switch to xanmod on selinunte

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

.github/workflows/flake-health-checks.yml

@@ -8,10 +8,7 @@ on:
 jobs:
     health-check:
         name: "Perform Nix flake checks"
-        runs-on: ${{ matrix.os }}
+        runs-on: ubuntu-latest
-        strategy:
-            matrix:
-                os: [ubuntu-latest]
         steps:
             - uses: DeterminateSystems/nix-installer-action@main
             - name: Setup Attic cache
@@ -24,24 +21,21 @@ jobs:
             - uses: actions/checkout@v4
             - run: nix flake check --accept-flake-config
             - run: nix ./utils/attic-push.bash
-    build-checks:
+    # build-checks:
-        name: "Build nix outputs"
+    #     name: "Build nix outputs"
-        runs-on: ${{ matrix.os }}
+    #     runs-on: ubuntu-latest
-        strategy:
+    #     steps:
-            matrix:
+    #         - uses: DeterminateSystems/nix-installer-action@main
-                os: [ubuntu-latest]
+    #         - name: Setup Attic cache
-        steps:
+    #           uses: ryanccn/attic-action@v0
-            - uses: DeterminateSystems/nix-installer-action@main
+    #           with:
-            - name: Setup Attic cache
+    #             endpoint: ${{ secrets.ATTIC_ENDPOINT }}
-              uses: ryanccn/attic-action@v0
+    #             cache: ${{ secrets.ATTIC_CACHE }}
-              with:
+    #             token: ${{ secrets.ATTIC_TOKEN }}
-                endpoint: ${{ secrets.ATTIC_ENDPOINT }}
+    #             skip-push: "true"
-                cache: ${{ secrets.ATTIC_CACHE }}
+    #         - uses: actions/checkout@v4
-                token: ${{ secrets.ATTIC_TOKEN }}
+    #         - name: Build all outputs
-                skip-push: "true"
+    #           run: nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --build .
-            - uses: actions/checkout@v4
+    #         - name: Push to Attic
-            - name: Build all outputs
+    #           run: nix ./utils/attic-push.bash
-              run: nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --build .
+    #           continue-on-error: true
-            - name: Push to Attic
-              run: nix ./utils/attic-push.bash
-              continue-on-error: true

.sops.yaml

@@ -7,11 +7,9 @@ keys:
     # cspell:disable
     - &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
     - &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc
-    #- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
     - &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
+    - &selinunte age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
     # cspell:enable
-servers: &servers
-    - *palatine-hill
 # add new users by executing: sops users/<user>/secrets.yaml
 # then have someone already in the repo run the below
 #
@@ -38,6 +36,13 @@ creation_rules:
             - *admin_alice
           age:
             - *artemision
+    - path_regex: systems/selinunte/secrets.*\.yaml$
+      key_groups:
+        - pgp:
+            - *admin_alice
+          age:
+            - *artemision
+            - *selinunte
     - path_regex: systems/palatine-hill/docker/wg/.*\.conf$
       key_groups:
         - pgp:

flake.lock

@@ -78,11 +78,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1742773104,
+        "lastModified": 1743483509,
-        "narHash": "sha256-dAhrL+gEjNN5U/Sosy7IrX0Y0qPA0U7Gp9TBhqEliNU=",
+        "narHash": "sha256-aHnOrBV4UpVQuv9RHmYaRb0jZRBpmeDWsZWBRoSCc5w=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "d74460da63a8c08a69a1f143b04f2ab1a6b2f5c2",
+        "rev": "692aba39210127804151c9436e4b87fe1d0e0f2b",
         "type": "gitlab"
       },
       "original": {
@@ -312,11 +312,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742771635,
+        "lastModified": 1743482579,
-        "narHash": "sha256-HQHzQPrg+g22tb3/K/4tgJjPzM+/5jbaujCZd8s2Mls=",
+        "narHash": "sha256-u81nqA4UuRatKDkzUuIfVYdLMw8birEy+99oXpdyXhY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "ad0614a1ec9cce3b13169e20ceb7e55dfaf2a818",
+        "rev": "c21383b556609ce1ad901aa08b4c6fbd9e0c7af0",
         "type": "github"
       },
       "original": {
@@ -325,6 +325,27 @@
         "type": "github"
       }
     },
+    "hydra": {
+      "inputs": {
+        "nix": "nix",
+        "nix-eval-jobs": "nix-eval-jobs",
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1743447171,
+        "narHash": "sha256-5+lbBGlOmVa+dNY8L4ElDCkB7+VedZpPTcBOFIF+0TM=",
+        "ref": "add-gitea-pulls",
+        "rev": "a20f37b97fa43eea1570bf125ee95f19ba7e2674",
+        "revCount": 4327,
+        "type": "git",
+        "url": "https://nayeonie.com/ahuston-0/hydra"
+      },
+      "original": {
+        "ref": "add-gitea-pulls",
+        "type": "git",
+        "url": "https://nayeonie.com/ahuston-0/hydra"
+      }
+    },
     "hyprland-contrib": {
       "inputs": {
         "nixpkgs": [
@@ -332,11 +353,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742213523,
+        "lastModified": 1743417258,
-        "narHash": "sha256-I8JVdQRu8eWvY5W8XWYZkdd5pojDHkxeqQV7mMIsbhs=",
+        "narHash": "sha256-YItzk1pj8Kz+b7VlC9zN1pSZ6CuX35asYy3HuMQ3lBQ=",
         "owner": "hyprwm",
         "repo": "contrib",
-        "rev": "bd81329944be53b0ffb99e05864804b95f1d7c65",
+        "rev": "bc2ad24e0b2e66c3e164994c4897cd94a933fd10",
         "type": "github"
       },
       "original": {
@@ -345,6 +366,59 @@
         "type": "github"
       }
     },
+    "nix": {
+      "inputs": {
+        "flake-compat": [
+          "hydra"
+        ],
+        "flake-parts": [
+          "hydra"
+        ],
+        "git-hooks-nix": [
+          "hydra"
+        ],
+        "nixpkgs": [
+          "hydra",
+          "nixpkgs"
+        ],
+        "nixpkgs-23-11": [
+          "hydra"
+        ],
+        "nixpkgs-regression": [
+          "hydra"
+        ]
+      },
+      "locked": {
+        "lastModified": 1739899400,
+        "narHash": "sha256-q/RgA4bB7zWai4oPySq9mch7qH14IEeom2P64SXdqHs=",
+        "owner": "NixOS",
+        "repo": "nix",
+        "rev": "e310c19a1aeb1ce1ed4d41d5ab2d02db596e0918",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "2.26-maintenance",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
+    "nix-eval-jobs": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1739500569,
+        "narHash": "sha256-3wIReAqdTALv39gkWXLMZQvHyBOc3yPkWT2ZsItxedY=",
+        "owner": "nix-community",
+        "repo": "nix-eval-jobs",
+        "rev": "4b392b284877d203ae262e16af269f702df036bc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-eval-jobs",
+        "type": "github"
+      }
+    },
     "nix-index-database": {
       "inputs": {
         "nixpkgs": [
@@ -352,11 +426,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742701275,
+        "lastModified": 1743306489,
-        "narHash": "sha256-AulwPVrS9859t+eJ61v24wH/nfBEIDSXYxlRo3fL/SA=",
+        "narHash": "sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E=",
         "owner": "Mic92",
         "repo": "nix-index-database",
-        "rev": "36dc43cb50d5d20f90a28d53abb33a32b0a2aae6",
+        "rev": "b3696bfb6c24aa61428839a99e8b40c53ac3a82d",
         "type": "github"
       },
       "original": {
@@ -403,11 +477,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1742806253,
+        "lastModified": 1743420942,
-        "narHash": "sha256-zvQ4GsCJT6MTOzPKLmlFyM+lxo0JGQ0cSFaZSACmWfY=",
+        "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "ecaa2d911e77c265c2a5bac8b583c40b0f151726",
+        "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4",
         "type": "github"
       },
       "original": {
@@ -426,11 +500,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742419596,
+        "lastModified": 1743178092,
-        "narHash": "sha256-+Bw1HR4oX6vUbCMhwWbW+Nr20F+UesNdUd7b17s3ESE=",
+        "narHash": "sha256-fOMsQpcdIbj+wOexiCSEW2J4Erqd0LRV25aYiOx4QRw=",
         "owner": "SuperSandro2000",
         "repo": "nixos-modules",
-        "rev": "82491ff311152b87fe7cfbdaf545f727e0750aa9",
+        "rev": "77ff511df92a9d4a828bdf032b8f48e7c3d99b50",
         "type": "github"
       },
       "original": {
@@ -441,16 +515,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1742800061,
+        "lastModified": 1739461644,
-        "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=",
+        "narHash": "sha256-1o1qR0KYozYGRrnqytSpAhVBYLNBHX+Lv6I39zGRzKM=",
-        "owner": "nixos",
+        "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1750f3c1c89488e2ffdd47cab9d05454dddfb734",
+        "rev": "97a719c9f0a07923c957cf51b20b329f9fb9d43f",
         "type": "github"
       },
       "original": {
-        "owner": "nixos",
+        "owner": "NixOS",
-        "ref": "nixos-unstable-small",
+        "ref": "nixos-24.11-small",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -472,11 +546,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1742751704,
+        "lastModified": 1743367904,
-        "narHash": "sha256-rBfc+H1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE=",
+        "narHash": "sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092",
+        "rev": "7ffe0edc685f14b8c635e3d6591b0bbb97365e6c",
         "type": "github"
       },
       "original": {
@@ -486,6 +560,22 @@
         "type": "github"
       }
     },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1743472173,
+        "narHash": "sha256-xwNv3FYTC5pl4QVZ79gUxqCEvqKzcKdXycpH5UbYscw=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "88e992074d86ad50249de12b7fb8dbaadf8dc0c5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable-small",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nur": {
       "inputs": {
         "flake-parts": "flake-parts_2",
@@ -540,12 +630,13 @@
         "flake-parts": "flake-parts",
         "flake-utils": "flake-utils",
         "home-manager": "home-manager",
+        "hydra": "hydra",
         "hyprland-contrib": "hyprland-contrib",
         "nix-index-database": "nix-index-database",
         "nixos-generators": "nixos-generators",
         "nixos-hardware": "nixos-hardware",
         "nixos-modules": "nixos-modules",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
         "nixpkgs-stable": "nixpkgs-stable",
         "pre-commit-hooks": "pre-commit-hooks",
         "rust-overlay": "rust-overlay",
@@ -562,11 +653,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742783666,
+        "lastModified": 1743475035,
-        "narHash": "sha256-IwdSl51NL6V0f+mYXZR0UTKaGleOsk9zV3l6kt5SUWw=",
+        "narHash": "sha256-uLjVsb4Rxnp1zmFdPCDmdODd4RY6ETOeRj0IkC0ij/4=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "60766d63c227d576510ecfb5edd3a687d56f6bc7",
+        "rev": "bee11c51c2cda3ac57c9e0149d94b86cc1b00d13",
         "type": "github"
       },
       "original": {
@@ -582,11 +673,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742700801,
+        "lastModified": 1743502316,
-        "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=",
+        "narHash": "sha256-zI2WSkU+ei4zCxT+IVSQjNM9i0ST++T2qSFXTsAND7s=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852",
+        "rev": "e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8",
         "type": "github"
       },
       "original": {
@@ -623,11 +714,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1742753562,
+        "lastModified": 1743496321,
-        "narHash": "sha256-EBXgl3sPi5AQUM58XGuuC8HQl/Df+Dbt6pOLInInJ/k=",
+        "narHash": "sha256-xhHg8ixBhZngvGOMb2SJuJEHhHA10n8pA02fEKuKzek=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "d9df91c55643a8b5229a3ae3a496a30f14965457",
+        "rev": "54721996d6590267d095f63297d9051e9342a33d",
         "type": "github"
       },
       "original": {
@@ -783,11 +874,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730615238,
+        "lastModified": 1743305055,
-        "narHash": "sha256-u/ZGtyEUvAkFOBgLo2YldOx0GKjE3/esWpWruRD376E=",
+        "narHash": "sha256-NIsi8Dno9YsOLUUTrLU4p+hxYeJr3Vkg1gIpQKVTaDs=",
         "owner": "Toqozz",
         "repo": "wired-notify",
-        "rev": "1632418aa15889343028261663e81d8b5595860e",
+        "rev": "75d43f54a02b15f2a15f5c1a0e1c7d15100067a6",
         "type": "github"
       },
       "original": {

flake.nix

@@ -18,6 +18,7 @@
       "nix-cache:trR+y5nwpQHR4hystoogubFmp97cewkjWeqqbygRQRs="
     ];
     trusted-users = [ "root" ];
+    allow-import-from-derivation = true;
   };
 
   inputs = {
@@ -58,6 +59,13 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    hydra = {
+      url = "git+https://nayeonie.com/ahuston-0/hydra?ref=add-gitea-pulls";
+      # inputs = {
+      #   nixpkgs.follows = "nixpkgs";
+      # };
+    };
+
     hyprland-contrib = {
       url = "github:hyprwm/contrib";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -150,7 +158,7 @@
     rec {
       inherit lib; # for allowing use of custom functions in nix repl
 
-      #hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; };
+      hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; };
       formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
 
       nixosConfigurations = genSystems inputs outputs src (src + "/systems");

hydra/jobsets.nix

@@ -19,7 +19,6 @@ let
 
   prs = readJSONFile pulls;
   refs = readJSONFile branches;
-  repo = "RAD-Development/nix-dotfiles";
 
   # template for creating a job
   makeJob =
@@ -28,6 +27,7 @@ let
       keepnr ? 3,
       description,
       flake,
+      enabled ? 1,
     }:
     {
       inherit
@@ -35,8 +35,8 @@ let
         flake
         schedulingshares
         keepnr
+        enabled
         ;
-      enabled = 1;
       type = 1;
       hidden = false;
       checkinterval = 300; # every 5 minutes
@@ -44,7 +44,9 @@ let
       emailoverride = "";
     };
 
-  # Create a hydra job for a branch
+  giteaHost = "ssh://gitea@nayeonie.com:2222";
+  repo = "ahuston-0/nix-dotfiles";
+  # # Create a hydra job for a branch
   jobOfRef =
     name:
     { ref, ... }:
@@ -55,7 +57,7 @@ let
         name = builtins.replaceStrings [ "/" ] [ "-" ] "branch-${name}";
         value = makeJob {
           description = "Branch ${name}";
-          flake = "git+ssh://git@github.com/${repo}?ref=${ref}";
+          flake = "git+${giteaHost}/${repo}?ref=${ref}";
         };
       };
 
@@ -64,7 +66,8 @@ let
     name = if info.draft then "draft-${id}" else "pr-${id}";
     value = makeJob {
       description = "PR ${id}: ${info.title}";
-      flake = "git+ssh://git@github.com/${info.head.repo.full_name}?ref=${info.head.ref}";
+      flake = "git+${giteaHost}/${repo}?ref=${info.head.ref}";
+      enabled = info.state == "open";
     };
   };
 

hydra/spec.json

@@ -1,7 +1,7 @@
 {
   "enabled": 1,
   "hidden": false,
-  "description": "RAD Development infrastructure",
+  "description": "ahuston-0's personal server infra",
   "nixexprinput": "nixexpr",
   "nixexprpath": "hydra/jobsets.nix",
   "checkinterval": 60,
@@ -12,7 +12,7 @@
   "type": 0,
   "inputs": {
     "nixexpr": {
-      "value": "https://github.com/RAD-Development/nix-dotfiles main",
+      "value": "ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git main",
       "type": "git",
       "emailresponsible": false
     },
@@ -22,13 +22,13 @@
       "emailresponsible": false
     },
     "pulls": {
-      "type": "githubpulls",
+      "type": "giteapulls",
-      "value": "RAD-Development nix-dotfiles",
+      "value": "nayeonie.com ahuston-0 nix-dotfiles https",
       "emailresponsible": false
     },
     "branches": {
-      "type": "github_refs",
+      "type": "gitea_refs",
-      "value": "RAD-Development nix-dotfiles heads -",
+      "value": "nayeonie.com ahuston-0 nix-dotfiles heads https -",
       "emailresponsible": false
     }
   }

systems/palatine-hill/attic/default.nix

@@ -62,58 +62,58 @@
 
   # borrowing from https://github.com/Shawn8901/nix-configuration/blob/4b8d1d44f47aec60feb58ca7b7ab5ed000506e90/modules/nixos/private/hydra.nix
   # configured default webstore for this on root user separately
-  # systemd = {
+  systemd = {
-  #   services = {
+    services = {
-  #     attic-watch-store = {
+      attic-watch-store = {
-  #       wantedBy = [ "multi-user.target" ];
+        wantedBy = [ "multi-user.target" ];
-  #       after = [
+        after = [
-  #         "network-online.target"
+          "network-online.target"
-  #         "docker.service"
+          "docker.service"
-  #         "atticd.service"
+          "atticd.service"
-  #       ];
+        ];
-  #       requires = [
+        requires = [
-  #         "network-online.target"
+          "network-online.target"
-  #         "docker.service"
+          "docker.service"
-  #         "atticd.service"
+          "atticd.service"
-  #       ];
+        ];
-  #       description = "Upload all store content to binary cache";
+        description = "Upload all store content to binary cache";
-  #       serviceConfig = {
+        serviceConfig = {
-  #         User = "root";
+          User = "root";
-  #         Restart = "always";
+          Restart = "always";
-  #         ExecStart = "${pkgs.attic-client}/bin/attic watch-store cache-nix-dot";
+          ExecStart = "${pkgs.attic-client}/bin/attic watch-store nix-cache";
-  #       };
+        };
-  #     };
+      };
-  #     attic-sync-hydra = {
+      attic-sync-hydra = {
-  #       after = [
+        after = [
-  #         "network-online.target"
+          "network-online.target"
-  #         "docker.service"
+          "docker.service"
-  #         "atticd.service"
+          "atticd.service"
-  #       ];
+        ];
-  #       requires = [
+        requires = [
-  #         "network-online.target"
+          "network-online.target"
-  #         "docker.service"
+          "docker.service"
-  #         "atticd.service"
+          "atticd.service"
-  #       ];
+        ];
-  #       description = "Force resync of hydra derivations with attic";
+        description = "Force resync of hydra derivations with attic";
-  #       serviceConfig = {
+        serviceConfig = {
-  #         Type = "oneshot";
+          Type = "oneshot";
-  #         User = "root";
+          User = "root";
-  #         ExecStart = "${config.nix.package}/bin/nix ${./sync-attic.bash}";
+          ExecStart = "${config.nix.package}/bin/nix ${./sync-attic.bash}";
-  #       };
+        };
-  #     };
+      };
-  #   };
+    };
 
-  #   timers = {
+    timers = {
-  #     attic-sync-hydra = {
+      attic-sync-hydra = {
-  #       wantedBy = [ "timers.target" ];
+        wantedBy = [ "timers.target" ];
-  #       timerConfig = {
+        timerConfig = {
-  #         OnBootSec = 600;
+          OnBootSec = 600;
-  #         OnUnitActiveSec = 86400;
+          OnUnitActiveSec = 86400;
-  #         Unit = "attic-sync-hydra.service";
+          Unit = "attic-sync-hydra.service";
-  #       };
+        };
-  #     };
+      };
-  #   };
+    };
-  # };
+  };
 
   sops = {
     secrets = {

systems/palatine-hill/attic/sync-attic.bash

@@ -6,5 +6,5 @@ sync_directories=(
 )
 
 for dir in "${sync_directories[@]}"; do
-  find "$dir" -regex ".*\.drv$" -exec attic push cache-nix-dot '{}' \;
+  find "$dir" -regex ".*\.drv$" -exec attic push nix-cache '{}' \;
 done

systems/palatine-hill/configuration.nix

@@ -17,8 +17,8 @@
     ./minio.nix
     ./networking.nix
     ./nextcloud.nix
-    ./samba.nix
     ./postgresql.nix
+    ./samba.nix
     ./zfs.nix
   ];
 

systems/palatine-hill/default.nix

@@ -3,5 +3,8 @@
   users = [ "alice" ];
   modules = [
     # inputs.attic.nixosModules.atticd
+    inputs.nixos-hardware.nixosModules.common-cpu-amd
+    inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
+    inputs.nixos-hardware.nixosModules.supermicro
   ];
 }

systems/palatine-hill/docker/act-runner.nix

@@ -6,6 +6,7 @@
 let
   vars = import ../vars.nix;
   act_path = vars.primary_act;
+  act_config_path = ./act_config.yaml;
 in
 {
   virtualisation.oci-containers.containers = {
@@ -20,10 +21,9 @@ in
       };
       ports = [ "8088:8088" ];
       volumes = [
-        "${act_path}/stable-latest-main/config.yaml:/config.yaml"
+        "${act_config_path}:/config.yaml"
         "${act_path}/stable-latest-main/data:/data"
         "/var/run/docker.sock:/var/run/docker.sock"
-        "/nix:/nix"
       ];
       environment = {
         CONFIG_FILE = "/config.yaml";
@@ -43,10 +43,9 @@ in
         "com.centurylinklabs.watchtower.scope" = "act-runner";
       };
       volumes = [
-        "${act_path}/stable-latest-1/config.yaml:/config.yaml"
+        "${./act_config.yaml}:/config.yaml"
         "${act_path}/stable-latest-1/data:/data"
         "/var/run/docker.sock:/var/run/docker.sock"
-        "/nix:/nix"
       ];
       environment = {
         CONFIG_FILE = "/config.yaml";
@@ -66,10 +65,9 @@ in
         "com.centurylinklabs.watchtower.scope" = "act-runner";
       };
       volumes = [
-        "${act_path}/stable-latest-2/config.yaml:/config.yaml"
+        "${act_config_path}:/config.yaml"
         "${act_path}/stable-latest-2/data:/data"
         "/var/run/docker.sock:/var/run/docker.sock"
-        "/nix:/nix"
       ];
       environment = {
         CONFIG_FILE = "/config.yaml";

systems/palatine-hill/docker/act_config.yaml

@@ -0,0 +1,95 @@
+# Example configuration file, it's safe to copy this as the default config file without any modification.
+# You don't have to copy this file to your instance,
+# just run `./act_runner generate-config > config.yaml` to generate a config file.
+log:
+    # The level of logging, can be trace, debug, info, warn, error, fatal
+    level: debug
+runner:
+    # Where to store the registration result.
+    file: .runner
+    # Execute how many tasks concurrently at the same time.
+    capacity: 1
+    # Extra environment variables to run jobs.
+    envs:
+        A_TEST_ENV_NAME_1: a_test_env_value_1
+        A_TEST_ENV_NAME_2: a_test_env_value_2
+    # Extra environment variables to run jobs from a file.
+    # It will be ignored if it's empty or the file doesn't exist.
+    env_file: .env
+    # The timeout for a job to be finished.
+    # Please note that the Gitea instance also has a timeout (3h by default) for the job.
+    # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
+    timeout: 3h
+    # The timeout for the runner to wait for running jobs to finish when shutting down.
+    # Any running jobs that haven't finished after this timeout will be cancelled.
+    shutdown_timeout: 30m
+    # Whether skip verifying the TLS certificate of the Gitea instance.
+    insecure: false
+    # The timeout for fetching the job from the Gitea instance.
+    fetch_timeout: 5s
+    # The interval for fetching the job from the Gitea instance.
+    fetch_interval: 2s
+    # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
+    # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+    # Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
+    # If it's empty when registering, it will ask for inputting labels.
+    # If it's empty when execute `daemon`, will use labels in `.runner` file.
+    labels:
+        - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+        - "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
+        - "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
+        #cache:
+    # Enable cache server to use actions/cache.
+    #enabled: true
+    # The directory to store the cache data.
+    # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+    #dir: ""
+    # The host of the cache server.
+    # It's not for the address to listen, but the address to connect from job containers.
+    # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+    #host: ""
+    # The port of the cache server.
+    # 0 means to use a random available port.
+    #port: 0
+    # The external cache server URL. Valid only when enable is true.
+    # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
+    # The URL should generally end with "/".
+    #external_server: ""
+container:
+    # Specifies the network to which the container will connect.
+    # Could be host, bridge or the name of a custom network.
+    # If it's empty, act_runner will create a network automatically.
+    network: ""
+    # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+    privileged: false
+    # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
+    options:
+    # The parent directory of a job's working directory.
+    # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. 
+    # If the path starts with '/', the '/' will be trimmed.
+    # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
+    # If it's empty, /workspace will be used.
+    workdir_parent:
+    # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
+    # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
+    # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
+    # valid_volumes:
+    #   - data
+    #   - /src/*.json
+    # If you want to allow any volume, please use the following configuration:
+    # valid_volumes:
+    #   - '**'
+    valid_volumes: []
+    # overrides the docker client host with the specified one.
+    # If it's empty, act_runner will find an available docker host automatically.
+    # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
+    # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
+    docker_host: ""
+    # Pull docker image(s) even if already present
+    force_pull: true
+    # Rebuild docker image(s) even if already present
+    force_rebuild: false
+host:
+    # The parent directory of a job's working directory.
+    # If it's empty, $HOME/.cache/act/ will be used.
+    workdir_parent:

systems/palatine-hill/docker/minecraft.nix

@@ -9,31 +9,31 @@ let
     divinejourney = "dj.alicehuston.xyz";
     rlcraft = "rlcraft.alicehuston.xyz";
     arcanum-institute = "arcanum.alicehuston.xyz";
-    bcg-plus = "bcg.alicehuston.xyz";
+    # bcg-plus = "bcg.alicehuston.xyz";
   };
 
   defaultServer = "rlcraft";
 
-  defaultEnv = {
+  # defaultEnv = {
-    EULA = "true";
+  #   EULA = "true";
-    TYPE = "AUTO_CURSEFORGE";
+  #   TYPE = "AUTO_CURSEFORGE";
-    STOP_SERVER_ANNOUNCE_DELAY = "120";
+  #   STOP_SERVER_ANNOUNCE_DELAY = "120";
-    STOP_DURATION = "600";
+  #   STOP_DURATION = "600";
-    SYNC_CHUNK_WRITES = "false";
+  #   SYNC_CHUNK_WRITES = "false";
-    USE_AIKAR_FLAGS = "true";
+  #   USE_AIKAR_FLAGS = "true";
-    MEMORY = "8GB";
+  #   MEMORY = "8GB";
-    ALLOW_FLIGHT = "true";
+  #   ALLOW_FLIGHT = "true";
-    MAX_TICK_TIME = "-1";
+  #   MAX_TICK_TIME = "-1";
-  };
+  # };
 
-  defaultOptions = [
+  # defaultOptions = [
-    "--stop-signal=SIGTERM"
+  #   "--stop-signal=SIGTERM"
-    "--stop-timeout=1800"
+  #   "--stop-timeout=1800"
-    "--network=minecraft-net"
+  #   "--network=minecraft-net"
-  ];
+  # ];
 
-  vars = import ../vars.nix;
+  # vars = import ../vars.nix;
-  minecraft_path = "${vars.primary_games}/minecraft";
+  # minecraft_path = "${vars.primary_games}/minecraft";
 in
 {
   virtualisation.oci-containers.containers = {
@@ -67,24 +67,24 @@ in
     #   log-driver = "local";
     #   environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
     # };
-    bcg-plus = {
+    # bcg-plus = {
-      image = "itzg/minecraft-server:java17";
+    #   image = "itzg/minecraft-server:java17";
-      volumes = [
+    #   volumes = [
-        "${minecraft_path}/bcg-plus/modpacks:/modpacks:ro"
+    #     "${minecraft_path}/bcg-plus/modpacks:/modpacks:ro"
-        "${minecraft_path}/bcg-plus/data:/data"
+    #     "${minecraft_path}/bcg-plus/data:/data"
-      ];
+    #   ];
-      hostname = "bcg-plus";
+    #   hostname = "bcg-plus";
-      environment = defaultEnv // {
+    #   environment = defaultEnv // {
-        VERSION = "1.17";
+    #     VERSION = "1.17";
-        CF_SLUG = "bcg";
+    #     CF_SLUG = "bcg";
-        DIFFICULTY = "normal";
+    #     DIFFICULTY = "normal";
-        DEBUG = "true";
+    #     DEBUG = "true";
-        # ENABLE_COMMAND_BLOCK = "true";
+    #     # ENABLE_COMMAND_BLOCK = "true";
-      };
+    #   };
-      extraOptions = defaultOptions;
+    #   extraOptions = defaultOptions;
-      log-driver = "local";
+    #   log-driver = "local";
-      environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
+    #   environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
-    };
+    # };
   };
 
   sops = {

systems/palatine-hill/hydra.nix

@@ -1,7 +1,6 @@
 {
   config,
-  lib,
+  inputs,
-  pkgs,
   ...
 }:
 let
@@ -43,6 +42,7 @@ in
   services = {
     hydra = {
       enable = true;
+      package = inputs.hydra.packages.x86_64-linux.hydra;
       hydraURL = "https://hydra.alicehuston.xyz";
       smtpHost = "alicehuston.xyz";
       notificationSender = "hydra@alicehuston.xyz";

systems/palatine-hill/secrets.yaml

@@ -27,6 +27,8 @@ acme:
     dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
 server-validation:
     webhook: ENC[AES256_GCM,data:Lwqy4UhyFutpXjai7EJPKp8MDlI+ayDna4T8jluvC6qkeJ7o1UaaDCOsgLy4Fw7LC77tXhJtkcmep9w37JaiHp2CoDOfy2iAaq8o9CCSi/a0zqMJx+HdZYZNemvmpc6E/be0K+JDrFZLbjr3unSpCidQ3whccC6XyY013R12swN3bFZIu1gtzXCgUZ4U,iv:pVbrRwH3ziu4+R5BfimPV7N71QmyerJEc9M5K4eofOc=,tag:zNrCXrIioQWPEPVz/wMDpQ==,type:str]
+typhon:
+    hashedPassword: ENC[AES256_GCM,data:gMyY8gxUn3HzycQRu2cminqRFWghqWcjzZzTxAQZ5PJqn604iSwDiVdr7icHB7drJfCAfsE7L4oKRJgxaIAE32043oOkb2T7DDH8y2jxMzqmZCfbvrfMI4wdfRTHGqzxb6X/aZ5ai2rr1Q==,iv:4EsTo/lQld0o9iktDX9gobMlPUCitx1i9wn8EL16sIs=,tag:FgVDRHk2glDwpC/mprrPqQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -42,8 +44,8 @@ sops:
             cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
             LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-04T04:53:14Z"
+    lastmodified: "2025-03-26T05:47:58Z"
-    mac: ENC[AES256_GCM,data:MCucwVPGRMA/hGYS7mwSppkZAQ3wjHJnyeSvSI8YOOD0Xq7mvkMSvKctFHl6h4Cx3ubRvVHf5j35/NQxb+/VhhCPAHWDbqq9O2N0aWhAeybCu0IjruKrJhs76KsXJnNZ9REQQnS1/TNquuvj9FCoqDnrQcFs7M0KJ5m3eUU2h2k=,iv:ZJGJ8CTA8K5FnoKtbogleksB8wDcZtknO07M07Dmpsc=,tag:GMUXJD4U8KQgy9rvzEAMuw==,type:str]
+    mac: ENC[AES256_GCM,data:ZP9HglMmn9FDv6/vtQAxz/qP76QniPqM6bzMQVvVU/OhDmjuneGKZY7d1Es7LC9o5qmJ+T3Dh3/bkmuRdgdnd2TO6iuvM++DEPxwnoHis+0lbMxv5a6ibzvoXXm2CrL4HPETqLKbLahGJRmDNgnkCEWxAs16zrqe5kgDpD53R5c=,iv:DcCXNGyb41ToV9uSnrnrl0dWiw2pvykM8z86Yk814P4=,tag:T9PFl48qABwBSy7vIhSmLA==,type:str]
     pgp:
         - created_at: "2024-11-28T18:56:39Z"
           enc: |-

systems/palatine-hill/typhon.nix

@@ -0,0 +1,17 @@
+{ config, ... }:
+
+let
+  vars = import ./vars.nix;
+  typhon_path = vars.primary_typhon;
+in
+{
+  services.typhon = {
+    enable = true;
+    hashedPasswordFile = config.sops.secrets."typhon/hashedPassword".path;
+    home = typhon_path;
+  };
+
+  sops.secrets = {
+    "typhon/hashedPassword".owner = "root";
+  };
+}

systems/selinunte/audio.nix

@@ -0,0 +1,35 @@
+{ pkgs, ... }:
+
+{
+  # rtkit is optional but recommended
+  security.rtkit.enable = true;
+  services = {
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+      # If you want to use JACK applications, uncomment this
+      #jack.enable = true;
+    };
+
+    pipewire.wireplumber.configPackages = [
+      (pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" ''
+        bluez_monitor.properties = {
+        	["bluez5.enable-sbc-xq"] = true,
+        	["bluez5.enable-msbc"] = true,
+        	["bluez5.enable-hw-volume"] = true,
+        	["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
+        }
+      '')
+    ];
+    blueman.enable = true;
+  };
+
+  hardware.bluetooth.enable = true;
+  hardware.bluetooth.powerOnBoot = true;
+
+  environment.systemPackages = with pkgs; [ pavucontrol ];
+
+  programs.noisetorch.enable = true;
+}

systems/selinunte/configuration.nix

@@ -0,0 +1,54 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  imports = [
+    ./audio.nix
+    ./desktop.nix
+    ./fonts.nix
+    ./graphics.nix
+    ./polkit.nix
+    ./programs.nix
+    ./steam.nix
+    ./stylix.nix
+  ];
+
+  time.timeZone = "America/New_York";
+
+  # temp workaround for building while in nixos-enter
+  #services.logrotate.checkConfig = false;
+
+  networking = {
+    hostId = "9f2e1ff9";
+    firewall.enable = true;
+    useNetworkd = true;
+  };
+
+  boot = {
+    kernelPackages = lib.mkForce pkgs.linuxPackages_xanmod;
+    useSystemdBoot = true;
+    default = true;
+  };
+
+  i18n = {
+    defaultLocale = "en_US.utf8";
+    supportedLocales = [ "en_US.UTF-8/UTF-8" ];
+  };
+
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+  services = {
+    flatpak.enable = true;
+    gvfs.enable = true;
+    openssh.enable = lib.mkForce false;
+  };
+
+  system.stateVersion = "25.05";
+
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+  };
+}

systems/selinunte/default.nix

@@ -0,0 +1,23 @@
+{ inputs, ... }:
+{
+  system = "x86_64-linux";
+  home = true;
+  sops = true;
+  server = false;
+  users = [ "alice" ];
+  modules = [
+    inputs.nixos-hardware.nixosModules.common-pc
+    inputs.nixos-hardware.nixosModules.common-pc-ssd
+    inputs.nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
+    inputs.nixos-hardware.nixosModules.common-cpu-amd
+    inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
+    inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower
+    inputs.stylix.nixosModules.stylix
+    {
+      environment.systemPackages = [
+        inputs.wired-notify.packages.x86_64-linux.default
+        inputs.hyprland-contrib.packages.x86_64-linux.grimblast
+      ];
+    }
+  ];
+}

systems/selinunte/desktop.nix

@@ -0,0 +1,44 @@
+{ pkgs, ... }:
+
+{
+  # installs hyprland, and its dependencies
+
+  programs = {
+    hyprland = {
+      enable = true;
+      xwayland.enable = true;
+      withUWSM = true;
+    };
+    hyprlock.enable = true;
+    ydotool.enable = true;
+  };
+  # Optional, hint electron apps to use wayland:
+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+
+  services = {
+    xserver = {
+      enable = true;
+      displayManager.gdm = {
+        enable = true;
+        wayland = true;
+      };
+    };
+
+    dbus = {
+      enable = true;
+      implementation = "broker";
+    };
+  };
+
+  powerManagement = {
+    enable = true;
+    resumeCommands = ''
+      ${pkgs.hyprlock}/bin/hyprlock -c /home/alice/.config/hypr/hyprlock.conf
+    '';
+  };
+
+  environment.systemPackages = with pkgs; [
+    libsForQt5.qt5.qtwayland
+    qt6.qtwayland
+  ];
+}

systems/selinunte/fonts.nix

@@ -0,0 +1,15 @@
+{ pkgs, ... }:
+{
+  fonts = {
+    fontconfig.enable = true;
+    enableDefaultPackages = true;
+    packages = with pkgs.nerd-fonts; [
+      fira-code
+      droid-sans-mono
+      hack
+      dejavu-sans-mono
+      noto
+      open-dyslexic
+    ];
+  };
+}

systems/selinunte/graphics.nix

@@ -0,0 +1,40 @@
+{ config, pkgs, ... }:
+
+{
+  hardware.graphics = {
+    ## radv: an open-source Vulkan driver from freedesktop
+    enable = true;
+    enable32Bit = true;
+
+  };
+  hardware.nvidia = {
+
+    # Modesetting is required.
+    modesetting.enable = true;
+
+    # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
+    # Enable this if you have graphical corruption issues or application crashes after waking
+    # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
+    # of just the bare essentials.
+    powerManagement.enable = false;
+
+    # Fine-grained power management. Turns off GPU when not in use.
+    # Experimental and only works on modern Nvidia GPUs (Turing or newer).
+    powerManagement.finegrained = false;
+
+    # Use the NVidia open source kernel module (not to be confused with the
+    # independent third-party "nouveau" open source driver).
+    # Support is limited to the Turing and later architectures. Full list of
+    # supported GPUs is at:
+    # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
+    # Only available from driver 515.43.04+
+    open = false;
+
+    # Enable the Nvidia settings menu,
+    # accessible via `nvidia-settings`.
+    nvidiaSettings = true;
+
+    # Optionally, you may need to select the appropriate driver version for your specific GPU.
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+  };
+}

systems/selinunte/hardware.nix

@@ -0,0 +1,96 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot = {
+    initrd.availableKernelModules = [
+      "nvme"
+      "xhci_pci"
+      "thunderbolt"
+      "usb_storage"
+      "usbhid"
+      "sd_mod"
+      "ip_vs"
+      "ip_vs_rr"
+      "nf_conntrack"
+    ];
+    initrd.kernelModules = [
+      "dm-snapshot"
+      "r8152"
+    ];
+    kernelModules = [ "kvm-amd" ];
+    extraModulePackages = [ ];
+    kernelParams = [
+      "amdgpu.sg_display=0"
+      "amdgpu.graphics_sg=0"
+      "amdgpu.abmlevel=3"
+    ];
+  };
+
+  fileSystems = {
+
+    "/" = lib.mkDefault {
+      device = "/dev/disk/by-uuid/f3c11d62-37f4-495e-b668-1ff49e0d3a47";
+      fsType = "ext4";
+      options = [
+        "noatime"
+        "nodiratime"
+      ];
+    };
+
+    "/home" = {
+      device = "/dev/disk/by-uuid/720af942-464c-4c1e-be41-0438936264f0";
+      fsType = "ext4";
+      options = [
+        "noatime"
+        "nodiratime"
+      ];
+    };
+
+    "/nix" = {
+      device = "/dev/disk/by-uuid/035f23f8-d895-4b0c-bcf5-45885a5dbbd9";
+      fsType = "ext4";
+      options = [
+        "noatime"
+        "nodiratime"
+      ];
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/5AD7-6005";
+      fsType = "vfat";
+      options = [
+        "noatime"
+        "nodiratime"
+      ];
+    };
+  };
+
+  swapDevices = [ { device = "/dev/disk/by-uuid/3ec276b5-9088-45b0-9cb4-60812f2d1a73"; } ];
+
+  boot.initrd.luks.devices = {
+    "nixos-pv" = {
+      device = "/dev/disk/by-uuid/12a7f660-bbcc-4066-81d0-e66005ee534a";
+      preLVM = true;
+      allowDiscards = true;
+    };
+  };
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

systems/selinunte/polkit.nix

@@ -0,0 +1,22 @@
+{ pkgs, ... }:
+
+{
+  security.polkit.enable = true;
+  environment.systemPackages = with pkgs; [ polkit_gnome ];
+
+  systemd = {
+    user.services.polkit-gnome-authentication-agent-1 = {
+      description = "polkit-gnome-authentication-agent-1";
+      wantedBy = [ "graphical-session.target" ];
+      wants = [ "graphical-session.target" ];
+      after = [ "graphical-session.target" ];
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+        Restart = "on-failure";
+        RestartSec = 1;
+        TimeoutStopSec = 10;
+      };
+    };
+  };
+}

systems/selinunte/programs.nix

@@ -0,0 +1,114 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    act
+    alacritty
+    attic-client
+    amdgpu_top
+    bat
+    bitwarden-cli
+    bfg-repo-cleaner
+    brightnessctl
+    btop
+    calibre
+    # calibre dedrm?
+    candy-icons
+    chromium
+    chromedriver
+    croc
+    deadnix
+    direnv
+    easyeffects
+    eza
+    fanficfare
+    ferium
+    fd
+    file
+    firefox
+    # gestures replacement
+    git
+    glances
+    gpu-viewer
+    grim
+    helvum
+    htop
+    hwloc
+    ipmiview
+    iperf3
+    # ipscan
+    jp2a
+    jq
+    kdePackages.kdenlive
+    kitty
+    kubectl
+    kubernetes-helm
+    libreoffice-fresh
+    libtool
+    lsof
+    lynis
+    masterpdfeditor4
+    minikube
+    mons
+    mpv
+    # nbt explorer?
+    ncdu
+    nemo-with-extensions
+    neofetch
+    neovim
+    nix-init
+    nix-output-monitor
+    nix-prefetch
+    nix-tree
+    nixpkgs-fmt
+    nmap
+    obs-studio
+    obsidian
+    ocrmypdf
+    pciutils
+    #disabled until wxpython compat with python3.12
+    #playonlinux
+    prismlauncher
+    protonmail-bridge
+    protontricks
+    proxychains
+    qrencode
+    redshift
+    restic
+    ripgrep
+    rpi-imager
+    rofi-wayland
+    samba
+    signal-desktop
+    # signal in tray?
+    siji
+    simple-mtpfs
+    skaffold
+    slack
+    slurp
+    smartmontools
+    snyk
+    sops
+    spotify
+    spotify-player
+    #swaylock/waylock?
+    sweet-nova
+    telegram-desktop
+    terraform
+    tig
+    tokei
+    tree
+    unipicker
+    unzip
+    uutils-coreutils-noprefix
+    ventoy
+    vesktop
+    vscode
+    watchman
+    wget
+    wl-clipboard
+    yq
+    yt-dlp
+    zoom-us
+    zoxide
+  ];
+}

systems/selinunte/steam.nix

@@ -0,0 +1,20 @@
+{ pkgs, ... }:
+
+{
+  environment.systemPackages = [ pkgs.steam-run ];
+  hardware.steam-hardware.enable = true;
+  programs = {
+    gamescope = {
+      enable = true;
+      capSysNice = true;
+    };
+    steam = {
+      enable = true;
+      remotePlay.openFirewall = true;
+      localNetworkGameTransfers.openFirewall = true;
+      extraCompatPackages = with pkgs; [ proton-ge-bin ];
+      gamescopeSession.enable = true;
+      extest.enable = true;
+    };
+  };
+}

systems/selinunte/stylix.nix

@@ -0,0 +1,16 @@
+{ pkgs, ... }:
+# let
+# randWallpaper = pkgs.runCommand "stylix-wallpaper" { } ''
+#   numWallpapers =
+#   $((1 + $RANDOM % 10))
+
+# in
+{
+  stylix = {
+    enable = true;
+    image = "${pkgs.hyprland}/share/hypr/wall2.png";
+
+    #image = "/home/alice/Pictures/Screenshots/screenshot_2024-12-04-2030.png";
+    polarity = "dark";
+  };
+}

users/alice/home/doom/custom.el

@@ -22,3 +22,6 @@
 
 (setq! lsp-nix-nil-max-mem 20000)
 (setq! lsp-nix-nil-formatter ["nixfmt"])
+(add-hook 'python-mode-hook (lambda ()
+                                (require 'sphinx-doc)
+                                (sphinx-doc-mode t)))

users/alice/home/doom/packages.el

@@ -80,3 +80,10 @@
 
 (package! pacdiff.el
   :recipe (:host github :repo "fbrosda/pacdiff.el" :files ("pacdiff.el" "README.org" "LICENSE")))
+
+(package! python-docstring-mode
+  :recipe (:host github :repo "glyph/python-docstring-mode" :files ("python-docstring.el" "docstring_wrap.py")))
+
+(package! sphinx-doc)
+
+;; https://github.com/glyph/python-docstring-mode.git

users/alice/home/zsh.nix

@@ -4,7 +4,6 @@
   programs.zsh = {
 
     enable = true;
-    # autosuggestion.enable = true;
     oh-my-zsh = {
       enable = true;
       plugins = [

users/alice/secrets.yaml

@@ -2,7 +2,7 @@ alice:
     user-password: ENC[AES256_GCM,data:+cM85X1vapqfQdJ+Dv6YvT5qHlvsmaXPRbvKRHtCkPT3wdw4f7tLHLFmvWnak7CRezI00PxVEtCZL5mqLyN2HaU4OqIk/9fgqczIzemwBlMGJt+ndwG4oqBqE0ymtzmy8MA59wonRqoxzYKQfAGQsprdCIovrg==,iv:BtSDBgvQeZdTY1KUClnt9V8qHcS/gouaaQw342tk4Sg=,tag:T7tzyKuCo83s78ca7f4KDQ==,type:str]
     #ENC[AES256_GCM,data:6+dLs8opC27IrHJCPfL2c7KiLbaQTqI6oRKpIZLR4+P9gTupziAhCm/G7RY01gVPSgxdBpJ6L4xVbcMEg9hDKBMI4naF9arNrFsV6WXNc+LA5BYyT9L9G1nDea8fPFYDSF2537eLgLqWNE1WSsUOrz/WOxbE6g==,iv:AxsdKmGz6qEYlWY08q/2hqsm0EXaqodwD/7OJg4FAIY=,tag:EgfL3I1VBXtFgIdTOW5eBA==,type:comment]
     #ENC[AES256_GCM,data:vUMcowHjlQA0RWflfaQhZKkalO39epYi6N9PPW8=,iv:6DFqHlQR+mi+ZkfMUhlhwvpMwnxXNfQV6+sYgPzSj4I=,tag:Pz1zJayscGckPO8Q2ZVb4g==,type:comment]
-    gha-hydra-token: ENC[AES256_GCM,data:rYDYIn7MAF4pSZQj+Nln2z9J+AxvuSzumthL86njpKETutArrw+9iX2hHJt5t513NHH03tMtZOFqM60/pzWg4YXVQOSpQmq8QOelD7qCdfCr4Z2QSeOHqXqwKy21iWtoVbxOXWunVxLzkWMJrpHkpVsiBA75Nv66ftKEjN80QNGik6xQE1iPsCB2JHeqYNIr8gtPkCr7H5Pt4yBBO/1rsyONrbNlwmzVX78eqXxmc43XOiNVjEsk8ekJxJ9mn5S6JcPNehBcnZA0kWAIxvtDIPYKnz4YBIXoilBbjgytXL8nw3PkEX27x5yeg9KfxPxO/4CGoi5wfKsYuEynBdWbHtj6a3H0AvA9KIZzktTRNJFU3ZW8UveSCXY4YHl0NREJ8kbIUgkkE7PWeyzGenGFTPMahTA0rKSa+tWPQ1c00lvo9VS3/7pfeJfZEKS7R2xBaEDZrfffHyB5PLTQOGpWl5y40wTn4HdBlyQwoREvobOaKVZEyWtVvJcUeHDPepgEHGVDzwyTelX8Btb6ZNA0Fur8xvpkLZcLmMhbvCdkjq84ztJ36nQQ5JZthecyqcZTWPyfWtPeoUPVIaxn31oLjwsriDwdQmID6twTjC9PT8nBZD/u0JebOCdeYf8fm9q49SaN2w/ZMdSRWucHUsRXeN9O149vYoOqR28H+8v/tYJdqofJpHKrIBs=,iv:GcEV6f4rqkrpCafeaLNMqqU/vBNE0xHbqokL2gMXHYw=,tag:sCHvUgq1w8npedjIAninrA==,type:str]
+    gha-hydra-token: ENC[AES256_GCM,data:CXdOiW9oYaVj4oqfiXSz9O9xIsB5ZyUac2WFSFD1ankZpnmQpv9TwolJxb6h8r+UM7Q9QzCCWk7KHe80lolZhpHa79bpcj+wt9v51ydj0Zy+3sufHS+JnGwmqBbw6dVqJ2uBr4nW2NADzHEbG8N367uKYEq2vazB4y02JiopXL8DHsYcx+Z4u7GJC/gYbpm9vnt8OVdYmfYRQ9BGSiaJOghDzpmCisEZdLpCLXM3cULn8yVUXIFWx8yF/6JrWN+myeoZiUFCL2sZmeSIswFg9kwBKXIsjBrz+EDXZzDCEr88UrEJ0j2+egsrG9BNlstVwC8oscYdbXWmYUdsCBNVxK3xjJYm9gDdSyo0DfSvTzK1t+/s9L1zC8uqj2TXYdVd6QyH2TRXxiPeNLYClRHT2UljymSpIVXOn/Okuo7dte+ZZqZVndT1lwK//2y8V3Hng+5wixfFFsQAd5oJzfraRSnM+RLZtjI3TMoyc5no3pVwV6zsCqRd2nvr7gieXUMWtSLb6YrM6tvhRpeiieYUqQ8NwHV0Avqco0I838o5yywVGSnUflGxnwYoGQIX70qoTcxNPGuiiiqSynh64e3nrlC9xN6EWuFpUNVfkBibZNRi+EyDAhK7LKwiPbL2z919N54vyzzoWA1KUFqxow+JsX+Q8rpnfJtag44F5qFt3/Be5PIMYVU7acXTiVJvM3cKPMQIBPXpQFX5OshwGhttGFuB53aWPHCzlhT4NDQbcZ/rLQ3bcytVpnH55WWze0Oe0zUZYGFc/rV9Fc4QjhR7/8pAi9kGUlKy2MYBamjmnCWlOnHPIQQLpPs/oiW+,iv:KL2P3O8Fnbn56hLX8PWIrigoPTBfIvMUpizKy3C3RIA=,tag:G0M/9iT9IWUSJ5ktUc/g5A==,type:str]
     wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str]
     attic-nix-cache-creator: ENC[AES256_GCM,data:P0iBdy4IYrxcq7v4wTgwwZvAfVdRFo08pi0zvpY9cP9BDCwbBnp+3qDKWL29rC7OxsaLtmRkvPmbkF3ZX3Yu5OaptwVg2Xi0vNqhk3gu5Fdj8ygPigB0ZtimkfWv1QkctoVoXKXuLv6Xd4XKPCWOOIekWlJsBRcyfyzkyFURkU9tBBkXyEAWItho/J8hJr6r00eA3EN4rTe8Ge+PGpfTfpZVpnoGrC35xPnGLq19+b44DectHDTkMZrZKxiCaVIgKUZDLaFgi6a6PsX+L1HQAIZukXJu3m4BPdvzzby+zgX24pVJOYjAUB2BwO9jUlMS6+7qo0p6k01uLicryfKx/ajdAHcy39tFHX7naA4JriC2/FgI2HlFGp0Lc+g0pfdCYwLs5QBfRaOHyrbFWUDG,iv:OBrgnewqBaug00ygAXs0eFs3LqcHqo1EW96N5I38A0o=,tag:V+Gn47O6AH1RwL9qJLpAkw==,type:str]
     attic-nix-cache-reader: ENC[AES256_GCM,data:DWIkRri3lHJOVXIAbHWJL7cCV4FHjB91bbpPAib/5ZDKap3xjnxUjwswc7wjO1hCoV3+gmep1a64kma6MJts4bcAug5bPyrrPy//rVpCYvSbSmbPz5k4sW5GLU/Sf4NyBevsQo9KRrphpoSUQEFQB27vabYDjjkB051/qJo1B9B7nqmrSyd3np4YdyHAgUiMyJt0oqx8nXySz3XZU+DIM8/OhMZILpnEWIgyP2K7j8JNNpZZJ5sD/icUy6Vba/4LcKjtmYtfQ+HO1soyF6aMiQSjhp7fzJHktwa9kgB3oDzIg3KyCJYS2RNW7mW9Dd1T,iv:fvhGFU22KgknMpJbOkA3v29bKzRVX6hi7V7xJgSUjPg=,tag:TjGSUl0XXS7jlhP/NG4cvQ==,type:str]
@@ -42,8 +42,8 @@ sops:
             ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6
             7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-18T22:08:52Z"
+    lastmodified: "2025-03-26T15:28:13Z"
-    mac: ENC[AES256_GCM,data:3Hr8FyzfZvvtyusqdDOjggDGFlBwyOq2VND+/jtNbY5i5JPK+qTkamn98IKkcHSPooaIVzEAek91fZDo90mYRhCzEwfbLATmFXPHsZHUg+5nD8VzcNUWQDb2/ey4RPhzTMtXfY9v9wdIcTdBKYKSZ61puptSX8nJ2S74ag6B5AY=,iv:J+VxUvwWE496DqTsVXdlpxgkf8zGT9uDvt6RLrmc0n0=,tag:X2Qg3DDzOTBDqo+6eQPHvw==,type:str]
+    mac: ENC[AES256_GCM,data:BfEahKHAcnLc/PSagENBIVwxufJrjpMSC6U4hkkxNwcEJYDNAlrF0w00aiexLeX+UfVGIw19+SrNL5zuecEf+GaYzYNy9RE3c66KUM2B/cpuBuzkiwLaBCTfcWr7k8dW11BGFCmugRSG4w6wXKG5B/LyEKB6Vcvp0JRbCYSqZSY=,iv:97UzvdvQCtTLaLDrg6VEwiofHtSPGtaxuPLHfTAyIFA=,tag:r4r45OaV9ZRDzd56RGLFZw==,type:str]
     pgp:
         - created_at: "2024-09-05T06:10:22Z"
           enc: |-