feat: added storj to README.md

feat: updated flake.lock
chore: removed incorrect task
2025-10-30 22:28:02 -05:00 · 2025-10-30 17:43:52 -05:00 · 2025-10-27 11:02:42 -05:00 · 2025-10-27 03:55:09 -05:00 · 2025-10-27 02:52:56 -05:00 · 2025-10-27 02:34:53 -05:00
256 changed files with 11117 additions and 2727 deletions
--- a/.hooks/post-commit
+++ b/.hooks/post-commit
@ -3,4 +3,12 @@
 echo "restoring stashed changes"
-git stash pop -q
+# Find the most recent pre-commit stash and restore it
 recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1)
 if [ -n "$recent_stash" ]; then
    echo "Found recent pre-commit stash: $recent_stash"
    git stash pop -q "$recent_stash"
 else
    echo "No pre-commit stash found to restore"
 fi
--- a/.hooks/post-merge
+++ b/.hooks/post-merge
@ -0,0 +1,32 @@
 #!/usr/bin/env nix-shell
 #! nix-shell -i bash ../shell.nix
 # Get current branch name
 current_branch=$(git branch --show-current)
 # Only perform actions if we're on main branch and a merge just completed
 if [ "$current_branch" = "main" ]; then
    echo "Post-merge on main branch - running nix flake check"
    # Run nix flake check after merge into main
    nix flake check
    if [ ! $? -eq 0 ]; then
        echo "Warning: nix flake check failed after merge into main"
        echo "Please fix the issues as soon as possible"
    else
        echo "nix flake check passed after merge"
    fi
    # Check if there are any pre-commit stashes to restore
    recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1)
    if [ -n "$recent_stash" ]; then
        echo "Post-merge: restoring pre-commit stash on main branch"
        git stash pop -q "$recent_stash"
    else
        echo "Post-merge: no pre-commit stash to restore on main branch"
    fi
 else
    echo "Post-merge: no action needed on branch '$current_branch'"
 fi
--- a/.hooks/pre-commit
+++ b/.hooks/pre-commit
@ -1,14 +1,24 @@
 #!/usr/bin/env nix-shell
 #! nix-shell -i bash ../shell.nix
-echo "stashing all uncommitted changes"
+# Get current branch name
-git stash -q --keep-index
+current_branch=$(git branch --show-current)
-echo "checking flakes all compile"
+echo "stashing all uncommitted changes with named stash (excluding hooks)"
-nix flake check
+git stash push -q --keep-index -m "pre-commit-stash-$(date +%s)" -- ':!.hooks/'
-if [ ! $? -eq 0 ]; then
+# Only run nix flake check if we're on main branch
-    exit 1
+if [ "$current_branch" = "main" ]; then
    echo "On main branch - checking flakes all compile"
    nix flake check
    if [ ! $? -eq 0 ]; then
        echo "Error: nix flake check failed on main branch"
        exit 1
    fi
    echo "nix flake check passed"
 else
    echo "Not on main branch - skipping nix flake check"
 fi
 echo "running linter"
--- a/.hooks/pre-merge-commit
+++ b/.hooks/pre-merge-commit
@ -0,0 +1,37 @@
 #!/usr/bin/env nix-shell
 #! nix-shell -i bash ../shell.nix
 # Get the target branch (the branch being merged into)
 target_branch=""
 # Check if we're in the middle of a merge
 if [ -f .git/MERGE_HEAD ]; then
    # We're in a merge, check if the current branch is main
    current_branch=$(git branch --show-current)
    if [ "$current_branch" = "main" ]; then
        target_branch="main"
    fi
 fi
 # If we're merging into main, run nix flake check
 if [ "$target_branch" = "main" ]; then
    echo "Merging into main branch - running nix flake check..."
    echo "stashing all uncommitted changes with named stash (excluding hooks)"
    git stash push -q --keep-index -m "pre-merge-stash-$(date +%s)" -- ':!.hooks/'
    echo "checking flakes all compile"
    nix flake check
    if [ ! $? -eq 0 ]; then
        echo "Error: nix flake check failed. Merge aborted."
        echo "Please fix the issues and try merging again."
        exit 1
    fi
    echo "nix flake check passed. Merge can proceed."
 else
    echo "Not merging into main branch, skipping nix flake check."
 fi
 exit 0
--- a/.sops.yaml
+++ b/.sops.yaml
@ -13,3 +13,7 @@ creation_rules:
    key_groups:
      - age:
        - *leyla
  - path_regex: secrets/application-keys.yaml$
    key_groups:
      - age:
        - *leyla
--- a/README.md
+++ b/README.md
@ -7,19 +7,19 @@ nix multi user, multi system, configuration with `sops` secret management, `home
 # Hosts
 ## Host Map
-|   Hostname  |      Device Description    |   Primary User   |    Role   |
+|   Hostname  |      Device Description    |   Primary User   |    Role   | Provisioned | Using Nix |
-| :---------: | :------------------------: | :--------------: | :-------: |
+| :---------: | :------------------------: | :--------------: | :-------: | :---------: | :-------: |
-|  `twilight` |      Desktop Computer      |      Leyla       |  Desktop  |
+|  `twilight` |      Desktop Computer      |      Leyla       |  Desktop  |     ✅      |    ✅     |
-|  `horizon`  |  13 inch Framework Laptop  |      Leyla       |  Laptop   |
+|  `horizon`  |  13 inch Framework Laptop  |      Leyla       |  Laptop   |     ✅      |    ✅     |
-|  `defiant`  |         NAS Server         |      Leyla       |   Server  |
+|  `defiant`  |         NAS Server         |      Leyla       |   Server  |     ✅      |    ✅     |
-| `hesperium` |             Mac            |      ?????       |    ???    |
+| `hesperium` |             Mac            |      ?????       |    Mac    |     ❌      |    ❌     |
-|  `emergent` |      Desktop Computer      |       Eve        |  Desktop  |
+|  `emergent` |      Desktop Computer      |       Eve        |  Desktop  |     ✅      |    ✅     |
-| `threshold` |           Laptop           |       Eve        |  Laptop   |
+| `threshold` |           Laptop           |       Eve        |  Laptop   |     ❌      |    ❌     |
-|  `wolfram`  |         Steam Deck         |      House       |  Handheld |
+|  `wolfram`  |          Steam Deck        |      House       |  Handheld |     ✅      |    ❌     |
-|   `ceder`   | A5 Tablet (not using nix)  |      Leyla       |   Tablet  |
+|   `ceder`   |          A5 Tablet         |      Leyla       |   Tablet  |     ✅      |    ❌     |
-|   `skate`   | A6 Tablet (not using nix)  |      Leyla       |   Tablet  |
+|   `skate`   |          A6 Tablet         |      Leyla       |   Tablet  |     ❌      |    ❌     |
-|   `shale`   | A6 Tablet (not using nix)  |       Eve        |   Tablet  |
+|   `shale`   |          A6 Tablet         |       Eve        |   Tablet  |     ✅      |    ❌     |
-|   `coven`   |  Pixel 8 (not using nix)   |      Leyla       |  Android  |
+|   `coven`   |           Pixel 8          |      Leyla       |  Android  |     ✅      |    ❌     |
 # Tooling
 ## Rebuilding
@ -41,30 +41,68 @@ nix multi user, multi system, configuration with `sops` secret management, `home
 ## Research topics
 - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/`
- Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init
+- Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/
 - https://nixos-and-flakes.thiscute.world/
 - proton mail now has an smtp server we could use that for our zfs and SMART test emails
 # Tasks:
 ## Chores:
 - [ ] test out crab hole service
 ## Tech Debt
- monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/)
+- [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/)
- syncthing folder passwords
+- [ ] migrate away from flakes and move to npins
- nfs export should be backed by the same values for server and client
+
-## New Features
+## Broken things
- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs)
+- [ ] figure out steam vr things?
- samba mounts
+- [ ] whisper was having issues
- figure out steam vr things?
+
- Open GL?
+## Data Integrity
- rotate sops encryption keys periodically (and somehow sync between devices?)
+- [ ] zfs email after scrubbing # TODO: test this
- zfs email after scrubbing # TODO: test this
+- [ ] SMART test with email results
- wake on LAN for updates
+- [ ] zfs encryption FIDO2 2fa (look into shavee)
- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix
+- [ ] rotate sops encryption keys periodically (and somehow sync between devices?)
- zfs encryption FIDO2 2fa (look into shavee)
+- [ ] Secure Boot - https://github.com/nix-community/lanzaboote
- Secure Boot - https://github.com/nix-community/lanzaboote
+- [ ] auto turn off on power loss - nut
- SMART test with email results
+- [ ] secondary server with data sync. Maybe a Pi with a usb hdd enclosure and use rtcwake to only turn on once a week to sync data over tailscale with connection initiated from pi's side. We could probably put this at LZ. Hoping for it to draw only like $1 of power a month. Initial sync should probably be done here before we move it over because that will take a while. Data should be encrypted so that devices doesn't have access to it. Project will prob cost like $1800
- Create Tor guard/relay server
+
- remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html
+## Data Access
- migrate away from flakes and move to npins
+- [ ] nfs export should be backed by the same values for server and client
- fix nfs
+- [ ] samba mounts
- fix home assistant
+- [ ] offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs)
- create adguard server
+- [ ] figure out why syncthing and jellyfins permissions don't propagate downwards
 - [ ] make radarr, sonarr, and bazarr accessible over vpn
 - [ ] move searx, home-assistant, actual, vikunja, jellyfin, paperless, and immich to only be accessible via vpn
 ## Services
 - [ ] vikunja service for project management
 - [ ] Penpot services (need to make this custom)
 - [ ] minecraft server with old world file
 - [ ] Create Tor guard/relay server
 - [ ] mastodon instance
 - [ ] screeps server
 - [ ] storj server
 ## DevOps
 - [ ] wake on LAN for updates
 - [ ] remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html
 - [ ] ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix
 - [ ] fix panoramax package
 - [ ] claude code MCP servers should bundle node with them so they work in all environments
 ## Observability
 - [ ] graphana for dashboards
 - [ ] prometheus and loki for metric and log collection
 	- [ ] zfs storage usage
 	- [ ] zfs drive health status
 	- [ ] service version lag
 	- [ ] network/cpu/ram utilization
 	- [ ] http latency
 	- [ ] postgres db load
 	- [ ] nginx queries
 - [ ] ntfy.sh for push notifications
 - [ ] kuma for uptime visualization
 ## Packages
 - [ ] Custom private fork of MultiMC
--- a/configurations/home-manager/default.nix
+++ b/configurations/home-manager/default.nix
@ -8,5 +8,6 @@
 in {
  leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla);
  eve = lib.mkIf users.eve.isNormalUser (import ./eve);
  ivy = lib.mkIf users.ivy.isNormalUser (import ./ivy);
  git = lib.mkIf (osConfig.services.forgejo.enable or false) (import ./git);
 }
--- a/configurations/home-manager/eve/default.nix
+++ b/configurations/home-manager/eve/default.nix
@ -1,15 +1,10 @@
-{
+{osConfig, ...}: let
  pkgs,
  lib,
  config,
  osConfig,
  ...
 }: let
  userConfig = osConfig.host.users.eve;
 in {
-  nixpkgs.config = {
+  imports = [
-    allowUnfree = true;
+    ./packages.nix
-  };
+    ./gnomeconf.nix
  ];
  home = {
    username = userConfig.name;
@ -57,37 +52,5 @@ in {
    sessionVariables = {
      # EDITOR = "emacs";
    };
    packages = lib.lists.optionals userConfig.isDesktopUser (
      with pkgs; [
        firefox
        bitwarden
        discord
        makemkv
        signal-desktop-bin
        ungoogled-chromium
      ]
    );
  };
  programs = {
    # Let Home Manager install and manage itself.
    home-manager.enable = true;
    git = {
      enable = true;
      userName = "Eve Halfmann";
      userEmail = "evesnrobins@gmail.com";
      extraConfig.init.defaultBranch = "main";
    };
    openssh = {
      hostKeys = [
        {
          type = "ed25519";
          path = "${config.home.username}_${osConfig.networking.hostName}_ed25519";
        }
      ];
    };
  };
 }
--- a/configurations/home-manager/eve/gnomeconf.nix
+++ b/configurations/home-manager/eve/gnomeconf.nix
@ -0,0 +1,39 @@
 {
  osConfig,
  lib,
  ...
 }: {
  config = {
    gnome = lib.mkMerge [
      {
        colorScheme = "prefer-dark";
        accentColor = "slate";
        clockFormat = "24h";
        nightLight = {
          enable = true;
          automatic = false;
          fromTime = 12.0;
          toTime = 11.999999999999;
          temperature = 2700;
        };
        extraWindowControls = true;
        extensions = {
          dash-to-panel = {
            enable = true;
          };
        };
      }
      (lib.mkIf (osConfig.networking.hostName == "horizon") {
        displayScaling = 125;
        experimentalFeatures = {
          scaleMonitorFramebuffer = true;
        };
      })
    ];
    dconf = {
      enable = true;
    };
  };
 }
--- a/configurations/home-manager/eve/packages.nix
+++ b/configurations/home-manager/eve/packages.nix
@ -0,0 +1,86 @@
 {
  lib,
  pkgs,
  config,
  osConfig,
  ...
 }: let
  userConfig = osConfig.host.users.eve;
  hardware = osConfig.host.hardware;
 in {
  config = {
    nixpkgs.config = {
      allowUnfree = true;
    };
    # Packages that can be installed without any extra configuration
    # See https://search.nixos.org/packages for all options
    home.packages = lib.lists.optionals userConfig.isDesktopUser (
      with pkgs; [
        gnomeExtensions.dash-to-panel
        claude-code
      ]
    );
    # Packages that need to be installed with some extra configuration
    # See https://home-manager-options.extranix.com/ for all options
    programs = lib.mkMerge [
      {
        # Let Home Manager install and manage itself.
        home-manager.enable = true;
      }
      (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) {
        git = {
          enable = true;
          settings = {
            user.name = "Eve";
            user.email = "evesnrobins@gmail.com";
            init.defaultBranch = "main";
          };
        };
        openssh = {
          enable = true;
          hostKeys = [
            {
              type = "ed25519";
              path = "${config.home.username}_${osConfig.networking.hostName}_ed25519";
            }
          ];
        };
      })
      (lib.mkIf config.user.isDesktopUser {
        vscode = {
          enable = true;
          package = pkgs.vscodium;
        };
        firefox.enable = true;
        bitwarden.enable = true;
        discord.enable = true;
        makemkv.enable = true;
        signal-desktop-bin.enable = true;
        steam.enable = true;
        piper.enable = hardware.piperMouse.enable;
        krita.enable = true;
        ungoogled-chromium.enable = true;
        inkscape.enable = true;
        obsidian.enable = true;
        obs-studio.enable = true;
        kdenlive.enable = true;
        tor-browser.enable = true;
        olympus.enable = true;
        libreoffice.enable = true;
        claude-code.enable = osConfig.host.ai.enable;
        # Windows applications that we need to figure out how to install
        guild-wars-2.enable = false;
        vortex.enable = false;
        dungeon-draft.enable = false;
        vmware-workstation.enable = true;
      })
    ];
  };
 }
--- a/configurations/home-manager/git/default.nix
+++ b/configurations/home-manager/git/default.nix
@ -1,4 +1,6 @@
 {osConfig, ...}: {
  impermanence.fallbackPersistence.enable = false;
  home = {
    username = osConfig.users.users.git.name;
    homeDirectory = osConfig.users.users.git.home;
--- a/configurations/home-manager/ivy/default.nix
+++ b/configurations/home-manager/ivy/default.nix
@ -0,0 +1,55 @@
 {osConfig, ...}: let
  userConfig = osConfig.host.users.ivy;
 in {
  imports = [
    ./packages.nix
  ];
  home = {
    username = userConfig.name;
    homeDirectory = osConfig.users.users.ivy.home;
    # This value determines the Home Manager release that your configuration is
    # compatible with. This helps avoid breakage when a new Home Manager release
    # introduces backwards incompatible changes.
    #
    # You should not change this value, even if you update Home Manager. If you do
    # want to update the value, then make sure to first check the Home Manager
    # release notes.
    stateVersion = "23.11"; # Please read the comment before changing.
    # Home Manager is pretty good at managing dotfiles. The primary way to manage
    # plain files is through 'home.file'.
    file = {
      # # Building this configuration will create a copy of 'dotfiles/screenrc' in
      # # the Nix store. Activating the configuration will then make '~/.screenrc' a
      # # symlink to the Nix store copy.
      # ".screenrc".source = dotfiles/screenrc;
      # # You can also set the file content immediately.
      # ".gradle/gradle.properties".text = ''
      #   org.gradle.console=verbose
      #   org.gradle.daemon.idletimeout=3600000
      # '';
    };
    # Home Manager can also manage your environment variables through
    # 'home.sessionVariables'. If you don't want to manage your shell through Home
    # Manager then you have to manually source 'hm-session-vars.sh' located at
    # either
    #
    #  ~/.nix-profile/etc/profile.d/hm-session-vars.sh
    #
    # or
    #
    #  ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
    #
    # or
    #
    #  /etc/profiles/per-user/ivy/etc/profile.d/hm-session-vars.sh
    #
    sessionVariables = {
      # EDITOR = "emacs";
    };
  };
 }
--- a/configurations/home-manager/ivy/packages.nix
+++ b/configurations/home-manager/ivy/packages.nix
@ -0,0 +1,73 @@
 {
  lib,
  pkgs,
  config,
  osConfig,
  ...
 }: {
  config = {
    nixpkgs.config = {
      allowUnfree = true;
    };
    # Programs that need to be installed with some extra configuration
    programs = lib.mkMerge [
      {
        # Let Home Manager install and manage itself.
        home-manager.enable = true;
      }
      (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) {
        # git = {
        #   enable = true;
        #   userName = "Ivy";
        #   userEmail = "ivy@example.com"; # Update this with actual email
        #   extraConfig.init.defaultBranch = "main";
        # };
        openssh = {
          enable = true;
          hostKeys = [
            {
              type = "ed25519";
              path = "${config.home.username}_${osConfig.networking.hostName}_ed25519";
            }
          ];
        };
      })
      (lib.mkIf config.user.isDesktopUser {
        vscode = {
          enable = true;
          package = pkgs.vscodium;
          mutableExtensionsDir = false;
          profiles.default = {
            enableUpdateCheck = false;
            enableExtensionUpdateCheck = false;
            extraExtensions = {
              # Cline extension (Claude AI assistant)
              claudeDev.enable = true;
              # Auto Rename Tag
              autoRenameTag.enable = true;
              # Live Server
              liveServer.enable = true;
            };
            extensions = let
              extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version;
            in (
              with extension-pkgs.open-vsx; [
                streetsidesoftware.code-spell-checker
              ]
            );
          };
        };
        firefox.enable = true;
        discord.enable = true;
        signal-desktop-bin.enable = true;
        claude-code.enable = true;
      })
    ];
  };
 }
--- a/configurations/home-manager/leyla/dconf.nix
+++ b/configurations/home-manager/leyla/dconf.nix
@ -1,46 +1,43 @@
-{pkgs, ...}: {
+{...}: {
  config = {
    gnome = {
      extraWindowControls = true;
      colorScheme = "prefer-dark";
      clockFormat = "24h";
      nightLight = {
        enable = true;
        automatic = false;
        fromTime = 12.0;
        toTime = 11.999999999999;
        temperature = 2700;
      };
      extensions = {
        dash-to-dock = {
          enable = true;
          options = {
            "dock-position" = "LEFT";
            "intellihide-mode" = "ALL_WINDOWS";
            "show-trash" = false;
            "require-pressure-to-show" = false;
            "show-mounts" = false;
          };
        };
      };
      hotkeys = {
        "Open Terminal" = {
          binding = "<Super>t";
          command = "kgx";
        };
        "Open Firefox" = {
          binding = "<Super>f";
          command = "firefox";
        };
      };
    };
    dconf = {
      enable = true;
      settings = {
        "org/gnome/desktop/interface".color-scheme = "prefer-dark";
        "org/gnome/desktop/wm/preferences".button-layout = ":minimize,maximize,close";
        "org/gnome/shell" = {
          disable-user-extensions = false; # enables user extensions
          enabled-extensions = [
            # Put UUIDs of extensions that you want to enable here.
            # If the extension you want to enable is packaged in nixpkgs,
            # you can easily get its UUID by accessing its extensionUuid
            # field (look at the following example).
            pkgs.gnomeExtensions.dash-to-dock.extensionUuid
            # Alternatively, you can manually pass UUID as a string.
            # "dash-to-dock@micxgx.gmail.com"
          ];
        };
        "org/gnome/shell/extensions/dash-to-dock" = {
          "dock-position" = "LEFT";
          "intellihide-mode" = "ALL_WINDOWS";
          "show-trash" = false;
          "require-pressure-to-show" = false;
          "show-mounts" = false;
        };
        "org/gnome/settings-daemon/plugins/media-keys" = {
          custom-keybindings = [
            "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
          ];
        };
        "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
          binding = "<Super>t";
          command = "kgx";
          name = "Open Terminal";
        };
        "org/gnome/shell" = {
          favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"];
          # app-picker-layout =
--- a/configurations/home-manager/leyla/default.nix
+++ b/configurations/home-manager/leyla/default.nix
@ -1,16 +1,19 @@
 {
-  osConfig,
+  pkgs,
  config,
  osConfig,
  ...
 }: {
  imports = [
    ./packages
    ./i18n.nix
    ./packages.nix
    ./impermanence.nix
    ./dconf.nix
  ];
  config = {
    impermanence.enable = osConfig.host.impermanence.enable;
    # Home Manager needs a bit of information about you and the paths it should
    # manage.
    home = {
@ -39,7 +42,7 @@
        #   org.gradle.console=verbose
        #   org.gradle.daemon.idletimeout=3600000
        # '';
-        ".config/user-dirs.dirs" = {
+        "${config.xdg.configHome}/user-dirs.dirs" = {
          force = true;
          text = ''
            # This file is written by xdg-user-dirs-update
@ -83,69 +86,10 @@
      };
    };
-    user = {
+    # TODO: move this into a fonts module
-      continue = {
+    home.packages = with pkgs; [
-        enable = true;
+      aileron
-        docs = {
+    ];
-          "Continue Docs" = {
+    fonts.fontconfig.enable = true;
            startUrl = "https://docs.continue.dev";
          };
          "Nixpkgs" = {
            startUrl = "https://ryantm.github.io/nixpkgs/#preface";
          };
          "Nix Manual" = {
            startUrl = "https://nixos.org/manual/nixos/stable/";
          };
          "Home manager Manual" = {
            startUrl = "https://nix-community.github.io/home-manager/";
          };
          "Nix Docs" = {
            startUrl = "https://nix.dev/index.html";
          };
          "Linux Man Page" = {
            startUrl = "https://linux.die.net/man/";
          };
        };
      };
    };
    programs = {
      # Let Home Manager install and manage itself.
      home-manager.enable = true;
      # set up git defaults
      git = {
        enable = true;
        userName = "Leyla Becker";
        userEmail = "git@jan-leila.com";
        extraConfig.init.defaultBranch = "main";
      };
      # add direnv to auto load flakes for development
      direnv = {
        enable = true;
        enableBashIntegration = true;
        nix-direnv.enable = true;
        config = {
          global.hide_env_diff = true;
          whitelist.exact = ["/home/leyla/documents/code/nix-config"];
        };
      };
      bash.enable = true;
      openssh = {
        authorizedKeys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight"
        ];
        hostKeys = [
          {
            type = "ed25519";
            path = "${config.home.username}_${osConfig.networking.hostName}_ed25519";
          }
        ];
      };
    };
  };
 }
--- a/configurations/home-manager/leyla/impermanence.nix
+++ b/configurations/home-manager/leyla/impermanence.nix
@ -1,22 +1,18 @@
 {
  lib,
-  osConfig,
+  config,
  ...
 }: {
-  config = lib.mkIf osConfig.host.impermanence.enable {
+  config = lib.mkIf (config.impermanence.enable) {
    home.persistence."/persist/home/leyla" = {
      directories = [
        "desktop"
        "downloads"
        "documents"
        {
          directory = ".local/share/Steam";
          method = "symlink";
        }
      ];
      files = [
        ".bash_history" # keep shell history around
-        ".local/share/recently-used.xbel" # gnome recently viewed files
+        "${config.xdg.dataHome}/recently-used.xbel" # gnome recently viewed files
      ];
      allowOther = true;
    };
--- a/configurations/home-manager/leyla/packages.nix
+++ b/configurations/home-manager/leyla/packages.nix
@ -1,95 +0,0 @@
 {
  lib,
  osConfig,
  pkgs,
  ...
 }: let
  userConfig = osConfig.host.users.leyla;
  hardware = osConfig.host.hardware;
 in {
  imports = [
    ./vscode/default.nix
    ./firefox.nix
  ];
  nixpkgs.config = {
    allowUnfree = true;
  };
  home = {
    packages =
      lib.lists.optionals userConfig.isTerminalUser (
        with pkgs; [
          # command line tools
          sox
          yt-dlp
          ffmpeg
          imagemagick
        ]
      )
      ++ (
        lib.lists.optionals userConfig.isDesktopUser (
          (with pkgs; [
            # helvetica font
            aileron
            gnomeExtensions.dash-to-dock
            # development tools
            dbeaver-bin
            bruno
            proxmark3
          ])
          ++ (
            lib.lists.optionals hardware.directAccess.enable (with pkgs; [
              #foss platforms
              signal-desktop-bin
              bitwarden
              ungoogled-chromium
              libreoffice
              inkscape
              gimp
              krita
              freecad
              # cura
              # kicad-small
              makemkv
              onionshare
              # rhythmbox
              (lib.mkIf hardware.graphicsAcceleration.enable obs-studio)
              # wireshark
              # rpi-imager
              # fritzing
              mfoc
              tor-browser
              anki
              pdfarranger
              calibre
              qbittorrent
              picard
              # proprietary platforms
              discord
              obsidian
              (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve)
              # development tools
              # androidStudioPackages.canary
              jetbrains.idea-community
              qFlipper
              # system tools
              protonvpn-gui
              openvpn
              noisetorch
              # hardware management tools
              (lib.mkIf hardware.piperMouse.enable piper)
              (lib.mkIf hardware.openRGB.enable openrgb)
              (lib.mkIf hardware.viaKeyboard.enable via)
            ])
          )
        )
      );
  };
 }
--- a/configurations/home-manager/leyla/packages/default.nix
+++ b/configurations/home-manager/leyla/packages/default.nix
@ -0,0 +1,93 @@
 {
  lib,
  pkgs,
  config,
  osConfig,
  ...
 }: let
  hardware = osConfig.host.hardware;
 in {
  imports = [
    ./vscode
    ./firefox
    ./direnv.nix
    ./openssh.nix
    ./git.nix
    ./makemkv.nix
  ];
  config = lib.mkMerge [
    {
      programs = lib.mkMerge [
        {
          # Let Home Manager install and manage itself.
          home-manager.enable = true;
        }
        (lib.mkIf (config.user.isTerminalUser || config.user.isDesktopUser) {
          bash.enable = true;
          git.enable = true;
          openssh.enable = true;
        })
        (lib.mkIf config.user.isDesktopUser {
          bitwarden.enable = true;
          obs-studio.enable = hardware.graphicsAcceleration.enable;
          qbittorrent.enable = true;
          prostudiomasters.enable = true;
          protonvpn-gui.enable = true;
          dbeaver-bin.enable = true;
          bruno.enable = true;
          piper.enable = hardware.piperMouse.enable;
          proxmark3.enable = true;
          openrgb.enable = hardware.openRGB.enable;
          via.enable = hardware.viaKeyboard.enable;
          claude-code.enable = osConfig.host.ai.enable;
          davinci-resolve.enable = hardware.graphicsAcceleration.enable;
          mfoc.enable = true;
        })
        (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) {
          anki.enable = true;
          makemkv.enable = true;
          discord.enable = true;
          signal-desktop-bin.enable = true;
          calibre.enable = true;
          obsidian.enable = true;
          jetbrains.idea-community.enable = true;
          vscode.enable = true;
          firefox.enable = true;
          steam.enable = true;
          krita.enable = true;
          ungoogled-chromium.enable = true;
          libreoffice.enable = true;
          mapillary-uploader.enable = true;
          inkscape.enable = true;
          gimp.enable = true;
          freecad.enable = true;
          onionshare.enable = true;
          pdfarranger.enable = true;
          picard.enable = true;
          qflipper.enable = true;
          openvpn.enable = true;
          noisetorch.enable = true;
          tor-browser.enable = true;
          gdx-liftoff.enable = true;
          # polycule package is now working with Flutter 3.29
          polycule.enable = true;
        })
      ];
    }
    (lib.mkIf config.user.isTerminalUser {
      home.packages = with pkgs; [
        # command line tools
        sox
        yt-dlp
        ffmpeg
        imagemagick
      ];
    })
    (lib.mkIf config.user.isDesktopUser {
      nixpkgs.config = {
        allowUnfree = true;
      };
    })
  ];
 }
--- a/configurations/home-manager/leyla/packages/direnv.nix
+++ b/configurations/home-manager/leyla/packages/direnv.nix
@ -0,0 +1,22 @@
 {
  lib,
  config,
  osConfig,
  ...
 }: let
  userConfig = osConfig.host.users.leyla;
 in {
  config = lib.mkIf userConfig.isDesktopUser {
    programs = {
      direnv = {
        enable = true;
        enableBashIntegration = true;
        nix-direnv.enable = true;
        config = {
          global.hide_env_diff = true;
          whitelist.exact = ["${config.home.homeDirectory}/documents/code/nix-config"];
        };
      };
    };
  };
 }
--- a/configurations/home-manager/leyla/packages/firefox/bookmarks.nix
+++ b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix
@ -0,0 +1,149 @@
 {...}: {
  programs.firefox = {
    profiles.leyla = {
      bookmarks = {
        force = true;
        settings = [
          # Personal Services
          {
            name = "Media";
            url = "https://media.jan-leila.com/";
            keyword = "";
            tags = [""];
          }
          {
            name = "Photos";
            url = "https://photos.jan-leila.com";
            keyword = "";
            tags = [""];
          }
          {
            name = "Git";
            url = "https://git.jan-leila.com/";
            keyword = "";
            tags = [""];
          }
          {
            name = "Home Automation";
            url = "https://home.jan-leila.com/";
            keyword = "";
            tags = [""];
          }
          {
            name = "Search";
            url = "https://search.jan-leila.com/";
            keyword = "";
            tags = [""];
          }
          {
            name = "Budget";
            url = "https://budget.jan-leila.com/";
            keyword = "";
            tags = [""];
          }
          {
            name = "Documents";
            url = "https://documents.jan-leila.com/";
            keyword = "";
            tags = [""];
          }
          # Defiant Server Services
          {
            name = "QBittorrent";
            url = "http://defiant:8084";
            keyword = "";
            tags = ["defiant"];
          }
          {
            name = "Sonarr";
            url = "http://defiant:8989";
            keyword = "";
            tags = ["defiant"];
          }
          {
            name = "Radarr";
            url = "http://defiant:7878";
            keyword = "";
            tags = ["defiant"];
          }
          {
            name = "Bazarr";
            url = "http://defiant:6767";
            keyword = "";
            tags = ["defiant"];
          }
          {
            name = "Lidarr";
            url = "http://defiant:8686";
            keyword = "";
            tags = ["defiant"];
          }
          {
            name = "Jackett";
            url = "http://defiant:9117";
            keyword = "";
            tags = ["defiant"];
          }
          {
            name = "Crab-hole DNS";
            url = "http://defiant:8085";
            keyword = "";
            tags = ["defiant"];
          }
          # External Services
          {
            name = "Mail";
            url = "https://mail.protonmail.com";
            keyword = "";
            tags = [""];
          }
          {
            name = "Open Street Map";
            url = "https://www.openstreetmap.org/";
            keyword = "";
            tags = [""];
          }
          {
            name = "Password Manager";
            url = "https://vault.bitwarden.com/";
            keyword = "";
            tags = [""];
          }
          {
            name = "Mastodon";
            url = "https://mspsocial.net";
            keyword = "";
            tags = [""];
          }
          {
            name = "Linked In";
            url = "https://www.linkedin.com/";
            keyword = "";
            tags = [""];
          }
          {
            name = "Job Search";
            url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1";
            keyword = "";
            tags = [""];
          }
          {
            name = "React Docs";
            url = "https://react.dev/";
            keyword = "";
            tags = [""];
          }
          # Template
          # {
          #   name = "";
          #   url = "";
          #   keyword = "";
          #   tags = [""];
          # }
        ];
      };
    };
  };
 }
--- a/configurations/home-manager/leyla/packages/firefox/default.nix
+++ b/configurations/home-manager/leyla/packages/firefox/default.nix
@ -0,0 +1,18 @@
 {
  lib,
  pkgs,
  inputs,
  ...
 }: {
  imports = [
    ./firefox.nix
    ./bookmarks.nix
    ./harden.nix
  ];
  config = {
    programs.firefox = {
      enable = true;
    };
  };
 }
--- a/configurations/home-manager/leyla/packages/firefox/firefox.nix
+++ b/configurations/home-manager/leyla/packages/firefox/firefox.nix
@ -5,7 +5,6 @@
  ...
 }: {
  programs.firefox = {
    enable = true;
    profiles.leyla = {
      settings = {
        "browser.search.defaultenginename" = "Searx";
@ -32,7 +31,7 @@
                ];
              }
            ];
-            icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+            icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
            definedAliases = ["@np"];
          };
          "NixOS Wiki" = {
@ -72,38 +71,40 @@
        deutsch-de-language-pack
        dictionary-german
-        # (
+        tab-session-manager
-        #   buildFirefoxXpiAddon rec {
+
-        #     pname = "italiano-it-language-pack";
+        # (\
-        #     version = "132.0.20241110.231641";
+        #   buildFirefoxXpiAddon rec {\
-        #     addonId = "langpack-it@firefox.mozilla.org";
+        #     pname = "italiano-it-language-pack";\
-        #     url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi";
+        #     version = "132.0.20241110.231641";\
-        #     sha256 = "";
+        #     addonId = "langpack-it@firefox.mozilla.org";\
-        #     meta = with lib;
+        #     url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi";\
-        #     {
+        #     sha256 = "";\
-        #       description = "Firefox Language Pack for Italiano (it) – Italian";
+        #     meta = with lib;\
-        #       license = licenses.mpl20;
+        #     {\
-        #       mozPermissions = [];
+        #       description = "Firefox Language Pack for Italiano (it) – Italian";\
-        #       platforms = platforms.all;
+        #       license = licenses.mpl20;\
-        #     };
+        #       mozPermissions = [];\
-        #   }
+        #       platforms = platforms.all;\
-        # )
+        #     };\
-        # (
+        #   }\
-        #   buildFirefoxXpiAddon rec {
+        # )\
-        #     pname = "dizionario-italiano";
+        # (\
-        #     version = "5.1";
+        #   buildFirefoxXpiAddon rec {\
-        #     addonId = "it-IT@dictionaries.addons.mozilla.org";
+        #     pname = "dizionario-italiano";\
-        #     url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi";
+        #     version = "5.1";\
-        #     sha256 = "";
+        #     addonId = "it-IT@dictionaries.addons.mozilla.org";\
-        #     meta = with lib;
+        #     url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi";\
-        #     {
+        #     sha256 = "";\
-        #       description = "Add support for Italian to spellchecking";
+        #     meta = with lib;\
-        #       license = licenses.gpl3;
+        #     {\
-        #       mozPermissions = [];
+        #       description = "Add support for Italian to spellchecking";\
-        #       platforms = platforms.all;
+        #       license = licenses.gpl3;\
-        #     };
+        #       mozPermissions = [];\
-        #   }
+        #       platforms = platforms.all;\
-        # )
+        #     };\
        #   }\
        # )\
      ];
      settings = {
@ -140,7 +141,6 @@
          "placements" = {
            "widget-overflow-fixed-list" = [];
            "unified-extensions-area" = [
              "privacy_privacy_com-browser-action"
              # bitwarden
              "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action"
              "ublock0_raymondhill_net-browser-action"
@ -215,127 +215,6 @@
          "T9nJot5PurhJSy8n038xGA=="
        ] (_: 1);
        "identity.fxaccounts.enabled" = false;
        # Security
        "privacy.trackingprotection.enabled" = true;
        "dom.security.https_only_mode" = true;
        "extensions.formautofill.addresses.enabled" = false;
        "extensions.formautofill.creditCards.enabled" = false;
        "signon.rememberSignons" = false;
        "privacy.sanitize.sanitizeOnShutdown" = true;
        "privacy.clearOnShutdown_v2.cache" = true;
        "privacy.clearOnShutdown_v2.cookiesAndStorage" = true;
        "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true;
        "urlclassifier.trackingSkipURLs" = "";
        "urlclassifier.features.socialtracking.skipURLs" = "";
        "dom.security.https_only_mode_pbm" = true;
        "dom.security.https_only_mode_error_page_user_suggestions" = true;
        # Disable telemetry
        "app.shield.optoutstudies.enabled" = false;
        "browser.discovery.enabled" = false;
        "browser.newtabpage.activity-stream.feeds.telemetry" = false;
        "browser.newtabpage.activity-stream.telemetry" = false;
        "browser.ping-centre.telemetry" = false;
        "datareporting.healthreport.service.enabled" = false;
        "datareporting.healthreport.uploadEnabled" = false;
        "datareporting.policy.dataSubmissionEnabled" = false;
        "datareporting.sessions.current.clean" = true;
        "devtools.onboarding.telemetry.logged" = false;
        "toolkit.telemetry.archive.enabled" = false;
        "toolkit.telemetry.bhrPing.enabled" = false;
        "toolkit.telemetry.enabled" = false;
        "toolkit.telemetry.firstShutdownPing.enabled" = false;
        "toolkit.telemetry.hybridContent.enabled" = false;
        "toolkit.telemetry.newProfilePing.enabled" = false;
        "toolkit.telemetry.prompted" = 2;
        "toolkit.telemetry.rejected" = true;
        "toolkit.telemetry.reportingpolicy.firstRun" = false;
        "toolkit.telemetry.server" = "";
        "toolkit.telemetry.shutdownPingSender.enabled" = false;
        "toolkit.telemetry.unified" = false;
        "toolkit.telemetry.unifiedIsOptIn" = false;
        "toolkit.telemetry.updatePing.enabled" = false;
      };
      bookmarks = {
        force = true;
        settings = [
          {
            name = "Media";
            url = "https://media.jan-leila.com/";
            keyword = "";
            tags = [""];
          }
          {
            name = "Photos";
            url = "https://photos.jan-leila.com";
            keyword = "";
            tags = [""];
          }
          {
            name = "Git";
            url = "https://git.jan-leila.com/";
            keyword = "";
            tags = [""];
          }
          {
            name = "Home Automation";
            url = "https://home.jan-leila.com/";
            keyword = "";
            tags = [""];
          }
          {
            name = "Mail";
            url = "https://mail.protonmail.com";
            keyword = "";
            tags = [""];
          }
          {
            name = "Open Street Map";
            url = "https://www.openstreetmap.org/";
            keyword = "";
            tags = [""];
          }
          {
            name = "Password Manager";
            url = "https://vault.bitwarden.com/";
            keyword = "";
            tags = [""];
          }
          {
            name = "Mastodon";
            url = "https://mspsocial.net";
            keyword = "";
            tags = [""];
          }
          {
            name = "Linked In";
            url = "https://www.linkedin.com/";
            keyword = "";
            tags = [""];
          }
          {
            name = "Job Search";
            url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1";
            keyword = "";
            tags = [""];
          }
          {
            name = "React Docs";
            url = "https://react.dev/";
            keyword = "";
            tags = [""];
          }
          # Template
          # {
          #   name = "";
          #   url = "";
          #   keyword = "";
          #   tags = [""];
          # }
        ];
      };
    };
  };
--- a/configurations/home-manager/leyla/packages/firefox/harden.nix
+++ b/configurations/home-manager/leyla/packages/firefox/harden.nix
@ -0,0 +1,50 @@
 {...}: {
  programs.firefox = {
    profiles.leyla = {
      settings = {
        # Security
        "privacy.trackingprotection.enabled" = true;
        "dom.security.https_only_mode" = true;
        "dom.security.https_only_mode_pbm" = true;
        "dom.security.https_only_mode_error_page_user_suggestions" = true;
        # Privacy & Data Protection
        "extensions.formautofill.addresses.enabled" = false;
        "extensions.formautofill.creditCards.enabled" = false;
        "signon.rememberSignons" = false;
        "privacy.sanitize.sanitizeOnShutdown" = true;
        "privacy.clearOnShutdown_v2.cache" = true;
        "privacy.clearOnShutdown_v2.cookiesAndStorage" = true;
        "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true;
        "urlclassifier.trackingSkipURLs" = "";
        "urlclassifier.features.socialtracking.skipURLs" = "";
        # Disable telemetry and data collection
        "app.shield.optoutstudies.enabled" = false;
        "browser.discovery.enabled" = false;
        "browser.newtabpage.activity-stream.feeds.telemetry" = false;
        "browser.newtabpage.activity-stream.telemetry" = false;
        "browser.ping-centre.telemetry" = false;
        "datareporting.healthreport.service.enabled" = false;
        "datareporting.healthreport.uploadEnabled" = false;
        "datareporting.policy.dataSubmissionEnabled" = false;
        "datareporting.sessions.current.clean" = true;
        "devtools.onboarding.telemetry.logged" = false;
        "toolkit.telemetry.archive.enabled" = false;
        "toolkit.telemetry.bhrPing.enabled" = false;
        "toolkit.telemetry.enabled" = false;
        "toolkit.telemetry.firstShutdownPing.enabled" = false;
        "toolkit.telemetry.hybridContent.enabled" = false;
        "toolkit.telemetry.newProfilePing.enabled" = false;
        "toolkit.telemetry.prompted" = 2;
        "toolkit.telemetry.rejected" = true;
        "toolkit.telemetry.reportingpolicy.firstRun" = false;
        "toolkit.telemetry.server" = "";
        "toolkit.telemetry.shutdownPingSender.enabled" = false;
        "toolkit.telemetry.unified" = false;
        "toolkit.telemetry.unifiedIsOptIn" = false;
        "toolkit.telemetry.updatePing.enabled" = false;
      };
    };
  };
 }
--- a/configurations/home-manager/leyla/packages/git.nix
+++ b/configurations/home-manager/leyla/packages/git.nix
@ -0,0 +1,13 @@
 {...}: {
  config = {
    programs = {
      git = {
        settings = {
          user.name = "Leyla Becker";
          user.email = "git@jan-leila.com";
          init.defaultBranch = "main";
        };
      };
    };
  };
 }
--- a/configurations/home-manager/leyla/packages/makemkv.nix
+++ b/configurations/home-manager/leyla/packages/makemkv.nix
@ -0,0 +1,17 @@
 {
  config,
  inputs,
  ...
 }: {
  config = {
    sops.secrets = {
      "application-keys/makemkv" = {
        sopsFile = "${inputs.secrets}/application-keys.yaml";
      };
    };
    programs.makemkv = {
      appKeyFile = config.sops.placeholder."application-keys/makemkv";
      destinationDir = "/home/leyla/downloads/makemkv";
    };
  };
 }
--- a/configurations/home-manager/leyla/packages/openssh.nix
+++ b/configurations/home-manager/leyla/packages/openssh.nix
@ -0,0 +1,23 @@
 {
  config,
  osConfig,
  ...
 }: {
  config = {
    programs = {
      openssh = {
        authorizedKeys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight"
        ];
        hostKeys = [
          {
            type = "ed25519";
            path = "${config.home.username}_${osConfig.networking.hostName}_ed25519";
          }
        ];
      };
    };
  };
 }
--- a/configurations/home-manager/leyla/packages/vscode/default.nix
+++ b/configurations/home-manager/leyla/packages/vscode/default.nix
@ -0,0 +1,136 @@
 {
  lib,
  pkgs,
  config,
  osConfig,
  ...
 }: let
  nix-development-enabled = osConfig.host.nix-development.enable;
  ai-tooling-enabled = osConfig.host.ai.enable;
 in {
  imports = [
    ./user-words.nix
  ];
  config = lib.mkIf config.user.isDesktopUser {
    programs = {
      bash.shellAliases = {
        code = "codium";
      };
      vscode = {
        package = pkgs.vscodium;
        mutableExtensionsDir = false;
        profiles.default = {
          enableUpdateCheck = false;
          enableExtensionUpdateCheck = false;
          userSettings = lib.mkMerge [
            {
              "javascript.updateImportsOnFileMove.enabled" = "always";
              "editor.tabSize" = 2;
              "editor.insertSpaces" = false;
              # "terminal.integrated.fontFamily" = "'Droid Sans Mono', 'monospace', monospace";
            }
          ];
          extraExtensions = {
            # vs code feel
            oneDark.enable = true;
            atomKeybindings.enable = true;
            openRemoteSsh.enable = true;
            # openDyslexicFont.enable = false;
            # html development
            autoRenameTag.enable = true;
            liveServer.enable = true;
            # js development
            es7ReactJsSnippets.enable = true;
            tauriVscode.enable = true;
            vscodeEslint.enable = true;
            vscodeJest.enable = true;
            vitest.enable = true;
            vscodeStandard.enable = true;
            vscodeStylelint.enable = true;
            nearley.enable = true;
            # astro development
            vscodeMdx.enable = true;
            astroVscode.enable = true;
            # nix development
            alejandra.enable = nix-development-enabled;
            nixIde.enable = nix-development-enabled;
            # go development
            go.enable = true;
            # rust development
            rustAnalyzer.enable = true;
            # claude development
            claudeDev = lib.mkIf ai-tooling-enabled {
              enable = true;
              mcp = {
                nixos = {
                  enable = true;
                  autoApprove = {
                    nixos_search = true;
                    nixos_info = true;
                    home_manager_search = true;
                    home_manager_info = true;
                    darwin_search = true;
                    darwin_info = true;
                    nixos_flakes_search = true;
                  };
                };
                eslint = {
                  enable = true;
                  autoApprove = {
                    lint-files = true;
                  };
                };
                vitest = {
                  enable = true;
                  autoApprove = {
                    list_tests = true;
                    run_tests = true;
                    analyze_coverage = true;
                    set_project_root = true;
                  };
                };
                sleep = {
                  enable = true;
                  timeout = 18000; # 5 hours to match claude codes timeout
                  autoApprove = {
                    sleep = true;
                  };
                };
              };
            };
            # misc extensions
            evenBetterToml.enable = true;
            direnv.enable = config.programs.direnv.enable;
            conventionalCommits.enable = true;
          };
          extensions = let
            extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version;
          in (
            with extension-pkgs.open-vsx; [
              # vs code feel extensions
              streetsidesoftware.code-spell-checker
              streetsidesoftware.code-spell-checker-german
              streetsidesoftware.code-spell-checker-italian
            ]
          );
        };
      };
    };
  };
 }
--- a/configurations/home-manager/leyla/packages/vscode/user-words.nix
+++ b/configurations/home-manager/leyla/packages/vscode/user-words.nix
@ -0,0 +1,126 @@
 {
  pkgs,
  lib,
  ...
 }: {
  config.programs.vscode.profiles.default.userSettings = {
    "cSpell.userWords" = [
      "leyla"
    ];
    "cSpell.languageSettings" = [
      {
        "languageId" = "nix";
        "locale" = "*";
        "dictionaries" = [
          "applications"
          "ai-words"
          "nix-words"
          # We need to include all other dictionaries in the nix language settings because they exist in this file
          # TODO: see if there is a way to make this only apply for this file
          "js-words"
        ];
      }
      {
        "languageId" = "javascript,typescript,js,ts";
        "locale" = "*";
        "dictionaries" = [
          "js-words"
        ];
      }
    ];
    "cSpell.customDictionaries" = {
      applications = {
        name = "applications";
        description = "application names";
        path = pkgs.writeText "applications.txt" (lib.strings.concatLines [
          "ollama"
          "syncthing"
          "immich"
          "sonos"
          "makemkv"
          "hass"
          "qbittorent"
          "prostudiomasters"
          "protonmail"
          "pulseaudio"
        ]);
      };
      ai-words = {
        name = "ai-words";
        description = "common words used for ai development";
        path = pkgs.writeText "ai-words.txt" (lib.strings.concatLines [
          "ollama"
          "deepseek"
          "qwen"
        ]);
      };
      nix-words = {
        name = "nix-words";
        description = "words used in nix configurations";
        path = pkgs.writeText "nix-words.txt" (lib.strings.concatLines [
          "pname"
          "direnv"
          "tmpfiles"
          "Networkd"
          "networkmanager"
          "dialout"
          "adbusers"
          "authkey"
          "netdevs"
          "atomix"
          "geary"
          "gedit"
          "hitori"
          "iagno"
          "alsa"
          "timezoned"
          "pipewire"
          "rtkit"
          "disko"
          "ashift"
          "autotrim"
          "canmount"
          "mountpoint"
          "xattr"
          "acltype"
          "relatime"
          "keyformat"
          "keylocation"
          "vdevs"
          # codium extensions
          "akamud"
          "onedark"
          "jeanp"
          "dsznajder"
          "dbaeumer"
          "orta"
          "tauri"
          "unifiedjs"
          "tamasfe"
          "pinage"
          "jnoortheen"
          "kamadorueda"
          "karyfoundation"
          "nearley"
          # nix.optimise is spelled wrong
          "optimise"
        ]);
      };
      js-words = {
        name = "js-words";
        description = "words used in js development";
        path = pkgs.writeText "js-words.txt" (lib.strings.concatLines [
          "webdav"
        ]);
      };
    };
  };
 }
--- a/configurations/home-manager/leyla/vscode/default.nix
+++ b/configurations/home-manager/leyla/vscode/default.nix
@ -1,118 +0,0 @@
 {
  lib,
  pkgs,
  inputs,
  config,
  osConfig,
  ...
 }: let
  nix-development-enabled = osConfig.host.nix-development.enable;
  ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable;
 in {
  nixpkgs = {
    overlays = [
      inputs.nix-vscode-extensions.overlays.default
    ];
  };
  programs = {
    bash.shellAliases = {
      code = "codium";
    };
    vscode = let
      extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system};
      open-vsx = extensions.open-vsx;
      vscode-marketplace = extensions.vscode-marketplace;
    in {
      enable = true;
      package = pkgs.vscodium;
      mutableExtensionsDir = false;
      profiles.default = {
        enableUpdateCheck = false;
        enableExtensionUpdateCheck = false;
        userSettings = lib.mkMerge [
          {
            "workbench.colorTheme" = "Atom One Dark";
            "cSpell.userWords" = import ./user-words.nix;
            "javascript.updateImportsOnFileMove.enabled" = "always";
            "editor.tabSize" = 2;
            "editor.insertSpaces" = false;
          }
          (lib.mkIf nix-development-enabled {
            "nix.enableLanguageServer" = true;
            "nix.serverPath" = "nil";
            "[nix]" = {
              "editor.defaultFormatter" = "kamadorueda.alejandra";
              "editor.formatOnPaste" = true;
              "editor.formatOnSave" = true;
              "editor.formatOnType" = true;
            };
            "alejandra.program" = "alejandra";
            "nixpkgs" = {
              "expr" = "import <nixpkgs> {}";
            };
          })
          (lib.mkIf ai-tooling-enabled {
            "continue.telemetryEnabled" = false;
          })
        ];
        extensions = (
          with open-vsx;
            [
              # vs code feel extensions
              ms-vscode.atom-keybindings
              akamud.vscode-theme-onedark
              streetsidesoftware.code-spell-checker
              streetsidesoftware.code-spell-checker-german
              streetsidesoftware.code-spell-checker-italian
              jeanp413.open-remote-ssh
              # html extensions
              formulahendry.auto-rename-tag
              ms-vscode.live-server
              # js extensions
              dsznajder.es7-react-js-snippets
              dbaeumer.vscode-eslint
              standard.vscode-standard
              firsttris.vscode-jest-runner
              stylelint.vscode-stylelint
              tauri-apps.tauri-vscode
              # go extensions
              golang.go
              # astro blog extensions
              astro-build.astro-vscode
              unifiedjs.vscode-mdx
              # misc extensions
              tamasfe.even-better-toml
            ]
            ++ (lib.lists.optionals nix-development-enabled [
              # nix extensions
              pinage404.nix-extension-pack
              jnoortheen.nix-ide
              kamadorueda.alejandra
            ])
            ++ (
              with vscode-marketplace;
                [
                  # js extensions
                  karyfoundation.nearley
                ]
                ++ (lib.lists.optionals ai-tooling-enabled [
                  continue.continue
                ])
            )
        );
      };
    };
  };
 }
--- a/configurations/home-manager/leyla/vscode/user-words.nix
+++ b/configurations/home-manager/leyla/vscode/user-words.nix
@ -1,6 +0,0 @@
 [
  "leyla"
  "webdav"
  "ollama"
  "optimise"
 ]
--- a/configurations/nixos/defiant/configuration.nix
+++ b/configurations/nixos/defiant/configuration.nix
@ -17,6 +17,12 @@
    "services/zfs_smtp_token" = {
      sopsFile = "${inputs.secrets}/defiant-services.yaml";
    };
    "services/paperless_password" = {
      sopsFile = "${inputs.secrets}/defiant-services.yaml";
      mode = "0700";
      owner = "paperless";
      group = "paperless";
    };
  };
  host = {
@ -36,10 +42,12 @@
        host = "smtp.protonmail.ch";
        port = 587;
        to = "leyla@jan-leila.com";
-        user = "leyla@jan-leila.com";
+        user = "noreply@jan-leila.com";
        tokenFile = config.sops.secrets."services/zfs_smtp_token".path;
      };
      pool = {
        # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA
        bootDrives = ["nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"];
        vdevs = [
          [
            "ata-ST18000NE000-3G6101_ZVTCXVEB"
@ -49,7 +57,6 @@
            "ata-ST18000NT001-3NF101_ZVTEF27J"
            "ata-ST18000NE000-3G6101_ZVTJ7359"
          ]
          # TODO: this needs to be configured manually
          [
            "ata-ST4000NE001-2MA101_WS2275P3"
            "ata-ST4000NE001-2MA101_WS227B9F"
@ -95,36 +102,11 @@
        directories = ["leyla_documents" "eve_documents" "users_documents" "media"];
      };
    };
    reverse_proxy = {
      enable = true;
      enableACME = true;
      hostname = "jan-leila.com";
    };
    postgres = {
      extraUsers = {
        leyla = {
          isAdmin = true;
        };
      };
    };
    # home-assistant = {
    #   enable = false;
    #   subdomain = "home";
    # };
    adguardhome = {
      enable = false;
    };
  };
  systemd.network = {
    enable = true;
    # config = {
    #   routeTables = {
    #     p2p = 1;
    #   };
    # };
    netdevs = {
      "10-bond0" = {
        netdevConfig = {
@ -137,26 +119,24 @@
        };
      };
-      # "15-p2p0" = {
+      "20-wg0" = {
-      #   netdevConfig = {
+        netdevConfig = {
-      #     Kind = "wireguard";
+          Kind = "wireguard";
-      #     Name = "p2p0";
+          Name = "wg0";
-      #     MTUBytes = "1280";
+        };
-      #   };
+        wireguardConfig = {
-      #   wireguardConfig = {
+          PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path;
-      #     PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path;
+          ListenPort = 51820;
-      #     ListenPort = 51820;
+        };
-      #     # RouteTable = "p2p";
+        wireguardPeers = [
-      #   };
+          {
-      #   wireguardPeers = [
+            PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0=";
-      #     {
+            Endpoint = "185.230.126.146:51820";
-      #       PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0=";
+            # Allow all traffic but use policy routing to prevent system-wide VPN
-      #       Endpoint = "185.230.126.146:51820";
+            AllowedIPs = ["0.0.0.0/0"];
-      #       AllowedIPs = ["0.0.0.0/0"];
+          }
-      #       RouteTable = "off";
+        ];
-      #     }
+      };
      #   ];
      # };
    };
    networks = {
      "40-bond0" = {
@ -171,43 +151,93 @@
          "192.168.1.10/32"
        ];
-        gateway = ["192.168.1.1"];
+        # Set lower priority for default gateway to allow WireGuard interface binding
        routes = [
          {
            Destination = "0.0.0.0/0";
            Gateway = "192.168.1.1";
            Metric = 100;
          }
        ];
        dns = ["192.168.1.1"];
      };
-      # "45-p2p0" = {
+      "50-wg0" = {
-      #   matchConfig.Name = "p2p0";
+        matchConfig.Name = "wg0";
-      #   address = [
+        networkConfig = {
-      #     "10.2.0.2/32"
+          DHCP = "no";
-      #   ];
+        };
-      #   routes = [
+        address = [
-      #     {
+          "10.2.0.2/32"
-      #       Destination = "0.0.0.0/0";
+        ];
-      #     }
+        # Configure routing for application binding
-      #   ];
+        routingPolicyRules = [
-      #   linkConfig.RequiredForOnline = false;
+          {
-      # };
+            # Route traffic from VPN interface through VPN table
            From = "10.2.0.2/32";
            Table = 200;
            Priority = 100;
          }
        ];
        routes = [
          {
            # Direct route to VPN gateway
            Destination = "10.2.0.1/32";
            Scope = "link";
          }
          {
            # Route VPN subnet through VPN gateway in custom table
            Destination = "10.2.0.0/16";
            Gateway = "10.2.0.1";
            Table = 200;
          }
          {
            # Route all traffic through VPN gateway in custom table
            Destination = "0.0.0.0/0";
            Gateway = "10.2.0.1";
            Table = 200;
          }
        ];
      };
    };
  };
  # limit arc usage to 50gb because ollama doesn't play nice with zfs using up all of the memory
  boot.kernelParams = ["zfs.zfs_arc_max=53687091200"];
  # Enable policy routing and source routing for application-specific VPN binding
  boot.kernel.sysctl = {
    "net.ipv4.conf.all.rp_filter" = 2;
    "net.ipv4.conf.default.rp_filter" = 2;
    "net.ipv4.conf.wg0.rp_filter" = 2;
  };
  services = {
-    # TODO: move zfs scrubbing into module
+    # PostgreSQL database server
-    zfs = {
+    postgresql = {
-      autoScrub.enable = true;
+      enable = true;
-      autoSnapshot.enable = true;
+      adminUsers = ["leyla"];
    };
-    # temp enable desktop enviroment for setup
+    # temp enable desktop environment for setup
    # Enable the X11 windowing system.
-    xserver = {
+    xserver.enable = true;
      enable = true;
-      # Enable the GNOME Desktop Environment.
+    # Enable the GNOME Desktop Environment.
-      displayManager = {
+    displayManager = {
-        gdm.enable = true;
+      gdm.enable = true;
-      };
+    };
-      desktopManager = {
+    desktopManager = {
-        gnome.enable = true;
+      gnome.enable = true;
    };
    # Enable new reverse proxy system
    reverseProxy = {
      enable = true;
      openFirewall = true;
      acme = {
        enable = true;
        email = "jan-leila@protonmail.com";
      };
    };
@ -215,6 +245,12 @@
      enable = true;
      exposePort = true;
      acceleration = false;
      environmentVariables = {
        OLLAMA_KEEP_ALIVE = "24h";
      };
      loadModels = [
        # conversation models
        "llama3.1:8b"
@ -231,6 +267,10 @@
        # agent models
        "qwen3:8b"
        "qwen3:32b"
        "qwen3:235b-a22b"
        "qwen3-coder:30b"
        "qwen3-coder:30b-a3b-fp16"
        # embedding models
        "nomic-embed-text:latest"
@ -258,36 +298,99 @@
    jellyfin = {
      enable = true;
-      subdomain = "media";
+      domain = "media.jan-leila.com";
-      extraSubdomains = ["jellyfin"];
+      extraDomains = ["jellyfin.jan-leila.com"];
    };
    immich = {
      enable = true;
-      subdomain = "photos";
+      domain = "photos.jan-leila.com";
    };
    forgejo = {
      enable = true;
-      subdomain = "git";
+      reverseProxy.domain = "git.jan-leila.com";
    };
    searx = {
      enable = true;
-      subdomain = "search";
+      domain = "search.jan-leila.com";
    };
-    virt-home-assistant = {
+    actual = {
      enable = true;
      domain = "budget.jan-leila.com";
    };
    home-assistant = {
      enable = true;
      domain = "home.jan-leila.com";
      openFirewall = true;
      postgres.enable = true;
      extensions = {
        sonos.enable = true;
        jellyfin.enable = true;
        wyoming.enable = false; # Temporarily disabled due to dependency conflict in wyoming-piper
      };
    };
    paperless = {
      enable = true;
      domain = "documents.jan-leila.com";
      passwordFile = config.sops.secrets."services/paperless_password".path;
    };
    panoramax = {
      enable = false;
-      networkBridge = "bond0";
+      openFirewall = true;
-      hostDevice = "0x10c4:0xea60";
+    };
    crab-hole = {
      enable = true;
      port = 8085;
      openFirewall = true;
      show_doc = true;
      downstreams = {
        host = {
          enable = true;
          openFirewall = true;
        };
      };
      upstreams.cloudFlare.enable = true;
      blocklists.ad_malware.enable = true;
    };
    qbittorrent = {
      enable = true;
      mediaDir = "/srv/qbittorent";
      openFirewall = true;
-      webPort = 8084;
+      webuiPort = 8084;
    };
    sonarr = {
      enable = true;
      openFirewall = true;
    };
    radarr = {
      enable = true;
      openFirewall = true;
    };
    bazarr = {
      enable = true;
      openFirewall = true;
    };
    lidarr = {
      enable = true;
      openFirewall = true;
    };
    jackett = {
      enable = true;
      openFirewall = true;
    };
    flaresolverr = {
      enable = true;
      openFirewall = true;
    };
  };
@ -298,7 +401,7 @@
    hibernate.enable = false;
    hybrid-sleep.enable = false;
  };
-  services.xserver.displayManager.gdm.autoSuspend = false;
+  services.displayManager.gdm.autoSuspend = false;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
--- a/configurations/nixos/defiant/default.nix
+++ b/configurations/nixos/defiant/default.nix
@ -3,5 +3,6 @@
  imports = [
    ./hardware-configuration.nix
    ./configuration.nix
    ./packages.nix
  ];
 }
--- a/configurations/nixos/defiant/packages.nix
+++ b/configurations/nixos/defiant/packages.nix
@ -0,0 +1,9 @@
 {pkgs, ...}: {
  environment.systemPackages = with pkgs; [
    ffsubsync
    sox
    yt-dlp
    ffmpeg
    imagemagick
  ];
 }
--- a/configurations/nixos/emergent/configuration.nix
+++ b/configurations/nixos/emergent/configuration.nix
@ -2,12 +2,12 @@
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  imports = [
    ./nvidia-drivers.nix
  ];
  # Use the systemd-boot EFI boot loader.
@ -36,12 +36,19 @@
  # Enable the X11 windowing system.
  services.xserver.enable = true;
  # Enable wacom touchscreen device
  services.xserver.wacom.enable = true;
  # installed opentabletdriver
  hardware.opentabletdriver.enable = true;
  hardware.keyboard.qmk.enable = true;
  # Enable the GNOME Desktop Environment.
-  services.xserver.displayManager.gdm.enable = true;
+  services.displayManager.gdm.enable = true;
-  services.xserver.desktopManager.gnome.enable = true;
+  services.desktopManager.gnome.enable = true;
  host = {
    ai.enable = true;
    users = {
      eve = {
        isDesktopUser = true;
@ -49,8 +56,24 @@
        isPrincipleUser = true;
      };
    };
    hardware = {
      piperMouse.enable = true;
    };
    storage = {
      enable = true;
      pool = {
        mode = "";
        drives = ["wwn-0x5000039fd0cf05eb"];
      };
    };
  };
  services.tailscale.enable = true;
  # We were having weird build errors so this is disabled right now
  # error: The option `devices.emergent.folders.eve_records.path' was accessed but has no value defined. Try setting the option
  services.syncthing.enable = false;
  # Configure keymap in X11
  # services.xserver.xkb.layout = "us";
  # services.xserver.xkb.options = "eurosign:e,caps:escape";
@ -80,12 +103,17 @@
  # programs.firefox.enable = true;
-  # List packages installed in system profile.
+  nixpkgs.config.allowUnfree = true;
-  # You can use https://search.nixos.org/ to find more packages (and options).
+
-  # environment.systemPackages = with pkgs; [
+  # Packages that can be installed without any extra configuration
-  #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+  # See https://search.nixos.org/packages for all options
-  #   wget
+  environment.systemPackages = with pkgs; [
-  # ];
+    wget
  ];
  # Packages that need to be installed with some extra configuration
  # See https://search.nixos.org/options for all options
  programs = {};
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
--- a/configurations/nixos/emergent/default.nix
+++ b/configurations/nixos/emergent/default.nix
@ -3,6 +3,5 @@
  imports = [
    ./configuration.nix
    ./hardware-configuration.nix
    ./disco-configuration.nix
  ];
 }
--- a/configurations/nixos/emergent/disco-configuration.nix
+++ b/configurations/nixos/emergent/disco-configuration.nix
@ -1,57 +0,0 @@
 {...}: {
  disko.devices = {
    disk = {
      disk1 = {
        type = "disk";
        device = "/dev/disk/by-id/wwn-0x5000039fd0cf05eb";
        content = {
          type = "gpt";
          partitions = {
            ESP = {
              size = "64M";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
                mountOptions = ["umask=0077"];
              };
            };
            zfs = {
              size = "100%";
              content = {
                type = "zfs";
                pool = "zroot";
              };
            };
          };
        };
      };
    };
    zpool = {
      zroot = {
        type = "zpool";
        mode = "";
        options.cachefile = "none";
        rootFsOptions = {
          compression = "zstd";
          "com.sun:auto-snapshot" = "true";
        };
        mountpoint = "/";
        postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank";
        datasets = {
          "system/nix" = {
            type = "zfs_fs";
            mountpoint = "/nix";
            options = {
              atime = "off";
              relatime = "off";
              canmount = "on";
            };
          };
        };
      };
    };
  };
 }
--- a/configurations/nixos/emergent/nvidia-drivers.nix
+++ b/configurations/nixos/emergent/nvidia-drivers.nix
@ -0,0 +1,51 @@
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  # Enable OpenGL
  hardware.graphics = {
    enable = true;
  };
  # Load nvidia driver for Xorg and Wayland
  services = {
    xserver = {
      # Load nvidia driver for Xorg and Wayland
      videoDrivers = ["nvidia"];
    };
    # Use X instead of wayland
    displayManager.gdm.wayland = false;
  };
  hardware.nvidia = {
    # Modesetting is required.
    modesetting.enable = true;
    # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
    # Enable this if you have graphical corruption issues or application crashes after waking
    # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
    # of just the bare essentials.
    powerManagement.enable = true;
    # Fine-grained power management. Turns off GPU when not in use.
    # Experimental and only works on modern Nvidia GPUs (Turing or newer).
    powerManagement.finegrained = false;
    # Use the NVidia open source kernel module (not to be confused with the
    # independent third-party "nouveau" open source driver).
    # Support is limited to the Turing and later architectures. Full list of
    # supported GPUs is at:
    # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
    # Only available from driver 515.43.04+
    open = true;
    # Enable the Nvidia settings menu,
    # accessible via `nvidia-settings`.
    nvidiaSettings = true;
    # Optionally, you may need to select the appropriate driver version for your specific GPU.
    package = config.boot.kernelPackages.nvidiaPackages.stable;
  };
 }
--- a/configurations/nixos/horizon/configuration.nix
+++ b/configurations/nixos/horizon/configuration.nix
@ -1,7 +1,8 @@
 {
  lib,
  pkgs,
  config,
  inputs,
  pkgs,
  ...
 }: {
  imports = [
@ -10,6 +11,19 @@
  nixpkgs.config.allowUnfree = true;
  boot = {
    initrd = {
      availableKernelModules = ["usb_storage" "sd_mod"];
    };
    kernelModules = ["sg"];
    # Bootloader.
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
  };
  host = {
    users = {
      leyla = {
@ -18,6 +32,7 @@
        isPrincipleUser = true;
      };
      eve.isDesktopUser = true;
      ivy.isDesktopUser = true;
    };
    hardware = {
@ -28,38 +43,66 @@
      enable = true;
      models = {
        "Llama 3.1 8B" = {
-          model = "lamma3.1:8b";
+          model = "llama3.1:8b";
          roles = ["chat" "edit" "apply"];
-          apiBase = "http://twilight:11434";
+          apiBase = "http://defiant:11434";
        };
        "Deepseek Coder:6.7B" = {
          model = "deepseek-coder:6.7b";
          roles = ["chat" "edit" "apply"];
          apiBase = "http://defiant:11434";
        };
        "Deepseek Coder:33B" = {
          model = "deepseek-coder:33b";
          roles = ["chat" "edit" "apply"];
          apiBase = "http://defiant:11434";
        };
        "Deepseek r1:8B" = {
          model = "deepseek-r1:8b";
          roles = ["chat"];
          apiBase = "http://defiant:11434";
        };
        "Deepseek r1:32B" = {
          model = "deepseek-r1:32b";
          roles = ["chat"];
          apiBase = "http://defiant:11434";
        };
        "qwen2.5-coder:1.5b-base" = {
          model = "qwen2.5-coder:1.5b-base";
          roles = ["autocomplete"];
-          apiBase = "http://twilight:11434";
+          apiBase = "http://defiant:11434";
        };
        "nomic-embed-text:latest" = {
          model = "nomic-embed-text:latest";
          roles = ["embed"];
-          apiBase = "http://twilight:11434";
+          apiBase = "http://defiant:11434";
        };
      };
    };
  };
  environment.systemPackages = with pkgs; [
    cachefilesd
    webtoon-dl
    prostudiomasters
  ];
  services.cachefilesd.enable = true;
  programs = {
    adb.enable = true;
-    steam = {
+  };
-      enable = true;
+
-      remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+  networking = {
-      dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+    networkmanager.enable = true;
-    };
+    hostName = "horizon"; # Define your hostname.
  };
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware = {
    graphics.enable = true;
  };
  sops.secrets = {
@ -73,6 +116,10 @@
    fprintd = {
      enable = true;
    };
    # firmware update tool
    fwupd = {
      enable = true;
    };
    tailscale = {
      enable = true;
      authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path;
@ -80,8 +127,18 @@
    };
    syncthing.enable = true;
    ollama = {
      enable = true;
      loadModels = [
        "llama3.1:8b"
      ];
    };
  };
  # Enable network-online.target for better network dependency handling
  systemd.services.NetworkManager-wait-online.enable = true;
  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;
--- a/configurations/nixos/horizon/default.nix
+++ b/configurations/nixos/horizon/default.nix
@ -3,5 +3,6 @@
  imports = [
    ./configuration.nix
    ./hardware-configuration.nix
    # ./network-mount.nix
  ];
 }
--- a/configurations/nixos/horizon/hardware-configuration.nix
+++ b/configurations/nixos/horizon/hardware-configuration.nix
@ -4,7 +4,6 @@
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }: {
@ -12,22 +11,10 @@
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
-  boot = {
+  boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme"];
-    initrd = {
+  boot.initrd.kernelModules = [];
-      availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"];
+  boot.kernelModules = ["kvm-intel"];
-      kernelModules = [];
+  boot.extraModulePackages = [];
    };
    kernelModules = ["kvm-intel" "sg"];
    extraModulePackages = [];
    # Bootloader.
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
    supportedFilesystems = ["nfs"];
  };
  fileSystems = {
    "/" = {
@ -39,98 +26,20 @@
      device = "/dev/disk/by-uuid/E138-65B5";
      fsType = "vfat";
    };
    "/mnt/leyla_documents" = {
      device = "defiant:/export/leyla_documents";
      fsType = "nfs";
      options = [
        "vers=4"
        "x-systemd.automount"
        "noauto"
        "user"
        "noatime"
        "nofail"
        "x-systemd.idle-timeout=600"
        "fsc"
        "timeo=600"
        "retrans=2"
      ];
    };
    "/mnt/eve_documents" = {
      device = "defiant:/export/eve_documents";
      fsType = "nfs";
      options = [
        "vers=4"
        "x-systemd.automount"
        "noauto"
        "user"
        "nofail"
        "x-systemd.idle-timeout=600"
        "fsc"
        "timeo=600"
        "retrans=2"
      ];
    };
    "/mnt/users_documents" = {
      device = "defiant:/export/users_documents";
      fsType = "nfs";
      options = [
        "vers=4"
        "x-systemd.automount"
        "noauto"
        "user"
        "nofail"
        "x-systemd.idle-timeout=600"
        "fsc"
        "timeo=600"
        "retrans=2"
      ];
    };
    "/mnt/media" = {
      device = "defiant:/export/media";
      fsType = "nfs";
      options = [
        "vers=4"
        "x-systemd.automount"
        "noauto"
        "user"
        "noatime"
        "nofail"
        "x-systemd.idle-timeout=600"
        "noatime"
        "nodiratime"
        "relatime"
        "fsc"
        "timeo=600"
        "retrans=2"
      ];
    };
  };
  environment.systemPackages = with pkgs; [
    cachefilesd
  ];
  services.cachefilesd.enable = true;
  swapDevices = [
    {device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff";}
  ];
-  networking = {
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-    networkmanager.enable = true;
+  # (the default) this is the recommended approach. When using systemd-networkd it's
-    useDHCP = lib.mkDefault true;
+  # still possible to use this option, but it's recommended to use it in conjunction
-    hostName = "horizon"; # Define your hostname.
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  };
+  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  hardware = {
    graphics.enable = true;
    cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  };
 }
--- a/configurations/nixos/horizon/network-mount.nix
+++ b/configurations/nixos/horizon/network-mount.nix
@ -0,0 +1,76 @@
 {...}: {
  boot.supportedFilesystems = ["nfs"];
  fileSystems = {
    "/mnt/leyla_documents" = {
      device = "defiant:/exports/leyla_documents";
      fsType = "nfs";
      options = [
        "x-systemd.automount"
        "noauto"
        "noatime"
        "nofail"
        "soft"
        "intr" # Allow interruption of NFS calls
        "timeo=30" # 3 second timeout (30 deciseconds)
        "retrans=2" # Only 2 retries before giving up
        "x-systemd.idle-timeout=300" # 5 minute idle timeout for mobile
        "x-systemd.device-timeout=15" # 15 second device timeout
        "bg" # Background mount - don't block boot
        "fsc" # Enable caching
        "_netdev" # Network device - wait for network
        "x-systemd.requires=network-online.target" # Require network to be online
        "x-systemd.after=network-online.target" # Start after network is online
        "x-systemd.mount-timeout=30" # 30 second mount timeout
      ];
    };
    "/mnt/users_documents" = {
      device = "defiant:/exports/users_documents";
      fsType = "nfs";
      options = [
        "x-systemd.automount"
        "noauto"
        "nofail"
        "soft"
        "intr"
        "timeo=30"
        "retrans=2"
        "x-systemd.idle-timeout=300"
        "x-systemd.device-timeout=15"
        "bg"
        "fsc"
        "_netdev"
        "x-systemd.requires=network-online.target"
        "x-systemd.after=network-online.target"
        "x-systemd.mount-timeout=30"
      ];
    };
    "/mnt/media" = {
      device = "defiant:/exports/media";
      fsType = "nfs";
      options = [
        "x-systemd.automount"
        "noauto"
        "noatime"
        "nofail"
        "soft"
        "intr"
        "timeo=30"
        "retrans=2"
        "x-systemd.idle-timeout=300"
        "x-systemd.device-timeout=15"
        "bg"
        # Mobile-optimized read settings
        "rsize=8192" # Smaller read size for mobile
        "wsize=8192" # Smaller write size for mobile
        "fsc"
        "_netdev"
        "x-systemd.requires=network-online.target"
        "x-systemd.after=network-online.target"
        "x-systemd.mount-timeout=30"
      ];
    };
  };
 }
--- a/configurations/nixos/twilight/configuration.nix
+++ b/configurations/nixos/twilight/configuration.nix
@ -1,6 +1,7 @@
 {
  inputs,
  config,
  pkgs,
  ...
 }: {
  imports = [
@ -9,6 +10,14 @@
  nixpkgs.config.allowUnfree = true;
  boot.initrd.availableKernelModules = ["usb_storage"];
  boot.kernelModules = ["sg"];
  boot.loader = {
    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
  };
  sops.secrets = {
    "vpn-keys/tailscale-authkey/twilight" = {
      sopsFile = "${inputs.secrets}/vpn-keys.yaml";
@ -121,13 +130,20 @@
    syncthing.enable = true;
  };
-  programs.steam = {
+
-    enable = true;
+  # Enable network-online.target for better network dependency handling
-    remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+  systemd.services.NetworkManager-wait-online.enable = true;
-    dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+
-  };
+  environment.systemPackages = with pkgs; [
    cachefilesd
  ];
  hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index
  networking = {
    networkmanager.enable = true;
    hostName = "twilight"; # Define your hostname.
  };
  # enabled virtualisation for docker
  # virtualisation.docker.enable = true;
--- a/configurations/nixos/twilight/default.nix
+++ b/configurations/nixos/twilight/default.nix
@ -3,5 +3,7 @@
  imports = [
    ./configuration.nix
    ./hardware-configuration.nix
    ./nvidia-drivers.nix
    # ./network-mount.nix
  ];
 }
--- a/configurations/nixos/twilight/hardware-configuration.nix
+++ b/configurations/nixos/twilight/hardware-configuration.nix
@ -4,7 +4,6 @@
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }: {
@ -12,30 +11,10 @@
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
-  boot = {
+  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"];
-    initrd = {
+  boot.initrd.kernelModules = [];
-      availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
+  boot.kernelModules = ["kvm-amd"];
-      kernelModules = [];
+  boot.extraModulePackages = [];
    };
    kernelModules = ["kvm-amd" "sg"];
    extraModulePackages = [];
    # Bootloader.
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
    supportedFilesystems = ["nfs"];
  };
  services.xserver = {
    # Load nvidia driver for Xorg and Wayland
    videoDrivers = ["nvidia"];
    # Use X instead of wayland for gaming reasons
    displayManager.gdm.wayland = false;
  };
  fileSystems = {
    "/" = {
@ -48,111 +27,16 @@
      fsType = "vfat";
      options = ["fmask=0022" "dmask=0022"];
    };
    "/mnt/leyla_documents" = {
      device = "defiant:/exports/leyla_documents";
      fsType = "nfs";
      options = [
        "x-systemd.automount"
        "noauto"
        "user"
        "noatime"
        "nofail"
        "soft"
        "x-systemd.idle-timeout=600"
        "fsc"
      ];
    };
    "/mnt/users_documents" = {
      device = "defiant:/exports/users_documents";
      fsType = "nfs";
      options = [
        "x-systemd.automount"
        "noauto"
        "user"
        "nofail"
        "soft"
        "x-systemd.idle-timeout=600"
        "fsc"
      ];
    };
    "/mnt/media" = {
      device = "defiant:/exports/media";
      fsType = "nfs";
      options = [
        "x-systemd.automount"
        "noauto"
        "user"
        "noatime"
        "nofail"
        "soft"
        "x-systemd.idle-timeout=600"
        "noatime"
        "nodiratime"
        "relatime"
        "rsize=32768"
        "wsize=32768"
        "fsc"
      ];
    };
  };
  environment.systemPackages = with pkgs; [
    cachefilesd
  ];
  swapDevices = [];
-  networking = {
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-    networkmanager.enable = true;
+  # (the default) this is the recommended approach. When using systemd-networkd it's
-    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # still possible to use this option, but it's recommended to use it in conjunction
-    # (the default) this is the recommended approach. When using systemd-networkd it's
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-    # still possible to use this option, but it's recommended to use it in conjunction
+  networking.useDHCP = lib.mkDefault true;
    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
    useDHCP = lib.mkDefault true;
    hostName = "twilight"; # Define your hostname.
  };
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  hardware = {
    # Enable OpenGL
    graphics.enable = true;
    # install graphics drivers
    nvidia = {
      # Modesetting is required.
      modesetting.enable = true;
      # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
      # Enable this if you have graphical corruption issues or application crashes after waking
      # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
      # of just the bare essentials.
      powerManagement.enable = false;
      # Fine-grained power management. Turns off GPU when not in use.
      # Experimental and only works on modern Nvidia GPUs (Turing or newer).
      powerManagement.finegrained = false;
      # Use the NVidia open source kernel module (not to be confused with the
      # independent third-party "nouveau" open source driver).
      # Support is limited to the Turing and later architectures. Full list of
      # supported GPUs is at:
      # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
      # Only available from driver 515.43.04+
      # Currently alpha-quality/buggy, so false is currently the recommended setting.
      open = false;
      # Enable the Nvidia settings menu,
      # accessible via `nvidia-settings`.
      nvidiaSettings = true;
      # Optionally, you may need to select the appropriate driver version for your specific GPU.
      package = config.boot.kernelPackages.nvidiaPackages.production;
    };
    cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  };
 }
--- a/configurations/nixos/twilight/network-mount.nix
+++ b/configurations/nixos/twilight/network-mount.nix
@ -0,0 +1,72 @@
 {...}: {
  boot.supportedFilesystems = ["nfs"];
  fileSystems = {
    "/mnt/leyla_documents" = {
      device = "defiant:/exports/leyla_documents";
      fsType = "nfs";
      options = [
        "x-systemd.automount"
        "noauto"
        "noatime"
        "nofail"
        "soft"
        "intr" # Allow interruption of NFS calls
        "timeo=50" # 5 second timeout (50 deciseconds) - longer than mobile
        "retrans=3" # 3 retries for desktop
        "x-systemd.idle-timeout=600" # 10 minute idle timeout for desktop
        "x-systemd.device-timeout=30" # 30 second device timeout
        "bg" # Background mount - don't block boot
        "fsc" # Enable caching
        "_netdev" # Network device - wait for network
        "x-systemd.requires=network-online.target" # Require network to be online
        "x-systemd.after=network-online.target" # Start after network is online
      ];
    };
    "/mnt/users_documents" = {
      device = "defiant:/exports/users_documents";
      fsType = "nfs";
      options = [
        "x-systemd.automount"
        "noauto"
        "nofail"
        "soft"
        "intr"
        "timeo=50"
        "retrans=3"
        "x-systemd.idle-timeout=600"
        "bg"
        "fsc"
        "_netdev"
        "x-systemd.requires=network-online.target"
        "x-systemd.after=network-online.target"
      ];
    };
    "/mnt/media" = {
      device = "defiant:/exports/media";
      fsType = "nfs";
      options = [
        "x-systemd.automount"
        "noauto"
        "noatime"
        "nofail"
        "soft"
        "intr"
        "timeo=50"
        "retrans=3"
        "x-systemd.idle-timeout=600"
        "x-systemd.device-timeout=30"
        "bg"
        # Desktop-optimized read settings
        "rsize=32768" # Larger read size for desktop
        "wsize=32768" # Larger write size for desktop
        "fsc"
        "_netdev"
        "x-systemd.requires=network-online.target"
        "x-systemd.after=network-online.target"
      ];
    };
  };
 }
--- a/configurations/nixos/twilight/nvidia-drivers.nix
+++ b/configurations/nixos/twilight/nvidia-drivers.nix
@ -0,0 +1,47 @@
 {config, ...}: {
  services = {
    xserver = {
      # Load nvidia driver for Xorg and Wayland
      videoDrivers = ["nvidia"];
    };
    # Use X instead of wayland for gaming reasons
    displayManager.gdm.wayland = false;
  };
  hardware = {
    # Enable OpenGL
    graphics.enable = true;
    # install graphics drivers
    nvidia = {
      # Modesetting is required.
      modesetting.enable = true;
      # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
      # Enable this if you have graphical corruption issues or application crashes after waking
      # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
      # of just the bare essentials.
      powerManagement.enable = true;
      # Fine-grained power management. Turns off GPU when not in use.
      # Experimental and only works on modern Nvidia GPUs (Turing or newer).
      powerManagement.finegrained = false;
      # Use the NVidia open source kernel module (not to be confused with the
      # independent third-party "nouveau" open source driver).
      # Support is limited to the Turing and later architectures. Full list of
      # supported GPUs is at:
      # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
      # Only available from driver 515.43.04+
      # Currently alpha-quality/buggy, so false is currently the recommended setting.
      open = true;
      # Enable the Nvidia settings menu,
      # accessible via `nvidia-settings`.
      nvidiaSettings = true;
      # Optionally, you may need to select the appropriate driver version for your specific GPU.
      package = config.boot.kernelPackages.nvidiaPackages.production;
    };
  };
 }
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,23 @@
 {
  "nodes": {
    "devshell": {
      "inputs": {
        "nixpkgs": "nixpkgs"
      },
      "locked": {
        "lastModified": 1741473158,
        "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
        "owner": "numtide",
        "repo": "devshell",
        "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "devshell",
        "type": "github"
      }
    },
    "disko": {
      "inputs": {
        "nixpkgs": [
@ -7,11 +25,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748225455,
+        "lastModified": 1760701190,
-        "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=",
+        "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba",
+        "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5",
        "type": "github"
      },
      "original": {
@ -28,11 +46,11 @@
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1748405006,
+        "lastModified": 1761797037,
-        "narHash": "sha256-pmt0SFjACJJAI8g8QU5arg2c9BXNZG9/okVwRSDJkG8=",
+        "narHash": "sha256-OqwAGit+3cdsG02K6+8WJniA2q0rqUVc6zbT5N9C1us=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "f9801a86d6603260940890c36650275090d1dceb",
+        "rev": "3d9f4de0988bcfa57e45e16e1ef9326c56bdf891",
        "type": "gitlab"
      },
      "original": {
@ -44,11 +62,11 @@
    },
    "flake-compat": {
      "locked": {
-        "lastModified": 1747046372,
+        "lastModified": 1761588595,
-        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
        "type": "github"
      },
      "original": {
@ -75,6 +93,39 @@
        "type": "github"
      }
    },
    "flake-utils_2": {
      "inputs": {
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flakey-profile": {
      "locked": {
        "lastModified": 1712898590,
        "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
        "owner": "lf-",
        "repo": "flakey-profile",
        "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
        "type": "github"
      },
      "original": {
        "owner": "lf-",
        "repo": "flakey-profile",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -82,11 +133,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748455938,
+        "lastModified": 1761845621,
-        "narHash": "sha256-mQ/iNzPra2WtDQ+x2r5IadcWNr0m3uHvLMzJkXKAG/8=",
+        "narHash": "sha256-d+R4MHsGmdebvSMsYUFWONsZSlUbOo8Zq/wjMdMiIac=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "02077149e2921014511dac2729ae6dadb4ec50e2",
+        "rev": "97e3022a8d2c09313fa49847f6da4d76abcfc72d",
        "type": "github"
      },
      "original": {
@ -110,6 +161,65 @@
        "type": "github"
      }
    },
    "lix": {
      "flake": false,
      "locked": {
        "lastModified": 1755787066,
        "narHash": "sha256-X2UwkUEban08GRSPXRr+kz8fckHqebr3P77qSvjoeOw=",
        "rev": "ac9721a92e8138d29707824dbedb484c76948493",
        "type": "tarball",
        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ac9721a92e8138d29707824dbedb484c76948493.tar.gz?rev=ac9721a92e8138d29707824dbedb484c76948493"
      },
      "original": {
        "type": "tarball",
        "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"
      }
    },
    "lix-module": {
      "inputs": {
        "flake-utils": "flake-utils",
        "flakey-profile": "flakey-profile",
        "lix": "lix",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1759851320,
        "narHash": "sha256-n5dRAIC3/78drQtFxmQRrBLd6TKfotUnX7GWu0mAcSg=",
        "ref": "refs/heads/main",
        "rev": "7c31a18259b8358ac196cf803a26967c0fa1d3e4",
        "revCount": 163,
        "type": "git",
        "url": "https://git.lix.systems/lix-project/nixos-module.git"
      },
      "original": {
        "type": "git",
        "url": "https://git.lix.systems/lix-project/nixos-module.git"
      }
    },
    "mcp-nixos": {
      "inputs": {
        "devshell": "devshell",
        "flake-utils": "flake-utils_2",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1760821194,
        "narHash": "sha256-UCsJ8eDuHL14u2GFIYEY/drtZ6jht5zN/G/6QNlEy2g=",
        "owner": "utensils",
        "repo": "mcp-nixos",
        "rev": "0ae453f38d0f088c31d4678da3a12b183165986f",
        "type": "github"
      },
      "original": {
        "owner": "utensils",
        "repo": "mcp-nixos",
        "type": "github"
      }
    },
    "nix-darwin": {
      "inputs": {
        "nixpkgs": [
@ -117,11 +227,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748352827,
+        "lastModified": 1761339987,
-        "narHash": "sha256-sNUUP6qxGkK9hXgJ+p362dtWLgnIWwOCmiq72LAWtYo=",
+        "narHash": "sha256-IUaawVwItZKi64IA6kF6wQCLCzpXbk2R46dHn8sHkig=",
        "owner": "LnL7",
        "repo": "nix-darwin",
-        "rev": "44a7d0e687a87b73facfe94fba78d323a6686a90",
+        "rev": "7cd9aac79ee2924a85c211d21fafd394b06a38de",
        "type": "github"
      },
      "original": {
@ -153,17 +263,16 @@
    },
    "nix-vscode-extensions": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1748397853,
+        "lastModified": 1761789484,
-        "narHash": "sha256-tudGoP5caIJ5TzkV6wnsmUk7Spx21oWMKpkmPbjRNZc=",
+        "narHash": "sha256-17gDUWloFXQlavqHRey/urQe6sQ3yP5hsQyYmcNOZyU=",
        "owner": "nix-community",
        "repo": "nix-vscode-extensions",
-        "rev": "ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5",
+        "rev": "c47e683d236fa6e4c27dbda2af3468cb9aceb813",
        "type": "github"
      },
      "original": {
@ -174,11 +283,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1747900541,
+        "lastModified": 1761827175,
-        "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=",
+        "narHash": "sha256-XdPVSYyIBK4/ruoqujaQmmSGg3J2/EenexV9IEXhr6o=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06",
+        "rev": "43ffe9ac82567512abb83187cb673de1091bdfa8",
        "type": "github"
      },
      "original": {
@ -190,11 +299,27 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1748370509,
+        "lastModified": 1722073938,
-        "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=",
+        "narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "e36e9f57337d0ff0cf77aceb58af4c805472bfae",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1761672384,
        "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "4faa5f5321320e49a78ae7848582f684d64783e9",
+        "rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c",
        "type": "github"
      },
      "original": {
@ -211,11 +336,13 @@
        "flake-compat": "flake-compat",
        "home-manager": "home-manager",
        "impermanence": "impermanence",
        "lix-module": "lix-module",
        "mcp-nixos": "mcp-nixos",
        "nix-darwin": "nix-darwin",
        "nix-syncthing": "nix-syncthing",
        "nix-vscode-extensions": "nix-vscode-extensions",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
        "secrets": "secrets",
        "sops-nix": "sops-nix"
      }
@ -223,11 +350,11 @@
    "secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1743538790,
+        "lastModified": 1759945215,
-        "narHash": "sha256-QXmvyxfAhpifxAWcYTvuGfzv9I+9gHw0bq4WYtGEB9A=",
+        "narHash": "sha256-xmUzOuhJl6FtTjR5++OQvSoAnXe7/VA5QFCZDyFwBXo=",
        "ref": "refs/heads/main",
-        "rev": "3d63dff77f8eda1667e3586169642cf256c4aa34",
+        "rev": "444229a105445339fb028d15a8d866063c5f8141",
-        "revCount": 17,
+        "revCount": 21,
        "type": "git",
        "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git"
      },
@ -243,11 +370,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747603214,
+        "lastModified": 1760998189,
-        "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
+        "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
+        "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
        "type": "github"
      },
      "original": {
@ -270,6 +397,21 @@
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -5,10 +5,10 @@
    # base packages
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    # lix-module = {
+    lix-module = {
-    #   url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz";
+      url = "git+https://git.lix.systems/lix-project/nixos-module.git";
-    #   inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs.follows = "nixpkgs";
-    # };
+    };
    # secret encryption
    sops-nix = {
@ -71,6 +71,12 @@
    flake-compat = {
      url = "github:edolstra/flake-compat";
    };
    # MCP NixOS server for Claude Dev
    mcp-nixos = {
      url = "github:utensils/mcp-nixos";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs = {
@ -131,11 +137,11 @@
      systemsHomes
      // homeSystems;
  in {
-    formatter = forEachPkgs (pkgs: pkgs.alejandra);
+    formatter = forEachPkgs (system: pkgs: pkgs.alejandra);
    # templates = import ./templates;
-    devShells = forEachPkgs (pkgs: {
+    devShells = forEachPkgs (system: pkgs: {
      default = pkgs.mkShell {
        packages = with pkgs; [
          # for version controlling this repo
@ -150,6 +156,10 @@
          nixos-anywhere
          # for updating disko configurations
          disko
          # for viewing dconf entries
          dconf-editor
          # for MCP NixOS server support in development
          inputs.mcp-nixos.packages.${system}.default
        ];
        SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix;
--- a/modules/common-modules/overlays/default.nix
+++ b/modules/common-modules/overlays/default.nix
@ -1,3 +1,6 @@
 # this folder is for derivation overlays
-{...}: {
+{inputs, ...}: {
  nixpkgs.overlays = [
    inputs.nix-vscode-extensions.overlays.default
  ];
 }
--- a/modules/common-modules/pkgs/codium-extensions/ai-code.nix
+++ b/modules/common-modules/pkgs/codium-extensions/ai-code.nix
@ -0,0 +1,42 @@
 {
  buildNpmPackage,
  vscode-utils,
  pkgs,
  ...
 }: let
  version = "0.0.1";
  pname = "ai-code";
  publisher = "jan-leila";
  vsix = buildNpmPackage {
    inherit version pname;
    src = builtins.fetchGit {
      url = "ssh://git@git.jan-leila.com/jan-leila/ai-code.git";
      rev = "d48e01713021dbb30de0ebbee2cfaf99e4e9b5a6";
    };
    npmDepsHash = "sha256-kjMyEnT3dz0yH5Ydh+aGoFDocKpBYGRmfnwbEdvvgpY=";
    nativeBuildInputs = with pkgs; [
      vsce
    ];
    buildPhase = ''
      ${pkgs.vsce}/bin/vsce package -o ${pname}.zip
    '';
    installPhase = ''
      mkdir -p $out
      mv ${pname}.zip $out/${pname}.zip
    '';
  };
 in
  vscode-utils.buildVscodeExtension {
    inherit pname version;
    src = "${vsix}/${pname}.zip";
    vscodeExtUniqueId = "${publisher}.${pname}";
    vscodeExtPublisher = publisher;
    vscodeExtName = pname;
  }
--- a/modules/common-modules/pkgs/codium-extensions/default.nix
+++ b/modules/common-modules/pkgs/codium-extensions/default.nix
@ -0,0 +1,3 @@
 {pkgs, ...}: {
  ai-code = pkgs.callPackage ./ai-code.nix {};
 }
--- a/modules/common-modules/pkgs/default.nix
+++ b/modules/common-modules/pkgs/default.nix
@ -1,4 +1,45 @@
-# this folder is for custom derivations
+{pkgs, ...}: {
-{...}: {
+  imports = [
-  # package = pkgs.callPackage ./package.nix {};
+    ./python
  ];
  nixpkgs.overlays = [
    (final: prev: {
      webtoon-dl =
        pkgs.callPackage
        ./webtoon-dl.nix
        {};
    })
    (final: prev: {
      prostudiomasters =
        pkgs.callPackage
        ./prostudiomasters.nix
        {};
    })
    (final: prev: {
      noita_entangled_worlds = pkgs.callPackage ./noita-entangled-worlds.nix {};
    })
    (final: prev: {
      gdx-liftoff = pkgs.callPackage ./gdx-liftoff.nix {};
    })
    (final: prev: {
      codium-extensions = pkgs.callPackage ./codium-extensions {};
    })
    (final: prev: {
      mapillary-uploader = pkgs.callPackage ./mapillary-uploader.nix {};
    })
    (final: prev: {
      panoramax = pkgs.python3.pkgs.callPackage ./panoramax.nix {};
    })
    (final: prev: {
      sgblur = pkgs.python3.pkgs.callPackage ./sgblur.nix {};
    })
    (final: prev: {
      # Override h3 C library to version 4.3.0
      h3 = pkgs.callPackage ./h3-c-lib.nix {};
    })
    (final: prev: {
      polycule = pkgs.callPackage ./polycule {};
    })
  ];
 }
--- a/modules/common-modules/pkgs/gdx-liftoff.nix
+++ b/modules/common-modules/pkgs/gdx-liftoff.nix
@ -0,0 +1,44 @@
 {
  stdenv,
  fetchurl,
  makeWrapper,
  jdk,
  lib,
  xorg,
  libGL,
  ...
 }:
 stdenv.mkDerivation rec {
  pname = "gdx-liftoff";
  version = "1.13.5.1";
  src = fetchurl {
    url = "https://github.com/libgdx/gdx-liftoff/releases/download/v${version}/gdx-liftoff-${version}.jar";
    hash = "sha256-9vCXGNGwI/P4VmcdIzTv2GPAX8bZb7nkfopaRAf6yMA=";
  };
  dontUnpack = true;
  nativeBuildInputs = [makeWrapper];
  runtimeDependencies = lib.makeLibraryPath [
    # glfw
    libGL
    xorg.libX11
    xorg.libXcursor
    xorg.libXext
    xorg.libXrandr
    xorg.libXxf86vm
  ];
  installPhase = ''
    runHook preInstall
    install -Dm644 $src $out/lib/gdx-liftoff-${version}.jar
    makeWrapper ${lib.getExe jdk} $out/bin/gdx-liftoff-${version} \
      --append-flags "-jar $out/lib/gdx-liftoff-${version}.jar"\
      ${lib.optionalString stdenv.hostPlatform.isLinux "--prefix LD_LIBRARY_PATH : ${runtimeDependencies}"}
    runHook postInstall
  '';
 }
--- a/modules/common-modules/pkgs/h3-c-lib.nix
+++ b/modules/common-modules/pkgs/h3-c-lib.nix
@ -0,0 +1,36 @@
 {
  lib,
  stdenv,
  fetchFromGitHub,
  cmake,
  doxygen,
 }:
 stdenv.mkDerivation rec {
  pname = "h3";
  version = "4.3.0";
  src = fetchFromGitHub {
    owner = "uber";
    repo = "h3";
    rev = "v${version}";
    hash = "sha256-DUILKZ1QvML6qg+WdOxir6zRsgTvk+En6yjeFf6MQBg=";
  };
  nativeBuildInputs = [
    cmake
    doxygen
  ];
  cmakeFlags = [
    "-DBUILD_SHARED_LIBS=ON"
    "-DBUILD_TESTING=OFF"
  ];
  meta = with lib; {
    homepage = "https://github.com/uber/h3";
    description = "Hexagonal hierarchical geospatial indexing system";
    license = licenses.asl20;
    maintainers = [];
    platforms = platforms.all;
  };
 }
--- a/modules/common-modules/pkgs/mapillary-uploader.nix
+++ b/modules/common-modules/pkgs/mapillary-uploader.nix
@ -0,0 +1,39 @@
 {
  lib,
  fetchurl,
  appimageTools,
 }: let
  pname = "mapillary-uploader";
  version = "4.7.2";
  src = fetchurl {
    url = "http://tools.mapillary.com/uploader/download/linux/${version}";
    name = "mapillary-uploader.AppImage";
    sha256 = "sha256-hpWdfeuhYylO+SFD3BsKI0s/xtObCDd5OcuJ6i/aEuI=";
  };
  appimageContents = appimageTools.extractType2 {
    inherit pname version src;
  };
 in
  appimageTools.wrapType2 {
    inherit pname version src;
    extraInstallCommands = ''
      # Install desktop file
      install -Dm644 ${appimageContents}/mapillary-desktop-uploader.desktop $out/share/applications/mapillary-uploader.desktop
      # Fix desktop file paths
      substituteInPlace $out/share/applications/mapillary-uploader.desktop \
        --replace 'Exec=AppRun' 'Exec=${pname}'
    '';
    meta = with lib; {
      description = "Mapillary Desktop Uploader - Upload street-level imagery to Mapillary";
      homepage = "https://www.mapillary.com/";
      license = licenses.unfree; # Mapillary's license terms
      maintainers = [];
      platforms = ["x86_64-linux"];
      sourceProvenance = with sourceTypes; [binaryNativeCode];
    };
  }
--- a/modules/common-modules/pkgs/noita-entangled-worlds.nix
+++ b/modules/common-modules/pkgs/noita-entangled-worlds.nix
@ -0,0 +1,46 @@
 # not working yet
 {
  pkgs,
  rustPlatform,
  fetchFromGitHub,
  ...
 }: let
  version = "1.5.3";
  repo = fetchFromGitHub {
    owner = "IntQuant";
    repo = "noita_entangled_worlds";
    rev = "v${version}";
    hash = "sha256-frrpD0aWTeDbZYtp15R+quUUAZf7OvHlbSLtGJJtAqk=";
  };
 in
  rustPlatform.buildRustPackage {
    name = "noita-proxy-${version}";
    src = repo + "/noita-proxy";
    prePatch = ''
      substituteInPlace Cargo.toml \
          --replace "path = \"../shared\"" "path = \"${repo + "/shared"}\""
    '';
    nativeBuildInputs = with pkgs; [
      pkg-config
      python3
      cmake
    ];
    buildInputs = with pkgs; [
      openssl
      openssl.dev
      libpulseaudio
      libjack2
      alsa-lib
      xorg.libxcb
      xorg.libxcb.dev
      libopus
    ];
    propagatedBuildInputs = with pkgs; [
      steamworks-sdk-redist
    ];
    runtimeDependencies = with pkgs; [
      steamworks-sdk-redist
    ];
    doCheck = false;
    cargoHash = "sha256-TzUS6d6PopgGf2i1yVaXaXdzNrvfSz+Gv67BAtxYmb4=";
  }
--- a/modules/common-modules/pkgs/panoramax.nix
+++ b/modules/common-modules/pkgs/panoramax.nix
@ -0,0 +1,105 @@
 {
  lib,
  fetchFromGitLab,
  buildPythonPackage,
  flit-core,
  flask,
  pillow,
  requests,
  python-dotenv,
  authlib,
  sentry-sdk,
  python-dateutil,
  dateparser,
  croniter,
  pydantic,
  flask-cors,
  flask-compress,
  flask-babel,
  flasgger,
  yoyo-migrations,
  psycopg,
  psycopg-pool,
  tzdata,
  email-validator,
  pydantic-extra-types,
  python-multipart,
  fs,
  fs-s3fs,
  geopic-tag-reader,
  pygeofilter,
  pygeoif,
  rfeed,
  geojson-pydantic,
  ...
 }: let
  pname = "geovisio";
  version = "2.10.0";
  repo = fetchFromGitLab {
    owner = "panoramax";
    repo = "server/api";
    rev = version;
    hash = "sha256-kCLcrOe7jJdIfmWWOmxQ5dOj8ZG2B7s0qFpHXs02B/E=";
  };
 in
  buildPythonPackage {
    inherit pname version;
    pyproject = true;
    src = repo;
    build-system = [
      flit-core
    ];
    dependencies = [
      flask
      pillow
      requests
      python-dotenv
      authlib
      sentry-sdk
      python-dateutil
      dateparser
      croniter
      pydantic
      flask-cors
      flask-compress
      flask-babel
      flasgger
      yoyo-migrations
      psycopg
      psycopg-pool
      tzdata
      email-validator
      pydantic-extra-types
      python-multipart
      fs
      fs-s3fs
      geopic-tag-reader
      pygeofilter
      pygeoif
      rfeed
      geojson-pydantic
      # Missing from nixpkgs - may need custom packages:
      # flask-executor
    ];
    # Skip tests as they may require network access or specific setup
    doCheck = false;
    # Disable runtime dependencies check as many dependencies are not available in nixpkgs
    dontCheckRuntimeDeps = true;
    # Disable imports check as many dependencies are not available in nixpkgs
    pythonImportsCheck = [];
    meta = with lib; {
      description = "Panoramax API client and tools for street-level imagery platform";
      homepage = "https://gitlab.com/panoramax/server/api";
      license = licenses.mit;
      maintainers = [];
      platforms = platforms.all;
    };
  }
--- a/modules/common-modules/pkgs/polycule/default.nix
+++ b/modules/common-modules/pkgs/polycule/default.nix
@ -0,0 +1,149 @@
 {
  lib,
  flutter332,
  fetchFromGitLab,
  pkg-config,
  wrapGAppsHook3,
  gtk3,
  glib,
  glib-networking,
  webkitgtk_4_1,
  libsecret,
  libnotify,
  dbus,
  sqlcipher,
  openssl,
  mpv,
  alsa-lib,
  libass,
  ffmpeg-full,
  libplacebo,
  libunwind,
  shaderc,
  vulkan-headers,
  vulkan-loader,
  lcms2,
  libdovi,
  libdvdnav,
  libdvdread,
  mujs,
  libbluray,
  lua,
  rubberband,
  libuchardet,
  zimg,
  openal,
  pipewire,
  libpulseaudio,
  libcaca,
  libdrm,
  libdisplay-info,
  libgbm,
  xorg,
  nv-codec-headers-11,
  libva,
  libvdpau,
 }:
 flutter332.buildFlutterApplication rec {
  pname = "polycule";
  version = "0.3.4";
  src = fetchFromGitLab {
    owner = "polycule_client";
    repo = "polycule";
    rev = "v${version}";
    hash = "sha256-RUu8DKuX2NUU5Ce5WLHtDaORkn7CSrgTj3KhM/z+yHc=";
  };
  pubspecLock = lib.importJSON ./polycule-pubspec.lock.json;
  gitHashes = {
    matrix = "sha256-w/QB5nYJ9Lh77TcYKEN/DnNQjWfp+9NX0dwQ9GOzWE8=";
    media_kit = "sha256-1sVX+aHFLFJBtrNZrR6tWkb80vFELW2N9EejyQKlBPg=";
    media_kit_libs_android_video = "sha256-N6QoktM8u9NYF8MAXLsxM9RlV8nICM4NbnmABHTRkZg=";
  };
  nativeBuildInputs = [
    pkg-config
    wrapGAppsHook3
  ];
  buildInputs = [
    gtk3
    glib
    glib-networking
    webkitgtk_4_1
    libsecret
    libnotify
    dbus
    sqlcipher
    openssl
    mpv
    alsa-lib
    libass
    ffmpeg-full
    libplacebo
    libunwind
    shaderc
    vulkan-headers
    vulkan-loader
    lcms2
    libdovi
    libdvdnav
    libdvdread
    mujs
    libbluray
    lua
    rubberband
    libuchardet
    zimg
    openal
    pipewire
    libpulseaudio
    libcaca
    libdrm
    libdisplay-info
    libgbm
    xorg.libXScrnSaver
    xorg.libXpresent
    nv-codec-headers-11
    libva
    libvdpau
  ];
  flutterBuildFlags = [
    "--release"
    "--target"
    "lib/main.dart"
    "--dart-define=POLYCULE_VERSION=v${version}"
    "--dart-define=POLYCULE_IS_STABLE=true"
    "--no-tree-shake-icons"
  ];
  postInstall = ''
    # Install desktop files and icons from the source
    install -Dm644 linux/business.braid.polycule.desktop $out/share/applications/polycule.desktop
    install -Dm644 assets/logo/logo-circle.png $out/share/pixmaps/polycule.png
    # Update desktop file to use correct executable name
    substituteInPlace $out/share/applications/polycule.desktop \
      --replace 'Exec=business.braid.polycule' 'Exec=polycule'
    # Create a symlink with the expected name
    ln -sf $out/bin/polycule $out/bin/business.braid.polycule
  '';
  meta = with lib; {
    description = "A geeky and efficient [matrix] client for power users";
    longDescription = ''
      Polycule is a modern Matrix client built with Flutter, designed for power users
      who want a fast, efficient, and feature-rich Matrix experience.
    '';
    homepage = "https://polycule.im/";
    license = licenses.eupl12;
    maintainers = [];
    platforms = ["x86_64-linux" "aarch64-linux"];
    sourceProvenance = with sourceTypes; [fromSource];
    mainProgram = "polycule";
  };
 }
--- a/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json
+++ b/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json
--- a/modules/common-modules/pkgs/prostudiomasters.nix
+++ b/modules/common-modules/pkgs/prostudiomasters.nix
@ -0,0 +1,33 @@
 {
  fetchurl,
  appimageTools,
  writeShellScript,
 }: let
  pname = "prostudiomasters";
  version = "2.5.6";
  src = fetchurl {
    url = "https://download.prostudiomasters.com/linux/ProStudioMasters-${version}.AppImage";
    hash = "sha256-7owOwdcucFfl+JsVj+Seau2KOz0J4P/ep7WrBSNSmbs=";
  };
  # Create the base AppImage wrapper
  baseApp = appimageTools.wrapType2 {
    inherit pname version src;
  };
  # Create a wrapper script that automatically adds the --in-process-gpu flag
  wrapper = writeShellScript "prostudiomasters-wrapper" ''
    exec ${baseApp}/bin/prostudiomasters --in-process-gpu "$@"
  '';
 in
  # Override the base app to use our wrapper script
  baseApp.overrideAttrs (oldAttrs: {
    buildCommand =
      oldAttrs.buildCommand
      + ''
        # Replace the original binary with our wrapper
        rm $out/bin/prostudiomasters
        cp ${wrapper} $out/bin/prostudiomasters
        chmod +x $out/bin/prostudiomasters
      '';
  })
--- a/modules/common-modules/pkgs/python/default.nix
+++ b/modules/common-modules/pkgs/python/default.nix
@ -0,0 +1,18 @@
 {...}: {
  nixpkgs.overlays = [
    (final: prev: {
      python3 = prev.python3.override {
        packageOverrides = pythonPrev: pythonFinal: {
          h3 = pythonPrev.callPackage ./h3.nix {h3 = final.h3;};
          pygeofilter = pythonPrev.callPackage ./pygeofilter.nix {};
          pygeoif = pythonPrev.callPackage ./pygeoif.nix {};
          rfeed = pythonPrev.callPackage ./rfeed.nix {};
          pyexiv2 = pythonPrev.callPackage ./pyexiv2.nix {};
          geojson-pydantic = pythonPrev.callPackage ./geojson-pydantic.nix {};
          geopic-tag-reader = pythonPrev.callPackage ./geopic-tag-reader.nix {};
        };
      };
      python3Packages = final.python3.pkgs;
    })
  ];
 }
--- a/modules/common-modules/pkgs/python/geojson-pydantic.nix
+++ b/modules/common-modules/pkgs/python/geojson-pydantic.nix
@ -0,0 +1,48 @@
 {
  lib,
  fetchPypi,
  buildPythonPackage,
  flit-core,
  pydantic,
  geojson,
  ...
 }: let
  pname = "geojson_pydantic";
  version = "2.0.0";
 in
  buildPythonPackage {
    inherit pname version;
    pyproject = true;
    src = fetchPypi {
      inherit pname version;
      hash = "sha256-ti6LRFAt0a1Ri19zkDWoGSSnb5gMvbOk6JFu+RO+JC4=";
    };
    build-system = [
      flit-core
    ];
    dependencies = [
      pydantic
      geojson
    ];
    # Skip tests as they may require specific setup
    doCheck = false;
    # Disable runtime dependencies check
    dontCheckRuntimeDeps = true;
    # Basic imports check
    pythonImportsCheck = ["geojson_pydantic"];
    meta = with lib; {
      description = "Pydantic models for GeoJSON objects";
      homepage = "https://github.com/developmentseed/geojson-pydantic";
      license = licenses.mit;
      maintainers = [];
      platforms = platforms.all;
    };
  }
--- a/modules/common-modules/pkgs/python/geopic-tag-reader.nix
+++ b/modules/common-modules/pkgs/python/geopic-tag-reader.nix
@ -0,0 +1,70 @@
 {
  lib,
  fetchFromGitLab,
  buildPythonPackage,
  flit-core,
  typer,
  xmltodict,
  timezonefinder,
  pytz,
  types-pytz,
  types-python-dateutil,
  rtree,
  python-dateutil,
  pyexiv2,
  ...
 }: let
  pname = "geopic-tag-reader";
  version = "1.8.0";
 in
  buildPythonPackage {
    inherit pname version;
    pyproject = true;
    src = fetchFromGitLab {
      owner = "panoramax";
      repo = "server/geo-picture-tag-reader";
      rev = version;
      sha256 = "0lzf5xxxcdqmq28bpvgpkxf5jxmh2nawwa4rl4yg04bdsi16rf1j";
    };
    build-system = [
      flit-core
    ];
    dependencies = [
      typer
      xmltodict
      pyexiv2
      timezonefinder
      pytz
      types-pytz
      types-python-dateutil
      rtree
    ];
    optional-dependencies = {
      write-exif = [
        python-dateutil
        types-python-dateutil
      ];
    };
    # Skip tests as they may require network access or specific setup
    doCheck = false;
    # Disable runtime dependencies check as some dependencies might have issues
    dontCheckRuntimeDeps = true;
    # Disable imports check initially to avoid dependency issues
    pythonImportsCheck = [];
    meta = with lib; {
      description = "GeoPic Tag Reader - Python library to read and write standardized metadata from geolocated pictures EXIF metadata";
      homepage = "https://gitlab.com/panoramax/server/geo-picture-tag-reader";
      license = licenses.mit;
      maintainers = [];
      platforms = platforms.all;
    };
  }
--- a/modules/common-modules/pkgs/python/h3.nix
+++ b/modules/common-modules/pkgs/python/h3.nix
@ -0,0 +1,81 @@
 {
  autoPatchelfHook,
  buildPythonPackage,
  cmake,
  cython,
  fetchFromGitHub,
  h3,
  lib,
  ninja,
  numpy,
  pytestCheckHook,
  pytest-cov-stub,
  scikit-build-core,
  stdenv,
 }:
 buildPythonPackage rec {
  pname = "h3";
  version = "4.3.1";
  pyproject = true;
  # pypi version does not include tests
  src = fetchFromGitHub {
    owner = "uber";
    repo = "h3-py";
    tag = "v${version}";
    hash = "sha256-zt7zbBgSp2P9q7mObZeQZpW9Szip62dAYdPZ2cGTmi4=";
  };
  dontConfigure = true;
  nativeCheckInputs = [
    pytestCheckHook
    pytest-cov-stub
  ];
  build-system =
    [
      scikit-build-core
      cmake
      cython
      ninja
    ]
    ++ lib.optionals stdenv.hostPlatform.isLinux [
      # On Linux the .so files ends up referring to libh3.so instead of the full
      # Nix store path. I'm not sure why this is happening! On Darwin it works
      # fine.
      autoPatchelfHook
    ];
  # This is not needed per-se, it's only added for autoPatchelfHook to work
  # correctly. See the note above ^^
  buildInputs = lib.optionals stdenv.hostPlatform.isLinux [h3];
  dependencies = [numpy];
  # The following prePatch replaces the h3lib compilation with using the h3 packaged in nixpkgs.
  #
  # - Remove the h3lib submodule.
  # - Patch CMakeLists to avoid building h3lib, and use h3 instead.
  prePatch = let
    cmakeCommands = ''
      include_directories(${lib.getDev h3}/include/h3)
      link_directories(${h3}/lib)
    '';
  in ''
    rm -r src/h3lib
    substituteInPlace CMakeLists.txt \
      --replace-fail "add_subdirectory(src/h3lib)" "${cmakeCommands}" \
      --replace-fail "\''${CMAKE_CURRENT_BINARY_DIR}/src/h3lib/src/h3lib/include/h3api.h" "${lib.getDev h3}/include/h3/h3api.h"
  '';
  # Extra check to make sure we can import it from Python
  pythonImportsCheck = ["h3"];
  meta = {
    homepage = "https://github.com/uber/h3-py";
    description = "Hierarchical hexagonal geospatial indexing system";
    license = lib.licenses.asl20;
    maintainers = [lib.maintainers.kalbasit];
  };
 }
--- a/modules/common-modules/pkgs/python/pyexiv2.nix
+++ b/modules/common-modules/pkgs/python/pyexiv2.nix
@ -0,0 +1,49 @@
 {
  lib,
  fetchFromGitHub,
  buildPythonPackage,
  exiv2,
  boost,
  pybind11,
  setuptools,
  ...
 }: let
  pname = "pyexiv2";
  version = "2.15.3";
 in
  buildPythonPackage {
    inherit pname version;
    pyproject = true;
    build-system = [setuptools];
    src = fetchFromGitHub {
      owner = "LeoHsiao1";
      repo = "pyexiv2";
      rev = "v${version}";
      sha256 = "sha256-83bFMaoXncvhRJNcCgkkC7B29wR5pjuLO/EdkQdqxxo=";
    };
    buildInputs = [
      exiv2
      boost
    ];
    nativeBuildInputs = [
      pybind11
    ];
    # Skip tests as they may require specific test images
    doCheck = false;
    # Disable runtime dependencies check initially
    dontCheckRuntimeDeps = true;
    meta = with lib; {
      description = "Python binding to the library exiv2";
      homepage = "https://github.com/LeoHsiao1/pyexiv2";
      license = licenses.gpl3Plus;
      maintainers = [];
      platforms = platforms.linux;
    };
  }
--- a/modules/common-modules/pkgs/python/pygeofilter.nix
+++ b/modules/common-modules/pkgs/python/pygeofilter.nix
@ -0,0 +1,52 @@
 {
  lib,
  fetchPypi,
  buildPythonPackage,
  setuptools,
  wheel,
  lark,
  python-dateutil,
  shapely,
  ...
 }: let
  pname = "pygeofilter";
  version = "0.3.1";
 in
  buildPythonPackage {
    inherit pname version;
    pyproject = true;
    src = fetchPypi {
      inherit pname version;
      hash = "sha256-+SvAYiCZ+H/os23nq92GBZ1hWontYIInNwgiI6V44VA=";
    };
    build-system = [
      setuptools
      wheel
    ];
    dependencies = [
      lark
      python-dateutil
      shapely
    ];
    # Skip tests as they may require specific setup
    doCheck = false;
    # Disable runtime dependencies check
    dontCheckRuntimeDeps = true;
    # Basic imports check
    pythonImportsCheck = ["pygeofilter"];
    meta = with lib; {
      description = "A pure Python parser implementation of OGC filtering standards";
      homepage = "https://github.com/geopython/pygeofilter";
      license = licenses.mit;
      maintainers = [];
      platforms = platforms.all;
    };
  }
--- a/modules/common-modules/pkgs/python/pygeoif.nix
+++ b/modules/common-modules/pkgs/python/pygeoif.nix
@ -0,0 +1,48 @@
 {
  lib,
  fetchPypi,
  buildPythonPackage,
  setuptools,
  wheel,
  typing-extensions,
  ...
 }: let
  pname = "pygeoif";
  version = "1.5.1";
 in
  buildPythonPackage {
    inherit pname version;
    pyproject = true;
    src = fetchPypi {
      inherit pname version;
      hash = "sha256-8nprah7Lh66swrUbzFnKeb5w7RKgEE3oYBR4shPdXYE=";
    };
    build-system = [
      setuptools
      wheel
    ];
    dependencies = [
      typing-extensions
    ];
    # Skip tests as they may require specific setup
    doCheck = false;
    # Disable runtime dependencies check
    dontCheckRuntimeDeps = true;
    # Basic imports check
    pythonImportsCheck = ["pygeoif"];
    meta = with lib; {
      description = "A basic implementation of the __geo_interface__";
      homepage = "https://github.com/cleder/pygeoif";
      license = licenses.lgpl21Plus;
      maintainers = [];
      platforms = platforms.all;
    };
  }
--- a/modules/common-modules/pkgs/python/rfeed.nix
+++ b/modules/common-modules/pkgs/python/rfeed.nix
@ -0,0 +1,40 @@
 {
  lib,
  fetchPypi,
  buildPythonPackage,
  setuptools,
  python-dateutil,
 }:
 buildPythonPackage rec {
  pname = "rfeed";
  version = "1.1.1";
  pyproject = true;
  src = fetchPypi {
    inherit pname version;
    hash = "sha256-qpUG8oZrdPWjItOUoUpjwZpoJcLZR1X/GdRt0eJDSBk=";
  };
  build-system = [
    setuptools
  ];
  dependencies = [
    python-dateutil
  ];
  # No tests available in the package
  doCheck = false;
  pythonImportsCheck = [
    "rfeed"
  ];
  meta = with lib; {
    description = "RSS feed generation library for Python";
    homepage = "https://pypi.org/project/rfeed/";
    license = licenses.mit;
    maintainers = [];
    platforms = platforms.all;
  };
 }
--- a/modules/common-modules/pkgs/sgblur.nix
+++ b/modules/common-modules/pkgs/sgblur.nix
@ -0,0 +1,65 @@
 {
  lib,
  python3Packages,
  fetchFromGitHub,
  pkg-config,
  libjpeg_turbo,
  exiftran ? libjpeg_turbo,
 }:
 python3Packages.buildPythonPackage {
  pname = "sgblur";
  version = "1.0.0";
  pyproject = true;
  src = fetchFromGitHub {
    owner = "cquest";
    repo = "sgblur";
    rev = "master";
    hash = "sha256-17wpif2sa021kaa1pbkry4l1967la1qd7knhngvxblrvd7jqqz4y=";
  };
  nativeBuildInputs = [
    pkg-config
  ];
  buildInputs = [
    libjpeg_turbo
    exiftran
  ];
  build-system = with python3Packages; [
    setuptools
    wheel
  ];
  dependencies = with python3Packages; [
    # Core dependencies from pyproject.toml
    ultralytics
    # pyturbojpeg  # May need special handling
    pillow
    # uuid  # Built into Python
    # exifread
    python-multipart
    fastapi
    uvicorn
    requests
    # piexif
    pydantic-settings
    pydantic
  ];
  # Skip tests as they may require GPU or specific setup
  doCheck = false;
  # The package may have import issues due to system dependencies
  pythonImportsCheck = [];
  meta = with lib; {
    description = "Panoramax Speedy Gonzales Blurring Algorithm - AI-powered face and license plate blurring API";
    homepage = "https://github.com/cquest/sgblur";
    license = licenses.mit;
    maintainers = [];
    platforms = platforms.unix;
  };
 }
--- a/modules/nixos-modules/packages/webtoon-dl.nix
+++ b/modules/nixos-modules/packages/webtoon-dl.nix
--- a/modules/home-manager-modules/continue.nix
+++ b/modules/home-manager-modules/continue.nix
@ -1,75 +0,0 @@
 {
  lib,
  pkgs,
  config,
  osConfig,
  ...
 }: let
  ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable;
 in {
  options = {
    user.continue = {
      enable = lib.mkEnableOption "should continue be enabled on this machine";
      docs = lib.mkOption {
        type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
          options = {
            name = lib.mkOption {
              type = lib.types.str;
              default = name;
            };
            startUrl = lib.mkOption {
              type = lib.types.str;
            };
          };
        }));
      };
      context = lib.mkOption {
        type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
          options = {
            provider = lib.mkOption {
              type = lib.types.str;
              default = name;
            };
          };
        }));
        default = {
          "code" = {};
          "docs" = {};
          "diff" = {};
          "terminal" = {};
          "problems" = {};
          "folder" = {};
          "codebase" = {};
        };
      };
    };
  };
  config =
    lib.mkIf ai-tooling-enabled
    (lib.mkMerge [
      {
        home = {
          file = {
            ".continue/config.yaml".source = (pkgs.formats.yaml {}).generate "continue-config" {
              name = "Assistant";
              version = "1.0.0";
              schema = "v1";
              models = lib.attrsets.attrValues osConfig.host.ai.models;
              context = lib.attrsets.attrValues config.user.continue.context;
              docs = lib.attrsets.attrValues config.user.continue.docs;
            };
          };
        };
      }
      (lib.mkIf osConfig.host.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            ".continue/index"
            ".continue/sessions"
          ];
          allowOther = true;
        };
      })
    ]);
 }
--- a/modules/home-manager-modules/default.nix
+++ b/modules/home-manager-modules/default.nix
@ -1,9 +1,13 @@
 # this folder container modules that are for home manager only
 {...}: {
  imports = [
    ./sops.nix
    ./user.nix
    ./flipperzero.nix
    ./i18n.nix
    ./impermanence.nix
    ./openssh.nix
-    ./continue.nix
+    ./gnome.nix
    ./programs
  ];
 }
--- a/modules/home-manager-modules/gnome.nix
+++ b/modules/home-manager-modules/gnome.nix
@ -0,0 +1,203 @@
 {
  lib,
  config,
  pkgs,
  ...
 }: let
  enabledExtensions =
    []
    ++ lib.optional config.gnome.extensions.dash-to-dock.enable pkgs.gnomeExtensions.dash-to-dock
    ++ lib.optional config.gnome.extensions.dash-to-panel.enable pkgs.gnomeExtensions.dash-to-panel;
  extensions = config.gnome.extraExtensions ++ enabledExtensions;
 in {
  options.gnome = {
    extraWindowControls = lib.mkEnableOption "Should we add back in the minimize and maximize window controls?";
    clockFormat = lib.mkOption {
      type = lib.types.enum [
        "12h"
        "24h"
      ];
      default = "24h";
    };
    colorScheme = lib.mkOption {
      type = lib.types.enum [
        "default"
        "prefer-dark"
        "prefer-light"
      ];
      default = "default";
    };
    accentColor = lib.mkOption {
      type = lib.types.enum [
        "blue"
        "teal"
        "green"
        "yellow"
        "orange"
        "red"
        "pink"
        "purple"
        "slate"
      ];
      default = "blue";
    };
    extraExtensions = lib.mkOption {
      type = lib.types.listOf lib.types.package;
      default = [];
      description = "The set of extensions to install and enable in the user environment.";
    };
    hotkeys = lib.mkOption {
      type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
        options = {
          key = lib.mkOption {
            type = lib.types.strMatching "[a-zA-Z0-9-]+";
            default = builtins.replaceStrings [" " "/" "_"] ["-" "-" "-"] name;
          };
          name = lib.mkOption {
            type = lib.types.str;
            default = name;
          };
          binding = lib.mkOption {
            type = lib.types.str;
          };
          command = lib.mkOption {
            type = lib.types.str;
          };
        };
      }));
      default = {};
    };
    displayScaling = lib.mkOption {
      type = lib.types.nullOr (lib.types.enum [100 125 150 175 200]);
      default = null;
      description = "Display scaling percentage for GNOME";
    };
    experimentalFeatures = lib.mkOption {
      type = lib.types.submodule {
        options = {
          scaleMonitorFramebuffer = lib.mkEnableOption "scale-monitor-framebuffer experimental feature";
        };
      };
      default = {};
      description = "GNOME experimental features to enable";
    };
    nightLight = lib.mkOption {
      type = lib.types.submodule {
        options = {
          enable = lib.mkEnableOption "night light (blue light filter)";
          automatic = lib.mkOption {
            type = lib.types.bool;
            default = true;
            description = "Whether to automatically schedule night light based on sunset/sunrise";
          };
          fromTime = lib.mkOption {
            type = lib.types.float;
            default = 20.0;
            description = "Start time for night light in 24-hour format (e.g., 20.0 for 8:00 PM)";
          };
          toTime = lib.mkOption {
            type = lib.types.float;
            default = 6.0;
            description = "End time for night light in 24-hour format (e.g., 6.0 for 6:00 AM)";
          };
          temperature = lib.mkOption {
            type = lib.types.int;
            default = 4000;
            description = "Color temperature for night light (1000-10000K, lower is warmer)";
          };
        };
      };
      default = {};
      description = "Night light configuration";
    };
    extensions = {
      dash-to-dock = {
        enable = lib.mkEnableOption "Dash to Dock extension";
        options = lib.mkOption {
          type = lib.types.nullOr lib.types.attrs;
          default = null;
          description = "Dash to Dock configuration options. If null, no custom configuration will be applied.";
        };
      };
      dash-to-panel = {
        enable = lib.mkEnableOption "Dash to Panel extension";
        options = lib.mkOption {
          type = lib.types.nullOr lib.types.attrs;
          default = null;
          description = "Dash to Panel configuration options. If null, no custom configuration will be applied.";
        };
      };
    };
  };
  config = {
    home.packages = extensions;
    dconf = {
      settings = lib.mkMerge [
        {
          "org/gnome/shell" = {
            disable-user-extensions = false; # enables user extensions
            enabled-extensions = builtins.map (extension: extension.extensionUuid) extensions;
          };
          "org/gnome/desktop/wm/preferences".button-layout = lib.mkIf config.gnome.extraWindowControls ":minimize,maximize,close";
          "org/gnome/desktop/interface".color-scheme = config.gnome.colorScheme;
          "org/gnome/desktop/interface".accent-color = config.gnome.accentColor;
          "org/gnome/desktop/interface".clock-format = config.gnome.clockFormat;
          "org/gnome/desktop/interface".text-scaling-factor = lib.mkIf (config.gnome.displayScaling != null) (config.gnome.displayScaling / 100.0);
          "org/gnome/mutter".experimental-features = lib.mkIf (builtins.any (x: x) (builtins.attrValues config.gnome.experimentalFeatures)) (
            lib.optional config.gnome.experimentalFeatures.scaleMonitorFramebuffer "scale-monitor-framebuffer"
          );
        }
        # Night light configuration
        (lib.mkIf config.gnome.nightLight.enable {
          "org/gnome/settings-daemon/plugins/color" = {
            night-light-enabled = true;
            night-light-schedule-automatic = config.gnome.nightLight.automatic;
            night-light-schedule-from = lib.mkIf (!config.gnome.nightLight.automatic) config.gnome.nightLight.fromTime;
            night-light-schedule-to = lib.mkIf (!config.gnome.nightLight.automatic) config.gnome.nightLight.toTime;
            night-light-temperature = config.gnome.nightLight.temperature;
          };
        })
        (
          lib.mkMerge (
            builtins.map (value: let
              entry = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${value.key}";
            in {
              ${entry} = {
                binding = value.binding;
                command = value.command;
                name = value.name;
              };
              "org/gnome/settings-daemon/plugins/media-keys" = {
                custom-keybindings = [
                  "/${entry}/"
                ];
              };
            })
            (
              lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys
            )
          )
        )
        # Extension configurations
        (lib.mkIf (config.gnome.extensions.dash-to-dock.enable && config.gnome.extensions.dash-to-dock.options != null) {
          "org/gnome/shell/extensions/dash-to-dock" = config.gnome.extensions.dash-to-dock.options;
        })
        (lib.mkIf (config.gnome.extensions.dash-to-panel.enable && config.gnome.extensions.dash-to-panel.options != null) {
          "org/gnome/shell/extensions/dash-to-panel" = config.gnome.extensions.dash-to-panel.options;
        })
      ];
    };
  };
 }
--- a/modules/home-manager-modules/impermanence.nix
+++ b/modules/home-manager-modules/impermanence.nix
@ -0,0 +1,35 @@
 {
  config,
  lib,
  osConfig,
  ...
 }: let
  cfg = config.impermanence;
 in {
  options.impermanence = {
    enable = lib.mkEnableOption "impermanence for home directory";
    fallbackPersistence.enable = lib.mkOption {
      type = lib.types.bool;
      default = true;
    };
  };
  config = lib.mkMerge [
    (lib.mkIf config.impermanence.enable {
      assertions = [
        {
          assertion = osConfig.host.impermanence.enable;
          message = "impermanence can not be enabled for a user when it is not enabled for the system";
        }
      ];
    })
    # If impermanence is not enabled for this user but system impermanence is enabled,
    # persist the entire home directory as fallback
    (lib.mkIf (osConfig.host.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) {
      home.persistence."/persist/home/${config.home.username}" = {
        directories = ["."];
        allowOther = true;
      };
    })
  ];
 }
--- a/modules/home-manager-modules/openssh.nix
+++ b/modules/home-manager-modules/openssh.nix
@ -6,6 +6,7 @@
  ...
 }: {
  options.programs.openssh = {
    enable = lib.mkEnableOption "should we enable openssh";
    authorizedKeys = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = [];
@ -37,63 +38,70 @@
    };
  };
-  config = lib.mkMerge [
+  config = lib.mkIf config.programs.openssh.enable (
-    (
+    lib.mkMerge [
-      lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) {
+      (
-        services.ssh-agent.enable = true;
+        lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) {
-        programs.ssh = {
+          services.ssh-agent.enable = true;
-          enable = true;
+          programs.ssh = {
-          compression = true;
+            enable = true;
-          addKeysToAgent = "confirm";
+            enableDefaultConfig = false;
-          extraConfig = lib.strings.concatLines (
+            matchBlocks = {
-            builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys
+              "*" = {
                compression = true;
                addKeysToAgent = "confirm";
              };
            };
            extraConfig = lib.strings.concatLines (
              builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys
            );
          };
          systemd.user.services = builtins.listToAttrs (
            builtins.map (hostKey:
              lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" {
                Install = {
                  WantedBy = ["default.target"];
                };
                Service = let
                  path = "${config.home.homeDirectory}/.ssh/${hostKey.path}";
                in {
                  Restart = "always";
                  Type = "simple";
                  ExecStart = "${
                    pkgs.writeShellScript "ssh-gen-keys" ''
                      if ! [ -s "${path}" ]; then
                          if ! [ -h "${path}" ]; then
                              rm -f "${path}"
                          fi
                          mkdir -p "$(dirname '${path}')"
                          chmod 0755 "$(dirname '${path}')"
                          ${pkgs.openssh}/bin/ssh-keygen \
                            -t "${hostKey.type}" \
                            ${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \
                            ${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \
                            ${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \
                            ${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \
                            -f "${path}" \
                            -N ""
                          chown ${config.home.username} ${path}*
                          chgrp ${config.home.username} ${path}*
                      fi
                    ''
                  }";
                };
              })
            config.programs.openssh.hostKeys
          );
        }
      )
      (lib.mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          files = lib.lists.flatten (
            builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys
          );
        };
-
+      })
-        systemd.user.services = builtins.listToAttrs (
+    ]
-          builtins.map (hostKey:
+  );
            lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" {
              Install = {
                WantedBy = ["default.target"];
              };
              Service = let
                path = "${config.home.homeDirectory}/.ssh/${hostKey.path}";
              in {
                Restart = "always";
                Type = "simple";
                ExecStart = "${
                  pkgs.writeShellScript "ssh-gen-keys" ''
                    if ! [ -s "${path}" ]; then
                        if ! [ -h "${path}" ]; then
                            rm -f "${path}"
                        fi
                        mkdir -p "$(dirname '${path}')"
                        chmod 0755 "$(dirname '${path}')"
                        ${pkgs.openssh}/bin/ssh-keygen \
                          -t "${hostKey.type}" \
                          ${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \
                          ${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \
                          ${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \
                          ${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \
                          -f "${path}" \
                          -N ""
                        chown ${config.home.username} ${path}*
                        chgrp ${config.home.username} ${path}*
                    fi
                  ''
                }";
              };
            })
          config.programs.openssh.hostKeys
        );
      }
    )
    (lib.mkIf osConfig.host.impermanence.enable {
      home.persistence."/persist${config.home.homeDirectory}" = {
        files = lib.lists.flatten (
          builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys
        );
      };
    })
  ];
 }
--- a/modules/home-manager-modules/programs/anki.nix
+++ b/modules/home-manager-modules/programs/anki.nix
@ -0,0 +1,15 @@
 {
  lib,
  config,
  osConfig,
  ...
 }: {
  config = lib.mkIf (config.programs.anki.enable && osConfig.host.impermanence.enable) {
    home.persistence."/persist${config.home.homeDirectory}" = {
      directories = [
        "${config.xdg.dataHome}/Anki2/"
      ];
      allowOther = true;
    };
  };
 }
--- a/modules/home-manager-modules/programs/bitwarden.nix
+++ b/modules/home-manager-modules/programs/bitwarden.nix
@ -0,0 +1,28 @@
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  options.programs.bitwarden = {
    enable = lib.mkEnableOption "enable bitwarden";
  };
  config = lib.mkIf config.programs.bitwarden.enable (lib.mkMerge [
    {
      home.packages = with pkgs; [
        bitwarden-desktop
      ];
    }
    (
      lib.mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            "${config.xdg.configHome}/Bitwarden"
          ];
          allowOther = true;
        };
      }
    )
  ]);
 }
--- a/modules/home-manager-modules/programs/bruno.nix
+++ b/modules/home-manager-modules/programs/bruno.nix
@ -0,0 +1,28 @@
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  options.programs.bruno = {
    enable = lib.mkEnableOption "enable bruno";
  };
  config = lib.mkIf config.programs.bruno.enable (lib.mkMerge [
    {
      home.packages = with pkgs; [
        bruno
      ];
    }
    (
      lib.mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            "${config.xdg.configHome}/bruno/"
          ];
          allowOther = true;
        };
      }
    )
  ]);
 }
--- a/modules/home-manager-modules/programs/calibre.nix
+++ b/modules/home-manager-modules/programs/calibre.nix
@ -0,0 +1,28 @@
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  options.programs.calibre = {
    enable = lib.mkEnableOption "enable calibre";
  };
  config = lib.mkIf config.programs.calibre.enable (lib.mkMerge [
    {
      home.packages = with pkgs; [
        calibre
      ];
    }
    (
      lib.mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            "${config.xdg.configHome}/calibre"
          ];
          allowOther = true;
        };
      }
    )
  ]);
 }
--- a/modules/home-manager-modules/programs/davinci-resolve.nix
+++ b/modules/home-manager-modules/programs/davinci-resolve.nix
@ -0,0 +1,29 @@
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  options.programs.davinci-resolve = {
    enable = lib.mkEnableOption "enable davinci-resolve";
  };
  config = lib.mkIf config.programs.davinci-resolve.enable (lib.mkMerge [
    {
      home.packages = with pkgs; [
        davinci-resolve
      ];
    }
    (
      lib.mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            "${config.xdg.dataHome}/DaVinciResolve"
            "${config.xdg.configHome}/blackmagic"
          ];
          allowOther = true;
        };
      }
    )
  ]);
 }
--- a/modules/home-manager-modules/programs/dbeaver.nix
+++ b/modules/home-manager-modules/programs/dbeaver.nix
@ -0,0 +1,28 @@
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  options.programs.dbeaver-bin = {
    enable = lib.mkEnableOption "enable dbeaver";
  };
  config = lib.mkIf config.programs.dbeaver-bin.enable (lib.mkMerge [
    {
      home.packages = with pkgs; [
        dbeaver-bin
      ];
    }
    (
      lib.mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            "${config.xdg.dataHome}/DBeaverData/"
          ];
          allowOther = true;
        };
      }
    )
  ]);
 }
--- a/modules/home-manager-modules/programs/default.nix
+++ b/modules/home-manager-modules/programs/default.nix
@ -0,0 +1,49 @@
 {...}: {
  imports = [
    ./firefox.nix
    ./signal.nix
    ./bitwarden.nix
    ./makemkv.nix
    ./obs.nix
    ./anki.nix
    ./piper.nix
    ./qbittorrent.nix
    ./discord.nix
    ./obsidian.nix
    ./prostudiomasters.nix
    ./idea.nix
    ./kdenlive.nix
    ./krita.nix
    ./protonvpn.nix
    ./calibre.nix
    ./bruno.nix
    ./dbeaver.nix
    ./dungeon-draft.nix
    ./steam.nix
    ./vscode
    ./ungoogled-chromium.nix
    ./libreoffice.nix
    ./mapillary-uploader.nix
    ./inkscape.nix
    ./gimp.nix
    ./guild-wars-2.nix
    ./proxmark3.nix
    ./freecad.nix
    ./onionshare.nix
    ./mfoc.nix
    ./pdfarranger.nix
    ./picard.nix
    ./qflipper.nix
    ./openvpn.nix
    ./noisetorch.nix
    ./olympus.nix
    ./openrgb.nix
    ./via.nix
    ./vortex.nix
    ./davinci-resolve.nix
    ./gdx-liftoff.nix
    ./tor-browser.nix
    ./polycule.nix
    ./vmware-workstation.nix
  ];
 }
--- a/modules/home-manager-modules/programs/discord.nix
+++ b/modules/home-manager-modules/programs/discord.nix
@ -0,0 +1,28 @@
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  options.programs.discord = {
    enable = lib.mkEnableOption "enable discord";
  };
  config = lib.mkIf config.programs.discord.enable (lib.mkMerge [
    {
      home.packages = with pkgs; [
        discord
      ];
    }
    (
      lib.mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            "${config.xdg.configHome}/discord/"
          ];
          allowOther = true;
        };
      }
    )
  ]);
 }
--- a/modules/home-manager-modules/programs/dungeon-draft.nix
+++ b/modules/home-manager-modules/programs/dungeon-draft.nix
@ -0,0 +1,24 @@
 {
  config,
  lib,
  ...
 }: let
  cfg = config.programs.dungeon-draft;
 in {
  options.programs.dungeon-draft = {
    enable = lib.mkEnableOption "Dungeon Draft";
  };
  config = {
    assertions = [
      {
        assertion = !cfg.enable;
        message = ''
          Dungeon Draft module is not yet fully configured.
          Please download the Dungeon Draft executable (.exe) from the official website,
          then configure the Wine environment and executable path as needed.
        '';
      }
    ];
  };
 }
--- a/modules/home-manager-modules/programs/firefox.nix
+++ b/modules/home-manager-modules/programs/firefox.nix
@ -0,0 +1,42 @@
 {
  lib,
  config,
  ...
 }: let
  buildProfilePersistence = profile: {
    directories = [
      ".mozilla/firefox/${profile}/extensions"
    ];
    files = [
      ".mozilla/firefox/${profile}/cookies.sqlite"
      ".mozilla/firefox/${profile}/favicons.sqlite"
      # Permissions and ${profileName} levels for each site
      ".mozilla/firefox/${profile}/permissions.sqlite"
      ".mozilla/firefox/${profile}/content-prefs.sqlite"
      # Browser history and bookmarks
      ".mozilla/firefox/${profile}/places.sqlite"
      # I guess this is useful?
      # https://bugzilla.mozilla.org/show_bug.cgi?id=1511384
      # https://developer.mozilla.org/en-US/docs/Web/API/Storage_API/Storage_quotas_and_eviction_criteria
      ".mozilla/firefox/${profile}/storage.sqlite"
      # Extension configuration
      ".mozilla/firefox/${profile}/extension-settings.json"
    ];
    allowOther = true;
  };
 in {
  config = lib.mkIf (config.programs.firefox.enable && config.impermanence.enable) {
    home.persistence."/persist${config.home.homeDirectory}" = lib.mkMerge (
      (
        lib.attrsets.mapAttrsToList
        (profile: _: buildProfilePersistence profile)
        config.programs.firefox.profiles
      )
      ++ (
        lib.lists.optional
        ((builtins.length (lib.attrsets.mapAttrsToList (key: value: value) config.programs.firefox.profiles)) == 0)
        (buildProfilePersistence "default")
      )
    );
  };
 }
--- a/modules/home-manager-modules/programs/freecad.nix
+++ b/modules/home-manager-modules/programs/freecad.nix
@ -0,0 +1,28 @@
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  options.programs.freecad = {
    enable = lib.mkEnableOption "enable freecad";
  };
  config = lib.mkIf config.programs.freecad.enable (lib.mkMerge [
    {
      home.packages = with pkgs; [
        freecad
      ];
    }
    (
      lib.mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            "${config.xdg.configHome}/FreeCAD"
          ];
          allowOther = true;
        };
      }
    )
  ]);
 }
--- a/modules/home-manager-modules/programs/gdx-liftoff.nix
+++ b/modules/home-manager-modules/programs/gdx-liftoff.nix
@ -0,0 +1,16 @@
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  options.programs.gdx-liftoff = {
    enable = lib.mkEnableOption "enable gdx-liftoff";
  };
  config = lib.mkIf config.programs.gdx-liftoff.enable {
    home.packages = with pkgs; [
      gdx-liftoff
    ];
  };
 }
--- a/modules/home-manager-modules/programs/gimp.nix
+++ b/modules/home-manager-modules/programs/gimp.nix
@ -0,0 +1,28 @@
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  options.programs.gimp = {
    enable = lib.mkEnableOption "enable gimp";
  };
  config = lib.mkIf config.programs.gimp.enable (lib.mkMerge [
    {
      home.packages = with pkgs; [
        gimp
      ];
    }
    (
      lib.mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            "${config.xdg.configHome}/GIMP"
          ];
          allowOther = true;
        };
      }
    )
  ]);
 }
--- a/modules/home-manager-modules/programs/guild-wars-2.nix
+++ b/modules/home-manager-modules/programs/guild-wars-2.nix
@ -0,0 +1,24 @@
 {
  config,
  lib,
  ...
 }: let
  cfg = config.programs.guild-wars-2;
 in {
  options.programs.guild-wars-2 = {
    enable = lib.mkEnableOption "Guild Wars 2";
  };
  config = {
    assertions = [
      {
        assertion = !cfg.enable;
        message = ''
          Guild Wars 2 module is not yet fully configured.
          Please install Guild Wars 2 manually via Steam or the official client,
          then configure the Wine environment as needed.
        '';
      }
    ];
  };
 }
--- a/modules/home-manager-modules/programs/idea.nix
+++ b/modules/home-manager-modules/programs/idea.nix
@ -0,0 +1,32 @@
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  options.programs.jetbrains.idea-community = {
    enable = lib.mkEnableOption "enable idea-community";
  };
  config = lib.mkIf config.programs.jetbrains.idea-community.enable (lib.mkMerge [
    {
      home.packages = with pkgs; [
        jetbrains.idea-community
      ];
    }
    (
      lib.mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            # configuration
            "${config.xdg.configHome}/JetBrains/"
            # plugins
            "${config.xdg.dataHome}/JetBrains/"
            # System and Logs
            "${config.xdg.cacheHome}/JetBrains/"
          ];
        };
      }
    )
  ]);
 }
--- a/modules/home-manager-modules/programs/inkscape.nix
+++ b/modules/home-manager-modules/programs/inkscape.nix
@ -0,0 +1,28 @@
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  options.programs.inkscape = {
    enable = lib.mkEnableOption "enable inkscape";
  };
  config = lib.mkIf config.programs.inkscape.enable (lib.mkMerge [
    {
      home.packages = with pkgs; [
        inkscape
      ];
    }
    (
      lib.mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            "${config.xdg.configHome}/inkscape"
          ];
          allowOther = true;
        };
      }
    )
  ]);
 }
--- a/modules/home-manager-modules/programs/kdenlive.nix
+++ b/modules/home-manager-modules/programs/kdenlive.nix
@ -0,0 +1,36 @@
 {
  config,
  lib,
  pkgs,
  ...
 }: let
  cfg = config.programs.kdenlive;
 in {
  options.programs.kdenlive = {
    enable = lib.mkEnableOption "kdenlive";
    package = lib.mkOption {
      type = lib.types.package;
      default = pkgs.kdePackages.kdenlive;
      description = "The kdenlive package to install.";
    };
  };
  config = lib.mkIf cfg.enable (lib.mkMerge [
    {
      home.packages = [
        cfg.package
      ];
    }
    (
      lib.mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            "${config.xdg.configHome}/kdenliverc"
            "${config.xdg.dataHome}/kdenlive"
          ];
          allowOther = true;
        };
      }
    )
  ]);
 }
--- a/modules/home-manager-modules/programs/krita.nix
+++ b/modules/home-manager-modules/programs/krita.nix
@ -0,0 +1,29 @@
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  options.programs.krita = {
    enable = lib.mkEnableOption "enable krita";
  };
  config = lib.mkIf config.programs.krita.enable (lib.mkMerge [
    {
      home.packages = with pkgs; [
        krita
      ];
    }
    (
      lib.mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            "${config.xdg.configHome}/kritarc"
            "${config.xdg.dataHome}/krita"
          ];
          allowOther = true;
        };
      }
    )
  ]);
 }
--- a/modules/home-manager-modules/programs/libreoffice.nix
+++ b/modules/home-manager-modules/programs/libreoffice.nix
@ -0,0 +1,28 @@
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  options.programs.libreoffice = {
    enable = lib.mkEnableOption "enable libreoffice";
  };
  config = lib.mkIf config.programs.libreoffice.enable (lib.mkMerge [
    {
      home.packages = with pkgs; [
        libreoffice
      ];
    }
    (
      lib.mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            "${config.xdg.configHome}/libreoffice"
          ];
          allowOther = true;
        };
      }
    )
  ]);
 }
--- a/modules/home-manager-modules/programs/makemkv.nix
+++ b/modules/home-manager-modules/programs/makemkv.nix
@ -0,0 +1,41 @@
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  options.programs.makemkv = {
    enable = lib.mkEnableOption "enable makemkv";
    appKeyFile = lib.mkOption {
      type = lib.types.str;
    };
    destinationDir = lib.mkOption {
      type = lib.types.str;
    };
  };
  config = lib.mkIf config.programs.makemkv.enable (lib.mkMerge [
    {
      home.packages = with pkgs; [
        makemkv
      ];
      sops.templates."MakeMKV.settings.conf".content = ''
        app_DestinationDir = "${config.programs.makemkv.destinationDir}"
        app_DestinationType = "2"
        app_Key = "${config.programs.makemkv.appKeyFile}"
      '';
      home.file.".MakeMKV/settings.conf".source = config.lib.file.mkOutOfStoreSymlink config.sops.templates."MakeMKV.settings.conf".path;
    }
    (
      lib.mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            ".MakeMKV"
          ];
        };
      }
    )
  ]);
 }
--- a/modules/home-manager-modules/programs/mapillary-uploader.nix
+++ b/modules/home-manager-modules/programs/mapillary-uploader.nix
@ -0,0 +1,30 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 with lib; let
  cfg = config.programs.mapillary-uploader;
 in {
  options.programs.mapillary-uploader = {
    enable = mkEnableOption "Mapillary Desktop Uploader";
  };
  config = mkIf cfg.enable (mkMerge [
    {
      home.packages = [pkgs.mapillary-uploader];
    }
    (
      mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            "${config.xdg.configHome}/mapillary-uploader"
            "${config.xdg.dataHome}/mapillary-uploader"
          ];
          allowOther = true;
        };
      }
    )
  ]);
 }
--- a/modules/home-manager-modules/programs/mfoc.nix
+++ b/modules/home-manager-modules/programs/mfoc.nix
@ -0,0 +1,16 @@
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  options.programs.mfoc = {
    enable = lib.mkEnableOption "enable mfoc";
  };
  config = lib.mkIf config.programs.mfoc.enable {
    home.packages = with pkgs; [
      mfoc
    ];
  };
 }
--- a/modules/home-manager-modules/programs/noisetorch.nix
+++ b/modules/home-manager-modules/programs/noisetorch.nix
@ -0,0 +1,16 @@
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  options.programs.noisetorch = {
    enable = lib.mkEnableOption "enable noisetorch";
  };
  config = lib.mkIf config.programs.noisetorch.enable {
    home.packages = with pkgs; [
      noisetorch
    ];
  };
 }
--- a/modules/home-manager-modules/programs/obs.nix
+++ b/modules/home-manager-modules/programs/obs.nix
@ -0,0 +1,18 @@
 {
  lib,
  config,
  ...
 }: {
  config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [
    (
      lib.mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            "${config.xdg.configHome}/obs-studio"
          ];
          allowOther = true;
        };
      }
    )
  ]);
 }
--- a/modules/home-manager-modules/programs/obsidian.nix
+++ b/modules/home-manager-modules/programs/obsidian.nix
@ -0,0 +1,17 @@
 {
  lib,
  config,
  ...
 }: {
  config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [
    (
      lib.mkIf config.impermanence.enable {
        home.persistence."/persist${config.home.homeDirectory}" = {
          directories = [
            "${config.xdg.configHome}/obsidian"
          ];
        };
      }
    )
  ]);
 }
--- a/Show more
+++ b/Show more