a

hosts/default/packages.nix

@@ -1,155 +1,168 @@
-{ inputs, config, pkgs, lib, ... }:
+{
+  inputs,
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 
 {
 
-	fonts.packages = with pkgs; [
+  fonts.packages = with pkgs; [
-		noto-fonts
+    noto-fonts
-		noto-fonts-cjk-sans
+    noto-fonts-cjk-sans
-		noto-fonts-emoji
+    noto-fonts-emoji
-		monaspace
+    monaspace
-		geist-font
+    geist-font
-		# nerdfonts
+    # nerdfonts
-		nerd-fonts.geist-mono
+    nerd-fonts.geist-mono
-		nerd-fonts.monaspace
+    nerd-fonts.monaspace
-		nerd-fonts.symbols-only
+    nerd-fonts.symbols-only
-		minecraftia
+    minecraftia
-	];
+  ];
 
-	programs.seahorse.enable = true;
+  programs.seahorse.enable = true;
 
-	environment.sessionVariables.LD_LIBRARY_PATH = "${pkgs.gcc15}/lib";
+  environment.sessionVariables.LD_LIBRARY_PATH = "${pkgs.gcc15}/lib";
 
-	security.polkit = {
+  security.polkit = {
-		enable = true;
+    enable = true;
-	};
+  };
 
-	security.soteria.enable = true;
+  security.soteria.enable = true;
 
-	# surely they should add programs.discord!!
+  # surely they should add programs.discord!!
-	environment.systemPackages = with pkgs; [
+  environment.systemPackages = with pkgs; [
-		(discord.override {
+    mosh
-			withEquicord = true;
+    (discord.override {
-		})
+      withEquicord = true;
+    })
 
-		# hyprland stuff
+    # hyprland stuff
-		inputs.hyprlock.packages.${pkgs.stdenv.hostPlatform.system}.hyprlock
+    inputs.hyprlock.packages.${pkgs.stdenv.hostPlatform.system}.hyprlock
-		inputs.hyprsysteminfo.packages.${pkgs.stdenv.hostPlatform.system}.hyprsysteminfo
+    inputs.hyprsysteminfo.packages.${pkgs.stdenv.hostPlatform.system}.hyprsysteminfo
 
-		# roblox
+    # roblox
-		inputs.tuxstrap.packages.${pkgs.stdenv.hostPlatform.system}.default
+    inputs.tuxstrap.packages.${pkgs.stdenv.hostPlatform.system}.default
 
-		# minecraft
+    # minecraft
-		qemu
+    qemu
-		(writeShellScriptBin "qemu-system-x86_64-uefi" ''
+    (writeShellScriptBin "qemu-system-x86_64-uefi" ''
-			qemu-system-x86_64 \
+      			qemu-system-x86_64 \
-				-bios ${OVMF.fd}/FV/OVMF.fd \
+      				-bios ${OVMF.fd}/FV/OVMF.fd \
-				"$@"
+      				"$@"
-		'')
+      		'')
-		(writeShellScriptBin "regretevator" ''xdg-open roblox://placeId=4972273297'')
+    (writeShellScriptBin "regretevator" "xdg-open roblox://placeId=4972273297")
-		(writeShellScriptBin "kaijuparadise" ''xdg-open roblox://placeId=6456351776'')
+    (writeShellScriptBin "kaijuparadise" "xdg-open roblox://placeId=6456351776")
-		(writeShellScriptBin "sewh" ''xdg-open roblox://placeId=16991287194'')	
+    (writeShellScriptBin "sewh" "xdg-open roblox://placeId=16991287194")
 
-		(writeShellScriptBin "fix-gtk" ''${inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland}/bin/hyprctl dispatch exec "${pkgs.xdg-desktop-portal-gtk}/libexec/xdg-desktop-portal-gtk -r"'')
+    (writeShellScriptBin "fix-gtk" ''${
-		(callPackage ./apps/wl-shimeji.nix {})
+      inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland
-		(writeShellScriptBin "stop-shimejis" ''${inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland}/bin/hyprctl dispatch exec "shimejictl stop"'')
+    }/bin/hyprctl dispatch exec "${pkgs.xdg-desktop-portal-gtk}/libexec/xdg-desktop-portal-gtk -r"'')
-		# (writeShellScriptBin "partynoob" ''shimejictl summon PartyNoob'')
+    (callPackage ./apps/wl-shimeji.nix { })
-		# inputs.quickshell.packages.${pkgs.stdenv.hostPlatform.system}.default
+    (writeShellScriptBin "stop-shimejis" ''${
-		kdePackages.qtdeclarative
+      inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland
-		catppuccin-gtk
+    }/bin/hyprctl dispatch exec "shimejictl stop"'')
-		catppuccin
+    # (writeShellScriptBin "partynoob" ''shimejictl summon PartyNoob'')
-		catppuccin-qt5ct
+    # inputs.quickshell.packages.${pkgs.stdenv.hostPlatform.system}.default
-		catppuccin-catwalk
+    kdePackages.qtdeclarative
-		catppuccin-whiskers
+    catppuccin-gtk
-		mission-center
+    catppuccin
-		# nvtopPackages.full
+    catppuccin-qt5ct
-		libxkbcommon
+    catppuccin-catwalk
-		ffmpeg-full
+    catppuccin-whiskers
-		gnupg
+    mission-center
-		code-cursor
+    # nvtopPackages.full
-		nix-direnv
+    libxkbcommon
-		htop
+    ffmpeg-full
-		nixpkgs-fmt
+    gnupg
-		nixd
+    code-cursor
-		catppuccin-cursors.mochaBlue
+    nix-direnv
-		unzip
+    htop
-		libwebp
+    nixpkgs-fmt
-		ifuse
+    nixd
-		w3m
+    catppuccin-cursors.mochaBlue
-		imagemagick
+    unzip
-		alacritty
+    libwebp
-		libimobiledevice
+    ifuse
-		direnv
+    w3m
-		nautilus
+    imagemagick
-		kdePackages.dolphin
+    alacritty
-		kdePackages.kservice
+    libimobiledevice
-		qpwgraph
+    direnv
-		wget
+    nautilus
-		git
+    kdePackages.dolphin
-		fastfetch
+    kdePackages.kservice
-		vscode
+    qpwgraph
-		nodejs
+    wget
-		bun
+    git
-		yarn
+    fastfetch
-		(python3.withPackages (subpkgs: with subpkgs; [
+    vscode
-			requests
+    nodejs
-			pypresence
+    bun
-			pygobject3
+    yarn
-		]))
+    (python3.withPackages (
-		# wrangler
+      subpkgs: with subpkgs; [
-		fontforge
+        requests
-		xclip
+        pypresence
-		gamescope
+        pygobject3
-		yt-dlp
+      ]
-		fontforge-gtk
+    ))
-		deno
+    # wrangler
-		wofi
+    fontforge
-		waybar
+    xclip
-		hyprpaper
+    gamescope
-		dunst
+    yt-dlp
-		swww
+    fontforge-gtk
-		swappy
+    deno
-		slurp
+    wofi
-		grim
+    waybar
-		wayland-utils
+    hyprpaper
-		wl-clipboard
+    dunst
-		github-cli
+    swww
-		cliphist
+    swappy
-		pywal
+    slurp
-		pavucontrol
+    grim
-		wlogout
+    wayland-utils
-		libnotify
+    wl-clipboard
-		killall
+    github-cli
-		networkmanagerapplet
+    cliphist
-		blueman
+    pywal
-		arrpc
+    pavucontrol
-		playerctl
+    wlogout
-		mangohud
+    libnotify
-		jq
+    killall
-		github-cli
+    networkmanagerapplet
-		file
+    blueman
-		nwg-look
+    arrpc
-		# rhythmbox
+    playerctl
-		hyprpolkitagent
+    mangohud
+    jq
+    github-cli
+    file
+    nwg-look
+    # rhythmbox
+    hyprpolkitagent
 
-		# important
+    # important
-		glib
+    glib
-		openssl
+    openssl
-		nss
+    nss
-		glibc # C LIBRARY DO NOT REMOVE VERY IMPORTANT
+    glibc # C LIBRARY DO NOT REMOVE VERY IMPORTANT
-		gobject-introspection 
+    gobject-introspection
-		gimp3
+    gimp3
-		mpv
+    mpv
-		nixfmt-rfc-style
+    nixfmt-rfc-style
 
-		protonvpn-cli
+    protonvpn-cli
-		protonvpn-gui
+    protonvpn-gui
-		(writeShellScriptBin "protonvpn" ''${pkgs.protonvpn-cli}/bin/protonvpn-cli "$@"'')
+    (writeShellScriptBin "protonvpn" ''${pkgs.protonvpn-cli}/bin/protonvpn-cli "$@"'')
 
-		kdePackages.kdialog
+    kdePackages.kdialog
 
-		(writeShellScriptBin "roblox-studio-patcher" ''${pkgs.bun}/bin/bun run /home/ocbwoy3/config/scripts/bin/patchInternalRobloxStudio.ts'')
+    (writeShellScriptBin "roblox-studio-patcher" "${pkgs.bun}/bin/bun run /home/ocbwoy3/config/scripts/bin/patchInternalRobloxStudio.ts")
-		# firefox-devedition 
+    # firefox-devedition
 
-	];
+  ];
 
 }

hosts/server/configuration.nix

@@ -5,6 +5,48 @@
   ...
 }:
 
+let
+  mkUserService = pkgs.writeShellScriptBin "mk-user-service" ''
+        set -euo pipefail
+
+        if [ "$#" -lt 2 ]; then
+          echo "Usage: mk-user-service <name> <exec command...>" >&2
+          exit 1
+        fi
+
+        name="$1"
+        shift
+
+        unitDir="''${XDG_CONFIG_HOME:-$HOME/.config}/systemd/user"
+        unitFile="$unitDir/$name.service"
+
+        mkdir -p "$unitDir"
+
+        if [ -e "$unitFile" ]; then
+          echo "Refusing to overwrite existing unit: $unitFile" >&2
+          exit 2
+        fi
+
+        cat > "$unitFile" <<EOF
+    [Unit]
+    Description=$name
+
+    [Service]
+    Type=simple
+    ExecStart=$*
+    Restart=on-failure
+    RestartSec=2
+
+    [Install]
+    WantedBy=default.target
+    EOF
+
+        echo "Created $unitFile"
+        echo "Next steps:"
+        echo "  systemctl --user daemon-reload"
+        echo "  systemctl --user enable --now $name.service"
+  '';
+in
 {
   imports = [
     ./modules/atproto-pds.nix
@@ -23,27 +65,6 @@
 
   services.vscode-server.enable = true;
 
-  systemd.services.ocbwoy3-start-pm2 = {
-    enable = true;
-    description = "Start PM2";
-    after = [ "network.target" ];
-    wantedBy = [ "multi-user.target" ];
-    serviceConfig = {
-      Type = "forking";
-      User = "ocbwoy3";
-      LimitNOFILE = "infinity";
-      LimitNPROC = "infinity";
-      LimitCORE = "infinity";
-      Environment = "PM2_HOME=/home/ocbwoy3/.pm2";
-      PIDFile = "/home/ocbwoy3/.pm2/pm2.pid";
-      Restart = "on-failure";
-
-      ExecStart = "${pkgs.pm2}/bin/pm2 resurrect";
-      ExecReload = "${pkgs.pm2}/bin/pm2 reload all";
-      ExecStop = "${pkgs.pm2}/bin/pm2 kill";
-    };
-  };
-
   services.openssh.settings = lib.mkDefault {
     PubkeyAuthentication = "yes";
     TrustedUserCAKeys = "/etc/ssh/ca.pub";
@@ -56,9 +77,11 @@
   };
 
   environment.systemPackages = with pkgs; [
+    mosh
     fastfetch
     hyfetch
-    pm2
+    bash
+    jdk
     steam-run
     opencode
     bun
@@ -81,6 +104,25 @@
     shell = pkgs.zsh;
   };
 
+  users.users.kris = {
+    initialPassword = "thisisapassword42069!";
+    isNormalUser = true;
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+      "docker"
+    ];
+    shell = pkgs.zsh;
+    packages = [
+      pkgs.mrpack-install
+      mkUserService
+    ];
+  };
+
+  system.activationScripts.enableKrisLinger.text = ''
+    ${pkgs.systemd}/bin/loginctl enable-linger kris || true
+  '';
+
   nixpkgs.overlays = [
     (final: prev: {
       nixos-rebuild = prev.writeShellScriptBin "nixos-rebuild" ''

hosts/server/modules/vaultwarden.nix

@@ -9,10 +9,10 @@
   services.vaultwarden = {
     enable = true;
     dbBackend = "sqlite";
-    environmentFile = "/private/vaultwarden/vaultwarden.env";
+    environmentFile = "/var/lib/vaultwarden/vaultwarden.env";
     config = {
       # Keep data alongside the secret env file so we can back it up together.
-      DATA_FOLDER = "/private/vaultwarden/data";
+      DATA_FOLDER = "/var/lib/vaultwarden/data";
       PUSH_RELAY_URI = "https://api.bitwarden.eu";
       PUSH_IDENTITY_URI = "https://identity.bitwarden.eu";
       DOMAIN = "https://vault.ocbwoy3.dev";
@@ -25,15 +25,15 @@
     };
   };
 
-  # Allow vaultwarden to write under /private/vaultwarden and ensure the directories exist.
+  # Allow vaultwarden to write under /var/lib/vaultwarden and ensure the directories exist.
   systemd.services.vaultwarden.serviceConfig = {
-    ReadWritePaths = [ "/private/vaultwarden" ];
+    ReadWritePaths = [ "/var/lib/vaultwarden" ];
   };
 
   # Create parent/data directories with proper ownership before startup.
   systemd.tmpfiles.rules = [
-    "d /private/vaultwarden 0750 vaultwarden vaultwarden -"
+    "d /var/lib/vaultwarden 0750 vaultwarden vaultwarden -"
-    "d /private/vaultwarden/data 0750 vaultwarden vaultwarden -"
+    "d /var/lib/vaultwarden/data 0750 vaultwarden vaultwarden -"
   ];
 
   # cloudflared!!