cleanup

flake.lock

@@ -75,11 +75,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1728591802,
+        "lastModified": 1728783352,
-        "narHash": "sha256-/HefSuC9DgRAVfiZ64+E32L5WHu9mpqrcnnZA9em2iY=",
+        "narHash": "sha256-9U5sXyy5i8N2iL6dROw8vAAhbbBAVWmKuNbEZj6CzSQ=",
         "owner": "lilyinstarlight",
         "repo": "nixos-cosmic",
-        "rev": "7a40bf82de534822d22503e195f2b71715277ad6",
+        "rev": "f545d4fc6c01afb04b9108f59d16160dcfa0a971",
         "type": "github"
       },
       "original": {
@@ -180,22 +180,6 @@
       }
     },
     "flake-compat_4": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-compat_5": {
       "locked": {
         "lastModified": 1688025799,
         "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@@ -302,49 +286,7 @@
         "type": "github"
       }
     },
-    "git-hooks": {
-      "inputs": {
-        "flake-compat": "flake-compat_3",
-        "gitignore": "gitignore",
-        "nixpkgs": "nixpkgs_3",
-        "nixpkgs-stable": "nixpkgs-stable_2"
-      },
-      "locked": {
-        "lastModified": 1728580416,
-        "narHash": "sha256-nKttjKg6lE7O5S+wlBOkXsUGdOgVxZ8SWaCOyodW5so=",
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "rev": "4ebefcac44b5116cf5741be858245db769ddedd1",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "type": "github"
-      }
-    },
     "gitignore": {
-      "inputs": {
-        "nixpkgs": [
-          "git-hooks",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1709087332,
-        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "type": "github"
-      }
-    },
-    "gitignore_2": {
       "inputs": {
         "nixpkgs": [
           "lanzaboote",
@@ -394,11 +336,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1728588172,
+        "lastModified": 1728726232,
-        "narHash": "sha256-wCLcOMOyiFHa4MfAT1SR8jj47GcmCXiR93kgFs38bVY=",
+        "narHash": "sha256-8ZWr1HpciQsrFjvPMvZl0W+b0dilZOqXPoKa2Ux36bc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "8bb5d53c5847d9a9b2ad1bda49f9aa9df0de282a",
+        "rev": "d57112db877f07387ce7104b5ac346ede556d2d7",
         "type": "github"
       },
       "original": {
@@ -447,7 +389,7 @@
     "lanzaboote": {
       "inputs": {
         "crane": "crane",
-        "flake-compat": "flake-compat_4",
+        "flake-compat": "flake-compat_3",
         "flake-parts": "flake-parts_2",
         "flake-utils": "flake-utils_2",
         "nixpkgs": [
@@ -499,14 +441,14 @@
     },
     "nix-darwin": {
       "inputs": {
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1728385805,
+        "lastModified": 1728769175,
-        "narHash": "sha256-mUd38b0vhB7yzgAjNOaFz7VY9xIVzlbn3P2wjGBcVV0=",
+        "narHash": "sha256-KtE4F2wTzIpE6fI9diD5dDkUgGAt7IG80TnFqkCD8Ws=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "48b50b3b137be5cfb9f4d006835ce7c3fe558ccc",
+        "rev": "fd0e3ed30b75ddf7f3d94829d80a078b413b6244",
         "type": "github"
       },
       "original": {
@@ -562,8 +504,8 @@
     },
     "nixos-apple-silicon": {
       "inputs": {
-        "flake-compat": "flake-compat_5",
+        "flake-compat": "flake-compat_4",
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_4",
         "rust-overlay": "rust-overlay_3"
       },
       "locked": {
@@ -582,11 +524,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1728269138,
+        "lastModified": 1728729581,
-        "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=",
+        "narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b",
+        "rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806",
         "type": "github"
       },
       "original": {
@@ -626,11 +568,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1728328465,
+        "lastModified": 1728627514,
-        "narHash": "sha256-a0a0M1TmXMK34y3M0cugsmpJ4FJPT/xsblhpiiX1CXo=",
+        "narHash": "sha256-r+SF9AnHrTg+bk6YszoKfV9lgyw+yaFUQe0dOjI0Z2o=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1bfbbbe5bbf888d675397c66bfdb275d0b99361c",
+        "rev": "c505ebf777526041d792a49d5f6dd4095ea391a7",
         "type": "github"
       },
       "original": {
@@ -641,22 +583,6 @@
       }
     },
     "nixpkgs-stable_2": {
-      "locked": {
-        "lastModified": 1720386169,
-        "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-stable_3": {
       "locked": {
         "lastModified": 1710695816,
         "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
@@ -672,23 +598,7 @@
         "type": "github"
       }
     },
-    "nixpkgs-stable_4": {
+    "nixpkgs-stable_3": {
-      "locked": {
-        "lastModified": 1728500571,
-        "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-stable_5": {
       "locked": {
         "lastModified": 1728156290,
         "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=",
@@ -720,22 +630,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-unstable-small": {
-      "locked": {
-        "lastModified": 1728534991,
-        "narHash": "sha256-wLUZyvtOOowAz0kTrU2MoC4nXWniFaVezGyzuEt5HPc=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "6b955bdbb9efe4a5c047746323951fe1bdf8d01b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable-small",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixpkgs_2": {
       "locked": {
         "lastModified": 1728492678,
@@ -753,22 +647,6 @@
       }
     },
     "nixpkgs_3": {
-      "locked": {
-        "lastModified": 1719082008,
-        "narHash": "sha256-jHJSUH619zBQ6WdC21fFAlDxHErKVDJ5fpN0Hgx4sjs=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "9693852a2070b398ee123a329e68f0dab5526681",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_4": {
       "locked": {
         "lastModified": 1718149104,
         "narHash": "sha256-Ds1QpobBX2yoUDx9ZruqVGJ/uQPgcXoYuobBguyKEh8=",
@@ -782,7 +660,7 @@
         "type": "indirect"
       }
     },
-    "nixpkgs_5": {
+    "nixpkgs_4": {
       "locked": {
         "lastModified": 1725103162,
         "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=",
@@ -798,7 +676,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_6": {
+    "nixpkgs_5": {
       "locked": {
         "lastModified": 1728093190,
         "narHash": "sha256-CAZF2NRuHmqTtRTNAruWpHA43Gg2UvuCNEIzabP0l6M=",
@@ -851,12 +729,12 @@
           "lanzaboote",
           "flake-compat"
         ],
-        "gitignore": "gitignore_2",
+        "gitignore": "gitignore",
         "nixpkgs": [
           "lanzaboote",
           "nixpkgs"
         ],
-        "nixpkgs-stable": "nixpkgs-stable_3"
+        "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
         "lastModified": 1717664902,
@@ -877,16 +755,13 @@
         "authentik-nix": "authentik-nix",
         "chaotic": "chaotic",
         "cosmic": "cosmic",
-        "git-hooks": "git-hooks",
         "home-manager": "home-manager_2",
         "impermanence": "impermanence",
         "lanzaboote": "lanzaboote",
         "nix-darwin": "nix-darwin",
         "nixos-apple-silicon": "nixos-apple-silicon",
         "nixos-hardware": "nixos-hardware",
-        "nixpkgs-stable": "nixpkgs-stable_4",
         "nixpkgs-unstable": "nixpkgs-unstable",
-        "nixpkgs-unstable-small": "nixpkgs-unstable-small",
         "sops-nix": "sops-nix"
       }
     },
@@ -915,11 +790,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1728461096,
+        "lastModified": 1728700003,
-        "narHash": "sha256-cd0cXB85B3kGpm+iumP9xCnqFErspXL9Z/2X59kQ6c4=",
+        "narHash": "sha256-Ox1pvEHxLK6lAdaKQW21Zvk65SPDag+cD8YA444R/og=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "e310b9bd71fa6c6a9fec0a8cf5af43ce798a0ad6",
+        "rev": "fc1e58ebabe0cef4442eedea07556ff0c9eafcfe",
         "type": "github"
       },
       "original": {
@@ -971,8 +846,8 @@
     },
     "sops-nix": {
       "inputs": {
-        "nixpkgs": "nixpkgs_6",
+        "nixpkgs": "nixpkgs_5",
-        "nixpkgs-stable": "nixpkgs-stable_5"
+        "nixpkgs-stable": "nixpkgs-stable_3"
       },
       "locked": {
         "lastModified": 1728345710,

flake.nix

@@ -6,10 +6,10 @@
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
 
     # nixpkgs-unstable-small
-    nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
+    # nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
     
     # nixpgs
-    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";
+    # nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";
 
     # Authentik
     authentik-nix.url = "github:nix-community/authentik-nix";
@@ -48,16 +48,14 @@
       url = "github:lilyinstarlight/nixos-cosmic";
       inputs.nixpkgs.follows = "nixpkgs-unstable";
     };
-
-    git-hooks.url = "github:cachix/git-hooks.nix";
   };
 
   outputs =
     {
       self,
       nixpkgs-unstable,
-      nixpkgs-unstable-small,
+      # nixpkgs-unstable-small,
-      nixpkgs-stable,
+      # nixpkgs-stable,
       chaotic,
       lanzaboote,
       impermanence,
@@ -68,16 +66,9 @@
       cosmic,
       authentik-nix,
       sops-nix,
-      git-hooks,
     }@inputs:
     let
       inherit (self) outputs;
-      supportedSystems = [
-        "x86_64-linux"
-        "aarch64-linux"
-        "aarch64-darwin"
-      ];
-      forAllSystems = nixpkgs-unstable.lib.genAttrs supportedSystems;
     in
     {
       overlays = import ./overlays { inherit inputs; };
@@ -139,7 +130,6 @@
             nixos-hardware.nixosModules.common-pc
             nixos-hardware.nixosModules.common-cpu-amd
             nixos-hardware.nixosModules.common-hidpi
-            # nixos-hardware.nixosModules.common-gpu-nvidia
           ];
         };
 
@@ -195,21 +185,5 @@
 
       # Set Git commit hash for darwin-version.
       system.configurationRevision = self.rev or self.dirtyRev or null;
-      
-      # checks = forAllSystems (system: {
-      #   pre-commit-check = git-hooks.lib.${system}.run {
-      #     src = ./.;
-      #     hooks = {
-      #       nixpkgs-fmt.enable = true;
-      #     };
-      #   };
-      # });
-
-      # devShells = forAllSystems (system: {
-      #   default = nixpkgs-unstable.legacyPackages.${system}.mkShell {
-      #     inherit (self.checks.${system}.pre-commit-check) shellHook;
-      #     buildInputs = self.checks.${system}.pre-commit-check.enabledPackages;
-      #   };
-      # });
     };
 }

hosts/default.nix

@@ -11,8 +11,8 @@ in
   # Enable nix flakes and nix-command tools
   nix = {
     settings = {
-      warn-dirty = false;
+      warn-dirty = lib.mkForce false;
-      experimental-features = [
+      experimental-features = lib.mkForce [
         "nix-command"
         "flakes"
       ];
@@ -20,7 +20,7 @@ in
 
     # Garbage collect automatically every week
     gc.automatic = lib.mkDefault true;
-    gc.options = "--delete-older-than 30d";
+    gc.options = lib.mkDefault "--delete-older-than 30d";
 
     optimise.automatic = lib.mkDefault true;
   };
@@ -38,7 +38,7 @@ in
     enableAllFirmware = lib.mkForce true;
 
     # Disable pulse audio in favor of pipewire
-    pulseaudio.enable = false;
+    pulseaudio.enable = lib.mkDefault false;
   };
 
   # Services configs

hosts/desktop/configuration.nix

@@ -223,8 +223,6 @@ in
       wineWowPackages.waylandFull
     ];
 
-    sessionVariables = lib.mkDefault { STEAM_FORCE_DESKTOPUI_SCALING = "1"; };
-
      etc."lact/config.yaml".text = ''
       daemon:
         log_level: info

hosts/desktop/home.nix

@@ -16,7 +16,7 @@ let
     s = "status";
     st = "status";
     b = "branch";
-    # p = "pull --rebase";
+    p = "pull --rebase";
     pu = "push";
   };
 in

hosts/desktop/hyprland/home.nix

@@ -15,8 +15,8 @@ let
     themeVariants = [ gtkThemeAccent ];
     tweaks = [ gtkThemeVariant ];
   };
-  iconThemeColor = "dark"; # "" "light" "dark"
+  # iconThemeColor = "dark"; # "" "light" "dark"
-  iconThemeVariant = ""; # "" "purple" "pink" "red" "orange" "yellow" "green" "teal" "grey"
+  # iconThemeVariant = ""; # "" "purple" "pink" "red" "orange" "yellow" "green" "teal" "grey"
   iconThemeScheme = "nord"; # "" "nord" "dracula" "gruvbox" "everforest" "catppuccin"
   iconTheme = "Colloid-Nord";
   iconThemePkg = pkgs.colloid-icon-theme.override {

hosts/nas/configuration.nix

@@ -173,6 +173,7 @@ in
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
       ];
       packages = with pkgs; [
+        cachix
         fastfetch
         git
         parted

hosts/nas/filesystems.nix

@@ -105,6 +105,16 @@ in
     options = [ "subvol=timemachine" ] ++ defaultOptions;
   };
 
+  fileSystems."/run/mount/ssd" = {
+    device = "/dev/mapper/ssd1";
+    fsType = "btrfs";
+  };
+
+  fileSystems."/run/mount/main" = {
+    device = "/dev/mapper/hdd1";
+    fsType = "btrfs";
+  };
+
   # fileSystems."/media/nas/junk/nextcloud-backup" = {
   #   device = "/dev/disk/by-uuid/11948951106919390044";
   #   fsType = "btrfs";

hosts/nas/home.nix

@@ -42,7 +42,7 @@
       s = "status";
       st = "status";
       b = "branch";
-      # p = "pull --rebase";
+      p = "pull --rebase";
       pu = "push";
     };
   };

hosts/nas/impermanence.nix

@@ -1,4 +1,4 @@
-{ ... }@args:
+{ ... }:
 {
   # Set up impernance configuration for things like bluetooth
   # In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
@@ -34,4 +34,9 @@
       "/etc/machine-id"
     ];
   };
+
+  security.sudo.extraConfig = ''
+    # rollback results in sudo lectures after each reboot
+    Defaults lecture = never
+  '';
 }

hosts/nas/networking.nix

@@ -2,25 +2,19 @@
 let
   hostname = "jallen-nas";
   ipAddress = "10.0.1.18";
+  ipAddress2 = "10.0.1.19";
   gateway = "10.0.1.1";
-  allowedPorts = [
-    2342
-    3493
-    61208
-    9090
-    9000
-    #    config.services.tailscale.port
-    #    22
-  ];
 in
 {
-  # Networking configs wlp7s0
+  # Networking configs
   networking = {
     hostName = hostname;
 
+    useNetworkd = true;
+
     hostId = "4b501480";
 
-    # Enable Network Manager
+    # Disable Network Manager
     networkmanager.enable = false;
 
     interfaces = {
@@ -33,25 +27,23 @@ in
           }
         ];
       };
-
+      wlp6s0 = {
-      # br0 = {
+        useDHCP = true;
-      #   useDHCP = false;
+        ipv4.addresses = [
-      #   ipv4.addresses = [
+          {
-      #     {
+            address = ipAddress2;
-      #       address = ipAddress;
+            prefixLength = 24;
-      #       prefixLength = 24;
+          }
-      #     }
+        ];
-      #   ];
+      };
-      # };
     };
 
-    # bridges = {
+    defaultGateway = {
-    #   br0 = {
+      interface = "wlp7s0";
-    #     interfaces = [ "wlp6s0" ];
+      address = gateway;
-    #   };
+      metric = 1;
-    # };
+    };
 
-    defaultGateway.address = gateway;
     nameservers = [ gateway ];
 
     wireless = {
@@ -60,42 +52,32 @@ in
       secretsFile = config.sops.secrets."wifi".path;
       allowAuxiliaryImperativeNetworks = true;
       interfaces = [
+        "wlp6s0"
         "wlp7s0"
       ];
       networks = {
         "Joey's Jungle 6G" = {
-#          pskRaw = "ext:PSK";
+          # pskRaw = "ext:PSK";
-#          priority = 1000;
+          priority = 1000;
           psk = "kR8v&3Qd";
           extraConfig = ''
             key_mgmt=SAE
             ieee80211w=2
           '';
         };
-#        "Joey's Jungle 5G" = {
+        "Joey's Jungle 5G" = {
-#          pskRaw = "ext:PSK";
+          pskRaw = "ext:PSK";
-#          priority = 1;
+          priority = -100;
-#        };
+        };
       };
     };
 
     firewall = {
       enable = true;
       allowPing = true;
-      extraCommands = "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # TODO is this needed?
-      allowedTCPPorts = allowedPorts;
-      allowedUDPPorts = allowedPorts;
 
       # always allow traffic from your Tailscale network
       trustedInterfaces = [ "tailscale0" ];
     };
-
-    # nat = {
-    #   enable = true;
-    #   internalInterfaces = ["ve-+"];
-    #   externalInterface = "wlp9s0";
-    #   # Lazy IPv6 connectivity for the container
-    #   enableIPv6 = true;
-    # };
   };
 }

modules/services/caddy/default.nix

@@ -1,22 +0,0 @@
-{ ... }:
-let
-  collaboraPort = "9980";
-  nextcloudPort = "9981";
-  jellyfinPort = "";
-in
-{
-  services.caddy = {
-    enable = true;
-    enableReload = true;
-    email = "jalle008@proton.me";
-    user = "nix-apps";
-    group = "jallen-nas";
-    dataDir = "/media/ssd/nix-app-data/caddy";
-
-    virtualHosts."hass.mjallen.dev".extraConfig = ''
-      reverse_proxy http://10.0.1.183:8126
-    '';
-
-
-  };
-}

modules/services/fail2ban/default.nix

@@ -1,97 +0,0 @@
-{ pkgs, ... }:
-{
-  services.fail2ban = {
-    enable = true;
-   # Ban IP after 5 failures
-    maxretry = 5;
-    ignoreIP = [
-      # Whitelist subnet
-      "10.0.1.0/24"
-      # "8.8.8.8" # whitelist a specific IP
-      # "nixos.wiki" # resolve the IP via DNS
-    ];
-    bantime = "24h"; # Ban IPs for one day on the first ban
-    bantime-increment = {
-      enable = true; # Enable increment of bantime after each violation
-      formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
-      multipliers = "1 2 4 8 16 32 64";
-      maxtime = "168h"; # Do not ban for more than 1 week
-      overalljails = true; # Calculate the bantime based on all the violations
-    };
-    jails = {
-      apache-nohome-iptables.settings = {
-        # Block an IP address if it accesses a non-existent
-        # home directory more than 5 times in 10 minutes,
-        # since that indicates that it's scanning.
-        filter = "apache-nohome";
-        action = ''iptables-multiport[name=HTTP, port="http,https"]'';
-        logpath = "/var/log/httpd/error_log*";
-        backend = "auto";
-        findtime = 600;
-        bantime  = 600;
-        maxretry = 5;
-      };
-
-      ngnix-url-probe.settings = { 
-        enabled = true;
-        filter = "nginx-url-probe";
-        logpath = "/var/log/nginx/access.log";
-        action = ''%(action_)s[blocktype=DROP]
-                 ntfy'';
-        backend = "auto"; # Do not forget to specify this if your jail uses a log file
-        maxretry = 5; 
-        findtime = 600;
-      };
-
-      nginx-http-auth.settings = {
-        enabled = true;
-        filter = "nginx-http-auth";
-        port = "http,https";
-        logpath = "/var/log/httpd/error_log*";
-      };
-
-      nginx-badbots.settings = {
-        enabled = true;
-        filter = "nginx-badbots";
-        port = "http,https";
-        logpath = "/var/log/nginx/access.log";
-        maxretry = 2;
-      };
-
-      nginx-botsearch.settings = {
-        enabled = true;
-        filter = "nginx-botsearch";
-        port = "http,https";
-        logpath = "/var/log/nginx/access.log";
-      };
-
-      nginx-deny.settings = {
-        enabled = true;
-        filter = "nginx-deny";
-        port = "http,https";
-        logpath = "/var/log/nginx/access.log";
-      };
-
-      nginx-unauthorized.settings = {
-        enabled = true;
-        filter = "nginx-unauthorized";
-        port = "http,https";
-        logpath = "/var/log/nginx/access.log";
-      };
-    };
-  };
-
-  environment.etc = {
-    # Define an action that will trigger a Ntfy push notification upon the issue of every new ban
-    # "fail2ban/action.d/ntfy.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
-    #   [Definition]
-    #   norestored = true # Needed to avoid receiving a new notification after every restart
-    #   actionban = curl -H "Title: <ip> has been banned" -d "<name> jail has banned <ip> from accessing $(hostname) after <failures> attempts of hacking the system." https://ntfy.sh/Fail2banNotifications
-    # '');
-    # Defines a filter that detects URL probing by reading the Nginx access log
-    "fail2ban/filter.d/nginx-url-probe.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
-      [Definition]
-      failregex = ^<HOST>.*(GET /(wp-|admin|boaform|phpmyadmin|\.env|\.git)|\.(dll|so|cfm|asp)|(\?|&)(=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000|=PHPE9568F36-D428-11d2-A769-00AA001ACF42|=PHPE9568F35-D428-11d2-A769-00AA001ACF42|=PHPE9568F34-D428-11d2-A769-00AA001ACF42)|\\x[0-9a-zA-Z]{2})
-    '');
-  };
-}

share/amd/default.nix

@@ -63,6 +63,9 @@ in
     };
 
     # Configure environment
-    environment.systemPackages = mkIf cfg.lact.enable [ pkgs.lact ];
+    environment = {
+      systemPackages = mkIf cfg.lact.enable [ pkgs.lact ];
+      sessionVariables = lib.mkDefault { STEAM_FORCE_DESKTOPUI_SCALING = "1"; };
+    };
   };
 }

share/impermanence/default.nix

@@ -1,4 +1,4 @@
-{ ... }@args:
+{ ... }:
 {
   # Set up impernance configuration for things like bluetooth
   # In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.

share/known-hosts.nix

@@ -1,19 +0,0 @@
-{
-  ...
-}:
-{
-  programs.ssh.knownHosts = {
-    jallen-mac = {
-      hostNames = [ "mattjallen@MacBook-Pro.local" ];
-      publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs=";
-    };
-    jallen-pc-windows = {
-      hostNames = [ "mattl@Jallen-PC" ];
-      publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s=";
-    };
-    jallen-pc-nixos = {
-      hostNames = [ "matt@matt-nixos" ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov";
-    };
-  };
-}

share/nvidia/default.nix

@@ -1,6 +1,5 @@
 {
   lib,
-  pkgs,
   config,
   ...
 }: