renamed computers

2023-09-24 18:15:29 -06:00 · 2023-09-24 18:15:29 -06:00 · 81a348a442
commit 81a348a442
parent b8b4589dca
9 changed files with 1476 additions and 241 deletions
--- a/server/.gitignore
+++ b/server/.gitignore
@ -0,0 +1,4 @@
 /dotfiles/*.Appimage
 /scripts/download/.direnv/
 /configuration.nix
 /scripts/PureRef-1.11.1_x64.Appimage
--- a/server/configuration.org
+++ b/server/configuration.org
--- a/workstation/hardware-configuration.nix
+++ b/workstation/hardware-configuration.nix
--- a/workstation/nginx.nix
+++ b/workstation/nginx.nix
--- a/workstation/openldap.nix
+++ b/workstation/openldap.nix
--- a/workstation/secrets.nix_wip
+++ b/workstation/secrets.nix_wip
--- a/workstation/servers.nix
+++ b/workstation/servers.nix
--- a/workstation/configuration.org
+++ b/workstation/configuration.org
@ -1,15 +1,17 @@
-#+TITLE: JawZ NixOS server configuration
+#+TITLE: JawZ NixOS workstation configuration
 #+AUTHOR: Danilo Reyes
 #+PROPERTY: header-args :tangle configuration.nix
 #+auto_tangle: t
 * TODO [0/6]
 - [ ] System configurations [0/8]
-  - [ ] fail2ban
+  - [ ] Bluetooth multiple devices + pass-through
 - [ ] dotfiles [0/4]
  - [ ] migrate config to home-manager
  - [ ] migrate dconf to home-manager
 - [ ] Misc [0/3]
  - [ ] Figure out how to get rid of xterm
 * DECLARATION
 Here I will declare the dependencies and variables that will be used multiple
 times through the config file, such as the current version of NixOS,
@ -26,25 +28,29 @@ configurations.
 - unstable: a sort of overlay that allows to prepend "unstable" to a package,
  to pull from the unstable channel rather than precompiled binaries on a case
  by case use.
 - nixGaming: a channel containing some tweaks and optimized packages for gaming.
 - jawz*: scripts that will be reused multiple times through the config, such as
  on systemd, and as such this feels like a safe way to compile them only once.
 #+begin_src nix
-{ config, pkgs, lib, ... }:
+{ config, lib, pkgs, ... }:
 let
  version = "23.05";
  myEmail = "CaptainJawZ@outlook.com";
  myName = "Danilo Reyes";
-  cpuArchitecture = "skylake";
+  cpuArchitecture = "znver3";
  home-manager = builtins.fetchTarball
    # "https://github.com/nix-community/home-manager/archive/master.tar.gz";
    "https://github.com/nix-community/home-manager/archive/release-${version}.tar.gz";
  unstable = import
-    (builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") {
+    (builtins.fetchTarball
      "https://github.com/nixos/nixpkgs/tarball/master") {
    config = config.nixpkgs.config;
  };
-  jawzManageLibrary = pkgs.writeScriptBin
+  nixGaming = import
-    "manage-library" (builtins.readFile ../scripts/manage-library.sh);
+    (builtins.fetchTarball
      "https://github.com/fufexan/nix-gaming/archive/master.tar.gz");
  jawzTasks = pkgs.writeScriptBin
    "tasks" (builtins.readFile ../scripts/tasks.sh);
 in
@ -57,14 +63,15 @@ cluttered, for example, I may create a module for systemd units.
 - agenix: an encryption system which cleans up the nix-configuration files from
 passwords and other secrets.
 - pipewireLowLatency: better sound for games, but also, music sounds a bit less
  compressed, who knows, I'm half deaf.
 #+begin_src nix
 imports = [
  ./hardware-configuration.nix
  ./servers.nix
  # ./openldap.nix
  # <agenix/modules/age.nix>
  ./fstab.nix
  (import "${home-manager}/nixos")
  nixGaming.nixosModules.pipewireLowLatency
 ];
 #+end_src
@ -79,30 +86,28 @@ can not be bothered to figure out whether I need TCP or UDP so let's open both,
 and repetition is maddening.
 #+begin_src nix
 powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
 networking = {
  useDHCP = lib.mkDefault true;
-  enableIPv6 = false;
+  hostName = "workstation";
  hostName = "server";
  networkmanager.enable = true;
  extraHosts = ''
-               192.168.1.64 workstation
+               192.168.1.69 server
               '';
  firewall = let
-    open_firewall_ports = [
+    openFirewallPorts = [
-      6969 # HentaiAtHome
+      7860 # gpt
-      51413 # torrent sedding
+      6674 # ns-usbloader
-      9091 # qbittorrent
+    ];
-      2049 # nfs
+    openFirewallPortRanges = [
      { from = 1714;  to = 1764; } # kdeconnect
    ];
    open_firewall_port_ranges = [ ];
  in
    {
      enable = true;
-      allowedTCPPorts = open_firewall_ports;
+      allowedTCPPorts = openFirewallPorts;
-      allowedUDPPorts = open_firewall_ports;
+      allowedUDPPorts = openFirewallPorts;
-      allowedTCPPortRanges = open_firewall_port_ranges;
+      allowedTCPPortRanges = openFirewallPortRanges;
-      allowedUDPPortRanges = open_firewall_port_ranges;
+      allowedUDPPortRanges = openFirewallPortRanges;
    };
 };
 #+end_src
@ -157,24 +162,24 @@ nix = let featuresList = [
      "big-parallel"
      "kvm"
      "gccarch-${cpuArchitecture}"
-      "gccarch-znver3"
+      "gccarch-skylake"
    ];
      in {
  gc = {
    automatic = true;
    dates = "weekly";
  };
-  # buildMachines = [ {
+  buildMachines = [ {
-  #     hostName = "workstation";
+      hostName = "server";
-  #     system = "x86_64-linux";
+      system = "x86_64-linux";
-  #     sshUser = "nixremote";
+      sshUser = "nixremote";
-  #     maxJobs = 4;
+      maxJobs = 4;
-  #     speedFactor = 1;
+      speedFactor = 1;
-  #     supportedFeatures = featuresList;
+      supportedFeatures = featuresList;
-  # } ];
+  } ];
  distributedBuilds = true;
  settings = {
-    cores = 6;
+    cores = 12;
    auto-optimise-store = true;
    system-features = featuresList;
    substituters = [
@ -193,23 +198,58 @@ nix = let featuresList = [
 };
 #+end_src
-* DISPLAY MANAGER
+* GNOME
-Rather than having the server be completely headless, temporarily I'm enabling
+At the time of writing this file, I require of X11, as the NVIDIA support for
-xfce as a minimal display manager.
+Wayland is not perfect yet.  At the time being, the ability to switch through
 GDM from Wayland to XORG, it's pretty handy, but in the future these settings
 will require an update.
 Sets up GNOME as the default desktop environment, while excluding some
 undesirable packages from installing.
 Lastly, since there is not a dedicated customization module per-say I setup qt
 options in here, for the sake of gnome consistency.
 #+begin_src nix
 services = {
  xserver = {
    enable = true;
    displayManager.defaultSession = "xfce";
    videoDrivers = [ "nvidia" ];
    enable = true;
    displayManager.gdm.enable = true;
    desktopManager = {
-      xfce.enable = true;
+      gnome.enable = true;
      xterm.enable = false;
    };
    layout = "us";
    libinput.enable = true;
  };
 };
 environment.gnome.excludePackages = (with pkgs; [
  gnome-photos
  gnome-tour
  gnome-text-editor
  gnome-connections
  # gnome-shell-extensions
  baobab
 ])
 ++ (with pkgs.gnome; [
  # totem
  gedit
  gnome-music
  epiphany
  gnome-characters
  yelp
  gnome-font-viewer
  cheese
 ]);
 # Sets up QT to use adwaita themes.
 qt = {
  enable = true;
  # platformTheme = "gnome";
  style = "adwaita-dark";
 };
 #+end_src
 * SOUND
@ -217,14 +257,31 @@ In order to avoid issues with PipeWire, the wiki recommends to disable
 pulseaudio.  This is a basic PipeWire configuration that can support alsa/pulse
 backends.
 lowLatency is a module of nix-gaming, and hardware bluetooth settings are there
 to allegedly improve the quality of bluetooth in the system, to this day,
 bluetooth and I remain enemies.
 #+begin_src nix
 hardware.pulseaudio.enable = false;
 sound.enable = false;
 services.pipewire = {
  enable = true;
  alsa.enable = true;
  alsa.support32Bit = true;
  pulse.enable = true;
  lowLatency = {
    enable = true;
    quantum = 64;
    rate = 48000;
  };
 };
 hardware = {
  pulseaudio.enable = false;
  bluetooth.enable = true;
  bluetooth.settings = {
    General = {
      Enable = "Source,Sink,Media,Socket";
    };
  };
 };
 #+end_src
@ -279,43 +336,23 @@ Being part of the "wheel" group, means that the user has root privileges.  The
 piracy.gid is so I have read/write access permissions on all the hard drives
 split among my multiple systems, the rest of the groups are self explanatory.
 - nixremote: is a low-privilege user set exclusively with the intention to be a
  proxy to build the nix-store remotely.
 #+begin_src nix
 users = {
-  groups.nixremote = {
+  groups = { piracy.gid = 985; };
-    name = "nixremote";
+  users.jawz = {
    gid = 555;
  };
  users.nixremote = {
  isNormalUser = true;
-    createHome = true;
+  extraGroups = [ "wheel" "networkmanager" "scanner"
-    group = "nixremote";
+                  "lp" "piracy" "kavita" "video" "docker"
    home = "/var/nixremote/";
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICiyTwryzw8CblPldplDpVUkXD9C1fXVgO8LeXdE5cuR root@battlestation"
    ];
  };
 };
 users.users.jawz = {
  isNormalUser = true;
  extraGroups = [ "wheel" "networkmanager" "docker"
                  "scanner" "lp" "piracy" "kavita"
                  "render" "video"
                ];
  initialPassword = "password";
  openssh = {
-    authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacero\cdreyes@100CDREYES"
+    authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDXxfFRSgII4w/S1mrekPQdfXNifqRxwJa0wpQo72wB jawz@workstation";
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacero\cdreyes@100CDREYES"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZ/TtwLIR/JNp1Sr3TLV/eQK52n2htF8sg/RYfz60z3 jawz@server"
    ];
  };
 #+end_src
 This section of the document categorizes and organizes all he packages that I
 want installed, attempting to group them as dependencies of others when
 necessary.
 * USER PACKAGES
 This section of the document categorizes and organizes all he packages that I
 want installed, attempting to group them as dependencies of others when
@ -327,12 +364,145 @@ Begin the block to install user packages.
 packages = (with pkgs; [
 #+end_src
 ** GUI PACKAGES
 All of my GUI applications categorized to make it easier to identify what each
 application does, and the justification for is existence on my system.
 *** ART AND DEVELOPMENT
 Art and development applications are together, as a game-developer one of my
 goals is to create a workflow between this ecosystem of applications.
 #+begin_src nix
 godot_4 # game development
 gdtoolkit # gdscript language server
 blender # cgi animation and sculpting
 gimp # the coolest bestest art program to never exist
 krita # art to your heart desire!
 mypaint # not the best art program
 mypaint-brushes # but it's got some
 mypaint-brushes1 # nice damn brushes
 # drawpile # arty party with friends!!
 pureref # create inspiration/reference boards
 #+end_src
 *** GAMING
 So far gaming has been a lot less painful than I could have originally
 anticipated, most everything seems to run seamlessly.
 Most packages on this section are set to unstable so we compile the newest
 possible binaries, which is handy mostly for frequently developed emulators.
 I never figured out why, but lutris will give me wine errors unless both wine64
 and wineWow are installed.
 =note= Steam is setup way later on the config file.
 =note= Roblox uninstalled as there is ongoing drama regarding Linux users.
 #+begin_src nix
 (lutris.override {
  extraPkgs = pkgs: [
    winetricks
    wine64Packages.stable
    wineWowPackages.stable
  ];
 })
 # nixGaming.packages.${pkgs.hostPlatform.system}.wine-tkg
 # nixGaming.packages.${pkgs.hostPlatform.system}.wine-discord-ipc-bridge
 # vulkan-tools # needed? stuff for vulkan drivers I suppose
 unstable.heroic # install epic games
 gamemode # optimizes linux to have better gaming performance
 # grapejuice # roblox manager
 # minecraft # minecraft official launcher
 parsec-bin # remote gaming with friends
 protonup-qt # update proton-ge
 unstable.ns-usbloader # load games into my switch
 # emulators
 unstable.rpcs3 # ps3 emulator
 unstable.pcsx2 # ps2 emulator
 unstable.cemu # wii u emulator
 unstable.dolphin-emu # wii emulator
 unstable.citra-nightly # 3Ds emulator
 unstable.snes9x-gtk # snes emulator
 #+end_src
 *** PRODUCTIVITY
 An assorted list of productivity-oriented apps which I will never use.
 #+begin_src nix
 libreoffice-fresh # office, but based
 calibre # ugly af eBook library manager
 foliate # gtk eBook reader
 newsflash # feed reader, syncs with nextcloud
 wike # gtk wikipedia wow!
 denaro # manage your finances
 furtherance # I made this one tehee track time utility
 gnome.simple-scan # scanner
 #+end_src
 *** MISC
 Most of these apps, are part of the gnome circle, and I decide to install them
 if just for a try and play a little.  Most are kept commented out as an archive,
 so I remember their names in case I want to check them out or recommend them to
 someone.
 #+begin_src nix
 blanket # background noise
 pika-backup # backups
 metadata-cleaner # remove any metadata and geolocation from files
 # sequeler # friendly SQL client
 # czkawka # duplicate finder
 # celeste # sync tool for any cloud provider
 #+end_src
 *** MULTIMEDIA
 Overwhelmingly player applications, used for videos and music, while most of my
 consumption has moved towards jellyfin, it's still worth the install of most
 of these, for now.
 #+begin_src nix
 celluloid # video player
 cozy # audiobooks player
 komikku # manga & comic GUI downloader
 gnome-podcasts # podcast player
 handbrake # video converter, may be unnecessary
 curtail # image compressor
 pitivi # video editor
 identity # compare images or videos
 gnome-obfuscate # censor private information
 mousai # poor man shazam
 tagger # tag music files
 obs-studio # screen recorder & streamer
 shortwave # listen to world radio
 nextcloud-client # self-hosted google-drive alternative
 #+end_src
 *** WEB
 Stuff that I use to interact with the web, web browsers, chats, download
 managers, etc.
 #+begin_src nix
 firefox # web browser that allows to disable spyware
 tor-browser-bundle-bin # dark web, so dark!
 chromium # web browser with spyware included
 telegram-desktop # furry chat
 nicotine-plus # remember Ares?
 warp # never used, but supposedly cool for sharing files
 (pkgs.discord.override {
  # withOpenASAR = true;
  withVencord = true;
 })
 # hugo # website engine
 #+end_src
 ** COMMAND-LINE PACKAGES
 cli and tui packages, which on their own right are as or more powerful than the
 packages on the previous section.
 =note= exa is no longer maintained, and will soon be replaced by eza, a maintained
 fork.
 ** COMMAND-LINE PACKAGES
 #+begin_src nix
 unstable.yt-dlp # downloads videos from most video websites
@ -340,28 +510,32 @@ unstable.gallery-dl # similar to yt-dlp but for most image gallery websites
 fd # modern find, faster searches
 fzf # fuzzy finder! super cool and useful
-gdu # disk-space utility, somewhat useful
+gdu # disk-space utility checker, somewhat useful
-du-dust # rusty du
+du-dust # rusty du similar to gdu
-trashy # oop! didn't meant to delete that
+ripgrep # modern grep
 trashy # oop! did not meant to delete that
 unstable.eza # like ls but with colors
 gocryptfs # encrypted filesystem! shhh!!!
 rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS
 ffmpeg # not ffmpreg, the coolest video conversion tool!
 # torrenttools # create torrent files from the terminal!
 # vcsi # video thumbnails for torrents, can I replace it with ^?
 #+end_src
-** MY SCRIPTS
+*** MY SCRIPTS
-Here I compile my own scripts into binaries
+Here I compile my own scripts into binaries.
 #+begin_src nix
 jawzManageLibrary
 jawzTasks
 (writeScriptBin "ffmpeg4discord" (builtins.readFile ../scripts/ffmpeg4discord.py))
 (writeScriptBin "ffmpreg" (builtins.readFile ../scripts/ffmpreg.sh))
 (writeScriptBin "chat-dl" (builtins.readFile ../scripts/chat-dl.sh))
 (writeScriptBin "split-dir" (builtins.readFile ../scripts/split-dir.sh))
 (writeScriptBin "pika-list" (builtins.readFile ../scripts/pika-list.sh))
 (writeScriptBin "run" (builtins.readFile ../scripts/run.sh))
 (writeScriptBin "pika-list" (builtins.readFile ../scripts/pika-list.sh))
 #+end_src
-** DEVELOPMENT PACKAGES
+*** DEVELOPMENT PACKAGES
 Assorted development packages and libraries, categorized by languages.
 #+begin_src nix
@ -403,9 +577,10 @@ pipenv # python development workflow for humans
 # JS
 nodejs # not as bad as I thought
 # jq # linting
 #+end_src
-** PYTHON
+*** PYTHON
 #+begin_src nix
 ]) ++ (with pkgs.python3Packages; [
@ -439,21 +614,9 @@ nodejs # not as bad as I thought
    propagatedBuildInputs =
      [ tqdm ];
  })
  # (buildPythonApplication rec {
  #   pname = "qbit_manage";
  #   version = "4.0.3";
  #   src = fetchPypi {
  #     inherit pname version;
  #     sha256 = "sha256-7eVqbLpMHS1sBw2vYS4cTtyVdnnknGtEI8190VlXflk=";
  #   };
  #   doCheck = true;
  #   buildInputs = [ setuptools ];
  #   propagatedBuildInputs =
  #     [ gitpython requests retrying ruamel-yaml schedule unstable.qbittorrent-api ];
  # })
 #+end_src
-** NODEJS PACKAGES
+*** NODEJS PACKAGES
 Mostly language servers and linters.
 #+begin_src nix
@ -471,7 +634,7 @@ Mostly language servers and linters.
 #+end_src
 ** HUNSPELL
-These dictionaries work with Firefox, Doom Emacs and LibreOffice.
+These dictionaries are compatible with Firefox, Doom Emacs and LibreOffice.
 #+begin_src nix
 hunspell
@ -485,18 +648,47 @@ Themes and other customization, making my DE look the way I want is one of the
 main draws of Linux for me.
 #+begin_src nix
 # Themes
 adw-gtk3
 gnome.gnome-tweaks # tweaks for the gnome desktop environment
 # gradience # theme customizer, allows you to modify adw-gtk3 themes
 # Fonts
 (nerdfonts.override {
  fonts = [ "Agave" "CascadiaCode" "SourceCodePro"
            "Ubuntu" "FiraCode" "Iosevka" ];
 })
 symbola
 (papirus-icon-theme.override {
  color = "adwaita";
 })
 #+end_src
-** CLOSING USER PACKAGES
+** GNOME EXTENSIONS
 The last line can be commented to allow for the installation of gnome-extensions
 from the unstable channel.
 #+begin_src nix
-]); }; # <--- end of package list
+# lm_sensors # for extension, displays cpu temp
 libgda # for pano shell extension
 ]) ++ (with pkgs.gnomeExtensions; [
  appindicator # applets for open applications
  panel-scroll # scroll well to change workspaces
  reading-strip # like putting a finger on every line I read
  tactile # window manager
  pano # clipboard manager
  # freon # hardware temperature monitor
  # blur-my-shell # make the overview more visually appealing
  # gamemode # I guess I'm a gamer now?
  # burn-my-windows
  # forge # window manager
 # ]) ++ (with unstable.pkgs.gnomeExtensions; [
 #+end_src
 ** CLOSE USER PACKAGES
 #+begin_src nix
 ]); }; };# <--- end of package list
 #+end_src
 * HOME-MANAGER
@ -546,11 +738,15 @@ programs.bash = {
    f = "fzf --multi --exact -i";
    sc = "systemctl --user";
    jc = "journalctl --user -xefu";
-    open-gallery = "cd /mnt/disk2/scrapping/JawZ/gallery-dl && xdg-open $(fd . ./ Husbands -tdirectory -d 1 | fzf -i)\"";
+    open-gallery = "cd /mnt/disk2/scrapping/JawZ/gallery-dl \
-    unique-extensions = "fd -tf | rev | cut -d. -f1 | rev  | tr '[:upper:]' '[:lower:]' | sort | uniq --count | sort -rn";
+                 && xdg-open \"$(fd . ./ Husbands -tdirectory -d 1 | fzf -i)\"";
    unique-extensions = "fd -tf | rev | cut -d. -f1 | rev \
                      | tr '[:upper:]' '[:lower:]' | sort \
                      | uniq --count | sort -rn";
  };
  enableVteIntegration = true;
  initExtra = ''
    ,#+begin_src bash
    $HOME/.local/bin/pokemon-colorscripts -r --no-title
    # Lists
    list_root="${config.xdg.configHome}"/jawz/lists/jawz
@ -565,8 +761,12 @@ programs.bash = {
    fi
    nixos-reload () {
-        nixfmt /home/jawz/Development/NixOS/workstation/*.nix
+        NIXOSDIR=/home/jawz/Development/NixOS
-        sudo nixos-rebuild switch -I nixos-config=/home/jawz/Development/NixOS/workstation/configuration.nix
+        nix-store --add-fixed sha256 $NIXOSDIR/scripts/PureRef-1.11.1_x64.Appimage
        nixfmt $NIXOSDIR/battlestation/*.nix
        sudo unbuffer nixos-rebuild switch -I \
            nixos-config=$NIXOSDIR/battlestation/configuration.nix \
            |& nom
    }
  '';
 };
@ -654,6 +854,7 @@ services = {
    enable = true;
    defaultEditor = true;
    package = pkgs.emacs;
    startWithUserSession = "graphical";
  };
 };
 #+end_src
@ -677,10 +878,19 @@ some applications use.
 #+begin_src nix
 environment = {
  etc = {
    "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
        bluez_monitor.properties = {
            ["bluez5.enable-sbc-xq"] = true,
            ["bluez5.enable-msbc"] = true,
            ["bluez5.enable-hw-volume"] = true,
            ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
        }
    '';
  };
  systemPackages = with pkgs; [
    wget
-    jellyfin-ffmpeg # coolest video converter!
+    gwe
    dlib
  ];
  variables = rec {
    # PATH
@ -732,50 +942,6 @@ environment = {
 };
 #+end_src
 * SNAPRAID
 It's a parity raid utility which creates a scheme similar to what UNRAID
 offered, except not in real time, I schedule it to run every night, so it keeps
 my files sync, while it is possible to use snapraid as a solution to keep a
 historic backup of your files, I am more concerned with the whole disk recovery
 in case of failure, as such a frequent sync fits my preferences.
 #+begin_src nix
 snapraid = {
  enable = true;
  touchBeforeSync = true;
  sync.interval = "02:00";
  scrub = {
    plan = 10;
    olderThan = 10;
    interval = "4:00";
  };
  parityFiles = [
    "/mnt/parity/snapraid.parity"
  ];
  extraConfig = ''
    autosave 5000
  '';
  exclude = [
    "/tmp/"
    "/lost+found/"
    "/multimedia/downloads/"
    "/scrapping/nextcloud/"
    "/backups/"
    "/glue/Spankbank/____UNORGANIZED/Chaturbate/"
    "/nextcloud/nextcloud.log"
  ];
  dataDisks = {
    d1 = "/mnt/disk1/";
    d2 = "/mnt/disk2/";
  };
  contentFiles = [
    "/var/snapraid.content"
    "/mnt/disk1/snapraid.content"
    "/mnt/disk2/snapraid.content"
  ];
 };
 #+end_src
 * PROGRAMS
 Some programs get enabled and installed through here, as well as the activation
 of some services.
@ -792,17 +958,17 @@ programs = {
    enable = true;
    enableSSHSupport = true;
  };
-  msmtp = {
+  geary = {
    enable = true;
    accounts.default = {
      auth = true;
      host = "smtp.gmail.com";
      port = 587;
      tls = true;
      from = "stunner6399@gmail.com";
      user = "stunner6399@gmail.com";
      password = "eqyctcgjdykqeuwt";
  };
  steam = {
    enable = true;
    remotePlay.openFirewall = true;
    dedicatedServer.openFirewall = true;
  };
  kdeconnect = {
    enable = true;
    package = pkgs.gnomeExtensions.gsconnect;
  };
 };
 #+end_src
@ -810,39 +976,35 @@ programs = {
 * SERVICES
 Miscellaneous services, most of which are managed by systemd.
 - minidlna: allows me to watch my media on my tv.
 - avahi: allows to discover/connect to devices through their hostname on the
  same network.
 - fstrim/btrfs: file-system services.
 - hardware.openrgb: enables to tune hardware RGB.
 - psd: profile-sync-daemon, loads the chrome/firefox profile to ram.
 #+begin_src nix
 services = {
-  minidlna = {
+  printing = {
    enable = true;
-    openFirewall = true;
+    drivers = [ pkgs.hplip pkgs.hplipWithPlugin ];
    settings = {
      inotify = "yes";
      media_dir = [
        "/mnt/disk2/glue"
        "/mnt/seedbox/glue"
        "/mnt/disk1/multimedia/downloads"
      ];
    };
  };
  avahi = {
    enable = true;
    nssmdns = true;
  };
  psd.enable = true;
  fstrim.enable = true;
  btrfs.autoScrub = {
    enable = true;
    fileSystems = [
      "/"
      "/mnt/disk1"
      "/mnt/disk2"
    ];
  };
  hardware.openrgb = {
    enable = true;
    package = unstable.openrgb;
    motherboard = "amd";
  };
  openssh = {
    enable = true;
    openFirewall = true;
@ -861,56 +1023,10 @@ the best way to define them for now, is using nix.
 #+begin_src nix
 systemd = {
-  packages = [ pkgs.qbittorrent-nox ];
+  services = { };
  services = {
    "qbittorrent-nox@jawz" = {
      enable = true;
      overrideStrategy = "asDropin";
      wantedBy = [ "multi-user.target" ];
    };
  };
  timers = { };
  user = {
    services = {
      HentaiAtHome = {
        enable = true;
        restartIfChanged = true;
        description = "Run hentai@home server";
        wantedBy = [ "default.target" ];
        serviceConfig = {
          Restart = "on-failure";
          RestartSec = 30;
          WorkingDirectory="/mnt/hnbox";
          ExecStart = "${pkgs.HentaiAtHome}/bin/HentaiAtHome";
        };
      };
      unpackerr = {
        enable = true;
        restartIfChanged = true;
        description = "Run unpackerr";
        wantedBy = [ "default.target" ];
        serviceConfig = {
          Restart = "on-failure";
          RestartSec = 30;
          ExecStart = "${pkgs.unpackerr}/bin/unpackerr -c /home/jawz/.config/unpackerr.conf";
        };
      };
      manage-library = {
        enable = true;
        restartIfChanged = true;
        description = "Run the manage library bash script";
        wantedBy = [ "default.target" ];
        path = [
          pkgs.bash
          pkgs.nix
          jawzManageLibrary
        ];
        serviceConfig = {
          Restart = "on-failure";
          RestartSec = 30;
          ExecStart = "${jawzManageLibrary}/bin/manage-library";
        };
      };
      tasks = {
        restartIfChanged = true;
        description = "Run a tasks script which keeps a lot of things organized";
@ -926,20 +1042,6 @@ systemd = {
          ExecStart = "${jawzTasks}/bin/tasks";
        };
      };
      qbit_manage = let qbit_dir = "/home/jawz/Development/Git/qbit_manage"; in {
        restartIfChanged = true;
        description = "Tidy up my torrents";
        wantedBy = [ "default.target" ];
        path = [
          pkgs.python3
          pkgs.pipenv
        ];
        serviceConfig = {
          Restart = "on-failure";
          RestartSec = 30;
          ExecStart = "${qbit_dir}/.venv/bin/python3 ${qbit_dir}/qbit_manage.py -r -c ${qbit_dir}/config.yml";
        };
      };
    };
    timers = {
      tasks = {
@ -950,14 +1052,6 @@ systemd = {
          OnCalendar = "*:0/10";
        };
      };
      qbit_manage = {
        enable = true;
        description = "Tidy up my torrents";
        wantedBy = [ "timers.target" ];
        timerConfig = {
          OnCalendar = "*:0/10";
        };
      };
    };
  };
 };
@ -980,24 +1074,67 @@ Computer-specific hardware settings.  The power management settings are
 defaulted to "performance".
 - nvidia: GPU drivers.
- cpu.intel: microcode patches.
+- sane: hp scanner drivers.
 - cpu.amd: microcode patches.
 - opentabletdriver: overrides the default generic nvidia drivers.
 - opengl: required for gaming, as pug drivers as well as video acceleration.
 #+begin_src nix
 powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
 hardware = {
  cpu.amd.updateMicrocode =
    lib.mkDefault config.hardware.enableRedistributableFirmware;
  nvidia = {
    modesetting.enable = true;
    powerManagement.enable = true;
  };
-  cpu.intel.updateMicrocode = lib.mkDefault true;
+  sane = {
    enable = true;
    extraBackends = [ pkgs.hplip pkgs.hplipWithPlugin ];
  };
  opentabletdriver = {
    enable = true;
    package = unstable.opentabletdriver;
    daemon.enable = false;
  };
  opengl = {
    enable = true;
    driSupport = true;
    driSupport32Bit = true;
    extraPackages = with pkgs; [
      nvidia-vaapi-driver
      vaapiVdpau
      libvdpau-va-gl
    ];
  };
 };
 ### TEMPORARY PATCH, pinning up the linux kernel due to a bug with newer versions.
 boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_6_1.override {
    argsOverride = rec {
      src = pkgs.fetchurl {
            url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz";
            sha256 = "Vnc3mQ28kmWWageGOSghqfpVn9NGSU/R7/BQ2+s4OlI=";
      };
      version = "6.1.52";
      modDirVersion = "6.1.52";
      };
  });
 #+end_src
 * DOCKER
 Basic docker settings to be able to run some images, although most docker images
 run on my server.
 #+begin_src nix
 virtualisation.docker = {
  enable = true;
  storageDriver = "btrfs";
  enableNvidia = true;
 };
 #+end_src
 * CLOSE SYSTEM
 #+begin_src nix
 }
 #+end_src
--- a/workstation/fstab.nix
+++ b/workstation/fstab.nix
@ -0,0 +1,91 @@
 { config, pkgs, modulesPath, ... }: {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot = {
    #plymouth = { enable = true; };
    loader = {
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot/efi";
      };
      grub = {
        enable = true;
        device = "nodev";
        efiSupport = true;
        enableCryptodisk = true;
      };
    };
    initrd.luks.devices = {
      nvme = {
        device = "/dev/disk/by-uuid/e9618e85-a631-4374-b2a4-22c376d6e41b";
        preLVM = true;
      };
    };
    kernelModules = [ "kvm-intel" ];
    kernel.sysctl = { "vm.swappiness" = 80; };
    extraModulePackages = [ ];
    initrd = {
      availableKernelModules =
        [ "xhci_pci" "ahci" "usbhid" "nvme" "usb_storage" "sd_mod" ];
      kernelModules = [ ];
    };
  };
  fileSystems = let
    mount = disk: {
      device = "workstation:/${disk}";
      fsType = "nfs";
    };
  in {
    "/mnt/disk1" = mount "disk1" // { };
    "/mnt/disk2" = mount "disk2" // { };
    "/mnt/jawz" = mount "jawz" // { };
    "/mnt/seedbox" = mount "seedbox" // { };
    "/" = {
      device = "/dev/mapper/nvme";
      fsType = "btrfs";
      options = [
        "subvol=nixos"
        "ssd"
        "compress=zstd:3"
        "x-systemd.device-timeout=0"
        "space_cache=v2"
        "commit=120"
        "datacow"
        "noatime"
      ];
    };
    "/home" = {
      device = "/dev/mapper/nvme";
      fsType = "btrfs";
      options = [
        "subvol=home"
        "ssd"
        "compress=zstd:3"
        "x-systemd.device-timeout=0"
        "space_cache=v2"
        "commit=120"
        "datacow"
      ];
    };
    "/boot" = {
      device = "/dev/disk/by-uuid/ac6d349a-96b9-499e-9009-229efd7743a5";
      fsType = "ext4";
    };
    "/boot/efi" = {
      device = "/dev/disk/by-uuid/B05D-B5FB";
      fsType = "vfat";
    };
  };
  swapDevices = [{
    device = "/dev/disk/by-partuuid/c1bd22d7-e62c-440a-88d1-6464be1aa1b0";
    randomEncryption = {
      enable = true;
      cipher = "aes-xts-plain64";
      keySize = 512;
      sectorSize = 4096;
    };
  }];
 }