Weekly flake update: 2025-10-11 03:33 UTC

.github/workflows/build-schemes.yml

@@ -0,0 +1,92 @@
+name: Build All Color Schemes
+
+on:
+  push:
+    paths:
+      - 'config/schemes.nix'
+      - 'config/scheme-utils.nix'
+  workflow_dispatch:
+
+jobs:
+  build-schemes:
+    runs-on: nixos
+    env:
+      HOSTNAME: server
+    
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Get available schemes
+      id: schemes
+      run: |
+        SCHEMES=$(nix eval --raw --impure --expr '
+          let
+            pkgs = import <nixpkgs> {};
+            inputs = {};
+            utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
+          in
+          builtins.concatStringsSep " " utils.availableSchemes
+        ')
+        echo "schemes=$SCHEMES" >> $GITHUB_OUTPUT
+        echo "Available schemes: $SCHEMES"
+    
+    - name: Configure Attic cache
+      run: |
+        # Configure attic client to use your cache server
+        attic login servidos https://cache.servidos.lat ${{ secrets.ATTIC_TOKEN }}
+    
+    - name: Build and push all schemes
+      run: |
+        echo "Building and pushing all schemes..."
+        
+        # Store original scheme
+        ORIGINAL_SCHEME=$(grep -oP "scheme = schemesFile\.schemes\.\K\w+" config/stylix.nix)
+        echo "Original scheme: $ORIGINAL_SCHEME"
+        
+        # Build and push each scheme
+        for scheme in ${{ steps.schemes.outputs.schemes }}; do
+          echo "========================================="
+          echo "Processing scheme: $scheme"
+          echo "========================================="
+          
+          # Update stylix.nix to use this scheme
+          sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$scheme;/" config/stylix.nix
+          
+          # Verify the change
+          grep "scheme = schemesFile.schemes" config/stylix.nix
+          
+          # Build the configuration
+          echo "Building $scheme..."
+          nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
+            --out-link ./result-$scheme \
+            --quiet
+          
+          # Push to cache
+          echo "Pushing $scheme to cache..."
+          attic push servidos:nixos ./result-$scheme
+          
+          # Also push using print-out-paths for better cache coverage
+          nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
+            --print-out-paths \
+            --quiet | attic push servidos:nixos --stdin
+          
+          echo "✓ Completed $scheme"
+          echo ""
+        done
+        
+        # Restore original scheme
+        echo "Restoring original scheme: $ORIGINAL_SCHEME"
+        sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$ORIGINAL_SCHEME;/" config/stylix.nix
+        
+        echo "========================================="
+        echo "All schemes built and pushed successfully!"
+        echo "========================================="
+    
+    - name: Summary
+      run: |
+        SCHEME_COUNT=$(echo "${{ steps.schemes.outputs.schemes }}" | wc -w)
+        echo "✅ Color scheme builds completed successfully!"
+        echo "- Built $SCHEME_COUNT schemes: ${{ steps.schemes.outputs.schemes }}"
+        echo "- Pushed all builds to Atticd cache"
+        echo ""
+        echo "You can now switch schemes quickly without waiting for builds!"

README.org

@@ -0,0 +1,239 @@
+#+TITLE: JawZ NixOS Configuration
+#+AUTHOR: JawZ
+#+EMAIL: danilo.reyes.251@proton.me
+#+OPTIONS: toc:t num:t
+#+STARTUP: content
+
+* Overview
+
+This repository contains my personal NixOS configuration flake, managing
+multiple hosts with a modular approach. Designed the configuration for a
+self-hosted infrastructure with services and development environments.
+
+* Architecture
+
+** Hosts
+- =workstation= :: Main development machine with GNOME desktop
+- =server= :: Primary server with containerized services
+- =miniserver= :: Secondary server for additional services
+- =galaxy= :: Minimal configuration host
+- =emacs= :: Development VM for Emacs configuration
+
+** Key Features
+- Modular configuration system
+- SOPS-based secrets management
+- Container orchestration with Podman
+- Automated builds and caching
+- Multi-language development environments
+- Self-hosted service stack
+
+* Quick Start
+
+** Prerequisites
+- NixOS 23.05 or later
+- SOPS configured with age keys
+- SSH keys for remote builds
+
+** Initial Setup
+#+BEGIN_SRC bash
+# Clone the repository git clone <repository-url> /home/jawz/Development/NixOS
+cd /home/jawz/Development/NixOS
+
+# Install dependencies nix flake update
+
+# Build and switch to configuration sudo nixos-rebuild switch --flake
+.#<hostname>
+#+END_SRC
+
+** Development Environment
+#+BEGIN_SRC bash
+# Enter development shell for specific language nix develop .#<language>
+
+# Available languages: python, rust, go, haskell, javascript, julia, zig, sh,
+cc, nix
+#+END_SRC
+
+* Configuration Structure
+
+** Core Configuration
+- =config/base.nix= :: Common system configuration
+- =config/jawz.nix= :: User and SSH configuration
+- =config/stylix.nix= :: Theming configuration
+- =config/schemes.nix= :: Color scheme definitions
+
+** Host Configurations
+- =hosts/<hostname>/configuration.nix= :: Host-specific settings
+- =hosts/<hostname>/hardware-configuration.nix= :: Hardware-specific config
+- =hosts/<hostname>/toggles.nix= :: Feature toggles
+
+** Modules
+- =modules/apps/= :: Application packages and configurations
+- =modules/dev/= :: Development environment modules
+- =modules/servers/= :: Self-hosted service configurations
+- =modules/services/= :: System service configurations
+- =modules/scripts/= :: Custom scripts and utilities
+- =modules/shell/= :: Shell and terminal configurations
+
+* Services
+
+** Core Services
+- PostgreSQL 17 :: Database backend
+- Nginx :: Reverse proxy and web server
+- Podman :: Container runtime
+- Syncthing :: File synchronization
+- WireGuard :: VPN connectivity
+
+** Self-Hosted Applications
+- Nextcloud :: File sharing and collaboration
+- Gitea :: Git repository hosting
+- Jellyfin :: Media server
+- Plex :: Media streaming
+- Sonarr/Radarr/Lidarr :: Media management
+- Vaultwarden :: Password manager
+- Homepage :: Service dashboard
+- And more...
+
+* Development
+
+** Available Development Shells
+The configuration provides development shells for my favorite programming
+languages:
+
+#+BEGIN_SRC bash
+# Python development nix develop .#python
+
+# Rust development   nix develop .#rust
+
+# Go development nix develop .#go
+
+# JavaScript/Node.js development nix develop .#javascript
+
+# Haskell development nix develop .#haskell
+
+# Julia development nix develop .#julia
+
+# Zig development nix develop .#zig
+
+# Shell scripting nix develop .#sh
+
+# C/C++ development nix develop .#cc
+
+# Nix development nix develop .#nix
+#+END_SRC
+
+** Adding New Modules
+1. Create module file in appropriate directory under =modules/=
+2. Add module to =modules/modules.nix= if needed
+3. Enable module in host configuration or toggles
+
+** Adding New Hosts
+1. Create host directory under =hosts/<hostname>/
+2. Add =configuration.nix= and =hardware-configuration.nix=
+3. Add host to =flake.nix= outputs
+4. Create =toggles.nix= for feature management
+
+* Secrets Management
+
+** SOPS Configuration
+Manage secrets using SOPS with age encryption:
+
+- =secrets/secrets.yaml= :: Main secrets file
+- =secrets/keys.yaml= :: SSH and encryption keys
+- =secrets/env.yaml= :: Environment variables
+- =secrets/wireguard.yaml= :: VPN configuration
+- =secrets/certs.yaml= :: SSL certificates
+
+** Adding New Secrets
+#+BEGIN_SRC bash
+# Edit secrets file sops secrets/secrets.yaml
+
+# Add new secret sops -i -a 'new-secret: "value"' secrets/secrets.yaml
+#+END_SRC
+
+* CI/CD
+
+** GitHub Actions
+The repository includes automated workflows:
+
+- =weekly-build-cache.yml= :: Weekly builds and cache updates
+- =build-schemes.yml= :: Color scheme builds
+
+** Build Cache
+Builds are automatically cached using Atticd for faster rebuilds.
+
+
+* Customization
+
+** Theming
+The configuration uses Stylix for theming. Define color schemes in
+=config/schemes.nix= and can set them via the =config/stylix.nix= file.
+
+** Adding New Services
+1. Create service module in =modules/servers/=
+2. Add service configuration
+3. Enable service in host toggles
+4. Add to homepage if needed
+
+** Custom Scripts
+Scripts are in =modules/scripts/= and toggle them per host.
+
+* Troubleshooting
+
+** Common Issues
+
+*** Build Failures
+- Check flake inputs are up to date: =nix flake update=
+- Verify all required secrets are present
+- Check host-specific configuration
+
+*** Service Issues
+- Check service status: =systemctl status <service>=
+- View logs: =journalctl -u <service>=
+- Verify firewall rules
+
+*** Development Environment
+- Rebuild development shell: =nix develop .#<language>=
+- Check available packages: =nix search nixpkgs <package>=
+
+** Getting Help
+- Check NixOS documentation
+- Review module documentation
+- Check service-specific documentation
+
+* Maintenance
+
+** Regular Tasks
+- Update flake inputs weekly
+- Review and rotate secrets quarterly
+- Update system packages monthly
+- Clean old generations: =sudo nix-collect-garbage -d=
+
+** Backup Strategy
+- Configuration is version controlled
+- Secrets are encrypted and backed up
+- BTRFS snapshots for data protection
+
+* Contributing
+
+** Code Style
+- Use consistent formatting
+- Add comments for complex configurations
+- Follow Nix conventions
+
+** Pull Requests
+- Test changes on development host first
+- Update documentation as needed
+- Ensure all secrets are properly managed
+
+* License
+
+This configuration is for personal use. Please respect the licenses of
+individual packages and services used.
+
+* Contact
+
+For questions or issues, contact danilo.reyes.251@proton.me
+
+---
+
+*Last updated: 2025*

config/base.nix

@@ -47,7 +47,7 @@
   };
   security = {
     polkit.enable = true;
-    sudo = {
+    sudo-rs = {
       enable = true;
       wheelNeedsPassword = false;
     };
@@ -145,11 +145,7 @@
         XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
         "_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
         ORG_DEVICE = "workstation";
-        # WAYLAND
-        WLR_NO_HARDWARE_CURSORS = 1;
-        NIXOS_OZONE_WL = 1;
         PATH = [ "\${HOME}/.local/bin" ];
-        NH_USE_DOAS = 1;
       };
   };
   programs = {

config/home-manager.nix

@@ -48,7 +48,7 @@ in
       enable = true;
       delta.enable = true;
       userName = "Danilo Reyes";
-      userEmail = "CaptainJawZ@protonmail.com";
+      userEmail = osConfig.my.email;
       extraConfig = {
         init.defaultBranch = "main";
         pull.rebase = true;

config/overlay.nix

@@ -8,6 +8,8 @@ let
   pkgsU = mkpkgs inputs.nixpkgs-unstable;
 in
 _final: prev: {
+  handbrake = prev.handbrake.override { useGtk = true; };
+  ripgrep = prev.ripgrep.override { withPCRE2 = true; };
   nautilus = prev.nautilus.overrideAttrs (old: {
     buildInputs =
       old.buildInputs
@@ -29,8 +31,6 @@ _final: prev: {
         wineWowPackages.stable
       ]);
   };
-  handbrake = prev.handbrake.override { useGtk = true; };
-  ripgrep = prev.ripgrep.override { withPCRE2 = true; };
   discord = prev.discord.override {
     withVencord = true;
     withOpenASAR = true;
@@ -39,6 +39,7 @@ _final: prev: {
     mesonFlags = old.mesonFlags ++ [ "-Dexperimental=true" ];
   });
   inherit (pkgsU)
+    code-cursor
     symbola
     mealie
     flaresolver

config/schemes.nix

@@ -56,6 +56,18 @@ in
       polarity = "dark";
       image = "${wallpapers}/Waay-Ballerinas.jpeg";
     };
+    febroary = mkScheme {
+      color = "yellow";
+      name = "gruvbox-light";
+      polarity = "light";
+      image = "${wallpapers}/febroary.jpg";
+    };
+    paul3 = mkScheme {
+      color = "bluegrey";
+      name = "mexico-light";
+      polarity = "light";
+      image = "${wallpapers}/paul3.jpg";
+    };
     paul = mkScheme {
       color = "green";
       name = "valua";
@@ -99,7 +111,7 @@ in
         base0A = "#daa520"; # goldenrod
         base0B = "#228b22"; # forest green
         base0C = "#20b2aa"; # light sea green
-        base0D = "#4169e1"; # royal blue
+        base0D = "#daa520"; # goldenrod
         base0E = "#8b008b"; # dark magenta
         base0F = "#dc143c"; # crimson
       };

config/stylix.nix

@@ -9,7 +9,7 @@ let
   schemesFile = import ./schemes.nix {
     inherit pkgs inputs;
   };
-  scheme = schemesFile.schemes.cheems;
+  scheme = schemesFile.schemes.febroary;
   cfg = config.my.stylix;
   gnomeEnabled = config.services.xserver.desktopManager.gnome.enable;
 in

dotfiles/gallery-dl.nix

@@ -13,8 +13,8 @@
       directory = [ ];
     };
     bluesky = {
+      limit-rate = "400k-1M";
       username = "blablablamagic.bsky.social";
-      password = "{env[GALLERY_DL_BLUESKY_PASSWORD]}";
       reposts = false;
       videos = true;
       directory = [ "{author['handle']}" ];
@@ -30,8 +30,6 @@
     };
     flickr = {
       size-max = "Original";
-      access-token = "{env[GALLERY_DL_FLICKR_ACCESS_TOKEN]}";
-      access-token-secret = "{env[GALLERY_DL_FLICKR_ACCESS_TOKEN_SECRET]}";
       directory = [
         "{category}"
         "{owner[username]}"
@@ -49,8 +47,9 @@
       ];
     };
     instagram = {
+      limit-rate = "200k-300k";
       browser = "firefox:linux";
-      user-agent = "Mozilla/5.0 (X11; Linux x86_64; rv:138.0) Gecko/20100101 Firefox/138.0";
+      user-agent = "Mozilla/5.0 (X11; Linux x86_64; rv:143.0) Gecko/20100101 Firefox/143.0";
       sleep = "66-123";
       sleep-request = "66-123";
       parent-directory = true;
@@ -71,6 +70,7 @@
       ];
     };
     kemonoparty = {
+      limit-rate = "200k-300k";
       retries = 10;
       timeout = 5;
       filename = "{id}_{filename}.{extension}";
@@ -84,19 +84,15 @@
       "{title}"
     ];
     tumblr = {
-      access-token = "{env[GALLERY_DL_TUMBLR_ACCESS_TOKEN]}";
-      access-token-secret = "{env[GALLERY_DL_TUMBLR_ACCESS_TOKEN_SECRET]}";
       external = true;
       inline = true;
       posts = "all";
       reblogs = false;
       parent-directory = true;
-      api-key = "{env[GALLERY_DL_TUMBLR_API_KEY]}";
-      api-secret = "{env[GALLERY_DL_TUMBLR_API_SECRET]}";
       directory = [ "{blog_name}" ];
     };
     deviantart = {
-      refresh-token = "{env[GALLERY_DL_DEVIANTART_REFRESH_TOKEN]}";
+      limit-rate = "200k-300k";
       include = "gallery,scraps";
       flat = true;
       original = true;
@@ -116,6 +112,7 @@
       ];
     };
     patreon = {
+      limit-rate = "400k-1M";
       filename = "{filename}.{num}.{extension}";
       browser = "firefox";
       directory = [
@@ -139,7 +136,6 @@
     reddit = {
       user-agent = "Python:gallery-dl:v1.0 (by /u/captainjawz)";
       client-id = "T7nZ6WZ3_onJWBhLP8r08g";
-      refresh-token = "{env[GALLERY_DL_REDDIT_REFRESH_TOKEN]}";
       parent-directory = true;
       directory = [ "{author}" ];
     };
@@ -162,7 +158,6 @@
     ];
     baraag.directory = [ "{account[username]}" ];
     pixiv = {
-      refresh-token = "{env[GALLERY_DL_PIXIV_REFRESH_TOKEN]}";
       directory = [ "{user[account]} - {user[id]}" ];
       ugoira = true;
       favorite.directory = [
@@ -196,6 +191,7 @@
       ];
     };
     readcomiconline = {
+      limit-rate = "400k-1M";
       chapter-reverse = true;
       quality = "hq";
       captcha = "wait";

environments/hyprland.nix

@@ -4,33 +4,9 @@
   ...
 }:
 let
-  # misc
   mod = "SUPER";
-  # waybar
-  inherit (config.lib.stylix) colors;
-  net-icons = [
-    "󰣾"
-    "󰣴"
-    "󰣶"
-    "󰣸"
-    "󰣺"
-  ];
-  generic-percent-icons = [
-    "▁"
-    "▂"
-    "▃"
-    "▄"
-    "▅"
-    "▆"
-    "▇"
-    "█"
-  ];
-  temp-icons = [
-    ""
-    ""
-    ""
-    ""
-  ];
+  waybarConfig = import ./waybar-config.nix { inherit pkgs config; };
+  waybarStyle = import ./waybar-style.nix { inherit config; };
 in
 {
   programs.hyprland.enable = true;
@@ -41,12 +17,6 @@ in
       user = "greeter";
     };
   };
-  xdg.portal = {
-    enable = true;
-    extraPortals = [
-      pkgs.xdg-desktop-portal-hyprland
-    ];
-  };
   users.users.jawz.packages = builtins.attrValues {
     inherit (pkgs)
       # Wayland utilities
@@ -59,6 +29,8 @@ in
       swaylock-effects # screen locker
       yazi # file manager
       imv # images
+
+      playerctl # media player control
       ;
   };
   home-manager.users.jawz = {
@@ -72,108 +44,8 @@ in
           width = "30%";
         };
       };
-      waybar = {
-        enable = true;
-        systemd.enable = true;
-        settings.main-bar = {
-          layer = "top";
-          tray.spacing = 5;
-          clock.format = "{:%H:%M %F}";
-          modules-left = [
-            "niri/workspaces"
-            "custom/sep"
-            "niri/window"
-          ];
-          modules-center = [
-            "mpris"
-          ];
-          modules-right = [
-            "cpu"
-            "temperature"
-            "memory"
-            "backlight"
-            "pulseaudio"
-            "battery"
-            "custom/recorder"
-            "clock"
-            "tray"
-          ];
-          "hyprland/window".icon = true;
-          "niri/window".icon = true;
-          "niri/workspaces" = {
-            format = "{icon}";
-            format-icons = {
-              active = "";
-              default = "";
-            };
-          };
-          cava = {
-            format-icons = generic-percent-icons;
-            bars = 14;
-            method = "pulse";
-            framerate = 20;
-            bar_delimiter = 0;
-            stereo = false;
-          };
-          network = {
-            format = "{icon}  {ipaddr}";
-            format-icons = net-icons;
-          };
-          # pulseaudio = {
-          #   format = "{icon}  {volume}%";
-          #   format-muted = "vol: muted";
-          #   format-icons.default = audio-icons;
-          #   on-click = "pavucontrol";
-          #   scroll-step = 1;
-          # };
-          cpu = {
-            interval = 1;
-            format = " {icon}";
-            format-icons = generic-percent-icons;
-            tooltip-format = "usage: {usage}%\nload: {load}";
-          };
-          memory = {
-            interval = 1;
-            format = "  {icon}";
-            format-icons = generic-percent-icons;
-            tooltip-format = "{used} GiB / {total} GiB \n{percentage}%";
-          };
-          temperature = {
-            interval = 1;
-            critical-threshold = 80;
-            format = "{temperatureC}°C";
-            format-icons = temp-icons;
-          };
-          mpris = {
-            format = "{status_icon} {dynamic}";
-            dynamic-len = 60;
-            interval = 5;
-            status-icons = {
-              paused = "";
-              playing = "";
-            };
-          };
-        };
-        style = ''
-          * {
-            border: none;
-            font-family: "${config.stylix.fonts.monospace.name}";
-            font-size: ${toString config.stylix.fonts.sizes.desktop}pt;
-            color: #${colors.base04};
-          }
-          window#waybar {
-            background: #${colors.base00};
-          }
-          .module {
-            background: #${colors.base00};
-            margin: 0px 5px 0px 5px;
-            padding: 0px 0px 0px 5px;
-          }
-          #workspaces button {
-            padding: 0px;
-            border-bottom: 0px none transparent;
-          }
-        '';
+      waybar = waybarConfig.programs.waybar // {
+        style = waybarStyle;
       };
     };
     wayland.windowManager.hyprland = {
@@ -185,6 +57,11 @@ in
           border_size = 3;
           layout = "dwindle";
         };
+        misc = {
+          disable_hyprland_logo = true;
+          disable_splash_rendering = true;
+          force_default_wallpaper = 0;
+        };
         dwindle = {
           pseudotile = true;
           preserve_split = true;

environments/waybar-config.nix

@@ -0,0 +1,113 @@
+_: {
+  programs.waybar = {
+    enable = true;
+    systemd.enable = true;
+    settings.main-bar = {
+      layer = "top";
+      height = 18;
+      tray.spacing = 5;
+      clock = {
+        format = "{:%a %b %d  %I:%M %p}";
+        tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
+      };
+      modules-left = [
+        "hyprland/workspaces"
+        "custom/separator"
+        "temperature#cpu"
+        "custom/gpu-temp"
+      ];
+      modules-center = [
+        "clock"
+      ];
+      modules-right = [
+        "tray"
+        "mpris"
+        "wireplumber"
+        "wireplumber#microphone"
+      ];
+      "hyprland/workspaces" = {
+        format = "{icon}";
+        active-only = true;
+        on-scroll-up = "hyprctl dispatch workspace e-1";
+        on-scroll-down = "hyprctl dispatch workspace e+1";
+        persistent-workspaces."*" = 10; # Show 5 workspaces on all monitors
+      };
+      "custom/separator" = {
+        format = "|";
+        tooltip = false;
+      };
+      cava = {
+        bars = 14;
+        method = "pulse";
+        framerate = 20;
+        bar_delimiter = 0;
+        stereo = false;
+        format-icons.default = [
+          "▁"
+          "▂"
+          "▃"
+          "▄"
+          "▅"
+          "▆"
+          "▇"
+          "█"
+        ];
+      };
+      "temperature#cpu" = {
+        interval = 2;
+        format = " {temperatureC}°C";
+        critical-threshold = 80;
+        hwmon-path = "/sys/class/hwmon/hwmon1/temp1_input";
+        tooltip-format = "CPU: {temperatureC}°C";
+      };
+      "custom/gpu-temp" = {
+        exec = "nvidia-smi --query-gpu=temperature.gpu --format=csv,noheader,nounits";
+        format = "󰢮 {}°C";
+        interval = 2;
+        tooltip-format = "GPU: {}°C";
+      };
+      mpris = {
+        interval = 2;
+        format = "{player_icon} {dynamic}";
+        format-paused = "{status_icon} {dynamic}";
+        dynamic-len = 40;
+        on-click = "playerctl play-pause";
+        on-scroll-up = "playerctl next";
+        on-scroll-down = "playerctl previous";
+        dynamic-order = [
+          "title"
+          "artist"
+        ];
+        player-icons = {
+          default = "🎵";
+          firefox = "🦊";
+          librewolf = "🦊";
+        };
+        status-icons = {
+          paused = "";
+          playing = "";
+        };
+      };
+      wireplumber = {
+        format = "{icon}  {volume}%";
+        format-muted = "󰝟  muted";
+        scroll-step = 5;
+        on-click = "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
+        format-icons.default = [
+          "󰕿"
+          "󰖀"
+          "󰕾"
+        ];
+      };
+      "wireplumber#microphone" = {
+        format = "{format_source}";
+        format-source = "  {volume}%";
+        format-source-muted = "";
+        on-click = "wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle";
+        on-scroll-up = "wpctl set-volume @DEFAULT_AUDIO_SOURCE@ 5%+";
+        on-scroll-down = "wpctl set-volume @DEFAULT_AUDIO_SOURCE@ 5%-";
+        tooltip-format = "{source_desc}";
+      };
+    };
+  };
+}

environments/waybar-style.nix

@@ -0,0 +1,43 @@
+{
+  config,
+  ...
+}:
+let
+  inherit (config.lib.stylix) colors;
+in
+''
+  * {
+    border: none;
+    font-family: "${config.stylix.fonts.monospace.name}";
+    font-size: ${toString config.stylix.fonts.sizes.desktop}pt;
+    color: #${colors.base04};
+  }
+  window#waybar {
+    background: #${colors.base00};
+    min-height: 18px;
+  }
+  .module {
+    background: #${colors.base00};
+    margin: 0px 3px 0px 3px;
+    padding: 4px 6px 4px 6px;
+  }
+  #workspaces button {
+    padding: 2px 8px;
+    margin: 2px;
+    border-radius: 8px;
+    background: transparent;
+    color: #${colors.base03};
+    border: none;
+    min-width: 20px;
+  }
+
+  #workspaces button.active {
+    background: #${colors.base02};
+    color: #${colors.base05};
+  }
+
+  #workspaces button:hover {
+    background: #${colors.base01};
+    color: #${colors.base04};
+  }
+''

flake.lock

@@ -20,11 +20,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755946532,
-        "narHash": "sha256-POePremlUY5GyA1zfbtic6XLxDaQcqHN6l+bIxdT5gc=",
+        "lastModified": 1759499898,
+        "narHash": "sha256-UNzYHLWfkSzLHDep5Ckb5tXc0fdxwPIrT+MY4kpQttM=",
         "owner": "hyprwm",
         "repo": "aquamarine",
-        "rev": "81584dae2df6ac79f6b6dae0ecb7705e95129ada",
+        "rev": "655e067f96fd44b3f5685e17f566b0e4d535d798",
         "type": "github"
       },
       "original": {
@@ -215,11 +215,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1756770412,
-        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
+        "lastModified": 1759362264,
+        "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "4524271976b625a4a605beefd893f270620fd751",
+        "rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
         "type": "github"
       },
       "original": {
@@ -442,11 +442,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1758192433,
-        "narHash": "sha256-CR6RnqEJSTiFgA6KQY4TTLUWbZ8RBnb+hxQqesuQNzQ=",
+        "lastModified": 1759490292,
+        "narHash": "sha256-T6iWzDOXp8Wv0KQOCTHpBcmAOdHJ6zc/l9xaztW6Ivc=",
         "owner": "hyprwm",
         "repo": "hyprgraphics",
-        "rev": "c44e749dd611521dee940d00f7c444ee0ae4cfb7",
+        "rev": "9431db625cd9bb66ac55525479dce694101d6d7a",
         "type": "github"
       },
       "original": {
@@ -473,11 +473,11 @@
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1759169434,
-        "narHash": "sha256-1u6kq88ICeE9IiJPditYa248ZoEqo00kz6iUR+jLvBQ=",
+        "lastModified": 1760143218,
+        "narHash": "sha256-OhJPROcRcwBkjOKkXr/f3/7wuSjhAIqr8WfmEUF9Uuo=",
         "owner": "hyprwm",
         "repo": "Hyprland",
-        "rev": "38c1e72c9d81fcdad8f173e06102a5da18836230",
+        "rev": "d599513d4a72d66ac62ffdedc41d6653fa81b39e",
         "type": "github"
       },
       "original": {
@@ -566,11 +566,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1757694755,
-        "narHash": "sha256-j+w5QUUr2QT/jkxgVKecGYV8J7fpzXCMgzEEr6LG9ug=",
+        "lastModified": 1759080228,
+        "narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=",
         "owner": "hyprwm",
         "repo": "hyprland-qtutils",
-        "rev": "5ffdfc13ed03df1dae5084468d935f0a3f2c9a4c",
+        "rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7",
         "type": "github"
       },
       "original": {
@@ -595,11 +595,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756810301,
-        "narHash": "sha256-wgZ3VW4VVtjK5dr0EiK9zKdJ/SOqGIBXVG85C3LVxQA=",
+        "lastModified": 1758927902,
+        "narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=",
         "owner": "hyprwm",
         "repo": "hyprlang",
-        "rev": "3d63fb4a42c819f198deabd18c0c2c1ded1de931",
+        "rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da",
         "type": "github"
       },
       "original": {
@@ -620,11 +620,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756117388,
-        "narHash": "sha256-oRDel6pNl/T2tI+nc/USU9ZP9w08dxtl7hiZxa0C/Wc=",
+        "lastModified": 1759619523,
+        "narHash": "sha256-r1ed7AR2ZEb2U8gy321/Xcp1ho2tzn+gG1te/Wxsj1A=",
         "owner": "hyprwm",
         "repo": "hyprutils",
-        "rev": "b2ae3204845f5f2f79b4703b441252d8ad2ecfd0",
+        "rev": "3df7bde01efb3a3e8e678d1155f2aa3f19e177ef",
         "type": "github"
       },
       "original": {
@@ -666,11 +666,11 @@
         "sudoku-solver": "sudoku-solver"
       },
       "locked": {
-        "lastModified": 1759213850,
-        "narHash": "sha256-KnFUzXjSOtSG9U4U4OJonCTZaMWqJjXvHL1PQW994A4=",
+        "lastModified": 1760073554,
+        "narHash": "sha256-Ydqg/9lpoha2vgspjviqeRh6/tsWN+pZcUxn1ZyrFZM=",
         "ref": "refs/heads/master",
-        "rev": "38959dc37b09d1cb037df02086e4d07b9ef30b80",
-        "revCount": 105,
+        "rev": "5c13b806a094f3605e2da70e133551848ad8d9a9",
+        "revCount": 109,
         "type": "git",
         "url": "https://git.servidos.lat/jawz/scripts.git"
       },
@@ -687,11 +687,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759110900,
-        "narHash": "sha256-fcu/r0ijvaYT2VHGkZGr0wq9uBMNFkiftVBy43/2oig=",
+        "lastModified": 1760146997,
+        "narHash": "sha256-x2sF8Q4tWz3DI166s+KFDXySrK+cN+/YEd3DfhnhBLQ=",
         "owner": "fufexan",
         "repo": "nix-gaming",
-        "rev": "2ac6a49266e9159ccb001b4c8cb1f50f67d502ae",
+        "rev": "ad505387568d024654da88fef03d9c5319cba92f",
         "type": "github"
       },
       "original": {
@@ -787,11 +787,11 @@
     },
     "nixpkgs-small": {
       "locked": {
-        "lastModified": 1759250113,
-        "narHash": "sha256-apF3ww4pPkxHI5c424Z6VYdImge1iZSP6TOH45lIqxU=",
+        "lastModified": 1760081104,
+        "narHash": "sha256-n9NgHBtZgLrT1FtJ2W9AvVKM7bXWBgqw/is739m72WQ=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "f579c51fd27e9f66c8236b26a47ed78b315f785d",
+        "rev": "872106a411643f96e2c9576d247cf96e7c8c1b97",
         "type": "github"
       },
       "original": {
@@ -803,11 +803,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1759036355,
-        "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=",
+        "lastModified": 1760038930,
+        "narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127",
+        "rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3",
         "type": "github"
       },
       "original": {
@@ -819,11 +819,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1759143472,
-        "narHash": "sha256-TvODmeR2W7yX/JmOCmP+lAFNkTT7hAxYcF3Kz8SZV3w=",
+        "lastModified": 1759994382,
+        "narHash": "sha256-wSK+3UkalDZRVHGCRikZ//CyZUJWDJkBDTQX1+G77Ow=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "5ed4e25ab58fd4c028b59d5611e14ea64de51d23",
+        "rev": "5da4a26309e796daa7ffca72df93dbe53b8164c7",
         "type": "github"
       },
       "original": {
@@ -862,11 +862,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759260470,
-        "narHash": "sha256-7KFWm6l+qJl+b1XAx9D8isjCb2kluJEGzquZxmJPEL4=",
+        "lastModified": 1760150127,
+        "narHash": "sha256-McDmxx/bruodgHLD4sFIl0fKkEkNj5VE3DglImfslrk=",
         "owner": "nix-community",
         "repo": "nur",
-        "rev": "2b8508603232941676978619d6d4b34fc9e0b486",
+        "rev": "886a5646695563cbae3c1e10369c6070c7645e73",
         "type": "github"
       },
       "original": {
@@ -968,11 +968,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759188042,
-        "narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=",
+        "lastModified": 1759635238,
+        "narHash": "sha256-UvzKi02LMFP74csFfwLPAZ0mrE7k6EiYaKecplyX9Qk=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d",
+        "rev": "6e5a38e08a2c31ae687504196a230ae00ea95133",
         "type": "github"
       },
       "original": {
@@ -1002,11 +1002,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1759050585,
-        "narHash": "sha256-Mj99rGy+K9jaQ85U2YWydZ9OKCIAdkxClrJlfG04GxU=",
+        "lastModified": 1759596342,
+        "narHash": "sha256-1Eda1V8pjpviMdBTdDXrFp7jkaUokIgXgBYTZyzDODk=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "3f71498ed14405aea347b9f5b7f56d97e64e904c",
+        "rev": "4d065856e936fc6a99ba55d39ac2df9ded6bedbe",
         "type": "github"
       },
       "original": {
@@ -1211,17 +1211,18 @@
       "original": {
         "owner": "e-tho",
         "repo": "ucodenix",
+        "rev": "ba7f0a366460e0fbea9622fc770cb982be0e4720",
         "type": "github"
       }
     },
     "wallpapers": {
       "flake": false,
       "locked": {
-        "lastModified": 1759117171,
-        "narHash": "sha256-Oyp4MKcld+tlZISm2HvuRErgHUb2mztpOH6v3g8B9uA=",
+        "lastModified": 1759463031,
+        "narHash": "sha256-9goyp+g9N4+9PA9V2QerTsxlVy9MA4LXufJaruj2MMs=",
         "ref": "refs/heads/main",
-        "rev": "0bc27e282a4c13d43139c4794e80a5951e4787b8",
-        "revCount": 1,
+        "rev": "0212af5b70347f0721cfe88c25e1efb77b645a2d",
+        "revCount": 2,
         "type": "git",
         "url": "https://git.servidos.lat/jawz/wallpapers.git"
       },

flake.nix

@@ -4,7 +4,7 @@
     nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.05";
     nixpkgs-small.url = "github:nixos/nixpkgs?ref=nixos-25.05-small";
     nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable";
-    ucodenix.url = "github:e-tho/ucodenix";
+    ucodenix.url = "github:e-tho/ucodenix/ba7f0a366460e0fbea9622fc770cb982be0e4720";
     doom-emacs = {
       url = "github:marienz/nix-doom-emacs-unstraightened/ad01165af00765af07989b6ad14115960ac675f8";
       inputs.nixpkgs.follows = "";

hosts/workstation/configuration.nix

@@ -1,5 +1,4 @@
 {
-  lib,
   pkgs,
   config,
   ...
@@ -36,7 +35,7 @@ in
     programs = {
       vscode = {
         enable = true;
-        package = pkgs.vscode;
+        package = pkgs.code-cursor-fhs;
       };
       ghostty = {
         enable = true;
@@ -50,26 +49,18 @@ in
   };
   networking = {
     hostName = "workstation";
-    firewall =
-      let
-        kdeconnectPortRange = {
+    firewall = {
+      allowedTCPPorts = [
+        6674 # ns-usbloader
+        8384 # syncthing
+      ];
+      allowedTCPPortRanges = [
+        {
           from = 1714;
           to = 1764;
-        };
-        ns-usbloaderPort = 6674;
-        syncthingPort = 8384;
-        openPorts = [
-          ns-usbloaderPort
-          syncthingPort
-        ];
-        openPortRanges = [ kdeconnectPortRange ];
-      in
-      {
-        allowedTCPPorts = openPorts;
-        allowedUDPPorts = openPorts;
-        allowedTCPPortRanges = openPortRanges;
-        allowedUDPPortRanges = openPortRanges;
-      };
+        }
+      ];
+    };
   };
   users.users.jawz.packages = [
     (pkgs.google-cloud-sdk.withExtraComponents [
@@ -96,7 +87,6 @@ in
         bign-handheld-thumbnailer
         gnome-epub-thumbnailer
         podman-compose
-        code-cursor
         scrcpy
         ;
       inherit (pkgs.libheif) out;
@@ -134,8 +124,9 @@ in
     ../../secrets/ssh/root-private-ca.pem
   ];
   services = {
-    flatpak.enable = lib.mkDefault false;
+    flatpak.enable = true;
     open-webui.enable = true;
+    tailscale.enable = true;
     scx = {
       enable = true;
       scheduler = "scx_lavd";
@@ -159,6 +150,5 @@ in
       capSysAdmin = true;
       openFirewall = true;
     };
-    tailscale.enable = true;
   };
 }

hosts/workstation/toggles.nix

@@ -12,7 +12,6 @@ in
   servers.drpp.enable = true;
   apps = enableList mkEnabled [
     "art"
-    "piano"
     "dictionaries"
     "fonts"
     "gaming"
@@ -25,7 +24,6 @@ in
   dev = enableList mkEnabled [
     "nix"
     "python"
-    "gameDev"
     "sh"
   ];
   shell = enableList mkEnabled [

modules/apps/art.nix

@@ -24,7 +24,6 @@ let
       mypaint-brushes # but it's got some
       mypaint-brushes1 # nice damn brushes
       blender # cgi animation and sculpting
-      drawpile # arty party with friends!!
       pureref # create inspiration/reference boards
       ;
   };

modules/apps/internet.nix

@@ -40,7 +40,6 @@ in
       inherit (pkgs)
         # thunderbird # email client
         warp # transfer files with based ppl
-        brave # crypto-browser that at least somewhat integrates with gtk
         nextcloud-client # self-hosted google-drive alternative
         fragments # beautiful torrent client
         tor-browser-bundle-bin # dark web, so dark!

modules/apps/librewolf.nix

@@ -7,6 +7,24 @@
   ];
   policies.DisabledFirefoxAccounts = false;
   profiles.jawz = {
+    containersForce = true;
+    containers = {
+      Private = {
+        id = 1;
+        icon = "chill";
+        color = "purple";
+      };
+      Work = {
+        id = 2;
+        icon = "briefcase";
+        color = "orange";
+      };
+      Banking = {
+        id = 3;
+        icon = "dollar";
+        color = "green";
+      };
+    };
     id = 0;
     name = "jawz";
     path = "jawz";
@@ -74,6 +92,9 @@
       "browser.safebrowsing.downloads.remote.block_uncommon" = false;
       # Enable anti-cookie tracking + purge trackers
       "privacy.annotate_channels.strict_list.enabled" = true;
+      # Enable Multi-Account Containers
+      "privacy.userContext.enabled" = true;
+      "privacy.userContext.ui.enabled" = true;
     };
   };
 }

modules/apps/misc.nix

@@ -9,7 +9,6 @@
   config = lib.mkIf config.my.apps.misc.enable {
     users.users.jawz.packages = builtins.attrValues {
       inherit (pkgs)
-        collector # stores things and throws them anywhere
         blanket # background noise
         metadata-cleaner # remove any metadata and geolocation from files
         pika-backup # backups

modules/apps/multimedia.nix

@@ -10,11 +10,9 @@
     users.users.jawz.packages = builtins.attrValues {
       inherit (pkgs)
         recordbox # libadwaita music player
-        pitivi # video editor
         celluloid # video player
         curtail # image compressor
         easyeffects # equalizer
-        handbrake # video converter, may be unnecessary
         identity # compare images or videos
         mousai # poor man shazam
         shortwave # listen to world radio

modules/modules.nix

@@ -93,7 +93,7 @@ in
     };
     email = lib.mkOption {
       type = lib.types.str;
-      default = "CaptainJawZ@protonmail.com";
+      default = "danilo.reyes.251@proton.me";
       description = "localhost smtp email";
     };
     timeZone = lib.mkOption {

modules/servers/stash.nix

@@ -1,7 +1,31 @@
-{ lib, config, ... }:
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
 let
   cfg = config.my.servers.stash;
+  cfgS = config.services.stash;
   setup = import ../factories/mkserver.nix { inherit lib config; };
+  stashPythonFHS = pkgs.buildFHSEnv {
+    name = "stash-python-fhs";
+    targetPkgs =
+      pkgs:
+      builtins.attrValues {
+        inherit (pkgs)
+          python3
+          gcc
+          glibc
+          ;
+        inherit (pkgs.python3Packages)
+          pip
+          virtualenv
+          ;
+        inherit (pkgs.stdenv.cc.cc) lib;
+      };
+    runScript = "bash";
+  };
 in
 {
   options.my.servers.stash = setup.mkOptions "stash" "xxx" 9999;
@@ -29,5 +53,19 @@ in
         ];
       };
     };
+    systemd.services.stash = {
+      environment = {
+        PYTHONPATH = "/var/lib/stash/venv/lib/python3.12/site-packages";
+        LD_LIBRARY_PATH = "${pkgs.stdenv.cc.cc.lib}/lib:${pkgs.glibc}/lib:${pkgs.zlib}/lib:${pkgs.libffi}/lib:${pkgs.openssl}/lib";
+      };
+      serviceConfig = {
+        BindReadOnlyPaths = lib.mkForce [ ];
+        BindPaths = lib.mkIf (cfgS.settings != { }) (map (stash: "${stash.path}") cfgS.settings.stash);
+      };
+    };
+    users.users.stash = {
+      isSystemUser = true;
+      packages = [ stashPythonFHS ];
+    };
   };
 }

scripts/list-schemes.sh

@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+# Script to list all available schemes from schemes.nix
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
+
+echo "Available schemes:"
+nix eval --raw --impure --expr "
+  let
+    pkgs = import <nixpkgs> {};
+    inputs = {};
+    utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
+  in
+  builtins.concatStringsSep \"\n\" utils.availableSchemes
+"
+
+echo -e "\nLight schemes:"
+nix eval --raw --impure --expr "
+  let
+    pkgs = import <nixpkgs> {};
+    inputs = {};
+    utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
+  in
+  builtins.concatStringsSep \"\n\" utils.lightSchemes
+"
+
+echo -e "\nDark schemes:"
+nix eval --raw --impure --expr "
+  let
+    pkgs = import <nixpkgs> {};
+    inputs = {};
+    utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
+  in
+  builtins.concatStringsSep \"\n\" utils.darkSchemes
+"
+
+echo -e "\nAvailable colors:"
+nix eval --raw --impure --expr "
+  let
+    pkgs = import <nixpkgs> {};
+    inputs = {};
+    utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
+  in
+  builtins.concatStringsSep \"\n\" utils.availableColors
+"

scripts/push-to-cache.sh

@@ -0,0 +1,125 @@
+#!/usr/bin/env bash
+# Script to push NixOS builds to Atticd cache
+
+set -euo pipefail
+
+# Colors for output
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# Configuration
+CACHE_NAME="servidos:nixos"
+CACHE_URL="https://cache.servidos.lat"
+
+echo -e "${BLUE}=========================================${NC}"
+echo -e "${BLUE}NixOS Build Cache Pusher${NC}"
+echo -e "${BLUE}=========================================${NC}"
+echo ""
+
+# Check if attic is available
+if ! command -v attic &> /dev/null; then
+    echo -e "${YELLOW}Error: attic is not installed or not in PATH${NC}"
+    exit 1
+fi
+
+# Check if ATTIC_TOKEN is set
+if [ -z "${ATTIC_TOKEN:-}" ]; then
+    echo -e "${YELLOW}Warning: ATTIC_TOKEN environment variable is not set${NC}"
+    echo "Please set it with: export ATTIC_TOKEN=your_token_here"
+    exit 1
+fi
+
+# Login to cache
+echo -e "${GREEN}→ Logging into cache...${NC}"
+attic login servidos "$CACHE_URL" "$ATTIC_TOKEN"
+
+# Determine what to push
+if [ $# -eq 0 ]; then
+    # No arguments - push all result* symlinks
+    if ls result* 1> /dev/null 2>&1; then
+        echo -e "${GREEN}→ Found result symlinks, pushing to cache...${NC}"
+        attic push "$CACHE_NAME" result*
+        echo -e "${GREEN}✓ Successfully pushed all results to cache!${NC}"
+    else
+        echo -e "${YELLOW}No result symlinks found. Build something first!${NC}"
+        echo ""
+        echo "Usage examples:"
+        echo "  1. Push all results:    $0"
+        echo "  2. Push specific path:  $0 /nix/store/xxxxx-nixos-system-xxx"
+        echo "  3. Push current config: $0 --current [hostname]"
+        exit 1
+    fi
+elif [ "$1" = "--current" ]; then
+    # Push current system configuration
+    HOSTNAME="${2:-$(hostname)}"
+    echo -e "${GREEN}→ Building current configuration for $HOSTNAME...${NC}"
+    nix build ".#nixosConfigurations.$HOSTNAME.config.system.build.toplevel" --print-out-paths | \
+        attic push "$CACHE_NAME" --stdin
+    echo -e "${GREEN}✓ Successfully pushed $HOSTNAME configuration to cache!${NC}"
+elif [ "$1" = "--all-schemes" ]; then
+    # Build and push all schemes
+    HOSTNAME="${2:-server}"
+    
+    # Get current directory
+    SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+    PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
+    
+    cd "$PROJECT_ROOT"
+    
+    # Get available schemes
+    SCHEMES=$(nix eval --raw --impure --expr '
+      let
+        pkgs = import <nixpkgs> {};
+        inputs = {};
+        utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
+      in
+      builtins.concatStringsSep " " utils.availableSchemes
+    ')
+    
+    echo -e "${GREEN}→ Building and pushing all schemes for $HOSTNAME...${NC}"
+    echo -e "Schemes: $SCHEMES"
+    echo ""
+    
+    # Store original scheme
+    ORIGINAL_SCHEME=$(grep -oP "scheme = schemesFile\.schemes\.\K\w+" config/stylix.nix)
+    echo -e "Original scheme: $ORIGINAL_SCHEME"
+    echo ""
+    
+    # Build and push each scheme
+    for scheme in $SCHEMES; do
+        echo -e "${BLUE}→ Processing $scheme...${NC}"
+        
+        # Update stylix.nix
+        sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$scheme;/" config/stylix.nix
+        
+        # Build and push
+        nix build ".#nixosConfigurations.$HOSTNAME.config.system.build.toplevel" \
+            --out-link "./result-$scheme"
+        attic push "$CACHE_NAME" "./result-$scheme"
+        
+        echo -e "${GREEN}✓ Completed $scheme${NC}"
+        echo ""
+    done
+    
+    # Restore original scheme
+    echo -e "${BLUE}→ Restoring original scheme: $ORIGINAL_SCHEME${NC}"
+    sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$ORIGINAL_SCHEME;/" config/stylix.nix
+    
+    echo -e "${GREEN}✓ All schemes pushed successfully!${NC}"
+else
+    # Push specific store path(s)
+    echo -e "${GREEN}→ Pushing specified path(s) to cache...${NC}"
+    for path in "$@"; do
+        echo "  - $path"
+        echo "$path" | attic push "$CACHE_NAME" --stdin
+    done
+    echo -e "${GREEN}✓ Successfully pushed to cache!${NC}"
+fi
+
+echo ""
+echo -e "${BLUE}=========================================${NC}"
+echo -e "${GREEN}Cache push completed!${NC}"
+echo -e "${BLUE}=========================================${NC}"
+

scripts/scheme-utils.nix

@@ -0,0 +1,28 @@
+{ pkgs, inputs }:
+let
+  schemesConfig = import ../config/schemes.nix { inherit pkgs inputs; };
+  availableSchemes = builtins.attrNames schemesConfig.schemes;
+in
+{
+  inherit availableSchemes;
+  lightSchemes = builtins.filter (
+    name: schemesConfig.schemes.${name}.polarity == "light"
+  ) availableSchemes;
+  darkSchemes = builtins.filter (
+    name: schemesConfig.schemes.${name}.polarity == "dark"
+  ) availableSchemes;
+  schemesByColor =
+    color: builtins.filter (name: schemesConfig.schemes.${name}.color == color) availableSchemes;
+  getScheme = name: schemesConfig.schemes.${name};
+  isValidScheme = name: builtins.hasAttr name schemesConfig.schemes;
+  availableColors = pkgs.lib.unique (
+    builtins.filter (color: color != null) (
+      builtins.map (name: schemesConfig.schemes.${name}.color) availableSchemes
+    )
+  );
+  availableBase16Schemes = pkgs.lib.unique (
+    builtins.filter (name: name != null) (
+      builtins.map (name: schemesConfig.schemes.${name}.name) availableSchemes
+    )
+  );
+}

secrets/gallery.yaml

@@ -1,5 +1,5 @@
 gallery-dl:
-    secrets: ENC[AES256_GCM,data:5K9B7XZ3dOL1BIXLUvlE5D9xLkKkagvh2mMkFtd+6gJUJqPDwerp9QDcATeqiJLz54DGB1JI6podlCm8N3qVbA3aMHroSiAd2YaldqvLkh76vGDhfI6pAfYWmjLYR7KR/Qy5sy7qhkNmvhwV34JiqXMdfDaWDE9y9Zgqq3lyS/8mYixNh0sz9Pc7ohcIHpwVNcESxaPW9BCpzHOwhtZKqqgLTUrHCyO14YR1+hB+nGXnmtaFcFVDjb0ctHsgL8+R5Kw1oAE7s8fM+ghnKNqPusSVomTaNIQI8VMbk0YQyPsHn9zKEocjUEpwX7WdWmNLNjuYl29+NnJS7VCSOsZmqhNlKJMIvQ3v19UNIQG5/hB3QlBIlEr615W8l5q8jdD+twzufGkEnCIfZzn+T9UDijNlmZhK19lhOpF+mdi7vpzyJFrIK0JfFfRYnyvXOHIcDKK4rsMFTT8U04WM9PpYrUxWDmMMlAZsJ+Jj6d0jpRYsoB4C5ODKRa5V27wnhp9DQiQOAqvfYnUtCAFnFEqVu7qaa5WcQhG211Nhdcpvtyp/8sDXgZBTT/E8JTtG8YbSNUZxw3xE7fyp4Bdnb+bxbdcgVRGkFwZShu2qWF1Ckj4Lr2xzaBu+fGtUDqPnMq0PgQeRIVP/NsbtavrlISWhB5Ctw4QSRvGMTi5JqvhmLEWi5wvimYzt91aGj2tm/k8AOTtwwjK4iZyWKxE1PsjwmKwiEJZvTRKLTySxomqHDg1TOKGmAcJK/wCG7kO9ETp+yZxv1Sv3L7ZeCfyzM4fupRiPytbIMfeJsq6PxTpJGlD7lDC0EXUjRKV8JD8vnP91F0HXoZQ3tyb27/1BmZ/nSx3iGcmXhlV7eLgLS3MIpBChjget8d7oE4NnxBGrX8YoVFJzAUH5UawVNFHa3y/rKqUsS51vn0Q0Wxl+uK3KtK90TdML6VNW8HywWiNer5tbIY+Kl6I=,iv:4Sa8LyNhp2EyarQpQ19jJZFUAINmfuw3EnUVhiYGCJg=,tag:o5rLdUbGjao+SJ9Cqtr+jA==,type:str]
+    secrets: ENC[AES256_GCM,data:mU3qzDzrn2Q0AhMnrJAsxvpz3FECLl45RFmyvoWEMaoW52vKE62o8gUl2rWmihNrsR0YTxmjmxj2Ey0eoRHbH+SSg78GbveKxwqGS/SWxEY3Nr45p4h/rdgDFUcFBqSIOKuJxGSMLHiprAjET7h0NWbRAUL9QPVnAPT41YeZyiaZS5Y1hpvpMxlQF1XrPYgrBR35ZnraTdcYDhPf/UBnhWxQLsOLs4SKD6Bzy1OEjk6tkajhv3ZKrcbp3S1BGrirTm/WNZTEHqiTGiXQAirmY2BmF0YkkDCVWgTMCRc9o54k7KDw8WDRuZcGso7Gh6h0jkgppnjuRGyfUkFXa3bsfni47Ct0XFhUyJvzcG3juRYAAEdOj8Pgc2tF483hxmfzE19TEYC+4hxVpCfmJb//v8M01bsRLIR4eP0EMl5IkvomC7xSiUq1TqBhD6AMgmz2LthFoTIpCEgMNxzhpMf+zppxjfnDPDPZhkzed317HLEAuxAcLfzc+6ZV1gDZ+HUArR3+I3Z/dSwi5wh247c74Qi/sc41fZuhqtPTjeO6Ag2sn5zw28QF/vTkRMWyVqARiBHGkeE5MJjc24eMqZceWSGDwtxqX22kNTyU0ELUeNq94Mynqq4YcCp4bdk/2R/3eRM9ZQLGC0KvdmIizeVq5PI0t1RfdRupLHm8U0AWOpnB1Osxz1Xoab/1npOQABdEEPm+wWq3jIPyDOxtWUjW3EjrYaOnz/6GF0Wme9g7sMkfGC80Uvz3nxNVAT7eqp6bVcnlpGW/zTAbZe8UXBdmL7rjkO/CR5GhI+VOczVobzkkZPLFU5Fi4HqfPyQjXRufFWYjw5XO3hFs9T4hO3z5tl601B/TxGmV+hL0JOJQyZpYEryWxU5ScANAfHdZyPAJVoIm3udj5K1Ry4CIVBE0ltCZ489Kr4KjP4ZhvPMdb3KlNYuR6MJwwi6O85OTqaQAujeKeqk=,iv:eNSqKEW5kxINC4MKuWos1OLQ7f7821ot5JoN7fMFZXw=,tag:JkppEJr3O4aQR415MM5fqg==,type:str]
 sops:
     age:
         - recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37
@@ -38,7 +38,7 @@ sops:
             d0YvYk8vNitDbzNCQ1VqS20xUWx6ZDgK+kIRATTtC0Vd7/uPf8E4pIans79Ksh6J
             Y77+owFFw1AvQ3KvaI7QVfKW61MzxI+S1bWqI3ZNOJ19Qv4ZoVhnVg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-02T18:11:48Z"
-    mac: ENC[AES256_GCM,data:qKoRMXroUtMaH1yrgNQxUPX8FpUmLmNU29zyzfnKkmiLoPsWNsogHxNVkqosyvbW0y0w6XnQh4OrSd4FF3fi8ZuJfk54jDWO7jlXFRk+07OobPgngYvNXLw76BNkXnAtxcduV2cTuSY6XwnwE0LtxFDmkM8N/AxIC8jhKkGQtwY=,iv:n3yBotpOggFvSUnboAG1L7pJMMi1PfV8KsSHN3/Li8c=,tag:4D5TqqroQBZNKUYol/ZCHg==,type:str]
+    lastmodified: "2025-10-10T05:09:54Z"
+    mac: ENC[AES256_GCM,data:N/BwfrwWcnot36Kn6RFZjjpUIluzq5Upy5iVVV4XSs+/0PYdlZGytjoAB+E3gXyPsLZ93UqI0A9/5KbfXBuR2oY2F7iKsu5puzgyYWa0Gl2z9YcPnyDnk1dj7Ne77xJlqR9YquGzFKF8QdqFXFA9cdE3b/1usTFhP26oxofMXs0=,iv:Iz/LzS8yeKQgDiGchYdKNymBeekhopJtBWaQGOwRZlE=,tag:hMRwxJlKR21W7otW01GmGw==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.11.0