home/programs/default.nix

@@ -5,7 +5,6 @@
     ./mpv.nix
     ./neovim.nix
     ./nixcord.nix
-    ./kodi.nix
     ./other.nix
   ];
 }

home/programs/kodi.nix

@@ -1,5 +0,0 @@
-{pkgs, ...}: {
-  home.packages = [
-    (pkgs.kodi-wayland.withPackages (exts: [exts.inputstream-adaptive exts.inputstreamhelper]))
-  ];
-}

home/programs/neovim.nix

@@ -41,12 +41,11 @@
         providers.wl-copy.enable = true;
         registers = "unnamedplus";
       };
-
-      options.shiftwidth = 2;
       binds = {
         whichKey.enable = true;
         cheatsheet.enable = true;
       };
+      options.shiftwidth = 2;
       languages = {
         enableFormat = true; #You can also manually overwrite each language.
         enableTreesitter = true;
@@ -121,16 +120,7 @@
         colorizer.enable = true;
         smartcolumn. enable = true;
       };
-      utility = {
-        vim-wakatime.enable = true;
-        motion.leap = {
-          enable = true;
-          mappings = {
-            leapForwardTo = "f";
-            leapBackwardTo = "F";
-          };
-        };
-      };
+      utility.vim-wakatime.enable = true;
       visuals = {
         nvim-web-devicons.enable = true;
         nvim-cursorline.enable = true;

home/shell/default.nix

@@ -2,12 +2,11 @@
   imports = [
     ./direnv.nix
     ./fish.nix
-    ./git.nix
     ./other.nix
     ./repl
     ./starship.nix
-    ./transfer.nix
     ./yazi.nix
     ./zoxide.nix
+    ./transfer.nix
   ];
 }

home/shell/git.nix

@@ -1,11 +0,0 @@
-{
-  programs = {
-    git = {
-      enable = true;
-      userEmail = "jurnwubben@gmail.com";
-      userName = "Jurn Wubben";
-      extraConfig.push.autoSetupRemote = true;
-    };
-    git-credential-oauth = true;
-  };
-}

home/shell/other.nix

@@ -7,6 +7,7 @@
 }: {
   home.packages =
     [
+      pkgs.gh
       pkgs.ripgrep
       pkgs.p7zip
       pkgs.usbutils
@@ -22,7 +23,7 @@
     ++ lib.optionals osConfig.niksos.bluetooth [
       pkgs.ear2ctl
     ]
-    ++ lib.optionals osConfig.niksos.portable.enable [
+    ++ lib.optionals osConfig.niksos.portable [
       inputs.somcli.defaultPackage.${pkgs.system}
     ];
 }

home/wayland/hyprland/binds.nix

@@ -115,9 +115,8 @@ in {
         "Super, s, exec, ${torzu}"
         "Super, d, exec, ${dolphin}"
       ])
-      ++ lib.optionals portable.enable [
+      ++ lib.optionals portable [
         "$m Shift, S, exec, ${somcli}"
-        ", XF86AudioMedia, exec, powermode toggle"
       ];
 
     bindl = [

home/wayland/hyprland/default.nix

@@ -21,12 +21,10 @@ in {
         "QT_WAYLAND_DISABLE_WINDOWDECORATION,1"
         "NIXOS_OZONE_WL,1"
       ];
-      exec-once =
-        [
+      exec-once = [
         "${uwsm} finalize"
         "${hyprlock}" # Lock screen
-        ]
-        ++ lib.optional osConfig.niksos.portable.enable "powermode sync";
+      ];
     };
   };
 }

hosts/laptop/default.nix

@@ -1,57 +1,46 @@
 {
+  pkgs,
+  lib,
+  inputs,
+  ...
+}: let
+  uwsm = lib.getExe pkgs.uwsm;
+  foot = lib.getExe pkgs.foot;
+in {
   imports = [
     ./hardware-configuration.nix
     ./virt.nix
-    ./wluma.nix
   ];
 
-  services.printing = {
-    enable = true;
-    startWhenNeeded = true;
-  };
-  hardware.printers = {
-    ensureDefaultPrinter = "Broeder";
-    ensurePrinters = [
-      {
-        deviceUri = "ipp://192.168.1.33/ipp";
-        location = "home";
-        name = "Broeder";
-        model = "everywhere";
-      }
-    ];
-  };
-
-  # programs.evolution.enable = true; # FIXME: move to appropiate place.
   niksos = {
-    joycond = false; #NOTE: enable when game night lol
     fingerprint = true;
     bluetooth = true;
-    portable = {
-      enable = true;
-      hyprland = {
-        powerSaver = ''
-          hyprctl keyword monitor eDP-1,2880x1920@60,0x0,1.5,vrr,1
-        '';
-        performance = ''
-          hyprctl keyword monitor eDP-1,2880x1920@120,0x0,1.5,vrr,1
-        '';
-      };
-    };
+    portable = true;
 
     neovim = true;
     games = true;
     desktop = {
       enable = true;
       hyprland = true;
-      kde = true;
+      kde = false;
     };
   };
   home-manager.users.jsw.wayland.windowManager.hyprland.settings.monitor = ["eDP-1,2880x1920@120,0x0,1.5,vrr,1"];
 
-  services.udev.extraRules = ''
+  services = {
+    usbmuxd.enable = true;
+    joycond.enable = true;
+    udev.extraRules = ''
       # Ethernet expansion card support
       ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0bda", ATTR{idProduct}=="8156", ATTR{power/autosuspend}="20"
     '';
+    logind.extraConfig = ''
+      # don’t shutdown when power button is short-pressed
+      HandlePowerKey=ignore
+    '';
+  };
+  hardware.sensor.iio.enable = true; # brightness sensor
+
   boot.kernelParams = [
     # There seems to be an issue with panel self-refresh (PSR) that
     # causes hangs for users.

hosts/laptop/wluma.nix

@@ -1,31 +0,0 @@
-{
-  hardware.sensor.iio.enable = true; # brightness sensor
-  home-manager.users.jsw.services.wluma = {
-    enable = true;
-    settings = {
-      als.iio = {
-        path = "/sys/bus/iio/devices";
-        thresholds = {
-          "0" = "night";
-          "10" = "dark";
-          "100" = "normal";
-          "20" = "dim";
-          "200" = "bright";
-          "500" = "outdoors";
-        };
-      };
-      output.backlight = [
-        {
-          capturer = "none";
-          name = "eDP-1";
-          path = "/sys/class/backlight/amdgpu_bl1";
-        }
-        {
-          capturer = "none";
-          name = "keyboard";
-          path = "/sys/bus/platform/devices/cros-keyboard-leds.5.auto/leds/chromeos::kbd_backlight";
-        }
-      ];
-    };
-  };
-}

hosts/minimal/default.nix

@@ -23,13 +23,7 @@
       nvidia = false;
     };
     neovim = false;
-    portable = {
-      enable = false;
-      hyprland = {
-        powerSaver = "";
-        performance = "";
-      };
-    };
+    portable = false;
     server = false;
   };
 

secrets/default.nix

@@ -1,6 +1,4 @@
-{config, ...}: let
-  serviceUser = x: config.systemd.services.${x}.serviceConfig.User;
-in {
+{config, ...}: {
   age.secrets = {
     transferSh = {
       file = ./transfer-sh.age;
@@ -10,7 +8,7 @@ in {
       file = ./dcbot.age;
       owner =
         if config.niksos.server
-        then serviceUser "dcbot" # "dcbot" doesn't exist on e.g laptop.
+        then "dcbot" # "dcbot" doesn't exist on e.g laptop.
         else "root";
     };
     password.file = ./password.age;
@@ -23,10 +21,10 @@ in {
     };
     cloudflare-acme.file = ./cloudflare-acme.age;
     mail-admin = {
-      # owner = #FIXME: revert when stopped using docker for stalwart.
-      #   if config.niksos.server
-      #   then serviceUser "stalwart-mail"
-      #   else "root";
+      owner =
+        if config.niksos.server
+        then "stalwart-mail"
+        else "root";
       file = ./mail-admin.age;
     };
   };

system/desktop/greetd.nix

@@ -2,12 +2,14 @@
   config,
   lib,
   ...
-}: {
-  config = lib.mkIf config.niksos.desktop.enable {
+}: let
+  cfg = config.niksos.desktop.enable && config.niksos.desktop.hyprland;
+in {
+  config = lib.mkIf cfg {
     # greetd display manager
     services.greetd = let
       session = {
-        command = lib.mkDefault "${lib.getExe config.programs.uwsm.package} start hyprland-uwsm.desktop";
+        command = "${lib.getExe config.programs.uwsm.package} start hyprland-uwsm.desktop";
         user = "jsw";
       };
     in {
@@ -20,6 +22,6 @@
       };
     };
 
-    programs.uwsm.enable = config.niksos.desktop.hyprland;
+    programs.uwsm.enable = true;
   };
 }

system/desktop/plasma6.nix

@@ -6,11 +6,15 @@
 }: let
   cfg = config.niksos.desktop.enable && config.niksos.desktop.kde;
 in {
-  specialisation.de.configuration = lib.mkIf cfg {
+  config = lib.mkIf cfg {
     niksos.desktop.hyprland = lib.mkForce false;
+    specialisation.de.configuration = {
       services = {
         greetd = let
-        session.command = "${pkgs.kdePackages.plasma-workspace}/bin/startplasma-wayland";
+          session = {
+            command = "${pkgs.kdePackages.plasma-workspace}/bin/startplasma-wayland";
+            user = "jsw";
+          };
         in {
           enable = true;
           settings = {
@@ -25,4 +29,5 @@ in {
 
       home-manager.users.jsw.stylix.autoEnable = false;
     };
+  };
 }

system/hardware/default.nix

@@ -3,10 +3,8 @@
 
   imports = [
     ./bluetooth.nix
+    ./graphics.nix
     ./fingerprint.nix
     ./fwupd.nix
-    ./graphics.nix
-    ./joycond.nix
-    ./power.nix
   ];
 }

system/hardware/fingerprint.nix

@@ -11,16 +11,10 @@
 in {
   options.niksos.fingerprint = mkEnableOption "fingerprint support.";
   config = mkIf fingerprint {
-    services = {
-      fprintd.enable = true;
-      logind.extraConfig = mkIf desktop.hyprland ''
-        # don’t shutdown when power button is short-pressed
-        HandlePowerKey=ignore
-      '';
-    };
+    services.fprintd.enable = true;
 
     home-manager.users.jsw.wayland.windowManager.hyprland.settings = mkIf desktop.hyprland {
-      bind = [
+      bind = mkIf fingerprint [
         ", XF86PowerOff, exec, ${uwsm} app -- pgrep fprintd-verify && exit 0 || ${foot} -a 'foot-fprintd' sh -c 'fprintd-verify && systemctl sleep'"
       ];
       windowrule = [

system/hardware/joycond.nix

@@ -1,12 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: {
-  options.niksos.joycond = lib.mkEnableOption "support for nintendo switch controllers.";
-
-  config.services = lib.mkIf config.niksos.joycond {
-    usbmuxd.enable = true;
-    joycond.enable = true;
-  };
-}

system/hardware/power.nix

@@ -1,87 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  inherit (config) niksos;
-  cfg = niksos.portable;
-in {
-  options.niksos.portable = {
-    enable = lib.mkEnableOption "battery optimisers";
-    hyprland = let
-      gen = mode:
-        lib.mkOption {
-          default = "";
-          description = "Shell commands to run when switching to ${mode} mode.";
-          type = lib.types.lines;
-        };
-    in {
-      powerSaver = gen "power-saver";
-      performance = gen "performance";
-    };
-  };
-  config = {
-    services = lib.mkIf cfg.enable {
-      logind = {
-        powerKey = "suspend-then-hibernate";
-        powerKeyLongPress = "poweroff";
-      };
-      upower.enable = true;
-      power-profiles-daemon.enable = true;
-    };
-
-    environment.systemPackages = lib.mkIf niksos.desktop.hyprland [
-      (pkgs.writeScriptBin "powermode" ''
-        #!/usr/bin/env bash
-
-        function sync() {
-          if [ "$(powerprofilesctl get)" = "power-saver" ]; then
-            hyprctl --batch "\
-                keyword animations:enabled 0;\
-                keyword decoration:shadow:enabled 0;\
-                keyword decoration:blur:enabled 0;\
-                keyword general:gaps_in 0;\
-                keyword general:gaps_out 0;\
-                keyword general:border_size 1;\
-                keyword decoration:rounding 0"
-
-            ${cfg.hyprland.powerSaver}
-          else
-            ${cfg.hyprland.performance}
-            hyprctl reload
-          fi
-
-        }
-        function toggle() {
-          if [ "$(powerprofilesctl get)" = "power-saver" ]; then
-            powerprofilesctl set performance
-          else
-            powerprofilesctl set power-saver
-          fi
-
-          sync
-        }
-
-        if [ "$#" -ne 1 ]; then
-          echo "Usage: $0 {toggle|sync}"
-          exit 1
-        fi
-
-        case "$1" in
-        toggle)
-          toggle
-          ;;
-        sync)
-          sync
-          ;;
-        *)
-          echo "Invalid option: $1"
-          echo "Usage: $0 {toggle|sync}"
-          exit 1
-          ;;
-        esac
-      '')
-    ];
-  };
-}

system/nix/substituters.nix

@@ -3,7 +3,7 @@
     substituters = [
       # high priority since it's almost always used
       "https://cache.nixos.org?priority=10"
-      # "https://cache.garnix.io"
+      "https://cache.garnix.io"
 
       # "https://anyrun.cachix.org"
       # "https://fufexan.cachix.org"
@@ -16,7 +16,7 @@
 
     trusted-public-keys = [
       "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-      # "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g= "
+      "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g= "
 
       # "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
       # "fufexan.cachix.org-1:LwCDjCJNJQf5XD2BV+yamQIMZfcKWR9ISIFy5curUsY="

system/server/default.nix

@@ -1,4 +1,4 @@
 {lib, ...}: {
-  imports = [./caddy.nix ./index ./seafile.nix ./bot.nix ./immich.nix ./matrix.nix ./mail.nix];
+  imports = [./caddy.nix ./transfer-sh.nix ./seafile.nix ./bot.nix ./immich.nix ./matrix.nix ./mail.nix];
   options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option.
 }

system/server/index/default.nix

@@ -1,14 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: {
-  services.caddy.virtualHosts."jsw.tf" = lib.mkIf config.niksos.server {
-    extraConfig = ''
-      header Content-Type text/html
-      respond <<HTML
-        ${builtins.readFile ./index.html}
-      HTML 200
-    '';
-  };
-}

system/server/index/index.html

@@ -1,86 +0,0 @@
-<!-- Yes. As you might see, this site is AI generated. Don't feel like writing anything proper until I start making something proper.-->
-
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Under Construction</title>
-    <style>
-        body {
-            font-family: Arial, sans-serif;
-            background-color: #f4f4f4;
-            color: #333;
-            display: flex;
-            justify-content: center;
-            align-items: center;
-            height: 100vh;
-            margin: 0;
-            text-align: center;
-            flex-direction: column;
-        }
-
-        h1 {
-            font-size: 3em;
-            margin-bottom: 0.5em;
-            color: #ff5722;
-        }
-
-        .fence {
-            font-size: 1.5em;
-        }
-
-        p {
-            font-size: 1.2em;
-            margin-bottom: 1em;
-            max-width: 600px;
-        }
-
-        a {
-            text-decoration: none;
-            color: #fff;
-            background-color: #007bff;
-            padding: 8px 15px;
-            border-radius: 5px;
-            transition: background-color 0.3s;
-            font-size: 1em;
-        }
-
-        a:hover {
-            background-color: #0056b3;
-        }
-
-        footer {
-            position: absolute;
-            bottom: 20px;
-            font-size: 0.9em;
-            color: #777;
-        }
-
-        .contact {
-            font-size: 1.2em;
-        }
-        .contact > p {
-            display: inline-block;
-            margin: 1em;
-            display: block;
-
-        }
-
-        .emoji {
-        }
-    </style>
-</head>
-<body>
-    <h1 class="fence">🚧🚧 This Site is Under Construction 🚧🚧</h1>
-    <p>Hello! I'm <b>jsw</b>, a frontend web developer with experience in <b>Svelte + TS</b>, <b>Nix(OS)</b> and currently learning <b>Rust</b>. This site is still under development, so please bear with me. In the meantime, feel free to reach out via email or explore my projects on GitHub.</p>
-    <div class="contact">
-        <p class="emoji">📧 <a href="mailto:info@jsw.tf">info@jsw.tf</a></p>
-        <p class="emoji">🐙 <a href="https://github.com/jsw08" target="_blank">GitHub</a></p>
-    </div>
-
-    <footer>
-        &copy; 2025 @jsw08. Source visible.
-    </footer>
-</body>
-</html>

system/server/mail.nix

@@ -1,20 +1,75 @@
-{
-  config,
-  lib,
-  ...
-}: {
-  #FIXME: revert when stopped using docker for stalwart. https://github.com/NixOS/nixpkgs/issues/416091 (look at older commits for previous code.)
-
-  config = lib.mkIf config.niksos.server {
-    virtualisation.oci-containers.containers.stalwart = {
-      image = "docker.io/stalwartlabs/stalwart:latest";
-      labels = {
-        "io.containers.autoupdate" = "registry";
+{config, ...}: {
+  services.stalwart-mail = {
+    enable = true;
+    openFirewall = false; # Don't want to open port 8080, will leave that for caddy.
+    credentials = {
+      user_admin_password = config.age.secrets.mail-admin.path;
+    };
+    settings = {
+      authentication = {
+        fallback-admin = {
+          secret = "%{file:/run/credentials/stalwart-mail.service/user_admin_password}%";
+          user = "admin";
+        };
+      };
+      server = {
+        tracer."log" = {
+          ansi = false;
+          enable = true;
+          level = "info";
+          path = "./stalwart/logs";
+          prefix = "stalwart.log";
+          rotate = "daily";
+          type = "log";
+        };
+        listener = {
+          http = {
+            bind = "127.0.0.1:9003";
+            protocol = "http";
+          };
+          imaptls = {
+            bind = "[::]:993";
+            protocol = "imap";
+            tls.implicit = true;
+          };
+          smtp = {
+            bind = "[::]:25";
+            protocol = "smtp";
+          };
+          submissions = {
+            bind = "[::]:465";
+            protocol = "smtp";
+            tls.implicit = true;
+          };
+        };
+      };
+
+      hostname = "mx1.jsw.tf";
+      lookup.default = {
+        hostname = "mx1.jsw.tf";
+        domain = "jsw.tf";
+      };
+      acme."letsencrypt" = {
+        directory = "https://acme-v02.api.letsencrypt.org/directory";
+        challenge = "tls-alpn-01";
+        contact = ["jurnwubben@gmail.com"];
+        domains = ["jsw.tf" "mx1.jsw.tf"];
+        cache = "%{BASE_PATH}%/etc/acme";
+        renew-before = "30d";
+      };
+      directory."imap".lookup.domains = ["jsw.tf"];
+      # directory."in-memory" = {
+      #   type = "memory";
+      #   principals = [
+      #     {
+      #       class = "individual";
+      #       name = "User 1";
+      #       secret = "%{file:/etc/stalwart/mail-pw1}%";
+      #       email = [""];
+      #     }
+      #   ];
+      # };
     };
-      ports = ["25:25" "465:465" "993:993" "9003:8080"];
-      volumes = [
-        "/opt/stalwart:/opt/stalwart"
-      ];
   };
   networking.firewall.allowedTCPPorts = [
     993
@@ -22,8 +77,17 @@
     465
   ];
 
-    services.caddy.virtualHosts."mail.jsw.tf".extraConfig = ''
+  services.caddy.virtualHosts = {
+    "webadmin.jsw.tf" = {
+      extraConfig = ''
         reverse_proxy http://127.0.0.1:9003
       '';
+      serverAliases = [
+        "mta-sts.jsw.tf"
+        "autoconfig.jsw.tf"
+        "autodiscover.jsw.tf"
+        "mail.jsw.tf"
+      ];
+    };
   };
 }

system/server/transfer-sh.nix

@@ -0,0 +1,25 @@
+{config, ...}: {
+  services.transfer-sh = {
+    enable = config.niksos.server;
+    settings = {
+      PURGE_DAYS = 7;
+      MAX_UPLOAD_SIZE = 4 * 1000 * 1000; # 4gb
+      # CORS_DOMAINS = "transfer.jsw.tf"; #FIXME: open it to the world wide web.
+      BASEDIR = "/var/lib/transfer.sh";
+      LISTENER = ":9000";
+      HTTP_AUTH_USER = "jsw";
+      EMAIL_CONTACT = "jurnwubben@gmail.com";
+    };
+    secretFile = config.age.secrets.transferSh.path;
+  };
+  systemd.services.transfer-sh.serviceConfig = {
+    StateDirectory = "transfer.sh";
+    StateDirectoryMode = "0750";
+  };
+
+  services.caddy.virtualHosts."share.jsw.tf" = {
+    extraConfig = ''
+      reverse_proxy :9000
+    '';
+  };
+}

system/services/default.nix

@@ -3,6 +3,7 @@
     ./tailscale.nix
     ./avahi.nix
     ./kanata.nix
+    ./power.nix
     ./ssh.nix
   ];
 }

system/services/power.nix

@@ -0,0 +1,15 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  options.niksos.portable = lib.mkEnableOption "battery optimisers";
+  config.services = lib.mkIf config.niksos.portable {
+    logind = {
+      powerKey = "suspend-then-hibernate";
+      powerKeyLongPress = "poweroff";
+    };
+    upower.enable = true;
+    power-profiles-daemon.enable = true;
+  };
+}

system/services/ssh.nix

@@ -1,7 +1,7 @@
 {config, ...}: {
   services.openssh = {
     enable = true;
-    openFirewall = !config.niksos.portable.enable;
+    openFirewall = !config.niksos.portable;
     settings.UseDns = true;
   };
 }