dockerfile lsp moved to pkgs

.gitea/workflows/build-on-push.yml

@@ -0,0 +1,54 @@
+name: Build on Push
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch: # Allow manual trigger
+
+jobs:
+  build-configurations:
+    runs-on: nixos
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Configure Attic cache
+        run: |
+          # Configure attic client to use your cache server
+          attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
+
+      - name: Build workstation configuration
+        run: |
+          echo "Building workstation configuration..."
+          nix build .#nixosConfigurations.workstation.config.system.build.toplevel --quiet
+
+      - name: Build server configuration
+        run: |
+          echo "Building server configuration..."
+          nix build .#nixosConfigurations.server.config.system.build.toplevel --quiet
+
+      - name: Build emacs-vm configuration
+        run: |
+          echo "Building emacs-vm configuration..."
+          nix build .#emacs-vm --quiet
+
+      - name: Push to cache
+        run: |
+          echo "Pushing builds to cache..."
+          # Push all built derivations to cache
+          if ls result* 1> /dev/null 2>&1; then
+            attic push servidos:nixos result*
+          fi
+
+          # Push the specific system derivations we just built
+          nix build .#nixosConfigurations.workstation.config.system.build.toplevel --print-out-paths | attic push servidos:nixos --stdin
+          nix build .#nixosConfigurations.server.config.system.build.toplevel --print-out-paths | attic push servidos:nixos --stdin
+          nix build .#emacs-vm --print-out-paths | attic push servidos:nixos --stdin
+
+      - name: Summary
+        run: |
+          echo "✅ Build on push completed successfully!"
+          echo "- Built workstation, server, and emacs-vm configurations"
+          echo "- Pushed all builds to Atticd cache"
+

.gitea/workflows/build-schemes.yml

@@ -0,0 +1,92 @@
+name: Build All Color Schemes
+
+on:
+  push:
+    paths:
+      - "config/schemes.nix"
+      - "config/scheme-utils.nix"
+  workflow_dispatch:
+
+jobs:
+  build-schemes:
+    runs-on: nixos
+    env:
+      HOSTNAME: server
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Get available schemes
+        id: schemes
+        run: |
+          SCHEMES=$(nix eval --raw --impure --expr '
+            let
+              pkgs = import <nixpkgs> {};
+              inputs = {};
+              utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
+            in
+            builtins.concatStringsSep " " utils.availableSchemes
+          ')
+          echo "schemes=$SCHEMES" >> $GITEA_OUTPUT
+          echo "Available schemes: $SCHEMES"
+
+      - name: Configure Attic cache
+        run: |
+          # Configure attic client to use your cache server
+          attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
+
+      - name: Build and push all schemes
+        run: |
+          echo "Building and pushing all schemes..."
+
+          # Store original scheme
+          ORIGINAL_SCHEME=$(grep -oP "scheme = schemesFile\.schemes\.\K\w+" config/stylix.nix)
+          echo "Original scheme: $ORIGINAL_SCHEME"
+
+          # Build and push each scheme
+          for scheme in ${{ steps.schemes.outputs.schemes }}; do
+            echo "========================================="
+            echo "Processing scheme: $scheme"
+            echo "========================================="
+
+            # Update stylix.nix to use this scheme
+            sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$scheme;/" config/stylix.nix
+
+            # Verify the change
+            grep "scheme = schemesFile.schemes" config/stylix.nix
+
+            # Build the configuration
+            echo "Building $scheme..."
+            nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
+              --out-link ./result-$scheme \
+              --quiet
+
+            # Push to cache
+            echo "Pushing $scheme to cache..."
+            attic push servidos:nixos ./result-$scheme
+
+            # Also push using print-out-paths for better cache coverage
+            nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
+              --print-out-paths \
+              --quiet | attic push servidos:nixos --stdin
+
+            echo "✓ Completed $scheme"
+            echo ""
+          done
+
+          # Restore original scheme
+          echo "Restoring original scheme: $ORIGINAL_SCHEME"
+          sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$ORIGINAL_SCHEME;/" config/stylix.nix
+
+          echo "========================================="
+          echo "All schemes built and pushed successfully!"
+          echo "========================================="
+
+      - name: Summary
+        run: |
+          SCHEME_COUNT=$(echo "${{ steps.schemes.outputs.schemes }}" | wc -w)
+          echo "✅ Color scheme builds completed successfully!"
+          echo "- Built $SCHEME_COUNT schemes: ${{ steps.schemes.outputs.schemes }}"
+          echo "- Pushed all builds to Atticd cache"
+          echo ""
+          echo "You can now switch schemes quickly without waiting for builds!"

.gitea/workflows/weekly-build-cache.yml

@@ -12,7 +12,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.GITEA_TOKEN }}
 
       - name: Configure Git for automated commits
         run: |
@@ -27,10 +27,10 @@ jobs:
         id: check_changes
         run: |
           if git diff --quiet flake.lock; then
-            echo "changes=false" >> $GITHUB_OUTPUT
+            echo "changes=false" >> $GITEA_OUTPUT
             echo "No changes in flake.lock"
           else
-            echo "changes=true" >> $GITHUB_OUTPUT
+            echo "changes=true" >> $GITEA_OUTPUT
             echo "Changes detected in flake.lock"
           fi
 
@@ -38,7 +38,7 @@ jobs:
         if: steps.check_changes.outputs.changes == 'true'
         run: |
           # Configure attic client to use your cache server
-          attic login servidos https://cache.servidos.lat ${{ secrets.ATTIC_TOKEN }}
+          attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
 
       - name: Build workstation configuration
         if: steps.check_changes.outputs.changes == 'true'

.github/workflows/build-schemes.yml

@@ -1,92 +0,0 @@
-name: Build All Color Schemes
-
-on:
-  push:
-    paths:
-      - 'config/schemes.nix'
-      - 'config/scheme-utils.nix'
-  workflow_dispatch:
-
-jobs:
-  build-schemes:
-    runs-on: nixos
-    env:
-      HOSTNAME: server
-    
-    steps:
-    - uses: actions/checkout@v4
-    
-    - name: Get available schemes
-      id: schemes
-      run: |
-        SCHEMES=$(nix eval --raw --impure --expr '
-          let
-            pkgs = import <nixpkgs> {};
-            inputs = {};
-            utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
-          in
-          builtins.concatStringsSep " " utils.availableSchemes
-        ')
-        echo "schemes=$SCHEMES" >> $GITHUB_OUTPUT
-        echo "Available schemes: $SCHEMES"
-    
-    - name: Configure Attic cache
-      run: |
-        # Configure attic client to use your cache server
-        attic login servidos https://cache.servidos.lat ${{ secrets.ATTIC_TOKEN }}
-    
-    - name: Build and push all schemes
-      run: |
-        echo "Building and pushing all schemes..."
-        
-        # Store original scheme
-        ORIGINAL_SCHEME=$(grep -oP "scheme = schemesFile\.schemes\.\K\w+" config/stylix.nix)
-        echo "Original scheme: $ORIGINAL_SCHEME"
-        
-        # Build and push each scheme
-        for scheme in ${{ steps.schemes.outputs.schemes }}; do
-          echo "========================================="
-          echo "Processing scheme: $scheme"
-          echo "========================================="
-          
-          # Update stylix.nix to use this scheme
-          sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$scheme;/" config/stylix.nix
-          
-          # Verify the change
-          grep "scheme = schemesFile.schemes" config/stylix.nix
-          
-          # Build the configuration
-          echo "Building $scheme..."
-          nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
-            --out-link ./result-$scheme \
-            --quiet
-          
-          # Push to cache
-          echo "Pushing $scheme to cache..."
-          attic push servidos:nixos ./result-$scheme
-          
-          # Also push using print-out-paths for better cache coverage
-          nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
-            --print-out-paths \
-            --quiet | attic push servidos:nixos --stdin
-          
-          echo "✓ Completed $scheme"
-          echo ""
-        done
-        
-        # Restore original scheme
-        echo "Restoring original scheme: $ORIGINAL_SCHEME"
-        sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$ORIGINAL_SCHEME;/" config/stylix.nix
-        
-        echo "========================================="
-        echo "All schemes built and pushed successfully!"
-        echo "========================================="
-    
-    - name: Summary
-      run: |
-        SCHEME_COUNT=$(echo "${{ steps.schemes.outputs.schemes }}" | wc -w)
-        echo "✅ Color scheme builds completed successfully!"
-        echo "- Built $SCHEME_COUNT schemes: ${{ steps.schemes.outputs.schemes }}"
-        echo "- Pushed all builds to Atticd cache"
-        echo ""
-        echo "You can now switch schemes quickly without waiting for builds!"

config/home-manager.nix

@@ -31,14 +31,20 @@ in
     };
     git = {
       enable = true;
-      delta.enable = true;
+      settings = {
-      userName = "Danilo Reyes";
-      userEmail = osConfig.my.email;
-      extraConfig = {
-        init.defaultBranch = "main";
         pull.rebase = true;
+        init.defaultBranch = "main";
+        user = {
+          inherit (osConfig.my) email;
+          name = "Danilo Reyes";
         };
       };
+    };
+    delta = {
+      enable = true;
+      enableGitIntegration = true;
+    };
+    ssh.enableDefaultConfig = false;
     bash = lib.mkIf (shellType == "bash") {
       enable = true;
       historyFile = "\${XDG_STATE_HOME}/bash/history";

config/jawz.nix

@@ -30,9 +30,11 @@ in
     home.file.".librewolf/.stignore".source = ../dotfiles/stignore;
     programs.ssh = lib.mkIf config.my.secureHost {
       enable = true;
+      enableDefaultConfig = false;
       matchBlocks = {
-        linode = {
+        vps = {
-          hostname = config.my.ips.linode;
+          hostname = config.my.ips.vps;
+          user = "jawz";
           port = 3456;
           identityFile = config.sops.secrets."private_keys/${hostName}".path;
         };
@@ -74,7 +76,8 @@ in
       "miniserver"
       "galaxy"
       "phone"
-      "linode"
+      "vps"
+      "windows_vm"
     ];
   };
 }

config/stylix.nix

@@ -11,7 +11,7 @@ let
   };
   scheme = schemesFile.schemes.febroary;
   cfg = config.my.stylix;
-  gnomeEnabled = config.services.xserver.desktopManager.gnome.enable;
+  gnomeEnabled = config.services.desktopManager.gnome.enable;
 in
 {
   options.my.stylix.enable = lib.mkEnableOption "system-wide theming with Stylix";

dotfiles/stignore

@@ -1,6 +1,7 @@
 (?d)jawz/chrome/userChrome.css
 (?d)jawz/chrome/userContent.css
 (?d)jawz/lock
+(?d)jawz/storage
 (?d)jawz/user.js
 (?d)native-messaging-hosts/org.gnome.browser_connector.json
 (?d)native-messaging-hosts/org.gnome.chrome_gnome_shell.json

environments/gnome.nix

@@ -1,21 +1,13 @@
 {
   pkgs,
-  lib,
   ...
 }:
 {
   qt.enable = true;
   services = {
     gvfs.enable = true;
-    libinput.enable = true;
-    xserver = {
-      enable = true;
     displayManager.gdm.enable = true;
-      desktopManager = {
+    desktopManager.gnome.enable = true;
-        gnome.enable = true;
-        xterm.enable = lib.mkForce false;
-      };
-    };
   };
   environment.gnome.excludePackages = builtins.attrValues {
     inherit (pkgs)

environments/hyprland.nix

@@ -13,7 +13,7 @@ in
   services.greetd = {
     enable = true;
     settings.default_session = {
-      command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd Hyprland";
+      command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd Hyprland";
       user = "greeter";
     };
   };

flake.lock

@@ -20,11 +20,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1760101617,
+        "lastModified": 1762356719,
-        "narHash": "sha256-8jf/3ZCi+B7zYpIyV04+3wm72BD7Z801IlOzsOACR7I=",
+        "narHash": "sha256-qwd/xdoOya1m8FENle+4hWnydCtlXUWLAW/Auk6WL7s=",
         "owner": "hyprwm",
         "repo": "aquamarine",
-        "rev": "1826a9923881320306231b1c2090379ebf9fa4f8",
+        "rev": "6d0b3567584691bf9d8fedb5d0093309e2f979c7",
         "type": "github"
       },
       "original": {
@@ -216,11 +216,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1760948891,
+        "lastModified": 1762440070,
-        "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
+        "narHash": "sha256-xxdepIcb39UJ94+YydGP221rjnpkDZUlykKuF54PsqI=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
+        "rev": "26d05891e14c88eb4a5d5bee659c0db5afb609d8",
         "type": "github"
       },
       "original": {
@@ -234,11 +234,11 @@
         "nixpkgs-lib": "nixpkgs-lib_2"
       },
       "locked": {
-        "lastModified": 1760813311,
+        "lastModified": 1762040540,
-        "narHash": "sha256-lbHQ7FXGzt6/IygWvJ1lCq+Txcut3xYYd6VIpF1ojkg=",
+        "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "4e627ac2e1b8f1de7f5090064242de9a259dbbc8",
+        "rev": "0010412d62a25d959151790968765a70c436598b",
         "type": "github"
       },
       "original": {
@@ -333,11 +333,11 @@
         "rev": "edea9d2aaf2f4e0481fbbb8e26f68a9f39248e3f",
         "revCount": 2,
         "type": "git",
-        "url": "https://git.servidos.lat/jawz/fonts.git"
+        "url": "https://git.lebubu.org/jawz/fonts.git"
       },
       "original": {
         "type": "git",
-        "url": "https://git.servidos.lat/jawz/fonts.git"
+        "url": "https://git.lebubu.org/jawz/fonts.git"
       }
     },
     "fromYaml": {
@@ -381,16 +381,16 @@
     "gnome-shell": {
       "flake": false,
       "locked": {
-        "lastModified": 1744584021,
+        "lastModified": 1748186689,
-        "narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=",
+        "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=",
         "owner": "GNOME",
         "repo": "gnome-shell",
-        "rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae",
+        "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0",
         "type": "github"
       },
       "original": {
         "owner": "GNOME",
-        "ref": "48.1",
+        "ref": "48.2",
         "repo": "gnome-shell",
         "type": "github"
       }
@@ -402,16 +402,15 @@
         ]
       },
       "locked": {
-        "lastModified": 1758463745,
+        "lastModified": 1762463325,
-        "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
+        "narHash": "sha256-33YUsWpPyeBZEWrKQ2a1gkRZ7i0XCC/2MYpU6BVeQSU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
+        "rev": "0562fef070a1027325dd4ea10813d64d2c967b39",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-25.05",
         "repo": "home-manager",
         "type": "github"
       }
@@ -461,11 +460,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1760445448,
+        "lastModified": 1762462052,
-        "narHash": "sha256-fXGjL6dw31FPFRrmIemzGiNSlfvEJTJNsmadZi+qNhI=",
+        "narHash": "sha256-6roLYzcDf4V38RUMSqycsOwAnqfodL6BmhRkUtwIgdA=",
         "owner": "hyprwm",
         "repo": "hyprgraphics",
-        "rev": "50fb9f069219f338a11cf0bcccb9e58357d67757",
+        "rev": "ffc999d980c7b3bca85d3ebd0a9fbadf984a8162",
         "type": "github"
       },
       "original": {
@@ -479,11 +478,11 @@
         "aquamarine": "aquamarine",
         "hyprcursor": "hyprcursor",
         "hyprgraphics": "hyprgraphics",
+        "hyprland-guiutils": "hyprland-guiutils",
         "hyprland-protocols": "hyprland-protocols",
-        "hyprland-qtutils": "hyprland-qtutils",
         "hyprlang": "hyprlang",
         "hyprutils": "hyprutils",
-        "hyprwayland-scanner": "hyprwayland-scanner",
+        "hyprwayland-scanner": "hyprwayland-scanner_2",
         "nixpkgs": [
           "nixpkgs"
         ],
@@ -492,11 +491,11 @@
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1761340761,
+        "lastModified": 1762542520,
-        "narHash": "sha256-j12amQpLU23PbblMzw8Tt4whr2PxjP6XXYH99uYGFGc=",
+        "narHash": "sha256-hMWWVGEoJRNDaAJxHoL1YL+IXGxdQooEw8lABELVopg=",
         "owner": "hyprwm",
         "repo": "Hyprland",
-        "rev": "da04afa44e7545771b08f8e0defd2cd1810f1613",
+        "rev": "522edc87126a48f3ce4891747b6a92a22385b1e7",
         "type": "github"
       },
       "original": {
@@ -505,6 +504,48 @@
         "type": "github"
       }
     },
+    "hyprland-guiutils": {
+      "inputs": {
+        "aquamarine": [
+          "hyprland",
+          "aquamarine"
+        ],
+        "hyprgraphics": [
+          "hyprland",
+          "hyprgraphics"
+        ],
+        "hyprlang": [
+          "hyprland",
+          "hyprlang"
+        ],
+        "hyprtoolkit": "hyprtoolkit",
+        "hyprutils": [
+          "hyprland",
+          "hyprutils"
+        ],
+        "nixpkgs": [
+          "hyprland",
+          "nixpkgs"
+        ],
+        "systems": [
+          "hyprland",
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1762465111,
+        "narHash": "sha256-dS13YZdWjgGGLBjpT4FHB6xf8I/WiAU+mgNWXsZgDUs=",
+        "owner": "hyprwm",
+        "repo": "hyprland-guiutils",
+        "rev": "a415eba866a953f3096d661318f771aa0082eb98",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "hyprland-guiutils",
+        "type": "github"
+      }
+    },
     "hyprland-protocols": {
       "inputs": {
         "nixpkgs": [
@@ -530,74 +571,6 @@
         "type": "github"
       }
     },
-    "hyprland-qt-support": {
-      "inputs": {
-        "hyprlang": [
-          "hyprland",
-          "hyprland-qtutils",
-          "hyprlang"
-        ],
-        "nixpkgs": [
-          "hyprland",
-          "hyprland-qtutils",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "hyprland-qtutils",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1749154592,
-        "narHash": "sha256-DO7z5CeT/ddSGDEnK9mAXm1qlGL47L3VAHLlLXoCjhE=",
-        "owner": "hyprwm",
-        "repo": "hyprland-qt-support",
-        "rev": "4c8053c3c888138a30c3a6c45c2e45f5484f2074",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprland-qt-support",
-        "type": "github"
-      }
-    },
-    "hyprland-qtutils": {
-      "inputs": {
-        "hyprland-qt-support": "hyprland-qt-support",
-        "hyprlang": [
-          "hyprland",
-          "hyprlang"
-        ],
-        "hyprutils": [
-          "hyprland",
-          "hyprland-qtutils",
-          "hyprlang",
-          "hyprutils"
-        ],
-        "nixpkgs": [
-          "hyprland",
-          "nixpkgs"
-        ],
-        "systems": [
-          "hyprland",
-          "systems"
-        ]
-      },
-      "locked": {
-        "lastModified": 1759080228,
-        "narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=",
-        "owner": "hyprwm",
-        "repo": "hyprland-qtutils",
-        "rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hyprwm",
-        "repo": "hyprland-qtutils",
-        "type": "github"
-      }
-    },
     "hyprlang": {
       "inputs": {
         "hyprutils": [
@@ -627,6 +600,54 @@
         "type": "github"
       }
     },
+    "hyprtoolkit": {
+      "inputs": {
+        "aquamarine": [
+          "hyprland",
+          "hyprland-guiutils",
+          "aquamarine"
+        ],
+        "hyprgraphics": [
+          "hyprland",
+          "hyprland-guiutils",
+          "hyprgraphics"
+        ],
+        "hyprlang": [
+          "hyprland",
+          "hyprland-guiutils",
+          "hyprlang"
+        ],
+        "hyprutils": [
+          "hyprland",
+          "hyprland-guiutils",
+          "hyprutils"
+        ],
+        "hyprwayland-scanner": "hyprwayland-scanner",
+        "nixpkgs": [
+          "hyprland",
+          "hyprland-guiutils",
+          "nixpkgs"
+        ],
+        "systems": [
+          "hyprland",
+          "hyprland-guiutils",
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1762463729,
+        "narHash": "sha256-2fYkU/mdz8WKY3dkDPlE/j6hTxIwqultsx4gMMsMns0=",
+        "owner": "hyprwm",
+        "repo": "hyprtoolkit",
+        "rev": "88483bdee5329ec985f0c8f834c519cd18cfe532",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "hyprtoolkit",
+        "type": "github"
+      }
+    },
     "hyprutils": {
       "inputs": {
         "nixpkgs": [
@@ -639,11 +660,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759619523,
+        "lastModified": 1762387740,
-        "narHash": "sha256-r1ed7AR2ZEb2U8gy321/Xcp1ho2tzn+gG1te/Wxsj1A=",
+        "narHash": "sha256-gQ9zJ+pUI4o+Gh4Z6jhJll7jjCSwi8ZqJIhCE2oqwhQ=",
         "owner": "hyprwm",
         "repo": "hyprutils",
-        "rev": "3df7bde01efb3a3e8e678d1155f2aa3f19e177ef",
+        "rev": "926689ddb9c0a8787e58c02c765a62e32d63d1f7",
         "type": "github"
       },
       "original": {
@@ -653,6 +674,35 @@
       }
     },
     "hyprwayland-scanner": {
+      "inputs": {
+        "nixpkgs": [
+          "hyprland",
+          "hyprland-guiutils",
+          "hyprtoolkit",
+          "nixpkgs"
+        ],
+        "systems": [
+          "hyprland",
+          "hyprland-guiutils",
+          "hyprtoolkit",
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1755184602,
+        "narHash": "sha256-RCBQN8xuADB0LEgaKbfRqwm6CdyopE1xIEhNc67FAbw=",
+        "owner": "hyprwm",
+        "repo": "hyprwayland-scanner",
+        "rev": "b3b0f1f40ae09d4447c20608e5a4faf8bf3c492d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hyprwm",
+        "repo": "hyprwayland-scanner",
+        "type": "github"
+      }
+    },
+    "hyprwayland-scanner_2": {
       "inputs": {
         "nixpkgs": [
           "hyprland",
@@ -685,17 +735,17 @@
         "sudoku-solver": "sudoku-solver"
       },
       "locked": {
-        "lastModified": 1760073554,
+        "lastModified": 1762659856,
-        "narHash": "sha256-Ydqg/9lpoha2vgspjviqeRh6/tsWN+pZcUxn1ZyrFZM=",
+        "narHash": "sha256-cyU8tuUPWZnkOnyWoH1x43+mmukaMoN+8vNxjWnVDv8=",
         "ref": "refs/heads/master",
-        "rev": "5c13b806a094f3605e2da70e133551848ad8d9a9",
+        "rev": "4e91264f0f2bee992231f91621c10f857fb37edd",
-        "revCount": 109,
+        "revCount": 118,
         "type": "git",
-        "url": "https://git.servidos.lat/jawz/scripts.git"
+        "url": "https://git.lebubu.org/jawz/scripts.git"
       },
       "original": {
         "type": "git",
-        "url": "https://git.servidos.lat/jawz/scripts.git"
+        "url": "https://git.lebubu.org/jawz/scripts.git"
       }
     },
     "nix-gaming": {
@@ -706,11 +756,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1761356901,
+        "lastModified": 1762566515,
-        "narHash": "sha256-YDySchURSJrS1P8zuzmFqypUS7shY6//0e0JiMZeLSI=",
+        "narHash": "sha256-gIPh4l5MBs0/ETmF8ep7b6u6c2y2wyBBcD9Vk4l4p/Y=",
         "owner": "fufexan",
         "repo": "nix-gaming",
-        "rev": "a8635e459ff96acbd156a8de613b99d9d6b3676a",
+        "rev": "9bb3ba9d192aeebc18a14c4c29140a78f0b28a7f",
         "type": "github"
       },
       "original": {
@@ -773,11 +823,11 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1754788789,
+        "lastModified": 1761765539,
-        "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
+        "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
+        "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc",
         "type": "github"
       },
       "original": {
@@ -788,11 +838,11 @@
     },
     "nixpkgs-lib_2": {
       "locked": {
-        "lastModified": 1754788789,
+        "lastModified": 1761765539,
-        "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
+        "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
+        "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc",
         "type": "github"
       },
       "original": {
@@ -821,27 +871,27 @@
     },
     "nixpkgs-small": {
       "locked": {
-        "lastModified": 1761294158,
+        "lastModified": 1762658878,
-        "narHash": "sha256-woFH58dy/EDeL1Li4IarZE9+0p0zdPmCsxCvKA7oYu4=",
+        "narHash": "sha256-RG0StVygqNxDkAb0rRs+WvavmU1NOKpQcSFf+IZENgk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "e7b2e554a77018dec2f259b782d062500c133d49",
+        "rev": "268853f436c12f665c5d9c4d40caf5e0ccf182d9",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-25.05-small",
+        "ref": "master",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1761114652,
+        "lastModified": 1762363567,
-        "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=",
+        "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c",
+        "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4",
         "type": "github"
       },
       "original": {
@@ -853,16 +903,16 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1761173472,
+        "lastModified": 1762631752,
-        "narHash": "sha256-m9W0dYXflzeGgKNravKJvTMR4Qqa2MVD11AwlGMufeE=",
+        "narHash": "sha256-svy+dTuq/qnfPZHH0Bo3QRYdv+S05ZZGf0vpXfQRd+U=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c8aa8cc00a5cb57fada0851a038d35c08a36a2bb",
+        "rev": "b6dff13a853160527ae3d111e2685df2468431f1",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-25.05",
+        "ref": "master",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -896,11 +946,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1761364085,
+        "lastModified": 1762630843,
-        "narHash": "sha256-4BKMXhQ8SSYOo9NoK221fVYM86xMw5smoqHvwmLaDEo=",
+        "narHash": "sha256-v9KMIzeHdIwdiItAuzZIkuEtoNng3wXNWVa7vSJAcpU=",
         "owner": "nix-community",
         "repo": "nur",
-        "rev": "e9f1e9e9cb027dd87785534261d0feb0097dfcfa",
+        "rev": "6dc13799694bfe61e1bedbcaf18200a762ea2d7a",
         "type": "github"
       },
       "original": {
@@ -945,11 +995,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1760663237,
+        "lastModified": 1762441963,
-        "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=",
+        "narHash": "sha256-j+rNQ119ffYUkYt2YYS6rnd6Jh/crMZmbqpkGLXaEt0=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37",
+        "rev": "8e7576e79b88c16d7ee3bbd112c8d90070832885",
         "type": "github"
       },
       "original": {
@@ -1037,16 +1087,15 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1760478648,
+        "lastModified": 1762264356,
-        "narHash": "sha256-Y4l+Y3zUvqIDbyLrtOrzNvp1o50Fp9TYK+iwtwweFU4=",
+        "narHash": "sha256-QVfC53Ri+8n3e7Ujx9kq6all3+TLBRRPRnc6No5qY5w=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "1ec254101285777db13922303cc47ded06e10bb3",
+        "rev": "647bb8dd96a206a1b79c4fd714affc88b409e10b",
         "type": "github"
       },
       "original": {
         "owner": "danth",
-        "ref": "release-25.05",
         "repo": "stylix",
         "type": "github"
       }
@@ -1259,11 +1308,11 @@
         "rev": "0212af5b70347f0721cfe88c25e1efb77b645a2d",
         "revCount": 2,
         "type": "git",
-        "url": "https://git.servidos.lat/jawz/wallpapers.git"
+        "url": "https://git.lebubu.org/jawz/wallpapers.git"
       },
       "original": {
         "type": "git",
-        "url": "https://git.servidos.lat/jawz/wallpapers.git"
+        "url": "https://git.lebubu.org/jawz/wallpapers.git"
       }
     },
     "xdph": {
@@ -1294,11 +1343,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1760713634,
+        "lastModified": 1761431178,
-        "narHash": "sha256-5HXelmz2x/uO26lvW7MudnadbAfoBnve4tRBiDVLtOM=",
+        "narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=",
         "owner": "hyprwm",
         "repo": "xdg-desktop-portal-hyprland",
-        "rev": "753bbbdf6a052994da94062e5b753288cef28dfb",
+        "rev": "4b8801228ff958d028f588f0c2b911dbf32297f9",
         "type": "github"
       },
       "original": {

flake.nix

@@ -2,16 +2,27 @@
   description = "JawZ NixOS flake setup";
   inputs = {
     flake-parts.url = "github:hercules-ci/flake-parts";
-    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.05";
+    nixpkgs.url = "github:nixos/nixpkgs?ref=master";
-    nixpkgs-small.url = "github:nixos/nixpkgs?ref=nixos-25.05-small";
+    nixpkgs-small.url = "github:nixos/nixpkgs?ref=master";
+    # nixpkgs-small.url = "github:nixos/nixpkgs?ref=nixos-25.05-small";
     nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable";
     ucodenix.url = "github:e-tho/ucodenix/ba7f0a366460e0fbea9622fc770cb982be0e4720";
+    home-manager = {
+      # url = "github:nix-community/home-manager?ref=release-25.05";
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    stylix = {
+      # url = "github:danth/stylix/release-25.05";
+      url = "github:danth/stylix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     doom-emacs = {
       url = "github:marienz/nix-doom-emacs-unstraightened/ad01165af00765af07989b6ad14115960ac675f8";
       inputs.nixpkgs.follows = "";
     };
     jawz-scripts = {
-      url = "git+https://git.servidos.lat/jawz/scripts.git";
+      url = "git+https://git.lebubu.org/jawz/scripts.git";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     nur = {
@@ -26,18 +37,10 @@
       url = "github:hyprwm/Hyprland";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    home-manager = {
-      url = "github:nix-community/home-manager?ref=release-25.05";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
     sops-nix = {
       url = "github:Mic92/sops-nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    stylix = {
-      url = "github:danth/stylix/release-25.05";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
     nixtendo-switch = {
       url = "github:nyawox/nixtendo-switch";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -47,11 +50,11 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     wallpapers = {
-      url = "git+https://git.servidos.lat/jawz/wallpapers.git";
+      url = "git+https://git.lebubu.org/jawz/wallpapers.git";
       flake = false;
     };
     fonts = {
-      url = "git+https://git.servidos.lat/jawz/fonts.git";
+      url = "git+https://git.lebubu.org/jawz/fonts.git";
       flake = false;
     };
     qbit_manage = {
@@ -67,7 +70,6 @@
         ./parts/hosts.nix
         ./parts/packages.nix
         ./parts/devshells.nix
-        ./parts/images.nix
       ];
     };
 }

hosts/linode/configuration.nix

@@ -1,47 +0,0 @@
-{
-  lib,
-  pkgs,
-  config,
-  inputs,
-  ...
-}:
-{
-  imports = [
-    ./hardware-configuration.nix
-    ./wireguard-linode.nix
-    ../../config/base.nix
-    inputs.nixos-generators.nixosModules.linode
-  ];
-  my = import ./toggles.nix { inherit config inputs; } // {
-    nix.cores = 2;
-    users.nixremote.enable = false;
-    network.firewall = {
-      enabledServicePorts = true;
-      additionalPorts = [ ];
-    };
-  };
-  networking.hostName = "linode";
-  services.openssh = {
-    enable = true;
-    openFirewall = true;
-    startWhenNeeded = lib.mkForce false;
-    settings = {
-      PasswordAuthentication = false;
-      PermitRootLogin = "prohibit-password";
-      KbdInteractiveAuthentication = false;
-    };
-  };
-  environment.systemPackages = builtins.attrValues {
-    inherit (pkgs)
-      htop
-      iotop
-      tcpdump
-      wireguard-tools
-      ;
-  };
-  system.autoUpgrade = {
-    enable = true;
-    dates = "weekly";
-    allowReboot = true;
-  };
-}

hosts/linode/hardware-configuration.nix

@@ -1,43 +0,0 @@
-{ lib, modulesPath, ... }:
-{
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-  boot = {
-    tmp.cleanOnBoot = true;
-    kernel.sysctl = {
-      "net.core.default_qdisc" = "fq";
-      "net.ipv4.tcp_congestion_control" = "bbr";
-      "net.ipv4.conf.all.rp_filter" = 1;
-      "net.ipv4.conf.default.rp_filter" = 1;
-      "net.ipv4.icmp_echo_ignore_broadcasts" = 1;
-      "net.ipv4.conf.all.accept_source_route" = 0;
-      "net.ipv6.conf.all.accept_source_route" = 0;
-      "net.ipv4.conf.all.send_redirects" = 0;
-      "net.ipv4.tcp_syncookies" = 1;
-    };
-    kernelModules = [
-      "virtio_pci"
-      "virtio_blk"
-      "virtio_net"
-    ];
-    initrd = {
-      availableKernelModules = [
-        "virtio_pci"
-        "virtio_scsi"
-        "virtio_blk"
-        "virtio_net"
-        "9p"
-        "9pnet_virtio"
-      ];
-      kernelModules = [ ];
-    };
-    extraModulePackages = [ ];
-  };
-  fileSystems."/" = {
-    device = "/dev/sda";
-    fsType = "ext4";
-  };
-  swapDevices = [ { device = "/dev/sdb"; } ];
-  networking.useDHCP = lib.mkDefault true;
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.enableRedistributableFirmware = true;
-}

hosts/linode/toggles.nix

@@ -1,16 +0,0 @@
-_: {
-  timeZone = "America/Mexico_City";
-  services = {
-    network.enable = true;
-    wireguard.enable = true;
-  };
-  secureHost = false;
-  interfaces.linode = "eth0";
-  ips = {
-    linode = "51.222.141.104";
-    wg-linode = "10.77.0.1";
-    wg-server = "10.77.0.2";
-    wg-friend1 = "10.8.0.2";
-    wg-friends = "10.8.0.0";
-  };
-}

hosts/linode/wireguard-linode.nix

@@ -1,76 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  config = lib.mkIf config.my.services.wireguard.enable {
-    sops.secrets."linode/linode/private" = lib.mkIf config.my.secureHost {
-      sopsFile = ../../secrets/wireguard.yaml;
-    };
-    networking = {
-      nat = {
-        enable = true;
-        externalInterface = config.my.interfaces.${config.networking.hostName};
-        internalInterfaces = [ "wg0" ];
-      };
-      firewall = {
-        allowedUDPPorts = [ 51820 ];
-        extraCommands = ''
-          iptables -I FORWARD 1 -s ${config.my.ips.wg-friend1} -d ${config.my.ips.wg-server} -p tcp --dport 22000 -j ACCEPT
-          iptables -I FORWARD 2 -s ${config.my.ips.wg-server} -d ${config.my.ips.wg-friend1} -p tcp --sport 22000 -m state --state ESTABLISHED,RELATED -j ACCEPT
-          iptables -I FORWARD 3 -s ${config.my.ips.wg-friends}/24 -d 10.77.0.0/24 -j DROP
-          iptables -I FORWARD 4 -s 10.77.0.0/24 -d ${config.my.ips.wg-friends}/24 -j DROP
-          iptables -A FORWARD -s ${config.my.ips.wg-friends}/24 -o ${
-            config.my.interfaces.${config.networking.hostName}
-          } -j ACCEPT
-          iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-        '';
-        extraStopCommands = ''
-          iptables -D FORWARD -s ${config.my.ips.wg-friend1} -d ${config.my.ips.wg-server} -p tcp --dport 22000 -j ACCEPT 2>/dev/null || true
-          iptables -D FORWARD -s ${config.my.ips.wg-server} -d ${config.my.ips.wg-friend1} -p tcp --sport 22000 -m state --state ESTABLISHED,RELATED -j ACCEPT 2>/dev/null || true
-          iptables -D FORWARD -s ${config.my.ips.wg-friends}/24 -d 10.77.0.0/24 -j DROP 2>/dev/null || true
-          iptables -D FORWARD -s 10.77.0.0/24 -d ${config.my.ips.wg-friends}/24 -j DROP 2>/dev/null || true
-          iptables -D FORWARD -s ${config.my.ips.wg-friends}/24 -o ${
-            config.my.interfaces.${config.networking.hostName}
-          } -j ACCEPT 2>/dev/null || true
-          iptables -D FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT 2>/dev/null || true
-        '';
-      };
-      wireguard.interfaces.wg0 = {
-        ips = [
-          "${config.my.ips.wg-linode}/24"
-          "${config.my.ips.wg-friends}/24"
-        ];
-        listenPort = 51820;
-        privateKeyFile =
-          if config.my.secureHost then
-            config.sops.secrets."linode/linode/private".path
-          else
-            "/var/lib/wireguard/private.key";
-        postSetup = "${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${config.my.ips.wg-friends}/24 -o ${
-          config.my.interfaces.${config.networking.hostName}
-        } -j MASQUERADE";
-        postShutdown = "${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${config.my.ips.wg-friends}/24 -o ${
-          config.my.interfaces.${config.networking.hostName}
-        } -j MASQUERADE 2>/dev/null || true";
-        peers = [
-          {
-            publicKey = "OUiqluRaS4hmGvLJ3csQrnIM3Zzet50gsqtTABaUkH4=";
-            allowedIPs = [ "${config.my.ips.wg-server}/32" ];
-          }
-          {
-            publicKey = "rFgT6TXzRazK6GMazMNGjtOvzAAPST0LvCfN7QXsLho=";
-            allowedIPs = [ "${config.my.ips.wg-friend1}/32" ];
-          }
-        ];
-      };
-    };
-    boot.kernel.sysctl = {
-      "net.ipv4.ip_forward" = 1;
-      "net.ipv6.conf.all.forwarding" = 1;
-    };
-    environment.systemPackages = [ pkgs.wireguard-tools ];
-  };
-}

hosts/server/configuration.nix

@@ -37,7 +37,7 @@
       supportedFeatures = config.my.nix.features;
     }
   ];
-  sops.secrets."linode/server/private" = lib.mkIf config.my.secureHost {
+  sops.secrets."vps/home/private" = lib.mkIf config.my.secureHost {
     sopsFile = ../../secrets/wireguard.yaml;
   };
   networking = {
@@ -48,14 +48,14 @@
     };
     wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
       ips = [ "${config.my.ips.wg-server}/32" ];
-      privateKeyFile = config.sops.secrets."linode/server/private".path;
+      privateKeyFile = config.sops.secrets."vps/home/private".path;
       peers = [
         {
           publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
-          endpoint = "${config.my.ips.linode}:51820";
+          endpoint = "${config.my.ips.vps}:51820";
           allowedIPs = [
-            "${config.my.ips.wg-linode}/32"
+            "${config.my.ips.wg-vps}/32"
-            "${config.my.ips.wg-friends}/24"
+            "${config.my.ips.wg-friends}/24" # all friends
           ];
           persistentKeepalive = 25;
         }

hosts/workstation/configuration.nix

@@ -32,11 +32,10 @@ in
       "nixminiserver"
     ];
   };
-  home-manager.users.jawz = {
+  home-manager.users.jawz.programs = {
-    programs = {
     vscode = {
       enable = true;
-        package = pkgs.code-cursor-fhs;
+      package = pkgs.code-cursor;
     };
     ghostty = {
       enable = true;
@@ -45,7 +44,7 @@ in
       enableZshIntegration = shellType == "zsh";
       installBatSyntax = true;
       installVimSyntax = true;
-      };
+      settings.term = "xterm-256color";
     };
   };
   networking = {
@@ -125,9 +124,9 @@ in
     ../../secrets/ssh/root-private-ca.pem
   ];
   services = {
+    minio.enable = true;
     flatpak.enable = true;
     open-webui.enable = true;
-    tailscale.enable = true;
     scx = {
       enable = true;
       scheduler = "scx_lavd";
@@ -145,11 +144,48 @@ in
       acceleration = "cuda";
       models = "/srv/ai/ollama";
     };
-    sunshine = {
+    postgresql = {
       enable = true;
-      autoStart = false;
+      package = pkgs.postgresql_17;
-      capSysAdmin = true;
+      enableTCPIP = true;
-      openFirewall = true;
+      authentication = pkgs.lib.mkOverride 10 ''
+        local   all    all                                 trust
+        host    all    all    ${config.my.localhost}/32    trust
+        host    all    all    ::1/128                      trust
+      '';
+      ensureDatabases = [ "webref" ];
+      ensureUsers = [
+        {
+          name = "webref";
+          ensureDBOwnership = true;
+        }
+      ];
     };
   };
+  programs.virt-manager.enable = true;
+  users.groups.libvirtd.members = [ "jawz" ];
+  virtualisation.libvirtd.enable = true;
+  systemd.services.minio-init = {
+    description = "Initialize MinIO buckets";
+    after = [ "minio.service" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+    script = ''
+      # Wait for MinIO to be ready
+      until ${pkgs.curl}/bin/curl -sf http://localhost:9000/minio/health/live > /dev/null 2>&1; do
+        echo "Waiting for MinIO..."
+        sleep 1
+      done
+
+      # Configure mc alias and create bucket
+      ${pkgs.minio-client}/bin/mc alias set local http://localhost:9000 minioadmin minioadmin || true
+      ${pkgs.minio-client}/bin/mc mb local/webref || true
+      ${pkgs.minio-client}/bin/mc anonymous set public local/webref || true
+
+      echo "MinIO initialized with webref bucket"
+    '';
+  };
 }

modules/apps/internet.nix

@@ -5,9 +5,7 @@
   ...
 }:
 let
-  krisp-patcher =
+  krisp-settings = {
-    pkgs.writers.writePython3Bin "krisp-patcher"
-      {
     libraries = builtins.attrValues {
       inherit (pkgs.python3Packages)
         capstone
@@ -19,15 +17,14 @@ let
       "F403" # 'from module import *' used; unable to detect undefined names
       "F405" # name may be undefined, or defined from star imports: module
     ];
-      }
+  };
-      (
+  krisp-patch = builtins.readFile (
-        builtins.readFile (
     pkgs.fetchurl {
       url = "https://pastebin.com/raw/8tQDsMVd";
       sha256 = "sha256-IdXv0MfRG1/1pAAwHLS2+1NESFEz2uXrbSdvU9OvdJ8=";
     }
-        )
   );
+  krisp-patcher = pkgs.writers.writePython3Bin "krisp-patcher" krisp-settings krisp-patch;
 in
 {
   options.my.apps.internet.enable = lib.mkEnableOption "internet browsers and communication apps";
@@ -42,7 +39,7 @@ in
         warp # transfer files with based ppl
         nextcloud-client # self-hosted google-drive alternative
         fragments # beautiful torrent client
-        tor-browser-bundle-bin # dark web, so dark!
+        tor-browser # dark web, so dark!
         telegram-desktop # furry chat
         nicotine-plus # remember Ares?
         discord # :3

modules/dev/docker.nix

@@ -6,9 +6,9 @@
 }:
 let
   packages = builtins.attrValues {
-    inherit (pkgs) dockfmt; # Format Dockerfiles
+    inherit (pkgs)
-    inherit (pkgs.nodePackages)
+      dockfmt # Format Dockerfiles
-      dockerfile-language-server-nodejs # LSP for Dockerfiles
+      dockerfile-language-server # LSP for Dockerfiles
       ;
   };
 in

modules/dev/sh.nix

@@ -7,7 +7,6 @@
 let
   packages = builtins.attrValues {
     inherit (pkgs)
-      bashdb # Debugger and completion support
       shellcheck # Shell script linter
       shfmt # Shell parser and formatter
       ;

modules/modules.nix

@@ -39,7 +39,7 @@ in
     };
     domain = lib.mkOption {
       type = lib.types.str;
-      default = "servidos.lat";
+      default = "lebubu.org";
       description = "The domain name.";
     };
     ips = lib.mkOption {
@@ -49,8 +49,8 @@ in
         server = "192.168.100.15";
         miniserver = "192.168.1.100";
         workstation = "192.168.100.18";
-        linode = "51.222.141.104";
+        vps = "45.79.25.87";
-        wg-linode = "10.77.0.1";
+        wg-vps = "10.77.0.1";
         wg-server = "10.77.0.2";
         wg-friend1 = "10.8.0.2";
         wg-friends = "10.8.0.0";
@@ -63,7 +63,6 @@ in
         server = "enp0s31f6";
         miniserver = "enp2s0";
         workstation = "enp5s0";
-        linode = "eth0";
       };
       description = "Set of network interface names for all my computers.";
     };

modules/nix/gitea-actions-runners/nixos.nix

@@ -9,22 +9,46 @@ let
 in
 {
   config = lib.mkIf (cfg.enable && config.my.secureHost) {
+    users.groups.gitea-runner = { };
+    users.users.gitea-runner = {
+      isSystemUser = true;
+      group = "gitea-runner";
+      extraGroups = [
+        "docker"
+        "podman"
+      ];
+    };
+    nix.settings = {
+      allowed-users = [
+        "gitea"
+        "gitea-runner"
+      ];
+      trusted-users = [
+        "gitea"
+        "gitea-runner"
+      ];
+    };
     services.gitea-actions-runner.instances.nixos = {
       inherit (cfg) url enable;
       name = "${config.networking.hostName}-nixos";
       tokenFile = config.sops.secrets.gitea.path;
       labels = [
+        "nix:host"
         "nixos:host"
       ];
       hostPackages = builtins.attrValues {
         inherit (pkgs)
           bash
+          curl
           coreutils
           gitMinimal
-          nix
           attic-client
-          nodejs # Required for GitHub Actions
+          podman
-          openssh # Required for SSH git operations
+          podman-compose
+          nix
+          nodejs
+          openssh
+          python3
           ;
       };
     };

modules/servers/atticd.nix

@@ -24,10 +24,6 @@ in
           avg-size = 64 * 1024; # 64 KiB
           max-size = 256 * 1024; # 256 KiB
         };
-        compression = {
-          type = "zstd";
-          level = 8;
-        };
         garbage-collection = {
           interval = "7 days";
           default-retention-period = "7 days";

modules/servers/gitea.nix

@@ -10,7 +10,6 @@ let
 in
 {
   imports = [
-    ../nix/gitea-actions-runners/ryujinx.nix
     ../nix/gitea-actions-runners/nixos.nix
   ];
   options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083;

modules/servers/homepage/bookmarks/servers.nix

@@ -4,7 +4,7 @@
       readeck = [
         {
           abbr = "RD";
-          href = "https://laters.servidos.lat/";
+          href = "https://laters.lebubu.org/";
           description = "";
         }
       ];
@@ -13,7 +13,7 @@
       maloja = [
         {
           abbr = "ML";
-          href = "https://maloja.servidos.lat/";
+          href = "https://maloja.lebubu.org/";
           description = "";
         }
       ];
@@ -22,7 +22,7 @@
       microbin = [
         {
           abbr = "CP";
-          href = "https://copy.servidos.lat/";
+          href = "https://copy.lebubu.org/";
           description = "";
         }
       ];
@@ -31,7 +31,7 @@
       multi-scrobbler = [
         {
           abbr = "MS";
-          href = "https://scrobble.servidos.lat/";
+          href = "https://scrobble.lebubu.org/";
           description = "";
         }
       ];
@@ -40,7 +40,7 @@
       ryot = [
         {
           abbr = "RT";
-          href = "https://tracker.servidos.lat/";
+          href = "https://tracker.lebubu.org/";
           description = "";
         }
       ];
@@ -49,7 +49,7 @@
       vaultwarden = [
         {
           abbr = "VW";
-          href = "https://vault.servidos.lat";
+          href = "https://vault.lebubu.org";
           description = "";
         }
       ];

modules/servers/synapse.nix

@@ -58,7 +58,7 @@ in
         ];
         settings = {
           server_name = cfg.domain;
-          public_baseurl = cfg.url;
+          public_baseurl = "http://${config.my.ips.wg-server}:${toString cfg.port}";
           federation_domain_whitelist = [ ];
           allow_public_rooms_without_auth = false;
           allow_public_rooms_over_federation = false;

modules/services/network.nix

@@ -13,7 +13,8 @@
       hosts = config.my.ips |> lib.mapAttrs' (hostname: ip: lib.nameValuePair ip [ hostname ]);
       interfaces."${config.my.interfaces.${config.networking.hostName}}".wakeOnLan.enable = true;
     };
-    services.dnscrypt-proxy2 = {
+    systemd.services.dnscrypt-proxy.serviceConfig.StateDirectory = "dnscrypt-proxy";
+    services.dnscrypt-proxy = {
       enable = true;
       settings = {
         ipv6_servers = true;
@@ -43,8 +44,5 @@
         ];
       };
     };
-    systemd.services.dnscrypt-proxy2.serviceConfig = {
-      StateDirectory = "dnscrypt-proxy";
-    };
   };
 }

modules/services/nvidia.nix

@@ -17,7 +17,7 @@
         extraPackages = builtins.attrValues {
           inherit (pkgs)
             nvidia-vaapi-driver
-            vaapiVdpau
+            libva-vdpau-driver
             libvdpau-va-gl
             vulkan-loader
             mesa

modules/services/wireguard.nix

@@ -11,7 +11,7 @@ in
 {
   options.my.services.wireguard.enable = lib.mkEnableOption "WireGuard VPN configuration";
   config = lib.mkIf (config.my.services.wireguard.enable && config.my.secureHost) {
-    sops.secrets."server/private".sopsFile = ../../secrets/wireguard.yaml;
+    sops.secrets."wireguard/private".sopsFile = ../../secrets/wireguard.yaml;
     networking = {
       firewall.allowedUDPPorts = [ port ];
       nat = {
@@ -22,9 +22,13 @@ in
       wireguard.interfaces.wg0 = {
         ips = [ "10.100.0.1/24" ];
         listenPort = port;
-        postSetup = "${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE";
+        postSetup = ''
-        postShutdown = "${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE";
+          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE
-        privateKeyFile = config.sops.secrets."server/private".path;
+        '';
+        postShutdown = ''
+          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE
+        '';
+        privateKeyFile = config.sops.secrets."wireguard/private".path;
         peers = [
           {
             publicKey = "ciupBjCcIpd3K5vlzNMJC8iiyNqB9xXwkSC6UXPKP3g=";

modules/shell/tools.nix

@@ -97,7 +97,7 @@ in
     users.users.jawz.packages = builtins.attrValues {
       inherit (pkgs)
         ripgrep # modern grep
-        du-dust # rusty du similar to gdu
+        dust # rusty du similar to gdu
         fd # modern find, faster searches
         fzf # fuzzy finder! super cool and useful
         gdu # disk-space utility checker, somewhat useful
@@ -106,8 +106,6 @@ in
         jq # json parser
         yq # yaml parser
         smartmontools # check hard drie health
-        ;
-      inherit (inputs.jawz-scripts.packages.x86_64-linux)
         rmlint # amazing dupe finder that integrates well with BTRFS
         ;
     };

parts/core.nix

@@ -141,7 +141,7 @@ in
         ips: hostName: lib:
         builtins.attrNames ips
         |> builtins.filter (
-          name: !(lib.hasPrefix "wg-" name) && name != "linode" && name != "router" && name != hostName
+          name: !(lib.hasPrefix "wg-" name) && name != "vps" && name != "router" && name != hostName
         );
       shellConditional =
         shellType: bashContent: zshContent:
@@ -204,11 +204,13 @@ in
         miniserver = ../secrets/ssh/ed25519_miniserver.pub;
         galaxy = ../secrets/ssh/ed25519_galaxy.pub;
         phone = ../secrets/ssh/ed25519_phone.pub;
-        linode = ../secrets/ssh/ed25519_linode.pub;
+        vps = ../secrets/ssh/ed25519_vps.pub;
         emacs = ../secrets/ssh/ed25519_emacs.pub;
+        # Build user keys (nixremote)
         nixworkstation = ../secrets/ssh/ed25519_nixworkstation.pub;
         nixserver = ../secrets/ssh/ed25519_nixserver.pub;
         nixminiserver = ../secrets/ssh/ed25519_nixminiserver.pub;
+        windows_vm = ../secrets/ssh/ed25519_windows_vm.pub;
       };
       getSshKeys = keyNames: keyNames |> map (name: inputs.self.lib.sshKeys.${name});
     };

parts/hosts.nix

@@ -6,6 +6,5 @@
     server = inputs.self.lib.createConfig "server" inputs.nixpkgs-small;
     galaxy = inputs.self.lib.createConfig "galaxy" inputs.nixpkgs-small;
     emacs = inputs.self.lib.createConfig "emacs" inputs.nixpkgs;
-    linode = inputs.self.lib.createConfig "linode" inputs.nixpkgs-small;
   };
 }

parts/images.nix

@@ -1,5 +0,0 @@
-{ inputs, ... }:
-{
-  flake.packages.x86_64-linux.linode-image =
-    inputs.self.nixosConfigurations.linode.config.system.build.linodeImage;
-}

scripts/push-to-cache.sh

@@ -11,7 +11,7 @@ NC='\033[0m' # No Color
 
 # Configuration
 CACHE_NAME="servidos:nixos"
-CACHE_URL="https://cache.servidos.lat"
+CACHE_URL="https://cache.lebubu.org"
 
 echo -e "${BLUE}=========================================${NC}"
 echo -e "${BLUE}NixOS Build Cache Pusher${NC}"

secrets/ssh/ed25519_windows_vm.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOYwRyCCOXaq7PO1aK58XLRcbuvY6j8rvjZmgTwUKTIZ capta@DESKTOP-JJLTF62

secrets/wireguard.yaml

@@ -1,13 +1,13 @@
-server:
+wireguard:
-    private: ENC[AES256_GCM,data:8/wwIn29F5DxRIjFz51GgBUmAdaOeyS4cDN/vFzypagyNyOJ1VygiT1NXMA=,iv:uUk55wrayGJ6YRNC67z51T4DW6r/LVOol39/JJKYZxg=,tag:uuAuAqzTUOJjkLsDrZig2A==,type:str]
+    private: ENC[AES256_GCM,data:wwggc9T88gK/EMmjPauf14DZGUnfipBpfN3FnlPhsO6FtVmK2aad/D0/Rqw=,iv:Q15iiEOFRa3bPf7NfZcEZOgEqnjIJPenYgE6c6HRYI8=,tag:x+auLhc/FDhxZxzWmcrX9Q==,type:str]
-    public: ENC[AES256_GCM,data:J3j3AlG2liVRZERvlpClWekGa4AZWBfACe9J5YegzG1liU5/ZkPzMOzdf4I=,iv:8o9IpQWh0QtdwDj1knpsEOrPLorSZPQKiO8QJxBlPco=,tag:QDHai1bzFXS7vuTpIJqClA==,type:str]
+    public: ENC[AES256_GCM,data:uelp1opnLR5EfvNBSA3Sk33ktMoG6+Pvj7oKYtdlCpXMZel9O8G7P4X5S2M=,iv:AQECJmnXSc2MM0pT8ZJtA51pn+tvhhyAxFDMBH/H6wA=,tag:yWsnQbHaeiXyPLbpxMZwsg==,type:str]
-linode:
+vps:
     server:
-        private: ENC[AES256_GCM,data:ReI4nnGcR4GbLuQOkosYG9CtQWc/YSV/BVVwY2lfM9miskRIh+aw4kudSNM=,iv:B2JrRpD7tYF+PtdQddyzUl0kp36VVXSNFrHOAoUgwA4=,tag:GV3joCZbl85tvlMAq/Kqug==,type:str]
+        private: ENC[AES256_GCM,data:wrP/069tuQs3ObYE8Q0MNVxe3+4vZ2HIImoIdZpj1uPgdBknboX1wmANv/k=,iv:FJL5KumHos8PoXra+BB2Uc6YedsF6MD3wWyuugXzJ+E=,tag:nVuTrW2P7JvnWnv6H1SmdQ==,type:str]
-        public: ENC[AES256_GCM,data:VKYak059lumcQy3QtCanYwBwmsKkkSVEQilOu+KUYmMykirV+DUpI23jloY=,iv:5NYbyrMQTlC8qp/fmGToK+ZpKhDcP8UWbmRNoWzn64k=,tag:fi46BRJAksrUuDYP+5Nvmw==,type:str]
+        public: ENC[AES256_GCM,data:YnKOf9725v9FkzdNPDVf/iinMbY/YWn6ksqEz+mpB4KHVlOvpbV6vLSKRcs=,iv:aWQNy6mT4sxVbzaXKgRzZ9XVsiBCRsOlLORRqC+uiKE=,tag:mLWv6mr3VVfw0J5BrqByXg==,type:str]
     home:
-        private: ENC[AES256_GCM,data:Bo3Hzd9Xh4kufO8G4J6Gm2znsUcBc25OlB+ECI4u2roeo7QgQpRXxa8RamM=,iv:0D+FmQxqyZZeCA+iA/gMp0soZ2LtM9fNTP6hGIVrNaM=,tag:Bk18KYKZEDWBBEK5dHKO6w==,type:str]
+        private: ENC[AES256_GCM,data:YZ0jvBzkMv8Bwc9u3LDJzwSqQvPj8wPUxTIeBFiLYVQQIBjm8aS1dTYuPvo=,iv:mXuW7TVERxOMmGIit3a7Spmbk/EgYuGkO66AWJUnMF0=,tag:xM7C3F3JCiud/A9yPD5ydQ==,type:str]
-        public: ENC[AES256_GCM,data:sHXh/i9nBHgpgsBVPgvpiEJIHIXzlCa3EhG/eFYL1tKz6Iabcr4bnAUbe08=,iv:V6eSlQRenSCz5VRJMQTXafIb2TTB33p7jzOkixSwIM0=,tag:tjutVj+K6CdtN/FOZqqaHw==,type:str]
+        public: ENC[AES256_GCM,data:DcwAHhHjIxFqRL5h7p/0nkFnWiI/iqR8Fws6AuFaxjgUHKYd/6l3D6q/O/0=,iv:bBJ0bsKRiGQUSlRmHqeLQWkOIUNfG5VVpuV6MOtKZO0=,tag:harMG6GDIfclmSq3D36bTw==,type:str]
 sops:
     age:
         - recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37
@@ -46,7 +46,7 @@ sops:
             KzZFSWprL0l0MDdVdEVKbEV5eklZdTAK/1ZyGvElfp+LVloSR6aJUtvrgU0CrzaJ
             SQtO7vc4oDedkiTz6LKySta+uyn3e17Jzdyy9nU2D/Q5X+CpKGP3cg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-28T19:42:02Z"
+    lastmodified: "2025-09-08T00:14:52Z"
-    mac: ENC[AES256_GCM,data:b6/AkxnYppuHIU2oOqOZFizfqhwGjHquzhaeKnBhinXUqmAwoYRgHH54w951HR0Qp9IXu4P7BmlmqET2IhtIXjTtfkDOz9LUUJT0kRmpW5uyXcgiaPQWFFT1r3FnUNPla1O3mBpaT8FD1LVZunEGJ7o3smHJ8aXStbV3RIwdUsQ=,iv:4yCLwkTxW9wMFyoUK9WvaRR+GI1r884uGRKLvmzVF2I=,tag:wLk0v/f06rLczCX+/UN4Ng==,type:str]
+    mac: ENC[AES256_GCM,data:O2herKRy4k9ZMuPzzPF5QlBC2isXdRoIsbYLJ/6X7esxtxxgNuAljx4SCR6UMT7pl3G2E33cnnBEkuAIy6SMXOaZNfOuAEJXaCwpRwCXu26lrcTf6n7UdP36GWfIRsR4utD5/vv66ch6MqmQWkW7E5zydy5dOv+BJ4XS/50OUQs=,iv:TscYNQaeI+mBxyobxI1O4wUzRtA27pvjXz27kqMJhA0=,tag:zx/xrYAWJCxYz5HRTKzYfQ==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.11.0
+    version: 3.10.2