fix(searxng): resolve 502 error and apply Catppuccin theme

- Fix Redis connection by using container-to-container networking.
- Apply Catppuccin (Mocha/Latte) theme via custom CSS.
- Enable SearXNG module in host configuration.
- Configure Caddy reverse proxy and DDclient for search.ashisgreat.xyz.

scripts/cleanup_steam_migration.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+set -e
+
+# Only run if /games/steam is a mountpoint to verify we aren't deleting the only copy
+if ! mountpoint -q /games/steam; then
+    echo "CRITICAL ERROR: /games/steam is NOT a mountpoint."
+    echo "This implies the migration didn't apply correctly or the subvolume isn't mounted."
+    echo "Aborting cleanup to prevent data loss."
+    exit 1
+fi
+
+if [ "$EUID" -ne 0 ]; then 
+  echo "Please run this script with doas: doas $0"
+  exit 1
+fi
+
+cd /games || exit 1
+
+echo "Starting cleanup of old Steam files in /games..."
+echo "Preserving: 3DS, Switch, battlenet, and the 'steam' mountpoint."
+
+# Iterate over all files/dirs, including hidden ones
+for item in * .[^.]*; do
+    # Skip . and ..
+    if [[ "$item" == "." || "$item" == ".." ]]; then continue; fi
+
+    case "$item" in
+        "3DS"|"Switch"|"battlenet"|"steam")
+            echo "  [KEEP] $item"
+            ;;
+        *)
+            echo "  [DELETE] $item"
+            rm -rf "$item"
+            ;;
+    esac
+done
+
+echo "Cleanup complete. /games now contains only non-Steam games and the 'steam' directory."

scripts/convert-kernel-config-full.sh

@@ -0,0 +1,84 @@
+#!/usr/bin/env bash
+# Convert COMPLETE kernel config to Nix structuredExtraConfig format
+# Reads the generated kernel-config and outputs ALL options
+
+CONFIG_FILE="/home/ashie/nixos/hosts/nixos/kernel-config"
+OUTPUT_FILE="/home/ashie/nixos/hosts/nixos/kernel-config.nix"
+
+echo "Converting $CONFIG_FILE to structuredExtraConfig format (FULL)..."
+
+# Start the Nix attribute set
+cat > "$OUTPUT_FILE" << 'EOF'
+# Auto-generated from kernel-config (FULL)
+# Run scripts/convert-kernel-config.sh to regenerate
+{ lib }:
+with lib.kernel;
+{
+EOF
+
+# Process line by line
+declare -A seen_keys
+while read -r line; do
+    # Skip empty lines and comments that are not "is not set"
+    if [[ -z "$line" ]]; then continue; fi
+    if [[ "$line" =~ ^#\ .*is\ not\ set$ ]]; then
+        # Handle "is not set"
+        key=$(echo "$line" | sed 's/^# CONFIG_\(.*\) is not set$/\1/')
+        val="no"
+    elif [[ "$line" =~ ^CONFIG_ ]]; then
+        # Handle "CONFIG_KEY=VALUE"
+        # Extract key and value. Value is everything after first =
+        key=$(echo "$line" | cut -d= -f1 | sed 's/^CONFIG_//')
+        val=$(echo "$line" | cut -d= -f2-)
+    else
+        # Skip other lines (comments etc)
+        continue
+    fi
+
+    # Formatting logic
+    
+    # 1. Quote key if it starts with digit
+    if [[ "$key" =~ ^[0-9] ]]; then
+        nix_key="\"$key\""
+    else
+        nix_key="$key"
+    fi
+
+    # 2. Convert value to Nix format
+    if [[ "$val" == "no" ]]; then
+        nix_val="no"
+    elif [[ "$val" == "y" ]]; then
+        nix_val="yes"
+    elif [[ "$val" == "m" ]]; then
+        nix_val="module"
+    elif [[ "$val" == "\"\"" ]]; then
+        nix_val="(freeform \"\")"
+    elif [[ "$val" =~ ^\" ]]; then
+        # It's a string literal "foo". 
+        # NixOS kernel config usually likes freeform for arbitrary strings to avoid type issues.
+        # Let's wrap it in freeform just like we do for numbers/bare words.
+        # But wait, val already has quotes. So val is "\"foo\"".
+        # freeform expects a string. so (freeform "\"foo\"") is correct? 
+        # Actually (freeform "foo") is probably what we want if we strip quotes?
+        # No, freeform value is written AS IS to .config.
+        # So if .config has CONFIG_FOO="bar", we want freeform "\"bar\"".
+        # So we keep the quotes in val.
+        nix_val="(freeform $val)"
+    else
+        # It's a number, hex, or bare word. Wrap in freeform.
+        nix_val="(freeform \"$val\")"
+    fi
+
+    # Output with mkForce
+    if [[ -z "${seen_keys[$nix_key]}" ]]; then
+        echo "  $nix_key = lib.mkForce $nix_val;" >> "$OUTPUT_FILE"
+        seen_keys["$nix_key"]=1
+    fi
+
+done < "$CONFIG_FILE"
+
+# Close the attribute set
+echo "}" >> "$OUTPUT_FILE"
+
+echo "Generated $OUTPUT_FILE"
+echo "Total options: $(grep -c '=' "$OUTPUT_FILE")"

scripts/convert-kernel-config.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+# Convert kernel config to Nix structuredExtraConfig format
+# Reads the generated kernel-config and outputs disabled options
+
+CONFIG_FILE="/home/ashie/nixos/hosts/nixos/kernel-config"
+OUTPUT_FILE="/home/ashie/nixos/hosts/nixos/kernel-config.nix"
+
+echo "Converting $CONFIG_FILE to structuredExtraConfig format..."
+
+# Start the Nix attribute set
+cat > "$OUTPUT_FILE" << 'EOF'
+# Auto-generated from kernel-config
+# Run scripts/convert-kernel-config.sh to regenerate
+{ lib }:
+with lib.kernel;
+{
+EOF
+
+# Extract disabled options (lines that say "# CONFIG_XXX is not set")
+grep "^# CONFIG_.*is not set" "$CONFIG_FILE" | while read -r line; do
+    # Extract config name from "# CONFIG_XXX is not set"
+    config_name=$(echo "$line" | sed 's/^# CONFIG_\(.*\) is not set$/\1/')
+    # Quote names that start with a number (invalid Nix syntax otherwise)
+    # Use mkForce to override NixOS defaults
+    if [[ "$config_name" =~ ^[0-9] ]]; then
+        echo "  \"$config_name\" = lib.mkForce no;" >> "$OUTPUT_FILE"
+    else
+        echo "  $config_name = lib.mkForce no;" >> "$OUTPUT_FILE"
+    fi
+done
+
+# Close the attribute set
+echo "}" >> "$OUTPUT_FILE"
+
+echo "Generated $OUTPUT_FILE"
+echo "Total disabled options: $(grep -c '= no;' "$OUTPUT_FILE")"

scripts/launch-vpn-app.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+# Check if running as root
+if [ "$EUID" -ne 0 ]; then
+  # Re-run as root, preserving environment
+  # doas automatically preserves some env, allowing specific ones if configured, 
+  # but for simplicity we rely on the internal command to handle env variables.
+  exec doas "$0" "$@"
+fi
+
+NAMESPACE="vpn"
+USER="ashie" # Hardcoded for now, could be dynamic
+
+# Check if namespace exists
+if ! ip netns list | grep -q "$NAMESPACE"; then
+  echo "Error: Network namespace '$NAMESPACE' does not exist."
+  echo "Ensure vpn-netns.service is running."
+  exit 1
+fi
+
+COMMAND="$@"
+
+if [ -z "$COMMAND" ]; then
+  echo "Usage: $0 <command> [args...]"
+  exit 1
+fi
+
+# Execute in namespace as the user
+# We use `doas -u $USER` INSIDE the namespace to drop back to user privileges
+# We MUST explicitly pass environment variables because doas cleans them.
+# The bwrapper needs HOME, XDG_RUNTIME_DIR, etc. to function correctly.
+exec ip netns exec "$NAMESPACE" doas -u "$USER" env \
+  HOME="/home/$USER" \
+  USER="$USER" \
+  XDG_RUNTIME_DIR="/run/user/$(id -u $USER)" \
+  WAYLAND_DISPLAY="$WAYLAND_DISPLAY" \
+  DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(id -u $USER)/bus" \
+  $COMMAND

scripts/migrate_steam.sh

@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+set -e
+
+# Configuration
+SOURCE_DIR="/games"
+TARGET_MOUNT="/mnt/new_steam"
+BTRFS_ROOT_MOUNT="/mnt/btrfs_root"
+DEVICE="/dev/mapper/cryptdata"
+SUBVOL_NAME="@steam"
+USER_OWNER="ashie"
+GROUP_OWNER="users"
+
+# Ensure we are running with doas or root
+if [ "$EUID" -ne 0 ]; then 
+  echo "Please run this script with doas: doas $0"
+  exit 1
+fi
+
+echo "Starting Steam migration..."
+
+# 1. Mount Btrfs root
+mkdir -p "$BTRFS_ROOT_MOUNT"
+echo "Mounting btrfs root..."
+mount -o subvolid=5 "$DEVICE" "$BTRFS_ROOT_MOUNT"
+
+# 2. Create subvolume
+if [ -d "$BTRFS_ROOT_MOUNT/$SUBVOL_NAME" ]; then
+    echo "Subvolume $SUBVOL_NAME already exists."
+else
+    echo "Creating subvolume $SUBVOL_NAME..."
+    btrfs subvolume create "$BTRFS_ROOT_MOUNT/$SUBVOL_NAME"
+fi
+
+# 3. Mount new subvolume
+mkdir -p "$TARGET_MOUNT"
+echo "Mounting new subvolume to $TARGET_MOUNT..."
+mount -o subvol="$SUBVOL_NAME" "$DEVICE" "$TARGET_MOUNT"
+
+# 4. Copy files with reflink (instant copy)
+echo "Copying files from $SOURCE_DIR to $TARGET_MOUNT..."
+shopt -s dotglob
+for item in "$SOURCE_DIR"/*; do
+    name=$(basename "$item")
+    case "$name" in
+        "3DS"|"Switch"|"battlenet")
+            echo "Skipping $name"
+            ;;
+        *)
+            echo "Moving $name..."
+            cp --reflink=always -r "$item" "$TARGET_MOUNT/"
+            ;;
+    esac
+done
+
+# 5. Set permissions
+echo "Setting permissions..."
+chown -R "$USER_OWNER":"$GROUP_OWNER" "$TARGET_MOUNT"
+
+# 6. Unmount
+echo "Unmounting..."
+umount "$TARGET_MOUNT"
+umount "$BTRFS_ROOT_MOUNT"
+rmdir "$TARGET_MOUNT" "$BTRFS_ROOT_MOUNT"
+
+echo "Migration data copy complete."
+echo "Please verify the contents if possible."
+echo ""
+echo "NEXT STEPS:"
+echo "1. Run 'nixos-rebuild switch' to apply the new hardware-configuration.nix changes."
+echo "2. Once verified, you can manually delete the old files in /games to free up space (the space is currently shared via reflink, so deleting won't free space until the old refs are gone, but it cleans up the folder view)."
+echo "   Example: doas rm -rf /games/steamfiles..."