ssh for laptop

ssh for laptop test
fix
2026-04-22 23:02:19 -05:00 · 2026-04-22 21:59:17 -05:00 · 2026-04-22 14:51:39 -05:00 · 2026-04-22 14:09:08 -05:00 · 2026-04-22 13:56:19 -05:00 · 2026-04-22 13:53:13 -05:00
273 changed files with 8525 additions and 7559 deletions
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,9 +0,0 @@
 [submodule "machines/laptop"]
 	path = machines/laptop
 	url = ssh://gitea@gitea.esotericbytes.com/Blunkall-Technologies/laptop
 [submodule "machines/android"]
 	path = machines/android
 	url = ssh://gitea@gitea.esotericbytes.com/Blunkall-Technologies/android
 [submodule "machines/homebox"]
 	path = machines/homebox
 	url = ssh://gitea@gitea.esotericbytes.com/Blunkall-Technologies/homebox
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -3,28 +3,6 @@ keys:
  - &laptop age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
  - &android age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
 creation_rules:
  - path_regex: homebox/secrets.yaml$
    key_groups:
    - age:
      - *homebox
  - path_regex: laptop/secrets.yaml$
    key_groups:
    - age:
      - *laptop
  - path_regex: pi4/secrets.yaml$
    key_groups:
    - age:
      - *laptop
  - path_regex: live/secrets.yaml$
    key_groups:
    - age:
      - *laptop
  - path_regex: nathan/secrets.yaml$
    key_groups:
    - age:
      - *laptop
      - *homebox
      - *android
  - path_regex: system/secrets.yaml$
    key_groups:
    - age:
--- a/flake.lock
+++ b/flake.lock
@@ -20,11 +20,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767024902,
+        "lastModified": 1775558810,
-        "narHash": "sha256-sMdk6QkMDhIOnvULXKUM8WW8iyi551SWw2i6KQHbrrU=",
+        "narHash": "sha256-fy95EdPnqQlpbP8+rk0yWKclWShCUS5VKs6P7/1MF2c=",
        "owner": "hyprwm",
        "repo": "aquamarine",
-        "rev": "b8a0c5ba5a9fbd2c660be7dd98bdde0ff3798556",
+        "rev": "7371b669b22aa2af980f913fc312a786d2f1abb2",
        "type": "github"
      },
      "original": {
@@ -33,6 +33,27 @@
        "type": "github"
      }
    },
    "aurora": {
      "inputs": {
        "flake-parts": "flake-parts",
        "home-manager": "home-manager",
        "import-tree": "import-tree",
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1776046854,
        "narHash": "sha256-cxX5DzXikwGhHalyOOkll1vGgCdhTfTgReSXIJlQ0AY=",
        "ref": "refs/heads/master",
        "rev": "b2ec3d9cd0a6e52c4922b26d8b8e25823afd89d1",
        "revCount": 52,
        "type": "git",
        "url": "https://gitea.esotericbytes.com/Blunkall-Technologies/Aurora"
      },
      "original": {
        "type": "git",
        "url": "https://gitea.esotericbytes.com/Blunkall-Technologies/Aurora"
      }
    },
    "disko": {
      "inputs": {
        "nixpkgs": [
@@ -40,11 +61,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766150702,
+        "lastModified": 1773889306,
-        "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
+        "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
+        "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347",
        "type": "github"
      },
      "original": {
@@ -61,11 +82,11 @@
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1767585814,
+        "lastModified": 1775880170,
-        "narHash": "sha256-7iodv57Ppq05AHVKnS9/IdhhgBYTVpTDZmz2u2enr/E=",
+        "narHash": "sha256-63PLZ7lspPAqpV/+d0oNtDHLCWQf1MVFRG2DOeDK+nU=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "66bfeb87deb83ca2f9fa2045704b72de52c6433a",
+        "rev": "28b164d30b5ab6820ef7e17281ae55c539ae9ff5",
        "type": "gitlab"
      },
      "original": {
@@ -91,32 +112,16 @@
        "type": "github"
      }
    },
    "flake-compat_2": {
      "flake": false,
      "locked": {
        "lastModified": 1747046372,
        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1754487366,
+        "lastModified": 1775087534,
-        "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
+        "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
+        "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
        "type": "github"
      },
      "original": {
@@ -126,6 +131,42 @@
      }
    },
    "flake-parts_2": {
      "inputs": {
        "nixpkgs-lib": "nixpkgs-lib_2"
      },
      "locked": {
        "lastModified": 1775087534,
        "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "type": "github"
      }
    },
    "flake-parts_3": {
      "inputs": {
        "nixpkgs-lib": "nixpkgs-lib_3"
      },
      "locked": {
        "lastModified": 1775087534,
        "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "type": "github"
      }
    },
    "flake-parts_4": {
      "inputs": {
        "nixpkgs-lib": [
          "nixvim",
@@ -134,11 +175,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1754487366,
+        "lastModified": 1772408722,
-        "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
+        "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
+        "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
        "type": "github"
      },
      "original": {
@@ -147,42 +188,6 @@
        "type": "github"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_2": {
      "inputs": {
        "systems": "systems_3"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
@@ -206,17 +211,35 @@
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": "nixpkgs"
      },
      "locked": {
        "lastModified": 1775900011,
        "narHash": "sha256-QUGu6CJYFQ5AWVV0n3/FsJyV+1/gj7HSDx68/SX9pwM=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "b0569dc6ec1e6e7fefd8f6897184e4c191cd768e",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "home-manager_2": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1767619900,
+        "lastModified": 1775425411,
-        "narHash": "sha256-KpoCBPvwHz3gAQtIUkohE2InRBFK3r0/FM6z5SPWfvM=",
+        "narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "6bd04da47cfb48dfd15eabf08364b78ad894f5b2",
+        "rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe",
        "type": "github"
      },
      "original": {
@@ -226,6 +249,24 @@
        "type": "github"
      }
    },
    "home-manager_3": {
      "inputs": {
        "nixpkgs": "nixpkgs_5"
      },
      "locked": {
        "lastModified": 1776885253,
        "narHash": "sha256-vslJ5ezhyD+HBMEqzsPLOBfalILmPrAABR68yxrhEuM=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "d79c987e654347083e903ab6d2a89ed3d0752177",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "hyprcursor": {
      "inputs": {
        "hyprlang": [
@@ -242,11 +283,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1753964049,
+        "lastModified": 1772461003,
-        "narHash": "sha256-lIqabfBY7z/OANxHoPeIrDJrFyYy9jAM4GQLzZ2feCM=",
+        "narHash": "sha256-pVICsV7FtcEeVwg5y/LFh3XFUkVJninm/P1j/JHzEbM=",
        "owner": "hyprwm",
        "repo": "hyprcursor",
-        "rev": "44e91d467bdad8dcf8bbd2ac7cf49972540980a5",
+        "rev": "b62396457b9cfe2ebf24fe05404b09d2a40f8ed7",
        "type": "github"
      },
      "original": {
@@ -271,11 +312,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766946335,
+        "lastModified": 1775496928,
-        "narHash": "sha256-MRD+Jr2bY11MzNDfenENhiK6pvN+nHygxdHoHbZ1HtE=",
+        "narHash": "sha256-Ds759WU03mGWtu3I43J+5GF5Ni8TvF+GYQUFD+fVeMo=",
        "owner": "hyprwm",
        "repo": "hyprgraphics",
-        "rev": "4af02a3925b454deb1c36603843da528b67ded6c",
+        "rev": "cf95d93d17baa18f1d9b016b3afe27f820521a6e",
        "type": "github"
      },
      "original": {
@@ -295,17 +336,17 @@
        "hyprutils": "hyprutils",
        "hyprwayland-scanner": "hyprwayland-scanner",
        "hyprwire": "hyprwire",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_3",
        "pre-commit-hooks": "pre-commit-hooks",
        "systems": "systems",
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1767654014,
+        "lastModified": 1775828308,
-        "narHash": "sha256-1RG4xtr1FOX7mtSGBR9BcCsTrlRkXbygPaCSFNdT3bs=",
+        "narHash": "sha256-mKW54+ilZNBVsU3GnzHhZUb041H7L/R8aPA0GD+1oKQ=",
        "ref": "refs/heads/main",
-        "rev": "9817553c664b0b7f6776671383a6368c74ee8dee",
+        "rev": "f7755322fc515108cc9eed8113c09492d4a352c1",
-        "revCount": 6789,
+        "revCount": 7141,
        "submodules": true,
        "type": "git",
        "url": "https://github.com/hyprwm/Hyprland"
@@ -349,11 +390,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767023960,
+        "lastModified": 1774710575,
-        "narHash": "sha256-R2HgtVS1G3KSIKAQ77aOZ+Q0HituOmPgXW9nBNkpp3Q=",
+        "narHash": "sha256-p7Rcw13+gA4Z9EI3oGYe3neQ3FqyOOfZCleBTfhJ95Q=",
        "owner": "hyprwm",
        "repo": "hyprland-guiutils",
-        "rev": "c2e906261142f5dd1ee0bfc44abba23e2754c660",
+        "rev": "0703df899520001209646246bef63358c9881e36",
        "type": "github"
      },
      "original": {
@@ -374,11 +415,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1765214753,
+        "lastModified": 1772460177,
-        "narHash": "sha256-P9zdGXOzToJJgu5sVjv7oeOGPIIwrd9hAUAP3PsmBBs=",
+        "narHash": "sha256-/6G/MsPvtn7bc4Y32pserBT/Z4SUUdBd4XYJpOEKVR4=",
        "owner": "hyprwm",
        "repo": "hyprland-protocols",
-        "rev": "3f3860b869014c00e8b9e0528c7b4ddc335c21ab",
+        "rev": "1cb6db5fd6bb8aee419f4457402fa18293ace917",
        "type": "github"
      },
      "original": {
@@ -403,11 +444,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1764612430,
+        "lastModified": 1772459629,
-        "narHash": "sha256-54ltTSbI6W+qYGMchAgCR6QnC1kOdKXN6X6pJhOWxFg=",
+        "narHash": "sha256-/iwvNUYShmmnwmz/czEUh6+0eF5vCMv0xtDW0STPIuM=",
        "owner": "hyprwm",
        "repo": "hyprlang",
-        "rev": "0d00dc118981531aa731150b6ea551ef037acddd",
+        "rev": "7615ee388de18239a4ab1400946f3d0e498a8186",
        "type": "github"
      },
      "original": {
@@ -455,11 +496,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1764592794,
+        "lastModified": 1772462885,
-        "narHash": "sha256-7CcO+wbTJ1L1NBQHierHzheQGPWwkIQug/w+fhTAVuU=",
+        "narHash": "sha256-5pHXrQK9zasMnIo6yME6EOXmWGFMSnCITcfKshhKJ9I=",
        "owner": "hyprwm",
        "repo": "hyprtoolkit",
-        "rev": "5cfe0743f0e608e1462972303778d8a0859ee63e",
+        "rev": "9af245a69fa6b286b88ddfc340afd288e00a6998",
        "type": "github"
      },
      "original": {
@@ -480,11 +521,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766253372,
+        "lastModified": 1774911391,
-        "narHash": "sha256-1+p4Kw8HdtMoFSmJtfdwjxM4bPxDK9yg27SlvUMpzWA=",
+        "narHash": "sha256-c4YVwO33Mmw+FIV8E0u3atJZagHvGTJ9Jai6RtiB8rE=",
        "owner": "hyprwm",
        "repo": "hyprutils",
-        "rev": "51a4f93ce8572e7b12b7284eb9e6e8ebf16b4be9",
+        "rev": "e6caa3d4d1427eedbdf556cf4ceb70f2d9c0b56d",
        "type": "github"
      },
      "original": {
@@ -505,11 +546,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1763640274,
+        "lastModified": 1772459835,
-        "narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=",
+        "narHash": "sha256-978jRz/y/9TKmZb/qD4lEYHCQGHpEXGqy+8X2lFZsak=",
        "owner": "hyprwm",
        "repo": "hyprwayland-scanner",
-        "rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671",
+        "rev": "0a692d4a645165eebd65f109146b8861e3a925e7",
        "type": "github"
      },
      "original": {
@@ -534,11 +575,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767473322,
+        "lastModified": 1775414057,
-        "narHash": "sha256-RGOeG+wQHeJ6BKcsSB8r0ZU77g9mDvoQzoTKj2dFHwA=",
+        "narHash": "sha256-mDpHnf+MkdOxEqIM1TnckYYh9p1SXR8B3KQfNZ12M8s=",
        "owner": "hyprwm",
        "repo": "hyprwire",
-        "rev": "d5e7d6b49fe780353c1cf9a1cf39fa8970bd9d11",
+        "rev": "86012ee01b0fdd8bf3101ef38816f2efbee42490",
        "type": "github"
      },
      "original": {
@@ -547,63 +588,43 @@
        "type": "github"
      }
    },
-    "ixx": {
+    "import-tree": {
      "inputs": {
        "flake-utils": [
          "nixvim",
          "nixvim",
          "nuschtosSearch",
          "flake-utils"
        ],
        "nixpkgs": [
          "nixvim",
          "nixvim",
          "nuschtosSearch",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1754860581,
+        "lastModified": 1773693634,
-        "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=",
+        "narHash": "sha256-BtZ2dtkBdSUnFPPFc+n0kcMbgaTxzFNPv2iaO326Ffg=",
-        "owner": "NuschtOS",
+        "owner": "vic",
-        "repo": "ixx",
+        "repo": "import-tree",
-        "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281",
+        "rev": "c41e7d58045f9057880b0d85e1152d6a4430dbf1",
        "type": "github"
      },
      "original": {
-        "owner": "NuschtOS",
+        "owner": "vic",
-        "ref": "v0.1.1",
+        "repo": "import-tree",
        "repo": "ixx",
        "type": "github"
      }
    },
-    "nix-minecraft": {
+    "import-tree_2": {
      "inputs": {
        "flake-compat": "flake-compat_2",
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1767147099,
+        "lastModified": 1773693634,
-        "narHash": "sha256-395ehjdAtaqCbKmx+PhKAqnkYLvTtAzq2qzFG9qaGDw=",
+        "narHash": "sha256-BtZ2dtkBdSUnFPPFc+n0kcMbgaTxzFNPv2iaO326Ffg=",
-        "owner": "Infinidoge",
+        "owner": "vic",
-        "repo": "nix-minecraft",
+        "repo": "import-tree",
-        "rev": "01f571579edd64433f97c4294137fbc366deef4b",
+        "rev": "c41e7d58045f9057880b0d85e1152d6a4430dbf1",
        "type": "github"
      },
      "original": {
-        "owner": "Infinidoge",
+        "owner": "vic",
-        "repo": "nix-minecraft",
+        "repo": "import-tree",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1767379071,
+        "lastModified": 1775423009,
-        "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=",
+        "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "fb7944c166a3b630f177938e478f0378e64ce108",
+        "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
        "type": "github"
      },
      "original": {
@@ -615,11 +636,41 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1753579242,
+        "lastModified": 1774748309,
-        "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=",
+        "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e",
+        "rev": "333c4e0545a6da976206c74db8773a1645b5870a",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
        "type": "github"
      }
    },
    "nixpkgs-lib_2": {
      "locked": {
        "lastModified": 1774748309,
        "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
        "rev": "333c4e0545a6da976206c74db8773a1645b5870a",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
        "type": "github"
      }
    },
    "nixpkgs-lib_3": {
      "locked": {
        "lastModified": 1774748309,
        "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
        "rev": "333c4e0545a6da976206c74db8773a1645b5870a",
        "type": "github"
      },
      "original": {
@@ -630,11 +681,11 @@
    },
    "nixpkgs-us": {
      "locked": {
-        "lastModified": 1767379071,
+        "lastModified": 1776548001,
-        "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=",
+        "narHash": "sha256-ZSK0NL4a1BwVbbTBoSnWgbJy9HeZFXLYQizjb2DPF24=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "fb7944c166a3b630f177938e478f0378e64ce108",
+        "rev": "b12141ef619e0a9c1c84dc8c684040326f27cdcc",
        "type": "github"
      },
      "original": {
@@ -646,11 +697,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1748929857,
+        "lastModified": 1775710090,
-        "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
+        "narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
+        "rev": "4c1018dae018162ec878d42fec712642d214fdfa",
        "type": "github"
      },
      "original": {
@@ -662,11 +713,27 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1767480499,
+        "lastModified": 1775423009,
-        "narHash": "sha256-8IQQUorUGiSmFaPnLSo2+T+rjHtiNWc+OAzeHck7N48=",
+        "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_4": {
      "locked": {
        "lastModified": 1775811116,
        "narHash": "sha256-t+HZK42pB6N+i5RGbuy7Xluez/VvWbembBdvzsc23Ss=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "30a3c519afcf3f99e2c6df3b359aec5692054d92",
+        "rev": "54170c54449ea4d6725efd30d719c5e505f1c10e",
        "type": "github"
      },
      "original": {
@@ -676,13 +743,29 @@
        "type": "github"
      }
    },
-    "nixpkgs_4": {
+    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1755615617,
+        "lastModified": 1775423009,
-        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
+        "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_6": {
      "locked": {
        "lastModified": 1775710090,
        "narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
+        "rev": "4c1018dae018162ec878d42fec712642d214fdfa",
        "type": "github"
      },
      "original": {
@@ -692,13 +775,13 @@
        "type": "github"
      }
    },
-    "nixpkgs_5": {
+    "nixpkgs_7": {
      "locked": {
-        "lastModified": 1755577059,
+        "lastModified": 1774701658,
-        "narHash": "sha256-5hYhxIpco8xR+IpP3uU56+4+Bw7mf7EMyxS/HqUYHQY=",
+        "narHash": "sha256-CIS/4AMUSwUyC8X5g+5JsMRvIUL3YUfewe8K4VrbsSQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "97eb7ee0da337d385ab015a23e15022c865be75c",
+        "rev": "b63fe7f000adcfa269967eeff72c64cafecbbebe",
        "type": "github"
      },
      "original": {
@@ -710,16 +793,17 @@
    },
    "nixvim": {
      "inputs": {
-        "flake-parts": "flake-parts",
+        "flake-parts": "flake-parts_3",
-        "nixpkgs": "nixpkgs_4",
+        "home-manager": "home-manager_3",
        "nixpkgs": "nixpkgs_6",
        "nixvim": "nixvim_2"
      },
      "locked": {
-        "lastModified": 1760575893,
+        "lastModified": 1776887413,
-        "narHash": "sha256-u6eyhxtlxgG29uI2VCSt5Ir6/BW9hkhglCTfbJ14Hgg=",
+        "narHash": "sha256-zIx29OCh30Bpi4lHwce/5Qz86n6OVqDFi3P5QLRXh7Y=",
        "ref": "refs/heads/master",
-        "rev": "bcc5185ef433a77b18f5aa585ee79d97f9a8e69c",
+        "rev": "7fb16160f7170a580d6791d0f26736ff68cceb3c",
-        "revCount": 36,
+        "revCount": 40,
        "type": "git",
        "url": "https://gitea.esotericbytes.com/Blunkall-Technologies/Moirai"
      },
@@ -730,17 +814,16 @@
    },
    "nixvim_2": {
      "inputs": {
-        "flake-parts": "flake-parts_2",
+        "flake-parts": "flake-parts_4",
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_7",
-        "nuschtosSearch": "nuschtosSearch",
+        "systems": "systems_2"
        "systems": "systems_4"
      },
      "locked": {
-        "lastModified": 1755741137,
+        "lastModified": 1775837497,
-        "narHash": "sha256-YnpE/fOL3H8cJZ9by/YmeNhIqOQdKuZRYA1L3+w6WsI=",
+        "narHash": "sha256-L17VI03w/wVXvc1SK7EI1muLqHxD3+esYPPzgQvvdOE=",
        "owner": "nix-community",
        "repo": "nixvim",
-        "rev": "91a38e66240c338e683421a4ee3f525d329fc4ad",
+        "rev": "a587a96a48c705609bfd2ad23f9ae5961eb0d373",
        "type": "github"
      },
      "original": {
@@ -749,30 +832,6 @@
        "type": "github"
      }
    },
    "nuschtosSearch": {
      "inputs": {
        "flake-utils": "flake-utils_2",
        "ixx": "ixx",
        "nixpkgs": [
          "nixvim",
          "nixvim",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1755555503,
        "narHash": "sha256-WiOO7GUOsJ4/DoMy2IC5InnqRDSo2U11la48vCCIjjY=",
        "owner": "NuschtOS",
        "repo": "search",
        "rev": "6f3efef888b92e6520f10eae15b86ff537e1d2ea",
        "type": "github"
      },
      "original": {
        "owner": "NuschtOS",
        "repo": "search",
        "type": "github"
      }
    },
    "pre-commit-hooks": {
      "inputs": {
        "flake-compat": "flake-compat",
@@ -783,11 +842,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767281941,
+        "lastModified": 1775036584,
-        "narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=",
+        "narHash": "sha256-zW0lyy7ZNNT/x8JhzFHBsP2IPx7ATZIPai4FJj12BgU=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa",
+        "rev": "4e0eb042b67d863b1b34b3f64d52ceb9cd926735",
        "type": "github"
      },
      "original": {
@@ -798,12 +857,14 @@
    },
    "root": {
      "inputs": {
        "aurora": "aurora",
        "disko": "disko",
        "firefox-addons": "firefox-addons",
-        "home-manager": "home-manager",
+        "flake-parts": "flake-parts_2",
        "home-manager": "home-manager_2",
        "hyprland": "hyprland",
-        "nix-minecraft": "nix-minecraft",
+        "import-tree": "import-tree_2",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_4",
        "nixpkgs-us": "nixpkgs-us",
        "nixvim": "nixvim",
        "sops-nix": "sops-nix"
@@ -816,11 +877,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767499857,
+        "lastModified": 1775682595,
-        "narHash": "sha256-0zUU/PW09d6oBaR8x8vMHcAhg1MOvo3CwoXgHijzzNE=",
+        "narHash": "sha256-0E9PohY/VuESLq0LR4doaH7hTag513sDDW5n5qmHd1Q=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "ecc41505948ec2ab0325f14c9862a4329c2b4190",
+        "rev": "d2e8438d5886e92bc5e7c40c035ab6cae0c41f76",
        "type": "github"
      },
      "original": {
@@ -859,36 +920,6 @@
        "type": "github"
      }
    },
    "systems_3": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "systems_4": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "xdph": {
      "inputs": {
        "hyprland-protocols": [
@@ -917,11 +948,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1761431178,
+        "lastModified": 1773601989,
-        "narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=",
+        "narHash": "sha256-2tJf/CQoHApoIudxHeJye+0Ii7scR0Yyi7pNiWk0Hn8=",
        "owner": "hyprwm",
        "repo": "xdg-desktop-portal-hyprland",
-        "rev": "4b8801228ff958d028f588f0c2b911dbf32297f9",
+        "rev": "a9b862d1aa000a676d310cc62d249f7ad726233d",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -21,188 +21,25 @@
            inputs.nixpkgs.follows = "nixpkgs";
        };
        flake-parts.url = "github:hercules-ci/flake-parts";
        import-tree.url = "github:vic/import-tree";
        firefox-addons = {
            url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
            inputs.nixpkgs.follows = "nixpkgs";
        };
        nix-minecraft.url = "github:Infinidoge/nix-minecraft";
        #simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11";
        hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
        nixvim.url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Moirai";
        #nixvim.url = "git+file:///home/nathan/Projects/Moirai";
-        self.submodules = true;
+        aurora.url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Aurora";
        #aurora.url = "git+file:///home/nathan/Projects/Aurora";
    };
-    outputs = { self, nixpkgs, home-manager, ... } @ inputs: {
+    outputs = { ... } @ inputs: 
-
+    inputs.flake-parts.lib.mkFlake { inherit inputs; }
-        profiles = let 
+    (inputs.import-tree [ ./modules ]);
            dir = builtins.readDir ./system/profiles;
            filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
        in (builtins.listToAttrs 
            (builtins.map 
                (name: ({
                    inherit name;
                    value = { ... }: {
                        imports = [
                            ./system
                            ./system/profiles/${name}
                        ];
                    };
                })) filtered)
            );
        homes = let 
            dir = builtins.readDir ./system/users;
            filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
        in (builtins.listToAttrs 
            (builtins.map 
                (name: ({
                    inherit name;
                    value = { ... } @ exputs: {
                        imports = [
                            (./system/users/${name}/home-manager (inputs // exputs))
                        ];
                    };
                })) filtered)
            );
        iso = (nixpkgs.lib.nixosSystem {
                system = "x86_64-linux";
                specialArgs = { 
                    inputs = inputs // { 
                        nathan = self.homes.nathan;
                        inherit self;
                    }; 
                };
                modules = [
                    self.profiles.iso
                ];
            }).config.system.build.isoImage;
        templates = {
            nixos = {
                welcomeText = ''
                    #Welcome to Olympus!
                    Have Fun!
                '';
                description = ''
                    Generate this where you want your config.
                '';
                path = ./templates/nixos;
            };
            home-manager = {
                welcomeText = ''
                    #Welcome to Olympus!
                    Have Fun!
                '';
                description = ''
                    Generate this where you want your config.
                '';
                path = ./templates/home-manager;
            };
            nix-on-droid = {
                welcomeText = ''
                    #Welcome to Olympus!
                    Have Fun!
                '';
                description = ''
                    Generate this where you want your config.
                '';
                path = ./templates/nix-on-droid;
            };
            machines = let 
                dir = builtins.readDir ./machines;
                filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
            in (builtins.listToAttrs 
                (builtins.map 
                    (name: ({
                        inherit name;
                        value = {
                            welcomeText = ''
                                #Welcome to Olympus!
                                ##Warning:
                                This is a config for ${name}, an established machine!
                                It may require significant alterations to be usable!
                            '';
                            description = ''
                                Generate this where you want your config.
                            '';
                            path = ./machines/${name};
                        };
                    })) filtered)
               );
            homes = let 
                dir = builtins.readDir ./homes;
                filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
            in (builtins.listToAttrs 
                (builtins.map 
                    (name: ({
                        inherit name;
                        value = {
                            welcomeText = ''
                                #Welcome home, ${name}!
                                Your config is right here.
                            '';
                            description = ''
                                Generate this where you want your config.
                            '';
                            path = ./homes/${name};
                        };
                    })) filtered)
               );
            default = self.templates.nixos;
        };
        nixosConfigurations = let 
                dir = builtins.readDir ./machines;
                filtered = builtins.filter (x: dir.${x} == "directory" && x != "android") (builtins.attrNames dir);
            in (builtins.listToAttrs 
                (builtins.map 
                    (name: ({
                        inherit name;
                        value = nixpkgs.lib.nixosSystem {
                            specialArgs = inputs;
                            modules = [
                                { sysconfig.host = name; }
                                ./machines/${name}
                                self.profiles.${name}
                            ];
                        };
                    })) filtered)
               );
    };
 }
--- a/homes/nathan/flake.nix
+++ b/homes/nathan/flake.nix
@@ -1,40 +0,0 @@
 {
    description = "Home-Manager Configuration";
    inputs = {
        nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
        home-manager = {
            url = "github:nix-community/home-manager/release-25.05";
            inputs.nixpkgs.follows = "nixpkgs";
        };
        olympus = {
            url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Olympus";
            inputs.nixpkgs.follows = "nixpkgs";
            inputs.home-manager.follows = "home-manager";
        };
    };
    outputs = { self, nixpkgs, home-manager, olympus, ... } @ inputs: {
        homeConfigurations = {
            nathan = home-manager.lib.homeManagerConfiguration {
                pkgs = import nixpkgs {
                    system = builtins.currentSystem;
                };
                modules = [
                    olympus.homes.nathan
                    ./home.nix
                ];
                extraSpecialArgs = {
                    inherit inputs;
                };
            };
        };
    };
 }
--- a/homes/nathan/home.nix
+++ b/homes/nathan/home.nix
@@ -1,11 +0,0 @@
 { ... }:
 {
    config = {                    
        homeconfig = {
            graphical = false;
            minimal = false;
        };
    };
 }
--- a/machines/android
+++ b/machines/android
--- a/machines/homebox
+++ b/machines/homebox
--- a/machines/laptop
+++ b/machines/laptop
--- a/modules/features/aurora-greeter.nix
+++ b/modules/features/aurora-greeter.nix
@@ -0,0 +1,16 @@
 { inputs, ... }: {
    flake.nixosModules.aurora-greeter = { config, lib, pkgs, ... }: {
        imports = [
            inputs.aurora.nixosModules.default
        ];
        config = {
            services.aurora-greeter = {
                enable = true;
            };
        };
    };
 }
--- a/modules/features/authentik.nix
+++ b/modules/features/authentik.nix
@@ -0,0 +1,236 @@
 { ... }: {
    flake.nixosModules.authentik = { config, lib, pkgs, ... }: let
    hostPort = 9005;
    subdomain = "auth";
    name = "authentik";
    in {
        config = {
            networking.firewall.interfaces = {
                "ve-traefik" = {
                    allowedTCPPorts = [ hostPort ];
                };
            };
            sops.secrets = {
                "authentik/pass" = {};
                "authentik/secret_key" = {};
            };
            sops.templates."authentik.env" = {
                content = ''
                    PG_PASS=${config.sops.placeholder."authentik/pass"}
                SECRET_KEY=${config.sops.placeholder."authentik/secret_key"}
                '';
            };
            virtualisation.oci-containers.containers."authentik-postgresql" = {
                image = "docker.io/library/postgres:16-alpine";
                environment = {
                    "POSTGRES_DB" = "authentik";
                    "POSTGRES_PASSWORD" = "\${PG_PASS}";
                    "POSTGRES_USER" = "authentik";
                };
                environmentFiles = [ config.sops.templates."authentik.env".path ];
                volumes = [
                    "authentik_database:/var/lib/postgresql/data:rw"
                ];
                log-driver = "journald";
                extraOptions = [
                    "--health-cmd=pg_isready -d \${POSTGRES_DB} -U \${POSTGRES_USER}"
                        "--health-interval=30s"
                        "--health-retries=5"
                        "--health-start-period=20s"
                        "--health-timeout=5s"
                        "--network-alias=postgresql"
                        "--network=authentik_default"
                ];
            };
            systemd.services."docker-authentik-postgresql" = {
                serviceConfig = {
                    Restart = lib.mkOverride 90 "always";
                    RestartMaxDelaySec = lib.mkOverride 90 "1m";
                    RestartSec = lib.mkOverride 90 "100ms";
                    RestartSteps = lib.mkOverride 90 9;
                };
                after = [
                    "docker-network-authentik_default.service"
                        "docker-volume-authentik_database.service" 
                ];
                requires = [
                    "docker-network-authentik_default.service"
                        "docker-volume-authentik_database.service" 
                ];
                partOf = [
                    "docker-compose-authentik-root.target"
                ];
                wantedBy = [
                    "docker-compose-authentik-root.target"
                ];
            };
            virtualisation.oci-containers.containers."authentik-server" = {
                image = "ghcr.io/goauthentik/server:2025.12.2";
                environment = {
                    "AUTHENTIK_POSTGRESQL__HOST" = "postgresql";
                    "AUTHENTIK_POSTGRESQL__NAME" = "authentik";
                    "AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}";
                    "AUTHENTIK_POSTGRESQL__USER" = "authentik";
                    "AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}";
                };
                environmentFiles = [ config.sops.templates."authentik.env".path ];
                labels = {
                    "traefik.enable" = "true";
                    "traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
                    "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
                    "traefik.http.routers.${name}.service" = "${name}";
                    "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
                    "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:${builtins.toString hostPort}";
                    "traefik.http.middlewares.authentik.forwardauth.address" = "https://auth.esotericbytes.com/outpost.goauthentik.io/auth/traefik";
                    "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true";
                    "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-entitlements,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version";
                };
                volumes = [
                    "/etc/Authentik/custom-templates:/templates:rw"
                        "/etc/Authentik/data:/data:rw"
                ];
                ports = [
                    "${builtins.toString hostPort}:9000/tcp"
 #"9443:9443/tcp"
                ];
                cmd = [ "server" ];
                dependsOn = [
                    "authentik-postgresql"
                ];
                log-driver = "journald";
                extraOptions = [
                    "--network-alias=server"
                        "--network-alias=authentik-server"
                        "--network-alias=${name}"
                        "--ip=192.168.101.6"
                ];
                networks = [
                    "docker-main"
                        "authentik_default"
                ];
            };
            systemd.services."docker-authentik-server" = {
                serviceConfig = {
                    Restart = lib.mkOverride 90 "always";
                    RestartMaxDelaySec = lib.mkOverride 90 "1m";
                    RestartSec = lib.mkOverride 90 "100ms";
                    RestartSteps = lib.mkOverride 90 9;
                };
                after = [
                    "docker-network-authentik_default.service"
                        "docker-network-setup.service" 
                ];
                requires = [
                    "docker-network-authentik_default.service"
                        "docker-network-setup.service" 
                ];
                partOf = [
                    "docker-compose-authentik-root.target"
                ];
                wantedBy = [
                    "docker-compose-authentik-root.target"
                ];
            };
            virtualisation.oci-containers.containers."authentik-worker" = {
                image = "ghcr.io/goauthentik/server:2025.12.2";
                environment = {
                    "AUTHENTIK_POSTGRESQL__HOST" = "postgresql";
                    "AUTHENTIK_POSTGRESQL__NAME" = "authentik";
                    "AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}";
                    "AUTHENTIK_POSTGRESQL__USER" = "authentik";
                    "AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}";
                };
                environmentFiles = [ config.sops.templates."authentik.env".path ];
                volumes = [
                    "/etc/Authentik/certs:/certs:rw"
                        "/etc/Authentik/custom-templates:/templates:rw"
                        "/etc/Authentik/data:/data:rw"
                        "/var/run/docker.sock:/var/run/docker.sock:rw"
                ];
                cmd = [ "worker" ];
                dependsOn = [
                    "authentik-postgresql"
                ];
                user = "root";
                log-driver = "journald";
                extraOptions = [
                    "--network-alias=worker"
                        "--network=authentik_default"
                ];
            };
            systemd.services."docker-authentik-worker" = {
                serviceConfig = {
                    Restart = lib.mkOverride 90 "always";
                    RestartMaxDelaySec = lib.mkOverride 90 "1m";
                    RestartSec = lib.mkOverride 90 "100ms";
                    RestartSteps = lib.mkOverride 90 9;
                };
                after = [
                    "docker-network-authentik_default.service"
                ];
                requires = [
                    "docker-network-authentik_default.service"
                ];
                partOf = [
                    "docker-compose-authentik-root.target"
                ];
                wantedBy = [
                    "docker-compose-authentik-root.target"
                ];
            };
 # Networks
            systemd.services."docker-network-authentik_default" = {
                path = [ pkgs.docker ];
                serviceConfig = {
                    Type = "oneshot";
                    RemainAfterExit = true;
                    ExecStop = "docker network rm -f authentik_default";
                };
                script = ''
                    docker network inspect authentik_default || docker network create authentik_default
                    '';
                partOf = [ "docker-compose-authentik-root.target" ];
                wantedBy = [ "docker-compose-authentik-root.target" ];
            };
 # Volumes
            systemd.services."docker-volume-authentik_database" = {
                path = [ pkgs.docker ];
                serviceConfig = {
                    Type = "oneshot";
                    RemainAfterExit = true;
                };
                script = ''
                    docker volume inspect authentik_database || docker volume create authentik_database --driver=local
                    '';
                partOf = [ "docker-compose-authentik-root.target" ];
                wantedBy = [ "docker-compose-authentik-root.target" ];
            };
 # Root service
 # When started, this will automatically create all resources and start
 # the containers. When stopped, this will teardown all resources.
            systemd.targets."docker-compose-authentik-root" = {
                unitConfig = {
                    Description = "Root target generated by compose2nix.";
                };
                wantedBy = [ "multi-user.target" ];
            };
        };
    };
 }
--- a/modules/features/avahi.nix
+++ b/modules/features/avahi.nix
@@ -0,0 +1,20 @@
 { ... }: {
    flake.nixosModules.avahi = { config, lib, ... }: {
        config = {
            services.avahi = {
                enable = true;
                ipv4 = true;
                ipv6 = true;
                openFirewall = true;
                nssmdns4 = true;
                wideArea = true;
            };   
        };
    };
 }
--- a/modules/features/code-server.nix
+++ b/modules/features/code-server.nix
@@ -0,0 +1,39 @@
 { ... }: {
    flake.nixosModules.code-server = { config, lib, ... }: {
        config = {
            containers.code-server = {
                autoStart = true;
                privateNetwork = true;
                hostAddress = "192.168.100.10";
                localAddress = "192.168.100.31";
                config = {
                    services.code-server = {
                        enable = true;
                        hashedPassword = "1$WFYzcW1TNmpYM1ZKU3lielNCaXAyRkF2K3FjPQ$bSeeV4bvL2uiDYKiQjBLJPAO13/gNjYVgw8YKFtTQDI";
                        disableUpdateCheck = true;
                        disableTelemetry = true;
                        disableGettingStartedOverride = true;
                        auth = "none";
                        host = "0.0.0.0";
                    };
                    networking.firewall.allowedTCPPorts = [ 4444 ];
                    system.stateVersion = "25.05";
                };
            };
        };
    };
 }
--- a/modules/features/default.nix
+++ b/modules/features/default.nix
@@ -0,0 +1,96 @@
 { inputs, ... }: {
    flake.nixosModules.default = { config, lib, pkgs, ... }: {
        imports = [
            inputs.sops-nix.nixosModules.sops
        ];
        config = {
            nix = {
                nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
                channel.enable = false;
                settings = {
                    experimental-features = [ "nix-command" "flakes" ];
                    builders-use-substitutes = (config.sops.secrets ? "remoteBuildKey");
                    substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"];
                    trusted-substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"];
                    trusted-public-keys = lib.mkIf config.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
                };
                distributedBuilds = lib.mkDefault (config.sops.secrets ? "remoteBuildKey");
                buildMachines = lib.mkIf (config.sops.secrets ? "remoteBuildKey") [
                {
                    hostName = "esotericbytes.com";
                    sshUser = "remote-builder";
                    sshKey = config.sops.secrets."remoteBuildKey".path;
                    supportedFeatures = [
                        "nixos-test"
                            "benchmark"
                            "big-parallel"
                            "kvm"
                    ];
                    systems = [ "x86_64-linux" "aarch64-linux" ];
                }
                ];
            };
            users.users."remote-builder" = lib.mkIf (builtins.any
                (x: (builtins.match "^remoteBuildClientKeys/.+" x) != null) 
                (builtins.attrNames config.sops.secrets)
            ) {
                isNormalUser = true;
                createHome = false;
            };
            sops.templates."remote-builder" = lib.mkIf (builtins.any
                (x: (builtins.match "^remoteBuildClientKeys/.+" x) != null) 
                (builtins.attrNames config.sops.secrets)
            )  {
                content = builtins.concatStringsSep ''''\n'' (builtins.map 
                        (y: config.sops.placeholder.${y}) 
                        (builtins.filter 
                         (x: (builtins.match "^remoteBuildClientKeys/.+" x) != null) 
                         (builtins.attrNames config.sops.secrets)
                        )
                        );
                path = "/etc/ssh/authorized_keys.d/remote-builder";
                owner = "remote-builder";
            };
            sops = {
                age.keyFile = "/var/lib/sops/age/keys.txt";
                defaultSopsFormat = "yaml";
            };
            programs.fuse.userAllowOther = true;
            home-manager = {
                backupFileExtension = "backup";
                useUserPackages = true;
                sharedModules = [];
            };
            time.timeZone = lib.mkDefault "America/Chicago";
            i18n = lib.mkDefault {
                defaultLocale = "en_US.UTF-8";
                extraLocaleSettings = {
                    LC_ADDRESS = "en_US.UTF-8";
                    LC_IDENTIFICATION = "en_US.UTF-8";
                    LC_MEASUREMENT = "en_US.UTF-8";
                    LC_MONETARY = "en_US.UTF-8";
                    LC_NAME = "en_US.UTF-8";
                    LC_NUMERIC = "en_US.UTF-8";
                    LC_PAPER = "en_US.UTF-8";
                    LC_TELEPHONE = "en_US.UTF-8";
                    LC_TIME = "en_US.UTF-8";
                };
            };
        };
    };
 }
--- a/modules/features/docker-mailserver.nix
+++ b/modules/features/docker-mailserver.nix
@@ -0,0 +1 @@
 {}
--- a/modules/features/docker.nix
+++ b/modules/features/docker.nix
@@ -0,0 +1,49 @@
 { ... }: {
    flake.nixosModules.docker = { config, lib, pkgs, ... }: {
        config = {
            networking.nat.internalInterfaces = [ "docker0" "docker-main" ];
            virtualisation = {
                docker = {
                    enable = true;
                    storageDriver = "btrfs";
                };
                oci-containers = {
                    backend = "docker";
                };
            };
            hardware.nvidia-container-toolkit.enable = lib.mkDefault (builtins.any 
                (x: x == "nvidia") 
                config.services.xserver.videoDrivers
            );
            systemd.services."docker-network-setup" = {
                path = [ pkgs.docker ];
                serviceConfig = {
                    Type = "oneshot";
                    RemainAfterExit = true;
                    ExecStop = "docker network rm -f docker-main";
                };
                script = ''
                    docker network inspect docker-main ||
                    docker network create -d bridge docker-main \
                    --attachable --subnet 192.168.101.0/24 --ip-range 192.168.101.0/24 \
                    --gateway 192.168.101.1 \
                    -o "com.docker.network.bridge.name"="docker-main" \
                    -o "com.docker.network.bridge.trusted_host_interfaces"="wt0:ve-netbird:ve-traefik"
                    '';
                wantedBy = [ "docker-net.target" ];
            };
            systemd.targets."docker-net" = {
                wantedBy = [ "multi-user.target" ];
            };
        };
    };
 }
--- a/modules/features/dynamicDNS.nix
+++ b/modules/features/dynamicDNS.nix
@@ -0,0 +1,38 @@
 { ... }: {
    flake.nixosModules.dynamicDNS = { config, lib, pkgs, ... }: {
        config = {
            systemd.timers.dynamicDNS = {
                wantedBy = [ "timers.target" ];
                timerConfig = {
                    OnBootSec = "5m";
                    OnUnitActiveSec = "1h";
                    Unit = "dynamicDNS.service";
                };
            };
            systemd.services.dynamicDNS = {
                name = "dynamicDNS.service";
                serviceConfig = {
                    Type = "oneshot";
                    LoadCredential = [ "cloudflare-api-key" ];
                };
                script = '''';
            };
        };
    };
 }
--- a/modules/features/gitea.nix
+++ b/modules/features/gitea.nix
@@ -0,0 +1,258 @@
 { ... }: {
    flake.nixosModules.gitea = { config, lib, ... }: {
        config = {
            networking = {
                nat.internalInterfaces = [ "ve-gitea" ];
            };
            sops.secrets = {
                "gitea/dbpass" = {};
            };
            containers.gitea = {
                autoStart = true;
                privateNetwork = true;
                hostAddress = "192.168.100.10";
                localAddress = "192.168.100.20";
                bindMounts = {
                    "/etc/gitea/data" = {
                        hostPath = "/ssd1/Gitea/data";
                        isReadOnly = false;
                    };
                };
                extraFlags = [
                    "--load-credential=dbpass:${config.sops.secrets."gitea/dbpass".path}"
                ];
                config = {
                    systemd.services.secrets_setup = {
                        wantedBy = [ "gitea.service" ];
                        serviceConfig = {
                            LoadCredential = [
                                "dbpass"
                            ];
                        };
                        script = ''
                            cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitea/dbpass
                            chown gitea:gitea /etc/gitea/*
                        '';
                    };
                    services.gitea = {
                        enable = true;
                        stateDir = "/etc/gitea/data";
                        dump.enable = false;
                        appName = "Gitea";
                        settings = {
                            server = {
                                DOMAIN = "gitea.esotericbytes.com";
                                HTTP_PORT = 3000;
                                ROOT_URL = "https://gitea.esotericbytes.com/";
                            };
                            service = {
                                DISABLE_REGISTRATION = false;
                                ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
                                REQUIRE_SIGNIN_VIEW = false;
                            };
                            oauth2_client = {
                                ENABLE_AUTO_REGISTRATION = true;
                            };
                            session.COOKIE_SECURE = true;
                            cron = {
                                ENABLED = true;
                                RUN_AT_START = true;
                            };
                            repository = {
                                DEFAULT_BRANCH = "master";
                            };
                        };
                        database = {
                            passwordFile = "/etc/gitea/dbpass";
                            type = "postgres";
                        };
                    };
                    services.openssh = {
                        enable = true;
                        openFirewall = true;
                        settings = {
                            PermitRootLogin = lib.mkForce "no";
                            PasswordAuthentication = false;
                            KbdInteractiveAuthentication = false;
                        };
                        ports = [ 2222 ];
                    };
                    networking.firewall.allowedTCPPorts = [ 3000 ];
                    system.stateVersion = "24.11";
                };
            };
        };
    };
    flake.nixosModules.gitea-docker = { config, lib, pkgs, ... }: let
    subdomain = "gitea";
    name = "gitea";
    in {
        config = {
            virtualisation.oci-containers.containers."${name}" = {
                image = "docker.gitea.com/gitea:1.25.4";
 # unstable, waiting for 26.05
 #pull = "newer";
                hostname = "${subdomain}.esotericbytes.com";
                networks = [
                    "docker-main"
                ];
                labels = {
                    "traefik.enable" = "true";
                    "traefik.http.routers.${name}.entrypoints" = "localsecure";
                    "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
                    "traefik.http.routers.${name}.service" = "${name}";
                    "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
                    "traefik.http.services.${name}.loadbalancer.server.port" = "3000";
                    "traefik.tcp.routers.${name}-ssh.entrypoints" = "gitea-ssh";
                    "traefik.tcp.routers.${name}-ssh.rule" = "HostSNI(`*`)";
                    "traefik.tcp.routers.${name}-ssh.service" = "${name}-ssh";
                    "traefik.tcp.services.${name}-ssh.loadbalancer.server.port" = "22";
                };
                ports = [
                ];
                extraOptions = [
                    "--ip=192.168.101.20"
                ];
                volumes = [
                    "vol_gitea:/data"
                ];
                environment = {
                };
            };
            virtualisation.oci-containers.containers."${name}-db" = {
                image = "docker.io/library/postgres:14";
 # unstable, waiting for 26.05
 #pull = "newer";
                hostname = "${name}-db";
                networks = [
                    "docker-main"
                ];
                labels = {
                };
                ports = [
                ];
                extraOptions = [
                    "--ip=192.168.101.21"
                ];
                volumes = [
                    "/etc/gitea/db:/var/lib/postgresql/data"
                ];
                environment = {
                };
            };
            systemd.services."docker-gitea" = {
                serviceConfig = {
                    Restart = lib.mkOverride 90 "always";
                    RestartMaxDelaySec = lib.mkOverride 90 "1m";
                    RestartSec = lib.mkOverride 90 "100ms";
                    RestartSteps = lib.mkOverride 90 9;
                };
                after = [
                    "docker-network-setup.service"
                        "docker-volume-gitea.service" 
                        "docker-gitea-db.service" 
                ];
                requires = [
                    "docker-network-setup.service"
                        "docker-volume-gitea.service" 
                        "docker-gitea-db.service" 
                ];
                partOf = [
                    "docker-compose-gitea-root.target"
                ];
                wantedBy = [
                    "docker-compose-gitea-root.target"
                ];
            };
            systemd.services."docker-gitea-db" = {
                serviceConfig = {
                    Restart = lib.mkOverride 90 "always";
                    RestartMaxDelaySec = lib.mkOverride 90 "1m";
                    RestartSec = lib.mkOverride 90 "100ms";
                    RestartSteps = lib.mkOverride 90 9;
                };
                after = [
                    "docker-network-setup.service"
                ];
                requires = [
                    "docker-network-setup.service"
                ];
                partOf = [
                    "docker-compose-gitea-root.target"
                ];
                wantedBy = [
                    "docker-compose-gitea-root.target"
                ];
            };
            systemd.services."docker-volume-gitea" = {
                path = [ pkgs.docker ];
                serviceConfig = {
                    Type = "oneshot";
                    RemainAfterExit = true;
                };
                script = ''
                    docker volume inspect vol_gitea || docker volume create vol_gitea --driver=local
                    '';
                partOf = [ "docker-compose-gitea-root.target" ];
                wantedBy = [ "docker-compose-gitea-root.target" ];
            };
        };
    };
 }
--- a/modules/features/home-assistant/configuration.yaml
+++ b/modules/features/home-assistant/configuration.yaml
@@ -0,0 +1,16 @@
 # Loads default set of integrations. Do not remove.
 default_config:
 # Load frontend themes from the themes folder
 frontend:
  themes: !include_dir_merge_named themes
 automation: !include automations.yaml
 script: !include scripts.yaml
 scene: !include scenes.yaml
 http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.101.11
--- a/modules/features/home-assistant/home-assistant.nix
+++ b/modules/features/home-assistant/home-assistant.nix
@@ -0,0 +1,63 @@
 { ... }: {
    flake.nixosModules.home-assistant = { config, lib, ... }: let
    subdomain = "hass";
    name = "home-assistant";
    in {
        config = {
            environment.etc."home-assistant/configuration.yaml".source = ./configuration.yaml;
            virtualisation.oci-containers.containers.home-assistant = {
                image = "ghcr.io/home-assistant/home-assistant:stable";
 # unstable, waiting for 26.05
 #pull = "newer";
                hostname = "${subdomain}.esotericbytes.com";
                networks = [
                    "docker-main"
                ];
                labels = {
                    "traefik.enable" = "true";
                    "traefik.http.routers.${name}.entrypoints" = "localsecure";
                    "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
                    "traefik.http.routers.${name}.service" = "${name}";
                    "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
 #"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
                    "traefik.http.services.${name}.loadbalancer.server.port" = "8123";
                };
                environment = {
                    TZ = "America/Chicago";
                };
                extraOptions = [
                    "--ip=192.168.101.13"
                ];
                ports = [
                ];
                volumes = [
                    "vol_home-assistant:/config/"
                        "/etc/home-assistant/configuration.yaml:/config/configuration.yaml"
                ];
            };
        };
    };
    flake.nixosModules.home-assistant-vm = { config, lib, ... }: {
        config = {
        };
    };
 }
--- a/modules/features/hyprland.nix
+++ b/modules/features/hyprland.nix
@@ -0,0 +1,28 @@
 { inputs, ... }: {
    flake.nixosModules.hyprland = { config, lib, pkgs, ... }: {
        config = {
            environment.sessionVariables.NIXOS_OZONE_WL = "1";
            programs.hyprland = let
                system = pkgs.stdenv.hostPlatform.system;
                #pkgs-us = import inputs.nixpkgs-us { inherit system; };
            in {
                enable = true;
                withUWSM = false;
                xwayland.enable = true;
                systemd.setPath.enable = true;
                package = inputs.hyprland.packages.${system}.hyprland;
                portalPackage = inputs.hyprland.packages.${system}.xdg-desktop-portal-hyprland;
            };
        };
    };
 }
--- a/modules/features/jellyfin.nix
+++ b/modules/features/jellyfin.nix
@@ -0,0 +1,117 @@
 { ... }: {
    flake.nixosModules.jellyfin = { config, lib, pkgs, ... }: let
    subdomain = "watch";
    name = "jellyfin";
    in {
        config = {
            networking.firewall.allowedUDPPorts = [ 7359 ];
            virtualisation.oci-containers.containers.jellyfin = {
                image = "jellyfin/jellyfin:10.11.6";
 # unstable, waiting for 26.05
 #pull = "newer";
                hostname = "${subdomain}.esotericbytes.com";
                networks = [
                    "docker-main"
                ];
                ports = [
                    "7359:7359/udp"
                ];
                volumes = [
                    "vol_jellyfin-config:/config"
                        "vol_jellyfin-cache:/cache"
                        "/etc/jellyfin/media:/media"
                ];
                labels = {
                    "traefik.enable" = "true";
                    "traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
                    "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
                    "traefik.http.routers.${name}.service" = "${name}";
                    "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
                    "traefik.http.services.${name}.loadbalancer.server.port" = "8096";
                };
                extraOptions = lib.mkMerge [
                    (lib.mkIf config.hardware.nvidia-container-toolkit.enable [
                        "--device=nvidia.com/gpu=all"
                    ])
                    [ "--ip=192.168.101.21" ]
                ];
                environment = {
                    JELLYFIN_PublishedServerUrl = "https://${subdomain}.esotericbytes.com";
                };
            };
            systemd.services."docker-jellyfin" = {
                serviceConfig = {
                    Restart = lib.mkOverride 90 "always";
                    RestartMaxDelaySec = lib.mkOverride 90 "1m";
                    RestartSec = lib.mkOverride 90 "100ms";
                    RestartSteps = lib.mkOverride 90 9;
                };
                after = [
                    "docker-network-setup.service"
                        "docker-volume-jellyfin-config.service" 
                        "docker-volume-jellyfin-cache.service" 
                ];
                requires = [
                    "docker-network-setup.service"
                        "docker-volume-jellyfin-config.service" 
                        "docker-volume-jellyfin-cache.service" 
                ];
                partOf = [
                    "docker-compose-jellyfin-root.target"
                ];
                wantedBy = [
                    "docker-compose-jellyfin-root.target"
                ];
            };
            systemd.services."docker-volume-jellyfin-config" = {
                path = [ pkgs.docker ];
                serviceConfig = {
                    Type = "oneshot";
                    RemainAfterExit = true;
                };
                script = ''
                    docker volume inspect vol_jellyfin-config || docker volume create vol_jellyfin-config --driver=local
                    '';
                partOf = [ "docker-compose-jellyfin-root.target" ];
                wantedBy = [ "docker-compose-jellyfin-root.target" ];
            };
            systemd.services."docker-volume-jellyfin-cache" = {
                path = [ pkgs.docker ];
                serviceConfig = {
                    Type = "oneshot";
                    RemainAfterExit = true;
                };
                script = ''
                    docker volume inspect vol_jellyfin-cache || docker volume create vol_jellyfin-cache --driver=local
                    '';
                partOf = [ "docker-compose-jellyfin-root.target" ];
                wantedBy = [ "docker-compose-jellyfin-root.target" ];
            };
            systemd.targets."docker-compose-jellyfin-root" = {
                wantedBy = [ "multi-user.target" ];
            };
        };
    };
 }
--- a/modules/features/kdePlasma6.nix
+++ b/modules/features/kdePlasma6.nix
@@ -0,0 +1,28 @@
 { ... }: {
    flake.nixosModules.kdePlasma6 = { config, lib, pkgs, ... }: {
        config = {
            services.desktopManager.plasma6.enable = true;
            environment.systemPackages = with pkgs; [
                kdePackages.discover # Optional: Install if you use Flatpak or fwupd firmware update sevice
                    kdePackages.kcalc # Calculator
                    kdePackages.kcharselect # Tool to select and copy special characters from all installed fonts
                    kdePackages.kcolorchooser # A small utility to select a color
                    kdePackages.kolourpaint # Easy-to-use paint program
                    kdePackages.ksystemlog # KDE SystemLog Application
                    kdePackages.sddm-kcm # Configuration module for SDDM
                    kdiff3 # Compares and merges 2 or 3 files or directories
                    kdePackages.isoimagewriter # Optional: Program to write hybrid ISO files onto USB disks
                    kdePackages.partitionmanager # Optional Manage the disk devices, partitions and file systems on your computer
                    hardinfo2 # System information and benchmarks for Linux systems
                    haruna # Open source video player built with Qt/QML and libmpv
                    wayland-utils # Wayland utilities
                    wl-clipboard # Command-line copy/paste utilities for Wayland
            ];
        };
    };
 }
--- a/modules/features/kiwix.nix
+++ b/modules/features/kiwix.nix
@@ -0,0 +1 @@
 {}
--- a/modules/features/minecraft.nix
+++ b/modules/features/minecraft.nix
@@ -0,0 +1 @@
 {}
--- a/modules/features/n8n.nix
+++ b/modules/features/n8n.nix
@@ -0,0 +1,100 @@
 { ... }: {
    flake.nixosModules.n8n = { config, lib, pkgs, ... }: let
    subdomain = "n8n";
    name = "n8n";
    in {
        config = {
            virtualisation.oci-containers.containers."${name}" = {
                image = "docker.n8n.io/n8nio/n8n";
 # unstable, waiting for 26.05
 #pull = "newer";
                hostname = "${subdomain}.esotericbytes.com";
                networks = [
                    "docker-main"
                ];
                labels = {
                    "traefik.enable" = "true";
                    "traefik.http.routers.${name}.entrypoints" = "localsecure";
                    "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
                    "traefik.http.routers.${name}.service" = "${name}";
                    "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
                    "traefik.http.services.${name}.loadbalancer.server.port" = "5678";
                };
                ports = [
                ];
                extraOptions = [
                    "--ip=192.168.101.2"
                ];
                volumes = [
                    "vol_n8n:/etc/n8n"
                ];
                environment = {
                    GENERIC_TIMEZONE = "America/Chicago";
                    TZ = "America/Chicago";
                    N8N_DIAGNOSTICS_ENABLED = "false";
                    N8N_VERSION_NOTIFICATIONS_ENABLED = "false";
                    N8N_TEMPLATES_ENABLED = "false";
                    EXTERNAL_FRONTEND_HOOKS_URLS = "";
                    N8N_DIAGNOSTICS_CONFIG_FRONTEND = "";
                    N8N_DIAGNOSTICS_CONFIG_BACKEND = "";
                    N8N_SECURE_COOKIE = "false";
                };
            };
            systemd.services."docker-n8n" = {
                serviceConfig = {
                    Restart = lib.mkOverride 90 "always";
                    RestartMaxDelaySec = lib.mkOverride 90 "1m";
                    RestartSec = lib.mkOverride 90 "100ms";
                    RestartSteps = lib.mkOverride 90 9;
                };
                after = [
                    "docker-network-setup.service"
                        "docker-volume-n8n.service" 
                ];
                requires = [
                    "docker-network-setup.service"
                        "docker-volume-n8n.service" 
                ];
                partOf = [
                    "docker-compose-n8n-root.target"
                ];
                wantedBy = [
                    "docker-compose-n8n-root.target"
                ];
            };
            systemd.services."docker-volume-n8n" = {
                path = [ pkgs.docker ];
                serviceConfig = {
                    Type = "oneshot";
                    RemainAfterExit = true;
                };
                script = ''
                    docker volume inspect vol_n8n || docker volume create vol_n8n --driver=local
                    '';
                partOf = [ "docker-compose-n8n-root.target" ];
                wantedBy = [ "docker-compose-n8n-root.target" ];
            };
        };
    };
 }
--- a/modules/features/netbird/config/management.json
+++ b/modules/features/netbird/config/management.json
@@ -0,0 +1,27 @@
 {
    "Stuns": [
        {
            "Proto": "udp",
            "URI": "stun:vpn.esotericbytes.com:3478"
        }
    ],
    "Relay": {
        "Addresses": ["rels://vpn.esotericbytes.com:443"],
        "CredentialsTTL": "24h",
        "Secret": "0qSIu/S2sXHJbo0SyBNm4SFxAItRoPLKR4wjnW/Zsgc"
    },
    "Signal": {
        "Proto": "https",
        "URI": "vpn.esotericbytes.com:443"
    },
    "Datadir": "/var/lib/netbird",
    "DataStoreEncryptionKey": "FZnQt+JqAC8GEXUSJwhrgo0vn4PoDetoAhjUx9nSJR0=",
    "EmbeddedIdP": {
        "Enabled": true,
        "Issuer": "https://vpn.esotericbytes.com/oauth2",
        "DashboardRedirectURIs": [
            "https://vpn.esotericbytes.com/nb-auth",
            "https://vpn.esotericbytes.com/nb-silent-auth"
        ]
    }
 }
--- a/modules/features/netbird/netbird.nix
+++ b/modules/features/netbird/netbird.nix
@@ -0,0 +1,258 @@
 { inputs, ... }: {
    flake.nixosModules.netbird = { config, lib, pkgs, ... }: {
        config = let 
            pkgs-us = import inputs.nixpkgs-us {
                system = "x86_64-linux";
            };
        in {
            services.netbird = {
                enable = lib.mkDefault true;
                clients.default = {
                    port = 51820;
                    name = "netbird";
                    interface = "wt0";
                    hardened = false;
                    ui = {
                        enable = lib.mkDefault config.hardware.graphics.enable;
                        #package = pkgs-us.netbird-ui;
                        #package = pkgs.netbird-ui;
                    };
                };
                package = pkgs-us.netbird;
                #package =   pkgs.netbird;
            };
        };
    };
    flake.nixosModules.netbird-docker = { config, lib, pkgs, ... }: {
        config = {
            networking.firewall.allowedUDPPorts = [ 3478 ];
            sops.secrets."netbird/secret_key" = {};
            sops.templates."netbird-relay.env" = {
                content = ''
                    NB_AUTH_SECRET=${config.sops.placeholder."netbird/secret_key"}
                NB_LOG_LEVEL=info
                    NB_LISTEN_ADDRESS=:80
                    NB_EXPOSED_ADDRESS=rels://vpn.esotericbytes.com:443
                    NB_ENABLE_STUN=true
                    NB_STUN_LOG_LEVEL=info
                    NB_STUN_PORTS=3478
                    '';
            };
            environment.etc."netbird/management.json".source = ./config/management.json;
 # Containers
            virtualisation.oci-containers.containers."netbird-dashboard" = {
                image = "netbirdio/dashboard:v2.30.1";
                environment = {
                    "AUTH_AUDIENCE" = "netbird-dashboard";
                    "AUTH_AUTHORITY" = "https://vpn.esotericbytes.com/oauth2";
                    "AUTH_CLIENT_ID" = "netbird-dashboard";
                    "AUTH_CLIENT_SECRET" = "";
                    "AUTH_REDIRECT_URI" = "/nb-auth";
                    "AUTH_SILENT_REDIRECT_URI" = "/nb-silent-auth";
                    "AUTH_SUPPORTED_SCOPES" = "openid profile email groups";
                    "LETSENCRYPT_DOMAIN" = "none";
                    "NETBIRD_MGMT_API_ENDPOINT" = "https://vpn.esotericbytes.com";
                    "NETBIRD_MGMT_GRPC_API_ENDPOINT" = "https://vpn.esotericbytes.com";
                    "NGINX_SSL_PORT" = "443";
                    "USE_AUTH0" = "false";
                };
                labels = {
                    "traefik.enable" = "true";
                    "traefik.http.routers.netbird-dashboard.entrypoints" = "websecure";
                    "traefik.http.routers.netbird-dashboard.priority" = "1";
                    "traefik.http.routers.netbird-dashboard.rule" = "Host(`vpn.esotericbytes.com`)";
                    "traefik.http.routers.netbird-dashboard.tls" = "true";
                    "traefik.http.services.netbird-dashboard.loadbalancer.server.port" = "80";
                };
                log-driver = "journald";
                extraOptions = [
                    "--network-alias=dashboard"
                        "--network=docker-main"
                        "--ip=192.168.101.5"
                ];
            };
            systemd.services."docker-netbird-dashboard" = {
                serviceConfig = {
                    Restart = lib.mkOverride 90 "always";
                    RestartMaxDelaySec = lib.mkOverride 90 "1m";
                    RestartSec = lib.mkOverride 90 "100ms";
                    RestartSteps = lib.mkOverride 90 9;
                };
                partOf = [
                    "docker-compose-netbird-root.target"
                ];
                wantedBy = [
                    "docker-compose-netbird-root.target"
                ];
            };
            virtualisation.oci-containers.containers."netbird-management" = {
                image = "netbirdio/management:0.64.4";
                volumes = [
                    "/etc/netbird/management.json:/etc/netbird/management.json:rw"
                        "netbird_netbird_management:/var/lib/netbird:rw"
                ];
                cmd = [ "--port" "80" "--log-file" "console" "--log-level" "info" "--disable-anonymous-metrics=false" "--single-account-mode-domain=netbird.selfhosted" "--dns-domain=netbird.selfhosted" "--idp-sign-key-refresh-enabled" ];
                labels = {
                    "traefik.enable" = "true";
                    "traefik.http.routers.netbird-api.entrypoints" = "websecure";
                    "traefik.http.routers.netbird-api.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/api`)";
                    "traefik.http.routers.netbird-api.service" = "netbird-api";
                    "traefik.http.routers.netbird-api.tls" = "true";
                    "traefik.http.routers.netbird-mgmt-grpc.entrypoints" = "websecure";
                    "traefik.http.routers.netbird-mgmt-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/management.ManagementService/`)";
                    "traefik.http.routers.netbird-mgmt-grpc.service" = "netbird-mgmt-grpc";
                    "traefik.http.routers.netbird-mgmt-grpc.tls" = "true";
                    "traefik.http.routers.netbird-mgmt-ws.entrypoints" = "websecure";
                    "traefik.http.routers.netbird-mgmt-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/management`)";
                    "traefik.http.routers.netbird-mgmt-ws.service" = "netbird-mgmt-ws";
                    "traefik.http.routers.netbird-mgmt-ws.tls" = "true";
                    "traefik.http.routers.netbird-oauth2.entrypoints" = "websecure";
                    "traefik.http.routers.netbird-oauth2.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/oauth2`)";
                    "traefik.http.routers.netbird-oauth2.service" = "netbird-oauth2";
                    "traefik.http.routers.netbird-oauth2.tls" = "true";
                    "traefik.http.services.netbird-api.loadbalancer.server.port" = "80";
                    "traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.port" = "80";
                    "traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.scheme" = "h2c";
                    "traefik.http.services.netbird-mgmt-ws.loadbalancer.server.port" = "80";
                    "traefik.http.services.netbird-oauth2.loadbalancer.server.port" = "80";
                };
                log-driver = "journald";
                extraOptions = [
                    "--network-alias=management"
                        "--network=docker-main"
                        "--ip=192.168.101.4"
                ];
            };
            systemd.services."docker-netbird-management" = {
                serviceConfig = {
                    Restart = lib.mkOverride 90 "always";
                    RestartMaxDelaySec = lib.mkOverride 90 "1m";
                    RestartSec = lib.mkOverride 90 "100ms";
                    RestartSteps = lib.mkOverride 90 9;
                };
                after = [
                    "docker-volume-netbird_netbird_management.service"
                ];
                requires = [
                    "docker-volume-netbird_netbird_management.service"
                ];
                partOf = [
                    "docker-compose-netbird-root.target"
                ];
                wantedBy = [
                    "docker-compose-netbird-root.target"
                ];
            };
            virtualisation.oci-containers.containers."netbird-relay" = {
                image = "netbirdio/relay:0.64.4";
                environmentFiles = [ config.sops.templates."netbird-relay.env".path ];
                ports = [
                    "3478:3478/udp"
                ];
                labels = {
                    "traefik.enable" = "true";
                    "traefik.http.routers.netbird-relay.entrypoints" = "websecure";
                    "traefik.http.routers.netbird-relay.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/relay`)";
                    "traefik.http.routers.netbird-relay.tls" = "true";
                    "traefik.http.services.netbird-relay.loadbalancer.server.port" = "80";
                };
                log-driver = "journald";
                extraOptions = [
                    "--network-alias=relay"
                        "--network=docker-main"
                        "--ip=192.168.101.3"
                ];
            };
            systemd.services."docker-netbird-relay" = {
                serviceConfig = {
                    Restart = lib.mkOverride 90 "always";
                    RestartMaxDelaySec = lib.mkOverride 90 "1m";
                    RestartSec = lib.mkOverride 90 "100ms";
                    RestartSteps = lib.mkOverride 90 9;
                };
                partOf = [
                    "docker-compose-netbird-root.target"
                ];
                wantedBy = [
                    "docker-compose-netbird-root.target"
                ];
            };
            virtualisation.oci-containers.containers."netbird-signal" = {
                image = "netbirdio/signal:0.64.4";
                labels = {
                    "traefik.enable" = "true";
                    "traefik.http.routers.netbird-signal-grpc.entrypoints" = "websecure";
                    "traefik.http.routers.netbird-signal-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/signalexchange.SignalExchange/`)";
                    "traefik.http.routers.netbird-signal-grpc.service" = "netbird-signal-grpc";
                    "traefik.http.routers.netbird-signal-grpc.tls" = "true";
                    "traefik.http.routers.netbird-signal-ws.entrypoints" = "websecure";
                    "traefik.http.routers.netbird-signal-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/signal`)";
                    "traefik.http.routers.netbird-signal-ws.service" = "netbird-signal-ws";
                    "traefik.http.routers.netbird-signal-ws.tls" = "true";
                    "traefik.http.services.netbird-signal-grpc.loadbalancer.server.port" = "10000";
                    "traefik.http.services.netbird-signal-grpc.loadbalancer.server.scheme" = "h2c";
                    "traefik.http.services.netbird-signal-ws.loadbalancer.server.port" = "80";
                };
                log-driver = "journald";
                extraOptions = [
                    "--network-alias=signal"
                        "--network=docker-main"
                ];
            };
            systemd.services."docker-netbird-signal" = {
                serviceConfig = {
                    Restart = lib.mkOverride 90 "always";
                    RestartMaxDelaySec = lib.mkOverride 90 "1m";
                    RestartSec = lib.mkOverride 90 "100ms";
                    RestartSteps = lib.mkOverride 90 9;
                };
                partOf = [
                    "docker-compose-netbird-root.target"
                ];
                wantedBy = [
                    "docker-compose-netbird-root.target"
                ];
            };
 # Volumes
            systemd.services."docker-volume-netbird_netbird_management" = {
                path = [ pkgs.docker ];
                serviceConfig = {
                    Type = "oneshot";
                    RemainAfterExit = true;
                };
                script = ''
                    docker volume inspect netbird_netbird_management || docker volume create netbird_netbird_management
                    '';
                partOf = [ "docker-compose-netbird-root.target" ];
                wantedBy = [ "docker-compose-netbird-root.target" ];
            };
 # Root service
 # When started, this will automatically create all resources and start
 # the containers. When stopped, this will teardown all resources.
            systemd.targets."docker-compose-netbird-root" = {
                unitConfig = {
                    Description = "Root target generated by compose2nix.";
                };
                wantedBy = [ "multi-user.target" ];
            };
        };
    };
 }
--- a/modules/features/nextcloud.nix
+++ b/modules/features/nextcloud.nix
@@ -0,0 +1,113 @@
 { ... }: {
    flake.nixosModules.nextcloud = { config, lib, pkgs, ... }: let
    subdomain = "cloud";
    name = "nextcloud";
    in {
        config = {
            virtualisation.oci-containers.containers."nextcloud-aio-mastercontainer" = {
                image = "ghcr.io/nextcloud-releases/all-in-one:20260122_105751";
                serviceName = "docker-nextcloud";
 # unstable, waiting for 26.05
 #pull = "newer";
                hostname = "${subdomain}.esotericbytes.com";
                networks = [
                    "docker-main"
                ];
                ports = [
                ];
                volumes = [
                    "nextcloud_aio_mastercontainer:/mnt/docker-aio-config"
                        "/run/docker.sock:/var/run/docker.sock:ro"
                ];
                labels = {
                    "traefik.enable" = "true";
                    "traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
                    "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
                    "traefik.http.routers.${name}.service" = "${name}";
                    "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
                    "traefik.http.routers.${name}.middlewares" = "nextcloud-chain";
                    "traefik.http.middlewares.https-redirect.redirectScheme.scheme" = "https";
                    "traefik.http.middlewares.nextcloud-secure-headers.headers.hostsProxyHeaders" = "X-Forwarded-Host";
                    "traefik.http.middlewares.nextcloud-secure-headers.headers.referrerPolicy" = "same-origin";
                    "traefik.http.middlewares.nextcloud-chain.chain.middlewares" = "https-redirect,nextcloud-secure-headers";
 #"traefik.http.services.${name}.loadbalancer.server.port" = "11000";
                    "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:11000";
                };
                extraOptions = [
                    "--ip=192.168.101.17"
                ];
                environment = {
                    APACHE_PORT = "11000";
                    APACHE_IP = "0.0.0.0";
                    APACHE_ADDITIONAL_NETWORK = "docker-main";
                    SKIP_DOMAIN_VALIDATION = "true";
                    TALK_PORT = "3479";
                };
            };
            systemd.services."docker-nextcloud" = {
                serviceConfig = {
                    Restart = lib.mkOverride 90 "always";
                    RestartMaxDelaySec = lib.mkOverride 90 "1m";
                    RestartSec = lib.mkOverride 90 "100ms";
                    RestartSteps = lib.mkOverride 90 9;
                };
                after = [
                    "docker-network-setup.service"
                        "docker-volume-nextcloud.service" 
                ];
                requires = [
                    "docker-network-setup.service"
                        "docker-volume-nextcloud.service" 
                ];
                partOf = [
                    "docker-compose-nextcloud-root.target"
                ];
                wantedBy = [
                    "docker-compose-nextcloud-root.target"
                ];
            };
            systemd.services."docker-volume-nextcloud" = {
                path = [ pkgs.docker ];
                serviceConfig = {
                    Type = "oneshot";
                    RemainAfterExit = true;
                };
                script = ''
                    docker volume inspect nextcloud_aio_mastercontainer || docker volume create nextcloud_aio_mastercontainer --driver=local
                    '';
                partOf = [ "docker-compose-nextcloud-root.target" ];
                wantedBy = [ "docker-compose-nextcloud-root.target" ];
            };
            systemd.targets."docker-compose-nextcloud-root" = {
                wantedBy = [ "multi-user.target" ];
            };
        };
    };
 }
--- a/modules/features/nginx.nix
+++ b/modules/features/nginx.nix
@@ -0,0 +1,41 @@
 { ... }: {
    flake.nixosModules.nginx = { config, lib, ... }: {
        config = {
            containers.esotericbytes-com = {
                autoStart = true;
                privateNetwork = true;
                hostAddress = "192.168.100.10";
                localAddress = "192.168.100.13";
                bindMounts = {
                    "/var/www/data" = {
                        hostPath = "/ssd1/esotericbytes-com/data";
                        isReadOnly = false;
                    };
                };
                config = {
                    services.nginx = {
                        enable = true;
                        virtualHosts = {
                            "esotericbytes.com" = {
                                enableACME = false;
                                forceSSL = false;
                                root = "/var/www/data";
                            };
                        };
                    };
                    networking.firewall.allowedTCPPorts = [ 80 ];
                    system.stateVersion = "24.05";
                };
            };
        };
    };
 }
--- a/modules/features/novnc.nix
+++ b/modules/features/novnc.nix
@@ -0,0 +1,78 @@
 { ... }: {
    flake.nixosModules.novnc = { config, lib, pkgs, ... }: {
        config = {
            systemd.services.novnc = {
                enable = true;
                path = with pkgs; [
                    novnc
                        ps
                ];
                script = ''
                    novnc --listen 80 --vnc 127.0.0.1:5900
                    '';
                serviceConfig = {
                    Type = "exec";
                };
                wantedBy = [ "multi-user.target" ];
            };
            networking.firewall.allowedTCPPorts = [ 80 ];
        };
    };
    flake.nixosModules.novnc-container = { config, lib, pkgs, ... }: {
        config = {
            networking = {
                firewall.interfaces."ve-novnc" = {
                    allowedTCPPorts = [ 5900 ];
                    allowedUDPPorts = [ 5900 ];
                };
            };
            containers.novnc = {
                autoStart = true;
                privateNetwork = true;
                hostAddress = "192.168.100.10";
                localAddress = "192.168.100.30";
                config = {
                    systemd.services.novnc = {
                        enable = true;
                        path = with pkgs; [
                            novnc
                                ps
                        ];
                        script = ''
                            novnc --listen 80 --vnc 192.168.100.10:5900
                            '';
                        serviceConfig = {
                            Type = "exec";
                        };
                        wantedBy = [ "multi-user.target" ];
                    };
                    networking.firewall.allowedTCPPorts = [ 80 ];
                    system.stateVersion = "25.05";
                };
            };
        };
    };
 }
--- a/modules/features/ntfy.nix
+++ b/modules/features/ntfy.nix
@@ -0,0 +1,41 @@
 { ... }: {
    flake.nixosModules.ntfy = { config, lib, ... }: {
        config = {
            containers.ntfy = {
                autoStart = true;
                privateNetwork = true;
                hostAddress = "192.168.100.10";
                localAddress = "192.168.100.19";
                config = {
                    services.ntfy-sh = {
                        enable = true;
                        settings = {
                            base-url = "https://ntfy.esotericbytes.com";
                            listen-http = ":80";
                            behind-proxy = true;
                            upstream-base-url = "https://ntfy.sh";
                            auth-default-access = "deny-all";
                        };
                    };
                    networking.firewall.allowedTCPPorts = [ 80 ];
                    system.stateVersion = "24.05";
                };
            };
        };
    };
 }
--- a/modules/features/ollama.nix
+++ b/modules/features/ollama.nix
@@ -0,0 +1,91 @@
 { inputs, ... }: {
    flake.nixosModules.ollama = { config, lib, ... }: {
        config = {
            services.ollama = {
                enable = true;
                acceleration = "cuda";
                environmentVariables = {
                    OLLAMA_CONTEXT_LENGTH = lib.mkDefault "16000";
                };
                package = let 
                    pkgs-us = import inputs.nixpkgs-us { 
                        system = "x86_64-linux";
                        config.allowUnfree = true;
                    }; 
                in pkgs-us.ollama-cuda;
            };
        };
    };
    flake.nixosModules.ollama-docker = { config, lib, pkgs, ... }: let
    hostPort = 11434;
    subdomain = "ollama";
    name = "ollama";
    in {
        config = {
            environment.systemPackages = with pkgs; [
                ollama
            ];
            networking.firewall.interfaces = {
                "ve-traefik" = {
                    allowedTCPPorts = [ hostPort ];
                };
                "ve-openwebui" = {
                    allowedTCPPorts = [ hostPort ];
                };
            };
            virtualisation.oci-containers.containers.ollama = {
                image = "ollama/ollama:latest";
 # unstable, waiting for 26.05
 #pull = "newer";
                hostname = "${subdomain}.esotericbytes.com";
                networks = [
                    "docker-main"
                ];
                ports = [
                    "${builtins.toString hostPort}:11434"
                ];
                volumes = [
                    "vol_ollama:/root/.ollama"
                ];
                labels = {
                    "traefik.enable" = "true";
                    "traefik.http.routers.${name}.entrypoints" = "localsecure";
                    "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
                    "traefik.http.routers.${name}.service" = "${name}";
                    "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
 #"traefik.http.services.ollama.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
                    "traefik.http.services.${name}.loadbalancer.server.port" = "11434";
                };
                extraOptions = lib.mkIf config.hardware.nvidia-container-toolkit.enable [
                    "--device=nvidia.com/gpu=all"
                        "--ip=192.168.101.22"
                ];
                environment = {
                    OLLAMA_CONTEXT_LENGTH = lib.mkDefault "32000";
                };
            };
        };
    };
 }
--- a/modules/features/openssh.nix
+++ b/modules/features/openssh.nix
@@ -0,0 +1,19 @@
 { ... }: {
    flake.nixosModules.openssh = { config, lib, ... }: {
        config = {
            services.openssh = {
                enable = true;
                openFirewall = lib.mkDefault true;
                settings = {
                    PermitRootLogin = lib.mkForce "no";
                    PasswordAuthentication = false;
                    KbdInteractiveAuthentication = false;
                };
            };
        };
    };
 }
--- a/modules/features/openwebui.nix
+++ b/modules/features/openwebui.nix
@@ -0,0 +1,94 @@
 { ... }: {
    flake.nixosModules.openwebui = { config, lib, pkgs, ... }: let
    subdomain = "ai";
    name = "openwebui";
    in {
        config = {
            virtualisation.oci-containers.containers.openwebui = {
                image = "ghcr.io/open-webui/open-webui:v0.7.2";
 # unstable, waiting for 26.05
 #pull = "newer";
                hostname = "${subdomain}.esotericbytes.com";
                networks = [
                    "docker-main"
                ];
                /*ports = [
                  "${builtins.toString hostPort}:8080"
                  ];*/
                volumes = [
                    "vol_openwebui:/app/backend/data"
                ];
                labels = {
                    "traefik.enable" = "true";
                    "traefik.http.routers.${name}.entrypoints" = "localsecure";
                    "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
                    "traefik.http.routers.${name}.service" = "${name}";
                    "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
                    "traefik.http.services.${name}.loadbalancer.server.port" = "8080";
                };
                extraOptions = lib.mkIf config.hardware.nvidia-container-toolkit.enable [
                    "--device=nvidia.com/gpu=all"
                        "--ip=192.168.101.8"
                ];
                environment = {
                };
            };
            systemd.services."docker-openwebui" = {
                serviceConfig = {
                    Restart = lib.mkOverride 90 "always";
                    RestartMaxDelaySec = lib.mkOverride 90 "1m";
                    RestartSec = lib.mkOverride 90 "100ms";
                    RestartSteps = lib.mkOverride 90 9;
                };
                after = [
                    "docker-network-setup.service"
                        "docker-volume-openwebui.service" 
                ];
                requires = [
                    "docker-network-setup.service"
                        "docker-volume-openwebui.service" 
                ];
                partOf = [
                    "docker-compose-openwebui-root.target"
                ];
                wantedBy = [
                    "docker-compose-openwebui-root.target"
                ];
            };
            systemd.services."docker-volume-openwebui" = {
                path = [ pkgs.docker ];
                serviceConfig = {
                    Type = "oneshot";
                    RemainAfterExit = true;
                };
                script = ''
                    docker volume inspect vol_openwebui || docker volume create vol_openwebui --driver=local
                    '';
                partOf = [ "docker-compose-openwebui-root.target" ];
                wantedBy = [ "docker-compose-openwebui-root.target" ];
            };
            systemd.targets."docker-compose-openwebui-root" = {
                wantedBy = [ "multi-user.target" ];
            };
        };
    };
 }
--- a/modules/features/packages.nix
+++ b/modules/features/packages.nix
@@ -0,0 +1,12 @@
 { inputs, ... }: {
    flake.nixosModules.default = { pkgs, ... }: {
        environment.systemPackages = with pkgs; [
            age
            sops
            inputs.disko.packages.${pkgs.stdenv.hostPlatform.system}.disko-install 
        ];
    };
 }
--- a/modules/features/passbolt/docker-compose.nix-txt
+++ b/modules/features/passbolt/docker-compose.nix-txt
@@ -0,0 +1,167 @@
 # Auto-generated by compose2nix.
 { pkgs, lib, ... }:
 {
  # Runtime
  virtualisation.docker = {
    enable = true;
    autoPrune.enable = true;
  };
  virtualisation.oci-containers.backend = "docker";
  # Containers
  virtualisation.oci-containers.containers."passbolt-db" = {
    image = "mariadb:10.11";
    environment = {
      "MYSQL_DATABASE" = "passbolt";
      "MYSQL_PASSWORD" = "P4ssb0lt";
      "MYSQL_RANDOM_ROOT_PASSWORD" = "true";
      "MYSQL_USER" = "passbolt";
    };
    volumes = [
      "passbolt_database_volume:/var/lib/mysql:rw"
    ];
    log-driver = "journald";
    extraOptions = [
      "--network-alias=db"
      "--network=passbolt_default"
    ];
  };
  systemd.services."docker-passbolt-db" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "always";
      RestartMaxDelaySec = lib.mkOverride 90 "1m";
      RestartSec = lib.mkOverride 90 "100ms";
      RestartSteps = lib.mkOverride 90 9;
    };
    after = [
      "docker-network-passbolt_default.service"
      "docker-volume-passbolt_database_volume.service"
    ];
    requires = [
      "docker-network-passbolt_default.service"
      "docker-volume-passbolt_database_volume.service"
    ];
    partOf = [
      "docker-compose-passbolt-root.target"
    ];
    wantedBy = [
      "docker-compose-passbolt-root.target"
    ];
  };
  virtualisation.oci-containers.containers."passbolt-passbolt" = {
    image = "passbolt/passbolt:latest-ce";
    environment = {
      "APP_FULL_BASE_URL" = "https://passbolt.local";
      "DATASOURCES_DEFAULT_DATABASE" = "passbolt";
      "DATASOURCES_DEFAULT_HOST" = "db";
      "DATASOURCES_DEFAULT_PASSWORD" = "P4ssb0lt";
      "DATASOURCES_DEFAULT_USERNAME" = "passbolt";
    };
    volumes = [
      "passbolt_gpg_volume:/etc/passbolt/gpg:rw"
      "passbolt_jwt_volume:/etc/passbolt/jwt:rw"
    ];
    ports = [
      "80:80/tcp"
      "443:443/tcp"
    ];
    cmd = [ "/usr/bin/wait-for.sh" "-t" "0" "db:3306" "--" "/docker-entrypoint.sh" ];
    dependsOn = [
      "passbolt-db"
    ];
    log-driver = "journald";
    extraOptions = [
      "--network-alias=passbolt"
      "--network=passbolt_default"
    ];
  };
  systemd.services."docker-passbolt-passbolt" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "always";
      RestartMaxDelaySec = lib.mkOverride 90 "1m";
      RestartSec = lib.mkOverride 90 "100ms";
      RestartSteps = lib.mkOverride 90 9;
    };
    after = [
      "docker-network-passbolt_default.service"
      "docker-volume-passbolt_gpg_volume.service"
      "docker-volume-passbolt_jwt_volume.service"
    ];
    requires = [
      "docker-network-passbolt_default.service"
      "docker-volume-passbolt_gpg_volume.service"
      "docker-volume-passbolt_jwt_volume.service"
    ];
    partOf = [
      "docker-compose-passbolt-root.target"
    ];
    wantedBy = [
      "docker-compose-passbolt-root.target"
    ];
  };
  # Networks
  systemd.services."docker-network-passbolt_default" = {
    path = [ pkgs.docker ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
      ExecStop = "docker network rm -f passbolt_default";
    };
    script = ''
      docker network inspect passbolt_default || docker network create passbolt_default
    '';
    partOf = [ "docker-compose-passbolt-root.target" ];
    wantedBy = [ "docker-compose-passbolt-root.target" ];
  };
  # Volumes
  systemd.services."docker-volume-passbolt_database_volume" = {
    path = [ pkgs.docker ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
    };
    script = ''
      docker volume inspect passbolt_database_volume || docker volume create passbolt_database_volume
    '';
    partOf = [ "docker-compose-passbolt-root.target" ];
    wantedBy = [ "docker-compose-passbolt-root.target" ];
  };
  systemd.services."docker-volume-passbolt_gpg_volume" = {
    path = [ pkgs.docker ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
    };
    script = ''
      docker volume inspect passbolt_gpg_volume || docker volume create passbolt_gpg_volume
    '';
    partOf = [ "docker-compose-passbolt-root.target" ];
    wantedBy = [ "docker-compose-passbolt-root.target" ];
  };
  systemd.services."docker-volume-passbolt_jwt_volume" = {
    path = [ pkgs.docker ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
    };
    script = ''
      docker volume inspect passbolt_jwt_volume || docker volume create passbolt_jwt_volume
    '';
    partOf = [ "docker-compose-passbolt-root.target" ];
    wantedBy = [ "docker-compose-passbolt-root.target" ];
  };
  # Root service
  # When started, this will automatically create all resources and start
  # the containers. When stopped, this will teardown all resources.
  systemd.targets."docker-compose-passbolt-root" = {
    unitConfig = {
      Description = "Root target generated by compose2nix.";
    };
    wantedBy = [ "multi-user.target" ];
  };
 }
--- a/modules/features/passbolt/passbolt.nix
+++ b/modules/features/passbolt/passbolt.nix
@@ -0,0 +1 @@
 {}
--- a/modules/features/pihole.nix
+++ b/modules/features/pihole.nix
@@ -0,0 +1,80 @@
 { ... }: {
    flake.nixosModules.pihole = { config, lib, ... }: let
    hostPort = 9001;
    subdomain = "pihole";
    name = "pihole";
    in {
        config = {
            virtualisation.docker.daemon.settings.dns = [ "192.168.101.12" ];
            environment.etc."resolv.conf" = {
                enable = true;
                text = ''
                    nameserver 127.0.0.1
                    nameserver 1.1.1.1
                    nameserver 1.0.0.1
                    options edns0
                    '';
                user = "root";
                mode = "0664";
            };
            networking.firewall.interfaces = {
                "ve-traefik" = {
                    allowedTCPPorts = [ hostPort ];
                };
            };
            virtualisation.oci-containers.containers.pihole = {
                image = "pihole/pihole:latest";
 # unstable, waiting for 26.05
 #pull = "newer";
                hostname = "${subdomain}.esotericbytes.com";
                networks = [
                    "docker-main"
                ];
                labels = {
                    "traefik.enable" = "true";
                    "traefik.http.routers.${name}.entrypoints" = "localsecure";
                    "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
                    "traefik.http.routers.${name}.service" = "${name}";
                    "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
 #"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
                    "traefik.http.services.${name}.loadbalancer.server.port" = "80";
                };
                extraOptions = [
                    "--ip=192.168.101.12"
                ];
                ports = [
                    "${builtins.toString hostPort}:80"
                        "127.0.0.1:53:53/tcp"
                        "127.0.0.1:53:53/udp"
                ];
                volumes = [
                    "vol_pihole:/etc/pihole"
                ];
                environment = {
                    FTLCONF_webserver_api_password = "7567";
                    FTLCONF_dns_listeningMode = "ALL";
                };
            };
        };
    };
 }
--- a/modules/features/pipewire.nix
+++ b/modules/features/pipewire.nix
@@ -0,0 +1,47 @@
 { ... }: {
    flake.nixosModules.pipewire = { config, lib, pkgs, ... }: {
        config = {
 # Enable sound with pipewire.
 #sound.enable = true;
            security.rtkit.enable = true;
            services.pipewire = {
                enable = true;
                package = pkgs.pipewire;
                alsa.enable = true;
                alsa.support32Bit = true;
                pulse.enable = true;
                extraConfig.pipewire-pulse."92-low-latency" = {
                    context.modules = [
                    {
                        name = "libpipewire-module-protocol-pulse";
                        args = {
                            pulse.min.req = "32/48000";
                            pulse.default.req = "32/48000";
                            pulse.max.req = "32/48000";
                            pulse.min.quantum = "32/48000";
                            pulse.max.quantum = "32/48000";
                        };
                    }
                    ];
                    stream.properties = {
                        node.latency = "32/48000";
                        resample.quality = 1;
                    };
                };
 # If you want to use JACK applications, uncomment this
 #jack.enable = true;
 # use the example session manager (no others are packaged yet so this is enabled by default,
 # no need to redefine it in your config for now)
                wireplumber.enable = true;
            };
        };
    };
 }
--- a/modules/features/portainer.nix
+++ b/modules/features/portainer.nix
@@ -0,0 +1,60 @@
 { ... }: {
    flake.nixosModules.portainer = { config, lib, ... }: let
    hostPort = 9000;
    subdomain = "portainer";
    name = "portainer";
    in {
        config = {
            networking.firewall.interfaces = {
                "ve-traefik" = {
                    allowedTCPPorts = [ hostPort ];
                };
            };
            virtualisation.oci-containers.containers.portainer = {
                image = "portainer/portainer-ce:latest";
 # unstable, waiting for 26.05
 #pull = "newer";
                hostname = "${subdomain}.esotericbytes.com";
                networks = [
                    "docker-main"
                ];
                labels = {
                    "traefik.enable" = "true";
                    "traefik.http.routers.${name}.entrypoints" = "localsecure";
                    "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
                    "traefik.http.routers.${name}.service" = "${name}";
                    "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
 #"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
                    "traefik.http.services.${name}.loadbalancer.server.port" = "9000";
                };
                ports = [
                    "127.0.0.1:8000:8000"
                        "${builtins.toString hostPort}:9000"
                ];
                extraOptions = [
                    "--ip=192.168.101.10"
                ];
                volumes = [
                    "vol_portainer:/data"
                        "/run/docker.sock:/var/run/docker.sock"
                ];
            };
        };
    };
 }
--- a/modules/features/rustdesk/default.nix
+++ b/modules/features/rustdesk/default.nix
@@ -0,0 +1 @@
 {}
--- a/modules/features/rustdesk/docker-compose.nix-txt
+++ b/modules/features/rustdesk/docker-compose.nix-txt
@@ -0,0 +1,77 @@
 # Auto-generated by compose2nix.
 { pkgs, lib, ... }:
 {
  # Runtime
  virtualisation.docker = {
    enable = true;
    autoPrune.enable = true;
  };
  virtualisation.oci-containers.backend = "docker";
  # Containers
  virtualisation.oci-containers.containers."hbbr" = {
    image = "rustdesk/rustdesk-server:latest";
    volumes = [
      "/home/nathan/Projects/Olympus/system/virtualization/docker/rustdesk/data:/root:rw"
    ];
    cmd = [ "hbbr" ];
    log-driver = "journald";
    extraOptions = [
      "--network=host"
    ];
  };
  systemd.services."docker-hbbr" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "always";
      RestartMaxDelaySec = lib.mkOverride 90 "1m";
      RestartSec = lib.mkOverride 90 "100ms";
      RestartSteps = lib.mkOverride 90 9;
    };
    partOf = [
      "docker-compose-rustdesk-root.target"
    ];
    wantedBy = [
      "docker-compose-rustdesk-root.target"
    ];
  };
  virtualisation.oci-containers.containers."hbbs" = {
    image = "rustdesk/rustdesk-server:latest";
    volumes = [
      "/home/nathan/Projects/Olympus/system/virtualization/docker/rustdesk/data:/root:rw"
    ];
    cmd = [ "hbbs" ];
    dependsOn = [
      "hbbr"
    ];
    log-driver = "journald";
    extraOptions = [
      "--network=host"
    ];
  };
  systemd.services."docker-hbbs" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "always";
      RestartMaxDelaySec = lib.mkOverride 90 "1m";
      RestartSec = lib.mkOverride 90 "100ms";
      RestartSteps = lib.mkOverride 90 9;
    };
    partOf = [
      "docker-compose-rustdesk-root.target"
    ];
    wantedBy = [
      "docker-compose-rustdesk-root.target"
    ];
  };
  # Root service
  # When started, this will automatically create all resources and start
  # the containers. When stopped, this will teardown all resources.
  systemd.targets."docker-compose-rustdesk-root" = {
    unitConfig = {
      Description = "Root target generated by compose2nix.";
    };
    wantedBy = [ "multi-user.target" ];
  };
 }
--- a/modules/features/sandbox.nix
+++ b/modules/features/sandbox.nix
@@ -0,0 +1,77 @@
 { ... }: {
    flake.nixosModules.sandbox = { config, lib, self, ... }: {
        config = {
            networking = {
                nat.internalInterfaces = [ "ve-sandbox" ];
            };
            containers.sandbox = {
                autoStart = true;
                privateNetwork = true;
                hostAddress = "192.168.100.10";
                localAddress = "192.168.100.32";
                ephemeral = true;
                timeoutStartSec = "3min";
                flake = "${self}";
                /*bindMounts = {
                  "/dev/nvidia0" = {
                  hostPath = "/dev/nvidia0";
                  isReadOnly = false;
                  };
                  "/dev/nvidiactl" = {
                  hostPath = "/dev/nvidiactl";
                  isReadOnly = false;
                  };
                  "/dev/nvidia-uvm" = {
                  hostPath = "/dev/nvidia-uvm";
                  isReadOnly = false;
                  };
                  "/dev/nvidia-modeset" = {
                  hostPath = "/dev/nvidia-modeset";
                  isReadOnly = false;
                  };
                  "/dev/nvidia-uvm-tools" = {
                  hostPath = "/dev/nvidia-uvm-tools";
                  isReadOnly = false;
                  };
                  };
                  allowedDevices = [
                  {
                  node = "/dev/nvidia0";
                  modifier = "rw";
                  }
                  {
                  node = "/dev/nvidiactl";
                  modifier = "rw";
                  }
                  {
                  node = "/dev/nvidia-uvm";
                  modifier = "rw";
                  }
                  {
                  node = "/dev/nvidia-modeset";
                  modifier = "rw";
                  }
                  {
                  node = "/dev/nvidia-uvm-tools";
                  modifier = "rw";
                  }
                  ];*/
                config = {
                };
            };
        };
    };
 }
--- a/modules/features/sddm.nix
+++ b/modules/features/sddm.nix
@@ -0,0 +1,32 @@
 { ... }: {
    flake.nixosModules.sddm = { config, lib, pkgs, ... }: {
        config = {
            qt.enable = true;
            environment.systemPackages = with pkgs; [ (sddm-astronaut.override { embeddedTheme = "pixel_sakura"; }) ];
            services.displayManager.sddm = {
                enable = true;
                wayland.enable = true;
                autoNumlock = true;
                theme = "sddm-astronaut-theme"; #"${inputs.tokyo-night-sddm-theme { inherit pkgs; }}";
                enableHidpi = true;
                /*extraPackages = with pkgs; [
                  libsForQt5.qtsvg
                  libsForQt5.qtquickcontrols2
                  libsForQt5.qtgraphicaleffects
                  ];*/
                package = lib.mkDefault pkgs.kdePackages.sddm;
                extraPackages = with pkgs; [
                    kdePackages.qtsvg
                        kdePackages.qtvirtualkeyboard
                        kdePackages.qtmultimedia
                ];
            };
        };
    };
 }
--- a/modules/features/searxng/searxng.nix
+++ b/modules/features/searxng/searxng.nix
@@ -0,0 +1,57 @@
 { ... }: {
    flake.nixosModules.searxng = { config, lib, ... }: let
    subdomain = "searxng";
    name = "searxng";
    in {
        config = {
            environment.etc."searxng/settings.yml".source = ./settings.yml;
            virtualisation.oci-containers.containers.searxng = {
                image = "searxng/searxng:latest";
 # unstable, waiting for 26.05
 #pull = "newer";
                hostname = "${subdomain}.esotericbytes.com";
                networks = [
                    "docker-main"
                ];
                labels = {
                    "traefik.enable" = "true";
                    "traefik.http.routers.${name}.entrypoints" = "localsecure";
                    "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
                    "traefik.http.routers.${name}.service" = "${name}";
                    "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
 #"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
                    "traefik.http.services.${name}.loadbalancer.server.port" = "8080";
                };
                ports = [
                ];
                extraOptions = [
                    "--ip=192.168.101.9"
                ];
                volumes = [
                    "vol_searxng_settings:/etc/searxng/"
                        "vol_searxng_data:/var/cache/searxng/"
                        "/etc/searxng/settings.yml:/etc/searxng/settings.yml"
                ];
                environment = {
                    SEARXNG_SECRET = "2e8b4fcf4c0f46b097496f2d5715dbb061bd5cac78c64d0f5a0bee27f013f3c0";
                };
            };
        };
    };
 }
--- a/modules/features/searxng/settings.yml
+++ b/modules/features/searxng/settings.yml
--- a/modules/features/secrets.yaml
+++ b/modules/features/secrets.yaml
--- a/modules/features/steam.nix
+++ b/modules/features/steam.nix
@@ -0,0 +1,13 @@
 { ... }: {
    flake.nixosModules.steam = { config, lib, ... }: {
        config = {
            programs.steam = {
                enable = true;
            };
        };
    };
 }
--- a/modules/features/traefik/config/routing.yml
+++ b/modules/features/traefik/config/routing.yml
@@ -0,0 +1,75 @@
 http: 
  routers: 
    homepageSecure: 
      entryPoints: 
        - "websecure" 
        - "localsecure"
      rule: "Host(`esotericbytes.com`) || Host(`www.esotericbytes.com`)"
      service: "homepage"
      middlewares:
        - authentik
      tls:
        certResolver: "cloudflare"
    code-server: 
      entryPoints: 
        - "localsecure"
      rule: "Host(`code.esotericbytes.com`)"
      service: "code-server"
      tls:
        certResolver: "cloudflare"
    gitea: 
      entryPoints: 
        - "localsecure"
        - "websecure"
      rule: "Host(`gitea.esotericbytes.com`)"
      service: "gitea"
      tls:
        certResolver: "cloudflare"
    octoprint:
      entryPoints:
        - "localsecure"
        #- "websecure"
      rule: "Host(`3dp.esotericbytes.com`)"
      service: "octoprint"
      tls:
        certResolver: "cloudflare"
  services: 
    homepage:
      loadBalancer:
        servers: 
          - url: "http://192.168.100.13:80"
    code-server:
      loadBalancer:
        servers: 
          - url: "http://192.168.100.31:4444"
    gitea:
      loadBalancer:
        servers: 
          - url: "http://192.168.100.20:3000"
    octoprint:
      loadBalancer:
        servers:
          - url: "http://rpi-3dp.local"
        passHostHeader: true
 tcp:
  routers:
    gitea-ssh:
      entryPoints:
        - "gitea-ssh"
      rule: "HostSNI(`*`)"
      service: "gitea-ssh"
  services:
    gitea-ssh:
      loadBalancer:
        servers:
          - address: "192.168.100.20:2222"
--- a/modules/features/traefik/config/traefik.yml
+++ b/modules/features/traefik/config/traefik.yml
@@ -0,0 +1,87 @@
 providers:
  docker:
    exposedByDefault: false
  file:
    filename: "/etc/traefik/routing.yml"
 serversTransport:
  insecureSkipVerify: true
 api: 
  dashboard: true
 global: 
  checknewversion: true
  sendanonymoususage: false
 entryPoints: 
  web: 
    address: ":81"
    http:
      redirections:
        entryPoint: 
          to: "websecure"
          scheme: "https"
  websecure: 
    address: ":444"
    asDefault: true
    transport:
      respondingTimeouts:
        readTimeout: 24h
    http:
      tls: 
        certResolver: "cloudflare"
        domains: 
          main: "esotericbytes.com"
          sans:
            - "*.esotericbytes.com" 
      encodedCharacters:  
        allowEncodedSlash: true
        allowEncodedQuestionMark: true
        allowEncodedPercent: true
  local: 
    address: ":80"
    http:
      redirections:
        entryPoint: 
          to: "localsecure"
          scheme: "https"
  localsecure: 
    address: ":443"
    asDefault: true
    transport:
      respondingTimeouts:
        readTimeout: 24h
    http:
      tls: 
        certResolver: "cloudflare"
        domains: 
          main: "esotericbytes.com"
          sans:
            - "*.esotericbytes.com" 
      encodedCharacters:  
        allowEncodedSlash: true
        allowEncodedQuestionMark: true
        allowEncodedPercent: true
  gitea-ssh:
    address: ":2222"
 log: 
  level: "INFO"
  filePath: "/etc/traefik/logs/traefik.log"
  format: "json"
 certificatesResolvers: 
  cloudflare: 
    acme: 
      storage: "/etc/traefik/acme.json"
      keyType: "EC256"
      dnsChallenge: 
        provider: "cloudflare"
        resolvers:
          - "1.1.1.1:53" 
          - "1.0.0.1:53"
--- a/modules/features/traefik/traefik.nix
+++ b/modules/features/traefik/traefik.nix
@@ -0,0 +1,106 @@
 { ... }: {
    flake.nixosModules.traefik = { config, lib, ... }: {
        config = {
            networking.firewall.allowedTCPPorts = [ 80 81 443 444 2222 ];
            sops.secrets = {
                "traefik/cf_email" = {};
                "traefik/cf_api_key" = {};
            };
            sops.templates."traefik.env" = {
                content = ''
                    CF_API_EMAIL=${config.sops.placeholder."traefik/cf_email"}
                CF_DNS_API_TOKEN=${config.sops.placeholder."traefik/cf_api_key"}
                '';
            };
            environment.etc = (builtins.listToAttrs (builtins.map (x: { 
                            name = "traefik/${x}"; 
                            value = {
                            source = ./config/${x};
                            mode = "0664";
                            };
                            }) (builtins.attrNames (builtins.readDir ./config))));
            /*environment.etc."traefik/traefik.yml" = {
              source = ./config/traefik.yml;
              };
              environment.etc."traefik/routing.yml" = {
              source = ./config/routing.yml;
              };*/
            virtualisation.oci-containers.containers.traefik = {
                image = "traefik:v3.6";
                environment = {
                    TRAEFIK_CERTIFICATESRESOLVERS_CLOUDFLARE_ACME_EMAIL = "\${CF_API_EMAIL}";
                };
                environmentFiles = [ config.sops.templates."traefik.env".path ];
                volumes = [
                    "/etc/traefik/:/etc/traefik/"
                        "/run/docker.sock:/var/run/docker.sock" 
                ];
                networks = [
                    "docker-main"
                ];
                ports = [
                    "80:80"
                        "81:81"
                        "443:443"
                        "444:444"
                        "2222:2222"
                ];
                labels = {
                    "traefik.enable" = "true";
                    "traefik.http.routers.dashboard.rule" = "Host(`traefik.esotericbytes.com`)";
                    "traefik.http.routers.dashboard.entrypoints" = "websecure,localsecure";
                    "traefik.http.routers.dashboard.service" = "api@internal";
                    "traefik.http.routers.dashboard.tls.certResolver" = "cloudflare";
                };
                extraOptions = [
                    "--ip=192.168.101.11"
                ];
                log-driver = "journald";
            };
            systemd.services."docker-traefik" = {
                serviceConfig = {
                    Restart = lib.mkOverride 90 "always";
                    RestartMaxDelaySec = lib.mkOverride 90 "1m";
                    RestartSec = lib.mkOverride 90 "100ms";
                    RestartSteps = lib.mkOverride 90 9;
                };
                after = [
                    "docker-network-setup.service"
                ];
                requires = [
                    "docker-network-setup.service"
                ];
                partOf = [
                    "docker-compose-traefik-root.target"
                ];
                wantedBy = [
                    "docker-compose-traefik-root.target"
                ];
            };
 # Root service
 # When started, this will automatically create all resources and start
 # the containers. When stopped, this will teardown all resources.
            systemd.targets."docker-compose-traefik-root" = {
                wantedBy = [ "multi-user.target" ];
            };
        };
    };
 }
--- a/modules/features/virtual-machines.nix
+++ b/modules/features/virtual-machines.nix
@@ -0,0 +1,22 @@
 { ... }: {
    flake.nixosModules.virtual-machines = { config, lib, pkgs, ... }: {
        config = {
            programs.virt-manager.enable = true;
            virtualisation = {
                libvirtd = {
                    enable = true;
                    qemu.swtpm.enable = true;
                };
                spiceUSBRedirection.enable = true;
            };
            environment.systemPackages = with pkgs; lib.mkIf config.hardware.graphics.enable [
                virt-viewer
            ];
        };
    };
 }
--- a/modules/features/wyoming.nix
+++ b/modules/features/wyoming.nix
@@ -0,0 +1,46 @@
 { ... }: {
    flake.nixosModules.wyoming = { config, lib, ... }: {
        config = {
            services.wyoming = {
                piper = {
                    servers.piper = {
                        enable = lib.mkDefault true;
                        voice = "en-us-ryan-medium";
                        uri = "tcp://0.0.0.0:11435";
                    };
                };
                openwakeword = {
                    enable = lib.mkDefault true;
                    uri = "tcp://0.0.0.0:11432";
                    threshold = 0.5;
                    customModelsDirectories = [
 #./wake_words
                    ];
                };
                faster-whisper = {
                    servers.whisper = {
                        enable = lib.mkDefault true;
                        device = "auto";
                        language = "en";
                        model = "medium.en";
                        uri = "tcp://0.0.0.0:11433";
                    };
                };
                satellite = {
                    enable = lib.mkDefault true;
                    uri = "tcp://0.0.0.0:11431";
                };
            };
        };
    };
 }
--- a/modules/hosts/container/configuration.nix
+++ b/modules/hosts/container/configuration.nix
@@ -0,0 +1,120 @@
 { inputs, ... }: {
    flake.nixosModules.container = { config, pkgs, lib, ... }:
    {
        imports =
            [
            inputs.home-manager.nixosModules.default
            ];
        config = {
            hardware.nvidia.open = true;
            boot.isContainer = true;
            services = {
                xserver = {
 #enable = true;
                    videoDrivers = ["nvidia"];
                };
                displayManager = {
                    enable = true;
                    defaultSession = "plasma";
                    autoLogin = {
                        enable = true;
                        user = "nathan";
                    };
                };
                pulseaudio.enable = false;
            };
            systemd.extraConfig = "DefaultLimitNOFILE=2048";
            /*
               environment.sessionVariables = {
               WLR_BACKENDS = "headless";
               WLR_LIBINPUT_NO_DEVICES = "1";
               };
             */
            programs.zsh.enable = true;
            environment.shells = with pkgs; [ zsh ];
            users.defaultUserShell = pkgs.zsh;
            nixpkgs = {
                config.allowUnfree = true;
                hostPlatform = "x86_64-linux";
            };
 # Set your time zone.
            time.timeZone = "America/Chicago";
 # Select internationalisation properties.
            i18n.defaultLocale = "en_US.UTF-8";
            i18n.extraLocaleSettings = {
                LC_ADDRESS = "en_US.UTF-8";
                LC_IDENTIFICATION = "en_US.UTF-8";
                LC_MEASUREMENT = "en_US.UTF-8";
                LC_MONETARY = "en_US.UTF-8";
                LC_NAME = "en_US.UTF-8";
                LC_NUMERIC = "en_US.UTF-8";
                LC_PAPER = "en_US.UTF-8";
                LC_TELEPHONE = "en_US.UTF-8";
                LC_TIME = "en_US.UTF-8";
            };
            services.displayManager.sddm.settings.AutoLogin = {
                User = "nathan";
                Session = "plasmawayland.desktop";
                Relogin = true;
            };
            networking = {
                nameservers = [ "1.1.1.1" "1.0.0.1" ];
                networkmanager.enable = true;
                firewall.allowedTCPPorts = [ 80 ];
            };
            system.stateVersion = "25.05"; # Did you read the comment?
                users.users."nathan" = {
                    isNormalUser = true;
                    initialPassword = "7567";
 #hashedPasswordFile = config.sops.secrets."nathan/pass".path;
                    extraGroups = [ 
                        "wheel"
                    ]; # Enable ‘sudo’ for the user.
                    /*openssh.authorizedKeys.keys = [
                      ];*/
                };
            nix = {
                nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
                settings = {
                    experimental-features = [ "nix-command" "flakes" ];
                };
            };
            /*sops = {
              age.keyFile = "/home/nathan/.config/sops/age/keys.txt";
              defaultSopsFile = ./secrets.yaml;
              defaultSopsFormat = "yaml";
              secrets = {
              "nathan/pass" = {
              neededForUsers = true;
              };
              };
              };*/
            fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
        };
    };
 }
--- a/modules/hosts/homebox/.sops.yaml
+++ b/modules/hosts/homebox/.sops.yaml
@@ -0,0 +1,7 @@
 keys:
  - &homebox age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
 creation_rules:
  - path_regex: ^secrets.yaml$
    key_groups:
    - age:
      - *homebox
--- a/modules/hosts/homebox/configuration.nix
+++ b/modules/hosts/homebox/configuration.nix
@@ -0,0 +1,128 @@
 { self, inputs, ... }: {
    flake.nixosModules.homebox = { config, pkgs, lib, ... }:
    {
        imports =
            [
                inputs.disko.nixosModules.default
                inputs.home-manager.nixosModules.default
                self.nixosModules.default
            ];
        config = {
            boot = {
                kernelPackages = pkgs.linuxKernel.packages.linux_6_18;
                loader = {
                    systemd-boot.enable = true;
                    efi.canTouchEfiVariables = true;
                };
                binfmt.emulatedSystems = [ "aarch64-linux" ];
            };
            systemd.settings.Manager.DefaultLimitNOFILE = 2048;
            programs.zsh.enable = true;
            environment.shells = with pkgs; [ zsh bashInteractive ];
            nixpkgs.config.allowUnfree = true;
            networking = {
                hostName = "homebox";
                nameservers = lib.mkDefault [ "1.1.1.1" "1.0.0.1" ];
                networkmanager = {
                    enable = true;
                    dns = "none";
                };
                useDHCP = false;
                dhcpcd.enable = false;
                nftables = {};
                nat = {
                    enable = true;
                    internalInterfaces = [ "ve-.+" ];
                    externalInterface = "wlp7s0"; # wifi
 #externalInterface = "enp6s0"; # ethernet
                };
            };
            services.netbird.clients.default.environment = {
                NB_EXTRA_DNS_LABELS = "server";
            };
            fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
            services = {
                xserver = {
                    enable = false;
                    videoDrivers = ["nvidia"];
                };
                displayManager = {
                    enable = false;
                    defaultSession = "hyprland";
                    autoLogin = {
                        enable = true;
                        user = "nathan";
                    };
                };
                pulseaudio.enable = false;
                hardware.openrgb = {
                    enable = true;
                    motherboard = "amd";
                };
            };
            hardware = {
                nvidia = {
                    open = true;
                    modesetting.enable = true;
                    nvidiaPersistenced = true;
                };
                bluetooth = {
                    enable = true;
                    powerOnBoot = false;
                };
            };
            sops = {
                age.keyFile = "/var/lib/sops/age/keys.txt";
                defaultSopsFile = ./secrets.yaml;
                defaultSopsFormat = "yaml";
                secrets = {
                    "nathan/pass" = {
                        neededForUsers = true;
                    };
                    "remoteBuildClientKeys/laptop".sopsFile = ./../../features/secrets.yaml;
                    "remoteBuildClientKeys/pi4".sopsFile = ./../../features/secrets.yaml;
                    "remoteBuildClientKeys/android".sopsFile = ./../../features/secrets.yaml;
                };
            };
            nix = {
                settings = {
                    trusted-users = [ "remote-builder" ];
                };
            };
 # This value determines the NixOS release from which the default
 # settings for stateful data, like file locations and database versions
 # on your system were taken. It‘s perfectly fine and recommended to leave
 # this value at the release version of the first install of this system.
 # Before changing this value read the documentation for this option
 # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
            system.stateVersion = "23.05"; # Did you read the comment?
        };
    };
 }
--- a/modules/hosts/homebox/default.nix
+++ b/modules/hosts/homebox/default.nix
@@ -0,0 +1,12 @@
 { self, inputs, ... }: {
    flake.nixosConfigurations."homebox" = inputs.nixpkgs.lib.nixosSystem {
        modules = with self.nixosModules; [
            (user-nathan "laptop")
            homebox
            homebox-hardware
            self.diskoConfigurations.homebox
        ];
    };
 }
--- a/modules/hosts/homebox/disko.nix
+++ b/modules/hosts/homebox/disko.nix
@@ -0,0 +1,143 @@
 { ... }: {
    flake.diskoConfigurations.homebox = {
        disko.devices = {
            disk = {
                main = {
                    device = "/dev/nvme0n1";
                    type = "disk";
                    content = {
                        type = "gpt";
                        partitions = {
                            boot = {
                                name = "boot";
                                size = "1M";
                                type = "EF02";
                            };
                            esp = {
                                name = "ESP";
                                size = "500M";
                                type = "EF00";
                                content = {
                                    type = "filesystem";
                                    format = "vfat";
                                    mountpoint = "/boot";
                                };
                            };
                            swap = {
                                size = "4G";
                                content = {
                                    type = "swap";
                                    resumeDevice = true;
                                };
                            };
                            root = {
                                name = "root";
                                size = "100%";
                                content = {
                                    type = "lvm_pv";
                                    vg = "root_vg";
                                };
                            };
                        };
                    };
                };
                ssd1 = {
                    device = "/dev/nvme1n1";
                    type = "disk";
                    content = {
                        type = "gpt";
                        partitions = {
                            ssd1 = {
                                name = "ssd1";
                                size = "100%";
                                content = {
                                    type = "lvm_pv";
                                    vg = "ssd1_vg";
                                };
                            };
                        };
                    };
                };
                hdd1 = {
                    device = "/dev/sda";
                    type = "disk";
                    content = {
                        type = "gpt";
                        partitions = {
                            hdd1 = {
                                name = "hdd1";
                                size = "100%";
                                content = {
                                    type = "lvm_pv";
                                    vg = "hdd1_vg";
                                };
                            };
                        };
                    };
                };
            };
            lvm_vg = {
                root_vg = {
                    type = "lvm_vg";
                    lvs = {
                        root = {
                            size = "100%FREE";
                            content = {
                                type = "btrfs";
                                extraArgs = ["-f"];
                                subvolumes = {
                                    "/root" = {
                                        mountpoint = "/";
                                    };
                                    "/nix" = {
                                        mountOptions = ["subvol=nix" "noatime"];
                                        mountpoint = "/nix";
                                    };
                                };
                            };
                        };
                    };
                };
                ssd1_vg = {
                    type = "lvm_vg";
                    lvs = {
                        ssd1 = {
                            size = "100%FREE";
                            content = {
                                type = "btrfs";
                                extraArgs = [ "-f" ];
                                subvolumes = {
                                    "/ssd1" = {
                                        mountOptions = [ "subvol=ssd1" "noatime" ];
                                        mountpoint = "/ssd1";
                                    };
                                };
                            };
                        };
                    };
                };
                hdd1_vg = {
                    type = "lvm_vg";
                    lvs = {
                        hdd1 = {
                            size = "100%FREE";
                            content = {
                                type = "btrfs";
                                extraArgs = [ "-f" ];
                                subvolumes = {
                                    "/hdd1" = {
                                        mountOptions = [ "subvol=hdd1" "noatime" ];
                                        mountpoint = "/hdd1";
                                    };
                                };
                            };
                        };
                    };
                };
            };    
        };
    };
 }
--- a/modules/hosts/homebox/hardware-configuration.nix
+++ b/modules/hosts/homebox/hardware-configuration.nix
@@ -0,0 +1,24 @@
 { ... }: {
    flake.nixosModules.homebox-hardware = { config, lib, pkgs, modulesPath, ... }:
    {
        imports =
            [ (modulesPath + "/installer/scan/not-detected.nix")
            ];
        boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ];
        boot.initrd.kernelModules = [ "dm-snapshot" ];
        boot.kernelModules = [ "kvm-amd" ];
        boot.extraModulePackages = [ ];
 # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
 # (the default) this is the recommended approach. When using systemd-networkd it's
 # still possible to use this option, but it's recommended to use it in conjunction
 # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
        networking.useDHCP = lib.mkDefault true;
        nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
        hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
    };
 }
--- a/system/profiles/homebox/secrets.yaml
+++ b/system/profiles/homebox/secrets.yaml
@@ -1,5 +1,8 @@
 nathan:
    pass: ENC[AES256_GCM,data:HP/kF665VvIUybXmqaluJikeHWR0lvTXjA8Ry/dpbjDd3VUfiDuWFKlBkUzIZ1brAc86PV1xl4JWu2CNEz7uc3TmPuJ+GsFFOA==,iv:uPQZE7s3PvfShOaVCNRnnhXlcvA5aIiXRxi7UPbXfdU=,tag:Wg0IuCm4ljSPBmB/H2OSFA==,type:str]
 traefik:
    cf_email: ENC[AES256_GCM,data:ujvdfobp/aTcyC+kUYeYYeaiXQnQhoHYhg==,iv:LBzvuMMt76jX70a68rzaMgkmzHtVE2TlbrJlWE7I6o8=,tag:cTO1ApZQ214zjJyumunvPg==,type:str]
    cf_api_key: ENC[AES256_GCM,data:CrtkBlhUZT3rlZAqiEHz7/OhPaoQ5nAz+deWmrh2zmwJfAp95lGZCA==,iv:qPXTm5zjTVYupot/hUkI/pSe0QNs17rapDrvdweRDTQ=,tag:VL2Cnig8Ih0iSL7myqlTgA==,type:str]
 authentik:
    pass: ENC[AES256_GCM,data:pTjpwRgdUVU5543T199P7Zoy,iv:93WpIK6qq+A1LhaQdBvMQ4jzuAOmMUt575y/p8m8Ugk=,tag:jTg/JED3vpdOVHF8LdIyLg==,type:str]
    secret_key: ENC[AES256_GCM,data:tIWDGtB/z7Ysizz9FPQJe2EeSTAxDPkeHJnaDfytDvbqvRaiCgg7qGpEF6hAQFdZ,iv:gloup5aI0qY+SYJt8V6lvUdE+18IWH09BXtz8dRi6JE=,tag:vFwF9h1Rsa/X1bjvdSRSfQ==,type:str]
@@ -10,7 +13,7 @@ gitea:
 keycloak:
    dbpass: ENC[AES256_GCM,data:tc4wIAqzY7nonBhz8s+YdAux,iv:Wg0b0/xnl6cANLTOJWBsX+gw1iF8Q/GvO/iKyKwqJrM=,tag:LORKRmo4RjcrVbPNhk2A9Q==,type:str]
 netbird:
-    coturnPass: ENC[AES256_GCM,data:zB6P9RyTTKkXEOIhOyeJuF4Y,iv:8SWVfcdmMnXQJxezu3uanrlmFhR+hxXEJ3T7KA+YZqE=,tag:1H21K3kbZOuLOdN2zufWJw==,type:str]
+    secret_key: ENC[AES256_GCM,data:isJHGh/InvgJUSqISqxpWhZH0OMN/QG7WBbSS7WqHaWTdfZDBOh//PBP8g==,iv:j0D6feM3qnDjXijXRHgZPboFLHzPwWIhT5bYz3M+QMU=,tag:pOHRxOEdOUrL3n6DgqGDsA==,type:str]
 gitlab:
    db_pass: ENC[AES256_GCM,data:N3KvXkXql/PDjxZSpGo/Apr/,iv:OOzhR4BEmV3T01PA50vqdJMg7D2OGKHn/8hiqKEaOd4=,tag:jzdonXH/D/5kZ5Cld2W//w==,type:str]
    root_pass: ENC[AES256_GCM,data:bALaUkoJw3N0ugZP/4MCnEsD,iv:LJdJpXlyzA6o00UVlK+l5WCCFIL/sT/fQNjI8wA5LAg=,tag:BYk1o/rjubyEpeHbgYA1Sg==,type:str]
@@ -35,7 +38,7 @@ sops:
            S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M
            8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-19T05:54:41Z"
+    lastmodified: "2026-02-01T12:56:37Z"
-    mac: ENC[AES256_GCM,data:hLxsJDB3kr00fVVlkGC7L/pP3AH+W+IZbt4zHxGb9C7bhgs1zkLdDGGW8uqitsYQP5ZqSq00raym+JGGREH0q+SepQB+yrB26yDsac6thzKV1Yr3sIMhKdzSHJiNEawUxI7pTToKG3e6XDz2S0r0i0AvAoA6abPHoPH4ihojoXE=,iv:lSKAiSdkP1FxVoeKtSYs4i3HcyouNUeBHRvAXXqiBKY=,tag:hJGw0QhvbUf9M3AXC67iFA==,type:str]
+    mac: ENC[AES256_GCM,data:clu/WnwHAQaowQ99Z8tNlIKKcVnLHYeYsgQK0meftXgiQKnLyLzqNipwfaU3qjITdm6fB7wY+TcySygpwFbY2f2TKrqAk7RxdnTFa61vQDqMF7rYPG90Ub79P+R5URZI8yjv69Hmrav0Y6z92vH8ItbPSRBLtgrbYZx36IFq0LU=,iv:qzBVA0xATM979tzu6cTvMrX77firvA5K0WU2hoUggoA=,tag:Fm3IqH0GUHBq9Din6ZW6ng==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.11.0
--- a/modules/hosts/iso/configuration.nix
+++ b/modules/hosts/iso/configuration.nix
@@ -0,0 +1,48 @@
 { self, inputs, ... }: {
    flake.nixosModules.iso = { lib, pkgs, modulesPath, ... }: {
        imports = with inputs; [
            (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
            self.nixosModules.default
            self.nixosModules.aurora-greeter
            home-manager.nixosModules.default
        ];
        config = {
            fonts.fontconfig.enable = lib.mkForce true;
            fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
            environment.systemPackages = with pkgs; [ nerd-fonts.fira-code ];
            system.stateVersion = "25.11";
            nixpkgs.hostPlatform = "x86_64-linux";
            users.users."nathan" = {
                hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
                packages = with pkgs; [ 
                    git 
                    nerd-fonts.fira-code
                ];
            };
            users.users.nixos.enable = lib.mkForce false;
            networking = {
                nameservers = [ "1.1.1.1" "1.0.0.1" ];
                networkmanager.enable = true;
            };
            programs.zsh.enable = true;
            environment.shells = with pkgs; [ zsh bashInteractive ];
        };
    };
 }
--- a/modules/hosts/iso/default.nix
+++ b/modules/hosts/iso/default.nix
@@ -0,0 +1,15 @@
 { self, inputs, ...}: {
    perSystem = { config, system, pkgs, self', inputs', ... }: {
        packages.iso = self.nixosConfigurations.iso.config.system.build.isoImage;
    };
    flake.nixosConfigurations.iso = inputs.nixpkgs.lib.nixosSystem {
        modules = [
            self.nixosModules.iso
        ];
    };
 }
--- a/modules/hosts/jesstop/configuration.nix
+++ b/modules/hosts/jesstop/configuration.nix
@@ -0,0 +1,113 @@
 { inputs, ... }: {
    flake.nixosModules.jesstop = { config, pkgs, lib, ... }:
    {
        config = {
            nixpkgs.config = {
                allowUnfree = true;
            };
 # Bootloader.
            boot = {
                loader = {
                    systemd-boot.enable = true;
                    efi.canTouchEfiVariables = true;
                };
            };
            systemd.extraConfig = "DefaultLimitNOFILE=2048";
            hardware = {
                graphics.enable = true;
 #enable bluetooth
                bluetooth.enable = true;
            };
            services.pulseaudio.enable = false;
            environment.systemPackages = with pkgs; [
                alsa-utils
            ];
 # Enable the X11 windowing system.
            services.xserver = {
                enable = true;
                desktopManager.enlightenment.enable = true;
            };
            services.acpid.enable = true;
            services.displayManager.enable = true;
 # Enable CUPS to print documents.
            services.printing.enable = true;
            system.stateVersion = "23.05"; # Did you read the comment?
 # Set your time zone.
                time.timeZone = "America/Chicago";
 # Select internationalisation properties.
            i18n.defaultLocale = "en_US.UTF-8";
            i18n.extraLocaleSettings = {
                LC_ADDRESS = "en_US.UTF-8";
                LC_IDENTIFICATION = "en_US.UTF-8";
                LC_MEASUREMENT = "en_US.UTF-8";
                LC_MONETARY = "en_US.UTF-8";
                LC_NAME = "en_US.UTF-8";
                LC_NUMERIC = "en_US.UTF-8";
                LC_PAPER = "en_US.UTF-8";
                LC_TELEPHONE = "en_US.UTF-8";
                LC_TIME = "en_US.UTF-8";
            };
            networking = {
                hostName = "jesstop";
                nameservers = [ "1.1.1.1" "1.0.0.1" ];
                networkmanager.enable = true;
            };
            users.users."nickelback" = {
                isNormalUser = true;
                description = "Thomas Jefferson";
                initialPassword = "89453712";
 #hashedPasswordFile = config.sops.secrets."nathan/pass".path;
                extraGroups = [ 
                    "wheel"
                    "networkmanager"
                ]; # Enable ‘sudo’ for the user.
                openssh.authorizedKeys.keys = [];
                packages = with pkgs; [
                    (writeShellScriptBin "beets" ''
                     bluetoothctl connect A4:16:C0:74:1F:55
                     '')
                        spotify
                        gnome-network-displays
                        discord
                        krita
                        rpcs3
                ];
            };
            nix = {
                nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
                settings = {
                    experimental-features = [ "nix-command" "flakes" ];
                };
            };
            fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
        };
    };
 }
--- a/modules/hosts/jesstop/default.nix
+++ b/modules/hosts/jesstop/default.nix
@@ -0,0 +1,11 @@
 { self, inputs, ... }: {
    flake.nixosConfigurations."jesstop" = inputs.nixpkgs.lib.nixosSystem {
        modules = [
            self.nixosModules.jesstop
            self.nixosModules.jesstop-hardware
        ];
    };
 }
--- a/modules/hosts/jesstop/hardware-configuration.nix
+++ b/modules/hosts/jesstop/hardware-configuration.nix
@@ -0,0 +1,39 @@
 { ... }: {
    flake.nixosModules.jesstop-hardware = { config, lib, pkgs, modulesPath, ... }:
    {
        imports =
            [ (modulesPath + "/installer/scan/not-detected.nix")
            ];
        boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
        boot.initrd.kernelModules = [ ];
        boot.kernelModules = [ "kvm-intel" ];
        boot.extraModulePackages = [ ];
        fileSystems."/" =
        { device = "/dev/disk/by-uuid/d76defe1-149f-4ea2-a5a1-d9cc2804cf72";
            fsType = "ext4";
        };
        fileSystems."/boot" =
        { device = "/dev/disk/by-uuid/D497-6455";
            fsType = "vfat";
            options = [ "fmask=0077" "dmask=0077" ];
        };
        swapDevices = [ ];
 # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
 # (the default) this is the recommended approach. When using systemd-networkd it's
 # still possible to use this option, but it's recommended to use it in conjunction
 # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
        networking.useDHCP = lib.mkDefault true;
 # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
 # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
        nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
        hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
    };
 }
--- a/modules/hosts/laptop/.sops.yaml
+++ b/modules/hosts/laptop/.sops.yaml
@@ -0,0 +1,7 @@
 keys:
  - &laptop age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
 creation_rules:
  - path_regex: ^secrets.yaml$
    key_groups:
    - age:
      - *laptop
--- a/modules/hosts/laptop/configuration.nix
+++ b/modules/hosts/laptop/configuration.nix
@@ -0,0 +1,142 @@
 { self, inputs, ... }: {
    flake.nixosModules.laptop = { config, pkgs, lib, ... }:
    {
        imports = with self.nixosModules; [
            inputs.home-manager.nixosModules.default
            self.nixosModules.default
            self.nixosModules.default
            aurora-greeter
            hyprland
            pipewire
            steam
            avahi
            netbird
            openssh
        ];
        config = {
            nixpkgs.config = {
                allowUnfree = true;
            };
 # Bootloader.
            boot = {
                kernelPackages = pkgs.linuxKernel.packages.linux_6_18;
                loader = {
                    systemd-boot.enable = true;
                    efi.canTouchEfiVariables = true;
                    timeout = null;
                };
            };
            systemd.settings.Manager.DefaultLimitNOFILE = 2048;
            hardware = {
                graphics.enable = true;
                firmware = with pkgs; [
                    sof-firmware
                ];
 #enable bluetooth
                bluetooth.enable = true;
            };
            programs.partition-manager.enable = true;
            services.pulseaudio.enable = false;
            environment.systemPackages = with pkgs; [
                alsa-utils
            ];
 # Enable the X11 windowing system.
            services.xserver = {
                enable = true;
            };
            services.displayManager.enable = true;
            environment.shells = with pkgs; [ zsh bashInteractive ];
 # Enable CUPS to print documents.
            services.printing.enable = true;
            programs.adb.enable = true;
            programs.zsh.enable = true;
            networking = {
                hostName = "laptop";
                nameservers = [ 
                    "1.1.1.1" 
                    "1.0.0.1" 
                ];
                networkmanager = {
                    enable = true;
                    dns = "none";
                };
                useDHCP = false;
                dhcpcd.enable = false;
            };
            services.openssh.openFirewall = false;
            fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
            boot.kernelParams = [ "snd-intel-dspcfg.dsp_driver=1" ];
            hardware = {
                nvidia = {
                    modesetting.enable = true;
                    powerManagement.enable = true;
                    powerManagement.finegrained = true;
                    open = false;
                    nvidiaSettings = true;
                    package = config.boot.kernelPackages.nvidiaPackages.stable;
                    prime = {
 # Make sure to use the correct Bus ID values for your system!
                        intelBusId = "PCI:0:2:0";
                        nvidiaBusId = "PCI:1:0:0";
 # WARNING: sync and offload are mutually exclusive.
 # You can only pick one!!
 #sync.enable = true;
                        offload = {
                            enable = true;
                            enableOffloadCmd = true;
                        };
                    };
                };
            };
            sops = {
                defaultSopsFile = ./secrets.yaml;
                secrets = {
                    remoteBuildKey = {};
                };
            };
            services.xserver.videoDrivers = [ "nvidia" ];
 # This value determines the NixOS release from which the default
 # settings for stateful data, like file locations and database versions
 # on your system were taken. It‘s perfectly fine and recommended to leave
 # this value at the release version of the first install of this system.
 # Before changing this value read the documentation for this option
 # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
            system.stateVersion = "23.05"; # Did you read the comment?
        };
    };
 }
--- a/modules/hosts/laptop/default.nix
+++ b/modules/hosts/laptop/default.nix
@@ -0,0 +1,12 @@
 { self, inputs, ... }: {
    flake.nixosConfigurations."laptop" = inputs.nixpkgs.lib.nixosSystem {
        modules = with self.nixosModules; [
            user-nathan
            laptop
            laptop-hardware
        ];
    };
 }
--- a/modules/hosts/laptop/hardware-configuration.nix
+++ b/modules/hosts/laptop/hardware-configuration.nix
@@ -0,0 +1,39 @@
 { ... }: {
    flake.nixosModules.laptop-hardware = { config, lib, pkgs, modulesPath, ... }:
    {
        imports =
            [ (modulesPath + "/installer/scan/not-detected.nix")
            ];
        boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
        boot.initrd.kernelModules = [ ];
        boot.kernelModules = [ "kvm-intel" ];
        boot.extraModulePackages = [ ];
        fileSystems."/" =
        { device = "/dev/disk/by-uuid/78c0964d-c09e-4e31-8a73-eb719d79917a";
            fsType = "ext4";
        };
        fileSystems."/boot" =
        { device = "/dev/disk/by-uuid/AE5E-AC86";
            fsType = "vfat";
            options = [ "fmask=0022" "dmask=0022" ];
        };
        swapDevices = [ ];
 # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
 # (the default) this is the recommended approach. When using systemd-networkd it's
 # still possible to use this option, but it's recommended to use it in conjunction
 # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
        networking.useDHCP = lib.mkDefault true;
 # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
 # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
        nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
        hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
    };
 }
--- a/system/profiles/laptop/secrets.yaml
+++ b/system/profiles/laptop/secrets.yaml
--- a/modules/hosts/live/configuration.nix
+++ b/modules/hosts/live/configuration.nix
@@ -0,0 +1,60 @@
 { inputs, ... }: {
    flake.nixosModules.live = { pkgs, ... }: {
        imports = with inputs; [
            disko.nixosModules.default
                (import ./disko.nix { device = "/dev/mmcblk0"; })
                sops-nix.nixosModules.sops
                home-manager.nixosModules.default
        ];
        config = {
            hardware.enableRedistributableFirmware = true;
            hardware.enableAllHardware = true;
            programs.zsh.enable = true;
            environment.shells = with pkgs; [ zsh bashInteractive ];
            networking = {
                nameservers = [ "1.1.1.1" "1.0.0.1" ];
                networkmanager.enable = true;
            };
            nixpkgs.hostPlatform = "x86_64-linux";
            boot = {
                loader = {
                    systemd-boot.enable = true;
                    efi.canTouchEfiVariables = true;
                };
            };
            users.users."nathan" = {
                hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
                packages = with pkgs; [ 
                    git 
                    nerd-fonts.fira-code
                ];
            };
            sops = {
                age.keyFile = "/var/lib/sops/age/keys.txt";
                defaultSopsFile = ./secrets.yaml;
                defaultSopsFormat = "yaml";
 #secrets."nathan/pass".neededForUsers = true;
            };
            system.stateVersion = "25.05";
            fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
        };
    };
 }
--- a/modules/hosts/live/default.nix
+++ b/modules/hosts/live/default.nix
@@ -0,0 +1,11 @@
 { self, inputs, ... }: {
    flake.nixosConfigurations."live" = inputs.nixpkgs.lib.nixosSystem {
        modules = [
            self.nixosModules.live
            self.diskoConfigurations.live
        ];
    };
 }
--- a/modules/hosts/live/disko.nix
+++ b/modules/hosts/live/disko.nix
@@ -0,0 +1,69 @@
 { ... }: {
    flake.diskoConfigurations.live = {
        device1 ? throw "Set this to your disk device, e.g. /dev/sda",
        ...
    }: {
        disko.devices = {
            disk = {
                main = {
                    device = device1;
                    type = "disk";
                    content = {
                        type = "gpt";
                        partitions = {
                            boot = {
                                name = "boot";
                                size = "1M";
                                type = "EF02";
                            };
                            esp = {
                                name = "ESP";
                                size = "500M";
                                type = "EF00";
                                content = {
                                    type = "filesystem";
                                    format = "vfat";
                                    mountpoint = "/boot";
                                };
                            };
                            root = {
                                name = "root";
                                size = "100%";
                                content = {
                                    type = "lvm_pv";
                                    vg = "root_vg";
                                };
                            };
                        };
                    };
                };
            };
            lvm_vg = {
                root_vg = {
                    type = "lvm_vg";
                    lvs = {
                        root = {
                            size = "100%FREE";
                            content = {
                                type = "btrfs";
                                extraArgs = ["-f"];
                                subvolumes = {
                                    "/root" = {
                                        mountpoint = "/";
                                    };
                                    "/nix" = {
                                        mountOptions = ["subvol=nix" "noatime"];
                                        mountpoint = "/nix";
                                    };
                                };
                            };
                        };
                    };
                };
            };    
        };
    };
 }
--- a/system/profiles/live/secrets.yaml
+++ b/system/profiles/live/secrets.yaml
--- a/modules/hosts/pi4/configuration.nix
+++ b/modules/hosts/pi4/configuration.nix
@@ -0,0 +1,87 @@
 { inputs, ... }: {
    flake.nixosModules.pi4 = { config, pkgs, ... }: {
        imports = [
                inputs.disko.nixosModules.default
                inputs.home-manager.nixosModules.default
        ];
        config = {
            boot = {
                loader = {
                    grub.enable = false;
                    generic-extlinux-compatible.enable = true;
                };
            };
            networking = {
                hostName = "pi4";
                nameservers = [ "1.1.1.1" "1.0.0.1" ];
                networkmanager.enable = true;
            };
            time.timeZone = "America/Chicago";
            i18n.defaultLocale = "en_US.UTF-8";
            i18n.extraLocaleSettings = {
                LC_ADDRESS = "en_US.UTF-8";
                LC_IDENTIFICATION = "en_US.UTF-8";
                LC_MEASUREMENT = "en_US.UTF-8";
                LC_MONETARY = "en_US.UTF-8";
                LC_NAME = "en_US.UTF-8";
                LC_NUMERIC = "en_US.UTF-8";
                LC_PAPER = "en_US.UTF-8";
                LC_TELEPHONE = "en_US.UTF-8";
                LC_TIME = "en_US.UTF-8";
            };
            hardware = {
                bluetooth.enable = true;
            };
            programs.zsh.enable = true;
            environment.shells = with pkgs; [ zsh ];
            users = { 
                groups.gpio = {};
            };
            services = {
                udev.extraRules = ''
                    SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
                    SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
                    SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
                    '';
                pulseaudio = {
                    enable = true;
                    extraConfig = ''
                        load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
                        '';
                };
            };
            sops = {
                age.keyFile = "/var/lib/sops/age/keys.txt";
                defaultSopsFile = ./secrets.yaml;
                defaultSopsFormat = "yaml";
            };
            fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
            sound.enable = true;
            security.rtkit.enable = true;
            system.stateVersion = "25.05";
        };
    };
 }
--- a/modules/hosts/pi4/default.nix
+++ b/modules/hosts/pi4/default.nix
@@ -0,0 +1,12 @@
 { self, inputs, ... }: {
    flake.nixosConfigurations."pi4" = inputs.nixpkgs.lib.nixosSystem {
        modules = [
            self.nixosModules.pi4
            self.nixosModules.pi4-hardware
            self.diskoConfigurations.pi4
        ];
    };
 }
--- a/modules/hosts/pi4/disko.nix
+++ b/modules/hosts/pi4/disko.nix
@@ -0,0 +1,69 @@
 { ... }: {
    flake.diskoConfigurations.pi4 = {
        device1 ? throw "Set this to your disk device, e.g. /dev/sda",
        ...
    }: {
        disko.devices = {
            disk = {
                main = {
                    device = device1;
                    type = "disk";
                    content = {
                        type = "gpt";
                        partitions = {
                            boot = {
                                name = "boot";
                                size = "1M";
                                type = "EF02";
                            };
                            esp = {
                                name = "ESP";
                                size = "500M";
                                type = "EF00";
                                content = {
                                    type = "filesystem";
                                    format = "vfat";
                                    mountpoint = "/boot";
                                };
                            };
                            root = {
                                name = "root";
                                size = "100%";
                                content = {
                                    type = "lvm_pv";
                                    vg = "root_vg";
                                };
                            };
                        };
                    };
                };
            };
            lvm_vg = {
                root_vg = {
                    type = "lvm_vg";
                    lvs = {
                        root = {
                            size = "100%FREE";
                            content = {
                                type = "btrfs";
                                extraArgs = ["-f"];
                                subvolumes = {
                                    "/root" = {
                                        mountpoint = "/";
                                    };
                                    "/nix" = {
                                        mountOptions = ["subvol=nix" "noatime"];
                                        mountpoint = "/nix";
                                    };
                                };
                            };
                        };
                    };
                };
            };    
        };
    };
 }
--- a/modules/hosts/pi4/hardware-configuration.nix
+++ b/modules/hosts/pi4/hardware-configuration.nix
@@ -0,0 +1,27 @@
 { ... }: {
    flake.nixosModules.pi4-hardware = { config, lib, pkgs, modulesPath, ... }:
    {
        imports =
            [ (modulesPath + "/installer/scan/not-detected.nix")
            ];
        boot.initrd.availableKernelModules = [ "xhci_pci" ];
        boot.initrd.kernelModules = [ ];
        boot.kernelModules = [ ];
        boot.extraModulePackages = [ ];
        swapDevices = [ ];
 # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
 # (the default) this is the recommended approach. When using systemd-networkd it's
 # still possible to use this option, but it's recommended to use it in conjunction
 # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
        networking.useDHCP = lib.mkDefault true;
 # networking.interfaces.end0.useDHCP = lib.mkDefault true;
 # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
        nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
    };
 }
--- a/system/profiles/pi4/secrets.yaml
+++ b/system/profiles/pi4/secrets.yaml
--- a/modules/parts.nix
+++ b/modules/parts.nix
@@ -0,0 +1,12 @@
 { inputs, ... }: {
    imports = [
        inputs.home-manager.flakeModules.home-manager
        inputs.disko.flakeModules.default
    ];
    systems = [
        "x86_64-linux"
        "aarch64-linux"
    ];
 }
--- a/modules/users/nathan/home-manager/.sops.yaml
+++ b/modules/users/nathan/home-manager/.sops.yaml
@@ -0,0 +1,11 @@
 keys:
  - &homebox age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
  - &laptop age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
  - &android age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
 creation_rules:
  - path_regex: ^secrets.yaml$
    key_groups:
    - age:
      - *laptop
      - *homebox
      - *android
--- a/modules/users/nathan/home-manager/default.nix
+++ b/modules/users/nathan/home-manager/default.nix
@@ -0,0 +1,75 @@
 { self, inputs, ... }: {
    flake.homeModules.nathan = { config, lib, pkgs, ... }: {
        imports = with self.homeModules; [
            inputs.sops-nix.homeManagerModules.sops
            nathan-terminal
            nathan-mpd
            nathan-nh
        ];
        config = {
            home.username = "nathan";
            home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
            home.stateVersion = "23.11";
            home.pointerCursor = {
                gtk.enable = true;
                package = pkgs.bibata-cursors;
                name = "Bibata-Modern-Classic";
                size = 16;
            };
            dconf.settings = {
                "org/virt-manager/virt-manager/connections" = {
                    autoconnect = ["qemu:///system"];
                    uris = ["qemu:///system"];
                };
            };
            gtk = {
                enable = true;
                theme.name = "Tokyonight-Dark";
                theme.package = pkgs.tokyonight-gtk-theme;
                iconTheme.package = pkgs.rose-pine-icon-theme;
                iconTheme.name = "rose-pine-moon";
            };
            sops = {
                age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
                defaultSopsFile = ./secrets.yaml;
                defaultSopsFormat = "yaml";
 #secrets."remoteBuildKey" = {};
            };
            services.mpris-proxy.enable = true;
            programs.ssh = {
                enable = true;
                matchBlocks = {
                    "builder" = {
                        hostname = "esotericbytes.com";
                        user = "remote-builder";
                        identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
                        port = 22;
                    };
                    "remote" = {
                        hostname = "esotericbytes.com";
                        user = "nathan";
                        identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
                        port = 22;
                    };
                };
            };
        };
    };
 }
--- a/modules/users/nathan/home-manager/dotfiles/Wallpaper/Tron.jpg
+++ b/modules/users/nathan/home-manager/dotfiles/Wallpaper/Tron.jpg
--- a/modules/users/nathan/home-manager/dotfiles/Wallpaper/bluescape.jpg
+++ b/modules/users/nathan/home-manager/dotfiles/Wallpaper/bluescape.jpg
--- a/modules/users/nathan/home-manager/dotfiles/Wallpaper/chainsaw_man.png
+++ b/modules/users/nathan/home-manager/dotfiles/Wallpaper/chainsaw_man.png
--- a/modules/users/nathan/home-manager/dotfiles/Wallpaper/eighty-six1.png
+++ b/modules/users/nathan/home-manager/dotfiles/Wallpaper/eighty-six1.png
--- a/modules/users/nathan/home-manager/dotfiles/Wallpaper/eighty-six2.png
+++ b/modules/users/nathan/home-manager/dotfiles/Wallpaper/eighty-six2.png
--- a/modules/users/nathan/home-manager/dotfiles/Wallpaper/eighty-six3.png
+++ b/modules/users/nathan/home-manager/dotfiles/Wallpaper/eighty-six3.png
--- a/modules/users/nathan/home-manager/dotfiles/Wallpaper/frieren.png
+++ b/modules/users/nathan/home-manager/dotfiles/Wallpaper/frieren.png
--- a/modules/users/nathan/home-manager/dotfiles/Wallpaper/galaxy.jpg
+++ b/modules/users/nathan/home-manager/dotfiles/Wallpaper/galaxy.jpg
--- a/modules/users/nathan/home-manager/dotfiles/Wallpaper/goblin_slayer1.png
+++ b/modules/users/nathan/home-manager/dotfiles/Wallpaper/goblin_slayer1.png
--- a/modules/users/nathan/home-manager/dotfiles/Wallpaper/goblin_slayer2.png
+++ b/modules/users/nathan/home-manager/dotfiles/Wallpaper/goblin_slayer2.png
--- a/modules/users/nathan/home-manager/dotfiles/Wallpaper/goblin_slayer3.png
+++ b/modules/users/nathan/home-manager/dotfiles/Wallpaper/goblin_slayer3.png
--- a/modules/users/nathan/home-manager/dotfiles/Wallpaper/higuruma.png
+++ b/modules/users/nathan/home-manager/dotfiles/Wallpaper/higuruma.png
--- a/modules/users/nathan/home-manager/dotfiles/Wallpaper/higuruma1.png
+++ b/modules/users/nathan/home-manager/dotfiles/Wallpaper/higuruma1.png
--- a/modules/users/nathan/home-manager/dotfiles/Wallpaper/kurisu.gif
+++ b/modules/users/nathan/home-manager/dotfiles/Wallpaper/kurisu.gif
--- a/modules/users/nathan/home-manager/dotfiles/Wallpaper/kurisu.jpg
+++ b/modules/users/nathan/home-manager/dotfiles/Wallpaper/kurisu.jpg
--- a/modules/users/nathan/home-manager/dotfiles/Wallpaper/llenn.png
+++ b/modules/users/nathan/home-manager/dotfiles/Wallpaper/llenn.png
--- a/modules/users/nathan/home-manager/dotfiles/Wallpaper/megumin.png
+++ b/modules/users/nathan/home-manager/dotfiles/Wallpaper/megumin.png
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Nathan	806e8900b4	ssh for laptop	2026-04-22 23:02:19 -05:00
Nathan	5731f191f7	ssh for laptop test	2026-04-22 21:59:17 -05:00
Nathan	c6b84a7c49	fix	2026-04-22 14:51:39 -05:00
Nathan	cbebf1639f	restructure	2026-04-22 14:09:08 -05:00
Nathan	4ae1389378	restructure	2026-04-22 13:56:19 -05:00
Nathan	2fd2e5f2aa	restructure	2026-04-22 13:53:13 -05:00
Nathan	e950b4c162	restructure	2026-04-22 13:27:21 -05:00
Nathan	06385f94f6	restructure	2026-04-22 12:30:34 -05:00
Nathan	03bec1dcaf	restructure	2026-04-22 09:46:04 -05:00
Nathan	cff3aec197	restructure	2026-04-22 09:23:44 -05:00
Nathan	e2a6515ad6	restructure	2026-04-22 09:22:24 -05:00
Nathan	63559c16ac	top level restructure	2026-04-22 08:25:10 -05:00
Nathan	846d33ac50	iso package test	2026-04-21 23:14:21 -05:00
Nathan	9a98e3256f	iso package test	2026-04-21 23:12:38 -05:00
Nathan	f525b68345	iso package test	2026-04-21 23:06:48 -05:00
Nathan	0c7cafdc17	netbird unstable	2026-04-21 22:16:02 -05:00
Nathan	eff446334d	netbird unstable	2026-04-21 19:54:14 -05:00
Nathan	97c84ff716	test	2026-04-21 19:33:46 -05:00
Nathan	f0860c2602	fix docker	2026-04-19 10:21:54 -05:00
Nathan	54d4d5aadf	fix sops	2026-04-19 08:34:52 -05:00
Nathan	3b386828af	fix disko	2026-04-19 07:55:25 -05:00
Nathan	300b407208	remove submodules	2026-04-19 00:32:04 -05:00
Nathan	711b1f198e	remote flakes	2026-04-19 00:27:55 -05:00
Nathan	fada73a69c	wallpapers	2026-04-16 23:09:15 -05:00
Nathan	cd1392517a	update flake	2026-04-12 21:22:35 -05:00
Nathan	04e238810c	update flake	2026-04-12 20:58:58 -05:00
Nathan	a727cf8722	update flake	2026-04-12 20:54:17 -05:00
Nathan	8016b58416	update flake	2026-04-12 20:51:08 -05:00
Nathan	1ccbb3eb6c	update flake	2026-04-12 20:49:29 -05:00
Nathan	55783a7780	update flake	2026-04-12 20:39:46 -05:00
Nathan	c0443e73e6	update flake	2026-04-11 20:03:23 -05:00
Nathan	1316fe9169	update flake	2026-04-11 20:02:04 -05:00
Nathan	f5cba81ace	update flake	2026-04-11 07:39:15 -05:00
Nathan	e6d45592df	fix	2026-04-11 07:31:13 -05:00
Nathan	f1637d0497	renamed package	2026-04-11 07:28:44 -05:00
Nathan	ab691de708	update flake	2026-04-11 07:24:41 -05:00
Nathan	f8e4ddce82	update flake	2026-04-11 07:03:09 -05:00
Nathan	64b5a8c65b	test	2026-04-10 16:57:01 -05:00
Nathan	41ebb79c2a	test	2026-04-10 16:53:50 -05:00
Nathan	068d260470	test	2026-04-10 16:48:57 -05:00
Nathan	b34ad76811	test	2026-04-10 16:45:23 -05:00
Nathan	c79f76efa1	test	2026-04-10 16:41:39 -05:00
Nathan	87a4cc6455	test	2026-04-10 16:30:54 -05:00
Nathan	0bcab64638	test	2026-04-10 16:26:34 -05:00
Nathan	59fe61b835	test	2026-04-10 16:22:50 -05:00
Nathan	c25a1c26f5	test	2026-04-10 16:19:17 -05:00
Nathan	5cc628cfd9	test	2026-04-10 13:12:29 -05:00
Nathan	8b67d7b8fb	test	2026-04-10 12:04:24 -05:00
Nathan	69797b6b01	test	2026-04-10 11:48:37 -05:00
Nathan	7853bc389d	test	2026-04-10 11:43:02 -05:00
Nathan	a1417b9514	test	2026-04-10 11:21:59 -05:00
Nathan	dcc347a717	test	2026-04-09 19:02:59 -05:00
Nathan	4b32b5a3e7	test	2026-04-09 18:44:48 -05:00
Nathan	a87eb1994f	test	2026-04-09 16:59:41 -05:00
Nathan	bdac2cafee	test	2026-04-09 14:40:53 -05:00
Nathan	86a1071b1b	test	2026-04-09 14:27:19 -05:00
Nathan	11048faa79	test	2026-04-09 14:25:40 -05:00
Nathan	58eec1d59d	test	2026-04-09 11:23:51 -05:00
Nathan	00a830c3c4	test	2026-04-09 11:20:46 -05:00
Nathan	94a2ed6c8a	test	2026-04-09 11:20:15 -05:00
Nathan	42d2399c42	test	2026-04-01 07:44:13 -05:00
Nathan	8704160c10	test	2026-03-31 22:45:28 -05:00
Nathan	74d813c5e8	test	2026-03-31 20:28:21 -05:00
Nathan	0c7291d3eb	test	2026-03-31 20:25:04 -05:00
Nathan	10e69d4eff	test	2026-03-31 20:20:01 -05:00
Nathan	72ecac11b7	test aurora	2026-03-31 20:14:04 -05:00
Nathan	db8f72308b	test	2026-03-31 20:08:30 -05:00
Nathan	59a6dc79f0	test	2026-03-31 20:07:15 -05:00
Nathan	297b993992	update aurora	2026-03-21 16:20:01 -05:00
Nathan	0df6aee231	debugpy 3.14 broken	2026-03-20 13:29:11 -05:00
Nathan	33d139bdf6	update aurora	2026-03-20 13:04:13 -05:00
Nathan	effeddf963	name	2026-03-20 12:58:09 -05:00
Nathan	79c8e5061b	test aurora	2026-03-20 11:28:20 -05:00
Nathan	1636b715b5	update aurora	2026-03-07 17:38:02 -06:00
Nathan	c00be80234	latest hyprland	2026-03-07 11:32:02 -06:00
Nathan	7fb7498acc	scrolling	2026-03-07 11:17:29 -06:00
Nathan	449dbcff24	scrolling	2026-03-07 11:14:33 -06:00
Nathan	317bc368e9	scrolling	2026-03-07 11:13:07 -06:00
Nathan	d3689592e8	update aurora	2026-03-07 10:59:59 -06:00
Nathan	e6a810d833	test	2026-03-07 10:42:51 -06:00
Nathan	21579b281f	test	2026-03-07 10:29:59 -06:00
Nathan	68bdc0c85e	test	2026-03-07 10:23:56 -06:00
Nathan	64973efb33	test	2026-03-07 10:21:52 -06:00
Nathan	bed86c50dd	test	2026-03-07 10:19:59 -06:00
Nathan	df6268f8c3	test	2026-03-07 10:15:43 -06:00
Nathan	09ff97278c	test	2026-03-07 10:04:58 -06:00
Nathan	445e6a8c8b	test	2026-03-07 10:03:45 -06:00
Nathan	b860c0ead1	test	2026-03-07 10:02:43 -06:00
Nathan	ed863b4ab1	test	2026-03-07 09:49:53 -06:00
Nathan	498fd77851	test	2026-03-07 09:27:49 -06:00
Nathan	19537a1499	test	2026-03-07 09:18:34 -06:00
Nathan	b7c9ca3ccc	test	2026-03-07 09:16:40 -06:00
Nathan	8c66096e81	test	2026-03-06 23:23:42 -06:00
Nathan	e6b2a1d3ee	test	2026-03-06 23:17:43 -06:00
Nathan	93b4b2730f	test	2026-03-06 21:55:48 -06:00
Nathan	e9988b21ff	test	2026-03-06 21:47:12 -06:00
Nathan	d6e9904bfc	test	2026-03-06 21:32:57 -06:00
Nathan	aea1919a44	test	2026-03-06 21:27:24 -06:00
Nathan	da7ad42da9	test	2026-03-06 20:04:38 -06:00
Nathan	13e5c8410e	test	2026-03-06 19:42:47 -06:00
Nathan	c8cfd433ae	test	2026-03-06 19:39:21 -06:00
Nathan	60dd114bcc	update aurora	2026-03-06 19:35:52 -06:00
Nathan	ac12242060	update aurora	2026-03-06 19:31:03 -06:00
Nathan	c3f12243d8	Begin Dendritic rewrite	2026-03-06 19:17:00 -06:00
Nathan	e296f298b1	Begin Dendritic rewrite	2026-03-06 19:07:55 -06:00
Nathan	f656be3dfb	Begin Dendritic rewrite	2026-03-06 19:05:37 -06:00
Nathan	eb5b08c8f0	Begin Dendritic rewrite	2026-03-06 18:46:38 -06:00
Nathan	fa9ca0ec63	Begin Dendritic rewrite	2026-03-06 18:37:21 -06:00
Nathan	fd10360294	Begin Dendritic rewrite	2026-03-06 18:27:39 -06:00
Nathan	0237820306	Begin Dendritic rewrite	2026-03-06 18:26:41 -06:00
Nathan	64b6b6b763	Begin Dendritic rewrite	2026-03-06 18:23:19 -06:00
Nathan	78b1b26b91	Begin Dendritic rewrite	2026-03-06 16:34:10 -06:00
Nathan	44eb6492f2	Begin Dendritic rewrite	2026-03-06 16:32:07 -06:00
Nathan	597f51e7b2	Begin Dendritic rewrite	2026-03-06 16:25:23 -06:00
Nathan	c1684a80f7	Begin Dendritic rewrite	2026-03-06 16:24:53 -06:00
Nathan	f3a90a0fe8	test	2026-02-28 19:01:49 -06:00
Nathan	11089070ba	test	2026-02-28 18:05:10 -06:00
Nathan	8697469f5f	add authentik middleware	2026-02-28 17:56:12 -06:00
Nathan	fa6abcfd98	add ssh key	2026-02-28 17:26:54 -06:00
Nathan	7f0629f313	work on docker gitea	2026-02-25 09:03:17 -06:00
Nathan	1a088bc501	no nextcloud for now	2026-02-20 21:35:52 -06:00
Nathan	0f70cf9bbc	add localsend	2026-02-14 18:02:53 -06:00
Nathan	fbf6864350	ollama ip	2026-02-04 00:15:51 -06:00
Nathan	b3058b25a6	jellyfin	2026-02-03 10:25:15 -06:00
Nathan	1ec2681731	jellyfin	2026-02-03 10:21:10 -06:00
Nathan	2c0bfcbcdd	jellyfin	2026-02-03 10:19:49 -06:00
Nathan	51942d5e10	jellyfin	2026-02-03 10:12:48 -06:00
Nathan	6dbbe36327	nextcloud ip	2026-02-03 08:55:30 -06:00
Nathan	2dec58998d	nixvim	2026-02-03 08:45:58 -06:00
Nathan	f3d0db4a63	static ips	2026-02-03 00:59:13 -06:00
Nathan	d4e2841833	update flake	2026-02-03 00:34:27 -06:00
Nathan	e1eb4569a8	remove graphics option	2026-02-03 00:31:06 -06:00
Nathan	a9d1fd2316	open to web	2026-02-02 19:25:26 -06:00
Nathan	fc3ed73055	no ports	2026-02-02 19:15:56 -06:00
Nathan	488a6437c3	opengl?	2026-02-02 14:45:04 -06:00
Nathan	b40400ed71	aio stuff	2026-02-02 12:23:59 -06:00
Nathan	1dcb262114	aio stuff	2026-02-02 12:19:50 -06:00
Nathan	5e9b353529	aio stuff	2026-02-02 12:11:51 -06:00
Nathan	12c0bd71dd	skip domain validation	2026-02-02 11:11:17 -06:00
Nathan	930596db1a	docker containers use pihole	2026-02-02 10:56:00 -06:00
Nathan	6643b584f9	nextcloud	2026-02-02 10:42:32 -06:00
Nathan	2205f7ca57	nextcloud	2026-02-02 10:34:05 -06:00
Nathan	784a3f213e	name	2026-02-02 10:11:05 -06:00
Nathan	98da646e59	name	2026-02-02 10:08:05 -06:00
Nathan	12d8b7746b	version	2026-02-02 09:45:03 -06:00
Nathan	529e9f994f	nextcloud	2026-02-02 09:33:16 -06:00
Nathan	be86d9b31b	port	2026-02-01 14:37:05 -06:00
Nathan	7ac91b21b3	volume stuff	2026-02-01 14:16:19 -06:00
Nathan	851911f491	netbird version bs	2026-02-01 14:12:47 -06:00
Nathan	a0da606694	add openwebui	2026-02-01 14:05:39 -06:00
Nathan	8a8b48a6cc	add openwebui	2026-02-01 14:03:13 -06:00
Nathan	7dd49cd8e4	authentik fix	2026-02-01 09:10:24 -06:00
Nathan	a00a888676	route gitea ssh through traefik	2026-02-01 08:15:13 -06:00
Nathan	536a76ca80	update netbird volumes	2026-02-01 07:56:47 -06:00
Nathan	41b13580dc	update hass proxy	2026-02-01 07:36:24 -06:00
Nathan	74b0d63f26	dockerfy netbird	2026-02-01 07:07:06 -06:00
Nathan	e91def66b5	update netbird secrets	2026-02-01 06:57:38 -06:00
Nathan	9325a6b079	dockerfy netbird	2026-02-01 06:53:07 -06:00
Nathan	f9e66ff1a0	dockerfy netbird	2026-02-01 06:48:12 -06:00
Nathan	98c81001f7	dockerfy traefik	2026-01-31 20:31:59 -06:00
Nathan	002bd38906	dockerfy traefik	2026-01-31 20:24:44 -06:00
Nathan	1a52dd8041	dockerfy traefik	2026-01-31 20:22:06 -06:00
Nathan	67f75bcd97	dockerfy traefik	2026-01-31 20:20:17 -06:00
Nathan	1bba167d6d	dockerfy traefik	2026-01-31 19:43:37 -06:00
Nathan	f418f3dfa5	dockerfy traefik	2026-01-31 19:36:38 -06:00
Nathan	0c5ab6519d	dockerfy traefik	2026-01-31 18:50:01 -06:00
Nathan	e58d6118ea	dockerfy traefik	2026-01-31 15:41:36 -06:00
Nathan	aecbdb243d	dockerfy traefik	2026-01-31 15:34:12 -06:00
Nathan	4cc510d584	dockerfy traefik	2026-01-31 15:00:06 -06:00
Nathan	1ab353746d	dockerfy traefik	2026-01-31 14:52:24 -06:00
Nathan	05fd4f67b1	dockerfy traefik	2026-01-31 14:24:21 -06:00
Nathan	d134f6e849	dockerfy traefik	2026-01-31 14:06:59 -06:00
Nathan	03c66ccc13	dockerfy traefik	2026-01-31 13:44:46 -06:00
Nathan	dd44fd8b0c	dockerfy traefik	2026-01-31 13:41:06 -06:00
Nathan	5226ade22c	dockerfy traefik	2026-01-31 13:35:59 -06:00
Nathan	e162e47b1d	dockerfy traefik	2026-01-31 13:03:18 -06:00
Nathan	6541a307bc	dockerfy traefik	2026-01-31 11:27:49 -06:00
Nathan	2be4a81c03	dockerfy traefik	2026-01-31 11:27:30 -06:00
Nathan	2d52f92795	dockerfy traefik	2026-01-31 11:20:33 -06:00
Nathan	3a47aa53d0	dockerfy traefik	2026-01-31 11:09:13 -06:00
Nathan	9b01209ef0	dockerfy traefik	2026-01-31 11:06:17 -06:00
Nathan	1372c8f1ce	dockerfy traefik	2026-01-31 10:45:08 -06:00
Nathan	b264cddcda	dockerfy traefik	2026-01-31 10:38:41 -06:00
Nathan	8f3ded4029	dockerfy traefik	2026-01-31 10:17:46 -06:00
Nathan	f15a6b92ae	dockerfy traefik	2026-01-31 10:13:33 -06:00
Nathan	15f6577c84	dockerfy traefik	2026-01-31 09:22:09 -06:00
Nathan	48d8f13145	dockerfy traefik	2026-01-31 09:20:11 -06:00
Nathan	5de8af47ff	dockerfy traefik	2026-01-31 09:18:52 -06:00
Nathan	75586a64f3	dockerfy traefik	2026-01-31 09:15:58 -06:00
Nathan	06edfb2795	great docker migration	2026-01-30 11:19:24 -06:00
Nathan	0603de3f11	secrets	2026-01-30 07:37:06 -06:00
Nathan	2f4419eb59	begin great docker migration	2026-01-30 00:08:37 -06:00
Nathan	4bccbb92f4	enable authentik	2026-01-28 11:30:38 -06:00
Nathan	f41ca1867e	enable authentik	2026-01-28 11:16:48 -06:00
Nathan	9a0dfc4cca	try authentik	2026-01-28 11:12:58 -06:00
Nathan	d7875217bd	begin work on authentik again	2026-01-27 17:42:00 -06:00
Nathan	89328fe7e7	hass config update	2026-01-26 17:39:43 -06:00
Nathan	d9338b280e	add hass config	2026-01-26 17:32:37 -06:00
Nathan	51f15e3305	docker image	2026-01-26 17:11:37 -06:00
Nathan	bbd135bad9	home-assistant docker	2026-01-26 16:34:30 -06:00
Nathan	94ae66c7eb	vms	2026-01-25 17:36:45 -06:00
Nathan	b72a7f5660	vms	2026-01-25 14:26:56 -06:00
Nathan	a73ed8e3f0	try n8n	2026-01-25 14:09:42 -06:00
Nathan	3e42c24435	try n8n	2026-01-25 14:05:51 -06:00
Nathan	fbce7e8f2b	try n8n	2026-01-25 13:29:36 -06:00
Nathan	e0ae6fd31e	group	2026-01-25 13:27:03 -06:00
Nathan	6e70652719	n8n fix	2026-01-23 12:18:23 -06:00
Nathan	cc0b9cef25	n8n fix firewall	2026-01-23 11:26:18 -06:00
Nathan	8e07c32238	netbird fix container dns	2026-01-23 11:03:11 -06:00
Nathan	d2ea2395f0	fix netbird secrets_setup	2026-01-23 10:40:37 -06:00
Nathan	b4d7f9c3d2	no ha yet	2026-01-23 08:24:35 -06:00
Nathan	33cf8a4f0a	docker n8n	2026-01-23 07:41:39 -06:00
Nathan	94a1ca970f	match gitea ssh ports	2026-01-22 20:25:44 -06:00
Nathan	1238fa76db	wyoming	2026-01-22 13:00:27 -06:00
Nathan	58e0b82520	wyoming	2026-01-22 12:54:52 -06:00
Nathan	b4bac11cf9	option	2026-01-22 12:50:44 -06:00
Nathan	bb45b7b08a	option	2026-01-22 12:49:45 -06:00
Nathan	9a07fe0d59	proper ssh port	2026-01-22 12:46:55 -06:00
Nathan	5c8ebb84bb	proper ssh port	2026-01-22 12:15:03 -06:00
Nathan	6dfacb91da	proper ssh port	2026-01-22 12:10:02 -06:00
Nathan	128a560bb0	use ssh for submodules	2026-01-22 10:20:51 -06:00
Nathan	86fbc59bcf	virtual machines	2026-01-22 09:18:06 -06:00
Nathan	82e15df890	next step	2026-01-22 09:15:41 -06:00
Nathan	a60a5b738b	use recent packages	2026-01-21 22:23:00 -06:00
Nathan	191a54670e	option	2026-01-21 22:16:15 -06:00
Nathan	7949acb8f0	option	2026-01-21 21:58:19 -06:00
Nathan	11e881b1cc	import	2026-01-21 21:55:42 -06:00
Nathan	2223acef57	inputs	2026-01-21 21:52:29 -06:00
Nathan	b1d54ce420	import	2026-01-21 21:50:20 -06:00
Nathan	d3c63aa684	import	2026-01-21 21:41:17 -06:00
Nathan	dac6771f58	import	2026-01-21 21:33:52 -06:00
Nathan	cf784f3847	inputs	2026-01-21 18:49:59 -06:00
Nathan	e9c4339640	inputs	2026-01-21 17:55:17 -06:00
Nathan	386c4d6561	submodules should use https	2026-01-21 17:44:50 -06:00
Nathan	66171880bc	submodules should use https	2026-01-21 17:43:55 -06:00
Nathan	65430099bf	submodules should use https	2026-01-21 17:40:57 -06:00
Nathan	a65cfacb79	Revert "submodules should use https" This reverts commit `c6a21aee85`.	2026-01-21 17:37:32 -06:00
Nathan	c6a21aee85	submodules should use https	2026-01-21 17:30:50 -06:00
Nathan	514e4864ca	options	2026-01-21 16:30:18 -06:00
Nathan	69d16e38a8	nix-on-droid only goes to 24.05	2026-01-21 12:24:27 -06:00
Nathan	e86a839bd7	rename options	2026-01-21 09:42:51 -06:00
Nathan	65f878b20d	prepare android	2026-01-21 09:27:44 -06:00
Nathan	b893475db6	prepare android	2026-01-21 09:22:22 -06:00
Nathan	1ada91d5ef	reorganize	2026-01-20 17:34:34 -06:00
Nathan	42bf08084e	reorganize and fix searxng	2026-01-20 17:30:56 -06:00
Nathan	50d192c809	reorganize	2026-01-20 13:34:12 -06:00
Nathan	c028bad2a6	fix portainer domain	2026-01-20 12:44:01 -06:00
Nathan	9b218f88fa	fix traefik docker	2026-01-20 12:34:45 -06:00
Nathan	276823d2aa	fix traefik docker	2026-01-20 11:53:31 -06:00
Nathan	ab47a1ea52	fix traefik docker	2026-01-20 11:48:40 -06:00
Nathan	4a7615b50c	fix traefik docker	2026-01-20 11:40:43 -06:00
Nathan	ea37cbe865	no error	2026-01-20 11:17:08 -06:00
Nathan	8cc337ca0e	no error	2026-01-20 11:16:46 -06:00
Nathan	f99cb4f761	try docker provider for traefik	2026-01-20 11:15:55 -06:00
Nathan	6abef03321	networking	2026-01-19 19:46:45 -06:00
Nathan	f584fb2e32	networking	2026-01-19 19:40:29 -06:00
Nathan	b7763031dd	networking	2026-01-19 19:36:09 -06:00
Nathan	761624c21c	networking	2026-01-19 17:53:14 -06:00
Nathan	43d87cb6b3	networking	2026-01-19 17:42:51 -06:00
Nathan	be310b9ae7	docker network	2026-01-19 17:25:19 -06:00
Nathan	39fb19f62e	setup internal services	2026-01-19 16:06:23 -06:00
Nathan	f7041607d7	try	2026-01-19 11:10:07 -06:00
Nathan	6ef3081bd1	try	2026-01-19 10:46:19 -06:00
Nathan	c69e8ed0ef	help	2026-01-19 10:35:43 -06:00
Nathan	9e3023c26b	help	2026-01-19 10:33:23 -06:00
Nathan	3a6c6673eb	help	2026-01-19 10:08:09 -06:00
Nathan	c6baa8fc5b	try pihole network	2026-01-19 09:13:22 -06:00
Nathan	9a89b1ee6a	try pihole network	2026-01-19 09:10:54 -06:00
Nathan	eda60a7fec	try pihole network	2026-01-19 08:49:42 -06:00
Nathan	e69f8348be	try pihole network	2026-01-19 08:42:11 -06:00
Nathan	23b4035da1	try pihole network	2026-01-19 01:09:51 -06:00
Nathan	02427aca71	try netbird + pihole	2026-01-19 00:42:13 -06:00
Nathan	03274e6e46	try netbird + pihole	2026-01-19 00:35:11 -06:00
Nathan	bf994f7e13	try compartmental traefik	2026-01-18 23:59:14 -06:00
Nathan	3696bab033	try compartmental traefik	2026-01-18 23:16:54 -06:00
Nathan	ea2a03037a	try compartmental traefik	2026-01-18 23:14:32 -06:00
Nathan	0947941c11	dns trouble	2026-01-18 22:22:48 -06:00
Nathan	c48ecab2bd	dns trouble	2026-01-18 22:11:32 -06:00
Nathan	55b1cae63b	set pihole as sole dns	2026-01-18 21:34:28 -06:00
Nathan	76a072d274	try pihole as sole dns	2026-01-18 19:41:19 -06:00
Nathan	346907fce4	try pihole as sole dns	2026-01-18 18:58:59 -06:00
Nathan	86810b6105	fix remote build	2026-01-18 18:27:02 -06:00
Nathan	eba2b6e52f	fix remote build	2026-01-18 18:23:45 -06:00
Nathan	96e4476934	fix remote build	2026-01-18 18:22:40 -06:00
Nathan	560f36b18e	packages	2026-01-18 17:22:49 -06:00
Nathan	0c9d45ad39	packages	2026-01-18 17:17:23 -06:00
Nathan	e39eeac850	packages	2026-01-18 17:14:48 -06:00
Nathan	46cc39c91f	options	2026-01-18 17:11:03 -06:00
Nathan	9f7b03679a	options	2026-01-18 17:10:23 -06:00
Nathan	96ab25c6ad	move options	2026-01-18 17:08:05 -06:00
Nathan	d530844886	docker ollama tune	2026-01-18 14:34:43 -06:00
Nathan	8bb52d7df6	docker ollama tune	2026-01-18 14:31:50 -06:00
Nathan	05d4280ad6	docker ollama debug	2026-01-18 14:17:46 -06:00
Nathan	90b99dbf19	docker ollama debug	2026-01-18 14:13:22 -06:00
Nathan	f96f7182c4	docker ollama debug	2026-01-18 14:08:35 -06:00
Nathan	bd8b5f1327	docker perms	2026-01-18 13:40:15 -06:00
Nathan	d13b59e7ac	docker ollama	2026-01-18 13:34:23 -06:00
Nathan	69b47de1fc	docker pihole debug	2026-01-18 12:42:14 -06:00
Nathan	06cb547197	docker pihole debug	2026-01-18 12:32:47 -06:00
Nathan	f0ec952442	docker pihole enable	2026-01-18 12:23:46 -06:00
Nathan	2fab28204d	docker pihole	2026-01-18 12:21:50 -06:00
Nathan	9b32b8a6db	option	2026-01-18 11:01:24 -06:00
Nathan	71e6fbcef4	spellcheck	2026-01-18 10:57:51 -06:00
Nathan	1b140efc19	mkIf nonsense	2026-01-18 10:57:03 -06:00
Nathan	8c21db0a08	try	2026-01-18 10:54:34 -06:00
Nathan	d5a7657410	spellcheck	2026-01-18 10:47:22 -06:00
Nathan	e5b8871d4e	try docker	2026-01-18 10:45:33 -06:00
Nathan	a6808a984e	try	2026-01-17 10:24:00 -06:00
Nathan	e5f6a4bc69	dns	2026-01-17 10:19:35 -06:00
Nathan	eb857b8d03	timeout	2026-01-17 10:13:32 -06:00
Nathan	712aaab720	spellcheck	2026-01-17 10:10:47 -06:00
Nathan	778433b318	try networkd again	2026-01-17 10:08:11 -06:00
Nathan	7440ef91b4	try preStart	2026-01-16 20:37:49 -06:00
Nathan	265a526c8b	try networkd	2026-01-16 19:15:29 -06:00
Nathan	6cd5770452	pihole and dots	2026-01-16 18:33:53 -06:00
Nathan	66d2dde112	try cname	2026-01-16 07:42:43 -06:00
Nathan	7974a95659	pihole please	2026-01-15 23:37:22 -06:00
Nathan	8b605d692f	pihole please	2026-01-15 23:23:27 -06:00
Nathan	b911a7931e	pihole?	2026-01-15 23:16:49 -06:00
Nathan	574b2c058b	pihole?	2026-01-15 23:11:54 -06:00
Nathan	f4f69a4a25	pihole?	2026-01-15 23:07:10 -06:00
Nathan	640c5911f6	ollama env var	2026-01-15 21:20:53 -06:00
Nathan	be74b8caaf	test dns	2026-01-15 21:05:12 -06:00
Nathan	be199acad3	rewrite colorPrefix	2026-01-15 19:45:55 -06:00
Nathan	3335542d54	rewrite colorPrefix	2026-01-15 19:39:46 -06:00
Nathan	e008cd4d89	don't use bs nameservers	2026-01-15 19:23:52 -06:00
Nathan	4dbffa89c2	help	2026-01-15 19:16:24 -06:00
Nathan	c89816839a	help	2026-01-15 19:06:50 -06:00
Nathan	b5b1e07f3a	option	2026-01-15 18:53:34 -06:00
Nathan	340ea873ce	option	2026-01-15 18:51:43 -06:00
Nathan	1fa30bdb94	option	2026-01-15 18:49:46 -06:00
Nathan	f480a1f8c9	lots	2026-01-15 18:47:31 -06:00
Nathan	fd3f3639bd	try	2026-01-14 15:49:11 -06:00
Nathan	be4f0c5e6b	try	2026-01-14 15:28:25 -06:00
Nathan	46f546a0e0	ssh key	2026-01-12 15:24:08 -06:00
Nathan	22535fbbaf	ollama gpu	2026-01-11 22:25:28 -06:00
Nathan	10cf6bba46	fix homebox	2026-01-11 21:44:12 -06:00
Nathan	f07c4ae0d3	fix homebox	2026-01-11 21:02:39 -06:00
Nathan	c1f8c704b3	fix homebox	2026-01-11 20:43:00 -06:00
Nathan	0aa7f459dd	update machines	2026-01-11 20:32:16 -06:00
Nathan	15dfb83bb7	propare homebox	2026-01-11 18:08:00 -06:00
Nathan	6b8a9a2152	propare homebox	2026-01-11 17:45:06 -06:00
Nathan	482f1b5912	propare homebox	2026-01-11 17:35:19 -06:00
Nathan	78277afa8a	propare homebox	2026-01-11 17:33:24 -06:00
Nathan	680454c6b2	propare homebox	2026-01-11 17:32:04 -06:00
Nathan	ec1a12e2a1	propare homebox	2026-01-11 17:24:24 -06:00
Nathan	960af2d43b	propare homebox	2026-01-11 17:19:52 -06:00
Nathan	a7e636e7a2	propare homebox	2026-01-11 17:18:05 -06:00
Nathan	099b8e40b2	prepare homebox	2026-01-11 17:15:15 -06:00
Nathan	32bf3e0bc0	propare homebox	2026-01-11 17:14:29 -06:00
Nathan	905de63f78	lock	2026-01-11 14:26:13 -06:00