configuration.nix

@@ -1,41 +1,30 @@
 # NixOS's declarative configuration calculates which software packages need to be installed and then soft-links the storage paths of these packages in the Nix Store to /run/current-system, and by modifying environment variables like PATH
-{
-  lib,
-  config,
-  pkgs,
-  zen-browser,
-  hyprland,
-  inputs,
-  agenix,
-  pkgs-unstable,
-  pia,
-  ...
-}:
+{ lib, config, pkgs, zen-browser, hyprland, inputs, agenix, pkgs-unstable, ... }:
 let
   unstable = import <nixpkgs> {
     overlays = pkgs.overlays;
   };
 in
 {
-  imports = [
-    ./environment.nix
-    ./hardware-configuration.nix
+  imports =
+    [
+      ./environment.nix
+      ./hardware-configuration.nix
 
-    # (import ./modules/containers.nix { inherit pkgs inputs config lib pkgs-unstable ;})
-    ./modules/containers.nix
-    ./modules/display.nix
-    ./modules/files.nix
-    ./modules/fonts.nix
-    ./modules/musnix.nix
-    ./modules/network.nix
-    ./modules/nix.nix
-    # ./modules/qt.nix
-    ./modules/security.nix
-    ./modules/tailscale.nix
-    ./modules/users.nix
-    ./modules/wm.nix
-    ./modules/xdg.nix
-  ];
+      # (import ./modules/containers.nix { inherit pkgs inputs config lib pkgs-unstable ;})
+      ./modules/containers.nix
+      ./modules/display.nix
+      ./modules/files.nix
+      ./modules/fonts.nix
+      ./modules/musnix.nix
+      ./modules/network.nix
+      ./modules/nix.nix
+      # ./modules/qt.nix
+      ./modules/security.nix
+      ./modules/users.nix
+      ./modules/wm.nix
+      ./modules/xdg.nix
+    ];
 
   programs.hyprland = {
     enable = true;
@@ -147,15 +136,11 @@ in
       #media-session.enable = true;
       # wireplumber.enable = true;
     };
-    # hardware.openrgb = {
-    #   enable = false;
-    #   package = pkgs.openrgb-with-all-plugins;
-    #   motherboard = "intel";
-    #   server.port = 6742;
-    # };
-    pia = {
+    hardware.openrgb = {
       enable = true;
-      authUserPassFile = config.age.secrets.pia.path;
+      package = pkgs.openrgb-with-all-plugins;
+      motherboard = "intel";
+      server.port = 6742;
     };
   };
 
@@ -199,7 +184,6 @@ in
 
     i2c-tools
     android-udev-rules
-    tailscale
 
     logiops
   ];

flake.lock

@@ -127,24 +127,6 @@
         "type": "github"
       }
     },
-    "flake-utils_2": {
-      "inputs": {
-        "systems": "systems_3"
-      },
-      "locked": {
-        "lastModified": 1726560853,
-        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
     "fromYaml": {
       "flake": false,
       "locked": {
@@ -350,27 +332,6 @@
         "type": "github"
       }
     },
-    "pia": {
-      "inputs": {
-        "flake-utils": "flake-utils_2",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1730809692,
-        "narHash": "sha256-L2nzuQOK36xYcY6hQ3+waIFd0lWGlz7YTBnUCgV5Ox4=",
-        "owner": "Fuwn",
-        "repo": "pia.nix",
-        "rev": "445e82bd030080fb250f83805a7cc2feeea174c9",
-        "type": "github"
-      },
-      "original": {
-        "owner": "Fuwn",
-        "repo": "pia.nix",
-        "type": "github"
-      }
-    },
     "root": {
       "inputs": {
         "agenix": "agenix",
@@ -384,7 +345,6 @@
         "nix-colors": "nix-colors",
         "nixpkgs": "nixpkgs_3",
         "nixpkgs-unstable": "nixpkgs-unstable",
-        "pia": "pia",
         "tt-schemes": "tt-schemes",
         "zen-browser": "zen-browser"
       }
@@ -419,21 +379,6 @@
         "type": "github"
       }
     },
-    "systems_3": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
     "tt-schemes": {
       "flake": false,
       "locked": {

flake.nix

@@ -45,9 +45,6 @@
   #     inputs.nixpkgs.follows = "nixpkgs";
   #   };
     agenix.url = "github:ryantm/agenix";
-    # PIA
-    pia.url = "github:Fuwn/pia.nix";
-    pia.inputs.nixpkgs.follows = "nixpkgs";
 
     musnix.url = "github:musnix/musnix";
   };
@@ -66,7 +63,6 @@
     agenix,
     # nix-ld,
     musnix,
-    pia,
      ...
   } @ inputs:
   let
@@ -105,12 +101,11 @@
 
     nixosConfigurations = {
       launchpad = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs systemSettings userSettings lib agenix pia ;};
+        specialArgs = {inherit inputs outputs systemSettings userSettings lib agenix ;};
         modules = [
           # kmonad.nixosModules.default
           musnix.nixosModules.musnix
           agenix.nixosModules.default
-          pia.nixosModules."x86_64-linux".default
           ./configuration.nix
           # nix-ld.nixosModules.nix-ld
 

hardware-configuration.nix

@@ -22,7 +22,6 @@
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
   boot.initrd.kernelModules = [ "i2c-dev" "i2c-piix4" ];
-  boot.kernel.sysctl."net.ipv4.ip_forward" = 1; # Added for Tailscale
   boot.kernel.sysctl."net.ipv6.conf.enp4s0.disable_ipv6" = true;
   boot.kernel.sysctl."net.ipv6.conf.wlp5s0.disable_ipv6" = true;
   boot.kernel.sysctl."net.ipv6.conf.br0.disable_ipv6" = true;

hm/home.nix

@@ -1,18 +1,6 @@
 # Last stable generation 359 10/13/24
 # home-manager works by soft-linking the software packages configured by the user to /etc/profiles/per-user/your-username and modifying environment variables like PATH to point to this path, thus installing user software packages.
-{
-  inputs,
-  outputs,
-  lib,
-  config,
-  pkgs,
-  systemSettings,
-  userSettings,
-  zen-browser,
-  hyprland,
-  nix-colors,
-  ...
-}:
+{ inputs, outputs, lib, config, pkgs, systemSettings, userSettings, zen-browser, hyprland, nix-colors, ... }:
 let
   system = "x86_64-linux";
 
@@ -151,7 +139,7 @@ in
     };
   };
   fonts.fontconfig.enable = true;
-  # colorScheme = nix-colors.colorSchemes.nord;
+ # colorScheme = nix-colors.colorSchemes.nord;
 
   home.packages = with pkgs; [
     zsh bash git stow tmux tmuxPlugins.tmux-fzf

hm/pkgs/gramming-packages.nix

@@ -7,7 +7,7 @@ with pkgs;
   #   ];
   # })
   # IDE's
-  sublime3 sublime-merge vscode # vscode.languages.web vscode.languages.python vscode.languages.nix vscode.languages.bash
+  sublime3 vscode # vscode.languages.web vscode.languages.python vscode.languages.nix vscode.languages.bash
   typora obsidian obsidian-export # vimPlugins.obsidian-nvim
   # Lunarvim Dependencies
   gnumake42 nodejs_22 cargo ripgrep cmake

hm/pkgs/inet-packages.nix

@@ -26,5 +26,5 @@ with pkgs;
   remmina
 
   mapscii
-  # tidal-dl
+  tidal-dl
 ]

modules/containers.nix

@@ -402,12 +402,6 @@
       localAddress = "192.168.12.76/24";
       hostBridge = "br0";
       autoStart = false;
-      allowedDevices = [
-        {
-          modifier = "rw";
-          node = "/dev/net/tun";
-        }
-      ];
       bindMounts = {
         "/var/www" = {
           hostPath = "/home/wayne/dev/whd/live";
@@ -424,7 +418,7 @@
       {
         networking.firewall = {
           enable = true;
-          allowedTCPPorts = [ 22 80 443 1025 3000 3001 41641 8025 8080 2222 3306 ];
+          allowedTCPPorts = [ 22 80 443 1025 3000 3001 8025 8080 2222 3306 ];
         };
         networking = {
           enableIPv6 = false;
@@ -451,15 +445,6 @@
           };
         };
 
-        services.tailscale = {
-          enable = true;
-          package = pkgs.tailscale;
-          interfaceName = "tailscale0";
-          openFirewall = true;
-          port = 41641;
-          useRoutingFeatures = "server";
-        };
-
         services.openssh = {
           enable = true;
           ports = [ 22 ];

modules/network.nix

@@ -64,8 +64,7 @@
       extraCommands = ''
       iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns
       '';
-      trustedInterfaces = [ "br0" "tailscale0" ];
-      checkReversePath = "loose"; # Added for Tailscale
+      trustedInterfaces = [ "br0" ];
     };
     bridges = {
       br0 = {

modules/security.nix

@@ -1,6 +1,6 @@
 { pkgs, ... }:
 {
-  security.polkit = {
+    security.polkit = {
     enable = true;
     extraConfig = ''
       polkit.addRule(function (action, subject) {
@@ -70,11 +70,11 @@
       %wheel ALL=(ALL) NOPASSWD: ${pkgs.input-remapper}/bin/input-remapper-service
       %wheel ALL=(ALL) NOPASSWD: ${pkgs.input-remapper}/bin/input-remapper-control
       %wheel ALL=(ALL) NOPASSWD: /run/wrappers/bin/systemctl restart display-manager
+
     '';
   };
 
   age = {
-    identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
     secrets = {
       nextcloud = {
         file = ../secrets/nextcloud.age;
@@ -85,9 +85,6 @@
       onlyoffice = {
         file = ../secrets/onlyoffice-jwt.age;
       };
-      pia = {
-        file = ../secrets/pia.age;
-      };
     };
   };
 }

modules/tailscale.nix

@@ -1,15 +0,0 @@
-{ pkgs, ... }:
-
-{
-  services.tailscale = {
-    enable = true;
-    package = pkgs.tailscale;
-    interfaceName = "tailscale0";
-    openFirewall = true;
-    port = 41641;
-    useRoutingFeatures = "both";
-    extraSetFlags = [
-      "--advertise-routes=192.168.12.0/24"
-    ];
-  };
-}

pkgs/wm/hyprland/hyprland.nix

@@ -244,10 +244,10 @@
         # "${config.home.homeDirectory}/.config/hypr/scripts/start-in-tray.sh"
         "${config.home.homeDirectory}/.config/hypr/scripts/start-keybase-gui.sh"
 
-        "[workspace 4 silent] remmina -c rdp://wayne@xeon.local"
+        # "[workspace 4 silent] remmina -c rdp://wayne@xeon.local"
 
         "[workspace 7 silent] sublime3"
-        "[workspace 9 silent] keepassxc"
+        "[workspace 9 silentl] keepassxc"
         "[workspace 9 silent] /home/wayne/.nix-profile/bin/nextcloud --background"
         "[workspace 9 silent] /nix/store/104jb5a21d1d338zkl1f07si6brsmrk2-keybase-gui-6.2.4/bin/keybase-gui %u &"
 

secrets/.gitmodules

@@ -1,3 +0,0 @@
-[submodule "secrets"]
-  path = secrets
-  url = ../secrets.git

secrets/pia.age

@@ -1,17 +0,0 @@
-age-encryption.org/v1
--> ssh-rsa 28puQg
-JGtoK7DucZvBPjewFHiFnOKOTjIaSOGfRJybUD14VcHRk0uiSfXidkp/Gf/wf3KJ
-narocC7/qcVIdHWiMe+TbNcE/Kcly3BUpW7w7QFIxJ3+X49TttE4/VcTp5QJ2nbV
-Wm5q+Kd9IG2B2Bt/8BmQCiwOkoo+ps3mub4xY2yBmuPo8kvZhMdnwEx2NLQy9CiC
-JOtd77ZpmsETuBOodu/4eAIxqfS+qooZVUkc/mzywOgCjMU94YLrwGxt1iwdTXMX
-xEtm9rd3W2Sjj7ksh6G+rFarg5NODSMc/7LIoiQui6w9ytRsu3FukS8dhYe92Yep
-rw+2Jmz5FHLiVdfh9ZTzEOGVojGlHVJpthZPWUGHsWH1+p9FXbPCYThGVSzWZh/2
-vj6/5C/xpN3yzVoQtVqu/svrSH8Ls9cBJpo2yqopS85nzwjnA/ypkHrXQ4QUaZQg
-upzsNc7EAaY91CIBGxyattGODJ+bRuehVgo/xpb+W9fwFVkvP6wm3UiTJwFsKwE6
-pdusUwqzyhcvhm8lGj5H0JW5jvEd+UjpVBHc1+DC2vLeqwuUzo/Ya5qNTBrNwdKT
-nkXyyiXuTdRJ5lkcM9xjY0vikNN348dURVIB1Ub+iTG85Pg4IdBgR2S5s01L/b4n
-c0vOvWf3jcx/SkZoKgiYjiWYoIXVRrAlcVnwXJ09h+8
--> ssh-ed25519 rxYdLA jMpoBVQ9mBa2Rtyx9EeEGHYKlXYlmTAw0uR+5Jbclyc
-xibncpFqofpBcebRdwALgdjJlUIO4dY7kJYXMB2P9xc
---- eM2ZXQ4YYbeGThU1RChJ1Qmn2NwknMc7jOqd264rHGI
-*OÁ¨„CEŽñBò÷èŠú°U`c2i’þ«<8“ HëÛÑW<>Á|^¥b'2Nµ.Ý–

secrets/secrets.nix

@@ -11,5 +11,4 @@ in
   "nextcloud.age".publicKeys = [ nextcloud wayne launchpad ];
   "onlyoffice-jwt.age".publicKeys = [ onlyoffice wayne launchpad ];
   "whayes.age".publicKeys = [ wayne launchpad ];
-  "pia.age".publicKeys = [ wayne launchpad ];
-}
+}