bootstrapping

sorted haproxy.cfg
enabled firewall on jeeves
2026-04-21 14:49:10 -04:00 · 2024-10-25 16:54:01 -04:00 · 2024-10-25 16:50:34 -04:00 · 2024-10-25 16:50:34 -04:00 · 2024-10-25 16:50:34 -04:00 · 2024-10-25 16:50:34 -04:00
60 changed files with 503 additions and 856 deletions
--- a/.github/workflows/build_systems.yml
+++ b/.github/workflows/build_systems.yml
@@ -1,22 +0,0 @@
 name: build_jeeves
 on:
  workflow_dispatch:
  pull_request:
  push:
    branches: [main]
 jobs:
  build:
    name: build-${{ matrix.system }}
    runs-on: self-hosted
    strategy:
      matrix:
        system:
          - "bob"
          - "jeeves"
          - "muninn"
          - "rhapsody-in-green"
    steps:
      - uses: actions/checkout@v4
      - name: Build default package
        run: "nixos-rebuild build --flake ./#${{ matrix.system }}"
--- a/.github/workflows/kernel_packages_update.sh
+++ b/.github/workflows/kernel_packages_update.sh
@@ -0,0 +1,24 @@
 #!/bin/bash
 # Update ZFS package to match the latest supported Linux kernel version
 echo "geting latest ZFS version"
 raw_zfs_max_kernel_version=$(curl -s https://raw.githubusercontent.com/openzfs/zfs/master/META | grep Linux-Maximum | cut -d" " -f2)
 zfs_max_kernel_version="${raw_zfs_max_kernel_version//./_}"
 echo "geting latest ZFS version"
 if grep "linuxPackages_$zfs_max_kernel_version" systems/common/global/default.nix; then
    echo "No changes needed"
    exit 0
 fi
 sed -i "s/linuxPackages_6_[0-9]\+/linuxPackages_$zfs_max_kernel_version/" systems/common/global/default.nix
 # Commit the changes
 git config user.name "GitHub Actions Bot"
 git config user.email "<>"
 git add systems/common/global/default.nix
 git commit -m "Update Linux kernel and ZFS packages"
--- a/.github/workflows/kernel_packages_update.yml
+++ b/.github/workflows/kernel_packages_update.yml
@@ -0,0 +1,27 @@
 name: Kernel Packages Update
 on:
  schedule:
    - cron: "0 0 * * *"
  workflow_dispatch:
 jobs:
  create-pull-request:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository
        uses: actions/checkout@v4
      - name: Make changes
        run: bash ${GITHUB_WORKSPACE}/.github/workflows/kernel_packages_update.sh
      - name: Create Pull Request
        uses: peter-evans/create-pull-request@v7
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: Base linuxPackages update
          title: Base linuxPackages update
          body: |
            Update linuxPackages
          branch: daily-update
          delete-branch: true
--- a/.github/workflows/update-flake-lock.yml
+++ b/.github/workflows/update-flake-lock.yml
@@ -1,21 +0,0 @@
 name: update-flake-lock
 on:
  workflow_dispatch:
  schedule:
    - cron: "0 0 * * *"
 jobs:
  lockfile:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
      - name: Update flake.lock
        uses: DeterminateSystems/update-flake-lock@main
        with:
          pr-title: "Update flake.lock"
          pr-labels: |
            dependencies
            automated
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -16,7 +16,6 @@
    "audiobookshelf",
    "auditd",
    "autofetch",
    "autologin",
    "autopull",
    "autotrim",
    "azuretools",
@@ -26,7 +25,6 @@
    "bitwarden",
    "blkdiscard",
    "breakpad",
    "bredr",
    "btop",
    "cachix",
    "canmount",
@@ -62,7 +60,6 @@
    "extest",
    "fastforwardteam",
    "FASTFOX",
    "ffmpegthumbnailer",
    "filebot",
    "filebrowser",
    "fileroller",
@@ -73,7 +70,6 @@
    "formfill",
    "foxundermoon",
    "FULLSCREEN",
    "fwupd",
    "fxaccounts",
    "gamemode",
    "gamescope",
@@ -83,7 +79,6 @@
    "globalprivacycontrol",
    "gparted",
    "gtts",
    "hass",
    "healthreport",
    "Heatsink",
    "hediet",
@@ -102,7 +97,6 @@
    "isal",
    "jnoortheen",
    "jsbc",
    "kagi",
    "kuma",
    "levelname",
    "libglvnd",
@@ -128,7 +122,6 @@
    "mountpoints",
    "mousewheel",
    "mtxr",
    "muninn",
    "ncdu",
    "nemo",
    "neofetch",
@@ -165,10 +158,8 @@
    "pipewire",
    "pkgs",
    "plugdev",
    "poppler",
    "posixacl",
    "primarycache",
    "prismlauncher",
    "privatebrowsing",
    "PRIVOXY",
    "prowlarr",
@@ -232,13 +223,11 @@
    "uaccess",
    "ublock",
    "uitour",
    "unrar",
    "unsubmitted",
    "urlbar",
    "urlclassifier",
    "usbhid",
    "usbutils",
    "useragent",
    "usernamehw",
    "userprefs",
    "vfat",
@@ -252,7 +241,6 @@
    "Workqueues",
    "xattr",
    "xhci",
    "yazi",
    "yubikey",
    "yubioath",
    "yzhang",
--- a/build.sh
+++ b/build.sh
@@ -1,6 +0,0 @@
 #!/bin/sh
 nixos-rebuild build --flake /home/richie/projects/dotfiles#bob
 nixos-rebuild build --flake /home/richie/projects/dotfiles#jeeves
 nixos-rebuild build --flake /home/richie/projects/dotfiles#muninn
 nixos-rebuild build --flake /home/richie/projects/dotfiles#rhapsody-in-green
--- a/common/global/default.nix
+++ b/common/global/default.nix
@@ -8,8 +8,8 @@
 {
  imports = [
    inputs.home-manager.nixosModules.home-manager
    ./docker.nix
    ./fail2ban.nix
    ./fonts.nix
    ./libs.nix
    ./locale.nix
    ./nh.nix
@@ -20,9 +20,8 @@
  ];
  boot = {
    kernelPackages = lib.mkDefault pkgs.linuxPackages_6_10;
    tmp.useTmpfs = true;
    kernelPackages = lib.mkDefault pkgs.linuxPackages_6_12;
    zfs.package = lib.mkDefault pkgs.zfs;
  };
  hardware.enableRedistributableFirmware = true;
@@ -33,16 +32,12 @@
    extraSpecialArgs = {inherit inputs outputs;};
  };
-  nixpkgs = {
+  nixpkgs.config.allowUnfree = true;
    overlays = builtins.attrValues outputs.overlays;
    config = {
      allowUnfree = true;
    };
  };
-  services.fwupd.enable = true;
+  programs = {
-
+    zsh.enable = true;
-  programs.zsh.enable = true;
+    fish.enable = true;
  };
  security.auditd.enable = lib.mkDefault true;
--- a/common/optional/docker.nix
+++ b/common/optional/docker.nix
--- a/common/global/fonts.nix
+++ b/common/global/fonts.nix
@@ -1,12 +0,0 @@
 { pkgs, ... }:
 {
  fonts = {
    fontconfig.enable = true;
    enableDefaultPackages = true;
    packages = with pkgs; [
      nerd-fonts.roboto-mono
      nerd-fonts.intone-mono
      nerd-fonts.symbols-only
    ];
  };
 }
--- a/common/global/nix.nix
+++ b/common/global/nix.nix
@@ -11,21 +11,6 @@ in {
        "root"
        "@wheel"
      ];
      trusted-substituters = [
        "https://cache.nixos.org"
        "https://cache.tmmworkshop.com"
        "https://nix-community.cachix.org"
      ];
      substituters = [
        "https://cache.nixos.org/?priority=2&want-mass-query=true"
        "https://cache.tmmworkshop.com/?priority=2&want-mass-query=true"
        "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
      ];
      trusted-public-keys = [
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
        "cache.tmmworkshop.com:jHffkpgbmEdstQPoihJPYW9TQe6jnQbWR2LqkNGV3iA="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      auto-optimise-store = lib.mkDefault true;
      experimental-features = [
        "nix-command"
--- a/common/global/programs.nix
+++ b/common/global/programs.nix
@@ -2,6 +2,6 @@
 {
  environment.systemPackages = with pkgs; [
    git
-    python313
+    python312
  ];
 }
--- a/common/global/snapshot_config.toml
+++ b/common/global/snapshot_config.toml
@@ -6,8 +6,8 @@ monthly = 0
 ["root_pool/home"]
 15_min = 8
-hourly = 12
+hourly = 24
-daily = 1
+daily = 14
 monthly = 0
 ["root_pool/root"]
--- a/common/optional/desktop.nix
+++ b/common/optional/desktop.nix
@@ -1,18 +1,6 @@
 { pkgs, ... }:
 {
  boot = {
    kernelPackages = pkgs.linuxPackages_6_12;
    zfs.package = pkgs.zfs;
  };
  services = {
    displayManager.sddm = {
      enable = true;
      wayland.enable = true;
    };
    desktopManager.plasma6.enable = true;
    xserver = {
      enable = true;
      xkb = {
@@ -20,13 +8,5 @@
        variant = "";
      };
    };
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
      wireplumber.enable = true;
    };
  };
 }
--- a/common/optional/steam.nix
+++ b/common/optional/steam.nix
@@ -10,13 +10,8 @@
      gamescopeSession.enable = true;
      remotePlay.openFirewall = true;
      localNetworkGameTransfers.openFirewall = true;
      protontricks.enable = true;
      extraCompatPackages = with pkgs; [proton-ge-bin];
      extest.enable = true;
    };
    gamescope = {
      enable = true;
      capSysNice = true;
    };
  };
 }
--- a/common/optional/update.nix
+++ b/common/optional/update.nix
@@ -1,24 +1,11 @@
-{  lib, pkgs, ... }:
+{ lib, ... }:
 {
-  systemd = {
+  services.autopull = {
-    services."autopull@dotfiles" = {
+    enable = lib.mkDefault true;
-      requires = [ "multi-user.target" ];
+    repo.dotfiles = {
-      after = [ "multi-user.target" ];
+      enable = lib.mkDefault true;
-      description = "Pull the latest data for dotfiles";
+      ssh-key = lib.mkDefault "/root/.ssh/id_ed25519_ghdeploy";
-      serviceConfig = {
+      path = lib.mkDefault /root/dotfiles;
        Type = "oneshot";
        User = "root";
        WorkingDirectory = /root/dotfiles;
        ExecStart = "${pkgs.git}/bin/git pull --all --prune";
      };
    };
    timers."autopull@dotfiles" = {
      wantedBy = [ "timers.target" ];
      timerConfig = {
        OnBootSec = "1h";
        OnUnitActiveSec = "1h";
        Unit = "autopull@dotfiles.service";
      };
    };
  };
--- a/common/optional/zerotier.nix
+++ b/common/optional/zerotier.nix
@@ -3,9 +3,4 @@
    enable = true;
    joinNetworks = [ "e4da7455b2ae64ca" ];
  };
  nix.settings = {
    trusted-substituters = [ "http://192.168.90.40:5000" ];
    substituters = [ "http://192.168.90.40:5000/?priority=1&want-mass-query=true" ];
    trusted-public-keys = [ "cache.tmmworkshop.com:jHffkpgbmEdstQPoihJPYW9TQe6jnQbWR2LqkNGV3iA=" ];
  };
 }
--- a/flake.lock
+++ b/flake.lock
@@ -9,11 +9,11 @@
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1735099403,
+        "lastModified": 1729414746,
-        "narHash": "sha256-22NF70bxkMY7/IY2NG0pC7WzgJ0bI67FGSUP37d2mQ8=",
+        "narHash": "sha256-B7wGWFjIL6/BllPaTXyp31srxG7+4I0hlsBkL6S8pIM=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "5b2c380332cf5a3022fde931d0346e2b868b544e",
+        "rev": "7bd3068e495e1f430e1a640b5f9ee683e4e5e616",
        "type": "gitlab"
      },
      "original": {
@@ -59,11 +59,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1731533236,
+        "lastModified": 1710146030,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
        "type": "github"
      },
      "original": {
@@ -79,11 +79,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1735053786,
+        "lastModified": 1729414726,
-        "narHash": "sha256-Gm+0DcbUS338vvkwyYWms5jsWlx8z8MeQBzcnIDuIkw=",
+        "narHash": "sha256-Dtmm1OU8Ymiy9hVWn/a2B8DhRYo9Eoyx9veERdOBR4o=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "35b98d20ca8f4ca1f6a2c30b8a2c8bb305a36d84",
+        "rev": "fe56302339bb28e3471632379d733547caec8103",
        "type": "github"
      },
      "original": {
@@ -101,11 +101,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1729742964,
+        "lastModified": 1703863825,
-        "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
+        "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
        "owner": "nix-community",
        "repo": "nix-github-actions",
-        "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
+        "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
        "type": "github"
      },
      "original": {
@@ -124,11 +124,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1735090583,
+        "lastModified": 1729388162,
-        "narHash": "sha256-Tm+BsKXJS/EdJd9DvLxDbw+chPI1o7A9RHKIFxho36I=",
+        "narHash": "sha256-ARCVRKnANfAb1iwGVpNOujXTXsTdyHz80ocFxjpswv8=",
        "owner": "lilyinstarlight",
        "repo": "nixos-cosmic",
-        "rev": "847b93e3b63bcea9a477dd86bb4b56ce7e051f0e",
+        "rev": "1bfff37ff0178721ff4c0a7ed2fb39689b8db796",
        "type": "github"
      },
      "original": {
@@ -139,11 +139,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1734954597,
+        "lastModified": 1729417461,
-        "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=",
+        "narHash": "sha256-p0j/sUs7noqZw0W+SEuZXskzOfgOH7yY80ksIM0fCi4=",
        "owner": "nixos",
        "repo": "nixos-hardware",
-        "rev": "def1d472c832d77885f174089b0d34854b007198",
+        "rev": "8f38d8a4754cf673c2609c4ed399630db87e678b",
        "type": "github"
      },
      "original": {
@@ -155,11 +155,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1734649271,
+        "lastModified": 1729256560,
-        "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=",
+        "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507",
+        "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0",
        "type": "github"
      },
      "original": {
@@ -169,45 +169,29 @@
        "type": "github"
      }
    },
    "nixpkgs-master": {
      "locked": {
        "lastModified": 1735170897,
        "narHash": "sha256-O1OXa12dHaObowGsfiM8pgphWfSXJj5v8sTxFoPXR0A=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "138326d6e9841ab9e6161730d40e09cedd670c40",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "master",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1734875076,
+        "lastModified": 1729181673,
-        "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=",
+        "narHash": "sha256-LDiPhQ3l+fBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "1807c2b91223227ad5599d7067a61665c52d1295",
+        "rev": "4eb33fe664af7b41a4c446f87d20c9a0a6321fa3",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-24.11",
+        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-stable_2": {
      "locked": {
-        "lastModified": 1734835170,
+        "lastModified": 1729181673,
-        "narHash": "sha256-JG6n9tQET7ZLjvwjH9BdYE6pES/Alcduxv2FDXliuBM=",
+        "narHash": "sha256-LDiPhQ3l+fBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "6df924734e1b626efd70925545de844b1c25246f",
+        "rev": "4eb33fe664af7b41a4c446f87d20c9a0a6321fa3",
        "type": "github"
      },
      "original": {
@@ -232,11 +216,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1731205797,
+        "lastModified": 1723343306,
-        "narHash": "sha256-F7N1mxH1VrkVNHR3JGNMRvp9+98KYO4b832KS8Gl2xI=",
+        "narHash": "sha256-/6sRkPq7/5weX2y0V8sQ29Sz35nt8kyj+BsFtkhgbJE=",
        "owner": "nix-community",
        "repo": "poetry2nix",
-        "rev": "f554d27c1544d9c56e5f1f8e2b8aff399803674e",
+        "rev": "4a1c112ff0c67f496573dc345bd0b2247818fc29",
        "type": "github"
      },
      "original": {
@@ -252,7 +236,6 @@
        "nixos-cosmic": "nixos-cosmic",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs",
        "nixpkgs-master": "nixpkgs-master",
        "nixpkgs-stable": "nixpkgs-stable_2",
        "system_tools": "system_tools",
        "systems": "systems_3"
@@ -266,11 +249,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1735007320,
+        "lastModified": 1729304879,
-        "narHash": "sha256-NdhUgB9BkLGW9I+Q1GyUUCc3CbDgsg7HLWjG7WZBR5Q=",
+        "narHash": "sha256-H7KGGJUU9BcDNnfXiATBGgs6FJKWQdfftNJS+/v2aMU=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "fb5fdba697ee9a2391ca9ceea3b853b4e3ce37a5",
+        "rev": "b259ef799b5ac014604da71ecd92d4a52603ed2d",
        "type": "github"
      },
      "original": {
@@ -288,11 +271,11 @@
        "poetry2nix": "poetry2nix"
      },
      "locked": {
-        "lastModified": 1733083480,
+        "lastModified": 1729435836,
-        "narHash": "sha256-B13faNyBbA3MeI7Jp6pFVbp58rI2Rx5Uvd83csW2p48=",
+        "narHash": "sha256-wDhbznFihvVh8sm93HUAeFDw0t8hoe9RGEyWBMkB4yw=",
        "owner": "RichieCahill",
        "repo": "system_tools",
-        "rev": "bc357d8fabd83c1423611829091e5b1d86dd913c",
+        "rev": "84f9ef479e6561fe1daac304cddf195303d855dc",
        "type": "github"
      },
      "original": {
@@ -354,11 +337,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1730120726,
+        "lastModified": 1719749022,
-        "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=",
+        "narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15",
+        "rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -3,8 +3,8 @@
  nixConfig = {
    extra-substituters = [
-      "https://cache.nixos.org/?priority=2&want-mass-query=true"
+      "https://cache.nixos.org/?priority=1&want-mass-query=true"
-      "https://cache.tmmworkshop.com/?priority=2&want-mass-query=true"
+      "https://cache.tmmworkshop.com/?priority=1&want-mass-query=true"
      "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
    ];
    extra-trusted-public-keys = [
@@ -18,7 +18,6 @@
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
    nixpkgs-master.url = "github:nixos/nixpkgs/master";
    systems.url = "github:nix-systems/default-linux";
    nixos-hardware.url = "github:nixos/nixos-hardware/master";
@@ -82,10 +81,6 @@
        modules = [./systems/rhapsody-in-green];
        specialArgs = {inherit inputs outputs;};
      };
      muninn = lib.nixosSystem {
        modules = [./systems/muninn];
        specialArgs = {inherit inputs outputs;};
      };
    };
  };
 }
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -6,11 +6,4 @@
      config.allowUnfree = true;
    };
  };
  # When applied, the master nixpkgs set (declared in the flake inputs) will be accessible through 'pkgs.master'
  master = final: _prev: {
    master = import inputs.nixpkgs-master {
      system = final.system;
      config.allowUnfree = true;
    };
  };
 }
--- a/systems/bob/default.nix
+++ b/systems/bob/default.nix
@@ -3,13 +3,12 @@
    ../../users/richie
    ../../common/global
    ../../common/optional/desktop.nix
    ../../common/optional/docker.nix
    ../../common/optional/scanner.nix
    ../../common/optional/steam.nix
    ../../common/optional/syncthing_base.nix
    ../../common/optional/systemd-boot.nix
    ../../common/optional/yubikey.nix
    ../../common/optional/zerotier.nix
    ../../common/optional/yubikey.nix
    ./hardware.nix
    ./nvidia.nix
    ./syncthing.nix
@@ -34,10 +33,19 @@
  services = {
    displayManager.sddm.enable = true;
    openssh.ports = [ 262 ];
    printing.enable = true;
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
    };
    snapshot_manager.enable = true;
    zfs = {
--- a/systems/bob/nvidia.nix
+++ b/systems/bob/nvidia.nix
@@ -5,9 +5,8 @@
    nvidia = {
      modesetting.enable = true;
      powerManagement.enable = true;
-      package = config.boot.kernelPackages.nvidiaPackages.beta;
+      package = config.boot.kernelPackages.nvidiaPackages.production;
      nvidiaSettings = true;
      open = true;
    };
    nvidia-container-toolkit.enable = true;
  };
--- a/systems/jeeves/arch_mirror.nix
+++ b/systems/jeeves/arch_mirror.nix
@@ -0,0 +1,39 @@
 { inputs, pkgs, ... }:
 let
  vars = import ./vars.nix;
 in
 {
  users = {
    users.arch-mirror = {
      isSystemUser = true;
      group = "arch-mirror";
    };
    groups.arch-mirror = {};
  };
  virtualisation.oci-containers.containers.arch_mirror = {
    image = "ubuntu/apache2:latest";
    volumes = [
      "${../../common/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/"
      "${vars.media_mirror}:/data"
    ];
    ports = [ "800:80" ];
    extraOptions = [ "--network=web" ];
    autoStart = true;
  };
  systemd.services.sync_mirror = {
    requires = [ "network-online.target" ];
    after = [ "network-online.target" ];
    wantedBy = [ "multi-user.target" ];
    description = "validates startup";
    path = [ pkgs.rsync ];
    serviceConfig = {
      Environment = "MIRROR_DIR=${vars.media_mirror}/archlinux/";
      Type = "simple";
      User = "arch-mirror";
      Group = "arch-mirror";
      ExecStart = "${inputs.system_tools.packages.x86_64-linux.default}/bin/sync_mirror";
    };
  };
 }
--- a/systems/jeeves/default.nix
+++ b/systems/jeeves/default.nix
@@ -5,16 +5,15 @@ in
  imports = [
    ../../users/richie
    ../../common/global
    ../../common/optional/docker.nix
    ../../common/optional/ssh_decrypt.nix
    ../../common/optional/syncthing_base.nix
    ../../common/optional/zerotier.nix
    ./arch_mirror.nix
    ./docker
    ./hardware.nix
    ./home_assistant.nix
    ./networking.nix
    ./programs.nix
    ./runner.nix
    ./services.nix
    ./syncthing.nix
  ];
@@ -31,7 +30,6 @@ in
    nix-serve = {
      enable = true;
      secretKeyFile = "${vars.storage_secrets}/services/nix-cache/cache-priv-key.pem";
      openFirewall = true;
    };
    plex = {
--- a/systems/jeeves/docker/audiobookshelf.nix
+++ b/systems/jeeves/docker/audiobookshelf.nix
@@ -1,19 +0,0 @@
 let
  vars = import ../vars.nix;
 in
 {
  virtualisation.oci-containers.containers.audiobookshelf = {
    image = "ghcr.io/advplyr/audiobookshelf:latest";
    volumes = [
      "${vars.media_docker_configs}/audiobookshelf:/config"
      "${vars.media_docker_configs}/audiobookshelf:/metadata"
      "${vars.storage_library}/audiobooks:/audiobooks"
      "${vars.storage_library}/books:/books"
    ];
    environment = {
      TZ = "America/New_York";
    };
    extraOptions = [ "--network=web" ];
    autoStart = true;
  };
 }
--- a/systems/jeeves/docker/grafana.nix
+++ b/systems/jeeves/docker/grafana.nix
@@ -1,12 +0,0 @@
 let
  vars = import ../vars.nix;
 in
 {
  virtualisation.oci-containers.containers.grafana = {
    image = "grafana/grafana-enterprise:latest";
    volumes = [ "${vars.media_docker_configs}/grafana:/var/lib/grafana" ];
    user = "600:600";
    extraOptions = [ "--network=web" ];
    autoStart = true;
  };
 }
--- a/systems/jeeves/docker/haproxy.cfg
+++ b/systems/jeeves/docker/haproxy.cfg
@@ -29,7 +29,7 @@ frontend ContentSwitching
  acl host_cache  hdr(host) -i cache.tmmworkshop.com
  acl host_filebrowser  hdr(host) -i filebrowser.tmmworkshop.com
  acl host_grafana  hdr(host) -i grafana.tmmworkshop.com
-  acl host_homeassistant  hdr(host) -i homeassistant.tmmworkshop.com
+  acl host_mirror   hdr(host) -i mirror.tmmworkshop.com
  acl host_photoprism  hdr(host) -i photoprism.tmmworkshop.com
  acl host_uptime_kuma  hdr(host) -i uptimekuma-jeeves.tmmworkshop.com
@@ -37,7 +37,7 @@ frontend ContentSwitching
  use_backend cache_nodes  if host_cache
  use_backend filebrowser_nodes  if host_filebrowser
  use_backend grafana_nodes  if host_grafana
-  use_backend homeassistant_nodes  if host_homeassistant
+  use_backend mirror_nodes   if host_mirror
  use_backend photoprism_nodes  if host_photoprism
  use_backend uptime_kuma_nodes  if host_uptime_kuma
@@ -57,9 +57,9 @@ backend filebrowser_nodes
  mode http
  server server filebrowser:8080
-backend homeassistant_nodes
+backend mirror_nodes
  mode http
-  server server 192.168.95.14:8123
+  server server arch_mirror:80
 backend photoprism_nodes
  mode http
--- a/systems/jeeves/docker/photoprism.nix
+++ b/systems/jeeves/docker/photoprism.nix
@@ -47,6 +47,7 @@ in
    };
    environmentFiles = ["${vars.storage_secrets}/docker/photoprism"];
    autoStart = true;
    dependsOn = [ "photoprism_mariadb" ];
    extraOptions = [ "--network=web" ];
  };
 }
--- a/systems/jeeves/docker/postgresql.nix
+++ b/systems/jeeves/docker/postgresql.nix
@@ -13,20 +13,20 @@ in
    };
  };
-  virtualisation.oci-containers.containers = {
+  # virtualisation.oci-containers.containers = {
-    postgres = {
+  #   postgres = {
-      image = "postgres:17";
+  #     image = "postgres:16";
-      ports = [ "5432:5432" ];
+  #     ports = [ "5432:5432" ];
-      volumes = [ "${vars.media_database}/postgres:/var/lib/postgresql/data" ];
+  #     volumes = [ "${vars.media_database}/postgres:/var/lib/postgresql/data" ];
-      environment = {
+  #     environment = {
-        POSTGRES_USER = "admin";
+  #       POSTGRES_USER = "admin";
-        POSTGRES_DB = "archive";
+  #       POSTGRES_DB = "archive";
-        POSTGRES_INITDB_ARGS = "--auth-host=scram-sha-256";
+  #       POSTGRES_INITDB_ARGS = "--auth-host=scram-sha-256";
-      };
+  #     };
-      environmentFiles = [ "${vars.storage_secrets}/docker/postgres" ];
+  #     environmentFiles = [/root/secrets/docker/postgres];
-      autoStart = true;
+  #     autoStart = true;
-      user = "postgres:postgres";
+  #     user = "postgres:postgres";
-    };
+  #   };
-  };
+  # };
 }
--- a/systems/jeeves/docker/prowlarr.nix
+++ b/systems/jeeves/docker/prowlarr.nix
@@ -0,0 +1,19 @@
 let
  vars = import ../vars.nix;
 in
 {
  networking.firewall = {
    allowedTCPPorts = [ 9696 ];
  };
  virtualisation.oci-containers.containers.prowlarr = {
    image = "ghcr.io/linuxserver/prowlarr:latest";
    ports = [ "9696:9696" ];
    environment = {
      PUID = "600";
      PGID = "100";
      TZ = "America/New_York";
    };
    volumes = [ "${vars.media_docker_configs}/prowlarr:/config" ];
    autoStart = true;
  };
 }
--- a/systems/jeeves/docker/qbit.nix
+++ b/systems/jeeves/docker/qbit.nix
@@ -4,10 +4,10 @@ in
 {
  networking.firewall = {
    allowedTCPPorts = [ 6881 8082 29432 ]; 
-    allowedUDPPorts = [ 6881 29432 ];
+    allowedUDPPorts = [ 6881 ];
  };
  virtualisation.oci-containers.containers.qbit = {
-    image = "ghcr.io/linuxserver/qbittorrent:5.0.2";
+    image = "ghcr.io/linuxserver/qbittorrent:latest";
    ports = [
      "6881:6881"
      "6881:6881/udp"
--- a/systems/jeeves/docker/qbitvpn.nix
+++ b/systems/jeeves/docker/qbitvpn.nix
@@ -7,8 +7,7 @@ in
    allowedUDPPorts = [ 6882 ];
  };
  virtualisation.oci-containers.containers.qbitvpn = {
-    image = "binhex/arch-qbittorrentvpn:5.0.3-1-01";
+    image = "binhex/arch-qbittorrentvpn:latest";
    devices = [ "/dev/net/tun:/dev/net/tun" ];
    extraOptions = [ "--cap-add=NET_ADMIN" ];
    ports = [
      "6882:6881"
--- a/systems/jeeves/docker/sonarr.nix
+++ b/systems/jeeves/docker/sonarr.nix
@@ -0,0 +1,21 @@
 let
  vars = import ../vars.nix;
 in
 {
  networking.firewall.allowedTCPPorts = [ 9696 8989 ];
  virtualisation.oci-containers.containers.sonarr = {
    image = "ghcr.io/linuxserver/sonarr:latest";
    ports = [ "8989:8989" ];
    environment = {
      PUID = "600";
      PGID = "100";
      TZ = "America/New_York";
    };
    volumes = [
      "${vars.media_docker_configs}/sonarr:/config"
      "${vars.storage_plex}/tv:/tv"
      "${vars.torrenting_qbitvpn}:/data"
    ];
    autoStart = true;
  };
 }
--- a/systems/jeeves/docker/reverse_proxy.nix
+++ b/systems/jeeves/docker/reverse_proxy.nix
@@ -3,6 +3,27 @@ let
 in
 {
  virtualisation.oci-containers.containers = {
    audiobookshelf = {
      image = "ghcr.io/advplyr/audiobookshelf:latest";
      volumes = [
        "${vars.media_docker_configs}/audiobookshelf:/config"
        "${vars.media_docker_configs}/audiobookshelf:/metadata"
        "${vars.storage_library}/audiobooks:/audiobooks"
        "${vars.storage_library}/books:/books"
      ];
      environment = {
        TZ = "America/New_York";
      };
      extraOptions = [ "--network=web" ];
      autoStart = true;
    };
    grafana = {
      image = "grafana/grafana-enterprise:latest";
      volumes = [ "${vars.media_docker_configs}/grafana:/var/lib/grafana" ];
      user = "600:600";
      extraOptions = [ "--network=web" ];
      autoStart = true;
    };
    haproxy = {
      image = "haproxy:latest";
      user = "600:600";
@@ -14,10 +35,10 @@ in
        "${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg"
      ];
      dependsOn = [
        "arch_mirror"
        "audiobookshelf"
        "filebrowser"
        "grafana"
        "photoprism"
        "uptime_kuma"
      ];
      extraOptions = [ "--network=web" ];
--- a/systems/jeeves/home_assistant.nix
+++ b/systems/jeeves/home_assistant.nix
@@ -1,11 +1,7 @@
 let
  vars = import ./vars.nix;
 in
 {
  services.home-assistant = {
    enable = true;
    openFirewall = true;
    configDir = vars.media_home_assistant;
    config = {
      http = {
        server_port = 8123;
@@ -15,7 +11,7 @@ in
          "192.168.98.4"
        ];
        use_x_forwarded_for = true;
-        trusted_proxies = "172.18.0.0/24";
+        trusted_proxies = "172.100.0.4";
      };
      homeassistant = {
        time_zone = "America/New_York";
@@ -38,10 +34,6 @@ in
      sun = { };
      webhook = { };
      zeroconf = { };
      automation = "!include automations.yaml";
      script = "!include scripts.yaml";
      scene = "!include scenes.yaml";
      group = "!include groups.yaml";
    };
    extraPackages =
      python3Packages: with python3Packages; [
--- a/systems/jeeves/networking.nix
+++ b/systems/jeeves/networking.nix
@@ -23,8 +23,7 @@
    networks = {
      "10-1GB_Primary" = {
        matchConfig.Name = "enp98s0f0";
-        address = [ "192.168.95.14/24" ];
+        DHCP = "yes";
        routes = [{ Gateway = "192.168.95.1"; }];
        vlan = [ "ioit-vlan" ];
        linkConfig.RequiredForOnline = "routable";
      };
--- a/systems/jeeves/runner.nix
+++ b/systems/jeeves/runner.nix
@@ -1,29 +0,0 @@
 { pkgs, ... }:
 let
  vars = import ./vars.nix;
 in
 {
  users = {
    users.github-runners = {
      isSystemUser = true;
      group = "github-runners";
      uid = 601;
    };
    groups.github-runners = {
      gid = 601;
    };
  };
  services.github-runners.nix_builder = {
    enable = true;
    replace = true;
    workDir = "/zfs/media/github-runners/nix_builder/";
    url = "https://github.com/RichieCahill/dotfiles";
    extraLabels = [ "nixos" ];
    tokenFile = "${vars.storage_secrets}/services/github_runners/nix_builder";
    user = "github-runners";
    group = "github-runners";
    extraPackages = [ pkgs.nixos-rebuild ];
    # extraEnvironment
  };
 }
--- a/systems/jeeves/scripts/datasets.sh
+++ b/systems/jeeves/scripts/datasets.sh
@@ -3,27 +3,26 @@
 # zpools
 # media
-sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O compression=zstd -m /zfs/media media mirror
+sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O zstd -m /zfs/media media mirror
 sudo zpool add media -o ashift=12 special mirror
 # storage
-sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O compression=zstd -m /zfs/storage storage
+sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O zstd -m /zfs/storage storage
 sudo zpool add storage -o ashift=12 special mirror
 sudo zpool add storage -o ashift=12 logs mirror
 # torrenting
-sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O compression=zstd -m /zfs/torrenting torrenting
+sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O zstd -m /zfs/torrenting torrenting
 sudo zpool add torrenting -o ashift=12 special
 # media datasets
 sudo zfs create -o compression=zstd-9 media/docker
 sudo zfs create -o recordsize=1M -o compression=zstd-19 media/library
 sudo zfs create -o compression=zstd-9 -o sync=disabled media/github-runners
 sudo zfs create -o exec=off media/minio
 sudo zfs create -o exec=off media/mirror
 sudo zfs create -o copies=3 media/notes
 sudo zfs create -o recordsize=16k -o primarycache=metadata -o mountpoint=/zfs/media/database/photoprism_mariadb media/photoprism_mariadb
 sudo zfs create -o compression=zstd-9 media/plex
 sudo zfs create -o compression=zstd-19 media/home_assistant
 sudo zfs create -o recordsize=16k -o primarycache=metadata -o mountpoint=/zfs/media/database/postgres media/postgres
 # storage datasets
--- a/systems/jeeves/vars.nix
+++ b/systems/jeeves/vars.nix
@@ -12,7 +12,6 @@ in
  media_mirror = "${zfs_media}/mirror";
  media_notes = "${zfs_media}/notes";
  media_plex = "${zfs_media}/plex";
  media_home_assistant = "${zfs_media}/home_assistant";
  # storage
  storage_main = "${zfs_storage}/main";
  storage_photos = "${zfs_storage}/photos";
--- a/systems/muninn/default.nix
+++ b/systems/muninn/default.nix
@@ -1,62 +0,0 @@
 { inputs, pkgs, ... }:
 {
  imports = [
    ../../users/gaming
    ../../users/richie
    ../../common/global
    ../../common/optional/desktop.nix
    ../../common/optional/steam.nix
    ../../common/optional/systemd-boot.nix
    ../../common/optional/update.nix
    ./hardware.nix
    inputs.nixos-hardware.nixosModules.framework-11th-gen-intel
  ];
  environment.systemPackages = with pkgs; [
    plex-media-player
  ];
  networking = {
    hostName = "muninn";
    hostId = "a43179c5";
    firewall.enable = true;
    networkmanager.enable = true;
  };
  hardware = {
    pulseaudio.enable = false;
    bluetooth = {
      enable = true;
      powerOnBoot = true;
      settings.General.ControllerMode = "bredr";
    };
    firmware = [ pkgs.sof-firmware ];
  };
  security.rtkit.enable = true;
  services = {
    displayManager = {
      enable = true;
      autoLogin = {
        user = "gaming";
        enable = true;
      };
      defaultSession = "steam";
      # defaultSession = "plasma";
    };
    openssh.ports = [ 295 ];
    printing.enable = true;
    snapshot_manager.enable = true;
    zfs = {
      trim.enable = true;
      autoScrub.enable = true;
    };
  };
  system.stateVersion = "24.05";
 }
--- a/systems/rhapsody-in-green/default.nix
+++ b/systems/rhapsody-in-green/default.nix
@@ -4,8 +4,6 @@
    ../../users/richie
    ../../common/global
    ../../common/optional/desktop.nix
    ../../common/optional/docker.nix
    ../../common/optional/steam.nix
    ../../common/optional/syncthing_base.nix
    ../../common/optional/systemd-boot.nix
    ../../common/optional/yubikey.nix
@@ -34,10 +32,19 @@
  services = {
    displayManager.sddm.enable = true;
    openssh.ports = [ 922 ];
    printing.enable = true;
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
    };
    snapshot_manager.enable = true;
    zfs = {
--- a/systems/router/default.nix
+++ b/systems/router/default.nix
@@ -0,0 +1,147 @@
 # https://github.com/ghostbuster91/blogposts/blob/a2374f0039f8cdf4faddeaaa0347661ffc2ec7cf/router2023-part2/main.md
 # https://francis.begyn.be/blog/nixos-home-router
 {
  imports = [
    ../../users/richie
    ../../common/global
    ../../common/optional/zerotier.nix
    ./docker
    ./hardware.nix
  ];
  boot.kernel = {
    sysctl = {
      "net.ipv4.conf.all.forwarding" = true;
      "net.ipv6.conf.all.forwarding" = false;
    };
  };
  systemd.network = {
    wait-online.anyInterface = true;
    networks = {
      "30-lan0" = {
        matchConfig.Name = "lan0";
        linkConfig.RequiredForOnline = "enslaved";
        networkConfig = {
          ConfigureWithoutCarrier = true;
        };
      };
      # lan1 and lan2 look analogical
      "30-lan3" = {
        matchConfig.Name = "lan3";
        linkConfig.RequiredForOnline = "enslaved";
        networkConfig = {
          ConfigureWithoutCarrier = true;
        };
      };
      "10-wan" = {
        matchConfig.Name = "wan";
        networkConfig = {
          # start a DHCP Client for IPv4 Addressing/Routing
          DHCP = "ipv4";
          DNSOverTLS = true;
          DNSSEC = true;
          IPv6PrivacyExtensions = false;
          IPForward = true;
        };
        # make routing on this interface a dependency for network-online.target
        linkConfig.RequiredForOnline = "routable";
      };
    };
  };
  networking = {
    hostName = "surfer";
    useNetworkd = true;
    useDHCP = false;
    # No local firewall.
    nat.enable = false;
    firewall.enable = false;
    nftables = {
      enable = true;
      ruleset = ''
        table inet filter {
          chain input {
            type filter hook input priority 0; policy drop;
            iifname { "br-lan" } accept comment "Allow local network to access the router"
            iifname "wan" ct state { established, related } accept comment "Allow established traffic"
            iifname "wan" icmp type { echo-request, destination-unreachable, time-exceeded } counter accept comment "Allow select ICMP"
            iifname "wan" counter drop comment "Drop all other unsolicited traffic from wan"
            iifname "lo" accept comment "Accept everything from loopback interface"
          }
          chain forward {
            type filter hook forward priority filter; policy drop;
            iifname { "br-lan" } oifname { "wan" } accept comment "Allow trusted LAN to WAN"
            iifname { "wan" } oifname { "br-lan" } ct state { established, related } accept comment "Allow established back to LANs"
          }
        }
        table ip nat {
          chain postrouting {
            type nat hook postrouting priority 100; policy accept;
            oifname "wan" masquerade
          }
        }
      '';
    };
  };
  services.dnsmasq = {
    enable = true;
    settings = {
      # upstream DNS servers
      server = [ "9.9.9.9" "8.8.8.8" "1.1.1.1" ];
      # sensible behaviours
      domain-needed = true;
      bogus-priv = true;
      no-resolv = true;
      # Cache dns queries.
      cache-size = 1000;
      dhcp-range = [ "br-lan,192.168.10.50,192.168.10.254,24h" ];
      interface = "br-lan";
      dhcp-host = "192.168.10.1";
      # local domains
      local = "/lan/";
      domain = "lan";
      expand-hosts = true;
      # don't use /etc/hosts as this would advertise surfer as localhost
      no-hosts = true;
      address = "/surfer.lan/192.168.10.1";
    };
  };
  boot.kernel = {
    sysctl = {
      "net.ipv4.conf.default.rp_filter" = 1;
      "net.ipv4.conf.wan.rp_filter" = 1;
      "net.ipv4.conf.br-lan.rp_filter" = 0;
    };
  };
  services = {
    openssh.ports = [ 629 ];
    smartd.enable = true;
    snapshot_manager = {
      enable = true;
      path = ./snapshot_config.toml;
    };
    sysstat.enable = true;
    zfs = {
      trim.enable = true;
      autoScrub.enable = true;
    };
  };
  system.stateVersion = "24.05";
 }
--- a/systems/router/hardware.nix
+++ b/systems/router/hardware.nix
@@ -1,4 +1,12 @@
-{ config, lib, modulesPath, ... }:
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  modulesPath,
  ...
 }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
@@ -8,20 +16,19 @@
      availableKernelModules = [
        "nvme"
        "xhci_pci"
-        "thunderbolt"
+        "ahci"
        "usbhid"
        "usb_storage"
        "sd_mod"
      ];
      kernelModules = [ ];
-      luks.devices."luks-root-pool-nvme-INTEL_SSDPEKKW256G7_BTPY63820XBH256D-part2" = {
+      luks.devices."luks-root-pool-nvme-Samsung_SSD_990_PRO_with_Heatsink_1TB_S73JNJ0X114418B-part2" = {
-        device = "/dev/disk/by-id/nvme-INTEL_SSDPEKKW256G7_BTPY63820XBH256D-part2";
+        device = "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_with_Heatsink_1TB_S73JNJ0X114418B-part2";
        bypassWorkqueues = true;
        allowDiscards = true;
        keyFileSize = 4096;
        keyFile = "/dev/disk/by-id/usb-SanDisk_Ultra_T_C_4C530001020919102244-0:0";
      };
    };
-    kernelModules = [ "kvm-intel" ];
+    kernelModules = [ "kvm-amd" ];
    extraModulePackages = [ ];
  };
@@ -36,18 +43,13 @@
      fsType = "zfs";
    };
    "/nix" = {
      device = "root_pool/nix";
      fsType = "zfs";
    };
    "/var" = {
      device = "root_pool/var";
      fsType = "zfs";
    };
    "/boot" = {
-      device = "/dev/disk/by-uuid/12CE-A600";
+      device = "/dev/disk/by-uuid/609D-FF29";
      fsType = "vfat";
      options = [
        "fmask=0077"
@@ -58,6 +60,8 @@
  swapDevices = [ ];
  networking.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/tools/installer.py
+++ b/tools/installer.py
@@ -110,6 +110,7 @@ def create_zfs_pool(pool_disks: Sequence[str], mnt_dir: str) -> None:
        "-O relatime=on "
        "-O xattr=sa "
        "-O mountpoint=none "
        "-O primarycache=metadata "
        "root_pool "
    )
    if len(pool_disks) == 1:
--- a/users/gaming/default.nix
+++ b/users/gaming/default.nix
@@ -1,24 +0,0 @@
 {
  pkgs,
  config,
  ...
 }: 
 {
  users = {
    users.gaming = {
      isNormalUser = true;
      shell = pkgs.zsh;
      group = "gaming";
      extraGroups =
      [
        "audio"
        "video"
        "users"
      ];
      uid = 1100;
    };
    groups.gaming.gid = 1100;
  };
  home-manager.users.gaming = import ./systems/${config.networking.hostName}.nix; 
 }
--- a/users/gaming/home/global.nix
+++ b/users/gaming/home/global.nix
@@ -1,20 +0,0 @@
 { config, ... }:
 {
  imports = [
    ./programs.nix
  ];
  programs = {
    home-manager.enable = true;
    git.enable = true;
  };
  home = {
    username = "gaming";
    homeDirectory = "/home/${config.home.username}";
    stateVersion = "24.05";
    sessionVariables = {
      FLAKE = "$HOME/Projects/dotfiles";
    };
  };
 }
--- a/users/gaming/home/programs.nix
+++ b/users/gaming/home/programs.nix
@@ -1,6 +0,0 @@
 { pkgs, ... }:
 {
  home.packages = with pkgs; [
    wget
  ];
 }
--- a/users/gaming/systems/muninn.nix
+++ b/users/gaming/systems/muninn.nix
@@ -1,6 +0,0 @@
 {
  imports = [
    ../home/global.nix
    ../home/firefox.nix
  ];
 }
--- a/users/richie/default.nix
+++ b/users/richie/default.nix
@@ -23,7 +23,6 @@ in {
    ++ ifTheyExist [
      "dialout"
      "docker"
      "hass"
      "libvirtd"
      "networkmanager"
      "plugdev"
--- a/users/richie/home/cli/default.nix
+++ b/users/richie/home/cli/default.nix
@@ -1,8 +1,8 @@
 {
  imports = [
    ./direnv.nix
    ./git.nix
    ./zsh.nix
    ./direnv.nix
  ];
  programs.starship.enable = true;
--- a/users/richie/home/global.nix
+++ b/users/richie/home/global.nix
@@ -1,20 +1,35 @@
 { config, ... }:
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  imports = [
    ./cli
    ./programs.nix
    ./ssh_config.nix
  ];
  nix = {
    package = lib.mkDefault pkgs.nix;
    settings = {
      experimental-features = [
        "nix-command"
        "flakes"
        "ca-derivations"
      ];
    };
  };
  programs = {
    home-manager.enable = true;
    git.enable = true;
  };
  home = {
-    username = "richie";
+    username = lib.mkDefault "richie";
-    homeDirectory = "/home/${config.home.username}";
+    homeDirectory = lib.mkDefault "/home/${config.home.username}";
-    stateVersion = "24.05";
+    stateVersion = lib.mkDefault "24.05";
    sessionVariables = {
      FLAKE = "$HOME/Projects/dotfiles";
    };
--- a/users/richie/home/gui/default.nix
+++ b/users/richie/home/gui/default.nix
@@ -1,9 +1,8 @@
 { pkgs, ... }:
 {
  imports = [
-    ./firefox
+    ./firefox.nix
    ./vscode
    ./kitty.nix
  ];
  home.packages = with pkgs; [
@@ -16,7 +15,6 @@
    nemo-fileroller
    obs-studio
    obsidian
    prismlauncher
    proxychains
    prusa-slicer
    signal-desktop
--- a/users/richie/home/gui/firefox.nix
+++ b/users/richie/home/gui/firefox.nix
@@ -1,4 +1,8 @@
-{ inputs, ... }:
+{
  pkgs,
  inputs,
  ...
 }:
 {
  programs.firefox = {
    enable = true;
@@ -12,15 +16,56 @@
        sponsorblock
        ublock-origin
      ];
-      search = {
+      search.engines = {
-        force = true;
+        "Nix Options" = {
-        default = "Google";
+          urls = [
-        order = [ "Google" ];
+            {
              template = "https://search.nixos.org/options";
              params = [
                {
                  name = "type";
                  value = "packages";
                }
                {
                  name = "channel";
                  value = "unstable";
                }
                {
                  name = "query";
                  value = "{searchTerms}";
                }
              ];
            }
          ];
          icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
          definedAliases = [ "@o" ];
        };
        "Nix Packages" = {
          urls = [
            {
              template = "https://search.nixos.org/packages";
              params = [
                {
                  name = "type";
                  value = "packages";
                }
                {
                  name = "channel";
                  value = "unstable";
                }
                {
                  name = "query";
                  value = "{searchTerms}";
                }
              ];
            }
          ];
          icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
          definedAliases = [ "@n" ];
        };
      };
      search.force = true;
      settings = {
        # Makes Firefox use the PlayStation 5 user agent
        "general.useragent.override" = "Mozilla/5.0 (PlayStation; PlayStation 5/10.01) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15,gzip(gfe),gzip(gfe)";
        # SECTION: FASTFOX
        # GENERAL
        "content.notify.interval" = 100000;
--- a/users/richie/home/gui/firefox/default.nix
+++ b/users/richie/home/gui/firefox/default.nix
@@ -1,250 +0,0 @@
 { inputs, ... }:
 {
  imports = [ ./search_engines.nix ];
  programs.firefox = {
    enable = true;
    profiles.richie = {
      extensions = with inputs.firefox-addons.packages.x86_64-linux; [
        bitwarden
        darkreader
        dearrow
        fastforwardteam
        return-youtube-dislikes
        sponsorblock
        ublock-origin
      ];
      search = {
        force = true;
        default = "kagi";
        order = [ "kagi" "DuckDuckGo" "Google" ];
      };
      settings = {
        # SECTION: FASTFOX
        # GENERAL
        "content.notify.interval" = 100000;
        # GFX
        "gfx.canvas.accelerated.cache-items" = 4096;
        "gfx.canvas.accelerated.cache-size" = 512;
        "gfx.content.skia-font-cache-size" = 20;
        # DISK CACHE
        "browser.cache.jsbc_compression_level" = 3;
        # MEDIA CACHE
        "media.memory_cache_max_size" = 65536;
        "media.cache_readahead_limit" = 7200;
        "media.cache_resume_threshold" = 3600;
        # IMAGE CACHE
        "image.mem.decode_bytes_at_a_time" = 32768;
        # NETWORK
        "network.buffer.cache.size" = 262144;
        "network.buffer.cache.count" = 128;
        "network.http.max-connections" = 1800;
        "network.http.max-persistent-connections-per-server" = 10;
        "network.http.max-urgent-start-excessive-connections-per-host" = 5;
        "network.http.pacing.requests.enabled" = false;
        "network.dnsCacheExpiration" = 3600;
        "network.dns.max_high_priority_threads" = 8;
        "network.ssl_tokens_cache_capacity" = 10240;
        # SPECULATIVE LOADING
        "network.dns.disablePrefetch" = true;
        "network.prefetch-next" = false;
        "network.predictor.enabled" = false;
        # EXPERIMENTAL
        "layout.css.grid-template-masonry-value.enabled" = true;
        "dom.enable_web_task_scheduling" = true;
        "layout.css.has-selector.enabled" = true;
        "dom.security.sanitizer.enabled" = true;
        # SECTION: SECUREFOX
        # TRACKING PROTECTION
        "browser.contentblocking.category" = "strict";
        "urlclassifier.trackingSkipURLs" = "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com";
        "urlclassifier.features.socialtracking.skipURLs" = "*.instagram.com, *.twitter.com, *.twimg.com";
        "network.cookie.sameSite.noneRequiresSecure" = true;
        "browser.download.start_downloads_in_tmp_dir" = true;
        "browser.helperApps.deleteTempFileOnExit" = true;
        "browser.uitour.enabled" = false;
        "privacy.globalprivacycontrol.enabled" = true;
        # OCSP & CERTS / HPKP
        "security.OCSP.enabled" = 0;
        "security.remote_settings.crlite_filters.enabled" = true;
        "security.pki.crlite_mode" = 2;
        # SSL / TLS
        "security.ssl.treat_unsafe_negotiation_as_broken" = true;
        "browser.xul.error_pages.expert_bad_cert" = true;
        "security.tls.enable_0rtt_data" = false;
        # DISK AVOIDANCE
        "browser.privatebrowsing.forceMediaMemoryCache" = true;
        "browser.sessionstore.interval" = 60000;
        # SHUTDOWN & SANITIZING
        "privacy.history.custom" = true;
        # SEARCH / URL BAR
        "browser.search.separatePrivateDefault.ui.enabled" = true;
        "browser.urlbar.update2.engineAliasRefresh" = true;
        # PREF: restore search engine suggestions
        "browser.search.suggest.enabled" = true;
        "browser.urlbar.suggest.quicksuggest.sponsored" = false;
        "browser.urlbar.suggest.quicksuggest.nonsponsored" = false;
        "browser.formfill.enable" = false;
        "security.insecure_connection_text.enabled" = true;
        "security.insecure_connection_text.pbmode.enabled" = true;
        "network.IDN_show_punycode" = true;
        # HTTPS-FIRST POLICY
        "dom.security.https_first" = true;
        "dom.security.https_first_schemeless" = true;
        # PASSWORDS
        "signon.formlessCapture.enabled" = false;
        "signon.rememberSignons" = false;
        "signon.privateBrowsingCapture.enabled" = false;
        "network.auth.subresource-http-auth-allow" = 1;
        "editor.truncate_user_pastes" = false;
        # MIXED CONTENT + CROSS-SITE
        "security.mixed_content.block_display_content" = true;
        "security.mixed_content.upgrade_display_content" = true;
        "security.mixed_content.upgrade_display_content.image" = true;
        "pdfjs.enableScripting" = false;
        "extensions.postDownloadThirdPartyPrompt" = false;
        # HEADERS / REFERERS
        "network.http.referer.XOriginTrimmingPolicy" = 2;
        # CONTAINERS
        "privacy.userContext.ui.enabled" = true;
        # WEBRTC
        "media.peerconnection.ice.proxy_only_if_behind_proxy" = true;
        "media.peerconnection.ice.default_address_only" = true;
        # SAFE BROWSING
        "browser.safebrowsing.downloads.remote.enabled" = false;
        # MOZILLA
        # PREF: allow websites to ask you to receive site notifications
        "permissions.default.desktop-notification" = 0; # allow websites to ask
        # PREF: allow websites to ask you for your location
        "permissions.default.geo" = 0;
        "geo.provider.network.url" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
        "permissions.manager.defaultsUrl" = "";
        "webchannel.allowObject.urlWhitelist" = "";
        # TELEMETRY
        "datareporting.policy.dataSubmissionEnabled" = false;
        "datareporting.healthreport.uploadEnabled" = false;
        "toolkit.telemetry.unified" = false;
        "toolkit.telemetry.enabled" = false;
        "toolkit.telemetry.server" = "data:,";
        "toolkit.telemetry.archive.enabled" = false;
        "toolkit.telemetry.newProfilePing.enabled" = false;
        "toolkit.telemetry.shutdownPingSender.enabled" = false;
        "toolkit.telemetry.updatePing.enabled" = false;
        "toolkit.telemetry.bhrPing.enabled" = false;
        "toolkit.telemetry.firstShutdownPing.enabled" = false;
        "toolkit.telemetry.coverage.opt-out" = true;
        "toolkit.coverage.opt-out" = true;
        "toolkit.coverage.endpoint.base" = "";
        "browser.ping-centre.telemetry" = false;
        "browser.newtabpage.activity-stream.feeds.telemetry" = false;
        "browser.newtabpage.activity-stream.telemetry" = false;
        # EXPERIMENTS
        "app.shield.optoutstudies.enabled" = false;
        "app.normandy.enabled" = false;
        "app.normandy.api_url" = "";
        # CRASH REPORTS
        "breakpad.reportURL" = "";
        "browser.tabs.crashReporting.sendReport" = false;
        "browser.crashReports.unsubmittedCheck.autoSubmit2" = false;
        # DETECTION
        "captivedetect.canonicalURL" = "";
        "network.captive-portal-service.enabled" = false;
        "network.connectivity-service.enabled" = false;
        # SECTION: PESKYFOX
        # MOZILLA UI
        "browser.privatebrowsing.vpnpromourl" = "";
        "extensions.getAddons.showPane" = false;
        "extensions.htmlaboutaddons.recommendations.enabled" = false;
        "browser.discovery.enabled" = false;
        "browser.shell.checkDefaultBrowser" = false;
        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false;
        "browser.preferences.moreFromMozilla" = false;
        "browser.tabs.tabmanager.enabled" = false;
        "browser.aboutConfig.showWarning" = false;
        "browser.aboutwelcome.enabled" = false;
        # THEME ADJUSTMENTS
        "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
        "browser.compactmode.show" = true;
        "browser.display.focus_ring_on_anything" = true;
        "browser.display.focus_ring_style" = 0;
        "browser.display.focus_ring_width" = 0;
        "layout.css.prefers-color-scheme.content-override" = 2;
        # COOKIE BANNER HANDLING
        "cookiebanners.service.mode" = 1;
        "cookiebanners.service.mode.privateBrowsing" = 1;
        # FULLSCREEN NOTICE
        "full-screen-api.transition-duration.enter" = "0 0";
        "full-screen-api.transition-duration.leave" = "0 0";
        "full-screen-api.warning.delay" = -1;
        "full-screen-api.warning.timeout" = 0;
        # URL BAR
        "browser.urlbar.suggest.calculator" = true;
        "browser.urlbar.unitConversion.enabled" = true;
        "browser.urlbar.trending.featureGate" = false;
        # NEW TAB PAGE
        "browser.newtabpage.activity-stream.feeds.topsites" = false;
        "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
        # POCKET
        "extensions.pocket.enabled" = false;
        # DOWNLOADS
        "browser.download.always_ask_before_handling_new_types" = true;
        "browser.download.manager.addToRecentDocs" = false;
        # PDF
        "browser.download.open_pdf_attachments_inline" = true;
        # TAB BEHAVIOR
        "browser.bookmarks.openInTabClosesMenu" = false;
        "browser.menu.showViewImageInfo" = true;
        "findbar.highlightAll" = true;
        "layout.word_select.eat_space_to_next_word" = false;
        # SECTION: MY OVERRIDES
        "browser.startup.homepage" = "https://google.com";
        "identity.fxaccounts.enabled" = false;
        # SECTION SMOOTHFOX
        # OPTION: SHARPEN SCROLLING                                                           *
        "apz.overscroll.enabled" = true; # DEFAULT NON-LINUX
        "mousewheel.min_line_scroll_amount" = 10; # 10-40; adjust this number to your liking; default=5
        "general.smoothScroll.mouseWheel.durationMinMS" = 80; # default=50
        "general.smoothScroll.currentVelocityWeighting" = "0.15"; # default=.25
        "general.smoothScroll.stopDecelerationWeighting" = "0.6"; # default=.4
      };
    };
  };
 }
--- a/users/richie/home/gui/firefox/github.svg
+++ b/users/richie/home/gui/firefox/github.svg
@@ -1,3 +0,0 @@
 <svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
 <path fill-rule="evenodd" clip-rule="evenodd" d="M16 0C7.16 0 0 7.16 0 16C0 23.08 4.58 29.06 10.94 31.18C11.74 31.32 12.04 30.84 12.04 30.42C12.04 30.04 12.02 28.78 12.02 27.44C8 28.18 6.96 26.46 6.64 25.56C6.46 25.1 5.68 23.68 5 23.3C4.44 23 3.64 22.26 4.98 22.24C6.24 22.22 7.14 23.4 7.44 23.88C8.88 26.3 11.18 25.62 12.1 25.2C12.24 24.16 12.66 23.46 13.12 23.06C9.56 22.66 5.84 21.28 5.84 15.16C5.84 13.42 6.46 11.98 7.48 10.86C7.32 10.46 6.76 8.82 7.64 6.62C7.64 6.62 8.98 6.2 12.04 8.26C13.32 7.9 14.68 7.72 16.04 7.72C17.4 7.72 18.76 7.9 20.04 8.26C23.1 6.18 24.44 6.62 24.44 6.62C25.32 8.82 24.76 10.46 24.6 10.86C25.62 11.98 26.24 13.4 26.24 15.16C26.24 21.3 22.5 22.66 18.94 23.06C19.52 23.56 20.02 24.52 20.02 26.02C20.02 28.16 20 29.88 20 30.42C20 30.84 20.3 31.34 21.1 31.18C27.42 29.06 32 23.06 32 16C32 7.16 24.84 0 16 0V0Z" fill="white"/>
 </svg>
--- a/users/richie/home/gui/firefox/kagi.png
+++ b/users/richie/home/gui/firefox/kagi.png
--- a/users/richie/home/gui/firefox/search_engines.nix
+++ b/users/richie/home/gui/firefox/search_engines.nix
@@ -1,84 +0,0 @@
 { pkgs, ... }:
 {
  programs.firefox.profiles.richie.search.engines = {
    "Nix Options" = {
      urls = [
        {
          template = "https://search.nixos.org/options";
          params = [
            {
              name = "type";
              value = "packages";
            }
            {
              name = "channel";
              value = "unstable";
            }
            {
              name = "query";
              value = "{searchTerms}";
            }
          ];
        }
      ];
      icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
      definedAliases = [ "@o" ];
    };
    "Nix Packages" = {
      urls = [
        {
          template = "https://search.nixos.org/packages";
          params = [
            {
              name = "type";
              value = "packages";
            }
            {
              name = "channel";
              value = "unstable";
            }
            {
              name = "query";
              value = "{searchTerms}";
            }
          ];
        }
      ];
      icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
      definedAliases = [ "@n" ];
    };
    "kagi" = {
      urls = [
        {
          template = "https://kagi.com/search?";
          params = [
            {
              name = "q";
              value = "{searchTerms}";
            }
          ];
        }
      ];
      icon = ./kagi.png;
    };
    github = {
      urls = [
        {
          template = "https://github.com/search?";
          params = [
            {
              name = "q";
              value = "{searchTerms}";
            }
            {
              name = "type";
              value = "code";
            }
          ];
        }
      ];
      icon = ./github.svg;
      definedAliases = [ "@g" ];
    };
  };
 }
--- a/users/richie/home/gui/kitty.nix
+++ b/users/richie/home/gui/kitty.nix
@@ -1,12 +0,0 @@
 {pkgs, ...}: {
  programs.kitty = {
    enable = true;
    font.name = "IntoneMono Nerd Font";
    settings = {
      allow_remote_control = "no";
      shell = "${pkgs.zsh}/bin/zsh";
      wayland_titlebar_color = "background";
    };
    themeFile = "VSCode_Dark";
  };
 }
--- a/users/richie/home/programs.nix
+++ b/users/richie/home/programs.nix
@@ -5,24 +5,14 @@
    bat
    btop
    eza
    fd
    ffmpegthumbnailer
    fzf
    git
    gnupg
    imagemagick
    jq
    ncdu
    neofetch
    ouch
    p7zip
    poppler
    rar
    ripgrep
    starship
    tmux
    unzip
    yazi
    zoxide
    # system info
    hwloc
@@ -36,7 +26,7 @@
    wget
    # python
    poetry
-    python313
+    python312
    ruff
    # Rust packages
    trunk
--- a/users/richie/home/ssh_config.nix
+++ b/users/richie/home/ssh_config.nix
@@ -36,12 +36,6 @@
        identityFile = "~/.ssh/id_ed25519";
        port = 922;
      };
      muninn = {
        hostname = "192.168.98.52";
        user = "richie";
        identityFile = "~/.ssh/id_ed25519";
        port = 295;
      };      
    };
  };
 }
--- a/users/richie/systems/muninn.nix
+++ b/users/richie/systems/muninn.nix
@@ -1,6 +0,0 @@
 {
  imports = [
    ../home/global.nix
    ../home/gui
  ];
 }
Author	SHA1	Message	Date
Richie Cahill	4a456c5a06	bootstrapping	2024-10-25 16:54:01 -04:00
Richie Cahill	8d78862326	sorted haproxy.cfg	2024-10-25 16:50:34 -04:00
Richie Cahill	090c14ed47	enabled firewall on jeeves	2024-10-25 16:50:34 -04:00
Richie Cahill	cc7c44203c	enabled firewall on rhapsody-in-green	2024-10-25 16:50:34 -04:00
Richie Cahill	e5239304e7	enabled firewall on bob	2024-10-25 16:50:34 -04:00