some llama swap fixes

updated models
added cache to llama swap
2026-03-03 21:20:22 +01:00 · 2026-03-03 00:48:40 +01:00 · 2026-03-02 23:24:21 +01:00 · 2026-03-02 17:38:45 +01:00 · 2026-03-02 15:36:10 +01:00 · 2026-03-02 15:36:10 +01:00
49 changed files with 2034 additions and 982 deletions
--- a/.viminfo
+++ b/.viminfo
@@ -0,0 +1,122 @@
+# This viminfo file was generated by Vim 9.1.
+# You may edit it if you're careful!
+
+# Viminfo version
+|1,4
+
+# Value of 'encoding' when this file was written
+*encoding=utf-8
+
+
+# hlsearch on (H) or off (h):
+~h
+# Last Search Pattern:
+~Msle0~/}
+
+# Command Line History (newest to oldest):
+:wq
+|2,0,1767395245,,"wq"
+
+# Search String History (newest to oldest):
+? }
+|2,1,1767395059,,"}"
+? \<inputs\>
+|2,1,1767395050,,"\\<inputs\\>"
+? \<home-manager\>
+|2,1,1767395031,,"\\<home-manager\\>"
+
+# Expression History (newest to oldest):
+
+# Input Line History (newest to oldest):
+
+# Debug Line History (newest to oldest):
+
+# Registers:
+""-	CHAR	0
+	#
+|3,1,36,0,1,0,1767395242,"#"
+
+# File marks:
+'0  102  10  ~/flake.nix
+|4,48,102,10,1767395245,"~/flake.nix"
+'1  92  10  ~/flake.nix
+|4,49,92,10,1767395070,"~/flake.nix"
+'2  92  10  ~/flake.nix
+|4,50,92,10,1767395070,"~/flake.nix"
+'3  17  4  ~/home/xdg.nix
+|4,51,17,4,1767395009,"~/home/xdg.nix"
+
+# Jumplist (newest first):
+-'  102  10  ~/flake.nix
+|4,39,102,10,1767395245,"~/flake.nix"
+-'  92  10  ~/flake.nix
+|4,39,92,10,1767395234,"~/flake.nix"
+-'  92  10  ~/flake.nix
+|4,39,92,10,1767395070,"~/flake.nix"
+-'  102  10  ~/flake.nix
+|4,39,102,10,1767395059,"~/flake.nix"
+-'  100  12  ~/flake.nix
+|4,39,100,12,1767395050,"~/flake.nix"
+-'  100  12  ~/flake.nix
+|4,39,100,12,1767395050,"~/flake.nix"
+-'  96  12  ~/flake.nix
+|4,39,96,12,1767395031,"~/flake.nix"
+-'  96  12  ~/flake.nix
+|4,39,96,12,1767395031,"~/flake.nix"
+-'  1  0  ~/flake.nix
+|4,39,1,0,1767395014,"~/flake.nix"
+-'  1  0  ~/flake.nix
+|4,39,1,0,1767395014,"~/flake.nix"
+-'  17  4  ~/home/xdg.nix
+|4,39,17,4,1767395009,"~/home/xdg.nix"
+-'  17  4  ~/home/xdg.nix
+|4,39,17,4,1767395009,"~/home/xdg.nix"
+-'  17  4  ~/home/xdg.nix
+|4,39,17,4,1767395009,"~/home/xdg.nix"
+-'  17  4  ~/home/xdg.nix
+|4,39,17,4,1767395009,"~/home/xdg.nix"
+-'  1  0  ~/home/xdg.nix
+|4,39,1,0,1767394999,"~/home/xdg.nix"
+-'  1  0  ~/home/xdg.nix
+|4,39,1,0,1767394999,"~/home/xdg.nix"
+-'  1  0  ~/home/xdg.nix
+|4,39,1,0,1767394999,"~/home/xdg.nix"
+-'  1  0  ~/home/xdg.nix
+|4,39,1,0,1767394999,"~/home/xdg.nix"
+
+# History of marks within files (newest to oldest):
+
+> ~/flake.nix
+	*	1767395243	0
+	"	102	10
+	^	92	11
+	.	102	10
+	+	95	12
+	+	96	12
+	+	97	12
+	+	98	12
+	+	99	12
+	+	100	12
+	+	101	12
+	+	102	10
+	+	93	10
+	+	92	10
+	+	93	10
+	+	95	12
+	+	96	12
+	+	97	12
+	+	98	12
+	+	99	12
+	+	100	12
+	+	101	12
+	+	102	10
+
+> ~/home/xdg.nix
+	*	1767395008	0
+	"	17	4
+	^	17	5
+	.	17	4
+	+	14	4
+	+	15	4
+	+	16	4
+	+	17	4
--- a/flake.nix
+++ b/flake.nix
@@ -10,6 +10,11 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

+    noctalia = {
+      url = "github:noctalia-dev/noctalia-shell";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    nix-colors.url = "github:misterio77/nix-colors";
    stylix = {
      url = "github:nix-community/stylix/release-25.11";
@@ -29,6 +34,12 @@
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";

    blog-generator.url = "github:adrlau/blog-generator";
+
+    niri = {
+      url = "github:sodiboo/niri-flake";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
  };

  outputs =
@@ -43,6 +54,8 @@
      lanzaboote,
      nixos-hardware,
      blog-generator,
+      niri,
+      noctalia,
      ...
    }@inputs:
    let
@@ -58,17 +71,20 @@

          home-manager.nixosModules.home-manager
          {
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
+
            home-manager.users.gunalx = import ./home/gunalx.nix;
            home-manager.backupFileExtension = "bac";
            home-manager.extraSpecialArgs = { inherit nix-colors inputs; };
            home-manager.sharedModules = [
              inputs.sops-nix.homeManagerModules.sops
              inputs.stylix.homeModules.stylix
+              inputs.niri.homeModules.niri
+              inputs.noctalia.homeModules.default
            ];
          }

+          { nixpkgs.overlays = [ niri.overlays.niri ]; }
+
          ./modules/unstable.nix

          sops-nix.nixosModules.sops
@@ -92,17 +108,20 @@

          home-manager.nixosModules.home-manager
          {
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
+
            home-manager.users.gunalx = import ./home/gunalx.nix;
            home-manager.backupFileExtension = "bac";
            home-manager.extraSpecialArgs = { inherit nix-colors inputs; };
            home-manager.sharedModules = [
              inputs.sops-nix.homeManagerModules.sops
              inputs.stylix.homeModules.stylix
+              inputs.niri.homeModules.niri
+              inputs.noctalia.homeModules.default
            ];
          }

+          { nixpkgs.overlays = [ niri.overlays.niri ]; }
+
          ./modules/unstable.nix

          sops-nix.nixosModules.sops
@@ -133,8 +152,10 @@
        inherit system;
        specialArgs = { inherit inputs system; };
        modules = [
+          ./modules/unstable.nix
          ./hosts/elros/configuration.nix
          sops-nix.nixosModules.sops
+          lanzaboote.nixosModules.lanzaboote
        ];
      };

--- a/home/aider.nix
+++ b/home/aider.nix
@@ -7,12 +7,12 @@
 }:
 {
  home.packages = with pkgs; [
-    aider-chat-full
+    #aider-chat-full
  ];

  programs.aider-chat = {
    enable = true;
-    package = pkgs.unstable.aider-chat-full;
+    package = pkgs.unstable.aider-chat-with-playwright;
    settings = {
      architect = true;
      auto-accept-architect = false;
@@ -24,12 +24,12 @@
      show-model-warnings = false;
      verify-ssl = false;

-      watch-files=true;
-      analytics-disable=true;
-      check-update=false;
-      multiline=true;
-      notifications=true;
-      show-diffs=true;
+      watch-files = true;
+      analytics-disable = true;
+      check-update = false;
+      multiline = true;
+      notifications = true;
+      show-diffs = true;
    };
  };

--- a/home/bash.nix
+++ b/home/bash.nix
@@ -13,6 +13,7 @@
    "ai/cerebras" = { };
    "ai/groq" = { };
    "ai/mistral" = { };
+    "ai/zai" = { };
  };
  programs.bash = {
    enable = true;
@@ -48,6 +49,8 @@
      export CEREBRAS_API_KEY="$(cat ${config.sops.secrets."ai/cerebras".path})"
      export GROQ_API_KEY="$(cat ${config.sops.secrets."ai/groq".path})"
      export MISTRAL_API_KEY="$(cat ${config.sops.secrets."ai/mistral".path})"
+      export ZAI_API_KEY="$(cat ${config.sops.secrets."ai/zai".path})"
+      export ZAI_API_BASE="https://api.z.ai/api/coding/paas/v4"


      #PS1 section
--- a/home/fonts.nix
+++ b/home/fonts.nix
@@ -25,6 +25,7 @@

    nerd-fonts.noto
    nerd-fonts.hack
+    nerd-fonts.fira-code

    zpix-pixel-font
    font-awesome_4
--- a/home/gunalx.nix
+++ b/home/gunalx.nix
@@ -6,11 +6,14 @@
 }:
 {
  imports = [
+    ./unstable.nix
+    ./nixpkgs.nix
+
    ./sshconfig.nix
    ./atuin.nix
    ./git.nix
    ./bash.nix
-    ./xdg.nix
+    #./xdg.nix

    # theming
    ./colors.nix
@@ -24,18 +27,18 @@
    ./waybar.nix
    ./wlogout.nix
    ./niri.nix
+    ./noctalia.nix
    ./wallpapers.nix
    ./swww.nix
    ./fonts.nix

    #applications
-    ./mako.nix
+    #./mako.nix # superseeded by noctalia
    ./foot.nix
    ./zed.nix
    ./aider.nix
    ./opencode.nix
    ./neovim.nix
-    ./fcitx5.nix

    ./python.nix

--- a/home/mako.nix
+++ b/home/mako.nix
@@ -46,5 +46,12 @@ in
      border-color = "#${palette.base08}FF";
    };

+    settings."mode=silent" = {
+      invisible = 1;
+      actions = false;
+      icons = false;
+      default-timeout = 0;
+    };
+
  };
 }
--- a/home/neovim.nix
+++ b/home/neovim.nix
@@ -21,6 +21,8 @@
    ];

    plugins = with pkgs.vimPlugins; [
+      vim-indent-guides
+
      # --- UI / File Explorer (Replaces Chadtree) ---
      nvim-tree-lua
      nvim-web-devicons
--- a/home/niri.nix
+++ b/home/niri.nix
--- a/home/nixpkgs.nix
+++ b/home/nixpkgs.nix
@@ -0,0 +1,17 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+{
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+      permittedInsecurePackages = [
+        # example "python3.11-youtube-dl-2021.12.17"
+      ];
+    };
+  };
+}
--- a/home/noctalia.nix
+++ b/home/noctalia.nix
@@ -0,0 +1,227 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+{
+  programs.noctalia-shell = {
+    enable = true;
+    systemd.enable = true;
+
+    settings = {
+      bar = {
+        position = "top";
+        density = "default";
+        floating = false;
+        exclusive = true;
+        widgets = {
+          left = [
+            { id = "Launcher"; }
+            {
+              id = "CustomButton";
+              icon = "keyboard";
+              tooltip = "Open Keyboard";
+              leftClickExec = "pkill wvkbd-mobintl || wvkbd-mobintl";
+            }
+            { id = "SystemMonitor"; }
+            { id = "MediaMini"; }
+            { id = "Pomodoro"; }
+            { id = "Workspace"; }
+          ];
+          center = [
+            { id = "ActiveWindow"; }
+          ];
+          right = [
+            { id = "Tray"; }
+            { id = "Clock"; }
+            { id = "NotificationHistory"; }
+            { id = "Battery"; }
+            { id = "Brightness"; }
+            { id = "Volume"; }
+            { id = "Bluetooth"; }
+            { id = "Network"; }
+            { id = "ControlCenter"; }
+            #{ id = "SessionMenu"; }
+          ];
+        };
+      };
+
+      general = {
+        radiusRatio = 0.2;
+        #animationSpeed = 2;
+        animationDisabled = true; # annoying
+      };
+
+      colorSchemes = {
+        useWallpaperColors = false;
+        darkMode = true;
+      };
+      templates = {
+        activeTemplates = [ ];
+        enableUserTheming = false;
+      };
+
+      wallpaper = {
+        enabled = true;
+        directory = "~/Pictures/wallpapers";
+        automationEnabled = true;
+        wallpaperChangeMode = "random";
+        randomIntervalSec = 270000;
+        fillMode = "crop";
+      };
+
+      appLauncher = {
+        position = "center";
+        sortByMostUsed = true;
+        viewMode = "list";
+        showCategories = true;
+
+        enableClipboardHistory = false;
+        pinnedApps = [ ];
+        useApp2Unit = false;
+        terminalCommand = "footclient ";
+        customLaunchPrefixEnabled = false;
+        customLaunchPrefix = "";
+        iconMode = "tabler";
+        showIconBackground = false;
+        enableSettingsSearch = true;
+        ignoreMouseInput = false;
+        screenshotAnnotationTool = "";
+      };
+
+      notifications = {
+        enabled = true;
+        location = "top_right";
+        #backgroundOpacity = 0.8;
+        lowUrgencyDuration = 1;
+        normalUrgencyDuration = 2;
+        criticalUrgencyDuration = 3;
+      };
+
+      osd = {
+        enabled = true;
+        location = "top_right";
+        autoHideMs = 500;
+        overlayLayer = true;
+        backgroundOpacity = lib.mkForce 0.5;
+      };
+
+      location = {
+        name = "Trondheim";
+        showWeekNumberInCalendar = true;
+        firstDayOfWeek = -1;
+      };
+    };
+
+    plugins = {
+      sources = [
+        {
+          enabled = true;
+          name = "Official Noctalia Plugins";
+          url = "https://github.com/noctalia-dev/noctalia-plugins";
+        }
+      ];
+      states = {
+        notes-scratchpad = {
+          enabled = true;
+          sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
+        };
+        todo = {
+          enabled = true;
+          sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
+        };
+        assistant-panel = {
+          enabled = true;
+          sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
+        };
+        pomodoro = {
+          enabled = true;
+          sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
+        };
+        tailscale = {
+          enabled = true;
+          sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
+        };
+        noctalia-supergfxctl = {
+          enabled = true;
+          sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
+        };
+        weekly-calendar = {
+          enabled = true;
+          sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
+        };
+        kaomoji-provider = {
+          enabled = true;
+          sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
+        };
+        rss-feed = {
+          enabled = true;
+          sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
+        };
+        keybind-cheatsheet = {
+          enabled = true;
+          sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
+        };
+      };
+      version = 1;
+    };
+
+    pluginSettings = {
+      notes-scratchpad = {
+        panelWidth = 1200;
+        panelHeigth = 1600;
+        fontSize = 16;
+        filePath = "${config.xdg.userDirs.documents}/notes-scratchpad.txt";
+      };
+
+      assistant-panel = {
+        ai = {
+          provider = "openai_compatible";
+          models = {
+            "openai_compatible" = "gpt-oss:20b";
+          };
+          #apiKeys = {};
+          temperature = 0.7;
+          systemPrompt = "You are a helpful assistant answering short questions. Be brief, think critically and come with constructual critics for how to improve.";
+          openaiLocal = true;
+          openaiBaseUrl = "http://galadriel:11434/v1/chat/completions";
+        };
+        translator = {
+          backend = "google";
+          realTimeTranslation = true;
+          deeplApiKey = "";
+        };
+        maxHistoryLength = 10;
+        panelDetached = true;
+        panelPosition = "center";
+        panelHeightRatio = 0.70;
+        panelWidth = 640;
+        attachmentStyle = "connected";
+        scale = 1;
+      };
+      rss-feed = {
+        feeds = [
+          {
+            name = "Hacker News";
+            url = "https://news.ycombinator.com/rss";
+          }
+        ];
+        updateInterval = 3600;
+        maxItemsPerFeed = 10;
+        showOnlyUnread = true;
+        markAsReadOnClick = true;
+      };
+    };
+  };
+
+  # Noctalia is started via a systemd user service, so it won't see variables
+  # set only in niri's `settings.environment`. Put theme-related env here.
+  systemd.user.services.noctalia-shell.Service.Environment = [
+    "QT_QPA_PLATFORM=wayland;xcb"
+    "QT_QPA_PLATFORMTHEME=qt6ct"
+    "QT_AUTO_SCREEN_SCALE_FACTOR=1"
+    # Ensures Quickshell resolves app icons from a known icon theme.
+    "QS_ICON_THEME=Papirus-Dark"
+  ];
+}
--- a/home/opencode.nix
+++ b/home/opencode.nix
@@ -6,136 +6,132 @@
  ...
 }:
 {
-  home.packages = with pkgs; [
-    opencode
-  ];
-
  programs.opencode = {
+    package = pkgs.unstable.opencode;
    enable = true;
    enableMcpIntegration = true;

-  
    settings = {
-      model = "anthropic/claude-sonnet-4-20250514";
-      small_model = "anthropic/claude-haiku-4-5";
+      #model = "github-copilot/gpt-5.2";
+      model = "zai-coding-plan/glm-5";
+      small_model = "zai-coding-plan/glm-4.7";
      autoshare = false;
      autoupdate = false;
    };

    agents = {
-        code-reviewer = ''
-          # Code Reviewer Agent
-      
-          You are a senior software engineer specializing in code reviews.
-          Focus on code quality, security, and maintainability.
-      
-          ## Guidelines
-          - Review for potential bugs and edge cases
-          - Check for security vulnerabilities
-          - Ensure code follows best practices
-          - Suggest improvements for readability and performance
-        '';
+      code-reviewer = ''
+        # Code Reviewer Agent

-        debugger = ''
-          # Debugger Agent
-          
-          You are a software engineer specializing in debugging and troubleshooting.
-          Focus on identifying issues, providing insights into existing bugs, and suggesting improvements to the debugging process.
-          
-          ## Guidelines
-          - Look for unhandled exceptions, crashes, or error states.
-          - Identify and remove redundant or unnecessary debug/print statements.
-          - Check for proper logging practices: ensure log levels (info, debug, error) are used correctly.
-          - Examine error messages for clarity and context—ensure they aid in troubleshooting.
-          - Look for missing or incorrect error handling and suggest improvements.
-          - Trace the flow of execution to catch logical or state-related bugs.
-          - Ensure relevant variable states are being monitored during runtime to spot anomalies.
-          - Suggest improvements to breakpoints, watchpoints, or other debugging tools for better visibility.
-          - Look for performance bottlenecks that could be causing issues and suggest optimizations.
-          - Check for edge cases and race conditions that might not be covered by current debugging.
-          - Ensure debugging steps or tools don’t affect production environments (i.e., avoid verbose logging in production).
-          - Document findings and proposed fixes clearly for future reference.
-        '';
+        You are a senior software engineer specializing in code reviews.
+        Focus on code quality, security, and maintainability.

-        simplifier = ''
-          # Simplifier Agent
-          
-          You are a software engineer specializing in simplifying and refactoring complex code.
-          Focus on making the code more readable, maintainable, and easier to understand without altering its functionality.
-          
-          ## Guidelines
-          - Break down long or complex functions into smaller, well-named helper functions or methods.
-          - Identify and remove any redundant or duplicate logic, consolidating wherever possible.
-          - Use more descriptive variable and function names to improve clarity.
-          - Simplify nested loops or conditionals (e.g., consider early returns to reduce indentation).
-          - Replace complex data structures or algorithms with simpler, more efficient alternatives if appropriate.
-          - Refactor complex conditional logic (e.g., using polymorphism, strategy pattern, or lookup tables where applicable).
-          - Replace hardcoded values with constants or configuration variables to improve flexibility.
-          - Group related logic together to improve cohesion within classes or functions.
-          - Ensure the code follows the DRY (Don't Repeat Yourself) principle and refactor to remove duplication.
-          - Simplify error handling by centralizing common error paths or using more consistent exception handling.
-          - Remove unnecessary comments or redundant code that doesn’t add value to readability.
-          - Check for opportunities to use built-in language features or libraries to reduce custom code (e.g., use `map()` instead of for-loops in Python).
-          - Ensure code is modular and maintainable, facilitating easier testing and future updates.
-          - Use early exits or guard clauses to minimize nested logic and make the code more straightforward.
-          
-        '';
+        ## Guidelines
+        - Review for potential bugs and edge cases
+        - Check for security vulnerabilities
+        - Ensure code follows best practices
+        - Suggest improvements for readability and performance
+      '';
+
+      debugger = ''
+        # Debugger Agent
+
+        You are a software engineer specializing in debugging and troubleshooting.
+        Focus on identifying issues, providing insights into existing bugs, and suggesting improvements to the debugging process.
+
+        ## Guidelines
+        - Look for unhandled exceptions, crashes, or error states.
+        - Identify and remove redundant or unnecessary debug/print statements.
+        - Check for proper logging practices: ensure log levels (info, debug, error) are used correctly.
+        - Examine error messages for clarity and context—ensure they aid in troubleshooting.
+        - Look for missing or incorrect error handling and suggest improvements.
+        - Trace the flow of execution to catch logical or state-related bugs.
+        - Ensure relevant variable states are being monitored during runtime to spot anomalies.
+        - Suggest improvements to breakpoints, watchpoints, or other debugging tools for better visibility.
+        - Look for performance bottlenecks that could be causing issues and suggest optimizations.
+        - Check for edge cases and race conditions that might not be covered by current debugging.
+        - Ensure debugging steps or tools don’t affect production environments (i.e., avoid verbose logging in production).
+        - Document findings and proposed fixes clearly for future reference.
+      '';
+
+      simplifier = ''
+        # Simplifier Agent
+
+        You are a software engineer specializing in simplifying and refactoring complex code.
+        Focus on making the code more readable, maintainable, and easier to understand without altering its functionality.
+
+        ## Guidelines
+        - Break down long or complex functions into smaller, well-named helper functions or methods.
+        - Identify and remove any redundant or duplicate logic, consolidating wherever possible.
+        - Use more descriptive variable and function names to improve clarity.
+        - Simplify nested loops or conditionals (e.g., consider early returns to reduce indentation).
+        - Replace complex data structures or algorithms with simpler, more efficient alternatives if appropriate.
+        - Refactor complex conditional logic (e.g., using polymorphism, strategy pattern, or lookup tables where applicable).
+        - Replace hardcoded values with constants or configuration variables to improve flexibility.
+        - Group related logic together to improve cohesion within classes or functions.
+        - Ensure the code follows the DRY (Don't Repeat Yourself) principle and refactor to remove duplication.
+        - Simplify error handling by centralizing common error paths or using more consistent exception handling.
+        - Remove unnecessary comments or redundant code that doesn’t add value to readability.
+        - Check for opportunities to use built-in language features or libraries to reduce custom code (e.g., use `map()` instead of for-loops in Python).
+        - Ensure code is modular and maintainable, facilitating easier testing and future updates.
+        - Use early exits or guard clauses to minimize nested logic and make the code more straightforward.
+
+      '';

    };
    commands = {
-        commit = ''
-          # Commit Command
+      commit = ''
+        # Commit Command

-          Create a git commit with proper message formatting following conventional commits.
-          Usage: /commit [message]
-        '';
+        Create a git commit with proper message formatting following conventional commits.
+        Usage: /commit [message]
+      '';
    };

    rules = ''
-### **General Project Guidelines**
-#### **Separation of Concerns**
+      ### **General Project Guidelines**
+      #### **Separation of Concerns**

-* Keep your code **loosely coupled** components/modules should only know about what they need.
-* Maintain clear **separation between domain logic and business logic** ensure your domain layer is independent of infrastructure or framework specific details.
-* Ensure **separation of data concerns** never mix UI data, business data, and domain entities in a single layer.
+      * Keep your code **loosely coupled** components/modules should only know about what they need.
+      * Maintain clear **separation between domain logic and business logic** ensure your domain layer is independent of infrastructure or framework specific details.
+      * Ensure **separation of data concerns** never mix UI data, business data, and domain entities in a single layer.

-#### **Typing and Type Safety**
+      #### **Typing and Type Safety**

-* **Always define types** explicitly for variables, parameters, and return values.
-* Avoid using `any` if you're unsure about a type, lean on **unknown** or **generics** until you can define it properly.
-* **Interfaces and Types** should be descriptive and reusable prefer interfaces for object shapes, and types for unions/intersections or specific business rules.
-* Avoid overcomplicating types focus on clarity and consistency.
+      * **Always define types** explicitly for variables, parameters, and return values.
+      * Avoid using `any` if you're unsure about a type, lean on **unknown** or **generics** until you can define it properly.
+      * **Interfaces and Types** should be descriptive and reusable prefer interfaces for object shapes, and types for unions/intersections or specific business rules.
+      * Avoid overcomplicating types focus on clarity and consistency.

-#### **Code Simplicity**
+      #### **Code Simplicity**

-* Write **simple, understandable code** don't over engineer solutions unless absolutely necessary.
-* Keep methods and functions **small and focused** follow the Single Responsibility Principle.
-* **Comment only when necessary** to explain complex or non obvious patterns **no comments for simple or self explanatory code**.
+      * Write **simple, understandable code** don't over engineer solutions unless absolutely necessary.
+      * Keep methods and functions **small and focused** follow the Single Responsibility Principle.
+      * **Comment only when necessary** to explain complex or non obvious patterns **no comments for simple or self explanatory code**.

-#### **Production-Ready Code**
+      #### **Production-Ready Code**

-* Always write **production-grade code** optimize for maintainability, readability, and scalability.
-* Ensure **robust error handling** catch edge cases, validate inputs, and handle exceptions gracefully.
+      * Always write **production-grade code** optimize for maintainability, readability, and scalability.
+      * Ensure **robust error handling** catch edge cases, validate inputs, and handle exceptions gracefully.

-#### **Framework and Library Usage**
+      #### **Framework and Library Usage**

-* Use frameworks and libraries **where they make sense**, but avoid unnecessary dependencies, we usually want to keep dependencies down.
-* Follow **framework best practices** for structure, state management, and lifecycle methods
-* Keep **UI and business logic separate** don't directly tie your UI components to business logic; use hooks or services to handle interactions.
+      * Use frameworks and libraries **where they make sense**, but avoid unnecessary dependencies, we usually want to keep dependencies down.
+      * Follow **framework best practices** for structure, state management, and lifecycle methods
+      * Keep **UI and business logic separate** don't directly tie your UI components to business logic; use hooks or services to handle interactions.

-#### **Documentation**
+      #### **Documentation**

-* **Document key architecture decisions** especially if they are complex or non intuitive.
-* Only document the **why** and **how** when it's not obvious avoid redundant or trivial comments.
-* Keep your documentation to the developmentlog.md  Make a new section, dont write to long, just briefely what needs to be documented.
+      * **Document key architecture decisions** especially if they are complex or non intuitive.
+      * Only document the **why** and **how** when it's not obvious avoid redundant or trivial comments.
+      * Keep your documentation to the developmentlog.md  Make a new section, dont write to long, just briefely what needs to be documented.

-#### **Performance Considerations**
+      #### **Performance Considerations**

-* Optimize for **readability first**, then **performance** measure performance bottlenecks before optimizing.
-* When optimizing, our first priority is finding arcitectural problems, then finding out ways to parralelize.
+      * Optimize for **readability first**, then **performance** measure performance bottlenecks before optimizing.
+      * When optimizing, our first priority is finding arcitectural problems, then finding out ways to parralelize.
    '';

  };

-
 }
--- a/home/python.nix
+++ b/home/python.nix
@@ -1,27 +1,47 @@
 { pkgs, ... }:
 {
  home.packages = [
-    (pkgs.python312.withPackages (ppkgs: [
-      ppkgs.uv
-      ppkgs.pip
-      ppkgs.numpy
-      ppkgs.sympy
-      ppkgs.scipy
-      ppkgs.matplotlib
-      ppkgs.requests
-      ppkgs.pandas
-      ppkgs.scikit-learn
-      ppkgs.nltk
-      ppkgs.huggingface-hub
-      ppkgs.flask
-      ppkgs.gunicorn
-      ppkgs.torch
-      ppkgs.opencv-python
-      ppkgs.pillow
-      ppkgs.keras
-      ppkgs.tqdm
-      ppkgs.ipykernel
-    ]))
+    pkgs.poetry

+    (pkgs.python3.withPackages (
+      ppkgs: with ppkgs; [
+        pip
+        numpy
+        sympy
+        scipy
+        matplotlib
+        requests
+        pandas
+        scikit-learn
+        nltk
+        huggingface-hub
+        flask
+        gunicorn
+        torch
+        opencv-python
+        pillow
+        keras
+        tqdm
+        ipykernel
+        pyyaml
+        authlib
+        litellm
+        flake8
+        pycryptodome
+        seaborn
+        docling-core
+        openai
+        transformers
+        langchain
+        langchain-community
+        pydantic
+        pydantic-core
+        datasets
+        tokenizers
+        accelerate
+        peft
+        bitsandbytes
+      ]
+    ))
  ];
 }
--- a/home/stylix.nix
+++ b/home/stylix.nix
@@ -36,7 +36,7 @@
      base0F = config.colorScheme.palette.base0F;
    };
    opacity = {
-      desktop = 0.5;
+      desktop = 0.7;
      terminal = 0.7;
    };

@@ -46,14 +46,8 @@
        terminal = 24;
        desktop = 12;
      };
-      serif = {
-        package = pkgs.dejavu_fonts;
-        name = "DejaVu Serif";
-      };
-      sansSerif = {
-        package = pkgs.dejavu_fonts;
-        name = "DejaVu Sans";
-      };
+      serif = config.stylix.fonts.monospace;
+      sansSerif = config.stylix.fonts.monospace;
      monospace = {
        package = pkgs.notonoto-35;
        #name = "NOTONOTO-35-Bold";
--- a/home/unstable.nix
+++ b/home/unstable.nix
@@ -0,0 +1,17 @@
+{
+  config,
+  inputs,
+  ...
+}:
+
+let
+  unstableOverlay = final: prev: {
+    unstable = import inputs.unstable {
+      inherit (final.stdenv.hostPlatform) system;
+      config = config.nixpkgs.config;
+    };
+  };
+in
+{
+  nixpkgs.overlays = [ unstableOverlay ];
+}
--- a/home/xdg.nix
+++ b/home/xdg.nix
@@ -4,22 +4,39 @@
  config,
  ...
 }:
-{
-  home.packages = with pkgs; [
-    xdg-desktop-portal-gtk
-    xdg-desktop-portal
-    #xdg-desktop-portal-wlr
-    xdg-desktop-portal-gtk
-    xdg-desktop-portal-gnome
-    kdePackages.xdg-desktop-portal-kde
-    xdg-launch
-    xdg-ninja
-    xdg-utils
-  ];

+{
+  # Enable XDG base directories
  xdg.enable = true;

-  #  home.sessionVariables = {
-  #  };
+  # Install the necessary packages for XDG compliance and management
+  home.packages = with pkgs; [
+    xdg-utils
+    xdg-launch
+    xdg-ninja
+  ];

+  # Define session variables for XDG directories
+  home.sessionVariables = {
+    # Set other tools' paths to XDG directories (they should be relative to XDG_DATA_HOME or XDG_STATE_HOME)
+    GOPATH = "$XDG_DATA_HOME/go";
+    CARGO_HOME = "$XDG_DATA_HOME/cargo";
+    RUSTUP_HOME = "$XDG_DATA_HOME/rustup";
+    DOTNET_CLI_HOME = "$XDG_DATA_HOME/dotnet";
+    GNUPGHOME = "$XDG_DATA_HOME/gnupg";
+    ZDOTDIR = "$XDG_CONFIG_HOME/zsh"; # Optional, for Zsh configuration
+    HISTFILE = "$XDG_STATE_HOME/bash/history"; # Optional, for Bash history file location
+  };
+
+  # Enable XDG user directories (like Documents, Downloads, etc.)
+  xdg.userDirs.enable = true;
+  xdg.userDirs.createDirectories = true;
+
+  # Enable autostart functionality with read-only mode (prevents arbitrary service additions)
+  xdg.autostart.enable = true;
+  xdg.autostart.readOnly = true;
+
+  # Handle XDG MIME type associations (useful for apps)
+  xdg.mime.enable = true;
+  xdg.mimeApps.enable = true;
 }
--- a/home/zed.nix
+++ b/home/zed.nix
@@ -1,7 +1,6 @@
 {
  pkgs,
  lib,
-  unstable,
  config,
  ...
 }:
@@ -16,6 +15,7 @@

  programs.zed-editor = {
    enable = true;
+    #package = pkgs.zed-editor-fhs;
    package = pkgs.unstable.zed-editor-fhs;
    extraPackages = with pkgs; [
      nodejs
@@ -60,6 +60,19 @@
        dark = "Tokyo Night";
        light = "Tokyo Night Storm";
      };
+
+      features = {
+        edit_prediction_provider = "copilot";
+      };
+      agent = {
+        default_profile = "write";
+        default_model = {
+          provider = "copilot_chat";
+          model = "claude-opus-4.5";
+        };
+        model_parameters = [ ];
+      };
+
      hour_format = "hour24";
      node = {
        path = lib.getExe pkgs.nodejs;
--- a/hosts/aragon/configuration.nix
+++ b/hosts/aragon/configuration.nix
@@ -61,6 +61,8 @@
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
  # Setup keyfile
  boot.initrd.secrets = {
    "/crypto_keyfile.bin" = null;
--- a/hosts/elros/configuration.nix
+++ b/hosts/elros/configuration.nix
@@ -24,8 +24,13 @@
    ../../modules/tailscale.nix
    ../../modules/basePackages.nix

+    ../../modules/acme.nix
+    ../../modules/pangolin.nix
+
  ];

+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; # support rpi building
+
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
--- a/hosts/elros/routes.nix
+++ b/hosts/elros/routes.nix
@@ -0,0 +1,88 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
+  services.caddy.virtualHosts = {
+    "managment.lauterer.it" = {
+      extraConfig = ''
+        reverse_proxy http://100.104.182.48
+        basicauth {
+          import ${config.sops.secrets."nginx/defaultpass".path}
+        }
+      '';
+    };
+
+    "funn-nas.lauterer.it" = {
+      extraConfig = ''
+        reverse_proxy https://100.104.182.48:30044 {
+          transport http {
+            tls_insecure_skip_verify
+          }
+        }
+        basicauth {
+          import ${config.sops.secrets."nginx/defaultpass".path}
+        }
+      '';
+    };
+
+    "film.lauterer.it" = {
+      extraConfig = ''
+        reverse_proxy http://100.104.182.48:8096
+      '';
+    };
+
+    "home.lauterer.it" = {
+      extraConfig = ''
+        reverse_proxy http://10.0.0.32:8123
+      '';
+    };
+
+    "jellyfin.lauterer.it" = {
+      extraConfig = ''
+        reverse_proxy http://100.84.215.84:8096
+      '';
+    };
+
+    "podgrab.lauterer.it" = {
+      extraConfig = ''
+        reverse_proxy http://100.84.215.84:4242
+        basicauth {
+          import ${config.sops.secrets."nginx/defaultpass".path}
+        }
+      '';
+    };
+
+    "jupyter.lauterer.it" = {
+      extraConfig = ''
+        reverse_proxy http://100.84.215.84:8771
+      '';
+    };
+
+    "rss.lauterer.it" = {
+      extraConfig = ''
+        reverse_proxy http://100.84.215.84:8089
+      '';
+    };
+
+    "ai.lauterer.it" = {
+      extraConfig = ''
+        reverse_proxy http://100.84.215.84:11111
+      '';
+    };
+
+    "chat.lauterer.it" = {
+      extraConfig = ''
+        reverse_proxy http://100.84.215.84:11111
+      '';
+    };
+
+    "archive.lauterer.it" = {
+      extraConfig = ''
+        reverse_proxy http://100.84.215.84:8082
+      '';
+    };
+  };
+}
--- a/hosts/galadriel/configuration.nix
+++ b/hosts/galadriel/configuration.nix
@@ -13,7 +13,7 @@
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
-    ./nvidia.nix
+    #./nvidia.nix #we have intel gpu now
    ../../modules/boot.nix
    ../../modules/zram.nix
    ../../modules/zfs.nix
@@ -30,19 +30,27 @@
    ../../modules/develPackages.nix

    ../../modules/vaultvarden.nix
+    ../../modules/authelia.nix
    ../../modules/jellyfin.nix
    ../../modules/jupyterhub.nix
    ../../modules/qbittorrent.nix
    ../../modules/mealie.nix
    ../../modules/miniflux.nix
-    ../../modules/ollama.nix
-    ../../modules/openwebui.nix
+    #../../modules/ollama.nix     # replaced by llama-cpp + llama-swap
+    #../../modules/openwebui.nix  # using llama-cpp built-in UI instead
+    ../../modules/llama-swap.nix
+    ../../modules/librechat.nix
    ../../modules/immich.nix

  ];

-  #Load zfs pool
-  boot.zfs.extraPools = [ "Main" ];
+  networking.hostId = "1ccccd3a";
+
+  ## Load zfs pool
+  boot.zfs.extraPools = [
+    "lorien"
+  ];
+  boot.zfs.requestEncryptionCredentials = true;

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
--- a/hosts/galadriel/hardware-configuration.nix
+++ b/hosts/galadriel/hardware-configuration.nix
@@ -22,9 +22,45 @@
    "usbhid"
    "sd_mod"
  ];
+  boot.kernelPackages = pkgs.linuxPackages_6_18;
+  boot.zfs.package = pkgs.zfs_2_4;
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
+  boot.kernelParams = [ 
+    "xe.force_probe=e212"
+    "xe.vram_force_mmapable=1"
+    "transparent_hugepage=always"
+  ];
+
+  services.udev.extraRules = ''
+    ACTION=="add", SUBSYSTEM=="drm", KERNEL=="card*", ATTR{device/tile0/gt0/engines/ccs0/job_timeout_ms}="100000"
+    ACTION=="add", SUBSYSTEM=="drm", KERNEL=="card*", ATTR{device/tile0/gt0/engines/rcs0/job_timeout_ms}="100000"
+  '';
+
+
+  hardware.enableRedistributableFirmware = true;
+  hardware.firmware = [ pkgs.linux-firmware ];
+
+  environment.systemPackages = with pkgs; [
+    mkl
+  ];
+
+  hardware.graphics = {
+    enable = true;
+    extraPackages = with pkgs; [
+      vpl-gpu-rt
+
+      #hardware decode and opencl 
+      intel-media-driver # LIBVA_DRIVER_NAME=iHD (for HD Graphics starting Broadwell (2014) and newer)
+      intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
+      libvdpau-va-gl
+      intel-compute-runtime
+      vulkan-loader
+      vulkan-validation-layers
+
+    ];
+  };

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/7789ad41-d578-40bc-bf86-b761e0a4921e";
--- a/hosts/galadriel/nvidia.nix
+++ b/hosts/galadriel/nvidia.nix
@@ -1,49 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
-  # Enable OpenGL
-  hardware.graphics = {
-    enable = true;
-    enable32Bit = true;
-  };
-
-  
-  # Load nvidia driver for Xorg and Wayland
-  services.xserver.videoDrivers = ["nvidia"];
-
-  boot = {
-    blacklistedKernelModules = [ "nouveau" ];
-    extraModulePackages = [ config.boot.kernelPackages.nvidia_x11 ];
-    initrd.kernelModules = [ "nvidia" ];
-  };
-
-  hardware.nvidia = {
-    modesetting.enable = true;
-      # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
-      #powerManagement.enable = true;
-      # Fine-grained power management. Turns off GPU when not in use. Experimental and only works on modern Nvidia GPUs (Turing or newer).
-      powerManagement.finegrained = false;
-
-      # Use the NVidia open source kernel module (not to be confused with the independent third-party "nouveau" open source driver).
-      # Currently alpha-quality/buggy, so false is currently the recommended setting.
-      open = false; #need proprietary for cuda.
-
-      # Enable the Nvidia settings menu, accessible via `nvidia-settings`.
-      #nvidiaSettings = true;
-
-      # Optionally, you may need to select the appropriate driver version for your specific GPU.
-      package = config.boot.kernelPackages.nvidiaPackages.stable;
-    };
-
-    # Enable the CUDA toolkit
-    #install packages 
-     environment.systemPackages = with pkgs; [
-      cudaPackages.cudatoolkit
-      cudaPackages.cudnn
-      nvtopPackages.nvidia
-      cudaPackages.nccl
-      pkgs.cudaPackages.libcublas
-    ];
-
-
-}
-
--- a/hosts/legolas/configuration.nix
+++ b/hosts/legolas/configuration.nix
@@ -34,9 +34,10 @@
    ../../modules/jupyterhub.nix
    ../../modules/blog.nix
    ../../modules/ollama.nix
-    ../../modules/docling.nix # temp for dev
+    #../../modules/docling.nix # temp for dev ... Waiting for non broken docling-serve
    ../../modules/kdeconnect.nix
    ../../modules/desktopApplications.nix
+    ../../modules/fcitx5.nix

  ];

@@ -49,6 +50,7 @@
  #testing terminal from printer cable.
  services.printing.enable = true;
  boot.kernelModules = [ "usblp" ];
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

  # Enable the X11 windowing system.
  services.xserver.enable = true;
--- a/logs/.3b25ae2de0fbeb00e6dda3e0073fa9cb0e57638a-audit.json
+++ b/logs/.3b25ae2de0fbeb00e6dda3e0073fa9cb0e57638a-audit.json
@@ -0,0 +1,15 @@
+{
+    "keep": {
+        "days": true,
+        "amount": 14
+    },
+    "auditLog": "/root/nix-dotfiles-v2/logs/.3b25ae2de0fbeb00e6dda3e0073fa9cb0e57638a-audit.json",
+    "files": [
+        {
+            "date": 1770986611784,
+            "name": "/root/nix-dotfiles-v2/logs/meiliSync-2026-02-13.log",
+            "hash": "7de8e8f093ec0024291182935955d48e6faa12c30d1281c4c40975ae0cedab3b"
+        }
+    ],
+    "hashType": "sha256"
+}
--- a/logs/.b5209f00e6380d23f0ed6df28f46a1a7ee75e7db-audit.json
+++ b/logs/.b5209f00e6380d23f0ed6df28f46a1a7ee75e7db-audit.json
@@ -0,0 +1,15 @@
+{
+    "keep": {
+        "days": true,
+        "amount": 14
+    },
+    "auditLog": "/root/nix-dotfiles-v2/logs/.b5209f00e6380d23f0ed6df28f46a1a7ee75e7db-audit.json",
+    "files": [
+        {
+            "date": 1770986611781,
+            "name": "/root/nix-dotfiles-v2/logs/error-2026-02-13.log",
+            "hash": "2533ea2611b1422793883fd7f9d44dd1322e7376a04debcfbed53c3a3196b26e"
+        }
+    ],
+    "hashType": "sha256"
+}
--- a/modules/acme.nix
+++ b/modules/acme.nix
@@ -0,0 +1,43 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
+  sops.secrets."acme/certs" = { };
+  networking.enableIPv6 = false; # For some reason acme only works without ipv6, probably because of missing AAAA records.
+  networking.domain = "lauterer.it";
+  #acme and certs helpful blog https://carjorvaz.com/posts/
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "adrian+acme@lauterer.it";
+    certs."${config.networking.domain}" = {
+      domain = "${config.networking.domain}";
+      extraDomainNames = [
+        "*.${config.networking.domain}"
+        "lb0fj.eu"
+        "*.lb0fj.eu"
+        "256.no"
+        "*.256.no"
+        "*.addictedmaker.eu"
+        "addictedmaker.eu"
+      ];
+      ## for testing.
+      #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+      #enableDebugLogs = true;
+
+      #legos registrar specific stuff.
+      dnsResolver = "ns1.hyp.net:53";
+      dnsProvider = "domeneshop";
+      dnsPropagationCheck = true;
+
+      #need to manually create this file according to dnsprovider secrets, and format of key according to lego in privider and add to secrets.yaml
+      credentialsFile = config.sops.secrets."acme/certs".path;
+    };
+  };
+
+  #add proxyserver to acme group
+  #users.users.nginx.extraGroups = [ "acme" ];
+  users.users.root.extraGroups = [ "acme" ];
+}
--- a/modules/authelia.nix
+++ b/modules/authelia.nix
@@ -0,0 +1,63 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
+  sops.secrets."authelia/usersFile" = {
+    owner = "authelia-main";
+    group = "authelia-main";
+    mode = "0400";
+  };
+  sops.secrets."authelia/jwtSecretFile" = {
+    owner = "authelia-main";
+    group = "authelia-main";
+    mode = "0400";
+  };
+  sops.secrets."authelia/storageEncryptionKeyFile" = {
+    owner = "authelia-main";
+    group = "authelia-main";
+    mode = "0400";
+  };
+
+  services.authelia.instances.main = {
+    enable = true;
+    secrets.storageEncryptionKeyFile = config.sops.secrets."authelia/storageEncryptionKeyFile".path;
+    secrets.jwtSecretFile = config.sops.secrets."authelia/jwtSecretFile".path;
+
+    settings = {
+      theme = "dark";
+      default_2fa_method = "totp";
+      log.level = "warn";
+      server.disable_healthcheck = false;
+      server.address = "tcp://0.0.0.0:9091/";
+
+      authentication_backend = {
+        file = {
+          path = lib.mkDefault config.sops.secrets."authelia/usersFile".path;
+        };
+      };
+      session = {
+        cookies = [
+          {
+            domain = "lauterer.it";
+          }
+        ];
+      };
+      access_control = {
+        default_policy = "one_factor";
+      };
+      storage = {
+        local = {
+          path = lib.mkDefault "/var/lib/authelia/main/db.sqlite3";
+        };
+      };
+      notifier = {
+        filesystem = {
+          filename = lib.mkDefault "/var/lib/authelia/main/notification.txt";
+        };
+      };
+    };
+  };
+}
--- a/modules/basePackages.nix
+++ b/modules/basePackages.nix
@@ -10,7 +10,9 @@
    git
    wget
    htop
-    busybox
+    bottom
+    nvtopPackages.full
+    uutils-coreutils
    nixfmt-rfc-style
    nixfmt-tree

@@ -20,7 +22,10 @@
    ripgrep
    eza
    fastfetch
-    
+
+    rsync
+    screen
+
  ];

 }
--- a/modules/desktopApplications.nix
+++ b/modules/desktopApplications.nix
@@ -2,6 +2,7 @@
  config,
  pkgs,
  lib,
+  inputs,
  ...
 }:

@@ -33,6 +34,9 @@
    prusa-slicer
    freecad-wayland
    openscad-unstable
+    kicad
+    easyeda2kicad
+
    #kicad-unstable
    easyeffects
    musescore
@@ -72,6 +76,11 @@
    tealdeer
    clipboard-jh

+    ffmpeg
+    wl-clipboard
+    ydotool
+    wl-mirror
+
    noto-fonts-cjk-sans

  ];
--- a/modules/develPackages.nix
+++ b/modules/develPackages.nix
@@ -13,7 +13,6 @@
    curl
    wget

-
    openssl
    gdb
    libgcc
@@ -37,6 +36,10 @@
    valgrind
    fontconfig

+    imagemagickBig
+
+    plantuml
+
    rustup
    rustfmt
    treefmt
@@ -46,22 +49,36 @@
    node2nix

    jupyter
-    python3
-    python3Packages.uv
-    python3Packages.ipykernel

-    python3Packages.flask
-    python3Packages.flask-sqlalchemy
-    python3Packages.flask-socketio
-    python3Packages.werkzeug
-    python3Packages.pyyaml
-    python3Packages.authlib
-    python3Packages.litellm
-    python3Packages.requests
-    python3Packages.flake8
-    python3Packages.torch
-    python3Packages.litellm
-    python3Packages.pycryptodome
+    uv
+    poetry
+    thonny
+
+    (python3.withPackages (
+      ps: with ps; [
+        ipykernel
+        flask
+        flask-sqlalchemy
+        flask-socketio
+        werkzeug
+        pyyaml
+        authlib
+        litellm
+        requests
+        flake8
+        torch
+        pycryptodome
+        numpy
+        scipy
+        pandas
+        matplotlib
+        vispy
+        pyvista
+        pygame
+        seaborn
+        scikit-learn
+      ]
+    ))

    github-copilot-cli

--- a/modules/displaymanager.nix
+++ b/modules/displaymanager.nix
@@ -7,39 +7,30 @@

 {

+  environment.systemPackages = [
+    (pkgs.catppuccin-sddm.override {
+      flavor = "mocha";
+      accent = "teal";
+      fontSize = "24";
+      background = ../home/Wallpapers/1346679.jpg;
+      loginBackground = true;
+    })
+  ];

  services.displayManager = {
    enable = true;
    sessionPackages = with pkgs; [ niri ];
    defaultSession = "niri";
-    lemurs.enable = true;
+
+    sddm = {
+      enable = true;
+      autoNumlock = true;
+      enableHidpi = true;
+      wayland.enable = true;
+      theme = "catppuccin-mocha-teal";
+      package = pkgs.kdePackages.sddm;
+    };
+
  };

-
-  #environment.systemPackages = [
-  #  (pkgs.catppuccin-sddm.override {
-  #    flavor = "mocha";
-  #    accent = "teal";
-  #    fontSize = "24";
-  #    background = ../home/Wallpapers/1346679.jpg;
-  #    loginBackground = true;
-  #  })
-  #];
-
-  #services.displayManager = {
-  #  enable = true;
-  #  sessionPackages = with pkgs; [ niri ];
-  #  defaultSession = "niri";
-
-  #  sddm = {
-  #    enable = true;
-  #    autoNumlock = true;
-  #    enableHidpi = true;
-  #    wayland.enable = true;
-  #    theme = "catppuccin-mocha-teal";
-  #    package = pkgs.kdePackages.sddm;
-  #  };
-
-  #};
-
 }
--- a/modules/docling.nix
+++ b/modules/docling.nix
@@ -6,8 +6,8 @@
 }:
 {
  services.docling-serve = {
-    enable = false; #this is broken for now.
-    package = pkgs.python312Packages.docling-serve;
+    enable = true; 
+    package = pkgs.unstable.docling-serve;
    port = 5001;
    host = "127.0.0.1";
    openFirewall = true;
--- a/modules/fcitx5.nix
+++ b/modules/fcitx5.nix
@@ -1,27 +1,28 @@
-{ pkgs, lib, ... }:
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+{
+  # System-level fcitx5 configuration for Wayland
+  # This prevents GTK_IM_MODULE from being set, which is recommended for Wayland
  i18n.inputMethod = {
    enable = true;
    type = "fcitx5";
    fcitx5 = {
      waylandFrontend = true;
-      addons = with pkgs; [
-        fcitx5-rime
-        fcitx5-mozc
-        fcitx5-gtk
-        qt6Packages.fcitx5-configtool
-      ];
-
      settings = {
-        # Correct hotkey section:
        globalOptions.Hotkey = {
          TriggerKey = "Control+space";
        };
        inputMethod = {
+          GroupOrder."0" = "Default";
          "Groups/0" = {
            Name = "Default";
            "Default Layout" = "us";
-            "DefaultIM" = "keyboard-us";
+            DefaultIM = "mozc";
          };
          "Groups/0/Items/0" = {
            Name = "keyboard-us";
@@ -35,12 +36,21 @@
            Name = "keyboard-no";
            Layout = "no";
          };
-          "Groups" = {
-            GroupOrder = "Default";
-          };
        };
-
      };
+      addons = with pkgs; [
+        fcitx5-rime
+        fcitx5-mozc
+        fcitx5-gtk
+        qt6Packages.fcitx5-configtool
+      ];
    };
  };
+
+  # Ensure fcitx5 starts with the session
+  services.xserver.desktopManager.runXdgAutostartIfNone = true;
+
+#  environment.sessionVariables = {
+#    GTK_IM_MODULE = lib.mkForce "";
+#  };
 }
--- a/modules/immich.nix
+++ b/modules/immich.nix
@@ -12,7 +12,7 @@

    openFirewall = true;

-    mediaLocation = "/Main/Data/media/pictures";
+    mediaLocation = "/lorien/media/pictures";
    accelerationDevices = null;

    settings = {
--- a/modules/jupyterhub.nix
+++ b/modules/jupyterhub.nix
@@ -55,7 +55,6 @@ in
    description = "tdt4117 - delete after h25";
    extraGroups = [ ];
    # openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... " ];
-    extraGroups = [ ];  
  };

  services.jupyterhub = {
--- a/modules/librechat.nix
+++ b/modules/librechat.nix
@@ -0,0 +1,70 @@
+{ config, pkgs, ... }:
+
+let
+  librechatPort = 3080;
+  mongoUri = "mongodb://127.0.0.1:27017/LibreChat";
+in
+{
+
+
+  sops.secrets."librechat/environmentFile" = {};
+
+
+  # Enable MongoDB
+  services.mongodb = {
+    enable = true;
+    package = pkgs.mongodb-ce;
+    # Optional: enableAuth = true;
+    # initialRootPasswordFile = "/path/to/mongo-root-password-file";
+  };
+
+  # LibreChat systemd service
+  systemd.services.librechat = {
+    # Make enable flagged when built
+    enable = true;
+
+    description = "LibreChat server";
+    
+    # **Native systemd dependency declarations**
+    requires = [ "mongodb.service" ];
+    after    = [ "network.target" "mongodb.service" ];
+
+    serviceConfig = {
+      EnvironmentFile = config.sops.secrets."librechat/environmentFile".path;
+      Restart = "on-failure";
+      User = "librechat";
+      Group = "librechat";
+
+      # ExecStart binds to package binary
+      ExecStart = ''
+        ${pkgs.librechat}/bin/librechat-server \
+          --host 0.0.0.0 \
+          --port ${toString librechatPort} \
+ 	  --config /var/lib/librechat/config.yaml 
+      '';
+      WorkingDirectory = "/var/lib/librechat";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+
+  # Create user
+  users.users.librechat = {
+    isSystemUser = true;
+    description = "LibreChat service user";
+    home = "/var/lib/librechat";
+    createHome = true;
+  };
+
+  users.users.librechat.group = "librechat";
+  users.groups.librechat = {};
+
+  systemd.tmpfiles.rules = [
+    "d /var/lib/librechat 0755 librechat librechat -"
+  ];
+
+  networking.firewall.allowedTCPPorts = [
+    librechatPort
+    27017
+  ];
+}
+
--- a/modules/llama-cpp.nix
+++ b/modules/llama-cpp.nix
@@ -0,0 +1,33 @@
+{
+  config,
+  pkgs,
+  lib,
+  unstable,
+  ...
+}:
+
+let
+  hostname = config.networking.hostName;
+in
+
+{
+  environment.systemPackages = [ pkgs.unstable.ollama ];
+  services.llama-cpp = { 
+  	enable = true;
+  	host = "0.0.0.0";
+  	port = 11111;
+  	package = pkgs.unstable.llama-cpp-vulkan;
+  	openFirewall = true;
+  	model = "/var/lib/llama/models/Qwen3.5-35B-A3B-UD-Q2_K_XL.gguf" ;
+  	extraFlags = [
+		  "-c" "32000"
+		  "-ngl" "41" # techincally entire qwen3.5 
+                  "--image-min-tokens" "1024"
+		  "--image-max-tokens" "2048"
+                  #"--hf-repo" "unsloth/Qwen3.5-35B-A3B-GGUF:Q2_K_L"
+                  "--mmproj" "/var/lib/llama/models/mmproj-F16.gguf"
+                  "-ctk" "q4_0" "-ctv" "q4_0"  # quantisize kv cache.
+		  "--no-mmap"
+		];
+  }; 
+}
--- a/modules/llama-swap.nix
+++ b/modules/llama-swap.nix
@@ -0,0 +1,117 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
+  environment.systemPackages = [ pkgs.unstable.llama-cpp-vulkan ];
+
+  services.llama-swap = {
+    enable = true;
+    package = pkgs.unstable.llama-swap;
+    port = 11111;
+    openFirewall = true;
+
+    settings =
+      let
+        #llama-server = "${lib.getExe  pkgs.unstable.llama-cpp-vulkan "llama-server"}";
+        llama-server = lib.getExe' pkgs.unstable.llama-cpp-vulkan "llama-server";
+      in
+      {
+        healthCheckTimeout = 180;
+        startPort = 12000;
+        globalTTL = 600;
+        logLevel = "info";
+
+        macros = {
+          ctx = 32768;
+          ngl = 99;
+          kv_cache = "-ctk q4_0 -ctv q4_0";
+          hf_repo = "";
+        };
+
+        models = {
+          "qwen3.5-35b-a3b" = {
+            cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -ngl $\{ngl\} $\{kv_cache\} --hf-repo $\{hf_repo\} --no-mmap --image-max-tokens 2048 --image-min-tokens 512  --mmproj /var/cache/llama-swap/llama.cpp/unsloth_Qwen3.5-35B-A3B-GGUF_mmproj-F16.gguf";
+            aliases = [ "qwen3.5" ];
+            ttl = 1800;
+            macros = {
+              hf_repo = "unsloth/Qwen3.5-35B-A3B-GGUF:UD-Q2_K_XL";
+              ngl = 40;
+              ctx = 30000;
+            };
+          };
+          "qwen3.5-9b" = {
+            cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -ngl $\{ngl\} --hf-repo $\{hf_repo\} --no-mmap --image-max-tokens 2048 --image-min-tokens 512 --mmproj-url https://huggingface.co/unsloth/Qwen3.5-9B-GGUF/resolve/main/mmproj-F16.gguf";
+            ttl = 900;
+            macros.hf_repo = "unsloth/Qwen3.5-9B-GGUF:UD-Q4_K_XL";
+          };
+          "qwen3.5-2b" = {
+            cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -ngl $\{ngl\} --hf-repo $\{hf_repo\} --image-max-tokens 1024 --image-min-tokens 512";
+            ttl = 900;
+            macros.hf_repo = "unsloth/Qwen3.5-2B-GGUF:UD-Q8_K_XL";
+            macros.ctx = 64000;
+          };
+          "ministal-3-8b-reasonning" = {
+            cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -ngl $\{ngl\} --hf-repo $\{hf_repo\}";
+            aliases = [ "ministral3" ];
+            ttl = 900;
+            macros.hf_repo = "mistralai/Ministral-3-8B-Reasoning-2512-GGUF";
+          };
+          "ministal-3-3b" = {
+            cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -ngl $\{ngl\} --hf-repo $\{hf_repo\}";
+            aliases = [ "ministral3-mini" ];
+            ttl = 900;
+            macros.hf_repo = "mistralai/Ministral-3-3B-Instruct-2512-GGUF";
+          };
+          "minicpm-o-4_5" = {
+            cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -ngl $\{ngl\} --hf-repo $\{hf_repo\}";
+            aliases = [ "openbmb/MiniCPM-o-4_5-gguf" "minicpm" ];
+            ttl = 900;
+            macros.hf_repo = "openbmb/MiniCPM-o-4_5-gguf";
+          };
+        };
+
+        peers = {
+          openrouter = {
+            proxy = "https://openrouter.ai/api";
+            apiKey = "$\{env.OPENROUTER_API_KEY\}";
+            models = [
+              "minimax/minimax-m2.5"
+              "z-ai/glm-5"
+              "qwen/qwen3-coder-next"
+              "moonshotai/kimi-k2.5"
+            ];
+            filters = {
+              stripParams = "temperature, top_p";
+              setParams = {
+                provider = {
+                  data_collection = "deny";
+                  zdr = true;
+                };
+              };
+            };
+          };
+        };
+
+      };
+  };
+
+  # llama.cpp tries to create its cache under $HOME/.cache; when launched as a
+  # system service HOME may default to "/" ("//.cache/..."), which is often
+  # read-only. Give it a writable cache/state location.
+  systemd.services.llama-swap.serviceConfig = {
+    StateDirectory = "llama-swap";
+    CacheDirectory = "llama-swap";
+    Environment = [
+      "HOME=/var/lib/llama-swap"
+      "XDG_CACHE_HOME=/var/cache/llama-swap"
+      "MESA_SHADER_CACHE_DIR=/var/cache/llama-swap/mesa"
+      "MESA_SHADER_CACHE_MAX_SIZE=1G"
+      
+      "GGML_VULKAN_MAX_NODES=16"
+      "GGML_VK_RELAXED_SHAPES=0"
+    ];
+  };
+}
--- a/modules/nix.nix
+++ b/modules/nix.nix
@@ -6,14 +6,10 @@
 }:

 {
-  imports = [ ];
+  imports = [ ./nixpkgs.nix ]; # migrate this afterwards.

  system.rebuild.enableNg = true;

-  nixpkgs.config.allowUnfree = true;
-  nixpkgs.config.permittedInsecurePackages = [
-    # example "python3.11-youtube-dl-2021.12.17"
-  ];
  sops.secrets."github/api" = {
    mode = "0444";
    group = "root";
@@ -60,10 +56,13 @@
      }
      {
        hostName = "aragon";
-        system = "x86_64-linux";
+        #system = "x86_64-linux";
        # if the builder supports building for multiple architectures,
        # replace the previous line by, e.g.,
-        # systems = ["x86_64-linux" "aarch64-linux"];
+        systems = [
+          "x86_64-linux"
+          "aarch64-linux"
+        ];
        maxJobs = 6;
        speedFactor = 6001;
        supportedFeatures = [ ];
@@ -74,7 +73,8 @@
        system = "x86_64-linux";
        maxJobs = 4;
        speedFactor = 4001;
-        supportedFeatures = [ "cuda" ];
+        #supportedFeatures = [ "cuda" ];
+        supportedFeatures = [ ];
        mandatoryFeatures = [ ];
      }

--- a/modules/nixpkgs.nix
+++ b/modules/nixpkgs.nix
@@ -0,0 +1,19 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+      permittedInsecurePackages = [
+        # example "python3.11-youtube-dl-2021.12.17"
+      ];
+    };
+  };
+}
--- a/modules/nvidia.nix
+++ b/modules/nvidia.nix
@@ -0,0 +1,51 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  # Enable OpenGL
+  hardware.graphics = {
+    enable = true;
+    enable32Bit = true;
+  };
+
+  # Load nvidia driver for Xorg and Wayland
+  services.xserver.videoDrivers = [ "nvidia" ];
+
+  boot = {
+    blacklistedKernelModules = [ "nouveau" ];
+    extraModulePackages = [ config.boot.kernelPackages.nvidia_x11 ];
+    initrd.kernelModules = [ "nvidia" ];
+  };
+
+  hardware.nvidia = {
+    modesetting.enable = true;
+    # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
+    #powerManagement.enable = true;
+    # Fine-grained power management. Turns off GPU when not in use. Experimental and only works on modern Nvidia GPUs (Turing or newer).
+    powerManagement.finegrained = false;
+
+    # Use the NVidia open source kernel module (not to be confused with the independent third-party "nouveau" open source driver).
+    # Currently alpha-quality/buggy, so false is currently the recommended setting.
+    open = false; # need proprietary for cuda.
+
+    # Enable the Nvidia settings menu, accessible via `nvidia-settings`.
+    #nvidiaSettings = true;
+
+    # Optionally, you may need to select the appropriate driver version for your specific GPU.
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+  };
+
+  # Enable the CUDA toolkit
+  #install packages
+  environment.systemPackages = with pkgs; [
+    cudaPackages.cudatoolkit
+    cudaPackages.cudnn
+    nvtopPackages.nvidia
+    cudaPackages.nccl
+    pkgs.cudaPackages.libcublas
+  ];
+
+}
--- a/modules/ollama.nix
+++ b/modules/ollama.nix
@@ -15,20 +15,28 @@ in

  services.ollama = {
    enable = true;
-    package = pkgs.unstable.ollama;
+    package = lib.mkDefault pkgs.unstable.ollama-vulkan;
+    acceleration = lib.mkDefault "vulkan";
    host = "0.0.0.0";
    openFirewall = true;
    port = 11434;
    home = "/var/lib/ollama";
-
+    environmentVariables = {
+      OLLAMA_CONTEXT_LENGTH = "32000";
+    };
    # Preloaded models
    loadModels = [
-      "gemma3:1b"
      "qwen3:latest"
      "qwen3:4b"
-      "qwen3:0.6b"
+      "glm-4.7-flash:latest"
+      "rnj-1:latest"
+      "lfm2.5-thinking:latest"
+      "qwen3-vl:4b"
+      "qwen3-vl:2b-instruct-q8_0"
+      "qwen3-vl:latest"
      "gemma3:4b"
-      "qwen2.5vl:3b"
+      "ministral-3:3b"
+      "ministral-3:latest"
      "granite3.2-vision"
      "granite4:tiny-h"
      "gpt-oss:20b"
--- a/modules/pangolin.nix
+++ b/modules/pangolin.nix
@@ -0,0 +1,31 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
+
+  sops.secrets."pangolin/environmentFile" = {
+    restartUnits = [ "pangolin.service" ];
+    owner = "pangolin";
+    mode = "0755";
+  };
+
+  users.users.pangolin.extraGroups = [ "acme" ];
+  services.pangolin = {
+    enable = true;
+    openFirewall = true;
+
+    package = pkgs.unstable.fosrl-pangolin;
+
+    baseDomain = "lauterer.it";
+    dashboardDomain = "auth.lauterer.it";
+    dnsProvider = "domeneshop";
+
+    #settings
+    environmentFile = config.sops.secrets."pangolin/environmentFile".path;
+    #dataDir
+  };
+
+}
--- a/modules/qbittorrent.nix
+++ b/modules/qbittorrent.nix
@@ -4,6 +4,9 @@
  pkgs,
  ...
 }:
+let
+  dataLocation = "/lorien/media/";
+in
 {
  sops.secrets."qbittorrent/interfaceAddress" = {
    restartUnits = [ "qbittorrent-nox.service" ];
@@ -45,9 +48,9 @@
            AnonymousModeEnabled = false;
            BTProtocol = "Both";
            BandwidthSchedulerEnabled = false;
-            DefaultSavePath = "/Main/Data/media/Downloads";
+            DefaultSavePath = dataLocation + "Downloads";
            Encryption = 1;
-            FinishedTorrentExportDirectory = "/Main/Data/media/Downloads/torrents-complete";
+            FinishedTorrentExportDirectory = dataLocation + "Downloads/torrents-complete";
            GlobalDLSpeedLimit = 0;
            GlobalMaxRatio = 1.5;
            GlobalUPSpeedLimit = 0;
@@ -69,7 +72,7 @@
            TempPath = "/Main/Data/media/Downloads/temp";
            TempPathEnabled = true;
            TorrentContentLayout = "Subfolder";
-            TorrentExportDirectory = "/Main/Data/media/Downloads/torrents";
+            TorrentExportDirectory = dataLocation + "Downloads/torrents";
            UseAlternativeGlobalSpeedLimit = false;
          };
        };
--- a/modules/unstable.nix
+++ b/modules/unstable.nix
@@ -1,16 +1,14 @@
 {
  config,
-  pkgs,
  inputs,
-  system,
  ...
 }:

 let
  unstableOverlay = final: prev: {
    unstable = import inputs.unstable {
-      inherit system;
-      config = prev.config;
+      inherit (final.stdenv.hostPlatform) system;
+      inherit (config.nixpkgs) config;
    };
  };
 in
--- a/modules/xdg.nix
+++ b/modules/xdg.nix
@@ -4,38 +4,65 @@
  config,
  ...
 }:
-{

+{
  environment.systemPackages = [
    pkgs.xdg-desktop-portal-gtk
    pkgs.xdg-desktop-portal-gnome
    pkgs.xdg-desktop-portal
  ];

+  # XDG related configurations
  xdg = {
-    autostart.enable = true;
-    menus.enable = true;
-    icons.enable = true;
-    sounds.enable = true;
+    # Enable desktop portal integration
    portal = {
-      enable = true;
-      xdgOpenUsePortal = true;
+      enable = true; # Enable the portal system
+      xdgOpenUsePortal = true; # Use portal for opening files and URLs
+
+      # Additional portals for specific environments
      extraPortals = with pkgs; [
        xdg-desktop-portal-gtk
        xdg-desktop-portal
-        #xdg-desktop-portal-wlr
-        xdg-desktop-portal-gtk
        xdg-desktop-portal-gnome
-        kdePackages.xdg-desktop-portal-kde
-        xdg-launch
-        xdg-ninja
-        xdg-utils
+        kdePackages.xdg-desktop-portal-kde # For KDE environment
      ];
+
+      # Configuration packages for portals (like GNOME session, Niri, etc.)
      configPackages = with pkgs; [
        gnome-session
        niri
      ];
    };
+
+    # Enable autostart functionality (launch apps on login)
+    autostart.enable = true;
+
+    # Enable menu support for applications
+    menus.enable = true;
+
+    # Enable icon theme support (icons for applications, etc.)
+    icons.enable = true;
+
+    # Enable sounds for system events (like notifications)
+    sounds.enable = true;
+
+    # Terminal execution for XDG spec
    terminal-exec.enable = true;
  };
+
+  # Enable MIME type handling for file associations
+  xdg.mime.enable = true;
+
+  # Enable additional configurations for portals
+  xdg.portal.wlr.enable = false; # Disable Wayland/Weston portal support (as you've commented out)
+  xdg.portal.lxqt.styles = true; # Enable LXQt portal styles (optional)
+  xdg.portal.lxqt.enable = false; # Disable LXQt portal integration (commented out as unnecessary)
+
+  # Icons
+  xdg.icons.fallbackCursorThemes = [ "Adwaita" ]; # Set a default cursor theme (you can change this)
+
+  # Terminal execution configuration
+  xdg.terminal-exec.package = pkgs.xterm; # Choose the terminal emulator (can be changed to your preference)
+  xdg.terminal-exec.settings = { }; # Terminal-specific settings (customizable)
+
 }
--- a/modules/zfs.nix
+++ b/modules/zfs.nix
@@ -6,16 +6,15 @@
 }:
 {
  boot.supportedFilesystems = [ "zfs" ];
-  boot.zfs.forceImportRoot = false;
-  networking.hostId = "1ccccd3a";
+  boot.zfs.forceImportRoot = lib.mkDefault false;
+  #boot.zfs.package = lib.mkDefault pkgs.zfs_unstable;
  services.zfs.trim.enable = true;
  services.zfs.autoScrub.enable = true;
  services.zfs.autoSnapshot.enable = true;
-  services.zfs.autoSnapshot.flags = "-k -p --utc";
+  services.zfs.autoSnapshot.flags = lib.mkDefault "-k -p --utc";

  environment.systemPackages = with pkgs; [
    zfs
-    zfsnap
    zfstools
    zfsbackup
    lz4
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -1,9 +1,11 @@
-#ENC[AES256_GCM,data:iFOJJlRLRz2m7NyHzPhgUg==,iv:cx8HN12ClwwUZxn2/6mc1Q5Eh2XBIRsrhG/ETRf0cnw=,tag:ITcKcojB8Cpk5cICcxV/Hw==,type:comment]
+/open# run to encrypt: null
 #ENC[AES256_GCM,data:kvu25CX2iZURTBGQXYZTkwT00EqhPNF/ORglzJCsDRthR9hwLomlCzsdDCCwBmbEYbUSnyup0/yt6kj5gUA1iTpoGLVJK1EMoAUm7H7Vl4V0XheizUyTUJdfQUzQQXONzB2kTlE2DHuIWKN5Bz8+LKqoDrI=,iv:eBoUwZfMPhBnT2+jWqT/EGh/CVNK5qiYeaspFf1VJxY=,tag:yY+w4rJvDHLo93HgkcKahw==,type:comment]
-acme:
-    certs: ENC[AES256_GCM,data:v3eIoxXPCGU3nnj9LbpC6q9TIbmw0pwlBCjyfsmMxAMgp5oZttHUimXU3jmrFSDNLMXKyKp5ibBpL+pJDl+HGXbZ2ERWUfV0xqI+vUWetnO8tN4VrW0NZNs/TxdwdTVEA/st8zYON+Qnxrd0xUYAz2TzM9T4cEaRCpTKdIg=,iv:dnct9KU24ZVaQThA6rTTClRjT+vTi4aD+7UV+oiqoVU=,tag:eFmep+I41nVf51/i3v/53Q==,type:str]
 github:
    api: ENC[AES256_GCM,data:PcalL0rNd0nfNPMlWP05FWh3ff6rp5eQUmu3NzKmuSPcS5w6zSKCLsoCegltENjTWomGAJDoJF8rYfE3tTo4xQBAzFsK7v3GFXfefB+Ec7/FrUT6jjcHK4+c0e1u3cAgUkFpKq+IzS0yDBgMtXuC5oRzw0u0cEjXT4akiyO9Hg==,iv:GVPXrS9gwpw5JgsO6+YAMT96CsX7dz0NAcaq/IxXzec=,tag:Vxb4LOf0mm52W7Ege7mi6A==,type:str]
+acme:
+    certs: ENC[AES256_GCM,data:v3eIoxXPCGU3nnj9LbpC6q9TIbmw0pwlBCjyfsmMxAMgp5oZttHUimXU3jmrFSDNLMXKyKp5ibBpL+pJDl+HGXbZ2ERWUfV0xqI+vUWetnO8tN4VrW0NZNs/TxdwdTVEA/st8zYON+Qnxrd0xUYAz2TzM9T4cEaRCpTKdIg=,iv:dnct9KU24ZVaQThA6rTTClRjT+vTi4aD+7UV+oiqoVU=,tag:eFmep+I41nVf51/i3v/53Q==,type:str]
+pangolin:
+    environmentFile: ENC[AES256_GCM,data:vip6lNBhaH0891+RTphTwerEf7sw6smUVbWIP9KdgbrjRkIAbt/XbLk=,iv:1771tPsQQcjSIoSQxER1Yqi2vZPwg6gbj0VXvDHr7kk=,tag:Bd286kNRYgTXC+jtpVLYpA==,type:str]
 nginx:
    defaultpass: ENC[AES256_GCM,data:dJn/Q0jV83PgfFH2ODJO/nXGqew2TZG3ItudJZQ/eCo7Ek2IPlHHQq52bzaVYPqhxUsvXpLV9FgR3FQVOHyiUK3MBsLDNvCTzpnALSflnpj0nKqrXWg3YgEKfi+FdHQ1s0SFQqBOsEw+Xt6eWkNykrl9Jgq5UF7Bp4iC4jmDwQeAFIWaIsWK0117X4seBRQc5rxz1XYNsTaVTzp102I1QmrWLRHGjuvpT5jLVvNEoaU/imT+beAmQAnq5pFOMiEwd4q5FFUdy8XHi7CcT4fql92m2I61pgQbjnHwGklLZvRYO5gIKLwj7u19x8lnFBefDoAshuZOch8397T+vjTxVe0fsuZeLAtLXdPKwoF3L0jp4ffNmPq8H3BTnFwJ2NZo,iv:h6gn2VKancyy6dZlON99zjRj4smArwt6I4a3PRjGfZ8=,tag:Gt4yl0zK7vF3Is/g8cow0g==,type:str]
 qbittorrent:
@@ -17,6 +19,13 @@ ai:
    cerebras: ENC[AES256_GCM,data:ZGXy4FWauVb6cqFIDNCjYZhA3fb7t8s9wHEQvV5UQS0LwOM1F6+prid5entFiU/zJhxUDA==,iv:1tZU5nfWCur/Uk54RccS7ldv+94D3CKPgAeK30PB8j4=,tag:y9ZDVTTOExTY6nLRbIxoLg==,type:str]
    groq: ENC[AES256_GCM,data:63HBVYQEXCqG/xN7zluZl3yledOlqxou09Lvgh585LnZAvIFUN+eSDn44mT5mgpqMsRL8Wbqjq8=,iv:taiWwphOVhbLuO5ygf5iDIvhEoAxncTEQ8CFNKOObP4=,tag:1j7wCg9tFuP36mBr5yN0dA==,type:str]
    mistral: ENC[AES256_GCM,data:z7qUyaJBaLF+fe3DFMRjkUEXiXGZwtFeC189fuEGjEo=,iv:r9QSqstFiR9QrLehHrQu09iaF0PYroz/p1ENChch/I0=,tag:XN7jcXv6TftbXaFBsZYVmw==,type:str]
+    zai: ENC[AES256_GCM,data:rVzqXuEFvdAR+GgETgRFvbDzVjvQ3hVD0s8jDxMCjZ2ri+Tob8Fsp55qA4ZKe85Uhw==,iv:YpaTe+3ZGONoAHCkQCVcvassQqr2ReSyBgiEcwxJOlA=,tag:HFE4af3gVrp6FJnBiwGClg==,type:str]
+librechat:
+    environmentFile: ENC[AES256_GCM,data:oAEWPYxLdphwMvmRWpEgJnumpYxrlCbb2FQ2ugbVKqoA2TP3srof0eTwAFO/6jl7vzgfsP956BZ7lm6kwg4spEQ6EgfXWc7oa/zQrJKDofUpPLwyxLJhzyfDM3NbDcVKAQS7HdMinG3A5lSkVVHCfIuoaqml1W9DIExzjj+3cNKee8SfgQSpy3TOs2ngxkAVfycViw2cQv3MYeQ6CoaR4BQgraenm/sU9Vzjh+KWYdhD91Qx8UQRWKjhiZAQ+aspofTmFoUfct4Ds/Q+Z3KwWicSCZyvjm5GkP9oEmiK6ODEj2gLw/1bV/Pv/qH9D0ApN2m+mVMB3W7bnAE+4rb8oMb5SW6tgs2ttbefKE3jYl0jqNbu17xALBX3lqYEr9kAO4uF2+96uO0YFAAGgaWjAzhzgkCm/Gl2KML2OYX4uG/ynN5m8YkFB8qkfXg0Dv0IrvzbiE/YYRBmHzrlu5rD2SVTdc83GkePAn/ZMpB5HU6z6cSkjOn2RyixDTROIZeOMICdMYU/1dBvgUGZgLWD,iv:15NFJizf02389RnIFeezzFL2X9oz/CpmG/vmgDp1h2g=,tag:X+SBK584hJD/v+LeDSJd6A==,type:str]
+authelia:
+    storageEncryptionKeyFile: ENC[AES256_GCM,data:zP2i8Ni6MqHpAJeVdcxr6V0eCXobcgbTyu6cDxsi4x4eG2HIFv7waxsCsa+erQgOf5g8+T5c7kIOa99Z5+Zq3kLAhGrIMqtZxn44oemw5Wl2U4ION2yZTdo/C8otpZMqu9rC9l+k4K3XiKN1Aqhyglx9TXNG6FgS8ygx5aBIBwUM,iv:spQdJ3otiZynCleiCG+u3mk/K3axKrfNtSOCzCGnnWQ=,tag:bMbjwOMCxi/+t+x0Xy0jnQ==,type:str]
+    jwtSecretFile: ENC[AES256_GCM,data:gVRyazB5RZ0fVrZ5/8eUuvJjdPBxjQg0vOrhXvgnv07sawti5Wj350UPBlBKthlvya8V6gZdBSl+Aj1nllP1Fl1tC8hDYb93ZmJdHo6CTicsu9lkMvWWfLe112Dhuptbg5AQAlWLu5TpjSGMT4UfXpLlKYdrzaDnIcWBAVn8k9lN,iv:hcHrAK/squwRyXQCx8pJXxVpq+KtcRwCqJ1NQpHpnL0=,tag:eQdM0gzYNw3/TfDBJYrkdg==,type:str]
+    usersFile: ENC[AES256_GCM,data:uJ03GLDPWWCeTV/FQNdkLfpQiG4FeoP5LnfuW8isHDT2dYhTnDZ7bTb3kTH0lps+79mUF5puaX3XrUO0J1cUV3EjkJkgH/FMnQ7D2mA2jJBCjmvnVerwRDtNJXiwtoM7a5N6RQl9stwDCZE7ODGs9YIqg//HQME73K+l4Hp/thA08GKG/ionT+f7ljlM+yL++guNtp/l5dPZS8/OXfTMBL9jtLlG7AmXbE9hoWcdqGK3OLxGWGdzrxkdQByvDrIxYu9i77o+NMRx0JU1LN8UpMQAYVqmBnbln/zNj5m5iuoa5cwpTKvG5rI=,iv:Iwz5tiUZ8Hr4ywjdkEXvA5cl5TZeyz24BVzMmm8q1vg=,tag:PdXguz6B7cpvUjzzMRlsTA==,type:str]
 vaultwarden:
    environmentFile: ENC[AES256_GCM,data:HUFCO4di1hSEMitCSGy5wiDNPZ858NIlW/BnaxrFkE4Tws9RwvmhJ+l89/w7A0VGHAp3yNC+t1GUHgNadA15/Ymr7qL8Zby6o69CqZ3tFnMFmBJ9BL3ni0v1E/4iN5YFInMpmM+c8FjlGfTU2nRRu0WUOGR+5s7C8YSGILrDR+jr98YOKuTfiEKqvsGg8o0dc95CjhEtejeaVGimt9f+bWA54BPGkCT1HzD5boAoTwVbD4sxKDP5l5SnBC+mpzX3sECFkoE5E7SnQQEhKtrL+IffnMrcA3nG6AAyAGODuYZ7VNYQ3zNWBhR2nP0ospDelxaTu9aH6IMgMn4h4Y9LU+nCSHkJGykxGt4W6S8DnHxiaqJCpYwAeOaWFlItlsqlMSjYR2nB7OgUHIv5HLaC1Heyn9azZc/HQyHEjsDa0EsHX8HnmJ6kr2PkAXno+zCBZHnZvxKDWPfV9QqUPakZX9VwPg724zFFe+4OsFBzRiJLePA3hXdmnKJFJUr8cFj0QC/JXlkG3FbfogrnBE2BV6YH8PBmjLuZCII0St1LwB77YPcZDbNLnXUbbiM5/F+fGy04qg3/97sE7Sk/ZXh/Yv+SyvrqrizhXcnOlaciC0zY6DGirHzPuPAYraCkIpPmvTV+MGOICOg77sLSronoN7QohCw6SEZdPD9wSDpRMcbIs5PjfqlVu0rziyl8D1cbT6pmktrGcPKnzKeCpBJNgKE+EwwnB7Zymfj3xRxLZSl/x/1GPFuFtvDvwcWWBIU3IDEtI1zaH0PXbErtuvrttIYWx0+Il9VbxLpxjYl2NxEwfwdUmhU+O2Xw18h8leyu4hfX6a2BvLzLR7cLmSJdIeWiW7rU+qy+H9AMZ5TIZNgepXcN9TmVfTmoEm3HCzG+WJD66iMkdspkggpOxxyIMXia3ws80Eht+m0lrSM2eU6NFfVXxixEylQsxZJuiTqof7mQ71OlGlwWYyY11w2QZNeWmmZIOWwrH2L4u7Npj0qUxurafWOFr/022Y70BxpYO+CKysYppSjTKhiPLS5/8d0u4R3a30gnf/JigXisE06DiLYV6LYRxd003Q41A9UOUoZ7j+A115GUqwAuyD9mEHsH9e2zb3bF+a4QCQ2EaVTaWLHWN/pKnDTY4tSUnpr2HiBcF/dRYh9hMZ3S9khiG+7mj/8Wj1eHMB0dEkUMlU5HE/3Qgoga0oKmATekv6gFyRJ5FQxNNJH9RMN4h6ej6BxDbs5g2bdNScs3qPahpefJA/ITipe1y3qrsfHP4dgqGEn8oaiQxDnNvf5TwbHoX+kS5rlLi4x42cS9v8Ov9oZV92O3c+EuXwDVKW8FAoJh1wMNkJhHjjSCVmQWG1UQngkl3HPDjuPadhec0dWCxQh7/TIaS2JJXeHrURYSLmUV9RlzhGYJqmCZbw7oLU//EukfD9vjm591gX7U3rhu1aQNioZWdFtoGj88BJdHtSa2pxhJnwhruDrwpLOV7xXEK8FsV0SOXWP+MNAgCCWxL2KoLBqDvbr21x6rXS4a6M0+iYxIEIZRsODwTKW7hf+g7mLdKLTIv8ptJVX+zhCaFOR0JMAm/P+L48FPH9ccEUoNCwlSnl02wC9oxB+bTvIDnE7OB705ezwSi8Okh8V1fiQopRIKSutXVhMN7J+wda3Y39UzdEiVr/Qzf+pVkOY2RBp4pNQ2G4Umb31qbtamxOf5JoPqmXQhFopdFttC+iHNa0b13aj4kQITUX/lo7gzssSHyTABpkD5mBaA4HRGkVDTo2bAwsVttVH399NYXmSoGU8XKoLbtJ3caa38KrxN8czTl+oDMurds2xrWHIG+fU4nHIeRW3HxuTz+1zwuYoZD2L+813VEZ3+fcnH1AjdoZ21Ioi1P496s4v4huLC/NMq6A==,iv:n41XecN53vEw2xzCO+gS46TwH7Qy08Hra2NFJNHTEHg=,tag:4ypcVk6TvJbDoG11A5miCw==,type:str]
 openvpn:
@@ -46,7 +55,7 @@ sops:
            TEhuRFBFQUppVjFKL3JKa0ozNmRLcTAKDrrS8mpHoQoZ54VkY+SYbjoE6AS0fLjc
            uHuFCrUWqQIwfqHXGlXn7EPUweTfwQ7Od+4JeVp1GbgNLIyH5xNN1g==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-01T15:16:22Z"
-    mac: ENC[AES256_GCM,data:e+nLoUc3ybRoznmQqUdEF01dOIPleG7Hxv9U05f2y68eLo+QzP8/dznIhdc8DC4dAB7IkS4qXGiCyyWfzhVTPy8Aor4pAO0wwHR3cylKswetX0RVJErRO2r6mDMz6bjOseo1WZ6Jq6EOo2Z0SZli+lnLrxTpnoVDlOL6XO6TP2A=,iv:57LHCw0SY5cG2woS5op378RhhgqJGSRhA8oO+76/maM=,tag:aYs9KnXSQyRyawRcc+MITw==,type:str]
+    lastmodified: "2026-02-13T12:56:54Z"
+    mac: ENC[AES256_GCM,data:9lOwVBwSeWr6q8SLcDUrQi42XaTEKe40a9MfCZZl3q8Dy+P6bbKAHsRv4GxYmodJvYvQxHGbojTejN3jmUTOF+N614ydJzPP4oeBC5Gto5NZ1SPJQV25X/dEk1wXC3LlC5ZsmRhUuZL9uoRuOiKV9+C7nRgVObUd2rKR/4QzHvg=,iv:iCmlAu6a9XQOlQ2/SPGA0Lo8HFwxweT6g5/qOiqUVIQ=,tag:mfEto5hA5ysPhN2rEBwQsg==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0
Author	SHA1	Message	Date
Adrian Gunnar Lauterer	16ca4c733b	some llama swap fixes	2026-03-03 21:20:22 +01:00
Your Name	c8f305a5bd	updated models	2026-03-03 00:48:40 +01:00
Your Name	30a4f1e83f	added cache to llama swap	2026-03-02 23:24:21 +01:00
Adrian G L	a6e5b1e0eb	:redid llama-swap	2026-03-02 17:38:45 +01:00
Adrian Gunnar Lauterer	ca06437580	llama-cpp	2026-03-02 15:36:10 +01:00
Adrian Gunnar Lauterer	327f6dc6f0	llama-cpp instead of swap, native swap functionality is coming	2026-03-02 15:36:10 +01:00
Adrian G L	9ae8480f1b	handy	2026-03-02 15:35:32 +01:00
Your Name	87bb5605d5	remove ollama its bad	2026-03-01 22:57:40 +01:00
Your Name	1139d767b1	application and dev stuff	2026-03-01 22:17:23 +01:00
Your Name	66c8320ef6	aragon aarch crossbuild	2026-03-01 22:16:29 +01:00
Adrian G L	d7ebdab4df	galadriel intel stuff	2026-02-25 12:17:18 +01:00
Adrian Gunnar Lauterer	f6f95fdbdc	galadriel stash	2026-02-25 10:24:48 +01:00
Adrian G L	eb792800a1	add more intel hardware drivers to galadriel	2026-02-25 10:19:52 +01:00
Adrian G L	1e33700125	niri noctalia keybind updates	2026-02-25 10:04:46 +01:00
Adrian Gunnar Lauterer	fb14fbcc13	added ollama models	2026-02-10 23:53:33 +01:00
Adrian G L	4c012d7100	niri noctalia keybind updates	2026-02-10 10:51:03 +01:00
Adrian G L	e933df2150	noctalia plugins	2026-02-10 10:51:03 +01:00
Adrian G L	0fa36a0b71	noctalia plugins	2026-02-09 14:00:20 +01:00
Adrian G L	c9ec662395	fix noctalia	2026-02-03 13:50:55 +01:00
Adrian G L	ad68106bd3	authelia	2026-02-03 13:00:19 +01:00
Adrian Gunnar Lauterer	4185127c3e	fix qbit	2026-02-03 11:17:25 +01:00
Adrian G L	30af7733db	fix xfs	2026-02-03 11:13:48 +01:00
Adrian G L	0c4354f120	move fcxit to system options.	2026-02-02 12:22:06 +01:00
Adrian G L	95fa504dc8	snapshot	2026-02-02 11:21:26 +01:00
Adrian Gunnar Lauterer	7a9781e260	galadriel hardware uppgrade	2026-01-28 17:20:08 +01:00
Adrian G L	c17203e6a5	more noctalia	2026-01-28 17:19:52 +01:00
Adrian G L	1653f58e52	noctalia	2026-01-27 19:30:01 +01:00
Adrian G L	9f2b5eeaf7	mako silent mode	2026-01-27 14:26:32 +01:00
Adrian G L	36cf6a4fc3	update pangolin	2026-01-24 19:52:46 +01:00
Adrian G L	828cbc67c7	pangolin env	2026-01-24 19:47:48 +01:00
Adrian G L	2cf89a9a1a	pangolin	2026-01-24 19:37:59 +01:00
Adrian G L	084cdc1f36	python	2026-01-19 12:49:29 +01:00
Adrian G L	66beefe0b3	revert fuzzel to custom	2026-01-07 08:26:29 +01:00
Your Name	9419e8cd30	stuff	2026-01-06 20:28:43 +01:00
Adrian G L	101ee551b5	inital homemanager reconfig	2026-01-06 20:22:40 +01:00
Adrian G L	685fab808e	nixpkgs cleanup	2026-01-02 22:41:52 +01:00
Adrian G L	32aa882014	diffs	2025-12-17 17:36:45 +01:00
Adrian Gunnar Lauterer	c43f27e371	jupyter fix	2025-12-16 19:19:29 +01:00
Your Name	23eb2ae842	testing elros	2025-12-16 19:10:32 +01:00
Your Name	8defa56f4f	fix: remove boot.nix import from elros configuration Co-authored-by: aider (openrouter/mistralai/devstral-2512:free) <aider@aider.chat>	2025-12-16 19:08:29 +01:00
Your Name	31ae9a3583	feat: add unstable.nix module to flake modules	2025-12-16 19:08:28 +01:00
Adrian Gunnar Lauterer	a44ec01dab	Update flake.nix	2025-12-16 18:53:22 +01:00