hyprland: disable VRR

Flake lock file updates:

• Updated input 'hyprland':
    'github:hyprwm/Hyprland/aa6a78f0a4e17c49ed4aff8b58c3f7ec7ef0408f?narHash=sha256-4HK2kvyeAO/6kNKGanvP8mg4nEeDwke%2Bd3eozz3QmOQ%3D' (2025-08-13)
  → 'github:hyprwm/Hyprland/60d769a89908c29e19100059985db15a7b6bab6a?narHash=sha256-VI%2BZPD/uIFjzYW8IcyvBgvwyDIvUe4/xh/kOHTbITX8%3D' (2025-08-14)
• Updated input 'hyprland-plugins':
    'github:hyprwm/hyprland-plugins/984669ebb57f0d17f271598e82e1d2ab55296f20?narHash=sha256-GHN5Yq/zyexUkffW0tUPrGgHljlYfJZgzrxd/3S9ASI%3D' (2025-08-11)
  → 'github:hyprwm/hyprland-plugins/c1ddebb423acc7c88653c04de5ddafee64dac89a?narHash=sha256-wrP8TM2lb2x0%2BPyTc7Uc3yfVBeIlYW7%2BhFeG14N9Cr8%3D' (2025-08-14)

flake.lock

@@ -8,11 +8,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1750173260,
+        "lastModified": 1754433428,
-        "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
+        "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
+        "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",
         "type": "github"
       },
       "original": {
@@ -41,11 +41,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750372185,
+        "lastModified": 1753216019,
-        "narHash": "sha256-lVBKxd9dsZOH1fA6kSE5WNnt8e+09fN+NL/Q3BjTWHY=",
+        "narHash": "sha256-zik7WISrR1ks2l6T1MZqZHb/OqroHdJnSnAehkE0kCk=",
         "owner": "hyprwm",
         "repo": "aquamarine",
-        "rev": "7cef49d261cbbe537e8cb662485e76d29ac4cbca",
+        "rev": "be166e11d86ba4186db93e10c54a141058bdce49",
         "type": "github"
       },
       "original": {
@@ -119,11 +119,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750903843,
+        "lastModified": 1754971456,
-        "narHash": "sha256-Ng9+f0H5/dW+mq/XOKvB9uwvGbsuiiO6HrPdAcVglCs=",
+        "narHash": "sha256-p04ZnIBGzerSyiY2dNGmookCldhldWAu03y0s3P8CB0=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "83c4da299c1d7d300f8c6fd3a72ac46cb0d59aae",
+        "rev": "8246829f2e675a46919718f9a64b71afe3bfb22d",
         "type": "github"
       },
       "original": {
@@ -135,11 +135,11 @@
     "firefox-gnome-theme": {
       "flake": false,
       "locked": {
-        "lastModified": 1748383148,
+        "lastModified": 1754312136,
-        "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=",
+        "narHash": "sha256-9veVYpPCwKNjIK5gOigl5nEUN6tmrSHXUv4bVZkRuOE=",
         "owner": "rafaelmardojai",
         "repo": "firefox-gnome-theme",
-        "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf",
+        "rev": "6f173d0873dd33c5653dee89a831af3e49db3e36",
         "type": "github"
       },
       "original": {
@@ -167,11 +167,11 @@
     "flake-compat_2": {
       "flake": false,
       "locked": {
-        "lastModified": 1696426674,
+        "lastModified": 1747046372,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
         "type": "github"
       },
       "original": {
@@ -199,11 +199,11 @@
     "flake-compat_4": {
       "flake": false,
       "locked": {
-        "lastModified": 1696426674,
+        "lastModified": 1747046372,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
         "type": "github"
       },
       "original": {
@@ -220,11 +220,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1749398372,
+        "lastModified": 1754091436,
-        "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
+        "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
+        "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd",
         "type": "github"
       },
       "original": {
@@ -387,11 +387,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750792728,
+        "lastModified": 1753592768,
-        "narHash": "sha256-Lh3dopA8DdY+ZoaAJPrtkZOZaFEJGSYjOdAYYgOPgE4=",
+        "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "366f00797b1efb70f2882d3da485e3c10fd3d557",
+        "rev": "fc3add429f21450359369af74c2375cb34a2d204",
         "type": "github"
       },
       "original": {
@@ -417,11 +417,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1749155331,
+        "lastModified": 1753964049,
-        "narHash": "sha256-XR9fsI0zwLiFWfqi/pdS/VD+YNorKb3XIykgTg4l1nA=",
+        "narHash": "sha256-lIqabfBY7z/OANxHoPeIrDJrFyYy9jAM4GQLzZ2feCM=",
         "owner": "hyprwm",
         "repo": "hyprcursor",
-        "rev": "45fcc10b4c282746d93ec406a740c43b48b4ef80",
+        "rev": "44e91d467bdad8dcf8bbd2ac7cf49972540980a5",
         "type": "github"
       },
       "original": {
@@ -446,11 +446,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750371717,
+        "lastModified": 1754305013,
-        "narHash": "sha256-cNP+bVq8m5x2Rl6MTjwfQLCdwbVmKvTH7yqVc1SpiJM=",
+        "narHash": "sha256-u+M2f0Xf1lVHzIPQ7DsNCDkM1NYxykOSsRr4t3TbSM4=",
         "owner": "hyprwm",
         "repo": "hyprgraphics",
-        "rev": "15c6f8f3a567fec9a0f732cd310a7ff456deef88",
+        "rev": "4c1d63a0f22135db123fc789f174b89544c6ec2d",
         "type": "github"
       },
       "original": {
@@ -475,11 +475,11 @@
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1750848152,
+        "lastModified": 1755184403,
-        "narHash": "sha256-m7DxFbU9YgPxFlQ6iH6zDreXT3IfUVxZZAdkdvN9yz8=",
+        "narHash": "sha256-VI+ZPD/uIFjzYW8IcyvBgvwyDIvUe4/xh/kOHTbITX8=",
         "owner": "hyprwm",
         "repo": "Hyprland",
-        "rev": "f4f090e4b2f9f0bba5408cbd135d2fff1990be1d",
+        "rev": "60d769a89908c29e19100059985db15a7b6bab6a",
         "type": "github"
       },
       "original": {
@@ -505,11 +505,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750799801,
+        "lastModified": 1755183521,
-        "narHash": "sha256-Oqn6gHIVfgkzzuigwNk9UZbgKdyzAzU/JoywB6z1O+M=",
+        "narHash": "sha256-wrP8TM2lb2x0+PyTc7Uc3yfVBeIlYW7+hFeG14N9Cr8=",
         "owner": "hyprwm",
         "repo": "hyprland-plugins",
-        "rev": "c1fdf38bfcd716130ce022cf21a1fca7582482d1",
+        "rev": "c1ddebb423acc7c88653c04de5ddafee64dac89a",
         "type": "github"
       },
       "original": {
@@ -598,11 +598,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750371812,
+        "lastModified": 1753819801,
-        "narHash": "sha256-D868K1dVEACw17elVxRgXC6hOxY+54wIEjURztDWLk8=",
+        "narHash": "sha256-tHe6XeNeVeKapkNM3tcjW4RuD+tB2iwwoogWJOtsqTI=",
         "owner": "hyprwm",
         "repo": "hyprland-qtutils",
-        "rev": "b13c7481e37856f322177010bdf75fccacd1adc8",
+        "rev": "b308a818b9dcaa7ab8ccab891c1b84ebde2152bc",
         "type": "github"
       },
       "original": {
@@ -627,11 +627,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750371198,
+        "lastModified": 1753622892,
-        "narHash": "sha256-/iuJ1paQOBoSLqHflRNNGyroqfF/yvPNurxzcCT0cAE=",
+        "narHash": "sha256-0K+A+gmOI8IklSg5It1nyRNv0kCNL51duwnhUO/B8JA=",
         "owner": "hyprwm",
         "repo": "hyprlang",
-        "rev": "cee01452bca58d6cadb3224e21e370de8bc20f0b",
+        "rev": "23f0debd2003f17bd65f851cd3f930cff8a8c809",
         "type": "github"
       },
       "original": {
@@ -652,11 +652,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750371096,
+        "lastModified": 1754481650,
-        "narHash": "sha256-JB1IeJ41y7kWc/dPGV6RMcCUM0Xj2NEK26A2Ap7EM9c=",
+        "narHash": "sha256-6u6HdEFJh5gY6VfyMQbhP7zDdVcqOrCDTkbiHJmAtMI=",
         "owner": "hyprwm",
         "repo": "hyprutils",
-        "rev": "38f3a211657ce82a1123bf19402199b67a410f08",
+        "rev": "df6b8820c4a0835d83d0c7c7be86fbc555f1f7fd",
         "type": "github"
       },
       "original": {
@@ -677,11 +677,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750371869,
+        "lastModified": 1751897909,
-        "narHash": "sha256-lGk4gLjgZQ/rndUkzmPYcgbHr8gKU5u71vyrjnwfpB4=",
+        "narHash": "sha256-FnhBENxihITZldThvbO7883PdXC/2dzW4eiNvtoV5Ao=",
         "owner": "hyprwm",
         "repo": "hyprwayland-scanner",
-        "rev": "aa38edd6e3e277ae6a97ea83a69261a5c3aab9fd",
+        "rev": "fcca0c61f988a9d092cbb33e906775014c61579d",
         "type": "github"
       },
       "original": {
@@ -751,11 +751,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1750837715,
+        "lastModified": 1754564048,
-        "narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=",
+        "narHash": "sha256-dz303vGuzWjzOPOaYkS9xSW+B93PSAJxvBd6CambXVA=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "98236410ea0fe204d0447149537a924fb71a6d4f",
+        "rev": "26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113",
         "type": "github"
       },
       "original": {
@@ -775,11 +775,11 @@
         "nixpkgs-25_05": "nixpkgs-25_05"
       },
       "locked": {
-        "lastModified": 1747965231,
+        "lastModified": 1755110674,
-        "narHash": "sha256-BW3ktviEhfCN/z3+kEyzpDKAI8qFTwO7+S0NVA0C90o=",
+        "narHash": "sha256-PigqTAGkdBYXVFWsJnqcirrLeFqRFN4PFigLA8FzxeI=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "53007af63fade28853408370c4c600a63dd97f41",
+        "rev": "f5936247dbdb8501221978562ab0b302dd75456c",
         "type": "gitlab"
       },
       "original": {
@@ -791,16 +791,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1745391562,
+        "lastModified": 1754028485,
-        "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",
+        "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
+        "rev": "59e69648d345d6e8fef86158c555730fa12af9de",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-unstable",
+        "ref": "nixos-25.05",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -823,11 +823,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1750776420,
+        "lastModified": 1755027561,
-        "narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=",
+        "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf",
+        "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3",
         "type": "github"
       },
       "original": {
@@ -854,11 +854,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1750365781,
+        "lastModified": 1754725699,
-        "narHash": "sha256-XE/lFNhz5lsriMm/yjXkvSZz5DfvKJLUjsS6pP8EC50=",
+        "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "08f22084e6085d19bcfb4be30d1ca76ecb96fe54",
+        "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054",
         "type": "github"
       },
       "original": {
@@ -870,11 +870,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1750838302,
+        "lastModified": 1754937576,
-        "narHash": "sha256-aVkL3/yu50oQzi2YuKo0ceiCypVZpZXYd2P2p1FMJM4=",
+        "narHash": "sha256-3sWA5WJybUE16kIMZ3+uxcxKZY/JRR4DFBqLdSLBo7w=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "7284e2decc982b81a296ab35aa46e804baaa1cfe",
+        "rev": "ddae11e58c0c345bf66efbddbf2192ed0e58f896",
         "type": "github"
       },
       "original": {
@@ -893,11 +893,11 @@
         "systems": "systems_5"
       },
       "locked": {
-        "lastModified": 1750512587,
+        "lastModified": 1754262585,
-        "narHash": "sha256-kZqTQEARUkkKDFhECd0MGU4wXCJcxCdh5WeM/yD6oI4=",
+        "narHash": "sha256-Yz5dJ0VzGRzSRHdHldsWQbuFYmtP3NWNreCvPfCi9CI=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "b04bcdcbba4aa648903e065ad1907a97d4f7aee9",
+        "rev": "ab1b5962e1ca90b42de47e1172e0d24ca80e6256",
         "type": "github"
       },
       "original": {
@@ -917,11 +917,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1749730855,
+        "lastModified": 1753771532,
-        "narHash": "sha256-L3x2nSlFkXkM6tQPLJP3oCBMIsRifhIDPMQQdHO5xWo=",
+        "narHash": "sha256-Pmpke0JtLRzgdlwDC5a+aiLVZ11JPUO5Bcqkj0nHE/k=",
         "owner": "NuschtOS",
         "repo": "search",
-        "rev": "8dfe5879dd009ff4742b668d9c699bc4b9761742",
+        "rev": "2a65adaf2c0c428efb0f4a2bc406aab466e96a06",
         "type": "github"
       },
       "original": {
@@ -940,11 +940,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1749636823,
+        "lastModified": 1754416808,
-        "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=",
+        "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "623c56286de5a3193aa38891a6991b28f9bab056",
+        "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864",
         "type": "github"
       },
       "original": {
@@ -962,11 +962,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750779888,
+        "lastModified": 1754416808,
-        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
+        "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
+        "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864",
         "type": "github"
       },
       "original": {
@@ -1000,11 +1000,11 @@
     "secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1750611706,
+        "lastModified": 1753994653,
-        "narHash": "sha256-bKhQ+lAaNtfpTUR3fysCdbnMfYT5PJ4diiM9EkHMdHI=",
+        "narHash": "sha256-kVd17w6oo9dbZfgZXMMPEssspp8vAr32G5U8VnfuIFc=",
         "ref": "refs/heads/master",
-        "rev": "ae16fda90546dde6c014a4f91a5443bce4dce234",
+        "rev": "e0cb8c5b8de3f61fbef13c80219715f2e3e5ffb5",
-        "revCount": 34,
+        "revCount": 39,
         "type": "git",
         "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
       },
@@ -1091,11 +1091,11 @@
     "thunderbird-gnome-theme": {
       "flake": false,
       "locked": {
-        "lastModified": 1732643121,
+        "lastModified": 1754507270,
-        "narHash": "sha256-i0Uo5EN45rlGuR85hvPet43zW/thOQTwHypVg9shTHU=",
+        "narHash": "sha256-zADBsXqIkxy519sK/2mnZ/lcTQSA/3iXwdkXCVNqUVY=",
         "owner": "rafaelmardojai",
         "repo": "thunderbird-gnome-theme",
-        "rev": "1994e7ec0649053e2a0811973245758d41e33f5f",
+        "rev": "a9ee1a2c8a1dfce700250a4ce3ce7f88dff43300",
         "type": "github"
       },
       "original": {
@@ -1150,11 +1150,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750372504,
+        "lastModified": 1753633878,
-        "narHash": "sha256-VBeZb1oqZM1cqCAZnFz/WyYhO8aF/ImagI7WWg/Z3Og=",
+        "narHash": "sha256-js2sLRtsOUA/aT10OCDaTjO80yplqwOIaLUqEe0nMx0=",
         "owner": "hyprwm",
         "repo": "xdg-desktop-portal-hyprland",
-        "rev": "400308fc4f9d12e0a93e483c2e7a649e12af1a92",
+        "rev": "371b96bd11ad2006ed4f21229dbd1be69bed3e8a",
         "type": "github"
       },
       "original": {

flake.nix

@@ -148,7 +148,8 @@
           buildInputs = [
             inputs.agenix.packages.${system}.agenix
             inputs.deploy-rs.packages.${system}.deploy-rs
-          ] ++ self.checks.${system}.pre-commit-check.enabledPackages;
+          ]
+          ++ self.checks.${system}.pre-commit-check.enabledPackages;
         };
       });
 
@@ -157,10 +158,12 @@
         autoRollback = true;
         sshUser = "root";
         nodes = lib.genAttrs [
+          "artemis"
           "mail"
           "pi"
           "skycam"
           "vps1"
+          "vps2"
         ] mkDeployNode;
       };
     };

hosts/artemis/README.md

@@ -0,0 +1,36 @@
+# Artemis
+
+## Overview
+Couch gaming PC and media centre
+
+## Specs
+* CPU - AMD Ryzen 7 9800X3D @ 4.70GHz
+* Chipset - AMD B850
+* Memory - 64 GB DDR5
+* Motherboard - ASUS ROG STRIX B850-I Gaming WiFi
+* GPU - AMD Radeon 7900 XTX
+* Case - MCPRUE Apollo S v4
+
+### Disks
+Device | Partitions _(filesystem, size, usage)_
+--- | ---
+WD Black SN850X | `/dev/nvme0n1p1` (EFI, 500 MiB, NixOS Boot) <br> `/dev/nvme0n1p2` (ZFS, 4 TiB, NixOS Root)
+
+#### ZFS pool layout
+```
+rpool/
+├── local
+│   ├── nix
+│   └── tmp
+├── system
+│   ├── root
+│   └── var
+└── user
+    └── home
+```
+
+See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind these datasets.
+
+### Networks
+- DHCP on `10.0.1.0/24` subnet.
+- Tailscale on `100.64.0.0/10` subnet. FQDN: `artemis.mesh.vimium.net`.

hosts/artemis/default.nix

@@ -0,0 +1,103 @@
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  inherit (lib)
+    getExe
+    mkForce
+    ;
+in
+{
+  imports = [
+    inputs.disko.nixosModules.disko
+    ./hardware-configuration.nix
+    ./disko-config.nix
+    ../desktop.nix
+  ];
+
+  nixpkgs = {
+    hostPlatform = "x86_64-linux";
+  };
+
+  boot.loader = {
+    systemd-boot = {
+      enable = true;
+      graceful = true;
+    };
+    efi.canTouchEfiVariables = true;
+  };
+
+  networking = {
+    hostId = "4f9a2b7e";
+    networkmanager.enable = mkForce false;
+  };
+
+  services.openssh.settings.PermitRootLogin = mkForce "prohibit-password";
+
+  users = {
+    users = {
+      root = {
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
+        ];
+      };
+    };
+  };
+
+  services.earlyoom = {
+    enable = true;
+    extraArgs = [
+      "-M"
+      "409600,307200"
+    ]
+    ++ (
+      if config.swapDevices.zramSwap.enable or false then
+        [
+          "-S"
+          "409600,307200"
+        ]
+      else
+        [ ]
+    );
+  };
+
+  services.sunshine = {
+    enable = false;
+    package = pkgs.unstable.sunshine;
+    capSysAdmin = true;
+  };
+
+  environment = {
+    systemPackages = [ pkgs.wine ];
+    sessionVariables.WINE_BIN = getExe pkgs.wine;
+  };
+
+  modules = {
+    services = {
+      borgmatic = {
+        enable = true;
+        directories = [
+          "/home/jordan/Documents"
+        ];
+        repoPath = "ssh://neafzrj7@neafzrj7.repo.borgbase.com/./repo";
+      };
+    };
+    system = {
+      wireless = {
+        enable = true;
+        interfaces = [ "wlp11s0" ];
+      };
+      desktop = {
+        gnome.enable = lib.mkForce false;
+        hyprland.enable = true;
+      };
+    };
+  };
+
+  system.stateVersion = "25.05";
+}

hosts/artemis/disko-config.nix

@@ -0,0 +1,118 @@
+{ ... }:
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_25115L4A0708";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "500M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            zfs = {
+              size = "100%";
+              content = {
+                type = "zfs";
+                pool = "rpool";
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      rpool = {
+        type = "zpool";
+        options = {
+          ashift = "12";
+        };
+        rootFsOptions = {
+          canmount = "off";
+          mountpoint = "none";
+          dnodesize = "auto";
+          xattr = "sa";
+        };
+        postCreateHook = "zfs snapshot rpool@blank";
+        datasets = {
+          local = {
+            type = "zfs_fs";
+            options = {
+              mountpoint = "none";
+            };
+          };
+          "local/nix" = {
+            type = "zfs_fs";
+            mountpoint = "/nix";
+            options = {
+              atime = "off";
+              mountpoint = "legacy";
+            };
+          };
+          "local/tmp" = {
+            type = "zfs_fs";
+            mountpoint = "/tmp";
+            options = {
+              setuid = "off";
+              devices = "off";
+              mountpoint = "legacy";
+            };
+          };
+          system = {
+            type = "zfs_fs";
+            mountpoint = "/";
+            options = {
+              mountpoint = "legacy";
+            };
+          };
+          "system/var" = {
+            type = "zfs_fs";
+            mountpoint = "/var";
+            options = {
+              mountpoint = "legacy";
+            };
+          };
+          "system/var/tmp" = {
+            type = "zfs_fs";
+            mountpoint = "/var/tmp";
+            options = {
+              devices = "off";
+              mountpoint = "legacy";
+            };
+          };
+          "system/var/log" = {
+            type = "zfs_fs";
+            mountpoint = "/var/log";
+            options = {
+              compression = "on";
+              acltype = "posix";
+              mountpoint = "legacy";
+            };
+          };
+          user = {
+            type = "zfs_fs";
+            options = {
+              mountpoint = "none";
+            };
+          };
+          "user/home" = {
+            type = "zfs_fs";
+            mountpoint = "/home";
+            options = {
+              setuid = "off";
+              devices = "off";
+              mountpoint = "legacy";
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/artemis/hardware-configuration.nix

@@ -0,0 +1,121 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+let
+  inherit (lib)
+    getExe
+    mkDefault
+    mkOverride
+    ;
+in
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  # Inspired by: https://github.com/Jovian-Experiments/Jovian-NixOS
+  boot = {
+    binfmt.registrations."DOSWin" = {
+      wrapInterpreterInShell = false;
+      interpreter = getExe pkgs.wine;
+      recognitionType = "magic";
+      offset = 0;
+      magicOrExtension = "MZ";
+    };
+    initrd = {
+      availableKernelModules = [
+        "xhci_pci"
+        "ehci_pci"
+        "nvme"
+        "usbhid"
+        "usb_storage"
+        "sd_mod"
+      ];
+      kernelModules = [
+        "amdgpu"
+      ];
+      supportedFilesystems = [ "zfs" ];
+    };
+    kernel.sysctl = {
+      "kernel.sched_cfs_bandwidth_slice_u" = mkDefault 3000;
+      "kernel.sched_latency_ns" = mkDefault 3000000;
+      "kernel.sched_min_granularity_ns" = mkDefault 300000;
+      "kernel.sched_wakeup_granularity_ns" = mkDefault 500000;
+      "kernel.sched_migration_cost_ns" = mkDefault 50000;
+      "kernel.sched_nr_migrate" = mkDefault 128;
+      "kernel.split_lock_mitigate" = mkDefault 0;
+
+      "net.ipv4.tcp_mtu_probing" = true;
+      "net.ipv4.tcp_fin_timeout" = mkDefault 5;
+
+      "vm.max_map_count" = mkOverride 999 2147483642;
+    };
+    kernelModules = [
+      "hid_nintendo"
+      "hid_playstation"
+      "kvm-amd"
+      "ntsync"
+    ];
+    kernelParams = [
+      "log_buf_len=4M"
+      "amdgpu.lockup_timeout=5000,10000,10000,5000"
+      "ttm.pages_min=2097152"
+      "amdgpu.sched_hw_submission=4"
+      "audit=0"
+    ];
+    kernelPackages = pkgs.linuxPackages_6_15;
+    supportedFilesystems = [ "ntfs" ];
+  };
+
+  hardware = {
+    bluetooth = {
+      enable = true;
+      powerOnBoot = true;
+      settings = {
+        General = {
+          MultiProfile = "multiple";
+          FastConnectable = true;
+          # enable experimental LL privacy, experimental offload codecs
+          KernelExperimental = "15c0a148-c273-11ea-b3de-0242ac130004";
+        };
+        LE = {
+          ScanIntervalSuspend = 2240;
+          ScanWindowSuspend = 224;
+        };
+      };
+    };
+    graphics = {
+      enable32Bit = true;
+      extraPackages = [
+        pkgs.gamescope-wsi
+        pkgs.vk-hdr-layer
+      ];
+      extraPackages32 = [ pkgs.pkgsi686Linux.gamescope-wsi ];
+    };
+    cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+    enableRedistributableFirmware = true;
+  };
+
+  powerManagement.cpuFreqGovernor = "schedutil";
+
+  services.udev.packages = [
+    (pkgs.writeTextFile {
+      name = "ntsync-udev-rules";
+      text = ''KERNEL=="ntsync", MODE="0660", TAG+="uaccess"'';
+      destination = "/etc/udev/rules.d/70-ntsync.rules";
+    })
+  ];
+
+  services.pulseaudio.enable = false;
+
+  services.xserver.videoDrivers = [ "amdgpu" ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

hosts/library/ai.nix

@@ -26,6 +26,7 @@
         ENABLE_OAUTH_ROLE_MANAGEMENT = "True";
         OAUTH_CLIENT_ID = clientId;
         OAUTH_PROVIDER_NAME = "Vimium";
+        OFFLINE_MODE = "True";
         OPENID_PROVIDER_URL = "https://auth.vimium.com/oauth2/openid/${clientId}/.well-known/openid-configuration";
         OPENID_REDIRECT_URI = "${publicUrl}/oauth/oidc/callback";
       };

hosts/library/nginx.nix

@@ -42,16 +42,14 @@
           ];
           locations."/" = {
             proxyPass = "http://localhost:8081";
-            extraConfig =
+            extraConfig = proxyConfig + ''
-              proxyConfig
+              # Disable proxy buffering for better streaming response from models
-              + ''
+              proxy_buffering off;
-                # Disable proxy buffering for better streaming response from models
-                proxy_buffering off;
 
-                # Increase max request size for large attachments and long audio messages
+              # Increase max request size for large attachments and long audio messages
-                client_max_body_size 20M;
+              client_max_body_size 20M;
-                proxy_read_timeout 10m;
+              proxy_read_timeout 10m;
-              '';
+            '';
           };
         };
         "jellyfin.vimium.com" = {
@@ -63,21 +61,20 @@
             }
           ];
           locations."/" = {
-            extraConfig =
+            extraConfig = ''
-              ''
+              # Proxy JellySearch first
-                # Proxy JellySearch first
+              if ($arg_searchTerm) {
-                if ($arg_searchTerm) {
+                proxy_pass http://localhost:5000;
-                  proxy_pass http://localhost:5000;
+                break;
-                  break;
+              }
-                }
 
-                proxy_pass http://localhost:8096;
+              proxy_pass http://localhost:8096;
-              ''
+            ''
-              + proxyConfig
+            + proxyConfig
-              + ''
+            + ''
-                proxy_set_header Range $http_range;
+              proxy_set_header Range $http_range;
-                proxy_set_header If-Range $http_if_range;
+              proxy_set_header If-Range $http_if_range;
-              '';
+            '';
           };
           locations."/metrics" = {
             return = "404";

hosts/odyssey/default.nix

@@ -39,7 +39,8 @@
 
   virtualisation = {
     libvirtd.enable = true;
-    lxd.enable = true;
+    # https://github.com/NixOS/nixpkgs/issues/422385
+    # lxd.enable = true;
   };
 
   services.sunshine = {

hosts/odyssey/hardware-configuration.nix

@@ -34,6 +34,9 @@
       powerOnBoot = true;
     };
     cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+    graphics = {
+      extraPackages = [ pkgs.vk-hdr-layer ];
+    };
     nvidia = {
       modesetting.enable = true;
       open = true;

hosts/skycam/default.nix

@@ -28,7 +28,7 @@
       enable = true;
       settings = {
         log.level = "debug";
-        streams.rpicam = "exec:${rpicam-vid} -v1 -t0 -o- --inline --width=4608 --height=2592 --framerate=14 --codec mjpeg --quality 90 --denoise=cdn_off --sharpness 1.25 --exposure long --gain 3";
+        streams.rpicam = "exec:${rpicam-vid} -v1 -t0 -o- --inline --flush=1 --width=4608 --height=2592 --framerate=1 --codec mjpeg --quality 90 --denoise=cdn_off --sharpness 1.25 --exposure long --gain 3";
       };
     };
 

hosts/vps1/coturn.nix

@@ -40,26 +40,25 @@ in
     };
   };
 
-  age.secrets =
+  age.secrets = {
-    {
+    "passwords/services/coturn/static-auth-secret" = {
-      "passwords/services/coturn/static-auth-secret" = {
+      file = "${inputs.secrets}/passwords/services/coturn/static-auth-secret.age";
-        file = "${inputs.secrets}/passwords/services/coturn/static-auth-secret.age";
+      owner = "turnserver";
-        owner = "turnserver";
+      group = "turnserver";
-        group = "turnserver";
+    };
-      };
+  }
-    }
+  // (
-    // (
+    if matrixIntegration then
-      if matrixIntegration then
+      {
-        {
+        "passwords/services/coturn/matrix-turn-config.yml" = {
-          "passwords/services/coturn/matrix-turn-config.yml" = {
+          file = "${inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age";
-            file = "${inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age";
+          owner = "matrix-synapse";
-            owner = "matrix-synapse";
+          group = "matrix-synapse";
-            group = "matrix-synapse";
+        };
-          };
+      }
-        }
+    else
-      else
+      { }
-        { }
+  );
-    );
 
   services.coturn = {
     enable = true;

hosts/vps1/default.nix

@@ -11,7 +11,6 @@
     ./kanidm.nix
     ./matrix.nix
     ./nginx.nix
-    ./outline.nix
     ./photoprism.nix
     ../server.nix
   ];

hosts/vps1/matrix.nix

@@ -63,96 +63,95 @@ in
     };
   };
 
-  services.nginx.virtualHosts =
+  services.nginx.virtualHosts = {
-    {
+    "${matrixSubdomain}" = {
-      "${matrixSubdomain}" = {
+      forceSSL = true;
-        forceSSL = true;
+      enableACME = true;
-        enableACME = true;
+      listen = [
-        listen = [
+        {
-          {
+          addr = "0.0.0.0";
-            addr = "0.0.0.0";
+          port = 443;
-            port = 443;
+          ssl = true;
-            ssl = true;
+        }
-          }
+        {
-          {
+          addr = "0.0.0.0";
-            addr = "0.0.0.0";
+          port = 80;
-            port = 80;
+        }
-          }
+        {
-          {
+          addr = "0.0.0.0";
-            addr = "0.0.0.0";
+          port = 8448;
-            port = 8448;
+          ssl = true;
-            ssl = true;
+        }
-          }
+        {
-          {
+          addr = "[::1]";
-            addr = "[::1]";
+          port = 443;
-            port = 443;
+          ssl = true;
-            ssl = true;
+        }
-          }
+        {
-          {
+          addr = "[::1]";
-            addr = "[::1]";
+          port = 80;
-            port = 80;
+        }
-          }
+        {
-          {
+          addr = "[::1]";
-            addr = "[::1]";
+          port = 8448;
-            port = 8448;
+          ssl = true;
-            ssl = true;
+        }
-          }
+      ];
-        ];
+      locations = {
-        locations = {
+        "/" = {
-          "/" = {
+          proxyPass = "http://localhost:8008";
-            proxyPass = "http://localhost:8008";
+          extraConfig = ''
-            extraConfig = ''
+            proxy_set_header X-Forwarded-For $remote_addr;
-              proxy_set_header X-Forwarded-For $remote_addr;
-            '';
-          };
-          "/_matrix" = {
-            proxyPass = "http://localhost:8008";
-            extraConfig = ''
-              proxy_set_header X-Forwarded-For $remote_addr;
-              client_max_body_size 50M;
-            '';
-          };
-          "/_synapse/client".proxyPass = "http://localhost:8008";
-        };
-      };
-      "${serverName}" =
-        let
-          mkWellKnown = data: ''
-            more_set_headers 'Content-Type: application/json';
-            return 200 '${builtins.toJSON data}';
           '';
-        in
-        {
-          locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig);
-          locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig);
         };
-    }
+        "/_matrix" = {
-    // (
+          proxyPass = "http://localhost:8008";
-      if useElement then
+          extraConfig = ''
-        {
+            proxy_set_header X-Forwarded-For $remote_addr;
-          "${elementSubdomain}" = {
+            client_max_body_size 50M;
-            forceSSL = true;
+          '';
-            enableACME = true;
+        };
-            root = pkgs.unstable.element-web.override {
+        "/_synapse/client".proxyPass = "http://localhost:8008";
-              conf = {
+      };
-                default_server_config = matrixClientConfig;
+    };
-                brand = "Vimium Chat";
+    "${serverName}" =
-                branding = {
+      let
-                  auth_header_logo_url = "https://vimium.com/images/logo.svg";
+        mkWellKnown = data: ''
-                  auth_footer_links = [
+          more_set_headers 'Content-Type: application/json';
-                    {
+          return 200 '${builtins.toJSON data}';
-                      "text" = "Vimium.com";
+        '';
-                      "url" = "https://vimium.com";
+      in
-                    }
+      {
-                  ];
+        locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig);
-                };
+        locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig);
+      };
+  }
+  // (
+    if useElement then
+      {
+        "${elementSubdomain}" = {
+          forceSSL = true;
+          enableACME = true;
+          root = pkgs.unstable.element-web.override {
+            conf = {
+              default_server_config = matrixClientConfig;
+              brand = "Vimium Chat";
+              branding = {
+                auth_header_logo_url = "https://vimium.com/images/logo.svg";
+                auth_footer_links = [
+                  {
+                    "text" = "Vimium.com";
+                    "url" = "https://vimium.com";
+                  }
+                ];
               };
             };
           };
-        }
+        };
-      else
+      }
-        { }
+    else
-    );
+      { }
+  );
 
   nixpkgs.config.permittedInsecurePackages = [
     "jitsi-meet-1.0.8043"
@@ -176,27 +175,25 @@ in
   );
 
   services.postgresql = lib.mkIf usePostgresql {
-    ensureUsers =
+    ensureUsers = [
-      [
+      {
-        {
+        name = "matrix-synapse";
-          name = "matrix-synapse";
-          ensureDBOwnership = true;
-        }
-      ]
-      ++ (lib.optional bridges.signal {
-        name = "mautrix-signal";
         ensureDBOwnership = true;
-      })
+      }
-      ++ (lib.optional bridges.whatsapp {
+    ]
-        name = "mautrix-whatsapp";
+    ++ (lib.optional bridges.signal {
-        ensureDBOwnership = true;
+      name = "mautrix-signal";
-      });
+      ensureDBOwnership = true;
-    ensureDatabases =
+    })
-      [
+    ++ (lib.optional bridges.whatsapp {
-        "matrix-synapse"
+      name = "mautrix-whatsapp";
-      ]
+      ensureDBOwnership = true;
-      ++ (lib.optional bridges.signal "mautrix-signal")
+    });
-      ++ (lib.optional bridges.whatsapp "mautrix-whatsapp");
+    ensureDatabases = [
+      "matrix-synapse"
+    ]
+    ++ (lib.optional bridges.signal "mautrix-signal")
+    ++ (lib.optional bridges.whatsapp "mautrix-whatsapp");
   };
 
   services.mautrix-signal = lib.mkIf bridges.signal {
@@ -216,6 +213,7 @@ in
         };
         mute_bridging = true;
       };
-    } // commonBridgeSettings "mautrix-whatsapp";
+    }
+    // commonBridgeSettings "mautrix-whatsapp";
   };
 }

hosts/vps1/nginx.nix

@@ -82,126 +82,125 @@ in
         maxSize = "100m";
       };
     };
-    virtualHosts =
+    virtualHosts = {
-      {
+      ## Static sites
-        ## Static sites
+      "chat.ai.vimium.com" = {
-        "chat.ai.vimium.com" = {
+        forceSSL = true;
-          forceSSL = true;
+        enableACME = true;
-          enableACME = true;
+        extraConfig = nginxErrorPages + nginxEdgeHeaders;
-          extraConfig = nginxErrorPages + nginxEdgeHeaders;
+        locations."/" = {
-          locations."/" = {
+          proxyPass = "http://localhost:8001";
-            proxyPass = "http://localhost:8001";
-            extraConfig = ''
-              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-              proxy_set_header X-Forwarded-Proto $scheme;
-              proxy_set_header X-Real-IP $remote_addr;
-              proxy_set_header Host $host;
-
-              proxy_http_version 1.1;
-              proxy_set_header Upgrade $http_upgrade;
-              proxy_set_header Connection "upgrade";
-
-              # Disable proxy buffering for better streaming response from models
-              proxy_buffering off;
-
-              # Increase max request size for large attachments and long audio messages
-              client_max_body_size 20M;
-              proxy_read_timeout 10m;
-            '';
-          };
-        };
-        "jellyfin.vimium.com" = {
-          forceSSL = true;
-          enableACME = true;
-          extraConfig = nginxErrorPages + nginxEdgeHeaders;
-          locations."/" = {
-            proxyPass = "http://localhost:8000";
-            extraConfig = ''
-              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-              proxy_set_header X-Forwarded-Proto $scheme;
-              proxy_set_header X-Real-IP $remote_addr;
-              proxy_set_header Host $host;
-
-              proxy_set_header Range $http_range;
-              proxy_set_header If-Range $http_if_range;
-
-              proxy_http_version 1.1;
-              proxy_set_header Upgrade $http_upgrade;
-              proxy_set_header Connection "upgrade";
-            '';
-          };
-        };
-        "jdholt.com" = {
-          forceSSL = true;
-          enableACME = true;
-          serverAliases = [ "www.jdholt.com" ];
-          extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
-          locations."/skycam" = {
-            root = "/var/www/jdholt.com";
-          };
-          locations."/skycam/snapshot.jpg" = {
-            extraConfig = ''
-              set $backend "skycam.mesh.vimium.net:1984";
-
-              resolver 100.100.100.100;
-
-              proxy_pass http://$backend/api/frame.jpeg?src=rpicam;
-              proxy_cache skycam_cache;
-              proxy_cache_valid any 10s;
-              proxy_ignore_headers Cache-Control Expires Set-Cookie;
-            '';
-          };
-          locations."/".return = "301 https://vimium.com$request_uri";
-        };
-        "pki.vimium.com" = {
-          addSSL = true;
-          forceSSL = false;
-          enableACME = true;
           extraConfig = ''
-            ${nginxErrorPages}
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            more_set_headers 'Server: Vimium';
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+
+            # Disable proxy buffering for better streaming response from models
+            proxy_buffering off;
+
+            # Increase max request size for large attachments and long audio messages
+            client_max_body_size 20M;
+            proxy_read_timeout 10m;
           '';
-          locations."/" = {
-            root = "/var/www/pki.vimium.com";
-          };
         };
-        "suhailhussain.com" = {
+      };
-          forceSSL = true;
+      "jellyfin.vimium.com" = {
-          enableACME = true;
+        forceSSL = true;
-          serverAliases = [ "www.suhailhussain.com" ];
+        enableACME = true;
-          extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
+        extraConfig = nginxErrorPages + nginxEdgeHeaders;
-          locations."/" = {
+        locations."/" = {
-            root = "/var/www/suhailhussain.com";
+          proxyPass = "http://localhost:8000";
-          };
+          extraConfig = ''
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+
+            proxy_set_header Range $http_range;
+            proxy_set_header If-Range $http_if_range;
+
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+          '';
         };
-        "vimium.com" = {
+      };
-          default = true;
+      "jdholt.com" = {
-          forceSSL = true;
+        forceSSL = true;
-          enableACME = true;
+        enableACME = true;
-          serverAliases = [ "www.vimium.com" ];
+        serverAliases = [ "www.jdholt.com" ];
-          extraConfig =
+        extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
-            nginxErrorPages
+        locations."/skycam" = {
-            + nginxEdgeHeaders
+          root = "/var/www/jdholt.com";
-            + nginxStrictHeaders
-            + ''
-              add_header Content-Security-Policy "default-src 'self' https://vimium.com https://www.vimium.com; style-src 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests" always;
-            '';
-          locations."/" = {
-            root = "/var/www/vimium.com";
-          };
         };
-      }
+        locations."/skycam/snapshot.jpg" = {
-      ## Redirects
+          extraConfig = ''
-      // (mkRedirect "h0lt.com" "jdholt.com")
+            set $backend "skycam.mesh.vimium.net:1984";
-      // (mkRedirect "jordanholt.xyz" "jdholt.com")
+
-      // (mkRedirect "omnimagic.com" "vimium.com")
+            resolver 100.100.100.100;
-      // (mkRedirect "omnimagic.net" "vimium.com")
+
-      // (mkRedirect "thelostlegend.com" "suhailhussain.com")
+            proxy_pass http://$backend/api/frame.jpeg?src=rpicam;
-      // (mkRedirect "vimium.co" "vimium.com")
+            proxy_cache skycam_cache;
-      // (mkRedirect "vimium.co.uk" "vimium.com")
+            proxy_cache_valid any 10s;
-      // (mkRedirect "vimium.info" "vimium.com")
+            proxy_ignore_headers Cache-Control Expires Set-Cookie;
-      // (mkRedirect "vimium.net" "vimium.com")
+          '';
-      // (mkRedirect "vimium.org" "vimium.com")
+        };
-      // (mkRedirect "vimium.xyz" "vimium.com");
+        locations."/".return = "301 https://vimium.com$request_uri";
+      };
+      "pki.vimium.com" = {
+        addSSL = true;
+        forceSSL = false;
+        enableACME = true;
+        extraConfig = ''
+          ${nginxErrorPages}
+          more_set_headers 'Server: Vimium';
+        '';
+        locations."/" = {
+          root = "/var/www/pki.vimium.com";
+        };
+      };
+      "suhailhussain.com" = {
+        forceSSL = true;
+        enableACME = true;
+        serverAliases = [ "www.suhailhussain.com" ];
+        extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
+        locations."/" = {
+          root = "/var/www/suhailhussain.com";
+        };
+      };
+      "vimium.com" = {
+        default = true;
+        forceSSL = true;
+        enableACME = true;
+        serverAliases = [ "www.vimium.com" ];
+        extraConfig =
+          nginxErrorPages
+          + nginxEdgeHeaders
+          + nginxStrictHeaders
+          + ''
+            add_header Content-Security-Policy "default-src 'self' https://vimium.com https://www.vimium.com; style-src 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests" always;
+          '';
+        locations."/" = {
+          root = "/var/www/vimium.com";
+        };
+      };
+    }
+    ## Redirects
+    // (mkRedirect "h0lt.com" "jdholt.com")
+    // (mkRedirect "jordanholt.xyz" "jdholt.com")
+    // (mkRedirect "omnimagic.com" "vimium.com")
+    // (mkRedirect "omnimagic.net" "vimium.com")
+    // (mkRedirect "thelostlegend.com" "suhailhussain.com")
+    // (mkRedirect "vimium.co" "vimium.com")
+    // (mkRedirect "vimium.co.uk" "vimium.com")
+    // (mkRedirect "vimium.info" "vimium.com")
+    // (mkRedirect "vimium.net" "vimium.com")
+    // (mkRedirect "vimium.org" "vimium.com")
+    // (mkRedirect "vimium.xyz" "vimium.com");
   };
 }

hosts/vps1/outline.nix

@@ -1,51 +0,0 @@
-{
-  inputs,
-  config,
-  ...
-}:
-let
-  domain = "outline.vimium.com";
-in
-{
-  services.nginx.virtualHosts = {
-    "${domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:3000";
-        extraConfig = ''
-          proxy_set_header Upgrade $http_upgrade;
-          proxy_set_header Connection "Upgrade";
-          proxy_set_header Host $host;
-
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header X-Scheme $scheme;
-          proxy_set_header X-Forwarded-Proto $scheme;
-          proxy_redirect off;
-        '';
-      };
-    };
-  };
-
-  age.secrets."passwords/services/outline/oidc-client-secret" = {
-    file = "${inputs.secrets}/passwords/services/outline/oidc-client-secret.age";
-    owner = "outline";
-    group = "outline";
-  };
-
-  services.outline = {
-    enable = true;
-    forceHttps = false;
-    oidcAuthentication = {
-      clientId = "outline";
-      clientSecretFile = config.age.secrets."passwords/services/outline/oidc-client-secret".path;
-      displayName = "Vimium";
-      authUrl = "https://auth.vimium.com/ui/oauth2";
-      tokenUrl = "https://auth.vimium.com/oauth2/token";
-      userinfoUrl = "https://auth.vimium.com/oauth2/openid/outline/userinfo";
-    };
-    publicUrl = "https://${domain}";
-    storage.storageType = "local";
-  };
-}

hosts/vps2/default.nix

@@ -0,0 +1,31 @@
+{
+  inputs,
+  ...
+}:
+
+{
+  imports = [
+    inputs.disko.nixosModules.disko
+    ./hardware-configuration.nix
+    ./disko-config.nix
+    ../server.nix
+  ];
+
+  nixpkgs = {
+    hostPlatform = "x86_64-linux";
+  };
+
+  networking = {
+    hostId = "60de4af8";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        22 # SSH
+      ];
+    };
+  };
+
+  modules.services.tailscale.isExitNode = true;
+
+  system.stateVersion = "25.05";
+}

hosts/vps2/disko-config.nix

@@ -0,0 +1,55 @@
+{ lib, ... }:
+{
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "2M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "300M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "pool";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/vps2/hardware-configuration.nix

@@ -0,0 +1,29 @@
+{
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "ata_piix"
+        "uhci_hcd"
+        "xen_blkfront"
+        "vmw_pvscsi"
+      ];
+      kernelModules = [ "nvme" ];
+    };
+    loader.grub = {
+      efiSupport = true;
+      efiInstallAsRemovable = true;
+    };
+    tmp.cleanOnBoot = true;
+  };
+
+  zramSwap.enable = true;
+}

modules/nixos/services/tailscale.nix

@@ -17,6 +17,14 @@ in
       default = false;
       example = true;
     };
+    isExitNode = lib.mkOption {
+      default = false;
+      example = true;
+    };
+    useExitNode = lib.mkOption {
+      default = false;
+      example = true;
+    };
     restrictSSH = lib.mkOption {
       default = true;
       example = true;
@@ -37,7 +45,8 @@ in
       extraUpFlags = [
         "--login-server"
         headscale
-      ];
+      ]
+      ++ (if cfg.isExitNode then [ "--advertise-exit-node" ] else [ ]);
     };
 
     services.openssh.openFirewall = !cfg.restrictSSH;

pkgs/libcamera-rpi/package.nix

@@ -24,11 +24,9 @@ libcamera.overrideAttrs (old: {
     ./patches/libcamera-no-timeout.patch
   ];
 
-  postPatch =
+  postPatch = old.postPatch + ''
-    old.postPatch
+    patchShebangs src/py/libcamera
-    + ''
+  '';
-      patchShebangs src/py/libcamera
-    '';
 
   preBuild = ''
     ninja src/ipa-priv-key.pem

pkgs/vk-hdr-layer/package.nix

@@ -0,0 +1,44 @@
+{
+  stdenv,
+  fetchFromGitHub,
+  lib,
+  meson,
+  ninja,
+  pkg-config,
+  vulkan-headers,
+  vulkan-loader,
+  wayland-scanner,
+  wayland,
+  xorg,
+}:
+stdenv.mkDerivation (finalAttrs: {
+  pname = "vk-hdr-layer";
+  version = "303e0c69e1d33acd95158d92b1fc652fb5b85399";
+
+  src = fetchFromGitHub {
+    owner = "Zamundaaa";
+    repo = "VK_hdr_layer";
+    rev = "303e0c69e1d33acd95158d92b1fc652fb5b85399";
+    fetchSubmodules = true;
+    hash = "sha256-NsC44Ifl/fAHvFqP7NLrVZ71Y+x5mBEkv+r43HN5yn4=";
+  };
+
+  nativeBuildInputs = [
+    meson
+    ninja
+    pkg-config
+  ];
+  buildInputs = [
+    vulkan-headers
+    vulkan-loader
+    wayland
+    wayland-scanner
+    xorg.libX11
+  ];
+
+  meta = {
+    description = "Vulkan layer utilizing a small color management / HDR protocol for experimentation";
+    homepage = "https://github.com/Zamundaaa/VK_hdr_layer";
+    license = lib.licenses.mit;
+  };
+})

users/jordan/artemis.nix

@@ -0,0 +1,20 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+  imports = [
+    ./common/optional/graphical/firefox.nix
+    ./common/optional/graphical/fonts.nix
+    ./common/optional/graphical/hyprland
+    ./common/optional/graphical/mimeapps.nix
+  ];
+
+  home.packages = with pkgs; [
+    jellyfin-media-player
+    lutris
+    unstable.pcsx2
+    xemu
+  ];
+}

users/jordan/common/optional/graphical/fonts.nix

@@ -13,5 +13,6 @@
     nerd-fonts.terminess-ttf
     nerd-fonts.ubuntu-mono
     sf-pro
+    vista-fonts
   ];
 }

users/jordan/common/optional/graphical/hyprland/default.nix

@@ -20,30 +20,29 @@ let
   concatMapAttrsStringSep =
     sep: f: attrs:
     concatStringsSep sep (attrValues (mapAttrs f attrs));
-  globalVariables =
+  globalVariables = {
-    {
+    _JAVA_AWT_WM_NONREPARENTING = "1";
-      _JAVA_AWT_WM_NONREPARENTING = "1";
+    GDK_BACKEND = "wayland";
-      GDK_BACKEND = "wayland";
+    MOZ_ENABLE_WAYLAND = "1";
-      MOZ_ENABLE_WAYLAND = "1";
+    NIXOS_OZONE_WL = "1";
-      NIXOS_OZONE_WL = "1";
+    QT_QPA_PLATFORM = "wayland";
-      QT_QPA_PLATFORM = "wayland";
+    QT_STYLE_OVERRIDE = "kvantum";
-      QT_STYLE_OVERRIDE = "kvantum";
+    QT_WAYLAND_DECORATION = "adwaita";
-      QT_WAYLAND_DECORATION = "adwaita";
+    QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
-      QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
+    SDL_VIDEODRIVER = "wayland";
-      SDL_VIDEODRIVER = "wayland";
+    XDG_SESSION_TYPE = "wayland";
-      XDG_SESSION_TYPE = "wayland";
+  }
-    }
+  // (
-    // (
+    if elem "nvidia" osConfig.services.xserver.videoDrivers then
-      if elem "nvidia" osConfig.services.xserver.videoDrivers then
+      {
-        {
+        GBM_BACKEND = "nvidia-drm";
-          GBM_BACKEND = "nvidia-drm";
+        GSK_RENDERER =
-          GSK_RENDERER =
+          if versionOlder osConfig.hardware.nvidia.package.version "570" then "ngl" else "vulkan";
-            if versionOlder osConfig.hardware.nvidia.package.version "570" then "ngl" else "vulkan";
+        LIBVA_DRIVER_NAME = "nvidia";
-          LIBVA_DRIVER_NAME = "nvidia";
+      }
-        }
+    else
-      else
+      { }
-        { }
+  );
-    );
   hyprVariables = {
     AQ_DRM_DEVICES = "/dev/dri/card0:/dev/dri/card1";
   };
@@ -111,6 +110,10 @@ in
         no_update_news = true;
       };
 
+      experimental = {
+        xx_color_management_v4 = true;
+      };
+
       decoration = {
         rounding = 10;
 
@@ -161,7 +164,10 @@ in
         ];
       };
 
-      monitor = "desc:Dell Inc. DELL U3219Q HPTP413, preferred, auto, 1";
+      monitor = [
+        "desc:Dell Inc. DELL U3219Q HPTP413, preferred, auto, 1, vrr, 0, bitdepth, 10, cm, hdr"
+        "desc:LG Electronics LG TV SSCR2, 3840x2160@60, 0x0, 1, vrr, 0, bitdepth, 10, cm, hdr"
+      ];
 
       input = {
         kb_layout = "us";

users/jordan/common/shell.nix

@@ -181,6 +181,7 @@ in
     btop
     fd
     jq
+    ncdu
     nix-zsh-completions
     nnn
     ripgrep

users/jordan/default.nix

@@ -42,7 +42,8 @@ in
       ./common/pass.nix
       ./common/shell.nix
       ./common/ssh.nix
-    ] ++ optional (builtins.pathExists hostFile) hostFile;
+    ]
+    ++ optional (builtins.pathExists hostFile) hostFile;
 
     home = {
       username = name;