rol vm + dev stuff for webref

.github/workflows/build-schemes.yml

@@ -0,0 +1,92 @@
+name: Build All Color Schemes
+
+on:
+  push:
+    paths:
+      - "config/schemes.nix"
+      - "config/scheme-utils.nix"
+  workflow_dispatch:
+
+jobs:
+  build-schemes:
+    runs-on: nixos
+    env:
+      HOSTNAME: server
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Get available schemes
+        id: schemes
+        run: |
+          SCHEMES=$(nix eval --raw --impure --expr '
+            let
+              pkgs = import <nixpkgs> {};
+              inputs = {};
+              utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
+            in
+            builtins.concatStringsSep " " utils.availableSchemes
+          ')
+          echo "schemes=$SCHEMES" >> $GITHUB_OUTPUT
+          echo "Available schemes: $SCHEMES"
+
+      - name: Configure Attic cache
+        run: |
+          # Configure attic client to use your cache server
+          attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
+
+      - name: Build and push all schemes
+        run: |
+          echo "Building and pushing all schemes..."
+
+          # Store original scheme
+          ORIGINAL_SCHEME=$(grep -oP "scheme = schemesFile\.schemes\.\K\w+" config/stylix.nix)
+          echo "Original scheme: $ORIGINAL_SCHEME"
+
+          # Build and push each scheme
+          for scheme in ${{ steps.schemes.outputs.schemes }}; do
+            echo "========================================="
+            echo "Processing scheme: $scheme"
+            echo "========================================="
+
+            # Update stylix.nix to use this scheme
+            sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$scheme;/" config/stylix.nix
+
+            # Verify the change
+            grep "scheme = schemesFile.schemes" config/stylix.nix
+
+            # Build the configuration
+            echo "Building $scheme..."
+            nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
+              --out-link ./result-$scheme \
+              --quiet
+
+            # Push to cache
+            echo "Pushing $scheme to cache..."
+            attic push servidos:nixos ./result-$scheme
+
+            # Also push using print-out-paths for better cache coverage
+            nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
+              --print-out-paths \
+              --quiet | attic push servidos:nixos --stdin
+
+            echo "✓ Completed $scheme"
+            echo ""
+          done
+
+          # Restore original scheme
+          echo "Restoring original scheme: $ORIGINAL_SCHEME"
+          sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$ORIGINAL_SCHEME;/" config/stylix.nix
+
+          echo "========================================="
+          echo "All schemes built and pushed successfully!"
+          echo "========================================="
+
+      - name: Summary
+        run: |
+          SCHEME_COUNT=$(echo "${{ steps.schemes.outputs.schemes }}" | wc -w)
+          echo "✅ Color scheme builds completed successfully!"
+          echo "- Built $SCHEME_COUNT schemes: ${{ steps.schemes.outputs.schemes }}"
+          echo "- Pushed all builds to Atticd cache"
+          echo ""
+          echo "You can now switch schemes quickly without waiting for builds!"

.github/workflows/weekly-build-cache.yml

@@ -0,0 +1,99 @@
+name: Weekly NixOS Build & Cache
+
+on:
+  schedule:
+    - cron: "30 09 * * 1,5"
+  workflow_dispatch: # Allow manual trigger
+
+jobs:
+  build-and-cache:
+    runs-on: nixos
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Configure Git for automated commits
+        run: |
+          git config user.name "NixOS Builder Bot"
+          git config user.email "noreply@servidos.lat"
+
+      - name: Update flake inputs
+        run: |
+          nix flake update
+
+      - name: Check for changes
+        id: check_changes
+        run: |
+          if git diff --quiet flake.lock; then
+            echo "changes=false" >> $GITHUB_OUTPUT
+            echo "No changes in flake.lock"
+          else
+            echo "changes=true" >> $GITHUB_OUTPUT
+            echo "Changes detected in flake.lock"
+          fi
+
+      - name: Configure Attic cache
+        if: steps.check_changes.outputs.changes == 'true'
+        run: |
+          # Configure attic client to use your cache server
+          attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
+
+      - name: Build workstation configuration
+        if: steps.check_changes.outputs.changes == 'true'
+        run: |
+          echo "Building workstation configuration..."
+          nix build .#nixosConfigurations.workstation.config.system.build.toplevel --quiet
+
+      - name: Build server configuration
+        if: steps.check_changes.outputs.changes == 'true'
+        run: |
+          echo "Building server configuration..."
+          nix build .#nixosConfigurations.server.config.system.build.toplevel --quiet
+
+      - name: Build emacs-vm configuration
+        if: steps.check_changes.outputs.changes == 'true'
+        run: |
+          echo "Building emacs-vm configuration..."
+          nix build .#emacs-vm --quiet
+
+      - name: Push to cache
+        if: steps.check_changes.outputs.changes == 'true'
+        run: |
+          echo "Pushing builds to cache..."
+          # Push all built derivations to cache
+          if ls result* 1> /dev/null 2>&1; then
+            attic push servidos:nixos result*
+          fi
+
+          # Push the specific system derivations we just built
+          nix build .#nixosConfigurations.workstation.config.system.build.toplevel --print-out-paths | attic push servidos:nixos --stdin
+          nix build .#nixosConfigurations.server.config.system.build.toplevel --print-out-paths | attic push servidos:nixos --stdin
+          nix build .#emacs-vm --print-out-paths | attic push servidos:nixos --stdin
+
+      - name: Commit updated flake.lock
+        if: steps.check_changes.outputs.changes == 'true'
+        run: |
+          git add flake.lock
+          git commit -m "Weekly flake update: $(date -u '+%Y-%m-%d %H:%M UTC')"
+          git push origin main
+
+      - name: Create release tag
+        if: steps.check_changes.outputs.changes == 'true'
+        run: |
+          TAG_NAME="weekly-$(date -u '+%Y-%m-%d')"
+          git tag -a "$TAG_NAME" -m "Weekly build and cache update for $(date -u '+%Y-%m-%d')"
+          git push origin "$TAG_NAME"
+
+      - name: Summary
+        run: |
+          if [[ "${{ steps.check_changes.outputs.changes }}" == "true" ]]; then
+            echo "✅ Weekly build completed successfully!"
+            echo "- Updated flake.lock"
+            echo "- Built workstation and server configurations"  
+            echo "- Pushed builds to Atticd cache"
+            echo "- Committed changes and created release tag"
+          else
+            echo "ℹ️ No updates needed - flake.lock is already up to date"
+          fi

.gitignore

@@ -1 +1,8 @@
 .direnv
+config.el
+*.qcow2
+result
+# Prevent accidentally committing unencrypted secrets
+**/secrets/*.yaml.dec
+**/*-decrypted.*
+**/temp-secrets.*

.sops.yaml

@@ -1,7 +1,5 @@
 keys:
-  - &users:
   - &devkey age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37
-  - &hosts:
   - &workstation age17jlsydpgl35qx5ahc3exu44jt8dfa63chymt6xqp9xx0r6dh347qpg55cz
   - &server age15hx530yrqmhm80vsjmffyg9deq9gssj7hl5rsqdnsn3dwegj9qusv4sjf5
   - &miniserver age13w4elx3x6afrte2d82lak59mwr2k25wfz3hx79tny6sfdk66lqjq989dzl
@@ -27,3 +25,31 @@ creation_rules:
           - *workstation
           - *server
           - *miniserver
+  - path_regex: secrets/gallery.yaml$
+    key_groups:
+      - age:
+          - *devkey
+          - *workstation
+          - *server
+          - *miniserver
+  - path_regex: secrets/wireguard.yaml$
+    key_groups:
+      - age:
+          - *devkey
+          - *workstation
+          - *server
+          - *miniserver
+  - path_regex: secrets/homepage.yaml$
+    key_groups:
+      - age:
+          - *devkey
+          - *workstation
+          - *server
+          - *miniserver
+  - path_regex: secrets/certs.yaml$
+    key_groups:
+      - age:
+          - *devkey
+          - *workstation
+          - *server
+          - *miniserver

README.org

@@ -0,0 +1,239 @@
+#+TITLE: JawZ NixOS Configuration
+#+AUTHOR: JawZ
+#+EMAIL: danilo.reyes.251@proton.me
+#+OPTIONS: toc:t num:t
+#+STARTUP: content
+
+* Overview
+
+This repository contains my personal NixOS configuration flake, managing
+multiple hosts with a modular approach. Designed the configuration for a
+self-hosted infrastructure with services and development environments.
+
+* Architecture
+
+** Hosts
+- =workstation= :: Main development machine with GNOME desktop
+- =server= :: Primary server with containerized services
+- =miniserver= :: Secondary server for additional services
+- =galaxy= :: Minimal configuration host
+- =emacs= :: Development VM for Emacs configuration
+
+** Key Features
+- Modular configuration system
+- SOPS-based secrets management
+- Container orchestration with Podman
+- Automated builds and caching
+- Multi-language development environments
+- Self-hosted service stack
+
+* Quick Start
+
+** Prerequisites
+- NixOS 23.05 or later
+- SOPS configured with age keys
+- SSH keys for remote builds
+
+** Initial Setup
+#+BEGIN_SRC bash
+# Clone the repository git clone <repository-url> /home/jawz/Development/NixOS
+cd /home/jawz/Development/NixOS
+
+# Install dependencies nix flake update
+
+# Build and switch to configuration sudo nixos-rebuild switch --flake
+.#<hostname>
+#+END_SRC
+
+** Development Environment
+#+BEGIN_SRC bash
+# Enter development shell for specific language nix develop .#<language>
+
+# Available languages: python, rust, go, haskell, javascript, julia, zig, sh,
+cc, nix
+#+END_SRC
+
+* Configuration Structure
+
+** Core Configuration
+- =config/base.nix= :: Common system configuration
+- =config/jawz.nix= :: User and SSH configuration
+- =config/stylix.nix= :: Theming configuration
+- =config/schemes.nix= :: Color scheme definitions
+
+** Host Configurations
+- =hosts/<hostname>/configuration.nix= :: Host-specific settings
+- =hosts/<hostname>/hardware-configuration.nix= :: Hardware-specific config
+- =hosts/<hostname>/toggles.nix= :: Feature toggles
+
+** Modules
+- =modules/apps/= :: Application packages and configurations
+- =modules/dev/= :: Development environment modules
+- =modules/servers/= :: Self-hosted service configurations
+- =modules/services/= :: System service configurations
+- =modules/scripts/= :: Custom scripts and utilities
+- =modules/shell/= :: Shell and terminal configurations
+
+* Services
+
+** Core Services
+- PostgreSQL 17 :: Database backend
+- Nginx :: Reverse proxy and web server
+- Podman :: Container runtime
+- Syncthing :: File synchronization
+- WireGuard :: VPN connectivity
+
+** Self-Hosted Applications
+- Nextcloud :: File sharing and collaboration
+- Gitea :: Git repository hosting
+- Jellyfin :: Media server
+- Plex :: Media streaming
+- Sonarr/Radarr/Lidarr :: Media management
+- Vaultwarden :: Password manager
+- Homepage :: Service dashboard
+- And more...
+
+* Development
+
+** Available Development Shells
+The configuration provides development shells for my favorite programming
+languages:
+
+#+BEGIN_SRC bash
+# Python development nix develop .#python
+
+# Rust development   nix develop .#rust
+
+# Go development nix develop .#go
+
+# JavaScript/Node.js development nix develop .#javascript
+
+# Haskell development nix develop .#haskell
+
+# Julia development nix develop .#julia
+
+# Zig development nix develop .#zig
+
+# Shell scripting nix develop .#sh
+
+# C/C++ development nix develop .#cc
+
+# Nix development nix develop .#nix
+#+END_SRC
+
+** Adding New Modules
+1. Create module file in appropriate directory under =modules/=
+2. Add module to =modules/modules.nix= if needed
+3. Enable module in host configuration or toggles
+
+** Adding New Hosts
+1. Create host directory under =hosts/<hostname>/
+2. Add =configuration.nix= and =hardware-configuration.nix=
+3. Add host to =flake.nix= outputs
+4. Create =toggles.nix= for feature management
+
+* Secrets Management
+
+** SOPS Configuration
+Manage secrets using SOPS with age encryption:
+
+- =secrets/secrets.yaml= :: Main secrets file
+- =secrets/keys.yaml= :: SSH and encryption keys
+- =secrets/env.yaml= :: Environment variables
+- =secrets/wireguard.yaml= :: VPN configuration
+- =secrets/certs.yaml= :: SSL certificates
+
+** Adding New Secrets
+#+BEGIN_SRC bash
+# Edit secrets file sops secrets/secrets.yaml
+
+# Add new secret sops -i -a 'new-secret: "value"' secrets/secrets.yaml
+#+END_SRC
+
+* CI/CD
+
+** GitHub Actions
+The repository includes automated workflows:
+
+- =weekly-build-cache.yml= :: Weekly builds and cache updates
+- =build-schemes.yml= :: Color scheme builds
+
+** Build Cache
+Builds are automatically cached using Atticd for faster rebuilds.
+
+
+* Customization
+
+** Theming
+The configuration uses Stylix for theming. Define color schemes in
+=config/schemes.nix= and can set them via the =config/stylix.nix= file.
+
+** Adding New Services
+1. Create service module in =modules/servers/=
+2. Add service configuration
+3. Enable service in host toggles
+4. Add to homepage if needed
+
+** Custom Scripts
+Scripts are in =modules/scripts/= and toggle them per host.
+
+* Troubleshooting
+
+** Common Issues
+
+*** Build Failures
+- Check flake inputs are up to date: =nix flake update=
+- Verify all required secrets are present
+- Check host-specific configuration
+
+*** Service Issues
+- Check service status: =systemctl status <service>=
+- View logs: =journalctl -u <service>=
+- Verify firewall rules
+
+*** Development Environment
+- Rebuild development shell: =nix develop .#<language>=
+- Check available packages: =nix search nixpkgs <package>=
+
+** Getting Help
+- Check NixOS documentation
+- Review module documentation
+- Check service-specific documentation
+
+* Maintenance
+
+** Regular Tasks
+- Update flake inputs weekly
+- Review and rotate secrets quarterly
+- Update system packages monthly
+- Clean old generations: =sudo nix-collect-garbage -d=
+
+** Backup Strategy
+- Configuration is version controlled
+- Secrets are encrypted and backed up
+- BTRFS snapshots for data protection
+
+* Contributing
+
+** Code Style
+- Use consistent formatting
+- Add comments for complex configurations
+- Follow Nix conventions
+
+** Pull Requests
+- Test changes on development host first
+- Update documentation as needed
+- Ensure all secrets are properly managed
+
+* License
+
+This configuration is for personal use. Please respect the licenses of
+individual packages and services used.
+
+* Contact
+
+For questions or issues, contact danilo.reyes.251@proton.me
+
+---
+
+*Last updated: 2025*

config/base.nix

@@ -1,18 +1,21 @@
-{ lib, pkgs, inputs, outputs, ... }: {
+{
+  lib,
+  pkgs,
+  inputs,
+  outputs,
+  config,
+  ...
+}:
+{
   imports = [
     inputs.home-manager.nixosModules.home-manager
-    ./modules/apps.nix
-    ./modules/dev.nix
-    ./modules/shell.nix
-    ./modules/services.nix
-    ./modules/servers.nix
-    ./modules/scripts.nix
     ./jawz.nix
+    ../modules/modules.nix
   ];
-  system.stateVersion = "24.05";
+  system.stateVersion = "23.05";
   sops = {
     defaultSopsFormat = "yaml";
-    defaultSopsFile = ./secrets/secrets.yaml;
+    defaultSopsFile = ../secrets/secrets.yaml;
     age = {
       sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
       keyFile = "/var/lib/sops-nix/key.txt";
@@ -20,113 +23,109 @@
     };
   };
   home-manager = {
+    backupFileExtension = "hbckup";
     useUserPackages = true;
     useGlobalPkgs = true;
-    extraSpecialArgs = { inherit inputs outputs; };
+    extraSpecialArgs = {
+      inherit inputs outputs;
+    };
     users.jawz = import ./home-manager.nix;
   };
   time = {
-    timeZone = "America/Mexico_City";
+    inherit (config.my) timeZone;
     hardwareClockInLocalTime = true;
   };
   i18n = {
     defaultLocale = "en_CA.UTF-8";
-    extraLocaleSettings = { LC_MONETARY = "es_MX.UTF-8"; };
+    extraLocaleSettings = {
+      LC_MONETARY = "es_MX.UTF-8";
+    };
   };
   console = {
     font = "Lat2-Terminus16";
     keyMap = "us";
-    #  useXkbConfig = true; # use xkbOptions in tty.
   };
   security = {
     polkit.enable = true;
-    sudo = {
+    sudo-rs = {
       enable = true;
       wheelNeedsPassword = false;
     };
-    pam.loginLimits = [{
+    pam.loginLimits = [
+      {
         domain = "*";
         type = "soft";
         item = "nofile";
         value = "8192";
-    }];
+      }
+    ];
   };
   users = {
     mutableUsers = false;
-    groups.piracy.gid = 985;
+    groups = {
+      users.gid = 100;
+      piracy.gid = 985;
     };
-  nixpkgs.config.allowUnfree = true;
-  nix = let
-    featuresList = [
-      "nixos-test"
-      "benchmark"
-      "big-parallel"
-      "kvm"
-      "gccarch-znver3"
-      "gccarch-skylake"
-      "gccarch-alderlake"
+  };
+  nixpkgs.config = {
+    allowUnfree = true;
+    permittedInsecurePackages = [
+      "aspnetcore-runtime-wrapped-6.0.36"
+      "aspnetcore-runtime-6.0.36"
+      "dotnet-runtime-6.0.36"
+      "dotnet-sdk-wrapped-6.0.428"
+      "dotnet-sdk-6.0.428"
+      "mbedtls-2.28.10"
     ];
-  in {
+  };
+  nix = {
+    nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
     distributedBuilds = true;
     optimise.automatic = true;
     settings = {
+      use-xdg-base-directories = true;
       auto-optimise-store = true;
-      trusted-users = [ "nixremote" ];
-      system-features = featuresList;
-      experimental-features = [ "nix-command" "flakes" ];
+      trusted-users = [
+        "jawz"
+        "root"
+        "nixremote"
+      ];
+      experimental-features = [
+        "nix-command"
+        "flakes"
+        "pipe-operators"
+      ];
       substituters = [
+        "${config.my.servers.atticd.url}/nixos"
         "https://nix-gaming.cachix.org"
         "https://nixpkgs-python.cachix.org"
         "https://devenv.cachix.org"
         "https://cuda-maintainers.cachix.org"
         "https://ai.cachix.org"
         "https://cache.lix.systems"
+        "https://cosmic.cachix.org"
       ];
       trusted-public-keys = [
+        "nixos:kubuWhYCk9/aZp5GDJFAScYgigM66DszP8i1Pzbq0Fc="
         "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
         "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
         "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
         "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
         "ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc="
         "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
+        "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
       ];
     };
   };
   documentation.enable = false;
   environment = {
-    systemPackages = with pkgs; [ wget sops ];
-    variables = rec {
-      # PATH
-      XDG_CACHE_HOME = "\${HOME}/.cache";
-      XDG_CONFIG_HOME = "\${HOME}/.config";
-      XDG_BIN_HOME = "\${HOME}/.local/bin";
-      XDG_DATA_HOME = "\${HOME}/.local/share";
-      XDG_STATE_HOME = "\${HOME}/.local/state";
-
-      # DEV PATH
-      CARGO_HOME = "${XDG_DATA_HOME}/cargo";
-      GEM_HOME = "${XDG_DATA_HOME}/ruby/gems";
-      GEM_PATH = "${XDG_DATA_HOME}/ruby/gems";
-      GEM_SPEC_CACHE = "${XDG_DATA_HOME}/ruby/specs";
-      GOPATH = "${XDG_DATA_HOME}/go";
-      PSQL_HISTORY = "${XDG_DATA_HOME}/psql_history";
-      REDISCLI_HISTFILE = "${XDG_DATA_HOME}/redis/rediscli_history";
-      WINEPREFIX = "${XDG_DATA_HOME}/wine";
-
-      # OPTIONS
-      ELECTRUMDIR = "${XDG_DATA_HOME}/electrum";
-      WGETRC = "${XDG_CONFIG_HOME}/wgetrc";
-      XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
-      "_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
-
-      # NVIDIA
-      CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
-
-      # Themes
-      # WEBKIT_DISABLE_COMPOSITING_MODE = "1";
-
-      PATH = [ "\${HOME}/.local/bin" ];
+    systemPackages = builtins.attrValues {
+      inherit (pkgs)
+        wget
+        sops
+        ;
     };
+    variables = inputs.self.lib.xdgEnvironment;
   };
   programs = {
     nh = {
@@ -143,6 +142,7 @@
     };
   };
   services = {
+    udev.packages = [ pkgs.yubikey-personalization ];
     smartd.enable = true;
     fstrim.enable = true;
     avahi = {

config/home-manager.nix

@@ -0,0 +1,82 @@
+{
+  inputs,
+  config,
+  pkgs,
+  lib,
+  osConfig,
+  ...
+}:
+let
+  inherit (pkgs) fd fzf;
+  inherit (inputs.jawz-scripts.packages.x86_64-linux) pokemon-colorscripts;
+  shellType = osConfig.my.shell.type;
+  commonInit = ''
+    ${pokemon-colorscripts}/bin/pokemon-colorscripts -r --no-title
+    export command_timeout=60
+  '';
+  commonAliases = inputs.self.lib.commonAliases // {
+    open-gallery = ''
+      cd /srv/pool/scrapping/JawZ/gallery-dl &&
+      xdg-open "$(${fd}/bin/fd . ./ Husbands wikifeet -tdirectory -d 1 | ${fzf}/bin/fzf -i)"'';
+  };
+in
+{
+  home.stateVersion = "23.05";
+  programs = {
+    direnv = {
+      enable = true;
+      enableBashIntegration = shellType == "bash";
+      enableZshIntegration = shellType == "zsh";
+      nix-direnv.enable = true;
+    };
+    git = {
+      enable = true;
+      delta.enable = true;
+      userName = "Danilo Reyes";
+      userEmail = osConfig.my.email;
+      extraConfig = {
+        init.defaultBranch = "main";
+        pull.rebase = true;
+      };
+    };
+    bash = lib.mkIf (shellType == "bash") {
+      enable = true;
+      historyFile = "\${XDG_STATE_HOME}/bash/history";
+      shellAliases = commonAliases;
+      enableVteIntegration = true;
+      initExtra = commonInit;
+      historyControl = [
+        "erasedups"
+        "ignorespace"
+        "ignoredups"
+      ];
+    };
+    zsh = lib.mkIf (shellType == "zsh") {
+      enable = true;
+      dotDir = ".config/zsh";
+      shellAliases = commonAliases;
+      initContent = commonInit;
+      history = {
+        path = "\${XDG_STATE_HOME}/zsh/history";
+        expireDuplicatesFirst = true;
+        ignoreSpace = true;
+        ignoreAllDups = true;
+      };
+    };
+  };
+  xdg = {
+    enable = true;
+    userDirs = {
+      enable = true;
+      createDirectories = false;
+      desktop = "${config.home.homeDirectory}";
+      documents = "${config.home.homeDirectory}/Documents";
+      download = "${config.home.homeDirectory}/Downloads";
+      music = "${config.home.homeDirectory}/Music";
+      pictures = "${config.home.homeDirectory}/Pictures";
+      templates = "${config.xdg.dataHome}/Templates";
+      videos = "${config.home.homeDirectory}/Videos";
+    };
+    configFile.wgetrc.text = "hsts-file=\${XDG_CACHE_HOME}/wget-hsts";
+  };
+}

config/jawz.nix

@@ -0,0 +1,82 @@
+{
+  config,
+  lib,
+  inputs,
+  ...
+}:
+let
+  inherit (config.networking) hostName;
+  nixosHosts = inputs.self.lib.getNixosHosts config.my.ips hostName lib;
+  nixosHostsMatch = lib.concatStringsSep " " nixosHosts;
+in
+{
+  sops.secrets = lib.mkIf config.my.secureHost (
+    let
+      baseDir = ".ssh/ed25519";
+      keyConfig = file: {
+        sopsFile = ../secrets/keys.yaml;
+        owner = config.users.users.jawz.name;
+        inherit (config.users.users.jawz) group;
+        path = "/home/jawz/${file}";
+      };
+    in
+    {
+      jawz-password.neededForUsers = true;
+      "private_keys/${hostName}" = keyConfig "${baseDir}_${hostName}";
+      "git_private_keys/${hostName}" = keyConfig "${baseDir}_git";
+    }
+  );
+  home-manager.users.jawz = {
+    home.file.".librewolf/.stignore".source = ../dotfiles/stignore;
+    programs.ssh = lib.mkIf config.my.secureHost {
+      enable = true;
+      matchBlocks = {
+        vps = {
+          hostname = config.my.ips.vps;
+          user = "jawz";
+          port = 3456;
+          identityFile = config.sops.secrets."private_keys/${hostName}".path;
+        };
+        "${nixosHostsMatch}" = {
+          user = "jawz";
+          identityFile = config.sops.secrets."private_keys/${hostName}".path;
+        };
+        "${config.my.servers.gitea.host} github.com gitlab.com bitbucket.org".identityFile =
+          config.sops.secrets."git_private_keys/${hostName}".path;
+      };
+    };
+  };
+  users.users.jawz = {
+    uid = 1000;
+    linger = true;
+    isNormalUser = true;
+    hashedPasswordFile = lib.mkIf config.my.secureHost config.sops.secrets.jawz-password.path;
+    hashedPassword =
+      lib.mkIf (!config.my.secureHost)
+        "$6$s4kbia4u7xVwCmyo$LCN7.Ki2n3xQOqPKnTwa5idwOWYeMNTieQYbLkiiKcMFkFmK76BjtNofJk3U7yRmLGnW3oFT433.nTRq1aoN.1";
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+      "scanner"
+      "lp"
+      "piracy"
+      "kavita"
+      "video"
+      "docker"
+      "libvirt"
+      "rslsync"
+      "plugdev"
+      "bluetooth"
+    ];
+    openssh.authorizedKeys.keyFiles = inputs.self.lib.getSshKeys [
+      "deacero"
+      "workstation"
+      "server"
+      "miniserver"
+      "galaxy"
+      "phone"
+      "vps"
+      "windows_vm"
+    ];
+  };
+}

config/overlay.nix

@@ -0,0 +1,48 @@
+{
+  mkpkgs,
+  inputs,
+  ...
+}:
+let
+  pkgs = mkpkgs inputs.nixpkgs;
+  pkgsU = mkpkgs inputs.nixpkgs-unstable;
+in
+_final: prev: {
+  handbrake = prev.handbrake.override { useGtk = true; };
+  ripgrep = prev.ripgrep.override { withPCRE2 = true; };
+  nautilus = prev.nautilus.overrideAttrs (old: {
+    buildInputs =
+      old.buildInputs
+      ++ builtins.attrValues {
+        inherit (pkgs.gst_all_1)
+          gst-plugins-good
+          gst-plugins-bad
+          ;
+      };
+  });
+  lutris = prev.lutris.override {
+    extraPkgs =
+      pkgs:
+      builtins.attrValues {
+        inherit (pkgs) pango winetricks;
+      }
+      ++ (with pkgs; [
+        wine64Packages.stable
+        wineWowPackages.stable
+      ]);
+  };
+  discord = prev.discord.override {
+    withVencord = true;
+    withOpenASAR = true;
+  };
+  waybar = prev.waybar.overrideAttrs (old: {
+    mesonFlags = old.mesonFlags ++ [ "-Dexperimental=true" ];
+  });
+  inherit (pkgsU)
+    code-cursor
+    symbola
+    mealie
+    flaresolver
+    deadnix
+    ;
+}

config/schemes.nix

@@ -0,0 +1,120 @@
+{ pkgs, inputs }:
+let
+  inherit (inputs) wallpapers;
+  mkScheme =
+    {
+      color ? null,
+      name ? null,
+      polarity,
+      image,
+      iconPackage ? pkgs.papirus-icon-theme.override { inherit color; },
+      base16Scheme ? if name != null then "${pkgs.base16-schemes}/share/themes/${name}.yaml" else null,
+    }:
+    {
+      inherit
+        color
+        name
+        polarity
+        image
+        iconPackage
+        base16Scheme
+        ;
+    };
+in
+{
+  schemes = {
+    vulcano = mkScheme {
+      name = "mocha";
+      color = "brown";
+      polarity = "dark";
+      image = "${wallpapers}/la_fragua_de_vulcano.jpg";
+    };
+    who = mkScheme {
+      name = "catppuccin-frappe";
+      polarity = "dark";
+      image = "${wallpapers}/Nikolay_Kasatkin_Who.jpeg";
+      iconPackage = pkgs.catppuccin-papirus-folders.override {
+        flavor = "frappe";
+        accent = "peach";
+      };
+    };
+    space = mkScheme {
+      name = "solarflare";
+      color = "darkcyan";
+      polarity = "dark";
+      image = "${wallpapers}/space.jpg";
+    };
+    jesus = mkScheme {
+      color = "red";
+      name = "equilibrium-light";
+      polarity = "light";
+      image = "${wallpapers}/jesus.png";
+    };
+    ballerinas = mkScheme {
+      color = "brown";
+      name = "mocha";
+      polarity = "dark";
+      image = "${wallpapers}/Waay-Ballerinas.jpeg";
+    };
+    febroary = mkScheme {
+      color = "yellow";
+      name = "gruvbox-light";
+      polarity = "light";
+      image = "${wallpapers}/febroary.jpg";
+    };
+    paul3 = mkScheme {
+      color = "bluegrey";
+      name = "mexico-light";
+      polarity = "light";
+      image = "${wallpapers}/paul3.jpg";
+    };
+    paul = mkScheme {
+      color = "green";
+      name = "valua";
+      polarity = "light";
+      image = "${wallpapers}/paul1.jpg";
+      base16Scheme = {
+        base00 = "#1a1f16"; # dark forest floor (was deep green-black)
+        base01 = "#23291a"; # bark shadow
+        base02 = "#3c422c"; # damp moss
+        base03 = "#50573c"; # lichen-streaked rock
+        base04 = "#767d5e"; # moss + sun mix
+        base05 = "#a9ae8a"; # dry fern or lichen dust
+        base06 = "#dfe1d2"; # pale sage
+        base07 = "#f5f7f0"; # slightly sunlit leaf white
+        base08 = "#4c7c4a"; # deep fern green
+        base09 = "#6b8f3c"; # olive bark
+        base0A = "#b5b938"; # lichen gold
+        base0B = "#7CC844"; # success green (kept from original)
+        base0C = "#4fbf87"; # turquoise vine
+        base0D = "#2aaf6f"; # jungle leaf
+        base0E = "#88a337"; # mossy lime
+        base0F = "#5c8b55"; # swamp olive
+      };
+    };
+    cheems = mkScheme {
+      color = "yellow";
+      name = "equilibrium-light";
+      polarity = "light";
+      image = "${wallpapers}/cheems.png";
+      base16Scheme = {
+        base00 = "#f5f0e9"; # very light cream
+        base01 = "#e8ddd4"; # light beige
+        base02 = "#d4c4b0"; # warm tan
+        base03 = "#b8a082"; # golden brown
+        base04 = "#9c7c5a"; # medium brown
+        base05 = "#7a5f3f"; # darker brown
+        base06 = "#5c4328"; # dark brown
+        base07 = "#3e2d1a"; # very dark brown
+        base08 = "#d2691e"; # golden orange
+        base09 = "#cd853f"; # peru
+        base0A = "#daa520"; # goldenrod
+        base0B = "#228b22"; # forest green
+        base0C = "#20b2aa"; # light sea green
+        base0D = "#daa520"; # goldenrod
+        base0E = "#8b008b"; # dark magenta
+        base0F = "#dc143c"; # crimson
+      };
+    };
+  };
+}

config/stylix.nix

@@ -0,0 +1,52 @@
+{
+  pkgs,
+  lib,
+  config,
+  inputs,
+  ...
+}:
+let
+  schemesFile = import ./schemes.nix {
+    inherit pkgs inputs;
+  };
+  scheme = schemesFile.schemes.febroary;
+  cfg = config.my.stylix;
+  gnomeEnabled = config.services.xserver.desktopManager.gnome.enable;
+in
+{
+  options.my.stylix.enable = lib.mkEnableOption "system-wide theming with Stylix";
+  config = {
+    stylix = {
+      inherit (scheme) image polarity;
+      enable = true;
+      autoEnable = cfg.enable;
+      targets.qt.platform = lib.mkForce "qtct";
+    }
+    // lib.optionalAttrs (scheme ? base16Scheme) { inherit (scheme) base16Scheme; };
+    home-manager.users.jawz = {
+      gtk = lib.mkIf (!cfg.enable && gnomeEnabled) {
+        enable = true;
+        iconTheme = {
+          name = "Papirus-Light";
+          package = pkgs.papirus-icon-theme.override {
+            color = "yellow";
+          };
+        };
+      };
+      stylix = {
+        inherit (cfg) enable;
+        autoEnable = cfg.enable;
+        iconTheme = {
+          inherit (cfg) enable;
+          package = scheme.iconPackage;
+          light = "Papirus-Light";
+          dark = "Papirus-Dark";
+        };
+        targets.librewolf = {
+          firefoxGnomeTheme.enable = true;
+          profileNames = [ "jawz" ];
+        };
+      };
+    };
+  };
+}

dotfiles/doom/bookmarks

@@ -0,0 +1,10 @@
+;;;; Emacs Bookmark Format Version 1;;;; -*- coding: utf-8-emacs; mode: lisp-data -*-
+;;; This format is meant to be slightly human-readable;
+;;; nevertheless, you probably don't want to edit it.
+;;; -*- End Of Bookmark File Format Version Stamp -*-
+(("org-capture-last-stored"
+ (filename . "~/Documents/Notes/20240518175854-egypt.org")
+ (front-context-string)
+ (rear-context-string . "\n#+title: Egypt\n")
+ (position . 83))
+)

dotfiles/doom/custom.el

@@ -0,0 +1,21 @@
+(custom-set-variables
+ ;; custom-set-variables was added by Custom.
+ ;; If you edit it by hand, you could mess it up, so be careful.
+ ;; Your init file should contain only one such instance.
+ ;; If there is more than one, they won't work right.
+ '(flycheck-flake8-maximum-line-length 88)
+ '(safe-local-variable-values
+   '((org-hugo-auto-export-on-save . t)
+     (org-hugo-base-dir . /home/jawz/Development/Websites/portfolio/)
+     (git-commit-major-mode . git-commit-elisp-text-mode))))
+(custom-set-faces
+ ;; custom-set-faces was added by Custom.
+ ;; If you edit it by hand, you could mess it up, so be careful.
+ ;; Your init file should contain only one such instance.
+ ;; If there is more than one, they won't work right.
+ '(org-document-title ((t (:inherit outline-1 :height 2.0))))
+ '(org-level-1 ((t (:inherit outline-1 :height 1.4))))
+ '(org-level-2 ((t (:inherit outline-2 :height 1.3))))
+ '(org-level-3 ((t (:inherit outline-3 :height 1.2))))
+ '(org-level-4 ((t (:inherit outline-4 :height 1.1))))
+ '(org-level-5 ((t (:inherit outline-5 :height 1.0)))))

dotfiles/doom/init.el

@@ -0,0 +1,192 @@
+;;; init.el -*- lexical-binding: t; -*-
+
+;; This file controls what Doom modules are enabled and what order they load
+;; in. Remember to run 'doom sync' after modifying it!
+
+;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
+;;      documentation. There you'll find a link to Doom's Module Index where all
+;;      of our modules are listed, including what flags they support.
+
+;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
+;;      'C-c c k' for non-vim users) to view its documentation. This works on
+;;      flags as well (those symbols that start with a plus).
+;;
+;;      Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
+;;      directory (for easy access to its source code).
+
+(doom! :input
+       ;;bidi              ; (tfel ot) thgir etirw uoy gnipleh
+       ;;chinese
+       ;;japanese
+       ;;layout            ; auie,ctsrnm is the superior home row
+
+       :completion
+       ;; company           ; the ultimate code completion backend
+       (corfu +orderless) ; complete with cap(f), cape and a flying feather!
+       ;;helm              ; the *other* search engine for love and life
+       ;;ido               ; the other *other* search engine...
+       ;;(ivy +fuzzy +childframe +icons)               ; a search engine for love and life
+       vertico           ; the search engine of the future
+
+       :ui
+       deft              ; notational velocity for Emacs
+       doom              ; what makes DOOM look the way it does
+       doom-dashboard    ; a nifty splash screen for Emacs
+       ;;doom-quit         ; DOOM quit-message prompts when you quit Emacs
+       ;;(emoji +unicode +github)  ; 🙂
+       hl-todo           ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
+       ;;indent-guides     ; highlighted indent columns
+       ;;(ligatures +extra +iosevka)         ; ligatures and symbols to make your code pretty again
+       ;;minimap           ; show a map of the code on the side
+       modeline          ; snazzy, Atom-inspired modeline, plus API
+       ;;nav-flash         ; blink cursor line after big motions
+       ;;neotree           ; a project drawer, like NERDTree for vim
+       ophints           ; highlight the region an operation acts on
+       (popup +defaults)   ; tame sudden yet inevitable temporary windows
+       ;;tabs              ; a tab bar for Emacs
+       (treemacs +lsp)         ; a project drawer, like neotree but cooler
+       ;;unicode           ; extended unicode support for various languages
+       (vc-gutter +pretty)         ; vcs diff in the fringe
+       vi-tilde-fringe   ; fringe tildes to mark beyond EOB
+       ;;window-select     ; visually switch windows
+       workspaces        ; tab emulation, persistence & separate workspaces
+       ;;zen               ; distraction-free coding or writing
+
+       :editor
+       (evil +everywhere); come to the dark side, we have cookies
+       file-templates    ; auto-snippets for empty files
+       fold              ; (nigh) universal code folding
+       (format +onsave)  ; automated prettiness
+       ;;god               ; run Emacs commands without modifier keys
+       ;;lispy             ; vim for lisp, for people who don't like vim
+       ;;multiple-cursors  ; editing in many places at once
+       ;;objed             ; text object editing for the innocent
+       ;;parinfer          ; turn lisp into python, sort of
+       rotate-text       ; cycle region at point between text candidates
+       snippets          ; my elves. They type so I don't have to
+       ;;word-wrap         ; soft wrapping with language-aware indent
+
+       :emacs
+       dired            ; making dired pretty [functional]
+       electric          ; smarter, keyword-based electric-indent
+       eww ; the internet is gross
+       ibuffer         ; interactive buffer management
+       (undo +tree)              ; persistent, smarter undo for your inevitable mistakes
+       vc                ; version-control and Emacs, sitting in a tree
+
+       :term
+       ;;eshell            ; the elisp shell that works everywhere
+       ;;shell             ; simple shell REPL for Emacs
+       ;;term              ; basic terminal emulator for Emacs
+       vterm             ; the best terminal emulation in Emacs
+
+       :checkers
+       syntax              ; tasing you for every semicolon you forget
+       (spell +flyspell +hunspell) ; tasing you for misspelling mispelling
+       grammar           ; tasing grammar mistake every you make
+
+       :tools
+       ;;ansible
+       ;;biblio            ; Writes a PhD for you (citation needed)
+       ;;collab ; buffers with friends
+       ;;debugger          ; FIXME stepping through code, to help you add bugs
+       direnv
+       (docker +lsp)
+       editorconfig      ; let someone else argue about tabs vs spaces
+       ;;ein               ; tame Jupyter notebooks with emacs
+       (eval +overlay)     ; run code, run (also, repls)
+       (lookup +dictionary + offline)              ; navigate your code and its documentation
+       (lsp +peek)               ; M-x vscode
+       magit             ; a git porcelain for Emacs
+       ;;make              ; run make tasks from Emacs
+       ;;pass              ; password manager for nerds
+       ;;pdf               ; pdf enhancements
+       ;;prodigy           ; FIXME managing external services & code builders
+       ;;terraform         ; infrastructure as code
+       tmux              ; an API for interacting with tmux
+       ;; tree-sitter       ; syntax and parsing, sitting in a tree...
+       upload            ; map local to remote projects via ssh/ftp
+
+       :os
+       ;;(:if (featurep :system 'macos) macos) ; improve compatibility with macOS       tty               ; improve the terminal Emacs experience
+
+       :lang
+       ;;agda              ; types of types of types of types...
+       ;;beancount         ; mind the GAAP
+       (cc +lsp)         ; C > C++ == 1
+       ;;clojure           ; java with a lisp
+       ;;common-lisp       ; if you've seen one lisp, you've seen them all
+       ;;coq               ; proofs-as-programs
+       ;;crystal           ; ruby at the speed of c
+       ;; (csharp +lsp)           ; unity, .NET, and mono shenanigans
+       ;;data              ; config/data formats
+       ;;(dart +flutter)   ; paint ui and not much else
+       ;;dhall
+       ;;elixir            ; erlang done right
+       ;;elm               ; care for a cup of TEA?
+       emacs-lisp        ; drown in parentheses
+       ;;erlang            ; an elegant language for a more civilized age
+       ;;ess               ; emacs speaks statistics
+       ;;factor
+       ;;faust             ; dsp, but you get to keep your soul
+       ;;fortran           ; in FORTRAN, GOD is REAL (unless declared INTEGER)
+       ;;fsharp            ; ML stands for Microsoft's Language
+       ;;fstar             ; (dependent) types and (monadic) effects and Z3
+       (gdscript +lsp)         ; the language you waited for
+       ;;(go +lsp)         ; the hipster dialect
+       ;;(graphql +lsp)    ; Give queries a REST
+       (haskell +lspr)    ; a language that's lazier than I am
+       ;;hy                ; readability of scheme w/ speed of python
+       ;;idris             ; a language you can depend on
+       (json +lsp)              ; At least it ain't XML
+       ;;(java +lsp)       ; the poster child for carpal tunnel syndrome
+       (javascript +lsp)       ; all(hope(abandon(ye(who(enter(here))))))
+       (julia +lsp)            ; a better, faster MATLAB
+       ;;kotlin            ; a better, slicker Java(Script)
+       ;;latex             ; writing papers in Emacs has never been so fun
+       ;;lean              ; for folks with too much to prove
+       ;;ledger            ; be audit you can be
+       ;;lua               ; one-based indices? one-based indices
+       ;;markdown          ; writing docs for people to ignore
+       ;;nim               ; python + lisp at the speed of c
+       (nix +lsp)               ; I hereby declare "nix geht mehr!"
+       ;;ocaml             ; an objective camel
+       (org +hugo +pretty +roam2)              ; organize your plain life in plain text
+       ;;(php +lsp)               ; perl's insecure younger brother
+       ;;plantuml          ; diagrams for confusing people more
+       ;; graphviz ; diagrams for confusing yourself even more
+       ;;purescript        ; javascript, but functional
+       (python +pyright +lsp)           ; beautiful is better than ugly
+       ;;qt                ; the 'cutest' gui framework ever
+       ;;racket            ; a DSL for DSLs
+       ;;raku              ; the artist formerly known as perl6
+       ;;rest              ; Emacs as a REST client
+       ;;rst               ; ReST in peace
+       ;;(ruby +rails)     ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
+       (rust +lsp)       ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
+       ;;scala             ; java, but good
+       ;;(scheme +guile)   ; a fully conniving family of lisps
+       (sh +lsp)                ; she sells {ba,z,fi}sh shells on the C xor
+       ;;sml
+       ;;solidity          ; do you need a blockchain? No.
+       ;;swift             ; who asked for emoji variables?
+       ;;terra             ; Earth and Moon in alignment for performance.
+       ;;web               ; the tubes
+       (yaml +lsp)              ; JSON, but readable
+       ;;zig               ; C, but simpler
+
+       :email
+       ;;(mu4e +org +gmail)
+       ;;notmuch
+       ;;(wanderlust +gmail)
+
+       :app
+       calendar
+       ;;emms
+       everywhere        ; *leave* Emacs!? You must be joking
+       ;;irc               ; how neckbeards socialize
+       ;;(rss +org)        ; emacs as an RSS reader
+
+       :config
+       literate
+       (default +bindings +smartparens))

dotfiles/doom/packages.el

@@ -0,0 +1,96 @@
+;; -*- no-byte-compile: t; -*-
+;;; $DOOMDIR/packages.el
+
+;; To install a package with Doom you must declare them here and run 'doom sync'
+;; on the command line, then restart Emacs for the changes to take effect -- or
+;; use 'M-x doom/reload'.
+
+
+;; To install SOME-PACKAGE from MELPA, ELPA or emacsmirror:
+                                        ;(package! some-package)
+
+;; To install a package directly from a remote git repo, you must specify a
+;; `:recipe'. You'll find documentation on what `:recipe' accepts here:
+;; https://github.com/raxod502/straight.el#the-recipe-format
+                                        ;(package! another-package
+                                        ;  :recipe (:host github :repo "username/repo"))
+
+;; If the package you are trying to install does not contain a PACKAGENAME.el
+;; file, or is located in a subdirectory of the repo, you'll need to specify
+;; `:files' in the `:recipe':
+                                        ;(package! this-package
+                                        ;  :recipe (:host github :repo "username/repo"
+                                        ;           :files ("some-file.el" "src/lisp/*.el")))
+
+;; If you'd like to disable a package included with Doom, you can do so here
+;; with the `:disable' property:
+                                        ;(package! builtin-package :disable t)
+
+;; You can override the recipe of a built in package without having to specify
+;; all the properties for `:recipe'. These will inherit the rest of its recipe
+;; from Doom or MELPA/ELPA/Emacsmirror:
+                                        ;(package! builtin-package :recipe (:nonrecursive t))
+                                        ;(package! builtin-package-2 :recipe (:repo "myfork/package"))
+
+;; Specify a `:branch' to install a package from a particular branch or tag.
+;; This is required for some packages whose default branch isn't 'master' (which
+;; our package manager can't deal with; see raxod502/straight.el#279)
+                                        ;(package! builtin-package :recipe (:branch "develop"))
+
+;; Use `:pin' to specify a particular commit to install.
+                                        ;(package! builtin-package :pin "1a2b3c4d5e")
+
+
+;; Doom's packages are pinned to a specific commit and updated from release to
+;; release. The `unpin!' macro allows you to unpin single packages...
+                                        ;(unpin! pinned-package)
+;; ...or multiple packages
+                                        ;(unpin! pinned-package another-pinned-package)
+;; ...Or *all* packages (NOT RECOMMENDED; will likely break things)
+                                        ;(unpin! t)
+
+;; (package! nixos-options) ;; enable when migrating to nixos
+;; (package! quick-preview) ;; preview files with sushi
+
+
+;; (package! codeium :recipe (:host github :repo "Exafunction/codeium.el"))
+(package! config-general-mode)
+(package! dired-open)
+(package! dired-subtree)
+;; (package! doom-modeline-now-playing)
+(package! ini-mode)
+(package! insert-esv) ;; bible passages
+(package! olivetti) ;; writing mode centering text, looks like word
+(package! org-alert)
+(package! org-auto-tangle)
+(package! org-roam-ui)
+(package! org-transclusion)
+(package! peep-dired) ;; kind of cool but never could make it work
+(package! php-cs-fixer)
+(package! systemd)
+;; (package! 2048-game)
+;; (package! academic-phrases)
+;; (package! caddyfile-mode)
+;; (package! clippy)
+;; (package! crontab-mode) ;; crontab colors
+;; (package! evil-tutor) ;; vim tutorial
+;; (package! ewal) ;; theme colors based on pywal
+;; (package! ewal-doom-themes)
+;; (package! ewal-evil-cursors)
+;; (package! fish-completion) ;; what does it do???????????????????????????
+;; (package! flycheck-aspell)
+;; (package! ivy-posframe)
+;; (package! mw-thesaurus)
+;; (package! org-appear) ;; couldn't get it to work
+;; (package! org-recur) ;; works but I want to keep org vanilla
+;; (package! ox-chameleon
+;;   :recipe (:host github :repo "tecosaur/ox-chameleon"))
+;; (package! renpy)
+;; (package! resize-window)
+;; (package! tldr)
+;; (package! typit) ;; type speed test
+;; (package! vimgolf) ;; vim puzzles
+;; (package! wc-mode) ;; displays character count of buffer
+
+(package! expand-region)
+(package! gptel :recipe (:nonrecursive t))

dotfiles/doom/templates/default.org

@@ -0,0 +1 @@
+%?

dotfiles/doom/templates/events.org

@@ -0,0 +1,21 @@
+%?
+
+* Sources
+1.
+
+* Belligerents
+1.
+
+* Casualties and losses
+
+* Location
+
+* Causes
+
+* Events
+
+* Major Contention Events
+
+* Outcome
+
+* Important Notes

dotfiles/doom/templates/programming.org

@@ -0,0 +1,13 @@
+%?
+
+- Influenced by
+- Influenced
+- Related tools
+
+* Hello World
+
+* Tips
+
+* Resources
+- Documentation
+- YouTube channels

dotfiles/gallery-dl.nix

@@ -0,0 +1,301 @@
+{
+  extractor = {
+    skip = "abort:5";
+    cookies = [
+      "firefox"
+      "/home/jawz/.librewolf/jawz"
+      "gnomekeyring"
+    ];
+    retries = 10;
+    sleep-request = 0;
+    directlink = {
+      filename = "{filename}.{extension}";
+      directory = [ ];
+    };
+    bluesky = {
+      limit-rate = "400k-1M";
+      username = "blablablamagic.bsky.social";
+      reposts = false;
+      videos = true;
+      directory = [ "{author['handle']}" ];
+      include = [ "media" ];
+    };
+    twitter = {
+      skip = "abort:1";
+      retweets = false;
+      videos = "ytdl";
+      logout = true;
+      include = [ "media" ];
+      directory = [ "{user[name]}" ];
+    };
+    flickr = {
+      size-max = "Original";
+      directory = [
+        "{category}"
+        "{owner[username]}"
+      ];
+    };
+    pinterest.directory = [
+      "{board[owner][username]}"
+      "{board[name]}"
+    ];
+    wikifeet = {
+      page-reverse = true;
+      directory = [
+        "{category}"
+        "{celebrity}"
+      ];
+    };
+    instagram = {
+      limit-rate = "200k-300k";
+      browser = "firefox:linux";
+      user-agent = "Mozilla/5.0 (X11; Linux x86_64; rv:143.0) Gecko/20100101 Firefox/143.0";
+      sleep = "66-123";
+      sleep-request = "66-123";
+      parent-directory = true;
+      directory = [ "{username}" ];
+      previews = true;
+      highlights = {
+        reverse = true;
+        directory = [ "{username}" ];
+      };
+      stories = {
+        reverse = true;
+        directory = [ "{username}" ];
+      };
+      tagged.directory = [
+        "{username}"
+        "tagged"
+        "{tagged_username}"
+      ];
+    };
+    kemonoparty = {
+      limit-rate = "200k-300k";
+      retries = 10;
+      timeout = 5;
+      filename = "{id}_{filename}.{extension}";
+      directory = [
+        "{category}"
+        "{user}"
+      ];
+    };
+    exhentai.directory = [
+      "{category}"
+      "{title}"
+    ];
+    tumblr = {
+      external = true;
+      inline = true;
+      posts = "all";
+      reblogs = false;
+      parent-directory = true;
+      directory = [ "{blog_name}" ];
+    };
+    deviantart = {
+      limit-rate = "200k-300k";
+      include = "gallery,scraps";
+      flat = true;
+      original = true;
+      mature = true;
+      auto-watch = true;
+      auto-unwatch = true;
+      directory = [ "{username}" ];
+    };
+    furaffinity = {
+      directory = [
+        "{user}"
+        "{subcategory}"
+      ];
+      include = [
+        "scraps"
+        "gallery"
+      ];
+    };
+    patreon = {
+      limit-rate = "400k-1M";
+      filename = "{filename}.{num}.{extension}";
+      browser = "firefox";
+      directory = [
+        "(Patreon) {creator[vanity]}"
+        "({date:%Y%m%d}) {title} ({id})"
+      ];
+    };
+    blogger = {
+      filename = "{filename} - {num}.{extension}";
+      directory = [
+        "{blog[name]}"
+        "{post[author]}"
+        "{post[title]} - [{post[id]}]"
+      ];
+    };
+    artstation = {
+      external = true;
+      directory = [ "{userinfo[username]}" ];
+    };
+    gfycat.format = "webm";
+    reddit = {
+      user-agent = "Python:gallery-dl:v1.0 (by /u/captainjawz)";
+      client-id = "T7nZ6WZ3_onJWBhLP8r08g";
+      parent-directory = true;
+      directory = [ "{author}" ];
+    };
+    redgifs = {
+      reverse = true;
+      directory = [ "{userName}" ];
+    };
+    imgur.mp4 = true;
+    paheal.directory = [
+      "Husbands"
+      "{search_tags}"
+    ];
+    rule34.directory = [
+      "Husbands"
+      "{search_tags}"
+    ];
+    e621.directory = [
+      "Husbands"
+      "{search_tags}"
+    ];
+    baraag.directory = [ "{account[username]}" ];
+    pixiv = {
+      directory = [ "{user[account]} - {user[id]}" ];
+      ugoira = true;
+      favorite.directory = [
+        "{user_bookmark[account]} - {user_bookmark[id]}"
+        "Bookmarks"
+      ];
+      postprocessors = [
+        {
+          name = "ugoira";
+          extension = "webm";
+          keep-files = false;
+          whitelist = [ "pixiv" ];
+          ffmpeg-twopass = true;
+          ffmpeg-args = [
+            "-c:v"
+            "libvpx"
+            "-crf"
+            "4"
+            "-b:v"
+            "5000k"
+            "-an"
+          ];
+        }
+      ];
+    };
+    fanbox = {
+      embeds = true;
+      directory = [
+        "{category}"
+        "{creatorId}"
+      ];
+    };
+    readcomiconline = {
+      limit-rate = "400k-1M";
+      chapter-reverse = true;
+      quality = "hq";
+      captcha = "wait";
+      postprocessors = [ "cbz" ];
+      directory = [
+        "comics"
+        "{comic}"
+        "{comic} #{issue}"
+      ];
+    };
+    kissmanga = {
+      chapter-reverse = true;
+      captcha = "wait";
+      postprocessors = [ "cbz" ];
+      directory = [
+        "manga"
+        "{subcategory}"
+        "{manga}"
+        "{manga} Ch.{chapter}{chapter_minor}"
+      ];
+    };
+    mangahere = {
+      chapter-reverse = true;
+      postprocessors = [ "cbz" ];
+      directory = [
+        "manga"
+        "{subcategory}"
+        "{manga}"
+        "{manga} Ch.{chapter}{chapter_minor}"
+      ];
+    };
+    mangadex = {
+      chapter-reverse = true;
+      chapter-filter = "lang == 'en'";
+      postprocessors = [ "cbz" ];
+      directory = [
+        "manga"
+        "manga"
+        "{manga}"
+        "{manga} Ch.{chapter}{chapter_minor}"
+      ];
+    };
+    manganelo = {
+      chapter-reverse = true;
+      chapter-filter = "lang == 'en'";
+      postprocessors = [ "cbz" ];
+      directory = [
+        "manga"
+        "{subcategory}"
+        "{manga}"
+        "{manga} Ch.{chapter}{chapter_minor}"
+      ];
+    };
+    mangareader = {
+      chapter-reverse = true;
+      postprocessors = [ "cbz" ];
+      directory = [
+        "manga"
+        "{subcategory}"
+        "{manga}"
+        "{manga} Ch.{chapter}{chapter_minor}"
+      ];
+    };
+    mangapanda = {
+      chapter-reverse = true;
+      postprocessors = [ "cbz" ];
+      directory = [
+        "manga"
+        "{subcategory}"
+        "{manga}"
+        "{manga} Ch.{chapter}{chapter_minor}"
+      ];
+    };
+    webtoons = {
+      chapter-reverse = true;
+      postprocessors = [ "cbz" ];
+      directory = [
+        "webtoons"
+        "{comic}"
+        "{comic} #{episode}"
+      ];
+    };
+  };
+  output.mode = "auto";
+  downloader = {
+    part = true;
+    part-directory = "/home/jawz/.cache/gallery-dl";
+    ytdl = {
+      logging = true;
+      format = "bestvideo+bestaudio/best";
+      module = "yt_dlp";
+      forward-cookies = true;
+    };
+    http = {
+      rate = null;
+      retries = 5;
+      timeout = 10.0;
+      verify = true;
+    };
+  };
+  postprocessor.cbz = {
+    name = "zip";
+    compression = "store";
+    mode = "safe";
+    extension = "cbz";
+  };
+}

dotfiles/gallery-dl/config.json

@@ -1,228 +0,0 @@
-{
-  "extractor": {
-    "skip": "abort:5",
-    "cookies": ["firefox", "yw8fhvh4.default-release", "gnomekeyring"],
-    "user-agent": "Mozilla/5.0 (X11; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0",
-    "retries": 10,
-    "sleep-request": 0,
-    "directlink": {
-      "directory": [],
-      "filename": "{filename}.{extension}"
-    },
-    "twitter": {
-      "skip": "abort:1",
-      "directory": ["{user[name]}"],
-      "include": ["media"],
-      "retweets": false,
-      "videos": "ytdl",
-      "logout": true
-    },
-    "flickr": {
-      "directory": ["{category}", "{owner[username]}"],
-      "size-max": "Original",
-      "access-token": "72157720915197374-51a26dc4fdfdf173",
-      "access-token-secret": "a1ddb10902f3fa85"
-    },
-    "pinterest": {
-      "directory": ["{board[owner][username]}", "{board[name]}"]
-    },
-    "wikifeet": {
-      "page-reverse": true,
-      "directory": ["{category}", "{celebrity}"]
-    },
-    "instagram": {
-      "sleep-request": "25-45",
-      "sleep": "25-45",
-      "directory": ["{username}"],
-      "parent-directory": true,
-      "highlights": {
-        "reverse": "true",
-        "directory": ["{username}"]
-      },
-      "stories": {
-        "reverse": "true",
-        "directory": ["{username}"]
-      },
-      "tagged": {
-        "directory": ["{tagged_username}", "tagged"]
-      }
-    },
-    "kemonoparty": {
-      "directory": ["{category}", "{user}"],
-      "retries": 10,
-      "timeout": 5,
-      "filename": "{id}_{filename}.{extension}"
-    },
-    "exhentai": {
-      "directory": ["{category}", "{title}"]
-    },
-    "tumblr": {
-      "directory": ["{blog_name}"],
-      "access-token": "5VwIW8TNBoNVPo9CzvKMza2wcn9gJXd6rnUBy6Ctqb4BCPpI59",
-      "access-token-secret": "8krZGeauA171aZpXZhwgZN8nZCxKQkXYKXWL473mTQPKrqoP3e",
-      "external": true,
-      "inline": true,
-      "posts": "all",
-      "reblogs": false,
-      "parent-directory": true,
-      "api-key": "uhBUtgPaX9gl7eaD8suGWW6ZInRedQoVT6xsZzopljy0jXHqm5",
-      "api-secret": "D3FDj1INyPzXikVpp4jmzSqjlC9czFUQ8oj2I883PSYJdqwURv"
-    },
-    "deviantart": {
-      "client-id": "20016",
-      "client-secret": "52e1f9b0cb26e673da36f69e2ddd0e9a",
-      "refresh-token": "3fd25b06f97853a93cbe3729edf5d1d196d44700",
-      "directory": ["{username}"],
-      "include": "gallery,scraps",
-      "flat": true,
-      "original": true,
-      "mature": true,
-      "auto-watch": true,
-      "auto-unwatch": true
-    },
-    "furaffinity": {
-      "directory": ["{user}", "{subcategory}"],
-      "include": ["scraps", "gallery"]
-    },
-    "patreon": {
-      "directory": [
-        "(Patreon) {creator[vanity]}",
-        "({date:%Y%m%d}) {title} ({id})"
-      ],
-      "filename": "{filename}.{num}.{extension}",
-      "browser": "firefox"
-    },
-    "blogger": {
-      "directory": [
-        "{blog[name]}",
-        "{post[author]}",
-        "{post[title]} - [{post[id]}]"
-      ],
-      "filename": "{filename} - {num}.{extension}"
-    },
-    "artstation": {
-      "directory": ["{userinfo[username]}"],
-      "external": true
-    },
-    "gfycat": {
-      "format": "webm"
-    },
-    "reddit": {
-      "user-agent": "Python:gallery-dl:v1.0 (by /u/captainjawz)",
-      "client-id": "T7nZ6WZ3_onJWBhLP8r08g",
-      "refresh-token": "184157546842-UHdPQX1c7kG1kbO09NAHY2O2taEiwg",
-      "directory": ["{author}"],
-      "parent-directory": true
-    },
-    "redgifs": {
-      "reverse": "true",
-      "directory": ["{userName}"]
-    },
-    "imgur": {
-      "mp4": true
-    },
-    "paheal": {
-      "directory": ["Husbands", "{search_tags}"]
-    },
-    "rule34": {
-      "directory": ["Husbands", "{search_tags}"]
-    },
-    "e621": {
-      "directory": ["Husbands", "{search_tags}"]
-    },
-    "baraag": {
-      "directory": ["{account[username]}"]
-    },
-    "pixiv": {
-      "refresh-token": "O4kc9tTzGItuuacDcfmevW6NELjm5CJdWiAbZdUv3Kk",
-      "directory": ["{user[account]} - {user[id]}"],
-      "ugoira": true,
-      "favorite": {
-        "directory": [
-          "{user_bookmark[account]} - {user_bookmark[id]}",
-          "Bookmarks"
-        ]
-      },
-      "postprocessors": [
-        {
-          "name": "ugoira",
-          "extension": "webm",
-          "keep-files": false,
-          "whitelist": ["pixiv"],
-          "ffmpeg-twopass": true,
-          "ffmpeg-args": ["-c:v", "libvpx", "-crf", "4", "-b:v", "5000k", "-an"]
-        }
-      ]
-    },
-    "fanbox": {
-      "directory": ["{category}", "{creatorId}"],
-      "embeds": true
-    },
-    "readcomiconline": {
-      "chapter-reverse": true,
-      "directory": ["Comics", "{comic}", "{comic} #{issue}"],
-      "quality": "hq",
-      "captcha": "wait",
-      "postprocessors": ["cbz"]
-    },
-    "kissmanga": {
-      "chapter-reverse": true,
-      "directory": ["Manga", "{manga}", "{manga} Ch.{chapter}{chapter_minor}"],
-      "captcha": "wait",
-      "postprocessors": ["cbz"]
-    },
-    "mangahere": {
-      "chapter-reverse": true,
-      "directory": ["Manga", "{manga}", "{manga} Ch.{chapter}{chapter_minor}"],
-      "postprocessors": ["cbz"]
-    },
-    "mangadex": {
-      "chapter-reverse": true,
-      "chapter-filter": "lang == 'en'",
-      "directory": ["Manga", "{manga}", "{manga} Ch.{chapter}{chapter_minor}"],
-      "postprocessors": ["cbz"]
-    },
-    "mangareader": {
-      "chapter-reverse": true,
-      "directory": ["Manga", "{manga}", "{manga} Ch.{chapter}{chapter_minor}"],
-      "postprocessors": ["cbz"]
-    },
-    "mangapanda": {
-      "chapter-reverse": true,
-      "directory": ["Manga", "{manga}", "{manga} Ch.{chapter}{chapter_minor}"],
-      "postprocessors": ["cbz"]
-    },
-    "webtoons": {
-      "chapter-reverse": true,
-      "directory": ["Webtoons", "{comic}", "{comic} #{episode}"],
-      "postprocessors": ["cbz"]
-    }
-  },
-  "output": {
-    "mode": "auto"
-  },
-  "downloader": {
-    "part": true,
-    "part-directory": "/home/jawz/.cache/gallery-dl",
-    "ytdl": {
-      "logging": true,
-      "format": "bestvideo+bestaudio/best",
-      "module": "yt_dlp",
-      "forward-cookies": true
-    },
-    "http": {
-      "rate": null,
-      "retries": 5,
-      "timeout": 10.0,
-      "verify": true
-    }
-  },
-  "postprocessor": {
-    "cbz": {
-      "name": "zip",
-      "compression": "store",
-      "mode": "safe",
-      "extension": "cbz"
-    }
-  }
-}

dotfiles/gopass/config.yml

@@ -1,10 +0,0 @@
-autoclip: true
-autoimport: false
-cliptimeout: 45
-exportkeys: false
-nopager: false
-notifications: false
-parsing: true
-path: /home/jawz/.local/share/pass
-safecontent: true
-mounts: {}

dotfiles/htop/htoprc

@@ -1,61 +0,0 @@
-# Beware! This file is rewritten by htop when settings are changed in the interface.
-# The parser is also very primitive, and not human-friendly.
-htop_version=3.2.1
-config_reader_min_version=3
-fields=18 0 123 124 46 47 38 50 1
-hide_kernel_threads=0
-hide_userland_threads=0
-shadow_other_users=0
-show_thread_names=0
-show_program_path=0
-highlight_base_name=1
-highlight_deleted_exe=1
-highlight_megabytes=1
-highlight_threads=1
-highlight_changes=0
-highlight_changes_delay_secs=5
-find_comm_in_cmdline=1
-strip_exe_from_cmdline=1
-show_merged_command=1
-header_margin=1
-screen_tabs=1
-detailed_cpu_time=0
-cpu_count_from_one=1
-show_cpu_usage=1
-show_cpu_frequency=1
-show_cpu_temperature=1
-degree_fahrenheit=0
-update_process_names=0
-account_guest_in_cpu_meter=0
-color_scheme=3
-enable_mouse=1
-delay=15
-hide_function_bar=0
-header_layout=two_67_33
-column_meters_0=LeftCPUs Swap Tasks NetworkIO Memory
-column_meter_modes_0=1 1 2 2 2
-column_meters_1=RightCPUs Hostname Uptime LoadAverage
-column_meter_modes_1=1 2 2 2
-tree_view=1
-sort_key=38
-tree_sort_key=0
-sort_direction=-1
-tree_sort_direction=1
-tree_view_always_by_pid=1
-all_branches_collapsed=1
-screen:Main=NICE PID COMM EXE PERCENT_CPU PERCENT_MEM M_VIRT NLWP Command
-.sort_key=M_VIRT
-.tree_sort_key=PID
-.tree_view=1
-.tree_view_always_by_pid=1
-.sort_direction=-1
-.tree_sort_direction=1
-.all_branches_collapsed=1
-screen:I/O=PID USER IO_PRIORITY IO_RATE IO_READ_RATE IO_WRITE_RATE PERCENT_SWAP_DELAY PERCENT_IO_DELAY Command
-.sort_key=IO_RATE
-.tree_sort_key=PID
-.tree_view=0
-.tree_view_always_by_pid=0
-.sort_direction=-1
-.tree_sort_direction=1
-.all_branches_collapsed=0

dotfiles/npm/update-notifier-npm-check.json

@@ -1,4 +0,0 @@
-{
-	"optOut": false,
-	"lastUpdateCheck": 1646662583446
-}

dotfiles/secrets/mailserver

@@ -1 +0,0 @@
-b/run/current-system/sw/bin/bash5/BpvLE.0dXQuzNskhAD94U6zFCFvfhzqWJEiBi

dotfiles/stignore

@@ -0,0 +1,8 @@
+(?d)jawz/chrome/userChrome.css
+(?d)jawz/chrome/userContent.css
+(?d)jawz/lock
+(?d)jawz/storage
+(?d)jawz/user.js
+(?d)native-messaging-hosts/org.gnome.browser_connector.json
+(?d)native-messaging-hosts/org.gnome.chrome_gnome_shell.json
+(?d)profiles.ini

dotfiles/unpackerr.conf

@@ -1,222 +0,0 @@
-##      Unpackerr Example Configuration File      ##
-## The following values are application defaults. ##
-## Environment Variables may override all values. ##
-####################################################
-
-# [true/false] Turn on debug messages in the output. Do not wrap this in quotes.
-# Recommend trying this so you know what it looks like. I personally leave it on.
-debug = false
-
-# Disable writing messages to stdout. This silences the app. You should set a log
-# file below if you set this to true. Recommended when starting with systemctl.
-quiet = false
-
-# Setting activity to true will silence all app queue log lines with only zeros.
-# Set this to true when you want less log spam.
-activity = false
-
-# The application queue data is logged on an interval. Adjust that interval with this setting.
-# Default is a minute. 2m, 5m, 10m, 30m, 1h are also perfectly acceptable.
-log_queues = "1m"
-
-# Write messages to a log file. This is the same data that is normally output to stdout.
-# This setting is great for Docker users that want to export their logs to a file.
-# The alternative is to use syslog to log the output of the application to a file.
-# Default is no log file; this is unset. log_files=0 turns off auto-rotation.
-# Default files is 10 and size(mb) is 10 Megabytes; both doubled if debug is true.
-#log_file = '/downloads/unpackerr.log'
-log_files = 10
-log_file_mb = 10
-
-# How often to poll sonarr and radarr.
-# Recommend 1m-5m. Uses Go Duration.
-interval = "5m"
-
-# How long an item must be queued (download complete) before extraction will start.
-# One minute is the historic default and works well. Set higher if your downloads
-# take longer to finalize (or transfer locally). Uses Go Duration.
-start_delay = "1m"
-
-# How long to wait before removing the history for a failed extraction.
-# Once the history is deleted the item will be recognized as new and
-# extraction will start again. Uses Go Duration.
-retry_delay = "5m"
-
-# How many files may be extracted in parallel. 1 works fine.
-# Do not wrap the number in quotes. Raise this only if you have fast disks and CPU.
-parallel = 1
-
-# Use these configurations to control the file modes used for newly extracted
-# files and folders. Recommend 0644/0755 or 0666/0777.
-file_mode = "0664"
-dir_mode = "0775"
-
-[webserver]
-## The web server currently only supports metrics; set this to true if you wish to use it.
-  metrics = false
-## This may be set to a port or an ip:port to bind a specific IP. 0.0.0.0 binds ALL IPs.
-  listen_addr = "0.0.0.0:5656"
-## Recommend setting a log file for HTTP requests. Otherwise, they go with other logs.
-  log_file = ""
-## This app automatically rotates logs. Set these to the size and number to keep.
-  log_files = 10
-  log_file_mb = 10
-## Set both of these to valid file paths to enable HTTPS/TLS.
-  ssl_cert_file = ""
-  ssl_key_file = ""
-## Base URL from which to serve content.
-  urlbase = "/"
-## Upstreams should be set to the IP or CIDR of your trusted upstream proxy.
-## Setting this correctly allows X-Forwarded-For to be used in logs.
-## In the future it may control auth proxy trust. Must be a list of strings.
-  upstreams = [ ] # example: upstreams = [ "127.0.0.1/32", "10.1.2.0/24" ]
-
-##-Notes-#######-READ THIS!!!-##################################################
-## The following sections can be repeated if you have more than one Sonarr,   ##
-## Radarr or Lidarr, Readarr, Folder, Webhook, or Command Hook.               ##
-## You MUST uncomment the [[header]] and api_key at a minimum for Starr apps. ##
-##                ALL LINES BEGINNING WITH A HASH # ARE IGNORED               ##
-##            REMOVE THE HASH # FROM CONFIG LINES YOU WANT TO CHANGE          ##
-################################################################################
-
-[[sonarr]]
-url = "http://localhost:8989"
-api_key = "52869fe7bec4482dafb21c4053fe71e4"
-## File system path where downloaded Sonarr items are located.
-paths = ['/mnt/pool/multimedia/downloads/torrent']
-## Default protocols is torrent. Alternative: "torrent,usenet"
-protocols = "torrent"
-## How long to wait for a reply from the backend.
-timeout = "10s"
-## How long to wait after import before deleting the extracted items.
-delete_delay = "5m"
-## If you use this app with NZB you may wish to delete archives after extraction.
-## General recommendation is: do not enable this for torrent use.
-## Setting this to true deletes the entire original download folder after import.
-# delete_orig = false
-## If you use Syncthing, setting this to true will make unpackerr wait for syncs to finish.
-# syncthing = false
-
-[[radarr]]
-url = "http://127.0.0.1:7878"
-api_key = "a987ac45ca2c47bc88e762031ea33296"
-## File system path where downloaded Radarr items are located.
-paths = ['/mnt/pool/multimedia/downloads/torrent']
-## Default protocols is torrents. Alternative: "torrent,usenet"
-protocols = "torrent"
-## How long to wait for a reply from the backend.
-timeout = "10s"
-## How long to wait after import before deleting the extracted items.
-delete_delay = "5m"
-## If you use this app with NZB you may wish to delete archives after extraction.
-## General recommendation is: do not enable this for torrent use.
-## Setting this to true deletes the entire original download folder after import.
-# delete_orig = false
-## If you use Syncthing, setting this to true will make unpackerr wait for syncs to finish.
-# syncthing = false
-
-#[[lidarr]]
-# url = "http://127.0.0.1:8686"
-# api_key = "0123456789abcdef0123456789abcdef"
-## File system path where downloaded Lidarr items are located.
-# paths = ['/downloads']
-## Default protocols is torrent. Alternative: "torrent,usenet"
-# protocols = "torrent"
-## How long to wait for a reply from the backend.
-# timeout = "10s"
-## How long to wait after import before deleting the extracted items.
-# delete_delay = "5m"
-## If you use this app with NZB you may wish to delete archives after extraction.
-## General recommendation is: do not enable this for torrent use.
-## Setting this to true deletes the entire original download folder after import.
-# delete_orig = false
-## If you use Syncthing, setting this to true will make unpackerr wait for syncs to finish.
-# syncthing = false
-
-#[[readarr]]
-# url = "http://127.0.0.1:8787"
-# api_key = "0123456789abcdef0123456789abc"
-## File system path where downloaded Readarr items are located.
-# paths = ['/downloads']
-## Default protocols is torrent. Alternative: "torrent,usenet"
-# protocols = "torrent"
-## How long to wait for a reply from the backend.
-# timeout = "10s"
-## How long to wait after import before deleting the extracted items.
-# delete_delay = "5m"
-## If you use this app with NZB you may wish to delete archives after extraction.
-## General recommendation is: do not enable this for torrent use.
-## Setting this to true deletes the entire original download folder after import.
-# delete_orig = false
-## If you use Syncthing, setting this to true will make unpackerr wait for syncs to finish.
-# syncthing = false
-
-
-##################################################################################
-### ###  STOP HERE ### STOP HERE ### STOP HERE ### STOP HERE #### STOP HERE  ### #
-### Only using Starr apps? The things above. The below configs are OPTIONAL. ### #
-##################################################################################
-
-##-Folders-#######################################################################
-## This application can also watch folders for things to extract. If you copy a ##
-## subfolder into a watched folder (defined below) any extractable items in the ##
-## folder will be decompressed. This has nothing to do with Starr applications. ##
-##################################################################################
-#[[folder]]
-# path = '/some/folder/to/watch'
-## Path to extract files to. The default (leaving this blank) is the same as `path` (above).
-# extract_path = ""
-## Delete extracted or original files this long after extraction.
-## The default is 0. Set to 0 to disable all deletes. Uncomment it to enable deletes. Uses Go Duration.
-# delete_after = "10m"
-## Delete extracted files after successful extraction? true/false, no quotes. Honors delete_after.
-# delete_files = false
-## Delete original items after successful extraction? true/false, no quotes. Honors delete_after.
-# delete_original = false
-## Disable extraction log (unpackerred.txt) file creation? true/false, no quotes.
-# disable_log = false
-## Move extracted files into original folder? If false, files go into an _unpackerred folder.
-# move_back = false
-## Set this to true if you want this app to extract ISO files with .iso extension.
-# extract_isos = false
-
-
-################
-### Webhooks ###
-################
-# Sends a webhook when an extraction queues, starts, finishes, and/or is deleted.
-# Created to integrate with notifiarr.com.
-# Also works natively with Discord.com, Telegram.org, and Slack.com webhooks.
-# Can possibly be used with other services by providing a custom template_path.
-###### Don't forget to uncomment [[webhook]] and url at a minimum !!!!
-#[[webhook]]
-# url    = "https://notifiarr.com/api/v1/notification/unpackerr/api_key_from_notifiarr_com"
-# name   = ""    # Set this to hide the URL in logs.
-# silent = false # do not log success (less log spam)
-# events = [0]   # list of event ids to include, 0 == all.
-## Advanced Optional Webhook Configuration
-# nickname      = ""    # Used in Discord and Slack templates as bot name, in Telegram as chat_id.
-# channel       = ""    # Also passed into templates. Used in Slack templates for destination channel.
-# exclude       = []    # list of apps to exclude, ie. ["radarr", "lidarr"]
-# template_path = ""    # Override internal webhook template for discord.com or other hooks.
-# template      = ""    # Override automatic template detection. Values: notifiarr, discord, telegram, gotify, pushover, slack
-# ignore_ssl    = false # Set this to true to ignore the SSL certificate on the server.
-# timeout       = "10s" # You can adjust how long to wait for a server response.
-# content_type  = "application/json" # If your custom template uses another MIME type, set this.
-
-
-#####################
-### Command Hooks ###
-#####################
-# Executes a script or command when an extraction queues, starts, finishes, and/or is deleted.
-# All data is passed in as environment variables. Try /usr/bin/env to see what variables are available.
-###### Don't forget to uncomment [[cmdhook]] and url at a minimum !!!!
-#[[cmdhook]]
-# command = '/my/cool/app' # Path to command or script.
-# shell   = false # Runs the command inside /bin/sh ('nix) or cmd.exe (Windows).
-# name    = ""    # Provide an optional name for logging.
-# silent  = false # Hides command output from logs.
-# events  = [0]   # list of event ids to include, 0 == all.
-## Optional Command Hook Configuration
-# exclude       = []    # list of apps to exclude, ie. ["radarr", "lidarr"]
-# timeout       = "10s" # You can adjust how long to wait for a server response.

dotfiles/wget/wgetrc

@@ -1 +0,0 @@
-hsts-file = /home/jawz/.cache/wget-hsts

environments/cinnamon.nix

@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+{
+  services = {
+    libinput.enable = true;
+    xserver = {
+      enable = true;
+      displayManager.lightdm.enable = true;
+      desktopManager.cinnamon.enable = true;
+    };
+  };
+  qt = {
+    enable = true;
+    style = "adwaita";
+  };
+  users.users.jawz.packages = builtins.attrValues {
+    inherit (pkgs)
+      adw-gtk3 # theme legacy applications
+      papirus-icon-theme # icon theme
+      ;
+  };
+}

environments/gnome.nix

@@ -0,0 +1,46 @@
+{
+  pkgs,
+  lib,
+  ...
+}:
+{
+  qt.enable = true;
+  services = {
+    gvfs.enable = true;
+    libinput.enable = true;
+    xserver = {
+      enable = true;
+      displayManager.gdm.enable = true;
+      desktopManager = {
+        gnome.enable = true;
+        xterm.enable = lib.mkForce false;
+      };
+    };
+  };
+  environment.gnome.excludePackages = builtins.attrValues {
+    inherit (pkgs)
+      baobab
+      cheese
+      epiphany
+      gnome-characters
+      gnome-connections
+      gnome-font-viewer
+      gnome-photos
+      # gnome-text-editor
+      gnome-tour
+      yelp
+      gnome-music
+      totem
+      ;
+  };
+  users.users.jawz.packages = builtins.attrValues {
+    inherit (pkgs.gnomeExtensions)
+      tactile # window manager
+      freon # hardware temperature monitor
+      gamemode-shell-extension # I guess I'm a gamer now?
+      burn-my-windows # special effects for when closing windows
+      pano # clipboard manager
+      pop-shell
+      ;
+  };
+}

environments/hyprland.nix

@@ -0,0 +1,137 @@
+{
+  pkgs,
+  config,
+  ...
+}:
+let
+  mod = "SUPER";
+  waybarConfig = import ./waybar-config.nix { inherit pkgs config; };
+  waybarStyle = import ./waybar-style.nix { inherit config; };
+in
+{
+  programs.hyprland.enable = true;
+  services.greetd = {
+    enable = true;
+    settings.default_session = {
+      command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd Hyprland";
+      user = "greeter";
+    };
+  };
+  users.users.jawz.packages = builtins.attrValues {
+    inherit (pkgs)
+      # Wayland utilities
+      wl-clipboard-rs
+      wf-recorder
+      grimblast # screenshots
+      mako # notification daemon
+      libnotify # dependency of mako
+      swaylock-effects # screen locker
+      yazi # file manager
+      imv # images
+      playerctl # media player control
+      ;
+  };
+  home-manager.users.jawz = {
+    programs = {
+      wofi = {
+        enable = true;
+        settings = {
+          allow_images = true;
+          allow_markup = true;
+          insensitive = true;
+          width = "30%";
+        };
+      };
+      waybar = waybarConfig.programs.waybar // {
+        style = waybarStyle;
+      };
+    };
+    wayland.windowManager.hyprland = {
+      enable = true;
+      settings = {
+        general = {
+          gaps_in = 5;
+          gaps_out = 10;
+          border_size = 3;
+          layout = "dwindle";
+        };
+        misc = {
+          disable_hyprland_logo = true;
+          disable_splash_rendering = true;
+          force_default_wallpaper = 0;
+        };
+        dwindle = {
+          pseudotile = true;
+          preserve_split = true;
+          force_split = 2;
+        };
+        bind = [
+          "${mod}, return, exec, ghostty"
+          "${mod}, Q, killactive,"
+          "${mod} SHIFT, F, togglefloating,"
+          "${mod}, F, fullscreen,"
+          "${mod}, T, pin,"
+          "${mod}, G, togglegroup,"
+          "${mod}, bracketleft, changegroupactive, b"
+          "${mod}, bracketright, changegroupactive, f"
+          "${mod}, S, exec, wofi --show drun icons"
+          "${mod}, P, pin, active"
+          "${mod}, left, movefocus, l"
+          "${mod}, right, movefocus, r"
+          "${mod}, up, movefocus, u"
+          "${mod}, down, movefocus, d"
+          "${mod}, h, movefocus, l"
+          "${mod}, l, movefocus, r"
+          "${mod}, k, movefocus, u"
+          "${mod}, j, movefocus, d"
+          "${mod} SHIFT, left, movewindow, l"
+          "${mod} SHIFT, right, movewindow, r"
+          "${mod} SHIFT, up, movewindow, u"
+          "${mod} SHIFT, down, movewindow, d"
+          "${mod} SHIFT, h, movewindow, l"
+          "${mod} SHIFT, l, movewindow, r"
+          "${mod} SHIFT, k, movewindow, u"
+          "${mod} SHIFT, j, movewindow, d"
+          "${mod}, 1, workspace, 1"
+          "${mod}, 2, workspace, 2"
+          "${mod}, 3, workspace, 3"
+          "${mod}, 4, workspace, 4"
+          "${mod}, 5, workspace, 5"
+          "${mod}, 6, workspace, 6"
+          "${mod}, 7, workspace, 7"
+          "${mod}, 8, workspace, 8"
+          "${mod}, 9, workspace, 9"
+          "${mod}, 0, workspace, 10"
+          "${mod} SHIFT, 1, movetoworkspace, 1"
+          "${mod} SHIFT, 2, movetoworkspace, 2"
+          "${mod} SHIFT, 3, movetoworkspace, 3"
+          "${mod} SHIFT, 4, movetoworkspace, 4"
+          "${mod} SHIFT, 5, movetoworkspace, 5"
+          "${mod} SHIFT, 6, movetoworkspace, 6"
+          "${mod} SHIFT, 7, movetoworkspace, 7"
+          "${mod} SHIFT, 8, movetoworkspace, 8"
+          "${mod} SHIFT, 9, movetoworkspace, 9"
+          "${mod} SHIFT, 0, movetoworkspace, 10"
+          "${mod}, F3, exec, grimblast save area ~/Pictures/screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png"
+          "${mod} SHIFT, F3, exec, grimblast save screen ~/Pictures/screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png"
+        ];
+        binde = [
+          "${mod} SHIFT, h, moveactive, -20 0"
+          "${mod} SHIFT, l, moveactive, 20 0"
+          "${mod} SHIFT, k, moveactive, 0 -20"
+          "${mod} SHIFT, j, moveactive, 0 20"
+          "${mod} CTRL, l, resizeactive, 30 0"
+          "${mod} CTRL, h, resizeactive, -30 0"
+          "${mod} CTRL, k, resizeactive, 0 -10"
+          "${mod} CTRL, j, resizeactive, 0 10"
+          ",XF86AudioRaiseVolume, exec, wpctl set-volume -l 1.4 @DEFAULT_AUDIO_SINK@ 5%+"
+          ",XF86AudioLowerVolume, exec, wpctl set-volume -l 1.4 @DEFAULT_AUDIO_SINK@ 5%-"
+        ];
+        bindm = [
+          "${mod}, mouse:272, movewindow"
+          "${mod}, mouse:273, resizewindow"
+        ];
+      };
+    };
+  };
+}

environments/waybar-config.nix

@@ -0,0 +1,113 @@
+_: {
+  programs.waybar = {
+    enable = true;
+    systemd.enable = true;
+    settings.main-bar = {
+      layer = "top";
+      height = 18;
+      tray.spacing = 5;
+      clock = {
+        format = "{:%a %b %d  %I:%M %p}";
+        tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
+      };
+      modules-left = [
+        "hyprland/workspaces"
+        "custom/separator"
+        "temperature#cpu"
+        "custom/gpu-temp"
+      ];
+      modules-center = [
+        "clock"
+      ];
+      modules-right = [
+        "tray"
+        "mpris"
+        "wireplumber"
+        "wireplumber#microphone"
+      ];
+      "hyprland/workspaces" = {
+        format = "{icon}";
+        active-only = true;
+        on-scroll-up = "hyprctl dispatch workspace e-1";
+        on-scroll-down = "hyprctl dispatch workspace e+1";
+        persistent-workspaces."*" = 10; # Show 5 workspaces on all monitors
+      };
+      "custom/separator" = {
+        format = "|";
+        tooltip = false;
+      };
+      cava = {
+        bars = 14;
+        method = "pulse";
+        framerate = 20;
+        bar_delimiter = 0;
+        stereo = false;
+        format-icons.default = [
+          "▁"
+          "▂"
+          "▃"
+          "▄"
+          "▅"
+          "▆"
+          "▇"
+          "█"
+        ];
+      };
+      "temperature#cpu" = {
+        interval = 2;
+        format = " {temperatureC}°C";
+        critical-threshold = 80;
+        hwmon-path = "/sys/class/hwmon/hwmon1/temp1_input";
+        tooltip-format = "CPU: {temperatureC}°C";
+      };
+      "custom/gpu-temp" = {
+        exec = "nvidia-smi --query-gpu=temperature.gpu --format=csv,noheader,nounits";
+        format = "󰢮 {}°C";
+        interval = 2;
+        tooltip-format = "GPU: {}°C";
+      };
+      mpris = {
+        interval = 2;
+        format = "{player_icon} {dynamic}";
+        format-paused = "{status_icon} {dynamic}";
+        dynamic-len = 40;
+        on-click = "playerctl play-pause";
+        on-scroll-up = "playerctl next";
+        on-scroll-down = "playerctl previous";
+        dynamic-order = [
+          "title"
+          "artist"
+        ];
+        player-icons = {
+          default = "🎵";
+          firefox = "🦊";
+          librewolf = "🦊";
+        };
+        status-icons = {
+          paused = "";
+          playing = "";
+        };
+      };
+      wireplumber = {
+        format = "{icon}  {volume}%";
+        format-muted = "󰝟  muted";
+        scroll-step = 5;
+        on-click = "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
+        format-icons.default = [
+          "󰕿"
+          "󰖀"
+          "󰕾"
+        ];
+      };
+      "wireplumber#microphone" = {
+        format = "{format_source}";
+        format-source = "  {volume}%";
+        format-source-muted = "";
+        on-click = "wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle";
+        on-scroll-up = "wpctl set-volume @DEFAULT_AUDIO_SOURCE@ 5%+";
+        on-scroll-down = "wpctl set-volume @DEFAULT_AUDIO_SOURCE@ 5%-";
+        tooltip-format = "{source_desc}";
+      };
+    };
+  };
+}

environments/waybar-style.nix

@@ -0,0 +1,41 @@
+{
+  config,
+  ...
+}:
+let
+  inherit (config.lib.stylix) colors;
+in
+''
+  * {
+    border: none;
+    font-family: "${config.stylix.fonts.monospace.name}";
+    font-size: ${toString config.stylix.fonts.sizes.desktop}pt;
+    color: #${colors.base04};
+  }
+  window#waybar {
+    background: #${colors.base00};
+    min-height: 18px;
+  }
+  .module {
+    background: #${colors.base00};
+    margin: 0px 3px 0px 3px;
+    padding: 4px 6px 4px 6px;
+  }
+  #workspaces button {
+    padding: 2px 8px;
+    margin: 2px;
+    border-radius: 8px;
+    background: transparent;
+    color: #${colors.base03};
+    border: none;
+    min-width: 20px;
+  }
+  #workspaces button.active {
+    background: #${colors.base02};
+    color: #${colors.base05};
+  }
+  #workspaces button:hover {
+    background: #${colors.base01};
+    color: #${colors.base04};
+  }
+''

flake.nix

@@ -1,74 +1,72 @@
 {
   description = "JawZ NixOS flake setup";
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-24.05";
-    unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable";
-    master.url = "github:nixos/nixpkgs?ref=master";
-    home-manager = {
-      url = "github:nix-community/home-manager/release-24.05";
+    flake-parts.url = "github:hercules-ci/flake-parts";
+    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.05";
+    nixpkgs-small.url = "github:nixos/nixpkgs?ref=nixos-25.05-small";
+    nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable";
+    ucodenix.url = "github:e-tho/ucodenix/ba7f0a366460e0fbea9622fc770cb982be0e4720";
+    doom-emacs = {
+      url = "github:marienz/nix-doom-emacs-unstraightened/ad01165af00765af07989b6ad14115960ac675f8";
+      inputs.nixpkgs.follows = "";
+    };
+    jawz-scripts = {
+      url = "git+https://git.lebubu.org/jawz/scripts.git";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nur = {
+      url = "github:nix-community/nur";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nix-gaming = {
+      url = "github:fufexan/nix-gaming";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    hyprland = {
+      url = "github:hyprwm/Hyprland";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    home-manager = {
+      url = "github:nix-community/home-manager?ref=release-25.05";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    nix-gaming.url = "github:fufexan/nix-gaming";
     sops-nix = {
       url = "github:Mic92/sops-nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    stylix = {
+      url = "github:danth/stylix/release-25.05";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nixtendo-switch = {
+      url = "github:nyawox/nixtendo-switch";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    wallpapers = {
+      url = "git+https://git.lebubu.org/jawz/wallpapers.git";
+      flake = false;
+    };
+    fonts = {
+      url = "git+https://git.lebubu.org/jawz/fonts.git";
+      flake = false;
+    };
+    qbit_manage = {
+      url = "github:StuffAnThings/qbit_manage";
+      flake = false;
+    };
   };
-
   outputs =
-    { self, nixpkgs, unstable, master, home-manager, sops-nix, ... }@inputs:
-    let
-      inherit (self) outputs;
-      lib = nixpkgs.lib // home-manager.lib;
-      system = "x86_64-linux";
-      makePkgs = repo:
-        import repo {
-          inherit system;
-          config.allowUnfree = true;
-        };
-      pkgs = makePkgs nixpkgs;
-      pkgsU = makePkgs unstable;
-      pkgsM = makePkgs master;
-    in {
-      inherit lib pkgs;
-      formatter = pkgs.alejandra;
-      nixosConfigurations = {
-        workstation = lib.nixosSystem {
-          inherit system;
-          specialArgs = { inherit inputs outputs; };
-          modules = [
-            ./hosts/workstation/configuration.nix
-            sops-nix.nixosModules.sops
-            ({ pkgs, ... }: {
-              nixpkgs.overlays =
-                [ (import ./overlay.nix { inherit pkgs pkgsU pkgsM; }) ];
-            })
+    inputs:
+    inputs.flake-parts.lib.mkFlake { inherit inputs; } {
+      imports = [
+        ./parts/core.nix
+        ./parts/hosts.nix
+        ./parts/packages.nix
+        ./parts/devshells.nix
       ];
     };
-        miniserver = lib.nixosSystem {
-          inherit system;
-          specialArgs = { inherit inputs outputs; };
-          modules = [
-            ./hosts/miniserver/configuration.nix
-            sops-nix.nixosModules.sops
-            ({ pkgs, ... }: {
-              nixpkgs.overlays =
-                [ (import ./overlay.nix { inherit pkgs pkgsU pkgsM; }) ];
-            })
-          ];
-        };
-        server = lib.nixosSystem {
-          inherit system;
-          specialArgs = { inherit inputs outputs; };
-          modules = [
-            ./hosts/server/configuration.nix
-            sops-nix.nixosModules.sops
-            ({ pkgs, ... }: {
-              nixpkgs.overlays =
-                [ (import ./overlay.nix { inherit pkgs pkgsU pkgsM; }) ];
-            })
-          ];
-        };
-      };
-    };
 }

gnome.nix

@@ -1,58 +0,0 @@
-{ pkgs, ... }:
-
-{
-  services = {
-    gvfs.enable = true;
-    libinput.enable = true;
-    xserver = {
-      enable = true;
-      displayManager.gdm.enable = true;
-      desktopManager.gnome = {
-        enable = true;
-        extraGSettingsOverridePackages = [ pkgs.gnome.mutter ];
-        extraGSettingsOverrides = ''
-          [org.gnome.mutter]
-          experimental-features=['variable-refresh-rate', 'scale-monitor-framebuffer']
-        '';
-      };
-    };
-  };
-  environment.gnome.excludePackages = (with pkgs; [
-    gnome-photos
-    gnome-tour
-    gnome-text-editor
-    gnome-connections
-    # gnome-shell-extensions
-    baobab
-  ]) ++ (with pkgs.gnome; [
-    # totem
-    gnome-music
-    epiphany
-    gnome-characters
-    yelp
-    gnome-font-viewer
-    cheese
-  ]);
-  qt = {
-    enable = true;
-    style = "adwaita-dark";
-  };
-  users.users.jawz.packages = (with pkgs; [
-    # ffmpegthumbnailer # generate thumbnails
-    adw-gtk3 # theme legacy applications
-    gnome.gnome-tweaks # tweaks for the gnome desktop environment
-    papirus-icon-theme # icon theme
-    libgda # for pano shell extension
-    # gradience # theme customizer, allows you to modify adw-gtk3 themes
-  ]) ++ (with pkgs.gnomeExtensions; [
-    appindicator # applets for open applications
-    reading-strip # like putting a finger on every line I read
-    tactile # window manager
-    pano # clipboard manager
-    freon # hardware temperature monitor
-    gamemode-indicator-in-system-settings # I guess I'm a gamer now?
-    blur-my-shell # make the overview more visually appealing
-    burn-my-windows
-    # forge # window manager
-  ]);
-}

home-manager.nix

@@ -1,57 +0,0 @@
-{ config, ... }: {
-  home.stateVersion = "24.05";
-  programs.bash = {
-    enable = true;
-    historyFile = "\${XDG_STATE_HOME}/bash/history";
-    historyControl = [ "erasedups" "ignorespace" "ignoredups" ];
-    shellAliases = {
-      cp = "cp -i";
-      mv = "mv -i";
-      mkdir = "mkdir -p";
-      ".." = "cd ..";
-      "..." = "cd ../..";
-      ".3" = "cd ../../..";
-      ".4" = "cd ../../../..";
-      ".5" = "cd ../../../../..";
-      c = "cat";
-      sc = "systemctl --user";
-      jc = "journalctl --user -xefu";
-      open-gallery = ''
-        cd /mnt/miniserver/pool/scrapping/JawZ/gallery-dl &&
-        xdg-open "$(fd . ./ Husbands -tdirectory -d 1 | fzf -i)"'';
-    };
-    enableVteIntegration = true;
-    initExtra = ''
-      $HOME/.local/bin/pokemon-colorscripts -r --no-title
-      export command_timeout=60
-    '';
-  };
-  xdg = {
-    enable = true;
-    userDirs = {
-      enable = true;
-      createDirectories = false;
-      desktop = "${config.home.homeDirectory}";
-      documents = "${config.home.homeDirectory}/Documents";
-      download = "${config.home.homeDirectory}/Downloads";
-      music = "${config.home.homeDirectory}/Music";
-      pictures = "${config.home.homeDirectory}/Pictures";
-      templates = "${config.xdg.dataHome}/Templates";
-      videos = "${config.home.homeDirectory}/Videos";
-    };
-    configFile."wgetrc".source = ./dotfiles/wget/wgetrc;
-  };
-  programs = {
-    helix.enable = true;
-    direnv = {
-      enable = true;
-      enableBashIntegration = true;
-      nix-direnv.enable = true;
-    };
-    git = {
-      enable = true;
-      userName = "Danilo Reyes";
-      userEmail = "CaptainJawZ@protonmail.com";
-    };
-  };
-}

hosts/emacs/configuration.nix

@@ -0,0 +1,49 @@
+{
+  lib,
+  ...
+}:
+{
+  imports = [
+    ../../config/base.nix
+    ../../config/stylix.nix
+    ../../environments/hyprland.nix
+  ];
+  virtualisation.vmVariant.virtualisation = {
+    memorySize = 4096;
+    cores = 4;
+    graphics = true;
+    resolution = {
+      x = 1920;
+      y = 1080;
+    };
+  };
+  my = {
+    secureHost = false;
+    stylix.enable = true;
+    emacs.enable = true;
+    apps.fonts.enable = true;
+    shell.tools.enable = true;
+    services.network.enable = true;
+    dev = {
+      nix.enable = true;
+      python.enable = true;
+      sh.enable = true;
+      rust.enable = true;
+      ruby.enable = true;
+      javascript.enable = true;
+      go.enable = true;
+      haskell.enable = true;
+      cc.enable = true;
+      julia.enable = true;
+      zig.enable = true;
+      docker.enable = true;
+    };
+    interfaces = lib.mkMerge [
+      {
+        emacs = "eth0";
+      }
+    ];
+  };
+  networking.hostName = "emacs";
+  environment.systemPackages = [ ];
+}

hosts/galaxy/configuration.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ../../config/base.nix
+    ../../config/stylix.nix
+  ];
+}

hosts/miniserver/configuration.nix

@@ -1,65 +1,32 @@
-{ ... }: {
-  imports = [ ./hardware-configuration.nix ../../base.nix ];
-  my = {
-    emacs.enable = true;
-    apps.dictionaries.enable = true;
-    shell.tools.enable = true;
-    services.network.enable = true;
-    dev = {
-      nix.enable = true;
-      python.enable = true;
-      sh.enable = true;
-    };
-    units = {
-      download.enable = true;
-      stream-dl.enable = true;
-    };
-    scripts = {
-      run.enable = true;
-      split-dir.enable = true;
-      download.enable = true;
-      ffmpreg.enable = true;
-      ffmpeg4discord.enable = true;
-      manage-library.enable = true;
-      pika-list.enable = true;
-      find-dup-episodes.enable = true;
-      update-dns.enable = true;
-    };
-    servers = {
-      jellyfin = {
-        enable = true;
-        enableCron = false;
-      };
-      nextcloud = {
-        enable = true;
-        enableCron = true;
-      };
-      adguardhome.enable = false;
-      audiobookshelf.enable = false;
-      bazarr.enable = false;
-      collabora.enable = true;
-      flame.enable = true;
-      flameSecret.enable = true;
-      go-vod.enable = false;
-      kavita.enable = false;
-      lidarr.enable = false;
-      maloja.enable = true;
-      mealie.enable = true;
-      metube.enable = false;
-      microbin.enable = true;
-      multi-scrobbler.enable = true;
-      paperless.enable = true;
-      postgres.enable = true;
-      prowlarr.enable = false;
-      qbittorrent.enable = true;
-      radarr.enable = false;
-      ryot.enable = true;
-      shiori.enable = true;
-      sonarr.enable = false;
-      vaultwarden.enable = true;
-      firefly-iii.enable = true;
+{ config, inputs, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ../../config/base.nix
+    ../../config/stylix.nix
+  ];
+  my = import ./toggles.nix { inherit inputs; } // {
+    nix.cores = 3;
+    nix.maxJobs = 8;
+    users.nixremote.enable = true;
+    users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
+      "nixworkstation"
+      "nixserver"
+    ];
   };
+  nix.buildMachines =
+    let
+      buildMachine = hostName: maxJobs: speedFactor: {
+        inherit hostName maxJobs speedFactor;
+        system = "x86_64-linux";
+        sshUser = "nixremote";
+        supportedFeatures = config.my.nix.features;
       };
+    in
+    [
+      (buildMachine "workstation" 8 40)
+      (buildMachine "server" 6 17)
+    ];
   networking = {
     hostName = "miniserver";
     firewall = {
@@ -67,53 +34,19 @@
       allowedUDPPorts = [ 2049 ];
     };
   };
-  nix = let
-    featuresList = [
-      "nixos-test"
-      "benchmark"
-      "big-parallel"
-      "kvm"
-      "gccarch-znver3"
-      "gccarch-skylake"
-      "gccarch-alderlake"
-    ];
-  in {
-    settings.cores = 3;
-    buildMachines = [{
-      hostName = "workstation";
-      system = "x86_64-linux";
-      sshUser = "nixremote";
-      maxJobs = 14;
-      speedFactor = 1;
-      supportedFeatures = featuresList;
-    }];
-  };
   nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
-  users = {
-    groups.nixremote.gid = 555;
-    users.nixremote = {
-      isNormalUser = true;
-      createHome = true;
-      group = "nixremote";
-      home = "/var/nixremote/";
-      openssh.authorizedKeys.keys =
-        [ (builtins.readFile ../../secrets/ssh/ed25519_nixworkstation.pub) ];
-    };
-  };
   services = {
     btrfs.autoScrub = {
       enable = true;
       fileSystems = [ "/" ];
     };
-    # minidlna = {
-    #   enable = true;
-    #   openFirewall = true;
-    #   settings = {
-    #     inotify = "yes";
-    #     media_dir = [
-    #       "/mnt/pool/glue"
-    #     ];
-    #   };
-    # };
+    minidlna = {
+      enable = false;
+      openFirewall = true;
+      settings = {
+        inotify = "yes";
+        media_dir = [ "/srv/pool/" ];
+      };
+    };
   };
 }

hosts/miniserver/hardware-configuration.nix

@@ -1,23 +1,23 @@
-{ lib, modulesPath, ... }: {
+{
+  lib,
+  modulesPath,
+  pkgs,
+  ...
+}:
+{
   imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-  nixpkgs.hostPlatform = "x86_64-linux";
   powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
   hardware = {
     cpu.intel.updateMicrocode = lib.mkDefault true;
-    opengl = {
+    graphics = {
       enable = true;
-      driSupport = true;
-      driSupport32Bit = true;
+      enable32Bit = true;
+      extraPackages = [ pkgs.vpl-gpu-rt ];
     };
   };
   boot = {
     kernelModules = [ "kvm-intel" ];
-    kernel.sysctl = {
-      "vm.swappiness" = 80;
-      "net.ipv6.conf.all.disable_ipv6" = 1;
-      "net.ipv6.conf.lo.disable_ipv6" = 1;
-      "net.ipv6.conf.default.disable_ipv6" = 1;
-    };
+    kernel.sysctl."vm.swappiness" = 80;
     loader = {
       efi = {
         canTouchEfiVariables = true;
@@ -30,30 +30,14 @@
         enableCryptodisk = true;
       };
     };
-    initrd.luks.devices = {
-      nvme = {
-        device = "/dev/disk/by-uuid/30fd7d86-9bed-42a6-8a4e-a2ddb0031233";
-        preLVM = true;
-      };
-      # disk1 = {
-      #   device = "/dev/disk/by-uuid/a9b0f346-7e38-40a6-baf6-3ad80cafc842";
-      #   preLVM = true;
-      # };
-      # disk2 = {
-      #   device = "/dev/disk/by-uuid/0ed12b83-4c56-4ba8-b4ea-75a9e927d771";
-      #   preLVM = true;
-      # };
-      # disk3 = {
-      #   device = "/dev/disk/by-uuid/8cd728f6-0d5b-4cea-8f7d-01aad11192c1";
-      #   preLVM = true;
-      # };
-      # disk4 = {
-      #   device = "/dev/disk/by-uuid/7fcac808-491f-4846-a4a9-a34cc77cb43d";
-      #   preLVM = true;
-      # };
-    };
     extraModulePackages = [ ];
     initrd = {
+      secrets."/keyfile" = /etc/keyfile;
+      luks.devices.nvme = {
+        device = "/dev/disk/by-uuid/30fd7d86-9bed-42a6-8a4e-a2ddb0031233";
+        keyFile = "keyfile";
+        preLVM = true;
+      };
       availableKernelModules = [
         "xhci_pci"
         "ahci"
@@ -67,7 +51,19 @@
       kernelModules = [ "kvm-intel" ];
     };
   };
-  fileSystems = {
+  fileSystems =
+    let
+      nfsMount = server: nfsDisk: {
+        device = "${server}:/${nfsDisk}";
+        fsType = "nfs";
+        options = [
+          "x-systemd.automount"
+          "noauto"
+          "x-systemd.idle-timeout=600"
+        ];
+      };
+    in
+    {
       "/" = {
         device = "/dev/mapper/nvme";
         fsType = "btrfs";
@@ -95,17 +91,6 @@
           "datacow"
         ];
       };
-    # "/mnt/pool" = {
-    #   device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
-    #   fsType = "btrfs";
-    #   options = [
-    #     "subvol=@data"
-    #     "compress=zstd:3"
-    #     "space_cache=v2"
-    #     "commit=120"
-    #     "datacow"
-    #   ];
-    # };
       "/boot" = {
         device = "/dev/disk/by-uuid/bf0aeb95-94cc-4377-b6e4-1dbb4958b334";
         fsType = "ext4";
@@ -115,29 +100,24 @@
         fsType = "vfat";
       };
       "/var/lib/nextcloud/data" = {
-      device = "/mnt/pool/nextcloud";
+        device = "/srv/pool/nextcloud";
         options = [ "bind" ];
-      depends = [ "/mnt/pool" ];
+        depends = [ "/srv/pool" ];
       };
-    # "/mnt/jellyfin/media" = {
-    #   device = "/mnt/pool/multimedia/media";
-    #   options = [ "bind" "ro" ];
-    #   depends = [ "/mnt/pool" ];
-    # };
-    # NFS
       "/export/pool" = {
-      device = "/mnt/pool";
+        device = "/srv/pool";
         options = [ "bind" ];
-      depends = [ "/mnt/pool" ];
+        depends = [ "/srv/pool" ];
       };
       "/export/jawz" = {
         device = "/home/jawz";
         options = [ "bind" ];
-      depends = [ "/mnt/pool" ];
+        depends = [ "/srv/pool" ];
       };
+      "/srv/server/pool" = nfsMount "server" "pool" // { };
+      "/srv/server/jawz" = nfsMount "server" "jawz" // { };
     };
-  services.nfs = {
-    server = {
+  services.nfs.server = {
     enable = true;
     exports = ''
       /export           workstation(rw,fsid=0,no_subtree_check)
@@ -145,8 +125,8 @@
       /export/pool      workstation(rw,nohide,insecure,no_subtree_check)
     '';
   };
-  };
-  swapDevices = [{
+  swapDevices = [
+    {
       device = "/dev/nvme0n1p3";
       randomEncryption = {
         enable = true;
@@ -154,5 +134,6 @@
         keySize = 512;
         sectorSize = 4096;
       };
-  }];
+    }
+  ];
 }

hosts/miniserver/toggles.nix

@@ -0,0 +1,40 @@
+{ inputs }:
+let
+  inherit (inputs.self.lib) mkEnabled mkEnabledWithProxy enableList;
+in
+{
+  emacs.enable = true;
+  enableProxy = true;
+  websites.portfolio.enableProxy = true;
+  apps = enableList mkEnabled [
+    "dictionaries"
+  ];
+  services = enableList mkEnabled [
+    "network"
+  ];
+  shell = enableList mkEnabled [
+    "tools"
+    "multimedia"
+  ];
+  dev = enableList mkEnabled [
+    "nix"
+    "python"
+    "sh"
+  ];
+  units = enableList mkEnabled [
+    "download"
+    "stream-dl"
+  ];
+  scripts = enableList mkEnabled [
+    "split-dir"
+    "pika-list"
+    "update-dns"
+  ];
+  servers =
+    enableList mkEnabled [
+      "qbittorrent"
+    ]
+    // enableList mkEnabledWithProxy [
+      "audiobookshelf"
+    ];
+}

hosts/server/configuration.nix

@@ -1,63 +1,75 @@
-{ ... }: {
-  imports = [ ./hardware-configuration.nix ../../base.nix ];
-  my = {
-    emacs.enable = true;
-    apps.dictionaries.enable = true;
-    shell.tools.enable = true;
-    services.network.enable = true;
-    dev = {
-      nix.enable = true;
-      python.enable = true;
-      sh.enable = true;
-    };
-    scripts = {
-      run.enable = true;
-      split-dir.enable = true;
-      ffmpreg.enable = true;
-      ffmpeg4discord.enable = true;
+{
+  pkgs,
+  config,
+  lib,
+  inputs,
+  ...
+}:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ../../config/base.nix
+    ../../config/stylix.nix
+  ];
+  my = import ./toggles.nix { inherit config inputs; } // {
+    nix.cores = 6;
+    users.nixremote.enable = true;
+    users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
+      "nixworkstation"
+      "nixminiserver"
+    ];
+    network.firewall.enabledServicePorts = true;
+    network.firewall.additionalPorts = [
+      2049 # idk
+      8384 # syncthing gui
+      22000 # syncthing relay
+      3452 # sonarqube
+      8448 # synapse ssl
+    ];
   };
+  nix.buildMachines = [
+    {
+      hostName = "workstation";
+      system = "x86_64-linux";
+      sshUser = "nixremote";
+      maxJobs = 8;
+      speedFactor = 2;
+      supportedFeatures = config.my.nix.features;
+    }
+  ];
+  sops.secrets."vps/home/private" = lib.mkIf config.my.secureHost {
+    sopsFile = ../../secrets/wireguard.yaml;
   };
   networking = {
     hostName = "server";
     firewall = {
-      allowedTCPPorts = [ 2049 ];
-      allowedUDPPorts = [ 2049 ];
+      allowedUDPPorts = config.networking.firewall.allowedTCPPorts;
+      interfaces.wg0.allowedTCPPorts = [ 8081 ];
     };
-  };
-  nix = let
-    featuresList = [
-      "nixos-test"
-      "benchmark"
-      "big-parallel"
-      "kvm"
-      "gccarch-znver3"
-      "gccarch-skylake"
-      "gccarch-alderlake"
+    wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
+      ips = [ "${config.my.ips.wg-server}/32" ];
+      privateKeyFile = config.sops.secrets."vps/home/private".path;
+      peers = [
+        {
+          publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
+          endpoint = "${config.my.ips.vps}:51820";
+          allowedIPs = [
+            "${config.my.ips.wg-vps}/32"
+            "${config.my.ips.wg-friends}/24" # all friends
+          ];
+          persistentKeepalive = 25;
+        }
       ];
-  in {
-    settings.cores = 6;
-    buildMachines = [{
-      hostName = "workstation";
-      system = "x86_64-linux";
-      sshUser = "nixremote";
-      maxJobs = 14;
-      speedFactor = 1;
-      supportedFeatures = featuresList;
-    }];
     };
-  users = {
-    groups.nixremote.gid = 555;
-    users.nixremote = {
-      isNormalUser = true;
-      createHome = true;
-      group = "nixremote";
-      home = "/var/nixremote/";
-      openssh.authorizedKeys.keys =
-        [ (builtins.readFile ../../secrets/ssh/ed25519_nixworkstation.pub) ];
   };
+  users.users.jawz.packages = builtins.attrValues {
+    inherit (pkgs) podman-compose attic-client;
   };
   services.btrfs.autoScrub = {
     enable = true;
-    fileSystems = [ "/" ];
+    fileSystems = [
+      "/"
+      "/srv/pool"
+    ];
   };
 }

hosts/server/hardware-configuration.nix

@@ -1,17 +1,36 @@
-{ lib, modulesPath, ... }: {
+{ lib, modulesPath, ... }:
+let
+  getUUID = uuid: "/dev/disk/by-uuid/${uuid}";
+in
+{
   imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-  hardware = {
-    nvidia = {
-      modesetting.enable = true;
-      powerManagement.enable = true;
-    };
-    cpu.intel.updateMicrocode = lib.mkDefault true;
-    opengl = {
-      enable = true;
-      driSupport = true;
-      driSupport32Bit = true;
-    };
-  };
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault true;
+  security.pam.loginLimits = [
+    {
+      domain = "*";
+      type = "hard";
+      item = "nofile";
+      value = "131072";
+    }
+    {
+      domain = "*";
+      type = "soft";
+      item = "nofile";
+      value = "131072";
+    }
+    {
+      domain = "*";
+      type = "hard";
+      item = "nproc";
+      value = "8192";
+    }
+    {
+      domain = "*";
+      type = "soft";
+      item = "nproc";
+      value = "8192";
+    }
+  ];
   boot = {
     loader = {
       efi = {
@@ -25,39 +44,41 @@
         enableCryptodisk = true;
       };
     };
-    initrd.luks.devices = {
-      nvme = {
-        device = "/dev/disk/by-uuid/af72f45c-cf7c-4e7d-8eab-2a95ab754921";
+    initrd = {
+      secrets."/keyfile" = /etc/keyfile;
+      luks.devices =
+        let
+          decryptLuks = uuid: {
+            device = getUUID uuid;
+            keyFile = "/keyfile";
             preLVM = true;
           };
-      # disk1 = {
-      #   device = "/dev/disk/by-uuid/a9b0f346-7e38-40a6-baf6-3ad80cafc842";
-      #   preLVM = true;
-      # };
-      # disk2 = {
-      #   device = "/dev/disk/by-uuid/0ed12b83-4c56-4ba8-b4ea-75a9e927d771";
-      #   preLVM = true;
-      # };
-      # disk3 = {
-      #   device = "/dev/disk/by-uuid/8cd728f6-0d5b-4cea-8f7d-01aad11192c1";
-      #   preLVM = true;
-      # };
-      # disk4 = {
-      #   device = "/dev/disk/by-uuid/7fcac808-491f-4846-a4a9-a34cc77cb43d";
-      #   preLVM = true;
-      # };
+        in
+        {
+          nvme = decryptLuks "af72f45c-cf7c-4e7d-8eab-2a95ab754921";
+          disk1 = decryptLuks "a9b0f346-7e38-40a6-baf6-3ad80cafc842";
+          disk2 = decryptLuks "0ed12b83-4c56-4ba8-b4ea-75a9e927d771";
+          disk3 = decryptLuks "8cd728f6-0d5b-4cea-8f7d-01aad11192c1";
+          disk4 = decryptLuks "7fcac808-491f-4846-a4a9-a34cc77cb43d";
+          disk5 = decryptLuks "1d05cf50-0f5f-427a-b41f-fab0d11e85e9";
+        };
     };
     kernelModules = [ "kvm-intel" ];
     kernel.sysctl = {
       "vm.swappiness" = 80;
-      "net.ipv6.conf.all.disable_ipv6" = 1;
-      "net.ipv6.conf.lo.disable_ipv6" = 1;
-      "net.ipv6.conf.default.disable_ipv6" = 1;
+      "vm.max_map_count" = 524288;
+      "fs.file-max" = 131072;
     };
     extraModulePackages = [ ];
     initrd = {
-      availableKernelModules =
-        [ "xhci_pci" "ahci" "usbhid" "nvme" "usb_storage" "sd_mod" ];
+      availableKernelModules = [
+        "xhci_pci"
+        "ahci"
+        "usbhid"
+        "nvme"
+        "usb_storage"
+        "sd_mod"
+      ];
       kernelModules = [ ];
     };
   };
@@ -89,65 +110,71 @@
         "datacow"
       ];
     };
-    # "/mnt/pool" = {
-    #   device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
-    #   fsType = "btrfs";
-    #   options = [
-    #     "subvol=@data"
-    #     "compress=zstd:3"
-    #     "space_cache=v2"
-    #     "commit=120"
-    #     "datacow"
-    #   ];
-    # };
     "/boot" = {
       device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156";
       fsType = "ext4";
+      options = [ "nofail" ];
     };
     "/boot/efi" = {
       device = "/dev/disk/by-uuid/CBE7-5DEB";
       fsType = "vfat";
     };
-    # NEXTCCLOUD
-    # "/var/lib/nextcloud/data" = {
-    #   device = "/mnt/pool/nextcloud";
-    #   options = [ "bind" ];
-    #   depends = [ "/mnt/pool" ];
-    # };
-    # "/mnt/jellyfin/media" = {
-    #   device = "/mnt/pool/multimedia/media";
-    #   options = [ "bind" "ro" ];
-    #   depends = [ "/mnt/pool" ];
-    # };
-    # NFS
-    "/export/pool" = {
-      device = "/mnt/pool";
+    "/srv/pool" = {
+      device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
+      fsType = "btrfs";
+      options = [
+        "subvol=@data"
+        "compress=zstd:3"
+        "space_cache=v2"
+        "commit=120"
+        "datacow"
+      ];
+      depends = [ "/boot/efi" ];
+    };
+    "/var/lib/nextcloud/data" = {
+      device = "/srv/pool/nextcloud";
       options = [ "bind" ];
-      depends = [ "/mnt/pool" ];
+      depends = [ "/srv/pool" ];
+    };
+    "/srv/jellyfin/media" = {
+      device = "/srv/pool/multimedia/media";
+      options = [
+        "bind"
+        "ro"
+      ];
+      depends = [ "/srv/pool" ];
+    };
+    "/export/pool" = {
+      device = "/srv/pool";
+      options = [ "bind" ];
+      depends = [ "/srv/pool" ];
     };
     "/export/jawz" = {
       device = "/home/jawz";
       options = [ "bind" ];
-      depends = [ "/mnt/pool" ];
+      depends = [ "/srv/pool" ];
     };
-    "/export/btrfs" = {
-      device = "/mnt/btrfs";
+    "/export/backups" = {
+      device = "/srv/backups";
       options = [ "bind" ];
-      depends = [ "/mnt/pool" ];
+      depends = [ "/srv/pool" ];
     };
   };
-  services.nfs = {
-    server = {
+  services.nfs.server = {
     enable = true;
     exports = ''
       /export           workstation(rw,fsid=0,no_subtree_check)
+                        miniserver(rw,fsid=0,no_subtree_check)
       /export/jawz      workstation(rw,nohide,insecure,no_subtree_check)
+                        miniserver(rw,nohide,insecure,no_subtree_check)
       /export/pool      workstation(rw,nohide,insecure,no_subtree_check)
-        /export/btrfs      workstation(rw,nohide,insecure,no_subtree_check)
+                        miniserver(rw,nohide,insecure,no_subtree_check)
+      /export/backups   workstation(rw,nohide,insecure,no_subtree_check)
+                        miniserver(rw,nohide,insecure,no_subtree_check)
     '';
   };
-  };
-  swapDevices = [{
+  swapDevices = [
+    {
       device = "/dev/disk/by-partuuid/cb0ad486-ebf8-4bfc-ad7c-96bdc68576ca";
       randomEncryption = {
         enable = true;
@@ -155,5 +182,6 @@
         keySize = 512;
         sectorSize = 4096;
       };
-  }];
+    }
+  ];
 }

hosts/server/toggles.nix

@@ -0,0 +1,84 @@
+{ config, inputs }:
+let
+  inherit (inputs.self.lib) mkEnabled enableList;
+  mkEnabledIp = inputs.self.lib.mkEnabledIp config.my.ips.wg-server;
+in
+{
+  mainServer = "server";
+  emacs.enable = true;
+  stylix.enable = true;
+  enableProxy = true;
+  enableContainers = true;
+  apps.dictionaries.enable = true;
+  shell = enableList mkEnabled [
+    "tools"
+    "multimedia"
+  ];
+  services = enableList mkEnabled [
+    "network"
+    "nvidia"
+    "syncthing"
+  ];
+  dev = enableList mkEnabled [
+    "nix"
+    "python"
+    "sh"
+  ];
+  units = enableList mkEnabled [
+    "downloadManga"
+    "download"
+    "stream-dl"
+  ];
+  scripts = enableList mkEnabled [
+    "run"
+    "download"
+    "split-dir"
+    "ffmpreg"
+    "ffmpeg4discord"
+    "manage-library"
+    "library-report"
+    "stream-dl"
+    "pika-list"
+    "find-dup-episodes"
+    "tuh-activity-logger"
+  ];
+  servers = {
+    nextcloud = {
+      enable = true;
+      enableCron = true;
+      enableProxy = true;
+    };
+  }
+  // enableList mkEnabled [
+    "qbittorrent"
+    "sabnzbd"
+    "unpackerr"
+    "postgres"
+    "paperless"
+    "stash"
+    "bazarr"
+    "collabora"
+    "homepage"
+    "kavita"
+    "lidarr"
+    "maloja"
+    "microbin"
+    "multi-scrobbler"
+    "plex"
+    "prowlarr"
+    "radarr"
+    "ryot"
+    "sonarr"
+    "synapse"
+    "jellyfin"
+    "gitea"
+    "mealie"
+    "metube"
+    "atticd"
+  ]
+  // enableList mkEnabledIp [
+    "audiobookshelf"
+    "vaultwarden"
+    "readeck"
+  ];
+}

hosts/workstation/configuration.nix

@@ -1,99 +1,97 @@
-{ pkgs, config, lib, ... }: {
+{
+  pkgs,
+  config,
+  inputs,
+  ...
+}:
+let
+  shellType = config.my.shell.type;
+  krita-thumbnailer = pkgs.writeTextFile {
+    name = "krita-thumbnailer";
+    destination = "/share/thumbnailers/kra.thumbnailer";
+    text = ''
+      [Thumbnailer Entry]
+      Exec=sh -c "${pkgs.unzip}/bin/unzip -p %i preview.png > %o"
+      MimeType=application/x-krita;
+    '';
+  };
+in
+{
   imports = [
     ./hardware-configuration.nix
-    ../../base.nix
-    ../../gnome.nix
-    ../../pkgs/obs-studio.nix
+    ../../config/base.nix
+    ../../config/stylix.nix
+    ../../environments/gnome.nix
+  ];
+  my = import ./toggles.nix { inherit inputs; } // {
+    nix.cores = 8;
+    nix.maxJobs = 8;
+    users.nixremote.enable = true;
+    users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
+      "nixserver"
+      "nixminiserver"
     ];
-  my = {
-    emacs.enable = true;
-    apps = {
-      art.enable = true;
-      dictionaries.enable = true;
-      fonts.enable = true;
-      gaming.enable = true;
-      internet.enable = true;
-      multimedia.enable = true;
-      office.enable = true;
-      misc.enable = true;
   };
-    dev = {
-      haskell.enable = true;
-      nix.enable = true;
-      python.enable = true;
-      gameDev.enable = true;
-      sh.enable = true;
-      javascript.enable = true;
+  home-manager.users.jawz.programs = {
+    vscode = {
+      enable = true;
+      package = pkgs.code-cursor;
     };
-    shell = {
-      exercism.enable = true;
-      multimedia.enable = true;
-      tools.enable = true;
+    ghostty = {
+      enable = true;
+      package = pkgs.ghostty;
+      enableBashIntegration = shellType == "bash";
+      enableZshIntegration = shellType == "zsh";
+      installBatSyntax = true;
+      installVimSyntax = true;
+      settings.term = "xterm-256color";
     };
-    services = {
-      network.enable = true;
-      nvidia.enable = true;
-      printing.enable = true;
-      sound.enable = true;
-    };
-    scripts = {
-      tasks.enable = true;
-      run.enable = true;
-      split-dir.enable = true;
-      download.enable = true;
-      ffmpreg.enable = true;
-      ffmpeg4discord.enable = true;
-    };
-  };
-  sops.secrets = {
-    "resilio/user" = { };
-    "resilio/host" = { };
-    "resilio/password" = { };
   };
   networking = {
     hostName = "workstation";
-    firewall = let
-      openPorts = [
+    firewall = {
+      allowedTCPPorts = [
         6674 # ns-usbloader
+        8384 # syncthing
+      ];
+      allowedTCPPortRanges = [
+        {
+          from = 1714;
+          to = 1764;
+        }
       ];
-      openPortRanges = [{
-        from = 1714; # kdeconnect
-        to = 1764; # kdeconnect
-      }];
-    in {
-      allowedTCPPorts = openPorts;
-      allowedUDPPorts = openPorts;
-      allowedTCPPortRanges = openPortRanges;
-      allowedUDPPortRanges = openPortRanges;
     };
   };
-  nix.settings.cores = 16;
-  nixpkgs.config = {
-    allowUnfree = true;
-    permittedInsecurePackages = [ ];
-  };
-  users = {
-    groups.nixremote.gid = 555;
-    users = {
-      jawz.packages = (with pkgs; [
+  users.users.jawz.packages = [
+    (pkgs.google-cloud-sdk.withExtraComponents [
+      pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
+    ])
+  ]
+  ++ builtins.attrValues {
+    inherit (pkgs)
+      distrobox # install packages from other os
       gocryptfs # encrypted filesystem! shhh!!!
-        torrenttools # create torrent files from the terminal!
       vcsi # video thumbnails for torrents, can I replace it with ^?
-      ]);
-      nixremote = {
-        isNormalUser = true;
-        createHome = true;
-        group = "nixremote";
-        home = "/var/nixremote/";
-        openssh.authorizedKeys.keys = [
-          (builtins.readFile ../../secrets/ssh/ed25519_nixserver.pub)
-          (builtins.readFile ../../secrets/ssh/ed25519_nixminiserver.pub)
-        ];
+      keypunch # practice typing
+      google-cloud-sdk-gce
+      ;
   };
+  environment = {
+    pathsToLink = [ "share/thumbnailers" ];
+    systemPackages = builtins.attrValues {
+      # thumbnail for heif files & videos
+      inherit krita-thumbnailer;
+      inherit (pkgs)
+        libheif
+        ffmpegthumbnailer
+        bign-handheld-thumbnailer
+        gnome-epub-thumbnailer
+        podman-compose
+        scrcpy
+        ;
+      inherit (pkgs.libheif) out;
     };
-  };
-  environment.etc = {
-    "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
+    etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
       bluez_monitor.properties = {
           ["bluez5.enable-sbc-xq"] = true,
           ["bluez5.enable-msbc"] = true,
@@ -110,29 +108,84 @@
     obs-studio = {
       enable = true;
       enableVirtualCamera = true;
+      plugins = builtins.attrValues {
+        inherit (pkgs.obs-studio-plugins)
+          droidcam-obs
+          obs-vkcapture
+          obs-vaapi
+          obs-tuna
+          input-overlay
+          ;
       };
     };
+  };
+  security.pki.certificateFiles = [
+    ../../secrets/ssh/iqQCY4iAWO-ca.pem
+    ../../secrets/ssh/root-private-ca.pem
+  ];
   services = {
+    minio.enable = true;
+    flatpak.enable = true;
+    open-webui.enable = true;
+    scx = {
+      enable = true;
+      scheduler = "scx_lavd";
+    };
     btrfs.autoScrub = {
       enable = true;
       fileSystems = [ "/" ];
     };
-    resilio = {
+    protonmail-bridge = {
       enable = true;
-      useUpnp = true;
-      enableWebUI = true;
-      httpPass =
-        "Uplifting-Proofs-Eggshell-Molecule-Wriggly-Janitor3-Padded-Oxidizing";
-      deviceName = "Oversweet3834";
-      httpLogin = "Oversweet3834";
-      httpListenPort = 9876;
-      httpListenAddr = "0.0.0.0";
-      directoryRoot = "/resilio";
+      path = [ pkgs.gnome-keyring ];
+    };
+    ollama = {
+      enable = true;
+      acceleration = "cuda";
+      models = "/srv/ai/ollama";
+    };
+    postgresql = {
+      enable = true;
+      package = pkgs.postgresql_17;
+      enableTCPIP = true;
+      authentication = pkgs.lib.mkOverride 10 ''
+        local   all    all                                 trust
+        host    all    all    ${config.my.localhost}/32    trust
+        host    all    all    ::1/128                      trust
+      '';
+      ensureDatabases = [ "webref" ];
+      ensureUsers = [
+        {
+          name = "webref";
+          ensureDBOwnership = true;
+        }
+      ];
     };
   };
-  virtualisation.podman = {
-    enable = true;
-    dockerCompat = true;
-    defaultNetwork.settings.dns_enabled = true;
+  programs.virt-manager.enable = true;
+  users.groups.libvirtd.members = [ "jawz" ];
+  virtualisation.libvirtd.enable = true;
+  systemd.services.minio-init = {
+    description = "Initialize MinIO buckets";
+    after = [ "minio.service" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+    script = ''
+      # Wait for MinIO to be ready
+      until ${pkgs.curl}/bin/curl -sf http://localhost:9000/minio/health/live > /dev/null 2>&1; do
+        echo "Waiting for MinIO..."
+        sleep 1
+      done
+
+      # Configure mc alias and create bucket
+      ${pkgs.minio-client}/bin/mc alias set local http://localhost:9000 minioadmin minioadmin || true
+      ${pkgs.minio-client}/bin/mc mb local/webref || true
+      ${pkgs.minio-client}/bin/mc anonymous set public local/webref || true
+
+      echo "MinIO initialized with webref bucket"
+    '';
   };
 }

hosts/workstation/hardware-configuration.nix

@@ -1,29 +1,57 @@
-{ config, pkgs, modulesPath, lib, ... }: {
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-  nixpkgs.hostPlatform = "x86_64-linux";
-  hardware = {
-    cpu.amd.updateMicrocode =
-      lib.mkDefault config.hardware.enableRedistributableFirmware;
-    bluetooth = {
+{
+  modulesPath,
+  config,
+  pkgs,
+  inputs,
+  lib,
+  ...
+}:
+let
+  getMapper = mapper: "/dev/mapper/${mapper}";
+  getUUID = uuid: "/dev/disk/by-uuid/${uuid}";
+in
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    inputs.ucodenix.nixosModules.default
+  ];
+  services = {
+    udev.extraRules = lib.mkIf config.my.apps.gaming.enable ''
+      SUBSYSTEM=="usb", ATTRS{idVendor}=="0cf3", ATTRS{idProduct}=="3005", TAG+="uaccess"
+    '';
+    ucodenix = {
+      enable = true;
+      cpuModelId = "00A50F00";
+    };
+  };
+  hardware.bluetooth = {
     enable = true;
     settings.General = {
       Enable = "Source,Sink,Media,Socket";
       Experimental = true;
     };
   };
-    opentabletdriver = {
-      enable = true;
-      daemon.enable = false;
-    };
-  };
   boot = {
-    kernelPackages = pkgs.linuxPackages_zen;
+    plymouth.enable = true;
+    consoleLogLevel = 0;
+    loader.timeout = 3;
+    kernelParams = [
+      "splash"
+      "boot.shell_on_fail"
+      "loglevel=3"
+      "rd.systemd.show_status=false"
+      "rd.udev.log_level=3"
+      "udev.log_priority=3"
+      "preempt=full"
+      "microcode.amd_sha_check=off"
+    ];
+    kernelPackages = pkgs.linuxPackages;
     kernel.sysctl = {
       "vm.swappiness" = 80;
-      "net.ipv6.conf.all.disable_ipv6" = 1;
-      "net.ipv6.conf.lo.disable_ipv6" = 1;
-      "net.ipv6.conf.default.disable_ipv6" = 1;
       "net.ipv4.tcp_mtu_probing" = 1;
+      "kernel.sched_cfsbandwidth_slice_us" = lib.mkDefault 3000;
+      "net.ipv4.tcp_fin_timeout" = lib.mkDefault 5;
+      "vm.max_map_count" = lib.mkDefault 2147483642;
     };
     loader = {
       efi = {
@@ -36,31 +64,41 @@
         efiSupport = true;
         useOSProber = true;
         enableCryptodisk = true;
-        extraEntries = ''
-          menuentry "Fedora" {
-            set root=(hd1,1)
-            chainloader /EFI/fedora/grub.efi
-          }
-        '';
       };
     };
-    initrd.luks.devices.nvme = {
-      device = "/dev/disk/by-uuid/e9618e85-a631-4374-b2a4-22c376d6e41b";
+    initrd = {
+      verbose = false;
+      secrets."/keyfile" = /etc/keyfile;
+      availableKernelModules = [
+        "xhci_pci"
+        "ahci"
+        "usbhid"
+        "nvme"
+        "usb_storage"
+        "sd_mod"
+      ];
+      luks.devices.nvme = {
+        device = getUUID "e9618e85-a631-4374-b2a4-22c376d6e41b";
+        keyFile = "/keyfile";
         preLVM = true;
       };
-    initrd.availableKernelModules =
-      [ "xhci_pci" "ahci" "usbhid" "nvme" "usb_storage" "sd_mod" ];
     };
-  fileSystems = let
-    nfsMount = (server: nfsDisk: {
+  };
+  fileSystems =
+    let
+      nfsMount = server: nfsDisk: {
         device = "${server}:/${nfsDisk}";
         fsType = "nfs";
-      options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
-    });
-    btrfsMount = subvol: {
-      device = "/dev/mapper/nvme";
-      fsType = "btrfs";
         options = [
+          "x-systemd.automount"
+          "noauto"
+          "x-systemd.idle-timeout=600"
+        ];
+      };
+      btrfsMount = device: subvol: extraOpts: {
+        inherit device;
+        fsType = "btrfs";
+        options = extraOpts ++ [
           "subvol=${subvol}"
           "ssd"
           "compress=lzo"
@@ -68,28 +106,32 @@
           "space_cache=v2"
           "commit=120"
           "datacow"
-      ] ++ (if subvol == "nixos" then [ "noatime" ] else [ ]);
+        ];
       };
-  in {
-    "/" = btrfsMount "nixos" // { };
-    "/home" = btrfsMount "home" // { };
-    "/mnt/games" = btrfsMount "games" // { };
-    "/mnt/miniserver/pool" = nfsMount "miniserver" "pool" // { };
-    "/mnt/miniserver/jawz" = nfsMount "miniserver" "jawz" // { };
-    # "/mnt/server/pool" = nfsMount "server" "pool" // { };
-    # "/mnt/server/jawz" = nfsMount "server" "jawz" // { };
-    # "/mnt/server/btrfs" = nfsMount "server" "btrfs" // { };
+      trashOptions = [
+        "x-gvfs-trash"
+        "x-gvfs-show"
+      ];
+    in
+    {
+      "/" = btrfsMount (getMapper "nvme") "nixos" [ "noatime" ];
+      "/home" = btrfsMount (getMapper "nvme") "home" [ ];
+      "/srv/games" = btrfsMount (getMapper "nvme") "games" trashOptions;
+      "/srv/ai" = btrfsMount (getUUID "ca1671e1-e201-4960-ad30-593393f970fb") "ai" trashOptions;
+      "/srv/pool" = nfsMount "server" "pool";
+      "/srv/server_home" = nfsMount "server" "jawz";
+      "/srv/backups" = nfsMount "server" "backups";
       "/boot" = {
-      device = "/dev/disk/by-uuid/ac6d349a-96b9-499e-9009-229efd7743a5";
+        device = getUUID "ac6d349a-96b9-499e-9009-229efd7743a5";
         fsType = "ext4";
       };
       "/boot/efi" = {
-      device = "/dev/disk/by-uuid/B05D-B5FB";
+        device = getUUID "B05D-B5FB";
         fsType = "vfat";
       };
-
     };
-  swapDevices = [{
+  swapDevices = [
+    {
       device = "/dev/disk/by-partuuid/c1bd22d7-e62c-440a-88d1-6464be1aa1b0";
       randomEncryption = {
         enable = true;
@@ -97,5 +139,6 @@
         keySize = 512;
         sectorSize = 4096;
       };
-  }];
+    }
+  ];
 }

hosts/workstation/toggles.nix

@@ -0,0 +1,47 @@
+{ inputs }:
+let
+  inherit (inputs.self.lib) mkEnabled enableList;
+in
+{
+  stylix.enable = true;
+  emacs.enable = true;
+  enableContainers = true;
+  servers.drpp.enable = true;
+  apps = enableList mkEnabled [
+    "art"
+    "dictionaries"
+    "fonts"
+    "gaming"
+    "switch"
+    "internet"
+    "multimedia"
+    "office"
+    "misc"
+  ];
+  dev = enableList mkEnabled [
+    "nix"
+    "python"
+    "sh"
+  ];
+  shell = enableList mkEnabled [
+    "exercism"
+    "multimedia"
+    "tools"
+  ];
+  services = enableList mkEnabled [
+    "network"
+    "nvidia"
+    "printing"
+    "sound"
+    "syncthing"
+  ];
+  scripts = enableList mkEnabled [
+    "tasks"
+    "run"
+    "split-dir"
+    "download"
+    "ffmpreg"
+    "ffmpeg4discord"
+    "update-org-agenda-cache"
+  ];
+}

jawz.nix

@@ -1,41 +0,0 @@
-{ config, ... }: {
-  sops.secrets = let
-    keyConfig = file: {
-      sopsFile = ./secrets/keys.yaml;
-      owner = config.users.users.jawz.name;
-      inherit (config.users.users.jawz) group;
-      path = "/home/jawz/.ssh/${file}";
-    };
-  in {
-    jawz-password.neededForUsers = true;
-    "private_keys/age" = keyConfig "ed25519_age";
-    "public_keys/age" = keyConfig "ed25519_age.pub";
-    "private_keys/${config.networking.hostName}" =
-      keyConfig "ed25519_${config.networking.hostName}";
-    "git_private_keys/${config.networking.hostName}" = keyConfig "ed25519_git";
-  };
-  users.users.jawz = {
-    linger = true;
-    isNormalUser = true;
-    hashedPasswordFile = config.sops.secrets.jawz-password.path;
-    extraGroups = [
-      "wheel"
-      "networkmanager"
-      "scanner"
-      "lp"
-      "piracy"
-      "kavita"
-      "video"
-      "docker"
-      "libvirt"
-      "rslsync"
-    ];
-    openssh.authorizedKeys.keys = [
-      (builtins.readFile ./secrets/ssh/ed25519_deacero.pub)
-      (builtins.readFile ./secrets/ssh/ed25519_workstation.pub)
-      (builtins.readFile ./secrets/ssh/ed25519_server.pub)
-      (builtins.readFile ./secrets/ssh/ed25519_miniserver.pub)
-      (builtins.readFile ./secrets/ssh/ed25519_galaxy.pub)
-    ];
-  };
-}

modules/apps.nix

@@ -1,25 +0,0 @@
-{ lib, ... }: {
-  imports = [
-    ./apps/art.nix
-    ./apps/dictionaries.nix
-    ./apps/fonts.nix
-    ./apps/gaming.nix
-    ./apps/internet.nix
-    ./apps/multimedia.nix
-    ./apps/office.nix
-    ./apps/misc.nix
-  ];
-  my = {
-    dev.gameDev.enable = lib.mkDefault false;
-    apps = {
-      art.enable = lib.mkDefault false;
-      dictionaries.enable = lib.mkDefault false;
-      fonts.enable = lib.mkDefault false;
-      gaming.enable = lib.mkDefault false;
-      internet.enable = lib.mkDefault false;
-      multimedia.enable = lib.mkDefault false;
-      office.enable = lib.mkDefault false;
-      misc.enable = lib.mkDefault false;
-    };
-  };
-}

modules/apps/art.nix

@@ -1,25 +1,43 @@
-{ config, lib, pkgs, ... }: {
-  options.my = {
-    apps.art.enable = lib.mkEnableOption "enable";
-    dev.gameDev.enable = lib.mkEnableOption "enable";
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  # Patch to libpng so that big brushes can be loaded
+  patched-krita = pkgs.replaceDependency {
+    drv = pkgs.krita;
+    oldDependency = pkgs.libpng;
+    newDependency = pkgs.libpng.overrideAttrs (old: {
+      patches = (old.patches or [ ]) ++ [ ../../patches/libpng.patch ];
+    });
   };
-  config = lib.mkIf config.my.apps.art.enable {
-    users.users.jawz.packages = (with pkgs; [
+  attrValuesIf = cond: attrs: if cond then builtins.attrValues attrs else [ ];
+  artPackages = attrValuesIf config.my.apps.art.enable {
+    inherit patched-krita; # art to your heart desire!
+    inherit (pkgs)
+      eyedropper # color picker
+      emulsion-palette # self explanatory
       gimp # the coolest bestest art program to never exist
-      krita # art to your heart desire!
       mypaint # not the best art program
       mypaint-brushes # but it's got some
       mypaint-brushes1 # nice damn brushes
-      pureref # create inspiration/reference boards
       blender # cgi animation and sculpting
-      # drawpile # arty party with friends!!
-    ]) ++ (if config.my.dev.gameDev.enable then
-      with pkgs;
-      [
-        godot_4 # game development
-        # gdtoolkit # gdscript language server
-      ]
-    else
-      [ ]);
+      pureref # create inspiration/reference boards
+      ;
   };
+  gameDevPackages = attrValuesIf config.my.dev.gameDev.enable {
+    inherit (pkgs)
+      godot_4 # game development
+      gdtoolkit_4 # gdscript language server
+      ;
+  };
+in
+{
+  options.my = {
+    apps.art.enable = lib.mkEnableOption "digital art and creative applications";
+    dev.gameDev.enable = lib.mkEnableOption "game development tools and engines";
+  };
+  config.users.users.jawz.packages = artPackages ++ gameDevPackages;
 }

modules/apps/dictionaries.nix

@@ -1,11 +1,21 @@
-{ config, lib, pkgs, ... }: {
-  options.my.apps.dictionaries.enable = lib.mkEnableOption "enable";
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  options.my.apps.dictionaries.enable = lib.mkEnableOption "dictionaries and language tools";
   config = lib.mkIf config.my.apps.dictionaries.enable {
-    users.users.jawz.packages = with pkgs; [
+    users.users.jawz.packages = builtins.attrValues {
+      inherit (pkgs)
         hunspell
-      hunspellDicts.it_IT
-      hunspellDicts.es_MX
-      hunspellDicts.en_CA-large
-    ];
+        ;
+      inherit (pkgs.hunspellDicts)
+        it_IT
+        es_MX
+        en_CA-large
+        ;
+    };
   };
 }

modules/apps/fonts.nix

@@ -1,6 +1,44 @@
-{ config, lib, pkgs, ... }: {
-  options.my.apps.fonts.enable = lib.mkEnableOption "enable";
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}:
+let
+  customFonts = pkgs.stdenvNoCC.mkDerivation {
+    name = "custom-fonts";
+    src = inputs.fonts;
+    installPhase = ''
+      mkdir -p $out/share/fonts
+      find $src -type f \( \
+        -name "*.ttf" -o \
+        -name "*.otf" -o \
+        -name "*.woff" -o \
+        -name "*.woff2" \
+      \) -exec cp {} $out/share/fonts/ \;
+    '';
+  };
+in
+{
+  options.my.apps.fonts.enable = lib.mkEnableOption "additional fonts and typography";
   config = lib.mkIf config.my.apps.fonts.enable {
-    users.users.jawz.packages = with pkgs; [ nerdfonts symbola ];
+    nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "corefonts" ];
+    fonts.packages = builtins.attrValues {
+      inherit customFonts;
+      inherit (pkgs)
+        symbola
+        comic-neue
+        cascadia-code
+        corefonts
+        ;
+      inherit (pkgs.nerd-fonts)
+        caskaydia-cove
+        open-dyslexic
+        comic-shanns-mono
+        iosevka
+        agave
+        ;
+    };
   };
 }

modules/apps/gaming.nix

@@ -1,7 +1,38 @@
-{ config, lib, pkgs, inputs, ... }: {
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  retroarchWithCores = pkgs.retroarch.withCores (
+    cores:
+    builtins.attrValues {
+      inherit (cores)
+        mgba # gba
+        pcsx2 # ps2
+        dolphin # wii / gamecube
+        snes9x2010 # snes
+        desmume # nintendo ds
+        citra # 3ds
+        ;
+    }
+  );
+in
+{
   imports = [ inputs.nix-gaming.nixosModules.platformOptimizations ];
-  options.my.apps.gaming.enable = lib.mkEnableOption "enable";
+  options.my.apps = {
+    gaming.enable = lib.mkEnableOption "gaming applications and emulators";
+    switch.enable = lib.mkEnableOption "Nintendo Switch homebrew tools";
+  };
   config = lib.mkIf config.my.apps.gaming.enable {
+    # sops.secrets.switch-presence = lib.mkIf config.my.apps.gaming.switch.enable {
+    #   sopsFile = ../../secrets/env.yaml;
+    #   format = "dotenv";
+    #   owner = config.users.users.jawz.name;
+    #   inherit (config.users.users.jawz) group;
+    # };
     programs = {
       gamemode.enable = true;
       steam = {
@@ -12,11 +43,16 @@
         platformOptimizations.enable = true;
       };
     };
-    users.users.jawz.packages = let
-      polymc = pkgs.callPackage ../../pkgs/polymc/default.nix { };
-      citra-nightly =
-        pkgs.callPackage ../../pkgs/citra/default.nix { branch = "nightly"; };
-    in (with pkgs; [
+    services = lib.mkIf config.my.apps.switch.enable {
+      switch-boot.enable = true;
+      # switch-presence = {
+      #   enable = true;
+      #   environmentFile = config.sops.secrets.switch-presence.path;
+      # };
+    };
+    users.users.jawz.packages = builtins.attrValues {
+      inherit retroarchWithCores;
+      inherit (pkgs)
         shipwright # zelda OoT port
         mangohud # fps & stats overlay
         lutris # games launcher & emulator hub
@@ -24,20 +60,13 @@
         gamemode # optimizes linux to have better gaming performance
         heroic # install epic games
         protonup-qt # update proton-ge
-      # minecraft # minecraft official launcher
         ns-usbloader # load games into my switch
-      grapejuice # roblox manager
-
         # emulators
-      rpcs3 # ps3 emulator
-      pcsx2 # ps2 emulator
-      cemu # wii u emulator
-      dolphin-emu # wii emulator
-      snes9x-gtk # snes emulator
-      ryujinx # switch emulator
-    ]) ++ [
-      citra-nightly # 3Ds emulator
-      polymc # minecraft launcher with mod support
-    ];
+        rpcs3 # ps3
+        cemu # wii u
+        ryubing # switch
+        prismlauncher # minecraft launcher with jdk overlays
+        ;
+    };
   };
 }

modules/apps/internet.nix

@@ -1,30 +1,55 @@
-{ config, lib, pkgs, ... }: {
-  options.my.apps.internet.enable = lib.mkEnableOption "enable";
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  krisp-patcher =
+    pkgs.writers.writePython3Bin "krisp-patcher"
+      {
+        libraries = builtins.attrValues {
+          inherit (pkgs.python3Packages)
+            capstone
+            pyelftools
+            ;
+        };
+        flakeIgnore = [
+          "E501" # line too long (82 > 79 characters)
+          "F403" # 'from module import *' used; unable to detect undefined names
+          "F405" # name may be undefined, or defined from star imports: module
+        ];
+      }
+      (
+        builtins.readFile (
+          pkgs.fetchurl {
+            url = "https://pastebin.com/raw/8tQDsMVd";
+            sha256 = "sha256-IdXv0MfRG1/1pAAwHLS2+1NESFEz2uXrbSdvU9OvdJ8=";
+          }
+        )
+      );
+in
+{
+  options.my.apps.internet.enable = lib.mkEnableOption "internet browsers and communication apps";
   config = lib.mkIf config.my.apps.internet.enable {
-    programs = {
-      geary.enable = true;
-      firefox = {
-        enable = true;
-        languagePacks = [ "en-CA" "es-MX" "it" ];
-      };
-    };
-    services.psd.enable = true;
-    users.users.jawz.packages =
-      let vdhcoapp = pkgs.callPackage ../../pkgs/vdhcoapp/default.nix { };
-      in (with pkgs; [
-        # gpt4all
+    home-manager.users.jawz.programs.librewolf = import ./librewolf.nix;
+    programs.geary.enable = true;
+    users.users.jawz.packages = builtins.attrValues {
+      # inherit (inputs.zen-browser.packages.x86_64-linux) twilight;
+      inherit krisp-patcher;
+      inherit (pkgs)
+        # thunderbird # email client
+        warp # transfer files with based ppl
         nextcloud-client # self-hosted google-drive alternative
         fragments # beautiful torrent client
-        protonmail-bridge # bridge for protonmail
         tor-browser-bundle-bin # dark web, so dark!
-        chromium # web browser with spyware included
         telegram-desktop # furry chat
         nicotine-plus # remember Ares?
-        vesktop # screen share with audio discord
         discord # :3
-        # hugo # website engine
-      ]) ++ [
         vdhcoapp # video download helper assistant
-      ];
+        nextcloud-talk-desktop # nextcloud talk client
+        fractal # matrix client
+        ;
+    };
   };
 }

modules/apps/librewolf.nix

@@ -0,0 +1,100 @@
+{
+  enable = true;
+  languagePacks = [
+    "en-CA"
+    "es-MX"
+    "it"
+  ];
+  policies.DisabledFirefoxAccounts = false;
+  profiles.jawz = {
+    containersForce = true;
+    containers = {
+      Private = {
+        id = 1;
+        icon = "chill";
+        color = "purple";
+      };
+      Work = {
+        id = 2;
+        icon = "briefcase";
+        color = "orange";
+      };
+      Banking = {
+        id = 3;
+        icon = "dollar";
+        color = "green";
+      };
+    };
+    id = 0;
+    name = "jawz";
+    path = "jawz";
+    settings = {
+      # Enable custom userChrome.css (for GNOME theme)
+      "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
+      # Enables Firefox GNOME Theme SVG icons
+      "svg.context-properties.content.enabled" = true;
+      # GNOME theme refinements
+      "gnomeTheme.hideSingleTab" = true;
+      "gnomeTheme.bookmarksToolbarUnderTabs" = true;
+      "gnomeTheme.allTabsButtonOnOverflow" = true;
+      # Normal UI density
+      "browser.uidensity" = 0;
+      "browser.toolbars.bookmarks.visibility" = "never";
+      "general.autoScroll" = true;
+      # Tabs
+      "browser.sessionstore.resume_from_crash" = true;
+      "browser.sessionstore.max_tabs_undo" = 50;
+      "browser.startup.page" = 3;
+      # DRM
+      "media.eme.enabled" = true;
+      # Prevents private windows from using dark theme
+      "browser.theme.dark-private-windows" = false;
+      # Enables rounded corners on the main window
+      "widget.gtk.rounded-bottom-corners.enabled" = true;
+      # General privacy & fingerprinting
+      "privacy.sanitize.sanitizeOnShutdown" = false;
+      "privacy.clearOnShutdown_v2.browsingHistoryAndDownloads" = false;
+      "privacy.resistFingerprinting" = false; # You explicitly disabled this
+      "privacy.fingerprintingProtection" = true;
+      "privacy.query_stripping.enabled" = true;
+      "privacy.query_stripping.enabled.pbmode" = true;
+      "privacy.trackingprotection.enabled" = true;
+      "privacy.trackingprotection.socialtracking.enabled" = true;
+      "privacy.trackingprotection.emailtracking.enabled" = true;
+      "privacy.bounceTrackingProtection.mode" = 1;
+      "privacy.clearSiteData.cookiesAndStorage" = false;
+      "privacy.clearSiteData.historyFormDataAndDownloads" = true;
+      # Do Not Track
+      "privacy.donottrackheader.enabled" = true;
+      # GPC (Global Privacy Control)
+      "privacy.globalprivacycontrol.was_ever_enabled" = true;
+      # DNS-over-HTTPS (LibreDNS with adblock)
+      "network.trr.mode" = 2;
+      "network.trr.uri" = "https://doh.libredns.gr/noads";
+      # Prevent predictive browsing
+      "network.prefetch-next" = false;
+      "network.predictor.enabled" = false;
+      "network.http.speculative-parallel-limit" = 0;
+      # Referrer sanitization
+      "network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation" = true;
+      # Partitioning and isolation
+      "network.cookie.cookieBehavior.optInPartitioning" = true;
+      # HTTPS-only
+      "dom.security.https_only_mode_ever_enabled" = true;
+      # Disable captive portal checks
+      "network.captive-portal-service.enabled" = false;
+      "network.connectivity-service.enabled" = false;
+      # Permissions tightening
+      "permissions.delegation.enabled" = false;
+      # Disable safe browsing remote lookups (relies on Google)
+      "browser.safebrowsing.downloads.remote.enabled" = false;
+      "browser.safebrowsing.downloads.remote.block_potentially_unwanted" = false;
+      "browser.safebrowsing.downloads.remote.block_uncommon" = false;
+      # Enable anti-cookie tracking + purge trackers
+      "privacy.annotate_channels.strict_list.enabled" = true;
+      # Enable Multi-Account Containers
+      "privacy.userContext.enabled" = true;
+      "privacy.userContext.ui.enabled" = true;
+    };
+  };
+}

modules/apps/misc.nix

@@ -1,14 +1,19 @@
-{ config, lib, pkgs, ... }: {
-  options.my.apps.misc.enable = lib.mkEnableOption "enable";
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  options.my.apps.misc.enable = lib.mkEnableOption "miscellaneous desktop applications";
   config = lib.mkIf config.my.apps.misc.enable {
-    users.users.jawz.packages = with pkgs; [
-      # celeste # sync tool for any cloud provider
-      # czkawka # duplicate finder
-      # sequeler # friendly SQL client
+    users.users.jawz.packages = builtins.attrValues {
+      inherit (pkgs)
         blanket # background noise
         metadata-cleaner # remove any metadata and geolocation from files
         pika-backup # backups
         gnome-obfuscate # censor private information
-    ];
+        ;
+    };
   };
 }

modules/apps/multimedia.nix

@@ -1,20 +1,23 @@
-{ config, lib, pkgs, ... }: {
-  options.my.apps.multimedia.enable = lib.mkEnableOption "enable";
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  options.my.apps.multimedia.enable = lib.mkEnableOption "multimedia applications and media players";
   config = lib.mkIf config.my.apps.multimedia.enable {
-    users.users.jawz.packages = with pkgs; [
-      fooyin # foobar inspired music player
-      pitivi # video editor
+    users.users.jawz.packages = builtins.attrValues {
+      inherit (pkgs)
+        recordbox # libadwaita music player
         celluloid # video player
         curtail # image compressor
         easyeffects # equalizer
-      handbrake # video converter, may be unnecessary
         identity # compare images or videos
         mousai # poor man shazam
         shortwave # listen to world radio
         tagger # tag music files
-      # cozy # audiobooks player
-      # gnome-podcasts # podcast player
-      # hakuneko # manga & comic GUI downloader
-    ];
+        ;
+    };
   };
 }

modules/apps/music.nix

@@ -0,0 +1,18 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  options.my.apps.piano.enable = lib.mkEnableOption "piano learning and music theory apps";
+  config = lib.mkIf config.my.apps.piano.enable {
+    users.users.jawz.packages = builtins.attrValues {
+      inherit (pkgs)
+        neothesia
+        linthesia
+        timidity
+        ;
+    };
+  };
+}

modules/apps/office.nix

@@ -1,16 +1,22 @@
-{ config, lib, pkgs, ... }: {
-  options.my.apps.office.enable = lib.mkEnableOption "enable";
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  options.my.apps.office.enable = lib.mkEnableOption "office applications and productivity tools";
   config = lib.mkIf config.my.apps.office.enable {
     environment.variables.CALIBRE_USE_SYSTEM_THEME = "1";
-    users.users.jawz.packages = with pkgs; [
-      libreoffice # office, but based
+    users.users.jawz.packages = builtins.attrValues {
+      inherit (pkgs)
+        jre17_minimal # for libreoffice extensions
+        libreoffice # office, but based & european
         calibre # ugly af eBook library manager
         newsflash # feed reader, syncs with nextcloud
         furtherance # I packaged this one tehee track time utility
-      planify # let's pretend I will organize my tasks
-      # foliate # gtk eBook reader
-      # wike # gtk wikipedia wow!
-      # denaro # manage your finances
-    ];
+        # planify # let's pretend I will organize my tasks
+        ;
+    };
   };
 }

modules/dev.nix

@@ -1,20 +0,0 @@
-{ lib, ... }: {
-  imports = [
-    ./dev/sh.nix
-    ./dev/nix.nix
-    ./dev/docker.nix
-    ./dev/python.nix
-    ./dev/haskell.nix
-    ./dev/javascript.nix
-    ./emacs.nix
-  ];
-  my.emacs.enable = lib.mkDefault false;
-  my.dev = {
-    sh.enable = lib.mkDefault false;
-    nix.enable = lib.mkDefault false;
-    docker.enable = lib.mkDefault false;
-    python.enable = lib.mkDefault false;
-    haskell.enable = lib.mkDefault false;
-    javascript.enable = lib.mkDefault false;
-  };
-}

modules/dev/cc.nix

@@ -0,0 +1,36 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  packages = builtins.attrValues {
+    inherit (pkgs)
+      clang # C/C++ compiler frontend (part of LLVM)
+      clang-tools # Extra LLVM tools (e.g. clang-tidy, clang-apply-replacements)
+      gcc # GNU Compiler Collection (C, C++, etc.)
+      gdb # GNU Debugger
+      valgrind # Memory leak detector and performance profiler
+      ;
+  };
+in
+{
+  options = {
+    my.dev.cc.enable = lib.mkEnableOption "Install C/C++ tooling globally";
+    devShells.cc = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.mkShell {
+        inherit packages;
+        name = "cc-dev-shell";
+        shellHook = ''
+          echo "🔧 C/C++ dev environment"
+        '';
+      };
+      description = "C/C++ development shell";
+    };
+  };
+  config = lib.mkIf config.my.dev.cc.enable {
+    users.users.jawz = { inherit packages; };
+  };
+}

modules/dev/docker.nix

@@ -1,10 +1,38 @@
-{ config, lib, pkgs, ... }: {
-  options.my.dev.docker.enable = lib.mkEnableOption "enable";
-  config = lib.mkIf config.my.dev.docker.enable {
-    environment.variables.DOCKER_CONFIG = "\${XDG_CONFIG_HOME}/docker";
-    users.users.jawz.packages = with pkgs; [
-      dockfmt
-      nodePackages.dockerfile-language-server-nodejs
-    ];
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  packages = builtins.attrValues {
+    inherit (pkgs) dockfmt; # Format Dockerfiles
+    inherit (pkgs.nodePackages)
+      dockerfile-language-server-nodejs # LSP for Dockerfiles
+      ;
   };
+in
+{
+  options = {
+    my.dev.docker.enable = lib.mkEnableOption "Install Docker tooling globally";
+    devShells.docker = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.mkShell {
+        inherit packages;
+        name = "docker-dev-shell";
+        shellHook = ''
+          echo "🐳 Docker dev environment"
+        '';
+      };
+      description = "Docker and Dockerfile tooling shell";
+    };
+  };
+  config = lib.mkMerge [
+    (lib.mkIf config.my.dev.docker.enable {
+      users.users.jawz = { inherit packages; };
+    })
+    {
+      environment.variables.DOCKER_CONFIG = "\${XDG_CONFIG_HOME}/docker";
+    }
+  ];
 }

modules/dev/emacs.nix

@@ -0,0 +1,76 @@
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  options.my.emacs.enable = lib.mkEnableOption "Doom Emacs configuration";
+  config = lib.mkIf config.my.emacs.enable {
+    home-manager.users.jawz = {
+      xdg.dataFile = {
+        "doom/templates/events.org".source = ../../dotfiles/doom/templates/events.org;
+        "doom/templates/default.org".source = ../../dotfiles/doom/templates/default.org;
+        "doom/templates/programming.org".source = ../../dotfiles/doom/templates/programming.org;
+      };
+      services.lorri.enable = true;
+      programs.${config.my.shell.type}.shellAliases =
+        inputs.self.lib.mergeAliases inputs.self.lib.commonAliases
+          {
+            edit = "emacsclient -t";
+            e = "edit";
+          };
+    };
+    users.users.jawz.packages = builtins.attrValues {
+      inherit (pkgs.xorg) xwininfo;
+      inherit (pkgs)
+        #emacs everywhere
+        xdotool
+        xclip
+        wl-clipboard-rs
+        fd # modern find, faster searches
+        fzf # fuzzy finder! super cool and useful
+        ripgrep # modern grep
+        tree-sitter # code parsing based on symbols and shit, I do not get it
+        graphviz # graphs
+        tetex # export pdf
+        languagetool # proofreader for English
+        # lsps
+        yaml-language-server
+        markdownlint-cli
+        ;
+      inherit (pkgs.nodePackages)
+        vscode-json-languageserver
+        prettier # multi-language linter
+        ;
+    };
+    services.emacs = {
+      enable = true;
+      defaultEditor = true;
+      package = pkgs.emacsWithDoom {
+        doomDir = ../../dotfiles/doom;
+        doomLocalDir = "/home/jawz/.local/share/nix-doom";
+        tangleArgs = "--all config.org";
+        extraPackages =
+          epkgs:
+          let
+            inherit (config.home-manager.users.jawz.programs.emacs)
+              extraPackages
+              extraConfig
+              ;
+            extra = extraPackages epkgs;
+            themes = lib.optional config.my.stylix.enable [
+              (epkgs.trivialBuild {
+                pname = "stylix-theme";
+                src = pkgs.writeText "stylix-theme.el" extraConfig;
+                version = "0.1.0";
+                packageRequires = extra;
+              })
+            ];
+          in
+          extra ++ themes;
+      };
+    };
+  };
+}

modules/dev/go.nix

@@ -0,0 +1,44 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  packages = builtins.attrValues {
+    inherit (pkgs)
+      go # Go compiler and core toolchain
+      gocode-gomod # Code completion for Go (modern fork of gocode)
+      gotools # Contains godoc, gorename, goimports, etc.
+      gore # Go REPL
+      gotests # Generate Go tests from function signatures
+      gomodifytags # Struct tag manipulation
+      golangci-lint # Linter aggregation
+      ;
+  };
+  GOPATH = "\${XDG_DATA_HOME}/go";
+in
+{
+  options = {
+    my.dev.go.enable = lib.mkEnableOption "Install Go tooling globally";
+    devShells.go = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.mkShell {
+        inherit packages GOPATH;
+        name = "go-dev-shell";
+        shellHook = ''
+          echo "🐹 Go dev environment"
+        '';
+      };
+      description = "Go development shell with Emacs tooling, REPL, formatter, and linter";
+    };
+  };
+  config = lib.mkMerge [
+    {
+      environment.variables = { inherit GOPATH; };
+    }
+    (lib.mkIf config.my.dev.go.enable {
+      users.users.jawz = { inherit packages; };
+    })
+  ];
+}

modules/dev/haskell.nix

@@ -1,14 +1,46 @@
-{ config, lib, pkgs, ... }: {
-  options.my.dev.haskell.enable = lib.mkEnableOption "enable";
-  config = lib.mkIf config.my.dev.haskell.enable {
-    users.users.jawz.packages = with pkgs; [
-      ghc # compiler
-      haskell-language-server # lsp
-    ];
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  packages = builtins.attrValues {
+    inherit (pkgs)
+      haskell-language-server # LSP server for Haskell
+      cabal-install # Standard Haskell build tool
+      hlint # Linter for Haskell source code
+      ;
+    inherit (pkgs.haskellPackages)
+      hoogle # Haskell API search engine
+      ;
+  };
+in
+{
+  options = {
+    my.dev.haskell.enable = lib.mkEnableOption "Install Haskell tooling globally";
+    devShells.haskell = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.mkShell {
+        inherit packages;
+        name = "haskell-dev-shell";
+        shellHook = ''
+          echo "λ Haskell dev environment"
+        '';
+      };
+      description = "Haskell development shell";
+    };
+  };
+  config = lib.mkMerge [
+    (lib.mkIf config.my.dev.haskell.enable {
+      users.users.jawz = { inherit packages; };
+    })
+    {
       environment.variables = {
         CABAL_DIR = "\${XDG_CACHE_HOME}/cabal";
         STACK_ROOT = "\${XDG_DATA_HOME}/stack";
         GHCUP_USE_XDG_DIRS = "true";
       };
-  };
+    }
+  ];
 }

modules/dev/javascript.nix

@@ -1,16 +1,50 @@
-{ config, lib, pkgs, ... }: {
-  options.my.dev.javascript.enable = lib.mkEnableOption "enable";
-  config = lib.mkIf config.my.dev.javascript.enable {
-    home-manager.users.jawz.xdg.configFile = {
-      "npm/npmrc".source = ../../dotfiles/npm/npmrc;
-      "configstore/update-notifier-npm-check.json".source =
-        ../../dotfiles/npm/update-notifier-npm-check.json;
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  packages = builtins.attrValues {
+    inherit (pkgs) nodejs; # Node.js runtime
+    inherit (pkgs.nodePackages) pnpm; # Fast package manager alternative to npm
+  };
+in
+{
+  options = {
+    my.dev.javascript.enable = lib.mkEnableOption "Install JavaScript tooling globally";
+    devShells.javascript = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.mkShell {
+        inherit packages;
+        name = "javascript-dev-shell";
+        shellHook = ''
+          echo "📦 JavaScript dev environment"
+        '';
+      };
+      description = "JavaScript/Node development shell with npm/pnpm support";
+    };
+  };
+  config = lib.mkMerge [
+    (lib.mkIf config.my.dev.javascript.enable {
+      users.users.jawz = { inherit packages; };
+    })
+    {
+      home-manager.users.jawz.xdg.configFile = {
+        "npm/npmrc".source = ../../dotfiles/npmrc;
+        "configstore/update-notifier-npm-check.json".text = builtins.toJSON {
+          optOut = false;
+          lastUpdateCheck = 1646662583446;
+        };
       };
-    users.users.jawz.packages = with pkgs; [ nodejs nodePackages.pnpm ];
       environment.variables = {
         NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
         PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
-      PATH = [ "\${XDG_DATA_HOME}/npm/bin" "\${XDG_DATA_HOME}/pnpm" ];
-    };
+        PATH = [
+          "\${XDG_DATA_HOME}/npm/bin"
+          "\${XDG_DATA_HOME}/pnpm"
+        ];
       };
+    }
+  ];
 }

modules/dev/julia.nix

@@ -0,0 +1,30 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  packages = builtins.attrValues {
+    inherit (pkgs) julia; # High-performance dynamic language for technical computing
+  };
+in
+{
+  options = {
+    my.dev.julia.enable = lib.mkEnableOption "Install Julia globally";
+    devShells.julia = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.mkShell {
+        inherit packages;
+        name = "julia-dev-shell";
+        shellHook = ''
+          echo "🔬 Julia dev environment"
+        '';
+      };
+      description = "Julia development shell";
+    };
+  };
+  config = lib.mkIf config.my.dev.julia.enable {
+    users.users.jawz = { inherit packages; };
+  };
+}

modules/dev/nix.nix

@@ -1,11 +1,47 @@
-{ config, lib, pkgs, ... }: {
-  options.my.dev.nix.enable = lib.mkEnableOption "enable";
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  shellType = config.my.shell.type;
+  packages = builtins.attrValues {
+    inherit (pkgs)
+      nixfmt-rfc-style # formatting
+      cachix # binary cache management
+      nixd # language server for Nix
+      deadnix # detext unused/uneeded dependencies
+      statix # linter for Nix expressions
+      ;
+  };
+in
+{
+  options = {
+    my.dev.nix.enable = lib.mkEnableOption "Install Nix tooling globally";
+    devShells.nix = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.mkShell {
+        inherit packages;
+        name = "nix-dev-shell";
+        shellHook = ''
+          echo "❄️  Nix dev environment"
+        '';
+      };
+      description = "Nix/NixOS development shell with formatter, linter, LSP, and Cachix";
+    };
+  };
   config = lib.mkIf config.my.dev.nix.enable {
-    users.users.jawz.packages = with pkgs; [
-      nixfmt-classic # linting
-      nixfmt-rfc-style # linting
-      cachix # why spend time compiling?
-      nixd # language server
-    ];
+    users.users.jawz = { inherit packages; };
+    home-manager.users.jawz.programs.${shellType}.shellAliases =
+      inputs.self.lib.mergeAliases inputs.self.lib.commonAliases
+        {
+          nixformat = ''
+            deadnix -e && \
+            nix run nixpkgs#nixfmt-tree && \
+            statix fix
+          '';
+        };
   };
 }

modules/dev/python.nix

@@ -1,25 +1,56 @@
-{ config, lib, pkgs, ... }: {
-  options.my.dev.python.enable = lib.mkEnableOption "enable";
-  config = lib.mkIf config.my.dev.python.enable {
-    home-manager.users.jawz.xdg.configFile."python/pythonrc".source =
-      ../../dotfiles/pythonrc;
-    environment.variables.PYTHONSTARTUP = "\${XDG_CONFIG_HOME}/python/pythonrc";
-    users.users.jawz.packages = with pkgs; [
-      pipenv # python development workflow for humans
-      nodePackages.pyright # LSP
-      (python3.withPackages (ps:
-        with ps; [
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  python = pkgs.python3.withPackages (
+    ps:
+    builtins.attrValues {
+      inherit (ps)
         black # Python code formatter
         editorconfig # follow rules of contributin
         flake8 # wraper for pyflakes, pycodestyle and mccabe
         isort # sort Python imports
         pyflakes # checks source code for errors
         pylint # bug and style checker for python
+        pytest # tests
         speedtest-cli # check internet speed from the comand line
-          # nose # testing and running python scripts
-          # poetry # dependency management made easy
-          # pytest # framework for writing tests
-        ]))
-    ];
+        ;
+    }
+  );
+  packages = builtins.attrValues {
+    inherit python;
+    inherit (pkgs)
+      pipenv # python development workflow for humans
+      pyright # LSP
+      ;
   };
+in
+{
+  options = {
+    my.dev.python.enable = lib.mkEnableOption "Install Python tools globally";
+    devShells.python = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.mkShell {
+        inherit packages;
+        name = "python-dev-shell";
+        shellHook = ''
+          echo "🐍 Python dev environment"
+          which python
+        '';
+        description = "Python development shell";
+      };
+    };
+  };
+  config = lib.mkMerge [
+    (lib.mkIf config.my.dev.python.enable {
+      users.users.jawz = { inherit packages; };
+    })
+    {
+      home-manager.users.jawz.xdg.configFile."python/pythonrc".source = ../../dotfiles/pythonrc;
+      environment.variables.PYTHONSTARTUP = "\${XDG_CONFIG_HOME}/python/pythonrc";
+    }
+  ];
 }

modules/dev/ruby.nix

@@ -0,0 +1,40 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  packages = builtins.attrValues {
+    inherit (pkgs) ruby; # Ruby interpreter
+    inherit (pkgs.rubyPackages) solargraph; # LSP for Ruby
+  };
+in
+{
+  options = {
+    my.dev.ruby.enable = lib.mkEnableOption "Install Ruby tooling globally";
+    devShells.ruby = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.mkShell {
+        inherit packages;
+        name = "ruby-dev-shell";
+        shellHook = ''
+          echo "💎 Ruby dev environment"
+        '';
+      };
+      description = "Ruby development shell with interpreter and Solargraph LSP";
+    };
+  };
+  config = lib.mkMerge [
+    (lib.mkIf config.my.dev.ruby.enable {
+      users.users.jawz = { inherit packages; };
+    })
+    {
+      environment.variables = {
+        GEM_HOME = "\${XDG_DATA_HOME}/ruby/gems";
+        GEM_PATH = "\${XDG_DATA_HOME}/ruby/gems";
+        GEM_SPEC_CACHE = "\${XDG_DATA_HOME}/ruby/specs";
+      };
+    }
+  ];
+}

modules/dev/rust.nix

@@ -0,0 +1,41 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  packages = builtins.attrValues {
+    inherit (pkgs)
+      rustc # Rust compiler
+      cargo # Rust package manager
+      rust-analyzer # Language server for Rust
+      clippy # Linter for Rust
+      rustfmt # Formatter for Rust code
+      ;
+  };
+in
+{
+  options = {
+    my.dev.rust.enable = lib.mkEnableOption "Install Rust tooling globally";
+    devShells.rust = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.mkShell {
+        inherit packages;
+        name = "rust-dev-shell";
+        shellHook = ''
+          echo "🦀 Rust dev environment"
+        '';
+      };
+      description = "Rust development shell with cargo and rust-analyzer";
+    };
+  };
+  config = lib.mkMerge [
+    (lib.mkIf config.my.dev.rust.enable {
+      users.users.jawz = { inherit packages; };
+    })
+    {
+      environment.variables.CARGO_HOME = "\${XDG_DATA_HOME}/cargo";
+    }
+  ];
+}

modules/dev/sh.nix

@@ -1,11 +1,36 @@
-{ config, lib, pkgs, ... }: {
-  options.my.dev.sh.enable = lib.mkEnableOption "enable";
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  packages = builtins.attrValues {
+    inherit (pkgs)
+      bashdb # Debugger and completion support
+      shellcheck # Shell script linter
+      shfmt # Shell parser and formatter
+      ;
+    # LSP for Bash and sh
+    inherit (pkgs.nodePackages) bash-language-server;
+  };
+in
+{
+  options = {
+    my.dev.sh.enable = lib.mkEnableOption "Install shell scripting tools globally";
+    devShells.sh = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.mkShell {
+        inherit packages;
+        name = "sh-dev-shell";
+        shellHook = ''
+          echo "💻 Shell scripting dev environment"
+        '';
+      };
+      description = "Shell scripting dev shell";
+    };
+  };
   config = lib.mkIf config.my.dev.sh.enable {
-    users.users.jawz.packages = with pkgs; [
-      bashdb # autocomplete
-      shellcheck # linting
-      shfmt # a shell parser and formatter
-      nodePackages.bash-language-server # LSP
-    ];
+    users.users.jawz = { inherit packages; };
   };
 }

modules/dev/zig.nix

@@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  packages = builtins.attrValues {
+    inherit (pkgs)
+      zig # Zig compiler and stdlib
+      zls # Language server for Zig
+      ;
+  };
+in
+{
+  options = {
+    my.dev.zig.enable = lib.mkEnableOption "Install Zig tooling globally";
+    devShells.zig = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.mkShell {
+        inherit packages;
+        name = "zig-dev-shell";
+        shellHook = ''
+          echo "🦎 Zig dev environment"
+        '';
+      };
+      description = "Zig development shell with compiler and LSP";
+    };
+  };
+  config = lib.mkIf config.my.dev.zig.enable {
+    users.users.jawz = { inherit packages; };
+  };
+}

modules/emacs.nix

@@ -1,51 +0,0 @@
-{ config, lib, pkgs, ... }: {
-  options.my.emacs.enable = lib.mkEnableOption "enable";
-  config = lib.mkIf config.my.emacs.enable {
-    home-manager.users.jawz = {
-      services.lorri.enable = true;
-      programs.bash = {
-        initExtra = ''
-          emacs-sqlite-fix () {
-            nix-shell -p cmake sqlite --command "doom sync &&
-                sc restart emacs &&
-                emacsclient -e '(org-roam-db-sync)'" &&
-                doom sync
-          }
-        '';
-        shellAliases = {
-          edit = "emacsclient -t";
-          e = "edit";
-        };
-      };
-    };
-    users.users.jawz.packages = (with pkgs; [
-      fd # modern find, faster searches
-      fzf # fuzzy finder! super cool and useful
-      ripgrep # modern grep
-      tree-sitter # code parsing based on symbols and shit, I do not get it
-      graphviz # graphs
-      tetex # export pdf
-      languagetool # proofreader for English
-
-      # doom everywhere
-      xorg.xwininfo
-      xdotool
-      xclip
-
-      # lsps
-      yaml-language-server
-      markdownlint-cli
-    ]) ++ (with pkgs.nodePackages; [
-      vscode-json-languageserver
-      # linters
-      prettier
-    ]);
-    services.emacs = {
-      enable = true;
-      package = with pkgs;
-        ((emacsPackagesFor emacs-gtk).emacsWithPackages
-          (epkgs: with epkgs; [ vterm ]));
-      defaultEditor = true;
-    };
-  };
-}

modules/factories/mkscript.nix

@@ -0,0 +1,80 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  options.my.scripts = lib.mkOption {
+    type = lib.types.attrsOf (
+      lib.types.submodule {
+        options = {
+          enable = lib.mkEnableOption "Whether to enable this script";
+          install = lib.mkEnableOption "Whether to install the script package";
+          service = lib.mkEnableOption "Whether to enable the script service";
+          name = lib.mkOption {
+            type = lib.types.str;
+            description = "Name of the script.";
+          };
+          timer = lib.mkOption {
+            type = lib.types.str;
+            default = "*:0";
+            description = "Systemd timer schedule.";
+          };
+          description = lib.mkOption {
+            type = lib.types.str;
+            description = "Description of the service.";
+          };
+          package = lib.mkOption {
+            type = lib.types.package;
+            description = "Package containing the executable script.";
+          };
+        };
+      }
+    );
+    default = { };
+    description = "Configuration for multiple scripts.";
+  };
+  config = lib.mkIf (lib.any (s: s.enable) (lib.attrValues config.my.scripts)) {
+    users.users.jawz.packages =
+      config.my.scripts
+      |> lib.mapAttrsToList (_name: script: lib.optional (script.enable && script.install) script.package)
+      |> lib.flatten;
+    systemd.user.services =
+      config.my.scripts
+      |> lib.mapAttrs' (
+        _name: script:
+        lib.nameValuePair "${script.name}" (
+          lib.mkIf (script.enable && script.service) {
+            restartIfChanged = true;
+            inherit (script) description;
+            wantedBy = [ "default.target" ];
+            path = [
+              pkgs.nix
+              script.package
+            ];
+            serviceConfig = {
+              Restart = "on-failure";
+              RestartSec = 30;
+              ExecStart = "${script.package}/bin/${script.name}";
+            };
+          }
+        )
+      );
+    systemd.user.timers =
+      config.my.scripts
+      |> lib.mapAttrs' (
+        _name: script:
+        lib.nameValuePair "${script.name}" (
+          lib.mkIf (script.enable && script.service) {
+            enable = true;
+            inherit (script) description;
+            wantedBy = [ "timers.target" ];
+            timerConfig = {
+              OnCalendar = script.timer;
+            };
+          }
+        )
+      );
+  };
+}

modules/factories/mkserver.nix

@@ -0,0 +1,60 @@
+{ lib, config, ... }:
+let
+  mkOptions = name: subdomain: port: {
+    enable = lib.mkEnableOption "this server service";
+    enableCron = lib.mkEnableOption "enable cronjob";
+    enableProxy = lib.mkEnableOption "enable reverse proxy";
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = port;
+    };
+    name = lib.mkOption {
+      type = lib.types.str;
+      default = name;
+    };
+    domain = lib.mkOption {
+      type = lib.types.str;
+      default = config.my.domain;
+    };
+    host = lib.mkOption {
+      type = lib.types.str;
+      default = "${subdomain}.${config.my.servers.${name}.domain}";
+    };
+    hostName = lib.mkOption {
+      type = lib.types.str;
+      default = config.networking.hostName;
+    };
+    url = lib.mkOption {
+      type = lib.types.str;
+      default = "https://${config.my.servers.${name}.host}";
+    };
+    ip = lib.mkOption {
+      type = lib.types.str;
+      default =
+        if config.my.servers."${name}".isLocal then
+          config.my.localhost
+        else
+          config.my.ips."${config.my.servers.${name}.hostName}";
+    };
+    local = lib.mkOption {
+      type = lib.types.str;
+      default = "http://${config.my.servers.${name}.ip}:${toString port}";
+    };
+    isLocal = lib.mkOption {
+      type = lib.types.bool;
+      default = "${config.my.servers.${name}.hostName}" == config.my.mainServer;
+    };
+    enableSocket = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+    };
+    certPath = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+      default = null;
+    };
+  };
+in
+{
+  inherit mkOptions;
+  mkServerOptions = mkOptions;
+}

modules/modules.nix

@@ -0,0 +1,202 @@
+{
+  lib,
+  config,
+  inputs,
+  ...
+}:
+let
+  filterNames = file: file != "librewolf.nix";
+in
+{
+  imports =
+    inputs.self.lib.autoImport ./apps filterNames
+    ++ inputs.self.lib.autoImport ./dev filterNames
+    ++ inputs.self.lib.autoImport ./scripts filterNames
+    ++ inputs.self.lib.autoImport ./servers filterNames
+    ++ inputs.self.lib.autoImport ./services filterNames
+    ++ inputs.self.lib.autoImport ./shell filterNames
+    ++ inputs.self.lib.autoImport ./network filterNames
+    ++ [
+      ./factories/mkscript.nix
+      ./nix/build.nix
+      ./users/nixremote.nix
+    ];
+  options.my = {
+    localhost = lib.mkOption {
+      type = lib.types.str;
+      default = "127.0.0.1";
+      description = "The localhost address.";
+    };
+    localhost6 = lib.mkOption {
+      type = lib.types.str;
+      default = "::1";
+      description = "The localhost ipv6 address.";
+    };
+    secureHost = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Whether this is a secure host that should use SOPS,";
+    };
+    domain = lib.mkOption {
+      type = lib.types.str;
+      default = "lebubu.org";
+      description = "The domain name.";
+    };
+    ips = lib.mkOption {
+      type = lib.types.attrsOf lib.types.str;
+      default = {
+        router = "192.168.100.1";
+        server = "192.168.100.15";
+        miniserver = "192.168.1.100";
+        workstation = "192.168.100.18";
+        vps = "45.79.25.87";
+        wg-vps = "10.77.0.1";
+        wg-server = "10.77.0.2";
+        wg-friend1 = "10.8.0.2";
+        wg-friends = "10.8.0.0";
+      };
+      description = "Set of IP's for all my computers.";
+    };
+    interfaces = lib.mkOption {
+      type = lib.types.attrsOf lib.types.str;
+      default = {
+        server = "enp0s31f6";
+        miniserver = "enp2s0";
+        workstation = "enp5s0";
+      };
+      description = "Set of network interface names for all my computers.";
+    };
+    mainServer = lib.mkOption {
+      type = lib.types.str;
+      default = "miniserver";
+      description = "The hostname of the main server.";
+    };
+    postgresSocket = lib.mkOption {
+      type = lib.types.str;
+      default = "/run/postgresql";
+      description = "The PostgreSQL socket path.";
+    };
+    containerSocket = lib.mkOption {
+      type = lib.types.str;
+      default = "/var/run/docker.sock";
+      description = "The docker/podman socket path.";
+    };
+    containerData = lib.mkOption {
+      type = lib.types.str;
+      default = "/var/lib/docker-configs";
+      description = "The docker/podman socket path.";
+    };
+    smtpemail = lib.mkOption {
+      type = lib.types.str;
+      default = "stunner6399@gmail.com";
+      description = "localhost smtp email";
+    };
+    email = lib.mkOption {
+      type = lib.types.str;
+      default = "danilo.reyes.251@proton.me";
+      description = "localhost smtp email";
+    };
+    timeZone = lib.mkOption {
+      type = lib.types.str;
+      default = "America/Mexico_City";
+      description = "Timezone";
+    };
+    enableContainers = lib.mkEnableOption "container services (Docker/Podman)";
+    enableProxy = lib.mkEnableOption "nginx reverse proxy for services";
+  };
+  config = {
+    assertions =
+      # PostgreSQL dependency assertions
+      inputs.self.lib.mkPostgresDependencies config [
+        {
+          service = "nextcloud";
+          name = "Nextcloud";
+        }
+        {
+          service = "vaultwarden";
+          name = "Vaultwarden";
+        }
+        {
+          service = "firefly-iii";
+          name = "Firefly III";
+        }
+        {
+          service = "mealie";
+          name = "Mealie";
+        }
+        {
+          service = "shiori";
+          name = "Shiori";
+        }
+        {
+          service = "ryot";
+          name = "Ryot";
+        }
+        {
+          service = "synapse";
+          name = "Matrix Synapse";
+        }
+        {
+          service = "gitea";
+          name = "Gitea";
+        }
+      ]
+      ++
+      # Other assertions
+      [
+        {
+          assertion =
+            config.my.enableProxy
+            -> (builtins.any (s: s.enableProxy or false) (builtins.attrValues config.my.servers));
+          message = "enableProxy is true but no services have enableProxy enabled";
+        }
+        {
+          assertion =
+            config.my.enableContainers
+            || !(builtins.any (opt: opt) [
+              config.my.servers.ryot.enable
+              config.my.servers.lidarr.enable
+              config.my.servers.prowlarr.enable
+              config.my.servers.maloja.enable
+              config.my.servers.multi-scrobbler.enable
+              config.my.servers.flame.enable
+              config.my.servers.flameSecret.enable
+              config.my.servers.metube.enable
+              config.my.servers.go-vod.enable
+              config.my.servers.tranga.enable
+              config.my.servers.drpp.enable
+              config.my.servers.plex-discord-bot.enable
+            ]);
+          message = "Container services are enabled but enableContainers is false";
+        }
+      ];
+    virtualisation = {
+      containers.enable = true;
+      oci-containers.backend = "podman";
+      podman = lib.mkIf config.my.enableContainers {
+        enable = true;
+        dockerCompat = true;
+        dockerSocket.enable = true;
+        defaultNetwork.settings.dns_enabled = true;
+        autoPrune = {
+          enable = true;
+          flags = [ "--all" ];
+          dates = "weekly";
+        };
+      };
+    };
+    security.acme = lib.mkIf config.services.nginx.enable {
+      acceptTerms = true;
+      defaults.email = config.my.email;
+    };
+    services.nginx = {
+      enable = config.my.enableProxy;
+      clientMaxBodySize = "4096m";
+      sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+      recommendedTlsSettings = true;
+      recommendedOptimisation = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+    };
+  };
+}

modules/network/firewall.nix

@@ -0,0 +1,52 @@
+{
+  lib,
+  config,
+  inputs,
+  ...
+}:
+let
+  firewallBlacklist = [
+    "sabnzbd"
+    "lidarr"
+    "maloja"
+    "tranga"
+    "flame"
+    "flameSecret"
+    "ryot"
+    "drpp"
+    "metube"
+    "multi-scrobbler"
+    "plex-discord-bot"
+  ];
+  nativeServicesWithOpenFirewall = inputs.self.lib.getServicesWithNativeFirewall config firewallBlacklist;
+  servicesConfig = lib.listToAttrs (
+    map (serviceName: {
+      name = serviceName;
+      value.openFirewall = config.my.servers.${serviceName}.enable or false;
+    }) nativeServicesWithOpenFirewall
+  );
+in
+{
+  options.my.network.firewall = {
+    enabledServicePorts = lib.mkEnableOption "auto-open ports for enabled services";
+    staticPorts = lib.mkOption {
+      type = lib.types.listOf lib.types.int;
+      default = [ ];
+      description = "Static ports to always open";
+    };
+    additionalPorts = lib.mkOption {
+      type = lib.types.listOf lib.types.int;
+      default = [ ];
+      description = "Additional ports to open (like syncthing, gitea, etc.)";
+    };
+  };
+  config = lib.mkIf config.my.network.firewall.enabledServicePorts {
+    services = servicesConfig;
+    networking.firewall.allowedTCPPorts =
+      inputs.self.lib.generateFirewallPorts config nativeServicesWithOpenFirewall lib
+      ++ (lib.optionals config.services.nginx.enable [
+        config.services.nginx.defaultHTTPListenPort
+        config.services.nginx.defaultSSLListenPort
+      ]);
+  };
+}

modules/network/nginx.nix

@@ -0,0 +1,65 @@
+{
+  lib,
+  config,
+  inputs,
+  ...
+}:
+let
+  proxyReverseServices = [
+    "firefox-syncserver"
+    "readeck"
+    "microbin"
+    "ryot"
+    "bazarr"
+    "shiori"
+    "metube"
+    "maloja"
+    "vaultwarden"
+    "mealie"
+    "kavita"
+    "multi-scrobbler"
+    "nix-serve"
+    "flame"
+    "flameSecret"
+  ];
+  proxyReverseFixServices = [
+    "audiobookshelf"
+    "lidarr"
+    "gitea"
+    "prowlarr"
+    "ombi"
+    "radarr"
+    "sonarr"
+    "stash"
+    "atticd"
+  ];
+  proxyReversePrivateServices = [
+    "homepage"
+  ];
+  mkServiceConfig =
+    type: services: lib.listToAttrs (map (name: lib.nameValuePair name { inherit type; }) services);
+  standardProxyServices =
+    (mkServiceConfig "proxyReverse" proxyReverseServices)
+    // (mkServiceConfig "proxyReverseFix" proxyReverseFixServices)
+    // (mkServiceConfig "proxyReversePrivate" proxyReversePrivateServices);
+  generateProxyConfig =
+    serviceName: serviceConfig:
+    let
+      cfg = config.my.servers.${serviceName};
+      proxyFunc =
+        if serviceConfig.type == "proxyReverse" then
+          inputs.self.lib.proxyReverse
+        else if serviceConfig.type == "proxyReverseFix" then
+          inputs.self.lib.proxyReverseFix
+        else if serviceConfig.type == "proxyReversePrivate" then
+          inputs.self.lib.proxyReversePrivate
+        else
+          throw "Unknown proxy type: ${serviceConfig.type}";
+    in
+    lib.nameValuePair cfg.host (lib.mkIf cfg.enableProxy (proxyFunc cfg));
+in
+{
+  config = lib.mkIf config.my.enableProxy {
+    services.nginx.virtualHosts = lib.mapAttrs' generateProxyConfig standardProxyServices;
+  };
+}

modules/nix/build.nix

@@ -0,0 +1,47 @@
+{ lib, config, ... }:
+{
+  options.my.nix = {
+    features = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [
+        "nixos-test"
+        "benchmark"
+        "big-parallel"
+        "kvm"
+        "gccarch-znver3"
+        "gccarch-skylake"
+        "gccarch-alderlake"
+      ];
+      description = "List of supported nix build features for this system";
+    };
+    buildMachines = lib.mkOption {
+      type = lib.types.listOf lib.types.attrs;
+      default = [ ];
+      description = "List of remote build machines configuration";
+    };
+    cores = lib.mkOption {
+      type = lib.types.nullOr lib.types.int;
+      default = null;
+      description = "Number of cores to use for builds (null = auto-detect)";
+    };
+    maxJobs = lib.mkOption {
+      type = lib.types.nullOr lib.types.int;
+      default = null;
+      description = "Maximum number of parallel jobs (null = auto-detect)";
+    };
+  };
+  config = {
+    nix.settings = lib.mkMerge [
+      {
+        system-features = config.my.nix.features;
+      }
+      (lib.mkIf (config.my.nix.cores != null) {
+        inherit (config.my.nix) cores;
+      })
+      (lib.mkIf (config.my.nix.maxJobs != null) {
+        max-jobs = config.my.nix.maxJobs;
+      })
+    ];
+    nix.buildMachines = lib.mkIf (config.my.nix.buildMachines != [ ]) config.my.nix.buildMachines;
+  };
+}

modules/nix/gitea-actions-runners/nixos.nix

@@ -0,0 +1,50 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.my.servers.gitea;
+in
+{
+  config = lib.mkIf (cfg.enable && config.my.secureHost) {
+    users.groups.gitea-runner = { };
+    users.users.gitea-runner = {
+      isSystemUser = true;
+      group = "gitea-runner";
+      extraGroups = [
+        "docker"
+        "podman"
+      ];
+    };
+    nix.settings = {
+      allowed-users = [ "gitea-runner" ];
+      trusted-users = [ "gitea-runner" ];
+    };
+    services.gitea-actions-runner.instances.nixos = {
+      inherit (cfg) url enable;
+      name = "${config.networking.hostName}-nixos";
+      tokenFile = config.sops.secrets.gitea.path;
+      labels = [
+        "nix:host"
+        "nixos:host"
+      ];
+      hostPackages = builtins.attrValues {
+        inherit (pkgs)
+          bash
+          curl
+          coreutils
+          gitMinimal
+          attic-client
+          podman
+          podman-compose
+          nix
+          nodejs
+          openssh
+          python3
+          ;
+      };
+    };
+  };
+}

modules/nix/gitea-actions-runners/ryujinx.nix

@@ -0,0 +1,59 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.my.servers.gitea;
+in
+{
+  config = lib.mkIf (cfg.enable && config.my.secureHost) {
+    services.gitea-actions-runner.instances.ryujinx = {
+      inherit (cfg) url enable;
+      name = "${config.networking.hostName}-ryujinx";
+      tokenFile = config.sops.secrets.gitea.path;
+      labels = [
+        "ubuntu-latest:host"
+        "ubuntu-20.04:host"
+      ];
+      hostPackages =
+        let
+          python3 = pkgs.python3.withPackages (
+            ps:
+            builtins.attrValues {
+              inherit (ps)
+                pyyaml
+                lxml
+                ;
+            }
+          );
+        in
+        builtins.attrValues {
+          inherit python3;
+          inherit (pkgs.xorg) libX11;
+          inherit (pkgs)
+            bash
+            coreutils
+            curl
+            gawk
+            gitMinimal
+            gnused
+            nodejs
+            wget
+            gnutar
+            gzip
+            dotnet-sdk_8
+            openal
+            vulkan-loader
+            libGL
+            gtk3
+            llvm_15
+            rcodesign
+            gh
+            p7zip
+            ;
+        };
+    };
+  };
+}

modules/scripts.nix

@@ -1,17 +0,0 @@
-{ lib, ... }: {
-  imports = [
-    ./scripts/download.nix
-    ./scripts/ffmpeg4discord.nix
-    ./scripts/ffmpreg.nix
-    ./scripts/find-dup-episode.nix
-    ./scripts/manage-library.nix
-    ./scripts/pika-list.nix
-    ./scripts/run.nix
-    ./scripts/split-dir.nix
-    ./scripts/tasks.nix
-    ./scripts/update-dns.nix
-    ./scripts/stream-dl.nix
-  ];
-  my.units.download.enable = lib.mkDefault false;
-  my.units.stream-dl.enable = lib.mkDefault false;
-}

modules/scripts/base.nix

@@ -1,59 +0,0 @@
-{ config, lib, pkgs, ... }: {
-  options.my.scripts = lib.mkOption {
-    type = lib.types.attrsOf (lib.types.submodule {
-      options = {
-        enable = lib.mkEnableOption "Whether to enable this script";
-        install = lib.mkEnableOption "Whether to install the script package";
-        service = lib.mkEnableOption "Whether to enable the script service";
-        name = lib.mkOption {
-          type = lib.types.str;
-          description = "Name of the script.";
-        };
-        timer = lib.mkOption {
-          type = lib.types.str;
-          default = "*:0";
-          description = "Systemd timer schedule.";
-        };
-        description = lib.mkOption {
-          type = lib.types.str;
-          description = "Description of the service.";
-        };
-        package = lib.mkOption {
-          type = lib.types.package;
-          description = "Package containing the executable script.";
-        };
-      };
-    });
-    default = { };
-    description = "Configuration for multiple scripts.";
-  };
-
-  config = lib.mkIf (lib.any (s: s.enable) (lib.attrValues config.my.scripts)) {
-    users.users.jawz.packages = lib.flatten (lib.mapAttrsToList (name: script:
-      lib.optional (script.enable && script.install) script.package)
-      config.my.scripts);
-
-    systemd.user.services = lib.mapAttrs' (name: script:
-      lib.nameValuePair "${script.name}"
-      (lib.mkIf (script.enable && script.service) {
-        restartIfChanged = true;
-        description = script.description;
-        wantedBy = [ "default.target" ];
-        path = [ pkgs.nix script.package ];
-        serviceConfig = {
-          Restart = "on-failure";
-          RestartSec = 30;
-          ExecStart = "${script.package}/bin/${script.name}";
-        };
-      })) config.my.scripts;
-
-    systemd.user.timers = lib.mapAttrs' (name: script:
-      lib.nameValuePair "${script.name}"
-      (lib.mkIf (script.enable && script.service) {
-        enable = true;
-        description = script.description;
-        wantedBy = [ "timers.target" ];
-        timerConfig = { OnCalendar = script.timer; };
-      })) config.my.scripts;
-  };
-}

modules/scripts/download.nix

@@ -1,48 +1,51 @@
-{ pkgs, lib, config, ... }: {
-  imports = [ ./base.nix ];
-  options.my.units.download.enable = lib.mkEnableOption "enable";
-  config = let
-    download = with pkgs;
-      python3Packages.buildPythonApplication {
-        pname = "download";
-        version = "2.5";
-        src = ../../scripts/download/.;
-        buildInputs = [ python3Packages.setuptools ];
-        propagatedBuildInputs = [
-          python3Packages.pyyaml
-          python3Packages.types-pyyaml
-          yt-dlp
-          gallery-dl
-          ffmpeg
-        ];
+{
+  inputs,
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+{
+  options.my.units = {
+    download.enable = lib.mkEnableOption "media download automation scripts";
+    downloadManga.enable = lib.mkEnableOption "manga download automation";
   };
-  in {
-    home-manager.users.jawz = {
-      xdg.configFile."gallery-dl/config.json".source =
-        ../../dotfiles/gallery-dl/config.json;
-      services.lorri.enable = true;
-      programs.bash = {
-        shellAliases = {
-          comic = ''download -u jawz -i "$(cat $LC | fzf --multi --exact -i)"'';
-          gallery =
-            ''download -u jawz -i "$(cat $LW | fzf --multi --exact -i)"'';
-          dl = "download -u jawz -i";
+  config =
+    let
+      inherit (inputs.jawz-scripts.packages.x86_64-linux) download;
+    in
+    {
+      home-manager.users.jawz.programs.${config.my.shell.type} = {
+        shellAliases = inputs.self.lib.mergeAliases inputs.self.lib.commonAliases {
+          dl = "${download}/bin/download -u jawz -i";
+          comic = ''dl "$(cat "$LC" | fzf --multi --exact -i)"'';
+          gallery = ''dl "$(cat "$LW" | fzf --multi --exact -i)"'';
         };
-        initExtra = ''
+      }
+      //
+        inputs.self.lib.shellConditional config.my.shell.type
+          ''
+            list_root=$XDG_CONFIG_HOME/jawz/lists/jawz
+            export LW=$list_root/watch.txt
+            export LI=$list_root/instant.txt
+            export LC=$list_root/comic.txt
+          ''
+          ''
             list_root=$XDG_CONFIG_HOME/jawz/lists/jawz
             export LW=$list_root/watch.txt
             export LI=$list_root/instant.txt
             export LC=$list_root/comic.txt
           '';
-      };
-    };
-    systemd.user = lib.mkIf config.my.units.download.enable {
-      services = let
+      systemd.user = {
+        services =
+          let
             mkDownloadService = desc: execStartCmd: {
               restartIfChanged = true;
               description = "Downloads ${desc}";
               wantedBy = [ "default.target" ];
-          path = [ pkgs.bash download ];
+              path = [
+                pkgs.bash
+              ];
               serviceConfig = {
                 TimeoutStartSec = 2000;
                 TimeoutStopSec = 2000;
@@ -51,15 +54,23 @@
                 ExecStart = "${download}/bin/download ${execStartCmd}";
               };
             };
-      in {
-        tuhmayto = mkDownloadService "tuhmayto stuff" ''
+          in
+          {
+            tuhmayto = lib.mkIf config.my.units.download.enable (
+              mkDownloadService "tuhmayto stuff" ''
                 -u jawz -i https://x.com/tuhmayto/media \
-          https://www.furaffinity.net/user/tuhmayto/'';
-        "download@" = mkDownloadService "post from multiple sources" "%I";
-        "instagram@" = mkDownloadService "post types from instagram"
-          "instagram -u jawz -t %I";
+                https://www.furaffinity.net/user/tuhmayto/ \
+                https://bsky.app/profile/tumayto.bsky.social''
+            );
+            "download@" = lib.mkIf (config.my.units.download.enable || config.my.units.downloadManga.enable) (
+              mkDownloadService "post from multiple sources" "%I"
+            );
+            "instagram@" = lib.mkIf config.my.units.download.enable (
+              mkDownloadService "post types from instagram" "instagram -u jawz -t %I"
+            );
           };
-      timers = let
+        timers =
+          let
             downloadTimer = time: delay: {
               enable = true;
               description = "Downloads post types from different sites";
@@ -70,18 +81,25 @@
                 Persistent = true;
               };
             };
-      in {
-        "instagram@stories" = downloadTimer "*-*-* 08:12:00" 120 // { };
-        "download@main" = downloadTimer "*-*-* 06,18:02:00" 30 // { };
-        "download@push" = downloadTimer "*:0/5" 30 // { };
-        "download@manga" = downloadTimer "Fri *-*-* 03:08:00" 30 // { };
-        # "download@kemono" = downloadTimer
-        # "*-*-1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31 18:06:00" 60 // { };
-        tuhmayto = {
+          in
+          {
+            # "instagram@stories" = lib.mkIf config.my.units.download.enable (
+            #   downloadTimer "*-*-* 12:34:00" 120 // { }
+            # );
+            "download@main" = lib.mkIf config.my.units.download.enable (
+              downloadTimer "*-*-* 06,18:02:00" 30 // { }
+            );
+            "download@push" = lib.mkIf config.my.units.download.enable (downloadTimer "*:0/5" 30 // { });
+            "download@manga" = lib.mkIf config.my.units.downloadManga.enable (
+              downloadTimer "*-*-* 03:08:00" 30 // { }
+            );
+            tuhmayto = lib.mkIf config.my.units.download.enable {
               enable = true;
               description = "Downloads tuhmayto stuff";
               wantedBy = [ "timers.target" ];
-          timerConfig = { OnCalendar = "*:0/10"; };
+              timerConfig = {
+                OnCalendar = "*:0/10";
+              };
             };
           };
       };

modules/scripts/ffmpeg4discord.nix

@@ -1,11 +1,10 @@
-{ pkgs, lib, ... }: {
-  imports = [ ./base.nix ];
+{ inputs, lib, ... }:
+{
   config.my.scripts.ffmpeg4discord = {
     enable = lib.mkDefault false;
     install = true;
     service = false;
     name = "ffmpeg4discord";
-    package = pkgs.writeScriptBin "ffmpeg4discord"
-      (builtins.readFile ../../scripts/ffmpeg4discord.py);
+    package = inputs.jawz-scripts.packages.x86_64-linux.ffmpeg4discord;
   };
 }

modules/scripts/ffmpreg.nix

@@ -1,11 +1,10 @@
-{ pkgs, lib, ... }: {
-  imports = [ ./base.nix ];
+{ inputs, lib, ... }:
+{
   config.my.scripts.ffmpreg = {
     enable = lib.mkDefault false;
     install = true;
     service = false;
     name = "ffmpreg";
-    package = pkgs.writeScriptBin "ffmpreg"
-      (builtins.readFile ../../scripts/ffmpreg.sh);
+    package = inputs.jawz-scripts.packages.x86_64-linux.ffmpreg;
   };
 }

modules/scripts/find-dup-episode.nix

@@ -1,11 +1,10 @@
-{ pkgs, lib, ... }: {
-  imports = [ ./base.nix ];
+{ inputs, lib, ... }:
+{
   config.my.scripts.find-dup-episodes = {
     enable = lib.mkDefault false;
     install = true;
     service = false;
     name = "find-dup-episodes";
-    package = pkgs.writeScriptBin "find-dup-episodes"
-      (builtins.readFile ../../scripts/find-dup-episodes.sh);
+    package = inputs.jawz-scripts.packages.x86_64-linux.find-dup-episodes;
   };
 }

modules/scripts/library-report.nix

@@ -0,0 +1,10 @@
+{ inputs, lib, ... }:
+{
+  config.my.scripts.library-report = {
+    enable = lib.mkDefault false;
+    install = true;
+    service = false;
+    name = "library-report";
+    package = inputs.jawz-scripts.packages.x86_64-linux.library-report;
+  };
+}

modules/scripts/manage-library.nix

@@ -1,5 +1,5 @@
-{ pkgs, lib, ... }: {
-  imports = [ ./base.nix ];
+{ inputs, lib, ... }:
+{
   config.my.scripts.manage-library = {
     enable = lib.mkDefault false;
     install = true;
@@ -7,7 +7,6 @@
     name = "manage-library";
     timer = "00:30";
     description = "scans the library directory and sorts files";
-    package = pkgs.writeScriptBin "manage-library"
-      (builtins.readFile ../../scripts/manage-library.sh);
+    package = inputs.jawz-scripts.packages.x86_64-linux.manage-library;
   };
 }

modules/scripts/pika-list.nix

@@ -1,11 +1,10 @@
-{ pkgs, lib, ... }: {
-  imports = [ ./base.nix ];
+{ inputs, lib, ... }:
+{
   config.my.scripts.pika-list = {
     enable = lib.mkDefault false;
     install = true;
     service = false;
     name = "pika-list";
-    package = pkgs.writeScriptBin "pika-list"
-      (builtins.readFile ../../scripts/pika-list.sh);
+    package = inputs.jawz-scripts.packages.x86_64-linux.pika-list;
   };
 }

modules/scripts/run.nix

@@ -1,11 +1,10 @@
-{ pkgs, lib, ... }: {
-  imports = [ ./base.nix ];
+{ inputs, lib, ... }:
+{
   config.my.scripts.run = {
     enable = lib.mkDefault false;
     install = true;
     service = false;
     name = "run";
-    package =
-      pkgs.writeScriptBin "run" (builtins.readFile ../../scripts/run.sh);
+    package = inputs.jawz-scripts.packages.x86_64-linux.run;
   };
 }

modules/scripts/split-dir.nix

@@ -1,11 +1,10 @@
-{ pkgs, lib, ... }: {
-  imports = [ ./base.nix ];
+{ inputs, lib, ... }:
+{
   config.my.scripts.split-dir = {
     enable = lib.mkDefault false;
     install = true;
     service = false;
     name = "split-dir";
-    package = pkgs.writeScriptBin "split-dir"
-      (builtins.readFile ../../scripts/split-dir.sh);
+    package = inputs.jawz-scripts.packages.x86_64-linux.split-dir;
   };
 }

modules/scripts/stream-dl.nix

@@ -1,23 +1,34 @@
-{ pkgs, lib, config, ... }: {
-  imports = [ ./base.nix ];
-  options.my.units.stream-dl.enable = lib.mkEnableOption "enable";
-  config = let
-    stream-dl = pkgs.writeScriptBin "stream-dl"
-      (builtins.readFile ../../scripts/stream-dl.sh);
-  in {
+{
+  inputs,
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+{
+  options.my.units.stream-dl.enable = lib.mkEnableOption "streaming media download service";
+  config =
+    let
+      inherit (inputs.jawz-scripts.packages.x86_64-linux) stream-dl;
+    in
+    {
       systemd.user = lib.mkIf config.my.units.stream-dl.enable {
         services."stream@" = {
           description = "monitors a stream channel for online streams.";
           restartIfChanged = true;
           wantedBy = [ "default.target" ];
-        path = [ pkgs.nix stream-dl ];
+          path = [
+            pkgs.nix
+            stream-dl
+          ];
           serviceConfig = {
             Restart = "on-failure";
             RestartSec = 30;
             ExecStart = "${stream-dl}/bin/stream-dl %I";
           };
         };
-      timers = let
+        timers =
+          let
             streamTimer = {
               enable = true;
               description = "monitors a stream channel for online streams.";
@@ -28,7 +39,8 @@
                 RandomizedDelaySec = 30;
               };
             };
-      in {
+          in
+          {
             "stream@johnneal911" = streamTimer // { };
             "stream@uk2011boy" = streamTimer // { };
             "stream@tommy9x6" = streamTimer // { };

modules/scripts/tasks.nix

@@ -1,5 +1,5 @@
-{ pkgs, lib, ... }: {
-  imports = [ ./base.nix ];
+{ inputs, lib, ... }:
+{
   config.my.scripts.tasks = {
     enable = lib.mkDefault false;
     install = true;
@@ -7,7 +7,6 @@
     name = "tasks";
     timer = "*:0/10";
     description = "Runs a bunch of organizing tasks on selected directories";
-    package =
-      pkgs.writeScriptBin "tasks" (builtins.readFile ../../scripts/tasks.sh);
+    package = inputs.jawz-scripts.packages.x86_64-linux.tasks;
   };
 }

modules/scripts/tuh-activity-logger.nix

@@ -0,0 +1,12 @@
+{ inputs, lib, ... }:
+{
+  config.my.scripts.tuh-activity-logger = {
+    enable = lib.mkDefault false;
+    install = true;
+    service = true;
+    name = "tuh-activity-logger";
+    timer = "0/4:00";
+    description = "Logs the online activity on a website";
+    package = inputs.jawz-scripts.packages.x86_64-linux.tuh-activity-logger;
+  };
+}

modules/scripts/update-dns.nix

@@ -1,11 +1,31 @@
-{ config, pkgs, lib, ... }: {
-  imports = [ ./base.nix ];
-  config = {
-    sops.secrets.dns = {
+{
+  inputs,
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
+  config = lib.mkIf config.my.secureHost {
+    sops.secrets = {
+      cloudflare-api.sopsFile = ../../secrets/env.yaml;
+      dns = {
         sopsFile = ../../secrets/env.yaml;
         owner = config.users.users.jawz.name;
         inherit (config.users.users.jawz) group;
       };
+    };
+    services.cloudflare-dyndns = {
+      # inherit (config.my.scripts.update-dns) enable;
+      enable = false;
+      ipv4 = true;
+      ipv6 = false;
+      proxied = false;
+      domains = [
+        config.my.domain
+      ];
+      apiTokenFile = config.sops.secrets.cloudflare-api.path;
+    };
     my.scripts.update-dns = {
       enable = lib.mkDefault false;
       install = true;
@@ -13,14 +33,17 @@
       name = "update-dns";
       timer = "*:0/30";
       description = "Updates the IP of all my domains";
-      package = let
-        update-dns = pkgs.writeScriptBin "update-dns"
-          (builtins.readFile ../../scripts/update-dns.sh);
-      in pkgs.writeScriptBin "update-dns" ''
-        set -a &&
-        source ${config.sops.secrets.dns.path} &&
-        set -a &&
-        ${update-dns}/bin/update-dns;
+      package =
+        let
+          inherit (inputs.jawz-scripts.packages.x86_64-linux) update-dns;
+        in
+        pkgs.writeScriptBin "update-dns" ''
+          #!/usr/bin/env nix-shell
+          #! nix-shell -i bash -p bash curl 
+          set -a
+          source ${config.sops.secrets.dns.path}
+          set -a
+          ${update-dns}/bin/update-dns
         '';
     };
   };

modules/scripts/update-org-agenda-cache.nix

@@ -0,0 +1,21 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  config.my.scripts.update-org-agenda-cache = {
+    enable = lib.mkDefault false;
+    install = config.my.emacs.enable;
+    service = config.my.emacs.enable;
+    name = "update-org-agenda-cache";
+    timer = "*:0/30";
+    description = "runs a function which builds a cache file.";
+    package = pkgs.writeScriptBin "update-org-agenda-cache" ''
+      #!/usr/bin/env nix-shell
+      #! nix-shell -i bash -p bash
+      ${config.services.emacs.package}/bin/emacsclient --eval '(my/update-org-agenda-cache)'
+    '';
+  };
+}