data.nix

@@ -9,10 +9,6 @@
         password.file = ./secrets/machines/bicboye/password.age;
         root-password.file = ./secrets/machines/bicboye/root-password.age;
       };
-      smolboye = {
-        password.file = ./secrets/machines/smolboye/password.age;
-        root-password.file = ./secrets/machines/smolboye/root-password.age;
-      };
     };
     monitoring = {
       grafana = {
@@ -27,9 +23,6 @@
       gitea = {
         password.file = ./secrets/services/gitea/password.age;
       };
-      mailserver = {
-        watashi.password.file = ./secrets/services/mailserver/watashi.age;
-      };
       miniflux = {
         password.file = ./secrets/services/miniflux/password.age;
       };

flake.lock

@@ -25,22 +25,6 @@
         "type": "github"
       }
     },
-    "blobs": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1604995301,
-        "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
-        "owner": "simple-nixos-mailserver",
-        "repo": "blobs",
-        "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
-        "type": "gitlab"
-      },
-      "original": {
-        "owner": "simple-nixos-mailserver",
-        "repo": "blobs",
-        "type": "gitlab"
-      }
-    },
     "cachix": {
       "locked": {
         "lastModified": 1635350005,
@@ -57,6 +41,29 @@
         "type": "github"
       }
     },
+    "chaotic": {
+      "inputs": {
+        "fenix": "fenix",
+        "flake-schemas": "flake-schemas",
+        "home-manager": "home-manager",
+        "jovian": "jovian",
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1728001451,
+        "narHash": "sha256-Ost5YHSZZE4ZIKBcWsXC1c7g7n3kIqaNNjs5ula/lAI=",
+        "owner": "chaotic-cx",
+        "repo": "nyx",
+        "rev": "25f420d9cf70929455ba14642b92ae715ae8d792",
+        "type": "github"
+      },
+      "original": {
+        "owner": "chaotic-cx",
+        "ref": "nyxpkgs-unstable",
+        "repo": "nyx",
+        "type": "github"
+      }
+    },
     "crane": {
       "inputs": {
         "nixpkgs": [
@@ -129,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1728334376,
+        "lastModified": 1727977578,
-        "narHash": "sha256-CTKEKPzD/j8FK6H4DO3EjyixZd3HHvgAgfnCwpGFP5c=",
+        "narHash": "sha256-DBORKcmQ7ZjA4qE1MsnF1MmZSokOGrw4W9vTCioOv2U=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "d39ee334984fcdae6244f5a8e6ab857479cbaefe",
+        "rev": "574400001b3ffe555c7a21e0ff846230759be2ed",
         "type": "github"
       },
       "original": {
@@ -142,6 +149,28 @@
         "type": "github"
       }
     },
+    "fenix": {
+      "inputs": {
+        "nixpkgs": [
+          "chaotic",
+          "nixpkgs"
+        ],
+        "rust-analyzer-src": "rust-analyzer-src"
+      },
+      "locked": {
+        "lastModified": 1727937235,
+        "narHash": "sha256-Ih4RD65WZZDgtla9Uh8zm6gQJ1zgkXkiU4HKtEwQjvI=",
+        "owner": "nix-community",
+        "repo": "fenix",
+        "rev": "381781f96b880c2ced9019a9e2406b31ccea82b4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "fenix",
+        "type": "github"
+      }
+    },
     "firefox": {
       "inputs": {
         "cachix": "cachix",
@@ -153,11 +182,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1728447673,
+        "lastModified": 1728004272,
-        "narHash": "sha256-j4rc9wVALYe2YlnwSBZKE0EUzZBtXTPpyYR0fbEkUUo=",
+        "narHash": "sha256-7UCbRuv1/G27sVwyTtkYO6Jjdnqx182SzofIvw7FmEs=",
         "owner": "nix-community",
         "repo": "flake-firefox-nightly",
-        "rev": "3754282f60a0fdfe100f524e28cb763b027e2b4c",
+        "rev": "6237aca65390a09acf0c51e3f31448db080066f4",
         "type": "github"
       },
       "original": {
@@ -214,22 +243,6 @@
       }
     },
     "flake-compat_4": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-compat_5": {
       "flake": false,
       "locked": {
         "lastModified": 1650374568,
@@ -266,6 +279,20 @@
         "type": "github"
       }
     },
+    "flake-schemas": {
+      "locked": {
+        "lastModified": 1721999734,
+        "narHash": "sha256-G5CxYeJVm4lcEtaO87LKzOsVnWeTcHGKbKxNamNWgOw=",
+        "rev": "0a5c42297d870156d9c57d8f99e476b738dcd982",
+        "revCount": 75,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.5/0190ef2f-61e0-794b-ba14-e82f225e55e6/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.5.tar.gz"
+      }
+    },
     "flake-utils": {
       "inputs": {
         "systems": "systems_3"
@@ -434,15 +461,16 @@
     "home-manager": {
       "inputs": {
         "nixpkgs": [
+          "chaotic",
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1728337164,
+        "lastModified": 1727817100,
-        "narHash": "sha256-VdRTjJFyq4Q9U7Z/UoC2Q5jK8vSo6E86lHc2OanXtvc=",
+        "narHash": "sha256-dlyV9/eiWkm/Y/t2+k4CFZ29tBvCANmJogEYaHeAOTw=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "038630363e7de57c36c417fd2f5d7c14773403e4",
+        "rev": "437ec62009fa8ceb684eb447d455ffba25911cf9",
         "type": "github"
       },
       "original": {
@@ -451,6 +479,48 @@
         "type": "github"
       }
     },
+    "home-manager_2": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1728026342,
+        "narHash": "sha256-3mGqKM1jSkc2DrJvR/HCTav0Chd1n8/s1eJ9Y5GzNVM=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "30e04f3d477256de3eb6a7cff608e220087537d4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "jovian": {
+      "inputs": {
+        "nix-github-actions": "nix-github-actions",
+        "nixpkgs": [
+          "chaotic",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1727865565,
+        "narHash": "sha256-SBcqfosxb0XlKdIz6QGXCnK4W/TEVHLDZHkRHZ8Me60=",
+        "owner": "Jovian-Experiments",
+        "repo": "Jovian-NixOS",
+        "rev": "703c0ac8432f3758987e0788248ddc1a8e0bf412",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Jovian-Experiments",
+        "repo": "Jovian-NixOS",
+        "type": "github"
+      }
+    },
     "lanzaboote": {
       "inputs": {
         "crane": "crane",
@@ -463,11 +533,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1728199407,
+        "lastModified": 1727792571,
-        "narHash": "sha256-x4G0ja//3pT/epOvwxKR1XB7GAW7Yuwiy6RYCOgRjuQ=",
+        "narHash": "sha256-KBzRQVE1j2vrSg8WfYJ+vEvFBC25+2VsFSK7VL2kc1M=",
         "owner": "nix-community",
         "repo": "lanzaboote",
-        "rev": "0bc127c631999c9555cae2b0cdad2128ff058259",
+        "rev": "e2365a1d8dccdcf4bca5111672e80df67d90957d",
         "type": "github"
       },
       "original": {
@@ -482,11 +552,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1728216729,
+        "lastModified": 1727710043,
-        "narHash": "sha256-HsisE2yMld0LckvQ3v/00bXFg11E5Q2XI8taPUewDPA=",
+        "narHash": "sha256-NpTnTg8oOVvntlTi/t8BUe5msrMmkiZFiOW22fc7B+g=",
         "owner": "nix-community",
         "repo": "lib-aggregate",
-        "rev": "6c4cf448d33ce86bcc06c6d50bcecc33666105ee",
+        "rev": "d03a5f88a345d26ca13918071d42dcc960233183",
         "type": "github"
       },
       "original": {
@@ -569,82 +639,67 @@
         "type": "github"
       }
     },
-    "nixos-hardware": {
+    "nix-github-actions": {
+      "inputs": {
+        "nixpkgs": [
+          "chaotic",
+          "jovian",
+          "nixpkgs"
+        ]
+      },
       "locked": {
-        "lastModified": 1728269138,
+        "lastModified": 1690328911,
-        "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=",
+        "narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
-        "owner": "nixos",
+        "owner": "zhaofengli",
-        "repo": "nixos-hardware",
+        "repo": "nix-github-actions",
-        "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b",
+        "rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
         "type": "github"
       },
       "original": {
-        "owner": "nixos",
+        "owner": "zhaofengli",
-        "repo": "nixos-hardware",
+        "ref": "matrix-name",
+        "repo": "nix-github-actions",
         "type": "github"
       }
     },
-    "nixos-mailserver": {
+    "nixos-hardware": {
-      "inputs": {
-        "blobs": "blobs",
-        "flake-compat": "flake-compat_4",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "nixpkgs-24_05": "nixpkgs-24_05"
-      },
       "locked": {
-        "lastModified": 1722877200,
+        "lastModified": 1727665282,
-        "narHash": "sha256-qgKDNJXs+od+1UbRy62uk7dYal3h98I4WojfIqMoGcg=",
+        "narHash": "sha256-oKtfbQB1MBypqIyzkC8QCQcVGOa1soaXaGgcBIoh14o=",
-        "owner": "simple-nixos-mailserver",
+        "owner": "nixos",
-        "repo": "nixos-mailserver",
+        "repo": "nixos-hardware",
-        "rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2",
+        "rev": "11c43c830e533dad1be527ecce379fcf994fbbb5",
-        "type": "gitlab"
+        "type": "github"
       },
       "original": {
-        "owner": "simple-nixos-mailserver",
+        "owner": "nixos",
-        "repo": "nixos-mailserver",
+        "repo": "nixos-hardware",
-        "type": "gitlab"
+        "type": "github"
       }
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1728241625,
+        "lastModified": 1727802920,
-        "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=",
+        "narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=",
-        "owner": "nixos",
+        "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1",
+        "rev": "27e30d177e57d912d614c88c622dcfdb2e6e6515",
         "type": "github"
       },
       "original": {
-        "owner": "nixos",
+        "owner": "NixOS",
         "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
-    "nixpkgs-24_05": {
-      "locked": {
-        "lastModified": 1717144377,
-        "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "805a384895c696f802a9bf5bf4720f37385df547",
-        "type": "github"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "ref": "nixos-24.05",
-        "type": "indirect"
-      }
-    },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1728176478,
+        "lastModified": 1727571693,
-        "narHash": "sha256-px3Q0W//c+mZ4kPMXq4poztsjtXM1Ja1rN+825YMDUQ=",
+        "narHash": "sha256-b7sFVeqMtz8xntCL3tBY3O8suTg5PeF53LTL3eCcKyc=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "b61309c3c1b6013d36299bc8285612865b3b9e4c",
+        "rev": "bb58a3bf239e03fca9d51062e2fe028a4ea5a3d1",
         "type": "github"
       },
       "original": {
@@ -669,13 +724,29 @@
         "type": "github"
       }
     },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1727802920,
+        "narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "27e30d177e57d912d614c88c622dcfdb2e6e6515",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nur": {
       "locked": {
-        "lastModified": 1728456140,
+        "lastModified": 1728027550,
-        "narHash": "sha256-40f5wx98+EgmkOhOWcAYKnKaFM1hZ2wZK6mptjdNcwo=",
+        "narHash": "sha256-be13RazohHlmNJPH/zK9SGns8O0iLfwYzk77sZDB30o=",
         "owner": "nix-community",
         "repo": "nur",
-        "rev": "61ba1d0514cc732cd0079a33d3b605d836600503",
+        "rev": "c9c5e4e57b475f94fa0ba622611428b8fa3bd1cc",
         "type": "github"
       },
       "original": {
@@ -714,22 +785,39 @@
     "root": {
       "inputs": {
         "agenix": "agenix",
+        "chaotic": "chaotic",
         "deploy-rs": "deploy-rs",
         "disko": "disko",
         "firefox": "firefox",
-        "home-manager": "home-manager",
+        "home-manager": "home-manager_2",
         "lanzaboote": "lanzaboote",
         "maych-in": "maych-in",
         "nil": "nil",
         "nixos-hardware": "nixos-hardware",
-        "nixos-mailserver": "nixos-mailserver",
+        "nixpkgs": "nixpkgs_2",
-        "nixpkgs": "nixpkgs",
         "nur": "nur",
         "snowfall-lib": "snowfall-lib",
         "srvos": "srvos",
         "wezterm": "wezterm"
       }
     },
+    "rust-analyzer-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1727778987,
+        "narHash": "sha256-OTI1eKQ3WIkj6q8PROpPY1vhaxYRdiS1btSfBowQPps=",
+        "owner": "rust-lang",
+        "repo": "rust-analyzer",
+        "rev": "e1a76671af2fbc74c84c18ba18fcda5e653d7531",
+        "type": "github"
+      },
+      "original": {
+        "owner": "rust-lang",
+        "ref": "nightly",
+        "repo": "rust-analyzer",
+        "type": "github"
+      }
+    },
     "rust-overlay": {
       "inputs": {
         "nixpkgs": [
@@ -795,7 +883,7 @@
     },
     "snowfall-lib": {
       "inputs": {
-        "flake-compat": "flake-compat_5",
+        "flake-compat": "flake-compat_4",
         "flake-utils-plus": "flake-utils-plus",
         "nixpkgs": [
           "nixpkgs"
@@ -822,11 +910,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1728372701,
+        "lastModified": 1727991738,
-        "narHash": "sha256-n+o0AChteJB6UQjHvvhL1BNgE9npEFSFXEgDd+3C5wk=",
+        "narHash": "sha256-bNy/zyUOp381G/KMiIfM5qD9fD+gMs2y3IdSlTKT4r8=",
         "owner": "nix-community",
         "repo": "srvos",
-        "rev": "a2a8f68d881be57c8898c305438aa50cf71ae4b1",
+        "rev": "c20ad69680e9f62fabc32c511c3964b8af55f955",
         "type": "github"
       },
       "original": {
@@ -972,11 +1060,11 @@
       },
       "locked": {
         "dir": "nix",
-        "lastModified": 1728322634,
+        "lastModified": 1727585736,
-        "narHash": "sha256-cUnwLCSc59Sx3E+meVlVUMfyROr0aToWPID7UA6PZvg=",
+        "narHash": "sha256-vEkcyKdFpfWbrtZlB5DCjNCmI2GudIJuHstWo3F9gL8=",
         "owner": "wez",
         "repo": "wezterm",
-        "rev": "ed430415ee69279ea692358525196ad7d4c965b8",
+        "rev": "a2f2c07a29f5c98f6736cde0c86b24887f9fd48a",
         "type": "github"
       },
       "original": {

flake.nix

@@ -19,8 +19,10 @@
 
       systems.modules.nixos = with inputs; [
         agenix.nixosModules.age
+        chaotic.nixosModules.default
         disko.nixosModules.disko
         srvos.nixosModules.common
+        srvos.nixosModules.mixins-systemd-boot
         inputs.lanzaboote.nixosModules.lanzaboote
       ];
 
@@ -31,19 +33,11 @@
         inherit userdata;
       };
       # TODO: setup atticd
-      systems.hosts.bicboye.modules = [
+      systems.hosts.bicboye.modules = [inputs.srvos.nixosModules.server];
-        inputs.srvos.nixosModules.server
-        inputs.srvos.nixosModules.mixins-systemd-boot
-      ];
       systems.hosts.bicboye.specialArgs = {
         inherit userdata;
       };
-      systems.hosts.smolboye.modules = [
+      systems.hosts.smolboye.modules = [inputs.srvos.nixosModules.server];
-        inputs.nixos-hardware.nixosModules.common-cpu-intel
-      ];
-      systems.hosts.smolboye.specialArgs = {
-        inherit userdata;
-      };
 
       homes.modules = with inputs; [
         nur.hmModules.nur
@@ -80,6 +74,8 @@
     agenix.inputs.nixpkgs.follows = "nixpkgs";
     agenix.inputs.home-manager.follows = "nixpkgs";
 
+    chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
+
     deploy-rs.url = "github:serokell/deploy-rs";
     deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
 
@@ -107,9 +103,6 @@
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     nixos-hardware.url = "github:nixos/nixos-hardware";
 
-    nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
-    nixos-mailserver.inputs.nixpkgs.follows = "nixpkgs";
-
     nur.url = "github:nix-community/nur";
 
     snowfall-lib.url = "github:snowfallorg/lib";

homes/x86_64-linux/server@bicboye/default.nix

@@ -2,6 +2,7 @@ _: {
   snowfallorg.user.enable = true;
   snowfallorg.user.name = "server";
 
+  # snowflake.development.git.enable = true;
   snowflake.development.helix.enable = true;
   snowflake.development.tmux.enable = true;
   snowflake.shell.fish.enable = true;

homes/x86_64-linux/server@smolboye/default.nix

@@ -1,10 +0,0 @@
-_: {
-  snowfallorg.user.enable = true;
-  snowfallorg.user.name = "server";
-
-  snowflake.development.helix.enable = true;
-  snowflake.development.tmux.enable = true;
-  snowflake.shell.fish.enable = true;
-
-  home.stateVersion = "24.11";
-}

modules/nixos/core/default.nix

@@ -20,11 +20,6 @@
       description = "Timezone to use for the system";
       default = "Asia/Kolkata";
     };
-    bootloader = lib.mkOption {
-      type = lib.types.enum ["systemd-boot" "grub"];
-      description = "Bootloader to use, can be either `systemd-boot` or `grub`";
-      default = "systemd-boot";
-    };
   };
 
   config = {
@@ -43,7 +38,7 @@
     snowflake.core.sshd.enable = lib.mkDefault true;
 
     boot = {
-      initrd.systemd.enable = config.snowflake.bootloader == "systemd-boot";
+      initrd.systemd.enable = true;
       initrd.verbose = false;
       # Default to the latest kernel package.
       kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
@@ -55,16 +50,10 @@
         efi.canTouchEfiVariables = true;
         # Use systemd-boot for all systems.
         systemd-boot = {
-          enable = config.snowflake.bootloader == "systemd-boot";
+          enable = true;
           # Show only last 5 configurations in the boot menu.
           configurationLimit = lib.mkDefault 5;
         };
-
-        grub = {
-          enable = config.snowflake.bootloader == "grub";
-          efiSupport = true;
-          forceInstall = true;
-        };
       };
     };
 

modules/nixos/desktop/default.nix

@@ -32,6 +32,8 @@
       enable = true;
       enable32Bit = true;
       extraPackages = with pkgs; [
+        vaapiIntel
+        libvdpau-va-gl
         vaapiVdpau
         intel-media-driver
       ];

modules/nixos/services/arr/jellyfin/default.nix

@@ -28,7 +28,7 @@
             withVpl = true;
           };
         };
-        intel-vaapi-driver = pkgs.intel-vaapi-driver.override {enableHybridCodec = true;};
+        vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
       };
 
       environment.systemPackages = with pkgs; [

modules/nixos/services/mailserver/default.nix

@@ -1,95 +0,0 @@
-{
-  config,
-  inputs,
-  lib,
-  ...
-}: {
-  imports = [inputs.nixos-mailserver.nixosModules.mailserver];
-
-  options.snowflake.services.mailserver = {
-    enable = lib.mkEnableOption "Enable mailserver service";
-
-    fqdn = lib.mkOption {
-      type = lib.types.str;
-      description = "FQDN for the mailserver";
-    };
-
-    domains = lib.mkOption {
-      type = lib.types.listOf lib.types.str;
-      default = [];
-      description = "Configuration domains to use for the mailserver";
-    };
-
-    loginAccounts = lib.mkOption {
-      description = "Login accounts for the domain. Every account is mapped to a unix user";
-    };
-  };
-
-  config = let
-    cfg = config.snowflake.services.mailserver;
-  in
-    lib.mkIf cfg.enable {
-      # Ref: https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275
-      services.dovecot2.sieve.extensions = ["fileinto"];
-
-      mailserver = {
-        inherit (cfg) enable fqdn domains loginAccounts;
-
-        # Spin up a stripped-down nginx instance on
-        # port 80 to generate a certificate automatically.
-        certificateScheme = "acme-nginx";
-
-        # Enable a better way of storing emails.
-        useFsLayout = true;
-
-        mailboxes = {
-          Archive = {
-            auto = "subscribe";
-            specialUse = "Archive";
-          };
-          Drafts = {
-            auto = "subscribe";
-            specialUse = "Drafts";
-          };
-          Sent = {
-            auto = "subscribe";
-            specialUse = "Sent";
-          };
-          Junk = {
-            auto = "subscribe";
-            specialUse = "Junk";
-          };
-          Trash = {
-            auto = "subscribe";
-            specialUse = "Trash";
-          };
-        };
-      };
-
-      # Prefer using ipv4 and use correct ipv6 address
-      # to avoid rDNS issues
-      # NOTE: this needs to be changed on every new system.
-      # TODO: figure out how to handle this case better.
-      services.postfix.extraConfig = ''
-        smtp_bind_address6 = 2a01:4f8:1c1c:90b::
-        smtp_address_preference = ipv4
-      '';
-
-      services.fail2ban.jails = {
-        postfix = {
-          settings = {
-            enabled = true;
-            mode = "extra";
-          };
-        };
-
-        dovecot = {
-          settings = {
-            enabled = true;
-            filter = "dovecot[mode=aggressive]";
-            maxretry = 3;
-          };
-        };
-      };
-    };
-}

secrets/machines/bicboye/password.age

@@ -1,8 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 XInHQA 4zhb+FUVzFXJywxv2uevAKOB7kmpe6Gxsqi5mDLoSms
+-> ssh-ed25519 XInHQA /NRM0XjHa8w8lmRHi+aTpCuViwJGcUxAVAez0PSGdwQ
-FS7stCFve9VwUTj1KNFqh4kNHAEs33PUnJVUZVjdE3s
+UiW+Vnk2Z1/8apx8JTTXNw0+Mw+txBvwzh3xgQyslig
--> ssh-ed25519 9JjquQ DfIEgyGi5nft7TNIzy9haDuanmQz780158ACnEOvNXQ
+-> ssh-ed25519 9JjquQ Cd54qelvmj8O4x4eIi0UtWxGhqvlfCIHBqBxtd99h2E
-4lE2VklzR5evM+ozTychRT563FCbs1H6VsFlGK1k3/U
+IdYDmPrOPzAimL/M2foYOFsEMcLXTMUolPOy+0gZxNg
---- N9xA3vBfzQ7BiKwYWUIyIXPHg/sODBroXSfVsxh4usk
+-> ssh-ed25519 8S096g x1o/dQKQIywGlX/vJ2eQqCuWPb2BQNZsEIO4RkkNRxA
-õ<>^HÝýP2r<32>…ìªù˜/L<>p0î'L¶WSW„
+oijplPOdsYYreti3I7bX1KwdHQrWft63bAJBlUGcSzg
-ËBð‰q 8‘R7Ä`ù~:±Ž’4ê%q'»¼÷…Å“çÙJÆ\já
Ú¥{±ǹlÙd0ò^wñMS<4D>)¯Ïõß¼Ráà¨ùR¢´P
VyF2`–ÈÝC·Ò‘¶KÝÇ
+--- H78isjmjr1DgBAaq0cuzpxQHEwrdVf7rgbgGSX/K/pQ
+Ȯ8²D>X€<å X€9 ‹?Ǥ{>ìüšLÌ«ž°üãk·††Œ}݉_ß%×Sµ÷<C2B5>ïÈ\—|-žÊø"Ã䩘#;ÃJŽÁ»£ã
ÕäÉ2iÚ(ƒ¹ùR3°ÜØÔ(Ð=F’–zü.^‹¦<E280B9>»‚<C2BB>
+Iž£MLuäãΠì©ÙïÜ
'ÕúÚ

secrets/machines/smolboye/root-password.age

@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 XInHQA BeG8hdmEGOcfCJGjZ8ps03XDV4DNPqMfXuFGIXitSVM
-5lTE5CORKB107B8509PPiLCeYlwP1x80Jyh2CxI0BTg
--> ssh-ed25519 H9OGOA gqAqKcTLuE7gJ5lWvTUs/mnmTv4CyN9GWj6ce9YmSz0
-AVKH1l8QEuBlCJS7dZ8cFxbeWF6qjjZWn9fg3uOF9WU
---- U0k1MgVffkdgn+pStscCnCNOFgtlCW8URf5wesIjO5w
-žYzSº<53>¿úfêÍù““ã†ÂONüP³Ù,N7°¯~” Šb<>=ùK
èiâõ”~•ŠéBkÙO=½¸Ó<19>ï½}}AäNYmÇwíëS>uh\?Z<>%&õ¹ Þ
X7a'H˜.+Ø<>6%{¥ôL ŒZýÆõñ¨&T	·ýAµ.¶÷™ã

secrets/machines/thonkpad/root-password.age

@@ -1,9 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 XInHQA K+oxMLahFGchNXHvAFdyimz2Apy9Er0RYo4QaiGKlRA
+-> ssh-ed25519 XInHQA YlsFWaxt61N+2wkCBCq4Er7bJkX9eNE4F9QbzfYGZFE
-AjuOBPwS1B3GYHIv/rHAggIunpnxn4ZjrrXm/FY71Fc
+zy8p5Ulj5SYSFJAmvqH7M6bmYAJTAQB5+WtZExTGw9E
--> ssh-ed25519 XbzZEw 54MejQADu15FohnVY4AoJ0QIunva88wTdVAu3n5Qj0A
+-> ssh-ed25519 XbzZEw /ClsbbHS1B3QBCj7fZCF3KpMCegACxcFBp/HaBuUJns
-l4Rou2LJWD/H+0P0PVEPPJRfMxUAvZ627nF1H45fN5w
+TLQLCXSxaC7gjVUJzIwnjTcB7tSTwohQBthQwJY/gRA
--> ssh-ed25519 wWcc7w avZmPAmK1wxBGme/QOpN2NNG607rIuO4V5TTG3NPohw
+--- 37R1nYNXpPHsMh8Ilpc4pAIM0/2qcZhzpWcQIC3zB8I
-mQ5EhtKXdoWCe9DPOq6YGMvzOyzSYJupVUwI426UfH4
+ÈŽExÿ£

œvà€ß@Cø÷î¥]<5D><12>Ú‚ô—Á¤ÎžIàè9y/<2F>Aš—AŸbvû‘hö²œÂ3¸Ì2AÅ–+œ÷ØÉÇ¿@ýÊ[†zðœš=Þ‘Îä¹™Ÿê: $œT7œœ<>'ŠKø¥]K¯àk<C3A0>.ü£`ÎBÈÈlð÷MŠÃ¶´7oÁØøÕQ
---- CPxwqeO5n/4hL/W/FLoNa/q/MPy+MDGoEvj+/+4xM90
--‘D¤¶<KX²ç¢ó*ÖÙ;®ëŸ”ýíV<C3AD>¥‘㜔‰%ö+òèpcóR<C3B3>’W.³•à˜6CÅ705Ì~m‘{	uB MÅt£ÇË%é‰Õö#nUÿ?œKßñTÒ͆Ê1ß„fÝ™`CŸï½\”ñ¿Ô¼wÞ,©§ƒ½ýVq”ÁöØ‘

secrets/monitoring/grafana/password.age

@@ -1,7 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 XInHQA V3BAG1j/P2HejGlz7uuJI6s0jjEFRj4Tid3jok+SwiU
+-> ssh-ed25519 XInHQA k39Tpe44MbIY/fa8Sf3f9JXjTlQN849nKWI3G+c4plA
-fSigrUqR7NftZoExPCLHCPeM7IL78/aKh3rdWH8Zf0M
+Y05ZLbNPJePRU1mLV87KuhQceWZC3LcpM/qX5mOMHg8
--> ssh-ed25519 9JjquQ GfdotrSLXOMsZdBZ3PkaPkB7BhAUZ1bpxJk9CulByG4
+-> ssh-ed25519 9JjquQ Si+4zoaU6TMP0cymWGQdc54fDhLisYGIi1EXZ9+vbmY
-gVFvs1mko1CsAVTuVBtslxQo4+zWJPdvG0xbjeMSo0g
+cMRoa1Owu1zwhnT6HPwGKk6y3vtHBi8rCnyJfbrAPZY
---- 1r3YAISrWtrMIqQIB4ATNjDyQtIIoJilYW9Vo7vhAjE
+--- Y27ZK2+ekW1WKGZqTV6Q3mrNNzVWXA7v8JPOylZWYdE
-{»uÁ[§¾Hq™nÖ(æ?9ÈÕãƒá<C692>+ƒŒã¹3-IòWФG<C2A4>l¨xFÉÙ?ÄÎ+Kùüà³Õ±»yÍãåc
+‹> âQà0l­Zy±¼jÈI
|TVÖ	KPæ[ìþ˜ªFàI*~LŒÅܯK|b	™!|ÏÅ,é¯ûö­´e™G

secrets/secrets.nix

@@ -24,15 +24,12 @@ in {
   "machines/thonkpad/root-password.age".publicKeys = thunderbottom ++ thonkpad;
   "machines/bicboye/password.age".publicKeys = thunderbottom ++ bicboye;
   "machines/bicboye/root-password.age".publicKeys = thunderbottom ++ bicboye;
-  "machines/smolboye/password.age".publicKeys = thunderbottom ++ smolboye;
-  "machines/smolboye/root-password.age".publicKeys = thunderbottom ++ smolboye;
   "monitoring/grafana/password.age".publicKeys = thunderbottom ++ bicboye;
-  "services/backups/environment.age".publicKeys = thunderbottom ++ bicboye;
+  "services/backup/environment.age".publicKeys = thunderbottom ++ bicboye;
-  "services/backups/password.age".publicKeys = thunderbottom ++ bicboye;
+  "services/backup/password.age".publicKeys = thunderbottom ++ bicboye;
   "services/gitea/password.age".publicKeys = thunderbottom ++ bicboye;
   "services/maddy/password.age".publicKeys = thunderbottom ++ bicboye;
   "services/maddy/user-watashi.age".publicKeys = thunderbottom ++ servers;
-  "services/mailserver/watashi.age".publicKeys = thunderbottom ++ smolboye;
   "services/miniflux/password.age".publicKeys = thunderbottom ++ bicboye;
   "services/paperless/password.age".publicKeys = users ++ bicboye;
   "services/unifi-unpoller/password.age".publicKeys = users ++ bicboye;

secrets/services/maddy/user-watashi.age

@@ -1,9 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 XInHQA WP015mlZCrAnZyk2WofQjH1GXWd25bzsqApPZOx8r3k
+-> ssh-ed25519 XInHQA RfnooKxGudC9db3TeLiHCeBAQmoBMKQYwne1kPwBB3Y
-iZ4zz2WmAoauBkkdzXxlTxt5sioUztazaEbwRNVmdAg
+Cy7nE5t4HksIkTGiE5A5eWugtPpLLgKg675a9QAJ1OQ
--> ssh-ed25519 9JjquQ CBeSho6W8pqjX2stzABIbsNH+1rCeSaANNqqDJxhNzI
+-> ssh-ed25519 9JjquQ IXrC89snSDyCk0/cHfZxK3I7VBDOkMB7RqLikSzFfhc
-fbvXxdwB8zvPvabAeWwhLdf/L7Uu3c6JeXxRCGWJy5E
+gJUgWJT00puABYjKgSlQIScxwIzLzw9G04MeYq5skMw
--> ssh-ed25519 H9OGOA VUkG3NHaLG+qKBLEm8RP1blNZ0mDPIC2UQRk1yYxHh0
+-> ssh-ed25519 8S096g euxCvoiDEsR3+X5YsbTeDluRA8f5iLFV7KOC1aLwH3U
-oJVTSqh4R/85xdhVsQGOIJ5ZOcBWE/rFjmUQU50h0K8
+TDIIZoqkh2DPUVno76U16Y/9HaU5dCL/AqgbqBNF/BU
---- eRstd/AHMaZSZcf27Z+iNTvLQwC3IjLv2TP796qmSn4
+-> ssh-ed25519 H9OGOA VmODcaMxRDUeD0sbrtFNTAiuI/gI7+zVEQwfhC7gT1s
-?W#ÔR†¾Ply—}Ž_G<>ÝW\Wú“³Æ"å£(Ô(H¦ÏSÇØiA$%ºùËiÜ×ã.~Gî	Á]8
+p95/aXRwH3PdgsiMMxR/pEFlithxc68STelHRxAZoKM
+--- WVxsIeOZysNFXyQiihNL527CpfNy6WuSVw7UnrMEmAU
+Ì	¦=K+t¹zf8
coœÈÅQZ÷<5A>ÀŸ.ý²/xðSç«Yª?ÜÊÂ<=^Ny€‘¿`'ŠÜù¯Z¸¾ŠÚà7

secrets/services/mailserver/watashi.age

@@ -1,7 +0,0 @@
-<EFBFBD>
-<EFBFBD>
-<EFBFBD>
-<EFBFBD>
-<EFBFBD>
-<EFBFBD>
-<EFBFBD>

secrets/services/paperless/password.age

@@ -1,11 +1,13 @@
 age-encryption.org/v1
--> ssh-ed25519 XInHQA lBnG5xabcJ/T96pljsvMSYRBWmw1C482pJo8MLyxWAM
+-> ssh-ed25519 XInHQA UWrsDGlrkZ6xmFFSOCrAZbybIvIYQc1QKhgXhdDSoxY
-ruh6EYwb+qm7uxVGK9SUct3bvFs6Mdd5cY2kpkNj4YE
+5Je6sUO8h71WJkFpof3XcxnIUEexutrEz5TXT1Bwobg
--> ssh-ed25519 K8TEKA ZKVjldfNzm6r2BS7hvaTtZUYbVPmqxtJ9eBwi5SbKzw
+-> ssh-ed25519 K8TEKA Kxxgpb4qEFVQ+KJpb2wBwKjQc22PwjEEB3Y3ERmm924
-eUzxYLCgI8jw1Rsk/0Jlx9bCo+tfWyePlwNTOWsLXpM
+2O4zzOOyH8SeRScBhGFKopMD5eZKtOF63fWs3YjqC5Q
--> ssh-ed25519 7+Zv5Q 37+4858UVoKzhKlee3ID7+hXXvnU8EmXJm0glFF5ZXI
+-> ssh-ed25519 7+Zv5Q 3A3v+goiSRXpBhb3hAVJXbHuHdT+L4Xr178ML/pfG2s
-gbq7P4g1mav8WjiMlKVW25O8dj6ZSFt7qc//h8zRVWE
+Ds1qBZlDl2mnlZvRcI0fEvDQ79KmUFAYICoVrcoA+Oc
--> ssh-ed25519 9JjquQ BAEFuSeq6DXdGnMKmTt5fpzmRL5G/3pIsHxxCznlyXY
+-> ssh-ed25519 9JjquQ 0p+mZLwhphoGDdmpOxgQrzIX+Y2w0RvIdNMlSarL90s
-ucGrfwU7iFvt1qjXmhbuKF8VdReA4z79UFu9bkEJTBo
+8P+l4oPQ3qEtR4KWk7W7wkxGEjroqMA5f70+1eUjdY8
---- H8MN4G5HyR6lQmdKcDSsqzoIVs5AYsTWnfM08LwmSKA
+-> ssh-ed25519 8S096g 5cTN3f5x+9Qizop1nRdjkqe0pa1S3LjR0pbMTccsPWM
-åÝ@(úP+`¿;ß;Ìöu¿:Q¥™³ÆÒ¯`WèŸJSr#fí5«¿*)í¬f»8Ç<PÚ6boðÌ6¹i`¶Ï
+gGn24WckcR1iCNJH2oB8gekTTty/a4asssRmDlgEpwU
+--- LCrdBMibVYcT7SAS+jw+IBSb8nHdqvCpP0oe4fVc9OQ
+	<1F>æèQÐÒ<C390>x¥Q,•¹ºÓéS­<53>WŠõ<C5A0>$2È­’Ó3E“Aîß-×fc‰dæ•wV¿i2ÌvÏŸê >Z

secrets/services/unifi-unpoller/password.age

@@ -1,11 +1,12 @@
 age-encryption.org/v1
--> ssh-ed25519 XInHQA hYVanXynnpdxjHwiRjiU9FBXMk6IMtRFUpBT3gZe1UU
+-> ssh-ed25519 XInHQA bMzwX3D3LAeB2oFjeCgQy6NtXfde87lGBBhJN7Nrox4
-/kg0btVFvuIPoOM9X3ZwW73H+mxlqX+zMxTU5mY/aVQ
+h6hwikEijHYMUTWhBuSgz+nxnnj00VlSibTZc2JmnBY
--> ssh-ed25519 K8TEKA Agtc83EZclwand7EfAANze3PfNY6E+nk2cLyM6b6Iyk
+-> ssh-ed25519 K8TEKA s2cQpiLdC+1XBH5cIE5Z/IUEpsk564jYrsafVZSMgVQ
-qsABTxon2mCkgy0ABJRMP6D04FncCZHHTY9wfWEyyO0
+d5qPoJhyUToxN639uoR0J9kcfvubItuzXGoVk6Sewao
--> ssh-ed25519 7+Zv5Q GCoSL4mMvbanYCCnz1h+iC/p+4Ua/fuFe6rdbl1GSSo
+-> ssh-ed25519 7+Zv5Q pdOyuEw0qr/owYTSBq1Ewmge/0iGrf5PVQe8nSRKRhk
-kbowsEOd6f9Eo/PHW2W1ANMrrd//+XdBsLaz6t6SEVI
+WWnMY5blWR6JOEz8dcOXdFoz9Vfj7J3EmVfVfb0qAmQ
--> ssh-ed25519 9JjquQ OTiB10cqC5iGmC8+4CxS6keHvuWZllWJ3CpP6BLDSDI
+-> ssh-ed25519 9JjquQ V82cwaqtAmVTMeyWvd23c0xOUk38tnmwFMKPeNZbbik
-9b0LvgFbaLixRH5O6lnGgS50sxL1jD/YJbH/6ZE+aK8
+iWuQQSWFGf5ZqTyv78YRk7D96W8UXTnbaMLZ6F0ctj8
---- LQ/Rxvwpq7Um2LfV8szBZtj1e6IihTKOHdZS8Dixds4
+--- PtBBUhavizHrdmvxBF9qcB4rYEcB0A4AWqRl1Wp1Hic
-“ƒùZ”[4{@¶¨¤ùuKÅ`ô‰Ánº:>½ïCNØŠsÍÕ«2¿ÄÁIþa
+Åê
Þ`ÐXj*Ä3U±Ë÷ :¢7…ä´s<C2B4>Zž1eA«
+ø‰‘µýíRú#ì

systems/x86_64-linux/bicboye/hardware-intel.nix

@@ -0,0 +1,122 @@
+_: {
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "xhci_pci"
+        "ahci"
+        "ehci_pci"
+        "nvme"
+        "usbhid"
+        "usb_storage"
+        "sd_mod"
+      ];
+      luks.devices."cryptroot".device = "/dev/disk/by-uuid/e570c2be-65df-4208-9cac-a03de08a6209";
+    };
+    kernelModules = ["kvm-intel"];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/a1b57a56-16d4-45ea-bac3-daeacd3dbcb2";
+      fsType = "btrfs";
+      options = [
+        "defaults"
+        "compress-force=zstd"
+        "noatime"
+        "ssd"
+        "subvol=@"
+      ];
+      neededForBoot = true; # required
+    };
+
+    "/home" = {
+      device = "/dev/disk/by-uuid/a1b57a56-16d4-45ea-bac3-daeacd3dbcb2";
+      fsType = "btrfs";
+      options = [
+        "defaults"
+        "compress-force=zstd"
+        "noatime"
+        "ssd"
+        "subvol=@home"
+      ];
+    };
+
+    "/.snapshots" = {
+      device = "/dev/disk/by-uuid/a1b57a56-16d4-45ea-bac3-daeacd3dbcb2";
+      fsType = "btrfs";
+      options = [
+        "defaults"
+        "compress-force=zstd"
+        "noatime"
+        "ssd"
+        "subvol=@snapshots"
+      ];
+    };
+
+    "/var/log" = {
+      device = "/dev/disk/by-uuid/a1b57a56-16d4-45ea-bac3-daeacd3dbcb2";
+      fsType = "btrfs";
+      options = [
+        "defaults"
+        "compress-force=zstd"
+        "noatime"
+        "ssd"
+        "subvol=@log"
+      ];
+    };
+
+    "/etc/nixos" = {
+      device = "/dev/disk/by-uuid/a1b57a56-16d4-45ea-bac3-daeacd3dbcb2";
+      fsType = "btrfs";
+      options = [
+        "defaults"
+        "compress-force=zstd"
+        "noatime"
+        "ssd"
+        "subvol=@nixos-config"
+      ];
+    };
+
+    "/var/cache" = {
+      device = "/dev/disk/by-uuid/a1b57a56-16d4-45ea-bac3-daeacd3dbcb2";
+      fsType = "btrfs";
+      options = [
+        "defaults"
+        "compress-force=zstd"
+        "noatime"
+        "ssd"
+        "subvol=@cache"
+      ];
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/B731-09A3";
+      fsType = "vfat";
+      options = ["fmask=0022" "dmask=0022"];
+    };
+
+    # "/storage/immich" = {
+    #   device = "/dev/disk/by-uuid/bae65b7a-4f08-4b0d-963c-72e71bfcff46";
+    #   fsType = "btrfs";
+    #   options = [
+    #     "defaults"
+    #     "compress-force=zstd"
+    #     "noatime"
+    #     "user"
+    #   ];
+    # };
+
+    # TODO: delete btrfs subvolume
+    # "/storage/syncthing" = {
+    #   device = "/dev/disk/by-uuid/e3a4c251-a3e2-4b5e-a63b-70f53b51836a";
+    #   fsType = "btrfs";
+    #   options = [
+    #     "defaults"
+    #     "compress-force=zstd"
+    #     "noatime"
+    #     "user"
+    #   ];
+    # };
+  };
+  swapDevices = [];
+}

systems/x86_64-linux/smolboye/default.nix

@@ -1,92 +0,0 @@
-{
-  config,
-  lib,
-  userdata,
-  ...
-}: {
-  imports = [./disk-config.nix];
-
-  hardware.cpu.intel.updateMicrocode = true;
-  hardware.enableRedistributableFirmware = true;
-
-  networking = {
-    hostName = "smolboye";
-    nameservers = ["1.1.1.1"];
-    useDHCP = lib.mkDefault false;
-    interfaces.enp1s0 = {
-      useDHCP = lib.mkDefault true;
-      ipv6.addresses = [
-        {
-          address = "2a01:4f8:1c1c:90b::";
-          prefixLength = 64;
-        }
-      ];
-    };
-    defaultGateway6 = {
-      address = "fe80::1";
-      interface = "enp1s0";
-    };
-    firewall.allowedTCPPorts = [80 443];
-  };
-
-  boot = {
-    initrd.availableKernelModules = ["xhci_pci" "ahci" "ehci_pci" "nvme" "usb_storage" "sd_mod"];
-    kernelModules = ["kvm-amd" "virtio_gpu"];
-    kernelParams = ["console=tty"];
-    loader.grub.device = "/dev/sda";
-    supportedFilesystems = ["btrfs"];
-  };
-
-  # Enable weekly btrfs auto-scrub.
-  services.btrfs.autoScrub = {
-    enable = true;
-    interval = "weekly";
-    fileSystems = ["/"];
-  };
-
-  security.acme.defaults.email = "chinmaydpai@gmail.com";
-
-  age.secrets = {
-    mailserver-watashi.file = userdata.secrets.services.mailserver.watashi.password.file;
-  };
-
-  snowflake = {
-    stateVersion = "24.11";
-    bootloader = "grub";
-
-    core.security.sysctl.enable = lib.mkForce false;
-
-    networking.firewall.enable = true;
-    networking.networkManager.enable = true;
-    networking.resolved.enable = true;
-
-    services = {
-      mailserver = {
-        enable = true;
-        fqdn = "mail.deku.moe";
-        domains = ["deku.moe"];
-        loginAccounts = {
-          "watashi@deku.moe" = {
-            hashedPasswordFile = config.age.secrets.mailserver-watashi.path;
-            aliases = ["@deku.moe"];
-            catchAll = ["deku.moe"];
-          };
-        };
-      };
-    };
-
-    user = {
-      enable = true;
-      username = "server";
-      description = "Smolboye Server";
-      userPasswordAgeModule = userdata.secrets.machines.smolboye.password;
-      rootPasswordAgeModule = userdata.secrets.machines.smolboye.root-password;
-      extraAuthorizedKeys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3PeMbehJBkmv8Ee7xJimTzXoSdmAnxhBatHSdS+saM"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyY8ZkhwWiqJCiTqXvHnLpXQb1qWwSZAoqoSWJI1ogP"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQWA+bAwpm9ca5IhC6q2BsxeQH4WAiKyaht48b7/xkN"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C"
-      ];
-    };
-  };
-}

systems/x86_64-linux/smolboye/disk-config.nix

@@ -1,57 +0,0 @@
-{
-  disko.devices = {
-    disk = {
-      sda = {
-        type = "disk";
-        device = "/dev/sda";
-        content = {
-          type = "gpt";
-          partitions = {
-            boot = {
-              priority = 1;
-              name = "ESP";
-              start = "1M";
-              end = "128M";
-              type = "EF00";
-              content = {
-                type = "filesystem";
-                format = "vfat";
-                mountpoint = "/boot";
-              };
-            };
-            root = {
-              size = "100%";
-              content = {
-                type = "btrfs";
-                extraArgs = ["-f"];
-                subvolumes = {
-                  "/root" = {
-                    mountpoint = "/";
-                    mountOptions = ["compress=zstd" "noatime"];
-                  };
-                  "/home" = {
-                    mountpoint = "/home";
-                    mountOptions = ["compress=zstd" "noatime"];
-                  };
-                  "/nix" = {
-                    mountpoint = "/nix";
-                    mountOptions = ["compress=zstd" "noatime"];
-                  };
-                  "/swap" = {
-                    mountpoint = "/.swapvol";
-                    mountOptions = ["nodatacow" "noatime"];
-                    swap.swapfile.size = "20M";
-                  };
-                  "/log" = {
-                    mountpoint = "/var/log";
-                    mountOptions = ["compress=zstd" "noatime"];
-                  };
-                };
-              };
-            };
-          };
-        };
-      };
-    };
-  };
-}

systems/x86_64-linux/thonkpad/default.nix

@@ -6,8 +6,13 @@
 }: {
   imports = [./hardware.nix];
 
+  chaotic.mesa-git.enable = true;
+
   hardware.cpu.intel.updateMicrocode = true;
   hardware.enableRedistributableFirmware = true;
+  hardware.graphics.extraPackages = with pkgs; [
+    mesa_git.opencl
+  ];
 
   networking.hostName = "thonkpad";
   networking.interfaces.wlan0.useDHCP = lib.mkDefault false;

systems/x86_64-linux/thonkpad/thonkpad-12.nix

@@ -0,0 +1,136 @@
+_: {
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "xhci_pci"
+        "thunderbolt"
+        "nvme"
+        "usb_storage"
+        "sd_mod"
+      ];
+      luks.devices."cryptroot".device = "/dev/disk/by-uuid/9de352ea-128f-4d56-a720-36d81dfd9b92";
+    };
+    kernelModules = [
+      "kvm-intel"
+      # "thinkpad_acpi"
+      "iwlwifi"
+      "xe"
+    ];
+    kernelParams = [
+      "xe.force_probe=7d45"
+      # "resume_offset=2465529"
+      # "intel_pstate=active"
+      # "thinkpad_acpi.fan_control=1"
+    ];
+    # resumeDevice = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
+      fsType = "btrfs";
+      options = [
+        "defaults"
+        "autodefrag"
+        "compress-force=zstd"
+        "noatime"
+        "ssd"
+        "subvol=@"
+      ];
+      neededForBoot = true;
+    };
+
+    "/home" = {
+      device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
+      fsType = "btrfs";
+      options = [
+        "defaults"
+        "autodefrag"
+        "compress-force=zstd"
+        "noatime"
+        "ssd"
+        "subvol=@home"
+      ];
+    };
+
+    "/.snapshots" = {
+      device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
+      fsType = "btrfs";
+      options = [
+        "defaults"
+        "compress-force=zstd"
+        "noatime"
+        "ssd"
+        "subvol=@snapshots"
+      ];
+    };
+
+    "/var/log" = {
+      device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
+      fsType = "btrfs";
+      options = [
+        "defaults"
+        "autodefrag"
+        "compress-force=zstd"
+        "noatime"
+        "ssd"
+        "subvol=@log"
+      ];
+    };
+
+    "/var/cache" = {
+      device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
+      fsType = "btrfs";
+      options = [
+        "defaults"
+        "autodefrag"
+        "compress-force=zstd"
+        "noatime"
+        "ssd"
+        "subvol=@cache"
+      ];
+    };
+
+    "/etc/nixos" = {
+      device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
+      fsType = "btrfs";
+      options = [
+        "defaults"
+        "compress-force=zstd"
+        "noatime"
+        "ssd"
+        "subvol=@nix-config"
+      ];
+    };
+
+    "/nix" = {
+      device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
+      fsType = "btrfs";
+      options = [
+        "defaults"
+        "autodefrag"
+        "compress-force=zstd"
+        "noatime"
+        "ssd"
+        "subvol=@nix-store"
+      ];
+    };
+
+    # ref: https://sawyershepherd.org/post/hibernating-to-an-encrypted-swapfile-on-btrfs-with-nixos/
+    # "/swap" = {
+    #   device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
+    #   fsType = "btrfs";
+    #   options = [
+    #     "subvol=@swap"
+    #     "noatime"
+    #   ];
+    # };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/B9A2-7AA6";
+      fsType = "vfat";
+      options = ["fmask=0022" "dmask=0022"];
+    };
+  };
+  swapDevices = [];
+}