host/home: add radicale calendar

.envrc

@@ -0,0 +1,2 @@
+# nix
+use flake

Makefile

@@ -1,4 +1,5 @@
-NIX := nix --experimental-features "nix-command flakes"
+NIX_RUN := nix run .\#
+NIX_LOCK := nix flake lock
 
 DEPS_EDITOR := \
 	nixeovim
@@ -14,11 +15,10 @@ DEPS_SYSTEM := \
 
 MACHINES := \
 	home \
-	asus-gl553vd \
+	asus-gl553vd
-	macbook-pro
 
 VPS := \
-	amstel \
+	istal \
 	tatos
 
 .PHONY: help
@@ -32,13 +32,13 @@ help:
 define machine_rule
 .PHONY: $(1)
 $(1): ;
-	# systemctl --user reset-failed
+	systemctl --user reset-failed
-	sudo $(NIX) run -L $(NIX_ARGS) .#switch/$(1) -- $(BUILD_ARGS)
+	sudo nix run $(NIX_ARGS) .#switch/$(1) -- $(BUILD_ARGS)
 endef
 
 define vps_rule
 .PHONY: $(1)
-$(1): ; $(NIX) run -L .#deploy/$(1) -- $(BUILD_ARGS)
+$(1): ; nix run .#deploy/$(1) -- $(BUILD_ARGS)
 
 endef
 
@@ -47,7 +47,7 @@ $(foreach vps,$(VPS),$(eval $(call vps_rule,$(vps))))
 
 .PHONY: rollback
 rollback:
-	sudo nixos-rebuild switch --rollback
+	sudo nixos-rebuild --rollback
 
 ################################################################################
 # Editor
@@ -55,24 +55,24 @@ rollback:
 
 .PHONY: neovim
 neovim:
-	$(NIX) profile upgrade $(or $(NEOVIM_INDEX),$(shell $(NIX) profile list --json | jq '.elements | to_entries[] | select(.value.attrPath | endswith(".neovim-dev")) | .key'))
+	nix profile upgrade $(or $(NEOVIM_INDEX),$(shell nix profile list --json | jq '.elements | to_entries[] | select(.value.attrPath | endswith(".neovim-dev")) | .key'))
 
-.PHONY: install/neovim
+.PHONY: init-neovim
-install/neovim:
+init-neovim:
-	$(NIX) profile install .#neovim-dev
+	nix profile install .#neovim-dev
 
 ################################################################################
 # Deps
 ################################################################################
 
-.PHONY: deps/editor
+.PHONY: deps-editor
-deps/editor:
+deps-editor:
-	$(NIX) flake update $(DEPS_EDITOR)
+	$(NIX_LOCK) $(foreach dep,$(DEPS_EDITOR),--update-input $(dep))
 
-.PHONY: deps/system
+.PHONY: deps-system
-deps/system:
+deps-system:
-	$(NIX) flake update $(DEPS_SYSTEM)
+	$(NIX_LOCK) $(foreach dep,$(DEPS_SYSTEM),--update-input $(dep))
 
 .PHONY: deps
-deps: deps/editor deps/system ;
+deps: deps-editor deps-system ;
 

disko/luks-btrfs.nix

@@ -1,63 +0,0 @@
-{ device, memSize ? 1024 * 5, swapSize ? "10G" }:
-{
-  disko = {
-    inherit memSize;
-
-    devices = {
-      disk = {
-        main = {
-          type = "disk";
-          inherit device;
-          content = {
-            type = "gpt";
-            partitions = {
-              ESP = {
-                size = "512M";
-                type = "EF00";
-                content = {
-                  type = "filesystem";
-                  format = "vfat";
-                  mountpoint = "/boot";
-                  mountOptions = [ "defaults" ];
-                };
-                priority = 1;
-              };
-              cryptoroot = {
-                size = "100%";
-                content = {
-                  type = "luks";
-                  name = "luksroot";
-                  settings.allowDiscards = true;
-                  passwordFile = "/tmp/secret.key";
-                  content = {
-                    type = "btrfs";
-                    extraArgs = [ "-f" ];
-                    subvolumes = {
-                      root = {
-                        mountpoint = "/";
-                        mountOptions = [ "compress=zstd" ];
-                      };
-                      persistent = {
-                        mountpoint = "/persistent";
-                        mountOptions = [ "compress=zstd" "noatime" ];
-                      };
-                      nix = {
-                        mountpoint = "/nix";
-                        mountOptions = [ "compress=zstd" "noatime" ];
-                      };
-                      swap = {
-                        mountpoint = "/.swapvol";
-                        mountOptions = [ "noatime" ];
-                        swap.swapfile.size = swapSize;
-                      };
-                    };
-                  };
-                };
-              };
-            };
-          };
-        };
-      };
-    };
-  };
-}

flake.lock

@@ -10,11 +10,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1736955230,
+        "lastModified": 1715290355,
-        "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
+        "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
+        "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
         "type": "github"
       },
       "original": {
@@ -23,26 +23,6 @@
         "type": "github"
       }
     },
-    "disko": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1740485968,
-        "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=",
-        "owner": "nix-community",
-        "repo": "disko",
-        "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "disko",
-        "type": "github"
-      }
-    },
     "firefox-addons": {
       "inputs": {
         "flake-utils": "flake-utils",
@@ -50,11 +30,11 @@
       },
       "locked": {
         "dir": "repos/rycee/pkgs/firefox-addons",
-        "lastModified": 1738158299,
+        "lastModified": 1713127732,
-        "narHash": "sha256-uPAqPb7ex89ujbjZDehBrRE9syTUpn21/E13uwERnK8=",
+        "narHash": "sha256-07prd+in1ZUcxETxPyWtFjl7xPKwlXzk9a47Q3RnHXU=",
         "owner": "nix-community",
         "repo": "nur-combined",
-        "rev": "45a21d362e2d0d9f4c552de39f63faa7d1f515f2",
+        "rev": "6edb2a1a43dbd2f8b32876268a530ce82c64013f",
         "type": "github"
       },
       "original": {
@@ -70,11 +50,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1727826117,
+        "lastModified": 1714641030,
-        "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
+        "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
+        "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e",
         "type": "github"
       },
       "original": {
@@ -99,15 +79,48 @@
       }
     },
     "flake-utils_2": {
+      "locked": {
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_3": {
       "inputs": {
         "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1731533236,
+        "lastModified": 1705309234,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_4": {
+      "inputs": {
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1705309234,
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
         "type": "github"
       },
       "original": {
@@ -118,11 +131,11 @@
     },
     "hardware": {
       "locked": {
-        "lastModified": 1739798439,
+        "lastModified": 1716173274,
-        "narHash": "sha256-GyipmjbbQEaosel/+wq1xihCKbv0/e1LU00x/8b/fP4=",
+        "narHash": "sha256-FC21Bn4m6ctajMjiUof30awPBH/7WjD0M5yqrWepZbY=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "3e2ea8a49d4d76276b0f4e2041df8ca5c0771371",
+        "rev": "d9e0b26202fd500cf3e79f73653cce7f7d541191",
         "type": "github"
       },
       "original": {
@@ -160,11 +173,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738145391,
+        "lastModified": 1713818326,
-        "narHash": "sha256-/9mfbWYN9HDQbKa2HdAe2T5e3FfY8e4eqc1FIvAyvLg=",
+        "narHash": "sha256-aw3xbVPJauLk/bbrlakIYxKpeuMWzA2feGrkIpIuXd8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "1b4f2a48168b3d90e11365552d1e7e601a4be6b6",
+        "rev": "67de98ae6eed5ad6f91b1142356d71a87ba97f21",
         "type": "github"
       },
       "original": {
@@ -181,35 +194,20 @@
         ]
       },
       "locked": {
-        "lastModified": 1739757849,
+        "lastModified": 1715381426,
-        "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=",
+        "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe",
+        "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-24.11",
+        "ref": "release-23.11",
         "repo": "home-manager",
         "type": "github"
       }
     },
-    "impermanence": {
-      "locked": {
-        "lastModified": 1737831083,
-        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
-        "owner": "nix-community",
-        "repo": "impermanence",
-        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "impermanence",
-        "type": "github"
-      }
-    },
     "lan-mouse": {
       "inputs": {
         "nixpkgs": [
@@ -218,11 +216,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1737993085,
+        "lastModified": 1713168888,
-        "narHash": "sha256-BlDrlzhQqRZH0Z6WRWxc2qi6L0NFthuAM8enQbGYcw0=",
+        "narHash": "sha256-pNd6KbkLlZtXKQvHWYwQB/Wbqa7lQYVffpSq5uWJqzQ=",
         "owner": "feschber",
         "repo": "lan-mouse",
-        "rev": "3e1c3e95b73a26554154b0bf7387912e258ac74a",
+        "rev": "36855a1a1767f4a777bad580d5a76fec1be5d9d1",
         "type": "github"
       },
       "original": {
@@ -242,11 +240,11 @@
         "rust-overlay": "rust-overlay_2"
       },
       "locked": {
-        "lastModified": 1732053863,
+        "lastModified": 1714571717,
-        "narHash": "sha256-DCIVdlb81Fct2uwzbtnawLBC/U03U2hqx8trqTJB7WA=",
+        "narHash": "sha256-o4tqlTzi9kcVub167kTGXgCac9jM3kW4+v9MH/ue4Hk=",
         "owner": "oxalica",
         "repo": "nil",
-        "rev": "2e24c9834e3bb5aa2a3701d3713b43a6fb106362",
+        "rev": "2f3ed6348bbf1440fcd1ab0411271497a0fbbfa4",
         "type": "github"
       },
       "original": {
@@ -255,27 +253,6 @@
         "type": "github"
       }
     },
-    "nix-darwin": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1741126078,
-        "narHash": "sha256-ng0a4cIq3c9E3iGKomlwqKzVYs2RLOzQho2U1Mc2sqU=",
-        "owner": "LnL7",
-        "repo": "nix-darwin",
-        "rev": "c172f50b55b087f8e7801631de977461603bb976",
-        "type": "github"
-      },
-      "original": {
-        "owner": "LnL7",
-        "ref": "nix-darwin-24.11",
-        "repo": "nix-darwin",
-        "type": "github"
-      }
-    },
     "nix2lua": {
       "locked": {
         "lastModified": 1716215210,
@@ -302,11 +279,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1743591946,
+        "lastModified": 1716244689,
-        "narHash": "sha256-nD2OqXHIcLmW+kZBB7y08wuEE5WFHSL6S6UN3PNOElM=",
+        "narHash": "sha256-tFsMxZcbg8WAmNmmL/WxFjp4wgCK2XzTDkM5PNZqCZQ=",
         "ref": "refs/heads/main",
-        "rev": "d7afdf14eaa044777717fedbf89bf177d3a3688b",
+        "rev": "881339ef7077b5c1d07041a0024575a4170c0174",
-        "revCount": 97,
+        "revCount": 83,
         "type": "git",
         "url": "https://git.pleshevski.ru/pleshevskiy/nixeovim"
       },
@@ -333,23 +310,23 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1727825735,
+        "lastModified": 1714640452,
-        "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=",
+        "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
       },
       "original": {
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
       }
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1742800061,
+        "lastModified": 1716128955,
-        "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=",
+        "narHash": "sha256-3DNg/PV+X2V7yn8b/fUR2ppakw7D9N4sjVBGk6nDwII=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1750f3c1c89488e2ffdd47cab9d05454dddfb734",
+        "rev": "f9256de8281f2ccd04985ac5c30d8f69aefadbe8",
         "type": "github"
       },
       "original": {
@@ -361,27 +338,27 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1739758141,
+        "lastModified": 1716061101,
-        "narHash": "sha256-uq6A2L7o1/tR6VfmYhZWoVAwb3gTy7j4Jx30MIrH0rE=",
+        "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c618e28f70257593de75a7044438efc1c1fc0791",
+        "rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-24.11",
+        "ref": "nixos-23.11",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1728538411,
+        "lastModified": 1706487304,
-        "narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=",
+        "narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b69de56fac8c2b6f8fd27f2eca01dcda8e0a4221",
+        "rev": "90f456026d284c22b3e3497be980b2e47d0b28ac",
         "type": "github"
       },
       "original": {
@@ -394,16 +371,13 @@
     "root": {
       "inputs": {
         "agenix": "agenix",
-        "disko": "disko",
         "firefox-addons": "firefox-addons",
         "flake-utils": "flake-utils_2",
         "hardware": "hardware",
         "home-manager": "home-manager_2",
         "home-manager-unstable": "home-manager-unstable",
-        "impermanence": "impermanence",
         "lan-mouse": "lan-mouse",
         "nil": "nil",
-        "nix-darwin": "nix-darwin",
         "nixeovim": "nixeovim",
         "nixpkgs": "nixpkgs_2",
         "nixpkgs-unstable": "nixpkgs-unstable",
@@ -412,17 +386,18 @@
     },
     "rust-overlay": {
       "inputs": {
+        "flake-utils": "flake-utils_3",
         "nixpkgs": [
           "lan-mouse",
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1728181869,
+        "lastModified": 1710987136,
-        "narHash": "sha256-sQXHXsjIcGEoIHkB+RO6BZdrPfB+43V1TEpyoWRI3ww=",
+        "narHash": "sha256-Q8GRdlAIKZ8tJUXrbcRO1pA33AdoPfTUirsSnmGQnOU=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "cd46aa3906c14790ef5cbe278d9e54f2c38f95c0",
+        "rev": "97596b54ac34ad8184ca1eef44b1ec2e5c2b5f9e",
         "type": "github"
       },
       "original": {
@@ -433,17 +408,21 @@
     },
     "rust-overlay_2": {
       "inputs": {
+        "flake-utils": [
+          "nil",
+          "flake-utils"
+        ],
         "nixpkgs": [
           "nil",
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1731983527,
+        "lastModified": 1714529851,
-        "narHash": "sha256-JECaBgC0pQ91Hq3W4unH6K9to8s2Zl2sPNu7bLOv4ek=",
+        "narHash": "sha256-YMKJW880f7LHXVRzu93xa6Ek+QLECIu0IRQbXbzZe38=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "71287228d96e9568e1e70c6bbfa3f992d145947b",
+        "rev": "9ca720fdcf7865385ae3b93ecdf65f1a64cb475e",
         "type": "github"
       },
       "original": {
@@ -454,14 +433,15 @@
     },
     "rust-overlay_3": {
       "inputs": {
+        "flake-utils": "flake-utils_4",
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1730341826,
+        "lastModified": 1715393623,
-        "narHash": "sha256-RFaeY7EWzXOmAL2IQEACbnrEza3TgD5UQApHR4hGHhY=",
+        "narHash": "sha256-nSUFcUqyTQQ/aYFIB05mpCzytcKvfKMy3ZQAe0fP26A=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "815d1b3ee71716fc91a7bd149801e1f04d45fbc5",
+        "rev": "8eb8671512cb0c72c748058506e50c54fb5d8e2b",
         "type": "github"
       },
       "original": {
@@ -500,6 +480,21 @@
         "type": "github"
       }
     },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "wired": {
       "inputs": {
         "flake-parts": "flake-parts",
@@ -509,11 +504,11 @@
         "rust-overlay": "rust-overlay_3"
       },
       "locked": {
-        "lastModified": 1730615238,
+        "lastModified": 1715552757,
-        "narHash": "sha256-u/ZGtyEUvAkFOBgLo2YldOx0GKjE3/esWpWruRD376E=",
+        "narHash": "sha256-ZOgCSIcdvG8+RcZCXSAEmb/LZ2Ap9wU4nvbxNDA+QN0=",
         "owner": "Toqozz",
         "repo": "wired-notify",
-        "rev": "1632418aa15889343028261663e81d8b5595860e",
+        "rev": "18b44306b2636fc7f238a9d946c7b8aac217122d",
         "type": "github"
       },
       "original": {

flake.nix

@@ -1,14 +1,9 @@
 {
   inputs = {
     flake-utils.url = "github:numtide/flake-utils";
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
     hardware.url = "github:NixOS/nixos-hardware/master";
-    impermanence.url = "github:nix-community/impermanence";
-    disko = {
-      url = "github:nix-community/disko";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
 
     firefox-addons.url = "github:nix-community/nur-combined/master?dir=repos/rycee/pkgs/firefox-addons";
 
@@ -19,7 +14,7 @@
     };
 
     home-manager = {
-      url = "github:nix-community/home-manager/release-24.11";
+      url = "github:nix-community/home-manager/release-23.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     home-manager-unstable = {
@@ -27,11 +22,6 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    nix-darwin = {
-      url = "github:LnL7/nix-darwin/nix-darwin-24.11";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     wired = {
       url = "github:Toqozz/wired-notify";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -58,86 +48,17 @@
   };
 
   outputs = { self, flake-utils, nixpkgs, nixeovim, ... } @ inputs:
-    let
+    let inherit (flake-utils.lib) eachSystem system; in
-      inherit (nixpkgs) lib;
+    eachSystem [ system.x86_64-linux ]
-
-      inherit (flake-utils.lib) eachSystem;
-      inherit (flake-utils.lib.system) x86_64-linux x86_64-darwin;
-
-      hosts = (import ./hosts inputs);
-      linuxMachines = lib.filterAttrs
-        (hostname: { system, ... }: system == x86_64-linux)
-        hosts;
-
-      darwinMachines = lib.filterAttrs
-        (hostname: { system, ... }: system == x86_64-darwin)
-        hosts;
-
-      baseSpecialArgs = {
-        inherit inputs;
-        globalData = import ./data.nix;
-        usersPath = ./users;
-        hostsPath = ./hosts;
-        packagesPath = ./packages;
-        sharedPath = ./shared;
-      };
-
-      mkDeploymentModule = { targetHost, system, ... }: ({ lib, ... }: {
-        options.deployment = with lib; {
-          system = mkOption {
-            type = types.str;
-            readOnly = true;
-            internal = true;
-          };
-          targetHost = mkOption {
-            type = types.nullOr types.str;
-            readOnly = true;
-            internal = true;
-          };
-        };
-        config.deployment = { inherit targetHost system; };
-      });
-
-      baseHomeManagerModule = ({ ... }: {
-        home-manager.backupFileExtension = "backup";
-        home-manager.useGlobalPkgs = true;
-        home-manager.useUserPackages = true;
-        home-manager.extraSpecialArgs = baseSpecialArgs;
-        home-manager.sharedModules = [
-          {
-            imports = [
-              ./modules/home-manager
-              inputs.wired.homeManagerModules.default
-              inputs.lan-mouse.homeManagerModules.default
-            ];
-          }
-        ];
-      });
-
-      baseDarwinModule = system: ({ ... }: {
-        system.stateVersion = 5;
-        system.configurationRevision = self.rev or self.dirtyRev or null;
-        nixpkgs.hostPlatform = system;
-      });
-    in
-    eachSystem [ x86_64-linux x86_64-darwin ]
       (system:
         let
           pkgs = import nixpkgs { inherit system; };
-
+          inherit (pkgs) lib nixos-rebuild;
-          machineRebuild = machine:
-            if machine.config.deployment.system == x86_64-linux
-            then pkgs.nixos-rebuild
-            else inputs.nix-darwin.packages.${x86_64-darwin}.darwin-rebuild;
 
           nixeovimPackage = config: nixeovim.lib.mkNixeovimPackage { inherit system config; };
 
-          localMachines = lib.filterAttrs
+          localMachines = lib.filterAttrs (h: m: m.config.deployment.targetHost == null) self.nixosConfigurations;
-            (h: m: m.config.deployment.targetHost == null)
+          vpsMachines = lib.filterAttrs (h: m: m.config.deployment.targetHost != null) self.nixosConfigurations;
-            (self.nixosConfigurations // self.darwinConfigurations);
-          vpsMachines = lib.filterAttrs
-            (h: m: m.config.deployment.targetHost != null)
-            self.nixosConfigurations;
         in
         {
           packages = {
@@ -149,20 +70,21 @@
             (flake-utils.lib.flattenTree {
               deploy = lib.recurseIntoAttrs (lib.mapAttrs
                 (hostname: machine: pkgs.writeShellScript "deploy/${hostname}" ''
-                  ${lib.getExe (machineRebuild machine)} switch \
+                  ${nixos-rebuild}/bin/nixos-rebuild switch \
                     --flake .#${hostname} \
-                    ${lib.optionalString (system != machine.config.deployment.system) "--build-host root@${machine.config.deployment.targetHost}"} \
                     --target-host root@${machine.config.deployment.targetHost} \
                     $@
                 '')
                 vpsMachines);
 
               switch = lib.recurseIntoAttrs (lib.mapAttrs
-                (hostname: machine:
+                (hostname: machine: pkgs.writeShellScript "switch/${hostname}" ''
-                  pkgs.writeShellScript "switch/${hostname}" ''
+                  set -e
-                    set -e
+                  ${nixos-rebuild}/bin/nixos-rebuild switch --flake .#${hostname} $@
-                    ${lib.getExe (machineRebuild machine)} switch --flake .#${hostname} $@
+                  ${lib.optionalString machine.config.hardware.pulseaudio.systemWide ''
-                  '')
+                    systemctl restart pulseaudio.service
+                  ''}
+                '')
                 localMachines);
             });
 
@@ -177,11 +99,6 @@
               # Path to the agenix configuration file
               RULES = "./.agenix_config.nix";
             };
-            disk = pkgs.mkShell {
-              packages = [
-                inputs.disko.packages.${system}.disko
-              ];
-            };
             tools = pkgs.mkShell {
               packages = with pkgs; [
                 mkpasswd
@@ -193,7 +110,7 @@
         })
     // {
       nixosConfigurations =
-        lib.mapAttrs
+        nixpkgs.lib.mapAttrs
           (hostname: { system
                      , specialArgs ? { }
                      , extraModules ? [ ]
@@ -203,53 +120,54 @@
             nixpkgs.lib.nixosSystem {
               inherit system;
 
-              specialArgs = baseSpecialArgs // specialArgs;
+              specialArgs = {
+                inherit inputs;
+                globalData = import ./data.nix;
+                usersPath = ./users;
+                hostsPath = ./hosts;
+                packagesPath = ./packages;
+              } // specialArgs;
 
               modules =
                 (with inputs; [
                   agenix.nixosModules.default
-                  home-manager.nixosModules.default
+                  home-manager.nixosModule
-                  disko.nixosModules.disko
-                  impermanence.nixosModules.impermanence
                 ])
                 ++ [
-                  (mkDeploymentModule { inherit system targetHost; })
+                  # deployment settings
-                  baseHomeManagerModule
+                  ({ lib, ... }: {
+                    options.deployment = with lib; {
+                      targetHost = mkOption {
+                        type = types.nullOr types.str;
+                        readOnly = true;
+                        internal = true;
+                      };
+                    };
+                    config.deployment = { inherit targetHost; };
+                  })
+                  # base home manager settings
+                  ({ ... }: {
+                    home-manager.useGlobalPkgs = true;
+                    home-manager.useUserPackages = true;
+                    home-manager.extraSpecialArgs = {
+                      packagesPath = ./packages;
+                    };
+                    home-manager.sharedModules = [
+                      {
+                        imports = [
+                          ./modules/home-manager
+                          inputs.wired.homeManagerModules.default
+                          inputs.lan-mouse.homeManagerModules.default
+                          "${inputs.home-manager-unstable}/modules/services/window-managers/river.nix"
+                        ];
+                      }
+                    ];
+                  })
                 ]
                 ++ extraModules
                 ++ [ ./modules/nixos ]
                 ++ [ ./hosts/${hostname}/configuration.nix ];
             })
-          linuxMachines;
+          (import ./hosts inputs);
-
-      darwinConfigurations =
-        lib.mapAttrs
-          (hostname: { system
-                     , specialArgs ? { }
-                     , extraModules ? [ ]
-                     , targetHost ? null
-                     }:
-            inputs.nix-darwin.lib.darwinSystem {
-              specialArgs = baseSpecialArgs // specialArgs;
-
-              modules =
-                (with inputs; [
-                  agenix.darwinModules.default
-                  home-manager.darwinModules.default
-                ])
-                ++ [
-                  (baseDarwinModule system)
-                  (mkDeploymentModule { inherit system targetHost; })
-                  baseHomeManagerModule
-                ]
-                ++ extraModules
-                ++ [ ./hosts/${hostname}/configuration.nix ];
-            })
-          darwinMachines;
-
-      diskoConfigurations = {
-        asus-gl553vd = import ./hosts/asus-gl553vd/disk-config.nix;
-        home = import ./hosts/home/disk-config.nix;
-      };
     };
 }

hosts/amstel/hardware-configuration/default.nix

@@ -1,15 +0,0 @@
-{ ... }:
-
-{
-  imports = [
-    ./generated.nix
-    ./networking.secret.nix
-  ];
-
-  swapDevices = [
-    {
-      device = "/var/lib/swapfile";
-      size = 2 * 1024;
-    }
-  ];
-}

hosts/amstel/services/default.nix

@@ -1,10 +0,0 @@
-{
-  imports = [
-    ./forgejo-runners
-    ./wireguard
-    # ./docker-registry-proxy.nix
-    ./nginx.nix
-    ./renovate.nix
-    ./prometheus.nix
-  ];
-}

hosts/amstel/services/docker-registry-proxy.nix

@@ -1,20 +0,0 @@
-{...}:
-
-{
-  services.dockerRegistry = {
-    enable = true;
-    enableGarbageCollect = true;
-    extraConfig = {
-      proxy.remoteurl = "https://registry-1.docker.io";
-    };
-  };
-
-  services.nginx = {
-    upstreams.docker-hub-registry.servers."localhost:5000" = { };
-    virtualHosts."docker-hub.pleshevski.ru" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/v2/".proxyPass = "http://docker-hub-registry";
-    };
-  };
-}

hosts/amstel/services/forgejo-runners/default.nix

@@ -1,37 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  NODE_OPTIONS = "--max_old_space_size=4096";
-in
-{
-  age.secrets.forgejo-runner-token-istal-docker.file = ./forgejo-runner-token-istal-docker.age;
-
-  virtualisation.docker.enable = true;
-  systemd.services.docker.serviceConfig = {
-    CPUQuota = "50%"; # Ограничение для всего Docker демона?
-  };
-
-  services.gitea-actions-runner = {
-    package = pkgs.unstable.forgejo-runner;
-    instances = {
-      amstel-docker = {
-        enable = true;
-        name = "amstel-docker";
-        url = "https://git.pleshevski.ru";
-        labels = [
-          "docker:docker://node:20-bullseye"
-          "ubuntu-22.04:docker://node:20-bullseye"
-        ];
-        tokenFile = config.age.secrets.forgejo-runner-token-istal-docker.path;
-        settings = {
-          runner = {
-            envs = { inherit NODE_OPTIONS; };
-
-            timeout = "1h";
-          };
-        };
-      };
-    };
-  };
-
-}

hosts/amstel/services/nginx.nix

@@ -1,41 +0,0 @@
-{ ... }:
-
-{
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "dmitriy@pleshevski.ru";
-  };
-
-  services.nginx = {
-    enable = true;
-
-    # Use recommended settings
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-
-    appendHttpConfig = ''
-      # Add HSTS header with preloading to HTTPS requests.
-      # Adding this header to HTTP requests is discouraged
-      map $scheme $hsts_header {
-          https   "max-age=31536000; includeSubdomains; preload";
-      }
-      add_header Strict-Transport-Security $hsts_header;
-
-      # Minimize information leaked to other domains
-      add_header 'Referrer-Policy' 'origin-when-cross-origin';
-
-      # Disable embedding as a frame
-      add_header X-Frame-Options DENY;
-
-      # Prevent injection of code in other mime types (XSS Attacks)
-      add_header X-Content-Type-Options nosniff;
-
-      # This might create errors
-      proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
-    '';
-  };
-}

hosts/amstel/services/prometheus.nix

@@ -1,5 +0,0 @@
-{ sharedPath, ... }:
-
-{
-  imports = [ (sharedPath + "/prometheus/node.nix") ];
-}

hosts/amstel/services/renovate.nix

@@ -1,57 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  age.secrets.renovate-gitea-token.file = ./renovate-gitea-token.age;
-  age.secrets.renovate-github-token.file = ./renovate-github-token.age;
-
-  systemd.services.renovate-clear-cache = {
-    script = ''
-      set -eu
-      ${pkgs.coreutils}/bin/rm -rf /var/cache/private/renovate /var/lib/renovate
-    '';
-    serviceConfig = {
-      Type = "oneshot";
-      User = "root";
-    };
-    startAt = "3:00";
-  };
-
-  services.renovate = {
-    enable = true;
-    package = pkgs.unstable.renovate;
-    schedule = "0..2,10..23:00";
-    credentials = {
-      RENOVATE_TOKEN = config.age.secrets.renovate-gitea-token.path;
-      GITHUB_COM_TOKEN = config.age.secrets.renovate-github-token.path;
-    };
-    runtimePackages = with pkgs.unstable; [
-      pnpm_9
-      python312
-      poetry
-      gnumake
-      cargo
-    ];
-    settings = {
-      platform = "gitea";
-      endpoint = "https://git.pleshevski.ru";
-      assignees = [ "pleshevskiy" ];
-      autodiscover = true;
-      automergeStrategy = "fast-forward";
-      onboardingConfig = {
-        "$schema" = "https://docs.renovatebot.com/renovate-schema.json";
-      };
-      globalExtends = [
-        "npm:unpublishSafe"
-        "config:best-practices"
-        ":configMigration"
-        ":automergeMinor"
-        ":automergeRequireAllStatusChecks"
-      ];
-
-      cacheHardTtlMinutes = 30;
-      httpCacheTtlDays = 1;
-    };
-  };
-
-  # systemd.services.renovate.environment.LOG_LEVEL = "debug";
-}

hosts/asus-gl553vd/configs/boot.nix

@@ -1,10 +1,13 @@
+{ ... }:
+
 {
+  # Use the systemd-boot EFI boot loader.
   boot.loader = {
-    timeout = 1;
     systemd-boot = {
       enable = true;
-      configurationLimit = 20;
+      configurationLimit = 10;
     };
+
     efi.canTouchEfiVariables = true;
   };
 }

hosts/asus-gl553vd/configs/default.nix

@@ -1,7 +1,8 @@
+{ ... }:
+
 {
   imports = [
     ./boot.nix
-    ./imp.nix
     ./networking.nix
     ./wireguard
   ];

hosts/asus-gl553vd/configs/imp.nix

@@ -1,76 +0,0 @@
-{ config, lib, ... }:
-
-{
-  # A setup which would clean root subvolume between boots remove automatically removed roots that
-  # are older than one day:
-  # 
-  # Source: https://github.com/nix-community/impermanence
-  boot.initrd.postDeviceCommands = lib.mkAfter ''
-    mkdir /btrfs_tmp
-    mount /dev/mapper/luksroot /btrfs_tmp
-    if [[ -e /btrfs_tmp/root ]]; then
-        mkdir -p /btrfs_tmp/old_roots
-        timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
-        mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
-    fi
-
-    delete_subvolume_recursively() {
-        IFS=$'\n'
-        for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
-            delete_subvolume_recursively "/btrfs_tmp/$i"
-        done
-        btrfs subvolume delete "$1"
-    }
-
-    for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +1); do
-        delete_subvolume_recursively "$i"
-    done
-
-    echo 1 | tee /btrfs_tmp/root/sys/class/leds/asus\:\:kbd_backlight/brightness
-
-    btrfs subvolume create /btrfs_tmp/root
-    umount /btrfs_tmp
-    rm -r /btrfs_tmp
-  '';
-
-  age.identityPaths = map (v: "/persistent/system/etc/ssh/${v}") [
-    "ssh_host_rsa_key"
-    "ssh_host_ed25519_key"
-  ];
-
-  environment.persistence = {
-    "/persistent/system" = {
-      hideMounts = true;
-      directories = [
-        "/var/lib/bluetooth"
-        "/var/lib/nixos"
-        "/var/lib/systemd/coredump"
-        "/etc/NetworkManager/system-connections"
-      ];
-      files = [
-        "/etc/machine-id"
-        "/etc/ssh/ssh_host_rsa_key"
-        "/etc/ssh/ssh_host_rsa_key.pub"
-        "/etc/ssh/ssh_host_ed25519_key"
-        "/etc/ssh/ssh_host_ed25519_key.pub"
-      ];
-    };
-    "/persistent/docker" = lib.mkIf config.virtualisation.docker.enable {
-      hideMounts = true;
-      directories = map (v: "/var/lib/docker/${v}") [
-        "containers"
-        "volumes"
-        "image"
-        "overlay2"
-        "network"
-      ];
-      files = [ "/var/lib/docker/engine-id" ];
-    };
-    "/presistent/ollama" = lib.mkIf config.services.ollama.enable {
-      hideMounts = true;
-      directories  = [
-        "/var/lib/private/ollama"
-      ];
-    };
-  };
-}

hosts/asus-gl553vd/configs/networking.nix

@@ -1,10 +1,13 @@
+{ ... }:
+
 {
   networking = {
     hostName = "laptop"; # Define your hostname.
 
     networkmanager.enable = true;
 
-    useDHCP = false;
+    firewall.allowedTCPPortRanges = [
-    interfaces.wlp2s0.useDHCP = true;
+      { from = 33000; to = 33999; }
+    ];
   };
 }

hosts/asus-gl553vd/configuration.nix

@@ -1,18 +1,13 @@
-{ pkgs, ... }:
+{ globalData, ... }:
 
 {
   imports = [
     ./hardware-configuration
     ./configs
     ./users
-    ./services
   ];
 
-  local.yubikey = {
+  local.yubikey.enable = true;
-    enable = false;
-    serial = "28058247";
-    unplug.enable = true;
-  };
 
   ################################################################################
   # Services
@@ -27,33 +22,12 @@
   ################################################################################
   # Programs
   ################################################################################
-  services.ollama = {
+  local.programs.browsers.tor-browser = {
     enable = true;
-    package = pkgs.unstable.ollama;
+    container = {
-  };
-
-  services.plantuml-server = {
-    enable = true;
-    package = pkgs.unstable.plantuml-server;
-    listenPort = 33050;
-  };
-
-  # Fix boot issue
-  containers.telegram.bindMounts."/dev/dri/card1" = { };
-
-  local.programs.communication = {
-    telegram = {
       enable = true;
-      package = pkgs.unstable.tdesktop;
+      externalInterface = "wg0";
-    };
+      sshAuthorizedKeys = globalData.publicKeys.users.jan;
-    simplex-chat = {
-      enable = true;
-      package = pkgs.unstable.simplex-chat-desktop;
-      openFirewall = true;
     };
   };
-
-  environment.shellInit = ''
-    [ -n "$DISPLAY" ] && ${pkgs.xorg.xhost}/bin/xhost +local: > /dev/null || true
-  '';
 }

hosts/asus-gl553vd/disk-config.nix

@@ -1,3 +0,0 @@
-import ../../disko/luks-btrfs.nix {
-  device = "/dev/disk/by-id/nvme-NE-256_2280_0015167003217";
-}

hosts/asus-gl553vd/hardware-configuration/default.nix

@@ -1,7 +1,16 @@
+{ ... }:
+
 {
-  imports = [
+  # Include the results of the hardware scan.
-    ./generated.nix # Include the results of the hardware scan.
+  imports = [ ./generated.nix ];
-    ./manual.nix
+
+  # Enable keyboard on the boot
+  boot.initrd.availableKernelModules = [ "hid_asus" ];
+
+  boot.kernelModules = [
+    # Enable containers
+    # See: https://github.com/NixOS/nixpkgs/issues/38676
+    "veth"
   ];
 
 
@@ -20,7 +29,7 @@
   };
 
   # configure mouse and touchpad
-  services.libinput = {
+  services.xserver.libinput = {
     enable = true;
     touchpad = {
       accelSpeed = "0.5";
@@ -30,11 +39,6 @@
 
   hardware.bluetooth.enable = true;
 
-  hardware.graphics = {
-    enable = true;
-    enable32Bit = true;
-  };
-
   services.logind.extraConfig = ''
     # don’t shutdown when power button is short-pressed
     HandlePowerKey=ignore

hosts/asus-gl553vd/hardware-configuration/generated.nix

@@ -1,56 +1,36 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, modulesPath, ... }:
+{ config, lib, pkgs, modulesPath, ... }:
 
 {
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  boot.kernelModules = [ "kvm-intel" ];
+  boot = {
-  boot.extraModulePackages = [ ];
+    initrd = {
+      availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+      kernelModules = [ ];
+    };
 
-  boot.initrd = {
+    kernelModules = [ "kvm-intel" ];
-    availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ];
+    extraModulePackages = [ ];
-    kernelModules = [ ];
-    luks.devices."luksroot".device = "/dev/disk/by-uuid/eb896c1c-f012-412e-86bd-48f663377129";
   };
 
   fileSystems = {
     "/" = {
-      device = "/dev/disk/by-uuid/45a33b08-0a15-4b47-9d8a-c58b7d62066a";
+      device = "/dev/disk/by-uuid/e6c0cbba-7000-4b1e-ba53-e7b5f8ae11c0";
-      fsType = "btrfs";
+      fsType = "ext4";
-      options = [ "subvol=root" "compress=zstd" ];
-    };
-
-    "/persistent" = {
-      device = "/dev/disk/by-uuid/45a33b08-0a15-4b47-9d8a-c58b7d62066a";
-      fsType = "btrfs";
-      options = [ "subvol=persistent" "compress=zstd" ];
-      neededForBoot = true;
-    };
-
-    "/nix" = {
-      device = "/dev/disk/by-uuid/45a33b08-0a15-4b47-9d8a-c58b7d62066a";
-      fsType = "btrfs";
-      options = [ "subvol=nix" "compress=zstd" "noatime" ];
-    };
-
-    "/.swapvol" = {
-      device = "/dev/disk/by-uuid/45a33b08-0a15-4b47-9d8a-c58b7d62066a";
-      fsType = "btrfs";
-      options = [ "subvol=swap" "noatime" ];
     };
 
     "/boot" = {
-      device = "/dev/disk/by-uuid/94EE-CA0D";
+      device = "/dev/disk/by-uuid/499C-4EBD";
       fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
     };
   };
 
-  swapDevices = [{ device = "/.swapvol/swapfile"; }];
+  swapDevices = [{ device = "/dev/disk/by-uuid/fa457df9-cd48-4c81-90cb-a511a7689988"; }];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
@@ -60,6 +40,6 @@
   # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
   # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
 
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }

hosts/asus-gl553vd/hardware-configuration/manual.nix

@@ -1,24 +0,0 @@
-{ ... }:
-
-{
-  boot.kernelModules = [
-    # Enable containers
-    # See: https://github.com/NixOS/nixpkgs/issues/38676
-    "veth"
-  ];
-
-  # Enable keyboard on the boot
-  boot.initrd.availableKernelModules = [ "hid_asus" ];
-
-  boot.blacklistedKernelModules = [ "nouveau" ];
-
-  fileSystems."/home/jan" = {
-    device = "/dev/disk/by-uuid/e6c0cbba-7000-4b1e-ba53-e7b5f8ae11c0";
-    fsType = "ext4";
-    options = [
-      "defaults"
-      "X-mount.subdir=home/jan"
-      "X-mount.mkdir"
-    ];
-  };
-}

hosts/asus-gl553vd/services/default.nix

@@ -1,3 +0,0 @@
-{
-  imports = [ ./forgejo-runners ];
-}

hosts/asus-gl553vd/services/forgejo-runners/default.nix

@@ -1,33 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  NODE_OPTIONS = "--max_old_space_size=8192";
-in
-{
-  age.secrets.forgejo-runner-token-asus-docker.file = ./forgejo-runner-token-asus-docker.age;
-
-  virtualisation.docker.enable = true;
-
-  services.gitea-actions-runner = {
-    package = pkgs.unstable.forgejo-runner;
-    instances = {
-      asus-gl554vd-docker = {
-        enable = true;
-        name = "asus-gl554vd-docker";
-        url = "https://git.pleshevski.ru";
-        labels = [
-          "docker:docker://node:20-bullseye"
-          "ubuntu-22.04:docker://node:20-bullseye"
-        ];
-        tokenFile = config.age.secrets.forgejo-runner-token-asus-docker.path;
-        settings = {
-          runner = {
-            envs = { inherit NODE_OPTIONS; };
-
-            timeout = "1h";
-          };
-        };
-      };
-    };
-  };
-}

hosts/asus-gl553vd/users/jan.nix

@@ -1,4 +1,4 @@
-{ hostsPath, usersPath, lib, ... }:
+{ hostsPath, usersPath, ... }:
 
 let
   asusData = import (hostsPath + "/asus-gl553vd/data.secret.nix");
@@ -12,6 +12,8 @@ in
       xmonad.projects = import ./xmonad-projects.secret.nix;
     };
 
+    local.programs.dev-tools.k8s.enable = true;
+
     local.programs.libreoffice.enable = true;
 
     local.services.lan-mouse.settings = {

hosts/default.nix

@@ -2,11 +2,10 @@
 
 let
   hardware = inputs.hardware.nixosModules;
-  inherit (inputs.flake-utils.lib.system) x86_64-linux x86_64-darwin;
 in
 {
   home = {
-    system = x86_64-linux;
+    system = "x86_64-linux";
 
     extraModules = [
       hardware.common-gpu-amd
@@ -16,7 +15,7 @@ in
   };
 
   asus-gl553vd = {
-    system = x86_64-linux;
+    system = "x86_64-linux";
 
     extraModules = [
       hardware.common-cpu-intel
@@ -25,26 +24,18 @@ in
     ];
   };
 
-  macbook-pro = {
+  istal = {
-    system = x86_64-darwin;
+    system = "x86_64-linux";
-
-    extraModules = [
-      # ./networking.secret.nix
-    ];
-  };
-
-  amstel = {
-    system = x86_64-linux;
 
     extraModules = [
       ../modules/vps.nix
     ];
 
-    targetHost = (import ./amstel/data.secret.nix).addr;
+    targetHost = (import ./istal/data.secret.nix).addr;
   };
 
   tatos = {
-    system = x86_64-linux;
+    system = "x86_64-linux";
 
     extraModules = [
       ../modules/vps.nix

hosts/home/configs/android.nix

@@ -2,23 +2,20 @@
 
 
 let
+  buildToolsVersion = "33.0.2";
   androidComposition = pkgs.unstable.androidenv.composeAndroidPackages {
-    platformToolsVersion = "35.0.2";
+    platformToolsVersion = "34.0.5";
-    buildToolsVersions = [
+    buildToolsVersions = [ buildToolsVersion ];
-      "33.0.2"
+    includeEmulator = false;
-      "34.0.0"
+    emulatorVersion = "34.1.9";
-      "35.0.1"
+    platformVersions = [ "29" "30" "33" ];
-    ];
-    includeEmulator = true;
-    emulatorVersion = "35.3.11";
-    platformVersions = [ "29" "33" "34" ];
     includeSources = false;
-    includeSystemImages = true;
+    includeSystemImages = false;
     systemImageTypes = [ "google_apis_playstore" ];
     abiVersions = [ "armeabi-v7a" "arm64-v8a" ];
     cmakeVersions = [ "3.10.2" ];
     includeNDK = true;
-    ndkVersions = [ "27.0.12077973" ];
+    ndkVersions = [ "23.2.8568313" ];
     useGoogleAPIs = false;
     useGoogleTVAddOns = false;
     includeExtras = [
@@ -39,11 +36,6 @@ in
 
   nixpkgs.config.android_sdk.accept_license = true;
 
-  environment.systemPackages = [
-    pkgs.unstable.androidenv.androidPkgs.platform-tools
-    (pkgs.unstable.android-studio.withSdk androidComposition.androidsdk)
-  ];
-
   environment.variables = rec {
     ANDROID_SDK_ROOT = "${androidComposition.androidsdk}/libexec/android-sdk";
     ANDROID_NDK_ROOT = "${ANDROID_SDK_ROOT}/ndk-bundle";
@@ -53,7 +45,6 @@ in
     # JAVA_HOME = pkgs.jdk17.home;
   };
 
-
   services.udev.extraRules = ''
     SUBSYSTEM=="usb", ATTR{idVendor}=="12d1", MODE="0666", GROUP="plugdev"
   '';

hosts/home/configs/printer.nix

@@ -5,11 +5,11 @@
 
   services = {
     avahi = {
-      enable = false;
+      enable = true;
-      nssmdns4 = true;
+      nssmdns = true;
     };
     printing = {
-      enable = false;
+      enable = true;
       drivers = with pkgs; [ gutenprint cnijfilter2 ];
     };
   };

hosts/home/configuration.nix

@@ -1,153 +1,63 @@
-{ config, lib, pkgs, ... }:
+{ globalData, ... }:
 
 {
   imports = [
     ./hardware-configuration
     ./configs
     ./users
-    ./services
   ];
 
+  local.yubikey.enable = true;
+
+  services.radicale = {
+    enable = true;
+    settings = {
+      auth = {
+        # htpasswd -B -c /etc/radicale/users
+        type = "htpasswd";
+        htpasswd_filename = "/etc/radicale/users";
+        htpasswd_encryption = "bcrypt";
+      };
+    };
+    rights = {
+      root = {
+        user = ".+";
+        collection = "";
+        permissions = "R";
+      };
+      principal = {
+        user = ".+";
+        collection = "{user}";
+        permissions = "RW";
+      };
+      calendars = {
+        user = ".+";
+        collection = "{user}/[^/]+";
+        permissions = "rw";
+      };
+    };
+  };
+
   ################################################################################
   # Programs
   ################################################################################
+  local.programs.browsers.tor-browser = {
+    enable = true;
+    container = {
+      enable = true;
+      externalInterface = "wg0";
+      sshAuthorizedKeys = globalData.publicKeys.users.jan;
+    };
+  };
 
   ################################################################################
   # Services
   ################################################################################
-  local.services.byedpi = {
+  local.services.i2pd.enable = true;
-    enable = true;
-    settings = {
-      ip = "127.0.0.1";
-      port = 1081;
-      debugLevel = 2;
-    };
-    groupSettings = [
-      {
-        name = "googlevideo";
-        hosts = "googlevideo.com";
-        disorder = 1;
-        split = 7;
-      }
-      {
-        name = "youtube";
-        hosts = "youtube.com";
-        disorder = 1;
-      }
-      {
-        name = "none";
-      }
-    ];
-  };
-
-  # local.services.i2pd.enable = true;
-  # local.services.kubo.enable = true;
 
   local.services.octoprint.enable = true;
 
   virtualisation.docker.enable = true;
   # Torrent client
-  /*
+  services.transmission.enable = true;
-  services.transmission = {
-    enable = true;
-    settings = {
-      rpc-bind-address = "192.168.7.10";
-      rpc-port = 9091;
-      rpc-whitelist = "192.168.7.*";
-    };
-  };
-  */
-
-  services.ollama = {
-    enable = true;
-    package = pkgs.unstable.ollama;
-    acceleration = "rocm";
-  };
-
-  programs.sniffnet.enable = true;
-
-  services.plantuml-server = {
-    enable = true;
-    package = pkgs.unstable.plantuml-server;
-    listenPort = 33050;
-  };
-
-  ################################################################################
-  # Containers
-  ################################################################################
-
-  environment.shellInit = ''
-    [ -n "$DISPLAY" ] && ${pkgs.xorg.xhost}/bin/xhost +local: > /dev/null || true
-  '';
-
-  local.programs.communication = {
-    telegram = {
-      enable = true;
-      package = pkgs.unstable.tdesktop;
-    };
-    simplex-chat = {
-      enable = true;
-      package = pkgs.unstable.simplex-chat-desktop;
-      openFirewall = true;
-    };
-  };
-
-  /*
-  containers.games = {
-    autoStart = true;
-    bindMounts = {
-      "${config.services.transmission.settings.download-dir}" = { };
-      "/tmp/.X11-unix" = { };
-      "/run/opengl-driver/lib" = { };
-      "/run/opengl-driver-32/lib" = { };
-    };
-    allowedDevices = [
-      {
-        modifier = "r";
-        node = "/dev/kfd";
-      }
-      {
-        modifier = "r";
-        node = "/dev/dri";
-      }
-    ];
-    config = { pkgs, ... }: {
-      nixpkgs.config.allowUnfree = true;
-      system.stateVersion = "23.11";
-
-      users.groups.transmission = config.users.groups.transmission;
-      users.users.john = {
-        isNormalUser = true;
-        home = "/home/john";
-        password = "hello";
-        extraGroups = [ "pulse-access" "transmission" ];
-        packages = with pkgs; [
-          # wine
-          wineWowPackages.stable
-          winetricks
-          # community edition
-          fallout-ce
-          fallout2-ce
-          openmw
-          openxcom
-          # tools
-          innoextract
-          vim
-          unzip
-          p7zip
-          unrar-wrapper
-          wget
-        ];
-      };
-      environment.sessionVariables = {
-        DISPLAY = ":0";
-        PULSE_SERVER = "tcp:127.0.0.1:4713";
-        XAUTHORITY = "/home/john/.Xauthority";
-
-        WINEPREFIX = "/home/john/.wine";
-        WINEARCH = "win32";
-      };
-    };
-  };
-  */
 }

hosts/home/disk-config.nix

@@ -1,3 +0,0 @@
-import ../../disko/luks-btrfs.nix {
-  device = "/dev/disk/by-id/nvme-NE-256_2280_0014164009305";
-}

hosts/home/hardware-configuration/default.nix

@@ -1,11 +1,8 @@
 { config, ... }:
 
 {
-  imports = [
+  # Include the results of the hardware scan.
-    ./generated.nix # Include the results of the hardware scan.
+  imports = [ ./generated.nix ];
-    ./hibernation.nix
-    ./nfs.nix
-  ];
 
   # Add support of usb
   boot.initrd.availableKernelModules = [ "usb_storage" ];
@@ -14,8 +11,6 @@
   # See: https://github.com/NixOS/nixpkgs/issues/38676
   boot.kernelModules = [ "veth" ];
 
-  # rtl88x2bu doesn't work on stable at the moment 🤔
-  local.system.kernel = "lts";
   boot.extraModulePackages = with config.boot.kernelPackages; [
     rtl88x2bu # wifi
   ];
@@ -23,7 +18,7 @@
   networking = {
     useDHCP = false;
     interfaces = {
-      wlp4s0.useDHCP = true;
+      wlp3s0.useDHCP = true;
       # wlp11s0f3u2.useDHCP = true;
     };
   };
@@ -31,23 +26,14 @@
   # extra configs
   hardware.bluetooth.enable = true;
 
-  hardware.graphics = {
-    enable = true;
-    enable32Bit = true;
-  };
-
   # All monitors in the right order
   # Source: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/x11/xserver.nix#L83
-  #
-  # To see references use the following command
-  # man xorg.conf
   services.xserver.xrandrHeads = [
     {
       output = "DP-3";
       monitorConfig = ''
         Option "PreferredMode" "1920x1080"
-        # Option "Rotate" "right"
+        Option "Rotate" "right"
-        Option "Position" "0 361"
       '';
     }
     {
@@ -55,7 +41,6 @@
       primary = true;
       monitorConfig = ''
         Option "PreferredMode" "2560x1440"
-        Option "Position" "1920 0"
       '';
     }
   ];

hosts/home/hardware-configuration/hibernation.nix

@@ -1,15 +0,0 @@
-{...}:
-
-{
-  swapDevices = [
-    {
-      device = "/var/lib/swapfile";
-      size = 64 * 1024;
-    }
-  ];
-
-  boot.resumeDevice = "/dev/disk/by-uuid/969c5f68-631d-4429-b81b-0d81e050449b";
-  boot.kernelParams = [ "resume_offset=156735488" ];
-
-  powerManagement.enable = true;
-}

hosts/home/hardware-configuration/nfs.nix

@@ -1,29 +0,0 @@
-{ ... }:
-
-{
-  fileSystems."/export/mynix" = {
-    device = "/home/jan/mynix";
-    options = [ "bind" ];
-  };
-
-  fileSystems."/export/projects" = {
-    device = "/home/jan/projects";
-    options = [ "bind" ];
-  };
-
-  services.nfs.server = {
-    enable = true;
-    lockdPort = 4001;
-    mountdPort = 4002;
-    statdPort = 4000;
-    exports = ''
-      /export           192.168.0.0/24(rw,fsid=0,no_subtree_check)
-      /export/mynix     192.168.0.0/24(rw,nohide,insecure,no_subtree_check,all_squash,anonuid=502,anongid=20)
-      /export/projects  192.168.0.0/24(rw,nohide,insecure,no_subtree_check,all_squash,anonuid=502,anongid=20)
-    '';
-  };
-  networking.firewall = {
-    allowedTCPPorts = [ 111 2049 4000 4001 4002 20048 ];
-    allowedUDPPorts = [ 111 2049 4000 4001 4002 20048 ];
-  };
-}

hosts/home/services/default.nix

@@ -1,6 +0,0 @@
-{
-  imports = [
-    ./forgejo-runners
-    ./synergy.nix
-  ];
-}

hosts/home/services/forgejo-runners/default.nix

@@ -1,33 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  NODE_OPTIONS = "--max_old_space_size=8192";
-in
-{
-  age.secrets.forgejo-runner-token-home-docker.file = ./forgejo-runner-token-home-docker.age;
-
-  virtualisation.docker.enable = true;
-
-  services.gitea-actions-runner = {
-    package = pkgs.unstable.forgejo-runner;
-    instances = {
-      home-docker = {
-        enable = true;
-        name = "home-docker";
-        url = "https://git.pleshevski.ru";
-        labels = [
-          "docker:docker://node:20-bullseye"
-          "ubuntu-22.04:docker://node:20-bullseye"
-        ];
-        tokenFile = config.age.secrets.forgejo-runner-token-home-docker.path;
-        settings = {
-          runner = {
-            envs = { inherit NODE_OPTIONS; };
-
-            timeout = "1h";
-          };
-        };
-      };
-    };
-  };
-}

hosts/home/services/synergy.nix

@@ -1,25 +0,0 @@
-{ pkgs, ... }:
-
-{
-  services.synergy.server = {
-    enable = true;
-    screenName = "home";
-    configFile = pkgs.writeText "synergy-server.conf" ''
-      section: screens
-        home:
-        macbook-pro:
-      end
-      section: links
-        home:
-          down(0,40) = macbook-pro(0,100)
-        macbook-pro:
-          up(1,99) = home(0,40)
-      end
-      section: options
-        clipboardSharing = true
-        clipboardSharingSize = 2048
-      end
-    '';
-  };
-  networking.firewall.allowedTCPPorts = [ 24800 ];
-}

hosts/home/users/default.nix

@@ -8,7 +8,7 @@
 
   home-manager.sharedModules = [
     {
-      local.window-manager.polybar.wifiDevice = "wlp4s0";
+      local.window-manager.polybar.wifiDevice = "wlp3s0";
 
       local.programs.terminals = {
         wezterm.fontSize = 10.0;

hosts/home/users/jan.nix

@@ -21,7 +21,9 @@ in
       };
     };
 
-    # local.programs.editors.arduino-ide.enable = true;
+    local.programs.editors.arduino-ide.enable = true;
+
+    local.programs.dev-tools.k8s.enable = true;
 
     local.programs.libreoffice = {
       enable = true;
@@ -31,31 +33,30 @@ in
       ];
     };
 
-    local.games.endless-sky.enable = true;
-
     # Extra packages
     home.packages = with pkgs.unstable; [
-      ## game dev
+      # game dev
-      # blender-hip
+      blender
-      # godot_4
+      godot_4
-      # libresprite
+      libresprite
 
-      ## 3d printer
+      # 3d printer
-      # Cannot build unstable Cura!
+      cura
-      # See: https://github.com/NixOS/nixpkgs/issues/325896
-      # it's too old in the nixpkgs!
-      # See: https://github.com/NixOS/nixpkgs/issues/186570
-      # pkgs.cura
 
-      ## electronics
+      # electronics
-      # kicad-small
+      kicad-small
       # librepcb
 
-      ## tools
+      # tools
       bind.dnsutils
 
-      ## remote desktop client
+      kubo # ipfs
-      # remmina
     ];
+
+    # games
+    local.games = {
+      mindustry.enable = true;
+      widelands.enable = true;
+    };
   };
 }

hosts/istal/configuration.nix

@@ -6,7 +6,7 @@
     ./services
   ];
 
-  networking.hostName = "amstel";
+  networking.hostName = "istal";
   networking.domain = "local";
 
   users.users.root.openssh.authorizedKeys.keys = globalData.publicKeys.users.janistal;

hosts/istal/hardware-configuration/default.nix

@@ -0,0 +1,8 @@
+{ ... }:
+
+{
+  imports = [
+    ./generated.nix
+    ./networking.secret.nix
+  ];
+}

hosts/istal/services/default.nix

@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  imports = [ ./wireguard ];
+}

hosts/istal/services/wireguard/default.nix

@@ -2,8 +2,8 @@
 
 let
   tatosData = import (hostsPath + "/tatos/data.secret.nix");
-  amstelData = import (hostsPath + "/amstel/data.secret.nix");
+  istalData = import (hostsPath + "/istal/data.secret.nix");
-  inherit (amstelData.wireguard) port;
+  inherit (istalData.wireguard) port;
 in
 {
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;

hosts/macbook-pro/configuration.nix

@@ -1,25 +0,0 @@
-{ pkgs, ... }:
-
-{
-  environment.systemPackages = with pkgs; [
-    vim
-    git
-    git-crypt
-  ];
-
-  nix.settings.experimental-features = "nix-command flakes";
-
-  services.synergy.client = {
-    enable = true;
-    serverAddress = "192.168.0.153";
-    screenName = "macbook-pro";
-  };
-
-  homebrew = {
-    enable = true;
-
-    casks = [
-      { name = "eloston-chromium"; }
-    ];
-  };
-}

hosts/tatos/configuration.nix

@@ -6,8 +6,6 @@
     ./services
   ];
 
-  local.system.kernel = "hardened";
-
   networking.hostName = "tatos";
 
   users.users.root.openssh.authorizedKeys.keys = globalData.publicKeys.users.jan;

hosts/tatos/hardware-configuration/default.nix

@@ -5,11 +5,4 @@
     ./generated.nix
     ./networking.secret.nix
   ];
-
-  swapDevices = [
-    {
-      device = "/var/lib/swapfile";
-      size = 2 * 1024;
-    }
-  ];
 }

hosts/tatos/services/default.nix

@@ -6,9 +6,5 @@
     ./wireguard
     ./nginx.nix
     ./dns.nix
-    ./grafana.nix
-    ./prometheus.nix
-    ./loki.nix
-    ./promtail.nix
   ];
 }

hosts/tatos/services/grafana.nix

@@ -1,51 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  addr = "127.0.0.1";
-  port = 33002;
-  domain = "grafana.pleshevski.ru";
-
-in
-{
-  services.grafana = {
-    enable = true;
-    package = pkgs.unstable.grafana;
-    settings = {
-      server = {
-        http_addr = addr;
-        http_port = port;
-        inherit domain;
-      };
-      auth.token_rotation_interval_minutes = 60;
-    };
-    provision = {
-      enable = true;
-      datasources.settings = {
-        datasources =
-          [
-            {
-              name = "Prometheus";
-              type = "prometheus";
-              access = "proxy";
-              url = "http://127.0.0.1:${toString config.services.prometheus.port}";
-            }
-            {
-              name = "Loki";
-              type = "loki";
-              access = "proxy";
-              url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}";
-            }
-          ];
-      };
-    };
-  };
-
-  services.nginx.virtualHosts."${domain}" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://${addr}:${toString port}";
-      proxyWebsockets = true;
-    };
-  };
-}

hosts/tatos/services/loki.nix

@@ -1,85 +0,0 @@
-{ config, lib, ... }:
-
-let
-  cfg = config.services.loki;
-  nginxCfg = config.services.nginx;
-  basePath = "/var/lib/loki";
-in
-{
-  age.secrets.loki-basicauth = {
-    file = ./loki-basicauth.age;
-    owner = nginxCfg.user;
-    inherit (nginxCfg) group;
-  };
-
-  services.loki = {
-    enable = true;
-    configuration = {
-      auth_enabled = false;
-      server = {
-        http_listen_address = "127.0.0.1";
-        http_listen_port = 3100;
-      };
-      common = {
-        path_prefix = basePath;
-      };
-      ingester = {
-        lifecycler = {
-          address = "127.0.0.1";
-          ring = {
-            kvstore = {
-              store = "inmemory";
-            };
-            replication_factor = 1;
-          };
-        };
-      };
-      compactor = {
-        working_directory = "${basePath}/compactor";
-      };
-      schema_config = {
-        configs = [
-          {
-            from = "2025-02-04";
-            store = "tsdb";
-            object_store = "filesystem";
-            schema = "v13";
-            index = {
-              prefix = "index_";
-              period = "24h";
-            };
-          }
-        ];
-      };
-      storage_config = {
-        filesystem = {
-          directory = "${basePath}/chunks";
-        };
-        tsdb_shipper = {
-          active_index_directory = "${basePath}/tsdb-index";
-          cache_location = "${basePath}/tsdb-cache";
-        };
-      };
-
-      # Лимиты
-      limits_config = {
-        reject_old_samples = true;
-        reject_old_samples_max_age = "168h"; # Максимальный возраст логов (7 дней)
-      };
-    };
-  };
-
-  systemd.tmpfiles.rules = lib.mkIf cfg.enable [
-    "d ${basePath} 0755 ${cfg.user} ${cfg.group} -"
-  ];
-
-  services.nginx.virtualHosts."loki.pleshevski.ru" = lib.mkIf cfg.enable {
-    enableACME = true;
-    forceSSL = true;
-    locations."/" = let inherit (cfg.configuration.server) http_listen_port http_listen_address; in {
-      proxyPass = "http://${http_listen_address}:${toString http_listen_port}";
-      proxyWebsockets = true;
-      basicAuthFile = config.age.secrets.loki-basicauth.path;
-    };
-  };
-}

hosts/tatos/services/prometheus.nix

@@ -1,69 +0,0 @@
-{ config, sharedPath, ... }:
-
-let
-  nodeExporterPort = 40000;
-  nginxExporterPort = 40001;
-
-  basic_auth = {
-    username = "jan";
-    password_file = config.age.secrets.prometheus-basicauth-password.path;
-  };
-in
-{
-  imports = [ (sharedPath + "/prometheus/node.nix") ];
-
-  age.secrets.prometheus-basicauth-password = {
-    file = ./prometheus-basicauth-password.age;
-    owner = "prometheus";
-    group = "prometheus";
-  };
-
-  # https://wiki.nixos.org/wiki/Prometheus
-  # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters-configuration
-  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix
-  services.prometheus = {
-    enable = true;
-    listenAddress = "127.0.0.1";
-    port = 33010;
-    globalConfig.scrape_interval = "15s"; # "1m"
-    scrapeConfigs = [
-      {
-        job_name = "node_dev";
-        inherit basic_auth;
-        static_configs = [
-          {
-            targets = [
-              "tatos:${toString nodeExporterPort}"
-              "amstel:${toString nodeExporterPort}"
-            ];
-          }
-        ];
-      }
-      {
-        job_name = "node_production";
-        inherit basic_auth;
-        static_configs = [
-          {
-            targets = [
-              "canigou:${toString nodeExporterPort}"
-              "magenta:${toString nodeExporterPort}"
-              "sm-sd1:${toString nodeExporterPort}"
-            ];
-          }
-        ];
-      }
-      {
-        job_name = "nginx_production";
-        inherit basic_auth;
-        static_configs = [
-          {
-            targets = [
-              "canigou:${toString nginxExporterPort}"
-              "magenta:${toString nginxExporterPort}"
-            ];
-          }
-        ];
-      }
-    ];
-  };
-}

hosts/tatos/services/promtail.nix

@@ -1,33 +0,0 @@
-{ config, ... }:
-
-{
-  services.promtail = {
-    enable = true;
-    configuration = {
-      server = {
-        http_listen_port = 9080;
-        grpc_listen_port = 0;
-      };
-      clients = [
-        { url = "http://127.0.0.1:3100/loki/api/v1/push"; }
-      ];
-      scrape_configs = [
-        {
-          job_name = "journal";
-          journal = {
-            labels = {
-              job = "systemd-journal";
-              host = "${config.networking.hostName}"; # Имя хоста как метка
-            };
-          };
-          relabel_configs = [
-            {
-              source_labels = [ "__journal__systemd_unit" ];
-              target_label = "unit";
-            }
-          ];
-        }
-      ];
-    };
-  };
-}

hosts/tatos/services/wireguard/default.nix

@@ -3,11 +3,9 @@
 # Source: https://habr.com/ru/companies/xakep/articles/699000/
 
 let
-  amstelData = import (hostsPath + "/amstel/data.secret.nix");
+  istalData = import (hostsPath + "/istal/data.secret.nix");
   tatosData = import (hostsPath + "/tatos/data.secret.nix");
   port = tatosData.wireguard.port;
-
-  update_ru_routes = pkgs.callPackage ./update_ru_routes.nix { };
 in
 {
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
@@ -22,24 +20,16 @@ in
 
   networking.firewall.allowedUDPPorts = [ port ];
 
-  systemd.services.geoip-update = {
+  services.cron =
-    script = ''
+    let update_ru_routes = pkgs.callPackage ./update_ru_routes.nix { }; in
-      set -eu
+    let cmd = "${update_ru_routes}/bin/update_ru_routes > /root/update_routes.log 2>&1"; in
-      ${update_ru_routes}/bin/update_ru_routes > /root/update_routes.log
+    {
-    '';
+      enable = true;
-    serviceConfig = {
+      systemCronJobs = [
-      Type = "oneshot";
+        "@reboot      root  sleep 30 && ${cmd}"
-      User = "root";
+        "0 3 * * mon  root  ${cmd}"
+      ];
     };
-    restartTriggers = [ update_ru_routes ];
-  };
-  systemd.timers.geoip-update = {
-    wantedBy = [ "timers.target" ];
-    timerConfig = {
-      OnBootSec = "1m";
-      OnCalendar = "mon 3:00";
-    };
-  };
 
   networking.wg-quick.interfaces = {
     # "wg0" is the network interface name. You can name the interface arbitrarily.
@@ -53,23 +43,23 @@ in
       # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
       # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
       postUp = ''
-        interface=`${pkgs.iproute2}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
+        interface=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
         ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o $interface -j MASQUERADE
-        ${pkgs.iproute2}/bin/ip rule add from ${tatosData.addr} table main
+        ${pkgs.iproute}/bin/ip rule add from ${tatosData.addr} table main
       '';
       preDown = ''
-        interface=`${pkgs.iproute2}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
+        interface=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
         ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o $interface -j MASQUERADE
-        ${pkgs.iproute2}/bin/ip rule del from ${tatosData.addr} table main
+        ${pkgs.iproute}/bin/ip rule del from ${tatosData.addr} table main
       '';
 
       # Path to the private key file.
       privateKeyFile = config.age.secrets.wireguard-tatos-private.path;
 
       peers = [
-        # Amstel
+        # Istal
         {
-          publicKey = amstelData.wireguard.publicKey;
+          publicKey = istalData.wireguard.publicKey;
           allowedIPs = [ "10.20.30.2/32" "0.0.0.0/0" ];
         }
         # Home
@@ -89,7 +79,7 @@ in
         }
         # Phone 2 m
         {
-          publicKey = "p1GR0Ax2wrqnnd/coKYA4p0lvhdY9Mkk4iwhPxZfl3I=";
+          publicKey = "0+ejwId5JcTeMvoz+I/ACpmpUFjD7rl9wqz8H/OAHEw=";
           allowedIPs = [ "10.20.30.6/32" ];
         }
         # Phone 3 n
@@ -97,16 +87,6 @@ in
           publicKey = "IUw38F1ik2y2XoPh3Nd1VVxHz9nfKDfNKyzBaEi0rjc=";
           allowedIPs = [ "10.20.30.7/32" ];
         }
-        # Laptop m
-        {
-          publicKey = "dF5YEeK1nw2V4GNLwg67M+r8NMA315KpueQMk+ZFO1M=";
-          allowedIPs = [ "10.20.30.8/32" ];
-        }
-        # Phone 4 b
-        {
-          publicKey = "29WekSFGenqbnXoux0kbI9mwx7X5oclEFNz3cMt1Rzc=";
-          allowedIPs = [ "10.20.30.9/32" ];
-        }
       ];
     };
   };

hosts/tatos/services/wireguard/subnets_user_list.secret.txt

@@ -6,3 +6,8 @@
 34.77.14.97/32
 # apollographql.com
 147.75.40.150/32
+# reddit.com
+151.101.129.140/32
+151.101.1.140/32
+151.101.193.140/32
+151.101.65.140/32

hosts/tatos/services/wireguard/update_ru_routes.nix

@@ -6,7 +6,6 @@
 , iptables
 , ipcalc
 , jq
-, iproute2
 , gawk
 , curl
 }:
@@ -20,7 +19,7 @@ in
 symlinkJoin {
   name = "update_ru_routes";
 
-  paths = [ update_ru_routes_unwrapped ] ++ [ bind.dnsutils iptables jq gawk curl ipcalc iproute2 ];
+  paths = [ update_ru_routes_unwrapped ] ++ [ bind.dnsutils iptables jq gawk curl ipcalc ];
   buildInputs = [ makeWrapper ];
 
   postBuild = ''

misc/wg-client-conf.nix

@@ -1,3 +1,4 @@
+# use nix-build -E (import <system>/misc/wg-client-conf.nix {})
 { pkgs ? import <nixpkgs> { }
 , address
 , privateKey

modules/home-manager/configs/keyboard.nix

@@ -18,6 +18,7 @@ in
       model = "pc105";
       layout = "us,ru";
       variant = cfg.variant;
+      # variant = "dvorak,";
       options = [ "grp:win_space_toggle" ];
     };
   };

modules/home-manager/configs/window-manager/hyprland/default.nix

@@ -108,7 +108,7 @@ in
           force_zero_scaling = true;
         };
 
-        "$terminal" = "ghostty";
+        "$terminal" = "wezterm start";
         "$browser" = "librewolf";
         "$menu" = "dmenu-wl_run";
 

modules/home-manager/configs/window-manager/xmonad/default.nix

@@ -63,22 +63,8 @@ in
       xclip # access x clipboard from a console
       dmenu # menu for x window system
       nitrogen # wallpaper manager
-      rofimoji # emoji picker
     ];
 
-    programs.rofi.pass = {
-      enable = true;
-      extraConfig = ''
-        EDITOR='ghostty -e nvim'
-
-        URL_field='url'
-        USERNAME_field='login'
-        AUTOTYPE_field='autotype'
-
-        default_autotype='user :tab pass'
-      '';
-    };
-
     xsession = {
       enable = true;
 

modules/home-manager/configs/window-manager/xmonad/xmonad_config.hs

@@ -52,7 +52,7 @@ import XMonad.Util.Run
 -- The preferred terminal program, which is used in a binding below and by
 -- certain contrib modules.
 --
-myTerminal = "ghostty"
+myTerminal = "wezterm start"
 
 -- Whether focus follows the mouse pointer.
 myFocusFollowsMouse = False
@@ -83,9 +83,7 @@ comWs = "com"
 
 devWs = ["dev", "dev2", "dev3"]
 
-infraWs = "infra"
+myWorkspaces = [webWs] <> devWs <> [finWs, sysWs, comWs]
-
-myWorkspaces = [webWs] <> devWs <> [infraWs, sysWs, comWs, finWs]
 
 main :: IO ()
 main = mkDbusClient >>= main'
@@ -235,24 +233,19 @@ myManageHook = manageApps
     anyOf :: [Query Bool] -> Query Bool
     anyOf = foldl (<||>) (pure False)
 
-    machine = stringProperty "WM_CLIENT_MACHINE"
     role = stringProperty "WM_WINDOW_ROLE"
     isPopup = role =? "pop-up"
     isPinentry = anyOf [className =? "Gcr-promter", className =? "Pinentry"]
 
-    isGameMachine = machine =? "games"
-
-    isGhostty = className =? "com.mitchellh.ghostty"
     isWezterm = className =? "org.wezfurlong.wezterm"
     isAlacritty = className =? "Alacritty"
-    isTerminal = anyOf [isWezterm, isAlacritty, isGhostty]
+    isTerminal = anyOf [isWezterm, isAlacritty]
 
     tileBelow = insertPosition Below Newer
     manageApps =
       composeOne
         [ -- apps
           className =? "Gimp" -?> doFloat,
-          isGameMachine -?> doFloat,
           -- general
           anyOf
             [ resource =? "desktop_window",
@@ -280,15 +273,10 @@ myKeys conf =
         ("M-S-<Return>", spawn $ XMonad.terminal conf),
         -- launch a 'flameshot' to screenshot
         ("M-S-s", safeSpawn "flameshot" ["gui"]),
-        -- launch browsers
+        -- launch 'librewolf' browser
         ("M-S-b", spawn "librewolf"),
-        ("M-S-t", spawn "tor-browser"),
         -- launch 'dmenu_run' to choose applications
-        ("M-r", spawn "dmenu_run"),
+        ("M-p", spawn "dmenu_run")
-        -- launch 'rofi-pass' to use password manager
-        ("M-p", spawn "rofi-pass --last-used"),
-        -- launch 'rofimoji' to pick emoji
-        ("M-e", spawn "rofimoji --action copy")
         -- Open calculator
         -- ("<XF86Calculator>", spawn "gnome-calculator"),
       ]
@@ -377,7 +365,7 @@ myKeys conf =
         ("<XF86KbdBrightnessUp>", spawn (kdbBrightness "up")),
         ("<XF86KbdBrightnessDown>", spawn (kdbBrightness "down"))
       ]
-      where kdbBrightness cmd = myTerminal ++ " -e @kdbBrightnessScriptPath@ " ++ cmd
+      where kdbBrightness cmd = myTerminal ++ " -- @kdbBrightnessScriptPath@ " ++ cmd
 
 ------------------------------------------------------------------------
 -- Mouse bindings: default actions bound to mouse events
@@ -405,9 +393,9 @@ myProjects =
     terminal' wd' cmd' =
       myTerminal ++ workdir ++ command
       where
-        workdir = " --working-directory=" ++ wd'
+        workdir = " --cwd " ++ wd'
         command = case cmd' of
-          Just c -> " -e " ++ c
+          Just c -> " -- " ++ c
           _ -> ""
 
 myPromptConfig :: XPConfig

modules/home-manager/games.nix

@@ -8,14 +8,10 @@ in
     mindustry.enable = mkEnableOption "mindustry";
     widelands.enable = mkEnableOption "widelands";
     unciv.enable = mkEnableOption "unciv";
-    freeciv.enable = mkEnableOption "freeciv";
-    endless-sky.enable = mkEnableOption "endless-sky";
   };
 
   config.home.packages =
     lib.optional cfg.mindustry.enable pkgs.unstable.mindustry
     ++ lib.optional cfg.widelands.enable pkgs.widelands
-    ++ lib.optional cfg.unciv.enable pkgs.unstable.unciv
+    ++ lib.optional cfg.unciv.enable pkgs.unstable.unciv;
-    ++ lib.optional cfg.freeciv.enable pkgs.unstable.freeciv
-    ++ lib.optional cfg.endless-sky.enable pkgs.unstable.endless-sky;
 }

modules/home-manager/programs/aerc.nix

@@ -1,7 +1,19 @@
 { config, lib, pkgs, ... }:
 
 let
-  aercPackage = pkgs.unstable.aerc;
+  aercPackage = pkgs.unstable.aerc.override {
+    # support .filename filter
+    buildGoModule = args: pkgs.unstable.buildGoModule (args // rec {
+      version = "6ffc0ed5991bef69a50cbc22647af0a6a0e0a895";
+      src = pkgs.fetchFromSourcehut {
+        owner = "~rjarry";
+        repo = "aerc";
+        rev = version;
+        hash = "sha256-IyAcTCDSjOmZ6KPr9nYKdxWA0qryeU4jTwxRWzt2NOY=";
+      };
+      vendorHash = "sha256-s7lt5amq6Zsn+1AM2SlNeXSZIRbJ+vYKZmdWEDC4Sp4=";
+    });
+  };
 
   abaPackage = pkgs.unstable.aba;
   abaExe = "${abaPackage}/bin/aba -a ${config.xdg.dataHome}/aerc/aba.toml";
@@ -73,12 +85,9 @@ in
           "text/plain" = "colorize";
           "text/rfc822-headers" = "colorize";
           # "text/*" = "${pkgs.bat}/bin/bat -fpp --file-name='$AERC_FILENAME'";
-          "message/*" = "cat | colorize";
+          "message/delivery-status" = "cat | colorize";
           "application/pgp-keys" = "gpg";
           ".filename,~\\.gpg" = "gpg --decrypt";
-          ".filename,~\\.xml\\.gz" = "${pkgs.gzip}/bin/gunzip |"
-            + "${pkgs.xmlformat}/bin/xmlformat |"
-            + "${pkgs.bat}/bin/bat -fpp --file-name='$AERC_FILENAME' --language xml";
         };
 
         openers = { };
@@ -116,6 +125,10 @@ in
             "\\" = fill "filter";
             "n" = exec "next-result";
             "N" = exec "prev-result";
+            #"D" = exec "modify-labels +deleted -inbox";
+            #"A" = exec "modify-labels -inbox";
+            #"ms" = exec "modify-labels +spam -inbox";
+            #"mS" = exec "modify-labels -spam +inbox";
           }
         ];
 
@@ -141,14 +154,15 @@ in
           }
         ];
 
-        compose = {
+        compose = lib.mkMerge [
-          "$ex" = "<C-x>";
+          globalBinds
-          "<C-k>" = exec "prev-field";
+          {
-          "<C-j>" = exec "next-field";
+            "$ex" = "<C-x>";
-          "<tab>" = exec "next-field";
+            "<C-k>" = exec "prev-field";
-          "<C-l>" = exec "next-tab";
+            "<C-j>" = exec "next-field";
-          "<C-h>" = exec "prev-tab";
+            "<tab>" = exec "next-field";
-        };
+          }
+        ];
 
         "compose::editor" = {
           "$noinherit" = "true";

modules/home-manager/programs/argos-translate.nix

@@ -1,18 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let cfg = config.local.programs.argos-translate; in
-{
-  options.local.programs.argos-translate = with lib; {
-    enable = mkEnableOption "argostranslate";
-    package = mkPackageOption pkgs.python311Packages "argostranslate" {};
-  };
-
-  config = lib.mkIf cfg.enable {
-    home.packages = [ cfg.package ];
-
-    programs.zsh.shellAliases = lib.mkIf config.programs.zsh.enable {
-      en2ru = "${cfg.package}/bin/argos-translate --from en --to ru";
-      ru2en = "${cfg.package}/bin/argos-translate --from ru --to en";
-    };
-  };
-}

modules/home-manager/programs/communication.nix

@@ -4,19 +4,15 @@
 let cfg = config.local.programs.communication; in
 {
   options.local.programs.communication = with lib; {
-    matrix = {
+    simplex-chat.enable = mkEnableOption "SimplexChat";
-      enable = mkEnableOption "nheko. matrix client";
+    telegram.enable = mkEnableOption "tdesktop. telegram client";
-      package = mkPackageOption pkgs "nheko" { };
+    matrix.enable = mkEnableOption "nheko. matrix client";
-    };
+    skype.enable = mkEnableOption "skype";
-    tox = {
-      enable = mkEnableOption "tox";
-      package = mkPackageOption pkgs "qtox" { };
-    };
   };
 
-  config = {
+  config.home.packages = with pkgs.unstable;
-    home.packages =
+    lib.optional cfg.simplex-chat.enable simplex-chat-desktop
-      lib.optional cfg.matrix.enable cfg.matrix.package
+    ++ lib.optional cfg.telegram.enable tdesktop
-      ++ lib.optional cfg.tox.enable cfg.tox.package;
+    ++ lib.optional cfg.matrix.enable nheko
-  };
+    ++ lib.optional cfg.skype.enable skypeforlinux;
 }

modules/home-manager/programs/default.nix

@@ -3,7 +3,6 @@
 {
   imports = [
     ./aerc.nix
-    ./argos-translate.nix
     ./communication.nix
     ./dev-tools.nix
     ./flameshot.nix

modules/home-manager/programs/dev-tools.nix

@@ -2,39 +2,11 @@
 
 let
   cfg = config.local.programs.dev-tools;
-
-  kubectlCompletionsZsh = pkgs.runCommand "kubectl-completion.zsh" {} ''
-    ${lib.getExe pkgs.kubectl} completion zsh > $out
-  '';
-
-  # https://github.com/NixOS/nixpkgs/pull/384524/files
-  apacheDirectoryStudio = with pkgs.unstable; (apache-directory-studio.overrideAttrs (attrs: {
-    installPhase = ''
-      dest="$out/libexec/ApacheDirectoryStudio"
-      mkdir -p "$dest"
-      cp -r . "$dest"
-      mkdir -p "$out/bin"
-      patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
-          "$dest/ApacheDirectoryStudio"
-      # About `/tmp/SWT-GDBusServer`, see
-      # https://github.com/adoptium/adoptium-support/issues/785#issuecomment-1866680133
-      # and
-      # https://github.com/adoptium/adoptium-support/issues/785#issuecomment-2387481967.
-      makeWrapper "$dest/ApacheDirectoryStudio" \
-          "$out/bin/ApacheDirectoryStudio" \
-          --prefix PATH : "${jdk}/bin" \
-          --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ glib webkitgtk_4_0 ] } \
-          --run "mkdir -p /tmp/SWT-GDBusServer"
-      install -D icon.xpm "$out/share/pixmaps/apache-directory-studio.xpm"
-      install -D -t "$out/share/applications" ${attrs.desktopItem}/share/applications/*
-    '';
-  }));
 in
 {
   options.local.programs.dev-tools = with lib; {
     base.enable = mkEnableOption "base tools";
     nix.enable = mkEnableOption "tools for nix developer";
-    erlang.enable = mkEnableOption "tools for erlang developer";
     web.enable = mkEnableOption "tools for web developer";
     k8s.enable = mkEnableOption "k8s tools";
     psql = {
@@ -48,7 +20,6 @@ in
     eza.enable = mkEnableOption "eza. ls replacement";
     direnv.enable = mkEnableOption "direnv";
     zoxide.enable = mkEnableOption "zoxide";
-    ldap.enable = mkEnableOption "ldap";
   };
 
   config = lib.mkMerge [
@@ -101,13 +72,6 @@ in
       ];
     })
 
-    (lib.mkIf cfg.erlang.enable {
-      home.packages = with pkgs.unstable; [
-        erlang
-        erlfmt
-      ];
-    })
-
     (lib.mkIf cfg.nix.enable {
       home.packages = with pkgs.unstable; [
         nixpkgs-fmt # nix formatter
@@ -124,18 +88,10 @@ in
           ]
         ))
       ];
-
-      programs.zsh.initExtra = ''
-        source ${kubectlCompletionsZsh}
-      '';
     })
 
     (lib.mkIf cfg.psql.enable {
       home.packages = [ cfg.psql.package ];
     })
-
-    (lib.mkIf cfg.ldap.enable {
-      home.packages = [ apacheDirectoryStudio ];
-    })
   ];
 }

modules/home-manager/programs/file-managers/default.nix

@@ -3,7 +3,6 @@
 {
   imports = [
     ./nautilus.nix
-    ./nnn.nix
     ./vifm
   ];
 }

modules/home-manager/programs/file-managers/nautilus.nix

@@ -8,5 +8,5 @@ in
     enable = mkEnableOption "nautilus";
   };
 
-  config.home.packages = with pkgs.unstable; lib.optional cfg.enable nautilus;
+  config.home.packages = with pkgs.unstable; lib.optional cfg.enable gnome.nautilus;
 }

modules/home-manager/programs/file-managers/nnn.nix

@@ -1,13 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
-  cfg = config.local.programs.file-managers.nnn;
-in
-{
-  options.local.programs.file-managers.nnn = with lib; {
-    enable = mkEnableOption "nnn";
-    package = mkPackageOption pkgs "nnn" {};
-  };
-
-  config.home.packages = lib.optional cfg.enable cfg.package;
-}

modules/home-manager/programs/file-managers/vifm/vifmrc

@@ -11,7 +11,7 @@
 " If you would like to use another vi clone such as Elvis or Vile
 " you will need to change this setting.
 
-set vicmd=nvim
+set vicmd=vim
 
 " This makes vifm perform file operations on its own instead of relying on
 " standard utilities like `cp`.  While using `cp` and alike is a more universal
@@ -128,12 +128,12 @@ mark h ~/
 " %m run the command in a menu window
 
 command! df df -h %m 2> /dev/null
-command! diff nvim -d %f %F
+command! diff vim -d %f %F
 command! zip zip -r %c.zip %f
 command! run !! ./%f
 command! make !!make %a
 command! mkcd :mkdir %a | cd %a
-command! vgrep nvim "+grep %a"
+command! vgrep vim "+grep %a"
 command! reload :write | restart full
 
 " ------------------------------------------------------------------------------
@@ -316,6 +316,11 @@ nnoremap S :sort<cr>
 nnoremap w :view<cr>
 vnoremap w :view<cr>gv
 
+" Open file in existing instance of gvim
+nnoremap o :!gvim --remote-tab-silent %f<cr>
+" Open file in new instance of gvim
+nnoremap O :!gvim %f<cr>
+
 " Open file in the background using its default program
 nnoremap gb :file &<cr>l
 
@@ -349,6 +354,8 @@ nnoremap ,t :!xterm &<cr>
 
 " Open editor to edit vifmrc and apply settings after returning to vifm
 nnoremap ,c :write | edit $MYVIFMRC | restart full<cr>
+" Open gvim to edit vifmrc
+nnoremap ,C :!gvim --remote-tab-silent $MYVIFMRC &<cr>
 
 " Toggle wrap setting on ,w key
 nnoremap ,w :set wrap!<cr>

modules/home-manager/programs/terminals/default.nix

@@ -4,7 +4,7 @@
   imports = [
     ./alacritty.nix
     ./foot.nix
-    ./ghostty.nix
     ./wezterm.nix
   ];
+
 }

modules/home-manager/programs/terminals/ghostty.nix

@@ -1,66 +0,0 @@
-{ lib, config, pkgs, ... }:
-
-let
-  cfg = config.local.programs.terminals.ghostty;
-  themeCfg = config.local.themes."${config.local.theme.name}";
-in
-{
-  options.local.programs.terminals.ghostty = with lib; {
-    enable = mkEnableOption "ghostty";
-    package = mkPackageOption pkgs "ghostty" { };
-    fontSize = mkOption {
-      type = types.number;
-      default = 10.0;
-      description = "Ghostty font size";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    programs.ghostty = {
-      enable = true;
-      package = cfg.package;
-      settings = {
-        theme = "nixos-theme";
-        font-family = "monospace";
-        font-size = cfg.fontSize;
-        window-decoration = false;
-        cursor-style-blink = false;
-        shell-integration-features = "no-cursor";
-        gtk-single-instance = false; # It required to provide working-directory
-      };
-      enableZshIntegration = config.programs.zsh.enable;
-      themes = {
-        "nixos-theme" = {
-          palette = [
-            "0=${themeCfg.window.regular.color0}"
-            "1=${themeCfg.window.regular.color1}"
-            "2=${themeCfg.window.regular.color2}"
-            "3=${themeCfg.window.regular.color3}"
-            "4=${themeCfg.window.regular.color4}"
-            "5=${themeCfg.window.regular.color5}"
-            "6=${themeCfg.window.regular.color6}"
-            "7=${themeCfg.window.regular.color7}"
-            "8=${themeCfg.window.bold.color8}"
-            "9=${themeCfg.window.bold.color9}"
-            "10=${themeCfg.window.bold.color10}"
-            "11=${themeCfg.window.bold.color11}"
-            "12=${themeCfg.window.bold.color12}"
-            "13=${themeCfg.window.bold.color13}"
-            "14=${themeCfg.window.bold.color14}"
-            "15=${themeCfg.window.bold.color15}"
-            "16=${themeCfg.window.extended.color16}"
-            "17=${themeCfg.window.extended.color17}"
-            "18=${themeCfg.window.extended.color18}"
-            "19=${themeCfg.window.extended.color19}"
-          ];
-          background = themeCfg.window.background;
-          foreground = themeCfg.window.mainText;
-          cursor-color = themeCfg.window.cursor;
-          cursor-text = themeCfg.window.cursorText;
-          selection-background = themeCfg.window.selection;
-          selection-foreground = themeCfg.window.selectionText;
-        };
-      };
-    };
-  };
-}

modules/home-manager/programs/terminals/wezterm.nix

@@ -18,7 +18,7 @@ in
     programs.wezterm = {
       enable = true;
       colorSchemes = {
-        "nixos-theme" = {
+        myCoolTheme = {
           ansi = [
             themeCfg.window.regular.color0
             themeCfg.window.regular.color1
@@ -58,8 +58,7 @@ in
         return {
           font = wezterm.font("monospace"),
           font_size = ${toString cfg.fontSize},
-          front_end = "WebGpu",
+          color_scheme = "myCoolTheme",
-          color_scheme = "nixos-theme",
           hide_tab_bar_if_only_one_tab = true,
           -- https://github.com/wez/wezterm/issues/4483
           enable_wayland = false,

modules/home-manager/shell.nix

@@ -9,7 +9,7 @@
 
     programs.zsh = {
       enable = true;
-      autosuggestion.enable = true;
+      enableAutosuggestions = true;
       enableCompletion = true;
       defaultKeymap = "viins";
       dotDir = ".config/zsh";

modules/machine.nix

@@ -35,19 +35,5 @@
   ################################################################################
   local.programs.pass.enable = lib.mkDefault true;
 
-  local.programs.browsers = {
+  local.programs.browsers.librewolf.enable = lib.mkDefault true;
-    librewolf.enable = lib.mkDefault true;
-    tor-browser.enable = lib.mkDefault true;
-    ungoogled-chromium.enable = lib.mkDefault true;
-  };
-
-  security.sudo.extraRules = [{
-    commands = [
-      {
-        command = "/run/current-system/sw/bin/nixos-container";
-        options = [ "NOPASSWD" ];
-      }
-    ];
-    groups = [ "wheel" ];
-  }];
 }

modules/nixos/configs/fonts.nix

@@ -12,7 +12,7 @@
         fira-code-symbols
         (nerdfonts.override { fonts = [ "FiraCode" ]; })
         noto-fonts
-        noto-fonts-cjk-sans
+        noto-fonts-cjk
         noto-fonts-emoji
         liberation_ttf
         mplus-outline-fonts.githubRelease

modules/nixos/configs/keyboard.nix

@@ -9,11 +9,11 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    services.xserver.xkb = {
+    services.xserver = {
-      model = "pc105";
+      xkbModel = "pc105";
       layout = "us,us";
-      variant = "dvorak,";
+      xkbVariant = "dvorak,";
-      options = "grp:win_space_toggle";
+      xkbOptions = "grp:win_space_toggle";
     };
 
     console.useXkbConfig = true;

modules/nixos/configs/lockscreen/i3lock.nix

@@ -11,7 +11,7 @@ in
   config = lib.mkIf cfg.enable {
     programs.i3lock = {
       enable = true;
-      u2fSupport = lib.mkDefault config.security.pam.u2f.enable;
+      u2fSupport = lib.mkDefault config.local.yubikey.enable;
     };
 
     programs.xss-lock.enable = true;

modules/nixos/configs/nix.nix

@@ -1,4 +1,4 @@
-{ lib, inputs, config, pkgs, ... }:
+{ lib, inputs, config, ... }:
 
 let
   inherit (builtins) elem;
@@ -24,9 +24,6 @@ in
   };
 
   config = {
-    environment.systemPackages =
-      lib.optional config.system.tools.nixos-option.enable pkgs.unstable.nixos-option;
-
     nixpkgs.config.allowUnfreePredicate = lib.mkIf
       (cfg.allowUnfreePackages != [ ])
       (pkg: elem (lib.getName pkg) cfg.allowUnfreePackages);
@@ -45,11 +42,6 @@ in
           };
         };
       })
-      (final: prev: {
-        sniffnet = (import inputs.nixpkgs-unstable {
-          inherit (config.nixpkgs) config system;
-        }).sniffnet;
-      })
       (final: prev: {
         unstable = import inputs.nixpkgs-unstable {
           inherit (config.nixpkgs) config overlays system;

modules/nixos/configs/security.nix

@@ -1,36 +0,0 @@
-{ config, lib, ... }:
-
-let
-  cfg = config.local.security.sudo;
-in
-{
-  options.local.security.sudo = with lib; {
-    nopasswd = mkOption {
-      type = types.listOf (types.submodule {
-        options = {
-          commands = mkOption {
-            type = with types; listOf (either str package);
-          };
-          groups = mkOption {
-            type = types.listOf types.str;
-            default = [ "wheel" ];
-          };
-        };
-      });
-      default = [ ];
-    };
-  };
-
-  config = lib.mkIf (cfg.nopasswd != [ ]) {
-    security.sudo.extraRules = lib.flip map cfg.nopasswd (rule: {
-      inherit (rule) groups;
-      commands = lib.flip map rule.commands (cmd:
-        {
-          command = "${cmd}";
-          options = [ "NOPASSWD" ];
-        }
-      );
-    });
-  };
-
-}