From fc8178ed80388097d1e3ec16bb0e2e260479593b Mon Sep 17 00:00:00 2001
From: Jurn Wubben <jsw@jsw.tf>
Date: Fri, 29 Aug 2025 11:05:27 +0200
Subject: [PATCH 1/6] Recreated options

---
 hosts/lapserv/default.nix                     |  34 ++++-
 hosts/minimal/default.nix                     |   2 +-
 secrets/bread-dcbot.age                       | Bin 1124 -> 0 bytes
 secrets/dcbot.age                             |  16 ---
 secrets/default.nix                           |  30 ++---
 secrets/derek-bot.age                         | Bin 0 -> 1124 bytes
 secrets/jsw-bot.age                           | Bin 0 -> 1425 bytes
 secrets/secrets.nix                           |   4 +-
 system/server/caddy.nix                       |  16 +--
 system/server/default.nix                     |  18 ++-
 system/server/{derekBot.nix => derek-bot.nix} |  34 ++---
 system/server/forgejo.nix                     |  28 +++--
 system/server/immich.nix                      |  28 +++--
 system/server/index/default.nix               |  22 ++--
 system/server/{bot.nix => jsw-bot.nix}        |  43 ++++---
 system/server/lib/extractWebOptions.nix       |  18 +++
 system/server/lib/webOptions.nix              |  16 +++
 system/server/mail.nix                        |  18 ++-
 system/server/matrix.nix                      |  35 +++---
 system/server/nextcloud.nix                   | 118 ++++++++++--------
 system/server/temp.nix                        |  25 ++--
 system/server/zitadel.nix                     |  25 ++--
 22 files changed, 325 insertions(+), 205 deletions(-)
 delete mode 100644 secrets/bread-dcbot.age
 delete mode 100644 secrets/dcbot.age
 create mode 100644 secrets/derek-bot.age
 create mode 100644 secrets/jsw-bot.age
 rename system/server/{derekBot.nix => derek-bot.nix} (73%)
 rename system/server/{bot.nix => jsw-bot.nix} (58%)
 create mode 100644 system/server/lib/extractWebOptions.nix
 create mode 100644 system/server/lib/webOptions.nix

diff --git a/hosts/lapserv/default.nix b/hosts/lapserv/default.nix
index 1cd0c0e..6e416f4 100644
--- a/hosts/lapserv/default.nix
+++ b/hosts/lapserv/default.nix
@@ -6,7 +6,39 @@
   networking.interfaces.enp2s0.wakeOnLan.enable = true;
 
   niksos = {
-    server = true;
+    # server = true;
+    server = {
+      baseDomain = "jsw.tf";
+      derek-bot.enable = true;
+      forgejo = {
+        enable = true;
+        subDomain = "git";
+      };
+      immich = {
+        enable = true;
+        subDomain = "photos";
+      };
+      jsw-bot = {
+        enable = true;
+        subDomain = "dc";
+      };
+      nextcloud = {
+        enable = true;
+        subDomain = "cloud";
+      };
+      stalwart = {
+        enable = true;
+        subDomain = "mail";
+      };
+      zitadel = {
+        enable = true;
+        subDomain = "z";
+      };
+      site = {
+        enable = true;
+        subDomain = "";
+      };
+    };
     hardware.graphics = {
       nvidia = false; #FIXME: Compile error
       intel = true;
diff --git a/hosts/minimal/default.nix b/hosts/minimal/default.nix
index ee6495e..a782795 100644
--- a/hosts/minimal/default.nix
+++ b/hosts/minimal/default.nix
@@ -34,7 +34,7 @@
       };
     };
     neovim = false;
-    server = false;
+    # server = false;
   };
 
   #NOTE: Old info
diff --git a/secrets/bread-dcbot.age b/secrets/bread-dcbot.age
deleted file mode 100644
index e65c88bd9b882ef55c2e2bf2f372502f7b60c6d3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1124
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCT453Gs|cU165P05W+
z%8fMkukdorPx8;m_73%R_fO1sHp(ceGIaJWtI8?MO(`xZ59BgQ57rL~3o8u^H7<0w
zh)D7*i7JlD3-u_r3^hr~3C#_xGzm1z3(<D3FhRG?H!a9K%uyk?pu|r*Lc7S)vp794
zCBQH$#mLaNsItN`$uT9{%Q+<9*E7&Jz%|vvIFu{MqB1JjJU_zQ&pY4M+sG@&!zHBL
zB*QW&PdhRv#nUi3sKnbn%RSq#Fd5x8?c}nckaUGy&vJ7=6a6r^z{>QbA|of`!mI#K
zm-Ou12=5AWAEOlgz-0fx2yJ5v!*s6D$UKiygRmSYSAAp8qL6SWeedL8@1UTdB)_yk
z<4AoEZ-2Mq2#?6z;Cyu3!kq(riX0UZ6Qd%HiqnFVJuR|xOcP5(iVX{jBHfBIlPeM{
z3L}#Oa?M?w^0GZMoLspK@}fNRGqqE*j0{VQb5cVC$|C~&QbJwJl1vNIgZ#by11xjW
z+$!81i(S!eGuN-mj4W3OOV22dC=WF7v~=;ZFsaCQ@lTA%OmcDzh%huWj&iaLu5b)X
z3pGqC%y8xMF*ee639od{HVq6-w={{!OLg^eDG2gPbTxO(a!HT!sqm^Oi>OTT$n{0H
zEiACo%pg!9)xs#yL))c5J2^BlsWQ+}J3BAPB(2gj-_6WOKeWQYs94`6qtd&q%Bh^I
zq}<ohG}AKID<a(7B*Mr$$h^eBJY3tfA}Y|dsvx&2&Brjq-#@*?)F7KnS65ddG(+1b
zyUNrz%*!_^GbklDD#NHGFe9KiB*QDvE6d3^)jz}2FC`$LI6Rvx>GMf9ClT(nX-9gF
zi)m+xMZ38K>&LGYeB@DdoZ(9Re7otgLB6-PzrXd1?VnpyG}9)ghP;Y-`<B=|WysoR
z^LmHiv0}f2wYd{{whQf&mp@}{>~!>yg^-ux)JbVK<lVd;+E~1pD9y^HGwc4dp9yhx
zjCoIbFFBMYuJw%A(Cz9IEzi__spijjFF~_U?@CSV<6ZY$`qXtX!MMNSe0SMxi7Qs?
z&Sae|x_rD_+hXpaZ%V?JmwPMj$R8{J_+IheUt7VI363(+jm4kNIVc=lvyiiyPpsqO
z%ijePz6breEC1H!@yr7UPxUdb*UT&mH$E+PQ(o+~Sa{{E>mOKd2mRKcutIgtgzC_0
zTh&Duk8OCIB6r=@WM{X82zyAFDA&8n`#W2?KM4Qt*T44uX<NnA+5>eDx7}OC;}gae
zXm-=$o{nAnVX@$M+upqS{p8M#Z*fwG?{s~SNtu7xah9{fKNs^Ixrg%$+Z)+-2mY*g
ql@UD8baEO0dX;|?dZBiarziRaq}<+r;FqQ7l)OJjZLQ1OC4B%RsHp+~

diff --git a/secrets/dcbot.age b/secrets/dcbot.age
deleted file mode 100644
index 823685d..0000000
--- a/secrets/dcbot.age
+++ /dev/null
@@ -1,16 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 GQzYWA a0CqbXhMIeFmKsMSnQzPWJcdi0hH8caayThGHtKNdjc
-ZfRN0ukqXH8L1E1pWBU+tw0LmPxsb6/4FoeERCKEYCk
--> ssh-ed25519 MfR7VA WO0CmKh4CQY1ZLtgDbGIhxfbC8C/C9Vw4p4UGkZTzSs
-0oQbzzz8A6WJRbFqEPR6WStMRRGtFy2eEXIJ1WCqvIg
--> ssh-ed25519 +cvRTg ZYBJwTDV8zwZIpqY7sZIszS3saww0OV4RwVREVNxWHg
-PW9gzG2odI4G2I5zz+Gr2vaouPB6796RWDJzYZNFREQ
--> ssh-ed25519 WCPLrA p8I1d6YXg5pN6Ljeq/wsY5jj4rPaSvD+/au+vEUsgh4
-U0aiqeildEqF8SNh0L4hGIq3rQxY4HcSnDvluwldDpQ
--> ssh-ed25519 7/ziYw 7DGE8Zr0qMGh3P5lUSRYT+AdgRges037cLjHbbPPnTc
-daC7dau5IHSZr/HmjszbWrQNsVJOQILqNS/Yn1YE/zM
--> ssh-ed25519 VQy60Q cAuS4VLmDC9iCZ+7e+/5WVIxrvBa7ZChCz2pPSSY/TY
-ut6SAJSZMm9/YElx7SShyMufrBYAlb/IyQp0g4ADMa4
---- DQrDZ/cXaadnKTDN8MrGuTokHttdMbOzs2IPYTIOPw4
-Ôú9èçEJG($Ç'_±z·3õ§!;\ÛkçIâEæ3„%”!zŒíÄþO£‚ôŠú«*’®ÂÂãÝ.,ó	à•…`û+',À*ÝÞÄÑml%g?â¥0°'ñ-<MíwYŒj]SR‡aÕ©V–£Í(çk”—yü6Â@`j9jÈ~¨[úò_º½Dz±¨Ìd^¨"\Ú7ÍóéÔîlóÂþO#ÇƒÏcW=ô‚a~K],0![ßG¨~4ª™!XÅ›Ê|ÿó·(CÌ4)g^-¢5D”n¶lI·m C§,ê-9ƒš4¢åÓbI:–	1áõÝUx»ôe¡ôMÄêã’¡X(¯ÿÊ¼5²mí‚Œ[ÖBXHãâ f_ä‹J{ÔuófOT”D^¸*Y3³-ƒ•³ƒŠ¹e-OB¤tÁ‘.Qaáˆ²{m¼ð$W7ÝL>r¿Â•'‰>€b6º¹D©;w*.uYž‡µ°÷ÃXß`A**Œ2¨$TïtÔŒMÂ_1NÜÆ‹dã 
-@cJsÎåtÄ,Ð…hÏïaº¯ÇJŠpØå§j:æ¼sG@P/¼¾LœÜ4˜¥ö>XRÞ{f¶íJB>ƒ–Ãzï&÷ÖÀ;|’‚û«v‹œÎçÎšJÙS•¥Úì±Î¶AÄ,7ÉE{MEõwíPªÉ:ÿG‰òcœŠYžR¯ç³³ z£@³Xô„æÕ*½j%­MM•ÄµšB¦´`HzŸéÝSëKUWy+xûGÇDåÈ“¯Ém÷ï~›¬Ö›êóÉû¹‰·>ó%Î]RƒŸ;9”–¶¿8åœV…¾ÉL›c (RÌXäRùrŽl˜!eSAÊ§G3jhw¼œ•˜ƒ»£ª›Ò,ã2b1
\ No newline at end of file
diff --git a/secrets/default.nix b/secrets/default.nix
index 1681eb2..f8b1a50 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -14,35 +14,35 @@ in {
     password.file = ./password.age;
 
     # NOTE: server things
-    dcbot = mkIf server {
-      file = ./dcbot.age;
-      owner = serviceUser "dcbot"; #
+    jsw-bot = mkIf server.jsw-bot.enable {
+      file = ./jsw-bot.age;
+      owner = serviceUser "jsw-bot"; #
     };
-    bread-dcbot = mkIf server {
-      file = ./bread-dcbot.age;
-      owner = "bread-dcbot";
+    derek-bot = mkIf server.derek-bot.enable {
+      file = ./derek-bot.age;
+      owner = "derek-bot";
     };
-    matrix-registration = mkIf server {
-      file = ./matrix-registration.age;
-      owner = abstrServiceUser "matrix-continuwuity";
-    };
-    mail-admin = mkIf server {
+    # matrix-registration = mkIf server.matrix.enable {
+    #   file = ./matrix-registration.age;
+    #   owner = abstrServiceUser "matrix-continuwuity";
+    # };
+    mail-admin = mkIf server.stalwart.enable {
       # owner = serviceUser "stalwart-mail"; #FIXME: revert when stopped using docker for stalwart.
       file = ./mail-admin.age;
     };
-    zitadel-key = mkIf server {
+    zitadel-key = mkIf server.zitadel.enable {
       file = ./zitadel-key.age;
       owner = abstrServiceUser "zitadel";
     };
-    forgejo-mailpass = mkIf server {
+    forgejo-mailpass = mkIf server.forgejo.enable {
       file = ./forgejo-mailpass.age;
       owner = abstrServiceUser "forgejo";
     };
-    immich-oidc = mkIf server {
+    immich-oidc = mkIf server.immich.enable {
       file = ./immich-oidc.age;
       owner = abstrServiceUser "immich";
     };
-    nextcloud-admin-pass = mkIf server {
+    nextcloud-admin-pass = mkIf server.nextcloud.enable {
       file = ./nextcloud-admin-pass.age;
       owner = "nextcloud"; #NOTE: not a clear 'nextcloud.service' or 'services.nextcloud.user'.
     };
diff --git a/secrets/derek-bot.age b/secrets/derek-bot.age
new file mode 100644
index 0000000000000000000000000000000000000000..f45ac469bf36dc83ed10f2a869114b6d3da43dfb
GIT binary patch
literal 1124
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCT453Gs|cT`BV^hz}h
z@^{P0E>A8E3{G|{O|8hR^2pS-DAsoKO9>5($}`Q?HZ}7Mx8Mp7$Sw5M4oJ(*@N`eI
ztgOiNaZj%>3dzkc^fz&{NHoYwPY<#z(stB0GC{Y^H!a9K%uylODaqZS%%#x4%f~R(
zAkD2J*elo9z$82(EW{<lJj2&XzaYxZA~njy-Ga+6$v-vN(KJ&(EYaN9r_`w^GOHrA
zC@9}7wIn4e&>|zCOxq=`Dl5z11;aM&<g%cUbOrPDK)2MKGy~ttpv(%x0w-g?z)(wf
z?J(!yj36hsQ12Z5bTcorB=;bLbS}g4<SHXSGk=$IS5J!)FPF^h6faBtkTCP|GC$v-
z$gJG3v@Dn8QumysWOToUI|uj_IVuFWRR&k2XQr5k8W=f;lm-|X`WpKLdj=b6hx>Y$
zWk;BmxOwMkSLFL=T5yF1rl+_>dRF9_S>&0T6h!1lWOx}wxVWV_I~Nx^2ly0+xMq1}
zy80U=MWWkgu3wcIS*{SC?3a|76crxj=$LA0nVlBl6p>V9UR9J`;uV}1U}9lx78MZU
z?qQZ%Wx^GbA5fN@n^&9_m6%?cR#aqKrtjx!=^2>j<Cfv-lA2lSAK_|YY#Ei5ieXz=
zV5ONspn^$+fxcOUyMdcWSxRY<S-DwogpYq>VMv&HRiTGbfn~m7abQr8c~Q1|Iaj&9
zPkKs7kwu<sX;@{HsbRWBQlV#ga(Q})c3^<7pFu`SRjPk-YFeJ30hg|>u0pDXhf}(#
zrG9BuwqZ!Nuep0pMR-M3ws)9IX_{%4Q-o8Fc6w-4KyFk>AlK%oXE{qe%Uhp&9OIvt
z-W=AtLUZ%0bp~onzW$#j&oo=|T=_3o0q^A!3G23d_?cKXr9bFXej=+V{fz53Ygxtg
z|1amJaCc3%`tJL7;;!zl=m~pg@$YjESzmE(kFurBZx6Fx0a=M3hvHRY)}(Bjchn`;
zQc`-RUU^W~3EfTF*S&w|8+eNZUu|P7(N@*Ba{M?u>apmKdc|M2qjEpD3)<xG+r;ur
z>NrR5k)_X+x>*_eEO{KoHy1wMY`^GdsKfFvH_gSE+g~hCtmJ9Ya8iGB@m|-FA6qSh
zGCWk(R;#5KekgiA`<wE;Wkt>(8(Oq<i(M|=lkwz|6(~_@(cBmmqr|OMv*P^ft^>PO
z*k%arIjONdOihQ;;=;|9SFO)0ta0L6zh$%6&!Fhd%PhV*wg$^LndVw6>+#ML3y2I^
z9QKddNQ3FPV~yR!l-;f84c=SKp0g}8D(do7Z>hVSOcNf7v>wxAtGaA+Rf%2O;qskd
neGFSm&o9)e@a6Mcs<cU#;Un8khuKjZ`lt8n?>v7da#K41o~4>R

literal 0
HcmV?d00001

diff --git a/secrets/jsw-bot.age b/secrets/jsw-bot.age
new file mode 100644
index 0000000000000000000000000000000000000000..3e8c6a9e9ad3a0ef67e30611c4a5f9e57c4077f3
GIT binary patch
literal 1425
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCT453Gs|cT`9T^-oPn
zs`3d>H1G;@&rB(`2=eoA(RMUSE_8EpEzb-#GS1D=H%)cQa^&*2G<VE4cdInZC@c!e
z3N8!_a4Yb#sHie^%(O5vaIerWjwmXRtjIQUjzqW3H!a9K%uylT!pAf{C?&<jsjR5X
zH%s5xsiZQh#M#LwOS{k~y~?F3!p+UuG}AvnERw6hEVwem#4#$^HQdWWKgu~IB-q5)
z$I~RdD97K}BQzyl-`CN{A}uvC-vZq>?c}nckaUHz5>vnAh_nFxP@^(8m!#A@Hxo~f
z63+_#<kZ~CvJ^{q<3xi3?a&l$BTp{<NXyJ1$FjUof3E=Zyz;WhA~)xP3Lm#3r&P0~
zY~PT`G7nROg7n1jq-=EC!kq(riX0Vu!dz0le2XdqGD_V&gL6Hj$^v~e12PgFOQRy3
zJhd%-y&O}FLXr%Eb0WDsTs-p(4HGL&oeN!(wWCVPOtcHj5+jNWyh;MXOESF*jVs*E
z3$iUkv|Z6{GuN-mj4W5k^v*ELHuevxtW2uRt&B1XO)3rbtcoa4a`SL?ukZ-;^0i1$
zG|bMjbhqHDh^PoLGEFV_bq)v%%FnY1(az9zb54z_4A0azw2UfDws0->_ed!=HuFWd
zEiACo%pg!9+t@3$)X%cm(lETF$}>DXsidmRBE&L0A|x!YBC04Q)zHN}y}~d;JJXY^
z$lu-7B+W3>Da*^v(b7F9!`RV0Bs|KyJTE&c)!DJMD7&hxBqG(q$EBQ0S65ddGt1I1
zF~T4yD5WSb$vHX1x3r)zs?0k)x5UjPE3Mq9JgYc0v^cr2(9D<XYL#Q2xVQWPRmZAt
z;;Ym)w9QcZ!III|*?pZ~ilx%q-FKh<-_>fqlP$92>u)`7SS_|{rnIRj_sMigwNSS2
ziD9y5Hb?$%m?vQJuyx-yxBZUdJ=v$0PJG~Cbur|}sqkO=5<QiF3a{*R(R}17o&Gd}
z`!P%YoWA_~OaE;R+$G@n{O6jD`#AVq=6T;Qn6tfDCO&QP%u~7-p096-;gXH}wCcT7
zP3@#pUynE~Yr0YWM#?r;cR^16w%2lgj;GX@Dcn1f_u;wCL%FtP6CR5t=3jZGYaQvv
zqg3C+!>A?8*0HEBOQ}Bk^y-@jxEER+G{~EqbUdX>ri9Pu{f>%VR(ZyAc58+NmPH6%
zZ7Q0hB>yyO!|oLyCw$+>l~#9Y{w?lJHy=nWbeg?x@z1`+Q)Dvpm)c)&TIi?hI>Fia
zbNgK%x#Xm6mkRE`oHSWltJXVA@AQnCV&>GDDQ`{7)4NwTMcnbfo>2B<_8SeZ^QpW$
z`44;VoZRs*$7<X0nl-ETN9<T2mu2)lDs|2@ww|E*83{axeKx$_EiKohuan1B)RUCF
z`GuxrxsFXvLWP%6xT58AS78p1;MX5TCSG|Kx1Ue>Q}d(uU&O^v|DAQsak2iR9b39>
zw|#t<;l&zIcI*GUl%2MZqPw1JyiIN2d@XfTmD{74><<p)TL1Lud~&FMPGY2Q#?;JD
zYS$GE=X_hd`O1HrJYkonfM>g!xaXW;cvgPV<m#;OGmIZan5)iaK4jF9Ty}82b<D*5
zvS&oh*Hnx2d2ke3w``xPwWm+Dk8$m_P41_BzotE%$;;|^&ieHI*^ebYN$UNnIh6QU
z^I*`0mki9)ZW?dDbMeb5fxyR=r+$j}N@`oH=BNH<-nwYX)0^KHo}2vjOT5e4sN#(N
x6*^Y$Gp-!WJF36y>9(oKzp5Q#SN}9(=!^ZedDl7qz5tcg*8598&6{)XF95(5L{k6&

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 1c98513..66e90da 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -14,8 +14,8 @@ let
   keys = users ++ devices;
 in {
   "password.age".publicKeys = keys;
-  "dcbot.age".publicKeys = keys;
-  "bread-dcbot.age".publicKeys = keys;
+  "jsw-bot.age".publicKeys = keys;
+  "derek-bot.age".publicKeys = keys;
   "matrix-registration.age".publicKeys = keys;
   "mail-admin.age".publicKeys = keys;
   "zitadel-key.age".publicKeys = keys;
diff --git a/system/server/caddy.nix b/system/server/caddy.nix
index 389cbed..47d34f1 100644
--- a/system/server/caddy.nix
+++ b/system/server/caddy.nix
@@ -3,13 +3,15 @@
   lib,
   ...
 }: let
-  cfg = config.niksos.server;
+  inherit (config.services.caddy) enable;
+  inherit (lib) mkIf;
 in {
-  services.caddy = {
-    enable = cfg;
-    email = "jurnwubben@gmail.com";
-    enableReload = false;
-  };
+  config = mkIf enable {
+    services.caddy = {
+      email = "jurnwubben@gmail.com";
+      enableReload = false;
+    };
 
-  networking.firewall.allowedTCPPorts = lib.mkIf cfg [80 443];
+    networking.firewall.allowedTCPPorts = [80 443];
+  };
 }
diff --git a/system/server/default.nix b/system/server/default.nix
index c232262..920d92c 100644
--- a/system/server/default.nix
+++ b/system/server/default.nix
@@ -1,16 +1,24 @@
-{lib, ...}: {
+{lib, ...}: let
+  inherit (lib) mkOption types;
+in {
   imports = [
     # ./matrix.nix
-    ./bot.nix
+    # ./temp.nix
+    ./jsw-bot.nix
     ./caddy.nix
-    ./derekBot.nix
+    ./derek-bot.nix
     ./forgejo.nix
     ./immich.nix
     ./index
     ./mail.nix
     ./nextcloud.nix
-    ./temp.nix
     ./zitadel.nix
   ];
-  options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option.
+  options.niksos.server = {
+    baseDomain = mkOption {
+      type = types.lines;
+      description = "Set's the apex domain for the webservices. Do not include 'https' or a slash at the end. Just 'example.com'.";
+      example = "example.com";
+    };
+  };
 }
diff --git a/system/server/derekBot.nix b/system/server/derek-bot.nix
similarity index 73%
rename from system/server/derekBot.nix
rename to system/server/derek-bot.nix
index c71da3d..23d5d9d 100644
--- a/system/server/derekBot.nix
+++ b/system/server/derek-bot.nix
@@ -4,26 +4,26 @@
   lib,
   ...
 }: let
-  cfg = config.niksos.server;
-  userGroup = "bread-dcbot";
+  name = "derek-bot";
+  cfg = config.niksos.server.${name}.enable;
+
+  userGroup = name;
   gitRepo = "https://github.com/The-Breadening/Breadener";
 
-  bash = lib.getExe pkgs.bash;
+  inherit (lib) getExe mkEnableOption mkIf;
+  bash = getExe pkgs.bash;
+
   varLib = "/var/lib/";
-  mainDir =
-    varLib
-    + (
-      if !cfg
-      then ""
-      else userGroup
-    )
-    + "/";
-  programDir = mainDir + "program";
-  denoDir = mainDir + "deno";
-  tokenDir = mainDir + "Breadener-token";
+  mainDir = "${varLib}${userGroup}";
+  programDir = "${mainDir}/program";
+  denoDir = "${mainDir}/deno";
+  tokenDir = "${mainDir}/Breadener-token";
+
   path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.deno pkgs.git]);
 in {
-  config = lib.mkIf config.niksos.server {
+  options.niksos.server.${name}.enable = mkEnableOption name;
+
+  config = mkIf cfg {
     systemd.services.${userGroup} = {
       enable = true;
       after = ["network.target"];
@@ -39,7 +39,7 @@ in {
         export PATH=${path}
 
         cd "${mainDir}"
-        chown -R ${userGroup}:${userGroup} ${mainDir}* || echo
+        chown -R ${userGroup}:${userGroup} ${mainDir}/* || echo
 
         rm -rf "${tokenDir}" || echo
         mkdir -p "${denoDir}" "${tokenDir}"
@@ -48,7 +48,7 @@ in {
         if [ ! -d "${programDir}" ]; then
           git clone "${gitRepo}" "${programDir}"
         fi
-        chmod -R 750 ${mainDir}* || echo
+        chmod -R 750 ${mainDir}/* || echo
 
 
         cd "${programDir}"
diff --git a/system/server/forgejo.nix b/system/server/forgejo.nix
index 3b9da1e..423849b 100644
--- a/system/server/forgejo.nix
+++ b/system/server/forgejo.nix
@@ -3,17 +3,24 @@
   lib,
   ...
 }: let
-  DOMAIN = "git.jsw.tf";
+  name = "forgejo";
+  cfg = import ./lib/extractWebOptions.nix {inherit config name;};
+
+  DOMAIN = cfg.domain;
 in {
+  options = import ./lib/webOptions.nix {inherit config lib name;};
   config =
-    lib.mkIf config.niksos.server
+    lib.mkIf cfg.enable
     {
-      services.caddy.virtualHosts.${DOMAIN}.extraConfig = ''
-        request_body {
-            max_size 512M
-        }
-        reverse_proxy unix/${config.services.forgejo.settings.server.HTTP_ADDR}
-      '';
+      services.caddy = {
+        enable = true;
+        virtualHosts.${DOMAIN}.extraConfig = ''
+          request_body {
+              max_size 512M
+          }
+          reverse_proxy unix/${config.services.forgejo.settings.server.HTTP_ADDR}
+        '';
+      };
 
       services.forgejo = {
         enable = true;
@@ -52,12 +59,13 @@ in {
             DEFAULT_ACTIONS_URL = "github";
           };
           mailer = {
+            #FIXME: Only enable if stalwart is enabled by default.
             ENABLED = true;
             SUBJECT_PREFIX = "JSWGit";
             PROTOCOL = "smtps";
-            SMTP_ADDR = "mail.jsw.tf"; #FIXME: replace with config... to stalwart setting once using stalwart nixos module.
+            SMTP_ADDR = "mail.${cfg.baseDomain}"; #FIXME: replace with config... to stalwart setting once using stalwart nixos module.
             SMTP_PORT = 465;
-            FROM = "git@jsw.tf";
+            FROM = "git@${cfg.baseDomain}";
             USER = "git";
             PASSWD_URI = "file:${config.age.secrets.forgejo-mailpass.path}";
           };
diff --git a/system/server/immich.nix b/system/server/immich.nix
index 3554292..772b26f 100644
--- a/system/server/immich.nix
+++ b/system/server/immich.nix
@@ -4,23 +4,29 @@
   pkgs,
   ...
 }: let
+  name = "immich";
   inherit (lib) mkIf mkForce mkDefault;
 
-  cfg = config.niksos.server;
+  cfg = import ./lib/extractWebOptions.nix {inherit config name;};
+
   oidcSubstitute = "*@#OPENIDCLIENTSECRET#@*";
   config-dir = "/run/immich-conf";
-  url = "photos.jsw.tf";
-  httpsUrl = "https://" + url;
+  httpsUrl = "https://" + cfg.domain;
 in {
-  config =
-    mkIf cfg
-    {
-      users.users.${config.services.immich.user}.extraGroups = ["video" "render"];
-      services.caddy.virtualHosts.${url}.extraConfig = ''
-        reverse_proxy localhost:9002
-      '';
+  options = import ./lib/webOptions.nix {inherit config lib name;};
 
-      services.immich = mkIf cfg {
+  config =
+    mkIf cfg.enable
+    {
+      services.caddy = {
+        enable = true;
+        virtualHosts.${cfg.domain}.extraConfig = ''
+          reverse_proxy localhost:9002
+        '';
+      };
+
+      users.users.${config.services.immich.user}.extraGroups = ["video" "render"];
+      services.immich = {
         enable = true;
 
         port = 9002;
diff --git a/system/server/index/default.nix b/system/server/index/default.nix
index 2cfd6f7..44a2634 100644
--- a/system/server/index/default.nix
+++ b/system/server/index/default.nix
@@ -2,13 +2,19 @@
   config,
   lib,
   ...
-}: {
-  services.caddy.virtualHosts."jsw.tf" = lib.mkIf config.niksos.server {
-    extraConfig = ''
-      header Content-Type text/html
-      respond <<HTML
-        ${builtins.readFile ./index.html}
-      HTML 200
-    '';
+}: let
+  name = "site";
+  cfg = import ../lib/extractWebOptions.nix {inherit config name;};
+in {
+  options = import ../lib/webOptions.nix {inherit config lib name;};
+  config = lib.mkIf cfg.enable {
+    services.caddy.virtualHosts.${cfg.domain} = {
+      extraConfig = ''
+        header Content-Type text/html
+        respond <<HTML
+          ${builtins.readFile ./index.html}
+        HTML 200
+      '';
+    };
   };
 }
diff --git a/system/server/bot.nix b/system/server/jsw-bot.nix
similarity index 58%
rename from system/server/bot.nix
rename to system/server/jsw-bot.nix
index bb0e18b..3e6f25c 100644
--- a/system/server/bot.nix
+++ b/system/server/jsw-bot.nix
@@ -5,8 +5,13 @@
   inputs,
   ...
 }: let
-  deno = lib.getExe pkgs.deno;
-  bash = lib.getExe pkgs.bash;
+  name = "jsw-bot";
+  cfg = import ./lib/extractWebOptions.nix {inherit config name;};
+
+  inherit (lib) getExe mkIf optional;
+  inherit (config.niksos.server) nextcloud;
+
+  bash = getExe pkgs.bash;
 
   mainDir = "/var/lib/dcbot/";
   programDir = mainDir + "program";
@@ -15,10 +20,14 @@
 
   path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.typst pkgs.deno]);
 in {
-  config = lib.mkIf config.niksos.server {
-    systemd.services.dcbot = {
+  options = import ./lib/webOptions.nix {
+    inherit config lib name;
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.${name} = {
       enable = true;
-      after = ["network.target"];
+      after = ["network.target"]; #FIXME: doesn't start after network.
       wantedBy = ["default.target"];
       description = "Jsw's slaafje, discord bot.";
 
@@ -33,35 +42,37 @@ in {
         cd "${mainDir}"
         mkdir -p "${programDir}" "${dataDir}" "${denoDir}"
 
-        chown -R dcbot:dcbot ${mainDir}* || echo
+        chown -R ${name}:${name} ${mainDir}* || echo
         chmod -R 750 ${mainDir}* || echo
         cp --no-preserve=mode,ownership -r ${inputs.dcbot}/* "${programDir}/"
 
         rm "${dataDir}/.env" || echo
-        ln -s "${config.age.secrets.dcbot.path}" "${dataDir}/.env"
+        ln -s "${config.age.secrets.jsw-bot.path}" "${dataDir}/.env"
 
         cd "${programDir}"
         DENO_DIR=${denoDir} deno i
       '';
 
       serviceConfig = {
-        StateDirectory = "dcbot";
+        StateDirectory = name;
         ExecStart = "${bash} -c 'cd ${dataDir} && deno run -A ${programDir}/src/main.ts'";
-        User = "dcbot";
-        Group = "dcbot";
+        User = name;
+        Group = name;
         Restart = "always";
       };
     };
 
-    services.caddy.virtualHosts."dc.jsw.tf" = {
-      serverAliases = ["www.dc.jsw.tf"];
-      extraConfig = ''
-        reverse_proxy :9001
-      '';
+    services.caddy = {
+      enable = true;
+      virtualHosts.${cfg.domain} = {
+        extraConfig = ''
+          reverse_proxy :9001
+        '';
+      };
     };
 
     users.groups."dcbot" = {
-      members = ["nextcloud"]; #TODO: if config.niksos.server.nextcloud
+      members = optional nextcloud.enable "nextcloud"; #TODO: if config.niksos.server.nextcloud
       #NOTE: for nextcloud mounted folder
     };
     users.users."dcbot" = {
diff --git a/system/server/lib/extractWebOptions.nix b/system/server/lib/extractWebOptions.nix
new file mode 100644
index 0000000..3d2245c
--- /dev/null
+++ b/system/server/lib/extractWebOptions.nix
@@ -0,0 +1,18 @@
+{
+  config,
+  name,
+}: let
+  inherit (config.niksos) server;
+  inherit (server) baseDomain;
+  cfg = server.${name};
+
+  subDomain =
+    if cfg.subDomain == ""
+    then ""
+    else "${cfg.subDomain}.";
+in
+  {
+    domain = "${subDomain}.${baseDomain}";
+    inherit baseDomain;
+  }
+  // cfg
diff --git a/system/server/lib/webOptions.nix b/system/server/lib/webOptions.nix
new file mode 100644
index 0000000..1e119a9
--- /dev/null
+++ b/system/server/lib/webOptions.nix
@@ -0,0 +1,16 @@
+{
+  config,
+  lib,
+  name,
+}: let
+  inherit (lib) mkEnableOption mkOption types;
+in {
+  niksos.server.${name} = {
+    enable = mkEnableOption name;
+    subDomain = mkOption {
+      type = types.lines;
+      description = "What subdomain to use for ${name}";
+      example = name;
+    };
+  };
+}
diff --git a/system/server/mail.nix b/system/server/mail.nix
index 85e67e8..1c609bf 100644
--- a/system/server/mail.nix
+++ b/system/server/mail.nix
@@ -2,10 +2,15 @@
   config,
   lib,
   ...
-}: {
+}: let
+  name = "stalwart";
+  cfg = import ./lib/extractWebOptions.nix {inherit config name;};
+in {
   #FIXME: revert when stopped using docker for stalwart. https://github.com/NixOS/nixpkgs/issues/416091 (look at older commits for previous code.)
 
-  config = lib.mkIf config.niksos.server {
+  options = import ./lib/webOptions.nix {inherit lib config name;};
+
+  config = lib.mkIf cfg.enable {
     virtualisation.oci-containers.containers.stalwart = {
       image = "docker.io/stalwartlabs/stalwart:latest";
       labels = {
@@ -22,8 +27,11 @@
       465
     ];
 
-    services.caddy.virtualHosts."mail.jsw.tf".extraConfig = ''
-      reverse_proxy http://127.0.0.1:9003
-    '';
+    services.caddy = {
+      enable = true;
+      virtualHosts.${cfg.domain}.extraConfig = ''
+        reverse_proxy http://127.0.0.1:9003
+      '';
+    };
   };
 }
diff --git a/system/server/matrix.nix b/system/server/matrix.nix
index b3dcad5..8aa9ae3 100644
--- a/system/server/matrix.nix
+++ b/system/server/matrix.nix
@@ -3,36 +3,37 @@
   lib,
   ...
 }: let
-  database = {
-    connection_string = "postgres:///dendrite?host=/run/postgresql";
-    max_open_conns = 97;
-    max_idle_conns = 5;
-    conn_max_lifetime = -1;
-  };
-  host = "matrix.jsw.tf";
+  name = "matrix";
+  cfg = import ./lib/extractWebOptions.nix {inherit config name;};
 in {
-  config = lib.mkIf config.niksos.server {
+  options = import ./lib/webOptions.nix {inherit config lib name;};
+
+  config = lib.mkIf cfg.enable {
     services = {
       matrix-continuwuity = {
         enable = true;
         group = "caddy"; # Permissions for socket
+        #FIXME: caddy should be part of matrix group, not other way around
         settings.global = {
           unix_socket_path = "/run/continuwuity/continuwuity.sock";
-          server_name = host;
+          server_name = cfg.domain;
           allow_registration = true;
           registration_token_file = config.age.secrets.matrix-registration.path;
           new_user_displayname_suffix = "";
         };
       };
 
-      caddy.virtualHosts = {
-        ${host}.extraConfig = ''
-          header /.well-known/matrix/* Content-Type application/json
-          header /.well-known/matrix/* Access-Control-Allow-Origin *
-          respond /.well-known/matrix/server `{"m.server": "${host}:443"}`
-          respond /.well-known/matrix/client `{"m.homeserver": {"base_url": "https://${host}"}}`
-          reverse_proxy /_matrix/* unix//run/continuwuity/continuwuity.sock
-        '';
+      caddy = {
+        enable = true;
+        virtualHosts = {
+          ${cfg.domain}.extraConfig = ''
+            header /.well-known/matrix/* Content-Type application/json
+            header /.well-known/matrix/* Access-Control-Allow-Origin *
+            respond /.well-known/matrix/server `{"m.server": "${cfg.domain}:443"}`
+            respond /.well-known/matrix/client `{"m.homeserver": {"base_url": "https://${cfg.domain}"}}`
+            reverse_proxy /_matrix/* unix//run/continuwuity/continuwuity.sock
+          '';
+        };
       };
     };
   };
diff --git a/system/server/nextcloud.nix b/system/server/nextcloud.nix
index 8b2876d..374156a 100644
--- a/system/server/nextcloud.nix
+++ b/system/server/nextcloud.nix
@@ -4,18 +4,24 @@
   lib,
   ...
 }: let
-  inherit (config.niksos) server;
-  host = "cloud.jsw.tf";
-  nginxRoot = config.services.nginx.virtualHosts.${host}.root;
+  name = "nextcloud";
+  cfg = import ./lib/extractWebOptions.nix {inherit config name;};
+
+  inherit (cfg) enable domain;
+
+  nginxRoot = config.services.nginx.virtualHosts.${domain}.root;
   fpmSocket = config.services.phpfpm.pools.nextcloud.socket;
   imaginaryPort = 9004;
 in {
-  config = lib.mkIf server {
+  options = import ./lib/webOptions.nix {inherit config lib name;};
+
+  config = lib.mkIf enable {
     users.groups.nextcloud.members = ["nextcloud" "caddy"];
+
     services = {
       nextcloud = {
         enable = true;
-        hostName = host;
+        hostName = domain;
 
         # Need to manually increment with every major upgrade.
         package = pkgs.nextcloud31;
@@ -77,12 +83,12 @@ in {
           dbtype = "pgsql";
         };
       };
-      imaginary = {
-        enable = true;
-        port = imaginaryPort;
-        address = "localhost";
-        settings.returnSize = true;
-      };
+      # imaginary = { #FIXME: doesn't start.
+      #   enable = true;
+      #   port = imaginaryPort;
+      #   address = "localhost";
+      #   settings.returnSize = true;
+      # };
 
       nginx.enable = lib.mkForce false;
       phpfpm.pools.nextcloud.settings = let
@@ -91,58 +97,62 @@ in {
         "listen.owner" = user;
         "listen.group" = group;
       };
-      caddy.virtualHosts."${host}".extraConfig = ''
-        encode zstd gzip
 
-        root * ${nginxRoot}
+      caddy = {
+        enable = true;
+        virtualHosts.${domain}.extraConfig = ''
+          encode zstd gzip
 
-        redir /.well-known/carddav /remote.php/dav 301
-        redir /.well-known/caldav /remote.php/dav 301
-        redir /.well-known/* /index.php{uri} 301
-        redir /remote/* /remote.php{uri} 301
+          root * ${nginxRoot}
 
-        header {
-          Strict-Transport-Security max-age=31536000
-          Permissions-Policy interest-cohort=()
-          X-Content-Type-Options nosniff
-          X-Frame-Options SAMEORIGIN
-          Referrer-Policy no-referrer
-          X-XSS-Protection "1; mode=block"
-          X-Permitted-Cross-Domain-Policies none
-          X-Robots-Tag "noindex, nofollow"
-          -X-Powered-By
-        }
+          redir /.well-known/carddav /remote.php/dav 301
+          redir /.well-known/caldav /remote.php/dav 301
+          redir /.well-known/* /index.php{uri} 301
+          redir /remote/* /remote.php{uri} 301
 
-        php_fastcgi unix/${fpmSocket} {
-          root ${nginxRoot}
-          env front_controller_active true
-          env modHeadersAvailable true
-        }
+          header {
+            Strict-Transport-Security max-age=31536000
+            Permissions-Policy interest-cohort=()
+            X-Content-Type-Options nosniff
+            X-Frame-Options SAMEORIGIN
+            Referrer-Policy no-referrer
+            X-XSS-Protection "1; mode=block"
+            X-Permitted-Cross-Domain-Policies none
+            X-Robots-Tag "noindex, nofollow"
+            -X-Powered-By
+          }
 
-        @forbidden {
-          path /build/* /tests/* /config/* /lib/* /3rdparty/* /templates/* /data/*
-          path /.* /autotest* /occ* /issue* /indie* /db_* /console*
-          not path /.well-known/*
-        }
-        error @forbidden 404
+          php_fastcgi unix/${fpmSocket} {
+            root ${nginxRoot}
+            env front_controller_active true
+            env modHeadersAvailable true
+          }
 
-        @immutable {
-          path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite
-          query v=*
-        }
-        header @immutable Cache-Control "max-age=15778463, immutable"
+          @forbidden {
+            path /build/* /tests/* /config/* /lib/* /3rdparty/* /templates/* /data/*
+            path /.* /autotest* /occ* /issue* /indie* /db_* /console*
+            not path /.well-known/*
+          }
+          error @forbidden 404
 
-        @static {
-          path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite
-          not query v=*
-        }
-        header @static Cache-Control "max-age=15778463"
+          @immutable {
+            path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite
+            query v=*
+          }
+          header @immutable Cache-Control "max-age=15778463, immutable"
 
-        @woff2 path *.woff2
-        header @woff2 Cache-Control "max-age=604800"
+          @static {
+            path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite
+            not query v=*
+          }
+          header @static Cache-Control "max-age=15778463"
 
-        file_server
-      '';
+          @woff2 path *.woff2
+          header @woff2 Cache-Control "max-age=604800"
+
+          file_server
+        '';
+      };
     };
   };
 }
diff --git a/system/server/temp.nix b/system/server/temp.nix
index 2a31e1e..824555d 100644
--- a/system/server/temp.nix
+++ b/system/server/temp.nix
@@ -1,14 +1,15 @@
+#WARNING: deprecated
 {
-  config,
-  pkgs,
-  lib,
-  inputs,
-  ...
-}: {
-  config = lib.mkIf config.niksos.server {
-    # NOTE: allows me to spin up temporarily services.
-    services.caddy.virtualHosts."temp.jsw.tf".extraConfig = ''
-      reverse_proxy :8000
-    '';
-  };
+  #   config,
+  #   pkgs,
+  #   lib,
+  #   inputs,
+  #   ...
+  # }: {
+  #   config = lib.mkIf config.niksos.server {
+  #     # NOTE: allows me to spin up temporarily services.
+  #     services.caddy.virtualHosts."temp.jsw.tf".extraConfig = ''
+  #       reverse_proxy :8000
+  #     '';
+  #   };
 }
diff --git a/system/server/zitadel.nix b/system/server/zitadel.nix
index 7bd32a7..7a3edc1 100644
--- a/system/server/zitadel.nix
+++ b/system/server/zitadel.nix
@@ -3,15 +3,22 @@
   lib,
   ...
 }: let
-  ExternalDomain = "z.jsw.tf";
+  name = "zitadel";
+  cfg = import ./lib/extractWebOptions.nix {inherit config name;};
+
   Port = 9000;
 in {
+  options = import ./lib/webOptions.nix {inherit config lib name;};
+
   config =
-    lib.mkIf config.niksos.server
+    lib.mkIf cfg.enable
     {
-      services.caddy.virtualHosts.${ExternalDomain}.extraConfig = ''
-        reverse_proxy localhost:${builtins.toString Port}
-      '';
+      services.caddy = {
+        enable = true;
+        virtualHosts.${cfg.domain}.extraConfig = ''
+          reverse_proxy localhost:${builtins.toString Port}
+        '';
+      };
 
       # services.zitadel = {
       #   enable = true;
@@ -32,8 +39,10 @@ in {
           enable = true;
           masterKeyFile = config.age.secrets.zitadel-key.path;
           settings = {
-            inherit Port ExternalDomain;
+            inherit Port;
+            ExternalDomain = cfg.domain;
             ExternalPort = 443;
+
             Database.postgres = {
               Host = "/var/run/postgresql/";
               Port = 5432;
@@ -53,9 +62,9 @@ in {
           steps.FirstInstance = {
             InstanceName = "jsw";
             Org = {
-              Name = "jsw";
+              Name = "jsw-admin";
               Human = {
-                UserName = "jsw@jsw.tf";
+                UserName = "jsw-admin@jsw.tf";
                 FirstName = "Jurn";
                 LastName = "Wubben";
                 Email.Verified = true;

From cc65757a1fe6abf785ff0e1e53794fcf222c50db Mon Sep 17 00:00:00 2001
From: Jurn Wubben <jsw@jsw.tf>
Date: Mon, 15 Sep 2025 20:16:31 +0200
Subject: [PATCH 2/6] Updated flake; small fixes to account for update; added
 unity for laptop

---
 flake.lock                         | 114 ++++++++++++++---------------
 home/programs/neovim.nix           |   7 +-
 home/programs/nixcord.nix          |   2 +-
 home/programs/other.nix            |   1 -
 home/wayland/hyprland/binds.nix    |  17 ++++-
 home/wayland/hyprland/settings.nix |   7 +-
 hosts/laptop/default.nix           |  27 ++++++-
 switch.sh                          |   2 +-
 system/hardware/fingerprint.nix    |   6 +-
 system/hardware/power.nix          |   2 +-
 system/nix/default.nix             |   4 +-
 11 files changed, 111 insertions(+), 78 deletions(-)

diff --git a/flake.lock b/flake.lock
index 33dbc22..145cbfc 100644
--- a/flake.lock
+++ b/flake.lock
@@ -28,11 +28,11 @@
         "fromYaml": "fromYaml"
       },
       "locked": {
-        "lastModified": 1746562888,
-        "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=",
+        "lastModified": 1755819240,
+        "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=",
         "owner": "SenchoPens",
         "repo": "base16.nix",
-        "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89",
+        "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6",
         "type": "github"
       },
       "original": {
@@ -131,11 +131,11 @@
     "firefox-gnome-theme": {
       "flake": false,
       "locked": {
-        "lastModified": 1748383148,
-        "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=",
+        "lastModified": 1756083905,
+        "narHash": "sha256-UqYGTBgI5ypGh0Kf6zZjom/vABg7HQocB4gmxzl12uo=",
         "owner": "rafaelmardojai",
         "repo": "firefox-gnome-theme",
-        "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf",
+        "rev": "b655eaf16d4cbec9c3472f62eee285d4b419a808",
         "type": "github"
       },
       "original": {
@@ -195,11 +195,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1754487366,
-        "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
+        "lastModified": 1756770412,
+        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
+        "rev": "4524271976b625a4a605beefd893f270620fd751",
         "type": "github"
       },
       "original": {
@@ -234,11 +234,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753121425,
-        "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=",
+        "lastModified": 1756770412,
+        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e",
+        "rev": "4524271976b625a4a605beefd893f270620fd751",
         "type": "github"
       },
       "original": {
@@ -255,11 +255,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1751413152,
-        "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
+        "lastModified": 1756770412,
+        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
+        "rev": "4524271976b625a4a605beefd893f270620fd751",
         "type": "github"
       },
       "original": {
@@ -329,11 +329,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754416808,
-        "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=",
+        "lastModified": 1757588530,
+        "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864",
+        "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411",
         "type": "github"
       },
       "original": {
@@ -407,11 +407,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754593726,
-        "narHash": "sha256-bo6aSfDS/GGfM/6LXCKLH/246fDSKjFnBsaRMNE+Wmc=",
+        "lastModified": 1757920978,
+        "narHash": "sha256-Mv16aegXLulgyDunijP6SPFJNm8lSXb2w3Q0X+vZ9TY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "5de16c704b0fc8f519b2c19ed3f683a9e68f3884",
+        "rev": "11cc5449c50e0e5b785be3dfcb88245232633eb8",
         "type": "github"
       },
       "original": {
@@ -444,11 +444,11 @@
     },
     "mnw": {
       "locked": {
-        "lastModified": 1748710831,
-        "narHash": "sha256-eZu2yH3Y2eA9DD3naKWy/sTxYS5rPK2hO7vj8tvUCSU=",
+        "lastModified": 1756659871,
+        "narHash": "sha256-v6Rh4aQ6RKjM2N02kK9Usn0Ix7+OY66vNpeklc1MnGE=",
         "owner": "Gerg-L",
         "repo": "mnw",
-        "rev": "cff958a4e050f8d917a6ff3a5624bc4681c6187d",
+        "rev": "ed6cc3e48557ba18266e598a5ebb6602499ada16",
         "type": "github"
       },
       "original": {
@@ -500,11 +500,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754800038,
-        "narHash": "sha256-UbLO8/0pVBXLJuyRizYOJigtzQAj8Z2bTnbKSec/wN0=",
+        "lastModified": 1757822619,
+        "narHash": "sha256-3HIpe3P2h1AUPYcAH9cjuX0tZOqJpX01c0iDwoUYNZ8=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "b65f8d80656f9fcbd1fecc4b7f0730f468333142",
+        "rev": "050a5feb5d1bb5b6e5fc04a7d3d816923a87c9ea",
         "type": "github"
       },
       "original": {
@@ -520,11 +520,11 @@
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1754583575,
-        "narHash": "sha256-GLCNsMGuQQLq3B3+C+jEybyQCtV0xJytGjibNU3tg70=",
+        "lastModified": 1757726013,
+        "narHash": "sha256-7RPKqqlc5xawEbASZh18b6HX9FogiVTPIw0KdMEjpn8=",
         "owner": "kaylorben",
         "repo": "nixcord",
-        "rev": "e049d77a74b3360791800a1d50cbe9518d96b764",
+        "rev": "2133f2ab5af34dab65f5aa17f1f343777bc71070",
         "type": "github"
       },
       "original": {
@@ -551,11 +551,11 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1753579242,
-        "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=",
+        "lastModified": 1754788789,
+        "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e",
+        "rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
         "type": "github"
       },
       "original": {
@@ -629,11 +629,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1754498491,
-        "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=",
+        "lastModified": 1757745802,
+        "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134",
+        "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1",
         "type": "github"
       },
       "original": {
@@ -674,11 +674,11 @@
     },
     "nixpkgs_7": {
       "locked": {
-        "lastModified": 1751792365,
-        "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
+        "lastModified": 1756819007,
+        "narHash": "sha256-12V64nKG/O/guxSYnr5/nq1EfqwJCdD2+cIGmhz3nrE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
+        "rev": "aaff8c16d7fc04991cac6245bee1baa31f72b1e1",
         "type": "github"
       },
       "original": {
@@ -700,11 +700,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1751906969,
-        "narHash": "sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw=",
+        "lastModified": 1756961635,
+        "narHash": "sha256-hETvQcILTg5kChjYNns1fD5ELdsYB/VVgVmBtqKQj9A=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "ddb679f4131e819efe3bbc6457ba19d7ad116f25",
+        "rev": "6ca27b2654ac55e3f6e0ca434c1b4589ae22b370",
         "type": "github"
       },
       "original": {
@@ -724,11 +724,11 @@
         "systems": "systems_3"
       },
       "locked": {
-        "lastModified": 1754552918,
-        "narHash": "sha256-vbT+nGdMLNAeYZ1S5WBBLJTVWosGne2VRt46rqPfB2A=",
+        "lastModified": 1757773905,
+        "narHash": "sha256-lM1K3cJsPQyiSGI3rE/F7u02fA/JYBsinMN49IQCY1s=",
         "owner": "notashelf",
         "repo": "nvf",
-        "rev": "d61de135ce174f4e04b4e509de02e1afe040a834",
+        "rev": "7e74ee604a7c18dda21e6a809720ad37ab5bae43",
         "type": "github"
       },
       "original": {
@@ -793,11 +793,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1754597531,
-        "narHash": "sha256-OpC9/PBIuL2WEJUkcuD/wVxI8r+3o6f5RylSIefjHo4=",
+        "lastModified": 1757360005,
+        "narHash": "sha256-VwzdFEQCpYMU9mc7BSQGQe5wA1MuTYPJnRc9TQCTMcM=",
         "owner": "nix-community",
         "repo": "stylix",
-        "rev": "63bb34a66ad7d1af2e95ee20dd675896b2074c32",
+        "rev": "834a743c11d66ea18e8c54872fbcc72ce48bc57f",
         "type": "github"
       },
       "original": {
@@ -917,11 +917,11 @@
     "tinted-schemes": {
       "flake": false,
       "locked": {
-        "lastModified": 1750770351,
-        "narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=",
+        "lastModified": 1754779259,
+        "narHash": "sha256-8KG2lXGaXLUE0F/JVwLQe7kOVm21IDfNEo0gfga5P4M=",
         "owner": "tinted-theming",
         "repo": "schemes",
-        "rev": "5a775c6ffd6e6125947b393872cde95867d85a2a",
+        "rev": "097d751b9e3c8b97ce158e7d141e5a292545b502",
         "type": "github"
       },
       "original": {
@@ -933,11 +933,11 @@
     "tinted-tmux": {
       "flake": false,
       "locked": {
-        "lastModified": 1751159871,
-        "narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=",
+        "lastModified": 1754788770,
+        "narHash": "sha256-LAu5nBr7pM/jD9jwFc6/kyFY4h7Us4bZz7dvVvehuwo=",
         "owner": "tinted-theming",
         "repo": "tinted-tmux",
-        "rev": "bded5e24407cec9d01bd47a317d15b9223a1546c",
+        "rev": "fb2175accef8935f6955503ec9dd3c973eec385c",
         "type": "github"
       },
       "original": {
@@ -949,11 +949,11 @@
     "tinted-zed": {
       "flake": false,
       "locked": {
-        "lastModified": 1751158968,
-        "narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=",
+        "lastModified": 1755613540,
+        "narHash": "sha256-zBFrrTxHLDMDX/OYxkCwGGbAhPXLi8FrnLhYLsSOKeY=",
         "owner": "tinted-theming",
         "repo": "base16-zed",
-        "rev": "86a470d94204f7652b906ab0d378e4231a5b3384",
+        "rev": "937bada16cd3200bdbd3a2f5776fc3b686d5cba0",
         "type": "github"
       },
       "original": {
diff --git a/home/programs/neovim.nix b/home/programs/neovim.nix
index 317fa0c..c2f6e30 100644
--- a/home/programs/neovim.nix
+++ b/home/programs/neovim.nix
@@ -53,13 +53,17 @@
 
         ts = {
           enable = true;
-          lsp.server = "ts_ls";
+          lsp.server = "denols";
           extensions.ts-error-translator.enable = true;
         };
         clang = {
           enable = true;
           lsp.enable = true;
         };
+        typst = {
+          enable = true;
+          format.type = "typstyle";
+        };
 
         bash.enable = true;
         css.enable = true;
@@ -67,7 +71,6 @@
         markdown.enable = true;
         nix.enable = true;
         svelte.enable = true;
-        typst.enable = true;
         rust.enable = true;
         python.enable = true;
       };
diff --git a/home/programs/nixcord.nix b/home/programs/nixcord.nix
index 9a72e27..96aa1f4 100644
--- a/home/programs/nixcord.nix
+++ b/home/programs/nixcord.nix
@@ -23,7 +23,7 @@
           "callTimer"
           "clearURLs"
           "copyFileContents"
-          "emoteCloner"
+          # "emoteCloner"
           "fakeNitro"
           "fixYoutubeEmbeds"
           "friendsSince"
diff --git a/home/programs/other.nix b/home/programs/other.nix
index 49c037e..c02cefa 100644
--- a/home/programs/other.nix
+++ b/home/programs/other.nix
@@ -13,7 +13,6 @@
       pkgs.gimp
       pkgs.inkscape
       pkgs.thunderbird
-      pkgs.stremio
     ]
     ++ lib.optional osConfig.niksos.hardware.portable.enable self.packages.${pkgs.system}.visicut;
 }
diff --git a/home/wayland/hyprland/binds.nix b/home/wayland/hyprland/binds.nix
index 203049e..efb728f 100644
--- a/home/wayland/hyprland/binds.nix
+++ b/home/wayland/hyprland/binds.nix
@@ -64,6 +64,9 @@
       ]
     )
     10);
+
+  volumeUp = "${wpctl} set-volume -l '1.0' @DEFAULT_AUDIO_SINK@ 6%+";
+  volumeDown = "${wpctl} set-volume -l '1.0' @DEFAULT_AUDIO_SINK@ 6%-";
 in {
   wayland.windowManager.hyprland.settings = {
     "$m" = "ALT";
@@ -138,10 +141,20 @@ in {
 
     bindle = [
       # volume
-      ", XF86AudioRaiseVolume, exec, ${wpctl} set-volume -l '1.0' @DEFAULT_AUDIO_SINK@ 6%+"
-      ", XF86AudioLowerVolume, exec, ${wpctl} set-volume -l '1.0' @DEFAULT_AUDIO_SINK@ 6%-"
+      ", XF86AudioRaiseVolume, exec, ${volumeUp}"
+      ", XF86AudioLowerVolume, exec, ${volumeDown}"
       ",XF86MonBrightnessUp, exec, ${brightnessctl} s 10%+"
       ",XF86MonBrightnessDown, exec, ${brightnessctl} s 10%-"
     ];
+
+    gesture = [
+      "3, down, close"
+      "3, up, fullscreen"
+      "3, horizontal, workspace"
+      "4, left, dispatcher, exec, ${playerctl} previous"
+      "4, right, dispatcher, exec,  ${playerctl} next"
+      "4, up, dispatcher, exec, ${volumeUp}"
+      "4, down, dispatcher, exec, ${volumeDown}"
+    ];
   };
 }
diff --git a/home/wayland/hyprland/settings.nix b/home/wayland/hyprland/settings.nix
index f8f5930..4aad142 100644
--- a/home/wayland/hyprland/settings.nix
+++ b/home/wayland/hyprland/settings.nix
@@ -74,12 +74,6 @@
       };
     };
 
-    gestures = {
-      workspace_swipe = true;
-      workspace_swipe_forever = true;
-      workspace_swipe_direction_lock = false;
-    };
-
     dwindle = {
       pseudotile = true;
       preserve_split = true;
@@ -97,6 +91,7 @@
       "float, class:foot-somcli"
       "size >30% >30%, class:foot-somcli"
     ];
+
     #NOTE: Also check home/wayland/hyprland/binds + system/hardware/fingerprint
   };
 }
diff --git a/hosts/laptop/default.nix b/hosts/laptop/default.nix
index 3a7927b..3a8d7b4 100644
--- a/hosts/laptop/default.nix
+++ b/hosts/laptop/default.nix
@@ -1,13 +1,16 @@
 {
+  pkgs,
+  lib,
+  ...
+}: {
   imports = [
     ./hardware-configuration.nix
-    # ./virt.nix
+    ./virt.nix
   ];
 
   # programs.appimage.enable = true;
   # programs.evolution.enable = true; # TODO: move to appropiate place.
 
-  # ! HII
   niksos = {
     hardware = {
       joycond = false; #NOTE: enable when game night lol
@@ -39,6 +42,26 @@
   };
   home-manager.users.jsw.wayland.windowManager.hyprland.settings.monitor = ["eDP-1,2880x1920@120,0x0,1.5,vrr,1"];
 
+  #FIXME: unity
+  nixpkgs.config.permittedInsecurePackages = ["libxml2-2.13.8"];
+  environment = {
+    etc.vscode.source = lib.getExe pkgs.vscodium;
+    systemPackages = let
+      unityhub = pkgs.unityhub.overrideAttrs (prevAttrs: {
+        nativeBuildInputs = (prevAttrs.nativeBuildInputs or []) ++ [pkgs.makeBinaryWrapper];
+
+        postInstall =
+          (prevAttrs.postInstall or "")
+          + ''
+            wrapProgram $out/bin/unityhub --set GDK_SCALE 2 --set GDK_DPI_SCALE 0.5
+          '';
+      });
+    in [
+      unityhub
+    ];
+  };
+  #ENDFIXME
+
   services.udev.extraRules = ''
     # Ethernet expansion card support
     ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0bda", ATTR{idProduct}=="8156", ATTR{power/autosuspend}="20"
diff --git a/switch.sh b/switch.sh
index 713ffef..a9c481d 100755
--- a/switch.sh
+++ b/switch.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 NH_FLAKE=$(mktemp -d)
-git clone . "$NH_FLAKE" #TODO: replace . with valid bash for script dir.
+cp -r . "$NH_FLAKE" #TODO: replace . with valid bash for script dir.
 
 cd "$NH_FLAKE" || exit
 git lfs install
diff --git a/system/hardware/fingerprint.nix b/system/hardware/fingerprint.nix
index a506268..d6e388b 100644
--- a/system/hardware/fingerprint.nix
+++ b/system/hardware/fingerprint.nix
@@ -13,10 +13,10 @@ in {
   config = mkIf hardware.fingerprint {
     services = {
       fprintd.enable = true;
-      logind.extraConfig = mkIf hypr ''
+      logind.settings.Login = mkIf hypr {
         # donâ€™t shutdown when power button is short-pressed
-        HandlePowerKey=ignore
-      '';
+        HandlePowerKey = "ignore";
+      };
     };
 
     home-manager.users.jsw.wayland.windowManager.hyprland.settings = mkIf hypr {
diff --git a/system/hardware/power.nix b/system/hardware/power.nix
index 7521e27..03c486d 100644
--- a/system/hardware/power.nix
+++ b/system/hardware/power.nix
@@ -9,7 +9,7 @@
 in {
   config = lib.mkIf cfg.enable {
     services = {
-      logind = {
+      logind.settings.Login = {
         powerKey = "suspend-then-hibernate";
         powerKeyLongPress = "poweroff";
       };
diff --git a/system/nix/default.nix b/system/nix/default.nix
index f55a962..a11da8e 100644
--- a/system/nix/default.nix
+++ b/system/nix/default.nix
@@ -20,7 +20,7 @@
   nix = let
     flakeInputs = lib.filterAttrs (_: v: lib.isType "flake" v) inputs;
   in {
-    package = pkgs.lix;
+    # package = pkgs.lix;
 
     # pin the registry to avoid downloading and evaling a new nixpkgs version every time
     registry = lib.mapAttrs (_: v: {flake = v;}) flakeInputs;
@@ -31,7 +31,7 @@
     settings = {
       auto-optimise-store = true;
       builders-use-substitutes = true;
-      experimental-features = ["nix-command" "flakes" "repl-flake"];
+      experimental-features = ["nix-command" "flakes"];
       flake-registry = "/etc/nix/registry.json";
 
       # for direnv GC roots

From 080db81f5a6adebbd85d5d835c84bb208dd510dd Mon Sep 17 00:00:00 2001
From: Jurn Wubben <jsw@jsw.tf>
Date: Mon, 15 Sep 2025 20:27:23 +0200
Subject: [PATCH 3/6] Abstracted mkif enable for server options in secrets

---
 secrets/default.nix | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/secrets/default.nix b/secrets/default.nix
index f8b1a50..c1cafa6 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -3,9 +3,9 @@
   lib,
   ...
 }: let
-  inherit (lib) mkIf;
   inherit (config.niksos) server;
 
+  isEnabled = x: lib.mkIf server.${x}.enable;
   serviceUser = x: config.systemd.services.${x}.serviceConfig.User;
   abstrServiceUser = x: config.services.${x}.user;
   abstrServiceGroup = x: config.services.${x}.group;
@@ -14,35 +14,35 @@ in {
     password.file = ./password.age;
 
     # NOTE: server things
-    jsw-bot = mkIf server.jsw-bot.enable {
+    jsw-bot = isEnabled "jsw-bot" {
       file = ./jsw-bot.age;
       owner = serviceUser "jsw-bot"; #
     };
-    derek-bot = mkIf server.derek-bot.enable {
+    derek-bot = isEnabled "derek-bot" {
       file = ./derek-bot.age;
       owner = "derek-bot";
     };
-    # matrix-registration = mkIf server.matrix.enable {
+    # matrix-registration = isEnabled "matrix" {
     #   file = ./matrix-registration.age;
     #   owner = abstrServiceUser "matrix-continuwuity";
     # };
-    mail-admin = mkIf server.stalwart.enable {
+    mail-admin = isEnabled "stalwart" {
       # owner = serviceUser "stalwart-mail"; #FIXME: revert when stopped using docker for stalwart.
       file = ./mail-admin.age;
     };
-    zitadel-key = mkIf server.zitadel.enable {
+    zitadel-key = isEnabled "zitadel" {
       file = ./zitadel-key.age;
       owner = abstrServiceUser "zitadel";
     };
-    forgejo-mailpass = mkIf server.forgejo.enable {
+    forgejo-mailpass = isEnabled "forgejo" {
       file = ./forgejo-mailpass.age;
       owner = abstrServiceUser "forgejo";
     };
-    immich-oidc = mkIf server.immich.enable {
+    immich-oidc = isEnabled "immich" {
       file = ./immich-oidc.age;
       owner = abstrServiceUser "immich";
     };
-    nextcloud-admin-pass = mkIf server.nextcloud.enable {
+    nextcloud-admin-pass = isEnabled "nextcloud" {
       file = ./nextcloud-admin-pass.age;
       owner = "nextcloud"; #NOTE: not a clear 'nextcloud.service' or 'services.nextcloud.user'.
     };

From fd140b740e9a1d52297995134365c85de05588db Mon Sep 17 00:00:00 2001
From: Jurn Wubben <jsw@jsw.tf>
Date: Mon, 15 Sep 2025 20:33:11 +0200
Subject: [PATCH 4/6] Updated derekbot for new changes

---
 system/server/derek-bot.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/system/server/derek-bot.nix b/system/server/derek-bot.nix
index 23d5d9d..ec9df16 100644
--- a/system/server/derek-bot.nix
+++ b/system/server/derek-bot.nix
@@ -55,6 +55,11 @@ in {
         git fetch
         git reset --hard origin/HEAD
 
+        cat > .env <<EOF
+        DATABASE_PATH='../daataabaasaa.db'
+        SECRETS_PATH='../Breadener-token/prodBot.json'
+        EOF
+
         DENO_DIR=${denoDir} deno i
       '';
 
@@ -64,7 +69,7 @@ in {
         User = userGroup;
         Group = userGroup;
         Restart = "always";
-        RuntimeMaxSec = 6 * 60 * 60; # 6h * 60min * 60s
+        RuntimeMaxSec = 1 * 60 * 60; # 1h * 60min * 60s
       };
     };
 

From e14a7d8b5eb0befe62773efcd18a11b818c35847 Mon Sep 17 00:00:00 2001
From: Jurn Wubben <jsw@jsw.tf>
Date: Mon, 15 Sep 2025 20:36:39 +0200
Subject: [PATCH 5/6] Logind option changes now also applied to lapserv host
 files.

---
 hosts/lapserv/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/lapserv/default.nix b/hosts/lapserv/default.nix
index 6e416f4..4f334ec 100644
--- a/hosts/lapserv/default.nix
+++ b/hosts/lapserv/default.nix
@@ -59,5 +59,5 @@
     AllowHybridSleep=no
     AllowSuspendThenHibernate=no
   '';
-  services.logind.lidSwitchExternalPower = "ignore"; # INFO: Above apparantly wasn't enough. logind is flooding my logs.
+  services.logind.settings.Login.lidSwitchExternalPower = "ignore"; # INFO: Above apparantly wasn't enough. logind is flooding my logs.
 }

From b90fdb0b8f1aeaaa9d8922b84566a99ecc8aad1a Mon Sep 17 00:00:00 2001
From: Jurn Wubben <jsw@jsw.tf>
Date: Wed, 17 Sep 2025 09:00:12 +0000
Subject: [PATCH 6/6] Made pr worky

---
 hosts/lapserv/hardware-configuration.nix |  53 +++++++++++++----------
 secrets/jsw-bot.age                      | Bin 1425 -> 1427 bytes
 system/server/jsw-bot.nix                |   8 ++--
 system/server/lib/extractWebOptions.nix  |   6 +--
 4 files changed, 36 insertions(+), 31 deletions(-)

diff --git a/hosts/lapserv/hardware-configuration.nix b/hosts/lapserv/hardware-configuration.nix
index 5d3b114..282444c 100644
--- a/hosts/lapserv/hardware-configuration.nix
+++ b/hosts/lapserv/hardware-configuration.nix
@@ -1,39 +1,44 @@
 # Do not modify this file!  It was generated by â€˜nixos-generate-configâ€™
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
 {
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
 
-  boot = {
-    initrd.availableKernelModules = ["xhci_pci" "ahci" "sd_mod"];
-    initrd.kernelModules = [];
-    kernelModules = ["kvm-intel"];
-    extraModulePackages = [];
-  };
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
 
-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-uuid/33b7e681-d92a-40db-a172-b797591a1e2e";
+  # fileSystems."/" =
+  #   { device = "/dev/disk/by-uuid/33b7e681-d92a-40db-a172-b797591a1e2e";
+  #     fsType = "ext4";
+  #   };
+  #
+  # fileSystems."/boot" =
+  #   { device = "/dev/disk/by-uuid/0BEA-7525";
+  #     fsType = "vfat";
+  #     options = [ "fmask=0022" "dmask=0022" ];
+  #   };
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/2ce4b2b1-0083-43b2-bd8d-0e8cd21b1ef6";
       fsType = "ext4";
     };
 
-    "/boot" = {
-      device = "/dev/disk/by-uuid/0BEA-7525";
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/AE71-FD70";
       fsType = "vfat";
-      options = ["fmask=0022" "dmask=0022"];
+      options = [ "fmask=0022" "dmask=0022" ];
     };
-  };
-  swapDevices = [];
 
-  networking.useDHCP = lib.mkDefault true;
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/f5af06e8-e285-4565-abc3-fdd0ddde4736"; }
+    ];
+
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
diff --git a/secrets/jsw-bot.age b/secrets/jsw-bot.age
index 3e8c6a9e9ad3a0ef67e30611c4a5f9e57c4077f3..425482db78d0cd39ac23485018e42d0de87da0fb 100644
GIT binary patch
delta 1343
zcmbQpJ(+ugPJMZ3pucI5nPGaOPo`0Ed6G%GcT%!<ZiQc%X<0^blyP!mT84gvNp?;~
zGMA5wg|C-ErB9{4QIfg2TZxm0VW^kCS9VE+c6yReuurmfa%5Cisd0u+K9{bYLUD11
zZfc5=si~o*f^S-od6=Vue^P#Fa$=;VL4-xBVTwydm|Lh*xN&N>N2H;<p;>vVPi}Tf
zl(At!pi5Rcm#=e%zOhM8R(?T*X<C$bs$Z&+nV-3@PpWrDiI1~Kp<k%Cc1n6da-mb;
z#E;_P?v^IzVP?6xj+RAcC9bJa86~cT5$R6pMrH<%zM-ZePA-WSCFN;_Q7(a8PF}e=
z<t~MOUVg>i?yd%vIYt&qW*+7##qNd%enm+k1(n*y1%|o75t*Tr;~B-n%ff<F45Iv_
z3__FjGYee&%|pt}(=Bt2OmeD<DuODK+(O-gEeZnNEi!$%w986@L;YPns<O?>T--gi
z6VuH-%q>f`%R?hf%9BDo(u<PZikuz2Gs1l*pJf!U_cks~cTFmcs!S~m_AJdyOpJ1N
z4AhQDiA-_#FwAkwh{}n|FEK1jDl1Rt3eHO^Gf4_D_e%9G_N>r12&nWbaxQf<st7T5
z2~Q5La>)xajC2h4Ds#t(fv~_zGlM{dT+0yc<h&dY|0Iia(?Da-^m^AEKMUXdM3d4&
z=bWOf-~f|!6R)I-(x4n)uBbrmLPz(oz@Sn;r_zf2<T6*Ma_5{-b0=fBQqwYn44+Kn
z;6!i7#C#V6E?r$+h14Xoa38OfG}j83Y_G~f{iNLDP?y3ylVlhD<fIVis46EX=Yrh8
zved$4F8R{?7v-7)UF+wV>CV2|k`nz&bh$YDEv2od#s@btE-i^Z@Kyf0W!IgIrY*<B
z{)X8ye`#2_;z#Ks<q7tizFk~iE_lxO{SS`+ZQrsPn4$v~><ikX7rO9Q@U*zQWtz!n
zSW2$B#N3*7tmxZkt}LD}&+qJ+%B-ufYx%0no(9*YZr%8H$mQzx6Uq~fzt#J63hGJ=
z#N^#*GVQ1jxF^1A_QJwr{nHCFZDfyEh*gDXGwx~apK!Z_JxZunD0_dF&_i{%n1s`|
z@y3yNjyw{2#P59b!p1{}6;rCiWmw*wJR^|I^DHU5UU;_N%f)w=WFN|ZR^ETtyjf_%
zJugk(!kq7KZ*F7kO+1?Fry=3+SYu~>=9T4rpN0Jtg8%MOJ8=2>`|Pyb;`^01|5{$X
zcxk!o*~!{#r}qE9mR5W3$Z4O8KepX#TJ6B_&yM|!aBWZZr)pJBbH7#Ga<QTz;qP^-
z7cW=%@!66woJ-}1y5Px6LC3236xYjz%2>p*H%+KH(z3?5)O7Wc{l6v^Tk+Z+S*GW4
zV?%xT+Vl-;#k!YD3ATGz`u>)TH;p}+*VE0Ux5(kf4b}zO<<F%=`))cPdCuL$!8PgW
z<)hYeS6?pl<5A@1uG_arl5drgM@-SlLtFJWyLGJf{W6>R`-(lAXWo7|xw+mxb3tOC
zV~t;!LUHXi)$Y<V-5vLJTy|Ksd;NZ$$x|)z-FNek`nkc)B?84<GOtai#V)?d@uqMx
zSD?JY_9q*(gRecY{Wb4`&CCVqSvGtNbC)Sx;SwzBjQ_e`yvT7AXHM##RVS|Q3gvA$
zEM_jV#~~-~(x-D<Ht9ZDe@K`AU6-uwCn3+AH-D?S`o%-!INvZXi&%W$*W|?;fm2_O
z`ZB-2tDpUOt<*8I|GWBZG#A(|+<d%dLW7;QiR3)KPMbMv9zRVEm7lS~T+7@lY{u=q
VJTvbtooFJtk!x9Kd!1hP3IO?bB>n&Z

delta 1341
zcmbQtJ&}8YPJK$Ke`-onl}~u0fmfJ&W=g3=ke`Q(wxdyUp_`Lyd1kPYac+jbX{u9}
zBbUFWxns7uTcue>VNpm{aA8=0TY;BFMU|;zriGD#dxd^+L{WKUMYfT1B$uw8LUD11
zZfc5=si~o*f^S-od6=U@x`mHvdQeJ=iBnlonQxZ9v71v#WmJi?lTVg*p-+01OI3uM
zo3m-Ae|}gbSAkh@Wrm4kRIqEfmxX?mb4W<AiLZ~RNqA9?zp+PXO1i$UqmM;eYGl5}
z#E;_PWhJJ5$q{J*`k_W;ZZ1iwd2S}29wnX?`pK!em1QZG?#77*1=^u0+D4vS`jM8I
zL5^j4q5fV0=6U61kwtFK1r<JSMNX+^N!h+3k!2pH1_kMf;Yrz(;~B-neZpK)y?l!*
z0y0Y7J%e*Sqsjt(GXpXb9ZRDkoIJHHeZ3r0j6#wOf^#CdJX}2U3=I=2Oq~l|lC`5s
z%1pEi%Mv4s3%p7K!b>u}3XLn=%?q+EL$qBdpJf!U&-BhP%Qp58sjN(@%&m+v3QZ~v
z^{k30Pjd5cb+7OU^zyYxPc+QVvUIoLs)(ovF)~dp_jL{k3(C*42+_{ac5_aRstnK6
zH?)i@Otx?>_V-9BHa7D`kAbkjN;88%g=}N5)KWjoVoSsDk}A*e@TB^ZsxpfZ%kYSh
zu)K<>qLfra7xVNA!wBt6Pp%?=cUO}%!%U|vFE>X^_nZu4NAr;IDDU#T?5I>{$I_zg
zs<M)ZR0|)MaxPt6U4_gnOTWYjgP@?4qP!&M<PhJ|g2JdW@9^9bH<PTia-;IB;?&UM
z<ibKTU#_cFj(OtV@(1cw9jm^HuTtC4HbdzLOGaB~_jP_LmP&7T-+lUjSF8C>w#bgJ
zzxB9bwb-he(x#%^C(|X>LfO72hRL4U9QnUto`A{2)_vRD_B)FAWS?3(@qvTY#gHGT
z!hh*Y^i=*Syt30p^O2`?`qK#R$1M4C`tt8D{kJu6mw@B*pKCVm<KT0dSMPnlV9xep
znfSEDGf(MWc)q?RhD$c?)2jDUHMNsYeLdo|tm#Je8!6jZ-32-M+g{80Ii6Bqrf}~_
z-iPNl59QjHO?WJpn1AJ!u63jvk5YXP52KbWTgRflET#JB)2nYD;9h8P&>(Ma((#lk
znG!yq_d6<fS>+ke*{vB8SQa64wW+9nj*|S-s13VUe4OxoA6Hu4rTMqGH{E<7vCwJu
zy2U^H7Eh7M%wKAM!D*qNs_O)2<InAPedLmpwp}W?|8mk~X{}oCFul_=YKoatXQsS0
zEl=-W*%Wcd|9V2%kJ)cDxX!2Y?&Lr0y>oKMzZ|P=$7|NC+8?oFfn1i+_o&o4)7W}~
z=4aF=@ErEp@OrnjT#vp^9#>IMQu5{(nv&%@HaQ6uUPj@Hmd{;<IXr@2e-xQ`<yqW*
zKIKo%kKTU~7eD=X)-}h)`j2*O>9*bW@m+=&Ye3np|L;<E+CGZzdam&{wSDuo)J;`x
zk7lwzIFM`o)1&jrq53(Ak-iyIGe4<aS1_FOZSm$S|Lbk?gk72fp6zPlo^yiXS@}hi
ztFyw-Fn$zat~#6fkWoi+*}?hNF%$R8o)Ix$Q!Ucx!BJ@4vVE%7o<7w+#<kZrxu5d=
zn)Y-iFRSA@>(lpVKbH6;srRSmP~u<BgFzQwGB8iOX}tZ;#V@A>0v}hN`YGNksco&A
zpZc45>!Kx3Z+>5R&Sdh}FYzvGqlz>7SLj&1&$x0h@2LK+r`x6`|EhL~UH#LDp)dB=
V=3VFb`vO!}TkkLZG;hwizW_fgF984m

diff --git a/system/server/jsw-bot.nix b/system/server/jsw-bot.nix
index 3e6f25c..3ca37a4 100644
--- a/system/server/jsw-bot.nix
+++ b/system/server/jsw-bot.nix
@@ -13,7 +13,7 @@
 
   bash = getExe pkgs.bash;
 
-  mainDir = "/var/lib/dcbot/";
+  mainDir = "/var/lib/${name}/";
   programDir = mainDir + "program";
   dataDir = mainDir + "data";
   denoDir = mainDir + "deno";
@@ -71,12 +71,12 @@ in {
       };
     };
 
-    users.groups."dcbot" = {
+    users.groups.${name} = {
       members = optional nextcloud.enable "nextcloud"; #TODO: if config.niksos.server.nextcloud
       #NOTE: for nextcloud mounted folder
     };
-    users.users."dcbot" = {
-      group = "dcbot";
+    users.users.${name} = {
+      group = name;
       isSystemUser = true;
     };
   };
diff --git a/system/server/lib/extractWebOptions.nix b/system/server/lib/extractWebOptions.nix
index 3d2245c..805fea1 100644
--- a/system/server/lib/extractWebOptions.nix
+++ b/system/server/lib/extractWebOptions.nix
@@ -11,8 +11,8 @@
     then ""
     else "${cfg.subDomain}.";
 in
+  cfg // 
   {
-    domain = "${subDomain}.${baseDomain}";
-    inherit baseDomain;
+    domain = "${subDomain}${baseDomain}";
+    inherit baseDomain subDomain;
   }
-  // cfg