about summary refs log tree commit diff
path: root/modules
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2022-11-10 14:19:19 +0300
committerAzat Bahawi <azat@bahawi.net>2022-11-10 14:19:19 +0300
commit164b2b3f693dd5da3c1b1661e43c45b36a6b764c (patch)
tree2fc9a4ab1d3b44a3eb6d686b42527a18411c240b /modules
parent2022-10-26 (diff)
2022-11-10
Diffstat (limited to '')
-rw-r--r--modules/nixfiles/alertmanager.nix4
-rw-r--r--modules/nixfiles/aria2.nix49
-rw-r--r--modules/nixfiles/beets.nix2
-rw-r--r--modules/nixfiles/common/networking.nix92
-rw-r--r--modules/nixfiles/common/nix/default.nix26
-rw-r--r--modules/nixfiles/common/shell/default.nix2
-rw-r--r--modules/nixfiles/emacs/default.nix16
-rw-r--r--modules/nixfiles/emacs/doom/config.el6
-rw-r--r--modules/nixfiles/firefox/default.nix17
-rw-r--r--modules/nixfiles/firefox/userContent.css66
-rw-r--r--modules/nixfiles/games/minecraft.nix4
-rw-r--r--modules/nixfiles/gotify.nix8
-rw-r--r--modules/nixfiles/grafana.nix8
-rw-r--r--modules/nixfiles/ipfs.nix6
-rw-r--r--modules/nixfiles/kde.nix7
-rw-r--r--modules/nixfiles/loki.nix4
-rw-r--r--modules/nixfiles/mpd.nix2
-rw-r--r--modules/nixfiles/nginx.nix3
-rw-r--r--modules/nixfiles/nmap.nix9
-rw-r--r--modules/nixfiles/nsd.nix2
-rw-r--r--modules/nixfiles/profiles/dev/containers.nix32
-rw-r--r--modules/nixfiles/profiles/headful.nix12
-rw-r--r--modules/nixfiles/prometheus.nix4
-rw-r--r--modules/nixfiles/psd.nix8
-rw-r--r--modules/nixfiles/radicale.nix4
-rw-r--r--modules/nixfiles/rss-bridge.nix15
-rw-r--r--modules/nixfiles/rtorrent.nix16
-rw-r--r--modules/nixfiles/searx.nix4
-rw-r--r--modules/nixfiles/syncthing.nix6
-rw-r--r--modules/nixfiles/xmonad.nix3
30 files changed, 262 insertions, 175 deletions
diff --git a/modules/nixfiles/alertmanager.nix b/modules/nixfiles/alertmanager.nix
index e6564fb..871b0c4 100644
--- a/modules/nixfiles/alertmanager.nix
+++ b/modules/nixfiles/alertmanager.nix
@@ -26,8 +26,8 @@ in {
     nixfiles.modules.nginx = with cfg; {
       enable = true;
       upstreams.alertmanager.servers."127.0.0.1:${toString cfg.port}" = {};
-      virtualHosts.${cfg.domain}.locations."/" = {
-        proxyPass = "http://alertmanager";
+      virtualHosts.${cfg.domain} = {
+        locations."/".proxyPass = "http://alertmanager";
         extraConfig = nginxInternalOnly;
       };
     };
diff --git a/modules/nixfiles/aria2.nix b/modules/nixfiles/aria2.nix
index a9b5d42..9e72176 100644
--- a/modules/nixfiles/aria2.nix
+++ b/modules/nixfiles/aria2.nix
@@ -11,37 +11,26 @@ in {
     mkEnableOption "aria2";
 
   config = mkIf cfg.enable {
-    hm = {
-      programs.aria2 = {
-        enable = true;
+    hm.programs.aria2 = {
+      enable = true;
 
-        settings = {
-          bt-max-peers = 128;
-          bt-save-metadata = true;
-          continue = true;
-          enable-dht = true;
-          enable-peer-exchange = true;
-          enable-rpc = false;
-          follow-torrent = true;
-          log-level = "info";
-          max-connection-per-server = 16;
-          max-overall-upload-limit = "1K";
-          max-tries = 5;
-          max-upload-limit = "1K";
-          seed-ratio = 0.1;
-          seed-time = 0.1;
-          stream-piece-selector = "default";
-          timeout = 60;
-        };
-      };
-
-      xdg.desktopEntries.aria2c = {
-        name = "aria2";
-        genericName = "Download Manager";
-        exec = "${pkgs.aria2}/bin/aria2c";
-        terminal = true;
-        categories = ["Application" "Network"];
-        mimeType = ["application/x-bittorrent" "x-scheme-handler/magnet"];
+      settings = {
+        bt-max-peers = 128;
+        bt-save-metadata = true;
+        continue = true;
+        enable-dht = true;
+        enable-peer-exchange = true;
+        enable-rpc = false;
+        follow-torrent = true;
+        log-level = "info";
+        max-connection-per-server = 16;
+        max-overall-upload-limit = "1K";
+        max-tries = 5;
+        max-upload-limit = "1K";
+        seed-ratio = 0.1;
+        seed-time = 0.1;
+        stream-piece-selector = "default";
+        timeout = 60;
       };
     };
   };
diff --git a/modules/nixfiles/beets.nix b/modules/nixfiles/beets.nix
index 6b1e227..83cbff1 100644
--- a/modules/nixfiles/beets.nix
+++ b/modules/nixfiles/beets.nix
@@ -11,7 +11,7 @@ in {
 
   config = mkIf cfg.enable {
     hm = let
-      beetsdir = "${config.hm.xdg.dataHome}/beets";
+      beetsdir = "${config.dirs.data}/beets";
     in {
       home.sessionVariables.BEETSDIR = beetsdir;
 
diff --git a/modules/nixfiles/common/networking.nix b/modules/nixfiles/common/networking.nix
index 3085797..8512d78 100644
--- a/modules/nixfiles/common/networking.nix
+++ b/modules/nixfiles/common/networking.nix
@@ -13,56 +13,66 @@ with lib; {
   '';
 
   # TODO Support multiple interfaces and IP addresses.
-  networking = let
-    interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false.
-  in {
-    domain = my.domain.shire;
+  networking = mkMerge [
+    {
+      domain = my.domain.shire;
 
-    hostName = this.hostname;
-    hostId = substring 0 8 (builtins.hashString "md5" this.hostname);
+      hostName = this.hostname;
+      hostId = substring 0 8 (builtins.hashString "md5" this.hostname);
 
-    nameservers = mkDefault dns.const.quad9.default;
+      # Remove default hostname mappings. This is required at least by the current
+      # implementation of the montoring module.
+      hosts = {
+        "127.0.0.2" = mkForce [];
+        "::1" = mkForce [];
+      };
 
-    useDHCP = false;
+      nameservers = mkDefault dns.const.quad9.default;
 
-    # This could potentially break something.
-    usePredictableInterfaceNames = false;
-    interfaces.${interface} = {
-      ipv4.addresses = with this.ipv4;
-        optional (isString address && isInt prefixLength) {
-          inherit address prefixLength;
-        };
+      useDHCP = false;
 
-      ipv6.addresses = with this.ipv6;
-        optional (isString address && isInt prefixLength) {
-          inherit address prefixLength;
-        };
-    };
-    defaultGateway = with this.ipv4;
-      mkIf (isString gatewayAddress) {
-        inherit interface;
-        address = gatewayAddress;
-      };
-    defaultGateway6 = with this.ipv6;
-      mkIf (isString gatewayAddress) {
-        inherit interface;
-        address = gatewayAddress;
-      };
+      firewall = {
+        enable = true;
 
-    firewall = {
-      enable = true;
+        rejectPackets = false;
 
-      rejectPackets = false;
+        allowPing = true;
+        pingLimit = "--limit 1/minute --limit-burst 5";
 
-      allowPing = true;
-      pingLimit = "--limit 1/minute --limit-burst 5";
+        logRefusedConnections = false;
+        logRefusedPackets = false;
+        logRefusedUnicastsOnly = false;
+        logReversePathDrops = false;
+      };
+    }
+    (let
+      interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false.
+    in
+      mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) {
+        usePredictableInterfaceNames = false; # NOTE This can break something!
+        interfaces.${interface} = {
+          ipv4.addresses = with this.ipv4;
+            optional (isString address && isInt prefixLength) {
+              inherit address prefixLength;
+            };
 
-      logRefusedConnections = false;
-      logRefusedPackets = false;
-      logRefusedUnicastsOnly = false;
-      logReversePathDrops = false;
-    };
-  };
+          ipv6.addresses = with this.ipv6;
+            optional (isString address && isInt prefixLength) {
+              inherit address prefixLength;
+            };
+        };
+        defaultGateway = with this.ipv4;
+          mkIf (isString gatewayAddress) {
+            inherit interface;
+            address = gatewayAddress;
+          };
+        defaultGateway6 = with this.ipv6;
+          mkIf (isString gatewayAddress) {
+            inherit interface;
+            address = gatewayAddress;
+          };
+      })
+  ];
 
   environment = {
     systemPackages = with pkgs; [myip];
diff --git a/modules/nixfiles/common/nix/default.nix b/modules/nixfiles/common/nix/default.nix
index 47cd5c1..f6c75ba 100644
--- a/modules/nixfiles/common/nix/default.nix
+++ b/modules/nixfiles/common/nix/default.nix
@@ -98,14 +98,6 @@ with lib; {
         alejandra = super.alejandra.overrideAttrs (_: _: {
           patches = [./patches/alejandra-no-ads.patch];
         });
-
-        # https://github.com/NixOS/nixpkgs/pull/192671
-        # inherit
-        #   (pkgsPR
-        #     "192671"
-        #     "sha256-BdmWzoR+l7f7aV2oTmA8kfm63Y9UZFHABni8xRgkK/M=")
-        #   please
-        #   ;
       }
       // (with super; let
         np = nodePackages;
@@ -114,6 +106,7 @@ with lib; {
         css-language-server = np.vscode-css-languageserver-bin;
         dockerfile-language-server = np.dockerfile-language-server-nodejs;
         editorconfig = editorconfig-core-c;
+        go-language-server = gopls;
         html-language-server = np.vscode-html-languageserver-bin;
         inherit (np) bash-language-server;
         inherit (np) vim-language-server;
@@ -127,13 +120,24 @@ with lib; {
       }))
     agenix.overlay
     emacs-overlay.overlay
-    nix-minecraft-servers.overlays.default
+    # nil.overlays.default
+    # nix-minecraft-servers.overlays.default
     nur.overlay
-    pollymc.overlay
+    # pollymc.overlay
     xmonad-ng.overlays.default
   ];
 
-  system.stateVersion = builtins.readFile "${inputs.nixpkgs}/.version";
+  system = {
+    stateVersion = builtins.readFile "${inputs.nixpkgs}/.version";
+
+    extraDependencies = with inputs; [
+      nixos-hardware
+      nixpkgs
+      nixpkgs-master
+      nixpkgs-stable
+      nur
+    ];
+  };
 
   environment = {
     sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1";
diff --git a/modules/nixfiles/common/shell/default.nix b/modules/nixfiles/common/shell/default.nix
index 4e0572f..8ed2e99 100644
--- a/modules/nixfiles/common/shell/default.nix
+++ b/modules/nixfiles/common/shell/default.nix
@@ -70,7 +70,7 @@ with lib; {
                     super.patches
                     ++ [
                       (fetchpatch {
-                        url = "https://raw.githubusercontent.com/jarun/advcpmv/master/advcpmv-0.9-9.1.patch";
+                        url = "https://raw.githubusercontent.com/jarun/advcpmv/ea268d870b475edd5960dcd55d5378abc9705958/advcpmv-0.9-9.1.patch";
                         hash = "sha256-d+SRT/R4xmfHLAdOr7m4R3WFiW64P5ZH6iqDvErYCyg=";
                       })
                     ];
diff --git a/modules/nixfiles/emacs/default.nix b/modules/nixfiles/emacs/default.nix
index ff0238d..fa72549 100644
--- a/modules/nixfiles/emacs/default.nix
+++ b/modules/nixfiles/emacs/default.nix
@@ -30,13 +30,13 @@ in {
       programs.doom-emacs = {
         enable = true;
         doomPrivateDir = ./doom;
-        emacsPackage = pkgs.emacs28; # Package is pinned to avoid surprises.
+        emacsPackage = pkgs.emacs28; # The package is pinned to avoid surprises.
         extraPackages = with pkgs; [
           mu # :email mu4e
         ];
         extraConfig = let
-          # NOTE gopls will require a Go executable, which must be provided by
-          # the project's flake.
+          # NOTE gopls will require the "go" executable which must be provided
+          # by the project's flake/shell.
           extraBins = with pkgs; [
             (aspellWithDicts (p: with p; [en ru])) # :checkers (spell +aspell)
             (python3.withPackages (p:
@@ -59,8 +59,8 @@ in {
             gdb # :tools debugger
             gnuplot # :lang (org +gnuplot)
             gnutls # doom!
+            go-language-server # :lang (go +lsp)
             gomodifytags # :lang go
-            gopls # :lang (go +lsp)
             gore # :lang go
             gotests # :lang go
             graphviz # :lang (org +roam2) :lang plantuml
@@ -92,6 +92,7 @@ in {
             shellcheck # :lang sh
             shfmt # :lang sh :editor format
             sqlite # :lang (org +roam2) :tools lookup
+            texlab # lang (tex +lsp)
             texlive.combined.scheme-full # :lang org tex
             unzip # :tools debugger
             wordnet # :tools (lookup +dictionary +offline)
@@ -104,7 +105,7 @@ in {
             zstd # :emacs undo
           ];
         in ''
-          ;; This will integrate packages, which are required by various modules
+          ;; This will integrate packages which are required by various modules
           ;; without polluting the user's profile.
           (setq exec-path (append exec-path '(${
             concatMapStringsSep " " (x: ''"${x}/bin"'') extraBins
@@ -145,5 +146,10 @@ in {
         client.enable = true;
       };
     };
+
+    system.extraDependencies = with inputs; [
+      emacs-overlay
+      nix-doom-emacs
+    ];
   };
 }
diff --git a/modules/nixfiles/emacs/doom/config.el b/modules/nixfiles/emacs/doom/config.el
index fedd98d..4f2d835 100644
--- a/modules/nixfiles/emacs/doom/config.el
+++ b/modules/nixfiles/emacs/doom/config.el
@@ -170,6 +170,12 @@
     :user "azahi/oftc"
     :pass nixfiles/irc-bouncer-password-f))
 
+;; (set-irc-server! "hackint"
+;;   `(:host "shire.me"
+;;     :port 6667
+;;     :user "azahi/hackint"
+;;     :pass nixfiles/irc-bouncer-password-f))
+
 (set-irc-server! "rizon"
   `(:host "shire.me"
     :port 6667
diff --git a/modules/nixfiles/firefox/default.nix b/modules/nixfiles/firefox/default.nix
index 8642b6f..6f4d327 100644
--- a/modules/nixfiles/firefox/default.nix
+++ b/modules/nixfiles/firefox/default.nix
@@ -207,7 +207,20 @@ in {
                 };
               };
             };
-            "2000".enable = true;
+            "2000" = {
+              enable = true;
+              "2022" = {
+                enable = true;
+                "media.eme.enabled" = {
+                  enable = true;
+                  value = false;
+                };
+                "browser.eme.ui.enabled" = {
+                  enable = true;
+                  value = false;
+                };
+              };
+            };
             "2400".enable = false;
             "2600" = {
               enable = true;
@@ -276,5 +289,7 @@ in {
     };
 
     services.psd.enable = true;
+
+    system.extraDependencies = [inputs.arkenfox-nixos];
   };
 }
diff --git a/modules/nixfiles/firefox/userContent.css b/modules/nixfiles/firefox/userContent.css
index 1440c1a..9b2dd4e 100644
--- a/modules/nixfiles/firefox/userContent.css
+++ b/modules/nixfiles/firefox/userContent.css
@@ -16,22 +16,33 @@
     }
 }
 
-@-moz-document regexp("https?:\/\/(.*.)?gitlab(\..*)?\.(com|org).*") {
+@-moz-document regexp("https?://(www)?yandex\.(com|ru)/search/.*")
+{
+    #search-result-aside,
+    .RelatedAbove {
+        display: none !important;
+    }
+}
+
+@-moz-document regexp("https?://(.*.)?gitlab(\..*)?\.(com|org).*")
+{
     code {
         font-family: var(--monospace-font-family) !important;
         font-size: var(--monospace-font-size) !important;
     }
 }
 
-@-moz-document regexp("https?:\/\/(.*\.)?github.com.*") {
+@-moz-document regexp("https?://(.*\.)?github.com.*")
+{
     #org-repo-pin-select-menu,
     #sponsor-button,
-    .btn.ml-2.d-none.d-md-block, /* Go to file button */
+    .btn.ml-2.d-none.d-md-block, /* "Go to file" button. */
     .dropdown-divider,
     .footer,
     .octicon.octicon-info,
     .pt-3.mt-3.d-none.d-md-block, /* Profile achievements. */
     .starring-container,
+    .user-following-container,
     .user-profile-link,
     .user-status-circle-badge-container,
     .user-status-container,
@@ -60,13 +71,15 @@
     }
 }
 
-@-moz-document regexp("https?:\/\/github.com/?") {
+@-moz-document regexp("https?://github.com/?")
+{
     .application-main {
         display: none !important;
     }
 }
 
-@-moz-document regexp("https?:\/\/.*(stack(exchange|overflow)|askubuntu|superuser|serverfault)\.com\/questions\/.*") {
+@-moz-document regexp("https?://.*(stack(exchange|overflow)|askubuntu|superuser|serverfault)\.com/questions/.*")
+{
     html,
     body {
         --ff-mono: var(--monospace-font-family) !important;
@@ -109,7 +122,8 @@
     }
 }
 
-@-moz-document regexp("https?:\/\/kubernetes\.io\/docs\/.*") {
+@-moz-document regexp("https?://kubernetes\.io/docs/.*")
+{
     .announcement,
     .announcement-main,
     .d-none {
@@ -117,19 +131,22 @@
     }
 }
 
-@-moz-document regexp("https?:\/\/min\.io\/docs\/.*") {
+@-moz-document regexp("https?://min\.io/docs/.*")
+{
     #cookie {
         display: none !important;
     }
 }
 
-@-moz-document regexp("https?:\/\/werf\.io\/documentation\/.*") {
+@-moz-document regexp("https?://werf\.io/documentation/.*")
+{
     .guides-banner {
         display: none !important;
     }
 }
 
-@-moz-document regexp("https?:\/\/habr\.com\/(ru|en)\/(article|company\/.*\/blog|post)\/.*") {
+@-moz-document regexp("https?://habr\.com/(ru|en)/(article|company/.*/blog|post)/.*")
+{
     .Vue-Toastification__container,
     .tm-article-presenter__footer,
     .tm-article-presenter__meta,
@@ -188,26 +205,30 @@
     }
 }
 
-@-moz-document regexp("https?:\/\/jisho\.org.*") {
+@-moz-document regexp("https?://jisho\.org.*")
+{
     header,
     footer {
         display: none !important;
     }
 }
 
-@-moz-document regexp("https?:\/\/gog.com.*") {
-    .galaxy-section-wrapper {
+@-moz-document regexp("https?:\/\/gog\.com.*") {
+    .galaxy-section-wrapper,
+    footer {
         display: none !important;
     }
 }
 
-@-moz-document regexp("https?:\/\/steamdb\.info.*") {
+@-moz-document regexp("https?://steamdb\.info.*")
+{
     #steamdb-extension-protip {
         display: none !important;
     }
 }
 
-@-moz-document regexp("https?:\/\/\.*\.hh\.ru.*") {
+@-moz-document regexp("https?://(.*\.)?hh\.ru.*")
+{
     .HH-Supernova-Footer,
     .index-dashboard-applicant__banners,
     .notification-manager,
@@ -217,7 +238,8 @@
     }
 }
 
-@-moz-document regexp("https?:\/\/www\.songsterr\.com.*") {
+@-moz-document regexp("https?://www\.songsterr\.com.*")
+{
     #favorite,
     #fullscreen,
     #logo,
@@ -229,14 +251,18 @@
     #promo,
     #revisions,
     #showroom,
+    #showroom_sidebar,
     #text-showroom,
     footer {
         display: none !important;
     }
 }
 
-@-moz-document regexp("https?:\/\/developer\.mozilla\.org.*") {
-    .main-document-header-container.top-navigation {
+@-moz-document regexp("https?://developer\.mozilla\.org.*")
+{
+    #nav-footer,
+    .main-document-header-container.top-navigation,
+    .mdn-cta-container {
         display: none !important;
     }
 
@@ -245,7 +271,8 @@
     }
 }
 
-@-moz-document regexp("https?:\/\/(.*\.)?wikipedia\.org\/wiki\/.*") {
+@-moz-document regexp("https?://(.*\.)?wikipedia\.org/wiki/.*")
+{
     #footer,
     #mp-topbanner,
     #siteNotice {
@@ -253,7 +280,8 @@
     }
 }
 
-@-moz-document regexp("https?:\/\/wikiless\.org\/wiki\/.*") {
+@-moz-document regexp("https?://wikiless\.org/wiki/.*")
+{
     #footer,
     #mw-navigation,
     #mw-page-base {
diff --git a/modules/nixfiles/games/minecraft.nix b/modules/nixfiles/games/minecraft.nix
index e53f9eb..47279f8 100644
--- a/modules/nixfiles/games/minecraft.nix
+++ b/modules/nixfiles/games/minecraft.nix
@@ -23,6 +23,8 @@ in {
   config = mkMerge [
     (mkIf cfg.client.enable {
       hm.home.packages = with pkgs; [pollymc];
+
+      system.extraDependencies = [inputs.pollymc];
     })
     (mkIf cfg.server.enable {
       # Configurations, opslist, whitelist and plugins are managed imperatively.
@@ -45,6 +47,8 @@ in {
 
       # Defined in /var/lib/minecraft/server.properties.
       networking.firewall.allowedTCPPorts = [55565];
+
+      system.extraDependencies = [inputs.nix-minecraft-servers];
     })
   ];
 }
diff --git a/modules/nixfiles/gotify.nix b/modules/nixfiles/gotify.nix
index f21a98d..db47bb4 100644
--- a/modules/nixfiles/gotify.nix
+++ b/modules/nixfiles/gotify.nix
@@ -24,9 +24,11 @@ in {
         nginx = {
           enable = true;
           upstreams.gotify.servers."127.0.0.1:${toString config.services.gotify.port}" = {};
-          virtualHosts.${cfg.domain}.locations."/" = {
-            proxyPass = "http://gotify";
-            proxyWebsockets = true;
+          virtualHosts.${cfg.domain} = {
+            locations."/" = {
+              proxyPass = "http://gotify";
+              proxyWebsockets = true;
+            };
             extraConfig = nginxInternalOnly;
           };
         };
diff --git a/modules/nixfiles/grafana.nix b/modules/nixfiles/grafana.nix
index b98be13..a614502 100644
--- a/modules/nixfiles/grafana.nix
+++ b/modules/nixfiles/grafana.nix
@@ -49,9 +49,11 @@ in {
         nginx = {
           enable = true;
           upstreams.grafana.servers."127.0.0.1:${toString cfg.port}" = {};
-          virtualHosts.${cfg.domain}.locations."/" = {
-            proxyPass = "http://grafana";
-            proxyWebsockets = true;
+          virtualHosts.${cfg.domain} = {
+            locations."/" = {
+              proxyPass = "http://grafana";
+              proxyWebsockets = true;
+            };
             extraConfig = nginxInternalOnly;
           };
         };
diff --git a/modules/nixfiles/ipfs.nix b/modules/nixfiles/ipfs.nix
index f998d6d..0ec64e5 100644
--- a/modules/nixfiles/ipfs.nix
+++ b/modules/nixfiles/ipfs.nix
@@ -157,10 +157,8 @@ in {
           };
           "api.${cfg.domain}" = {
             # TODO Redirect "/" to "/webui" but keep other endpoints.
-            locations."/" = {
-              proxyPass = "http://ipfs_api";
-              extraConfig = nginxInternalOnly;
-            };
+            locations."/".proxyPass = "http://ipfs_api";
+            extraConfig = nginxInternalOnly;
           };
         };
       };
diff --git a/modules/nixfiles/kde.nix b/modules/nixfiles/kde.nix
index e22663c..6b20569 100644
--- a/modules/nixfiles/kde.nix
+++ b/modules/nixfiles/kde.nix
@@ -27,7 +27,12 @@ in {
           print-manager
         ];
       };
-      displayManager.sddm.enable = true;
+      displayManager = {
+        sddm.enable = true;
+
+        # NOTE https://github.com/NixOS/nixpkgs/pull/199881
+        setupCommands = lib.mkForce "";
+      };
     };
 
     environment.systemPackages = with pkgs; [pinentry-qt];
diff --git a/modules/nixfiles/loki.nix b/modules/nixfiles/loki.nix
index 4d9aab7..1582164 100644
--- a/modules/nixfiles/loki.nix
+++ b/modules/nixfiles/loki.nix
@@ -27,8 +27,8 @@ in {
     nixfiles.modules.nginx = with cfg; {
       enable = true;
       upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {};
-      virtualHosts.${domain}.locations."/" = {
-        proxyPass = "http://loki";
+      virtualHosts.${domain} = {
+        locations."/".proxyPass = "http://loki";
         extraConfig = nginxInternalOnly;
       };
     };
diff --git a/modules/nixfiles/mpd.nix b/modules/nixfiles/mpd.nix
index cc542fe..4b49213 100644
--- a/modules/nixfiles/mpd.nix
+++ b/modules/nixfiles/mpd.nix
@@ -41,7 +41,7 @@ in {
         enable = true;
 
         settings = rec {
-          ncmpcpp_directory = "${config.hm.xdg.dataHome}/ncmpcpp";
+          ncmpcpp_directory = "${config.dirs.data}/ncmpcpp";
           lyrics_directory = "${ncmpcpp_directory}/lyrics";
 
           playlist_disable_highlight_delay = 1;
diff --git a/modules/nixfiles/nginx.nix b/modules/nixfiles/nginx.nix
index 38fc613..b8ab24d 100644
--- a/modules/nixfiles/nginx.nix
+++ b/modules/nixfiles/nginx.nix
@@ -43,13 +43,14 @@ in {
 
         commonHttpConfig = concatStrings [
           ''
-            add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
+            add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet";
           ''
           (optionalString (hasAttr "wireguard" this)
             (with config.nixfiles.modules.wireguard; ''
               geo $internal {
                 default 0;
                 127.0.0.1/32 1;
+                ::1/128 1;
                 ${ipv4.subnet} 1;
                 ${ipv6.subnet} 1;
               }
diff --git a/modules/nixfiles/nmap.nix b/modules/nixfiles/nmap.nix
index 27a36bb..14ad007 100644
--- a/modules/nixfiles/nmap.nix
+++ b/modules/nixfiles/nmap.nix
@@ -46,14 +46,19 @@ in {
         shellAliases = let
           base = "${pkgs.nmap}/bin/nmap -sV";
         in {
-          nmap-vulscan = "${base} --script=vulscan/vulscan.nse";
           nmap-vulners = "${base} --script=vulners/vulners.nse";
+          nmap-vulscan = "${base} --script=vulscan/vulscan.nse";
         };
         initExtra = mkAfter ''
-          _complete_alias nmap-vulscan _nmap nmap
           _complete_alias nmap-vulners _nmap nmap
+          _complete_alias nmap-vulscan _nmap nmap
         '';
       };
     };
+
+    system.extraDependencies = with inputs; [
+      nmap-vulners
+      nmap-vulscan
+    ];
   };
 }
diff --git a/modules/nixfiles/nsd.nix b/modules/nixfiles/nsd.nix
index 0dade8f..f5a7d84 100644
--- a/modules/nixfiles/nsd.nix
+++ b/modules/nixfiles/nsd.nix
@@ -170,5 +170,7 @@ in {
       allowedTCPPorts = [53];
       allowedUDPPorts = allowedTCPPorts;
     };
+
+    system.extraDependencies = [inputs.dns-nix];
   };
 }
diff --git a/modules/nixfiles/profiles/dev/containers.nix b/modules/nixfiles/profiles/dev/containers.nix
index c9e82d7..ef41229 100644
--- a/modules/nixfiles/profiles/dev/containers.nix
+++ b/modules/nixfiles/profiles/dev/containers.nix
@@ -16,26 +16,18 @@ in {
   config = mkIf cfg.enable {
     nixfiles.modules.podman.enable = true;
 
-    hm = let
-      minikubeHome = "${config.dirs.data}/minikube";
-    in {
+    hm = {
       home = {
         sessionVariables = {
-          MINIKUBE_HOME = minikubeHome;
-          MINIKUBE_IN_STYLE = false;
-          WERF_DEV = true;
-          WERF_INSECURE_REGISTRY = true;
-          WERF_LOG_DEBUG = true;
-          WERF_LOG_PRETTY = false;
-          WERF_LOG_VERBOSE = true;
+          MINIKUBE_HOME = "${config.dirs.config}/minikube";
+          MINIKUBE_IN_STYLE = "false";
+          WERF_DEV = "true";
+          WERF_INSECURE_REGISTRY = "true";
+          WERF_LOG_DEBUG = "true";
+          WERF_LOG_PRETTY = "false";
+          WERF_LOG_VERBOSE = "true";
           WERF_SYNCHRONIZATION = ":local";
-          WERF_TELEMETRY = false;
-        };
-
-        file."${minikubeHome}/config/config.json".text = generators.toJSON {} {
-          config.Rootless = true;
-          driver = "podman";
-          container-runtime = "cri-o";
+          WERF_TELEMETRY = "false";
         };
 
         packages = with pkgs; [
@@ -56,6 +48,12 @@ in {
         ];
       };
 
+      xdg.dataFile."minikube/config/config.json".text = generators.toJSON {} {
+        config.Rootless = true;
+        driver = "podman";
+        container-runtime = "cri-o";
+      };
+
       programs.bash = {
         shellAliases = with pkgs; {
           b = "${buildah}/bin/buildah";
diff --git a/modules/nixfiles/profiles/headful.nix b/modules/nixfiles/profiles/headful.nix
index 0563640..f3355b6 100644
--- a/modules/nixfiles/profiles/headful.nix
+++ b/modules/nixfiles/profiles/headful.nix
@@ -33,6 +33,18 @@ in {
 
     hm = {
       home.packages = with pkgs; [
+        # (openconnect.overrideAttrs (_: super: {
+        #   version = "unstable-2022-10-23";
+        #   src = pkgs.fetchFromGitLab {
+        #     owner = "openconnect";
+        #     repo = "openconnect";
+        #     rev = "acdfc753f7885b2a539f99036ac41ba1b78cc7ae";
+        #     hash = "sha256-ub+Z4WFD77h5YMQTb+TLc7EyY2KjBWglF1QVTirCHJM=";
+        #   };
+        #   configureFlags = super.configureFlags ++ [
+        #     "--with-external-browser=${config.hm.programs.firefox.package}/bin/firefox"
+        #   ];
+        # }))
         calibre
         fd
         imv
diff --git a/modules/nixfiles/prometheus.nix b/modules/nixfiles/prometheus.nix
index 0b0c096..a75c151 100644
--- a/modules/nixfiles/prometheus.nix
+++ b/modules/nixfiles/prometheus.nix
@@ -26,8 +26,8 @@ in {
     nixfiles.modules.nginx = with cfg; {
       enable = true;
       upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = {};
-      virtualHosts.${domain}.locations."/" = {
-        proxyPass = "http://prometheus";
+      virtualHosts.${domain} = {
+        locations."/".proxyPass = "http://prometheus";
         extraConfig = nginxInternalOnly;
       };
     };
diff --git a/modules/nixfiles/psd.nix b/modules/nixfiles/psd.nix
index e497bcf..77d3c66 100644
--- a/modules/nixfiles/psd.nix
+++ b/modules/nixfiles/psd.nix
@@ -11,12 +11,12 @@ in {
     mkEnableOption "Profile Sync Daemon";
 
   config = mkIf cfg.enable {
-    hm.home = {
-      file."${config.hm.xdg.configHome}/psd/psd.conf".text = ''
+    hm = {
+      home.packages = with pkgs; [profile-sync-daemon];
+
+      xdg.configFile."psd/psd.conf".text = ''
         USE_OVERLAYFS="yes"
       '';
-
-      packages = with pkgs; [profile-sync-daemon];
     };
 
     systemd.user = {
diff --git a/modules/nixfiles/radicale.nix b/modules/nixfiles/radicale.nix
index 76f6b49..c903d39 100644
--- a/modules/nixfiles/radicale.nix
+++ b/modules/nixfiles/radicale.nix
@@ -30,8 +30,8 @@ in {
       nixfiles.modules.nginx = {
         enable = true;
         upstreams.radicale.servers."127.0.0.1:${toString port}" = {};
-        virtualHosts.${cfg.domain}.locations."/" = {
-          proxyPass = "http://radicale";
+        virtualHosts.${cfg.domain} = {
+          locations."/".proxyPass = "http://radicale";
           extraConfig = nginxInternalOnly;
         };
       };
diff --git a/modules/nixfiles/rss-bridge.nix b/modules/nixfiles/rss-bridge.nix
index 42bb7d0..fef1070 100644
--- a/modules/nixfiles/rss-bridge.nix
+++ b/modules/nixfiles/rss-bridge.nix
@@ -17,14 +17,15 @@ in {
   };
 
   config = mkIf cfg.enable {
-    nixfiles.modules.nginx.enable = true;
+    nixfiles.modules.nginx = {
+      enable = true;
+      virtualHosts.${cfg.domain}.extraConfig = nginxInternalOnly;
+    };
 
-    services = {
-      rss-bridge = {
-        enable = true;
-        virtualHost = cfg.domain;
-        whitelist = ["LWNprev" "Phoronix"];
-      };
+    services.rss-bridge = {
+      enable = true;
+      virtualHost = cfg.domain;
+      whitelist = ["*"];
     };
   };
 }
diff --git a/modules/nixfiles/rtorrent.nix b/modules/nixfiles/rtorrent.nix
index 834e36d..4014a3b 100644
--- a/modules/nixfiles/rtorrent.nix
+++ b/modules/nixfiles/rtorrent.nix
@@ -220,20 +220,16 @@ in {
             virtualHosts.${cfg.flood.domain} = {
               root = "${pkg}/lib/node_modules/flood/dist/assets";
               locations = {
-                "/" = {
-                  tryFiles = "$uri /index.html";
-                  extraConfig = nginxInternalOnly;
-                };
+                "/".tryFiles = "$uri /index.html";
                 "/api" = {
                   proxyPass = "http://flood";
-                  extraConfig =
-                    nginxInternalOnly
-                    + ''
-                      proxy_buffering off;
-                      proxy_cache off;
-                    '';
+                  extraConfig = ''
+                    proxy_buffering off;
+                    proxy_cache off;
+                  '';
                 };
               };
+              extraConfig = nginxInternalOnly;
             };
           };
 
diff --git a/modules/nixfiles/searx.nix b/modules/nixfiles/searx.nix
index 24482cc..9462d5d 100644
--- a/modules/nixfiles/searx.nix
+++ b/modules/nixfiles/searx.nix
@@ -33,8 +33,8 @@ in {
     nixfiles.modules.nginx = {
       enable = true;
       upstreams.searx.servers."127.0.0.1:${toString cfg.port}" = {};
-      virtualHosts.${cfg.domain}.locations."/" = {
-        proxyPass = "http://searx";
+      virtualHosts.${cfg.domain} = {
+        locations."/".proxyPass = "http://searx";
         extraConfig = nginxInternalOnly;
       };
     };
diff --git a/modules/nixfiles/syncthing.nix b/modules/nixfiles/syncthing.nix
index ed51e73..b690ab4 100644
--- a/modules/nixfiles/syncthing.nix
+++ b/modules/nixfiles/syncthing.nix
@@ -119,7 +119,7 @@ in {
           options = {
             autoUpgradeIntervalH = 0;
             crashReportingEnabled = false;
-            globalAnnounceEnabled = false; # We don't need that with Wireguard.
+            globalAnnounceEnabled = false;
             relaysEnabled = false;
             setLowPriority = this.isHeadless;
             stunKeepaliveMinS = 0;
@@ -135,8 +135,8 @@ in {
       nixfiles.modules.nginx = {
         enable = true;
         upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = {};
-        virtualHosts.${cfg.domain}.locations."/" = {
-          proxyPass = "http://syncthing";
+        virtualHosts.${cfg.domain} = {
+          locations."/".proxyPass = "http://syncthing";
           extraConfig = nginxInternalOnly;
         };
       };
diff --git a/modules/nixfiles/xmonad.nix b/modules/nixfiles/xmonad.nix
index da005b2..847110e 100644
--- a/modules/nixfiles/xmonad.nix
+++ b/modules/nixfiles/xmonad.nix
@@ -1,5 +1,6 @@
 {
   config,
+  inputs,
   lib,
   pkgs,
   ...
@@ -23,5 +24,7 @@ in {
     };
 
     services.xserver.displayManager.startx.enable = true;
+
+    system.extraDependencies = [inputs.xmonad-ng];
   };
 }

Consider giving Nix/NixOS a try! <3