123123

123
2026-06-16 06:51:50 +03:00 · 2026-03-01 18:01:27 +03:00 · 2026-03-01 17:59:13 +03:00 · 2026-03-01 17:56:58 +03:00 · 2026-03-01 17:49:34 +03:00 · 2026-03-01 17:37:10 +03:00
88 changed files with 1104 additions and 2345 deletions
@@ -1 +0,0 @@
 * text=auto eol=lf
@@ -1 +0,0 @@
 .vscode
@@ -1 +1 @@
-I'm a super newbie who just posted my stuff here. Now maybe about intermediate
+I'm a super newbie who just posted my stuff here. Now maybe simple newbie
@@ -18,7 +18,7 @@
              };
            };
            swap = {
-              size = "6G";
+              size = "2G";
              content = {
                type = "swap";
              };
@@ -20,7 +20,7 @@
              };
            };
            swap = {
-              size = "4G";
+              size = "1G";
              content = {
                type = "swap";
              };
@@ -14,11 +14,11 @@
  boot = {
    initrd = {
-      # supportedFilesystems = [
+      supportedFilesystems = [
-      #   "nfs"
+        "nfs"
-      #   "nfsv4"
+        "nfsv4"
-      #   "overlay"
+        "overlay"
-      # ];
+      ];
      availableKernelModules = [
        "nvme"
        "xhci_pci"
@@ -51,13 +51,9 @@
    };
  };
-  zramSwap = {
+  # swapDevices = [
-    enable = true;
+  #   { device = "/dev/disk/by-partlabel/disk-main-swap"; }
-  };
+  # ];
  swapDevices = [
    { device = "/dev/disk/by-partlabel/disk-main-swap"; }
  ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
@@ -13,13 +13,9 @@
    };
  };
-  swapDevices = [
+  # swapDevices = [
-    { device = "/dev/disk/by-partlabel/disk-main-swap"; }
+  #   { device = "/dev/disk/by-partlabel/disk-main-swap"; }
-  ];
+  # ];
  zramSwap = {
    enable = true;
  };
  networking.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
@@ -69,11 +69,11 @@ let
      };
      services = {
-        # xserver = {
+        xserver = {
-        #   videoDrivers = [
+          videoDrivers = [
-        #     "nomodeset"
+            "nomodeset"
-        #   ];
+          ];
-        # };
+        };
        syncthing = {
          enable = true;
          systemService = true;
@@ -20,7 +20,7 @@ let
      ];
      boot = {
-        # kernelPackages = pkgs.linuxPackages_xanmod_stable;
+        kernelPackages = pkgs.linuxPackages_xanmod_stable;
        hardwareScan = true;
        loader = {
          systemd-boot.enable = lib.mkDefault true;
@@ -41,6 +41,10 @@ let
        intel-gpu-tools.enable = true;
      };
      # swapDevices = [
      #   { device = "/dev/disk/by-partlabel/disk-main-swap"; }
      # ];
      fileSystems = {
        # External drive
        "${xlib.dirs.server-home}" = {
@@ -48,7 +52,7 @@ let
          fsType = "ext4";
        };
        # Archive drive
-        "${xlib.dirs.archive-drive}" = {
+        "/mnt/archive" = {
          device = "/dev/disk/by-label/archive";
          fsType = "exfat";
          options = [
@@ -58,7 +62,7 @@ let
          ];
        };
        # Mobile SD-Card
-        "${xlib.dirs.mobile-drive}" = {
+        "/mnt/mobile" = {
          device = "/dev/disk/by-uuid/7EB1-DC99";
          fsType = "exfat";
          options = [
@@ -67,13 +71,15 @@ let
            "gid=1000"
          ];
        };
        # Services in /mnt folder
        "${xlib.dirs.services-mnt-folder}" = {
          device = "${xlib.dirs.services-folder}";
          fsType = "none";
          options = [
            "bind"
            "nofail"
            # "uid=1000"
            # "gid=1000"
            # "fmask=0000"
            # "dmask=0000"
          ];
        };
      };
@@ -46,6 +46,53 @@ let
            SystemMaxUse=512M
          '';
        };
        samba = {
          enable = true;
          openFirewall = true;
          settings = {
            global = {
              "invalid users" = [ ];
              "passwd program" = "/run/wrappers/bin/passwd %u";
              security = "user";
            };
            nixos = {
              "path" = "/etc/nixos";
              "browseable" = "yes";
              "read only" = "no";
              "valid users" = "${xlib.device.username}";
              "guest ok" = "no";
              "writable" = "yes";
              "create mask" = 755;
              "directory mask" = 755;
              "force user" = "${xlib.device.username}";
              "force group" = "users";
            };
            root = {
              "path" = "/";
              "browseable" = "yes";
              "read only" = "no";
              "valid users" = "${xlib.device.username}";
              "guest ok" = "no";
              "writable" = "yes";
              #"create mask" = 0644;
              #"directory mask" = 0644;
              "force user" = "root";
              "force group" = "root";
            };
            "${xlib.device.username}" = {
              "path" = "/home/${xlib.device.username}";
              "browseable" = "yes";
              "read only" = "no";
              "valid users" = "${xlib.device.username}";
              "guest ok" = "no";
              "writable" = "yes";
              "create mask" = 700;
              "directory mask" = 700;
              "force user" = "${xlib.device.username}";
              "force group" = "users";
            };
          };
        };
        openssh = {
          enable = true;
          allowSFTP = true;
@@ -26,7 +26,7 @@ let
      ];
      boot = {
-        # kernelPackages = pkgs.linuxPackages_xanmod_stable;
+        kernelPackages = pkgs.linuxPackages_xanmod_stable;
        hardwareScan = true;
        loader = {
          grub = {
@@ -37,12 +37,6 @@ let
          };
          systemd-boot.enable = lib.mkDefault false;
        };
        kernel.sysctl = {
          "net.ipv4.tcp_syncookies" = 1;
          "net.ipv4.tcp_max_syn_backlog" = 4096;
          "net.ipv4.tcp_synack_retries" = 3;
          "net.ipv4.tcp_syn_retries" = 3;
        };
      };
      services = {
@@ -52,6 +46,53 @@ let
            SystemMaxUse=512M
          '';
        };
        samba = {
          enable = true;
          openFirewall = true;
          settings = {
            global = {
              "invalid users" = [ ];
              "passwd program" = "/run/wrappers/bin/passwd %u";
              security = "user";
            };
            nixos = {
              "path" = "/etc/nixos";
              "browseable" = "yes";
              "read only" = "no";
              "valid users" = "${xlib.device.username}";
              "guest ok" = "no";
              "writable" = "yes";
              "create mask" = 755;
              "directory mask" = 755;
              "force user" = "${xlib.device.username}";
              "force group" = "users";
            };
            root = {
              "path" = "/";
              "browseable" = "yes";
              "read only" = "no";
              "valid users" = "${xlib.device.username}";
              "guest ok" = "no";
              "writable" = "yes";
              #"create mask" = 0644;
              #"directory mask" = 0644;
              "force user" = "root";
              "force group" = "root";
            };
            "${xlib.device.username}" = {
              "path" = "/home/${xlib.device.username}";
              "browseable" = "yes";
              "read only" = "no";
              "valid users" = "${xlib.device.username}";
              "guest ok" = "no";
              "writable" = "yes";
              "create mask" = 700;
              "directory mask" = 700;
              "force user" = "${xlib.device.username}";
              "force group" = "users";
            };
          };
        };
        openssh = {
          enable = true;
          allowSFTP = true;
@@ -73,49 +114,28 @@ let
          openFirewall = true;
        };
      };
      networking = {
        nameservers = [
          "1.1.1.1"
          "8.8.8.8"
-          # "2001:4860:4860::8844"
+          "2001:4860:4860::8844"
-          # "2001:4860:4860::8888"
+          "2001:4860:4860::8888"
-          # "2606:4700:4700::1111"
+          "2606:4700:4700::1111"
-          # "2606:4700:4700::1001"
+          "2606:4700:4700::1001"
        ];
        hostName = "${xlib.device.hostname}";
        networkmanager.enable = true;
        tempAddresses = "disabled";
        dhcpcd = {
          enable = true;
-          IPv6rs = false;
+          IPv6rs = true;
        };
        firewall = {
          enable = true;
          allowPing = true;
        };
-        nftables = {
+        enableIPv6 = true;
          enable = true;
          ruleset = ''
            table inet filter {
              chain input {
                type filter hook input priority 0;
                # loopback
                iif lo accept
                # уже установленные
                ct state established,related accept
                # РЕЖЕМ SYN СРАЗУ
                tcp flags syn tcp dport {80,443} limit rate 20/second burst 40 packets accept
                tcp flags syn tcp dport {80,443} drop
                # остальное по необходимости
              }
            }
          '';
        };
        enableIPv6 = false;
        interfaces.ens3 = {
          useDHCP = true;
          # ipv4.addresses = [
@@ -1,5 +1,26 @@
 {
  "nodes": {
    "compose2nix": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ],
        "onchg": "onchg"
      },
      "locked": {
        "lastModified": 1768176895,
        "narHash": "sha256-GvcYMsrvQ1yjehcKmnlniBQM8HP9U/v7qSvfnxj3VtA=",
        "owner": "aksiksi",
        "repo": "compose2nix",
        "rev": "e36aecd3649f43d745a5f837bf91c27c4499e203",
        "type": "github"
      },
      "original": {
        "owner": "aksiksi",
        "repo": "compose2nix",
        "type": "github"
      }
    },
    "deploy-rs": {
      "inputs": {
        "flake-compat": [
@@ -13,11 +34,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1781023725,
+        "lastModified": 1770019181,
-        "narHash": "sha256-Gt+qFANcrDRjl3xzidLYrAUQCd3808iuAsLwZbYYAEU=",
+        "narHash": "sha256-hwsYgDnby50JNVpTRYlF3UR/Rrpt01OrxVuryF40CFY=",
        "owner": "serokell",
        "repo": "deploy-rs",
-        "rev": "2ce9051767ee4d1a3c43b52ba327431783bfd463",
+        "rev": "77c906c0ba56aabdbc72041bf9111b565cdd6171",
        "type": "github"
      },
      "original": {
@@ -33,11 +54,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1781152676,
+        "lastModified": 1769524058,
-        "narHash": "sha256-RxWs5ND31KzTG7wvMM+PMfUjyNpmIEr999lqNARaM5o=",
+        "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "ff8702b4de27f72b4c78573dfb89ec74e36abdf1",
+        "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
        "type": "github"
      },
      "original": {
@@ -61,6 +82,21 @@
        "type": "github"
      }
    },
    "flake-utils": {
      "locked": {
        "lastModified": 1652776076,
        "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "grub2-themes": {
      "inputs": {
        "nixpkgs": [
@@ -88,11 +124,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1781365335,
+        "lastModified": 1771037579,
-        "narHash": "sha256-zqDBhXMzfbdlO7F2bGHe7MOtB3xngd/+4ieMHDC+ZXo=",
+        "narHash": "sha256-NX5XuhGcsmk0oEII2PEtMRgvh2KaAv3/WWQsOpxAgR4=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "5b6f5733726a1b2ccafb5dec6ac4ca7299fad66c",
+        "rev": "05e6dc0f6ed936f918cb6f0f21f1dad1e4c53150",
        "type": "github"
      },
      "original": {
@@ -101,16 +137,56 @@
        "type": "github"
      }
    },
-    "nixos-hardware": {
+    "musnix": {
      "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1781168557,
+        "lastModified": 1767232402,
-        "narHash": "sha256-LOnLQ2tpYF9gqIDDr3+j3DbpJJr/QCH6zPRT2GzEUOE=",
+        "narHash": "sha256-li+h6crnhc5Zqs+M6pn7D7M0W9M63ECNennDjRgzioE=",
        "owner": "musnix",
        "repo": "musnix",
        "rev": "d65f98e0b1f792365f1705653d7b2d266ceeff6e",
        "type": "github"
      },
      "original": {
        "owner": "musnix",
        "repo": "musnix",
        "type": "github"
      }
    },
    "nix-pre-commit": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": [
          "compose2nix",
          "onchg",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1653259102,
        "narHash": "sha256-XfCEu4zur/N2Dk4v8wFiQAgJ7bgNqPqwWp1vBXkeczM=",
        "owner": "jmgilman",
        "repo": "nix-pre-commit",
        "rev": "6a99b2711c7eac9960939d8eb91e84322b22d50c",
        "type": "github"
      },
      "original": {
        "owner": "jmgilman",
        "repo": "nix-pre-commit",
        "type": "github"
      }
    },
    "nixos-hardware": {
      "locked": {
        "lastModified": 1770882871,
        "narHash": "sha256-nw5g+xl3veea+maxJ2/81tMEA/rPq9aF1H5XF35X+OE=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "6358ff76821101c178e3ab4919a62799bfe3652e",
+        "rev": "af04cb78aa85b2a4d1c15fc7270347e0d0eda97b",
        "type": "github"
      },
      "original": {
@@ -130,11 +206,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1781182279,
+        "lastModified": 1770657009,
-        "narHash": "sha256-V5EQQbDnmdiXGQXrEF1PEL7QYsFqfH8N1E89Z5ONwFk=",
+        "narHash": "sha256-v/LA5ZSJ+JQYzMSKB4sySM0wKfsAqddNzzxLLnbsV/E=",
        "owner": "nix-community",
        "repo": "NixOS-WSL",
-        "rev": "5675822ba756e6e56f8f6a5a76e90e0da2ece94d",
+        "rev": "5b50ea1aaa14945d4794c80fcc99c4aa1db84d2d",
        "type": "github"
      },
      "original": {
@@ -146,56 +222,27 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1767892417,
+        "lastModified": 1770843696,
-        "narHash": "sha256-8bW3q88CEg2u4hSP66Vf4lpbLonHz7hqDNBMcCY7E9U=",
+        "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=",
        "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba",
        "type": "tarball",
        "url": "https://releases.nixos.org/nixos/unstable/nixos-26.05pre924538.3497aa5c9457/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
        "url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz"
      }
    },
    "nixpkgs-beets": {
      "locked": {
        "lastModified": 1774610258,
        "narHash": "sha256-HaThtroVD9wRdx7KQk0B75JmFcXlMUoEdDFNOMOlsOs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "832efc09b4caf6b4569fbf9dc01bec3082a00611",
+        "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "rev": "832efc09b4caf6b4569fbf9dc01bec3082a00611",
        "type": "github"
      }
    },
    "nixpkgs-calibre": {
      "locked": {
        "lastModified": 1776255774,
        "narHash": "sha256-psVTpH6PK3q1htMJpmdz1hLF5pQgEshu7gQWgKO6t6Y=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "566acc07c54dc807f91625bb286cb9b321b5f42a",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "566acc07c54dc807f91625bb286cb9b321b5f42a",
        "type": "github"
      }
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1781461743,
+        "lastModified": 1771056776,
-        "narHash": "sha256-gjBRAyMLpEJ+xtfHNLNE+5iFiSREBMmEYp8hFtL0Afs=",
+        "narHash": "sha256-0l776LxthDY08ujQ1h83k9z6K5vBg1bGc415AWeFOOI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "94af5fb07bc318fb359ad100ab64457ccbbaf38a",
+        "rev": "d22fe1660f1f1ccbd52c9d2c09e92fe3861dd691",
        "type": "github"
      },
      "original": {
@@ -207,11 +254,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1780952837,
+        "lastModified": 1770770419,
-        "narHash": "sha256-Fwd1+spDtQ0hDyBwme6ufG3n4mY0UrjjFdYHv+G/Hds=",
+        "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e820eb4a444b46a19b2e03e8dfd2359439ff30fe",
+        "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a",
        "type": "github"
      },
      "original": {
@@ -221,19 +268,65 @@
        "type": "github"
      }
    },
-    "nixpkgs_2": {
+    "noctalia": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1781074563,
+        "lastModified": 1771045170,
-        "narHash": "sha256-md8WlXOlfnIeHeOScMTTHFyf2d6iaTwPl2apR5EQ3P4=",
+        "narHash": "sha256-esBQIlClWRgYYvtYW27N79fCbOUkuFj3gxwJrb8WFX4=",
-        "owner": "NixOS",
+        "owner": "noctalia-dev",
-        "repo": "nixpkgs",
+        "repo": "noctalia-shell",
-        "rev": "9ae611a455b90cf061d8f332b977e387bda8e1ca",
+        "rev": "92612c09a9dce53d5dd60e53f066160f1cdf13b4",
        "type": "github"
      },
      "original": {
-        "owner": "NixOS",
+        "owner": "noctalia-dev",
-        "ref": "nixos-unstable",
+        "repo": "noctalia-shell",
-        "repo": "nixpkgs",
+        "type": "github"
      }
    },
    "nypkgs": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1761401328,
        "narHash": "sha256-1Mylp3ZHkft5Sg5VzMpRRvSNsuuO/Oj+cBqjkFoOnRg=",
        "owner": "yunfachi",
        "repo": "nypkgs",
        "rev": "193c13630997d000e72e9ae6f6bfe9b71f5c4b3f",
        "type": "github"
      },
      "original": {
        "owner": "yunfachi",
        "repo": "nypkgs",
        "type": "github"
      }
    },
    "onchg": {
      "inputs": {
        "nix-pre-commit": "nix-pre-commit",
        "nixpkgs": [
          "compose2nix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1720368454,
        "narHash": "sha256-NUSw3G2gsQX8/G64/pDBb1oitM+x13m7nFRvpiI4a+s=",
        "owner": "aksiksi",
        "repo": "onchg-rs",
        "rev": "c42b693d10920874b3644ef1502e33318409d69c",
        "type": "github"
      },
      "original": {
        "owner": "aksiksi",
        "repo": "onchg-rs",
        "type": "github"
      }
    },
@@ -247,11 +340,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1775856943,
+        "lastModified": 1770766818,
-        "narHash": "sha256-b7Mp7P+q2Md5AGt4rjHfMcBykzMumFTen10ST++AuTU=",
+        "narHash": "sha256-12RCFLyAedyMOdenUi7cN3ioJPEGjA/ZG1BLjugfUVs=",
        "owner": "nix-community",
        "repo": "plasma-manager",
-        "rev": "a524a6160e6df89f7673ba293cf7d78b559eb1a5",
+        "rev": "44b928068359b7d2310a34de39555c63c93a2c90",
        "type": "github"
      },
      "original": {
@@ -262,18 +355,20 @@
    },
    "root": {
      "inputs": {
        "compose2nix": "compose2nix",
        "deploy-rs": "deploy-rs",
        "disko": "disko",
        "flake-compat": "flake-compat",
        "grub2-themes": "grub2-themes",
        "home-manager": "home-manager",
        "musnix": "musnix",
        "nixos-hardware": "nixos-hardware",
        "nixos-wsl": "nixos-wsl",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
        "nixpkgs-beets": "nixpkgs-beets",
        "nixpkgs-calibre": "nixpkgs-calibre",
        "nixpkgs-master": "nixpkgs-master",
        "nixpkgs-stable": "nixpkgs-stable",
        "noctalia": "noctalia",
        "nypkgs": "nypkgs",
        "plasma-manager": "plasma-manager",
        "sops-nix": "sops-nix",
        "utils": "utils",
@@ -288,11 +383,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1780547341,
+        "lastModified": 1770683991,
-        "narHash": "sha256-Gq8KNx5A7hBB3uGJaj6eQfLDIz5YdLu92gqBcvHvoUo=",
+        "narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "9ed65852b6257fbeae4355bc24ecfea307ca759a",
+        "rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033",
        "type": "github"
      },
      "original": {
@@ -6,12 +6,11 @@
    zapret.url = "github:oqyude/zapret-easyflake"; # stupid flake of zapret
    # nixpkgs
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
    # nixpkgs-last-unstable.url = "github:NixOS/nixpkgs/6b4955211758ba47fac850c040a27f23b9b4008f";
-    nixpkgs-calibre.url = "github:NixOS/nixpkgs/566acc07c54dc807f91625bb286cb9b321b5f42a";
+    # nixpkgs-calibre.url = "github:NixOS/nixpkgs/e6f23dc08d3624daab7094b701aa3954923c6bbb";
    nixpkgs-master.url = "github:NixOS/nixpkgs/master";
    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
    nixpkgs-beets.url = "github:NixOS/nixpkgs/832efc09b4caf6b4569fbf9dc01bec3082a00611"; # 2343bbb58f99267223bc2aac4fc9ea301a155a16
    #nixpkgs-fingerprint.url = "github:NixOS/nixpkgs/nixos-24.11";
    # nix-community
@@ -37,10 +36,14 @@
    # nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
    # flake-utils.url = "github:numtide/flake-utils";
    # flake-parts.url = "github:hercules-ci/flake-parts";
-    # noctalia = {
+    # nur = {
-    #   url = "github:noctalia-dev/noctalia-shell";
+    #   url = "github:nix-community/NUR";
    #   inputs.nixpkgs.follows = "nixpkgs";
    # };
    noctalia = {
      url = "github:noctalia-dev/noctalia-shell";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    home-manager = {
      url = "github:nix-community/home-manager"; # flake:home-manager
      inputs.nixpkgs.follows = "nixpkgs";
@@ -57,18 +60,14 @@
        home-manager.follows = "home-manager";
      };
    };
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    grub2-themes = {
      url = "github:vinceliuice/grub2-themes";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # nix-index-database = {
    #   url = "github:nix-community/nix-index-database";
    #   inputs.nixpkgs.follows = "nixpkgs";
    # };
    compose2nix = {
      url = "github:aksiksi/compose2nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # extras
    # nix-gaming.url = "github:fufexan/nix-gaming";
@@ -79,15 +78,23 @@
    #     flake-compat.follows = "flake-compat";
    #   };
    # };
-    # musnix = {
+    musnix = {
-    #   url = "github:musnix/musnix";
+      url = "github:musnix/musnix";
-    #   inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs.follows = "nixpkgs";
-    # };
+    };
-    # nypkgs = {
+    grub2-themes = {
-    #   # https://github.com/yunfachi/nypkgs
+      url = "github:vinceliuice/grub2-themes";
-    #   url = "github:yunfachi/nypkgs";
+      inputs.nixpkgs.follows = "nixpkgs";
-    #   inputs.nixpkgs.follows = "nixpkgs";
+    };
-    # };
+    nypkgs = {
      # https://github.com/yunfachi/nypkgs
      url = "github:yunfachi/nypkgs";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # stylix = {
    #   url = "github:danth/stylix";
    #   inputs = {
@@ -5,7 +5,7 @@
  imports = [
    ./gramps.nix
    ./streamrip.nix
-    # ./v2rayn.nix
+    ./v2rayn.nix
    ./yt-dlp.nix
  ];
 }
@@ -4,7 +4,18 @@
  xlib,
  ...
 }:
 let
  streamripPath = "${xlib.dirs.wsl-storage}/streamrip";
 in
 {
  xdg = {
    configFile = {
      "streamrip" = {
        source = config.lib.file.mkOutOfStoreSymlink streamripPath;
        target = "streamrip";
      };
    };
  };
  home.packages = [
    pkgs.streamrip
  ];
@@ -15,7 +15,7 @@ let
        ];
        home = {
          username = username;
-          stateVersion = lib.mkDefault "26.05";
+          stateVersion = lib.mkDefault "25.05";
          homeDirectory =
            if username == "root" then lib.mkDefault "/${username}" else lib.mkDefault "/home/${username}";
          enableNixpkgsReleaseCheck = false;
@@ -24,7 +24,7 @@ let
      mkRootModule = username: {
        home = {
          username = username;
-          stateVersion = lib.mkDefault "26.05";
+          stateVersion = lib.mkDefault "25.05";
          homeDirectory =
            if username == "root" then lib.mkDefault "/${username}" else lib.mkDefault "/home/${username}";
          enableNixpkgsReleaseCheck = false;
@@ -36,7 +36,7 @@ let
        ];
        home = {
          username = username;
-          stateVersion = lib.mkDefault "26.05";
+          stateVersion = lib.mkDefault "25.05";
          homeDirectory =
            if username == "root" then lib.mkDefault "/${username}" else lib.mkDefault "/home/${username}";
          enableNixpkgsReleaseCheck = false;
@@ -75,6 +75,7 @@
      # Games
      #ludusavi
      #prismlauncher
      steam
      #lutris
      # AI
@@ -8,8 +8,12 @@
 let
  symlinksPaths = {
    # cfg
    "${xlib.dirs.user-storage}/ssh/config" = ".ssh/config";
    "${xlib.dirs.user-storage}/beets" = ".config/beets";
    "${xlib.dirs.user-storage}/ludusavi" = ".config/ludusavi";
    "${xlib.dirs.user-storage}/solaar" = ".config/solaar";
    "${xlib.dirs.user-storage}/easyeffects" = ".config/easyeffects";
    "${xlib.dirs.user-storage}/KeePassXC" = ".config/keepassxc";
    "${xlib.dirs.user-storage}/v2rayN" = ".local/share/v2rayN";
    "/etc/nixos" = "Configuration";
@@ -8,13 +8,18 @@
 let
  symlinksPaths = {
    # cfg
    "${xlib.dirs.user-storage}/ssh/config" = ".ssh/config";
    "${xlib.dirs.user-storage}/beets" = ".config/beets";
    "${xlib.dirs.user-storage}/ludusavi" = ".config/ludusavi";
    "${xlib.dirs.user-storage}/solaar" = ".config/solaar";
    "${xlib.dirs.user-storage}/easyeffects" = ".config/easyeffects";
    "${xlib.dirs.user-storage}/KeePassXC" = ".config/keepassxc";
    "${xlib.dirs.user-storage}/v2rayN" = ".local/share/v2rayN";
    "/etc/nixos" = "Configuration";
    "${config.home.homeDirectory}/Games/PrismLaunchers/${config.home.username}" =
      ".local/share/PrismLauncher";
-    "${xlib.dirs.lamet-drive}/Users/oqyude/Music" = "Music";
+    #"${xlib.dirs.lamet-drive}/Users/oqyude/Music" = "Music";
  };
  mkLinks = lib.mapAttrs' (sourcePath: targetPath: {
    name = targetPath;
@@ -8,6 +8,9 @@
 let
  symlinksPaths = {
    "${config.home.homeDirectory}/External/Music" = "Music";
    "${xlib.dirs.storage}/beets" = ".config/beets";
    "${xlib.dirs.storage}/ssh/config" = ".ssh/config";
    "${xlib.dirs.storage}/ssh/known_hosts" = ".ssh/known_hosts";
  };
  mkLinks = lib.mapAttrs' (sourcePath: targetPath: {
    name = targetPath;
@@ -9,7 +9,10 @@ let
  symlinksPaths = {
    "${config.home.homeDirectory}/External/Music" = "Music";
    "${xlib.dirs.wsl-home}" = "External";
-    "${xlib.dirs.wsl-storage}" = "Storage";
+    "${xlib.dirs.wsl-storage}/beets" = ".config/beets";
    "${xlib.dirs.wsl-storage}/ssh/config" = ".ssh/config";
    "${xlib.dirs.wsl-storage}/ssh/known_hosts" = ".ssh/known_hosts";
    "${xlib.dirs.wsl-storage}/flow" = ".config/flow";
  };
  mkLinks = lib.mapAttrs' (sourcePath: targetPath: {
    name = targetPath;
@@ -1,131 +0,0 @@
 {
  config,
  lib,
  pkgs,
  xlib,
  ...
 }:
 {
  virtualisation = {
    podman = {
      enable = true;
      autoPrune = {
        enable = true;
        flags = [ "--all" ];
      };
      dockerCompat = true;
    };
    oci-containers = {
      backend = "podman";
      containers."3xui_app" = {
        image = "ghcr.io/mhsanaei/3x-ui:latest";
        environment = {
          "XRAY_VMESS_AEAD_FORCED" = "false";
          "XUI_ENABLE_FAIL2BAN" = "true";
          "TZ" = "Europe/Moscow";
        };
        volumes = [
          "${xlib.dirs.services-mnt-folder}/containers/3x-ui/cert/:/root/cert:rw"
          "${xlib.dirs.services-mnt-folder}/containers/3x-ui/db/:/etc/x-ui:rw"
        ];
        log-driver = "journald";
        extraOptions = [
          "--network=host"
        ];
      };
    };
  };
  systemd = {
    services = {
      "podman-3xui_app" = {
        serviceConfig = {
          Restart = lib.mkOverride 90 "always";
        };
        partOf = [
          "podman-compose-3x-ui-root.target"
        ];
        wantedBy = [
          "podman-compose-3x-ui-root.target"
        ];
      };
      # Update
      "podman-update-3xui_app" = {
        path = [
          pkgs.podman
        ];
        serviceConfig = {
          Type = "oneshot";
          TimeoutSec = 300;
        };
        script = ''
          podman pull ghcr.io/mhsanaei/3x-ui:latest
          systemctl restart podman-3xui_app.service
        '';
      };
      # Builds
      # "podman-build-3xui_app" = {
      #   path = [
      #     pkgs.podman
      #     pkgs.git
      #   ];
      #   serviceConfig = {
      #     Type = "oneshot";
      #     TimeoutSec = 300;
      #   };
      #   script = ''
      #     cd /mnt/containers/3x-ui
      #     podman build -t compose2nix/3xui_app -f ./Dockerfile .
      #   '';
      # };
    };
    # Root service
    # When started, this will automatically create all resources and start
    # the containers. When stopped, this will teardown all resources.
    targets."podman-compose-3x-ui-root" = {
      unitConfig = {
        Description = "Root target generated by compose2nix.";
      };
      wantedBy = [ "multi-user.target" ];
    };
    timers."podman-update-3xui_app" = {
      wantedBy = [ "timers.target" ];
      timerConfig = {
        OnCalendar = "weekly";
        Persistent = true;
      };
    };
    # Folders
    tmpfiles.rules = [
      "d /mnt 0755 root root -"
      "d /mnt/containers 0755 root root -"
      "d /mnt/services/containers 0755 root root -"
      "d /mnt/services/containers/3x-ui 0755 root root -"
      "d /mnt/services/containers/3x-ui/cert 0755 root root -"
      "d /mnt/services/containers/3x-ui/db 0755 root root -"
    ];
  };
  # Enable container name DNS for all Podman networks.
  networking.firewall = {
    allowedUDPPortRanges = [
      {
        from = 14380;
        to = 15380;
      }
    ];
    allowedTCPPortRanges = [
      {
        from = 14380;
        to = 15380;
      }
    ];
    interfaces =
      let
        matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
      in
      {
        "${matchAll}".allowedUDPPorts = [ 53 ];
      };
  };
 }
@@ -1,121 +0,0 @@
 {
  pkgs,
  lib,
  config,
  xlib,
  ...
 }:
 {
  # Runtime
  virtualisation.podman = {
    enable = true;
    autoPrune.enable = true;
    dockerCompat = true;
    dockerSocket.enable = true;
    defaultNetwork.settings.dns_enabled = true;
  };
  # Enable container name DNS for all Podman networks.
  networking.firewall.interfaces =
    let
      matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
    in
    {
      "${matchAll}".allowedUDPPorts = [ 53 ];
    };
  virtualisation.oci-containers.backend = "podman";
  # Containers
  virtualisation.oci-containers.containers."openhands-app" = {
    image = "ghcr.io/openhands/openhands:latest";
    environment = {
      "AGENT_SERVER_IMAGE_REPOSITORY" = "ghcr.io/openhands/agent-server";
      "AGENT_SERVER_IMAGE_TAG" = "31536c8-python";
      "WORKSPACE_MOUNT_PATH" = "${xlib.dirs.services-mnt-folder}/containers/openhands/workspace";
    };
    volumes = [
      "${xlib.dirs.services-mnt-folder}/containers/openhands/userspace:/.openhands:rw"
      "${xlib.dirs.services-mnt-folder}/containers/openhands/workspace:/opt/workspace_base:rw"
      "/run/podman/podman.sock:/var/run/docker.sock:rw"
    ];
    ports = [
      "3000:3000/tcp"
    ];
    log-driver = "journald";
    extraOptions = [
      # "--network=host"
      "--add-host=host.docker.internal:host-gateway"
      "--network-alias=openhands"
      "--network=openhands_default"
    ];
  };
  systemd.services."podman-openhands-app" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "no";
    };
    after = [
      "podman-network-openhands_default.service"
    ];
    requires = [
      "podman-network-openhands_default.service"
    ];
    partOf = [
      "podman-compose-openhands-root.target"
    ];
    wantedBy = [
      "podman-compose-openhands-root.target"
    ];
  };
  # Networks
  systemd.services."podman-network-openhands_default" = {
    path = [ pkgs.podman ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
      ExecStop = "podman network rm -f openhands_default";
    };
    script = ''
      podman network inspect openhands_default || podman network create openhands_default
    '';
    partOf = [ "podman-compose-openhands-root.target" ];
    wantedBy = [ "podman-compose-openhands-root.target" ];
  };
  # Builds
  # systemd.services."podman-build-openhands-app" = {
  #   enable = false;
  #   path = [
  #     pkgs.podman
  #     pkgs.git
  #   ];
  #   serviceConfig = {
  #     Type = "oneshot";
  #     TimeoutSec = 300;
  #   };
  #   script = ''
  #     cd ${xlib.dirs.services-mnt-folder}/containers/openhands/source
  #     podman build -t openhands:latest -f ./containers/app/Dockerfile .
  #   '';
  # };
  # Root service
  # When started, this will automatically create all resources and start
  # the containers. When stopped, this will teardown all resources.
  systemd.targets."podman-compose-openhands-root" = {
    unitConfig = {
      Description = "Root target generated by compose2nix.";
    };
    wantedBy = [ "multi-user.target" ];
  };
  systemd.tmpfiles.rules = [
    "d ${xlib.dirs.services-mnt-folder} 0755 root root -"
    "d ${xlib.dirs.services-mnt-folder}/containers 0755 root root -"
    "d ${xlib.dirs.services-mnt-folder}/containers/openhands 0755 root root -"
    "d ${xlib.dirs.services-mnt-folder}/containers/openhands/userspace 0755 root root -"
    "d ${xlib.dirs.services-mnt-folder}/containers/openhands/workspace 0755 root root -"
  ];
 }
@@ -1,15 +0,0 @@
 {
  config,
  lib,
  pkgs,
  inputs,
  xlib,
  ...
 }:
 {
  systemd.tmpfiles.rules = [
    "d ${xlib.dirs.services-mnt-folder} 0755 root root -"
    "d ${xlib.dirs.services-mnt-folder}/containers 0755 root root -"
    "d ${xlib.dirs.services-mnt-folder}/containers/remnanode 0755 root root -"
  ];
 }
@@ -1,115 +0,0 @@
 # Auto-generated by compose2nix.
 {
  pkgs,
  lib,
  config,
  ...
 }:
 {
  # Runtime
  virtualisation.podman = {
    enable = true;
    autoPrune.enable = true;
    dockerCompat = true;
  };
  # Enable container name DNS for all Podman networks.
  networking.firewall.interfaces =
    let
      matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
    in
    {
      "${matchAll}".allowedUDPPorts = [ 53 ];
    };
  virtualisation.oci-containers.backend = "podman";
  # Containers
  virtualisation.oci-containers.containers."remnawave-panel-1" = {
    image = "localhost/compose2nix/remnawave-panel-1";
    environment = {
      "API_INSTANCES" = "1";
      "APP_PORT" = "3000";
      "BANDWIDTH_USAGE_NOTIFICATIONS_ENABLED" = "false";
      "BANDWIDTH_USAGE_NOTIFICATIONS_THRESHOLD" = "[60, 80]";
      "CLOUDFLARE_TOKEN" = "ey...";
      "DATABASE_URL" = "postgresql://remnawave:remnawave@remnawave-db:5432/postgres";
      "FRONT_END_DOMAIN" = "*";
      "IS_DOCS_ENABLED" = "false";
      "IS_TELEGRAM_NOTIFICATIONS_ENABLED" = "false";
      "JWT_API_TOKENS_SECRET" =
        "787aa44c10130a9fa17ea3ea50c1248dd3e868f74941b96c09d608051399f88b95b67cd68d045aa39658b4b3fe933bf2b2c1437522498976f39f85ae1eab40da";
      "JWT_AUTH_SECRET" =
        "2bc14bacb6b82ce9e3ef69f8dd7bfb6b8a531f4f516902735d1d8f1bac8ff9b5077398f95b942b1adafc0ca1da4cdfd24a18539fa6eb26bee3f597a45deac94a";
      "METRICS_PASS" = "admin";
      "METRICS_PORT" = "3001";
      "METRICS_USER" = "admin";
      "NOT_CONNECTED_USERS_NOTIFICATIONS_AFTER_HOURS" = "[6, 24, 48]";
      "NOT_CONNECTED_USERS_NOTIFICATIONS_ENABLED" = "false";
      "PANEL_DOMAIN" = "rw.zeroq.ru";
      "POSTGRES_DB" = "remnawave";
      "POSTGRES_PASSWORD" = "gQLqOm2jK/Z1oBXCD18XSgr76M8ZqkVhHZbNKvZQXnY=";
      "POSTGRES_USER" = "remnawave";
      "REDIS_SOCKET" = "/var/run/valkey/valkey.sock";
      "SCALAR_PATH" = "/scalar";
      "SUB_PUBLIC_DOMAIN" = "rw.zeroq.ru/api/sub";
      "SWAGGER_PATH" = "/docs";
      # "TELEGRAM_BOT_TOKEN" = "change_me";
      # "TELEGRAM_NOTIFY_CRM" = "change_me";
      # "TELEGRAM_NOTIFY_NODES" = "change_me";
      # "TELEGRAM_NOTIFY_SERVICE" = "change_me";
      # "TELEGRAM_NOTIFY_TBLOCKER" = "change_me";
      # "TELEGRAM_NOTIFY_USERS" = "change_me";
      "WEBHOOK_ENABLED" = "false";
      "WEBHOOK_SECRET_HEADER" = "vsmu67Kmg6R8FjIOF1WUY8LWBHie4scdEqrfsKmyf4IAf8dY3nFS0wwYHkhh6ZvQ";
      "WEBHOOK_URL" = "https://your-webhook-url.com/endpoint";
    };
    ports = [
      "3003:3003/tcp"
    ];
    log-driver = "journald";
    extraOptions = [
      "--network-alias=remnawave-panel-1"
      "--network=remnawavebackend_default"
    ];
  };
  systemd.services."podman-remnawave-panel-1" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "always";
    };
    partOf = [
      "podman-compose-remnawave-root.target"
    ];
    wantedBy = [
      "podman-compose-remnawave-root.target"
    ];
  };
  # Builds
  systemd.services."podman-build-remnawave-panel-1" = {
    path = [
      pkgs.podman
      pkgs.git
    ];
    serviceConfig = {
      Type = "oneshot";
      TimeoutSec = 300;
    };
    script = ''
      cd /mnt/s/Deploy/remnawave-backend
      podman build -t compose2nix/remnawave-panel-1 .
    '';
  };
  # Root service
  # When started, this will automatically create all resources and start
  # the containers. When stopped, this will teardown all resources.
  systemd.targets."podman-compose-remnawave-root" = {
    unitConfig = {
      Description = "Root target generated by compose2nix.";
    };
    wantedBy = [ "multi-user.target" ];
  };
 }
@@ -1,290 +0,0 @@
 # Auto-generated by compose2nix.
 {
  pkgs,
  lib,
  config,
  ...
 }:
 {
  # Runtime
  virtualisation.podman = {
    enable = true;
    autoPrune.enable = true;
    dockerCompat = true;
  };
  # Enable container name DNS for all Podman networks.
  networking.firewall.interfaces =
    let
      matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
    in
    {
      "${matchAll}".allowedUDPPorts = [ 53 ];
    };
  virtualisation.oci-containers.backend = "podman";
  # Containers
  virtualisation.oci-containers.containers."remnawave" = {
    image = "remnawave/backend:2";
    environment = {
      "API_INSTANCES" = "1";
      "APP_PORT" = "3000";
      "BANDWIDTH_USAGE_NOTIFICATIONS_ENABLED" = "false";
      "BANDWIDTH_USAGE_NOTIFICATIONS_THRESHOLD" = "[60, 80]";
      "CLOUDFLARE_TOKEN" = "ey...";
      "DATABASE_URL" = "postgresql://remnawave:remnawave@remnawave-db:5432/postgres";
      "FRONT_END_DOMAIN" = "*";
      "IS_DOCS_ENABLED" = "false";
      "IS_TELEGRAM_NOTIFICATIONS_ENABLED" = "false";
      "JWT_API_TOKENS_SECRET" =
        "787aa44c10130a9fa17ea3ea50c1248dd3e868f74941b96c09d608051399f88b95b67cd68d045aa39658b4b3fe933bf2b2c1437522498976f39f85ae1eab40da";
      "JWT_AUTH_SECRET" =
        "2bc14bacb6b82ce9e3ef69f8dd7bfb6b8a531f4f516902735d1d8f1bac8ff9b5077398f95b942b1adafc0ca1da4cdfd24a18539fa6eb26bee3f597a45deac94a";
      "METRICS_PASS" = "admin";
      "METRICS_PORT" = "3001";
      "METRICS_USER" = "admin";
      "NOT_CONNECTED_USERS_NOTIFICATIONS_AFTER_HOURS" = "[6, 24, 48]";
      "NOT_CONNECTED_USERS_NOTIFICATIONS_ENABLED" = "false";
      "PANEL_DOMAIN" = "rw.zeroq.ru";
      "POSTGRES_DB" = "remnawave";
      "POSTGRES_PASSWORD" = "gQLqOm2jK/Z1oBXCD18XSgr76M8ZqkVhHZbNKvZQXnY=";
      "POSTGRES_USER" = "remnawave";
      "REDIS_SOCKET" = "/var/run/valkey/valkey.sock";
      "SCALAR_PATH" = "/scalar";
      "SUB_PUBLIC_DOMAIN" = "rw.zeroq.ru/api/sub";
      "SWAGGER_PATH" = "/docs";
      "TELEGRAM_BOT_TOKEN" = "change_me";
      "TELEGRAM_NOTIFY_CRM" = "change_me";
      "TELEGRAM_NOTIFY_NODES" = "change_me";
      "TELEGRAM_NOTIFY_SERVICE" = "change_me";
      "TELEGRAM_NOTIFY_TBLOCKER" = "change_me";
      "TELEGRAM_NOTIFY_USERS" = "change_me";
      "WEBHOOK_ENABLED" = "false";
      "WEBHOOK_SECRET_HEADER" = "vsmu67Kmg6R8FjIOF1WUY8LWBHie4scdEqrfsKmyf4IAf8dY3nFS0wwYHkhh6ZvQ";
      "WEBHOOK_URL" = "https://your-webhook-url.com/endpoint";
    };
    volumes = [
      "valkey-socket:/var/run/valkey:rw"
    ];
    ports = [
      "127.0.0.1:3000:3000/tcp"
      "127.0.0.1:3001:3001/tcp"
    ];
    dependsOn = [
      "remnawave-db"
      "remnawave-redis"
    ];
    log-driver = "journald";
    extraOptions = [
      "--health-cmd=curl -f http://localhost:3001/health"
      "--health-interval=30s"
      "--health-retries=3"
      "--health-start-period=30s"
      "--health-timeout=5s"
      "--hostname=remnawave"
      "--network-alias=remnawave"
      "--network=remnawave-network"
    ];
  };
  systemd.services."podman-remnawave" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "always";
    };
    after = [
      "podman-network-remnawave-network.service"
      "podman-volume-valkey-socket.service"
    ];
    requires = [
      "podman-network-remnawave-network.service"
      "podman-volume-valkey-socket.service"
    ];
    partOf = [
      "podman-compose-remnawave-root.target"
    ];
    wantedBy = [
      "podman-compose-remnawave-root.target"
    ];
  };
  virtualisation.oci-containers.containers."remnawave-db" = {
    image = "postgres:17.6";
    environment = {
      "API_INSTANCES" = "1";
      "APP_PORT" = "3000";
      "BANDWIDTH_USAGE_NOTIFICATIONS_ENABLED" = "false";
      "BANDWIDTH_USAGE_NOTIFICATIONS_THRESHOLD" = "[60, 80]";
      "CLOUDFLARE_TOKEN" = "ey...";
      "DATABASE_URL" = "postgresql://remnawave:remnawave@remnawave-db:5432/postgres";
      "FRONT_END_DOMAIN" = "*";
      "IS_DOCS_ENABLED" = "false";
      "IS_TELEGRAM_NOTIFICATIONS_ENABLED" = "false";
      "JWT_API_TOKENS_SECRET" =
        "787aa44c10130a9fa17ea3ea50c1248dd3e868f74941b96c09d608051399f88b95b67cd68d045aa39658b4b3fe933bf2b2c1437522498976f39f85ae1eab40da";
      "JWT_AUTH_SECRET" =
        "2bc14bacb6b82ce9e3ef69f8dd7bfb6b8a531f4f516902735d1d8f1bac8ff9b5077398f95b942b1adafc0ca1da4cdfd24a18539fa6eb26bee3f597a45deac94a";
      "METRICS_PASS" = "admin";
      "METRICS_PORT" = "3001";
      "METRICS_USER" = "admin";
      "NOT_CONNECTED_USERS_NOTIFICATIONS_AFTER_HOURS" = "[6, 24, 48]";
      "NOT_CONNECTED_USERS_NOTIFICATIONS_ENABLED" = "false";
      "PANEL_DOMAIN" = "rw.zeroq.ru";
      "POSTGRES_DB" = "";
      "POSTGRES_PASSWORD" = "";
      "POSTGRES_USER" = "";
      "REDIS_SOCKET" = "/var/run/valkey/valkey.sock";
      "SCALAR_PATH" = "/scalar";
      "SUB_PUBLIC_DOMAIN" = "rw.zeroq.ru/api/sub";
      "SWAGGER_PATH" = "/docs";
      "TELEGRAM_BOT_TOKEN" = "change_me";
      "TELEGRAM_NOTIFY_CRM" = "change_me";
      "TELEGRAM_NOTIFY_NODES" = "change_me";
      "TELEGRAM_NOTIFY_SERVICE" = "change_me";
      "TELEGRAM_NOTIFY_TBLOCKER" = "change_me";
      "TELEGRAM_NOTIFY_USERS" = "change_me";
      "TZ" = "UTC";
      "WEBHOOK_ENABLED" = "false";
      "WEBHOOK_SECRET_HEADER" = "vsmu67Kmg6R8FjIOF1WUY8LWBHie4scdEqrfsKmyf4IAf8dY3nFS0wwYHkhh6ZvQ";
      "WEBHOOK_URL" = "https://your-webhook-url.com/endpoint";
    };
    volumes = [
      "remnawave-db-data:/var/lib/postgresql/data:rw"
    ];
    ports = [
      "127.0.0.1:6767:5432/tcp"
    ];
    log-driver = "journald";
    extraOptions = [
      "--health-cmd=pg_isready -U \${POSTGRES_USER} -d \${POSTGRES_DB}"
      "--health-interval=3s"
      "--health-retries=3"
      "--health-timeout=10s"
      "--hostname=remnawave-db"
      "--network-alias=remnawave-db"
      "--network=remnawave-network"
    ];
  };
  systemd.services."podman-remnawave-db" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "always";
    };
    after = [
      "podman-network-remnawave-network.service"
      "podman-volume-remnawave-db-data.service"
    ];
    requires = [
      "podman-network-remnawave-network.service"
      "podman-volume-remnawave-db-data.service"
    ];
    partOf = [
      "podman-compose-remnawave-root.target"
    ];
    wantedBy = [
      "podman-compose-remnawave-root.target"
    ];
  };
  virtualisation.oci-containers.containers."remnawave-redis" = {
    image = "valkey/valkey:9-alpine";
    volumes = [
      "valkey-socket:/var/run/valkey:rw"
    ];
    cmd = [
      "valkey-server"
      "--save"
      ""
      "--appendonly"
      "no"
      "--maxmemory-policy"
      "noeviction"
      "--loglevel"
      "warning"
      "--unixsocket"
      "/var/run/valkey/valkey.sock"
      "--unixsocketperm"
      "777"
      "--port"
      "0"
    ];
    log-driver = "journald";
    extraOptions = [
      "--health-cmd=[\"valkey-cli\", \"-s\", \"/var/run/valkey/valkey.sock\", \"ping\"]"
      "--health-interval=3s"
      "--health-retries=3"
      "--health-timeout=3s"
      "--hostname=remnawave-redis"
      "--network-alias=remnawave-redis"
      "--network=remnawave-network"
    ];
  };
  systemd.services."podman-remnawave-redis" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "always";
    };
    after = [
      "podman-network-remnawave-network.service"
      "podman-volume-valkey-socket.service"
    ];
    requires = [
      "podman-network-remnawave-network.service"
      "podman-volume-valkey-socket.service"
    ];
    partOf = [
      "podman-compose-remnawave-root.target"
    ];
    wantedBy = [
      "podman-compose-remnawave-root.target"
    ];
  };
  # Networks
  systemd.services."podman-network-remnawave-network" = {
    path = [ pkgs.podman ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
      ExecStop = "podman network rm -f remnawave-network";
    };
    script = ''
      podman network inspect remnawave-network || podman network create remnawave-network --driver=bridge
    '';
    partOf = [ "podman-compose-remnawave-root.target" ];
    wantedBy = [ "podman-compose-remnawave-root.target" ];
  };
  # Volumes
  systemd.services."podman-volume-remnawave-db-data" = {
    path = [ pkgs.podman ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
    };
    script = ''
      podman volume inspect remnawave-db-data || podman volume create remnawave-db-data --driver=local
    '';
    partOf = [ "podman-compose-remnawave-root.target" ];
    wantedBy = [ "podman-compose-remnawave-root.target" ];
  };
  systemd.services."podman-volume-valkey-socket" = {
    path = [ pkgs.podman ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
    };
    script = ''
      podman volume inspect valkey-socket || podman volume create valkey-socket --driver=local
    '';
    partOf = [ "podman-compose-remnawave-root.target" ];
    wantedBy = [ "podman-compose-remnawave-root.target" ];
  };
  # Root service
  # When started, this will automatically create all resources and start
  # the containers. When stopped, this will teardown all resources.
  systemd.targets."podman-compose-remnawave-root" = {
    unitConfig = {
      Description = "Root target generated by compose2nix.";
    };
    wantedBy = [ "multi-user.target" ];
  };
 }
@@ -1,198 +0,0 @@
 {
  config,
  lib,
  pkgs,
  inputs,
  xlib,
  ...
 }:
 {
  # Runtime
  virtualisation.podman = {
    enable = true;
    autoPrune.enable = true;
    dockerCompat = true;
  };
  # Enable container name DNS for all Podman networks.
  networking.firewall.interfaces =
    let
      matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
    in
    {
      "${matchAll}".allowedUDPPorts = [ 53 ];
    };
  virtualisation.oci-containers.backend = "podman";
  # Containers
  virtualisation.oci-containers.containers."remnawave-panel-1" = {
    image = "ghcr.io/remnawave/backend:latest";
    environment = {
      "API_INSTANCES" = "1";
      "APP_PORT" = "3000";
      "BANDWIDTH_USAGE_NOTIFICATIONS_ENABLED" = "false";
      "BANDWIDTH_USAGE_NOTIFICATIONS_THRESHOLD" = "[60, 80]";
      "FRONT_END_DOMAIN" = "*";
      "IS_DOCS_ENABLED" = "false";
      "IS_TELEGRAM_NOTIFICATIONS_ENABLED" = "false";
      "METRICS_PASS" = "admin";
      "METRICS_PORT" = "3001";
      "METRICS_USER" = "admin";
      "NOT_CONNECTED_USERS_NOTIFICATIONS_AFTER_HOURS" = "[6, 24, 48]";
      "NOT_CONNECTED_USERS_NOTIFICATIONS_ENABLED" = "false";
      "PANEL_DOMAIN" = "rw.zeroq.su";
      "POSTGRES_DB" = "remnawave";
      "POSTGRES_USER" = "remnawave";
      "REDIS_SOCKET" = "/var/run/valkey/valkey.sock";
      "SCALAR_PATH" = "/scalar";
      "SUB_PUBLIC_DOMAIN" = "rw.zeroq.su/api/sub";
      "SWAGGER_PATH" = "/docs";
      # "TELEGRAM_BOT_TOKEN" = "change_me";
      # "TELEGRAM_NOTIFY_CRM" = "change_me";
      # "TELEGRAM_NOTIFY_NODES" = "change_me";
      # "TELEGRAM_NOTIFY_SERVICE" = "change_me";
      # "TELEGRAM_NOTIFY_TBLOCKER" = "change_me";
      # "TELEGRAM_NOTIFY_USERS" = "change_me";
      "WEBHOOK_ENABLED" = "false";
      # "WEBHOOK_URL" = "https://your-webhook-url.com/endpoint";
    };
    environmentFiles = [
      "/run/secrets/remnawave-env"
    ];
    ports = [
      "3003:3003/tcp"
    ];
    log-driver = "journald";
    extraOptions = [
      "--network-alias=remnawave-panel-1"
      "--network=host" # "--network=remnawavebackend_default"
    ];
  };
  systemd.services."podman-remnawave-panel-1" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "always";
    };
    partOf = [
      "podman-compose-remnawave-root.target"
    ];
    wantedBy = [
      "podman-compose-remnawave-root.target"
    ];
  };
  # Builds
  # systemd.services."podman-build-remnawave-panel-1" = {
  #   path = [ pkgs.podman pkgs.git ];
  #   serviceConfig = {
  #     Type = "oneshot";
  #     TimeoutSec = 300;
  #   };
  #   script = ''
  #     cd /mnt/s/Deploy/remnawave-backend
  #     podman build -t compose2nix/remnawave-panel-1 .
  #   '';
  # };
  # Root service
  # When started, this will automatically create all resources and start
  # the containers. When stopped, this will teardown all resources.
  systemd.targets."podman-compose-remnawave-root" = {
    unitConfig = {
      Description = "Root target generated by compose2nix.";
    };
    wantedBy = [ "multi-user.target" ];
  };
  services = {
    postgresql = {
      ensureDatabases = [ "remnawave" ];
      ensureUsers = [
        {
          name = "remnawave";
          ensureDBOwnership = true;
        }
      ];
    };
  };
  systemd.services = {
    remnawave-env = {
      description = "Generate remnawave env file";
      requiredBy = [ "podman-remnawave-panel-1.service" ];
      before = [ "podman-remnawave-panel-1.service" ];
      serviceConfig = {
        Type = "oneshot";
        User = "root";
      };
      script = ''
        cat > /run/secrets/remnawave-env <<EOF
          DATABASE_URL=$(cat ${config.sops.secrets.DATABASE_URL.path})
          DATABASE_PASSWORD=$(cat ${config.sops.secrets.DATABASE_PASSWORD.path})
          JWT_AUTH_SECRET=$(cat ${config.sops.secrets.JWT_AUTH_SECRET.path})
          JWT_API_TOKENS_SECRET=$(cat ${config.sops.secrets.JWT_API_TOKENS_SECRET.path})
          WEBHOOK_SECRET_HEADER=$(cat ${config.sops.secrets.WEBHOOK_SECRET_HEADER.path})
          EOF
        chmod 600 /run/secrets/remnawave-env
      '';
      wantedBy = [ "multi-user.target" ];
    };
    remnawave-db-init = {
      description = "Initialize Remnawave DB user";
      after = [ "postgresql.service" ];
      requires = [ "postgresql.service" ];
      serviceConfig = {
        Type = "oneshot";
        User = "postgres";
      };
      script = ''
        PASSWORD=$(cat ${config.sops.secrets.DATABASE_PASSWORD.path})
        ${pkgs.postgresql}/bin/psql -v ON_ERROR_STOP=1 <<EOF
        DO \$\$
        BEGIN
          IF EXISTS (SELECT 1 FROM pg_roles WHERE rolname='remnawave') THEN
              EXECUTE format('ALTER ROLE remnawave WITH PASSWORD %L', '$PASSWORD');
          END IF;
        END
        \$\$ LANGUAGE plpgsql;
        EOF
      '';
      wantedBy = [ "multi-user.target" ];
    };
  };
  sops.secrets = {
    DATABASE_PASSWORD = {
      key = "DATABASE_PASSWORD";
      sopsFile = ./secrets/remnawave.yaml;
      owner = "postgres";
      group = "postgres";
      mode = "0400";
    };
    WEBHOOK_SECRET_HEADER = {
      key = "WEBHOOK_SECRET_HEADER";
      sopsFile = ./secrets/remnawave.yaml;
      mode = "0400";
    };
    DATABASE_URL = {
      key = "DATABASE_URL";
      sopsFile = ./secrets/remnawave.yaml;
      mode = "0400";
    };
    JWT_AUTH_SECRET = {
      key = "JWT_AUTH_SECRET";
      sopsFile = ./secrets/remnawave.yaml;
      mode = "0400";
    };
    JWT_API_TOKENS_SECRET = {
      key = "JWT_API_TOKENS_SECRET";
      sopsFile = ./secrets/remnawave.yaml;
      mode = "0400";
    };
  };
  systemd.tmpfiles.rules = [
    "d ${xlib.dirs.services-mnt-folder} 0755 root root -"
    "d ${xlib.dirs.services-mnt-folder}/containers 0755 root root -"
    "d ${xlib.dirs.services-mnt-folder}/containers/remnawave 0755 root root -"
  ];
 }
@@ -1,20 +0,0 @@
 DATABASE_PASSWORD: ENC[AES256_GCM,data:DRactR3j13q9zHFO0puGhBv09CX9YJc9KtFSLuOUVV/U7O/Nmh5Hb4ID0+A=,iv:5ErptccuQIVxfZKIcpfO5yVtcM0zE7kPn4v7kHctTP8=,tag:e3w8Rz+wGLTrxDSNftmkLw==,type:str]
 WEBHOOK_SECRET_HEADER: ENC[AES256_GCM,data:ZJYKwG1a8JH0ODeRnrv395plPN7PA18+gi3R/ueGd/r8OrtbVGL8UnZ/6HgW9M+/jCGWNclD5mZfyRg3He6hDg==,iv:PIYCD2n5ED5T24JfG6xhrvStd6jySCoBHhA8hUFIEMk=,tag:WWpfI1q9l9R44FRNaqIiaA==,type:str]
 DATABASE_URL: ENC[AES256_GCM,data:6plSDBUKyZVAO/djw3bPTthtS11yljwCGfQcIUqQetxROk5hwwVEGNMd1e6nGgS7eTtqJHW6uStkw58=,iv:RDjCVPDgPhMEbCriW0xjrxzcAolmyD55fbkD95LZMlE=,tag:ovH2D3eTXtHFmZba6u+IZg==,type:str]
 JWT_AUTH_SECRET: ENC[AES256_GCM,data:rzsOoIwJwwzCd+QbelcWYjfe1Bt7Y1ihrEn9tsxNyZnfmVVIkpFC948ne3YhUZ0CXYEDJYen/SFQgyyWsPwTwZgcy11mIZnROh4vlOJvPWILB1IlVQF/JDDts3fvXfe9HQ7ujBwkw5uR/33Rm+yxeLHMWTsn644DZSyKFi53QqY=,iv:aB3meC8BeEsLmiF0UMjQ60xipjGTJ0Qg1XqRHNujPFE=,tag:s/YcehFUrArknqHlXo3MYw==,type:str]
 JWT_API_TOKENS_SECRET: ENC[AES256_GCM,data:m6EtsdMNDRJk99LEYRgTk5rFNUYux4I2UWo/8AWy+2HJI8tRiOrBO284T3W/N+2/3fbty96sVB/SD8bjIIsxHij51sZTYi4+hdU7VxANGPdiMckKAXtvj3FMsVwrtW4MgRbH0j7taiDtnxVp6F3Cl7Sb0GamKFJjgAZnA3weN/8=,iv:rnNB1AzosstyF3c2pUcvYVTyUWcmo8Du+/b09OgcN9w=,tag:O81gnP2nXJ3JvgkivzVgkw==,type:str]
 sops:
    age:
        - recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3dWxEUDdhV2Z4V3JpNzNL
            T0ZkYjlLWTNFV2c0Vm5Vb05xK09sQ0RxU0ZVCjhaSVhsSmoyZCtLYlNOVlNnTGFv
            TTU1Y3I5U3UrcXhOOGt6U0hoSGw0YlUKLS0tIEJIbnJwNUk4Z0ZGNTRQRVFjWFhv
            d0sreEpsMjV5M2JoRHFnVkpqeGhMM1EKX7K3Q2yj8EZuzCIxWIc+6Xeo+0lidPse
            wstbeHV8ygWvOjIxjRGPOETQ17GLLl3eNEsk6P2gytZchmLkLYKKsA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2026-04-04T23:08:05Z"
    mac: ENC[AES256_GCM,data:vWNFqNiWleqvRItVB0X5W/7e/F+LEWmfIKtnjbV5xwgyZ1jkP2N2wkw8CpzDNN5xwrkTdKfziGt+Psg8p72uMfvqns1lgQzvSbT3W8Di7bbIxgvwyBV8qCCpYn95ra/KRmV+oefhhr/1RlBN8wNb3oZI/m7sH8lv9d0sKw5SrE8=,iv:UAOifm4itrG6M3VKi7zelxL73lcpQkGXLSa/dk/hbvM=,tag:rzCK7Id3zQVF8VSDJV3nhg==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.12.2
@@ -3,9 +3,9 @@ let
  defaultModule =
    {
      config,
      deviceType,
      lib,
      xlib,
      deviceType,
      ...
    }:
    {
@@ -21,9 +21,10 @@ let
        sops-nix.nixosModules.sops # sops module
        self.homeConfigurations.default.nixosModule # default homeConfigurations
        disko.nixosModules.disko # disko module
        noctalia.nixosModules.default
      ];
-      nixpkgs.overlays = with inputs; [
+      nixpkgs.overlays = [
-        self.nixosOverlays.default
+        inputs.self.nixosOverlays.default
      ];
      _module.args = {
        inputs = inputs;
@@ -1,6 +1,5 @@
 {
  config,
  inputs,
  lib,
  pkgs,
  ...
@@ -50,7 +49,7 @@
  programs = {
    dconf.enable = true;
    gamemode.enable = true;
-    steam.enable = true;
+    # steam.enable = true;
    xwayland.enable = true;
  };
  services = {
@@ -59,7 +58,7 @@
      xkb = {
        layout = "us,ru";
        variant = "";
-        # options = "grp:alt_shift_toggle";
+        options = "grp:alt_shift_toggle";
      };
    };
    libinput.enable = true;
@@ -69,12 +68,7 @@
      cups-pdf.enable = true;
    };
  };
-  # environment = {
+  # environment.sessionVariables = {
-  #   systemPackages = [
+  #   NIXOS_OZONE_WL = "1";
  #     pkgs.pcbu-desktop
  #   ];
  #   # sessionVariables = {
  #   #   NIXOS_OZONE_WL = "1";
  #   # };
  # };
 }
@@ -7,7 +7,7 @@
    ./packages.nix
    ./services.nix
    ./settings.nix
-    ./systemd-routines.nix
+    # ./systemd-routine.nix
    ./shell.nix
  ];
 }
@@ -16,7 +16,7 @@ in
      btop
      broot
      bottom
-      fastfetch
+      fastfetchMinimal
      # Encrypt
      age
@@ -38,12 +38,6 @@ in
      lazyjournal
      systemctl-tui
      # IDE
      yaml-language-server
      nil
      fresh-editor
      #flow-control
      # Base
      curl
      # efibootmgr
@@ -59,7 +53,7 @@ in
      wget
      tree
      dust
-      tuckr
+      flow-control
      # Net Diagnostic
      mtr
@@ -78,7 +72,7 @@ in
      exfatprogs # for gparted exfat support
      # Archivers
-      # rar
+      rar
      unzip
      zstd
      zip
@@ -92,22 +86,20 @@ in
      # To save
      tuios
-      bluetui
+      fresh-editor
-      speedtest-cli
+
-      # jocalsend
+      # Test
      jocalsend
      lazydocker
      dtop
      tlrc
      lazyssh
      mcat
      framework-tool-tui
      bluetui
      snitch
      whosthere
      devenv
-
+      whosthere
      # Test
      rgx
      net-tools
      # lazydocker
      # dtop
      # framework-tool-tui
    ];
  };
  environment.variables.EDITOR = "fresh";
@@ -126,6 +118,7 @@ in
      enable = false;
      plugins = {
        inherit (pkgs.yaziPlugins)
          gitui
          git
          sudo
          ouch
@@ -188,9 +181,6 @@ in
          name = "oqyude";
          email = "oqyude@gmail.com";
        };
        pull = {
          rebase = true;
        };
      };
    };
    lazygit.enable = true;
@@ -202,7 +192,7 @@ in
      flake = "/etc/nixos";
      clean = {
        enable = true;
-        extraArgs = "--keep 2 --keep-since 2d";
+        extraArgs = "--keep 3 --keep-since 2d";
        dates = "daily";
      };
    };
@@ -1,6 +1,5 @@
 {
  config,
  inputs,
  lib,
  pkgs,
  xlib,
@@ -1,7 +1,6 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
@@ -9,34 +8,33 @@
  system.nixos.label = "default";
  nix = {
-    # package = pkgs.lixPackageSets.stable.lix; # maybe unstable
+    channel = {
-    channel.enable = false;
+      enable = true;
-    nixPath = [ "nixpkgs=flake:nixpkgs" ];
+    };
    # nixPath = [ "nixpkgs=flake:nixpkgs" ];
    settings = {
      require-sigs = false;
      substituters = [
        "http://100.64.0.0:5000"
        "https://cache.nixos.org"
        "https://nix-community.cachix.org"
        "https://mirror.yandex.ru/nixos"
        "https://cache.nixos.kz"
-        # "https://cache.xd0.zip"
+        "https://cache.xd0.zip"
        "https://nixos-cache-proxy.cofob.dev"
        # "https://nixos-cache-proxy.sweetdogs.ru"
        # "https://nixos-cache-proxy.elxreno.com"
        # "https://nixos.snix.store" # https://nixos.snix.store/
      ];
      trusted-public-keys = [
        "cache.local:be5jFLkiwNyOep/McxSafB3jguBmztxx+oJ46ySyc/s="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
-      stalled-download-timeout = 8;
+      stalled-download-timeout = 4;
-      connect-timeout = 8;
+      connect-timeout = 4;
      auto-optimise-store = true;
      fallback = true;
-      allow-import-from-derivation = true;
+      # allow-import-from-derivation = false;
-      keep-derivations = false;
+      # keep-derivations = true;
-      keep-outputs = false;
+      # keep-outputs = true;
      experimental-features = [
        "flakes"
        "nix-command"
@@ -45,10 +43,10 @@
  };
  nixpkgs = {
-    flake = {
+    # flake = {
-      setFlakeRegistry = false;
+    #   setFlakeRegistry = false;
-      setNixPath = false;
+    #   setNixPath = false;
-    };
+    # };
    config.allowUnfree = true;
  };
@@ -39,7 +39,6 @@
      gp = "git pull";
      ns = "nh os switch";
      gp-ns = "gp && ns";
      gc = "git add . && git commit -m 'dev: автокоммит $(date +'%Y-%m-%d %H:%M:%S')'";
      y = "yazi";
      nix-shellp = "nix-shell --run $SHELL -p";
      z-proxy = "export ALL_PROXY=socks5://localhost:10808";
@@ -67,7 +66,4 @@
      json2nix = "nix run github:sempruijs/json2nix";
    };
  };
  environment.sessionVariables = {
    TUCKR_HOME = "$HOME/Storage/dotfiles";
  };
 }
@@ -0,0 +1,26 @@
 {
  config,
  xlib,
  ...
 }:
 {
  systemd = {
    services.nixos-auto-rebuild = {
      description = "Auto rebuild NixOS config";
      serviceConfig = {
        Type = "oneshot";
        User = "${xlib.device.username}";
        WorkingDirectory = "/etc/nixos";
        ExecStart = "gp-ns";
      };
    };
    timers.nixos-auto-rebuild = {
      description = "Run NixOS auto rebuild at 4am daily";
      wantedBy = [ "timers.target" ];
      timerConfig = {
        OnCalendar = "*-*-* 04:00:00";
        Persistent = true;
      };
    };
  };
 }
@@ -1,39 +0,0 @@
 {
  config,
  pkgs,
  xlib,
  ...
 }:
 {
  systemd = {
    services = {
      nixos-prebuild = {
        description = "Prebuild NixOS closure";
        serviceConfig = {
          CPUQuota = "20%";
          User = "oqyude";
          Group = "users";
          Nice = 10;
          Type = "oneshot";
          WorkingDirectory = "/tmp";
          Environment = [
            "HOME=/home/oqyude"
          ];
          ExecStart = ''
            ${pkgs.nix}/bin/nix build --no-link /etc/nixos#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel
          '';
        };
        wantedBy = [ "multi-user.target" ];
      };
    };
    timers = {
      nixos-prebuild = {
        wantedBy = [ "timers.target" ];
        timerConfig = {
          OnCalendar = "*-*-* 04:00:00";
          Persistent = true;
        };
      };
    };
  };
 }
@@ -1,16 +0,0 @@
 {
  config,
  inputs,
  ...
 }:
 # let
 #   pkgs-stable = import inputs.nixpkgs-stable { system = "x86_64-linux"; };
 # in
 {
  services.bentopdf = {
    enable = true;
    domain = "bentopdf.local";
    nginx.enable = true;
    # package = pkgs-stable.bentopdf;
  };
 }
@@ -1,22 +1,16 @@
 {
  config,
  inputs,
  pkgs,
  xlib,
  inputs,
  ...
 }:
 let
  stable = import inputs.nixpkgs-calibre {
    system = "x86_64-linux";
  };
 in
 {
  services.calibre-web = {
    package = stable.calibre-web;
    enable = true;
-    # dataDir = "${xlib.dirs.services-mnt-folder}/calibre-web";
+    group = "users";
    user = "${xlib.device.username}";
    options = {
-      calibreLibrary = "${xlib.dirs.services-mnt-folder}/calibre-web-library";
+      calibreLibrary = "${xlib.dirs.calibre-library}";
      enableBookUploading = true;
      enableKepubify = true;
      enableBookConversion = false;
@@ -25,13 +19,4 @@ in
    listen.port = 8083;
    openFirewall = true;
  };
  fileSystems."/var/lib/calibre-web" = {
    device = "${xlib.dirs.services-mnt-folder}/calibre-web";
    fsType = "none";
    options = [
      "bind"
      "nofail"
    ];
  };
 }
@@ -5,12 +5,12 @@
  ...
 }:
 {
-  environment.systemPackages = with pkgs; [
+  imports = [
-    gcc
+    ./remnawave.nix
-    gdb
+  ];
    cmake
    gnumake
-    nlohmann_json
+  environment.systemPackages = with pkgs; [
    compose2nix
    podman-tui
  ];
 }
@@ -0,0 +1,28 @@
 {
  config,
  lib,
  pkgs,
  inputs,
  xlib,
  ...
 }:
 {
  # fileSystems."${config.services.immich.mediaLocation}" = {
  #   device = "${xlib.dirs.services-folder}/immich";
  #   options = [
  #     "bind"
  #     "nofail"
  #   ];
  # };
  # systemd.tmpfiles.rules = [
  #   "z ${config.services.immich.mediaLocation} 0755 immich immich -"
  # ];
  # environment = {
  #   systemPackages = with pkgs; [
  #     immich-cli
  #   ];
  # };
 }
@@ -1,35 +0,0 @@
 {
  config,
  pkgs,
  ...
 }:
 {
  services.coredns = {
    enable = true;
    config = ''
      zeroq.su:53 {
          hosts {
              192.168.1.20 agent.zeroq.su
              192.168.1.20 bentopdf.zeroq.su
              192.168.1.20 calibre.zeroq.su
              192.168.1.20 dns.zeroq.su
              192.168.1.20 flux.zeroq.su
              192.168.1.20 gitea.zeroq.su
              192.168.1.20 health.zeroq.su
              192.168.1.20 immich.zeroq.su
              192.168.1.20 kuma.zeroq.su
              192.168.1.20 n8n.zeroq.su
              192.168.1.20 nextcloud.zeroq.su
              192.168.1.20 office.zeroq.su
              fallthrough
          }
          cache 300
          log
      }
      .:53 {
          forward . 1.1.1.1 9.9.9.9
          cache 300
      }
    '';
  };
 }
@@ -5,29 +5,20 @@
 {
  imports = [
    ../software/beets
    ./bentopdf.nix
    ./calibre-web.nix
-    ./coredns.nix
+    ./containers
    ./gitea.nix
    ./glances.nix
    ./immich.nix
    ./miniflux.nix
    ./n8n.nix
    ./navidrome.nix
    ./netdata.nix
    ./nextcloud.nix
    ./nginx.nix
    ./nix-serve.nix
    ./open-webui.nix
    ./postgresql.nix
    ./samba.nix
    ./step-ca.nix
    ./stirling-pdf.nix
    ./syncthing.nix
    ./systemd.nix
    ./transmission.nix
    ./uptime-kuma.nix
    # ../containers/remnawave.nix
    # ./mealie.nix
    # ./memos.nix
    # ./nfs.nix
@@ -1,28 +0,0 @@
 {
  config,
  inputs,
  lib,
  pkgs,
  xlib,
  ...
 }:
 {
  services = {
    gitea = {
      enable = true;
      stateDir = "${xlib.dirs.services-mnt-folder}/gitea";
      appName = "ZeroQ Gitea Service";
      settings = {
        server = {
          DOMAIN = "gitea.local";
          HTTP_PORT = 3000;
        };
        service.DISABLE_REGISTRATION = true;
      };
    };
  };
  systemd.tmpfiles.rules = [
    "z ${config.services.gitea.stateDir} 0755 gitea gitea -"
  ];
 }
@@ -1,15 +0,0 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  services = {
    glances = {
      enable = true;
      openFirewall = true;
      port = 61208;
    };
  };
 }
@@ -1,8 +1,8 @@
 {
  config,
  inputs,
  lib,
  pkgs,
  inputs,
  xlib,
  ...
 }:
@@ -22,9 +22,21 @@ in
      accelerationDevices = null;
      machine-learning.enable = true;
      mediaLocation = "${xlib.dirs.services-mnt-folder}/immich";
      database = {
        enableVectors = false;
        enableVectorChord = true;
      };
    };
  };
  # fileSystems."${config.services.immich.mediaLocation}" = {
  #   device = "${xlib.dirs.services-folder}/immich";
  #   options = [
  #     "bind"
  #     "nofail"
  #   ];
  # };
  systemd.tmpfiles.rules = [
    "z ${config.services.immich.mediaLocation} 0755 immich immich -"
  ];
@@ -4,7 +4,7 @@
 }:
 {
  services.mealie = {
-    enable = false;
+    enable = true;
    listenAddress = "0.0.0.0";
    port = 9000;
    database.createLocally = true;
@@ -5,7 +5,7 @@
 }:
 {
  services.memos = {
-    enable = false;
+    enable = true;
    openFirewall = true;
    settings = {
      MEMOS_MODE = "prod";
@@ -1,37 +0,0 @@
 {
  config,
  lib,
  pkgs,
  xlib,
  inputs,
  ...
 }:
 let
  configDir = "${xlib.dirs.services-mnt-folder}/n8n";
  varDir = "/var/lib/n8n";
 in
 {
  services.n8n = {
    enable = false;
    environment = {
      # N8N_USER_FOLDER = lib.mkForce "${configDir}";
      N8N_SECURE_COOKIE = "false";
      N8N_PORT = 5678;
    };
    openFirewall = true;
  };
  systemd.tmpfiles.rules = [
    "d ${configDir} 0755 nobody nogroup -"
    "z ${configDir} 0755 nobody nogroup -"
  ];
  fileSystems.${varDir} = {
    device = "${configDir}";
    fsType = "none";
    options = [
      "bind"
      "nofail"
    ];
  };
 }
@@ -1,22 +0,0 @@
 {
  config,
  inputs,
  lib,
  pkgs,
  xlib,
  ...
 }:
 {
  services = {
    navidrome = {
      enable = false;
      openFirewall = true;
      # environmentFile = "";
      settings = {
        Address = "0.0.0.0";
        Port = "4533";
        MusicFolder = "/mnt/beets/music";
      };
    };
  };
 }
@@ -1,32 +0,0 @@
 {
  config,
  inputs,
  lib,
  pkgs,
  ...
 }:
 {
  services = {
    netdata = {
      enable = false;
      package = pkgs.netdata.override {
        withCloudUi = true;
      };
      config = {
        web = {
          "allow connections from" = "localhost *";
          "default port" = "19999";
          "bind to" = "0.0.0.0";
        };
      };
      # python = {
      #   enable = true;
      #   recommendedPythonPackages = true;
      # };
    };
  };
  networking.firewall.allowedTCPPorts = [
    19999
  ];
 }
@@ -18,14 +18,14 @@ in
    nextcloud-whiteboard-server = {
      enable = true;
      settings = {
-        NEXTCLOUD_URL = "http://nextcloud.private";
+        NEXTCLOUD_URL = "http://nextcloud.local";
      };
-      secrets = [ config.sops.secrets.nextcloud-whiteboard-jwt.path ];
+      secrets = [ "${inputs.zeroq-credentials}/services/nextcloud/jwt-secret.txt" ];
    };
    nextcloud = {
      enable = true;
-      package = pkgs.nextcloud33;
+      package = pkgs.nextcloud32;
-      hostName = "nextcloud.private";
+      hostName = "nextcloud.local";
      database.createLocally = true;
      home = "${xlib.dirs.services-mnt-folder}/nextcloud";
      configureRedis = true;
@@ -39,42 +39,30 @@ in
        dbuser = "nextcloud";
        dbname = "nextcloud";
        adminuser = "oqyude";
-        adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
+        adminpassFile = "${inputs.zeroq-credentials}/services/nextcloud/admin-pass.txt";
      };
      settings = {
        log_type = "file";
        trusted_domains = [
          "nextcloud.zeroq.ru"
          "100.64.0.0"
          "192.168.1.20"
          "localhost"
          "nextcloud.local"
          "nextcloud.private"
          "nextcloud.zeroq.su"
          "office.local"
          "office.zeroq.su"
        ];
        trusted_proxies = [
          "100.64.1.0"
          "109.248.161.5"
        ];
-        overwriteprotocol = ""; # maybe no
+        overwriteprotocol = "https";
      };
      extraAppsEnable = true;
      appstoreEnable = false;
      notify_push = {
        enable = false;
        bendDomainToLocalhost = true;
      };
      # phpPackage = pkgs.php85;
      extraApps = {
-        inherit (config.services.nextcloud.package.packages.apps)
+        inherit (config.services.nextcloud.package.packages.apps) # (config.services.nextcloud.package.packages.apps)
          # richdocuments
          # gpoddersync
          # integration_paperless
          # memories
          # news
          # nextpod
-          # notify_push
+          # onlyoffice
          # phonetrack
          # repod
          # sociallogin
@@ -92,92 +80,96 @@ in
          impersonate
          mail
          music
          # news
          notes
-          onlyoffice
+          notify_push
          polls
          previewgenerator
          richdocuments
          spreed
          tables
          tasks
          user_oidc
          user_saml
          whiteboard
          ;
-        # inherit (pkgs.nextcloud31Packages.apps)
+        inherit (pkgs.nextcloud31Packages.apps)
-        #   # end_to_end_encryption
+          # end_to_end_encryption
-        #   # maps
+          # maps
-        #   tasks
+          tasks
-        #   ;
+          ;
      };
    };
-    # collabora-online = {
+    collabora-online = {
    #   enable = false;
    #   port = 9980;
    #   # package = master.collabora-online;
    #   settings = {
    #     server_name = "office.zeroq.su";
    #     ssl = {
    #       enable = false;
    #       termination = true;
    #       ssl_verification = false;
    #     };
    #     net = {
    #       listen = "0.0.0.0";
    #       post_allow.host = [
    #         "0.0.0.0"
    #       ];
    #     };
    #     storage.wopi = {
    #       "@allow" = true;
    #       host = [
    #         "0.0.0.0/0"
    #       ];
    #     };
    #   };
    # };
    onlyoffice = {
      enable = true;
-      hostname = "office.local";
+      port = 9980;
-      port = 8090;
+      # package = master.collabora-online;
-      allowLocalConnections = true;
+      settings = {
-      wopi = true;
+        server_name = "office.zeroq.ru";
-      jwtSecretFile = config.sops.secrets.onlyoffice-jwt.path;
+        ssl = {
-      securityNonceFile = config.sops.secrets.onlyoffice-nonce.path;
+          enable = false;
          termination = true;
          ssl_verification = false;
        };
        net = {
          listen = "0.0.0.0";
          post_allow.host = [
            "0.0.0.0"
          ];
        };
        storage.wopi = {
          "@allow" = true;
          host = [
            "0.0.0.0/0"
          ];
        };
      };
    };
    onlyoffice = {
      enable = false;
      hostname = "0.0.0.0";
      jwtSecretFile = "${inputs.zeroq-credentials}/services/onlyoffice/jwt.txt";
    };
  };
  # fonts.packages = [ work.corefonts ];
-  #   networking.hosts = {
+  # networking.hosts = {
-  #     "localhost" = [ "nextcloud-private.local" ];
+  # };
  #   };
-  #   systemd.services.nextcloud-config-collabora =
+  systemd.services.nextcloud-config-collabora =
-  #     let
+    let
-  #       inherit (config.services.nextcloud) occ;
+      inherit (config.services.nextcloud) occ;
-  #       wopi_url = "http://localhost:${toString config.services.collabora-online.port}";
+      wopi_url = "http://localhost:${toString config.services.collabora-online.port}";
-  #       public_wopi_url = "https://office.zeroq.su";
+      public_wopi_url = "https://office.zeroq.ru";
-  #       wopi_allowlist = lib.concatStringsSep "," [
+      wopi_allowlist = lib.concatStringsSep "," [
-  #         "0.0.0.0/0"
+        "0.0.0.0/0"
-  #       ];
+      ];
-  #     in
+    in
-  #     {
+    {
-  #       wantedBy = [ "multi-user.target" ];
+      wantedBy = [ "multi-user.target" ];
-  #       after = [
+      after = [
-  #         "nextcloud-setup.service"
+        "nextcloud-setup.service"
-  #         "coolwsd.service"
+        "coolwsd.service"
-  #       ];
+      ];
-  #       requires = [ "coolwsd.service" ];
+      requires = [ "coolwsd.service" ];
-  #       script = ''
+      script = ''
-  #         ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
+        ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
-  #         ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
+        ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
-  #         ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
+        ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
-  #         ${occ}/bin/nextcloud-occ richdocuments:setup
+        ${occ}/bin/nextcloud-occ richdocuments:setup
-  #       '';
+      '';
-  #       serviceConfig = {
+      serviceConfig = {
-  #         Type = "oneshot";
+        Type = "oneshot";
-  #       };
+      };
-  #     };
+    };
  # fileSystems."${config.services.nextcloud.home}" = {
  #   device = "${xlib.dirs.services-folder}/nextcloud";
  #   options = [
  #     "bind"
  #     "nofail"
  #   ];
  # };
  systemd.tmpfiles.rules = [
    "z ${config.services.nextcloud.home} 0750 nextcloud nextcloud -"
@@ -186,39 +178,4 @@ in
  environment.systemPackages = [
    pkgs.nc4nix # Packaging helper for Nextcloud apps
  ];
  sops.secrets = {
    nextcloud-adminpass = {
      format = "yaml";
      key = "adminpass";
      sopsFile = ./secrets/nextcloud.yaml;
      owner = "nextcloud";
      group = "nextcloud";
      mode = "0650";
    };
    nextcloud-whiteboard-jwt = {
      format = "yaml";
      key = "whiteboard-jwt";
      sopsFile = ./secrets/nextcloud.yaml;
      owner = "nextcloud";
      group = "nextcloud";
      mode = "0650";
    };
    onlyoffice-nonce = {
      format = "yaml";
      key = "nonce";
      sopsFile = ./secrets/onlyoffice.yaml;
      owner = "onlyoffice";
      group = "onlyoffice";
      mode = "0650";
    };
    onlyoffice-jwt = {
      format = "yaml";
      key = "jwt";
      sopsFile = ./secrets/onlyoffice.yaml;
      owner = "onlyoffice";
      group = "onlyoffice";
      mode = "0650";
    };
  };
 }
@@ -5,9 +5,6 @@
  xlib,
  ...
 }:
 let
  server = "192.168.1.20";
 in
 {
  services = {
    nginx = {
@@ -17,177 +14,70 @@ in
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      virtualHosts = {
        "nextcloud.private" = {
          forceSSL = false;
          enableACME = false;
          listen = [
            {
              addr = "100.64.0.0";
              port = 10000;
            }
            {
              addr = "192.168.1.20";
              port = 10000;
            }
          ];
        };
        "office.local" = {
          forceSSL = false;
          enableACME = false;
        };
        "bentopdf.local" = {
          forceSSL = false;
          enableACME = false;
          listen = [
            {
              addr = "0.0.0.0";
              port = 80;
            }
            {
              addr = "100.64.0.0";
              port = 8446;
            }
            {
              addr = "192.168.1.20";
              port = 8446;
            }
          ];
          extraConfig = ''
            client_max_body_size 5G;
          '';
        };
        "nextcloud.local" = {
          forceSSL = false;
          enableACME = false;
-          locations = {
+          listen = [
-            "/" = {
+            {
-              proxyPass = "http://${server}:10000";
+              addr = "100.64.0.0";
-              proxyWebsockets = true;
+              port = 10000;
-            };
+            }
-            "/whiteboard" = {
+            {
-              proxyPass = "http://${server}:3002";
+              addr = "192.168.1.20";
-              proxyWebsockets = true;
+              port = 10000;
-            };
+            }
-          };
+          ];
-          extraConfig = ''
+        };
-            client_max_body_size 5G;
+        "zeroq.local" = {
          forceSSL = false;
          enableACME = false;
          root = pkgs.writeTextDir "index.html" ''
            <!doctype html>
            <html>
            <body>
              <pre>This server is running in backend.</pre>
            </body>
            </html>
          '';
          listen = [
            {
              addr = "100.64.0.0";
              port = 80;
            }
            {
              addr = "192.168.1.20";
              port = 80;
            }
          ];
        };
-        "gitea.local" = {
+        # "localhost:8000" = {
          forceSSL = false;
          enableACME = false;
          locations."/" = {
            proxyPass = "http://${server}:3000";
            proxyWebsockets = true;
          };
          extraConfig = ''
            client_max_body_size 5G;
          '';
        };
        "nextcloud.zeroq.su" = {
          forceSSL = false;
          enableACME = false;
          locations = {
            "/" = {
              proxyPass = "http://${server}:10000";
              proxyWebsockets = true;
            };
            "/whiteboard" = {
              proxyPass = "http://${server}:3002";
              proxyWebsockets = true;
            };
          };
          extraConfig = ''
            client_max_body_size 5G;
          '';
        };
        "n8n.local" = {
          forceSSL = false;
          enableACME = false;
          locations."/" = {
            proxyPass = "http://${server}:5678";
            proxyWebsockets = true;
          };
          extraConfig = ''
            client_max_body_size 5G;
          '';
        };
        "kuma.local" = {
          forceSSL = false;
          enableACME = false;
          locations."/" = {
            proxyPass = "http://${server}:4001";
            proxyWebsockets = true;
          };
        };
        "health.local" = {
          forceSSL = false;
          enableACME = false;
          locations."/" = {
            proxyPass = "http://${server}:19999";
            proxyWebsockets = true;
          };
        };
        "agent.local" = {
          forceSSL = false;
          enableACME = false;
          locations."/" = {
            proxyPass = "http://${server}:3000";
            proxyWebsockets = true;
          };
        };
        "flux.local" = {
          forceSSL = false;
          enableACME = false;
          locations."/" = {
            proxyPass = "http://${server}:6061";
            proxyWebsockets = true;
          };
        };
        "immich.local" = {
          forceSSL = false;
          enableACME = false;
          locations."/" = {
            proxyPass = "http://${server}:2283";
            proxyWebsockets = true;
          };
          extraConfig = ''
            client_max_body_size 5G;
          '';
        };
        "calibre.local" = {
          forceSSL = false;
          enableACME = false;
          locations."/" = {
            proxyPass = "http://${server}:8083";
            proxyWebsockets = true;
          };
          extraConfig = ''
            client_max_body_size 5G;
          '';
        };
        # "zeroq.local" = {
        #   forceSSL = false;
        #   enableACME = false;
        #   root = pkgs.writeTextDir "index.html" ''
        #     <!doctype html>
        #     <html>
        #     <body>
        #       <pre>This server is running in backend.</pre>
        #     </body>
        #     </html>
        #   '';
        #   listen = [
        #     {
        #       addr = "100.64.0.0";
-        #       port = 80;
+        #       port = 9980;
        #     }
        #     {
        #       addr = "192.168.1.20";
-        #       port = 80;
+        #       port = 9980;
        #     }
        #   ];
        # };
        # "office.zeroq.ru" = {
        #   forceSSL = false;
        #   enableACME = false;
        #   locations."/" = {
        #     proxyPass = "http://onlyoffice.local:8000";
        #     proxyWebsockets = true;
        #   };
        #   extraConfig = ''
        #     # Force nginx to return relative redirects. This lets the browser
        #     # figure out the full URL. This ends up working better because it's in
        #     # front of the reverse proxy and has the right protocol, hostname & port.
        #     absolute_redirect off;
        #   '';
        # };
      };
    };
  };
@@ -1,24 +0,0 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  services = {
    nix-serve = {
      enable = true;
      openFirewall = true;
      port = 5000;
      bindAddress = "0.0.0.0";
      secretKeyFile = config.sops.secrets.private-key.path;
    };
  };
  sops.secrets = {
    private-key = {
      key = "private-key";
      sopsFile = ./secrets/nix-serve.yaml;
      mode = "0600";
    };
  };
 }
@@ -23,7 +23,6 @@ in
  fileSystems."/var/lib/postgresql" = {
    device = "${xlib.dirs.services-mnt-folder}/postgresql";
    fsType = "none";
    options = [
      "bind"
      "nofail"
@@ -6,9 +6,6 @@
 {
  services.samba = {
    enable = true;
    nmbd = {
      enable = false;
    };
    settings = {
      global = {
        "invalid users" = [ ];
@@ -1,46 +0,0 @@
 {
 	"root": "/root/.step/certs/root_ca.crt",
 	"federatedRoots": null,
 	"crt": "/root/.step/certs/intermediate_ca.crt",
 	"key": "/root/.step/secrets/intermediate_ca_key",
 	"address": "0.0.0.0:9000",
 	"insecureAddress": "",
 	"dnsNames": [
 		"ca.zeroq.su"
 	],
 	"logger": {
 		"format": "text"
 	},
 	"db": {
 		"type": "badgerv2",
 		"dataSource": "/root/.step/db",
 		"badgerFileLoadingMode": ""
 	},
 	"authority": {
 		"provisioners": [
 			{
 				"type": "JWK",
 				"name": "oqyude@zeroq.su",
 				"key": {
 					"use": "sig",
 					"kty": "EC",
 					"kid": "vhOaaOVnwo0MtJVP13ZM60ckirLUqq-5WEbq2PQTQ-w",
 					"crv": "P-256",
 					"alg": "ES256",
 					"x": "0WXy0B9DHwz4POacxrSiml7bbOPFYPKVvyUlm18M5ro",
 					"y": "AptaeuzpC2TV9_hHAx8s2afDmCa_QJSzke23kCYzKfU"
 				},
 				"encryptedKey": "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjYwMDAwMCwicDJzIjoiVTBRS24wUHFJUUZiNTRyRkVYeDVwZyJ9.Xc96u-JxlKELcawpLmyrzqp4_UUY1sAqUo7PX6hBWL8_Ix2RzS8ZwA.fs5K5A9kXmp3KEUu.J1s016RTlqKbfRzQJB1bdz8v93S9PLpU3DqlEvIVnOIEhovL9vG5dzPLAfLApZ_MArHhubVkirHhZHB4fYd3KvbFpCRaYQomB4vP0V188zclL7gyatiQ36R_fTG_oiRiKHeP0nPubVpL-I-ESdtXR05pMQtit5A1luLGm3H78FuTF883Hiz-hc84v8E-nq0Z5l5zQeV-fy4QaCFzg1_5s7MacNlgplDLopzbfJIhp3SDKiwWjsotPjsuKMSQ-blawbBL5skf44t23hDelSaRvASq8-Dq-hkBLsKssMX7SzccHPWpxazZ07Ug8PKc8_o2kxc6k5-K0Xr5tY4h8VI.YSsnw_InABsga1SCjLtq1g"
 			}
 		]
 	},
 	"tls": {
 		"cipherSuites": [
 			"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
 			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
 		],
 		"minVersion": 1.2,
 		"maxVersion": 1.3,
 		"renegotiation": false
 	}
 }
@@ -1,17 +0,0 @@
 adminpass: ENC[AES256_GCM,data:Fm+Q6YWXxouP5cX2WHU05Jr49FU=,iv:Exf/li6bL6xpR9HQ8XDDSprjx4ltHkJFl99Ga+gXwmQ=,tag:iB9d5O4982tr7lPu1nWccQ==,type:str]
 whiteboard-jwt: ENC[AES256_GCM,data:5i+x8VODrBIhGEWS5Ua6lrk7tsfk6xTa/1qm1rXe4A==,iv:2gFEeudip7BxJh553QtZ1CZo9T8jro3Q/Afdo8ouHtw=,tag:HgBM9ta41rhXJlsQJ+asFg==,type:str]
 sops:
    age:
        - recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxNWFiUlZXMEEvNll0aFFk
            UldxNitqaDgyenBFeWRhLzUxSVVhQk55Q1FBCkdLU3p4S0NTOVhERkRoaWVwbWVB
            cUxwdkJnQ1IyNzFTaVJvVXRwbElYbVkKLS0tIDQ5ejZvRks5U0tPU0w0WXdtM0ht
            WGVQYjZtaHhaeC9pMzYxYmxTcVNtYk0KKxXXNA9h0fs+mA6U/Vsyg+q1CPl5hFrI
            Ozjqh+dzwajQeqkCPUdCsoeIWsvBY2Cyabvs+f0zj8S00faXb8rVQQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2026-03-30T12:49:45Z"
    mac: ENC[AES256_GCM,data:1EkbMGa6nK53GqGWYvXZP+sqy91AldGKy/32CVPshZwvTzJtk/VeK3W9A3fIGwvo7gl+QVWJmSiqrOTql4v+U4Yi3jVLEXsHXA5Bh28aJ7Ng9nkZmI10K7oaYF1xWNxzwss4gcDNIuomK+wG1WNLaiLbxwCBkN6xHugWQ4F+DLs=,iv:UmI6nC7dIHGeas54taf5kTIINvyd8YXyOVdIYghwHmE=,tag:VxdJLXRYin8D07r6CCA00A==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.12.2
@@ -1,16 +0,0 @@
 private-key: ENC[AES256_GCM,data:VTj1cmhYLbBuUnIgtXI3CZtULaNZ5XOpoheJB0gUwrWrH5B0rmxcvZLlJWX7xhGs4oqcC3Wwmo+TBPhcgGylLVdCuhJG5A94UwOa9ZIV4s3x3IJ4RU3UcHTsA0xdtw7XxBfryw==,iv:8oZCojIU0JXWJgE5t+fNNW9trC109yOJp1UGAV76FbU=,tag:S74cHFy9B8C29npdcoVBeg==,type:str]
 sops:
    age:
        - recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6MHBkYzZneEdhUlN5MEpx
            NGxud1BkVU1NUFdyVFE2VDJWb1M2cW9IcUVFCm9QZ3RvNHFaeWpFbnZ3Q1dKSDdn
            RHQvUDgrZHRiUHpSR3FrWXRkQUxXWGMKLS0tIERsemNuL1BwR2xYYUpmbVFROWtN
            RGI1WlRGMzlkS2tqQ0JPSFJHTUY1TUkKDeaivc+ST8MYtnJEDx07Y+IhtpvblR47
            SLZf6WKQ8WNY4Bb5VeMWiCABPP/2L+VwoACqkOdZ01yGUVQSc9X6tw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2026-05-03T17:05:41Z"
    mac: ENC[AES256_GCM,data:6jNp7N7lIvsLez3zQbDKTWPyvkL8u9g34I3q27GudgXzYw8B3Pb26jc9dCYCxCylCZxN5IeWWyHvUt4PadQABI4jrrIKnIfVV1A2c+A90chu+xSyE/B9OhkSC7yYVOnCURJPYku8799RIRkpHAWeKawkydbOiszCiC3qIKZDSTQ=,iv:xXivLDNnTABlNeWOOWsCESDUOnFv+9Lh0o029r7rk+A=,tag:vUoIZjcNtE3xJX/jNCao7Q==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.12.2
@@ -1,17 +0,0 @@
 jwt: ENC[AES256_GCM,data:Mp+eAh0Nle0QDfo92isNLwvHn/E=,iv:0FLK/8QpmX5Mv7IXMy04AJAgUknp5DATpD0acyPqrUg=,tag:rP9x3G8WIDG6KWSjqPXulQ==,type:str]
 nonce: ENC[AES256_GCM,data:IGIo74eaE1vppWmLJt8C1cmpUm8eozumLXU5ecJJIolpKlC85H39l6oGmw==,iv:YwLbgbkOxpChwLTbknCii66LMVwD61sr7gXsbv3t/NI=,tag:YFfLkO5b55/AcJKTpSyslQ==,type:str]
 sops:
    age:
        - recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSzIwWlBrWFJWVHpIUVJk
            eHh1MkYza28yeU54OWczY1ZjYmJHOFI3dXc4ClVKUVpoUWZTR0g5L2FTd0l4NzUr
            R0xlYTJVQ1VLQXJuSGZJUE1Bd3Jsa00KLS0tIExPSi9Ob0ErSTRZQlhlTGN5WUV0
            dm4xa25tSmN3VjlPaWpBWnhJdklqWEEK+sD+lvwQGjNkOic3ZCo2VGQ/+p2Nhmm+
            g846YrGljYOib6hNryEhZWe0KmaDhn24vnEK5NS4WtqqwV+IhCZbmg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2026-03-30T21:55:57Z"
    mac: ENC[AES256_GCM,data:Ff8KB0O7sDE4GL8kccuA3s8DSallp5aOsy+T60FLCxsZN1m7m6Cql+3Hb3IS0M/nLRZMoZre8kztnzSbWs8ZK0e5wZoQjb6KMESZaXPOfjjbPWjMKiRCAQZUJNZy5P067qoxOIQ3t25kPNolmHkSyicpLoLRIB4Adn8+M79/RLk=,iv:LfVbDH8JVbgkVk5cFpr/lbvtSu8waLhn9XHwPW/8jBE=,tag:ll5JQbyr84vI8V154ZE/wQ==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.12.2
@@ -1,16 +0,0 @@
 intermediate-password: ENC[AES256_GCM,data:SvV5uYVXVTuhh/dhzXIDJw69dJ3s33a0ibKCyDWnfyA=,iv:S9VydNWm4PL+quWQ7arCmSFXa6YO1/hL+xrYty/2IPE=,tag:zHJ6/ZNRfs9w9vrt77xdow==,type:str]
 sops:
    age:
        - enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5K3YyYkRkVkxwamMybWRj
            WGxEZnc3TGRYRHNtTXRZYlZKQ2hBK0YrQjNZCndVQVhYcTJqRitCdUdmMjduTk1M
            azNnMUhHKzB1M25vZGFScjZBcHJOaUEKLS0tIHJBRnZwamhvYU1ybFVFMFZsTmVS
            ZmN3NTVnZ1RwRkNzTUxJTjVGMU4yUHMKMEZdpDBm6pdZmrFidkOdivnnd2/b8OO/
            IUYmiWPlPd1IDV1NeMtlSYtO8exzB22XL9DqW4x/tJ7DeSZaBsjcOw==
            -----END AGE ENCRYPTED FILE-----
          recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
    lastmodified: "2026-06-13T22:59:34Z"
    mac: ENC[AES256_GCM,data:72E73xauS1Xrfw6tcyN/PHSJZ4ZZnIeKp8JVUPFGPBvIzaD6ZThYZwQ10FDD4JF+YOwn3QhCEh3t0ozcSNNnJFkyBgSqFtRMkym0ede12VAOPu2wQFoNvMdkT7+n14lJ/9OOz6KDyMf0BQDJKlSfDBkt+mLi61zte5iUxPsWsp4=,iv:xuOwFBEnlRgbaVdMq4O6w9T2edpS6uEPh9yhNbYBJIk=,tag:Y+dtcU17Q83o/9Nt1LGCcg==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.13.1
@@ -1,83 +0,0 @@
 {
  config,
  inputs,
  pkgs,
  xlib,
  ...
 }:
 let
  configDir = "${xlib.dirs.services-mnt-folder}/step-ca";
  varDir = "/var/lib/step-ca";
 in
 {
  services.step-ca = {
    enable = true;
    address = "0.0.0.0";
    port = 9000;
    openFirewall = true;
    intermediatePasswordFile = config.sops.secrets.intermediate-password.path;
    settings = {
      root = "${varDir}/certs/root_ca.crt";
      crt = "${varDir}/certs/intermediate_ca.crt";
      key = "${varDir}/secrets/intermediate_ca_key";
      # address = "0.0.0.0:9000";
      dnsNames = [
        "ca.zeroq.su"
      ];
      db = {
        type = "badgerv2";
        dataSource = "${varDir}/db";
      };
      authority = {
        provisioners = [
          {
            type = "JWK";
            name = "oqyude@zeroq.su";
            key = {
              use = "sig";
              kty = "EC";
              kid = "XEpzFJA-sedFf0ANCiEH1UDaSvrHiZabLahQOyoAYmc";
              crv = "P-256";
              alg = "ES256";
              x = "AGHevH0UU7_abhE6d8JhNuNRgXBeVI7qCldZrFfkn5o";
              y = "pLKOpAwUiGRv4HRQUyiXFAMqsywTjrjazeEkDOr29Sk";
            };
            encryptedKey = "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjYwMDAwMCwicDJzIjoibFlONzBwMWJiVzc0MDlGaS1EOEZVUSJ9.zBEsf2hAaj4yyy_Lk1Jss7h5Hn68kz6UMeg3Jz3X_VVeMWLvcoRVaw.tpY50S9CSzmcfWXz.u5ta_Yd3GLMz19RKA2WondVIwTGbGs3is5v7_D0aUOtQ0158d4GcjrOHFD2PexaackbTNuUPtqa2X38ypnFq5wh1uq3udWu-qWRjRSd_YkY4YJt_GWFvUHQ_jldx0NSfMDNGndU2IakR62-9WklEjU3UGmUeaPGP9DTuzmdJa36t2aLuPuNnmV-tEJIH3eQ5huU8nLy1ROZjdkrF-agHh78EG_Ss8P4vHuqOtTAjZW3YCtfSfb57iKAsbrk3nUTo6zhPc0ds8cPB7Rva0K8Rj2Pf3apB7qZnCVF5zBiu1icvhOYIfwVQAiqpdz6qMi42QSBWZ4ROu4Db2q5a6D0.AS7Dr3v_Niiwy7aHIR-0bw";
          }
        ];
      };
    };
  };
  fileSystems."${varDir}" = {
    device = "${configDir}";
    fsType = "none";
    options = [
      "bind"
      "nofail"
    ];
  };
  environment = {
    systemPackages = with pkgs; [
      step-cli
    ];
  };
  systemd.tmpfiles.rules = [
    "d ${configDir} 0755 nobody nogroup -"
    "z ${configDir} 0755 nobody nogroup -"
    "Z ${configDir}/ 0700 nobody nogroup -"
  ];
  sops.secrets = {
    intermediate-password = {
      format = "yaml";
      key = "intermediate-password";
      sopsFile = ./secrets/step-ca.yaml;
      # owner = "nobody";
      # group = "nogroup";
      mode = "0600";
    };
  };
 }
@@ -11,47 +11,31 @@
      rsync-archivesta = {
        # Archivesta
        description = "Backup data using rsync";
-        unitConfig.RequiresMountsFor = [
+        requisite = [ "mnt-archive.mount" ]; # hard-code
          "${xlib.dirs.archive-drive}"
          "${xlib.dirs.server-home}"
          "${xlib.dirs.services-mnt-folder}"
        ];
        script = ''
-          ${pkgs.rsync}/bin/rsync -rtv --delete \
+          ${pkgs.rsync}/bin/rsync -rtv --delete ${xlib.dirs.services-folder}/ ${xlib.dirs.archive-drive}/Services/
            ${xlib.dirs.services-mnt-folder}/ \
            ${xlib.dirs.archive-drive}/Services/
        '';
        serviceConfig = {
          Type = "oneshot";
          User = "root";
          Group = "root";
-          Nice = 10;
+          Nice = 19;
          CPUQuota = "5%";
          IOSchedulingClass = "idle";
        };
      };
      rsync-archivesta-lite = {
        # Archivesta Lite
        description = "Backup data using rsync";
-        unitConfig.RequiresMountsFor = [
+        requisite = [ "mnt-mobile.mount" ]; # hard-code
          "${xlib.dirs.server-home}"
          "${xlib.dirs.mobile-drive}"
        ];
        script = ''
-          ${pkgs.rsync}/bin/rsync -rtv --delete \
+          ${pkgs.rsync}/bin/rsync -rtv --delete ${xlib.dirs.server-home}/Music/ ${xlib.dirs.mobile-drive}/Music/
-            ${xlib.dirs.server-home}/Music/ \
+          ${pkgs.rsync}/bin/rsync -rtv --delete "${xlib.dirs.server-home}/Hosts/epral/Neo Backup/" "${xlib.dirs.mobile-drive}/Neo Backup/"
            ${xlib.dirs.mobile-drive}/Music/
          ${pkgs.rsync}/bin/rsync -rtv --delete \
            "${xlib.dirs.server-home}/Hosts/epral/Neo Backup/" \
            "${xlib.dirs.mobile-drive}/Neo Backup/"
        '';
        serviceConfig = {
          Type = "oneshot";
          User = "root";
          Group = "root";
-          Nice = 10;
+          Nice = 19;
          CPUQuota = "5%";
          IOSchedulingClass = "idle";
        };
      };
@@ -8,7 +8,7 @@
 }:
 {
  services.uptime-kuma = {
-    enable = false;
+    enable = true;
    settings = {
      PORT = "4001";
      HOST = "0.0.0.0";
@@ -21,7 +21,6 @@
  fileSystems."/var/lib/private/uptime-kuma" = {
    device = "${xlib.dirs.services-mnt-folder}/uptime-kuma";
    fsType = "none";
    options = [
      "bind"
      "nofail"
@@ -0,0 +1,24 @@
 {
  config,
  lib,
  pkgs,
  xlib,
  ...
 }:
 {
  # services = {
  #   nextjs-ollama-llm-ui.enable = false;
  #   ollama = {
  #     enable = false;
  #     package = pkgs.ollama-rocm;
  #     environmentVariables = {
  #       HSA_OVERRIDE_GFX_VERSION = "11.5.0";
  #       HCC_AMDGPU_TARGET = "gfx1150"; # used to be necessary, but doesn't seem to anymore
  #     };
  #     user = "ollama"; # "${xlib.device.username}";
  #     group = "ollama";
  #     acceleration = "rocm";
  #     rocmOverrideGfx = "11.5.0";
  #   };
  # };
 }
@@ -1,84 +1,28 @@
 {
  config,
  inputs,
  lib,
  pkgs,
  xlib,
  ...
 }:
 let
-  stable = import inputs.nixpkgs-beets {
+  depsOverlay = import ./dependencies.nix {
-    system = "x86_64-linux";
+    # ./dependencies-full.nix if broken
    inherit (pkgs) fetchurl fetchgit fetchhg;
    inherit pkgs;
  };
-in
+  python3 = pkgs.python3.override {
-let
+    packageOverrides = depsOverlay;
-  # depsOverlay = import ./dependencies.nix {
+  };
-  #   # ./dependencies-full.nix if broken
+  beetsEnv = python3.withPackages (ps: [
-  #   inherit (pkgs) fetchurl fetchgit fetchhg;
+    ps.beets
-  #   inherit pkgs;
+  ]);
  # };
  # python3 = pkgs.python3.override {
  #   packageOverrides = depsOverlay;
  # };
  beetsEnv = pkgs.python314.withPackages (
    ps: with ps; [
      # et-xmlfile
      # exceptiongroup
      # markdown-it-py
      # mdurl
      # munkres
      # musicbrainzngs
      # openpyxl
      # pygments
      # rich
      # sniffio
      anyio
      beautifulsoup4
      beetcamp
      beets
      certifi
      charset-normalizer
      colorama
      confuse
      discogs-client
      filetype
      h11
      httpcore
      httpx
      httpx-socks
      idna
      jellyfish
      langdetect
      lap
      llvmlite
      mediafile
      mutagen
      numba
      numpy
      oauthlib
      packaging
      pillow
      platformdirs
      pycountry
      pylast
      pyrate-limiter
      pysocks
      python-dateutil
      pyyaml
      requests
      requests-ratelimiter
      scipy
      # setuptools
      six
      socksio
      soupsieve
      typing-extensions
      unidecode
      urllib3
    ]
  );
 in
 {
  systemd.tmpfiles.rules = [
    "z /mnt/beets 0700 ${xlib.device.username} users -" # beets absolute paths
  ];
  users = {
    users = {
      "${xlib.device.username}" = {
@@ -86,20 +30,21 @@ in
          beetsEnv
          pkgs.mp3gain
          pkgs.imagemagick
-          #ffmpeg
+          #pkgs.ffmpeg
        ];
      };
    };
  };
-  systemd.mounts = [
+  fileSystems."/mnt/beets/music" = {
-    {
+    device = "/home/${xlib.device.username}/Music"; # "${xlib.dirs.vetymae-drive}/Users/User/Music"
-      enable = true;
+    options = [
-      options = "bind,x-systemd.automount,nofail";
+      "bind"
-      requires = [ "local-fs.target" ];
+      "uid=1000"
-      type = "none";
+      "gid=1000"
-      wantedBy = [ "multi-user.target" ];
+      "fmask=0077"
-      what = "/home/${xlib.device.username}/Music";
+      "dmask=0077"
-      where = "/home/${xlib.device.username}/.config/beets";
+      "nofail"
-    }
+      #"x-systemd.device-timeout=0"
-  ];
+    ];
  };
 }
@@ -117,7 +117,7 @@ self: super: {
      self."requests" # For spotify, deezer, embedart, fetchart, lyrics
      self."python3-discogs-client" # For discogs
      self."pylast" # For lastgenre
-      # self."beetcamp" # Another
+      self."beetcamp" # Another
    ];
  };
  "certifi" = super.buildPythonPackage rec {
@@ -13,7 +13,6 @@
  xlib.device.username = "oqyude";
  users = {
    mutableUsers = false;
    users = {
      "${xlib.device.username}" = {
        name = "${xlib.device.username}";
@@ -81,22 +80,6 @@
        group = config.users.users."${xlib.device.username}".group;
        mode = "0655";
      };
      ssh_key_private_root = {
        format = "yaml";
        key = "ssh_key_private";
        path = "/root/.ssh/id_ed25519";
        owner = "root";
        group = "root";
        mode = "0600";
      };
      ssh_key_public_root = {
        format = "yaml";
        key = "ssh_key_public";
        path = "/root/.ssh/id_ed25519";
        owner = "root";
        group = "root";
        mode = "0655";
      };
      ssh_key_public_host = {
        format = "yaml";
        key = "ssh_key_public";
@@ -58,7 +58,6 @@
    environment = {
      "XRAY_VMESS_AEAD_FORCED" = "false";
      "XUI_ENABLE_FAIL2BAN" = "true";
      "TZ" = "Europe/Moscow";
    };
    volumes = [
      "/mnt/containers/3x-ui/cert/:/root/cert:rw"
@@ -0,0 +1,16 @@
 {
  config,
  pkgs,
  inputs,
  ...
 }:
 {
  imports = [
    ./3x-ui.nix
  ];
  environment.systemPackages = with pkgs; [
    compose2nix
    podman-tui
  ];
 }
@@ -4,6 +4,7 @@
 }:
 {
  imports = [
-    ../vds
+    ./containers
    ./nginx.nix
  ];
 }
@@ -0,0 +1,40 @@
 {
  config,
  pkgs,
  ...
 }:
 {
  services.netbird.server = {
    enable = false;
    enableNginx = true;
    domain = "netbird.zeroq.ru";
    dashboard = {
      enable = false;
      domain = "netbird.zeroq.ru";
      settings = {
        #AUTH_AUTHORITY = "nbp_ufe0v5mbb5H1lQWL8eJfuzJ5ItPmlM46Mik0";
      };
    };
    management = {
      enable = false;
      domain = "netbird.zeroq.ru";
    };
  };
  # networking.firewall = {
  #   allowedTCPPorts = [
  #     80
  #     443
  #     33073
  #     10000
  #     33080
  #   ];
  #   allowedUDPPorts = [ 3478 ];
  #   allowedUDPPortRanges = [
  #     {
  #       from = 49152;
  #       to = 65535;
  #     }
  #   ];
  # };
 }
@@ -0,0 +1,202 @@
 {
  config,
  inputs,
  pkgs,
  ...
 }:
 let
  server = "100.64.0.0";
 in
 {
  environment.etc."nginx/pubray".text = inputs.zeroq-credentials.services.xray.auth;
  users.users.nginx.extraGroups = [ "acme" ];
  services = {
    nginx = {
      enable = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      appendHttpConfig = inputs.zeroq-credentials.services.xray.maps;
      virtualHosts = {
        # "pubray.zeroq.ru" = {
        #   enableACME = true;
        #   forceSSL = true;
        #   root = "${inputs.zeroq-credentials.services.xray.subs}";
        #   locations."/" = {
        #     extraConfig = ''
        #       auth_basic "Restricted";
        #       auth_basic_user_file /etc/nginx/pubray;
        #       if ($subfile = "") { return 403; }
        #       rewrite ^/$ $subfile break;
        #     '';
        #   };
        # };
        "x.new.zeroq.ru" = {
          forceSSL = true;
          enableACME = true;
          locations = {
            "/" = {
              proxyPass = "http://localhost:2049";
              proxyWebsockets = true;
            };
            "/default" = {
              proxyPass = "http://localhost:2053";
              proxyWebsockets = true;
            };
            "/subs/" = {
              proxyPass = "http://localhost:2096";
              proxyWebsockets = true;
            };
          };
        };
        # "kuma.new.zeroq.ru" = {
        #   forceSSL = true;
        #   enableACME = true;
        #   locations."/" = {
        #     proxyPass = "http://${server}:4001";
        #     proxyWebsockets = true;
        #   };
        #   extraConfig = ''
        #     client_max_body_size 5G;
        #   '';
        # };
        # "node-red.zeroq.ru" = {
        #   forceSSL = true;
        #   enableACME = true;
        #   kTLS = true;
        #   locations."/" = {
        #     proxyPass = "http://${server}:1880";
        #     proxyWebsockets = true;
        #   };
        #   extraConfig = ''
        #     client_max_body_size 5G;
        #   '';
        # };
        # "new.zeroq.ru" = {
        #   forceSSL = true;
        #   enableACME = true;
        #   root = pkgs.writeTextDir "index.html" ''
        #     <!doctype html>
        #     <html>
        #     <body>
        #       <pre>What are you doing here?</pre>
        #     </body>
        #     </html>
        #   '';
        #   locations = {
        #     "/guest/" = {
        #       proxyPass = "http://${server}:80";
        #       proxyWebsockets = true;
        #     };
        #     # "/.well-known/discord" = {
        #     #   extraConfig = ''
        #     #     default_type text/plain;
        #     #     return 200 "dh=c2d103553a4cfdaa1b7952a87a7d8120a1e167cc";
        #     #   '';
        #     # };
        #   };
        # };
        # "flux.new.zeroq.ru" = {
        #   forceSSL = true;
        #   enableACME = true;
        #   locations."/" = {
        #     proxyPass = "http://${server}:6061";
        #     proxyWebsockets = true;
        #   };
        #   extraConfig = ''
        #     client_max_body_size 5G;
        #   '';
        # };
        # "office.new.zeroq.ru" = {
        #   enableACME = true;
        #   forceSSL = true;
        #   locations = {
        #     "/" = {
        #       proxyPass = "http://${server}:9980"; # API и coauthoring
        #       proxyWebsockets = true;
        #     };
        #   };
        #   extraConfig = ''
        #     client_max_body_size 5G;
        #     proxy_set_header X-Forwarded-Proto $scheme;
        #     proxy_set_header X-Real-IP $remote_addr;
        #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #   ''; # absolute_redirect off;
        # };
        # "immich.new.zeroq.ru" = {
        #   forceSSL = true;
        #   enableACME = true;
        #   locations."/" = {
        #     proxyPass = "http://${server}:2283";
        #     proxyWebsockets = true;
        #   };
        #   extraConfig = ''
        #     client_max_body_size 5G;
        #   '';
        # };
        # "nextcloud.new.zeroq.ru" = {
        #   forceSSL = true;
        #   enableACME = true;
        #   locations = {
        #     "/" = {
        #       proxyPass = "http://${server}:10000";
        #       proxyWebsockets = true;
        #     };
        #     "/whiteboard" = {
        #       proxyPass = "http://${server}:3002";
        #       proxyWebsockets = true;
        #     };
        #   };
        #   extraConfig = ''
        #     client_max_body_size 5G;
        #   '';
        # };
        # "calibre.new.zeroq.ru" = {
        #   forceSSL = true;
        #   enableACME = true;
        #   locations."/" = {
        #     proxyPass = "http://${server}:8083";
        #     proxyWebsockets = true;
        #   };
        #   extraConfig = ''
        #     client_max_body_size 5G;
        #   '';
        # };
        # "pdf.new.zeroq.ru" = {
        #   forceSSL = true;
        #   enableACME = true;
        #   locations."/" = {
        #     proxyPass = "http://${server}:6060";
        #     proxyWebsockets = true;
        #   };
        #   extraConfig = ''
        #     client_max_body_size 5G;
        #   '';
        # };
        # "ai.zeroq.ru" = {
        #   forceSSL = true;
        #   enableACME = true;
        #   locations."/" = {
        #     proxyPass = "http://${server}:11112";
        #     proxyWebsockets = true;
        #   };
        #   extraConfig = ''
        #     client_max_body_size 5G;
        #   '';
        # };
      };
    };
  };
  security.acme = {
    acceptTerms = true;
    defaults = {
      email = "go.bin043120@gmail.com";
    };
  };
  networking.firewall.allowedTCPPorts = [
    80
    443
  ];
 }
@@ -0,0 +1,108 @@
 # Auto-generated using compose2nix v0.3.3-pre.
 {
  pkgs,
  lib,
  config,
  ...
 }:
 {
  # Runtime
  virtualisation.podman = {
    enable = true;
    autoPrune = {
      enable = true;
      flags = [ "--all" ];
    };
    dockerCompat = true;
  };
  # Enable container name DNS for all Podman networks.
  networking.firewall.interfaces =
    let
      matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
    in
    {
      "${matchAll}".allowedUDPPorts = [ 53 ];
    };
  networking.firewall = {
    allowedUDPPortRanges = [
      {
        from = 14380;
        to = 15380;
      }
    ];
    allowedTCPPortRanges = [
      {
        from = 14380;
        to = 15380;
      }
    ];
    allowedTCPPorts = [
      8443
      9443
      13380
    ];
    allowedUDPPorts = [
      8443
      9443
      13380
    ];
  };
  virtualisation.oci-containers.backend = "podman";
  # Containers
  virtualisation.oci-containers.containers."3xui_app" = {
    image = "ghcr.io/mhsanaei/3x-ui:latest";
    environment = {
      "XRAY_VMESS_AEAD_FORCED" = "false";
      "XUI_ENABLE_FAIL2BAN" = "true";
    };
    volumes = [
      "/mnt/containers/3x-ui/cert/:/root/cert:rw"
      "/mnt/containers/3x-ui/db/:/etc/x-ui:rw"
    ];
    log-driver = "journald";
    extraOptions = [
      "--network=host"
    ];
  };
  systemd.services."podman-3xui_app" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "always";
    };
    partOf = [
      "podman-compose-3x-ui-root.target"
    ];
    wantedBy = [
      "podman-compose-3x-ui-root.target"
    ];
  };
  # Builds
  systemd.services."podman-build-3xui_app" = {
    path = [
      pkgs.podman
      pkgs.git
    ];
    serviceConfig = {
      Type = "oneshot";
      TimeoutSec = 300;
    };
    script = ''
      cd /mnt/containers/3x-ui
      podman build -t compose2nix/3xui_app -f ./Dockerfile .
    '';
  };
  # Root service
  # When started, this will automatically create all resources and start
  # the containers. When stopped, this will teardown all resources.
  systemd.targets."podman-compose-3x-ui-root" = {
    unitConfig = {
      Description = "Root target generated by compose2nix.";
    };
    wantedBy = [ "multi-user.target" ];
  };
 }
@@ -0,0 +1,16 @@
 {
  config,
  pkgs,
  inputs,
  ...
 }:
 {
  imports = [
    ./3x-ui.nix
  ];
  environment.systemPackages = with pkgs; [
    compose2nix
    podman-tui
  ];
 }
@@ -4,11 +4,10 @@
 }:
 {
  imports = [
-    ../containers/3x-ui.nix
+    ./containers
    ./nginx.nix
-    ./samba.nix
+    ./xray.nix
-    # ./glances.nix
+    # ../services/uptime-kuma.nix
    # ./netbird.nix
    # ./xray.nix
  ];
 }
@@ -1,15 +0,0 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  services = {
    glances = {
      enable = true;
      openFirewall = true;
      port = 61208;
    };
  };
 }
@@ -7,17 +7,17 @@
  services.netbird.server = {
    enable = false;
    enableNginx = true;
-    domain = "netbird.zeroq.su";
+    domain = "netbird.zeroq.ru";
    dashboard = {
      enable = false;
-      domain = "netbird.zeroq.su";
+      domain = "netbird.zeroq.ru";
      settings = {
        #AUTH_AUTHORITY = "nbp_ufe0v5mbb5H1lQWL8eJfuzJ5ItPmlM46Mik0";
      };
    };
    management = {
      enable = false;
-      domain = "netbird.zeroq.su";
+      domain = "netbird.zeroq.ru";
    };
  };
@@ -8,7 +8,7 @@ let
  server = "100.64.0.0";
 in
 {
-  # environment.etc."nginx/pubray".text = inputs.zeroq-credentials.services.xray.auth;
+  environment.etc."nginx/pubray".text = inputs.zeroq-credentials.services.xray.auth;
  users.users.nginx.extraGroups = [ "acme" ];
  services = {
    nginx = {
@@ -17,9 +17,9 @@ in
      recommendedOptimisation = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
-      # appendHttpConfig = inputs.zeroq-credentials.services.xray.maps;
+      appendHttpConfig = inputs.zeroq-credentials.services.xray.maps;
      virtualHosts = {
-        # "pubray.zeroq.su" = {
+        # "pubray.zeroq.ru" = {
        #   enableACME = true;
        #   forceSSL = true;
        #   root = "${inputs.zeroq-credentials.services.xray.subs}";
@@ -33,7 +33,7 @@ in
        #     '';
        #   };
        # };
-        "x.zeroq.su" = {
+        "x.zeroq.ru" = {
          forceSSL = true;
          enableACME = true;
          locations = {
@@ -45,45 +45,20 @@ in
              proxyPass = "http://localhost:2096";
              proxyWebsockets = true;
            };
            "/subsjs/" = {
              proxyPass = "http://localhost:2096";
              proxyWebsockets = true;
            };
          };
        };
-        "kuma.zeroq.su" = {
+        "kuma.zeroq.ru" = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
            proxyPass = "http://${server}:4001";
            proxyWebsockets = true;
          };
          extraConfig = ''
            client_max_body_size 5G;
          '';
        };
-        "health.zeroq.su" = {
+        # "node-red.zeroq.ru" = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
            proxyPass = "http://${server}:19999";
            proxyWebsockets = true;
          };
        };
        "git.zeroq.su" = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
            proxyPass = "http://${server}:3000";
            proxyWebsockets = true;
          };
        };
        # "agent.zeroq.su" = {
        #   forceSSL = true;
        #   enableACME = true;
        #   locations."/" = {
        #     proxyPass = "http://${server}:3000";
        #     proxyWebsockets = true;
        #   };
        # };
        # "node-red.zeroq.su" = {
        #   forceSSL = true;
        #   enableACME = true;
        #   kTLS = true;
@@ -95,7 +70,7 @@ in
        #     client_max_body_size 5G;
        #   '';
        # };
-        "zeroq.su" = {
+        "zeroq.ru" = {
          forceSSL = true;
          enableACME = true;
          root = pkgs.writeTextDir "index.html" ''
@@ -119,50 +94,34 @@ in
            # };
          };
        };
-        "flux.zeroq.su" = {
+        "flux.zeroq.ru" = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
            proxyPass = "http://${server}:6061";
            proxyWebsockets = true;
          };
          extraConfig = ''
            client_max_body_size 5G;
          '';
        };
-        "n8n.zeroq.su" = {
+        "office.zeroq.ru" = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
            proxyPass = "http://${server}:5678";
            proxyWebsockets = true;
          };
        };
        "office.zeroq.su" = {
          enableACME = true;
          forceSSL = true;
          locations = {
            "/" = {
-              proxyPass = "http://${server}:8090";
+              proxyPass = "http://${server}:9980"; # API и coauthoring
              proxyWebsockets = true;
            };
          };
-          # extraConfig = ''
+          extraConfig = ''
-          #   client_max_body_size 5G;
+            client_max_body_size 5G;
-
+            proxy_set_header X-Forwarded-Proto $scheme;
-          #   proxy_http_version 1.1;
+            proxy_set_header X-Real-IP $remote_addr;
-          #   proxy_buffering off;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
+          ''; # absolute_redirect off;
          #   proxy_set_header Host $host;
          #   proxy_set_header X-Forwarded-Host $host;
          #   proxy_set_header X-Forwarded-Proto $scheme;
          #   proxy_set_header X-Real-IP $remote_addr;
          #   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          #   proxy_set_header Authorization $http_authorization;
          #   proxy_set_header Upgrade $http_upgrade;
          #   proxy_set_header Connection "upgrade";
          # ''; # absolute_redirect off;
        };
-        "immich.zeroq.su" = {
+        "immich.zeroq.ru" = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
@@ -173,7 +132,7 @@ in
            client_max_body_size 5G;
          '';
        };
-        "nextcloud.zeroq.su" = {
+        "nextcloud.zeroq.ru" = {
          forceSSL = true;
          enableACME = true;
          locations = {
@@ -190,7 +149,7 @@ in
            client_max_body_size 5G;
          '';
        };
-        "calibre.zeroq.su" = {
+        "calibre.zeroq.ru" = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
@@ -201,18 +160,18 @@ in
            client_max_body_size 5G;
          '';
        };
-        "pdf.zeroq.su" = {
+        # "pdf.zeroq.ru" = {
-          forceSSL = true;
+        #   forceSSL = true;
-          enableACME = true;
+        #   enableACME = true;
-          locations."/" = {
+        #   locations."/" = {
-            proxyPass = "http://${server}:8446";
+        #     proxyPass = "http://${server}:6060";
-            proxyWebsockets = true;
+        #     proxyWebsockets = true;
-          };
+        #   };
-          extraConfig = ''
+        #   extraConfig = ''
-            client_max_body_size 5G;
+        #     client_max_body_size 5G;
-          '';
+        #   '';
-        };
+        # };
-        # "ai.zeroq.su" = {
+        # "ai.zeroq.ru" = {
        #   forceSSL = true;
        #   enableACME = true;
        #   locations."/" = {
@@ -1,56 +0,0 @@
 {
  config,
  xlib,
  ...
 }:
 {
  services.samba = {
    enable = true;
    nmbd = {
      enable = false;
    };
    settings = {
      global = {
        "invalid users" = [ ];
        "passwd program" = "/run/wrappers/bin/passwd %u";
        security = "user";
      };
      nixos = {
        "path" = "/etc/nixos";
        "browseable" = "yes";
        "read only" = "no";
        "valid users" = "${xlib.device.username}";
        "guest ok" = "no";
        "writable" = "yes";
        "create mask" = 755;
        "directory mask" = 755;
        "force user" = "${xlib.device.username}";
        "force group" = "users";
      };
      root = {
        "path" = "/";
        "browseable" = "yes";
        "read only" = "no";
        "valid users" = "${xlib.device.username}";
        "guest ok" = "no";
        "writable" = "yes";
        #"create mask" = 0644;
        #"directory mask" = 0644;
        "force user" = "root";
        "force group" = "root";
      };
      "${xlib.device.username}" = {
        "path" = "/home/${xlib.device.username}";
        "browseable" = "yes";
        "read only" = "no";
        "valid users" = "${xlib.device.username}";
        "guest ok" = "no";
        "writable" = "yes";
        "create mask" = 700;
        "directory mask" = 700;
        "force user" = "${xlib.device.username}";
        "force group" = "users";
      };
    };
  };
 }
@@ -5,10 +5,6 @@
  ...
 }:
 {
  imports = [
    # ./3x-ui.nix
  ];
  environment.systemPackages = with pkgs; [
    compose2nix
    podman-tui
@@ -1,17 +1,15 @@
 {
  inputs,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [
    ../software/aichat.nix
    ../software/beets
    ../software/whisper.nix
-    ./containers
+    ../software/aichat.nix
-    ./tools
+    #../vds/docker.nix
    #../server/open-webui.nix
    #../services/tts.nix
    #../server/open-webui.nix
  ];
 }
@@ -1,8 +1,3 @@
-{
+{ inputs, ... }:
  inputs,
  ...
 }:
 self: super: {
  rovr = inputs.self.packages.x86_64-linux.rovr;
  pcbu-desktop = inputs.self.packages.x86_64-linux.pcbu-desktop;
 }
@@ -1,17 +1,9 @@
 { inputs, ... }@flakeContext:
 let
-  system = "x86_64-linux";
+  pkgs = import inputs.nixpkgs { system = "x86_64-linux"; };
  pkgs = import inputs.nixpkgs {
    inherit system;
    config = {
      allowUnfree = true;
    };
  };
 in
 {
-  packages.${system} = {
+  # packages."x86_64-linux" = {
-    rovr = pkgs.callPackage ./rovr { };
+  #   immich = pkgs.callPackage ./immich/package.nix { };
-    pcbu-desktop = pkgs.callPackage ./pcbu-desktop { };
+  # };
    # immich = pkgs.callPackage ./immich { };
  };
 }
@@ -1,54 +0,0 @@
 { pkgs }:
 let
  pname = "pcbu-desktop";
  version = "3.2.3";
  src = pkgs.fetchurl {
    url = "https://github.com/MeisApps/pcbu-desktop/releases/download/v${version}/PCBioUnlock-x64.AppImage";
    sha256 = "sha256-+NxAm6vhMH51z6BscuFvaMidHN/3tNBR1g+i0q9hjWE=";
  };
 in
 pkgs.appimageTools.wrapType2 {
  inherit pname version src;
  extraPkgs =
    pkgs: with pkgs; [
      glib
      nss
      nspr
      libdrm
      libGL
      libxkbcommon
      libX11
      libXcursor
      libXrandr
      libXi
      libXext
      libXfixes
      libXrender
      libXtst
      libxcrypt-legacy
      gtk3
      alsa-lib
      at-spi2-atk
      at-spi2-core
      cups
      dbus
      expat
      pango
      cairo
    ];
  extraInstallCommands = ''
    mkdir -p $out/share/applications
    cat > $out/share/applications/${pname}.desktop <<EOF
    [Desktop Entry]
    Name=PCBU Desktop
    Exec=${pname}
    Type=Application
    Categories=Utility;
    EOF
  '';
 }
@@ -1,20 +0,0 @@
 Для сервиса пригодится:
 ```
    hardware.bluetooth.enable = true;
    services.dbus.enable = true;
    networking.firewall.allowedUDPPorts = [ ... ];
    networking.firewall.allowedTCPPorts = [ ... ];
 ```
 ---
 pcbu-desktop-3.2.3-fhsenv-rootfs> building '/nix/store/8q029crhzkqw1vqvjbnxvmpgpwfr9sk1-pcbu-desktop-3.2.3-fhsenv-rootfs.drv'
 pcbu-desktop-3.2.3-fhsenv-rootfs> structuredAttrs is enabled
 pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.locale? has path ?/system/locale/?.  Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
 pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.proxy? has path ?/system/proxy/?.  Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
 pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.proxy.http? has path ?/system/proxy/http/?.  Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
 pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.proxy.https? has path ?/system/proxy/https/?.  Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
 pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.proxy.ftp? has path ?/system/proxy/ftp/?.  Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
 pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.proxy.socks? has path ?/system/proxy/socks/?.  Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
 pcbu-desktop-3.2.3-bwrap> building '/nix/store/6pzpm3vzia2jjfjizh8yx8v1n8l9apnr-pcbu-desktop-3.2.3-bwrap.drv'
 pcbu-desktop> building '/nix/store/9jrq44m27r427rfxvbn3ym7b4y6hnnha-pcbu-desktop-3.2.3.drv'
@@ -1,74 +0,0 @@
 { pkgs }:
 let
  python = pkgs.python314.override {
    packageOverrides = self: super: {
      textual = super.textual.overridePythonAttrs (old: rec {
        version = "7.1.0";
        src = super.fetchPypi {
          pname = "textual";
          inherit version;
          sha256 = "sha256-PHFI7wCpJ3tF/Xihpq3HxBnEUdPtcUoLAVsW6qKopzs=";
        };
      });
    };
  };
  py = python.pkgs;
  textualDeps = with py; [
    textual
    textual-autocomplete
    textual-image
    textual-speedups
  ];
  pythonDeps = with py; [
    ujson
    prompt-toolkit
    rich
    fastjsonschema
    humanize
    natsort
    pathvalidate
    pdf2image
    pillow
    platformdirs
    psutil
    puremagic
    rarfile
    rich-click
    send2trash
    tomli
  ];
 in
 py.buildPythonApplication rec {
  pname = "rovr";
  version = "0.7.0";
  src = py.fetchPypi {
    inherit pname version;
    format = "wheel";
    dist = "py3";
    python = "py3";
    abi = "none";
    platform = "any";
    sha256 = "sha256-CMj3jepLSA2bMcl2r89HY/ghPXEIpF5RohkBkLj6iNw=";
  };
  format = "wheel";
  propagatedBuildInputs = pythonDeps ++ textualDeps;
  nativeBuildInputs = [ pkgs.stdenv.cc.cc.lib ];
  doCheck = false;
  meta = with pkgs.lib; {
    description = "Terminal file manager rovr";
    homepage = "https://pypi.org/project/rovr/";
    license = licenses.mit;
  };
 }
		`@@ -1 +1 @@`
			`I'm a super newbie who just posted my stuff here. Now maybe about intermediate`				`I'm a super newbie who just posted my stuff here. Now maybe simple newbie`