Weekly flake update: 2026-03-23 22:38 UTC

emacs-vm fix
constitution ammendment
2026-03-23 16:38:30 -06:00 · 2026-03-23 16:19:23 -06:00 · 2026-03-23 15:51:13 -06:00 · 2026-03-23 15:49:51 -06:00 · 2026-03-23 15:01:55 -06:00 · 2026-03-23 14:34:14 -06:00
85 changed files with 745 additions and 595 deletions
--- a/.gitea/workflows/build-on-push.yml
+++ b/.gitea/workflows/build-on-push.yml
@@ -1,9 +1,6 @@
 name: Build on Push
 on:
  push:
    branches:
      - main
  workflow_dispatch: # Allow manual trigger
 jobs:
@@ -91,4 +88,3 @@ jobs:
          echo "✅ Build on push completed successfully!"
          echo "- Built workstation, server, and emacs-vm configurations"
          echo "- Pushed all builds to Atticd cache"
--- a/.gitea/workflows/runner-smoke.yml
+++ b/.gitea/workflows/runner-smoke.yml
@@ -1,13 +0,0 @@
 name: runner-smoke
 on:
  push:
  workflow_dispatch:
 jobs:
  ubuntu-2404:
    runs-on: ubuntu-24.04
    steps:
      - name: Check OS
        run: |
          cat /etc/os-release
          uname -a
--- a/config/base.nix
+++ b/config/base.nix
@@ -38,9 +38,7 @@
  };
  i18n = {
    defaultLocale = "en_CA.UTF-8";
-    extraLocaleSettings = {
+    extraLocaleSettings.LC_MONETARY = "es_MX.UTF-8";
      LC_MONETARY = "es_MX.UTF-8";
    };
  };
  console = {
    font = "Lat2-Terminus16";
@@ -48,10 +46,6 @@
  };
  security = {
    polkit.enable = true;
    sudo-rs = {
      enable = true;
      wheelNeedsPassword = false;
    };
    pam.loginLimits = [
      {
        domain = "*";
@@ -60,6 +54,10 @@
        value = "8192";
      }
    ];
    sudo-rs = {
      enable = true;
      wheelNeedsPassword = false;
    };
  };
  users = {
    mutableUsers = false;
--- a/config/derek.nix
+++ b/config/derek.nix
@@ -15,6 +15,9 @@ let
  };
 in
 {
  sops.secrets = lib.mkIf config.my.secureHost {
    derek-password.neededForUsers = true;
  };
  my = {
    stylix = enableForDerek;
    emacs = enableForDerek;
@@ -34,9 +37,6 @@ in
      multimedia = enableForDerek;
    };
  };
  sops.secrets = lib.mkIf config.my.secureHost {
    derek-password.neededForUsers = true;
  };
  services = {
    tailscale.enable = true;
    sunshine = {
@@ -48,8 +48,7 @@ in
  };
  networking.nftables = {
    enable = true;
-    tables = {
+    tables.local-uid-block = {
      local-uid-block = {
      family = "inet";
      content = ''
        chain output {
@@ -60,7 +59,6 @@ in
      '';
    };
  };
  };
  users.users.bearded_dragonn = {
    uid = 1002;
    isNormalUser = true;
--- a/config/home-manager.nix
+++ b/config/home-manager.nix
@@ -39,27 +39,6 @@ in
    ];
  home.stateVersion = "23.05";
  programs = {
    direnv = {
      enable = true;
      enableBashIntegration = shellType == "bash";
      enableZshIntegration = shellType == "zsh";
      nix-direnv.enable = true;
    };
    git = {
      enable = true;
      settings = {
        pull.rebase = true;
        init.defaultBranch = "main";
        user = {
          email = if osConfig == null then userEmail else osConfig.my.email;
          name = "Danilo Reyes";
        };
      };
    };
    delta = {
      enable = true;
      enableGitIntegration = true;
    };
    ssh.enableDefaultConfig = false;
    bash = lib.mkIf (shellType == "bash") {
      enable = true;
@@ -85,6 +64,27 @@ in
        ignoreAllDups = true;
      };
    };
    delta = {
      enable = true;
      enableGitIntegration = true;
    };
    direnv = {
      enable = true;
      enableBashIntegration = shellType == "bash";
      enableZshIntegration = shellType == "zsh";
      nix-direnv.enable = true;
    };
    git = {
      enable = true;
      settings = {
        pull.rebase = true;
        init.defaultBranch = "main";
        user = {
          email = if osConfig == null then userEmail else osConfig.my.email;
          name = "Danilo Reyes";
        };
      };
    };
  };
  xdg = {
    enable = true;
--- a/config/stylix.nix
+++ b/config/stylix.nix
@@ -21,13 +21,11 @@ in
      description = "Users to apply Stylix theming for";
    };
  };
-  config = {
+  config.stylix = {
    stylix = {
    inherit (scheme) image polarity;
    enable = true;
    autoEnable = cfg.enable;
    targets.qt.platform = lib.mkForce "qtct";
  }
  // lib.optionalAttrs (scheme ? base16Scheme) { inherit (scheme) base16Scheme; };
  };
 }
--- a/docs/constitution.md
+++ b/docs/constitution.md
@@ -21,6 +21,7 @@
 - Minimize comments; prefer clear naming and shared helpers (`modules/factories/mkserver.nix`, `modules/factories/mkscript.nix`) to avoid duplication.
 - Use business-level, technology-agnostic language in AI docs; reserve implementation detail for module code.
 - Nix structure: flatten single-child attribute sets into their full path; keep multi-child sets nested for readability; merge siblings under a shared parent; flatten the shallowest subtree first to reduce indentation without losing clarity.
 - Nix attribute ordering: prefer `options` before `config` in module bodies; inside attribute sets keep `inherit` statements first, then boolean leaf assignments, then other leaf assignments, then nested attribute sets; when simple leaves and nested children share a parent, place the simple leaves first.
 ```nix
 config.services.jellyfin.enable = true; # preferred single-leaf form
 config.services = {
@@ -31,6 +32,20 @@ config.services = {
  };
 };
 ```
 ```nix
 {
  options.my.example.enable = lib.mkEnableOption "example";
  config = lib.mkIf config.my.example.enable {
    services.example = {
      enable = true;
      port = 1234;
      nested = {
        value = "x";
      };
    };
  };
 }
 ```
 ## Terminology and Naming Standards
 - Module: Prefer a feature directory under `modules/<category>/<name>/` with `nixos.nix` for system concerns and `home.nix` for Home Manager concerns. Legacy flat modules at `modules/<category>/<name>.nix` remain valid during migration.
--- a/dotfiles/gallery-dl.nix
+++ b/dotfiles/gallery-dl.nix
@@ -1,4 +1,5 @@
 {
  output.mode = "auto";
  extractor = {
    skip = "abort:5";
    cookies = [
@@ -8,6 +9,29 @@
    ];
    retries = 10;
    sleep-request = 0;
    pinterest.directory = [
      "{board[owner][username]}"
      "{board[name]}"
    ];
    exhentai.directory = [
      "{category}"
      "{title}"
    ];
    gfycat.format = "webm";
    imgur.mp4 = true;
    paheal.directory = [
      "Husbands"
      "{search_tags}"
    ];
    rule34.directory = [
      "Husbands"
      "{search_tags}"
    ];
    e621.directory = [
      "Husbands"
      "{search_tags}"
    ];
    baraag.directory = [ "{account[username]}" ];
    directlink = {
      filename = "{filename}.{extension}";
      directory = [ ];
@@ -35,10 +59,6 @@
        "{owner[username]}"
      ];
    };
    pinterest.directory = [
      "{board[owner][username]}"
      "{board[name]}"
    ];
    wikifeet = {
      page-reverse = true;
      directory = [
@@ -55,6 +75,11 @@
      parent-directory = true;
      directory = [ "{username}" ];
      previews = true;
      tagged.directory = [
        "{username}"
        "tagged"
        "{tagged_username}"
      ];
      highlights = {
        reverse = true;
        directory = [ "{username}" ];
@@ -63,11 +88,6 @@
        reverse = true;
        directory = [ "{username}" ];
      };
      tagged.directory = [
        "{username}"
        "tagged"
        "{tagged_username}"
      ];
    };
    kemonoparty = {
      limit-rate = "200k-300k";
@@ -79,10 +99,6 @@
        "{user}"
      ];
    };
    exhentai.directory = [
      "{category}"
      "{title}"
    ];
    tumblr = {
      external = true;
      inline = true;
@@ -132,7 +148,6 @@
      external = true;
      directory = [ "{userinfo[username]}" ];
    };
    gfycat.format = "webm";
    reddit = {
      user-agent = "Python:gallery-dl:v1.0 (by /u/captainjawz)";
      client-id = "T7nZ6WZ3_onJWBhLP8r08g";
@@ -143,20 +158,6 @@
      reverse = true;
      directory = [ "{userName}" ];
    };
    imgur.mp4 = true;
    paheal.directory = [
      "Husbands"
      "{search_tags}"
    ];
    rule34.directory = [
      "Husbands"
      "{search_tags}"
    ];
    e621.directory = [
      "Husbands"
      "{search_tags}"
    ];
    baraag.directory = [ "{account[username]}" ];
    pixiv = {
      directory = [ "{user[account]} - {user[id]}" ];
      ugoira = true;
@@ -275,7 +276,6 @@
      ];
    };
  };
  output.mode = "auto";
  downloader = {
    part = true;
    part-directory = "/home/jawz/.cache/gallery-dl";
--- a/environments/cinnamon.nix
+++ b/environments/cinnamon.nix
@@ -1,5 +1,11 @@
 { pkgs, ... }:
 {
  users.users.jawz.packages = builtins.attrValues {
    inherit (pkgs)
      adw-gtk3 # theme legacy applications
      papirus-icon-theme # icon theme
      ;
  };
  services = {
    libinput.enable = true;
    xserver = {
@@ -12,10 +18,4 @@
    enable = true;
    style = "adwaita";
  };
  users.users.jawz.packages = builtins.attrValues {
    inherit (pkgs)
      adw-gtk3 # theme legacy applications
      papirus-icon-theme # icon theme
      ;
  };
 }
--- a/environments/gnome.nix
+++ b/environments/gnome.nix
@@ -23,11 +23,6 @@ in
  };
  config = lib.mkIf cfg.enable {
    qt.enable = true;
    services = {
      gvfs.enable = true;
      displayManager.gdm.enable = true;
      desktopManager.gnome.enable = true;
    };
    environment.gnome.excludePackages = builtins.attrValues {
      inherit (pkgs)
        baobab
@@ -55,5 +50,10 @@ in
          ;
      }
    );
    services = {
      gvfs.enable = true;
      displayManager.gdm.enable = true;
      desktopManager.gnome.enable = true;
    };
  };
 }
--- a/environments/hyprland-home.nix
+++ b/environments/hyprland-home.nix
@@ -10,6 +10,9 @@ let
 in
 {
  programs = {
    waybar = waybarConfig.programs.waybar // {
      style = waybarStyle;
    };
    wofi = {
      enable = true;
      settings = {
@@ -19,29 +22,10 @@ in
        width = "30%";
      };
    };
    waybar = waybarConfig.programs.waybar // {
      style = waybarStyle;
    };
  };
  wayland.windowManager.hyprland = {
    enable = true;
    settings = {
      general = {
        gaps_in = 5;
        gaps_out = 10;
        border_size = 3;
        layout = "dwindle";
      };
      misc = {
        disable_hyprland_logo = true;
        disable_splash_rendering = true;
        force_default_wallpaper = 0;
      };
      dwindle = {
        pseudotile = true;
        preserve_split = true;
        force_split = 2;
      };
      bind = [
        "${mod}, return, exec, ghostty"
        "${mod}, Q, killactive,"
@@ -108,6 +92,22 @@ in
        "${mod}, mouse:272, movewindow"
        "${mod}, mouse:273, resizewindow"
      ];
      general = {
        gaps_in = 5;
        gaps_out = 10;
        border_size = 3;
        layout = "dwindle";
      };
      misc = {
        disable_hyprland_logo = true;
        disable_splash_rendering = true;
        force_default_wallpaper = 0;
      };
      dwindle = {
        pseudotile = true;
        preserve_split = true;
        force_split = 2;
      };
    };
  };
 }
--- a/environments/hyprland.nix
+++ b/environments/hyprland.nix
@@ -4,13 +4,6 @@
 }:
 {
  programs.hyprland.enable = true;
  services.greetd = {
    enable = true;
    settings.default_session = {
      command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd Hyprland";
      user = "greeter";
    };
  };
  users.users.jawz.packages = builtins.attrValues {
    inherit (pkgs)
      wl-clipboard-rs
@@ -25,4 +18,11 @@
      ;
  };
  home-manager.users.jawz.imports = [ ./hyprland-home.nix ];
  services.greetd = {
    enable = true;
    settings.default_session = {
      command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd Hyprland";
      user = "greeter";
    };
  };
 }
--- a/flake.lock
+++ b/flake.lock
@@ -20,11 +20,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1773436376,
+        "lastModified": 1774211390,
-        "narHash": "sha256-OUPRrprbgN27BXHuWkMAPSCfLLQ/uwpWghEfKYN2iAg=",
+        "narHash": "sha256-sTtAgCCaX8VNNZlQFACd3i1IQ+DB0Wf3COgiFS152ds=",
        "owner": "hyprwm",
        "repo": "aquamarine",
-        "rev": "43f10d24391692bba3d762931ee35e7f17f8e8b8",
+        "rev": "f62a4dbfa4e5584f14ad4c62afedf6e4b433cf70",
        "type": "github"
      },
      "original": {
@@ -420,11 +420,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1772893680,
+        "lastModified": 1774104215,
-        "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
+        "narHash": "sha256-EAtviqz0sEAxdHS4crqu7JGR5oI3BwaqG0mw7CmXkO8=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
+        "rev": "f799ae951fde0627157f40aec28dec27b22076d0",
        "type": "github"
      },
      "original": {
@@ -503,11 +503,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1773963144,
+        "lastModified": 1774274588,
-        "narHash": "sha256-WzBOBfSay3GYilUfKaUa1Mbf8/jtuAiJIedx7fWuIX4=",
+        "narHash": "sha256-dnHvv5EMUgTzGZmA+3diYjQU2O6BEpGLEOgJ1Qe9LaY=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "a91b3ea73a765614d90360580b689c48102d1d33",
+        "rev": "cf9686ba26f5ef788226843bc31fda4cf72e373b",
        "type": "github"
      },
      "original": {
@@ -594,11 +594,11 @@
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1774029157,
+        "lastModified": 1774270522,
-        "narHash": "sha256-OGtXRftdimLDExxD7MGmg1IGY0b3Pmqdm61fbZkt6dk=",
+        "narHash": "sha256-v3+29zRU210u9LB4eDc4iLE9+jN4xsRgmZKyOjufoaw=",
        "owner": "hyprwm",
        "repo": "Hyprland",
-        "rev": "8726a7363eb9213235e6e23657668e0daac39a5b",
+        "rev": "64a2e4e26388f017fd9198a6d70424f1f251a5a0",
        "type": "github"
      },
      "original": {
@@ -771,11 +771,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1773948364,
+        "lastModified": 1774211405,
-        "narHash": "sha256-S76omfIVQ1TpGiXFbqih6o6XcH3sA5+5QI+SXB4HvlY=",
+        "narHash": "sha256-6KNwP4ojUzv3YBlZU5BqCpTrWHcix1Jo01BISsTT0xk=",
        "owner": "hyprwm",
        "repo": "hyprutils",
-        "rev": "b85b779e3e3a1adcd9b098e3447cf48f9e780b35",
+        "rev": "cb4e152dc72095a2af422956c6b689590572231a",
        "type": "github"
      },
      "original": {
@@ -888,11 +888,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1774013813,
+        "lastModified": 1774233978,
-        "narHash": "sha256-gaKNu+dW6lA4LU8PM4pNqmaqoY8hIggM7ticP6VjVFk=",
+        "narHash": "sha256-rT9wnIfbI1gjl0gq4nN8/5ZvFWn+K6QLwlyy6Gx8FDc=",
        "owner": "fufexan",
        "repo": "nix-gaming",
-        "rev": "342bd5c65526d57b7bed200c8219d1a48414c806",
+        "rev": "4a583dd427ccf7d912282909a2702a6a547d8560",
        "type": "github"
      },
      "original": {
@@ -967,11 +967,11 @@
    },
    "nixpkgs-small": {
      "locked": {
-        "lastModified": 1773996037,
+        "lastModified": 1774244481,
-        "narHash": "sha256-GzJ5WVh+cK4dNCD6dHvLWgUag0K0a/1ndIvi5rBMXgo=",
+        "narHash": "sha256-4XfMXU0DjN83o6HWZoKG9PegCvKvIhNUnRUI19vzTcQ=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "04c412cbb2d7729f958be27ba86298bf9e9da9d6",
+        "rev": "4590696c8693fea477850fe379a01544293ca4e2",
        "type": "github"
      },
      "original": {
@@ -983,11 +983,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1773821835,
+        "lastModified": 1774106199,
-        "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=",
+        "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0",
+        "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655",
        "type": "github"
      },
      "original": {
@@ -999,11 +999,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1773814637,
+        "lastModified": 1774244481,
-        "narHash": "sha256-GNU+ooRmrHLfjlMsKdn0prEKVa0faVanm0jrgu1J/gY=",
+        "narHash": "sha256-4XfMXU0DjN83o6HWZoKG9PegCvKvIhNUnRUI19vzTcQ=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "fea3b367d61c1a6592bc47c72f40a9f3e6a53e96",
+        "rev": "4590696c8693fea477850fe379a01544293ca4e2",
        "type": "github"
      },
      "original": {
@@ -1042,11 +1042,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1774043868,
+        "lastModified": 1774302711,
-        "narHash": "sha256-enrOdHXWwAiHxr8XQ85DsbxQys99F7AHe43uQeREMQw=",
+        "narHash": "sha256-TmcR/PV0pf2vrAC7JtmINZTAEG6PpCs2vOIp5FQEEY0=",
        "owner": "nix-community",
        "repo": "nur",
-        "rev": "94f53d62e97c801214d26bda793410260f8d34b3",
+        "rev": "7a80aff234248c25617f875d0a3e64f39080e536",
        "type": "github"
      },
      "original": {
@@ -1090,11 +1090,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1772893680,
+        "lastModified": 1774104215,
-        "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
+        "narHash": "sha256-EAtviqz0sEAxdHS4crqu7JGR5oI3BwaqG0mw7CmXkO8=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
+        "rev": "f799ae951fde0627157f40aec28dec27b22076d0",
        "type": "github"
      },
      "original": {
@@ -1127,11 +1127,11 @@
    "qbit_manage": {
      "flake": false,
      "locked": {
-        "lastModified": 1764428351,
+        "lastModified": 1774123356,
-        "narHash": "sha256-JCsbf2mPRhs7Mbekl946G/y/CSNSSvQBLvlwVy/Avcg=",
+        "narHash": "sha256-7B2JZNK8ESbfNLCVUL40Rldj67LCdDHOa+BkL7xmOcY=",
        "owner": "StuffAnThings",
        "repo": "qbit_manage",
-        "rev": "371627bbeb082e68f057bbe4599565c2e63a14c7",
+        "rev": "b2b035b7c06d7e81ecbd322c9c2ea18986718ae3",
        "type": "github"
      },
      "original": {
@@ -1172,11 +1172,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1773889674,
+        "lastModified": 1774303811,
-        "narHash": "sha256-+ycaiVAk3MEshJTg35cBTUa0MizGiS+bgpYw/f8ohkg=",
+        "narHash": "sha256-fhG4JAcLgjKwt+XHbjs8brpWnyKUfU4LikLm3s0Q/ic=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "29b6519f3e0780452bca0ac0be4584f04ac16cc5",
+        "rev": "614e256310e0a4f8a9ccae3fa80c11844fba7042",
        "type": "github"
      },
      "original": {
@@ -1206,11 +1206,11 @@
        "tinted-zed": "tinted-zed"
      },
      "locked": {
-        "lastModified": 1773790548,
+        "lastModified": 1774194089,
-        "narHash": "sha256-6lI+ZM1yWL4cNRT39s8AUC+kwq237PZCrWc1ubLOwqc=",
+        "narHash": "sha256-SCczWhr8y8aaXVHG+gOGcRahNb0BU1Z5zYZuv9W/nA8=",
        "owner": "danth",
        "repo": "stylix",
-        "rev": "e8ffdddd42062ebc90178db9d013aa38c20b7b2f",
+        "rev": "7c34241d80ea64dd2039bb3a786fb66b4c6261d9",
        "type": "github"
      },
      "original": {
@@ -1472,11 +1472,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1772669058,
+        "lastModified": 1773601989,
-        "narHash": "sha256-XhnY0aRuDo5LT8pmJVPofPOgO2hAR7T+XRoaQxtNPzQ=",
+        "narHash": "sha256-2tJf/CQoHApoIudxHeJye+0Ii7scR0Yyi7pNiWk0Hn8=",
        "owner": "hyprwm",
        "repo": "xdg-desktop-portal-hyprland",
-        "rev": "906d0ac159803a7df2dc1f948df9327670380f69",
+        "rev": "a9b862d1aa000a676d310cc62d249f7ad726233d",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -1,5 +1,15 @@
 {
  description = "JawZ NixOS flake setup";
  outputs =
    inputs:
    inputs.flake-parts.lib.mkFlake { inherit inputs; } {
      imports = [
        ./parts/core.nix
        ./parts/hosts.nix
        ./parts/packages.nix
        ./parts/devshells.nix
      ];
    };
  inputs = {
    flake-parts.url = "github:hercules-ci/flake-parts";
    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11";
@@ -71,14 +81,4 @@
      flake = false;
    };
  };
  outputs =
    inputs:
    inputs.flake-parts.lib.mkFlake { inherit inputs; } {
      imports = [
        ./parts/core.nix
        ./parts/hosts.nix
        ./parts/packages.nix
        ./parts/devshells.nix
      ];
    };
 }
--- a/hosts/emacs/configuration.nix
+++ b/hosts/emacs/configuration.nix
@@ -8,6 +8,8 @@
    ../../config/stylix.nix
    ../../environments/hyprland.nix
  ];
  networking.hostName = "emacs";
  environment.systemPackages = [ ];
  virtualisation.vmVariant.virtualisation = {
    memorySize = 4096;
    cores = 4;
@@ -23,6 +25,11 @@
    emacs.enable = true;
    shell.tools.enable = true;
    services.network.enable = true;
    interfaces = lib.mkMerge [
      {
        emacs = "eth0";
      }
    ];
    dev = {
      nix.enable = true;
      python.enable = true;
@@ -37,12 +44,5 @@
      zig.enable = true;
      docker.enable = true;
    };
    interfaces = lib.mkMerge [
      {
        emacs = "eth0";
      }
    ];
  };
  networking.hostName = "emacs";
  environment.systemPackages = [ ];
 }
--- a/hosts/mac/home.nix
+++ b/hosts/mac/home.nix
@@ -4,6 +4,7 @@
  ...
 }:
 {
  my = import ./toggles.nix { inherit inputs; };
  home = {
    username = "carlosdaniloreyesmartinez";
    homeDirectory = "/Users/carlosdaniloreyesmartinez";
@@ -13,10 +14,11 @@
    starship.enable = true;
    kitty = {
      enable = true;
      shellIntegration.enableBashIntegration = false;
      shellIntegration.enableZshIntegration = true;
      settings.term = "xterm-256color";
      shellIntegration = {
        enableBashIntegration = false;
        enableZshIntegration = true;
      };
    };
  };
  my = import ./toggles.nix { inherit inputs; };
 }
--- a/hosts/miniserver/configuration.nix
+++ b/hosts/miniserver/configuration.nix
@@ -6,14 +6,18 @@
    ../../config/stylix.nix
  ];
  my = import ./toggles.nix { inherit inputs; } // {
-    nix.cores = 3;
+    nix = {
-    nix.maxJobs = 8;
+      cores = 3;
-    users.nixremote.enable = true;
+      maxJobs = 8;
-    users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
+    };
    users.nixremote = {
      enable = true;
      authorizedKeys = inputs.self.lib.getSshKeys [
        "nixworkstation"
        "nixserver"
      ];
    };
  };
  nix.buildMachines =
    let
      buildMachine = hostName: maxJobs: speedFactor: {
@@ -27,6 +31,7 @@
      (buildMachine "workstation" 8 40)
      (buildMachine "server" 6 17)
    ];
  nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
  networking = {
    hostName = "miniserver";
    firewall = {
@@ -34,7 +39,6 @@
      allowedUDPPorts = [ 2049 ];
    };
  };
  nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
  services = {
    btrfs.autoScrub = {
      enable = true;
--- a/hosts/miniserver/hardware-configuration.nix
+++ b/hosts/miniserver/hardware-configuration.nix
@@ -54,19 +54,17 @@
  fileSystems =
    let
      nfsMount = server: nfsDisk: {
        device = "${server}:/${nfsDisk}";
        fsType = "nfs";
        options = [
          "x-systemd.automount"
          "noauto"
          "x-systemd.idle-timeout=600"
        ];
        device = "${server}:/${nfsDisk}";
        fsType = "nfs";
      };
    in
    {
      "/" = {
        device = "/dev/mapper/nvme";
        fsType = "btrfs";
        options = [
          "subvol=nix"
          "ssd"
@@ -77,10 +75,10 @@
          "datacow"
          "noatime"
        ];
      };
      "/home" = {
        device = "/dev/mapper/nvme";
        fsType = "btrfs";
      };
      "/home" = {
        options = [
          "subvol=home"
          "ssd"
@@ -90,6 +88,8 @@
          "commit=120"
          "datacow"
        ];
        device = "/dev/mapper/nvme";
        fsType = "btrfs";
      };
      "/boot" = {
        device = "/dev/disk/by-uuid/bf0aeb95-94cc-4377-b6e4-1dbb4958b334";
@@ -100,18 +100,18 @@
        fsType = "vfat";
      };
      "/var/lib/nextcloud/data" = {
        device = "/srv/pool/nextcloud";
        options = [ "bind" ];
        device = "/srv/pool/nextcloud";
        depends = [ "/srv/pool" ];
      };
      "/export/pool" = {
        device = "/srv/pool";
        options = [ "bind" ];
        device = "/srv/pool";
        depends = [ "/srv/pool" ];
      };
      "/export/jawz" = {
        device = "/home/jawz";
        options = [ "bind" ];
        device = "/home/jawz";
        depends = [ "/srv/pool" ];
      };
      "/srv/server/pool" = nfsMount "server" "pool" // { };
--- a/hosts/miniserver/toggles.nix
+++ b/hosts/miniserver/toggles.nix
@@ -8,14 +8,6 @@ let
    ;
 in
 {
  emacs = {
    enable = true;
    users = "jawz";
  };
  stylix = {
    enable = true;
    users = "jawz";
  };
  enableProxy = true;
  websites.portfolio.enableProxy = true;
  apps = enableList mkEnabledWithUsers [
@@ -49,4 +41,12 @@ in
    // enableList mkEnabledWithProxy [
      "audiobookshelf"
    ];
  emacs = {
    enable = true;
    users = "jawz";
  };
  stylix = {
    enable = true;
    users = "jawz";
  };
 }
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -17,13 +17,16 @@ in
  ];
  my = import ./toggles.nix { inherit config inputs; } // {
    nix.cores = 6;
-    users.nixremote.enable = true;
+    users.nixremote = {
-    users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
+      enable = true;
      authorizedKeys = inputs.self.lib.getSshKeys [
        "nixworkstation"
        "nixminiserver"
      ];
-    network.firewall.enabledServicePorts = true;
+    };
-    network.firewall.additionalPorts = [
+    network.firewall = {
      enabledServicePorts = true;
      additionalPorts = [
        2049 # idk
        config.my.ports.syncthingGui
        config.my.ports.syncthingRelay
@@ -34,6 +37,7 @@ in
        config.my.ports.qbittorrent
      ];
    };
  };
  nix.buildMachines = [
    {
      hostName = "workstation";
@@ -65,10 +69,6 @@ in
  };
  networking = {
    hostName = "server";
    firewall = {
      allowedUDPPorts = config.networking.firewall.allowedTCPPorts;
      interfaces.wg0.allowedTCPPorts = [ config.my.servers.nextcloud.port ];
    };
    wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
      ips = [ "${config.my.ips.wg-server}/32" ];
      privateKeyFile = config.sops.secrets."server/private".path;
@@ -86,6 +86,10 @@ in
        }
      ];
    };
    firewall = {
      allowedUDPPorts = config.networking.firewall.allowedTCPPorts;
      interfaces.wg0.allowedTCPPorts = [ config.my.servers.nextcloud.port ];
    };
  };
  users.users.jawz.packages = builtins.attrValues {
    inherit (pkgs) podman-compose attic-client;
@@ -116,8 +120,7 @@ in
      vpsHost = "lidarr-reports@${config.my.ips.vps}";
      vpsPath = "/var/www/html/lidarr-mb-gap";
      sshKeyFile = config.sops.secrets."private_keys/lidarr-mb-gap".path;
-      sshKnownHosts = {
+      sshKnownHosts.vps = {
        vps = {
        hostNames = [
          config.my.ips.vps
          "[${config.my.ips.vps}]:3456"
@@ -126,5 +129,4 @@ in
      };
    };
  };
  };
 }
--- a/hosts/server/hardware-configuration.nix
+++ b/hosts/server/hardware-configuration.nix
@@ -84,8 +84,6 @@ in
  };
  fileSystems = {
    "/" = {
      device = "/dev/mapper/nvme";
      fsType = "btrfs";
      options = [
        "subvol=nix"
        "ssd"
@@ -96,10 +94,10 @@ in
        "datacow"
        "noatime"
      ];
    };
    "/home" = {
      device = "/dev/mapper/nvme";
      fsType = "btrfs";
    };
    "/home" = {
      options = [
        "subvol=home"
        "ssd"
@@ -109,19 +107,19 @@ in
        "commit=120"
        "datacow"
      ];
      device = "/dev/mapper/nvme";
      fsType = "btrfs";
    };
    "/boot" = {
      options = [ "nofail" ];
      device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156";
      fsType = "ext4";
      options = [ "nofail" ];
    };
    "/boot/efi" = {
      device = "/dev/disk/by-uuid/CBE7-5DEB";
      fsType = "vfat";
    };
    "/srv/pool" = {
      device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
      fsType = "btrfs";
      options = [
        "subvol=@data"
        "compress=zstd:3"
@@ -129,34 +127,36 @@ in
        "commit=120"
        "datacow"
      ];
      device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
      fsType = "btrfs";
      depends = [ "/boot/efi" ];
    };
    "/var/lib/nextcloud/data" = {
      device = "/srv/pool/nextcloud";
      options = [ "bind" ];
      device = "/srv/pool/nextcloud";
      depends = [ "/srv/pool" ];
    };
    "/srv/jellyfin/media" = {
      device = "/srv/pool/multimedia/media";
      options = [
        "bind"
        "ro"
      ];
      device = "/srv/pool/multimedia/media";
      depends = [ "/srv/pool" ];
    };
    "/export/pool" = {
      device = "/srv/pool";
      options = [ "bind" ];
      device = "/srv/pool";
      depends = [ "/srv/pool" ];
    };
    "/export/jawz" = {
      device = "/home/jawz";
      options = [ "bind" ];
      device = "/home/jawz";
      depends = [ "/srv/pool" ];
    };
    "/export/backups" = {
      device = "/srv/backups";
      options = [ "bind" ];
      device = "/srv/backups";
      depends = [ "/srv/pool" ];
    };
  };
--- a/hosts/server/toggles.nix
+++ b/hosts/server/toggles.nix
@@ -4,20 +4,8 @@ let
  mkEnabledIp = inputs.self.lib.mkEnabledIp config.my.ips.wg-server;
 in
 {
  emacs = {
    enable = true;
    users = "jawz";
  };
  stylix = {
    enable = true;
    users = "jawz";
  };
  enableProxy = true;
  enableContainers = true;
  apps.dictionaries = {
    enable = true;
    users = "jawz";
  };
  shell = enableList mkEnabledWithUsers [
    "multimedia"
    "tools"
@@ -93,4 +81,16 @@ in
    "plausible"
    "vaultwarden"
  ];
  emacs = {
    enable = true;
    users = "jawz";
  };
  stylix = {
    enable = true;
    users = "jawz";
  };
  apps.dictionaries = {
    enable = true;
    users = "jawz";
  };
 }
--- a/hosts/vps/configuration.nix
+++ b/hosts/vps/configuration.nix
@@ -70,13 +70,30 @@ in
        ];
      };
    };
  image.modules.linode = { };
  environment.systemPackages = [ ];
  security.sudo-rs.extraRules = [
    {
      users = [ "nixremote" ];
      commands = [
        {
          options = [ "NOPASSWD" ];
          command = "/run/current-system/sw/bin/nixos-rebuild";
        }
      ];
    }
  ];
  systemd.tmpfiles.rules = [
    "d /var/www/html 2775 deploy www-data -"
    "d /var/www/html/portfolio 2775 deploy www-data -"
    "d /var/www/html/blog 2775 deploy www-data -"
    "d /var/www/html/lidarr-mb-gap 2775 lidarr-reports lidarr-reports -"
  ];
  sops.age = {
    generateKey = true;
    keyFile = "/var/lib/sops-nix/key.txt";
    sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  };
  image.modules.linode = { };
  environment.systemPackages = [ ];
  networking = {
    hostName = "vps";
    nat = {
@@ -137,23 +154,6 @@ in
      '';
    };
  };
  security.sudo-rs.extraRules = [
    {
      users = [ "nixremote" ];
      commands = [
        {
          command = "/run/current-system/sw/bin/nixos-rebuild";
          options = [ "NOPASSWD" ];
        }
      ];
    }
  ];
  systemd.tmpfiles.rules = [
    "d /var/www/html 2775 deploy www-data -"
    "d /var/www/html/portfolio 2775 deploy www-data -"
    "d /var/www/html/blog 2775 deploy www-data -"
    "d /var/www/html/lidarr-mb-gap 2775 lidarr-reports lidarr-reports -"
  ];
  services = {
    smartd.enable = lib.mkForce false;
    openssh.ports = [ ports.ssh ];
--- a/hosts/vps/toggles.nix
+++ b/hosts/vps/toggles.nix
@@ -41,10 +41,6 @@ let
  secureToggles = {
    enableProxy = true;
    enableContainers = true;
    websites = {
      portfolio.enableProxy = true;
      lidarrMbReport.enableProxy = true;
    };
    servers =
      enableList mkEnabledWithProxy [
        "isso"
@@ -78,6 +74,10 @@ let
        "vaultwarden"
        "yamtrack"
      ];
    websites = {
      portfolio.enableProxy = true;
      lidarrMbReport.enableProxy = true;
    };
  };
 in
 lib.mkMerge [
--- a/hosts/workstation/configuration.nix
+++ b/hosts/workstation/configuration.nix
@@ -25,14 +25,18 @@ in
    ../../environments/gnome.nix
  ];
  my = import ./toggles.nix { inherit inputs; } // {
-    nix.cores = 8;
+    nix = {
-    nix.maxJobs = 8;
+      cores = 8;
-    users.nixremote.enable = true;
+      maxJobs = 8;
-    users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
+    };
    users.nixremote = {
      enable = true;
      authorizedKeys = inputs.self.lib.getSshKeys [
        "nixserver"
        "nixminiserver"
      ];
    };
  };
  sops.secrets."workstation/private" = lib.mkIf config.my.secureHost {
    sopsFile = ../../secrets/wireguard.yaml;
  };
@@ -53,6 +57,21 @@ in
  };
  networking = {
    hostName = "workstation";
    wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
      ips = [ "${config.my.ips.wg-workstation}/32" ];
      privateKeyFile = config.sops.secrets."workstation/private".path;
      peers = [
        {
          publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
          endpoint = "${config.my.ips.vps}:51820";
          persistentKeepalive = 25;
          allowedIPs = [
            "${config.my.ips.wg-vps}/32"
            config.my.subnets.wg-homelab
          ];
        }
      ];
    };
    firewall = {
      allowedTCPPorts = [
        config.my.ports.nsUsbloader
@@ -80,21 +99,6 @@ in
        }
      '';
    };
    wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
      ips = [ "${config.my.ips.wg-workstation}/32" ];
      privateKeyFile = config.sops.secrets."workstation/private".path;
      peers = [
        {
          publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
          endpoint = "${config.my.ips.vps}:51820";
          persistentKeepalive = 25;
          allowedIPs = [
            "${config.my.ips.wg-vps}/32"
            config.my.subnets.wg-homelab
          ];
        }
      ];
    };
  };
  users = {
    groups.ai = { };
--- a/hosts/workstation/hardware-configuration.nix
+++ b/hosts/workstation/hardware-configuration.nix
@@ -87,17 +87,16 @@ in
  fileSystems =
    let
      nfsMount = server: nfsDisk: {
        device = "${server}:/${nfsDisk}";
        fsType = "nfs";
        options = [
          "x-systemd.automount"
          "noauto"
          "x-systemd.idle-timeout=600"
        ];
        device = "${server}:/${nfsDisk}";
        fsType = "nfs";
      };
      btrfsMount = device: subvol: extraOpts: {
        inherit device;
        fsType = "btrfs";
        options = extraOpts ++ [
          "subvol=${subvol}"
          "ssd"
@@ -107,6 +106,7 @@ in
          "commit=120"
          "datacow"
        ];
        fsType = "btrfs";
      };
      trashOptions = [
        "x-gvfs-trash"
--- a/hosts/workstation/toggles.nix
+++ b/hosts/workstation/toggles.nix
@@ -3,14 +3,6 @@ let
  inherit (inputs.self.lib) mkEnabled mkEnabledWithUsers enableList;
 in
 {
  stylix = {
    enable = true;
    users = "jawz";
  };
  emacs = {
    enable = true;
    users = "jawz";
  };
  enableContainers = true;
  servers.drpp.enable = true;
  apps =
@@ -52,4 +44,12 @@ in
    "ffmpeg4discord"
    "update-org-agenda-cache"
  ];
  stylix = {
    enable = true;
    users = "jawz";
  };
  emacs = {
    enable = true;
    users = "jawz";
  };
 }
--- a/modules/apps/art.nix
+++ b/modules/apps/art.nix
@@ -37,6 +37,7 @@ let
 in
 {
  options.my = {
    dev.gameDev.enable = lib.mkEnableOption "game development tools and engines";
    apps.art = {
      enable = lib.mkEnableOption "digital art and creative applications";
      users = lib.mkOption {
@@ -45,7 +46,6 @@ in
        description = "Users to install art packages for";
      };
    };
    dev.gameDev.enable = lib.mkEnableOption "game development tools and engines";
  };
  config.users.users =
    let
--- a/modules/apps/gaming.nix
+++ b/modules/apps/gaming.nix
@@ -21,8 +21,8 @@ let
  );
 in
 {
  imports = [ inputs.nix-gaming.nixosModules.platformOptimizations ];
  options.my.apps = {
    switch.enable = lib.mkEnableOption "Nintendo Switch homebrew tools";
    gaming = {
      enable = lib.mkEnableOption "gaming applications and emulators";
      users = lib.mkOption {
@@ -31,8 +31,8 @@ in
        description = "Users to install gaming packages for";
      };
    };
    switch.enable = lib.mkEnableOption "Nintendo Switch homebrew tools";
  };
  imports = [ inputs.nix-gaming.nixosModules.platformOptimizations ];
  config = lib.mkIf config.my.apps.gaming.enable {
    # sops.secrets.switch-presence = lib.mkIf config.my.apps.gaming.switch.enable {
    #   sopsFile = ../../secrets/env.yaml;
@@ -40,16 +40,6 @@ in
    #   owner = config.users.users.jawz.name;
    #   inherit (config.users.users.jawz) group;
    # };
    programs = {
      gamemode.enable = true;
      steam = {
        enable = true;
        gamescopeSession.enable = true;
        remotePlay.openFirewall = true;
        dedicatedServer.openFirewall = true;
        platformOptimizations.enable = true;
      };
    };
    services = lib.mkIf config.my.apps.switch.enable {
      switch-boot.enable = true;
      # switch-presence = {
@@ -80,5 +70,15 @@ in
        };
      in
      inputs.self.lib.mkUserPackages lib config.my.apps.gaming.users packages;
    programs = {
      gamemode.enable = true;
      steam = {
        enable = true;
        gamescopeSession.enable = true;
        remotePlay.openFirewall = true;
        dedicatedServer.openFirewall = true;
        platformOptimizations.enable = true;
      };
    };
  };
 }
--- a/modules/apps/internet/home.nix
+++ b/modules/apps/internet/home.nix
@@ -19,6 +19,13 @@ let
    ];
  };
  cfg = config.my.apps.internet;
  krisp-patch = builtins.readFile (
    pkgs.fetchurl {
      url = "https://pastebin.com/raw/8tQDsMVd";
      sha256 = "sha256-IdXv0MfRG1/1pAAwHLS2+1NESFEz2uXrbSdvU9OvdJ8=";
    }
  );
  krisp-patcher = pkgs.writers.writePython3Bin "krisp-patcher" krisp-settings krisp-patch;
  krisp-settings = {
    libraries = builtins.attrValues {
      inherit (pkgs.python3Packages)
@@ -32,13 +39,6 @@ let
      "F405"
    ];
  };
  krisp-patch = builtins.readFile (
    pkgs.fetchurl {
      url = "https://pastebin.com/raw/8tQDsMVd";
      sha256 = "sha256-IdXv0MfRG1/1pAAwHLS2+1NESFEz2uXrbSdvU9OvdJ8=";
    }
  );
  krisp-patcher = pkgs.writers.writePython3Bin "krisp-patcher" krisp-settings krisp-patch;
 in
 {
  options.my.apps.internet.enable = lib.mkEnableOption "internet browsers and communication apps";
--- a/modules/dev/cc/common.nix
+++ b/modules/dev/cc/common.nix
@@ -1,19 +1,20 @@
 { pkgs }:
 let
-  packages = builtins.attrValues {
+  basePackages = builtins.attrValues {
    inherit (pkgs)
      clang
      clang-tools
      gcc
      gdb
      valgrind
      ;
  };
  homePackages = basePackages;
  devShellPackages = basePackages ++ [ pkgs.clang ];
 in
 {
-  inherit packages;
+  inherit devShellPackages homePackages;
  devShell = pkgs.mkShell {
-    inherit packages;
+    packages = devShellPackages;
    name = "cc-dev-shell";
    shellHook = ''
      echo "🔧 C/C++ dev environment"
--- a/modules/dev/cc/home.nix
+++ b/modules/dev/cc/home.nix
@@ -28,7 +28,7 @@ in
      my.dev.cc.enable = lib.mkDefault hm.enabledByDefault;
    }
    (lib.mkIf cfg.enable {
-      home.packages = feature.packages;
+      home.packages = feature.homePackages;
    })
  ];
 }
--- a/modules/dev/cc/nixos.nix
+++ b/modules/dev/cc/nixos.nix
@@ -10,6 +10,11 @@ let
 in
 {
  options = {
    devShells.cc = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "C/C++ development shell";
    };
    my.dev.cc = {
      enable = lib.mkEnableOption "Install C/C++ tooling globally";
      users = lib.mkOption {
@@ -18,10 +23,5 @@ in
        description = "Users to install C/C++ packages for";
      };
    };
    devShells.cc = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "C/C++ development shell";
    };
  };
 }
--- a/modules/dev/docker/home.nix
+++ b/modules/dev/docker/home.nix
@@ -28,8 +28,10 @@ in
      my.dev.docker.enable = lib.mkDefault hm.enabledByDefault;
    }
    (lib.mkIf cfg.enable {
-      home.packages = feature.packages;
+      home = {
-      home.sessionVariables.DOCKER_CONFIG = "${config.xdg.configHome}/docker";
+        inherit (feature) packages;
        sessionVariables.DOCKER_CONFIG = "${config.xdg.configHome}/docker";
      };
    })
  ];
 }
--- a/modules/dev/docker/nixos.nix
+++ b/modules/dev/docker/nixos.nix
@@ -10,6 +10,11 @@ let
 in
 {
  options = {
    devShells.docker = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "Docker and Dockerfile tooling shell";
    };
    my.dev.docker = {
      enable = lib.mkEnableOption "Install Docker tooling globally";
      users = lib.mkOption {
@@ -18,10 +23,5 @@ in
        description = "Users to install Docker packages for";
      };
    };
    devShells.docker = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "Docker and Dockerfile tooling shell";
    };
  };
 }
--- a/modules/dev/emacs/common.nix
+++ b/modules/dev/emacs/common.nix
@@ -24,8 +24,20 @@ let
      inherit (pkgs) xdotool;
    }
  );
  doomDir = ../../../dotfiles/doom;
  templateFiles = {
    "events.org" = ../../../dotfiles/doom/templates/events.org;
    "default.org" = ../../../dotfiles/doom/templates/default.org;
    "programming.org" = ../../../dotfiles/doom/templates/programming.org;
  };
  templateDataFiles = {
    "doom/templates/events.org".source = templateFiles."events.org";
    "doom/templates/default.org".source = templateFiles."default.org";
    "doom/templates/programming.org".source = templateFiles."programming.org";
  };
 in
 {
  inherit doomDir templateDataFiles templateFiles;
  packages =
    linuxWindowPackages
    ++ clipboardPackages
--- a/modules/dev/emacs/home.nix
+++ b/modules/dev/emacs/home.nix
@@ -25,19 +25,15 @@ let
  };
 in
 {
  imports = [ inputs.doom-emacs.homeModule ];
  options.my.emacs.enable = lib.mkEnableOption "Doom Emacs configuration";
  imports = [ inputs.doom-emacs.homeModule ];
  config = lib.mkMerge [
    {
      my.emacs.enable = lib.mkDefault hm.enabledByDefault;
    }
    (lib.mkIf cfg.enable {
      home.packages = emacs.packages;
-      xdg.dataFile = {
+      xdg.dataFile = emacs.templateDataFiles;
        "doom/templates/events.org".source = ../../../dotfiles/doom/templates/events.org;
        "doom/templates/default.org".source = ../../../dotfiles/doom/templates/default.org;
        "doom/templates/programming.org".source = ../../../dotfiles/doom/templates/programming.org;
      };
      services = {
        lorri.enable = pkgs.stdenv.isLinux;
        emacs = {
@@ -51,7 +47,7 @@ in
      };
      programs.doom-emacs = {
        enable = true;
-        doomDir = ../../../dotfiles/doom;
+        inherit (emacs) doomDir;
        doomLocalDir = "${config.xdg.dataHome}/nix-doom";
        tangleArgs = "--all config.org";
        inherit (emacs) extraPackages;
--- a/modules/dev/emacs/portable.nix
+++ b/modules/dev/emacs/portable.nix
@@ -0,0 +1,109 @@
 {
  inputs,
  pkgs,
  ...
 }:
 let
  emacs = import ./common.nix {
    inherit pkgs;
    lib = pkgs.lib;
    stylixEnabled = false;
    emacsExtraConfig = "";
    emacsExtraPackages = _epkgs: [ ];
  };
  portableFonts =
    let
      customFonts = pkgs.stdenvNoCC.mkDerivation {
        name = "portable-emacs-fonts";
        src = inputs.fonts;
        installPhase = ''
          mkdir -p $out/share/fonts
          find $src -type f \( \
            -name "*.ttf" -o \
            -name "*.otf" -o \
            -name "*.woff" -o \
            -name "*.woff2" \
          \) -exec cp {} $out/share/fonts/ \;
        '';
      };
    in
    builtins.attrValues {
      inherit customFonts;
      inherit (pkgs.nerd-fonts)
        comic-shanns-mono
        iosevka
        caskaydia-cove
        ;
    };
  portableHome = inputs.home-manager.lib.homeManagerConfiguration {
    inherit pkgs;
    modules = [
      ../../../modules/home-manager.nix
      ../../../config/home-manager.nix
      {
        programs.home-manager.enable = true;
        nixpkgs.config.allowUnfree = true;
        home = {
          username = "portable";
          homeDirectory = if pkgs.stdenv.isDarwin then "/Users/portable" else "/home/portable";
          stateVersion = "23.05";
        };
        my = {
          emacs.enable = true;
          shell.tools.enable = true;
          dev = {
            nix.enable = true;
            python.enable = true;
            sh.enable = true;
          };
        };
      }
    ];
    extraSpecialArgs = {
      inherit inputs;
      outputs = inputs.self;
      osConfig = null;
      preferredShell = "zsh";
      userEmail = "danilo.reyes.251@proton.me";
    };
  };
  templateFarm = pkgs.linkFarm "portable-emacs-templates" (
    builtins.attrNames emacs.templateFiles
    |> map (name: {
      inherit name;
      path = emacs.templateFiles.${name};
    })
  );
  fontConfig = pkgs.makeFontsConf {
    fontDirectories = map (font: "${font}/share/fonts") portableFonts;
  };
  package = pkgs.writeShellApplication {
    name = "doom-emacs";
    runtimeInputs = [
      portableHome.config.programs.doom-emacs.finalEmacsPackage
    ]
    ++ portableHome.config.home.packages;
    text = ''
      export HOME="''${HOME:?HOME must be set}"
      export XDG_CONFIG_HOME="''${XDG_CONFIG_HOME:-$HOME/.config}"
      export XDG_CACHE_HOME="''${XDG_CACHE_HOME:-$HOME/.cache}"
      export XDG_STATE_HOME="''${XDG_STATE_HOME:-$HOME/.local/state}"
      export XDG_DATA_HOME="''${XDG_DATA_HOME:-$HOME/.local/share}"
      export DOOMDIR="${emacs.doomDir}"
      export DOOMLOCALDIR="$XDG_DATA_HOME/nix-doom"
      export FONTCONFIG_FILE="${fontConfig}"
      mkdir -p "$XDG_DATA_HOME/doom/templates" "$DOOMLOCALDIR" "$XDG_CACHE_HOME" "$XDG_STATE_HOME"
      ln -sfn "${templateFarm}/events.org" "$XDG_DATA_HOME/doom/templates/events.org"
      ln -sfn "${templateFarm}/default.org" "$XDG_DATA_HOME/doom/templates/default.org"
      ln -sfn "${templateFarm}/programming.org" "$XDG_DATA_HOME/doom/templates/programming.org"
      exec ${portableHome.config.programs.doom-emacs.finalEmacsPackage}/bin/emacs "$@"
    '';
  };
 in
 {
  inherit package;
  app = {
    type = "app";
    program = "${package}/bin/doom-emacs";
  };
 }
--- a/modules/dev/go/common.nix
+++ b/modules/dev/go/common.nix
@@ -1,22 +1,24 @@
 { pkgs }:
 let
-  packages = builtins.attrValues {
+  basePackages = builtins.attrValues {
    inherit (pkgs)
      go
      gocode-gomod
      gotools
      gore
      gotests
      gomodifytags
      golangci-lint
      ;
  };
  homePackages = basePackages;
  devShellPackages = basePackages ++ [ pkgs.gotools ];
  GOPATH = "\${XDG_DATA_HOME:-\$HOME/.local/share}/go";
 in
 {
-  inherit packages GOPATH;
+  inherit devShellPackages homePackages GOPATH;
  devShell = pkgs.mkShell {
-    inherit packages GOPATH;
+    packages = devShellPackages;
    inherit GOPATH;
    name = "go-dev-shell";
    shellHook = ''
      echo "🐹 Go dev environment"
--- a/modules/dev/go/home.nix
+++ b/modules/dev/go/home.nix
@@ -28,8 +28,10 @@ in
      my.dev.go.enable = lib.mkDefault hm.enabledByDefault;
    }
    (lib.mkIf cfg.enable {
-      home.packages = feature.packages;
+      home = {
-      home.sessionVariables.GOPATH = "${config.xdg.dataHome}/go";
+        packages = feature.homePackages;
        sessionVariables.GOPATH = "${config.xdg.dataHome}/go";
      };
    })
  ];
 }
--- a/modules/dev/go/nixos.nix
+++ b/modules/dev/go/nixos.nix
@@ -10,6 +10,11 @@ let
 in
 {
  options = {
    devShells.go = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "Go development shell with Emacs tooling, REPL, formatter, and linter";
    };
    my.dev.go = {
      enable = lib.mkEnableOption "Install Go tooling globally";
      users = lib.mkOption {
@@ -18,10 +23,5 @@ in
        description = "Users to install Go packages for";
      };
    };
    devShells.go = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "Go development shell with Emacs tooling, REPL, formatter, and linter";
    };
  };
 }
--- a/modules/dev/haskell/home.nix
+++ b/modules/dev/haskell/home.nix
@@ -28,12 +28,14 @@ in
      my.dev.haskell.enable = lib.mkDefault hm.enabledByDefault;
    }
    (lib.mkIf cfg.enable {
-      home.packages = feature.packages;
+      home = {
-      home.sessionVariables = {
+        inherit (feature) packages;
        sessionVariables = {
          CABAL_DIR = "${config.xdg.cacheHome}/cabal";
          STACK_ROOT = "${config.xdg.dataHome}/stack";
          GHCUP_USE_XDG_DIRS = "true";
        };
      };
    })
  ];
 }
--- a/modules/dev/haskell/nixos.nix
+++ b/modules/dev/haskell/nixos.nix
@@ -10,6 +10,11 @@ let
 in
 {
  options = {
    devShells.haskell = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "Haskell development shell";
    };
    my.dev.haskell = {
      enable = lib.mkEnableOption "Install Haskell tooling globally";
      users = lib.mkOption {
@@ -18,10 +23,5 @@ in
        description = "Users to install Haskell packages for";
      };
    };
    devShells.haskell = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "Haskell development shell";
    };
  };
 }
--- a/modules/dev/javascript/common.nix
+++ b/modules/dev/javascript/common.nix
@@ -14,12 +14,12 @@ in
      echo "📦 JavaScript dev environment"
    '';
  };
  sessionVariables = {
    NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
    PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
  };
  sessionPath = [
    "\${XDG_DATA_HOME}/npm/bin"
    "\${XDG_DATA_HOME}/pnpm"
  ];
  sessionVariables = {
    NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
    PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
  };
 }
--- a/modules/dev/javascript/nixos.nix
+++ b/modules/dev/javascript/nixos.nix
@@ -10,6 +10,11 @@ let
 in
 {
  options = {
    devShells.javascript = lib.mkOption {
      type = lib.types.package;
      default = javascript.devShell;
      description = "JavaScript/Node development shell with npm/pnpm support";
    };
    my.dev.javascript = {
      enable = lib.mkEnableOption "Install JavaScript tooling globally";
      users = lib.mkOption {
@@ -18,10 +23,5 @@ in
        description = "Users to install JavaScript packages for";
      };
    };
    devShells.javascript = lib.mkOption {
      type = lib.types.package;
      default = javascript.devShell;
      description = "JavaScript/Node development shell with npm/pnpm support";
    };
  };
 }
--- a/modules/dev/julia/nixos.nix
+++ b/modules/dev/julia/nixos.nix
@@ -10,6 +10,11 @@ let
 in
 {
  options = {
    devShells.julia = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "Julia development shell";
    };
    my.dev.julia = {
      enable = lib.mkEnableOption "Install Julia globally";
      users = lib.mkOption {
@@ -18,10 +23,5 @@ in
        description = "Users to install Julia packages for";
      };
    };
    devShells.julia = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "Julia development shell";
    };
  };
 }
--- a/modules/dev/mcp/nixos.nix
+++ b/modules/dev/mcp/nixos.nix
@@ -10,6 +10,11 @@ let
 in
 {
  options = {
    devShells.mcp = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "MCP dev shell for this repo";
    };
    my.dev.mcp = {
      enable = lib.mkEnableOption "Install MCP tooling globally";
      users = lib.mkOption {
@@ -18,10 +23,5 @@ in
        description = "Users to install MCP packages for";
      };
    };
    devShells.mcp = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "MCP dev shell for this repo";
    };
  };
 }
--- a/modules/dev/nix/nixos.nix
+++ b/modules/dev/nix/nixos.nix
@@ -13,6 +13,11 @@ let
 in
 {
  options = {
    devShells.nix = lib.mkOption {
      type = lib.types.package;
      default = nix.devShell;
      description = "Nix/NixOS development shell with formatter, linter, LSP, and Cachix";
    };
    my.dev.nix = {
      enable = lib.mkEnableOption "Install Nix tooling globally";
      users = lib.mkOption {
@@ -21,10 +26,5 @@ in
        description = "Users to install Nix packages for";
      };
    };
    devShells.nix = lib.mkOption {
      type = lib.types.package;
      default = nix.devShell;
      description = "Nix/NixOS development shell with formatter, linter, LSP, and Cachix";
    };
  };
 }
--- a/modules/dev/python/nixos.nix
+++ b/modules/dev/python/nixos.nix
@@ -10,6 +10,10 @@ let
 in
 {
  options = {
    devShells.python = lib.mkOption {
      type = lib.types.package;
      default = python.devShell;
    };
    my.dev.python = {
      enable = lib.mkEnableOption "Install Python tools globally";
      users = lib.mkOption {
@@ -18,9 +22,5 @@ in
        description = "Users to install Python packages for";
      };
    };
    devShells.python = lib.mkOption {
      type = lib.types.package;
      default = python.devShell;
    };
  };
 }
--- a/modules/dev/ruby/home.nix
+++ b/modules/dev/ruby/home.nix
@@ -28,12 +28,14 @@ in
      my.dev.ruby.enable = lib.mkDefault hm.enabledByDefault;
    }
    (lib.mkIf cfg.enable {
-      home.packages = feature.packages;
+      home = {
-      home.sessionVariables = {
+        inherit (feature) packages;
        sessionVariables = {
          GEM_HOME = "${config.xdg.dataHome}/ruby/gems";
          GEM_PATH = "${config.xdg.dataHome}/ruby/gems";
          GEM_SPEC_CACHE = "${config.xdg.dataHome}/ruby/specs";
        };
      };
    })
  ];
 }
--- a/modules/dev/ruby/nixos.nix
+++ b/modules/dev/ruby/nixos.nix
@@ -10,6 +10,11 @@ let
 in
 {
  options = {
    devShells.ruby = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "Ruby development shell with interpreter and Solargraph LSP";
    };
    my.dev.ruby = {
      enable = lib.mkEnableOption "Install Ruby tooling globally";
      users = lib.mkOption {
@@ -18,10 +23,5 @@ in
        description = "Users to install Ruby packages for";
      };
    };
    devShells.ruby = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "Ruby development shell with interpreter and Solargraph LSP";
    };
  };
 }
--- a/modules/dev/rust/home.nix
+++ b/modules/dev/rust/home.nix
@@ -28,8 +28,10 @@ in
      my.dev.rust.enable = lib.mkDefault hm.enabledByDefault;
    }
    (lib.mkIf cfg.enable {
-      home.packages = feature.packages;
+      home = {
-      home.sessionVariables.CARGO_HOME = "${config.xdg.dataHome}/cargo";
+        inherit (feature) packages;
        sessionVariables.CARGO_HOME = "${config.xdg.dataHome}/cargo";
      };
    })
  ];
 }
--- a/modules/dev/rust/nixos.nix
+++ b/modules/dev/rust/nixos.nix
@@ -10,6 +10,11 @@ let
 in
 {
  options = {
    devShells.rust = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "Rust development shell with cargo and rust-analyzer";
    };
    my.dev.rust = {
      enable = lib.mkEnableOption "Install Rust tooling globally";
      users = lib.mkOption {
@@ -18,10 +23,5 @@ in
        description = "Users to install Rust packages for";
      };
    };
    devShells.rust = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "Rust development shell with cargo and rust-analyzer";
    };
  };
 }
--- a/modules/dev/sh/nixos.nix
+++ b/modules/dev/sh/nixos.nix
@@ -10,6 +10,11 @@ let
 in
 {
  options = {
    devShells.sh = lib.mkOption {
      type = lib.types.package;
      default = sh.devShell;
      description = "Shell scripting dev shell";
    };
    my.dev.sh = {
      enable = lib.mkEnableOption "Install shell scripting tools globally";
      users = lib.mkOption {
@@ -18,10 +23,5 @@ in
        description = "Users to install shell scripting packages for";
      };
    };
    devShells.sh = lib.mkOption {
      type = lib.types.package;
      default = sh.devShell;
      description = "Shell scripting dev shell";
    };
  };
 }
--- a/modules/dev/zig/nixos.nix
+++ b/modules/dev/zig/nixos.nix
@@ -10,6 +10,11 @@ let
 in
 {
  options = {
    devShells.zig = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "Zig development shell with compiler and LSP";
    };
    my.dev.zig = {
      enable = lib.mkEnableOption "Install Zig tooling globally";
      users = lib.mkOption {
@@ -18,10 +23,5 @@ in
        description = "Users to install Zig packages for";
      };
    };
    devShells.zig = lib.mkOption {
      type = lib.types.package;
      default = feature.devShell;
      description = "Zig development shell with compiler and LSP";
    };
  };
 }
--- a/modules/factories/mkscript.nix
+++ b/modules/factories/mkscript.nix
@@ -65,7 +65,8 @@
      lib.mkMerge (
        lib.mapAttrsToList (user: packages: inputs.self.lib.mkUserPackages lib user packages) userMap
      );
-    systemd.user.services =
+    systemd.user = {
      services =
        config.my.scripts
        |> lib.mapAttrs' (
          _name: script:
@@ -86,7 +87,7 @@
            }
          )
        );
-    systemd.user.timers =
+      timers =
        config.my.scripts
        |> lib.mapAttrs' (
          _name: script:
@@ -102,4 +103,5 @@
          )
        );
    };
  };
 }
--- a/modules/modules.nix
+++ b/modules/modules.nix
@@ -53,6 +53,7 @@ in
    };
    ips = lib.mkOption {
      type = lib.types.attrsOf lib.types.str;
      description = "Set of IP's for all my computers.";
      default = {
        router = "192.168.100.1";
        server = "192.168.100.15";
@@ -73,35 +74,34 @@ in
        wg-friend5 = "10.8.0.6";
        wg-friend6 = "10.8.0.7";
      };
      description = "Set of IP's for all my computers.";
    };
    subnets = lib.mkOption {
      type = lib.types.attrsOf lib.types.str;
      description = "Set of subnets for WireGuard networks.";
      default = {
        wg-homelab = "10.77.0.0/24";
        wg-friends = "10.8.0.0/24";
        wg-guests = "10.9.0.0/24";
      };
      description = "Set of subnets for WireGuard networks.";
    };
    wgInterfaces = lib.mkOption {
      type = lib.types.attrsOf lib.types.str;
      description = "WireGuard interface IPs for the VPS.";
      default = {
        wg-homelab = "10.77.0.1/24";
        wg-friends = "10.8.0.1/24";
        wg-guests = "10.9.0.1/24";
      };
      description = "WireGuard interface IPs for the VPS.";
    };
    interfaces = lib.mkOption {
      type = lib.types.attrsOf lib.types.str;
      description = "Set of network interface names for all my computers.";
      default = {
        server = "enp0s31f6";
        miniserver = "enp2s0";
        workstation = "enp5s0";
        vps = "eth0";
      };
      description = "Set of network interface names for all my computers.";
    };
    mainServer = lib.mkOption {
      type = lib.types.str;
@@ -130,6 +130,7 @@ in
    };
    ports = lib.mkOption {
      type = lib.types.attrsOf lib.types.port;
      description = "Common port assignments for local services and firewall rules.";
      default = {
        comfyui = 8188;
        giteaSsh = 22;
@@ -147,7 +148,6 @@ in
        wg = 51820;
        ssh = 3456;
      };
      description = "Common port assignments for local services and firewall rules.";
    };
    email = lib.mkOption {
      type = lib.types.str;
@@ -168,6 +168,7 @@ in
    };
    toggleUsers = lib.mkOption {
      type = lib.types.attrsOf (lib.types.either lib.types.str (lib.types.listOf lib.types.str));
      description = "Map toggle categories to users. Can be a single user (string) or multiple users (list). Determines which user(s) get packages from each toggle category.";
      default = {
        apps = "jawz";
        dev = "jawz";
@@ -176,7 +177,6 @@ in
        services = "jawz";
        stylix = "jawz";
      };
      description = "Map toggle categories to users. Can be a single user (string) or multiple users (list). Determines which user(s) get packages from each toggle category.";
      example = {
        apps = "jawz";
        dev = "bearded_dragonn";
--- a/modules/nix/build.nix
+++ b/modules/nix/build.nix
@@ -30,8 +30,8 @@
      description = "Maximum number of parallel jobs (null = auto-detect)";
    };
  };
-  config = {
+  config.nix = {
-    nix.settings = lib.mkMerge [
+    settings = lib.mkMerge [
      {
        system-features = config.my.nix.features;
      }
@@ -42,6 +42,6 @@
        max-jobs = config.my.nix.maxJobs;
      })
    ];
-    nix.buildMachines = lib.mkIf (config.my.nix.buildMachines != [ ]) config.my.nix.buildMachines;
+    buildMachines = lib.mkIf (config.my.nix.buildMachines != [ ]) config.my.nix.buildMachines;
  };
 }
--- a/modules/scripts/download/home.nix
+++ b/modules/scripts/download/home.nix
@@ -12,8 +12,8 @@ let
    inputs.self.lib.hmOnlyUser config osConfig "jawz"
    && (osConfig.my.units.download.enable || osConfig.my.units.downloadManga.enable);
  download = import ./common.nix {
    config = if osConfig == null then { } else osConfig;
    inherit inputs lib pkgs;
    config = if osConfig == null then { } else osConfig;
  };
 in
 {
--- a/modules/servers/drpp.nix
+++ b/modules/servers/drpp.nix
@@ -11,13 +11,13 @@ in
  options.my.servers.drpp = setup.mkOptions "drpp" "drpp" 0;
  config.virtualisation.oci-containers.containers.drpp = lib.mkIf cfg.enable {
    image = "ghcr.io/phin05/discord-rich-presence-plex:latest";
    environment = {
      DRPP_UID = toString config.users.users.jawz.uid;
      DRPP_GID = toString config.users.groups.users.gid;
    };
    volumes = [
      "${config.my.containerData}/drpp:/app/data"
      "/run/user/${toString config.users.users.jawz.uid}:/run/app"
    ];
    environment = {
      DRPP_UID = toString config.users.users.jawz.uid;
      DRPP_GID = toString config.users.groups.users.gid;
    };
  };
 }
--- a/modules/servers/flame.nix
+++ b/modules/servers/flame.nix
@@ -15,9 +15,7 @@ in
    flameSecret = setup.mkOptions "flameSecret" "qampqwn4wprhqny8h8zj" 5007;
  };
  config = lib.mkIf enable {
-    sops.secrets = {
+    sops.secrets.flame.sopsFile = ../../secrets/env.yaml;
      flame.sopsFile = ../../secrets/env.yaml;
    };
    virtualisation.oci-containers.containers = lib.mkIf enable {
      flame = lib.mkIf cfg.enable {
        autoStart = true;
--- a/modules/servers/gitea.nix
+++ b/modules/servers/gitea.nix
@@ -9,11 +9,11 @@ let
  cfg = config.my.servers.gitea;
 in
 {
  options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083;
  imports = [
    ../nix/gitea-actions-runners/nixos.nix
    ../nix/gitea-actions-runners/docker.nix
  ];
  options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083;
  config = lib.mkIf (cfg.enable && config.my.secureHost) {
    sops.secrets.gitea.sopsFile = ../../secrets/env.yaml;
    users.groups.gitea.gid = 974;
--- a/modules/servers/homepage/service-widgets.nix
+++ b/modules/servers/homepage/service-widgets.nix
@@ -154,8 +154,8 @@
      icon = "${name}.png";
      href = url;
      widget = {
        type = name;
        inherit url;
        type = name;
        username = "{{HOMEPAGE_VAR_QBIT_USERNAME}}";
        password = "{{HOMEPAGE_VAR_QBIT_PASSWORD}}";
      };
@@ -169,8 +169,8 @@
      icon = "${name}.png";
      href = url;
      widget = {
        type = name;
        inherit url;
        type = name;
        key = "{{HOMEPAGE_VAR_SABNZBD}}";
      };
    };
@@ -231,9 +231,9 @@
      icon = "paperless.png";
      href = url;
      widget = {
        inherit url;
        type = name;
        key = "{{HOMEPAGE_VAR_PAPERLESS}}";
        inherit url;
        fields = [
          "total"
          "inbox"
@@ -262,9 +262,9 @@
      icon = "${name}.png";
      href = url;
      widget = {
        inherit url;
        type = name;
        key = "{{HOMEPAGE_VAR_STASH}}";
        inherit url;
        fields = [
          "scenes"
          "images"
--- a/modules/servers/homepage/widgets.nix
+++ b/modules/servers/homepage/widgets.nix
@@ -22,14 +22,12 @@
  {
    openweathermap = {
      label = "Apodaca";
      format.maximumFractionDigits = 1;
      latitude = 25.760339;
      longitude = -100.2190662;
      units = "metric";
      provider = "openweathermap";
      cache = 5;
      format = {
        maximumFractionDigits = 1;
      };
    };
  }
 ]
--- a/modules/servers/jellyfin.nix
+++ b/modules/servers/jellyfin.nix
@@ -54,11 +54,9 @@ in
        };
        timers.sub-sync = {
          enable = true;
          timerConfig.OnCalendar = "20:00";
          description = "syncronizes subtitles downloaded & modified today";
          wantedBy = [ "timers.target" ];
          timerConfig = {
            OnCalendar = "20:00";
          };
        };
      };
    })
--- a/modules/servers/lidarr.nix
+++ b/modules/servers/lidarr.nix
@@ -13,11 +13,6 @@ in
    autoStart = true;
    image = "linuxserver/lidarr:latest";
    ports = [ "${toString cfg.port}:${toString cfg.port}" ];
    environment = {
      TZ = config.my.timeZone;
      PUID = toString config.users.users.jawz.uid;
      PGID = toString config.users.groups.piracy.gid;
    };
    volumes = [
      "/srv/pool/multimedia:/data"
      "/srv/pool/multimedia/media/Music:/music"
@@ -31,5 +26,10 @@ in
    extraOptions = [
      "--network=host"
    ];
    environment = {
      TZ = config.my.timeZone;
      PUID = toString config.users.users.jawz.uid;
      PGID = toString config.users.groups.piracy.gid;
    };
  };
 }
--- a/modules/servers/maloja.nix
+++ b/modules/servers/maloja.nix
@@ -15,6 +15,7 @@ in
      image = "krateng/maloja:latest";
      ports = [ "${toString cfg.port}:${toString cfg.port}" ];
      environmentFiles = [ config.sops.secrets.maloja.path ];
      volumes = [ "${config.my.containerData}/maloja:/mljdata" ];
      environment = {
        TZ = config.my.timeZone;
        MALOJA_TIMEZONE = "-6";
@@ -23,7 +24,6 @@ in
        MALOJA_DATA_DIRECTORY = "/mljdata";
        MALOJA_SKIP_SETUP = "true";
      };
      volumes = [ "${config.my.containerData}/maloja:/mljdata" ];
    };
  };
 }
--- a/modules/servers/multi-scrobbler.nix
+++ b/modules/servers/multi-scrobbler.nix
@@ -15,6 +15,7 @@ in
      image = "foxxmd/multi-scrobbler:latest";
      ports = [ "${toString cfg.port}:${toString cfg.port}" ];
      environmentFiles = [ config.sops.secrets.multi-scrobbler.path ];
      volumes = [ "${config.my.containerData}/multi-scrobbler:/config" ];
      environment = {
        TZ = config.my.timeZone;
        PUID = toString config.users.users.jawz.uid;
@@ -25,7 +26,6 @@ in
        PLEX_URL = "http://192.168.100.15:32400";
        WS_ENABLE = "true";
      };
      volumes = [ "${config.my.containerData}/multi-scrobbler:/config" ];
    };
  };
 }
--- a/modules/servers/nextcloud.nix
+++ b/modules/servers/nextcloud.nix
@@ -21,8 +21,8 @@ let
      version = "12.70";
    in
    {
      pname = "Image-ExifTool";
      inherit version;
      pname = "Image-ExifTool";
      src = pkgs.fetchurl {
        url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz";
        hash = "sha256-TLJSJEXMPj870TkExq6uraX8Wl4kmNerrSlX3LQsr/4=";
@@ -54,7 +54,9 @@ in
        "openssl-1.1.1v"
      ];
      users = {
-        groups.nextcloud = { inherit gid; };
+        groups.nextcloud = {
          inherit gid;
        };
        users.nextcloud = {
          inherit uid;
          isSystemUser = true;
@@ -189,20 +191,24 @@ in
        go-vod = lib.mkIf config.my.servers.go-vod.enable {
          autoStart = true;
          image = "radialapps/go-vod:latest";
          volumes = [ "ncdata:/var/www/html:ro" ];
          extraOptions = [
            "--device=/dev/dri" # VA-API (omit for NVENC)
          ];
          environment = {
            TZ = config.my.timeZone;
            NEXTCLOUD_HOST = "https://${config.services.nextcloud.hostName}";
            NVIDIA_VISIBLE_DEVICES = "all";
          };
          volumes = [ "ncdata:/var/www/html:ro" ];
          extraOptions = [
            "--device=/dev/dri" # VA-API (omit for NVENC)
          ];
        };
        collabora = lib.mkIf cfgC.enable {
          autoStart = true;
          image = "collabora/code:latest";
          ports = [ "${toString cfgC.port}:${toString cfgC.port}" ];
          extraOptions = [
            "--cap-add"
            "MKNOD"
          ];
          environment = {
            TZ = config.my.timeZone;
            domain = cfg.host;
@@ -219,10 +225,6 @@ in
            DONT_GEN_SSL_CERT = "1";
            SLEEPFORDEBUGGER = "0";
          };
          extraOptions = [
            "--cap-add"
            "MKNOD"
          ];
        };
      };
      systemd = lib.mkIf cfg.enableCron {
@@ -248,11 +250,9 @@ in
        };
        timers.nextcloud-cronjob = {
          enable = true;
          timerConfig.OnCalendar = "*:0/10";
          description = "Runs various nextcloud-related cronjobs";
          wantedBy = [ "timers.target" ];
          timerConfig = {
            OnCalendar = "*:0/10";
          };
        };
      };
    })
--- a/modules/servers/qbittorrent.nix
+++ b/modules/servers/qbittorrent.nix
@@ -53,7 +53,9 @@ in
    my.network.firewall.additionalPorts = [ config.my.servers.qbittorrent.port ];
    home-manager.users.jawz.xdg.dataFile.vuetorrent.source = vuetorrent;
    home-manager.users.jawz.imports = [
-      ({ lib, ... }: {
+      (
        { lib, ... }:
        {
          home.activation.qbittorrentAutorunCommand = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
            conf=/home/jawz/.config/qBittorrent/qBittorrent.conf
            if [ -f "$conf" ]; then
@@ -62,7 +64,8 @@ in
                "$conf"
            fi
          '';
-      })
+        }
      )
    ];
    sops.secrets =
      let
@@ -96,16 +99,6 @@ in
      };
      user = {
        services = {
          qbit_manage = {
            restartIfChanged = true;
            description = "Tidy up my torrents";
            wantedBy = [ "default.target" ];
            serviceConfig = {
              Type = "oneshot";
              TimeoutStartSec = "5min";
              ExecStart = "${qbit_manageEnv}/bin/python ${qbit_manage}/qbit_manage.py -r -c /home/jawz/.config/qbit_manage/config.yml";
            };
          };
          unpackerr = lib.mkIf config.my.servers.unpackerr.enable {
            enable = true;
            restartIfChanged = true;
@@ -127,6 +120,16 @@ in
              ExecStart = "${pkgs.unpackerr}/bin/unpackerr";
            };
          };
          qbit_manage = {
            restartIfChanged = true;
            description = "Tidy up my torrents";
            wantedBy = [ "default.target" ];
            serviceConfig = {
              Type = "oneshot";
              TimeoutStartSec = "5min";
              ExecStart = "${qbit_manageEnv}/bin/python ${qbit_manage}/qbit_manage.py -r -c /home/jawz/.config/qbit_manage/config.yml";
            };
          };
        };
        timers.qbit_manage = {
          enable = true;
--- a/modules/servers/ryot.nix
+++ b/modules/servers/ryot.nix
@@ -15,13 +15,13 @@ in
      image = "ghcr.io/ignisda/ryot:v10";
      ports = [ "${toString cfg.port}:8000" ];
      environmentFiles = [ config.sops.secrets.ryot.path ];
      volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
      environment = {
        RUST_LOG = "ryot=debug,sea_orm=debug";
        TZ = config.my.timeZone;
        DATABASE_URL = "postgres:///ryot?host=${config.my.postgresSocket}";
        FRONTEND_INSECURE_COOKIES = "true";
      };
      volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
    };
  };
 }
--- a/modules/servers/synapse.nix
+++ b/modules/servers/synapse.nix
@@ -28,8 +28,12 @@ in
  config = lib.mkMerge [
    (lib.mkIf (cfg.enable && config.my.secureHost) {
      my.servers = {
-        synapse = { inherit domain; };
+        synapse = {
-        element = { inherit domain; };
+          inherit domain;
        };
        element = {
          inherit domain;
        };
      };
      users.groups.matrix-synapse = { inherit gid; };
      users.users.matrix-synapse = {
--- a/modules/servers/synctube.nix
+++ b/modules/servers/synctube.nix
@@ -17,8 +17,8 @@ let
      version ? "git",
    }:
    pkgs.stdenvNoCC.mkDerivation {
      name = "${libname}-${version}";
      inherit src;
      name = "${libname}-${version}";
      installPhase = ''
        runHook preInstall
        mkdir -p "$out/lib/haxe/${withCommas libname}/${withCommas version}"
--- a/modules/servers/vaultwarden.nix
+++ b/modules/servers/vaultwarden.nix
@@ -27,6 +27,7 @@ in
      package = pkgs.vaultwarden;
      environmentFile = config.sops.secrets.vaultwarden.path;
      config = {
        DOMAIN = cfg.url;
        # ROCKET_ADDRESS = "${config.my.localhost}"; # VPS
        ROCKET_ADDRESS = cfg.ip;
        ROCKET_PORT = cfg.port;
--- a/modules/servers/yamtrack.nix
+++ b/modules/servers/yamtrack.nix
@@ -18,6 +18,7 @@ in
        ports = [ "${toString cfg.port}:8000" ];
        dependsOn = [ "yamtrack-redis" ];
        environmentFiles = [ config.sops.secrets.yamtrack.path ];
        volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
        environment = {
          TZ = config.my.timeZone;
          URLS = cfg.url;
@@ -31,7 +32,6 @@ in
          REDIS_URL = "redis://yamtrack-redis:6379/0";
          SOCIAL_PROVIDERS = "allauth.socialaccount.providers.openid_connect";
        };
        volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
      };
    };
  };
--- a/modules/services/network.nix
+++ b/modules/services/network.nix
@@ -38,18 +38,6 @@ in
          "${config.my.localhost6}:53"
        ]
        ++ lib.optionals config.my.services.wireguard.enable wgListenAddrs;
        query_log = {
          file = "/var/lib/dnscrypt-proxy/query.log";
          format = "tsv";
        };
        sources.public-resolvers = {
          urls = [
            "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
            "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
          ];
          cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
          minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
        };
        server_names = [
          "adfilter-adl"
          "adfilter-adl-ipv6"
@@ -65,6 +53,18 @@ in
          "quad9-dnscrypt-ip6-filter-pri"
          "ibksturm"
        ];
        query_log = {
          file = "/var/lib/dnscrypt-proxy/query.log";
          format = "tsv";
        };
        sources.public-resolvers = {
          urls = [
            "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
            "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
          ];
          cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
          minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
        };
      };
    };
  };
--- a/modules/services/nvidia.nix
+++ b/modules/services/nvidia.nix
@@ -29,8 +29,10 @@
        open = config.networking.hostName == "workstation";
        package = config.boot.kernelPackages.nvidiaPackages.stable;
        modesetting.enable = true;
-        powerManagement.enable = true;
+        powerManagement = {
-        powerManagement.finegrained = false;
+          enable = true;
          finegrained = false;
        };
      };
    };
  };
--- a/modules/services/sound.nix
+++ b/modules/services/sound.nix
@@ -11,10 +11,12 @@
    security.rtkit.enable = true; # make pipewire realtime-capable
    services.pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
      wireplumber.enable = true;
      alsa = {
        enable = true;
        support32Bit = true;
      };
      # lowLatency = {
      #   enable = true;
      #   quantum = 64;
--- a/modules/services/syncthing.nix
+++ b/modules/services/syncthing.nix
@@ -49,10 +49,6 @@ in
          relaysEnabled = false;
          globalAnnounceEnabled = false;
        };
        gui = {
          user = "jawz";
          password = config.sops.secrets.syncthing_password.path;
        };
        devices =
          let
            mkWgDevice = name: id: {
@@ -75,6 +71,10 @@ in
            wg-friend4 = mkWgDevice "wg-friend4" "7YPUQ4Y-2UVEAXI-KBQVU7R-B6R5O36-GDQPTOY-3R3OG7H-BVWVOTD-EX52VQM";
            wg-friend6 = mkWgDevice "wg-friend6" "STQGYJV-YNFX6PB-NK63JBV-7HS74L4-AMF2QWA-KAFLXZA-3FELLSB-TE65ZQI";
          };
        gui = {
          user = "jawz";
          password = config.sops.secrets.syncthing_password.path;
        };
        folders = {
          cache = mkMobile "~/Downloads/cache/";
          friends = mkMobile "~/Pictures/Artist/friends/";
--- a/modules/websites/lidarr-mb-report.nix
+++ b/modules/websites/lidarr-mb-report.nix
@@ -11,9 +11,7 @@ let
  '';
 in
 {
-  options.my.websites.lidarrMbReport = {
+  options.my.websites.lidarrMbReport.enableProxy = lib.mkEnableOption "lidarr mb report static site";
    enableProxy = lib.mkEnableOption "lidarr mb report static site";
  };
  config = lib.mkIf (cfg.enableProxy && config.my.enableProxy) {
    services.nginx.virtualHosts."mb-report.lebubu.org" = {
      forceSSL = true;
--- a/modules/websites/portfolio.nix
+++ b/modules/websites/portfolio.nix
@@ -57,9 +57,7 @@ let
  };
 in
 {
-  options.my.websites.portfolio = {
+  options.my.websites.portfolio.enableProxy = lib.mkEnableOption "portfolio and blog static sites";
    enableProxy = lib.mkEnableOption "portfolio and blog static sites";
  };
  config = lib.mkIf (cfg.enableProxy && config.my.enableProxy) {
    services.nginx.virtualHosts = {
      "www.danilo-reyes.com" = {
--- a/parts/core.nix
+++ b/parts/core.nix
@@ -259,15 +259,15 @@ in
      mkEnabledIp = ip: name: {
        inherit name;
        value = {
          enable = true;
          inherit ip;
          enable = true;
        };
      };
      mkEnabledProxyIp = ip: name: {
        inherit name;
        value = {
          enableProxy = true;
          inherit ip;
          enableProxy = true;
        };
      };
      enableList = func: list: list |> map func |> builtins.listToAttrs;
--- a/parts/hosts.nix
+++ b/parts/hosts.nix
@@ -1,6 +1,10 @@
 { inputs, ... }:
 {
  flake = {
    homeConfigurations.mac = inputs.self.lib.createHomeConfig {
      name = "mac";
      system = "aarch64-darwin";
    };
    nixosConfigurations = {
      workstation = inputs.self.lib.createConfig "workstation" inputs.nixpkgs;
      miniserver = inputs.self.lib.createConfig "miniserver" inputs.nixpkgs-small;
@@ -9,9 +13,5 @@
      emacs = inputs.self.lib.createConfig "emacs" inputs.nixpkgs;
      vps = inputs.self.lib.createConfig "vps" inputs.nixpkgs-small;
    };
    homeConfigurations.mac = inputs.self.lib.createHomeConfig {
      name = "mac";
      system = "aarch64-darwin";
    };
  };
 }
--- a/parts/packages.nix
+++ b/parts/packages.nix
@@ -3,6 +3,9 @@
  perSystem =
    { system, pkgs, ... }:
    let
      portableEmacs = import ../modules/dev/emacs/portable.nix {
        inherit inputs pkgs;
      };
      mcpServerPkg = pkgs.python3Packages.buildPythonPackage {
        pname = "nixos-mcp-server";
        version = "0.1.0";
@@ -31,8 +34,10 @@
          (
            { lib, ... }:
            {
-              my.secureHost = lib.mkForce false;
+              my = {
-              my.build.baseImage = true;
+                secureHost = lib.mkForce false;
                build.baseImage = true;
              };
            }
          )
        ];
@@ -52,9 +57,11 @@
      };
    in
    {
      apps.doom-emacs = portableEmacs.app;
      packages =
        (inputs.jawz-scripts.packages.${system} or { })
        // {
          doom-emacs = portableEmacs.package;
          mcp-tests = mcpTests;
          nixos-mcp = nixosMcp;
          nixos-mcp-server = mcpServerPkg;
--- a/specs/001-ai-docs/research.md
+++ b/specs/001-ai-docs/research.md
@@ -49,3 +49,8 @@
 - **Decision**: Add a standalone `homeConfigurations.mac` target backed by `hosts/mac/home.nix` and `hosts/mac/toggles.nix`, reusing workstation-style dev and shell modules while excluding Linux GUI app modules.
 - **Rationale**: Lets the repo model an upcoming macOS machine without forcing NixOS host semantics onto a Home Manager-only system.
 - **Alternatives considered**: (a) Wait for the physical Mac and keep no target in the flake (rejected: delays validation and reuse work); (b) model the Mac as a fake NixOS host (rejected: does not match the intended deployment model).
 ## Decision 11 (2026-03-23): Canonical Nix nesting and ordering style
 - **Decision**: Standardize Nix structure so single-child attribute sets are flattened into dotted attrpaths, siblings that share a parent are merged into one nested attribute set, simple leaf assignments appear before nested attribute sets, `inherit` statements appear first within a set, boolean leaves appear before other leaves, and module bodies place `options` before `config`.
 - **Rationale**: This keeps modules scan-friendly, reduces unnecessary indentation, and makes the high-signal contract (`options`) appear before implementation (`config`) consistently across the repo.
 - **Alternatives considered**: (a) Leave structure to formatter defaults only (rejected: formatters do not enforce these semantic grouping rules); (b) prefer fully flattened attrpaths everywhere (rejected: harms readability once a parent has multiple children); (c) keep `config` before `options` when it was written first (rejected: makes module interfaces harder to scan).
Author	SHA1	Message	Date
NixOS Builder Bot	28cb84aa3f	Weekly flake update: 2026-03-23 22:38 UTC	2026-03-23 16:38:30 -06:00
Danilo Reyes	ba7acaf360	emacs-vm fix	2026-03-23 16:19:23 -06:00
Danilo Reyes	13d1d3c6d9	constitution ammendment	2026-03-23 15:51:13 -06:00
Danilo Reyes	66483c89ac	code rules All checks were successful MCP Tests / mcp-tests (push) Successful in 19s Details	2026-03-23 15:49:51 -06:00
Danilo Reyes	32729627b1	portable emacs All checks were successful MCP Tests / mcp-tests (push) Successful in 26s Details	2026-03-23 15:01:55 -06:00
Danilo Reyes	848ca7ca90	fix emacs-vm build	2026-03-23 14:34:14 -06:00
Danilo Reyes	72ea8a2da6	pipeline adjustments	2026-03-23 14:31:47 -06:00
Danilo Reyes	578fc60a5f	domain Some checks failed runner-smoke / ubuntu-2404 (push) Successful in 13s Details Build on Push / build-configurations (push) Failing after 1m52s Details	2026-03-23 14:27:32 -06:00
Danilo Reyes	30199ba69d	format Some checks failed runner-smoke / ubuntu-2404 (push) Successful in 8m18s Details Build on Push / build-configurations (push) Failing after 24m32s Details	2026-03-23 13:57:34 -06:00