New Flake Style XPS fix

configuration.nix

@@ -1,4 +1,4 @@
-{ pkgs, inputs, host, ... }:
+{ pkgs, hyper, inputs, ... }:
 {
   imports = ([
     inputs.sops-nix.nixosModules.sops
@@ -40,7 +40,7 @@
     ./system-modules/users.nix
     ./system-modules/virtualisation.nix
     ./system-modules/ydotool.nix
-  ]) ++ (if (host == "NxACE") then [ 
+  ]) ++ (if (hyper.host == "NxACE") then [ 
     ./system-modules/nx2site.nix
     ./system-modules/hugo.nix
     ./system-modules/postgres.nix

flake-modules/colors.json

@@ -1,13 +1,13 @@
 {
     "base": {
-        "foreground": "#dddddd",
+        "foreground": "#dbd2f8",
-        "background": "#000000"
+        "background": "#0f062c"
     },
     "to_alter": {
-        "accent": "#8888ff",
+        "accent": "#724ce5",
-        "secondary": "#4444ff",
+        "secondary": "#ff3271",
-        "tertiary": "#44ff88",
+        "tertiary": "#ffc932",
-        "special": "#ff6666",
+        "special": "#bfe54b",
-        "weird": "#ff66ff"
+        "weird": "#e54b8b"
     }
-}
+}

flake.nix

@@ -27,14 +27,13 @@
   outputs = { self, ... }@inputs: with inputs; let
 
     system = "x86_64-linux";
-    # config = { allowUnfree = true; allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) (import ./flake-modules/allowed.nix).unfree; };
+    config = { allowUnfree = true; allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) (import ./flake-modules/allowed.nix).unfree; };
-    config = {};
 
     hyper-base = rec {
       inherit system;
       user   = "nx2";
       domain = "nx2.site";
-      home   = "/home/${user}"; # no tailing slash!
+      home   = "/home/${user}/";
     };
    
     pkgs = import nixpkgs { inherit system config; } // {
@@ -43,7 +42,7 @@
       version =  "25.05";
     };
 
-    nvidia-set    = import ./flake-modules/nvidia.nix;
+    nvidia-base    = import ./flake-modules/nvidia.nix;
     secrets       = import ./git-crypt/secrets.nix;
     rice          = import ./flake-modules/rice.nix pkgs;
 
@@ -53,9 +52,8 @@
         inherit system;
         modules = [ ./configuration.nix ];
         specialArgs = let
-          nvidia = nvidia-set // nvidia-settings;
+          hyper = hyper-base // { inherit host; nvidia = nvidia-base // nvidia-settings; };
-          hyper = hyper-base // { inherit host; };
+        in { inherit pkgs inputs hyper rice secrets; };
-        in { inherit pkgs inputs hyper rice secrets nvidia; };
       };
       make-nixos-wsl-system = host: nixpkgs.lib.nixosSystem { 
         inherit system;
@@ -91,9 +89,8 @@
         inherit pkgs;
         modules = [ ./home.nix ];
         extraSpecialArgs = let
-          hyper = hyper-base // { inherit host; };
+          hyper = hyper-base // { inherit host; nvidia = nvidia-base // nvidia-settings; };
-          nvidia = nvidia-set // nvidia-settings;
+        in { inherit pkgs inputs hyper rice secrets; };
-        in { inherit pkgs inputs hyper rice secrets nvidia; };
       };
       make-shell-configuration = host: user: home-manager.lib.homeManagerConfiguration {
         inherit pkgs;

home-modules/bitwarden.nix

@@ -1,8 +1,6 @@
-{ pkgs, hyper ... }:
+{ pkgs, hyper, ... }:
-lib.mkIf (hyper.host != "NxACE")
 {
   home.packages = with pkgs; [
     bitwarden
-    bitwarden-cli
   ];
 }

home-modules/calendar.nix

@@ -102,7 +102,7 @@ in {
       "calendar.registry.${to_safe_name calendar.name}.name" = name;
       "calendar.registry.${to_safe_name calendar.name}.type" = type;
       "calendar.registry.${to_safe_name calendar.name}.uri" = url;
-      "calendar.registry.${to_safe_name calendar.name}.username" = user;
+      "calendar.registry.${to_safe_name calendar.name}.username" = hyper.user;
       "calendar.registry.${to_safe_name calendar.name}.readOnly" = read-only;
     }) calendars
   ) // {

home-modules/email.nix

@@ -6,14 +6,14 @@ pkgs.lib.mkIf (hyper.host != "NxACE")
   ];
 
   programs.thunderbird = let
-    inherit (lib.generators) toJSON;
+    inherit (pkgs.lib.generators) toJSON;
     extensions = toJSON {} {
       "addon@darkreader.org" = "71d6c69d-55f9-4c56-888c-abdcf6efd73d";
     };
   in {
     enable = true;
     profiles = {
-      "${hyepr.user}" = {
+      "${hyper.user}" = {
         isDefault = true;
         settings = with rice.color; {
           "calendar.alarms.showmissed" = false;

home-modules/firefox.nix

@@ -1,4 +1,4 @@
-{ pkgs, hyper, ... }:
+{ pkgs, hyper, rice, ... }:
 # browser.tabs.allow_transparent_browser
 # https://www.reddit.com/r/FirefoxCSS/comments/1dqws4b/firefox_128_will_allow_the_main_browser_content/
 {
@@ -9,7 +9,7 @@
     file = with rice.color;  let
       blur = builtins.toString 20;
     in {
-      ".mozilla/firefox/${user}/chrome/userChrome.css".text = /* css */ ''
+      ".mozilla/firefox/${hyper.user}/chrome/userChrome.css".text = /* css */ ''
         :root{
           /* Popup panels */
           --arrowpanel-background                  : rgba(${rice.lib.hex-to-rgb-comma-string background}, ${builtins.toString rice.transparency}) !important;
@@ -95,7 +95,7 @@
         } 
       '';
 
-      ".mozilla/firefox/${user}/chrome/userContent.css".text = /* css */ ''
+      ".mozilla/firefox/${hyper.user}/chrome/userContent.css".text = /* css */ ''
         /* Removes the white loading page */
         /* url(about:newtab), url(about:home) */
         @-moz-document url(about:blank) {

home-modules/games.nix

@@ -1,6 +1,6 @@
 { pkgs, hyper, ... }:
 # lib.mkIf (host == "NxNORTH" || host == "NxACE")
-pkgs.lib.mkIf (host == "NxNORTH")
+pkgs.lib.mkIf (hyper.host == "NxNORTH")
 {
   home = {
     packages = (with pkgs.unstable; [

home-modules/ghostty.nix

@@ -1,7 +1,7 @@
 { config, rice, hyper, inputs, ... }:
 {
   home = {
-  packages = [ inputs.ghostty.packages.${system}.default ];
+  packages = [ inputs.ghostty.packages.${hyper.system}.default ];
     file."${config.xdg.configHome}/ghostty/config".text = with rice.color; /* ini */ ''
       font-family="${rice.font.code.name}"
       clipboard-read=allow

home-modules/gimp.nix

@@ -1,6 +1,6 @@
-{ pkgs-latest, ... }:
+{ pkgs, ... }:
 {
-  home.packages = with pkgs-latest; [
+  home.packages = with pkgs; [
     # (gimp-with-plugins.override {
     #   plugins = with gimpPlugins; [ bimp ];
     # })

home-modules/git.nix

@@ -1,4 +1,4 @@
-{ pkgs, rice, ... }: 
+{ pkgs, hyper, rice, ... }: 
 {
   home.packages = with pkgs; [
     git
@@ -36,7 +36,7 @@
   programs.git = {
     enable = true;
     userName = ''Lennart J. Kurzweg (Nx2)'';
-    userEmail = "git@nx2.site";
+    userEmail = "git@${hyper.domain}";
     delta = {
       enable = true;
       options = {

home-modules/hyprland.nix

@@ -1,4 +1,4 @@
-{config, pkgs, pkgs-unstable, inputs, host, user, nvidia, rice, lib, ... }:
+{ config, pkgs, hyper, inputs, rice, ... }:
 let
   animation-speed = "5";
   transparency = builtins.toString rice.transparency;
@@ -83,10 +83,10 @@ in {
 
     settings = {
       monitor =
-        if host == "NxXPS" then (with monitors.xps; [
+        if hyper.host == "NxXPS" then (with monitors.xps; [
           "${main.name}, ${main.resolution}, ${main.position}, ${main.scale}"
           "${second.name}, ${second.resolution}, ${second.position}, ${second.scale}"
-        ]) else (if host == "NxNORTH" then (with monitors.north; [
+        ]) else (if hyper.host == "NxNORTH" then (with monitors.north; [
           "${main.name}, ${main.resolution}, ${main.position}, ${main.scale}"
           "${left.name}, ${left.resolution}, ${left.position}, ${left.scale}"
           # "${right.name}, ${right.resolution}, ${right.position}, ${right.scale}"
@@ -95,10 +95,10 @@ in {
         ]));
 
       workspace = let
-        d1 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.main.name else monitors.ace.main.name);
+        d1 = if hyper.host == "NxXPS" then monitors.xps.main.name else (if hyper.host == "NxNORTH" then monitors.north.main.name else monitors.ace.main.name);
-        d2 = if host == "NxXPS" then monitors.xps.second.name else (if host == "NxNORTH" then monitors.north.left.name else monitors.ace.main.name);
+        d2 = if hyper.host == "NxXPS" then monitors.xps.second.name else (if hyper.hyper.host == "NxNORTH" then monitors.north.left.name else monitors.ace.main.name);
-        d3 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.main.name else monitors.ace.main.name);
+        d3 = if hyper.host == "NxXPS" then monitors.xps.main.name else (if hyper.host == "NxNORTH" then monitors.north.main.name else monitors.ace.main.name);
-        # d3 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.right.name else monitors.ace.main.name);
+        # d3 = if hyper.host == "NxXPS" then monitors.xps.main.name else (if hyper.hyper.host == "NxNORTH" then monitors.north.right.name else monitors.ace.main.name);
        compact = "gapsin:0, gapsout:0, bordersize:1, rounding:false";
       in [
         "11, monitor:${d1}, default:true"
@@ -122,7 +122,7 @@ in {
         "28, monitor:${d2}"
         "29, monitor:${d2}"
         "20, monitor:${d2}"
-        "31, monitor:${d3}, default:${let x = if host == "NxNORTH" then "true" else "false"; in x}"
+        "31, monitor:${d3}, default:${let x = if hyper.host == "NxNORTH" then "true" else "false"; in x}"
         "32, monitor:${d3}"
         "33, monitor:${d3}"
         "34, monitor:${d3}"
@@ -143,7 +143,7 @@ in {
       # };
 
 
-      env = if nvidia.enable == true then [
+      env = if hyper.nvidia.enable == true then [
         "LIBVA_DRIVER_NAME,nvidia"
         "XDG_SESSION_TYPE,wayland"
         "GBM_BACKEND,nvidia-drm"
@@ -209,7 +209,7 @@ in {
         # bezier = "myBezier, 0.01, 0.9, 0.1, 1.0"; #o
         # bezier = "myBezier, 0.83, 0, 0.17, 1"; # io
         bezier = "myBezier, 0.33, 1, 0.68, 1";
-        animation = let direction = if host == "NxXPS" then "slide" else "slidevert"; in [
+        animation = let direction = if hyper.host == "NxXPS" then "slide" else "slidevert"; in [
           "windows, 1, ${animation-speed}, myBezier, slide"
           "border, 1, ${animation-speed}, myBezier"
           "fade, 1, ${animation-speed}, myBezier"
@@ -591,7 +591,7 @@ in {
       submap = color
       ${action_simple { key = "W"; cmd = ''exec,swww query | sed -n 1p | sed -E 's-.*image: (.*)-"\1"-g' | xargs change_colors_json img && notify-send 'change_colors_json img successfull' ''; }} 
       ${action_simple { key = "M"; cmd = ''exec,change_colors_json manual && notify-send 'change_colors_json manual successfull'  ''; }} 
-      ${action_simple { key = "D"; cmd = ''exec,firefox /home/${user}/.config/color-pallete.html''; }} 
+      ${action_simple { key = "D"; cmd = ''exec,firefox ${hyper.home}/.config/color-pallete.html''; }} 
       bind = , Escape, execr, waybar_mode unset
       bind = , Escape, submap, reset
       submap = reset
@@ -609,7 +609,7 @@ in {
   };
 
   home.file = let
-    m = if host == "NxXPS" then monitors.xps.main.name else monitors.north.main.name;
+    m = if hyper.host == "NxXPS" then monitors.xps.main.name else monitors.north.main.name;
   in {
     ".config/hypr/hyprlock.conf".text = ''
       background {

home-modules/matrix.nix

@@ -1,4 +1,4 @@
-{ pkgs, host, ... }:
+{ pkgs, hyper, ... }:
 {
   home.packages = with pkgs; [
     # cinny-desktop
@@ -79,7 +79,7 @@
       nx2site.ssl_verify = on
       nx2site.username = "nx2"
       nx2site.password = "''${sec.data.matrix_nx2site_password}"
-      nx2site.device_name = "Weechat@${host}"
+      nx2site.device_name = "Weechat@${hyper.host}"
       nx2site.autoreconnect_delay = 10
       nx2site.sso_helper_listening_port = 0
     '';

home-modules/nvidia.nix

@@ -1,5 +1,5 @@
-{ pkgs, lib, nvidia, ... }:
+{ pkgs, hyper, ... }:
-lib.mkIf (nvidia.enable == true)
+pkgs.lib.mkIf (hyper.nvidia.enable == true)
 {
   home = {
     packages = with pkgs; [

home-modules/obs.nix

@@ -1,5 +1,5 @@
-{ pkgs, lib, host, ... }:
+{ pkgs, hyper, ... }:
-lib.mkIf (host != "NxACE")
+pkgs.lib.mkIf (hyper.host != "NxACE")
 {
   #  home.packages = with pkgs; [
   #   obs-studio

home-modules/office.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, user, ... }:
+{ pkgs, ... }:
 {
   home.packages = with pkgs; [
     libreoffice

home-modules/ollama.nix

@@ -1,6 +1,7 @@
 { pkgs, ... }:
 {
   home.packages = with pkgs; [
+    ollama
     (writers.writePython3Bin "ooo" {
       libraries = [ pkgs.python3Packages.ollama ];
       flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" "E121" ];

home-modules/pnx.nix

@@ -1,5 +1,5 @@
-{ pkgs, lib, host, secrets, ... }: 
+{ pkgs, hyper, secrets, ... }: 
-lib.mkIf (host != "NxACE")
+pkgs.lib.mkIf (hyper.host != "NxACE")
 {
   home.packages = [
     pkgs.remmina
@@ -7,7 +7,7 @@ lib.mkIf (host != "NxACE")
 
     (pkgs.writeShellScriptBin "connect_to_pnx" ''
       pushd ~/.vpn/
-      sudo openvpn --config /home/nx2/.vpn/ljk-pnx.ovpn --auth-user-pass ~/.vpn/ljk-pnx-pass.txt #gets put there by home-manager
+      sudo openvpn --config ${hyper.home}/.vpn/ljk-pnx.ovpn --auth-user-pass ~/.vpn/ljk-pnx-pass.txt #gets put there by home-manager
       popd
     '')
 

home-modules/sent.nix

@@ -3,8 +3,6 @@ let
   my-sent = pkgs.sent.override {
     patches = [
       ./sent.patch
-      # /home/${user}/.local/share/sent.patch
-      # (builtins.toFile "/home/${user}/   
     ];
   };
 in

home-modules/ssh.nix

@@ -5,17 +5,17 @@
     file.".ssh/config".text = ''
       HOST nxace
           HostName ssh.${hyper.domain}
-          User nx2
+          User ${hyper.user}
           Port 50022
 
       HOST nxacel
           HostName 10.0.1.1
-          User nx2
+          User ${hyper.user}
           Port 50022
 
       HOST nxrpil
           HostName 10.0.1.31
-          User nx2
+          User ${hyper.user}
           Port 22
       
       HOST nxgit

home-modules/tts.nix

@@ -1,5 +1,4 @@
-{ pkgs, lib, user, ... }: 
+{ pkgs, ... }: 
-lib.mkIf (user != "tv")
 {
   home.packages = with pkgs; [
     (writeShellApplication {

home-modules/virt-manager.nix

@@ -1,5 +1,5 @@
-{ config, pkgs, lib, host, ... }:
+{ pkgs, hyper, ... }:
-lib.mkIf (host == "NxNORTH")
+pkgs.lib.mkIf (hyper.host == "NxNORTH")
 {
   home.packages = with pkgs; [
     virt-manager

home-modules/vscode.nix

@@ -1,6 +1,6 @@
-{ config, pkgs, lib, host, rice, ... }:
+{ config, pkgs, hyper, rice, ... }:
 {
-  config = lib.mkIf (host != "NxACE") {
+  config = pkgs.lib.mkIf (hyper.host != "NxACE") {
     home.packages = [
       pkgs.vscodium
       pkgs.nixpkgs-fmt
@@ -85,20 +85,20 @@
     };
   };
   
-  imports = if host != "NxACE" then [
+  # imports = if hyper.host != "NxACE" then [
-    # Make vscode settings writable
+  #   # Make vscode settings writable
-    (import
+  #   (import
-      (builtins.fetchurl {
+  #     (builtins.fetchurl {
-        url = "https://gist.githubusercontent.com/piousdeer/b29c272eaeba398b864da6abf6cb5daa/raw/41e569ba110eb6ebbb463a6b1f5d9fe4f9e82375/mutability.nix";
+  #       url = "https://gist.githubusercontent.com/piousdeer/b29c272eaeba398b864da6abf6cb5daa/raw/41e569ba110eb6ebbb463a6b1f5d9fe4f9e82375/mutability.nix";
-        sha256 = "4b5ca670c1ac865927e98ac5bf5c131eca46cc20abf0bd0612db955bfc979de8";
+  #       sha256 = "4b5ca670c1ac865927e98ac5bf5c131eca46cc20abf0bd0612db955bfc979de8";
-      })
+  #     })
-      { inherit config lib; })
+  #     { inherit config pkgs; lib = pkgs.lib; })
 
-    (import
+  #   (import
-      (builtins.fetchurl {
+  #     (builtins.fetchurl {
-        url = "https://gist.githubusercontent.com/piousdeer/b29c272eaeba398b864da6abf6cb5daa/raw/41e569ba110eb6ebbb463a6b1f5d9fe4f9e82375/vscode.nix";
+  #       url = "https://gist.githubusercontent.com/piousdeer/b29c272eaeba398b864da6abf6cb5daa/raw/41e569ba110eb6ebbb463a6b1f5d9fe4f9e82375/vscode.nix";
-        sha256 = "fed877fa1eefd94bc4806641cea87138df78a47af89c7818ac5e76ebacbd025f";
+  #       sha256 = "fed877fa1eefd94bc4806641cea87138df78a47af89c7818ac5e76ebacbd025f";
-      })
+  #     })
-      { inherit config lib pkgs; })
+  #     { inherit config pkgs; lib = pkgs.lib; })
-  ] else [];
+  # ] else [];
 }

home-modules/wallpaper-to-colors.nix

@@ -1,6 +1,6 @@
-{ pkgs-unstable, ... }:
+{ pkgs, ... }:
 {
-  home.packages = with pkgs-unstable; [
+  home.packages = with pkgs; [
     (writers.writePython3Bin "change_colors_json" {
       libraries = with python3Packages; [ numpy pillow scikit-learn ];
       flakeIgnore = [ "E302" "E305" "E226" "E501" ];

home-modules/waybar.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, rice, domain, user, ... }:
+{ pkgs, hyper, rice, ... }:
 let
   sep = " ";
 in {
@@ -121,8 +121,8 @@ def get_ongoing_or_next_event(url, username, password):
 if __name__ == "__main__":
     password_file = "/home/nx2/.config/sops-nix/secrets/nx2site/radicale/password"  # Path to password file
     cache_file = "/tmp/caldav_event_cache.json"  # Path to cache file
-    url = "https://dav.${domain}/"
+    url = "https://dav.${hyper.domain}/"
-    username = "${user}"
+    username = "${hyper.user}"
     password = get_password(password_file)
 
     event_dict = load_cache(cache_file)

home.nix

@@ -1,4 +1,4 @@
-{ pkgs, pkgs-unstable, lib, host, user, inputs, ... }:
+{ pkgs, hyper, inputs, ... }:
 {
   imports = [
     ./home-modules/auto-mount.nix
@@ -12,7 +12,6 @@
     ./home-modules/email.nix
     ./home-modules/firefox.nix
     ./home-modules/fish.nix
-    # ./home-modules/foot.nix
     ./home-modules/games.nix
     ./home-modules/gestures.nix
     ./home-modules/ghostty.nix
@@ -32,7 +31,6 @@
     ./home-modules/nixd.nix
     ./home-modules/nvidia.nix
     ./home-modules/nxgs.nix
-    # ./home-modules/nx-gcal-event.nix
     ./home-modules/obs.nix
     ./home-modules/office.nix
     ./home-modules/ollama.nix
@@ -61,12 +59,13 @@
     ./home-modules/yazi.nix
     ./home-modules/zathura.nix
     ./home-modules/zoxide.nix
-  ] ++ (if (host == "NxACE") then [ 
+  ] ++ (if (hyper.host == "NxACE") then [ 
     ./home-modules/nx2site.nix
     ./home-modules/nx2site-backup.nix
   ] else []);
-  home.username = user;
+  home.username = hyper.user;
-  home.homeDirectory = "/home/${user}";
+  # home.homeDirectory = hyper.home; # for some reason you cant use hyper.home here
+    home.homeDirectory = "/home/${hyper.user}";
   home.stateVersion = pkgs.version;
   home.packages = with pkgs; [
     bat
@@ -122,14 +121,14 @@
 
     inputs.zen-browser.packages."${system}".default
     
-  ]) ++ (if host != "NxACE" then (with pkgs; [
+  ] ++ (if hyper.host != "NxACE" then [
     signal-desktop
     obsidian
     zoom-us
     inkscape
-  ]) else (with pkgs-unstable; [
+  ] else {
     
-  ]));
+  });
 
   xdg = {
     enable = true;

sops-secrets.yaml

@@ -47,10 +47,6 @@ eduroam:
 hsmw-vpn-secret: ENC[AES256_GCM,data:3bKxRGTQcbhRjzARSpYBW5ekQW/U/ixzNiFmO36gw0NKyDMLlbVbJBqXvi71M0GXgmo/FA==,iv:7bVDA8u9apDNXFY/vEMbz/0HywG5Pyrl5JfZrcNCr8w=,tag:xz4j7cEc5hvLwrItWjkx0Q==,type:str]
 postgres-pw: ENC[AES256_GCM,data:D9b7IbvLshmRuSyF9+V3WqVf/95+OhCJm0g=,iv:D4tpzEBzcCatbnQwtOGn8X0QSrXOye20rXaw8TSB7Gk=,tag:Q0B/86eDKkhu0Jnln1sUyg==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e
           enc: |
@@ -88,8 +84,8 @@ sops:
             SHJLR3lvdlFiRmJuU25RUHFFTmpjamMKbzycdDvQBAuOiRROTZEQSnaXoPapz73L
             yVS9EUP25FSx/sGqRqaCefbeaybuM1aso6LDnlomv4Bib7zjugWKSw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-07T17:02:01Z"
+    lastmodified: "2025-05-27T09:47:30Z"
-    mac: ENC[AES256_GCM,data:js375bjy8Z4ApUXbw4eIqNl5BBgeX2bwMFBCx63LNCsb56OlHyYobQGtL1CwcDGW/+hwVLJSxbEDwqzJiu5vQ/2Cp00nVwvumHrvqZi/Ka4r87uNd6psE4nMq6ROHP0kJm6STKqd6MDyuLRjfX5zrki7ZhYTWsYS90/d9SUHUj8=,iv:W3w1f7lkL3fuOWmNhLUsOTKG18+wLhWA04GjygDIUEc=,tag:AYy9O7OcsY2W4VbOzyM5oA==,type:str]
+    mac: ENC[AES256_GCM,data:B+XFym/hSq5ntjm7N2b2026tyX8jVfUcHBIbe+UIPtVNoT9Mx95vlcBnF/6+KrsI1VIe2x1rraIt0KyVVg6g3S0LVfDZumMvgjTtGQIJsLwz0UOOnkX1CBJYpca+Ec1ojtp/7xKFxBuBTuQIPsrDWF+myqvdkYF9Gb0mjMvGbdo=,iv:WAGuWuFBVwY39SBoW5JXtZMAKmzqaQSV7rBcWYQzQ1s=,tag:rQuoAh22DgFTx7iilgT74A==,type:str]
     pgp:
         - created_at: "2024-06-09T19:44:41Z"
           enc: |-
@@ -104,4 +100,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 22FB2CC03DC5292AB81CF67D0AF27B383170E634
     unencrypted_suffix: _unencrypted
-    version: 3.9.4
+    version: 3.10.2

system-modules/adb.nix

@@ -1,5 +1,5 @@
 { pkgs, hyper, lib, ... }:
-lib.mkIf (host != "NxACE")
+lib.mkIf (hyper.host != "NxACE")
 {
 	environment.systemPackages = with pkgs; [
 		adbfs-rootless

system-modules/boot.nix

@@ -1,7 +1,7 @@
-{ config, pkgs, pkgs-unstable, lib, host, domain, inputs, ... }: 
+{ config, pkgs, hyper, inputs, ... }: 
 let 
   grub-theme-ascii-diana = (pkgs.fetchFromGitea {
-    domain = "git.${domain}";
+    domain = "git.${hyper.domain}";
     owner = "nx2";
     repo = "grub-theme-ascii-diana";
     rev = "0.5.0";
@@ -9,10 +9,10 @@ let
    });
 in 
 {
-  imports = if host == "NxNORTH" then [
+  imports = if hyper.host == "NxNORTH" then [
     inputs.lanzaboote.nixosModules.lanzaboote
   ] else [];
- config = if host == "NxNORTH" then {
+ config = if hyper.host == "NxNORTH" then {
     # I have to boot with secureboot becasue of the chinese spyware called Vanguard
       
     environment.systemPackages = with pkgs; [ sbctl ];
@@ -22,7 +22,7 @@ in
       in {
         enable = true;
         pkiBundle = "/etc/secureboot";
-        package = lib.mkForce (pkgs.writeShellApplication {
+        package = pkgs.lib.mkForce (pkgs.writeShellApplication {
           name = "lzbt";
           runtimeInputs = [
             inputs.lanzaboote.packages.x86_64-linux.tool
@@ -74,13 +74,13 @@ in
         #   '';
         # };
       };
-      kernelPackages = pkgs-unstable.linuxPackages_zen;
+      kernelPackages = pkgs.linuxPackages_zen;
       extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
       kernelModules = [ "v4l2loopback" ];
       extraModprobeConfig = ''options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1'';
     };
     security.polkit.enable = true;
-  } else if host == "NxXPS" then {
+  } else if hyper.host == "NxXPS" then {
     boot = {
       loader = {
         efi.canTouchEfiVariables = true;
@@ -103,7 +103,7 @@ in
           '';
         };
       };
-      kernelPackages = pkgs-unstable.linuxPackages_latest;
+      kernelPackages = pkgs.linuxPackages_latest;
       extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
       kernelModules = [ "v4l2loopback" ];
       extraModprobeConfig = ''options v4l2loopback devices=1 video_nr=1 card_label="OBS VCam" exclusive_caps=1'';

system-modules/calendar-lec.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, user, domain, ... }:
+{ config, pkgs, hyper, ... }:
 {
   systemd.timers."nx_cal_lec" = {
     enable = true;
@@ -74,7 +74,7 @@ def fetch_and_save_ical_events(ical_url, save_path):
 if __name__ == "__main__":
     # Replace with your iCal URL and target file path
     ICAL_URL = "https://zlypher.github.io/lol-events/cal/league-of-legends-lec.ical"
-    SAVE_PATH = "${config.services.nginx.virtualHosts."${domain}".root}/lec.ics"
+    SAVE_PATH = "${config.services.nginx.virtualHosts."${hyper.domain}".root}/lec.ics"
 
     fetch_and_save_ical_events(ICAL_URL, SAVE_PATH)
 '');
@@ -83,7 +83,7 @@ if __name__ == "__main__":
     '';
     serviceConfig = {
       Type = "oneshot";
-      User = "nx2";
+      User = hyper.user;
     };
   };
 }

system-modules/calendar-lr.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, domain, ... }:
+{ config, pkgs, hyper, ... }:
 {
   systemd.timers."nx_cal_lr" = {
     enable = true;
@@ -59,7 +59,7 @@ def fetch_and_save_ical_events(ical_url, save_path):
 if __name__ == "__main__":
     # Replace with your iCal URL and target file path
     ICAL_URL = "https://zlypher.github.io/lol-events/cal/league-of-legends-nlc.ical"
-    SAVE_PATH = "${config.services.nginx.virtualHosts."${domain}".root}/lr.ics"
+    SAVE_PATH = "${config.services.nginx.virtualHosts."${hyper.domain}".root}/lr.ics"
 
     fetch_and_save_ical_events(ICAL_URL, SAVE_PATH)
 '');
@@ -68,7 +68,7 @@ if __name__ == "__main__":
     '';
     serviceConfig = {
       Type = "oneshot";
-      User = "nx2";
+      User = hyper.user;
     };
   };
 }

system-modules/calendar-publish.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, user, ... }:
+{ pkgs, hyper, ... }:
 let 
   radicale-root = "/var/lib/radicale";
   web-root = "/var/nginx/webroot";
@@ -115,11 +115,11 @@ def combine_ics_from_directories(directories, output_file):
 if __name__ == "__main__":
     # List of directories containing .ics files
     DIRECTORIES = [
-        "${radicale-root}/collections/collection-root/${user}/preservation",
+        "${radicale-root}/collections/collection-root/${hyper.user}/preservation",
-        "${radicale-root}/collections/collection-root/${user}/effort",
+        "${radicale-root}/collections/collection-root/${hyper.user}/effort",
-        "${radicale-root}/collections/collection-root/${user}/experience",
+        "${radicale-root}/collections/collection-root/${hyper.user}/experience",
-        "${radicale-root}/collections/collection-root/${user}/exposure",
+        "${radicale-root}/collections/collection-root/${hyper.user}/exposure",
-        "${radicale-root}/collections/collection-root/${user}/engagement",
+        "${radicale-root}/collections/collection-root/${hyper.user}/engagement",
     ]
 
     # Path to the output .ics file
@@ -132,7 +132,7 @@ if __name__ == "__main__":
     '';
     serviceConfig = {
       Type = "oneshot";
-      User = "nx2";
+      User = hyper.user;
     };
   };
 }

system-modules/dm.nix

@@ -1,11 +1,11 @@
-{ pkgs, user, ... }:
+{ pkgs, hyper, ... }:
 {
   services.greetd = {
     enable = true;
     settings = rec {
       hyprland = {
         command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --cmd Hyprland --remember-user-session --window-padding 5";
-        user = user;
+        user = hyper.user;
       };
       default_session = hyprland;
       vt = 2;

system-modules/games.nix

@@ -1,6 +1,6 @@
-{ lib, host, ... }:
+{ pkgs, hyper, ... }:
 # lib.mkIf (host == "NxNORTH" || host == "NxACE")
-lib.mkIf (host == "NxNORTH")
+pkgs.lib.mkIf (hyper.host == "NxNORTH")
 {
   programs = {
     steam = {

system-modules/hardware-configuration.nix

@@ -1,4 +1,4 @@
-{ config, lib, user, host, pkgs, modulesPath, ... }:
+{ config, pkgs, hyper, modulesPath, ... }:
 {
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
@@ -13,10 +13,10 @@
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems = if host != "NxACE" then {
+  fileSystems = if hyper.host != "NxACE" then {
     "/" =                    { device = "/dev/disk/by-label/nixos";    fsType = "ext4"; };
     "/boot" =                { device = "/dev/disk/by-label/EFI";      fsType = "vfat"; };
-    "/home/${user}/shared" = { device = "/dev/disk/by-label/shared";   fsType = "ntfs"; options = [ "uid=1000" "gid=100" ]; };
+    "/home/${hyper.user}/shared" = { device = "/dev/disk/by-label/shared";   fsType = "ntfs"; options = [ "uid=1000" "gid=100" ]; };
   } else { 
     "/" =                    { device = "/dev/disk/by-label/nixos";    fsType = "ext4"; };
     "/boot" =                { device = "/dev/disk/by-label/EFI";      fsType = "vfat"; };
@@ -29,23 +29,23 @@
     { device = "/dev/disk/by-label/swap"; }
   ];
 
-  networking.useDHCP = lib.mkDefault true;
+  networking.useDHCP = pkgs.lib.mkDefault true;
 
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  nixpkgs.hostPlatform = pkgs.lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.intel.updateMicrocode = pkgs.lib.mkDefault config.hardware.enableRedistributableFirmware;
 
   # from nixos-hardware
-  services.thermald.enable = lib.mkDefault true;
+  services.thermald.enable = pkgs.lib.mkDefault true;
-  boot.extraModprobeConfig = if host == "NxXPS" then ''
+  boot.extraModprobeConfig = if hyper.host == "NxXPS" then ''
     options iwlwifi 11n_disable=8
   '' else "";
-  boot.initrd.kernelModules = if host == "NxXPS" then [ "i915" ] else [];
+  boot.initrd.kernelModules = if hyper.host == "NxXPS" then [ "i915" ] else [];
 
-  environment.variables = if host == "NxXPS" then {
+  environment.variables = if hyper.host == "NxXPS" then {
-    VDPAU_DRIVER = lib.mkIf config.hardware.graphics.enable (lib.mkDefault "va_gl");
+    VDPAU_DRIVER = pkgs.lib.mkIf config.hardware.graphics.enable (pkgs.lib.mkDefault "va_gl");
   } else {};
 
-  hardware.graphics.extraPackages = if host == "NxXPS" then with pkgs; [
+  hardware.graphics.extraPackages = if hyper.host == "NxXPS" then with pkgs; [
     (if (lib.versionOlder (lib.versions.majorMinor lib.version) "25.05") then vaapiIntel else intel-vaapi-driver)
     libvdpau-va-gl
     intel-media-driver

system-modules/health_reminder.nix

@@ -1,5 +1,5 @@
-{ pkgs, lib, host, ... }:
+{ pkgs, hyper, ... }:
-lib.mkIf (host != "NxACE")
+pkgs.lib.mkIf (hyper.host != "NxACE")
 {
   systemd.timers."health_reminder" = {
     enable = true;
@@ -56,7 +56,7 @@ lib.mkIf (host != "NxACE")
       '';
       serviceConfig = {
         Type = "oneshot";
-        User = "nx2";
+        User = hyper.user;
       };
     };
 }

system-modules/hugo.nix

@@ -1,5 +1,5 @@
-{ pkgs-unstable, user, ... }: 
+{ pkgs, hyper, ... }: 
-let p = pkgs-unstable; in
+let p = pkgs; in
 {
   environment.systemPackages = with p; [
     hugo
@@ -11,7 +11,7 @@ let p = pkgs-unstable; in
       "hugo".name = "hugo";
     };
     users = {
-      "${user}".extraGroups = [ "hugo" ];
+      "${hyper.user}".extraGroups = [ "hugo" ];
       "nginx".extraGroups = [ "hugo" ];
       "hugo" = {
         isSystemUser = true;

system-modules/nvidia.nix

@@ -1,5 +1,5 @@
-{ config, pkgs, lib, nvidia, ... }: 
+{ config, pkgs, hyper, ... }: 
-lib.mkIf nvidia.enable 
+pkgs.lib.mkIf hyper.nvidia.enable 
 {
   environment.systemPackages = with pkgs; [
     lshw
@@ -21,7 +21,7 @@ lib.mkIf nvidia.enable
 
   hardware = {
     nvidia = {
-      prime = lib.mkIf nvidia.prime {
+      prime = pkgs.lib.mkIf hyper.nvidia.prime {
         intelBusId = "PCI:0:2:0";
         nvidiaBusId = "PCI:1:0:0";
         offload = {
@@ -41,7 +41,7 @@ lib.mkIf nvidia.enable
 
       # Fine-grained power management. Turns off GPU when not in use.
       # Experimental and only works on modern Nvidia GPUs (Turing or newer).
-      powerManagement.finegrained = nvidia.prime;
+      powerManagement.finegrained = hyper.nvidia.prime;
 
       # Use the NVidia open source kernel module (not to be confused with the
       # independent third-party "nouveau" open source driver).

system-modules/nx2site.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, user, domain, secrets, ... }:
+{ config, pkgs, hyper, secrets, ... }:
 let dns-user = "cloudflare"; in
 {
   sops.secrets = {
@@ -15,7 +15,7 @@ let dns-user = "cloudflare"; in
         isSystemUser = true;
         group = dns-user;
       };
-      "${user}".extraGroups = [ dns-user ];
+      "${hyper.user}".extraGroups = [ dns-user ];
     };
     groups."${dns-user}" = {};
   };
@@ -84,13 +84,13 @@ def main():
 
     # Perform DNS updates
     # https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record
-    print(f"${domain}: {update_record(record_id="${record_id.base}", record_name="${domain}", ip=my_ip, type="A", proxied=True, pw=pw).status_code}")
+    print(f"${hyper.domain}: {update_record(record_id="${record_id.base}", record_name="${hyper.domain}", ip=my_ip, type="A", proxied=True, pw=pw).status_code}")
-    print(f"*.${domain}: {update_record(record_id="${record_id.sub}", record_name="*.${domain}", ip=my_ip, type="A", proxied=True, pw=pw).status_code}")
+    print(f"*.${hyper.domain}: {update_record(record_id="${record_id.sub}", record_name="*.${hyper.domain}", ip=my_ip, type="A", proxied=True, pw=pw).status_code}")
-    print(f"ssh.${domain}: {update_record(record_id="${record_id.ssh}", record_name="ssh.${domain}", ip=my_ip, type="A", proxied=False, pw=pw).status_code}")
+    print(f"ssh.${hyper.domain}: {update_record(record_id="${record_id.ssh}", record_name="ssh.${hyper.domain}", ip=my_ip, type="A", proxied=False, pw=pw).status_code}")
 
-    print(f"${domain}: {update_record(record_id="${record_id.base6}", record_name="${domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw).status_code}")
+    print(f"${hyper.domain}: {update_record(record_id="${record_id.base6}", record_name="${hyper.domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw).status_code}")
-    print(f"*.${domain}: {update_record(record_id="${record_id.sub6}", record_name="*.${domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw).status_code}")
+    print(f"*.${hyper.domain}: {update_record(record_id="${record_id.sub6}", record_name="*.${hyper.domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw).status_code}")
-    print(f"ssh.${domain}: {update_record(record_id="${record_id.ssh6}", record_name="ssh.${domain}", ip=my_ip6, type="AAAA", proxied=False, pw=pw).status_code}")
+    print(f"ssh.${hyper.domain}: {update_record(record_id="${record_id.ssh6}", record_name="ssh.${hyper.domain}", ip=my_ip6, type="AAAA", proxied=False, pw=pw).status_code}")
 
 if __name__ == "__main__":
     main()

system-modules/nx2site/dyn_dns.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, domain, ... }: 
+{ config, pkgs, hyper, ... }: 
 {
   sops.secrets = {
     # "nx2site/namecheap.pw" = { };
@@ -8,13 +8,14 @@
     };
   };
 	services.cloudflare-dyndns = {
+    pkgs = pkgs.cloudflare-dyndns;
     enable = true;    
     ipv4 = true;
     ipv6 = config.networking.enableIPv6;
     domains = [
-      "${domain}"
+      "${hyper.domain}"
-      "*.${domain}"
+      "*.${hyper.domain}"
-      "ssh.${domain}"
+      "ssh.${hyper.domain}"
     ];
     proxied = true;
     apiTokenFile = config.sops.secrets."nx2site/cloudflare/global-api-key-env".path;

system-modules/nx2site/gitea.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, secrets, user, domain, ... }: 
+{ config, pkgs, hyper, secrets, ... }: 
 let git-user = "git"; in
 {
   sops.secrets = {
@@ -7,13 +7,13 @@ let git-user = "git"; in
 
   users = {
     users = {
-      "${user}".extraGroups = [ git-user ];
+      "${hyper.user}".extraGroups = [ git-user ];
       "${git-user}" = {
         isSystemUser = true;
         group = git-user;
         useDefaultShell = true;
         home = config.services.gitea.stateDir;
-        openssh.authorizedKeys.keys = config.users.users."${user}".openssh.authorizedKeys.keys;
+        openssh.authorizedKeys.keys = config.users.users."${hyper.user}".openssh.authorizedKeys.keys;
       };
     };
     groups."${git-user}" = {};
@@ -63,12 +63,12 @@ let git-user = "git"; in
         START_SSH_SERVER = false; # default
         SSH_LISTEN_HOST = "0.0.0.0";
         SSH_PORT = secrets.ssh.port;
-        DOMAIN = "git.${domain}";
+        DOMAIN = "git.${hyper.domain}";
-        SSH_DOMAIN = "ssh.${domain}";
+        SSH_DOMAIN = "ssh.${hyper.domain}";
         # HTTP_ADDR = "${config.services.gitea.settings.server.DOMAIN}";
         # HTTP_PORT = 3000; # default
         # PROTOCOL = "http"; # default
-        ROOT_URL = "https://git.${domain}/"; # default
+        ROOT_URL = "https://git.${hyper.domain}/"; # default
       };
       session = {
         COOKIE_SECURE = true;
@@ -90,7 +90,7 @@ let git-user = "git"; in
     #   hash = "sha256-Eibgoc3BJUXWdq8irgXea09fAvfKx2eQrJotp3P5DTg=";
     # };
     theme = pkgs.fetchFromGitea {
-      domain = "git.${domain}";
+      domain = "git.${hyper.domain}";
       owner = "nx2";
       repo = "Gitea-Pitch-Black";
       rev = "0.1.0";

system-modules/nx2site/nextcloud.nix

@@ -1,4 +1,4 @@
-{ config, domain, ... }:
+{ config, hyper, ... }:
 {
   sops.secrets = { 
     "nx2site/nextcloud/admin-pass" = { owner = "nextcloud"; };
@@ -9,7 +9,7 @@
   services = {
     nextcloud = {
       enable = true;
-      hostName = "nc.${domain}";
+      hostName = "nc.${hyper.domain}";
       https = true;
       configureRedis = true;
       config = {

system-modules/nx2site/open-web-calendar.nix

@@ -1,15 +1,14 @@
-{ pkgs, domain, ... }:
+{ pkgs, hyper, ... }:
 {
   services = {
     open-web-calendar = {
       enable = true;
-      domain = "cal.${domain}";
+      domain = "cal.${hyper.domain}";
       package = pkgs.open-web-calendar;
       settings = {
         # PORT = 21342;        
       };
-      calendarSettings = {
+      calendarSettings = { };
-      };
     };
   };
 }

system-modules/nx2site/paperless.nix

@@ -1,4 +1,4 @@
-{ pkgs, config, secrets, domain, user, ... }:
+{ config, pkgs, hyper, secrets, ... }:
 let paperless-user = "paperless"; in
 {
   sops.secrets = {
@@ -8,7 +8,7 @@ let paperless-user = "paperless"; in
   };
 
   users.users = {
-    "${user}".extraGroups = [ paperless-user ];
+    "${hyper.user}".extraGroups = [ paperless-user ];
     "${paperless-user}".extraGroups = [ "redis-paperless" ];
   }; 
 
@@ -64,7 +64,7 @@ let paperless-user = "paperless"; in
           # PAPERLESS_LOGROTATE_MAX_SIZE= 1 MiB.
           # PAPERLESS_LOGROTATE_MAX_BACKUPS= 20.
           # PAPERLESS_SECRET_KEY=
-          PAPERLESS_URL = "https://doc.${domain}";
+          PAPERLESS_URL = "https://doc.${hyper.domain}";
           # PAPERLESS_CSRF_TRUSTED_ORIGINS=
           # PAPERLESS_ALLOWED_HOSTS=
           # PAPERLESS_CORS_ALLOWED_HOSTS=

system-modules/nx2site/proxy.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, domain, ... }:
+{ config, hyper, pkgs, ... }:
 {
   sops.secrets = {
     "nx2site/sslCertificate.pem" = { owner = config.services.nginx.user; };
@@ -8,13 +8,13 @@
   security.acme = {
     acceptTerms = true;
     defaults = {
-      email = "acme@${domain}";
+      email = "acme@${hyper.domain}";
       webroot = "/var/nginx/webroot";
       group = "nginx";
     };
     certs = {
-      "${domain}" = {
+      "${hyper.domain}" = {
-        extraDomainNames = builtins.map (subd: "${subd}.${domain}") [ "sync" "dev" ];
+        extraDomainNames = builtins.map (subd: "${subd}.${hyper.domain}") [ "sync" "dev" ];
       };
     };
   };
@@ -76,7 +76,7 @@
         enableACME = true;
       };
     in {
-      "${domain}" = vh // {
+      "${hyper.domain}" = vh // {
         root = "/var/nginx/webroot";
         default = true;
         listen = dl;
@@ -95,11 +95,11 @@
           "/.well-known/matrix/server" = { return = "502"; };
         }; 
       }; 
-      "matrix.${domain}" = {
+      "matrix.${hyper.domain}" = {
         listen = dl;
         locations = { "~.*" = { return = "502"; }; }; 
       };
-      # "pw.${domain}" = vh // {
+      # "pw.${hyper.domain}" = vh // {
       #   listen = dl;
       #   locations = let d = "pw.docker:80"; in {
       #     "/" = { proxyPass = "http://${d}"; };
@@ -108,7 +108,7 @@
       #     "/notifications/hub/negotiate" = { proxyPass = "http://${d}"; };
       #   }; 
       # };
-      "pw.${domain}" = vh // {
+      "pw.${hyper.domain}" = vh // {
         listen = dl;
         locations = let 
           d = with config.services.vaultwarden.config; "${ROCKET_ADDRESS}:${builtins.toString ROCKET_PORT}"; 
@@ -119,38 +119,38 @@
           "/notifications/hub/negotiate" = { proxyPass = "http://${d}"; };
         }; 
       };
-      "sync.${domain}" = vh // {
+      "sync.${hyper.domain}" = vh // {
         listen = dl;
         locations = { "/" = { proxyPass = "http://127.0.0.1:11434"; }; }; 
       };
-      # "git.${domain}" = vh // {
+      # "git.${hyper.domain}" = vh // {
       #   listen = dl;
       #   locations = { "/" = { proxyPass = "http://git.docker:3000"; }; }; 
       # };
-      "git.${domain}" = vh // {
+      "git.${hyper.domain}" = vh // {
         http2 = false;
         listen = dl;
         locations = { "/" = { proxyPass = "http://127.0.0.1:3000"; }; }; 
       };
-      "doc.${domain}" = vh // {
+      "doc.${hyper.domain}" = vh // {
         listen = dl;
         locations = { "/" = { proxyPass = "http://127.0.0.1:8441"; }; }; 
       };
-      "dav.${domain}" = lib.mkIf config.services.radicale.enable (vh // {
+      "dav.${hyper.domain}" = lib.mkIf config.services.radicale.enable (vh // {
         listen = dl;
         locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; }; 
       });
-      # "nc.${domain}" = vh // {
+      # "nc.${hyper.domain}" = vh // {
       #   # directly to nc 
       # };
-      "abs.${domain}" = vh // {
+      "abs.${hyper.domain}" = vh // {
         listen = dl;
         locations."/" = { 
           proxyPass = "http://127.0.0.1:${builtins.toString config.services.audiobookshelf.port}";
           proxyWebsockets = true;
         }; 
       };
-      "dev.${domain}" = vh // {
+      "dev.${hyper.domain}" = vh // {
         listen = dl ++ [
           # { addr = "0.0.0.0"; port = 8000; ssl = true; }
           # { addr = "[::0]"; port = 8000; ssl = true; } 
@@ -162,17 +162,17 @@
         # };
       };
       # is done atomatically
-      # "cal.${domain}" = vh // {
+      # "cal.${hyper.domain}" = vh // {
       #   listen = dl;
       #   locations = { "/" = { 
       #     proxyPass = "http://unix:///run/open-web-calendar/socket";
       #     proxyWebsockets = true;
       #   }; }; 
       # };
-      "~^(.*).${domain}$" = {
+      "~^(.*).${hyper.domain}$" = {
         listen = dl;
         root = "/var/nginx/webroot";
-        locations = { "~.*" = { return = "301 https://${domain}/502.html"; }; };
+        locations = { "~.*" = { return = "301 https://${hyper.domain}/502.html"; }; };
       };
     };
   };

system-modules/nx2site/radicale.nix

@@ -1,4 +1,4 @@
-{ config, domain, ... }:
+{ config, hyper, ... }:
 {
   sops.secrets = { 
     "nx2site/radicale/htpasswd" = {
@@ -15,7 +15,7 @@
           port = builtins.toString 5232;
         in [ 
           "0.0.0.0:${port}"
-          "${domain}:${port}"
+          "${hyper.domain}:${port}"
           # "192.168.178.32:${port}"
         ];
         auth = {

system-modules/nx2site/vaultwarden.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, secrets, domain, ... }:
+{ config, pkgs, hyper, secrets, ... }:
 {
   sops.secrets = {
     "nx2site/vaultwarden.env" = {
@@ -27,7 +27,7 @@
       SMTP_PASSWORD = "@SMTP_PASSWORD@";
       LOGIN_RATELIMIT_MAX_BURST = 10;
       LOGIN_RATELIMIT_SECONDS = 60;
-      DOMAIN = "https://pw.${domain}";
+      DOMAIN = "https://pw.${hyper.domain}";
       INVITATION_ORG_NAME = "NxPW";
       INVITATIONS_ALLOWED = true;
       ADMIN_TOKEN = "@ADMIN_TOKEN@";

system-modules/ollama.nix

@@ -1,14 +1,10 @@
-{ pkgs, lib, host, nvidia, ... }: 
+{ pkgs, hyper, ... }: 
-let
+{
-  p = if nvidia.enable then pkgs.ollama-cuda else pkgs.ollama;
-in {
-  environment.systemPackages = [ p ];
-  
   services.ollama = {
-    package = p;
+    package = if hyper.nvidia.enable then pkgs.ollama-cuda else pkgs.ollama;
     enable = true;
-    acceleration = lib.mkIf nvidia.enable "cuda";
+    acceleration = pkgs.lib.mkIf hyper.nvidia.enable "cuda";
-    host = if host == "NxACE" then "0.0.0.0" else "127.0.0.1";
+    host = if hyper.host == "NxACE" then "0.0.0.0" else "127.0.0.1";
     port = 11434;
     environmentVariables = {
       OLLAMA_ORIGINS = "*"; 

system-modules/sops.nix

@@ -1,4 +1,4 @@
-{ pkgs, user, ... }:
+{ pkgs, ... }:
 {
   environment.systemPackages = with pkgs; [
     age
@@ -8,15 +8,10 @@
   sops = {
     defaultSopsFile = ../sops-secrets.yaml;
     defaultSopsFormat = "yaml";
-    # age = {
-    #   sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-    #   generateKey = true;
-    # };
     # gnupg = {
     #   sshKeyPaths = [];
-    #   home = "/home/${user}/.gnupg";
+    #   home = "${hyper.user}/.gnupg";
     # };
-    secrets.example = {}; 
   };
 }
 

system-modules/syncthing.nix

@@ -1,10 +1,5 @@
-{ 
+{  config, pkgs, hyper, secrets, ... }:
-  config, 
+let 
-  lib, 
-  user, 
-  host, 
-  secrets,
-... }: let 
   # helper funcitons
   conv = _: device: with device; { "${name}" = {id = id;};}; 
   justname = devices: (builtins.map (device: device.name)) devices;
@@ -22,7 +17,7 @@
   };
 
   dirs = {
-    default =      { name = "sync";         path = "/home/${user}/sync";       };
+    default =      { name = "sync";         path = "/home/${hyper.user}/sync";       };
     s21u-dcim =    { name = "s21u-dcim";    path = "/vault/Pictures/Lennart";  };
     diane-dcim =   { name = "diane-dcim";   path = "/vault/Pictures/Diane";    };
     dianesd-dcim = { name = "dianesd-dcim"; path = "/vault/Pictures/Diane-SD"; };
@@ -31,34 +26,35 @@
   };
 in {
   sops.secrets = {
-    "syncthing/${host}/cert.pem" = { owner = user; };
+    "syncthing/${hyper.host}/cert.pem" = { owner = hyper.user; };
-    "syncthing/${host}/key.pem" = { owner = user; };
+    "syncthing/${hyper.host}/key.pem" = { owner = hyper.user; };
   };
   services.syncthing = with (builtins.mapAttrs conv devices); {
     enable = true;
-    user = "${user}";
+    user = "${hyper.user}";
-    dataDir = "/home/${user}/.local/share/syncthing"; # useless ?
+    package = pkgs.syncthing;
-    configDir = "/home/${user}/.config/syncthing"; 
+    dataDir = "/home/${hyper.user}/.local/share/syncthing"; # useless ?
-    key = config.sops.secrets."syncthing/${host}/key.pem".path;
+    configDir = "/home/${hyper.user}/.config/syncthing"; 
-    cert = config.sops.secrets."syncthing/${host}/cert.pem".path;
+    key = config.sops.secrets."syncthing/${hyper.host}/key.pem".path;
+    cert = config.sops.secrets."syncthing/${hyper.host}/cert.pem".path;
     overrideDevices = true;    
     overrideFolders = true;    
     # guiAddress = "127.0.0.1:8384";
-    guiAddress = if ( host == "NxACE" ) then "0.0.0.0:8384" else "127.0.0.1:8384";
+    guiAddress = if ( hyper.host == "NxACE" ) then "0.0.0.0:8384" else "127.0.0.1:8384";
     settings = {
-      devices = with (builtins.mapAttrs conv devices); if (host == "NxXPS") then (
+      devices = with (builtins.mapAttrs conv devices); if (hyper.host == "NxXPS") then (
         north // ace // s21u
-      ) else if (host == "NxNORTH") then (        
+      ) else if (hyper.host == "NxNORTH") then (        
         xps // ace // s21u
       ) else (
         north // xps // s21u // diane // daniel // tessa // georg 
       );
-      folders = with dirs; if (host == "NxXPS") then {
+      folders = with dirs; if (hyper.host == "NxXPS") then {
         "${default.name}" = {        
           path = default.path;
           devices = with devices; (justname [ north ace s21u ]);     
         };
-      } else if (host == "NxNORTH") then {
+      } else if (hyper.host == "NxNORTH") then {
         "${default.name}" = {        
           path = default.path;
           devices = with devices; (justname [ xps ace s21u ]);
@@ -91,7 +87,7 @@ in {
       };
       gui = {
         theme = "black";
-        user = user;
+        user = hyper.user;
         password = secrets.syncthing.gui-password; # option to use a file is till in the works... https://github.com/NixOS/nixpkgs/issues/85336
       };
     };

system-modules/virtualisation.nix

@@ -1,12 +1,12 @@
-{ config, pkgs, lib, user, host, ... }:
+{ pkgs, hyper, ... }:
 
 {
-  config = lib.mkIf (host == "NxNORTH") {
+  config = pkgs.lib.mkIf (hyper.host == "NxNORTH") {
     environment.systemPackages = with pkgs; [
       virtiofsd
     ];
     virtualisation.libvirtd.enable = true;
     programs.virt-manager.enable = true;
-    users.users."${user}".extraGroups = [ "libvirtd" ];
+    users.users."${hyper.user}".extraGroups = [ "libvirtd" ];
   };
 }

system-modules/ydotool.nix

@@ -1,5 +1,5 @@
-{ pkgs, lib, host, ... }: 
+{ pkgs, hyper, ... }: 
-lib.mkIf (host == "NxXPS")
+pkgs.lib.mkIf (hyper.host == "NxXPS")
 {
   programs.ydotool.enable = true;
 }