Reworked config! Fully working for VM, needs testing with rune now.

2025-03-04 04:45:31 -05:00 · 2025-03-04 04:45:31 -05:00 · da84d1ad9a
commit da84d1ad9a
parent 91bcb23e54
144 changed files with 1975 additions and 3321 deletions
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -0,0 +1,8 @@
 {
    "explorer.fileNesting.patterns": {
        ".gitignore": ".gitattributes, .envrc, readme",
        "flake.nix": "flake.lock, shell.nix, checks.nix"
    },
    "editor.formatOnSave": true,
    "editor.formatOnSaveMode": "file"
 }
--- a/common/archive/acme/cloudflare.ini.example
+++ b/common/archive/acme/cloudflare.ini.example
@ -1 +0,0 @@
 CF_DNS_API_TOKEN=
--- a/common/archive/acme/default.nix
+++ b/common/archive/acme/default.nix
@ -1,17 +0,0 @@
 { config, lib, pkgs, ... }: {
    # letsencrypt 
    security.acme = {
        acceptTerms = true;
        defaults = {
            email = "chris@toph.cc";
            dnsProvider = "cloudflare";
            environmentFile = ./cloudflare.ini;
        };
        certs = {
            "ryot.foo" = {
                extraDomainNames = ["*.ryot.foo"];
            };
        };
    };
 }
--- a/common/archive/caddy/default.nix
+++ b/common/archive/caddy/default.nix
@ -1,17 +0,0 @@
 {
    services.caddy = {
        enable = true;
        virtualHosts = {
            "*.ryot.foo" = {
                useACMEHost = "ryot.foo";
                extraConfig = builtins.readFile ./ryot.foo.conf;
            };
            "ryot.foo" = {
                useACMEHost = "ryot.foo";
                extraConfig = builtins.readFile ./ryot.foo.conf;
            };
        };
    };
 }
--- a/common/archive/caddy/ryot.foo.conf
+++ b/common/archive/caddy/ryot.foo.conf
@ -1,13 +0,0 @@
 reverse_proxy http://localhost:8080 {
    header_up Host {host}
    header_up X-Real-IP {remote}
    header_up X-Forwarded-For {remote}
    header_up X-Forwarded-Proto {scheme}
 }
 reverse_proxy https://localhost:4433 {
    header_up Host {host}
    header_up X-Real-IP {remote}
    header_up X-Forwarded-For {remote}
    header_up X-Forwarded-Proto {scheme}
 }
--- a/common/archive/forgejo/default.nix
+++ b/common/archive/forgejo/default.nix
@ -1,106 +0,0 @@
 # Configuration for Gitea instance
 {
  config,
  pkgs,
  admin,
  ...
 }:
 {
  # users.users.git = {
  #   description = "git";
  #   uid = 993;
  #   group = "ryot";
  #   shell = pkgs.fish;
  #   # openssh.authorizedKeys.keys = [
  #   #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
  #   # ];
  # };
  # Forgejo configuration
  services.forgejo = {
    enable = true;
    group = "ryot";
    stateDir = "/pool/forgejo";
    # Settings
    dump = {
      # :D idk what this does
      enable = false;
      interval = "weekly";
    };
    settings = {
      DEFAULT = {
        # Configuration for forgejo
        I_AM_BEING_UNSAFE_RUNNING_AS_ROOT = "true";
        APP_NAME = "Ryot Git";
        RUN_MODE = "dev";
        RUN_USER = "toph";
      };
      server = {
        # Configuration for reverse proxy
        DOMAIN = "git.ryot.foo";
        HTTP_ADDR = "127.0.0.1";
        HTTP_PORT = 3003;
        ROOT_URL = "https://git.ryot.foo/";
        START_SSH_SERVER = true;
        BUILTIN_SSH_SERVER_USER = "git";
        SSH_PORT = 222;
      };
      repository = {
        DEFAULT_PRIVATE = true;
      };
      ui = {
        DEFAULT_THEME = "forgejo-dark";
        SHOW_USER_EMAIL = false;
      };
      "ui.meta" = {
        AUTHOR = "Ryot";
        DESCRIPTION = "Ryot Gitea instance";
        KEYWORDS = "";
      };
      security = {
        INSTALL_LOCK = true;
      };
      session = {
        SESSION_LIFE_TIME = 86400 * 7; # 1 week
      };
      picture = {
        DISABLE_GRAVATAR = true;
      };
      "cron.sync_external_users" = {
        SCHEDULE = "@every 24h";
        UPDATE_EXISTING = true;
      };
      log.LEVEL = "Info";
      # Private server
      service.DISABLE_REGISTRATION = false;
      # Disable package manager functionality
      packages.ENABLED = false;
    };
  };
  users.users.forgejo = {
    extraGroups = [ "ryot" ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
    ];
  };
  # Give admin group access to forgejo config
  # users.users.${admin}.extraGroups = [ "forgejo" ];
 }
--- a/common/archive/mailserver/admin.pass
+++ b/common/archive/mailserver/admin.pass
@ -1 +0,0 @@
 $2b$05$RAavFe61.2iBTeGdtCI5EuKmFXxRbh/OL199HjBN74hSBCXzxViqS
--- a/common/archive/mailserver/admin.pass.example
+++ b/common/archive/mailserver/admin.pass.example
@ -1 +0,0 @@
 <HASHED_PASS>
--- a/common/archive/mailserver/default.nix
+++ b/common/archive/mailserver/default.nix
@ -1,19 +0,0 @@
 { 
    enable = true;
    fqdn = "mail.ryot.foo";
    domains = [ "ryot.foo" ];
    enableImapSsl = true;
    enableSubmissionSsl = true;
    # A list of all login accounts. To create the password hashes, use
    # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
    loginAccounts = {
        "[REDACTED]" = {
            hashedPassword = builtins.readFile ./admin.pass;
            aliases = ["[REDACTED]"];
        };
    };
    certificateScheme = "acme";
 }
--- a/common/archive/nextcloud/default.nix
+++ b/common/archive/nextcloud/default.nix
@ -1,89 +0,0 @@
 { config, pkgs, ... }:
 {
  # The Nextcloud admin password is stored in a separate file to avoid
  environment.etc."nextcloud-admin-pass".text = builtins.readFile ./nextcloud-admin-pass;
  services.nextcloud = {
    enable = true;
    hostName = "cloud.ryot.foo";
    # Need to manually increment with every major upgrade.
    package = pkgs.nextcloud29;
    # Let NixOS install and configure the database automatically.
    database.createLocally = true;
    # Let NixOS install and configure Redis caching automatically.
    configureRedis = true;
    # Increase the maximum file upload size to avoid problems uploading videos.
    maxUploadSize = "5G";
    https = true;
    # appstoreEnable = true;
    autoUpdateApps.enable = true;
    extraAppsEnable = true;
    extraApps = with config.services.nextcloud.package.packages.apps; {
      # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
      inherit
        calendar
        contacts
        mail
        notes
        tasks
        registration
        spreed
        twofactor_nextcloud_notification
        ;
      # breeze = pkgs.fetchNextcloudApp {
      #   sha256 = "sha256-9xMH9IcQrzzMJ5bL6RP/3CS1QGuByriCjGkJQJxQ4CU=";
      #   url = "https://github.com/mwalbeck/nextcloud-breeze-dark/releases/download/v29.0.0/breezedark.tar.gz";
      #   license = "agpl3Only";
      # };
      oidc_login = pkgs.fetchNextcloudApp {
        sha256 = "sha256-DrbaKENMz2QJfbDKCMrNGEZYpUEvtcsiqw9WnveaPZA=";
        url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.2.0/oidc_login.tar.gz";
        license = "agpl3Only";
      };
      impersonate = pkgs.fetchNextcloudApp {
        sha256 = "sha256-7NCfm2c861E1ZOZhpqjbsw2LC9I7ypp2J1LamqmWvtU=";
        url = "https://github.com/nextcloud-releases/impersonate/releases/download/v1.16.0/impersonate-v1.16.0.tar.gz";
        license = "agpl3Only";
      };
      # Custom app installation example.
      # cookbook = pkgs.fetchNextcloudApp rec {
      #   url =
      #     "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz";
      #   sha256 = "sha256-XgBwUr26qW6wvqhrnhhhhcN4wkI+eXDHnNSm1HDbP6M=";
      # };
    };
    settings = {
      overwriteProtocol = "https";
      overwritehost = "cloud.ryot.foo";
      trusted_domains = [ "cloud.ryot.foo" ];
      default_phone_region = "US";
      allow_user_to_change_display_name = "false";
      lost_password_link = "disabled";
      oidc_login_provider_url = "https://auth.ryot.foo/application/o/cloud-slug";
      oidc_login_client_id = "Fmc7v4MFQ3Iv8bZwOdXIaqYZUdDkiL0bKbDuGWd3";
      oidc_login_client_secret = "TPo7Q4uiusak2G6cneZMijMt45Y2FNCE2YT4hXWU9IjcywNhgzFXDY5sxC4SyyggkFmj3Dz3DYcZj295kjAES2W140EfjNRWI6xHd6B7Fxj8B6BzudJ5ii5Um1ZyjU47";
      # oidc_login_logout_url = "https://openid.example.com/thankyou";
      # oidc_login_end_session_redirect = "false";
      oidc_login_button_text = "Authentik Login";
      oidc_login_scope = "openid profile";
      oidc_login_disable_registration = "false";
    };
    config = {
      dbtype = "pgsql";
      adminuser = "admin";
      adminpassFile = "/etc/nextcloud-admin-pass";
    };
  };
 }
--- a/common/archive/nextcloud/nextcloud-admin-pass
+++ b/common/archive/nextcloud/nextcloud-admin-pass
@ -1 +0,0 @@
 snYBkSxkFZ6a7Y
--- a/common/archive/nginx/default.nix
+++ b/common/archive/nginx/default.nix
@ -1,27 +0,0 @@
 {
  # Nginx
  services.nginx = {
    enable = true;
    # Use recommended settings
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    # Only allow PFS-enabled ciphers with AES256
    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
    # Setup Nextcloud virtual host to listen on ports
    virtualHosts = {
      "drive.ryot.foo" = {
        ## Force HTTP redirect to HTTPS
        forceSSL = true;
        ## LetsEncrypt
        enableACME = true;
      };
    };
  };
 }
--- a/common/fish/default.nix
+++ b/common/fish/default.nix
@ -1,12 +0,0 @@
 { pkgs, ... }:
 {
  programs.fish = {
    enable = true;
    interactiveShellInit = builtins.readFile ./init.fish;
    plugins = [
      # Enable a plugin (here grc for colorized command output) from nixpkgs
      { name = "grc"; src = pkgs.fishPlugins.grc.src; }
      { name = "tide"; src = pkgs.fishPlugins.tide.src; }
    ];
  };
 }
--- a/common/git/default.nix
+++ b/common/git/default.nix
@ -1,13 +0,0 @@
 {
    # !!! FOR HOME MANAGER Not nix config
    programs.git = {
        enable = true;
        userName = "[REDACTED]";
        userEmail = "[REDACTED]";
        extraConfig = {
            init = {
                defaultBranch = "main";
            };
        };
    };
 }
--- a/common/home/default.nix
+++ b/common/home/default.nix
@ -1,29 +0,0 @@
 {
  pkgs,
  hostName,
  user,
  ...
 }:
 {
  # Module imports
  imports = [
    # Common Modules
    ../fish
    ../fastfetch
  ];
  home = {
    username = user;
    homeDirectory = "/home/${user}";
    stateVersion = "24.05";
    sessionVariables = {
      HOSTNAME = hostName;
      EDITOR = "micro";
      VISUAL = "micro";
      XDG_CONFIG_HOME = "$HOME/.config";
    };
  };
  # Let Home Manager install and manage itself.
  programs.home-manager.enable = true;
 }
--- a/common/ssh/default.nix
+++ b/common/ssh/default.nix
@ -1,21 +0,0 @@
 {
  lib,
  ...
 }:
 {
  programs.ssh.startAgent = true;
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
  ];
  services.openssh = {
    enable = true;
    settings = {
      AllowUsers = null; # everyone
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      PermitRootLogin = lib.mkDefault "no";
    };
  };
 }
--- a/common/vscode/default.nix
+++ b/common/vscode/default.nix
@ -1,10 +0,0 @@
 { pkgs, ... }:
 {
  programs.vscode = {
    enable = true;
    extensions = with pkgs.vscode-extensions; [
      # bbenoist.Nix
      # brettm12345.nixfmt-vscode
    ];
  };
 }
--- a/flake.lock
+++ b/flake.lock
@ -1,149 +0,0 @@
 {
  "nodes": {
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1681202837,
        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1740624780,
        "narHash": "sha256-8TP61AI3QBQsjzVUQFIV8NoB5nbYfJB3iHczhBikDkU=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "b8869e4ead721bbd4f0d6b927e8395705d4f16e6",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1740367490,
        "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "0196c0175e9191c474c26ab5548db27ef5d34b05",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
        "ref": "nixos-unstable",
        "type": "indirect"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1682134069,
        "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "fd901ef4bf93499374c5af385b2943f5801c0833",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
        "type": "indirect"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1735471104,
        "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs",
        "vscode-server": "vscode-server",
        "zen-browser": "zen-browser"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "vscode-server": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1729422940,
        "narHash": "sha256-DlvJv33ml5UTKgu4b0HauOfFIoDx6QXtbqUF3vWeRCY=",
        "owner": "nix-community",
        "repo": "nixos-vscode-server",
        "rev": "8b6db451de46ecf9b4ab3d01ef76e59957ff549f",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nixos-vscode-server",
        "type": "github"
      }
    },
    "zen-browser": {
      "inputs": {
        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1740554227,
        "narHash": "sha256-xpwZeMw2gGenixGQDyVv+ja+epcR+EJ1BPuGFdgFS18=",
        "owner": "0xc000022070",
        "repo": "zen-browser-flake",
        "rev": "7de16ae319e6f6852274fa90b0d41c00049767c9",
        "type": "github"
      },
      "original": {
        "owner": "0xc000022070",
        "repo": "zen-browser-flake",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/flake.nix
+++ b/flake.nix
@ -1,27 +1,32 @@
 # FIXME: this shit is a mess i need to learn how to do this properly
 {
-  description = "Unstable Flake";
+  description = "Toph's Nix-Config";
  inputs = {
-    nixpkgs.url = "nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    # The next two are for pinning to stable vs unstable regardless of what the above is set to
    # This is particularly useful when an upcoming stable release is in beta because you can effectively
    # keep 'nixpkgs-stable' set to stable for critical packages while setting 'nixpkgs' to the beta branch to
    # get a jump start on deprecation changes.
    # See also 'stable-packages' and 'unstable-packages' overlays at 'overlays/default.nix"
    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
    # NixOs hardware flakes
    hardware.url = "github:nixos/nixos-hardware";
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    vscode-server = {
+    # VM tools
-      url = "github:nix-community/nixos-vscode-server";
+    nixvirt = {
      url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz";
      inputs.nixpkgs.follows = "nixpkgs-stable";
    };
    zen-browser = {
      url = "github:0xc000022070/zen-browser-flake";
    };
-    # nixvirt = {
+    # TODO: theming
-    #   url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz";
+    # stylix.url = "github:danth/stylix/release-24.11";
    #   inputs.nixpkgs.follows = "nixpkgs";
    # };
    # arion = {
    #   url = "github:hercules-ci/arion";
    #   inputs.nixpkgs.follows = "nixpkgs";
    # };
  };
  outputs =
@ -30,290 +35,78 @@
      inherit (self) outputs;
      inherit (nixpkgs) lib;
      admin = "toph";
      user = "toph";
      ARM = "aarch64-linux"; # ARM systems
      X86 = "x86_64-linux"; # x86_64 systems
    in
    {
      nixosConfigurations = {
        caenus =
          let
            hostName = "caenus";
            default = ./. + "/host/${hostName}";
          in
          lib.nixosSystem {
            specialArgs = {
              inherit admin hostName;
            };
            system = ARM;
            modules = [
              ./nix
              default
            ];
          };
-        cloud =
+      #
-          let
+      # ========= Architectures =========
-            hostName = "cloud";
+      #
-            default = ./. + "/host/${hostName}";
+      forAllSystems = nixpkgs.lib.genAttrs [
-          in
+        ARM
-          lib.nixosSystem {
+        X86
-            specialArgs = {
+      ];
              inherit admin hostName;
            };
            system = X86;
            modules = [
              ./nix
              default
            ];
          };
-        komodo =
+      #
      # ========= Host Config Functions =========
      #
      # Handle a given host config based on whether its underlying system is nixos or darwin
      mkHost = host: isARM: {
        ${host} =
          let
-            hostName = "komodo";
+            func = if isARM then ARM else X86;
-            default = ./. + "/host/${hostName}";
+            systemFunc = func;
          in
          lib.nixosSystem {
            specialArgs = {
-              inherit admin hostName;
+              inherit
                inputs
                outputs
                isARM
                ;
              system = systemFunc;
              # ========== Extend lib with lib.custom ==========
              # NOTE: This approach allows lib.custom to propagate into hm
              # see: https://github.com/nix-community/home-manager/pull/3454
              lib = nixpkgs.lib.extend (self: super: { custom = import ./lib { inherit (nixpkgs) lib; }; });
            };
-            system = X86;
+            modules = [ ./hosts/nixos/${host} ];
            modules = [
              ./nix
              default
              inputs.vscode-server.nixosModules.default
              (
                { config, pkgs, ... }:
                {
                  services.vscode-server.enable = true;
                  services.vscode-server.enableFHS = true;
                  programs.nix-ld = {
                    enable = true;
                    package = pkgs.nix-ld-rs;
                  };
                }
              )
            ];
          };
        nix =
          let
            hostName = "nix";
            default = ./. + "/host/${hostName}";
          in
          lib.nixosSystem {
            specialArgs = {
              inherit admin hostName;
            };
            system = X86;
            modules = [
              ./nix
              default
              inputs.vscode-server.nixosModules.default
              (
                { config, pkgs, ... }:
                {
                  services.vscode-server.enable = true;
                }
              )
            ];
          };
        proxy =
          let
            hostName = "proxy";
            default = ./. + "/host/${hostName}";
          in
          lib.nixosSystem {
            specialArgs = {
              inherit admin hostName;
            };
            system = X86;
            modules = [
              ./nix
              default
            ];
          };
        rune =
          let
            hostName = "rune";
            default = ./. + "/host/${hostName}";
          in
          lib.nixosSystem {
            specialArgs = {
              inherit admin hostName inputs;
            };
            system = X86;
            modules = [
              ./nix
              default
            ];
          };
        haze =
          let
            user = "cesar";
            hostName = "haze";
            default = ./. + "/host/${hostName}";
          in
          lib.nixosSystem {
            specialArgs = {
              inherit admin user hostName;
            };
            system = X86;
            modules = [
              ./nix
              default
            ];
          };
      };
      # Invoke mkHost for each host config that is declared for either X86 or ARM
      mkHostConfigs =
        hosts: isARM: lib.foldl (acc: set: acc // set) { } (lib.map (host: mkHost host isARM) hosts);
      # Return the hosts declared in the given directory
      readHosts = folder: lib.attrNames (builtins.readDir ./hosts/${folder});
    in
    {
      #
      # ========= Overlays =========
      #
      # Custom modifications/overrides to upstream packages.
      overlays = import ./overlays { inherit inputs; };
-      homeConfigurations =
+      #
      # ========= Host Configurations =========
      #
      # Building configurations is available through `just rebuild` or `nixos-rebuild --flake .#hostname`
      nixosConfigurations = mkHostConfigs (readHosts "nixos") false;
      #
      # ========= Packages =========
      #
      # Add custom packages to be shared or upstreamed.
      packages = forAllSystems (
        system:
        let
-          armPkgs = import nixpkgs {
+          pkgs = import nixpkgs {
-            system = ARM;
+            inherit system;
-            config.allowUnfree = true;
+            overlays = [ self.overlays.default ];
          };
          x86Pkgs = import nixpkgs {
            system = X86;
            config.allowUnfree = true;
            # overlays = [ (import ./nixos/overlays) ];
          };
        in
-        {
+        lib.packagesFromDirectoryRecursive {
-          "${admin}@caenus" =
+          callPackage = lib.callPackageWith pkgs;
-            let
+          directory = ./pkgs/common;
-              hostName = "caenus";
+        }
-              pkgs = armPkgs;
+      );
              home = ./. + "/host/${hostName}/home";
            in
            inputs.home-manager.lib.homeManagerConfiguration {
              inherit pkgs;
              extraSpecialArgs = {
                inherit admin user hostName;
              };
              modules = [ home ];
            };
          "${admin}@cloud" =
            let
              hostName = "cloud";
              pkgs = x86Pkgs;
              home = ./. + "/host/${hostName}/home";
            in
            inputs.home-manager.lib.homeManagerConfiguration {
              inherit pkgs;
              extraSpecialArgs = {
                inherit admin user hostName;
              };
              modules = [ home ];
            };
          "${admin}@komodo" =
            let
              hostName = "komodo";
              pkgs = x86Pkgs;
              home = ./. + "/host/${hostName}/home";
            in
            inputs.home-manager.lib.homeManagerConfiguration {
              inherit pkgs;
              extraSpecialArgs = {
                inherit admin user hostName;
              };
              modules = [ home ];
            };
          "${admin}@nix" =
            let
              hostName = "nix";
              pkgs = x86Pkgs;
              home = ./. + "/host/${hostName}/home";
            in
            inputs.home-manager.lib.homeManagerConfiguration {
              inherit pkgs;
              extraSpecialArgs = {
                inherit admin user hostName;
              };
              modules = [ home ];
            };
          "${admin}@proxy" =
            let
              hostName = "proxy";
              pkgs = x86Pkgs;
              home = ./. + "/host/${hostName}/home";
            in
            inputs.home-manager.lib.homeManagerConfiguration {
              inherit pkgs;
              extraSpecialArgs = {
                inherit admin user hostName;
              };
              modules = [ home ];
            };
          "${admin}@rune" =
            let
              hostName = "rune";
              pkgs = x86Pkgs;
              home = ./. + "/host/${hostName}/home";
              zen = inputs.zen-browser.packages."${X86}".beta;
            in
            inputs.home-manager.lib.homeManagerConfiguration {
              inherit pkgs;
              extraSpecialArgs = {
                inherit
                  admin
                  user
                  hostName
                  zen
                  inputs
                  ;
              };
              modules = [ home ];
            };
          "${admin}@haze" =
            let
              user = "cesar";
              hostName = "haze";
              pkgs = x86Pkgs;
              home = ./. + "/host/${hostName}/home";
              zen = inputs.zen-browser.packages."${X86}".beta;
            in
            inputs.home-manager.lib.homeManagerConfiguration {
              inherit pkgs;
              extraSpecialArgs = {
                inherit
                  admin
                  user
                  hostName
                  zen
                  ;
              };
              modules = [ home ];
            };
          "cesar@haze" =
            let
              hostName = "haze";
              pkgs = x86Pkgs;
              home = ./. + "/host/${hostName}/home";
              zen = inputs.zen-browser.packages."${X86}".beta;
            in
            inputs.home-manager.lib.homeManagerConfiguration {
              inherit pkgs;
              extraSpecialArgs = {
                inherit
                  admin
                  user
                  hostName
                  zen
                  ;
              };
              modules = [ home ];
            };
        };
    };
 }
--- a/home/toph/common/core/asdf.nix
+++ b/home/toph/common/core/asdf.nix
@ -0,0 +1,14 @@
 { pkgs, ... }:
 {
  programs.fish = {
    shellInit = ''
      source "${pkgs.asdf-vm}/share/asdf-vm/asdf.fish"
    '';
  };
  home.packages = builtins.attrValues {
    inherit (pkgs)
      asdf-vm
      ;
  };
 }
--- a/home/toph/common/core/bash.nix
+++ b/home/toph/common/core/bash.nix
@ -0,0 +1,76 @@
 {
  programs.bash = {
    enable = true;
    enableCompletion = true;
    shellAliases = {
      ll = "ls -alF";
      la = "ls -A";
      l = "ls -CF";
      # Add an "alert" alias for long running commands.  Use like so:
      #   sleep 10; alert
      alert = "notify-send --urgency=low -i \"$([ $? = 0 ] && echo terminal || echo error)\" \"$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')\"";
    };
    initExtra = ''
      # ~/.bashrc: executed by bash(1) for non-login shells.
      # If not running interactively, don't do anything
      case $- in
          *i*) ;;
            *) return;;
      esac
      # don't put duplicate lines or lines starting with space in the history.
      # See bash(1) for more options
      HISTCONTROL=ignoreboth
      # append to the history file, don't overwrite it
      shopt -s histappend
      # for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
      HISTSIZE=1000
      HISTFILESIZE=2000
      # check the window size after each command and, if necessary,
      # update the values of LINES and COLUMNS.
      shopt -s checkwinsize
      # make less more friendly for non-text input files, see lesspipe(1)
      [ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
      # set a fancy prompt (non-color, unless we know we "want" color)
      case "$TERM" in
          xterm-color|*-256color) color_prompt=yes;;
      esac
      # enable color support of ls and also add handy aliases
      if [ -x /usr/bin/dircolors ]; then
          test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
          alias ls='ls --color=auto'
          #alias dir='dir --color=auto'
          #alias vdir='vdir --color=auto'
          alias grep='grep --color=auto'
          alias fgrep='fgrep --color=auto'
          alias egrep='egrep --color=auto'
      fi
      # colored GCC warnings and errors
      #export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
      # Alias definitions.
      # You may want to put all your additions into a separate file like
      # ~/.bash_aliases, instead of adding them here directly.
      # See /usr/share/doc/bash-doc/examples in the bash-doc package.
      if [ -f ~/.bash_aliases ]; then
          . ~/.bash_aliases
      fi
      export LC_ALL=en_US.UTF-8
      export LANG=en_US.UTF-8
      complete -C /usr/bin/terraform terraform
    '';
  };
 }
--- a/home/toph/common/core/bat.nix
+++ b/home/toph/common/core/bat.nix
@ -0,0 +1,33 @@
 # https://github.com/sharkdp/bat
 # https://github.com/eth-p/bat-extras
 { pkgs, ... }:
 {
  programs.bat = {
    enable = true;
    config = {
      # Git modifications and file header (but no grid)
      style = "changes,header";
      # theme = "gruvbox-dark";
    };
    extraPackages = builtins.attrValues {
      inherit (pkgs.bat-extras)
        batgrep # search through and highlight files using ripgrep
        batdiff # Diff a file against the current git index, or display the diff between to files
        batman # read manpages using bat as the formatter
        ;
    };
  };
  # Avoid [bat error]: The binary caches for the user-customized syntaxes and themes in
  # '/home/<user>/.cache/bat' are not compatible with this version of bat (0.25.0).
  home.activation.batCacheRebuild = {
    after = [ "linkGeneration" ];
    before = [ ];
    data = ''
      ${pkgs.bat}/bin/bat cache --build
    '';
  };
 }
--- a/home/toph/common/core/default.nix
+++ b/home/toph/common/core/default.nix
@ -0,0 +1,109 @@
 #FIXME: Move attrs that will only work on linux to nixos.nix
 #FIXME: if pulling in homemanager for isMinimal maybe set up conditional for some packages
 {
  config,
  lib,
  pkgs,
  hostSpec,
  ...
 }:
 {
  imports = lib.flatten [
    (map lib.custom.relativeToRoot [
      "modules/common/host-spec.nix"
    ])
    ./asdf.nix
    ./bash.nix
    ./bat.nix
    ./direnv.nix
    ./fastfetch
    ./fish
    ./fonts.nix
    ./git.nix
    ./ranger.nix
    ./screen.nix
    ./ssh.nix
    ./zoxide.nix
  ];
  inherit hostSpec;
  services.ssh-agent.enable = true;
  home = {
    username = lib.mkDefault config.hostSpec.username;
    homeDirectory = lib.mkDefault config.hostSpec.home;
    stateVersion = lib.mkDefault "24.05";
    sessionPath = [
      "$HOME/.local/bin"
    ];
    sessionVariables = {
      FLAKE = "$HOME/git/dot.nix";
      SHELL = "fish";
      EDITOR = "micro";
      VISUAL = "micro";
      MANPAGER = "batman"; # see ./cli/bat.nix
    };
    preferXdgDirectories = true; # whether to make programs use XDG directories whenever supported
  };
  #TODO(xdg): maybe move this to its own xdg.nix?
  # xdg packages are pulled in below
  xdg = {
    enable = true;
    userDirs = {
      enable = true;
      createDirectories = true;
      desktop = "${config.home.homeDirectory}/.desktop";
      documents = "${config.home.homeDirectory}/doc";
      download = "${config.home.homeDirectory}/downloads";
      music = "${config.home.homeDirectory}/media/audio";
      pictures = "${config.home.homeDirectory}/media/images";
      videos = "${config.home.homeDirectory}/media/video";
      # publicshare = "/var/empty"; #using this option with null or "/var/empty" barfs so it is set properly in extraConfig below
      # templates = "/var/empty"; #using this option with null or "/var/empty" barfs so it is set properly in extraConfig below
      extraConfig = {
        # publicshare and templates defined as null here instead of as options because
        XDG_PUBLICSHARE_DIR = "/var/empty";
        XDG_TEMPLATES_DIR = "/var/empty";
      };
    };
  };
  home.packages = builtins.attrValues {
    inherit (pkgs)
      # Packages that don't have custom configs go here
      btop # resource monitor
      coreutils # basic gnu utils
      curl
      eza # ls replacement
      dust # disk usage
      pre-commit # git hooks
      p7zip # compression & encryption
      unzip # zip extraction
      unrar # rar extraction
      wget # downloader
      xdg-utils # provide cli tools such as `xdg-mime` and `xdg-open`
      xdg-user-dirs
      zip # zip compression
      ;
  };
  nix = {
    package = lib.mkDefault pkgs.nix;
    settings = {
      experimental-features = [
        "nix-command"
        "flakes"
      ];
      warn-dirty = false;
    };
  };
  programs.home-manager.enable = true;
  # Nicely reload system units when changing configs
  systemd.user.startServices = "sd-switch";
 }
--- a/home/toph/common/core/direnv.nix
+++ b/home/toph/common/core/direnv.nix
@ -0,0 +1,7 @@
 {
  programs.direnv = {
    enable = true;
    enableBashIntegration = true;
    nix-direnv.enable = true; # better than native direnv nix functionality - https://github.com/nix-community/nix-direnv
  };
 }
--- a/home/toph/common/core/fastfetch/default.nix
+++ b/home/toph/common/core/fastfetch/default.nix
@ -7,7 +7,7 @@
 {
  programs.fastfetch =
    let
-      hostname = config.home.sessionVariables.HOSTNAME;
+      hostname = config.hostSpec.hostName;
      logoFile = ./. + "/host/${hostname}.txt";
    in
    {
--- a/home/toph/common/core/fastfetch/host/caenus.txt
+++ b/home/toph/common/core/fastfetch/host/caenus.txt
--- a/home/toph/common/core/fastfetch/host/cloud.txt
+++ b/home/toph/common/core/fastfetch/host/cloud.txt
--- a/home/toph/common/core/fastfetch/host/images/caenus.png
+++ b/home/toph/common/core/fastfetch/host/images/caenus.png
--- a/home/toph/common/core/fastfetch/host/images/cloud.png
+++ b/home/toph/common/core/fastfetch/host/images/cloud.png
--- a/home/toph/common/core/fastfetch/host/images/komodo.png
+++ b/home/toph/common/core/fastfetch/host/images/komodo.png
--- a/home/toph/common/core/fastfetch/host/images/nix.png
+++ b/home/toph/common/core/fastfetch/host/images/nix.png
--- a/home/toph/common/core/fastfetch/host/images/proxy.png
+++ b/home/toph/common/core/fastfetch/host/images/proxy.png
--- a/home/toph/common/core/fastfetch/host/images/rune.png
+++ b/home/toph/common/core/fastfetch/host/images/rune.png
--- a/home/toph/common/core/fastfetch/host/komodo.txt
+++ b/home/toph/common/core/fastfetch/host/komodo.txt
--- a/home/toph/common/core/fastfetch/host/nix.txt
+++ b/home/toph/common/core/fastfetch/host/nix.txt
--- a/home/toph/common/core/fastfetch/host/proxy.txt
+++ b/home/toph/common/core/fastfetch/host/proxy.txt
--- a/home/toph/common/core/fastfetch/host/rune.txt
+++ b/home/toph/common/core/fastfetch/host/rune.txt
--- a/home/toph/common/core/fastfetch/host/vm.txt
+++ b/home/toph/common/core/fastfetch/host/vm.txt
@ -0,0 +1,13 @@
   [?25l[0m      [38;2;201;171;246;48;2;170;145;205m▄[38;2;198;167;250;48;2;196;166;243m▄[0m[38;2;157;132;205m▄[0m   [38;2;42;98;133;48;2;68;158;214m▄[38;2;80;187;253;48;2;70;163;221m▄[48;2;55;130;176m▄[0m  [38;2;69;145;208m▄[38;2;85;173;253;48;2;72;159;221m▄[38;2;83;164;244;48;2;53;114;162m▄[0m      [0m
         [7m[38;2;113;96;142m▄[0m[38;2;174;146;228;48;2;194;163;249m▄[38;2;183;153;247;48;2;187;156;248m▄[38;2;173;143;242;48;2;93;77;127m▄[0m   [7m[38;2;72;162;224m▄[0m[38;2;86;171;253;48;2;83;180;253m▄[38;2;87;167;253;48;2;76;160;230m▄[38;2;88;163;253;48;2;44;86;128m▄[38;2;90;159;253;48;2;87;168;253m▄[38;2;86;147;239;48;2;88;164;253m▄[0m[7m[38;2;49;89;139m▄[0m      [0m
      [38;2;169;144;202m▄[38;2;203;172;250;48;2;172;146;208m▄[38;2;196;166;249;48;2;168;142;209m▄[38;2;189;159;248;48;2;163;137;210m▄[38;2;182;152;247;48;2;176;147;235m▄[38;2;175;145;246;48;2;179;149;247m▄[38;2;168;138;245;48;2;172;142;246m▄[38;2;161;131;244;48;2;160;131;237m▄[38;2;153;124;243;48;2;147;120;228m▄[38;2;146;117;242;48;2;140;113;226m▄[38;2;139;110;241;48;2;132;105;223m▄[38;2;127;110;241;48;2;104;146;249m▄[38;2;94;147;253;48;2;90;158;253m▄[38;2;94;145;254;48;2;91;154;253m▄[38;2;94;139;251;48;2;92;150;253m▄[0m[7m[38;2;47;74;127m▄[0m  [38;2;110;93;135m▄[38;2;155;132;185m▄[0m   [0m
      [7m[38;2;121;102;146m▄[38;2;115;97;144m▄[38;2;111;93;143m▄[38;2;107;90;143m▄[0m[38;2;102;106;245;48;2;134;115;214m▄[38;2;107;106;254;48;2;146;126;249m▄[38;2;93;90;220;48;2;141;122;249m▄[0m[7m[38;2;107;89;178m▄[38;2;86;70;140m▄[38;2;82;66;139m▄[38;2;78;62;138m▄[38;2;74;58;138m▄[38;2;77;93;184m▄[0m[38;2;90;113;228;48;2;97;136;254m▄[38;2;102;123;254;48;2;99;132;254m▄[0m[38;2;97;111;239m▄[0m [38;2;138;116;182m▄[38;2;189;159;239;48;2;197;167;249m░[38;2;199;168;246;48;2;207;176;251m▄[0m   [0m
      [38;2;49;75;132m▄[38;2;61;88;161m▄[38;2;99;132;254;48;2;73;89;183m▄[38;2;100;127;254;48;2;103;119;254m▄[38;2;68;82;171;48;2;104;113;254m▄[0m        [38;2;81;80;192;48;2;104;113;254m▄[38;2;110;106;254;48;2;106;109;254m▄[38;2;166;139;247;48;2;112;102;207m▄[38;2;180;150;247;48;2;184;154;248m▄[38;2;182;153;242;48;2;191;161;249m▄[0m[7m[38;2;111;94;140m▄[0m   [0m
   [38;2;48;101;145;48;2;67;132;197m▄[38;2;85;174;253;48;2;88;165;253m▄[38;2;86;169;253;48;2;89;160;253m▄[38;2;88;164;253;48;2;91;155;253m▄[38;2;90;159;253;48;2;92;150;253m▄[38;2;91;154;253;48;2;94;146;254m▄[38;2;93;149;253;48;2;96;141;254m▄[38;2;102;111;228;48;2;92;129;241m▄[0m          [38;2;153;125;238;48;2;135;118;246m▄[38;2;164;135;245;48;2;169;139;245m▄[38;2;171;141;246;48;2;176;146;246m▄[38;2;178;148;247;48;2;182;152;247m▄[38;2;185;155;248;48;2;189;159;248m▄[38;2;192;161;249;48;2;196;166;249m▄[38;2;199;168;250;48;2;203;172;250m▄[38;2;155;132;188;48;2;137;117;166m░[0m
      [38;2;56;124;173m▄[38;2;84;176;253;48;2;85;164;248m▄[38;2;85;170;252;48;2;88;163;253m▄[38;2;110;110;212;48;2;98;148;251m▄[38;2;141;112;241;48;2;132;105;240m▄[38;2;139;111;238;48;2;78;61;139m▄[0m        [38;2;142;113;241;48;2;106;85;175m▄[38;2;149;120;242;48;2;153;124;243m▄[38;2;103;83;161;48;2;160;130;244m▄[0m      [0m
      [38;2;80;187;253;48;2;80;187;253m░[38;2;74;173;234;48;2;81;184;253m▄[0m[7m[38;2;51;110;155m▄[0m [38;2;98;80;153;48;2;148;119;241m▄[38;2;158;129;244;48;2;149;120;242m▄[48;2;114;92;184m▄[0m[38;2;99;87;187m▄[38;2;76;74;180m▄[38;2;75;77;180m▄[38;2;73;84;180m▄[38;2;70;91;180m▄[38;2;80;107;203m▄[38;2;103;134;249;48;2;116;91;212m▄[38;2;103;143;249;48;2;137;109;240m▄[38;2;89;141;227;48;2;137;109;229m▄[0m[38;2;60;128;183m▄[38;2;58;134;183m▄[38;2;58;135;183m▄[38;2;55;129;175m▄[0m   [0m
      [7m[38;2;56;130;176m▄[0m   [38;2;107;89;151m▄[38;2;174;145;246;48;2;166;137;245m▄[38;2;175;145;246m▄[48;2;161;134;246m▄[38;2;139;122;238;48;2;110;106;254m▄[38;2;85;88;204;48;2;106;109;254m▄[38;2;82;96;204;48;2;103;119;254m▄[38;2;80;103;204;48;2;100;129;254m▄[38;2;91;131;241;48;2;97;138;254m▄[38;2;93;148;253;48;2;93;148;253m░[38;2;90;157;253;48;2;90;158;253m░[38;2;74;141;214;48;2;87;167;253m▄[38;2;60;127;182;48;2;84;177;253m▄[38;2;57;132;180;48;2;81;186;253m▄[38;2;53;123;167;48;2;80;187;253m▄[0m    [0m
         [38;2;128;107;166m▄[38;2;191;160;249;48;2;180;150;244m▄[38;2;191;161;249;48;2;183;153;247m▄[38;2;98;82;128;48;2;183;153;248m▄[38;2;189;159;245m▄[38;2;192;161;249;48;2;179;149;242m▄[0m[38;2;139;117;180m▄[0m   [38;2;62;99;169;48;2;93;148;253m▄[38;2;90;157;253;48;2;90;158;253m░[38;2;87;167;253;48;2;71;135;206m▄[0m       [0m
         [38;2;170;144;207;48;2;198;167;249m▄[38;2;191;162;231;48;2;199;168;250m▄[0m[7m[38;2;145;122;182m▄[0m [7m[38;2;113;96;142m▄[0m[38;2;181;154;218;48;2;200;169;250m▄[38;2;199;169;239;48;2;201;170;250m▄[0m[38;2;174;148;209m▄[0m   [7m[38;2;82;145;231m▄[0m[38;2;74;142;215;48;2;87;167;253m▄[0m[7m[38;2;75;158;227m▄[0m      [0m
   [?25h
--- a/home/toph/common/core/fish/default.nix
+++ b/home/toph/common/core/fish/default.nix
@ -0,0 +1,27 @@
 { pkgs, ... }:
 {
  home.packages = with pkgs; [
    fishPlugins.grc
    fishPlugins.tide
    grc
  ];
  programs.fish = {
    enable = true;
    interactiveShellInit = builtins.readFile ./init.fish;
    plugins = [
      # Enable a plugin (here grc for colorized command output) from nixpkgs
      {
        name = "grc";
        src = pkgs.fishPlugins.grc.src;
      }
      {
        name = "tide";
        src = pkgs.fishPlugins.tide.src;
      }
    ];
    shellInit = ''
      source "${pkgs.asdf-vm}/share/asdf-vm/asdf.fish"
    '';
  };
 }
--- a/home/toph/common/core/fish/init.fish
+++ b/home/toph/common/core/fish/init.fish
--- a/home/toph/common/core/fonts.nix
+++ b/home/toph/common/core/fonts.nix
@ -0,0 +1,10 @@
 { pkgs, ... }:
 {
  fonts.fontconfig.enable = true;
  home.packages = with pkgs; [
    noto-fonts
    nerd-fonts.fira-code
    meslo-lgs-nf
    monocraft
  ];
 }
--- a/home/toph/common/core/git.nix
+++ b/home/toph/common/core/git.nix
@ -0,0 +1,89 @@
 # git is core no matter what but additional settings may could be added made in optional/foo   eg: development.nix
 {
  pkgs,
  lib,
  config,
  inputs,
  ...
 }:
 {
  programs.git = {
    enable = true;
    package = pkgs.gitAndTools.gitFull;
    userName = "[REDACTED]";
    userEmail = "[REDACTED]";
    ignores = [
      ".csvignore"
      # nix
      "*.drv"
      "result"
      # python
      "*.py?"
      "__pycache__/"
      ".venv/"
      # direnv
      ".direnv"
    ];
    # Anytime I use auth, I want to use my yubikey. But I don't want to always be having to touch it
    # for things that don't need it. So I have to hardcode repos that require auth, and default to ssh for
    # actions that require auth.
    extraConfig = {
      core.pager = "delta";
      delta = {
        enable = true;
        features = [
          "side-by-side"
          "line-numbers"
          "hyperlinks"
          "line-numbers"
          "commit-decoration"
        ];
      };
      url = lib.optionalAttrs (!config.hostSpec.isMinimal) {
        # Only force ssh if it's not minimal
        "ssh://git@github.com" = {
          pushInsteadOf = "https://github.com";
        };
        "ssh://git@ryot.foo.com" = {
          pushInsteadOf = "https://git.ryot.foo";
        };
      };
      # pre-emptively ignore mac crap
      core.excludeFiles = builtins.toFile "global-gitignore" ''
        .DS_Store
        .DS_Store?
        ._*
        .Spotlight-V100
        .Trashes
        ehthumbs.db
        Thumbs.db
        node_modules
      '';
      core.attributesfile = builtins.toFile "global-gitattributes" ''
        Cargo.lock -diff
        flake.lock -diff
        *.drawio -diff
        *.svg -diff
        *.json diff=json
        *.bin diff=hex difftool=hex
        *.dat diff=hex difftool=hex
        *aarch64.bin diff=objdump-aarch64 difftool=objdump-aarch64
        *arm.bin diff=objdump-arm difftool=objdump-arm
        *x64.bin diff=objdump-x86_64 difftool=objdump-x64
        *x86.bin diff=objdump-x86 difftool=objdump-x86
      '';
      extraConfig = {
        init = {
          defaultBranch = "main";
        };
      };
    };
  };
 }
--- a/home/toph/common/core/ranger.nix
+++ b/home/toph/common/core/ranger.nix
@ -0,0 +1,26 @@
 {
  programs.ranger = {
    enable = true;
    plugins = [
      {
        name = "zoxide";
        src = builtins.fetchGit {
          url = "https://github.com/jchook/ranger-zoxide.git";
          rev = "281828de060299f73fe0b02fcabf4f2f2bd78ab3";
        };
      }
      {
        name = "archives";
        src = builtins.fetchGit {
          url = "https://github.com/maximtrp/ranger-archives.git";
          rev = "b4e136b24fdca7670e0c6105fb496e5df356ef25";
        };
      }
    ];
    settings = {
      show_hidden = true;
      # preview_images = true;
      # preview_images_method = w3m;
    };
  };
 }
--- a/home/toph/common/core/screen.nix
+++ b/home/toph/common/core/screen.nix
@ -0,0 +1,9 @@
 { pkgs, ... }:
 {
  home.packages = [ pkgs.screen ];
  home.file.".screenrc".text = ''
    startup_message off
    defbce on
    setenv TERM xterm-256color
  '';
 }
--- a/home/toph/common/core/ssh.nix
+++ b/home/toph/common/core/ssh.nix
@ -0,0 +1,26 @@
 {
  config,
  inputs,
  lib,
  ...
 }:
 {
  programs.ssh = {
    enable = true;
    # Avoids infinite hang if control socket connection interrupted. ex: vpn goes down/up
    serverAliveCountMax = 3;
    serverAliveInterval = 5;
    addKeysToAgent = "yes";
    extraConfig = ''
      IdentityFile ~/.ssh/pve
        UpdateHostKeys ask
    '';
    matchBlocks = {
      "git.ryot.foo" = {
        identityFile = "~/git/.ssh/git";
      };
    };
  };
 }
--- a/home/toph/common/core/zoxide.nix
+++ b/home/toph/common/core/zoxide.nix
@ -0,0 +1,10 @@
 {
  programs.zoxide = {
    enable = true;
    enableBashIntegration = true;
    enableFishIntegration = true;
    options = [
      "--cmd cd" # replace cd with z and zi (via cdi)
    ];
  };
 }
--- a/home/toph/common/optional/browsers/chromium.nix
+++ b/home/toph/common/optional/browsers/chromium.nix
@ -0,0 +1,9 @@
 {
  programs.chromium = {
    enable = true;
    commandLineArgs = [
      "--no-default-browser-check"
      "--restore-last-session"
    ];
  };
 }
--- a/home/toph/common/optional/browsers/default.nix
+++ b/home/toph/common/optional/browsers/default.nix
@ -0,0 +1,6 @@
 {
  imports = [
    ./chromium.nix
    ./zen.nix
  ];
 }
--- a/home/toph/common/optional/browsers/zen.nix
+++ b/home/toph/common/optional/browsers/zen.nix
@ -0,0 +1,20 @@
 {
  config,
  pkgs,
  inputs,
  ...
 }:
 {
  home.packages = builtins.attrValues {
    inherit (inputs.zen-browser.packages."${pkgs.system}")
      twilight
      ;
  };
  xdg.mimeApps.defaultApplications = {
    "text/html" = [ "zen.desktop" ];
    "text/xml" = [ "zen.desktop" ];
    "x-scheme-handler/http" = [ "zen.desktop" ];
    "x-scheme-handler/https" = [ "zen.desktop" ];
  };
 }
--- a/home/toph/common/optional/desktops/default.nix
+++ b/home/toph/common/optional/desktops/default.nix
@ -0,0 +1,6 @@
 {
  imports = [
    ./gnome
    # ./hyprland
  ];
 }
--- a/home/toph/common/optional/desktops/gnome/default.nix
+++ b/home/toph/common/optional/desktops/gnome/default.nix
--- a/home/toph/common/optional/development/default.nix
+++ b/home/toph/common/optional/development/default.nix
@ -0,0 +1,45 @@
 # Development utilities I want across all systems
 {
  lib,
  pkgs,
  ...
 }:
 {
  imports = lib.custom.scanPaths ./.;
  home.packages = lib.flatten [
    (builtins.attrValues {
      inherit (pkgs)
        # Development
        direnv
        delta # diffing
        gh # github cli
        logisim-evolution
        mcaselector
        prettierd
        # nix
        nixpkgs-review
        nixfmt-rfc-style
        # networking
        nmap
        # Diffing
        difftastic
        # serial debugging
        screen
        # Standard man pages for linux API
        man-pages
        man-pages-posix
        ;
      inherit (pkgs.jetbrains)
        idea-ultimate
        jetbrains-toolbox
        ;
    })
  ];
 }
--- a/home/toph/common/optional/development/vscode.nix
+++ b/home/toph/common/optional/development/vscode.nix
@ -0,0 +1,10 @@
 { pkgs, ... }:
 {
  programs.vscode = {
    enable = true;
    # extensions = with pkgs.vscode-extensions; [
    #   # bbenoist.Nix
    #   # brettm12345.nixfmt-vscode
    # ];
  };
 }
--- a/home/toph/common/optional/foot/default.nix
+++ b/home/toph/common/optional/foot/default.nix
--- a/home/toph/common/optional/gaming/default.nix
+++ b/home/toph/common/optional/gaming/default.nix
@ -0,0 +1,44 @@
 # This module just provides a customized .desktop file with gamescope args dynamically created based on the
 # host's monitors configuration
 {
  pkgs,
  config,
  lib,
  ...
 }:
 let
  monitor = lib.head (lib.filter (m: m.primary) config.monitors);
  steam-session =
    let
      gamescope = lib.concatStringsSep " " [
        (lib.getExe pkgs.gamescope)
        "--output-width ${toString monitor.width}"
        "--output-height ${toString monitor.height}"
        "--framerate-limit ${toString monitor.refreshRate}"
        "--prefer-output ${monitor.name}"
        "--adaptive-sync"
        "--expose-wayland"
        "--steam"
        "--hdr-enabled"
      ];
      steam = lib.concatStringsSep " " [
        "steam"
        #"steam://open/bigpicture"
      ];
    in
    pkgs.writeTextDir "share/applications/steam-session.desktop" ''
      [Desktop Entry]
      Name=Steam Session
      Exec=${gamescope} -- ${steam}
      Icon=steam
      Type=Application
    '';
 in
 {
  home.packages = [
    steam-session
    prismlauncher
  ];
 }
--- a/home/toph/common/optional/vscode-server/default.nix
+++ b/home/toph/common/optional/vscode-server/default.nix
--- a/home/toph/common/optional/xdg.nix
+++ b/home/toph/common/optional/xdg.nix
@ -0,0 +1,52 @@
 {
  pkgs,
  config,
  ...
 }:
 let
  # FIXME(xdg): That should use config options and just reference whatever is configured as the default
  browser = [ "zen.desktop" ];
  editor = [ "code.desktop" ];
  # Extensive list of associations here:
  # https://github.com/iggut/GamiNiX/blob/8070528de419703e13b4d234ef39f05966a7fafb/system/desktop/home-main.nix#L77
  associations = {
    "text/*" = editor;
    "text/plain" = editor;
    # "text/html" = browser;
    "application/x-zerosize" = editor; # empty files
    "application/x-shellscript" = editor;
    "application/x-perl" = editor;
    "application/json" = editor;
    "application/x-extension-htm" = browser;
    "application/x-extension-html" = browser;
    "application/x-extension-shtml" = browser;
    "application/xhtml+xml" = browser;
    "application/x-extension-xhtml" = browser;
    "application/x-extension-xht" = browser;
    "application/pdf" = browser;
    "x-scheme-handler/http" = browser;
    "x-scheme-handler/https" = browser;
    "image/*" = browser;
  };
 in
 {
  # Enables app shorcuts
  targets.genericLinux.enable = true;
  xdg.mime.enable = true;
  xdg.mimeApps.enable = true;
  xdg.mimeApps.defaultApplications = associations;
  xdg.mimeApps.associations.added = associations;
  xdg.systemDirs.data = [ "${config.home.homeDirectory}/.nix-profile/share/applications" ];
  home.packages = builtins.attrValues {
    inherit (pkgs)
      handlr-regex # better xdg-open for desktop apps
      ;
  };
 }
--- a/home/toph/rune/default.nix
+++ b/home/toph/rune/default.nix
@ -0,0 +1,69 @@
 { pkgs, ... }:
 {
  imports = [
    ## Required Configs ##
    ../common/core # required
    ## Host-specific Optional Configs ##
    ../common/optional/browsers
    ../common/optional/desktops
    ../common/optional/development
    ../common/optional/gaming
    ../common/optional/xdg.nix # file associations
  ];
  ## Packages with no needed configs ##
  home.packages = builtins.attrValues {
    inherit (pkgs)
      ## Media ##
      ffmpeg
      spotify
      gpu-screen-recorder-gtk
      ## Social ##
      telegram-desktop
      vesktop
      ## Tools ##
      bitwarden-desktop
      inspector
      wezterm
      ## Productivity ##
      gimp
      inkscape
      ## Fonts ##
      monocraft
      nerd-fonts
      ;
  };
  dconf.settings = {
    "org/virt-manager/virt-manager/connections" = {
      autoconnect = [
        "qemu:///session"
        "qemu:///system"
      ];
      uris = [
        "qemu:///session"
        "qemu:///system"
      ];
    };
  };
  xdg.desktopEntries = {
    win11 = {
      name = "Windows 11";
      comment = "Windows 11 VM";
      exec = "virt-manager --connect qemu:///system --show-domain-console win11-sys";
      icon = "windows95";
      type = "Application";
      terminal = false;
      categories = [
        "System"
        "Application"
      ];
    };
  };
 }
--- a/home/toph/vm/default.nix
+++ b/home/toph/vm/default.nix
@ -0,0 +1,25 @@
 {
  pkgs,
  ...
 }:
 {
  imports = [
    ## Required Configs ##
    ../common/core # required
    ## Host-specific Optional Configs ##
    ../common/optional/browsers
    ../common/optional/desktops
    ../common/optional/xdg.nix # file associations
  ];
  ## Packages with no needed configs ##
  home.packages = builtins.attrValues {
    inherit (pkgs)
      ## Tools ##
      inspector
      wezterm
      ;
  };
 }
--- a/host/caenus/default.nix
+++ b/host/caenus/default.nix
@ -1,63 +0,0 @@
 {
  config,
  hostName,
  lib,
  modulesPath,
  pkgs,
  ...
 }:
 {
  ## MODULES & IMPORTS ##
  ## MODULES & IMPORTS ##
  imports = [
    # Common Modules
    # ../../common/acme
    ../../common/ssh
    # Import hardware configuration.
    ./hardware.nix
    # Local Modules
    ./modules/frp
    # ./modules/nginx
  ];
  ## BOOTLOADER ##
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  ## NETWORKING ##
  networking.firewall = {
    allowedTCPPorts = [
      22
      80
      443
      4040
      25565
    ];
    allowedUDPPorts = [ 4040 ];
  };
  ## SSH Override ##
  services.openssh = {
    settings = {
      PermitRootLogin = lib.mkForce "yes";
    };
  };
  ## ENVIORMENT & PACKAGES ##
  environment.systemPackages = with pkgs; [
    git
    micro
    openssh
    ranger
    sshfs
    wget
  ];
  environment.variables = {
    HOSTNAME = hostName;
  };
 }
--- a/host/caenus/home/default.nix
+++ b/host/caenus/home/default.nix
@ -1,26 +0,0 @@
 { pkgs, ... }:
 {
  # Module imports
  imports = [
    # Common Modules
    ../../../common/home
    ../../../common/git
  ];
  home.packages = with pkgs; [
    fastfetch
    fish
    fishPlugins.grc
    fishPlugins.tide
    grc
  ];
  home.file = {
    git.dotfiles.source = builtins.fetchGit {
      url = "git@github.com:TophC7/dotfiles.git";
      ref = "hosts";
      rev = "4c2f9faf24e2e90fb7b0b4bce7560da39cbb814a";
    };
  };
 }
--- a/host/caenus/modules/frp/default.nix
+++ b/host/caenus/modules/frp/default.nix
@ -1,13 +0,0 @@
 {
    services.frp = {
        enable = true;
        role = "server";
        settings = {
            bindPort = 4040;
            auth = {
                method = "token";
                token = builtins.readFile ./frp.token;
            };
        };
    };
 }
--- a/host/caenus/modules/frp/frp.token
+++ b/host/caenus/modules/frp/frp.token
@ -1 +0,0 @@
 $2b$05$3hq3mA559Yxy679kKbzou..ao9d7annFWAo4MRo0tO04bYJsteWTu
--- a/host/caenus/modules/frp/frp.token.example
+++ b/host/caenus/modules/frp/frp.token.example
@ -1 +0,0 @@
 <SHA token>
--- a/host/caenus/modules/nginx/default.nix
+++ b/host/caenus/modules/nginx/default.nix
@ -1,36 +0,0 @@
 {
    users.users.nginx.extraGroups = [ "acme" ];
    # Nginx
    services.nginx = {
        enable = true;
        # Use recommended settings
        recommendedGzipSettings = true;
        recommendedOptimisation = true;
        recommendedProxySettings = true;
        recommendedTlsSettings = true;
        virtualHosts = {
            "ryot.foo" = {
                http2 = true;
                forceSSL = true;
                useACMEHost = "ryot.foo";
                locations."/".proxyPass = "http://0.0.0.0:8080";
            };
            "*.ryot.foo" = {
                http2 = true;
                forceSSL = true;
                useACMEHost = "ryot.foo";
                locations."/" = {
                    proxyPass = "http://0.0.0.0:8080";
                    proxyWebsockets = true;
                    extraConfig = ''
                        proxy_ssl_server_name on;
                        proxy_pass_header Authorization;
                    '';
                };
            };
        };
    };
 }
--- a/host/cloud/default.nix
+++ b/host/cloud/default.nix
@ -1,66 +0,0 @@
 {
  modulesPath,
  config,
  pkgs,
  hostName,
  admin,
  ...
 }:
 {
  ## MODULES & IMPORTS ##
  imports = [
    # Common Modules
    ../../common/acme
    ../../common/lxc
    ../../common/ssh
    # Import hardware configuration.
    ./hardware.nix
    # Local Modules
    # cron
    ./modules/cron
    # Filerun
    ./modules/filerun
    # Logrotate
    ./modules/logrotate
    # Caddy
    ./modules/caddy
    # Snapraid-runner
    ./modules/snapraid
  ];
  ## NETWORKING ##
  networking.firewall = {
    allowedTCPPorts = [
      22
      80
      443
      8181
    ];
    allowedUDPPorts = [ ];
  };
  ## USERS ##
  users.users.${admin}.extraGroups = [ "docker" ];
  ## ENVIORMENT & PACKAGES ##
  nixpkgs.overlays = [ (import ../../nix/overlays) ];
  environment.systemPackages = with pkgs; [
    arion
    git
    mergerfs
    micro
    openssh
    ranger
    sshfs
    snapraid
    snapraid-runner
    wget
  ];
  environment.variables = {
    HOSTNAME = hostName;
  };
 }
--- a/host/cloud/hardware.nix
+++ b/host/cloud/hardware.nix
@ -1,37 +0,0 @@
 {
  admin,
  ...
 }:
 {
  # for sshfs
  programs.fuse.userAllowOther = true;
  # TODO: use tempfls to set the acls in nix config
  fileSystems = {
    "/pool" = {
      fsType = "fuse.mergerfs";
      device = "/mnt/data*";
      options = [
        "cache.files=auto-full"
        "defaults"
        "allow_other"
        "minfreespace=50G"
        "fsname=mergerfs"
        "category.create=mfs"
        "nonempty"
        "uid=1000"
        "gid=1004" # Ryot group
        "posix_acl=true"
      ];
    };
    "/home/${admin}/git" = {
      fsType = "none";
      device = "/pool/git";
      options = [
        "bind"
        "nofail"
      ];
    };
  };
 }
--- a/host/cloud/home/default.nix
+++ b/host/cloud/home/default.nix
@ -1,17 +0,0 @@
 { pkgs, ... }:
 {  
  # Module imports
  imports = [
    # Common Modules
      ../../../common/home
  ];
  home.packages = with pkgs; [
      fastfetch
      fish
      fishPlugins.grc
      fishPlugins.tide
      grc
      lazydocker
    ];
 }
--- a/host/cloud/modules/caddy/default.nix
+++ b/host/cloud/modules/caddy/default.nix
@ -1,19 +0,0 @@
 {
  services.caddy = {
    enable = true;
    virtualHosts = {
      "drive.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy http://localhost:8181 {
            header_up Host {host}
            # header_up X-Forwarded-For {remote}
            # header_up X-Forwarded-Proto {scheme}
            # header_up X-Forwarded-Protocol {scheme}
            # header_up X-Forwarded-Port {server_port}
          }
        '';
      };
    };
  };
 }
--- a/host/cloud/modules/cron/default.nix
+++ b/host/cloud/modules/cron/default.nix
@ -1,13 +0,0 @@
 {
  services.cron = {
    enable = true;
    systemCronJobs = [
      # Runs snapraid-runner every day at 3am
      "0 3 * * *      root    snapraid-runner"
      # Runs a backup of the Docker storage directory every Monday at 4am
      "0 4 * * 0      root    tar -Pzcf /pool/Backups/DockerStorage/DockerStorage.tar.gz -C /mnt/drive1/DockerStorage ."
      # Runs a backup of the forgejo directory every 2 days at 4am
      "0 4 */2 * *     root    tar -Pzcf /pool/Backups/forgejo/forgejo.tar.gz -C /pool/forgejo ."
    ];
  };
 }
--- a/host/cloud/modules/filerun/.env
+++ b/host/cloud/modules/filerun/.env
@ -1,4 +0,0 @@
 DB_NAME=filerun
 DB_USER=admin
 DB_PASS=m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY
 DB_ROOT_PASS=pHUlPjDwhfpfAJPlF/FYN8q5w2R+0/U4aosJ5FOBPIejHkmm
--- a/host/cloud/modules/filerun/arion-compose.nix
+++ b/host/cloud/modules/filerun/arion-compose.nix
@ -1,41 +0,0 @@
 {
  services = {
    db.service = {
      image = "mariadb:10.11";
      user = "1000:1004";
      environment = {
        MYSQL_ROOT_PASSWORD = "pHUlPjDwhfpfAJPlF/FYN8q5w2R+0/U4aosJ5FOBPIejHkmm";
        MYSQL_USER = "admin";
        MYSQL_PASSWORD = "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY";
        MYSQL_DATABASE = "filerun";
      };
      volumes = [
        "/pool/filerun/db:/var/lib/mysql"
      ];
    };
    web.service = {
      image = "filerun/filerun:8.1";
      user = "root";
      tty = true;
      environment = {
        FR_DB_HOST = "db";
        FR_DB_PORT = "3306";
        FR_DB_NAME = "filerun";
        FR_DB_USER = "admin";
        FR_DB_PASS = "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY";
        APACHE_RUN_USER = "toph";
        APACHE_RUN_USER_ID = "1000";
        APACHE_RUN_GROUP = "ryot";
        APACHE_RUN_GROUP_ID = "1004";
      };
      depends_on = [ "db" ];
      ports = [ "8181:80" ];
      volumes = [
        "/pool/filerun/html:/var/www/html"
        "/pool/filerun/user-files:/user-files"
        "/pool/:/pool"
      ];
    };
  };
 }
--- a/host/cloud/modules/filerun/arion-compose.yml
+++ b/host/cloud/modules/filerun/arion-compose.yml
@ -1,58 +0,0 @@
 {
  "networks": { "default": { "name": "filerun" } },
  "services":
    {
      "db":
        {
          "environment":
            {
              "MYSQL_DATABASE": "filerun",
              "MYSQL_PASSWORD": "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY",
              "MYSQL_ROOT_PASSWORD": "pHUlPjDwhfpfAJPlF/FYN8q5w2R+0/U4aosJ5FOBPIejHkmm",
              "MYSQL_USER": "admin",
            },
          "image": "mariadb:10.11",
          "sysctls": {},
          "user": "1000:1004",
          "volumes": ["/pool/filerun/db:/var/lib/mysql"],
        },
      "web":
        {
          "depends_on": ["db"],
          "environment":
            {
              "APACHE_RUN_GROUP": "ryot",
              "APACHE_RUN_GROUP_ID": "1004",
              "APACHE_RUN_USER": "toph",
              "APACHE_RUN_USER_ID": "1000",
              "FR_DB_HOST": "db",
              "FR_DB_NAME": "filerun",
              "FR_DB_PASS": "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY",
              "FR_DB_PORT": "3306",
              "FR_DB_USER": "admin",
            },
          "image": "filerun/filerun:8.1",
          "ports": ["8181:80"],
          "sysctls": {},
          "tty": true,
          "user": "root",
          "volumes":
            [
              "/pool/filerun/html:/var/www/html",
              "/pool/filerun/user-files:/user-files",
            ],
        },
    },
  "version": "3.4",
  "volumes": {},
  "x-arion":
    {
      "images": [],
      "project": { "name": "filerun" },
      "serviceInfo":
        {
          "db": { "defaultExec": ["/bin/sh"] },
          "web": { "defaultExec": ["/bin/sh"] },
        },
    },
 }
--- a/host/cloud/modules/filerun/compose.yml
+++ b/host/cloud/modules/filerun/compose.yml
@ -1,37 +0,0 @@
 name: filerun
 services:
    db:
        image: mariadb:10.5
        user: 1001:1004
        environment:
            MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS}
            MYSQL_USER: ${DB_USER}
            MYSQL_PASSWORD: ${DB_PASS}
            MYSQL_DATABASE: ${DB_NAME}
        restart: unless-stopped
        volumes:
            - /pool/filerun/db:/var/lib/mysql
    web:
        image: filerun/filerun:8.1
        user: root
        environment:
            FR_DB_HOST: db
            FR_DB_PORT: 3306
            FR_DB_NAME: ${DB_NAME}
            FR_DB_USER: ${DB_USER}
            FR_DB_PASS: ${DB_PASS}
            APACHE_RUN_USER: toph
            APACHE_RUN_USER_ID: 1001
            APACHE_RUN_GROUP: toph
            APACHE_RUN_GROUP_ID: 1004
        depends_on:
            - db
        links:
            - db:db
        ports:
            - "8181:80"
        restart: unless-stopped
        volumes:
            - /pool/filerun/html:/var/www/html
            - /pool/filerun/user-files:/user-files
--- a/host/cloud/modules/filerun/default.nix
+++ b/host/cloud/modules/filerun/default.nix
@ -1,29 +0,0 @@
 {
  imports =
    let
      commit = "9f01fb79f61f53fe31d5ef831e420ab9ad252b99";
    in
    [
      "${
        builtins.fetchTarball {
          name = "arion-v0.2.2.0";
          url = "https://github.com/hercules-ci/arion/archive/${commit}.tar.gz";
          # obtained via nix-prefetch-url --unpack <url>
          sha256 = "1y2wi9kjb1agrvzaj6417lap4qg969hdfz3cmw3v3sz1q5mqcaw5";
        }
      }/nixos-module.nix"
    ];
  virtualisation.docker.enable = true;
  virtualisation.arion = {
    backend = "docker"; # or "docker"
    projects.filerun = {
      # serviceName = "filerun";
      settings = {
        # Specify you project here, or import it from a file.
        imports = [ ./arion-compose.nix ];
      };
    };
  };
 }
--- a/host/cloud/modules/filerun/oci.nix
+++ b/host/cloud/modules/filerun/oci.nix
@ -1,126 +0,0 @@
 # Auto-generated using compose2nix v0.3.1.
 { pkgs, lib, ... }:
 {
  # Runtime
  virtualisation.docker = {
    enable = true;
    autoPrune.enable = true;
  };
  virtualisation.oci-containers.backend = "docker";
  # Containers
  virtualisation.oci-containers.containers."filerun-db" = {
    image = "mariadb:10.5";
    environment = {
      "MYSQL_DATABASE" = "filerun";
      "MYSQL_PASSWORD" = "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY";
      "MYSQL_ROOT_PASSWORD" = "pHUlPjDwhfpfAJPlF/FYN8q5w2R+0/U4aosJ5FOBPIejHkmm";
      "MYSQL_USER" = "admin";
    };
    volumes = [
      "/pool/filerun/db:/var/lib/mysql:rw"
    ];
    user = "root";
    log-driver = "journald";
    extraOptions = [
      "--network-alias=db"
      "--network=filerun_default"
    ];
  };
  systemd.services."docker-filerun-db" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "always";
      RestartMaxDelaySec = lib.mkOverride 90 "1m";
      RestartSec = lib.mkOverride 90 "100ms";
      RestartSteps = lib.mkOverride 90 9;
    };
    after = [
      "docker-network-filerun_default.service"
    ];
    requires = [
      "docker-network-filerun_default.service"
    ];
    partOf = [
      "docker-compose-filerun-root.target"
    ];
    wantedBy = [
      "docker-compose-filerun-root.target"
    ];
  };
  virtualisation.oci-containers.containers."filerun-web" = {
    image = "filerun/filerun:8.1";
    environment = {
      "APACHE_RUN_GROUP" = "toph";
      "APACHE_RUN_GROUP_ID" = "100";
      "APACHE_RUN_USER" = "toph";
      "APACHE_RUN_USER_ID" = "1000";
      "FR_DB_HOST" = "db";
      "FR_DB_NAME" = "filerun";
      "FR_DB_PASS" = "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY";
      "FR_DB_PORT" = "3306";
      "FR_DB_USER" = "admin";
    };
    volumes = [
      "/pool/filerun/html:/var/www/html:rw"
      "/pool/filerun/user-files:/user-files:rw"
    ];
    ports = [
      "8181:80/tcp"
    ];
    dependsOn = [
      "filerun-db"
    ];
    user = "root";
    log-driver = "journald";
    extraOptions = [
      "--network-alias=web"
      "--network=filerun_default"
    ];
  };
  systemd.services."docker-filerun-web" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "always";
      RestartMaxDelaySec = lib.mkOverride 90 "1m";
      RestartSec = lib.mkOverride 90 "100ms";
      RestartSteps = lib.mkOverride 90 9;
    };
    after = [
      "docker-network-filerun_default.service"
    ];
    requires = [
      "docker-network-filerun_default.service"
    ];
    partOf = [
      "docker-compose-filerun-root.target"
    ];
    wantedBy = [
      "docker-compose-filerun-root.target"
    ];
  };
  # Networks
  systemd.services."docker-network-filerun_default" = {
    path = [ pkgs.docker ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
      ExecStop = "docker network rm -f filerun_default";
    };
    script = ''
      docker network inspect filerun_default || docker network create filerun_default
    '';
    partOf = [ "docker-compose-filerun-root.target" ];
    wantedBy = [ "docker-compose-filerun-root.target" ];
  };
  # Root service
  # When started, this will automatically create all resources and start
  # the containers. When stopped, this will teardown all resources.
  systemd.targets."docker-compose-filerun-root" = {
    unitConfig = {
      Description = "Root target generated by compose2nix.";
    };
    wantedBy = [ "multi-user.target" ];
  };
 }
--- a/host/cloud/modules/logrotate/default.nix
+++ b/host/cloud/modules/logrotate/default.nix
@ -1,6 +0,0 @@
 {
    services.logrotate = {
        enable = true;
        configFile = ./logrotate.conf;
    };
 }
--- a/host/cloud/modules/logrotate/logrotate.conf
+++ b/host/cloud/modules/logrotate/logrotate.conf
@ -1,18 +0,0 @@
 dateext
 missingok
 notifempty
 rotate 4
 "/pool/Backups/DockerStorage/DockerStorage.tar.gz" {
  weekly
  rotate 8
  nocompress
  su root root
 }
 "/pool/Backups/forgejo/forgejo.tar.gz" {
  daily
  rotate 20
  nocompress
  su root root
 }
--- a/host/cloud/modules/snapraid/default.nix
+++ b/host/cloud/modules/snapraid/default.nix
@ -1,37 +0,0 @@
 { pkgs, ... }:
 {
  environment.etc."snapraid.conf".text = builtins.readFile ./snapraid.conf;
  environment.etc."snapraid-runner.conf".text = ''
    [snapraid]
    executable = ${pkgs.snapraid}/bin/snapraid
    config = /etc/snapraid.conf
    deletethreshold = 40
    touch = false
    [logging]
    file = /var/log/snapraid-runner.log
    maxsize = 5000
    [email]
    sendon = 
    short = true
    subject = [SnapRAID] Status Report:
    from = cloud@ryot.foo
    to = [REDACTED]
    maxsize = 500
    [smtp]
    host = ryot.foo
    port =
    ssl = true
    tls = true
    user = admin
    password = [REDACTED]
    [scrub]
    enabled = true
    plan = 12
    older-than = 10
  '';
 }
--- a/host/cloud/modules/snapraid/snapraid.conf
+++ b/host/cloud/modules/snapraid/snapraid.conf
@ -1,21 +0,0 @@
 ## /etc/snapraid.conf ##
 # Defines the file to use as parity storage
 parity /mnt/parity/snapraid.parity
 # Defines the files to use as content list
 content /var/snapraid.content
 content /mnt/drive1/snapraid.content
 content /mnt/drive2/snapraid.content
 content /mnt/drive3/snapraid.content
 content /mnt/parity/snapraid.content
 # Defines the data disks to use
 data d1 /mnt/drive1/
 data d2 /mnt/drive2/
 data d3 /mnt/drive3/
 # Defines files and directories to exclude
 exclude *.unrecoverable
 exclude /tmp/
 exclude /lost+found/
--- a/host/haze/default.nix
+++ b/host/haze/default.nix
@ -1,81 +0,0 @@
 {
  modulesPath,
  config,
  pkgs,
  hostName,
  user,
  ...
 }:
 {
  ## MODULES & IMPORTS ##
  imports = [
    # Common Modules
    ../../common/ssh
    # Import hardware configuration.
    ./hardware.nix
    # Modules
    ./modules/steam
    ./modules/gnome
  ];
  ## USERS ##
  users.mutableUsers = false;
  users.users."${user}" = {
    isNormalUser = true;
    createHome = true;
    description = "${user}";
    homeMode = "750";
    home = "/home/${user}";
    password = "198913";
    extraGroups = [
      "networkmanager"
      "wheel"
      "i2c"
    ];
    shell = pkgs.fish;
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
    ];
  };
  ## NETWORKING ##
  networking.networkmanager.enable = true;
  ## ENVIORMENT & PACKAGES ##
  environment.systemPackages = with pkgs; [
    ddcutil
    git
    micro
    nixfmt-rfc-style
    openssh
    ranger
    sshfs
    wezterm
    wget
  ];
  # Enable CUPS to print documents.
  services.printing.enable = true;
  # Enable sound with pipewire.
  services.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };
  programs.java = {
    enable = true;
    package = pkgs.jdk;
  };
  environment.variables = {
    HOSTNAME = hostName;
    GTK_THEME = "Gruvbox-Dark";
  };
 }
--- a/host/haze/hardware.nix
+++ b/host/haze/hardware.nix
@ -1,80 +0,0 @@
 {
  config,
  lib,
  pkgs,
  modulesPath,
  admin,
  ...
 }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  # Bootloader
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.initrd.availableKernelModules = [
    "nvme"
    "xhci_pci"
    "ahci"
    "usb_storage"
    "usbhid"
    "sd_mod"
  ];
  boot.initrd.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  boot.kernelModules = [
    "kvm-amd"
    "i2c-dev"
  ];
  # for ddcutil to work
  hardware.i2c.enable = true;
  services.udev.extraRules = ''
    KERNEL=="i2c-[0-9]*", GROUP="i2c", MODE="0660"
  '';
  programs.fuse.userAllowOther = true;
  fileSystems = {
    # "/" = {
    #   device = "/dev/disk/by-uuid/28a9ac4d-1e87-4731-9c06-916711d83cb2";
    #   fsType = "ext4";
    # };
    # "/boot" = {
    #   device = "/dev/disk/by-uuid/B182-E50E";
    #   fsType = "vfat";
    #   options = [
    #     "fmask=0077"
    #     "dmask=0077"
    #   ];
    # };
    "/pool" = {
      device = "${admin}@104.40.4.24:/pool";
      fsType = "sshfs";
      options = [
        "defaults"
        "reconnect"
        "_netdev"
        "allow_other"
        "identityfile=/home/${admin}/.ssh/pve"
      ];
    };
    "/home/${admin}/git" = {
      fsType = "none";
      device = "/pool/git";
      options = [
        "bind"
        "nofail"
      ];
    };
  };
  swapDevices = [ { device = "/dev/disk/by-uuid/81b6fa27-af94-41d4-9070-8754087a4c26"; } ];
  networking.useDHCP = lib.mkDefault true;
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/host/haze/home/default.nix
+++ b/host/haze/home/default.nix
@ -1,43 +0,0 @@
 {
  pkgs,
  zen,
  config,
  ...
 }:
 {
  # Module imports
  imports = [
    # Common Modules
    ../../../common/home
    # ../../../common/git
    ../../../common/vscode
    # Modules
    ../modules/gnome/home.nix
  ];
  # Enables app shorcuts
  targets.genericLinux.enable = true;
  xdg.mime.enable = true;
  xdg.systemDirs.data = [ "${config.home.homeDirectory}/.nix-profile/share/applications" ];
  home.packages = with pkgs; [
    chafa
    fastfetch
    fish
    fishPlugins.grc
    fishPlugins.tide
    grc
    inspector
    monocraft
    nerd-fonts.fira-code
    nodejs_22
    pnpm
    prettierd
    prismlauncher
    spotify
    telegram-desktop
    vesktop
    zen
  ];
 }
--- a/host/haze/modules/gnome/default.nix
+++ b/host/haze/modules/gnome/default.nix
@ -1,56 +0,0 @@
 { pkgs, ... }:
 {
  # Enable the X11 windowing system.
  services.xserver = {
    enable = true;
    # Enable the GNOME Desktop Environment.
    displayManager.gdm.enable = true;
    desktopManager.gnome.enable = true;
    # Configure keymap in X11
    xkb = {
      layout = "us";
      variant = "";
    };
  };
  services.udev.packages = with pkgs; [ gnome-settings-daemon ];
  environment.systemPackages = with pkgs; [
    gnome-tweaks
    gnomeExtensions.appindicator
    gnomeExtensions.blur-my-shell
    gnomeExtensions.clipboard-indicator
    gnomeExtensions.dash-to-panel
    gnomeExtensions.tiling-shell
    gnomeExtensions.vitals
  ];
  environment.gnome.excludePackages = (
    with pkgs;
    [
      atomix # puzzle game
      epiphany # web browser
      evince # document viewer
      gedit # text editor
      gnome-maps
      gnome-music
      gnome-photos
      gnome-tour
      gnomeExtensions.applications-menu
      gnomeExtensions.launch-new-instance
      gnomeExtensions.light-style
      gnomeExtensions.places-status-indicator
      gnomeExtensions.status-icons
      gnomeExtensions.system-monitor
      gnomeExtensions.window-list
      gnomeExtensions.windownavigator
      gnomeExtensions.control-monitor-brightness-and-volume-with-ddcutil
      hitori # sudoku game
      iagno # go game
      tali # poker game
      yelp
    ]
  );
 }
--- a/host/haze/modules/gnome/home.nix
+++ b/host/haze/modules/gnome/home.nix
@ -1,147 +0,0 @@
 {
  pkgs,
  config,
  lib,
  ...
 }:
 {
  home.packages = with pkgs; [
    gruvbox-gtk-theme
    papirus-icon-theme
    numix-cursor-theme
  ];
  gtk = {
    enable = true;
    iconTheme = {
      name = "Papirus-Dark";
      package = pkgs.papirus-icon-theme;
    };
    theme = {
      name = "Gruvbox-Dark";
      package = pkgs.gruvbox-gtk-theme;
    };
    cursorTheme = {
      name = "Numix-Cursor";
      package = pkgs.numix-cursor-theme;
    };
    gtk3.extraConfig = {
      Settings = ''
        gtk-application-prefer-dark-theme=1
      '';
    };
    gtk4.extraConfig = {
      Settings = ''
        gtk-application-prefer-dark-theme=1
      '';
    };
  };
  dconf = {
    enable = true;
    settings = {
      "org/gnome/shell" = {
        favorite-apps = [
          "org.gnome.Nautilus.desktop"
          "org.wezfurlong.wezterm.desktop"
          "zen.desktop"
          "spotify.desktop"
          "vesktop.desktop"
          "org.telegram.desktop.desktop"
          "code.desktop"
          "Marvel Rivals.desktop"
          "steam.desktop"
        ];
        disable-user-extensions = false;
        enabled-extensions = with pkgs.gnomeExtensions; [
          appindicator.extensionUuid
          blur-my-shell.extensionUuid
          clipboard-indicator.extensionUuid
          dash-to-panel.extensionUuid
          native-window-placement.extensionUuid
          screenshot-window-sizer.extensionUuid
          tiling-shell.extensionUuid
          user-themes.extensionUuid
          vitals.extensionUuid
          control-monitor-brightness-and-volume-with-ddcutil.extensionUuid
        ];
      };
      ## Fix some annoying keybindings
      "org/gnome/desktop/wm/keybindings" = {
        close = [ "<Super>q" ];
        switch-to-workspace-up = [ "" ];
        switch-to-workspace-down = [ "" ];
        shift-overview-up = [ "" ];
        shift-overview-down = [ "" ];
        toggle-application-view = [ "" ];
        toggle-message-tray = [ "<Super>a" ];
      };
      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings" = {
        custom0 = "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/";
      };
      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
        name = "Terminal";
        command = "wezterm";
        binding = "<Super>t";
      };
      "org/gnome/desktop/peripherals/mouse" = {
        speed = 0.0;
        natural-scroll = false;
        accel-profile = "flat";
      };
      "org/gnome/desktop/input-sources/xkb-options" = {
        xkb-options = [
          "compose:menu"
          "lv3:ralt_switch"
          "terminate:ctrl_alt_bksp"
        ];
      };
      "org/gnome/shell/extensions/clipboard-indicator" = {
        toggle-menu = [ "<Super>v" ];
        cache-size = 120;
        history-size = 40;
        pinned-on-bottom = true;
      };
      "org/gnome/shell/extensions/blur-my-shell/panel" = {
        static-blur = false;
        sigma = 50;
      };
      "org/gnome/shell/extensions/dash-to-panel" = {
        appicon-margin = 6;
        appicon-padding = 8;
        dot-position = "TOP";
        dot-style-focused = "DASHES";
        dot-style-unfocused = "DASHES";
        multi-monitors = false;
        panel-positions = builtins.toJSON {
          "0" = "TOP";
          "1" = "TOP";
        };
        scroll-icon-action = "CYCLE_WINDOWS";
        scroll-panel-action = "SWITCH_WORKSPACE";
        trans-panel-opacity = "0.40";
        trans-use-custom-opacity = true;
        tray-padding = 8;
      };
      "org/gnome/shell/extensions/user-theme" = {
        name = "Gruvbox-Dark";
      };
    };
  };
 }
--- a/host/haze/modules/steam/default.nix
+++ b/host/haze/modules/steam/default.nix
@ -1,8 +0,0 @@
 {
  programs.steam = {
    enable = true;
    #   remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
    #   dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
    #   localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
  };
 }
--- a/host/komodo/default.nix
+++ b/host/komodo/default.nix
@ -1,76 +0,0 @@
 {
  modulesPath,
  config,
  pkgs,
  hostName,
  ...
 }:
 {
  ## MODULES & IMPORTS ##
  imports = [
    # Common Modules
    ../../common/acme
    ../../common/lxc
    ../../common/ssh
    # ../../common/vscode-server
    # Import hardware configuration.
    ./hardware.nix
    # Local Modules
    ./modules/caddy
    ./modules/frp
    # ./modules/forgejo
    ./modules/komodo
  ];
  ## NETWORKING ##
  networking.firewall = {
    allowedTCPPorts = [
      [REDACTED]
      [REDACTED]
      [REDACTED]
      222 # Forgejo SSH
      [REDACTED]
      [REDACTED]
      [REDACTED]
      [REDACTED]
      [REDACTED]
      8080 # File Browser
      [REDACTED]
      [REDACTED]
      [REDACTED]
      [REDACTED]
      [REDACTED]
    ];
    # Game Server Ports
    allowedTCPPortRanges = [
      {
        [REDACTED]
        [REDACTED]
      }
    ];
    allowedUDPPorts = [
      8089 # Grafana
    ];
  };
  ## ENVIORMENT & PACKAGES ##
  environment.systemPackages = with pkgs; [
    compose2nix
    git
    micro
    openssh
    ranger
    sshfs
    wget
  ];
  environment.variables = {
    HOSTNAME = hostName;
  };
  ## PROGRAMS & SERVICES ##
 }
--- a/host/komodo/hardware.nix
+++ b/host/komodo/hardware.nix
@ -1,30 +0,0 @@
 {
  admin,
  ...
 }:
 {
  programs.fuse.userAllowOther = true;
  fileSystems = {
    "/pool" = {
      device = "${admin}@104.40.4.24:/pool";
      fsType = "sshfs";
      options = [
        "defaults"
        "reconnect"
        "_netdev"
        "allow_other"
        "identityfile=/home/${admin}/.ssh/pve"
      ];
    };
    "/home/${admin}/git" = {
      fsType = "none";
      device = "/pool/git";
      options = [
        "bind"
        "nofail"
      ];
    };
  };
 }
--- a/host/komodo/home/default.nix
+++ b/host/komodo/home/default.nix
@ -1,22 +0,0 @@
 { pkgs, config, ... }:
 {
  # Module imports
  imports = [
    # Common Modules
    ../../../common/home
  ];
  home.file = {
    Pool.source = config.lib.file.mkOutOfStoreSymlink "/pool";
    DockerStorage.source = config.lib.file.mkOutOfStoreSymlink "/mnt/DockerStorage";
  };
  home.packages = with pkgs; [
    fastfetch
    fish
    fishPlugins.grc
    fishPlugins.tide
    grc
    lazydocker
  ];
 }
--- a/host/komodo/modules/caddy/default.nix
+++ b/host/komodo/modules/caddy/default.nix
@ -1,103 +0,0 @@
 {
  services.caddy = {
    enable = true;
    virtualHosts = {
      # "ryot.foo" = {
      #   useACMEHost = "ryot.foo";
      #   extraConfig = ''
      #     reverse_proxy 104.40.4.44:80
      #   '';
      # };
      "auth.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:9000 {
            header_up Host {host}
            header_up X-Forwarded-For {remote}
            header_up X-Forwarded-Proto {scheme}
            header_up X-Forwarded-Protocol {scheme}
            header_up X-Forwarded-Port {server_port}
          }
        '';
      };
      "frp.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:4041
        '';
      };
      "grafana.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:3001
        '';
      };
      "git.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:3003
        '';
      };
      "influx.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:8086
        '';
      };
      "home.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:7475
        '';
      };
      "komodo.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:9120
        '';
      };
      "mail.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:9002
        '';
      };
      "map.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:25566
        '';
      };
      "outline.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:3480 
        '';
      };
      "plane.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:3000 
        '';
      };
      "upsnap.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:8090
        '';
      };
    };
  };
 }
--- a/host/komodo/modules/frp/default.nix
+++ b/host/komodo/modules/frp/default.nix
@ -1,13 +0,0 @@
 {
    # services.frp = {
    #     enable = true;
    #     role = "server";
    #     settings = {
    #         bindPort = 4040;
    #         auth = {
    #             method = "token";
    #             token = builtins.readFile ./frp.token;
    #         };
    #     };
    # };
 }
--- a/host/komodo/modules/frp/frp.token
+++ b/host/komodo/modules/frp/frp.token
@ -1 +0,0 @@
 $2b$05$3hq3mA559Yxy679kKbzou..ao9d7annFWAo4MRo0tO04bYJsteWTu
--- a/host/komodo/modules/frp/frp.token.example
+++ b/host/komodo/modules/frp/frp.token.example
@ -1 +0,0 @@
 <SHA token>
--- a/host/komodo/modules/komodo/compose.yaml
+++ b/host/komodo/modules/komodo/compose.yaml
@ -1,102 +0,0 @@
 ################################
 # 🦎 KOMODO COMPOSE - MONGO 🦎 #
 ################################
 ## This compose file will deploy:
 ##   1. MongoDB
 ##   2. Komodo Core
 ##   3. Komodo Periphery
 name: komodo
 services:
    mongo:
        image: mongo
        labels:
            komodo.skip: # Prevent Komodo from stopping with StopAllContainers
        command: --quiet --wiredTigerCacheSizeGB 0.25
        restart: unless-stopped
        logging:
            driver: ${COMPOSE_LOGGING_DRIVER:-local}
        networks:
            - default
        # ports:
        #   - 27017:27017
        volumes:
            - mongo-data:/data/db
            - mongo-config:/data/configdb
        environment:
            MONGO_INITDB_ROOT_USERNAME: ${DB_USERNAME}
            MONGO_INITDB_ROOT_PASSWORD: ${DB_PASSWORD}
    core:
        image: ghcr.io/mbecker20/komodo:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
        labels:
            komodo.skip: # Prevent Komodo from stopping with StopAllContainers
        restart: unless-stopped
        depends_on:
            - mongo
        logging:
            driver: ${COMPOSE_LOGGING_DRIVER:-local}
        networks:
            - default
        ports:
            - 9120:9120
        env_file: ./komodo.env
        environment:
            KOMODO_DATABASE_ADDRESS: mongo:27017
            KOMODO_DATABASE_USERNAME: ${DB_USERNAME}
            KOMODO_DATABASE_PASSWORD: ${DB_PASSWORD}
        volumes:
            ## Core cache for repos for latest commit hash / contents
            - repo-cache:/repo-cache
            ## Store sync files on server
            # - /path/to/syncs:/syncs
            ## Optionally mount a custom core.config.toml
            # - /path/to/core.config.toml:/config/config.toml
        ## Allows for systemd Periphery connection at
        ## "http://host.docker.internal:8120"
        # extra_hosts:
        #   - host.docker.internal:host-gateway
    ## Deploy Periphery container using this block,
    ## or deploy the Periphery binary with systemd using
    ## https://github.com/mbecker20/komodo/tree/main/scripts
    periphery:
        image: ghcr.io/mbecker20/periphery:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
        labels:
            komodo.skip: # Prevent Komodo from stopping with StopAllContainers
        restart: unless-stopped
        logging:
            driver: ${COMPOSE_LOGGING_DRIVER:-local}
        networks:
            - default
        env_file: ./komodo.env
        volumes:
            ## Mount external docker socket
            - /var/run/docker.sock:/var/run/docker.sock
            ## Allow Periphery to see processes outside of container
            - /proc:/proc
            ## use self signed certs in docker volume,
            ## or mount your own signed certs.
            - ssl-certs:/etc/komodo/ssl
            ## manage repos in a docker volume,
            ## or change it to an accessible host directory.
            - repos:/etc/komodo/repos
            ## manage stack files in a docker volume,
            ## or change it to an accessible host directory.
            - stacks:/etc/komodo/stacks
            ## Optionally mount a path to store compose files
            # - /path/to/compose:/host/compose
 volumes:
    # Mongo
    mongo-data:
    mongo-config:
    # Core
    repo-cache:
    # Periphery
    ssl-certs:
    repos:
    stacks:
 networks:
    default: {}
--- a/host/komodo/modules/komodo/default.nix
+++ b/host/komodo/modules/komodo/default.nix
@ -1,332 +0,0 @@
 # Auto-generated using compose2nix v0.3.1.
 {
  pkgs,
  lib,
  admin,
  ...
 }:
 {
  # Runtime
  virtualisation.docker = {
    enable = true;
    autoPrune.enable = true;
  };
  virtualisation.oci-containers.backend = "docker";
  # Containers
  virtualisation.oci-containers.containers."komodo-core" = {
    image = "ghcr.io/mbecker20/komodo:latest";
    environment = {
      "COMPOSE_KOMODO_IMAGE_TAG" = "latest";
      "DB_PASSWORD" = "[REDACTED]";
      "DB_USERNAME" = "admin";
      "KOMODO_DATABASE_ADDRESS" = "mongo:27017";
      "KOMODO_DATABASE_PASSWORD" = "[REDACTED]";
      "KOMODO_DATABASE_USERNAME" = "admin";
      "KOMODO_DISABLE_CONFIRM_DIALOG" = "true";
      "KOMODO_DISABLE_NON_ADMIN_CREATE" = "false";
      "KOMODO_DISABLE_USER_REGISTRATION" = "false";
      "KOMODO_ENABLE_NEW_USERS" = "false";
      "KOMODO_FIRST_SERVER" = "https://periphery:8120";
      "KOMODO_GITHUB_OAUTH_ENABLED" = "false";
      "KOMODO_GOOGLE_OAUTH_ENABLED" = "false";
      "KOMODO_JWT_SECRET" = "x5jVLA6ClfJKaOVymKtLUbFJbWnA2mGS5AbKL5FoJmB9fdZ30BzMAzXXcfLbFdxT";
      "KOMODO_JWT_TTL" = "1-day";
      "KOMODO_LOCAL_AUTH" = "true";
      "KOMODO_MONITORING_INTERVAL" = "15-sec";
      "KOMODO_PASSKEY" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA";
      "KOMODO_RESOURCE_POLL_INTERVAL" = "5-min";
      "KOMODO_TITLE" = "Komodo";
      "KOMODO_TRANSPARENT_MODE" = "false";
      "KOMODO_WEBHOOK_SECRET" = "ZUjiO97F9z3gliI8nIfmxzhbtP1TZ9FJUGr870sGxIhtxXMshRwHfhELScXMnQxK";
      "PASSKEY" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA";
      "PERIPHERY_INCLUDE_DISK_MOUNTS" = "/etc/hostname";
      "PERIPHERY_PASSKEYS" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA";
      "PERIPHERY_SSL_ENABLED" = "true";
      "KOMODO_OIDC_ENABLED" = "true";
      "KOMODO_OIDC_PROVIDER" = "https://auth.ryot.foo/application/o/komodo-slug/";
      "KOMODO_OIDC_CLIENT_ID" = "pxwhNNc31cpTRvMlVU6ZPhWl9wQJMGnbq9fTbCN2";
      "KOMODO_OIDC_CLIENT_SECRET" =
        "l8lFe5P8YN9FSji0zPVL8byqb5tKx8AcN2acQri0nFhDwf2jRtqNL8ICqjKmpJyMMJnitaUVTgOO442pWbsi6cMkqEXAf8Cx7sEomhThXiZfj7SShkrKGbQrCva4khP2";
      "KOMODO_OIDC_USE_FULL_EMAIL" = "false";
    };
    environmentFiles = [
      "/home/${admin}/git/dotfiles/host/komodo/modules/komodo/komodo.env"
    ];
    volumes = [
      "/mnt/DockerStorage/komodo/cache:/repo-cache:rw"
    ];
    ports = [
      "9120:9120/tcp"
    ];
    labels = {
      "komodo.skip" = "";
    };
    dependsOn = [
      "komodo-mongo"
    ];
    log-driver = "local";
    extraOptions = [
      "--network-alias=core"
      "--network=komodo_default"
    ];
  };
  systemd.services."docker-komodo-core" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "always";
      RestartMaxDelaySec = lib.mkOverride 90 "1m";
      RestartSec = lib.mkOverride 90 "100ms";
      RestartSteps = lib.mkOverride 90 9;
    };
    after = [
      "docker-network-komodo_default.service"
      # "docker-volume-komodo_repo-cache.service"
    ];
    requires = [
      "docker-network-komodo_default.service"
      # "docker-volume-komodo_repo-cache.service"
    ];
    partOf = [
      "docker-compose-komodo-root.target"
    ];
    wantedBy = [
      "docker-compose-komodo-root.target"
    ];
  };
  virtualisation.oci-containers.containers."komodo-mongo" = {
    image = "mongo";
    environment = {
      "MONGO_INITDB_ROOT_PASSWORD" = "[REDACTED]";
      "MONGO_INITDB_ROOT_USERNAME" = "admin";
    };
    environmentFiles = [
      "/home/${admin}/git/dotfiles/host/komodo/modules/komodo/komodo.env"
    ];
    volumes = [
      "/mnt/DockerStorage/komodo/mongo/config:/data/configdb:rw"
      "/mnt/DockerStorage/komodo/mongo/data:/data/db:rw"
    ];
    cmd = [
      "--quiet"
      "--wiredTigerCacheSizeGB"
      "0.25"
    ];
    labels = {
      "komodo.skip" = "";
    };
    log-driver = "local";
    extraOptions = [
      "--network-alias=mongo"
      "--network=komodo_default"
    ];
  };
  systemd.services."docker-komodo-mongo" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "always";
      RestartMaxDelaySec = lib.mkOverride 90 "1m";
      RestartSec = lib.mkOverride 90 "100ms";
      RestartSteps = lib.mkOverride 90 9;
    };
    after = [
      "docker-network-komodo_default.service"
      # "docker-volume-komodo_mongo-config.service"
      # "docker-volume-komodo_mongo-data.service"
    ];
    requires = [
      "docker-network-komodo_default.service"
      # "docker-volume-komodo_mongo-config.service"
      # "docker-volume-komodo_mongo-data.service"
    ];
    partOf = [
      "docker-compose-komodo-root.target"
    ];
    wantedBy = [
      "docker-compose-komodo-root.target"
    ];
  };
  virtualisation.oci-containers.containers."komodo-periphery" = {
    image = "ghcr.io/mbecker20/periphery:latest";
    environment = {
      "COMPOSE_KOMODO_IMAGE_TAG" = "latest";
      "DB_PASSWORD" = "[REDACTED]";
      "DB_USERNAME" = "admin";
      "KOMODO_DISABLE_CONFIRM_DIALOG" = "true";
      "KOMODO_DISABLE_NON_ADMIN_CREATE" = "false";
      "KOMODO_DISABLE_USER_REGISTRATION" = "false";
      "KOMODO_ENABLE_NEW_USERS" = "false";
      "KOMODO_FIRST_SERVER" = "https://periphery:8120";
      "KOMODO_GITHUB_OAUTH_ENABLED" = "false";
      "KOMODO_GOOGLE_OAUTH_ENABLED" = "false";
      "KOMODO_JWT_SECRET" = "x5jVLA6ClfJKaOVymKtLUbFJbWnA2mGS5AbKL5FoJmB9fdZ30BzMAzXXcfLbFdxT";
      "KOMODO_JWT_TTL" = "1-day";
      "KOMODO_LOCAL_AUTH" = "true";
      "KOMODO_MONITORING_INTERVAL" = "15-sec";
      "KOMODO_PASSKEY" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA";
      "KOMODO_RESOURCE_POLL_INTERVAL" = "5-min";
      "KOMODO_TITLE" = "Komodo";
      "KOMODO_TRANSPARENT_MODE" = "false";
      "KOMODO_WEBHOOK_SECRET" = "ZUjiO97F9z3gliI8nIfmxzhbtP1TZ9FJUGr870sGxIhtxXMshRwHfhELScXMnQxK";
      "PASSKEY" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA";
      "PERIPHERY_INCLUDE_DISK_MOUNTS" = "/etc/hostname";
      "PERIPHERY_PASSKEYS" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA";
      "PERIPHERY_SSL_ENABLED" = "true";
      # FIXES relative paths for komodo
      "PERIPHERY_STACK_DIR" = "/mnt/DockerStorage/komodo/stacks";
      "KOMODO_OIDC_ENABLED" = "true";
      "KOMODO_OIDC_PROVIDER" = "https://auth.ryot.foo/application/o/komodo-slug/";
      "KOMODO_OIDC_CLIENT_ID" = "pxwhNNc31cpTRvMlVU6ZPhWl9wQJMGnbq9fTbCN2";
      "KOMODO_OIDC_CLIENT_SECRET" =
        "l8lFe5P8YN9FSji0zPVL8byqb5tKx8AcN2acQri0nFhDwf2jRtqNL8ICqjKmpJyMMJnitaUVTgOO442pWbsi6cMkqEXAf8Cx7sEomhThXiZfj7SShkrKGbQrCva4khP2";
      "KOMODO_OIDC_USE_FULL_EMAIL" = "false";
    };
    environmentFiles = [
      "/home/${admin}/git/dotfiles/host/komodo/modules/komodo/komodo.env"
    ];
    volumes = [
      "/proc:/proc:rw"
      "/var/run/docker.sock:/var/run/docker.sock:rw"
      "/mnt/DockerStorage/komodo/repos:/etc/komodo/repos:rw"
      "/mnt/DockerStorage/komodo/ssl:/etc/komodo/ssl:rw"
      "/mnt/DockerStorage/komodo/stacks:/mnt/DockerStorage/komodo/stacks:rw"
    ];
    labels = {
      "komodo.skip" = "";
    };
    log-driver = "local";
    extraOptions = [
      "--network-alias=periphery"
      "--network=komodo_default"
    ];
  };
  systemd.services."docker-komodo-periphery" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "always";
      RestartMaxDelaySec = lib.mkOverride 90 "1m";
      RestartSec = lib.mkOverride 90 "100ms";
      RestartSteps = lib.mkOverride 90 9;
    };
    after = [
      "docker-network-komodo_default.service"
      # "docker-volume-komodo_repos.service"
      # "docker-volume-komodo_ssl-certs.service"
      # "docker-volume-komodo_stacks.service"
    ];
    requires = [
      "docker-network-komodo_default.service"
      # "docker-volume-komodo_repos.service"
      # "docker-volume-komodo_ssl-certs.service"
      # "docker-volume-komodo_stacks.service"
    ];
    partOf = [
      "docker-compose-komodo-root.target"
    ];
    wantedBy = [
      "docker-compose-komodo-root.target"
    ];
  };
  # Networks
  systemd.services."docker-network-komodo_default" = {
    path = [ pkgs.docker ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
      ExecStop = "docker network rm -f komodo_default";
    };
    script = ''
      docker network inspect komodo_default || docker network create komodo_default
    '';
    partOf = [ "docker-compose-komodo-root.target" ];
    wantedBy = [ "docker-compose-komodo-root.target" ];
  };
  # # Volumes
  # systemd.services."docker-volume-komodo_mongo-config" = {
  #   path = [ pkgs.docker ];
  #   serviceConfig = {
  #     Type = "oneshot";
  #     RemainAfterExit = true;
  #   };
  #   script = ''
  #     docker volume inspect komodo_mongo-config || docker volume create komodo_mongo-config
  #   '';
  #   partOf = [ "docker-compose-komodo-root.target" ];
  #   wantedBy = [ "docker-compose-komodo-root.target" ];
  # };
  # systemd.services."docker-volume-komodo_mongo-data" = {
  #   path = [ pkgs.docker ];
  #   serviceConfig = {
  #     Type = "oneshot";
  #     RemainAfterExit = true;
  #   };
  #   script = ''
  #     docker volume inspect komodo_mongo-data || docker volume create komodo_mongo-data
  #   '';
  #   partOf = [ "docker-compose-komodo-root.target" ];
  #   wantedBy = [ "docker-compose-komodo-root.target" ];
  # };
  # systemd.services."docker-volume-komodo_repo-cache" = {
  #   path = [ pkgs.docker ];
  #   serviceConfig = {
  #     Type = "oneshot";
  #     RemainAfterExit = true;
  #   };
  #   script = ''
  #     docker volume inspect komodo_repo-cache || docker volume create komodo_repo-cache
  #   '';
  #   partOf = [ "docker-compose-komodo-root.target" ];
  #   wantedBy = [ "docker-compose-komodo-root.target" ];
  # };
  # systemd.services."docker-volume-komodo_repos" = {
  #   path = [ pkgs.docker ];
  #   serviceConfig = {
  #     Type = "oneshot";
  #     RemainAfterExit = true;
  #   };
  #   script = ''
  #     docker volume inspect komodo_repos || docker volume create komodo_repos
  #   '';
  #   partOf = [ "docker-compose-komodo-root.target" ];
  #   wantedBy = [ "docker-compose-komodo-root.target" ];
  # };
  # systemd.services."docker-volume-komodo_ssl-certs" = {
  #   path = [ pkgs.docker ];
  #   serviceConfig = {
  #     Type = "oneshot";
  #     RemainAfterExit = true;
  #   };
  #   script = ''
  #     docker volume inspect komodo_ssl-certs || docker volume create komodo_ssl-certs
  #   '';
  #   partOf = [ "docker-compose-komodo-root.target" ];
  #   wantedBy = [ "docker-compose-komodo-root.target" ];
  # };
  # systemd.services."docker-volume-komodo_stacks" = {
  #   path = [ pkgs.docker ];
  #   serviceConfig = {
  #     Type = "oneshot";
  #     RemainAfterExit = true;
  #   };
  #   script = ''
  #     docker volume inspect komodo_stacks || docker volume create komodo_stacks
  #   '';
  #   partOf = [ "docker-compose-komodo-root.target" ];
  #   wantedBy = [ "docker-compose-komodo-root.target" ];
  # };
  # Root service
  # When started, this will automatically create all resources and start
  # the containers. When stopped, this will teardown all resources.
  systemd.targets."docker-compose-komodo-root" = {
    unitConfig = {
      Description = "Root target generated by compose2nix.";
    };
    wantedBy = [ "multi-user.target" ];
  };
 }
--- a/host/nix/default.nix
+++ b/host/nix/default.nix
@ -1,50 +0,0 @@
 {
  modulesPath,
  config,
  pkgs,
  hostName,
  ...
 }:
 {
  ## MODULES & IMPORTS ##
  imports = [
    # Common Modules
    ../../common/lxc
    ../../common/ssh
    ../../common/vscode-server
    # Import hardware configuration.
    ./hardware.nix
  ];
  ## NETWORKING ##
  networking.firewall = {
    allowedTCPPorts = [
      22
      80
      443
    ];
    allowedUDPPorts = [ ];
  };
  ## ENVIORMENT & PACKAGES ##
  environment.systemPackages = with pkgs; [
    git
    micro
    openbox
    openssh
    ranger
    sshfs
    wget
    x2goserver
  ];
  programs.java = {
    enable = true;
    package = pkgs.jdk;
  };
  environment.variables = {
    HOSTNAME = hostName;
  };
 }
--- a/host/nix/hardware.nix
+++ b/host/nix/hardware.nix
@ -1,30 +0,0 @@
 {
  admin,
  ...
 }:
 {
  programs.fuse.userAllowOther = true;
  fileSystems = {
    "/pool" = {
      device = "${admin}@104.40.4.24:/pool";
      fsType = "sshfs";
      options = [
        "defaults"
        "reconnect"
        "_netdev"
        "allow_other"
        "identityfile=/home/${admin}/.ssh/pve"
      ];
    };
    "/home/${admin}/git" = {
      fsType = "none";
      device = "/pool/git";
      options = [
        "bind"
        "nofail"
      ];
    };
  };
 }
--- a/host/nix/home/default.nix
+++ b/host/nix/home/default.nix
@ -1,21 +0,0 @@
 { pkgs, ... }:
 {  
  # Module imports
  imports = [
    # Common Modules
      ../../../common/home
      ../../../common/git
  ];
  home.packages = with pkgs; [
      chafa
      fastfetch
      fish
      fishPlugins.grc
      fishPlugins.tide
      grc
      nodejs_22
      pnpm
      prettierd
    ];
 }
--- a/host/proxy/default.nix
+++ b/host/proxy/default.nix
@ -1,64 +0,0 @@
 {
  modulesPath,
  config,
  pkgs,
  hostName,
  ...
 }:
 {
  ## MODULES & IMPORTS ##
  imports = [
    # Common Modules
    ../../common/acme
    ../../common/lxc
    ../../common/ssh
    # Import hardware configuration.
    ./hardware.nix
    # Local Modules
    # caddy
    ./modules/caddy
    ./modules/cloudflared
  ];
  ## NETWORKING ##
  networking.firewall = {
    allowedTCPPorts = [
      22
      80
      443
      14333
    ];
    allowedUDPPorts = [ 53 ];
    interfaces.podman1 = {
      # so that containers find eachother's names
      allowedUDPPorts = [ 53 ];
    };
  };
  ## ENVIORMENT & PACKAGES ##
  environment.systemPackages = with pkgs; [
    git
    micro
    openssh
    ranger
    sshfs
  ];
  environment.etc = {
    "cloudflared/.keep" = {
      text = "This directory is used to store cloudflared configuration files.";
    };
  };
  environment.variables = {
    HOSTNAME = hostName;
  };
  ## PROGRAMS & SERVICES ##
  # Enable podman
  virtualisation.podman.enable = true;
  virtualisation.oci-containers.backend = "podman";
 }
--- a/host/proxy/hardware.nix
+++ b/host/proxy/hardware.nix
@ -1,30 +0,0 @@
 {
  admin,
  ...
 }:
 {
  programs.fuse.userAllowOther = true;
  fileSystems = {
    "/pool" = {
      device = "${admin}@104.40.4.24:/pool";
      fsType = "sshfs";
      options = [
        "defaults"
        "reconnect"
        "_netdev"
        "allow_other"
        "identityfile=/home/${admin}/.ssh/pve"
      ];
    };
    "/home/${admin}/git" = {
      fsType = "none";
      device = "/pool/git";
      options = [
        "bind"
        "nofail"
      ];
    };
  };
 }
--- a/Show more
+++ b/Show more
		`@ -1 +0,0 @@`
			`$2b$05$RAavFe61.2iBTeGdtCI5EuKmFXxRbh/OL199HjBN74hSBCXzxViqS`
		`@ -1 +0,0 @@`
			`$2b$05$3hq3mA559Yxy679kKbzou..ao9d7annFWAo4MRo0tO04bYJsteWTu`