14 files changed, 190 insertions, 47 deletions

diff --git a/.gitignore b/.gitignore
index 754a23a..42e497a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@ devenv.local.nix
 
 # pre-commit
 .pre-commit-config.yaml
+flake.lock
diff --git a/flake.nix b/flake.nix
index 2ec54c1..f2ac92f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -3,6 +3,7 @@
   description = "Master flake";
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs-old.url = "github:nixos/nixpkgs/nixos-24.11";
     nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05";
     nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-25.05-darwin";
     nixpkgs-unfree.url = "github:numtide/nixpkgs-unfree?ref=nixos-unstable";
@@ -27,11 +28,11 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    # claude-desktop = {
-    #   url = "git:file:/home/y/code/nix/claude-desktop-linux-flake";
-    #   inputs.nixpkgs.follows = "nixpkgs";
-    #   inputs.flake-utils.follows = "flake-utils";
-    # };
+    claude-desktop = {
+      url = "git:file:/home/y/code/nix/claude-desktop-linux-flake";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.flake-utils.follows = "flake-utils";
+    };
     agenix = {
       url = "github:yaxitech/ragenix";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -103,6 +104,24 @@
       url = "github:cachix/devenv";
     };
 
+    zen-browser = {
+      url = "github:youwen5/zen-browser-flake";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    openai-codex = {
+      url = "github:openai/codex";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    # quickshell = {
+    #   # remove ?ref=v0.1.0 to track the master branch
+    #   url = "git+https://git.outfoxxed.me/outfoxxed/quickshell?ref=v0.1.0";
+
+    #   # THIS IS IMPORTANT
+    #   # Mismatched system dependencies will lead to crashes and other issues.
+    #   inputs.nixpkgs.follows = "nixpkgs";
+    # };
     # determinate systems patched nix. supposedly for enterprise
     # determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*";
   };
diff --git a/hosts/cloud/hetzner/configuration.nix b/hosts/cloud/hetzner/configuration.nix
index 73ca07e..a432391 100644
--- a/hosts/cloud/hetzner/configuration.nix
+++ b/hosts/cloud/hetzner/configuration.nix
@@ -14,6 +14,7 @@
     ../users.nix
     ../packages.nix
     ../../server.nix
+    ./mail.nix
   ];
   boot = {
     loader.grub = {
diff --git a/hosts/cloud/hetzner/mail.nix b/hosts/cloud/hetzner/mail.nix
new file mode 100644
index 0000000..deab818
--- /dev/null
+++ b/hosts/cloud/hetzner/mail.nix
@@ -0,0 +1,82 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  environment.etc = {
+    "stalwart/mail-pw1".text = "poguo";
+    "stalwart/mail-pw2".text = "shahezai";
+    "stalwart/admin-pw".text = "chengchun";
+    "stalwart/acme-secret".text = "caomushen";
+  };
+
+  services.stalwart-mail = {
+    enable = true;
+    package = pkgs.stalwart-mail;
+    openFirewall = true;
+    settings = {
+      server = {
+        hostname = "mail.urbit.cloud";
+        tls = {
+          enable = true;
+          implicit = true;
+        };
+        listener = {
+          smtp = {
+            protocol = "smtp";
+            bind = "[::]:25";
+          };
+          submissions = {
+            bind = "[::]:465";
+            protocol = "smtp";
+          };
+          imaps = {
+            bind = "[::]:993";
+            protocol = "imap";
+          };
+          jmap = {
+            bind = "[::]:88888";
+            url = "https://mail.urbit.cloud";
+            protocol = "jmap";
+          };
+          management = {
+            bind = ["127.0.0.1:8888"];
+            protocol = "http";
+          };
+        };
+      };
+      lookup.default = {
+        hostname = "mail.urbit.cloud";
+        domain = "urbit.cloud";
+      };
+      session.auth = {
+        mechanisms = "[plain]";
+        directory = "'in-memory'";
+      };
+      storage.directory = "in-memory";
+      session.rcpt.directory = "'in-memory'";
+      queue.outbound.next-hop = "'local'";
+      directory."in-memory" = {
+        type = "memory";
+        principals = [
+          {
+            class = "individual";
+            name = "User 1";
+            secret = "%{file:/etc/stalwart/mail-pw1}%";
+            email = ["polwex@urbit.cloud"];
+          }
+          {
+            class = "individual";
+            name = "postmaster";
+            secret = "%{file:/etc/stalwart/mail-pw1}%";
+            email = ["postmaster@urbit.cloud"];
+          }
+        ];
+      };
+      authentication.fallback-admin = {
+        user = "admin";
+        secret = "%{file:/etc/stalwart/admin-pw}%";
+      };
+    };
+  };
+}
diff --git a/hosts/cloud/sortug/gitea.nix b/hosts/cloud/sortug/gitea.nix
index a25773a..05f304c 100644
--- a/hosts/cloud/sortug/gitea.nix
+++ b/hosts/cloud/sortug/gitea.nix
@@ -1,27 +1,42 @@
-{ config, ...}:
-{
-  services.gitea = {
+{...}: {
+  # services.gitea = {
+  #   enable = true;
+  #   user = "git";
+  #   appName = "Sortug Git";
+  #   settings.server = {
+  #     domain = "git.sortug.com";
+  #     ROOT_URL = "https://git.sortug.com/";
+  #     SSH_PORT = 5522;
+  #   };
+  #   lfs.enable = true;
+  # };
+
+  # users.users = {
+  #   git = {
+  #     description = "Gitea Service";
+  #     home = "/var/lib/gitea";
+  #     useDefaultShell = true;
+  #     group = "gitea";
+  #     isSystemUser = true;
+  #   };
+  # };
+
+  services.gitolite = {
     enable = true;
-    user = "git";
-    appName = "Sortug Git"; 
-    settings.server = {
-      domain = "git.sortug.com";
-      ROOT_URL = "https://git.sortug.com/";
-      SSH_PORT = 5522;
-    };
-    lfs.enable = true;
+    adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbdwmBis6Ss6xuDFvIsBE4foQfYECgl0pR60sIzLNtV";
   };
-  
-  users.users = {
-    git = {
-      description = "Gitea Service";
-      home = "/var/lib/gitea";
-      useDefaultShell = true;
-      group = "gitea";
-      isSystemUser = true;
+  services.cgit.y = {
+    enable = true;
+    user = "gitolite";
+    group = "gitolite";
+    # extraConfig = ''
+    #   robots=noindex, nofollow
+    # logo=/var/lib/sortug-logo.png
+    # '';
+    scanPath = "/var/lib/gitolite/repositories";
+    nginx = {
+      virtualHost = "git.sortug.com";
+      location = "/";
     };
   };
-
-
-
 }
diff --git a/hosts/cloud/sortug/mail.nix b/hosts/cloud/sortug/mail.nix
index ef10866..68a960a 100644
--- a/hosts/cloud/sortug/mail.nix
+++ b/hosts/cloud/sortug/mail.nix
@@ -6,6 +6,7 @@
   # services.dovecot2.sieve.extensions = ["fileinto"];
   mailserver = {
     enable = true;
+    stateVersion = 1;
     fqdn = "mail.sortug.com";
     domains = ["sortug.com" "yago.onl"];
     # workaround
diff --git a/hosts/cloud/sortug/nginx.nix b/hosts/cloud/sortug/nginx.nix
index 5c129fb..86bc03e 100644
--- a/hosts/cloud/sortug/nginx.nix
+++ b/hosts/cloud/sortug/nginx.nix
@@ -16,12 +16,11 @@
       # root = "/home/y/www";
     };
     virtualHosts."git.sortug.com" = {
+      # basicAuth = {yuanshikai = "seegit";};
+      proxyPass = "http://127.0.0.1:3000";
+      proxyWebsockets = true; # needed if you need to use WebSocket
       enableACME = true;
       forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:3000";
-        proxyWebsockets = true; # needed if you need to use WebSocket
-      };
     };
     virtualHosts."ai.sortug.com" = {
       enableACME = true;
diff --git a/hosts/local/gui.nix b/hosts/local/gui.nix
index fd8ae1e..c8208ec 100644
--- a/hosts/local/gui.nix
+++ b/hosts/local/gui.nix
@@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
+  inputs,
+  pkgs,
+  ...
+}: {
   environment.systemPackages = with pkgs; [
     #terminals
     kitty
@@ -18,7 +22,6 @@
     brave
     firefox
     # librewolf
-    vivaldi
     chromium
     # mail
     thunderbird
@@ -32,5 +35,15 @@
     gimp
     qbittorrent
     zathura # pdf
+    #
+    easyeffects # audio, cool stuff
+    # games!
+    ryujinx
+    wineWowPackages.staging
+    dosbox
+    siyuan
+    inputs.zen-browser.packages.${pkgs.system}.default
+    qimgv
+    # inputs.quickshell.packages.${pkgs.system}.default
   ];
 }
diff --git a/hosts/local/master/configuration.nix b/hosts/local/master/configuration.nix
index 83de833..2a3cc8a 100644
--- a/hosts/local/master/configuration.nix
+++ b/hosts/local/master/configuration.nix
@@ -1,7 +1,16 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
-{pkgs, ...}: {
+{
+  pkgs,
+  inputs,
+  ...
+}: let
+  old-pkgs = import inputs.nixpkgs-old {
+    system = pkgs.system;
+    config.allowUnfree = true;
+  };
+in {
   imports = [
     # Include the results of the hardware scan.
     ../../base.nix
@@ -9,9 +18,9 @@
     ../../unfree.nix
     #../../android.nix
     ../gui.nix
-    # ../i3.nix
+    ../i3.nix
     # ../gnome.nix
-    ../wayland.nix
+    # ../wayland.nix
     ../nvidia.nix
     ./keyboard.nix
     # ./rgb.nix
@@ -53,6 +62,7 @@
   #
   #
   environment.systemPackages = [
+    old-pkgs.vivaldi
     # for AI IDE shit
     # pkgs.nodejs
     # pkgs.python312
diff --git a/hosts/local/master/thinkpad.kbd b/hosts/local/master/thinkpad.kbd
index 6f9c253..82de2e2 100644
--- a/hosts/local/master/thinkpad.kbd
+++ b/hosts/local/master/thinkpad.kbd
@@ -18,7 +18,7 @@ output (uinput-sink "My KMonad output")
 ;; This is the real representation of your actual keyboard. We haven't started
 ;; customizing layouts yet.
 (defsrc
-  esc   f1   f2   f3   f4   f5   f6   f7   f8   f9   f10  f11  f12  del
+  esc   f1   f2   f3   f4   f5   f6   f7   f8   f9   f10  f11  f12  home end ins del
   `     1    2    3    4    5    6    7    8    9    0    -    =    bspc
   tab   q    w    e    r    t    y    u    i    o    p    [    ]    \
   caps  a    s    d    f    g    h    j    k    l    ;    '    ret
@@ -56,36 +56,36 @@ semi   (tap-hold-next-release 280 ; rctl)
 
 ;; The first custom layer is the one that gets activated when kmonad is started
 (deflayer qwerty                             ;; The default layer that'd be read when you launch kmonad
-  esc      f1       f2      f3      f4      f5     f6      f7       f8       f9      f10    f11      f12   del
+  esc      f1       f2      f3      f4      f5     f6      f7       f8       f9      f10    f11      f12   home end ins del
   `         1        2       3       4       5       6       7        8       9        0     -    =   bspc
   tab       q        w       e       r       t       y       u        i       o        p     [    ]     \
   esc       a        s       d       f       g       h       j        k       l        ;     '      ret
-  @sym      z        x       c       v       b       n        m        ,      .       /             rsft
+  lsft      z        x       c       v       b       n        m        ,      .       /             rsft
   lctl    lmet      @sym                     spc                     @cords  @hrt        left     up    right
                                                                                          left    down   right
 )
 (deflayer homerowmods                            
-  esc      f1       f2      f3      f4      f5      f6      f7       f8       f9      f10    f11      f12   del
+  esc      f1       f2      f3      f4      f5      f6      f7       f8       f9      f10    f11      f12   home end ins del
   `         1        2       3       4       5       6       7        8       9        0     -    =   bspc
   tab       q        w       e       r       t       y       u        i       o        p     [    ]     \
   esc     @a       @s      @d      @f       g       h       @j       @k      @l       @semi    '      ret
-  @sym      z        x       c       v       b       n        m        ,      .       /              rsft
+  lsft      z        x       c       v       b       n        m        ,      .       /              rsft
   lctl    lmet     @sym                    spc                        lalt    @back      left     up    right
                                                                                          left    down   right
 )
 (deflayer mods                            
-  esc      f1       f2      f3      f4      f5      f6      f7       f8       f9      f10    f11      f12   del
+  esc      f1       f2      f3      f4      f5      f6      f7       f8       f9      f10    f11      f12   pgup pgdn ins del
   `         1        2       3       4       5       6       7        8       9        0     -    =   bspc
   tab       q        w       e       r       t       y       u        i       o        p     [    ]     h
   esc     lctl     lalt    lmet    lsft     g       h      rsft     rmet    ralt     rctl    '      ret
-  @sym      z        x       c       v       b       n        m        ,      .       /             rsft
+  lsft      z        x       c       v       b       n        m        ,      .       /             rsft
   lctl    lmet     @sym                    spc                        lalt    @back       left    up      right
                                                                                           left    down   right
 )
 
 ;; A layer dedicated to symbols
 (deflayer syms
-  _         _        _       _       _       _        _       _        _        _       _      _         _     _ 
+  esc      f1       f2      f3      f4      f5      f6      f7       f8       f9      f10    f11      f12   pgup pgdn ins del
   _         _        _       _       _       _        _       _        _        _       _      _         _     _
   _         _        _       up      _       _        !       @        #        $       %      _         _     _
   _         _      left    down     right    @sym2    '       ^        &        -       =      _         ret
@@ -96,7 +96,7 @@ semi   (tap-hold-next-release 280 ; rctl)
 
 ;; More symbols
 (deflayer syms2
-  _         _        _       _       _       _        _       _        _        _       _      _         _     _ 
+  esc      f1       f2      f3      f4      f5      f6      f7       f8       f9      f10    f11      f12   pgup pgdn ins del
   _         _        _       _       _       _        _       _        _        _       _      _         _     _
   _         _        _       _       _       _        _       _        _        _       _      _         _     _
   _         _        _       _       _       _        `       ~        *       \_       +      _         ret
diff --git a/hosts/local/nvidia.nix b/hosts/local/nvidia.nix
index 40217ac..ed505c6 100644
--- a/hosts/local/nvidia.nix
+++ b/hosts/local/nvidia.nix
@@ -18,6 +18,7 @@ in {
   #
   hardware.graphics = {
     enable = true;
+    extraPackages = [pkgs.nvidia-vaapi-driver];
   };
   # hardware.graphics= {
   # package = (pkgs.mesa.override { galliumDrivers = [ "i915" "swrast" ]; }).drivers;
@@ -52,7 +53,7 @@ in {
     modesetting.enable = true;
     powerManagement.enable = false;
     powerManagement.finegrained = false;
-    # forceFullCompositionPipeline = true;
+    forceFullCompositionPipeline = true;
     # nvidiaSettings = true;
     open = false;
   };
diff --git a/hosts/local/wayland.nix b/hosts/local/wayland.nix
index 8de0450..c33bf23 100644
--- a/hosts/local/wayland.nix
+++ b/hosts/local/wayland.nix
@@ -105,6 +105,7 @@
     #    espeak-ng-data
     wineWowPackages.waylandFull
     libcamera # pipewire seems to want this
+    tracy # cool system watcher
   ];
   services.speechd.enable = true;
 
diff --git a/hosts/pkgs.nix b/hosts/pkgs.nix
index 17556bf..a06789d 100644
--- a/hosts/pkgs.nix
+++ b/hosts/pkgs.nix
@@ -53,6 +53,7 @@
       direnv
       nix-direnv
       devenv
+      devbox
       # inputs.devenv.packages.${pkgs.system}.default
       # scraping
       python312Packages.yt-dlp
diff --git a/hosts/unfree.nix b/hosts/unfree.nix
index 803c04d..8fbf3c4 100644
--- a/hosts/unfree.nix
+++ b/hosts/unfree.nix
@@ -14,7 +14,6 @@
   environment.systemPackages = with pkgs; [
     # opera
     spotify
-    microsoft-edge
     vscode
     # fonts
     corefonts