Update

.sops.yaml

@@ -1,11 +1,11 @@
 keys:
   - &primary age12yvtj49pfh3fqzqflscm0ek4yzrjhr6cqhn7x89gdxnlykq0xudq5c7334
 creation_rules:
-  - path_regex: hosts/laptop/secrets/laptop.yaml$
+  - path_regex: hosts/laptop/secrets/secrets.yaml$
     key_groups:
       - age:
         - *primary
-  - path_regex: hosts/server/secrets/server.yaml$
+  - path_regex: hosts/server/secrets/secrets.yaml$
     key_groups:
       - age:
         - *primary

flake.lock

@@ -299,11 +299,11 @@
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1724085862,
-        "narHash": "sha256-qIPLv+MmTVZ0sjhx99EZhe/2aGzy5JOskmlqPd6DNFQ=",
+        "lastModified": 1724243887,
+        "narHash": "sha256-qa5TXlcANiWSEzLNZmenvXkqzzh3cDUYSfNniGi+LaU=",
         "ref": "refs/heads/main",
-        "rev": "c86db7bbb0cf14d4955ee3a4d13c0ed9f8a0e0ae",
-        "revCount": 5115,
+        "rev": "883463f9dd7f1cdc68c3e32017c0a71ccbe39b26",
+        "revCount": 5119,
         "submodules": true,
         "type": "git",
         "url": "https://github.com/hyprwm/Hyprland"
@@ -536,11 +536,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1724127528,
-        "narHash": "sha256-fKtsvNQeLhPuz1O53x6Xxkd/yYecpolNXRq7mfvnXQk=",
+        "lastModified": 1724222231,
+        "narHash": "sha256-IFlMn1lgVsZQZC9WklY9YKcCdI0mUxSYZ7EfkaKCsQU=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "cb413995e1e101c76d755b7f131ce60c7ea3985d",
+        "rev": "b7f419a759f70126e220533b724cc17e8528b184",
         "type": "github"
       },
       "original": {
@@ -672,11 +672,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1724127458,
-        "narHash": "sha256-2ZNwq7AC62nMGAeb/ylpnK+0O+CTbXhpeyKCCP+/zFU=",
+        "lastModified": 1724213823,
+        "narHash": "sha256-2IWw1IagCe1yb/y2hzB5ofxO5KKcLPzcJYYUdVP0hRk=",
         "owner": "Gerg-L",
         "repo": "spicetify-nix",
-        "rev": "94195e44cd5d267256cb3e5d5eae30f1cca6fdd1",
+        "rev": "24285dbcf8f0769c7af50a0b6e38ec4fd841389e",
         "type": "github"
       },
       "original": {

home/system/hyprland/default.nix

@@ -146,6 +146,8 @@
         new_window_takes_over_fullscreen = 2;
       };
 
+      render = { explicit_sync = "0"; };
+
       opengl = { nvidia_anti_flicker = false; };
 
       input = {

hosts/laptop/secrets/secrets.yaml

@@ -1,4 +1,4 @@
-sshconfig: ENC[AES256_GCM,data:Y3NfsEzlL3QlB1P6FCq5PKS7ZPv6dzJRRs6LF5oJfJ3RXmaU2vqgDKgN6RtVNFSngCOePB7UgzcWriaVCmno2TZH8K/aLfYlodu1tQ8f4D8Vyi9jYBL3gRoyrBeeE+U8taj/uqA07mvLCuSSuPgbQSNe3hUATjgeym1JYSObjMphUmHg4zMc8jbip4SDMnGAiipf4w3tDyaVoCPaEWSGwOGD5I6PVw8Zi4IxOb787RFaMg23ImzQAd0COkV7004lIcjlkSuKvzDSAPB1zP8HwrraNINppExFMxbemhvmGiVsxPy3Jf0x5bQ/ieJBtfrRnlFgiyx92sizOe/XI2MiuSlqMgXakTL2twLAggnz/YZ53c1G5sDDmWOa8eVYTp5+xD5oiZP9hSHc/5Mid2tK1U9dLyV3/ynF5bOPOht61U/HfFJTsSxT6fOue4anagHkwAXgoHLDMH1JS9zyp7ND661W,iv:yVDLiw9WIuIOm08B+CmbO/hHXZ6NCno+57OD6myzDYg=,tag:eKu7dLN2N3hFu+CmsMy7Vw==,type:str]
+sshconfig: ENC[AES256_GCM,data:/sDTGVeYRjxF5Epp5kmVS0ScSYOqOs2grX0+Ap8HJc8CQftpNOYXNYdEyqLDMc5g5ualaO4iKg4sQ76J4j9ZPugt4iprIvOo2Uxmu7KRU47Z8SNwrrMNpv6x/XA2P6r261e/e/pOHyrmiFfV/I5Km9IwGqY5TWbEhvjx8qyRO2bQDIdffI1L1ZWJGC9ZOZ4o5RJCr2xB+qxLLI2pl8qHZhvfZlGHnyHw5ne0RfAFubIrW4nQJTamoaGHZqWro4tVSfXAEb+9IsYCc1aj3MehVdV8PUQ38/LxL2MAQTt9bs7sHLf9DmxZ6rGPWmpJ+IRoQbP1PA65tobFOd+Kf13XvWymNUcQpQFHDj0vpvDONxIikO+vj2T7SteRRPy+38UPdB8jrHfQ1JrGbxUQIrWOWeD3S44lINmquIMclJQ26zf6nvklXR7xCuzNAvmjublsnYK+CGDkt/ap/kDD7nCuQYYY,iv:VX55dyt2N80LJPDYoUES7ZWJjlqVyQrUQWvOQ/yItBc=,tag:6NlHwy0SqJ40+ltQHzmX7g==,type:str]
 github-key: ENC[AES256_GCM,data:xUgFMlBo8e+3eXqNscxbby1dWug3SgUagDiNUe/IGVbU6cczkaJ3uOaB0OuRBQ8AYhOLkzXj0pIKjUrElHwmYrhURtS1aF4SFEGJsjhhobNA//j3E2/5/nLVjfco+lRzyHdwmsNhEUCqEhsXrrodJMb39H4b5oip3z0rjc729YveiWUKQxXVZVPurp3nq9yNnix9R4CA6XYFRW6T6MNqgPD5qhbcDlhxLb/SN+uI5h+5eZIS24VDWlKaTaCLL5KLhZmfuA37SquOQ+edi9Yg8MnfrZkMrp/3qmAjP2rSQLMOc4QdQCLQBQSf0/snpydgLwY+FoJmMSztwtkqUdIZWOfDUJbJxegEOrAR68jLTNbp+GYiDn3thtOZDiK5p/M1amjCT+A9qeFMed5WS+aZHNTRbR9UcfiP6+48MGZFt1mr7q+/CoL04/DTp0w6tUf6/SZD31NvTJDqngkhpc0ZH9Dh5+2JcnBWpq25AM36kZTn1hIQCLNTr/oGWZXSLA2tksAhQCaUcFj4IIh6Bl96,iv:GEJsAs5NriwENYTV/VShgJF6iMmrtTwNiXOvfXyEP8E=,tag:nfZgsFqaet075GjQAoVZxQ==,type:str]
 gitlab-key: ENC[AES256_GCM,data:6271Tg7LIJsXAw7Co32vva+iUWv+eRAfVfXaGkoirHxiPTAgZfq8yDpGJwti2D/aFnLvbURcUgp3B5zy1aURu9puXi6QMu3orJOE2Zx0dX3lyeHyIhOZ1hAWsQxwBDkJYODuMZbIKHNrF26Mkk6smFF9SrGoADZGxY7XSou/iopw6yrLvQAXP6lN55PQvoP5/ek/QzKNwjJAbAjp7FjjtPqPUbUdj7bfIfr9avs6gpRYnRzb2H3auyhb5qvyuRWnKu4+FeZUofC7HnfRU1eSI8UzG49Rg4f2b1Xqr0JtsjvEmuRx7lbptINXEAjW7zaSZ2B9NgotWPIzkNZRNZkuTEaOulBf5iH3wJ9GM1FcbUu2gpCt6y+CMIk5QkVvETYtKuALLbcPx9/sc90doiH1411LeKQCs5l88BBILG9KPkKmXiGGUVNxzFtjbRYQIUEmmyl95kPPEdCkkzGzHXNfE3F9HRu4MCGKPK2yZPZtCXd3Jp1b21wKSIRNYqLqxru+J8eLSljd3czO0SuTG/Vx,iv:E+y3aVLaiStlPLTQBqyfJuEXtAQyOvDUYS+XfuOHuA0=,tag:6d1IAsGcmcpgL1pE9dDcbw==,type:str]
 jack-key: ENC[AES256_GCM,data:VfCl3wH0MMBc8QDyjLDFeSvzSEsf7uGpfJvRjFrmjW+bPRUXBpZhJV8a9VQIAz7z7zZXvzARMfCeI0ydyC57CW81GH5/H5pneJ4b+xreINjVfdLbL1nC1thelo/O64jda/L+xVKhgE+QQi8/zt4JmXGghkP+74nYcTTaMpmcbgWw354J1ybXqyCEY+88nsJ1d2s+M7M2bplx4fGb7sLUs6sqdsad3sENzhH/0HQCFXreHTtgsLbIs8ccmdRgFNKM8/wD0OoW76rOQsJoA9JY4yOTQNVoX5M8+Olj6+wVlt6QBrWrYRuEztGnHrHvzxiHXtmEkMwVNfoPpEflQyRYRa0rVp/66REOkMckGx6/LbxKFgrxnifRlsK3kWd28v2bRGVQOghUluYUtVkaJ+eh6o6ik0NQKx8/H6BznBSDE6MjDwbLv434LHBfDtAqhWN1eMbOlunFivsl5Hb/6rl9kydHlcCS6FY8cUHoKQ90gDaUuDrvUifwmdO5hU0GH5tgvGi1ReK9ndcpQsrHptG6,iv:oC1xU5Tu3The105VYRmxIw4kEwDoqe8T/EH6mmqpqwQ=,tag:Pu8c536u6W7ALrqjRsvXDw==,type:str]
@@ -17,8 +17,8 @@ sops:
             cmVxVC8rVDlWMUdZaGw3bmdOaWZGS1EKYahBlc8XpB5UdKZQkvxbLcKQ/xkFJjWo
             FSfQWnjhe/a7BJtJEcKZkjOQU0mYqlSu+uT2RA9diCQeRUJPRF+nAw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-20T15:42:14Z"
-    mac: ENC[AES256_GCM,data:EEHDEwSd8PJqujX5oMxaYhWJKci8BJLbSFUEOVT8M+/jYDhIosLJawcoX1IXPBy3Dj65xQ35WMnQ70q/xUzQaW1nAx/auiMyVS++1DWv1Jxx5KkvCEz7TbqH12/Sbe6F1Li4MUBTETuiQwn89mlDAmWLM4fFcqx2I6twdFiFH+0=,iv:oda5u/4kB8o9nJqHIufWVBkREbD17cp/mRqHNYTJIwY=,tag:+mcI40OHz0eQV/C1/nJt9Q==,type:str]
+    lastmodified: "2024-08-22T13:06:39Z"
+    mac: ENC[AES256_GCM,data:og4QkXzbYu26vAA+0TDtuGbZGVOwNxXYK7Kh8zHqZsCOriJmA6FsPLkmqiJ46xiA1D9SDneE5utyiV2mhkmwIUKYKZGZGB+GnPCg5iF9PvLUI7M7UkLpAXXxdiCYHa7QecRMNtU64SW8tRKs46ujsR1c1eBeFsv2kKifIOshTS8=,iv:x8D22vy+4bwgNxWbIBQ/YOFDXr/rpqC4sn0eKkFLpA0=,tag:gjg35ATdp6uC8qJ18htZog==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.0

hosts/modules/grub.nix

@@ -0,0 +1,10 @@
+{ pkgs, ... }: {
+  boot = {
+    loader.grub.enable = true;
+    loader.grub.device = "/dev/sda";
+    loader.grub.useOSProber = true;
+    tmp.cleanOnBoot = true;
+    kernelPackages =
+      pkgs.linuxPackages_latest; # _zen, _hardened, _rt, _rt_latest, etc.
+  };
+}

hosts/modules/tuigreet.nix

@@ -26,4 +26,8 @@
     TTYVHangup = true;
     TTYVTDisallocate = true;
   };
+
+  # To prevent getting stuck at shutdown
+  systemd.extraConfig = "DefaultTimeoutStopSec=10s";
+
 }

hosts/server/configuration.nix

@@ -1,17 +1,24 @@
-{ pkgs, config, ... }: {
+{ config, ... }: {
   imports = [
     ./hardware-configuration.nix
     ./variables.nix
-    ../modules/usb.nix
+
+    ../modules/grub.nix
+    ../modules/timezone.nix
+    ../modules/utils.nix
+    ../modules/users.nix
+    ../modules/zsh.nix
+    ../modules/nix.nix
+    ../modules/auto-upgrade.nix
 
     # internal
     ./modules/internal/security.nix
     ./modules/internal/openssh.nix
-    ./modules/internal/adguard.nix
-    ./modules/internal/cockpit.nix
+    # ./modules/internal/adguard.nix # TODO
+    # ./modules/internal/cockpit.nix
 
     # exposed
-    ./modules/exposed/ntfy-sh.nix
+    # ./modules/exposed/ntfy-sh.nix
     ./modules/exposed/tailscale.nix
     ./modules/exposed/kuma.nix
     ./modules/exposed/cloudflare-dyndns.nix
@@ -20,111 +27,15 @@
     ./modules/exposed/vaultwarden.nix
     ./modules/www
 
-    # jackflix
-    ./modules/jackflix
-
     ./secrets
   ];
 
-  # Bootloader.
-  boot = {
-    loader.grub.enable = true;
-    loader.grub.device = "/dev/sda";
-    loader.grub.useOSProber = true;
-    tmp.cleanOnBoot = true;
-    kernelPackages =
-      pkgs.linuxPackages_latest; # _zen, _hardened, _rt, _rt_latest, etc.
-  };
-
   virtualisation.docker.enable = true;
 
-  # Networking
-  networking = { hostName = config.var.hostname; };
-
-  # Timezone and locale
-  time.timeZone = config.var.timeZone;
-  i18n.defaultLocale = config.var.defaultLocale;
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = config.var.extraLocale;
-    LC_IDENTIFICATION = config.var.extraLocale;
-    LC_MEASUREMENT = config.var.extraLocale;
-    LC_MONETARY = config.var.extraLocale;
-    LC_NAME = config.var.extraLocale;
-    LC_NUMERIC = config.var.extraLocale;
-    LC_PAPER = config.var.extraLocale;
-    LC_TELEPHONE = config.var.extraLocale;
-    LC_TIME = config.var.extraLocale;
-  };
-
-  # Users
   users.users.${config.var.username} = {
-    isNormalUser = true;
-    description = "${config.var.username} account";
-    extraGroups = [ "wheel" ];
     openssh.authorizedKeys.keys = [ config.var.sshPublicKey ];
   };
 
-  services = {
-    xserver = {
-      enable = true;
-      xkb.layout = config.var.keyboardLayout;
-      xkb.variant = "";
-    };
-    gnome.gnome-keyring.enable = true;
-  };
-  console.keyMap = config.var.keyboardLayout;
-
-  # Shell
-  programs.zsh = {
-    enable = true;
-    loginShellInit = ''
-      dbus-update-activation-environment --systemd DISPLAY
-    '';
-  };
-  users.defaultUserShell = pkgs.zsh;
-
-  nix = {
-    settings = {
-      auto-optimise-store = true;
-      experimental-features = [ "nix-command" "flakes" ];
-      substituters = [ "https://hyprland.cachix.org" ];
-      trusted-public-keys = [
-        "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
-      ];
-    };
-    gc = if config.var.autoGarbageCollector then {
-      automatic = true;
-      persistent = true;
-      dates = "weekly";
-      options = "--delete-older-than 7d";
-    } else
-      { };
-  };
-
-  nixpkgs.config.allowUnfree = true;
-
-  system.autoUpgrade = if config.var.autoUpgrade then {
-    enable = true;
-    dates = "04:00";
-    flake = "${config.var.configDirectory}";
-    flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ];
-    allowReboot = false;
-  } else
-    { };
-
-  services.libinput.enable = true;
-  programs.dconf.enable = true;
-
-  # Faster rebuilding
-  documentation = {
-    enable = true;
-    doc.enable = false;
-    man.enable = true;
-    dev.enable = false;
-  };
-
-  services.dbus.enable = true;
-
   # Don't touch this
   system.stateVersion = "24.05";
 }

hosts/server/modules/exposed/cloudflare-dyndns.nix

@@ -8,12 +8,10 @@
       "vault.anotherhadi.com"
       "anotherhadi.com"
       "www.anotherhadi.com"
-      "test.anotherhadi.com"
       "jack.anotherhadi.com"
       "ntfy.anotherhadi.com"
       "home.anotherhadi.com"
       "kuma.anotherhadi.com"
-      "start.anotherhadi.com"
     ];
     proxied = true;
     apiTokenFile = "/etc/cloudflare/apiToken";

hosts/server/modules/exposed/nextcloud.nix

@@ -12,7 +12,7 @@ in {
     };
     settings = {
       trusted_domains =
-        [ "localhost" "127.0.0.1" "192.168.2.23" "cloud.anotherhadi.com" ];
+        [ "localhost" "127.0.0.1" "192.168.1.99" "cloud.anotherhadi.com" ];
     };
     nginx.recommendedHttpHeaders = true;
     extraApps = {

hosts/server/modules/www/default.nix

@@ -2,6 +2,6 @@
   imports = [ ./home.anotherhadi.com.nix ./anotherhadi.com.nix ];
 
   services.nginx.virtualHosts = {
-    "test.anotherhadi.com" = { root = "/var/www/test"; };
+    # "test.anotherhadi.com" = { root = "/var/www/test"; };
   };
 }

hosts/server/variables.nix

@@ -18,14 +18,14 @@
       email = "112569860+anotherhadi@users.noreply.github.com";
     };
 
-    stateVersion = "24.05";
-
     autoUpgrade = false;
     autoGarbageCollector = false;
     sops = true;
-    obsidian = false;
     tailscale = true;
 
+    usbguard = false;
+    usbguardRules = "";
+
     sshPublicKey =
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPG9SE80ZyBcXZK/f5ypSKudaM5Jo3XtQikCnGo0jI5E hadi@nixy";