From 9a4ff80762a245437019ed8f3ea81c80cefa2d60 Mon Sep 17 00:00:00 2001
From: Lyes Saadi <dev@lyes.eu>
Date: Thu, 22 Jan 2026 16:25:35 +0100
Subject: [PATCH] Adding rate limit for zora, and other config tweaks

---
 flake.lock                         | 42 +++++++++++++--------------
 hosts/zora/networking.nix          | 46 ++++++++++++++++++++----------
 modules/common/packages.nix        |  2 ++
 modules/desktop/gaming/default.nix | 14 +++++++++
 modules/server/agraf/default.nix   |  8 ++++++
 modules/server/lanayru/default.nix | 14 +++++++--
 users/lyes/desktop/packages.nix    |  3 +-
 users/lyes/home/shells/fish.nix    |  1 +
 8 files changed, 90 insertions(+), 40 deletions(-)

diff --git a/flake.lock b/flake.lock
index 286adb5..6c07cce 100644
--- a/flake.lock
+++ b/flake.lock
@@ -47,11 +47,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1768696246,
-        "narHash": "sha256-IuoFZtPL/M0lNN4V+MOZT0eyTfh1FvUj9Ubo7yvhYPU=",
+        "lastModified": 1768786317,
+        "narHash": "sha256-B+mFBhKQUEd543lxmBnJWiMvN/mbTzwIDmVbI1GlvKk=",
         "owner": "9001",
         "repo": "copyparty",
-        "rev": "d9255538100f5196a7e4ffdd78661f68d77cdb4f",
+        "rev": "78f6855f08a210ded0eeb34da9eafb9cc2de024b",
         "type": "github"
       },
       "original": {
@@ -109,11 +109,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1766150702,
-        "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
+        "lastModified": 1768923567,
+        "narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
+        "rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28",
         "type": "github"
       },
       "original": {
@@ -245,11 +245,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1768703115,
-        "narHash": "sha256-JAXjGiDWlQJSwniCYlnEwU/2KjI0bJ/lV0gpyD9UjxE=",
+        "lastModified": 1768927746,
+        "narHash": "sha256-zyMpWHqcpKVmRc1W2NEK7DAuyVJZV62Jdjqudg70b1k=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "05fd3bababe5924f9a6128285e7cf6c67d45f3c0",
+        "rev": "63a87808f5f9b6e4195a1d33f6ea25d23f4aa0df",
         "type": "github"
       },
       "original": {
@@ -267,11 +267,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1767104570,
-        "narHash": "sha256-GKgwu5//R+cLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk=",
+        "lastModified": 1768434960,
+        "narHash": "sha256-cJbFn17oyg6qAraLr+NVeNJrXsrzJdrudkzI4H2iTcg=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e4e78a2cbeaddd07ab7238971b16468cc1d14daf",
+        "rev": "b4d88c9ac42ae1a745283f6547701da43b6e9f9b",
         "type": "github"
       },
       "original": {
@@ -335,11 +335,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1768584846,
-        "narHash": "sha256-IRPmIOV2tPwxbhP/I9M5AmwhTC0lMPtoPStC+8T6xl0=",
+        "lastModified": 1768736227,
+        "narHash": "sha256-qgGq7CfrYKc3IBYQ7qp0Z/ZXndQVC5Bj0N8HW9mS2rM=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "cce68f4a54fa4e3d633358364477f5cc1d782440",
+        "rev": "d447553bcbc6a178618d37e61648b19e744370df",
         "type": "github"
       },
       "original": {
@@ -431,11 +431,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1766902085,
-        "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=",
+        "lastModified": 1768127708,
+        "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4",
+        "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38",
         "type": "github"
       },
       "original": {
@@ -533,11 +533,11 @@
         "nixpkgs": "nixpkgs_4"
       },
       "locked": {
-        "lastModified": 1768638486,
-        "narHash": "sha256-+LC0wOiliUXbIj6zT2hCoOQ0zn33BD2NxGoy0QqP3Eo=",
+        "lastModified": 1768919538,
+        "narHash": "sha256-w10iy/aqd5LtD78NDWWG+eKGzkb+cGhAAo7PVciLbWE=",
         "owner": "0xc000022070",
         "repo": "zen-browser-flake",
-        "rev": "76bbc35c59419b8b0616fb779ce5600e85edab11",
+        "rev": "37149a5b77e8fd2b5332e8cec9edf39ca5b8e8bc",
         "type": "github"
       },
       "original": {
diff --git a/hosts/zora/networking.nix b/hosts/zora/networking.nix
index 00f996b..d787241 100644
--- a/hosts/zora/networking.nix
+++ b/hosts/zora/networking.nix
@@ -101,20 +101,36 @@
   };
 
   # Imposing a bandwidth limit to avoid Aurore/Crans disruptions
-  # networking.nftables = {
-  #   tables.rate_limit = {
-  #     name = "rate_limit";
-  #     family = "inet";
-  #     enable = true;
-  #     content = ''
-  #       limit lim  { rate over 20 mbytes/second burst 40 mbytes ; comment "use to limit taffic" ; }
+  networking.nftables = {
+    tables.rate_limit = {
+      name = "rate_limit";
+      family = "inet";
+      enable = true;
+      content = ''
+        limit ratelimit { rate 1250 kbytes/second burst 2500 kbytes ; comment "used to limit taffic" ; }
 
-  #       chain IN {
-  #         type filter hook input priority filter; policy drop;
-  #         tcp dport 80 limit name "lim" accept
-  #         tcp dport 443 limit name "lim" accept
-  #       }
-  #     '';
-  #   };
-  # };
+        chain input {
+          type filter hook input priority 0; policy drop;
+
+          iifname lo accept
+
+          tcp dport 22 accept
+
+          iifname ens2f0 limit name "ratelimit" accept
+
+          iifname veth-mogma limit name "ratelimit" accept
+        }
+      '';
+
+        # chain output {
+        #   type filter hook output priority 0; policy drop;
+
+        #   iifname lo accept
+
+        #   tcp dport 22 accept
+
+        #   iifname ens2f0 limit name "ratelimit" accept
+        # }
+    };
+  };
 }
diff --git a/modules/common/packages.nix b/modules/common/packages.nix
index ef8a399..ca12693 100644
--- a/modules/common/packages.nix
+++ b/modules/common/packages.nix
@@ -18,6 +18,8 @@
     man-pages-posix
     python3
     cheat
+    htop
+    killall
 
     # Nix
     home-manager
diff --git a/modules/desktop/gaming/default.nix b/modules/desktop/gaming/default.nix
index 80a3fee..325989f 100644
--- a/modules/desktop/gaming/default.nix
+++ b/modules/desktop/gaming/default.nix
@@ -27,4 +27,18 @@
     mangohud
     protonup-ng
   ];
+
+  # Additional rules for Switch 2 pro controllers
+  services.udev.extraRules = ''
+    SUBSYSTEM=="usb", ATTR{idVendor}=="057e", ATTR{idProduct}=="2066", MODE="0666"
+    SUBSYSTEM=="usb", ATTR{idVendor}=="057e", ATTR{idProduct}=="2067", MODE="0666"
+    SUBSYSTEM=="usb", ATTR{idVendor}=="057e", ATTR{idProduct}=="2068", MODE="0666"
+    SUBSYSTEM=="usb", ATTR{idVendor}=="057e", ATTR{idProduct}=="2069", MODE="0666"
+    SUBSYSTEM=="usb", ATTR{idVendor}=="057e", ATTR{idProduct}=="2073", MODE="0666"
+    SUBSYSTEM=="hidraw", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="2066", MODE="0666"
+    SUBSYSTEM=="hidraw", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="2067", MODE="0666"
+    SUBSYSTEM=="hidraw", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="2068", MODE="0666"
+    SUBSYSTEM=="hidraw", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="2069", MODE="0666"
+    SUBSYSTEM=="hidraw", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="2073", MODE="0666"  
+  '';
 }
diff --git a/modules/server/agraf/default.nix b/modules/server/agraf/default.nix
index f22e363..5772227 100644
--- a/modules/server/agraf/default.nix
+++ b/modules/server/agraf/default.nix
@@ -153,6 +153,14 @@
             r = [ "*" ];
           };
         };
+
+        "/u/lyes/data" = {
+          path = "/var/data/";
+          access = {
+            "rwmd." = [ "lyes" ];
+          };
+        };
+
       };
 
     openFilesLimit = 65536;
diff --git a/modules/server/lanayru/default.nix b/modules/server/lanayru/default.nix
index 1bbdc77..d12ce73 100644
--- a/modules/server/lanayru/default.nix
+++ b/modules/server/lanayru/default.nix
@@ -16,12 +16,20 @@
         ip = "0.0.0.0";
         port = 44312;
 
+        downloadsPath = "${config.services.suwayomi-server.dataDir}";
+        downloadAsCbz = true;
+        autoDownloadNewChapters = true;
+        excludeEntryWithUnreadChapters = false;
+
+        excludeUnreadChapters = false;
+        excludeNotStarted = false;
+        excludeCompleted = false;
+        globalUpdateInterval = 6;
+
         extensionRepos = [
           "https://raw.githubusercontent.com/keiyoushi/extensions/repo/index.min.json"
         ];
 
-        downloadAsCbz = true;
-
         basicAuthEnabled = true;
         basicAuthUsername = "lyes";
         basicAuthPasswordFile = config.age.secrets.suwayomi-pass.path;
@@ -29,7 +37,7 @@
         # backupPath = "/unv/backups/suwayomi";
         # backupTime = "07:11";
 
-        localSourcePath = "/var/data/manga/local";
+        localSourcePath = "${config.services.suwayomi-server.dataDir}/local";
       };
     };
   };
diff --git a/users/lyes/desktop/packages.nix b/users/lyes/desktop/packages.nix
index bfe0cb2..f8b9f01 100644
--- a/users/lyes/desktop/packages.nix
+++ b/users/lyes/desktop/packages.nix
@@ -65,7 +65,7 @@ in {
 
     # Games
     heroic
-    # cemu
+    cemu
     prismlauncher
     # vvvvvv
     ryubing
@@ -137,6 +137,7 @@ in {
     z3
     # CryptoVerif
     cryptoverif
+    fstar
 
     # Containers & VMs
     toolbox
diff --git a/users/lyes/home/shells/fish.nix b/users/lyes/home/shells/fish.nix
index 82fe78a..cf6fee6 100644
--- a/users/lyes/home/shells/fish.nix
+++ b/users/lyes/home/shells/fish.nix
@@ -24,6 +24,7 @@
       ls = "eza";
       cat = "bat";
       grep = "rg";
+      ncdu = "dust";
     };
 
     shellInit = ''