README.md

@@ -57,11 +57,13 @@ nix multi user, multi system, configuration with `sops` secret management, `home
 - auto turn off on power loss - nut
 - zfs email after scrubbing # TODO: test this
 - SMART test with email results
+- fix nfs
 - samba mounts
 - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs)
 - Create Tor guard/relay server
 - migrate away from flakes and move to npins
 - whisper
+- nix mcp
 - zfs encryption FIDO2 2fa (look into shavee)
 - Secure Boot - https://github.com/nix-community/lanzaboote
 - rotate sops encryption keys periodically (and somehow sync between devices?)

configurations/home-manager/eve/packages.nix

@@ -18,7 +18,9 @@ in {
     home.packages = lib.lists.optionals userConfig.isDesktopUser (
       with pkgs; [
         ungoogled-chromium
+        krita
         gnomeExtensions.dash-to-panel
+        (lib.mkIf hardware.piperMouse.enable piper)
       ]
     );
 
@@ -59,8 +61,6 @@ in {
         makemkv.enable = true;
         signal-desktop-bin.enable = true;
         steam.enable = true;
-        piper.enable = hardware.piperMouse.enable;
-        krita.enable = true;
       })
     ];
   };

configurations/home-manager/leyla/packages/default.nix

@@ -36,7 +36,6 @@ in {
           protonvpn-gui.enable = true;
           dbeaver-bin.enable = true;
           bruno.enable = true;
-          piper.enable = hardware.piperMouse.enable;
         })
         (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) {
           anki.enable = true;
@@ -49,7 +48,6 @@ in {
           vscode.enable = true;
           firefox.enable = true;
           steam.enable = true;
-          krita.enable = true;
         })
       ];
     }
@@ -78,6 +76,7 @@ in {
             libreoffice
             inkscape
             gimp
+            krita
             freecad
             # cura
             # kicad-small
@@ -106,6 +105,7 @@ in {
             noisetorch
 
             # hardware management tools
+            (lib.mkIf hardware.piperMouse.enable piper)
             (lib.mkIf hardware.openRGB.enable openrgb)
             (lib.mkIf hardware.viaKeyboard.enable via)
 

configurations/home-manager/leyla/packages/vscode/default.nix

@@ -50,7 +50,6 @@ in {
             tauriVscode.enable = true;
             vscodeEslint.enable = true;
             vscodeJest.enable = true;
-            vitest.enable = true;
             vscodeStandard.enable = true;
             vscodeStylelint.enable = true;
 
@@ -68,13 +67,7 @@ in {
             go.enable = true;
 
             # claude development
-            claudeDev = lib.mkIf ai-tooling-enabled {
+            claudeDev.enable = ai-tooling-enabled;
-              enable = true;
-              mcp = {
-                nixos.enable = true;
-                eslint.enable = true;
-              };
-            };
 
             # misc extensions
             evenBetterToml.enable = true;

configurations/nixos/defiant/configuration.nix

@@ -296,7 +296,7 @@
       extensions = {
         sonos.enable = true;
         jellyfin.enable = true;
-        wyoming.enable = false; # Temporarily disabled due to dependency conflict in wyoming-piper
+        wyoming.enable = true;
       };
     };
 

configurations/nixos/emergent/nvidia-drivers.nix

@@ -27,7 +27,7 @@
     # Enable this if you have graphical corruption issues or application crashes after waking
     # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
     # of just the bare essentials.
-    powerManagement.enable = true;
+    powerManagement.enable = false;
 
     # Fine-grained power management. Turns off GPU when not in use.
     # Experimental and only works on modern Nvidia GPUs (Turing or newer).

configurations/nixos/horizon/configuration.nix

@@ -135,9 +135,6 @@
     };
   };
 
-  # Enable network-online.target for better network dependency handling
-  systemd.services.NetworkManager-wait-online.enable = true;
-
   # Enable touchpad support (enabled default in most desktopManager).
   # services.xserver.libinput.enable = true;
 

configurations/nixos/horizon/default.nix

@@ -3,6 +3,5 @@
   imports = [
     ./configuration.nix
     ./hardware-configuration.nix
-    # ./network-mount.nix
   ];
 }

configurations/nixos/horizon/network-mount.nix

@@ -1,76 +0,0 @@
-{...}: {
-  boot.supportedFilesystems = ["nfs"];
-
-  fileSystems = {
-    "/mnt/leyla_documents" = {
-      device = "defiant:/exports/leyla_documents";
-      fsType = "nfs";
-      options = [
-        "x-systemd.automount"
-        "noauto"
-        "noatime"
-        "nofail"
-        "soft"
-        "intr" # Allow interruption of NFS calls
-        "timeo=30" # 3 second timeout (30 deciseconds)
-        "retrans=2" # Only 2 retries before giving up
-        "x-systemd.idle-timeout=300" # 5 minute idle timeout for mobile
-        "x-systemd.device-timeout=15" # 15 second device timeout
-        "bg" # Background mount - don't block boot
-        "fsc" # Enable caching
-        "_netdev" # Network device - wait for network
-        "x-systemd.requires=network-online.target" # Require network to be online
-        "x-systemd.after=network-online.target" # Start after network is online
-        "x-systemd.mount-timeout=30" # 30 second mount timeout
-      ];
-    };
-
-    "/mnt/users_documents" = {
-      device = "defiant:/exports/users_documents";
-      fsType = "nfs";
-      options = [
-        "x-systemd.automount"
-        "noauto"
-        "nofail"
-        "soft"
-        "intr"
-        "timeo=30"
-        "retrans=2"
-        "x-systemd.idle-timeout=300"
-        "x-systemd.device-timeout=15"
-        "bg"
-        "fsc"
-        "_netdev"
-        "x-systemd.requires=network-online.target"
-        "x-systemd.after=network-online.target"
-        "x-systemd.mount-timeout=30"
-      ];
-    };
-
-    "/mnt/media" = {
-      device = "defiant:/exports/media";
-      fsType = "nfs";
-      options = [
-        "x-systemd.automount"
-        "noauto"
-        "noatime"
-        "nofail"
-        "soft"
-        "intr"
-        "timeo=30"
-        "retrans=2"
-        "x-systemd.idle-timeout=300"
-        "x-systemd.device-timeout=15"
-        "bg"
-        # Mobile-optimized read settings
-        "rsize=8192" # Smaller read size for mobile
-        "wsize=8192" # Smaller write size for mobile
-        "fsc"
-        "_netdev"
-        "x-systemd.requires=network-online.target"
-        "x-systemd.after=network-online.target"
-        "x-systemd.mount-timeout=30"
-      ];
-    };
-  };
-}

configurations/nixos/twilight/configuration.nix

@@ -131,8 +131,58 @@
     syncthing.enable = true;
   };
 
-  # Enable network-online.target for better network dependency handling
+  boot.supportedFilesystems = ["nfs"];
-  systemd.services.NetworkManager-wait-online.enable = true;
+
+  fileSystems = {
+    "/mnt/leyla_documents" = {
+      device = "defiant:/exports/leyla_documents";
+      fsType = "nfs";
+      options = [
+        "x-systemd.automount"
+        "noauto"
+        "user"
+        "noatime"
+        "nofail"
+        "soft"
+        "x-systemd.idle-timeout=600"
+        "fsc"
+      ];
+    };
+
+    "/mnt/users_documents" = {
+      device = "defiant:/exports/users_documents";
+      fsType = "nfs";
+      options = [
+        "x-systemd.automount"
+        "noauto"
+        "user"
+        "nofail"
+        "soft"
+        "x-systemd.idle-timeout=600"
+        "fsc"
+      ];
+    };
+
+    "/mnt/media" = {
+      device = "defiant:/exports/media";
+      fsType = "nfs";
+      options = [
+        "x-systemd.automount"
+        "noauto"
+        "user"
+        "noatime"
+        "nofail"
+        "soft"
+        "x-systemd.idle-timeout=600"
+        "noatime"
+        "nodiratime"
+        "relatime"
+        "rsize=32768"
+        "wsize=32768"
+        "fsc"
+      ];
+    };
+  };
 
   environment.systemPackages = with pkgs; [
     cachefilesd

configurations/nixos/twilight/default.nix

@@ -4,6 +4,5 @@
     ./configuration.nix
     ./hardware-configuration.nix
     ./nvidia-drivers.nix
-    # ./network-mount.nix
   ];
 }

configurations/nixos/twilight/network-mount.nix

@@ -1,72 +0,0 @@
-{...}: {
-  boot.supportedFilesystems = ["nfs"];
-
-  fileSystems = {
-    "/mnt/leyla_documents" = {
-      device = "defiant:/exports/leyla_documents";
-      fsType = "nfs";
-      options = [
-        "x-systemd.automount"
-        "noauto"
-        "noatime"
-        "nofail"
-        "soft"
-        "intr" # Allow interruption of NFS calls
-        "timeo=50" # 5 second timeout (50 deciseconds) - longer than mobile
-        "retrans=3" # 3 retries for desktop
-        "x-systemd.idle-timeout=600" # 10 minute idle timeout for desktop
-        "x-systemd.device-timeout=30" # 30 second device timeout
-        "bg" # Background mount - don't block boot
-        "fsc" # Enable caching
-        "_netdev" # Network device - wait for network
-        "x-systemd.requires=network-online.target" # Require network to be online
-        "x-systemd.after=network-online.target" # Start after network is online
-      ];
-    };
-
-    "/mnt/users_documents" = {
-      device = "defiant:/exports/users_documents";
-      fsType = "nfs";
-      options = [
-        "x-systemd.automount"
-        "noauto"
-        "nofail"
-        "soft"
-        "intr"
-        "timeo=50"
-        "retrans=3"
-        "x-systemd.idle-timeout=600"
-        "bg"
-        "fsc"
-        "_netdev"
-        "x-systemd.requires=network-online.target"
-        "x-systemd.after=network-online.target"
-      ];
-    };
-
-    "/mnt/media" = {
-      device = "defiant:/exports/media";
-      fsType = "nfs";
-      options = [
-        "x-systemd.automount"
-        "noauto"
-        "noatime"
-        "nofail"
-        "soft"
-        "intr"
-        "timeo=50"
-        "retrans=3"
-        "x-systemd.idle-timeout=600"
-        "x-systemd.device-timeout=30"
-        "bg"
-        # Desktop-optimized read settings
-        "rsize=32768" # Larger read size for desktop
-        "wsize=32768" # Larger write size for desktop
-        "fsc"
-        "_netdev"
-        "x-systemd.requires=network-online.target"
-        "x-systemd.after=network-online.target"
-      ];
-    };
-  };
-}

configurations/nixos/twilight/nvidia-drivers.nix

@@ -21,7 +21,7 @@
       # Enable this if you have graphical corruption issues or application crashes after waking
       # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
       # of just the bare essentials.
-      powerManagement.enable = true;
+      powerManagement.enable = false;
 
       # Fine-grained power management. Turns off GPU when not in use.
       # Experimental and only works on modern Nvidia GPUs (Turing or newer).

flake.lock

@@ -1,23 +1,5 @@
 {
   "nodes": {
-    "devshell": {
-      "inputs": {
-        "nixpkgs": "nixpkgs"
-      },
-      "locked": {
-        "lastModified": 1741473158,
-        "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
-        "owner": "numtide",
-        "repo": "devshell",
-        "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "devshell",
-        "type": "github"
-      }
-    },
     "disko": {
       "inputs": {
         "nixpkgs": [
@@ -25,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756733629,
+        "lastModified": 1755519972,
-        "narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=",
+        "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1",
+        "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d",
         "type": "github"
       },
       "original": {
@@ -46,11 +28,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1756699417,
+        "lastModified": 1755921820,
-        "narHash": "sha256-rpRy5ae5ijEGaK+Cr66NqCQJ6ZeUE5Zi8gUWgKhesto=",
+        "narHash": "sha256-xTRXoaGtuIi4VvJNGuHC8DPHnEIJUqVtt7kqU8MdXes=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "007b803d1eff595d25e7886e83054dbd038bf029",
+        "rev": "c43149f02063de9b0d75c2b45f54631bd82667b2",
         "type": "gitlab"
       },
       "original": {
@@ -93,24 +75,6 @@
         "type": "github"
       }
     },
-    "flake-utils_2": {
-      "inputs": {
-        "systems": "systems_2"
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -118,11 +82,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756734952,
+        "lastModified": 1755914636,
-        "narHash": "sha256-H6jmduj4QIncLPAPODPSG/8ry9lpr1kRq6fYytU52qU=",
+        "narHash": "sha256-VJ+Gm6YsHlPfUCpmRQxvdiZW7H3YPSrdVOewQHAhZN8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "29ab63bbb3d9eee4a491f7ce701b189becd34068",
+        "rev": "8b55a6ac58b678199e5bba701aaff69e2b3281c0",
         "type": "github"
       },
       "original": {
@@ -146,28 +110,6 @@
         "type": "github"
       }
     },
-    "mcp-nixos": {
-      "inputs": {
-        "devshell": "devshell",
-        "flake-utils": "flake-utils",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1755372538,
-        "narHash": "sha256-iWhsf1Myk6RyQ7IuNf4bWI3Sqq9pgmhKvEisCXtkxyw=",
-        "owner": "utensils",
-        "repo": "mcp-nixos",
-        "rev": "46b4d4d3d6421bfbadc415532ef74433871e1cda",
-        "type": "github"
-      },
-      "original": {
-        "owner": "utensils",
-        "repo": "mcp-nixos",
-        "type": "github"
-      }
-    },
     "nix-darwin": {
       "inputs": {
         "nixpkgs": [
@@ -211,17 +153,17 @@
     },
     "nix-vscode-extensions": {
       "inputs": {
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils",
         "nixpkgs": [
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1756692643,
+        "lastModified": 1755914146,
-        "narHash": "sha256-SVos3AYuLvF6bD8Y0b6EiLABoEaiAOa4M/fTCBe0FV8=",
+        "narHash": "sha256-ew98ilw4NTodKlILnr3ndsT0Aj9JhqC507JB3efa0pY=",
         "owner": "nix-community",
         "repo": "nix-vscode-extensions",
-        "rev": "2f1d16db96f1ce8ee3c893ea9dc49c0035846988",
+        "rev": "ff42a421ff1d415caa0125e6af6f3bd82e642838",
         "type": "github"
       },
       "original": {
@@ -232,11 +174,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1756245047,
+        "lastModified": 1755330281,
-        "narHash": "sha256-9bHzrVbjAudbO8q4vYFBWlEkDam31fsz0J7GB8k4AsI=",
+        "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "a65b650d6981e23edd1afa1f01eb942f19cdcbb7",
+        "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0",
         "type": "github"
       },
       "original": {
@@ -248,27 +190,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1722073938,
+        "lastModified": 1755615617,
-        "narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=",
+        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "e36e9f57337d0ff0cf77aceb58af4c805472bfae",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1756542300,
-        "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa",
+        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
         "type": "github"
       },
       "original": {
@@ -285,12 +211,11 @@
         "flake-compat": "flake-compat",
         "home-manager": "home-manager",
         "impermanence": "impermanence",
-        "mcp-nixos": "mcp-nixos",
         "nix-darwin": "nix-darwin",
         "nix-syncthing": "nix-syncthing",
         "nix-vscode-extensions": "nix-vscode-extensions",
         "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
         "secrets": "secrets",
         "sops-nix": "sops-nix",
         "steam-fetcher": "steam-fetcher"
@@ -366,21 +291,6 @@
         "repo": "default",
         "type": "github"
       }
-    },
-    "systems_2": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
     }
   },
   "root": "root",

flake.nix

@@ -76,12 +76,6 @@
       url = "github:nix-community/steam-fetcher";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-
-    # MCP NixOS server for Claude Dev
-    mcp-nixos = {
-      url = "github:utensils/mcp-nixos";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
   };
 
   outputs = {
@@ -163,8 +157,6 @@
           disko
           # for viewing dconf entries
           dconf-editor
-          # for MCP NixOS server support in development
-          inputs.mcp-nixos.packages.${system}.default
         ];
 
         SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix;

modules/home-manager-modules/openssh.nix

@@ -45,13 +45,8 @@
           services.ssh-agent.enable = true;
           programs.ssh = {
             enable = true;
-            enableDefaultConfig = false;
-            matchBlocks = {
-              "*" = {
             compression = true;
             addKeysToAgent = "confirm";
-              };
-            };
             extraConfig = lib.strings.concatLines (
               builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys
             );

modules/home-manager-modules/programs/default.nix

@@ -6,13 +6,11 @@
     ./makemkv.nix
     ./obs.nix
     ./anki.nix
-    ./piper.nix
     ./qbittorrent.nix
     ./discord.nix
     ./obsidian.nix
     ./prostudiomasters.nix
     ./idea.nix
-    ./krita.nix
     ./protonvpn.nix
     ./calibre.nix
     ./bruno.nix

modules/home-manager-modules/programs/krita.nix

@@ -1,30 +0,0 @@
-{
-  lib,
-  pkgs,
-  config,
-  osConfig,
-  ...
-}: {
-  options.programs.krita = {
-    enable = lib.mkEnableOption "enable krita";
-  };
-
-  config = lib.mkIf config.programs.krita.enable (lib.mkMerge [
-    {
-      home.packages = with pkgs; [
-        krita
-      ];
-    }
-    (
-      lib.mkIf osConfig.host.impermanence.enable {
-        home.persistence."/persist${config.home.homeDirectory}" = {
-          directories = [
-            "${config.xdg.configHome}/kritarc"
-            "${config.xdg.dataHome}/krita"
-          ];
-          allowOther = true;
-        };
-      }
-    )
-  ]);
-}

modules/home-manager-modules/programs/piper.nix

@@ -1,17 +0,0 @@
-{
-  lib,
-  pkgs,
-  config,
-  osConfig,
-  ...
-}: {
-  options.programs.piper = {
-    enable = lib.mkEnableOption "enable piper";
-  };
-
-  config = lib.mkIf config.programs.piper.enable {
-    home.packages = with pkgs; [
-      piper
-    ];
-  };
-}

modules/home-manager-modules/programs/vscode/claudeDev.nix

@@ -2,29 +2,10 @@
   lib,
   pkgs,
   config,
-  inputs,
   ...
 }: let
   pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version;
   pkgsRepository = pkgsRepositories.open-vsx;
-
-  mcp-nixos = inputs.mcp-nixos.packages.${pkgs.stdenv.hostPlatform.system}.default;
-
-  mcp-eslint = pkgs.writeShellScriptBin "mcp-eslint" ''
-    ${pkgs.nodejs}/bin/npx --yes @modelcontextprotocol/server-eslint "$@"
-  '';
-
-  anyProfileHasMcpNixos = lib.any (
-    profile:
-      profile.extraExtensions.claudeDev.enable
-      && profile.extraExtensions.claudeDev.mcp.nixos.enable
-  ) (lib.attrValues config.programs.vscode.profiles);
-
-  anyProfileHasMcpEslint = lib.any (
-    profile:
-      profile.extraExtensions.claudeDev.enable
-      && profile.extraExtensions.claudeDev.mcp.eslint.enable
-  ) (lib.attrValues config.programs.vscode.profiles);
 in {
   options.programs.vscode.profiles = lib.mkOption {
     type = lib.types.attrsOf (lib.types.submodule ({config, ...}: {
@@ -34,15 +15,6 @@ in {
           extension = lib.mkPackageOption pkgsRepository "claude-dev" {
             default = ["saoudrizwan" "claude-dev"];
           };
-
-          mcp = {
-            nixos = {
-              enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev";
-            };
-            eslint = {
-              enable = lib.mkEnableOption "enable ESLint MCP server for Claude Dev";
-            };
-          };
         };
       };
       config = lib.mkIf config.extraExtensions.claudeDev.enable {
@@ -52,38 +24,4 @@ in {
       };
     }));
   };
-
-  config = lib.mkMerge [
-    (lib.mkIf anyProfileHasMcpNixos {
-      home.packages = [
-        mcp-nixos
-      ];
-    })
-
-    (lib.mkIf anyProfileHasMcpEslint {
-      home.packages = [
-        mcp-eslint
-        pkgs.eslint
-      ];
-    })
-
-    (lib.mkIf (anyProfileHasMcpNixos || anyProfileHasMcpEslint) {
-      home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = {
-        text = builtins.toJSON {
-          mcpServers =
-            (lib.optionalAttrs anyProfileHasMcpNixos {
-              nixos = {
-                command = "${mcp-nixos}/bin/mcp-nixos";
-              };
-            })
-            // (lib.optionalAttrs anyProfileHasMcpEslint {
-              eslint = {
-                command = "${mcp-eslint}/bin/mcp-eslint";
-              };
-            });
-        };
-        force = true;
-      };
-    })
-  ];
 }

modules/home-manager-modules/programs/vscode/default.nix

@@ -20,6 +20,5 @@
     ./vscodeMdx.nix
     ./claudeDev.nix
     ./nearley.nix
-    ./vitest.nix
   ];
 }

modules/home-manager-modules/programs/vscode/vitest.nix

@@ -1,27 +0,0 @@
-{
-  lib,
-  pkgs,
-  config,
-  ...
-}: let
-  pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version;
-  pkgsRepository = pkgsRepositories.open-vsx;
-in {
-  options.programs.vscode.profiles = lib.mkOption {
-    type = lib.types.attrsOf (lib.types.submodule ({config, ...}: {
-      options = {
-        extraExtensions.vitest = {
-          enable = lib.mkEnableOption "should the vitest extension for vscode be enabled";
-          extension = lib.mkPackageOption pkgsRepository "vitest" {
-            default = ["vitest" "explorer"];
-          };
-        };
-      };
-      config = lib.mkIf config.extraExtensions.vitest.enable {
-        extensions = [
-          config.extraExtensions.vitest.extension
-        ];
-      };
-    }));
-  };
-}

modules/nixos-modules/server/forgejo.nix

@@ -19,12 +19,6 @@ in {
 
   config = lib.mkIf config.services.forgejo.enable (lib.mkMerge [
     {
-      assertions = [
-        {
-          assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name;
-          message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name";
-        }
-      ];
       host = {
         reverse_proxy.subdomains.${config.services.forgejo.subdomain} = {
           target = "http://localhost:${toString forgejoPort}";
@@ -58,7 +52,7 @@ in {
             START_SSH_SERVER = true;
             SSH_LISTEN_PORT = sshPort;
             SSH_PORT = 22;
-            BUILTIN_SSH_SERVER_USER = "git";
+            BUILTIN_SSH_SERVER_USER = config.users.users.git.name;
             ROOT_URL = "https://git.jan-leila.com";
           };
           service = {

modules/nixos-modules/server/network_storage/default.nix

@@ -15,7 +15,7 @@ in {
       export_directory = lib.mkOption {
         type = lib.types.path;
         description = "what are exports going to be stored in";
-        default = "/exports";
+        default = "/export";
       };
       directories = lib.mkOption {
         type = lib.types.listOf (lib.types.submodule ({config, ...}: {

modules/nixos-modules/server/network_storage/nfs.nix

@@ -61,6 +61,8 @@
                       # loopback
                       "127.0.0.1"
                       "::1"
+                      # local network
+                      # "192.168.0.0/24"
                       # tailscale
                       "100.64.0.0/10"
                       "fd7a:115c:a1e0::/48"
@@ -82,7 +84,7 @@
             );
           };
         };
-        networking.firewall = let
+        networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let
           ports = [
             111
             config.host.network_storage.nfs.port
@@ -92,12 +94,6 @@
             20048
           ];
         in {
-          # Allow NFS on Tailscale interface
-          interfaces.${config.services.tailscale.interfaceName} = {
-            allowedTCPPorts = ports;
-            allowedUDPPorts = ports;
-          };
-          # Allow NFS on local network (assuming default interface)
           allowedTCPPorts = ports;
           allowedUDPPorts = ports;
         };