = "#fe9bda"; # Lavender Rose / 223C / 4003
      low0F = "#fc8999"; # Tulip / 1775C / 3014
      alt_low08 = "#fe946a"; # Atomic Tangerine / 811C / 1034
      alt_low0B = "#87febf"; # Aquamarine / 353C / 6019
      alt_low0C = "#38c3fd"; # Picton Blue / 298C / 5012
      alt_low0D = "#dca2ff"; # Mauve / 2572C / 4005
    };
  };
 }
--- a/modules/shared/colors/sorahiro_hard.nix
+++ b/modules/shared/colors/sorahiro_hard.nix
@@ -0,0 +1,29 @@
 { nix-colors, ... }: {
  # usage:  a = "#${config.colorScheme.palette.base00}";
  colorScheme = {
    slug = "sorahiro-hard";
    name = "sorahiro-hard";
    author = "Soraefir @ Helcel";
    variant = "dark";
    palette = {
      # Format: Name, Pantone, RAL
      base00 = "#030B12"; # Rich Black / 6C / 000-15-00
      base01 = "#0C1D2E"; # Maastricht Blue / 5395C / 270-20-15
      base02 = "#203A53"; # Japanese Indigo / 534C / 260-20-20
      base03 = "#425F7C"; # Deep Space Sparkle / 7699C / 260-40-20
      base04 = "#93A9BE"; # Pewter Blue / 535C / 260-70-15
      base05 = "#B6C5D5"; # Pastel Blue / 5445C / 260-80-10
      base06 = "#D6DFE8"; # Gainsboro / 642C / 260-90-05
      base07 = "#F0F3F7"; # White / 656C / 290-92-05
      base08 = "#F59331"; # Deep Saffron / 715C / 070-70-70
      base09 = "#F5F531"; # Maximum Yellow / 394C / 100-80-80
      base0A = "#93F531"; # French Lime / 7488C / 120-70-75
      base0B = "#31F593"; # Eucalyptus / 3385C / 160-70-50
      base0C = "#3193F5"; # Brilliant Azure / 2727C / 280-50-40
      baseOD = "#9331F5"; # Blue-Violet / 7442C / 300-40-45
      base0E = "#F53193"; # Royal Pink / 232C / 350-50-50
      base0F = "#F53131"; # Deep Carmine Pink / 1788C / 040-50-70
    };
  };
 }
--- a/modules/shared/colors/sorahiro_soft.nix
+++ b/modules/shared/colors/sorahiro_soft.nix
@@ -0,0 +1,29 @@
 { nix-colors, ... }: {
  # usage:  a = "#${config.colorScheme.palette.base00}";
  colorScheme = {
    slug = "sorahiro-soft";
    name = "sorahiro-soft";
    author = "Soraefir @ Helcel";
    variant = "dark";
    palette = {
      # Format: Name, Pantone, RAL
      base00 = "#030B12"; # Rich Black / 6C / 000-15-00
      base01 = "#0C1D2E"; # Maastricht Blue / 5395C / 270-20-15
      base02 = "#203A53"; # Japanese Indigo / 534C / 260-20-20
      base03 = "#425F7C"; # Deep Space Sparkle / 7699C / 260-40-20
      base04 = "#93A9BE"; # Pewter Blue / 535C / 260-70-15
      base05 = "#B6C5D5"; # Pastel Blue / 5445C / 260-80-10
      base06 = "#D6DFE8"; # Gainsboro / 642C / 260-90-05
      base07 = "#F0F3F7"; # White / 656C / 290-92-05
      base08 = "#F5B97D"; # Mellow Apricot / 156C / 070-80-40
      base09 = "#F5F57D"; # Sunny / 393C / 100-90-50
      base0A = "#B9F57D"; # Yellow-Green / 373C / 120-80-60
      base0B = "#7DF5B9"; # Aquamarine / 3375C / 150-80-40
      base0C = "#7DB9F5"; # Light Azure / 278C / 250-70-30
      base0D = "#B97DF5"; # Lavender / 2572C / 310-60-35
      base0E = "#F57DB9"; # Persian Pink / 211C / 350-60-45
      base0F = "#F57D7D"; # Light Coral / 170C / 030-60-50
    };
  };
 }
--- a/modules/shared/sops/common.yaml
+++ b/modules/shared/sops/common.yaml
--- a/modules/shared/sops/default.nix
+++ b/modules/shared/sops/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, pkgs, ... }:
 let
  isCI = builtins.elem config.syscfg.hostname [ "ci" "sandbox" ];
  keyFilePath = (if isCI then
@@ -14,15 +14,19 @@ in {
  sops.age.keyFile = keyFilePath;
  sops.age.generateKey = true;
-  sops.secrets = lib.mkMerge [
+  sops.secrets.wifi = { };
-  {
+
-    wifi = { };
+  sops.secrets."${config.syscfg.hostname}_ssh_priv" = {
-    "${config.syscfg.hostname}_ssh_priv" = {
+    mode = "0400";
-      mode = "0400";
+    owner = config.users.users.${config.syscfg.defaultUser}.name;
-      owner = config.users.users.${config.syscfg.defaultUser}.name;
+    group = config.users.users.${config.syscfg.defaultUser}.group;
-      group = config.users.users.${config.syscfg.defaultUser}.group;
+  };
-    };
+  sops.secrets."${config.syscfg.hostname}_ssh_pub" = {
-    "${config.syscfg.hostname}_wg_priv" = { };
+    mode = "0400";
-  }
+    owner = config.users.users.${config.syscfg.defaultUser}.name;
-];
+    group = config.users.users.${config.syscfg.defaultUser}.group;
  };
  sops.secrets."${config.syscfg.hostname}_wg_priv" = { };
  sops.secrets."${config.syscfg.hostname}_wg_pub" = { };
 }
--- a/modules/shared/sops/mock.yaml
+++ b/modules/shared/sops/mock.yaml
@@ -1,34 +1,30 @@
-ci_ssh_priv: ENC[AES256_GCM,data:OuWZVS+ul8ERoQHEH8Gq6GdHWY5E3spR0uRu7akTVHrr6vYPWZHdV/8fjqKvfHd+dAeymWXe2Li7NXfXQM+y4OH36r1z9DLstwD4ufUmoHZ/MIO6qlsugzYhMw==,iv:NbLyzilDIH5cT3SC0SLaOn0alxXSIyZ/4Tr1zSBjIjI=,tag:uOzoai0Rq6UthSkWHhw8Hg==,type:str]
+ci_ssh_priv: ENC[AES256_GCM,data:3Fd7HtFzD+0Pm0qnmaNeivSrEJnH6A3CzLrSyYD4J1rpdHCYdFB2hbZAB5HF3yeCMlyqnApGHxi+9jN8FI54SzwqJQAgSZvKrkBhrs4JIQxPU0ZhOQHvneWYnA==,iv:NbLyzilDIH5cT3SC0SLaOn0alxXSIyZ/4Tr1zSBjIjI=,tag:xGfI8QRlkj4OZDVuV21Kcg==,type:str]
-ci_ssh_pub: ENC[AES256_GCM,data:Lu2Ec+HylJzt/IMu1b8AKgGsjpZT7X628pjOYQ==,iv:VZOA/Q9zmbMnf9DsXN90er+tSnJ+syg3QabDuDal92Q=,tag:lef6MRtvgyntMrxphatqmg==,type:str]
+ci_ssh_pub: ENC[AES256_GCM,data:6BVY3GS9lMLR/dYNxyldcBJe1DrjG/yHjqfCIw==,iv:VZOA/Q9zmbMnf9DsXN90er+tSnJ+syg3QabDuDal92Q=,tag:+xwHADgq22cV5ai9xd6ceQ==,type:str]
-ci_wg_priv: ENC[AES256_GCM,data:IoCn7jrahiJBhKxPuGyexg==,iv:uHbrAq/mSQ6TtMqGhJez3d13u9ZK1S92w49ntXvbA3g=,tag:QrZghdiQbmC9pcjKtIuKug==,type:str]
+ci_wg_priv: ENC[AES256_GCM,data:uA4eiEhQbbhLkrTyhRX4Tg==,iv:uHbrAq/mSQ6TtMqGhJez3d13u9ZK1S92w49ntXvbA3g=,tag:KwjiYrnuQxrydVKKV4xN4A==,type:str]
-ci_wg_pub: ENC[AES256_GCM,data:FB+DBkwDizA3C/s1TCkn,iv:GD3xmJEyD9yZaV72GubGCBi8BW74zmSr2hOl123g0mM=,tag:v189CtpJV7OX0sB9OJaWLA==,type:str]
+ci_wg_pub: ENC[AES256_GCM,data:MBIdTEkyJBvbTtYrQYS8,iv:GD3xmJEyD9yZaV72GubGCBi8BW74zmSr2hOl123g0mM=,tag:ekUniuYPCSxwlmB1yUbo4w==,type:str]
-sandbox_ssh_priv: ENC[AES256_GCM,data:Wj/M/0VEfY7Ruix7nwi09obpX+w6G+gfGK4ZFTKkbpEEM2JyFnRHhWYQiBvBQOXahTGQ+zAnibCNcHSTCBa66XjMhtY865Hs6FovVCfgx0awTZcns26w5vqJdg==,iv:2NbVjpKTyyiY4rtC/A6s2nABo5p0VAWtzC6b6TrHkvI=,tag:CVi4i9MNi/cU64cn9s0DRA==,type:str]
+sandbox_ssh_priv: ENC[AES256_GCM,data:OG5ZsSQFEbUKLXtHF9MAHWYwnxBM0EyVyj54sPs9XEsFaRXq3WDa+ANnpVqBLtw6cPodLQHyJ5tY/Hr1rdINNGyLPEz/Zm3K7vz6iXUeThAKDhYaCH4vccFFtQ==,iv:2NbVjpKTyyiY4rtC/A6s2nABo5p0VAWtzC6b6TrHkvI=,tag:sO+SUMws8HncC9dmeiJPSg==,type:str]
-sandbox_ssh_pub: ENC[AES256_GCM,data:xbcGusta4qBO0hfmks+VCpN8N4dd/qGkGNREACVKxuSF,iv:/QMFyKaa3nOq1GrLNydq+Q8kS52fK6wsB3MioZN/qVM=,tag:WTZ2wlfBMmANw6EEWl5jew==,type:str]
+sandbox_ssh_pub: ENC[AES256_GCM,data:6bwJAmLuN0dhC8OiBW8qL2Ejt70a2ar02YTAqimnhcez,iv:/QMFyKaa3nOq1GrLNydq+Q8kS52fK6wsB3MioZN/qVM=,tag:XxcTX/REbHl5MKtRecjM2g==,type:str]
-sandbox_wg_priv: ENC[AES256_GCM,data:4trdnPhgjlUChATnNx9o3Q==,iv:3efDzVFVCqv6yCNgBEXfQ19oh2bZLPO8my33uBgviW0=,tag:Io1obSodHW/RWWIg8VS8Zg==,type:str]
+sandbox_wg_priv: ENC[AES256_GCM,data:8d+WCtyGoEH3/4q1DZImUw==,iv:3efDzVFVCqv6yCNgBEXfQ19oh2bZLPO8my33uBgviW0=,tag:+WNPB7b6tVTzDlSVziDO2w==,type:str]
-sandbox_wg_pub: ENC[AES256_GCM,data:7L4SJdDMi5DZHpLfR6cs,iv:UULKRJvU0lktwmKGcIP/sRAZb0j2e0iL40o3DkSv/+U=,tag:irsolwnnfOjhYfiyanjxjw==,type:str]
+sandbox_wg_pub: ENC[AES256_GCM,data:rpxkijFKzyKx3uhEa/+j,iv:UULKRJvU0lktwmKGcIP/sRAZb0j2e0iL40o3DkSv/+U=,tag:OWHbfFPbTY6l3Bu/og78Bg==,type:str]
-PGP_KEY: ENC[AES256_GCM,data:lwwHWksY+ea8D3z9,iv:/tOEukP7LiNhhdSw870vPeUGhN2lse2v1pZ5fJQglc0=,tag:225sf9GjXc8/NZgcXJIxZA==,type:str]
+PGP_KEY: ENC[AES256_GCM,data:IVhL/l0JSPcefX1z,iv:/tOEukP7LiNhhdSw870vPeUGhN2lse2v1pZ5fJQglc0=,tag:++NUJeRhsDE9eRsbKu8Ldw==,type:str]
-wifi: ENC[AES256_GCM,data:Z+pbGAekk26GD3zg4TXVacP4Nrh93HPEMNcT0I1YaA==,iv:oiWZvnKvWmF/6cRZpCLsuf1uPJig6toNla5uT3t2kyM=,tag:iS3sq8JZsNUby9pSxYPw5g==,type:str]
+wifi: ENC[AES256_GCM,data:SV3yNB/0dBqggh0kOKU98Nodd0VS4K8kTqg7aLyeAg==,iv:w4nspNxswHl2CZ7diPUzupzotfjskzp91NIq4f0v0UM=,tag:7nUHijRlEgyliWn2ZuZo/Q==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age13qv9dn9806paqgpjwmmkwtdzvv4qpv0ulksq0epnn8ufaxeug5zskyas3z
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEbHNVZjRzQi9ram1xNHk3
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZd0c5ZjZCb0Z6ZXlKaFph
-            d3pTTStiMjBLZHgwL0cvUGRwRFFzWi9HS2dvCkQ0ZU5UK1owS0N5MHhxOXV1cGVy
+            S25LcnFaM3NueUdxOEkwQWRVYjZwNEx1TnpVCkJ1RnJsV2IwNWd5RVJBU2pOUnRa
-            RnFQbGlhVy9tSVZKYXBqbzZjZU9nd3cKLS0tIDdXdm1qVTYvdS9sQ0Z0aExpTzB1
+            UEcrdDVHUnZ3Zng4UVNWZjNhSzRmRGcKLS0tIEpMMGJCZmkrcnFwWjM4ZVF6VmJN
-            WkNsWVpqaHRSWkl6YXVrN0NoemhiS1EKoDRocdztTLQ5LMwHdlszTFHy+rm+y4RE
+            aFplU05pYXpPQWZRY202bVhFd3pHdHcKfauUQhzuUwpoaSlky+PlsOTrVQjyCSxi
-            f97a6Z2J87ZfObRbaap5adVD7qk/tTYHGshT/8G1JxjctsxRgdfsmA==
+            NYlJ7ScbxzJsqTqJbZnD+lbSdWK2XVKXy1Vn4hR0C0WF7g2Y7CU7tg==
            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1pf4auk6u2tmefuqpuc6mntr26cp4wcsmlhnn98arzxsp3753ruqsj0jqk3
+    lastmodified: "2024-04-14T21:03:55Z"
-          enc: |
+    mac: ENC[AES256_GCM,data:W9kM3AaHcZcqVtT4qRpMRYKgmA9pBikAPhdKiPR/Y+0MSjY4c9LPeTBeS1vZzUaTgRHmNh/ns6I9SBO36Hio5qI6m/pjNdr9GfFbBpbnY+5mer6YTitq47TVySC9v+BRkES4A34h1Ky5yvJSDlz2kJfO/WVWllaQd0dxq8rgAU8=,iv:cRxgGKhD6KqXKpK4E12lWIIj99hBFSmGzSIv9LmYEyg=,tag:QXcswnB7GavGrBy1dFpQlQ==,type:str]
-            -----BEGIN AGE ENCRYPTED FILE-----
+    pgp: []
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNSHBpZGg0TlVtMFhjY2Ry
            NzUrd1pPZFZNdFdLSUxrUUROaVNCTzdGR0hrCkVGUmpGemtFSDErRDArS0Y0WGZu
            YkYzL2NGMTlnNW1NdStHOGpRN3A1VXcKLS0tIGs0MDIxTmpzSGtRWHZESFhNWXlS
            Y3N0a2VPUHdoRlpUZ3BPVXROdDRHekEK2YN9ZgCaBPt/8kAkZNgsHp61SYqiFFXX
            2lF0R1GNmYWm6T0YVCp/2ZN3z4GC+monctg1zoo5QsHfhIOpqIVoTA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-09-06T13:37:03Z"
    mac: ENC[AES256_GCM,data:uI9yG3/jGNGn6yoN9W+9K/AUeSowe4Mb9vhh38pwkuKab9zXTFidCWyh1e0TEOsIHrhfK2GPc2fHwc309/la+CoiNxAIYtC4xmoCYxSGrDgbsZEONrusy9AEKpRCO8CqLYyLYaAG9sLqFyIz3GyEnS/j98V3LeemhFtS17J1VHI=,iv:x/7caaKnggoyEaCx5sf+zzSE+3d7atv+o9B1O3QX0Uc=,tag:Tzfs+ACx+4A6kxAZtVQ3KQ==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.8.1
--- a/modules/shared/syscfg/default.nix
+++ b/modules/shared/syscfg/default.nix
@@ -1,21 +1,15 @@
 { inputs, lib, ... }:
 let
  systemsDir = ../../../systems;
  systemNames = lib.attrNames (lib.filterAttrs 
    (name: type: type == "directory" && builtins.pathExists (systemsDir + "/${name}/cfg.nix")) 
    (builtins.readDir systemsDir));
  userOpt = with lib; {
    username = mkOption { type = types.str; };
    pubssh = mkOption { type = types.str; default=""; };
    wm = mkOption {
      type = types.enum [ "Wayland" "X11" "-" ];
      default = "-";
    };
    git = {
-      username = mkOption { type = types.str; default = "Anonymous";};
+      username = mkOption { type = types.str; };
-      email = mkOption { type = types.str; default = "anonymous@domain"; };
+      email = mkOption { type = types.str; };
-      key = mkOption { type = types.nullOr types.str; default=null; };
+      key = mkOption { type = types.str; };
    };
  };
  netOpt = with lib; {
@@ -48,10 +42,6 @@ let
        type = types.str;
        default = "";
      };
      pubkey = mkOption {
        type = types.str;
        default = "";
      };
    };
  };
  makeOpt = with lib; {
@@ -65,7 +55,7 @@ let
    };
    virt = mkOption {
      type = types.bool;
-      default = false;
+      default = true;
    };
    power = mkOption {
      type = types.bool;
@@ -94,6 +84,7 @@ let
      type = types.str;
      default = "3306";
    };
    configPath = mkOption {
      type = types.str;
      default = "/media/config";
@@ -102,59 +93,6 @@ let
      type = types.str;
      default = "/media/data";
    };
    containers  = mkOption {
      type = types.attrsOf (types.submodule {
        options = {
          enable = mkOption { type = types.bool;default = false; };
          db = mkOption { type = types.bool;default = false; };
          ip = mkOption { type = types.str; };
          port = mkOption { type = types.port; };
          extraParam = mkOption { type = types.str; default = ""; };
        };
      });
      default = {};
    };
    sops = mkOption {
      type = types.bool;
      default = false;
    };
    openssh = mkOption {
      type = types.bool;
      default = false;
    };
    wireguard = mkOption {
      type = types.bool;
      default = false;
    };
    web = mkOption {
      type = types.bool;
      default = false;
    };
    nftables = {
      enable = mkOption {
        type = types.bool;
        default = false;
      };
      ifs = mkOption {
        type = types.listOf types.str;
        default = [ ];
      };
      ports = mkOption {
        type = types.listOf (types.listOf (types.oneOf [ types.str types.int ]));
        default = [];
        description = "Forwarding rules: [ [srcInterface dstAddr srcPort dstPort] ... ]";
        example = [
          [ "ens3" "10.10.1.2" "IPV6" 22 2222 ]
          [ "ens3" "10.10.1.2" "IPV6" 80 80 ]
          [ "ens3" "10.10.1.2" "IPV6" 443 443 ]
        ];
      };
    };
    db = mkOption {
      type = types.listOf (types.str);
      default = [ ];
    };
  };
 in with lib; {
@@ -176,15 +114,12 @@ in with lib; {
      type = types.listOf (types.submodule { options = userOpt; });
      default = [ ];
    };
    peers = mkOption {
      default = map (name: import (systemsDir + "/${name}/cfg.nix")) systemNames;
    };
    server = mkOption {
      type = types.oneOf [
-        types.bool
+        (types.attrs)
        (types.submodule { options = serverOpt; })
      ];
-      default = false;
+      default = { };
    };
  };
 }
--- a/overlays/bambu-studio/default.nix
+++ b/overlays/bambu-studio/default.nix
@@ -1,10 +0,0 @@
 { final, prev, ... }:
 prev.bambu-studio.overrideAttrs (oldAttrs: rec{
    version = "02.00.01.50";
    src = prev.fetchFromGitHub {
        owner = "bambulab";
        repo = "BambuStudio";
        rev = "v${version}";
        hash = "sha256-7mkrPl2CQSfc1lRjl1ilwxdYcK5iRU//QGKmdCicK30=";
    };
 })
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -1,16 +1,8 @@
-{ inputs, pkgs, ... }:
+{ pkgs, ... }:
 [
  (final: prev: {
-    #openttd-jgrpp = import ./openttd-jgrpp { inherit final prev; };
+    openttd-jgrpp = import ./openttd-jgrpp { inherit final prev; };
-    #yarn-berry = import ./yarn-berry { inherit final prev; };
+    yarn-berry = import ./yarn-berry { inherit final prev; };
-    #eww = import ./eww { inherit final prev; };
+    eww = import ./eww { inherit final prev; };
    #bambu-studio = import ./bambu-studio { inherit final prev; };
    wine = final.unstable.wineWow64Packages.unstableFull;
    unstable = import inputs.nixUnstable {
      system = final.stdenv.hostPlatform.system;
      stdenv.hostPlatform.system = final.stdenv.hostPlatform.system;
      config.allowUnfree = true;
    };
  })
 ]
--- a/overlays/eww/default.nix
+++ b/overlays/eww/default.nix
@@ -2,16 +2,16 @@
 let old = prev.eww;
 in final.rustPlatform.buildRustPackage rec {
  pname = "eww";
-  version = "98c220126d912b935987766f56650b55f3e226eb";
+  version = "8661abf2bf07f5a809fc995233d93810cc1ac871";
  src = prev.fetchFromGitHub {
    owner = "elkowar";
    repo = "eww";
    rev = "${version}";
-    hash = "sha256-zi+5G05aakh8GBdfHL1qcNo/15VEm5mXtHGgKMAyp1U=";
+    hash = "sha256-q82u3/pcP5T++TMdDmaeDKYuCyky1Bo5BjHY1/NVHbY=";
  };
-  cargoHash = "sha256-SEdr9nW5nBm1g6fjC5fZhqPbHQ7H6Kk0RL1V6OEQRdA=";
+  cargoHash = "sha256-wKTaskKRyPfzKSLxhfyn6DybmUVFMHV5MrixKUBhno4=";
  nativeBuildInputs = old.nativeBuildInputs;
  buildInputs = old.buildInputs ++ [ final.libdbusmenu-gtk3 ];
--- a/overlays/openttd-jgrpp/default.nix
+++ b/overlays/openttd-jgrpp/default.nix
@@ -1,10 +1,10 @@
 { final, prev, ... }:
 prev.openttd-jgrpp.overrideAttrs (old: rec {
-  version = "0.65.3";
+  version = "0.55.3";
  src = prev.fetchFromGitHub rec {
    owner = "JGRennison";
    repo = "OpenTTD-patches";
    rev = "jgrpp-${version}";
-    hash = "sha256-lmDkYrk7qjUSTtCQQCN/pbuLDt3+2RI1K8A1H1GJRjw=";
+    hash = "sha256-E1+pXpXNHOu9nPTGSY8baVaKf1Um6IGDjpi1MmENez8=";
  };
 })
--- a/shells/default.nix
+++ b/shells/default.nix
@@ -4,7 +4,7 @@ let
    inputs.nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
 in forEachSystem (system:
  let
-    overlays = import ../overlays { inherit inputs pkgs; };
+    overlays = import ../overlays { inherit pkgs; };
    overrides = { custom = import ../pkgs { inherit pkgs; }; };
    pkgs = import inputs.nixpkgs { inherit system overlays; } // overrides;
  in {
--- a/shells/devsh/default.nix
+++ b/shells/devsh/default.nix
@@ -16,10 +16,12 @@ pkgs.mkShell {
    yarn-berry
    crystal
    shards
-    (with python313Packages; [ pip pandas numpy matplotlib typer pillow reportlab python-barcode pypdf markdown requests ])
+    python311Full
    virtualenv
    (with python311Packages; [ pip ])
    pipenv
    scala
    sbt
    cargo
    #LIBS
    openssl
--- a/systems/asguard/cfg.nix
+++ b/systems/asguard/cfg.nix
@@ -1,6 +1,6 @@
 {
  syscfg = {
-    hostname = "asgard";
+    hostname = "asguard";
    defaultUser = "sora";
    type = "macos";
    system = "x86_64-darwin";
--- a/systems/avalon/cfg.nix
+++ b/systems/avalon/cfg.nix
@@ -23,16 +23,21 @@
      }
    ];
    make = {
      gui = false;
      cli = true;
      virt = true;
      power = false;
      game = false;
      develop = false;
    };
-    net = {
+    wlp = {
-      wg = {
+      enable = false;
-        enable = true;
+      nif = "";
-        ip4 = "10.10.1.2/32";
+    };
-        ip6 = "fd10:10:10::2/128";
+    wg = {
-        pubkey = "QlvpTiK6s/lIha9vKmo+teSy2Nw52qWLYatYjxVan3U=";
+      enable = true;
-      };
+      ip4 = "10.10.1.2/32";
      ip6 = "fd10:10:10::2/128";
    };
  };
 }
--- a/systems/avalon/server/docker/secrets.txt
+++ b/systems/avalon/server/docker/secrets.txt
@@ -1,14 +0,0 @@
 AUTHENTIK_DB_PASSWORD=NTQRO0rhPCd4L3HLNK4AT09Npz+ks1jyRC6AOyo5u+k=
 AUTHENTIK_SECRET_KEY=9Zw8Sy8257iJmRdBhUKGiq3d7uYAkhC9smuDUClE8aR1iPdpHHds+K2D1Zy3lwj2Hjnasu5jnopkhwnABWDu8A==
 AUTHENTIK_EMAIL_PASSWORD=w+g:cPU+e.<q,f<mj3DFPxXxo4h2SVS9.;,T<!Sra>y!mNcAsiAp4jPCLTmjte2d
 ETHERPAD_DB_PASSWORD=d43352c3906516bf4c34d63316509cb4b1621167af84c81b60689779a62b2348
 ETHERPAD_ADMIN_PASSWORD=Hackme55#
 COLLABORA_USER=...
 COLLABORA_PASSWORD=...
--- a/systems/ci/cfg.nix
+++ b/systems/ci/cfg.nix
@@ -21,5 +21,16 @@
      game = true;
      develop = true;
    };
    net = {
      wlp = {
        enable = false;
        nif = "NA";
      };
      wg = {
        enable = false;
        ip4 = "";
        ip6 = "";
      };
    };
  };
 }
--- a/systems/ci/hardware.nix
+++ b/systems/ci/hardware.nix
@@ -8,7 +8,7 @@
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "v4l2loopback" ];
  boot.extraModulePackages = with config.boot.kernelPackages;
-    [ v4l2loopback ];
+    [ v4l2loopback.out ];
  fileSystems."/" = {
    device = "NA";
--- a/systems/gateway/cfg.nix
+++ b/systems/gateway/cfg.nix
@@ -1,44 +0,0 @@
 {
  syscfg = {
    hostname = "gateway";
    type = "nixos";
    system = "x86_64-linux";
    defaultUser = "sora";
    users = [{
      username = "sora";
      pubssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrrUB0KBjeAKPVG2Bdcm4mI9AMab7y97SOCdEHGogYv sora@gateway";
      wm = "-";
      git = {
        email = "soraefir+git@helcel";
        username = "soraefir";
        key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0";
      };
    }];
    make = {
      cli = true;
    };
    net = {
      wg = {
        enable = true;
        ip4 = "10.10.1.1/32";
        ip6 = "fd10:10:10::1/128";
        pubkey = "NFBJvYXZC+bd62jhrKnM7/pugidWhgR6+C5qIiUiq3Q=";
      };
    };
    server = {
      openssh = true;
      wireguard = true;
      web = true;
      nftables = {
        enable = true;
        ifs = ["ens3" "wg0" ];
        ports = [
                [ "ens3" "10.10.1.2" "fd10:10:10::2" 22 2222 ]      # SSH/GIT
                [ "ens3" "10.10.1.2" "fd10:10:10::2" 80 80 ]        # HTTP
                [ "ens3" "10.10.1.2" "fd10:10:10::2" 443 443 ]      # HTTPS
                [ "ens3" "10.10.1.2" "fd10:10:10::2" 3979 3979 ]    # OTTD
        ];
      };
    };
  };
 }
--- a/systems/gateway/default.nix
+++ b/systems/gateway/default.nix
@@ -1,20 +0,0 @@
 { config, lib, inputs, ... }: {
  imports = [ ./hardware.nix ../../modules/server ];
  system.autoUpgrade = {
    enable = true;
    flake = "git+https://git.helcel.net/sora/nixconfig"; 
    flags = [
      "--no-write-lock-file"
    ];
    dates = "04:00";
    randomizedDelaySec = "30min";
    allowReboot = false;
  };
  networking.extraHosts = ''
    10.10.1.2     git.helcel.net
    10.10.1.2     avalon.helcel.net
  '';
 }
--- a/systems/gateway/hardware.nix
+++ b/systems/gateway/hardware.nix
@@ -1,27 +0,0 @@
 { config, lib, pkgs, modulesPath, ... }: {
  imports = [ (modulesPath + "/profiles/qemu-guest.nix" ) ];
  boot.kernelPackages = pkgs.linuxPackages_latest;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  boot.loader.systemd-boot.enable = lib.mkForce false;
  boot.loader.grub = {
    enable = true;
    device = "/dev/sda";
    efiSupport = true;
  };
  boot.initrd.availableKernelModules =
    [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
  boot.initrd.kernelModules = [ "nvme" ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/25df457a-21d0-41ab-9de5-88ffc00e3469";
    fsType = "btrfs";
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/F24E-74FA";
    fsType = "vfat";
    options = [ "defaults" ];
  };
 }
--- a/systems/iriy/cfg.nix
+++ b/systems/iriy/cfg.nix
@@ -6,7 +6,6 @@
    defaultUser = "sora";
    users = [{
      username = "sora";
      pubssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGtotfQkclilrhEOzY3QUpOwYF+eOjHvqN6Of3NVg4x8NQLjx/X/gxC+GAllQxy9Zkz/N5wY0Fa4/6HoGheCRvWaN/nofz95VgtX8a1A/flrT8CGdBfRqXlcd4OEXhpFcbEm9VRXmxSKnsD4zySZr/151S+1PlQr8pJ1yyzxsIQx+RNo9P4gzpoJgkfZ3JIqLWb6B4aXallAg9Ha1WX0lx24voWNgg9AQt6/lccfmeoWAzBGUNq5a/mH59O+UCIM2y19ksEweY6URHpk6Ss597zp+0j2NYg8MS4rToYUb0Y7giNNBdKAzqNd+Wp6gjqBthuDIOfsXM082O5IarPKPJNVbx/Xpf3m1hYtxfL+LhEkdoE94iue601WqTltC0btS63LeZuoAZYji/GG/D8U7V77Lh3MV5/hJm5sK6wM6r7fCoenehgiy49z00NqtgM33rWNrpL9eXNKb//5Lxe7U58jPyteWpsL8+fJFcs/2uh4D5zN3d/I+yLZ1OMgUN6LM= sora@iriy";
      wm = "Wayland";
      git = {
        email = "soraefir+git@helcel";
@@ -18,6 +17,7 @@
      gui = true;
      cli = true;
      virt = true;
      power = false;
      game = true;
      develop = true;
    };
@@ -31,7 +31,6 @@
        enable = true;
        ip4 = "10.10.1.7/32";
        ip6 = "fd10:10:10::7/128";
        pubkey = "6d1bINFmH12ACAJLDOwfFIZgmNHV/FGGk0YJyDP50HQ=";
      };
    };
  };
--- a/systems/iriy/hardware.nix
+++ b/systems/iriy/hardware.nix
@@ -7,10 +7,7 @@
  boot.kernelModules = [ "v4l2loopback" "kvm-amd" ];
  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.extraModulePackages = with config.boot.kernelPackages;
-    [ v4l2loopback ];
+    [ v4l2loopback.out ];
  boot.extraModprobeConfig = ''
    options v4l2loopback devices=1 video_nr=1 card_label="VCam" exclusive_caps=1
  '';
  boot.loader.systemd-boot.extraEntries = {
    "00-windows.conf" = ''
@@ -24,7 +21,7 @@
    fsType = "ext4";
  };
-  fileSystems."/boot" = {
+  fileSystems."/boot/efi" = {
    device = "/dev/disk/by-uuid/349E-5086";
    fsType = "vfat";
  };
--- a/systems/sandbox/cfg.nix
+++ b/systems/sandbox/cfg.nix
@@ -6,7 +6,6 @@
    defaultUser = "sora";
    users = [{
      username = "sora";
      pubssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrrUB0KBjeAKPVG2Bdcm4mI9AMab7y97SOCdEHGogYv sora@gateway";
      wm = "-";
      git = {
        email = "soraefir+git@helcel";
@@ -15,30 +14,27 @@
      };
    }];
    make = {
      gui = false;
      cli = true;
      virt = true;
      power = false;
      game = false;
      develop = false;
    };
    net = {
      wlp = { enable = false; };
      wg = { enable = false; };
    };
    server = {
      openssh = true;
      web = true;
      sops = true;
      hostDomain = "test.helcel.net";
-      shortName = "testcel";
+      mailDomain = "mail.helcel.net";
-      mailDomain = "test@helcel";
+      mailServer = "mail.helcel.net";
      mailServer = "infomaniak.ch";
      dbHost = "localhost";
-      
+      dbPort = "3306";
-      containers = {
+
-        #cloud = {enable = true;};
+      configPath = "/home/media/config";
-        authentik = {
+      dataPath = "/home/media/data";
          enable = true;
          db = true;
          ip = "10.88.0.125";
          port = 9000 ;
        };
      };
    };
  };
 }
--- a/systems/sandbox/default.nix
+++ b/systems/sandbox/default.nix
@@ -1,4 +1,9 @@
 { config, inputs, ... }: {
  imports = [ ./hardware.nix ../../modules/server ];
  services.openssh.enable = true;
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0GpKd62XMlO410/iYkNG8MHdGGaeMG3Gmsf3Pv3u2BllUzR9Dpym1ZOz2lwo3iK0FimcQpOiJqSIahO59HJl8jQ9BoQrJMXH7l2kuq1T09cMNWGjlzowg0LWKWOzoBzOwcheyW68OJGgkSfvk9BdshkUYTLVBXjiI9jo/8Qkcv1WLJJvJmDBDwnbYDQpODXCEDQ/t3YVubb+ocLmh40sDUffJLWZQXN6OFW9N5XxnvY7K5x9ci9GU4Reei40K8yDw2Hgi0njzijRdzie3MJlKPPawJ2TATu9LsGuxfx8bJXVx+mNxP0lhO8dOOhP7p0ozTxlJJY9ZWaKgOz3SzYNCgJ1gH7NtTBtSruXd6pfmErUmuJEAeMD6+QF3yJ5tnVFNPoSHqjP+oL3CgSRpmuvn7ChSSI3J3UVhLux165VtwIL7UhosO2mCqmn0Yk2mSBkB/L4ZiWFmO3vYdagYNQX7xZHzCJ5my8vomiT+DUGb2h/o1NetKwIZJiFAuHxKt3k= sora@valinor"
  ];
 }
--- a/systems/sandbox/hardware.nix
+++ b/systems/sandbox/hardware.nix
@@ -1,27 +1,14 @@
 { config, lib, pkgs, modulesPath, ... }: {
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix" ) ];
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
  boot.kernelPackages = pkgs.linuxPackages_latest;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-
+  boot.loader.grub.device = "/dev/sda";
  boot.loader.systemd-boot.enable = lib.mkForce false;
  boot.loader.grub = {
    enable = true;
    device = "/dev/sda";
    #efiSupport = true;
  };
  boot.initrd.availableKernelModules =
    [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
  boot.initrd.kernelModules = [ "nvme" ];
  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/abc944c6-484a-4abe-a675-906e3781d71f";
+    device = "/dev/sda3";
-    fsType = "ext4";
+    fsType = "btrfs";
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/C555-300B";
    fsType = "vfat";
    options = [ "defaults" ];
  };
 }
--- a/systems/valinor/cfg.nix
+++ b/systems/valinor/cfg.nix
@@ -6,7 +6,6 @@
    defaultUser = "sora";
    users = [{
      username = "sora";
      pubssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCZibVYTvS4Dd+ZhGCpRpKfxs1fQeepNTzfzYk9I12Hyez25pQCeH+6ArrVhf6yX5Na1ffkvqTrNIDYJ1V2GHhemX0ruYp2B3xt229JszI7DeRC7YeG7v5uvsfTgicADCstGPSNorKXuNnHuBebSHpmWWbuKrYZdmcA/Az7H8uwF5+VQrnyASgZgwGV94MHinFVWsisB7o6iq4qxqpsUdtuZGbU0stDE5f9DLMDYuUxtx+jASRt+X60Bzjv3OFjU/b/YYzojTtuujkYXunNNTceCB4DTue5YMKQOlmd/IezL5nPAK9IsonPqojX9LPk2RvTCr4qalQ6AD92nq+xMW6FY1uJaKT81S8TvZcaqTm4FhEDkChuFq77biSUDhQkpcdNVOjUn5OtKpYl+0VkCaAx/8uyoylBacrn1XXLLg+gjwGCFHa2eeNu/BKIUa+5EK/FRwLpnEoPDkAHQ95JXQewChcUKG8A+Bz29XRKr9J64kbbGmwa+yjlVTPLSE6ZZE= sora@valinor";
      wm = "Wayland";
      git = {
        email = "soraefir+git@helcel";
@@ -32,7 +31,6 @@
        enable = true;
        ip4 = "10.10.1.5/32";
        ip6 = "fd10:10:10::5/128";
        pubkey = "EUYd/dMdGcbxiWJXHhQhCXV00cr87pxiW1HExwCTGg0=";
      };
    };
  };
--- a/systems/valinor/hardware.nix
+++ b/systems/valinor/hardware.nix
@@ -7,17 +7,14 @@
  boot.kernelModules = [ "v4l2loopback" "kvm-amd" ];
  #boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.extraModulePackages = with config.boot.kernelPackages;
-    [ v4l2loopback ];
+    [ v4l2loopback.out ];
  boot.extraModprobeConfig = ''
    options v4l2loopback devices=1 video_nr=1 card_label="VCam" exclusive_caps=1
  '';
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/e9713f83-ee3a-4fb1-806f-594c3bab7006";
    fsType = "ext4";
  };
-  fileSystems."/boot" = {
+  fileSystems."/boot/efi" = {
    device = "/dev/disk/by-uuid/F344-72E2";
    fsType = "vfat";
  };