creds

2025-07-16 12:10:32 +01:00 · 2025-07-16 12:10:32 +01:00 · f71e9df93f
commit f71e9df93f
parent ba48c2c3a4
9 changed files with 483 additions and 292 deletions
--- a/config/common.nix
+++ b/config/common.nix
@ -10,6 +10,10 @@
 }:
 {
  # Bootloader
  boot.loader.limine.enable = true;
  #boot.loader.limine.secureBoot.enable = true;
  # Enable networking
  networking.networkmanager.enable = true;
@ -69,22 +73,31 @@
    zsh.enable = true;
  };
  fileSystems."/mnt/media" = {
    device = "192.168.0.20:/mnt/pool/media";
    fsType = "nfs";
  };
  fileSystems."/mnt/services" = {
    device = "192.168.0.20:/mnt/pool/services";
    fsType = "nfs";
  };
  fileSystems."/mnt/data" = {
    device = "192.168.0.20:/mnt/pool/data";
    fsType = "nfs";
  };
  nix = {
    extraOptions = ''
      keep-outputs = true
      keep-derivations = true
    '';
    gc.automatic = true;
    optimise.automatic = true;
  };
  # unfree
  nixpkgs.config.allowUnfree = true;
  environment.systemPackages = with pkgs; [
    zsh
    htop
    fastfetch
    restic
    nixpkgs-fmt
    nixfmt-rfc-style
    rsync
    lm_sensors
    pciutils # lspci
    usbutils # lsusb
    nmap
    tree
  ];
 }
--- a/config/desktop.nix
+++ b/config/desktop.nix
@ -2,7 +2,7 @@
 {
-  powerManagement.powertop.enable = true;
+  #system.includeBuildDependencies = true; # THIS CAN'T BE INCLUDED IN COMMON YET BECAUSE SERVER DOES NOT HAVE ENOUGH STORAGE
  hardware.graphics = {
    enable = true;
@ -14,6 +14,7 @@
  # Enable the GNOME Desktop Environment.
  services.xserver.displayManager.gdm.enable = true;
  services.xserver.desktopManager.gnome.enable = true;
  services.gnome.gnome-keyring.enable = true;
  # Configure keymap in X11
  services.xserver.xkb = {
@ -26,6 +27,26 @@
  # Enable CUPS to print documents.
  services.printing.enable = true;
  services.avahi = {
    enable = true;
    nssmdns4 = true;
    openFirewall = true;
  };
  # services.printing.drivers = [ pkgs.brgenml1lpr pkgs.brgenml1cupswrapper ];
  # hardware.printers = {
  #   ensurePrinters = [
  #     {
  #       name = "DCP-L8410CDWW";
  #       location = "Home";
  #       deviceUri = "http://192.168.0.177:631/ipp/print";
  #       model = "drv:///cupsfilters.drv/pwgrast.ppd";
  #       ppdOptions = {
  #         PageSize = "A4";
  #       };
  #     }
  #   ];
  #   ensureDefaultPrinter = "DCP-L8410CDWW";
  # };
  # Enable sound with pipewire.
  hardware.pulseaudio.enable = false;
@ -45,8 +66,16 @@
  systemd.services."getty@tty1".enable = false;
  systemd.services."autovt@tty1".enable = false;
-  # Allow unfree packages
+  services.ollama = {
-  nixpkgs.config.allowUnfree = true;
+    enable = true;
    acceleration = "cuda";
    openFirewall = true;
    host = "0.0.0.0";
    # Optional: preload models, see https://ollama.com/library
    loadModels = [ "deepseek-r1" ];
  };
  hardware.keyboard.qmk.enable = true;
  boot = {
    # Graphical boot
@ -55,9 +84,12 @@
    kernel.sysctl."vm.max_map_count" = 2147483642;
  };
  #services.udev.packages = [ pkgs.via ];
  environment.gnome.excludePackages = with pkgs; [
    epiphany # web browser
    geary # email
    decibels #audio player
    gnome-calendar
    gnome-music
    gnome-software
@ -77,48 +109,59 @@
    gnomeExtensions.caffeine
    gnomeExtensions.dash-to-dock
    inkscape
    joplin-desktop
    kiwix
    libreoffice
    obs-studio
    ollama
    protonmail-desktop
    prismlauncher
    ungoogled-chromium
    signal-desktop
    tor-browser
    wireshark
    monero-gui
    vscodium
    zsh
    brave
    dconf-editor
-    localsend
+    via
    kdePackages.kdenlive
-    #gaymig?
+    # games
    heroic
    lutris
    cataclysm-dda
    runelite
    zeroad
    unciv
    endless-sky
    wesnoth
    mindustry
    openrct2
    openttd
    xonotic
-    #TUI
+    # game utils
-    fastfetch
+    mangohud
-    nixfmt-rfc-style
+    umu-launcher
    # emu
    ryubing
    xemu
    retroarch-full
    rpcs3
    cemu
    # media
    yt-dlp
    exiftool
    #tree?
    #ntfs-3g?
    ffmpeg-full
    htop
    lm_sensors
    mangohud
    mediainfo
-    pciutils # lspci
+    ffmpeg-full
    usbutils # lsusb
-    nmap
+    # barcodes
    umu-launcher
    qrencode
-    smartmontools
+    zbar
    barcode
    ghostscript
    # backup
    keepassxc
  ];
  fonts.packages = with pkgs; [
@ -130,9 +173,21 @@
    fantasque-sans-mono
  ];
  services.sunshine = {
    enable = true;
    autoStart = true;
    capSysAdmin = true;
    openFirewall = true;
  };
  programs = {
    adb.enable = true;
    localsend = {
      enable = true;
      openFirewall = true;
    };
    coolercontrol = {
      enable = true;
      nvidiaSupport = true;
@ -202,11 +257,12 @@
              default-folder-viewer = "list-view";
            };
            "org/gnome/shell/extensions/dash-to-dock" = {
-              click-action = "focus-minimize-or-previews";
+              click-action = "minimize-or-previews";
              dock-fixed = true;
              multi-monitor = true;
              show-mounts = false;
-              show-show-apps-button = false;
+              show-show-apps-button = true;
              apply-custom-theme = true;
            };
            "org/gnome/shell/keybindings" = {
              show-screenshot-ui = ["<Shift><Super>s"];
@ -216,4 +272,40 @@
    };
  };
  fileSystems."/mnt/media" = {
    device = "//192.168.0.30/media";
    fsType = "cifs";
    options = let
      # this line prevents hanging on network split
      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
    in ["${automount_opts},username=admin,password=Ch19blizz9,uid=1000,gid=1000"];
  };
  fileSystems."/mnt/services" = {
    device = "//192.168.0.30/services";
    fsType = "cifs";
    options = let
      # this line prevents hanging on network split
      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
    in ["${automount_opts},username=admin,password=Ch19blizz9,uid=1000,gid=1000"];
  };
  fileSystems."/mnt/data" = {
    device = "//192.168.0.30/data";
    fsType = "cifs";
    options = let
      # this line prevents hanging on network split
      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
    in ["${automount_opts},username=admin,password=Ch19blizz9,uid=1000,gid=1000"];
  };
  programs.virt-manager.enable = true;
  users.groups.libvirtd.members = ["admin"];
  virtualisation.libvirtd = {
    enable = true;
    qemu.swtpm.enable = true;
  };
  virtualisation.spiceUSBRedirection.enable = true;
 }
--- a/flake.lock
+++ b/flake.lock
@ -8,11 +8,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1747575206,
+        "lastModified": 1750173260,
-        "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
+        "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "4835b1dc898959d8547a871ef484930675cb47f1",
+        "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
        "type": "github"
      },
      "original": {
@ -71,11 +71,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747556831,
+        "lastModified": 1752208517,
-        "narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=",
+        "narHash": "sha256-aRY1cYOdVdXdNjcL/Twpa27CknO7pVHxooPsBizDraE=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33",
+        "rev": "c6a01e54af81b381695db796a43360bf6db5702f",
        "type": "github"
      },
      "original": {
@ -87,11 +87,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1747129300,
+        "lastModified": 1752048960,
-        "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=",
+        "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=",
        "owner": "nixos",
        "repo": "nixos-hardware",
-        "rev": "e81fd167b33121269149c57806599045fd33eeed",
+        "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806",
        "type": "github"
      },
      "original": {
@ -119,11 +119,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1747825515,
+        "lastModified": 1751943650,
-        "narHash": "sha256-BWpMQymVI73QoKZdcVCxUCCK3GNvr/xa2Dc4DM1o2BE=",
+        "narHash": "sha256-7orTnNqkGGru8Je6Un6mq1T8YVVU/O5kyW4+f9C1mZQ=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "cd2812de55cf87df88a9e09bf3be1ce63d50c1a6",
+        "rev": "88983d4b665fb491861005137ce2b11a9f89f203",
        "type": "github"
      },
      "original": {
--- a/home/desktop.nix
+++ b/home/desktop.nix
@ -2,6 +2,13 @@
 {
  programs = {
    chromium = {
      enable = true;
      package = pkgs.brave;
      commandLineArgs = [
        #"--sync-url='http://192.168.0.30:8295/v2'"
      ];
    };
    mpv = {
      enable = true;
@ -9,7 +16,6 @@
      package = (
        pkgs.mpv-unwrapped.wrapper {
          scripts = with pkgs.mpvScripts; [
            #uosc
            sponsorblock
          ];
--- a/home/podman.nix
+++ b/home/podman.nix
@ -17,10 +17,10 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/mnt/services/podman/actual:/data"
+        "/pool/services/podman/actual:/data"
      ];
      ports = [
        "5006:5006"
@ -38,11 +38,11 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/archivebox"
+        "/pool/services/secrets/archivebox"
      ];
      volumes = [
-        "/mnt/services/podman/archivebox:/data"
+        "/pool/services/podman/archivebox:/data"
      ];
      ports = [
        "8002:8000"
@ -60,12 +60,12 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/mnt/services/podman/bazarr:/config"
+        "/pool/services/podman/bazarr:/config"
-        "/mnt/media/video/movies:/movies"
+        "/pool/media/video/movies:/movies"
-        "/mnt/media/video/tv:/tv"
+        "/pool/media/video/tv:/tv"
      ];
      ports = [
        "6767:6767"
@ -83,10 +83,10 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/mnt/services/podman/ddclient:/config"
+        "/pool/services/podman/ddclient:/config"
      ];
      extraConfig = {
        Service = {
@ -101,10 +101,10 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/mnt/services/podman/eclipse-mosquitto:/mosquitto"
+        "/pool/services/podman/eclipse-mosquitto:/mosquitto"
      ];
      ports = [
        "1883:1883"
@ -123,10 +123,10 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/home/admin/podman/freshrss:/config"
+        "/pool/services/podman/freshrss:/config"
      ];
      ports = [
        "8555:80"
@ -145,13 +145,13 @@
      network = "bridge";
      devices = [ "nvidia.com/gpu=all" ];
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/frigate"
+        "/pool/services/secrets/frigate"
      ];
      volumes = [
        "/etc/localtime:/etc/localtime:ro"
-        "/mnt/services/podman/frigate:/config"
+        "/pool/services/podman/frigate:/config"
-        "/mnt/services/cctv:/media/frigate"
+        "/pool/services/cctv:/media/frigate"
      ];
      ports = [
        "5005:5000"
@ -172,11 +172,11 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/gitea"
+        "/pool/services/secrets/gitea"
      ];
      volumes = [
-        "/mnt/services/podman/gitea:/data"
+        "/pool/services/podman/gitea:/data"
      ];
      ports = [
        "3001:3000"
@ -195,11 +195,11 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
        "/etc/localtime:/etc/localtime:ro"
-        "/mnt/services/podman/homeassistant:/config"
+        "/pool/services/podman/homeassistant:/config"
      ];
      ports = [
        "8123:8123"
@ -217,11 +217,11 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/immich"
+        "/pool/services/secrets/immich"
      ];
      volumes = [
-        "/mnt/services/podman/immich/db:/var/lib/postgresql/data:z"
+        "/pool/services/podman/immich/db:/var/lib/postgresql/data:z"
      ];
      ports = [
        "5433:5432"
@ -240,11 +240,11 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/immich"
+        "/pool/services/secrets/immich"
      ];
      volumes = [
-        "/mnt/services/podman/immich/cache:/cache"
+        "/pool/services/podman/immich/cache:/cache"
      ];
      ports = [
        "3003:3003"
@ -262,8 +262,8 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/immich"
+        "/pool/services/secrets/immich"
      ];
      ports = [
        "6379:6379"
@ -281,11 +281,11 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/immich"
+        "/pool/services/secrets/immich"
      ];
      volumes = [
-        "/mnt/services/immich:/usr/src/app/upload"
+        "/pool/services/immich:/usr/src/app/upload"
        "/etc/localtime:/etc/localtime:ro"
      ];
      ports = [
@ -304,15 +304,15 @@
      network = "bridge";
      devices = [ "nvidia.com/gpu=all" ];
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/mnt/services/podman/jellyfin:/config"
+        "/pool/services/podman/jellyfin:/config"
-        "/mnt/media/video/movies:/movies"
+        "/pool/media/video/movies:/movies"
-        "/mnt/media/video/tv:/tv"
+        "/pool/media/video/tv:/tv"
-        "/mnt/media/audio/music/flac:/music"
+        "/pool/media/audio/music/flac:/music"
-        "/mnt/media/video/family:/family"
+        "/pool/media/video/family:/family"
-        "/mnt/media/video/livetv:/livetv"
+        "/pool/media/video/livetv:/livetv"
      ];
      ports = [
        "8096:8096"
@ -330,10 +330,10 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/mnt/services/podman/jellyseerr:/app/config"
+        "/pool/services/podman/jellyseerr:/app/config"
      ];
      ports = [
        "5055:5055"
@ -351,8 +351,8 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/joplin"
+        "/pool/services/secrets/joplin"
      ];
      ports = [
        "22300:22300"
@ -370,11 +370,11 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/joplin"
+        "/pool/services/secrets/joplin"
      ];
      volumes = [
-        "/home/admin/podman/joplin-db:/var/lib/postgresql/data"
+        "/pool/services/podman/joplin-db:/var/lib/postgresql/data"
      ];
      ports = [
        "5432:5432"
@ -393,10 +393,10 @@
      network = "bridge";
      exec = "*.zim";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/mnt/media/kiwix:/data"
+        "/pool/media/kiwix:/data"
      ];
      ports = [
        "8088:8080"
@ -414,12 +414,12 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/mnt/services/podman/lidarr:/config"
+        "/pool/services/podman/lidarr:/config"
-        "/mnt/media/audio/music/flac:/music"
+        "/pool/media/audio/music/flac:/music"
-        "/mnt/media/torrents:/downloads"
+        "/pool/media/torrents:/downloads"
      ];
      ports = [
        "8686:8686"
@ -437,11 +437,11 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/mnt/media/youtube-dl:/downloads"
+        "/pool/media/youtube-dl:/downloads"
-        "/mnt/media/audio/music/flac:/music"
+        "/pool/media/audio/music/flac:/music"
      ];
      ports = [
        "8081:8081"
@ -459,12 +459,12 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/nginx"
+        "/pool/services/secrets/nginx"
      ];
      volumes = [
-        "/mnt/services/podman/nginx/nginx.conf:/etc/nginx/nginx.conf:ro"
+        "/pool/services/podman/nginx/nginx.conf:/etc/nginx/nginx.conf:ro"
-        "/mnt/services/podman/nginx/html:/usr/share/nginx/html"
+        "/pool/services/podman/nginx/html:/usr/share/nginx/html"
      ];
      ports = [
        "888:80"
@ -482,11 +482,11 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/mnt/services/podman/nginx-proxy-manager:/data"
+        "/pool/services/podman/nginx-proxy-manager:/data"
-        "/mnt/services/podman/letsencrypt:/etc/letsencrypt"
+        "/pool/services/podman/letsencrypt:/etc/letsencrypt"
      ];
      ports = [
        "80:80"
@ -500,6 +500,24 @@
      };
    };
    ntp = {
      image = "docker.io/cturra/ntp";
      autoStart = true;
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
        "/pool/services/secrets/default"
      ];
      ports = [
        "123:123/udp"
      ];
      extraConfig = {
        Service = {
          TimeoutStartSec = 900;
        };
      };
    };
    ollama = {
      image = "docker.io/ollama/ollama:latest";
      autoStart = true;
@ -507,11 +525,11 @@
      network = "bridge";
      devices = [ "nvidia.com/gpu=all" ];
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/ollama"
+        "/pool/services/secrets/ollama"
      ];
      volumes = [
-        "/mnt/services/podman/ollama:/root/.ollama"
+        "/pool/services/podman/ollama:/root/.ollama"
      ];
      ports = [
        "11434:11434"
@ -529,11 +547,11 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/open-webui"
+        "/pool/services/secrets/open-webui"
      ];
      volumes = [
-        "/mnt/services/podman/open-webui:/app/backend/data"
+        "/pool/services/podman/open-webui:/app/backend/data"
      ];
      ports = [
        "3000:8080"
@ -551,14 +569,14 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/paperless-ngx"
+        "/pool/services/secrets/paperless-ngx"
      ];
      volumes = [
-        "/mnt/services/podman/paperless-ngx/data:/usr/src/paperless/data"
+        "/pool/services/podman/paperless-ngx/data:/usr/src/paperless/data"
-        "/mnt/services/podman/paperless-ngx/media:/usr/src/paperless/media"
+        "/pool/services/podman/paperless-ngx/media:/usr/src/paperless/media"
-        "/mnt/services/podman/paperless-ngx/export:/usr/src/paperless/export"
+        "/pool/services/podman/paperless-ngx/export:/usr/src/paperless/export"
-        "/mnt/data/scans:/usr/src/paperless/consume"
+        "/pool/data/scans:/usr/src/paperless/consume"
      ];
      ports = [
        "8010:8000"
@ -576,7 +594,7 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      ports = [
        "6380:6379"
@ -594,10 +612,10 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/mnt/services/podman/prowlarr:/config"
+        "/pool/services/podman/prowlarr:/config"
      ];
      ports = [
        "9696:9696"
@ -615,12 +633,12 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/mnt/services/podman/radarr:/config"
+        "/pool/services/podman/radarr:/config"
-        "/mnt/media/video/movies:/movies"
+        "/pool/media/video/movies:/movies"
-        "/mnt/media/torrents:/downloads"
+        "/pool/media/torrents:/downloads"
      ];
      ports = [
        "7878:7878"
@ -638,12 +656,12 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/mnt/services/podman/readarr:/config"
+        "/pool/services/podman/readarr:/config"
-        "/mnt/media/books:/books"
+        "/pool/media/books:/books"
-        "/mnt/media/torrents:/downloads"
+        "/pool/media/torrents:/downloads"
      ];
      ports = [
        "8787:8787"
@ -661,12 +679,12 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/home/admin/podman/rutorrent/passwd:/passwd"
+        "/pool/services/podman/rutorrent/passwd:/passwd"
-        "/home/admin/podman/rutorrent/data:/data"
+        "/pool/services/podman/rutorrent/data:/data"
-        "/mnt/media/torrents:/downloads"
+        "/pool/media/torrents:/downloads"
      ];
      ports = [
        "8888:8080"
@ -686,10 +704,10 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/mnt/services/podman/searxng:/etc/searxng"
+        "/pool/services/podman/searxng:/etc/searxng"
      ];
      ports = [
        "8880:8080"
@ -707,12 +725,12 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/mnt/services/podman/sonarr:/config"
+        "/pool/services/podman/sonarr:/config"
-        "/mnt/media/video/tv:/tv"
+        "/pool/media/video/tv:/tv"
-        "/mnt/media/torrents:/downloads"
+        "/pool/media/torrents:/downloads"
      ];
      ports = [
        "8989:8989"
@ -730,12 +748,12 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/tandoor"
+        "/pool/services/secrets/tandoor"
      ];
      volumes = [
-        "/mnt/services/podman/tandoor/staticfiles:/opt/recipes/staticfiles"
+        "/pool/services/podman/tandoor/staticfiles:/opt/recipes/staticfiles"
-        "/mnt/services/podman/tandoor/mediafiles:/opt/recipes/mediafiles"
+        "/pool/services/podman/tandoor/mediafiles:/opt/recipes/mediafiles"
      ];
      ports = [
        "9092:8080"
@ -753,11 +771,11 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/tandoor"
+        "/pool/services/secrets/tandoor"
      ];
      volumes = [
-        "/home/admin/podman/tandoor/db:/var/lib/postgresql/data"
+        "/pool/services/podman/tandoor/db:/var/lib/postgresql/data"
      ];
      ports = [
        "5434:5432"
@ -775,10 +793,10 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/mnt/services/podman/thelounge:/config"
+        "/pool/services/podman/thelounge:/config"
      ];
      ports = [
        "9000:9000"
@ -790,62 +808,17 @@
      };
    };
    unifi-network-application = {
      image = "lscr.io/linuxserver/unifi-network-application:latest";
      autoStart = true;
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
        "/mnt/services/secrets/default"
        "/mnt/services/secrets/unifi-network-application"
      ];
      volumes = [
        "/mnt/services/podman/unifi-network-application:/config"
      ];
      ports = [
        "8443:8443"
        "10001:10001/udp"
      ];
      extraConfig = {
        Service = {
          TimeoutStartSec = 900;
        };
      };
    };
    unifi-network-application-db = {
      image = "docker.io/mongo:7.0";
      autoStart = true;
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
        "/mnt/services/secrets/default"
        "/mnt/services/secrets/unifi-network-application"
      ];
      volumes = [
        "/mnt/services/podman/unifi-network-application-db"
      ];
      ports = [
        "27017:27017"
      ];
      extraConfig = {
        Service = {
          TimeoutStartSec = 900;
        };
      };
    };
    vaultwarden = {
      image = "docker.io/vaultwarden/server:latest";
      autoStart = true;
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/vaultwarden"
+        "/pool/services/secrets/vaultwarden"
      ];
      volumes = [
-        "/mnt/services/podman/vaultwarden:/data/"
+        "/pool/services/podman/vaultwarden:/data/"
      ];
      ports = [
        "8000:80"
@ -864,11 +837,11 @@
      autoUpdate = "registry";
      network = "bridge";
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/webdav"
+        "/pool/services/secrets/webdav"
      ];
      volumes = [
-        "/mnt/services/webdav:/var/lib/dav"
+        "/pool/services/webdav:/var/lib/dav"
      ];
      ports = [
        "8009:80"
@ -891,11 +864,11 @@
        "SYS_MODULE"
      ];
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
-        "/mnt/services/secrets/wireguard"
+        "/pool/services/secrets/wireguard"
      ];
      volumes = [
-        "/mnt/services/podman/wireguard:/config"
+        "/pool/services/podman/wireguard:/config"
        #"/lib/modules:/lib/modules"
      ];
      ports = [
@ -915,10 +888,10 @@
      network = "bridge";
      devices = [ "/dev/ttyACM0:/dev/ttyACM0" ];
      environmentFile = [
-        "/mnt/services/secrets/default"
+        "/pool/services/secrets/default"
      ];
      volumes = [
-        "/mnt/services/podman/zigbee2mqtt:/app/data"
+        "/pool/services/podman/zigbee2mqtt:/app/data"
      ];
      ports = [
        "8808:8080"
--- a/hosts/desktop/settings.nix
+++ b/hosts/desktop/settings.nix
@ -1,21 +1,37 @@
 { config, ... }:
 {
-  boot.kernelParams = [
+
  boot = {
    initrd.luks.devices."luks-d6ea38c1-693a-4aa1-b844-24f005b321ab".device =
      "/dev/disk/by-uuid/d6ea38c1-693a-4aa1-b844-24f005b321ab";
    kernelParams = [
      "nvidia_drm.modeset=1"
      "nvidia_drm.fbdev=1"
      "nvidia.NVreg_PreserveVideoMemoryAllocations=1"
      "module_blacklist=amdgpu"
    ];
-  networking.hostName = "nixos-desktop";
+  };
  # Bootloader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
-  boot.initrd.luks.devices."luks-d6ea38c1-693a-4aa1-b844-24f005b321ab".device =
+  networking = {
-    "/dev/disk/by-uuid/d6ea38c1-693a-4aa1-b844-24f005b321ab";
+    hostName = "nixos-desktop";
    interfaces.enp7s0 = {
      wakeOnLan.enable = true;
      ipv4.addresses = [
        {
          address = "192.168.0.40";
          prefixLength = 24;
        }
      ];
    };
    defaultGateway = "192.168.0.1";
    nameservers = [ "192.168.0.1" "1.1.1.1" ];
  };
-  services.xserver.videoDrivers = [ "nvidia" ];
+  services = {
    ollama.loadModels = [ "deepseek-r1:14b" ];
    xserver.videoDrivers = [ "nvidia" ];
  };
  hardware.nvidia = {
    modesetting.enable = true;
--- a/hosts/laptop/settings.nix
+++ b/hosts/laptop/settings.nix
@ -0,0 +1,40 @@
 {
  networking = {
    hostName = "nixos-laptop";
    interfaces.enp7s0 = {
      ipv4.addresses = [
        {
          address = "192.168.0.41";
          prefixLength = 24;
        }
      ];
    };
    defaultGateway = "192.168.0.1";
    nameservers = [ "192.168.0.1" "1.1.1.1" ];
    networkmanager.wifi.powersave = true;
  };
  services = {
    auto-cpufreq = {
      enable = true;
      settings = {
        battery = {
          governor = "powersave";
          turbo = "never";
        };
        charger = {
          governor = "performance";
          turbo = "auto";
        };
      };
    };
    # fwupdmgr update (bios updates)
    fwupd.enable = true;
    thermald.enable = true;
  };
  powerManagement.powertop.enable = true;
  system.stateVersion = "24.11";
 }
--- a/hosts/server/settings.nix
+++ b/hosts/server/settings.nix
@ -1,17 +1,38 @@
 { config, pkgs, ... }:
 {
  networking = {
    hostName = "nixos-server";
    hostId = "bbe3b289";
    firewall.enable = false;
    interfaces.ens18 = {
      ipv4.addresses = [
        {
          address = "192.168.0.40";
          prefixLength = 24;
        }
      ];
    };
    defaultGateway = "192.168.0.1";
    nameservers = [ "192.168.0.1" "1.1.1.1" ];
  };
  age.secrets = {
    "restic/environmentFile".file = ../../secrets/restic/environmentFile.age;
    "restic/repositoryFile".file = ../../secrets/restic/repositoryFile.age;
    "restic/passwordFile".file = ../../secrets/restic/passwordFile.age;
    "zfs/pool.key".file = ../../secrets/zfs/pool.key.age
  };
  users.users.admin.linger = true;
  age.identityPaths = [ "${config.users.users.admin.home}/.ssh/id_ed25519" ];
  nixpkgs.config.allowUnfree = true;
  hardware.nvidia-container-toolkit.enable = true;
  services.xserver.videoDrivers = [ "nvidia" ];
-  hardware.graphics.enable = true;
+  hardware = {
-
+    graphics.enable = true;
-  hardware.nvidia = {
+    nvidia = {
      modesetting.enable = true;
      powerManagement.enable = true;
      powerManagement.finegrained = false;
@ -19,31 +40,8 @@
      nvidiaSettings = false;
      package = config.boot.kernelPackages.nvidiaPackages.stable;
    };
-
+    nvidia-container-toolkit.enable = true;
-  networking.hostName = "nixos-server";
+  };
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/vda";
  boot.loader.grub.useOSProber = true;
  environment.systemPackages = with pkgs; [
    zsh
    htop
    fastfetch
    restic
    nixpkgs-fmt
    nixfmt-rfc-style
  ];
  networking.firewall.enable = false;
  networking.interfaces.ens18.ipv4.addresses = [
    {
      address = "192.168.0.30";
      prefixLength = 24;
    }
  ];
  networking.defaultGateway = "192.168.0.1";
  networking.nameservers = [ "1.1.1.1" ];
  boot.kernel.sysctl = {
    "net.ipv4.ip_unprivileged_port_start" = 80;
@ -64,12 +62,6 @@
    };
  };
  age.secrets = {
    "restic/environmentFile".file = ../../secrets/restic/environmentFile.age;
    "restic/repositoryFile".file = ../../secrets/restic/repositoryFile.age;
    "restic/passwordFile".file = ../../secrets/restic/passwordFile.age;
  };
  services.restic.backups.backup = {
    initialize = true;
    environmentFile = config.age.secrets."restic/environmentFile".path;
@ -77,12 +69,12 @@
    passwordFile = config.age.secrets."restic/passwordFile".path;
    paths = [
-      "/mnt/services"
+      "/pool/services"
-      "/mnt/data"
+      "/pool/data"
    ];
    exclude = [
-      "/mnt/services/cctv"
+      "/pool/services/cctv"
    ];
    pruneOpts = [
@ -93,29 +85,86 @@
  };
-  systemd.timers."prune-podman" = {
+  # systemd.timers."prune-podman" = {
-    wantedBy = [ "timers.target" ];
+  #   wantedBy = [ "timers.target" ];
-    timerConfig = {
+  #   timerConfig = {
-      OnCalendar = "weekly";
+  #     OnCalendar = "weekly";
-      Persistent = true;
+  #     Persistent = true;
-      Unit = "podman-prune.service";
+  #     Unit = "podman-prune.service";
  #   };
  # };
  # systemd.services."prune-podman" = {
  #   script = ''
  #     set -eu
  #     ${pkgs.podman}/bin/podman system prune -af
  #   '';
  #   serviceConfig = {
  #     Type = "oneshot";
  #     User = "admin";
  #   };
  # };
  # give permissions for zigbee USB transceiver
  system.activationScripts.script.text = ''chmod o+rw /dev/ttyACM0'';
  boot.supportedFilesystems = [ "zfs" ];
  boot.zfs.forceImportRoot = false;
  boot.zfs.extraPools = [ "pool" ];
  environment.etc."zfs/keys/pool.key".source = config.age.secrets."zfs/pool.key".path;
  services.zfs.autoScrub = {
    enable = true;
    interval = "weekly";
  };
  services.zfs.autoSnapshot.enable = true;
  services.zfs.trim.enable = true;
  services.smartd = {
    enable = true;
    notifications = {
      mail.enable = true;
      mail.recipient = "accelarion@protonmail.com";
    };
    devices = [ "DEVICESCAN -a" ]; # autodetect all drives
  };
-  systemd.services."prune-podman" = {
+  services.samba = {
-    script = ''
+    enable = true;
-      set -eu
+    openFirewall = true;
-      ${pkgs.coreutils}/bin/echo "heeeeelpppppp"
+    settings = {
-      ${pkgs.podman}/bin/podman system prune -af
+      global = {
-    '';
+      "workgroup" = "WORKGROUP";
-    serviceConfig = {
+      "server string" = "smbnix";
-      Type = "oneshot";
+      "netbios name" = "smbnix";
-      User = "admin";
+      "security" = "user";
      "hosts allow" = "192.168.0. 127.0.0.1 localhost";
      "hosts deny" = "0.0.0.0/0";
      "guest account" = "nobody";
      "map to guest" = "never";
    };
      "data" = {
        "path" = "/pool/data";
        "browseable" = "yes";
        "read only" = "no";
        "guest ok" = "no";
      };
      "media" = {
        "path" = "/pool/media";
        "browseable" = "yes";
        "read only" = "no";
        "guest ok" = "no";
      };
      "services" = {
        "path" = "/pool/services";
        "browseable" = "yes";
        "read only" = "no";
        "guest ok" = "no";
      };
    };
  };
  system.stateVersion = "24.11";
  # give permissions for zigbee USB transceiver
  system.activationScripts.script.text = ''chmod o+rw /dev/ttyACM0'';
 }
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -19,4 +19,6 @@ in
  "restic/environmentFile.age".publicKeys = [ agenix ];
  "restic/passwordFile.age".publicKeys = [ agenix ];
  "restic/repositoryFile.age".publicKeys = [ agenix ];
  "zfs/pool.key.age".publicKeys = [ agenix ];
 }