Weekly flake update: 2025-10-29 17:38 UTC

lan login for schemes pipeline as well
lowered compression rate
2025-10-29 11:38:29 -06:00 · 2025-10-29 09:57:44 -06:00 · 2025-10-29 01:57:21 -06:00 · 2025-10-29 01:41:24 -06:00 · 2025-10-29 00:39:51 -06:00 · 2025-10-29 00:00:39 -06:00
67 changed files with 407 additions and 452 deletions
--- a/.github/workflows/build-schemes.yml
+++ b/.github/workflows/build-schemes.yml
@@ -3,8 +3,8 @@ name: Build All Color Schemes
 on:
  push:
    paths:
-      - 'config/schemes.nix'
-      - 'config/scheme-utils.nix'
+      - "config/schemes.nix"
+      - "config/scheme-utils.nix"
  workflow_dispatch:

 jobs:
@@ -12,81 +12,81 @@ jobs:
    runs-on: nixos
    env:
      HOSTNAME: server
-    
+
    steps:
-    - uses: actions/checkout@v4
-    
-    - name: Get available schemes
-      id: schemes
-      run: |
-        SCHEMES=$(nix eval --raw --impure --expr '
-          let
-            pkgs = import <nixpkgs> {};
-            inputs = {};
-            utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
-          in
-          builtins.concatStringsSep " " utils.availableSchemes
-        ')
-        echo "schemes=$SCHEMES" >> $GITHUB_OUTPUT
-        echo "Available schemes: $SCHEMES"
-    
-    - name: Configure Attic cache
-      run: |
-        # Configure attic client to use your cache server
-        attic login servidos https://cache.servidos.lat ${{ secrets.ATTIC_TOKEN }}
-    
-    - name: Build and push all schemes
-      run: |
-        echo "Building and pushing all schemes..."
-        
-        # Store original scheme
-        ORIGINAL_SCHEME=$(grep -oP "scheme = schemesFile\.schemes\.\K\w+" config/stylix.nix)
-        echo "Original scheme: $ORIGINAL_SCHEME"
-        
-        # Build and push each scheme
-        for scheme in ${{ steps.schemes.outputs.schemes }}; do
+      - uses: actions/checkout@v4
+
+      - name: Get available schemes
+        id: schemes
+        run: |
+          SCHEMES=$(nix eval --raw --impure --expr '
+            let
+              pkgs = import <nixpkgs> {};
+              inputs = {};
+              utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
+            in
+            builtins.concatStringsSep " " utils.availableSchemes
+          ')
+          echo "schemes=$SCHEMES" >> $GITHUB_OUTPUT
+          echo "Available schemes: $SCHEMES"
+
+      - name: Configure Attic cache
+        run: |
+          # Configure attic client to use your cache server
+          attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
+
+      - name: Build and push all schemes
+        run: |
+          echo "Building and pushing all schemes..."
+
+          # Store original scheme
+          ORIGINAL_SCHEME=$(grep -oP "scheme = schemesFile\.schemes\.\K\w+" config/stylix.nix)
+          echo "Original scheme: $ORIGINAL_SCHEME"
+
+          # Build and push each scheme
+          for scheme in ${{ steps.schemes.outputs.schemes }}; do
+            echo "========================================="
+            echo "Processing scheme: $scheme"
+            echo "========================================="
+
+            # Update stylix.nix to use this scheme
+            sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$scheme;/" config/stylix.nix
+
+            # Verify the change
+            grep "scheme = schemesFile.schemes" config/stylix.nix
+
+            # Build the configuration
+            echo "Building $scheme..."
+            nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
+              --out-link ./result-$scheme \
+              --quiet
+
+            # Push to cache
+            echo "Pushing $scheme to cache..."
+            attic push servidos:nixos ./result-$scheme
+
+            # Also push using print-out-paths for better cache coverage
+            nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
+              --print-out-paths \
+              --quiet | attic push servidos:nixos --stdin
+
+            echo "✓ Completed $scheme"
+            echo ""
+          done
+
+          # Restore original scheme
+          echo "Restoring original scheme: $ORIGINAL_SCHEME"
+          sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$ORIGINAL_SCHEME;/" config/stylix.nix
+
          echo "========================================="
-          echo "Processing scheme: $scheme"
+          echo "All schemes built and pushed successfully!"
          echo "========================================="
-          
-          # Update stylix.nix to use this scheme
-          sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$scheme;/" config/stylix.nix
-          
-          # Verify the change
-          grep "scheme = schemesFile.schemes" config/stylix.nix
-          
-          # Build the configuration
-          echo "Building $scheme..."
-          nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
-            --out-link ./result-$scheme \
-            --quiet
-          
-          # Push to cache
-          echo "Pushing $scheme to cache..."
-          attic push servidos:nixos ./result-$scheme
-          
-          # Also push using print-out-paths for better cache coverage
-          nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
-            --print-out-paths \
-            --quiet | attic push servidos:nixos --stdin
-          
-          echo "✓ Completed $scheme"
+
+      - name: Summary
+        run: |
+          SCHEME_COUNT=$(echo "${{ steps.schemes.outputs.schemes }}" | wc -w)
+          echo "✅ Color scheme builds completed successfully!"
+          echo "- Built $SCHEME_COUNT schemes: ${{ steps.schemes.outputs.schemes }}"
+          echo "- Pushed all builds to Atticd cache"
          echo ""
-        done
-        
-        # Restore original scheme
-        echo "Restoring original scheme: $ORIGINAL_SCHEME"
-        sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$ORIGINAL_SCHEME;/" config/stylix.nix
-        
-        echo "========================================="
-        echo "All schemes built and pushed successfully!"
-        echo "========================================="
-    
-    - name: Summary
-      run: |
-        SCHEME_COUNT=$(echo "${{ steps.schemes.outputs.schemes }}" | wc -w)
-        echo "✅ Color scheme builds completed successfully!"
-        echo "- Built $SCHEME_COUNT schemes: ${{ steps.schemes.outputs.schemes }}"
-        echo "- Pushed all builds to Atticd cache"
-        echo ""
-        echo "You can now switch schemes quickly without waiting for builds!"
+          echo "You can now switch schemes quickly without waiting for builds!"
--- a/.github/workflows/weekly-build-cache.yml
+++ b/.github/workflows/weekly-build-cache.yml
@@ -38,7 +38,7 @@ jobs:
        if: steps.check_changes.outputs.changes == 'true'
        run: |
          # Configure attic client to use your cache server
-          attic login servidos https://cache.servidos.lat ${{ secrets.ATTIC_TOKEN }}
+          attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}

      - name: Build workstation configuration
        if: steps.check_changes.outputs.changes == 'true'
--- a/config/base.nix
+++ b/config/base.nix
@@ -75,6 +75,7 @@
      "dotnet-runtime-6.0.36"
      "dotnet-sdk-wrapped-6.0.428"
      "dotnet-sdk-6.0.428"
+      "mbedtls-2.28.10"
    ];
  };
  nix = {
--- a/config/jawz.nix
+++ b/config/jawz.nix
@@ -33,7 +33,7 @@ in
      matchBlocks = {
        vps = {
          hostname = config.my.ips.vps;
-          user = "fedora";
+          user = "jawz";
          port = 3456;
          identityFile = config.sops.secrets."private_keys/${hostName}".path;
        };
@@ -68,14 +68,14 @@ in
      "plugdev"
      "bluetooth"
    ];
-    openssh.authorizedKeys.keyFiles = [
-      ../secrets/ssh/ed25519_deacero.pub
-      ../secrets/ssh/ed25519_workstation.pub
-      ../secrets/ssh/ed25519_server.pub
-      ../secrets/ssh/ed25519_miniserver.pub
-      ../secrets/ssh/ed25519_galaxy.pub
-      ../secrets/ssh/ed25519_phone.pub
-      ../secrets/ssh/ed25519_vps.pub
+    openssh.authorizedKeys.keyFiles = inputs.self.lib.getSshKeys [
+      "deacero"
+      "workstation"
+      "server"
+      "miniserver"
+      "galaxy"
+      "phone"
+      "vps"
    ];
  };
 }
--- a/dotfiles/stignore
+++ b/dotfiles/stignore
@@ -1,6 +1,7 @@
 (?d)jawz/chrome/userChrome.css
 (?d)jawz/chrome/userContent.css
 (?d)jawz/lock
+(?d)jawz/storage
 (?d)jawz/user.js
 (?d)native-messaging-hosts/org.gnome.browser_connector.json
 (?d)native-messaging-hosts/org.gnome.chrome_gnome_shell.json
--- a/flake.lock
+++ b/flake.lock
@@ -20,11 +20,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1759499898,
-        "narHash": "sha256-UNzYHLWfkSzLHDep5Ckb5tXc0fdxwPIrT+MY4kpQttM=",
+        "lastModified": 1760101617,
+        "narHash": "sha256-8jf/3ZCi+B7zYpIyV04+3wm72BD7Z801IlOzsOACR7I=",
        "owner": "hyprwm",
        "repo": "aquamarine",
-        "rev": "655e067f96fd44b3f5685e17f566b0e4d535d798",
+        "rev": "1826a9923881320306231b1c2090379ebf9fa4f8",
        "type": "github"
      },
      "original": {
@@ -54,16 +54,17 @@
    "base16-fish": {
      "flake": false,
      "locked": {
-        "lastModified": 1622559957,
-        "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=",
+        "lastModified": 1754405784,
+        "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=",
        "owner": "tomyun",
        "repo": "base16-fish",
-        "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe",
+        "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
        "type": "github"
      },
      "original": {
        "owner": "tomyun",
        "repo": "base16-fish",
+        "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
        "type": "github"
      }
    },
@@ -215,11 +216,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1759362264,
-        "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
+        "lastModified": 1760948891,
+        "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
+        "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
        "type": "github"
      },
      "original": {
@@ -233,11 +234,11 @@
        "nixpkgs-lib": "nixpkgs-lib_2"
      },
      "locked": {
-        "lastModified": 1759362264,
-        "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
+        "lastModified": 1760948891,
+        "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
+        "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
        "type": "github"
      },
      "original": {
@@ -460,11 +461,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1759490292,
-        "narHash": "sha256-T6iWzDOXp8Wv0KQOCTHpBcmAOdHJ6zc/l9xaztW6Ivc=",
+        "lastModified": 1760445448,
+        "narHash": "sha256-fXGjL6dw31FPFRrmIemzGiNSlfvEJTJNsmadZi+qNhI=",
        "owner": "hyprwm",
        "repo": "hyprgraphics",
-        "rev": "9431db625cd9bb66ac55525479dce694101d6d7a",
+        "rev": "50fb9f069219f338a11cf0bcccb9e58357d67757",
        "type": "github"
      },
      "original": {
@@ -491,11 +492,11 @@
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1760143218,
-        "narHash": "sha256-OhJPROcRcwBkjOKkXr/f3/7wuSjhAIqr8WfmEUF9Uuo=",
+        "lastModified": 1761758444,
+        "narHash": "sha256-m05lvxm5qhUoAWB5vkyt9llmGcQ05Q7Km8d6QvMVfVA=",
        "owner": "hyprwm",
        "repo": "Hyprland",
-        "rev": "d599513d4a72d66ac62ffdedc41d6653fa81b39e",
+        "rev": "83a0a62004ee915921ac36a96760944ad6550e1e",
        "type": "github"
      },
      "original": {
@@ -516,11 +517,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1749046714,
-        "narHash": "sha256-kymV5FMnddYGI+UjwIw8ceDjdeg7ToDVjbHCvUlhn14=",
+        "lastModified": 1759610243,
+        "narHash": "sha256-+KEVnKBe8wz+a6dTLq8YDcF3UrhQElwsYJaVaHXJtoI=",
        "owner": "hyprwm",
        "repo": "hyprland-protocols",
-        "rev": "613878cb6f459c5e323aaafe1e6f388ac8a36330",
+        "rev": "bd153e76f751f150a09328dbdeb5e4fab9d23622",
        "type": "github"
      },
      "original": {
@@ -684,11 +685,11 @@
        "sudoku-solver": "sudoku-solver"
      },
      "locked": {
-        "lastModified": 1760073554,
-        "narHash": "sha256-Ydqg/9lpoha2vgspjviqeRh6/tsWN+pZcUxn1ZyrFZM=",
+        "lastModified": 1761720517,
+        "narHash": "sha256-YWKeZsstuJMEOlC31pyveuLT9525YW+wzTAMHDawgZ0=",
        "ref": "refs/heads/master",
-        "rev": "5c13b806a094f3605e2da70e133551848ad8d9a9",
-        "revCount": 109,
+        "rev": "07daae7770da1201de6825de9b65eab0fcd81ca8",
+        "revCount": 116,
        "type": "git",
        "url": "https://git.servidos.lat/jawz/scripts.git"
      },
@@ -705,11 +706,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1760146997,
-        "narHash": "sha256-x2sF8Q4tWz3DI166s+KFDXySrK+cN+/YEd3DfhnhBLQ=",
+        "lastModified": 1761703070,
+        "narHash": "sha256-KAsGjetWzPdUYqGuOu1Vu95d8i+L7JqwG7o3hLJ7DD8=",
        "owner": "fufexan",
        "repo": "nix-gaming",
-        "rev": "ad505387568d024654da88fef03d9c5319cba92f",
+        "rev": "30854a5ad380aa93b18c254bca4b5d7b6f3dc968",
        "type": "github"
      },
      "original": {
@@ -820,11 +821,11 @@
    },
    "nixpkgs-small": {
      "locked": {
-        "lastModified": 1760081104,
-        "narHash": "sha256-n9NgHBtZgLrT1FtJ2W9AvVKM7bXWBgqw/is739m72WQ=",
+        "lastModified": 1761706708,
+        "narHash": "sha256-zgrEi11Ok83JI2U11GQqSiE0TddvdHfnE8jI0iE4Vms=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "872106a411643f96e2c9576d247cf96e7c8c1b97",
+        "rev": "1f12c8011e59aca25db5cbf000735089a51874ea",
        "type": "github"
      },
      "original": {
@@ -836,11 +837,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1760038930,
-        "narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=",
+        "lastModified": 1761373498,
+        "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3",
+        "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce",
        "type": "github"
      },
      "original": {
@@ -852,11 +853,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1759994382,
-        "narHash": "sha256-wSK+3UkalDZRVHGCRikZ//CyZUJWDJkBDTQX1+G77Ow=",
+        "lastModified": 1761468971,
+        "narHash": "sha256-vY2OLVg5ZTobdroQKQQSipSIkHlxOTrIF1fsMzPh8w8=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "5da4a26309e796daa7ffca72df93dbe53b8164c7",
+        "rev": "78e34d1667d32d8a0ffc3eba4591ff256e80576e",
        "type": "github"
      },
      "original": {
@@ -895,11 +896,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1760150127,
-        "narHash": "sha256-McDmxx/bruodgHLD4sFIl0fKkEkNj5VE3DglImfslrk=",
+        "lastModified": 1761756571,
+        "narHash": "sha256-Ryt/9e3t+KEo9BT1TJqpi8hnkGOQrG1ddsOPf12zwBM=",
        "owner": "nix-community",
        "repo": "nur",
-        "rev": "886a5646695563cbae3c1e10369c6070c7645e73",
+        "rev": "14ea3a540e215ee60d970038f56c26ffb205b843",
        "type": "github"
      },
      "original": {
@@ -944,11 +945,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758108966,
-        "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=",
+        "lastModified": 1760663237,
+        "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b",
+        "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37",
        "type": "github"
      },
      "original": {
@@ -1002,11 +1003,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1759635238,
-        "narHash": "sha256-UvzKi02LMFP74csFfwLPAZ0mrE7k6EiYaKecplyX9Qk=",
+        "lastModified": 1760998189,
+        "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "6e5a38e08a2c31ae687504196a230ae00ea95133",
+        "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
        "type": "github"
      },
      "original": {
@@ -1036,11 +1037,11 @@
        "tinted-zed": "tinted-zed"
      },
      "locked": {
-        "lastModified": 1759596342,
-        "narHash": "sha256-1Eda1V8pjpviMdBTdDXrFp7jkaUokIgXgBYTZyzDODk=",
+        "lastModified": 1761668239,
+        "narHash": "sha256-b0+7/5hBUsLjd/gMY9/LSEsvuWFFolHdpUAOlG73zmw=",
        "owner": "danth",
        "repo": "stylix",
-        "rev": "4d065856e936fc6a99ba55d39ac2df9ded6bedbe",
+        "rev": "a149a557dc306e76d53e7dd488826e61ef9c6289",
        "type": "github"
      },
      "original": {
@@ -1293,11 +1294,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1755354946,
-        "narHash": "sha256-zdov5f/GcoLQc9qYIS1dUTqtJMeDqmBmo59PAxze6e4=",
+        "lastModified": 1760713634,
+        "narHash": "sha256-5HXelmz2x/uO26lvW7MudnadbAfoBnve4tRBiDVLtOM=",
        "owner": "hyprwm",
        "repo": "xdg-desktop-portal-hyprland",
-        "rev": "a10726d6a8d0ef1a0c645378f983b6278c42eaa0",
+        "rev": "753bbbdf6a052994da94062e5b753288cef28dfb",
        "type": "github"
      },
      "original": {
--- a/hosts/miniserver/configuration.nix
+++ b/hosts/miniserver/configuration.nix
@@ -1,17 +1,17 @@
-{ config, ... }:
+{ config, inputs, ... }:
 {
  imports = [
    ./hardware-configuration.nix
    ../../config/base.nix
    ../../config/stylix.nix
  ];
-  my = import ./toggles.nix // {
+  my = import ./toggles.nix { inherit inputs; } // {
    nix.cores = 3;
    nix.maxJobs = 8;
    users.nixremote.enable = true;
-    users.nixremote.authorizedKeys = [
-      ../../secrets/ssh/ed25519_nixworkstation.pub
-      ../../secrets/ssh/ed25519_nixserver.pub
+    users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
+      "nixworkstation"
+      "nixserver"
    ];
  };
  nix.buildMachines =
--- a/hosts/miniserver/toggles.nix
+++ b/hosts/miniserver/toggles.nix
@@ -1,16 +1,6 @@
+{ inputs }:
 let
-  mkEnabled = name: {
-    inherit name;
-    value.enable = true;
-  };
-  mkEnabledWithProxy = name: {
-    inherit name;
-    value = {
-      enable = true;
-      enableProxy = true;
-    };
-  };
-  enableList = func: list: list |> map func |> builtins.listToAttrs;
+  inherit (inputs.self.lib) mkEnabled mkEnabledWithProxy enableList;
 in
 {
  emacs.enable = true;
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -2,6 +2,7 @@
  pkgs,
  config,
  lib,
+  inputs,
  ...
 }:
 {
@@ -10,12 +11,12 @@
    ../../config/base.nix
    ../../config/stylix.nix
  ];
-  my = import ./toggles.nix { inherit config; } // {
+  my = import ./toggles.nix { inherit config inputs; } // {
    nix.cores = 6;
    users.nixremote.enable = true;
-    users.nixremote.authorizedKeys = [
-      ../../secrets/ssh/ed25519_nixworkstation.pub
-      ../../secrets/ssh/ed25519_nixminiserver.pub
+    users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
+      "nixworkstation"
+      "nixminiserver"
    ];
    network.firewall.enabledServicePorts = true;
    network.firewall.additionalPorts = [
--- a/hosts/server/toggles.nix
+++ b/hosts/server/toggles.nix
@@ -1,17 +1,7 @@
-{ config }:
+{ config, inputs }:
 let
-  mkEnabled = name: {
-    inherit name;
-    value.enable = true;
-  };
-  mkEnabledIp = name: {
-    inherit name;
-    value = {
-      enable = true;
-      ip = config.my.ips.wg-server;
-    };
-  };
-  enableList = func: list: list |> map func |> builtins.listToAttrs;
+  inherit (inputs.self.lib) mkEnabled enableList;
+  mkEnabledIp = inputs.self.lib.mkEnabledIp config.my.ips.wg-server;
 in
 {
  mainServer = "server";
--- a/hosts/workstation/configuration.nix
+++ b/hosts/workstation/configuration.nix
@@ -1,6 +1,7 @@
 {
  pkgs,
  config,
+  inputs,
  ...
 }:
 let
@@ -22,13 +23,13 @@ in
    ../../config/stylix.nix
    ../../environments/gnome.nix
  ];
-  my = import ./toggles.nix // {
+  my = import ./toggles.nix { inherit inputs; } // {
    nix.cores = 8;
    nix.maxJobs = 8;
    users.nixremote.enable = true;
-    users.nixremote.authorizedKeys = [
-      ../../secrets/ssh/ed25519_nixserver.pub
-      ../../secrets/ssh/ed25519_nixminiserver.pub
+    users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
+      "nixserver"
+      "nixminiserver"
    ];
  };
  home-manager.users.jawz = {
--- a/hosts/workstation/toggles.nix
+++ b/hosts/workstation/toggles.nix
@@ -1,9 +1,6 @@
+{ inputs }:
 let
-  mkEnabled = name: {
-    inherit name;
-    value.enable = true;
-  };
-  enableList = func: list: list |> map func |> builtins.listToAttrs;
+  inherit (inputs.self.lib) mkEnabled enableList;
 in
 {
  stylix.enable = true;
--- a/modules/factories/mkserver.nix
+++ b/modules/factories/mkserver.nix
@@ -53,58 +53,8 @@ let
      default = null;
    };
  };
-  proxy = locations: {
-    inherit locations;
-    forceSSL = true;
-    enableACME = true;
-    http2 = true;
-  };
-  proxyReverse =
-    cfg:
-    proxy {
-      "/" = {
-        proxyPass = "http://${cfg.ip}:${toString cfg.port}/";
-        proxyWebsockets = cfg.enableSocket;
-      };
-    };
-  proxyReverseFix =
-    cfg:
-    let
-      useLocalhost = cfg.hostName == config.networking.hostName;
-      localHeaders = ''
-        proxy_set_header   Host $host;
-        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header   X-Forwarded-Proto $scheme;
-      '';
-    in
-    proxyReverse cfg
-    // {
-      extraConfig = ''
-        ${if useLocalhost then localHeaders else ""}
-        proxy_set_header   X-Forwarded-Host $host;
-        proxy_set_header   Upgrade $http_upgrade;
-        proxy_set_header   Connection $http_connection;
-        proxy_redirect     off;
-        proxy_http_version 1.1;
-      '';
-    };
-  proxyReversePrivate =
-    cfg:
-    proxyReverse cfg
-    // {
-      extraConfig = ''
-        ssl_verify_client on;
-        ssl_client_certificate ${cfg.certPath};
-        error_page 403 /403.html;
-      '';
-    };
 in
 {
-  inherit
-    mkOptions
-    proxy
-    proxyReverse
-    proxyReverseFix
-    proxyReversePrivate
-    ;
+  inherit mkOptions;
+  mkServerOptions = mkOptions;
 }
--- a/modules/modules.nix
+++ b/modules/modules.nix
@@ -17,6 +17,7 @@ in
    ++ inputs.self.lib.autoImport ./shell filterNames
    ++ inputs.self.lib.autoImport ./network filterNames
    ++ [
+      ./factories/mkscript.nix
      ./nix/build.nix
      ./users/nixremote.nix
    ];
@@ -48,7 +49,7 @@ in
        server = "192.168.100.15";
        miniserver = "192.168.1.100";
        workstation = "192.168.100.18";
-        vps = "51.222.141.104";
+        vps = "172.236.243.182";
        wg-vps = "10.77.0.1";
        wg-server = "10.77.0.2";
        wg-friend1 = "10.8.0.2";
@@ -104,65 +105,71 @@ in
    enableProxy = lib.mkEnableOption "nginx reverse proxy for services";
  };
  config = {
-    assertions = [
-      {
-        assertion = config.my.servers.nextcloud.enable -> config.my.servers.postgres.enable;
-        message = "Nextcloud requires PostgreSQL to be enabled";
-      }
-      {
-        assertion = config.my.servers.vaultwarden.enable -> config.my.servers.postgres.enable;
-        message = "Vaultwarden requires PostgreSQL to be enabled";
-      }
-      {
-        assertion = config.my.servers.firefly-iii.enable -> config.my.servers.postgres.enable;
-        message = "Firefly III requires PostgreSQL to be enabled";
-      }
-      {
-        assertion = config.my.servers.mealie.enable -> config.my.servers.postgres.enable;
-        message = "Mealie requires PostgreSQL to be enabled";
-      }
-      {
-        assertion = config.my.servers.shiori.enable -> config.my.servers.postgres.enable;
-        message = "Shiori requires PostgreSQL to be enabled";
-      }
-      {
-        assertion = config.my.servers.ryot.enable -> config.my.servers.postgres.enable;
-        message = "Ryot requires PostgreSQL to be enabled";
-      }
-      {
-        assertion = config.my.servers.synapse.enable -> config.my.servers.postgres.enable;
-        message = "Matrix Synapse requires PostgreSQL to be enabled";
-      }
-      {
-        assertion = config.my.servers.gitea.enable -> config.my.servers.postgres.enable;
-        message = "Gitea requires PostgreSQL to be enabled";
-      }
-      {
-        assertion =
-          config.my.enableProxy
-          -> (builtins.any (s: s.enableProxy or false) (builtins.attrValues config.my.servers));
-        message = "enableProxy is true but no services have enableProxy enabled";
-      }
-      {
-        assertion =
-          config.my.enableContainers
-          || !(builtins.any (opt: opt) [
-            config.my.servers.ryot.enable
-            config.my.servers.lidarr.enable
-            config.my.servers.prowlarr.enable
-            config.my.servers.maloja.enable
-            config.my.servers.multi-scrobbler.enable
-            config.my.servers.flame.enable
-            config.my.servers.flameSecret.enable
-            config.my.servers.metube.enable
-            config.my.servers.go-vod.enable
-            config.my.servers.tranga.enable
-            config.my.servers.drpp.enable
-            config.my.servers.plex-discord-bot.enable
-          ]);
-        message = "Container services are enabled but enableContainers is false";
-      }
-    ];
+    assertions =
+      # PostgreSQL dependency assertions
+      inputs.self.lib.mkPostgresDependencies config [
+        {
+          service = "nextcloud";
+          name = "Nextcloud";
+        }
+        {
+          service = "vaultwarden";
+          name = "Vaultwarden";
+        }
+        {
+          service = "firefly-iii";
+          name = "Firefly III";
+        }
+        {
+          service = "mealie";
+          name = "Mealie";
+        }
+        {
+          service = "shiori";
+          name = "Shiori";
+        }
+        {
+          service = "ryot";
+          name = "Ryot";
+        }
+        {
+          service = "synapse";
+          name = "Matrix Synapse";
+        }
+        {
+          service = "gitea";
+          name = "Gitea";
+        }
+      ]
+      ++
+      # Other assertions
+      [
+        {
+          assertion =
+            config.my.enableProxy
+            -> (builtins.any (s: s.enableProxy or false) (builtins.attrValues config.my.servers));
+          message = "enableProxy is true but no services have enableProxy enabled";
+        }
+        {
+          assertion =
+            config.my.enableContainers
+            || !(builtins.any (opt: opt) [
+              config.my.servers.ryot.enable
+              config.my.servers.lidarr.enable
+              config.my.servers.prowlarr.enable
+              config.my.servers.maloja.enable
+              config.my.servers.multi-scrobbler.enable
+              config.my.servers.flame.enable
+              config.my.servers.flameSecret.enable
+              config.my.servers.metube.enable
+              config.my.servers.go-vod.enable
+              config.my.servers.tranga.enable
+              config.my.servers.drpp.enable
+              config.my.servers.plex-discord-bot.enable
+            ]);
+          message = "Container services are enabled but enableContainers is false";
+        }
+      ];
    virtualisation = {
      containers.enable = true;
      oci-containers.backend = "podman";
--- a/modules/network/firewall.nix
+++ b/modules/network/firewall.nix
@@ -6,6 +6,7 @@
 }:
 let
  firewallBlacklist = [
+    "sabnzbd"
    "lidarr"
    "maloja"
    "tranga"
--- a/modules/scripts/download.nix
+++ b/modules/scripts/download.nix
@@ -6,7 +6,6 @@
  ...
 }:
 {
-  imports = [ ../factories/mkscript.nix ];
  options.my.units = {
    download.enable = lib.mkEnableOption "media download automation scripts";
    downloadManga.enable = lib.mkEnableOption "manga download automation";
--- a/modules/scripts/ffmpeg4discord.nix
+++ b/modules/scripts/ffmpeg4discord.nix
@@ -1,6 +1,5 @@
 { inputs, lib, ... }:
 {
-  imports = [ ../factories/mkscript.nix ];
  config.my.scripts.ffmpeg4discord = {
    enable = lib.mkDefault false;
    install = true;
--- a/modules/scripts/ffmpreg.nix
+++ b/modules/scripts/ffmpreg.nix
@@ -1,6 +1,5 @@
 { inputs, lib, ... }:
 {
-  imports = [ ../factories/mkscript.nix ];
  config.my.scripts.ffmpreg = {
    enable = lib.mkDefault false;
    install = true;
--- a/modules/scripts/find-dup-episode.nix
+++ b/modules/scripts/find-dup-episode.nix
@@ -1,6 +1,5 @@
 { inputs, lib, ... }:
 {
-  imports = [ ../factories/mkscript.nix ];
  config.my.scripts.find-dup-episodes = {
    enable = lib.mkDefault false;
    install = true;
--- a/modules/scripts/library-report.nix
+++ b/modules/scripts/library-report.nix
@@ -1,6 +1,5 @@
 { inputs, lib, ... }:
 {
-  imports = [ ../factories/mkscript.nix ];
  config.my.scripts.library-report = {
    enable = lib.mkDefault false;
    install = true;
--- a/modules/scripts/manage-library.nix
+++ b/modules/scripts/manage-library.nix
@@ -1,6 +1,5 @@
 { inputs, lib, ... }:
 {
-  imports = [ ../factories/mkscript.nix ];
  config.my.scripts.manage-library = {
    enable = lib.mkDefault false;
    install = true;
--- a/modules/scripts/pika-list.nix
+++ b/modules/scripts/pika-list.nix
@@ -1,6 +1,5 @@
 { inputs, lib, ... }:
 {
-  imports = [ ../factories/mkscript.nix ];
  config.my.scripts.pika-list = {
    enable = lib.mkDefault false;
    install = true;
--- a/modules/scripts/run.nix
+++ b/modules/scripts/run.nix
@@ -1,6 +1,5 @@
 { inputs, lib, ... }:
 {
-  imports = [ ../factories/mkscript.nix ];
  config.my.scripts.run = {
    enable = lib.mkDefault false;
    install = true;
--- a/modules/scripts/split-dir.nix
+++ b/modules/scripts/split-dir.nix
@@ -1,6 +1,5 @@
 { inputs, lib, ... }:
 {
-  imports = [ ../factories/mkscript.nix ];
  config.my.scripts.split-dir = {
    enable = lib.mkDefault false;
    install = true;
--- a/modules/scripts/stream-dl.nix
+++ b/modules/scripts/stream-dl.nix
@@ -6,7 +6,6 @@
  ...
 }:
 {
-  imports = [ ../factories/mkscript.nix ];
  options.my.units.stream-dl.enable = lib.mkEnableOption "streaming media download service";
  config =
    let
--- a/modules/scripts/tasks.nix
+++ b/modules/scripts/tasks.nix
@@ -1,6 +1,5 @@
 { inputs, lib, ... }:
 {
-  imports = [ ../factories/mkscript.nix ];
  config.my.scripts.tasks = {
    enable = lib.mkDefault false;
    install = true;
--- a/modules/scripts/tuh-activity-logger.nix
+++ b/modules/scripts/tuh-activity-logger.nix
@@ -1,6 +1,5 @@
 { inputs, lib, ... }:
 {
-  imports = [ ../factories/mkscript.nix ];
  config.my.scripts.tuh-activity-logger = {
    enable = lib.mkDefault false;
    install = true;
--- a/modules/scripts/update-dns.nix
+++ b/modules/scripts/update-dns.nix
@@ -6,7 +6,6 @@
  ...
 }:
 {
-  imports = [ ../factories/mkscript.nix ];
  config = lib.mkIf config.my.secureHost {
    sops.secrets = {
      cloudflare-api.sopsFile = ../../secrets/env.yaml;
--- a/modules/scripts/update-org-agenda-cache.nix
+++ b/modules/scripts/update-org-agenda-cache.nix
@@ -5,7 +5,6 @@
  ...
 }:
 {
-  imports = [ ../factories/mkscript.nix ];
  config.my.scripts.update-org-agenda-cache = {
    enable = lib.mkDefault false;
    install = config.my.emacs.enable;
--- a/modules/servers/atticd.nix
+++ b/modules/servers/atticd.nix
@@ -1,14 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.atticd;
 in
 {
-  options.my.servers.atticd = inputs.self.lib.mkServerOptions "atticd" "cache" 2343 lib;
+  options.my.servers.atticd = setup.mkOptions "atticd" "cache" 2343;
  config = lib.mkIf (cfg.enable && config.my.secureHost) {
    sops.secrets."private_cache_keys/atticd".sopsFile = ../../secrets/keys.yaml;
    services.atticd = {
@@ -17,6 +17,7 @@ in
      settings = {
        listen = "[::]:${toString cfg.port}";
        jwt = { };
+        database.heartbeat = true; # 5 minutes
        chunking = {
          nar-size-threshold = 64 * 1024; # 64 KiB
          min-size = 16 * 1024; # 16 KiB
@@ -25,7 +26,7 @@ in
        };
        compression = {
          type = "zstd";
-          level = 8;
+          level = 3;
        };
        garbage-collection = {
          interval = "7 days";
@@ -33,5 +34,12 @@ in
        };
      };
    };
+    systemd.services.atticd = {
+      serviceConfig = {
+        TimeoutStartSec = "15min";
+        TimeoutStopSec = "5min";
+        MemoryMax = "4G";
+      };
+    };
  };
 }
--- a/modules/servers/audiobookshelf.nix
+++ b/modules/servers/audiobookshelf.nix
@@ -1,16 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.audiobookshelf;
 in
 {
-  options.my.servers.audiobookshelf =
-    inputs.self.lib.mkServerOptions "audiobookshelf" "audiobooks" 5687
-      lib;
+  options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687;
  config = lib.mkIf (cfg.enable && config.my.secureHost) {
    my.servers.audiobookshelf.enableSocket = true;
    services.audiobookshelf = {
--- a/modules/servers/bazarr.nix
+++ b/modules/servers/bazarr.nix
@@ -1,16 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.bazarr;
 in
 {
-  options.my.servers.bazarr =
-    inputs.self.lib.mkServerOptions "bazarr" "subs" config.services.bazarr.listenPort
-      lib;
+  options.my.servers.bazarr = setup.mkOptions "bazarr" "subs" config.services.bazarr.listenPort;
  config.services.bazarr = lib.mkIf cfg.enable {
    inherit (cfg) enable;
    group = "piracy";
--- a/modules/servers/drpp.nix
+++ b/modules/servers/drpp.nix
@@ -1,14 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.drpp;
 in
 {
-  options.my.servers.drpp = inputs.self.lib.mkServerOptions "drpp" "drpp" 0 lib;
+  options.my.servers.drpp = setup.mkOptions "drpp" "drpp" 0;
  config.virtualisation.oci-containers.containers.drpp = lib.mkIf cfg.enable {
    image = "ghcr.io/phin05/discord-rich-presence-plex:latest";
    environment = {
--- a/modules/servers/firefox-syncserver.nix
+++ b/modules/servers/firefox-syncserver.nix
@@ -1,16 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.firefox-syncserver;
 in
 {
-  options.my.servers.firefox-syncserver =
-    inputs.self.lib.mkServerOptions "firefox-syncserver" "sync" 4233
-      lib;
+  options.my.servers.firefox-syncserver = setup.mkOptions "firefox-syncserver" "sync" 4233;
  config = lib.mkIf (cfg.enable && config.my.secureHost) {
    # sops.secrets.firefox-syncserver.sopsFile = ../../secrets/env.yaml;
    services.firefox-syncserver = {
--- a/modules/servers/flame.nix
+++ b/modules/servers/flame.nix
@@ -1,18 +1,18 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
  cfg = config.my.servers.flame;
  cfgS = config.my.servers.flameSecret;
  enable = (cfg.enable || cfgS.enable) && config.my.secureHost;
+  setup = import ../factories/mkserver.nix { inherit lib config; };
 in
 {
  options.my.servers = {
-    flame = inputs.self.lib.mkServerOptions "flame" "start" 5005 lib;
-    flameSecret = inputs.self.lib.mkServerOptions "flameSecret" "qampqwn4wprhqny8h8zj" 5007 lib;
+    flame = setup.mkOptions "flame" "start" 5005;
+    flameSecret = setup.mkOptions "flameSecret" "qampqwn4wprhqny8h8zj" 5007;
  };
  config = lib.mkIf enable {
    sops.secrets = {
--- a/modules/servers/gitea.nix
+++ b/modules/servers/gitea.nix
@@ -1,11 +1,11 @@
 {
  lib,
  config,
-  inputs,
  pkgs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.gitea;
 in
 {
@@ -13,7 +13,7 @@ in
    ../nix/gitea-actions-runners/ryujinx.nix
    ../nix/gitea-actions-runners/nixos.nix
  ];
-  options.my.servers.gitea = inputs.self.lib.mkServerOptions "gitea" "git" 9083 lib;
+  options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083;
  config = lib.mkIf (cfg.enable && config.my.secureHost) {
    sops.secrets.gitea.sopsFile = ../../secrets/env.yaml;
    services.gitea = {
--- a/modules/servers/homepage.nix
+++ b/modules/servers/homepage.nix
@@ -1,14 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.homepage;
 in
 {
-  options.my.servers.homepage = inputs.self.lib.mkServerOptions "homepage" "home" 8082 lib;
+  options.my.servers.homepage = setup.mkOptions "homepage" "home" 8082;
  config = lib.mkIf config.my.secureHost {
    sops.secrets = lib.mkIf cfg.enable {
      homepage.sopsFile = ../../secrets/homepage.yaml;
--- a/modules/servers/jellyfin.nix
+++ b/modules/servers/jellyfin.nix
@@ -8,6 +8,7 @@
 let
  cfg = config.my.servers.jellyfin;
  inherit (inputs.jawz-scripts.packages.x86_64-linux) sub-sync;
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  sub-sync-path = [
    pkgs.nix
    pkgs.bash
@@ -21,7 +22,7 @@ let
  ];
 in
 {
-  options.my.servers.jellyfin = inputs.self.lib.mkServerOptions "jellyfin" "flix" 8096 lib;
+  options.my.servers.jellyfin = setup.mkOptions "jellyfin" "flix" 8096;
  config = lib.mkIf (cfg.enable && config.my.secureHost) {
    environment.systemPackages = [
      pkgs.jellyfin-ffmpeg
--- a/modules/servers/kavita.nix
+++ b/modules/servers/kavita.nix
@@ -1,16 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.kavita;
 in
 {
-  options.my.servers.kavita =
-    inputs.self.lib.mkServerOptions "kavita" "library" config.services.kavita.settings.Port
-      lib;
+  options.my.servers.kavita = setup.mkOptions "kavita" "library" config.services.kavita.settings.Port;
  config = lib.mkIf (cfg.enable && config.my.secureHost) {
    sops.secrets.kavita-token = {
      owner = config.users.users.kavita.name;
--- a/modules/servers/lidarr.nix
+++ b/modules/servers/lidarr.nix
@@ -1,14 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.lidarr;
 in
 {
-  options.my.servers.lidarr = inputs.self.lib.mkServerOptions "lidarr" "music" 8686 lib;
+  options.my.servers.lidarr = setup.mkOptions "lidarr" "music" 8686;
  config.virtualisation.oci-containers.containers.lidarr = lib.mkIf cfg.enable {
    autoStart = true;
    image = "linuxserver/lidarr:version-2.13.3.4711";
--- a/modules/servers/maloja.nix
+++ b/modules/servers/maloja.nix
@@ -1,14 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.maloja;
 in
 {
-  options.my.servers.maloja = inputs.self.lib.mkServerOptions "maloja" "maloja" 42010 lib;
+  options.my.servers.maloja = setup.mkOptions "maloja" "maloja" 42010;
  config = lib.mkIf (cfg.enable && config.my.secureHost) {
    sops.secrets.maloja.sopsFile = ../../secrets/env.yaml;
    virtualisation.oci-containers.containers.maloja = {
--- a/modules/servers/mealie.nix
+++ b/modules/servers/mealie.nix
@@ -1,14 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.mealie;
 in
 {
-  options.my.servers.mealie = inputs.self.lib.mkServerOptions "mealie" "mealie" 9925 lib;
+  options.my.servers.mealie = setup.mkOptions "mealie" "mealie" 9925;
  config = lib.mkIf (cfg.enable && config.my.secureHost) {
    sops.secrets.mealie.sopsFile = ../../secrets/env.yaml;
    services.mealie = {
--- a/modules/servers/metube.nix
+++ b/modules/servers/metube.nix
@@ -1,14 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.metube;
 in
 {
-  options.my.servers.metube = inputs.self.lib.mkServerOptions "metube" "bajameesta" 8881 lib;
+  options.my.servers.metube = setup.mkOptions "metube" "bajameesta" 8881;
  config.virtualisation.oci-containers.containers.metube = lib.mkIf cfg.enable {
    image = "ghcr.io/alexta69/metube:latest";
    ports = [ "${toString cfg.port}:8081" ];
--- a/modules/servers/microbin.nix
+++ b/modules/servers/microbin.nix
@@ -1,14 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.microbin;
 in
 {
-  options.my.servers.microbin = inputs.self.lib.mkServerOptions "microbin" "copy" 8086 lib;
+  options.my.servers.microbin = setup.mkOptions "microbin" "copy" 8086;
  config.services.microbin = lib.mkIf (cfg.enable && config.my.secureHost) {
    inherit (cfg) enable;
    settings = {
--- a/modules/servers/multi-scrobbler.nix
+++ b/modules/servers/multi-scrobbler.nix
@@ -1,16 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.multi-scrobbler;
 in
 {
-  options.my.servers.multi-scrobbler =
-    inputs.self.lib.mkServerOptions "multi-scrobbler" "scrobble" 9078
-      lib;
+  options.my.servers.multi-scrobbler = setup.mkOptions "multi-scrobbler" "scrobble" 9078;
  config = lib.mkIf (cfg.enable && config.my.secureHost) {
    sops.secrets.multi-scrobbler.sopsFile = ../../secrets/env.yaml;
    virtualisation.oci-containers.containers.multi-scrobbler = {
--- a/modules/servers/nextcloud.nix
+++ b/modules/servers/nextcloud.nix
@@ -6,6 +6,7 @@
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  commonProxyConfig = ''
    proxy_set_header Host $host;
  '';
@@ -28,14 +29,14 @@ let
      };
    }
  );
-  pytensorflow = pkgs.python311.withPackages (ps: [ ps.tensorflow ]);
+  pytensorflow = pkgs.python3.withPackages (ps: [ ps.tensorflow ]);
  cfg = config.my.servers.nextcloud;
  cfgC = config.my.servers.collabora;
 in
 {
  options.my.servers = {
-    nextcloud = inputs.self.lib.mkServerOptions "nextcloud" "cloud" 80 lib;
-    collabora = inputs.self.lib.mkServerOptions "collabora" "collabora" 9980 lib;
+    nextcloud = setup.mkOptions "nextcloud" "cloud" 80;
+    collabora = setup.mkOptions "collabora" "collabora" 9980;
    go-vod.enable = lib.mkEnableOption "Go-VOD video transcoding service";
  };
  config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) {
@@ -174,6 +175,14 @@ in
          ];
          #vps
          serverAliases = [ "cloud.rotehaare.art" ];
+          extraConfig = ''
+            add_header X-XSS-Protection "1; mode=block" always;
+            add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
+            add_header X-Content-Type-Options "nosniff" always;
+            add_header X-Frame-Options "SAMEORIGIN" always;
+            add_header Referrer-Policy "no-referrer-when-downgrade" always;
+            add_header X-Permitted-Cross-Domain-Policies "none" always;
+          '';
          locations = {
            "/".proxyWebsockets = true;
            "~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" =
@@ -186,6 +195,11 @@ in
          http2 = true;
          locations = {
            # static files
+            "^~ /browser" = {
+              proxyPass = cfgC.local;
+              extraConfig = commonProxyConfig;
+            };
+            # Legacy static files (for compatibility)
            "^~ /loleaflet" = {
              proxyPass = cfgC.local;
              extraConfig = commonProxyConfig;
@@ -201,11 +215,21 @@ in
              extraConfig = commonProxyConfig;
            };
            # download, presentation, image upload and websocket
+            "~ ^/cool" = {
+              proxyPass = cfgC.local;
+              extraConfig = commonWebsocketConfig;
+            };
+            # Legacy websocket (for compatibility)
            "~ ^/lool" = {
              proxyPass = cfgC.local;
              extraConfig = commonWebsocketConfig;
            };
            # Admin Console websocket
+            "^~ /cool/adminws" = {
+              proxyPass = cfgC.local;
+              extraConfig = commonWebsocketConfig;
+            };
+            # Legacy Admin Console websocket (for compatibility)
            "^~ /lool/adminws" = {
              proxyPass = cfgC.local;
              extraConfig = commonWebsocketConfig;
@@ -230,23 +254,23 @@ in
      };
      collabora = lib.mkIf cfgC.enable {
        autoStart = true;
-        image = "collabora/code";
-        imageFile = pkgs.dockerTools.pullImage {
-          imageName = "collabora/code";
-          imageDigest = "sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f";
-          sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs=";
-        };
+        image = "collabora/code:latest";
        ports = [ "9980:9980" ];
        environment = {
          TZ = config.my.timeZone;
          domain = cfg.host;
-          aliasgroup1 = "${cfg.host}:443";
-          aliasgroup2 = "cloud.rotehaare.art:443";
+          aliasgroup1 = "${cfg.url}:443";
+          aliasgroup2 = "https://cloud.rotehaare.art:443";
+          server_name = cfgC.host;
          dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
          extra_params = ''
            --o:ssl.enable=false
            --o:ssl.termination=true
+            --o:remote_font_config.url=${cfg.url}/apps/richdocuments/settings/fonts.json
+            --o:logging.level=information
          '';
+          DONT_GEN_SSL_CERT = "1";
+          SLEEPFORDEBUGGER = "0";
        };
        extraOptions = [
          "--cap-add"
--- a/modules/servers/nix-serve.nix
+++ b/modules/servers/nix-serve.nix
@@ -1,15 +1,15 @@
 {
  lib,
-  inputs,
  config,
  pkgs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.nix-serve;
 in
 {
-  options.my.servers.nix-serve = inputs.self.lib.mkServerOptions "nix-serve" "cache" 5000 lib;
+  options.my.servers.nix-serve = setup.mkOptions "nix-serve" "cache" 5000;
  config = lib.mkIf (cfg.enable && config.my.secureHost) {
    sops.secrets."private_cache_keys/miniserver".sopsFile = ../../secrets/keys.yaml;
    services.nix-serve = {
--- a/modules/servers/ombi.nix
+++ b/modules/servers/ombi.nix
@@ -1,14 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.ombi;
 in
 {
-  options.my.servers.ombi = inputs.self.lib.mkServerOptions "ombi" "requests" 3425 lib;
+  options.my.servers.ombi = setup.mkOptions "ombi" "requests" 3425;
  config.services.ombi = lib.mkIf cfg.enable {
    inherit (cfg) enable port;
  };
--- a/modules/servers/plex-discord-bot.nix
+++ b/modules/servers/plex-discord-bot.nix
@@ -1,15 +1,15 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.plex-discord-bot;
  name = "plex-discord-bot";
 in
 {
-  options.my.servers.plex-discord-bot = inputs.self.lib.mkServerOptions name name 0 lib;
+  options.my.servers.plex-discord-bot = setup.mkOptions name name 0;
  config.virtualisation.oci-containers.containers.plex-discord-bot = lib.mkIf cfg.enable {
    image = "ghcr.io/phin05/discord-rich-presence-plex:latest";
    environment = {
--- a/modules/servers/plex.nix
+++ b/modules/servers/plex.nix
@@ -1,14 +1,14 @@
 {
  lib,
-  inputs,
  config,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.plex;
 in
 {
-  options.my.servers.plex = inputs.self.lib.mkServerOptions "plex" "plex" 32400 lib;
+  options.my.servers.plex = setup.mkOptions "plex" "plex" 32400;
  config.services = lib.mkIf (cfg.enable && config.my.secureHost) {
    plex = {
      inherit (cfg) enable;
--- a/modules/servers/portfolio.nix
+++ b/modules/servers/portfolio.nix
@@ -1,14 +1,14 @@
 {
  config,
  lib,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.websites.portfolio;
 in
 {
-  options.my.websites.portfolio = inputs.self.lib.mkServerOptions "portfolio" "portfolio" 0 lib;
+  options.my.websites.portfolio = setup.mkOptions "portfolio" "portfolio" 0;
  config.services.nginx.virtualHosts."danilo-reyes.com" = lib.mkIf cfg.enableProxy {
    forceSSL = true;
    enableACME = true;
--- a/modules/servers/prowlarr.nix
+++ b/modules/servers/prowlarr.nix
@@ -1,14 +1,14 @@
 {
  lib,
-  inputs,
  config,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.prowlarr;
 in
 {
-  options.my.servers.prowlarr = inputs.self.lib.mkServerOptions "prowlarr" "indexer" 9696 lib;
+  options.my.servers.prowlarr = setup.mkOptions "prowlarr" "indexer" 9696;
  config = lib.mkIf cfg.enable {
    users.users.prowlarr = {
      group = "piracy";
--- a/modules/servers/qbittorrent.nix
+++ b/modules/servers/qbittorrent.nix
@@ -1,8 +1,8 @@
 {
+  inputs,
  lib,
  config,
  pkgs,
-  inputs,
  ...
 }:
 let
@@ -36,6 +36,10 @@ let
        ;
    }
  );
+  torrentCompletionScript = pkgs.writeShellScript "qbit-torrent-completion" ''
+    chown jawz:piracy -R "$1"
+    chmod -R 775 "$1"
+  '';
 in
 {
  options.my.servers = {
@@ -50,6 +54,7 @@ in
    };
  };
  config = lib.mkIf (config.my.servers.qbittorrent.enable && config.my.secureHost) {
+    my.network.firewall.additionalPorts = [ config.my.servers.qbittorrent.port ];
    home-manager.users.jawz.xdg.dataFile.vuetorrent.source = vuetorrent;
    sops.secrets =
      let
@@ -72,7 +77,10 @@ in
        "unpackerr/radarr-api" = mkUnpackerrSecret;
      };
    systemd = {
-      packages = [ pkgs.qbittorrent-nox ];
+      packages = [
+        pkgs.qbittorrent-nox
+        torrentCompletionScript
+      ];
      services."qbittorrent-nox@jawz" = {
        enable = true;
        overrideStrategy = "asDropin";
--- a/modules/servers/radarr.nix
+++ b/modules/servers/radarr.nix
@@ -1,14 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.radarr;
 in
 {
-  options.my.servers.radarr = inputs.self.lib.mkServerOptions "radarr" "movies" 7878 lib;
+  options.my.servers.radarr = setup.mkOptions "radarr" "movies" 7878;
  config = lib.mkIf cfg.enable {
    services.radarr = {
      inherit (cfg) enable;
--- a/modules/servers/readeck.nix
+++ b/modules/servers/readeck.nix
@@ -1,14 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.readeck;
 in
 {
-  options.my.servers.readeck = inputs.self.lib.mkServerOptions "readeck" "laters" 9546 lib;
+  options.my.servers.readeck = setup.mkOptions "readeck" "laters" 9546;
  config = lib.mkIf (cfg.enable && config.my.secureHost) {
    sops.secrets.readeck.sopsFile = ../../secrets/env.yaml;
    services.readeck = {
--- a/modules/servers/ryot.nix
+++ b/modules/servers/ryot.nix
@@ -1,14 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.ryot;
 in
 {
-  options.my.servers.ryot = inputs.self.lib.mkServerOptions "ryot" "tracker" 8765 lib;
+  options.my.servers.ryot = setup.mkOptions "ryot" "tracker" 8765;
  config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) {
    sops.secrets.ryot.sopsFile = ../../secrets/env.yaml;
    virtualisation.oci-containers.containers.ryot = {
--- a/modules/servers/sabnzbd.nix
+++ b/modules/servers/sabnzbd.nix
@@ -12,6 +12,7 @@ in
    };
  };
  config = lib.mkIf cfg.enable {
+    my.network.firewall.additionalPorts = [ cfg.port ];
    services.sabnzbd = {
      inherit (cfg) enable;
      group = "piracy";
--- a/modules/servers/shiori.nix
+++ b/modules/servers/shiori.nix
@@ -1,14 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.shiori;
 in
 {
-  options.my.servers.shiori = inputs.self.lib.mkServerOptions "shiori" "bookmarks" 4368 lib;
+  options.my.servers.shiori = setup.mkOptions "shiori" "bookmarks" 4368;
  config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) {
    sops.secrets.shiori.sopsFile = ../../secrets/env.yaml;
    services.shiori = {
--- a/modules/servers/sonarr.nix
+++ b/modules/servers/sonarr.nix
@@ -1,14 +1,14 @@
 {
  lib,
  config,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.sonarr;
 in
 {
-  options.my.servers.sonarr = inputs.self.lib.mkServerOptions "sonarr" "series" 8989 lib;
+  options.my.servers.sonarr = setup.mkOptions "sonarr" "series" 8989;
  config.services.sonarr = lib.mkIf cfg.enable {
    inherit (cfg) enable;
    group = "piracy";
--- a/modules/servers/stash.nix
+++ b/modules/servers/stash.nix
@@ -1,11 +1,11 @@
 {
  lib,
-  inputs,
  config,
  pkgs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.stash;
  cfgS = config.services.stash;
  stashPythonFHS = pkgs.buildFHSEnv {
@@ -28,7 +28,7 @@ let
  };
 in
 {
-  options.my.servers.stash = inputs.self.lib.mkServerOptions "stash" "xxx" 9999 lib;
+  options.my.servers.stash = setup.mkOptions "stash" "xxx" 9999;
  config = lib.mkIf (cfg.enable && config.my.secureHost) {
    sops.secrets = {
      "stash/password".sopsFile = ../../secrets/secrets.yaml;
--- a/modules/servers/synapse.nix
+++ b/modules/servers/synapse.nix
@@ -1,11 +1,11 @@
 {
  lib,
-  inputs,
  config,
  pkgs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.synapse;
  cfgE = config.my.servers.element;
  domain = "wedsgk5ac2qcaf9yb.click";
@@ -19,8 +19,8 @@ let
 in
 {
  options.my.servers = {
-    synapse = inputs.self.lib.mkServerOptions "synapse" "pYLemuAfsrzNBaH77xSu" 8008 lib;
-    element = inputs.self.lib.mkServerOptions "element" "55a608953f6d64c199" 5345 lib;
+    synapse = setup.mkOptions "synapse" "pYLemuAfsrzNBaH77xSu" 8008;
+    element = setup.mkOptions "element" "55a608953f6d64c199" 5345;
  };
  config = lib.mkIf (cfg.enable && config.my.secureHost) {
    my.servers = {
@@ -58,7 +58,7 @@ in
        ];
        settings = {
          server_name = cfg.domain;
-          public_baseurl = cfg.url;
+          public_baseurl = "http://${config.my.ips.wg-server}:${toString cfg.port}";
          federation_domain_whitelist = [ ];
          allow_public_rooms_without_auth = false;
          allow_public_rooms_over_federation = false;
--- a/modules/servers/tranga.nix
+++ b/modules/servers/tranga.nix
@@ -1,14 +1,14 @@
 {
  config,
  lib,
-  inputs,
  ...
 }:
 let
+  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.tranga;
 in
 {
-  options.my.servers.tranga = inputs.self.lib.mkServerOptions "tranga" "tranga" 9555 lib;
+  options.my.servers.tranga = setup.mkOptions "tranga" "tranga" 9555;
  config = lib.mkIf cfg.enable {
    virtualisation.oci-containers.containers = {
      tranga-api = {
--- a/modules/servers/vaultwarden.nix
+++ b/modules/servers/vaultwarden.nix
@@ -1,15 +1,15 @@
 {
  lib,
-  inputs,
  config,
  pkgs,
  ...
 }:
 let
  cfg = config.my.servers.vaultwarden;
+  setup = import ../factories/mkserver.nix { inherit lib config; };
 in
 {
-  options.my.servers.vaultwarden = inputs.self.lib.mkServerOptions "vaultwarden" "vault" 8222 lib;
+  options.my.servers.vaultwarden = setup.mkOptions "vaultwarden" "vault" 8222;
  config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) {
    sops.secrets.vaultwarden.sopsFile = ../../secrets/env.yaml;
    services.vaultwarden = {
--- a/modules/shell/multimedia.nix
+++ b/modules/shell/multimedia.nix
@@ -1,5 +1,6 @@
 {
  config,
+  inputs,
  lib,
  pkgs,
  ...
@@ -24,7 +25,7 @@
      };
      gallery-dl = {
        enable = true;
-        settings = import ../../dotfiles/gallery-dl.nix;
+        settings = inputs.self.lib.importDotfile ../../dotfiles/gallery-dl.nix;
      };
      ${config.my.shell.type} = {
        initExtra = lib.mkAfter ''
--- a/modules/shell/tools.nix
+++ b/modules/shell/tools.nix
@@ -106,8 +106,6 @@ in
        jq # json parser
        yq # yaml parser
        smartmontools # check hard drie health
-        ;
-      inherit (inputs.jawz-scripts.packages.x86_64-linux)
        rmlint # amazing dupe finder that integrates well with BTRFS
        ;
    };
--- a/modules/users/nixremote.nix
+++ b/modules/users/nixremote.nix
@@ -1,13 +1,18 @@
-{ lib, config, ... }:
+{
+  lib,
+  config,
+  inputs,
+  ...
+}:
 {
  options.my.users.nixremote = {
    enable = lib.mkEnableOption "nixremote user for distributed builds";
    authorizedKeys = lib.mkOption {
      type = lib.types.listOf lib.types.path;
-      default = [
-        ../../secrets/ssh/ed25519_nixworkstation.pub
-        ../../secrets/ssh/ed25519_nixserver.pub
-        ../../secrets/ssh/ed25519_nixminiserver.pub
+      default = inputs.self.lib.getSshKeys [
+        "nixworkstation"
+        "nixserver"
+        "nixminiserver"
      ];
      description = "List of SSH public key files to authorize for nixremote user";
    };
--- a/parts/core.nix
+++ b/parts/core.nix
@@ -55,55 +55,6 @@ in
        |> builtins.attrNames
        |> builtins.filter (file: builtins.match ".*\\.nix" file != null && filterFn file)
        |> map (file: dir + "/${file}");
-      mkServerOptions = name: subdomain: port: lib: {
-        enable = lib.mkEnableOption "this server service";
-        enableCron = lib.mkEnableOption "enable cronjob";
-        enableProxy = lib.mkEnableOption "enable reverse proxy";
-        port = lib.mkOption {
-          type = lib.types.int;
-          default = port;
-        };
-        name = lib.mkOption {
-          type = lib.types.str;
-          default = name;
-        };
-        domain = lib.mkOption {
-          type = lib.types.str;
-          default = "servidos.lat";
-        };
-        host = lib.mkOption {
-          type = lib.types.str;
-          default = "${subdomain}.servidos.lat";
-        };
-        hostName = lib.mkOption {
-          type = lib.types.str;
-          default = "miniserver";
-        };
-        url = lib.mkOption {
-          type = lib.types.str;
-          default = "https://${subdomain}.servidos.lat";
-        };
-        ip = lib.mkOption {
-          type = lib.types.str;
-          default = "127.0.0.1";
-        };
-        local = lib.mkOption {
-          type = lib.types.str;
-          default = "http://127.0.0.1:${toString port}";
-        };
-        isLocal = lib.mkOption {
-          type = lib.types.bool;
-          default = true;
-        };
-        enableSocket = lib.mkOption {
-          type = lib.types.bool;
-          default = false;
-        };
-        certPath = lib.mkOption {
-          type = lib.types.nullOr lib.types.path;
-          default = null;
-        };
-      };
      proxy = locations: {
        inherit locations;
        forceSSL = true;
@@ -196,6 +147,7 @@ in
        shellType: bashContent: zshContent:
        if shellType == "bash" then { initExtra = bashContent; } else { initContent = zshContent; };
      mergeAliases = baseAliases: extraAliases: baseAliases // extraAliases;
+      importDotfile = path: import path;
      getServicesWithNativeFirewall =
        config: blacklist:
        config.my.servers
@@ -219,6 +171,47 @@ in
          |> lib.attrValues
          |> map (srv: srv.port)
        );
+      mkEnabled = name: {
+        inherit name;
+        value.enable = true;
+      };
+      mkEnabledWithProxy = name: {
+        inherit name;
+        value = {
+          enable = true;
+          enableProxy = true;
+        };
+      };
+      mkEnabledIp = ip: name: {
+        inherit name;
+        value = {
+          enable = true;
+          inherit ip;
+        };
+      };
+      enableList = func: list: list |> map func |> builtins.listToAttrs;
+      mkPostgresDependency = config: serviceName: displayName: {
+        assertion = config.my.servers.${serviceName}.enable -> config.my.servers.postgres.enable;
+        message = "${displayName} requires PostgreSQL to be enabled";
+      };
+      mkPostgresDependencies =
+        config: serviceMap:
+        serviceMap |> map (entry: inputs.self.lib.mkPostgresDependency config entry.service entry.name);
+      sshKeys = {
+        deacero = ../secrets/ssh/ed25519_deacero.pub;
+        workstation = ../secrets/ssh/ed25519_workstation.pub;
+        server = ../secrets/ssh/ed25519_server.pub;
+        miniserver = ../secrets/ssh/ed25519_miniserver.pub;
+        galaxy = ../secrets/ssh/ed25519_galaxy.pub;
+        phone = ../secrets/ssh/ed25519_phone.pub;
+        vps = ../secrets/ssh/ed25519_vps.pub;
+        emacs = ../secrets/ssh/ed25519_emacs.pub;
+        # Build user keys (nixremote)
+        nixworkstation = ../secrets/ssh/ed25519_nixworkstation.pub;
+        nixserver = ../secrets/ssh/ed25519_nixserver.pub;
+        nixminiserver = ../secrets/ssh/ed25519_nixminiserver.pub;
+      };
+      getSshKeys = keyNames: keyNames |> map (name: inputs.self.lib.sshKeys.${name});
    };
  };
 }
Author	SHA1	Message	Date
NixOS Builder Bot	943d9f3329	Weekly flake update: 2025-10-29 17:38 UTC	2025-10-29 11:38:29 -06:00
Danilo Reyes	cad0288d68	lan login for schemes pipeline as well	2025-10-29 09:57:44 -06:00
Danilo Reyes	15f998179d	lowered compression rate	2025-10-29 01:57:21 -06:00
Danilo Reyes	11075969f2	push attic throguh lan	2025-10-29 01:41:24 -06:00
Danilo Reyes	4c6d02ba55	using rmlint from nixpkgs	2025-10-29 00:39:51 -06:00
Danilo Reyes	2cce4376e5	ignore conflicting cache syncthing librewolf	2025-10-29 00:00:39 -06:00
Danilo Reyes	9f455ec19c	change public listener url synapse	2025-10-28 18:51:11 -06:00
Danilo Reyes	0ef6b08c42	changed ip/config of new vps	2025-10-28 16:11:16 -06:00
Danilo Reyes	fd2962c306	nextcloud headers fix Some checks failed Weekly NixOS Build & Cache / build-and-cache (push) Failing after 2m4s Details	2025-10-26 10:08:37 -06:00
Danilo Reyes	87cca163b0	updated collabora docker	2025-10-26 09:59:24 -06:00
Danilo Reyes	cf64ff1616	heartbeat is a boolean	2025-10-25 00:59:37 -06:00
Danilo Reyes	2f6d65b239	atticd fix	2025-10-25 00:52:22 -06:00
Danilo Reyes	6dc429e56c	insecure package ughhhh	2025-10-25 00:00:28 -06:00
Danilo Reyes	28ef0d8108	fixes qbittorrent, nextcloud python update, firewall logic Some checks failed Weekly NixOS Build & Cache / build-and-cache (push) Failing after 1m55s Details	2025-10-18 10:12:09 -06:00
Danilo Reyes	0e5e06bcb6	flake update Some checks failed Weekly NixOS Build & Cache / build-and-cache (push) Failing after 18m55s Details	2025-10-13 10:08:02 -06:00
Danilo Reyes	cf4db411e0	Update SSH key paths in core.nix to use relative paths for improved consistency and maintainability. Some checks failed Weekly NixOS Build & Cache / build-and-cache (push) Failing after 18m30s Details	2025-10-12 23:00:45 -06:00
Danilo Reyes	be82c5c477	Refactor configuration files to include 'inputs' parameter for improved modularity and consistency across hosts.	2025-10-12 22:57:24 -06:00
Danilo Reyes	de5ad541b8	Refactor SSH key management to use centralized key retrieval function for nixremote users across configurations.	2025-10-12 20:28:39 -06:00
Danilo Reyes	0f7e28abd0	more migration stuff	2025-10-12 20:24:42 -06:00
Danilo Reyes	30cff89a50	cleaned up duplicated code	2025-10-12 20:03:24 -06:00
Danilo Reyes	e393a4481b	reverted server factory	2025-10-12 19:59:46 -06:00
Danilo Reyes	8664061145	further figration	2025-10-12 14:12:19 -06:00