WIP: xps16/btrfs: enable btrbk

.sops.yaml

@@ -2,9 +2,10 @@ keys:
   - &gpg_h7x4 F7D37890228A907440E1FD4846B9228E814A2AAC
   - &host_tsuki age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst
   - &host_kasei age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc
-  - &host_dosei age179y7apa80p9unvyjtsphpzyhve90ex986vlxkx43xt9n6m7en3csqnug7c
-  - &host_europa age14mer45e52r2q4uz8n3fmv69tvk8gvwany4m4ndudud8ajv3jm4nqdj9m6a
+  - &host_dosei age1s6s4w7cdfgajm30z9gy8va8pvs2lrzk5gnsg0hmn5z2sl8z36seqej406r
+  - &host_xps16 age1np3fg9ue2tp4l47x7waapvjxh5zcaye2j54laapy7uklamve2c4qv3gytm
   - &home age10f4a5acpar8vwz3v298r3nv7gggfpmyh4wxpkc2hwq9paq0scf8qee8lau
+  - &home_dosei age17acs5lw7npma4sughxq3wj3cs5gjkenqdzscyvaks0er33n8gupsce7jlp
 
 creation_rules:
   - path_regex: secrets/common.yaml
@@ -15,8 +16,9 @@ creation_rules:
         - *host_tsuki
         - *host_kasei
         - *host_dosei
-        - *host_europa
+        - *host_xps16
         - *home
+        - *home_dosei
 
   - path_regex: secrets/home.yaml
     key_groups:
@@ -24,6 +26,14 @@ creation_rules:
         - *gpg_h7x4
         age:
         - *home
+        - *home_dosei
+
+  - path_regex: secrets/xps16.yaml
+    key_groups:
+      - pgp:
+        - *gpg_h7x4
+        age:
+        - *host_xps16
 
   - path_regex: secrets/kasei.yaml
     key_groups:
@@ -45,10 +55,3 @@ creation_rules:
         - *gpg_h7x4
         age:
         - *host_dosei
-
-  - path_regex: secrets/europa.yaml
-    key_groups:
-      - pgp:
-        - *gpg_h7x4
-        age:
-        - *host_europa

README.md

@@ -1,5 +1,6 @@
 [![built with nix](https://builtwithnix.org/badge.svg)](https://builtwithnix.org)
 
+
 # Nix Dotfiles
 
 These are my dotfiles for several nix machines.
@@ -16,6 +17,7 @@ Here are some of the interesting files and dirs:
 | `/secrets` | Encrypted [sops-nix][sops-nix] secrets. |
 | `flake.nix` | The root of everyting. Defines the inputs and outputs of the project. Also applies misc overlays and adds config-wide modules. See [Nix Flakes][nix-flakes] for more information. |
 
+
 ## Hosts
 
 | Host | Machine type | Purpose |
@@ -23,7 +25,7 @@ Here are some of the interesting files and dirs:
 | `Tsuki` | Dell Poweredge r710 server | Data storage / Build server / Selfhosted services. This server hosts a wide variety of services, including websites, matrix server, git repos, CI/CD and more. **This is probably the most interesting machine to pick config from** |
 | `Kasei` | AMD Zen 2 CPU / AMD GPU - desktop computer | Semi-daily driver. This is my main computer at home. |
 | `Dosei` | Dell Optiplex | Work computer, mostly used for development and testing. |
-| `Europa` | Dell Optiplex | Other work computer, used as nix builder for `Dosei`. |
+
 
 ## home-manager configuration
 
@@ -36,6 +38,74 @@ Here are some of the interesting files and dirs:
 | `/home/services` | Configuration for services/daemons that are user-specific. |
 | `/home/shell.nix` | Shell-agnostic configuration. This includes aliases, envvars, functions, etc. |
 
+
+## Some useful long commands
+
+Build configuration without switching:
+
+```
+nix build .#nixosConfigurations.tsuki.config.system.build.toplevel -L
+```
+
+Check why configuration depends on package:
+
+```
+NIXPKGS_ALLOW_INSECURE=1 nix why-depends .#nixosConfigurations.tsuki.config.system.build.toplevel .#pkgs.suspiciousPackage
+```
+
+Re-encrypt sops secrets with new key:
+
+```
+sops updatekeys secrets/hosts/file.yml
+```
+
+## Setting up a new machine
+
+### 1. Move gpg keys to
+
+```console
+# Export on some machine
+gpg --export-secret-keys --armor nani.wtf > ~/SD/gpg_keys.pem
+
+# Import
+gpg --import ~/SD/gpg_keys.pem
+```
+
+### 2. Generating host keys, and converting to age keys for nix-sops host secrets
+
+```console
+# Create host keys
+ssh-keygen -A
+
+# Convert public key to age format
+nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
+
+# Register this key in `.sops.yaml`
+$EDITOR .sops.yaml
+
+# Update keys
+sops updatekeys secrets/common.yaml
+sops updatekeys secrets/$(hostname).yaml # if present
+```
+
+### 3. Creating new ssh key for nix-sops home secrets
+
+```console
+# Create new key
+ssh-keygen -t ed25519 -b 4096 -C "sops-nix home key" -f ~/.ssh/id_ed25519_home_sops -N ''
+
+# Convert public key to age format
+nix-shell -p ssh-to-age --run 'cat ~/.ssh/id_ed25519_home_sops.pub | ssh-to-age'
+
+# Register this key in `.sops.yaml`
+$EDITOR .sops.yaml
+
+# Update keys
+sops updatekeys secrets/common.yaml
+sops updatekeys secrets/home.yaml
+```
+
+
 [home-manager]: https://github.com/nix-community/home-manager
 [nixos-search]: https://search.nixos.org/options
 [sops-nix]: https://github.com/Mic92/sops-nix

flake.lock

@@ -1,30 +1,36 @@
 {
   "nodes": {
-    "dotfiles": {
-      "flake": false,
+    "anyrun": {
+      "inputs": {
+        "flake-parts": "flake-parts",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": "systems"
+      },
       "locked": {
-        "lastModified": 1654179945,
-        "narHash": "sha256-vnD7vu/hRBPoqL6Wse9CELitW30a9P++QTPnNm1qHjE=",
-        "ref": "master",
-        "rev": "37bdd48de4bfa8e03a8ab5ef840b2509e193e6a1",
-        "revCount": 96,
-        "type": "git",
-        "url": "https://git.pvv.ntnu.no/oysteikt/dotfiles"
+        "lastModified": 1743762088,
+        "narHash": "sha256-f+oXT9b3xuBDmm4v4nDqJvlHabxxZRB6+pay4Ub/NvA=",
+        "owner": "anyrun-org",
+        "repo": "anyrun",
+        "rev": "786f539d69d5abcefa68978dbaa964ac14536a00",
+        "type": "github"
       },
       "original": {
+        "owner": "anyrun-org",
         "ref": "master",
-        "type": "git",
-        "url": "https://git.pvv.ntnu.no/oysteikt/dotfiles"
+        "repo": "anyrun",
+        "type": "github"
       }
     },
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1673956053,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
         "type": "github"
       },
       "original": {
@@ -33,34 +39,37 @@
         "type": "github"
       }
     },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "anyrun",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1743550720,
+        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
     "flake-utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1681202837,
-        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_2": {
       "inputs": {
         "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1681202837,
-        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
         "type": "github"
       },
       "original": {
@@ -69,19 +78,6 @@
         "type": "github"
       }
     },
-    "fonts": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1668957008,
-        "narHash": "sha256-er2eUfNSG9qdBh0JvtxtftQjFfTFjRqqD8dnk5nZ1qw=",
-        "path": "/home/h7x4/git/fonts",
-        "type": "path"
-      },
-      "original": {
-        "path": "/home/h7x4/git/fonts",
-        "type": "path"
-      }
-    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -89,40 +85,20 @@
         ]
       },
       "locked": {
-        "lastModified": 1718530513,
-        "narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=",
+        "lastModified": 1745557122,
+        "narHash": "sha256-eqSo9ugzsqhFgaDFYUZj943nurlX4L6f+AW0skJ4W+M=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a1fddf0967c33754271761d91a3d921772b30d0e",
+        "rev": "dd26f75fb4ec1c731d4b1396eaf4439ce40a91c1",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-24.05",
+        "ref": "release-24.11",
         "repo": "home-manager",
         "type": "github"
       }
     },
-    "home-manager-local": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs-unstable"
-        ]
-      },
-      "locked": {
-        "lastModified": 1719170506,
-        "narHash": "sha256-AROqng7/S3mTByq8DBVR6r0iW1yZH+otJkqOwLHvELE=",
-        "ref": "refs/heads/fix-stalonetrayrc-path",
-        "rev": "0e5656163c2f9ac6e2cc4de3b44beb7a137abbe6",
-        "revCount": 3588,
-        "type": "git",
-        "url": "file:///home/h7x4/git/home-manager"
-      },
-      "original": {
-        "type": "git",
-        "url": "file:///home/h7x4/git/home-manager"
-      }
-    },
     "matrix-synapse-next": {
       "inputs": {
         "nixpkgs": [
@@ -130,16 +106,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1717234745,
-        "narHash": "sha256-MFyKRdw4WQD6V3vRGbP6MYbtJhZp712zwzjW6YiOBYM=",
+        "lastModified": 1735857245,
+        "narHash": "sha256-AKLLPrgXTxgzll3DqVUMa4QlPlRN3QceutgFBmEf8Nk=",
         "owner": "dali99",
         "repo": "nixos-matrix-modules",
-        "rev": "d7dc42c9bbb155c5e4aa2f0985d0df75ce978456",
+        "rev": "da9dc0479ffe22362793c87dc089035facf6ec4d",
         "type": "github"
       },
       "original": {
         "owner": "dali99",
-        "ref": "v0.6.0",
+        "ref": "0.7.0",
         "repo": "nixos-matrix-modules",
         "type": "github"
       }
@@ -191,65 +167,82 @@
         ]
       },
       "locked": {
-        "lastModified": 1719278718,
-        "narHash": "sha256-gWQb4P9CZgKzTn4F4eWMYeUv2AQOXFlcFmFXh2apoyA=",
+        "lastModified": 1745805739,
+        "narHash": "sha256-ryJ95o+w0hSVm5LkW5dxTbL2e1HCHCPcpNh627D3KHU=",
         "owner": "infinidoge",
         "repo": "nix-minecraft",
-        "rev": "b6ff85f3b416a700ac35e33c214d7c9f4fe071fa",
+        "rev": "ea8fa40a5fbf2762c41efc913c03aed3587ec7fa",
         "type": "github"
       },
       "original": {
         "owner": "infinidoge",
+        "ref": "master",
         "repo": "nix-minecraft",
         "type": "github"
       }
     },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1745503349,
+        "narHash": "sha256-bUGjvaPVsOfQeTz9/rLTNLDyqbzhl0CQtJJlhFPhIYw=",
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "rev": "f7bee55a5e551bd8e7b5b82c9bc559bc50d868d1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1719145550,
-        "narHash": "sha256-K0i/coxxTEl30tgt4oALaylQfxqbotTSNb1/+g+mKMQ=",
+        "lastModified": 1745742390,
+        "narHash": "sha256-1rqa/XPSJqJg21BKWjzJZC7yU0l/YTVtjRi0RJmipus=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e4509b3a560c87a8d4cb6f9992b8915abf9e36d8",
+        "rev": "26245db0cb552047418cfcef9a25da91b222d6c7",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-24.05",
+        "ref": "nixos-24.11",
         "type": "indirect"
       }
     },
-    "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1719099622,
-        "narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "5e8e3b89adbd0be63192f6e645e0a54080004924",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "release-23.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1719254875,
-        "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=",
+        "lastModified": 1745377448,
+        "narHash": "sha256-jhZDfXVKdD7TSEGgzFJQvEEZ2K65UMiqW5YJ2aIqxMA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60",
+        "rev": "507b63021ada5fee621b6ca371c4fca9ca46f52c",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-unstable",
+        "ref": "nixpkgs-unstable",
         "type": "indirect"
       }
     },
+    "nixpkgs-yet-unstabler": {
+      "locked": {
+        "lastModified": 1745831704,
+        "narHash": "sha256-HMoKsZr3POMhCCIN1sFbPmYZ5ZBT/pCeyZnUXnJchdc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "7aa91c307d9af07d6900b337cecd02da067e8433",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "osuchan": {
       "inputs": {
         "nixpkgs": [
@@ -257,11 +250,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1672838459,
-        "narHash": "sha256-SIXzj9fbSvr/jfhhil+0cS7I6KONijdH80PFGxJi+CA=",
+        "lastModified": 1684092181,
+        "narHash": "sha256-Oi6G8Jx2RkEMi3UndtAnZw61hfgKGEe7l/ILdB9ump4=",
         "ref": "refs/heads/master",
-        "rev": "392fb541ce39f1f52908eee336d5ed409cd798ed",
-        "revCount": 42,
+        "rev": "028ed8774d1cf4650fc15253146cf14451eb608c",
+        "revCount": 43,
         "type": "git",
         "url": "file:///home/h7x4/git/osuchan-line-bot"
       },
@@ -272,53 +265,31 @@
     },
     "root": {
       "inputs": {
-        "dotfiles": "dotfiles",
-        "fonts": "fonts",
+        "anyrun": "anyrun",
         "home-manager": "home-manager",
-        "home-manager-local": "home-manager-local",
         "matrix-synapse-next": "matrix-synapse-next",
         "maunium-stickerpicker": "maunium-stickerpicker",
         "minecraft": "minecraft",
+        "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "nixpkgs-unstable": "nixpkgs-unstable",
+        "nixpkgs-yet-unstabler": "nixpkgs-yet-unstabler",
         "osuchan": "osuchan",
-        "secrets": "secrets",
-        "sops-nix": "sops-nix",
-        "vscode-server": "vscode-server"
-      }
-    },
-    "secrets": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "dirtyRev": "1d1e3c1a3293e22be504749eb92ac3b050cd8622-dirty",
-        "dirtyShortRev": "1d1e3c1-dirty",
-        "lastModified": 1683506783,
-        "narHash": "sha256-iwnpd6v4tKXFDTRomzJxwYPr2mm2JR9DCCnkqsofX5c=",
-        "type": "git",
-        "url": "file:///home/h7x4/git/nix-secrets"
-      },
-      "original": {
-        "type": "git",
-        "url": "file:///home/h7x4/git/nix-secrets"
+        "sops-nix": "sops-nix"
       }
     },
     "sops-nix": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
-        ],
-        "nixpkgs-stable": "nixpkgs-stable"
+        ]
       },
       "locked": {
-        "lastModified": 1719268571,
-        "narHash": "sha256-pcUk2Fg5vPXLUEnFI97qaB8hto/IToRfqskFqsjvjb8=",
+        "lastModified": 1745310711,
+        "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3",
+        "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c",
         "type": "github"
       },
       "original": {
@@ -329,16 +300,16 @@
     },
     "systems": {
       "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "lastModified": 1689347949,
+        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
         "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "repo": "default-linux",
+        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
         "type": "github"
       },
       "original": {
         "owner": "nix-systems",
-        "repo": "default",
+        "repo": "default-linux",
         "type": "github"
       }
     },
@@ -356,27 +327,6 @@
         "repo": "default",
         "type": "github"
       }
-    },
-    "vscode-server": {
-      "inputs": {
-        "flake-utils": "flake-utils_2",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1713958148,
-        "narHash": "sha256-8PDNi/dgoI2kyM7uSiU4eoLBqUKoA+3TXuz+VWmuCOc=",
-        "owner": "nix-community",
-        "repo": "nixos-vscode-server",
-        "rev": "fc900c16efc6a5ed972fb6be87df018bcf3035bc",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixos-vscode-server",
-        "type": "github"
-      }
     }
   },
   "root": "root",

flake.nix

@@ -1,17 +1,15 @@
 {
   inputs = {
-    nixpkgs.url = "nixpkgs/nixos-24.05";
-    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
+    nixpkgs.url = "nixpkgs/nixos-24.11";
+    nixpkgs-unstable.url = "nixpkgs/nixpkgs-unstable";
+    nixpkgs-yet-unstabler.url = "github:NixOS/nixpkgs/master";
 
     home-manager = {
-      url = "github:nix-community/home-manager/release-24.05";
+      url = "github:nix-community/home-manager/release-24.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    dotfiles = {
-      url = "git+https://git.pvv.ntnu.no/oysteikt/dotfiles?ref=master";
-      flake = false;
-    };
+    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
 
     sops-nix = {
       url = "github:Mic92/sops-nix";
@@ -23,40 +21,23 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    # TODO: fix website
-    # website = {
-    #   url = "git+https://git.pvv.ntnu.no/oysteikt/nani.wtf?ref=main";
-      # url = "path:/home/h7x4/git/nani.wtf";
-      # inputs.nixpkgs.follows = "nixpkgs";
-    # };
-
     maunium-stickerpicker = {
       url = "github:h7x4/maunium-stickerpicker-nix/0.1.0";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
     minecraft = {
-      url = "github:infinidoge/nix-minecraft";
+      url = "github:infinidoge/nix-minecraft/master";
       inputs.nixpkgs.follows = "nixpkgs-unstable";
     };
 
     matrix-synapse-next = {
-      url = "github:dali99/nixos-matrix-modules/v0.6.0";
+      url = "github:dali99/nixos-matrix-modules/0.7.0";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    vscode-server = {
-      url = "github:nix-community/nixos-vscode-server";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    # Nix expressions and keys (TODO: move keys to another solution like agenix)
-    # which should be kept from the main repo for privacy reasons.
-    #
-    # Includes stuff like usernames, emails, ports, other server users, ssh hosts, etc.
-    secrets = {
-      # TODO: Push this to a remote.
-      url = "git+file:///home/h7x4/git/nix-secrets";
+    anyrun = {
+      url = "github:anyrun-org/anyrun/master";
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
@@ -65,17 +46,16 @@
     self,
     nixpkgs,
     nixpkgs-unstable,
+    nixpkgs-yet-unstabler,
     home-manager,
+    nixos-hardware,
 
-    dotfiles,
     matrix-synapse-next,
     maunium-stickerpicker,
     minecraft,
     osuchan,
-    secrets,
     sops-nix,
-    vscode-server,
-    # website
+    anyrun,
   }: let
     system = "x86_64-linux";
 
@@ -87,56 +67,98 @@
         android_sdk.accept_license = true;
         segger-jlink.acceptLicense = true;
         permittedInsecurePackages = [
-          "segger-jlink-qt4-794l"
+          "segger-jlink-qt4-796s"
+          "dotnet-core-combined"
+          "dotnet-sdk-6.0.428"
+          "dotnet-sdk-wrapped-6.0.428"
         ];
       };
 
-      overlays = let
-        nonrecursive-unstable-pkgs = import nixpkgs-unstable {
-          inherit system;
-          config.allowUnfree = true;
-          config.segger-jlink.acceptLicense = true;
-          config.permittedInsecurePackages = [
-            "segger-jlink-qt4-794s"
-          ];
-        };
-      in [
-        (self: super: {
-          inherit (nonrecursive-unstable-pkgs)
-            atuin
-            wstunnel
-            nrf-udev
-            nrfutil
-            ;
-        })
+      overlays = [
+        self.overlays.pcloud
+        self.overlays.unstableLinuxPackages
+        self.overlays.waylandImeIntegration
+        self.overlays.gitoxide
 
-        # https://github.com/NixOS/nixpkgs/pull/251706
-        (self: super: {
-          mozc = self.qt6Packages.callPackage ./package-overrides/mozc.nix { };
-          fcitx5-mozc = self.callPackage ./package-overrides/fcitx5-mozc.nix { };
-        })
-
-        (self: super: {
-          mpv-unwrapped = super.mpv-unwrapped.override {
-            ffmpeg = super.ffmpeg_6-full;
-          };
-        })
+        minecraft.overlays.default
+        osuchan.overlays.default
       ];
     };
 
     pkgs = import nixpkgs pkgs-config;
     unstable-pkgs = import nixpkgs-unstable pkgs-config;
+    yet-unstabler-pkgs = import nixpkgs-yet-unstabler pkgs-config;
   in {
+    inherit pkgs;
+    inherit (nixpkgs) lib;
+
     extendedLib = import ./lib { stdlib = pkgs.lib; };
 
-    inherit pkgs;
+    inputs = pkgs.lib.mapAttrs (_: src: src.outPath) inputs;
 
-    packages.${system} = {
-      inherit (pkgs) kanidm pcloud;
+    devShells.${system}.default = pkgs.mkShellNoCC {
+      packages = with pkgs; [ sops ];
     };
 
-    devShells.${system}.default = pkgs.mkShell {
-      packages = with pkgs; [ sops ];
+    packages.${system} = {
+      bcachefsInstallerIso = let
+        nixosSystem = nixpkgs.lib.nixosSystem {
+          inherit system;
+          modules = [
+            "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix"
+            ({ lib, pkgs, ... }: {
+              boot.supportedFilesystems = [ "bcachefs" ];
+              boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
+            })
+          ];
+        };
+      in nixosSystem.config.system.build.isoImage;
+    };
+
+    overlays = let
+      nonrecursive-unstable-pkgs = import nixpkgs-unstable {
+        inherit system;
+        config.allowUnfree = true;
+        config.segger-jlink.acceptLicense = true;
+        config.permittedInsecurePackages = [
+          "segger-jlink-qt4-796s"
+        ];
+      };
+    in {
+      pcloud = import ./overlays/pcloud.nix {
+        inherit (nixpkgs) lib;
+        pkgs = nonrecursive-unstable-pkgs;
+      };
+
+      gitoxide = _: _: {
+        gitoxide = nonrecursive-unstable-pkgs.gitoxide;
+      };
+
+      unstableLinuxPackages = _: _: {
+        linuxPackages_latest = nonrecursive-unstable-pkgs.linuxPackages_latest;
+      };
+
+      waylandImeIntegration = import ./overlays/wayland-ime-integration.nix;
+    };
+
+    nixosModules = {
+      machineVars = ./modules/machineVars.nix;
+      socketActivation = ./modules/socketActivation.nix;
+    };
+
+    homeModules = {
+      cargo = ./home/modules/programs/cargo;
+      colors = ./home/modules/colors.nix;
+      direnv-auto-prune = ./home/modules/programs/direnv/auto-prune.nix;
+      gpg = ./home/modules/programs/gpg;
+      mpd-auto-updater = ./home/modules/services/mpd.nix;
+      neovim-auto-clean-swapfiles = ./home/modules/programs/neovim/auto-clean-swapfiles.nix;
+      newsboat = ./home/modules/programs/newsboat;
+      nix-index-auto-update-database = ./home/modules/programs/nix-index/auto-update-database.nix;
+      prism-launcher = ./home/modules/programs/prism-launcher;
+      shellAliases = ./home/modules/shellAliases.nix;
+      systemd-tmpfiles = ./home/modules/systemd-tmpfiles.nix;
+      uidGid = ./home/modules/uidGid.nix;
     };
 
     homeConfigurations = {
@@ -146,12 +168,12 @@
 
         username = "h7x4";
         homeDirectory = "/home/h7x4";
-        stateVersion = "22.05";
+        stateVersion = "25.05";
         configuration = {
           imports = [
             ./home/home.nix
             ./modules/machineVars.nix
-          ];
+          ] ++ (builtins.attrValues self.homeModules);
 
           machineVars = {
             headless = false;
@@ -175,8 +197,8 @@
             specialArgs = {
               inherit inputs;
               inherit unstable-pkgs;
+              inherit yet-unstabler-pkgs;
               inherit (self) extendedLib;
-              secrets = secrets.outputs.settings;
             } // (extraConfig.specialArgs or { });
 
             modules = [
@@ -188,7 +210,6 @@
               ./modules/machineVars.nix
               ./modules/socketActivation.nix
 
-              secrets.outputs.nixos-config
               sops-nix.nixosModules.sops
 
               ({ config, ... }:
@@ -198,14 +219,16 @@
                   extraSpecialArgs = {
                     inherit inputs;
                     inherit unstable-pkgs;
+                    inherit yet-unstabler-pkgs;
                     inherit (self) extendedLib;
                     inherit (config) machineVars;
-                    secrets = secrets.outputs.settings;
+                    machineName = name;
                   };
 
                   sharedModules = [
                     inputs.sops-nix.homeManagerModules.sops
-                  ];
+                    inputs.anyrun.homeManagerModules.default
+                  ] ++ (builtins.attrValues self.homeModules);
 
                   users.h7x4.imports = [
                     ./home/home.nix
@@ -221,14 +244,40 @@
             "specialArgs"
           ]));
     in {
-      dosei = nixSys "dosei" { };
-      kasei = nixSys "kasei" { };
-      europa = nixSys "europa" { };
+      dosei = nixSys "dosei" {
+        modules = [
+          {
+            home-manager.users.h7x4.home.uid = 1000;
+          }
+
+          nixos-hardware.nixosModules.common-pc
+          nixos-hardware.nixosModules.common-pc-ssd
+          nixos-hardware.nixosModules.common-cpu-intel
+          nixos-hardware.nixosModules.common-gpu-intel
+        ];
+      };
+      kasei = nixSys "kasei" {
+        modules = [
+          nixos-hardware.nixosModules.common-pc
+          nixos-hardware.nixosModules.common-pc-ssd
+          nixos-hardware.nixosModules.common-cpu-amd
+          nixos-hardware.nixosModules.common-cpu-amd-pstate
+          nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
+        ];
+      };
+      xps16 = nixSys "xps16" {
+        modules = [
+          nixos-hardware.nixosModules.common-hidpi
+          nixos-hardware.nixosModules.common-pc-laptop
+          nixos-hardware.nixosModules.common-pc-laptop-ssd
+          nixos-hardware.nixosModules.common-cpu-intel
+          nixos-hardware.nixosModules.common-gpu-intel
+        ];
+      };
       tsuki = nixSys "tsuki" {
         modules = [
           matrix-synapse-next.nixosModules.default
           osuchan.outputs.nixosModules.default
-          vscode-server.nixosModules.default
           maunium-stickerpicker.nixosModules.default
 
           (args: import minecraft.outputs.nixosModules.minecraft-servers (args // {

home/config/ensure-homedir-structure.nix

@@ -0,0 +1,27 @@
+{ config, ... }:
+let
+  home = config.home.homeDirectory;
+  user = config.home.username;
+in {
+  systemd.user.tmpfiles.rules = [
+    "d ${home}/SD - ${user} - - -"
+    "d ${home}/ctf - ${user} - - -"
+    "d ${home}/git - ${user} - - -"
+    "d ${home}/pvv - ${user} - - -"
+    "d ${home}/work - ${user} - - -"
+
+    "d ${home}/pictures/icons - ${user} - - -"
+    "d ${home}/pictures/photos - ${user} - - -"
+    "d ${home}/pictures/screenshots - ${user} - - -"
+    "d ${home}/pictures/stickers - ${user} - - -"
+    "d ${home}/pictures/wallpapers - ${user} - - -"
+
+    "d ${home}/documents/books - ${user} - - -"
+    "d ${home}/documents/scans - ${user} - - -"
+
+    "L ${home}/Downloads - ${user} - - ${home}/downloads"
+
+    "L ${config.xdg.dataHome}/wallpapers - ${user} - - ${home}/pictures/wallpapers"
+    "L ${config.home.sessionVariables.TEXMFHOME} - ${user} - - ${home}/git/texmf"
+  ];
+}

home/config/gtk.nix

@@ -2,17 +2,18 @@
 {
   gtk = pkgs.lib.mkIf (!machineVars.headless) {
     enable = true;
-    font = {
-      name = "Droid Sans";
-    };
+    font.name = "Droid Sans";
+
     iconTheme = {
-      package = pkgs.papirus-icon-theme;
       name = "Papirus";
+      package = pkgs.papirus-icon-theme;
     };
+
     theme = {
-      package = pkgs.vimix-gtk-themes;
-      name = "VimixDark";
+      name = "Adwaita-dark";
+      package = pkgs.gnome-themes-extra;
     };
+
     gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
 
     gtk3.bookmarks = map (s: "file://${config.home.homeDirectory}/${s}") [
@@ -22,10 +23,12 @@
       "music"
       ".config"
       ".local/share"
-      # "Dropbox"
+      "SD"
       "git"
-      "git/pvv"
+      "pvv"
       "nix"
+      "work"
+      "ctf"
     ];
   };
 }

home/config/xdg/default.nix

@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, lib, ... }:
 {
   imports = [
     ./mimetypes.nix
@@ -8,14 +8,14 @@
     enable = true;
     userDirs = {
       enable = true;
-      desktop = "${config.home.homeDirectory}/Desktop";
-      documents = "${config.home.homeDirectory}/documents";
-      download = "${config.home.homeDirectory}/Downloads";
-      music = "${config.home.homeDirectory}/music";
-      pictures = "${config.home.homeDirectory}/pictures";
-      publicShare = "${config.home.homeDirectory}/public";
-      templates = "${config.home.homeDirectory}/templates";
-      videos = "${config.home.homeDirectory}/videos";
+      desktop = lib.mkDefault "${config.home.homeDirectory}/Desktop";
+      documents = lib.mkDefault "${config.home.homeDirectory}/documents";
+      download = lib.mkDefault "${config.home.homeDirectory}/Downloads";
+      music = lib.mkDefault "${config.home.homeDirectory}/music";
+      pictures = lib.mkDefault "${config.home.homeDirectory}/pictures";
+      publicShare = lib.mkDefault "${config.home.homeDirectory}/public";
+      templates = lib.mkDefault "${config.home.homeDirectory}/templates";
+      videos = lib.mkDefault "${config.home.homeDirectory}/videos";
     };
   };
 }

home/config/xdg/directory-spec-overrides.nix

@@ -2,50 +2,86 @@
 {
   nix.settings.use-xdg-base-directories = true;
 
+  home.preferXdgDirectories = true;
+
   home.sessionVariables = let
     inherit (config.xdg) dataHome cacheHome configHome userDirs;
+    runtimeDir = "/run/user/${toString config.home.uid}";
   in {
     TEXMFHOME = "${dataHome}/texmf";
     TEXMFVAR = "${cacheHome}/texlive";
     TEXMFCONFIG = "${configHome}/texlive";
 
+    EM_CONFIG = "${configHome}/emscripten/config";
+    EM_CACHE = "${cacheHome}/emscripten/cache";
+    EM_PORTS = "${dataHome}/emscripten/cache";
+
     PSQL_HISTORY = "${dataHome}/psql_history";
-    SQLITE_HISTORY= "${dataHome}/sqlite_history";
     MYSQL_HISTFILE = "${dataHome}/mysql_history";
     NODE_REPL_HISTORY = "${dataHome}/node_repl_history";
     GDB_HISTFILE = "${dataHome}/gdb_history";
-    PYTHON_HISTORY = "${dataHome}/python_history";
+    HISTFILE = "${dataHome}/bash_history";
+    CALCHISTFILE = "${dataHome}/calc_history";
 
     GHCUP_USE_XDG_DIRS = "true";
+    MIX_XDG = "true";
 
     __GL_SHADER_DISK_CACHE_PATH = "${cacheHome}/nv";
+    _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java";
     ANDROID_USER_HOME = "${dataHome}/android";
     AZURE_CONFIG_DIR = "${dataHome}/azure";
     BZRPATH = "${configHome}/bazaar";
     BZR_PLUGIN_PATH = "${dataHome}/bazaar";
     BZR_HOME = "${cacheHome}/bazaar";
-    CARGO_HOME = "${dataHome}/cargo";
     CUDA_CACHE_PATH = "${cacheHome}/nv";
+    DISCORD_USER_DATA_DIR = "${dataHome}/discord";
     DOCKER_CONFIG = "${configHome}/docker";
     DOTNET_CLI_HOME = "${dataHome}/dotnet";
     DOT_SAGE = "${configHome}/sagemath";
     ELM_HOME = "${configHome}/";
+    FFMPEG_DATADIR = "${configHome}/ffmpeg";
+    GOCACHE = "${cacheHome}/go/build";
+    GOMODCACHE = "${cacheHome}/go/mod";
     GOPATH = "${dataHome}/go";
     GRIPHOME = "${configHome}/grip";
     GRADLE_USER_HOME = "${dataHome}/gradle";
     ICEAUTHORITY = "${cacheHome}/ICEauthority";
     NIMBLE_DIR = "${dataHome}/nimble";
     NLTK_DATA = "${dataHome}/nltk_data";
+    NPM_CONFIG_CACHE = "${cacheHome}/npm";
+    NPM_CONFIG_INIT_MODULE = "${configHome}/npm/config/npm-init.js";
+    NPM_CONFIG_TMP = "${runtimeDir}/npm";
+    NODE_COMPILE_CACHE = "${cacheHome}/node-compile-cache";
     NRFUTIL_HOME = "${dataHome}/nrfutil";
     NUGET_PACKAGES = "${cacheHome}/nuget-packages";
     PARALLEL_HOME = "${configHome}/parallel";
+    PGPASSFILE = "${configHome}/pg/pgpass";
+    PSQLRC = "${configHome}/pg/psqlrc";
     PYENV_ROOT = "${dataHome}/pyenv";
+    RUFF_CACHE_DIR = "${cacheHome}/ruff";
     RUSTUP_HOME = "${dataHome}/rustup";
     RYE_HOME = "${dataHome}/rye";
     STACK_ROOT = "${dataHome}/stack";
     W3M_DIR = "${dataHome}/w3m";
     WINEPREFIX = "${dataHome}/wine";
 
+    SBT_OPTS = lib.concatStringsSep " " [
+      "-Dsbt.ivy.home=${cacheHome}/ivy"
+      "-Dsbt.boot.directory=${cacheHome}/sbt/boot"
+      "-Dsbt.preloaded=${cacheHome}/sbt/preloaded"
+      "-Dsbt.global.base=${cacheHome}/sbt"
+      "-Dsbt.global.staging=${cacheHome}/sbt/staging"
+      "-Dsbt.global.zinc=${cacheHome}/sbt/zinc"
+      "-Dsbt.dependency.base=${cacheHome}/sbt/dependency"
+      "-Dsbt.repository.config=${configHome}/sbt/repositories"
+      "-Dsbt.global.settings=${configHome}/sbt/global"
+      "-Dsbt.global.plugins=${configHome}/sbt/plugins"
+      "-Dmaven.repo.local=${cacheHome}/maven/repository"
+      "-Divy.settings.dir=${configHome}/ivy2"
+      "-Divy.home=${cacheHome}/ivy2"
+      "-Divy.cache.dir=${cacheHome}/ivy2/cache"
+    ];
+
     # TODO: these needs to be set before the user session has fully initialized
     # XINITRC = "$XDG_CONFIG_HOME/x11/initrc";
     # XAUTHORITY

home/config/xdg/mimetypes.nix

@@ -61,6 +61,26 @@ let
       woff2 = "font/woff2";
     };
 
+    archive = {
+      "7z" = "application/x-7z-compressed";
+      ar = "application/x-archive";
+      bz2 = "application/x-bzip2";
+      deb = "application/x-debian-package";
+      gzip = "application/gzip";
+      lz = "application/x-lzip";
+      lzma = "application/x-lzma";
+      lzo = "application/x-lzop";
+      rar = "application/vnd.rar";
+      rar-compressed = "application/x-rar-compressed";
+      tar = "application/x-tar";
+      tar-compressed = "application/x-gtar";
+      x-zip = "multipart/x-zip";
+      xz = "application/x-xz";
+      zip = "application/zip";
+      zip-compressed = "application/x-zip-compressed";
+      zst = "application/zstd";
+    };
+
     documents = {
       azv = "application/vnd.amazon.ebook";
       cbr = "application/vnd.comicbook+rar";
@@ -72,31 +92,98 @@ let
       pdf = "application/pdf";
     };
 
+    office = {
+      doc = "application/msword";
+      docm = "application/vnd.ms-word.document.macroEnabled.12";
+      docx = "application/vnd.openxmlformats-officedocument.wordprocessingml.document";
+      dot = "application/msword";
+      dotm = "application/vnd.ms-word.template.macroEnabled.12";
+      dotx = "application/vnd.openxmlformats-officedocument.wordprocessingml.template";
+      mdb = "application/vnd.ms-access";
+      pot = "application/vnd.ms-powerpoint";
+      potm = "application/vnd.ms-powerpoint.template.macroEnabled.12";
+      potx = "application/vnd.openxmlformats-officedocument.presentationml.template";
+      ppa = "application/vnd.ms-powerpoint";
+      ppam = "application/vnd.ms-powerpoint.addin.macroEnabled.12";
+      pps = "application/vnd.ms-powerpoint";
+      ppsm = "application/vnd.ms-powerpoint.slideshow.macroEnabled.12";
+      ppsx = "application/vnd.openxmlformats-officedocument.presentationml.slideshow";
+      ppt = "application/vnd.ms-powerpoint";
+      pptm = "application/vnd.ms-powerpoint.presentation.macroEnabled.12";
+      pptx = "application/vnd.openxmlformats-officedocument.presentationml.presentation";
+      xla = "application/vnd.ms-excel";
+      xlam = "application/vnd.ms-excel.addin.macroEnabled.12";
+      xls = "application/vnd.ms-excel";
+      xlsb = "application/vnd.ms-excel.sheet.binary.macroEnabled.12";
+      xlsm = "application/vnd.ms-excel.sheet.macroEnabled.12";
+      xlsx = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet";
+      xlt = "application/vnd.ms-excel";
+      xltm = "application/vnd.ms-excel.template.macroEnabled.12";
+      xltx = "application/vnd.openxmlformats-officedocument.spreadsheetml.template";
+
+      odc = "application/vnd.oasis.opendocument.chart";
+      odf = "application/vnd.oasis.opendocument.formula";
+      odg = "application/vnd.oasis.opendocument.graphics";
+      odi = "application/vnd.oasis.opendocument.image";
+      odm = "application/vnd.oasis.opendocument.text-master";
+      odp = "application/vnd.oasis.opendocument.presentation";
+      odt = "application/vnd.oasis.opendocument.text";
+      otg = "application/vnd.oasis.opendocument.graphics-template";
+      oth = "application/vnd.oasis.opendocument.text-web";
+      otm = "application/vnd.oasis.opendocument.text-master-template";
+      otp = "application/vnd.oasis.opendocument.presentation-template";
+      ots = "application/vnd.oasis.opendocument.spreadsheet-template";
+      ott = "application/vnd.oasis.opendocument.text-template";
+    };
+
     code = {
       css = "text/css";
       csv = "text/csv";
       html = "text/html";
+      js = "application/x-javascript";
+      latex = "application/x-latex";
+      php = "application/x-httpd-php";
+      pl = "application/x-perl";
+      rtf = "application/rtf";
+      sh = "application/x-sh";
+      tex = "application/x-tex";
       txt = "text/plain";
       xhtml = "application/xhtml+xml";
       xml = "text/xml";
     };
 
-    misc = {
+    web = {
+      about = "x-scheme-handler/about";
+      chrome = "x-scheme-handler/chrome";
+      html = "text/html";
       http = "x-scheme-handler/http";
       https = "x-scheme-handler/https";
-      wine-ini = "application/x-wine-extension-ini";
+      mxwinurl = "application/x-mswinurl";
+      unknown = "x-scheme-handler/unknown";
+      x-htm = "application/x-extension-htm";
+      x-html = "application/x-extension-html";
+      x-shtml = "application/x-extension-shtml";
+      x-xht = "application/x-extension-xht";
+      x-xhtml = "application/x-extension-xhtml";
+      xhtml-xml = "application/xhtml+xml";
+    };
+
+    misc = {
       ics = "text/calendar";
-      url = "application/x-mswinurl";
+      wine-ini = "application/x-wine-extension-ini";
+      wine-osz = "application/x-wine-extension-osz";
     };
   };
 
   # Applications
+  ark = "org.kde.ark.desktop";
   firefox = "firefox.desktop";
-  vscode = "code.desktop";
+  zed = "dev.zed.Zed.desktop";
   mpv = "mpv.desktop";
   zathura = "org.pwmt.zathura.desktop";
   nsxiv = "nsxiv.desktop";
   font-viewer = "org.gnome.font-viewer.desktop";
+  libreoffice = "startcenter.desktop";
 in {
   xdg.configFile."mimeapps.list".force = true;
   xdg.mimeApps = {
@@ -108,14 +195,14 @@ in {
     // (lib.mapAttrs' (_: v: lib.nameValuePair v mpv) mime.audio)
     // (lib.mapAttrs' (_: v: lib.nameValuePair v mpv) mime.video)
     // (lib.mapAttrs' (_: v: lib.nameValuePair v font-viewer) mime.font)
+    // (lib.mapAttrs' (_: v: lib.nameValuePair v libreoffice) mime.office)
     // (lib.mapAttrs' (_: v: lib.nameValuePair v zathura) mime.documents)
-    // (lib.mapAttrs' (_: v: lib.nameValuePair v vscode) mime.code)
+    // (lib.mapAttrs' (_: v: lib.nameValuePair v zed) mime.code)
+    // (lib.mapAttrs' (_: v: lib.nameValuePair v ark) mime.archive)
+    // (lib.mapAttrs' (_: v: lib.nameValuePair v firefox) mime.web)
     // {
-      ${mime.misc.http} = firefox;
-      ${mime.misc.https} = firefox;
-      ${mime.misc.wine-ini} = vscode;
-      ${mime.misc.ics} = vscode;
-      ${mime.misc.url} = firefox;
+      ${mime.misc.wine-ini} = zed;
+      ${mime.misc.ics} = zed;
     };
   };
 }

home/home.nix

@@ -7,75 +7,96 @@ in {
     ./packages.nix
 
     ./config/xdg
+    ./config/ensure-homedir-structure.nix
 
     ./programs/aria2.nix
     ./programs/atuin.nix
+    ./programs/bash.nix
+    ./programs/bat.nix
     ./programs/beets.nix
+    ./programs/bottom.nix
+    ./programs/cargo.nix
     ./programs/comma.nix
     ./programs/direnv
+    ./programs/eza.nix
+    ./programs/fzf.nix
     ./programs/gdb.nix
-    ./programs/gh.nix
     ./programs/gh-dash.nix
+    ./programs/gh.nix
     ./programs/git
-    ./programs/gpg
+    ./programs/gpg.nix
+    ./programs/home-manager.nix
     ./programs/jq.nix
     ./programs/less.nix
+    ./programs/man.nix
     ./programs/neovim
     ./programs/nix-index
+    ./programs/nix.nix
+    ./programs/nushell.nix
+    ./programs/pandoc.nix
+    ./programs/python.nix
+    ./programs/ripgrep.nix
+    ./programs/skim.nix
+    ./programs/sqlite.nix
     ./programs/ssh
     ./programs/tealdeer
+    ./programs/texlive.nix
     ./programs/thunderbird.nix
-    ./programs/tmux.nix
+    ./programs/tmux
+    ./programs/uv.nix
+    ./programs/yt-dlp.nix
+    ./programs/zoxide.nix
     ./programs/zsh
 
     ./services/nix-channel-update.nix
     ./services/pueue.nix
-
-    ./modules/colors.nix
-    ./modules/shellAliases.nix
-  ] ++ optionals graphics [
+  ] ++ (optionals graphics [
     ./config/gtk.nix
 
     ./programs/alacritty.nix
     ./programs/emacs
+    ./programs/feh.nix
     ./programs/firefox.nix
+    ./programs/mpv.nix
     ./programs/ncmpcpp.nix
     ./programs/newsboat
+    ./programs/obs-studio.nix
+    ./programs/prism-launcher.nix
     ./programs/qutebrowser.nix
-    ./programs/rofi.nix
+    ./programs/rofi
     ./programs/taskwarrior.nix
     ./programs/vscode
-    # ./programs/xmobar
-    ./programs/xmonad
     ./programs/zathura.nix
     ./programs/zed
 
     ./services/copyq.nix
     ./services/dunst.nix
     ./services/fcitx5.nix
+    ./services/gnome-keyring.nix
+    ./services/keybase.nix
     ./services/mpd.nix
+    ./services/mpris-proxy.nix
+    ./services/network-manager.nix
+    ./services/psd.nix
+    ./services/tumblerd.nix
+  ]) ++ (optionals machineVars.wayland [
+    ./programs/hyprland.nix
+    ./programs/waybar.nix
+    ./programs/anyrun
+  ]) ++ (optionals (!machineVars.wayland) [
+    ./programs/xmonad
+    # ./programs/xmobar
+
     ./services/picom.nix
     ./services/polybar.nix
     ./services/screen-locker.nix
     # ./services/stalonetray.nix
     ./services/sxhkd.nix
-    ./services/tumblerd.nix
-  ];
+  ]);
 
   sops.defaultSopsFile = ../secrets/home.yaml;
   sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519_home_sops" ];
 
-  sops.secrets."nix/access-tokens" = {
-    sopsFile = ../secrets/common.yaml;
-  };
-
-  nix = {
-    settings.use-xdg-base-directories = true;
-    extraOptions = ''
-      !include ${config.sops.secrets."nix/access-tokens".path}
-    '';
-  };
-
   home = {
     username = "h7x4";
     homeDirectory = "/home/h7x4";
@@ -94,19 +115,26 @@ in {
       package = pkgs.capitaine-cursors;
       name = "capitaine-cursors";
       size = 16;
+      # TODO: enable in 25.05
+      # dotIcons = false;
     };
 
     keyboard.options = [ "caps:escape" ];
 
     sessionVariables = {
-      CARGO_NET_GIT_FETCH_WITH_CLI = "true";
-      PYTHONSTARTUP = "${config.xdg.configHome}/python/pyrc";
+      DO_NOT_TRACK = "1";
       _JAVA_AWT_WM_NONREPARENTING = "1";
     };
   };
 
+  dconf.settings = mkIf graphics {
+    "org/gnome/desktop/interface" = {
+      color-scheme = "prefer-dark";
+    };
+  };
+
   xsession = {
-    enable = true;
+    enable = !machineVars.wayland;
     # TODO: declare using xdg config home
     scriptPath = ".config/X11/xsession";
     profilePath = ".config/X11/xprofile";
@@ -116,67 +144,12 @@ in {
     "ghc/ghci.conf".text = ''
       :set prompt "${extendedLib.termColors.front.magenta "[GHCi]λ"} "
     '';
-
-    "python/pyrc".text = ''
-      #!/usr/bin/env python3
-      import sys
-
-      # You also need \x01 and \x02 to separate escape sequence, due to:
-      # https://stackoverflow.com/a/9468954/1147688
-      sys.ps1='\x01\x1b${extendedLib.termColors.front.blue "[Python]> "}\x02>>>\x01\x1b[0m\x02 '  # bright yellow
-      sys.ps2='\x01\x1b[1;49;31m\x02...\x01\x1b[0m\x02 '  # bright red
-    '';
   };
 
   news.display = "silent";
 
   fonts.fontconfig.enable = mkForce true;
 
-  programs = {
-    home-manager.enable = true;
-
-    bash = {
-      enable = true;
-      historyFile = "${config.xdg.dataHome}/bash_history";
-      historySize = 100000;
-      bashrcExtra = ''
-        source "${config.xdg.configHome}/mutable_env.sh"
-      '';
-    };
-
-    bat.enable = true;
-    bottom = {
-      enable = true;
-      settings.flags.enable_gpu = true;
-    };
-    eza.enable = true;
-    feh.enable = mkIf graphics true;
-    fzf = {
-      enable = true;
-      defaultCommand = "fd --type f";
-    };
-    man = {
-      enable = true;
-      generateCaches = true;
-    };
-    mpv.enable = mkIf graphics true;
-    obs-studio.enable = mkIf graphics true;
-    ssh = {
-      enable = true;
-      includes = [ "mutable_config" ];
-    };
-    texlive = {
-      enable = true;
-      # packageSet = pkgs.texlive.combined.scheme-medium;
-    };
-    zoxide.enable = true;
-  };
-
-  services = {
-    gnome-keyring.enable = mkIf graphics true;
-    network-manager-applet.enable = mkIf graphics true;
-  };
-
   manual = {
     html.enable = true;
     manpages.enable = true;

home/modules/programs/cargo/default.nix

@@ -0,0 +1,40 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.programs.cargo;
+  format = pkgs.formats.toml { };
+  cargoHome = config.home.sessionVariables.CARGO_HOME or "${config.home.homeDirectory}/.cargo";
+  relativeCargoHome = lib.strings.removePrefix config.home.homeDirectory cargoHome;
+in
+{
+  options.programs.cargo = {
+    enable = lib.mkEnableOption "cargo, the rust package manager and build tool";
+
+    package = lib.mkPackageOption pkgs "cargo" { };
+
+    addPackageToEnvironment = lib.mkOption {
+      description = "Whether to add cargo to the user's environment.";
+      type = lib.types.bool;
+      default = true;
+      example = false;
+    };
+
+    settings = lib.mkOption {
+      description = "cargo settings";
+      type = lib.types.submodule {
+        freeformType = format.type;
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    home = {
+      sessionVariables.CARGO_HOME = lib.mkIf config.home.preferXdgDirectories (lib.mkDefault "${config.xdg.dataHome}/cargo");
+
+      packages = lib.mkIf cfg.addPackageToEnvironment [ cfg.package ];
+
+      file."${relativeCargoHome}/config.toml" = lib.mkIf (cfg.settings != { }) {
+        source = format.generate "cargo-config.toml" cfg.settings;
+      };
+    };
+  };
+}

home/modules/programs/direnv/auto-prune.nix

@@ -0,0 +1,51 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.programs.direnv;
+in
+{
+  options.programs.direnv.auto-prune-allowed-dirs = {
+    enable = lib.mkEnableOption "automatic pruning of direnv dirs";
+
+    onCalendar = lib.mkOption {
+      type = lib.types.str;
+      default = "daily";
+      example = "weekly";
+      # TODO: link to systemd manpage for format.
+      description = "How often to prune dirs.";
+    };
+  };
+
+  config = lib.mkIf cfg.auto-prune-allowed-dirs.enable {
+    systemd.user.services.direnv-auto-prune-allowed-dirs = {
+      Unit = {
+        Description = "Prune unused allowed directories for direnv";
+        Documentation = [ "man:direnv(1)" ];
+        ConditionPathExists = "${config.xdg.dataHome}/direnv/allow";
+      };
+
+      Service = {
+        Type = "oneshot";
+        CPUSchedulingPolicy = "idle";
+        IOSchedulingClass = "idle";
+        ExecStart = "${lib.getExe cfg.package} prune";
+      };
+    };
+
+    systemd.user.timers.direnv-auto-prune-allowed-dirs = {
+      Unit = {
+        Description = "Prune unused allowed directories for direnv";
+        Documentation = [ "man:direnv(1)" ];
+      };
+
+      Timer = {
+        Unit = "direnv-auto-prune-allowed-dirs.service";
+        OnCalendar = cfg.auto-prune-allowed-dirs.onCalendar;
+        Persistent = true;
+      };
+
+      Install = {
+        WantedBy = [ "timers.target" ];
+      };
+    };
+  };
+}

home/modules/programs/gpg/default.nix

@@ -0,0 +1,10 @@
+{ ... }:
+{
+  imports = [
+    ./auto-refresh-keys.nix
+    ./auto-update-trust-db.nix
+
+    # ./key-fetchers/declarative-github-key-fetcher.nix # WIP
+    ./key-fetchers/declarative-keyserver-key-fetcher.nix
+  ];
+}

home/modules/programs/gpg/key-fetchers/declarative-github-key-fetcher.nix

@@ -0,0 +1,93 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.programs.gpg;
+in
+{
+  # TODO: Create proper descriptions
+  options = {
+    programs.gpg.key-fetchers.github = {
+      enable = lib.mkEnableOption "auto fetching of gpg keys by github username";
+
+      useGh = lib.mkEnableOption "" // {
+        description = "Whether to use the GitHub API through the gh tools to fetch GPG keys";
+        default = config.programs.gh.enable;
+        defaultText = lib.literalExpression "config.programs.gh.enable";
+      };
+
+      keys = lib.mkOption {
+        description = "";
+        default = { };
+        type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
+          options = {
+            # id = lib.mkOption {
+            #   description = "";
+            #   default = name;
+            #   example = "";
+            #   type = lib.types.str;
+            # };
+
+            username = lib.mkOption {
+              description = "";
+              default = name;
+              type = lib.types.nonEmptyStr;
+            };
+
+            trust = lib.mkOption {
+              description = "If marked as null, it's mutable";
+              default = null;
+              example = 4;
+              type = with lib.types; nullOr (ints.between 1 5);
+            };
+          };
+        }));
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.key-fetchers.github.enable {
+    systemd.user.services."gpg-fetch-github-key@" = {
+      description = "Fetch GPG keys for GitHub user %i";
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        Type = "oneshot";
+        CPUSchedulingPolicy = "idle";
+        IOSchedulingClass = "idle";
+
+        # TODO: warn if user or key does not exist
+        ExecStart = let
+          ghScript = pkgs.writeShellApplication {
+            name = "fetch-github-gpg-keys";
+            runtimeInputs = [
+              config.programs.gh.package
+              pkgs.jq
+              cfg.package
+            ];
+            text = ''
+              gh api users/''${1}/gpg_keys | jq -r '.[].raw_key' | gpg --import
+            '';
+          };
+
+          curlScript = pkgs.writeShellApplication {
+            name = "fetch-github-gpg-keys";
+            runtimeInputs = [
+              pkgs.curl
+              pkgs.jq
+              cfg.package
+            ];
+            text = ''
+              curl -s https://api.github.com/users/''${1}/gpg_keys | jq -r '.[].raw_key' | gpg --import
+            '';
+          };
+        in if cfg.key-fetchers.github.useGh then ghScript else curlScript;
+
+        Restart = "on-failure";
+        RestartSec = "10s";
+        Environment = [
+          "GNUPGHOME=${cfg.homedir}"
+        ];
+      };
+    };
+
+    # systemd.user.timers =
+  };
+}

home/modules/programs/gpg/key-fetchers/declarative-keyserver-key-fetcher.nix

@@ -3,9 +3,10 @@ let
   cfg = config.programs.gpg;
 in
 {
+  # TODO: per-key timers
   # TODO: Create proper descriptions
   options = {
-    programs.gpg.fetch-keys = {
+    programs.gpg.key-fetchers.keyserver = {
       enable = lib.mkEnableOption "auto fetching of gpg keys by fingerprint";
       keys = lib.mkOption {
         description = "";
@@ -23,8 +24,7 @@ in
               description = "If marked as null, use config";
               default = null;
               example = "hkps://keys.openpgp.org";
-              type = with lib.types; nullOr str;
-              apply = v: if v == null then "@NULL@" else v;
+              type = with lib.types; coercedTo (nullOr str) (v: if v == null then "@NULL@" else v) str;
             };
 
             trust = lib.mkOption {
@@ -43,7 +43,7 @@ in
     # TODO: Fix the module so that this unit runs whenever something changes
     systemd.user.services.gpg-fetch-keys = let
       fetchKeysApplication = let
-        recvKeysByKeyserver = lib.pipe cfg.fetch-keys.keys [
+        recvKeysByKeyserver = lib.pipe cfg.key-fetchers.keyserver.keys [
           lib.attrValues
           (lib.foldl (acc: key: acc // {
             ${key.keyserver} = (acc.${key.keyserver} or []) ++ [ key.id ];
@@ -69,7 +69,7 @@ in
           }
         '';
 
-        trustKeys = lib.pipe cfg.fetch-keys.keys [
+        trustKeys = lib.pipe cfg.key-fetchers.keyserver.keys [
           lib.attrValues
           (lib.filter (key: key.trust != null))
           (map ({ id, trust, ... }: "importTrust '${id}' '${toString trust}'"))
@@ -84,7 +84,7 @@ in
           trustKeys
         ];
       };
-    in lib.mkIf cfg.fetch-keys.enable {
+    in lib.mkIf cfg.key-fetchers.keyserver.enable {
       Unit = {
         Description = "Fetch declaratively listed gpg keys";
         Documentation = [ "man:gpg(1)" ];

home/modules/programs/neovim/auto-clean-swapfiles.nix

@@ -1,9 +1,29 @@
 { config, pkgs, lib, ... }:
 let
   daysBeforeDeletion = 2;
+  cfg = config.programs.neovim.auto-clean-swapfiles;
 in
 {
-  config = {
+  options.programs.neovim.auto-clean-swapfiles = {
+    enable = lib.mkEnableOption "automatic cleanup of neovim swapfiles";
+
+    daysBeforeDeletion = lib.mkOption {
+      type = lib.types.ints.positive;
+      default = 2;
+      example = 7;
+      description = "How long many days old the swapfile should be before it gets cleaned up";
+    };
+
+    onCalendar = lib.mkOption {
+      type = lib.types.str;
+      default = "daily";
+      example = "weekly";
+      # TODO: link to systemd manpage for format.
+      description = "How often to run the cleanup.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
     systemd.user.services.clean-neovim-swap-files = {
       Unit = {
         Description = "Clean old swap files for neovim";
@@ -19,7 +39,7 @@ in
           text = ''
             echo "Cleaning old swap files for neovim"
 
-            OLD_SWAPFILES=$(find "${config.xdg.stateHome}/nvim/swap" -type f -name '*.swp' -mtime +${toString daysBeforeDeletion})
+            OLD_SWAPFILES=$(find "${config.xdg.stateHome}/nvim/swap" -type f -name '*.swp' -mtime +${toString cfg.daysBeforeDeletion})
 
             if [ -z "$OLD_SWAPFILES" ]; then
               echo "No old swap files found"
@@ -44,7 +64,7 @@ in
 
       Timer = {
         Unit = "clean-neovim-swap-files.service";
-        OnCalendar = "daily";
+        OnCalendar = cfg.onCalendar;
         Persistent = true;
       };
 

home/modules/programs/newsboat/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./vacuum.nix
+    ./fetch-articles.nix
+  ];
+}

home/modules/programs/newsboat/fetch-articles.nix

@@ -0,0 +1,53 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.programs.newsboat;
+  package = pkgs.newsboat;
+in
+{
+  options.programs.newsboat.fetch-articles = {
+    enable = lib.mkEnableOption "automatic article fetcher for newsboat";
+
+    onCalendar = lib.mkOption {
+      type = lib.types.str;
+      default = "daily";
+      example = "weekly";
+      # TODO: link to systemd manpage for format.
+      description = "How often to fetch new articles.";
+    };
+  };
+
+  config = lib.mkIf cfg.fetch-articles.enable {
+    # TODO: wait for internet
+    systemd.user.services.newsboat-fetch-articles = {
+      Unit = {
+        Description = "Automatically fetch new articles for newsboat";
+        Documentation = [ "man:newsboat(1)" ];
+      };
+
+      Service = {
+        Type = "oneshot";
+        CPUSchedulingPolicy = "idle";
+        IOSchedulingClass = "idle";
+        ExecStart = "${lib.getExe pkgs.flock} %t/newsboat.lock ${lib.getExe package} --execute=reload";
+      };
+    };
+
+    systemd.user.timers.newsboat-fetch-articles = {
+      Unit = {
+        Description = "Automatically fetch new articles for newsboat";
+        Documentation = [ "man:newsboat(1)" ];
+        After = [ "network.target" ];
+      };
+
+      Timer = {
+        Unit = "newsboat-fetch-articles.service";
+        OnCalendar = cfg.fetch-articles.onCalendar;
+        Persistent = true;
+      };
+
+      Install = {
+        WantedBy = [ "timers.target" ];
+      };
+    };
+  };
+}

home/modules/programs/newsboat/vacuum.nix

@@ -0,0 +1,51 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.programs.newsboat;
+  package = pkgs.newsboat;
+in
+{
+  options.programs.newsboat.vacuum = {
+    enable = lib.mkEnableOption "automatic cleaning of the newsboat cache";
+
+    onCalendar = lib.mkOption {
+      type = lib.types.str;
+      default = "weekly";
+      example = "monthly";
+      # TODO: link to systemd manpage for format.
+      description = "How often to run the cleaning.";
+    };
+  };
+
+  config = lib.mkIf cfg.vacuum.enable {
+    systemd.user.services.newsboat-vacuum = {
+      Unit = {
+        Description = "Automatically clean newsboat cache";
+        Documentation = [ "man:newsboat(1)" ];
+      };
+
+      Service = {
+        Type = "oneshot";
+        CPUSchedulingPolicy = "idle";
+        IOSchedulingClass = "idle";
+        ExecStart = "${lib.getExe pkgs.flock} %t/newsboat.lock ${lib.getExe package} --vacuum";
+      };
+    };
+
+    systemd.user.timers.newsboat-vacuum = {
+      Unit = {
+        Description = "Automatically clean newsboat cache";
+        Documentation = [ "man:newsboat(1)" ];
+      };
+
+      Timer = {
+        Unit = "newsboat-vacuum.service";
+        OnCalendar = cfg.vacuum.onCalendar;
+        Persistent = true;
+      };
+
+      Install = {
+        WantedBy = [ "timers.target" ];
+      };
+    };
+  };
+}

home/modules/programs/nix-index/auto-update-database.nix

@@ -1,12 +1,25 @@
 { config, pkgs, lib, ... }:
 let
-  cfg = config.programs.nix-index;
+  cfg = config.programs.nix-index.autoUpdateDatabase;
 in
 {
-  options.programs.nix-index.enableDatabaseFetcher = lib.mkEnableOption "timed unit that fetches an updated database of nixpkgs outputs";
+  options.programs.nix-index.autoUpdateDatabase = {
+    enable = lib.mkEnableOption "timed unit that fetches an updated database of nixpkgs outputs";
+
+    # TODO: let users specify forks and other sources
+    # url = "";
+
+    onCalendar = lib.mkOption {
+      type = lib.types.str;
+      default = "weekly";
+      example = "montly";
+      # TODO: link to systemd manpage for format.
+      description = "How often to update the database.";
+    };
+  };
 
   config = {
-    systemd.user.timers.fetch-nix-index-database = lib.mkIf cfg.enableDatabaseFetcher {
+    systemd.user.timers.fetch-nix-index-database = lib.mkIf cfg.enable {
       Unit = {
         Description = "Fetch nix-index database";
         Documentation = [ "https://github.com/nix-community/nix-index-database" ];
@@ -14,7 +27,7 @@ in
 
       Timer = {
         Unit = "fetch-nix-index-database.service";
-        OnCalendar = "weekly";
+        OnCalendar = cfg.onCalendar;
         Persistent = true;
       };
 
@@ -23,7 +36,7 @@ in
       };
     };
 
-    systemd.user.services.fetch-nix-index-database = lib.mkIf cfg.enableDatabaseFetcher {
+    systemd.user.services.fetch-nix-index-database = lib.mkIf cfg.enable {
       Unit = {
         Description = "Fetch nix-index database";
         Documentation = [ "https://github.com/nix-community/nix-index-database" ];
@@ -39,6 +52,8 @@ in
             wget
           ];
 
+          # TODO: allow fetching with gh + github token
+
           # Source: https://github.com/nix-community/nix-index-database?tab=readme-ov-file#ad-hoc-download
           # Slightly modified to satisfy shellcheck
           text = ''

home/modules/programs/prism-launcher/default.nix

@@ -0,0 +1,103 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.programs.prism-launcher;
+in
+{
+  options.programs.prism-launcher = {
+    enable = lib.mkEnableOption "PrismLauncher, an open source minecraft launcher";
+
+    package = lib.mkPackageOption pkgs "prismlauncher" { };
+
+    stateDir = lib.mkOption {
+      description = "The directory where PrismLauncher stores it's state";
+      type = lib.types.path;
+      default = "${config.xdg.dataHome}/PrismLauncher";
+      defaultText = lib.literalExpression ''"''${config.xdg.dataHome}/PrismLauncher"'';
+    };
+
+    screenshotMover = {
+      enable = lib.mkEnableOption "a systemd unit that automatically moves screenshots from all minecraft instances into a common dir";
+
+      screenshotDir = lib.mkOption {
+        description = "Where to move the minecraft screenshots.";
+        type = lib.types.path;
+        default = if config.xdg.userDirs.pictures != null
+          then "${config.xdg.userDirs.pictures}/prismlauncher-screenshots"
+          else "${config.home.homeDirectory}/Pictures";
+        defaultText = lib.literalExpression ''
+          if config.xdg.userDirs.pictures != null
+            then "''${config.xdg.userDirs.pictures}/prismlauncher-screenshots"
+            else "''${config.home.homeDirectory}/Pictures"
+        '';
+        example = lib.literalExpression ''
+          "''${config.home.homeDirectory}/minecraft-screenshots"
+        '';
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    home.packages = [ cfg.package ];
+
+    systemd.user.paths.prismlauncher-move-minecraft-screenshots = lib.mkIf cfg.screenshotMover.enable {
+      Install.WantedBy = [ "paths.target" ];
+      Unit.Description = "Watchdog that moves screenshots from all prismlauncher minecraft instances into a common dir";
+      Path = {
+        PathExistsGlob = [
+          "${cfg.stateDir}/instances/*/.minecraft/screenshots/*.png"
+          "${cfg.stateDir}/instances/*/minecraft/screenshots/*.png"
+        ];
+        Unit = "prismlauncher-move-minecraft-screenshots.service";
+        TriggerLimitIntervalSec = "1s";
+        TriggerLimitBurst = "1";
+      };
+    };
+
+    systemd.user.services.prismlauncher-move-minecraft-screenshots = lib.mkIf cfg.screenshotMover.enable {
+      Unit.Description = "Watchdog that moves screenshots from all prismlauncher minecraft instances into a common dir";
+      Service = {
+        Type = "oneshot";
+        ExecStart = lib.getExe (pkgs.writeShellApplication {
+          name = "prismlauncher-move-minecraft-screenshots.sh";
+          runtimeInputs = with pkgs; [ coreutils findutils ];
+          text = let
+            instancesDir = "${cfg.stateDir}/instances";
+          in ''
+            shopt -s nullglob
+
+            for idir in "${instancesDir}"/*/; do
+              INSTANCE_NAME="''${idir#${instancesDir}/}"
+              INSTANCE_NAME="''${INSTANCE_NAME%'/'}"
+              SCREENSHOT_TARGET_DIR="${cfg.screenshotMover.screenshotDir}/$INSTANCE_NAME"
+              mkdir -p "''${SCREENSHOT_TARGET_DIR}"
+              for variant in minecraft .minecraft; do
+                SCREENSHOT_SOURCE_DIR="${instancesDir}/$INSTANCE_NAME/$variant"/screenshots
+                if [ -d "$SCREENSHOT_SOURCE_DIR" ]; then
+                  echo "Scanning for screenshots in $SCREENSHOT_SOURCE_DIR"
+                  for screenshot in "$SCREENSHOT_SOURCE_DIR"/*.png; do
+                    echo "Moving '$screenshot' -> '$SCREENSHOT_TARGET_DIR'"
+                    cp --preserve=all "$screenshot" "$SCREENSHOT_TARGET_DIR"
+                    rm "$screenshot"
+                  done
+                fi
+              done
+            done
+          '';
+        });
+
+        PrivateUsers = true;
+        PrivateNetwork = true;
+        ProtectSystem = true;
+        NoNewPrivileges = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        RestrictAddressFamilies = [ ];
+        RestrictNamespaces = true;
+      };
+    };
+
+    systemd.user.tmpfiles.rules = lib.mkIf cfg.screenshotMover.enable [
+      "'d' '${cfg.screenshotMover.screenshotDir}' - ${config.home.username} - - -"
+    ];
+  };
+}

home/modules/services/downloads-siphon.nix

@@ -0,0 +1,9 @@
+{ ... }:
+{
+  # TODO: create thingamajig that watches ~/Downloads and pulls all new files to
+  #       directory specified by systemd %i
+
+  # systemd.services.
+
+  # systemd.paths
+}

home/modules/services/downloads-sorter.nix

@@ -0,0 +1,5 @@
+{ ... }:
+{
+  # TODO: create abstraction over `systemd.path` thingy that looks at incoming files and
+  #       sorts them into subdirs by extension.
+}

home/modules/services/mpd.nix

@@ -0,0 +1,54 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.mpd;
+in
+{
+  options.services.mpd.autoUpdateDatabase = lib.mkEnableOption "watchdog that updates the mpd database upon file changes";
+
+  config = lib.mkIf cfg.autoUpdateDatabase {
+    systemd.user.paths.mpd-update-database = {
+      Install.WantedBy = [ "paths.target" ];
+      Unit = {
+        Description = "Watchdog that updates the mpd database upon file changes";
+        Documentation = [
+          "man:mpd(1)"
+          "man:mpd.conf(5)"
+        ];
+      };
+      Path = {
+        PathChanged = [
+          cfg.musicDirectory
+          cfg.playlistDirectory
+        ];
+        Unit = "mpd-update-database.service";
+        TriggerLimitIntervalSec = "1s";
+        TriggerLimitBurst = "1";
+      };
+    };
+
+    systemd.user.services.mpd-update-database = {
+      Unit = {
+        Description = "Watchdog that updates the mpd library whenever the files are modified";
+        Documentation = [
+          "man:mpd(1)"
+          "man:mpd.conf(5)"
+        ];
+      };
+      Service = {
+        Type = "oneshot";
+        ExecStart = "${lib.getExe pkgs.mpc-cli} update --wait";
+
+        PrivateUsers = true;
+        ProtectSystem = true;
+        NoNewPrivileges = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        RestrictAddressFamilies = [
+          "AF_INET"
+          "AF_UNIX"
+        ];
+        RestrictNamespaces = true;
+      };
+    };
+  };
+}

home/modules/shellAliases.nix

@@ -1,50 +1,161 @@
-{ pkgs, lib, extendedLib, inputs, config, ... }: let
-  inherit (lib) types mkEnableOption mkOption mdDoc;
+{ config, pkgs, lib, extendedLib, ... }: let
   cfg = config.local.shell;
 
-# NOTE:
-#       This module is an over-engineered solution to a non-problem.
-#       It is a fun experiment in using the Nix language to create a
-#       shell alias system that organizes aliases into a tree structure,
-#       with categories and subcategories and subsubcategories and so on.
-#
-#       It also has a lazy join function that will join a list of commands
-#       with a separator, but render it in a prettier way in a documentation
-#       file that you can print out and read.
-
-  isAlias = v: builtins.isAttrs v && v ? "alias" && v ? "type";
-in {
-  options.local.shell = {
-    aliases = let
-
-      coerceStrToAlias = str: {
-        type = " ";
-        alias = [ str ];
-      };
-
-      aliasType = (types.coercedTo types.str coerceStrToAlias (types.submodule {
-        options = {
-          type = mkOption {
-            type = types.enum [ "|" "&&" ";" " " ];
-            default = ";";
-            description = ''
-              If the alias is a list of commands, this is the kind of separator that will be used.
-            '';
+  shellAliasesFormat = let
+    formatLib = {
+      functors = let
+        inherit (extendedLib.termColors.front) blue;
+      in
+        {
+          "|" = {
+            apply = f: lib.concatStringsSep " | " f.alias;
+            stringify = f: lib.concatStringsSep (blue "\n| ") f.alias;
           };
-          alias = mkOption {
-            type = types.listOf types.str;
+          "&&" = {
+            apply = f: lib.concatStringsSep " && " f.alias;
+            stringify = f: lib.concatStringsSep (blue "\n&& ") f.alias;
+          };
+          ";" = {
+            apply = f: lib.concatStringsSep "; " f.alias;
+            stringify = f: lib.concatStringsSep (blue ";\n  ") f.alias;
+          };
+          " " = {
+            apply = f: lib.concatStringsSep " " f.alias;
+            stringify = f: lib.concatStringsSep " \\\n   " f.alias;
+          };
+        };
+
+      isAlias = v: builtins.isAttrs v && v ? "alias" && v ? "type";
+    };
+  in {
+    lib = formatLib;
+
+    type = let
+      rawAliasType = lib.types.submodule {
+        options = {
+          type = lib.mkOption {
+            description = "If the alias is a list of commands, this is the kind of separator that will be used.";
+            type = lib.types.enum (lib.attrNames formatLib.functors);
+            default = ";";
+            example = "&&";
+          };
+          alias = lib.mkOption {
+            description = "List of commands that will be concatenated together.";
+            type = with lib.types; listOf str;
+            example = [
+              "ls"
+              "grep nix"
+            ];
           };
         };
-      })) // {
-        # NOTE: this check is necessary, because nix will recurse on types.either,
-        #       and report that the option does not exist.
-        #       See https://discourse.nixos.org/t/problems-with-types-oneof-and-submodules/15197
-        check = v: builtins.isString v || isAlias v;
       };
 
-      recursingAliasTreeType = types.attrsOf (types.either aliasType recursingAliasTreeType);
-    in mkOption {
-      type = recursingAliasTreeType;
+      coercedAliasType = with lib.types; let
+        coerce = str: {
+          type = " ";
+          alias = [ str ];
+        };
+      in (coercedTo str coerce rawAliasType) // {
+        check = v: builtins.isString v || formatLib.isAlias v;
+      };
+
+      aliasTreeType = with lib.types; attrsOf (either coercedAliasType aliasTreeType);
+    in aliasTreeType;
+
+    # Alias Tree -> { :: Alias }
+    generateAttrs = let
+      inherit (lib) mapAttrs attrValues filterAttrs isAttrs
+                    isString concatStringsSep foldr;
+
+      applyFunctor = attrset: formatLib.functors.${attrset.type}.apply attrset;
+
+      # TODO: better naming
+      allAttrValuesAreStrings = attrset: let
+
+        # [ {String} ]
+        filteredAliases = [(filterAttrs (_: isString) attrset)];
+
+        # [ {String} ]
+        remainingFunctors = let
+          functorSet = filterAttrs (_: formatLib.isAlias) attrset;
+          appliedFunctorSet = mapAttrs (_: applyFunctor) functorSet;
+        in [ appliedFunctorSet ];
+
+        # [ {AttrSet} ]
+        remainingAliasSets = attrValues (filterAttrs (_: v: isAttrs v && !formatLib.isAlias v) attrset);
+
+        # [ {String} ]
+        recursedAliasSets = filteredAliases
+                          ++ (remainingFunctors)
+                          ++ (map allAttrValuesAreStrings remainingAliasSets);
+      in foldr (a: b: a // b) {} recursedAliasSets;
+
+    in
+      allAttrValuesAreStrings;
+
+    # TODO:
+    # generateAttrs = pipe [
+      # collect leave nodes
+      # map apply functor
+    # ]
+
+    # Alias Tree -> String
+    generateText = aliases: let
+      inherit (extendedLib.termColors.front) red green blue;
+
+      # String -> Alias -> String
+      stringifyAlias = aliasName: alias: let
+        # String -> String
+        removeNixLinks = text: let
+          maybeMatches = lib.match "(|.*[^)])(/nix/store/.*/bin/).*" text;
+          matches = lib.mapNullable (lib.remove "") maybeMatches;
+        in
+          if (maybeMatches == null)
+          then text
+          else lib.replaceStrings matches (lib.replicate (lib.length matches) "") text;
+
+        # Alias -> String
+        applyFunctor = attrset: let
+          applied = formatLib.functors.${attrset.type}.stringify attrset;
+          indent' = lib.strings.replicate (lib.stringLength "${aliasName} -> ") " ";
+        in
+          lib.replaceStrings ["\n"] [("\n" + indent')] applied;
+      in "${red aliasName} -> ${blue "\""}${removeNixLinks (applyFunctor alias)}${blue "\""}";
+
+      # String -> String
+      indent = x: lib.pipe x [
+        (x: "\n" + x)
+        (lib.replaceStrings ["\n"] [("\n" + (lib.strings.replicate 2 " "))])
+        (lib.removePrefix "\n")
+      ];
+
+      # String -> { :: Alias | Category } -> String
+      stringifyCategory = categoryName: category: lib.pipe category [
+        (category: let
+          aliases = lib.filterAttrs (_: formatLib.isAlias) category;
+        in {
+          inherit aliases;
+          subcategories = lib.removeAttrs category (lib.attrNames aliases);
+        })
+        ({ aliases, subcategories }: {
+          aliases = lib.mapAttrsToList stringifyAlias aliases;
+          subcategories = lib.mapAttrsToList stringifyCategory subcategories;
+        })
+        ({ aliases, subcategories }:
+          lib.concatStringsSep "\n" (lib.filter (x: lib.trim x != "") [
+            "[${green categoryName}]"
+            (indent (lib.concatStringsSep "\n" aliases) + "\n")
+            (indent (lib.concatStringsSep "\n" subcategories) + "\n")
+          ])
+        )
+      ];
+    in (stringifyCategory "Aliases" aliases);
+  };
+in {
+  options.local.shell = {
+    aliases = lib.mkOption {
+      # TODO: freeformType
+      type = shellAliasesFormat.type;
       description = "A tree of aliases";
       default = { };
       example = {
@@ -71,8 +182,8 @@ in {
       };
     };
 
-    variables = mkOption {
-      type = types.attrsOf types.str;
+    variables = lib.mkOption {
+      type = with lib.types; attrsOf str;
       description = "Environment variables";
       default = { };
     };
@@ -82,129 +193,19 @@ in {
 
     # };
 
-    enablePackageManagerLecture = mkEnableOption "distro reminder messages, aliased to common package manager commands";
-    enableAliasOverview = mkEnableOption "`aliases` command that prints out a list of all aliases" // {
+    enablePackageManagerLecture = lib.mkEnableOption "distro reminder messages, aliased to common package manager commands";
+
+    enableAliasOverview = lib.mkEnableOption "`aliases` command that prints out a list of all aliases" // {
       default = true;
       example = false;
     };
   };
 
-  config = let
-    sedColor =
-      color:
-      inputPattern:
-      outputPattern:
-      "-e \"s|${inputPattern}|${outputPattern.before or ""}$(tput setaf ${toString color})${outputPattern.middle}$(tput op)${outputPattern.after or ""}|g\"";
-
-    colorRed = sedColor 1;
-
-    colorSlashes = colorRed "/" {middle = "/";};
-
-    # Alias type functors
-    # These will help pretty print the commands
-    functors = let
-      inherit (lib.strings) concatStringsSep;
-      inherit (extendedLib.termColors.front) blue;
-    in
-      {
-        "|" = {
-          apply = f: concatStringsSep " | " f.alias;
-          stringify = f: concatStringsSep (blue "\n| ") f.alias;
-        };
-        "&&" = {
-          apply = f: concatStringsSep " && " f.alias;
-          stringify = f: concatStringsSep (blue "\n&& ") f.alias;
-        };
-        ";" = {
-          apply = f: concatStringsSep "; " f.alias;
-          stringify = f: concatStringsSep (blue ";\n  ") f.alias;
-        };
-        " " = {
-          apply = f: concatStringsSep " " f.alias;
-          stringify = f: concatStringsSep " \\\n   " f.alias;
-        };
-      };
-
-    aliasTextOverview = let
-      inherit (lib) stringLength length concatStringsSep replaceStrings
-                    attrValues mapAttrs isAttrs remove replicate mapNullable;
-
-      inherit (extendedLib.termColors.front) red green blue;
-
-      # String -> String -> String
-      wrap' = wrapper: str: wrapper + str + wrapper;
-
-      # [String] -> String -> String -> String
-      replaceStrings' = from: to: replaceStrings from (replicate (length from) to);
-
-      # String -> Int -> String
-      repeatString = string: times: concatStringsSep "" (replicate times string);
-
-      # int -> String -> AttrSet -> String
-      stringifyCategory = level: name: category: let
-        title = "${repeatString "  " level}[${green name}]";
-
-        commands = attrValues ((lib.flip mapAttrs) category (n: v: let
-            # String
-            indent = repeatString "  " level;
-
-            # String -> String
-            removeNixLinks = text: let
-              maybeMatches = builtins.match "(|.*[^)])(/nix/store/.*/bin/).*" text;
-              matches = mapNullable (remove "") maybeMatches;
-            in
-              if (maybeMatches == null)
-              then text
-              else replaceStrings' matches "" text;
-
-            applyFunctor = attrset: let
-              applied = functors.${attrset.type}.stringify attrset;
-              indent' = indent + (repeatString " " ((stringLength " -> \"") + (stringLength n))) + " ";
-            in
-              replaceStrings' ["\n"] ("\n" + indent') applied;
-
-            recurse = stringifyCategory (level + 1) n v;
-          in if isAlias v
-            then "${indent}  ${red n} -> ${wrap' (blue "\"") (removeNixLinks (applyFunctor v))}"
-            else recurse
-        ));
-      in concatStringsSep "\n" ([title] ++ commands) + "\n";
-    in (stringifyCategory 0 "Aliases" cfg.aliases) + "\n";
-
-    flattenedAliases = let
-      inherit (lib) mapAttrs attrValues filterAttrs isAttrs
-                    isString concatStringsSep foldr;
-
-      applyFunctor = attrset: functors.${attrset.type}.apply attrset;
-
-      # TODO: better naming
-      allAttrValuesAreStrings = attrset: let
-
-        # [ {String} ]
-        filteredAliases = [(filterAttrs (n: v: isString v) attrset)];
-
-        # [ {String} ]
-        remainingFunctors = let
-          functorSet = filterAttrs (_: v: isAlias v) attrset;
-          appliedFunctorSet = mapAttrs (n: v: applyFunctor v) functorSet;
-        in [ appliedFunctorSet ];
-
-        # [ {AttrSet} ]
-        remainingAliasSets = attrValues (filterAttrs (_: v: isAttrs v && !isAlias v) attrset);
-
-        # [ {String} ]
-        recursedAliasSets = filteredAliases
-                          ++ (remainingFunctors)
-                          ++ (map allAttrValuesAreStrings remainingAliasSets);
-      in foldr (a: b: a // b) {} recursedAliasSets;
-
-    in
-      allAttrValuesAreStrings cfg.aliases;
-
-  in {
+  config = {
     xdg.dataFile = {
-      aliases.text = aliasTextOverview;
-      packageManagerLecture = lib.mkIf cfg.enablePackageManagerLecture {
+      "aliases".text = shellAliasesFormat.generateText cfg.aliases;
+
+      "packageManagerLecture" = lib.mkIf cfg.enablePackageManagerLecture {
         target = "package-manager.lecture";
         text = let
           inherit (extendedLib.termColors.front) red blue;
@@ -242,18 +243,22 @@ in {
 
     programs = {
       zsh = {
-        shellAliases = flattenedAliases;
+        shellAliases = shellAliasesFormat.generateAttrs cfg.aliases;
         sessionVariables = cfg.variables;
       };
       bash = {
-        shellAliases = flattenedAliases;
+        shellAliases = shellAliasesFormat.generateAttrs cfg.aliases;
         sessionVariables = cfg.variables;
       };
       fish = {
-        shellAliases = flattenedAliases;
+        shellAliases = shellAliasesFormat.generateAttrs cfg.aliases;
         # TODO: fish does not support session variables?
         # localVariables = cfg.variables;
       };
+      nushell = {
+        shellAliases = shellAliasesFormat.generateAttrs cfg.aliases;
+        environmentVariables = cfg.variables;
+      };
     };
   };
 }

home/modules/systemd-tmpfiles.nix

@@ -0,0 +1,168 @@
+# Taken from nixpkgs: nixos/modules/system/boot/systemd/tmpfiles.nix
+{ config, pkgs, lib, unstable-pkgs, ... }:
+let
+  # TODO: 24.05, year of the types.attrsWith
+  inherit (unstable-pkgs.lib) types mkOption;
+
+  cfg = config.systemd.user.tmpfiles;
+
+  attrsWith' =
+    placeholder: elemType:
+    types.attrsWith {
+      inherit elemType;
+      inherit (lib) placeholder;
+    };
+
+  escapeArgument = lib.strings.escapeC [
+    "\t"
+    "\n"
+    "\r"
+    " "
+    "\\"
+  ];
+
+  settingsOption = {
+    description = ''
+      Declare systemd-tmpfiles rules to create, delete, and clean up volatile
+      and temporary files and directories.
+
+      Even though the service is called `*tmp*files` you can also create
+      persistent files.
+    '';
+    example = {
+      "10-mypackage" = {
+        "/var/lib/my-service/statefolder".d = {
+          mode = "0755";
+          user = "root";
+          group = "root";
+        };
+      };
+    };
+    default = { };
+    type = attrsWith' "config-name" (
+      attrsWith' "path" (
+        attrsWith' "tmpfiles-type" (
+          lib.types.submodule (
+            { name, config, ... }:
+            {
+              options.type = mkOption {
+                type = types.str;
+                default = name;
+                defaultText = "‹tmpfiles-type›";
+                example = "d";
+                description = ''
+                  The type of operation to perform on the file.
+
+                  The type consists of a single letter and optionally one or more
+                  modifier characters.
+
+                  Please see the upstream documentation for the available types and
+                  more details:
+                  {manpage}`tmpfiles.d(5)`
+                '';
+              };
+              options.mode = mkOption {
+                type = types.str;
+                default = "-";
+                example = "0755";
+                description = ''
+                  The file access mode to use when creating this file or directory.
+                '';
+              };
+              options.user = mkOption {
+                type = types.str;
+                default = "-";
+                example = "root";
+                description = ''
+                  The user of the file.
+
+                  This may either be a numeric ID or a user/group name.
+
+                  If omitted or when set to `"-"`, the user and group of the user who
+                  invokes systemd-tmpfiles is used.
+                '';
+              };
+              options.group = mkOption {
+                type = types.str;
+                default = "-";
+                example = "root";
+                description = ''
+                  The group of the file.
+
+                  This may either be a numeric ID or a user/group name.
+
+                  If omitted or when set to `"-"`, the user and group of the user who
+                  invokes systemd-tmpfiles is used.
+                '';
+              };
+              options.age = mkOption {
+                type = types.str;
+                default = "-";
+                example = "10d";
+                description = ''
+                  Delete a file when it reaches a certain age.
+
+                  If a file or directory is older than the current time minus the age
+                  field, it is deleted.
+
+                  If set to `"-"` no automatic clean-up is done.
+                '';
+              };
+              options.argument = mkOption {
+                type = types.str;
+                default = "";
+                example = "";
+                description = ''
+                  An argument whose meaning depends on the type of operation.
+
+                  Please see the upstream documentation for the meaning of this
+                  parameter in different situations:
+                  {manpage}`tmpfiles.d(5)`
+                '';
+              };
+            }
+          )
+        )
+      )
+    );
+  };
+
+  # generates a single entry for a tmpfiles.d rule
+  settingsEntryToRule = path: entry: ''
+    '${entry.type}' '${path}' '${entry.mode}' '${entry.user}' '${entry.group}' '${entry.age}' ${escapeArgument entry.argument}
+  '';
+
+  # generates a list of tmpfiles.d rules from the attrs (paths) under tmpfiles.settings.<name>
+  pathsToRules = lib.mapAttrsToList (
+    path: types: lib.concatStrings (lib.mapAttrsToList (_type: settingsEntryToRule path) types)
+  );
+
+  mkRuleFileContent = paths: lib.concatStrings (pathsToRules paths);
+in
+{
+  options.systemd.user.tmpfiles.settings = lib.mkOption settingsOption;
+
+  config = lib.mkIf (cfg.settings != { }) {
+    assertions = [
+      (lib.hm.assertions.assertPlatform "systemd.user.tmpfiles" pkgs
+        lib.platforms.linux)
+    ];
+
+    xdg.configFile = {
+      "systemd/user/basic.target.wants/systemd-tmpfiles-setup.service".source =
+        "${pkgs.systemd}/example/systemd/user/systemd-tmpfiles-setup.service";
+      "systemd/user/systemd-tmpfiles-setup.service".source =
+        "${pkgs.systemd}/example/systemd/user/systemd-tmpfiles-setup.service";
+      "systemd/user/timers.target.wants/systemd-tmpfiles-clean.timer".source =
+        "${pkgs.systemd}/example/systemd/user/systemd-tmpfiles-clean.timer";
+      "systemd/user/systemd-tmpfiles-clean.service".source =
+        "${pkgs.systemd}/example/systemd/user/systemd-tmpfiles-clean.service";
+    } // (lib.mapAttrs' (name: paths: {
+      name = "user-tmpfiles.d/${name}.conf";
+      value = {
+        text = mkRuleFileContent paths;
+        onChange = "${pkgs.systemd}/bin/systemd-tmpfiles --user --create";
+      };
+    }) cfg.settings);
+  };
+}

home/modules/uidGid.nix

@@ -0,0 +1,13 @@
+{ lib, ... }:
+{
+  options.home = {
+    uid = lib.mkOption {
+      default = 1000;
+      type = lib.types.ints.between 0 60000;
+    };
+    gid = lib.mkOption {
+      default = 1000;
+      type = lib.types.ints.between 0 60000;
+    };
+  };
+}

home/packages.nix

@@ -1,29 +1,38 @@
-{ pkgs, config, machineVars, ... }:
+{ pkgs, config, machineVars, machineName, ... }:
 {
   home.packages = with pkgs; [
+    bandwhich
     binutils
     cloc
     cyme
     czkawka
-    delta
+    difftastic
     diskonaut
     duf
     duff
+    fclones
     ffmpeg
     file
+    fselect
+    gitoxide
     glances
+    gpauth
+    gpclient
     gpg-tui
     gping
     graphviz
     hexyl
+    htmlq
     httpie
+    huniq
+    hyperfine
     imagemagick
     kepubify
-    # keybase
     keymapviz
     libwebp
     lnav
     lolcat
+    lurk
     mdcat
     mediainfo
     meli
@@ -39,30 +48,31 @@
     # nixops
     nmap
     ouch
-    pandoc
     parallel
+    pipr
     progress
     pwntools
-    python3
     rclone
-    ripgrep
+    rip2
+    rnr
     rsync
     # sc-im
+    skim
     slack-term
     tea
-    tealdeer
     terminal-parrot
     termtosvg
     toilet
     tokei
+    trippy
     unpaper
     unzip
     usbutils
-    uutils-coreutils
+    uutils-coreutils-noprefix
     waifu2x-converter-cpp
+    watchexec
     wavemon
     wiki-tui
-    yt-dlp
     yubico-pam
     yubikey-agent
     yubikey-manager
@@ -86,13 +96,14 @@
       darktable
       discord
       element-desktop
+      foliate
       geogebra
       ghidra
       gimp
-      gnome.gnome-font-viewer
-      gnome.seahorse
+      gnome-font-viewer
       google-chrome
       imhex
+      imv
       inkscape
       insomnia
       iwgtk
@@ -103,6 +114,7 @@
       libnotify
       libreoffice
       light
+      mission-center
       mopidy
       mopidy-mpd
       mopidy-soundcloud
@@ -112,10 +124,10 @@
       nsxiv
       nyxt
       obsidian
-      # pcloud
       pdfarranger
       pwvucontrol
       # scrcpy
+      seahorse
       shellcheck
       slack
       # sublime3
@@ -124,7 +136,7 @@
 
       tenacity
       # transcribe
-      wireshark
+      webcamoid
       xcalib
       xclip
       xdotool
@@ -147,14 +159,14 @@
     ] ++ lib.optionals (machineVars.gaming) [
       desmume
       osu-lazer
-      (prismlauncher.override {
-        jdk17 = jdk21;
-      })
       retroarchFull
       steam
       steam-tui
       stepmania
       taisei
+    ] ++ lib.optionals (machineName != "dosei") [
+      # Source blocked by external firewall on dosei
+      pcloud
     ]
   );
 }

home/programs/alacritty.nix

@@ -43,9 +43,9 @@
         duration = 20;
       };
 
-      live_config_reload = true;
+      general.live_config_reload = true;
 
-      shell = {
+      terminal.shell = {
         program = "${pkgs.zsh}/bin/zsh";
         args = [ "--login" ];
       };

home/programs/anyrun/default.nix

@@ -0,0 +1,37 @@
+{ pkgs, lib, inputs, ... }:
+{
+  programs.anyrun = {
+    enable = true;
+
+    config = {
+      y.fraction = 0.3;
+      width.fraction = 0.25;
+      plugins = [
+        inputs.anyrun.packages.${pkgs.system}.applications
+      ];
+      hidePluginInfo = true;
+      closeOnClick = true;
+      showResultsImmediately = true;
+    };
+
+    extraCss = builtins.readFile (./. + "/style.css");
+
+    extraConfigFiles."applications.ron".text = let
+      preprocess_script = pkgs.writeShellApplication {
+        name = "anyrun-preprocess-application-exec";
+        runtimeInputs = [ ];
+        text = ''
+          shift # Remove term|no-term
+          echo "uwsm app -- $*"
+        '';
+      };
+    in ''
+      Config(
+        desktop_actions: false,
+        max_entries: 10,
+        preprocess_exec_script: Some("${lib.getExe preprocess_script}"),
+        terminal: Some("${lib.getExe pkgs.alacritty}"),
+      )
+    '';
+  };
+}

home/programs/anyrun/style.css

@@ -0,0 +1,48 @@
+* {
+  all: unset;
+  font-size: 1.2rem;
+}
+
+#window,
+#match,
+#entry,
+#plugin,
+#main {
+  background: transparent;
+}
+
+#match.activatable {
+  border-radius: 8px;
+  margin: 4px 0;
+  padding: 4px;
+  /* transition: 100ms ease-out; */
+}
+#match.activatable:first-child {
+  margin-top: 12px;
+}
+#match.activatable:last-child {
+  margin-bottom: 0;
+}
+
+#match:hover {
+  background: rgba(255, 255, 255, 0.05);
+}
+#match:selected {
+  background: rgba(255, 255, 255, 0.1);
+}
+
+#entry {
+  background: rgba(255, 255, 255, 0.05);
+  border: 1px solid rgba(255, 255, 255, 0.1);
+  border-radius: 8px;
+  padding: 4px 8px;
+}
+
+box#main {
+  background: rgba(0, 0, 0, 0.5);
+  box-shadow:
+    inset 0 0 0 1px rgba(255, 255, 255, 0.1),
+    0 30px 30px 15px rgba(0, 0, 0, 0.5);
+  border-radius: 20px;
+  padding: 12px;
+}

home/programs/atuin.nix

@@ -1,15 +1,14 @@
 { config, ... }:
 let
   cfg = config.programs.atuin;
-
-  # TODO: retrieve this in a more dynamic and correct manner
-  xdg_runtime_dir = "/run/user/1000";
+  xdg_runtime_dir = "/run/user/${toString config.home.uid}";
 in
 {
   programs.atuin = {
     enable = true;
     enableBashIntegration = true;
     enableZshIntegration = true;
+    enableNushellIntegration = config.programs.nushell.enable;
 
     settings = {
       db_path = "${config.xdg.dataHome}/atuin/history.db";

home/programs/bash.nix

@@ -0,0 +1,16 @@
+{ config, ... }:
+{
+  programs.bash = {
+    enable = true;
+    historyFile = "${config.xdg.dataHome}/bash_history";
+    historySize = 100000;
+    bashrcExtra = ''
+      source "${config.xdg.configHome}/mutable_env.sh"
+    '';
+    shellOptions = [
+      "histappend"
+      "checkwinsize"
+      "checkjobs"
+    ];
+  };
+}

home/programs/bat.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.bat.enable = true;
+}

home/programs/bottom.nix

@@ -0,0 +1,41 @@
+{ ... }:
+{
+  programs.bottom = {
+    enable = true;
+    settings = {
+      flags.enable_gpu = true;
+
+      row = [
+        {
+          ratio = 30;
+          child = [{ type = "cpu"; }];
+        }
+        {
+          ratio = 40;
+          child = [
+            {
+              ratio = 4;
+              type = "mem";
+            }
+            {
+              ratio = 3;
+              type = "disk";
+            }
+          ];
+        }
+        {
+          ratio = 30;
+          child = [
+            {
+              type = "net";
+            }
+            {
+              default = true;
+              type = "proc";
+            }
+          ];
+        }
+      ];
+    };
+  };
+}

home/programs/browser/engines.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 {
   "Amazon.com".metaData.hidden = true;
   "Bing".metaData.hidden = true;
@@ -57,9 +57,29 @@
     definedAliases = [ "gh" ];
   };
 
+  "GitHub Nix Configs" = {
+    urls = [{
+      template = "https://github.com/search";
+      params = [
+        { name = "type"; value = "code"; }
+        {
+          name = "q";
+          value = lib.concatStringsSep " " [
+            "lang:nix"
+            "-is:fork"
+            "-repo:nixos/nixpkgs"
+            "{searchTerms}"
+          ];
+        }
+      ];
+    }];
+    icon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/github.svg";
+    definedAliases = [ "ghn" ];
+  };
+
   "HomeManager Options" = {
     urls = [{
-      template = "https://mipmip.github.io/home-manager-option-search/?{searchTerms}";
+      template = "https://mipmip.github.io/home-manager-option-search/?query={searchTerms}";
     }];
     icon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/nixos.svg";
     definedAliases = [ "hms" ];

home/programs/cargo.nix

@@ -0,0 +1,11 @@
+{ ... }:
+{
+  programs.cargo = {
+    enable = true;
+    settings = {
+      cargo-new.vcs = "git";
+    };
+  };
+
+  home.sessionVariables.CARGO_NET_GIT_FETCH_WITH_CLI = "true";
+}

home/programs/direnv/auto-prune.nix

@@ -1,38 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  cfg = config.programs.direnv;
-in
-{
-  config = {
-    systemd.user.services.prune-allowed-direnv-dirs = {
-      Unit = {
-        Description = "Prune unused allowed directories for direnv";
-        Documentation = [ "man:direnv(1)" ];
-      };
-
-      Service = {
-        Type = "oneshot";
-        CPUSchedulingPolicy = "idle";
-        IOSchedulingClass = "idle";
-        ExecStart = "${lib.getExe cfg.package} prune";
-      };
-    };
-
-    systemd.user.timers.prune-allowed-direnv-dirs = {
-      Unit = {
-        Description = "Prune unused allowed directories for direnv";
-        Documentation = [ "man:direnv(1)" ];
-      };
-
-      Timer = {
-        Unit = "prune-allowed-direnv-dirs.service";
-        OnCalendar = "daily";
-        Persistent = true;
-      };
-
-      Install = {
-        WantedBy = [ "timers.target" ];
-      };
-    };
-  };
-}

home/programs/direnv/default.nix

@@ -1,12 +1,14 @@
-{ ... }:
+{ config, ... }:
 {
-  imports = [
-    ./auto-prune.nix
-  ];
-
   programs.direnv = {
     enable = true;
-    enableZshIntegration = true;
+    silent = true;
+
     nix-direnv.enable = true;
+
+    enableZshIntegration = true;
+    enableNushellIntegration = config.programs.nushell.enable;
+
+    auto-prune-allowed-dirs.enable = true;
   };
 }

home/programs/eza.nix

@@ -0,0 +1,8 @@
+{ config, ... }:
+{
+  programs.eza = {
+    enable = true;
+    icons = "auto";
+    enableNushellIntegration = config.programs.nushell.enable;
+  };
+}

home/programs/feh.nix

@@ -0,0 +1,4 @@
+{ machineVars, ... }:
+{
+  programs.feh.enable = !machineVars.headless;
+}

home/programs/firefox.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ lib, pkgs, ... }:
 {
   programs.firefox = {
     enable = true;
@@ -7,12 +7,61 @@
         toolbar = true;
         bookmarks = import ./browser/bookmarks.nix;
       }];
+
       search = {
         default = "Google";
-        engines = import ./browser/engines.nix { inherit pkgs; };
+        engines = import ./browser/engines.nix { inherit pkgs lib; };
         force = true;
       };
-      settings = {};
+
+      # TODO: make into structured attrs
+      settings = {
+        # TODO: collect more stuff from here
+        # https://github.com/arkenfox/user.js
+        "browser.aboutConfig.showWarning" = false;
+        "browser.newtabpage.activity-stream.showSponsored" = false;
+        "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
+        "browser.newtabpage.activity-stream.feeds.telemetry" = false;
+        "browser.newtabpage.activity-stream.telemetry" = false;
+        "datareporting.policy.dataSubmissionEnabled" = false;
+        "datareporting.healthreport.uploadEnabled" = false;
+        "toolkit.telemetry.unified" = false;
+        "toolkit.telemetry.enabled" = false;
+        "toolkit.telemetry.server" = "data:,";
+        "toolkit.telemetry.archive.enabled" = false;
+        "toolkit.telemetry.newProfilePing.enabled" = false;
+        "toolkit.telemetry.shutdownPingSender.enabled" = false;
+        "toolkit.telemetry.updatePing.enabled" = false;
+        "toolkit.telemetry.bhrPing.enabled" = false;
+        "toolkit.telemetry.firstShutdownPing.enabled" = false;
+        "toolkit.telemetry.coverage.opt-out" = true;
+        "toolkit.coverage.opt-out" = true;
+        "toolkit.coverage.endpoint.base" = "";
+
+        "layout.css.prefers-color-scheme.content-override" = "dark";
+
+        "font.cjk_pref_fallback_order" = lib.concatStringsSep "," [
+          "ja"
+          "zh-cn"
+          "zh-hk"
+          "zh-tw"
+          "ko"
+        ];
+      } // (lib.pipe null [
+        (_: {
+          "ja" = "JP";
+          "ko" = "KR";
+          "zh-CN" = "SC";
+          "zh-HK" = "HK";
+          "zh-TW" = "TC";
+        })
+        (lib.mapAttrsToList (lang: notoSuffix: {
+          "font.name.monospace.${lang}" = "Noto Sans Mono CJK ${notoSuffix}";
+          "font.name.sans-serif.${lang}" = "Noto Sans CJK ${notoSuffix}";
+          "font.name.serif.${lang}" = "Noto Serif CJK ${notoSuffix}";
+        }))
+        (lib.foldl lib.mergeAttrs { })
+      ]);
     };
   };
 }

home/programs/fzf.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+  programs.fzf = {
+    enable = true;
+    defaultCommand = "fd --type f";
+  };
+}

home/programs/gdb.nix

@@ -9,7 +9,7 @@
     set print demangle on
     set print sevenbit-strings off
     set print asm-demangle on
-    set print elements 0 
+    set print elements 0
 
     # Assembly
     set disassembly-flavor intel

home/programs/git/default.nix

@@ -14,10 +14,6 @@ let
   ];
 in
 {
-  imports = [
-    ./maintenance-timers.nix
-  ];
-
   # TODO: convert to template once nix-sops supports it in hm module
   sops.secrets."git/nordicsemi-config" = { };
 
@@ -31,9 +27,12 @@ in
 
       signing = {
         key = "46B9228E814A2AAC";
+        # format = "openpgp";
         signByDefault = true;
       };
 
+      maintenance.enable = true;
+
       lfs.enable = true;
 
       delta = {
@@ -47,20 +46,82 @@ in
 
       aliases = {
         aliases = "!git config --get-regexp alias | sed -re 's/alias\\.(\\S*)\\s(.*)$/\\1 = \\2/g'";
-        delete-merged = "!git branch --merged | grep -v '\\*' | xargs -n 1 git branch -d";
-        graph = "log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(bold yellow)%d%C(reset)' --all";
-        graphv = "log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold cyan)%aD%C(reset) %C(bold green)(%ar)%C(reset)%C(bold yellow)%d%C(reset)%n''          %C(white)%s%C(reset) %C(dim white)- %an%C(reset)' --all";
-        forcepush = "push --force-with-lease --force-if-includes";
         authors = "shortlog --summary --numbered --email";
+        delete-merged = "!git branch --merged | grep -v '\\*' | xargs -n 1 git branch -d";
+        ff = "fixup-fixup";
+        fi = "fixup-interactive";
+        forcepush = "push --force-with-lease --force-if-includes";
+        git = "!git";
+        pp = "post-pr";
+        rebase-author = "rebase -i -x \"git commit --amend --reset-author -CHEAD\"";
+        reset-to-upstream = "!git reset --hard \"origin/$(git rev-parse --abbrev-ref HEAD)\"";
+        rf = "rebase-fixups";
         si = "switch-interactive";
         subs = "submodule update --init --recursive";
-        rebase-author = "rebase -i -x \"git commit --amend --reset-author -CHEAD\"";
-        git = "!git";
-      };
+      } // (let
+        c = c: s: "%C(${c})${s}%C(reset)";
+      in {
+        graph = let
+          fmt = lib.concatStringsSep "" [
+            " - "
+            (c "bold blue" "%h")
+            " - "
+            (c "bold green" "(%ar)")
+            " "
+            (c "white" "> %s")
+            " "
+            (c "dim white" "- %an")
+            (c "bold yellow" "%d")
+          ];
+        in "log --graph --abbrev-commit --decorate --format=format:'${fmt}' --all";
+
+        graphv = let
+          fmt = lib.concatStringsSep "" [
+            (c "bold blue" "%h")
+            " - "
+            (c "bold cyan" "%aD")
+            " "
+            (c "bold green" "(%ar)")
+            (c "bold yellow" "%d")
+            "%n"
+            "          "
+            (c "white" "%s")
+            " "
+            (c "dim white" "- %an")
+          ];
+        in "log --graph --abbrev-commit --decorate --format=format:'${fmt}' --all";
+
+        l = let
+          fmt = lib.concatStringsSep "%n" (map (x: if builtins.isList x then lib.concatStringsSep " " x else x) [
+            [ (c "bold yellow" "%H") (c "auto" "%d") ]
+            [ (c "bold white" "Author:") (c "bold cyan" "%aN <%aE>") (c "bold green" "(%ah)") ]
+            [ (c "bold white" "Committer:") (c "bold cyan" "%cN <%cE>") (c "bold green" "(%ah)") ]
+            [ (c "bold white" "GPG: (%G?)") (c "bold magenta" "%GF") "-" (c "bold cyan" "%GS") (c "bold blue" "(%GT) ") ]
+            ""
+            (c "bold white" "# %s")
+            "%+b"
+            (c "dim yellow" "%+N")
+          ]);
+          # sedExpressions = let
+          #   colorExpr = "\\x1B\\[([0-9]{1,3}(;[0-9]{1,2};?)?)?[mGK]";
+          #   colorEndExpr = "\\x1B\\[m";
+          #   colored = x: "${colorExpr}${x}${colorEndExpr}";
+          # in lib.concatMapStringsSep " " (x: "-e '${x}'") [
+          #   "s|${colored "GPG: \\(N\\)"} ${colored "F3CDA86CC55A9F10D7A069819F2F7D8250F35146"} - ${colored "h7x4 <h7x4@nani.wtf>"} ${colored "\\(ultimate\\)"}|GPG: h7x4|"
+          #   "s|${colored "GPG: \\(N\\)"} ${colored ""} - ${colored ""} ${colored "\\(undefined\\)"}||"
+          # ];
+        in "log --decorate --format=tformat:'${fmt}'";
+        # in "!git log --color=always --format=format:'${fmt}' | sed -E ${sedExpressions} | $PAGER";
+      });
 
       extraConfig = {
         core = {
-          whitespace = "space-before-tab,-indent-with-non-tab,trailing-space";
+          whitespace = lib.concatStringsSep "," [
+            "space-before-tab"
+            "-indent-with-non-tab"
+            "trailing-space"
+            "blank-at-eof"
+          ];
           untrackedCache = true;
           editor = "nvim";
         };
@@ -125,6 +186,7 @@ in
         diff = {
           mnemonicPrefix = true;
           renames = true;
+          compactionHeuristic = true;
           tool = "nvimdiff";
           submodule = "log";
         };
@@ -167,6 +229,21 @@ in
 
         "url \"${lib.head github-uri-prefixes}\"".insteadOf = lib.tail github-uri-prefixes;
 
+        "url \"git@gist.github.com:\"".insteadOf = [
+          "git://gist.github.com/"
+          "https://gist.github.com/"
+        ];
+
+        "url \"aur@aur.archlinux.org:\"".insteadOf = [
+          "aur:"
+          "https://aur.archlinux.org/"
+        ];
+
+        gc = {
+          reflogExpire = "90 days";
+          reflogExpireUnreachable = "90 days";
+        };
+
         web.browser = "google-chrome-stable";
 
         "filter \"lfs\"" = {
@@ -236,7 +313,7 @@ in
           "nrfconnect"
           "oysteintveit-nordicsemi"
         ];
-      in lib.genAttrs organizations (org: map (uri-prefix: "${uri-prefix}${org}") github-uri-prefixes);
+      in lib.genAttrs organizations (org: map (uri-prefix: "${uri-prefix}${org}") (github-uri-prefixes ++ [ "github-nordicsemi:" ]));
     in {
       extraConfig = lib.mergeAttrs
         {
@@ -256,6 +333,35 @@ in
     })
   ];
 
+  systemd.user.services."git-maintenance@".Service = lib.mkIf cfg.maintenance.enable {
+    ExecStartPre = let
+      repoDirs = lib.escapeShellArgs [
+        "${config.home.homeDirectory}/git"
+        "${config.home.homeDirectory}/work"
+        "${config.home.homeDirectory}/pvv"
+      ];
+
+      script = pkgs.writeShellApplication {
+        name = "discover-git-maintenance-repos";
+        text = ''
+          {
+            echo "[maintenance]"
+            for repoLocation in ${repoDirs}; do
+              for repo in "$repoLocation"/*/.git; do
+                echo "repo = $("${pkgs.coreutils}/bin/realpath" "''${repo%"/.git"}")"
+              done
+            done
+          } > "$1"
+        '';
+      };
+    in "${lib.getExe script} %t/maintenance-repos";
+
+    ExecStart = lib.mkForce ''
+      "${lib.getExe cfg.package}" -c include.path="%t/maintenance-repos" for-each-repo --keep-going --config=maintenance.repo maintenance run --schedule=%i
+    '';
+  };
+
+
   home.packages = [
     (pkgs.writeShellApplication {
       name = "git-tcommit";
@@ -270,14 +376,44 @@ in
         (builtins.replaceStrings ["hours" "tcommit"] ["minutes" "tmcommit"])
       ];
     })
+    (pkgs.writeShellApplication {
+      name = "git-fixup-fixup";
+      runtimeInputs = with pkgs; [ cfg.package ];
+      text = lib.fileContents ./scripts/git-fixup-fixup.sh;
+    })
+    (pkgs.writeShellApplication {
+      name = "git-rebase-fixups";
+      runtimeInputs = with pkgs; [ cfg.package gnused ];
+      text = lib.fileContents ./scripts/git-rebase-fixups.sh;
+    })
+    (pkgs.writeShellApplication {
+      name = "git-fixup-interactive";
+      runtimeInputs = with pkgs; [ cfg.package gnused gnugrep skim ];
+      text = lib.fileContents ./scripts/git-fixup-interactive.sh;
+    })
     (pkgs.writeShellApplication {
       name = "git-switch-interactive";
-      runtimeInputs = with pkgs; [ cfg.package fzf gnused coreutils ];
+      runtimeInputs = with pkgs; [ cfg.package skim gnused gnugrep uutils-coreutils-noprefix ];
       text = lib.fileContents ./scripts/git-switch-interactive.sh;
       excludeShellChecks = [
         "SC2001" # (style): See if you can use ${variable//search/replace} instead. (sed invocation)
       ];
     })
+    ((pkgs.writers.writePython3Bin "git-post-pr" {
+      libraries = with pkgs.python3Packages; [
+        tkinter
+      ];
+      flakeIgnore = [
+        "E501" # I like long lines grr
+      ];
+    } (lib.fileContents ./scripts/git-post-pr.py)).overrideAttrs (_: {
+      postFixup = ''
+        wrapProgram $out/bin/git-post-pr \
+          --prefix PATH : ${lib.makeBinPath [
+            pkgs.github-cli
+          ]}
+      '';
+    }))
 
     pkgs.git-absorb
   ];

home/programs/git/maintenance-timers.nix

@@ -1,56 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  cfg = config.programs.git;
-in
-{
-  systemd.user.services."git-maintenance@" = {
-    Unit = {
-      Description = "Optimize Git repositories data";
-      Documentation = [ "man:git-maintenance(1)" ];
-    };
-
-    Service = {
-      Type = "oneshot";
-      ExecStart = "${lib.getExe pkgs.git} for-each-repo --config=maintenance.repo maintenance run --no-quiet --schedule=%i";
-
-      Environment = [
-        "PATH=${lib.makeBinPath (with pkgs; [ cfg.package openssh ])}"
-      ];
-
-      LockPersonality = "yes";
-      MemoryDenyWriteExecute = "yes";
-      NoNewPrivileges = "yes";
-      RestrictAddressFamilies = [
-        "AF_UNIX"
-        "AF_INET"
-        "AF_INET6"
-        "AF_VSOCK"
-      ];
-      RestrictNamespaces = "yes";
-      RestrictRealtime = "yes";
-      RestrictSUIDSGID = "yes";
-      SystemCallArchitectures = "native";
-      SystemCallFilter = "@system-service";
-    };
-  };
-
-  systemd.user.timers."git-maintenance@" = {
-    Unit = {
-      Description = "Optimize Git repositories data";
-      Documentation = [ "man:git-maintenance(1)" ];
-    };
-
-    Timer = {
-      Persistent = true;
-      OnCalendar = "%i";
-    };
-
-    Install = {
-      WantedBy = [ "timers.target" ];
-    };
-  };
-
-  systemd.user.timers."git-maintenance@hourly".Timer.OnCalendar = "*-*-* 1..23:05:00";
-  systemd.user.timers."git-maintenance@daily".Timer.OnCalendar = "Tue..Sun *-*-* 0:05:00";
-  systemd.user.timers."git-maintenance@weekly".Timer.OnCalendar = "Mon 0:05:00";
-}

home/programs/git/scripts/git-fixup-fixup.sh

@@ -0,0 +1,14 @@
+if [ -n "${1:-}" ]; then
+  TARGET_COMMIT="$1"
+  shift
+else
+  TARGET_COMMIT="HEAD"
+fi
+
+COMMIT_MESSAGE=$(git log -1 --pretty=format:'%s' "$TARGET_COMMIT")
+
+if [[ $COMMIT_MESSAGE =~ ^fixup!* ]]; then
+  git commit -m "$COMMIT_MESSAGE" "$@"
+else
+  git commit --fixup "$TARGET_COMMIT" "$@"
+fi

home/programs/git/scripts/git-fixup-interactive.sh

@@ -0,0 +1,18 @@
+if [ -n "${1:-}" ]; then
+  TARGET_BRANCH="$1"
+  shift
+else
+  TARGET_BRANCH=$(git remote show origin | sed -n '/HEAD branch/s/.*: //p')
+fi
+
+FORK_POINT=$(git merge-base --fork-point "$TARGET_BRANCH")
+
+COMMITS_SINCE_FORK_POINT=$(git log --format=format:'%s' "$FORK_POINT"..HEAD | grep -v -E '^fixup!')
+
+RESULT=$(sk <<<"$COMMITS_SINCE_FORK_POINT")
+
+if [ "$RESULT" == "" ]; then
+  echo "Doing nothing..."
+else
+  git commit -m "fixup! $RESULT" "$@"
+fi

home/programs/git/scripts/git-post-pr.py

@@ -0,0 +1,130 @@
+import argparse
+import json
+import subprocess
+import tkinter
+
+# TODO: add support for gitea, and maybe other git hosting options.
+
+
+def parse_args() -> argparse.Namespace:
+    parser = argparse.ArgumentParser(
+        prog="post-pr",
+        description="Post links to PRs",
+    )
+
+    parser.add_argument("-n", "--no-clipboard", action="store_true", help="do not copy the message to the clipboard")
+
+    pr_id = parser.add_mutually_exclusive_group()
+    pr_id.add_argument("-c", "--current-branch", action="store_true", help="generate post for the PR for the current branch")
+    pr_id.add_argument("-l", "--latest", action="store_true", help="generate post for the latest PR for the current user")
+    pr_id.add_argument("pr_id", nargs="?", default=None, help="generate post for the PR with the given ID")
+    args = parser.parse_args()
+
+    if not any([args.current_branch, args.latest, args.pr_id,]):
+        args.current_branch = True
+
+    return args
+
+
+def _gh(args: list[str]) -> str:
+    try:
+        return subprocess.check_output(["gh"] + args).decode("utf8")
+    except subprocess.CalledProcessError as e:
+        raise RuntimeError(f"GitHub CLI command failed: 'gh {' '.join(args)}'") from e
+
+
+def _gh_retcode(args: list[str]) -> int:
+    return subprocess.run(["gh"] + args, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL).returncode
+
+
+def ensure_gh_installed():
+    try:
+        if _gh_retcode(["--version"]) != 0:
+            raise RuntimeError("GitHub CLI (gh) is not installed, please install it")
+    except FileNotFoundError:
+        raise RuntimeError("GitHub CLI (gh) is not installed, please install it")
+
+
+def ensure_gh_authenticated():
+    if _gh_retcode(["auth", "status"]) != 0:
+        raise RuntimeError("Failed to authenticate with GitHub, please run 'gh auth login'")
+
+
+GH_PR_JSON_FIELDS = ",".join([
+    "additions",
+    "deletions",
+    "state",
+    "title",
+    "url",
+])
+
+
+def fetch_pr_data(current_branch: bool, latest: bool, pr_id: str | None) -> dict[str, any]:
+    if pr_id:
+        pr_data = _gh(["pr", "view", pr_id, "--json", GH_PR_JSON_FIELDS])
+        pr_data = json.loads(pr_data)
+
+    elif latest:
+        pr_list = _gh(["pr", "list", "--author", "@me", "--limit", "1", "--json", GH_PR_JSON_FIELDS])
+        pr_list = json.loads(pr_list)
+
+        if len(pr_list) == 0:
+            raise RuntimeError("Failed to find PR, are you sure you have any open PRs?")
+
+        pr_data = pr_list[0]
+
+    elif current_branch:
+        pr_data = _gh(["pr", "view", "--json", GH_PR_JSON_FIELDS])
+        pr_data = json.loads(pr_data)
+
+    return pr_data
+
+
+def format_message(pr_data: dict[str, any]) -> str:
+    additions = pr_data["additions"]
+    deletions = pr_data["deletions"]
+
+    title = pr_data["title"]
+    pr_url = pr_data["url"]
+    pr_state = pr_data["state"]
+
+    state_html = f"({pr_state.lower()}) " if pr_state != "OPEN" else ""
+    additions_html = f"+{additions}" if additions > 0 else str(additions)
+    deletions_html = f"-{deletions}" if deletions > 0 else str(deletions)
+
+    return f"""{state_html}{pr_url} {title} [diff: {additions_html}/{deletions_html}]"""
+
+
+def copy_to_clipboard(message: str):
+    r = tkinter.Tk()
+    r.withdraw()
+    r.clipboard_clear()
+    r.clipboard_append(message)
+    r.update()
+    r.destroy()
+
+
+def main():
+    args = parse_args()
+
+    ensure_gh_installed()
+    ensure_gh_authenticated()
+
+    pr_data = fetch_pr_data(args.current_branch, args.latest, args.pr_id)
+    message = format_message(pr_data)
+
+    print("Message:\n")
+    print(f"    {message}\n")
+
+    if not args.no_clipboard:
+        copy_to_clipboard(message)
+        print("Copied to clipboard")
+
+
+if __name__ == "__main__":
+    try:
+        main()
+    except Exception as e:
+        print(f"Error: {e}")
+        exit(1)
+

home/programs/git/scripts/git-rebase-fixups.sh

@@ -0,0 +1,10 @@
+if [ -n "${1:-}" ]; then
+  TARGET_BRANCH="$1"
+  shift
+else
+  TARGET_BRANCH=$(git remote show origin | sed -n '/HEAD branch/s/.*: //p')
+fi
+
+FORK_POINT=$(git merge-base --fork-point "$TARGET_BRANCH")
+
+git rebase "$FORK_POINT" --autosquash "$@"

home/programs/git/scripts/git-switch-interactive.sh

@@ -6,7 +6,7 @@ if [ -n "${1:-}" ]; then
 fi
 
 BRANCHES=$(cat <(git branch) <(git branch --remotes) | grep --invert-match '^\*\|HEAD ->' | sed 's|^\s*||')
-CHOSEN_BRANCH=$(fzf --reverse --info=inline --preview 'git show --color {}' <<<"$BRANCHES")
+CHOSEN_BRANCH=$(sk --reverse --info=inline --preview 'git show --color {}' <<<"$BRANCHES")
 
 CLEAN_BRANCH_NAME=$(sed 's|^\s*||' <<<"$CHOSEN_BRANCH")
 for REMOTE in $(git remote); do

home/programs/gpg.nix

@@ -1,11 +1,5 @@
-{ pkgs, config, ... }:
+{ config, pkgs, ... }:
 {
-  imports = [
-    ./auto-refresh-keys.nix
-    ./auto-update-trust-db.nix
-    ./declarative-key-fetcher.nix
-  ];
-
   programs.gpg = {
     enable = true;
     homedir = "${config.xdg.configHome}/gnupg";
@@ -20,7 +14,7 @@
       ];
     };
 
-    fetch-keys = {
+    key-fetchers.keyserver = {
       enable = true;
       keys = {
         "495A898FC1A0276F51EA3155355E5D82B18F4E71" = { trust = 4; };
@@ -36,6 +30,7 @@
     enableExtraSocket = true;
     enableSshSupport = true;
     enableScDaemon = true;
+    enableNushellIntegration = config.programs.nushell.enable;
     grabKeyboardAndMouse = false;
   };
 }

home/programs/home-manager.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.home-manager.enable = true;
+}

home/programs/hyprland.nix

@@ -0,0 +1,380 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.wayland.windowManager.hyprland;
+in
+{
+  home.sessionVariables = {
+    WLR_NO_HARDWARE_CURSORS = "1";
+    WLR_RENDERER_ALLOW_SOFTWARE = "1";
+    XDG_CURRENT_DESKTOP = "Hyprland";
+    XDG_SESSION_DESKTOP = "Hyprland";
+    XDG_SESSION_TYPE = "wayland";
+    GDK_BACKEND = "wayland,x11,*";
+    QT_QPA_PLATFORM = "wayland;xcb";
+    NIXOS_OZONE_WL = "1";
+    MOZ_ENABLE_WAYLAND = "1";
+    SDL_VIDEODRIVER = "wayland";
+    OZONE_PLATFORM = "wayland";
+    CLUTTER_BACKEND = "wayland";
+    QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
+    # QT_QPA_PLATFORMTHEME = "qt6ct";
+    QT_AUTO_SCREEN_SCALE_FACTOR = "1";
+
+    # LIBVA_DRIVER_NAME = "nvidia";
+    # GBM_BACKEND = "nvidia-drm";
+    # __GLX_VENDOR_LIBRARY_NAME = "nvidia";
+  };
+
+  home.packages = with pkgs; [
+    hyprpolkitagent
+    wl-clipboard-rs
+  ];
+
+  programs.hyprlock = {
+    enable = true;
+    settings = {
+      general = {
+        disable_loading_bar = true;
+        grace = 0;
+        hide_cursor = true;
+        no_fade_in = false;
+      };
+
+      background = [
+        {
+          path = "screenshot";
+          blur_passes = 3;
+          blur_size = 8;
+        }
+      ];
+
+      input-field = [
+        {
+          size = "200, 50";
+          position = "0, -80";
+          monitor = "";
+          dots_center = true;
+          fade_on_empty = false;
+          font_color = "rgb(202, 211, 245)";
+          inner_color = "rgb(91, 96, 120)";
+          outer_color = "rgb(24, 25, 38)";
+          outline_thickness = 5;
+          placeholder_text = ''Password...'';
+          shadow_passes = 2;
+        }
+      ];
+
+      auth = {
+        "pam:enabled" = true;
+        "pam:module" = "hyprlock";
+      };
+    };
+  };
+
+  services.hypridle = {
+    enable = true;
+    settings = {
+      general = {
+        ignore_dbus_inhibit = false;
+        lock_cmd = "pidof hyprlock || ${config.programs.hyprlock.package}/bin/hyprlock";
+        before_sleep_cmd = "${pkgs.systemd}/bin/loginctl lock-session";
+        after_sleep_cmd = "${cfg.finalPackage}/bin/hyprctl dispatch dpms on";
+      };
+
+      listener = [
+        {
+          timeout = 900;
+          on-timeout = "${config.programs.hyprlock.package}/bin/hyprlock";
+        }
+        {
+          timeout = 1200;
+          on-timeout = "${cfg.finalPackage}/bin/hyprctl dispatch dpms off";
+          on-resume = "${cfg.finalPackage}/bin/hyprctl dispatch dpms on";
+        }
+      ];
+    };
+  };
+
+  wayland.windowManager.hyprland = {
+    enable = true;
+
+    systemd.enable = false;
+    systemd.enableXdgAutostart = false;
+
+    settings = let
+      exe = lib.getExe;
+      scratchpads = [
+        (rec {
+          title = "Floating terminal";
+          class = "floatingTerminal";
+          command = "uwsm app -- ${exe pkgs.alacritty} --class ${class} -e ${exe pkgs.tmux} new-session -A -s f";
+          size = { h = 90; w = 95; };
+          keys = [
+            "$mod, RETURN"
+            "$mod, SPACE"
+          ];
+        })
+        (rec {
+          title = "Ncmpcpp";
+          class = "floatingNcmpcpp";
+          command = "uwsm app -- ${exe pkgs.alacritty} --class ${class} -e ${exe pkgs.ncmpcpp}";
+          size = { h = 95; w = 95; };
+          keys = [ "$mod, Q" ];
+        })
+        # "$mod, W, emacs"
+        # "$mod, E, filebrowser"
+        # "$mod, X, taskwarriortui"
+      ];
+    in {
+      "$mod" = "SUPER";
+
+      # https://github.com/xkbcommon/libxkbcommon/blob/master/include/xkbcommon/xkbcommon-keysyms.h
+      bind = [
+        "$mod SHIFT, Q, exec, ${pkgs.systemd}/bin/loginctl terminate-user \"\""
+        "$mod ALT SHIFT, Q, exec, uwsm stop"
+        "$mod, R, exec, uwsm app -- ${exe config.programs.anyrun.package}"
+        "$mod, T, togglefloating"
+
+        "$mod, F, fullscreenstate, 1"
+        "$mod SHIFT, F, fullscreenstate, 3"
+        "$mod, C, exec, ${cfg.finalPackage}/bin/hyprctl reload"
+
+        "$mod, BACKSPACE, killactive"
+
+        "$mod SHIFT, RETURN, exec, uwsm app -- ${exe pkgs.alacritty} --class termTerminal -e ${exe pkgs.tmux} new-session -A -s term"
+        "$mod SHIFT, SPACE, exec, uwsm app -- ${exe pkgs.alacritty} --class termTerminal -e ${exe pkgs.tmux} new-session -A -s term"
+
+        "$mod, j, layoutmsg,cyclenext"
+        "$mod, k, layoutmsg,cycleprev"
+        "$mod SHIFT, j, layoutmsg, swapnext"
+        "$mod SHIFT, k, layoutmsg, swapprev"
+
+        "$mod, 1, focusworkspaceoncurrentmonitor, 1"
+        "$mod, 2, focusworkspaceoncurrentmonitor, 2"
+        "$mod, 3, focusworkspaceoncurrentmonitor, 3"
+        "$mod, 4, focusworkspaceoncurrentmonitor, 4"
+        "$mod, 5, focusworkspaceoncurrentmonitor, 5"
+        "$mod, 6, focusworkspaceoncurrentmonitor, 6"
+        "$mod, 7, focusworkspaceoncurrentmonitor, 7"
+        "$mod, 8, focusworkspaceoncurrentmonitor, 8"
+        "$mod, 9, focusworkspaceoncurrentmonitor, 9"
+
+        "$mod SHIFT, 1, movetoworkspacesilent, 1"
+        "$mod SHIFT, 2, movetoworkspacesilent, 2"
+        "$mod SHIFT, 3, movetoworkspacesilent, 3"
+        "$mod SHIFT, 4, movetoworkspacesilent, 4"
+        "$mod SHIFT, 5, movetoworkspacesilent, 5"
+        "$mod SHIFT, 6, movetoworkspacesilent, 6"
+        "$mod SHIFT, 7, movetoworkspacesilent, 7"
+        "$mod SHIFT, 8, movetoworkspacesilent, 8"
+        "$mod SHIFT, 9, movetoworkspacesilent, 9"
+
+        "$mod, b, exec, ${pkgs.fcitx5}/bin/fcitx5-remote -s mozc"
+        "$mod, n, exec, ${pkgs.fcitx5}/bin/fcitx5-remote -s keyboard-no"
+        "$mod, m, exec, ${pkgs.fcitx5}/bin/fcitx5-remote -s keyboard-us"
+
+        "$mod, l, exec, ${pkgs.systemd}/bin/loginctl lock-session"
+
+        # TODO: fix
+        # "super + minus" = "${pkgs.xcalib}/bin/xcalib -invert -alter"
+
+        ", Print, exec, ${exe pkgs.grimblast} copy area"
+
+        # "SHIFT, Print, exec, ${lib.getExe pkgs.grimblast} copy area"
+        # "shift + @Print" = "${pkgs.maim}/bin/maim --hidecursor --nokeyboard $SCREENSHOT_DIR/$(date +%s).png"
+
+        "$mod, Print, exec, ${exe pkgs.woomer}"
+      ]
+      ++
+      (lib.pipe scratchpads [
+        (map ({ keys, command, class, ... }:
+          (map (key: let
+            # TODO: rewrite this to take arguments instead of creating n copies
+            invokeIfNotRunningAndToggleWorkspace = pkgs.writeShellApplication {
+              name = "hyprland-toggle-scratchpad-${class}";
+              runtimeInputs = [ cfg.finalPackage pkgs.jq ];
+              text = ''
+                SCRATCHPAD_PROGRAM_EXISTS=$(hyprctl clients -j | jq -r '[.[].class]|any(. == "${class}")')
+                CURRENT_WORKSPACE_ID=$(hyprctl activeworkspace -j | jq -r '.id')
+
+                if [ "$SCRATCHPAD_PROGRAM_EXISTS" != "true" ]; then
+                  ${command} &
+                  hyprctl dispatch movetoworkspacesilent "''${CURRENT_WORKSPACE_ID},class:${class}"
+                  hyprctl dispatch focuswindow "class:${class}"
+                else
+                  SCRATCHPAD_PROGRAM_WORKSPACE_ID=$(hyprctl clients -j | jq '.[] | select( .class == "${class}") | .workspace.id')
+                  if [ "$SCRATCHPAD_PROGRAM_WORKSPACE_ID" != "$CURRENT_WORKSPACE_ID" ]; then
+                    hyprctl dispatch movetoworkspacesilent "''${CURRENT_WORKSPACE_ID},class:${class}"
+                    hyprctl dispatch focuswindow "class:${class}"
+                  else
+                    hyprctl dispatch movetoworkspacesilent "special:${class}Ws,class:${class}"
+                  fi
+                fi
+              '';
+            };
+          in "${key}, exec, ${lib.getExe invokeIfNotRunningAndToggleWorkspace}"
+          ) keys)
+        ))
+        lib.flatten
+      ]);
+
+      bindm = [
+        "$mod, mouse:272, movewindow"
+        "$mod, Control_L, movewindow"
+        "$mod, mouse:273, resizewindow"
+        "$mod, ALT_L, resizewindow"
+      ];
+
+      bindl = [
+        "$mod, p, exec, ${exe pkgs.mpc_cli} toggle"
+        ",XF86AudioPlay, exec, ${exe pkgs.mpc_cli} toggle"
+        ",XF86AudioPrev, exec, ${exe pkgs.mpc_cli} prev"
+        ",XF86AudioNext, exec, ${exe pkgs.mpc_cli} next"
+      ];
+
+      bindle = [
+        ",XF86MonBrightnessUp, exec, ${exe pkgs.brightnessctl} s +5%"
+        ",XF86MonBrightnessDown, exec, ${exe pkgs.brightnessctl} s 5%-"
+        ",XF86AudioLowerVolume, exec, ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%-"
+        ",XF86AudioRaiseVolume, exec, ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%+"
+        "$mod ,F7, exec, ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%-"
+        "$mod ,F8, exec, ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%+"
+      ];
+
+      exec-once = [
+        "uwsm finalize"
+      ];
+
+      windowrulev2 = [
+        "float, class:^(Rofi)$"
+        "float, class:^(xdg-desktop-portal-gtk)$"
+        "float, title:^(.*Bitwarden Password Manager.*)$"
+        "float, title:^(Picture-in-Picture)$"
+        "tile, class:^(Nsxiv)$"
+
+        "float, class: ^(Gimp-2.*)$, title:^(Open Image)$"
+        "size 70%, class: ^(Gimp-2.*)$, title:^(Open Image)$"
+        "center, class: ^(Gimp-2.*)$, title:^(Open Image)$"
+
+        "dimaround, class:^(xdg-desktop-portal-gtk)$"
+
+        "workspace special silent, title:^(Firefox — Sharing Indicator)$"
+        "workspace special silent, title:^(Zen — Sharing Indicator)$"
+        "workspace special silent, title:^(.*is sharing (your screen|a window)\.)$"
+
+        "workspace 2, class:^(firefox)$"
+        "workspace 2, class:^(google-chrome)$"
+
+        "workspace 3, class:^(Emacs)$"
+        "workspace 3, class:^(code)$"
+        "workspace 3, class:^(code-url-handler)$"
+        "workspace 3, class:^(dev.zed.Zed)$"
+
+        "workspace 5, class:^(discord)$"
+        "workspace 5, class:^(Element)$"
+      ]
+      ++
+      (lib.pipe scratchpads [
+        (map ({ class, size, ... }: [
+          "workspace special:${class}Ws, class:^${class}$"
+          "float, class:^${class}$"
+          "size ${toString size.w}% ${toString size.h}%, class:^${class}$"
+          "move ${toString ((100 - size.w) / 2)}% ${toString ((100 - size.h) / 2)}%, class:^${class}$"
+        ]))
+        lib.flatten
+      ]);
+
+      monitor = [
+        # TODO: host specific
+        "eDP-1, 3840x2400@90.00Hz, 0x0, 2"
+
+        # PVV Demiurgen
+        "desc:Hewlett Packard HP ZR24w CNT01711G6, 1920x1200, 0x-1200, 1"
+        "desc:Hewlett Packard HP ZR24w CNT018103H, 1920x1200, 1920x-1200, 1"
+
+        # PVV Eirin
+        "desc:Hewlett Packard HP ZR24w CNT01710L4, 1920x1200, 0x-1200, 1"
+        "desc:Hewlett Packard HP ZR24w CNT0181039, 1920x1200, 1920x-1200, 1"
+
+        ",preferred,auto,1"
+      ];
+
+      general = {
+        gaps_in = 5;
+        gaps_out = 15;
+
+        border_size = 2;
+
+        "col.active_border" = "rgba(33ccffee) rgba(00ff99ee) 45deg";
+        "col.inactive_border" = "rgba(595959aa)";
+
+        resize_on_border = false;
+        allow_tearing = false;
+        layout = "master";
+      };
+
+      decoration = {
+        rounding = 10;
+
+        # Change transparency of focused and unfocused windows
+        active_opacity = 1.0;
+        inactive_opacity = 1.0;
+
+        # drop_shadow = true;
+        # shadow_range = 4;
+        # shadow_render_power = 3;
+        # "col.shadow" = "rgba(1a1a1aee)";
+
+        # https://wiki.hyprland.org/Configuring/Variables/#blur
+        blur = {
+          enabled = true;
+          size = 3;
+          passes = 1;
+
+          vibrancy = 0.1696;
+        };
+      };
+
+      animations.enabled = false;
+
+      master = {
+          new_status = "slave";
+      };
+
+      misc = {
+        force_default_wallpaper = 0; # Set to 0 or 1 to disable the anime mascot wallpapers
+        disable_hyprland_logo = false; # If true disables the random hyprland logo / anime girl background. :(
+      };
+
+      input ={
+        kb_layout = "us";
+        kb_variant = "";
+        kb_model = "";
+        kb_options = "caps:escape";
+        kb_rules = "";
+
+        follow_mouse = 1;
+
+        sensitivity = 0; # -1.0 - 1.0, 0 means no modification.
+
+        touchpad = {
+          natural_scroll = false;
+        };
+      };
+    };
+  };
+
+  services.hyprpaper = {
+    enable = true;
+    settings.ipc = true;
+  };
+
+  # UWSM
+  systemd.user.services = {
+    hypridle.Unit.After = lib.mkForce "graphical-session.target";
+    waybar.Unit.After = lib.mkForce "graphical-session.target";
+    network-manager-applet.Unit.After = lib.mkForce "graphical-session.target";
+    fcitx5-daemon.Unit.After = lib.mkForce "graphical-session.target";
+    # hyprpaper.Unit.After = lib.mkForce "graphical-session.target";
+  };
+}

home/programs/man.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+  programs.man = {
+    enable = true;
+    generateCaches = true;
+  };
+}

home/programs/mpv.nix

@@ -0,0 +1,16 @@
+{ config, lib, machineVars, ... }:
+{
+  programs.mpv = {
+    enable = !machineVars.headless;
+
+    config = {
+      screenshot-directory = "${config.xdg.userDirs.pictures}/mpv-screenshots";
+
+      #https://wiki.nixos.org/wiki/Accelerated_Video_Playback
+      hwdec       = "auto-safe";
+      vo          = "gpu";
+      profile     = "gpu-hq";
+      gpu-context = lib.mkIf machineVars.wayland "wayland";
+    };
+  };
+}

home/programs/ncmpcpp.nix

@@ -1,4 +1,4 @@
-{pkgs, ...}:
+{ config, pkgs, ... }:
 {
   programs.ncmpcpp = {
     enable = true;
@@ -332,11 +332,11 @@
       window_border_color = "green";
       active_window_border = "red";
 
-      visualizer_data_source = "/tmp/mpd.fifo";
+      visualizer_data_source = "/run/user/${toString config.home.uid}/mpd/visualizer.fifo";
       visualizer_output_name = "Visualizer feed";
       visualizer_in_stereo = "no";
-      visualizer_type = "spectrum"; # spectrum, ellipse, wave_filled, wave
-      visualizer_look = "+█"; # wave | spectrum, ellipse, wave_filled
+      # visualizer_type = "spectrum"; # spectrum, ellipse, wave_filled, wave
+      # visualizer_look = "+█"; # wave | spectrum, ellipse, wave_filled
     };
   };
 }

home/programs/neovim/default.nix

@@ -1,26 +1,28 @@
-{ pkgs, home, ... }:
+{ pkgs, lib, machineVars, ... }:
 {
-  imports = [
-    ./auto-clean-swapfiles.nix
-  ];
-
   programs.neovim = {
     enable = true;
 
+    auto-clean-swapfiles.enable = true;
+
     viAlias = true;
     vimAlias = true;
     vimdiffAlias = true;
 
     plugins = with pkgs.vimPlugins; [
       direnv-vim
-      vim-commentary
-      vim-gitgutter
       fzf-vim
-      vim-which-key
+      vim-commentary
+      vim-css-color
+      vim-fugitive
+      vim-gitgutter
       vim-nix
       vim-surround
-      vim-fugitive
-      vim-css-color
+      vim-trailing-whitespace
+      vim-which-key
+    ] ++ (lib.optionals machineVars.wayland [
+      vim-wayland-clipboard
+    ]) ++ [
       semshi
       {
         plugin = goyo-vim;
@@ -66,25 +68,58 @@
       }
       limelight-vim
       vim-tmux-navigator
-      vim-polyglot
       lightline-vim
+      vim-better-whitespace
       {
-        plugin = rainbow;
+        plugin = nvim-treesitter.withAllGrammars;
         config = ''
-          let g:rainbow_active = 1
+        packadd! nvim-treesitter
+        lua << EOF
+          require'nvim-treesitter.configs'.setup {
+            highlight = {
+              enable = true,
+            },
+          }
+        EOF
+        '';
+      }
+      {
+        plugin = rainbow-delimiters-nvim;
+        config = ''
+        lua << EOF
+          local rainbow_delimiters = require 'rainbow-delimiters'
+          vim.g.rainbow_delimiters = {
+            ["highlight"] = {
+              'RainbowDelimiterRed',
+              'RainbowDelimiterYellow',
+              'RainbowDelimiterBlue',
+              'RainbowDelimiterGreen',
+              'RainbowDelimiterViolet',
+              'RainbowDelimiterCyan',
+            },
+          }
+        EOF
         '';
       }
       {
         plugin = vim-monokai;
         config = ''
           colorscheme monokai
-          autocmd ColorScheme * highlight Normal ctermbg=0
-          autocmd ColorScheme * highlight LineNr ctermbg=0
-          autocmd ColorScheme * highlight CursorLineNR ctermbg=0 ctermfg=208
-          autocmd ColorScheme * highlight SignColumn ctermbg=0
-          autocmd ColorScheme * highlight GitGutterAdd ctermbg=0
-          autocmd ColorScheme * highlight GitGutterChange ctermbg=0
-          autocmd ColorScheme * highlight GitGutterDelete ctermbg=0
+
+          autocmd ColorScheme monokai highlight Normal ctermbg=0
+          autocmd ColorScheme monokai highlight LineNr ctermbg=0
+          autocmd ColorScheme monokai highlight CursorLineNR ctermbg=0 ctermfg=208
+          autocmd ColorScheme monokai highlight SignColumn ctermbg=0
+          autocmd ColorScheme monokai highlight GitGutterAdd ctermbg=0
+          autocmd ColorScheme monokai highlight GitGutterChange ctermbg=0
+          autocmd ColorScheme monokai highlight GitGutterDelete ctermbg=0
+
+          autocmd ColorScheme monokai highlight RainbowDelimiterRed    { fg = g:terminal_color_9 }
+          autocmd ColorScheme monokai highlight RainbowDelimiterYellow { fg = g:terminal_color_11 }
+          autocmd ColorScheme monokai highlight RainbowDelimiterBlue   { fg = g:terminal_color_12 }
+          autocmd ColorScheme monokai highlight RainbowDelimiterGreen  { fg = g:terminal_color_10 }
+          autocmd ColorScheme monokai highlight RainbowDelimiterViolet { fg = g:terminal_color_13 }
+          autocmd ColorScheme monokai highlight RainbowDelimiterCyan   { fg = g:terminal_color_14 }
         '';
       }
     ];

home/programs/newsboat/default.nix

@@ -12,6 +12,10 @@ in {
 
   programs.newsboat = {
     enable = true;
+
+    fetch-articles.enable = true;
+    vacuum.enable = true;
+
     autoReload = true;
     maxItems = 50;
     browser = ''"${defaultBrowser}"'';
@@ -71,76 +75,10 @@ in {
     ];
   };
 
-  systemd.user.slices.app-newsboat = {
-    Unit = {
-      Description = "Newsboat automation";
-      Documentation = [ "man:newsboat(1)" ];
-    };
-  };
-
-  # TODO: wait for internet
-  systemd.user.services.newsboat-fetch-articles = {
-    Unit = {
-      Description = "Automatically fetch new articles for newsboat";
-      Documentation = [ "man:newsboat(1)" ];
-    };
-
-    Service = {
-      Type = "oneshot";
-      Slice = "app-newsboat.slice";
-      CPUSchedulingPolicy = "idle";
-      IOSchedulingClass = "idle";
-      ExecStart = "${lib.getExe pkgs.flock} %t/newsboat.lock ${lib.getExe package} --execute=reload";
-    };
-  };
-
-  systemd.user.timers.newsboat-fetch-articles = {
-    Unit = {
-      Description = "Automatically fetch new articles for newsboat";
-      Documentation = [ "man:newsboat(1)" ];
-      After = [ "network.target" ];
-    };
-
-    Timer = {
-      Unit = "newsboat-fetch-articles.service";
-      OnCalendar = lib.mkDefault "daily";
-      Persistent = true;
-    };
-
-    Install = {
-      WantedBy = [ "timers.target" ];
-    };
-  };
-
-  systemd.user.services.newsboat-vacuum = {
-    Unit = {
-      Description = "Automatically clean newsboat cache";
-      Documentation = [ "man:newsboat(1)" ];
-    };
-
-    Service = {
-      Type = "oneshot";
-      Slice = "app-newsboat.slice";
-      CPUSchedulingPolicy = "idle";
-      IOSchedulingClass = "idle";
-      ExecStart = "${lib.getExe pkgs.flock} %t/newsboat.lock ${lib.getExe package} --vacuum";
-    };
-  };
-
-  systemd.user.timers.newsboat-vacuum = {
-    Unit = {
-      Description = "Automatically clean newsboat cache";
-      Documentation = [ "man:newsboat(1)" ];
-    };
-
-    Timer = {
-      Unit = "newsboat-vacuum.service";
-      OnCalendar = lib.mkDefault "weekly";
-      Persistent = true;
-    };
-
-    Install = {
-      WantedBy = [ "timers.target" ];
-    };
-  };
+  # systemd.user.slices.app-newsboat = {
+  #   Unit = {
+  #     Description = "Newsboat automation";
+  #     Documentation = [ "man:newsboat(1)" ];
+  #   };
+  # };
 }

home/programs/newsboat/sources.nix

@@ -37,6 +37,7 @@ in {
     (mkSource [ "japanese" "language" ] "https://www.outlier-linguistics.com/blogs/japanese.atom")
     (mkSource [ "language" ] "https://feeds.feedburner.com/blogspot/Ckyi")
     (mkSource [ "japanese" "language" "old" ] "http://feeds.feedburner.com/LocalizingJapan")
+    (mkSource [ "japanese" "language" ] "https://wesleycrobertson.wordpress.com/feed/")
     (mkSource [ "tech" "vim" "old" ] "https://castel.dev/rss.xml")
     (mkSource [ "tech" "functional-programming" "old" ] "https://skilpat.tumblr.com/rss")
     (mkSource [ "tech" ] "https://resocoder.com/feed/")

home/programs/nix-index/default.nix

@@ -1,9 +1,7 @@
 { ... }:
 {
-  imports = [ ./fetch-nix-index-database.nix ];
-
   programs.nix-index = {
     enable = true;
-    enableDatabaseFetcher = true;
+    autoUpdateDatabase.enable = true;
   };
-}
+}

home/programs/nix.nix

@@ -0,0 +1,21 @@
+{ config, ... }:
+{
+  sops = {
+    secrets = {
+      "nix/access-tokens/github" = { sopsFile = ../../secrets/common.yaml; };
+      "nix/access-tokens/pvv-git" = { sopsFile = ../../secrets/common.yaml; };
+    };
+    templates."nix-access-tokens.conf".content = let
+      inherit (config.sops) placeholder;
+    in ''
+      access-tokens = github.com=${placeholder."nix/access-tokens/github"} git.pvv.ntnu.no=${placeholder."nix/access-tokens/pvv-git"}
+    '';
+  };
+
+  nix = {
+    settings.use-xdg-base-directories = true;
+    extraOptions = ''
+      !include ${config.sops.templates."nix-access-tokens.conf".path}
+    '';
+  };
+}

home/programs/nushell.nix

@@ -0,0 +1,6 @@
+{ ... }:
+{
+  programs.nushell = {
+    enable = true;
+  };
+}

home/programs/obs-studio.nix

@@ -0,0 +1,4 @@
+{ machineVars, ... }:
+{
+  programs.obs-studio.enable = !machineVars.headless;
+}

home/programs/pandoc.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.pandoc.enable = true;
+}

home/programs/prism-launcher.nix

@@ -0,0 +1,12 @@
+{ pkgs, ... }:
+{
+  programs.prism-launcher = {
+    enable = true;
+
+    package = pkgs.prismlauncher.override {
+      jdk17 = pkgs.jdk21;
+    };
+
+    screenshotMover.enable = true;
+  };
+}

home/programs/python.nix

@@ -0,0 +1,24 @@
+{ config, pkgs, extendedLib, ... }:
+{
+  # Python for interactive use
+  home.packages = [
+    (pkgs.python3.withPackages (pypkgs: with pypkgs; [
+      requests
+    ]))
+  ];
+
+  xdg.configFile."python/pyrc".text = ''
+    #!/usr/bin/env python3
+    import sys
+
+    # You also need \x01 and \x02 to separate escape sequence, due to:
+    # https://stackoverflow.com/a/9468954/1147688
+    sys.ps1='\x01\x1b${extendedLib.termColors.front.blue "[Python]> "}\x02>>>\x01\x1b[0m\x02 '  # bright yellow
+    sys.ps2='\x01\x1b[1;49;31m\x02...\x01\x1b[0m\x02 '  # bright red
+  '';
+
+  home.sessionVariables = {
+    PYTHONSTARTUP = "${config.xdg.configHome}/python/pyrc";
+    PYTHON_HISTORY = "${config.xdg.dataHome}/python_history";
+  };
+}

home/programs/ripgrep.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.ripgrep.enable = true;
+}

home/programs/rofi/blank.rasi

@@ -0,0 +1,145 @@
+// Based on the glorious dotfiles:
+// https://github.com/manilarome/the-glorious-dotfiles/blob/master/config/awesome/surreal/configuration/rofi/global/rofi.rasi
+
+* {
+	transparent: #00000000;
+	foreground: #F2F2F2EE;
+	background-selected: #F2F2F245;
+	background-active: #F2F2F230;
+	background-white: #F2F2F211;
+	background-black: #00000066;
+	urgent: #E91E6366;
+	urgent-selected: #E91E6377;
+}
+
+window {
+	transparency: "real";
+	background-color: @transparent;
+	location: center;
+	anchor: center;
+	x-offset: 0px;
+	height: 500px;
+	width: 750px;
+	orientation: vertical;
+	border-radius: 12px;
+}
+
+prompt {
+	enabled: false;
+}
+
+button {
+	action: "ok";
+	str: " ";
+	font: "Droid Sans 12";
+	expand: false;
+	text-color: @foreground;
+	background-color: @transparent;
+	vertical-align: 0.7;
+	horizontal-align: 0.5;
+}
+
+entry {
+	font: "Droid Sans 12";
+	background-color: @transparent;
+	text-color: @foreground;
+	expand: true;
+	vertical-align: 0.5;
+	horizontal-align: 0.5;
+	placeholder: "Type to search";
+	placeholder-color: @foreground;
+	blink: true;
+}
+
+case-indicator {
+	background-color: @transparent;
+	text-color: @foreground;
+	vertical-align: 0.5;
+	horizontal-align: 0.5;
+}
+
+entry-wrapper {
+	orientation: horizontal;
+	vertical-align: 0.5;
+	spacing: 4px;
+	background-color: @transparent;
+	children: [ button, entry, case-indicator ];
+}
+
+inputbar {
+	background-color: @background-white;
+	text-color: @foreground;
+	expand: false;
+	border-radius: 24px;
+	margin: 0px 225px 0px 225px;
+	padding: 10px 10px 10px 10px;
+	position: north;
+	children: [ entry-wrapper ];
+}
+
+listview {
+	background-color: @transparent;
+	columns: 2;
+	spacing: 5px;
+	cycle: false;
+	dynamic: true;
+	layout: vertical;
+}
+
+mainbox {
+	background-color: @background-black;
+	children: [ inputbar, listview ];
+	spacing: 25px;
+	padding: 40px 25px 25px 25px;
+}
+
+element {
+	background-color: @transparent;
+	text-color: @foreground;
+	orientation: horizontal;
+	border-radius: 6px;
+	padding: 5px 10px 5px 10px;
+}
+
+element-icon {
+	background-color: @transparent;
+	size: 46px;
+	border: 0;
+}
+
+element-text {
+	background-color: @transparent;
+	text-color: @foreground;
+	expand: true;
+	horizontal-align: 0;
+	vertical-align: 0.5;
+	margin: 0 10px 0 10px;
+}
+
+element normal.urgent,
+element alternate.urgent {
+	background-color: @urgent;
+	text-color: @foreground;
+	border-radius: 9px;
+}
+
+element normal.active,
+element alternate.active {
+	background-color: @background-active;
+	text-color: @foreground;
+}
+
+element selected {
+	background-color: @background-selected;
+	text-color: @foreground;
+}
+
+element selected.urgent {
+	background-color: @urgent-selected;
+	text-color: @foreground;
+}
+
+element selected.active {
+	background-color: @background-active;
+	color: @foreground-selected;
+}

home/programs/rofi/default.nix

@@ -1,4 +1,4 @@
-{pkgs, inputs, ...}:
+{ pkgs, ... }:
 {
   programs.rofi = {
     enable = true;
@@ -14,7 +14,7 @@
     # ];
 
     font = "Droid Sans 12";
-    theme = "${inputs.dotfiles}/general/.config/rofi/themes/blank.rasi";
+    theme = ./blank.rasi;
 
     extraConfig = {
       modi = "window,run,drun,ssh,windowcd";

home/programs/skim.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+  programs.skim = {
+    enable = true;
+    defaultCommand = "fd --type f";
+  };
+}

home/programs/sqlite.nix

@@ -0,0 +1,17 @@
+{ config, pkgs, ... }:
+{
+  xdg.configFile."sqlite3/sqliterc".text = ''
+    .bail on
+    .changes on
+    .headers on
+    .mode box
+    .nullvalue '<NULL>'
+    .timer on
+  '';
+
+  home.packages = [
+    pkgs.sqlite-interactive
+  ];
+
+  home.sessionVariables.SQLITE_HISTORY= "${config.xdg.dataHome}/sqlite_history";
+}

home/programs/ssh/default.nix

@@ -1,4 +1,8 @@
-{ config, ... }:
+{ config, pkgs, ... }:
+let
+  runtimeDir = "/run/user/${toString config.home.uid}";
+  controlMastersDir = "${runtimeDir}/ssh";
+in
 {
   imports = [
     ./home.nix
@@ -10,5 +14,26 @@
     mode = "0444";
   };
 
-  programs.ssh.includes = [ config.sops.secrets."ssh/secret-config".path ];
+  programs.ssh = {
+    enable = true;
+    includes = [
+      config.sops.secrets."ssh/secret-config".path
+      "${config.home.homeDirectory}/.ssh/mutable_config"
+    ];
+
+    controlMaster = "auto";
+    controlPersist = "10m";
+    controlPath = "${controlMastersDir}/%n%C";
+  };
+
+  systemd.user.tmpfiles.settings."10-ssh" = {
+    ${controlMastersDir}.d = {
+      user = config.home.username;
+      mode = "0700";
+    };
+    "${config.home.homeDirectory}/.ssh/mutable_config".f = {
+      user = config.home.username;
+      mode = "0600";
+    };
+  };
 }

home/programs/ssh/other.nix

@@ -9,7 +9,7 @@
     "github" = {
       user = "git";
       hostname = "github.com";
-      identityFile = [ "~/.ssh/id_ed25519" ];
+      identityFile = [ "~/.ssh/id_rsa" ];
     };
     "github-nordicsemi" = {
       user = "git";
@@ -31,5 +31,15 @@
       hostname = "wiki.wackattack.eu";
       port = 1337;
     };
+    "garp" = {
+      user = "h7x4";
+      hostname = "garp.pbsds.net";
+      proxyJump = "pvv";
+    };
+    "bolle" = {
+      user = "h7x4";
+      hostname = "bolle.pbsds.net";
+      proxyJump = "pvv";
+    };
   };
 }

home/programs/ssh/pvv.nix

@@ -1,12 +1,13 @@
 { pkgs, lib, ... }:
-let
-  adminUser = "root";
-  normalUser = "oysteikt";
-
-  # http://www.pvv.ntnu.no/pvv/Maskiner
+let # http://www.pvv.ntnu.no/pvv/Maskiner
   normalMachines = [
     {
-      names = [ "hildring" "pvv-login" "pvv" ];
+      names = [ "hildring" "pvv-login" ];
+      proxyJump = lib.mkDefault null;
+      addressFamily = "inet";
+    }
+    {
+      names = [ "drolsum" "pvv-login2" "pvv" ];
       proxyJump = lib.mkDefault null;
       addressFamily = "inet";
     }
@@ -17,17 +18,22 @@ let
     "buskerud"
     "dagali"
     "demiurgen"
-    "drolsum"
     "eirin"
     "georg"
     "ildkule"
     "isvegg"
     "knutsen"
-    [ "microbel" "pvv-users" "pvv-mail" ]
+    "kommode"
+    {
+      names = [ "microbel" "pvv-users" "pvv-mail" ];
+      proxyJump = lib.mkDefault null;
+      addressFamily = "inet";
+    }
     "orchid"
     "shark"
     "tallulah"
     "tom"
+    "ustetind"
     "venture"
   ];
 
@@ -38,66 +44,45 @@ let
     "ludvigsen"
     [ "principal" "pvv-backup" ]
     [ "skrott" "dibbler" ]
-    [ "sleipner" "pvv-salt" ]
+    {
+      names = [ "sleipner" "pvv-salt" ];
+      user = "oysteikt/admin";
+    }
   ];
 
-  # Either( String [String] AttrSet{String} ) -> AttrSet{String}
-  coerceToSSHMatchBlock =
-    machine:
-    if builtins.isString machine then { names = [machine]; }
-    else if builtins.isList machine then { names = machine; }
-    else machine;
+  overrideIfNotExists = b: a: a // (builtins.removeAttrs b (builtins.attrNames a));
 
-  # ListOf(String) -> AttrSet
-  machineWithNames = let
-    inherit (lib.lists) head;
-    inherit (lib.strings) split;
-  in
-    names: { hostname = "${head names}.pvv.ntnu.no"; };
+  coerce = user: machines: lib.pipe machines [
+    (m: if builtins.isString m then { names = [m]; } else m)
+    (m: if builtins.isList m then { names = m; } else m)
+    (overrideIfNotExists { inherit user; })
+  ];
 
-  # AttrSet -> AttrSet -> AttrSet
-  convertMachineWithDefaults = defaults: normalizedMachine: let
-    inherit (lib.attrsets) nameValuePair;
-    inherit (lib.strings) concatStringsSep;
-    inherit (normalizedMachine) names;
+  normalUser = "oysteikt";
 
-    name = concatStringsSep " " names;
-    value =
-      (machineWithNames names)
-      // defaults
-      // removeAttrs normalizedMachine ["names"];
-  in
-    nameValuePair name value;
+  matchConfig = let
+    machines = (map (coerce normalUser) normalMachines) ++ (map (coerce "root") rootMachines);
+    setVars = orig@{ names, ... }: {
+      name = builtins.concatStringsSep " " names;
+      value = overrideIfNotExists {
+        hostname = "${builtins.head names}.pvv.ntnu.no";
+        proxyJump = "microbel";
+        addressFamily = "inet";
+      } (builtins.removeAttrs orig ["names"]);
+    };
+  in builtins.listToAttrs (map setVars machines);
 
-  # AttrSet -> AttrSet
-  convertNormalMachine = convertMachineWithDefaults { user = normalUser; proxyJump = "pvv"; };
-  # AttrSet -> AttrSet
-  convertAdminMachine =
-    convertMachineWithDefaults { user = adminUser; proxyJump = "pvv"; };
-
-  # ListOf (Either(String ListOf(String) AttrsOf(String))) -> (AttrSet -> AttrSet) -> AttrSet
-  convertMachinesWith = convertMachineFunction: let
-    inherit (lib.attrsets) listToAttrs;
-    inherit (lib.trivial) pipe;
-    pipeline = [
-      (map coerceToSSHMatchBlock)
-      (map convertMachineFunction)
-      listToAttrs
-    ];
-  in
-    machines: pipe machines pipeline;
 in
   {
     programs.ssh.matchBlocks = lib.mergeAttrsList [
-      (convertMachinesWith convertNormalMachine normalMachines)
-      (convertMachinesWith convertAdminMachine rootMachines)
+      matchConfig
       {
         "pvv-git git.pvv.ntnu.no" = {
           hostname = "git.pvv.ntnu.no";
           user = "gitea";
           addressFamily = "inet";
           port = 2222;
-          proxyJump = "pvv";
+          proxyJump = "microbel";
         };
       }
     ];

home/programs/texlive.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+  programs.texlive = {
+    enable = true;
+    # packageSet = pkgs.texlive.combined.scheme-medium;
+  };
+}

home/programs/tmux/default.nix

@@ -1,4 +1,4 @@
-{pkgs, ...}:
+{ pkgs, lib, ... }:
 {
   programs.tmux = {
     enable = true;
@@ -7,6 +7,9 @@
     escapeTime = 0;
     keyMode = "vi";
     prefix = "C-a";
+    mouse = true;
+    terminal = "screen-256color";
+
     plugins = with pkgs.tmuxPlugins; [
       copycat
       fingers
@@ -19,15 +22,31 @@
       tmux-fzf
       urlview
     ];
-    extraConfig = ''
+
+    extraConfig = let
+      fileContentsWithoutShebang = script: lib.pipe script [
+        lib.fileContents
+        (lib.splitString "\n")
+        (lib.drop 3) # remove shebang
+        (lib.concatStringsSep "\n")
+      ];
+
+      fcitx5-status = (pkgs.writeShellApplication {
+        name = "tmux-fcitx5-status";
+        runtimeInputs = with pkgs; [ dbus ];
+        text = fileContentsWithoutShebang ./scripts/fcitx5-status.sh;
+      });
+      mpd-status = (pkgs.writeShellApplication {
+        name = "tmux-mpd-status";
+        runtimeInputs = with pkgs; [ mpc-cli gawk gnugrep ];
+        text = fileContentsWithoutShebang ./scripts/mpd-status.sh;
+      });
+    in ''
       # Don't rename windows automatically after rename with ','
       set-option -g allow-rename off
 
-      set -g mouse on
       set -q -g status-utf8 on
       setw -q -g utf8 on
-      set-option -g default-terminal screen-256color
-      set -g base-index 1 # windows starts at 1
       setw -g monitor-activity on
       set -g visual-activity on
 
@@ -35,9 +54,6 @@
       set -g status-left-length 30
       set -g status-right-length 150
 
-      set -g base-index 1
-      set -g pane-base-index 0
-
       ######################
       ######## KEYS ########
       ######################
@@ -91,8 +107,8 @@
       ### DESIGN CHANGES ###
       ######################
 
-      set-option -g status-left '#{prefix_highlight} #[bg=blue]#[fg=black,bold] ###S #[bg=default]  #[fg=green]#(~/.scripts/tmux/fcitx)  #[fg=red]%H:%M   '
-      set-option -g status-right '#[fg=red]#(~/.scripts/tmux/mpd)'
+      set-option -g status-left '#{prefix_highlight} #[bg=blue]#[fg=black,bold] ###S #[bg=default]  #[fg=green]#(${lib.getExe fcitx5-status})  #[fg=red]%H:%M   '
+      set-option -g status-right '#[fg=red]#(${lib.getExe mpd-status})'
       set-window-option -g window-status-current-style fg=magenta
       set-option -g status-style 'bg=black fg=default'
       set-option -g default-shell '${pkgs.zsh}/bin/zsh'

home/programs/tmux/scripts/fcitx5-status.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p dbus
+
+printState() {
+  STATUS=$(dbus-send --session --print-reply=literal --dest='org.fcitx.Fcitx5' '/controller' 'org.fcitx.Fcitx.Controller1.CurrentInputMethod' | tr -d '[:space:]')
+
+  case $STATUS in
+    keyboard-us)
+      echo 'US'
+    ;;
+    keyboard-no)
+      echo 'NO'
+    ;;
+    mozc)
+      echo '日本語'
+    ;;
+    *)
+      echo "$STATUS?"
+    ;;
+  esac
+}
+
+while :; do
+  printState
+  sleep 1
+done

home/programs/tmux/scripts/mpd-status.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i sh -p mpc-cli gawk gnugrep
+
+while true; do
+  MPC_OUTPUT=$(mpc --format '[[%artist% - ]%title%]|[%file%]')
+
+  TITLE=$(head -n 1 <<<"$MPC_OUTPUT")
+
+  if [ ${#TITLE} -gt 60 ]; then
+    TITLE=$(awk '{print substr($0,0,57) "..."}' <<<"$TITLE")
+  fi
+
+  LINE2=$(head -n 2 <<<"$MPC_OUTPUT" | tail -n 1)
+
+  PLAY_STATUS_RAW=$(awk '{print $1}' <<<"$LINE2")
+
+  if [ "$PLAY_STATUS_RAW" == "[playing]" ]; then
+    PLAY_STATUS="▶"
+  elif [ "$PLAY_STATUS_RAW" == "[paused]" ]; then
+    PLAY_STATUS="⏸"
+  else
+    PLAY_STATUS="??"
+  fi
+
+  TIME=$(awk '{print $3}' <<<"$LINE2")
+
+  echo -e "$PLAY_STATUS $TITLE | [$TIME]"
+  sleep 1
+done

home/programs/uv.nix

@@ -0,0 +1,14 @@
+{ pkgs, ... }:
+{
+  home.packages = [
+    pkgs.uv
+  ];
+
+  # https://docs.astral.sh/uv/configuration/files/
+  # https://docs.astral.sh/uv/reference/settings/
+  xdg.configFile."uv/uv.toml".source = (pkgs.formats.toml { }).generate "uv-config" {
+    python-downloads = "never";
+    python-preference = "only-system";
+    pip.index-url = "https://test.pypi.org/simple";
+  };
+}

home/programs/vscode/default.nix

@@ -27,7 +27,15 @@ in
   programs.vscode = {
     enable = true;
 
-    package = pkgs.vscode;
+    package = pkgs.vscode.overrideAttrs (prev: {
+      # NOTE: this messes up zsh's tab completion in the terminal whenever code is started
+      #       from within a shell
+      preFixup = prev.preFixup + ''
+        gappsWrapperArgs+=(
+          --unset TMUX_PANE
+        )
+      '';
+    });
 
     userSettings = let
       editor = mapPrefixToSet "editor" {
@@ -159,6 +167,7 @@ in
       "telemetry.telemetryLevel" = "off";
       "terminal.integrated.fontSize" = 14;
       "vsintellicode.modify.editor.suggestSelection" = "automaticallyOverrodeDefaultValue";
+      "keyboard.dispatch" = "keyCode";
       "window.zoomLevel" = 1;
 
       "search.exclude" = {
@@ -193,8 +202,6 @@ in
       "errorLens.errorBackground" = "rgba(240,0,0,0.1)";
       "errorLens.warningBackground" = "rgba(180,180,0,0.1)";
 
-      "keyboard-quickfix.showActionNotification" = false;
-
       "liveshare.presence" = true;
       "liveshare.showInStatusBar" = "whileCollaborating";
 
@@ -229,9 +236,15 @@ in
 
     keybindings = [
       {
-        key = "ctrl+[Period]";
-        command = "keyboard-quickfix.openQuickFix";
-        when = "editorHasCodeActionsProvider && editorTextFocus && !editorReadonly";
+        key = "alt+k";
+        when = "codeActionMenuVisible";
+        command = "selectPrevCodeAction";
+      }
+
+      {
+        key = "alt+j";
+        when = "codeActionMenuVisible";
+        command = "selectNextCodeAction";
       }
 
       {
@@ -324,6 +337,7 @@ in
       ms-vscode.test-adapter-converter
       visualstudioexptteam.vscodeintellicode
       tamasfe.even-better-toml
+      maximedenes.vscoq
     ] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
       {
         name = "monokai-st3";

home/programs/waybar.nix

@@ -0,0 +1,245 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.programs.waybar;
+  cfgs = cfg.settings.mainBar;
+in
+{
+  programs.waybar = {
+    enable = true;
+    systemd.enable = true;
+
+    settings = {
+      mainBar = {
+        layer = "top";
+        position = "top";
+        height = 30;
+
+        # TODO: configure this per machine
+        # output = [ "DP-2" ];
+
+        modules-left = [ "hyprland/workspaces"  ];
+        modules-center = [ "clock" ];
+        modules-right = [ "mpd" "cpu" "memory" "wireplumber" "pulseaudio/slider" "battery" "tray" ];
+
+        "hyprland/workspaces" = {
+          all-outputs = true;
+          disable-scroll = true;
+          persistent-workspaces = {
+            ${lib.head cfgs.output} = [ 1 2 3 4 5 6 7 8 ];
+          };
+        };
+
+        "mpd" = {
+          format = "{filename}";
+        };
+
+        "cpu" = {
+          format = "[#] {usage}%";
+        };
+
+        "memory" = {
+          format = "{used}/{total}Gb";
+        };
+
+        "wireplumber" = {
+          format = "{volume}% {icon}";
+          format-muted = "[M]";
+        };
+
+        "pulseaudio/slider" = {
+          orientation = "horizontal";
+        };
+
+        "tray" = {
+          icon-size = 20;
+          spacing = 8;
+        };
+      };
+    };
+
+    style = let
+      c = config.colors.defaultColorSet;
+    in ''
+      * {
+          font-family: FiraCode, FontAwesome, Roboto, Helvetica, Arial, sans-serif;
+          font-size: 13px;
+      }
+
+      window#waybar {
+          background-color: ${c.background};
+          color: ${c.foreground};
+      }
+
+      #pulseaudio-slider trough {
+          min-height: 10px;
+          min-width: 100px;
+      }
+
+      /**** DEFAULT ****/
+
+      window#waybar.hidden {
+          opacity: 0.2;
+      }
+
+      button {
+          /* Use box-shadow instead of border so the text isn't offset */
+          box-shadow: inset 0 -3px transparent;
+          /* Avoid rounded borders under each button name */
+          border: none;
+          border-radius: 0;
+      }
+
+      /* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
+      button:hover {
+          background: inherit;
+          box-shadow: inset 0 -3px #ffffff;
+      }
+
+
+      #workspaces button.empty {
+          color: ${c.yellow};
+      }
+
+      #workspaces button {
+          padding: 0 5px;
+          color: ${c.magenta};
+          background-color: transparent;
+      }
+
+      #workspaces button.visible {
+          color: ${c.green};
+      }
+
+      #workspaces button.urgent {
+          background-color: ${c.red};
+      }
+
+      #workspaces button:hover {
+          background: rgba(0, 0, 0, 0.2);
+      }
+
+      #mode {
+          background-color: #64727D;
+          box-shadow: inset 0 -3px #ffffff;
+      }
+
+      #clock,
+      #battery,
+      #cpu,
+      #memory,
+      #disk,
+      #temperature,
+      #backlight,
+      #network,
+      #pulseaudio,
+      #wireplumber,
+      #custom-media,
+      #tray,
+      #mode,
+      #idle_inhibitor,
+      #scratchpad,
+      #power-profiles-daemon,
+      #mpd {
+          padding: 0 10px;
+          color: ${c.foreground};
+      }
+
+      #window,
+      #workspaces {
+          margin: 0 4px;
+      }
+
+      /* If workspaces is the leftmost module, omit left margin */
+      .modules-left > widget:first-child > #workspaces {
+          margin-left: 0;
+      }
+
+      /* If workspaces is the rightmost module, omit right margin */
+      .modules-right > widget:last-child > #workspaces {
+          margin-right: 0;
+      }
+
+      #clock {
+          background-color: #64727D;
+      }
+
+      #cpu {
+          background-color: ${c.cyan};
+          color: #000000;
+      }
+
+      #memory {
+          background-color: ${c.yellow};
+          color: #000000;
+      }
+
+      #network {
+          background-color: #2980b9;
+      }
+
+      #network.disconnected {
+          background-color: #f53c3c;
+      }
+
+      #pulseaudio {
+          background-color: #f1c40f;
+          color: #000000;
+      }
+
+      #pulseaudio.muted {
+          background-color: #90b1b1;
+          color: #2a5c45;
+      }
+
+      #wireplumber {
+          background-color: #fff0f5;
+          color: #000000;
+      }
+
+      #wireplumber.muted {
+          background-color: #f53c3c;
+      }
+
+      #tray {
+          background-color: #2980b9;
+      }
+
+      #tray > .passive {
+          -gtk-icon-effect: dim;
+      }
+
+      #tray > .needs-attention {
+          -gtk-icon-effect: highlight;
+          background-color: #eb4d4b;
+      }
+
+      #mpd {
+          background-color: #66cc99;
+          color: #2a5c45;
+      }
+
+      #mpd.disconnected {
+          background-color: #f53c3c;
+      }
+
+      #mpd.stopped {
+          background-color: #90b1b1;
+      }
+
+      #mpd.paused {
+          background-color: #51a37a;
+      }
+    '';
+    # background-color: rgba(0,0,0,0);
+    # border-bottom: 3px solid rgba(100, 114, 125, 0.5);
+
+    #style = ''
+    #'';
+  };
+
+  systemd.user.services.waybar = {
+    Service.Environment = [
+      "DISPLAY=:0"
+    ];
+  };
+}

home/programs/xmonad/xmonad.hs

@@ -168,7 +168,7 @@ myKeys conf@(XConfig {XMonad.modMask = modm}) = M.fromList $
     , ((modm .|. shiftMask , xK_space ),    spawn $ myTerminal ++ " -e tmux")
 
     -- , ((modm               , xK_v ),        spawn "rofi -modi lpass:$HOME/.scripts/rofi/lpass//rofi-lpass -show lpass")
-    , ((modm .|. shiftMask, xK_d     ), viewDropboxStatus)
+    -- , ((modm .|. shiftMask, xK_d     ), viewDropboxStatus)
     ]
 
 termIsOpen :: X Bool

home/programs/yt-dlp.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.yt-dlp.enable = true;
+}

home/programs/zed/default.nix

@@ -1,26 +1,154 @@
-{ config, pkgs, unstable-pkgs, lib, ... }:
+{ pkgs, unstable-pkgs, ... }:
 {
-  home.packages = with unstable-pkgs; [ zed-editor ];
+  programs.zed-editor = {
+    enable = true;
 
-  xdg.configFile."zed/settings.json".source = let
-    format = pkgs.formats.json { };
-  in format.generate "zed-settings.json" {
-    autosave = "off";
-    buffer_font_family = "Fira Code";
-    load_direnv = "shell_hook";
-    format_on_save = "off";
+    package = unstable-pkgs.zed-editor;
 
-    telemetry = {
-      diagnostics = false;
-      metrics = false;
+    userSettings = {
+      load_direnv = "shell_hook";
+      base_keymap = "VSCode";
+
+      autosave = "off";
+      format_on_save = "off";
+      remove_trailing_whitespace_on_save = true;
+
+      tab_size = 2;
+
+      ui_font_family = "Noto Sans";
+      ui_font_size = 18;
+
+      buffer_font_family = "Fira Code";
+      buffer_font_size = 16;
+
+      terminal.font_family = "Fira Code";
+      terminal.font_size = 15;
+
+      file_types = {
+        "Groovy" = [ "Jenkinsfile*" ];
+        "Dockerfile" = [ "Dockerfile*" ];
+        "JSONC" = [ "json5" ];
+      };
+
+      tabs = {
+        file_icons = true;
+        show_close_button = "always";
+        show_diagnostics = "errors";
+      };
+
+      telemetry = {
+        diagnostics = false;
+        metrics = false;
+      };
+
+      diagnostics = {
+        include_warnings = true;
+        inline.enabled = true;
+        update_with_cursor = false;
+        primary_only = false;
+        use_rendered = false;
+      };
+
+      relative_linue_numbers = true;
+
+      vim_mode = true;
+      vim = {
+        toggle_relative_line_numbers = true;
+      };
+
+      theme = {
+        mode = "dark";
+        light = "monokai Classic";
+        dark = "monokai Darker Classic";
+      };
+
+      icon_theme = "Material Icon Theme";
+
+      file_scan_exclusions = [
+        "**/.git"
+        "**/.svn"
+        "**/.hg"
+        "**/.jj"
+        "**/CVS"
+        "**/.DS_Store"
+        "**/Thumbs.db"
+        "**/.classpath"
+        "**/.settings"
+
+        "**/.direnv"
+      ];
+
+      git_status = true;
+      git.inline_blame.enabled = false;
+
+      collaboration_panel.button = false;
+
+      preview_tabs.enable = false;
+
+      indent_guides = {
+        enabled = true;
+        coloring = "indent_aware";
+      };
+
+      features.edit_prediction_provider = "copilot";
+
+      languages = {
+        Nix = {
+          tab_size = 2;
+          format_on_save = "off";
+        };
+      };
+
+      lsp = {
+        rust-analyzer.binary.path_lookup = true;
+        nix.binary.path_lookup = true;
+      };
     };
 
-    vim_mode = true;
+    userKeymaps = [
+      {
+        bindings = {
+          ctrl-b = "workspace::ToggleLeftDock";
+          ctrl-j = "workspace::ToggleBottomDock";
+          ctrl-w = "pane::CloseActiveItem";
+          ctrl-h = "pane::ActivatePreviousItem";
+          ctrl-l = "pane::ActivateNextItem";
+          ctrl-shift-h = "pane::ActivateLastItem";
+          # ctrl-shift-l = "pane::ActivatFirstItem"; # wat?
+          ctrl-shift-o = "workspace::Open";
+        };
+      }
+    ];
 
-    theme = {
-      mod = "dark";
-      dark = "monokai Classic";
-    };
+    extensions = [
+      "assembly-syntax"
+      "basher"
+      "dart"
+      "dart"
+      "dockerfile"
+      "env"
+      "git-firefly"
+      "graphql"
+      "groovy"
+      "html"
+      "ini"
+      "just"
+      "latex"
+      "live-server"
+      "log"
+      "make"
+      "material-icon-theme"
+      "mermaid"
+      "neocmake"
+      "nix"
+      "ocaml"
+      "rainbow-csv"
+      "ruff"
+      "sql"
+      "strace"
+      "toml"
+      "typst"
+    ];
   };
 
   xdg.configFile."zed/themes/monokai.json".source = let
@@ -31,4 +159,10 @@
       hash = "sha256-mlEcgnLStYH1pV3p1iqNSvfVu4MpvpEOc+vxI+90MJs=";
     };
   in "${package}/themes/monokai.json";
+
+  programs.zsh.initExtra = ''
+    if [[ "$ZED_TERM" == "true" && -n "$TMUX_PANE" ]]; then
+      unset TMUX_PANE
+    fi
+  '';
 }

home/programs/zoxide.nix

@@ -0,0 +1,7 @@
+{ config, ... }:
+{
+  programs.zoxide = {
+    enable = true;
+    enableNushellIntegration = config.programs.nushell.enable;
+  };
+}

home/services/dunst.nix

@@ -1,9 +1,9 @@
-{ pkgs, config, ... }:
+{ config, pkgs, lib, machineVars, ... }:
 {
   services.dunst = {
     enable = true;
     iconTheme = {
-      package = pkgs.gnome.adwaita-icon-theme;
+      package = pkgs.adwaita-icon-theme;
       name = "Adwaita";
       size = "32x32";
     };
@@ -13,9 +13,9 @@
         class = "Dunst";
         browser = "${pkgs.xdg-utils}/bin/xdg-open";
 
-        offset = let 
+        offset = lib.mkIf (!machineVars.wayland) (let
           status-bar-height = config.services.polybar.settings."bar/top".height;
-        in "15x${toString (status-bar-height + 10)}";
+        in "15x${toString (status-bar-height + 10)}");
 
         corner_radius = 0;
         font = "Droid Sans 9";
@@ -47,14 +47,14 @@
         background = config.colors.defaultColorSet.background;
         timeout = 4;
       };
-      
+
       urgency_normal = {
         frame_color = config.colors.defaultColorSet.green;
         foreground = config.colors.defaultColorSet.foreground;
         background = config.colors.defaultColorSet.background;
         timeout = 6;
       };
-      
+
       urgency_critical = {
         frame_color = config.colors.defaultColorSet.red;
         foreground = config.colors.defaultColorSet.red;

home/services/fcitx5.nix

@@ -128,9 +128,16 @@ in
     source = "${pkgs.fcitx5-material-color}/share/fcitx5/themes/Material-Color-orange";
   };
 
+  # TODO: set i18n.inputMethod.fcitx5.waylandFrontend on home-manager 25.05
+  home.sessionVariables = {
+    GTK_IM_MODULE = lib.mkForce "";
+    QT_IM_MODULE = lib.mkForce "";
+  };
+
   systemd.user.services.fcitx5-daemon = {
     Service.Restart="on-failure";
     Service.ExecStart = lib.mkForce "${fcitx5Package}/bin/fcitx5";
     Service.ExecReload = "/bin/kill -HUP $MAINPID";
+    Install.Alias = "fcitx5.service";
   };
 }

home/services/gnome-keyring.nix

@@ -0,0 +1,4 @@
+{ machineVars, ... }:
+{
+  services.gnome-keyring.enable = !machineVars.headless;
+}

home/services/keybase.nix

@@ -0,0 +1,5 @@
+{ ... }:
+{
+  services.keybase.enable = true;
+  services.kbfs.enable = true;
+}

home/services/mpd.nix

@@ -1,28 +1,107 @@
-{ config, ... }:
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.mpd;
+  runtimeDir = "/run/user/${toString config.home.uid}/mpd";
+in
 {
-  services.mpd = rec {
+  services.mpd = {
     enable = true;
     musicDirectory = config.xdg.userDirs.music;
-    playlistDirectory = "${musicDirectory}/playlists/MPD";
+    playlistDirectory = "${cfg.musicDirectory}/playlists/MPD";
     network.startWhenNeeded = true;
 
-    # TODO: make the path specific to the user unit
+    autoUpdateDatabase = true;
+
     extraConfig = ''
-      audio_output {
-        type "fifo"
-        name "Visualizer feed"
-        path "/tmp/mpd.fifo"
-        format "44100:16:2"
-      }
+      pid_file "${runtimeDir}/pid"
+
+      zeroconf_enabled "no"
+
+      replaygain "auto"
+
+      restore_paused "yes"
+
+      auto_update "no"
 
       audio_output {
         type "pipewire"
         name "PipeWire Sound Server"
       }
+
+      audio_output {
+        type "fifo"
+        name "Visualizer feed"
+        path "${runtimeDir}/visualizer.fifo"
+        format "44100:16:2"
+      }
+
+      resampler {
+        plugin "soxr"
+        quality "very high"
+      }
+
+      playlist_plugin {
+        name "cue"
+        enabled "true"
+      }
+
+      playlist_plugin {
+        name "m3u"
+        enabled "true"
+      }
+
+      playlist_plugin {
+        name "extm3u"
+        enabled "true"
+      }
+
+      playlist_plugin {
+        name "flac"
+        enabled "true"
+      }
+
+      playlist_plugin {
+        name "rss"
+        enabled "true"
+      }
     '';
   };
 
-  # TODO: disable auto_update and use systemd path to listen for changes
   # TODO: upstream unix socket support to home-manager
+
+  systemd.user.services.mpd = {
+    Unit = {
+      Documentation = [
+        "man:mpd(1)"
+        "man:mpd.conf(5)"
+      ];
+    };
+    Service = {
+      WatchdogSec = 120;
+
+      # for io_uring
+      LimitMEMLOCK = "64M";
+
+      # allow MPD to use real-time priority 40
+      LimitRTPRIO = 40;
+      LimitRTTIME = "infinity";
+
+      PrivateUsers = true;
+      ProtectSystem = true;
+      NoNewPrivileges = true;
+      ProtectKernelTunables = true;
+      ProtectControlGroups = true;
+      RestrictAddressFamilies = [
+        "AF_INET"
+        "AF_UNIX"
+      ];
+      RestrictNamespaces = true;
+      RuntimeDirectory = "mpd";
+    };
+  };
+
+  systemd.user.tmpfiles.rules = [
+    "d ${cfg.dataDir} - ${config.home.username} - - -"
+  ];
 }
 

home/services/mpris-proxy.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  services.mpris-proxy.enable = true;
+}

home/services/network-manager.nix

@@ -0,0 +1,4 @@
+{ machineVars, ... }:
+{
+  services.network-manager-applet.enable = !machineVars.headless;
+}

home/services/nix-channel-update.nix

@@ -25,6 +25,8 @@
     Service = {
       Type = "oneshot";
       ExecStart = "${config.nix.package}/bin/nix-channel --update --verbose";
+      CPUSchedulingPolicy = "idle";
+      IOSchedulingClass = "idle";
     };
   };
 }

home/services/psd.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  services.psd.enable = true;
+}