feat: wsl: some things

.sops.yaml

@@ -1,10 +1,10 @@
 keys:
-  - &snuff        age1w4hw2ntxrtfqhht63s9lf7nhjxjmdcc927hndn5ygcqqj532qssq4m2m6p
+  - &snuff          age1w4hw2ntxrtfqhht63s9lf7nhjxjmdcc927hndn5ygcqqj532qssq4m2m6p
-  - &yukkop       age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h
+  - &yukkop         age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h
-  - &bfs-server   age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
+  - &bfs-server     age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
   - &bfs-pol-server age1fpytf05sg9n6ywpwkmn09lhpfvgtud9h75h76jhxha475zpnasqq952rpu
-  - &neuro-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
+  - &neuro-server   age1ak7heljpr0pjr4m0rcwxgn3sp0jjxw03lxyf33r8lcemqh2u2sgqx0aplq
-  - &games-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
+  - &games-server   age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
 
 creation_rules:
   - path_regex: sus/home.xray.yaml$

nixos/module/hectic/archetype/base.nix

@@ -17,8 +17,12 @@ in {
   options.hectic.archetype.base.enable = lib.mkEnableOption "Enable archetupe.dev";
 
   config = lib.mkIf cfg.enable {
-    programs.zsh.shellAliases = self.lib.sharedShellAliases;
+    hectic = {
-    programs.zsh.enable = true;
+      program.zsh.enable    = lib.mkDefault true;
+      program.tmux.enable   = lib.mkDefault true;
+      program.nixvim.enable = lib.mkDefault true;
+    };
+
     users.defaultUserShell = pkgs.zsh;
 
     # Enable flakes and new 'nix' command

nixos/module/hectic/archetype/dev.nix

@@ -11,6 +11,7 @@
 }: let
   cfg = config.hectic.archetype.dev;
 in {
+  # necessary imports:
   imports = [
     (modulesPath + "/profiles/qemu-guest.nix")
   ];
@@ -19,8 +20,6 @@ in {
 
   config = lib.mkIf cfg.enable {
     hectic.archetype.base.enable = true;
-    hectic.program.zsh.enable    = true;
-    hectic.program.nixvim.enable = true;
 
     services.getty.autologinUser = "root";
 

nixos/module/hectic/program/tmux.nix

@@ -0,0 +1,61 @@
+{
+  inputs,
+  flake,
+  self,
+}: {
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.hectic.program.tmux;
+in {
+  imports = [
+    inputs.home-manager.nixosModules.home-manager
+  ];
+
+  options.hectic.program.tmux.enable = lib.mkEnableOption "Enable hectic tmux config";
+
+  config = lib.mkIf cfg.enable {
+    programs.tmux.enable = true;
+
+    # alias depends on newSession = true (auto-creates session on attach)
+    programs.zsh.shellAliases.tmux = "tmux a";
+    programs.bash.shellAliases.tmux = "tmux a";
+
+    home-manager.sharedModules = [
+      {
+        programs.tmux = {
+          enable = true;
+          plugins = with pkgs.tmuxPlugins; [ resurrect continuum ];
+          keyMode = "vi";
+          escapeTime = 500;
+          historyLimit = 50000;
+          newSession = true;
+          extraConfig = ''
+            # resurrect
+            set -g @resurrect-strategy-vim 'session'
+            set -g @resurrect-strategy-nvim 'session'
+            set -g @resurrect-capture-pane-contents 'on'
+
+            resurrect_dir="$HOME/.tmux/resurrect"
+            set -g @resurrect-dir $resurrect_dir
+            set -g @resurrect-hook-post-save-all 'target=$(readlink -f $resurrect_dir/last); sed "s| --cmd .*-vim-pack-dir||g; s|/etc/profiles/per-user/$USER/bin/||g; s|/home/$USER/.nix-profile/bin/||g" $target | sponge $target'
+
+            # continuum
+            set -g @continuum-restore 'on'
+            set -g @continuum-boot 'on'
+            set -g @continuum-save-interval '10'
+
+            bind-key    -T copy-mode-vi v                  send-keys -X begin-selection
+            bind-key    -T copy-mode-vi C-v                send-keys -X rectangle-toggle
+
+            bind-key O select-pane -t :.-
+          '';
+        };
+      }
+    ];
+
+    home-manager.users.root.home.stateVersion = lib.mkDefault "25.05";
+  };
+}

nixos/module/hectic/service/element-rtc.nix

@@ -1,7 +1,17 @@
-{ pkgs, lib, config, ... }: let
+{
-  cfg = config.currentServer.matrix;
+  inputs,
+  flake,
+  self,
+}:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.hectic.services.matrix;
 in {
-  config  = let 
+  config = lib.mkIf cfg.enable (let
     keyFile = "/run/livekit.key";
   in {
     services.livekit = {
@@ -94,5 +104,5 @@ in {
         7881
       ];
     };
-  };
+  });
 }

nixos/module/hectic/service/element.nix

@@ -1,7 +1,17 @@
-{ config, lib, pkgs, ... }: let
+{
-  cfg = config.currentServer.matrix;
+  inputs,
+  flake,
+  self,
+}:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.hectic.services.matrix;
 in {
-  config = {
+  config = lib.mkIf cfg.enable {
     services.nginx.virtualHosts."element.${cfg.matrixDomain}" = {
       enableACME = true;
       forceSSL = true;

nixos/module/hectic/service/matrix.nix

@@ -1,8 +1,19 @@
-{ pkgs, lib, config, ... }: let
+{
-  cfg = config.currentServer.matrix;
+  inputs,
+  flake,
+  self,
+}:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.hectic.services.matrix;
 in {
   options = {
-    currentServer.matrix = {
+    hectic.services.matrix = {
+      enable = lib.mkEnableOption "Matrix Synapse homeserver with PostgreSQL and nginx";
       secretsFile = lib.mkOption {
         type = lib.types.path;
         description = ''
@@ -40,7 +51,7 @@ in {
       };
     };
   };
-  config  = {
+  config = lib.mkIf cfg.enable {
     services.matrix-synapse = {
       enable = true;
       settings = {

nixos/module/hectic/service/voice-tune.nix

@@ -1,9 +1,17 @@
-{ lib, config, ... }: let
+{
-  cfg = config.currentServer.matrix;
+  inputs,
-  shared_secret = "secret";
+  flake,
+  self,
+}:
+{
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.hectic.services.matrix;
 in {
   options = {
-    currentServer.matrix = {
+    hectic.services.matrix = {
       turnSecretFile = lib.mkOption {
         type = lib.types.path;
         description = ''
@@ -12,9 +20,16 @@ in {
           just raw secret
         '';
       };
+      publicIp = lib.mkOption {
+        type = lib.types.str;
+        description = ''
+          public IP address of the server, used by coturn for
+          listening and relay
+        '';
+      };
     };
   };
-  config = {
+  config = lib.mkIf cfg.enable {
     services.coturn = rec {
       enable = true;
       realm = cfg.matrixDomain;
@@ -22,9 +37,9 @@ in {
       static-auth-secret-file = cfg.turnSecretFile;
       cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
       pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
-      listening-ips = ["188.137.254.58"];
+      listening-ips = [cfg.publicIp];
       no-tcp-relay = true;
-      relay-ips = ["188.137.254.58"];
+      relay-ips = [cfg.publicIp];
       listening-port = 3478;
       tls-listening-port = 5349;
       no-cli = true;

nixos/system/bfs/bfs.nix

@@ -10,7 +10,6 @@
   ...
 }: let
   xrayPort = 10086;
-  matrixDomain = "accord.tube";
 in {
   # TODO:
   # white list
@@ -21,22 +20,18 @@ in {
   imports = [
     self.nixosModules.hectic
     inputs.sops-nix.nixosModules.sops
-    #./voice-tune.nix
-    #./matrix.nix
-    #./element-rtc.nix
-    #./element.nix
   ];
 
-  #currentServer = {
+  #hectic.services.matrix = {
-  #  matrix = {
+  #  enable           = true;
-  #    secretsFile  = config.sops.secrets."matrix/secrets".path;
+  #  secretsFile      = config.sops.secrets."matrix/secrets".path;
-  #    turnSecretFile = config.sops.secrets."matrix/turn-secret".path; 
+  #  turnSecretFile   = config.sops.secrets."matrix/turn-secret".path;
-  #    postgresql   = {
+  #  publicIp         = "188.137.254.58";
-  #      port = 5432;
+  #  postgresql = {
-  #      initialEnvFile = config.sops.secrets."init-postgresql".path;
+  #    port           = 5432;
-  #    };
+  #    initialEnvFile = config.sops.secrets."init-postgresql".path;
-  #    matrixDomain   = "accord.tube";
   #  };
+  #  matrixDomain     = "accord.tube";
   #};
 
   services.xray = {

nixos/system/neuro/neuro.nix

@@ -51,6 +51,17 @@
   #   };
   # };
 
+  hectic.services.matrix = {
+    enable           = true;
+    secretsFile      = config.sops.secrets."matrix/secrets".path;
+    turnSecretFile   = config.sops.secrets."matrix/turn-secret".path;
+    postgresql = {
+      port           = 5432;
+      initialEnvFile = config.sops.secrets."init-postgresql".path;
+    };
+    matrixDomain     = "accord.tube";
+  };
+
   networking = {
     networkmanager.enable = true;
     useDHCP = lib.mkDefault true;
@@ -78,6 +89,14 @@
     gnupg.sshKeyPaths         = [ ];
     age.sshKeyPaths           = [ "/etc/ssh/ssh_host_ed25519_key" ];
     defaultSopsFile           = ../../../sus/neuro.yaml;
+
+    secrets."init-postgresql"     = {};
+    secrets."matrix/secrets"      = {};
+    secrets."matrix/turn-secret"  = {
+      owner = "turnserver";
+      group = "turnserver";
+      mode = "0400";
+    };
   };
 
   boot.loader.systemd-boot.enable = true;
@@ -128,7 +147,7 @@
       hectic.py3-openai-shap-e  # Uncomment when needed; depends on torch
     ]);
   in [
-    python-ai
+    #python-ai
     git
     neovim
     wget

nixos/system/wsl/wsl.nix

@@ -14,8 +14,6 @@
 
   hectic = {
     archetype.base.enable = true;
-    program.zsh.enable    = true;
-    program.nixvim.enable = true;
     user.yukkop.enable    = true;
   };
 
@@ -84,6 +82,8 @@
     nrs = "sudo nixos-rebuild switch --flake /home/yukkop/pj/util.nix#wsl";
   };
 
+  users.users.yukkop.shell = pkgs.zsh;
+
   # WSL: keep imperative stateVersion in the system module
   system.stateVersion = "25.05";
 }

sus/neuro.yaml

@@ -1,25 +1,28 @@
-wifi-env: ENC[AES256_GCM,data:omeOzokH2ON9tCvWdEAAooVWe1I2,iv:A3J+5iDymR88xwnJNEEVydfiNjnSE1nyx/rBS2xdjQ4=,tag:TFcu2vtVOLG8Vdft3YRvww==,type:str]
+init-postgresql: ENC[AES256_GCM,data:JUoZk/A3b3xCDWPKt08Uy7PjSmBd3BQqn+uymiBKTA7RLLMTsLxY+CuDRSCobUWN/Xf1eDG+CLaUESvflu4=,iv:miVa2ptLmB4fSz8UPivZbGODaHaTuU8AbQgiLpzn5os=,tag:P8Ww+w24GHuEnXJSsYe23w==,type:str]
+matrix:
+    secrets: ENC[AES256_GCM,data:vL5opJTCzQMQwhxGZm1a2K4lTFySYHAj92EW4JQSKpt3yWQAu3QHLHdt9YGOvb9/c/0APouoc+NeYWKNC5oYcih2H8z4wGfYPImn+bH7OCzr/fAGNxgOlG27cWRbkzkIpbNE7qtll0GPpEL+BsdAklzbZcgMp9s2LvQKYEovrWronBksuTI5sbOtZtoAY40yuYmnuH/Sjp+6az9KlX3fuCrb/HF6UUsPoRz98cYVPcpGiNImb64WwPGUkvDemDzKSLHB9ClUMLWuWJHumameMAKE236bz+Jqlrz5rVhbL9E1oadyw1JgQWlgeA3axKw3Ju+sThalwxQXiW3pZJPGFAmwOoNY6LiH4WBkXnfPlTY7m5f/+6FjFALUFTKHWr+iZ3S1ykUrwJGxCsK6ARBUH7U1CY6fU+fLRxjuyDogGpe7O+TcntxCKHqB/UpNjX1BDbpakOoa,iv:JR2pVrakbhDakRQDC2dfdtB1C2HneJcAtFuHClTw5gU=,tag:OYQYO22o6eKpyMrfZ/VmvA==,type:str]
+    turn-secret: ENC[AES256_GCM,data:d2KxHlbeE1dehmbWy9KLKCT6UuC3bu7LaOeEQTIRTSk/etMpNL9gv2rHBmKQ/35en30PIjsAbQr3nMHLuI6uDA==,iv:Cjyb6LfdVbmlKqO16Cn7jSEy2j/7+xAz1y9UJjcpiuo=,tag:pX6RdGMxWLdP5QzqmS4tow==,type:str]
 sops:
     age:
         - recipient: age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3c0FJa3p4TTlFRk01Y2U4
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoanBQUU1tTlR4ZVZzUVpa
-            a2FOWS8rYy9pSzVvNnFvdU1aYkF0QTUwakFZCks4cG9PdE14cVdXa0M3SCtCQWpS
+            c0dIdkFFRmEzTEpDNXZjK2djMkxuaEJtUkRVCmwyWHJOb0Z2Mmk3UDVNOFlsZHRR
-            UEc1TVhVc1JBdTJQb0NiWitxRmkrZ2cKLS0tIFhOOUg5THozUHZMZmYzeDlpZE0x
+            TEs4UDUyRURVNlMva0lYN25zTllWNFkKLS0tIEhNbDRPWXJZWXpkR0twUzJpNWJD
-            WFhVWWVuUVVXYzhwTWtzamFmSGc5L1kKmkEV+PRreL39DPLDqpiVq18n3DNUZbye
+            UDZLOVVZQkVENnVTeC9VOWQxVTBkVmcKvaoshlHl5ZQ+d/g1jYQvqBw/SucNlpHz
-            G+GU1Uryll85az9juzztvlyhJxcUnJk1L1HUpfFfONR+ph4VgbC7OA==
+            RM3gU0wGOCwtQ1HeX9D5XQUDTO3T+ooao5aaU5zDN3WzBBvFNua2Jg==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
+        - recipient: age1ak7heljpr0pjr4m0rcwxgn3sp0jjxw03lxyf33r8lcemqh2u2sgqx0aplq
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOM2QxMFNyaGZuWS91MFpD
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSXhSSGlLbGdTUkpHbXdm
-            WUczU3lDbjZiSUpkcC94QW5XdkIvVnBYdzAwCjZqQmRldWFEUUJ6NDBIY2hDeEpv
+            Q1B0Y2tVR1M0Zk5IaFlLeVlZU01WN2lZYkJ3CjFHakt3eGNnR2JySkQ3Mzh6NnNX
-            QjYwRmhNaUNFMzV0V0FRYnVDSllKNncKLS0tIFdYSmNpV1Axb0JsRC9ka2FzdFNp
+            ajVwK0tNYVRhVC9YNW9YdFJuMHJjaGMKLS0tIEJBU29PVUZrSWNwbFBId1I0dUUr
-            K3Z0eTVZT0FYTzhiUHUwMnF5NFJxY1kKvPpfuE+3zCs0RnxXLSeuZb11670D7bVT
+            YWNZWGhKNnF6VUNsYnB6UlZFeis0dGsKVFEdSbZdnJhFrUTFrrXza43GcoCk/6m2
-            VObBGfwKYxsjIQBIlzmWZ90oEI874dLjXgvdC0rRexbWQvjEf0bGtw==
+            2qQyFPc/cQQ2xB7ygLfNDK4xKDkvEbKmmwAIttnDbX13qIWWxvblZw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-26T08:50:00Z"
+    lastmodified: "2026-03-02T20:48:15Z"
-    mac: ENC[AES256_GCM,data:7y0VzBoWg2nP6QIOl9xGt+g22r2m/KSJ2ePKTLDDreSieVvEnv5ObwqzS84LyAzw6p9smmvZxiR3BxJrmrdXtoSaFufFgltJ9r41ftYTVSiiCcJXACwAnRX3LIYbooZk48kRqwV68n4+frmuH4oeBWqfwaONV2v2F8TuTJejJIg=,iv:PHqEWTN8dAoUR/Pb2HTGs2Pz96vCgdP5d622fmQC2RM=,tag:MWswXZbSpqDFJ+ZvFQ3jig==,type:str]
+    mac: ENC[AES256_GCM,data:PYuxQRG0VIq6XmsdiH6JeC9XPPE084/keH7j/Os9qCtBZRP2b4d8yUcIFPYXpP3G9uLS55YvAOWMw9zlxpG2QM/TNwRxJ/3kziaA9sB6uA3o1DDxfhwZFiRcB5sGPB5Sh8bHYMMdk/s3KcipJ7FdSYrNn+/dGguDGAlSyruEMME=,iv:MJlGblf/VHvAr3jGRVvt0Nvr2hHRK724PiZ0wqdBtDY=,tag:Pg5mbqLG/nlvuS7Yse9iFg==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2