stuff

.github/workflows/build_systems.yml

@@ -4,6 +4,8 @@ on:
   pull_request:
   push:
     branches: [main]
+  schedule:
+    - cron: "0 22 * * *"
 
 jobs:
   build:
@@ -20,6 +22,5 @@ jobs:
       - name: Build default package
         run: "nixos-rebuild build --flake ./#${{ matrix.system }}"
       - name: copy to nix-cache
-        env:
-          NIX_SSHOPTS: "-vvvv"
         run: nix copy --to ssh://jeeves .#nixosConfigurations.${{ matrix.system }}.config.system.build.toplevel
+

.github/workflows/treefmt.yml

@@ -0,0 +1,15 @@
+name: treefmt
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  treefmt:
+    name: nix fmt
+    runs-on: self-hosted
+    steps:
+      - uses: actions/checkout@v4
+      - name: runs treefmt
+        run: "treefmt --ci"

.sops.yaml

@@ -1,10 +1,10 @@
 keys:
-  - &admin_richie age1u8zj599elqqvcmhxn8zuwrufsz8w8w366d3ayrljjejljt2q45kq8mxw9c
+  - &admin_richie age1u8zj599elqqvcmhxn8zuwrufsz8w8w366d3ayrljjejljt2q45kq8mxw9c # cspell:disable-line
 
-  - &system_bob age1q47vup0tjhulkg7d6xwmdsgrw64h4ax3la3evzqpxyy4adsmk9fs56qz3y
-  - &system_jeeves age13lmqgc3jvkyah5e3vcwmj4s5wsc2akctcga0lpc0x8v8du3fxprqp4ldkv
-  - &system_router age1xzxryqq63x65yuza9lmmkud7crjjxpnkdew070yhx6xn7xe4tdws5twxsv
-  - &system_rhapsody age1ufnewppysaq2wwcl4ugngjz8pfzc5a35yg7luq0qmuqvctajcycs5lf6k4
+  - &system_bob age1q47vup0tjhulkg7d6xwmdsgrw64h4ax3la3evzqpxyy4adsmk9fs56qz3y # cspell:disable-line
+  - &system_jeeves age13lmqgc3jvkyah5e3vcwmj4s5wsc2akctcga0lpc0x8v8du3fxprqp4ldkv # cspell:disable-line
+  - &system_router age1xzxryqq63x65yuza9lmmkud7crjjxpnkdew070yhx6xn7xe4tdws5twxsv # cspell:disable-line
+  - &system_rhapsody age1ufnewppysaq2wwcl4ugngjz8pfzc5a35yg7luq0qmuqvctajcycs5lf6k4 # cspell:disable-line
 
 creation_rules:
   - path_regex: users/secrets\.yaml$

.vscode/settings.json

@@ -26,6 +26,7 @@
     "azuretools",
     "bantime",
     "bazarr",
+    "bgwriter",
     "binhex",
     "bitwarden",
     "blkdiscard",
@@ -36,20 +37,26 @@
     "captivedetect",
     "cgroupdriver",
     "charliermarsh",
+    "Checkpointing",
     "cloudflared",
+    "codellama",
     "codezombiech",
     "compactmode",
     "Compat",
     "contentblocking",
     "cookiebanners",
+    "createdb",
+    "createrole",
     "crlite",
     "cryptsetup",
+    "cuda",
     "darkreader",
     "datareporting",
     "davidanson",
     "dconf",
     "dearrow",
     "debugpy",
+    "deepseek",
     "dialout",
     "diffie",
     "direnv",
@@ -57,12 +64,16 @@
     "dnodesize",
     "dotfiles",
     "drawio",
+    "duckdns",
     "eamodio",
+    "ehci",
+    "emerg",
     "endlessh",
     "errorlens",
     "esbenp",
     "esphome",
     "extest",
+    "fadvise",
     "fastforwardteam",
     "FASTFOX",
     "ffmpegthumbnailer",
@@ -74,6 +85,7 @@
     "fmask",
     "fontconfig",
     "formfill",
+    "forwardfor",
     "foxundermoon",
     "FULLSCREEN",
     "fwupd",
@@ -98,6 +110,7 @@
     "HPKP",
     "hplip",
     "htmlaboutaddons",
+    "httpchk",
     "hurlenko",
     "hwloc",
     "INITDB",
@@ -110,6 +123,7 @@
     "jsbc",
     "kagi",
     "kuma",
+    "lazer",
     "levelname",
     "libglvnd",
     "libmysqlclient",
@@ -124,6 +138,8 @@
     "lynis",
     "mangohud",
     "markdownlint",
+    "maxconn",
+    "maxpages",
     "maxretry",
     "maxtime",
     "mechatroner",
@@ -144,22 +160,27 @@
     "Networkd",
     "networkmanager",
     "newtabpage",
+    "nixfmt",
     "nixos",
     "nixpkgs",
     "nmap",
     "noauto",
+    "nodev",
     "noecho",
     "nonsponsored",
     "Noto",
+    "nprt",
     "nvme",
     "OCSP",
     "oderwat",
+    "ollama",
     "oneshot",
     "optimise",
     "optoutstudies",
     "overalljails",
     "overscroll",
     "overseerr",
+    "partitionwise",
     "pbmode",
     "pciutils",
     "pcscd",
@@ -176,6 +197,7 @@
     "prismlauncher",
     "privatebrowsing",
     "PRIVOXY",
+    "protontricks",
     "prowlarr",
     "proxychains",
     "prusa",
@@ -195,12 +217,14 @@
     "radarr",
     "readahead",
     "receiveencrypted",
+    "recordsize",
     "Redistributable",
     "referer",
     "REFERERS",
     "relatime",
     "Rhosts",
     "ripgrep",
+    "roboto",
     "rokuecp",
     "routable",
     "rspace",
@@ -231,13 +255,16 @@
     "sysstat",
     "tabmanager",
     "tamasfe",
+    "TCPIP",
     "tiktok",
     "timonwong",
+    "titlebar",
     "tmmworkshop",
     "Tmpfs",
     "topsites",
     "topstories",
     "torrenting",
+    "treefmt",
     "twimg",
     "uaccess",
     "ublock",
@@ -245,6 +272,7 @@
     "uitour",
     "unrar",
     "unsubmitted",
+    "uptimekuma",
     "urlbar",
     "urlclassifier",
     "usbhid",
@@ -256,9 +284,11 @@
     "virt",
     "virtualisation",
     "vpnpromourl",
+    "wakeonlan",
     "webchannel",
     "WEBRTC",
     "WEBUI",
+    "wireplumber",
     "wireshark",
     "Workqueues",
     "xattr",

common/global/default.nix

@@ -31,7 +31,7 @@
   home-manager = {
     useGlobalPkgs = true;
     useUserPackages = true;
-    extraSpecialArgs = {inherit inputs outputs;};
+    extraSpecialArgs = { inherit inputs outputs; };
     backupFileExtension = "backup";
   };
 

common/global/nix.nix

@@ -2,9 +2,11 @@
   inputs,
   lib,
   ...
-}: let
+}:
+let
   flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
-in {
+in
+{
   nix = {
     settings = {
       trusted-users = [
@@ -37,7 +39,7 @@ in {
     };
 
     # Add each flake input as a registry and nix_path
-    registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
+    registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
     nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
   };
 }

common/global/snapshot_manager.nix

@@ -1,4 +1,10 @@
-{ inputs, pkgs, lib, config, ... }:
+{
+  inputs,
+  pkgs,
+  lib,
+  config,
+  ...
+}:
 let
   cfg = config.services.snapshot_manager;
 in

common/optional/printing.nix

@@ -2,6 +2,9 @@
 {
   services.printing = {
     enable = true;
-    drivers = with pkgs; [ gutenprint hplip ];
+    drivers = with pkgs; [
+      gutenprint
+      hplip
+    ];
   };
 }

common/optional/steam.nix

@@ -1,6 +1,9 @@
 { pkgs, ... }:
 {
-  environment.systemPackages = with pkgs; [mangohud steam-run];
+  environment.systemPackages = with pkgs; [
+    mangohud
+    steam-run
+  ];
   hardware.steam-hardware.enable = true;
 
   programs = {
@@ -11,7 +14,7 @@
       remotePlay.openFirewall = true;
       localNetworkGameTransfers.openFirewall = true;
       protontricks.enable = true;
-      extraCompatPackages = with pkgs; [proton-ge-bin];
+      extraCompatPackages = with pkgs; [ proton-ge-bin ];
       extest.enable = true;
     };
     gamescope = {

flake.lock

@@ -9,11 +9,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1738382607,
-        "narHash": "sha256-ppR81tMrcQk/wHm8MmKtp3mrtYmMTgF2lxLLXYwRsOM=",
+        "lastModified": 1739396257,
+        "narHash": "sha256-E+xGh25fyBLNo2FYxP4uHkTh4yh1C0AIyYpcVdW3CL0=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "dc86c8feffa328d9050e039a1286e175af6d76d8",
+        "rev": "f61927ae7c2b28ee9d426114a06f185f4dea4301",
         "type": "gitlab"
       },
       "original": {
@@ -23,22 +23,6 @@
         "type": "gitlab"
       }
     },
-    "flake-compat": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1717312683,
-        "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=",
-        "owner": "nix-community",
-        "repo": "flake-compat",
-        "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
     "flake-utils": {
       "locked": {
         "lastModified": 1629284811,
@@ -79,11 +63,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738415006,
-        "narHash": "sha256-ZlLTnqIQQ8OE6AtT+fluB642j2R9tnvxHHtpnmLjSxQ=",
+        "lastModified": 1739381933,
+        "narHash": "sha256-4gvobxITgcrNGfwsVG5a46QzQCX89btIYw23p0ilbcc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "8544cd092047a7e92d0dce011108a563de7fc0f2",
+        "rev": "15b59d4191b993ebdfcb1f61b834fced217882ba",
         "type": "github"
       },
       "original": {
@@ -114,35 +98,13 @@
         "type": "github"
       }
     },
-    "nixos-cosmic": {
-      "inputs": {
-        "flake-compat": "flake-compat",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "nixpkgs-stable": "nixpkgs-stable"
-      },
-      "locked": {
-        "lastModified": 1738343111,
-        "narHash": "sha256-y9st4Y0p5ry+6QdlIGeqxAA6rbEIOO1uXdAc5jxV2Bc=",
-        "owner": "lilyinstarlight",
-        "repo": "nixos-cosmic",
-        "rev": "51b9cce097da369550f45ac07879274dc8be81e4",
-        "type": "github"
-      },
-      "original": {
-        "owner": "lilyinstarlight",
-        "repo": "nixos-cosmic",
-        "type": "github"
-      }
-    },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1738391520,
-        "narHash": "sha256-6HI58PKjddsC0RA0gBQlt6ox47oH//jLUHwx05RO8g0=",
+        "lastModified": 1738816619,
+        "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "34b64e4e1ddb14e3ffc7db8d4a781396dbbab773",
+        "rev": "2eccff41bab80839b1d25b303b53d339fbb07087",
         "type": "github"
       },
       "original": {
@@ -154,11 +116,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1738142207,
-        "narHash": "sha256-NGqpVVxNAHwIicXpgaVqJEJWeyqzoQJ9oc8lnK9+WC4=",
+        "lastModified": 1739214665,
+        "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "9d3ae807ebd2981d593cddd0080856873139aa40",
+        "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a",
         "type": "github"
       },
       "original": {
@@ -170,11 +132,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1738422722,
-        "narHash": "sha256-Q4vhtbLYWBUnjWD4iQb003Lt+N5PuURDad1BngGKdUs=",
+        "lastModified": 1739399097,
+        "narHash": "sha256-5U1YLh8bENPGtC6j6493qs3lK0PrzZw4omMvJUFOhEI=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "102a39bfee444533e6b4e8611d7e92aa39b7bec1",
+        "rev": "154a2c1abcea99a98f8b9344dfaba019a28162bd",
         "type": "github"
       },
       "original": {
@@ -185,22 +147,6 @@
       }
     },
     "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1738163270,
-        "narHash": "sha256-B/7Y1v4y+msFFBW1JAdFjNvVthvNdJKiN6EGRPnqfno=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "59e618d90c065f55ae48446f307e8c09565d5ab0",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-stable_2": {
       "locked": {
         "lastModified": 1735563628,
         "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
@@ -248,11 +194,10 @@
       "inputs": {
         "firefox-addons": "firefox-addons",
         "home-manager": "home-manager",
-        "nixos-cosmic": "nixos-cosmic",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "nixpkgs-master": "nixpkgs-master",
-        "nixpkgs-stable": "nixpkgs-stable_2",
+        "nixpkgs-stable": "nixpkgs-stable",
         "sops-nix": "sops-nix",
         "system_tools": "system_tools",
         "systems": "systems_3"
@@ -265,11 +210,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738291974,
-        "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=",
+        "lastModified": 1739262228,
+        "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7",
+        "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
         "type": "github"
       },
       "original": {
@@ -287,11 +232,11 @@
         "poetry2nix": "poetry2nix"
       },
       "locked": {
-        "lastModified": 1738431375,
-        "narHash": "sha256-jk6JrgqNe0dEPxV2xX/pBVsrPDfWaa033LKcyERkHJw=",
+        "lastModified": 1738434563,
+        "narHash": "sha256-RE+6AgQ/Q/yFBYDPlN+jSrhEKtZLBF8xlIsz2T78K68=",
         "owner": "RichieCahill",
         "repo": "system_tools",
-        "rev": "36764189680c9be26192ee94da1a3f33f890ff0d",
+        "rev": "7cff86220ce86a1083466e2fc8b947551ab577a3",
         "type": "github"
       },
       "original": {

flake.nix

@@ -8,10 +8,10 @@
       "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
     ];
     extra-trusted-public-keys = [
-      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-      "cache.tmmworkshop.com:jHffkpgbmEdstQPoihJPYW9TQe6jnQbWR2LqkNGV3iA="
-      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-      "cache-nix-dot:Od9KN34LXc6Lu7y1ozzV1kIXZa8coClozgth/SYE7dU="
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" # cspell:disable-line
+      "cache.tmmworkshop.com:jHffkpgbmEdstQPoihJPYW9TQe6jnQbWR2LqkNGV3iA=" # cspell:disable-line
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" # cspell:disable-line
+      "cache-nix-dot:Od9KN34LXc6Lu7y1ozzV1kIXZa8coClozgth/SYE7dU=" # cspell:disable-line
     ];
   };
 
@@ -38,26 +38,22 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    nixos-cosmic = {
-      url = "github:lilyinstarlight/nixos-cosmic";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     sops-nix = {
       url = "github:Mic92/sops-nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
 
-  outputs = {
+  outputs =
+    {
       self,
       nixpkgs,
       home-manager,
       systems,
-    nixos-cosmic,
       sops-nix,
       ...
-  } @ inputs: let
+    }@inputs:
+    let
       inherit (self) outputs;
       lib = nixpkgs.lib // home-manager.lib;
       forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system});
@@ -68,31 +64,32 @@
           config.allowUnfree = true;
         }
       );
-  in {
+    in
+    {
       inherit lib;
-    overlays = import ./overlays {inherit inputs outputs;};
+      overlays = import ./overlays { inherit inputs outputs; };
 
-    devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;});
-    formatter = forEachSystem (pkgs: pkgs.alejandra);
+      devShells = forEachSystem (pkgs: import ./shell.nix { inherit pkgs; });
+      formatter = forEachSystem (pkgs: pkgs.treefmt);
 
       nixosConfigurations = {
         bob = lib.nixosSystem {
           modules = [
             ./systems/bob
           ];
-        specialArgs = {inherit inputs outputs;};
+          specialArgs = { inherit inputs outputs; };
         };
         jeeves = lib.nixosSystem {
           modules = [
             ./systems/jeeves
           ];
-        specialArgs = {inherit inputs outputs;};
+          specialArgs = { inherit inputs outputs; };
         };
         rhapsody-in-green = lib.nixosSystem {
           modules = [
             ./systems/rhapsody-in-green
           ];
-        specialArgs = {inherit inputs outputs;};
+          specialArgs = { inherit inputs outputs; };
         };
       };
     };

overlays/default.nix

@@ -1,4 +1,5 @@
-{inputs, ...}: {
+{ inputs, ... }:
+{
   # When applied, the stable nixpkgs set (declared in the flake inputs) will be accessible through 'pkgs.stable'
   stable = final: _prev: {
     stable = import inputs.nixpkgs-stable {

shell.nix

@@ -1,4 +1,8 @@
-{pkgs ? import <nixpkgs> {}, ...}: {
+{
+  pkgs ? import <nixpkgs> { },
+  ...
+}:
+{
   default = pkgs.mkShell {
     NIX_CONFIG = "extra-experimental-features = nix-command flakes ca-derivations";
     nativeBuildInputs = with pkgs; [

systems/bob/default.nix

@@ -12,8 +12,8 @@
     ../../common/optional/update.nix
     ../../common/optional/yubikey.nix
     ../../common/optional/zerotier.nix
+    ../../common/optional/nvidia.nix
     ./hardware.nix
-    ./nvidia.nix
     ./syncthing.nix
     ./games.nix
     ./llms.nix

systems/jeeves/docker/qbit.nix

@@ -3,8 +3,15 @@ let
 in
 {
   networking.firewall = {
-    allowedTCPPorts = [ 6881 8082 29432 ]; 
-    allowedUDPPorts = [ 6881 29432 ];
+    allowedTCPPorts = [
+      6881
+      8082
+      29432
+    ];
+    allowedUDPPorts = [
+      6881
+      29432
+    ];
   };
   virtualisation.oci-containers.containers.qbit = {
     image = "ghcr.io/linuxserver/qbittorrent:5.0.2";

systems/jeeves/docker/qbitvpn.nix

@@ -3,7 +3,11 @@ let
 in
 {
   networking.firewall = {
-    allowedTCPPorts = [ 6882 8081 8118 ];
+    allowedTCPPorts = [
+      6882
+      8081
+      8118
+    ];
     allowedUDPPorts = [ 6882 ];
   };
   virtualisation.oci-containers.containers.qbitvpn = {
@@ -36,7 +40,7 @@ in
       DELUGE_DAEMON_LOG_LEVEL = "debug";
       DELUGE_WEB_LOG_LEVEL = "debug";
     };
-    environmentFiles = ["${vars.storage_secrets}/docker/qbitvpn"];
+    environmentFiles = [ "${vars.storage_secrets}/docker/qbitvpn" ];
     autoStart = true;
   };
 }

systems/jeeves/hardware.nix

@@ -1,6 +1,11 @@
-{ config, lib, modulesPath, ... }:
 {
-  imports =[ (modulesPath + "/installer/scan/not-detected.nix") ];
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
 
   boot = {
     loader = {
@@ -88,22 +93,32 @@
           bypassWorkqueues = true;
           allowDiscards = true;
         };
-        "luks-storage_pool-wwn-0x5000cca23bc438dd-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bc438dd-part1";
-        "luks-storage_pool-wwn-0x5000cca23bd035f5-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bd035f5-part1";
-        "luks-storage_pool-wwn-0x5000cca23bd00ad6-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bd00ad6-part1";
-        "luks-storage_pool-wwn-0x5000cca23bcf313e-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bcf313e-part1";
-        "luks-storage_pool-wwn-0x5000cca23bcdf3b8-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bcdf3b8-part1";
-        "luks-storage_pool-wwn-0x5000cca23bd02746-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bd02746-part1";
-        "luks-storage_pool-wwn-0x5000cca23bcf9f89-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bcf9f89-part1";
-        "luks-storage_pool-wwn-0x5000cca23bd00ae9-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bd00ae9-part1";
+        "luks-storage_pool-wwn-0x5000cca23bc438dd-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bc438dd-part1";
+        "luks-storage_pool-wwn-0x5000cca23bd035f5-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bd035f5-part1";
+        "luks-storage_pool-wwn-0x5000cca23bd00ad6-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bd00ad6-part1";
+        "luks-storage_pool-wwn-0x5000cca23bcf313e-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bcf313e-part1";
+        "luks-storage_pool-wwn-0x5000cca23bcdf3b8-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bcdf3b8-part1";
+        "luks-storage_pool-wwn-0x5000cca23bd02746-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bd02746-part1";
+        "luks-storage_pool-wwn-0x5000cca23bcf9f89-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bcf9f89-part1";
+        "luks-storage_pool-wwn-0x5000cca23bd00ae9-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bd00ae9-part1";
         # Torrenting pool
         "luks-torrenting_pool-wwn-0x500a0751e6c3c01e-part1" = {
           device = "/dev/disk/by-id/wwn-0x500a0751e6c3c01e-part1";
           bypassWorkqueues = true;
           allowDiscards = true;
         };
-        "luks-torrenting_pool-wwn-0x5000cca264f080a3-part1".device = "/dev/disk/by-id/wwn-0x5000cca264f080a3-part1";
-        "luks-torrenting_pool-wwn-0x5000cca298c33ae5-part1".device = "/dev/disk/by-id/wwn-0x5000cca298c33ae5-part1";
+        "luks-torrenting_pool-wwn-0x5000cca264f080a3-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca264f080a3-part1";
+        "luks-torrenting_pool-wwn-0x5000cca298c33ae5-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca298c33ae5-part1";
         # cspell:enable
       };
     };
@@ -122,8 +137,8 @@
       fsType = "zfs";
     };
 
-    "/nix" =
-    { device = "root_pool/nix";
+    "/nix" = {
+      device = "root_pool/nix";
       fsType = "zfs";
     };
 

systems/jeeves/mxr/default.nix

@@ -0,0 +1,49 @@
+{
+  containers.mxr = {
+    autoStart = true;
+    ephemeral = true;
+    config =
+      {
+        config,
+        pkgs,
+        lib,
+        ...
+      }:
+      {
+        nix.settings = {
+          trusted-substituters = [
+            "https://cache.nixos.org"
+            "https://cache.tmmworkshop.com"
+            "https://nix-community.cachix.org"
+          ];
+          substituters = [
+            "https://cache.nixos.org/?priority=2&want-mass-query=true"
+            "https://cache.tmmworkshop.com/?priority=2&want-mass-query=true"
+            "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
+          ];
+          trusted-public-keys = [
+            "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+            "cache.tmmworkshop.com:jHffkpgbmEdstQPoihJPYW9TQe6jnQbWR2LqkNGV3iA="
+            "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+          ];
+          experimental-features = [
+            "flakes"
+            "nix-command"
+          ];
+        };
+        systemd.services.mxr = {
+          description = "mxr";
+          after = [ "network.target" ];
+          wantedBy = [ "multi-user.target" ];
+          serviceConfig = {
+            Type = "simple";
+            User = "mxr";
+            Group = "mxr";
+            ExecStart = "curl -s https://raw.githubusercontent.com/RichieCahill/mxr/refs/heads/main/tools/installer.py | ${pkgs.python313}/bin/python";
+            Restart = "on-failure";
+          };
+        };
+        system.stateVersion = "24.11";
+      };
+  };
+}

systems/jeeves/networking.nix

@@ -7,32 +7,12 @@
   };
 
   systemd.network = {
-
     enable = true;
-
-    netdevs = {
-      "20-ioit-vlan" = {
-        netdevConfig = {
-          Kind = "vlan";
-          Name = "ioit-vlan";
-        };
-        vlanConfig.Id = 20;
-      };
-      "21-internal-ioit-vlan" = {
-        netdevConfig = {
-          Kind = "vlan";
-          Name = "internal-ioit-vlan";
-        };
-        vlanConfig.Id = 21;
-      };
-    };
-
     networks = {
       "10-1GB_Primary" = {
         matchConfig.Name = "enp98s0f0";
         address = [ "192.168.95.14/24" ];
-        routes = [{ Gateway = "192.168.95.1"; }];
-        vlan = [ "ioit-vlan" "internal-ioit-vlan" ];
+        routes = [ { Gateway = "192.168.95.1"; } ];
         linkConfig.RequiredForOnline = "routable";
       };
       "10-1GB_Secondary" = {
@@ -48,19 +28,6 @@
         matchConfig.Name = "enp97s0f1np1";
         DHCP = "yes";
       };
-      "40-ioit-vlan" = {
-        matchConfig.Name = "ioit-vlan";
-        DHCP = "yes";
     };
-      "41-internal-ioit-vlan" = {
-        matchConfig.Name = "internal-ioit-vlan";
-        DHCP = "yes";
-      };
-    };
-  };
-
-  services.zerotierone = {
-    enable = true;
-    joinNetworks = [ "e4da7455b2ae64ca" ];
   };
 }

systems/jeeves/runners/default.nix

@@ -15,7 +15,6 @@
     groups.github-runners.gid = 601;
   };
 
-
   services.nix_builder.containers = {
     nix-builder-0.enable = true;
     nix-builder-1.enable = true;

systems/jeeves/runners/nix_builder.nix

@@ -7,14 +7,20 @@ let
 in
 {
   options.services.nix_builder.containers = mkOption {
-    type = types.attrsOf (types.submodule ({ name, ... }: {
+    type = types.attrsOf (
+      types.submodule (
+        { name, ... }:
+        {
           options.enable = mkEnableOption "GitHub runner container";
-    }));
-    default = {};
+        }
+      )
+    );
+    default = { };
     description = "GitHub runner container configurations";
   };
 
-  config.containers = mapAttrs (name: cfg:
+  config.containers = mapAttrs (
+    name: cfg:
     mkIf cfg.enable {
       autoStart = true;
       bindMounts = {
@@ -25,7 +31,14 @@ in
         "/secrets".mountPoint = "${vars.storage_secrets}/services/github-runners/${name}";
         "ssh-keys".mountPoint = "${vars.storage_secrets}/services/github-runners/id_ed25519_github-runners";
       };
-      config = { config, pkgs, lib, ... }: {
+      config =
+        {
+          config,
+          pkgs,
+          lib,
+          ...
+        }:
+        {
           nix.settings = {
             trusted-substituters = [
               "https://cache.nixos.org"
@@ -65,7 +78,12 @@ in
             tokenFile = "${vars.storage_secrets}/services/github-runners/${name}";
             user = "github-runners";
             group = "github-runners";
-            extraPackages = with pkgs; [ nixos-rebuild openssh ];
+            extraPackages = with pkgs; [
+              nixfmt-rfc-style
+              nixos-rebuild
+              openssh
+              treefmt
+            ];
           };
           users = {
             users.github-runners = {

systems/jeeves/services/audiobookshelf.nix

@@ -3,11 +3,8 @@ let
   vars = import ../vars.nix;
 in
 {
-  services.audiobookshelf = {
-    enable = true;
-    openFirewall = true;
-    host = "192.168.90.40";
-  };
-  systemd.services.audiobookshelf.serviceConfig.WorkingDirectory = lib.mkForce "${vars.media_docker_configs}/audiobookshelf";
+  services.audiobookshelf.enable = true;
+  systemd.services.audiobookshelf.serviceConfig.WorkingDirectory =
+    lib.mkForce "${vars.media_docker_configs}/audiobookshelf";
   users.users.audiobookshelf.home = lib.mkForce "${vars.media_docker_configs}/audiobookshelf";
 }

systems/jeeves/services/cloud_flare_tunnel.nix

@@ -15,4 +15,3 @@ in
     };
   };
 }
-

systems/jeeves/services/filebrowser.nix

@@ -6,8 +6,6 @@ let
   vars = import ../vars.nix;
 in
 {
-  networking.firewall.allowedTCPPorts = [ 8080 ];
-
   systemd.services.filebrowser = {
     description = "filebrowser";
     after = [ "network.target" ];

systems/jeeves/services/haproxy.cfg

@@ -21,8 +21,8 @@ defaults
 
 #Application Setup
 frontend ContentSwitching
-  bind *:80
-  bind *:443 ssl crt /zfs/storage/secrets/docker/cloudflare.pem
+  bind *:80 v4v6
+  bind *:443 v4v6 ssl crt /zfs/storage/secrets/docker/cloudflare.pem
   mode  http
   # tmmworkshop.com
   acl host_audiobookshelf  hdr(host) -i audiobookshelf.tmmworkshop.com
@@ -30,6 +30,7 @@ frontend ContentSwitching
   acl host_filebrowser  hdr(host) -i filebrowser.tmmworkshop.com
   acl host_homeassistant  hdr(host) -i homeassistant.tmmworkshop.com
   acl host_jellyfin  hdr(host) -i jellyfin.tmmworkshop.com
+  acl host_mxr  hdr(host) -i mxr.tmmworkshop.com
   acl host_share  hdr(host) -i share.tmmworkshop.com
   acl host_uptime_kuma  hdr(host) -i uptimekuma-jeeves.tmmworkshop.com
 
@@ -38,36 +39,41 @@ frontend ContentSwitching
   use_backend filebrowser_nodes  if host_filebrowser
   use_backend homeassistant_nodes  if host_homeassistant
   use_backend jellyfin if host_jellyfin
+  use_backend mxr_nodes  if host_mxr
   use_backend share_nodes  if host_share
   use_backend uptime_kuma_nodes  if host_uptime_kuma
 
 backend audiobookshelf_nodes
   mode http
-  server server 192.168.90.40:8000
+  server server 127.0.0.1:8000
 
 backend cache_nodes
   mode http
-  server server 192.168.90.40:5000
+  server server 127.0.0.1:5000
 
 backend filebrowser_nodes
   mode http
-  server server 192.168.90.40:8080
+  server server 127.0.0.1:8080
 
 backend homeassistant_nodes
   mode http
-  server server 192.168.95.14:8123
+  server server 127.0.0.1:8123
 
 backend jellyfin
     option httpchk
     option forwardfor
     http-check send meth GET uri /health
     http-check expect string Healthy
-    server jellyfin 192.168.95.14:8096
+    server jellyfin 127.0.0.1:8096
+
+backend mxr_nodes
+  mode http
+  server server 127.0.0.1:3000
 
 backend share_nodes
   mode http
-  server server 192.168.95.14:8091
+  server server 127.0.0.1:8091
 
 backend uptime_kuma_nodes
   mode http
-  server server 192.168.95.14:3001
+  server server 127.0.0.1:3001

systems/jeeves/services/haproxy.nix

@@ -1,5 +1,8 @@
 {
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
 
   services.haproxy = {
     enable = true;

systems/jeeves/services/home_assistant.nix

@@ -2,7 +2,7 @@ let
   vars = import ../vars.nix;
 in
 {
-  services ={
+  services = {
     home-assistant = {
       enable = true;
       openFirewall = true;
@@ -13,10 +13,10 @@ in
           server_host = [
             "192.168.95.14"
             "192.168.90.40"
-            "192.168.98.4"
+            "127.0.0.1"
           ];
           use_x_forwarded_for = true;
-          trusted_proxies = "192.168.95.0/24";
+          trusted_proxies = "127.0.0.1";
         };
         homeassistant = {
           time_zone = "America/New_York";

systems/jeeves/services/postgress.nix

@@ -0,0 +1,127 @@
+{ pkgs, ... }:
+let
+  vars = import ../vars.nix;
+in
+{
+  networking.firewall.allowedTCPPorts = [ 5432 ];
+
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_17_jit;
+    enableTCPIP = true;
+    enableJIT = true;
+    dataDir = "${vars.media_database}/postgres";
+
+    authentication = pkgs.lib.mkOverride 10 ''
+
+      #type database DBuser origin-address auth-method
+      local all       all     trust
+
+      # ipv4
+      host  all      all     127.0.0.1/32    trust
+      host  all      all     192.168.90.1/24 trust
+
+      # ipv6
+      host all       all     ::1/128         trust
+    '';
+
+    identMap = ''
+      # ArbitraryMapName systemUser DBUser
+        superuser_map      root      postgres
+        superuser_map      postgres  postgres
+        # Let other names login as themselves
+        superuser_map      richie    postgres
+    '';
+    ensureUsers = [
+      {
+        name = "postgres";
+        ensureClauses = {
+          superuser = true;
+          login = true;
+          createrole = true;
+          createdb = true;
+          replication = true;
+        };
+      }
+      {
+        name = "richie";
+        ensureClauses = {
+          superuser = true;
+          login = true;
+          createrole = true;
+          createdb = true;
+          replication = true;
+        };
+      }
+    ];
+    # Thank you NotAShelf
+    # https://github.com/NotAShelf/nyx/blob/d407b4d6e5ab7f60350af61a3d73a62a5e9ac660/modules/core/roles/server/system/services/databases/postgresql.nix#L74
+    settings = {
+      # Connectivity;
+      max_connections = 100;
+      superuser_reserved_connections = 3;
+
+      # Memory Settings;
+      shared_buffers = "1024 MB";
+      work_mem = "32 MB";
+      maintenance_work_mem = "320 MB";
+      huge_pages = "off";
+      effective_cache_size = "2 GB";
+      effective_io_concurrency = 100; # concurrent IO only really activated if OS supports posix_fadvise function;
+      random_page_cost = 1.25; # speed of random disk access relative to sequential access (1.0);
+
+      # Monitoring;
+      shared_preload_libraries = "pg_stat_statements,auto_explain"; # per statement resource usage stats & log explain statements for slow queries
+      track_io_timing = "on"; # measure exact block IO times;
+      track_functions = "pl"; # track execution times of pl-language procedures if any;
+      # Replication;
+      wal_level = "replica"; # consider using at least "replica";
+      max_wal_senders = 0;
+      synchronous_commit = "on";
+
+      # Checkpointing: ;
+      checkpoint_timeout = "15 min";
+      checkpoint_completion_target = 0.9;
+      max_wal_size = "1024 MB";
+      min_wal_size = "512 MB";
+
+      # WAL writing;
+      wal_compression = "on";
+      wal_buffers = -1; # auto-tuned by Postgres till maximum of segment size (16MB by default);
+      wal_writer_delay = "200ms";
+      wal_writer_flush_after = "1MB";
+
+      # Background writer;
+      bgwriter_delay = "200ms";
+      bgwriter_lru_maxpages = 100;
+      bgwriter_lru_multiplier = 2.0;
+      bgwriter_flush_after = 0;
+
+      # Parallel queries: ;
+      max_worker_processes = 6;
+      max_parallel_workers_per_gather = 3;
+      max_parallel_maintenance_workers = 3;
+      max_parallel_workers = 6;
+      parallel_leader_participation = "on";
+
+      # Advanced features ;
+      enable_partitionwise_join = "on";
+      enable_partitionwise_aggregate = "on";
+      jit = "on";
+
+      jit_above_cost = 100000;
+      jit_inline_above_cost = 150000;
+      jit_optimize_above_cost = 500000;
+
+      # log slow queries
+      log_min_duration_statement = 100;
+      "auto_explain.log_min_duration" = 100;
+
+      # logging configuration
+      log_connections = true;
+      log_statement = "all";
+      logging_collector = true;
+      log_disconnections = true;
+    };
+  };
+}

systems/rhapsody-in-green/default.nix

@@ -13,7 +13,6 @@
     ./hardware.nix
     ./syncthing.nix
     inputs.nixos-hardware.nixosModules.framework-13-7040-amd
-    inputs.nixos-cosmic.nixosModules.default
   ];
 
   networking = {
@@ -25,8 +24,6 @@
 
   services = {
     openssh.ports = [ 922 ];
-
-    desktopManager.cosmic.enable = true;  
   };
 
   system.stateVersion = "24.05";

systems/rhapsody-in-green/hardware.nix

@@ -1,4 +1,9 @@
-{ config, lib, modulesPath, ... }:
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
 {
   imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
 

tools/installer.py

@@ -266,7 +266,7 @@ def installer(
 
     if encrypt_key:
         pool_disks = [
-            f'/dev/mapper/luks-root-pool-{disk.split("/")[-1]}-part2' for disk in disks
+            f"/dev/mapper/luks-root-pool-{disk.split('/')[-1]}-part2" for disk in disks
         ]
     else:
         pool_disks = [f"{disk}-part2" for disk in disks]
@@ -448,7 +448,7 @@ def draw_device_menu(
     type_padding = calculate_device_menu_padding(devices, "type", padding)
     mountpoints_padding = calculate_device_menu_padding(devices, "mountpoints", padding)
 
-    device_header = f"{"Name":{name_padding}}{"Size":{size_padding}}{"Type":{type_padding}}{"Mountpoints":{mountpoints_padding}}"
+    device_header = f"{'Name':{name_padding}}{'Size':{size_padding}}{'Type':{type_padding}}{'Mountpoints':{mountpoints_padding}}"
 
     menu_width = range(menu_start_x, len(device_header) + menu_start_x)
 

treefmt.toml

@@ -0,0 +1,14 @@
+# One CLI to format the code tree - https://github.com/numtide/treefmt
+
+[global]
+# Glob patterns of files to exclude
+excludes = [".git/"]
+
+
+[formatter.nixfmt]
+# Formatter to run
+command = "nixfmt"
+# Command-line arguments for the command
+#options = []
+# Glob pattern of files to include
+includes = ["*.nix"]

users/gaming/default.nix

@@ -16,8 +16,7 @@
 
       shell = pkgs.zsh;
       group = "gaming";
-      extraGroups =
-      [
+      extraGroups = [
         "audio"
         "video"
         "users"

users/gaming/home/firefox.nix

@@ -137,7 +137,8 @@
         "permissions.default.desktop-notification" = 0; # allow websites to ask
         # PREF: allow websites to ask you for your location
         "permissions.default.geo" = 0;
-        "geo.provider.network.url" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
+        "geo.provider.network.url" =
+          "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
         "permissions.manager.defaultsUrl" = "";
         "webchannel.allowObject.urlWhitelist" = "";
 

users/richie/default.nix

@@ -2,9 +2,11 @@
   pkgs,
   config,
   ...
-}: let
+}:
+let
   ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
-in {
+in
+{
 
   sops.secrets.richie_password = {
     sopsFile = ../secrets.yaml;

users/richie/home/gui/firefox/default.nix

@@ -17,7 +17,11 @@
       search = {
         force = true;
         default = "kagi";
-        order = [ "kagi" "DuckDuckGo" "Google" ];
+        order = [
+          "kagi"
+          "DuckDuckGo"
+          "Google"
+        ];
       };
       settings = {
         # SECTION: FASTFOX
@@ -138,7 +142,8 @@
         "permissions.default.desktop-notification" = 0; # allow websites to ask
         # PREF: allow websites to ask you for your location
         "permissions.default.geo" = 0;
-        "geo.provider.network.url" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
+        "geo.provider.network.url" =
+          "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
         "permissions.manager.defaultsUrl" = "";
         "webchannel.allowObject.urlWhitelist" = "";
 

users/richie/home/gui/firefox/search_engines.nix

@@ -47,6 +47,21 @@
       icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
       definedAliases = [ "@n" ];
     };
+    "Nix Packages pr-tracker" = {
+      urls = [
+        {
+          template = "https://nixpk.gs/pr-tracker.html?";
+          params = [
+            {
+              name = "pr";
+              value = "{searchTerms}";
+            }
+          ];
+        }
+      ];
+      icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+      definedAliases = [ "@nprt" ];
+    };
     "kagi" = {
       urls = [
         {

users/richie/home/gui/kitty.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.kitty = {
     enable = true;
     font.name = "IntoneMono Nerd Font";

users/richie/home/gui/vscode/default.nix

@@ -4,8 +4,10 @@ let
 in
 {
   # mutable symlinks to key binds and settings
-  xdg.configFile."Code/User/settings.json".source = config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/settings.json";
-  xdg.configFile."Code/User/keybindings.json".source = config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/keybindings.json";
+  xdg.configFile."Code/User/settings.json".source =
+    config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/settings.json";
+  xdg.configFile."Code/User/keybindings.json".source =
+    config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/keybindings.json";
 
   home.packages = with pkgs; [ nil ];
 

users/richie/home/gui/vscode/settings.json

@@ -30,6 +30,20 @@
     "announcement": "off"
   },
 
+  // database settings
+  "sqltools.connections": [
+    {
+      "previewLimit": 50,
+      "server": "192.168.90.40",
+      "port": 5432,
+      "askForPassword": true,
+      "driver": "PostgreSQL",
+      "name": "main",
+      "database": "postgres",
+      "username": "richie"
+    }
+  ],
+
   // formatters
   "[html]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
   "[jsonc]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },

users/richie/home/programs.nix

@@ -50,7 +50,8 @@
     nix-output-monitor
     nix-prefetch
     nix-tree
-    nixpkgs-fmt
+    nixfmt-rfc-style
+    treefmt
     inputs.system_tools.packages.x86_64-linux.default
   ];
 }

users/richie/home/ssh_config.nix

@@ -16,13 +16,6 @@
         identityFile = "~/.ssh/id_ed25519";
         port = 2222;
       };
-      jeevesjr = {
-        hostname = "192.168.90.35";
-        user = "richie";
-        identityFile = "~/.ssh/id_ed25519";
-        port = 352;
-        dynamicForwards = [ { port = 9050; } ];
-      };
       bob = {
         hostname = "192.168.90.25";
         user = "richie";