9 files changed, 92 insertions, 36 deletions

diff --git a/nix/modules/home/default.nix b/nix/modules/home/default.nix
index c991927..b1c07c3 100644
--- a/nix/modules/home/default.nix
+++ b/nix/modules/home/default.nix
@@ -4,7 +4,6 @@
     sops-nix.homeManagerModules.sops
     ../vars.nix
     ./fcitx.nix
-    ./secrets.nix
     ./emacs.nix
     ./firefox.nix
     ./git.nix
@@ -22,6 +21,7 @@
     ./mako.nix
     ./user.nix
     ./gtk.nix
+    ./secrets.nix
   ];
 
   options = {
diff --git a/nix/modules/home/emacs.nix b/nix/modules/home/emacs.nix
index 2b7840d..4256d34 100644
--- a/nix/modules/home/emacs.nix
+++ b/nix/modules/home/emacs.nix
@@ -77,6 +77,7 @@
         epkgs.solidity-flycheck
         epkgs.solidity-mode
         epkgs.sudo-edit
+        epkgs.telega
         epkgs.treemacs
         epkgs.treemacs-evil
         epkgs.treemacs-magit
diff --git a/nix/modules/home/firefox.nix b/nix/modules/home/firefox.nix
index b99544b..3ae8f71 100644
--- a/nix/modules/home/firefox.nix
+++ b/nix/modules/home/firefox.nix
@@ -2,7 +2,7 @@
 {
   programs.firefox = {
     enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
-    package = pkgs.firefox-bin;
+    package = pkgs.firefox;
     policies = {
       EnableTrackingProtection = true;
       OfferToSaveLogins = false;
diff --git a/nix/modules/home/git.nix b/nix/modules/home/git.nix
index 0e6e66c..c80b6f9 100644
--- a/nix/modules/home/git.nix
+++ b/nix/modules/home/git.nix
@@ -2,6 +2,7 @@
 {
   programs.git = {
     enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
+    lfs.enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
     userName = config.monorepo.vars.fullName;
     userEmail = config.monorepo.profiles.email.email;
     signing = {
diff --git a/nix/modules/home/mpd.nix b/nix/modules/home/mpd.nix
index 3ab9d2d..8f646ea 100644
--- a/nix/modules/home/mpd.nix
+++ b/nix/modules/home/mpd.nix
@@ -24,19 +24,20 @@
         always_on       "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
         tags            "yes" # httpd supports sending tags to listening streams.
       }
-audio_output {
-    type        "shout"
-    encoding    "ogg"
-    name        "my cool stream"
-    host        "localhost"
-    port        "8000"
-    mount       "/example.ogg"
-    user        "source"
-    password    "<source-password>"
 
-    bitrate     "64"
-    format      "44100:16:1"
-    description "Nullring public radio"
+audio_output {
+    type            "shout"
+    name            "My VPS Stream"
+    host            "127.0.0.1"
+    port            "8888"             # This must match your SSH tunnel local port
+    mount           "/stream"          # The URL path (e.g. http://vps:8000/stream)
+    password        "SuperSecretSourcePass"
+    bitrate         "128"
+    format          "44100:16:2"
+    protocol        "icecast2"         # Essential for modern Icecast
+    user            "source"           # Default icecast source user
+    description     "My MPD Stream"
+    genre           "Mixed"
 }
     '';
   };
diff --git a/nix/modules/home/personal_secrets.nix b/nix/modules/home/personal_secrets.nix
new file mode 100644
index 0000000..9013de1
--- /dev/null
+++ b/nix/modules/home/personal_secrets.nix
@@ -0,0 +1,23 @@
+{ lib, config, ... }:
+{
+  config = lib.mkIf config.monorepo.profiles.graphics.enable {
+    sops.secrets = {
+      mail = {
+        format = "yaml";
+        path = "${config.sops.defaultSymlinkPath}/mail";
+      };
+      cloudflare-dns = {
+        format = "yaml";
+        path = "${config.sops.defaultSymlinkPath}/cloudflare-dns";
+      };
+      digikey = {
+        format = "yaml";
+        path = "${config.sops.defaultSymlinkPath}/digikey";
+      };
+      dn42 = {
+        format = "yaml";
+        path = "${config.sops.defaultSymlinkPath}/dn42";
+      };
+    };
+  };
+}
diff --git a/nix/modules/home/secrets.nix b/nix/modules/home/secrets.nix
index 20c3d44..a38b4e0 100644
--- a/nix/modules/home/secrets.nix
+++ b/nix/modules/home/secrets.nix
@@ -1,11 +1,15 @@
 { config, ... }:
 {
   sops = {
-    defaultSopsFile = ../../secrets/secrets.yaml;
+    defaultSopsFile = if config.monorepo.profiles.graphics.enable
+                      then ../../secrets/secrets.yaml
+                      else ../../secrets/vps_secrets.yaml;
+
     age = {
-      keyFile = "/home/${config.monorepo.vars.userName}/.ssh/keys.txt";
+      keyFile = "/home/${config.monorepo.vars.userName}/.config/sops/age/keys.txt";
     };
-    secrets = {
+
+    secrets = if config.monorepo.profiles.graphics.enable then {
       mail = {
         format = "yaml";
         path = "${config.sops.defaultSymlinkPath}/mail";
@@ -22,24 +26,7 @@
         format = "yaml";
         path = "${config.sops.defaultSymlinkPath}/dn42";
       };
-      znc = {
-        format = "yaml";
-        path = "${config.sops.defaultSymlinkPath}/znc";
-      };
-      znc_password_salt = {
-        format = "yaml";
-        path = "${config.sops.defaultSymlinkPath}/znc_password_salt";
-      };
-
-      znc_password_hash = {
-        format = "yaml";
-        path = "${config.sops.defaultSymlinkPath}/znc_password_hash";
-      };
-
-      matrix_bridge = {
-        format = "yaml";
-        path = "${config.sops.defaultSymlinkPath}/matrix_bridge";
-      };
+    } else {
     };
     defaultSymlinkPath = "/run/user/1000/secrets";
     defaultSecretsMountPoint = "/run/user/1000/secrets.d";
diff --git a/nix/modules/home/user.nix b/nix/modules/home/user.nix
index c97347e..356a0fe 100644
--- a/nix/modules/home/user.nix
+++ b/nix/modules/home/user.nix
@@ -45,7 +45,7 @@
 
       # Apps
       # octaveFull
-      vesktop grim swww vim telegram-desktop qwen-code fluffychat jami
+      vesktop grim swww vim kotatogram-desktop tg qwen-code element-desktop jami
 
       # Sound/media
       pavucontrol alsa-utils imagemagick ffmpeg helvum
diff --git a/nix/modules/home/vps_secrets.nix b/nix/modules/home/vps_secrets.nix
new file mode 100644
index 0000000..df75a39
--- /dev/null
+++ b/nix/modules/home/vps_secrets.nix
@@ -0,0 +1,43 @@
+{ lib, config, ... }:
+{
+  config = lib.mkIf (!config.monorepo.profiles.graphics.enable) {
+    sops.secrets = {
+      znc = {
+        format = "yaml";
+        path = "${config.sops.defaultsymlinkpath}/znc";
+      };
+      znc_password_salt = {
+        format = "yaml";
+        path = "${config.sops.defaultsymlinkpath}/znc_password_salt";
+      };
+      znc_password_hash = {
+        format = "yaml";
+        path = "${config.sops.defaultsymlinkpath}/znc_password_hash";
+      };
+      matrix_bridge = {
+        format = "yaml";
+        path = "${config.sops.defaultsymlinkpath}/matrix_bridge";
+      };
+      coturn_secret = {
+        format = "yaml";
+        path = "${config.sops.defaultsymlinkpath}/coturn_secret";
+      };
+      livekit_secret = {
+        format = "yaml";
+        path = "${config.sops.defaultsymlinkpath}/livekit_secret";
+      };
+      livekit = {
+        format = "yaml";
+        path = "${config.sops.defaultsymlinkpath}/livekit";
+      };
+      conduit_secrets = {
+        format = "yaml";
+        path = "${config.sops.defaultsymlinkpath}/conduit_secrets";
+      };
+      mautrix_env = {
+        format = "yaml";
+        path = "${config.sops.defaultsymlinkpath}/mautrix_env";
+      };
+    };
+  };
+}