New way to deploy apps in my server

Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
remove discord
2026-05-20 13:22:34 +02:00 · 2026-04-11 02:26:00 +02:00 · 2026-04-11 01:34:02 +02:00 · 2026-04-10 22:57:18 +02:00 · 2026-04-10 22:57:09 +02:00 · 2026-04-10 22:23:05 +02:00
87 changed files with 3364 additions and 1694 deletions
@@ -1,5 +1,5 @@
 <div align="center">
-    <img alt="nixy logo" src="https://raw.githubusercontent.com/anotherhadi/nixy/main/.github/assets/logo.png" width="120px" />
+    <img alt="nixy logo" src="./.github/assets/logo.png" width="120px" />
 </div>
 <br>
@@ -122,3 +122,11 @@ sudo nixos-rebuild switch --flake ~/.config/nixos#yourhostname
 - [CONTRIBUTING](docs/CONTRIBUTING.md): How to contribute
 - [LICENSE](LICENSE): MIT License
 ---
 <div align="center">
  <a href="https://github.com/anotherhadi/nixy">github</a> |
  <a href="https://gitlab.com/anotherhadi_mirror/nixy">gitlab (mirror)</a> |
  <a href="https://git.hadi.icu/anotherhadi/nixy">gitea (mirror)</a>
 </div
@@ -1,2 +1,3 @@
 .sops.yaml
 .claude/
 old/
@@ -1,6 +1,6 @@
 [//]: # (This file is autogenerated)
 <div align="center">
-    <img alt="nixy logo" src="https://raw.githubusercontent.com/anotherhadi/nixy/main/.github/assets/logo.png" width="120px" />
+    <img alt="nixy logo" src="./.github/assets/logo.png" width="120px" />
 </div>
 <br>
@@ -132,3 +132,11 @@ sudo nixos-rebuild switch --flake ~/.config/nixos#yourhostname
 - [CONTRIBUTING](docs/CONTRIBUTING.md): How to contribute
 - [LICENSE](LICENSE): MIT License
 ---
 <div align="center">
  <a href="https://github.com/anotherhadi/nixy">github</a> |
  <a href="https://gitlab.com/anotherhadi_mirror/nixy">gitlab (mirror)</a> |
  <a href="https://git.hadi.icu/anotherhadi/nixy">gitea (mirror)</a>
 </div
@@ -1,53 +1,29 @@
 # SERVER
 > Update in comming. Early 2026
 ## Overview
-This document describes the architecture and setup of the self-hosted **NixOS server**, which is securely accessible via **Tailscale**. The server is designed for private, secure, and easily manageable self-hosting of various services.
+This document describes the architecture and setup of the self-hosted **NixOS server**, which is securely accessible via **a Cloudflare Tunnel**.
 The server is designed for private, secure, and easily manageable self-hosting of various services.
 ![server dashboard](../.github/assets/server_dashboard.png)
 ## **Why This Setup?**
- **Private & Secure**: Services are only accessible through Tailscale, preventing exposure to the public internet.
+- **Private & Secure**: Services are only accessible through Cloudflare's access control, preventing exposure to the "public internet".
- **Domain-based Access**: A custom domain (`example.org`) maps to the server's Tailscale IP, making service access simple and consistent.
+- **Domain-based Access**: A custom domain maps to the server's tunnel, making service access simple and consistent.
- **Automatic SSL Certificates**: Using DNS-01 challenges, valid SSL certificates are generated even though the services are not publicly exposed.
+- **Modular & Declarative**: Everything is managed through NixOS modules (except for access control), ensuring reproducibility and easy configuration.
 - **Modular & Declarative**: Everything is managed through NixOS modules, ensuring reproducibility and easy configuration.
 ## **Self-Hosted Services**
 The server hosts several key applications:
-### **Core Infrastructure**
+- **NGINX**: Reverse proxy for routing traffic to services via my domain name.
 - **NGINX**: Reverse proxy for routing traffic to services via `example.org`.
 ### **Networking & Security**
 - **AdGuard Home**: A self-hosted DNS ad blocker for network-wide ad and tracker filtering.
 ### **Monitoring & Storage**
 - **Glance**: An awesome dashboard! (See the screenshot above)
 ### **Media & Content Management**
 - **Arr Stack (Radarr, Sonarr, etc.)**: Automated media management tools for handling movies and TV shows. (legaly ofc)
-
+- **Mealie**: A self-hosted recipe manager and meal planner with a clean user interface.
-## **How It Works**
+- **Stirling-PDF**: A powerful, locally hosted web application for editing, merging, and converting PDF files.
-
+- **CyberChef**: The "Cyber Swiss Army Knife" for data analysis, decoding, and encryption tasks.
-1. **Domain Configuration**
+- **Mazanoke**: A utility service for image processing, specialized in format conversion and downgrading/optimization.
-   - `example.org` is pointed to the Tailscale IP of the server. (cloudflare A record, not proxied)
+- **SSH**: Secure remote access configuration for server management. (via browser too)
-   - This allows for easy access without exposing services to the internet.
+- **Security related stuff**: Cloudflared, Fail2Ban, Firewall
 2. **SSL Certificate Generation**
   - Certificates are obtained using a **DNS-01 challenge**, verifying domain ownership without requiring public access.
 3. **NGINX Reverse Proxy**
   - Routes incoming requests from `*.example.org` to the correct internal service.
   - Ensures SSL termination and secure connections.
 4. **Access Control**
   - Only devices within the Tailscale network can reach the services.
   - Firewall rules restrict access further based on necessity.
@@ -12,6 +12,6 @@ Wallpapers are loaded from the [hadi's awesome-wallpapers](https://github.com/an
 ### Rose-pine
-![Home](.github/assets/rose-pine/home.png)
+![Home](../.github/assets/rose-pine/home.png)
-![Flake & Spotify](.github/assets/rose-pine/flake-spotify.png)
+![Flake & Spotify](../.github/assets/rose-pine/flake-spotify.png)
-![Browser and notification center](.github/assets/rose-pine/browser-and-notifications.png)
+![Browser and notification center](../.github/assets/rose-pine/browser-and-notifications.png)
@@ -11,9 +11,14 @@
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
    hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
    stylix.url = "github:danth/stylix";
    nixcord.url = "github:kaylorben/nixcord";
    sops-nix.url = "github:Mic92/sops-nix";
    nvf.url = "github:notashelf/nvf";
    bun2nix.url = "github:nix-community/bun2nix";
    nix-index-database = {
      url = "github:nix-community/nix-index-database";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
@@ -31,8 +36,13 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Server
-    eleakxir.url = "github:anotherhadi/eleakxir";
+    # FIXME: Deleted repo for now
    # eleakxir.url = "github:anotherhadi/eleakxir";
    nixarr.url = "github:rasmus-kirk/nixarr";
    default-creds.url = "github:anotherhadi/default-creds";
    blog.url = "github:anotherhadi/blog";
    awesome-wallpapers.url = "github:anotherhadi/awesome-wallpapers";
    iknowyou.url = "github:anotherhadi/iknowyou";
  };
  outputs = inputs @ {nixpkgs, ...}: {
@@ -50,9 +60,25 @@
            inputs.nixos-hardware.nixosModules.omen-16-n0005ne # CHANGEME: check https://github.com/NixOS/nixos-hardware
            inputs.home-manager.nixosModules.home-manager
            inputs.stylix.nixosModules.stylix
            inputs.nix-index-database.nixosModules.default
            ./hosts/laptop/configuration.nix # CHANGEME: change the path to match your host folder
          ];
        };
      pph = nixpkgs.lib.nixosSystem {
        modules = [
          {
            nixpkgs.overlays = [];
            _module.args = {
              inherit inputs;
            };
          }
          inputs.home-manager.nixosModules.home-manager
          inputs.stylix.nixosModules.stylix
          inputs.nix-index-database.nixosModules.default
          ./hosts/pph/configuration.nix
        ];
      };
      # Jack is my server
      jack = nixpkgs.lib.nixosSystem {
        modules = [
@@ -61,7 +87,9 @@
          inputs.stylix.nixosModules.stylix
          inputs.sops-nix.nixosModules.sops
          inputs.nixarr.nixosModules.default
-          inputs.eleakxir.nixosModules.eleakxir
+          # inputs.eleakxir.nixosModules.eleakxir
          inputs.nix-index-database.nixosModules.default
          inputs.default-creds.nixosModules.default
          ./hosts/server/configuration.nix
        ];
      };
@@ -0,0 +1,113 @@
 {pkgs, ...}: {
  programs.brave = {
    enable = true;
    commandLineArgs = [
      # Wayland Native
      "--enable-features=UseOzonePlatform"
      "--ozone-platform=wayland"
      # Hardware Acceleration (NVIDIA optimized)
      "--enable-accelerated-video-decode"
      "--enable-gpu-rasterization"
      "--enable-zero-copy"
      "--ignore-gpu-blocklist"
      # Performance
      "--enable-features=VaapiVideoDecoder"
      "--enable-features=VaapiVideoEncoder"
      "--enable-features=CanvasOopRasterization"
      "--disable-features=UseChromeOSDirectVideoDecoder"
      # Privacy & Security
      "--disable-features=MediaRouter" # Disable Chromecast
      "--disable-features=OptimizationHints" # No Google suggestions
      "--disable-features=AutofillSavePaymentMethods"
      "--disable-background-networking" # No telemetry
      "--disable-sync" # Manual sync control
      # Wayland-specific fixes
      "--disable-features=WaylandWpColorManagerV1" # Color management fix
      # UI/UX
      "--force-dark-mode" # Match Stylix theme
      "--enable-features=WebUIDarkMode"
      "--no-default-browser-check"
    ];
    extensions = let
      ids = [
        "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
        "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
        "eimadpbcbfnmbkopoojfekhnkhdbieeh" # dark reader
        "pkehgijcmpdhfbdbbnkijodmdjhbjlgp" # privacy badger
        "ghmbeldphafepmbegfdlkpapadhbakde" # proton pass
        "mmjbdbjnoablegbkcklggeknkfcjkjia" # custom new tab page
        "oabailhgoobiboghkmlppflobceplfde" # Enable Clipboard
      ];
    in
      map (id: {inherit id;}) ids;
  };
  xdg.configFile."BraveSoftware/Brave-Browser/Policies/managed/policy.json".text = builtins.toJSON {
    BraveShieldsAdControl = 2;
    BraveShieldsTrackersBlocked = 1;
    BraveShieldsHttpsEverywhere = 1;
    BraveRewardsDisabled = 1;
    BraveWalletDisabled = 1;
    BraveVPNDisabled = 1;
    BraveAIChatEnabled = 0;
    PasswordManagerEnabled = 0;
    BravePlaylistEnabled = 0;
    BraveWebDiscoveryEnabled = 0;
    BraveStatsPingEnabled = 0;
    DnsOverHttpsMode = "automatic";
    BraveDarkMode = 1;
  };
  home.sessionVariables = {
    DEFAULT_BROWSER = "${pkgs.brave}/bin/brave";
    BROWSER = "${pkgs.brave}/bin/brave";
  };
  xdg.desktopEntries = {
    brave-incognito = {
      name = "Brave (Private window)";
      genericName = "Navigateur Web";
      exec = "brave --incognito";
      icon = "brave-browser";
      terminal = false;
      categories = ["Network" "WebBrowser"];
      mimeType = ["text/html" "text/xml"];
    };
    brave-tor = {
      name = "Brave (Private window w/Tor)";
      genericName = "Navigateur Web";
      exec = "brave --tor";
      icon = "brave-browser";
      terminal = false;
      categories = ["Network" "WebBrowser"];
    };
  };
  # =================================================================
  #  BRAVE SETTINGS (via brave://flags)
  # =================================================================
  # These need to be set manually in brave://flags on first launch:
  # - Enable Tab Groups (UI)
  # - Enable Parallel Downloading
  # - Enable Reader Mode
  # - GPU Rasterization: Enabled
  # - Override software rendering list: Enabled
  #
  # Privacy settings (brave://settings/privacy):
  # - Block trackers & ads: Aggressive
  # - Block all fingerprinting
  # - Upgrade connections to HTTPS
  # - Block scripts: Off (breaks sites, use uBlock instead)
  # - Block cookies: Only 3rd party
  #
  # Appearance (brave://settings/appearance):
  # - Show home button: Off
  # - Show bookmarks bar: Only on new tab
  # - Use wide address bar: On
 }
@@ -1,9 +0,0 @@
 # Discord is a popular chat application.
 {inputs, ...}: {
  imports = [inputs.nixcord.homeModules.nixcord];
  programs.nixcord = {
    enable = true;
    config = {frameless = true;};
  };
 }
@@ -1,2 +1,367 @@
-# Import all fetch scripts
+# Nerdfetch, a simple system info script written in bash
-{imports = [./neofetch ./nerdfetch];}
+# Source: https://github.com/ThatOneCalculator/NerdFetch
 {pkgs, ...}: let
  nerdfetch = pkgs.writeShellScriptBin "nerdfetch" ''
          ostype="$(uname)"
          version=8.1.1
          font=nerd
          distrotype=none
          osi=""
          ki=""
          ri="󰍛"
          pi="󰏔"
          ui="󰅶"
          ci=""
          case $1 in
          "-p")
          	font=phosphor
          	osi=""
          	ki=""
          	ri=""
          	pi=""
          	ui=""
          	ci=""
          	;;
          "-c")
          	font=cozette
          	ki="♥"
          	ri=""
          	pi=""
          	ui=""
          	ci=""
          	;;
          "-e")
          	font=emoji
          	osi="🐧"
          	ki="💓"
          	ri="🐐"
          	pi="📦"
          	ui="☕"
          	ci="🎨"
          	;;
          "-v")
          	echo "NerdFetch $version"
          	exit
          	;;
          "-h")
          	echo "Flags:
          -c: Cozette font
          -p: Phosphor font
          -e: Emoji font
          -v: Version"
          	exit
          	;;
          esac
          if command -v getprop 1>/dev/null; then
          	distrotype=android
          fi
          kernel="$(echo $(uname -r) | cut -d'-' -f1-1)"
          case $ostype in
          *"Linux"*)
          	if [ $distrotype = android ]; then
          		host="$(hostname)"
          		USER="$(whoami)"
          		os="Android $(getprop ro.build.version.release)"
          		case $font in
          		phosphor) osi="" ;;
          		emoji) osi="🤖" ;;
          		*) osi="󰀲" ;;
          		esac
          	else
          		host="$(cat /proc/sys/kernel/hostname)"
          		. /etc/os-release
          		if [ -f /bedrock/etc/bedrock-release ]; then
          			os="$(brl version)"
          		else
          			os="''${PRETTY_NAME}"
          			if [ $font = nerd ]; then
          				case $(echo $ID | sed 's/ .*//') in
          				debian) osi="" ;;
          				arch) osi="󰣇" ;;
          				endeavouros) osi="" ;;
          				fedora) osi="" ;;
          				gentoo) osi="" ;;
          				rhel) osi="" ;;
          				slackware) osi="" ;;
          				void) osi="" ;;
          				alpine) osi="" ;;
          				nixos) osi="󱄅" ;;
          				artix) osi="" ;;
          				exherbo) osi="󰆚" ;;
          				mageia) osi="" ;;
          				manjaro) osi="" ;;
          				opensuse) osi="" ;;
          				solus) osi="" ;;
          				ubuntu) osi="" ;;
          				mint) osi="󰣭" ;;
          				trisquel) osi="" ;;
          				puppy) osi="" ;;
          				coreos) osi="" ;;
          				mx) osi="" ;;
          				vanilla) osi="" ;;
          				pop_os) osi="" ;;
          				raspbian) osi="" ;;
          				deepin) osi="" ;;
          				almalinux) osi="" ;;
          				garuda) osi="" ;;
          				centos) osi="" ;;
          				rocky) osi="" ;;
          				esac
          			elif [ $font = cozette ]; then
          				case $(echo $ID | sed 's/ .*//') in
          				debian) osi="" ;;
          				arch) osi="" ;;
          				fedora) osi="" ;;
          				gentoo) osi="" ;;
          				slackware) osi="" ;;
          				void) osi="" ;;
          				alpine) osi="" ;;
          				nixos) osi="" ;;
          				mageia) osi="" ;;
          				manjaro) osi="" ;;
          				opensuse) osi="" ;;
          				ubuntu) osi="" ;;
          				mint) osi="" ;;
          				coreos) osi="" ;;
          				centos) osi="" ;;
          				esac
          			fi
          		fi
          	fi
          	shell=$(basename "$SHELL")
          	;;
          *"Darwin"*)
          	host="$(hostname -f | sed -e 's/^[^.]*\.//')"
          	mac_product="$(/usr/libexec/PlistBuddy -c "Print:ProductName" /System/Library/CoreServices/SystemVersion.plist)"
          	mac_version="$(/usr/libexec/PlistBuddy -c "Print:ProductVersion" /System/Library/CoreServices/SystemVersion.plist)"
          	os="''${mac_product} ''${mac_version}"
          	case $font in
          	nerd) osi="" ;;
          	phosphor) osi="" ;;
          	cozette) osi="" ;;
          	emoji) osi="🍎" ;;
          	esac
          	;;
          *"FreeBSD"*)
          	host="$(hostname)"
          	distrotype=bsd
          	os="FreeBSD $(freebsd-version | sed 's/-.*//')"
          	case $font in
          	nerd) osi="" ;;
          	phosphor) osi="" ;;
          	cozette) osi="" ;;
          	emoji) osi="😈" ;;
          	esac
          	;;
          *"OpenBSD"*)
          	host="$(hostname)"
          	distrotype=bsd
          	os="OpenBSD $(uname -r)"
          	case $font in
          	nerd) osi="" ;;
          	phosphor) osi="" ;;
          	cozette) osi="⌘" ;;
          	emoji) osi="🐡" ;;
          	esac
          	;;
          *"NetBSD"*)
          	host="$(hostname)"
          	distrotype=netbsd
          	os="NetBSD $(uname -r)"
          	case $font in
          	nerd) osi="󰉀" ;;
          	phosphor) osi="" ;;
          	cozette) osi="" ;;
          	emoji) osi="🚩" ;;
          	esac
          	;;
          *)
          	os="Unix-like"
          	host="host"
          	;;
          esac
          ## PACKAGE MANAGER AND PACKAGES DETECTION
          MANAGER=$(which nix-env pkg flatpak yum zypper dnf rpm dpkg-query brew port pacman xbps-query emerge cave apk kiss pmm /usr/sbin/slackpkg bulge birb yay paru pacstall cpm pmm eopkg getprop 2>/dev/null)
          manager=$(basename "$MANAGER")
          if [ $distrotype = netbsd ]; then
          	manager="pkg_info-netbsd"
          fi
          case $manager in
          cpm) packages="$(cpm C)" ;;
          flatpak) packages="$(flatpak list --app | wc -l)" ;;
          brew) packages="$(printf '%s\n' "$(brew --cellar)/"* | wc -l)" ;;
          port) packages="$(port installed | wc -l)" ;;
          dpkg-query) packages="$(dpkg-query -f '${"binary:Package"}\n' -W | wc -l)" ;;
          rpm) packages="$(rpm -qa --last | wc -l)" ;;
          yum) packages="$(yum list installed | wc -l)" ;;
          dnf) packages="$(dnf list installed | wc -l)" ;;
          zypper) packages="$(zypper se | wc -l)" ;;
          pacman) packages="$(pacman -Q | wc -l)" ;;
          yay) packages="$(yay -Q | wc -l)" ;;
          paru) packages="$(paru -Q | wc -l)" ;;
          pacstall) packages="$(pacstall -L | wc -l)" ;;
          kiss) packages="$(kiss list | wc -l)" ;;
          emerge) packages="$(qlist -I | wc -l)" ;;
          pkg) packages="$(pkg info | wc -l | tr -d ' ')" ;;
          cave) packages="$(cave show installed-slots | wc -l)" ;;
          xbps-query) packages="$(xbps-query -l | wc -l)" ;;
          nix-env) packages="$(nix-store -q --requisites /run/current-system/sw | wc -l)" ;;
          apk) packages="$(apk list --installed | wc -l)" ;;
          pmm) packages="$(/bedrock/libexec/pmm pacman pmm -Q 2>/dev/null | wc -l)" ;;
          eopkg) packages="$(eopkg li | wc -l)" ;;
          /usr/sbin/slackpkg) packages="$(ls /var/log/packages | wc -l)" ;;
          bulge) packages="$(bulge list | wc -l)" ;;
          birb) packages="$(birb --list-installed | wc -l)" ;;
          pkg_info)
          	packages="$(pkg_info -A | wc -l)"
          	manager="pkg"
          	;;
          pkg_info-netbsd)
          	packages="$(pkg_info -a | wc -l)"
          	manager="pkg"
          	;;
          *)
          	if [ $distrotype = android ]; then
          		packages="$(dpkg-query -f '${"binary:Package"}\n' -W | wc -l)"
          		manager="dpkg"
          	else
          		packages="$(ls /usr/bin | wc -l)"
          		manager="bin"
          	fi
          	;;
          esac
          packages="''${packages#"''${packages%%[![:space:]]*}"}"
          manager=$(echo $manager | sed "s/-query//; s/\/usr\/.*\///")
          ## UPTIME DETECTION
          if [ $distrotype = android ]; then
          	uptime="$(echo $(uptime -p) | cut -c 4-)"
          elif [ $distrotype = bsd ] || [ $distrotype = netbsd ]; then
          	uptime="$(uptime | sed -e 's/.* up //; s/, [0-9]* user.*//')"
          else
          	case $ostype in
          	*"Linux"*)
          		IFS=. read -r s _ </proc/uptime
          		;;
          	*)
          		s=$(sysctl -n kern.boottime)
          		s=''${s#*=}
          		s=''${s%,*}
          		s=$(($(date +%s) - s))
          		;;
          	esac
          	d="$((s / 60 / 60 / 24))"
          	h="$((s / 60 / 60 % 24))"
          	m="$((s / 60 % 60))"
          	# Plurals
          	[ "$d" -gt 1 ] && dp=s
          	[ "$h" -gt 1 ] && hp=s
          	[ "$m" -gt 1 ] && mp=s
          	[ "$s" -gt 1 ] && sp=s
          	# Hide empty fields.
          	[ "$d" = 0 ] && d=
          	[ "$h" = 0 ] && h=
          	[ "$m" = 0 ] && m=
          	[ "$m" != "" ] && s=
          	# Make the output of uptime smaller.
          	[ "$d" ] && uptime="$d day$dp, "
          	[ "$h" ] && uptime="$uptime$h hour$hp, "
          	[ "$m" ] && uptime="$uptime$m min$mp"
          	[ "$s" ] && uptime="$uptime$s sec$sp"
          	uptime=''${uptime%, }
          fi
          ## RAM DETECTION
          case $ostype in
          *"Linux"*)
          	while IFS=':k ' read -r key val _; do
          		case $key in
          		MemTotal)
          			mem_used=$((mem_used + val))
          			mem_full=$val
          			;;
          		Shmem) mem_used=$((mem_used + val)) ;;
          		MemFree | Buffers | Cached | SReclaimable) mem_used=$((mem_used - val)) ;;
          		esac
          	done </proc/meminfo
          	mem_used=$((mem_used / 1024))
          	mem_full=$((mem_full / 1024))
          	;;
          *"Darwin"*)
          	mem_full=$(($(sysctl -n hw.memsize) / 1024 / 1024))
          	while IFS=:. read -r key val; do
          		case $key in
          		*' wired'* | *' active'* | *' occupied'*)
          			mem_used=$((mem_used + ${"val:-0"}))
          			;;
          		esac
          	done <-EOF
          		$(vm_stat)
          	EOF
          	mem_used=$((mem_used * 4 / 1024))
          	;;
          *"BSD"*)
          	mem_full=$(($(sysctl -n hw.physmem) / 1024 / 1024))
          	if [ $distrotype = netbsd ]; then
          		mem_free=$(($(vmstat | awk 'NR==3 {print $4}') / 1024))
          	else
          		mem_free=$(($(sysctl -n vm.stats.vm.v_free_count) * $(sysctl -n vm.stats.vm.v_page_size) / 1024 / 1024))
          	fi
          	mem_used=$((mem_full - mem_free))
          	;;
          *)
          	mem_full=1
          	mem_used=0
          	;;
          esac
          memstat="''${mem_used}/''${mem_full} MiB"
          if which expr >/dev/null 2>&1; then
          	mempercent="($(expr $(expr ''${mem_used} \* 100 / ''${mem_full}))%)"
          fi
          ## DEFINE COLORS
          bold='[1m'
          black='[30m'
          red='[31m'
          green='[32m'
          yellow='[33m'
          blue='[34m'
          magenta='[35m'
          cyan='[36m'
          white='[37m'
          grey='[90m'
          reset='[0m'
          ## USER VARIABLES -- YOU CAN CHANGE THESE
          lc="$reset$bold$magenta" # labels
          nc="$reset$bold$magenta" # labels
          hn="$reset$bold$magenta" # labels
          ic="$reset$white"          # info
          c0="$reset$grey"           # first color
          c1="$reset$white"          # second color
          c2="$reset$yellow"         # third color
          ## OUTPUT
    echo """
        ''${c0}      ___     ''${nc}''${USER}''${grey}@''${reset}''${hn}''${host}''${reset}
        ''${c0}     (''${c1}.. ''${c0}\    ''${lc}''${osi}  ''${ic}''${os}''${reset}
        ''${c0}     (''${c2}<> ''${c0}|    ''${lc}''${ki}  ''${ic}''${kernel}''${reset}
        ''${c0}    /''${c1}/  \\ ''${c0}\\   ''${lc}''${ri}  ''${ic}''${RAM}''${memstat} ''${mempercent}
        ''${c0}   ( ''${c1}|  | ''${c0}/|  ''${lc}''${pi}  ''${ic}''${packages} (''${manager})''${reset}
        ''${c2}  _''${c0}/\\ ''${c1}__)''${c0}/''${c2}_''${c0})  ''${lc}''${ui}  ''${ic}''${uptime}''${reset}
        ''${c2}  \/''${c0}-____''${c2}\/''${reset}   ''${lc}''${ci}  ''${red}███''${green}███''${yellow}███''${blue}███''${magenta}███''${cyan}███''${reset}
        """
  '';
 in {home.packages = [nerdfetch];}
@@ -1,148 +0,0 @@
 # Legacy
 {pkgs, ...}: {
  home.packages = with pkgs; [neofetch];
  xdg.configFile."neofetch/ascii.txt".text = ''
    ''${c6}
    ⡏⠉⠉⠉⠉⠉⠉⠋⠉⠉⠉⠉⠉⠉⠋⠉⠉⠉⠉⠉⠉⠉⠉⠉⠉⠙⠉⠉⠉⢹
    ⡇⢸⣿⡟⠛⢿⣷⠀⢸⣿⡟⠛⢿⣷⡄⢸⣿⡇⠀⢸⣿⡇⢸⣿⡇⠀⢸⣿⡇⢸
    ⡇⢸⣿⣧⣤⣾⠿⠀⢸⣿⣇⣀⣸⡿⠃⢸⣿⡇⠀⢸⣿⡇⢸⣿⣇⣀⣸⣿⡇⢸
    ⡇⢸⣿⡏⠉⢹⣿⡆⢸⣿⡟⠛⢻⣷⡄⢸⣿⡇⠀⢸⣿⡇⢸⣿⡏⠉⢹⣿⡇⢸
    ⡇⢸⣿⣧⣤⣼⡿⠃⢸⣿⡇⠀⢸⣿⡇⠸⣿⣧⣤⣼⡿⠁⢸⣿⡇⠀⢸⣿⡇⢸
    ⣇⣀⣀⣀⣀⣀⣀⣄⣀⣀⣀⣀⣀⣀⣀⣠⣀⡈⠉⣁⣀⣄⣀⣀⣀⣠⣀⣀⣀⣸
    ⣇⣿⠘⣿⣿⣿⡿⡿⣟⣟⢟⢟⢝⠵⡝⣿⡿⢂⣼⣿⣷⣌⠩⡫⡻⣝⠹⢿⣿⣷
    ⡆⣿⣆⠱⣝⡵⣝⢅⠙⣿⢕⢕⢕⢕⢝⣥⢒⠅⣿⣿⣿⡿⣳⣌⠪⡪⣡⢑⢝⣇
    ⡆⣿⣿⣦⠹⣳⣳⣕⢅⠈⢗⢕⢕⢕⢕⢕⢈⢆⠟⠋⠉⠁⠉⠉⠁⠈⠼⢐⢕⢽
    ⡗⢰⣶⣶⣦⣝⢝⢕⢕⠅⡆⢕⢕⢕⢕⢕⣴⠏⣠⡶⠛⡉⡉⡛⢶⣦⡀⠐⣕⢕
    ⡝⡄⢻⢟⣿⣿⣷⣕⣕⣅⣿⣔⣕⣵⣵⣿⣿⢠⣿⢠⣮⡈⣌⠨⠅⠹⣷⡀⢱⢕
    ⡝⡵⠟⠈⢀⣀⣀⡀⠉⢿⣿⣿⣿⣿⣿⣿⣿⣼⣿⢈⡋⠴⢿⡟⣡⡇⣿⡇⡀⢕
    ⡝⠁⣠⣾⠟⡉⡉⡉⠻⣦⣻⣿⣿⣿⣿⣿⣿⣿⣿⣧⠸⣿⣦⣥⣿⡇⡿⣰⢗⢄
    ⠁⢰⣿⡏⣴⣌⠈⣌⠡⠈⢻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣬⣉⣉⣁⣄⢖⢕⢕⢕
    ⡀⢻⣿⡇⢙⠁⠴⢿⡟⣡⡆⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣵⣵⣿
    ⡻⣄⣻⣿⣌⠘⢿⣷⣥⣿⠇⣿⣿⣿⣿⣿⣿⠛⠻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
    ⣷⢄⠻⣿⣟⠿⠦⠍⠉⣡⣾⣿⣿⣿⣿⣿⣿⢸⣿⣦⠙⣿⣿⣿⣿⣿⣿⣿⣿⠟
    ⡕⡑⣑⣈⣻⢗⢟⢞⢝⣻⣿⣿⣿⣿⣿⣿⣿⠸⣿⠿⠃⣿⣿⣿⣿⣿⣿⡿⠁⣠
    ⡝⡵⡈⢟⢕⢕⢕⢕⣵⣿⣿⣿⣿⣿⣿⣿⣿⣿⣶⣶⣿⣿⣿⣿⣿⠿⠋⣀⣈⠙
    ⡝⡵⡕⡀⠑⠳⠿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠛⢉⡠⡲⡫⡪⡪⡣
  '';
  xdg.configFile."neofetch/config.conf".text = ''
    # From: https://github.com/Chick2D/neofetch-themes/
    # Made by https://github.com/Dan1jel
    print_info() {
        prin "\n"
        info "\n \n OS" distro
        info "\n \n Host" model
        info "\n \n Kernel" kernel
        info "\n \n Uptime" uptime
        info "\n \n Packages" packages
        info "\n \n Shell" shell
        info "\n \n Resolution" resolution
        info "\n \n DE" de
        info "\n \n WM" wm
        info "\n \n WM Theme" wm_theme
        info "\n \n Theme" theme
        info "\n \n Icons" icons
        info "\n \n Terminal" term
        info "\n \n Terminal Font" term_font
        info "\n \n CPU" cpu
        info "\n \n GPU" gpu
        info "\n \n Memory" memory
        info "\n \n Disk" disk
        info "\n \n Battery" battery
        info "\n \n Font" font
        info "\n \n Song" song
        [[ "$player" ]] && prin "\n \n Music Player" "$player"
        info "\n \n Local IP" local_ip
        prin "\n"
        # prin "\n \n    ''${cl0}──''${cl1}────''${cl2}────''${cl3}────''${cl4}────''${cl5}────''${cl6}────''${cl7}──"
        prin "\n \n \n \n \n \n ''${cl0}⬤ \n \n ''${cl1}⬤ \n \n ''${cl2}⬤ \n \n ''${cl3}⬤ \n \n ''${cl4}⬤ \n \n ''${cl5}⬤ \n \n ''${cl6}⬤ \n \n ''${cl7}⬤"
    }
    reset="\033[0m"
    gray="\033[1;90m"
    red="\033[1;31m"
    green="\033[1;32m"
    yellow="\033[1;33m"
    blue="\033[1;34m"
    magenta="\033[1;35m"
    cyan="\033[1;36m"
    white="\033[1;37m"
    cl0="''${gray}"
    cl1="''${red}"
    cl2="''${green}"
    cl3="''${yellow}"
    cl4="''${blue}"
    cl5="''${magenta}"
    cl6="''${cyan}"
    cl7="''${white}"
    title_fqdn="off"
    kernel_shorthand="on"
    distro_shorthand="off"
    os_arch="off"
    uptime_shorthand="on"
    memory_percent="off"
    memory_unit="mib"
    package_managers="on"
    shell_path="off"
    shell_version="on"
    speed_type="bios_limit"
    speed_shorthand="off"
    cpu_brand="on"
    cpu_speed="on"
    cpu_cores="logical"
    cpu_temp="off"
    gpu_brand="on"
    gpu_type="all"
    refresh_rate="off"
    gtk_shorthand="off"
    gtk2="on"
    gtk3="on"
    de_version="on"
    disk_show=('/storage/emulated' '/' '/server')
    disk_subtitle="none"
    disk_percent="on"
    music_player="auto"
    song_format="%artist% - %album% - %title%"
    song_shorthand="off"
    mpc_args=()
    bold="on"
    underline_enabled="on"
    underline_char="-"
    separator=":"
    block_range=(0 15)
    color_blocks="on"
    block_width=3
    block_height=1
    col_offset="auto"
    bar_char_elapsed="-"
    bar_char_total="="
    bar_border="on"
    bar_length=15
    bar_color_elapsed="distro"
    bar_color_total="distro"
    cpu_display="off"
    memory_display="off"
    battery_display="off"
    disk_display="off"
    image_backend="ascii"
    image_source="$HOME/.config/neofetch/ascii.txt"
    ascii_distro="auto"
    ascii_colors=(distro)
    ascii_bold="on"
    image_loop="off"
    thumbnail_dir="''${XDG_CACHE_HOME:-''${HOME}/.cache}/thumbnails/neofetch"
    crop_mode="normal"
    crop_offset="center"
    image_size="auto"
    gap=2
    yoffset=0
    xoffset=0
    background_color=
    stdout="off"
  '';
 }
@@ -1,367 +0,0 @@
 # Nerdfetch, a simple system info script written in bash
 # Source: https://github.com/ThatOneCalculator/NerdFetch
 {pkgs, ...}: let
  nerdfetch = pkgs.writeShellScriptBin "nerdfetch" ''
          ostype="$(uname)"
          version=8.1.1
          font=nerd
          distrotype=none
          osi=""
          ki=""
          ri="󰍛"
          pi="󰏔"
          ui="󰅶"
          ci=""
          case $1 in
          "-p")
          	font=phosphor
          	osi=""
          	ki=""
          	ri=""
          	pi=""
          	ui=""
          	ci=""
          	;;
          "-c")
          	font=cozette
          	ki="♥"
          	ri=""
          	pi=""
          	ui=""
          	ci=""
          	;;
          "-e")
          	font=emoji
          	osi="🐧"
          	ki="💓"
          	ri="🐐"
          	pi="📦"
          	ui="☕"
          	ci="🎨"
          	;;
          "-v")
          	echo "NerdFetch $version"
          	exit
          	;;
          "-h")
          	echo "Flags:
          -c: Cozette font
          -p: Phosphor font
          -e: Emoji font
          -v: Version"
          	exit
          	;;
          esac
          if command -v getprop 1>/dev/null; then
          	distrotype=android
          fi
          kernel="$(echo $(uname -r) | cut -d'-' -f1-1)"
          case $ostype in
          *"Linux"*)
          	if [ $distrotype = android ]; then
          		host="$(hostname)"
          		USER="$(whoami)"
          		os="Android $(getprop ro.build.version.release)"
          		case $font in
          		phosphor) osi="" ;;
          		emoji) osi="🤖" ;;
          		*) osi="󰀲" ;;
          		esac
          	else
          		host="$(cat /proc/sys/kernel/hostname)"
          		. /etc/os-release
          		if [ -f /bedrock/etc/bedrock-release ]; then
          			os="$(brl version)"
          		else
          			os="''${PRETTY_NAME}"
          			if [ $font = nerd ]; then
          				case $(echo $ID | sed 's/ .*//') in
          				debian) osi="" ;;
          				arch) osi="󰣇" ;;
          				endeavouros) osi="" ;;
          				fedora) osi="" ;;
          				gentoo) osi="" ;;
          				rhel) osi="" ;;
          				slackware) osi="" ;;
          				void) osi="" ;;
          				alpine) osi="" ;;
          				nixos) osi="󱄅" ;;
          				artix) osi="" ;;
          				exherbo) osi="󰆚" ;;
          				mageia) osi="" ;;
          				manjaro) osi="" ;;
          				opensuse) osi="" ;;
          				solus) osi="" ;;
          				ubuntu) osi="" ;;
          				mint) osi="󰣭" ;;
          				trisquel) osi="" ;;
          				puppy) osi="" ;;
          				coreos) osi="" ;;
          				mx) osi="" ;;
          				vanilla) osi="" ;;
          				pop_os) osi="" ;;
          				raspbian) osi="" ;;
          				deepin) osi="" ;;
          				almalinux) osi="" ;;
          				garuda) osi="" ;;
          				centos) osi="" ;;
          				rocky) osi="" ;;
          				esac
          			elif [ $font = cozette ]; then
          				case $(echo $ID | sed 's/ .*//') in
          				debian) osi="" ;;
          				arch) osi="" ;;
          				fedora) osi="" ;;
          				gentoo) osi="" ;;
          				slackware) osi="" ;;
          				void) osi="" ;;
          				alpine) osi="" ;;
          				nixos) osi="" ;;
          				mageia) osi="" ;;
          				manjaro) osi="" ;;
          				opensuse) osi="" ;;
          				ubuntu) osi="" ;;
          				mint) osi="" ;;
          				coreos) osi="" ;;
          				centos) osi="" ;;
          				esac
          			fi
          		fi
          	fi
          	shell=$(basename "$SHELL")
          	;;
          *"Darwin"*)
          	host="$(hostname -f | sed -e 's/^[^.]*\.//')"
          	mac_product="$(/usr/libexec/PlistBuddy -c "Print:ProductName" /System/Library/CoreServices/SystemVersion.plist)"
          	mac_version="$(/usr/libexec/PlistBuddy -c "Print:ProductVersion" /System/Library/CoreServices/SystemVersion.plist)"
          	os="''${mac_product} ''${mac_version}"
          	case $font in
          	nerd) osi="" ;;
          	phosphor) osi="" ;;
          	cozette) osi="" ;;
          	emoji) osi="🍎" ;;
          	esac
          	;;
          *"FreeBSD"*)
          	host="$(hostname)"
          	distrotype=bsd
          	os="FreeBSD $(freebsd-version | sed 's/-.*//')"
          	case $font in
          	nerd) osi="" ;;
          	phosphor) osi="" ;;
          	cozette) osi="" ;;
          	emoji) osi="😈" ;;
          	esac
          	;;
          *"OpenBSD"*)
          	host="$(hostname)"
          	distrotype=bsd
          	os="OpenBSD $(uname -r)"
          	case $font in
          	nerd) osi="" ;;
          	phosphor) osi="" ;;
          	cozette) osi="⌘" ;;
          	emoji) osi="🐡" ;;
          	esac
          	;;
          *"NetBSD"*)
          	host="$(hostname)"
          	distrotype=netbsd
          	os="NetBSD $(uname -r)"
          	case $font in
          	nerd) osi="󰉀" ;;
          	phosphor) osi="" ;;
          	cozette) osi="" ;;
          	emoji) osi="🚩" ;;
          	esac
          	;;
          *)
          	os="Unix-like"
          	host="host"
          	;;
          esac
          ## PACKAGE MANAGER AND PACKAGES DETECTION
          MANAGER=$(which nix-env pkg flatpak yum zypper dnf rpm dpkg-query brew port pacman xbps-query emerge cave apk kiss pmm /usr/sbin/slackpkg bulge birb yay paru pacstall cpm pmm eopkg getprop 2>/dev/null)
          manager=$(basename "$MANAGER")
          if [ $distrotype = netbsd ]; then
          	manager="pkg_info-netbsd"
          fi
          case $manager in
          cpm) packages="$(cpm C)" ;;
          flatpak) packages="$(flatpak list --app | wc -l)" ;;
          brew) packages="$(printf '%s\n' "$(brew --cellar)/"* | wc -l)" ;;
          port) packages="$(port installed | wc -l)" ;;
          dpkg-query) packages="$(dpkg-query -f '${"binary:Package"}\n' -W | wc -l)" ;;
          rpm) packages="$(rpm -qa --last | wc -l)" ;;
          yum) packages="$(yum list installed | wc -l)" ;;
          dnf) packages="$(dnf list installed | wc -l)" ;;
          zypper) packages="$(zypper se | wc -l)" ;;
          pacman) packages="$(pacman -Q | wc -l)" ;;
          yay) packages="$(yay -Q | wc -l)" ;;
          paru) packages="$(paru -Q | wc -l)" ;;
          pacstall) packages="$(pacstall -L | wc -l)" ;;
          kiss) packages="$(kiss list | wc -l)" ;;
          emerge) packages="$(qlist -I | wc -l)" ;;
          pkg) packages="$(pkg info | wc -l | tr -d ' ')" ;;
          cave) packages="$(cave show installed-slots | wc -l)" ;;
          xbps-query) packages="$(xbps-query -l | wc -l)" ;;
          nix-env) packages="$(nix-store -q --requisites /run/current-system/sw | wc -l)" ;;
          apk) packages="$(apk list --installed | wc -l)" ;;
          pmm) packages="$(/bedrock/libexec/pmm pacman pmm -Q 2>/dev/null | wc -l)" ;;
          eopkg) packages="$(eopkg li | wc -l)" ;;
          /usr/sbin/slackpkg) packages="$(ls /var/log/packages | wc -l)" ;;
          bulge) packages="$(bulge list | wc -l)" ;;
          birb) packages="$(birb --list-installed | wc -l)" ;;
          pkg_info)
          	packages="$(pkg_info -A | wc -l)"
          	manager="pkg"
          	;;
          pkg_info-netbsd)
          	packages="$(pkg_info -a | wc -l)"
          	manager="pkg"
          	;;
          *)
          	if [ $distrotype = android ]; then
          		packages="$(dpkg-query -f '${"binary:Package"}\n' -W | wc -l)"
          		manager="dpkg"
          	else
          		packages="$(ls /usr/bin | wc -l)"
          		manager="bin"
          	fi
          	;;
          esac
          packages="''${packages#"''${packages%%[![:space:]]*}"}"
          manager=$(echo $manager | sed "s/-query//; s/\/usr\/.*\///")
          ## UPTIME DETECTION
          if [ $distrotype = android ]; then
          	uptime="$(echo $(uptime -p) | cut -c 4-)"
          elif [ $distrotype = bsd ] || [ $distrotype = netbsd ]; then
          	uptime="$(uptime | sed -e 's/.* up //; s/, [0-9]* user.*//')"
          else
          	case $ostype in
          	*"Linux"*)
          		IFS=. read -r s _ </proc/uptime
          		;;
          	*)
          		s=$(sysctl -n kern.boottime)
          		s=''${s#*=}
          		s=''${s%,*}
          		s=$(($(date +%s) - s))
          		;;
          	esac
          	d="$((s / 60 / 60 / 24))"
          	h="$((s / 60 / 60 % 24))"
          	m="$((s / 60 % 60))"
          	# Plurals
          	[ "$d" -gt 1 ] && dp=s
          	[ "$h" -gt 1 ] && hp=s
          	[ "$m" -gt 1 ] && mp=s
          	[ "$s" -gt 1 ] && sp=s
          	# Hide empty fields.
          	[ "$d" = 0 ] && d=
          	[ "$h" = 0 ] && h=
          	[ "$m" = 0 ] && m=
          	[ "$m" != "" ] && s=
          	# Make the output of uptime smaller.
          	[ "$d" ] && uptime="$d day$dp, "
          	[ "$h" ] && uptime="$uptime$h hour$hp, "
          	[ "$m" ] && uptime="$uptime$m min$mp"
          	[ "$s" ] && uptime="$uptime$s sec$sp"
          	uptime=''${uptime%, }
          fi
          ## RAM DETECTION
          case $ostype in
          *"Linux"*)
          	while IFS=':k ' read -r key val _; do
          		case $key in
          		MemTotal)
          			mem_used=$((mem_used + val))
          			mem_full=$val
          			;;
          		Shmem) mem_used=$((mem_used + val)) ;;
          		MemFree | Buffers | Cached | SReclaimable) mem_used=$((mem_used - val)) ;;
          		esac
          	done </proc/meminfo
          	mem_used=$((mem_used / 1024))
          	mem_full=$((mem_full / 1024))
          	;;
          *"Darwin"*)
          	mem_full=$(($(sysctl -n hw.memsize) / 1024 / 1024))
          	while IFS=:. read -r key val; do
          		case $key in
          		*' wired'* | *' active'* | *' occupied'*)
          			mem_used=$((mem_used + ${"val:-0"}))
          			;;
          		esac
          	done <-EOF
          		$(vm_stat)
          	EOF
          	mem_used=$((mem_used * 4 / 1024))
          	;;
          *"BSD"*)
          	mem_full=$(($(sysctl -n hw.physmem) / 1024 / 1024))
          	if [ $distrotype = netbsd ]; then
          		mem_free=$(($(vmstat | awk 'NR==3 {print $4}') / 1024))
          	else
          		mem_free=$(($(sysctl -n vm.stats.vm.v_free_count) * $(sysctl -n vm.stats.vm.v_page_size) / 1024 / 1024))
          	fi
          	mem_used=$((mem_full - mem_free))
          	;;
          *)
          	mem_full=1
          	mem_used=0
          	;;
          esac
          memstat="''${mem_used}/''${mem_full} MiB"
          if which expr >/dev/null 2>&1; then
          	mempercent="($(expr $(expr ''${mem_used} \* 100 / ''${mem_full}))%)"
          fi
          ## DEFINE COLORS
          bold='[1m'
          black='[30m'
          red='[31m'
          green='[32m'
          yellow='[33m'
          blue='[34m'
          magenta='[35m'
          cyan='[36m'
          white='[37m'
          grey='[90m'
          reset='[0m'
          ## USER VARIABLES -- YOU CAN CHANGE THESE
          lc="$reset$bold$magenta" # labels
          nc="$reset$bold$magenta" # labels
          hn="$reset$bold$magenta" # labels
          ic="$reset$white"          # info
          c0="$reset$grey"           # first color
          c1="$reset$white"          # second color
          c2="$reset$yellow"         # third color
          ## OUTPUT
    echo """
        ''${c0}      ___     ''${nc}''${USER}''${grey}@''${reset}''${hn}''${host}''${reset}
        ''${c0}     (''${c1}.. ''${c0}\    ''${lc}''${osi}  ''${ic}''${os}''${reset}
        ''${c0}     (''${c2}<> ''${c0}|    ''${lc}''${ki}  ''${ic}''${kernel}''${reset}
        ''${c0}    /''${c1}/  \\ ''${c0}\\   ''${lc}''${ri}  ''${ic}''${RAM}''${memstat} ''${mempercent}
        ''${c0}   ( ''${c1}|  | ''${c0}/|  ''${lc}''${pi}  ''${ic}''${packages} (''${manager})''${reset}
        ''${c2}  _''${c0}/\\ ''${c1}__)''${c0}/''${c2}_''${c0})  ''${lc}''${ui}  ''${ic}''${uptime}''${reset}
        ''${c2}  \/''${c0}-____''${c2}\/''${reset}   ''${lc}''${ci}  ''${red}███''${green}███''${yellow}███''${blue}███''${magenta}███''${cyan}███''${reset}
        """
  '';
 in {home.packages = [nerdfetch];}
@@ -5,15 +5,20 @@
    enableZshIntegration = true;
    settings = {
      window-padding-x = 10;
      confirm-close-surface = false;
      window-padding-y = 10;
      clipboard-read = "allow";
      clipboard-write = "allow";
      copy-on-select = "clipboard";
      app-notifications = false;
      keybind = [
        "ctrl+j=goto_split:left"
        "ctrl+i=goto_split:up"
        "ctrl+k=goto_split:down"
        "ctrl+l=goto_split:right"
-        "shift+ctrl+j=new_split:left"
+        "shift+ctrl+h=new_split:left"
-        "shift+ctrl+i=new_split:up"
+        "shift+ctrl+j=new_split:down"
-        "shift+ctrl+k=new_split:down"
+        "shift+ctrl+k=new_split:up"
        "shift+ctrl+l=new_split:right"
        "shift+ctrl+tab=new_tab"
      ];
@@ -3,10 +3,13 @@
  # CHANGEME: change this to your own SSH key.
  home.file.".ssh/allowed_signers".text = "* ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIINhWby7lUUXQNKbRu9/UOrGjWDf3fvoAwGHomWv/+lL";
-  programs.git.settings = {
+  programs.git = {
    signing.format = "openpgp";
    settings = {
      commit.gpgsign = true;
      gpg.ssh.allowedSignersFile = "~/.ssh/allowed_signers";
      gpg.format = "ssh";
      user.signingkey = "~/.ssh/key.pub";
    };
  };
 }
@@ -4,11 +4,12 @@
  ...
 }: {
  home.packages = with pkgs; [
    firefox
    wireshark
    nmap
    john
    hashcat
-    inputs.eleakxir.packages.${stdenv.hostPlatform.system}.leak-utils
+    # inputs.eleakxir.packages.${stdenv.hostPlatform.system}.leak-utils
    caido
    nuclei
  ];
@@ -0,0 +1,5 @@
 {inputs, ...}: {
  imports = [inputs.nix-index-database.homeModules.default];
  programs.nix-index.enable = true;
  programs.nix-index-database.comma.enable = true;
 }
@@ -5,13 +5,19 @@
 #- - `nixy` - UI wizard to manage the system.
 #- - `nixy rebuild` - Rebuild the system.
 #- - `nixy ...` - ... see the script for more commands.
-{ pkgs, config, ... }:
+{
-let
+  pkgs,
  config,
  ...
 }: let
  configDirectory = config.var.configDirectory;
-  nixy = pkgs.writeShellScriptBin "nixy"
+  nixy =
    pkgs.writeShellScriptBin "nixy"
    # bash
    ''
      EXTRA_ARGS="''${@:2}"
      function exec() {
        $@
      }
@@ -49,11 +55,11 @@ let
      [[ $1 == "" ]] && ui
      if [[ $1 == "rebuild" ]];then
-        cd ${configDirectory} && git add . && sudo nixos-rebuild switch --flake
+        cd ${configDirectory} && git add . && sudo nixos-rebuild switch --flake . $EXTRA_ARGS
      elif [[ $1 == "test" ]];then
-        cd ${configDirectory} && git add . && sudo nixos-rebuild test --flake
+        cd ${configDirectory} && git add . && sudo nixos-rebuild test --flake . $EXTRA_ARGS
      elif [[ $1 == "update" ]];then
-        cd ${configDirectory} && nix flake update
+        cd ${configDirectory} && nix flake update $EXTRA_ARGS
      elif [[ $1 == "gc" ]];then
        echo "Starting Nix garbage collection..."
        cd ${configDirectory} && \
@@ -17,10 +17,5 @@
  programs.nvf = {
    enable = true;
    settings.vim = {
      startPlugins = [
        pkgs.vimPlugins.vim-kitty-navigator
      ];
    };
  };
 }
@@ -32,33 +32,7 @@
        desc = "Next Buffer";
      }
-      # Kitty navigator
+      # Disable Arrow Keys in Normal Mode and Middle click
      {
        key = "<C-h>";
        mode = "n";
        silent = true;
        action = "<cmd>KittyNavigateLeft<cr>";
      }
      {
        key = "<C-j>";
        mode = "n";
        silent = true;
        action = "<cmd>KittyNavigateDown<cr>";
      }
      {
        key = "<C-k>";
        mode = "n";
        silent = true;
        action = "<cmd>KittyNavigateUp<cr>";
      }
      {
        key = "<C-l>";
        mode = "n";
        silent = true;
        action = "<cmd>KittyNavigateRight<cr>";
      }
      # Disable Arrow Keys in Normal Mode
      {
        key = "<Up>";
        mode = "n";
@@ -87,6 +61,24 @@
        action = "<Nop>";
        desc = "Disable Right Arrow";
      }
      {
        key = "<MiddleMouse>";
        mode = ["n" "i" "v"]; # Normal, Insert, Visual
        action = "<nop>"; # No Operation
        silent = true;
      }
      {
        key = "<2-MiddleMouse>"; # Désactive aussi le double clic molette
        mode = ["n" "i" "v"];
        action = "<nop>";
        silent = true;
      }
      {
        key = "<3-MiddleMouse>"; # Désactive aussi le double clic molette
        mode = ["n" "i" "v"];
        action = "<nop>";
        silent = true;
      }
      # UI
      {
@@ -168,6 +160,70 @@
        action = "<cmd>close<cr>";
        desc = "Close";
      }
      # QOL
      {
        key = ">";
        mode = "v";
        silent = true;
        action = ">gv";
        desc = "Indent and keep selection";
      }
      {
        key = "<";
        mode = "v";
        silent = true;
        action = "<gv";
        desc = "Dedent and keep selection";
      }
      # Move
      {
        key = "<C-h>";
        mode = "n";
        silent = true;
        action = "<C-w>h";
        desc = "Move to left window";
      }
      {
        key = "<C-j>";
        mode = "n";
        silent = true;
        action = "<C-w>j";
        desc = "Move to bottom window";
      }
      {
        key = "<C-k>";
        mode = "n";
        silent = true;
        action = "<C-w>k";
        desc = "Move to top window";
      }
      {
        key = "<C-l>";
        mode = "n";
        silent = true;
        action = "<C-w>l";
        desc = "Move to right window";
      }
      # Save
      {
        key = "<C-s>";
        mode = ["n" "i" "v"];
        silent = true;
        action = "<cmd>w<cr>";
        desc = "Save file";
      }
      # Deactivate "esc"
      {
        key = "<Esc>";
        mode = ["n" "i" "v"];
        silent = true;
        action = "<Nop>";
        desc = "Disable Escape";
      }
    ];
  };
 }
@@ -87,6 +87,13 @@
      enableFormat = true;
      enableTreesitter = true;
      python = {
        enable = true;
        lsp = {
          enable = true;
          servers = ["pyright"];
        };
      };
      astro.enable = true;
      go.enable = true;
      markdown = {
@@ -30,6 +30,19 @@
      registers = "unnamedplus";
      providers.wl-copy.enable = true;
    };
    luaConfigRC.osc52-clipboard = ''
      vim.g.clipboard = {
        name = 'OSC 52',
        copy = {
          ['+'] = require('vim.ui.clipboard.osc52').copy '+',
          ['*'] = require('vim.ui.clipboard.osc52').copy '*',
        },
        paste = {
          ['+'] = require('vim.ui.clipboard.osc52').paste '+',
          ['*'] = require('vim.ui.clipboard.osc52').paste '*',
        },
      }
    '';
    theme = {
      enable = true;
      name = lib.mkForce "catppuccin";
@@ -1,4 +1,11 @@
-{
+{pkgs, ...}: {
  home.packages = with pkgs; [
    imagemagick
    tree-sitter
    ghostscript
    tectonic
    mermaid-cli
  ];
  programs.nvf.settings.vim.utility.snacks-nvim = {
    enable = true;
    setupOpts = {
@@ -18,7 +18,6 @@
        enable = true;
        sources = {
          buffer = "[Buffer]";
          nvim-cmp = null;
          path = "[Path]";
        };
        sourcePlugins = [
@@ -0,0 +1,5 @@
 {
  wayland.windowManager.hyprland.settings.exec-once = [
    "protonvpn-app --start-minimized &"
  ];
 }
@@ -1,6 +1,6 @@
 {pkgs, ...}: {
  home.packages = with pkgs; [
-    protonvpn-gui
+    proton-vpn
    proton-pass
    proton-authenticator
  ];
@@ -7,11 +7,15 @@
 }: let
  fetch = config.theme.fetch; # neofetch, nerdfetch, pfetch
 in {
-  home.packages = with pkgs; [bat ripgrep tldr sesh];
+  home.packages = with pkgs; [bat ripgrep tldr witr];
  # Add go binaries to the PATH
  home.sessionPath = ["$HOME/go/bin"];
  home.sessionVariables = {
    COLORTERM = "truecolor";
  };
  programs.zsh = {
    enable = true;
    enableCompletion = true;
@@ -47,7 +51,6 @@ in {
      tree = "eza --icons=always --tree --no-quotes";
      sl = "ls";
      open = "${pkgs.xdg-utils}/bin/xdg-open";
      icat = "${pkgs.kitty}/bin/kitty +kitten icat";
      cat = "bat --theme=base16 --color=always --paging=never --tabs=2 --wrap=never --plain";
      mkdir = "mkdir -p";
@@ -31,7 +31,6 @@ in {
    enabledExtensions = with spicePkgs.extensions; [
      playlistIcons
      lastfm
      historyShortcut
      hidePodcasts
      adblock
@@ -2,43 +2,50 @@
 {
  pkgs,
  config,
  lib,
  ...
 }: let
  user = config.var.username;
 in {
  # ctrl + m to toggle the menubar
  home.packages = with pkgs; [
-    xfce.thunar
+    thunar
-    xfce.xfconf
+    xfconf
-    xfce.tumbler
+    tumbler
-    xfce.thunar-archive-plugin
+    thunar-archive-plugin
-    xfce.thunar-volman
+    thunar-volman
-    xfce.thunar-media-tags-plugin
+    thunar-media-tags-plugin
    p7zip
    xarchiver
    papirus-icon-theme
    material-icons
    material-design-icons
    material-symbols
  ];
  gtk = {
    enable = true;
    iconTheme = {
-      name = "WhiteSur";
+      name = "Papirus-Dark";
-      package = pkgs.whitesur-icon-theme.override {
+      package = pkgs.papirus-icon-theme;
        boldPanelIcons = true;
        alternativeIcons = true;
      };
    };
  };
  home.sessionVariables = {
    XDG_ICON_DIR = "${pkgs.whitesur-icon-theme}/share/icons/WhiteSur";
    };
    # bookmarks for the side pane
-  gtk.gtk3.bookmarks = [
+    gtk3.bookmarks = [
      "file:///home/${user}/Downloads Downloads"
      "file:///home/${user}/Pictures Pictures"
      "file:///home/${user}/.config/nixos NixOS"
      "file:///home/${user}/dev Development"
    ];
  };
  qt.enable = true;
  home.sessionVariables = {
    XDG_ICON_DIR = "${pkgs.papirus-icon-theme}/share/icons/Papirus";
    QS_ICON_THEME = "Papirus";
    QT_STYLE_OVERRIDE = lib.mkForce "Fusion";
  };
  home.file.".config/xarchiver/xarchiverrc".text = ''
    [xarchiver]
@@ -56,7 +63,7 @@ in {
    show_toolbar=true
    preferred_custom_cmd=
    preferred_temp_dir=/tmp
-    preferred_extract_dir=/home/${user}/Downloads
+    preferred_extract_dir=./
    allow_sub_dir=0
    ensure_directory=true
    overwrite=false
@@ -72,7 +79,8 @@ in {
    remove_files=false
  '';
-  home.file.".config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml".text = ''
+  home.file.".config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml" = {
    text = ''
      <?xml version="1.1" encoding="UTF-8"?>
      <channel name="thunar" version="1.0">
@@ -119,6 +127,8 @@ in {
        <property name="misc-show-delete-action" type="bool" value="false"/>
      </channel>
    '';
    force = true;
  };
  xdg.configFile."Thunar/uca.xml".text = ''
    <?xml version="1.0" encoding="UTF-8"?>
@@ -127,8 +137,8 @@ in {
          <icon>utilities-terminal</icon>
          <name>Open Terminal Here</name>
          <unique-id>1700000000000001</unique-id>
-          <command>kitty -d %f</command>
+          <command>ghostty -d %f</command>
-          <description>Opens Kitty terminal in the selected folder</description>
+          <description>Opens terminal in the selected folder</description>
          <patterns>*</patterns>
          <startup-notify/>
          <directories/>
@@ -1,12 +0,0 @@
 {pkgs, ...}: {
  programs.vivaldi = {
    enable = true;
    commandLineArgs = [
      "--no-default-browser-check"
    ];
  };
  home.sessionVariables = {
    DEFAULT_BROWSER = "${pkgs.vivaldi}/bin/vivaldi";
  };
 }
@@ -29,8 +29,8 @@ in {
      enabled = true;
      maxToasts = 4;
      toasts = {
-        audioInputChanged = true;
+        audioInputChanged = false;
-        audioOutputChanged = true;
+        audioOutputChanged = false;
        capsLockChanged = false;
        chargingChanged = true;
        configLoaded = false;
@@ -41,6 +41,7 @@ in {
        kbLayoutChanged = false;
      };
    };
    dashboard.showOnHover = false;
    border = {
      inherit rounding;
      thickness = 8;
@@ -1,58 +0,0 @@
 {
  wayland.windowManager.hyprland.settings = {
    bindin = [
      # Launcher
      "$mod, mouse:272, global, caelestia:launcherInterrupt"
      "$mod, mouse:273, global, caelestia:launcherInterrupt"
      "$mod, mouse:274, global, caelestia:launcherInterrupt"
      "$mod, mouse:275, global, caelestia:launcherInterrupt"
      "$mod, mouse:276, global, caelestia:launcherInterrupt"
      "$mod, mouse:277, global, caelestia:launcherInterrupt"
      "$mod, mouse_up, global, caelestia:launcherInterrupt"
      "$mod, mouse_down, global, caelestia:launcherInterrupt"
    ];
    bind = [
      # Launcher
      "$mod, SPACE, global, caelestia:launcher"
      "$mod, X, global, caelestia:session" # Powermenu
      # Misc
      "$mod, L, global, caelestia:lock"
      "$mod, N, exec, caelestia shell drawers toggle sidebar"
      # Utilities
      "$mod+Shift, SPACE, exec, caelestia shell gameMode toggle" # Toggle Focus/Game mode
      "$mod+Shift, S, global, caelestia:screenshotFreeze" # Capture region (freeze)
      "$mod+Shift+Alt, S, global, caelestia:screenshot" # Capture region
      "$mod+Alt, R, exec, caelestia record -s" # Record screen with sound
      "Ctrl+Alt, R, exec, caelestia record" # Record screen
      "$mod+Shift+Alt, R, exec, caelestia record -r" # Record region
      "$mod+Shift, E, exec, pkill fuzzel || caelestia emoji -p"
    ];
    bindl = [
      # Brightness
      ", XF86MonBrightnessUp, global, caelestia:brightnessUp"
      ", XF86MonBrightnessDown, global, caelestia:brightnessDown"
      "$mod, F2, exec, nightshift-toggle"
      "$mod, F3, exec, nightshift-toggle"
      # Media
      ", XF86AudioPlay, global, caelestia:mediaToggle"
      ", XF86AudioPause, global, caelestia:mediaToggle"
      ", XF86AudioNext, global, caelestia:mediaNext"
      ", XF86AudioPrev, global, caelestia:mediaPrev"
      ", XF86AudioStop, global, caelestia:mediaStop"
      # Sound
      ", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
      # Utilities
      ", Print, exec, caelestia screenshot" # Full screen capture > clipboard
    ];
    bindle = [
      ", XF86AudioRaiseVolume, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ 0; wpctl set-volume -l 1 @DEFAULT_AUDIO_SINK@ 5%+"
      ", XF86AudioLowerVolume, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ 0; wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
    ];
  };
 }
@@ -7,11 +7,11 @@
 }: {
  imports = [
    inputs.caelestia-shell.homeManagerModules.default
    ./bindings.nix
    ./bar.nix
    ./launcher.nix
    ./appearance.nix
    ./scheme.nix
    ./swappy.nix
  ];
  programs.caelestia = {
@@ -52,6 +52,7 @@
  wayland.windowManager.hyprland.settings.exec-once = [
    "uwsm app -- caelestia resizer -d"
    "uwsm app -- caelestia shell -d"
    "caelestia scheme set -n onedark"
    "caelestia scheme set -n custom"
  ];
@@ -1,8 +1,8 @@
 {
  programs.caelestia.settings = {
    session.commands = {
      logout = ["loginctl" "terminate-user" ""];
      shutdown = ["systemctl" "poweroff"];
      logout = ["loginctl" "lock-session"];
      hibernate = ["systemctl" "hibernate"];
      reboot = ["systemctl" "reboot"];
    };
@@ -120,7 +120,10 @@
    onSuccessContainer ${colors.base05}
  '';
  colorsHash = builtins.hashString "sha256" (builtins.toJSON colors);
  customCli = inputs.caelestia-cli.packages.${pkgs.stdenv.hostPlatform.system}.default.overrideAttrs (oldAttrs: {
    name = "${oldAttrs.name or "caelestia-cli"}-themed-${colorsHash}";
    postUnpack = ''
      mkdir -p $sourceRoot/src/caelestia/data/schemes/custom/main
      cp ${customSchemeFile} $sourceRoot/src/caelestia/data/schemes/custom/main/dark.txt
@@ -0,0 +1,11 @@
 {
  xdg.configFile."swappy/config".text = ''
    [Default]
    save_dir=~/Pictures/Screenshots
    save_filename_format=screenshot-%Y%m%d-%H%M%S.png
    show_panel=false
    line_size=5
    text_size=20
    text_font=sans-serif
  '';
 }
@@ -1,31 +1,191 @@
-{pkgs, ...}: {
+{
  pkgs,
  lib,
  config,
  ...
 }: let
  colors = config.lib.stylix.colors;
  mkMenu = menu: let
    configFile =
      pkgs.writeText "config.yaml"
      (lib.generators.toYAML {} {
        anchor = "bottom-right";
        border = "#${colors.base0D}80";
        background = "#${colors.base01}EE";
        color = "#${colors.base05}";
        margin_right = 15;
        margin_bottom = 15;
        rows_per_column = 5;
        inherit menu;
      });
  in
    pkgs.writeShellScriptBin "menu" ''
      exec ${lib.getExe pkgs.wlr-which-key} ${configFile}
    '';
 in {
  wayland.windowManager.hyprland.settings = {
    "$mod" = "SUPER";
    "$shiftMod" = "SUPER_SHIFT";
    bind =
      [
-        "$mod,RETURN, exec, uwsm app -- ${pkgs.ghostty}/bin/ghostty" # Ghostty (terminal)
+        # Applications
-        "$mod,E, exec,  uwsm app -- ${pkgs.xfce.thunar}/bin/thunar" # Thunar
+        ("$shiftMod, A, exec, "
-        "$mod,B, exec,  uwsm app -- ${pkgs.vivaldi}/bin/vivaldi" # Browser (Vivaldi)
+          + lib.getExe (mkMenu [
-        "$mod,K, exec,  uwsm app -- ${pkgs.proton-pass}/bin/proton-pass" # Proton Pass
+            {
-        "$mod,V, exec,  uwsm app -- ${pkgs.protonvpn-gui}/bin/protonvpn-app" # Proton VPN
+              key = "a";
-        "$mod,A, exec,  uwsm app -- env WEBKIT_DISABLE_COMPOSITING_MODE=1 ${pkgs.proton-authenticator}/bin/proton-authenticator" # Proton Auth
+              desc = "Proton Authenticator";
-        "$mod,M, exec,  uwsm app -- ${pkgs.vivaldi}/bin/vivaldi --profile-directory=Default --app-id=jnpecgipniidlgicjocehkhajgdnjekh" # Proton Mail (PWA)
+              cmd = "env WEBKIT_DISABLE_COMPOSITING_MODE=1 ${pkgs.proton-authenticator}/bin/proton-authenticator";
-        "$mod,C, exec,  uwsm app -- ${pkgs.vivaldi}/bin/vivaldi --profile-directory=Default --app-id=ojibjkjikcpjonjjngfkegflhmffeemk" # Proton Calendar (PWA)
+            }
-        "$mod,I, exec,  uwsm app -- ${pkgs.vivaldi}/bin/vivaldi --profile-directory=Default --app-id=lcfjlhjhpmdjimnbkdfjnkojodddgfmd" # Proton Lumo (PWA)
+            {
              key = "p";
              desc = "Proton Pass";
              cmd = "${pkgs.proton-pass}/bin/proton-pass";
            }
            {
              key = "v";
              desc = "Proton VPN";
              cmd = "${pkgs.proton-vpn}/bin/protonvpn-app";
            }
            {
              key = "o";
              desc = "Obsidian";
              cmd = "${pkgs.obsidian}/bin/obsidian";
            }
            {
              key = "s";
              desc = "Signal";
              cmd = "${pkgs.signal-desktop}/bin/signal-desktop";
            }
            {
              key = "t";
              desc = "TickTick";
              cmd = "${pkgs.ticktick}/bin/ticktick";
            }
            {
              key = "b";
              desc = "Brave";
              cmd = "${pkgs.brave}/bin/brave";
            }
            {
              key = "i";
              desc = "Brave (Private window)";
              cmd = "${pkgs.brave}/bin/brave --incognito";
            }
          ]))
        # Web links
        "$mod,B, exec,  uwsm app -- ${pkgs.brave}/bin/brave" # Browser (Brave)
        ("$shiftMod, B, exec, "
          + lib.getExe (mkMenu [
            {
              key = "h";
              desc = "Home";
              cmd = "${pkgs.brave}/bin/brave 'https://home.hadi.icu'";
            }
            {
              key = "m";
              desc = "Proton Mail";
              cmd = "${pkgs.brave}/bin/brave 'https://mail.proton.me/u/2/inbox'";
            }
            {
              key = "c";
              desc = "Proton Calendar";
              cmd = "${pkgs.brave}/bin/brave 'https://calendar.proton.me/u/2'";
            }
            {
              key = "l";
              desc = "Proton Lumo";
              cmd = "${pkgs.brave}/bin/brave 'https://lumo.proton.me/u/2'";
            }
            {
              key = "d";
              desc = "Proton Drive";
              cmd = "${pkgs.brave}/bin/brave 'https://drive.proton.me/u/2/'";
            }
            {
              key = "G";
              desc = "Google Gemini";
              cmd = "${pkgs.brave}/bin/brave 'https://gemini.google.com/'";
            }
            {
              key = "g";
              desc = "Github";
              cmd = "${pkgs.brave}/bin/brave 'https://github.com/'";
            }
            {
              key = "n";
              desc = "MyNixos";
              cmd = "${pkgs.brave}/bin/brave 'https://mynixos.com/'";
            }
          ]))
        # Power
        "$mod, X, global, caelestia:session" # Powermenu
        ("$shiftMod, X, exec, "
          + lib.getExe (mkMenu [
            {
              key = "l";
              desc = "Lock";
              cmd = "hyprctl dispatch global caelestia:lock";
            }
            {
              key = "s";
              desc = "Suspend";
              cmd = "systemctl suspend";
            }
            {
              key = "r";
              desc = "Reboot";
              cmd = "systemctl reboot";
            }
            {
              key = "p";
              desc = "Power Off";
              cmd = "systemctl poweroff";
            }
            {
              key = "n";
              desc = "Nightshift";
              cmd = "nightshift-toggle";
            }
            {
              key = "c";
              desc = "Restart caelestia";
              cmd = "hyprctl dispatch exec 'caelestia-shell kill | sleep 1 | caelestia-shell'";
            }
          ]))
        # Quick launch
        "$mod,RETURN, exec, uwsm app -- ${pkgs.ghostty}/bin/ghostty" # Ghostty (terminal)
        "$mod,E, exec,  uwsm app -- ${pkgs.thunar}/bin/thunar" # Thunar
        "$shiftMod, E, exec, pkill fuzzel || caelestia emoji -p" # Emoji picker
        "$mod, SPACE, global, caelestia:launcher" # Launcher
        "$mod, N, exec, caelestia shell drawers toggle sidebar" # Sidebar (Notifications, quick actions)
        "$mod, D, exec, caelestia shell drawers toggle dashboard" # Dashboard
        # Windows
        "$mod,Q, killactive," # Close window
        "$mod,T, togglefloating," # Toggle Floating
        "$mod,F, fullscreen" # Toggle Fullscreen
-        "$mod,left, movefocus, l" # Move focus left
+        "$shiftMod,F, togglefloating," # Toggle Floating
-        "$mod,right, movefocus, r" # Move focus Right
+
-        "$mod,up, movefocus, u" # Move focus Up
+        # Focus Windows
-        "$mod,down, movefocus, d" # Move focus Down
+        "$mod,H, movefocus, l" # Move focus left
-        "$shiftMod,up, focusmonitor, -1" # Focus previous monitor
+        "$mod,J, movefocus, d" # Move focus Down
-        "$shiftMod,down, focusmonitor, 1" # Focus next monitor
+        "$mod,K, movefocus, u" # Move focus Up
-        "$shiftMod,left, layoutmsg, addmaster" # Add to master
+        "$mod,L, movefocus, r" # Move focus Right
-        "$shiftMod,right, layoutmsg, removemaster" # Remove from master
+        "$shiftMod,H, focusmonitor, -1" # Focus previous monitor
        "$shiftMod,J, layoutmsg, removemaster" # Remove from master
        "$shiftMod,K, layoutmsg, addmaster" # Add to master
        "$shiftMod,L, focusmonitor, 1" # Focus next monitor
        # Utilities
        "$shiftMod, SPACE, exec, caelestia shell gameMode toggle" # Toggle Focus/Game mode
        "$shiftMod, S, global, caelestia:screenshotFreeze" # Capture region (freeze)
        ", Print, global, caelestia:screenshotFreeze" # Capture region (freeze)
        "$shiftMod+Alt, S, global, caelestia:screenshot" # Capture region
      ]
      ++ (builtins.concatLists (builtins.genList (i: let
          ws = i + 1;
@@ -39,5 +199,35 @@
      "$mod,mouse:272, movewindow" # Move Window (mouse)
      "$mod,R, resizewindow" # Resize Window (mouse)
    ];
    bindl = [
      # Brightness
      ", XF86MonBrightnessUp, global, caelestia:brightnessUp"
      ", XF86MonBrightnessDown, global, caelestia:brightnessDown"
      # Media
      ", XF86AudioPlay, global, caelestia:mediaToggle"
      ", XF86AudioPause, global, caelestia:mediaToggle"
      ", XF86AudioNext, global, caelestia:mediaNext"
      ", XF86AudioPrev, global, caelestia:mediaPrev"
      ", XF86AudioStop, global, caelestia:mediaStop"
      # Sound
      ", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
      ", XF86AudioRaiseVolume, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ 0; wpctl set-volume -l 1 @DEFAULT_AUDIO_SINK@ 5%+"
      ", XF86AudioLowerVolume, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ 0; wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
    ];
    bindin = [
      # Launcher
      "$mod, mouse:272, global, caelestia:launcherInterrupt"
      "$mod, mouse:273, global, caelestia:launcherInterrupt"
      "$mod, mouse:274, global, caelestia:launcherInterrupt"
      "$mod, mouse:275, global, caelestia:launcherInterrupt"
      "$mod, mouse:276, global, caelestia:launcherInterrupt"
      "$mod, mouse:277, global, caelestia:launcherInterrupt"
      "$mod, mouse_up, global, caelestia:launcherInterrupt"
      "$mod, mouse_down, global, caelestia:launcherInterrupt"
    ];
  };
 }
@@ -13,7 +13,7 @@
  rounding = config.theme.rounding;
  blur = config.theme.blur;
  keyboardLayout = config.var.keyboardLayout;
-  background = "rgba(" + config.lib.stylix.colors.base00 + "77)";
+  background = "rgba(" + config.lib.stylix.colors.base00 + "EE)";
 in {
  imports = [
    ./animations.nix
@@ -27,6 +27,8 @@ in {
    qt6.qtwayland
    libsForQt5.qt5ct
    qt6Packages.qt6ct
    xcb-util-cursor
    libxcb
    hyprland-qtutils
    adw-gtk3
    hyprshot
@@ -66,7 +68,7 @@ in {
      monitor = [
        "eDP-2,highres,0x0,1" # My internal laptop screen
        "desc:AOC U34G2G1 0x00000E06,3440x1440@99.98,auto,1" # My external monitor
-        "desc:United Microelectr Corporation UMC SHARP,3840x2160,auto,2" # TV
+        "desc:Philips Consumer Electronics Company PHL 221B8L ZV02144013987,highres,0x0,1"
        ",prefered,auto,1" # default
      ];
@@ -79,7 +81,8 @@ in {
        "XDG_SESSION_TYPE,wayland"
        "XDG_SESSION_DESKTOP,Hyprland"
        "QT_AUTO_SCREEN_SCALE_FACTOR,1"
-        "QT_QPA_PLATFORM=wayland,xcb"
+        "QT_QPA_PLATFORM,wayland;xcb"
        "QT_QPA_PLATFORMTHEME,gtk3"
        "QT_WAYLAND_DISABLE_WINDOWDECORATION,1"
        "ELECTRON_OZONE_PLATFORM_HINT,auto"
        "__GL_GSYNC_ALLOWED,0"
@@ -92,7 +95,6 @@ in {
        "WLR_NO_HARDWARE_CURSORS,1"
        "SDL_VIDEODRIVER,wayland"
        "CLUTTER_BACKEND,wayland"
        "AQ_DRM_DEVICES,/dev/dri/card2:/dev/dri/card1" # CHANGEME: Related to the GPU
      ];
      cursor = {
@@ -136,17 +138,21 @@ in {
      gesture = "3, horizontal, workspace";
      windowrule = [
        "match:class .*, suppress_event maximize"
        "match:class brave-browser, suppress_event float"
        "match:class brave-browser, sync_fullscreen 0"
        "match:class proton-authenticator, float on"
        "match:class proton-authenticator, suppress_event maximize"
        "match:class proton-authenticator, center on"
        "match:class proton-authenticator, size 500 400"
        "match:class protonvpn-app, float on"
        "match:class protonvpn-app, center on"
        "match:class protonvpn-app, size 500 400"
      ];
      misc = {
        vfr = true;
        disable_hyprland_logo = true;
        disable_splash_rendering = true;
        disable_autoreload = true;
@@ -168,6 +174,10 @@ in {
          clickfinger_behavior = true;
        };
      };
      ecosystem = {
        no_update_news = true;
      };
    };
  };
 }
@@ -6,7 +6,6 @@
    settings = {
      ipc = "on";
      splash = false;
      splash_offset = 2.0;
    };
  };
  systemd.user.services.hyprpaper.Unit.After =
@@ -1,23 +1,65 @@
 # Mime type associations for the system.
-{lib, ...}:
+{
  lib,
  pkgs,
  ...
 }:
 with lib; let
  defaultApps = {
    # check desktop files here: `ls $(echo $XDG_DATA_DIRS| sed "s/:/ /g")`
-    browser = ["vivaldi-stable.desktop"];
+    browser = ["brave.desktop"];
-    text = ["org.gnome.TextEditor.desktop"];
+    text = [
      # "org.gnome.TextEditor.desktop"
      "nvim-ghostty.desktop"
    ];
    code = ["nvim-ghostty.desktop"];
    image = ["imv-dir.desktop"];
    audio = ["mpv.desktop"];
    video = ["mpv.desktop"];
    directory = ["thunar.desktop"];
    office = ["libreoffice.desktop"];
    pdf = ["zathura.desktop"];
-    terminal = ["kitty.desktop"];
+    terminal = ["ghostty.desktop"];
    discord = ["discord.desktop"];
    archive = ["xarchiver.desktop"];
  };
  mimeMap = {
    text = ["text/plain"];
    code = [
      "text/x-csrc"
      "text/x-chdr"
      "text/x-c++src"
      "text/x-c++hdr"
      "text/x-rust"
      "text/x-go"
      "text/x-java"
      "text/x-csharp"
      "text/x-python"
      "application/x-shellscript"
      "text/javascript"
      "application/javascript"
      "text/css"
      "text/x-php"
      "text/x-ruby"
      "application/json"
      "application/xml"
      "text/xml"
      "text/x-yaml"
      "application/x-yaml"
      "application/toml"
      "text/x-nix"
      "text/markdown"
      "text/x-dockerfile"
      "application/x-yaml"
      "text/x-terraform"
      "application/x-perl"
      "text/x-lua"
      "text/x-haskell"
    ];
    image = [
      "image/bmp"
      "image/gif"
@@ -76,7 +118,15 @@ with lib; let
      "application/7z"
      "application/*tar"
    ];
-    discord = ["x-scheme-handler/discord"];
+  };
  nvim-ghostty = pkgs.makeDesktopItem {
    name = "nvim-ghostty";
    desktopName = "Neovim (Ghostty)";
    exec = ''ghostty --title="Neovim Editor" -e nvim %F'';
    terminal = false;
    categories = ["Development" "TextEditor"];
    mimeTypes = mimeMap.code ++ mimeMap.text;
  };
  associations = with lists;
@@ -84,6 +134,8 @@ with lib; let
      (key: map (type: attrsets.nameValuePair type defaultApps."${key}"))
      mimeMap));
 in {
  home.packages = [nvim-ghostty];
  xdg = {
    configFile."mimeapps.list".force = true;
    mimeApps = {
@@ -11,9 +11,9 @@
    ../../nixos/sddm.nix
    ../../nixos/users.nix
    ../../nixos/utils.nix
    ../../nixos/tailscale.nix
    ../../nixos/hyprland.nix
    ../../nixos/docker.nix
    ../../nixos/clamav.nix
    ../../nixos/omen.nix # CHANGEME: For my laptop only, remove this (OMEN 16)
@@ -1,12 +1,14 @@
 {
  pkgs,
  config,
  inputs,
  ...
 }: {
  imports = [
    # Programs
-    ../../home/programs/vivaldi
+    ../../home/programs/brave
    ../../home/programs/proton
    ../../home/programs/proton/auto-start-vpn.nix
    ../../home/programs/ghostty
    ../../home/programs/nvf
    ../../home/programs/shell
@@ -16,11 +18,11 @@
    ../../home/programs/git/signing.nix # Change the key or remove this file
    ../../home/programs/spicetify
    ../../home/programs/thunar
    ../../home/programs/discord
    ../../home/programs/nixy
    ../../home/programs/zathura
    ../../home/programs/nightshift
    ../../home/programs/group/cybersecurity.nix
    ../../home/programs/nix-utils
    # System (Desktop environment like stuff)
    ../../home/system/hyprland
@@ -47,20 +49,27 @@
      ticktick # Todo app
      session-desktop # Session app, private messages
      signal-desktop # Signal app, private messages
-      stirling-pdf # TODO: Server version
+      stirling-pdf # PDF Editor
-      calibre
+      calibre # Ebooks
      swappy # Screenshot tool
      pinta # Image editor
      notesnook
      element-desktop
      clamtk
      # Dev
      go
      bun
      inputs.bun2nix.packages.${stdenv.hostPlatform.system}.default
      docker
      nodejs
      python3
      jq
      just
      pnpm
      air
      duckdb
      lazydocker
      claude-code
      # Just cool
      peaclock
@@ -68,10 +77,6 @@
      pipes
      cmatrix
      fastfetch
      # Backup
      vscode
      brave
    ];
    inherit (config.var) username;
@@ -80,6 +85,10 @@
    # Import a profile picture, used by the caelestia dashboard
    file.".face" = {source = ./profile_picture.png;};
    sessionVariables = {
      AQ_DRM_DEVICES = "/dev/dri/card2:/dev/dri/card1"; # CHANGEME: Related to the GPU
    };
    # Don't touch this
    stateVersion = "24.05";
  };
@@ -13,6 +13,8 @@
    secrets = {
      sshconfig = {path = "/home/hadi/.ssh/config";};
      github-key = {path = "/home/hadi/.ssh/github";};
      gitlab-key = {path = "/home/hadi/.ssh/gitlab";};
      netrc = {path = "/home/hadi/.netrc";};
      jack-key = {path = "/home/hadi/.ssh/jack";};
      signing-key = {path = "/home/hadi/.ssh/key";};
      signing-pub-key = {path = "/home/hadi/.ssh/key.pub";};
@@ -1,7 +1,8 @@
 pia: ENC[AES256_GCM,data:0bnhHeVqKSLHVimd78a94ShHlO3+LUoZ4oiKD3cnBYkaZsw=,iv:S+/IChlFlqdI+PyFF+Ti4AJUkch2MS0qKiqHL1Q3RMk=,tag:+v2kV70ou84eIc01dKnAhA==,type:str]
-sshconfig: ENC[AES256_GCM,data:1EY0vnJ6NHb/GODYkiOKVR6i0UoojFPileQW1/ZokxDswGnz6P0eicS72wkMjwsw9tY5l0OM0NNbTIyYkqgE+q0HJw8IkRHvmvBq4AX/6o+2++YJuDTMpCcDkMAp4BNtrzqpBkKaqXJgMbxTpEPRNTnSpg96sinluCtuASEZaI8Ej+QKq/pEeELIGnkYkUr9d8/M8ZavzZ59oQmUsOxOCtYBsCi5BHMpATfVg+WqyXv3uptMB2PoTwsJiJ9IiQTJHWgkpe+WpIIsi4Dc49YpX3O2pHytimfuuy8D5DESKTOtcqg8qIL/xcR8iJl8ISJAA9IZg8eJ1FYdEpfTruwfiPYo6Ce5zH4W/BVm3iQ8B3Tuzi+gvRBwffcRpYkdAS4c7tk7cgF3U7sr1L7yLL6OmuBXaNSnALyHO2W5b3tefGY0YmwGUfh6M5FMI8/5SfxcMfSOAZKxhcckRL1CpFMzmKkAdY/PRCghmEWobU1KswBPiYWQ6vfubbdN1Yx1mng4z6zmkXmiqrc5IQfOBpbY71VnUoXh384Et9PM3cti4K6SmZFYX1uZStP7KXLhw4ZnVZ0J0fIks4RZ11A3NWtE1yak9z7QXj7k/PtdfrsNtIphVZ7LsZEvOvdgIlUToYNcyvagYsRRlreQPqhLSc7ninjIbRaL4a/s6kIdrr3qovPNSlE3R3HRGTBOjTEF9Bmp+oGb5L9HvBBu6NmNwHQ76gySAXbMnRa34JuXtzpEIZ5yo4AI5i2eDPeM2Dx6jUSl7OJm3wT6cVMF/2rLj0zHzp8B1bYOsf7VaMzHCYEhXMu7REMmmfDKwtb9zsuf/r1zlPXJcukDCrtJ3Z/mFl03,iv:0hS7g9gVVntWVSRSPCgZ3rjGcMf2RzQPjMpgSz0GlxE=,tag:mnDakNZiG28H4jmnZH00eg==,type:str]
+sshconfig: ENC[AES256_GCM,data:+r4RpeGsAGjgwsWMgwQmZnSxwoPLGDQG0hgasm1/xGMA655Q6tLGDOvTD4ypZ6d5TI67cWENJHr1pORzHVdZYB/uS/S7Ejp3VaVEZDRuLtKuq+2mDnp87HH8caE3jmijWSJis+1GM8lgxdyX8sDMz6b/zu76SrZlusf+kMFwQA7svxlA1iHP/wBAN8CFu2XOaGrjXT/Ydwd9GNAXA3VHLf6r9yEzcT1y944/eKGAQdlDFIVEe/bhv5Qxul1AH8TJT/ERMuYdS/OpbqnRLyZHHkREr8y1TllTWdMnGz2sRB7QnZ99ULpyR/h2Qc4XdCiC+qYn0yinXsnPO+NW7ulFn+5lNoyekDveI5pmsv021rnOtJU1SnlEm9xx3dafVdmLpFy6Y8xeJFUeF+nbU3Oc6IHMKHQZoL1ucCsF9qNO38bnyTwVX+wO9g16fcNzR2EfjDCGHj7O8YxdAVzPWvbExKk+2iamkzXrI/P/BdAvy/+QagstPoMz4TxZvw1ir7gd5emk13+t9Cy2vrutbxbouXOAuXKA2021WP7V+aDrwsY1jSGO6oiBFYBwe3wCZ2rPM3+oHxrnyzohhxGRgwN0td//,iv:Wln9pc4ptH7aN2VnBRgO12fKDZiITkIjOJseUW1MZPQ=,tag:BNrMyiDsbu72A9ljdQd3Wg==,type:str]
 netrc: ENC[AES256_GCM,data:cTaDDI8b9QbUI3zKzraF2R6v1/x+6h8KEQJbqIgdfKnpvIvg816eFhcMqn4rart4Adtayt0GQOYheR0Q9DfR+TtbL0ne/drdlAABOQxc6PUJdLo+O5kx4f5QJbJ4,iv:aZ+nt9qcmIRWyOhq3HfIU3qYHFnf8EjXOp0c0vQ2fQc=,tag:H6ncweCaKMDxq9VHt51qlw==,type:str]
 github-key: ENC[AES256_GCM,data:xUgFMlBo8e+3eXqNscxbby1dWug3SgUagDiNUe/IGVbU6cczkaJ3uOaB0OuRBQ8AYhOLkzXj0pIKjUrElHwmYrhURtS1aF4SFEGJsjhhobNA//j3E2/5/nLVjfco+lRzyHdwmsNhEUCqEhsXrrodJMb39H4b5oip3z0rjc729YveiWUKQxXVZVPurp3nq9yNnix9R4CA6XYFRW6T6MNqgPD5qhbcDlhxLb/SN+uI5h+5eZIS24VDWlKaTaCLL5KLhZmfuA37SquOQ+edi9Yg8MnfrZkMrp/3qmAjP2rSQLMOc4QdQCLQBQSf0/snpydgLwY+FoJmMSztwtkqUdIZWOfDUJbJxegEOrAR68jLTNbp+GYiDn3thtOZDiK5p/M1amjCT+A9qeFMed5WS+aZHNTRbR9UcfiP6+48MGZFt1mr7q+/CoL04/DTp0w6tUf6/SZD31NvTJDqngkhpc0ZH9Dh5+2JcnBWpq25AM36kZTn1hIQCLNTr/oGWZXSLA2tksAhQCaUcFj4IIh6Bl96,iv:GEJsAs5NriwENYTV/VShgJF6iMmrtTwNiXOvfXyEP8E=,tag:nfZgsFqaet075GjQAoVZxQ==,type:str]
-gitlab-key: ENC[AES256_GCM,data:6271Tg7LIJsXAw7Co32vva+iUWv+eRAfVfXaGkoirHxiPTAgZfq8yDpGJwti2D/aFnLvbURcUgp3B5zy1aURu9puXi6QMu3orJOE2Zx0dX3lyeHyIhOZ1hAWsQxwBDkJYODuMZbIKHNrF26Mkk6smFF9SrGoADZGxY7XSou/iopw6yrLvQAXP6lN55PQvoP5/ek/QzKNwjJAbAjp7FjjtPqPUbUdj7bfIfr9avs6gpRYnRzb2H3auyhb5qvyuRWnKu4+FeZUofC7HnfRU1eSI8UzG49Rg4f2b1Xqr0JtsjvEmuRx7lbptINXEAjW7zaSZ2B9NgotWPIzkNZRNZkuTEaOulBf5iH3wJ9GM1FcbUu2gpCt6y+CMIk5QkVvETYtKuALLbcPx9/sc90doiH1411LeKQCs5l88BBILG9KPkKmXiGGUVNxzFtjbRYQIUEmmyl95kPPEdCkkzGzHXNfE3F9HRu4MCGKPK2yZPZtCXd3Jp1b21wKSIRNYqLqxru+J8eLSljd3czO0SuTG/Vx,iv:E+y3aVLaiStlPLTQBqyfJuEXtAQyOvDUYS+XfuOHuA0=,tag:6d1IAsGcmcpgL1pE9dDcbw==,type:str]
+gitlab-key: ENC[AES256_GCM,data:4t25oBtu2oMmVdBnLkRMSXCICbDRiEfFBpZuKiBDskTeOH1JvwKELZ1E2I/sSIjZLn0MRi3o+2DyhkNVZYWqctQAUzBsSxKHMlcoRfvspKnLHd+kDFXkr+ltfJenpu81bK3tKP+VB5kZWmhj4bwEH1tR4BTlDU8nvsAq/l0aR/aGeDFfBtN8GyDwlXt9hta1XRv3X8sefb14wdsgn3CmTAmMSUUK7FePbCR4YwA9L+tVzRoeqw1VdrnXL5X/qX6jARH2G/J7Cqpwl8BhE8Oe/b5HqtJxplu3n1W8fOCpTOCTRV0V3k8UXF1doHwNbUurb1ATKiiq7c/BYqb8nZCodF5upGcFSGx6b3UZuLw28c5QwsdJFMaE3GJLCe3yIFnArVoGlOMdBFpWcmCXCc0WSdS0bOGTaFsmeu71SJ436wDZdcfFHNqaxZ2ex8Pvx8bhs0ORCUiZgFFNIFTDrUP/Hvgn6JdBg0u4srU1imjLorGR5OQ/YTgzAoXUlxwMHb3ssMMc6XApHmftwfQTHmPJvT48VwKsQ+HZNAXz4fFgl6ynmkQzCacD5XtBoPs176igzdcg0uSeGTf60PAfKURLDHNUPY+tcy7sjFwAenl0837/rLgacVCzTTmErFZAwcjLIBrcz3b4o9frqwdKataKtLI4ux45XqlcjLxP8Lk2MMuTQH89ivZYPhvtTGbyCFslfc9Y+dztkis7iQ7oNijpxgBt/b8YZID+uLYqokJ8bHNiIAZh98FrhhaQ4UguZhg572Nuea9CZWXQTX59Toa5kxRN4ACZi4M0S9W8feBd4Y7RaD8ip3iBpqgW9C9CsskUGijxTbImsNK7gRHHcmt54Hrc++2b9ljQOHeuOLn3PJwi2JihphdELdGh0POpZAknp8kVkM+M1e6IKZkTSWpTSFyPimczh7cVhIplfHnm5627H7CiI2bKgRoQ8SCJsMrPpL9v38Ug79HkA0PrbCtrxTO6UnaAqIKG9UPhTyklBnv6q3DrDa3lM4Z8W+rF194tATyvp6NYhcvOP6iE+rEv66ARuk3WLZYnAut0vvaMR7D5PoD6gcoDodBM9HDCa2g5G4ob67TCi8nRFUzHmN3tHTmASGeFvzMiGVIZEkxUafKuOx4dA1eyQBF689jJhnPA/YLSvYFRKwXg08puK0uTvfh2rF4Kdo6pV0IpUnfUsiG4odocCgdQFQJR4FH+E41kNfNYpdUx2ufOBwumpNNYIrGYuHOvWcHW5nPASO4qIhiTy73FvFWg/m9kpXeTfexbVVK31NXHcSXL0MejpRPI2pkbyW5WPP6GtLffRpFQvVBnGMlN4+2863gka/52Y7K+foNs038+GL5SxD87CmIg4e+m8qOa7QL/urb7sI63DBIFmcTY0kSsmcYitH7EC3ESGlZMZqNX2Xnv74M2wxeZ6ACTXRU//cc8HQ6FcRhsMwVwKhrT+r/rtkfK+T4YYT8OMzFgOtY6TwS7kj8MwSzC14EkvqWuTNVVm6HP1vxP6wFCmM/bGtDoXSfh1BRIQPUPxUPC8Na7R42COTr3tSGikviDs3CA/N5QYEFuxNntiNyPU2PzW/aASDtsfq+q4DGIRy5/w67Z7i5M+CyXl1FwYmgP1+SC17CgL6JoiCVUlmYIMq5n5VZN6dv4rUvEUcQSVz1Eovz6DbpHD7ZNMuKRVdhRvTD+DigZ53RxKIfFSlaE8Rhy4VxKDSGJymlYutGvcEOLoYWkPDNUJXb583gq227/GGeRvH1mYYVagNjw3wFhphlrNPO6AC6+sb7C596vlqRGqymPn491bUlVJAcQxTetT/yd0z0eLd9Cd1HWj4RnMgCoqGxgILxEer3YjnPRgnwYG5of8kfo3g6TKxpBeIDk4LVypP4fPMrNwyGtBHCjMmRdqMUsSnLQj0csWfBbjEp5ymeRCGcOKWTgeLFbugw3q+noARrqNNnXjA5aWJl5L13gZJ0QUsYUQhXrY0000WPWDbhNLoT7aRxAQ2HHzoj6pIFOVDT6XUTEw1/TUOuyAFk3URrzi+xOSeCJt5Gb1ggeYzQAwCV05opPq8ZVD+8wpxpb9tTDVN0HTmsbwWdpNKtrDsZCmpgAu6dg2V3MIXsPLp3HsAb7fcjj2MGc1T0BR3Ji01xqLuprafXsqnwgkez2D45NUJbAa4PftevAjDLCvzTpS75yaC66RNE20vNruxG2u5zo9eiOBXRQfrEmqua4t/ApnWjYRfKxEkvHvf9zSOel5UYzFN/5Dq2XVs5t0JRp4Q1x8uLZK803Vsy++RdEtw33JbosAjJECSCs3WFNtsCNDetAhQYPH6G8SVj1q/jZWmp/tk/cbYXLSg76Aej3Rni0Uwd7Q8IOISQ598TJw8mqhUdpfz0wRj/8m0d3deTmY3KOOqzaDu+W0weWc9WV4DIzbhUQUh44IjIdCDurB6hveqvWXMgKTS8RHpAB1T1ZSD5eWsG4ZN6FxeO1kNJVKWzt1MwzcDIkdLI+fWLJMUz8/KNAXqlL6772qYM5rK4imC6LLP4xl6faoyPAcyK+eHiVkEgPDXp5f+8LO9bsw8A1hs8orv1ywZf5CeeR9IfCxFDtSMmR/Xnu6LU+Ih5SpHi3DONCtCT5WDQ9hmZg9UQK7KECSbaWKQKVh3aYbKWfpy7SGfeKS7NIALpS1+eTmmWEP5H0kuNYJZ/hi4EosWX52wXSySMQ2S4y+qsK+6yn2lnw+CB+HxuX9Zr1r0QbIqmKOOKMwMY229WAN/C9CaxvlFFpkNJ0PPZgm7LVIoIExq5eDzeYBn5lKzQb7W3webOMtRtP22u0ynRVh23996lIQ0XSII/3YyR/5GtP5lfP6SNWVC9/8j3QLDJNYHuEJwI/4K3CdxaFhdhwryflRpH5pyvvicuFPyNS05AFXhTzyaJFiY7kiscxm5SmZv+DvH71ij/hmWSJqZPM9V2aPf1wtwZiLiBztEEcQoKlaEBdcn7roYv8aHWowq9zzvSYcOX0PWsvkrdWQ7crh2tMBrwCQ0CPKwayqGfzS1+7ZyhwSXuTBd53bqax4z46vaZWtQ0rD3sFugcD6U+EFMZ6SvryTBp+uj7O5usoiQELG1AVWXc9dLS1c8ZiMjSYXpjFyl2v564xvC4DniAIpBoaq7mFMyz9B2uCTC4szYylmFfsj7HPpN6N3nOQ8NduQxo7QZoDgB0D+I7CAZq38YEFDWy8ZzdMoJb8E+Sa9GCKyX38mVTtbnLnHdoVwnie9JBwJ3QyqiupDYmdy/byCI7weMKInASHdVGbkHvpycbzVdQ8PxVTqBmdPuEe0gVmfFwyDb+lmGji7A9aC3w9J5KBfnC+qoFeRJZ2eGpGuJVn0RfywpTedK9E3r2Vlfp/zxVcjCg+hOptBuyd+KUAEgsj/HSpmKOMlZ7ooGsqqTW23IpOImx5Q7BOMK885k/3Uew1b8iEkJxvb/V6/MlO2Kx3PZZkES/9Yv4XMtVMhM1fy4vJGSU8NtW9bc6VsRqt7zeLqTm2d6N+iDQaM05USUhDHYlMz4YAwTU5ykfgtBkXa8WGW/O8GWzqWVDwRekgJKjMNy9B1BkGFSagFn0iyf+cJtlucmbaxTQpPO15gOAUyXhHUTNT6RG+ywaqM/UMDBTYwZdDSkCFG05QvAVTLC3hSw/DCCm4IkGmVHNq2vTxzOoFUv9HqFatEhQxBke7D7UC+vj2tVbweVTfiagImx3UioNYvcXXTStiUy8mm+NoHmeo0QvYCS6+9W6wFtMHAL7i50WoTuCLIP4AudKY+EHv7U7V8nISPnar526Vjtz4W3Y0XbWXUqrs9orudVsu3r5fMgAZoI85JRWwC/vU8MCK3v96GuUN0WCMv3xXQE8EbwW+IDmbD7hoAc8EnBCXMInLyq6dgVbSAgefVibyrw+XHr2ph2ydgxuBWFGs0KlfLU6hh4wBcaM70gsUwUXPaI4bRMoMrRRxM5fCHBH9pCD0d+YUB1WPl/P0bJ+vRXlYbJyHTZbJgr7F7VGl5b6U36c3wsKYBXUmOunVCvQ7W3Yjuarf+uctPDUnD7nZKHtfCm/EAaMfZk1k/oqn9jbnuEOH4ZPfjEgz5CfcMLiO+Ej3Mmea6ukujlmFQ2MgyVfy8n1rThe6/NJQIs37GV3ATM+dzNBPKWBNcHv4oxNOg2/UOmtzLrYvIUosUKotw74hayf/ZU4NlTULeMz7JF+U/u+ZJlICdRPHbINeJuuMIFFnF+7/U7YV6cmQS1V28RcgHhrHhX9yUKdfrQjOh7yxqVX6eJOppmQ7sTDKKPD5baDKChdgptzprSrbLlZ44AC5xcW3kpIcEKjat9jIeXYTBOo+gmOxS1BVk/gAH1pJpxKJsibsWAHaRsTRykj1s5hHlY4ESf/gQ2O4R0XJSvrwGw0DeXSkQIcdqt1Sgn0jX8S1eZ/+lDm0JQtWGkP1AEOwmo9uJmfgFZuEe9R4GizXqCmdvWtoSsgcVtoHqz8IJjuBrVeV7nOz,iv:g4X2GC/9+je4qkvUT4UJl40+r/FzFY88XtYkthiwGVY=,tag:XFfEzXJEeKXB/QJt2fT4Qw==,type:str]
 jack-key: ENC[AES256_GCM,data:VfCl3wH0MMBc8QDyjLDFeSvzSEsf7uGpfJvRjFrmjW+bPRUXBpZhJV8a9VQIAz7z7zZXvzARMfCeI0ydyC57CW81GH5/H5pneJ4b+xreINjVfdLbL1nC1thelo/O64jda/L+xVKhgE+QQi8/zt4JmXGghkP+74nYcTTaMpmcbgWw354J1ybXqyCEY+88nsJ1d2s+M7M2bplx4fGb7sLUs6sqdsad3sENzhH/0HQCFXreHTtgsLbIs8ccmdRgFNKM8/wD0OoW76rOQsJoA9JY4yOTQNVoX5M8+Olj6+wVlt6QBrWrYRuEztGnHrHvzxiHXtmEkMwVNfoPpEflQyRYRa0rVp/66REOkMckGx6/LbxKFgrxnifRlsK3kWd28v2bRGVQOghUluYUtVkaJ+eh6o6ik0NQKx8/H6BznBSDE6MjDwbLv434LHBfDtAqhWN1eMbOlunFivsl5Hb/6rl9kydHlcCS6FY8cUHoKQ90gDaUuDrvUifwmdO5hU0GH5tgvGi1ReK9ndcpQsrHptG6,iv:oC1xU5Tu3The105VYRmxIw4kEwDoqe8T/EH6mmqpqwQ=,tag:Pu8c536u6W7ALrqjRsvXDw==,type:str]
 signing-key: ENC[AES256_GCM,data:NvLqmt7NzrWkbQQqFfosmSMvEv8C8+MDDpxSoDo3zZ3MR6WXr9B+6CnUc6rtevM230wgE17VC9XlmcQxX+PjJsWq6gZteK5THTIcrR5zPJVNlVCEyeLKoFj/6m7qBgyyoN3OjCNjgMkhsm009jwBgNk0qJMAYebOGo8eoP/al+4ytm7dhna+iX5WZabAg0J4z4JMDQonqQl3SaDnCEdHvk9m7ZEP2vUFscPkbLj4ewgFq+bUCHOOQb2uqRJoEgcR/NetRFcQfzcU6lp7JxobaICaO3zdmomUm7oabIUTrc3Kom3Wjw8ryqfqC1/SC0SHr5XGk2ygk0WnlQ4kNshqriL2dwbWAzy1Z/cTX9+aB/KNtC0U6zWG1bpnL3dgSgvhRiocIis/eNg1HWsLWVicmdebL/lXHztxFMdTuX/gWgQBotggTmx+OFGZfP9ZGlF3635mDxM/fEOCtTyA195dMicCUsjEpBegNtXsp+oOtxyRI0jSW47MBcXFP09f5ywELTPyz4eOUHO8sQ6UfJ6X,iv:KNQUlMPaiR4x1Fw+HZe/EOmh/gfsrqlefpq23uflz/8=,tag:illu42HKunQXnijjsUIvnQ==,type:str]
 signing-pub-key: ENC[AES256_GCM,data:XuokZmCsnaNQ0rvVa3k81T4vtxw//r63xp1yHDLaNAMwA2r2bh6addl9WoAmm76g1rweqZrAAIw1PXDb90ubPaBP1iEHSkGZpwUpy/tOTePRdHMW2WtVvidpHQ==,iv:auB/bA89cJK6DnQi1BK2uldXRPyJfo+r7nl5qOLefUk=,tag:/I3kB6El1yesBMGOjJ+oHA==,type:str]
@@ -16,7 +17,7 @@ sops:
            cmVxVC8rVDlWMUdZaGw3bmdOaWZGS1EKYahBlc8XpB5UdKZQkvxbLcKQ/xkFJjWo
            FSfQWnjhe/a7BJtJEcKZkjOQU0mYqlSu+uT2RA9diCQeRUJPRF+nAw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-09-27T13:28:57Z"
+    lastmodified: "2026-03-30T15:43:41Z"
-    mac: ENC[AES256_GCM,data:XMPDLGHwTYIxgEz9Stj7j+lWgAOpzkEsnoRdWVVs4798m1sQRIyUuvEiCgbHoAktajrAAzXq3GZ4HJ1dfE1fDWGh+B7WwRoJKxtP6qI8Ub4h7lSiDsxJhr8ieqm5bzmHZkn8VJkrqBrSSXesirLprRLR5yZOVLAgco0lg9boM1Y=,iv:pYA5oz8cldKw1Ai7k2LCQBipE2keZa49L3SHcL+eDp0=,tag:4kVsC95SSPCCSZDf6qDeqA==,type:str]
+    mac: ENC[AES256_GCM,data:fAn9R6YyyWD/WjA38Me0YLdzSzcuclAr4EkKM4De8Hd7sVrhl7FFI+Smoy3QagwljuUwjc9g8U5K6DYQB+Syu0re8ODCQmpzUKyQHsnN7OHHQk5dhrentC4GhTaEXjb+VGnPVGVjlLBo4ulw5faqu5A7iLHwViT0MjpGfq5egqA=,iv:1rP6wrHzjZvZGei4UljSR//6kL/1qzLskAUVCMA+HqI=,tag:QuhLq3ncHRxKyvHPDnH7VA==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.12.2
@@ -5,7 +5,7 @@
 }: {
  imports = [
    # Choose your theme here:
-    ../../themes/rose-pine.nix
+    ../../themes/zen.nix
  ];
  config.var = {
@@ -0,0 +1,25 @@
 {config, ...}: {
  imports = [
    # Mostly system related configuration
    ../../nixos/audio.nix
    ../../nixos/bluetooth.nix
    ../../nixos/fonts.nix
    ../../nixos/home-manager.nix
    ../../nixos/nix.nix
    ../../nixos/systemd-boot.nix
    ../../nixos/sddm.nix
    ../../nixos/users.nix
    ../../nixos/utils.nix
    ../../nixos/hyprland.nix
    ../../nixos/docker.nix
    # You should let those lines as is
    ./hardware-configuration.nix
    ./variables.nix
  ];
  home-manager.users."${config.var.username}" = import ./home.nix;
  # Don't touch this
  system.stateVersion = "24.05";
 }
@@ -0,0 +1,31 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/5dbf85d3-d236-4af8-b489-d6066bfe1eb7";
      fsType = "ext4";
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/043E-1755";
      fsType = "vfat";
      options = [ "fmask=0077" "dmask=0077" ];
    };
  swapDevices = [ ];
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
@@ -0,0 +1,78 @@
 {
  pkgs,
  config,
  ...
 }: {
  imports = [
    # Programs
    ../../home/programs/brave
    ../../home/programs/ghostty
    ../../home/programs/nvf
    ../../home/programs/shell
    ../../home/programs/fetch
    ../../home/programs/git
    ../../home/programs/git/lazygit.nix
    ../../home/programs/thunar
    ../../home/programs/nixy
    ../../home/programs/zathura
    ../../home/programs/nightshift
    ../../home/programs/group/cybersecurity.nix
    ../../home/programs/proton
    ../../home/programs/nix-utils
    # System (Desktop environment like stuff)
    ../../home/system/hyprland
    ../../home/system/caelestia-shell
    ../../home/system/hyprpaper
    ../../home/system/mime
    ../../home/system/udiskie
    ./variables.nix # Mostly user-specific configuration
    ./secrets
  ];
  home = {
    packages = with pkgs; [
      # Apps
      vlc # Video player
      blanket # White-noise app
      obsidian # Note taking app
      textpieces # Manipulate texts
      resources # Ressource monitor
      gnome-clocks # Clocks app
      gnome-text-editor # Basic graphic text editor
      mpv # Video player
      swappy # Screenshot tool
      pinta # Image editor
      libreoffice
      notesnook
      # Dev
      go
      bun
      docker
      nodejs
      python3
      jq
      just
      air
      duckdb
      lazydocker
      # Just cool
      peaclock
      cbonsai
      pipes
      cmatrix
      fastfetch
    ];
    inherit (config.var) username;
    homeDirectory = "/home/" + config.var.username;
    # Don't touch this
    stateVersion = "24.05";
  };
  programs.home-manager.enable = true;
 }
@@ -0,0 +1,43 @@
 # Those are my secrets, encrypted with sops
 # You shouldn't import this file, unless you edit it
 {
  pkgs,
  inputs,
  ...
 }: {
  imports = [inputs.sops-nix.homeManagerModules.sops];
  sops = {
    age.keyFile = "/home/hadrien/.config/sops/age/keys.txt";
    defaultSopsFile = ./secrets.yaml;
    secrets = {
      ssh-config = {path = "/home/hadrien/.ssh/config";};
      github-key = {path = "/home/hadrien/.ssh/github";};
      gitlab-key = {path = "/home/hadrien/.ssh/gitlab";};
    };
  };
  home.file.".config/nixos/.sops.yaml".text = ''
    keys:
      - &primary age12yvtj49pfh3fqzqflscm0ek4yzrjhr6cqhn7x89gdxnlykq0xudq5c7334
      - &work age1c8pawdsxptfslgrz2c56s39mrtnjzc5mm3hfzgr2wdwu2v6vfsdsupjsq6
    creation_rules:
      - path_regex: hosts/laptop/secrets/secrets.yaml$
        key_groups:
          - age:
            - *primary
      - path_regex: hosts/server/secrets/secrets.yaml$
        key_groups:
          - age:
            - *primary
      - path_regex: hosts/pph/secrets/secrets.yaml$
        key_groups:
          - age:
            - *work
  '';
  systemd.user.services.mbsync.Unit.After = ["sops-nix.service"];
  home.packages = with pkgs; [sops age];
  wayland.windowManager.hyprland.settings.exec-once = ["systemctl --user start sops-nix"];
 }
@@ -0,0 +1,18 @@
 ssh-config: ENC[AES256_GCM,data:jtot9nSlaS/zmVqGEDACG4HarHFnpw3QMLdYGOvHI1rzjFm+FuIw+MXtPBaDT2rWO59XKchp31X2rik6igNoY9iuQ/uncFWonkb8RTOV6zG/BC32cFf08nNmp75slr1y/YA8rc2kM4An81Zq27g0e9AKyRVRqmvI3HEQq/1mpWF8OJpSfdggCIylGQezB2Vy3Ik2hJyoJaf7BSaikN1/jPzaImpPi2OOrREydePuZjX8D0DqM2xm+LUSsUpXutsKWDaaeuMAqWfjH1svOvT4+oyMBoqrp2+ijP7vRjFeuYrxaU858YzDi0+bTdzn8umlAr6rjLZW+9JUKDog5Fja5j/WvIk1PClqfXCX1+hCX4GlAdV3FYTn,iv:vQuRDKuidQFl4u7bQlAEAf3s8kYBdNwmXO6JbcRV32k=,tag:yv7NHfncDwjy9OGrTZI57A==,type:str]
 github-key: ENC[AES256_GCM,data:GmZfleQssslbVIiqyzhszhsfXHZcuBgkCREna7AHtP95lyG2F/0u8LUmliQePxwMirJLHCMnl5z0QIvAIsOtXsb6oKEk+Zc9BRapE/d+vmaKqWH06ip5TIEkGHOzxPziR1KmaLPw6RpgyC84p00jiNy6uNPq8iEibdsLA/YPSxfiYCon+i3qZ4qEDws2ZBacEvYCt6A/vyXSTpv3mZCpAUP2Ageghy4mYioIxjt/AG/QwJaN3excyoPPITZ7kMrnJ1t/6vSu0rb15i0sWULFIuOLaniTpp3N3mw7A9t5W+z9POBUIoL9L/m3DMRKsl6Fck8s/Fp+5XvpkSCTZIqG+lJVz/eemZcsr/mR9rvsFmCKNjS7Fa54WZ8O/yABWjIV2e4DCdMgUnq/MlOePmPWJROTqjIjRACrgzco2s9KwCvBAfZJIOenc0sMIhgn0VA1gnxTHC1ycJp5T5awTfTVTImxCACnUZK8nChCEpiK1QGSpnxTD3a9RoaHiE3pBiINmYVK7eU3VWqVh1K9wvIODfTK1zASr3ere8Rvx3xmIiK6NKx5GFQ4DazZsyv1zDZYb/kOVu33sSlmGuoMvJ9QadN0+fu8sTj0hi9OBH6qpTIrSw9SWhJnX4fXMN6mbwC2QJB+jJYrh/G10J3xAZwxlrujVz9t7fFzv31Xitk8zSkvFpfJFbJWcGZArvyvTP4xPDh/2+eXqK01nQ002puv7XIIEJaF0kOcASR0w7qjDXG598IGBwypFyj+oljBWluMkjNV+M9Gc+YhbsDYSyI56fqqraC3Vqek8dXK8PmNFfQ62zZtZ3OMBzMjwe+tq0Q6LKdzaJR3N4pF2wqj9df37S/onJFCpU3+XkU5Ur9fk94bs8McvY5Y5k0r6TZNbz6Ye08yHVZa/MzPQG9dXpc38hHdfldDj6gz87XkHQDbABzqQ+j1RL0N7NUMsa9tR3hJZPV2lZYm5TNQYfAa8jDnuO2NwhGrGoD/jFycVElulyHV2F1goMag9MRGK7obpoVUN2RtnSj1eYlH0E6uGuCwBe8GAjhIVCnXQIn5hErJjh7VWeeastdfMlw5z3JzKMaTPXusLY0BoGejDIvRh8NE+R9vv4kO4PDJk/dTYTGfBhgcjdD+nD/uf1mdpzlV/ojaGbH2JxylQ8LkWVd7rwIhS4skLwcE+9NHuBVTkc2eP9i0FnTxsJOlX1RWQn3OewxrcnNuVaGMnZisIk/hXz4Qj1I32+5vD1w5vzRZyXy9QZBGlED6ggbj7SDuSBKze6KYq2saIf4d0n8pScyiziSjGzaKdjW9k7T15XOg6O4kbwuG+fOQSOLGB0lY173gA5P5hy4SRF12Yyk4fK1N/T80SudI/DTy5Zj+e1uvPcBseAw0EGDUoyWeqSTCMSdk4q+B6mdvFPx3002EuhVKE6saNMzTZ/5CweLQlYFSp4fmIVhkih7XKcNSOamjsUFFVjjg5QNY9lDuvJ25DTIhvD9xhr7VHgyVSV6CoyUUkOpOA0GWW4Qx+xvv+NrDjsVVlmKUlGRsX7HNPZIyS4RiR7ikP/jLVNYYig63vXqvuIqXeLLAdyrO6DwfcnM51u0Q6Dpsb9OJbNR1zjxK9MSyVyHMP6RNs1oQgPfypa67eQMJ7Tw9JEHIH/VMVL/Ha7dfThB3mkAM5HRbnUA6eSMkwYdBjRF27ERXLSywCitIVx9xsN//FcR8yg0iDQvmp+HPWQkL4zJo6lPLblIhgNWsp7i23F554G4KpbosKZU6RwG7xNaqMF0ATAxt2l0oIU7DGmO6iH7W1kyiLmBBAqFOR+43ikSZOqgJh/PjlFLE0hdoDzL3jerFPA7CCU4bmcspBO3afS/wLO1AaQ6i9rLlRpjY+8HRpB6PKEPOVUrAoaef88vICQDN39/Z3a4IfUIqJ6bEYZRhoVrMJF0FXGDpO7hk0cfXabj3VKG7n0LtDFD6vzydhfh2E3sIY6sSUNtSWJ9DOWk0MtrVhuZoHB9XPiXPShm25BitaHJsB6tin+8AUMhLz1kfDO1Qo6FUpNKnFXBVuYL05J2nqG7RRYwXZq9mqwhHLmsUtVjhndpwHK929WeQ/PR1A2OOJPuXWARjp2XhhBlrbrYy1RnY528joLc8wWtQGQVx4LmJKA8lxFtdb3Ina57N8R/U1Vvf//vBBb1blfgYY7w6zfwxeAjtbqnGVhWb3pdM2hAou/5M9rMOJxE+CyUtLibahO7sfZ9nnMb4gltQfKmN4LnwXPmaILz0xx0eJvsbN/yV+CLnmBqJ8D+dJg6ANGrTbMSveWvgIifr3NIIy1t2l6hQyYRava8XhoRCW7xmxTNzQzUh3xY17Z4cw5YJ4ac139Le836mzCKl9yscI5R2a97g7tnGOruQP/PCu6DIUaLRoitfpnEorZBLuVwUU00QW1RUb4ooKrvGap5/GjqglsVdiZQJrml+REmZyJRtoBT29zXU/JI6UYZrwRvXhRu4mWaxrLEmrrqQ5ABqpwy4ednuxQbHZPY3Hy1tXEtc3zeloT877cLgmgJ5CaYHnyXindpHzQBtPBMmbE8zHHs1lyZ11Jz1hfGc5h48U5YjyrXQqpbLSf6DC53ysXDl/JE4lD0WElqUmq15VpTZ2Ue43CEfasbXbP4mAZ7ixQXj3qVZZNz1tZ8Y5MZYqvtZC1YDn/tAWtd0SuUwK5qdq7mRo7d/dLASnkTGQfdg7QD2+EsWPtT2wtmVsPVQyatP3isM6wLO8LY+h/1hZyPyyJ6X9LXbac+/SGXECP6nvxbDkhzbcwQBZDHNopAeVbLQ9TyruvIxqDlyOjBgygigJlOiWA2zihf7ujn+bBjQVV/wNROfFS9IrKgITgWgeInGeWs0fXW4KoJNMqI7ftk7VWcKBonoNItanEHin2pwDRZM+v5xxjbjA5K4ZOqSMnwIPMr7WceKy14OMZN0o1MRmFOV9i128KkcppZAKt5++CmndtLsHfJ4sl+AfoYhLJcX9JTPLMD9sKqtZl086I+dI+rS3RAFkKdzgkY2BMXaOCWg33fC3S8olno4y8qFTnI+6UT/M+EZtsIoh1rG2MX3TdVNH1yppPK+1UluYxmPZxNSLJajUmFgAixq7AqFd40ULrHs/nCozoIgs772ttzo55Ri/7BCO+INtnyBp0MeNCHWC8g+UOwH/vGqdsRIQE28udwrmDIdt3Bh+tK9r5+6GvZN8gC89ZaorI+5uaLxFsjwMM3pNpIMfilahN47tbfcqXKRWpOSNbWo75L9bv0I1U2YPQ5JpKTjPveM5gL5l/8dMARrGfQ7qLB54x7kQRG6HCQmAnQr3t6HWU5bTKL1NKbb4HlqUai11k4/yAAPu8JrJjvDkIcNXILKQkN8wNQYZE91ALo/EsvnFO57+ev9jy1bYfkJkwp+qbirh7w/150qGZpADIWU4u8sirPofqj0aTZQI/53iPiuvhV8B50ZATCL8So3dFV8iQjfHp4jJdjoc6HatQMfuAsSi4PUBDv9Deh7NXRdfjXGwjvDZj03EnTty13qUE/caYxKKcUwbxzlmxLU/BxWL4/Zn6/MK9fCjcT4EBvSQQPNvYgmLUZrAEzL46X4sO7dKaZxvEelHzO2SeNbeW9fYUqL2tQ4ChnC46oKvIF+XT5xfGS1er7Mske6Y2JVs7loOMNpDfzIHZEWNA3iSmFGnhGU51itsWP3DmJAE+/dVRA/lkPiQmP/XofZtuLPyY3JKD/CHmKMvkuDrB+Q6ZZjUONfH7KZcTrBPM0RcNze2xJEk8xjUtL6XQm5tUYyy2RDYl7yVPDn5a1olgATkv+4BroxOLBpQ0HkQpnsj549sa+40IEMOZUDNoExjvs6ukEgax4/Fi8slTc++vRCv7kyMGl6DeFV3oAVzvkTK/vQfG0C8yXwuYG9wN9Ihn9GSgPejXBb4uxuZoFpa0/BfJBa5xYM1c+ewf7qIQA5I0Tnm3W9YXqZ6XHK+TaduqJ6xQcD9MrD79sJpeR7GoMIi7vHGEJU8ZN8AGX1/qpM5dwbB4CfgYk0AQauHhdaVzgYym2AueywyUaaRzit2dn9oIvDfksHqXV+QVfXXBuLbt6x5O7KNGZwuQhaRamPHl/SckxW5Tm+tZjsizs3hB2f+JWCO+BuboxDbO0YfolasX2YUDBfrvtqeCZ/WAt+VQYLJ3fzXtmVafeIWDWmNhi6FfkuZ1gCwmubQzSBMYG4Usc2T6OTUN51cbSx/IGSCIBeJ+goOWCc1hpjyqrvaoH+brTgR0gwbczI5h5ukfi1ZrXuL5Bwqj9mwyK1vkLYBcF2uNL2KDrRTgGBVMbHwc2/5KdCnMTmjmghDtRJxzFkaSsHODjapW8or7wJpMYDDaTLQgGWQ+weUDNrilhWau3HWo2T/V8SlyFRcrGvs2WLhF2o5/4a5lpnZZGcnp22iX5GVU4jBaqraSd9W5DuXIxXGRLCkONrxz82Vw3rzB3hop362O1zSS2ygFLxF/QPk3tspWWNyMMKlXByLne6oqmVRK5etxoNbqYeOiO80fWqXNv7FAG8zjIj+gpQfIQEGQsmpeufKAVgQlczPzglzpR0hcA=,iv:7SuHnThyDeOMpDMZ5/LCiyxsFvzkNwEV8xpL56FI/qw=,tag:4CLUrclfHQU+2M1OxLtw7w==,type:str]
 gitlab-key: ENC[AES256_GCM,data:ya9GvFTcPuIGlQ23zrdbfat8JJS4QFiIyvYvHJwQ6xBbLIDMrl17RKtUZAb0p1ZVgMZIrMdI98Dwx5ApLF/cmizeM2nqhFZMUSTK+hTjzKRf6beHJuYKIWexlBHFFhxoMYHpx1Wmf/wlmwcEohkwSG07hyeB7CdRSnClMucv8gl/vtzRZJrKIIdMwFF1opj2ELr+q8a4iKQNFcCbX8TJxBg8UtE9axa4uenZ4XVN5w801tEWrBJjlG6QU/krqFmylOjyXgcUUP4lAyEGRBH8PbgwjKjhJr6wqYuCFO0tkqJcfmd4fZiZOFtrWuuyJ49rDcie3LpR0mK3fZkYm4/Ymt3BDqLP2bTuwKIeCRvr6tKMNv/pXbyQhoVmnE7Ku2qVhUl4R7X5IH6grLlenwJz4rGZgeJz7zHRZsk7mJc+zjtWxewFeKRNMKwD7/es9dPK5lnArXeHi01pFAgkybPG0HYLT0Y89BZcp5/Gg5N5dXyAU86Y4P6SADMD6pzoasrwGK5Pr0Qbxqt0ygyTpajuDalaFtgi2+GdWZC2noiD4ViWDKe5IRSjLr0PPFSBOXXp7PnAKn89mJTlhyuGlY8qc1RI4aipW2K3SO3s2EvPXeN5PT7emWiicG/a7X08OdE4/7zeDbov1RosQj8rHcQt6rUeW5mj1V3sah0x6Z3Vzt9tmsk4vnCmHDp+VHPccH7w1yUilfOufyqgNWIQFtMpOWt0yhOLEbokHtpuN8zXXfzqaCurTS8jIEBgUPnTB5TIf7Sp20a8sy9nSgucRarbpvzxi6MrQXautaB9NjsfuZatJEC0TxzXHO3VMEOihJeZyY2OtDA279hMjYdd8oJjlqS07TrlqKnP71Zo5eJorUjKw2AK49NxzKsRrItvRPS1YhHxQ3Rauu0BQ2ymAy/KZNdnLN+I4F3EERR2PUa8KWnprGOHox3mgqEdwhQOoKM98RiVl12itNb57obtIXejOkAG6tyEyFu6ffL4EAu7ibqrdzsVafWlvWz4H9qtiueyCm0nsMVzsh1pRnJidPG+7kWUIA/wUBF2N8BaNi4WwdQInMSPm9iVYvkkH9OmeX3xS3L61z5Dpok5vwGeNzPEqQrJvRs3fySCFL/UF6N0Y45nEji3sgq9Hg/x/b34UHN23PvzhQZMs0hEpmq5rEkKhfVBNqaF7uykqqt3aWCL+lUdX7PwursWKDbJ6TWFUqy1ahpe3za89QtiW7LZaTw49WwsENRliDa818UGYCAp8+EHCcUR+IguPBPYo+zT6qpieM4P8RZKmfXZGvdsLcgTBpHqLGSWKPD8BYFQeVdWdJOjqEmFtY20eUrLK3sC2ajGRnV0yI2aoxGeTTIKH9Gq5fEhaVCuTuKxfNL/S6BF5fZr8VwRF7qJ4Mi1kRDepe74SPdqo09jHZuytsRkgYZMk8EMoINMSWWRcdWhqEBq5/R7qORkXi0kjsjcCqnuVL7RjJ3cd6XGy/OpdLWz3kSDb2ai58GbJeovPtyTe6gUDbnuPnVN79ChJLGIViQzeg94LZw68b9Jas8CPI5JJxq9FJhNQe6YK/qEsOldfSignQwUhFuijbFvGwxrwTu5cuOHE9r8XM/k2FL2eUL3pxdbmglibuB12IzFFDhRoBtBDI0SY4FlR/4JaT9O81QIQkJzKJTPdTkiNw4rnDFxzZNKvpDMfHSABdm0ODunLVXVCpLhQ9B16zsFj3u5yvWrhpJdu2RisyPLNRSQHY3XWHreCmF3PKw5f3gCktCVraJxf3AZJc5VE37tn/XMU5HWVlIcnxijgBLekL/mijb1Tje+7hFWP+q2jGxnQPR84cQ8mcSVR0mJTPcAMI87jPG85MQl/bjk6cJqJgg0Kzsug086gRZKfbE4p349aPuUTZ2I/dXVft2FLPaPdJg6WrqE5B3LI0e0zo3uM0aNvx0BbRGFsSxNqb/YnL9P3dnCXzpKcFH1tmkfQO0bXR9t6fGLegf8qfUAwn6GEpWC0/ABGVHQ743NGYdNFXaEzQXrKFqbpIkGAl72qz4OP+6Svff3j50t5LGpvavwODzPM8qHvat0GC77H8pDp/NTHAryGM/LNjmBsZ9PdP0zqA/zjtVWnBNE5ExmBatbvTJMb+aPryQtV82gGodbPvYreK3/krGfGnzkmHccOk2YheuG0p5XKuLrm+JNLWO+54Mem/uYu9TLYQ9I9lKAqWlQCOGEEanV5bTsP7oyjEBbvhNzP1IG8GqUSdFpcmSVk33TLrRJQn73A+4TDJUuP1BjU4aJGbMKOXZSELu/+tMgpZHWwJxj5XrEnkdHwHkiVY4EsPizZvifPJJ1te/2Ru2oSdkjbVUTVqjoHq/FJicG+EdCsyXTYvAjGSXapQyM9b7oiYrhojzxSJ2+ck8zOGGxlarjmw/Z7zRzjVg5lHApBvnyFYgruCoUVcojmOfXROs5J+UFTCKMoN6iB9ZXt8YZLB6mb0SS9VD91epo4Ui+oYyB7gKDPpDN3HD5XbXmdTkCVsxCqNYuz5cEsDLpqtH+pZfrDV6qzBIoj+mB+UaC6mjyCF4/0qarGax1VfFJHeWCivLAC+io7TsblEC72bwO2x05PjyhqMlKEGVoPrxLEsq6o/KRqkprYfpkgZEbawmmK8qWqpd/t1OfRbPMYQpBg1zTCmULG5zLQKS7eSHmMMOAbRudud++8ntUKrEmr31rS0A0lZ3YNWshMxhMfYIOdcXWYiSrH88rPnQRFwViRBc6iwXU5u3oUNb9tKamdZYy/nqHIrs33pb1raNiNMyMGUw1CEQDMSnRDFs7Xh9wmO6yKQcAhUok8ym2b3mR+4+7+ZxFarUB8QO8uT31JFRdeUOa42GmRQV0SexpBX/bHXLD0BDtoSa5+wlo2jVjhxMgB9DpSC5VcrCTFHbP543RI2oFkn4MdA2hcd4eh8a0jKCrvfZYXIcxXMVVZq91JdjC97Iy+iMFS3CNH9kaZHd3EE+QoGt75HQDyF8IAoE2J688hnP+3j6NnQ2TV4Sk7oAoZatp7F0L1axy4/zxi19Kyckh1UBw1u2xhDhO9FxEcll6WujMS7TiWsKih2cnT9ggNZuk7gZsYXzK8VS31H8d5r/0VIaA5MwC+UhOdakvnc2RD8D5ghpeuPe07MXpl+drqe1lt1DnF9uSqescjNYx33a+7FL/Xc26+Ywhp8b35r2Gr+ve8utpGZbhzZ7r1NxC9fHk0yNs9UIZEQSSfV63KUX+E/SEuktgQFBJYvKfuClOA/56kC7OCDYTjIEr125mYiSBmsCoDbLtz7dGh0f8Wes7mPu8gLHreuzeUaFC0Yt8uwoTYfEy/2oHtHvzj/LciXkYcqSt4dSkfd9WoAJgUCgPnGEAw41q2Fa2C2aVW0KZpWqgijcQyw2oN+K12xZU0qLXYVUV7J+xoRHcENKmhRROj8yHVwYgyNyuPmg0rkfhx2S83hw+TPt1fwoyNWe+VhA8ZlYABEihN31986XWj5zWqGCNJham8gQx5RcCt+TW1K2T4zYw4XneJHksmaj0GEqdFhKdWfdZ8njrKkMT+Qw1cB4ocGyhr6lAUdvhYSQUaislLp/BsmvQA0g0ENsisP4R0ifzE7MdUYbPA6vw7OeoCfOS3sFio1KhFL6wbVEGn3KhVyGYQlEntYduKPUBag0di8SAxvYTWPZ9VrEAoPVeLiIyQUUaQAxZOByoUVL64aJJOFhJ0Md0lkp4Ioc+EnnbJVmtohWxdcUk9EinhO5hx7UemWkPe7pQ3ufLeDbqW0OpV4n+rGmZXeZjECo7RRnxoQcKfQw6Ii6qU5S8ouLvzKFTuwa0WWoMTQdE9//mIm+uVhbkoZVCTnVkIIxxzNGfpvUq0eNyXa6mh+Mpo2eSBKzfXfbOzKT4sSvQct9QBT1otWn34GScV4k3iLgq1XWonbEBn1juaPTPO/fdLvXJmV7X3xivWmM6zOYQrNecEcf3yFidQe7xdTQ+VGFSeFb90KYuI4ajgdtM5EQ7rxpwcW+7kjAk95DcplizZBHptKvBOrwqxVBZ6NSrYrna3SqsocItUsCGun2ErOXdz5MdLG4U4u5w+L5Cg3IhTEG3Si3HU8o2Ue0fnQA/CsN4VWVPEYYHUNhQ36rA7qhuvuKI3n7dYtqEXUuO5y9169c8AK+efEXFcusack153QM1RoeioGsAt02UXRXKJF8pQKqamt97UmiCjZpTkxQDV/u4zglOcMbH3lY3vJgFZkQ+qEcU+lXGWSyuwWafjeFn2RGg+yjjE1OJcxBGJLxlGuwaqvpfIjtVlQf2fy1qoGxnBhps8vzAi0Zuqeo3b/5oUMhU2K7L8w/+gRXP1nBloA/iGGJL6kjz2YqeBe8jsImX9pt25mjzFx6SQekRL+yXU8wBQzhRNRXmg6gEtDWlMDCKEyGKYe6dk+pFb94Uv7UcavcG7JfFsI6StJYqdnI/FNZrc75w1Sf2/qGCBzPQJpylhSbnFsT9erqclsrirjUX,iv:IKHMuKQt7rsbUfzosTloCS5YF8Xt9RhCaw5qM9wt0HE=,tag:cgMQRQzix3HnO0lEwh4Q2g==,type:str]
 sops:
    age:
        - recipient: age1c8pawdsxptfslgrz2c56s39mrtnjzc5mm3hfzgr2wdwu2v6vfsdsupjsq6
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvelBDQ2FYR3dvRHl6dUc4
            UmwyZXhKL3JyS09JSUxZUFEzdmlTQk4xZFJRCm9vQmlzUzlZelZCWlVTVzJEN3N1
            MXV1RGZSTHN2KzBRVDdvQURGTE1PZUUKLS0tIEp6UlZsZlFORUVSb0w0ZERsQ1pB
            Szd1TDFqQ016WWd1SFowN0ptcGlyRGcKRH424S/7enLTuACcJyFUdbIgsUl0U/5i
            6WRrU0kHesh0gcxU1QMvLKiUZdYwo+pFoDWZiocNUKlEt49isncMrQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2026-03-16T08:42:01Z"
    mac: ENC[AES256_GCM,data:RbYlNcntZ9k4t469eq5AO4CJQ2zSWetFYz3K14sN4vwAvYgErkvVZSQvzaTPuBpfNCFxTnfSH/d73EZvqTskfBElef6TgPK6EiDV5hMfz5sdnZmc97+le+Uvzs0c6Y38faKfs4ZrqtbMRIH1YuWpnLKfJmfCPIFayeEoockgbTs=,iv:P32AWbPLsV68Ee4G+AiBkDdKHm3vZngtJGz0D+lz58Y=,tag:AQYyAoxY+CpT6GawCQw+xw==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0
@@ -0,0 +1,42 @@
 {
  config,
  lib,
  ...
 }: {
  imports = [
    # Choose your theme here:
    ../../themes/zen.nix
  ];
  config.var = {
    hostname = "pph";
    username = "hadrien";
    configDirectory =
      "/home/"
      + config.var.username
      + "/.config/nixos"; # The path of the nixos configuration directory
    keyboardLayout = "fr";
    location = "Paris";
    timeZone = "Europe/Paris";
    defaultLocale = "en_US.UTF-8";
    extraLocale = "fr_FR.UTF-8";
    git = {
      username = "pph";
      email = "pph@pph.pph";
    };
    autoUpgrade = false;
    autoGarbageCollector = true;
  };
  # DON'T TOUCH THIS
  options = {
    var = lib.mkOption {
      type = lib.types.attrs;
      default = {};
    };
  };
 }
@@ -7,18 +7,28 @@
    ../../nixos/users.nix
    ../../nixos/utils.nix
    ../../nixos/docker.nix
-    ../../nixos/tailscale.nix
+    ../../nixos/amd-graphics.nix
    # NixOS server modules
    ../../server-modules/ssh.nix
    # ../../server-modules/bitwarden.nix
    ../../server-modules/firewall.nix
-    ../../server-modules/nginx.nix
+    ../../server-modules/cloudflared.nix
-    ../../server-modules/glance.nix
+    ../../server-modules/glance
    ../../server-modules/adguardhome.nix
    ../../server-modules/arr.nix
    # ../../server-modules/eleakxir.nix
    ../../server-modules/blog.nix
    ../../server-modules/awesome-wallpapers.nix
    ../../server-modules/iknowyou.nix
    ../../server-modules/stirling-pdf.nix
    ../../server-modules/cyberchef.nix
    ../../server-modules/mazanoke.nix
    ../../server-modules/nginx.nix
    ../../server-modules/fail2ban.nix
    ../../server-modules/default-creds.nix
    ../../server-modules/umami.nix
    ../../server-modules/gitea.nix
    ../../server-modules/mealie.nix
    ../../server-modules/eleakxir.nix
    # You should let those lines as is
    ./hardware-configuration.nix
@@ -12,10 +12,9 @@
    ../../home/programs/shell
    ../../home/programs/fetch
    ../../home/programs/git
-    ../../home/programs/lazygit
+    ../../home/programs/git/lazygit.nix
-
+    ../../home/programs/nixy
-    # Scripts
+    ../../home/programs/nix-utils
    ../../home/scripts # All scripts
  ];
  home = {
@@ -32,15 +31,13 @@
      pnpm
      wireguard-tools
      duckdb
      claude-code
      # Utils
      zip
      unzip
      optipng
      pfetch
      btop
      fastfetch
      tailscale
    ];
    # Don't touch this
@@ -1,13 +1,12 @@
 umami-secret: ENC[AES256_GCM,data:tImpd4sD92Omf/YFB8YE4gxAu+g801wQNR+k5rhY6AbzIIYOzpVmQL4XGjfp9Teky3olii4s3XTcmTyuMoxMWg==,iv:QFAEzYnAnxOOtrHWiM2IkvSs0Aqk3s1T5X7j5WC+tO8=,tag:FIbgHLfRVMJ2qZ6dOJ8zLw==,type:str]
 sshconfig: ENC[AES256_GCM,data:R54HVxqAyj9yGO/AYL8p6cnXgYxkQKW9XveHlBMTnDXBJ7r/4HgnefdymprnXmdlbNWcWrRqmaLEuzJs/0BfixXfMvmGTUrmJ0ASVuDrz9k6rOLADAKFikQh0dib7NU4JmPgmUzMncXc2WuCd3BCG3kwBQ==,iv:Ro9FA+MzTAp+ERQMT88z8ioCox/dTj2vWcqCDOSLag4=,tag:5XiXIyz5/pjGFOB5ZjdOVg==,type:str]
 github-key: ENC[AES256_GCM,data:NRYhcBIwGJEV13+YECLR+2IErsn/7clbnkx0Mltr7dQajSb5WHZ3QDH0KQPylEHhplE5IVS0h4I0z+Pb1B0UteCxFmJ5wZq+2BKZkvE7G3dojqBpgHcVqJV2GLEJkRjlHfRgsbq/OBe8xcsPh20P1KUyP0WIwVbpt+9dFWGxEGYkp2uSyuBIJ98kElt0zuVgl7WcYoDO7v5WmGzZfla+yZwURvMk8zcM3gopo+4KL6YnYUs+UA3VlBBn6VK4Nvbqy6X0R0+ZA5HHAXg+OFgGmfWnENZmsyQJHXEchGGgEldzThkQ4r8yMkgN/ax+AGouLyzbITapGE4sE11FFgL6Hmp4pSXxl3UAGF+cvV5pIujbb28CXmSPRMyYpoNxI93PSYz/txAzE6Cr2dgwxR4zpMelv4i6IaGnY8NgpY8jp2Y6C0uuJxJCN0RtnjQw1rM2uRnm7vMGyU7XXz9DEVfGnYpTWnykXsEjHE5DVGy80ejYQlc6dtmf3vdTWpt+YYdCPw8/cd0PIx2D6geh1c28,iv:wl+RG24mXYMklD8CBGXVD36DMhlWT/7zh8ZMvr7vgOk=,tag:OJhqF8PoXotr7IsyFW6q1g==,type:str]
-cloudflare-dns-token: ENC[AES256_GCM,data:JIXUtVDpYS9B74W0ooj50kd4v2+PX+FdF218gvgaS04rYATu4N6w9KEFPfdQqLjUmVihzV6s/IR1fg==,iv:AlbQ86kvFQbetvmFwt/hEyUcqKTI+XzL/NvSMXW9wm4=,tag:1JQeK4KrTDa6Kz+JhWxkxQ==,type:str]
+adguard-pwd: ENC[AES256_GCM,data:CAmZFpKN6FFRlCk=,iv:cz45T/z2ZYHNC46FNVp2YHmdhXD4ERhM31+Jo+9PkSk=,tag:GTUvzkYSP4flXs/HUNGYhw==,type:str]
-nextcloud-pwd: ENC[AES256_GCM,data:2oqsNceKuwGscBN2VxAK,iv:FoSfHItgeB91fG38zqtuQzayvNjNPFQyZjZlpUq/eic=,tag:MoEpAmTj+zqVu6OLasD4kQ==,type:str]
+recyclarr: ENC[AES256_GCM,data:eJNbGHb4SZvbF7FAHMrpRynmpVyPiTpyZqNx40Fo+lanqdm7d7oRhkLD2PfqxpTcIyV6BxJk12wGUC0uWVuAihmToL/Ih2FJWIQFUOdbaov/xNWHE9mtoRX/A3gIwD8e3DoFMK/dAk2/TyvvAfxi2eYTDJvxecEttHQGxafq1jveHFDcC9e1aFk3M8O8YlX5yF3zl90mugsUVP+iaSURnY/nglZuEDzfJ6Edge7r5OSL6WYh3OUIu1yzuuKXRZ47B/gpXO/cP89JMmxdPj3FUJkk7Htf0s9ALzpVE9fRohDGcpPIkR6COCLTL+mqvVmyopA1zPoX8/X8eiuocpaT3vqJit7Bc6InzflY/5rlg1x0SyoXWQfEsperfNBeiZGngp382I7rrZ8QSwF4AIsmngNeyDRAnfasAU5OVwK+yPIVhRueEFLNrJPG3j2hpArlzpvY2EPBVJDrYwFslis8CASoUdvu6C7VxtJXFcOZR8QemwJarJFU7v1bVhQoIkarn3V7FfAXg/8RfYrn9HAIq5AiFFbQRNHWXzIceIgNKQFb5yfagtMtMq6XKhjsV07jeYt9X/YU80XRfkPm05yiLdLQHcDNmlB3R+SFPD7qjTE7LuSH1Kdc3DvxwrKfHJLsJ+nSIL1po8gDMW8BPc0g4n4dpQ6CFK5BaDFK4eovNpgAXoRC9orkGw/16YmMozp6J78VJLzu3jcYMFbySFznDUuWcFf/7dVV+7pLAj2ffWXzScLISRBhZ9RNUMaZAKAk7WTmxBhw0yzNiih8OFUkbpp1FFLuU0bnBY0iEz+8/OSwv8H7t0HYe29HO61p1huH34B/ZkPA5VLKivFh2mOPNzbvMqtIAkq1ro82Psvc6t88gVIc+VAOZ9zDLohp0FXrNVXwnrs7fxevQa0pUClDivO1ib5G4Znor7q+13jZglmh3G7nHiniO607dRoxszzVEQdTn8ku3XAfIPStsSfQwH46nXhr2kDkspcA7BqwJph0dsKKlfzf22C0OJkDY0L1DgKFvJRmmKAhOdB6XxXYwS+BcDT+8ugejTKpulyPSsbdb0m9p9lVAVu0GMxFEbUsuE+QHiAAP5Vle7swpl4h3i8uHSfKFra3qEswwRnPAHhPSdLSaSU6O6T5gN/b0hhO6dAiNR0UOkOG59fPasL0MRpeb3SkM4Nd6g5b/hY8dXaXR7pQHvh+4GmfJFWYaWm/cZ8k9JAYAw9Sn/spWnjRmpv9bnSxADGbkdV8NDHquDDDFVIIoDnWhQJpqrL61KZITx2Ete1SYdNiy++p3mOYisJgHDsRR1RNQNxhRW4EY8c5nCzgc8x+rU432pCOfMbAuGEfQXMwMGFGeoUg6EL5xEyUEJ/aqymxI+Vjk8h7KfDnOyyL/+1BKEd/GccrjeQfeZGRLI0Tu5gVgL6twc+u4av6inNMMhPFzZuVrfeo6bip5C8R0dK6Pbdz2L/fsgn3E4NNi14NM/DgLLhJRLvKQdCQx+BT+3soNRw5htTzuNS48MD2YDwZYvNfu6mo0r4j4I7Tj8zuCjddbGVa2/5XnhcfdUBx1VOd90H1RKkk8kgSoR0bgo7mLls=,iv:HT3a2YnFy0cF9qUO671kwqxuzFfNnfqynCUVGHf+3dM=,tag:nrA++7fsnc4Cx0OPSDKaRw==,type:str]
 adguard-pwd: ENC[AES256_GCM,data:QavwLWENAURnRrFwiLntkiM=,iv:bxdQfBxNL5rwUr7CEKbwXtv5mUUXZHhvyqQL2KoPwEY=,tag:T+cSyzbGeo7E5smSsuFlHw==,type:str]
 hoarder: ENC[AES256_GCM,data:8A3eGqIlHJ2XpC2OdMNBXPm+5BdfMlOfTSgiibPtM+SFyiPtGhjWQNmVCD9REf0P2C4pikZ3R7vtwyKpjrraaoSAY7ztAk9eqqikorIzD8hn8wbHz/y+Eko=,iv:ngoVgF348IxokWGQVpbpTGhdIwjOOA6T8qLb1wX6GEU=,tag:+v9HLUksQJ1e2vRR/5fzEg==,type:str]
 recyclarr: ENC[AES256_GCM,data:3rZgs4Z/XaQPxbueepPQlUthHMSKn1e92FyIOpzn1MsGmEL8LBSUJvWp903n1BXDI+SK4ph9DaxOFavPkfCnaNMascX13TkGf03zGTEbd3xDZCL5GoXl3yobt0EMRYyRlYu5C1gidj9CjTujIaEXsF1AT2x0xtYweuC1xhpMhq2gj8eBy06sGnyKV/9Kdxo3H80skHVH6ZokndDyv6LfpkCDKQFsSBsEKBfVBDws7IgGFXCv6toWJPNgidReWzMmwKiClkviWAJiqAvI2IABRe4rEZ3Gkr3XFuoxOX2yfvQ1O7PH6O0dXvtfyBOTpGTaZihOqM1WhIutSr9SWX7QivIwtsVMGEmAmKx8JyDrnjhbCCbzjG+4Y6YoHawHYFFwKyOCxtJcsLBFvvkiuUt2ZVUVYCwhEIp3Xk2xb4cxYOIYRStxhiTuhEb8a9PkvkjmQQ4eAMB8bNPlo+vGqAQGPc6FOhm67dh3JbdQpsr9/U+P/AGsJM60SAhx+OzBcDSIS1U6/qJ6udXPOw58wXhJMD+F+gqV7blVBkXITQJ7AaLl/aWmDlkoqkjFVTIjE980e6ap6BuNbRGsN9x3EiVwqfDnqnQ2udGiLOcu/WguLzNjCvXWILoSYWwpEMwEW3SWASbGgk0wUpwZfNKY1HagdcVFO17OW9DrlTuGuJs4eJgVXm6e3glS3CS0dCL8FRs0EH4Rh8mUzhf9VP0/GlkN0kxJEM8PnjqGl0JMnaeQsSr9FDJdqv/2z4hjQBeq8//ER1BPIRSbXNQqZv5HcumSZs+JEttYUgInWL+LZhQrtpkba3sKQGkQF6X1kGpPZmiVSRgM+7PAt3ezpUKS8nMTS880l03cSaxMm+vebPhYtGC1O+4XLhv7E8MPULMkCOQoNLNcQCqKU82fa3vEtS28X6+izRMi56vbzG6Kjls85/NMGVz6rDySnQHMP5vSapcszSHwqGeAXJKfXYPzXQo1SIy0RlvRbllPt7zfOkTDMr52oH/pbtuxLSrSDe4ZjHkmdDzO+t0yAyG9xsvzldYUbDkfAWbnFXay3TICi5JOGe/Otp62sv3/7fjSmKm+9Um5AFj5F5Zo58LKCrH8qy2omIh80uFW0/yNgbuXmA4GqnDmYWaWlccc7yhPsmdAWHIypNS7GxRyW66+d4P7mhccvKGT7mx/gKuHgdUIRjy8bKtjLN2vuKfIiJR6bqWZGtbNEqY4XPfhdYdGdnox8vdrT/8DiR+6Jq+3qvJswTXhg+wYzOVTNjl8qK215VA2/FF25+T8xmSfV+cnPrLIrOrD8t1D34U4eEMrVzx+6dQ2dN1qDwj5o5GSYuYSQ5o5hy2BKt8PPVDI564MzjPfLaAf8cLK+0PKsbi2E4jGRI5BejmpMWHoLAUJvX4kdajd8Ggh5wZFS07pje3T1adzeS/UUnpy/IeLnEz8FfoH9ro7Qz0XGmtItVSjumppBg6jwbf1se9sP13pHfIh/SvVJhOOH6KiFs0lECSetuhIupsqHuJg6ZLa+V8GO9otYiJGZnOKGiZNrBYSek9l4Ncn/2Q+dqOYaCkZ8Xx6gY+qKHgiwavbsYYiJUPK3DLNhTzH,iv:00efefMekG2TsnDH3yNNdMBIITDyxo/qKN85qVGA6f8=,tag:hmwsyJRiT1MbFPKm4Kt5lw==,type:str]
 wireguard-pia: ENC[AES256_GCM,data:2IvJARGhesMuH9RdWzsyrwA7eqrhLyacQqZ1RNEkGOPUkQGX4uimKBSzkxXRy/haZ4V2k73JdLSaB9rAuI0n65GmWHmarwZekOyhRZSNb+zvFgw5BPZmywG1wR2HiTGR/qILovAaz47q/VnohUnjbbMCUvarC4PytWGxMUH96GIgZar8HjHFtK8grCSxlvpHKiDeKx8VSXnY/Pxj1EplBtIqwmtAeZdf/VjtwOL0nY54doPwHdIAvJ0B8Cu0a1zJIGEbV1NlKIHEJ1YA7rmv1ODkBnbXbIHMxAR3jeqR/UDqhDmXe41KujhiJI7nNeO7FKo2v92jK3fSbxYKatLrzXktHpE9JsMYVBXzTK7yAXPgoDdgLXzWH0OrJGBSisPrvqmxUko7MPreuwVYfFlKpll6JLifk8sML4A+94UPR8b89guXn7kBkLg1Y1oIAyguCdKpNOD31nXBMFF0nTcmCwyshDySaGTfJDgox65/77AiN1wH,iv:cdu6lBjLnEEfSFmWMC4Vn2sLKsvpCaatzXlgRNkEMeA=,tag:y1rAeNPB+DNGTpnP94iQrA==,type:str]
 signing-key: ENC[AES256_GCM,data:FrJzuTgH/ooZkcnYL55uQcc4u+QzNnFvNVs2wDSE4nnwku+EuCJBlb8pd/6W0KPwIXzcki/8CY0YfRcRrzjExMgMa4hwxrlxS9bk3LNPzJsrRK5RJgPg3iA8L791f1zcDxNf8RuWatIqm1TCK+Vhdk/p+221zy1Gcq1dW8X+o4XzbPBzHdLagcIdB0wpjYTtIoGP2X8GoL/NJpuzIiQBK1HdGNKvUI2+ztqCQZOsxm+Fki57NteX3/Llw8AwABjdZvviOBZ62OvJ/SsOQ9NYAvKfAkog5zCn8DLvaqAPGSxRBQEYWM8GyL2imgs54YfEsOpGa4DzMiv4Sc5m398E/asaPq357eksUqh3EYpzoKZ5bIbd5+Vs3KBWKHltUCzXLHaLrIX0CuJFQFi7DCxEbYqlb04x5t3jc/c+/7uwqBHv1Y5gwAjd8JswDWmE7Q3xSk96Za57SCxWPYTo2ErsA2XdL+yxXdhmqkhDZKtUzrcHExhnYe7YLpSlBEclJ/G2BeTOFIWoAmN+1y4rh21R,iv:VaZrv5/41ZyIax702Yae4QmFKpcEaWwPmTo2Mxao3bU=,tag:HC0eqDNit7jQKeeDAKWXKg==,type:str]
 signing-pub-key: ENC[AES256_GCM,data:CB7uU2Q4oTEKihpTIXGLaV0fJ1cv/p4oJJ5kjaU6BZiKhsiMA1JILUw2oVIDTDb+80WPzolDzZwWM8v31d5QIrZpHcPrdRLyV0X2USfG9U4aQ/ls79QAyOOJXA==,iv:/Eb5/+p86tw3tqNiDVHGu7HS1KBtFiYIgasRYJsAiEo=,tag:dGdJlcrnuU73s+IMQ3w3hA==,type:str]
 cloudflared-token: ENC[AES256_GCM,data:7DwWFL6JbJXuc6fSyrZkMt/+DAcqDYBQOzJ1QhBL4yfCpQ57mjDV2beRZ8H7SuyoKY3caifHfAVVPDGG1YnffZ9anLRyDW383aHKmgaeztOXj44eVQcHi3evnSiH6h0HasiyO8pNzhnKpYew8CwHSvYZMraX3ITz8UKOTtsanO9/8ZD6Y9gyxfLoySqbeBy2x/0Ql5hrDfrX854C+vYuXM9VJbtQqMBa7+IBydUvddk=,iv:jZTk5ptuwc+1aP2rimqGnyCHR4/J+W4Kyn3LKXXkv/I=,tag:xr/LhoNH5aWdIJr0Py6nAg==,type:str]
 sops:
    age:
        - recipient: age12yvtj49pfh3fqzqflscm0ek4yzrjhr6cqhn7x89gdxnlykq0xudq5c7334
@@ -19,7 +18,7 @@ sops:
            TEc5d01RaVFGNXc3dlljM0FTTHpENjQKOqwI+pl8UxVIVl43glnOYvW660/PsDGY
            yefODJGVtHrOm3yeXC2xlTi3sFW+c5wUl2yPqddbvcBt5Ud/yd4iXQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-09-14T19:20:44Z"
+    lastmodified: "2026-04-11T00:11:27Z"
-    mac: ENC[AES256_GCM,data:nJ5lnPSVPyfMKhlNwzhxYGWY32i60P3N+jpBZKo8oEh8sqjsb4zHAECG/vMXrGTPwYzZ46m5PQQURCyeOvjuMaXK8184zMwFkehXtMJWI7/aKYbSpQqOchl8BN7QdlxH58kqtCwUkdldiW6t6cr4/VAUUPPLqpK19GDrwUYIVrY=,iv:JZBz5X8PdCFXonSPBd1hYiFG+t0aMQDmgCmAbclnpis=,tag:7Pm7V96xMRQZa/JAiDGYmQ==,type:str]
+    mac: ENC[AES256_GCM,data:r9TA1kBOZzn5fZP9Yj6UFhtd7kfoyou0PBDeudBIi3DCBuvFkCpYmsDCQVjheYfeZT3TIpUdqTNi2WsS9ck7IXcZtr4FCrhxcLzWMFvZetnMyAET5OakzrfuaQ496xEavYLQOkPJH5ueCcTUVq7L2PhJVg8xnC61c52xgzva+wQ=,iv:4MgiU9wXOrMtdA7qvWTSLLNpcDUeiBd5GVR381iuyqM=,tag:IOwPh+6rAL6sTUMBOJChjw==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.12.2
@@ -5,7 +5,7 @@
 }: {
  imports = [
    # Choose your theme here:
-    ../../themes/nixy.nix
+    ../../themes/rose-pine.nix
  ];
  config.var = {
@@ -30,6 +30,10 @@
    autoUpgrade = false;
    autoGarbageCollector = true;
    domain = "hadi.icu";
    tunnelId = "a1dfa315-7fc3-4a65-8c02-8387932c35c3";
    networkInterface = "enp3s0";
  };
  # Let this here
@@ -0,0 +1,11 @@
 {pkgs, ...}: {
  hardware.graphics = {
    enable = true;
    extraPackages = with pkgs; [
      rocmPackages.clr.icd
      # Support VA-API pour AMD
      libvdpau-va-gl
      libva-vdpau-driver
    ];
  };
 }
@@ -1,9 +1,7 @@
 # Bluetooth configuration for NixOS
-{pkgs, ...}: {
+{
  environment.systemPackages = with pkgs; [blueman];
  hardware.bluetooth = {
    enable = true;
    powerOnBoot = true;
  };
  services.blueman.enable = true;
 }
@@ -0,0 +1,12 @@
 {pkgs, ...}: {
  environment.systemPackages = with pkgs; [
    clamav
  ];
  services.clamav = {
    daemon.enable = true;
    updater.enable = true;
    scanner.enable = true;
    fangfrisch.enable = true;
  };
 }
@@ -6,7 +6,7 @@
  ...
 }: let
  # Using beta driver for recent GPUs like RTX 4070
-  nvidiaDriverChannel = config.boot.kernelPackages.nvidiaPackages.beta;
+  nvidiaDriverChannel = config.boot.kernelPackages.nvidiaPackages.production;
 in {
  # Video drivers configuration for Xorg and Wayland
  services.xserver.videoDrivers = ["nvidia"]; # Simplified - other modules are loaded automatically
@@ -102,4 +102,7 @@ in {
    mesa-demos
    libva-utils # VA-API debugging tools
  ];
  # Enable Nvidia container toolkit for GPU acceleration in containers (docker)
  hardware.nvidia-container-toolkit.enable = false;
 }
@@ -37,6 +37,7 @@
 in {
  boot.extraModulePackages = [hp-omen-linux-module];
  boot.kernelModules = ["hp-wmi"];
  boot.kernelParams = ["hp_wmi.force_slow_fan_control=1"];
  users.groups.omen-rgb = {};
  users.users.${config.var.username}.extraGroups = ["omen-rgb"];
@@ -1,41 +0,0 @@
 # Tailscale is a VPN service that makes it easy to connect your devices between each other.
 {
  config,
  inputs,
  ...
 }: let
  username = config.var.username;
 in {
  security.sudo.extraRules = [
    {
      users = [username];
      # Allow running Tailscale commands without a password
      commands = [
        {
          command = "/etc/profiles/per-user/${username}/bin/tailscale";
          options = ["NOPASSWD"];
        }
        {
          command = "/run/current-system/sw/bin/tailscale";
          options = ["NOPASSWD"];
        }
      ];
    }
  ];
  environment.systemPackages = with inputs.nixpkgs-stable.legacyPackages.x86_64-linux; [
    tailscale
  ];
  services.tailscale = {
    enable = true;
    package = inputs.nixpkgs-stable.legacyPackages.x86_64-linux.tailscale;
    openFirewall = true;
  };
  networking.firewall = {
    trustedInterfaces = ["tailscale0"];
    # required to connect to Tailscale exit nodes
    checkReversePath = "loose";
  };
 }
@@ -57,8 +57,8 @@ in {
    XDG_DATA_HOME = "$HOME/.local/share";
    PASSWORD_STORE_DIR = "$HOME/.local/share/password-store";
    EDITOR = "nvim";
-    TERMINAL = "kitty";
+    TERMINAL = "ghostty";
-    TERM = "kitty";
+    TERM = "ghostty";
    BROWSER = "zen-beta";
  };
@@ -109,6 +109,8 @@ in {
    jpegoptim
    pfetch
    btop
    unrar
    p7zip
  ];
  xdg.portal = {
@@ -1,20 +1,22 @@
 # Adguard is a network-wide ad blocker
 # When installed, open localhost:3000 to setup
-{config, ...}: let
+{config, ...}: {
-  domain = "adguard.hadi.diy";
+  services.adguardhome = {
 in {
  services = {
    adguardhome = {
    enable = true;
    port = 3000;
  };
-    nginx.virtualHosts."${domain}" = {
+  networking.firewall = {
-      useACMEHost = "hadi.diy";
+    allowedTCPPorts = [53];
-      forceSSL = true;
+    allowedUDPPorts = [53];
-      locations."/" = {
+    # Allow containers to reach adguard UI (for glance dns-stats widget)
-        proxyPass = "http://127.0.0.1:${toString config.services.adguardhome.port}";
+    extraCommands = ''
-      };
+      iptables -I INPUT 1 -s 10.233.0.0/16 -p tcp --dport 3000 -j ACCEPT
-    };
+    '';
    extraStopCommands = ''
      iptables -D INPUT -s 10.233.0.0/16 -p tcp --dport 3000 -j ACCEPT 2>/dev/null || true
    '';
  };
  services.cloudflared.tunnels."${config.var.tunnelId}".ingress."adguard.${config.var.domain}" = "http://localhost:${toString config.services.adguardhome.port}";
 }
@@ -2,12 +2,6 @@
 # See https://github.com/rasmus-kirk/nixarr
 # Setup guide: https://nixarr.com/wiki/setup/
 {config, ...}: let
  domain = "hadi.diy";
  mkVirtualHost = port: {
    useACMEHost = domain;
    forceSSL = true;
    locations."/" = {proxyPass = "http://127.0.0.1:${toString port}";};
  };
  username = config.var.username;
 in {
  # Add my secrets
@@ -40,10 +34,13 @@ in {
    radarr.enable = true;
    sonarr.enable = true;
    bazarr.enable = true;
    readarr.enable = true;
    transmission = {
      enable = true;
-      extraSettings = {trash-original-torrent-files = true;};
+      extraSettings = {
        trash-original-torrent-files = true;
        rpc-whitelist-enabled = false;
        rpc-host-whitelist-enabled = false;
      };
      vpn.enable = true;
    };
    recyclarr = {
@@ -52,14 +49,15 @@ in {
    };
  };
-  services.nginx.virtualHosts = {
+  users.users.jellyfin.extraGroups = ["video" "render"];
-    "jellyfin.${domain}" = mkVirtualHost 8096;
+
-    "jellyseerr.${domain}" = mkVirtualHost 5055;
+  services.cloudflared.tunnels."${config.var.tunnelId}".ingress = {
-    "bazarr.${domain}" = mkVirtualHost 6767;
+    "media.${config.var.domain}" = "http://localhost:8096";
-    "prowlarr.${domain}" = mkVirtualHost 9696;
+    "demandemedia.${config.var.domain}" = "http://localhost:5055";
-    "radarr.${domain}" = mkVirtualHost 7878;
+    "bazarr.${config.var.domain}" = "http://localhost:6767";
-    "sonarr.${domain}" = mkVirtualHost 8989;
+    "prowlarr.${config.var.domain}" = "http://localhost:9696";
-    "transmission.${domain}" = mkVirtualHost 9091;
+    "radarr.${config.var.domain}" = "http://localhost:7878";
-    "readarr.${domain}" = mkVirtualHost 8787;
+    "sonarr.${config.var.domain}" = "http://localhost:8989";
    "transmission.${config.var.domain}" = "http://localhost:9091";
  };
 }
@@ -0,0 +1,33 @@
 { config, inputs, lib, ... }:
 let
  inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
 in
 {
  imports = [
    (mkContainer {
      name = "wallpapers";
      hostIp = "10.233.4.1";
      containerIp = "10.233.4.2";
      nixosConfig = { pkgs, ... }: {
        services.nginx = {
          enable = true;
          virtualHosts."wallpapers" = {
            root = "${inputs.awesome-wallpapers.packages.${pkgs.system}.default}/share/awesome-wallpapers";
            listen = [{ addr = "0.0.0.0"; port = 8080; }];
            locations."/" = {
              tryFiles = "$uri $uri/ /index.html";
            };
            extraConfig = ''
              port_in_redirect off;
              absolute_redirect off;
            '';
          };
        };
        networking.firewall.allowedTCPPorts = [ 8080 ];
        system.stateVersion = "24.05";
      };
    })
  ];
  services.cloudflared.tunnels."${config.var.tunnelId}".ingress."wallpapers.${config.var.domain}" = "http://10.233.4.2:8080";
 }
@@ -1,27 +0,0 @@
 # Bitwarden (or vaultwarden) is a self-hosted password manager.
 {config, ...}: let
  domain = "vault.hadi.diy";
 in {
  services = {
    vaultwarden = {
      enable = true;
      config = {
        DOMAIN = "https://" + domain;
        SIGNUPS_ALLOWED = true;
        ROCKET_ADDRESS = "127.0.0.1";
        ROCKET_PORT = 8222;
        ROCKET_LOG = "critical";
      };
    };
    nginx.virtualHosts."${domain}" = {
      useACMEHost = "hadi.diy";
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${
          toString config.services.vaultwarden.config.ROCKET_PORT
        }";
      };
    };
  };
 }
@@ -0,0 +1,57 @@
 {
  config,
  inputs,
  lib,
  ...
 }: let
  inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
  domain = config.var.domain;
 in {
  imports = [
    (mkContainer {
      name = "blog";
      hostIp = "10.233.3.1";
      containerIp = "10.233.3.2";
      nixosConfig = {pkgs, ...}: {
        services.nginx = {
          enable = true;
          virtualHosts = {
            "blog" = {
              root = "${inputs.blog.packages.${pkgs.system}.default}/share/blog";
              listen = [
                {
                  addr = "0.0.0.0";
                  port = 8080;
                }
              ];
              locations."/" = {
                tryFiles = "$uri $uri/ /index.html";
              };
              extraConfig = ''
                port_in_redirect off;
                absolute_redirect off;
                add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' data: https://umami.${domain}; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://git.${domain}; connect-src 'self' https://umami.${domain};" always;
              '';
            };
            "www-redirect" = {
              listen = [
                {
                  addr = "0.0.0.0";
                  port = 8081;
                }
              ];
              extraConfig = "return 301 https://${domain}$request_uri;";
            };
          };
        };
        networking.firewall.allowedTCPPorts = [8080 8081];
        system.stateVersion = "24.05";
      };
    })
  ];
  services.cloudflared.tunnels."${config.var.tunnelId}".ingress = {
    "${config.var.domain}" = "http://10.233.3.2:8080";
    "www.${config.var.domain}" = "http://10.233.3.2:8081";
  };
 }
@@ -0,0 +1,37 @@
 # Cloudflared tunnel configuration for NixOS
 # It allows exposing services securely via Cloudflare Tunnel
 {
  config,
  pkgs,
  ...
 }: {
  sops.secrets.cloudflared-token.mode = "0400";
  # To setup cloudflared, run:
  # - `cloudflared tunnel login`
  # - `cloudflared tunnel create YourTunnelName`
  #
  # This will create a credentials file & give you the tunnel ID to use below.
  services.cloudflared = {
    enable = true;
    tunnels."${config.var.tunnelId}" = {
      credentialsFile = config.sops.secrets."cloudflared-token".path;
      default = "http_status:404";
    };
  };
  environment.systemPackages = with pkgs; [
    cloudflared
  ];
  systemd.services."cloudflared-tunnel-${config.var.tunnelId}" = {
    wantedBy = ["multi-user.target"];
    after = ["network-online.target"];
    wants = ["network-online.target"];
  };
  # At the moment (2025), for support of browser rendering of the tunnels, this line is required:
  services.openssh.settings.Macs = [
    "hmac-sha2-256"
  ];
 }
@@ -0,0 +1,26 @@
 { config, lib, ... }:
 let
  inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
 in
 {
  imports = [
    (mkContainer {
      name = "cyberchef";
      hostIp = "10.233.5.1";
      containerIp = "10.233.5.2";
      nixosConfig = { pkgs, ... }: {
        services.nginx = {
          enable = true;
          virtualHosts."cyberchef" = {
            root = "${pkgs.cyberchef}/share/cyberchef";
            listen = [{ addr = "0.0.0.0"; port = 8080; }];
          };
        };
        networking.firewall.allowedTCPPorts = [ 8080 ];
        system.stateVersion = "24.05";
      };
    })
  ];
  services.cloudflared.tunnels."${config.var.tunnelId}".ingress."cyberchef.${config.var.domain}" = "http://10.233.5.2:8080";
 }
@@ -0,0 +1,33 @@
 { config, inputs, lib, ... }:
 let
  inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
  domain = config.var.domain;
 in
 {
  imports = [
    (mkContainer {
      name = "def-creds";
      hostIp = "10.233.6.1";
      containerIp = "10.233.6.2";
      nixosConfig = { ... }: {
        imports = [ inputs.default-creds.nixosModules.default ];
        services.default-creds = {
          enable = true;
          port = 8087;
        };
        networking.firewall.allowedTCPPorts = [ 8087 ];
        systemd.services.default-creds.environment = {
          HOST = lib.mkForce "0.0.0.0";
          PUBLIC_UMAMI_URL = "https://umami.${domain}";
          PUBLIC_UMAMI_WEBSITE_ID = "7197484c-01ad-488e-9caa-5ab7b7595f08";
          UMAMI_URL = "https://umami.${domain}";
          UMAMI_WEBSITE_ID = "7197484c-01ad-488e-9caa-5ab7b7595f08";
        };
        system.stateVersion = "24.05";
      };
    })
  ];
  services.default-creds.enable = lib.mkForce false;
  services.cloudflared.tunnels."${config.var.tunnelId}".ingress."default-creds.${config.var.domain}" = "http://10.233.6.2:8087";
 }
@@ -1,33 +0,0 @@
 {
  config,
  inputs,
  pkgs,
  ...
 }: {
  users.groups.eleakxir = {};
  users.users.hadi.extraGroups = ["eleakxir"];
  services.eleakxir = {
    enable = true;
    port = 9198;
    user = "eleakxir";
    group = "eleakxir";
    limit = 1000;
    folders = ["/var/lib/eleakxir/leaks/" "/mnt/data/clean-leak/"];
    debug = true;
  };
  environment.systemPackages = [
    inputs.eleakxir.packages.${pkgs.stdenv.hostPlatform.system}.leak-utils
  ];
  services.nginx.virtualHosts."eleakxir-back.hadi.diy" = {
    useACMEHost = "hadi.diy";
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://127.0.0.1:${
        toString config.services.eleakxir.port
      }";
    };
  };
 }
@@ -0,0 +1,14 @@
 # Fail2Ban is a log-parsing application that protects Linux servers from brute-force attacks.
 {
  services.fail2ban = {
    enable = true;
    maxretry = 5;
    bantime = "24h"; # Ban IPs for one day on the first ban
    bantime-increment = {
      enable = true; # Enable increment of bantime after each violation
      multipliers = "1 2 4 8 16 32 64";
      maxtime = "168h"; # Do not ban for more than 1 week
      overalljails = true; # Calculate the bantime based on all the violations
    };
  };
 }
@@ -0,0 +1,79 @@
 { config, pkgs, lib, ... }:
 let
  inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
  domain = config.var.domain;
  catppuccin-gitea = pkgs.fetchzip {
    url = "https://github.com/catppuccin/gitea/releases/download/v1.0.2/catppuccin-gitea.tar.gz";
    sha256 = "sha256-rZHLORwLUfIFcB6K9yhrzr+UwdPNQVSadsw6rg8Q7gs=";
    stripRoot = false;
  };
 in
 {
  imports = [
    (mkContainer {
      name = "gitea";
      hostIp = "10.233.11.1";
      containerIp = "10.233.11.2";
      internet = true;
      bindMounts."/var/lib/gitea" = {
        hostPath = "/var/lib/gitea";
        isReadOnly = false;
      };
      nixosConfig = { lib, ... }: {
        users.users.gitea.uid = lib.mkForce 978;
        users.groups.gitea.gid = lib.mkForce 968;
        services.postgresql = {
          enable = true;
          ensureDatabases = [ "gitea" ];
          ensureUsers = [{
            name = "gitea";
            ensureDBOwnership = true;
          }];
        };
        services.gitea = {
          enable = true;
          database.type = "postgres";
          settings = {
            server = {
              HTTP_ADDR = "0.0.0.0";
              HTTP_PORT = 3002;
              ROOT_URL = "https://git.${domain}/";
              DOMAIN = "git.${domain}";
              LANDING_PAGE = "/anotherhadi";
            };
            service = {
              REGISTER_MANUAL_CONFIRM = true;
              DISABLE_REGISTRATION = true;
              DEFAULT_KEEP_EMAIL_PRIVATE = true;
              SHOW_REGISTRATION_BUTTON = false;
            };
            ui = {
              DEFAULT_THEME = "catppuccin-mocha-mauve";
              THEMES = "catppuccin-latte-mauve,catppuccin-frappe-mauve,catppuccin-macchiato-mauve,catppuccin-mocha-mauve";
            };
            explore = {
              DISABLE_USERS_PAGE = true;
              DISABLE_ORGANIZATIONS_PAGE = true;
            };
            repository.DISABLE_STARS = true;
            mailer.ENABLED = false;
            api.ENABLE_SWAGGER = false;
            other.SHOW_FOOTER_VERSION = false;
          };
        };
        systemd.services.gitea.preStart = lib.mkAfter ''
          mkdir -p /var/lib/gitea/custom/public/assets
          ln -sfn ${catppuccin-gitea} /var/lib/gitea/custom/public/assets/css
        '';
        networking.firewall.allowedTCPPorts = [ 3002 ];
        system.stateVersion = "24.05";
      };
    })
  ];
  services.cloudflared.tunnels."${config.var.tunnelId}".ingress."git.${domain}" = "http://10.233.11.2:3002";
 }
@@ -1,353 +0,0 @@
 # Glance is a self-hosted homepage/dashboard service.
 {
  config,
  lib,
  ...
 }: let
  domain = "start.hadi.diy";
  rgb-to-hsl = color: let
    r = ((lib.toInt config.lib.stylix.colors."${color}-rgb-r") * 100.0) / 255;
    g = ((lib.toInt config.lib.stylix.colors."${color}-rgb-g") * 100.0) / 255;
    b = ((lib.toInt config.lib.stylix.colors."${color}-rgb-b") * 100.0) / 255;
    max = lib.max r (lib.max g b);
    min = lib.min r (lib.min g b);
    delta = max - min;
    fmod = base: int: base - (int * builtins.floor (base / int));
    h =
      if delta == 0
      then 0
      else if max == r
      then 60 * (fmod ((g - b) / delta) 6)
      else if max == g
      then 60 * (((b - r) / delta) + 2)
      else if max == b
      then 60 * (((r - g) / delta) + 4)
      else 0;
    l = (max + min) / 2;
    s =
      if delta == 0
      then 0
      else 100 * delta / (100 - lib.max (2 * l - 100) (100 - (2 * l)));
    roundToString = value: toString (builtins.floor (value + 0.5));
  in
    lib.concatMapStringsSep " " roundToString [h s l];
 in {
  # TODO: Add tailscale custom widget
  services = {
    glance = {
      enable = true;
      settings = {
        theme = {
          contrast-multiplier = lib.mkForce 1.4;
        };
        pages = [
          {
            hide-desktop-navigation = true;
            columns = [
              {
                size = "small";
                widgets = [
                  {
                    type = "clock";
                    hour-format = "24h";
                  }
                  {
                    type = "weather";
                    location = "Paris, France";
                  }
                  {
                    type = "markets";
                    markets = [
                      {
                        symbol = "BTC-USD";
                        name = "Bitcoin";
                        chart-link = "https://www.tradingview.com/chart/?symbol=INDEX:BTCUSD";
                      }
                      {
                        symbol = "SOL-USD";
                        name = "Solana";
                        chart-link = "https://www.tradingview.com/chart/?symbol=INDEX:SOLUSD";
                      }
                      {
                        symbol = "ETH-USD";
                        name = "Ethereum";
                        chart-link = "https://www.tradingview.com/chart/?symbol=INDEX:ETHUSD";
                      }
                    ];
                  }
                  {
                    type = "dns-stats";
                    service = "adguard";
                    url = "https://adguard.hadi.diy";
                    username = "hadi";
                    password = "\${secret:adguard-pwd}";
                  }
                ];
              }
              {
                size = "full";
                widgets = [
                  {
                    type = "search";
                    search-engine = "duckduckgo";
                  }
                  {
                    type = "bookmarks";
                    groups = [
                      {
                        title = "";
                        same-tab = true;
                        color = "200 50 50";
                        links = [
                          {
                            title = "ProtonMail";
                            url = "https://proton.me/mail";
                          }
                          {
                            title = "Github";
                            url = "https://github.com";
                          }
                          {
                            title = "Youtube";
                            url = "https://youtube.com";
                          }
                          {
                            title = "Figma";
                            url = "https://figma.com";
                          }
                        ];
                      }
                      {
                        title = "Docs";
                        same-tab = true;
                        color = "200 50 50";
                        links = [
                          {
                            title = "Nixpkgs repo";
                            url = "https://github.com/NixOS/nixpkgs";
                          }
                          {
                            title = "Nixvim";
                            url = "https://nix-community.github.io/nixvim/";
                          }
                          {
                            title = "Hyprland wiki";
                            url = "https://wiki.hyprland.org/";
                          }
                          {
                            title = "Search NixOS";
                            url = "https://search-nixos.hadi.diy";
                          }
                        ];
                      }
                      {
                        title = "Homelab";
                        same-tab = true;
                        color = "100 50 50";
                        links = [
                          {
                            title = "Router";
                            url = "http://192.168.1.254/";
                          }
                          {
                            title = "Cloudflare";
                            url = "https://dash.cloudflare.com/";
                          }
                        ];
                      }
                      {
                        title = "Work";
                        same-tab = true;
                        color = "50 50 50";
                        links = [
                          {
                            title = "Outlook";
                            url = "https://outlook.office.com/";
                          }
                          {
                            title = "Teams";
                            url = "https://teams.microsoft.com/";
                          }
                          {
                            title = "Office";
                            url = "https://www.office.com/";
                          }
                        ];
                      }
                      {
                        title = "Cyber";
                        same-tab = true;
                        color = rgb-to-hsl "base09";
                        links = [
                          {
                            title = "CyberChef";
                            url = "https://cyberchef.org/";
                          }
                          {
                            title = "TryHackMe";
                            url = "https://tryhackme.com/";
                          }
                          {
                            title = "RootMe";
                            url = "https://www.root-me.org/";
                          }
                          {
                            title = "Exploit-DB";
                            url = "https://www.exploit-db.com/";
                          }
                          {
                            title = "CrackStation";
                            url = "https://crackstation.net/";
                          }
                        ];
                      }
                      {
                        title = "Misc";
                        same-tab = true;
                        color = rgb-to-hsl "base01";
                        links = [
                          {
                            title = "Svgl";
                            url = "https://svgl.app/";
                          }
                          {
                            title = "Excalidraw";
                            url = "https://excalidraw.com/";
                          }
                          {
                            title = "Cobalt (Downloader)";
                            url = "https://cobalt.tools/";
                          }
                          {
                            title = "Mazanoke (Image optimizer)";
                            url = "https://mazanoke.com/";
                          }
                          {
                            title = "Vert (File converter)";
                            url = "https://vert.sh/";
                          }
                        ];
                      }
                    ];
                  }
                  {
                    type = "server-stats";
                    servers = [
                      {
                        type = "local";
                        name = "Jack";
                      }
                    ];
                  }
                  {
                    type = "group";
                    widgets = [
                      {
                        type = "monitor";
                        title = "Services";
                        cache = "1m";
                        sites = [
                          {
                            title = "Vaultwarden";
                            url = "https://vault.hadi.diy";
                            icon = "si:bitwarden";
                          }
                          {
                            title = "Nextcloud";
                            url = "https://cloud.hadi.diy";
                            icon = "si:nextcloud";
                          }
                          {
                            title = "Adguard";
                            url = "https://adguard.hadi.diy";
                            icon = "si:adguard";
                          }
                          {
                            title = "Mealie";
                            url = "https://mealie.hadi.diy";
                            icon = "si:mealie";
                          }
                        ];
                      }
                      {
                        type = "monitor";
                        title = "*arr";
                        cache = "1m";
                        sites = [
                          {
                            title = "Jellyfin";
                            url = "https://jellyfin.hadi.diy";
                            icon = "si:jellyfin";
                          }
                          {
                            title = "Jellyseerr";
                            url = "https://jellyseerr.hadi.diy";
                            icon = "si:odysee";
                          }
                          {
                            title = "Radarr";
                            url = "https://radarr.hadi.diy";
                            icon = "si:radarr";
                          }
                          {
                            title = "Sonarr";
                            url = "https://sonarr.hadi.diy";
                            icon = "si:sonarr";
                          }
                          {
                            title = "Prowlarr";
                            url = "https://prowlarr.hadi.diy";
                            icon = "si:podcastindex";
                          }
                          {
                            title = "Transmission";
                            url = "https://transmission.hadi.diy";
                            icon = "si:transmission";
                          }
                        ];
                      }
                    ];
                  }
                ];
              }
            ];
            name = "Home";
          }
        ];
        server = {port = 5678;};
      };
    };
    nginx.virtualHosts."${domain}" = {
      useACMEHost = "hadi.diy";
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${
          toString config.services.glance.settings.server.port
        }";
      };
    };
  };
  systemd.services.glance = {
    serviceConfig = {
      DynamicUser = lib.mkForce false;
      User = "glance";
      Group = "glance";
    };
  };
  users = {
    groups.glance = {};
    users.glance = {
      isSystemUser = true;
      description = "Glance user";
      group = "glance";
    };
  };
  sops.secrets.adguard-pwd = {
    owner = "glance";
    mode = "0600";
  };
 }
@@ -0,0 +1,100 @@
 { config, lib, ... }:
 let
  inherit (import ../mk-container.nix { inherit lib config; }) mkContainer;
  domain = config.var.domain;
  hostIp = "10.233.12.1";
  # Convert 6-char hex color to "H S L" string for glance (integers, no % sign)
  hexToGlanceHsl = hex:
    let
      h = lib.toLower hex;
      d = c:
        if c == "a" then 10 else if c == "b" then 11 else if c == "c" then 12
        else if c == "d" then 13 else if c == "e" then 14 else if c == "f" then 15
        else lib.toInt c;
      byte = pos: d (builtins.substring pos 1 h) * 16 + d (builtins.substring (pos + 1) 1 h);
      ri = byte 0; gi = byte 2; bi = byte 4;
      r = ri * 1.0 / 255.0;
      g = gi * 1.0 / 255.0;
      b = bi * 1.0 / 255.0;
      mx = if r >= g && r >= b then "r" else if g >= b then "g" else "b";
      mn = if r <= g && r <= b then "r" else if g <= b then "g" else "b";
      cmax = if mx == "r" then r else if mx == "g" then g else b;
      cmin = if mn == "r" then r else if mn == "g" then g else b;
      delta = cmax - cmin;
      l = (cmax + cmin) / 2.0;
      s = if delta < 0.0001 then 0.0
          else if l <= 0.5 then delta / (cmax + cmin)
          else delta / (2.0 - cmax - cmin);
      hue =
        if delta < 0.0001 then 0.0
        else if mx == "r" then let raw = 60.0 * (g - b) / delta; in if raw < 0.0 then raw + 360.0 else raw
        else if mx == "g" then 60.0 * ((b - r) / delta + 2.0)
        else 60.0 * ((r - g) / delta + 4.0);
    in "${toString (builtins.floor (hue + 0.5))} ${toString (builtins.floor (s * 100.0 + 0.5))} ${toString (builtins.floor (l * 100.0 + 0.5))}";
  c = config.stylix.base16Scheme;
 in
 {
  # 0444 so the glance user inside the container can read the bind-mounted file
  sops.secrets.adguard-pwd.mode = "0444";
  imports = [
    (mkContainer {
      name = "glance";
      hostIp = hostIp;
      containerIp = "10.233.12.2";
      internet = true;
      bindMounts."/run/secrets/adguard-pwd" = {
        hostPath = config.sops.secrets.adguard-pwd.path;
        isReadOnly = true;
      };
      nixosConfig = { lib, ... }: {
        _module.args.domain = domain;
        _module.args.adguardUrl = "http://${hostIp}:3000";
        imports = [ ./home.nix ./server.nix ];
        services.glance = {
          enable = true;
          settings = {
            server = {
              port = 5678;
              host = "127.0.0.1";
            };
            theme = {
              light = false;
              background-color = hexToGlanceHsl c.base00; # background
              primary-color    = hexToGlanceHsl c.base0D; # accent (iris/purple)
              positive-color   = hexToGlanceHsl c.base0B; # positive (pine/teal)
              negative-color   = hexToGlanceHsl c.base08; # negative (love/rose)
            };
          };
        };
        services.nginx = {
          enable = true;
          appendHttpConfig = ''
            proxy_cache_path /var/cache/nginx/glance levels=1:2 keys_zone=glance:1m inactive=30m max_size=100m;
          '';
          virtualHosts."glance" = {
            listen = [{ addr = "0.0.0.0"; port = 8080; }];
            locations."/" = {
              proxyPass = "http://127.0.0.1:5678";
              extraConfig = ''
                proxy_cache glance;
                proxy_cache_valid 200 30m;
                proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
                add_header X-Cache-Status $upstream_cache_status;
              '';
            };
          };
        };
        networking.firewall.allowedTCPPorts = [ 8080 ];
        system.stateVersion = "24.05";
      };
    })
  ];
  services.cloudflared.tunnels."${config.var.tunnelId}".ingress."home.${domain}" = "http://10.233.12.2:8080";
 }
@@ -0,0 +1,245 @@
 { domain, ... }: {
  services.glance.settings.pages = [
    {
      name = "Home";
      hide-desktop-navigation = false;
      columns = [
        {
          size = "small";
          widgets = [
            {
              type = "clock";
              hour-format = "24h";
            }
            {
              type = "weather";
              location = "Paris, France";
            }
            {
              type = "markets";
              markets = [
                {
                  symbol = "BTC-USD";
                  name = "Bitcoin";
                  chart-link = "https://www.tradingview.com/chart/?symbol=INDEX:BTCUSD";
                }
                {
                  symbol = "SOL-USD";
                  name = "Solana";
                  chart-link = "https://www.tradingview.com/chart/?symbol=INDEX:SOLUSD";
                }
                {
                  symbol = "ETH-USD";
                  name = "Ethereum";
                  chart-link = "https://www.tradingview.com/chart/?symbol=INDEX:ETHUSD";
                }
              ];
            }
          ];
        }
        {
          size = "full";
          widgets = [
            {
              type = "search";
              search-engine = "startpage";
            }
            {
              type = "group";
              widgets = [
                {
                  type = "bookmarks";
                  title = "Bookmarks";
                  groups = [
                    {
                      title = "";
                      same-tab = true;
                      color = "245 50 64";
                      links = [
                        {
                          title = "Mail";
                          url = "https://mail.proton.me";
                        }
                        {
                          title = "Drive";
                          url = "https://drive.proton.me";
                        }
                        {
                          title = "Lumo";
                          url = "https://lumo.proton.me";
                        }
                        {
                          title = "Calendar";
                          url = "https://calendar.proton.me";
                        }
                        {
                          title = "Maps";
                          url = "https://maps.apple.com";
                        }
                        {
                          title = "Amazon";
                          url = "https://amazon.fr";
                        }
                      ];
                    }
                    {
                      title = "Tools";
                      same-tab = true;
                      color = "245 50 64";
                      links = [
                        {
                          title = "Excalidraw";
                          url = "https://excalidraw.com";
                        }
                        {
                          title = "Cobalt (downloader)";
                          url = "https://cobalt.meowing.de";
                        }
                        {
                          title = "Mazanoke (image downgrading)";
                          url = "https://mazanoke.${domain}";
                        }
                        {
                          title = "Stirling PDF";
                          url = "https://pdf.${domain}";
                        }
                        {
                          title = "Vert (file converter)";
                          url = "https://vert.sh";
                        }
                        {
                          title = "Markdown to pdf";
                          url = "https://md2file.com";
                        }
                        {
                          title = "Image to Vector";
                          url = "https://www.vectorcascade.com/";
                        }
                        {
                          title = "PrivateBin";
                          url = "https://privatebin.net";
                        }
                      ];
                    }
                    {
                      title = "Social";
                      same-tab = true;
                      color = "245 50 64";
                      links = [
                        {
                          title = "Bsky";
                          url = "https://bsky.app";
                        }
                        {
                          title = "Reddit";
                          url = "https://reddit.com";
                        }
                        {
                          title = "Youtube";
                          url = "https://youtube.com";
                        }
                        {
                          title = "Instagram";
                          url = "https://instagram.com";
                        }
                        {
                          title = "Github";
                          url = "https://github.com";
                        }
                        {
                          title = "Discord";
                          url = "https://discord.com/channels/@me/";
                        }
                      ];
                    }
                    {
                      title = "Other";
                      same-tab = true;
                      color = "245 50 64";
                      links = [
                        {
                          title = "Startpage config";
                          url = "https://www.startpage.com/do/mypage.pl?prfe=45d331deb05471d659dba933e7400df51d952bb103da6f6125c0e769a6be1d65610456a479f495ceeee7e97311cf227d7c1bb198de0ceeb193d8cddf9c455c19a409cc35c3e3f542ee27bd7cecd3";
                        }
                        {
                          title = "Hyprland Wiki";
                          url = "https://wiki.hypr.land";
                        }
                        {
                          title = "Search NixOS";
                          url = "https://mynixos.com";
                        }
                        {
                          title = "Nixpkgs";
                          url = "https://github.com/NixOS/nixpkgs";
                        }
                        {
                          title = "Claude";
                          url = "https://claude.ai";
                        }
                        {
                          title = "Gemini";
                          url = "https://gemini.google.com";
                        }
                        {
                          title = "Medium";
                          url = "https://medium.com";
                        }
                      ];
                    }
                  ];
                }
                {
                  type = "bookmarks";
                  title = "Infosec";
                  groups = [
                    {
                      title = "";
                      same-tab = true;
                      color = "245 50 64";
                      links = [
                        {
                          title = "Nix 4 Cyber";
                          url = "https://n4c.${domain}";
                        }
                        {
                          title = "Cyberchef";
                          url = "https://cyberchef.${domain}";
                        }
                        {
                          title = "TryHackMe";
                          url = "https://tryhackme.com";
                        }
                        {
                          title = "Root-Me";
                          url = "https://root-me.org";
                        }
                        {
                          title = "Exploit-DB";
                          url = "https://exploit-db.com";
                        }
                        {
                          title = "Crack Station";
                          url = "https://crackstation.net";
                        }
                        {
                          title = "Osint Tracker";
                          url = "https://app.osintracker.com";
                        }
                      ];
                    }
                  ];
                }
              ];
            }
            {
              type = "hacker-news";
              limit = 15;
              collapse-after = 5;
            }
          ];
        }
      ];
    }
  ];
 }
@@ -0,0 +1,179 @@
 {
  domain,
  adguardUrl,
  ...
 }: {
  services.glance.settings.pages = [
    {
      name = "Server";
      hide-desktop-navigation = false;
      columns = [
        {
          size = "full";
          widgets = [
            {
              type = "server-stats";
              servers = [
                {
                  type = "local";
                  name = "Jack";
                }
              ];
            }
            {
              type = "group";
              widgets = [
                {
                  type = "monitor";
                  title = "Services";
                  cache = "1m";
                  sites = [
                    {
                      title = "Adguard";
                      url = "https://adguard.${domain}";
                      icon = "si:adguard";
                    }
                    {
                      title = "Blog";
                      url = "https://${domain}";
                      icon = "si:blogger";
                    }
                    {
                      title = "Gitea";
                      url = "https://git.${domain}";
                      icon = "si:gitea";
                    }
                    {
                      title = "Mealie";
                      url = "https://mealie.${domain}";
                      icon = "si:mealie";
                    }
                    {
                      title = "Umami";
                      url = "https://umami.${domain}";
                      icon = "si:umami";
                    }
                    {
                      title = "Iknowyou";
                      url = "https://iknowyou.${domain}";
                      icon = "sh:iknowyou";
                    }
                    {
                      title = "Iknowyou Prod";
                      url = "https://iknowyou-prod.${domain}";
                      icon = "sh:iknowyou";
                    }
                    {
                      title = "Wallpapers";
                      url = "https://wallpapers.${domain}";
                      icon = "si:unsplash";
                    }
                    {
                      title = "Mazanoke";
                      url = "https://mazanoke.${domain}";
                      icon = "sh:mazanoke";
                    }
                    {
                      title = "Stirling PDF";
                      url = "https://pdf.${domain}";
                      icon = "sh:stirling-pdf";
                    }
                    {
                      title = "Default-creds";
                      url = "https://default-creds.${domain}";
                      icon = "si:passbolt";
                    }
                    {
                      title = "Cyberchef";
                      url = "https://cyberchef.${domain}";
                      icon = "si:codechef";
                    }
                  ];
                }
                {
                  type = "monitor";
                  title = "*arr";
                  cache = "1m";
                  sites = [
                    {
                      title = "Jellyfin";
                      url = "https://media.${domain}";
                      icon = "si:jellyfin";
                    }
                    {
                      title = "Jellyseerr";
                      url = "https://demandemedia.${domain}";
                      icon = "si:odysee";
                    }
                    {
                      title = "Radarr";
                      url = "https://radarr.${domain}";
                      icon = "si:radarr";
                    }
                    {
                      title = "Sonarr";
                      url = "https://sonarr.${domain}";
                      icon = "si:sonarr";
                    }
                    {
                      title = "Bazarr";
                      url = "https://bazarr.${domain}";
                      icon = "si:subtitleedit";
                    }
                    {
                      title = "Prowlarr";
                      url = "https://prowlarr.${domain}";
                      icon = "si:podcastindex";
                    }
                    {
                      title = "Transmission";
                      url = "https://transmission.${domain}";
                      icon = "si:transmission";
                    }
                  ];
                }
              ];
            }
            {
              type = "dns-stats";
              service = "adguard";
              url = adguardUrl;
              username = "hadi";
              password = "\${secret:adguard-pwd}";
            }
            {
              type = "bookmarks";
              groups = [
                {
                  title = "";
                  same-tab = true;
                  color = "245 50 64";
                  links = [
                    {
                      title = "Router";
                      url = "http://192.168.1.254/";
                    }
                    {
                      title = "Cloudflare";
                      url = "https://dash.cloudflare.com/";
                    }
                    {
                      title = "Cloudflare Zero Trust";
                      url = "https://one.dash.cloudflare.com/";
                    }
                    {
                      title = "Cloudflare Access";
                      url = "https://anotherhadi.cloudflareaccess.com";
                    }
                  ];
                }
              ];
            }
          ];
        }
      ];
    }
  ];
 }
@@ -0,0 +1,64 @@
 {
  config,
  inputs,
  lib,
  ...
 }: let
  inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
 in {
  imports = [
    (mkContainer {
      name = "iky-prod";
      hostIp = "10.233.1.1";
      containerIp = "10.233.1.2";
      internet = true;
      bindMounts."/etc/iky/config.yaml" = {
        hostPath = "/var/lib/iknowyou-prod/config.yaml";
        isReadOnly = false;
      };
      nixosConfig = {...}: {
        imports = [inputs.iknowyou.nixosModules.default];
        users.users.iknowyou.uid = 999;
        users.groups.iknowyou.gid = 999;
        services.iknowyou = {
          enable = true;
          port = 8080;
          openFirewall = true;
        };
        system.stateVersion = "24.05";
      };
    })
    (mkContainer {
      name = "iky-demo";
      hostIp = "10.233.2.1";
      containerIp = "10.233.2.2";
      nixosConfig = {...}: {
        imports = [inputs.iknowyou.nixosModules.default];
        services.iknowyou = {
          enable = true;
          port = 8080;
          openFirewall = true;
        };
        systemd.services.iknowyou.environment.IKY_DEMO = "true";
        system.stateVersion = "24.05";
      };
    })
  ];
  users.users.iknowyou = {
    isSystemUser = true;
    group = "iknowyou";
    uid = 999;
  };
  users.groups.iknowyou.gid = 999;
  systemd.tmpfiles.rules = [
    "f /var/lib/iknowyou-prod/config.yaml 0600 iknowyou iknowyou -"
  ];
  services.cloudflared.tunnels."${config.var.tunnelId}".ingress = {
    "iknowyou-prod.${config.var.domain}" = "http://10.233.1.2:8080";
    "iknowyou.${config.var.domain}" = "http://10.233.2.2:8080";
  };
 }
@@ -0,0 +1,45 @@
 { config, lib, ... }:
 let
  inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
 in
 {
  imports = [
    (mkContainer {
      name = "mazanoke";
      hostIp = "10.233.7.1";
      containerIp = "10.233.7.2";
      nixosConfig = { pkgs, ... }:
        let
          version = "1.1.5";
          mazanoke-pkg = pkgs.stdenv.mkDerivation {
            inherit version;
            pname = "mazanoke";
            src = pkgs.fetchFromGitHub {
              owner = "civilblur";
              repo = "mazanoke";
              rev = "v${version}";
              hash = "sha256-B/AF4diMNxN94BzpZP/C+K8kNj9q+4SDKWa/qd4LrVU=";
            };
            installPhase = ''
              mkdir -p $out/share/mazanoke
              cp -r ./index.html ./favicon.ico ./manifest.json ./service-worker.js ./assets $out/share/mazanoke/
            '';
          };
        in
        {
          services.nginx = {
            enable = true;
            virtualHosts."mazanoke" = {
              root = "${mazanoke-pkg}/share/mazanoke";
              listen = [{ addr = "0.0.0.0"; port = 8080; }];
              locations."/" = { index = "index.html"; };
            };
          };
          networking.firewall.allowedTCPPorts = [ 8080 ];
          system.stateVersion = "24.05";
        };
    })
  ];
  services.cloudflared.tunnels."${config.var.tunnelId}".ingress."mazanoke.${config.var.domain}" = "http://10.233.7.2:8080";
 }
@@ -1,19 +1,24 @@
-# Mealie is a recipe management and meal planning application.
+{ config, lib, ... }:
-{config, ...}: let
+let
-  domain = "mealie.hadi.diy";
+  inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
-in {
+in
-  services = {
+{
-    mealie = {
+  imports = [
    (mkContainer {
      name = "mealie";
      hostIp = "10.233.8.1";
      containerIp = "10.233.8.2";
      internet = true;
      nixosConfig = { ... }: {
        services.mealie = {
          enable = true;
-      port = 8092;
+          port = 8080;
        };
        networking.firewall.allowedTCPPorts = [ 8080 ];
        system.stateVersion = "24.05";
      };
    })
  ];
-    nginx.virtualHosts."${domain}" = {
+  services.cloudflared.tunnels."${config.var.tunnelId}".ingress."mealie.${config.var.domain}" = "http://10.233.8.2:8080";
      useACMEHost = "hadi.diy";
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString config.services.mealie.port}";
      };
    };
  };
 }
@@ -0,0 +1,61 @@
 { lib, config }:
 # Returns a NixOS module (attrset), to be used in `imports`.
 #
 # Options:
 #   internet          - allow outbound internet access via NAT (default: false)
 #   externalInterface - WAN interface for NAT, required when internet = true
 #   bindMounts        - host paths to mount into the container (see containers.<name>.bindMounts)
 #   config            - NixOS module for the container
 {
  mkContainer =
    {
      name,
      hostIp,
      containerIp,
      internet ? false,
      externalInterface ? config.var.networkInterface,
      bindMounts ? {},
      nixosConfig,
    }:
    assert lib.assertMsg
      (lib.stringLength "ve-${name}" <= 15)
      "mkContainer: interface name 've-${name}' is ${toString (lib.stringLength "ve-${name}")} chars, max is 15";
    {
      containers.${name} = {
        autoStart = true;
        privateNetwork = true;
        hostAddress = hostIp;
        localAddress = containerIp;
        inherit bindMounts;
        config = { ... }: {
          imports = [ nixosConfig ];
          networking.nameservers = lib.mkIf internet [ "1.1.1.1" "1.0.0.1" ];
        };
      };
    }
    // (lib.optionalAttrs internet {
      boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault true;
      networking.nat = {
        enable = true;
        externalInterface = externalInterface;
        internalInterfaces = [ "ve-${name}" ];
      };
      # CONTAINER-FWD (defined by another module) blocks all forwarding by default.
      # Insert rules in FORWARD before it: allow return traffic, block LAN, allow internet.
      networking.firewall.extraCommands = ''
        iptables -I FORWARD 1 -s ${containerIp} -m conntrack --ctstate NEW -j ACCEPT
        iptables -I FORWARD 1 -s ${containerIp} -d 192.168.0.0/16 -j DROP
        iptables -I FORWARD 1 -s ${containerIp} -d 172.16.0.0/12 -j DROP
        iptables -I FORWARD 1 -s ${containerIp} -d 10.0.0.0/8 -j DROP
        iptables -I FORWARD 1 -d ${containerIp} -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
      '';
      networking.firewall.extraStopCommands = ''
        iptables -D FORWARD -s ${containerIp} -m conntrack --ctstate NEW -j ACCEPT 2>/dev/null || true
        iptables -D FORWARD -s ${containerIp} -d 192.168.0.0/16 -j DROP 2>/dev/null || true
        iptables -D FORWARD -s ${containerIp} -d 172.16.0.0/12 -j DROP 2>/dev/null || true
        iptables -D FORWARD -s ${containerIp} -d 10.0.0.0/8 -j DROP 2>/dev/null || true
        iptables -D FORWARD -d ${containerIp} -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || true
      '';
    });
 }
@@ -1,45 +1,5 @@
-# Nginx is a web server that can also be used as a reverse proxy, load balancer, and HTTP cache.
+{
 {config, ...}: let
  domain = "hadi.diy";
 in {
  security.acme = {
    acceptTerms = true;
    defaults.email = config.var.git.email;
    certs."${domain}" = {
      domain = "${domain}";
      extraDomainNames = ["*.${domain}"];
      group = "nginx";
      dnsProvider = "cloudflare";
      dnsPropagationCheck = true;
      credentialsFile = config.sops.secrets.cloudflare-dns-token.path;
    };
  };
  # Return 444 for all requests not matching a used subdomain.
  services.nginx = {
    enable = true;
    virtualHosts = {
      "default" = {
        default = true;
        locations."/" = {return = 444;};
  };
      "*.${domain}" = {
        useACMEHost = domain;
        forceSSL = true;
        locations."/" = {return = 444;};
      };
      "aaaaaa.${domain}" = {
        useACMEHost = domain;
        forceSSL = true;
        locations."/" = {return = 444;};
      };
    };
  };
  networking.firewall = {
    allowedTCPPorts = [80 443];
    allowedUDPPorts = [80 443];
  };
  sops.secrets.cloudflare-dns-token = {path = "/etc/cloudflare/dnskey.txt";};
 }
@@ -14,9 +14,9 @@ in {
  };
  # Add my public SSH key to my user
-  users.users."${username}" = {
+  users.users."${username}".openssh.authorizedKeys.keys = [
    openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPG9SE80ZyBcXZK/f5ypSKudaM5Jo3XtQikCnGo0jI5E hadi@nixy"
  ];
-  };
+
  services.cloudflared.tunnels."${config.var.tunnelId}".ingress."ssh.${config.var.domain}" = "ssh://localhost:22";
 }
@@ -0,0 +1,23 @@
 { config, lib, ... }:
 let
  inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
 in
 {
  imports = [
    (mkContainer {
      name = "stirling-pdf";
      hostIp = "10.233.9.1";
      containerIp = "10.233.9.2";
      nixosConfig = { ... }: {
        services.stirling-pdf = {
          enable = true;
          environment."SERVER_PORT" = "8080";
        };
        networking.firewall.allowedTCPPorts = [ 8080 ];
        system.stateVersion = "24.05";
      };
    })
  ];
  services.cloudflared.tunnels."${config.var.tunnelId}".ingress."pdf.${config.var.domain}" = "http://10.233.9.2:8080";
 }
@@ -0,0 +1,37 @@
 { config, lib, ... }:
 let
  inherit (import ./mk-container.nix { inherit lib config; }) mkContainer;
 in
 {
  sops.secrets.umami-secret.mode = "0400";
  imports = [
    (mkContainer {
      name = "umami";
      hostIp = "10.233.10.1";
      containerIp = "10.233.10.2";
      bindMounts."/run/secrets/umami-secret" = {
        hostPath = config.sops.secrets.umami-secret.path;
        isReadOnly = true;
      };
      nixosConfig = { ... }: {
        services.umami = {
          enable = true;
          settings = {
            PORT = 8080;
            HOSTNAME = "0.0.0.0";
            APP_SECRET_FILE = "/run/secrets/umami-secret";
            DISABLE_TELEMETRY = true;
            DISABLE_BOT_CHECK = true;
          };
        };
        # PrivateUsers breaks systemd-creds inside nspawn containers (nested user namespaces)
        systemd.services.umami.serviceConfig.PrivateUsers = lib.mkForce false;
        networking.firewall.allowedTCPPorts = [ 8080 ];
        system.stateVersion = "24.05";
      };
    })
  ];
  services.cloudflared.tunnels."${config.var.tunnelId}".ingress."umami.${config.var.domain}" = "http://10.233.10.2:8080";
 }
@@ -53,8 +53,8 @@
    fonts = {
      monospace = {
-        package = pkgs.nerd-fonts.jetbrains-mono;
+        package = pkgs.maple-mono.NF;
-        name = "JetBrains Mono Nerd Font";
+        name = "Maple Mono NF";
      };
      sansSerif = {
        package = pkgs.source-sans-pro;
@@ -0,0 +1,82 @@
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  options.theme = lib.mkOption {
    type = lib.types.attrs;
    default = {
      rounding = 30;
      gaps-in = 12;
      gaps-out = 12 * 2;
      active-opacity = 0.99;
      inactive-opacity = 0.98;
      blur = false;
      border-size = 4;
      animation-speed = "medium"; # "fast" | "medium" | "slow"
      fetch = "none"; # "nerdfetch" | "neofetch" | "pfetch" | "none"
      textColorOnWallpaper =
        config.lib.stylix.colors.base00; # Color of the text displayed on the wallpaper (Lockscreen, display manager, ...)
    };
    description = "Theme configuration options";
  };
  config.stylix = {
    enable = true;
    # See https://tinted-theming.github.io/tinted-gallery/ for more schemes
    base16Scheme = {
      base00 = "090E13"; # Default Background
      base01 = "12171E"; # Lighter Background (Used for status bars, line number and folding marks)
      base02 = "393B44"; # Selection Background
      base03 = "54546D"; # Comments, Invisibles, Line Highlighting
      base04 = "A4A7A4"; # Dark Foreground (Used for status bars)
      base05 = "C5C9C7"; # Default Foreground, Caret, Delimiters, Operators
      base06 = "DCD7BA"; # Light Foreground (Not often used)
      base07 = "C8C093"; # Light Background (Not often used)
      base08 = "C4746E"; # Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted
      base09 = "B6927B"; # Integers, Boolean, Constants, XML Attributes, Markup Link Url
      base0A = "C4B28A"; # Classes, Markup Bold, Search Text Background
      base0B = "8A9A7B"; # Strings, Inherited Class, Markup Code, Diff Inserted
      base0C = "8EA4A2"; # Support, Regular Expressions, Escape Characters, Markup Quotes
      base0D = "8BA4B0"; # Functions, Methods, Attribute IDs, Headings, Accent color
      base0E = "A292A3"; # Keywords, Storage, Selector, Markup Italic, Diff Changed
      base0F = "B98D7B"; # Deprecated, Opening/Closing Embedded Language Tags, e.g. <?php ?>
    };
    cursor = {
      name = "BreezeX-RosePine-Linux";
      package = pkgs.rose-pine-cursor;
      size = 20;
    };
    fonts = {
      monospace = {
        package = pkgs.maple-mono.NF;
        name = "Maple Mono NF";
      };
      sansSerif = {
        package = pkgs.source-sans-pro;
        name = "Source Sans Pro";
      };
      serif = config.stylix.fonts.sansSerif;
      emoji = {
        package = pkgs.noto-fonts-color-emoji;
        name = "Noto Color Emoji";
      };
      sizes = {
        applications = 13;
        desktop = 13;
        popups = 13;
        terminal = 13;
      };
    };
    polarity = "dark";
    image = pkgs.fetchurl {
      url = "https://raw.githubusercontent.com/anotherhadi/awesome-wallpapers/refs/heads/main/app/static/wallpapers/nepal.png";
      sha256 = "sha256-0o2+B3+yA++PCyfNC+VqmaX959aKk3GuD7XpOq3SGcM=";
    };
  };
 }
Author	SHA1	Message	Date
Hadi	28b7923e47	New way to deploy apps in my server Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-04-11 02:26:00 +02:00
Hadi	29bdd6468a	remove discord Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-04-11 01:34:02 +02:00
Hadi	08db0a42c4	add claude-code to jack Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-04-10 22:57:18 +02:00
Hadi	66cc2a3958	add colors Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-04-10 22:57:09 +02:00
Hadi	80afef207a	edit gitignore Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-04-10 22:23:05 +02:00
Hadi	d18d67d86e	update Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-04-07 22:48:29 +02:00
pph	2e10d6feff	Merge branch 'main' of github.com:anotherhadi/nixy	2026-04-07 13:42:51 +02:00
pph	dea17ebf3c	remove update nws Signed-off-by: pph <pph@pph.pph>	2026-04-07 13:42:40 +02:00
Hadi	ae024e308d	Merge branch 'main' of github.com:anotherhadi/nixy	2026-04-06 15:13:17 +02:00
Hadi	302f0ceec9	Add variables for domain & tunnel id Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-04-06 15:13:10 +02:00
github-actions	1cddeef739	Update README.md (auto)	2026-04-03 18:45:39 +00:00
Hadi	d7b72277f7	change gitlab user Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-04-03 20:45:03 +02:00
Hadi	5d9ab362a3	update blog config Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-30 20:00:00 +02:00
Hadi	a6b2f66ac8	init swappy config Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-30 18:30:34 +02:00
Hadi	e2a60b15dc	Merge branch 'main' of github.com:anotherhadi/nixy	2026-03-30 18:30:19 +02:00
Hadi	d029d6f205	init gitea instance Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-30 18:30:14 +02:00
Hadi	d9b4102bed	rename Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-30 18:05:44 +02:00
Hadi	a744d85f48	update secrets Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-30 18:05:22 +02:00
github-actions	5d50819d49	Update README.md (auto)	2026-03-30 15:11:28 +00:00
Hadi	087f71d2d5	update readme Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-30 17:10:18 +02:00
Hadi	3f36665767	new secret Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-28 19:31:18 +01:00
Hadi	6cb4d1eb96	Merge branch 'main' of github.com:anotherhadi/nixy	2026-03-28 18:59:06 +01:00
Hadi	983c83b981	change gitlab secret Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-28 18:59:02 +01:00
Hadi	c482e6e075	update flake Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-25 21:57:24 +01:00
Hadi	0a01e8f3e8	update flake Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-25 21:40:18 +01:00
Hadi	641411ad51	edit bookmarks Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-25 21:40:13 +01:00
Hadi	86fd60fd3d	update flake Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-25 20:53:09 +01:00
Hadi	9a41aff92d	migration hadi.diy > hadi.icu Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-25 20:30:02 +01:00
Hadi	e4a2a7abd0	edit tunnels Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-25 18:51:17 +01:00
Hadi	b4d8e87abe	change domain name Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-25 18:35:27 +01:00
Hadi	5de0ce50d6	edit secrets Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-25 18:34:43 +01:00
Hadi	aba6dafffa	Remove eleakxir for now #53 Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-24 22:57:28 +01:00
Hadi	290471fcc2	Update default-creds Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-20 20:16:28 +01:00
pph	ac90e05258	edit ghostty configuration Signed-off-by: pph <pph@pph.pph>	2026-03-17 11:30:00 +01:00
Hadi	562f2507c0	update flake Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-16 23:49:16 +01:00
Hadi	a393b97680	+umami Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-16 23:27:43 +01:00
Hadi	59901b0081	Enable clipboard even in ssh Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-16 22:40:13 +01:00
Hadi	6ecf475301	Update hyprland Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-16 21:17:40 +01:00
pph	75483ea97a	update Signed-off-by: pph <pph@pph.pph>	2026-03-16 14:25:11 +01:00
pph	4cd0eccde5	Merge branch 'main' of github.com:anotherhadi/nixy	2026-03-16 09:45:05 +01:00
pph	d32c4a317f	edit secrets Signed-off-by: pph <pph@pph.pph>	2026-03-16 09:44:54 +01:00
Hadi	5ecc516a2f	init default-creds Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-14 21:16:01 +01:00
Hadi	de489d7d9c	remove Neofetch: deprecated Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-03-14 21:13:56 +01:00
pph	19bfd1201b	Edit keymaps & add dependencies Signed-off-by: pph <pph@pph.pph>	2026-03-13 13:47:00 +01:00
pph	20f7bca099	add nix-index-database Signed-off-by: pph <pph@pph.pph>	2026-03-13 13:13:16 +01:00
pph	72ed018351	fix type Signed-off-by: pph <pph@pph.pph>	2026-03-12 09:35:33 +01:00
pph	b904fd4fde	suppress float event from brave Signed-off-by: pph <pph@pph.pph>	2026-03-11 17:02:15 +01:00
pph	b1cf5fb3a1	QOL vim option Signed-off-by: pph <pph@pph.pph>	2026-03-11 17:02:02 +01:00
pph	fee44db81c	let nixy take arguments Signed-off-by: pph <pph@pph.pph>	2026-03-10 12:59:16 +01:00
pph	214095c02a	edit secret Signed-off-by: pph <pph@pph.pph>	2026-03-09 13:41:38 +01:00
Hadi	29fc893847	more stable nvidia version & fan control Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-28 22:37:32 +01:00
Hadi	3689215480	add extension Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-28 22:26:24 +01:00
Hadi	14168a65ea	add amazon to bookmarks Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-24 21:59:24 +01:00
Hadi	43ae447b34	clamav: init Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-24 21:58:41 +01:00
Hadi	07fa66f1b6	add firefox to cybersecurity Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-24 21:58:32 +01:00
Hadi	168423cf16	Update images path	2026-02-24 18:25:34 +01:00
pph	bde39be205	Add proton to work Signed-off-by: pph <pph@pph.pph>	2026-02-23 10:59:59 +01:00
Hadi	18137f444a	add bookmarks Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-20 20:57:32 +01:00
Hadi	e835f2466b	revert hyprland: current bug with external monitor Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-20 20:54:27 +01:00
Hadi	d2a9fff0d1	DRM DEVICES now in host files Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-20 20:53:36 +01:00
Hadi	081e05c702	update Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-20 20:04:17 +01:00
Hadi	4a4b997ef3	fix brave fullscreen Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-20 19:05:31 +01:00
pph	37abf49364	Merge branch 'main' of github.com:anotherhadi/nixy	2026-02-20 15:28:06 +01:00
pph	36f5ef3792	Add monitor Signed-off-by: pph <pph@pph.pph>	2026-02-20 15:27:54 +01:00
Hadi	3d4099c97b	Fix brave fullscreen Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-19 20:29:03 +01:00
Hadi	89413d06a8	add apps Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-18 21:44:57 +01:00
Hadi	76e3368f3e	lock instead of logout Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-18 21:44:48 +01:00
Hadi	0f40fccb5e	remove usefull keymaps Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-18 21:44:42 +01:00
Hadi	cefebdbd0a	quit without confirmation Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-18 21:44:36 +01:00
pph	05cfe684c2	add python lsp Signed-off-by: pph <pph@pph.pph>	2026-02-18 15:00:11 +01:00
pph	f11bd21e00	add apps Signed-off-by: pph <pph@pph.pph>	2026-02-18 15:00:07 +01:00
pph	40477c6562	change theme Signed-off-by: pph <pph@pph.pph>	2026-02-18 15:00:02 +01:00
Hadi	d1fec1128d	Merge branch 'main' of github.com:anotherhadi/nixy	2026-02-16 22:48:16 +01:00
Hadi	677a279eda	add freshrss Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-16 22:48:13 +01:00
Hadi	1489261fa9	add a shortcut for the dashboard Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-15 21:21:21 +01:00
Hadi	29d19d5502	add brave & brave incognito to which-key Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-15 20:36:52 +01:00
Hadi	2f69c6e1d4	fix env variables Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-15 19:43:37 +01:00
Hadi	9ad71c5775	add binding to restart caelestia-shell Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-15 19:16:58 +01:00
Hadi	b5c64e96c4	change theme Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-15 18:23:16 +01:00
Hadi	af787952ad	add bookmarks Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-15 18:23:11 +01:00
Hadi	4ebf579743	new bindings! which-key like Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-15 17:36:49 +01:00
Hadi	78aa49547d	edit opacity Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-13 23:19:37 +01:00
pph	d21fc81a19	Don't show on hover the dashbaord Signed-off-by: pph <pph@pph.pph>	2026-02-10 09:38:12 +01:00
pph	b0684b2e56	fix thunar config overwrite Signed-off-by: pph <pph@pph.pph>	2026-02-10 09:37:52 +01:00
Hadi	49a9f3f169	new theme Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 21:49:14 +01:00
Hadi	8caa02139c	fix caelestia scheme change Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 21:49:07 +01:00
Hadi	0c0a487488	add cache to glance Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 20:37:54 +01:00
Hadi	6f463fc7f9	add brave settings Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 20:33:18 +01:00
Hadi	3e82b1cd60	Add desktop entries for incognito & tor Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 19:53:44 +01:00
Hadi	f9d171cef3	add QOL apps Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 19:52:40 +01:00
Hadi	89c61650bc	+witr Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 19:16:04 +01:00
Hadi	c94559d29f	done Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 13:27:44 +01:00
Hadi	e91047a3e1	Kitty -> Ghostty Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 13:27:14 +01:00
Hadi	1d75175be8	Change default for text & add title Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 13:22:00 +01:00
Hadi	ea18558cb3	add code mime files Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 13:16:42 +01:00
Hadi	72c13294e6	update flake Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 13:02:37 +01:00
Hadi	a771f685b2	remove notifications from audio input/output change Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 12:46:58 +01:00
Hadi	27ad0783bc	change inactive border opacity Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 12:37:35 +01:00
Hadi	d61e378405	remove blueman Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 12:31:29 +01:00
Hadi	baa1ce858d	add more icons lib Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 12:31:06 +01:00
Hadi	f32ea27565	fix icons Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 12:22:37 +01:00
Hadi	b657e5a891	New mono font Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-07 12:22:25 +01:00
pph	48f3f3170b	change ssh config Signed-off-by: pph <pph@pph.pph>	2026-02-05 22:01:22 +01:00
pph	87778bd3fa	init new host Signed-off-by: pph <pph@pph.pph>	2026-02-05 19:57:56 +01:00
Hadi	5736c8ccf2	jellyfin on gpu Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-01 18:22:18 +01:00
Hadi	31031447ce	glance rewrite Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-02-01 18:22:08 +01:00
Hadi	4fb4058dca	Merge branch 'main' of github.com:anotherhadi/nixy	2026-02-01 18:21:43 +01:00
Hadi	33b3ef66f2	update Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-01-30 16:49:58 +01:00
Hadi	52ee08e13b	Firewall allow port 53: DNS requests Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-01-15 18:48:18 +01:00
Hadi	8c4b9340b6	add comments Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-01-13 20:30:49 +01:00
Hadi	a1d57253f0	Merge branch 'main' of github.com:anotherhadi/nixy	2026-01-13 20:26:06 +01:00
Hadi	6e21914113	+mazanoke Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-01-13 20:25:57 +01:00
Hadi	7acddfafa1	Update flake Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-01-10 15:23:28 +01:00
Hadi	9fb4072893	add unrar & 7z to utils Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-01-07 22:33:12 +01:00
Hadi	fd644671af	Server update Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-01-06 17:24:21 +01:00
Hadi	bfb7c2f4e0	-tailscale Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-01-06 16:53:35 +01:00
Hadi	22b5aa9797	change ssh config Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-01-06 16:53:30 +01:00
Hadi	4ac3945174	Vivaldi->Brave Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-01-06 16:53:23 +01:00
Hadi	d3cdc25481	Merge branch 'main' of github.com:anotherhadi/nixy	2026-01-04 00:40:14 +01:00
Hadi	6a0b3418a7	update Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-01-04 00:40:10 +01:00
Hadi	f2c2540cd4	Merge branch 'main' of github.com:anotherhadi/nixy	2026-01-04 00:28:28 +01:00
Hadi	223f785c3a	auto start vpn Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-01-04 00:28:20 +01:00
Hadi	81ab17fed7	go back to brave Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-01-04 00:28:13 +01:00
Hadi	8f16767240	add cloudflared Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-01-04 00:11:37 +01:00