feat: add aarch64 support

- Switch repository from rclone:gdrive to s3 b2
- Add node_modules exclude pattern
- Update secrets

flake.nix

@@ -31,8 +31,8 @@
   outputs = { self, nixpkgs, home-manager, ... } @ inputs:
     let
       rootPath = ./.;
-      system = "x86_64-linux";
+      systems = [ "x86_64-linux" "aarch64-linux" ];
-      pkgs = import nixpkgs { inherit system; };
+      forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
     in
     {
       nixosConfigurations = {
@@ -63,9 +63,19 @@
           extraSpecialArgs = { inherit inputs rootPath; };
           modules = [ ./home/hosts/wsl.nix ];
         };
+        "android@y2q" = home-manager.lib.homeManagerConfiguration {
+          pkgs = nixpkgs.legacyPackages.aarch64-linux;
+          extraSpecialArgs = { inherit inputs rootPath; };
+          modules = [ ./home/hosts/y2q.nix ];
+        };
       };
 
-      devShells.${system}.default = pkgs.mkShell {
+      devShells = forAllSystems (system:
+        let
+          pkgs = import nixpkgs { inherit system; };
+        in
+        {
+          default = pkgs.mkShell {
             buildInputs = [
               pkgs.nix
               pkgs.home-manager
@@ -76,8 +86,10 @@
               HOST=$(hostname)
               alias deploy-nixos="sudo nixos-rebuild switch --flake .#$HOST"
               alias deploy-vps="nixos-rebuild switch --flake .#vps --target-host root@vps"
-          alias deploy-home="home-manager switch --flake .#toast@$HOST"
+              alias deploy-home="home-manager switch --flake .#$USER@$HOST"
             '';
           };
+        }
+      );
     };
 }

home/hosts/y2q.nix

@@ -0,0 +1,23 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  imports = [
+    inputs.nixvim.homeModules.nixvim
+    inputs.sops-nix.homeManagerModules.sops
+  ] ++ (
+    let
+      modulesPath = ../modules;
+      cliModules = builtins.attrNames (builtins.readDir (modulesPath + "/cli/"));
+    in
+      map (module: modulesPath + "/cli/${module}") cliModules
+  );
+
+  home = {
+    username = "android";
+    homeDirectory = "/home/android";
+    stateVersion = "24.11";
+  };
+
+  nixpkgs.config.allowUnfree = true;
+  systemd.user.startServices = "sd-switch";
+}

home/modules/cli/opencode.nix

@@ -1,3 +1,41 @@
+{ config, ... }:
+
 {
-  programs.opencode.enable = true;
+  sops.secrets = {
+    "openrouter_api_key" = {};
+    "github_token" = {};
+    "context7_api_key" = {};
+  };
+
+  programs.opencode = {
+    enable = true;
+    settings = {
+      theme = "opencode";
+      provider = {
+        openrouter = {
+          options = {
+            apiKey = "{file:${config.sops.secrets."openrouter_api_key".path}}";
+          };
+        };
+      };
+      mcp = {
+        github = {
+          enabled = true;
+          type = "remote";
+          url = "https://api.githubcopilot.com/mcp/";
+          headers = {
+            Authorization = "Bearer {file:${config.sops.secrets."github_token".path}}";
+          };
+        };
+        context7 = {
+          enabled = true;
+          type = "remote";
+          url = "https://mcp.context7.com/mcp";
+          headers = {
+            "CONTEXT7_API_KEY" = "{file:${config.sops.secrets."context7_api_key".path}}";
+          };
+        };
+      };
+    };
+  };
 }

home/modules/cli/sops.nix

@@ -1,10 +1,8 @@
-{ rootPath, ... }:
+{ rootPath, config, ... }:
 
 {
   sops.defaultSopsFile = rootPath + /secrets/secrets.yaml;
   sops.defaultSopsFormat = "yaml";
 
-  sops.age.keyFile = "/home/toast/.config/sops/age/keys.txt";
+  sops.age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
-
-  sops.secrets."tailscale/authkey" = { };
 }

hosts/nixos/modules/services/flatpak.nix

@@ -6,7 +6,6 @@
     packages = [
       "org.vinegarhq.Sober"
       "org.vinegarhq.Vinegar"
-      "com.spotify.Client"
       "md.obsidian.Obsidian"
     ];
     overrides = {

hosts/nixos/modules/services/restic.nix

@@ -1,10 +1,12 @@
 { config, ... }:
 
 {
-  sops.secrets."restic/password" = { };
+  sops.secrets = {
-  sops.secrets."restic/rclone-config" = { };
+    "restic/password" = {};
+    "restic/env" = {};
+  };
 
-  services.restic.backups.gdrive = {
+  services.restic.backups.b2 = {
     initialize = true;
     inhibitsSleep = true;
     passwordFile = config.sops.secrets."restic/password".path;
@@ -12,8 +14,9 @@
       "/data/Backup"
       "/home/toast/workspace"
     ];
-    repository = "rclone:gdrive:restic";
+    exclude = [ "node_modules" ];
-    rcloneConfigFile = config.sops.secrets."restic/rclone-config".path;
+    repository = "s3:https://s3.us-east-005.backblazeb2.com/restic-backups-0";
+    environmentFile = config.sops.secrets."restic/env".path;
     pruneOpts = [
       "--keep-daily 7"
       "--keep-weekly 3"

secrets/secrets.yaml

@@ -1,9 +1,11 @@
 tailscale:
     authkey: ENC[AES256_GCM,data:ssxd13QKzXbezZs9ewR0CRsN0T6FMzQjGyJ5czjv4lHP6ODM1hAkS728vInfgq2hwUwVzs17I0C4017MGg==,iv:r/M4WtjrQZLdqidlFNUvY9NQhDSntNka2iYOAu+RQc8=,tag:kycZLagUboZ31ryQ3exi3w==,type:str]
 github_token: ENC[AES256_GCM,data:3LoIlgJTmCfMwPcTz1Q+exe8QV8XaYuYu6pAQp6yKq0aSspTo12G5w==,iv:cwhF34tcoiss/Oy/N5SdTHo4ZEbPeVZYm8PgoD29YSk=,tag:PItjK2ZPMSKVa4AsNnkhPw==,type:str]
+openrouter_api_key: ENC[AES256_GCM,data:c0GHwhX5S4cfOXs6iR8TWVwhW90bvehWdy8lJBmbZvnz9nK7VSobaVPJZ2e1G5rUvAtgEGvwX9WBhkvGMHpU/tdkzzUIHQN5iw==,iv:yGTo1b7EXOGsgyeHTuWYSbiE3EtvASvrjIu98+Hgl4c=,tag:X/b3FKrPe9igt415eyfdyQ==,type:str]
+context7_api_key: ENC[AES256_GCM,data:3fvSGzii2MqlfMCFYIUcC8Fa18KBh2K91rYPtXe04+UzNb/ElBEVMoH4Gw==,iv:4cZlsYZVum/Ui3MNAzSMb8JxOCNchUzuwlh890Lc4vo=,tag:RDjeujPxDQC5eRqDcKfbvA==,type:str]
 restic:
-    password: ENC[AES256_GCM,data:CaWwS1Pm2LoeLHWtZv7fahpyJu4vgGgNo5E88tDXK767UH39naxcJuejq1l2Bb2OM5x8+zsIUPz8mPYAJD/Yaw==,iv:zJSZKliRzGdTlBMXk6wG9aVeR3xFQP2chcHm3LrNfjk=,tag:z90vqLU29EPgczL4X/XG4g==,type:str]
+    password: ENC[AES256_GCM,data:LhO9evxJ1jO+/jVefT1ImRB7mdQB6VWxMdXPzAX4v9ICy5V+QlPDHdug3fKgZfzZ2EJtxy0LeQqHhyACKvPACA==,iv:Ag5BXn7gViL2J7qALn6WoQ1zwS69/NkjU9iP7pw2g0U=,tag:nUSCMkojdSA3+aJ4OKM8rw==,type:str]
-    rclone-config: ENC[AES256_GCM,data:HAuuawWALDQzsn6wJxQIbh57OaJnqwfm4tfhVJJ61wUgC3Kg3a/butjTCX6Q9DVQ7ygK2KH/29p4/lzSeQTGpMx7evOYi8qHQmvW+XMepx0+DEN6+y8iMRw3HG2/cctWoLDcf1RPw+eQdhDPSd/TnU26gNNdxEfTkEKPxQ5ctlLMmyGmUy2UCMarG5I6F88M2y608syTMDfbF22YHpLCBcofKbpvN9rOvqmrM8KxZ8m4JVDcbA23/X36dVkWYKrBuTW8Y2Wuo1o7dAesHIXsxW0KstnJomn/2bDNVjbsiaAlT7Vt4WVm0Gmg8ost2IrAqOeQdevw3V2SYhfCtCEJSmtpvR7KFO0e/Jsj0kF1xFdVQR7QyYO2IsyAyAozpD9pILVNOrfZ6LT8TYI+p1RnR504lumo1VPXKoRE6nnyaZWb1ABuSqXhiOVQcHN2Kg9WWEk6d3XhoIcVob1MFLvgoFttMn5dMUFqtpmpKm+E7/jxGP7wg19pmWanfr2lsbt/vnobkqKFLWFevfuK9u6atRXYo4PyONPo2KDwpI7+7WBBD49pbiklxyNUGYgYpIsLrvaG1fVnCxgdGKI7vdtBK9uLVIEP2t0cZqGs2SjEfBhJrGgU76vSTQrRm0RqA8B1WKXHOrqwaujhVzeaCf4tqRGR1StTtqTeMQ7rKi14oPFXOPTXElSVXvWlFi3yForFpUSptcGJEj5HyHwuzxOww6K2bvOltznOWO0OvI6yVMS0VfagcQBWkV7Gy6qPR98o5v18ZBfDIh8OpcnDwZ2SotTzQfkIUXWzzNTs71cWNCuQexufOzKYk/Afb8kZk1msa3q2jKZj9I3/B0siyE0X6pKgoKuV7t27PSXuDyaFSkd8+E2SLM/GPEBOXy22UwOMvcGbB+s=,iv:MXTKIls+iKS9zAm09acTBmh2imzrjIo5ojLiFW3nGuY=,tag:Z0sDuGYaz/3ZdvVqCY1m/g==,type:str]
+    env: ENC[AES256_GCM,data:1FJTGyT115aL0kZWUE52wqLbLYJ3ArrM9+Xm8DvtWzjzJAM5UdRzN0LZtToxFE6jn7Z3DmCQT4lI08EeVtHgcEABteDyk40v2Z6PFq0EjWS/Y13iOi507yE1NsiHKAF3Ew==,iv:OuKSnQDVLJVtrXe7nNlU8vG5cJr2NiToC0/dGfZ+iW0=,tag:nWI6gjfawt8OWHyPX3d+eQ==,type:str]
 zipline:
     env: ENC[AES256_GCM,data:HOcqrzXnu+BcpZYgv1yzPOTV4ydJiVa0oIXQWMUNt/X6q2TUGPOTwWg/dOgzoi6jGzFxm+wJzugO4lLQurUV0DiWIWLDSm/PK+zW34yLYwMrwK1bRaF9yl7usAN6BEmpLw==,iv:9IZDQRT2JoXNTuyPZrwRSr2m3SnXaLmJcafpkraCFWA=,tag:+7EoCTiY9f0/C5jgvPQknA==,type:str]
     token: ENC[AES256_GCM,data:Ke+cJQ6Up5RUGqe/3tG7Nk40PoOQ1Vq1jN5QN4N5LXOFgclXpzN7sjx0bumFVEcgg4B7UkHmjHzjRAPtWheFu+1PaN02aQVLMGzYXgujqmccC+6roxYt4vdN0CLzf0Ii7k5KUwX3QdOV+lrVwyoBjgQyTD839YnODI7zavf+aDMlrE4+BlFjjV8MUQHsJ5G017xN0XLKOBIQsGpMl40YsvVXFrNwkZ+DkN7bXCZBiHI41W44snB1C3wkYOO+a0g4JzVjIhcHXalYgOW4Unuyyah8yDoXRxuSq7aZpQ+/AHRiuIuaHSrE5BUJu/9bJdjojNuk6VTsaLFtngViSjtyztcqMAIHFFq/KXAog8tg16dJH/V6PomrWXY=,iv:H/EcD/oNSw1mIwxsqyMeSRPsY7lnzEzTNJs6OPNfPw4=,tag:FgH9Nwxnq62uhCd/Av2kAA==,type:str]
@@ -18,7 +20,7 @@ sops:
             Z0crWElZcVFMVUd0VytoTHFqbkRDck0KY8nsRThk1hCA/yDNy5JJ0T6pTUwRZhYW
             j8grD6JYvauuYa+3tSIwqy2RPiKltx696n9nXy9iPnFUO0QY/rQGVg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-09-25T08:59:38Z"
+    lastmodified: "2025-10-09T07:41:18Z"
-    mac: ENC[AES256_GCM,data:BjdbNsicAIUBzztvYLFtyWpQKfAwAL6iYygr7RZsqeszRiNb2fjVC1m4LBgp9f+NWkb2QFXcHouFzeUq84ZMO1QZHGAXgbbV5mR2oHqPl32/Hi387T3lvVjQjSlwh8eMAj4/6e51jmaCuNevOTtZ8Lf7T0FRMNXUSMFL+EbffQo=,iv:A7dl71Zx81QtxiSK0ujYrtlUNhel/NmxfpFVRNsk6Aw=,tag:Y19XPnTaJ0wVa+avpDaUeQ==,type:str]
+    mac: ENC[AES256_GCM,data:zLuNIqXZaFBGXHEXDLbs5U2IaJRNDuPWX6MAhFVP28dWsghWgcNF3Oh09YCO4rAtgby73rN48Stm/mvmUFnvP90t0vGXRlAsflNnGJhiwMW9YyUGBaFUh2BSKUzOC37R+ZQEpchngqCoIHjCtAL+1EWjgF0QCac/aH9rwBd6MmQ=,iv:Z9/KOe1LgZpDw5l2Sk0f19hyV7dQotxuDi2GdOFsK0E=,tag:YngGlczVYLhShguSJyXe0g==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2