home/xdg: set OPAMROOT override

This reverts commit 19980dc75b.

.sops.yaml

@@ -1,10 +1,11 @@
 keys:
   - &gpg_h7x4 F7D37890228A907440E1FD4846B9228E814A2AAC
-  - &host_tsuki age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst
+  - &host_tsuki age1ue7uv559wf6tfjsutn9dsh07vpk53sgrfkdzqy4ltg6dnxcxeg7srx800u
   - &host_kasei age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc
-  - &host_dosei age179y7apa80p9unvyjtsphpzyhve90ex986vlxkx43xt9n6m7en3csqnug7c
-  - &host_europa age14mer45e52r2q4uz8n3fmv69tvk8gvwany4m4ndudud8ajv3jm4nqdj9m6a
+  - &host_dosei age1s6s4w7cdfgajm30z9gy8va8pvs2lrzk5gnsg0hmn5z2sl8z36seqej406r
+  - &host_xps16 age1np3fg9ue2tp4l47x7waapvjxh5zcaye2j54laapy7uklamve2c4qv3gytm
   - &home age10f4a5acpar8vwz3v298r3nv7gggfpmyh4wxpkc2hwq9paq0scf8qee8lau
+  - &home_dosei age17acs5lw7npma4sughxq3wj3cs5gjkenqdzscyvaks0er33n8gupsce7jlp
 
 creation_rules:
   - path_regex: secrets/common.yaml
@@ -15,8 +16,9 @@ creation_rules:
         - *host_tsuki
         - *host_kasei
         - *host_dosei
-        - *host_europa
+        - *host_xps16
         - *home
+        - *home_dosei
 
   - path_regex: secrets/home.yaml
     key_groups:
@@ -24,6 +26,14 @@ creation_rules:
         - *gpg_h7x4
         age:
         - *home
+        - *home_dosei
+
+  - path_regex: secrets/xps16.yaml
+    key_groups:
+      - pgp:
+        - *gpg_h7x4
+        age:
+        - *host_xps16
 
   - path_regex: secrets/kasei.yaml
     key_groups:
@@ -45,10 +55,3 @@ creation_rules:
         - *gpg_h7x4
         age:
         - *host_dosei
-
-  - path_regex: secrets/europa.yaml
-    key_groups:
-      - pgp:
-        - *gpg_h7x4
-        age:
-        - *host_europa

README.md

@@ -1,5 +1,7 @@
 [![built with nix](https://builtwithnix.org/badge.svg)](https://builtwithnix.org)
 
+![works on my machine](https://img.shields.io/badge/status-works_on_my_machine-blue)
+
 # Nix Dotfiles
 
 These are my dotfiles for several nix machines.
@@ -14,7 +16,8 @@ Here are some of the interesting files and dirs:
 | `/modules` | Custom nixos modules that I use in my own configuration. If you see options that does not appear in [NixOS Search][nixos-search], they might be defined here. |
 | `/package-overrides` | Updated or pinned versions of packages that have not been upstreamed to nixpkgs (yet). |
 | `/secrets` | Encrypted [sops-nix][sops-nix] secrets. |
-| `flake.nix` | The root of everyting. Defines the inputs and outputs of the project. Also applies misc overlays and adds config-wide modules. See [Nix Flakes][nix-flakes] for more information. |
+| `flake.nix` | The root of everything. Defines the inputs and outputs of the project. Also applies misc overlays and adds config-wide modules. See [Nix Flakes][nix-flakes] for more information. |
+
 
 ## Hosts
 
@@ -22,8 +25,7 @@ Here are some of the interesting files and dirs:
 |------|--------------|---------|
 | `Tsuki` | Dell Poweredge r710 server | Data storage / Build server / Selfhosted services. This server hosts a wide variety of services, including websites, matrix server, git repos, CI/CD and more. **This is probably the most interesting machine to pick config from** |
 | `Kasei` | AMD Zen 2 CPU / AMD GPU - desktop computer | Semi-daily driver. This is my main computer at home. |
-| `Dosei` | Dell Optiplex | Work computer, mostly used for development and testing. |
-| `Europa` | Dell Optiplex | Other work computer, used as nix builder for `Dosei`. |
+
 
 ## home-manager configuration
 
@@ -36,6 +38,74 @@ Here are some of the interesting files and dirs:
 | `/home/services` | Configuration for services/daemons that are user-specific. |
 | `/home/shell.nix` | Shell-agnostic configuration. This includes aliases, envvars, functions, etc. |
 
+
+## Some useful long commands
+
+Build configuration without switching:
+
+```
+nix build .#nixosConfigurations.tsuki.config.system.build.toplevel -L
+```
+
+Check why configuration depends on package:
+
+```
+NIXPKGS_ALLOW_INSECURE=1 nix why-depends .#nixosConfigurations.tsuki.config.system.build.toplevel .#pkgs.suspiciousPackage
+```
+
+Re-encrypt sops secrets with new key:
+
+```
+sops updatekeys secrets/hosts/file.yml
+```
+
+## Setting up a new machine
+
+### 1. Move gpg keys to
+
+```console
+# Export on some machine
+gpg --export-secret-keys --armor nani.wtf > ~/SD/gpg_keys.pem
+
+# Import
+gpg --import ~/SD/gpg_keys.pem
+```
+
+### 2. Generating host keys, and converting to age keys for nix-sops host secrets
+
+```console
+# Create host keys
+ssh-keygen -A
+
+# Convert public key to age format
+nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
+
+# Register this key in `.sops.yaml`
+$EDITOR .sops.yaml
+
+# Update keys
+sops updatekeys secrets/common.yaml
+sops updatekeys secrets/$(hostname).yaml # if present
+```
+
+### 3. Creating new ssh key for nix-sops home secrets
+
+```console
+# Create new key
+ssh-keygen -t ed25519 -b 4096 -C "sops-nix home key" -f ~/.ssh/id_ed25519_home_sops -N ''
+
+# Convert public key to age format
+nix-shell -p ssh-to-age --run 'cat ~/.ssh/id_ed25519_home_sops.pub | ssh-to-age'
+
+# Register this key in `.sops.yaml`
+$EDITOR .sops.yaml
+
+# Update keys
+sops updatekeys secrets/common.yaml
+sops updatekeys secrets/home.yaml
+```
+
+
 [home-manager]: https://github.com/nix-community/home-manager
 [nixos-search]: https://search.nixos.org/options
 [sops-nix]: https://github.com/Mic92/sops-nix

flake.lock

@@ -1,30 +1,34 @@
 {
   "nodes": {
-    "dotfiles": {
-      "flake": false,
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
       "locked": {
-        "lastModified": 1654179945,
-        "narHash": "sha256-vnD7vu/hRBPoqL6Wse9CELitW30a9P++QTPnNm1qHjE=",
-        "ref": "master",
-        "rev": "37bdd48de4bfa8e03a8ab5ef840b2509e193e6a1",
-        "revCount": 96,
-        "type": "git",
-        "url": "https://git.pvv.ntnu.no/oysteikt/dotfiles"
+        "lastModified": 1768920986,
+        "narHash": "sha256-CNzzBsRhq7gg4BMBuTDObiWDH/rFYHEuDRVOwCcwXw4=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "de5708739256238fb912c62f03988815db89ec9a",
+        "type": "github"
       },
       "original": {
-        "ref": "master",
-        "type": "git",
-        "url": "https://git.pvv.ntnu.no/oysteikt/dotfiles"
+        "owner": "nix-community",
+        "ref": "v1.13.0",
+        "repo": "disko",
+        "type": "github"
       }
     },
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1673956053,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "lastModified": 1747046372,
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
         "type": "github"
       },
       "original": {
@@ -33,55 +37,6 @@
         "type": "github"
       }
     },
-    "flake-utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1681202837,
-        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_2": {
-      "inputs": {
-        "systems": "systems_2"
-      },
-      "locked": {
-        "lastModified": 1681202837,
-        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "fonts": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1668957008,
-        "narHash": "sha256-er2eUfNSG9qdBh0JvtxtftQjFfTFjRqqD8dnk5nZ1qw=",
-        "path": "/home/h7x4/git/fonts",
-        "type": "path"
-      },
-      "original": {
-        "path": "/home/h7x4/git/fonts",
-        "type": "path"
-      }
-    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -89,40 +44,20 @@
         ]
       },
       "locked": {
-        "lastModified": 1718530513,
-        "narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=",
+        "lastModified": 1769580047,
+        "narHash": "sha256-tNqCP/+2+peAXXQ2V8RwsBkenlfWMERb+Uy6xmevyhM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a1fddf0967c33754271761d91a3d921772b30d0e",
+        "rev": "366d78c2856de6ab3411c15c1cb4fb4c2bf5c826",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-24.05",
+        "ref": "release-25.11",
         "repo": "home-manager",
         "type": "github"
       }
     },
-    "home-manager-local": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs-unstable"
-        ]
-      },
-      "locked": {
-        "lastModified": 1719170506,
-        "narHash": "sha256-AROqng7/S3mTByq8DBVR6r0iW1yZH+otJkqOwLHvELE=",
-        "ref": "refs/heads/fix-stalonetrayrc-path",
-        "rev": "0e5656163c2f9ac6e2cc4de3b44beb7a137abbe6",
-        "revCount": 3588,
-        "type": "git",
-        "url": "file:///home/h7x4/git/home-manager"
-      },
-      "original": {
-        "type": "git",
-        "url": "file:///home/h7x4/git/home-manager"
-      }
-    },
     "matrix-synapse-next": {
       "inputs": {
         "nixpkgs": [
@@ -130,18 +65,18 @@
         ]
       },
       "locked": {
-        "lastModified": 1717234745,
-        "narHash": "sha256-MFyKRdw4WQD6V3vRGbP6MYbtJhZp712zwzjW6YiOBYM=",
-        "owner": "dali99",
-        "repo": "nixos-matrix-modules",
-        "rev": "d7dc42c9bbb155c5e4aa2f0985d0df75ce978456",
-        "type": "github"
+        "lastModified": 1769430305,
+        "narHash": "sha256-ae92wLbdzLAFIHP3EigPCQzG4MSrxN4Nq4QQjQNqPvg=",
+        "ref": "main",
+        "rev": "45e302b9ff3835229cf9b76c62bceb11904725d8",
+        "revCount": 87,
+        "type": "git",
+        "url": "https://git.pvv.ntnu.no/oysteikt/nixos-matrix-modules"
       },
       "original": {
-        "owner": "dali99",
-        "ref": "v0.6.0",
-        "repo": "nixos-matrix-modules",
-        "type": "github"
+        "ref": "main",
+        "type": "git",
+        "url": "https://git.pvv.ntnu.no/oysteikt/nixos-matrix-modules"
       }
     },
     "maunium-stickerpicker": {
@@ -185,71 +120,88 @@
     "minecraft": {
       "inputs": {
         "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils",
         "nixpkgs": [
           "nixpkgs-unstable"
-        ]
+        ],
+        "systems": "systems"
       },
       "locked": {
-        "lastModified": 1719278718,
-        "narHash": "sha256-gWQb4P9CZgKzTn4F4eWMYeUv2AQOXFlcFmFXh2apoyA=",
+        "lastModified": 1770000653,
+        "narHash": "sha256-QO/twGynxjOSUDtxbqJLshc/Q5/wImLH5O6KV2p9eoE=",
         "owner": "infinidoge",
         "repo": "nix-minecraft",
-        "rev": "b6ff85f3b416a700ac35e33c214d7c9f4fe071fa",
+        "rev": "6a2ddb643aaf7949caa6158e718c5efc3dda7dc1",
         "type": "github"
       },
       "original": {
         "owner": "infinidoge",
+        "ref": "master",
         "repo": "nix-minecraft",
         "type": "github"
       }
     },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1769302137,
+        "narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=",
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1719145550,
-        "narHash": "sha256-K0i/coxxTEl30tgt4oALaylQfxqbotTSNb1/+g+mKMQ=",
+        "lastModified": 1769900590,
+        "narHash": "sha256-I7Lmgj3owOTBGuauy9FL6qdpeK2umDoe07lM4V+PnyA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e4509b3a560c87a8d4cb6f9992b8915abf9e36d8",
+        "rev": "41e216c0ca66c83b12ab7a98cc326b5db01db646",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-24.05",
+        "ref": "nixos-25.11",
         "type": "indirect"
       }
     },
-    "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1719099622,
-        "narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "5e8e3b89adbd0be63192f6e645e0a54080004924",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "release-23.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1719254875,
-        "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=",
+        "lastModified": 1769983348,
+        "narHash": "sha256-mXYq4h7AFmbLMQtINwejLLL3DiW/ERJbg5UXqMTEV2M=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60",
+        "rev": "eb8d947de7b05897b2b5f4117d184f9c9846cd06",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-unstable",
+        "ref": "nixpkgs-unstable",
         "type": "indirect"
       }
     },
+    "nixpkgs-yet-unstabler": {
+      "locked": {
+        "lastModified": 1770025348,
+        "narHash": "sha256-nUJyE7QwmFQZ46YpgKdhkvacWnxiPVG0H1u96yTbnGI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "0b407490c176a5e0d0af9e105108e534e93bbeeb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "osuchan": {
       "inputs": {
         "nixpkgs": [
@@ -257,11 +209,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1672838459,
-        "narHash": "sha256-SIXzj9fbSvr/jfhhil+0cS7I6KONijdH80PFGxJi+CA=",
+        "lastModified": 1742203788,
+        "narHash": "sha256-nRqyf+msCPEXvvXF6bvfiYH/B089dqWPc7ljRXieA7g=",
         "ref": "refs/heads/master",
-        "rev": "392fb541ce39f1f52908eee336d5ed409cd798ed",
-        "revCount": 42,
+        "rev": "c4e353e745b4012feb75dd1c4405a71f6318ed02",
+        "revCount": 51,
         "type": "git",
         "url": "file:///home/h7x4/git/osuchan-line-bot"
       },
@@ -272,53 +224,31 @@
     },
     "root": {
       "inputs": {
-        "dotfiles": "dotfiles",
-        "fonts": "fonts",
+        "disko": "disko",
         "home-manager": "home-manager",
-        "home-manager-local": "home-manager-local",
         "matrix-synapse-next": "matrix-synapse-next",
         "maunium-stickerpicker": "maunium-stickerpicker",
         "minecraft": "minecraft",
+        "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "nixpkgs-unstable": "nixpkgs-unstable",
+        "nixpkgs-yet-unstabler": "nixpkgs-yet-unstabler",
         "osuchan": "osuchan",
-        "secrets": "secrets",
-        "sops-nix": "sops-nix",
-        "vscode-server": "vscode-server"
-      }
-    },
-    "secrets": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "dirtyRev": "1d1e3c1a3293e22be504749eb92ac3b050cd8622-dirty",
-        "dirtyShortRev": "1d1e3c1-dirty",
-        "lastModified": 1683506783,
-        "narHash": "sha256-iwnpd6v4tKXFDTRomzJxwYPr2mm2JR9DCCnkqsofX5c=",
-        "type": "git",
-        "url": "file:///home/h7x4/git/nix-secrets"
-      },
-      "original": {
-        "type": "git",
-        "url": "file:///home/h7x4/git/nix-secrets"
+        "sops-nix": "sops-nix"
       }
     },
     "sops-nix": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
-        ],
-        "nixpkgs-stable": "nixpkgs-stable"
+        ]
       },
       "locked": {
-        "lastModified": 1719268571,
-        "narHash": "sha256-pcUk2Fg5vPXLUEnFI97qaB8hto/IToRfqskFqsjvjb8=",
+        "lastModified": 1769921679,
+        "narHash": "sha256-twBMKGQvaztZQxFxbZnkg7y/50BW9yjtCBWwdjtOZew=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3",
+        "rev": "1e89149dcfc229e7e2ae24a8030f124a31e4f24f",
         "type": "github"
       },
       "original": {
@@ -341,42 +271,6 @@
         "repo": "default",
         "type": "github"
       }
-    },
-    "systems_2": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "vscode-server": {
-      "inputs": {
-        "flake-utils": "flake-utils_2",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1713958148,
-        "narHash": "sha256-8PDNi/dgoI2kyM7uSiU4eoLBqUKoA+3TXuz+VWmuCOc=",
-        "owner": "nix-community",
-        "repo": "nixos-vscode-server",
-        "rev": "fc900c16efc6a5ed972fb6be87df018bcf3035bc",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixos-vscode-server",
-        "type": "github"
-      }
     }
   },
   "root": "root",

flake.nix

@@ -1,18 +1,23 @@
 {
   inputs = {
-    nixpkgs.url = "nixpkgs/nixos-24.05";
-    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
+    nixpkgs.url = "nixpkgs/nixos-25.11";
+    # nixpkgs.url = "nixpkgs/nixos-unstable";
+    nixpkgs-unstable.url = "nixpkgs/nixpkgs-unstable";
+    nixpkgs-yet-unstabler.url = "github:NixOS/nixpkgs/master";
 
     home-manager = {
-      url = "github:nix-community/home-manager/release-24.05";
+      url = "github:nix-community/home-manager/release-25.11";
+      # url = "github:nix-community/home-manager/master";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    dotfiles = {
-      url = "git+https://git.pvv.ntnu.no/oysteikt/dotfiles?ref=master";
-      flake = false;
+    disko = {
+      url = "github:nix-community/disko/v1.13.0";
+      inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
+
     sops-nix = {
       url = "github:Mic92/sops-nix";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -23,40 +28,18 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    # TODO: fix website
-    # website = {
-    #   url = "git+https://git.pvv.ntnu.no/oysteikt/nani.wtf?ref=main";
-      # url = "path:/home/h7x4/git/nani.wtf";
-      # inputs.nixpkgs.follows = "nixpkgs";
-    # };
-
     maunium-stickerpicker = {
       url = "github:h7x4/maunium-stickerpicker-nix/0.1.0";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
     minecraft = {
-      url = "github:infinidoge/nix-minecraft";
+      url = "github:infinidoge/nix-minecraft/master";
       inputs.nixpkgs.follows = "nixpkgs-unstable";
     };
 
     matrix-synapse-next = {
-      url = "github:dali99/nixos-matrix-modules/v0.6.0";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    vscode-server = {
-      url = "github:nix-community/nixos-vscode-server";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    # Nix expressions and keys (TODO: move keys to another solution like agenix)
-    # which should be kept from the main repo for privacy reasons.
-    #
-    # Includes stuff like usernames, emails, ports, other server users, ssh hosts, etc.
-    secrets = {
-      # TODO: Push this to a remote.
-      url = "git+file:///home/h7x4/git/nix-secrets";
+      url = "git+https://git.pvv.ntnu.no/oysteikt/nixos-matrix-modules?ref=main";
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
@@ -65,17 +48,17 @@
     self,
     nixpkgs,
     nixpkgs-unstable,
+    nixpkgs-yet-unstabler,
     home-manager,
+    disko,
+    nixos-hardware,
 
-    dotfiles,
     matrix-synapse-next,
     maunium-stickerpicker,
     minecraft,
     osuchan,
-    secrets,
     sops-nix,
-    vscode-server,
-    # website
+    # anyrun,
   }: let
     system = "x86_64-linux";
 
@@ -83,60 +66,107 @@
       inherit system;
 
       config = {
-        allowUnfree = true;
+        allowUnfreePredicate = pkg: nixpkgs.lib.elem (nixpkgs.lib.getName pkg) [
+          "discord"
+          "geogebra"
+          "ipu6-camera-bins"
+          "ipu6-camera-bins-unstable"
+          "ivsc-firmware"
+          "ivsc-firmware-unstable"
+        ];
         android_sdk.accept_license = true;
         segger-jlink.acceptLicense = true;
         permittedInsecurePackages = [
-          "segger-jlink-qt4-794l"
+          "segger-jlink-qt4-810"
         ];
       };
 
-      overlays = let
-        nonrecursive-unstable-pkgs = import nixpkgs-unstable {
-          inherit system;
-          config.allowUnfree = true;
-          config.segger-jlink.acceptLicense = true;
-          config.permittedInsecurePackages = [
-            "segger-jlink-qt4-794s"
-          ];
-        };
-      in [
-        (self: super: {
-          inherit (nonrecursive-unstable-pkgs)
-            atuin
-            wstunnel
-            nrf-udev
-            nrfutil
-            ;
-        })
+      overlays = [
+        self.overlays.pcloud
+        self.overlays.unstableLinuxPackages
+        self.overlays.waylandImeIntegration
+        self.overlays.gitoxide
 
-        # https://github.com/NixOS/nixpkgs/pull/251706
-        (self: super: {
-          mozc = self.qt6Packages.callPackage ./package-overrides/mozc.nix { };
-          fcitx5-mozc = self.callPackage ./package-overrides/fcitx5-mozc.nix { };
-        })
-
-        (self: super: {
-          mpv-unwrapped = super.mpv-unwrapped.override {
-            ffmpeg = super.ffmpeg_6-full;
-          };
-        })
+        minecraft.overlays.default
+        osuchan.overlays.default
       ];
     };
 
     pkgs = import nixpkgs pkgs-config;
     unstable-pkgs = import nixpkgs-unstable pkgs-config;
+    yet-unstabler-pkgs = import nixpkgs-yet-unstabler pkgs-config;
   in {
+    inherit pkgs;
+    inherit (nixpkgs) lib;
+
     extendedLib = import ./lib { stdlib = pkgs.lib; };
 
-    inherit pkgs;
+    inputs = pkgs.lib.mapAttrs (_: src: src.outPath) inputs;
 
-    packages.${system} = {
-      inherit (pkgs) kanidm pcloud;
+    devShells.${system}.default = pkgs.mkShellNoCC {
+      packages = with pkgs; [ sops ];
     };
 
-    devShells.${system}.default = pkgs.mkShell {
-      packages = with pkgs; [ sops ];
+    packages.${system} = {
+      bcachefsInstallerIso = let
+        nixosSystem = nixpkgs.lib.nixosSystem {
+          inherit system;
+          modules = [
+            "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix"
+            ({ lib, pkgs, ... }: {
+              boot.supportedFilesystems = [ "bcachefs" ];
+              boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
+            })
+          ];
+        };
+      in nixosSystem.config.system.build.isoImage;
+    };
+
+    overlays = let
+      nonrecursive-unstable-pkgs = import nixpkgs-unstable {
+        inherit system;
+        config.allowUnfree = true;
+        config.segger-jlink.acceptLicense = true;
+        config.permittedInsecurePackages = [
+          "segger-jlink-qt4-796s"
+        ];
+      };
+    in {
+      pcloud = import ./overlays/pcloud.nix {
+        inherit (nixpkgs) lib;
+        pkgs = nonrecursive-unstable-pkgs;
+      };
+
+      gitoxide = _: _: {
+        gitoxide = nonrecursive-unstable-pkgs.gitoxide;
+      };
+
+      unstableLinuxPackages = _: _: {
+        linuxPackages_latest = nonrecursive-unstable-pkgs.linuxPackages_latest;
+      };
+
+      waylandImeIntegration = import ./overlays/wayland-ime-integration.nix;
+    };
+
+    nixosModules = {
+      machineVars = ./modules/machineVars.nix;
+      socketActivation = ./modules/socketActivation.nix;
+      duperemove = ./modules/duperemove.nix;
+    };
+
+    homeModules = {
+      cargo = ./home/modules/programs/cargo;
+      colors = ./home/modules/colors.nix;
+      direnv-auto-prune = ./home/modules/programs/direnv/auto-prune.nix;
+      downloads-sorter = ./home/modules/services/downloads-sorter.nix;
+      gpg = ./home/modules/programs/gpg;
+      mpd-auto-updater = ./home/modules/services/mpd.nix;
+      neovim-auto-clean-swapfiles = ./home/modules/programs/neovim/auto-clean-swapfiles.nix;
+      nix-index-auto-update-database = ./home/modules/programs/nix-index/auto-update-database.nix;
+      prism-launcher = ./home/modules/programs/prism-launcher;
+      shellAliases = ./home/modules/shellAliases.nix;
+      systemd-tmpfiles = ./home/modules/systemd-tmpfiles.nix;
+      uidGid = ./home/modules/uidGid.nix;
     };
 
     homeConfigurations = {
@@ -146,12 +176,12 @@
 
         username = "h7x4";
         homeDirectory = "/home/h7x4";
-        stateVersion = "22.05";
+        stateVersion = "25.05";
         configuration = {
           imports = [
             ./home/home.nix
             ./modules/machineVars.nix
-          ];
+          ] ++ (builtins.attrValues self.homeModules);
 
           machineVars = {
             headless = false;
@@ -162,6 +192,55 @@
           };
         };
       };
+
+      pvv = home-manager.lib.homeManagerConfiguration {
+        inherit pkgs;
+
+        extraSpecialArgs = {
+          inherit inputs;
+          inherit unstable-pkgs;
+          inherit yet-unstabler-pkgs;
+          inherit (self) extendedLib;
+          machineName = "pvv-machine";
+          machineVars = {
+            headless = true;
+            # fixDisplayCommand = "echo 'not available'";
+            gaming = false;
+            development = true;
+            laptop = false;
+            battery = null;
+            wlanInterface = null;
+            wayland = false;
+          };
+        };
+
+        modules = [
+          ./home/home.nix
+          ./modules/machineVars.nix
+          inputs.sops-nix.homeManagerModules.sops
+          ({ config, pkgs, lib, ... }: {
+            home = {
+              username = lib.mkForce "oysteikt";
+              homeDirectory = lib.mkForce "/home/pvv/d/oysteikt";
+              stateVersion = "25.05";
+              packages = [
+                # NOTE: nix on pvv machines is severely outdated
+                #       putting it in the path of home-manager
+                #       will ensure we use the new one by default
+                config.nix.package
+              ];
+            };
+
+            nix.package = pkgs.nix;
+            nix.settings.use-xdg-base-directories = lib.mkForce false;
+
+            local.shell.aliases."Nix Stuff" = {
+              nxr = lib.mkForce "echo \"Local rebuilds are not available on this machine\"";
+              nxrl = lib.mkForce "echo \"Local rebuilds are not available on this machine\"";
+            };
+          })
+        ] ++ (builtins.attrValues self.homeModules);
+      };
     };
 
     nixosConfigurations = let
@@ -175,8 +254,8 @@
             specialArgs = {
               inherit inputs;
               inherit unstable-pkgs;
+              inherit yet-unstabler-pkgs;
               inherit (self) extendedLib;
-              secrets = secrets.outputs.settings;
             } // (extraConfig.specialArgs or { });
 
             modules = [
@@ -188,7 +267,6 @@
               ./modules/machineVars.nix
               ./modules/socketActivation.nix
 
-              secrets.outputs.nixos-config
               sops-nix.nixosModules.sops
 
               ({ config, ... }:
@@ -198,14 +276,15 @@
                   extraSpecialArgs = {
                     inherit inputs;
                     inherit unstable-pkgs;
+                    inherit yet-unstabler-pkgs;
                     inherit (self) extendedLib;
                     inherit (config) machineVars;
-                    secrets = secrets.outputs.settings;
+                    machineName = name;
                   };
 
                   sharedModules = [
                     inputs.sops-nix.homeManagerModules.sops
-                  ];
+                  ] ++ (builtins.attrValues self.homeModules);
 
                   users.h7x4.imports = [
                     ./home/home.nix
@@ -221,14 +300,35 @@
             "specialArgs"
           ]));
     in {
-      dosei = nixSys "dosei" { };
-      kasei = nixSys "kasei" { };
-      europa = nixSys "europa" { };
+      kasei = nixSys "kasei" {
+        modules = [
+          nixos-hardware.nixosModules.common-pc
+          nixos-hardware.nixosModules.common-pc-ssd
+          nixos-hardware.nixosModules.common-cpu-amd
+          nixos-hardware.nixosModules.common-cpu-amd-pstate
+          nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
+        ];
+      };
+      xps16 = nixSys "xps16" {
+        modules = [
+          nixos-hardware.nixosModules.common-hidpi
+          nixos-hardware.nixosModules.common-pc-laptop
+          nixos-hardware.nixosModules.common-pc-laptop-ssd
+          nixos-hardware.nixosModules.common-cpu-intel
+          nixos-hardware.nixosModules.common-gpu-intel
+
+          disko.nixosModules.default
+        ];
+      };
       tsuki = nixSys "tsuki" {
         modules = [
+          nixos-hardware.nixosModules.common-cpu-amd
+          nixos-hardware.nixosModules.common-pc-ssd
+
+          disko.nixosModules.default
+
           matrix-synapse-next.nixosModules.default
           osuchan.outputs.nixosModules.default
-          vscode-server.nixosModules.default
           maunium-stickerpicker.nixosModules.default
 
           (args: import minecraft.outputs.nixosModules.minecraft-servers (args // {

home/breakerbox.nix

@@ -0,0 +1,192 @@
+{ config, lib, machineVars, ... }:
+let
+  inherit (lib) mkForce mkIf optionals;
+  graphics = !machineVars.headless;
+in
+{
+  imports = [
+    ./config/gtk.nix
+
+    ./programs/nix.nix
+
+    ./programs/ahoviewer.nix
+    ./programs/alacritty.nix
+    ./programs/anki.nix
+    ./programs/anyrun
+    ./programs/aria2.nix
+    ./programs/atuin.nix
+    ./programs/bash.nix
+    ./programs/bat.nix
+    ./programs/beets.nix
+    ./programs/bottom.nix
+    ./programs/cargo.nix
+    # ./programs/comma.nix
+    ./programs/delta.nix
+    ./programs/direnv
+    ./programs/element-desktop.nix
+    ./programs/emacs
+    ./programs/eza.nix
+    ./programs/fastfetch.nix
+    ./programs/feh.nix
+    ./programs/firefox.nix
+    ./programs/fzf.nix
+    ./programs/gdb.nix
+    ./programs/gh-dash.nix
+    ./programs/gh.nix
+    ./programs/ghci.nix
+    ./programs/git
+    ./programs/gpg.nix
+    ./programs/home-manager.nix
+    ./programs/hyprland
+    ./programs/jq.nix
+    ./programs/less.nix
+    ./programs/man.nix
+    ./programs/meli.nix
+    ./programs/mpv.nix
+    ./programs/ncmpcpp.nix
+    ./programs/neomutt.nix
+    ./programs/neovim
+    ./programs/newsboat
+    ./programs/nix-index
+    ./programs/nushell.nix
+    ./programs/nyxt.nix
+    ./programs/obs-studio.nix
+    ./programs/obsidian.nix
+    ./programs/pandoc.nix
+    ./programs/prism-launcher.nix
+    ./programs/python.nix
+    ./programs/qutebrowser.nix
+    ./programs/rclone.nix
+    ./programs/ripgrep.nix
+    ./programs/rofi
+    ./programs/skim.nix
+    ./programs/sqlite.nix
+    ./programs/ssh
+    ./programs/taskwarrior.nix
+    ./programs/tealdeer
+    ./programs/texlive.nix
+    ./programs/thunderbird.nix
+    ./programs/tmux
+    ./programs/uv.nix
+    ./programs/vscode
+    ./programs/waybar.nix
+    ./programs/yazi.nix
+    ./programs/yt-dlp.nix
+    ./programs/zathura.nix
+    ./programs/zed
+    ./programs/zoxide.nix
+    ./programs/zsh
+
+    ./services/copyq.nix
+    ./services/dunst.nix
+    ./services/fcitx5.nix
+    ./services/gnome-keyring.nix
+    ./services/mpd.nix
+    ./services/mpris-proxy.nix
+    ./services/network-manager.nix
+    ./services/nix-channel-update.nix
+    ./services/psd.nix
+    ./services/pueue.nix
+    ./services/tumblerd.nix
+  ] ++ (optionals (!machineVars.wayland) [
+    ./programs/xmonad
+    # ./programs/xmobar
+
+    ./services/picom.nix
+    ./services/polybar.nix
+    ./services/screen-locker.nix
+    # ./services/stalonetray.nix
+    ./services/sxhkd.nix
+  ]);
+
+  programs.aria2.enable = true;
+  programs.atuin.enable = true;
+  programs.bash.enable = true;
+  programs.bat.enable = true;
+  programs.beets.enable = true;
+  programs.bottom.enable = true;
+  programs.cargo.enable = true;
+  # programs.comma.enable = true;
+  programs.direnv.enable = true;
+  programs.eza.enable = true;
+  programs.fastfetch.enable = true;
+  programs.fzf.enable = true;
+  programs.gdb.enable = true;
+  programs.gh-dash.enable = true;
+  programs.gh.enable = true;
+  programs.ghci.enable = true;
+  programs.git.enable = true;
+  programs.gpg.enable = true;
+  programs.helix.enable = true;
+  programs.home-manager.enable = true;
+  programs.jq.enable = true;
+  programs.less.enable = true;
+  programs.man.enable = true;
+  programs.meli.enable = true;
+  programs.neomutt.enable = true;
+  programs.neovim.enable = true;
+  programs.nix-index.enable = true;
+  programs.nushell.enable = true;
+  programs.pandoc.enable = true;
+  programs.python.enable = true;
+  programs.rclone.enable = true;
+  programs.ripgrep.enable = true;
+  programs.skim.enable = true;
+  programs.sqlite.enable = true;
+  programs.ssh.enable = true;
+  programs.tealdeer.enable = true;
+  programs.tmux.enable = true;
+  programs.uv.enable = true;
+  programs.yazi.enable = true;
+  programs.yt-dlp.enable = true;
+  programs.zoxide.enable = true;
+  programs.zsh.enable = true;
+
+  services.pueue.enable = true;
+
+  gtk.enable = graphics;
+
+  programs.ahoviewer.enable = graphics;
+  programs.alacritty.enable = graphics;
+  programs.anki.enable = graphics;
+  programs.chromium.enable = graphics;
+  programs.element-desktop.enable = graphics;
+  programs.emacs.enable = graphics;
+  programs.feh.enable = graphics;
+  programs.firefox.enable = graphics;
+  programs.mpv.enable = graphics;
+  programs.ncmpcpp.enable = graphics;
+  programs.newsboat.enable = graphics;
+  programs.nyxt.enable = graphics;
+  programs.obs-studio.enable = graphics;
+  programs.obsidian.enable = false;
+  programs.prism-launcher.enable = graphics;
+  programs.qutebrowser.enable = graphics;
+  programs.rofi.enable = graphics;
+  programs.taskwarrior.enable = graphics;
+  programs.texlive.enable = graphics;
+  programs.thunderbird.enable = graphics;
+  programs.vscode.enable = graphics;
+  programs.zathura.enable = graphics;
+  programs.zed-editor.enable = graphics;
+
+  services.copyq.enable = graphics;
+  services.dunst.enable = graphics;
+  services.gnome-keyring.enable = graphics;
+  services.kbfs.enable = graphics;
+  services.keybase.enable = graphics;
+  services.mpd.enable = graphics;
+  services.mpris-proxy.enable = graphics;
+  services.network-manager-applet.enable = graphics;
+  services.psd.enable = graphics;
+  services.tumblerd.enable = graphics;
+
+  i18n.inputMethod = mkIf graphics {
+    enable = true;
+    type = "fcitx5";
+  };
+
+  programs.anyrun.enable = machineVars.wayland;
+  programs.waybar.enable = machineVars.wayland;
+  wayland.windowManager.hyprland.enable = machineVars.wayland;
+}

home/config/downloads-sorter.nix

@@ -0,0 +1,129 @@
+{ config, lib, ... }:
+let
+  cfg = config.services.downloads-sorter;
+in
+{
+  services.downloads-sorter = {
+    enable = true;
+    mappings = {
+      "archives" = [
+        "*.rar"
+        "*.zip"
+        "*.7z"
+        "*.tar"
+
+        "*.tar.bz2"
+        "*.tar.gz"
+        "*.tar.lz4"
+        "*.tar.lzma"
+        "*.tar.sz"
+        "*.tar.sz"
+        "*.tar.xz"
+        "*.tar.zst"
+
+        "*.tbz"
+        "*.tbz2"
+        "*.tgz"
+        "*.tlz4"
+        "*.tlzma"
+        "*.tsz"
+        "*.txz"
+        "*.tzst"
+
+        "*.bz2"
+        "*.gz"
+        "*.lz4"
+        "*.lzma"
+        "*.sz"
+        "*.sz"
+        "*.xz"
+        "*.zst"
+      ];
+
+      "pictures" = {
+        createDirIfNotExists = false;
+        globs = [
+          "*.gif"
+          "*.jpeg"
+          "*.jpg"
+          "*.png"
+          "*.svg"
+          "*.webp"
+        ];
+      };
+
+      "docs" = {
+        createDirIfNotExists = false;
+        globs = [
+          "*.md"
+
+          "*.pdf"
+          "*.PDF" # why do people do this
+
+          "*.docx"
+          "*.doc"
+
+          "*.xlsx"
+          "*.xls"
+
+          "*.ppt"
+          "*.pptx"
+
+          "*.odt"
+          "*.ods"
+          "*.odp"
+          "*.odg"
+          "*.odf"
+        ];
+      };
+
+      "books" = {
+        createDirIfNotExists = false;
+        globs = [ "*.epub" ];
+      };
+
+      "videos" = {
+        createDirIfNotExists = false;
+        globs = [
+          "*.mp4"
+          "*.webm"
+          "*.mov"
+        ];
+      };
+
+      "isos" = [
+        "*.iso"
+        "*.img"
+      ];
+      "jars" = [ "*.jar" ];
+      "txt" = [ "*.txt" ];
+      "patches" = [
+        "*.patch"
+        "*.diff"
+      ];
+    };
+  };
+
+  systemd.user.tmpfiles.settings."10-downloads-sorter-service" = let
+    inherit (cfg) downloadsDirectory;
+    inherit (config.xdg) userDirs;
+
+    symlink = link: target: {
+      "${link}".L = {
+        user = config.home.username;
+        mode = "0770";
+        argument = "${target}";
+      };
+
+      "${target}".d = {
+        user = config.home.username;
+        mode = "0770";
+      };
+    };
+  in lib.mkMerge [
+    (symlink "${downloadsDirectory}/books" "${userDirs.documents}/books/downloads")
+    (symlink "${downloadsDirectory}/docs" "${userDirs.documents}/downloads")
+    (symlink "${downloadsDirectory}/pictures" "${userDirs.pictures}/downloads")
+    (symlink "${downloadsDirectory}/videos" "${userDirs.videos}/downloads")
+  ];
+}

home/config/ensure-homedir-structure.nix

@@ -0,0 +1,46 @@
+{ config, ... }:
+{
+  systemd.user.tmpfiles.settings."05-homedir" = let
+    home = config.home.homeDirectory;
+    user = config.home.username;
+
+    defaultDirConf = {
+      d = {
+        inherit user;
+        mode = "0700";
+      };
+    };
+
+    symlink = target: {
+      L = {
+        inherit user;
+        argument = target;
+        mode = "0600";
+      };
+    };
+  in {
+    "${home}/SD" = defaultDirConf;
+    "${home}/ctf" = defaultDirConf;
+    "${home}/git" = defaultDirConf;
+    "${home}/pvv" = defaultDirConf;
+    "${home}/tmp" = defaultDirConf;
+    "${home}/work" = defaultDirConf;
+
+    "${home}/pictures/icons" = defaultDirConf;
+    "${home}/pictures/photos" = defaultDirConf;
+    "${home}/pictures/screenshots" = defaultDirConf;
+    "${home}/pictures/stickers" = defaultDirConf;
+    "${home}/pictures/wallpapers" = defaultDirConf;
+
+    "${home}/documents/books" = defaultDirConf;
+    "${home}/documents/manuals" = defaultDirConf;
+    "${home}/documents/music-sheets" = defaultDirConf;
+    "${home}/documents/scans" = defaultDirConf;
+    "${home}/documents/schematics" = defaultDirConf;
+
+    "${home}/Downloads" = symlink "${home}/downloads";
+
+    "${config.xdg.dataHome}/wallpapers" = symlink "${home}/pictures/wallpapers";
+    "${config.home.sessionVariables.TEXMFHOME}" = symlink "${home}/git/texmf";
+  };
+}

home/config/gtk.nix

@@ -1,18 +1,18 @@
-{ pkgs, config, machineVars, ... }:
+{ pkgs, config, ... }:
 {
-  gtk = pkgs.lib.mkIf (!machineVars.headless) {
-    enable = true;
-    font = {
-      name = "Droid Sans";
-    };
+  gtk = {
+    font.name = "Droid Sans";
+
     iconTheme = {
-      package = pkgs.papirus-icon-theme;
       name = "Papirus";
+      package = pkgs.papirus-icon-theme;
     };
+
     theme = {
-      package = pkgs.vimix-gtk-themes;
-      name = "VimixDark";
+      name = "Adwaita-dark";
+      package = pkgs.gnome-themes-extra;
     };
+
     gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
 
     gtk3.bookmarks = map (s: "file://${config.home.homeDirectory}/${s}") [
@@ -22,10 +22,12 @@
       "music"
       ".config"
       ".local/share"
-      # "Dropbox"
+      "SD"
       "git"
-      "git/pvv"
+      "pvv"
       "nix"
+      "work"
+      "ctf"
     ];
   };
 }

home/config/xdg/default.nix

@@ -1,21 +1,47 @@
-{ config, ... }:
+{ config, lib, ... }:
+let
+  cfg = config.xdg.userDirs;
+
+in
 {
   imports = [
     ./mimetypes.nix
     ./directory-spec-overrides.nix
   ];
+
   xdg = {
     enable = true;
     userDirs = {
       enable = true;
-      desktop = "${config.home.homeDirectory}/Desktop";
-      documents = "${config.home.homeDirectory}/documents";
-      download = "${config.home.homeDirectory}/Downloads";
-      music = "${config.home.homeDirectory}/music";
-      pictures = "${config.home.homeDirectory}/pictures";
-      publicShare = "${config.home.homeDirectory}/public";
-      templates = "${config.home.homeDirectory}/templates";
-      videos = "${config.home.homeDirectory}/videos";
+      desktop = lib.mkDefault "${config.home.homeDirectory}/Desktop";
+      documents = lib.mkDefault "${config.home.homeDirectory}/documents";
+      download = lib.mkDefault "${config.home.homeDirectory}/downloads";
+      music = lib.mkDefault "${config.home.homeDirectory}/music";
+      pictures = lib.mkDefault "${config.home.homeDirectory}/pictures";
+      publicShare = lib.mkDefault "${config.home.homeDirectory}/public";
+      templates = lib.mkDefault "${config.home.homeDirectory}/templates";
+      videos = lib.mkDefault "${config.home.homeDirectory}/videos";
     };
   };
+
+  home.sessionVariables.XDG_SCREENSHOTS_DIR = "${cfg.pictures}/screenshots";
+
+  systemd.user.tmpfiles.settings."05-xdg-userdirs" = let
+    dirCfg = {
+      d = {
+        user = config.home.username;
+        mode = "0700";
+      };
+    };
+  in {
+    "${cfg.desktop}" = dirCfg;
+    "${cfg.documents}" = dirCfg;
+    "${cfg.download}" = dirCfg;
+    "${cfg.music}" = dirCfg;
+    "${cfg.pictures}" = dirCfg;
+    "${cfg.publicShare}" = dirCfg;
+    "${cfg.templates}" = dirCfg;
+    "${cfg.videos}" = dirCfg;
+    "${config.home.sessionVariables.XDG_SCREENSHOTS_DIR}" = dirCfg;
+  };
 }

home/config/xdg/directory-spec-overrides.nix

@@ -2,50 +2,87 @@
 {
   nix.settings.use-xdg-base-directories = true;
 
+  home.preferXdgDirectories = true;
+
   home.sessionVariables = let
     inherit (config.xdg) dataHome cacheHome configHome userDirs;
+    runtimeDir = "/run/user/${toString config.home.uid}";
   in {
     TEXMFHOME = "${dataHome}/texmf";
     TEXMFVAR = "${cacheHome}/texlive";
     TEXMFCONFIG = "${configHome}/texlive";
 
+    EM_CONFIG = "${configHome}/emscripten/config";
+    EM_CACHE = "${cacheHome}/emscripten/cache";
+    EM_PORTS = "${dataHome}/emscripten/cache";
+
     PSQL_HISTORY = "${dataHome}/psql_history";
-    SQLITE_HISTORY= "${dataHome}/sqlite_history";
     MYSQL_HISTFILE = "${dataHome}/mysql_history";
     NODE_REPL_HISTORY = "${dataHome}/node_repl_history";
     GDB_HISTFILE = "${dataHome}/gdb_history";
-    PYTHON_HISTORY = "${dataHome}/python_history";
+    HISTFILE = "${dataHome}/bash_history";
+    CALCHISTFILE = "${dataHome}/calc_history";
 
     GHCUP_USE_XDG_DIRS = "true";
+    MIX_XDG = "true";
 
     __GL_SHADER_DISK_CACHE_PATH = "${cacheHome}/nv";
+    _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java";
     ANDROID_USER_HOME = "${dataHome}/android";
     AZURE_CONFIG_DIR = "${dataHome}/azure";
     BZRPATH = "${configHome}/bazaar";
     BZR_PLUGIN_PATH = "${dataHome}/bazaar";
     BZR_HOME = "${cacheHome}/bazaar";
-    CARGO_HOME = "${dataHome}/cargo";
     CUDA_CACHE_PATH = "${cacheHome}/nv";
+    DISCORD_USER_DATA_DIR = "${dataHome}/discord";
     DOCKER_CONFIG = "${configHome}/docker";
     DOTNET_CLI_HOME = "${dataHome}/dotnet";
     DOT_SAGE = "${configHome}/sagemath";
     ELM_HOME = "${configHome}/";
+    FFMPEG_DATADIR = "${configHome}/ffmpeg";
+    GOCACHE = "${cacheHome}/go/build";
+    GOMODCACHE = "${cacheHome}/go/mod";
     GOPATH = "${dataHome}/go";
-    GRIPHOME = "${configHome}/grip";
     GRADLE_USER_HOME = "${dataHome}/gradle";
+    GRIPHOME = "${configHome}/grip";
     ICEAUTHORITY = "${cacheHome}/ICEauthority";
     NIMBLE_DIR = "${dataHome}/nimble";
     NLTK_DATA = "${dataHome}/nltk_data";
+    NODE_COMPILE_CACHE = "${cacheHome}/node-compile-cache";
+    NPM_CONFIG_CACHE = "${cacheHome}/npm";
+    NPM_CONFIG_INIT_MODULE = "${configHome}/npm/config/npm-init.js";
+    NPM_CONFIG_TMP = "${runtimeDir}/npm";
     NRFUTIL_HOME = "${dataHome}/nrfutil";
     NUGET_PACKAGES = "${cacheHome}/nuget-packages";
+    OPAMROOT = "${dataHome}/opam";
     PARALLEL_HOME = "${configHome}/parallel";
+    PGPASSFILE = "${configHome}/pg/pgpass";
+    PSQLRC = "${configHome}/pg/psqlrc";
     PYENV_ROOT = "${dataHome}/pyenv";
+    RUFF_CACHE_DIR = "${cacheHome}/ruff";
     RUSTUP_HOME = "${dataHome}/rustup";
     RYE_HOME = "${dataHome}/rye";
     STACK_ROOT = "${dataHome}/stack";
     W3M_DIR = "${dataHome}/w3m";
     WINEPREFIX = "${dataHome}/wine";
 
+    SBT_OPTS = lib.concatStringsSep " " [
+      "-Dsbt.ivy.home=${cacheHome}/ivy"
+      "-Dsbt.boot.directory=${cacheHome}/sbt/boot"
+      "-Dsbt.preloaded=${cacheHome}/sbt/preloaded"
+      "-Dsbt.global.base=${cacheHome}/sbt"
+      "-Dsbt.global.staging=${cacheHome}/sbt/staging"
+      "-Dsbt.global.zinc=${cacheHome}/sbt/zinc"
+      "-Dsbt.dependency.base=${cacheHome}/sbt/dependency"
+      "-Dsbt.repository.config=${configHome}/sbt/repositories"
+      "-Dsbt.global.settings=${configHome}/sbt/global"
+      "-Dsbt.global.plugins=${configHome}/sbt/plugins"
+      "-Dmaven.repo.local=${cacheHome}/maven/repository"
+      "-Divy.settings.dir=${configHome}/ivy2"
+      "-Divy.home=${cacheHome}/ivy2"
+      "-Divy.cache.dir=${cacheHome}/ivy2/cache"
+    ];
+
     # TODO: these needs to be set before the user session has fully initialized
     # XINITRC = "$XDG_CONFIG_HOME/x11/initrc";
     # XAUTHORITY

home/config/xdg/mimetypes.nix

@@ -61,6 +61,26 @@ let
       woff2 = "font/woff2";
     };
 
+    archive = {
+      "7z" = "application/x-7z-compressed";
+      ar = "application/x-archive";
+      bz2 = "application/x-bzip2";
+      deb = "application/x-debian-package";
+      gzip = "application/gzip";
+      lz = "application/x-lzip";
+      lzma = "application/x-lzma";
+      lzo = "application/x-lzop";
+      rar = "application/vnd.rar";
+      rar-compressed = "application/x-rar-compressed";
+      tar = "application/x-tar";
+      tar-compressed = "application/x-gtar";
+      x-zip = "multipart/x-zip";
+      xz = "application/x-xz";
+      zip = "application/zip";
+      zip-compressed = "application/x-zip-compressed";
+      zst = "application/zstd";
+    };
+
     documents = {
       azv = "application/vnd.amazon.ebook";
       cbr = "application/vnd.comicbook+rar";
@@ -72,31 +92,98 @@ let
       pdf = "application/pdf";
     };
 
+    office = {
+      doc = "application/msword";
+      docm = "application/vnd.ms-word.document.macroEnabled.12";
+      docx = "application/vnd.openxmlformats-officedocument.wordprocessingml.document";
+      dot = "application/msword";
+      dotm = "application/vnd.ms-word.template.macroEnabled.12";
+      dotx = "application/vnd.openxmlformats-officedocument.wordprocessingml.template";
+      mdb = "application/vnd.ms-access";
+      pot = "application/vnd.ms-powerpoint";
+      potm = "application/vnd.ms-powerpoint.template.macroEnabled.12";
+      potx = "application/vnd.openxmlformats-officedocument.presentationml.template";
+      ppa = "application/vnd.ms-powerpoint";
+      ppam = "application/vnd.ms-powerpoint.addin.macroEnabled.12";
+      pps = "application/vnd.ms-powerpoint";
+      ppsm = "application/vnd.ms-powerpoint.slideshow.macroEnabled.12";
+      ppsx = "application/vnd.openxmlformats-officedocument.presentationml.slideshow";
+      ppt = "application/vnd.ms-powerpoint";
+      pptm = "application/vnd.ms-powerpoint.presentation.macroEnabled.12";
+      pptx = "application/vnd.openxmlformats-officedocument.presentationml.presentation";
+      xla = "application/vnd.ms-excel";
+      xlam = "application/vnd.ms-excel.addin.macroEnabled.12";
+      xls = "application/vnd.ms-excel";
+      xlsb = "application/vnd.ms-excel.sheet.binary.macroEnabled.12";
+      xlsm = "application/vnd.ms-excel.sheet.macroEnabled.12";
+      xlsx = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet";
+      xlt = "application/vnd.ms-excel";
+      xltm = "application/vnd.ms-excel.template.macroEnabled.12";
+      xltx = "application/vnd.openxmlformats-officedocument.spreadsheetml.template";
+
+      odc = "application/vnd.oasis.opendocument.chart";
+      odf = "application/vnd.oasis.opendocument.formula";
+      odg = "application/vnd.oasis.opendocument.graphics";
+      odi = "application/vnd.oasis.opendocument.image";
+      odm = "application/vnd.oasis.opendocument.text-master";
+      odp = "application/vnd.oasis.opendocument.presentation";
+      odt = "application/vnd.oasis.opendocument.text";
+      otg = "application/vnd.oasis.opendocument.graphics-template";
+      oth = "application/vnd.oasis.opendocument.text-web";
+      otm = "application/vnd.oasis.opendocument.text-master-template";
+      otp = "application/vnd.oasis.opendocument.presentation-template";
+      ots = "application/vnd.oasis.opendocument.spreadsheet-template";
+      ott = "application/vnd.oasis.opendocument.text-template";
+    };
+
     code = {
       css = "text/css";
       csv = "text/csv";
       html = "text/html";
+      js = "application/x-javascript";
+      latex = "application/x-latex";
+      php = "application/x-httpd-php";
+      pl = "application/x-perl";
+      rtf = "application/rtf";
+      sh = "application/x-sh";
+      tex = "application/x-tex";
       txt = "text/plain";
       xhtml = "application/xhtml+xml";
       xml = "text/xml";
     };
 
-    misc = {
+    web = {
+      about = "x-scheme-handler/about";
+      chrome = "x-scheme-handler/chrome";
+      html = "text/html";
       http = "x-scheme-handler/http";
       https = "x-scheme-handler/https";
-      wine-ini = "application/x-wine-extension-ini";
+      mxwinurl = "application/x-mswinurl";
+      unknown = "x-scheme-handler/unknown";
+      x-htm = "application/x-extension-htm";
+      x-html = "application/x-extension-html";
+      x-shtml = "application/x-extension-shtml";
+      x-xht = "application/x-extension-xht";
+      x-xhtml = "application/x-extension-xhtml";
+      xhtml-xml = "application/xhtml+xml";
+    };
+
+    misc = {
       ics = "text/calendar";
-      url = "application/x-mswinurl";
+      wine-ini = "application/x-wine-extension-ini";
+      wine-osz = "application/x-wine-extension-osz";
     };
   };
 
   # Applications
+  ark = "org.kde.ark.desktop";
   firefox = "firefox.desktop";
-  vscode = "code.desktop";
+  zed = "dev.zed.Zed.desktop";
   mpv = "mpv.desktop";
   zathura = "org.pwmt.zathura.desktop";
   nsxiv = "nsxiv.desktop";
   font-viewer = "org.gnome.font-viewer.desktop";
+  libreoffice = "startcenter.desktop";
 in {
   xdg.configFile."mimeapps.list".force = true;
   xdg.mimeApps = {
@@ -108,14 +195,14 @@ in {
     // (lib.mapAttrs' (_: v: lib.nameValuePair v mpv) mime.audio)
     // (lib.mapAttrs' (_: v: lib.nameValuePair v mpv) mime.video)
     // (lib.mapAttrs' (_: v: lib.nameValuePair v font-viewer) mime.font)
+    // (lib.mapAttrs' (_: v: lib.nameValuePair v libreoffice) mime.office)
     // (lib.mapAttrs' (_: v: lib.nameValuePair v zathura) mime.documents)
-    // (lib.mapAttrs' (_: v: lib.nameValuePair v vscode) mime.code)
+    // (lib.mapAttrs' (_: v: lib.nameValuePair v zed) mime.code)
+    // (lib.mapAttrs' (_: v: lib.nameValuePair v ark) mime.archive)
+    // (lib.mapAttrs' (_: v: lib.nameValuePair v firefox) mime.web)
     // {
-      ${mime.misc.http} = firefox;
-      ${mime.misc.https} = firefox;
-      ${mime.misc.wine-ini} = vscode;
-      ${mime.misc.ics} = vscode;
-      ${mime.misc.url} = firefox;
+      ${mime.misc.wine-ini} = zed;
+      ${mime.misc.ics} = zed;
     };
   };
 }

home/email.nix

@@ -0,0 +1,129 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.accounts.email;
+in
+{
+  sops.secrets = {
+    "email/naniwtf/password" = { };
+    "email/kyoto-u/password" = { };
+    "email/pvv/password" = { };
+  };
+
+  accounts.email = {
+    maildirBasePath = "mail";
+    accounts = {
+      "naniwtf" = let
+        userName = "h7x4";
+        domain = "nani.wtf";
+      in {
+        primary = true;
+
+        userName = "${userName}@${domain}";
+        realName = "h7x4";
+        address = "${userName}@${domain}";
+        passwordCommand = "${lib.getExe' pkgs.coreutils "cat"} ${config.sops.secrets."email/naniwtf/password".path}";
+
+        imap = {
+          host = "redbull.mxrouting.net";
+          port = 993;
+          authentication = "plain";
+          tls.enable = true;
+        };
+
+        smtp = {
+          host = "redbull.mxrouting.net";
+          port = 465;
+          authentication = "plain";
+          tls.enable = true;
+        };
+
+        gpg = {
+          key = "46B9228E814A2AAC";
+          signByDefault = true;
+        };
+
+        neomutt.enable = true;
+        thunderbird.enable = true;
+        meli.enable = true;
+      };
+
+      "pvv" = let
+        userName = "oysteikt";
+        domain = "pvv.ntnu.no";
+      in {
+        inherit userName;
+        realName = "Øystein K Tveit";
+        address = "${userName}@${domain}";
+        passwordCommand = "${lib.getExe' pkgs.coreutils "cat"} ${config.sops.secrets."email/pvv/password".path}";
+
+        imap = {
+          host = "imap.${domain}";
+          port = 993;
+          authentication = "plain";
+          tls.enable = true;
+        };
+
+        smtp = {
+          host = "redbull.mxrouting.net";
+          port = 587;
+          authentication = "plain";
+          tls = {
+            enable = true;
+            useStartTls = true;
+          };
+        };
+
+        gpg = {
+          key = "";
+          signByDefault = true;
+        };
+
+        neomutt.enable = true;
+        thunderbird.enable = true;
+        meli.enable = true;
+      };
+
+      "kyoto-u" = let
+        userName = "oysteikt";
+        domain = "fos.kuis.kyoto-u.ac.jp";
+      in {
+        inherit userName;
+        realName = "トバイト、オースティン";
+        address = "${userName}@${domain}";
+        passwordCommand = "${lib.getExe' pkgs.coreutils "cat"} ${config.sops.secrets."email/kyoto-u/password".path}";
+
+        imap = {
+          host = "io.kuis.kyoto-u.ac.jp";
+          port = 993;
+          authentication = "plain";
+          tls.enable = true;
+        };
+
+        smtp = {
+          host = "io.kuis.kyoto-u.ac.jp";
+          port = 587;
+          authentication = "plain";
+          tls = {
+            enable = true;
+            useStartTls = true;
+          };
+        };
+
+        # gpg = {
+
+        # };
+
+        neomutt.enable = true;
+        thunderbird.enable = true;
+        meli.enable = true;
+      };
+    };
+  };
+
+  systemd.user.tmpfiles.settings."10-maildir" = lib.mkIf (lib.any (acct: acct.enable) (lib.attrValues cfg.accounts)) {
+    "${config.home.homeDirectory}/${cfg.maildirBasePath}".d =  {
+      mode = "0700";
+      user = config.home.username;
+    };
+  };
+}

home/home.nix

@@ -3,79 +3,19 @@
   graphics = !machineVars.headless;
 in {
   imports = [
-    ./shell.nix
+    ./breakerbox.nix
+    ./email.nix
     ./packages.nix
+    ./shell.nix
 
     ./config/xdg
-
-    ./programs/aria2.nix
-    ./programs/atuin.nix
-    ./programs/beets.nix
-    ./programs/comma.nix
-    ./programs/direnv
-    ./programs/gdb.nix
-    ./programs/gh.nix
-    ./programs/gh-dash.nix
-    ./programs/git
-    ./programs/gpg
-    ./programs/jq.nix
-    ./programs/less.nix
-    ./programs/neovim
-    ./programs/nix-index
-    ./programs/ssh
-    ./programs/tealdeer
-    ./programs/thunderbird.nix
-    ./programs/tmux.nix
-    ./programs/zsh
-
-    ./services/nix-channel-update.nix
-    ./services/pueue.nix
-
-    ./modules/colors.nix
-    ./modules/shellAliases.nix
-  ] ++ optionals graphics [
-    ./config/gtk.nix
-
-    ./programs/alacritty.nix
-    ./programs/emacs
-    ./programs/firefox.nix
-    ./programs/ncmpcpp.nix
-    ./programs/newsboat
-    ./programs/qutebrowser.nix
-    ./programs/rofi.nix
-    ./programs/taskwarrior.nix
-    ./programs/vscode
-    # ./programs/xmobar
-    ./programs/xmonad
-    ./programs/zathura.nix
-    ./programs/zed
-
-    ./services/copyq.nix
-    ./services/dunst.nix
-    ./services/fcitx5.nix
-    ./services/mpd.nix
-    ./services/picom.nix
-    ./services/polybar.nix
-    ./services/screen-locker.nix
-    # ./services/stalonetray.nix
-    ./services/sxhkd.nix
-    ./services/tumblerd.nix
+    ./config/ensure-homedir-structure.nix
+    ./config/downloads-sorter.nix
   ];
 
   sops.defaultSopsFile = ../secrets/home.yaml;
   sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519_home_sops" ];
 
-  sops.secrets."nix/access-tokens" = {
-    sopsFile = ../secrets/common.yaml;
-  };
-
-  nix = {
-    settings.use-xdg-base-directories = true;
-    extraOptions = ''
-      !include ${config.sops.secrets."nix/access-tokens".path}
-    '';
-  };
-
   home = {
     username = "h7x4";
     homeDirectory = "/home/h7x4";
@@ -94,89 +34,34 @@ in {
       package = pkgs.capitaine-cursors;
       name = "capitaine-cursors";
       size = 16;
+      dotIcons.enable = false;
     };
 
     keyboard.options = [ "caps:escape" ];
 
     sessionVariables = {
-      CARGO_NET_GIT_FETCH_WITH_CLI = "true";
-      PYTHONSTARTUP = "${config.xdg.configHome}/python/pyrc";
+      DO_NOT_TRACK = "1";
       _JAVA_AWT_WM_NONREPARENTING = "1";
     };
   };
 
-  xsession = {
-    enable = true;
-    # TODO: declare using xdg config home
-    scriptPath = ".config/X11/xsession";
-    profilePath = ".config/X11/xprofile";
+  dconf.settings = mkIf graphics {
+    "org/gnome/desktop/interface" = {
+      color-scheme = "prefer-dark";
+    };
   };
 
-  xdg.configFile = {
-    "ghc/ghci.conf".text = ''
-      :set prompt "${extendedLib.termColors.front.magenta "[GHCi]λ"} "
-    '';
-
-    "python/pyrc".text = ''
-      #!/usr/bin/env python3
-      import sys
-
-      # You also need \x01 and \x02 to separate escape sequence, due to:
-      # https://stackoverflow.com/a/9468954/1147688
-      sys.ps1='\x01\x1b${extendedLib.termColors.front.blue "[Python]> "}\x02>>>\x01\x1b[0m\x02 '  # bright yellow
-      sys.ps2='\x01\x1b[1;49;31m\x02...\x01\x1b[0m\x02 '  # bright red
-    '';
+  xsession = {
+    enable = !machineVars.wayland;
+    # TODO: declare using xdg config home
+    scriptPath = "${config.xdg.configHome}/X11/xsession";
+    profilePath = "${config.xdg.configHome}/X11/xprofile";
   };
 
   news.display = "silent";
 
   fonts.fontconfig.enable = mkForce true;
 
-  programs = {
-    home-manager.enable = true;
-
-    bash = {
-      enable = true;
-      historyFile = "${config.xdg.dataHome}/bash_history";
-      historySize = 100000;
-      bashrcExtra = ''
-        source "${config.xdg.configHome}/mutable_env.sh"
-      '';
-    };
-
-    bat.enable = true;
-    bottom = {
-      enable = true;
-      settings.flags.enable_gpu = true;
-    };
-    eza.enable = true;
-    feh.enable = mkIf graphics true;
-    fzf = {
-      enable = true;
-      defaultCommand = "fd --type f";
-    };
-    man = {
-      enable = true;
-      generateCaches = true;
-    };
-    mpv.enable = mkIf graphics true;
-    obs-studio.enable = mkIf graphics true;
-    ssh = {
-      enable = true;
-      includes = [ "mutable_config" ];
-    };
-    texlive = {
-      enable = true;
-      # packageSet = pkgs.texlive.combined.scheme-medium;
-    };
-    zoxide.enable = true;
-  };
-
-  services = {
-    gnome-keyring.enable = mkIf graphics true;
-    network-manager-applet.enable = mkIf graphics true;
-  };
-
   manual = {
     html.enable = true;
     manpages.enable = true;

home/modules/programs/cargo/default.nix

@@ -0,0 +1,40 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.programs.cargo;
+  format = pkgs.formats.toml { };
+  cargoHome = config.home.sessionVariables.CARGO_HOME or "${config.home.homeDirectory}/.cargo";
+  relativeCargoHome = lib.strings.removePrefix config.home.homeDirectory cargoHome;
+in
+{
+  options.programs.cargo = {
+    enable = lib.mkEnableOption "cargo, the rust package manager and build tool";
+
+    package = lib.mkPackageOption pkgs "cargo" { };
+
+    addPackageToEnvironment = lib.mkOption {
+      description = "Whether to add cargo to the user's environment.";
+      type = lib.types.bool;
+      default = true;
+      example = false;
+    };
+
+    settings = lib.mkOption {
+      description = "cargo settings";
+      type = lib.types.submodule {
+        freeformType = format.type;
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    home = {
+      sessionVariables.CARGO_HOME = lib.mkIf config.home.preferXdgDirectories (lib.mkDefault "${config.xdg.dataHome}/cargo");
+
+      packages = lib.mkIf cfg.addPackageToEnvironment [ cfg.package ];
+
+      file."${relativeCargoHome}/config.toml" = lib.mkIf (cfg.settings != { }) {
+        source = format.generate "cargo-config.toml" cfg.settings;
+      };
+    };
+  };
+}

home/modules/programs/direnv/auto-prune.nix

@@ -0,0 +1,52 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.programs.direnv;
+in
+{
+  options.programs.direnv.auto-prune-allowed-dirs = {
+    enable = lib.mkEnableOption "automatic pruning of direnv dirs";
+
+    onCalendar = lib.mkOption {
+      type = lib.types.str;
+      default = "daily";
+      example = "weekly";
+      # TODO: link to systemd manpage for format.
+      description = "How often to prune dirs.";
+    };
+  };
+
+  config = lib.mkIf cfg.auto-prune-allowed-dirs.enable {
+    systemd.user.services.direnv-auto-prune-allowed-dirs = {
+      Unit = {
+        Description = "Prune unused allowed directories for direnv";
+        Documentation = [ "man:direnv(1)" ];
+        ConditionPathExists = "${config.xdg.dataHome}/direnv/allow";
+      };
+
+      Service = {
+        Type = "oneshot";
+        Slice = "background.slice";
+        CPUSchedulingPolicy = "idle";
+        IOSchedulingClass = "idle";
+        ExecStart = "${lib.getExe cfg.package} prune";
+      };
+    };
+
+    systemd.user.timers.direnv-auto-prune-allowed-dirs = {
+      Unit = {
+        Description = "Prune unused allowed directories for direnv";
+        Documentation = [ "man:direnv(1)" ];
+      };
+
+      Timer = {
+        Unit = "direnv-auto-prune-allowed-dirs.service";
+        OnCalendar = cfg.auto-prune-allowed-dirs.onCalendar;
+        Persistent = true;
+      };
+
+      Install = {
+        WantedBy = [ "timers.target" ];
+      };
+    };
+  };
+}

home/modules/programs/gpg/auto-refresh-keys.nix

@@ -32,6 +32,7 @@ in
 
       Service = {
         Type = "oneshot";
+        Slice = "background.slice";
         CPUSchedulingPolicy = "idle";
         IOSchedulingClass = "idle";
         ExecStart = "${lib.getExe cfg.package} --refresh-keys";

home/modules/programs/gpg/auto-update-trust-db.nix

@@ -32,6 +32,7 @@ in
 
       Service = {
         Type = "oneshot";
+        Slice = "background.slice";
         CPUSchedulingPolicy = "idle";
         IOSchedulingClass = "idle";
         ExecStart = "${lib.getExe cfg.package} --update-trustdb";

home/modules/programs/gpg/default.nix

@@ -0,0 +1,10 @@
+{ ... }:
+{
+  imports = [
+    ./auto-refresh-keys.nix
+    ./auto-update-trust-db.nix
+
+    # ./key-fetchers/declarative-github-key-fetcher.nix # WIP
+    ./key-fetchers/declarative-keyserver-key-fetcher.nix
+  ];
+}

home/modules/programs/gpg/key-fetchers/declarative-github-key-fetcher.nix

@@ -0,0 +1,93 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.programs.gpg;
+in
+{
+  # TODO: Create proper descriptions
+  options = {
+    programs.gpg.key-fetchers.github = {
+      enable = lib.mkEnableOption "auto fetching of gpg keys by github username";
+
+      useGh = lib.mkEnableOption "" // {
+        description = "Whether to use the GitHub API through the gh tools to fetch GPG keys";
+        default = config.programs.gh.enable;
+        defaultText = lib.literalExpression "config.programs.gh.enable";
+      };
+
+      keys = lib.mkOption {
+        description = "";
+        default = { };
+        type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
+          options = {
+            # id = lib.mkOption {
+            #   description = "";
+            #   default = name;
+            #   example = "";
+            #   type = lib.types.str;
+            # };
+
+            username = lib.mkOption {
+              description = "";
+              default = name;
+              type = lib.types.nonEmptyStr;
+            };
+
+            trust = lib.mkOption {
+              description = "If marked as null, it's mutable";
+              default = null;
+              example = 4;
+              type = with lib.types; nullOr (ints.between 1 5);
+            };
+          };
+        }));
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.key-fetchers.github.enable {
+    systemd.user.services."gpg-fetch-github-key@" = {
+      description = "Fetch GPG keys for GitHub user %i";
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        Type = "oneshot";
+        CPUSchedulingPolicy = "idle";
+        IOSchedulingClass = "idle";
+
+        # TODO: warn if user or key does not exist
+        ExecStart = let
+          ghScript = pkgs.writeShellApplication {
+            name = "fetch-github-gpg-keys";
+            runtimeInputs = [
+              config.programs.gh.package
+              pkgs.jq
+              cfg.package
+            ];
+            text = ''
+              gh api users/''${1}/gpg_keys | jq -r '.[].raw_key' | gpg --import
+            '';
+          };
+
+          curlScript = pkgs.writeShellApplication {
+            name = "fetch-github-gpg-keys";
+            runtimeInputs = [
+              pkgs.curl
+              pkgs.jq
+              cfg.package
+            ];
+            text = ''
+              curl -s https://api.github.com/users/''${1}/gpg_keys | jq -r '.[].raw_key' | gpg --import
+            '';
+          };
+        in if cfg.key-fetchers.github.useGh then ghScript else curlScript;
+
+        Restart = "on-failure";
+        RestartSec = "10s";
+        Environment = [
+          "GNUPGHOME=${cfg.homedir}"
+        ];
+      };
+    };
+
+    # systemd.user.timers =
+  };
+}

home/modules/programs/gpg/key-fetchers/declarative-keyserver-key-fetcher.nix

@@ -3,9 +3,10 @@ let
   cfg = config.programs.gpg;
 in
 {
+  # TODO: per-key timers
   # TODO: Create proper descriptions
   options = {
-    programs.gpg.fetch-keys = {
+    programs.gpg.key-fetchers.keyserver = {
       enable = lib.mkEnableOption "auto fetching of gpg keys by fingerprint";
       keys = lib.mkOption {
         description = "";
@@ -23,8 +24,7 @@ in
               description = "If marked as null, use config";
               default = null;
               example = "hkps://keys.openpgp.org";
-              type = with lib.types; nullOr str;
-              apply = v: if v == null then "@NULL@" else v;
+              type = with lib.types; coercedTo (nullOr str) (v: if v == null then "@NULL@" else v) str;
             };
 
             trust = lib.mkOption {
@@ -43,7 +43,7 @@ in
     # TODO: Fix the module so that this unit runs whenever something changes
     systemd.user.services.gpg-fetch-keys = let
       fetchKeysApplication = let
-        recvKeysByKeyserver = lib.pipe cfg.fetch-keys.keys [
+        recvKeysByKeyserver = lib.pipe cfg.key-fetchers.keyserver.keys [
           lib.attrValues
           (lib.foldl (acc: key: acc // {
             ${key.keyserver} = (acc.${key.keyserver} or []) ++ [ key.id ];
@@ -69,7 +69,7 @@ in
           }
         '';
 
-        trustKeys = lib.pipe cfg.fetch-keys.keys [
+        trustKeys = lib.pipe cfg.key-fetchers.keyserver.keys [
           lib.attrValues
           (lib.filter (key: key.trust != null))
           (map ({ id, trust, ... }: "importTrust '${id}' '${toString trust}'"))
@@ -84,7 +84,7 @@ in
           trustKeys
         ];
       };
-    in lib.mkIf cfg.fetch-keys.enable {
+    in lib.mkIf cfg.key-fetchers.keyserver.enable {
       Unit = {
         Description = "Fetch declaratively listed gpg keys";
         Documentation = [ "man:gpg(1)" ];

home/modules/programs/neovim/auto-clean-swapfiles.nix

@@ -1,9 +1,29 @@
 { config, pkgs, lib, ... }:
 let
   daysBeforeDeletion = 2;
+  cfg = config.programs.neovim.auto-clean-swapfiles;
 in
 {
-  config = {
+  options.programs.neovim.auto-clean-swapfiles = {
+    enable = lib.mkEnableOption "automatic cleanup of neovim swapfiles";
+
+    daysBeforeDeletion = lib.mkOption {
+      type = lib.types.ints.positive;
+      default = 2;
+      example = 7;
+      description = "How long many days old the swapfile should be before it gets cleaned up";
+    };
+
+    onCalendar = lib.mkOption {
+      type = lib.types.str;
+      default = "daily";
+      example = "weekly";
+      # TODO: link to systemd manpage for format.
+      description = "How often to run the cleanup.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
     systemd.user.services.clean-neovim-swap-files = {
       Unit = {
         Description = "Clean old swap files for neovim";
@@ -11,6 +31,7 @@ in
 
       Service = {
         Type = "oneshot";
+        Slice = "background.slice";
         CPUSchedulingPolicy = "idle";
         IOSchedulingClass = "idle";
         ExecStart = lib.getExe (pkgs.writeShellApplication {
@@ -19,7 +40,7 @@ in
           text = ''
             echo "Cleaning old swap files for neovim"
 
-            OLD_SWAPFILES=$(find "${config.xdg.stateHome}/nvim/swap" -type f -name '*.swp' -mtime +${toString daysBeforeDeletion})
+            OLD_SWAPFILES=$(find "${config.xdg.stateHome}/nvim/swap" -type f -name '*.swp' -mtime +${toString cfg.daysBeforeDeletion})
 
             if [ -z "$OLD_SWAPFILES" ]; then
               echo "No old swap files found"
@@ -44,7 +65,7 @@ in
 
       Timer = {
         Unit = "clean-neovim-swap-files.service";
-        OnCalendar = "daily";
+        OnCalendar = cfg.onCalendar;
         Persistent = true;
       };
 

home/modules/programs/nix-index/auto-update-database.nix

@@ -1,12 +1,25 @@
 { config, pkgs, lib, ... }:
 let
-  cfg = config.programs.nix-index;
+  cfg = config.programs.nix-index.autoUpdateDatabase;
 in
 {
-  options.programs.nix-index.enableDatabaseFetcher = lib.mkEnableOption "timed unit that fetches an updated database of nixpkgs outputs";
+  options.programs.nix-index.autoUpdateDatabase = {
+    enable = lib.mkEnableOption "timed unit that fetches an updated database of nixpkgs outputs";
+
+    # TODO: let users specify forks and other sources
+    # url = "";
+
+    onCalendar = lib.mkOption {
+      type = lib.types.str;
+      default = "weekly";
+      example = "montly";
+      # TODO: link to systemd manpage for format.
+      description = "How often to update the database.";
+    };
+  };
 
   config = {
-    systemd.user.timers.fetch-nix-index-database = lib.mkIf cfg.enableDatabaseFetcher {
+    systemd.user.timers.fetch-nix-index-database = lib.mkIf cfg.enable {
       Unit = {
         Description = "Fetch nix-index database";
         Documentation = [ "https://github.com/nix-community/nix-index-database" ];
@@ -14,7 +27,7 @@ in
 
       Timer = {
         Unit = "fetch-nix-index-database.service";
-        OnCalendar = "weekly";
+        OnCalendar = cfg.onCalendar;
         Persistent = true;
       };
 
@@ -23,7 +36,7 @@ in
       };
     };
 
-    systemd.user.services.fetch-nix-index-database = lib.mkIf cfg.enableDatabaseFetcher {
+    systemd.user.services.fetch-nix-index-database = lib.mkIf cfg.enable {
       Unit = {
         Description = "Fetch nix-index database";
         Documentation = [ "https://github.com/nix-community/nix-index-database" ];
@@ -31,6 +44,7 @@ in
 
       Service = {
         Type = "oneshot";
+        Slice = "background.slice";
         ExecStart = lib.getExe (pkgs.writeShellApplication {
           name = "fetch-nix-index-database";
           runtimeInputs = with pkgs; [
@@ -39,6 +53,8 @@ in
             wget
           ];
 
+          # TODO: allow fetching with gh + github token
+
           # Source: https://github.com/nix-community/nix-index-database?tab=readme-ov-file#ad-hoc-download
           # Slightly modified to satisfy shellcheck
           text = ''

home/modules/programs/prism-launcher/default.nix

@@ -0,0 +1,110 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.programs.prism-launcher;
+in
+{
+  imports = [
+    ../../systemd-tmpfiles.nix
+  ];
+
+  options.programs.prism-launcher = {
+    enable = lib.mkEnableOption "PrismLauncher, an open source minecraft launcher";
+
+    package = lib.mkPackageOption pkgs "prismlauncher" { };
+
+    stateDir = lib.mkOption {
+      description = "The directory where PrismLauncher stores it's state";
+      type = lib.types.path;
+      default = "${config.xdg.dataHome}/PrismLauncher";
+      defaultText = lib.literalExpression ''"''${config.xdg.dataHome}/PrismLauncher"'';
+    };
+
+    screenshotMover = {
+      enable = lib.mkEnableOption "a systemd unit that automatically moves screenshots from all minecraft instances into a common dir";
+
+      screenshotDir = lib.mkOption {
+        description = "Where to move the minecraft screenshots.";
+        type = lib.types.path;
+        default = if config.xdg.userDirs.pictures != null
+          then "${config.xdg.userDirs.pictures}/prismlauncher-screenshots"
+          else "${config.home.homeDirectory}/Pictures";
+        defaultText = lib.literalExpression ''
+          if config.xdg.userDirs.pictures != null
+            then "''${config.xdg.userDirs.pictures}/prismlauncher-screenshots"
+            else "''${config.home.homeDirectory}/Pictures"
+        '';
+        example = lib.literalExpression ''
+          "''${config.home.homeDirectory}/minecraft-screenshots"
+        '';
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    home.packages = [ cfg.package ];
+
+    systemd.user.paths.prismlauncher-move-minecraft-screenshots = lib.mkIf cfg.screenshotMover.enable {
+      Install.WantedBy = [ "paths.target" ];
+      Unit.Description = "Watchdog that moves screenshots from all prismlauncher minecraft instances into a common dir";
+      Path = {
+        PathExistsGlob = [
+          "${cfg.stateDir}/instances/*/.minecraft/screenshots/*.png"
+          "${cfg.stateDir}/instances/*/minecraft/screenshots/*.png"
+        ];
+        Unit = "prismlauncher-move-minecraft-screenshots.service";
+        TriggerLimitIntervalSec = "1s";
+        TriggerLimitBurst = "1";
+      };
+    };
+
+    systemd.user.services.prismlauncher-move-minecraft-screenshots = lib.mkIf cfg.screenshotMover.enable {
+      Unit.Description = "Watchdog that moves screenshots from all prismlauncher minecraft instances into a common dir";
+      Service = {
+        Type = "oneshot";
+        Slice = "background.slice";
+        ExecStart = lib.getExe (pkgs.writeShellApplication {
+          name = "prismlauncher-move-minecraft-screenshots.sh";
+          runtimeInputs = with pkgs; [ coreutils findutils ];
+          text = let
+            instancesDir = "${cfg.stateDir}/instances";
+          in ''
+            shopt -s nullglob
+
+            for idir in "${instancesDir}"/*/; do
+              INSTANCE_NAME="''${idir#${instancesDir}/}"
+              INSTANCE_NAME="''${INSTANCE_NAME%'/'}"
+              SCREENSHOT_TARGET_DIR="${cfg.screenshotMover.screenshotDir}/$INSTANCE_NAME"
+              mkdir -p "''${SCREENSHOT_TARGET_DIR}"
+              for variant in minecraft .minecraft; do
+                SCREENSHOT_SOURCE_DIR="${instancesDir}/$INSTANCE_NAME/$variant"/screenshots
+                if [ -d "$SCREENSHOT_SOURCE_DIR" ]; then
+                  echo "Scanning for screenshots in $SCREENSHOT_SOURCE_DIR"
+                  for screenshot in "$SCREENSHOT_SOURCE_DIR"/*.png; do
+                    echo "Moving '$screenshot' -> '$SCREENSHOT_TARGET_DIR'"
+                    cp --preserve=all "$screenshot" "$SCREENSHOT_TARGET_DIR"
+                    rm "$screenshot"
+                  done
+                fi
+              done
+            done
+          '';
+        });
+
+        PrivateUsers = true;
+        PrivateNetwork = true;
+        ProtectSystem = true;
+        NoNewPrivileges = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        RestrictAddressFamilies = [ ];
+        RestrictNamespaces = true;
+      };
+    };
+
+    systemd.user.tmpfiles.settings."10-prismlauncher" = lib.mkIf cfg.screenshotMover.enable {
+      ${cfg.screenshotMover.screenshotDir}.d = {
+        user = config.home.username;
+      };
+    };
+  };
+}

home/modules/services/downloads-siphon.nix

@@ -0,0 +1,9 @@
+{ ... }:
+{
+  # TODO: create thingamajig that watches ~/Downloads and pulls all new files to
+  #       directory specified by systemd %i
+
+  # systemd.services.
+
+  # systemd.paths
+}

home/modules/services/downloads-sorter.nix

@@ -0,0 +1,160 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.services.downloads-sorter;
+in
+{
+  imports = [
+    ../systemd-tmpfiles.nix
+  ];
+
+  options.services.downloads-sorter = {
+    enable = lib.mkEnableOption "downloads sorter units, path activated units to keep the download dir clean";
+
+    downloadsDirectory = lib.mkOption {
+      type = lib.types.path;
+      description = "Which directory to keep clean";
+      default = if config.xdg.userDirs.enable then config.xdg.userDirs.download else "${config.home.homeDirectory}/Downloads";
+      defaultText = ''
+        if config.xdg.userDirs.enable then config.xdg.userDirs.download else "''${config.home.homeDirectory}/Downloads"
+      '';
+      example = ''
+        "''${config.home.homeDirectory}/downloads"
+      '';
+    };
+
+    mappings = lib.mkOption {
+      type = let
+        mappingType = lib.types.submodule ({ name, ... }: {
+          options = {
+            unitName = lib.mkOption {
+              type = lib.types.str;
+              description = ''
+                The basename of the path/service unit responsible for this mapping
+              '';
+              default = "downloads-sorter@${name}";
+              example = "downloads-sorter@asdf";
+            };
+
+            dir = lib.mkOption {
+              type = lib.types.path;
+              description = ''
+                Absolute path to the directory where matching files should be moved.
+              '';
+              default = if builtins.substring 0 1 name == "/" then name else "${cfg.downloadsDirectory}/${name}";
+              defaultText = ''
+                if builtins.substring 0 1 name == "/" then name else "''${config.services.downloads-sorter.downloadsDirectory}/''${name}"
+              '';
+            };
+
+            globs = lib.mkOption {
+              type = with lib.types; listOf str;
+              description = ''
+                A list of globs that match the files that should be moved.
+              '';
+              example = [
+                "*.jpg"
+                "IMG_*_2020_*.png"
+              ];
+              apply = map (g: "${cfg.downloadsDirectory}/${g}");
+            };
+
+            createDirIfNotExists = lib.mkOption {
+              type = lib.types.bool;
+              description = ''
+                Whether to create the target directory if it does not exist yet.
+
+                Turn this off if you'd like the target directory to be a symlink or similar.
+              '';
+              default = true;
+              example = false;
+            };
+
+            # TODO: allow specifying a dynamic filter together with a system path trigger in an attrset.
+          };
+        });
+      in with lib.types; attrsOf (coercedTo (listOf str) (globs: { inherit globs; }) mappingType);
+      description = ''
+        A mapping from a file pattern to the location where it should be moved.
+
+        By default, the output mapping is relative to the download dir.
+        If an absolute path is given, the sorter will move the files out of the downloads dir.
+      '';
+      default = { };
+      example = {
+        "pictures" = [
+          "*.png"
+          "*.jpg"
+        ];
+        "documents" = {
+          createDirIfNotExists = false;
+          globs = [ "*.pdf" ];
+        };
+        "/home/<user>/archives" = [ "*.rar" ];
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.user.paths = lib.mapAttrs' (dir: mapping: {
+      name = mapping.unitName;
+      value = {
+        Install.WantedBy = [ "paths.target" ];
+        Path = {
+          PathExistsGlob = mapping.globs;
+          Unit = "${mapping.unitName}.service";
+          TriggerLimitIntervalSec = "1s";
+          TriggerLimitBurst = "1";
+        };
+      };
+    }) cfg.mappings;
+
+    # TODO: deduplicate
+    systemd.user.services = lib.mapAttrs' (dir: mapping: {
+      name = mapping.unitName;
+      value = {
+        Unit.Description = "Downloads directory watchdog, sorts the downloads directory";
+        Service = {
+          Type = "oneshot";
+          Slice = "background.slice";
+          SyslogIdentifier = mapping.unitName;
+          ExecStart = let
+            script = pkgs.writeShellApplication {
+              name = "downloads-sorter-${dir}.sh";
+              runtimeInputs = [ pkgs.coreutils ];
+              text = ''
+                shopt -s nullglob
+
+                FILES=(${builtins.concatStringsSep " " mapping.globs})
+
+                for file in "''${FILES[@]}"; do
+                  echo "$file -> ${mapping.dir}"
+                  mv "$file" '${mapping.dir}'
+                done
+              '';
+            };
+          in lib.getExe script;
+
+          PrivateUsers = true;
+          ProtectSystem = true;
+          NoNewPrivileges = true;
+          ProtectKernelTunables = true;
+          ProtectControlGroups = true;
+          PrivateNetwork = true;
+          RestrictNamespaces = true;
+        };
+      };
+    })  cfg.mappings;
+
+    systemd.user.tmpfiles.settings."10-downloads-sorter-service" = let
+      absolutePaths = lib.pipe cfg.mappings [
+        builtins.attrValues
+        (builtins.filter (m: m.createDirIfNotExists))
+        (map (m: m.dir))
+      ];
+    in lib.genAttrs absolutePaths (_: {
+      d = {
+        user = config.home.username;
+      };
+    });
+  };
+}

home/modules/services/mpd.nix

@@ -0,0 +1,55 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.mpd;
+in
+{
+  options.services.mpd.autoUpdateDatabase = lib.mkEnableOption "watchdog that updates the mpd database upon file changes";
+
+  config = lib.mkIf cfg.autoUpdateDatabase {
+    systemd.user.paths.mpd-update-database = {
+      Install.WantedBy = [ "paths.target" ];
+      Unit = {
+        Description = "Watchdog that updates the mpd database upon file changes";
+        Documentation = [
+          "man:mpd(1)"
+          "man:mpd.conf(5)"
+        ];
+      };
+      Path = {
+        PathChanged = [
+          cfg.musicDirectory
+          cfg.playlistDirectory
+        ];
+        Unit = "mpd-update-database.service";
+        TriggerLimitIntervalSec = "1s";
+        TriggerLimitBurst = "1";
+      };
+    };
+
+    systemd.user.services.mpd-update-database = {
+      Unit = {
+        Description = "Watchdog that updates the mpd library whenever the files are modified";
+        Documentation = [
+          "man:mpd(1)"
+          "man:mpd.conf(5)"
+        ];
+      };
+      Service = {
+        Type = "oneshot";
+        Slice = "background.slice";
+        ExecStart = "${lib.getExe pkgs.mpc} update --wait";
+
+        PrivateUsers = true;
+        ProtectSystem = true;
+        NoNewPrivileges = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        RestrictAddressFamilies = [
+          "AF_INET"
+          "AF_UNIX"
+        ];
+        RestrictNamespaces = true;
+      };
+    };
+  };
+}

home/modules/shellAliases.nix

@@ -1,50 +1,171 @@
-{ pkgs, lib, extendedLib, inputs, config, ... }: let
-  inherit (lib) types mkEnableOption mkOption mdDoc;
+{ config, pkgs, lib, extendedLib, ... }: let
   cfg = config.local.shell;
 
-# NOTE:
-#       This module is an over-engineered solution to a non-problem.
-#       It is a fun experiment in using the Nix language to create a
-#       shell alias system that organizes aliases into a tree structure,
-#       with categories and subcategories and subsubcategories and so on.
-#
-#       It also has a lazy join function that will join a list of commands
-#       with a separator, but render it in a prettier way in a documentation
-#       file that you can print out and read.
-
-  isAlias = v: builtins.isAttrs v && v ? "alias" && v ? "type";
-in {
-  options.local.shell = {
-    aliases = let
-
-      coerceStrToAlias = str: {
-        type = " ";
-        alias = [ str ];
-      };
-
-      aliasType = (types.coercedTo types.str coerceStrToAlias (types.submodule {
-        options = {
-          type = mkOption {
-            type = types.enum [ "|" "&&" ";" " " ];
-            default = ";";
-            description = ''
-              If the alias is a list of commands, this is the kind of separator that will be used.
-            '';
+  shellAliasesFormat = let
+    formatLib = {
+      functors = let
+        inherit (extendedLib.termColors.front) blue;
+      in
+        {
+          "|" = {
+            apply = f: lib.concatStringsSep " | " f.alias;
+            stringify = f: lib.concatStringsSep (blue "\n| ") f.alias;
           };
-          alias = mkOption {
-            type = types.listOf types.str;
+          "&&" = {
+            apply = f: lib.concatStringsSep " && " f.alias;
+            stringify = f: lib.concatStringsSep (blue "\n&& ") f.alias;
+          };
+          ";" = {
+            apply = f: lib.concatStringsSep "; " f.alias;
+            stringify = f: lib.concatStringsSep (blue ";\n  ") f.alias;
+          };
+          " " = {
+            apply = f: lib.concatStringsSep " " f.alias;
+            stringify = f: lib.concatStringsSep " \\\n   " f.alias;
           };
         };
-      })) // {
-        # NOTE: this check is necessary, because nix will recurse on types.either,
-        #       and report that the option does not exist.
-        #       See https://discourse.nixos.org/t/problems-with-types-oneof-and-submodules/15197
-        check = v: builtins.isString v || isAlias v;
+
+      isAlias = v: builtins.isAttrs v && v ? alias;
+    };
+  in {
+    lib = formatLib;
+
+    type = let
+      rawAliasType = lib.types.submodule {
+        options = {
+          type = lib.mkOption {
+            description = "If the alias is a list of commands, this is the kind of separator that will be used.";
+            type = lib.types.enum (lib.attrNames formatLib.functors);
+            default = ";";
+            example = "&&";
+          };
+          alias = lib.mkOption {
+            description = "List of commands that will be concatenated together.";
+            type = with lib.types; listOf str;
+            example = [
+              "ls"
+              "grep nix"
+            ];
+          };
+          shells = lib.mkOption {
+            description = "List of shells for which the alias is valid.";
+            type = with lib.types; listOf (enum [
+              "bash"
+              "zsh"
+              "fish"
+              "nushell"
+            ]);
+            default = [
+              "bash"
+              "zsh"
+              "fish"
+              "nushell"
+            ];
+            example = [
+              "bash"
+              "zsh"
+            ];
+          };
+          # TODO:
+          # subshell = lib.mkEnableOption "" // {
+          #   description = "Whether to run the aliased command in a subshell";
+          # };
+        };
       };
 
-      recursingAliasTreeType = types.attrsOf (types.either aliasType recursingAliasTreeType);
-    in mkOption {
-      type = recursingAliasTreeType;
+      coercedAliasType = with lib.types; let
+        coerce = str: {
+          type = " ";
+          alias = [ str ];
+        };
+      in addCheck (coercedTo str coerce rawAliasType) (v: builtins.isString v || formatLib.isAlias v);
+
+      aliasTreeType = with lib.types; attrsOf (either coercedAliasType aliasTreeType) // {
+        description = "Alias tree";
+      };
+    in aliasTreeType;
+
+    # Alias Tree -> String -> { :: Alias }
+    generateAttrs = shell: let
+      generateAttrs' = attrset: lib.pipe attrset [
+        (attrset: {
+          right = lib.filterAttrs (_: v: formatLib.isAlias v) attrset;
+          wrong = lib.filterAttrs (_: v: !(formatLib.isAlias v)) attrset;
+        })
+        ({ right, wrong }:
+          # Leaf nodes
+          (lib.pipe right [
+            (lib.filterAttrs (_: v: lib.elem shell v.shells))
+            (builtins.mapAttrs (_: v: formatLib.functors.${v.type}.apply v))
+          ])
+          //
+          # Subsets
+          (lib.pipe wrong [
+            builtins.attrValues
+            (map generateAttrs')
+            (lib.foldr (a: b: a // b) { })
+          ])
+        )
+      ];
+    in generateAttrs';
+
+    # Alias Tree -> String
+    generateText = aliases: let
+      inherit (extendedLib.termColors.front) red green blue;
+
+      # String -> Alias -> String
+      stringifyAlias = aliasName: alias: let
+        # String -> String
+        removeNixLinks = text: let
+          maybeMatches = lib.match "(|.*[^)])(/nix/store/.*/bin/).*" text;
+          matches = lib.mapNullable (lib.remove "") maybeMatches;
+        in
+          if (maybeMatches == null)
+          then text
+          else lib.replaceStrings matches (lib.replicate (lib.length matches) "") text;
+
+        # Alias -> String
+        applyFunctor = attrset: let
+          applied = formatLib.functors.${attrset.type}.stringify attrset;
+          indent' = lib.strings.replicate (lib.stringLength "${aliasName} -> ") " ";
+        in
+          lib.replaceStrings ["\n"] [("\n" + indent')] applied;
+      in "${red aliasName} -> ${blue "\""}${removeNixLinks (applyFunctor alias)}${blue "\""}";
+
+      # String -> String
+      indent = x: lib.pipe x [
+        (x: "\n" + x)
+        (lib.replaceStrings ["\n"] [("\n" + (lib.strings.replicate 2 " "))])
+        (lib.removePrefix "\n")
+      ];
+
+      # String -> { :: Alias | Category } -> String
+      stringifyCategory = categoryName: category: lib.pipe category [
+        (category: let
+          aliases = lib.filterAttrs (_: formatLib.isAlias) category;
+        in {
+          inherit aliases;
+          subcategories = lib.removeAttrs category (lib.attrNames aliases);
+        })
+        ({ aliases, subcategories }: {
+          aliases = lib.mapAttrsToList stringifyAlias aliases;
+          subcategories = lib.mapAttrsToList stringifyCategory subcategories;
+        })
+        ({ aliases, subcategories }:
+          lib.concatStringsSep "\n" (lib.filter (x: lib.trim x != "") [
+            "[${green categoryName}]"
+            (indent (lib.concatStringsSep "\n" aliases) + "\n")
+            (indent (lib.concatStringsSep "\n" subcategories) + "\n")
+          ])
+        )
+      ];
+    in (stringifyCategory "Aliases" aliases);
+  };
+in {
+  options.local.shell = {
+    aliases = lib.mkOption {
+      # TODO: freeformType
+      type = shellAliasesFormat.type;
       description = "A tree of aliases";
       default = { };
       example = {
@@ -71,8 +192,8 @@ in {
       };
     };
 
-    variables = mkOption {
-      type = types.attrsOf types.str;
+    variables = lib.mkOption {
+      type = with lib.types; attrsOf str;
       description = "Environment variables";
       default = { };
     };
@@ -82,129 +203,19 @@ in {
 
     # };
 
-    enablePackageManagerLecture = mkEnableOption "distro reminder messages, aliased to common package manager commands";
-    enableAliasOverview = mkEnableOption "`aliases` command that prints out a list of all aliases" // {
+    enablePackageManagerLecture = lib.mkEnableOption "distro reminder messages, aliased to common package manager commands";
+
+    enableAliasOverview = lib.mkEnableOption "`aliases` command that prints out a list of all aliases" // {
       default = true;
       example = false;
     };
   };
 
-  config = let
-    sedColor =
-      color:
-      inputPattern:
-      outputPattern:
-      "-e \"s|${inputPattern}|${outputPattern.before or ""}$(tput setaf ${toString color})${outputPattern.middle}$(tput op)${outputPattern.after or ""}|g\"";
-
-    colorRed = sedColor 1;
-
-    colorSlashes = colorRed "/" {middle = "/";};
-
-    # Alias type functors
-    # These will help pretty print the commands
-    functors = let
-      inherit (lib.strings) concatStringsSep;
-      inherit (extendedLib.termColors.front) blue;
-    in
-      {
-        "|" = {
-          apply = f: concatStringsSep " | " f.alias;
-          stringify = f: concatStringsSep (blue "\n| ") f.alias;
-        };
-        "&&" = {
-          apply = f: concatStringsSep " && " f.alias;
-          stringify = f: concatStringsSep (blue "\n&& ") f.alias;
-        };
-        ";" = {
-          apply = f: concatStringsSep "; " f.alias;
-          stringify = f: concatStringsSep (blue ";\n  ") f.alias;
-        };
-        " " = {
-          apply = f: concatStringsSep " " f.alias;
-          stringify = f: concatStringsSep " \\\n   " f.alias;
-        };
-      };
-
-    aliasTextOverview = let
-      inherit (lib) stringLength length concatStringsSep replaceStrings
-                    attrValues mapAttrs isAttrs remove replicate mapNullable;
-
-      inherit (extendedLib.termColors.front) red green blue;
-
-      # String -> String -> String
-      wrap' = wrapper: str: wrapper + str + wrapper;
-
-      # [String] -> String -> String -> String
-      replaceStrings' = from: to: replaceStrings from (replicate (length from) to);
-
-      # String -> Int -> String
-      repeatString = string: times: concatStringsSep "" (replicate times string);
-
-      # int -> String -> AttrSet -> String
-      stringifyCategory = level: name: category: let
-        title = "${repeatString "  " level}[${green name}]";
-
-        commands = attrValues ((lib.flip mapAttrs) category (n: v: let
-            # String
-            indent = repeatString "  " level;
-
-            # String -> String
-            removeNixLinks = text: let
-              maybeMatches = builtins.match "(|.*[^)])(/nix/store/.*/bin/).*" text;
-              matches = mapNullable (remove "") maybeMatches;
-            in
-              if (maybeMatches == null)
-              then text
-              else replaceStrings' matches "" text;
-
-            applyFunctor = attrset: let
-              applied = functors.${attrset.type}.stringify attrset;
-              indent' = indent + (repeatString " " ((stringLength " -> \"") + (stringLength n))) + " ";
-            in
-              replaceStrings' ["\n"] ("\n" + indent') applied;
-
-            recurse = stringifyCategory (level + 1) n v;
-          in if isAlias v
-            then "${indent}  ${red n} -> ${wrap' (blue "\"") (removeNixLinks (applyFunctor v))}"
-            else recurse
-        ));
-      in concatStringsSep "\n" ([title] ++ commands) + "\n";
-    in (stringifyCategory 0 "Aliases" cfg.aliases) + "\n";
-
-    flattenedAliases = let
-      inherit (lib) mapAttrs attrValues filterAttrs isAttrs
-                    isString concatStringsSep foldr;
-
-      applyFunctor = attrset: functors.${attrset.type}.apply attrset;
-
-      # TODO: better naming
-      allAttrValuesAreStrings = attrset: let
-
-        # [ {String} ]
-        filteredAliases = [(filterAttrs (n: v: isString v) attrset)];
-
-        # [ {String} ]
-        remainingFunctors = let
-          functorSet = filterAttrs (_: v: isAlias v) attrset;
-          appliedFunctorSet = mapAttrs (n: v: applyFunctor v) functorSet;
-        in [ appliedFunctorSet ];
-
-        # [ {AttrSet} ]
-        remainingAliasSets = attrValues (filterAttrs (_: v: isAttrs v && !isAlias v) attrset);
-
-        # [ {String} ]
-        recursedAliasSets = filteredAliases
-                          ++ (remainingFunctors)
-                          ++ (map allAttrValuesAreStrings remainingAliasSets);
-      in foldr (a: b: a // b) {} recursedAliasSets;
-
-    in
-      allAttrValuesAreStrings cfg.aliases;
-
-  in {
+  config = {
     xdg.dataFile = {
-      aliases.text = aliasTextOverview;
-      packageManagerLecture = lib.mkIf cfg.enablePackageManagerLecture {
+      "aliases".text = shellAliasesFormat.generateText cfg.aliases;
+
+      "packageManagerLecture" = lib.mkIf cfg.enablePackageManagerLecture {
         target = "package-manager.lecture";
         text = let
           inherit (extendedLib.termColors.front) red blue;
@@ -242,18 +253,22 @@ in {
 
     programs = {
       zsh = {
-        shellAliases = flattenedAliases;
+        shellAliases = shellAliasesFormat.generateAttrs "zsh" cfg.aliases;
         sessionVariables = cfg.variables;
       };
       bash = {
-        shellAliases = flattenedAliases;
+        shellAliases = shellAliasesFormat.generateAttrs "bash" cfg.aliases;
         sessionVariables = cfg.variables;
       };
       fish = {
-        shellAliases = flattenedAliases;
+        shellAliases = shellAliasesFormat.generateAttrs "fish" cfg.aliases;
         # TODO: fish does not support session variables?
         # localVariables = cfg.variables;
       };
+      nushell = {
+        shellAliases = shellAliasesFormat.generateAttrs "nushell" cfg.aliases;
+        environmentVariables = cfg.variables;
+      };
     };
   };
 }

home/modules/systemd-tmpfiles.nix

@@ -0,0 +1,168 @@
+# Taken from nixpkgs: nixos/modules/system/boot/systemd/tmpfiles.nix
+{ config, pkgs, lib, unstable-pkgs, ... }:
+let
+  # TODO: 24.05, year of the types.attrsWith
+  inherit (unstable-pkgs.lib) types mkOption;
+
+  cfg = config.systemd.user.tmpfiles;
+
+  attrsWith' =
+    placeholder: elemType:
+    types.attrsWith {
+      inherit elemType;
+      inherit (lib) placeholder;
+    };
+
+  escapeArgument = lib.strings.escapeC [
+    "\t"
+    "\n"
+    "\r"
+    " "
+    "\\"
+  ];
+
+  settingsOption = {
+    description = ''
+      Declare systemd-tmpfiles rules to create, delete, and clean up volatile
+      and temporary files and directories.
+
+      Even though the service is called `*tmp*files` you can also create
+      persistent files.
+    '';
+    example = {
+      "10-mypackage" = {
+        "/var/lib/my-service/statefolder".d = {
+          mode = "0755";
+          user = "root";
+          group = "root";
+        };
+      };
+    };
+    default = { };
+    type = attrsWith' "config-name" (
+      attrsWith' "path" (
+        attrsWith' "tmpfiles-type" (
+          lib.types.submodule (
+            { name, config, ... }:
+            {
+              options.type = mkOption {
+                type = types.str;
+                default = name;
+                defaultText = "‹tmpfiles-type›";
+                example = "d";
+                description = ''
+                  The type of operation to perform on the file.
+
+                  The type consists of a single letter and optionally one or more
+                  modifier characters.
+
+                  Please see the upstream documentation for the available types and
+                  more details:
+                  {manpage}`tmpfiles.d(5)`
+                '';
+              };
+              options.mode = mkOption {
+                type = types.str;
+                default = "-";
+                example = "0755";
+                description = ''
+                  The file access mode to use when creating this file or directory.
+                '';
+              };
+              options.user = mkOption {
+                type = types.str;
+                default = "-";
+                example = "root";
+                description = ''
+                  The user of the file.
+
+                  This may either be a numeric ID or a user/group name.
+
+                  If omitted or when set to `"-"`, the user and group of the user who
+                  invokes systemd-tmpfiles is used.
+                '';
+              };
+              options.group = mkOption {
+                type = types.str;
+                default = "-";
+                example = "root";
+                description = ''
+                  The group of the file.
+
+                  This may either be a numeric ID or a user/group name.
+
+                  If omitted or when set to `"-"`, the user and group of the user who
+                  invokes systemd-tmpfiles is used.
+                '';
+              };
+              options.age = mkOption {
+                type = types.str;
+                default = "-";
+                example = "10d";
+                description = ''
+                  Delete a file when it reaches a certain age.
+
+                  If a file or directory is older than the current time minus the age
+                  field, it is deleted.
+
+                  If set to `"-"` no automatic clean-up is done.
+                '';
+              };
+              options.argument = mkOption {
+                type = types.str;
+                default = "";
+                example = "";
+                description = ''
+                  An argument whose meaning depends on the type of operation.
+
+                  Please see the upstream documentation for the meaning of this
+                  parameter in different situations:
+                  {manpage}`tmpfiles.d(5)`
+                '';
+              };
+            }
+          )
+        )
+      )
+    );
+  };
+
+  # generates a single entry for a tmpfiles.d rule
+  settingsEntryToRule = path: entry: ''
+    '${entry.type}' '${path}' '${entry.mode}' '${entry.user}' '${entry.group}' '${entry.age}' ${escapeArgument entry.argument}
+  '';
+
+  # generates a list of tmpfiles.d rules from the attrs (paths) under tmpfiles.settings.<name>
+  pathsToRules = lib.mapAttrsToList (
+    path: types: lib.concatStrings (lib.mapAttrsToList (_type: settingsEntryToRule path) types)
+  );
+
+  mkRuleFileContent = paths: lib.concatStrings (pathsToRules paths);
+in
+{
+  options.systemd.user.tmpfiles.settings = lib.mkOption settingsOption;
+
+  config = lib.mkIf (cfg.settings != { }) {
+    assertions = [
+      (lib.hm.assertions.assertPlatform "systemd.user.tmpfiles" pkgs
+        lib.platforms.linux)
+    ];
+
+    xdg.configFile = {
+      "systemd/user/basic.target.wants/systemd-tmpfiles-setup.service".source =
+        "${pkgs.systemd}/example/systemd/user/systemd-tmpfiles-setup.service";
+      "systemd/user/systemd-tmpfiles-setup.service".source =
+        "${pkgs.systemd}/example/systemd/user/systemd-tmpfiles-setup.service";
+      "systemd/user/timers.target.wants/systemd-tmpfiles-clean.timer".source =
+        "${pkgs.systemd}/example/systemd/user/systemd-tmpfiles-clean.timer";
+      "systemd/user/systemd-tmpfiles-clean.service".source =
+        "${pkgs.systemd}/example/systemd/user/systemd-tmpfiles-clean.service";
+    } // (lib.mapAttrs' (name: paths: {
+      name = "user-tmpfiles.d/${name}.conf";
+      value = {
+        text = mkRuleFileContent paths;
+        onChange = "${pkgs.systemd}/bin/systemd-tmpfiles --user --create";
+      };
+    }) cfg.settings);
+  };
+}

home/modules/uidGid.nix

@@ -0,0 +1,13 @@
+{ lib, ... }:
+{
+  options.home = {
+    uid = lib.mkOption {
+      default = 1000;
+      type = lib.types.ints.between 0 60000;
+    };
+    gid = lib.mkOption {
+      default = 1000;
+      type = lib.types.ints.between 0 60000;
+    };
+  };
+}

home/packages.nix

@@ -1,36 +1,43 @@
-{ pkgs, config, machineVars, ... }:
+{ pkgs, yet-unstabler-pkgs, config, machineVars, machineName, ... }:
 {
   home.packages = with pkgs; [
+    bandwhich
     binutils
     cloc
     cyme
     czkawka
-    delta
-    diskonaut
+    difftastic
+    # diskonaut
     duf
     duff
+    fclones
     ffmpeg
     file
+    fselect
+    gitoxide
     glances
+    gpauth
+    gpclient
     gpg-tui
     gping
     graphviz
     hexyl
+    htmlq
     httpie
+    huniq
+    hyperfine
     imagemagick
     kepubify
-    # keybase
     keymapviz
     libwebp
     lnav
     lolcat
+    lurk
     mdcat
     mediainfo
-    meli
     mkvtoolnix
     mmv
     mtr
-    neofetch
     nix-diff
     nix-output-monitor
     nix-tree
@@ -39,30 +46,29 @@
     # nixops
     nmap
     ouch
-    pandoc
     parallel
+    pipr
     progress
     pwntools
-    python3
-    rclone
-    ripgrep
+    rip2
+    rnr
     rsync
     # sc-im
-    slack-term
+    # slack-term
     tea
-    tealdeer
     terminal-parrot
     termtosvg
     toilet
     tokei
+    trippy
     unpaper
     unzip
     usbutils
-    uutils-coreutils
+    uutils-coreutils-noprefix
     waifu2x-converter-cpp
+    watchexec
     wavemon
     wiki-tui
-    yt-dlp
     yubico-pam
     yubikey-agent
     yubikey-manager
@@ -77,54 +83,53 @@
     xorg.xprop
   ] ++ (
     lib.optionals (!machineVars.headless) [
-      ahoviewer
       alsa-utils
-      anki
-      ark
+      kdePackages.ark
       calibre
       cool-retro-term
       darktable
-      discord
-      element-desktop
+      yet-unstabler-pkgs.discord
+      foliate
       geogebra
       ghidra
-      gimp
-      gnome.gnome-font-viewer
-      gnome.seahorse
-      google-chrome
+      gimp3-with-plugins
+      gnome-font-viewer
       imhex
+      imv
       inkscape
       insomnia
       iwgtk
       kid3
       koreader
       krita
-      ktouch
+      # kdePackages.ktouch
       libnotify
       libreoffice
       light
-      mopidy
-      mopidy-mpd
-      mopidy-soundcloud
-      mopidy-youtube
-      mpc_cli
+      mission-center
+      # mopidy
+      # mopidy-mpd
+      # mopidy-soundcloud
+      # mopidy-youtube
+      mpc
+      mumble
       naps2
       nsxiv
-      nyxt
-      obsidian
-      # pcloud
+      pcloud
       pdfarranger
       pwvucontrol
       # scrcpy
+      seahorse
       shellcheck
-      slack
+      signal-desktop
+      # slack
       # sublime3
       # swiPrologWithGui
       tagainijisho
 
       tenacity
       # transcribe
-      wireshark
+      webcamoid
       xcalib
       xclip
       xdotool
@@ -146,16 +151,12 @@
       touchegg
     ] ++ lib.optionals (machineVars.gaming) [
       desmume
-      osu-lazer
-      (prismlauncher.override {
-        jdk17 = jdk21;
-      })
-      retroarchFull
-      steam
-      steam-tui
+      # osu-lazer
+      # retroarchFull
+      # steam
+      # steam-tui
       stepmania
-      taisei
+      # taisei
     ]
   );
 }
-

home/programs/ahoviewer.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.ahoviewer = { };
+}

home/programs/alacritty.nix

@@ -1,7 +1,6 @@
 { pkgs, lib, config, ... }:
 {
   programs.alacritty = {
-    enable = true;
     settings = {
       window = {
         padding = { x = 15; y = 15; };
@@ -18,6 +17,16 @@
         size = 12.0;
       };
 
+      keyboard.bindings = [
+        # NOTE: Allows for  Ctrl+A Super+Z to work as Ctrl+A Alt+Z in tmux,
+        #       very nice for a keyboard with Alt and Super switched.
+        {
+          key = "z";
+          mods = "Super";
+          chars = "\\u001bz";
+        }
+      ];
+
       colors =
         let
           inherit (lib.attrsets) getAttrs filterAttrs;
@@ -43,9 +52,9 @@
         duration = 20;
       };
 
-      live_config_reload = true;
+      general.live_config_reload = true;
 
-      shell = {
+      terminal.shell = {
         program = "${pkgs.zsh}/bin/zsh";
         args = [ "--login" ];
       };

home/programs/anki.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.anki = { };
+}

home/programs/anyrun/default.nix

@@ -0,0 +1,38 @@
+{ pkgs, lib, ... }:
+{
+  programs.anyrun = {
+    config = {
+      y.fraction = 0.3;
+      width.fraction = 0.25;
+      plugins = [
+        "${pkgs.anyrun}/lib/libapplications.so"
+      ];
+      hidePluginInfo = true;
+      closeOnClick = true;
+      showResultsImmediately = true;
+    };
+
+    extraCss = builtins.readFile ./style.css;
+
+    extraConfigFiles."applications.ron".text = let
+      preprocess_script = pkgs.writeShellApplication {
+        name = "anyrun-preprocess-application-exec";
+        runtimeInputs = [ ];
+        text = ''
+          shift # Remove term|no-term
+          echo "uwsm app -- $*"
+        '';
+      };
+    in ''
+      Config(
+        desktop_actions: false,
+        max_entries: 10,
+        preprocess_exec_script: Some("${lib.getExe preprocess_script}"),
+        terminal: Some(Terminal(
+          command: "${lib.getExe pkgs.alacritty}",
+          args: "-e {}",
+        )),
+      )
+    '';
+  };
+}

home/programs/anyrun/style.css

@@ -0,0 +1,76 @@
+@define-color accent #5599d2;
+@define-color bg-color #161616;
+@define-color fg-color #eeeeee;
+@define-color desc-color #cccccc;
+
+window {
+  background: transparent;
+}
+
+box.main {
+  padding: 5px;
+  margin: 10px;
+  border-radius: 10px;
+  border: 2px solid @accent;
+  background-color: @bg-color;
+  box-shadow: 0 0 5px black;
+}
+
+
+text {
+  min-height: 30px;
+  padding: 5px;
+  border-radius: 5px;
+  color: @fg-color;
+}
+
+.matches {
+  background-color: rgba(0, 0, 0, 0);
+  border-radius: 10px;
+}
+
+box.plugin:first-child {
+  margin-top: 5px;
+}
+
+box.plugin.info {
+  min-width: 200px;
+}
+
+list.plugin {
+  background-color: rgba(0, 0, 0, 0);
+}
+
+label.match {
+  color: @fg-color;
+}
+
+label.match.description {
+  font-size: 10px;
+  color: @desc-color;
+}
+
+label.plugin.info {
+  font-size: 14px;
+  color: @fg-color;
+}
+
+.match {
+  background: transparent;
+}
+
+.match:selected {
+  border-left: 4px solid @accent;
+  background: transparent;
+  animation: fade 0.1s linear;
+}
+
+@keyframes fade {
+  0% {
+    opacity: 0;
+  }
+
+  100% {
+    opacity: 1;
+  }
+}

home/programs/aria2.nix

@@ -1,4 +1,4 @@
 { ... }:
 {
-  programs.aria2.enable = true;
-}
+  programs.aria2 = { };
+}

home/programs/atuin.nix

@@ -1,15 +1,13 @@
-{ config, ... }:
+{ config, lib, ... }:
 let
   cfg = config.programs.atuin;
-
-  # TODO: retrieve this in a more dynamic and correct manner
-  xdg_runtime_dir = "/run/user/1000";
+  xdg_runtime_dir = "/run/user/${toString config.home.uid}";
 in
-{
+lib.mkIf cfg.enable {
   programs.atuin = {
-    enable = true;
     enableBashIntegration = true;
     enableZshIntegration = true;
+    enableNushellIntegration = config.programs.nushell.enable;
 
     settings = {
       db_path = "${config.xdg.dataHome}/atuin/history.db";

home/programs/bash.nix

@@ -0,0 +1,18 @@
+{ config, lib, ... }:
+let
+  cfg = config.programs.bash;
+in
+{
+  programs.bash = {
+    historyFile = "${config.xdg.dataHome}/bash_history";
+    historySize = 100000;
+    bashrcExtra = ''
+      source "${config.xdg.configHome}/mutable_env.sh"
+    '';
+    shellOptions = [
+      "histappend"
+      "checkwinsize"
+      "checkjobs"
+    ];
+  };
+}

home/programs/bat.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.bat = { };
+}

home/programs/beets.nix

@@ -1,4 +1,4 @@
 { ... }:
 {
-  programs.beets.enable = true;
+  programs.beets = { };
 }

home/programs/bottom.nix

@@ -0,0 +1,43 @@
+{ config, lib, ... }:
+let
+  cfg = config.programs.bottom;
+in
+{
+  programs.bottom = {
+    settings = {
+      flags.enable_gpu = true;
+
+      row = [
+        {
+          ratio = 30;
+          child = [{ type = "cpu"; }];
+        }
+        {
+          ratio = 40;
+          child = [
+            {
+              ratio = 4;
+              type = "mem";
+            }
+            {
+              ratio = 3;
+              type = "disk";
+            }
+          ];
+        }
+        {
+          ratio = 30;
+          child = [
+            {
+              type = "net";
+            }
+            {
+              default = true;
+              type = "proc";
+            }
+          ];
+        }
+      ];
+    };
+  };
+}

home/programs/browser/engines.nix

@@ -1,10 +1,10 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 {
-  "Amazon.com".metaData.hidden = true;
-  "Bing".metaData.hidden = true;
-  "Wikipedia (en)".metaData.hidden = true;
-  "Google".metaData.alias = "gg";
-  "DuckDuckGo".metaData.alias = "dd";
+  "amazondotcom-us".metaData.hidden = true;
+  "bing".metaData.hidden = true;
+  "wikipedia".metaData.hidden = true;
+  "google".metaData.alias = "gg";
+  "ddg".metaData.alias = "dd";
 
   "Arch Package Repository" = {
     urls = [{
@@ -57,9 +57,29 @@
     definedAliases = [ "gh" ];
   };
 
+  "GitHub Nix Configs" = {
+    urls = [{
+      template = "https://github.com/search";
+      params = [
+        { name = "type"; value = "code"; }
+        {
+          name = "q";
+          value = lib.concatStringsSep " " [
+            "lang:nix"
+            "-is:fork"
+            "-repo:nixos/nixpkgs"
+            "{searchTerms}"
+          ];
+        }
+      ];
+    }];
+    icon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/github.svg";
+    definedAliases = [ "ghn" ];
+  };
+
   "HomeManager Options" = {
     urls = [{
-      template = "https://mipmip.github.io/home-manager-option-search/?{searchTerms}";
+      template = "https://mipmip.github.io/home-manager-option-search/?query={searchTerms}";
     }];
     icon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/nixos.svg";
     definedAliases = [ "hms" ];
@@ -75,6 +95,14 @@
     definedAliases = [ "hg" ];
   };
 
+  "Kagi" = {
+    urls = [{
+      template = "https://kagi.com/search";
+      params = [{ name = "q"; value = "{searchTerms}"; }];
+    }];
+    definedAliases = "k";
+  };
+
   "Melpa" = {
     urls = [{
       template = "https://melpa.org/";
@@ -146,7 +174,7 @@
     definedAliases = [ "ut" ];
   };
 
-  "YouTube" = {
+  "youtube" = {
     urls = [{
       template = "https://www.youtube.com/results";
       params = [{ name = "search_query"; value = "{searchTerms}"; }];

home/programs/cargo.nix

@@ -0,0 +1,13 @@
+{ config, lib, ... }:
+let
+  cfg = config.programs.cargo;
+in
+lib.mkIf cfg.enable {
+  programs.cargo = {
+    settings = {
+      cargo-new.vcs = "git";
+    };
+  };
+
+  home.sessionVariables.CARGO_NET_GIT_FETCH_WITH_CLI = "true";
+}

home/programs/delta.nix

@@ -0,0 +1,11 @@
+{ ... }:
+{
+  programs.delta = {
+    enableGitIntegration = true;
+    options = {
+      line-numbers = true;
+      side-by-side = true;
+      theme = "Monokai Extended Origin";
+    };
+  };
+}

home/programs/direnv/auto-prune.nix

@@ -1,38 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  cfg = config.programs.direnv;
-in
-{
-  config = {
-    systemd.user.services.prune-allowed-direnv-dirs = {
-      Unit = {
-        Description = "Prune unused allowed directories for direnv";
-        Documentation = [ "man:direnv(1)" ];
-      };
-
-      Service = {
-        Type = "oneshot";
-        CPUSchedulingPolicy = "idle";
-        IOSchedulingClass = "idle";
-        ExecStart = "${lib.getExe cfg.package} prune";
-      };
-    };
-
-    systemd.user.timers.prune-allowed-direnv-dirs = {
-      Unit = {
-        Description = "Prune unused allowed directories for direnv";
-        Documentation = [ "man:direnv(1)" ];
-      };
-
-      Timer = {
-        Unit = "prune-allowed-direnv-dirs.service";
-        OnCalendar = "daily";
-        Persistent = true;
-      };
-
-      Install = {
-        WantedBy = [ "timers.target" ];
-      };
-    };
-  };
-}

home/programs/direnv/default.nix

@@ -1,12 +1,16 @@
-{ ... }:
+{ config, lib, ... }:
+let
+  cfg = config.programs.direnv;
+in
 {
-  imports = [
-    ./auto-prune.nix
-  ];
-
   programs.direnv = {
-    enable = true;
-    enableZshIntegration = true;
+    silent = true;
+
     nix-direnv.enable = true;
+
+    enableZshIntegration = true;
+    enableNushellIntegration = config.programs.nushell.enable;
+
+    auto-prune-allowed-dirs.enable = true;
   };
 }

home/programs/element-desktop.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.element-desktop = { };
+}

home/programs/emacs/default.nix

@@ -1,4 +1,6 @@
-{ pkgs, ... }: let
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.programs.emacs;
 
   configEl = pkgs.stdenv.mkDerivation {
     name = "config.el";
@@ -14,11 +16,11 @@
     '';
   };
 
-in {
+in
+lib.mkIf cfg.enable {
   xdg.configFile."emacs/init.el".source = configEl.outPath;
 
   programs.emacs = {
-    enable = true;
     extraPackages = epkgs: with epkgs; [
     #   # package
       use-package

home/programs/eza.nix

@@ -0,0 +1,10 @@
+{ config, lib, ... }:
+let
+  cfg = config.programs.eza;
+in
+{
+  programs.eza = {
+    icons = "auto";
+    enableNushellIntegration = config.programs.nushell.enable;
+  };
+}

home/programs/fastfetch.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.fastfetch = { };
+}

home/programs/feh.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.feh = { };
+}

home/programs/firefox.nix

@@ -1,18 +1,76 @@
-{ pkgs, ... }:
+{ lib, pkgs, ... }:
 {
   programs.firefox = {
-    enable = true;
     profiles.h7x4 = {
-      bookmarks = [{
-        toolbar = true;
-        bookmarks = import ./browser/bookmarks.nix;
-      }];
+      bookmarks = {
+        force = true;
+        settings = [{
+          toolbar = true;
+          bookmarks = import ./browser/bookmarks.nix;
+        }];
+      };
+
       search = {
-        default = "Google";
-        engines = import ./browser/engines.nix { inherit pkgs; };
+        default = "Kagi";
+        engines = import ./browser/engines.nix { inherit pkgs lib; };
         force = true;
       };
-      settings = {};
+
+      # TODO: make into structured attrs
+      settings = {
+        # TODO: collect more stuff from here
+        # https://github.com/arkenfox/user.js
+        "browser.aboutConfig.showWarning" = false;
+        "browser.newtabpage.activity-stream.showSponsored" = false;
+        "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
+        "browser.newtabpage.activity-stream.feeds.telemetry" = false;
+        "browser.newtabpage.activity-stream.telemetry" = false;
+
+        "datareporting.policy.dataSubmissionEnabled" = false;
+        "datareporting.healthreport.uploadEnabled" = false;
+
+        "toolkit.telemetry.archive.enabled" = false;
+        "toolkit.telemetry.bhrPing.enabled" = false;
+        "toolkit.telemetry.coverage.opt-out" = true;
+        "toolkit.telemetry.enabled" = false;
+        "toolkit.telemetry.firstShutdownPing.enabled" = false;
+        "toolkit.telemetry.hybridContent.enabled" = false;
+        "toolkit.telemetry.newProfilePing.enabled" = false;
+        "toolkit.telemetry.prompted" = 2;
+        "toolkit.telemetry.rejected" = true;
+        "toolkit.telemetry.reportingpolicy.firstRun" = false;
+        "toolkit.telemetry.server" = "data:,";
+        "toolkit.telemetry.shutdownPingSender.enabled" = false;
+        "toolkit.telemetry.unified" = false;
+        "toolkit.telemetry.unifiedIsOptIn" = false;
+        "toolkit.telemetry.updatePing.enabled" = false;
+        "toolkit.coverage.opt-out" = true;
+        "toolkit.coverage.endpoint.base" = "";
+
+        "layout.css.prefers-color-scheme.content-override" = "dark";
+
+        "font.cjk_pref_fallback_order" = lib.concatStringsSep "," [
+          "ja"
+          "zh-cn"
+          "zh-hk"
+          "zh-tw"
+          "ko"
+        ];
+      } // (lib.pipe null [
+        (_: {
+          "ja" = "JP";
+          "ko" = "KR";
+          "zh-CN" = "SC";
+          "zh-HK" = "HK";
+          "zh-TW" = "TC";
+        })
+        (lib.mapAttrsToList (lang: notoSuffix: {
+          "font.name.monospace.${lang}" = "Noto Sans Mono CJK ${notoSuffix}";
+          "font.name.sans-serif.${lang}" = "Noto Sans CJK ${notoSuffix}";
+          "font.name.serif.${lang}" = "Noto Serif CJK ${notoSuffix}";
+        }))
+        (lib.foldl lib.mergeAttrs { })
+      ]);
     };
   };
 }

home/programs/fzf.nix

@@ -0,0 +1,9 @@
+{ config, lib, ... }:
+let
+  cfg = config.programs.fzf;
+in
+{
+  programs.fzf = {
+    defaultCommand = "fd --type f";
+  };