fix: long topology rendering times

.github/README.md

@@ -109,7 +109,7 @@
   <details>
     <summary>Click here for a summary of my infrastructure</summary>
 
-<img width="3854" height="7060" alt="topology" src="https://github.com/user-attachments/assets/fc557fdb-b779-4530-ae19-93ff019a2b29" />
+<img width="4250" height="9117" alt="topology" src="https://github.com/user-attachments/assets/582264cf-f239-4699-b90f-69f2cef5a7b2" />
 
 
   ### Programs

SwarselSystems.org

@@ -1736,8 +1736,8 @@ A short overview over each input and what it does:
       nixpkgs-stable25_11.url = "github:NixOS/nixpkgs/nixos-25.11";
 
       home-manager = {
-        # url = "github:nix-community/home-manager";
+        url = "github:nix-community/home-manager";
-        url = "github:Swarsel/home-manager/main";
+        # url = "github:Swarsel/home-manager/main";
         inputs.nixpkgs.follows = "nixpkgs";
       };
       nix-index-database = {
@@ -2662,7 +2662,8 @@ Another note concerning [[https://flake.parts/][flake-parts]]:
 
                 ender3 = mkDevice "Ender 3" {
                   info = "SKR V1.3, TMC2209 (Dual), TFT35";
-                  image = "${self}/files/topology-images/ender3.png";
+                  deviceIcon = "${self}/files/topology-images/ender3.png";
+                  icon = "${self}/files/topology-images/raspi.png";
                   interfaces.eth1 = { };
                   services = {
                     octoprint = {
@@ -2703,11 +2704,11 @@ Another note concerning [[https://flake.parts/][flake-parts]]:
                   services = {
                     ollama = {
                       name = "Ollama";
-                      icon = "${self}/files/topology-images/ollama.png";
+                      icon = "services.ollama";
                     };
                     openwebui = {
                       name = "Open WebUI";
-                      icon = "${self}/files/topology-images/openwebui.png";
+                      icon = "services.open-webui";
                     };
                     comfyui = {
                       name = "Comfy UI";
@@ -6207,7 +6208,7 @@ This machine mainly acts as my proxy server to stand before my local machines.
         };
         restic.targets = {
           SwarselMoonside = {
-            repository = config.repo.secrets.local.resticRepoState;
+            repository = config.repo.secrets.local.resticRepo;
             paths = [
               "/persist/opt/minecraft"
             ];
@@ -11347,22 +11348,7 @@ This is a collection of packages that are useful for server-type hosts that do n
       services = {
         # add a user with sudo smbpasswd -a <user>
         samba = {
-          # package = pkgs.samba4Full;
           package = pkgs.samba4;
-          # extraConfig = ''
-          #   workgroup = WORKGROUP
-          #   server role = standalone server
-          #   dns proxy = no
-
-          #   pam password change = yes
-          #   map to guest = bad user
-          #   create mask = 0664
-          #   force create mode = 0664
-          #   directory mask = 0775
-          #   force directory mode = 0775
-          #   follow symlinks = yes
-          # '';
-
           enable = true;
           openFirewall = true;
           settings.Eternor = {
@@ -12727,11 +12713,7 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
       sops.secrets.kavita-token = { inherit sopsFile; owner = serviceUser; };
 
       # networking.firewall.allowedTCPPorts = [ servicePort ];
-      topology.self.services.${serviceName} = {
+      topology.self.services.${serviceName}.info = "https://${serviceDomain}";
-        name = "Kavita";
-        info = "https://${serviceDomain}";
-        icon = "${self}/files/topology-images/${serviceName}.png";
-      };
 
       environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM {
         directories = [{ directory = "/var/lib/${serviceName}"; user = serviceUser; group = serviceGroup; }];
@@ -13149,9 +13131,8 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
       ];
 
       topology.self.services.${serviceName} = {
-        name = lib.toUpper serviceName;
         info = "http://localhost:${builtins.toString servicePort}";
-        icon = "${self}/files/topology-images/${serviceName}.png";
+        icon = lib.mkForce "${self}/files/topology-images/mpd.png";
       };
 
       environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM {
@@ -13160,13 +13141,14 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
 
       services.${serviceName} = {
         enable = true;
-        musicDirectory = "/storage/Music";
+        openFirewall = true;
+        settings = {
+          music_directory = "/storage/Music";
+          bind_to_address = "any";
+          port = servicePort;
+        };
         user = serviceUser;
         group = serviceGroup;
-        network = {
-          port = servicePort;
-          listenAddress = "any";
-        };
         credentials = [
           {
             passwordFile = config.sops.secrets.mpd-pw.path;
@@ -13234,13 +13216,6 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
     options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
     config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-      topology.self.services = {
-        ${serviceName} = {
-          name = lib.swarselsystems.toCapitalized serviceName;
-          icon = "${self}/files/topology-images/${serviceName}.png";
-        };
-      };
-
       services = {
         ${serviceName} = {
           enable = true;
@@ -13388,19 +13363,13 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
 
       # networking.firewall.allowedTCPPorts = [ servicePort federationPort ];
 
-      topology.self.services = {
+      topology.self.services = lib.listToAttrs (map
-        ${serviceName} = {
-          name = lib.swarselsystems.toCapitalized serviceName;
-          info = "https://${serviceDomain}";
-          icon = "${self}/files/topology-images/${serviceName}.png";
-        };
-      } // (lib.listToAttrs (map
         (service:
           lib.nameValuePair "mautrix-${service}" {
             name = "mautrix-${service}";
             icon = "${self}/files/topology-images/mautrix.png";
           })
-        [ "whatsapp" "signal" "telegram" ]));
+        [ "whatsapp" "signal" "telegram" ]);
 
       systemd = {
         timers."restart-bridges" = {
@@ -14463,8 +14432,7 @@ Note: you still need to run =restic-<name> init= once on the host to get the buc
   { lib, pkgs, config, ... }:
   let
     inherit (config.swarselsystems) sopsFile;
-
+    inherit (config.swarselsystems.server.restic) targets;
-    targets = config.swarselsystems.server.restic.targets;
   in
   {
     options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server";
@@ -15296,7 +15264,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with
       };
 
       environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM {
-        directories = [{ directory = "/var/lib/private/${serviceName}"; }];
+        directories = [{ directory = "/var/lib/private/anki-sync-server"; }];
       };
 
       services.anki-sync-server = {
@@ -16164,7 +16132,7 @@ kanidm person credential create-reset-token <user>
 
     postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres
     postgresPort = config.services.postgresql.settings.port; # 5432
-    containerRev = "sha256:96693e41a6eb2aae44f96033a090378270f024ddf4e6095edf8d57674f21095d";
+    containerRev = "sha256:bb8ad2b6891441d8ec5c3169b684b71574f3bb3e9afb345bad2f91d833d60340";
 
     inherit (config.swarselsystems) sopsFile;
   in
@@ -16834,7 +16802,7 @@ Deployment notes:
   - finally, disable new user registration in web ui
 
 #+begin_src nix-ts :tangle modules/nixos/server/slink.nix
-{ self, lib, config, dns, globals, confLib, ... }:
+{ lib, config, dns, globals, confLib, ... }:
 let
   inherit (confLib.gen { name = "slink"; port = 3000; dir = "/var/lib/slink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6;
   inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules;
@@ -16893,7 +16861,7 @@ in
     topology.self.services.${serviceName} = {
       name = lib.swarselsystems.toCapitalized serviceName;
       info = "https://${serviceDomain}";
-      icon = "${self}/files/topology-images/shlink.png";
+      icon = "services.not-available";
     };
 
     globals = {
@@ -17081,13 +17049,6 @@ in
         directories = [{ directory = "/var/lib/${serviceName}"; user = serviceUser; group = serviceGroup; }];
       };
 
-      systemd.services.homebox = {
-        environment = {
-          TMPDIR = "/var/lib/homebox/.tmp";
-          HOME = "/var/lib/homebox";
-        };
-      };
-
       services.${serviceName} = {
         enable = true;
         package = pkgs.bisect.homebox;
@@ -19085,7 +19046,7 @@ This has some state:
             ];
             dhcp.enabled = false;
           };
-          filtering.rewrites =  map
+          filtering.rewrites =  (map
             (domain: {
               inherit domain;
               # FIXME: change to homeWebProxy once that is setup
@@ -19093,7 +19054,13 @@ This has some state:
               # answer = globals.hosts.${webProxy}.wanAddress4;
               enabled = true;
             })
-            homeDomains;
+            homeDomains) ++ [
+              {
+                domain = "smb.${globals.domains.main}";
+                answer = globals.networks.home-lan.vlans.services.hosts.storage.ipv4;
+                enabled = true;
+              }
+            ];
           filters = [
             {
               name = "AdGuard DNS filter";
@@ -25156,16 +25123,20 @@ When setting up a new machine:
             ];
           };
 
+          systemd.user.tmpfiles.rules = [
+            "d ${homeDir}/.gnupg 0700 ${mainUser} users - -"
+          ];
+
           # assure correct permissions
-      systemd.user.tmpfiles.settings."30-gpgagent".rules = {
+          # systemd.user.tmpfiles.settings."30-gpgagent".rules = {
-        "${homeDir}/.gnupg" = {
+          #   "${homeDir}/.gnupg" = {
-          d = {
+          #     d = {
-            group = "users";
+          #       group = "users";
-            user = mainUser;
+          #       user = mainUser;
-            mode = "0700";
+          #       mode = "0700";
-          };
+          #     };
-        };
+          #   };
-      };
+          # };
         };
 
       }
@@ -37573,7 +37544,7 @@ Here lies defined the readme for GitHub and Forgejo:
     <details>
       <summary>Click here for a summary of my infrastructure</summary>
 
-  <img width="3854" height="7060" alt="topology" src="https://github.com/user-attachments/assets/fc557fdb-b779-4530-ae19-93ff019a2b29" />
+  <img width="4250" height="9117" alt="topology" src="https://github.com/user-attachments/assets/582264cf-f239-4699-b90f-69f2cef5a7b2" />
 
 
     ### Programs

flake.nix

@@ -36,8 +36,8 @@
     nixpkgs-stable25_11.url = "github:NixOS/nixpkgs/nixos-25.11";
 
     home-manager = {
-      # url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager";
-      url = "github:Swarsel/home-manager/main";
+      # url = "github:Swarsel/home-manager/main";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     nix-index-database = {

hosts/nixos/aarch64-linux/moonside/default.nix

@@ -84,7 +84,7 @@ in
       };
       restic.targets = {
         SwarselMoonside = {
-          repository = config.repo.secrets.local.resticRepoState;
+          repository = config.repo.secrets.local.resticRepo;
           paths = [
             "/persist/opt/minecraft"
           ];

modules/home/common/gpg-agent.nix

@@ -36,16 +36,20 @@ in
       ];
     };
 
+    systemd.user.tmpfiles.rules = [
+      "d ${homeDir}/.gnupg 0700 ${mainUser} users - -"
+    ];
+
     # assure correct permissions
-    systemd.user.tmpfiles.settings."30-gpgagent".rules = {
+    # systemd.user.tmpfiles.settings."30-gpgagent".rules = {
-      "${homeDir}/.gnupg" = {
+    #   "${homeDir}/.gnupg" = {
-        d = {
+    #     d = {
-          group = "users";
+    #       group = "users";
-          user = mainUser;
+    #       user = mainUser;
-          mode = "0700";
+    #       mode = "0700";
-        };
+    #     };
-      };
+    #   };
-    };
+    # };
   };
 
 }

modules/nixos/server/adguardhome.nix

@@ -59,7 +59,7 @@ in
           ];
           dhcp.enabled = false;
         };
-        filtering.rewrites = map
+        filtering.rewrites = (map
           (domain: {
             inherit domain;
             # FIXME: change to homeWebProxy once that is setup
@@ -67,7 +67,13 @@ in
             # answer = globals.hosts.${webProxy}.wanAddress4;
             enabled = true;
           })
-          homeDomains;
+          homeDomains) ++ [
+          {
+            domain = "smb.${globals.domains.main}";
+            answer = globals.networks.home-lan.vlans.services.hosts.storage.ipv4;
+            enabled = true;
+          }
+        ];
         filters = [
           {
             name = "AdGuard DNS filter";

modules/nixos/server/ankisync.nix

@@ -37,7 +37,7 @@ in
     };
 
     environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM {
-      directories = [{ directory = "/var/lib/private/${serviceName}"; }];
+      directories = [{ directory = "/var/lib/private/anki-sync-server"; }];
     };
 
     services.anki-sync-server = {

modules/nixos/server/homebox.nix

@@ -41,13 +41,6 @@ in
       directories = [{ directory = "/var/lib/${serviceName}"; user = serviceUser; group = serviceGroup; }];
     };
 
-    systemd.services.homebox = {
-      environment = {
-        TMPDIR = "/var/lib/homebox/.tmp";
-        HOME = "/var/lib/homebox";
-      };
-    };
-
     services.${serviceName} = {
       enable = true;
       package = pkgs.bisect.homebox;

modules/nixos/server/kavita.nix

@@ -23,11 +23,7 @@ in
     sops.secrets.kavita-token = { inherit sopsFile; owner = serviceUser; };
 
     # networking.firewall.allowedTCPPorts = [ servicePort ];
-    topology.self.services.${serviceName} = {
+    topology.self.services.${serviceName}.info = "https://${serviceDomain}";
-      name = "Kavita";
-      info = "https://${serviceDomain}";
-      icon = "${self}/files/topology-images/${serviceName}.png";
-    };
 
     environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM {
       directories = [{ directory = "/var/lib/${serviceName}"; user = serviceUser; group = serviceGroup; }];

modules/nixos/server/koillection.nix

@@ -6,7 +6,7 @@ let
 
   postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres
   postgresPort = config.services.postgresql.settings.port; # 5432
-  containerRev = "sha256:96693e41a6eb2aae44f96033a090378270f024ddf4e6095edf8d57674f21095d";
+  containerRev = "sha256:bb8ad2b6891441d8ec5c3169b684b71574f3bb3e9afb345bad2f91d833d60340";
 
   inherit (config.swarselsystems) sopsFile;
 in

modules/nixos/server/matrix.nix

@@ -63,19 +63,13 @@ in
 
     # networking.firewall.allowedTCPPorts = [ servicePort federationPort ];
 
-    topology.self.services = {
+    topology.self.services = lib.listToAttrs (map
-      ${serviceName} = {
-        name = lib.swarselsystems.toCapitalized serviceName;
-        info = "https://${serviceDomain}";
-        icon = "${self}/files/topology-images/${serviceName}.png";
-      };
-    } // (lib.listToAttrs (map
       (service:
         lib.nameValuePair "mautrix-${service}" {
           name = "mautrix-${service}";
           icon = "${self}/files/topology-images/mautrix.png";
         })
-      [ "whatsapp" "signal" "telegram" ]));
+      [ "whatsapp" "signal" "telegram" ]);
 
     systemd = {
       timers."restart-bridges" = {

modules/nixos/server/mpd.nix

@@ -31,9 +31,8 @@ in
     ];
 
     topology.self.services.${serviceName} = {
-      name = lib.toUpper serviceName;
       info = "http://localhost:${builtins.toString servicePort}";
-      icon = "${self}/files/topology-images/${serviceName}.png";
+      icon = lib.mkForce "${self}/files/topology-images/mpd.png";
     };
 
     environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM {
@@ -42,13 +41,14 @@ in
 
     services.${serviceName} = {
       enable = true;
-      musicDirectory = "/storage/Music";
+      openFirewall = true;
+      settings = {
+        music_directory = "/storage/Music";
+        bind_to_address = "any";
+        port = servicePort;
+      };
       user = serviceUser;
       group = serviceGroup;
-      network = {
-        port = servicePort;
-        listenAddress = "any";
-      };
       credentials = [
         {
           passwordFile = config.sops.secrets.mpd-pw.path;

modules/nixos/server/nfs.nix

@@ -19,22 +19,7 @@ in
     services = {
       # add a user with sudo smbpasswd -a <user>
       samba = {
-        # package = pkgs.samba4Full;
         package = pkgs.samba4;
-        # extraConfig = ''
-        #   workgroup = WORKGROUP
-        #   server role = standalone server
-        #   dns proxy = no
-
-        #   pam password change = yes
-        #   map to guest = bad user
-        #   create mask = 0664
-        #   force create mode = 0664
-        #   directory mask = 0775
-        #   force directory mode = 0775
-        #   follow symlinks = yes
-        # '';
-
         enable = true;
         openFirewall = true;
         settings.Eternor = {

modules/nixos/server/postgresql.nix

@@ -8,13 +8,6 @@ in
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselmodules.server.${serviceName} {
 
-    topology.self.services = {
-      ${serviceName} = {
-        name = lib.swarselsystems.toCapitalized serviceName;
-        icon = "${self}/files/topology-images/${serviceName}.png";
-      };
-    };
-
     services = {
       ${serviceName} = {
         enable = true;

modules/nixos/server/restic.nix

@@ -1,8 +1,7 @@
 { lib, pkgs, config, ... }:
 let
   inherit (config.swarselsystems) sopsFile;
-
+  inherit (config.swarselsystems.server.restic) targets;
-  targets = config.swarselsystems.server.restic.targets;
 in
 {
   options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server";

modules/nixos/server/slink.nix

@@ -1,4 +1,4 @@
-{ self, lib, config, dns, globals, confLib, ... }:
+{ lib, config, dns, globals, confLib, ... }:
 let
   inherit (confLib.gen { name = "slink"; port = 3000; dir = "/var/lib/slink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6;
   inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules;
@@ -57,7 +57,7 @@ in
     topology.self.services.${serviceName} = {
       name = lib.swarselsystems.toCapitalized serviceName;
       info = "https://${serviceDomain}";
-      icon = "${self}/files/topology-images/shlink.png";
+      icon = "services.not-available";
     };
 
     globals = {

nix/topology.nix

@@ -192,7 +192,8 @@
 
               ender3 = mkDevice "Ender 3" {
                 info = "SKR V1.3, TMC2209 (Dual), TFT35";
-                image = "${self}/files/topology-images/ender3.png";
+                deviceIcon = "${self}/files/topology-images/ender3.png";
+                icon = "${self}/files/topology-images/raspi.png";
                 interfaces.eth1 = { };
                 services = {
                   octoprint = {
@@ -233,11 +234,11 @@
                 services = {
                   ollama = {
                     name = "Ollama";
-                    icon = "${self}/files/topology-images/ollama.png";
+                    icon = "services.ollama";
                   };
                   openwebui = {
                     name = "Open WebUI";
-                    icon = "${self}/files/topology-images/openwebui.png";
+                    icon = "services.open-webui";
                   };
                   comfyui = {
                     name = "Comfy UI";