Add tailscale internal dns entries to all the hosts

Fix lapetus invidous db user
Fix lapetus again
2024-10-11 13:18:05 +02:00 · 2024-10-11 12:44:13 +02:00 · 2024-10-11 12:40:05 +02:00 · 2024-10-11 12:20:59 +02:00 · 2024-10-11 12:16:46 +02:00 · 2024-09-24 06:30:00 +02:00
132 changed files with 3343 additions and 2655 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,26 +1,38 @@
 keys:
  - &users:
-    - &prescientmoon age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
+    - &prescientmoon_tethys age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
+    - &prescientmoon_calypso age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
  - &hosts:
    - &tethys age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
    - &lapetus age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
+    - &calypso age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe
+    - &hermes age1r2vlh9tgdmf6r0xj025zun0cvudn2p6jqav84pql8k928newtepq9ttw8z
 creation_rules:
  - path_regex: hosts/nixos/common/secrets.yaml
    key_groups:
      - age:
-        - *prescientmoon
+        - *prescientmoon_tethys
+        - *prescientmoon_calypso
        - *tethys
        - *lapetus
+        - *calypso
+        - *hermes
  - path_regex: hosts/nixos/lapetus/secrets.yaml
    key_groups:
      - age:
-        - *prescientmoon
+        - *prescientmoon_tethys
+        - *prescientmoon_calypso
        - *lapetus
+        - *hermes
  - path_regex: home/features/desktop/wakatime/secrets.yaml
    key_groups:
      - age:
-        - *prescientmoon
+        - *prescientmoon_tethys
+        - *prescientmoon_calypso
+        - *hermes
  - path_regex: home/features/cli/productivity/secrets.yaml
    key_groups:
      - age:
-        - *prescientmoon
+        - *prescientmoon_tethys
+        - *prescientmoon_calypso
+        - *hermes
--- a/README.md
+++ b/README.md
@ -6,7 +6,7 @@ In case you are not familiar with nix/nixos, this is a collection of configurati

 ## Features this repository includes:

- Sets up all the apps I use — including git, neovim, fish, tmux, starship, hyprland, anyrun, discord, zathura, wezterm & much more.
+- Sets up all the apps I use — including git, neovim, fish, tmux, starship, hyprland, anyrun, discord, zathura, foot & much more.
 - Sets up my entire homelab — including zfs-based [impermanence](https://grahamc.com/blog/erase-your-darlings), automatic let's-encrypt certificates, tailscale, syncthing, vaultwarden, whoogle, pounce, calico, smos, intray, actual & more.
 - Consistent base16 theming using [stylix](https://github.com/danth/stylix)
 - Declarative secret management using [sops-nix](https://github.com/Mic92/sops-nix)
@ -15,11 +15,11 @@ The current state of this repo is a refactor of my old, messy nixos config, base

 ## Hosts

-This repo's structure is based on the concept of hosts - individual machines configured by me. I'm naming each host based on things in space/mythology (_they are the same picture_). The hosts I have right now are:
+This repo's structure is based on separating configuration into individual hosts - different machines configured by me. Each host is named after things in space/mythology (_they are the same picture_). The hosts I have right now are:

- [tethys](./hosts/nixos/tethys/) — my personal laptop
+- [calypso](./hosts/nixos/calypso/) — my personal laptop
+- [tethys](./hosts/nixos/tethys/) — my previous personal laptop
 - [lapetus](./hosts/nixos/lapetus/) — older laptop running as a server
- [euporie](./hosts/nixos/euporie/) — barebones host for testing things insdie a VM
 - enceladus — my android phone. Although not configured using nix, this name gets referenced in some places

 ## File structure
@ -28,6 +28,7 @@ This repo's structure is based on the concept of hosts - individual machines con
 | ---------------------------- | --------------------------------------------------- |
 | [common](./common)           | Configuration loaded on both nixos and home-manager |
 | [devshells](./devshells)     | Nix shells                                          |
+| [dns](./dns)                 | Directory for parts of my octodns nix-based wrapper |
 | [docs](./docs)               | Additional documentation regarding my setup         |
 | [home](./home)               | Home manager configurations                         |
 | [hosts/nixos](./hosts/nixos) | Nixos configurations                                |
@ -59,7 +60,8 @@ Here's some things you might want to check out:
 - [Impernanence](https://github.com/nix-community/impermanence) — see the article about [erasing your darlings](https://grahamc.com/blog/erase-your-darlings)
 - [Sops-nix](https://github.com/Mic92/sops-nix) — secret management
 - [disko](https://github.com/nix-community/disko) — format disks using nix
-  - [zfs](https://openzfs.org/wiki/Main_Page) — filesystem
+  - [zfs](https://openzfs.org/wiki/Main_Page) — filesystem (on my server)
+  - [btrfs](https://btrfs.readthedocs.io/en/latest/) — filesystem (on my laptop)

 ### Input handling

@ -72,6 +74,7 @@ Here's some things you might want to check out:
  - [Base16 templates](https://github.com/chriskempson/base16-templates-source) — list of base16 theme templates
  - [Catpuccin](https://github.com/catppuccin/catppuccin) — base16 theme I use
  - [Rosepine](https://rosepinetheme.com/) — another theme I use
+  - [Gruvbox](https://github.com/morhetz/gruvbox) — yet another theme I use
 - [Hyprland](https://hyprland.org/) — wayland compositor
  - [Wlogout](https://github.com/ArtsyMacaw/wlogout) — wayland logout menu
  - [Hyprpicker](https://github.com/hyprwm/hyprpicker) — hyprland color picker
@ -79,7 +82,7 @@ Here's some things you might want to check out:
  - [Dunst](https://dunst-project.org/) — notification daemon
  - [Wlsunset](https://sr.ht/~kennylevinsen/wlsunset/) — day/night screen gamma adjustments
  - [Anyrun](https://github.com/Kirottu/anyrun) — program launcher
- [Wezterm](https://wezfurlong.org/wezterm/) — terminal emulator
+- [Foot](https://codeberg.org/dnkl/foot) — terminal emulator
 - [Zathura](https://pwmt.org/projects/zathura/) — pdf viewer
 - [Firefox](https://www.mozilla.org/en-US/firefox/) — web browser
 - [Tesseract](https://github.com/tesseract-ocr/tesseract) — OCR engine
@ -132,8 +135,10 @@ Most services are served over [tailscale](https://tailscale.com/), using certifi

 ## Hall of fame

-Includes links to stuff which used to be in the previous section but is not used anymore. Only created this section in June 2023, so stuff I used earlier might not be here. Sorted with the most recently dropped things at the top.
+This section contains links to things which used to be in the previous section but are not used anymore. This section was created in June 2023, hence stuff I dropped earlier might not be here. Moreover, this list is sorted with the most recently dropped things at the top, as a sort of reverse-timeline.

+- [htop](https://htop.dev/) — I switched to [bottom](https://github.com/ClementTsang/bottom), as the interface felt way cleaner
+- [Wezterm](https://github.com/wez/wezterm) — I switched to [Foot](https://codeberg.org/dnkl/foot), as wezterm was laggy, unstable, and kept breaking between releases
 - [Ranger](https://github.com/ranger/ranger) — I switched to [Yazi](https://github.com/sxyazi/yazi)
 - [firenvim](https://glacambre/firenvim) - the concept is cool, but I found the whole thing pretty annoying at times
 - [venn.nvim](https://jbyuki/venn.nvim) — the concept is cool, but I would use it about once a year
--- a/common/fonts.nix
+++ b/common/fonts.nix
@ -1,13 +1,24 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
  stylix.fonts = {
    # monospace = { name = "Iosevka"; package = pkgs.iosevka; };
-    monospace = { name = "Cascadia Code"; package = pkgs.cascadia-code; };
-    sansSerif = { name = "CMUSansSerif"; package = pkgs.cm_unicode; };
-    serif = { name = "CMUSerif-Roman"; package = pkgs.cm_unicode; };
+    monospace = {
+      name = "Cascadia Code";
+      package = pkgs.cascadia-code;
+    };
+    sansSerif = {
+      name = "CMUSansSerif";
+      package = pkgs.cm_unicode;
+    };
+    serif = {
+      name = "CMUSerif-Roman";
+      package = pkgs.cm_unicode;
+    };

    sizes = {
-      desktop = 13;
-      applications = 15;
+      desktop = 15;
+      applications = 17;
+      terminal = 25;
    };
  };
 }
--- a/common/themes/default.nix
+++ b/common/themes/default.nix
@ -13,23 +13,23 @@ let
    # {{{ Catppuccin mocha
    catppuccin-mocha = {
      stylix = {
-        image = ./wallpapers/breaking_phos.jpg;
+        image = ./wallpapers/purplecliffs.jpg;
        base16Scheme = base16 "catppuccin-mocha";
        opacity = transparency 0.7;
        polarity = "dark";
      };
-      satellite.rounding.radius = 8.0;
+      satellite.rounding.radius = 8;
    };
    # }}}
    # {{{ Catppuccin latte
    catppuccin-latte = {
      stylix = {
-        image = ./wallpapers/field_diamond.jpg;
+        image = ./wallpapers/needygirloverdose.jpg;
        base16Scheme = base16 "catppuccin-latte";
        opacity = transparency 0.7;
        polarity = "light";
      };
-      satellite.rounding.radius = 8.0;
+      satellite.rounding.radius = 8;
    };
    # }}}
    # {{{ Catppuccin macchiato
@ -40,7 +40,7 @@ let
        opacity = transparency 0.7;
        polarity = "dark";
      };
-      satellite.rounding.radius = 8.0;
+      satellite.rounding.radius = 8;
    };
    # }}}
    # {{{ Rosepine dawn
@ -61,12 +61,12 @@ let
        opacity = transparency 0.7;
        polarity = "light";
      };
-      satellite.rounding.radius = 8.0;
+      satellite.rounding.radius = 8;

      # For this one, I went with a big size, which means the blur just adds a slight gradient to the backgrounds.
      satellite.blur = {
        brightness = 1.05;
-        size = 25.0;
+        size = 25;
      };
    };
    # }}}
@ -78,21 +78,23 @@ let
        opacity = transparency 0.7;
        polarity = "dark";
      };
-      satellite.rounding.radius = 8.0;
+      satellite.rounding.radius = 8;
    };
    # }}}
  };

  # Select your current theme here!
-  currentTheme = themes.gruvbox-light;
+  currentTheme = themes.catppuccin-mocha;
 in
 {
  # We apply the current theme here.
  # The rest is handled by the respective modules!
-  imports = [{
+  imports = [
+    {
      stylix = currentTheme.stylix;
      satellite.theming = currentTheme.satellite;
-  }];
+    }
+  ];

  # Requires me to manually turn targets on!
  stylix.autoEnable = false;
--- a/common/themes/wallpapers/purplecliffs.jpg
+++ b/common/themes/wallpapers/purplecliffs.jpg
--- a/devshells/default.nix
+++ b/devshells/default.nix
@ -1,9 +1,9 @@
 args: {
  haskell = import ./haskell.nix args;
+  lua = import ./lua.nix args;
  purescript = import ./purescript.nix args;
  rwtw = import ./rwtw.nix args;
  typst = import ./typst.nix args;
-  lua = import ./lua.nix args;
+  web = import ./web.nix args;
  bootstrap = import ./bootstrap/shell.nix args;
 }
-
--- a/devshells/web.nix
+++ b/devshells/web.nix
@ -0,0 +1,7 @@
+{ pkgs, ... }:
+pkgs.mkShell {
+  packages = with pkgs; [
+    typescript
+    nodejs
+  ];
+}
--- a/dns/common.nix
+++ b/dns/common.nix
@ -2,14 +2,19 @@
 { lib, ... }:
 let
  # {{{ Github pages helper
-  ghPage = at: [{
-    inherit at; type = "CNAME";
+  ghPage = at: [
+    {
+      inherit at;
+      type = "CNAME";
      value = "prescientmoon.github.io.";
-  }];
+    }
+  ];
  # }}}
  # {{{ Migadu mail DNS setup
-  migaduMail = at: verifyKey:
-    let atPrefix = prefix: if at == "" then prefix else "${prefix}.${at}";
+  migaduMail =
+    at: verifyKey:
+    let
+      atPrefix = prefix: if at == "" then prefix else "${prefix}.${at}";
    in
    [
      {
@ -61,8 +66,8 @@ let
        ttl = 600;
      }
    ];
-  # }}}
 in
+# }}}
 {
  satellite.dns.domain = "moonythm.dev";
  satellite.dns.records = lib.flatten [
--- a/dns/pkgs.nix
+++ b/dns/pkgs.nix
@ -1,4 +1,4 @@
-{ pkgs, self, system, ... }: rec {
+{ pkgs, self, ... }: rec {
  octodns-zones =
    let
      nixosConfigModules = pkgs.lib.mapAttrsToList
@ -19,7 +19,7 @@
  octodns-sync =
    pkgs.symlinkJoin {
      name = "octodns-sync";
-      paths = [ self.packages.${system}.octodns ];
+      paths = [ self.packages.${pkgs.system}.octodns ];
      buildInputs = [ pkgs.makeWrapper pkgs.yq ];
      postBuild = ''
        cat ${./octodns.yaml} | yq '.providers.zones.directory="${octodns-zones}"' > $out/config.yaml
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@ -4,7 +4,7 @@
  # {{{ Inputs
  inputs = {
    # {{{ Nixpkgs instances
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
    # }}}
    # {{{ Additional package repositories
@ -23,7 +23,7 @@
    disko.inputs.nixpkgs.follows = "nixpkgs";
    # }}}

-    home-manager.url = "github:nix-community/home-manager/release-23.11";
+    home-manager.url = "github:nix-community/home-manager/release-24.05";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";

    nix-index-database.url = "github:Mic92/nix-index-database";
@ -33,9 +33,6 @@
    sops-nix.inputs.nixpkgs.follows = "nixpkgs";

    korora.url = "github:adisbladis/korora";
-
-    nixos-dns.url = "github:Janik-Haag/nixos-dns";
-    nixos-dns.inputs.nixpkgs.follows = "nixpkgs";
    # }}}
    # {{{ Standalone software
    # {{{ Nightly versions of things
@ -45,15 +42,11 @@
    # {{{ Self management
    # Smos
    smos.url = "github:NorfairKing/smos";
-    smos.inputs.nixpkgs.url = "github:NixOS/nixpkgs/b8dd8be3c790215716e7c12b247f45ca525867e2";
-    # REASON: smos fails to build this way
-    # smos.inputs.nixpkgs.follows = "nixpkgs";
-    # smos.inputs.home-manager.follows = "home-manager";
+    # smos.inputs.nixpkgs.url = "github:NixOS/nixpkgs/b8dd8be3c790215716e7c12b247f45ca525867e2";

    # Intray
    intray.url = "github:NorfairKing/intray";
-    intray.inputs.nixpkgs.url = "github:NixOS/nixpkgs/cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7";
-    # intray.inputs.home-manager.follows = "home-manager";
+    # intray.inputs.nixpkgs.url = "github:NixOS/nixpkgs/fc07dc3bdf2956ddd64f24612ea7fc894933eb2e";
    # }}}

    anyrun.url = "github:Kirottu/anyrun";
@ -67,7 +60,7 @@
    spicetify-nix.inputs.nixpkgs.follows = "nixpkgs";
    # }}}
    # {{{ Theming
-    darkmatter-grub-theme.url = gitlab:VandalByte/darkmatter-grub-theme;
+    darkmatter-grub-theme.url = "gitlab:VandalByte/darkmatter-grub-theme";
    darkmatter-grub-theme.inputs.nixpkgs.follows = "nixpkgs";

    stylix.url = "github:danth/stylix/a33d88cf8f75446f166f2ff4f810a389feed2d56";
@ -80,49 +73,54 @@
  };
  # }}}

-  outputs = { self, nixpkgs, home-manager, ... }@inputs:
+  outputs =
+    {
+      self,
+      nixpkgs,
+      home-manager,
+      ...
+    }@inputs:
    let
      # {{{ Common helpers
      inherit (self) outputs;
-      forAllSystems = nixpkgs.lib.genAttrs [
-        # "aarch64-linux" TODO: purescript doesn't work on this one
-        "x86_64-linux"
-        "aarch64-darwin"
-        "x86_64-darwin"
-      ];
+      forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" ];

      specialArgs = system: {
        inherit inputs outputs;

        upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
      };
-      # }}}
    in
+    # }}}
    {
      # {{{ Packages
      # Accessible through 'nix build', 'nix shell', etc
-      packages = forAllSystems
-        (system:
+      packages = forAllSystems (
+        system:
        let
          pkgs = nixpkgs.legacyPackages.${system};
          upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
          myPkgs = import ./pkgs { inherit pkgs upkgs; };
        in
-          myPkgs // {
-            octodns = upkgs.octodns.withProviders
-              (ps: [ myPkgs.octodns-cloudflare ]);
-          } // (import ./dns/pkgs.nix) { inherit pkgs self system; }
+        myPkgs
+        // {
+          octodns = upkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]);
+        }
+        // (import ./dns/pkgs.nix) { inherit pkgs self system; }
      );
      # }}}
      # {{{ Bootstrapping and other pinned devshells
      # Accessible through 'nix develop'
-      devShells = forAllSystems
-        (system:
+      devShells = forAllSystems (
+        system:
        let
          pkgs = nixpkgs.legacyPackages.${system};
-            args = { inherit pkgs; } // specialArgs system;
+          args = {
+            inherit pkgs;
+          } // specialArgs system;
        in
-          import ./devshells args);
+        import ./devshells args
+      );
      # }}}
      # {{{ Overlays and modules
      # Custom packages and modifications, exported as overlays
@ -138,20 +136,35 @@
      # NixOS configuration entrypoint
      # Available through 'nixos-rebuild --flake .#...
      nixosConfigurations =
-        let nixos = { system, hostname }: nixpkgs.lib.nixosSystem {
+        let
+          nixos =
+            { system, hostname }:
+            nixpkgs.lib.nixosSystem {
              inherit system;
              specialArgs = specialArgs system;

              modules = [
+                # {{{ Import home manager
+                (
+                  { lib, ... }:
+                  {
+                    imports = lib.lists.optionals (builtins.pathExists ./home/${hostname}.nix) [
                      home-manager.nixosModules.home-manager
                      {
-              home-manager.users.pilot = import ./home/${hostname}.nix;
-              home-manager.extraSpecialArgs = specialArgs system // { inherit hostname; };
+                        home-manager.users.pilot = ./home/${hostname}.nix;
+                        home-manager.extraSpecialArgs = specialArgs system // {
+                          inherit hostname;
+                        };
                        home-manager.useUserPackages = true;
+                        home-manager.backupFileExtension = "hm-backup";

                        stylix.homeManagerIntegration.followSystem = false;
                        stylix.homeManagerIntegration.autoImport = false;
                      }
+                    ];
+                  }
+                )
+                # }}}

                ./hosts/nixos/${hostname}
              ];
@ -168,14 +181,15 @@
            hostname = "lapetus";
          };

-          # Disabled because `flake check` complains about filesystems and bootloader
-          # options not being set. This is not an issue in practice, as this config is
-          # supposed to be used inside a VM, but there's not much I can do about it.
-          # euporie = nixos {
-          #   system = "x86_64-linux";
-          #   hostname = "euporie";
-          # };
+          calypso = nixos {
+            system = "x86_64-linux";
+            hostname = "calypso";
+          };

+          iso = nixos {
+            system = "x86_64-linux";
+            hostname = "iso";
+          };
        };
      # }}}
    };
--- a/home/calypso.nix
+++ b/home/calypso.nix
@ -0,0 +1,75 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ./global.nix
+
+    ./features/cli/catgirl.nix
+    ./features/cli/lazygit.nix
+    ./features/cli/nix-index.nix
+    ./features/cli/productivity
+    ./features/cli/zellij.nix
+    ./features/desktop/discord
+    ./features/desktop/edopro.nix
+    ./features/desktop/firefox
+    ./features/desktop/foot.nix
+    ./features/desktop/obsidian.nix
+    ./features/desktop/spotify.nix
+    ./features/desktop/steam.nix
+    ./features/desktop/zathura.nix
+    ./features/wayland/hyprland
+    ./features/neovim
+  ];
+
+  # Arbitrary extra packages
+  home.packages = with pkgs; [
+    # {{{ Communication
+    # signal-desktop # Signal client
+    # element-desktop # Matrix client
+    # zoom-us # Zoom client 🤮
+    whatsapp-for-linux
+    # }}}
+    # {{{ Editors for different formats
+    gimp # Image editing
+    # lmms # Music software
+    # kicad # PCB editing
+    # libreoffice # Free office suite
+    # }}}
+    # {{{ Gaming
+    # wine # Windows compat layer or whatever
+    lutris # Game launcher
+    # }}}
+    # {{{ Clis
+    sops # Secret editing
+    # sherlock # Search for usernames across different websites
+    # }}}
+    # {{{ Misc
+    bitwarden # Password-manager
+    qbittorrent # Torrent client
+    # google-chrome # Not my primary browser, but sometimes needed in webdev
+    # plover.dev # steno engine
+    overskride # Bluetooth client
+    # }}}
+    # {{{ Media playing/recording
+    mpv # Video player
+    imv # Image viewer
+    peek # GIF recorder
+    obs-studio # video recorder
+    # }}}
+  ];
+
+  home.username = "moon";
+  home.stateVersion = "24.05";
+
+  satellite = {
+    # Symlink some commonly modified dotfiles outside the nix store
+    dev.enable = true;
+
+    monitors = [
+      {
+        name = "eDP-1";
+        width = 1920;
+        height = 1200;
+      }
+    ];
+  };
+}
--- a/home/euporie.nix
+++ b/home/euporie.nix
@ -1,11 +0,0 @@
-{
-  imports = [
-    ./global.nix
-    ./features/wayland/hyprland
-  ];
-
-  # Set up my custom imperanence wrapper
-  satellite.persistence = {
-    enable = true;
-  };
-}
--- a/home/features/cli/default.nix
+++ b/home/features/cli/default.nix
@ -1,10 +1,10 @@
-{ pkgs, inputs, ... }: {
+{ pkgs, ... }:
+{
  imports = [
    ./scripts
    ./eza.nix
    ./bat.nix
    ./ssh.nix
-    ./gpg.nix
    ./git.nix
    ./starship.nix
    ./direnv.nix
--- a/home/features/cli/fish/config.fish
+++ b/home/features/cli/fish/config.fish
@ -12,7 +12,6 @@ set fish_cursor_insert line # Set the insert mode cursor to a line
 set fish_cursor_replace_one underscore # Set the replace mode cursor to an underscore

 # Force fish to skip some checks (I think?)
-# TODO: research why this is here
 set fish_vi_force_cursor
 # }}}
 # {{{ Disable greeting
--- a/home/features/cli/fish/default.nix
+++ b/home/features/cli/fish/default.nix
@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 let
  repaint = "commandline -f repaint";
  fishKeybinds = {
@ -7,7 +12,6 @@ let
    # C-z to return to background process
    "\\cz" = "fg && ${repaint}";
    # C-y to yank current command
-    # TODO: make this work in xorg as well
    "\\cy" = "wl-copy \$(commandline)";
    # C-e to launch $EDITOR
    "\\ce" = "$EDITOR";
@ -21,8 +25,10 @@ let
    "\\e\\[70\\;5u" = ''nvim +":lua require('mini.files').open()"'';
  };

-  mkKeybind = key: value:
-    let escaped = lib.escapeShellArg value;
+  mkKeybind =
+    key: value:
+    let
+      escaped = lib.escapeShellArg value;
    in
    ''
      bind -M default ${key} ${escaped}
@ -35,13 +41,9 @@ in
    enable = true;
    defaultOptions = [ "--no-scrollbar" ];

-    changeDirWidgetOptions = [
-      "--preview '${lib.getExe pkgs.eza} --icons --tree --color=always {}'"
-    ];
+    changeDirWidgetOptions = [ "--preview '${lib.getExe pkgs.eza} --icons --tree --color=always {}'" ];

-    fileWidgetOptions = [
-      "--preview '${lib.getExe pkgs.bat} --number --color=always {}'"
-    ];
+    fileWidgetOptions = [ "--preview '${lib.getExe pkgs.bat} --number --color=always {}'" ];
  };

  stylix.targets.fzf.enable = true;
@ -66,26 +68,20 @@ in
      let
        plugins = with pkgs.fishPlugins; [
          z # Jump to directories by typing "z <directory-name>"
-          grc # Adds color to a bunch of built in commands
          done # Trigger a notification when long commands finish execution
          puffer # Text expansion (i.e. expanding .... to ../../../)
          sponge # Remove failed commands and whatnot from history
-          forgit # Git tui thingy? (I'm still trying this one out)
-          colored-man-pages # Self explainatory:)
+          colored-man-pages
        ];
      in
      # For some reason home-manager expects a slightly different format 🤔
-      lib.forEach plugins
-        (plugin: {
+      lib.forEach plugins (plugin: {
        name = plugin.pname;
        inherit (plugin) src;
      });
    # }}}
  };

-  # I sometimes get errors about `grc` being missing, so I gave up and added it here.
-  home.packages = [ pkgs.grc ];
-
  satellite.persistence.at.state.apps.fish.directories = [
    "${config.xdg.dataHome}/fish"
    "${config.xdg.dataHome}/z" # The z fish plugin requires this
--- a/home/features/cli/git.nix
+++ b/home/features/cli/git.nix
@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ config, pkgs, ... }:
+{
  home.packages = [ pkgs.josh ]; # Just One Single History

  # TODO: use `delta` as a pager, as highlighted here
@ -48,6 +49,18 @@
      init.defaultBranch = "main";
      rebase.autoStash = true;

+      push.default = "current";
+      push.autoSetupRemote = true;
+
+      #  {{{ URL rewriting
+      url."git@github.com:".insteadOf = [
+        # Normalize GitHub URLs to SSH to avoid authentication issues with HTTPS.
+        # "https://github.com/"
+
+        # Allows typing `git clone github:owner/repo`.
+        "github:"
+      ];
+      #  }}}
      # {{{ Signing
      # Sign commits using ssh
      gpg.format = "ssh";
@ -65,5 +78,7 @@
    enable = true;
    settings.git_protocol = "ssh";
  };
+
+  satellite.persistence.at.state.apps.gh.files = [ "${config.xdg.configHome}/gh/hosts.yml" ];
  # }}}
 }
--- a/home/features/cli/gpg.nix
+++ b/home/features/cli/gpg.nix
@ -1,20 +1,11 @@
 { pkgs, config, ... }:
-let
-  pinentry =
-    if config.gtk.enable then {
-      packages = [ pkgs.pinentry-gnome pkgs.gcr ];
-      name = "gnome3";
-    } else {
-      packages = [ pkgs.pinentry-curses ];
-      name = "curses";
-    };
-in
 {
-  home.packages = pinentry.packages;
-
  services.gpg-agent = {
    enable = true;
-    pinentryFlavor = pinentry.name;
+    pinentryPackage =
+      if config.gtk.enable
+      then pkgs.pinentry-gnome3
+      else pkgs.pinentry-curses;
  };

  programs.gpg.enable = true;
--- a/home/features/cli/lazygit.nix
+++ b/home/features/cli/lazygit.nix
@ -1,9 +1,12 @@
-{ config, ... }: {
+{ config, ... }:
+{
  programs.lazygit = {
    enable = true;
-    settings.promptToReturnFromSubprocess = false;
+    settings = {
+      promptToReturnFromSubprocess = false;
+      disableStartupPopups = true;
+    };
  };

-  satellite.persistence.at.state.apps.lazygit.directories =
-    [ "${config.xdg.configHome}/lazygit" ];
+  satellite.persistence.at.state.apps.lazygit.directories = [ "${config.xdg.configHome}/lazygit" ];
 }
--- a/home/features/cli/pass.nix
+++ b/home/features/cli/pass.nix
@ -1,19 +0,0 @@
-# I use bitwarden as my main password manager.
-#
-# This currently acts as a simple local libsecret store.
-{ pkgs, config, lib, ... }:
-let storePath = "${config.home.homeDirectory}/.password-store";
-in
-{
-  programs.password-store = {
-    enable = true;
-    settings.PASSWORD_STORE_DIR = storePath;
-  };
-
-  services.pass-secret-service = {
-    inherit storePath;
-    enable = true;
-  };
-
-  satellite.persistence.at.data.apps.pass.directories = [ storePath ];
-}
--- a/home/features/cli/productivity/default.nix
+++ b/home/features/cli/productivity/default.nix
@ -1,3 +1,7 @@
 {
-  imports = [ ./smos ./intray.nix ./mail.nix ];
+  imports = [
+    ./smos
+    # ./intray.nix
+    ./mail.nix
+  ];
 }
--- a/home/features/cli/productivity/intray.nix
+++ b/home/features/cli/productivity/intray.nix
@ -1,8 +1,12 @@
-{ config, ... }: {
+{ config, inputs, pkgs, ... }: {
  sops.secrets.intray_password.sopsFile = ./secrets.yaml;

  programs.intray = {
    enable = true;
+
+    # We don't want to use the statically-linked binary, as it requires pulling-in ghc-musl.
+    intray-cli = inputs.intray.packages.${pkgs.system}.default.intray-cli;
+
    data-dir = "${config.satellite.persistence.at.state.home}/intray";
    cache-dir = "${config.satellite.persistence.at.cache.home}/intray";
    config.sync = "AlwaysSync";
--- a/home/features/cli/productivity/mail.nix
+++ b/home/features/cli/productivity/mail.nix
@ -1,4 +1,5 @@
-{ config, ... }: {
+{ config, ... }:
+{
  sops.secrets.moonythm_mail_pass.sopsFile = ./secrets.yaml;

  programs.msmtp.enable = true;
@ -61,7 +62,13 @@
      neomutt = {
        enable = true;
        sendMailCommand = "msmtpq --read-envelope-from --read-recipients";
-        extraMailboxes = [ "Archive" "Drafts" "Junk" "Sent" "Trash" ];
+        extraMailboxes = [
+          "Archive"
+          "Drafts"
+          "Junk"
+          "Sent"
+          "Trash"
+        ];
      };
      # }}}
      # {{{ Aerc
@ -94,28 +101,40 @@
    binds = [
      # {{{ Toggle sidebar
      {
-        map = [ "index" "pager" ];
+        map = [
+          "index"
+          "pager"
+        ];
        key = "B";
        action = "sidebar-toggle-visible";
      }
      # }}}
      # {{{ Highlight previous sidebar item
      {
-        map = [ "index" "pager" ];
+        map = [
+          "index"
+          "pager"
+        ];
        key = "\\CK";
        action = "sidebar-prev";
      }
      # }}}
      # {{{ Highlight next sidebar item
      {
-        map = [ "index" "pager" ];
+        map = [
+          "index"
+          "pager"
+        ];
        key = "\\CJ";
        action = "sidebar-next";
      }
      # }}}
      # {{{ Open highlighted sidebar item
      {
-        map = [ "index" "pager" ];
+        map = [
+          "index"
+          "pager"
+        ];
        key = "\\CO";
        action = "sidebar-open";
      }
@ -334,7 +353,11 @@
        exec = "neomutt %U";
        icon = "mutt";
        terminal = true;
-        categories = [ "Network" "Email" "ConsoleOnly" ];
+        categories = [
+          "Network"
+          "Email"
+          "ConsoleOnly"
+        ];
        type = "Application";
        mimeType = [ "x-scheme-handler/mailto" ];
      };
@ -346,9 +369,7 @@
  # }}}
  # }}}
  # {{{ Storage & persistence
-  accounts.email.maildirBasePath = "${config.home.homeDirectory}/maildir";
-  satellite.persistence.at.data.apps.mail.directories = [
-    config.accounts.email.maildirBasePath
-  ];
+  accounts.email.maildirBasePath = "${config.xdg.dataHome}/maildir";
+  satellite.persistence.at.data.apps.mail.directories = [ config.accounts.email.maildirBasePath ];
  # }}}
 }
--- a/home/features/cli/productivity/secrets.yaml
+++ b/home/features/cli/productivity/secrets.yaml
@ -12,11 +12,29 @@ sops:
        - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwYkx3eWhxZUpTRVR3R1R4
-            Vm9hMTVsbXBnU0tFU093amU3TTNjalhsVHdvCmZURElTY2Q0eTQvR3M1V3AzTVl4
-            VkR2NXRHR2FiTURqNUp5Y3VDWFQ1UjgKLS0tIEVlRWs3YUFaZzdvd1Q5bmFwazJi
-            Y2E3bmM1TkZoOEN0anJqYUNSQUN5ZDAKtobUBBKbfaUeiPtKN4/oTNaxY3C2joCK
-            8h4FlRLXd+CGnAyjN2p4FliWzLgmOg4HFNmZSmYLpIh4E9yqadNSSg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4K0dLRllmN01KWmVjNlRM
+            Rm55Zi84TDUyRUtnblJBb1V6eU5vaTV0Q2pNCkpVSzdLazJLTCsvV1dyUkhtRHhX
+            SUlRZGRkZlNNUWZpTXBNQkl2M1hQaVkKLS0tIDFGaldzOEoreVJFdFErVTZRb0RY
+            cU52ejJoMUtJMzNnRnJDVWhQWndMbkUKGHyGoSQXUC+aZLLx8dNlccHiMorzPWL1
+            RL46DTu0MyigwefWoiPc2Xw0HRX4mYTsZol9Pavs7jy/zlBuJjed2g==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBESDl4L1VxQzBGSmVnM1pQ
+            aWJERXZqeDUyM0lEQlpsanRqVUtYaWJUUXgwCjhqZFhvR3ZYZVVBVzl5NUptNHBC
+            elhDM05ycFc3RTVlK1VuRmRNWlYwRk0KLS0tIEtDeGtEUElncEsrQ2hueFpQZ3dM
+            YkQ3bzA2SzAwL1FYU2E3Um5aejVlOVkK0EXDFQaN588aFSF9HhifOpK3h6nEW7ag
+            IfFgVxXkD8h7ZF8xnhFoRYVIAffkOqk6POCFLZcEjpIOGwRplHPqYA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1r2vlh9tgdmf6r0xj025zun0cvudn2p6jqav84pql8k928newtepq9ttw8z
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwREJTeFd2RVV5Y1JHSE5Y
+            Qm1RWE9WRlNtakUydGlUdW9BZU5zOTlnUFZRCkZqZDNpNE4wckNsejh6dFdSTUdP
+            cWhveUNlMlNlZTdhU3c3U0UzUDZhUDAKLS0tIFAyeEpTb3Y3VDFrM1cyYkdQZGtq
+            a3Vzak1qM2lGUWFUS2lPa1loY0tkM0UKF9IGvrJM8BdivLQBnetZz2OeH6FCNaCZ
+            JeqqJXM96LKzPBCXxFqclpoPgy8zUb1yNpKg3CRUroC7VO0tBG3KJg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-02-12T23:55:37Z"
    mac: ENC[AES256_GCM,data:RvJMumDJ2S8JgHwRLG/jhyj1a/ekBmjbzFFk7+6hrDg1/Zi8UzzATLEsEBUhX0X4vlqHBUxv4r61SQEroCl5GXBst+Wtac/zxMGIKm5PDH92HccjJhi4aftGP22PHlYCEOis7+D/Vw7W8ovRCFpEYVxxslxibCIo9RuUf8vDE94=,iv:kavw38JSPem1eChO+ntLwLFt6bAJT1rd8s00nmHNzGY=,tag:QuncWa50NvpLqMZGS0F9ug==,type:str]
--- a/home/features/cli/productivity/smos/default.nix
+++ b/home/features/cli/productivity/smos/default.nix
@ -1,5 +1,11 @@
-{ config, pkgs, ... }:
-let workflowDir = "${config.home.homeDirectory}/productivity/smos";
+{
+  config,
+  pkgs,
+  inputs,
+  ...
+}:
+let
+  workflowDir = "${config.xdg.dataHome}/smos/workflow";
 in
 {
  sops.secrets.smos_password.sopsFile = ../secrets.yaml;
@ -8,6 +14,9 @@ in
  programs.smos = {
    inherit workflowDir;

+    # We don't want to use the statically-linked binary, as it requires pulling-in ghc-musl.
+    smosReleasePackages = inputs.smos.packages.${pkgs.system}.default;
+
    enable = true;
    notify.enable = true;

@ -29,9 +38,7 @@ in
  };
  # }}}
  # {{{ Storage & secrets
-  satellite.persistence.at.data.apps.smos.directories = [
-    config.programs.smos.workflowDir
-  ];
+  satellite.persistence.at.data.apps.smos.directories = [ config.programs.smos.workflowDir ];

  sops.secrets.smos_github_token = {
    sopsFile = ../secrets.yaml;
@ -45,9 +52,11 @@ in
    type = "Application";
    terminal = false;
    icon = ../../../../../common/icons/smos.svg;
-    exec = builtins.toString (pkgs.writeShellScript "smostui" ''
-      wezterm start --class "org.wezfurlong.wezterm.smos" --cwd ${workflowDir} smos
-    '');
+    exec = builtins.toString (
+      pkgs.writeShellScript "smostui" ''
+        foot -a Smos -D ${workflowDir} smos
+      ''
+    );
  };
  # }}}
 }
--- a/home/features/cli/ssh.nix
+++ b/home/features/cli/ssh.nix
@ -1,10 +1,9 @@
-{ config, ... }: {
+{ pkgs, lib, ... }:
+{
  programs.ssh.enable = true;
-
  satellite.persistence.at.state.apps.ssh.directories = [ ".ssh" ];

-  # Makes it easy to copy ssh keys at install time without messing up permissions
-  systemd.user.tmpfiles.rules = [
-    "d ${config.satellite.persistence.at.state.home}/ssh/.ssh/etc/ssh"
-  ];
+  # This allows me to push/pull to my forgejo server via SSH.
+  # See the docs for more details: https://developers.cloudflare.com/cloudflare-one/tutorials/gitlab/#configuring-ssh
+  programs.ssh.matchBlocks."ssh.git.moonythm.dev".proxyCommand = "${lib.getExe pkgs.cloudflared} access ssh --hostname %h";
 }
--- a/home/features/cli/zellij.nix
+++ b/home/features/cli/zellij.nix
@ -0,0 +1,4 @@
+{
+  programs.zellij.enable = true;
+  stylix.targets.zellij.enable = true;
+}
--- a/home/features/desktop/default.nix
+++ b/home/features/desktop/default.nix
@ -1,6 +1,6 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
  imports = [
-    ./wezterm # terminal
    ./dunst.nix # notifaction handler
  ];

@ -9,9 +9,13 @@

  # Use a base16 theme for gtk apps!
  stylix.targets.gtk.enable = true;
+  gtk.enable = true;

  gtk.iconTheme = {
    package = pkgs.papirus-icon-theme;
    name = "Papirus";
  };
+
+  # Bigger text in qt apps
+  home.sessionVariables.QT_SCREEN_SCALE_FACTORS = 1.4;
 }
--- a/home/features/desktop/discord/default.nix
+++ b/home/features/desktop/discord/default.nix
@ -1,36 +1,35 @@
 { config, pkgs, ... }:
 let
-  themeMap = pkgs.callPackage (import ./themes.nix) { };
-
-  # REASON: newer discord versions don't work with the one in nixpkgs
-  discocss = pkgs.discocss.overrideAttrs (old: rec {
-    version = "unstable-2023-09-02";
-    src = pkgs.fetchFromGitHub {
-      owner = "bddvlpr";
-      repo = "discocss";
-      rev = "37f1520bc90822b35e60baa9036df7a05f43fab8";
-      sha256 = "1559mxmc0ppl4jxvdzszphysp1j31k2hm93qv7yz87xn9j0z2m04";
-    };
-  });
 in
+# themeMap = pkgs.callPackage (import ./themes.nix) { };
+# REASON: newer discord versions don't work with the one in nixpkgs
+# discocss = pkgs.discocss.overrideAttrs (old: rec {
+#   version = "unstable-2023-09-02";
+#   src = pkgs.fetchFromGitHub {
+#     owner = "bddvlpr";
+#     repo = "discocss";
+#     rev = "37f1520bc90822b35e60baa9036df7a05f43fab8";
+#     sha256 = "1559mxmc0ppl4jxvdzszphysp1j31k2hm93qv7yz87xn9j0z2m04";
+#   };
+# });
+# vencord = pkgs.discord.override { withVencord = true; };
 {
  programs.discord = {
    enable = true;
    disableUpdateCheck = true;
    enableDevtools = true;
+    package = pkgs.vesktop;
  };

-  home.packages = [ discocss ];
-  xdg.configFile."discocss/custom.css".source = config.satellite.theming.get themeMap;
+  # xdg.configFile."discocss/custom.css".source = config.satellite.theming.get themeMap;

  # {{{ Storage
  # Clean cache older than 10 days
-  systemd.user.tmpfiles.rules = [
-    "d ${config.xdg.configHome}/discord/Cache/Cache_Data - - - 10d"
-  ];
+  systemd.user.tmpfiles.rules = [ "d ${config.xdg.configHome}/discord/Cache/Cache_Data - - - 10d" ];

  satellite.persistence.at.state.apps.discord.directories = [
    "${config.xdg.configHome}/discord" # Why tf does discord store it's state here 💀
+    "${config.xdg.configHome}/vesktop"
  ];
  # }}}
 }
--- a/home/features/desktop/discord/themes.nix
+++ b/home/features/desktop/discord/themes.nix
@ -2,19 +2,19 @@
 lib.fix (self: {
  "Catppuccin Mocha" = fetchurl {
    url = "https://catppuccin.github.io/discord/dist/catppuccin-mocha.theme.css";
-    sha256 = "01j5xhzpy3a68qlrzchzclj7mnxj106bwxq2vyvxw7fd2n3zn96b";
+    sha256 = "0y9vha3gb48yid65r2zfkc6l021j1s8mlac3klkbksla9gqnd9wr";
  };
  "Catppuccin Frappe" = fetchurl {
    url = "https://catppuccin.github.io/discord/dist/catppuccin-frappe.theme.css";
-    sha256 = "037jr133zw04sslkl1hdspkqqb40c3a7hcs72lzjlimaqhnxd044";
+    sha256 = "19kmmydkbpig14ql6zn0vqzlfykm6qg7r317vwjzq9dg092lflam";
  };
  "Catppuccin Latte" = fetchurl {
    url = "https://catppuccin.github.io/discord/dist/catppuccin-latte.theme.css";
-    sha256 = "1bijp2ysm7ifah6xqz95ag4hi7k7r0s9c8jz0s5a4b00k59qd6qc";
+    sha256 = "0lm1mzflyxmzpsyfkbcd1v7d1xp5i683yc6npbsm12z4hqn2smf6";
  };
  "Catppuccin Macchiato" = fetchurl {
    url = "https://catppuccin.github.io/discord/dist/catppuccin-macchiato.theme.css";
-    sha256 = "1ggw9iyn7d7z0sv784kgmxbf94xvwn2cnkd8g08xzy5c17gky6ln";
+    sha256 = "01zd5zf9b4a2kkwnkpzg37g1macan6201wyi7zj2crsbxy8b7j6k";
  };
  default.dark = self."Catppuccin Macchiato";
  default.light = self."Catppuccin Latte";
--- a/home/features/desktop/edopro.nix
+++ b/home/features/desktop/edopro.nix
@ -0,0 +1,32 @@
+# EDOPro is a fanmade Yu-Gi-Oh! simulator.
+# I am installing the game the traditional way, and
+# adding a desktop entry which runs it via `steam-run`.
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  persistState = config.satellite.persistence.at.state.home;
+  installPath = "${persistState}/yugioh/.local/share/edopro";
+  launchScript = pkgs.writeShellScript "start-edopro" ''
+    ${lib.getExe pkgs.steam-run} ${installPath}/EDOPro
+  '';
+in
+{
+  # This is a nix-ified version of the .desktop file EDOPro comes with.
+  xdg.desktopEntries.edopro = {
+    name = "EDOPro";
+    type = "Application";
+    comment = "The bleeding-edge automatic duel simulator";
+    icon = "${installPath}/textures/AppIcon.png";
+    categories = [ "Game" ];
+
+    settings.StartupWMClass = "EDOPro";
+    settings.Path = installPath;
+
+    terminal = false;
+    exec = builtins.toString launchScript;
+  };
+}
--- a/home/features/desktop/firefox/default.nix
+++ b/home/features/desktop/firefox/default.nix
@ -1,4 +1,10 @@
-{ config, lib, pkgs, inputs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}:
 let
  # {{{ Global extensions
  extensions = with inputs.firefox-addons.packages.${pkgs.system}; [
@ -23,8 +29,8 @@ let
    unpaywall
    user-agent-string-switcher
  ];
-  # }}}
 in
+# }}}
 {
  programs.firefox = {
    enable = true;
@ -66,7 +72,8 @@ in
      # {{{ Extensions
      extensions =
        with inputs.firefox-addons.packages.${pkgs.system};
-        with lib.lists; flatten [
+        with lib.lists;
+        flatten [
          extensions
          # List of profile-specific extensions
          [
@ -91,80 +98,134 @@ in
      search.engines =
        let
          # {{{ Search engine creation helpers
-          mkBasicSearchEngine = { aliases, url, param, icon ? null }: {
-            urls = [{
+          mkBasicSearchEngine =
+            {
+              aliases,
+              url,
+              param,
+              icon ? null,
+            }:
+            {
+              urls = [
+                {
                  template = url;
                  params = [
-                { name = param; value = "{searchTerms}"; }
+                    {
+                      name = param;
+                      value = "{searchTerms}";
+                    }
+                  ];
+                }
              ];
-            }];

              definedAliases = aliases;
-          } // (if icon == null then { } else { inherit icon; });
+            }
+            // (if icon == null then { } else { inherit icon; });

-          mkNixPackagesEngine = { aliases, type }:
-            mkBasicSearchEngine
-              {
+          mkNixPackagesEngine =
+            { aliases, type }:
+            mkBasicSearchEngine {
              aliases = aliases;
              url = "https://search.nixos.org/${type}";
              param = "query";
              icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
            };
-          # }}}
        in
+        # }}}
        # {{{ Engine declarations
        {
          "Nix Packages" = mkNixPackagesEngine {
-            aliases = [ "@np" "@nix-packages" ];
+            aliases = [
+              "@np"
+              "@nix-packages"
+            ];
            type = "packages";
          };

          "Nix options" = mkNixPackagesEngine {
-            aliases = [ "@no" "@nix-options" ];
+            aliases = [
+              "@no"
+              "@nix-options"
+            ];
            type = "options";
          };

+          "Home-manager options" = mkBasicSearchEngine {
+            aliases = [
+              "@hm"
+              "@home-manager"
+            ];
+            param = "query";
+            url = "https://home-manager-options.extranix.com";
+          };
+
          "Pursuit" = mkBasicSearchEngine {
            url = "https://pursuit.purescript.org/search";
            param = "q";
-            aliases = [ "@ps" "@pursuit" ];
+            aliases = [
+              "@ps"
+              "@pursuit"
+            ];
          };

          "Hoogle" = mkBasicSearchEngine {
            url = "https://hoogle.haskell.org";
            param = "hoogle";
-            aliases = [ "@hg" "@hoogle" ];
+            aliases = [
+              "@hg"
+              "@hoogle"
+            ];
+          };

+          "NPM" = mkBasicSearchEngine {
+            url = "https://www.npmjs.com/search";
+            param = "q";
+            aliases = [ "@npm" ];
          };

          "Wikipedia" = mkBasicSearchEngine {
            url = "https://en.wikipedia.org/wiki/Special:Search";
            param = "search";
-            aliases = [ "@wk" "@wikipedia" ];
+            aliases = [
+              "@wk"
+              "@wikipedia"
+            ];
          };

          "Github" = mkBasicSearchEngine {
            url = "https://github.com/search";
            param = "q";
-            aliases = [ "@gh" "@github" ];
+            aliases = [
+              "@gh"
+              "@github"
+            ];
          };

          "Invidious" = mkBasicSearchEngine {
            url = "https://yt.moonythm.dev/results";
            param = "search_query";
-            aliases = [ "@yt" "@invidious" ];
+            aliases = [
+              "@yt"
+              "@invidious"
+            ];
          };

          "Youtube" = mkBasicSearchEngine {
            url = "https://www.youtube.com/results";
            param = "search_query";
-            aliases = [ "@gyt" "@youtube" ];
+            aliases = [
+              "@gyt"
+              "@youtube"
+            ];
          };

          "Arcaea wiki" = mkBasicSearchEngine {
            url = "https://arcaea.fandom.com/wiki/Special:Search?scope=internal&navigationSearch=true";
            param = "query";
-            aliases = [ "@ae" "@arcaea" ];
+            aliases = [
+              "@ae"
+              "@arcaea"
+            ];
          };

          "Noita wiki" = mkBasicSearchEngine {
@ -176,31 +237,46 @@ in
          "Rain world wiki" = mkBasicSearchEngine {
            url = "https://rainworld.miraheze.org/w/index.php";
            param = "search";
-            aliases = [ "@rw" "@rain-world" ];
+            aliases = [
+              "@rw"
+              "@rain-world"
+            ];
          };

          "Arch wiki" = mkBasicSearchEngine {
            url = "https://wiki.archlinux.org/index.php";
            param = "search";
-            aliases = [ "@aw" "@arch-wiki" ];
+            aliases = [
+              "@aw"
+              "@arch-wiki"
+            ];
          };

          "Factorio wiki" = mkBasicSearchEngine {
            url = "https://wiki.factorio.com/index.php";
            param = "search";
-            aliases = [ "@fw" "@factorio-wiki" ];
+            aliases = [
+              "@fw"
+              "@factorio-wiki"
+            ];
          };

          "Factorio mod portal" = mkBasicSearchEngine {
            url = "https://mods.factorio.com/";
            param = "query";
-            aliases = [ "@fm" "@factorio-mods" ];
+            aliases = [
+              "@fm"
+              "@factorio-mods"
+            ];
          };

          "Moonythm" = mkBasicSearchEngine {
            url = "https://search.moonythm.dev/search";
            param = "q";
-            aliases = [ "@m" "@moonythm" ];
+            aliases = [
+              "@m"
+              "@moonythm"
+            ];
            icon = ../../../../common/icons/whoogle.webp;
          };

@ -225,6 +301,12 @@ in
        # Do not paste with middle mouse click
        "middlemouse.paste" = false;

+        # Do not include "switch to [tab]" in search results
+        "browser.urlbar.suggest.openpage" = false;
+
+        # Disable shortcut for quitting :)
+        "browser.quitShortcut.disabled" = true;
+
        # Inspired by https://github.com/TLATER/dotfiles/blob/b39af91fbd13d338559a05d69f56c5a97f8c905d/home-config/config/graphical-applications/firefox.nix
        # {{{ Performance settings
        "gfx.webrender.all" = true; # Force enable GPU acceleration
@ -232,15 +314,12 @@ in
        "widget.dmabuf.force-enabled" = true; # Required in recent Firefoxes
        # }}}
        # {{{ New tab page
-        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" =
-          false;
-        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" =
-          false;
+        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
+        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false;
        "browser.newtabpage.activity-stream.feeds.snippets" = false;
        "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned" = "";
        "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines" = "";
-        "browser.newtabpage.activity-stream.section.highlights.includePocket" =
-          false;
+        "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
        "browser.newtabpage.activity-stream.showSponsored" = false;
        "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
        "browser.newtabpage.pinned" = false;
@ -266,15 +345,9 @@ in
        # with tiling WMs on wayland
        "privacy.webrtc.legacyGlobalIndicator" = false;

-        # Do not include "switch to [tab]" in search results
-        "browser.urlbar.suggest.openpage" = false;
-
        # Hide random popup: https://forums.linuxmint.com/viewtopic.php?t=379164
        "browser.protections_panel.infoMessage.seen" = true;

-        # Disable shortcut for quitting :)
-        "browser.quitShortcut.disabled" = true;
-
        # Do not show dialog for getting panes in the addons menu (?)
        # http://kb.mozillazine.org/Extensions.getAddons.showPane
        "extensions.getAddons.showPane" = false;
@ -288,7 +361,6 @@ in
    # {{{ Standalone "apps" which actually run inside a browser.
    apps.extensions = extensions;
    apps.app = {
-      # TODO: auto increment ids
      # {{{ Desmos
      desmos = {
        url = "https://www.desmos.com/calculator";
@ -305,23 +377,18 @@ in
        id = 2;
      };
      # }}}
-      # {{{ Syncthing
-      syncthing = {
-        url = "http://localhost:8384/";
-        icon = ../../../../common/icons/syncthing.png;
-        displayName = "Syncthing";
-        id = 3;
-      };
-      # }}}
    };
    # }}}
  };

-  # TODO: uncomment when using newer version
-  # stylix.targets.firefox = {
-  #   enable = true;
-  #   profileNames = [ config.home.username "desmos" "monkey-type" "syncthing" ];
-  # };
+  stylix.targets.firefox = {
+    enable = true;
+    profileNames = [
+      config.home.username
+      "desmos"
+      "monkey-type"
+    ];
+  };

  # {{{ Make firefox the default
  # Use firefox as the default browser to open stuff.
@ -345,4 +412,3 @@ in
  ];
  # }}}
 }
-
--- a/home/features/desktop/foot.nix
+++ b/home/features/desktop/foot.nix
@ -0,0 +1,4 @@
+{
+  programs.foot.enable = true;
+  stylix.targets.foot.enable = true;
+}
--- a/home/features/desktop/obsidian.nix
+++ b/home/features/desktop/obsidian.nix
@ -1,4 +1,5 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, ... }:
+{
  home.packages = [ pkgs.obsidian ];

  # Start nvim with a custom class so our WM can move it to the correct workspace
@ -8,10 +9,13 @@
    icon = "obsidian";
    terminal = false;
    exec =
-      let vaultDir = "${config.xdg.userDirs.extraConfig.XDG_PROJECTS_DIR}/stellar-sanctum";
+      let
+        vaultDir = "${config.xdg.userDirs.extraConfig.XDG_PROJECTS_DIR}/stellar-sanctum";
      in
-      builtins.toString (pkgs.writeShellScript "obsidiantui" ''
-        wezterm start --class "org.wezfurlong.wezterm.obsidian" --cwd ${vaultDir} nvim
-      '');
+      builtins.toString (
+        pkgs.writeShellScript "obsidiantui" ''
+          foot -a Obsidian -D ${vaultDir} nvim
+        ''
+      );
  };
 }
--- a/home/features/desktop/steam.nix
+++ b/home/features/desktop/steam.nix
@ -0,0 +1,11 @@
+{ config, ... }:
+{
+  # {{{ Persistence
+  satellite.persistence.at.state.apps.steam = {
+    directories = [
+      ".factorio"
+      "${config.xdg.dataHome}/Steam"
+    ];
+  };
+  # }}}
+}
--- a/home/features/desktop/wakatime/secrets.yaml
+++ b/home/features/desktop/wakatime/secrets.yaml
@ -8,11 +8,29 @@ sops:
        - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDR0RmdFIxNFJpQTdGYXlq
-            bkZrNktMaFlrOEZtSXh6Y1l6NTN0REN6N2dnCmNMRUk2TXA3RWhtZVlnbTg2aE00
-            eFVwejBTcWRaTUhGWFFIS1RlVkhhQ28KLS0tIEdWWGRWSDZOQW9pQkdCRFFncTM2
-            cURjWFplY1pyMzY4a0h6cTRLS2I2ZW8KqGtYjCsdriSWdKhC+kGBAMSY9WVDL3tE
-            oMxyhrgDMtWndZEGv1+J3XLLmatDKmEcJO2k0CXZlCWWj17O4Rm+eA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCQmNWek1JWm50dmVQVmtY
+            Ym5uYjYxaEY0dHVZM0dITUFnb0JsZGR2VjFzCkZLakEvZmJMdVAvRjY1eXRpQ0U5
+            RXBUVWtURE9RNmNSWHEyVkIrQWQrTU0KLS0tIEY3ZnhOV05ISWhxMC9NYXMrdFVp
+            MjNlb0FpL3dWWmtuSytaaFZHNXVDemsKVfHCSL/CpMV/VJ0XMC1h1DwR+htkF0WK
+            7n/ZYH40DdC6fQZCawe5B6taINT/Uy5BO4d9+iv85Tth7O3hE4R/vQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtbW5qNkN6MTFaYmdBNmpT
+            RUdTd2daeC9pbi9LS29XUTI4QmxPZTBUYmpjCldrODUxdDJ0SXIwZ0FoNmtJY29s
+            UG0yaGdTL1pQR2E5M3F6SEp0LytSTHMKLS0tIDlFVlliK2hqRDhrSjJDNnJvcVdz
+            YnFydm1weVJ3SEpYNFVvOFloMzc5L3MKOjE6uywYz3RPrlgpr7op8GhIVeakx+H2
+            0r3GqFfDNSdxLzH/NMCusQbNs6eGPNz9kWUD7W6sRyqYLV7VBJhlOw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1r2vlh9tgdmf6r0xj025zun0cvudn2p6jqav84pql8k928newtepq9ttw8z
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUjdLMnRYaUczUStHeVJW
+            SkNvdHJHenZic2tmdWcybWRBUXc4YmYrNmpvCnZiM1pnWjV1LytmSklrTVZTZFBw
+            Q01FbUNkQU1WTjRuMGpRWFM5OStDWUUKLS0tIE5vN1ZNa0hROStMZEhNMUZwSUM2
+            QnpZVVdodTJ4WlF4NHZYNHp1YUkxN0EKssvr7DQliEqMJc6SZ2lCDBKcpEea6hNG
+            kgnqFZE+c6kBC7vr3pwd5V8VJAetqk+yTU+4rqS3RWoHvUJkvHrmzw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-05-09T13:00:44Z"
    mac: ENC[AES256_GCM,data:pvcHe28Vnv/Trq84YwQjDKNiITdX5HbdRaLtoq0gzVGzuN9VL5GtufQN+rtZY3RLFDdEt6qeJe4ichVSK88S0VUEsc5CtsvR1QR59aZ20dsiELI6a9qyOLlCJCP80J9XWCe3Gr93v7AoelKdpPFo2BcRL7TNbkYxJC9t0JienSY=,iv:PtIH5IeCA7SmgekT8hs9p0kXtg4xrivhOz3HWG9UpTA=,tag:1B+POnrhCXFP/WsrfOnn3w==,type:str]
--- a/home/features/desktop/wezterm/default.nix
+++ b/home/features/desktop/wezterm/default.nix
@ -1,10 +0,0 @@
-{ inputs, upkgs, config, ... }: {
-  home.packages = [ upkgs.wezterm ];
-
-  xdg.configFile."wezterm/nix".source =
-    config.satellite.lib.lua.writeFile
-      "." "colorscheme"
-      "return ${config.satellite.colorscheme.lua}";
-  xdg.configFile."wezterm/wezterm.lua".source =
-    config.satellite.dev.path "home/features/desktop/wezterm/wezterm.lua";
-}
--- a/home/features/desktop/wezterm/wezterm.lua
+++ b/home/features/desktop/wezterm/wezterm.lua
@ -1,182 +0,0 @@
-- {{{ Import stuff & create config object
-local wezterm = require("wezterm")
-local colorscheme = require("nix.colorscheme") -- injected by nix!
-
-- This table will hold the configuration.
-local config = {}
-
-- In newer versions of wezterm, use the config_builder which will
-- help provide clearer error messages
-if wezterm.config_builder then
-  config = wezterm.config_builder()
-end
-- }}}
-
-local font_size = 20.0
-
-- {{{ Theming
-local themeMap = {
-  ["Gruvbox light, soft"] = "Gruvbox light, soft (base16)",
-  ["Gruvbox dark, soft"] = "Gruvbox dark, soft (base16)",
-}
-
-config.color_scheme = themeMap[colorscheme.name]
-config.colors = {}
-- config.colors = wezterm.color.load_base16_scheme(colorscheme.source)
-
-- {{{ Window frame
-config.window_frame = {
-  font = wezterm.font({ family = colorscheme.fonts.sansSerif }),
-  font_size = font_size - 3,
-  active_titlebar_bg = "none",
-  inactive_titlebar_bg = "none",
-}
-
-config.window_padding = {
-  left = "1cell",
-  right = "1cell",
-  top = "0.4cell",
-  bottom = "0.4cell",
-}
-- }}}
-- {{{ Tab bar colors
-config.colors.tab_bar = {
-  background = "none",
-  active_tab = {
-    bg_color = colorscheme.transparency.terminal.base00,
-    fg_color = colorscheme.base05,
-  },
-  inactive_tab = {
-    bg_color = "none",
-    fg_color = colorscheme.base05,
-  },
-  inactive_tab_hover = {
-    bg_color = colorscheme.base00,
-    fg_color = colorscheme.base05,
-  },
-  new_tab = {
-    bg_color = colorscheme.base02,
-    fg_color = colorscheme.base05,
-  },
-  new_tab_hover = {
-    bg_color = colorscheme.base02,
-    fg_color = colorscheme.base05,
-    italic = true,
-  },
-
-  -- The color of the inactive tab bar edge/divider
-  inactive_tab_edge = "none",
-}
-- }}}
-- {{{ Other visual things
-config.window_background_opacity = colorscheme.transparency.terminal.value
-- }}}
-- }}}
-- {{{ Main config options
-config.automatically_reload_config = true
-config.warn_about_missing_glyphs = false
-config.check_for_updates = false
-
-- {{{ Fonts
-config.adjust_window_size_when_changing_font_size = false -- Makes it work with fixed window sizes.
-config.font_size = font_size
-config.font = wezterm.font(colorscheme.fonts.monospace)
-- }}}
-- {{{ Tab bar
-config.tab_bar_at_bottom = false
-config.use_fancy_tab_bar = true
-config.hide_tab_bar_if_only_one_tab = true
-config.show_tab_index_in_tab_bar = false
-config.show_new_tab_button_in_tab_bar = false
-- }}}
-- {{{ Keycodes
-config.disable_default_key_bindings = false
-- config.enable_kitty_keyboard = true -- Let's apps recognise more distinct keys
-config.enable_csi_u_key_encoding = true -- For some reason I need this for all keybinds to work inside neovim.
-- }}}
-- }}}
-- {{{ Keybinds
-local function unmap(key, mods)
-  return {
-    key = key,
-    mods = mods,
-    action = wezterm.action.DisableDefaultAssignment,
-  }
-end
-
-local function bind_if(cond, key, mods, action)
-  local function callback(win, pane)
-    if cond(pane) then
-      win:perform_action(action, pane)
-    else
-      win:perform_action(
-        wezterm.action.SendKey({ key = key, mods = mods }),
-        pane
-      )
-    end
-  end
-
-  return { key = key, mods = mods, action = wezterm.action_callback(callback) }
-end
-
-- {{{ Detect nvim processes
-local function is_inside_vim(pane)
-  local tty = pane:get_tty_name()
-  if tty == nil then
-    return false
-  end
-
-  local success, _, _ = wezterm.run_child_process({
-    "sh",
-    "-c",
-    "ps -o state= -o comm= -t"
-      .. wezterm.shell_quote_arg(tty)
-      .. " | "
-      .. "grep -iqE '^[^TXZ ]+ +(\\S+\\/)?g?(view|l?n?vim?x?)(diff)?$'",
-  })
-
-  return success
-end
-
-local function is_outside_vim(pane)
-  return not is_inside_vim(pane)
-end
-- }}}
-
-config.keys = {
-  -- {{{ Disable certain default keybinds
-  unmap("f", "CTRL|SHIFT"),
-  unmap("w", "CTRL|SHIFT"),
-  unmap("Enter", "ALT"),
-  -- }}}
-  -- {{{ Nvim nevigation keybinds
-  bind_if(
-    is_outside_vim,
-    "h",
-    "CTRL",
-    wezterm.action.ActivatePaneDirection("Left")
-  ),
-  bind_if(
-    is_outside_vim,
-    "j",
-    "CTRL",
-    wezterm.action.ActivatePaneDirection("Down")
-  ),
-  bind_if(
-    is_outside_vim,
-    "k",
-    "CTRL",
-    wezterm.action.ActivatePaneDirection("Up")
-  ),
-  bind_if(
-    is_outside_vim,
-    "l",
-    "CTRL",
-    wezterm.action.ActivatePaneDirection("Right")
-  ),
-  -- }}}
-}
-- }}}
-
-- and finally, return the configuration to wezterm
-return config
--- a/home/features/desktop/zathura.nix
+++ b/home/features/desktop/zathura.nix
@ -67,7 +67,6 @@
      set statusbar-bg '${base00}'
      # }}}
      # {{{ Highlighting parts of the document (e.g. show search results)
-      # TODO: make sure these look fine on other schemes
      set highlight-color '${base03}'
      set highlight-active-color '${base06}'
      # }}}
@ -88,9 +87,10 @@

  home.shellAliases.pdf = "zathura --fork";

+  # Make zathura the default app for opening pdfs.
+  xdg.mimeApps.defaultApplications."application/pdf" = [ "org.pwmt.zathura.desktop" ];
+
  # {{{ Persistence
-  satellite.persistence.at.state.apps.zathura.directories = [
-    "${config.xdg.dataHome}/zathura"
-  ];
+  satellite.persistence.at.state.apps.zathura.directories = [ "${config.xdg.dataHome}/zathura" ];
  # }}}
 }
--- a/home/features/neovim/config/init.lua
+++ b/home/features/neovim/config/init.lua
@ -8,3 +8,5 @@ local nix = require("nix")
 tempest.configureMany(nix.pre)
 require("my.lazy").setup()
 tempest.configureMany(nix.post)
+
+require("my.helpers.folding").setup()
--- a/home/features/neovim/config/lazy-lock.json
+++ b/home/features/neovim/config/lazy-lock.json
@ -1,58 +1,57 @@
 {
-  "clipboard-image": { "branch": "main", "commit": "485de5493d196154db30f85665f8ac480ce116a2" },
-  "cmp": { "branch": "main", "commit": "04e0ca376d6abdbfc8b52180f8ea236cbfddf782" },
+  "catppuccin": { "branch": "main", "commit": "4fd72a9ab64b393c2c22b168508fd244877fec96" },
+  "clipboard-image": { "branch": "main", "commit": "4ab6f7f1fa4ea97866c0e0f6160f6a36ef174438" },
+  "cmp": { "branch": "main", "commit": "7e348da6e5085ac447144a2ef4b637220ba27209" },
  "cmp-buffer": { "branch": "main", "commit": "3022dbc9166796b644a841a02de8dd1cc1d311fa" },
-  "cmp-cmdline": { "branch": "main", "commit": "8ee981b4a91f536f52add291594e89fb6645e451" },
-  "cmp-emoji": { "branch": "main", "commit": "19075c36d5820253d32e2478b6aaf3734aeaafa0" },
-  "cmp-nvim-lsp": { "branch": "main", "commit": "5af77f54de1b16c34b23cba810150689a3a90312" },
+  "cmp-cmdline": { "branch": "main", "commit": "d250c63aa13ead745e3a40f61fdd3470efde3923" },
+  "cmp-emoji": { "branch": "main", "commit": "e8398e2adf512a03bb4e1728ca017ffeac670a9f" },
+  "cmp-nvim-lsp": { "branch": "main", "commit": "39e2eda76828d88b773cc27a3f61d2ad782c922d" },
  "cmp-path": { "branch": "main", "commit": "91ff86cd9c29299a64f968ebb45846c485725f23" },
  "cmp_luasnip": { "branch": "master", "commit": "05a9ab28b53f71d1aece421ef32fee2cb857a843" },
-  "conform": { "branch": "master", "commit": "192a6d2ddace343f1840a8f72efe2315bd392243" },
-  "crates": { "branch": "main", "commit": "ec2b04a380c9f3a8e6ca38c230e4990d71978143" },
+  "conform": { "branch": "master", "commit": "cd75be867f2331b22905f47d28c0c270a69466aa" },
+  "crates": { "branch": "main", "commit": "c3fd47391de6999f4c939af89494d08443f71916" },
  "discord-rich-presence": { "branch": "main", "commit": "87c857a56b7703f976d3a5ef15967d80508df6e6" },
-  "dressing": { "branch": "master", "commit": "6f212262061a2120e42da0d1e87326e8a41c0478" },
+  "dressing": { "branch": "master", "commit": "6741f1062d3dc6e4755367a7e9b347b553623f04" },
  "fidget": { "branch": "main", "commit": "0ba1e16d07627532b6cae915cc992ecac249fb97" },
-  "flash": { "branch": "main", "commit": "48817af25f51c0590653bbc290866e4890fe1cbe" },
+  "flash": { "branch": "main", "commit": "d0799ae43a581d9f190e182e2a1f389d2887c42a" },
  "ftft": { "branch": "master", "commit": "f3e43c9584e14b27f04c27a95a9d9f0e58dfec02" },
-  "github-actions": { "branch": "master", "commit": "f2f16243447cea174daa6b4a9ffd3ff9213814ef" },
+  "github-actions": { "branch": "master", "commit": "728374ef59b11a5f5991ea2560d149a4ae33fd22" },
  "gitlinker": { "branch": "master", "commit": "cc59f732f3d043b626c8702cb725c82e54d35c25" },
-  "gitsigns": { "branch": "main", "commit": "2c2463dbd82eddd7dbab881c3a62cfbfbe3c67ae" },
-  "gruvbox": { "branch": "main", "commit": "6e4027ae957cddf7b193adfaec4a8f9e03b4555f" },
  "harpoon": { "branch": "master", "commit": "ccae1b9bec717ae284906b0bf83d720e59d12b91" },
  "haskell-tools": { "branch": "master", "commit": "92e097c6832405fb64e4c44a7ce8bebe7836cae6" },
  "hyprland": { "branch": "main", "commit": "71760fe0cad972070657b0528f48456f7e0027b2" },
  "idris": { "branch": "main", "commit": "8bff02984a33264437e70fd9fff4359679d910da" },
-  "inc-rename": { "branch": "main", "commit": "6f9b5f9cb237e12935144cdc535322b8c93c1b25" },
-  "indent-blankline": { "branch": "master", "commit": "821a7acd88587d966f7e464b0b3031dfe7f5680c" },
+  "indent-blankline": { "branch": "master", "commit": "65e20ab94a26d0e14acac5049b8641336819dfc7" },
  "lastplace": { "branch": "main", "commit": "0bb6103c506315044872e0f84b1f736c4172bb20" },
-  "lean": { "branch": "main", "commit": "1a2a2dfbc7e6775e9ec8b84e5eadaf31fde1894e" },
+  "lean": { "branch": "main", "commit": "182703184edb866d7bfe878be358295e189c8223" },
  "live-command": { "branch": "main", "commit": "d460067d47948725a6f25b20f31ea8bbfdfe4622" },
-  "lspconfig": { "branch": "master", "commit": "16295b79410f131c4fa7870c663b4ace6a761fb2" },
+  "lspconfig": { "branch": "master", "commit": "216deb2d1b5fbf24398919228208649bbf5cbadf" },
  "lspkind.nvim": { "branch": "master", "commit": "1735dd5a5054c1fb7feaf8e8658dbab925f4f0cf" },
-  "luasnip": { "branch": "master", "commit": "8ae1dedd988eb56441b7858bd1e8554dfadaa46d" },
-  "mini.ai": { "branch": "main", "commit": "98e45e6832351354e41e82b32a80ce7537c20746" },
-  "mini.comment": { "branch": "main", "commit": "a4b7e46deb9ad2feb8902cc5dbf087eced112ee5" },
-  "mini.files": { "branch": "main", "commit": "eab771c69b787a3f042dc6505d15613c282aa786" },
-  "mini.operators": { "branch": "main", "commit": "0765e4818086e96b8fb55d280e47af781a5bc56a" },
-  "mini.pairs": { "branch": "main", "commit": "04f58f2545ed80ac3b52dd4826e93f33e15b2af6" },
-  "mini.statusline": { "branch": "main", "commit": "dfd3d2ba295473930f78f143852b9b53eb54ae2a" },
-  "mini.surround": { "branch": "main", "commit": "a1b590cc3b676512de507328d6bbab5e43794720" },
+  "luasnip": { "branch": "master", "commit": "03c8e67eb7293c404845b3982db895d59c0d1538" },
+  "mini.ai": { "branch": "main", "commit": "45587078f323eaf41b9f701bbc04f8d1ab008979" },
+  "mini.comment": { "branch": "main", "commit": "080f00bb91fea4bab799820bd2ce835a88d0703a" },
+  "mini.files": { "branch": "main", "commit": "acfc4e46f6722a0690ce640632c5b5515ddade70" },
+  "mini.operators": { "branch": "main", "commit": "7d30c0bc5baaa1f0d3a63dd18b35c8581bc164f4" },
+  "mini.pairs": { "branch": "main", "commit": "927d19cbdd0e752ab1c7eed87072e71d2cd6ff51" },
+  "mini.statusline": { "branch": "main", "commit": "ec7e2c509c7262fef85a28a772f60ebe146297db" },
+  "mini.surround": { "branch": "main", "commit": "57caca9525cec0ea771a67326b0ee637d056078a" },
  "navigator": { "branch": "master", "commit": "91d86506ac2a039504d5205d32a1d4bc7aa57072" },
-  "neoconf": { "branch": "main", "commit": "4ef6c6c5882e7e16209173fb8c47414202843384" },
-  "neodev": { "branch": "main", "commit": "84e0290f5600e8b89c0dfcafc864f45496a53400" },
-  "nui": { "branch": "main", "commit": "c3c7fd618dcb5a89e443a2e1033e7d11fdb0596b" },
+  "neoconf": { "branch": "main", "commit": "23f24edab5f78465a0bc3320678e038664b9aa6e" },
+  "neodev": { "branch": "main", "commit": "46aa467dca16cf3dfe27098042402066d2ae242d" },
+  "neotest": { "branch": "master", "commit": "6d6ad113f56edc7c3f2a77a0836ea8c1b955ebea" },
+  "neotest-haskell": { "branch": "master", "commit": "10cd953fb7c81de82ce8dc618e0614e0ab5fa1e3" },
+  "nui": { "branch": "main", "commit": "61574ce6e60c815b0a0c4b5655b8486ba58089a1" },
  "null-ls": { "branch": "main", "commit": "0010ea927ab7c09ef0ce9bf28c2b573fc302f5a7" },
-  "plenary": { "branch": "master", "commit": "4f71c0c4a196ceb656c824a70792f3df3ce6bb6d" },
+  "nvim-nio": { "branch": "master", "commit": "a428f309119086dc78dd4b19306d2d67be884eee" },
+  "plenary": { "branch": "master", "commit": "a3e3bc82a3f95c5ed0d7201546d5d2c19b20d683" },
  "purescript": { "branch": "main", "commit": "82348352e6568fcc0385bd7c99a8ead3a479feea" },
-  "rust-tools": { "branch": "master", "commit": "676187908a1ce35ffcd727c654ed68d851299d3e" },
+  "rustacean": { "branch": "master", "commit": "5c0c44149e43b907dae2e0fe053284ad56226eb7" },
  "rzip": { "branch": "master", "commit": "f65400fed27b27c7cff7ef8d428c4e5ff749bf28" },
  "scrap": { "branch": "main", "commit": "cc8453ed613932c744c3d1ec42f379b78bd8b92c" },
-  "ssr": { "branch": "main", "commit": "bb323ba621ac647b4ac5638b47666e3ef3c279e1" },
-  "telescope": { "branch": "master", "commit": "d90956833d7c27e73c621a61f20b29fdb7122709" },
-  "treesitter": { "branch": "master", "commit": "19bf991be2403c10fa379fa0fb11b7de2560ac31" },
-  "typst": { "branch": "main", "commit": "e28d440c7ba4df2516d7d7f908c4fb664a8cf86c" },
-  "undotree": { "branch": "master", "commit": "9dbbf3b7d19dda0d22ceca461818e4739ad8154d" },
-  "wakatime": { "branch": "master", "commit": "285c2e4e48fb0c63ced233c00fb10a2edb3b6c94" },
-  "web-devicons": { "branch": "master", "commit": "14ac5887110b06b89a96881d534230dac3ed134d" },
-  "which-key.nvim": { "branch": "main", "commit": "4433e5ec9a507e5097571ed55c02ea9658fb268a" }
+  "telescope": { "branch": "master", "commit": "a0bbec21143c7bc5f8bb02e0005fa0b982edc026" },
+  "typst": { "branch": "main", "commit": "4d18ced62599ffe5b3c0e5e49566d5456121bc02" },
+  "undotree": { "branch": "master", "commit": "56c684a805fe948936cda0d1b19505b84ad7e065" },
+  "wakatime": { "branch": "master", "commit": "3cb40867cb5a3120f9bef76eff88edc7f1dc1a23" },
+  "web-devicons": { "branch": "master", "commit": "c0cfc1738361b5da1cd0a962dd6f774cc444f856" },
+  "which-key.nvim": { "branch": "main", "commit": "c77cda8cd2f54965e4316699f1d124a2b3bf9d49" }
 }
--- a/home/features/neovim/config/lua/my/helpers/folding.lua
+++ b/home/features/neovim/config/lua/my/helpers/folding.lua
@ -0,0 +1,23 @@
+local M = {}
+
+local function createFold(name)
+  local commentstring = vim.o.commentstring
+  local start_comment = string.gsub(commentstring, "%%s", " {{{ " .. name)
+  local end_comment = string.gsub(commentstring, "%%s", " }}}")
+
+  -- Leave visual mode
+  local esc = vim.api.nvim_replace_termcodes("<esc>", true, false, true)
+  vim.api.nvim_feedkeys(esc, "x", false)
+
+  vim.cmd(":'>put='" .. end_comment .. "'")
+  vim.cmd(":'<-1put='" .. start_comment .. "'")
+end
+
+function M.setup()
+  vim.keymap.set("v", "<C-i>", function()
+    local name = vim.fn.input("Fold name: ")
+    createFold(name)
+  end, { desc = "Create fold markers around area" })
+end
+
+return M
--- a/home/features/neovim/config/lua/my/lazy.lua
+++ b/home/features/neovim/config/lua/my/lazy.lua
@ -26,7 +26,7 @@ function M.setup()
      fallback = true,

      -- Directory where I store my local plugin projects
-      path = vim.g.nix_projects_path,
+      path = vim.g.nix_projects_dir,
      patterns = { "prescientmoon" },
    },
    performance = {
--- a/home/features/neovim/config/lua/my/tempest.lua
+++ b/home/features/neovim/config/lua/my/tempest.lua
@ -130,11 +130,17 @@ function M.configure(opts, context)
    opts = opts(context)
  end

-  if type(opts) ~= "table" then
-    -- TODO: throw
+  if opts == nil then
    return
  end

+  if type(opts) ~= "table" then
+    return error(
+      "Cannot handle non-table options for tempest runtime, "
+        .. vim.inspect(opts)
+    )
+  end
+
  if type(opts.mkContext) == "function" then
    context = opts.mkContext(context)
  end
--- a/home/features/neovim/default.nix
+++ b/home/features/neovim/default.nix
--- a/home/features/neovim/plugins/lspconfig.lua
+++ b/home/features/neovim/plugins/lspconfig.lua
@ -1,4 +1,3 @@
---@diagnostic disable: missing-fields
 local M = {}

 -- {{{ Capabilities
@ -15,92 +14,9 @@ M.capabilities = function()
 end
 -- }}}
 -- {{{ Main config function
-function M.config()
+function M.config(servers)
  local lspconfig = require("lspconfig")

-  -- {{{ General server config
-  ---@type lspconfig.options
-  local servers = {
-    -- {{{ Typescript
-    tsserver = {
-      on_attach = function(client)
-        -- We handle formatting using null-ls and prettierd
-        client.server_capabilities.documentFormattingProvider = false
-      end,
-    },
-    -- }}}
-    -- {{{ Purescript
-    purescriptls = {
-      root_dir = lspconfig.util.root_pattern("spago.yaml"),
-      settings = {
-        purescript = {
-          censorWarnings = {
-            "UnusedName",
-            "ShadowedName",
-            "UserDefinedWarning",
-          },
-          formatter = "purs-tidy",
-        },
-      },
-    },
-    -- }}}
-    -- {{{ Lua
-    lua_ls = {
-      settings = {
-        Lua = {
-          format = {
-            enable = true,
-          },
-          -- Do not send telemetry data containing a randomized but unique identifier
-          telemetry = {
-            enable = false,
-          },
-        },
-      },
-    },
-    -- }}}
-    -- {{{ Latex
-    texlab = {
-      settings = {
-        texlab = {
-          build = {
-            args = {
-              -- Here by default:
-              "-pdf",
-              "-interaction=nonstopmode",
-              "-synctex=1",
-              "%f",
-              -- Required for syntax highlighting inside the generated pdf apparently
-              "-shell-escape",
-            },
-            executable = "latexmk",
-            forwardSearchAfter = true,
-            onSave = true,
-          },
-          chktex = {
-            onOpenAndSave = true,
-            onEdit = true,
-          },
-        },
-      },
-    },
-    -- }}}
-    -- {{{ Nix
-    rnix = {},
-    -- nil_ls = {},
-    nixd = {},
-    -- }}}
-    cssls = {},
-    jsonls = {},
-    dhall_lsp_server = {},
-    typst_lsp = {
-      exportPdf = "onType",
-    },
-    elmls = {},
-    csharp_ls = {},
-  }
-  -- }}}
-
  local capabilities = M.capabilities()
  for lsp, details in pairs(servers) do
    details.capabilities = capabilities
--- a/home/features/neovim/snippets/tex.miros
+++ b/home/features/neovim/snippets/tex.miros
@ -55,10 +55,10 @@ block text

  pattern ([Ll]et)
    name definition
-    snip @1 \$$1 = $2\$
+    snip @1 \$$1 = $2\$ @0

  block auto
-    string im
+    string $
      name inline math
      snip \$$1\$$0

@ -92,11 +92,18 @@ block math
        $7 & $8 & $9
      \end{@matenv}

-  for operator <- @⟨eq,neq,defas,leq,geq,lt,gt,iip,iib,iff⟩
-  for symbol <- @⟨@operator:=,\neq,\coloneq,\leq,\geq,<,>,\implies,\impliedby,\iff⟩
+  for createabbr <- @⟨false,true⟩
+  for operator <- @⟨@createabbr:
+    @⟨eq,lt,gt⟩,
+    @⟨neq,defas,leq,geq,iip,iib,iff⟩
+  ⟩
+  for symbol <- @⟨@createabbr:
+    @⟨@operator:=,<,>⟩,
+    @⟨@operator:\neq,\coloneq,\leq,\geq,\implies,\impliedby,\iff⟩
+  ⟩

  block auto
-    abbr @operator @symbol
+    abbr @⟨@createabbr:op-@operator,@operator⟩ @symbol

    string a@operator
      name align at @operator
@ -177,6 +184,7 @@ block math

    abbr frl \forall
    abbr exs \exists
+    abbr iin \in
    abbr nin \not\in
    abbr ccup \cup
    abbr ccap \cap
@ -187,9 +195,8 @@ block math
    abbr vsm \vecspace
    abbr oball \ball

-    for noperator <- @⟨ordop,land,lor⟩
-    string @noperator
-      snip \\@noperator
+    for noperator <- @⟨ordop,land,lor,equiv,pmod⟩
+    abbr @noperator \\@noperator

    for operator <- @⟨overline,hat,bar,abs,norm,prob,diprod,sin,cos,sqrt,ln,lrb,zmod,gen,diam,prob⟩
    string @operator
@ -247,10 +254,10 @@ block math
      name limit to @limtarget
      snip \lim_{$1 \to @limtargetsymbol} $0

-    string dint
+    string intd
      name definite integral
      snip \int_{$|1⟨$1,-\infty$1⟩}^$|2⟨{$2},\infty$2⟩ $3 \dif $0

-    string iint
+    string inti
      name indefinite integral
      snip \int $1 \dif $0
--- a/home/features/persistence.nix
+++ b/home/features/persistence.nix
@ -1,5 +1,6 @@
-{ config, ... }: {
-  # {{{ Set up my custom imperanence wrapper
+{ config, ... }:
+{
+  # {{{ Set up my custom imperanenceo wrapper
  satellite.persistence = {
    enable = true;

@ -45,6 +46,9 @@
    "${config.xdg.cacheHome}/ghcide"
    "${config.xdg.cacheHome}/cabal"
  ];
+
+  # TODO: should I move this in it's own haskell-specific file?
+  home.file.".stack/config.yaml".text = builtins.toJSON { notify-if-nix-on-path = false; };
  # }}}
  # {{{ Nodejs
  satellite.persistence.at.cache.apps.nodejs = {
@ -77,9 +81,7 @@
  # }}}
  # {{{ Python
  satellite.persistence.at.cache.apps.python = {
-    files = [
-      ".python_history"
-    ];
+    files = [ ".python_history" ];

    directories = [
      ".ipython"
@ -103,7 +105,6 @@
  ];

  satellite.persistence.at.cache.apps.qbittorrent.directories = [
-    # TODO: investigate which subdirectories/files I actually want to keep
    "${config.xdg.dataHome}/qBittorrent" # Torrent files, logs, etc
  ];
  # }}}
@ -112,17 +113,15 @@
    "${config.xdg.configHome}/Signal" # Why tf does signal store it's state here 💀
  ];
  # }}}
-  # {{{ Steam
-  satellite.persistence.at.state.apps.steam = {
-    directories = [
-      ".factorio" # TODO: perhaps this should have it's own file?
-      # A couple of games don't play well with bindfs
-      {
-        directory = "${config.xdg.dataHome}/Steam";
-        method = "symlink";
-      }
+  # {{{ What's app
+  satellite.persistence.at.state.apps.whatsapp.directories = [
+    "${config.xdg.configHome}/whatsapp-for-linux"
+    "${config.xdg.stateHome}/whatsapp-for-linux"
+  ];
+
+  satellite.persistence.at.cache.apps.whatsapp.directories = [
+    "${config.xdg.cacheHome}/whatsapp-for-linux"
  ];
-  };
  # }}}
  # {{{ Lutris
  # TODO: there might be more to cache in .cache/lutris
@ -132,15 +131,27 @@
    "${config.xdg.cacheHome}/lutris/coverart" # Game cover art

    # Aparently IO intensive stuff like games prefer symlinks?
-    { directory = "media/games/lutris"; method = "symlink"; } # Lutris games
+    {
+      directory = "media/games/lutris";
+      method = "symlink";
+    } # Lutris games
  ];
  # }}}
  # {{{ Wine
  satellite.persistence.at.state.apps.wine.directories = [ ".wine" ];
  # }}}
  # {{{ Element
-  satellite.persistence.at.state.apps.element.directories = [
-    "${config.xdg.configHome}/Element"
+  satellite.persistence.at.state.apps.element.directories = [ "${config.xdg.configHome}/Element" ];
+  # }}}
+  # {{{ Bitwarden
+  satellite.persistence.at.state.apps.bitwarden.directories = [
+    "${config.xdg.configHome}/Bitwarden"
+  ];
+  # }}}
+  # {{{ Gnome keyring
+  services.gnome-keyring.enable = true;
+  satellite.persistence.at.state.apps.gnome-keyring.directories = [
+    "${config.xdg.dataHome}/keyrings"
  ];
  # }}}
  # }}}
@ -148,5 +159,9 @@
  # {{{ Sops
  satellite.persistence.at.state.apps.sops.directories = [ "${config.xdg.configHome}/sops/age" ];
  # }}}
+  # {{{ QMK
+  home.sessionVariables.QMK_HOME = "${config.xdg.dataHome}/qmk";
+  satellite.persistence.at.state.apps.qmk.directories = [ config.home.sessionVariables.QMK_HOME ];
+  # }}}
  # }}}
 }
--- a/home/features/wayland/global.nix
+++ b/home/features/wayland/global.nix
@ -1,5 +1,6 @@
 # Common wayland stuff
-{ lib, pkgs, ... }: {
+{ lib, pkgs, ... }:
+{
  imports = [
    ./wlsunset.nix
    ./wlogout.nix
@ -20,7 +21,6 @@
      wl-copy = "${pkgs.wl-clipboard}/bin/wl-copy";
      wl-paste = "${pkgs.wl-clipboard}/bin/wl-paste";

-      # TODO: put this in it's own file perhaps?
      # Taken from [here](https://github.com/fufexan/dotfiles/blob/3b0075fa7a5d38de13c8c32140c4b020b6b32761/home/wayland/default.nix#L14)
      wl-ocr = pkgs.writeShellScriptBin "wl-ocr" ''
        ${_ pkgs.grim} -g "$(${_ pkgs.slurp})" -t ppm - \
@ -36,9 +36,10 @@
          | ${wl-copy}
        ${_ pkgs.libnotify} "Scanned qr code on area with output \"$(${wl-paste})\""
      '';
-      # }}}
    in
-    with pkgs; [
+    # }}}
+    with pkgs;
+    [
      libnotify # Send notifications
      wl-ocr # Custom ocr script
      wl-qr # Custom qr scanner script
--- a/home/features/wayland/hyprland/default.nix
+++ b/home/features/wayland/hyprland/default.nix
@ -1,6 +1,18 @@
-{ pkgs, lib, config, ... }:
 {
-  imports = [ ../global.nix ./hyprpaper.nix ];
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+{
+  imports = [
+    ../global.nix
+    ./hyprpaper.nix
+  ];
+
+  home.packages = [
+    pkgs.gtk3 # Contains gtk-launch
+  ];

  stylix.targets.hyprland.enable = true;
  wayland.windowManager.hyprland = {
@ -23,13 +35,14 @@
          passes = config.satellite.theming.blur.passes;
          contrast = config.satellite.theming.blur.contrast;
          brightness = config.satellite.theming.blur.brightness;
-          noise = 0.05;
+          noise = 5.0e-2;
        };
      };
      # }}}
      # {{{ Monitors
      # Configure monitor properties
-      monitor = lib.forEach config.satellite.monitors (m:
+      monitor = lib.forEach config.satellite.monitors (
+        m:
        lib.concatStringsSep "," [
          m.name
          "${toString m.width}x${toString m.height}@${toString m.refreshRate}"
@ -39,11 +52,10 @@
      );

      # Map monitors to workspaces
-      workspace = lib.lists.concatMap
-        (m: lib.lists.optional (m.workspace != null) "${m.name},${m.workspace}")
-        config.satellite.monitors;
+      workspace = lib.lists.concatMap (
+        m: lib.lists.optional (m.workspace != null) "${m.name},${m.workspace}"
+      ) config.satellite.monitors;
      # }}}
    };
  };
 }
-
--- a/home/features/wayland/hyprland/hyprland.conf
+++ b/home/features/wayland/hyprland/hyprland.conf
@ -4,22 +4,32 @@
 monitor=,preferred,auto,1

 general {
-  cursor_inactive_timeout = 30 # Hide cursor after being inactive for 30s
+  # cursor_inactive_timeout = 30 # Hide cursor after being inactive for 30s
  resize_on_border = true # Click on borders with the mouse to resize
 }

+decoration {
+  blur {
+    popups = true
+  }
+}
+
 # Blur extra surfaces
 layerrule = blur,gtk-layer-shell
+layerrule = blur,osd
+layerrule = blur,logout_dialog
 layerrule = blur,anyrun
 layerrule = blur,waybar
+
+layerrule = ignorezero,gtk-layer-shell
+layerrule = ignorezero,osd
+layerrule = ignorezero,waybar
 layerrule = ignorezero,anyrun
 layerrule = ignorezero,waybar

 input {
  kb_layout = us

-  # TODO: standardize the touchpad settings.
-  # Right now I also have similar settings for xorg.
  touchpad {
    natural_scroll = true # Invert scrolling direction
  }
@ -34,7 +44,7 @@ misc {
  # Configure the default hyprland branding
  disable_hyprland_logo = true
  disable_splash_rendering = true
-  force_hypr_chan = true
+  # force_hypr_chan = true
 }

 animations {
@ -44,7 +54,7 @@ animations {
 }

 # Execute apps at launch
-exec-once = wezterm & firefox & discocss & spotify & obsidiantui & smostui
+exec-once = foot & firefox & discocss & gtk-launch obsidiantui & gtk-launch smostui & Spotify

 # Without this, xdg-open doesn't work
 exec = systemctl --user import-environment PATH && systemctl --user restart xdg-desktop-portal.service
@ -52,17 +62,11 @@ exec = systemctl --user import-environment PATH && systemctl --user restart xdg-
 # {{{ Window rules
 # {{{ Automatically move stuff to workspaces
 windowrulev2 = workspace 2 silent, title:^(.*Firefox.*)$
-
 windowrulev2 = workspace 3 silent, title:^(.*(Disc|WebC)ord.*)$
 windowrulev2 = workspace 3 silent, title:^(.*Element.*)$
-
 windowrulev2 = workspace 6 silent, title:^(.*(S|s)pot(ify)?.*)$
-
-windowrulev2 = workspace 7 silent, title:^(.*Obsidian.*)$
-windowrulev2 = workspace 7 silent, title:^(.*stellar-sanctum)$
-windowrulev2 = workspace 7 silent, class:^(org\.wezfurlong\.wezterm\.obsidian)$
-
-windowrulev2 = workspace 8 silent, class:^(org\.wezfurlong\.wezterm\.smos)$
+windowrulev2 = workspace 7 silent, class:^(.*Obsidian.*)$
+windowrulev2 = workspace 8 silent, class:^(.*Smos.*)$
 # }}}
 # {{{ Idleinhibit rules
 # - while firefox is fullscreen
@ -80,7 +84,7 @@ bind = $mod, C, killactive, # Kill current
 bind = $mod, F, fullscreen, # Fullscreen

 # Execute external things
-bind = $mod, return, exec, wezterm
+bind = $mod, return, exec, foot
 bind = $mod, T, exec, wl-ocr
 bind = $mod SHIFT, T, exec, wl-qr
 bind = $mod CONTROL, T, exec, hyprpicker | wl-copy && libnotify "Copied color $(wp-paste)" # Color picker
@ -88,8 +92,8 @@ bind = $mod, Q, exec, wlogout # Show logout menu
 bind = $mod, L, exec, loginctl lock-session # Lock screen
 bind = $mod, P, exec, anyrun
 bind = $mod, B, exec, wlsunset-toggle # Toggle blue light filter thingy
-bind = $mod, V, exec, wezterm start vimclip # Vim anywhere!
-bind = $mod, W, exec, ~/projects/form-filler/type.sh
+bind = $mod, V, exec, foot vimclip # Vim anywhere!
+# bind = $mod, W, exec, ~/projects/form-filler/type.sh

 # Work with the special workspace
 bind = $mod, x, togglespecialworkspace,
@ -157,11 +161,15 @@ bind=,escape,submap,reset
 submap=reset
 # }}}
 # {{{ Volume & brightness
-binde=, XF86AudioRaiseVolume,  exec, swayosd --output-volume raise
-binde=, XF86AudioLowerVolume,  exec, swayosd --output-volume lower
-binde=, XF86AudioMute,         exec, swayosd --output-volume mute-toggle
-binde=, XF86AudioMicMute,      exec, swayosd --input-volume  mute-toggle
-binde=, XF86MonBrightnessUp,   exec, swayosd --brightness    raise
-binde=, XF86MonBrightnessDown, exec, swayosd --brightness    lower
+binde=, XF86AudioRaiseVolume,  exec, swayosd-client --output-volume raise
+binde=, XF86AudioLowerVolume,  exec, swayosd-client --output-volume lower
+binde=, XF86AudioMute,         exec, swayosd-client --output-volume mute-toggle
+binde=, XF86AudioMicMute,      exec, swayosd-client --input-volume  mute-toggle
+binde=, XF86MonBrightnessUp,   exec, swayosd-client --brightness    raise
+binde=, XF86MonBrightnessDown, exec, swayosd-client --brightness    lower
+# }}}
+# {{{ App-specific global keybinds
+# OBS
+bind = SUPER, F4, pass, ^(com\.obsproject\.Studio)$ # Start / Stop recording
 # }}}
 # }}}
--- a/home/global.nix
+++ b/home/global.nix
@ -1,4 +1,10 @@
-{ inputs, lib, config, outputs, ... }:
+{
+  inputs,
+  lib,
+  config,
+  outputs,
+  ...
+}:
 let
  # {{{ Imports
  imports = [
@ -23,8 +29,8 @@ let
    ../common
    # }}}
  ];
-  # }}} 
 in
+# }}}
 {
  # Import all modules defined in modules/home-manager
  imports = builtins.attrValues outputs.homeManagerModules ++ imports;
@ -32,10 +38,9 @@ in
  # {{{ Nixpkgs
  nixpkgs = {
    # Add all overlays defined in the overlays directory
-    overlays = builtins.attrValues outputs.overlays ++
-      lib.lists.optional
-        config.satellite.toggles.neovim-nightly.enable
-        inputs.neovim-nightly-overlay.overlay;
+    overlays =
+      builtins.attrValues outputs.overlays
+      ++ lib.lists.optional config.satellite.toggles.neovim-nightly.enable inputs.neovim-nightly-overlay.overlay;

    config.allowUnfree = true;

@ -55,13 +60,15 @@ in
  home = {
    username = lib.mkDefault "adrielus";
    homeDirectory = "/home/${config.home.username}";
-    stateVersion = lib.mkDefault "23.05";
  };
  # }}}
  # {{{ Ad-hoc settings
  # Nicely reload system units when changing configs
  systemd.user.startServices = lib.mkForce "sd-switch";

+  # Enable default application management
+  xdg.mimeApps.enable = true;
+
  # Tell sops-nix to use ssh keys for decrypting secrets
  sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];

@ -92,5 +99,10 @@ in
    extraConfig.XDG_SCREENSHOTS_DIR = "${config.xdg.userDirs.pictures}/screenshots";
    extraConfig.XDG_PROJECTS_DIR = "${config.home.homeDirectory}/projects";
  };
+
+  systemd.user.tmpfiles.rules = [
+    # Clean screenshots older than a week
+    "d ${config.xdg.userDirs.extraConfig.XDG_SCREENSHOTS_DIR} - - - 7d"
+  ];
  # }}}
 }
--- a/home/lapetus.nix
+++ b/home/lapetus.nix
@ -1,3 +0,0 @@
-{
-  imports = [ ./global.nix ];
-}
--- a/home/tethys.nix
+++ b/home/tethys.nix
@ -1,31 +1,32 @@
-{ pkgs, upkgs, lib, config, ... }: {
+{ pkgs, ... }:
+{
  imports = [
    ./global.nix

-    ./features/desktop/zathura.nix
-    ./features/desktop/spotify.nix
-    ./features/desktop/obsidian.nix
-    ./features/desktop/firefox
-    ./features/desktop/discord
-    ./features/cli/productivity
-    ./features/cli/pass.nix
-    ./features/cli/nix-index.nix
    ./features/cli/catgirl.nix
    ./features/cli/lazygit.nix
+    ./features/cli/nix-index.nix
+    ./features/cli/productivity
+    ./features/cli/zellij.nix
+    ./features/desktop/discord
+    ./features/desktop/firefox
+    ./features/desktop/foot.nix
+    ./features/desktop/obsidian.nix
+    ./features/desktop/spotify.nix
+    ./features/desktop/zathura.nix
    ./features/wayland/hyprland
    ./features/neovim
  ];

  # Arbitrary extra packages
  home.packages = with pkgs; [
-    # Desktop apps
    # {{{ Communication
    # signal-desktop # Signal client
    element-desktop # Matrix client
    # zoom-us # Zoom client 🤮
    # }}}
    # {{{ Editors for different formats
-    # gimp # Image editing
+    gimp # Image editing
    # lmms # Music software
    # kicad # PCB editing
    # libreoffice # Free office suite
@ -44,8 +45,7 @@
    # google-chrome # Not my primary browser, but sometimes needed in webdev
    # plover.dev # steno engine

-    # REASON: not available in nixpkgs-stable just yet
-    upkgs.overskride # Bluetooth client
+    overskride # Bluetooth client
    # }}}
    # {{{ Media playing/recording
    mpv # Video player
@ -56,15 +56,18 @@
  ];

  home.sessionVariables.QT_SCREEN_SCALE_FACTORS = 1.4; # Bigger text in qt apps
+  home.stateVersion = "23.05";

  satellite = {
    # Symlink some commonly modified dotfiles outside the nix store
    dev.enable = true;

-    monitors = [{
+    monitors = [
+      {
        name = "eDP-1";
        width = 1920;
        height = 1080;
-    }];
+      }
+    ];
  };
 }
--- a/hosts/nixos/calypso/default.nix
+++ b/hosts/nixos/calypso/default.nix
@ -0,0 +1,66 @@
+{ config, ... }:
+{
+  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+  system.stateVersion = "24.05";
+
+  # {{{ Imports
+  imports = [
+    ../common/global
+
+    ../common/optional/users/pilot.nix
+    ../common/optional/bluetooth.nix
+    ../common/optional/greetd.nix
+    ../common/optional/oci.nix
+    ../common/optional/quietboot.nix
+
+    ../common/optional/desktop
+    ../common/optional/desktop/steam.nix
+    ../common/optional/wayland/hyprland.nix
+
+    ../common/optional/services/kanata.nix
+    ../common/optional/services/nginx.nix
+    ../common/optional/services/syncthing.nix
+    ../common/optional/services/tailscale.nix
+    ../common/optional/services/restic
+    ../common/optional/services/iwd
+
+    ./services/snapper.nix
+
+    ./filesystems
+    ./hardware
+  ];
+  # }}}
+  # {{{ Machine ids
+  networking.hostName = "calypso";
+  networking.hostId = "3f69ae4b";
+  environment.etc.machine-id.text = "24fe28515de243f6ae4c6aa7e4291aac";
+  # }}}
+  # {{{ Tailscale internal IP DNS records
+  satellite.dns.records = [
+    {
+      at = config.networking.hostName;
+      type = "A";
+      value = "100.74.40.5";
+    }
+    {
+      at = config.networking.hostName;
+      type = "AAAA";
+      value = "fd7a:115c:a1e0::1201:2806";
+    }
+  ];
+  # }}}
+  # {{{ A few ad-hoc programs
+  programs.kdeconnect.enable = true;
+  programs.firejail.enable = true;
+  programs.nix-ld.enable = true; # Useful for running non-nix executables
+  # }}}
+  # {{{ SSH keys
+  users.users.pilot.openssh.authorizedKeys.keyFiles = [ ../tethys/keys/id_ed25519.pub ];
+  # }}}
+
+  programs.adb.enable = true;
+  users.users.pilot.extraGroups = [ "adbusers" ];
+
+  satellite.pilot.name = "moon";
+  boot.loader.systemd-boot.enable = true;
+}
--- a/hosts/nixos/calypso/filesystems/default.nix
+++ b/hosts/nixos/calypso/filesystems/default.nix
@ -0,0 +1,71 @@
+{ lib, ... }:
+{
+  imports = [ (import ./partitions.nix { }) ];
+
+  boot.supportedFilesystems = [ "btrfs" ];
+  services.btrfs.autoScrub.enable = true;
+
+  # {{{ Mark a bunch of paths as needed for boot
+  fileSystems =
+    lib.attrsets.genAttrs
+      [
+        "/"
+        "/nix"
+        "/persist/data"
+        "/persist/state"
+        "/persist/local/cache"
+        "/boot"
+      ]
+      (p: {
+        neededForBoot = true;
+      });
+  # }}}
+  # {{{ Rollback
+  boot.initrd.systemd.services.rollback = {
+    description = "Rollback BTRFS root subvolume to a pristine state";
+    wantedBy = [ "initrd.target" ];
+    after = [ "systemd-cryptsetup@crypted.service" ];
+    before = [ "sysroot.mount" ];
+    unitConfig.DefaultDependencies = "no";
+    serviceConfig.Type = "oneshot";
+    script = ''
+      mkdir -p /mnt
+
+      # We first mount the btrfs root to /mnt
+      # so we can manipulate btrfs subvolumes.
+      mount -o subvol=/ /dev/mapper/crypted /mnt
+
+      # While we're tempted to just delete /root and create
+      # a new snapshot from /root-blank, /root is already
+      # populated at this point with a number of subvolumes,
+      # which makes `btrfs subvolume delete` fail.
+      # So, we remove them first.
+      #
+      # /root contains subvolumes:
+      # - /root/var/lib/portables
+      # - /root/var/lib/machines
+      #
+      # I suspect these are related to systemd-nspawn, but
+      # since I don't use it I'm not 100% sure.
+      # Anyhow, deleting these subvolumes hasn't resulted
+      # in any issues so far, except for fairly
+      # benign-looking errors from systemd-tmpfiles.
+      btrfs subvolume list -o /mnt/root |
+        cut -f9 -d' ' |
+        while read subvolume; do
+          echo "deleting /$subvolume subvolume..."
+          btrfs subvolume delete "/mnt/$subvolume"
+        done &&
+        echo "deleting /root subvolume..." &&
+        btrfs subvolume delete /mnt/root
+
+      echo "restoring blank /root subvolume..."
+      btrfs subvolume snapshot /mnt/blank /mnt/root
+
+      # Once we're done rolling back to a blank snapshot,
+      # we can unmount /mnt and continue on the boot process.
+      umount /mnt
+    '';
+  };
+  # }}}
+}
--- a/hosts/nixos/calypso/filesystems/partitions.nix
+++ b/hosts/nixos/calypso/filesystems/partitions.nix
@ -0,0 +1,100 @@
+{
+  disks ? [ "/dev/nvme0n1" ],
+  ...
+}:
+{
+  disko.devices.disk.main = {
+    type = "disk";
+    device = builtins.elemAt disks 0;
+    content = {
+      type = "gpt";
+      partitions = {
+        # {{{ Boot
+        ESP = {
+          size = "512M";
+          type = "EF00";
+          content = {
+            type = "filesystem";
+            format = "vfat";
+            mountpoint = "/boot";
+            mountOptions = [ "defaults" ];
+          };
+        };
+        # }}}
+        # {{{ Luks
+        luks = {
+          size = "384G"; # The remaining space is left for windows
+          content = {
+            type = "luks";
+            name = "crypted";
+            passwordFile = "/hermes/secrets/calypso/disk.key";
+            settings.allowDiscards = true;
+            content = {
+              type = "btrfs";
+              extraArgs = [ "-f" ];
+
+              subvolumes = {
+                # {{{ /
+                "root" = {
+                  mountpoint = "/";
+                  mountOptions = [
+                    "compress=zstd"
+                    "noatime"
+                  ];
+                };
+                # }}}
+                # {{{ /blank
+                "blank" = {
+                  mountpoint = "/blank";
+                  # should we reuse the `root` options here?
+                  mountOptions = [
+                    "compress=zstd"
+                    "noatime"
+                  ];
+                };
+                # }}}
+                # {{{ /swap
+                "swap" = {
+                  mountpoint = "/.swapvol";
+                  swap.swapfile.size = "20G";
+                };
+                # }}}
+                # {{{ /persist/data
+                "persist-data" = {
+                  mountpoint = "/persist/data";
+                  mountOptions = [ "compress=zstd" ];
+                };
+                # }}}
+                # {{{ /persist/state
+                "persist-state" = {
+                  mountpoint = "/persist/state";
+                  mountOptions = [ "compress=zstd" ];
+                };
+                # }}}
+                # {{{ /local/nix
+                "local-nix" = {
+                  mountpoint = "/nix";
+                  mountOptions = [
+                    "compress=zstd"
+                    "noatime"
+                  ];
+                };
+                # }}}
+                # {{{ /local/cache
+                "local-cache" = {
+                  mountpoint = "/persist/local/cache";
+                  mountOptions = [
+                    "compress=zstd"
+                    "noatime"
+                  ];
+                };
+                # }}}
+              };
+            };
+          };
+        };
+        # }}}
+      };
+    };
+  };
+}
--- a/hosts/nixos/calypso/hardware/default.nix
+++ b/hosts/nixos/calypso/hardware/default.nix
@ -0,0 +1,28 @@
+{ inputs, ... }:
+{
+  # {{{ Imports
+  imports = with inputs.nixos-hardware.nixosModules; [
+    common-cpu-amd
+    common-gpu-amd
+    common-pc-laptop
+    common-pc-ssd
+    ./generated.nix
+  ];
+  # }}}
+  # {{{ Misc
+  hardware.enableAllFirmware = true;
+  hardware.opengl.enable = true;
+  hardware.opentabletdriver.enable = true;
+  hardware.keyboard.qmk.enable = true;
+  # }}}
+  # {{{ Power management
+  powerManagement.cpuFreqGovernor = "performance";
+  services.tlp = {
+    enable = true;
+    settings = {
+      CPU_SCALING_GOVERNOR_ON_BAT = "performance";
+      CPU_SCALING_GOVERNOR_ON_AC = "performance";
+    };
+  };
+  # }}}
+}
--- a/hosts/nixos/calypso/hardware/generated.nix
+++ b/hosts/nixos/calypso/hardware/generated.nix
@ -0,0 +1,26 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/nixos/calypso/keys/id_ed25519.pub
+++ b/hosts/nixos/calypso/keys/id_ed25519.pub
@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBwFNYf8q84oGOwiGCXmJqeBPdglTPcWJB9nnLpmS2RG moon@calypso
--- a/hosts/nixos/calypso/keys/ssh_host_ed25519_key.pub
+++ b/hosts/nixos/calypso/keys/ssh_host_ed25519_key.pub
@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASX1E4WYg5dydret3G0fWYJLQn2oRxNZdHWWaJojW1a root@calypso
--- a/hosts/nixos/calypso/keys/ssh_host_rsa_key.pub
+++ b/hosts/nixos/calypso/keys/ssh_host_rsa_key.pub
@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAfRDNDA5B0YlnR0K5wQ0w6pMl0Pi8WIjanKol5SA615VDye3caBdv3UzxdC221ECIa9bZQcaKt/ncIuj/3fE49W8D0+2wL/1Eruy4ximAVAtLgIMzm+hl/dP3KsyTjUajIUbso08S9PUjtJl8PgmiiEPEppMAo++hwKycn5bRoUywE/VoNgPhAB5sgKaFZiQhPu4q0mZWhikGiaJzKPRi84bP4gCL9/h0slSWP3VmhWE7Vyvyjv6OKHdfjXoJA/AjSd3VogmGnzDWUI5lkwJzkHv/ybie9+7y+0o+wBu4+0lJlchBEq0f6dp9fw0MZRt84DYw8/MFDa+SXq5cO5aAwHARpRYeAHkPIRnwJbxTqn6uDlAdWrIxY8SPXIrrBpfnVSoaH8SJN/spsEoILkqrOpncQi5QP1rY8Bi2zaI13WD1kYsh9l4FqmqvCeawEgN0pedudZf2qqHWD93lDTAWxM7k5rPHSSgnnfsgwE35peBpmepJH8ZNFaBqw+aCvIM= root@calypso
--- a/hosts/nixos/calypso/services/snapper.nix
+++ b/hosts/nixos/calypso/services/snapper.nix
@ -0,0 +1,43 @@
+{ config, lib, ... }:
+{
+  # Why is this not part of the nixos module...
+  systemd.tmpfiles.rules = lib.mapAttrsToList (
+    _: c: "Q ${c.SUBVOLUME}/.snapshots"
+  ) config.services.snapper.configs;
+
+  services.snapper = {
+    snapshotInterval = "hourly";
+    cleanupInterval = "1d";
+    # http://snapper.io/manpages/snapper-configs.html
+    configs = {
+      # {{{ Data
+      data = {
+        SUBVOLUME = "/persist/data";
+        TIMELINE_CREATE = true;
+        TIMELINE_CLEANUP = true;
+        BACKGROUND_COMPARISON = "yes";
+
+        TIMELINE_LIMIT_HOURLY = "24";
+        TIMELINE_LIMIT_DAILY = "7";
+        TIMELINE_LIMIT_WEEKLY = "4";
+        TIMELINE_LIMIT_MONTHLY = "12";
+        TIMELINE_LIMIT_YEARLY = "0";
+      };
+      # }}}
+      # {{{ State
+      state = {
+        SUBVOLUME = "/persist/state";
+        TIMELINE_CREATE = true;
+        TIMELINE_CLEANUP = true;
+        BACKGROUND_COMPARISON = "yes";
+
+        TIMELINE_LIMIT_HOURLY = "6";
+        TIMELINE_LIMIT_DAILY = "3";
+        TIMELINE_LIMIT_WEEKLY = "1";
+        TIMELINE_LIMIT_MONTHLY = "1";
+        TIMELINE_LIMIT_YEARLY = "0";
+      };
+      # }}}
+    };
+  };
+}
--- a/hosts/nixos/common/global/cli/htop.nix
+++ b/hosts/nixos/common/global/cli/htop.nix
@ -1,8 +0,0 @@
-{
-  programs.htop = {
-    enable = true;
-    settings = {
-      tree_view = true;
-    };
-  };
-}
--- a/hosts/nixos/common/global/cli/sudo.nix
+++ b/hosts/nixos/common/global/cli/sudo.nix
@ -1,12 +0,0 @@
-{ pkgs, inputs, lib, ... }: {
-  security.sudo = {
-    enable = true;
-    extraRules = [{
-      commands = [{
-        command = lib.getExe inputs.deploy-rs.packages.${pkgs.system}.default;
-        options = [ "NOPASSWD" ];
-      }];
-      groups = [ "wheel" ];
-    }];
-  };
-}
--- a/hosts/nixos/common/global/default.nix
+++ b/hosts/nixos/common/global/default.nix
@ -1,5 +1,11 @@
 # Configuration pieces included on all (nixos) hosts
-{ inputs, lib, config, outputs, ... }:
+{
+  inputs,
+  lib,
+  config,
+  outputs,
+  ...
+}:
 let
  # {{{ Imports
  imports = [
@ -7,24 +13,21 @@ let
    inputs.disko.nixosModules.default
    inputs.stylix.nixosModules.stylix
    inputs.sops-nix.nixosModules.sops
-    inputs.nixos-dns.nixosModules.dns
    # }}}
    # {{{ global configuration
    ./cli/fish.nix
-    ./cli/htop.nix
    ./services/openssh.nix
-    ./services/tailscale.nix
    ./nix.nix
    ./locale.nix
+    ./unicode.nix
    ./persistence.nix
    ./ports.nix
-    ./wireless

    ../../../../common
    # }}}
  ];
-  # }}}
 in
+# }}}
 {
  # Import all modules defined in modules/nixos
  imports = builtins.attrValues outputs.nixosModules ++ imports;
@ -47,10 +50,9 @@ in

  nixpkgs = {
    # Add all overlays defined in the overlays directory
-    overlays = builtins.attrValues outputs.overlays ++
-      lib.lists.optional
-        config.satellite.toggles.neovim-nightly.enable
-        inputs.neovim-nightly-overlay.overlay;
+    overlays =
+      builtins.attrValues outputs.overlays
+      ++ lib.lists.optional config.satellite.toggles.neovim-nightly.enable inputs.neovim-nightly-overlay.overlay;

    config.allowUnfree = true;
  };
--- a/hosts/nixos/common/global/nix.nix
+++ b/hosts/nixos/common/global/nix.nix
@ -1,7 +1,14 @@
-{ config, lib, pkgs, inputs, ... }: {
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}:
+{
  nix = {
    # Flake support and whatnot
-    package = pkgs.nixUnstable;
+    package = pkgs.lix;

    # Weekly clean up the store, I think
    gc = {
@ -32,7 +39,7 @@
      experimental-features = [
        "nix-command"
        "flakes"
-        "repl-flake"
+        # "repl-flake"
        "auto-allocate-uids"
        # "configurable-impure-env"
      ];
@ -43,8 +50,10 @@
      # Deduplicate and optimize nix store
      auto-optimise-store = true;

-      # TODO: what is a trusted user?
-      trusted-users = [ "root" "@wheel" ];
+      trusted-users = [
+        "root"
+        "@wheel"
+      ];
    };
  };
 }
--- a/hosts/nixos/common/global/persistence.nix
+++ b/hosts/nixos/common/global/persistence.nix
@ -3,7 +3,13 @@
 # users' home persist dir exists and has the right permissions
 #
 # It works even if / is tmpfs, btrfs snapshot, or even not ephemeral at all.
-{ lib, inputs, config, ... }: {
+{
+  lib,
+  inputs,
+  config,
+  ...
+}:
+{
  imports = [ inputs.impermanence.nixosModules.impermanence ];

  environment.persistence."/persist/state".directories = [
@ -16,14 +22,21 @@
  # See [the imperanence readme](https://github.com/nix-community/impermanence#home-manager)
  programs.fuse.userAllowOther = true;

+  # {{{ Disable sudo default lecture
+  security.sudo.extraConfig = ''
+    Defaults lecture = never
+  '';
+  # }}}
  # {{{ Create home directories
  systemd.tmpfiles.rules =
    let
-      users = lib.filter (v: v != null && v.isNormalUser)
-        (lib.mapAttrsToList (_: u: u) config.users.users);
+      users = lib.filter (v: v != null && v.isNormalUser) (
+        lib.mapAttrsToList (_: u: u) config.users.users
+      );

-      mkHomePersistFor = location: lib.forEach users
-        (user: "Q ${location}${user.home} ${user.homeMode} ${user.name} ${user.group} -");
+      mkHomePersistFor =
+        location:
+        lib.forEach users (user: "d ${location}${user.home} ${user.homeMode} ${user.name} ${user.group} -");
    in
    lib.flatten [
      (mkHomePersistFor "/persist/data")
@ -32,4 +45,3 @@
    ];
  # }}}
 }
-
--- a/hosts/nixos/common/global/ports.nix
+++ b/hosts/nixos/common/global/ports.nix
@ -24,5 +24,6 @@
    jupyterhub = 8420;
    guacamole = 8421;
    syncthing = 8422;
+    forgejo-ssh = 8423;
  };
 }
--- a/hosts/nixos/common/global/services/openssh.nix
+++ b/hosts/nixos/common/global/services/openssh.nix
@ -1,6 +1,10 @@
 # This setups a SSH server.
-# TODO: persistence
-{ outputs, config, lib, ... }:
+{
+  outputs,
+  config,
+  lib,
+  ...
+}:
 let
  # Record containing all the hosts
  hosts = outputs.nixosConfigurations;
@ -16,8 +20,8 @@ in
    enable = true;

    settings = {
-      PermitRootLogin = "no"; # Forbid root login through SSH.
-      PasswordAuthentication = false; # Use keys only.
+      PermitRootLogin = lib.mkDefault "no"; # Forbid root login through SSH.
+      PasswordAuthentication = lib.mkDefault false; # Use keys only.
    };

    # Automatically remove stale sockets
@ -27,7 +31,10 @@ in

    # Generate ssh key
    hostKeys =
-      let mkKey = type: path: extra: { inherit type path; } // extra;
+      let
+        mkKey =
+          type: path: extra:
+          { inherit type path; } // extra;
      in
      [
        (mkKey "ed25519" "/persist/state/etc/ssh/ssh_host_ed25519_key" { })
@ -35,35 +42,33 @@ in
      ];
  };

-  # TODO: is this safe? Can we ssh back and gain root access this way?
-  # Passwordless sudo when SSH'ing with keys
-  # security.pam.enableSSHAgentAuth = true;
-
-  # SSH on slow connections
-  programs.mosh.enable = true;
-
  # Add each host in this repo to the knownHosts list
  programs.ssh = {
    knownHosts = lib.pipe hosts [
      # attrsetof host -> attrsetof { ... }
      (builtins.mapAttrs
        # string -> host -> { ... }
-        (name: _: {
+        (
+          name: _: {
            publicKeyFile = pubKey name;
            extraHostNames = lib.optional (name == hostname) "localhost";
-        }))
+          }
+        )
+      )

      # attrsetof { ... } -> attrsetof { ... }
      (lib.attrsets.filterAttrs
        # string -> { ... } -> bool
-        (_: { publicKeyFile, ... }: builtins.pathExists publicKeyFile))
+        (_: { publicKeyFile, ... }: builtins.pathExists publicKeyFile)
+      )
    ];
  };

-
  # By default, this will ban failed ssh attempts
  services.fail2ban.enable = true;

  # Makes it easy to copy host keys at install time without messing up permissions
-  systemd.tmpfiles.rules = [ "d /persist/state/etc/ssh" ];
+  systemd.tmpfiles.rules = [
+    "d /persist/state/etc/ssh"
+  ] ++ (lib.lists.forEach config.services.openssh.hostKeys (key: "e ${key.path} 0700"));
 }
--- a/hosts/nixos/common/global/unicode.nix
+++ b/hosts/nixos/common/global/unicode.nix
@ -0,0 +1,11 @@
+{ pkgs, ... }:
+{
+  i18n.inputMethod = {
+    enabled = "fcitx5";
+    fcitx5.addons = with pkgs; [
+      fcitx5-gtk
+      fcitx5-configtool
+    ];
+  };
+}
+
--- a/hosts/nixos/common/optional/desktop/default.nix
+++ b/hosts/nixos/common/optional/desktop/default.nix
@ -0,0 +1,8 @@
+{
+  imports = [
+    ../pipewire.nix
+    ./xdg-portal.nix
+  ];
+
+  stylix.targets.gtk.enable = true;
+}
--- a/hosts/nixos/common/optional/desktop/steam.nix
+++ b/hosts/nixos/common/optional/desktop/steam.nix
@ -1,8 +1,7 @@
-# TODO(imperanence): handle persistence
-{ lib, ... }: {
+{
  programs.steam = {
    enable = true;
    remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
-    dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+    # gamescopeSession.enable = true;
  };
 }
--- a/hosts/nixos/common/optional/oci.nix
+++ b/hosts/nixos/common/optional/oci.nix
@ -2,12 +2,7 @@
  virtualisation.oci-containers.backend = "docker";

  environment.persistence = {
-    "/persist/state".directories = [
-      "/var/lib/containers/storage"
-    ];
-
-    "/persist/local/cache".directories = [
-      "/var/lib/containers/cache"
-    ];
+    "/persist/state".directories = [ "/var/lib/containers/storage" ];
+    "/persist/local/cache".directories = [ "/var/lib/containers/cache" ];
  };
 }
--- a/hosts/nixos/common/optional/pipewire.nix
+++ b/hosts/nixos/common/optional/pipewire.nix
@ -1,5 +1,5 @@
 # This handles audio stuff
-{ pkgs, ... }: {
+{
  security.rtkit.enable = true;
  hardware.pulseaudio.enable = false;

--- a/hosts/nixos/common/optional/services/iwd/README.md
+++ b/hosts/nixos/common/optional/services/iwd/README.md
@ -0,0 +1 @@
+The certificate is taken from the source code of the python script found at [cat.eduroam.org](https://cat.eduroam.org/) for my university, so I assume it's ok to share around?
--- a/hosts/nixos/common/optional/services/iwd/default.nix
+++ b/hosts/nixos/common/optional/services/iwd/default.nix
@ -0,0 +1,29 @@
+{ config, ... }:
+{
+  networking.wireless.iwd = {
+    enable = true;
+
+    settings = {
+      IPv6.Enabled = true;
+      Settings.AutoConnect = true;
+    };
+  };
+
+  environment.persistence."/persist/state".directories = [ "/var/lib/iwd" ];
+
+  sops.templates."eduroam.8021x".path = "/var/lib/iwd/eduroam.8021x";
+  sops.secrets.eduroam_pass.sopsFile = ../../../secrets.yaml;
+  sops.templates."eduroam.8021x".content = ''
+    [Security]
+    EAP-Method=PEAP
+    EAP-Identity=s5260329@rug.nl
+    EAP-PEAP-CACert=${./eduroam.pem}
+    EAP-PEAP-Phase2-Method=MSCHAPV2
+    EAP-PEAP-Phase2-Identity=s5260329@rug.nl
+    EAP-PEAP-Phase2-Password=${config.sops.placeholder.eduroam_pass}
+    EAP-PEAP-ServerDomainMask=radius.rug.nl
+
+    [Settings]
+    AutoConnect=true
+  '';
+}
--- a/hosts/nixos/common/optional/services/iwd/eduroam.pem
+++ b/hosts/nixos/common/optional/services/iwd/eduroam.pem
@ -0,0 +1,98 @@
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
+YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
+MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
+GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
+BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
+3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
+YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
+rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
+ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
+oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
+MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
+QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
+b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
+AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
+GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
+Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
+G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
+l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
+smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB
+iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
+cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
+BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw
+MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV
+BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
+aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy
+dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B
+3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY
+tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/
+Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2
+VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT
+79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6
+c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT
+Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l
+c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee
+UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE
+Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
+BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF
+Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO
+VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3
+ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs
+8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR
+iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze
+Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ
+XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/
+qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB
+VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
+L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
+jjxDah2nGN59PRbxYvnKkKj9
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIG5TCCBM2gAwIBAgIRANpDvROb0li7TdYcrMTz2+AwDQYJKoZIhvcNAQEMBQAw
+gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
+ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
+VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIw
+MDIxODAwMDAwMFoXDTMzMDUwMTIzNTk1OVowRDELMAkGA1UEBhMCTkwxGTAXBgNV
+BAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNVBAMTEUdFQU5UIE9WIFJTQSBDQSA0
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApYhi1aEiPsg9ZKRMAw9Q
+r8Mthsr6R20VSfFeh7TgwtLQi6RSRLOh4or4EMG/1th8lijv7xnBMVZkTysFiPmT
+PiLOfvz+QwO1NwjvgY+Jrs7fSoVA/TQkXzcxu4Tl3WHi+qJmKLJVu/JOuHud6mOp
+LWkIbhODSzOxANJ24IGPx9h4OXDyy6/342eE6UPXCtJ8AzeumTG6Dfv5KVx24lCF
+TGUzHUB+j+g0lSKg/Sf1OzgCajJV9enmZ/84ydh48wPp6vbWf1H0O3Rd3LhpMSVn
+TqFTLKZSbQeLcx/l9DOKZfBCC9ghWxsgTqW9gQ7v3T3aIfSaVC9rnwVxO0VjmDdP
+FNbdoxnh0zYwf45nV1QQgpRwZJ93yWedhp4ch1a6Ajwqs+wv4mZzmBSjovtV0mKw
+d+CQbSToalEUP4QeJq4Udz5WNmNMI4OYP6cgrnlJ50aa0DZPlJqrKQPGL69KQQz1
+2WgxvhCuVU70y6ZWAPopBa1ykbsttpLxADZre5cH573lIuLHdjx7NjpYIXRx2+QJ
+URnX2qx37eZIxYXz8ggM+wXH6RDbU3V2o5DP67hXPHSAbA+p0orjAocpk2osxHKo
+NSE3LCjNx8WVdxnXvuQ28tKdaK69knfm3bB7xpdfsNNTPH9ElcjscWZxpeZ5Iij8
+lyrCG1z0vSWtSBsgSnUyG/sCAwEAAaOCAYswggGHMB8GA1UdIwQYMBaAFFN5v1qq
+K0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBRvHTVJEGwy+lmgnryK6B+VvnF6DDAO
+BgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggr
+BgEFBQcDAQYIKwYBBQUHAwIwOAYDVR0gBDEwLzAtBgRVHSAAMCUwIwYIKwYBBQUH
+AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMFAGA1UdHwRJMEcwRaBDoEGGP2h0
+dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9u
+QXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6
+Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAl
+BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B
+AQwFAAOCAgEAUtlC3e0xj/1BMfPhdQhUXeLjb0xp8UE28kzWE5xDzGKbfGgnrT2R
+lw5gLIx+/cNVrad//+MrpTppMlxq59AsXYZW3xRasrvkjGfNR3vt/1RAl8iI31lG
+hIg6dfIX5N4esLkrQeN8HiyHKH6khm4966IkVVtnxz5CgUPqEYn4eQ+4eeESrWBh
+AqXaiv7HRvpsdwLYekAhnrlGpioZ/CJIT2PTTxf+GHM6cuUnNqdUzfvrQgA8kt1/
+ASXx2od/M+c8nlJqrGz29lrJveJOSEMX0c/ts02WhsfMhkYa6XujUZLmvR1Eq08r
+48/EZ4l+t5L4wt0DV8VaPbsEBF1EOFpz/YS2H6mSwcFaNJbnYqqJHIvm3PLJHkFm
+EoLXRVrQXdCT+3wgBfgU6heCV5CYBz/YkrdWES7tiiT8sVUDqXmVlTsbiRNiyLs2
+bmEWWFUl76jViIJog5fongEqN3jLIGTG/mXrJT1UyymIcobnIGrbwwRVz/mpFQo0
+vBYIi1k2ThVh0Dx88BbF9YiP84dd8Fkn5wbE6FxXYJ287qfRTgmhePecPc73Yrzt
+apdRcsKVGkOpaTIJP/l+lAHRLZxk/dUtyN95G++bOSQqnOCpVPabUGl2E/OEyFrp
+Ipwgu2L/WJclvd6g+ZA/iWkLSMcpnFb+uX6QBqvD6+RNxul1FaB5iHY=
+-----END CERTIFICATE-----
--- a/hosts/nixos/common/optional/services/kanata.nix
+++ b/hosts/nixos/common/optional/services/kanata.nix
@ -20,103 +20,56 @@ let
      em (unicode —)
    )
    ;; }}}
-    ;; {{{ Chord aliases
-    (defalias
-      chq (chord mainchords q)
-      chw (chord mainchords w)
-      che (chord mainchords e)
-      chr (chord mainchords r)
-      cha (chord mainchords a)
-      chs (chord mainchords s)
-      chd (chord mainchords d)
-      chf (chord mainchords f)
-      chz (chord mainchords z)
-      chx (chord mainchords x)
-      chc (chord mainchords c)
-      chg (chord mainchords g)
-      chh (chord mainchords h)
-      chi (chord mainchords i)
-      chp (chord mainchords p)
-      chj (chord mainchords j)
-      chk (chord mainchords k)
-      chl (chord mainchords l)
-      ch: (chord mainchords :)
-      chn (chord mainchords n)
-    ) 
-    ;; }}}
-
-    (defchords mainchords ${toString chordDelay}
-    ;; {{{ Single keys
-      (q) q
-      (w) w
-      (e) e
-      (r) r
-      (a) a
-      (s) s
-      (d) d
-      (f) f
-      (z) z
-      (x) x
-      (c) c
-      (g) g
-      (h) h
-      (i) i
-      (p) p
-      (j) j
-      (k) k
-      (l) l
-      (:) ;
-      (n) n
-    ;; }}}
+    (defchordsv2-experimental
      ;; {{{ Left modifiers
-      (a s    ) lalt
-      (  s d  ) lsft
-      (  s   f) lctl
-      (  s d f) C-lsft
-      (a s d  ) S-lalt
-      (a s d f) C-S-lalt
+      (a s d f) (multi lctl lalt lsft) ${toString chordDelay} all-released ()
+      (a s d  ) (multi lalt lsft) ${toString chordDelay} all-released ()
+      (  s d f) (multi lctl lsft) ${toString chordDelay} all-released ()
+      (a s    ) lalt ${toString chordDelay} all-released ()
+      (  s d  ) lsft ${toString chordDelay} all-released ()
+      (  s   f) lctl ${toString chordDelay} all-released ()
      ;; }}}
      ;; {{{ Right modifiers
-      (    l :) ralt
-      (  k l  ) rsft
-      (j   l  ) rctl
-      (j k l  ) C-rsft
-      (  k l :) S-ralt
-      (j k l :) C-S-ralt
+      (j k l ;) (multi rctl ralt rsft) ${toString chordDelay} all-released ()
+      (j k l  ) (multi rctl rsft) ${toString chordDelay} all-released ()
+      (  k l ;) (multi ralt rsft) ${toString chordDelay} all-released ()
+      (j   l  ) rctl ${toString chordDelay} all-released ()
+      (  k l  ) rsft ${toString chordDelay} all-released ()
+      (    l ;) ralt ${toString chordDelay} all-released ()
      ;; }}}
      ;; {{{ Special keys
-      (d f) tab
-      (e f) ret
-      (q w) esc
+      (d f) tab ${toString chordDelay} all-released ()
+      (e f) ret ${toString chordDelay} all-released ()
+      (q w) esc ${toString chordDelay} all-released ()

-      (g h) bspc
-      (n l) rmet
+      (g h) bspc ${toString chordDelay} all-released ()
+      (n l) rmet ${toString chordDelay} all-released ()

-      (j k) f10
-      (c p) f11
-      (j i) f12
+      (j k) f10 ${toString chordDelay} all-released ()
+      (c p) f11 ${toString chordDelay} all-released ()
+      (j i) f12 ${toString chordDelay} all-released ()
      ;; }}}
      ;; {{{ Wm keybinds
-      (n l k) M-p
-      (n l q) M-1
-      (n l w) M-2
-      (n l e) M-3
-      (n l r) M-4
-      (n l a) M-5
-      (n l s) M-6
-      (n l d) M-7
-      (n l f) M-8
-      (n l z) M-9
-      (n l x) M-0
+      (n l k) M-p ${toString chordDelay} all-released ()
+      (n l q) M-1 ${toString chordDelay} all-released ()
+      (n l w) M-2 ${toString chordDelay} all-released ()
+      (n l e) M-3 ${toString chordDelay} all-released ()
+      (n l r) M-4 ${toString chordDelay} all-released ()
+      (n l t) M-5 ${toString chordDelay} all-released ()
+      (n l a) M-6 ${toString chordDelay} all-released ()
+      (n l s) M-7 ${toString chordDelay} all-released ()
+      (n l d) M-8 ${toString chordDelay} all-released ()
+      (n l f) M-9 ${toString chordDelay} all-released ()
+      (n l g) M-0 ${toString chordDelay} all-released ()
      ;; }}}
    )

    ;; {{{ Qwerty
    (deflayer qwerty
      XX   XX   XX   XX   XX   XX   XX   XX   XX   XX   XX   XX   XX   XX
-      XX   @chq @chw @che @chr t    y    u    @chi o    @chp XX   XX   XX
-      XX   @cha @chs @chd @chf @chg @chh @chj @chk @chl @ch: XX   XX
-      lsft @chz @chx @chc v    b    @chn m    ,    .    '    XX
+      XX   q    w    e    r    t    y    u    i    o    p    XX   XX   XX
+      XX   a    s    d    f    g    h    j    k    l    ;    XX   XX
+      lsft z    x    c    v    b    n    m    ,    .    '    XX
      XX   lmet @red           spc           @blue
    )
    ;; }}}
@ -167,11 +120,17 @@ let
    )
    ;; }}}
  '';
+
+  extraDefCfg = ''
+    concurrent-tap-hold true ;; Required by chords
+  '';
 in
 {
  services.kanata = {
    enable = true;
    keyboards.tethysLaptop = {
+      inherit extraDefCfg;
+
      devices = [ "/dev/input/by-path/platform-i8042-serio-0-event-kbd" ];

      config = mkConfig {
@ -182,6 +141,8 @@ in
    };

    keyboards.keychronK6 = {
+      inherit extraDefCfg;
+
      devices = [ "/dev/input/by-id/usb-Keychron_Keychron_K6-event-kbd" ];

      config = mkConfig {
--- a/hosts/nixos/common/optional/services/restic/default.nix
+++ b/hosts/nixos/common/optional/services/restic/default.nix
@ -3,24 +3,31 @@ let
  backupUrl = lib.removeSuffix "\n" (builtins.readFile ./url.txt);

  # {{{ Backup helper
-  createBackup = { name, paths, exclude, pruneOpts }: {
+  createBackup =
+    {
+      name,
+      paths,
+      exclude,
+      pruneOpts,
+    }:
+    {
      inherit pruneOpts paths;

      initialize = true;
      repository = "sftp:${backupUrl}:backups/${name}";
      passwordFile = config.sops.secrets.backup_password.path;
-    extraOptions = [ "sftp.args='-i ${config.users.users.pilot.home}/.ssh/id_ed25519'" ];
+      extraOptions = [ "sftp.args='-i /persist/state/etc/ssh/ssh_host_ed25519_key'" ];

      exclude = [
-      # Syncthing / direnv / git stuff
-      ".direnv"
-      ".git"
-      ".stfolder"
-      ".stversions"
+        ".direnv" # Direnv
+        ".git" # Git
+        ".stfolder" # Syncthing
+        ".stversions" # Syncthing
+        ".snapshots" # Snapper
      ] ++ exclude;
    };
-  # }}}
 in
+# }}}
 {
  sops.secrets.backup_password.sopsFile = ../../../secrets.yaml;

@ -28,6 +35,8 @@ in
    # {{{ Data
    data = createBackup {
      name = "data";
+
+      # Kept for at most 1 year
      pruneOpts = [
        "--keep-daily 7"
        "--keep-weekly 4"
@ -39,12 +48,17 @@ in
      exclude = [
        # Projects are available on github and in my own forge already
        "/persist/data${config.users.users.pilot.home}/projects"
+
+        # Screenshots are usually worthless
+        "/persist/data${config.users.users.pilot.home}/media/pictures/screenshots"
      ];
    };
    # }}}
    # {{{ State
    state = createBackup {
      name = "state";
+
+      # Kept for at most 1 month
      pruneOpts = [
        "--keep-daily 3"
        "--keep-weekly 1"
@ -54,14 +68,28 @@ in

      paths = [ "/persist/state" ];
      exclude =
-        let home = "/persist/state/${config.users.users.pilot.home}";
+        let
+          home = "/persist/state${config.users.users.pilot.home}";
        in
        [
-          "${home}/discord" # There's lots of cache stored in here
-          "${home}/steam" # Games can be quite big
+          "/persist/state/var/log"
+          "${home}/discord"
+          "${home}/element"
+          "${home}/firefox"
+          "${home}/lutris"
+          "${home}/qmk"
+          "${home}/signal"
+          "${home}/spotify"
+          "${home}/steam"
+          "${home}/whatsapp"
+          "${home}/wine"
        ];
    };
    # }}}
  };
-}

+  environment.persistence."/persist/local/cache".directories = [
+    "/var/cache/restic-backups-data"
+    "/var/cache/restic-backups-state"
+  ];
+}
--- a/hosts/nixos/common/optional/services/tailscale.nix
+++ b/hosts/nixos/common/optional/services/tailscale.nix
@ -1,4 +1,5 @@
-{ lib, ... }: {
+{ lib, ... }:
+{
  # enable the tailscale service
  services.tailscale = {
    enable = true;
--- a/hosts/nixos/common/optional/services/wpa_supplicant.nix
+++ b/hosts/nixos/common/optional/services/wpa_supplicant.nix
@ -1,4 +1,5 @@
-{ config, ... }: {
+{ config, ... }:
+{
  sops.secrets.wireless.sopsFile = ../../secrets.yaml;

  # https://github.com/NixOS/nixpkgs/blob/nixos-22.11/nixos/modules/services/networking/wpa_supplicant.nix
@ -21,6 +22,7 @@
      "Ziggo1721699".psk = "@NL_PLACE_1_PASS@";
      "Konijntjes".psk = "@NL_PLACE_1_PODS_PASS@";
      "InfoEdu12".psk = "@INFOEDU_PASS@";
+      "CNU19".psk = "@INFOEDU_PASS@";
      "ZTE_F7A321".psk = "@MADALINA_PASS@";

      # [Working solution](https://bbs.archlinux.org/viewtopic.php?id=271336)
--- a/hosts/nixos/common/optional/users/pilot.nix
+++ b/hosts/nixos/common/optional/users/pilot.nix
@ -0,0 +1,72 @@
+{
+  pkgs,
+  outputs,
+  config,
+  lib,
+  ...
+}:
+{
+  # This is it's own attribute in order to prevent infinite recursion
+  # in certain places.
+  satellite.pilot.name = lib.mkDefault "adrielus";
+
+  # {{{ Password handling
+  sops.secrets.pilot_password = {
+    sopsFile = ../../secrets.yaml;
+    neededForUsers = true;
+  };
+  # }}}
+
+  users = {
+    # Configure users through nix only
+    mutableUsers = false;
+
+    # Sync up root and `pilot` shell
+    users.root.shell = config.users.users.pilot.shell;
+
+    # {{{ Create pilot user
+    users.pilot = {
+      inherit (config.satellite.pilot) name;
+
+      # This gets referenced in other parts of the config
+      uid = 1000;
+
+      # Adds me to some default groups, and creates the home dir
+      isNormalUser = true;
+
+      # Picked up by our persistence module
+      homeMode = "700";
+
+      # Add user to the following groups
+      extraGroups = [
+        "wheel" # Access to sudo
+        "lp" # Printers
+        "audio" # Audio devices
+        "video" # Webcam and the like
+        "network" # wpa_supplicant
+        "syncthing" # syncthing!
+      ];
+
+      hashedPasswordFile = config.sops.secrets.pilot_password.path;
+      shell = pkgs.fish;
+    };
+    # }}}
+  };
+
+  # {{{ Set user-specific ssh permissions
+  # This is mainly useful because home-manager can often fail if the perms on
+  # `~/.ssh` are incorrect.
+  systemd.tmpfiles.rules =
+    let
+      user = config.users.users.pilot;
+      root = "/persist/state/${user.home}/ssh";
+    in
+    [
+      "d ${root}                 0755 ${user.name} ${user.group}"
+      "d ${root}/.ssh            0755 ${user.name} ${user.group}"
+      "z ${root}/.ssh/id_*.pub   0755 ${user.name} ${user.group}"
+      "z ${root}/.ssh/id_rsa     0700 ${user.name} ${user.group}"
+      "z ${root}/.ssh/id_ed25519 0700 ${user.name} ${user.group}"
+    ];
+  # }}}
+}
--- a/hosts/nixos/common/optional/xorg/xmonad/Main.hs
+++ b/hosts/nixos/common/optional/xorg/xmonad/Main.hs
@ -43,7 +43,7 @@ main =
      [ ("M-p", spawn "rofi -show drun"),
        ("M-g", spawn myBrowser),
        ("M-d", spawn "Discord"),
-        ("M-v", spawn "wezterm start vimclip"),
+        ("M-v", spawn "$TERMLAUNCH vimclip"),
        ("M-s", spawn "spectacle -rcb"),
        ("M-S-s", spawn "spectacle -mcb"),
        ("M-C-s", spawn "spectacle -ucb"),
@ -61,7 +61,7 @@ main =
    myLayoutHook = spacingHook layouts

    startupApps = []
-    -- [ (0, "wezterm"),
+    -- [ (0, "$TERMSTART"),
    --   (1, "firefox"),
    --   (2, "Discord")
    -- ]
--- a/hosts/nixos/common/optional/xorg/xmonad/default.nix
+++ b/hosts/nixos/common/optional/xorg/xmonad/default.nix
@ -1,6 +1,9 @@
 { config, ... }:
 {
-  imports = [ ../xserver.nix ../touchpad.nix ];
+  imports = [
+    ../xserver.nix
+    ../touchpad.nix
+  ];
  services.xserver = {
    enable = true;

@ -9,13 +12,11 @@
      enable = true;
      enableContribAndExtras = true;

-      config = builtins.readFile (config.lib.stylix.colors {
-        template = builtins.readFile ./Main.hs;
-      });
+      # TODO: substitute the missing $TERM* variables
+      config = builtins.readFile (config.lib.stylix.colors { template = builtins.readFile ./Main.hs; });
    };

    # Proper wallpaper zooming
    desktopManager.wallpaper.mode = "fill";
  };
 }
-
--- a/hosts/nixos/common/secrets.yaml
+++ b/hosts/nixos/common/secrets.yaml
@ -1,4 +1,5 @@
-wireless: ENC[AES256_GCM,data:Ib0PdBd2r/DPyE6Ah9NffT8Tw8c2y+seGFrE0e9GkyRaStdYMiiIlWCiaBO0u1HHaVV+2MQ33MnMdqyCGRlqGk45kl0GIwVR5iAiSYnobj/6wcse+kx/+5mzNOHXD1kJRGJBm5+SN9ntiGABNkQXJdn/Qoc/ukY1uaGe2nBeFKmGdD9JL7KfgdI5jYjQYyDbCL9JUszxkXNcplIRBAAy8JDaBVeo9HgI0QDIZToPKwuEeQoA9XzdimrjbCazlZy3ZvjAuoQXmrc1nIRHF5GabSRGTFTnTfcBeW2fGpUxmIhLyucn2DIQBXLm+RDdMLWoqcGbKiLVqKyUXck3ZZyoHMf2b9N52xMUwcS7,iv:ozkDwWmurWTD8TZHGvWL9Yh8cOrP1PzSBkz+1bBZybo=,tag:iGPjRaOoGRcOWJMweTL2yA==,type:str]
+wireless: ENC[AES256_GCM,data:uHQOb3ilMi0kHsLFz9QZpSiYB6w9cTjCKwBN+TONY+H4arV4EUxzTottEDKQAFZbrNIeq2BU22QpfYMdmiH/6QiODLybWDJQ4fG3L2RzzUTlqZ9uL/uvkRmIXVh9Y4yHn9F+HftYvUaPgKEuVtHfqWleNCjOl6caKZcWEGM0/ow4nGcEfpT5PZsFn27yzKpcVn8A6XUJLTGhdvSSnkixauybEsQh9IszESVb44QYabjEemB7w05bBHn3R148OqDXaBs4LdrDQNjEIJlGTaMeE4WRrRMXu6DMcYexUFRUHZQBJ+RbOkL+qh0U2127AoC7lUTSO0isHw+LG1U78he80sQzvqBBAeK3Crgk,iv:Rmqsj4j69JEKkmuJTn7+JR9q72Fx+Ko7DZeGakxPCFc=,tag:zKXYbjdvgCkvuZLQEubt9g==,type:str]
+eduroam_pass: ENC[AES256_GCM,data:MFEwZVi9zF3N67sqGtTY,iv:oxwpPaXZlzHv7BEZhAnT+/Tr3QGm15d6suGMaV1W7Kw=,tag:0G/wXkjNkfh8mjpXBJxaxA==,type:str]
 pilot_password: ENC[AES256_GCM,data:PiKJCv5x68O9HFM4UvqLnsSPtqFslBLeAg67OkvFAbw7WaqbXh/p5SQblhPHcJ7jQDc4kI3XesOxruZrfJ0aZNDV1g7MWecgKg==,iv:EVs/m83Zfx2NRQMO52cF6pCe1ETpYfaR6lmXg2Na/DI=,tag:dl2x1aTsaTgtHEZYdW2lmg==,type:str]
 cloudflare_dns_api_token: ENC[AES256_GCM,data:QlLxQ/4AQsdqdWJC//FRgbMRqR0Ni51JgCDlyXfNe4pfPtiPs+Gb6Q==,iv:7SS+EzeHk0J1DzVvKxd40AuZUidV2asoQbSr5vyxl+U=,tag:T1KGXOsZ26sICYbrcmU8+w==,type:str]
 backup_password: ENC[AES256_GCM,data:Tu7ODTALfQLX7Mbo/BqiM6gaErGv07urwN1iHwGgurKWDuuE1h5NMV5J0cJqW6orTIloVtoZTJgSJ2lZlMcfUQ==,iv:78ha833ZzgEDChIuGjCMVA89U4qY9lWqUmfPCiiQeQM=,tag:u8KWw/060UVP+OOoPhbjRA==,type:str]
@ -11,32 +12,59 @@ sops:
        - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbzNLcXFBcTlIM3hjZTN0
-            bTFZUDJnS3lROExSREVkd0FMeHU3RGVWdzJnCkszOVROZlBmZWl2cjFkcTZ1OWZw
-            eThXSTliNmxHM3o3NzhUOUkvU0YzNzgKLS0tIHBWSmRTTlJBdmlKQy9YWHR0NGds
-            ak5kUFRJK3JCcUYvSFY2eGtIOTk3RkkKl3yBZjjBExU9RoZbaKBixfsywqFWFnq4
-            n7olhkNMVIC+BcLYno0oIT2oILASMkE3NbH85IHlYZY2qQvFKDbG7w==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzeDFhc1R1T053aG5sNXRw
+            TG9xY2dSdDFOT1FvOGpteHBuRTlQQTErc3kwClNxSmlXUDB5eXIwSVJUcmxmRkpL
+            RWM5UUI2MHkwd1VvZFIzSGFOQmNyaUkKLS0tIDdQc0VkRUdhbnZvTUlMYmFwT3hU
+            MTc2eVAvN2gycEd0Nm1yT3c0KzVsRTQKABHr4EwjwJBmJGdzanMBk09NjWcXTSFS
+            cHGB28MRArjGsbZiXNM2K6aOjMKKS7uwpa2dwzJn5eds74shvk3ayA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1c1U4OHc4U2VMQUl2Y0FS
+            ekJCcEEwMzhpUXNQa2FVUUFTbnUzTXVRUVRBCnJ0M3I0V0JBUy9uMTd0Rmc3YU1S
+            VFo4eWF4ZGFWaUdyQlVBL1JOUWhPVmsKLS0tIGljbmxJRFdNUU1ISGJFdjdxeUsz
+            S1Z6c3ZsNEhjRHZBMFE1OHdZRzVQdlkK0r71nWgb9JssKfJm7EH2q5vu4uv+yRl3
+            xBVF8eQlxbhIYPrOJtDb4QFFp9qapvP6815/KdzDy1QeMHUWEhm06w==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aExaRC9SclVvT1g4WFI0
-            N1grVzZWWmpPaGEwRmx3TjUyK0dvL0RNdmhjClY5UmI0eWZOTXZqbGFxT05OSnk1
-            RTAyYStRN0NsRnZlWk03eXIrajdiRjQKLS0tIHlMdzBVNFEzR2FuVFZEWStFY1hh
-            MnFiSGt3dWZxWnF3M2FkbTJzSTA2VTAKtD40Gp12vB24Wnr8NvY7/ZWr9XVDF9Bl
-            FUL34R1mpgweNJ1IowFPgQbxsyMTG7iYB4jC50JZNOKJxe9NaeOUlQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSU1HYzFyUlpPc09seXZ4
+            VkFMZlVMU092RnRlaUZvaUwrU1ZkTERKRWlJCjd5S0RHclRtRHI5eGNleGhjVW92
+            ZHFUaVh2a0hSdk56VWJvcVR2dDhPWjAKLS0tIHhyVVJBVlFEMU9yakliZzBlTlF2
+            ditjcmpwc2Nqd2pXbVgrRnlBNUhKVDQK5EvRZNbmhSVObrG+UFxYgvzaR8W57oj7
+            Ns32L0V8epKRvtIoQSg7ZapsBUPXuIx/HBAz4YBS6UDhE6bk7ZTVyg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtK0pFcWlheEwzV3N3bVFQ
-            K3EwNXI5MXQyYld6Z3J1aVNHWlQ4UjlxSzIwCktDbG9iMFRVQnJBenhWVFhLa2N1
-            SWRMR3JLajJscWFqMy84aGNFcy9UK1UKLS0tIEZoT0d2bVJpV3ByWmV0eENZVjM3
-            WFd4ZFNHWG5Cakw5cU9MRE9HWHQ4THMKr/S7v1Oj3zQziMtI/NuFVm6AaJF5JV5U
-            sEr2nEptYFz4G6YL5psQGXHaKzQKBg+crgKRbYL4akhqT7pfYPC0bQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMS1dNV21oK1N2N3hkTDBz
+            cU1uRHF5OHJJdEVPUzhCZVlFQWFrbUJaWlNVCmMzcU9JaGVpZ2U0OXJ5RndPL1lT
+            bko2RzkzVjBMMktEZnE1TmUrRER4R0kKLS0tIGo4U0MyZEtuems2UUE1VUpybTJa
+            dHhScUtHeHZ2Snh2R0lqVjBiaGo5b2cKNyqY5PmCfIhJXja+vNkS/AA7KbuMezMJ
+            0HjbYOrW884uSBXOFTV4TCevX1rxJRh/UqXLSYHVgTQ0oSJR6FBWOg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-07-08T00:25:56Z"
-    mac: ENC[AES256_GCM,data:v+p223kf9JLRMJ6moIpA5wZOemJY0+BSnX30MY8g28RBGaR+I7AbUHOrd+GUPAXLqwfqtrFdPt8pULT+fzuxL4wnlB9NPZxCYFMhSGGj8HysmDuytYXfSD1LZWD9fymE4KuyTZHv7I/coEM/iobbvutu9cmTKN05i1atjeh4B30=,iv:hPiQkvbeFjLyzTNoHMqqPikMPuDvT2X2iAo7JBlEpHY=,tag:fdHvvH+qPrv8UhwIA6aZSA==,type:str]
+        - recipient: age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUk42M1VRMnBlS0lRekMr
+            RzZUY3AxV2lBQXEwdk96RnBvZ2pYSUVydlRvCkRxV2dNTGJ1T2grWC85NXBlbXRT
+            MGpjc3JKZjJac2JTYXQ0TTBIRlgxckEKLS0tIDJNRkgzWUYwOGVMZWY3S3g5b0E2
+            b0RTcURGL2dqWDUvZndXMUZkY1pwNU0K0rp/XCEL2HZpaERLqLAf+f2rc/HAqkuf
+            y0J1w580VL/0IabjK07SZbkpznWdig3P9TKSIpddMRoKGjQp/PSmXA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1r2vlh9tgdmf6r0xj025zun0cvudn2p6jqav84pql8k928newtepq9ttw8z
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDWXhkbXVxdSs4eXlRVlBo
+            NzlNbmpuRHN5QXRqZVQyMEVxeTBrK2VDKzJ3CnBWK05KN0E4RnROREszd0IwNWZ4
+            RVhkOVV4TTVLK2FyZzNDYWdSN3l3emsKLS0tIHBMdFk2RlpIMzFiOXNrRUtpdndO
+            YnQ4SnljYXBBOUZWQisxZTBrcERYZVUKvMK8LbBt482Vs5i+yBE6SmKWiLLIaEwD
+            oSnmItFMeqtW+D1YR+YfODckgKjCuDYoIHmHe0TGYnYZpd/xo0vHTA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-09-11T13:44:03Z"
+    mac: ENC[AES256_GCM,data:uRdBwVDRiagp3Wh8e/JxxVK4p8SE5BardFh8Jin0wDg9VIILzPrYjoqb3qMS10xqrM3QcXy3CfobrogfWLaS2G88FziiUFGm0eSQnq29gGrFDJFOu7zUwGHwFIQ4BaABytj04bLY6u4E1AAEIpaTCs9ODc0c/WS0Cpaad/XtdF0=,iv:dkkH0/cBVk4WjqXgsbhjHMjF2QhcrRlA9ckok83jlfw=,tag:hHobJ9oWlTIo2PQgt6WnTA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/hosts/nixos/common/users/common.nix
+++ b/hosts/nixos/common/users/common.nix
@ -1,21 +0,0 @@
-{
-  authorizedKeys = { outputs, lib }:
-    let
-      # Record containing all the hosts
-      hosts = outputs.nixosConfigurations;
-
-      # Function from hostname to relative path to public ssh key
-      idKey = host: ../../${host}/keys/id_ed25519.pub;
-    in
-    lib.pipe hosts [
-      # attrsetof host -> attrsetof path
-      (builtins.mapAttrs
-        (name: _: idKey name)) # string -> host -> path
-
-      # attrsetof path -> path[]
-      builtins.attrValues
-
-      # path[] -> path[]
-      (builtins.filter builtins.pathExists)
-    ];
-}
--- a/hosts/nixos/common/users/guest.nix
+++ b/hosts/nixos/common/users/guest.nix
@ -1,13 +0,0 @@
-# For more comments check out [pilot](./pilot.nix)
-{ pkgs, outputs, lib, ... }:
-{
-  users.mutableUsers = false;
-  users.users.guest = {
-    isNormalUser = true;
-    shell = pkgs.fish;
-    extraGroups = [ "wheel" "audio" "video" "network" "tty" ];
-    password = "heyo";
-    openssh.authorizedKeys.keyFiles =
-      (import ./common.nix).authorizedKeys { inherit outputs lib; };
-  };
-}
--- a/hosts/nixos/common/users/pilot.nix
+++ b/hosts/nixos/common/users/pilot.nix
@ -1,44 +0,0 @@
-{ pkgs, outputs, config, lib, ... }:
-{
-  satellite.pilot.name = "adrielus";
-
-  sops.secrets.pilot_password = {
-    sopsFile = ../secrets.yaml;
-    neededForUsers = true;
-  };
-
-  users = {
-    # Configure users through nix only
-    mutableUsers = false;
-
-    users.pilot = {
-      inherit (config.satellite.pilot) name;
-
-      # This gets referenced in other parts of the config
-      uid = 1000;
-
-      # Adds me to some default groups, and creates the home dir 
-      isNormalUser = true;
-
-      # Picked up by our persistence module
-      homeMode = "700";
-
-      # Add user to the following groups
-      extraGroups = [
-        "wheel" # Access to sudo
-        "lp" # Printers
-        "audio" # Audio devices
-        "video" # Webcam and the like
-        "network" # wpa_supplicant
-        "syncthing" # syncthing!
-      ];
-
-
-      hashedPasswordFile = config.sops.secrets.pilot_password.path;
-      shell = pkgs.fish;
-
-      openssh.authorizedKeys.keyFiles =
-        (import ./common.nix).authorizedKeys { inherit outputs lib; };
-    };
-  };
-}
--- a/hosts/nixos/euporie/default.nix
+++ b/hosts/nixos/euporie/default.nix
@ -1,20 +0,0 @@
-{ lib, ... }: {
-  imports = [
-    ../common/global
-    ../common/users/guest.nix
-
-    ../common/optional/greetd.nix
-    ../common/optional/pipewire.nix
-    ../common/optional/desktop/xdg-portal.nix
-    ../common/optional/wayland/hyprland.nix
-  ];
-
-  # Usually included in the hardware-configuration
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-
-  # Set the name of this machine!
-  networking.hostName = "euporie";
-
-  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
-  system.stateVersion = "22.11";
-}
--- a/hosts/nixos/iso/default.nix
+++ b/hosts/nixos/iso/default.nix
@ -0,0 +1,74 @@
+# See the wiki for more details https://wiki.nixos.org/wiki/Creating_a_NixOS_live_CD
+#
+# Can be built with
+# nix build .#nixosConfigurations.iso.config.system.build.isoImage
+{
+  modulesPath,
+  inputs,
+  outputs,
+  pkgs,
+  ...
+}:
+{
+  # {{{ Imports
+  imports = builtins.attrValues outputs.nixosModules ++ [
+    "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
+
+    inputs.sops-nix.nixosModules.sops
+
+    ../common/global/cli/fish.nix
+    ../common/optional/services/wpa_supplicant.nix
+    ../common/optional/services/kanata.nix
+  ];
+  # }}}
+  # {{{ Automount hermes
+  fileSystems."/hermes" = {
+    device = "/dev/disk/by-uuid/41311200-3403-4324-9ad3-4fc45a061152";
+    neededForBoot = true;
+    options = [
+      "nofail"
+      "x-systemd.automount"
+    ];
+  };
+  # }}}
+  # {{{ Nix config
+  nix = {
+    # Flake support and whatnot
+    package = pkgs.lix;
+
+    # Enable flakes and new 'nix' command
+    settings.experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+  };
+  # }}}
+  #  {{{ SSH keys
+  users.users.pilot.openssh.authorizedKeys.keyFiles = [
+    ../calypso/keys/id_ed25519.pub
+    ../lapetus/keys/id_ed25519.pub
+    ../tethys/keys/id_ed25519.pub
+  ];
+  #  }}}
+  #  {{{ Install some packages
+  environment.systemPackages =
+    let
+      cloneConfig = pkgs.writeShellScriptBin "liftoff" ''
+        git clone git@github.com:prescientmoon/everything-nix.git
+        cd everything-nix
+      '';
+    in
+    with pkgs;
+    [
+      sops # Secret editing
+      neovim # Text editor
+      cloneConfig # Clones my nixos config from github
+    ];
+  #  }}}
+
+  # Tell sops-nix to use the hermes keys for decrypting secrets
+  sops.age.sshKeyPaths = [ "/hermes/secrets/hermes/ssh_host_ed25519_key" ];
+
+  # Fast but bad compression
+  # isoImage.squashfsCompression = "gzip -Xcompression-level 1";
+}
--- a/hosts/nixos/lapetus/default.nix
+++ b/hosts/nixos/lapetus/default.nix
@ -1,14 +1,21 @@
-{ config, ... }: {
+{ config, ... }:
+{
+  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+  system.stateVersion = "23.05";
+
+  # {{{ Imports
  imports = [
    ../common/global
-    ../common/users/pilot.nix
+    ../common/optional/users/pilot.nix
    ../common/optional/oci.nix
+    ../common/optional/services/tailscale.nix
    ../common/optional/services/acme.nix
    ../common/optional/services/kanata.nix
    ../common/optional/services/nginx.nix
    ../common/optional/services/postgres.nix
    ../common/optional/services/syncthing.nix
    ../common/optional/services/restic
+    ../common/optional/services/wpa_supplicant.nix

    # ./services/commafeed.nix
    # ./services/ddclient.nix
@ -19,7 +26,7 @@
    ./services/grafana.nix
    ./services/guacamole
    ./services/homer.nix
-    ./services/intray.nix
+    # ./services/intray.nix
    ./services/invidious.nix
    ./services/jellyfin.nix
    ./services/jupyter.nix
@ -30,7 +37,7 @@
    ./services/qbittorrent.nix # turned on/off depending on whether my vpn is paid for
    ./services/radicale.nix
    ./services/redlib.nix
-    ./services/smos.nix
+    # ./services/smos.nix
    ./services/vaultwarden.nix
    ./services/whoogle.nix
    ./services/zfs.nix
@ -38,19 +45,13 @@
    ./filesystems
    ./hardware
  ];
-
-  # Machine ids
+  # }}}
+  # {{{ Machine ids
  networking.hostName = "lapetus";
  networking.hostId = "08357db3";
  environment.etc.machine-id.text = "d9571439c8a34e34b89727b73bad3587";
-
-  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
-  system.stateVersion = "23.05";
-
-  # Bootloader
-  boot.loader.systemd-boot.enable = true;
-
-  # Tailscale internal IP DNS records
+  # }}}
+  # {{{ Tailscale internal IP DNS records
  satellite.dns.records = [
    {
      at = config.networking.hostName;
@ -63,4 +64,16 @@
      value = "fd7a:115c:a1e0::e75d:883b";
    }
  ];
+  # }}}
+  # {{{ SSH keys
+  users.users.pilot.openssh.authorizedKeys.keyFiles = [
+    ../calypso/keys/id_ed25519.pub
+    ../tethys/keys/id_ed25519.pub
+  ];
+
+  users.users.root.openssh.authorizedKeys.keyFiles =
+    config.users.users.pilot.openssh.authorizedKeys.keyFiles;
+  # }}}
+
+  boot.loader.systemd-boot.enable = true;
 }
--- a/hosts/nixos/lapetus/hardware/default.nix
+++ b/hosts/nixos/lapetus/hardware/default.nix
@ -2,7 +2,6 @@
 {
  imports = with inputs.nixos-hardware.nixosModules; [
    common-cpu-intel
-    common-gpu-intel
    common-pc-laptop
    common-pc-laptop-hdd
    common-pc-hdd
--- a/hosts/nixos/lapetus/secrets.yaml
+++ b/hosts/nixos/lapetus/secrets.yaml
@ -18,20 +18,38 @@ sops:
        - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcjFoRm1WNW9jOUJjUC9W
-            NmxhWGRjWlFHd2tRaXJ6WnpaaWlxSFQ0RlZnCllVNTZ0b0MvL0VURDhQRUE1dDdW
-            L1NkYzBRRDFLcFpwTTgzRnphLy9GT00KLS0tIFcvU2ZUQ21FZU1NTEFJaHRTVjV3
-            eU1YeEZIOTJKa3I4c3ZwbVdPMlBLbmMKCBhopcTXWiAwR8ACyDf+P11SYcPrPSSv
-            QRPJ6I8Y1Lc7KTCbkO8zW2hBb6fdbvWBJQtW0rOfCuGQ831OyArr0w==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIa2V4QmJURmVNYVRlTmdJ
+            ZTQ3dGlpY1J4Z2ZCZ2pmR1pmZU10aTR2S3h3CjRUeEZ3NmZWSXlZWjFaUis3bXNF
+            VUhFUlFRTGROL01JWjJCTEVCSDZSQkUKLS0tIEZTT2Yza1NCN3hDYVlyYll0TUVG
+            OUdPK0VPL2pzcTVZenhGVXRlZ1JsQUEKApVFIAhjYXsc9YCwR+BM3ZAt+Q7cvAqF
+            N6oYq31BaPXdEjc1UPoSYBfbyonTSlf3cK66c2Pq2as2Y7YDUmX6QA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnaUl6ZkFyWGh5YVRxTFgy
+            WEI1R0NGMjREeG83M2g3blA5S1NidjUxTVQ0ClVWeTVscXpuanF0NXhKNlhPZWRZ
+            aUd0akJzYTN3QUdzZUhGbXp4bWliVEkKLS0tIGdudUJVM2ZKbDlGSHc1ZC8va3FJ
+            Um1vUVRob0phckdJQ1ZmaFR6WEUyTWMKzDa1gfFbNJZlfk48nGynqG0bvzFQDo07
+            5xKDzvxIbPlWTufH0vGlOjmA7d8JF718cTE6DQ9z9hCynLiwEfhJzQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGV2VmdmJ2QlVVbUF6MUtt
-            dzZFUGJFS3cyKzlTTHJiWjlqRmJkUm04WXh3CktSdGRIUWxJRU5oVVdkUTFwaEZr
-            M1Y4NnRtclZVTkltOHNjNXAxVW9yaFEKLS0tIGlRYjgwd0FkN0FBU1RSQjRnVWpW
-            RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U
-            lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHVHFpZ0NRTGpsM0t5TnZV
+            c1NidmZXTnh6Tm5hNzJsVGx6bmRPNStyNFY0CkhqU2JYcXVjVGdPNXVlVk0wUmJ3
+            K0k2NWRPZUM3Zmd1NTBhUVVLcHhGV1kKLS0tIEtIRWtZdWQ0ZjczYmM3Z1NIc2ZT
+            bHhJU0p0VkUzQUhwcFVsQS9CdlFFUGMKgc22KPc4yYIlqkUoBLmtlMhUkU3Pq+Qq
+            ZnrabCP+uw4oNplel8VEUgICuGuVv4xasAzSVJYu0wlCee7GkBtGRw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1r2vlh9tgdmf6r0xj025zun0cvudn2p6jqav84pql8k928newtepq9ttw8z
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZVVtTHFoZXJKUjlxZmpr
+            aVJJM0MxdzRkZFdMd212bFhQOC9VMU1udjJBCmxpOWV4TlRuZHdNUU8zNmwwdGJl
+            cE5sd2N4WGRlSVZPL1BCVW51NnZQb2sKLS0tIDVmTHdCNnVQTjRmRUhTMS9kbndN
+            RkpibTJpVzVtR0txL1dHbmFkdlkvUk0KDgqO8c7CggeXhEMzx/tcLqtMG6MmuOi/
+            UmG9eSUO9im0Q7q7FG4Z+/lZ7+Iu15Dj8qA2/5MtDYPW+vxN3gzZrg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-06-13T14:52:30Z"
    mac: ENC[AES256_GCM,data:EXVbpc8P8SzTSYw0TWwJBEWYZRpGOAXm4wFS0JbzeiNaWEybZk6Y07Vr5tyaEWucpu52VxLrVwoZn8YSdF9JPAHtTQYYY35MccBkB01+GVXpVDQfxCG9UNYO24qExNboQIs5QRWmtaX7zTbut+ETcOFKHlkqR9g95PZQhsNZx4c=,iv:1Bu9g4/V2ixRvJJBijlkdNO9pdoR+qwDGTeUgr24dsg=,tag:gyF34lCSbF0It4KPmtQYJA==,type:str]
--- a/hosts/nixos/lapetus/services/forgejo.nix
+++ b/hosts/nixos/lapetus/services/forgejo.nix
@ -7,6 +7,10 @@
  };

  satellite.cloudflared.at.git.port = config.satellite.ports.forgejo;
+  satellite.cloudflared.at."ssh.git" = {
+    protocol = "ssh";
+    port = config.satellite.ports.forgejo-ssh;
+  };

  services.forgejo = {
    enable = true;
@ -29,6 +33,8 @@
        HTTP_PORT = config.satellite.cloudflared.at.git.port;
        ROOT_URL = config.satellite.cloudflared.at.git.url;
        LANDING_PAGE = "prescientmoon"; # Make my profile the landing page
+        SSH_DOMAIN = config.satellite.cloudflared.at."ssh.git".host;
+        SSH_PORT = config.satellite.ports.forgejo-ssh;
      };

      cron.ENABLED = true;
@ -45,9 +51,7 @@
      repository = {
        DISABLE_STARS = true;
        DISABLED_REPO_UNITS = "";
-        DEFAULT_REPO_UNITS = lib.strings.concatStringsSep "," [
-          "repo.code"
-        ];
+        DEFAULT_REPO_UNITS = lib.strings.concatStringsSep "," [ "repo.code" ];
      };
    };
  };
--- a/hosts/nixos/lapetus/services/invidious.nix
+++ b/hosts/nixos/lapetus/services/invidious.nix
@ -1,4 +1,5 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, ... }:
+{
  sops.secrets.invidious_hmac_key.sopsFile = ../secrets.yaml;
  sops.templates."invidious_hmac_key.json" = {
    content = ''{ "hmac_key": "${config.sops.placeholder.invidious_hmac_key}" }'';
@ -18,21 +19,18 @@
      admins = [ "prescientmoon" ];
      default_user_preferences = {
        default_home = "Subscriptions";
-        comments = [ "youtube" "reddit" ];
+        comments = [
+          "youtube"
+          "reddit"
+        ];
        save_player_pos = true;
        automatic_instance_redirect = true;
      };
+
+      # The error when updating to 24.05 asked me to set this
+      db.user = "invidious";
    };

-    # REASON: the current invidious is broken, and cannot play videos
-    package = pkgs.invidious.overrideAttrs (_oldAttrs: {
-      src = pkgs.fetchFromGitHub {
-        owner = "iv-org";
-        repo = "invidious";
-        fetchSubmodules = true;
-        rev = "eda7444ca46dbc3941205316baba8030fe0b2989";
-        sha256 = "0iafxgb93jxx9ams6ll2yx8il4d7h89a630hcx9y8jj4gn3ax7v1";
-      };
-    });
+    package = pkgs.invidious;
  };
 }
--- a/hosts/nixos/lapetus/services/jupyter.nix
+++ b/hosts/nixos/lapetus/services/jupyter.nix
@ -1,15 +1,22 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 let
  # {{{ Jupyterhub/lab env
-  appEnv = pkgs.python3.withPackages (p: with p; [
+  appEnv = pkgs.python3.withPackages (
+    p: with p; [
      jupyterhub
      jupyterlab
      jupyterhub-systemdspawner
      jupyter-collaboration
      jupyterlab-git
-  ]);
-  # }}}
+    ]
+  );
 in
+# }}}
 {
  systemd.services.jupyterhub.path = [
    pkgs.texlive.combined.scheme-full # LaTeX stuff is useful for matplotlib
@ -25,8 +32,8 @@ in

    # {{{ Spwaner & auth config
    extraConfig = ''
-      c.Authenticator.allowed_users = {'adrielus', 'javi'}
-      c.Authenticator.admin_users = {'adrielus'}
+      c.Authenticator.allowed_users = {'${config.users.users.pilot.name}', 'javi'}
+      c.Authenticator.admin_users = {'${config.users.users.pilot.name}'}

      c.Spawner.notebook_dir='${config.users.users.pilot.home}/projects/notebooks'
      c.SystemdSpawner.mem_limit = '2G'
@ -35,13 +42,18 @@ in
    # }}}
    # {{{ Python 3 kernel
    kernels.python3 =
-      let env = (pkgs.python3.withPackages (p: with p; [
+      let
+        env = (
+          pkgs.python3.withPackages (
+            p: with p; [
              ipykernel
              numpy
              scipy
              matplotlib
              tabulate
-      ]));
+            ]
+          )
+        );
      in
      {
        displayName = "Numerical mathematics setup";
--- a/hosts/nixos/lapetus/services/zfs.nix
+++ b/hosts/nixos/lapetus/services/zfs.nix
@ -1,4 +1,5 @@
-{ config, ... }: {
+{ config, ... }:
+{
  # {{{ Zfs config
  services.zfs = {
    trim.enable = true;
@ -36,12 +37,4 @@
    # }}}
  };
  # }}}
-  # {{{ Syncoid 
-  # Automatically sync certain snapshot to rsync.net
-  services.syncoid = {
-    enable = true;
-    commands."zroot/root/persist/data".target = "root@rsync.net:zroot/root/persist/data";
-    commands."zroot/root/persist/state".target = "root@rsync.net:zroot/root/persist/state";
-  };
-  # }}}
 }
--- a/hosts/nixos/tethys/default.nix
+++ b/hosts/nixos/tethys/default.nix
@ -1,89 +1,65 @@
-{ config, lib, pkgs, ... }: {
-  # {{{ Imports
-  imports = [
-    ../common/global
-    ../common/users/pilot.nix
-
-    ../common/optional/pipewire.nix
-    ../common/optional/bluetooth.nix
-    ../common/optional/greetd.nix
-    ../common/optional/quietboot.nix
-    ../common/optional/desktop/steam.nix
-    ../common/optional/desktop/xdg-portal.nix
-    ../common/optional/wayland/hyprland.nix
-    ../common/optional/services/kanata.nix
-    ../common/optional/services/restic
-
-    ./hardware
-    ./boot.nix
-    ./services/syncthing.nix
-  ];
-  # }}}
-
+{ pkgs, config, ... }:
+{
  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
  system.stateVersion = "22.11";

-  services.mullvad-vpn.enable = true;
+  # {{{ Imports
+  imports = [
+    ../common/global

+    ../common/optional/users/pilot.nix
+    ../common/optional/bluetooth.nix
+    ../common/optional/greetd.nix
+    ../common/optional/oci.nix
+    ../common/optional/quietboot.nix
+
+    ../common/optional/desktop
+    ../common/optional/desktop/steam.nix
+    ../common/optional/wayland/hyprland.nix
+
+    ../common/optional/services/wpa_supplicant.nix
+    ../common/optional/services/tailscale.nix
+    ../common/optional/services/kanata.nix
+    ../common/optional/services/restic
+    ../common/optional/services/nginx.nix
+    ./services/syncthing.nix
+
+    ./hardware
+    ./boot.nix
+  ];
+  # }}}
  # {{{ Machine ids
  networking.hostName = "tethys";
  environment.etc.machine-id.text = "08357db3540c4cd2b76d4bb7f825ec88";
  # }}}
-  # {{{ A few ad-hoc hardware settings
-  hardware.enableAllFirmware = true;
-  hardware.opengl.enable = true;
-  hardware.opentabletdriver.enable = true;
-  hardware.keyboard.qmk.enable = true;
-  powerManagement.cpuFreqGovernor = "ondemand";
-  services.tlp.enable = true;
-  services.thermald.enable = true;
-  # }}}
  # {{{ A few ad-hoc programs
  programs.kdeconnect.enable = true;
  programs.firejail.enable = true;
-  programs.extra-container.enable = true;
-  virtualisation.docker.enable = true;
-  virtualisation.waydroid.enable = true;
-  # virtualisation.spiceUSBRedirection.enable = true; # This was required for the vm usb passthrough tomfoolery
-  # }}}
-  # {{{ Ad-hoc stylix targets
-  # TODO: include this on all gui hosts
-  # TODO: is this useful outside of home-manager?
-  stylix.targets.gtk.enable = true;
-  # }}}
-  # {{{ Some ad-hoc site blocking
-  networking.extraHosts =
-    let
-      blacklisted = [
-        # "twitter.com"
-        # "www.reddit.com"
-        "minesweeper.online"
-      ];
-      blacklist = lib.concatStringsSep "\n" (lib.forEach blacklisted (host: "127.0.0.1 ${host}"));
-    in
-    blacklist;
-  # }}}
+  services.mullvad-vpn.enable = true;

  services.mysql = {
    enable = true;
    package = pkgs.mysql80;
  };
-
-  programs.dconf.enable = true;
-  services.gnome.evolution-data-server.enable = true;
-  services.gnome.gnome-online-accounts.enable = true;
-
-  # Tailscale internal IP DNS records
+  # }}}
+  # {{{ Ad-hoc stylix targets
+  stylix.targets.gtk.enable = true;
+  # }}}
+  # {{{ Tailscale internal IP DNS records
  satellite.dns.records = [
-    # {
-    #   at = config.networking.hostName;
-    #   type = "A";
-    #   value = "100.93.136.59";
-    # }
-    # {
-    #   at = config.networking.hostName;
-    #   type = "AAAA";
-    #   value = "fd7a:115c:a1e0::e75d:883b";
-    # }
+    {
+      at = config.networking.hostName;
+      type = "A";
+      value = "100.93.136.59";
+    }
+    {
+      at = config.networking.hostName;
+      type = "AAAA";
+      value = "fd7a:115c:a1e0::e75d:883b";
+    }
  ];
+  # }}}
+  # {{{ SSH keys
+  users.users.pilot.openssh.authorizedKeys.keyFiles = [ ../calypso/keys/id_ed25519.pub ];
+  # }}}
 }
--- a/hosts/nixos/tethys/hardware/default.nix
+++ b/hosts/nixos/tethys/hardware/default.nix
@ -1,10 +1,28 @@
 { inputs, ... }:
 {
+  # {{{ Imports
  imports = with inputs.nixos-hardware.nixosModules; [
    common-cpu-intel
-    common-gpu-intel
+    # common-gpu-intel # This leads to a "prop ... defined twice" error
    common-pc-laptop
    common-pc-ssd
    ./generated.nix
  ];
+  # }}}
+  # {{{ Misc
+  hardware.enableAllFirmware = true;
+  hardware.opengl.enable = true;
+  hardware.opentabletdriver.enable = true;
+  hardware.keyboard.qmk.enable = true;
+  # }}}
+  # {{{ Power management
+  powerManagement.cpuFreqGovernor = "performance";
+  services.tlp = {
+    enable = true;
+    settings = {
+      CPU_SCALING_GOVERNOR_ON_BAT = "performance";
+      CPU_SCALING_GOVERNOR_ON_AC = "performance";
+    };
+  };
+  # }}}
 }
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
prescientmoon	78198f18b2	Add tailscale internal dns entries to all the hosts	2024-10-11 13:18:05 +02:00
prescientmoon	52d0513ab3	Fix lapetus invidous db user	2024-10-11 12:44:13 +02:00
prescientmoon	f64c0e35bf	Fix lapetus again - remove lapetus home manager usage - try to fix nixos hardware import error	2024-10-11 12:40:05 +02:00
prescientmoon	5f8f646ae1	Fix tethys	2024-10-11 12:20:59 +02:00
prescientmoon	1e511f9e04	Too many changes - edopro - fix resstic & rsync setup - prepare lapetus redeploy - ...more I forgot about (should've commited more times...)	2024-10-11 12:16:46 +02:00
prescientmoon	5926fbaf5f	Update readme	2024-09-24 06:30:00 +02:00
prescientmoon	5230faf7c4	Uhhhh, lots of changes I forgot to push earlier	2024-09-24 05:41:40 +02:00
prescientmoon	de5e4fe049	Make zathura the default for opening pdf files	2024-09-18 09:28:18 +02:00
prescientmoon	a94ba0499d	Set up forgejo ssh	2024-09-11 16:30:19 +02:00
prescientmoon	861f2e81e2	Connect to eduroam via iwd declaratively	2024-09-11 15:59:57 +02:00
prescientmoon	7c7e067c1a	Some neovim changes I forgot about	2024-09-11 15:59:50 +02:00
prescientmoon	2eb3151562	Format rebuild script a bit	2024-09-11 15:59:23 +02:00
prescientmoon	04a66f7f98	Clean up home dir a bit	2024-09-01 00:15:33 +02:00
prescientmoon	c0a5d1f8cc	Allow choosing between iwd and wpa_supplicant	2024-08-31 18:38:31 +02:00
prescientmoon	0a2f22b0af	Remove htop Additionally, tweak restic a bit and add more comments there	2024-08-30 01:20:13 +02:00
prescientmoon	366ed55d6f	Disable lazygit popup It keps popping up over and over again (because of impermanence)	2024-08-30 01:13:01 +02:00
prescientmoon	8ff62cb40d	Lots of changes, I guess...	2024-08-30 01:10:41 +02:00
prescientmoon	f02308a40e	Fix systemd `after` for rollback	2024-08-28 01:05:39 +02:00
prescientmoon	efeb877394	New partition rollback mechanism!	2024-08-28 00:52:27 +02:00
prescientmoon	9d6964d0f1	Fix ssh persmissions (last take)	2024-08-28 00:18:45 +02:00
prescientmoon	819dfd483f	Fix ssh permissions (take 6)	2024-08-28 00:14:16 +02:00
prescientmoon	ec239297dd	Fix ssh permissions (take 5)	2024-08-28 00:10:02 +02:00
prescientmoon	bdb0aab8a1	Make calypso non-minimal again	2024-08-27 23:47:44 +02:00
prescientmoon	75425faa20	Fix ssh permissions (take 4)	2024-08-27 23:35:21 +02:00
prescientmoon	b6118974ec	Fix ssh permissions (take 3)	2024-08-27 23:28:37 +02:00
prescientmoon	e3147858c3	Fix ssh persmissions (take 2)	2024-08-27 23:15:18 +02:00
prescientmoon	b655497e4d	Set up backup file extension for HM	2024-08-27 23:05:59 +02:00
prescientmoon	95336a2c37	Fix ~/.ssh permisions	2024-08-27 23:01:36 +02:00
prescientmoon	d650f153a1	Update iso again	2024-08-27 22:11:56 +02:00
prescientmoon	1b962254d1	Regenerate hermes key	2024-08-27 21:56:19 +02:00
prescientmoon	141b023739	Simplify iso	2024-08-27 21:32:51 +02:00
prescientmoon	c13f4b9c11	Make calypso minimal one last time	2024-08-27 20:55:57 +02:00
prescientmoon	19d2ef374c	New rollback script	2024-08-27 20:52:29 +02:00
prescientmoon	c217465409	Fix changed partition names	2024-08-27 16:36:17 +02:00
prescientmoon	b95a4e55c2	A lot of iso changes	2024-08-27 16:28:49 +02:00
prescientmoon	2b2e74a75d	Add emojis to more scripts	2024-08-27 13:54:32 +02:00
prescientmoon	1b180a8a25	Improve custom iso	2024-08-27 13:30:17 +02:00
prescientmoon	2357c5d3d6	Finalize calypso install!	2024-08-26 23:30:04 +02:00
prescientmoon	b67cf3fde7	Add generated hardware config for calypso	2024-08-26 21:28:35 +02:00
prescientmoon	8823274d15	Make calypso less minimal again	2024-08-26 21:24:34 +02:00
prescientmoon	a67c49e605	Update calypso keys	2024-08-26 21:18:39 +02:00
prescientmoon	e2d0f8f0c8	Make callypso even more minimal for now	2024-08-26 20:16:57 +02:00
prescientmoon	4d3e573895	Make calypso more minimal for now	2024-08-26 19:49:12 +02:00
prescientmoon	9d584ec88b	Fix emergency script not reading the disko mode	2024-08-26 19:27:17 +02:00
prescientmoon	3836681223	Fix emergency script arg counting	2024-08-26 19:25:44 +02:00
prescientmoon	c26282c605	Update emergency script to support more than one host	2024-08-26 19:22:16 +02:00
prescientmoon	b9ba99c6f4	Update emergency script	2024-08-26 19:17:13 +02:00
prescientmoon	896bd7b217	Update catppuccin hashes	2024-08-26 18:40:58 +02:00
prescientmoon	09332ba001	Generate calypso machine ids	2024-08-26 18:21:34 +02:00
prescientmoon	e382175004	Fix HM import in flake.nix	2024-08-26 18:12:43 +02:00
prescientmoon	5eb6987d6c	Auto create blank snapshot using disko	2024-08-26 18:11:59 +02:00
prescientmoon	070a6774ec	Remove blank btrfs auto snapshot	2024-08-26 18:06:28 +02:00
prescientmoon	c4c41ff68a	Fix default calypso disk name	2024-08-26 18:00:25 +02:00
prescientmoon	454aae8f88	Prepare calypso install	2024-08-26 17:38:47 +02:00
prescientmoon	3a4d400fef	Move away from wezterm	2024-08-05 20:31:34 +02:00
prescientmoon	afea4bacd0	Improved nix setup	2024-07-28 20:01:45 +02:00
prescientmoon	a6293a1ba4	Update to nixpgks 24.05	2024-07-26 20:18:26 +02:00
				`@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBwFNYf8q84oGOwiGCXmJqeBPdglTPcWJB9nnLpmS2RG moon@calypso`
				`@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASX1E4WYg5dydret3G0fWYJLQn2oRxNZdHWWaJojW1a root@calypso`
				`@ -0,0 +1 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAfRDNDA5B0YlnR0K5wQ0w6pMl0Pi8WIjanKol5SA615VDye3caBdv3UzxdC221ECIa9bZQcaKt/ncIuj/3fE49W8D0+2wL/1Eruy4ximAVAtLgIMzm+hl/dP3KsyTjUajIUbso08S9PUjtJl8PgmiiEPEppMAo++hwKycn5bRoUywE/VoNgPhAB5sgKaFZiQhPu4q0mZWhikGiaJzKPRi84bP4gCL9/h0slSWP3VmhWE7Vyvyjv6OKHdfjXoJA/AjSd3VogmGnzDWUI5lkwJzkHv/ybie9+7y+0o+wBu4+0lJlchBEq0f6dp9fw0MZRt84DYw8/MFDa+SXq5cO5aAwHARpRYeAHkPIRnwJbxTqn6uDlAdWrIxY8SPXIrrBpfnVSoaH8SJN/spsEoILkqrOpncQi5QP1rY8Bi2zaI13WD1kYsh9l4FqmqvCeawEgN0pedudZf2qqHWD93lDTAWxM7k5rPHSSgnnfsgwE35peBpmepJH8ZNFaBqw+aCvIM= root@calypso
				`@ -0,0 +1 @@`
				`The certificate is taken from the source code of the python script found at [cat.eduroam.org](https://cat.eduroam.org/) for my university, so I assume it's ok to share around?`