upgrade system

machines/AMD-Workstation/boot.nix

@@ -3,7 +3,7 @@ let
   zfs_arc_max = toString (6 * 1024 * 1024 * 1024);
 in {
   boot = {
-    zfs.enableUnstable = true;
+    zfs.enableUnstable = false; # For now, unstable zfs will downgrade kernel
     kernelPackages = pkgs.linuxPackages_lqx;
 
     initrd = {

machines/Dell-Laptop/boot.nix

@@ -3,7 +3,7 @@ let
   zfs_arc_max = toString (2 * 1024 * 1024 * 1024);
 in {
   boot = {
-    zfs.enableUnstable = true;
+    zfs.enableUnstable = false; # For now, unstable zfs will downgrade kernel
     kernelPackages = pkgs.linuxPackages_lqx;
 
     initrd = {

modules/applications.nix

@@ -14,11 +14,11 @@ with config.deviceSpecific;
       };
 
       startupApplications = mkOption {
-        type = listOf path;
+        type = listOf str;
         description = "Applications to run on startup";
       };
     };
-  config = rec {
+  config = {
     defaultApplications = {};
   };
 }

profiles/applications/games/steam.nix

@@ -3,10 +3,10 @@
   programs.steam.extraCompatPackages = [
     pkgs.proton-ge
   ];
+  programs.gamescope.enable = true;
+  programs.gamescope.capSysNice = false;
 
-  startupApplications = [
-    "${pkgs.steam}/bin/steam"
-  ];
+  startupApplications = [ "steam" ];
 
   systemd.user.services.x11-ownership = {
     script = ''
@@ -23,6 +23,6 @@
     # Games configs
     ".config/WarThunder"
     ".local/share/BeamNG.drive"
-    ".local/share/Colossal Order/Cities_Skylines"
+    ".local/share/Colossal\\ Order/Cities_Skylines"
   ];
 }

profiles/hardware.nix

@@ -4,28 +4,23 @@ with config.deviceSpecific; {
   hardware.cpu.${devInfo.cpu.vendor}.updateMicrocode = true;
   hardware.enableRedistributableFirmware = true;
 
-  nixpkgs.config.packageOverrides = pkgs: {
-    vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
-  };
-
   hardware.opengl =  {
     enable = true;
     driSupport = true;
     driSupport32Bit = true;
     extraPackages = if devInfo.gpu.vendor == "intel" then [
       pkgs.intel-media-driver
+      pkgs.intel-vaapi-driver
+      pkgs.libvdpau-va-gl
     ] else if devInfo.gpu.vendor == "amd" then [
-      # pkgs.amdvlk
       pkgs.rocm-opencl-icd
       pkgs.rocm-opencl-runtime
     ] else [ ];
-    extraPackages32 = lib.mkIf (devInfo.gpu.vendor == "amd") [
-      # pkgs.driversi686Linux.amdvlk
-    ];
   };
   environment.sessionVariables = if (devInfo.gpu.vendor == "intel") then {
     GST_VAAPI_ALL_DRIVERS = "1";
     LIBVA_DRIVER_NAME = "iHD";
+    VDPAU_DRIVER = "va_gl";
   } else if (devInfo.gpu.vendor == "amd") then {
     AMD_VULKAN_ICD = "RADV";
   } else {};

profiles/nix/default.nix

@@ -1,6 +1,5 @@
-{ config, lib, pkgs, inputs,  ... }:
-with config.deviceSpecific; {
-  nix = rec {
+{ config, lib, pkgs, inputs,  ... }: {
+  nix = {
     nixPath = lib.mkForce [ "self=/etc/self/compat" "nixpkgs=/etc/nixpkgs" ];
 
     registry.self.flake = inputs.self;
@@ -31,6 +30,7 @@ with config.deviceSpecific; {
         "https://cache.ataraxiadev.com/ataraxiadev"
         "https://numtide.cachix.org"
         "https://devenv.cachix.org"
+        "https://ezkea.cachix.org"
       ];
       trusted-public-keys = [
         "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
@@ -41,6 +41,7 @@ with config.deviceSpecific; {
         "ataraxiadev:/V5bNjSzHVGx6r2XA2fjkgUYgqoz9VnrAHq45+2FJAs="
         "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
         "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
+        "ezkea.cachix.org-1:ioBmUbJTZIKsHmWWXPe1FSFbeVe+afhfgqgTSNd34eI="
       ];
       trusted-users = [ "root" config.mainuser "deploy" "@wheel" ];
       use-xdg-base-directories = true;

profiles/overlay.nix

@@ -36,18 +36,16 @@ with lib; {
         xray = master.xray;
         youtube-to-mpv = prev.callPackage ./packages/youtube-to-mpv.nix { term = config.defaultApplications.term.cmd; };
         yt-dlp = master.yt-dlp;
-        steam = master.steam.override {
+        steam = prev.steam.override {
           extraPkgs = pkgs: with pkgs; [ mono libkrb5 keyutils ];
         };
+        spotifywm = prev.spotifywm.override { spotify = pkgs.spotify-spotx; };
+        intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
 
         neatvnc = prev.neatvnc.overrideAttrs (oa: {
           patches = [ ../patches/neatvnc.patch ] ++ oa.patches or [ ];
         });
 
-        nix = inputs.nix.packages.${system}.default.overrideAttrs (oa: {
-          doInstallCheck = false;
-          patches = [ ./nix/doas.patch ] ++ oa.patches or [ ];
-        });
         nix-direnv = inputs.nix-direnv.packages.${system}.default.override { nix = final.nix; };
 
         pass-secret-service = prev.pass-secret-service.overrideAttrs (_: {
@@ -76,20 +74,7 @@ with lib; {
         yandex-taxi-py = prev.writers.writePython3 "yandex-taxi.py" {
           libraries = with prev.python3Packages; [ requests ];
         } ./packages/yandex-taxi-py.nix;
-
-		# can't build with nix 2.17
-        nixos-option = stable.nixos-option;
-        nil = stable.nil;
       }
     )
   ];
-
-  nixpkgs.config = {
-    allowUnfree = true;
-    android_sdk.accept_license = true;
-    # vscode-server requires nodejs_16
-    # permittedInsecurePackages = [
-    #   "nodejs-16.20.1"
-    # ];
-  };
 }

profiles/servers/authentik.nix

@@ -3,14 +3,15 @@ let
   backend = config.virtualisation.oci-containers.backend;
   data-dir = "/srv/authentik";
   pod-name = "authentik-pod";
+  pod-dns = "127.0.0.1";
   open-ports = [
     # authentik
-    "9000:9000/tcp" "9443:9443/tcp"
+    "127.0.0.1:9000:9000/tcp" "127.0.0.1:9443:9443/tcp"
     # ldap
-    "389:3389/tcp" "636:6636/tcp"
+    "127.0.0.1:389:3389/tcp" "127.0.0.1:636:6636/tcp"
   ];
   owner = "1000";
-  authentik-version = "2023.5.4";
+  authentik-version = "2023.8.3";
 in {
   secrets.authentik-env.services = [ "${backend}-authentik-server.service" ];
   secrets.authentik-ldap.services = [ "${backend}-authentik-ldap.service" ];
@@ -93,7 +94,7 @@ in {
   systemd.services."podman-create-${pod-name}" = let
     portsMapping = lib.concatMapStrings (port: " -p " + port) open-ports;
     start = pkgs.writeShellScript "create-pod" ''
-      podman pod exists ${pod-name} || podman pod create -n ${pod-name} ${portsMapping}
+      podman pod exists ${pod-name} || podman pod create -n ${pod-name} ${portsMapping} --dns ${pod-dns}
     '';
     stop = "podman pod rm -i -f ${pod-name}";
   in rec {

profiles/servers/nginx.nix

@@ -66,7 +66,7 @@ in {
         "joplin.ataraxiadev.com"
         "api.ataraxiadev.com"
         "fsync.ataraxiadev.com"
-        # "auth.ataraxiadev.com"
+        "auth.ataraxiadev.com"
         "sonarr.ataraxiadev.com"
         "radarr.ataraxiadev.com"
         "file.ataraxiadev.com"
@@ -79,6 +79,7 @@ in {
         "cache.ataraxiadev.com"
         "docs.ataraxiadev.com"
         "cal.ataraxiadev.com"
+        "wg.ataraxiadev.com"
         "wiki.ataraxiadev.com"
 
         "matrix.ataraxiadev.com"
@@ -98,9 +99,11 @@ in {
   services.nginx = {
     enable = true;
     group = "acme";
-    recommendedOptimisation = true;
+    recommendedBrotliSettings = true;
     recommendedGzipSettings = true;
+    recommendedOptimisation = true;
     recommendedTlsSettings = true;
+    recommendedZstdSettings = true;
     clientMaxBodySize = "250m";
     commonHttpConfig = ''
       proxy_hide_header X-Frame-Options;
@@ -344,14 +347,20 @@ in {
           extraConfig = proxySettings;
         };
       } // default;
-      # "auth.ataraxiadev.com" = {
-      #   locations."/" = {
-      #     proxyPass = "http://127.0.0.1:9000";
-      #     proxyWebsockets = true;
-      #     extraConfig = proxySettings;
-      #   };
-      # } // default;
+      "auth.ataraxiadev.com" = {
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:9000";
+          proxyWebsockets = true;
+          extraConfig = proxySettings;
+        };
+      } // default;
       "ldap.ataraxiadev.com" = default;
+      "wg.ataraxiadev.com" = {
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString config.services.headscale.port}";
+          proxyWebsockets = true;
+        };
+      } // default;
       "api.ataraxiadev.com" = {
         locations."~ (\\.py|\\.sh)$" = with config.services; {
           alias = "/srv/http/api.ataraxiadev.com";
@@ -377,7 +386,7 @@ in {
           proxyPass = "http://127.0.0.1:8190";
           extraConfig = proxySettings;
         };
-      };
+      } // default;
     };
   };
 

profiles/workspace/hyprland/default.nix

@@ -74,21 +74,17 @@ in with config.deviceSpecific; with lib; {
             col.active_border=0xAA${thm.base08-hex}
             col.inactive_border=0xAA${thm.base0A-hex}
             # layout=dwindle    # Available: dwindle, master, default is dwindle
-            # no_cursor_warps=true
             sensitivity=1
-            col.group_border=0xCC${thm.base0A-hex}
-            col.group_border_active=0xAA${thm.base08-hex}
+            col.nogroup_border=0xCC${thm.base0A-hex}
+            col.nogroup_border_active=0xAA${thm.base08-hex}
           }
           decoration {
-            # rounding=8
             rounding=0
-            multisample_edges=true
             active_opacity=0.92
             inactive_opacity=0.75
             fullscreen_opacity=1.0
             drop_shadow=true
             shadow_range=12
-            # shadow_render_power=int    # (1 - 4), in what power to render the falloff (more power, the faster the falloff)
             shadow_ignore_window=true
             col.shadow=0xAA${thm.base08-hex}
             shadow_offset=0 0

profiles/workspace/misc.nix

@@ -19,7 +19,6 @@ with config.deviceSpecific; {
   home-manager.users.${config.mainuser} = {
     news.display = "silent";
     systemd.user.startServices = true;
-    nixpkgs.config.allowUnfree = true;
     services.udiskie.enable = !isServer;
     services.gammastep = {
       enable = !isServer;
@@ -31,6 +30,9 @@ with config.deviceSpecific; {
     systemd.user.services.gammastep = {
       Install.WantedBy = lib.mkForce [];
     };
+    xdg.configFile."nixpkgs/config.nix".text = ''
+      { allowUnfree = true; android_sdk.accept_license = true; }
+    '';
   };
 
   systemd.services.systemd-timesyncd.wantedBy = [ "multi-user.target" ];

profiles/workspace/zsh/default.nix

@@ -82,6 +82,7 @@
           "latree" = "${pkgs.eza}/bin/eza -lahgFT@ --git";
           # "gif2webm" = "(){ ${pkgs.ffmpeg.bin}/bin/ffmpeg -i $1 -c:v libvpx-vp9 -crf 20 -b:v 0 $1.webm ;}";
           "t" = "${pkgs.translate-shell}/bin/trans";
+          "steam-gamescope" = "gamescope -b --steam -- steam -pipewire-dmabuf";
         };
         initExtra = ''
           setopt HIST_IGNORE_SPACE