Merge branch 'main' into feature/vesktop

add vesktop settings, add cosmic
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
2025-06-01 14:05:22 -04:00 · 2025-06-01 14:04:09 -04:00
26 changed files with 133 additions and 406 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -49,9 +49,3 @@ creation_rules:
            - *admin_alice
          age:
            - *palatine-hill
    - path_regex: systems/palatine-hill/docker/openvpn/.*\.ovpn$
      key_groups:
        - pgp:
            - *admin_alice
          age:
            - *palatine-hill
--- a/flake.lock
+++ b/flake.lock
@@ -37,11 +37,11 @@
    "base16-helix": {
      "flake": false,
      "locked": {
-        "lastModified": 1748408240,
+        "lastModified": 1736852337,
-        "narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=",
+        "narHash": "sha256-esD42YdgLlEh7koBrSqcT7p2fsMctPAcGl/+2sYJa2o=",
        "owner": "tinted-theming",
        "repo": "base16-helix",
-        "rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e",
+        "rev": "03860521c40b0b9c04818f2218d9cc9efc21e7a5",
        "type": "github"
      },
      "original": {
@@ -75,11 +75,11 @@
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1751515409,
+        "lastModified": 1748730131,
-        "narHash": "sha256-yu+/TxHkuZ8GHKwpKTv1BpfbYD1wH1CyPsOmY72chTg=",
+        "narHash": "sha256-QHKZlwzw80hoJkNGXQePIg4u109lqcodALkont2WJAc=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "2e0dcafe8c48470e036908f34a2a1413f75bd804",
+        "rev": "aa7bfc2ec4763b57386fcd50242c390a596b9bb0",
        "type": "gitlab"
      },
      "original": {
@@ -92,11 +92,11 @@
    "firefox-gnome-theme": {
      "flake": false,
      "locked": {
-        "lastModified": 1748383148,
+        "lastModified": 1744642301,
-        "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=",
+        "narHash": "sha256-5A6LL7T0lttn1vrKsNOKUk9V0ittdW0VEqh6AtefxJ4=",
        "owner": "rafaelmardojai",
        "repo": "firefox-gnome-theme",
-        "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf",
+        "rev": "59e3de00f01e5adb851d824cf7911bd90c31083a",
        "type": "github"
      },
      "original": {
@@ -124,11 +124,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1751413152,
+        "lastModified": 1743550720,
-        "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
+        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
+        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
        "type": "github"
      },
      "original": {
@@ -145,11 +145,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1743550720,
+        "lastModified": 1733312601,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
        "type": "github"
      },
      "original": {
@@ -207,11 +207,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747372754,
+        "lastModified": 1742649964,
-        "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
+        "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
+        "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
        "type": "github"
      },
      "original": {
@@ -266,16 +266,16 @@
    "gnome-shell": {
      "flake": false,
      "locked": {
-        "lastModified": 1748186689,
+        "lastModified": 1744584021,
-        "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=",
+        "narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=",
        "owner": "GNOME",
        "repo": "gnome-shell",
-        "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0",
+        "rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae",
        "type": "github"
      },
      "original": {
        "owner": "GNOME",
-        "ref": "48.2",
+        "ref": "48.1",
        "repo": "gnome-shell",
        "type": "github"
      }
@@ -287,11 +287,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751513147,
+        "lastModified": 1748737919,
-        "narHash": "sha256-idSXM3Y0KNf/WDDqGfthiOSQMwZYwis1JZhTkdWrr6A=",
+        "narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "426b405d979d893832549b95f23c13537c65d244",
+        "rev": "5675a9686851d9626560052a032c4e14e533c1fa",
        "type": "github"
      },
      "original": {
@@ -330,11 +330,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1750372088,
+        "lastModified": 1747572947,
-        "narHash": "sha256-LPwgPRBTfnA76rHUr7KYvwq2pNt5IfxymNAZUJFvn/M=",
+        "narHash": "sha256-PMQoXbfmWPuXnF8EaWqRmvTvl7+WFUrDVgufFRPgOM4=",
        "owner": "hyprwm",
        "repo": "contrib",
-        "rev": "189f32f56285aae9646bf1292976392beba5a2e2",
+        "rev": "910dad4c5755c1735d30da10c96d9086aa2a608d",
        "type": "github"
      },
      "original": {
@@ -383,11 +383,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751170039,
+        "lastModified": 1748751003,
-        "narHash": "sha256-3EKpUmyGmHYA/RuhZjINTZPU+OFWko0eDwazUOW64nw=",
+        "narHash": "sha256-i4GZdKAK97S0ZMU3w4fqgEJr0cVywzqjugt2qZPrScs=",
        "owner": "Mic92",
        "repo": "nix-index-database",
-        "rev": "9c932ae632d6b5150515e5749b198c175d8565db",
+        "rev": "2860bee699248d828c2ed9097a1cd82c2f991b43",
        "type": "github"
      },
      "original": {
@@ -427,11 +427,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751281697,
+        "lastModified": 1748776124,
-        "narHash": "sha256-abHhTXGEGYhCKOc9vQbqHFG7dxwJ6AudIy1h4MUsjm0=",
+        "narHash": "sha256-vs2cMCHX9wnWJutXhQyWkWOpMF/Xbw0ZAUAFGsKLifA=",
        "owner": "lilyinstarlight",
        "repo": "nixos-cosmic",
-        "rev": "78b86e37713a1111d9e37c62b242d60be3013bd1",
+        "rev": "e989a41092f6f0375e7afb789bc97cb30d01fdb8",
        "type": "github"
      },
      "original": {
@@ -463,11 +463,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1751432711,
+        "lastModified": 1748634340,
-        "narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=",
+        "narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f",
+        "rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a",
        "type": "github"
      },
      "original": {
@@ -486,11 +486,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751469444,
+        "lastModified": 1748287559,
-        "narHash": "sha256-L5vPflQCt7WWzL66cA0ZbITfg+vzrSf6Ak5m4s6vDds=",
+        "narHash": "sha256-dvUE9HGwzEXyv6G7LuZFQCmRYFuXLJBO4+crCTxe5zs=",
        "owner": "SuperSandro2000",
        "repo": "nixos-modules",
-        "rev": "ed24075c9b4d1cedac253f31aaa2d4729d4fdf53",
+        "rev": "9ae063877f8c5d42c39b739ae1d00f9657ad17f4",
        "type": "github"
      },
      "original": {
@@ -501,11 +501,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1751529439,
+        "lastModified": 1748762463,
-        "narHash": "sha256-fn4qiux6lOX2MEB5VU/KFUhjc4HuQON2SexwJnC1ibc=",
+        "narHash": "sha256-rb8vudY2u0SgdWh83SAhM5QZT91ZOnvjOLGTO4pdGTc=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "f596e2141c241f5cca21188543cd4dcda32f2c3c",
+        "rev": "0d0bc640d371e9e8c9914c42951b3d6522bc5dda",
        "type": "github"
      },
      "original": {
@@ -517,11 +517,11 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1751159883,
+        "lastModified": 1743296961,
-        "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=",
+        "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab",
+        "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
        "type": "github"
      },
      "original": {
@@ -532,11 +532,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1751274312,
+        "lastModified": 1748421225,
-        "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=",
+        "narHash": "sha256-XXILOc80tvlvEQgYpYFnze8MkQQmp3eQxFbTzb3m/R0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674",
+        "rev": "78add7b7abb61689e34fc23070a8f55e1d26185b",
        "type": "github"
      },
      "original": {
@@ -559,11 +559,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1748730660,
+        "lastModified": 1746056780,
-        "narHash": "sha256-5LKmRYKdPuhm8j5GFe3AfrJL8dd8o57BQ34AGjJl1R0=",
+        "narHash": "sha256-/emueQGaoT4vu0QjU9LDOG5roxRSfdY0K2KkxuzazcM=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "2c0bc52fe14681e9ef60e3553888c4f086e46ecb",
+        "rev": "d476cd0972dd6242d76374fcc277e6735715c167",
        "type": "github"
      },
      "original": {
@@ -583,11 +583,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1750779888,
+        "lastModified": 1747372754,
-        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
+        "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
+        "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
        "type": "github"
      },
      "original": {
@@ -627,11 +627,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751510438,
+        "lastModified": 1748746145,
-        "narHash": "sha256-m8PjOoyyCR4nhqtHEBP1tB/jF+gJYYguSZmUmVTEAQE=",
+        "narHash": "sha256-bwkCAK9pOyI2Ww4Q4oO1Ynv7O9aZPrsIAMMASmhVGp4=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "7f415261f298656f8164bd636c0dc05af4e95b6b",
+        "rev": "12a0d94a2f2b06714f747ab97b2fa546f46b460c",
        "type": "github"
      },
      "original": {
@@ -647,11 +647,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1750119275,
+        "lastModified": 1747603214,
-        "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=",
+        "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2",
+        "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
        "type": "github"
      },
      "original": {
@@ -688,11 +688,11 @@
        "tinted-zed": "tinted-zed"
      },
      "locked": {
-        "lastModified": 1751498047,
+        "lastModified": 1748717073,
-        "narHash": "sha256-2T/VKbqqp4KTz3szFl58AaI+LBg9ctLjnP1IQA8sPg8=",
+        "narHash": "sha256-Yxo8A7BgNpRXTrB359LyfQ0NjJuiaLIS6sTTUCulEX0=",
        "owner": "danth",
        "repo": "stylix",
-        "rev": "d21cfb364a78ad72935625e79b8c5d497f0b7616",
+        "rev": "64b9f2c2df31bb87bdd2360a2feb58c817b4d16c",
        "type": "github"
      },
      "original": {
@@ -767,11 +767,11 @@
    "tinted-schemes": {
      "flake": false,
      "locked": {
-        "lastModified": 1748180480,
+        "lastModified": 1744974599,
-        "narHash": "sha256-7n0XiZiEHl2zRhDwZd/g+p38xwEoWtT0/aESwTMXWG4=",
+        "narHash": "sha256-Fg+rdGs5FAgfkYNCs74lnl8vkQmiZVdBsziyPhVqrlY=",
        "owner": "tinted-theming",
        "repo": "schemes",
-        "rev": "87d652edd26f5c0c99deda5ae13dfb8ece2ffe31",
+        "rev": "28c26a621123ad4ebd5bbfb34ab39421c0144bdd",
        "type": "github"
      },
      "original": {
@@ -783,11 +783,11 @@
    "tinted-tmux": {
      "flake": false,
      "locked": {
-        "lastModified": 1748740859,
+        "lastModified": 1745111349,
-        "narHash": "sha256-OEM12bg7F4N5WjZOcV7FHJbqRI6jtCqL6u8FtPrlZz4=",
+        "narHash": "sha256-udV+nHdpqgkJI9D0mtvvAzbqubt9jdifS/KhTTbJ45w=",
        "owner": "tinted-theming",
        "repo": "tinted-tmux",
-        "rev": "57d5f9683ff9a3b590643beeaf0364da819aedda",
+        "rev": "e009f18a01182b63559fb28f1c786eb027c3dee9",
        "type": "github"
      },
      "original": {
--- a/modules/users.nix
+++ b/modules/users.nix
@@ -1,11 +0,0 @@
 {
  ...
 }:
 {
  users.groups = {
    users = {
      gid = 100;
    };
  };
 }
--- a/systems/artemision/configuration.nix
+++ b/systems/artemision/configuration.nix
@@ -60,13 +60,12 @@
    fwupd = {
      enable = true;
-      # package =
+      package =
-      #   (import (builtins.fetchTarball {
+        (import (builtins.fetchTarball {
-      #     url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz";
+          url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz";
-      #     sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk";
+          sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk";
-      #   }) { inherit (pkgs) system; }).fwupd;
+        }) { inherit (pkgs) system; }).fwupd;
    };
    mullvad-vpn.enable = true;
    fprintd.enable = lib.mkForce false;
    openssh.enable = lib.mkForce false;
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@@ -17,7 +17,6 @@
    ./minio.nix
    ./networking.nix
    ./nextcloud.nix
    #./plex
    ./postgresql.nix
    ./samba.nix
    ./zfs.nix
@@ -58,37 +57,16 @@
    };
  };
-  environment = {
+  environment.systemPackages = with pkgs; [
    systemPackages = with pkgs; [
    chromedriver
    chromium
    docker-compose
      filebot
    intel-gpu-tools
    jellyfin-ffmpeg
    jq
    yt-dlp
    yq
  ];
    etc = {
      # Creates /etc/lynis/custom.prf
      "lynis/custom.prf" = {
        text = ''
          skip-test=BANN-7126
          skip-test=BANN-7130
          skip-test=DEB-0520
          skip-test=DEB-0810
          skip-test=FIRE-4513
          skip-test=HRDN-7222
          skip-test=KRNL-5820
          skip-test=LOGG-2190
          skip-test=LYNIS
          skip-test=TOOL-5002
        '';
        mode = "0440";
      };
    };
  };
  services = {
    samba.enable = true;
--- a/systems/palatine-hill/docker/act-runner.nix
+++ b/systems/palatine-hill/docker/act-runner.nix
@@ -12,7 +12,6 @@ in
  virtualisation.oci-containers.containers = {
    act-stable-latest-main = {
      image = "gitea/act_runner:latest";
      pull = "always";
      extraOptions = [
        "--stop-signal=SIGINT"
      ];
@@ -36,7 +35,6 @@ in
    act-stable-latest-1 = {
      image = "gitea/act_runner:latest";
      pull = "always";
      extraOptions = [
        "--stop-signal=SIGINT"
      ];
@@ -59,7 +57,6 @@ in
    act-stable-latest-2 = {
      image = "gitea/act_runner:latest";
      pull = "always";
      extraOptions = [
        "--stop-signal=SIGINT"
      ];
--- a/systems/palatine-hill/docker/arr.nix
+++ b/systems/palatine-hill/docker/arr.nix
@@ -1,124 +0,0 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 let
  vars = import ../vars.nix;
 in
 {
  virtualisation.oci-containers.containers = {
    bazarr = {
      image = "ghcr.io/linuxserver/bazarr:latest";
      ports = [ "6767:6767" ];
      environment = {
        PUID = "600";
        PGID = "100";
        TZ = "America/New_York";
      };
      volumes = [
        "${vars.primary_docker}/bazarr:/config"
        "${vars.primary_plex_storage}/data:/data"
      ];
      autoStart = true;
    };
    prowlarr = {
      image = "ghcr.io/linuxserver/prowlarr:latest";
      ports = [ "9696:9696" ];
      environment = {
        PUID = "600";
        PGID = "100";
        TZ = "America/New_York";
      };
      volumes = [ "${vars.primary_docker}/prowlarr:/config" ];
      autoStart = true;
    };
    radarr = {
      image = "ghcr.io/linuxserver/radarr:latest";
      ports = [ "7878:7878" ];
      environment = {
        PUID = "600";
        PGID = "100";
        TZ = "America/New_York";
      };
      volumes = [
        "${vars.primary_docker}/radarr:/config"
        "${vars.primary_plex_storage}/data:/data"
      ];
      autoStart = true;
    };
    sonarr = {
      image = "ghcr.io/linuxserver/sonarr:latest";
      ports = [ "8989:8989" ];
      environment = {
        PUID = "600";
        PGID = "100";
        TZ = "America/New_York";
      };
      volumes = [
        "${vars.primary_docker}/sonarr:/config"
        "${vars.primary_plex_storage}/data:/data"
      ];
      autoStart = true;
    };
    lidarr = {
      image = "ghcr.io/linuxserver/lidarr:latest";
      ports = [ "8686:8686" ];
      environment = {
        PUID = "600";
        PGID = "100";
        TZ = "America/New_York";
      };
      volumes = [
        "${vars.primary_docker}/lidarr:/config"
        "${vars.primary_plex_storage}/data:/data"
      ];
      autoStart = true;
    };
    readarr = {
      image = "ghcr.io/linuxserver/readarr:latest";
      ports = [ "8787:8787" ];
      environment = {
        PUID = "600";
        PGID = "100";
        TZ = "America/New_York";
      };
      volumes = [
        "${vars.primary_docker}/readarr:/config"
        "${vars.primary_plex_storage}/data:/data"
      ];
      autoStart = true;
    };
    unpackerr = {
      image = "golift/unpackerr:latest";
      user = "600:100";
      environment = {
        TZ = "America/New_York";
      };
      volumes = [
        "${vars.primary_docker}/unpackerr:/config"
        "${vars.primary_plex_storage}:/data"
      ];
      autoStart = true;
    };
    overseerr = {
      image = "lscr.io/linuxserver/overseerr";
      environment = {
        PUID = "600";
        PGID = "100";
        TZ = "America/New_York";
      };
      volumes = [ "${vars.primary_docker}/overseerr:/config" ];
      # TODO: remove ports later since this is going through web
      ports = [ "5055:5055" ]; # Web UI port
      dependsOn = [
        "radarr"
        "sonarr"
      ];
      extraOptions = [ "--network=haproxy-net" ];
      autoStart = true;
    };
  };
 }
--- a/systems/palatine-hill/docker/default.nix
+++ b/systems/palatine-hill/docker/default.nix
@@ -8,7 +8,6 @@
 {
  imports = [
    ./act-runner.nix
    ./arr.nix
    # temp disable archiveteam for tiktok archiving
    #./archiveteam.nix
    # ./books.nix
--- a/systems/palatine-hill/docker/glances.nix
+++ b/systems/palatine-hill/docker/glances.nix
@@ -8,7 +8,6 @@ in
  virtualisation.oci-containers.containers = {
    glances = {
      image = "nicolargo/glances:latest-full";
      pull = "always";
      extraOptions = [
        "--pid=host"
        "--network=haproxy-net"
--- a/systems/palatine-hill/docker/minecraft.nix
+++ b/systems/palatine-hill/docker/minecraft.nix
@@ -39,7 +39,6 @@ in
  virtualisation.oci-containers.containers = {
    mc-router = {
      image = "itzg/mc-router:latest";
      pull = "always";
      extraOptions = [
        "--network=haproxy-net"
        "--network=minecraft-net"
--- a/systems/palatine-hill/docker/nextcloud.nix
+++ b/systems/palatine-hill/docker/nextcloud.nix
@@ -9,8 +9,6 @@ let
  nextcloud-base = {
    # image comes from running docker compose build in nextcloud-docker/.examples/full/apache
    image = "nextcloud-nextcloud";
    # pull = "always";
    # do NOT enable pull here, this image is generated based on a custom docker image
    hostname = "nextcloud";
    volumes = [
      "${nextcloud_path}/nc_data:/var/www/html:z"
@@ -34,7 +32,6 @@ in
    };
    redis = {
      image = "redis:latest";
      pull = "always";
      user = "600:600";
      volumes = [
        "${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf"
@@ -50,7 +47,6 @@ in
    };
    go-vod = {
      image = "radialapps/go-vod:latest";
      pull = "always";
      dependsOn = [ "nextcloud" ];
      environment = {
        NEXTCLOUD_HOST = "https://nextcloud.alicehuston.xyz";
@@ -62,7 +58,6 @@ in
    };
    collabora-code = {
      image = "collabora/code:latest";
      pull = "always";
      dependsOn = [ "nextcloud" ];
      environment = {
        aliasgroup1 = "https://collabora.nayenoie.com:443";
--- a/systems/palatine-hill/docker/openvpn/se.protonvpn.udp.ovpn
+++ b/systems/palatine-hill/docker/openvpn/se.protonvpn.udp.ovpn
--- a/systems/palatine-hill/docker/torr.nix
+++ b/systems/palatine-hill/docker/torr.nix
@@ -1,8 +1,7 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 let
  delugeBase = {
    pull = "always";
    environment = {
      PUID = "600";
      PGID = "100";
@@ -20,31 +19,18 @@ let
  deluge_path = "${torr_path}/deluge";
  delugevpn_path = "${torr_path}/delugevpn";
-  #genSopsConfWg = file: {
+  genSopsConf = file: {
  #  "${file}" = {
  #    format = "binary";
  #    sopsFile = ./wg/${file};
  #    path = "${delugevpn_path}/config/wireguard/configs/${file}";
  #    owner = "docker-service";
  #    group = "users";
  #    restartUnits = [ "docker-delugeVPN.service" ];
  #  };
  #};
  genSopsConfOvpn = file: {
    "${file}" = {
      format = "binary";
-      sopsFile = ./openvpn/${file};
+      sopsFile = ./wg/${file};
-      path = "${delugevpn_path}/config/openvpn/configs/${file}";
+      path = "${delugevpn_path}/config/wireguard/configs/${file}";
      owner = "docker-service";
      group = "users";
      restartUnits = [ "docker-delugeVPN.service" ];
    };
  };
 in
 {
  virtualisation.oci-containers.containers = {
    deluge = delugeBase // {
      image = "binhex/arch-deluge";
@@ -59,26 +45,25 @@ in
      ];
    };
    delugeVPN = delugeBase // {
-      image = "binhex/arch-delugevpn:latest";
+      image = "binhex/arch-delugevpn";
-      capabilities = {
+      extraOptions = [
-        NET_ADMIN = true;
+        "--privileged=true"
-      };
+        "--sysctl"
-      autoRemoveOnStop = false;
+        "net.ipv4.conf.all.src_valid_mark=1"
      ];
      environment = delugeBase.environment // {
        VPN_ENABLED = "yes";
-        VPN_CLIENT = "openvpn";
+        VPN_CLIENT = "wireguard";
-        VPN_PROV = "protonvpn";
+        VPN_PROV = "custom";
        ENABLE_PRIVOXY = "yes";
        LAN_NETWORK = "192.168.0.0/16";
-        ENABLE_STARTUP_SCRIPTS = "yes";
+        NAME_SERVERS = "194.242.2.9";
        #NAME_SERVERS = "194.242.2.9";
        #NAME_SERVERS = "9.9.9.9";
        # note, delete /config/perms.txt to force a bulk permissions update
      };
      environmentFiles = [ config.sops.secrets."docker/delugevpn".path ];
      volumes = [
        "${delugevpn_path}/config:/config"
-        "${deluge_path}/data:/data" # use common torrent path yuck
+        "${delugevpn_path}/data:/data"
        "/etc/localtime:/etc/localtime:ro"
      ];
      ports = [
@@ -86,9 +71,6 @@ in
        "8119:8118"
        "39275:39275"
        "39275:39275/udp"
        "48346:48346"
        "48346:48346/udp"
      ];
    };
  };
@@ -97,34 +79,25 @@ in
    serviceConfig = {
      ExecStartPre = [
        (
-          "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/openvpn/configs "
+          "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/wireguard/configs "
-          + "-type l -not -name network.ovpn "
+          + "-type l -not -name wg0.conf "
          + "| ${pkgs.coreutils}/bin/shuf -n 1 "
-          + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/openvpn/network.ovpn &&"
+          + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/wireguard/wg0.conf &&"
-          + "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/openvpn/network.ovpn &&"
+          + "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/wireguard/wg0.conf &&"
-          + "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/openvpn/network.ovpn\""
+          + "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/wireguard/wg0.conf\""
        )
        (
          "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/scripts/links "
          + "-type l "
          + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/scripts/ \""
        )
      ];
-      ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/scripts/*sh" ];
+      ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/wireguard/wg0.conf" ];
    };
  };
-  sops.secrets = (genSopsConfOvpn "se.protonvpn.udp.ovpn") // {
+  sops.secrets =
-    "docker/delugevpn" = {
+    (genSopsConf "se-mma-wg-001.conf")
-      owner = "docker-service";
+    // (genSopsConf "se-mma-wg-002.conf")
-      group = "users";
+    // (genSopsConf "se-mma-wg-003.conf")
-      restartUnits = [ "docker-delugeVPN.service" ];
+    // (genSopsConf "se-mma-wg-004.conf")
-    };
+    // (genSopsConf "se-mma-wg-005.conf")
-    "docker/protonvpn-start-script" = {
+    // (genSopsConf "se-mma-wg-101.conf")
-      path = "${delugevpn_path}/config/scripts/links/protonvpn-start-script.sh";
+    // (genSopsConf "se-mma-wg-102.conf")
-      owner = "docker-service";
+    // (genSopsConf "se-mma-wg-103.conf");
      group = "users";
      restartUnits = [ "docker-delugeVPN.service" ];
    };
  };
 }
--- a/systems/palatine-hill/firewall.nix
+++ b/systems/palatine-hill/firewall.nix
@@ -24,15 +24,6 @@
    # collabora
    9980
    # arr
    6767
    9696
    7878
    8989
    8686
    8787
    5055
  ];
 }
--- a/systems/palatine-hill/hydra.nix
+++ b/systems/palatine-hill/hydra.nix
@@ -82,10 +82,10 @@ in
      '';
    };
-    # nix-serve = {
+    nix-serve = {
-    #   enable = true;
+      enable = true;
-    #   secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
+      secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
-    # };
+    };
    prometheus = {
      enable = true;
      webExternalUrl = "https://prom.alicehuston.xyz";
@@ -134,7 +134,7 @@ in
  sops = {
    secrets = {
      "hydra/environment".owner = "hydra";
-      # "nix-serve/secret-key".owner = "root";
+      "nix-serve/secret-key".owner = "root";
      "alice/gha-hydra-token" = {
        sopsFile = ../../users/alice/secrets.yaml;
        owner = "hydra";
--- a/systems/palatine-hill/plex/default.nix
+++ b/systems/palatine-hill/plex/default.nix
@@ -1,28 +0,0 @@
 {
  pkgs,
  ...
 }:
 let
  vars = import ../vars.nix;
 in
 {
  services.plex = {
    enable = true;
    dataDir = vars.primary_plex;
  };
  systemd.services.plex_permission = {
    description = "maintains plex permissions";
    serviceConfig = {
      Type = "oneshot";
      ExecStart = "${pkgs.bash}/bin/bash ${./plex_permission.sh}";
    };
  };
  systemd.timers.plex_permission = {
    wantedBy = [ "timers.target" ];
    timerConfig = {
      OnBootSec = "1h";
      OnCalendar = "daily 03:00";
      Unit = "plex_permission.service";
    };
  };
 }
--- a/systems/palatine-hill/plex/plex_permission.sh
+++ b/systems/palatine-hill/plex/plex_permission.sh
@@ -1,7 +0,0 @@
 #!/bin/bash
 plex_dir="/ZFS/ZFS-primary/plex"
 chown docker-service:users -R "$plex_dir"
 find "$plex_dir" -type f -exec chmod 664 {} \;
 find "$plex_dir" -type d -exec chmod 775 {} \;
--- a/systems/palatine-hill/secrets.yaml
+++ b/systems/palatine-hill/secrets.yaml
@@ -23,8 +23,6 @@ docker:
    redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str]
    act-runner: ENC[AES256_GCM,data:gdrqXBBzdMW26MgNfP6P1c/m7pLANCXjcZLvVsxlWcgpAZd8IaO2FUqomL3xFI3UDPveQh0UvC3044ueoWhYJOq7ZmKJGvdf0ZrpP1MkXZKvjFjbTsuf/6/SYKhPqnP28HqznUWIVJYcRmP+A2oVeJY=,iv:/yOqJYDpxbqCm1whqcypp7Ba1Xlaebrv+h6lHr57Qa8=,tag:PzVqxP+QwQq69jqhmagj3w==,type:str]
    collabora: ENC[AES256_GCM,data:LPRkzPEv5qfzeWSDbf+L+0asfmiK5Mhj8jCdfVyvVQAaD75Cbo4qLD0Nc80z,iv:/l2vAyYYJChhv6T+JkHT4I74ZpdhvbVqxlDWIM4Y4bw=,tag:/+uzn1vtd1RnO9/lGiQAKA==,type:str]
    delugevpn: ENC[AES256_GCM,data:YGkgaQUuA9oteKD77tnFzxZSHctyOQjMNlfvJr3mPWAl2P8wfcshiUoa6SNp69pagxbzRV6mfuzwzinbkQCoZN3lw7uF76y0,iv:Bro0H4tFR+3wi9DGGq9a6ge4o4uPlVXBUF7h17zyqg8=,tag:N1kVNFasqGMx8R9qTq2dJA==,type:str]
    protonvpn-start-script: ENC[AES256_GCM,data:ZnlDpCLdILHXSUCI6itWkqO4y75Lwjj7qT1DBkfueLneQOaQ0JhuE2FbOOajkmI046nP9fMrJbu3g4QZHsq1g8yqGU1wb0OOT+eS9+M92Md29B4NnUdwnVAO6/RzvRKXP2tsQ4iprx9An+BEFwZYD6WG6DQc6NjJVSgRcYvfH9rQey2VdwLysNsgFCs8eC6QgikqBpeg4eOIvDDNbdXPKkW+ZPph9xpzGkcFIMwlX5esg0n7qyUoMvWwBn4avC46U5erOw0fNajY60ri9sm5Afht6LZrFal71Hx/K9/5EXBp9dD4teLO2Ew0CQX0i94pKCuR207l9868s7Ao3udLp4wbiLnXoRKq+w==,iv:qR0kNYpb50NXEqSksvHBPAaRG51RKCsSwTq32nosxzo=,tag:+xRQyuWi4Ja/N9lcd11oJA==,type:str]
 acme:
    bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str]
    dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
@@ -43,8 +41,8 @@ sops:
            cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
            LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-06-01T23:54:50Z"
+    lastmodified: "2025-05-30T04:36:41Z"
-    mac: ENC[AES256_GCM,data:xBSrKfuBEXYVqLhZF903HbLaCpgXyuo3r7/FUBPM9Pl+rKUGx8p7LKCIec2NPCGO8ylQvC8T2mochSHSAvN339nxPlQ7f/tKWc6QgicaX4Sb4k0wJdqamSJTq4mkg8482HOUiFCSi3lA3zWC3Y9ZixESmEWTbxe9sQ51Vo69lkw=,iv:XiGVzryZwo5UmJe7I8pkg5IEdms0vR9iRdlFu2wjUeI=,tag:jhOuV+aZd5rQF0xg+0tvOg==,type:str]
+    mac: ENC[AES256_GCM,data:fEsUt5g0/7j8IVgtXQ0thV93dxe6SGCglqeHdnaXFOjKcCUEFWUmi98M8X92hR9AJzscRK6wqzijd/AQBzl+GL2QtDYsn8qx9Nr0DBd6Gh1vi25eh5LtADm09COSae1THWuFLP7L1Qamyt+XzlBa7Xnrzfuzzp0s2/cZoxZiueU=,iv:VYzh833cMQwGmkB6QunRys0Eluz+0KGj8Y43B9icE9w=,tag:EWJSizBMTFZ0TZhncYe2Sw==,type:str]
    pgp:
        - created_at: "2024-11-28T18:56:39Z"
          enc: |-
--- a/systems/palatine-hill/vars.nix
+++ b/systems/palatine-hill/vars.nix
@@ -17,6 +17,4 @@ rec {
  primary_nextcloud = "${zfs_primary}/nextcloud";
  primary_redis = "${zfs_primary}/redis";
  primary_torr = "${zfs_primary}/torr";
  primary_plex = "${zfs_primary}/plex";
  primary_plex_storage = "${zfs_primary}/plex_storage";
 }
--- a/users/alice/default.nix
+++ b/users/alice/default.nix
@@ -14,7 +14,5 @@ import ../default.nix {
    ;
  publicKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7oJjIYNRCRrUlhdGJgst6bzqubbKH0gjZYulQ1eVcZ alice@artemision"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWG3cIBju6vzX6s8JlmGNJOiWY7pQ19bHvcqDADtWzv snowi@DESKTOP-EVIR8IH"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMfC0IXl9sGx+9FjuYZT2OUfffGjciJIHWqZdEU1d3n alice@parthenon-7588"
  ];
 }
--- a/users/alice/non-server.nix
+++ b/users/alice/non-server.nix
@@ -28,8 +28,10 @@
        CtrlEnterSend.enabled = true;
        CustomIdle = {
          enabled = true;
          settings = {
            remainInIdle = false;
          };
        };
        FriendsSince.enabled = true;
        GameActivityToggle.enabled = true;
        ImplicitRelationships.enabled = true;
@@ -38,7 +40,7 @@
        QuickReply.enabled = true;
        ReplaceGoogleSearch = {
          enabled = true;
-          customEngineName = "DuckDuckGo";
+          settings.customEngineName = "DuckDuckGo";
        };
        ReviewDB.enabled = true;
        ShowConnections.enabled = true;
--- a/users/default.nix
+++ b/users/default.nix
@@ -14,7 +14,6 @@
  hashedPasswordFile = config.sops.secrets."${name}/user-password".path or null;
  openssh.authorizedKeys.keys = publicKeys;
  extraGroups = [
    "users"
    "wheel"
    "media"
    (lib.mkIf config.networking.networkmanager.enable "networkmanager")
--- a/utils/eval-to-drv.sh
+++ b/utils/eval-to-drv.sh
@@ -16,4 +16,4 @@ script_path=$(dirname "$(readlink -f $0)")
 parent_path=$(dirname "$script_path")
 out_path="$parent_path/$1.json"
-nix run git+https://nayeonie.com/ahuston-0/flake-update-diff --fallback -- --evaluate --allow-import-from-derivation --json "$out_path" "$parent_path"
+nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --evaluate --allow-import-from-derivation --json "$out_path" "$parent_path"
Author	SHA1	Message	Date
ahuston-0	784d316109	Merge branch 'main' into feature/vesktop All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 13s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 5m24s Details	2025-06-01 14:05:22 -04:00
ahuston-0	74ff201043	add vesktop settings, add cosmic All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 10s Details Check Nix formatting / Perform Nix format checks (pull_request) Successful in 2m45s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 5m13s Details Signed-off-by: ahuston-0 <aliceghuston@gmail.com>	2025-06-01 14:04:09 -04:00