From 573c9e3757e0e34b80da8e638f3b6aa16a693eed Mon Sep 17 00:00:00 2001
From: tulg <tulg@protonmail.ch>
Date: Sat, 25 Apr 2026 18:11:11 +0300
Subject: [PATCH 01/15] kittykat

---
 flake.lock                                | 124 +++++++++++++++++++---
 flake.nix                                 |  13 +++
 hosts/kittykat/configuration.nix          |  43 ++++++++
 hosts/kittykat/disko.nix                  |  37 +++++++
 hosts/kittykat/hardware-configuration.nix |  14 +++
 modules/nixos/services.nix                |   2 +-
 6 files changed, 218 insertions(+), 15 deletions(-)
 create mode 100644 hosts/kittykat/configuration.nix
 create mode 100644 hosts/kittykat/disko.nix
 create mode 100644 hosts/kittykat/hardware-configuration.nix

diff --git a/flake.lock b/flake.lock
index 79e4155..b44ad2f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,26 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1770165109,
+        "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
     "base16": {
       "inputs": {
         "fromYaml": "fromYaml"
@@ -84,6 +105,28 @@
         "type": "github"
       }
     },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1744478979,
+        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "disko": {
       "inputs": {
         "nixpkgs": [
@@ -193,6 +236,27 @@
       }
     },
     "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1745494811,
+        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
@@ -212,7 +276,7 @@
         "type": "github"
       }
     },
-    "home-manager_2": {
+    "home-manager_3": {
       "inputs": {
         "nixpkgs": [
           "zen-browser",
@@ -291,16 +355,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1776548001,
-        "narHash": "sha256-ZSK0NL4a1BwVbbTBoSnWgbJy9HeZFXLYQizjb2DPF24=",
+        "lastModified": 1754028485,
+        "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b12141ef619e0a9c1c84dc8c684040326f27cdcc",
+        "rev": "59e69648d345d6e8fef86158c555730fa12af9de",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-unstable",
+        "ref": "nixos-25.05",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -336,6 +400,22 @@
       }
     },
     "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1776548001,
+        "narHash": "sha256-ZSK0NL4a1BwVbbTBoSnWgbJy9HeZFXLYQizjb2DPF24=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "b12141ef619e0a9c1c84dc8c684040326f27cdcc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1776169885,
         "narHash": "sha256-Gk2T0tDDDAs319hp/ak+bAIUG5bPMvnNEjPV8CS86Fg=",
@@ -375,7 +455,7 @@
           "noctalia",
           "nixpkgs"
         ],
-        "systems": "systems",
+        "systems": "systems_2",
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
@@ -439,11 +519,12 @@
     },
     "root": {
       "inputs": {
+        "agenix": "agenix",
         "disko": "disko",
-        "home-manager": "home-manager",
+        "home-manager": "home-manager_2",
         "nix-colors": "nix-colors",
         "nixos-vfio": "nixos-vfio",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
         "noctalia": "noctalia",
         "quickshell": "quickshell",
         "spicetify-nix": "spicetify-nix",
@@ -453,8 +534,8 @@
     },
     "spicetify-nix": {
       "inputs": {
-        "nixpkgs": "nixpkgs_2",
-        "systems": "systems_2"
+        "nixpkgs": "nixpkgs_3",
+        "systems": "systems_3"
       },
       "locked": {
         "lastModified": 1776894239,
@@ -483,7 +564,7 @@
           "nixpkgs"
         ],
         "nur": "nur",
-        "systems": "systems_3",
+        "systems": "systems_4",
         "tinted-kitty": "tinted-kitty",
         "tinted-schemes": "tinted-schemes",
         "tinted-tmux": "tinted-tmux",
@@ -504,6 +585,21 @@
       }
     },
     "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_2": {
       "locked": {
         "lastModified": 1689347949,
         "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -518,7 +614,7 @@
         "type": "github"
       }
     },
-    "systems_2": {
+    "systems_3": {
       "locked": {
         "lastModified": 1681028828,
         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -533,7 +629,7 @@
         "type": "github"
       }
     },
-    "systems_3": {
+    "systems_4": {
       "locked": {
         "lastModified": 1681028828,
         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -636,7 +732,7 @@
     },
     "zen-browser": {
       "inputs": {
-        "home-manager": "home-manager_2",
+        "home-manager": "home-manager_3",
         "nixpkgs": [
           "nixpkgs"
         ]
diff --git a/flake.nix b/flake.nix
index dacbdf3..96b269b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -9,6 +9,9 @@
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    agenix = {
+      url = "github:ryantm/agenix";
+    };
     quickshell = {
       url = "github:outfoxxed/quickshell";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -45,6 +48,7 @@
     nix-colors,
     stylix,
     disko,
+    agenix,
     ...
   } @ inputs: let
     system = "x86_64-linux";
@@ -123,6 +127,15 @@
           };
         }
       ];
+      nixosConfigurations.kittykat = nixpkgs.lib.nixosSystem {
+        inherit system;
+        specialArgs = {inherit inputs;};
+        modules = [
+          ./hosts/kittykat/configuration.nix
+          agenix.nixosModules.default
+          inputs.disko.nixosModules.disko
+        ];
+      };
     };
   };
 }
diff --git a/hosts/kittykat/configuration.nix b/hosts/kittykat/configuration.nix
new file mode 100644
index 0000000..914038f
--- /dev/null
+++ b/hosts/kittykat/configuration.nix
@@ -0,0 +1,43 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+    ./disko-config.nix
+  ];
+
+  boot.loader.grub.enable = true;
+
+  services.openssh.enable = {
+    enable = true
+    settings.PermitRootLogin = "no";
+    
+  };
+  
+  users.users.tulg = {
+    isNormalUser = true;
+    description = "Tulga";
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+      "libvirtd"
+      "kvm"
+    ];
+  };
+  users.users."root".openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
+  ];
+  users.users."tulg".openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
+  ];
+
+  programs.neovim = {
+    enable = true;
+    defaultEditor = true;
+  };
+
+  system.stateVersion = "25.05";
+}
diff --git a/hosts/kittykat/disko.nix b/hosts/kittykat/disko.nix
new file mode 100644
index 0000000..d439fcc
--- /dev/null
+++ b/hosts/kittykat/disko.nix
@@ -0,0 +1,37 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02";
+              priority = 1;
+            };
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/hosts/kittykat/hardware-configuration.nix b/hosts/kittykat/hardware-configuration.nix
new file mode 100644
index 0000000..3ec318f
--- /dev/null
+++ b/hosts/kittykat/hardware-configuration.nix
@@ -0,0 +1,14 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  networking.useDHCP = lib.mkDefault true;
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/modules/nixos/services.nix b/modules/nixos/services.nix
index 81d93a9..3476e20 100644
--- a/modules/nixos/services.nix
+++ b/modules/nixos/services.nix
@@ -34,7 +34,7 @@
     enable = true;
     package = pkgs.mullvad-vpn;
   };
-
+  services.v2raya.enable = true;
   programs.thunar.plugins = with pkgs; [
     thunar-archive-plugin
     thunar-volman

From 8c193dc65b6c56bbcca1101e0e30d711ea3b3f78 Mon Sep 17 00:00:00 2001
From: tulg <tulg@protonmail.ch>
Date: Sat, 25 Apr 2026 18:38:02 +0300
Subject: [PATCH 02/15] kittykat deployment test

---
 flake.nix                                 | 18 +++++------
 hosts/kittykat/configuration.nix          | 38 ++++++-----------------
 hosts/kittykat/hardware-configuration.nix |  5 ++-
 modules/nixos/networking/ssh.nix          |  6 ++--
 modules/nixos/users/tulg.nix              |  6 ++++
 5 files changed, 30 insertions(+), 43 deletions(-)

diff --git a/flake.nix b/flake.nix
index 96b269b..4404e34 100644
--- a/flake.nix
+++ b/flake.nix
@@ -127,15 +127,15 @@
           };
         }
       ];
-      nixosConfigurations.kittykat = nixpkgs.lib.nixosSystem {
-        inherit system;
-        specialArgs = {inherit inputs;};
-        modules = [
-          ./hosts/kittykat/configuration.nix
-          agenix.nixosModules.default
-          inputs.disko.nixosModules.disko
-        ];
-      };
+    };
+    nixosConfigurations.kittykat = nixpkgs.lib.nixosSystem {
+      inherit system;
+      specialArgs = {inherit inputs;};
+      modules = [
+        ./hosts/kittykat/configuration.nix
+        agenix.nixosModules.default
+        inputs.disko.nixosModules.disko
+      ];
     };
   };
 }
diff --git a/hosts/kittykat/configuration.nix b/hosts/kittykat/configuration.nix
index 914038f..33b74ac 100644
--- a/hosts/kittykat/configuration.nix
+++ b/hosts/kittykat/configuration.nix
@@ -6,38 +6,18 @@
 }: {
   imports = [
     ./hardware-configuration.nix
-    ./disko-config.nix
+    ./disko.nix
+    ../../modules/nixos/networking/ssh.nix
+    ../../modules/nixos/users/tulg.nix
   ];
 
-  boot.loader.grub.enable = true;
-
-  services.openssh.enable = {
-    enable = true
-    settings.PermitRootLogin = "no";
-    
-  };
-  
-  users.users.tulg = {
-    isNormalUser = true;
-    description = "Tulga";
-    extraGroups = [
-      "networkmanager"
-      "wheel"
-      "libvirtd"
-      "kvm"
-    ];
-  };
-  users.users."root".openssh.authorizedKeys.keys = [
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
-  ];
-  users.users."tulg".openssh.authorizedKeys.keys = [
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
+  networking.hostName = "kittykat";
+  environment.systemPackages = with pkgs; [
+    nano
+    fastfetch
   ];
 
-  programs.neovim = {
-    enable = true;
-    defaultEditor = true;
-  };
-
+  nixpkgs.config.allowUnfree = true;
+  nix.settings.experimental-features = ["nix-command" "flakes"];
   system.stateVersion = "25.05";
 }
diff --git a/hosts/kittykat/hardware-configuration.nix b/hosts/kittykat/hardware-configuration.nix
index 3ec318f..7db19c8 100644
--- a/hosts/kittykat/hardware-configuration.nix
+++ b/hosts/kittykat/hardware-configuration.nix
@@ -8,7 +8,10 @@
   imports = [
     (modulesPath + "/profiles/qemu-guest.nix")
   ];
-
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = true;
+  };
   networking.useDHCP = lib.mkDefault true;
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
diff --git a/modules/nixos/networking/ssh.nix b/modules/nixos/networking/ssh.nix
index 93942c0..c3a130c 100644
--- a/modules/nixos/networking/ssh.nix
+++ b/modules/nixos/networking/ssh.nix
@@ -7,9 +7,7 @@
   ];
   services.openssh = {
     enable = true;
-    settings = {
-      PasswordAuthentication = true;
-      PermitRootLogin = "yes";
-    };
+    settings.PermitRootLogin = "prohibit-password";
+    allowSFTP = true;
   };
 }
diff --git a/modules/nixos/users/tulg.nix b/modules/nixos/users/tulg.nix
index f069ccc..a680273 100644
--- a/modules/nixos/users/tulg.nix
+++ b/modules/nixos/users/tulg.nix
@@ -2,6 +2,9 @@
   users.users.tulg = {
     isNormalUser = true;
     description = "Tulga";
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
+    ];
     extraGroups = [
       "networkmanager"
       "wheel"
@@ -9,4 +12,7 @@
       "kvm"
     ];
   };
+  users.users."root".openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
+  ];
 }

From 334878ca295269b88debeee25a2557c6de69f8b6 Mon Sep 17 00:00:00 2001
From: tulg <tulg@protonmail.ch>
Date: Sat, 25 Apr 2026 19:08:24 +0300
Subject: [PATCH 03/15] xray, deploy-rs testing

---
 flake.lock                       | 137 +++++++++++++++++++++++++++++--
 flake.nix                        |  15 +++-
 hosts/kittykat/configuration.nix |   5 ++
 3 files changed, 148 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index b44ad2f..86f0968 100644
--- a/flake.lock
+++ b/flake.lock
@@ -127,6 +127,26 @@
         "type": "github"
       }
     },
+    "deploy-rs": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nixpkgs": "nixpkgs_2",
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1770019181,
+        "narHash": "sha256-hwsYgDnby50JNVpTRYlF3UR/Rrpt01OrxVuryF40CFY=",
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "rev": "77c906c0ba56aabdbc72041bf9111b565cdd6171",
+        "type": "github"
+      },
+      "original": {
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "type": "github"
+      }
+    },
     "disko": {
       "inputs": {
         "nixpkgs": [
@@ -163,6 +183,22 @@
         "type": "github"
       }
     },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": "nixpkgs-lib_2"
@@ -400,6 +436,22 @@
       }
     },
     "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1743014863,
+        "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1776548001,
         "narHash": "sha256-ZSK0NL4a1BwVbbTBoSnWgbJy9HeZFXLYQizjb2DPF24=",
@@ -415,7 +467,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_3": {
+    "nixpkgs_4": {
       "locked": {
         "lastModified": 1776169885,
         "narHash": "sha256-Gk2T0tDDDAs319hp/ak+bAIUG5bPMvnNEjPV8CS86Fg=",
@@ -428,6 +480,22 @@
         "url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz"
       }
     },
+    "nixpkgs_5": {
+      "locked": {
+        "lastModified": 1776877367,
+        "narHash": "sha256-EHq1/OX139R1RvBzOJ0aMRT3xnWyqtHBRUBuO1gFzjI=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "0726a0ecb6d4e08f6adced58726b95db924cef57",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "noctalia": {
       "inputs": {
         "nixpkgs": [
@@ -455,7 +523,7 @@
           "noctalia",
           "nixpkgs"
         ],
-        "systems": "systems_2",
+        "systems": "systems_3",
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
@@ -520,22 +588,24 @@
     "root": {
       "inputs": {
         "agenix": "agenix",
+        "deploy-rs": "deploy-rs",
         "disko": "disko",
         "home-manager": "home-manager_2",
         "nix-colors": "nix-colors",
         "nixos-vfio": "nixos-vfio",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_3",
         "noctalia": "noctalia",
         "quickshell": "quickshell",
         "spicetify-nix": "spicetify-nix",
         "stylix": "stylix",
+        "xray-3x-ui": "xray-3x-ui",
         "zen-browser": "zen-browser"
       }
     },
     "spicetify-nix": {
       "inputs": {
-        "nixpkgs": "nixpkgs_3",
-        "systems": "systems_3"
+        "nixpkgs": "nixpkgs_4",
+        "systems": "systems_4"
       },
       "locked": {
         "lastModified": 1776894239,
@@ -564,7 +634,7 @@
           "nixpkgs"
         ],
         "nur": "nur",
-        "systems": "systems_4",
+        "systems": "systems_5",
         "tinted-kitty": "tinted-kitty",
         "tinted-schemes": "tinted-schemes",
         "tinted-tmux": "tinted-tmux",
@@ -600,6 +670,21 @@
       }
     },
     "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_3": {
       "locked": {
         "lastModified": 1689347949,
         "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -614,7 +699,7 @@
         "type": "github"
       }
     },
-    "systems_3": {
+    "systems_4": {
       "locked": {
         "lastModified": 1681028828,
         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -629,7 +714,7 @@
         "type": "github"
       }
     },
-    "systems_4": {
+    "systems_5": {
       "locked": {
         "lastModified": 1681028828,
         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -730,6 +815,42 @@
         "type": "github"
       }
     },
+    "utils": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "xray-3x-ui": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_5"
+      },
+      "locked": {
+        "lastModified": 1761047979,
+        "narHash": "sha256-A7gDkM/xAX1R8FGmryZpcIsLsdcrnmJ5bpN8rmFoH9o=",
+        "owner": "sunmeplz",
+        "repo": "xray-3x-ui",
+        "rev": "a01a56f38813a2e86d2612556f3a672cb11c3681",
+        "type": "github"
+      },
+      "original": {
+        "owner": "sunmeplz",
+        "repo": "xray-3x-ui",
+        "type": "github"
+      }
+    },
     "zen-browser": {
       "inputs": {
         "home-manager": "home-manager_3",
diff --git a/flake.nix b/flake.nix
index 4404e34..6ee6efd 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,7 +4,7 @@
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
     spicetify-nix.url = "github:Gerg-L/spicetify-nix";
-
+    xray-3x-ui.url = "github:sunmeplz/xray-3x-ui";
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -12,6 +12,7 @@
     agenix = {
       url = "github:ryantm/agenix";
     };
+    deploy-rs.url = "github:serokell/deploy-rs";
     quickshell = {
       url = "github:outfoxxed/quickshell";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -49,6 +50,8 @@
     stylix,
     disko,
     agenix,
+    xray-3x-ui,
+    deploy-rs,
     ...
   } @ inputs: let
     system = "x86_64-linux";
@@ -133,9 +136,19 @@
       specialArgs = {inherit inputs;};
       modules = [
         ./hosts/kittykat/configuration.nix
+        xray-3x-ui.nixosModules.default
         agenix.nixosModules.default
         inputs.disko.nixosModules.disko
       ];
     };
+    deploy.nodes.kittykat = {
+      hostname = "kittykat";
+      profiles.system = {
+        user = "root";
+        path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.kittykat;
+        interactiveSudo = true;
+      };
+    };
+    checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
   };
 }
diff --git a/hosts/kittykat/configuration.nix b/hosts/kittykat/configuration.nix
index 33b74ac..18a7dac 100644
--- a/hosts/kittykat/configuration.nix
+++ b/hosts/kittykat/configuration.nix
@@ -16,6 +16,11 @@
     nano
     fastfetch
   ];
+  services.xray-3x-ui = {
+    enable = true;
+    port = 2053;
+    openFirewall = true;
+  };
 
   nixpkgs.config.allowUnfree = true;
   nix.settings.experimental-features = ["nix-command" "flakes"];

From 9551aef97d8b783463bc768a26e2caf4853bacb5 Mon Sep 17 00:00:00 2001
From: tulg <tulg@protonmail.ch>
Date: Sat, 25 Apr 2026 19:10:42 +0300
Subject: [PATCH 04/15] xray, deploy-rs testing

---
 flake.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/flake.nix b/flake.nix
index 6ee6efd..9d5394a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -146,7 +146,6 @@
       profiles.system = {
         user = "root";
         path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.kittykat;
-        interactiveSudo = true;
       };
     };
     checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;

From b3aa4ffe440adb523da8fd7e6bfdaf7053338c66 Mon Sep 17 00:00:00 2001
From: tulg <tulg@protonmail.ch>
Date: Sat, 25 Apr 2026 19:14:50 +0300
Subject: [PATCH 05/15] xray, deploy-rs testing

---
 flake.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/flake.nix b/flake.nix
index 9d5394a..85fe2f4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -144,6 +144,7 @@
     deploy.nodes.kittykat = {
       hostname = "kittykat";
       profiles.system = {
+        sshUser = "root";
         user = "root";
         path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.kittykat;
       };

From 0703bc7d442c0db42d894f13db7d1c3fe7280a2b Mon Sep 17 00:00:00 2001
From: tulg <tulg@protonmail.ch>
Date: Sat, 25 Apr 2026 19:25:18 +0300
Subject: [PATCH 06/15] traefik

---
 hosts/kittykat/traefik.nix | 43 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 hosts/kittykat/traefik.nix

diff --git a/hosts/kittykat/traefik.nix b/hosts/kittykat/traefik.nix
new file mode 100644
index 0000000..54d38d6
--- /dev/null
+++ b/hosts/kittykat/traefik.nix
@@ -0,0 +1,43 @@
+  services.traefik = {
+    enable = true;
+
+    staticConfigOptions = {
+      entryPoints = {
+        web = {
+          address = ":80";
+          asDefault = true;
+          http.redirections.entrypoint = {
+            to = "websecure";
+            scheme = "https";
+          };
+        };
+
+        websecure = {
+          address = ":443";
+          asDefault = true;
+          http.tls.certResolver = "letsencrypt";
+        };
+      };
+
+      log = {
+        level = "INFO";
+        filePath = "${config.services.traefik.dataDir}/traefik.log";
+        format = "json";
+      };
+
+      certificatesResolvers.letsencrypt.acme = {
+        email = "tulg@protonmail.ch";
+        storage = "${config.services.traefik.dataDir}/acme.json";
+        httpChallenge.entryPoint = "web";
+      };
+
+      api.dashboard = true;
+      # Access the Traefik dashboard on <Traefik IP>:8080 of your server
+      # api.insecure = true;
+    };
+
+    dynamicConfigOptions = {
+      http.routers = {};
+      http.services = {};
+    };
+  };
\ No newline at end of file

From f9c77585d5ff51328c0e9dae2565b2a008c1e3aa Mon Sep 17 00:00:00 2001
From: tulg <tulg@protonmail.ch>
Date: Sat, 25 Apr 2026 19:36:45 +0300
Subject: [PATCH 07/15] traefik

---
 hosts/kittykat/traefik.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hosts/kittykat/traefik.nix b/hosts/kittykat/traefik.nix
index 54d38d6..c4cc60e 100644
--- a/hosts/kittykat/traefik.nix
+++ b/hosts/kittykat/traefik.nix
@@ -1,3 +1,4 @@
+   networking.firewall.allowedTCPPorts = [ 80 443 ];
   services.traefik = {
     enable = true;
 
@@ -40,4 +41,6 @@
       http.routers = {};
       http.services = {};
     };
-  };
\ No newline at end of file
+    
+  };
+  
\ No newline at end of file

From 74778d4c2b2eae1358fae747c764e27ef38a6b3e Mon Sep 17 00:00:00 2001
From: tulg <tulg@protonmail.ch>
Date: Sat, 25 Apr 2026 19:39:05 +0300
Subject: [PATCH 08/15] traefik

---
 hosts/kittykat/traefik.nix | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/hosts/kittykat/traefik.nix b/hosts/kittykat/traefik.nix
index c4cc60e..18af0ed 100644
--- a/hosts/kittykat/traefik.nix
+++ b/hosts/kittykat/traefik.nix
@@ -37,10 +37,20 @@
       # api.insecure = true;
     };
 
-    dynamicConfigOptions = {
-      http.routers = {};
-      http.services = {};
+ dynamicConfigOptions = {
+  http = {
+    routers.myapp = {
+      rule = "Host(`v2.kittykat.poggerer.xyz`)";
+      entryPoints = [ "websecure" ];
+      service = "v2";
+      tls.certResolver = "letsencrypt";
     };
+
+    services.myapp.loadBalancer.servers = [
+      { url = "http://127.0.0.1:2053"; }
+    ];
+  };
+
     
   };
   
\ No newline at end of file

From 6d929576616f6f99808a6d771e2b32a81f95ef92 Mon Sep 17 00:00:00 2001
From: tulg <tulg@protonmail.ch>
Date: Sat, 25 Apr 2026 19:42:07 +0300
Subject: [PATCH 09/15] traefik

---
 hosts/kittykat/traefik.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hosts/kittykat/traefik.nix b/hosts/kittykat/traefik.nix
index 18af0ed..41d68af 100644
--- a/hosts/kittykat/traefik.nix
+++ b/hosts/kittykat/traefik.nix
@@ -39,10 +39,10 @@
 
  dynamicConfigOptions = {
   http = {
-    routers.myapp = {
+    routers.xray = {
       rule = "Host(`v2.kittykat.poggerer.xyz`)";
       entryPoints = [ "websecure" ];
-      service = "v2";
+      service = "xray";
       tls.certResolver = "letsencrypt";
     };
 

From b9e9fd355756b5c33b0ad8a070a30e4547e72c95 Mon Sep 17 00:00:00 2001
From: tulg <tulg@protonmail.ch>
Date: Sat, 25 Apr 2026 19:43:30 +0300
Subject: [PATCH 10/15] traefik

---
 hosts/kittykat/configuration.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hosts/kittykat/configuration.nix b/hosts/kittykat/configuration.nix
index 18a7dac..48c7f25 100644
--- a/hosts/kittykat/configuration.nix
+++ b/hosts/kittykat/configuration.nix
@@ -9,12 +9,14 @@
     ./disko.nix
     ../../modules/nixos/networking/ssh.nix
     ../../modules/nixos/users/tulg.nix
+    ./traefik.nix
   ];
 
   networking.hostName = "kittykat";
   environment.systemPackages = with pkgs; [
     nano
     fastfetch
+    kitty
   ];
   services.xray-3x-ui = {
     enable = true;

From 245890d044b48a641c7b1685fe3b955dfe87b67c Mon Sep 17 00:00:00 2001
From: tulg <tulg@protonmail.ch>
Date: Sat, 25 Apr 2026 19:44:26 +0300
Subject: [PATCH 11/15] traefik

---
 hosts/kittykat/traefik.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/kittykat/traefik.nix b/hosts/kittykat/traefik.nix
index 41d68af..793ce92 100644
--- a/hosts/kittykat/traefik.nix
+++ b/hosts/kittykat/traefik.nix
@@ -1,4 +1,4 @@
-   networking.firewall.allowedTCPPorts = [ 80 443 ];
+  
   services.traefik = {
     enable = true;
 

From a52a5741d3e7280e3ec8f7f835602784f487d98d Mon Sep 17 00:00:00 2001
From: tulg <tulg@protonmail.ch>
Date: Sat, 25 Apr 2026 19:45:44 +0300
Subject: [PATCH 12/15] traefik

---
 hosts/kittykat/traefik.nix | 99 ++++++++++++++++++++------------------
 1 file changed, 51 insertions(+), 48 deletions(-)

diff --git a/hosts/kittykat/traefik.nix b/hosts/kittykat/traefik.nix
index 793ce92..50ba712 100644
--- a/hosts/kittykat/traefik.nix
+++ b/hosts/kittykat/traefik.nix
@@ -1,56 +1,59 @@
-  
-  services.traefik = {
-    enable = true;
+services.traefik = {
+  enable = true;
 
-    staticConfigOptions = {
-      entryPoints = {
-        web = {
-          address = ":80";
-          asDefault = true;
-          http.redirections.entrypoint = {
-            to = "websecure";
-            scheme = "https";
+  staticConfigOptions = {
+    entryPoints = {
+      web = {
+        address = ":80";
+        http.redirections.entrypoint = {
+          to = "websecure";
+          scheme = "https";
+        };
+      };
+
+      websecure = {
+        address = ":443";
+        http.tls.certResolver = "letsencrypt";
+      };
+    };
+
+    log = {
+      level = "INFO";
+      filePath = "${config.services.traefik.dataDir}/traefik.log";
+      format = "json";
+    };
+
+    certificatesResolvers.letsencrypt.acme = {
+      email = "tulg@protonmail.ch";
+      storage = "${config.services.traefik.dataDir}/acme.json";
+      httpChallenge.entryPoint = "web";
+    };
+
+    api.dashboard = true;
+  };
+
+  dynamicConfigOptions = {
+    http = {
+      routers = {
+        xray = {
+          rule = "Host(`v2.kittykat.poggerer.xyz`)";
+          entryPoints = [ "websecure" ];
+          service = "xray";
+          tls = {
+            certResolver = "letsencrypt";
           };
         };
+      };
 
-        websecure = {
-          address = ":443";
-          asDefault = true;
-          http.tls.certResolver = "letsencrypt";
+      services = {
+        xray = {
+          loadBalancer = {
+            servers = [
+              { url = "http://127.0.0.1:2053"; }
+            ];
+          };
         };
       };
-
-      log = {
-        level = "INFO";
-        filePath = "${config.services.traefik.dataDir}/traefik.log";
-        format = "json";
-      };
-
-      certificatesResolvers.letsencrypt.acme = {
-        email = "tulg@protonmail.ch";
-        storage = "${config.services.traefik.dataDir}/acme.json";
-        httpChallenge.entryPoint = "web";
-      };
-
-      api.dashboard = true;
-      # Access the Traefik dashboard on <Traefik IP>:8080 of your server
-      # api.insecure = true;
     };
-
- dynamicConfigOptions = {
-  http = {
-    routers.xray = {
-      rule = "Host(`v2.kittykat.poggerer.xyz`)";
-      entryPoints = [ "websecure" ];
-      service = "xray";
-      tls.certResolver = "letsencrypt";
-    };
-
-    services.myapp.loadBalancer.servers = [
-      { url = "http://127.0.0.1:2053"; }
-    ];
   };
-
-    
-  };
-  
\ No newline at end of file
+};
\ No newline at end of file

From 60f15dca52d62e669faf096f415dd5b34f64bb58 Mon Sep 17 00:00:00 2001
From: tulg <tulg@protonmail.ch>
Date: Sat, 25 Apr 2026 19:46:46 +0300
Subject: [PATCH 13/15] traefik

---
 hosts/kittykat/traefik.nix | 100 +++++++++++++++++++------------------
 1 file changed, 51 insertions(+), 49 deletions(-)

diff --git a/hosts/kittykat/traefik.nix b/hosts/kittykat/traefik.nix
index 50ba712..9297e5f 100644
--- a/hosts/kittykat/traefik.nix
+++ b/hosts/kittykat/traefik.nix
@@ -1,59 +1,61 @@
-services.traefik = {
-  enable = true;
+{
+  services.traefik = {
+    enable = true;
 
-  staticConfigOptions = {
-    entryPoints = {
-      web = {
-        address = ":80";
-        http.redirections.entrypoint = {
-          to = "websecure";
-          scheme = "https";
-        };
-      };
-
-      websecure = {
-        address = ":443";
-        http.tls.certResolver = "letsencrypt";
-      };
-    };
-
-    log = {
-      level = "INFO";
-      filePath = "${config.services.traefik.dataDir}/traefik.log";
-      format = "json";
-    };
-
-    certificatesResolvers.letsencrypt.acme = {
-      email = "tulg@protonmail.ch";
-      storage = "${config.services.traefik.dataDir}/acme.json";
-      httpChallenge.entryPoint = "web";
-    };
-
-    api.dashboard = true;
-  };
-
-  dynamicConfigOptions = {
-    http = {
-      routers = {
-        xray = {
-          rule = "Host(`v2.kittykat.poggerer.xyz`)";
-          entryPoints = [ "websecure" ];
-          service = "xray";
-          tls = {
-            certResolver = "letsencrypt";
+    staticConfigOptions = {
+      entryPoints = {
+        web = {
+          address = ":80";
+          http.redirections.entrypoint = {
+            to = "websecure";
+            scheme = "https";
           };
         };
+
+        websecure = {
+          address = ":443";
+          http.tls.certResolver = "letsencrypt";
+        };
       };
 
-      services = {
-        xray = {
-          loadBalancer = {
-            servers = [
-              { url = "http://127.0.0.1:2053"; }
-            ];
+      log = {
+        level = "INFO";
+        filePath = "${config.services.traefik.dataDir}/traefik.log";
+        format = "json";
+      };
+
+      certificatesResolvers.letsencrypt.acme = {
+        email = "tulg@protonmail.ch";
+        storage = "${config.services.traefik.dataDir}/acme.json";
+        httpChallenge.entryPoint = "web";
+      };
+
+      api.dashboard = true;
+    };
+
+    dynamicConfigOptions = {
+      http = {
+        routers = {
+          xray = {
+            rule = "Host(`v2.kittykat.poggerer.xyz`)";
+            entryPoints = ["websecure"];
+            service = "xray";
+            tls = {
+              certResolver = "letsencrypt";
+            };
+          };
+        };
+
+        services = {
+          xray = {
+            loadBalancer = {
+              servers = [
+                {url = "http://127.0.0.1:2053";}
+              ];
+            };
           };
         };
       };
     };
   };
-};
\ No newline at end of file
+}

From a2b5e85653c88b2281265f40106533e0a0e15482 Mon Sep 17 00:00:00 2001
From: tulg <tulg@protonmail.ch>
Date: Sat, 25 Apr 2026 19:47:40 +0300
Subject: [PATCH 14/15] traefik

---
 hosts/kittykat/traefik.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/kittykat/traefik.nix b/hosts/kittykat/traefik.nix
index 9297e5f..bf8a7fe 100644
--- a/hosts/kittykat/traefik.nix
+++ b/hosts/kittykat/traefik.nix
@@ -1,4 +1,4 @@
-{
+{config, ...}: {
   services.traefik = {
     enable = true;
 

From cb702d833b43e84d3a5fc4b015bb6c04eb836d2d Mon Sep 17 00:00:00 2001
From: tulg <tulg@protonmail.ch>
Date: Sat, 25 Apr 2026 20:14:02 +0300
Subject: [PATCH 15/15] traefik

---
 hosts/kittykat/traefik.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hosts/kittykat/traefik.nix b/hosts/kittykat/traefik.nix
index bf8a7fe..e6abfb4 100644
--- a/hosts/kittykat/traefik.nix
+++ b/hosts/kittykat/traefik.nix
@@ -1,4 +1,9 @@
 {config, ...}: {
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [80 443];
+  };
+
   services.traefik = {
     enable = true;