123123

i buy monitor and test for defects with server hdmi port

.gitattributes

@@ -1 +0,0 @@
-* text=auto eol=lf

.gitignore

@@ -1 +0,0 @@
-.vscode

README.md

@@ -1 +1 @@
-I'm a super newbie who just posted my stuff here. Now maybe about intermediate
+I'm a super newbie who just posted my stuff here. Now maybe simple newbie

configurations/disko/server.nix

@@ -18,7 +18,7 @@
               };
             };
             swap = {
-              size = "6G";
+              size = "2G";
               content = {
                 type = "swap";
               };

configurations/disko/vds.nix

@@ -20,7 +20,7 @@
               };
             };
             swap = {
-              size = "4G";
+              size = "1G";
               content = {
                 type = "swap";
               };

configurations/hardware/mini-laptop.nix

@@ -14,11 +14,11 @@
 
   boot = {
     initrd = {
-      # supportedFilesystems = [
-      #   "nfs"
-      #   "nfsv4"
-      #   "overlay"
-      # ];
+      supportedFilesystems = [
+        "nfs"
+        "nfsv4"
+        "overlay"
+      ];
       availableKernelModules = [
         "nvme"
         "xhci_pci"

configurations/hardware/server.nix

@@ -51,13 +51,9 @@
     };
   };
 
-  zramSwap = {
-    enable = true;
-  };
-
-  swapDevices = [
-    { device = "/dev/disk/by-partlabel/disk-main-swap"; }
-  ];
+  # swapDevices = [
+  #   { device = "/dev/disk/by-partlabel/disk-main-swap"; }
+  # ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

configurations/hardware/vds.nix

@@ -13,13 +13,9 @@
     };
   };
 
-  swapDevices = [
-    { device = "/dev/disk/by-partlabel/disk-main-swap"; }
-  ];
-
-  zramSwap = {
-    enable = true;
-  };
+  # swapDevices = [
+  #   { device = "/dev/disk/by-partlabel/disk-main-swap"; }
+  # ];
 
   networking.useDHCP = lib.mkDefault true;
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

configurations/mini-laptop.nix

@@ -69,11 +69,11 @@ let
       };
 
       services = {
-        # xserver = {
-        #   videoDrivers = [
-        #     "nomodeset"
-        #   ];
-        # };
+        xserver = {
+          videoDrivers = [
+            "nomodeset"
+          ];
+        };
         syncthing = {
           enable = true;
           systemService = true;

configurations/server.nix

@@ -20,7 +20,7 @@ let
       ];
 
       boot = {
-        # kernelPackages = pkgs.linuxPackages_xanmod_stable;
+        kernelPackages = pkgs.linuxPackages_xanmod_stable;
         hardwareScan = true;
         loader = {
           systemd-boot.enable = lib.mkDefault true;
@@ -41,6 +41,10 @@ let
         intel-gpu-tools.enable = true;
       };
 
+      # swapDevices = [
+      #   { device = "/dev/disk/by-partlabel/disk-main-swap"; }
+      # ];
+
       fileSystems = {
         # External drive
         "${xlib.dirs.server-home}" = {
@@ -48,7 +52,7 @@ let
           fsType = "ext4";
         };
         # Archive drive
-        "${xlib.dirs.archive-drive}" = {
+        "/mnt/archive" = {
           device = "/dev/disk/by-label/archive";
           fsType = "exfat";
           options = [
@@ -58,7 +62,7 @@ let
           ];
         };
         # Mobile SD-Card
-        "${xlib.dirs.mobile-drive}" = {
+        "/mnt/mobile" = {
           device = "/dev/disk/by-uuid/7EB1-DC99";
           fsType = "exfat";
           options = [
@@ -67,13 +71,15 @@ let
             "gid=1000"
           ];
         };
-        # Services in /mnt folder
         "${xlib.dirs.services-mnt-folder}" = {
           device = "${xlib.dirs.services-folder}";
-          fsType = "none";
           options = [
             "bind"
             "nofail"
+            # "uid=1000"
+            # "gid=1000"
+            # "fmask=0000"
+            # "dmask=0000"
           ];
         };
       };

configurations/vds-new.nix

@@ -46,6 +46,53 @@ let
             SystemMaxUse=512M
           '';
         };
+        samba = {
+          enable = true;
+          openFirewall = true;
+          settings = {
+            global = {
+              "invalid users" = [ ];
+              "passwd program" = "/run/wrappers/bin/passwd %u";
+              security = "user";
+            };
+            nixos = {
+              "path" = "/etc/nixos";
+              "browseable" = "yes";
+              "read only" = "no";
+              "valid users" = "${xlib.device.username}";
+              "guest ok" = "no";
+              "writable" = "yes";
+              "create mask" = 755;
+              "directory mask" = 755;
+              "force user" = "${xlib.device.username}";
+              "force group" = "users";
+            };
+            root = {
+              "path" = "/";
+              "browseable" = "yes";
+              "read only" = "no";
+              "valid users" = "${xlib.device.username}";
+              "guest ok" = "no";
+              "writable" = "yes";
+              #"create mask" = 0644;
+              #"directory mask" = 0644;
+              "force user" = "root";
+              "force group" = "root";
+            };
+            "${xlib.device.username}" = {
+              "path" = "/home/${xlib.device.username}";
+              "browseable" = "yes";
+              "read only" = "no";
+              "valid users" = "${xlib.device.username}";
+              "guest ok" = "no";
+              "writable" = "yes";
+              "create mask" = 700;
+              "directory mask" = 700;
+              "force user" = "${xlib.device.username}";
+              "force group" = "users";
+            };
+          };
+        };
         openssh = {
           enable = true;
           allowSFTP = true;

configurations/vds.nix

@@ -26,7 +26,7 @@ let
       ];
 
       boot = {
-        # kernelPackages = pkgs.linuxPackages_xanmod_stable;
+        kernelPackages = pkgs.linuxPackages_xanmod_stable;
         hardwareScan = true;
         loader = {
           grub = {
@@ -37,12 +37,6 @@ let
           };
           systemd-boot.enable = lib.mkDefault false;
         };
-        kernel.sysctl = {
-          "net.ipv4.tcp_syncookies" = 1;
-          "net.ipv4.tcp_max_syn_backlog" = 4096;
-          "net.ipv4.tcp_synack_retries" = 3;
-          "net.ipv4.tcp_syn_retries" = 3;
-        };
       };
 
       services = {
@@ -52,6 +46,53 @@ let
             SystemMaxUse=512M
           '';
         };
+        samba = {
+          enable = true;
+          openFirewall = true;
+          settings = {
+            global = {
+              "invalid users" = [ ];
+              "passwd program" = "/run/wrappers/bin/passwd %u";
+              security = "user";
+            };
+            nixos = {
+              "path" = "/etc/nixos";
+              "browseable" = "yes";
+              "read only" = "no";
+              "valid users" = "${xlib.device.username}";
+              "guest ok" = "no";
+              "writable" = "yes";
+              "create mask" = 755;
+              "directory mask" = 755;
+              "force user" = "${xlib.device.username}";
+              "force group" = "users";
+            };
+            root = {
+              "path" = "/";
+              "browseable" = "yes";
+              "read only" = "no";
+              "valid users" = "${xlib.device.username}";
+              "guest ok" = "no";
+              "writable" = "yes";
+              #"create mask" = 0644;
+              #"directory mask" = 0644;
+              "force user" = "root";
+              "force group" = "root";
+            };
+            "${xlib.device.username}" = {
+              "path" = "/home/${xlib.device.username}";
+              "browseable" = "yes";
+              "read only" = "no";
+              "valid users" = "${xlib.device.username}";
+              "guest ok" = "no";
+              "writable" = "yes";
+              "create mask" = 700;
+              "directory mask" = 700;
+              "force user" = "${xlib.device.username}";
+              "force group" = "users";
+            };
+          };
+        };
         openssh = {
           enable = true;
           allowSFTP = true;
@@ -73,49 +114,28 @@ let
           openFirewall = true;
         };
       };
+
       networking = {
         nameservers = [
           "1.1.1.1"
           "8.8.8.8"
-          # "2001:4860:4860::8844"
-          # "2001:4860:4860::8888"
-          # "2606:4700:4700::1111"
-          # "2606:4700:4700::1001"
+          "2001:4860:4860::8844"
+          "2001:4860:4860::8888"
+          "2606:4700:4700::1111"
+          "2606:4700:4700::1001"
         ];
         hostName = "${xlib.device.hostname}";
         networkmanager.enable = true;
         tempAddresses = "disabled";
         dhcpcd = {
           enable = true;
-          IPv6rs = false;
+          IPv6rs = true;
         };
         firewall = {
           enable = true;
           allowPing = true;
         };
-        nftables = {
-          enable = true;
-          ruleset = ''
-            table inet filter {
-              chain input {
-                type filter hook input priority 0;
-
-                # loopback
-                iif lo accept
-
-                # уже установленные
-                ct state established,related accept
-
-                # РЕЖЕМ SYN СРАЗУ
-                tcp flags syn tcp dport {80,443} limit rate 20/second burst 40 packets accept
-                tcp flags syn tcp dport {80,443} drop
-
-                # остальное по необходимости
-              }
-            }
-          '';
-        };
-        enableIPv6 = false;
+        enableIPv6 = true;
         interfaces.ens3 = {
           useDHCP = true;
           # ipv4.addresses = [

flake.lock

@@ -1,5 +1,26 @@
 {
   "nodes": {
+    "compose2nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "onchg": "onchg"
+      },
+      "locked": {
+        "lastModified": 1768176895,
+        "narHash": "sha256-GvcYMsrvQ1yjehcKmnlniBQM8HP9U/v7qSvfnxj3VtA=",
+        "owner": "aksiksi",
+        "repo": "compose2nix",
+        "rev": "e36aecd3649f43d745a5f837bf91c27c4499e203",
+        "type": "github"
+      },
+      "original": {
+        "owner": "aksiksi",
+        "repo": "compose2nix",
+        "type": "github"
+      }
+    },
     "deploy-rs": {
       "inputs": {
         "flake-compat": [
@@ -13,11 +34,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1781023725,
-        "narHash": "sha256-Gt+qFANcrDRjl3xzidLYrAUQCd3808iuAsLwZbYYAEU=",
+        "lastModified": 1770019181,
+        "narHash": "sha256-hwsYgDnby50JNVpTRYlF3UR/Rrpt01OrxVuryF40CFY=",
         "owner": "serokell",
         "repo": "deploy-rs",
-        "rev": "2ce9051767ee4d1a3c43b52ba327431783bfd463",
+        "rev": "77c906c0ba56aabdbc72041bf9111b565cdd6171",
         "type": "github"
       },
       "original": {
@@ -33,11 +54,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1781152676,
-        "narHash": "sha256-RxWs5ND31KzTG7wvMM+PMfUjyNpmIEr999lqNARaM5o=",
+        "lastModified": 1769524058,
+        "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "ff8702b4de27f72b4c78573dfb89ec74e36abdf1",
+        "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
         "type": "github"
       },
       "original": {
@@ -61,6 +82,21 @@
         "type": "github"
       }
     },
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1652776076,
+        "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "grub2-themes": {
       "inputs": {
         "nixpkgs": [
@@ -88,11 +124,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1781189114,
-        "narHash": "sha256-5inaamLgUMWy+MOBE9ChF9QAF1o/74LFuHkI0W/9rqc=",
+        "lastModified": 1771037579,
+        "narHash": "sha256-NX5XuhGcsmk0oEII2PEtMRgvh2KaAv3/WWQsOpxAgR4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "486595d2cf49cfcd649b58a284fa11ac0e34da22",
+        "rev": "05e6dc0f6ed936f918cb6f0f21f1dad1e4c53150",
         "type": "github"
       },
       "original": {
@@ -101,16 +137,56 @@
         "type": "github"
       }
     },
-    "nixos-hardware": {
+    "musnix": {
       "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": [
+          "nixpkgs"
+        ]
       },
       "locked": {
-        "lastModified": 1781168557,
-        "narHash": "sha256-LOnLQ2tpYF9gqIDDr3+j3DbpJJr/QCH6zPRT2GzEUOE=",
+        "lastModified": 1767232402,
+        "narHash": "sha256-li+h6crnhc5Zqs+M6pn7D7M0W9M63ECNennDjRgzioE=",
+        "owner": "musnix",
+        "repo": "musnix",
+        "rev": "d65f98e0b1f792365f1705653d7b2d266ceeff6e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "musnix",
+        "repo": "musnix",
+        "type": "github"
+      }
+    },
+    "nix-pre-commit": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "compose2nix",
+          "onchg",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1653259102,
+        "narHash": "sha256-XfCEu4zur/N2Dk4v8wFiQAgJ7bgNqPqwWp1vBXkeczM=",
+        "owner": "jmgilman",
+        "repo": "nix-pre-commit",
+        "rev": "6a99b2711c7eac9960939d8eb91e84322b22d50c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "jmgilman",
+        "repo": "nix-pre-commit",
+        "type": "github"
+      }
+    },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1770882871,
+        "narHash": "sha256-nw5g+xl3veea+maxJ2/81tMEA/rPq9aF1H5XF35X+OE=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "6358ff76821101c178e3ab4919a62799bfe3652e",
+        "rev": "af04cb78aa85b2a4d1c15fc7270347e0d0eda97b",
         "type": "github"
       },
       "original": {
@@ -130,11 +206,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1781182279,
-        "narHash": "sha256-V5EQQbDnmdiXGQXrEF1PEL7QYsFqfH8N1E89Z5ONwFk=",
+        "lastModified": 1770657009,
+        "narHash": "sha256-v/LA5ZSJ+JQYzMSKB4sySM0wKfsAqddNzzxLLnbsV/E=",
         "owner": "nix-community",
         "repo": "NixOS-WSL",
-        "rev": "5675822ba756e6e56f8f6a5a76e90e0da2ece94d",
+        "rev": "5b50ea1aaa14945d4794c80fcc99c4aa1db84d2d",
         "type": "github"
       },
       "original": {
@@ -146,56 +222,27 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1767892417,
-        "narHash": "sha256-8bW3q88CEg2u4hSP66Vf4lpbLonHz7hqDNBMcCY7E9U=",
-        "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba",
-        "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/unstable/nixos-26.05pre924538.3497aa5c9457/nixexprs.tar.xz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz"
-      }
-    },
-    "nixpkgs-beets": {
-      "locked": {
-        "lastModified": 1774610258,
-        "narHash": "sha256-HaThtroVD9wRdx7KQk0B75JmFcXlMUoEdDFNOMOlsOs=",
+        "lastModified": 1770843696,
+        "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "832efc09b4caf6b4569fbf9dc01bec3082a00611",
+        "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
         "repo": "nixpkgs",
-        "rev": "832efc09b4caf6b4569fbf9dc01bec3082a00611",
-        "type": "github"
-      }
-    },
-    "nixpkgs-calibre": {
-      "locked": {
-        "lastModified": 1776255774,
-        "narHash": "sha256-psVTpH6PK3q1htMJpmdz1hLF5pQgEshu7gQWgKO6t6Y=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "566acc07c54dc807f91625bb286cb9b321b5f42a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "566acc07c54dc807f91625bb286cb9b321b5f42a",
         "type": "github"
       }
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1781298072,
-        "narHash": "sha256-p7sszdPeM3Gm7LA+NrWlxn5Rp6Qp+TGbt2qC/XBCxgI=",
+        "lastModified": 1771056776,
+        "narHash": "sha256-0l776LxthDY08ujQ1h83k9z6K5vBg1bGc415AWeFOOI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "633f0c001a27731ee16cc504e831a4a9ccf071d6",
+        "rev": "d22fe1660f1f1ccbd52c9d2c09e92fe3861dd691",
         "type": "github"
       },
       "original": {
@@ -207,11 +254,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1780952837,
-        "narHash": "sha256-Fwd1+spDtQ0hDyBwme6ufG3n4mY0UrjjFdYHv+G/Hds=",
+        "lastModified": 1770770419,
+        "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e820eb4a444b46a19b2e03e8dfd2359439ff30fe",
+        "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a",
         "type": "github"
       },
       "original": {
@@ -221,19 +268,65 @@
         "type": "github"
       }
     },
-    "nixpkgs_2": {
+    "noctalia": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
       "locked": {
-        "lastModified": 1781074563,
-        "narHash": "sha256-md8WlXOlfnIeHeOScMTTHFyf2d6iaTwPl2apR5EQ3P4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "9ae611a455b90cf061d8f332b977e387bda8e1ca",
+        "lastModified": 1771045170,
+        "narHash": "sha256-esBQIlClWRgYYvtYW27N79fCbOUkuFj3gxwJrb8WFX4=",
+        "owner": "noctalia-dev",
+        "repo": "noctalia-shell",
+        "rev": "92612c09a9dce53d5dd60e53f066160f1cdf13b4",
         "type": "github"
       },
       "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
+        "owner": "noctalia-dev",
+        "repo": "noctalia-shell",
+        "type": "github"
+      }
+    },
+    "nypkgs": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1761401328,
+        "narHash": "sha256-1Mylp3ZHkft5Sg5VzMpRRvSNsuuO/Oj+cBqjkFoOnRg=",
+        "owner": "yunfachi",
+        "repo": "nypkgs",
+        "rev": "193c13630997d000e72e9ae6f6bfe9b71f5c4b3f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "yunfachi",
+        "repo": "nypkgs",
+        "type": "github"
+      }
+    },
+    "onchg": {
+      "inputs": {
+        "nix-pre-commit": "nix-pre-commit",
+        "nixpkgs": [
+          "compose2nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1720368454,
+        "narHash": "sha256-NUSw3G2gsQX8/G64/pDBb1oitM+x13m7nFRvpiI4a+s=",
+        "owner": "aksiksi",
+        "repo": "onchg-rs",
+        "rev": "c42b693d10920874b3644ef1502e33318409d69c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "aksiksi",
+        "repo": "onchg-rs",
         "type": "github"
       }
     },
@@ -247,11 +340,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1775856943,
-        "narHash": "sha256-b7Mp7P+q2Md5AGt4rjHfMcBykzMumFTen10ST++AuTU=",
+        "lastModified": 1770766818,
+        "narHash": "sha256-12RCFLyAedyMOdenUi7cN3ioJPEGjA/ZG1BLjugfUVs=",
         "owner": "nix-community",
         "repo": "plasma-manager",
-        "rev": "a524a6160e6df89f7673ba293cf7d78b559eb1a5",
+        "rev": "44b928068359b7d2310a34de39555c63c93a2c90",
         "type": "github"
       },
       "original": {
@@ -262,18 +355,20 @@
     },
     "root": {
       "inputs": {
+        "compose2nix": "compose2nix",
         "deploy-rs": "deploy-rs",
         "disko": "disko",
         "flake-compat": "flake-compat",
         "grub2-themes": "grub2-themes",
         "home-manager": "home-manager",
+        "musnix": "musnix",
         "nixos-hardware": "nixos-hardware",
         "nixos-wsl": "nixos-wsl",
-        "nixpkgs": "nixpkgs_2",
-        "nixpkgs-beets": "nixpkgs-beets",
-        "nixpkgs-calibre": "nixpkgs-calibre",
+        "nixpkgs": "nixpkgs",
         "nixpkgs-master": "nixpkgs-master",
         "nixpkgs-stable": "nixpkgs-stable",
+        "noctalia": "noctalia",
+        "nypkgs": "nypkgs",
         "plasma-manager": "plasma-manager",
         "sops-nix": "sops-nix",
         "utils": "utils",
@@ -288,11 +383,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1780547341,
-        "narHash": "sha256-Gq8KNx5A7hBB3uGJaj6eQfLDIz5YdLu92gqBcvHvoUo=",
+        "lastModified": 1770683991,
+        "narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "9ed65852b6257fbeae4355bc24ecfea307ca759a",
+        "rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033",
         "type": "github"
       },
       "original": {

flake.nix

@@ -6,12 +6,11 @@
     zapret.url = "github:oqyude/zapret-easyflake"; # stupid flake of zapret
 
     # nixpkgs
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
     # nixpkgs-last-unstable.url = "github:NixOS/nixpkgs/6b4955211758ba47fac850c040a27f23b9b4008f";
-    nixpkgs-calibre.url = "github:NixOS/nixpkgs/566acc07c54dc807f91625bb286cb9b321b5f42a";
+    # nixpkgs-calibre.url = "github:NixOS/nixpkgs/e6f23dc08d3624daab7094b701aa3954923c6bbb";
     nixpkgs-master.url = "github:NixOS/nixpkgs/master";
     nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
-    nixpkgs-beets.url = "github:NixOS/nixpkgs/832efc09b4caf6b4569fbf9dc01bec3082a00611"; # 2343bbb58f99267223bc2aac4fc9ea301a155a16
     #nixpkgs-fingerprint.url = "github:NixOS/nixpkgs/nixos-24.11";
 
     # nix-community
@@ -37,10 +36,14 @@
     # nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
     # flake-utils.url = "github:numtide/flake-utils";
     # flake-parts.url = "github:hercules-ci/flake-parts";
-    # noctalia = {
-    #   url = "github:noctalia-dev/noctalia-shell";
+    # nur = {
+    #   url = "github:nix-community/NUR";
     #   inputs.nixpkgs.follows = "nixpkgs";
     # };
+    noctalia = {
+      url = "github:noctalia-dev/noctalia-shell";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     home-manager = {
       url = "github:nix-community/home-manager"; # flake:home-manager
       inputs.nixpkgs.follows = "nixpkgs";
@@ -57,18 +60,14 @@
         home-manager.follows = "home-manager";
       };
     };
-    sops-nix = {
-      url = "github:Mic92/sops-nix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-    grub2-themes = {
-      url = "github:vinceliuice/grub2-themes";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
     # nix-index-database = {
     #   url = "github:nix-community/nix-index-database";
     #   inputs.nixpkgs.follows = "nixpkgs";
     # };
+    compose2nix = {
+      url = "github:aksiksi/compose2nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
 
     # extras
     # nix-gaming.url = "github:fufexan/nix-gaming";
@@ -79,15 +78,23 @@
     #     flake-compat.follows = "flake-compat";
     #   };
     # };
-    # musnix = {
-    #   url = "github:musnix/musnix";
-    #   inputs.nixpkgs.follows = "nixpkgs";
-    # };
-    # nypkgs = {
-    #   # https://github.com/yunfachi/nypkgs
-    #   url = "github:yunfachi/nypkgs";
-    #   inputs.nixpkgs.follows = "nixpkgs";
-    # };
+    musnix = {
+      url = "github:musnix/musnix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    grub2-themes = {
+      url = "github:vinceliuice/grub2-themes";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nypkgs = {
+      # https://github.com/yunfachi/nypkgs
+      url = "github:yunfachi/nypkgs";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     # stylix = {
     #   url = "github:danth/stylix";
     #   inputs = {

home/apps/default.nix

@@ -5,7 +5,7 @@
   imports = [
     ./gramps.nix
     ./streamrip.nix
-    # ./v2rayn.nix
+    ./v2rayn.nix
     ./yt-dlp.nix
   ];
 }

home/apps/streamrip.nix

@@ -4,7 +4,18 @@
   xlib,
   ...
 }:
+let
+  streamripPath = "${xlib.dirs.wsl-storage}/streamrip";
+in
 {
+  xdg = {
+    configFile = {
+      "streamrip" = {
+        source = config.lib.file.mkOutOfStoreSymlink streamripPath;
+        target = "streamrip";
+      };
+    };
+  };
   home.packages = [
     pkgs.streamrip
   ];

home/home.nix

@@ -15,7 +15,7 @@ let
         ];
         home = {
           username = username;
-          stateVersion = lib.mkDefault "26.05";
+          stateVersion = lib.mkDefault "25.05";
           homeDirectory =
             if username == "root" then lib.mkDefault "/${username}" else lib.mkDefault "/home/${username}";
           enableNixpkgsReleaseCheck = false;
@@ -24,7 +24,7 @@ let
       mkRootModule = username: {
         home = {
           username = username;
-          stateVersion = lib.mkDefault "26.05";
+          stateVersion = lib.mkDefault "25.05";
           homeDirectory =
             if username == "root" then lib.mkDefault "/${username}" else lib.mkDefault "/home/${username}";
           enableNixpkgsReleaseCheck = false;
@@ -36,7 +36,7 @@ let
         ];
         home = {
           username = username;
-          stateVersion = lib.mkDefault "26.05";
+          stateVersion = lib.mkDefault "25.05";
           homeDirectory =
             if username == "root" then lib.mkDefault "/${username}" else lib.mkDefault "/home/${username}";
           enableNixpkgsReleaseCheck = false;

home/modules/packages.nix

@@ -75,6 +75,7 @@
       # Games
       #ludusavi
       #prismlauncher
+      steam
       #lutris
 
       # AI

home/primary.nix

@@ -8,8 +8,12 @@
 let
   symlinksPaths = {
     # cfg
+    "${xlib.dirs.user-storage}/ssh/config" = ".ssh/config";
+    "${xlib.dirs.user-storage}/beets" = ".config/beets";
     "${xlib.dirs.user-storage}/ludusavi" = ".config/ludusavi";
+    "${xlib.dirs.user-storage}/solaar" = ".config/solaar";
     "${xlib.dirs.user-storage}/easyeffects" = ".config/easyeffects";
+    "${xlib.dirs.user-storage}/KeePassXC" = ".config/keepassxc";
     "${xlib.dirs.user-storage}/v2rayN" = ".local/share/v2rayN";
     "/etc/nixos" = "Configuration";
 

home/secondary.nix

@@ -8,13 +8,18 @@
 let
   symlinksPaths = {
     # cfg
+    "${xlib.dirs.user-storage}/ssh/config" = ".ssh/config";
+    "${xlib.dirs.user-storage}/beets" = ".config/beets";
     "${xlib.dirs.user-storage}/ludusavi" = ".config/ludusavi";
+    "${xlib.dirs.user-storage}/solaar" = ".config/solaar";
+    "${xlib.dirs.user-storage}/easyeffects" = ".config/easyeffects";
+    "${xlib.dirs.user-storage}/KeePassXC" = ".config/keepassxc";
     "${xlib.dirs.user-storage}/v2rayN" = ".local/share/v2rayN";
     "/etc/nixos" = "Configuration";
 
     "${config.home.homeDirectory}/Games/PrismLaunchers/${config.home.username}" =
       ".local/share/PrismLauncher";
-    "${xlib.dirs.lamet-drive}/Users/oqyude/Music" = "Music";
+    #"${xlib.dirs.lamet-drive}/Users/oqyude/Music" = "Music";
   };
   mkLinks = lib.mapAttrs' (sourcePath: targetPath: {
     name = targetPath;

home/server.nix

@@ -8,6 +8,9 @@
 let
   symlinksPaths = {
     "${config.home.homeDirectory}/External/Music" = "Music";
+    "${xlib.dirs.storage}/beets" = ".config/beets";
+    "${xlib.dirs.storage}/ssh/config" = ".ssh/config";
+    "${xlib.dirs.storage}/ssh/known_hosts" = ".ssh/known_hosts";
   };
   mkLinks = lib.mapAttrs' (sourcePath: targetPath: {
     name = targetPath;

home/wsl.nix

@@ -9,7 +9,10 @@ let
   symlinksPaths = {
     "${config.home.homeDirectory}/External/Music" = "Music";
     "${xlib.dirs.wsl-home}" = "External";
-    "${xlib.dirs.wsl-storage}" = "Storage";
+    "${xlib.dirs.wsl-storage}/beets" = ".config/beets";
+    "${xlib.dirs.wsl-storage}/ssh/config" = ".ssh/config";
+    "${xlib.dirs.wsl-storage}/ssh/known_hosts" = ".ssh/known_hosts";
+    "${xlib.dirs.wsl-storage}/flow" = ".config/flow";
   };
   mkLinks = lib.mapAttrs' (sourcePath: targetPath: {
     name = targetPath;

modules/containers/3x-ui.nix

@@ -1,131 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  xlib,
-  ...
-}:
-{
-  virtualisation = {
-    podman = {
-      enable = true;
-      autoPrune = {
-        enable = true;
-        flags = [ "--all" ];
-      };
-      dockerCompat = true;
-    };
-    oci-containers = {
-      backend = "podman";
-      containers."3xui_app" = {
-        image = "ghcr.io/mhsanaei/3x-ui:latest";
-        environment = {
-          "XRAY_VMESS_AEAD_FORCED" = "false";
-          "XUI_ENABLE_FAIL2BAN" = "true";
-          "TZ" = "Europe/Moscow";
-        };
-        volumes = [
-          "${xlib.dirs.services-mnt-folder}/containers/3x-ui/cert/:/root/cert:rw"
-          "${xlib.dirs.services-mnt-folder}/containers/3x-ui/db/:/etc/x-ui:rw"
-        ];
-        log-driver = "journald";
-        extraOptions = [
-          "--network=host"
-        ];
-      };
-    };
-  };
-
-  systemd = {
-    services = {
-      "podman-3xui_app" = {
-        serviceConfig = {
-          Restart = lib.mkOverride 90 "always";
-        };
-        partOf = [
-          "podman-compose-3x-ui-root.target"
-        ];
-        wantedBy = [
-          "podman-compose-3x-ui-root.target"
-        ];
-      };
-      # Update
-      "podman-update-3xui_app" = {
-        path = [
-          pkgs.podman
-        ];
-        serviceConfig = {
-          Type = "oneshot";
-          TimeoutSec = 300;
-        };
-        script = ''
-          podman pull ghcr.io/mhsanaei/3x-ui:latest
-          systemctl restart podman-3xui_app.service
-        '';
-      };
-      # Builds
-      # "podman-build-3xui_app" = {
-      #   path = [
-      #     pkgs.podman
-      #     pkgs.git
-      #   ];
-      #   serviceConfig = {
-      #     Type = "oneshot";
-      #     TimeoutSec = 300;
-      #   };
-      #   script = ''
-      #     cd /mnt/containers/3x-ui
-      #     podman build -t compose2nix/3xui_app -f ./Dockerfile .
-      #   '';
-      # };
-    };
-    # Root service
-    # When started, this will automatically create all resources and start
-    # the containers. When stopped, this will teardown all resources.
-    targets."podman-compose-3x-ui-root" = {
-      unitConfig = {
-        Description = "Root target generated by compose2nix.";
-      };
-      wantedBy = [ "multi-user.target" ];
-    };
-    timers."podman-update-3xui_app" = {
-      wantedBy = [ "timers.target" ];
-      timerConfig = {
-        OnCalendar = "weekly";
-        Persistent = true;
-      };
-    };
-    # Folders
-    tmpfiles.rules = [
-      "d /mnt 0755 root root -"
-      "d /mnt/containers 0755 root root -"
-      "d /mnt/services/containers 0755 root root -"
-      "d /mnt/services/containers/3x-ui 0755 root root -"
-      "d /mnt/services/containers/3x-ui/cert 0755 root root -"
-      "d /mnt/services/containers/3x-ui/db 0755 root root -"
-    ];
-  };
-
-  # Enable container name DNS for all Podman networks.
-  networking.firewall = {
-    allowedUDPPortRanges = [
-      {
-        from = 14380;
-        to = 15380;
-      }
-    ];
-    allowedTCPPortRanges = [
-      {
-        from = 14380;
-        to = 15380;
-      }
-    ];
-    interfaces =
-      let
-        matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
-      in
-      {
-        "${matchAll}".allowedUDPPorts = [ 53 ];
-      };
-  };
-}

modules/containers/openhands.nix

@@ -1,121 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  xlib,
-  ...
-}:
-
-{
-  # Runtime
-  virtualisation.podman = {
-    enable = true;
-    autoPrune.enable = true;
-    dockerCompat = true;
-    dockerSocket.enable = true;
-    defaultNetwork.settings.dns_enabled = true;
-  };
-
-  # Enable container name DNS for all Podman networks.
-  networking.firewall.interfaces =
-    let
-      matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
-    in
-    {
-      "${matchAll}".allowedUDPPorts = [ 53 ];
-    };
-
-  virtualisation.oci-containers.backend = "podman";
-
-  # Containers
-  virtualisation.oci-containers.containers."openhands-app" = {
-    image = "ghcr.io/openhands/openhands:latest";
-    environment = {
-      "AGENT_SERVER_IMAGE_REPOSITORY" = "ghcr.io/openhands/agent-server";
-      "AGENT_SERVER_IMAGE_TAG" = "31536c8-python";
-      "WORKSPACE_MOUNT_PATH" = "${xlib.dirs.services-mnt-folder}/containers/openhands/workspace";
-    };
-    volumes = [
-      "${xlib.dirs.services-mnt-folder}/containers/openhands/userspace:/.openhands:rw"
-      "${xlib.dirs.services-mnt-folder}/containers/openhands/workspace:/opt/workspace_base:rw"
-      "/run/podman/podman.sock:/var/run/docker.sock:rw"
-    ];
-    ports = [
-      "3000:3000/tcp"
-    ];
-    log-driver = "journald";
-    extraOptions = [
-      # "--network=host"
-      "--add-host=host.docker.internal:host-gateway"
-      "--network-alias=openhands"
-      "--network=openhands_default"
-    ];
-  };
-  systemd.services."podman-openhands-app" = {
-    serviceConfig = {
-      Restart = lib.mkOverride 90 "no";
-    };
-    after = [
-      "podman-network-openhands_default.service"
-    ];
-    requires = [
-      "podman-network-openhands_default.service"
-    ];
-    partOf = [
-      "podman-compose-openhands-root.target"
-    ];
-    wantedBy = [
-      "podman-compose-openhands-root.target"
-    ];
-  };
-
-  # Networks
-  systemd.services."podman-network-openhands_default" = {
-    path = [ pkgs.podman ];
-    serviceConfig = {
-      Type = "oneshot";
-      RemainAfterExit = true;
-      ExecStop = "podman network rm -f openhands_default";
-    };
-    script = ''
-      podman network inspect openhands_default || podman network create openhands_default
-    '';
-    partOf = [ "podman-compose-openhands-root.target" ];
-    wantedBy = [ "podman-compose-openhands-root.target" ];
-  };
-
-  # Builds
-  # systemd.services."podman-build-openhands-app" = {
-  #   enable = false;
-  #   path = [
-  #     pkgs.podman
-  #     pkgs.git
-  #   ];
-  #   serviceConfig = {
-  #     Type = "oneshot";
-  #     TimeoutSec = 300;
-  #   };
-  #   script = ''
-  #     cd ${xlib.dirs.services-mnt-folder}/containers/openhands/source
-  #     podman build -t openhands:latest -f ./containers/app/Dockerfile .
-  #   '';
-  # };
-
-  # Root service
-  # When started, this will automatically create all resources and start
-  # the containers. When stopped, this will teardown all resources.
-  systemd.targets."podman-compose-openhands-root" = {
-    unitConfig = {
-      Description = "Root target generated by compose2nix.";
-    };
-    wantedBy = [ "multi-user.target" ];
-  };
-
-  systemd.tmpfiles.rules = [
-    "d ${xlib.dirs.services-mnt-folder} 0755 root root -"
-    "d ${xlib.dirs.services-mnt-folder}/containers 0755 root root -"
-    "d ${xlib.dirs.services-mnt-folder}/containers/openhands 0755 root root -"
-    "d ${xlib.dirs.services-mnt-folder}/containers/openhands/userspace 0755 root root -"
-    "d ${xlib.dirs.services-mnt-folder}/containers/openhands/workspace 0755 root root -"
-  ];
-}

modules/containers/remnanode.nix

@@ -1,15 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  inputs,
-  xlib,
-  ...
-}:
-{
-  systemd.tmpfiles.rules = [
-    "d ${xlib.dirs.services-mnt-folder} 0755 root root -"
-    "d ${xlib.dirs.services-mnt-folder}/containers 0755 root root -"
-    "d ${xlib.dirs.services-mnt-folder}/containers/remnanode 0755 root root -"
-  ];
-}

modules/containers/remnawave-examples/docker-compose-local.nix

@@ -1,115 +0,0 @@
-# Auto-generated by compose2nix.
-
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-
-{
-  # Runtime
-  virtualisation.podman = {
-    enable = true;
-    autoPrune.enable = true;
-    dockerCompat = true;
-  };
-
-  # Enable container name DNS for all Podman networks.
-  networking.firewall.interfaces =
-    let
-      matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
-    in
-    {
-      "${matchAll}".allowedUDPPorts = [ 53 ];
-    };
-
-  virtualisation.oci-containers.backend = "podman";
-
-  # Containers
-  virtualisation.oci-containers.containers."remnawave-panel-1" = {
-    image = "localhost/compose2nix/remnawave-panel-1";
-    environment = {
-      "API_INSTANCES" = "1";
-      "APP_PORT" = "3000";
-      "BANDWIDTH_USAGE_NOTIFICATIONS_ENABLED" = "false";
-      "BANDWIDTH_USAGE_NOTIFICATIONS_THRESHOLD" = "[60, 80]";
-      "CLOUDFLARE_TOKEN" = "ey...";
-      "DATABASE_URL" = "postgresql://remnawave:remnawave@remnawave-db:5432/postgres";
-      "FRONT_END_DOMAIN" = "*";
-      "IS_DOCS_ENABLED" = "false";
-      "IS_TELEGRAM_NOTIFICATIONS_ENABLED" = "false";
-      "JWT_API_TOKENS_SECRET" =
-        "787aa44c10130a9fa17ea3ea50c1248dd3e868f74941b96c09d608051399f88b95b67cd68d045aa39658b4b3fe933bf2b2c1437522498976f39f85ae1eab40da";
-      "JWT_AUTH_SECRET" =
-        "2bc14bacb6b82ce9e3ef69f8dd7bfb6b8a531f4f516902735d1d8f1bac8ff9b5077398f95b942b1adafc0ca1da4cdfd24a18539fa6eb26bee3f597a45deac94a";
-      "METRICS_PASS" = "admin";
-      "METRICS_PORT" = "3001";
-      "METRICS_USER" = "admin";
-      "NOT_CONNECTED_USERS_NOTIFICATIONS_AFTER_HOURS" = "[6, 24, 48]";
-      "NOT_CONNECTED_USERS_NOTIFICATIONS_ENABLED" = "false";
-      "PANEL_DOMAIN" = "rw.zeroq.ru";
-      "POSTGRES_DB" = "remnawave";
-      "POSTGRES_PASSWORD" = "gQLqOm2jK/Z1oBXCD18XSgr76M8ZqkVhHZbNKvZQXnY=";
-      "POSTGRES_USER" = "remnawave";
-      "REDIS_SOCKET" = "/var/run/valkey/valkey.sock";
-      "SCALAR_PATH" = "/scalar";
-      "SUB_PUBLIC_DOMAIN" = "rw.zeroq.ru/api/sub";
-      "SWAGGER_PATH" = "/docs";
-      # "TELEGRAM_BOT_TOKEN" = "change_me";
-      # "TELEGRAM_NOTIFY_CRM" = "change_me";
-      # "TELEGRAM_NOTIFY_NODES" = "change_me";
-      # "TELEGRAM_NOTIFY_SERVICE" = "change_me";
-      # "TELEGRAM_NOTIFY_TBLOCKER" = "change_me";
-      # "TELEGRAM_NOTIFY_USERS" = "change_me";
-      "WEBHOOK_ENABLED" = "false";
-      "WEBHOOK_SECRET_HEADER" = "vsmu67Kmg6R8FjIOF1WUY8LWBHie4scdEqrfsKmyf4IAf8dY3nFS0wwYHkhh6ZvQ";
-      "WEBHOOK_URL" = "https://your-webhook-url.com/endpoint";
-    };
-    ports = [
-      "3003:3003/tcp"
-    ];
-    log-driver = "journald";
-    extraOptions = [
-      "--network-alias=remnawave-panel-1"
-      "--network=remnawavebackend_default"
-    ];
-  };
-  systemd.services."podman-remnawave-panel-1" = {
-    serviceConfig = {
-      Restart = lib.mkOverride 90 "always";
-    };
-    partOf = [
-      "podman-compose-remnawave-root.target"
-    ];
-    wantedBy = [
-      "podman-compose-remnawave-root.target"
-    ];
-  };
-
-  # Builds
-  systemd.services."podman-build-remnawave-panel-1" = {
-    path = [
-      pkgs.podman
-      pkgs.git
-    ];
-    serviceConfig = {
-      Type = "oneshot";
-      TimeoutSec = 300;
-    };
-    script = ''
-      cd /mnt/s/Deploy/remnawave-backend
-      podman build -t compose2nix/remnawave-panel-1 .
-    '';
-  };
-
-  # Root service
-  # When started, this will automatically create all resources and start
-  # the containers. When stopped, this will teardown all resources.
-  systemd.targets."podman-compose-remnawave-root" = {
-    unitConfig = {
-      Description = "Root target generated by compose2nix.";
-    };
-    wantedBy = [ "multi-user.target" ];
-  };
-}

modules/containers/remnawave-examples/docker-compose-prod.nix

@@ -1,290 +0,0 @@
-# Auto-generated by compose2nix.
-
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}:
-
-{
-  # Runtime
-  virtualisation.podman = {
-    enable = true;
-    autoPrune.enable = true;
-    dockerCompat = true;
-  };
-
-  # Enable container name DNS for all Podman networks.
-  networking.firewall.interfaces =
-    let
-      matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
-    in
-    {
-      "${matchAll}".allowedUDPPorts = [ 53 ];
-    };
-
-  virtualisation.oci-containers.backend = "podman";
-
-  # Containers
-  virtualisation.oci-containers.containers."remnawave" = {
-    image = "remnawave/backend:2";
-    environment = {
-      "API_INSTANCES" = "1";
-      "APP_PORT" = "3000";
-      "BANDWIDTH_USAGE_NOTIFICATIONS_ENABLED" = "false";
-      "BANDWIDTH_USAGE_NOTIFICATIONS_THRESHOLD" = "[60, 80]";
-      "CLOUDFLARE_TOKEN" = "ey...";
-      "DATABASE_URL" = "postgresql://remnawave:remnawave@remnawave-db:5432/postgres";
-      "FRONT_END_DOMAIN" = "*";
-      "IS_DOCS_ENABLED" = "false";
-      "IS_TELEGRAM_NOTIFICATIONS_ENABLED" = "false";
-      "JWT_API_TOKENS_SECRET" =
-        "787aa44c10130a9fa17ea3ea50c1248dd3e868f74941b96c09d608051399f88b95b67cd68d045aa39658b4b3fe933bf2b2c1437522498976f39f85ae1eab40da";
-      "JWT_AUTH_SECRET" =
-        "2bc14bacb6b82ce9e3ef69f8dd7bfb6b8a531f4f516902735d1d8f1bac8ff9b5077398f95b942b1adafc0ca1da4cdfd24a18539fa6eb26bee3f597a45deac94a";
-      "METRICS_PASS" = "admin";
-      "METRICS_PORT" = "3001";
-      "METRICS_USER" = "admin";
-      "NOT_CONNECTED_USERS_NOTIFICATIONS_AFTER_HOURS" = "[6, 24, 48]";
-      "NOT_CONNECTED_USERS_NOTIFICATIONS_ENABLED" = "false";
-      "PANEL_DOMAIN" = "rw.zeroq.ru";
-      "POSTGRES_DB" = "remnawave";
-      "POSTGRES_PASSWORD" = "gQLqOm2jK/Z1oBXCD18XSgr76M8ZqkVhHZbNKvZQXnY=";
-      "POSTGRES_USER" = "remnawave";
-      "REDIS_SOCKET" = "/var/run/valkey/valkey.sock";
-      "SCALAR_PATH" = "/scalar";
-      "SUB_PUBLIC_DOMAIN" = "rw.zeroq.ru/api/sub";
-      "SWAGGER_PATH" = "/docs";
-      "TELEGRAM_BOT_TOKEN" = "change_me";
-      "TELEGRAM_NOTIFY_CRM" = "change_me";
-      "TELEGRAM_NOTIFY_NODES" = "change_me";
-      "TELEGRAM_NOTIFY_SERVICE" = "change_me";
-      "TELEGRAM_NOTIFY_TBLOCKER" = "change_me";
-      "TELEGRAM_NOTIFY_USERS" = "change_me";
-      "WEBHOOK_ENABLED" = "false";
-      "WEBHOOK_SECRET_HEADER" = "vsmu67Kmg6R8FjIOF1WUY8LWBHie4scdEqrfsKmyf4IAf8dY3nFS0wwYHkhh6ZvQ";
-      "WEBHOOK_URL" = "https://your-webhook-url.com/endpoint";
-    };
-    volumes = [
-      "valkey-socket:/var/run/valkey:rw"
-    ];
-    ports = [
-      "127.0.0.1:3000:3000/tcp"
-      "127.0.0.1:3001:3001/tcp"
-    ];
-    dependsOn = [
-      "remnawave-db"
-      "remnawave-redis"
-    ];
-    log-driver = "journald";
-    extraOptions = [
-      "--health-cmd=curl -f http://localhost:3001/health"
-      "--health-interval=30s"
-      "--health-retries=3"
-      "--health-start-period=30s"
-      "--health-timeout=5s"
-      "--hostname=remnawave"
-      "--network-alias=remnawave"
-      "--network=remnawave-network"
-    ];
-  };
-  systemd.services."podman-remnawave" = {
-    serviceConfig = {
-      Restart = lib.mkOverride 90 "always";
-    };
-    after = [
-      "podman-network-remnawave-network.service"
-      "podman-volume-valkey-socket.service"
-    ];
-    requires = [
-      "podman-network-remnawave-network.service"
-      "podman-volume-valkey-socket.service"
-    ];
-    partOf = [
-      "podman-compose-remnawave-root.target"
-    ];
-    wantedBy = [
-      "podman-compose-remnawave-root.target"
-    ];
-  };
-  virtualisation.oci-containers.containers."remnawave-db" = {
-    image = "postgres:17.6";
-    environment = {
-      "API_INSTANCES" = "1";
-      "APP_PORT" = "3000";
-      "BANDWIDTH_USAGE_NOTIFICATIONS_ENABLED" = "false";
-      "BANDWIDTH_USAGE_NOTIFICATIONS_THRESHOLD" = "[60, 80]";
-      "CLOUDFLARE_TOKEN" = "ey...";
-      "DATABASE_URL" = "postgresql://remnawave:remnawave@remnawave-db:5432/postgres";
-      "FRONT_END_DOMAIN" = "*";
-      "IS_DOCS_ENABLED" = "false";
-      "IS_TELEGRAM_NOTIFICATIONS_ENABLED" = "false";
-      "JWT_API_TOKENS_SECRET" =
-        "787aa44c10130a9fa17ea3ea50c1248dd3e868f74941b96c09d608051399f88b95b67cd68d045aa39658b4b3fe933bf2b2c1437522498976f39f85ae1eab40da";
-      "JWT_AUTH_SECRET" =
-        "2bc14bacb6b82ce9e3ef69f8dd7bfb6b8a531f4f516902735d1d8f1bac8ff9b5077398f95b942b1adafc0ca1da4cdfd24a18539fa6eb26bee3f597a45deac94a";
-      "METRICS_PASS" = "admin";
-      "METRICS_PORT" = "3001";
-      "METRICS_USER" = "admin";
-      "NOT_CONNECTED_USERS_NOTIFICATIONS_AFTER_HOURS" = "[6, 24, 48]";
-      "NOT_CONNECTED_USERS_NOTIFICATIONS_ENABLED" = "false";
-      "PANEL_DOMAIN" = "rw.zeroq.ru";
-      "POSTGRES_DB" = "";
-      "POSTGRES_PASSWORD" = "";
-      "POSTGRES_USER" = "";
-      "REDIS_SOCKET" = "/var/run/valkey/valkey.sock";
-      "SCALAR_PATH" = "/scalar";
-      "SUB_PUBLIC_DOMAIN" = "rw.zeroq.ru/api/sub";
-      "SWAGGER_PATH" = "/docs";
-      "TELEGRAM_BOT_TOKEN" = "change_me";
-      "TELEGRAM_NOTIFY_CRM" = "change_me";
-      "TELEGRAM_NOTIFY_NODES" = "change_me";
-      "TELEGRAM_NOTIFY_SERVICE" = "change_me";
-      "TELEGRAM_NOTIFY_TBLOCKER" = "change_me";
-      "TELEGRAM_NOTIFY_USERS" = "change_me";
-      "TZ" = "UTC";
-      "WEBHOOK_ENABLED" = "false";
-      "WEBHOOK_SECRET_HEADER" = "vsmu67Kmg6R8FjIOF1WUY8LWBHie4scdEqrfsKmyf4IAf8dY3nFS0wwYHkhh6ZvQ";
-      "WEBHOOK_URL" = "https://your-webhook-url.com/endpoint";
-    };
-    volumes = [
-      "remnawave-db-data:/var/lib/postgresql/data:rw"
-    ];
-    ports = [
-      "127.0.0.1:6767:5432/tcp"
-    ];
-    log-driver = "journald";
-    extraOptions = [
-      "--health-cmd=pg_isready -U \${POSTGRES_USER} -d \${POSTGRES_DB}"
-      "--health-interval=3s"
-      "--health-retries=3"
-      "--health-timeout=10s"
-      "--hostname=remnawave-db"
-      "--network-alias=remnawave-db"
-      "--network=remnawave-network"
-    ];
-  };
-  systemd.services."podman-remnawave-db" = {
-    serviceConfig = {
-      Restart = lib.mkOverride 90 "always";
-    };
-    after = [
-      "podman-network-remnawave-network.service"
-      "podman-volume-remnawave-db-data.service"
-    ];
-    requires = [
-      "podman-network-remnawave-network.service"
-      "podman-volume-remnawave-db-data.service"
-    ];
-    partOf = [
-      "podman-compose-remnawave-root.target"
-    ];
-    wantedBy = [
-      "podman-compose-remnawave-root.target"
-    ];
-  };
-  virtualisation.oci-containers.containers."remnawave-redis" = {
-    image = "valkey/valkey:9-alpine";
-    volumes = [
-      "valkey-socket:/var/run/valkey:rw"
-    ];
-    cmd = [
-      "valkey-server"
-      "--save"
-      ""
-      "--appendonly"
-      "no"
-      "--maxmemory-policy"
-      "noeviction"
-      "--loglevel"
-      "warning"
-      "--unixsocket"
-      "/var/run/valkey/valkey.sock"
-      "--unixsocketperm"
-      "777"
-      "--port"
-      "0"
-    ];
-    log-driver = "journald";
-    extraOptions = [
-      "--health-cmd=[\"valkey-cli\", \"-s\", \"/var/run/valkey/valkey.sock\", \"ping\"]"
-      "--health-interval=3s"
-      "--health-retries=3"
-      "--health-timeout=3s"
-      "--hostname=remnawave-redis"
-      "--network-alias=remnawave-redis"
-      "--network=remnawave-network"
-    ];
-  };
-  systemd.services."podman-remnawave-redis" = {
-    serviceConfig = {
-      Restart = lib.mkOverride 90 "always";
-    };
-    after = [
-      "podman-network-remnawave-network.service"
-      "podman-volume-valkey-socket.service"
-    ];
-    requires = [
-      "podman-network-remnawave-network.service"
-      "podman-volume-valkey-socket.service"
-    ];
-    partOf = [
-      "podman-compose-remnawave-root.target"
-    ];
-    wantedBy = [
-      "podman-compose-remnawave-root.target"
-    ];
-  };
-
-  # Networks
-  systemd.services."podman-network-remnawave-network" = {
-    path = [ pkgs.podman ];
-    serviceConfig = {
-      Type = "oneshot";
-      RemainAfterExit = true;
-      ExecStop = "podman network rm -f remnawave-network";
-    };
-    script = ''
-      podman network inspect remnawave-network || podman network create remnawave-network --driver=bridge
-    '';
-    partOf = [ "podman-compose-remnawave-root.target" ];
-    wantedBy = [ "podman-compose-remnawave-root.target" ];
-  };
-
-  # Volumes
-  systemd.services."podman-volume-remnawave-db-data" = {
-    path = [ pkgs.podman ];
-    serviceConfig = {
-      Type = "oneshot";
-      RemainAfterExit = true;
-    };
-    script = ''
-      podman volume inspect remnawave-db-data || podman volume create remnawave-db-data --driver=local
-    '';
-    partOf = [ "podman-compose-remnawave-root.target" ];
-    wantedBy = [ "podman-compose-remnawave-root.target" ];
-  };
-  systemd.services."podman-volume-valkey-socket" = {
-    path = [ pkgs.podman ];
-    serviceConfig = {
-      Type = "oneshot";
-      RemainAfterExit = true;
-    };
-    script = ''
-      podman volume inspect valkey-socket || podman volume create valkey-socket --driver=local
-    '';
-    partOf = [ "podman-compose-remnawave-root.target" ];
-    wantedBy = [ "podman-compose-remnawave-root.target" ];
-  };
-
-  # Root service
-  # When started, this will automatically create all resources and start
-  # the containers. When stopped, this will teardown all resources.
-  systemd.targets."podman-compose-remnawave-root" = {
-    unitConfig = {
-      Description = "Root target generated by compose2nix.";
-    };
-    wantedBy = [ "multi-user.target" ];
-  };
-}

modules/containers/remnawave.nix

@@ -1,198 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  inputs,
-  xlib,
-  ...
-}:
-{
-  # Runtime
-  virtualisation.podman = {
-    enable = true;
-    autoPrune.enable = true;
-    dockerCompat = true;
-  };
-
-  # Enable container name DNS for all Podman networks.
-  networking.firewall.interfaces =
-    let
-      matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
-    in
-    {
-      "${matchAll}".allowedUDPPorts = [ 53 ];
-    };
-
-  virtualisation.oci-containers.backend = "podman";
-
-  # Containers
-  virtualisation.oci-containers.containers."remnawave-panel-1" = {
-    image = "ghcr.io/remnawave/backend:latest";
-    environment = {
-      "API_INSTANCES" = "1";
-      "APP_PORT" = "3000";
-      "BANDWIDTH_USAGE_NOTIFICATIONS_ENABLED" = "false";
-      "BANDWIDTH_USAGE_NOTIFICATIONS_THRESHOLD" = "[60, 80]";
-      "FRONT_END_DOMAIN" = "*";
-      "IS_DOCS_ENABLED" = "false";
-      "IS_TELEGRAM_NOTIFICATIONS_ENABLED" = "false";
-      "METRICS_PASS" = "admin";
-      "METRICS_PORT" = "3001";
-      "METRICS_USER" = "admin";
-      "NOT_CONNECTED_USERS_NOTIFICATIONS_AFTER_HOURS" = "[6, 24, 48]";
-      "NOT_CONNECTED_USERS_NOTIFICATIONS_ENABLED" = "false";
-      "PANEL_DOMAIN" = "rw.zeroq.su";
-      "POSTGRES_DB" = "remnawave";
-      "POSTGRES_USER" = "remnawave";
-      "REDIS_SOCKET" = "/var/run/valkey/valkey.sock";
-      "SCALAR_PATH" = "/scalar";
-      "SUB_PUBLIC_DOMAIN" = "rw.zeroq.su/api/sub";
-      "SWAGGER_PATH" = "/docs";
-      # "TELEGRAM_BOT_TOKEN" = "change_me";
-      # "TELEGRAM_NOTIFY_CRM" = "change_me";
-      # "TELEGRAM_NOTIFY_NODES" = "change_me";
-      # "TELEGRAM_NOTIFY_SERVICE" = "change_me";
-      # "TELEGRAM_NOTIFY_TBLOCKER" = "change_me";
-      # "TELEGRAM_NOTIFY_USERS" = "change_me";
-      "WEBHOOK_ENABLED" = "false";
-      # "WEBHOOK_URL" = "https://your-webhook-url.com/endpoint";
-    };
-    environmentFiles = [
-      "/run/secrets/remnawave-env"
-    ];
-    ports = [
-      "3003:3003/tcp"
-    ];
-    log-driver = "journald";
-    extraOptions = [
-      "--network-alias=remnawave-panel-1"
-      "--network=host" # "--network=remnawavebackend_default"
-    ];
-  };
-  systemd.services."podman-remnawave-panel-1" = {
-    serviceConfig = {
-      Restart = lib.mkOverride 90 "always";
-    };
-    partOf = [
-      "podman-compose-remnawave-root.target"
-    ];
-    wantedBy = [
-      "podman-compose-remnawave-root.target"
-    ];
-  };
-
-  # Builds
-  # systemd.services."podman-build-remnawave-panel-1" = {
-  #   path = [ pkgs.podman pkgs.git ];
-  #   serviceConfig = {
-  #     Type = "oneshot";
-  #     TimeoutSec = 300;
-  #   };
-  #   script = ''
-  #     cd /mnt/s/Deploy/remnawave-backend
-  #     podman build -t compose2nix/remnawave-panel-1 .
-  #   '';
-  # };
-
-  # Root service
-  # When started, this will automatically create all resources and start
-  # the containers. When stopped, this will teardown all resources.
-  systemd.targets."podman-compose-remnawave-root" = {
-    unitConfig = {
-      Description = "Root target generated by compose2nix.";
-    };
-    wantedBy = [ "multi-user.target" ];
-  };
-
-  services = {
-    postgresql = {
-      ensureDatabases = [ "remnawave" ];
-      ensureUsers = [
-        {
-          name = "remnawave";
-          ensureDBOwnership = true;
-        }
-      ];
-    };
-  };
-
-  systemd.services = {
-    remnawave-env = {
-      description = "Generate remnawave env file";
-      requiredBy = [ "podman-remnawave-panel-1.service" ];
-      before = [ "podman-remnawave-panel-1.service" ];
-      serviceConfig = {
-        Type = "oneshot";
-        User = "root";
-      };
-      script = ''
-        cat > /run/secrets/remnawave-env <<EOF
-          DATABASE_URL=$(cat ${config.sops.secrets.DATABASE_URL.path})
-          DATABASE_PASSWORD=$(cat ${config.sops.secrets.DATABASE_PASSWORD.path})
-          JWT_AUTH_SECRET=$(cat ${config.sops.secrets.JWT_AUTH_SECRET.path})
-          JWT_API_TOKENS_SECRET=$(cat ${config.sops.secrets.JWT_API_TOKENS_SECRET.path})
-          WEBHOOK_SECRET_HEADER=$(cat ${config.sops.secrets.WEBHOOK_SECRET_HEADER.path})
-          EOF
-        chmod 600 /run/secrets/remnawave-env
-      '';
-      wantedBy = [ "multi-user.target" ];
-    };
-    remnawave-db-init = {
-      description = "Initialize Remnawave DB user";
-      after = [ "postgresql.service" ];
-      requires = [ "postgresql.service" ];
-      serviceConfig = {
-        Type = "oneshot";
-        User = "postgres";
-      };
-      script = ''
-        PASSWORD=$(cat ${config.sops.secrets.DATABASE_PASSWORD.path})
-        ${pkgs.postgresql}/bin/psql -v ON_ERROR_STOP=1 <<EOF
-        DO \$\$
-        BEGIN
-          IF EXISTS (SELECT 1 FROM pg_roles WHERE rolname='remnawave') THEN
-              EXECUTE format('ALTER ROLE remnawave WITH PASSWORD %L', '$PASSWORD');
-          END IF;
-        END
-        \$\$ LANGUAGE plpgsql;
-        EOF
-      '';
-      wantedBy = [ "multi-user.target" ];
-    };
-  };
-
-  sops.secrets = {
-    DATABASE_PASSWORD = {
-      key = "DATABASE_PASSWORD";
-      sopsFile = ./secrets/remnawave.yaml;
-      owner = "postgres";
-      group = "postgres";
-      mode = "0400";
-    };
-    WEBHOOK_SECRET_HEADER = {
-      key = "WEBHOOK_SECRET_HEADER";
-      sopsFile = ./secrets/remnawave.yaml;
-      mode = "0400";
-    };
-    DATABASE_URL = {
-      key = "DATABASE_URL";
-      sopsFile = ./secrets/remnawave.yaml;
-      mode = "0400";
-    };
-    JWT_AUTH_SECRET = {
-      key = "JWT_AUTH_SECRET";
-      sopsFile = ./secrets/remnawave.yaml;
-      mode = "0400";
-    };
-    JWT_API_TOKENS_SECRET = {
-      key = "JWT_API_TOKENS_SECRET";
-      sopsFile = ./secrets/remnawave.yaml;
-      mode = "0400";
-    };
-  };
-  systemd.tmpfiles.rules = [
-    "d ${xlib.dirs.services-mnt-folder} 0755 root root -"
-    "d ${xlib.dirs.services-mnt-folder}/containers 0755 root root -"
-    "d ${xlib.dirs.services-mnt-folder}/containers/remnawave 0755 root root -"
-  ];
-}

modules/containers/secrets/remnawave.yaml

@@ -1,20 +0,0 @@
-DATABASE_PASSWORD: ENC[AES256_GCM,data:DRactR3j13q9zHFO0puGhBv09CX9YJc9KtFSLuOUVV/U7O/Nmh5Hb4ID0+A=,iv:5ErptccuQIVxfZKIcpfO5yVtcM0zE7kPn4v7kHctTP8=,tag:e3w8Rz+wGLTrxDSNftmkLw==,type:str]
-WEBHOOK_SECRET_HEADER: ENC[AES256_GCM,data:ZJYKwG1a8JH0ODeRnrv395plPN7PA18+gi3R/ueGd/r8OrtbVGL8UnZ/6HgW9M+/jCGWNclD5mZfyRg3He6hDg==,iv:PIYCD2n5ED5T24JfG6xhrvStd6jySCoBHhA8hUFIEMk=,tag:WWpfI1q9l9R44FRNaqIiaA==,type:str]
-DATABASE_URL: ENC[AES256_GCM,data:6plSDBUKyZVAO/djw3bPTthtS11yljwCGfQcIUqQetxROk5hwwVEGNMd1e6nGgS7eTtqJHW6uStkw58=,iv:RDjCVPDgPhMEbCriW0xjrxzcAolmyD55fbkD95LZMlE=,tag:ovH2D3eTXtHFmZba6u+IZg==,type:str]
-JWT_AUTH_SECRET: ENC[AES256_GCM,data:rzsOoIwJwwzCd+QbelcWYjfe1Bt7Y1ihrEn9tsxNyZnfmVVIkpFC948ne3YhUZ0CXYEDJYen/SFQgyyWsPwTwZgcy11mIZnROh4vlOJvPWILB1IlVQF/JDDts3fvXfe9HQ7ujBwkw5uR/33Rm+yxeLHMWTsn644DZSyKFi53QqY=,iv:aB3meC8BeEsLmiF0UMjQ60xipjGTJ0Qg1XqRHNujPFE=,tag:s/YcehFUrArknqHlXo3MYw==,type:str]
-JWT_API_TOKENS_SECRET: ENC[AES256_GCM,data:m6EtsdMNDRJk99LEYRgTk5rFNUYux4I2UWo/8AWy+2HJI8tRiOrBO284T3W/N+2/3fbty96sVB/SD8bjIIsxHij51sZTYi4+hdU7VxANGPdiMckKAXtvj3FMsVwrtW4MgRbH0j7taiDtnxVp6F3Cl7Sb0GamKFJjgAZnA3weN/8=,iv:rnNB1AzosstyF3c2pUcvYVTyUWcmo8Du+/b09OgcN9w=,tag:O81gnP2nXJ3JvgkivzVgkw==,type:str]
-sops:
-    age:
-        - recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3dWxEUDdhV2Z4V3JpNzNL
-            T0ZkYjlLWTNFV2c0Vm5Vb05xK09sQ0RxU0ZVCjhaSVhsSmoyZCtLYlNOVlNnTGFv
-            TTU1Y3I5U3UrcXhOOGt6U0hoSGw0YlUKLS0tIEJIbnJwNUk4Z0ZGNTRQRVFjWFhv
-            d0sreEpsMjV5M2JoRHFnVkpqeGhMM1EKX7K3Q2yj8EZuzCIxWIc+6Xeo+0lidPse
-            wstbeHV8ygWvOjIxjRGPOETQ17GLLl3eNEsk6P2gytZchmLkLYKKsA==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-04-04T23:08:05Z"
-    mac: ENC[AES256_GCM,data:vWNFqNiWleqvRItVB0X5W/7e/F+LEWmfIKtnjbV5xwgyZ1jkP2N2wkw8CpzDNN5xwrkTdKfziGt+Psg8p72uMfvqns1lgQzvSbT3W8Di7bbIxgvwyBV8qCCpYn95ra/KRmV+oefhhr/1RlBN8wNb3oZI/m7sH8lv9d0sKw5SrE8=,iv:UAOifm4itrG6M3VKi7zelxL73lcpQkGXLSa/dk/hbvM=,tag:rzCK7Id3zQVF8VSDJV3nhg==,type:str]
-    unencrypted_suffix: _unencrypted
-    version: 3.12.2

modules/default.nix

@@ -3,9 +3,9 @@ let
   defaultModule =
     {
       config,
-      deviceType,
       lib,
       xlib,
+      deviceType,
       ...
     }:
     {
@@ -21,9 +21,10 @@ let
         sops-nix.nixosModules.sops # sops module
         self.homeConfigurations.default.nixosModule # default homeConfigurations
         disko.nixosModules.disko # disko module
+        noctalia.nixosModules.default
       ];
-      nixpkgs.overlays = with inputs; [
-        self.nixosOverlays.default
+      nixpkgs.overlays = [
+        inputs.self.nixosOverlays.default
       ];
       _module.args = {
         inputs = inputs;

modules/desktop/default.nix

@@ -1,6 +1,5 @@
 {
   config,
-  inputs,
   lib,
   pkgs,
   ...
@@ -50,7 +49,7 @@
   programs = {
     dconf.enable = true;
     gamemode.enable = true;
-    steam.enable = true;
+    # steam.enable = true;
     xwayland.enable = true;
   };
   services = {
@@ -59,7 +58,7 @@
       xkb = {
         layout = "us,ru";
         variant = "";
-        # options = "grp:alt_shift_toggle";
+        options = "grp:alt_shift_toggle";
       };
     };
     libinput.enable = true;
@@ -69,12 +68,7 @@
       cups-pdf.enable = true;
     };
   };
-  # environment = {
-  #   systemPackages = [
-  #     pkgs.pcbu-desktop
-  #   ];
-  #   # sessionVariables = {
-  #   #   NIXOS_OZONE_WL = "1";
-  #   # };
+  # environment.sessionVariables = {
+  #   NIXOS_OZONE_WL = "1";
   # };
 }

modules/essentials/default.nix

@@ -7,7 +7,7 @@
     ./packages.nix
     ./services.nix
     ./settings.nix
-    ./systemd-routines.nix
+    # ./systemd-routine.nix
     ./shell.nix
   ];
 }

modules/essentials/packages.nix

@@ -16,7 +16,7 @@ in
       btop
       broot
       bottom
-      fastfetch
+      fastfetchMinimal
 
       # Encrypt
       age
@@ -38,12 +38,6 @@ in
       lazyjournal
       systemctl-tui
 
-      # IDE
-      yaml-language-server
-      nil
-      fresh-editor
-      #flow-control
-
       # Base
       curl
       # efibootmgr
@@ -59,7 +53,7 @@ in
       wget
       tree
       dust
-      tuckr
+      flow-control
 
       # Net Diagnostic
       mtr
@@ -78,7 +72,7 @@ in
       exfatprogs # for gparted exfat support
 
       # Archivers
-      # rar
+      rar
       unzip
       zstd
       zip
@@ -92,22 +86,20 @@ in
 
       # To save
       tuios
-      bluetui
-      speedtest-cli
-      # jocalsend
+      fresh-editor
+
+      # Test
+      jocalsend
+      lazydocker
+      dtop
       tlrc
       lazyssh
       mcat
+      framework-tool-tui
+      bluetui
       snitch
-      whosthere
       devenv
-
-      # Test
-      rgx
-      net-tools
-      # lazydocker
-      # dtop
-      # framework-tool-tui
+      whosthere
     ];
   };
   environment.variables.EDITOR = "fresh";
@@ -126,6 +118,7 @@ in
       enable = false;
       plugins = {
         inherit (pkgs.yaziPlugins)
+          gitui
           git
           sudo
           ouch
@@ -188,9 +181,6 @@ in
           name = "oqyude";
           email = "oqyude@gmail.com";
         };
-        pull = {
-          rebase = true;
-        };
       };
     };
     lazygit.enable = true;
@@ -202,7 +192,7 @@ in
       flake = "/etc/nixos";
       clean = {
         enable = true;
-        extraArgs = "--keep 2 --keep-since 2d";
+        extraArgs = "--keep 3 --keep-since 2d";
         dates = "daily";
       };
     };

modules/essentials/services.nix

@@ -1,6 +1,5 @@
 {
   config,
-  inputs,
   lib,
   pkgs,
   xlib,

modules/essentials/settings.nix

@@ -1,7 +1,6 @@
 {
   config,
   lib,
-  pkgs,
   ...
 }:
 {
@@ -9,34 +8,33 @@
   system.nixos.label = "default";
 
   nix = {
-    # package = pkgs.lixPackageSets.stable.lix; # maybe unstable
-    channel.enable = false;
-    nixPath = [ "nixpkgs=flake:nixpkgs" ];
+    channel = {
+      enable = true;
+    };
+    # nixPath = [ "nixpkgs=flake:nixpkgs" ];
     settings = {
       require-sigs = false;
       substituters = [
-        "http://100.64.0.0:5000"
         "https://cache.nixos.org"
         "https://nix-community.cachix.org"
         "https://mirror.yandex.ru/nixos"
         "https://cache.nixos.kz"
-        # "https://cache.xd0.zip"
+        "https://cache.xd0.zip"
         "https://nixos-cache-proxy.cofob.dev"
         # "https://nixos-cache-proxy.sweetdogs.ru"
         # "https://nixos-cache-proxy.elxreno.com"
         # "https://nixos.snix.store" # https://nixos.snix.store/
       ];
       trusted-public-keys = [
-        "cache.local:be5jFLkiwNyOep/McxSafB3jguBmztxx+oJ46ySyc/s="
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
       ];
-      stalled-download-timeout = 8;
-      connect-timeout = 8;
+      stalled-download-timeout = 4;
+      connect-timeout = 4;
       auto-optimise-store = true;
       fallback = true;
-      allow-import-from-derivation = true;
-      keep-derivations = false;
-      keep-outputs = false;
+      # allow-import-from-derivation = false;
+      # keep-derivations = true;
+      # keep-outputs = true;
       experimental-features = [
         "flakes"
         "nix-command"
@@ -45,10 +43,10 @@
   };
 
   nixpkgs = {
-    flake = {
-      setFlakeRegistry = false;
-      setNixPath = false;
-    };
+    # flake = {
+    #   setFlakeRegistry = false;
+    #   setNixPath = false;
+    # };
     config.allowUnfree = true;
   };
 

modules/essentials/shell.nix

@@ -39,7 +39,6 @@
       gp = "git pull";
       ns = "nh os switch";
       gp-ns = "gp && ns";
-      gc = "git add . && git commit -m 'dev: автокоммит $(date +'%Y-%m-%d %H:%M:%S')'";
       y = "yazi";
       nix-shellp = "nix-shell --run $SHELL -p";
       z-proxy = "export ALL_PROXY=socks5://localhost:10808";
@@ -67,7 +66,4 @@
       json2nix = "nix run github:sempruijs/json2nix";
     };
   };
-  environment.sessionVariables = {
-    TUCKR_HOME = "$HOME/Storage/dotfiles";
-  };
 }

modules/essentials/systemd-routine.nix

@@ -0,0 +1,26 @@
+{
+  config,
+  xlib,
+  ...
+}:
+{
+  systemd = {
+    services.nixos-auto-rebuild = {
+      description = "Auto rebuild NixOS config";
+      serviceConfig = {
+        Type = "oneshot";
+        User = "${xlib.device.username}";
+        WorkingDirectory = "/etc/nixos";
+        ExecStart = "gp-ns";
+      };
+    };
+    timers.nixos-auto-rebuild = {
+      description = "Run NixOS auto rebuild at 4am daily";
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "*-*-* 04:00:00";
+        Persistent = true;
+      };
+    };
+  };
+}

modules/essentials/systemd-routines.nix

@@ -1,39 +0,0 @@
-{
-  config,
-  pkgs,
-  xlib,
-  ...
-}:
-{
-  systemd = {
-    services = {
-      nixos-prebuild = {
-        description = "Prebuild NixOS closure";
-        serviceConfig = {
-          CPUQuota = "20%";
-          User = "oqyude";
-          Group = "users";
-          Nice = 10;
-          Type = "oneshot";
-          WorkingDirectory = "/tmp";
-          Environment = [
-            "HOME=/home/oqyude"
-          ];
-          ExecStart = ''
-            ${pkgs.nix}/bin/nix build --no-link /etc/nixos#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel
-          '';
-        };
-        wantedBy = [ "multi-user.target" ];
-      };
-    };
-    timers = {
-      nixos-prebuild = {
-        wantedBy = [ "timers.target" ];
-        timerConfig = {
-          OnCalendar = "*-*-* 04:00:00";
-          Persistent = true;
-        };
-      };
-    };
-  };
-}

modules/server/bentopdf.nix

@@ -1,16 +0,0 @@
-{
-  config,
-  inputs,
-  ...
-}:
-# let
-#   pkgs-stable = import inputs.nixpkgs-stable { system = "x86_64-linux"; };
-# in
-{
-  services.bentopdf = {
-    enable = true;
-    domain = "bentopdf.local";
-    nginx.enable = true;
-    # package = pkgs-stable.bentopdf;
-  };
-}

modules/server/calibre-web.nix

@@ -1,22 +1,16 @@
 {
   config,
-  inputs,
-  pkgs,
   xlib,
+  inputs,
   ...
 }:
-let
-  stable = import inputs.nixpkgs-calibre {
-    system = "x86_64-linux";
-  };
-in
 {
   services.calibre-web = {
-    package = stable.calibre-web;
     enable = true;
-    # dataDir = "${xlib.dirs.services-mnt-folder}/calibre-web";
+    group = "users";
+    user = "${xlib.device.username}";
     options = {
-      calibreLibrary = "${xlib.dirs.services-mnt-folder}/calibre-web-library";
+      calibreLibrary = "${xlib.dirs.calibre-library}";
       enableBookUploading = true;
       enableKepubify = true;
       enableBookConversion = false;
@@ -25,13 +19,4 @@ in
     listen.port = 8083;
     openFirewall = true;
   };
-
-  fileSystems."/var/lib/calibre-web" = {
-    device = "${xlib.dirs.services-mnt-folder}/calibre-web";
-    fsType = "none";
-    options = [
-      "bind"
-      "nofail"
-    ];
-  };
 }

modules/server/containers/default.nix

@@ -5,12 +5,12 @@
   ...
 }:
 {
-  environment.systemPackages = with pkgs; [
-    gcc
-    gdb
-    cmake
-    gnumake
+  imports = [
+    ./remnawave.nix
+  ];
 
-    nlohmann_json
+  environment.systemPackages = with pkgs; [
+    compose2nix
+    podman-tui
   ];
 }

modules/server/containers/remnawave.nix

@@ -0,0 +1,28 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  xlib,
+  ...
+}:
+{
+
+  # fileSystems."${config.services.immich.mediaLocation}" = {
+  #   device = "${xlib.dirs.services-folder}/immich";
+  #   options = [
+  #     "bind"
+  #     "nofail"
+  #   ];
+  # };
+
+  # systemd.tmpfiles.rules = [
+  #   "z ${config.services.immich.mediaLocation} 0755 immich immich -"
+  # ];
+
+  # environment = {
+  #   systemPackages = with pkgs; [
+  #     immich-cli
+  #   ];
+  # };
+}

modules/server/default.nix

@@ -5,18 +5,12 @@
 {
   imports = [
     ../software/beets
-    ./bentopdf.nix
     ./calibre-web.nix
-    ./gitea.nix
-    ./glances.nix
+    ./containers
     ./immich.nix
     ./miniflux.nix
-    ./n8n.nix
-    ./navidrome.nix
-    ./netdata.nix
     ./nextcloud.nix
     ./nginx.nix
-    ./nix-serve.nix
     ./open-webui.nix
     ./postgresql.nix
     ./samba.nix
@@ -25,7 +19,6 @@
     ./systemd.nix
     ./transmission.nix
     ./uptime-kuma.nix
-    # ../containers/remnawave.nix
     # ./mealie.nix
     # ./memos.nix
     # ./nfs.nix

modules/server/gitea.nix

@@ -1,28 +0,0 @@
-{
-  config,
-  inputs,
-  lib,
-  pkgs,
-  xlib,
-  ...
-}:
-{
-  services = {
-    gitea = {
-      enable = true;
-      stateDir = "${xlib.dirs.services-mnt-folder}/gitea";
-      appName = "ZeroQ Gitea Service";
-      settings = {
-        server = {
-          DOMAIN = "gitea.local";
-          HTTP_PORT = 3000;
-        };
-        service.DISABLE_REGISTRATION = true;
-      };
-    };
-  };
-
-  systemd.tmpfiles.rules = [
-    "z ${config.services.gitea.stateDir} 0755 gitea gitea -"
-  ];
-}

modules/server/glances.nix

@@ -1,15 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  services = {
-    glances = {
-      enable = true;
-      openFirewall = true;
-      port = 61208;
-    };
-  };
-}

modules/server/immich.nix

@@ -1,8 +1,8 @@
 {
   config,
-  inputs,
   lib,
   pkgs,
+  inputs,
   xlib,
   ...
 }:
@@ -22,9 +22,21 @@ in
       accelerationDevices = null;
       machine-learning.enable = true;
       mediaLocation = "${xlib.dirs.services-mnt-folder}/immich";
+      database = {
+        enableVectors = false;
+        enableVectorChord = true;
+      };
     };
   };
 
+  # fileSystems."${config.services.immich.mediaLocation}" = {
+  #   device = "${xlib.dirs.services-folder}/immich";
+  #   options = [
+  #     "bind"
+  #     "nofail"
+  #   ];
+  # };
+
   systemd.tmpfiles.rules = [
     "z ${config.services.immich.mediaLocation} 0755 immich immich -"
   ];

modules/server/mealie.nix

@@ -4,7 +4,7 @@
 }:
 {
   services.mealie = {
-    enable = false;
+    enable = true;
     listenAddress = "0.0.0.0";
     port = 9000;
     database.createLocally = true;

modules/server/memos.nix

@@ -5,7 +5,7 @@
 }:
 {
   services.memos = {
-    enable = false;
+    enable = true;
     openFirewall = true;
     settings = {
       MEMOS_MODE = "prod";

modules/server/n8n.nix

@@ -1,33 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  xlib,
-  inputs,
-  ...
-}:
-{
-  services.n8n = {
-    enable = false;
-    environment = {
-      # N8N_USER_FOLDER = lib.mkForce "${xlib.dirs.services-mnt-folder}/n8n";
-      N8N_SECURE_COOKIE = "false";
-      N8N_PORT = 5678;
-    };
-    openFirewall = true;
-  };
-
-  systemd.tmpfiles.rules = [
-    "d ${xlib.dirs.services-mnt-folder}/n8n 0755 nobody nogroup -"
-    "z ${xlib.dirs.services-mnt-folder}/n8n 0755 nobody nogroup -"
-  ];
-
-  fileSystems."/var/lib/n8n" = {
-    device = "${xlib.dirs.services-mnt-folder}/n8n";
-    fsType = "none";
-    options = [
-      "bind"
-      "nofail"
-    ];
-  };
-}

modules/server/navidrome.nix

@@ -1,22 +0,0 @@
-{
-  config,
-  inputs,
-  lib,
-  pkgs,
-  xlib,
-  ...
-}:
-{
-  services = {
-    navidrome = {
-      enable = false;
-      openFirewall = true;
-      # environmentFile = "";
-      settings = {
-        Address = "0.0.0.0";
-        Port = "4533";
-        MusicFolder = "/mnt/beets/music";
-      };
-    };
-  };
-}

modules/server/netdata.nix

@@ -1,32 +0,0 @@
-{
-  config,
-  inputs,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  services = {
-    netdata = {
-      enable = false;
-      package = pkgs.netdata.override {
-        withCloudUi = true;
-      };
-      config = {
-        web = {
-          "allow connections from" = "localhost *";
-          "default port" = "19999";
-          "bind to" = "0.0.0.0";
-        };
-      };
-      # python = {
-      #   enable = true;
-      #   recommendedPythonPackages = true;
-      # };
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [
-    19999
-  ];
-}

modules/server/nextcloud.nix

@@ -18,14 +18,14 @@ in
     nextcloud-whiteboard-server = {
       enable = true;
       settings = {
-        NEXTCLOUD_URL = "http://nextcloud.private";
+        NEXTCLOUD_URL = "http://nextcloud.local";
       };
-      secrets = [ config.sops.secrets.nextcloud-whiteboard-jwt.path ];
+      secrets = [ "${inputs.zeroq-credentials}/services/nextcloud/jwt-secret.txt" ];
     };
     nextcloud = {
       enable = true;
-      package = pkgs.nextcloud33;
-      hostName = "nextcloud.private";
+      package = pkgs.nextcloud32;
+      hostName = "nextcloud.local";
       database.createLocally = true;
       home = "${xlib.dirs.services-mnt-folder}/nextcloud";
       configureRedis = true;
@@ -39,42 +39,30 @@ in
         dbuser = "nextcloud";
         dbname = "nextcloud";
         adminuser = "oqyude";
-        adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
+        adminpassFile = "${inputs.zeroq-credentials}/services/nextcloud/admin-pass.txt";
       };
       settings = {
         log_type = "file";
         trusted_domains = [
+          "nextcloud.zeroq.ru"
           "100.64.0.0"
           "192.168.1.20"
           "localhost"
-          "nextcloud.local"
-          "nextcloud.private"
-          "nextcloud.zeroq.su"
-          "office.local"
-          "office.zeroq.su"
         ];
         trusted_proxies = [
           "100.64.1.0"
-          "109.248.161.5"
         ];
-        overwriteprotocol = ""; # maybe no
+        overwriteprotocol = "https";
       };
       extraAppsEnable = true;
       appstoreEnable = false;
-      notify_push = {
-        enable = false;
-        bendDomainToLocalhost = true;
-      };
-      # phpPackage = pkgs.php85;
       extraApps = {
-        inherit (config.services.nextcloud.package.packages.apps)
-          # richdocuments
+        inherit (config.services.nextcloud.package.packages.apps) # (config.services.nextcloud.package.packages.apps)
           # gpoddersync
           # integration_paperless
           # memories
-          # news
           # nextpod
-          # notify_push
+          # onlyoffice
           # phonetrack
           # repod
           # sociallogin
@@ -92,92 +80,96 @@ in
           impersonate
           mail
           music
+          # news
           notes
-          onlyoffice
+          notify_push
           polls
           previewgenerator
+          richdocuments
           spreed
           tables
-          tasks
           user_oidc
           user_saml
           whiteboard
           ;
-        # inherit (pkgs.nextcloud31Packages.apps)
-        #   # end_to_end_encryption
-        #   # maps
-        #   tasks
-        #   ;
+        inherit (pkgs.nextcloud31Packages.apps)
+          # end_to_end_encryption
+          # maps
+          tasks
+          ;
       };
     };
-    # collabora-online = {
-    #   enable = false;
-    #   port = 9980;
-    #   # package = master.collabora-online;
-    #   settings = {
-    #     server_name = "office.zeroq.su";
-    #     ssl = {
-    #       enable = false;
-    #       termination = true;
-    #       ssl_verification = false;
-    #     };
-    #     net = {
-    #       listen = "0.0.0.0";
-    #       post_allow.host = [
-    #         "0.0.0.0"
-    #       ];
-    #     };
-    #     storage.wopi = {
-    #       "@allow" = true;
-    #       host = [
-    #         "0.0.0.0/0"
-    #       ];
-    #     };
-    #   };
-    # };
-    onlyoffice = {
+    collabora-online = {
       enable = true;
-      hostname = "office.local";
-      port = 8090;
-      allowLocalConnections = true;
-      wopi = true;
-      jwtSecretFile = config.sops.secrets.onlyoffice-jwt.path;
-      securityNonceFile = config.sops.secrets.onlyoffice-nonce.path;
+      port = 9980;
+      # package = master.collabora-online;
+      settings = {
+        server_name = "office.zeroq.ru";
+        ssl = {
+          enable = false;
+          termination = true;
+          ssl_verification = false;
+        };
+        net = {
+          listen = "0.0.0.0";
+          post_allow.host = [
+            "0.0.0.0"
+          ];
+        };
+        storage.wopi = {
+          "@allow" = true;
+          host = [
+            "0.0.0.0/0"
+          ];
+        };
+      };
+    };
+    onlyoffice = {
+      enable = false;
+      hostname = "0.0.0.0";
+      jwtSecretFile = "${inputs.zeroq-credentials}/services/onlyoffice/jwt.txt";
     };
   };
 
   # fonts.packages = [ work.corefonts ];
 
-  #   networking.hosts = {
-  #     "localhost" = [ "nextcloud-private.local" ];
-  #   };
+  # networking.hosts = {
+  # };
 
-  #   systemd.services.nextcloud-config-collabora =
-  #     let
-  #       inherit (config.services.nextcloud) occ;
-  #       wopi_url = "http://localhost:${toString config.services.collabora-online.port}";
-  #       public_wopi_url = "https://office.zeroq.su";
-  #       wopi_allowlist = lib.concatStringsSep "," [
-  #         "0.0.0.0/0"
-  #       ];
-  #     in
-  #     {
-  #       wantedBy = [ "multi-user.target" ];
-  #       after = [
-  #         "nextcloud-setup.service"
-  #         "coolwsd.service"
-  #       ];
-  #       requires = [ "coolwsd.service" ];
-  #       script = ''
-  #         ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
-  #         ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
-  #         ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
-  #         ${occ}/bin/nextcloud-occ richdocuments:setup
-  #       '';
-  #       serviceConfig = {
-  #         Type = "oneshot";
-  #       };
-  #     };
+  systemd.services.nextcloud-config-collabora =
+    let
+      inherit (config.services.nextcloud) occ;
+      wopi_url = "http://localhost:${toString config.services.collabora-online.port}";
+      public_wopi_url = "https://office.zeroq.ru";
+      wopi_allowlist = lib.concatStringsSep "," [
+        "0.0.0.0/0"
+      ];
+    in
+    {
+      wantedBy = [ "multi-user.target" ];
+      after = [
+        "nextcloud-setup.service"
+        "coolwsd.service"
+      ];
+      requires = [ "coolwsd.service" ];
+      script = ''
+        ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
+        ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
+        ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
+        ${occ}/bin/nextcloud-occ richdocuments:setup
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+      };
+    };
+
+  # fileSystems."${config.services.nextcloud.home}" = {
+  #   device = "${xlib.dirs.services-folder}/nextcloud";
+  #   options = [
+  #     "bind"
+  #     "nofail"
+  #   ];
+  # };
 
   systemd.tmpfiles.rules = [
     "z ${config.services.nextcloud.home} 0750 nextcloud nextcloud -"
@@ -186,39 +178,4 @@ in
   environment.systemPackages = [
     pkgs.nc4nix # Packaging helper for Nextcloud apps
   ];
-
-  sops.secrets = {
-    nextcloud-adminpass = {
-      format = "yaml";
-      key = "adminpass";
-      sopsFile = ./secrets/nextcloud.yaml;
-      owner = "nextcloud";
-      group = "nextcloud";
-      mode = "0650";
-    };
-    nextcloud-whiteboard-jwt = {
-      format = "yaml";
-      key = "whiteboard-jwt";
-      sopsFile = ./secrets/nextcloud.yaml;
-      owner = "nextcloud";
-      group = "nextcloud";
-      mode = "0650";
-    };
-    onlyoffice-nonce = {
-      format = "yaml";
-      key = "nonce";
-      sopsFile = ./secrets/onlyoffice.yaml;
-      owner = "onlyoffice";
-      group = "onlyoffice";
-      mode = "0650";
-    };
-    onlyoffice-jwt = {
-      format = "yaml";
-      key = "jwt";
-      sopsFile = ./secrets/onlyoffice.yaml;
-      owner = "onlyoffice";
-      group = "onlyoffice";
-      mode = "0650";
-    };
-  };
 }

modules/server/nginx.nix

@@ -5,9 +5,6 @@
   xlib,
   ...
 }:
-let
-  server = "192.168.1.20";
-in
 {
   services = {
     nginx = {
@@ -17,192 +14,70 @@ in
       recommendedProxySettings = true;
       recommendedTlsSettings = true;
       virtualHosts = {
-        "nextcloud.private" = {
-          forceSSL = false;
-          enableACME = false;
-          listen = [
-            {
-              addr = "100.64.0.0";
-              port = 10000;
-            }
-            {
-              addr = "192.168.1.20";
-              port = 10000;
-            }
-          ];
-        };
-        "office.local" = {
-          forceSSL = false;
-          enableACME = false;
-          # locations = {
-          #   "/" = {
-          #     proxyPass = "http://localhost:8090";
-          #     proxyWebsockets = true;
-          #   };
-          # };
-          # extraConfig = ''
-          #   proxy_set_header Host $host;
-          #   proxy_set_header X-Forwarded-Proto $scheme;
-          #   proxy_set_header X-Forwarded-Host $host;
-          #   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-          #   proxy_http_version 1.1;
-          #   proxy_set_header Upgrade $http_upgrade;
-          #   proxy_set_header Connection "upgrade";
-          # '';
-        };
-        "bentopdf.local" = {
-          forceSSL = false;
-          enableACME = false;
-          listen = [
-            {
-              addr = "0.0.0.0";
-              port = 80;
-            }
-            {
-              addr = "100.64.0.0";
-              port = 8446;
-            }
-            {
-              addr = "192.168.1.20";
-              port = 8446;
-            }
-          ];
-          extraConfig = ''
-            client_max_body_size 5G;
-          '';
-        };
         "nextcloud.local" = {
           forceSSL = false;
           enableACME = false;
-          locations = {
-            "/" = {
-              proxyPass = "http://${server}:10000";
-              proxyWebsockets = true;
-            };
-            "/whiteboard" = {
-              proxyPass = "http://${server}:3002";
-              proxyWebsockets = true;
-            };
-          };
-          extraConfig = ''
-            client_max_body_size 5G;
+          listen = [
+            {
+              addr = "100.64.0.0";
+              port = 10000;
+            }
+            {
+              addr = "192.168.1.20";
+              port = 10000;
+            }
+          ];
+        };
+        "zeroq.local" = {
+          forceSSL = false;
+          enableACME = false;
+          root = pkgs.writeTextDir "index.html" ''
+            <!doctype html>
+            <html>
+            <body>
+              <pre>This server is running in backend.</pre>
+            </body>
+            </html>
           '';
+          listen = [
+            {
+              addr = "100.64.0.0";
+              port = 80;
+            }
+            {
+              addr = "192.168.1.20";
+              port = 80;
+            }
+          ];
         };
-        "gitea.local" = {
-          forceSSL = false;
-          enableACME = false;
-          locations."/" = {
-            proxyPass = "http://${server}:3000";
-            proxyWebsockets = true;
-          };
-          extraConfig = ''
-            client_max_body_size 5G;
-          '';
-        };
-        "n8n.local" = {
-          forceSSL = false;
-          enableACME = false;
-          locations."/" = {
-            proxyPass = "http://${server}:5678";
-            proxyWebsockets = true;
-          };
-          extraConfig = ''
-            client_max_body_size 5G;
-          '';
-        };
-        "kuma.local" = {
-          forceSSL = false;
-          enableACME = false;
-          locations."/" = {
-            proxyPass = "http://${server}:4001";
-            proxyWebsockets = true;
-          };
-        };
-        "health.local" = {
-          forceSSL = false;
-          enableACME = false;
-          locations."/" = {
-            proxyPass = "http://${server}:19999";
-            proxyWebsockets = true;
-          };
-        };
-        "agent.local" = {
-          forceSSL = false;
-          enableACME = false;
-          locations."/" = {
-            proxyPass = "http://${server}:3000";
-            proxyWebsockets = true;
-          };
-        };
-        "flux.local" = {
-          forceSSL = false;
-          enableACME = false;
-          locations."/" = {
-            proxyPass = "http://${server}:6061";
-            proxyWebsockets = true;
-          };
-        };
-        "immich.local" = {
-          forceSSL = false;
-          enableACME = false;
-          locations."/" = {
-            proxyPass = "http://${server}:2283";
-            proxyWebsockets = true;
-          };
-          extraConfig = ''
-            client_max_body_size 5G;
-          '';
-        };
-        #         "office.local" = {
-        #           enableACME = false;
-        #           forceSSL = false;
-        #           locations = {
-        #             "/" = {
-        #               proxyPass = "http://${server}:8000"; # 9980
-        #               proxyWebsockets = true;
-        #             };
-        #           };
-        #           extraConfig = ''
-        #             client_max_body_size 5G;
-        #             proxy_set_header X-Forwarded-Proto $scheme;
-        #             proxy_set_header X-Real-IP $remote_addr;
-        #             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        #           ''; # absolute_redirect off;
-        #         };
-        "calibre.local" = {
-          forceSSL = false;
-          enableACME = false;
-          locations."/" = {
-            proxyPass = "http://${server}:8083";
-            proxyWebsockets = true;
-          };
-          extraConfig = ''
-            client_max_body_size 5G;
-          '';
-        };
-        # "zeroq.local" = {
+        # "localhost:8000" = {
         #   forceSSL = false;
         #   enableACME = false;
-        #   root = pkgs.writeTextDir "index.html" ''
-        #     <!doctype html>
-        #     <html>
-        #     <body>
-        #       <pre>This server is running in backend.</pre>
-        #     </body>
-        #     </html>
-        #   '';
         #   listen = [
         #     {
         #       addr = "100.64.0.0";
-        #       port = 80;
+        #       port = 9980;
         #     }
         #     {
         #       addr = "192.168.1.20";
-        #       port = 80;
+        #       port = 9980;
         #     }
         #   ];
         # };
+        # "office.zeroq.ru" = {
+        #   forceSSL = false;
+        #   enableACME = false;
+        #   locations."/" = {
+        #     proxyPass = "http://onlyoffice.local:8000";
+        #     proxyWebsockets = true;
+        #   };
+        #   extraConfig = ''
+        #     # Force nginx to return relative redirects. This lets the browser
+        #     # figure out the full URL. This ends up working better because it's in
+        #     # front of the reverse proxy and has the right protocol, hostname & port.
+        #     absolute_redirect off;
+        #   '';
+        # };
       };
     };
   };

modules/server/nix-serve.nix

@@ -1,24 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  services = {
-    nix-serve = {
-      enable = true;
-      openFirewall = true;
-      port = 5000;
-      bindAddress = "0.0.0.0";
-      secretKeyFile = config.sops.secrets.private-key.path;
-    };
-  };
-  sops.secrets = {
-    private-key = {
-      key = "private-key";
-      sopsFile = ./secrets/nix-serve.yaml;
-      mode = "0600";
-    };
-  };
-}

modules/server/postgresql.nix

@@ -23,7 +23,6 @@ in
 
   fileSystems."/var/lib/postgresql" = {
     device = "${xlib.dirs.services-mnt-folder}/postgresql";
-    fsType = "none";
     options = [
       "bind"
       "nofail"

modules/server/samba.nix

@@ -6,9 +6,6 @@
 {
   services.samba = {
     enable = true;
-    nmbd = {
-      enable = false;
-    };
     settings = {
       global = {
         "invalid users" = [ ];

modules/server/secrets/nextcloud.yaml

@@ -1,17 +0,0 @@
-adminpass: ENC[AES256_GCM,data:Fm+Q6YWXxouP5cX2WHU05Jr49FU=,iv:Exf/li6bL6xpR9HQ8XDDSprjx4ltHkJFl99Ga+gXwmQ=,tag:iB9d5O4982tr7lPu1nWccQ==,type:str]
-whiteboard-jwt: ENC[AES256_GCM,data:5i+x8VODrBIhGEWS5Ua6lrk7tsfk6xTa/1qm1rXe4A==,iv:2gFEeudip7BxJh553QtZ1CZo9T8jro3Q/Afdo8ouHtw=,tag:HgBM9ta41rhXJlsQJ+asFg==,type:str]
-sops:
-    age:
-        - recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxNWFiUlZXMEEvNll0aFFk
-            UldxNitqaDgyenBFeWRhLzUxSVVhQk55Q1FBCkdLU3p4S0NTOVhERkRoaWVwbWVB
-            cUxwdkJnQ1IyNzFTaVJvVXRwbElYbVkKLS0tIDQ5ejZvRks5U0tPU0w0WXdtM0ht
-            WGVQYjZtaHhaeC9pMzYxYmxTcVNtYk0KKxXXNA9h0fs+mA6U/Vsyg+q1CPl5hFrI
-            Ozjqh+dzwajQeqkCPUdCsoeIWsvBY2Cyabvs+f0zj8S00faXb8rVQQ==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-03-30T12:49:45Z"
-    mac: ENC[AES256_GCM,data:1EkbMGa6nK53GqGWYvXZP+sqy91AldGKy/32CVPshZwvTzJtk/VeK3W9A3fIGwvo7gl+QVWJmSiqrOTql4v+U4Yi3jVLEXsHXA5Bh28aJ7Ng9nkZmI10K7oaYF1xWNxzwss4gcDNIuomK+wG1WNLaiLbxwCBkN6xHugWQ4F+DLs=,iv:UmI6nC7dIHGeas54taf5kTIINvyd8YXyOVdIYghwHmE=,tag:VxdJLXRYin8D07r6CCA00A==,type:str]
-    unencrypted_suffix: _unencrypted
-    version: 3.12.2

modules/server/secrets/nix-serve.yaml

@@ -1,16 +0,0 @@
-private-key: ENC[AES256_GCM,data:VTj1cmhYLbBuUnIgtXI3CZtULaNZ5XOpoheJB0gUwrWrH5B0rmxcvZLlJWX7xhGs4oqcC3Wwmo+TBPhcgGylLVdCuhJG5A94UwOa9ZIV4s3x3IJ4RU3UcHTsA0xdtw7XxBfryw==,iv:8oZCojIU0JXWJgE5t+fNNW9trC109yOJp1UGAV76FbU=,tag:S74cHFy9B8C29npdcoVBeg==,type:str]
-sops:
-    age:
-        - recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6MHBkYzZneEdhUlN5MEpx
-            NGxud1BkVU1NUFdyVFE2VDJWb1M2cW9IcUVFCm9QZ3RvNHFaeWpFbnZ3Q1dKSDdn
-            RHQvUDgrZHRiUHpSR3FrWXRkQUxXWGMKLS0tIERsemNuL1BwR2xYYUpmbVFROWtN
-            RGI1WlRGMzlkS2tqQ0JPSFJHTUY1TUkKDeaivc+ST8MYtnJEDx07Y+IhtpvblR47
-            SLZf6WKQ8WNY4Bb5VeMWiCABPP/2L+VwoACqkOdZ01yGUVQSc9X6tw==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-05-03T17:05:41Z"
-    mac: ENC[AES256_GCM,data:6jNp7N7lIvsLez3zQbDKTWPyvkL8u9g34I3q27GudgXzYw8B3Pb26jc9dCYCxCylCZxN5IeWWyHvUt4PadQABI4jrrIKnIfVV1A2c+A90chu+xSyE/B9OhkSC7yYVOnCURJPYku8799RIRkpHAWeKawkydbOiszCiC3qIKZDSTQ=,iv:xXivLDNnTABlNeWOOWsCESDUOnFv+9Lh0o029r7rk+A=,tag:vUoIZjcNtE3xJX/jNCao7Q==,type:str]
-    unencrypted_suffix: _unencrypted
-    version: 3.12.2

modules/server/secrets/onlyoffice.yaml

@@ -1,17 +0,0 @@
-jwt: ENC[AES256_GCM,data:Mp+eAh0Nle0QDfo92isNLwvHn/E=,iv:0FLK/8QpmX5Mv7IXMy04AJAgUknp5DATpD0acyPqrUg=,tag:rP9x3G8WIDG6KWSjqPXulQ==,type:str]
-nonce: ENC[AES256_GCM,data:IGIo74eaE1vppWmLJt8C1cmpUm8eozumLXU5ecJJIolpKlC85H39l6oGmw==,iv:YwLbgbkOxpChwLTbknCii66LMVwD61sr7gXsbv3t/NI=,tag:YFfLkO5b55/AcJKTpSyslQ==,type:str]
-sops:
-    age:
-        - recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSzIwWlBrWFJWVHpIUVJk
-            eHh1MkYza28yeU54OWczY1ZjYmJHOFI3dXc4ClVKUVpoUWZTR0g5L2FTd0l4NzUr
-            R0xlYTJVQ1VLQXJuSGZJUE1Bd3Jsa00KLS0tIExPSi9Ob0ErSTRZQlhlTGN5WUV0
-            dm4xa25tSmN3VjlPaWpBWnhJdklqWEEK+sD+lvwQGjNkOic3ZCo2VGQ/+p2Nhmm+
-            g846YrGljYOib6hNryEhZWe0KmaDhn24vnEK5NS4WtqqwV+IhCZbmg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-03-30T21:55:57Z"
-    mac: ENC[AES256_GCM,data:Ff8KB0O7sDE4GL8kccuA3s8DSallp5aOsy+T60FLCxsZN1m7m6Cql+3Hb3IS0M/nLRZMoZre8kztnzSbWs8ZK0e5wZoQjb6KMESZaXPOfjjbPWjMKiRCAQZUJNZy5P067qoxOIQ3t25kPNolmHkSyicpLoLRIB4Adn8+M79/RLk=,iv:LfVbDH8JVbgkVk5cFpr/lbvtSu8waLhn9XHwPW/8jBE=,tag:ll5JQbyr84vI8V154ZE/wQ==,type:str]
-    unencrypted_suffix: _unencrypted
-    version: 3.12.2

modules/server/systemd.nix

@@ -11,65 +11,31 @@
       rsync-archivesta = {
         # Archivesta
         description = "Backup data using rsync";
-        # wants = [
-        #   "mnt-archive.mount"
-        # ];
-        # requires = [
-        #   "mnt-archive.mount"
-        # ];
-        # after = [
-        #   "mnt-archive.mount"
-        # ];
-        unitConfig.RequiresMountsFor = [
-          "${xlib.dirs.archive-drive}"
-          "${xlib.dirs.server-home}"
-          "${xlib.dirs.services-mnt-folder}"
-        ];
+        requisite = [ "mnt-archive.mount" ]; # hard-code
         script = ''
-          ${pkgs.rsync}/bin/rsync -rtv --delete \
-            ${xlib.dirs.services-mnt-folder}/ \
-            ${xlib.dirs.archive-drive}/Services/
+          ${pkgs.rsync}/bin/rsync -rtv --delete ${xlib.dirs.services-folder}/ ${xlib.dirs.archive-drive}/Services/
         '';
         serviceConfig = {
           Type = "oneshot";
           User = "root";
           Group = "root";
-          Nice = 10;
-          CPUQuota = "5%";
+          Nice = 19;
           IOSchedulingClass = "idle";
         };
       };
       rsync-archivesta-lite = {
         # Archivesta Lite
         description = "Backup data using rsync";
-        # wants = [
-        #   "mnt-mobile.mount"
-        # ];
-        # after = [
-        #   "mnt-mobile.mount"
-        # ];
-        # requires = [
-        #   "mnt-mobile.mount"
-        # ];
-        unitConfig.RequiresMountsFor = [
-          "${xlib.dirs.server-home}"
-          "${xlib.dirs.mobile-drive}"
-        ];
+        requisite = [ "mnt-mobile.mount" ]; # hard-code
         script = ''
-          ${pkgs.rsync}/bin/rsync -rtv --delete \
-            ${xlib.dirs.server-home}/Music/ \
-            ${xlib.dirs.mobile-drive}/Music/
-
-          ${pkgs.rsync}/bin/rsync -rtv --delete \
-            "${xlib.dirs.server-home}/Hosts/epral/Neo Backup/" \
-            "${xlib.dirs.mobile-drive}/Neo Backup/"
+          ${pkgs.rsync}/bin/rsync -rtv --delete ${xlib.dirs.server-home}/Music/ ${xlib.dirs.mobile-drive}/Music/
+          ${pkgs.rsync}/bin/rsync -rtv --delete "${xlib.dirs.server-home}/Hosts/epral/Neo Backup/" "${xlib.dirs.mobile-drive}/Neo Backup/"
         '';
         serviceConfig = {
           Type = "oneshot";
           User = "root";
           Group = "root";
-          Nice = 10;
-          CPUQuota = "5%";
+          Nice = 19;
           IOSchedulingClass = "idle";
         };
       };

modules/server/uptime-kuma.nix

@@ -8,7 +8,7 @@
 }:
 {
   services.uptime-kuma = {
-    enable = false;
+    enable = true;
     settings = {
       PORT = "4001";
       HOST = "0.0.0.0";
@@ -21,7 +21,6 @@
 
   fileSystems."/var/lib/private/uptime-kuma" = {
     device = "${xlib.dirs.services-mnt-folder}/uptime-kuma";
-    fsType = "none";
     options = [
       "bind"
       "nofail"

modules/software/ai.nix

@@ -0,0 +1,24 @@
+{
+  config,
+  lib,
+  pkgs,
+  xlib,
+  ...
+}:
+{
+  # services = {
+  #   nextjs-ollama-llm-ui.enable = false;
+  #   ollama = {
+  #     enable = false;
+  #     package = pkgs.ollama-rocm;
+  #     environmentVariables = {
+  #       HSA_OVERRIDE_GFX_VERSION = "11.5.0";
+  #       HCC_AMDGPU_TARGET = "gfx1150"; # used to be necessary, but doesn't seem to anymore
+  #     };
+  #     user = "ollama"; # "${xlib.device.username}";
+  #     group = "ollama";
+  #     acceleration = "rocm";
+  #     rocmOverrideGfx = "11.5.0";
+  #   };
+  # };
+}

modules/software/beets/default.nix

@@ -1,84 +1,28 @@
 {
   config,
-  inputs,
   lib,
   pkgs,
   xlib,
   ...
 }:
 let
-  stable = import inputs.nixpkgs-beets {
-    system = "x86_64-linux";
+  depsOverlay = import ./dependencies.nix {
+    # ./dependencies-full.nix if broken
+    inherit (pkgs) fetchurl fetchgit fetchhg;
+    inherit pkgs;
   };
-in
-let
-  # depsOverlay = import ./dependencies.nix {
-  #   # ./dependencies-full.nix if broken
-  #   inherit (pkgs) fetchurl fetchgit fetchhg;
-  #   inherit pkgs;
-  # };
-  # python3 = pkgs.python3.override {
-  #   packageOverrides = depsOverlay;
-  # };
-  beetsEnv = pkgs.python314.withPackages (
-    ps: with ps; [
-      # et-xmlfile
-      # exceptiongroup
-      # markdown-it-py
-      # mdurl
-      # munkres
-      # musicbrainzngs
-      # openpyxl
-      # pygments
-      # rich
-      # sniffio
-      anyio
-      beautifulsoup4
-      beetcamp
-      beets
-      certifi
-      charset-normalizer
-      colorama
-      confuse
-      discogs-client
-      filetype
-      h11
-      httpcore
-      httpx
-      httpx-socks
-      idna
-      jellyfish
-      langdetect
-      lap
-      llvmlite
-      mediafile
-      mutagen
-      numba
-      numpy
-      oauthlib
-      packaging
-      pillow
-      platformdirs
-      pycountry
-      pylast
-      pyrate-limiter
-      pysocks
-      python-dateutil
-      pyyaml
-      requests
-      requests-ratelimiter
-      scipy
-      # setuptools
-      six
-      socksio
-      soupsieve
-      typing-extensions
-      unidecode
-      urllib3
-    ]
-  );
+  python3 = pkgs.python3.override {
+    packageOverrides = depsOverlay;
+  };
+  beetsEnv = python3.withPackages (ps: [
+    ps.beets
+  ]);
 in
 {
+  systemd.tmpfiles.rules = [
+    "z /mnt/beets 0700 ${xlib.device.username} users -" # beets absolute paths
+  ];
+
   users = {
     users = {
       "${xlib.device.username}" = {
@@ -86,20 +30,21 @@ in
           beetsEnv
           pkgs.mp3gain
           pkgs.imagemagick
-          #ffmpeg
+          #pkgs.ffmpeg
         ];
       };
     };
   };
-  systemd.mounts = [
-    {
-      enable = true;
-      options = "bind,x-systemd.automount,nofail";
-      requires = [ "local-fs.target" ];
-      type = "none";
-      wantedBy = [ "multi-user.target" ];
-      what = "/home/${xlib.device.username}/Music";
-      where = "/home/${xlib.device.username}/.config/beets";
-    }
-  ];
+  fileSystems."/mnt/beets/music" = {
+    device = "/home/${xlib.device.username}/Music"; # "${xlib.dirs.vetymae-drive}/Users/User/Music"
+    options = [
+      "bind"
+      "uid=1000"
+      "gid=1000"
+      "fmask=0077"
+      "dmask=0077"
+      "nofail"
+      #"x-systemd.device-timeout=0"
+    ];
+  };
 }

modules/software/beets/dependencies.nix

@@ -117,7 +117,7 @@ self: super: {
       self."requests" # For spotify, deezer, embedart, fetchart, lyrics
       self."python3-discogs-client" # For discogs
       self."pylast" # For lastgenre
-      # self."beetcamp" # Another
+      self."beetcamp" # Another
     ];
   };
   "certifi" = super.buildPythonPackage rec {

modules/users.nix

@@ -13,7 +13,6 @@
   xlib.device.username = "oqyude";
 
   users = {
-    mutableUsers = false;
     users = {
       "${xlib.device.username}" = {
         name = "${xlib.device.username}";
@@ -81,22 +80,6 @@
         group = config.users.users."${xlib.device.username}".group;
         mode = "0655";
       };
-      ssh_key_private_root = {
-        format = "yaml";
-        key = "ssh_key_private";
-        path = "/root/.ssh/id_ed25519";
-        owner = "root";
-        group = "root";
-        mode = "0600";
-      };
-      ssh_key_public_root = {
-        format = "yaml";
-        key = "ssh_key_public";
-        path = "/root/.ssh/id_ed25519";
-        owner = "root";
-        group = "root";
-        mode = "0655";
-      };
       ssh_key_public_host = {
         format = "yaml";
         key = "ssh_key_public";

modules/vds-new/containers/3x-ui.nix

@@ -58,7 +58,6 @@
     environment = {
       "XRAY_VMESS_AEAD_FORCED" = "false";
       "XUI_ENABLE_FAIL2BAN" = "true";
-      "TZ" = "Europe/Moscow";
     };
     volumes = [
       "/mnt/containers/3x-ui/cert/:/root/cert:rw"

modules/vds-new/containers/default.nix

@@ -0,0 +1,16 @@
+{
+  config,
+  pkgs,
+  inputs,
+  ...
+}:
+{
+  imports = [
+    ./3x-ui.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    compose2nix
+    podman-tui
+  ];
+}

modules/vds-new/default.nix

@@ -4,6 +4,7 @@
 }:
 {
   imports = [
-    ../vds
+    ./containers
+    ./nginx.nix
   ];
 }

modules/vds-new/netbird.nix

@@ -0,0 +1,40 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+{
+  services.netbird.server = {
+    enable = false;
+    enableNginx = true;
+    domain = "netbird.zeroq.ru";
+    dashboard = {
+      enable = false;
+      domain = "netbird.zeroq.ru";
+      settings = {
+        #AUTH_AUTHORITY = "nbp_ufe0v5mbb5H1lQWL8eJfuzJ5ItPmlM46Mik0";
+      };
+    };
+    management = {
+      enable = false;
+      domain = "netbird.zeroq.ru";
+    };
+  };
+
+  # networking.firewall = {
+  #   allowedTCPPorts = [
+  #     80
+  #     443
+  #     33073
+  #     10000
+  #     33080
+  #   ];
+  #   allowedUDPPorts = [ 3478 ];
+  #   allowedUDPPortRanges = [
+  #     {
+  #       from = 49152;
+  #       to = 65535;
+  #     }
+  #   ];
+  # };
+}

modules/vds-new/nginx.nix

@@ -0,0 +1,202 @@
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
+let
+  server = "100.64.0.0";
+in
+{
+  environment.etc."nginx/pubray".text = inputs.zeroq-credentials.services.xray.auth;
+  users.users.nginx.extraGroups = [ "acme" ];
+  services = {
+    nginx = {
+      enable = true;
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      appendHttpConfig = inputs.zeroq-credentials.services.xray.maps;
+      virtualHosts = {
+        # "pubray.zeroq.ru" = {
+        #   enableACME = true;
+        #   forceSSL = true;
+        #   root = "${inputs.zeroq-credentials.services.xray.subs}";
+        #   locations."/" = {
+        #     extraConfig = ''
+        #       auth_basic "Restricted";
+        #       auth_basic_user_file /etc/nginx/pubray;
+
+        #       if ($subfile = "") { return 403; }
+        #       rewrite ^/$ $subfile break;
+        #     '';
+        #   };
+        # };
+        "x.new.zeroq.ru" = {
+          forceSSL = true;
+          enableACME = true;
+          locations = {
+            "/" = {
+              proxyPass = "http://localhost:2049";
+              proxyWebsockets = true;
+            };
+            "/default" = {
+              proxyPass = "http://localhost:2053";
+              proxyWebsockets = true;
+            };
+            "/subs/" = {
+              proxyPass = "http://localhost:2096";
+              proxyWebsockets = true;
+            };
+          };
+        };
+        # "kuma.new.zeroq.ru" = {
+        #   forceSSL = true;
+        #   enableACME = true;
+        #   locations."/" = {
+        #     proxyPass = "http://${server}:4001";
+        #     proxyWebsockets = true;
+        #   };
+        #   extraConfig = ''
+        #     client_max_body_size 5G;
+        #   '';
+        # };
+        # "node-red.zeroq.ru" = {
+        #   forceSSL = true;
+        #   enableACME = true;
+        #   kTLS = true;
+        #   locations."/" = {
+        #     proxyPass = "http://${server}:1880";
+        #     proxyWebsockets = true;
+        #   };
+        #   extraConfig = ''
+        #     client_max_body_size 5G;
+        #   '';
+        # };
+        # "new.zeroq.ru" = {
+        #   forceSSL = true;
+        #   enableACME = true;
+        #   root = pkgs.writeTextDir "index.html" ''
+        #     <!doctype html>
+        #     <html>
+        #     <body>
+        #       <pre>What are you doing here?</pre>
+        #     </body>
+        #     </html>
+        #   '';
+        #   locations = {
+        #     "/guest/" = {
+        #       proxyPass = "http://${server}:80";
+        #       proxyWebsockets = true;
+        #     };
+        #     # "/.well-known/discord" = {
+        #     #   extraConfig = ''
+        #     #     default_type text/plain;
+        #     #     return 200 "dh=c2d103553a4cfdaa1b7952a87a7d8120a1e167cc";
+        #     #   '';
+        #     # };
+        #   };
+        # };
+        # "flux.new.zeroq.ru" = {
+        #   forceSSL = true;
+        #   enableACME = true;
+        #   locations."/" = {
+        #     proxyPass = "http://${server}:6061";
+        #     proxyWebsockets = true;
+        #   };
+        #   extraConfig = ''
+        #     client_max_body_size 5G;
+        #   '';
+        # };
+        # "office.new.zeroq.ru" = {
+        #   enableACME = true;
+        #   forceSSL = true;
+        #   locations = {
+        #     "/" = {
+        #       proxyPass = "http://${server}:9980"; # API и coauthoring
+        #       proxyWebsockets = true;
+        #     };
+        #   };
+        #   extraConfig = ''
+        #     client_max_body_size 5G;
+        #     proxy_set_header X-Forwarded-Proto $scheme;
+        #     proxy_set_header X-Real-IP $remote_addr;
+        #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        #   ''; # absolute_redirect off;
+        # };
+        # "immich.new.zeroq.ru" = {
+        #   forceSSL = true;
+        #   enableACME = true;
+        #   locations."/" = {
+        #     proxyPass = "http://${server}:2283";
+        #     proxyWebsockets = true;
+        #   };
+        #   extraConfig = ''
+        #     client_max_body_size 5G;
+        #   '';
+        # };
+        # "nextcloud.new.zeroq.ru" = {
+        #   forceSSL = true;
+        #   enableACME = true;
+        #   locations = {
+        #     "/" = {
+        #       proxyPass = "http://${server}:10000";
+        #       proxyWebsockets = true;
+        #     };
+        #     "/whiteboard" = {
+        #       proxyPass = "http://${server}:3002";
+        #       proxyWebsockets = true;
+        #     };
+        #   };
+        #   extraConfig = ''
+        #     client_max_body_size 5G;
+        #   '';
+        # };
+        # "calibre.new.zeroq.ru" = {
+        #   forceSSL = true;
+        #   enableACME = true;
+        #   locations."/" = {
+        #     proxyPass = "http://${server}:8083";
+        #     proxyWebsockets = true;
+        #   };
+        #   extraConfig = ''
+        #     client_max_body_size 5G;
+        #   '';
+        # };
+        # "pdf.new.zeroq.ru" = {
+        #   forceSSL = true;
+        #   enableACME = true;
+        #   locations."/" = {
+        #     proxyPass = "http://${server}:6060";
+        #     proxyWebsockets = true;
+        #   };
+        #   extraConfig = ''
+        #     client_max_body_size 5G;
+        #   '';
+        # };
+        # "ai.zeroq.ru" = {
+        #   forceSSL = true;
+        #   enableACME = true;
+        #   locations."/" = {
+        #     proxyPass = "http://${server}:11112";
+        #     proxyWebsockets = true;
+        #   };
+        #   extraConfig = ''
+        #     client_max_body_size 5G;
+        #   '';
+        # };
+      };
+    };
+  };
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "go.bin043120@gmail.com";
+    };
+  };
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+}

modules/vds/containers/3x-ui.nix

@@ -0,0 +1,108 @@
+# Auto-generated using compose2nix v0.3.3-pre.
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+
+{
+  # Runtime
+  virtualisation.podman = {
+    enable = true;
+    autoPrune = {
+      enable = true;
+      flags = [ "--all" ];
+    };
+    dockerCompat = true;
+  };
+
+  # Enable container name DNS for all Podman networks.
+  networking.firewall.interfaces =
+    let
+      matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
+    in
+    {
+      "${matchAll}".allowedUDPPorts = [ 53 ];
+    };
+
+  networking.firewall = {
+    allowedUDPPortRanges = [
+      {
+        from = 14380;
+        to = 15380;
+      }
+    ];
+    allowedTCPPortRanges = [
+      {
+        from = 14380;
+        to = 15380;
+      }
+    ];
+    allowedTCPPorts = [
+      8443
+      9443
+      13380
+    ];
+    allowedUDPPorts = [
+      8443
+      9443
+      13380
+    ];
+  };
+  virtualisation.oci-containers.backend = "podman";
+
+  # Containers
+  virtualisation.oci-containers.containers."3xui_app" = {
+    image = "ghcr.io/mhsanaei/3x-ui:latest";
+    environment = {
+      "XRAY_VMESS_AEAD_FORCED" = "false";
+      "XUI_ENABLE_FAIL2BAN" = "true";
+    };
+    volumes = [
+      "/mnt/containers/3x-ui/cert/:/root/cert:rw"
+      "/mnt/containers/3x-ui/db/:/etc/x-ui:rw"
+    ];
+    log-driver = "journald";
+    extraOptions = [
+      "--network=host"
+    ];
+  };
+  systemd.services."podman-3xui_app" = {
+    serviceConfig = {
+      Restart = lib.mkOverride 90 "always";
+    };
+    partOf = [
+      "podman-compose-3x-ui-root.target"
+    ];
+    wantedBy = [
+      "podman-compose-3x-ui-root.target"
+    ];
+  };
+
+  # Builds
+  systemd.services."podman-build-3xui_app" = {
+    path = [
+      pkgs.podman
+      pkgs.git
+    ];
+    serviceConfig = {
+      Type = "oneshot";
+      TimeoutSec = 300;
+    };
+    script = ''
+      cd /mnt/containers/3x-ui
+      podman build -t compose2nix/3xui_app -f ./Dockerfile .
+    '';
+  };
+
+  # Root service
+  # When started, this will automatically create all resources and start
+  # the containers. When stopped, this will teardown all resources.
+  systemd.targets."podman-compose-3x-ui-root" = {
+    unitConfig = {
+      Description = "Root target generated by compose2nix.";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+}

modules/vds/containers/default.nix

@@ -0,0 +1,16 @@
+{
+  config,
+  pkgs,
+  inputs,
+  ...
+}:
+{
+  imports = [
+    ./3x-ui.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    compose2nix
+    podman-tui
+  ];
+}

modules/vds/default.nix

@@ -4,11 +4,10 @@
 }:
 {
   imports = [
-    ../containers/3x-ui.nix
+    ./containers
     ./nginx.nix
-    ./samba.nix
-    # ./glances.nix
+    ./xray.nix
+    # ../services/uptime-kuma.nix
     # ./netbird.nix
-    # ./xray.nix
   ];
 }

modules/vds/glances.nix

@@ -1,15 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  services = {
-    glances = {
-      enable = true;
-      openFirewall = true;
-      port = 61208;
-    };
-  };
-}

modules/vds/netbird.nix

@@ -7,17 +7,17 @@
   services.netbird.server = {
     enable = false;
     enableNginx = true;
-    domain = "netbird.zeroq.su";
+    domain = "netbird.zeroq.ru";
     dashboard = {
       enable = false;
-      domain = "netbird.zeroq.su";
+      domain = "netbird.zeroq.ru";
       settings = {
         #AUTH_AUTHORITY = "nbp_ufe0v5mbb5H1lQWL8eJfuzJ5ItPmlM46Mik0";
       };
     };
     management = {
       enable = false;
-      domain = "netbird.zeroq.su";
+      domain = "netbird.zeroq.ru";
     };
   };
 

modules/vds/nginx.nix

@@ -8,7 +8,7 @@ let
   server = "100.64.0.0";
 in
 {
-  # environment.etc."nginx/pubray".text = inputs.zeroq-credentials.services.xray.auth;
+  environment.etc."nginx/pubray".text = inputs.zeroq-credentials.services.xray.auth;
   users.users.nginx.extraGroups = [ "acme" ];
   services = {
     nginx = {
@@ -17,9 +17,9 @@ in
       recommendedOptimisation = true;
       recommendedProxySettings = true;
       recommendedTlsSettings = true;
-      # appendHttpConfig = inputs.zeroq-credentials.services.xray.maps;
+      appendHttpConfig = inputs.zeroq-credentials.services.xray.maps;
       virtualHosts = {
-        # "pubray.zeroq.su" = {
+        # "pubray.zeroq.ru" = {
         #   enableACME = true;
         #   forceSSL = true;
         #   root = "${inputs.zeroq-credentials.services.xray.subs}";
@@ -33,7 +33,7 @@ in
         #     '';
         #   };
         # };
-        "x.zeroq.su" = {
+        "x.zeroq.ru" = {
           forceSSL = true;
           enableACME = true;
           locations = {
@@ -45,45 +45,20 @@ in
               proxyPass = "http://localhost:2096";
               proxyWebsockets = true;
             };
-            "/subsjs/" = {
-              proxyPass = "http://localhost:2096";
-              proxyWebsockets = true;
-            };
           };
         };
-        "kuma.zeroq.su" = {
+        "kuma.zeroq.ru" = {
           forceSSL = true;
           enableACME = true;
           locations."/" = {
             proxyPass = "http://${server}:4001";
             proxyWebsockets = true;
           };
+          extraConfig = ''
+            client_max_body_size 5G;
+          '';
         };
-        "health.zeroq.su" = {
-          forceSSL = true;
-          enableACME = true;
-          locations."/" = {
-            proxyPass = "http://${server}:19999";
-            proxyWebsockets = true;
-          };
-        };
-        "git.zeroq.su" = {
-          forceSSL = true;
-          enableACME = true;
-          locations."/" = {
-            proxyPass = "http://${server}:3000";
-            proxyWebsockets = true;
-          };
-        };
-        # "agent.zeroq.su" = {
-        #   forceSSL = true;
-        #   enableACME = true;
-        #   locations."/" = {
-        #     proxyPass = "http://${server}:3000";
-        #     proxyWebsockets = true;
-        #   };
-        # };
-        # "node-red.zeroq.su" = {
+        # "node-red.zeroq.ru" = {
         #   forceSSL = true;
         #   enableACME = true;
         #   kTLS = true;
@@ -95,7 +70,7 @@ in
         #     client_max_body_size 5G;
         #   '';
         # };
-        "zeroq.su" = {
+        "zeroq.ru" = {
           forceSSL = true;
           enableACME = true;
           root = pkgs.writeTextDir "index.html" ''
@@ -119,50 +94,34 @@ in
             # };
           };
         };
-        "flux.zeroq.su" = {
+        "flux.zeroq.ru" = {
           forceSSL = true;
           enableACME = true;
           locations."/" = {
             proxyPass = "http://${server}:6061";
             proxyWebsockets = true;
           };
+          extraConfig = ''
+            client_max_body_size 5G;
+          '';
         };
-        "n8n.zeroq.su" = {
-          forceSSL = true;
-          enableACME = true;
-          locations."/" = {
-            proxyPass = "http://${server}:5678";
-            proxyWebsockets = true;
-          };
-        };
-        "office.zeroq.su" = {
+        "office.zeroq.ru" = {
           enableACME = true;
           forceSSL = true;
           locations = {
             "/" = {
-              proxyPass = "http://${server}:8090";
+              proxyPass = "http://${server}:9980"; # API и coauthoring
               proxyWebsockets = true;
             };
           };
-          # extraConfig = ''
-          #   client_max_body_size 5G;
-
-          #   proxy_http_version 1.1;
-          #   proxy_buffering off;
-
-          #   proxy_set_header Host $host;
-          #   proxy_set_header X-Forwarded-Host $host;
-          #   proxy_set_header X-Forwarded-Proto $scheme;
-          #   proxy_set_header X-Real-IP $remote_addr;
-          #   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-          #   proxy_set_header Authorization $http_authorization;
-
-          #   proxy_set_header Upgrade $http_upgrade;
-          #   proxy_set_header Connection "upgrade";
-          # ''; # absolute_redirect off;
+          extraConfig = ''
+            client_max_body_size 5G;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          ''; # absolute_redirect off;
         };
-        "immich.zeroq.su" = {
+        "immich.zeroq.ru" = {
           forceSSL = true;
           enableACME = true;
           locations."/" = {
@@ -173,7 +132,7 @@ in
             client_max_body_size 5G;
           '';
         };
-        "nextcloud.zeroq.su" = {
+        "nextcloud.zeroq.ru" = {
           forceSSL = true;
           enableACME = true;
           locations = {
@@ -190,7 +149,7 @@ in
             client_max_body_size 5G;
           '';
         };
-        "calibre.zeroq.su" = {
+        "calibre.zeroq.ru" = {
           forceSSL = true;
           enableACME = true;
           locations."/" = {
@@ -201,18 +160,18 @@ in
             client_max_body_size 5G;
           '';
         };
-        "pdf.zeroq.su" = {
-          forceSSL = true;
-          enableACME = true;
-          locations."/" = {
-            proxyPass = "http://${server}:8446";
-            proxyWebsockets = true;
-          };
-          extraConfig = ''
-            client_max_body_size 5G;
-          '';
-        };
-        # "ai.zeroq.su" = {
+        # "pdf.zeroq.ru" = {
+        #   forceSSL = true;
+        #   enableACME = true;
+        #   locations."/" = {
+        #     proxyPass = "http://${server}:6060";
+        #     proxyWebsockets = true;
+        #   };
+        #   extraConfig = ''
+        #     client_max_body_size 5G;
+        #   '';
+        # };
+        # "ai.zeroq.ru" = {
         #   forceSSL = true;
         #   enableACME = true;
         #   locations."/" = {

modules/vds/samba.nix

@@ -1,56 +0,0 @@
-{
-  config,
-  xlib,
-  ...
-}:
-{
-  services.samba = {
-    enable = true;
-    nmbd = {
-      enable = false;
-    };
-    settings = {
-      global = {
-        "invalid users" = [ ];
-        "passwd program" = "/run/wrappers/bin/passwd %u";
-        security = "user";
-      };
-      nixos = {
-        "path" = "/etc/nixos";
-        "browseable" = "yes";
-        "read only" = "no";
-        "valid users" = "${xlib.device.username}";
-        "guest ok" = "no";
-        "writable" = "yes";
-        "create mask" = 755;
-        "directory mask" = 755;
-        "force user" = "${xlib.device.username}";
-        "force group" = "users";
-      };
-      root = {
-        "path" = "/";
-        "browseable" = "yes";
-        "read only" = "no";
-        "valid users" = "${xlib.device.username}";
-        "guest ok" = "no";
-        "writable" = "yes";
-        #"create mask" = 0644;
-        #"directory mask" = 0644;
-        "force user" = "root";
-        "force group" = "root";
-      };
-      "${xlib.device.username}" = {
-        "path" = "/home/${xlib.device.username}";
-        "browseable" = "yes";
-        "read only" = "no";
-        "valid users" = "${xlib.device.username}";
-        "guest ok" = "no";
-        "writable" = "yes";
-        "create mask" = 700;
-        "directory mask" = 700;
-        "force user" = "${xlib.device.username}";
-        "force group" = "users";
-      };
-    };
-  };
-}

modules/wsl/containers/default.nix

@@ -5,10 +5,6 @@
   ...
 }:
 {
-  imports = [
-    # ./3x-ui.nix
-  ];
-
   environment.systemPackages = with pkgs; [
     compose2nix
     podman-tui

modules/wsl/default.nix

@@ -1,17 +1,15 @@
 {
-  inputs,
   lib,
   pkgs,
   ...
 }:
 {
   imports = [
-    ../software/aichat.nix
     ../software/beets
     ../software/whisper.nix
-    ./containers
-    ./tools
-    #../server/open-webui.nix
+    ../software/aichat.nix
+    #../vds/docker.nix
     #../services/tts.nix
+    #../server/open-webui.nix
   ];
 }

overlays/pkgs.nix

@@ -1,8 +1,3 @@
-{
-  inputs,
-  ...
-}:
+{ inputs, ... }:
 self: super: {
-  rovr = inputs.self.packages.x86_64-linux.rovr;
-  pcbu-desktop = inputs.self.packages.x86_64-linux.pcbu-desktop;
 }

pkgs/default.nix

@@ -1,17 +1,9 @@
 { inputs, ... }@flakeContext:
 let
-  system = "x86_64-linux";
-  pkgs = import inputs.nixpkgs {
-    inherit system;
-    config = {
-      allowUnfree = true;
-    };
-  };
+  pkgs = import inputs.nixpkgs { system = "x86_64-linux"; };
 in
 {
-  packages.${system} = {
-    rovr = pkgs.callPackage ./rovr { };
-    pcbu-desktop = pkgs.callPackage ./pcbu-desktop { };
-    # immich = pkgs.callPackage ./immich { };
-  };
+  # packages."x86_64-linux" = {
+  #   immich = pkgs.callPackage ./immich/package.nix { };
+  # };
 }

pkgs/pcbu-desktop/default.nix

@@ -1,54 +0,0 @@
-{ pkgs }:
-
-let
-  pname = "pcbu-desktop";
-  version = "3.2.3";
-
-  src = pkgs.fetchurl {
-    url = "https://github.com/MeisApps/pcbu-desktop/releases/download/v${version}/PCBioUnlock-x64.AppImage";
-    sha256 = "sha256-+NxAm6vhMH51z6BscuFvaMidHN/3tNBR1g+i0q9hjWE=";
-  };
-
-in
-pkgs.appimageTools.wrapType2 {
-  inherit pname version src;
-
-  extraPkgs =
-    pkgs: with pkgs; [
-      glib
-      nss
-      nspr
-      libdrm
-      libGL
-      libxkbcommon
-      libX11
-      libXcursor
-      libXrandr
-      libXi
-      libXext
-      libXfixes
-      libXrender
-      libXtst
-      libxcrypt-legacy
-      gtk3
-      alsa-lib
-      at-spi2-atk
-      at-spi2-core
-      cups
-      dbus
-      expat
-      pango
-      cairo
-    ];
-
-  extraInstallCommands = ''
-    mkdir -p $out/share/applications
-    cat > $out/share/applications/${pname}.desktop <<EOF
-    [Desktop Entry]
-    Name=PCBU Desktop
-    Exec=${pname}
-    Type=Application
-    Categories=Utility;
-    EOF
-  '';
-}

pkgs/pcbu-desktop/readme.md

@@ -1,20 +0,0 @@
-Для сервиса пригодится:
-
-```
-    hardware.bluetooth.enable = true;
-    services.dbus.enable = true;
-    networking.firewall.allowedUDPPorts = [ ... ];
-    networking.firewall.allowedTCPPorts = [ ... ];
-```
-
----
-pcbu-desktop-3.2.3-fhsenv-rootfs> building '/nix/store/8q029crhzkqw1vqvjbnxvmpgpwfr9sk1-pcbu-desktop-3.2.3-fhsenv-rootfs.drv'
-pcbu-desktop-3.2.3-fhsenv-rootfs> structuredAttrs is enabled
-pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.locale? has path ?/system/locale/?.  Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
-pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.proxy? has path ?/system/proxy/?.  Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
-pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.proxy.http? has path ?/system/proxy/http/?.  Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
-pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.proxy.https? has path ?/system/proxy/https/?.  Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
-pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.proxy.ftp? has path ?/system/proxy/ftp/?.  Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
-pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.proxy.socks? has path ?/system/proxy/socks/?.  Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
-pcbu-desktop-3.2.3-bwrap> building '/nix/store/6pzpm3vzia2jjfjizh8yx8v1n8l9apnr-pcbu-desktop-3.2.3-bwrap.drv'
-pcbu-desktop> building '/nix/store/9jrq44m27r427rfxvbn3ym7b4y6hnnha-pcbu-desktop-3.2.3.drv'

pkgs/rovr/default.nix

@@ -1,74 +0,0 @@
-{ pkgs }:
-
-let
-  python = pkgs.python314.override {
-    packageOverrides = self: super: {
-      textual = super.textual.overridePythonAttrs (old: rec {
-        version = "7.1.0";
-        src = super.fetchPypi {
-          pname = "textual";
-          inherit version;
-          sha256 = "sha256-PHFI7wCpJ3tF/Xihpq3HxBnEUdPtcUoLAVsW6qKopzs=";
-        };
-      });
-    };
-  };
-
-  py = python.pkgs;
-
-  textualDeps = with py; [
-    textual
-    textual-autocomplete
-    textual-image
-    textual-speedups
-  ];
-
-  pythonDeps = with py; [
-    ujson
-    prompt-toolkit
-    rich
-    fastjsonschema
-    humanize
-    natsort
-    pathvalidate
-    pdf2image
-    pillow
-    platformdirs
-    psutil
-    puremagic
-    rarfile
-    rich-click
-    send2trash
-    tomli
-  ];
-
-in
-
-py.buildPythonApplication rec {
-  pname = "rovr";
-  version = "0.7.0";
-
-  src = py.fetchPypi {
-    inherit pname version;
-    format = "wheel";
-    dist = "py3";
-    python = "py3";
-    abi = "none";
-    platform = "any";
-    sha256 = "sha256-CMj3jepLSA2bMcl2r89HY/ghPXEIpF5RohkBkLj6iNw=";
-  };
-
-  format = "wheel";
-
-  propagatedBuildInputs = pythonDeps ++ textualDeps;
-
-  nativeBuildInputs = [ pkgs.stdenv.cc.cc.lib ];
-
-  doCheck = false;
-
-  meta = with pkgs.lib; {
-    description = "Terminal file manager rovr";
-    homepage = "https://pypi.org/project/rovr/";
-    license = licenses.mit;
-  };
-}