mob next [ci-skip] [ci skip] [skip ci]

lastFile:modules/home-manager/emmie/home.nix
2026-01-13 14:17:05 +07:00 · 2026-01-13 13:33:58 +07:00 · 2026-01-13 13:12:34 +07:00 · 2026-01-13 11:45:49 +07:00 · 2026-01-13 11:29:07 +07:00 · 2026-01-13 11:25:39 +07:00
51 changed files with 245 additions and 5721 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -225,11 +225,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1768395095,
-        "narHash": "sha256-ZhuYJbwbZT32QA95tSkXd9zXHcdZj90EzHpEXBMabaw=",
+        "lastModified": 1761656231,
+        "narHash": "sha256-krgZxGAIIIKFJS+UB0l8do3sYUDWJc75M72tepmVMzE=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "13868c071cc73a5e9f610c47d7bb08e5da64fdd5",
+        "rev": "d7f52a7a640bc54c7bb414cca603835bf8dd4b10",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -52,6 +52,7 @@
          ./tests
          ./modules/clan/flake-module.nix
          ./modules/nixos/flake-module.nix
+          ./modules/home-manager/flake-module.nix
        ];
        perSystem =
          { pkgs, system, ... }:
--- a/inventories/default.nix
+++ b/inventories/default.nix
@@ -1,5 +1,4 @@
 {
-  imports = [ ./personal-computer.nix ];
  clan = {
    inventory = {

@@ -12,7 +11,6 @@
        b4l = [
          "rigel"
          "neptune"
-          "rana"
        ];
        phonebox = [
          "neptune"
@@ -23,6 +21,7 @@
          "adhil"
          "buna"
        ];
+        kde-desktop = [ "rana" ];
      };

      instances = {
@@ -56,6 +55,14 @@
          roles.server.tags."nixos" = { };
        };

+        kde = {
+          module = {
+            name = "kde";
+            input = "clan-core";
+          };
+          roles.default.tags."kde-desktop" = { };
+        };
+
        w-network = {
          module = {
            name = "zerotier";
@@ -162,6 +169,13 @@
          };
          roles.default.machines.b4l = { };
        };
+        pingvin = {
+          module = {
+            name = "pingvin";
+            input = "self";
+          };
+          roles.default.machines.b4l = { };
+        };
        paperless = {
          module = {
            name = "paperless";
@@ -227,7 +241,7 @@
                ftdi-sd-spi = { };
                go-go-gadget = { };
                hacking-the-kindle = { };
-                islands = PUBLIC;
+                islands = { };
                kt = { };
                legba = { };
                llb = PUBLIC;
@@ -237,7 +251,7 @@
                navi = { };
                notmuch-memoryhole = PUBLIC;
                pms5003 = { };
-                thinc = PUBLIC;
+                thinc = { };
                toad = { };
                yggdrasil-erlang = { };
              };
--- a/inventories/personal-computer.nix
+++ b/inventories/personal-computer.nix
@@ -1,37 +0,0 @@
-{
-  clan.inventory = {
-    tags = {
-      kde-desktop = [ "rana" ];
-      personal-computer = [ "rana" ];
-    };
-
-    instances = {
-      emmie-home = {
-        module = {
-          name = "home-user";
-          input = "self";
-        };
-        roles.default.settings = {
-          username = "emmie";
-          kbLayout = "us,th";
-          kbOptions = "grp:win_space_toggle,grp:alt_shift_toggle";
-        };
-        roles.default.machines."rana" = { };
-      };
-      personal-computer = {
-        module = {
-          name = "personal-computer";
-          input = "self";
-        };
-        roles.default.tags."personal-computer" = { };
-      };
-      kde = {
-        module = {
-          name = "kde";
-          input = "clan-core";
-        };
-        roles.default.tags."kde-desktop" = { };
-      };
-    };
-  };
-}
--- a/inventory.json
+++ b/inventory.json
@@ -20,9 +20,6 @@
    },
    "buna": {
      "installedAt": 1765343708
-    },
-    "rana": {
-      "installedAt": 1768294839
    }
  }
 }
--- a/machines/b4l/services/nextcloud.nix
+++ b/machines/b4l/services/nextcloud.nix
@@ -19,7 +19,7 @@ in

  services.nextcloud = {
    hostName = ncDomain;
-    package = pkgs.nextcloud32;
+    package = pkgs.nextcloud31;

    settings = {

--- a/machines/b4l/services/pingvin.nix
+++ b/machines/b4l/services/pingvin.nix
@@ -0,0 +1,45 @@
+{
+  pkgs,
+  config,
+  ...
+}:
+let
+  serviceName = "${config.networking.hostName}-pingvin";
+  domain-name = "${
+    config.clan.core.vars.generators."${serviceName}".files.subdomain.value
+  }.${config.networking.fqdn}";
+in
+{
+  clan.core.vars.generators."${serviceName}" = {
+    files = {
+      subdomain.secret = false;
+    };
+    prompts = {
+      subdomain = {
+        persist = true;
+        type = "line";
+        description = "Sub-domain for Pingvin. Default:(share)";
+      };
+    };
+
+    runtimeInputs = [
+      pkgs.xkcdpass
+      pkgs.coreutils
+    ];
+
+    script = ''
+      prompt_domain=$(cat "$prompts"/subdomain)
+      if [[ -n "''${prompt_domain-}" ]]; then
+        echo $prompt_domain | tr -d "\n" > "$out"/subdomain
+      else
+        echo -n "share" > "$out"/subdomain
+      fi
+    '';
+  };
+
+  services.pingvin-share = {
+    nginx.enable = true;
+    https = true;
+    hostname = domain-name;
+  };
+}
--- a/machines/rana/configuration.nix
+++ b/machines/rana/configuration.nix
@@ -2,6 +2,8 @@
 {
  imports = [
    self.nixosModules.common
+    self.nixosModules.personalComputer
+    self.nixosModules."home:emmie"
  ];

  nixpkgs.hostPlatform = {
--- a/machines/rana/disko.nix
+++ b/machines/rana/disko.nix
@@ -1,7 +1,7 @@
 { ... }:
 let
  hashDisk = disk: "os-${builtins.substring 0 5 (builtins.hashString "sha256" disk)}";
-  os = "/dev/disk/by-id/nvme-SAMSUNG_MZVL81T0HFLB-00BLL_S7XKNF0Y966645";
+  os = "/dev/disk/by-id/FIXME";
 in
 {

--- a/machines/rana/facter.json
+++ b/machines/rana/facter.json
--- a/modules/clan/actual-budget/default.nix
+++ b/modules/clan/actual-budget/default.nix
@@ -3,11 +3,9 @@
  _class = "clan.service";
  manifest.name = "actual-budget";
  manifest.description = "A local-first personal finance app ";
-  manifest.readme = "A local-first personal finance app";
  manifest.categories = [ "System" ];

  roles.default = {
-    description = "A default server role.";

    perInstance.nixosModule =
      {
--- a/modules/clan/git-daemon/default.nix
+++ b/modules/clan/git-daemon/default.nix
@@ -3,11 +3,9 @@
  _class = "clan.service";
  manifest.name = "git-daemon";
  manifest.description = "a really simple server for git repositories";
-  manifest.readme = "a really simple server for git repositories";
  manifest.categories = [ "System" ];

  roles.default = {
-    description = "a default server role";
    interface =
      { lib, ... }:
      {
--- a/modules/clan/grafana/default.nix
+++ b/modules/clan/grafana/default.nix
@@ -3,11 +3,9 @@
  _class = "clan.service";
  manifest.name = "grafana";
  manifest.description = "Platform for data analytics and monitoring";
-  manifest.readme = "Platform for data analytics and monitoring";
  manifest.categories = [ "System" ];

  roles.default = {
-    description = "A default server role";

    perInstance.nixosModule =
      {
--- a/modules/clan/home-profiles/flake-module.nix
+++ b/modules/clan/home-profiles/flake-module.nix
@@ -1,6 +0,0 @@
-{ lib, ... }:
-{
-  clan.modules = {
-    home-user = lib.modules.importApply ./home-user { };
-  };
-}
--- a/modules/clan/home-profiles/home-user/default.nix
+++ b/modules/clan/home-profiles/home-user/default.nix
@@ -1,64 +0,0 @@
-{ ... }:
-{
-  _class = "clan.service";
-  manifest.name = "common-user-home-manager";
-  manifest.description = "General users' home-manager profile generator";
-  manifest.readme = "General users' home-manager profile generator";
-  manifest.categories = [ "System" ];
-
-  roles.default = {
-    description = "a default role for the user";
-    interface =
-      { lib, ... }:
-      {
-        options = {
-          username = lib.mkOption {
-            type = lib.types.str;
-          };
-          kbLayout = lib.mkOption {
-            type = lib.types.str;
-            default = "us";
-          };
-          kbOptions = lib.mkOption {
-            type = lib.types.str;
-            default = "grp:win_space_toggle";
-          };
-        };
-      };
-    perInstance =
-      { settings, ... }:
-      {
-        nixosModule =
-          { inputs, ... }:
-          let
-            username = settings.username;
-          in
-          {
-            imports = [ inputs.home-manager.nixosModules.home-manager ];
-
-            users.users.${username} = {
-              initialPassword = "";
-              isNormalUser = true;
-              extraGroups = [
-                "audio"
-                "video"
-                "networkmanager"
-              ];
-            };
-
-            services.xserver = {
-              enable = true;
-              xkb.layout = settings.kbLayout;
-              xkb.options = settings.kbOptions;
-            };
-
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
-            home-manager.users.${username} = ./home.nix;
-            home-manager.extraSpecialArgs = {
-              inherit inputs username;
-            };
-          };
-      };
-  };
-}
--- a/modules/clan/jukebox/default.nix
+++ b/modules/clan/jukebox/default.nix
@@ -3,11 +3,9 @@
  _class = "clan.service";
  manifest.name = "jukebox";
  manifest.description = "mpd server, library on removable disks";
-  manifest.readme = "mpd server, library on removable disks";
  manifest.categories = [ "System" ];

  roles.default = {
-    description = "a default server role";
    interface =
      { lib, ... }:
      {
@@ -113,22 +111,19 @@

            services.mpd = {
              enable = true;
-              openFirewall = true;
-              settings = {
-                bind_to_address = "any";
-                music_directory = settings.baseDir;
-                audio_output = [
-                  {
-                    type = "pulse";
-                    name = "jukebox";
-                    server = "localhost";
+              musicDirectory = settings.baseDir;
+              network.listenAddress = "any";
+              extraConfig = ''
+                audio_output {
+                  type "pulse"
+                  name "jukebox"
+                  server "localhost"
                }
-                ];
-              };
+              '';
            };

            networking.firewall.interfaces = lib.genAttrs settings.binds (_: {
-              allowedTCPPorts = [ config.services.mpd.settings.port ];
+              allowedTCPPorts = [ config.services.mpd.network.port ];
            });

            environment.systemPackages = [ pkgs.mpc ];
--- a/modules/clan/nextcloud/default.nix
+++ b/modules/clan/nextcloud/default.nix
@@ -3,11 +3,9 @@
  _class = "clan.service";
  manifest.name = "nextcloud";
  manifest.description = "Nextcloud server, a safe home for all your data";
-  manifest.readme = "Nextcloud server, a safe home for all your data";
  manifest.categories = [ "System" ];

  roles.default = {
-    description = "a default server role";

    perInstance.nixosModule =
      {
--- a/modules/clan/paperless/default.nix
+++ b/modules/clan/paperless/default.nix
@@ -3,11 +3,9 @@
  _class = "clan.service";
  manifest.name = "paperless";
  manifest.description = "A community-supported supercharged document management system: scan, index and archive all your documents";
-  manifest.readme = "A community-supported supercharged document management system: scan, index and archive all your documents";
  manifest.categories = [ "System" ];

  roles.default = {
-    description = "a default server role";

    perInstance.nixosModule =
      {
--- a/modules/clan/personal-computer/automatic-timezone.nix
+++ b/modules/clan/personal-computer/automatic-timezone.nix
@@ -1,8 +0,0 @@
-{ lib, ... }:
-{
-  services.automatic-timezoned.enable = true;
-  services.geoclue2 = {
-    enableDemoAgent = lib.mkForce true;
-    geoProviderUrl = "https://beacondb.net/v1/geolocate";
-  };
-}
--- a/modules/clan/personal-computer/default.nix
+++ b/modules/clan/personal-computer/default.nix
@@ -1,21 +0,0 @@
-{ ... }:
-{
-  _class = "clan.service";
-  manifest.name = "personal-computer";
-  manifest.description = "A service for configuring personal computer such as printing, automatic-timezone, etc.";
-  manifest.readme = "A service for configuring personal computer such as printing, automatic-timezone, etc.";
-  manifest.categories = [ "System" ];
-
-  roles.default = {
-    description = "an only one default role";
-    perInstance.nixosModule =
-      { inputs, lib, ... }:
-      {
-        imports = [
-          (inputs.import-tree.initFilter (
-            p: !lib.hasSuffix "default.nix" p && !lib.hasSuffix "flake-module.nix" p
-          ) ./.)
-        ];
-      };
-  };
-}
--- a/modules/clan/personal-computer/desktop-environment.nix
+++ b/modules/clan/personal-computer/desktop-environment.nix
@@ -1,4 +0,0 @@
-{ config, ... }:
-{
-  security.pam.services."sddm".kwallet.enable = config.services.desktopManager.plasma6.enable;
-}
--- a/modules/clan/personal-computer/flake-module.nix
+++ b/modules/clan/personal-computer/flake-module.nix
@@ -1,6 +0,0 @@
-{ lib, ... }:
-{
-  clan.modules = {
-    personal-computer = lib.modules.importApply ./default.nix { };
-  };
-}
--- a/modules/clan/personal-computer/libinput.nix
+++ b/modules/clan/personal-computer/libinput.nix
@@ -1,11 +0,0 @@
-{
-  services = {
-    libinput = {
-      enable = true;
-      touchpad = {
-        disableWhileTyping = true;
-        naturalScrolling = true;
-      };
-    };
-  };
-}
--- a/modules/clan/personal-computer/users.nix
+++ b/modules/clan/personal-computer/users.nix
@@ -1,11 +0,0 @@
-{ lib, ... }:
-{
-  users.mutableUsers = lib.mkForce true;
-  security.polkit.extraConfig = ''
-    polkit.addRule(function(action, subject) {
-      if ((action.id == "org.freedesktop.accounts.change-own-password")) {
-        return polkit.Result.AUTH_SELF;
-      }
-    });
-  '';
-}
--- a/modules/clan/personal-computer/wireless.nix
+++ b/modules/clan/personal-computer/wireless.nix
@@ -1,4 +0,0 @@
-{
-  networking.networkmanager.enable = true;
-  hardware.bluetooth.enable = true;
-}
--- a/modules/clan/phonebox/default.nix
+++ b/modules/clan/phonebox/default.nix
@@ -5,12 +5,10 @@
 {
  _class = "clan.service";
  manifest.name = "phonebox";
-  manifest.description = "A peer to peer phone relay network built on top of yggdrasil.";
-  manifest.readme = "A peer to peer phone relay network built on top of yggdrasil.";
+  manifest.description = "";
  manifest.categories = [ "System" ];

  roles.default = {
-    description = "a default server role";
    interface =
      { lib, ... }:
      {
--- a/modules/clan/pingvin/default.nix
+++ b/modules/clan/pingvin/default.nix
@@ -0,0 +1,23 @@
+{ ... }:
+{
+  _class = "clan.service";
+  manifest.name = "pingvin";
+  manifest.description = "A self-hosted file sharing platform that combines lightness and beauty, perfect for seamless and efficient file sharing.";
+  manifest.categories = [ "System" ];
+
+  roles.default = {
+
+    perInstance.nixosModule =
+      {
+        config,
+        ...
+      }:
+      {
+        services.pingvin-share = {
+          enable = true;
+        };
+
+        clan.core.state.pingvin-share.folders = [ config.services.pingvin-share.dataDir ];
+      };
+  };
+}
--- a/modules/clan/pingvin/flake-module.nix
+++ b/modules/clan/pingvin/flake-module.nix
@@ -0,0 +1,19 @@
+{ lib, ... }:
+let
+  module = lib.modules.importApply ./default.nix { };
+in
+{
+  clan.modules = {
+    pingvin = module;
+  };
+
+  perSystem =
+    { ... }:
+    {
+      clan.nixosTests.service-pingvin = {
+        imports = [ ./tests/vm/default.nix ];
+
+        clan.modules."@clan/pingvin" = module;
+      };
+    };
+}
--- a/modules/clan/pingvin/tests/vm/default.nix
+++ b/modules/clan/pingvin/tests/vm/default.nix
@@ -0,0 +1,42 @@
+{
+  ...
+}:
+{
+  name = "service-pingvin";
+
+  clan = {
+    directory = ./.;
+    inventory = {
+      machines.server = { };
+
+      instances = {
+        pingvin-test = {
+          module.name = "@clan/pingvin";
+          module.input = "self";
+          roles.default.machines."server".settings = { };
+        };
+      };
+    };
+  };
+
+  nodes = {
+    server = {
+      services.pingvin-share = {
+        hostname = "share.localhost";
+        frontend.port = 3000;
+        backend.port = 8000;
+      };
+    };
+  };
+
+  testScript = ''
+    start_all()
+
+    server.wait_for_unit("pingvin-share-frontend")
+
+    server.succeed("systemctl status pingvin-share-frontend")
+    server.wait_for_open_port(3000)
+    server.wait_for_open_port(8000)
+    server.succeed("curl -H \"Host: share.localhost\" http://127.0.0.1:3000 ")
+  '';
+}
--- a/modules/clan/pocket-id/default.nix
+++ b/modules/clan/pocket-id/default.nix
@@ -3,11 +3,9 @@
  _class = "clan.service";
  manifest.name = "pocket-id";
  manifest.description = "A simple and easy-to-use OIDC provider that allows users to authenticate with their passkeys to your services.";
-  manifest.readme = "A simple and easy-to-use OIDC provider that allows users to authenticate with their passkeys to your services.";
  manifest.categories = [ "System" ];

  roles.default = {
-    description = "a default server role";

    perInstance.nixosModule =
      {
--- a/modules/clan/pulse-stream/default.nix
+++ b/modules/clan/pulse-stream/default.nix
@@ -3,11 +3,9 @@
  _class = "clan.service";
  manifest.name = "pulse-stream";
  manifest.description = "stream audio to attached speakers";
-  manifest.readme = "stream audio to attached speakers";
  manifest.categories = [ "System" ];

  roles.default = {
-    description = "a default role";
    interface =
      { lib, ... }:
      {
--- a/modules/clan/stirling-pdf/default.nix
+++ b/modules/clan/stirling-pdf/default.nix
@@ -3,11 +3,9 @@
  _class = "clan.service";
  manifest.name = "stirling-pdf";
  manifest.description = "Your locally hosted one-stop-shop for all your PDF needs.";
-  manifest.readme = "Your locally hosted one-stop-shop for all your PDF needs.";
  manifest.categories = [ "System" ];

  roles.default = {
-    description = "a default server role";
    perInstance.nixosModule =
      {
        lib,
--- a/modules/clan/victoriametrics/default.nix
+++ b/modules/clan/victoriametrics/default.nix
@@ -3,11 +3,9 @@
  _class = "clan.service";
  manifest.name = "Victoria Metrics";
  manifest.description = "VictoriaMetrics: fast, cost-effective monitoring solution and time series database";
-  manifest.readme = "VictoriaMetrics: fast, cost-effective monitoring solution and time series database";
  manifest.categories = [ "System" ];

  roles.default = {
-    description = "a default server role";
    perInstance.nixosModule =
      {
        config,
--- a/modules/clan/vikunja/default.nix
+++ b/modules/clan/vikunja/default.nix
@@ -3,11 +3,9 @@
  _class = "clan.service";
  manifest.name = "vikunja";
  manifest.description = "The to-do app to organize your life.";
-  manifest.readme = "The to-do app to organize your life.";
  manifest.categories = [ "System" ];

  roles.default = {
-    description = "a default server role";
    perInstance.nixosModule =
      {
        lib,
--- a/modules/clan/yggdrasil/default.nix
+++ b/modules/clan/yggdrasil/default.nix
@@ -3,11 +3,9 @@
  _class = "clan.service";
  manifest.name = "yggdrasil";
  manifest.description = "An in scalable routing as an encrypted IPv6 overlay network";
-  manifest.readme = "An in scalable routing as an encrypted IPv6 overlay network";
  manifest.categories = [ "System" ];

  roles.default = {
-    description = "a default peer role";
    perInstance.nixosModule =
      {
        lib,
--- a/modules/home-manager/emmie/default.nix
+++ b/modules/home-manager/emmie/default.nix
@@ -0,0 +1,27 @@
+{
+  inputs,
+  ...
+}:
+let
+  username = "emmie";
+in
+{
+  imports = [ inputs.home-manager.nixosModules.home-manager ];
+
+  users.users.${username} = {
+    initialPassword = "";
+    isNormalUser = true;
+    extraGroups = [
+      "audio"
+      "video"
+      "networkmanager"
+    ];
+  };
+
+  home-manager.useGlobalPkgs = true;
+  home-manager.useUserPackages = true;
+  home-manager.users.${username} = ./home.nix;
+  home-manager.extraSpecialArgs = {
+    inherit inputs;
+  };
+}
--- a/modules/clan/home-profiles/home-user/home.nix
+++ b/modules/clan/home-profiles/home-user/home.nix
@@ -2,14 +2,21 @@
  osConfig,
  pkgs,
  lib,
-  username,
  ...
 }:
+let
+  username = "emmie";
+in
 {
  home = {
    inherit username;
    homeDirectory = lib.mkForce "/home/${username}";
    stateVersion = osConfig.system.stateVersion;
+    keyboard.layout = "us,th";
+    keyboard.options = [
+      "grp:win_space_toggle"
+      "grp:alt_shift_toggle"
+    ];
    packages = with pkgs; [
      libreoffice
      element-desktop
@@ -17,7 +24,6 @@
      firefox
      keepassxc
      vlc
-      thunderbird
    ];
  };
  programs.home-manager.enable = true;
--- a/modules/home-manager/flake-module.nix
+++ b/modules/home-manager/flake-module.nix
@@ -0,0 +1,7 @@
+{
+  flake.nixosModules = {
+    "home:emmie" = {
+      imports = [ ./emmie ];
+    };
+  };
+}
--- a/modules/nixos/flake-module.nix
+++ b/modules/nixos/flake-module.nix
@@ -3,6 +3,9 @@
    common = {
      imports = [ ./common.nix ];
    };
+    personalComputer = {
+      imports = [ ./personal-computer ];
+    };
    think-gtcm = {
      imports = [ ./think-gtcm.nix ];
    };
--- a/modules/nixos/personal-computer/default.nix
+++ b/modules/nixos/personal-computer/default.nix
@@ -0,0 +1,6 @@
+{ inputs, lib, ... }:
+{
+  imports = [
+    (inputs.import-tree.initFilter (p: !lib.hasSuffix "default.nix" p) ./.)
+  ];
+}
--- a/modules/nixos/personal-computer/printing.nix
+++ b/modules/nixos/personal-computer/printing.nix
@@ -13,13 +13,6 @@ let
  polkitAllowGroups = builtins.concatStringsSep "||" (
    builtins.map (group: ''subject.isInGroup("${group}")'') allowManageGroups
  );
-
-  printerMember = lib.map (user: user.name) (
-    lib.attrsets.attrsToList (
-      lib.attrsets.filterAttrs (name: value: value.isNormalUser) config.users.users
-    )
-  );
-
 in
 {
  services.printing = {
@@ -55,8 +48,22 @@ in
    enable = true;
  };

-  users.groups.lpadmin.members = printerMember;
-  users.groups.lp.members = printerMember;
-  users.groups.scanner.members = printerMember;
+  users.groups.lpadmin.members = lib.pipe config.users.users [
+    (lib.attrsets.filterAttrs (name: value: value.isNormalUser))
+    (lib.attrsets.attrsToList)
+    (lib.map (user: user.name))
+  ];
+
+  users.groups.lp.members = lib.pipe config.users.users [
+    (lib.attrsets.filterAttrs (name: value: value.isNormalUser))
+    (lib.attrsets.attrsToList)
+    (lib.map (user: user.name))
+  ];
+
+  users.groups.scanner.members = lib.map (user: user.name) (
+    lib.attrsets.attrsToList (
+      lib.attrsets.filterAttrs (name: value: value.isNormalUser) config.users.users
+    )
+  );

 }
--- a/modules/nixos/personal-computer/users.nix
+++ b/modules/nixos/personal-computer/users.nix
@@ -0,0 +1,4 @@
+{ lib, ... }:
+{
+  users.mutableUsers = lib.mkForce true;
+}
--- a/modules/nixos/think-backend-gtcm.nix
+++ b/modules/nixos/think-backend-gtcm.nix
@@ -57,7 +57,7 @@ in
    dataDir = lib.mkOption {
      type = lib.types.path;
      default = "/var/lib/think-backend.greaterchiangmai.com";
-      description = "A place where to store states";
+      description = ''A place where to store states'';
    };

    user = lib.mkOption {
@@ -263,7 +263,6 @@ in
          # migrate & seed db
          ${lib.getExe php} artisan key:generate --force
          ${lib.getExe php} artisan migrate --force
-          ${lib.getExe php} artisan storage:link
          ${lib.getExe php} artisan config:cache
        '';
    };
@@ -271,8 +270,8 @@ in
    systemd.tmpfiles.rules = [
      "d ${cfg.dataDir}                            0710 ${cfg.user} ${cfg.group} - -"
      "d ${cfg.dataDir}/cache                      0700 ${cfg.user} ${cfg.group} - -"
-      "d ${cfg.dataDir}/public                     0755 ${cfg.user} ${cfg.group} - -"
-      "d ${cfg.dataDir}/public/uploads             0755 ${cfg.user} ${cfg.group} - -"
+      "d ${cfg.dataDir}/public                     0750 ${cfg.user} ${cfg.group} - -"
+      "d ${cfg.dataDir}/public/uploads             0750 ${cfg.user} ${cfg.group} - -"
      "d ${cfg.dataDir}/storage                    0700 ${cfg.user} ${cfg.group} - -"
      "d ${cfg.dataDir}/storage/app                0700 ${cfg.user} ${cfg.group} - -"
      "d ${cfg.dataDir}/storage/fonts              0700 ${cfg.user} ${cfg.group} - -"
@@ -305,16 +304,6 @@ in
            index = "index.php";
            tryFiles = "$uri $uri/ /index.php?$query_string";
          };
-          "/uploads" = {
-            root = "${cfg.dataDir}/public/uploads";
-            index = "index.php index.html";
-            tryFiles = "$uri $uri/ /index.php";
-          };
-          "/storage" = {
-            root = "${cfg.dataDir}/public/storage";
-            index = "index.php index.html";
-            tryFiles = "$uri $uri/ /index.php";
-          };
          "~ \\.php$".extraConfig = ''
            fastcgi_pass unix:${config.services.phpfpm.pools."think-backend-gtcm".socket};
          '';
--- a/modules/nixos/think-gtcm.nix
+++ b/modules/nixos/think-gtcm.nix
@@ -33,7 +33,7 @@ in
    dataDir = lib.mkOption {
      type = lib.types.path;
      default = "/var/lib/think.greaterchiangmai.com";
-      description = "A place where to store states";
+      description = ''A place where to store states'';
    };

    user = lib.mkOption {
@@ -228,7 +228,6 @@ in
          # migrate & seed db
          ${lib.getExe php} artisan key:generate --force
          ${lib.getExe php} artisan migrate --force
-          ${lib.getExe php} artisan storage:link
          ${lib.getExe php} artisan config:cache
        '';
    };
@@ -268,16 +267,7 @@ in
            index = "index.php";
            tryFiles = "$uri $uri/ /index.php?$query_string";
          };
-          "/uploads" = {
-            root = "${cfg.dataDir}/public/uploads";
-            index = "index.php index.html";
-            tryFiles = "$uri $uri/ /index.php";
-          };
-          "/storage" = {
-            root = "${cfg.dataDir}/public/storage";
-            index = "index.php index.html";
-            tryFiles = "$uri $uri/ /index.php";
-          };
+
          "~ \\.php$".extraConfig = ''
            fastcgi_pass unix:${config.services.phpfpm.pools."think-gtcm".socket};
          '';
--- a/pkgs/think-backend-gtcm.nix
+++ b/pkgs/think-backend-gtcm.nix
@@ -21,16 +21,12 @@ php.buildComposerProject2 (finalAttrs: {
    runHook preInstall
    mkdir -p $out
    cp -R * $out
-
    rm -rf $out/storage
-
    ln -s ${dataDir}/.env $out/.env
    ln -s ${dataDir}/storage $out/storage
-    ln -s ${dataDir}/public/storage $out/public/storage
-    ln -s ${dataDir}/public/uploads $out/public/uploads
    runHook postInstall
  '';

  composerStrictValidation = false;
-  vendorHash = "sha256-wGfbprSDULBje1s5y3+ZiU/nCwYGDEULobZzyzGZ9bQ=";
+  vendorHash = "sha256-eXm1x3E9KHWojaT2RU4inMdZqQVcWdLCKlvzhOlIZrc=";
 })
--- a/pkgs/think-gtcm.nix
+++ b/pkgs/think-gtcm.nix
@@ -21,16 +21,12 @@ php.buildComposerProject2 (finalAttrs: {
    runHook preInstall
    mkdir -p $out
    cp -R * $out
-
    rm -rf $out/storage
-
    ln -s ${dataDir}/.env $out/.env
    ln -s ${dataDir}/storage $out/storage
-    ln -s ${dataDir}/public/storage $out/public/storage
-    ln -s ${dataDir}/public/uploads $out/public/uploads
    runHook postInstall
  '';

  composerStrictValidation = false;
-  vendorHash = "sha256-b8+AKUmjQiOdV8UC9GYfJzAHFs9+FRSH91YsxKt0rDA=";
+  vendorHash = "sha256-QV3hR3U3GwCqrCRxfkazmJwDpO1vFyMfA6YqUb4bjMI=";
 })
--- a/vars/per-machine/rana/zerotier/zerotier-identity-secret/groups/admins
+++ b/vars/per-machine/rana/zerotier/zerotier-identity-secret/groups/admins
@@ -1 +0,0 @@
-../../../../../../sops/groups/admins
--- a/vars/per-machine/rana/zerotier/zerotier-identity-secret/machines/rana
+++ b/vars/per-machine/rana/zerotier/zerotier-identity-secret/machines/rana
@@ -1 +0,0 @@
-../../../../../../sops/machines/rana
--- a/vars/per-machine/rana/zerotier/zerotier-identity-secret/secret
+++ b/vars/per-machine/rana/zerotier/zerotier-identity-secret/secret
@@ -1,50 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:yUOVTbLI7vWM1K4pnC+bqK3K0TBj/nC/v9bh/QUBnoIaHrC8YtiVpEYqUOohkxc8DghoYHNcDrR26Qulr3SI85+t9krBJ6B2JkxTNBNKL0cpttE49OH+/maWPRw7Lf8YznX9sBFAd6p7bRYDaIBu0HP9R3exsqYwmd+FnyaKhSssdji+PCAydeQBSbLhTHYSAGKJtNw9UrfM3igzImemvBZXV8qa57nf3Qi67a/d6gbdjaV6fwVPuI0z6pUd45T+kXI7hOChASyNxTQEbQavzM58MuPpIToy68Peu4efiiBMrUmYgaTXQw8Av6+C+1dGgZqyXKxHEeYR8YuWWCCCJpJBWb4K2dVIBZDGQJeq,iv:+PASIqOP9Kl9nCjqzafM7FMlrdWuAM02ouiUPU5/sog=,tag:mpgdImbYgzia9io/vkWonQ==,type:str]",
-	"sops": {
-		"age": [
-			{
-				"recipient": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjam5Ia0J3Yjl1bGNyUUhx\nZFplK3JPb3ZaMEZqd3JsTlRhNXVUZktCTTNzCndoL2U4Q1BJem0reWZRNElwTGp4\nQ2d6eWk4eHZEN01nMUFqR3ZxRFhlOFkKLS0tIEVkUUNmQXBsVWFJWEJWc01UUHhL\nWWlGYmY4VTlKbm1jWG4rSWoxbU02ZWMKa2m8hH3nxWb1oiV+Ts2KJgtEBAAMv5gk\nN+2vFxndrfseu28kTKKMiAh56P0pfdiF/GS0WIdP4tigTby4FgE21Q==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age14l00770djurg4uycw5988nklpeha2wxy35t5jx7x8yp2d6uv7y6s47nskp",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdmlYdEJWOE91RWxqYTBO\nNGVzMGpjS2c4dG9SQVl2M201U1N1K01wTGxvCjQ1QVM3QlJiNGx0YTFaTHptL1hv\nc0lqMUJtNmJWbm9NVlNudFNZTUZ2R00KLS0tIGRxYzhHOWlFWExybTkrTkZORk5i\nZ1pEQ0tzblRmZ1MyZjVsbk9LZ2xmK1UKyHViPWllmDqKNoNpnyvUhJXGKOkDPO6H\nFBcLgokBal7Qb/2uRZ5LAYGZP1RleVANZYmx1dtRBmyLOGcjoA9jyw==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3SDk0YUNVZ3htQkxrM0Z2\nK2Y4dTJqY1RBRDRycldTTTBLU3FJV3BWb1c4CmczNE1WNkRyaTMva1BJZm1jMkIz\nS2ZudWRJTXJ4VlIxd0xQcHhISm9wTnMKLS0tIFpFUHE4MDdoNWx1Ty9JS01rNmtj\nSTFaaU1sdGJpV1EwQmFBelhoTGw3MncKk8fHdw1hhJ4s3/p9X6/K3RBL0o/0/Vlo\nXnWiowpLI6oR+EHKZ2wQPVIwYPqEr5RiavupNBVdJQfJwO2k1Gk+2Q==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1fido2-hmac1qqpf43tgcfjm048lsqskvq34w2t4uvrm5qy6m2eg6zjj82ctca8wctgpczxvj0q4y6337uhvsxdh5j86k9h9ymautpvv2759ucwnef75ez7pa7fpkddklp40mxk2tedsp74359g0kefn5rsq0x0yss6cu4yd0h06up0rp08t6yc4l0hfa9y8jn5fkx6nk0hjhz06ykwv0fyxe7z42q683jy0",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIEF1ZmhOUlhX\ncU5seXJyTzJYbzFVYjNERlZJSDcrOHA0QUc3UENTT0t5RU0gQVEgd0l6SlBCVW1v\neDl5N0lHYmVrajZzVzVTYjd4WVdNVjZoZVlkUEtmVXlMdyBIdmtoczF0dmhxL1py\nS1hsc0ErckdoVVB0bE02RGdCNW5raERXT1ZJMTkzNjRGNHd2T3ZSTVYrKzZlbEll\nVTZKc2JVN1B2SzRuNkpaekhwSWJQaFZVQQowQzVOc3Z0YWlHMzZRQlU2c1VSQURH\nRDJ1ejMwbW5MUVdSOW9FR2YrR2h3Ci0tLSBxNWRaM05BQVlvR1RUbWk1TjB5YjFL\nZ3JCS1JCaGFMV0g3alJLZkNMWnBvCo+PJk9XFaKbl5qsxVBCqPt4FIOgvgMinmAE\nha9wnYuIOseXxA2f9XJ78C/4OuDlcXhLpq6N9nYHe9BaJ6DgNzw=\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1fido2-hmac1qqprw0vfpc8wzsu78quc777kmee54ln6nnsjrnrhl7nr33eh4kvkksqp05qqxj4kgfzrmrugrsvg7skx6ghh3q9xc0x0agthtkvy25d9eq7eklta5wf7s30hexkuyl5546rdz9ffa5tawlp5yweqkgccntw0ny540n2am3cqw3luhxkfmrp63kwr6mwplhr9u26wll48x0n3k5f60c7hg9a3",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIFRWQXVBS2Iz\nNEVrRmxHRmc2b2llNzVvTVRxZjB5Q0h2WlgzVi9HendjaGMgQVEgZlFBRFNyWkNS\nRDJQaUJ3WWowTEcwaTk0Z0tiRHpQNmhkMTJZUlZHbHlEMCBtMzE5bzVQb1JmZkpy\nY0orbEs2RzBSVXA3UmZYZkRRanNnc2pHSnJjK1pLVmZOWGR4d0IwZjh1YXlkakRx\nTm5EMXR3ZjNHWGl0Ty8rcHpQbkcxRTZmZwpmd2Z5T1Y4VnZnN2ZnV3lDdURPaHRs\nZk5jWmF3Nk5qNHhpcEpwN2dtZ2JnCi0tLSBNa0RvNWdOc0JqSENTV2dGY3lkTndD\ncjdKOFczVFlOYWNRSDVwem1xQ3M4Cr6kGSazPYHLFFkAkepxpZ+hlA4vuZCzTl2q\npuoaAsqxDyFrywxCQTXALRr3bZoq7URuWEZQQryPUg6KWpz32aU=\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1fido2-hmac1qqpyewum3q8dfcumfgec8nn958aec9f4q9aqy0k06kw5kq27d6fdqdgp0p7y4ru3n5xk90u747xevxa2af3v37e85j9g3axrmw5hdwdfh0wz22hut5vrafxsx26a7vh8fjwkymz3ramfgvvu4detztu075kmpr8l9ydqda0rnjwatdwmfgswg849p37astvld98s3nleeq575azlwc2hhpuh",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIGI0aHBlRmd0\nSEMyWmRvSkl0RFREeGw3bW1DMnQ0RWZTQ3MvUmdER3dYeWsgQVEgZUh4S2o1R2RE\nV0svbnErTmxodXE2bUxJK3lla2lvajB3OXVwZHJtcHU5dyBKU3I4WFJnK3BOQXl0\nZDh5NTB5ZFlteFJIM2FVTVp5cmNyRXZqL1V0c0l6L0tSb0c5ZU9jbmRXMTIwb2c1\nQjZsREgzWUxaOXBUd2pQK2NncDZuUmZkZwpTaXNjQUxUalkrNUIwenBrZnJzR1hD\nU1VwYkduWHRCUFExOFZsTXp5Q2V3Ci0tLSBteTdwYXpvSWQ1RUVrV1drMTVOSXRS\neHh6V2NSUUpBc1U4Qy92eXZseS8wCj9ILLyLzFDZcHfaLUB6H39/FKIHNp3hF3Ov\nxre6zPI7kuSqVuxnstzmyVakBUlHSyMSWhd4RPme0w67RPr17PY=\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBneHZoNHhNb1JHdjVnS1pM\nK05GYWJ1K1RCK290TzJ4b0dMWlNSY0QzMmdJCng4VnZDcHpoUkVBeFlFZ3Eydmp3\nU0JHZStmTWppejBvOWxNOHAybHFrMkkKLS0tIHdWWkFhOVpVeTJRNVNiS2hPU3hm\nM3EzeklYMXZkQnFMK3cwNFRCSlRHaDgKK1k/C0v+u0iezcRo1JPt+2Edx0uyohXV\nKKXqG4zgksh6Cbw0si6pKawgxafjzjrYJwo96jNz1YDBfDLpAUC6xg==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtQU9IbHpXUWlOTE9NYmNW\nUFRYTUQwcnp4QTl0MDBMVFI3Y3duWkxUQ3hBCkkvVnBRV3ZQam9CUnpmTmJ1NFh6\nRi9zRHlNMHo0Y21wRHZOMW5UcDBTQ2cKLS0tIGNYMUQ4VWp3RytCaDhwbUpudElL\nU2NQWVlvZno4V29iOGliczhmLzdzYm8KNzGmyLLVO3A0H940KntObPdBGw/lZA1t\nF9bV1txctvZf+QHfbgUdFwuF4MORVjo0fCRRjjw5kqNUHosStHTynw==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRY1FIMVFjZmg1V1RBblNM\nVlhlTWJlS0ZzS3J4MW1BNGNrWGRkemJVMkRBCk5HRktxaVk2d1ExYzNGMWR4ak5N\nR2lrQlVBcEVjUGRVNGJnSlJSSkdEcmsKLS0tIHVRbmlrbUFwUWQ1ZUx2VHNmYWpV\nM3czbXRZWW1GQ0VJSUhlSUhkeExjelUKymIxMBBlD67h4u518h0/7sarJtNowkD/\nE9ThbqRkCWt/JxGEykQnl4WYWlNX45N/vT1llEeVJmd9oOncHBY+qQ==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3aHljai9FK1YrWmdTelEw\nTkhQT1hpbkRDYkE3SzdxbDVYQWxkMndWZGlJCm1reGVuMytaYkhPSUdUNHpZR2ZW\nK2tFSEp4THhqRG5SOUwxOFZDSU5kbWcKLS0tIEhhVUlCQTZnOVRPU2xkQk5obGph\nb0dBMldUNlI5cmpDZlV4UTR0eDdmN2sKjvTgRnn6afEdL1mHbWbJwfR/AKWhJ/rC\nbSPW5q5rtqbVYq1gpufPUZK+/KUzhhaT+YfhEZrYMYpknbzdArqQ3Q==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2026-01-15T02:33:50Z",
-		"mac": "ENC[AES256_GCM,data:Wb1zaCFrFFy4+REhmA8OSRETqQLLAzKZyVomsvUCxHihTJ08reMpbg9oreN9FoMcRMmB2TgtnLGnZ4I2ogvnytzbdTNfknmmoT0JWJCxKRV2XdR61UXRJeUT2v6wm528aZmKrqt2QhArec7+h04zWD8WGUQsYHFrq0Ho2OFDO8A=,iv:r1nmy5OvuThlcz+nJc9wg4Lnl3PjP34FreK+y+f6Bjw=,tag:qxhUn7PFykKoB710u0vB5g==,type:str]",
-		"version": "3.11.0"
-	}
-}
--- a/vars/per-machine/rana/zerotier/zerotier-identity-secret/users/kurogeek
+++ b/vars/per-machine/rana/zerotier/zerotier-identity-secret/users/kurogeek
@@ -1 +0,0 @@
-../../../../../../sops/users/kurogeek
--- a/vars/per-machine/rana/zerotier/zerotier-ip/value
+++ b/vars/per-machine/rana/zerotier/zerotier-ip/value
@@ -1 +0,0 @@
-fd79:fada:fbe9:8c5d:d899:93c1:e7fc:2733
Author	SHA1	Message	Date
kurogeek	72d75f169a	mob next [ci-skip] [ci skip] [skip ci] lastFile:modules/home-manager/emmie/home.nix	2026-01-13 14:17:05 +07:00
kurogeek	a0a2771bab	mob next [ci-skip] [ci skip] [skip ci] lastFile:inventories/default.nix	2026-01-13 13:33:58 +07:00
kurogeek	9f198561e8	mob next [ci-skip] [ci skip] [skip ci] lastFile:modules/nixos/personal-computer/users.nix	2026-01-13 13:12:34 +07:00
kurogeek	c7c353180e	mob next [ci-skip] [ci skip] [skip ci] lastFile:modules/nixos/personal-computer/printing.nix	2026-01-13 11:45:49 +07:00
kurogeek	d271686e90	mob next [ci-skip] [ci skip] [skip ci] lastFile:machines/rana/configuration.nix	2026-01-13 11:29:07 +07:00
kurogeek	395c17822d	mob next [ci-skip] [ci skip] [skip ci] lastFile:machines/rana/configuration.nix	2026-01-13 11:25:39 +07:00
kurogeek	77499682da	mob next [ci-skip] [ci skip] [skip ci] lastFile:modules/clan/home-manager-users/emmie/home.nix	2026-01-13 09:29:29 +07:00
kurogeek	841bc59190	mob next [ci-skip] [ci skip] [skip ci] lastFile:inventories/default.nix	2026-01-12 17:56:14 +07:00
kurogeek	3bf4fa6772	mob next [ci-skip] [ci skip] [skip ci] lastFile:inventories/default.nix	2026-01-12 17:54:00 +07:00
kurogeek	3d14ae1bcf	Update vars via generator tor_tor for machine rana	2026-01-12 17:53:57 +07:00
kurogeek	5f7aae7f41	Update vars via generator state-version for machine rana	2026-01-12 17:53:55 +07:00
kurogeek	5d3758e132	Update vars via generator root-password for machine rana	2026-01-12 17:53:55 +07:00
kurogeek	15331dcfd5	Update vars via generator openssh for machine rana	2026-01-12 17:53:54 +07:00
kurogeek	1a59f89f50	Add machine rana to secrets	2026-01-12 17:53:54 +07:00
kurogeek	f8174d4186	Update secret rana-age.key	2026-01-12 17:53:54 +07:00
kurogeek	32b01c84db	mob next [ci-skip] [ci skip] [skip ci] lastFile:inventories/default.nix	2026-01-12 17:43:05 +07:00
kurogeek	8982b61d79	mob next [ci-skip] [ci skip] [skip ci] lastFile:machines/rana/configuration.nix	2026-01-12 17:17:23 +07:00
kurogeek	7b48370a1c	mob next [ci-skip] [ci skip] [skip ci] lastFile:modules/clan/home-manager-users/emmie/home.nix	2026-01-12 16:54:10 +07:00
kurogeek	96811a2ac8	mob next [ci-skip] [ci skip] [skip ci] lastFile:flake.lock	2026-01-12 14:47:18 +07:00