From ea8567af078874a374a3ea461a5914a763b885f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Thu, 13 Feb 2025 23:16:11 +0100
Subject: [PATCH 01/12] feat(home): update packages

---
 home/felschr-work.nix |  1 +
 home/felschr.nix      | 12 ++++++------
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/home/felschr-work.nix b/home/felschr-work.nix
index fd6d8dd..0002dd2 100644
--- a/home/felschr-work.nix
+++ b/home/felschr-work.nix
@@ -63,6 +63,7 @@ with pkgs;
     # gaphor
 
     # security & privacy
+    unstable.proton-pass
     authenticator
     collision
     metadata-cleaner
diff --git a/home/felschr.nix b/home/felschr.nix
index 44825a3..712a704 100644
--- a/home/felschr.nix
+++ b/home/felschr.nix
@@ -46,17 +46,16 @@
   '';
 
   home.packages = with pkgs; [
-    fh
-
     # system
     gparted
     gnome-firmware-updater
-    mission-center
+    resources
 
     # productivity
     anytype
     libreoffice-fresh
     tabbed
+    curtail
 
     # work
     teams-for-linux
@@ -73,15 +72,16 @@
     celluloid
     spot
     spotify
-    pocket-casts
     unstable.calibre
     foliate
 
     # security & privacy
+    unstable.proton-pass
     authenticator
     collision
     metadata-cleaner
     raider
+    gnome-obfuscate
     yubikey-manager
     yubikey-manager-qt
     # yubioath-flutter # TODO conflicts with fluffychat
@@ -89,12 +89,12 @@
     warp
     # onionshare-gui
     transmission_4-gtk
-    qbittorrent
+    unstable.qbittorrent
     fragments
 
     # other
     ledger-live-desktop
-    portfolio
+    unstable.portfolio
     bottles
     zotero
     newsflash

From 50db5ea9bc3d2deeaf8d15b1a758f6da28f7e301 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Thu, 13 Feb 2025 23:18:03 +0100
Subject: [PATCH 02/12] feat(home): disable kbfs

---
 home/keybase.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/home/keybase.nix b/home/keybase.nix
index 64f1d55..29233a4 100644
--- a/home/keybase.nix
+++ b/home/keybase.nix
@@ -2,7 +2,7 @@
 
 {
   services.keybase.enable = true;
-  services.kbfs.enable = true;
+  # services.kbfs.enable = true;
 
   home.packages = [ pkgs.keybase-gui ];
 }

From 8452d9a4db6dbaa9ff1852ae5673b236e192e8d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Thu, 13 Feb 2025 23:18:32 +0100
Subject: [PATCH 03/12] feat(shell): update zellij config

---
 home/shell/zellij.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/home/shell/zellij.nix b/home/shell/zellij.nix
index aa4798f..57f3a47 100644
--- a/home/shell/zellij.nix
+++ b/home/shell/zellij.nix
@@ -6,7 +6,7 @@
   programs.zellij.enableZshIntegration = true;
   programs.zellij.settings = {
     default_layout = "compact"; # or default
-    default_mode = "locked";
+    default_mode = "normal";
     ui.pane_frames = {
       hide_session_name = true;
     };

From c4bc131bfae23cfe008e34ef9c22f9b09551733d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Thu, 13 Feb 2025 23:19:23 +0100
Subject: [PATCH 04/12] feat(home): use trayscale from nixos-unstable

---
 home/tailscale.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/home/tailscale.nix b/home/tailscale.nix
index 5b654f0..5ea2546 100644
--- a/home/tailscale.nix
+++ b/home/tailscale.nix
@@ -2,11 +2,11 @@
 
 {
   home.packages = with pkgs; [
-    trayscale
-    (pkgs.makeAutostartItem {
+    unstable.trayscale
+    (makeAutostartItem {
       name = "dev.deedles.Trayscale";
-      package = pkgs.trayscale;
-      # extraArgs = ["--hide-window"];
+      package = unstable.trayscale;
+      prependExtraArgs = [ "--hide-window" ];
     })
   ];
 }

From 5d22ee3c019b8042c0d862097c632f2cc83c63c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Thu, 13 Feb 2025 23:21:21 +0100
Subject: [PATCH 05/12] feat(open-webui): update configuration

---
 hosts/home-pc.nix       |  1 +
 services/open-webui.nix | 29 ++++++++++++++++++++++++++++-
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/hosts/home-pc.nix b/hosts/home-pc.nix
index de48f35..2458661 100644
--- a/hosts/home-pc.nix
+++ b/hosts/home-pc.nix
@@ -19,6 +19,7 @@
     ../services/samba/home-pc.nix
     ../services/restic/home-pc.nix
     ../services/pcscd.nix
+    ../services/open-webui.nix
   ];
 
   nixpkgs.config.allowUnfree = true;
diff --git a/services/open-webui.nix b/services/open-webui.nix
index eb659c7..67794c8 100644
--- a/services/open-webui.nix
+++ b/services/open-webui.nix
@@ -1,9 +1,36 @@
-{ pkgs, ... }:
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
 
 {
+  disabledModules = [
+    "services/misc/ollama.nix"
+    "services/misc/open-webui.nix"
+  ];
+
+  imports = [
+    "${inputs.nixpkgs-unstable}/nixos/modules/services/misc/ollama.nix"
+    "${inputs.nixpkgs-unstable}/nixos/modules/services/misc/open-webui.nix"
+  ];
+
+  services.ollama = {
+    enable = true;
+    package = pkgs.unstable.ollama;
+    acceleration = "rocm";
+    rocmOverrideGfx = "10.3.1";
+  };
+
   services.open-webui = {
     enable = true;
     package = pkgs.unstable.open-webui;
+    host = "0.0.0.0";
     port = 11111;
+    environment = {
+      WEBUI_AUTH = "False";
+      OLLAMA_API_BASE_URL = "http://127.0.0.1:${toString config.services.ollama.port}";
+    };
   };
 }

From 365b160a733b237b7bb70677b0281f037c6a4a26 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Thu, 13 Feb 2025 23:23:16 +0100
Subject: [PATCH 06/12] chore(secrets): delete unused forgejo runner token

---
 secrets/forgejo/runner-token.age | 8 --------
 1 file changed, 8 deletions(-)
 delete mode 100644 secrets/forgejo/runner-token.age

diff --git a/secrets/forgejo/runner-token.age b/secrets/forgejo/runner-token.age
deleted file mode 100644
index 0ef260d..0000000
--- a/secrets/forgejo/runner-token.age
+++ /dev/null
@@ -1,8 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 OAZQhA 2ptce5tD9VWD7rfhCjLZbKzznVXLHFw1L5iXbwrAyUQ
-egOD0xgvKyRsezgBCmaZrft/61TtS3fh4mHWf+taNjI
--> ssh-ed25519 72ij7w mVe1vE1rQT0t21xwwrLqEytD/1dwB2gwbzuNx6z/tEQ
-ZxcOXVdxpxpvvU6ozhjJ41hIncxygJcV3icGFascFpw
---- 298y2yI6JRzmJq1If1v3NMjRKlCpH2kjUqhfL47n2ag
-2ݩTw��V}��6��϶A=�/w�<��٭����[|F�d���$e^&
-	�Џ�H���a�&�߀v��]
\ No newline at end of file

From ff99766709f5278b413707a858e7581230960b0f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Thu, 13 Feb 2025 23:24:59 +0100
Subject: [PATCH 07/12] feat(home-server): remove boards.felschr.com

---
 hosts/home-server.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hosts/home-server.nix b/hosts/home-server.nix
index db971ed..9f25161 100644
--- a/hosts/home-server.nix
+++ b/hosts/home-server.nix
@@ -103,7 +103,6 @@ in
     "news.felschr.com"
     "etebase.felschr.com"
     "paperless.felschr.com"
-    "boards.felschr.com"
   ];
 
   services.nginx = {

From 66cdd164aca80fc9ab640cad02c92696e6cc9fae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Thu, 13 Feb 2025 23:27:07 +0100
Subject: [PATCH 08/12] fix(sound): restrict bluetooth codecs for better
 performance with Sonos Ace

---
 system/sound.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/system/sound.nix b/system/sound.nix
index f9e47cd..75a1b7b 100644
--- a/system/sound.nix
+++ b/system/sound.nix
@@ -27,6 +27,18 @@
         "hfp_hf"
         "hfp_ag"
       ];
+      # aptX HD causes problems with Sonos Ace
+      "bluez5.codecs" = [
+        "sbc"
+        "sbc_xq"
+        "aac"
+        "ldac"
+        "aptx"
+        "aptx_ll"
+        "aptx_ll_duplex"
+        "lc3"
+        "lc3plus_h3"
+      ];
     };
   };
 }

From 3d537fcde05fa685c6c475d47f5933bbd2f073da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Thu, 13 Feb 2025 23:27:34 +0100
Subject: [PATCH 09/12] chore(vpn): switch default exit node

---
 system/vpn.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system/vpn.nix b/system/vpn.nix
index cb34d70..c3d3afb 100644
--- a/system/vpn.nix
+++ b/system/vpn.nix
@@ -23,7 +23,7 @@ in
     extraUpFlags = [
       "--reset"
       "--exit-node-allow-lan-access"
-      "--exit-node=de-dus-wg-001.mullvad.ts.net"
+      "--exit-node=de-fra-wg-106.mullvad.ts.net"
     ];
   };
 

From 6679ce62c180200fa402a03dba4a2b779c5a7453 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Thu, 13 Feb 2025 23:28:43 +0100
Subject: [PATCH 10/12] feat(forgejo): update config

---
 services/forgejo/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/services/forgejo/default.nix b/services/forgejo/default.nix
index 20aeb85..8853ba4 100644
--- a/services/forgejo/default.nix
+++ b/services/forgejo/default.nix
@@ -35,6 +35,7 @@ in
         START_SSH_SERVER = true;
         SSH_LISTEN_PORT = sshPort;
         BUILTIN_SSH_SERVER_USER = sshUser;
+        LANDING_PAGE = "explore";
       };
       service.DISABLE_REGISTRATION = true;
       ui = {
@@ -45,11 +46,11 @@ in
         DEFAULT_ACTIONS_URL = "https://${domain}";
       };
       mailer = {
+        # TODO broken: https://github.com/NixOS/nixpkgs/issues/103446
         ENABLED = true;
         PROTOCOL = "sendmail";
         FROM = config.programs.msmtp.accounts.default.from;
         SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail";
-        SENDMAIL_ARGS = "--";
       };
     };
   };

From 659887901375bf909ddd2c2adb6d5bbfa3e2dea3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Thu, 13 Feb 2025 23:33:31 +0100
Subject: [PATCH 11/12] feat(restic): extend ignore patterns

---
 services/restic/home-pc.nix     | 6 ++++++
 services/restic/home-server.nix | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/services/restic/home-pc.nix b/services/restic/home-pc.nix
index 1b4a2e2..9874d8a 100644
--- a/services/restic/home-pc.nix
+++ b/services/restic/home-pc.nix
@@ -35,6 +35,9 @@ in
       "/var/lib/lxcfs"
       "/var/lib/docker"
       "/var/lib/flatpak"
+      "/var/lib/ollama"
+      "/var/lib/open-webui"
+      "/var/lib/private/open-webui"
       "/home/*/Downloads"
       "/home/*/Pictures"
       "/home/*/Videos"
@@ -56,9 +59,11 @@ in
       "/home/*/.templateengine"
       "/home/*/.var"
       "/home/*/.wine"
+      "/home/*/.vagrant.d"
       "/home/*/.local/share/containers"
       "/home/*/.local/share/docker"
       "/home/*/.local/share/flatpak"
+      "/home/*/.local/share/gnome-boxes"
       "/home/*/.local/share/bottles"
       "/home/*/.local/share/Steam"
       "/home/*/.local/share/keybase"
@@ -73,6 +78,7 @@ in
       "/home/*/.config/gatsby"
       "/home/*/.config/heroic"
       "/home/*/.config/libvirt"
+      "/home/*/.config/Proton Pass"
       "/home/*/.config/spotify/Users"
       "/home/felschr/media"
       "/home/felschr/keybase"
diff --git a/services/restic/home-server.nix b/services/restic/home-server.nix
index f6c88a4..dfccd50 100644
--- a/services/restic/home-server.nix
+++ b/services/restic/home-server.nix
@@ -33,6 +33,8 @@ in
       "/var/lib/lxcfs"
       "/var/lib/docker"
       "/var/lib/flatpak"
+      "/var/lib/open-webui"
+      "/var/lib/private/open-webui"
       "/home/*/ignore"
       "/home/*/.cache"
       "/home/*/.local/share/containers"

From 570f4da47297b68011bc5dd287052966515223f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Thu, 13 Feb 2025 23:41:16 +0100
Subject: [PATCH 12/12] feat(mullvad-browser): configure search engines

---
 home/browsers/mullvad-browser.nix | 128 ++++++++++++++++++++++++++++++
 1 file changed, 128 insertions(+)

diff --git a/home/browsers/mullvad-browser.nix b/home/browsers/mullvad-browser.nix
index 17b6154..d5d5bf2 100644
--- a/home/browsers/mullvad-browser.nix
+++ b/home/browsers/mullvad-browser.nix
@@ -47,6 +47,132 @@ let
     "media.ffmpeg.vaapi.enabled" = true;
   };
 
+  commonSearch = {
+    force = true;
+    # TODO defaults don't work
+    default = "Qwant";
+    privateDefault = "Qwant";
+    order = [
+      "Qwant"
+      "Ecosia"
+      "DuckDuckGo"
+      "Startpage"
+      "kagi"
+    ];
+    engines = {
+      # builtin
+      "Startpage".metaData.alias = "@s";
+      "DuckDuckGo".metaData.alias = "@d";
+
+      # extra
+      "Qwant" = {
+        urls = [ { template = "https://www.qwant.com/?q={searchTerms}"; } ];
+        iconURL = "https://www.qwant.com/favicon.ico";
+        definedAliases = [ "@q" ];
+      };
+      "Ecosia" = {
+        urls = [ { template = "https://www.ecosia.org/search?q={searchTerms}"; } ];
+        iconURL = "https://www.ecosia.org/favicon.ico";
+        definedAliases = [ "@e" ];
+      };
+      "kagi" = {
+        urls = [ { template = "https://kagi.com/search?q={searchTerms}"; } ];
+        iconURL = "https://kagi.com/favicon.ico";
+        definedAliases = [ "@k" ];
+      };
+      "GitHub" = {
+        urls = [ { template = "https://github.com/search?q={searchTerms}"; } ];
+        iconURL = "https://github.com/favicon.ico";
+        definedAliases = [ "@gh" ];
+      };
+      "GitLab" = {
+        urls = [ { template = "https://gitlab.com/search?search={searchTerms}"; } ];
+        iconURL = "https://gitlab.com/favicon.ico";
+        definedAliases = [ "@gl" ];
+      };
+      "Codeberg" = {
+        urls = [ { template = "https://codeberg.org/explore/repos?q={searchTerms}"; } ];
+        iconURL = "https://codeberg.org/favicon.ico";
+        definedAliases = [ "@cb" ];
+      };
+      "Nix Packages" = {
+        urls = [ { template = "https://search.nixos.org/packages?query={searchTerms}"; } ];
+        icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+        definedAliases = [ "@np" ];
+      };
+      "NixOS Options" = {
+        urls = [ { template = "https://search.nixos.org/options?query={searchTerms}"; } ];
+        icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+        definedAliases = [ "@no" ];
+      };
+      "Nix Flakes: Packages" = {
+        urls = [ { template = "https://search.nixos.org/flakes?type=packages&query={searchTerms}"; } ];
+        icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+        definedAliases = [ "@nfp" ];
+      };
+      "Nix Flakes: Options" = {
+        urls = [ { template = "https://search.nixos.org/flakes?type=options&query={searchTerms}"; } ];
+        icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+        definedAliases = [ "@nfo" ];
+      };
+      "NixOS Wiki" = {
+        urls = [ { template = "https://wiki.nixos.org/w/index.php?search={searchTerms}"; } ];
+        icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+        definedAliases = [ "@nw" ];
+      };
+      "Crates.io" = {
+        urls = [ { template = "https://crates.io/search?q={searchTerms}"; } ];
+        iconURL = "https://crates.io/favicon.ico";
+        definedAliases = [ "@rc" ];
+      };
+      "Docs.rs" = {
+        urls = [ { template = "https://docs.rs/releases/search?query={searchTerms}"; } ];
+        iconURL = "https://docs.rs/favicon.ico";
+        definedAliases = [ "@rd" ];
+      };
+      "Rust Book" = {
+        urls = [ { template = "https://doc.rust-lang.org/book/?search={searchTerms}"; } ];
+        iconURL = "https://doc.rust-lang.org/book/favicon.svg";
+        definedAliases = [ "@rb" ];
+      };
+      "Rust std" = {
+        urls = [ { template = "https://doc.rust-lang.org/stable/std/?search={searchTerms}"; } ];
+        iconURL = "https://www.rust-lang.org/static/images/favicon.svg";
+        definedAliases = [ "@rs" ];
+      };
+      "npm" = {
+        urls = [ { template = "https://www.npmjs.com/search?q={searchTerms}"; } ];
+        iconURL = "https://static-production.npmjs.com/da3ab40fb0861d15c83854c29f5f2962.png";
+        definedAliases = [ "@npm" ];
+      };
+      "PyPI" = {
+        urls = [ { template = "https://pypi.org/search/?q={searchTerms}"; } ];
+        iconURL = "https://pypi.org/favicon.ico";
+        definedAliases = [ "@pypi" ];
+      };
+      "Stack Overflow" = {
+        urls = [ { template = "https://stackoverflow.com/search?q={searchTerms}"; } ];
+        iconURL = "https://cdn.sstatic.net/Sites/stackoverflow/Img/favicon.ico";
+        definedAliases = [ "@so" ];
+      };
+      "Wikipedia" = {
+        urls = [ { template = "https://en.wikipedia.org/wiki/{searchTerms}"; } ];
+        iconURL = "https://en.wikipedia.org/favicon.ico";
+        definedAliases = [ "@w" ];
+      };
+      "Wolfram Alpha" = {
+        urls = [ { template = "https://www.wolframalpha.com/input?i={searchTerms}"; } ];
+        iconURL = "https://www.wolframalpha.com/_next/static/images/favicon_1zbE9hjk.ico";
+        definedAliases = [ "@wa" ];
+      };
+      "Reddit" = {
+        urls = [ { template = "https://www.reddit.com/search/?q={searchTerms}"; } ];
+        iconURL = "https://www.reddit.com/favicon.ico";
+        definedAliases = [ "@r" ];
+      };
+    };
+  };
+
   commonExtensions = with firefox-addons; [
     dictionary-german
     proton-pass
@@ -64,11 +190,13 @@ in
       private = {
         id = 0;
         settings = commonSettings;
+        search = commonSearch;
         extensions = commonExtensions;
       };
       work = {
         id = 1;
         settings = commonSettings;
+        search = commonSearch;
         extensions =
           commonExtensions
           ++ (with firefox-addons; [