[Gluetun] Switches to Wireguard config

[Wallabag] Adds wallabag
[Obelisk] Adds Reflex FRP binary caches to the system
2026-02-24 16:40:02 -08:00 · 2026-02-24 16:40:02 -08:00 · 2026-02-12 15:53:26 -08:00 · 2026-02-06 09:47:12 -08:00 · 2026-02-03 15:42:41 -08:00 · 2026-02-02 17:18:04 -08:00
35 changed files with 383 additions and 202 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -7,32 +7,32 @@
        ]
      },
      "locked": {
-        "lastModified": 1758463745,
-        "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
+        "lastModified": 1767910483,
+        "narHash": "sha256-MOU5YdVu4DVwuT5ztXgQpPuRRBjSjUGIdUzOQr9iQOY=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
+        "rev": "82fb7dedaad83e5e279127a38ef410bcfac6d77c",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-25.05",
+        "ref": "release-25.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1760580664,
-        "narHash": "sha256-/YdfibIrnqXAL8p5kqCU345mzpHoOtuVIkMiI2pF4Dc=",
+        "lastModified": 1767799921,
+        "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "98ff3f9af2684f6136c24beef08f5e2033fc5389",
+        "rev": "d351d0653aeb7877273920cd3e823994e7579b0b",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-25.05",
+        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
@@ -51,11 +51,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1760393368,
-        "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=",
+        "lastModified": 1767826491,
+        "narHash": "sha256-WSBENPotD2MIhZwolL6GC9npqgaS5fkM7j07V2i/Ur8=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437",
+        "rev": "ea3adcb6d2a000d9a69d0e23cad1f2cacb3a9fbe",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -2,11 +2,9 @@
  description = "System Configuration";

  inputs = {
-    nixpkgs = {
-      url = "github:nixos/nixpkgs?ref=nixos-25.05";
-    };
+    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11";
    home-manager = {
-      url = "github:nix-community/home-manager?ref=release-25.05";
+      url = "github:nix-community/home-manager?ref=release-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    sops-nix = {
@@ -16,7 +14,11 @@
  };

  outputs =
-    { self, nixpkgs, ... }@inputs:
+    {
+      self,
+      nixpkgs,
+      ...
+    }@inputs:
    let
      local = import ./lib;
      mkNixosConfig =
@@ -31,10 +33,12 @@
          modules = [
            home-manager.nixosModules.home-manager
            {
-              home-manager.useGlobalPkgs = true;
-              home-manager.useUserPackages = true;
-              home-manager.extraSpecialArgs = {
-                inherit inputs local;
+              home-manager = {
+                useGlobalPkgs = true;
+                useUserPackages = true;
+                extraSpecialArgs = {
+                  inherit inputs local;
+                };
              };
            }
            path
@@ -57,7 +61,7 @@
        };
      };
      features = {
-        development = (import ./home-manager/features/development/development.nix);
+        development = import ./home-manager/features/development/development.nix;
      };
    };
 }
--- a/home-manager/features/3d-printing.nix
+++ b/home-manager/features/3d-printing.nix
@@ -1,14 +1,40 @@
-{ pkgs, ... }:
+{
+  pkgs,
+  ...
+}:
+let
+  freecad-wrapped = pkgs.symlinkJoin {
+    name = "freecad-wrapped";
+    paths = [ pkgs.freecad ];
+    buildInputs = [ pkgs.makeWrapper ];
+    postBuild = ''
+      wrapProgram $out/bin/freecad \
+        --prefix MESA_LOADER_DRIVER_OVERRIDE : zink \
+        --prefix __EGL_VENDOR_LIBRARY_FILENAMES : ${pkgs.mesa}/share/glvnd/egl_vendor.d/50_mesa.json
+    '';
+  };
+
+  bambu-studio-wrapped = pkgs.symlinkJoin {
+    name = "bambu-studio-wrapped";
+    paths = [ pkgs.bambu-studio ];
+    buildInputs = [ pkgs.makeWrapper ];
+    postBuild = ''
+      wrapProgram $out/bin/bambu-studio \
+        --prefix MESA_LOADER_DRIVER_OVERRIDE : zink \
+        --prefix __EGL_VENDOR_LIBRARY_FILENAMES : ${pkgs.mesa}/share/glvnd/egl_vendor.d/50_mesa.json
+    '';
+  };
+in
 {

  home.packages = with pkgs; [
-    bambu-studio
+    bambu-studio-wrapped
    LycheeSlicer
    orca-slicer

    blender

-    freecad
+    freecad-wrapped
    openscad
  ];

--- a/home-manager/features/audio.nix
+++ b/home-manager/features/audio.nix
@@ -1,7 +1,41 @@
 { pkgs, ... }:
+with pkgs;
+let
+  # A script that runs as long as media is playing.
+  isMediaPlaying = writeShellApplication {
+    name = "isMediaPlaying";
+    runtimeInputs = [
+      playerctl
+    ];
+    text = ''
+      set -e
+
+      while [ "$(playerctl status)" = "Playing" ]; do
+        echo -n "."
+        sleep 1
+      done
+    '';
+  };
+  # A script that prevents the system from going to sleep while media is playing
+  mediaCaffeine = writeShellApplication {
+    name = "media-caffeine";
+    runtimeInputs = [
+      isMediaPlaying
+      systemd
+    ];
+    text = ''
+      set -e
+
+      systemd-inhibit --what=sleep --why="Media is playing" --mode=block isMediaPlaying
+    '';
+  };
+in
 {
  home.packages = with pkgs; [
    pulseaudio # for pactl and other tools
    pavucontrol # GUI volume control with lots of options
+
+    mediaCaffeine
  ];
+
 }
--- a/home-manager/features/chat.nix
+++ b/home-manager/features/chat.nix
@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ../apps/element.nix
+    ../apps/discord.nix
+  ];
+
+  home.packages = with pkgs; [
+    signal-desktop
+  ];
+}
--- a/home-manager/features/development/nix.nix
+++ b/home-manager/features/development/nix.nix
@@ -6,6 +6,7 @@

    nixfmt-rfc-style # Formatter
    nil # Language Server
+    statix # Lints and suggestions for Nix
  ];

  home.shellAliases = {
@@ -14,4 +15,3 @@
    rebuild-boot = "sudo nixos-rebuild boot --flake ~/system-config --show-trace --print-build-logs --verbose";
  };
 }
- 
--- a/home-manager/features/hyprland.nix
+++ b/home-manager/features/hyprland.nix
@@ -36,7 +36,7 @@

      "$terminal" = "foot";
      "$menu" = "rofi -show combi -combi-modes drun,ssh,run -theme ~/.config/rofi/launcher/style.rasi";
-      "$browser" = "librewolf";
+      "$browser" = "firefox --new-window";

      exec-once = [
        "nm-applet"
@@ -287,6 +287,7 @@
        "$mainMod, B, exec, $browser"
        "$mainMod, D, exec, $menu"
        "$mainMod + SHIFT, S, exec, hyprshot -m region --clipboard-only"
+        "$mainMod + CTRL + SHIFT, S, exec, hyprshot -m region -o ~/Pictures"
        "$mainMod, C, exec, swaync-client -t"

        "$mainMod + L_CONTROL, Q, exec, /home/drew/.config/rofi/powermenu/powermenu.sh"
--- a/home-manager/features/image-editing.nix
+++ b/home-manager/features/image-editing.nix
@@ -0,0 +1,7 @@
+{ pkgs, ... }:
+{
+  home.packages = with pkgs; [
+    gimp3
+    inkscape
+  ];
+}
--- a/home-manager/features/linux-desktop.nix
+++ b/home-manager/features/linux-desktop.nix
@@ -13,7 +13,6 @@
  home = {
    packages = with pkgs; [
      # Desktop Applications
-      signal-desktop
      gimp3

      # Common utilities
@@ -89,13 +88,13 @@
  xdg.mimeApps = {
    enable = true;
    defaultApplications = {
-      "text/html" = [ "librewolf.desktop" ];
-      "default-web-browser" = [ "librewolf.desktop" ];
-      "x-scheme-handler/http" = [ "librewolf.desktop" ];
-      "x-scheme-handler/https" = [ "librewolf.desktop" ];
-      "x-scheme-handler/about" = [ "librewolf.desktop" ];
-      "x-scheme-handler/unknown" = [ "librewolf.desktop" ];
+      "text/html" = [ "firefox.desktop" ];
+      "default-web-browser" = [ "firefox.desktop" ];
+      "x-scheme-handler/http" = [ "firefox.desktop" ];
+      "x-scheme-handler/https" = [ "firefox.desktop" ];
+      "x-scheme-handler/about" = [ "firefox.desktop" ];
+      "x-scheme-handler/unknown" = [ "firefox.desktop" ];
    };
  };
-  home.sessionVariables.DEFAULT_BROWSER = "${pkgs.librewolf}/bin/librewolf";
+  home.sessionVariables.DEFAULT_BROWSER = "${pkgs.firefox}/bin/firefox";
 }
--- a/home-manager/features/neovim/config/lazyvim.json
+++ b/home-manager/features/neovim/config/lazyvim.json
@@ -0,0 +1,18 @@
+{
+  "extras": [
+    "lazyvim.plugins.extras.coding.mini-comment",
+    "lazyvim.plugins.extras.coding.mini-surround",
+    "lazyvim.plugins.extras.editor.snacks_picker",
+    "lazyvim.plugins.extras.lang.astro",
+    "lazyvim.plugins.extras.lang.haskell",
+    "lazyvim.plugins.extras.lang.json",
+    "lazyvim.plugins.extras.lang.markdown",
+    "lazyvim.plugins.extras.lang.nix",
+    "lazyvim.plugins.extras.lang.rust",
+    "lazyvim.plugins.extras.lang.tailwind",
+    "lazyvim.plugins.extras.lang.toml",
+    "lazyvim.plugins.extras.lang.typescript"
+  ],
+  "install_version": 8,
+  "version": 8
+}
--- a/home-manager/features/neovim/config/lua/plugins/blink.lua
+++ b/home-manager/features/neovim/config/lua/plugins/blink.lua
@@ -31,7 +31,7 @@ return {
          cmp.show()
        end,
      },
-      ["<C-enter>"] = { "select_and_accept" },
+      ["<Tab>"] = { "select_and_accept", "snippet_forward", "fallback" },
    },
  },
 }
--- a/home-manager/features/neovim/config/lua/plugins/copilot.lua
+++ b/home-manager/features/neovim/config/lua/plugins/copilot.lua
@@ -1,14 +0,0 @@
-return {
-  {
-    "zbirenbaum/copilot.lua",
-    opts = {
-      filetypes = {
-        markdown = false,
-        help = false,
-      },
-      suggestion = {
-        enabled = false,
-      },
-    },
-  },
-}
--- a/home-manager/features/neovim/config/lua/plugins/disabled.lua
+++ b/home-manager/features/neovim/config/lua/plugins/disabled.lua
@@ -1,5 +1,5 @@
 return {
  -- Maeson installs it's own binaries that are incompatible with NixOS.
-  { "williamboman/mason.nvim", enabled = false },
-  { "williamboman/mason-lspconfig.nvim", enabled = false },
+  { "mason-org/mason.nvim", enabled = false },
+  { "mason-org/mason-lspconfig.nvim", enabled = false },
 }
--- a/home-manager/features/neovim/config/lua/plugins/lsp.lua
+++ b/home-manager/features/neovim/config/lua/plugins/lsp.lua
@@ -3,9 +3,14 @@ return {
    "neovim/nvim-lspconfig",
    opts = {
      servers = {
+        -- Lua
        lua_ls = {},
+        -- Nix
        nil_ls = {},
+        -- Typescript
        vtsls = {},
+        -- Haskell
+        hls = {},
      },
      codelens = {
        enable = true,
--- a/home-manager/features/neovim/config/lua/plugins/markdown.lua
+++ b/home-manager/features/neovim/config/lua/plugins/markdown.lua
@@ -1,3 +1,4 @@
+-- https://github.com/MeanderingProgrammer/render-markdown.nvim?tab=readme-ov-file#setup
 return {
  "MeanderingProgrammer/render-markdown.nvim",
  opts = {
--- a/home-manager/features/neovim/config/lua/plugins/mini.lua
+++ b/home-manager/features/neovim/config/lua/plugins/mini.lua
@@ -1,10 +1,38 @@
 return {
  {
-    "echasnovski/mini.surround",
+    "nvim-mini/mini.surround",
    enable = true,
+    keys = function(_, keys)
+      -- Populate the keys based on the user's options
+      local opts = LazyVim.opts("mini.surround")
+      local mappings = {
+        { opts.mappings.add, desc = "Add Surrounding", mode = { "n", "v" } },
+        { opts.mappings.delete, desc = "Delete Surrounding" },
+        { opts.mappings.find, desc = "Find Right Surrounding" },
+        { opts.mappings.find_left, desc = "Find Left Surrounding" },
+        { opts.mappings.highlight, desc = "Highlight Surrounding" },
+        { opts.mappings.replace, desc = "Replace Surrounding" },
+        { opts.mappings.update_n_lines, desc = "Update `MiniSurround.config.n_lines`" },
+      }
+      mappings = vim.tbl_filter(function(m)
+        return m[1] and #m[1] > 0
+      end, mappings)
+      return vim.list_extend(mappings, keys)
+    end,
+    opts = {
+      mappings = {
+        add = "gsa", -- Add surrounding in Normal and Visual modes
+        delete = "gsd", -- Delete surrounding
+        find = "gsf", -- Find surrounding (to the right)
+        find_left = "gsF", -- Find surrounding (to the left)
+        highlight = "gsh", -- Highlight surrounding
+        replace = "gsr", -- Replace surrounding
+        update_n_lines = "gsn", -- Update `n_lines`
+      },
+    },
  },
  {
-    "echasnovski/mini.comment",
+    "nvim-mini/mini.comment",
    enable = true,
  },
 }
--- a/home-manager/features/neovim/config/lua/plugins/obsidian.lua
+++ b/home-manager/features/neovim/config/lua/plugins/obsidian.lua
@@ -1,22 +1,7 @@
 return {
-  "epwalsh/obsidian.nvim",
+  "obsidian-nvim/obsidian.nvim",
  version = "*", -- recommended, use latest release instead of latest commit
-  lazy = true,
  ft = "markdown",
-  -- Replace the above line with this if you only want to load obsidian.nvim for markdown files in your vault:
-  -- event = {
-  --   -- If you want to use the home shortcut '~' here you need to call 'vim.fn.expand'.
-  --   -- E.g. "BufReadPre " .. vim.fn.expand "~" .. "/my-vault/*.md"
-  --   -- refer to `:h file-pattern` for more examples
-  --   "BufReadPre path/to/my-vault/*.md",
-  --   "BufNewFile path/to/my-vault/*.md",
-  -- },
-  dependencies = {
-    -- Required.
-    "nvim-lua/plenary.nvim",
-    -- For the picker
-    "nvim-telescope/telescope.nvim",
-  },
  opts = {
    workspaces = {
      {
--- a/home-manager/features/neovim/config/lua/plugins/snacks.lua
+++ b/home-manager/features/neovim/config/lua/plugins/snacks.lua
@@ -24,6 +24,17 @@ return {
            layout = { layout = { position = "right" } },
          },
        },
+        -- This only supports the Kitty graphics protocol.
+        -- See
+        -- https://github.com/folke/snacks.nvim/blob/main/docs/image.md
+        -- https://github.com/obsidian-nvim/obsidian.nvim/wiki/Images
+        -- image = {
+        --   resolve = function(path, src)
+        --     if require("obsidian.api").path_is_note(path) then
+        --       return require("obsidian.api").resolve_image_path(src)
+        --     end
+        --   end,
+        -- },
      },
    })
    Snacks.toggle({
--- a/home-manager/features/neovim/config/lua/plugins/surround.lua
+++ b/home-manager/features/neovim/config/lua/plugins/surround.lua
@@ -1,32 +0,0 @@
-- https://www.lazyvim.org/extras/coding/mini-surround#minisurround
-return {
-  "echasnovski/mini.surround",
-  keys = function(_, keys)
-    -- Populate the keys based on the user's options
-    local opts = LazyVim.opts("mini.surround")
-    local mappings = {
-      { opts.mappings.add, desc = "Add Surrounding", mode = { "n", "v" } },
-      { opts.mappings.delete, desc = "Delete Surrounding" },
-      { opts.mappings.find, desc = "Find Right Surrounding" },
-      { opts.mappings.find_left, desc = "Find Left Surrounding" },
-      { opts.mappings.highlight, desc = "Highlight Surrounding" },
-      { opts.mappings.replace, desc = "Replace Surrounding" },
-      { opts.mappings.update_n_lines, desc = "Update `MiniSurround.config.n_lines`" },
-    }
-    mappings = vim.tbl_filter(function(m)
-      return m[1] and #m[1] > 0
-    end, mappings)
-    return vim.list_extend(mappings, keys)
-  end,
-  opts = {
-    mappings = {
-      add = "gsa", -- Add surrounding in Normal and Visual modes
-      delete = "gsd", -- Delete surrounding
-      find = "gsf", -- Find surrounding (to the right)
-      find_left = "gsF", -- Find surrounding (to the left)
-      highlight = "gsh", -- Highlight surrounding
-      replace = "gsr", -- Replace surrounding
-      update_n_lines = "gsn", -- Update `n_lines`
-    },
-  },
-}
--- a/home-manager/features/neovim/default.nix
+++ b/home-manager/features/neovim/default.nix
@@ -9,6 +9,7 @@

    extraPackages = with pkgs; [
      gcc # For treesitter complation
+      tree-sitter # For treesitter binaries
      ripgrep # Search support
      wayclip # Clipboard support
      fd # finder for telescope
--- a/home-manager/features/notes.nix
+++ b/home-manager/features/notes.nix
@@ -58,8 +58,8 @@
          compression = "always";
        };
        proxima = {
-          id = "7FE67SC-2KQQWQD-OY5Q44O-WPIVQYG-WMWDBEH-SRABY4C-WD3L4AO-GDAYVAX";
-          name = "Pixel 6a";
+          id = "NWZL6LY-ULJQMZE-EWY3MQU-XPDAFQB-LTIBZV7-GPKIABJ-WBJE36F-SK6LVAY";
+          name = "Proxima";
          addresses = [
            "relay://syncthing.blazestar.net:22067"
          ];
--- a/secrets/mcp.yaml
+++ b/secrets/mcp.yaml
@@ -14,6 +14,8 @@ offen:
 traefik:
    oauth2-client-secret: ENC[AES256_GCM,data:p7/6OsN2ytBj8mQiK0YL7J6NYLtMHOXIIs/6+bIDpsU=,iv:k6jLZifJEFLYKSFMkyn/kA7iBE+EFB8O/3/3fyTh1SY=,tag:6s49O2+tdlZoXyAGEamuMQ==,type:str]
    oauth2-plugin-secret: ENC[AES256_GCM,data:sArqwKHAdW35o5kD7DGfXSYCXFUXqvKQdoVnXutsNLw=,iv:qWf597QS3BqkVQkeAb99HbpDB0kUhdD+qKdpUPZEB0o=,tag:vXnb93npaklItWkMZ+/M9Q==,type:str]
+protonvpn:
+    private_key: ENC[AES256_GCM,data:41pfbR1klj1F24v3HlCCA4ofW2sCEnyE5TH8iX4Ug8D+kmwstTaj5RG2Zz8=,iv:P6XyQnDVoOmdkP8ilBR9DyfqPZA6GsQ6VUwY/tSGhx4=,tag:Bzgdv29lbk/gYlADPZMGVA==,type:str]
 deploy-key:
    mcp: ENC[AES256_GCM,data:eQcX8xdz5qZ6nU8ISOvZo+ZtP4Z/ePd+/ZZReX1BKvTUqGQPPFxConbLMwFzvzpD6xAUbA1MLkcR/bT98QbNx6LJYlhbofuDUg2DI79RB0fcrAcj/wUV0YPhmgofUdYYDaimH5A2PSvtmKfB3CtKKuA5HNeLymoXeLEpFzbckkGhzPee/CHiUmxayogp6za6btsDJsiT8hdHbrzyD2S6fhMJrzX+PlRzT32M/6eaFuFWE8EUO1gbkRlNfKPXw/EM2GXWJfR4qXfN2YKIKigqrtlAAoxnrUbp5EBrn/hGHS2ZYZXeRUFr3avFjcI0bLX423PWRHAylfQCPxgYVEtbcRv11CAFmq4rfFl0ZdvnAKbTLNmWcrQNijBATZPaAdQzgKPDHs8pwPUFR9Tcg8pZNbzw0mK9kPolniAOL2PBKUHv6LP/uEkB1E6Pxc7yms0kGpeJyo7hrFVOiVAckCey+SI9dpbJMSB3md070I1xk6Ik7PywrWh2QDeUtOU1U28UkYgnJ/9MJelWsNlUX9SR,iv:oCNeanaV/7UZ3dhmq4ZmJUZ5hb61AnHpHCfskM2Jsm8=,tag:F2uJKN5beM/rfiBMSyUP7w==,type:str]
 matrix:
@@ -45,7 +47,7 @@ sops:
            by9aNFY4dXNxaWxnTXFTQS9reHhuQWMKh5rZ93nFtBV9EpFVRp+E+GXZ6xzVy2Jw
            vFh4deGcAb60q4odSaeWfk1Dr7L9Ua69oK9omjbCNUt+P7Kwlfca7Q==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-09-25T22:21:11Z"
-    mac: ENC[AES256_GCM,data:1Ru10z/hiMNgzgbBpzuo6jNi5eF87nNMfryurO75k9PvYzsOX4iUwDQf/PppP/YP/g73HJdYaGGEzE8YxaSDtOnmf5qbQe1+5rZmHSO/iIZr/rfV3nkGfqxE4TpPlR/NXB5ktToe7GB6BF1AXwbVIbjWe6Ymsi6Dy2e56Ml1x7k=,iv:v3GV7TL2+BHWETD0mtUBpM/B6vIjNgLiNn45boBjNUg=,tag:a4MplFxRfBF10iwxVGVUOA==,type:str]
+    lastmodified: "2026-02-25T00:28:13Z"
+    mac: ENC[AES256_GCM,data:hDmqObrtfoVkQqz8JPkqlyXMbiuyBophjdZNLvTFrZw3pAVNCuzsH4zxFBOaxJttkzLc65DWDHDeEIBY5YZam1GLFFXUQ5E3Dxno7hnyzOoM2ipgDTOacI0gbKJAWgGUF3LNDdqVoREA9LC91LoNUJoNmzpTSFtuLb7ORuwCrH4=,iv:8+W3n1Cr6woEiPU9ECaMYM64HNmFHr2AIw6UohCJi00=,tag:7drkZiPAUHaEx5PagXA9JQ==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.11.0
--- a/system/features/printing.nix
+++ b/system/features/printing.nix
@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+{
+  services.printing = {
+    enable = true;
+    drivers = [ pkgs.brlaser ];
+  };
+  hardware.printers = {
+    ensurePrinters = [
+      {
+        name = "Brother_HL-L2370DW_series";
+        location = "Home";
+        deviceUri = "dnssd://Brother%20HL-L2370DW%20series._ipp._tcp.local/?uuid=e3248000-80ce-11db-8000-3c2af4f28c38";
+        model = "drv:///brlaser.drv/brl2370d.ppd";
+        ppdOptions = {
+          PageSize = "Letter";
+        };
+      }
+    ];
+    ensureDefaultPrinter = "Brother_HL-L2370DW_series";
+  };
+}
--- a/system/features/web-containers.nix
+++ b/system/features/web-containers.nix
@@ -79,7 +79,7 @@
          }:
          let
            fqn = "${hostname}.${domain}";
-            serviceName = lib.strings.replaceChars [ "." ] [ "-" ] fqn;
+            serviceName = builtins.replaceStrings [ "." ] [ "-" ] fqn;
            routerRule = if public then hostRule hostname domain else localHostRule hostname domain;
            homepageLabels =
              if homepageOpts == { } then
@@ -109,17 +109,16 @@
              extraOptions
              ;
            autoStart = true;
-            labels =
-              {
-                "traefik.enable" = "true";
-                "traefik.http.routers.${serviceName}.rule" = "${routerRule}";
-                "traefik.http.routers.${serviceName}.service" = "${serviceName}";
-                "traefik.http.routers.${serviceName}.entrypoints" = "web,websecure";
-                "traefik.http.services.${serviceName}.loadbalancer.server.port" = "${toString port}";
-              }
-              // oauthLabels
-              // homepageLabels
-              // extraLabels;
+            labels = {
+              "traefik.enable" = "true";
+              "traefik.http.routers.${serviceName}.rule" = "${routerRule}";
+              "traefik.http.routers.${serviceName}.service" = "${serviceName}";
+              "traefik.http.routers.${serviceName}.entrypoints" = "web,websecure";
+              "traefik.http.services.${serviceName}.loadbalancer.server.port" = "${toString port}";
+            }
+            // oauthLabels
+            // homepageLabels
+            // extraLabels;
          };
      in
      builtins.mapAttrs mkContainer config.virtualisation.web-containers.containers
--- a/system/hosts/altair/drew.nix
+++ b/system/hosts/altair/drew.nix
@@ -8,6 +8,8 @@ in
 {
  imports =
    map (x: ../../../home-manager + x) [
+      "/features/astronomy.nix"
+      "/features/chat.nix"
      "/features/development/development.nix"
      "/features/development/docker.nix"
      "/features/development/haskell.nix"
@@ -16,6 +18,7 @@ in
      "/features/development/vscode.nix"
      "/features/eww"
      "/features/gaming.nix"
+      "/features/image-editing.nix"
      "/features/linux-desktop.nix"
      "/features/notes.nix"
      "/features/3d-printing.nix"
--- a/system/hosts/altair/hardware-configuration.nix
+++ b/system/hosts/altair/hardware-configuration.nix
@@ -13,38 +13,46 @@
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  # Bootloader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };

-  boot.initrd.availableKernelModules = [
-    "xhci_pci"
-    "ahci"
-    "nvme"
-    "usbhid"
-    "usb_storage"
-    "sd_mod"
-  ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/343c0ac5-3973-49b3-964a-6ad90c36b89c";
-    fsType = "ext4";
+    initrd = {
+      availableKernelModules = [
+        "xhci_pci"
+        "ahci"
+        "nvme"
+        "usbhid"
+        "usb_storage"
+        "sd_mod"
+      ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
  };

-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/5F99-043D";
-    fsType = "vfat";
-    options = [
-      "fmask=0077"
-      "dmask=0077"
-    ];
-  };
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/343c0ac5-3973-49b3-964a-6ad90c36b89c";
+      fsType = "ext4";
+    };

-  fileSystems."/home" = {
-    device = "/dev/disk/by-uuid/28f4fb41-9414-4504-a767-c2e8bf5eb2c8";
-    fsType = "ext4";
+    "/boot" = {
+      device = "/dev/disk/by-uuid/5F99-043D";
+      fsType = "vfat";
+      options = [
+        "fmask=0077"
+        "dmask=0077"
+      ];
+    };
+
+    "/home" = {
+      device = "/dev/disk/by-uuid/28f4fb41-9414-4504-a767-c2e8bf5eb2c8";
+      fsType = "ext4";
+    };
  };

  swapDevices = [ ];
@@ -58,47 +66,47 @@
  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-
-  # Graphics settings
-  hardware.graphics = {
-    enable = true;
-    enable32Bit = true;
-  };

  services.xserver.videoDrivers = [ "nvidia" ];

-  hardware.nvidia = {
-    # Other options include:
-    # stable - Current stable
-    # production - Same as stable
-    # latest - Bleeding edge
-    # beta - latest beta
-    #
-    # See https://nixos.wiki/wiki/Nvidia
-    #
-    # Current versions can be found in https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/os-specific/linux/nvidia-x11/default.nix
-    #
-    package = config.boot.kernelPackages.nvidiaPackages.production;
+  hardware = {
+    cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+    graphics = {
+      enable = true;
+      enable32Bit = true;
+    };
+    nvidia = {
+      # Other options include:
+      # stable - Current stable
+      # production - Same as stable
+      # latest - Bleeding edge
+      # beta - latest beta
+      #
+      # See https://nixos.wiki/wiki/Nvidia
+      #
+      # Current versions can be found in https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/os-specific/linux/nvidia-x11/default.nix
+      #
+      package = config.boot.kernelPackages.nvidiaPackages.beta;

-    modesetting.enable = true;
+      modesetting.enable = true;

-    # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
-    # Enable this if you have graphical corruption issues or application crashes after waking
-    # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
-    # of just the bare essentials.
-    powerManagement.enable = true;
+      # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
+      # Enable this if you have graphical corruption issues or application crashes after waking
+      # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
+      # of just the bare essentials.
+      powerManagement.enable = true;

-    # Fine-grained power management for PRIME. Turns off GPU when not in use.
-    # Experimental and only works on modern Nvidia GPUs (Turing or newer).
-    # Requires offload to be enabled.
-    # powerManagement.finegrained = false;
+      # Fine-grained power management for PRIME. Turns off GPU when not in use.
+      # Experimental and only works on modern Nvidia GPUs (Turing or newer).
+      # Requires offload to be enabled.
+      # powerManagement.finegrained = false;

-    # Use the open-source driver?
-    open = false;
+      # Use the open-source driver?
+      open = false;

-    # Enable the nvidia-settings menu?
-    nvidiaSettings = true;
+      # Enable the nvidia-settings menu?
+      nvidiaSettings = true;
+    };
  };

  # Add a udev rule to prevent the mouse from waking the system.  Note that it
--- a/system/hosts/mcp/containers.nix
+++ b/system/hosts/mcp/containers.nix
@@ -160,10 +160,10 @@
            "-l=homepage.widget.type=scrutiny"
            "-l=homepage.widget.url=http://scrutiny:8080"
            "--cap-add=SYS_RAWIO"
-            "--device=/dev/sda:/dev/sda"
-            "--device=/dev/sdb:/dev/sdb"
-            "--device=/dev/sdc:/dev/sdc"
-            "--device=/dev/sdd:/dev/sdd"
+            "--device=/dev/disk/by-id/wwn-0x5000cca26fca1aed:/dev/disk/by-id/wwn-0x5000cca26fca1aed"
+            "--device=/dev/disk/by-id/wwn-0x5000cca26fef696c:/dev/disk/by-id/wwm-0x5000cca26fef696c"
+            "--device=/dev/disk/by-id/wwn-0x5000cca270db1d0e:/dev/disk/by-id/wwn-0x5000cca270db1d0e"
+            # "--device=/dev/sdd:/dev/sdd" Removing this one while the disk is down
          ];
          volumes = [
            "/run/udev:/run/udev:ro"
--- a/system/hosts/mcp/containers/dm-companion.nix
+++ b/system/hosts/mcp/containers/dm-companion.nix
@@ -100,7 +100,7 @@ in
        "dm-companion-pocketbase"
      ];
      volumes = [
-        "/tank/web/dm.terakoda.com/dist:/usr/share/nginx/html:ro"
+        "/tank/web/dm.terakoda.com/deployed:/usr/share/nginx/html:ro"
        "${nginxConf}:/etc/nginx/nginx.conf:ro"
      ];
    };
--- a/system/hosts/mcp/containers/havenisms.com/default.nix
+++ b/system/hosts/mcp/containers/havenisms.com/default.nix
@@ -6,5 +6,6 @@
    # ./immich.nix
    ./storyden.nix
    ./tandoor.nix
+    ./wallabag.nix
  ];
 }
--- a/system/hosts/mcp/containers/havenisms.com/wallabag.nix
+++ b/system/hosts/mcp/containers/havenisms.com/wallabag.nix
@@ -0,0 +1,19 @@
+{ config, ... }:
+let
+  inherit (import ../lib.nix config) havenisms;
+in
+{
+  virtualisation.web-containers.containers.wallabag = {
+    image = "wallabag/wallabag";
+    hostname = "wallabag";
+    domain = havenisms;
+    port = 80;
+    volumes = [
+      "wallabag-data:/var/www/wallabag/data"
+      "wallabag-images:/var/www/wallabag/web/assets/images"
+    ];
+    environment = {
+      SYMFONY__ENV__DOMAIN_NAME = "https://wallabag.${havenisms}";
+    };
+  };
+}
--- a/system/hosts/mcp/containers/media-system.nix
+++ b/system/hosts/mcp/containers/media-system.nix
@@ -6,12 +6,45 @@ let
    havenisms
    mkContainer
    ;
+  gluetun_env = "gluetun-proton-vpn-wireguard.env";
 in
 {

+  sops.secrets = {
+    "protonvpn/private_key" = {
+      restartUnits = [ "${config.local.container-backend}-gluetun.service" ];
+    };
+  };
+
+  # Example Wireguard config file:
+  # # Key for MCP Wireguard
+  # # Bouncing = 13
+  # # NetShield = 1
+  # # Moderate NAT = off
+  # # NAT-PMP (Port Forwarding) = on
+  # # VPN Accelerator = on
+  # PrivateKey = ${config.sops.placeholder."protonvpn/private_key"}
+  # Address = 10.2.0.2/32
+  # DNS = 10.2.0.1
+  #
+  # [Peer]
+  # # US-CA#906
+  # PublicKey = 2xvxhMK0AalXOMq6Dh0QMVJ0Cl3WQTmWT5tdeb8SpR0=
+  # AllowedIPs = 0.0.0.0/0, ::/0
+  # Endpoint = 79.127.185.166:51820
+  #
+  # PersistentKeepalive = 25
+  sops.templates.${gluetun_env}.content = ''
+    VPN_SERVICE_PROVIDER=protonvpn
+    VPN_TYPE=wireguard
+    WIREGUARD_PRIVATE_KEY="${config.sops.placeholder."protonvpn/private_key"}"
+    SERVER_COUNTRIES="United States,United Kingdom,Netherlands,Switzerland,Sweden"
+    VPN_PORT_FORWARDING=on
+  '';
+
  virtualisation.oci-containers.containers = {
    jellyfin = {
-      image = "lscr.io/linuxserver/jellyfin";
+      image = "lscr.io/linuxserver/jellyfin:10.11.6";
      autoStart = true;
      extraOptions = [
        "--device=/dev/dri:/dev/dri"
@@ -110,12 +143,8 @@ in
        "127.0.0.1:8083:8000"
      ];
      environmentFiles = [
-        "/tank/config/gluetun/vpn.env"
+        config.sops.templates.${gluetun_env}.path
      ];
-      environment = {
-        VPN_SERVICE_PROVIDER = "protonvpn";
-        UMASK = "002";
-      };
    };
    prowlarr = {
      image = "lscr.io/linuxserver/prowlarr";
--- a/system/hosts/mcp/default.nix
+++ b/system/hosts/mcp/default.nix
@@ -6,6 +6,7 @@
    ../../authorized-keys.nix
    inputs.sops-nix.nixosModules.sops
    ../../features/gc.nix
+    ../../features/printing.nix
  ];

  nixpkgs.config.allowUnfree = true;
--- a/system/hosts/mcp/static-site-hooks.nix
+++ b/system/hosts/mcp/static-site-hooks.nix
@@ -8,10 +8,11 @@ let
    writeShellScript "migrate-pocketbase" ''
      set -e

-      id
-      pwd
+      echo "Migrating in $(pwd) as $(id)"

      ${pkgs.pocketbase}/bin/pocketbase migrate up
+
+      echo "Migration complete"
    '';
  deployNpmApp =
    with pkgs;
@@ -26,10 +27,12 @@ let
      ];
      text = ''
        set -e
-        id
-        pwd

-        output_dir="./$(date --utc --iso-8601=seconds)"
+        echo "Deploying in $(pwd) as $(id)"
+
+        OUTPUT_DIR="./$(date --utc --iso-8601=seconds)"
+
+        echo "Deploying into $OUTPUT_DIR"

        export GIT_SSH_COMMAND='ssh -v -o "UserKnownHostsFile ${gitKnownHosts}" -i "${
          config.sops.secrets."deploy-key/mcp".path
@@ -46,9 +49,12 @@ let

        # Use a local cache with --cache .npm
        npm ci --cache .npm
-        npm run build -- --outDir "$output_dir"
+        npm run build -- --outDir "$OUTPUT_DIR"
+
+        echo "Activating $OUTPUT_DIR"
        # Trailing slash on source to only copy contents, not the directory itself
-        rsync --archive --delete "$output_dir"/ deployed
+        rsync --archive --delete "$OUTPUT_DIR"/ deployed
+        echo "Deployment complete"
      '';
    };
 in
--- a/system/hosts/vega/configuration.nix
+++ b/system/hosts/vega/configuration.nix
@@ -107,10 +107,16 @@
  };

  # Enable flakes
-  nix.settings.experimental-features = [
-    "nix-command"
-    "flakes"
-  ];
+  nix = {
+    # Binary caches for Reflex FRP
+    binaryCaches = [ "https://nixcache.reflex-frp.org" ];
+    binaryCachePublicKeys = [ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
+
+    settings.experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+  };

  services.openssh.enable = true;

--- a/system/hosts/vega/drew.nix
+++ b/system/hosts/vega/drew.nix
@@ -2,7 +2,7 @@
 {
  imports =
    map (x: ../../../home-manager + x) [
-      "/features/astronomy.nix"
+      "/features/chat.nix"
      "/features/development/development.nix"
      "/features/development/docker.nix"
      "/features/development/haskell.nix"
@@ -10,6 +10,7 @@
      "/features/development/typescript.nix"
      "/features/development/vscode.nix"
      "/features/eww"
+      "/features/image-editing.nix"
      "/features/linux-desktop.nix"
      "/features/notes.nix"
    ]
Author	SHA1	Message	Date
Drew Haven	383c7bb15e	[Gluetun] Switches to Wireguard config	2026-02-24 16:40:02 -08:00
Drew Haven	a4bb91e68e	[Wallabag] Adds wallabag	2026-02-24 16:40:02 -08:00
Drew Haven	13f301c4fb	[Obelisk] Adds Reflex FRP binary caches to the system	2026-02-12 15:53:26 -08:00
Drew Haven	114a1ae125	[notes] Update Syncthing config for Proxima	2026-02-06 09:47:12 -08:00
Drew Haven	9a4ab98506	[Jellyfin] Update to 10.11.6	2026-02-03 15:42:41 -08:00
Drew Haven	bf0d4a11d2	[nix] Fixes deprecated function usage.	2026-02-02 17:18:04 -08:00
Drew Haven	0950758532	[3d printing] Fix FreeCAD launcher	2026-01-27 23:20:31 -08:00
Drew Haven	31907ff47b	[Haskell] Adds support to the LSP. [neovim] Merges and checks in lazyvim.json	2026-01-26 12:44:23 -08:00
Drew Haven	a985e8a0da	[Browser,Firefox,Librewolf] Switch back to Firefox as default browser for better sync and features	2026-01-22 10:02:31 -08:00
Drew Haven	8add79d14c	[flake] Update	2026-01-09 16:19:43 -08:00
Drew Haven	93523c54f2	[altair] Cleans up hardware config	2026-01-09 16:15:41 -08:00
Drew Haven	c07dfe4259	[neovim] Check in extras config.	2026-01-06 15:29:51 -08:00
Drew Haven	978b7ac2b7	[flake] update to 25.11	2026-01-02 12:37:18 -08:00
Drew Haven	d1ccaa1c57	[hyprland] Adds a keybind for saving screenshots to files	2026-01-02 12:36:06 -08:00
Drew Haven	1c098a032b	[neovim] Switch to tab-completion so that I don't get confused when switching editors	2025-12-30 11:10:30 -08:00
Drew Haven	b951779a92	[audio] Adds script to inhibit sleep while media is playing.	2025-12-30 11:05:10 -08:00
Drew Haven	889d0b1057	[nvim] Adds a commented section about images in markdown docs, though it won't work in Foot tty.	2025-12-20 12:17:00 -08:00
Drew Haven	64cac2b167	[printing] Adds Brother printer	2025-12-14 17:26:25 -08:00
Drew Haven	2f278b5ecb	[nvim] Adds link to do documentation for RenderMarkdown plugin	2025-12-12 12:25:51 -08:00
Drew Haven	a0448def04	[desktop] Adds inkscape and groups some similar apps	2025-12-08 16:15:27 -08:00
Drew Haven	edb0f18989	[nvim] Updates a few plugins to new versions/repositories	2025-12-08 16:06:55 -08:00
Drew Haven	cfde735570	[nvim] Removes copilot	2025-11-21 12:18:06 -08:00
Drew Haven	9bbb4aa2dc	[astronomy] Added to Altair, removed from Vega	2025-11-21 12:18:06 -08:00
Drew Haven	9818771f7c	[dm-companion] Fixes deployment script?	2025-11-21 12:09:29 -08:00
Drew Haven	f7af96c497	[scrutiny] Switches to UUIDs, removes missing device.	2025-11-21 12:09:29 -08:00