bootstrapping

.github/workflows/kernel_packages_update.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Update ZFS package to match the latest supported Linux kernel version
+
+echo "geting latest ZFS version"
+raw_zfs_max_kernel_version=$(curl -s https://raw.githubusercontent.com/openzfs/zfs/master/META | grep Linux-Maximum | cut -d" " -f2)
+
+zfs_max_kernel_version="${raw_zfs_max_kernel_version//./_}"
+
+echo "geting latest ZFS version"
+
+
+if grep "linuxPackages_$zfs_max_kernel_version" systems/common/global/default.nix; then
+    echo "No changes needed"
+    exit 0
+fi
+
+sed -i "s/linuxPackages_6_[0-9]\+/linuxPackages_$zfs_max_kernel_version/" systems/common/global/default.nix
+
+# Commit the changes
+git config user.name "GitHub Actions Bot"
+git config user.email "<>"
+git add systems/common/global/default.nix
+git commit -m "Update Linux kernel and ZFS packages"

.github/workflows/kernel_packages_update.yml

@@ -0,0 +1,27 @@
+name: Kernel Packages Update
+
+on:
+  schedule:
+    - cron: "0 0 * * *"
+  workflow_dispatch:
+
+jobs:
+  create-pull-request:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Make changes
+        run: bash ${GITHUB_WORKSPACE}/.github/workflows/kernel_packages_update.sh
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v7
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: Base linuxPackages update
+          title: Base linuxPackages update
+          body: |
+            Update linuxPackages
+          branch: daily-update
+          delete-branch: true

.vscode/settings.json

@@ -60,7 +60,6 @@
     "extest",
     "fastforwardteam",
     "FASTFOX",
-    "ffmpegthumbnailer",
     "filebot",
     "filebrowser",
     "fileroller",
@@ -98,7 +97,6 @@
     "isal",
     "jnoortheen",
     "jsbc",
-    "kagi",
     "kuma",
     "levelname",
     "libglvnd",
@@ -124,7 +122,6 @@
     "mountpoints",
     "mousewheel",
     "mtxr",
-    "muninn",
     "ncdu",
     "nemo",
     "neofetch",
@@ -161,10 +158,8 @@
     "pipewire",
     "pkgs",
     "plugdev",
-    "poppler",
     "posixacl",
     "primarycache",
-    "prismlauncher",
     "privatebrowsing",
     "PRIVOXY",
     "prowlarr",
@@ -228,7 +223,6 @@
     "uaccess",
     "ublock",
     "uitour",
-    "unrar",
     "unsubmitted",
     "urlbar",
     "urlclassifier",
@@ -247,7 +241,6 @@
     "Workqueues",
     "xattr",
     "xhci",
-    "yazi",
     "yubikey",
     "yubioath",
     "yzhang",

common/global/default.nix

@@ -2,6 +2,7 @@
   inputs,
   lib,
   outputs,
+  pkgs,
   ...
 }:
 {
@@ -9,7 +10,6 @@
     inputs.home-manager.nixosModules.home-manager
     ./docker.nix
     ./fail2ban.nix
-    ./fonts.nix
     ./libs.nix
     ./locale.nix
     ./nh.nix
@@ -19,7 +19,10 @@
     ./snapshot_manager.nix
   ];
 
-  boot.tmp.useTmpfs = true;
+  boot = {
+    kernelPackages = lib.mkDefault pkgs.linuxPackages_6_10;
+    tmp.useTmpfs = true;
+  };
 
   hardware.enableRedistributableFirmware = true;
 
@@ -29,12 +32,7 @@
     extraSpecialArgs = {inherit inputs outputs;};
   };
 
-  nixpkgs = {
+  nixpkgs.config.allowUnfree = true;
-    overlays = builtins.attrValues outputs.overlays;
-    config = {
-      allowUnfree = true;
-    };
-  };
 
   programs = {
     zsh.enable = true;

common/global/fonts.nix

@@ -1,10 +0,0 @@
-{ pkgs, ... }:
-{
-  fonts = {
-    fontconfig.enable = true;
-    enableDefaultPackages = true;
-    packages = with pkgs; [
-      nerdfonts
-    ];
-  };
-}

common/optional/desktop.nix

@@ -1,9 +1,4 @@
-{ lib, pkgs, ... }:
 {
-  boot = {
-    kernelPackages = lib.mkDefault pkgs.master.linuxPackages_zen;
-    zfs.package = pkgs.master.zfs_unstable;
-  };
   services = {
     desktopManager.plasma6.enable = true;
     xserver = {

flake.lock

@@ -9,11 +9,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1730520198,
+        "lastModified": 1729414746,
-        "narHash": "sha256-0G4QIsCmQyfwdWUws7UDZQYcCn5l9m42AE9c3Ak0+DY=",
+        "narHash": "sha256-B7wGWFjIL6/BllPaTXyp31srxG7+4I0hlsBkL6S8pIM=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "ca0f5e3fd8a37605a6960fee549f6b79d3f83c28",
+        "rev": "7bd3068e495e1f430e1a640b5f9ee683e4e5e616",
         "type": "gitlab"
       },
       "original": {
@@ -79,11 +79,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730490306,
+        "lastModified": 1729414726,
-        "narHash": "sha256-AvCVDswOUM9D368HxYD25RsSKp+5o0L0/JHADjLoD38=",
+        "narHash": "sha256-Dtmm1OU8Ymiy9hVWn/a2B8DhRYo9Eoyx9veERdOBR4o=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "1743615b61c7285976f85b303a36cdf88a556503",
+        "rev": "fe56302339bb28e3471632379d733547caec8103",
         "type": "github"
       },
       "original": {
@@ -124,11 +124,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1730511796,
+        "lastModified": 1729388162,
-        "narHash": "sha256-+ZBaUiJWig7LumIKi1fOExUke8XubkKJUlcrEa+UN+M=",
+        "narHash": "sha256-ARCVRKnANfAb1iwGVpNOujXTXsTdyHz80ocFxjpswv8=",
         "owner": "lilyinstarlight",
         "repo": "nixos-cosmic",
-        "rev": "1d5a818e3b5188f6aa106eed5f66e454787c5d70",
+        "rev": "1bfff37ff0178721ff4c0a7ed2fb39689b8db796",
         "type": "github"
       },
       "original": {
@@ -139,11 +139,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1730537918,
+        "lastModified": 1729417461,
-        "narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=",
+        "narHash": "sha256-p0j/sUs7noqZw0W+SEuZXskzOfgOH7yY80ksIM0fCi4=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "f6e0cd5c47d150c4718199084e5764f968f1b560",
+        "rev": "8f38d8a4754cf673c2609c4ed399630db87e678b",
         "type": "github"
       },
       "original": {
@@ -155,11 +155,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1730200266,
+        "lastModified": 1729256560,
-        "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
+        "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
+        "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0",
         "type": "github"
       },
       "original": {
@@ -169,29 +169,13 @@
         "type": "github"
       }
     },
-    "nixpkgs-master": {
-      "locked": {
-        "lastModified": 1730587346,
-        "narHash": "sha256-YAzfNPNFtztrOYe1Nhi6cTiT7kedRwmlfpijA9T2uuk=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "a8ffc2295c358629bc1bda569bf8b3bbb21aa1be",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "master",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1730327045,
+        "lastModified": 1729181673,
-        "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=",
+        "narHash": "sha256-LDiPhQ3l+fBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "080166c15633801df010977d9d7474b4a6c549d7",
+        "rev": "4eb33fe664af7b41a4c446f87d20c9a0a6321fa3",
         "type": "github"
       },
       "original": {
@@ -203,11 +187,11 @@
     },
     "nixpkgs-stable_2": {
       "locked": {
-        "lastModified": 1730327045,
+        "lastModified": 1729181673,
-        "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=",
+        "narHash": "sha256-LDiPhQ3l+fBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "080166c15633801df010977d9d7474b4a6c549d7",
+        "rev": "4eb33fe664af7b41a4c446f87d20c9a0a6321fa3",
         "type": "github"
       },
       "original": {
@@ -252,7 +236,6 @@
         "nixos-cosmic": "nixos-cosmic",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
-        "nixpkgs-master": "nixpkgs-master",
         "nixpkgs-stable": "nixpkgs-stable_2",
         "system_tools": "system_tools",
         "systems": "systems_3"
@@ -266,11 +249,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730428392,
+        "lastModified": 1729304879,
-        "narHash": "sha256-2aRfq1P0usr+TlW9LUCoefqqpPum873ac0TgZzXYHKI=",
+        "narHash": "sha256-H7KGGJUU9BcDNnfXiATBGgs6FJKWQdfftNJS+/v2aMU=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "17eda17f5596a84e92ba94160139eb70f3c3e734",
+        "rev": "b259ef799b5ac014604da71ecd92d4a52603ed2d",
         "type": "github"
       },
       "original": {
@@ -288,11 +271,11 @@
         "poetry2nix": "poetry2nix"
       },
       "locked": {
-        "lastModified": 1729617389,
+        "lastModified": 1729435836,
-        "narHash": "sha256-Q05Nhw84FprGiuQHd1ahOhKKIbxzp1rpeCqddjXUSVM=",
+        "narHash": "sha256-wDhbznFihvVh8sm93HUAeFDw0t8hoe9RGEyWBMkB4yw=",
         "owner": "RichieCahill",
         "repo": "system_tools",
-        "rev": "2a2aa711fcf67ed5e4db484e507a4a511b9b4230",
+        "rev": "84f9ef479e6561fe1daac304cddf195303d855dc",
         "type": "github"
       },
       "original": {

flake.nix

@@ -18,7 +18,6 @@
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
-    nixpkgs-master.url = "github:nixos/nixpkgs/master";
     systems.url = "github:nix-systems/default-linux";
 
     nixos-hardware.url = "github:nixos/nixos-hardware/master";
@@ -82,10 +81,6 @@
         modules = [./systems/rhapsody-in-green];
         specialArgs = {inherit inputs outputs;};
       };
-      muninn = lib.nixosSystem {
-        modules = [./systems/muninn];
-        specialArgs = {inherit inputs outputs;};
-      };
     };
   };
 }

overlays/default.nix

@@ -6,11 +6,4 @@
       config.allowUnfree = true;
     };
   };
-  # When applied, the master nixpkgs set (declared in the flake inputs) will be accessible through 'pkgs.master'
-  master = final: _prev: {
-    master = import inputs.nixpkgs-master {
-      system = final.system;
-      config.allowUnfree = true;
-    };
-  };
 }

systems/jeeves/default.nix

@@ -24,15 +24,12 @@ in
     "torrenting"
   ];
 
-  networking.firewall.allowedTCPPorts = [ 7654 ];
-
   services = {
     openssh.ports = [ 629 ];
 
     nix-serve = {
       enable = true;
       secretKeyFile = "${vars.storage_secrets}/services/nix-cache/cache-priv-key.pem";
-      openFirewall = true;
     };
 
     plex = {
@@ -41,14 +38,6 @@ in
       openFirewall = true;
     };
 
-    tang = {
-      enable = true;
-      ipAddressAllow = [
-        "192.168.98.1/24"
-        "192.168.95.1/24"
-      ];
-    };
-
     smartd.enable = true;
 
     snapshot_manager = {

systems/jeeves/docker/audiobookshelf.nix

@@ -1,19 +0,0 @@
-let
-  vars = import ../vars.nix;
-in
-{
-  virtualisation.oci-containers.containers.audiobookshelf = {
-    image = "ghcr.io/advplyr/audiobookshelf:latest";
-    volumes = [
-      "${vars.media_docker_configs}/audiobookshelf:/config"
-      "${vars.media_docker_configs}/audiobookshelf:/metadata"
-      "${vars.storage_library}/audiobooks:/audiobooks"
-      "${vars.storage_library}/books:/books"
-    ];
-    environment = {
-      TZ = "America/New_York";
-    };
-    extraOptions = [ "--network=web" ];
-    autoStart = true;
-  };
-}

systems/jeeves/docker/grafana.nix

@@ -1,12 +0,0 @@
-let
-  vars = import ../vars.nix;
-in
-{
-  virtualisation.oci-containers.containers.grafana = {
-    image = "grafana/grafana-enterprise:latest";
-    volumes = [ "${vars.media_docker_configs}/grafana:/var/lib/grafana" ];
-    user = "600:600";
-    extraOptions = [ "--network=web" ];
-    autoStart = true;
-  };
-}

systems/jeeves/docker/photoprism.nix

@@ -47,6 +47,7 @@ in
     };
     environmentFiles = ["${vars.storage_secrets}/docker/photoprism"];
     autoStart = true;
+    dependsOn = [ "photoprism_mariadb" ];
     extraOptions = [ "--network=web" ];
   };
 }

systems/jeeves/docker/prowlarr.nix

@@ -2,7 +2,9 @@ let
   vars = import ../vars.nix;
 in
 {
-  networking.firewall.allowedTCPPorts = [ 9696 ];
+  networking.firewall = {
+    allowedTCPPorts = [ 9696 ];
+  };
   virtualisation.oci-containers.containers.prowlarr = {
     image = "ghcr.io/linuxserver/prowlarr:latest";
     ports = [ "9696:9696" ];

systems/jeeves/docker/web.nix

@@ -3,6 +3,27 @@ let
 in
 {
   virtualisation.oci-containers.containers = {
+    audiobookshelf = {
+      image = "ghcr.io/advplyr/audiobookshelf:latest";
+      volumes = [
+        "${vars.media_docker_configs}/audiobookshelf:/config"
+        "${vars.media_docker_configs}/audiobookshelf:/metadata"
+        "${vars.storage_library}/audiobooks:/audiobooks"
+        "${vars.storage_library}/books:/books"
+      ];
+      environment = {
+        TZ = "America/New_York";
+      };
+      extraOptions = [ "--network=web" ];
+      autoStart = true;
+    };
+    grafana = {
+      image = "grafana/grafana-enterprise:latest";
+      volumes = [ "${vars.media_docker_configs}/grafana:/var/lib/grafana" ];
+      user = "600:600";
+      extraOptions = [ "--network=web" ];
+      autoStart = true;
+    };
     haproxy = {
       image = "haproxy:latest";
       user = "600:600";
@@ -18,7 +39,6 @@ in
         "audiobookshelf"
         "filebrowser"
         "grafana"
-        "photoprism"
         "uptime_kuma"
       ];
       extraOptions = [ "--network=web" ];

systems/jeeves/scripts/datasets.sh

@@ -3,16 +3,16 @@
 # zpools
 
 # media
-sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O compression=zstd -m /zfs/media media mirror
+sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O zstd -m /zfs/media media mirror
 sudo zpool add media -o ashift=12 special mirror
 
 # storage
-sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O compression=zstd -m /zfs/storage storage
+sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O zstd -m /zfs/storage storage
 sudo zpool add storage -o ashift=12 special mirror
 sudo zpool add storage -o ashift=12 logs mirror
 
 # torrenting
-sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O compression=zstd -m /zfs/torrenting torrenting
+sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O zstd -m /zfs/torrenting torrenting
 sudo zpool add torrenting -o ashift=12 special
 
 # media datasets

systems/muninn/default.nix

@@ -1,52 +0,0 @@
-{
-  imports = [
-    ../../users/richie
-    ../../common/global
-    ../../common/optional/desktop.nix
-    ../../common/optional/steam.nix
-    ../../common/optional/systemd-boot.nix
-    ./hardware.nix
-  ];
-
-  networking = {
-    hostName = "muninn";
-    hostId = "a43179c5";
-    firewall.enable = true;
-    networkmanager.enable = true;
-  };
-
-  hardware = {
-    pulseaudio.enable = false;
-    bluetooth = {
-      enable = true;
-      powerOnBoot = true;
-    };
-  };
-
-  security.rtkit.enable = true;
-
-  services = {
-
-    displayManager.sddm.enable = true;
-
-    openssh.ports = [ 262 ];
-
-    printing.enable = true;
-
-    pipewire = {
-      enable = true;
-      alsa.enable = true;
-      alsa.support32Bit = true;
-      pulse.enable = true;
-    };
-
-    snapshot_manager.enable = true;
-
-    zfs = {
-      trim.enable = true;
-      autoScrub.enable = true;
-    };
-  };
-
-  system.stateVersion = "24.05";
-}

systems/router/default.nix

@@ -0,0 +1,147 @@
+# https://github.com/ghostbuster91/blogposts/blob/a2374f0039f8cdf4faddeaaa0347661ffc2ec7cf/router2023-part2/main.md
+# https://francis.begyn.be/blog/nixos-home-router
+{
+  imports = [
+    ../../users/richie
+    ../../common/global
+    ../../common/optional/zerotier.nix
+    ./docker
+    ./hardware.nix
+  ];
+
+  boot.kernel = {
+    sysctl = {
+      "net.ipv4.conf.all.forwarding" = true;
+      "net.ipv6.conf.all.forwarding" = false;
+    };
+  };
+  systemd.network = {
+    wait-online.anyInterface = true;
+    networks = {
+      "30-lan0" = {
+        matchConfig.Name = "lan0";
+        linkConfig.RequiredForOnline = "enslaved";
+        networkConfig = {
+          ConfigureWithoutCarrier = true;
+        };
+      };
+      # lan1 and lan2 look analogical
+      "30-lan3" = {
+        matchConfig.Name = "lan3";
+        linkConfig.RequiredForOnline = "enslaved";
+        networkConfig = {
+          ConfigureWithoutCarrier = true;
+        };
+      };
+      "10-wan" = {
+        matchConfig.Name = "wan";
+        networkConfig = {
+          # start a DHCP Client for IPv4 Addressing/Routing
+          DHCP = "ipv4";
+          DNSOverTLS = true;
+          DNSSEC = true;
+          IPv6PrivacyExtensions = false;
+          IPForward = true;
+        };
+        # make routing on this interface a dependency for network-online.target
+        linkConfig.RequiredForOnline = "routable";
+      };
+    };
+  };
+
+  networking = {
+    hostName = "surfer";
+    useNetworkd = true;
+    useDHCP = false;
+
+    # No local firewall.
+    nat.enable = false;
+    firewall.enable = false;
+
+    nftables = {
+      enable = true;
+      ruleset = ''
+        table inet filter {
+          chain input {
+            type filter hook input priority 0; policy drop;
+
+            iifname { "br-lan" } accept comment "Allow local network to access the router"
+            iifname "wan" ct state { established, related } accept comment "Allow established traffic"
+            iifname "wan" icmp type { echo-request, destination-unreachable, time-exceeded } counter accept comment "Allow select ICMP"
+            iifname "wan" counter drop comment "Drop all other unsolicited traffic from wan"
+            iifname "lo" accept comment "Accept everything from loopback interface"
+          }
+          chain forward {
+            type filter hook forward priority filter; policy drop;
+
+            iifname { "br-lan" } oifname { "wan" } accept comment "Allow trusted LAN to WAN"
+            iifname { "wan" } oifname { "br-lan" } ct state { established, related } accept comment "Allow established back to LANs"
+          }
+        }
+
+        table ip nat {
+          chain postrouting {
+            type nat hook postrouting priority 100; policy accept;
+            oifname "wan" masquerade
+          }
+        }
+      '';
+    };
+  };
+
+  services.dnsmasq = {
+    enable = true;
+    settings = {
+      # upstream DNS servers
+      server = [ "9.9.9.9" "8.8.8.8" "1.1.1.1" ];
+      # sensible behaviours
+      domain-needed = true;
+      bogus-priv = true;
+      no-resolv = true;
+
+      # Cache dns queries.
+      cache-size = 1000;
+
+      dhcp-range = [ "br-lan,192.168.10.50,192.168.10.254,24h" ];
+      interface = "br-lan";
+      dhcp-host = "192.168.10.1";
+
+      # local domains
+      local = "/lan/";
+      domain = "lan";
+      expand-hosts = true;
+
+      # don't use /etc/hosts as this would advertise surfer as localhost
+      no-hosts = true;
+      address = "/surfer.lan/192.168.10.1";
+    };
+  };
+
+  boot.kernel = {
+    sysctl = {
+      "net.ipv4.conf.default.rp_filter" = 1;
+      "net.ipv4.conf.wan.rp_filter" = 1;
+      "net.ipv4.conf.br-lan.rp_filter" = 0;
+    };
+  };
+
+  services = {
+    openssh.ports = [ 629 ];
+
+    smartd.enable = true;
+
+    snapshot_manager = {
+      enable = true;
+      path = ./snapshot_config.toml;
+    };
+
+    sysstat.enable = true;
+
+    zfs = {
+      trim.enable = true;
+      autoScrub.enable = true;
+    };
+  };
+
+  system.stateVersion = "24.05";
+}

systems/router/hardware.nix

@@ -1,4 +1,12 @@
-{ config, lib, modulesPath, ... }:
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
 
 {
   imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
@@ -8,18 +16,19 @@
       availableKernelModules = [
         "nvme"
         "xhci_pci"
-        "thunderbolt"
+        "ahci"
+        "usbhid"
         "usb_storage"
         "sd_mod"
       ];
       kernelModules = [ ];
-      luks.devices."luks-root-pool-nvme-INTEL_SSDPEKKW256G7_BTPY63820XBH256D-part2" = {
+      luks.devices."luks-root-pool-nvme-Samsung_SSD_990_PRO_with_Heatsink_1TB_S73JNJ0X114418B-part2" = {
-        device = "/dev/disk/by-id/nvme-INTEL_SSDPEKKW256G7_BTPY63820XBH256D-part2";
+        device = "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_with_Heatsink_1TB_S73JNJ0X114418B-part2";
         bypassWorkqueues = true;
         allowDiscards = true;
       };
     };
-    kernelModules = [ "kvm-intel" ];
+    kernelModules = [ "kvm-amd" ];
     extraModulePackages = [ ];
   };
 
@@ -34,18 +43,13 @@
       fsType = "zfs";
     };
 
-    "/nix" = {
-      device = "root_pool/nix";
-      fsType = "zfs";
-    };
-
     "/var" = {
       device = "root_pool/var";
       fsType = "zfs";
     };
 
     "/boot" = {
-      device = "/dev/disk/by-uuid/12CE-A600";
+      device = "/dev/disk/by-uuid/609D-FF29";
       fsType = "vfat";
       options = [
         "fmask=0077"
@@ -56,6 +60,8 @@
 
   swapDevices = [ ];
 
+  networking.useDHCP = lib.mkDefault true;
+
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }

tools/intaller.py

@@ -110,6 +110,7 @@ def create_zfs_pool(pool_disks: Sequence[str], mnt_dir: str) -> None:
         "-O relatime=on "
         "-O xattr=sa "
         "-O mountpoint=none "
+        "-O primarycache=metadata "
         "root_pool "
     )
     if len(pool_disks) == 1:

users/richie/home/cli/default.nix

@@ -1,8 +1,8 @@
 {
   imports = [
-    ./direnv.nix
     ./git.nix
     ./zsh.nix
+    ./direnv.nix
   ];
 
   programs.starship.enable = true;

users/richie/home/gui/default.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
   imports = [
-    ./firefox
+    ./firefox.nix
     ./vscode
   ];
 
@@ -15,7 +15,6 @@
     nemo-fileroller
     obs-studio
     obsidian
-    prismlauncher
     proxychains
     prusa-slicer
     signal-desktop

users/richie/home/gui/firefox.nix

@@ -1,7 +1,9 @@
-{ inputs, ... }:
 {
-  imports = [ ./search_engines.nix ];
+  pkgs,
-
+  inputs,
+  ...
+}:
+{
   programs.firefox = {
     enable = true;
     profiles.richie = {
@@ -14,11 +16,55 @@
         sponsorblock
         ublock-origin
       ];
-      search = {
+      search.engines = {
-        force = true;
+        "Nix Options" = {
-        default = "kagi";
+          urls = [
-        order = [ "kagi" "DuckDuckGo" "Google" ];
+            {
+              template = "https://search.nixos.org/options";
+              params = [
+                {
+                  name = "type";
+                  value = "packages";
+                }
+                {
+                  name = "channel";
+                  value = "unstable";
+                }
+                {
+                  name = "query";
+                  value = "{searchTerms}";
+                }
+              ];
+            }
+          ];
+          icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+          definedAliases = [ "@o" ];
         };
+        "Nix Packages" = {
+          urls = [
+            {
+              template = "https://search.nixos.org/packages";
+              params = [
+                {
+                  name = "type";
+                  value = "packages";
+                }
+                {
+                  name = "channel";
+                  value = "unstable";
+                }
+                {
+                  name = "query";
+                  value = "{searchTerms}";
+                }
+              ];
+            }
+          ];
+          icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+          definedAliases = [ "@n" ];
+        };
+      };
+      search.force = true;
       settings = {
         # SECTION: FASTFOX
         # GENERAL

users/richie/home/gui/firefox/search_engines.nix

@@ -1,65 +0,0 @@
-{ pkgs, ... }:
-{
-  programs.firefox.profiles.richie.search.engines = {
-    "Nix Options" = {
-      urls = [
-        {
-          template = "https://search.nixos.org/options";
-          params = [
-            {
-              name = "type";
-              value = "packages";
-            }
-            {
-              name = "channel";
-              value = "unstable";
-            }
-            {
-              name = "query";
-              value = "{searchTerms}";
-            }
-          ];
-        }
-      ];
-      icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
-      definedAliases = [ "@o" ];
-    };
-    "Nix Packages" = {
-      urls = [
-        {
-          template = "https://search.nixos.org/packages";
-          params = [
-            {
-              name = "type";
-              value = "packages";
-            }
-            {
-              name = "channel";
-              value = "unstable";
-            }
-            {
-              name = "query";
-              value = "{searchTerms}";
-            }
-          ];
-        }
-      ];
-      icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
-      definedAliases = [ "@n" ];
-    };
-    "kagi" = {
-      urls = [
-        {
-          template = "https://kagi.com/search?";
-          params = [
-            {
-              name = "q";
-              value = "{searchTerms}";
-            }
-          ];
-        }
-      ];
-      icon = ./kagi.png;
-    };
-  };
-}

users/richie/home/programs.nix

@@ -5,23 +5,14 @@
     bat
     btop
     eza
-    fd
-    ffmpegthumbnailer
-    fzf
     git
     gnupg
-    imagemagick
-    jq
     ncdu
     neofetch
-    p7zip
-    poppler
     rar
     ripgrep
     starship
     tmux
-    unzip
-    yazi
     zoxide
     # system info
     hwloc

users/richie/systems/muninn.nix

@@ -1,6 +0,0 @@
-{
-  imports = [
-    ../home/global.nix
-    ../home/gui
-  ];
-}