From ff8fdccc05f1046da515edb0151014dcb1afcd46 Mon Sep 17 00:00:00 2001
From: Yusuf Bera Ertan <y.bera003.06@protonmail.com>
Date: Mon, 8 May 2023 23:09:44 +0300
Subject: [PATCH] fix add stuff

---
 flake.lock                                   | 389 ++++++++++++++++++-
 flake.nix                                    |   7 +
 hosts/tkaronto/default.nix                   |   1 +
 hosts/tkaronto/modules/secrets.nix           |   9 +-
 hosts/tkaronto/modules/wireguard.nix         |  43 +-
 hosts/wolumonde/default.nix                  |  12 +-
 hosts/wolumonde/modules/bernbot.nix          |   3 +-
 hosts/wolumonde/modules/blog.nix             |   2 +-
 hosts/wolumonde/modules/conduit.nix          |   2 +-
 hosts/wolumonde/modules/gitea.nix            |   2 +-
 hosts/wolumonde/modules/musikquadrupled.nix  |  37 ++
 hosts/wolumonde/modules/musikspider.nix      |  11 +
 hosts/wolumonde/modules/nginx.nix            |  12 +
 hosts/wolumonde/modules/secrets.nix          |   8 +-
 hosts/wolumonde/modules/wireguard.nix        |  55 ++-
 modules/network/dns/cloudflare.nix           |   4 +-
 pkgs-set/overlays/musikcube.nix              |   3 +
 secrets/musikquadConfig.age                  | Bin 0 -> 1395 bytes
 secrets/secrets.nix                          |   4 +-
 users/modules/musikcube/default-config.json  |  45 +++
 users/modules/musikcube/default.nix          |  22 ++
 users/modules/musikcubed/default-config.json |  13 +
 users/modules/musikcubed/default.nix         |  34 ++
 users/patriot/default.nix                    |   8 +-
 24 files changed, 687 insertions(+), 39 deletions(-)
 create mode 100644 hosts/wolumonde/modules/musikquadrupled.nix
 create mode 100644 hosts/wolumonde/modules/musikspider.nix
 create mode 100644 pkgs-set/overlays/musikcube.nix
 create mode 100644 secrets/musikquadConfig.age
 create mode 100644 users/modules/musikcube/default-config.json
 create mode 100644 users/modules/musikcube/default.nix
 create mode 100644 users/modules/musikcubed/default-config.json
 create mode 100644 users/modules/musikcubed/default.nix

diff --git a/flake.lock b/flake.lock
index 45978b3..a9f6b66 100644
--- a/flake.lock
+++ b/flake.lock
@@ -210,6 +210,22 @@
         "type": "github"
       }
     },
+    "crane_4": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1670900067,
+        "narHash": "sha256-VXVa+KBfukhmWizaiGiHRVX/fuk66P8dgSFfkVN4/MY=",
+        "owner": "ipetkov",
+        "repo": "crane",
+        "rev": "59b31b41a589c0a65e4a1f86b0e5eac68081468b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ipetkov",
+        "repo": "crane",
+        "type": "github"
+      }
+    },
     "darwin": {
       "inputs": {
         "nixpkgs": [
@@ -379,6 +395,77 @@
         "type": "github"
       }
     },
+    "dream2nix_3": {
+      "inputs": {
+        "all-cabal-json": [
+          "musikquad",
+          "nci"
+        ],
+        "crane": "crane_4",
+        "devshell": [
+          "musikquad",
+          "nci"
+        ],
+        "drv-parts": "drv-parts_2",
+        "flake-compat": "flake-compat_3",
+        "flake-parts": [
+          "musikquad",
+          "nci",
+          "parts"
+        ],
+        "flake-utils-pre-commit": [
+          "musikquad",
+          "nci"
+        ],
+        "ghc-utils": [
+          "musikquad",
+          "nci"
+        ],
+        "gomod2nix": [
+          "musikquad",
+          "nci"
+        ],
+        "mach-nix": [
+          "musikquad",
+          "nci"
+        ],
+        "nix-pypi-fetcher": [
+          "musikquad",
+          "nci"
+        ],
+        "nixpkgs": [
+          "musikquad",
+          "nci",
+          "nixpkgs"
+        ],
+        "nixpkgsV1": "nixpkgsV1_2",
+        "poetry2nix": [
+          "musikquad",
+          "nci"
+        ],
+        "pre-commit-hooks": [
+          "musikquad",
+          "nci"
+        ],
+        "pruned-racket-catalog": [
+          "musikquad",
+          "nci"
+        ]
+      },
+      "locked": {
+        "lastModified": 1680605243,
+        "narHash": "sha256-dUrxj653kcLvjNKRI7NoTJoj+Q7G+vOYsl4iuwtnIWo=",
+        "owner": "nix-community",
+        "repo": "dream2nix",
+        "rev": "34a80ab215f1f24068ea9c76f3a7e5bc19478653",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "dream2nix",
+        "type": "github"
+      }
+    },
     "drv-parts": {
       "inputs": {
         "flake-compat": [
@@ -414,6 +501,41 @@
         "type": "github"
       }
     },
+    "drv-parts_2": {
+      "inputs": {
+        "flake-compat": [
+          "musikquad",
+          "nci",
+          "dream2nix",
+          "flake-compat"
+        ],
+        "flake-parts": [
+          "musikquad",
+          "nci",
+          "dream2nix",
+          "flake-parts"
+        ],
+        "nixpkgs": [
+          "musikquad",
+          "nci",
+          "dream2nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1680172861,
+        "narHash": "sha256-QMyI338xRxaHFDlCXdLCtgelGQX2PdlagZALky4ZXJ8=",
+        "owner": "davhau",
+        "repo": "drv-parts",
+        "rev": "ced8a52f62b0a94244713df2225c05c85b416110",
+        "type": "github"
+      },
+      "original": {
+        "owner": "davhau",
+        "repo": "drv-parts",
+        "type": "github"
+      }
+    },
     "fenix": {
       "inputs": {
         "nixpkgs": [
@@ -500,6 +622,22 @@
         "type": "github"
       }
     },
+    "flake-compat_5": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "locked": {
         "lastModified": 1678901627,
@@ -654,6 +792,82 @@
         "type": "github"
       }
     },
+    "mk-naked-shell_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1681286841,
+        "narHash": "sha256-3XlJrwlR0nBiREnuogoa5i1b4+w/XPe0z8bbrJASw0g=",
+        "owner": "yusdacra",
+        "repo": "mk-naked-shell",
+        "rev": "7612f828dd6f22b7fb332cc69440e839d7ffe6bd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "yusdacra",
+        "repo": "mk-naked-shell",
+        "type": "github"
+      }
+    },
+    "musikquad": {
+      "inputs": {
+        "nci": "nci_3",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "parts": "parts_5"
+      },
+      "locked": {
+        "lastModified": 1683296163,
+        "narHash": "sha256-pOdVitwRl8gUNMxInXwJJtXffSYYsAc0EWkFSFGvrRk=",
+        "owner": "yusdacra",
+        "repo": "musikquadrupled",
+        "rev": "e259740d501d00fb3548b0be145817ef8fdc35ae",
+        "type": "github"
+      },
+      "original": {
+        "owner": "yusdacra",
+        "repo": "musikquadrupled",
+        "type": "github"
+      }
+    },
+    "musikspider": {
+      "inputs": {
+        "naked-shell": "naked-shell",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "parts": "parts_6",
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1683276540,
+        "narHash": "sha256-JiuT8wmMH+vNVyBS18i/RNLDBUDEUCNdeqkwPQYsMDM=",
+        "owner": "yusdacra",
+        "repo": "musikspider",
+        "rev": "913b0df0b0a5ed78aa761584d9c6f87eff0e781d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "yusdacra",
+        "repo": "musikspider",
+        "type": "github"
+      }
+    },
+    "naked-shell": {
+      "locked": {
+        "lastModified": 1681286841,
+        "narHash": "sha256-3XlJrwlR0nBiREnuogoa5i1b4+w/XPe0z8bbrJASw0g=",
+        "owner": "yusdacra",
+        "repo": "mk-naked-shell",
+        "rev": "7612f828dd6f22b7fb332cc69440e839d7ffe6bd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "yusdacra",
+        "repo": "mk-naked-shell",
+        "type": "github"
+      }
+    },
     "nci": {
       "inputs": {
         "devshell": "devshell",
@@ -706,13 +920,38 @@
         "type": "github"
       }
     },
+    "nci_3": {
+      "inputs": {
+        "dream2nix": "dream2nix_3",
+        "mk-naked-shell": "mk-naked-shell_2",
+        "nixpkgs": [
+          "musikquad",
+          "nixpkgs"
+        ],
+        "parts": "parts_4",
+        "rust-overlay": "rust-overlay_4"
+      },
+      "locked": {
+        "lastModified": 1681711895,
+        "narHash": "sha256-/EeP+RRIw68/0C7CaOAElYQ2pXZAQCWnnU/qjO8OKKM=",
+        "owner": "yusdacra",
+        "repo": "nix-cargo-integration",
+        "rev": "cee5dba8ca34ccb0829ae3812d23afbea1fd9d5d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "yusdacra",
+        "repo": "nix-cargo-integration",
+        "type": "github"
+      }
+    },
     "nil": {
       "inputs": {
         "flake-utils": "flake-utils_3",
         "nixpkgs": [
           "nixpkgs"
         ],
-        "rust-overlay": "rust-overlay_4"
+        "rust-overlay": "rust-overlay_5"
       },
       "locked": {
         "lastModified": 1680544266,
@@ -830,6 +1069,40 @@
         "type": "github"
       }
     },
+    "nixpkgs-lib_3": {
+      "locked": {
+        "dir": "lib",
+        "lastModified": 1680213900,
+        "narHash": "sha256-cIDr5WZIj3EkKyCgj/6j3HBH4Jj1W296z7HTcWj1aMA=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "e3652e0735fbec227f342712f180f4f21f0594f2",
+        "type": "github"
+      },
+      "original": {
+        "dir": "lib",
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-master": {
+      "locked": {
+        "lastModified": 1683296009,
+        "narHash": "sha256-qc9IVP773bE1mEygZx70OGQQ23loAOwgiED86mRVfMk=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "00c0a2333ff02d1f4a7dbf2080648c9d969e0236",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "master",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs-wayland": {
       "flake": false,
       "locked": {
@@ -861,6 +1134,21 @@
         "type": "indirect"
       }
     },
+    "nixpkgsV1_2": {
+      "locked": {
+        "lastModified": 1678500271,
+        "narHash": "sha256-tRBLElf6f02HJGG0ZR7znMNFv/Uf7b2fFInpTHiHaSE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "5eb98948b66de29f899c7fe27ae112a47964baf8",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-22.11",
+        "type": "indirect"
+      }
+    },
     "nixpkgs_2": {
       "locked": {
         "lastModified": 1680213900,
@@ -966,6 +1254,67 @@
         "type": "github"
       }
     },
+    "parts_4": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "musikquad",
+          "nci",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1680392223,
+        "narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "parts_5": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "musikquad",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1680392223,
+        "narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "parts_6": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib_3"
+      },
+      "locked": {
+        "lastModified": 1680392223,
+        "narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "agenix": "agenix",
@@ -975,11 +1324,14 @@
         "conduit": "conduit",
         "helix": "helix",
         "home": "home",
+        "musikquad": "musikquad",
+        "musikspider": "musikspider",
         "nil": "nil",
         "nixinate": "nixinate",
         "nixos-hardware": "nixos-hardware",
         "nixos-persistence": "nixos-persistence",
         "nixpkgs": "nixpkgs_3",
+        "nixpkgs-master": "nixpkgs-master",
         "nixpkgs-wayland": "nixpkgs-wayland",
         "nur": "nur",
         "stylix": "stylix",
@@ -1069,6 +1421,22 @@
       }
     },
     "rust-overlay_4": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1681697975,
+        "narHash": "sha256-47DFtN5PX05eD8ObImkSu2W0hyyZ5cK1Tl9EvmW2NnU=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "ffe47b90076067ad5dc25fe739d95a463bdf3c59",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "rust-overlay_5": {
       "inputs": {
         "flake-utils": [
           "nil",
@@ -1096,7 +1464,7 @@
     "stylix": {
       "inputs": {
         "base16": "base16",
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat_4",
         "home-manager": [
           "home"
         ],
@@ -1119,6 +1487,21 @@
         "type": "github"
       }
     },
+    "systems": {
+      "locked": {
+        "lastModified": 1680978846,
+        "narHash": "sha256-Gtqg8b/v49BFDpDetjclCYXm8mAnTrUzR0JnE2nv5aw=",
+        "owner": "nix-systems",
+        "repo": "x86_64-linux",
+        "rev": "2ecfcac5e15790ba6ce360ceccddb15ad16d08a8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "x86_64-linux",
+        "type": "github"
+      }
+    },
     "utils": {
       "locked": {
         "lastModified": 1678901627,
@@ -1136,7 +1519,7 @@
     },
     "vscode-extensions": {
       "inputs": {
-        "flake-compat": "flake-compat_4",
+        "flake-compat": "flake-compat_5",
         "flake-utils": "flake-utils_4",
         "nixpkgs": [
           "nixpkgs"
diff --git a/flake.nix b/flake.nix
index e392703..d12b80e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,6 +2,7 @@
   description = "config!!!";
 
   inputs = {
+    nixpkgs-master.url = "github:nixos/nixpkgs/master";
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     nur.url = "github:nix-community/NUR";
 
@@ -44,6 +45,12 @@
     agenix.url = "github:ryantm/agenix";
     agenix.inputs.nixpkgs.follows = "nixpkgs";
 
+    musikquad.url = "github:yusdacra/musikquadrupled";
+    musikquad.inputs.nixpkgs.follows = "nixpkgs";
+
+    musikspider.url = "github:yusdacra/musikspider";
+    musikspider.inputs.nixpkgs.follows = "nixpkgs";
+
     # needed for hyprland setup
     # hyprland.url = "github:hyprwm/Hyprland";
     # hyprland.inputs.nixpkgs.follows = "nixpkgs";
diff --git a/hosts/tkaronto/default.nix b/hosts/tkaronto/default.nix
index 05dcf0f..0187db3 100644
--- a/hosts/tkaronto/default.nix
+++ b/hosts/tkaronto/default.nix
@@ -115,6 +115,7 @@
   };
 
   networking.firewall.allowedUDPPorts = [49152];
+  networking.firewall.allowedTCPPorts = [7905 7906];
 
   # for tailscale
   networking.firewall.checkReversePath = "loose";
diff --git a/hosts/tkaronto/modules/secrets.nix b/hosts/tkaronto/modules/secrets.nix
index 12311e5..305c1ec 100644
--- a/hosts/tkaronto/modules/secrets.nix
+++ b/hosts/tkaronto/modules/secrets.nix
@@ -1,6 +1,11 @@
 {
-  age.identityPaths = ["/etc/nixos/keys/ssh_key"];
+  age.identityPaths = ["/persist/keys/ssh_key"];
 
   age.secrets.nixGithubAccessToken.file = ../../../secrets/nixGithubAccessToken.age;
-  age.secrets.wgTkarontoKey.file = ../../../secrets/wgTkarontoKey.age;
+  age.secrets.wgTkarontoKey = {
+    file = ../../../secrets/wgTkarontoKey.age;
+    mode = "600";
+    owner = "systemd-network";
+    group = "systemd-network";
+  };
 }
diff --git a/hosts/tkaronto/modules/wireguard.nix b/hosts/tkaronto/modules/wireguard.nix
index 3b0f7a3..c70a649 100644
--- a/hosts/tkaronto/modules/wireguard.nix
+++ b/hosts/tkaronto/modules/wireguard.nix
@@ -1,11 +1,36 @@
 {config, ...}: {
-  networking.wireguard.enable = true;
-  networking.wireguard.interfaces."wg0" = {
-    privateKeyFile = config.age.secrets.wgTkarontoKey.path;
-    peers = [{
-      publicKey = builtins.readFile ./wgWolumondeKey.pub;
-      allowedIPs = ["10.99.0.1/32"];
-      endpoint = "${builtins.readFile ./wgWolumondeIp}:51820";
-    }];
+  systemd.network.enable = true;
+  systemd.network.netdevs."wg0" = {
+    enable = true;
+    netdevConfig = {
+      Name = "wg0";
+      Kind = "wireguard";
+    };
+    wireguardConfig = {
+      PrivateKeyFile = config.age.secrets.wgTkarontoKey.path;
+    };
+    wireguardPeers = [
+      {
+        wireguardPeerConfig = {
+          PublicKey = builtins.readFile ./wgWolumondeKey.pub;
+          AllowedIPs = ["10.99.0.1/32"];
+          Endpoint = "${builtins.readFile ./wgWolumondeIp}:51820";
+          PersistentKeepalive = 25;
+        };
+      }
+    ];
   };
-}
\ No newline at end of file
+  systemd.network.networks."wg0" = {
+    matchConfig.Name = "wg0";
+    networkConfig.Address = "10.99.0.2/24";
+    # routes = [
+    #   {
+    #     routeConfig = {
+    #       Gateway = "10.99.0.1";
+    #       Destination = "10.99.0.0/24";
+    #       GatewayOnLink = true;
+    #     };
+    #   }
+    # ];
+  };
+}
diff --git a/hosts/wolumonde/default.nix b/hosts/wolumonde/default.nix
index 8a41124..4da8c90 100644
--- a/hosts/wolumonde/default.nix
+++ b/hosts/wolumonde/default.nix
@@ -2,10 +2,12 @@
   inputs,
   tlib,
   ...
-}: { 
-  imports = [
-    inputs.agenix.nixosModules.default
-  ] ++ (tlib.importFolder (toString ./modules));
+}: {
+  imports =
+    [
+      inputs.agenix.nixosModules.default
+    ]
+    ++ (tlib.importFolder (toString ./modules));
 
   boot.cleanTmpDir = true;
   zramSwap.enable = true;
@@ -13,7 +15,7 @@
   # firewall stuffs
   networking.firewall = {
     enable = true;
-    allowedTCPPorts = [22 80 443];
+    allowedTCPPorts = [22 80 443 5005];
     allowedUDPPortRanges = [];
   };
 
diff --git a/hosts/wolumonde/modules/bernbot.nix b/hosts/wolumonde/modules/bernbot.nix
index b28fe49..1f9e3c0 100644
--- a/hosts/wolumonde/modules/bernbot.nix
+++ b/hosts/wolumonde/modules/bernbot.nix
@@ -1,4 +1,5 @@
 {
+  config,
   inputs,
   pkgs,
   lib,
@@ -17,7 +18,7 @@ in {
         Restart = "on-failure";
         RestartSec = 5;
         WorkingDirectory = "/var/lib/bernbot";
-        EnvironmentFile = "${inputs.self}/secrets/bernbot_token";
+        EnvironmentFile = config.age.secrets.bernbotToken.path;
       }
     ];
   };
diff --git a/hosts/wolumonde/modules/blog.nix b/hosts/wolumonde/modules/blog.nix
index 3de46e3..db013c8 100644
--- a/hosts/wolumonde/modules/blog.nix
+++ b/hosts/wolumonde/modules/blog.nix
@@ -4,7 +4,7 @@
   ...
 }: {
   services.nginx.virtualHosts."gaze.systems" = {
-    enableACME = true;
+    useACMEHost = "gaze.systems";
     forceSSL = true;
     root = "${inputs.blog.packages.${pkgs.system}.site}";
     locations."/".extraConfig = ''
diff --git a/hosts/wolumonde/modules/conduit.nix b/hosts/wolumonde/modules/conduit.nix
index 32a2917..aa78dcd 100644
--- a/hosts/wolumonde/modules/conduit.nix
+++ b/hosts/wolumonde/modules/conduit.nix
@@ -32,7 +32,7 @@ in {
   };
 
   services.nginx.virtualHosts."matrix.gaze.systems" = {
-    enableACME = true;
+    useACMEHost = "gaze.systems";
     forceSSL = true;
     locations."/".proxyPass = "http://localhost:${toString config.services.matrix-conduit.settings.global.port}";
   };
diff --git a/hosts/wolumonde/modules/gitea.nix b/hosts/wolumonde/modules/gitea.nix
index c9709b2..a8aee1e 100644
--- a/hosts/wolumonde/modules/gitea.nix
+++ b/hosts/wolumonde/modules/gitea.nix
@@ -11,7 +11,7 @@
   };
 
   services.nginx.virtualHosts."git.gaze.systems" = {
-    enableACME = true;
+    useACMEHost = "gaze.systems";
     forceSSL = true;
     locations."/".proxyPass = "http://localhost:3001";
   };
diff --git a/hosts/wolumonde/modules/musikquadrupled.nix b/hosts/wolumonde/modules/musikquadrupled.nix
new file mode 100644
index 0000000..f270d8e
--- /dev/null
+++ b/hosts/wolumonde/modules/musikquadrupled.nix
@@ -0,0 +1,37 @@
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}: let
+  pkg = inputs.musikquad.packages.${pkgs.system}.default;
+in {
+  users.users.musikquad = {
+    isSystemUser = true;
+    group = "musikquad";
+  };
+  users.groups.musikquad = {};
+
+  systemd.services.musikquadrupled = {
+    description = "musikquadrupled";
+    wantedBy = ["multi-user.target"];
+    after = ["network.target"];
+    serviceConfig = {
+      User = "musikquad";
+      ExecStart = "${pkg}/bin/musikquadrupled";
+      Restart = "on-failure";
+      RestartSec = 5;
+      WorkingDirectory = "/var/lib/musikquad";
+      EnvironmentFile = config.age.secrets.musikquadConfig.path;
+    };
+  };
+
+  services.nginx.virtualHosts."mq.gaze.systems" = {
+    useACMEHost = "gaze.systems";
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://localhost:5005";
+      proxyWebsockets = true;
+    };
+  };
+}
diff --git a/hosts/wolumonde/modules/musikspider.nix b/hosts/wolumonde/modules/musikspider.nix
new file mode 100644
index 0000000..3bf5571
--- /dev/null
+++ b/hosts/wolumonde/modules/musikspider.nix
@@ -0,0 +1,11 @@
+{
+  pkgs,
+  inputs,
+  ...
+}: {
+  services.nginx.virtualHosts."ms.gaze.systems" = {
+    useACMEHost = "gaze.systems";
+    forceSSL = true;
+    root = "${inputs.musikspider.packages.${pkgs.system}.musikspider}";
+  };
+}
diff --git a/hosts/wolumonde/modules/nginx.nix b/hosts/wolumonde/modules/nginx.nix
index cf5af7e..9f7b4c1 100644
--- a/hosts/wolumonde/modules/nginx.nix
+++ b/hosts/wolumonde/modules/nginx.nix
@@ -6,8 +6,20 @@
     recommendedGzipSettings = true;
     recommendedProxySettings = true;
   };
+
+  users.users.nginx.extraGroups = ["acme"];
+
   security.acme = {
     acceptTerms = true;
     defaults.email = (import "${inputs.self}/personal.nix").emails.primary;
+    certs."gaze.systems" = {
+      webroot = "/var/lib/acme/acme-challenge";
+      extraDomainNames = [
+        "git.gaze.systems"
+        "matrix.gaze.systems"
+        "ms.gaze.systems"
+        "mq.gaze.systems"
+      ];
+    };
   };
 }
diff --git a/hosts/wolumonde/modules/secrets.nix b/hosts/wolumonde/modules/secrets.nix
index eb9e29d..82993d0 100644
--- a/hosts/wolumonde/modules/secrets.nix
+++ b/hosts/wolumonde/modules/secrets.nix
@@ -1,4 +1,10 @@
 {
   age.secrets.bernbotToken.file = ../../../secrets/bernbotToken.age;
-  age.secrets.wgWolumondeKey.file = ../../../secrets/wgWolumondeKey.age;
+  age.secrets.wgWolumondeKey = {
+    file = ../../../secrets/wgWolumondeKey.age;
+    mode = "600";
+    owner = "systemd-network";
+    group = "systemd-network";
+  };
+  age.secrets.musikquadConfig.file = ../../../secrets/musikquadConfig.age;
 }
diff --git a/hosts/wolumonde/modules/wireguard.nix b/hosts/wolumonde/modules/wireguard.nix
index ce8b268..ff94a3e 100644
--- a/hosts/wolumonde/modules/wireguard.nix
+++ b/hosts/wolumonde/modules/wireguard.nix
@@ -1,11 +1,46 @@
-{config, ...}: {
-  networking.wireguard.enable = true;
-  networking.wireguard.interfaces."wg0" = {
-    listenPort = 51820;
-    privateKeyFile = config.age.secrets.wgWolumondeKey.path;
-    peers = [{
-      publicKey = builtins.readFile ./wgTkarontoKey.pub;
-      allowedIPs = ["10.99.0.2/32"];
-    }];
+{
+  config,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = [pkgs.wireguard-tools];
+
+  systemd.network.enable = true;
+  systemd.network.netdevs."wg0" = {
+    enable = true;
+    netdevConfig = {
+      Name = "wg0";
+      Kind = "wireguard";
+    };
+    wireguardConfig = {
+      ListenPort = 51820;
+      PrivateKeyFile = config.age.secrets.wgWolumondeKey.path;
+    };
+    wireguardPeers = [
+      {
+        wireguardPeerConfig = {
+          PublicKey = builtins.readFile ./wgTkarontoKey.pub;
+          AllowedIPs = ["10.99.0.2/32"];
+        };
+      }
+    ];
   };
-}
\ No newline at end of file
+  systemd.network.networks."wg0" = {
+    matchConfig.Name = "wg0";
+    networkConfig.Address = "10.99.0.1/24";
+    # routes = [
+    #   {
+    #     routeConfig = {
+    #       Gateway = "10.99.0.1";
+    #       Destination = "10.99.0.0/24";
+    #     };
+    #   }
+    # ];
+  };
+
+  boot.kernel.sysctl = {
+    "net.ipv4.ip_forward" = 1;
+  };
+
+  networking.firewall.allowedUDPPorts = [51820];
+}
diff --git a/modules/network/dns/cloudflare.nix b/modules/network/dns/cloudflare.nix
index 1191589..21f78f6 100644
--- a/modules/network/dns/cloudflare.nix
+++ b/modules/network/dns/cloudflare.nix
@@ -1,6 +1,6 @@
-{
+{lib, ...}: {
   networking.resolvconf.useLocalResolver = true;
-  networking.networkmanager.dns = "none";
+  networking.networkmanager.dns = lib.mkForce "none";
   services.dnscrypt-proxy2 = {
     enable = true;
     settings = {
diff --git a/pkgs-set/overlays/musikcube.nix b/pkgs-set/overlays/musikcube.nix
new file mode 100644
index 0000000..8527bc4
--- /dev/null
+++ b/pkgs-set/overlays/musikcube.nix
@@ -0,0 +1,3 @@
+{inputs}: final: prev: {
+  musikcube = inputs.nixpkgs-master.legacyPackages.${final.system}.musikcube;
+}
diff --git a/secrets/musikquadConfig.age b/secrets/musikquadConfig.age
new file mode 100644
index 0000000000000000000000000000000000000000..d5de2218cf949e7f0fdc7372f4a83f166813161a
GIT binary patch
literal 1395
zcmXxi>x<h20040D1s9b00C#L4=X1JJ(<DvOfZRx$v`O2fZQ8U=bk3wn(=?CflC){7
zprQ^GnU3>;QxQd-Zcd$#8*Yy2d`x#t5oO?OQ^YaxR7B=*vYq(Bzu@=fr<z96@Y=!H
zkF36TLq9OVAp|66XTq?X3_^8=)ZC$J0+e6saZN$N-EmhLs8OoP#Uj>_1_F*CvR^h`
ztwrQ&9XO=ru&i-Gx@E)lfJpOQaukae0ChYGVmQ%r&_2cUg`kHU!pOwj5)B(jwlf-{
z4J&Vigq3OKC{S#Q1BdqUnpl#URt}W_H5`*@!f&KgV<+Qw#daL_^K)4y%Gq8;SBPen
z_YfYdHRO7s8FWOW5~*y@t(Q=j71#y}(3DJ-Y|F|Jf^PW@RyWcq#3(y(qbSTt1tUlE
z<p9wtaU}OBmzG=k8rd%Pk<7Rg)%qj>G<smx^_$ixq%eidPRdS9GG3_B?b-m;auLio
zdmKaQB<^!)dSvQ4q8Ug!t*XHg9fuqs5IWHc(x%iTbV^mbM!^(8Fca8ehAda;szVTw
zXEnwSBxUGEV$gwxi5%GlM@Fjc4AK!$O!Q4V>vm!cq6WS#tAiRHWD#r5M06fj^(xE6
zUfFf3!-iteCD{mIBQ=QR$ZoI>#uI=iq>&Vl*A<9ynZ^(;PCBS7jWMEPk=3CJdnpRc
zjL<}zKr%epop54y;1e{*@pjm#**PEw37%yYIyxmIC8~h8*hE<w)b+elo{%h<BYc}^
zW21BoQ4~~nHCVN9%NF1<s}yL)hylbL34@$4(J^I=!9m6-z%nRQ9j6o6SqSqIa=FyR
z3m8aGSi4R3@DNYAm2@J53UN~iC?Fc<DN(2qq*52klTMZ*;I_fQ1m*I<h?r0jq={OT
zlLSlt|FNONC<+lX#U59}&6%DyS7(}end~~IQcwFmIUSf%zQ##7mC9vQq$N#4mM;=5
z4yf83>zRQCl_LpdDmG_|McFI(uH@HoDBo9MknTEJaV``8r*&&dGceT9nDK8XXX=HZ
ze7ys7^#+@r^oM)`>_(MgWY?`QECzyIFMu$iM`Aax4}9H3$B-S5#~Dr&)sevxR4|f;
zR?7fP!b9~MDr<Qxi|0y?JSq08aWiUEltkT4NOC7`F&<9h4l`(aG>^oD!t}99gfT!e
znVhLs#7-a6bPZG5sfyQhw2)}!ZQaZE^_GxzGtEJ1Y}Gwl<bc^**6(NT{bq4-s<p`e
zvx42Q|K<qK?LW9?o%hzd{<|K(`}eyK{S9q6aCjb^e(0>VXODI)?Y{HZKVxvyFWS`B
zH~)A$@!hs-y58YWADun2bJOFiR*mKp=bZO)wEBf}ujJ@mON(a~tbMzm-SW;W*e5q`
zX1+|uH?CXUerV+**Cl>sp2ojkxz}Cz=+?ETo<J5K+Pra8xoOq&-=6p<yl9U$na)ps
zKKAN7yB?IpD7pEaQ-3Y&ytVV3f9Iv2PNEx_laJ*ez2xZiCm;Onv)3QK_>CXWy<q<S
z!{PC*XAOnL)!$ET+Hy%?ymwD&`MF)u@%NlNR){Na{_U;$ZBg#n9JPF#`_xz0_O6g-
z*BrsNE%!dY@bi-uv3TX{%O|$~zN71IR}OwLJ$wF>;pwX{-+P+s{($Uor*A)RTW{%w
zjq7I*UYyzU!PLHmts7rF=RQ)p>%f_7Ry_0Jwct<tJ`Y|B)-1iI?0n!V`)Kj~%MP6%
F{0oPx1|t9f

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index fe46942..fd8c250 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,10 +1,10 @@
 let
   yusdacra = builtins.readFile ./yusdacra.key.pub;
   wolumonde = builtins.readFile ./wolumonde.key.pub;
-in
-{
+in {
   "wgWolumondeKey.age".publicKeys = [yusdacra wolumonde];
   "wgTkarontoKey.age".publicKeys = [yusdacra];
   "bernbotToken.age".publicKeys = [yusdacra wolumonde];
+  "musikquadConfig.age".publicKeys = [yusdacra wolumonde];
   "nixGithubAccessToken.age".publicKeys = [yusdacra];
 }
diff --git a/users/modules/musikcube/default-config.json b/users/modules/musikcube/default-config.json
new file mode 100644
index 0000000..186aeb7
--- /dev/null
+++ b/users/modules/musikcube/default-config.json
@@ -0,0 +1,45 @@
+{
+  "AppQuitKey": "^D",
+  "AsyncTrackListQueries": true,
+  "AutoHideCommandBar": false,
+  "AutoUpdateCheck": true,
+  "CategoryTrackListSortOrder": 0,
+  "ColorTheme": "",
+  "DisableAlbumArtistFallback": false,
+  "DisableCustomColors": false,
+  "DisableRatingColumn": false,
+  "DisableWindowTitleUpdates": true,
+  "FirstRunSettingsDisplayed": true,
+  "IndexerLogEnabled": false,
+  "IndexerThreadCount": 4,
+  "IndexerTransactionInterval": 300,
+  "InheritBackgroundColor": false,
+  "LastAcknowledgedUpdateVersion": "3.0.0",
+  "LastFmSessionId": "",
+  "LastFmToken": "",
+  "LastFmUsername": "",
+  "LibraryType": 1,
+  "Locale": "en_US",
+  "MinimizeToTray": false,
+  "PiggyEnabled": false,
+  "PlaybackTrackQueryTimeoutMs": 5000,
+  "RatingNegativeChar": "·",
+  "RatingPositiveChar": "★",
+  "RemoteLibraryHostname": "127.0.0.1",
+  "RemoteLibraryHttpPort": 7906,
+  "RemoteLibraryHttpTls": false,
+  "RemoteLibraryIgnoreVersionMismatch": 0,
+  "RemoteLibraryLatencyTimeoutMs": 5000,
+  "RemoteLibraryPassword": "",
+  "RemoteLibraryTranscoderBitrate": 192,
+  "RemoteLibraryTranscoderEnabled": false,
+  "RemoteLibraryTranscoderFormat": "ogg",
+  "RemoteLibraryWssPort": 7905,
+  "RemoteLibraryWssTls": false,
+  "RemoveMissingFiles": true,
+  "SaveSessionOnExit": true,
+  "StartMinimized": false,
+  "SyncOnStartup": true,
+  "TrackSearchSortOrder": 0,
+  "UsePaletteColors": true
+}
\ No newline at end of file
diff --git a/users/modules/musikcube/default.nix b/users/modules/musikcube/default.nix
new file mode 100644
index 0000000..c2ff4c5
--- /dev/null
+++ b/users/modules/musikcube/default.nix
@@ -0,0 +1,22 @@
+{config, pkgs, lib, ...}: let
+  cfg = config.programs.musikcube;
+in {
+  options = {
+    programs.musikcube = {
+      enable = lib.mkEnableOption "whether to enable musikcube";
+      package = lib.mkOption {
+        type = lib.types.package;
+        default = pkgs.musikcube;
+      };
+      settings = lib.mkOption {
+        type = (pkgs.formats.json {}).type;
+        default = builtins.fromJSON (builtins.readFile ./default-config.json);
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    home.packages = [cfg.package];
+    xdg.configFile."musikcube/settings.json".text = builtins.toJSON cfg.settings;
+  };
+}
diff --git a/users/modules/musikcubed/default-config.json b/users/modules/musikcubed/default-config.json
new file mode 100644
index 0000000..0844538
--- /dev/null
+++ b/users/modules/musikcubed/default-config.json
@@ -0,0 +1,13 @@
+{
+  "debug": false,
+  "http_server_enabled": true,
+  "http_server_port": 7906,
+  "password": "",
+  "transcoder_cache_count": 50,
+  "transcoder_max_active_count": 4,
+  "transcoder_synchronous": false,
+  "transcoder_synchronous_fallback": false,
+  "use_ipv6": false,
+  "websocket_server_enabled": true,
+  "websocket_server_port": 7905
+}
\ No newline at end of file
diff --git a/users/modules/musikcubed/default.nix b/users/modules/musikcubed/default.nix
new file mode 100644
index 0000000..d178f10
--- /dev/null
+++ b/users/modules/musikcubed/default.nix
@@ -0,0 +1,34 @@
+{config, lib, pkgs, ...}: let
+  cfg = config.services.musikcubed;
+in {
+  options = {
+    services.musikcubed = {
+      enable = lib.mkEnableOption "whether to enable musikcubed";
+      package = lib.mkOption {
+        type = lib.types.package;
+        default = pkgs.musikcube;
+      };
+      settings = lib.mkOption {
+        type = (pkgs.formats.json {}).type;
+        default = builtins.fromJSON (builtins.readFile ./default-config.json);
+      };
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    systemd.user.services.musikcubed = {
+      Install = {
+        WantedBy = ["multi-user.target"];
+      };
+      Unit = {
+        Description = "musikcubed";
+        After = "network.target";
+      };
+      Service = {
+        ExecStart = "${cfg.package}/bin/musikcubed --foreground";
+        Restart = "on-failure";
+        RestartSec = 5;
+      };
+    };
+    xdg.configFile."musikcube/plugin_musikcubeserver(wss,http).json".text = builtins.toJSON cfg.settings;
+  };
+}
diff --git a/users/patriot/default.nix b/users/patriot/default.nix
index 084e715..0ba1a5d 100644
--- a/users/patriot/default.nix
+++ b/users/patriot/default.nix
@@ -112,7 +112,7 @@ in {
         ["zoxide" "zsh" "fzf" "starship" "direnv"]
         # dev stuff
         ["helix" "code" "git" "ssh"]
-        ["lollypop"]
+        ["musikcube" "musikcubed"]
       ];
     in
       l.flatten [
@@ -149,6 +149,7 @@ in {
         ++ mkPaths ".config" [
           # "lutris"
           "dconf"
+          "musikcube"
         ];
       files = l.flatten [
         ".config/gnome-initial-setup-done"
@@ -200,6 +201,7 @@ in {
       ];
     };
     programs = {
+      musikcube.enable = true;
       command-not-found.enable =
         nixosConfig.programs.command-not-found.enable;
       git = {
@@ -212,6 +214,10 @@ in {
       };
     };
     services = {
+      musikcubed = {
+        enable = true;
+        settings.password = "somethingidk";
+      };
       gpg-agent = let
         defaultCacheTtl = 3600 * 6;
         maxCacheTtl = 3600 * 24;