Add tailscale internal dns entries to all the hosts

Fix lapetus invidous db user
Fix lapetus again
2024-10-11 13:18:05 +02:00 · 2024-10-11 12:44:13 +02:00 · 2024-10-11 12:40:05 +02:00 · 2024-10-11 12:20:59 +02:00 · 2024-10-11 12:16:46 +02:00 · 2024-09-24 06:30:00 +02:00
132 changed files with 3343 additions and 2655 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,26 +1,38 @@
 keys:
  - &users:
-    - &prescientmoon age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
+    - &prescientmoon_tethys age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
    - &prescientmoon_calypso age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
  - &hosts:
    - &tethys age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
    - &lapetus age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
    - &calypso age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe
    - &hermes age1r2vlh9tgdmf6r0xj025zun0cvudn2p6jqav84pql8k928newtepq9ttw8z
 creation_rules:
  - path_regex: hosts/nixos/common/secrets.yaml
    key_groups:
      - age:
-        - *prescientmoon
+        - *prescientmoon_tethys
        - *prescientmoon_calypso
        - *tethys
        - *lapetus
        - *calypso
        - *hermes
  - path_regex: hosts/nixos/lapetus/secrets.yaml
    key_groups:
      - age:
-        - *prescientmoon
+        - *prescientmoon_tethys
        - *prescientmoon_calypso
        - *lapetus
        - *hermes
  - path_regex: home/features/desktop/wakatime/secrets.yaml
    key_groups:
      - age:
-        - *prescientmoon
+        - *prescientmoon_tethys
        - *prescientmoon_calypso
        - *hermes
  - path_regex: home/features/cli/productivity/secrets.yaml
    key_groups:
      - age:
-        - *prescientmoon
+        - *prescientmoon_tethys
        - *prescientmoon_calypso
        - *hermes
--- a/README.md
+++ b/README.md
@ -6,7 +6,7 @@ In case you are not familiar with nix/nixos, this is a collection of configurati
 ## Features this repository includes:
- Sets up all the apps I use — including git, neovim, fish, tmux, starship, hyprland, anyrun, discord, zathura, wezterm & much more.
+- Sets up all the apps I use — including git, neovim, fish, tmux, starship, hyprland, anyrun, discord, zathura, foot & much more.
 - Sets up my entire homelab — including zfs-based [impermanence](https://grahamc.com/blog/erase-your-darlings), automatic let's-encrypt certificates, tailscale, syncthing, vaultwarden, whoogle, pounce, calico, smos, intray, actual & more.
 - Consistent base16 theming using [stylix](https://github.com/danth/stylix)
 - Declarative secret management using [sops-nix](https://github.com/Mic92/sops-nix)
@ -15,11 +15,11 @@ The current state of this repo is a refactor of my old, messy nixos config, base
 ## Hosts
-This repo's structure is based on the concept of hosts - individual machines configured by me. I'm naming each host based on things in space/mythology (_they are the same picture_). The hosts I have right now are:
+This repo's structure is based on separating configuration into individual hosts - different machines configured by me. Each host is named after things in space/mythology (_they are the same picture_). The hosts I have right now are:
- [tethys](./hosts/nixos/tethys/) — my personal laptop
+- [calypso](./hosts/nixos/calypso/) — my personal laptop
 - [tethys](./hosts/nixos/tethys/) — my previous personal laptop
 - [lapetus](./hosts/nixos/lapetus/) — older laptop running as a server
 - [euporie](./hosts/nixos/euporie/) — barebones host for testing things insdie a VM
 - enceladus — my android phone. Although not configured using nix, this name gets referenced in some places
 ## File structure
@ -28,6 +28,7 @@ This repo's structure is based on the concept of hosts - individual machines con
 | ---------------------------- | --------------------------------------------------- |
 | [common](./common)           | Configuration loaded on both nixos and home-manager |
 | [devshells](./devshells)     | Nix shells                                          |
 | [dns](./dns)                 | Directory for parts of my octodns nix-based wrapper |
 | [docs](./docs)               | Additional documentation regarding my setup         |
 | [home](./home)               | Home manager configurations                         |
 | [hosts/nixos](./hosts/nixos) | Nixos configurations                                |
@ -59,7 +60,8 @@ Here's some things you might want to check out:
 - [Impernanence](https://github.com/nix-community/impermanence) — see the article about [erasing your darlings](https://grahamc.com/blog/erase-your-darlings)
 - [Sops-nix](https://github.com/Mic92/sops-nix) — secret management
 - [disko](https://github.com/nix-community/disko) — format disks using nix
-  - [zfs](https://openzfs.org/wiki/Main_Page) — filesystem
+  - [zfs](https://openzfs.org/wiki/Main_Page) — filesystem (on my server)
  - [btrfs](https://btrfs.readthedocs.io/en/latest/) — filesystem (on my laptop)
 ### Input handling
@ -72,6 +74,7 @@ Here's some things you might want to check out:
  - [Base16 templates](https://github.com/chriskempson/base16-templates-source) — list of base16 theme templates
  - [Catpuccin](https://github.com/catppuccin/catppuccin) — base16 theme I use
  - [Rosepine](https://rosepinetheme.com/) — another theme I use
  - [Gruvbox](https://github.com/morhetz/gruvbox) — yet another theme I use
 - [Hyprland](https://hyprland.org/) — wayland compositor
  - [Wlogout](https://github.com/ArtsyMacaw/wlogout) — wayland logout menu
  - [Hyprpicker](https://github.com/hyprwm/hyprpicker) — hyprland color picker
@ -79,7 +82,7 @@ Here's some things you might want to check out:
  - [Dunst](https://dunst-project.org/) — notification daemon
  - [Wlsunset](https://sr.ht/~kennylevinsen/wlsunset/) — day/night screen gamma adjustments
  - [Anyrun](https://github.com/Kirottu/anyrun) — program launcher
- [Wezterm](https://wezfurlong.org/wezterm/) — terminal emulator
+- [Foot](https://codeberg.org/dnkl/foot) — terminal emulator
 - [Zathura](https://pwmt.org/projects/zathura/) — pdf viewer
 - [Firefox](https://www.mozilla.org/en-US/firefox/) — web browser
 - [Tesseract](https://github.com/tesseract-ocr/tesseract) — OCR engine
@ -132,8 +135,10 @@ Most services are served over [tailscale](https://tailscale.com/), using certifi
 ## Hall of fame
-Includes links to stuff which used to be in the previous section but is not used anymore. Only created this section in June 2023, so stuff I used earlier might not be here. Sorted with the most recently dropped things at the top.
+This section contains links to things which used to be in the previous section but are not used anymore. This section was created in June 2023, hence stuff I dropped earlier might not be here. Moreover, this list is sorted with the most recently dropped things at the top, as a sort of reverse-timeline.
 - [htop](https://htop.dev/) — I switched to [bottom](https://github.com/ClementTsang/bottom), as the interface felt way cleaner
 - [Wezterm](https://github.com/wez/wezterm) — I switched to [Foot](https://codeberg.org/dnkl/foot), as wezterm was laggy, unstable, and kept breaking between releases
 - [Ranger](https://github.com/ranger/ranger) — I switched to [Yazi](https://github.com/sxyazi/yazi)
 - [firenvim](https://glacambre/firenvim) - the concept is cool, but I found the whole thing pretty annoying at times
 - [venn.nvim](https://jbyuki/venn.nvim) — the concept is cool, but I would use it about once a year
--- a/common/fonts.nix
+++ b/common/fonts.nix
@ -1,13 +1,24 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
 {
  stylix.fonts = {
    # monospace = { name = "Iosevka"; package = pkgs.iosevka; };
-    monospace = { name = "Cascadia Code"; package = pkgs.cascadia-code; };
+    monospace = {
-    sansSerif = { name = "CMUSansSerif"; package = pkgs.cm_unicode; };
+      name = "Cascadia Code";
-    serif = { name = "CMUSerif-Roman"; package = pkgs.cm_unicode; };
+      package = pkgs.cascadia-code;
    };
    sansSerif = {
      name = "CMUSansSerif";
      package = pkgs.cm_unicode;
    };
    serif = {
      name = "CMUSerif-Roman";
      package = pkgs.cm_unicode;
    };
    sizes = {
-      desktop = 13;
+      desktop = 15;
-      applications = 15;
+      applications = 17;
      terminal = 25;
    };
  };
 }
--- a/common/themes/default.nix
+++ b/common/themes/default.nix
@ -13,23 +13,23 @@ let
    # {{{ Catppuccin mocha
    catppuccin-mocha = {
      stylix = {
-        image = ./wallpapers/breaking_phos.jpg;
+        image = ./wallpapers/purplecliffs.jpg;
        base16Scheme = base16 "catppuccin-mocha";
        opacity = transparency 0.7;
        polarity = "dark";
      };
-      satellite.rounding.radius = 8.0;
+      satellite.rounding.radius = 8;
    };
    # }}}
    # {{{ Catppuccin latte
    catppuccin-latte = {
      stylix = {
-        image = ./wallpapers/field_diamond.jpg;
+        image = ./wallpapers/needygirloverdose.jpg;
        base16Scheme = base16 "catppuccin-latte";
        opacity = transparency 0.7;
        polarity = "light";
      };
-      satellite.rounding.radius = 8.0;
+      satellite.rounding.radius = 8;
    };
    # }}}
    # {{{ Catppuccin macchiato
@ -40,7 +40,7 @@ let
        opacity = transparency 0.7;
        polarity = "dark";
      };
-      satellite.rounding.radius = 8.0;
+      satellite.rounding.radius = 8;
    };
    # }}}
    # {{{ Rosepine dawn
@ -61,12 +61,12 @@ let
        opacity = transparency 0.7;
        polarity = "light";
      };
-      satellite.rounding.radius = 8.0;
+      satellite.rounding.radius = 8;
      # For this one, I went with a big size, which means the blur just adds a slight gradient to the backgrounds.
      satellite.blur = {
        brightness = 1.05;
-        size = 25.0;
+        size = 25;
      };
    };
    # }}}
@ -78,21 +78,23 @@ let
        opacity = transparency 0.7;
        polarity = "dark";
      };
-      satellite.rounding.radius = 8.0;
+      satellite.rounding.radius = 8;
    };
    # }}}
  };
  # Select your current theme here!
-  currentTheme = themes.gruvbox-light;
+  currentTheme = themes.catppuccin-mocha;
 in
 {
  # We apply the current theme here.
  # The rest is handled by the respective modules!
-  imports = [{
+  imports = [
-    stylix = currentTheme.stylix;
+    {
-    satellite.theming = currentTheme.satellite;
+      stylix = currentTheme.stylix;
-  }];
+      satellite.theming = currentTheme.satellite;
    }
  ];
  # Requires me to manually turn targets on!
  stylix.autoEnable = false;
--- a/common/themes/wallpapers/purplecliffs.jpg
+++ b/common/themes/wallpapers/purplecliffs.jpg
--- a/devshells/default.nix
+++ b/devshells/default.nix
@ -1,9 +1,9 @@
 args: {
  haskell = import ./haskell.nix args;
  lua = import ./lua.nix args;
  purescript = import ./purescript.nix args;
  rwtw = import ./rwtw.nix args;
  typst = import ./typst.nix args;
-  lua = import ./lua.nix args;
+  web = import ./web.nix args;
  bootstrap = import ./bootstrap/shell.nix args;
 }
--- a/devshells/web.nix
+++ b/devshells/web.nix
@ -0,0 +1,7 @@
 { pkgs, ... }:
 pkgs.mkShell {
  packages = with pkgs; [
    typescript
    nodejs
  ];
 }
--- a/dns/common.nix
+++ b/dns/common.nix
@ -2,14 +2,19 @@
 { lib, ... }:
 let
  # {{{ Github pages helper
-  ghPage = at: [{
+  ghPage = at: [
-    inherit at; type = "CNAME";
+    {
-    value = "prescientmoon.github.io.";
+      inherit at;
-  }];
+      type = "CNAME";
      value = "prescientmoon.github.io.";
    }
  ];
  # }}}
  # {{{ Migadu mail DNS setup
-  migaduMail = at: verifyKey:
+  migaduMail =
-    let atPrefix = prefix: if at == "" then prefix else "${prefix}.${at}";
+    at: verifyKey:
    let
      atPrefix = prefix: if at == "" then prefix else "${prefix}.${at}";
    in
    [
      {
@ -61,8 +66,8 @@ let
        ttl = 600;
      }
    ];
  # }}}
 in
 # }}}
 {
  satellite.dns.domain = "moonythm.dev";
  satellite.dns.records = lib.flatten [
--- a/dns/pkgs.nix
+++ b/dns/pkgs.nix
@ -1,4 +1,4 @@
-{ pkgs, self, system, ... }: rec {
+{ pkgs, self, ... }: rec {
  octodns-zones =
    let
      nixosConfigModules = pkgs.lib.mapAttrsToList
@ -19,7 +19,7 @@
  octodns-sync =
    pkgs.symlinkJoin {
      name = "octodns-sync";
-      paths = [ self.packages.${system}.octodns ];
+      paths = [ self.packages.${pkgs.system}.octodns ];
      buildInputs = [ pkgs.makeWrapper pkgs.yq ];
      postBuild = ''
        cat ${./octodns.yaml} | yq '.providers.zones.directory="${octodns-zones}"' > $out/config.yaml
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@ -4,7 +4,7 @@
  # {{{ Inputs
  inputs = {
    # {{{ Nixpkgs instances
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
    # }}}
    # {{{ Additional package repositories
@ -23,7 +23,7 @@
    disko.inputs.nixpkgs.follows = "nixpkgs";
    # }}}
-    home-manager.url = "github:nix-community/home-manager/release-23.11";
+    home-manager.url = "github:nix-community/home-manager/release-24.05";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
    nix-index-database.url = "github:Mic92/nix-index-database";
@ -33,9 +33,6 @@
    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
    korora.url = "github:adisbladis/korora";
    nixos-dns.url = "github:Janik-Haag/nixos-dns";
    nixos-dns.inputs.nixpkgs.follows = "nixpkgs";
    # }}}
    # {{{ Standalone software
    # {{{ Nightly versions of things
@ -45,15 +42,11 @@
    # {{{ Self management
    # Smos
    smos.url = "github:NorfairKing/smos";
-    smos.inputs.nixpkgs.url = "github:NixOS/nixpkgs/b8dd8be3c790215716e7c12b247f45ca525867e2";
+    # smos.inputs.nixpkgs.url = "github:NixOS/nixpkgs/b8dd8be3c790215716e7c12b247f45ca525867e2";
    # REASON: smos fails to build this way
    # smos.inputs.nixpkgs.follows = "nixpkgs";
    # smos.inputs.home-manager.follows = "home-manager";
    # Intray
    intray.url = "github:NorfairKing/intray";
-    intray.inputs.nixpkgs.url = "github:NixOS/nixpkgs/cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7";
+    # intray.inputs.nixpkgs.url = "github:NixOS/nixpkgs/fc07dc3bdf2956ddd64f24612ea7fc894933eb2e";
    # intray.inputs.home-manager.follows = "home-manager";
    # }}}
    anyrun.url = "github:Kirottu/anyrun";
@ -67,7 +60,7 @@
    spicetify-nix.inputs.nixpkgs.follows = "nixpkgs";
    # }}}
    # {{{ Theming
-    darkmatter-grub-theme.url = gitlab:VandalByte/darkmatter-grub-theme;
+    darkmatter-grub-theme.url = "gitlab:VandalByte/darkmatter-grub-theme";
    darkmatter-grub-theme.inputs.nixpkgs.follows = "nixpkgs";
    stylix.url = "github:danth/stylix/a33d88cf8f75446f166f2ff4f810a389feed2d56";
@ -80,49 +73,54 @@
  };
  # }}}
-  outputs = { self, nixpkgs, home-manager, ... }@inputs:
+  outputs =
    {
      self,
      nixpkgs,
      home-manager,
      ...
    }@inputs:
    let
      # {{{ Common helpers
      inherit (self) outputs;
-      forAllSystems = nixpkgs.lib.genAttrs [
+      forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" ];
        # "aarch64-linux" TODO: purescript doesn't work on this one
        "x86_64-linux"
        "aarch64-darwin"
        "x86_64-darwin"
      ];
      specialArgs = system: {
        inherit inputs outputs;
        upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
      };
      # }}}
    in
    # }}}
    {
      # {{{ Packages
      # Accessible through 'nix build', 'nix shell', etc
-      packages = forAllSystems
+      packages = forAllSystems (
-        (system:
+        system:
-          let
+        let
-            pkgs = nixpkgs.legacyPackages.${system};
+          pkgs = nixpkgs.legacyPackages.${system};
-            upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
+          upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
-            myPkgs = import ./pkgs { inherit pkgs upkgs; };
+          myPkgs = import ./pkgs { inherit pkgs upkgs; };
-          in
+        in
-          myPkgs // {
+        myPkgs
-            octodns = upkgs.octodns.withProviders
+        // {
-              (ps: [ myPkgs.octodns-cloudflare ]);
+          octodns = upkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]);
-          } // (import ./dns/pkgs.nix) { inherit pkgs self system; }
+        }
-        );
+        // (import ./dns/pkgs.nix) { inherit pkgs self system; }
      );
      # }}}
      # {{{ Bootstrapping and other pinned devshells
      # Accessible through 'nix develop'
-      devShells = forAllSystems
+      devShells = forAllSystems (
-        (system:
+        system:
-          let
+        let
-            pkgs = nixpkgs.legacyPackages.${system};
+          pkgs = nixpkgs.legacyPackages.${system};
-            args = { inherit pkgs; } // specialArgs system;
+          args = {
-          in
+            inherit pkgs;
-          import ./devshells args);
+          } // specialArgs system;
        in
        import ./devshells args
      );
      # }}}
      # {{{ Overlays and modules
      # Custom packages and modifications, exported as overlays
@ -138,24 +136,39 @@
      # NixOS configuration entrypoint
      # Available through 'nixos-rebuild --flake .#...
      nixosConfigurations =
-        let nixos = { system, hostname }: nixpkgs.lib.nixosSystem {
+        let
-          inherit system;
+          nixos =
-          specialArgs = specialArgs system;
+            { system, hostname }:
            nixpkgs.lib.nixosSystem {
              inherit system;
              specialArgs = specialArgs system;
-          modules = [
+              modules = [
-            home-manager.nixosModules.home-manager
+                # {{{ Import home manager
-            {
+                (
-              home-manager.users.pilot = import ./home/${hostname}.nix;
+                  { lib, ... }:
-              home-manager.extraSpecialArgs = specialArgs system // { inherit hostname; };
+                  {
-              home-manager.useUserPackages = true;
+                    imports = lib.lists.optionals (builtins.pathExists ./home/${hostname}.nix) [
                      home-manager.nixosModules.home-manager
                      {
                        home-manager.users.pilot = ./home/${hostname}.nix;
                        home-manager.extraSpecialArgs = specialArgs system // {
                          inherit hostname;
                        };
                        home-manager.useUserPackages = true;
                        home-manager.backupFileExtension = "hm-backup";
-              stylix.homeManagerIntegration.followSystem = false;
+                        stylix.homeManagerIntegration.followSystem = false;
-              stylix.homeManagerIntegration.autoImport = false;
+                        stylix.homeManagerIntegration.autoImport = false;
-            }
+                      }
                    ];
                  }
                )
                # }}}
-            ./hosts/nixos/${hostname}
+                ./hosts/nixos/${hostname}
-          ];
+              ];
-        };
+            };
        in
        {
          tethys = nixos {
@ -168,14 +181,15 @@
            hostname = "lapetus";
          };
-          # Disabled because `flake check` complains about filesystems and bootloader
+          calypso = nixos {
-          # options not being set. This is not an issue in practice, as this config is
+            system = "x86_64-linux";
-          # supposed to be used inside a VM, but there's not much I can do about it.
+            hostname = "calypso";
-          # euporie = nixos {
+          };
          #   system = "x86_64-linux";
          #   hostname = "euporie";
          # };
          iso = nixos {
            system = "x86_64-linux";
            hostname = "iso";
          };
        };
      # }}}
    };
--- a/home/calypso.nix
+++ b/home/calypso.nix
@ -0,0 +1,75 @@
 { pkgs, ... }:
 {
  imports = [
    ./global.nix
    ./features/cli/catgirl.nix
    ./features/cli/lazygit.nix
    ./features/cli/nix-index.nix
    ./features/cli/productivity
    ./features/cli/zellij.nix
    ./features/desktop/discord
    ./features/desktop/edopro.nix
    ./features/desktop/firefox
    ./features/desktop/foot.nix
    ./features/desktop/obsidian.nix
    ./features/desktop/spotify.nix
    ./features/desktop/steam.nix
    ./features/desktop/zathura.nix
    ./features/wayland/hyprland
    ./features/neovim
  ];
  # Arbitrary extra packages
  home.packages = with pkgs; [
    # {{{ Communication
    # signal-desktop # Signal client
    # element-desktop # Matrix client
    # zoom-us # Zoom client 🤮
    whatsapp-for-linux
    # }}}
    # {{{ Editors for different formats
    gimp # Image editing
    # lmms # Music software
    # kicad # PCB editing
    # libreoffice # Free office suite
    # }}}
    # {{{ Gaming
    # wine # Windows compat layer or whatever
    lutris # Game launcher
    # }}}
    # {{{ Clis
    sops # Secret editing
    # sherlock # Search for usernames across different websites
    # }}}
    # {{{ Misc
    bitwarden # Password-manager
    qbittorrent # Torrent client
    # google-chrome # Not my primary browser, but sometimes needed in webdev
    # plover.dev # steno engine
    overskride # Bluetooth client
    # }}}
    # {{{ Media playing/recording
    mpv # Video player
    imv # Image viewer
    peek # GIF recorder
    obs-studio # video recorder
    # }}}
  ];
  home.username = "moon";
  home.stateVersion = "24.05";
  satellite = {
    # Symlink some commonly modified dotfiles outside the nix store
    dev.enable = true;
    monitors = [
      {
        name = "eDP-1";
        width = 1920;
        height = 1200;
      }
    ];
  };
 }
--- a/home/euporie.nix
+++ b/home/euporie.nix
@ -1,11 +0,0 @@
 {
  imports = [
    ./global.nix
    ./features/wayland/hyprland
  ];
  # Set up my custom imperanence wrapper
  satellite.persistence = {
    enable = true;
  };
 }
--- a/home/features/cli/default.nix
+++ b/home/features/cli/default.nix
@ -1,10 +1,10 @@
-{ pkgs, inputs, ... }: {
+{ pkgs, ... }:
 {
  imports = [
    ./scripts
    ./eza.nix
    ./bat.nix
    ./ssh.nix
    ./gpg.nix
    ./git.nix
    ./starship.nix
    ./direnv.nix
@ -16,13 +16,13 @@
  stylix.targets.yazi.enable = true;
  home.packages = with pkgs; [
-    # {{{ System information 
+    # {{{ System information
    acpi # Battery stats
    neofetch # Display system information
    tokei # Useless but fun line of code counter (sloc alternative)
    bottom # System monitor
    # }}}
-    # {{{ Storage 
+    # {{{ Storage
    ncdu # TUI disk usage
    du-dust # Similar to du and ncdu in purpose.
    # }}}
@ -32,7 +32,7 @@
    sd # Better sed
    httpie # Better curl
    # }}}
-    # {{{ Misc  
+    # {{{ Misc
    yazi # Terminal file explorer
    bc # Calculator
    ouch # Unified compression / decompression tool
--- a/home/features/cli/fish/config.fish
+++ b/home/features/cli/fish/config.fish
@ -12,7 +12,6 @@ set fish_cursor_insert line # Set the insert mode cursor to a line
 set fish_cursor_replace_one underscore # Set the replace mode cursor to an underscore
 # Force fish to skip some checks (I think?)
 # TODO: research why this is here
 set fish_vi_force_cursor
 # }}}
 # {{{ Disable greeting
--- a/home/features/cli/fish/default.nix
+++ b/home/features/cli/fish/default.nix
@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
  pkgs,
  config,
  lib,
  ...
 }:
 let
  repaint = "commandline -f repaint";
  fishKeybinds = {
@ -7,7 +12,6 @@ let
    # C-z to return to background process
    "\\cz" = "fg && ${repaint}";
    # C-y to yank current command
    # TODO: make this work in xorg as well
    "\\cy" = "wl-copy \$(commandline)";
    # C-e to launch $EDITOR
    "\\ce" = "$EDITOR";
@ -21,8 +25,10 @@ let
    "\\e\\[70\\;5u" = ''nvim +":lua require('mini.files').open()"'';
  };
-  mkKeybind = key: value:
+  mkKeybind =
-    let escaped = lib.escapeShellArg value;
+    key: value:
    let
      escaped = lib.escapeShellArg value;
    in
    ''
      bind -M default ${key} ${escaped}
@ -30,18 +36,14 @@ let
    '';
 in
 {
-  # {{{ Fzf 
+  # {{{ Fzf
  programs.fzf = {
    enable = true;
    defaultOptions = [ "--no-scrollbar" ];
-    changeDirWidgetOptions = [
+    changeDirWidgetOptions = [ "--preview '${lib.getExe pkgs.eza} --icons --tree --color=always {}'" ];
      "--preview '${lib.getExe pkgs.eza} --icons --tree --color=always {}'"
    ];
-    fileWidgetOptions = [
+    fileWidgetOptions = [ "--preview '${lib.getExe pkgs.bat} --number --color=always {}'" ];
      "--preview '${lib.getExe pkgs.bat} --number --color=always {}'"
    ];
  };
  stylix.targets.fzf.enable = true;
@ -61,31 +63,25 @@ in
      ${lib.getExe pkgs.nix-your-shell} fish | source
    '';
-    # {{{ Plugins 
+    # {{{ Plugins
    plugins =
      let
        plugins = with pkgs.fishPlugins; [
          z # Jump to directories by typing "z <directory-name>"
          grc # Adds color to a bunch of built in commands
          done # Trigger a notification when long commands finish execution
          puffer # Text expansion (i.e. expanding .... to ../../../)
          sponge # Remove failed commands and whatnot from history
-          forgit # Git tui thingy? (I'm still trying this one out)
+          colored-man-pages
          colored-man-pages # Self explainatory:)
        ];
      in
      # For some reason home-manager expects a slightly different format 🤔
-      lib.forEach plugins
+      lib.forEach plugins (plugin: {
-        (plugin: {
+        name = plugin.pname;
-          name = plugin.pname;
+        inherit (plugin) src;
-          inherit (plugin) src;
+      });
        });
    # }}}
  };
  # I sometimes get errors about `grc` being missing, so I gave up and added it here.
  home.packages = [ pkgs.grc ];
  satellite.persistence.at.state.apps.fish.directories = [
    "${config.xdg.dataHome}/fish"
    "${config.xdg.dataHome}/z" # The z fish plugin requires this
--- a/home/features/cli/git.nix
+++ b/home/features/cli/git.nix
@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ config, pkgs, ... }:
 {
  home.packages = [ pkgs.josh ]; # Just One Single History
  # TODO: use `delta` as a pager, as highlighted here
@ -28,7 +29,7 @@
      "hie.yaml"
    ];
    # }}}
-    # {{{ Aliases 
+    # {{{ Aliases
    aliases = {
      # Print history nicely
      graph = "log --decorate --oneline --graph";
@ -48,6 +49,18 @@
      init.defaultBranch = "main";
      rebase.autoStash = true;
      push.default = "current";
      push.autoSetupRemote = true;
      #  {{{ URL rewriting
      url."git@github.com:".insteadOf = [
        # Normalize GitHub URLs to SSH to avoid authentication issues with HTTPS.
        # "https://github.com/"
        # Allows typing `git clone github:owner/repo`.
        "github:"
      ];
      #  }}}
      # {{{ Signing
      # Sign commits using ssh
      gpg.format = "ssh";
@ -65,5 +78,7 @@
    enable = true;
    settings.git_protocol = "ssh";
  };
  satellite.persistence.at.state.apps.gh.files = [ "${config.xdg.configHome}/gh/hosts.yml" ];
  # }}}
 }
--- a/home/features/cli/gpg.nix
+++ b/home/features/cli/gpg.nix
@ -1,20 +1,11 @@
 { pkgs, config, ... }:
 let
  pinentry =
    if config.gtk.enable then {
      packages = [ pkgs.pinentry-gnome pkgs.gcr ];
      name = "gnome3";
    } else {
      packages = [ pkgs.pinentry-curses ];
      name = "curses";
    };
 in
 {
  home.packages = pinentry.packages;
  services.gpg-agent = {
    enable = true;
-    pinentryFlavor = pinentry.name;
+    pinentryPackage =
      if config.gtk.enable
      then pkgs.pinentry-gnome3
      else pkgs.pinentry-curses;
  };
  programs.gpg.enable = true;
--- a/home/features/cli/lazygit.nix
+++ b/home/features/cli/lazygit.nix
@ -1,9 +1,12 @@
-{ config, ... }: {
+{ config, ... }:
 {
  programs.lazygit = {
    enable = true;
-    settings.promptToReturnFromSubprocess = false;
+    settings = {
      promptToReturnFromSubprocess = false;
      disableStartupPopups = true;
    };
  };
-  satellite.persistence.at.state.apps.lazygit.directories =
+  satellite.persistence.at.state.apps.lazygit.directories = [ "${config.xdg.configHome}/lazygit" ];
    [ "${config.xdg.configHome}/lazygit" ];
 }
--- a/home/features/cli/pass.nix
+++ b/home/features/cli/pass.nix
@ -1,19 +0,0 @@
 # I use bitwarden as my main password manager.
 #
 # This currently acts as a simple local libsecret store.
 { pkgs, config, lib, ... }:
 let storePath = "${config.home.homeDirectory}/.password-store";
 in
 {
  programs.password-store = {
    enable = true;
    settings.PASSWORD_STORE_DIR = storePath;
  };
  services.pass-secret-service = {
    inherit storePath;
    enable = true;
  };
  satellite.persistence.at.data.apps.pass.directories = [ storePath ];
 }
--- a/home/features/cli/productivity/default.nix
+++ b/home/features/cli/productivity/default.nix
@ -1,3 +1,7 @@
 {
-  imports = [ ./smos ./intray.nix ./mail.nix ];
+  imports = [
    ./smos
    # ./intray.nix
    ./mail.nix
  ];
 }
--- a/home/features/cli/productivity/intray.nix
+++ b/home/features/cli/productivity/intray.nix
@ -1,8 +1,12 @@
-{ config, ... }: {
+{ config, inputs, pkgs, ... }: {
  sops.secrets.intray_password.sopsFile = ./secrets.yaml;
  programs.intray = {
    enable = true;
    # We don't want to use the statically-linked binary, as it requires pulling-in ghc-musl.
    intray-cli = inputs.intray.packages.${pkgs.system}.default.intray-cli;
    data-dir = "${config.satellite.persistence.at.state.home}/intray";
    cache-dir = "${config.satellite.persistence.at.cache.home}/intray";
    config.sync = "AlwaysSync";
--- a/home/features/cli/productivity/mail.nix
+++ b/home/features/cli/productivity/mail.nix
@ -1,4 +1,5 @@
-{ config, ... }: {
+{ config, ... }:
 {
  sops.secrets.moonythm_mail_pass.sopsFile = ./secrets.yaml;
  programs.msmtp.enable = true;
@ -14,7 +15,7 @@
  accounts.email.accounts = {
    # {{{ Moonythm
    moonythm = rec {
-      # {{{ Primary config 
+      # {{{ Primary config
      address = "colimit@moonythm.dev";
      realName = "prescientmoon";
      userName = address;
@ -61,10 +62,16 @@
      neomutt = {
        enable = true;
        sendMailCommand = "msmtpq --read-envelope-from --read-recipients";
-        extraMailboxes = [ "Archive" "Drafts" "Junk" "Sent" "Trash" ];
+        extraMailboxes = [
          "Archive"
          "Drafts"
          "Junk"
          "Sent"
          "Trash"
        ];
      };
      # }}}
-      # {{{ Aerc 
+      # {{{ Aerc
      aerc = {
        enable = true;
      };
@ -79,9 +86,9 @@
    extraConfig.general.unsafe-accounts-conf = true;
  };
  # }}}
-  # {{{ Neomutt 
+  # {{{ Neomutt
  programs.neomutt = {
-    # {{{ Primary config 
+    # {{{ Primary config
    enable = true;
    vimKeys = true;
    checkStatsInterval = 60; # How often to check for new mail
@ -92,30 +99,42 @@
    # }}}
    binds = [
-      # {{{ Toggle sidebar 
+      # {{{ Toggle sidebar
      {
-        map = [ "index" "pager" ];
+        map = [
          "index"
          "pager"
        ];
        key = "B";
        action = "sidebar-toggle-visible";
      }
      # }}}
      # {{{ Highlight previous sidebar item
      {
-        map = [ "index" "pager" ];
+        map = [
          "index"
          "pager"
        ];
        key = "\\CK";
        action = "sidebar-prev";
      }
      # }}}
      # {{{ Highlight next sidebar item
      {
-        map = [ "index" "pager" ];
+        map = [
          "index"
          "pager"
        ];
        key = "\\CJ";
        action = "sidebar-next";
      }
      # }}}
      # {{{ Open highlighted sidebar item
      {
-        map = [ "index" "pager" ];
+        map = [
          "index"
          "pager"
        ];
        key = "\\CO";
        action = "sidebar-open";
      }
@ -144,7 +163,7 @@
    extraConfig = ''
      # Starting point: https://seniormars.com/posts/neomutt/#introduction-and-why
      # {{{ Settings
-      set pager_index_lines = 10          
+      set pager_index_lines = 10
      set pager_context = 3                # show 3 lines of context
      set pager_stop                       # stop at end of message
      set menu_scroll                      # scroll menu
@ -334,7 +353,11 @@
        exec = "neomutt %U";
        icon = "mutt";
        terminal = true;
-        categories = [ "Network" "Email" "ConsoleOnly" ];
+        categories = [
          "Network"
          "Email"
          "ConsoleOnly"
        ];
        type = "Application";
        mimeType = [ "x-scheme-handler/mailto" ];
      };
@ -345,10 +368,8 @@
  };
  # }}}
  # }}}
-  # {{{ Storage & persistence 
+  # {{{ Storage & persistence
-  accounts.email.maildirBasePath = "${config.home.homeDirectory}/maildir";
+  accounts.email.maildirBasePath = "${config.xdg.dataHome}/maildir";
-  satellite.persistence.at.data.apps.mail.directories = [
+  satellite.persistence.at.data.apps.mail.directories = [ config.accounts.email.maildirBasePath ];
    config.accounts.email.maildirBasePath
  ];
  # }}}
 }
--- a/home/features/cli/productivity/secrets.yaml
+++ b/home/features/cli/productivity/secrets.yaml
@ -12,11 +12,29 @@ sops:
        - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwYkx3eWhxZUpTRVR3R1R4
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4K0dLRllmN01KWmVjNlRM
-            Vm9hMTVsbXBnU0tFU093amU3TTNjalhsVHdvCmZURElTY2Q0eTQvR3M1V3AzTVl4
+            Rm55Zi84TDUyRUtnblJBb1V6eU5vaTV0Q2pNCkpVSzdLazJLTCsvV1dyUkhtRHhX
-            VkR2NXRHR2FiTURqNUp5Y3VDWFQ1UjgKLS0tIEVlRWs3YUFaZzdvd1Q5bmFwazJi
+            SUlRZGRkZlNNUWZpTXBNQkl2M1hQaVkKLS0tIDFGaldzOEoreVJFdFErVTZRb0RY
-            Y2E3bmM1TkZoOEN0anJqYUNSQUN5ZDAKtobUBBKbfaUeiPtKN4/oTNaxY3C2joCK
+            cU52ejJoMUtJMzNnRnJDVWhQWndMbkUKGHyGoSQXUC+aZLLx8dNlccHiMorzPWL1
-            8h4FlRLXd+CGnAyjN2p4FliWzLgmOg4HFNmZSmYLpIh4E9yqadNSSg==
+            RL46DTu0MyigwefWoiPc2Xw0HRX4mYTsZol9Pavs7jy/zlBuJjed2g==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBESDl4L1VxQzBGSmVnM1pQ
            aWJERXZqeDUyM0lEQlpsanRqVUtYaWJUUXgwCjhqZFhvR3ZYZVVBVzl5NUptNHBC
            elhDM05ycFc3RTVlK1VuRmRNWlYwRk0KLS0tIEtDeGtEUElncEsrQ2hueFpQZ3dM
            YkQ3bzA2SzAwL1FYU2E3Um5aejVlOVkK0EXDFQaN588aFSF9HhifOpK3h6nEW7ag
            IfFgVxXkD8h7ZF8xnhFoRYVIAffkOqk6POCFLZcEjpIOGwRplHPqYA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1r2vlh9tgdmf6r0xj025zun0cvudn2p6jqav84pql8k928newtepq9ttw8z
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwREJTeFd2RVV5Y1JHSE5Y
            Qm1RWE9WRlNtakUydGlUdW9BZU5zOTlnUFZRCkZqZDNpNE4wckNsejh6dFdSTUdP
            cWhveUNlMlNlZTdhU3c3U0UzUDZhUDAKLS0tIFAyeEpTb3Y3VDFrM1cyYkdQZGtq
            a3Vzak1qM2lGUWFUS2lPa1loY0tkM0UKF9IGvrJM8BdivLQBnetZz2OeH6FCNaCZ
            JeqqJXM96LKzPBCXxFqclpoPgy8zUb1yNpKg3CRUroC7VO0tBG3KJg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-02-12T23:55:37Z"
    mac: ENC[AES256_GCM,data:RvJMumDJ2S8JgHwRLG/jhyj1a/ekBmjbzFFk7+6hrDg1/Zi8UzzATLEsEBUhX0X4vlqHBUxv4r61SQEroCl5GXBst+Wtac/zxMGIKm5PDH92HccjJhi4aftGP22PHlYCEOis7+D/Vw7W8ovRCFpEYVxxslxibCIo9RuUf8vDE94=,iv:kavw38JSPem1eChO+ntLwLFt6bAJT1rd8s00nmHNzGY=,tag:QuncWa50NvpLqMZGS0F9ug==,type:str]
--- a/home/features/cli/productivity/smos/default.nix
+++ b/home/features/cli/productivity/smos/default.nix
@ -1,13 +1,22 @@
-{ config, pkgs, ... }:
+{
-let workflowDir = "${config.home.homeDirectory}/productivity/smos";
+  config,
  pkgs,
  inputs,
  ...
 }:
 let
  workflowDir = "${config.xdg.dataHome}/smos/workflow";
 in
 {
  sops.secrets.smos_password.sopsFile = ../secrets.yaml;
-  # {{{ Smos config 
+  # {{{ Smos config
  programs.smos = {
    inherit workflowDir;
    # We don't want to use the statically-linked binary, as it requires pulling-in ghc-musl.
    smosReleasePackages = inputs.smos.packages.${pkgs.system}.default;
    enable = true;
    notify.enable = true;
@ -28,10 +37,8 @@ in
    };
  };
  # }}}
-  # {{{ Storage & secrets 
+  # {{{ Storage & secrets
-  satellite.persistence.at.data.apps.smos.directories = [
+  satellite.persistence.at.data.apps.smos.directories = [ config.programs.smos.workflowDir ];
    config.programs.smos.workflowDir
  ];
  sops.secrets.smos_github_token = {
    sopsFile = ../secrets.yaml;
@ -45,9 +52,11 @@ in
    type = "Application";
    terminal = false;
    icon = ../../../../../common/icons/smos.svg;
-    exec = builtins.toString (pkgs.writeShellScript "smostui" ''
+    exec = builtins.toString (
-      wezterm start --class "org.wezfurlong.wezterm.smos" --cwd ${workflowDir} smos
+      pkgs.writeShellScript "smostui" ''
-    '');
+        foot -a Smos -D ${workflowDir} smos
      ''
    );
  };
  # }}}
 }
--- a/home/features/cli/ssh.nix
+++ b/home/features/cli/ssh.nix
@ -1,10 +1,9 @@
-{ config, ... }: {
+{ pkgs, lib, ... }:
 {
  programs.ssh.enable = true;
  satellite.persistence.at.state.apps.ssh.directories = [ ".ssh" ];
-  # Makes it easy to copy ssh keys at install time without messing up permissions
+  # This allows me to push/pull to my forgejo server via SSH.
-  systemd.user.tmpfiles.rules = [
+  # See the docs for more details: https://developers.cloudflare.com/cloudflare-one/tutorials/gitlab/#configuring-ssh
-    "d ${config.satellite.persistence.at.state.home}/ssh/.ssh/etc/ssh"
+  programs.ssh.matchBlocks."ssh.git.moonythm.dev".proxyCommand = "${lib.getExe pkgs.cloudflared} access ssh --hostname %h";
  ];
 }
--- a/home/features/cli/zellij.nix
+++ b/home/features/cli/zellij.nix
@ -0,0 +1,4 @@
 {
  programs.zellij.enable = true;
  stylix.targets.zellij.enable = true;
 }
--- a/home/features/desktop/default.nix
+++ b/home/features/desktop/default.nix
@ -1,6 +1,6 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
 {
  imports = [
    ./wezterm # terminal
    ./dunst.nix # notifaction handler
  ];
@ -9,9 +9,13 @@
  # Use a base16 theme for gtk apps!
  stylix.targets.gtk.enable = true;
  gtk.enable = true;
  gtk.iconTheme = {
    package = pkgs.papirus-icon-theme;
    name = "Papirus";
  };
  # Bigger text in qt apps
  home.sessionVariables.QT_SCREEN_SCALE_FACTORS = 1.4;
 }
--- a/home/features/desktop/discord/default.nix
+++ b/home/features/desktop/discord/default.nix
@ -1,36 +1,35 @@
 { config, pkgs, ... }:
 let
  themeMap = pkgs.callPackage (import ./themes.nix) { };
  # REASON: newer discord versions don't work with the one in nixpkgs
  discocss = pkgs.discocss.overrideAttrs (old: rec {
    version = "unstable-2023-09-02";
    src = pkgs.fetchFromGitHub {
      owner = "bddvlpr";
      repo = "discocss";
      rev = "37f1520bc90822b35e60baa9036df7a05f43fab8";
      sha256 = "1559mxmc0ppl4jxvdzszphysp1j31k2hm93qv7yz87xn9j0z2m04";
    };
  });
 in
 # themeMap = pkgs.callPackage (import ./themes.nix) { };
 # REASON: newer discord versions don't work with the one in nixpkgs
 # discocss = pkgs.discocss.overrideAttrs (old: rec {
 #   version = "unstable-2023-09-02";
 #   src = pkgs.fetchFromGitHub {
 #     owner = "bddvlpr";
 #     repo = "discocss";
 #     rev = "37f1520bc90822b35e60baa9036df7a05f43fab8";
 #     sha256 = "1559mxmc0ppl4jxvdzszphysp1j31k2hm93qv7yz87xn9j0z2m04";
 #   };
 # });
 # vencord = pkgs.discord.override { withVencord = true; };
 {
  programs.discord = {
    enable = true;
    disableUpdateCheck = true;
    enableDevtools = true;
    package = pkgs.vesktop;
  };
-  home.packages = [ discocss ];
+  # xdg.configFile."discocss/custom.css".source = config.satellite.theming.get themeMap;
  xdg.configFile."discocss/custom.css".source = config.satellite.theming.get themeMap;
  # {{{ Storage
  # Clean cache older than 10 days
-  systemd.user.tmpfiles.rules = [
+  systemd.user.tmpfiles.rules = [ "d ${config.xdg.configHome}/discord/Cache/Cache_Data - - - 10d" ];
    "d ${config.xdg.configHome}/discord/Cache/Cache_Data - - - 10d"
  ];
  satellite.persistence.at.state.apps.discord.directories = [
    "${config.xdg.configHome}/discord" # Why tf does discord store it's state here 💀
    "${config.xdg.configHome}/vesktop"
  ];
  # }}}
 }
--- a/home/features/desktop/discord/themes.nix
+++ b/home/features/desktop/discord/themes.nix
@ -2,19 +2,19 @@
 lib.fix (self: {
  "Catppuccin Mocha" = fetchurl {
    url = "https://catppuccin.github.io/discord/dist/catppuccin-mocha.theme.css";
-    sha256 = "01j5xhzpy3a68qlrzchzclj7mnxj106bwxq2vyvxw7fd2n3zn96b";
+    sha256 = "0y9vha3gb48yid65r2zfkc6l021j1s8mlac3klkbksla9gqnd9wr";
  };
  "Catppuccin Frappe" = fetchurl {
    url = "https://catppuccin.github.io/discord/dist/catppuccin-frappe.theme.css";
-    sha256 = "037jr133zw04sslkl1hdspkqqb40c3a7hcs72lzjlimaqhnxd044";
+    sha256 = "19kmmydkbpig14ql6zn0vqzlfykm6qg7r317vwjzq9dg092lflam";
  };
  "Catppuccin Latte" = fetchurl {
    url = "https://catppuccin.github.io/discord/dist/catppuccin-latte.theme.css";
-    sha256 = "1bijp2ysm7ifah6xqz95ag4hi7k7r0s9c8jz0s5a4b00k59qd6qc";
+    sha256 = "0lm1mzflyxmzpsyfkbcd1v7d1xp5i683yc6npbsm12z4hqn2smf6";
  };
  "Catppuccin Macchiato" = fetchurl {
    url = "https://catppuccin.github.io/discord/dist/catppuccin-macchiato.theme.css";
-    sha256 = "1ggw9iyn7d7z0sv784kgmxbf94xvwn2cnkd8g08xzy5c17gky6ln";
+    sha256 = "01zd5zf9b4a2kkwnkpzg37g1macan6201wyi7zj2crsbxy8b7j6k";
  };
  default.dark = self."Catppuccin Macchiato";
  default.light = self."Catppuccin Latte";
--- a/home/features/desktop/edopro.nix
+++ b/home/features/desktop/edopro.nix
@ -0,0 +1,32 @@
 # EDOPro is a fanmade Yu-Gi-Oh! simulator.
 # I am installing the game the traditional way, and
 # adding a desktop entry which runs it via `steam-run`.
 {
  config,
  lib,
  pkgs,
  ...
 }:
 let
  persistState = config.satellite.persistence.at.state.home;
  installPath = "${persistState}/yugioh/.local/share/edopro";
  launchScript = pkgs.writeShellScript "start-edopro" ''
    ${lib.getExe pkgs.steam-run} ${installPath}/EDOPro
  '';
 in
 {
  # This is a nix-ified version of the .desktop file EDOPro comes with.
  xdg.desktopEntries.edopro = {
    name = "EDOPro";
    type = "Application";
    comment = "The bleeding-edge automatic duel simulator";
    icon = "${installPath}/textures/AppIcon.png";
    categories = [ "Game" ];
    settings.StartupWMClass = "EDOPro";
    settings.Path = installPath;
    terminal = false;
    exec = builtins.toString launchScript;
  };
 }
--- a/home/features/desktop/firefox/default.nix
+++ b/home/features/desktop/firefox/default.nix
@ -1,4 +1,10 @@
-{ config, lib, pkgs, inputs, ... }:
+{
  config,
  lib,
  pkgs,
  inputs,
  ...
 }:
 let
  # {{{ Global extensions
  extensions = with inputs.firefox-addons.packages.${pkgs.system}; [
@ -23,8 +29,8 @@ let
    unpaywall
    user-agent-string-switcher
  ];
  # }}}
 in
 # }}}
 {
  programs.firefox = {
    enable = true;
@ -66,7 +72,8 @@ in
      # {{{ Extensions
      extensions =
        with inputs.firefox-addons.packages.${pkgs.system};
-        with lib.lists; flatten [
+        with lib.lists;
        flatten [
          extensions
          # List of profile-specific extensions
          [
@ -91,80 +98,134 @@ in
      search.engines =
        let
          # {{{ Search engine creation helpers
-          mkBasicSearchEngine = { aliases, url, param, icon ? null }: {
+          mkBasicSearchEngine =
-            urls = [{
+            {
-              template = url;
+              aliases,
-              params = [
+              url,
-                { name = param; value = "{searchTerms}"; }
+              param,
              icon ? null,
            }:
            {
              urls = [
                {
                  template = url;
                  params = [
                    {
                      name = param;
                      value = "{searchTerms}";
                    }
                  ];
                }
              ];
            }];
-            definedAliases = aliases;
+              definedAliases = aliases;
-          } // (if icon == null then { } else { inherit icon; });
+            }
            // (if icon == null then { } else { inherit icon; });
-          mkNixPackagesEngine = { aliases, type }:
+          mkNixPackagesEngine =
-            mkBasicSearchEngine
+            { aliases, type }:
-              {
+            mkBasicSearchEngine {
-                aliases = aliases;
+              aliases = aliases;
-                url = "https://search.nixos.org/${type}";
+              url = "https://search.nixos.org/${type}";
-                param = "query";
+              param = "query";
-                icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+              icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
-              };
+            };
          # }}}
        in
        # }}}
        # {{{ Engine declarations
        {
          "Nix Packages" = mkNixPackagesEngine {
-            aliases = [ "@np" "@nix-packages" ];
+            aliases = [
              "@np"
              "@nix-packages"
            ];
            type = "packages";
          };
          "Nix options" = mkNixPackagesEngine {
-            aliases = [ "@no" "@nix-options" ];
+            aliases = [
              "@no"
              "@nix-options"
            ];
            type = "options";
          };
          "Home-manager options" = mkBasicSearchEngine {
            aliases = [
              "@hm"
              "@home-manager"
            ];
            param = "query";
            url = "https://home-manager-options.extranix.com";
          };
          "Pursuit" = mkBasicSearchEngine {
            url = "https://pursuit.purescript.org/search";
            param = "q";
-            aliases = [ "@ps" "@pursuit" ];
+            aliases = [
              "@ps"
              "@pursuit"
            ];
          };
          "Hoogle" = mkBasicSearchEngine {
            url = "https://hoogle.haskell.org";
            param = "hoogle";
-            aliases = [ "@hg" "@hoogle" ];
+            aliases = [
              "@hg"
              "@hoogle"
            ];
          };
          "NPM" = mkBasicSearchEngine {
            url = "https://www.npmjs.com/search";
            param = "q";
            aliases = [ "@npm" ];
          };
          "Wikipedia" = mkBasicSearchEngine {
            url = "https://en.wikipedia.org/wiki/Special:Search";
            param = "search";
-            aliases = [ "@wk" "@wikipedia" ];
+            aliases = [
              "@wk"
              "@wikipedia"
            ];
          };
          "Github" = mkBasicSearchEngine {
            url = "https://github.com/search";
            param = "q";
-            aliases = [ "@gh" "@github" ];
+            aliases = [
              "@gh"
              "@github"
            ];
          };
          "Invidious" = mkBasicSearchEngine {
            url = "https://yt.moonythm.dev/results";
            param = "search_query";
-            aliases = [ "@yt" "@invidious" ];
+            aliases = [
              "@yt"
              "@invidious"
            ];
          };
          "Youtube" = mkBasicSearchEngine {
            url = "https://www.youtube.com/results";
            param = "search_query";
-            aliases = [ "@gyt" "@youtube" ];
+            aliases = [
              "@gyt"
              "@youtube"
            ];
          };
          "Arcaea wiki" = mkBasicSearchEngine {
            url = "https://arcaea.fandom.com/wiki/Special:Search?scope=internal&navigationSearch=true";
            param = "query";
-            aliases = [ "@ae" "@arcaea" ];
+            aliases = [
              "@ae"
              "@arcaea"
            ];
          };
          "Noita wiki" = mkBasicSearchEngine {
@ -176,31 +237,46 @@ in
          "Rain world wiki" = mkBasicSearchEngine {
            url = "https://rainworld.miraheze.org/w/index.php";
            param = "search";
-            aliases = [ "@rw" "@rain-world" ];
+            aliases = [
              "@rw"
              "@rain-world"
            ];
          };
          "Arch wiki" = mkBasicSearchEngine {
            url = "https://wiki.archlinux.org/index.php";
            param = "search";
-            aliases = [ "@aw" "@arch-wiki" ];
+            aliases = [
              "@aw"
              "@arch-wiki"
            ];
          };
          "Factorio wiki" = mkBasicSearchEngine {
            url = "https://wiki.factorio.com/index.php";
            param = "search";
-            aliases = [ "@fw" "@factorio-wiki" ];
+            aliases = [
              "@fw"
              "@factorio-wiki"
            ];
          };
          "Factorio mod portal" = mkBasicSearchEngine {
            url = "https://mods.factorio.com/";
            param = "query";
-            aliases = [ "@fm" "@factorio-mods" ];
+            aliases = [
              "@fm"
              "@factorio-mods"
            ];
          };
          "Moonythm" = mkBasicSearchEngine {
            url = "https://search.moonythm.dev/search";
            param = "q";
-            aliases = [ "@m" "@moonythm" ];
+            aliases = [
              "@m"
              "@moonythm"
            ];
            icon = ../../../../common/icons/whoogle.webp;
          };
@ -225,22 +301,25 @@ in
        # Do not paste with middle mouse click
        "middlemouse.paste" = false;
        # Do not include "switch to [tab]" in search results
        "browser.urlbar.suggest.openpage" = false;
        # Disable shortcut for quitting :)
        "browser.quitShortcut.disabled" = true;
        # Inspired by https://github.com/TLATER/dotfiles/blob/b39af91fbd13d338559a05d69f56c5a97f8c905d/home-config/config/graphical-applications/firefox.nix
        # {{{ Performance settings
        "gfx.webrender.all" = true; # Force enable GPU acceleration
        "media.ffmpeg.vaapi.enabled" = true;
        "widget.dmabuf.force-enabled" = true; # Required in recent Firefoxes
        # }}}
-        # {{{ New tab page 
+        # {{{ New tab page
-        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" =
+        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
-          false;
+        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false;
        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" =
          false;
        "browser.newtabpage.activity-stream.feeds.snippets" = false;
        "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned" = "";
        "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines" = "";
-        "browser.newtabpage.activity-stream.section.highlights.includePocket" =
+        "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
          false;
        "browser.newtabpage.activity-stream.showSponsored" = false;
        "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
        "browser.newtabpage.pinned" = false;
@ -266,15 +345,9 @@ in
        # with tiling WMs on wayland
        "privacy.webrtc.legacyGlobalIndicator" = false;
        # Do not include "switch to [tab]" in search results
        "browser.urlbar.suggest.openpage" = false;
        # Hide random popup: https://forums.linuxmint.com/viewtopic.php?t=379164
        "browser.protections_panel.infoMessage.seen" = true;
        # Disable shortcut for quitting :)
        "browser.quitShortcut.disabled" = true;
        # Do not show dialog for getting panes in the addons menu (?)
        # http://kb.mozillazine.org/Extensions.getAddons.showPane
        "extensions.getAddons.showPane" = false;
@ -288,7 +361,6 @@ in
    # {{{ Standalone "apps" which actually run inside a browser.
    apps.extensions = extensions;
    apps.app = {
      # TODO: auto increment ids
      # {{{ Desmos
      desmos = {
        url = "https://www.desmos.com/calculator";
@ -305,23 +377,18 @@ in
        id = 2;
      };
      # }}}
      # {{{ Syncthing
      syncthing = {
        url = "http://localhost:8384/";
        icon = ../../../../common/icons/syncthing.png;
        displayName = "Syncthing";
        id = 3;
      };
      # }}}
    };
    # }}}
  };
-  # TODO: uncomment when using newer version
+  stylix.targets.firefox = {
-  # stylix.targets.firefox = {
+    enable = true;
-  #   enable = true;
+    profileNames = [
-  #   profileNames = [ config.home.username "desmos" "monkey-type" "syncthing" ];
+      config.home.username
-  # };
+      "desmos"
      "monkey-type"
    ];
  };
  # {{{ Make firefox the default
  # Use firefox as the default browser to open stuff.
@ -345,4 +412,3 @@ in
  ];
  # }}}
 }
--- a/home/features/desktop/foot.nix
+++ b/home/features/desktop/foot.nix
@ -0,0 +1,4 @@
 {
  programs.foot.enable = true;
  stylix.targets.foot.enable = true;
 }
--- a/home/features/desktop/obsidian.nix
+++ b/home/features/desktop/obsidian.nix
@ -1,4 +1,5 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, ... }:
 {
  home.packages = [ pkgs.obsidian ];
  # Start nvim with a custom class so our WM can move it to the correct workspace
@ -8,10 +9,13 @@
    icon = "obsidian";
    terminal = false;
    exec =
-      let vaultDir = "${config.xdg.userDirs.extraConfig.XDG_PROJECTS_DIR}/stellar-sanctum";
+      let
        vaultDir = "${config.xdg.userDirs.extraConfig.XDG_PROJECTS_DIR}/stellar-sanctum";
      in
-      builtins.toString (pkgs.writeShellScript "obsidiantui" ''
+      builtins.toString (
-        wezterm start --class "org.wezfurlong.wezterm.obsidian" --cwd ${vaultDir} nvim
+        pkgs.writeShellScript "obsidiantui" ''
-      '');
+          foot -a Obsidian -D ${vaultDir} nvim
        ''
      );
  };
 }
--- a/home/features/desktop/steam.nix
+++ b/home/features/desktop/steam.nix
@ -0,0 +1,11 @@
 { config, ... }:
 {
  # {{{ Persistence
  satellite.persistence.at.state.apps.steam = {
    directories = [
      ".factorio"
      "${config.xdg.dataHome}/Steam"
    ];
  };
  # }}}
 }
--- a/home/features/desktop/wakatime/secrets.yaml
+++ b/home/features/desktop/wakatime/secrets.yaml
@ -8,11 +8,29 @@ sops:
        - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDR0RmdFIxNFJpQTdGYXlq
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCQmNWek1JWm50dmVQVmtY
-            bkZrNktMaFlrOEZtSXh6Y1l6NTN0REN6N2dnCmNMRUk2TXA3RWhtZVlnbTg2aE00
+            Ym5uYjYxaEY0dHVZM0dITUFnb0JsZGR2VjFzCkZLakEvZmJMdVAvRjY1eXRpQ0U5
-            eFVwejBTcWRaTUhGWFFIS1RlVkhhQ28KLS0tIEdWWGRWSDZOQW9pQkdCRFFncTM2
+            RXBUVWtURE9RNmNSWHEyVkIrQWQrTU0KLS0tIEY3ZnhOV05ISWhxMC9NYXMrdFVp
-            cURjWFplY1pyMzY4a0h6cTRLS2I2ZW8KqGtYjCsdriSWdKhC+kGBAMSY9WVDL3tE
+            MjNlb0FpL3dWWmtuSytaaFZHNXVDemsKVfHCSL/CpMV/VJ0XMC1h1DwR+htkF0WK
-            oMxyhrgDMtWndZEGv1+J3XLLmatDKmEcJO2k0CXZlCWWj17O4Rm+eA==
+            7n/ZYH40DdC6fQZCawe5B6taINT/Uy5BO4d9+iv85Tth7O3hE4R/vQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtbW5qNkN6MTFaYmdBNmpT
            RUdTd2daeC9pbi9LS29XUTI4QmxPZTBUYmpjCldrODUxdDJ0SXIwZ0FoNmtJY29s
            UG0yaGdTL1pQR2E5M3F6SEp0LytSTHMKLS0tIDlFVlliK2hqRDhrSjJDNnJvcVdz
            YnFydm1weVJ3SEpYNFVvOFloMzc5L3MKOjE6uywYz3RPrlgpr7op8GhIVeakx+H2
            0r3GqFfDNSdxLzH/NMCusQbNs6eGPNz9kWUD7W6sRyqYLV7VBJhlOw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1r2vlh9tgdmf6r0xj025zun0cvudn2p6jqav84pql8k928newtepq9ttw8z
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUjdLMnRYaUczUStHeVJW
            SkNvdHJHenZic2tmdWcybWRBUXc4YmYrNmpvCnZiM1pnWjV1LytmSklrTVZTZFBw
            Q01FbUNkQU1WTjRuMGpRWFM5OStDWUUKLS0tIE5vN1ZNa0hROStMZEhNMUZwSUM2
            QnpZVVdodTJ4WlF4NHZYNHp1YUkxN0EKssvr7DQliEqMJc6SZ2lCDBKcpEea6hNG
            kgnqFZE+c6kBC7vr3pwd5V8VJAetqk+yTU+4rqS3RWoHvUJkvHrmzw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-05-09T13:00:44Z"
    mac: ENC[AES256_GCM,data:pvcHe28Vnv/Trq84YwQjDKNiITdX5HbdRaLtoq0gzVGzuN9VL5GtufQN+rtZY3RLFDdEt6qeJe4ichVSK88S0VUEsc5CtsvR1QR59aZ20dsiELI6a9qyOLlCJCP80J9XWCe3Gr93v7AoelKdpPFo2BcRL7TNbkYxJC9t0JienSY=,iv:PtIH5IeCA7SmgekT8hs9p0kXtg4xrivhOz3HWG9UpTA=,tag:1B+POnrhCXFP/WsrfOnn3w==,type:str]
--- a/home/features/desktop/wezterm/default.nix
+++ b/home/features/desktop/wezterm/default.nix
@ -1,10 +0,0 @@
 { inputs, upkgs, config, ... }: {
  home.packages = [ upkgs.wezterm ];
  xdg.configFile."wezterm/nix".source =
    config.satellite.lib.lua.writeFile
      "." "colorscheme"
      "return ${config.satellite.colorscheme.lua}";
  xdg.configFile."wezterm/wezterm.lua".source =
    config.satellite.dev.path "home/features/desktop/wezterm/wezterm.lua";
 }
--- a/home/features/desktop/wezterm/wezterm.lua
+++ b/home/features/desktop/wezterm/wezterm.lua
@ -1,182 +0,0 @@
 -- {{{ Import stuff & create config object
 local wezterm = require("wezterm")
 local colorscheme = require("nix.colorscheme") -- injected by nix!
 -- This table will hold the configuration.
 local config = {}
 -- In newer versions of wezterm, use the config_builder which will
 -- help provide clearer error messages
 if wezterm.config_builder then
  config = wezterm.config_builder()
 end
 -- }}}
 local font_size = 20.0
 -- {{{ Theming
 local themeMap = {
  ["Gruvbox light, soft"] = "Gruvbox light, soft (base16)",
  ["Gruvbox dark, soft"] = "Gruvbox dark, soft (base16)",
 }
 config.color_scheme = themeMap[colorscheme.name]
 config.colors = {}
 -- config.colors = wezterm.color.load_base16_scheme(colorscheme.source)
 -- {{{ Window frame
 config.window_frame = {
  font = wezterm.font({ family = colorscheme.fonts.sansSerif }),
  font_size = font_size - 3,
  active_titlebar_bg = "none",
  inactive_titlebar_bg = "none",
 }
 config.window_padding = {
  left = "1cell",
  right = "1cell",
  top = "0.4cell",
  bottom = "0.4cell",
 }
 -- }}}
 -- {{{ Tab bar colors
 config.colors.tab_bar = {
  background = "none",
  active_tab = {
    bg_color = colorscheme.transparency.terminal.base00,
    fg_color = colorscheme.base05,
  },
  inactive_tab = {
    bg_color = "none",
    fg_color = colorscheme.base05,
  },
  inactive_tab_hover = {
    bg_color = colorscheme.base00,
    fg_color = colorscheme.base05,
  },
  new_tab = {
    bg_color = colorscheme.base02,
    fg_color = colorscheme.base05,
  },
  new_tab_hover = {
    bg_color = colorscheme.base02,
    fg_color = colorscheme.base05,
    italic = true,
  },
  -- The color of the inactive tab bar edge/divider
  inactive_tab_edge = "none",
 }
 -- }}}
 -- {{{ Other visual things
 config.window_background_opacity = colorscheme.transparency.terminal.value
 -- }}}
 -- }}}
 -- {{{ Main config options
 config.automatically_reload_config = true
 config.warn_about_missing_glyphs = false
 config.check_for_updates = false
 -- {{{ Fonts
 config.adjust_window_size_when_changing_font_size = false -- Makes it work with fixed window sizes.
 config.font_size = font_size
 config.font = wezterm.font(colorscheme.fonts.monospace)
 -- }}}
 -- {{{ Tab bar
 config.tab_bar_at_bottom = false
 config.use_fancy_tab_bar = true
 config.hide_tab_bar_if_only_one_tab = true
 config.show_tab_index_in_tab_bar = false
 config.show_new_tab_button_in_tab_bar = false
 -- }}}
 -- {{{ Keycodes
 config.disable_default_key_bindings = false
 -- config.enable_kitty_keyboard = true -- Let's apps recognise more distinct keys
 config.enable_csi_u_key_encoding = true -- For some reason I need this for all keybinds to work inside neovim.
 -- }}}
 -- }}}
 -- {{{ Keybinds
 local function unmap(key, mods)
  return {
    key = key,
    mods = mods,
    action = wezterm.action.DisableDefaultAssignment,
  }
 end
 local function bind_if(cond, key, mods, action)
  local function callback(win, pane)
    if cond(pane) then
      win:perform_action(action, pane)
    else
      win:perform_action(
        wezterm.action.SendKey({ key = key, mods = mods }),
        pane
      )
    end
  end
  return { key = key, mods = mods, action = wezterm.action_callback(callback) }
 end
 -- {{{ Detect nvim processes
 local function is_inside_vim(pane)
  local tty = pane:get_tty_name()
  if tty == nil then
    return false
  end
  local success, _, _ = wezterm.run_child_process({
    "sh",
    "-c",
    "ps -o state= -o comm= -t"
      .. wezterm.shell_quote_arg(tty)
      .. " | "
      .. "grep -iqE '^[^TXZ ]+ +(\\S+\\/)?g?(view|l?n?vim?x?)(diff)?$'",
  })
  return success
 end
 local function is_outside_vim(pane)
  return not is_inside_vim(pane)
 end
 -- }}}
 config.keys = {
  -- {{{ Disable certain default keybinds
  unmap("f", "CTRL|SHIFT"),
  unmap("w", "CTRL|SHIFT"),
  unmap("Enter", "ALT"),
  -- }}}
  -- {{{ Nvim nevigation keybinds
  bind_if(
    is_outside_vim,
    "h",
    "CTRL",
    wezterm.action.ActivatePaneDirection("Left")
  ),
  bind_if(
    is_outside_vim,
    "j",
    "CTRL",
    wezterm.action.ActivatePaneDirection("Down")
  ),
  bind_if(
    is_outside_vim,
    "k",
    "CTRL",
    wezterm.action.ActivatePaneDirection("Up")
  ),
  bind_if(
    is_outside_vim,
    "l",
    "CTRL",
    wezterm.action.ActivatePaneDirection("Right")
  ),
  -- }}}
 }
 -- }}}
 -- and finally, return the configuration to wezterm
 return config
--- a/home/features/desktop/zathura.nix
+++ b/home/features/desktop/zathura.nix
@ -67,7 +67,6 @@
      set statusbar-bg '${base00}'
      # }}}
      # {{{ Highlighting parts of the document (e.g. show search results)
      # TODO: make sure these look fine on other schemes
      set highlight-color '${base03}'
      set highlight-active-color '${base06}'
      # }}}
@ -88,9 +87,10 @@
  home.shellAliases.pdf = "zathura --fork";
  # Make zathura the default app for opening pdfs.
  xdg.mimeApps.defaultApplications."application/pdf" = [ "org.pwmt.zathura.desktop" ];
  # {{{ Persistence
-  satellite.persistence.at.state.apps.zathura.directories = [
+  satellite.persistence.at.state.apps.zathura.directories = [ "${config.xdg.dataHome}/zathura" ];
    "${config.xdg.dataHome}/zathura"
  ];
  # }}}
 }
--- a/home/features/neovim/config/init.lua
+++ b/home/features/neovim/config/init.lua
@ -8,3 +8,5 @@ local nix = require("nix")
 tempest.configureMany(nix.pre)
 require("my.lazy").setup()
 tempest.configureMany(nix.post)
 require("my.helpers.folding").setup()
--- a/home/features/neovim/config/lazy-lock.json
+++ b/home/features/neovim/config/lazy-lock.json
@ -1,58 +1,57 @@
 {
-  "clipboard-image": { "branch": "main", "commit": "485de5493d196154db30f85665f8ac480ce116a2" },
+  "catppuccin": { "branch": "main", "commit": "4fd72a9ab64b393c2c22b168508fd244877fec96" },
-  "cmp": { "branch": "main", "commit": "04e0ca376d6abdbfc8b52180f8ea236cbfddf782" },
+  "clipboard-image": { "branch": "main", "commit": "4ab6f7f1fa4ea97866c0e0f6160f6a36ef174438" },
  "cmp": { "branch": "main", "commit": "7e348da6e5085ac447144a2ef4b637220ba27209" },
  "cmp-buffer": { "branch": "main", "commit": "3022dbc9166796b644a841a02de8dd1cc1d311fa" },
-  "cmp-cmdline": { "branch": "main", "commit": "8ee981b4a91f536f52add291594e89fb6645e451" },
+  "cmp-cmdline": { "branch": "main", "commit": "d250c63aa13ead745e3a40f61fdd3470efde3923" },
-  "cmp-emoji": { "branch": "main", "commit": "19075c36d5820253d32e2478b6aaf3734aeaafa0" },
+  "cmp-emoji": { "branch": "main", "commit": "e8398e2adf512a03bb4e1728ca017ffeac670a9f" },
-  "cmp-nvim-lsp": { "branch": "main", "commit": "5af77f54de1b16c34b23cba810150689a3a90312" },
+  "cmp-nvim-lsp": { "branch": "main", "commit": "39e2eda76828d88b773cc27a3f61d2ad782c922d" },
  "cmp-path": { "branch": "main", "commit": "91ff86cd9c29299a64f968ebb45846c485725f23" },
  "cmp_luasnip": { "branch": "master", "commit": "05a9ab28b53f71d1aece421ef32fee2cb857a843" },
-  "conform": { "branch": "master", "commit": "192a6d2ddace343f1840a8f72efe2315bd392243" },
+  "conform": { "branch": "master", "commit": "cd75be867f2331b22905f47d28c0c270a69466aa" },
-  "crates": { "branch": "main", "commit": "ec2b04a380c9f3a8e6ca38c230e4990d71978143" },
+  "crates": { "branch": "main", "commit": "c3fd47391de6999f4c939af89494d08443f71916" },
  "discord-rich-presence": { "branch": "main", "commit": "87c857a56b7703f976d3a5ef15967d80508df6e6" },
-  "dressing": { "branch": "master", "commit": "6f212262061a2120e42da0d1e87326e8a41c0478" },
+  "dressing": { "branch": "master", "commit": "6741f1062d3dc6e4755367a7e9b347b553623f04" },
  "fidget": { "branch": "main", "commit": "0ba1e16d07627532b6cae915cc992ecac249fb97" },
-  "flash": { "branch": "main", "commit": "48817af25f51c0590653bbc290866e4890fe1cbe" },
+  "flash": { "branch": "main", "commit": "d0799ae43a581d9f190e182e2a1f389d2887c42a" },
  "ftft": { "branch": "master", "commit": "f3e43c9584e14b27f04c27a95a9d9f0e58dfec02" },
-  "github-actions": { "branch": "master", "commit": "f2f16243447cea174daa6b4a9ffd3ff9213814ef" },
+  "github-actions": { "branch": "master", "commit": "728374ef59b11a5f5991ea2560d149a4ae33fd22" },
  "gitlinker": { "branch": "master", "commit": "cc59f732f3d043b626c8702cb725c82e54d35c25" },
  "gitsigns": { "branch": "main", "commit": "2c2463dbd82eddd7dbab881c3a62cfbfbe3c67ae" },
  "gruvbox": { "branch": "main", "commit": "6e4027ae957cddf7b193adfaec4a8f9e03b4555f" },
  "harpoon": { "branch": "master", "commit": "ccae1b9bec717ae284906b0bf83d720e59d12b91" },
  "haskell-tools": { "branch": "master", "commit": "92e097c6832405fb64e4c44a7ce8bebe7836cae6" },
  "hyprland": { "branch": "main", "commit": "71760fe0cad972070657b0528f48456f7e0027b2" },
  "idris": { "branch": "main", "commit": "8bff02984a33264437e70fd9fff4359679d910da" },
-  "inc-rename": { "branch": "main", "commit": "6f9b5f9cb237e12935144cdc535322b8c93c1b25" },
+  "indent-blankline": { "branch": "master", "commit": "65e20ab94a26d0e14acac5049b8641336819dfc7" },
  "indent-blankline": { "branch": "master", "commit": "821a7acd88587d966f7e464b0b3031dfe7f5680c" },
  "lastplace": { "branch": "main", "commit": "0bb6103c506315044872e0f84b1f736c4172bb20" },
-  "lean": { "branch": "main", "commit": "1a2a2dfbc7e6775e9ec8b84e5eadaf31fde1894e" },
+  "lean": { "branch": "main", "commit": "182703184edb866d7bfe878be358295e189c8223" },
  "live-command": { "branch": "main", "commit": "d460067d47948725a6f25b20f31ea8bbfdfe4622" },
-  "lspconfig": { "branch": "master", "commit": "16295b79410f131c4fa7870c663b4ace6a761fb2" },
+  "lspconfig": { "branch": "master", "commit": "216deb2d1b5fbf24398919228208649bbf5cbadf" },
  "lspkind.nvim": { "branch": "master", "commit": "1735dd5a5054c1fb7feaf8e8658dbab925f4f0cf" },
-  "luasnip": { "branch": "master", "commit": "8ae1dedd988eb56441b7858bd1e8554dfadaa46d" },
+  "luasnip": { "branch": "master", "commit": "03c8e67eb7293c404845b3982db895d59c0d1538" },
-  "mini.ai": { "branch": "main", "commit": "98e45e6832351354e41e82b32a80ce7537c20746" },
+  "mini.ai": { "branch": "main", "commit": "45587078f323eaf41b9f701bbc04f8d1ab008979" },
-  "mini.comment": { "branch": "main", "commit": "a4b7e46deb9ad2feb8902cc5dbf087eced112ee5" },
+  "mini.comment": { "branch": "main", "commit": "080f00bb91fea4bab799820bd2ce835a88d0703a" },
-  "mini.files": { "branch": "main", "commit": "eab771c69b787a3f042dc6505d15613c282aa786" },
+  "mini.files": { "branch": "main", "commit": "acfc4e46f6722a0690ce640632c5b5515ddade70" },
-  "mini.operators": { "branch": "main", "commit": "0765e4818086e96b8fb55d280e47af781a5bc56a" },
+  "mini.operators": { "branch": "main", "commit": "7d30c0bc5baaa1f0d3a63dd18b35c8581bc164f4" },
-  "mini.pairs": { "branch": "main", "commit": "04f58f2545ed80ac3b52dd4826e93f33e15b2af6" },
+  "mini.pairs": { "branch": "main", "commit": "927d19cbdd0e752ab1c7eed87072e71d2cd6ff51" },
-  "mini.statusline": { "branch": "main", "commit": "dfd3d2ba295473930f78f143852b9b53eb54ae2a" },
+  "mini.statusline": { "branch": "main", "commit": "ec7e2c509c7262fef85a28a772f60ebe146297db" },
-  "mini.surround": { "branch": "main", "commit": "a1b590cc3b676512de507328d6bbab5e43794720" },
+  "mini.surround": { "branch": "main", "commit": "57caca9525cec0ea771a67326b0ee637d056078a" },
  "navigator": { "branch": "master", "commit": "91d86506ac2a039504d5205d32a1d4bc7aa57072" },
-  "neoconf": { "branch": "main", "commit": "4ef6c6c5882e7e16209173fb8c47414202843384" },
+  "neoconf": { "branch": "main", "commit": "23f24edab5f78465a0bc3320678e038664b9aa6e" },
-  "neodev": { "branch": "main", "commit": "84e0290f5600e8b89c0dfcafc864f45496a53400" },
+  "neodev": { "branch": "main", "commit": "46aa467dca16cf3dfe27098042402066d2ae242d" },
-  "nui": { "branch": "main", "commit": "c3c7fd618dcb5a89e443a2e1033e7d11fdb0596b" },
+  "neotest": { "branch": "master", "commit": "6d6ad113f56edc7c3f2a77a0836ea8c1b955ebea" },
  "neotest-haskell": { "branch": "master", "commit": "10cd953fb7c81de82ce8dc618e0614e0ab5fa1e3" },
  "nui": { "branch": "main", "commit": "61574ce6e60c815b0a0c4b5655b8486ba58089a1" },
  "null-ls": { "branch": "main", "commit": "0010ea927ab7c09ef0ce9bf28c2b573fc302f5a7" },
-  "plenary": { "branch": "master", "commit": "4f71c0c4a196ceb656c824a70792f3df3ce6bb6d" },
+  "nvim-nio": { "branch": "master", "commit": "a428f309119086dc78dd4b19306d2d67be884eee" },
  "plenary": { "branch": "master", "commit": "a3e3bc82a3f95c5ed0d7201546d5d2c19b20d683" },
  "purescript": { "branch": "main", "commit": "82348352e6568fcc0385bd7c99a8ead3a479feea" },
-  "rust-tools": { "branch": "master", "commit": "676187908a1ce35ffcd727c654ed68d851299d3e" },
+  "rustacean": { "branch": "master", "commit": "5c0c44149e43b907dae2e0fe053284ad56226eb7" },
  "rzip": { "branch": "master", "commit": "f65400fed27b27c7cff7ef8d428c4e5ff749bf28" },
  "scrap": { "branch": "main", "commit": "cc8453ed613932c744c3d1ec42f379b78bd8b92c" },
-  "ssr": { "branch": "main", "commit": "bb323ba621ac647b4ac5638b47666e3ef3c279e1" },
+  "telescope": { "branch": "master", "commit": "a0bbec21143c7bc5f8bb02e0005fa0b982edc026" },
-  "telescope": { "branch": "master", "commit": "d90956833d7c27e73c621a61f20b29fdb7122709" },
+  "typst": { "branch": "main", "commit": "4d18ced62599ffe5b3c0e5e49566d5456121bc02" },
-  "treesitter": { "branch": "master", "commit": "19bf991be2403c10fa379fa0fb11b7de2560ac31" },
+  "undotree": { "branch": "master", "commit": "56c684a805fe948936cda0d1b19505b84ad7e065" },
-  "typst": { "branch": "main", "commit": "e28d440c7ba4df2516d7d7f908c4fb664a8cf86c" },
+  "wakatime": { "branch": "master", "commit": "3cb40867cb5a3120f9bef76eff88edc7f1dc1a23" },
-  "undotree": { "branch": "master", "commit": "9dbbf3b7d19dda0d22ceca461818e4739ad8154d" },
+  "web-devicons": { "branch": "master", "commit": "c0cfc1738361b5da1cd0a962dd6f774cc444f856" },
-  "wakatime": { "branch": "master", "commit": "285c2e4e48fb0c63ced233c00fb10a2edb3b6c94" },
+  "which-key.nvim": { "branch": "main", "commit": "c77cda8cd2f54965e4316699f1d124a2b3bf9d49" }
  "web-devicons": { "branch": "master", "commit": "14ac5887110b06b89a96881d534230dac3ed134d" },
  "which-key.nvim": { "branch": "main", "commit": "4433e5ec9a507e5097571ed55c02ea9658fb268a" }
 }
--- a/home/features/neovim/config/lua/my/helpers/folding.lua
+++ b/home/features/neovim/config/lua/my/helpers/folding.lua
@ -0,0 +1,23 @@
 local M = {}
 local function createFold(name)
  local commentstring = vim.o.commentstring
  local start_comment = string.gsub(commentstring, "%%s", " {{{ " .. name)
  local end_comment = string.gsub(commentstring, "%%s", " }}}")
  -- Leave visual mode
  local esc = vim.api.nvim_replace_termcodes("<esc>", true, false, true)
  vim.api.nvim_feedkeys(esc, "x", false)
  vim.cmd(":'>put='" .. end_comment .. "'")
  vim.cmd(":'<-1put='" .. start_comment .. "'")
 end
 function M.setup()
  vim.keymap.set("v", "<C-i>", function()
    local name = vim.fn.input("Fold name: ")
    createFold(name)
  end, { desc = "Create fold markers around area" })
 end
 return M
--- a/home/features/neovim/config/lua/my/lazy.lua
+++ b/home/features/neovim/config/lua/my/lazy.lua
@ -26,7 +26,7 @@ function M.setup()
      fallback = true,
      -- Directory where I store my local plugin projects
-      path = vim.g.nix_projects_path,
+      path = vim.g.nix_projects_dir,
      patterns = { "prescientmoon" },
    },
    performance = {
--- a/home/features/neovim/config/lua/my/tempest.lua
+++ b/home/features/neovim/config/lua/my/tempest.lua
@ -130,11 +130,17 @@ function M.configure(opts, context)
    opts = opts(context)
  end
-  if type(opts) ~= "table" then
+  if opts == nil then
    -- TODO: throw
    return
  end
  if type(opts) ~= "table" then
    return error(
      "Cannot handle non-table options for tempest runtime, "
        .. vim.inspect(opts)
    )
  end
  if type(opts.mkContext) == "function" then
    context = opts.mkContext(context)
  end
--- a/home/features/neovim/default.nix
+++ b/home/features/neovim/default.nix
--- a/home/features/neovim/plugins/lspconfig.lua
+++ b/home/features/neovim/plugins/lspconfig.lua
@ -1,4 +1,3 @@
 ---@diagnostic disable: missing-fields
 local M = {}
 -- {{{ Capabilities
@ -15,92 +14,9 @@ M.capabilities = function()
 end
 -- }}}
 -- {{{ Main config function
-function M.config()
+function M.config(servers)
  local lspconfig = require("lspconfig")
  -- {{{ General server config
  ---@type lspconfig.options
  local servers = {
    -- {{{ Typescript
    tsserver = {
      on_attach = function(client)
        -- We handle formatting using null-ls and prettierd
        client.server_capabilities.documentFormattingProvider = false
      end,
    },
    -- }}}
    -- {{{ Purescript
    purescriptls = {
      root_dir = lspconfig.util.root_pattern("spago.yaml"),
      settings = {
        purescript = {
          censorWarnings = {
            "UnusedName",
            "ShadowedName",
            "UserDefinedWarning",
          },
          formatter = "purs-tidy",
        },
      },
    },
    -- }}}
    -- {{{ Lua
    lua_ls = {
      settings = {
        Lua = {
          format = {
            enable = true,
          },
          -- Do not send telemetry data containing a randomized but unique identifier
          telemetry = {
            enable = false,
          },
        },
      },
    },
    -- }}}
    -- {{{ Latex
    texlab = {
      settings = {
        texlab = {
          build = {
            args = {
              -- Here by default:
              "-pdf",
              "-interaction=nonstopmode",
              "-synctex=1",
              "%f",
              -- Required for syntax highlighting inside the generated pdf apparently
              "-shell-escape",
            },
            executable = "latexmk",
            forwardSearchAfter = true,
            onSave = true,
          },
          chktex = {
            onOpenAndSave = true,
            onEdit = true,
          },
        },
      },
    },
    -- }}}
    -- {{{ Nix
    rnix = {},
    -- nil_ls = {},
    nixd = {},
    -- }}}
    cssls = {},
    jsonls = {},
    dhall_lsp_server = {},
    typst_lsp = {
      exportPdf = "onType",
    },
    elmls = {},
    csharp_ls = {},
  }
  -- }}}
  local capabilities = M.capabilities()
  for lsp, details in pairs(servers) do
    details.capabilities = capabilities
--- a/home/features/neovim/snippets/tex.miros
+++ b/home/features/neovim/snippets/tex.miros
@ -55,10 +55,10 @@ block text
  pattern ([Ll]et)
    name definition
-    snip @1 \$$1 = $2\$
+    snip @1 \$$1 = $2\$ @0
  block auto
-    string im
+    string $
      name inline math
      snip \$$1\$$0
@ -92,11 +92,18 @@ block math
        $7 & $8 & $9
      \end{@matenv}
-  for operator <- @⟨eq,neq,defas,leq,geq,lt,gt,iip,iib,iff⟩
+  for createabbr <- @⟨false,true⟩
-  for symbol <- @⟨@operator:=,\neq,\coloneq,\leq,\geq,<,>,\implies,\impliedby,\iff⟩
+  for operator <- @⟨@createabbr:
    @⟨eq,lt,gt⟩,
    @⟨neq,defas,leq,geq,iip,iib,iff⟩
  ⟩
  for symbol <- @⟨@createabbr:
    @⟨@operator:=,<,>⟩,
    @⟨@operator:\neq,\coloneq,\leq,\geq,\implies,\impliedby,\iff⟩
  ⟩
  block auto
-    abbr @operator @symbol
+    abbr @⟨@createabbr:op-@operator,@operator⟩ @symbol
    string a@operator
      name align at @operator
@ -177,6 +184,7 @@ block math
    abbr frl \forall
    abbr exs \exists
    abbr iin \in
    abbr nin \not\in
    abbr ccup \cup
    abbr ccap \cap
@ -187,9 +195,8 @@ block math
    abbr vsm \vecspace
    abbr oball \ball
-    for noperator <- @⟨ordop,land,lor⟩
+    for noperator <- @⟨ordop,land,lor,equiv,pmod⟩
-    string @noperator
+    abbr @noperator \\@noperator
      snip \\@noperator
    for operator <- @⟨overline,hat,bar,abs,norm,prob,diprod,sin,cos,sqrt,ln,lrb,zmod,gen,diam,prob⟩
    string @operator
@ -247,10 +254,10 @@ block math
      name limit to @limtarget
      snip \lim_{$1 \to @limtargetsymbol} $0
-    string dint
+    string intd
      name definite integral
      snip \int_{$|1⟨$1,-\infty$1⟩}^$|2⟨{$2},\infty$2⟩ $3 \dif $0
-    string iint
+    string inti
      name indefinite integral
      snip \int $1 \dif $0
--- a/home/features/persistence.nix
+++ b/home/features/persistence.nix
@ -1,5 +1,6 @@
-{ config, ... }: {
+{ config, ... }:
-  # {{{ Set up my custom imperanence wrapper
+{
  # {{{ Set up my custom imperanenceo wrapper
  satellite.persistence = {
    enable = true;
@ -45,6 +46,9 @@
    "${config.xdg.cacheHome}/ghcide"
    "${config.xdg.cacheHome}/cabal"
  ];
  # TODO: should I move this in it's own haskell-specific file?
  home.file.".stack/config.yaml".text = builtins.toJSON { notify-if-nix-on-path = false; };
  # }}}
  # {{{ Nodejs
  satellite.persistence.at.cache.apps.nodejs = {
@ -77,9 +81,7 @@
  # }}}
  # {{{ Python
  satellite.persistence.at.cache.apps.python = {
-    files = [
+    files = [ ".python_history" ];
      ".python_history"
    ];
    directories = [
      ".ipython"
@ -103,7 +105,6 @@
  ];
  satellite.persistence.at.cache.apps.qbittorrent.directories = [
    # TODO: investigate which subdirectories/files I actually want to keep
    "${config.xdg.dataHome}/qBittorrent" # Torrent files, logs, etc
  ];
  # }}}
@ -112,17 +113,15 @@
    "${config.xdg.configHome}/Signal" # Why tf does signal store it's state here 💀
  ];
  # }}}
-  # {{{ Steam
+  # {{{ What's app
-  satellite.persistence.at.state.apps.steam = {
+  satellite.persistence.at.state.apps.whatsapp.directories = [
-    directories = [
+    "${config.xdg.configHome}/whatsapp-for-linux"
-      ".factorio" # TODO: perhaps this should have it's own file?
+    "${config.xdg.stateHome}/whatsapp-for-linux"
-      # A couple of games don't play well with bindfs
+  ];
-      {
+
-        directory = "${config.xdg.dataHome}/Steam";
+  satellite.persistence.at.cache.apps.whatsapp.directories = [
-        method = "symlink";
+    "${config.xdg.cacheHome}/whatsapp-for-linux"
-      }
+  ];
    ];
  };
  # }}}
  # {{{ Lutris
  # TODO: there might be more to cache in .cache/lutris
@ -132,21 +131,37 @@
    "${config.xdg.cacheHome}/lutris/coverart" # Game cover art
    # Aparently IO intensive stuff like games prefer symlinks?
-    { directory = "media/games/lutris"; method = "symlink"; } # Lutris games
+    {
      directory = "media/games/lutris";
      method = "symlink";
    } # Lutris games
  ];
  # }}}
  # {{{ Wine
  satellite.persistence.at.state.apps.wine.directories = [ ".wine" ];
  # }}}
-  # {{{ Element 
+  # {{{ Element
-  satellite.persistence.at.state.apps.element.directories = [
+  satellite.persistence.at.state.apps.element.directories = [ "${config.xdg.configHome}/Element" ];
-    "${config.xdg.configHome}/Element"
+  # }}}
  # {{{ Bitwarden
  satellite.persistence.at.state.apps.bitwarden.directories = [
    "${config.xdg.configHome}/Bitwarden"
  ];
  # }}}
  # {{{ Gnome keyring
  services.gnome-keyring.enable = true;
  satellite.persistence.at.state.apps.gnome-keyring.directories = [
    "${config.xdg.dataHome}/keyrings"
  ];
  # }}}
  # }}}
  # {{{ Cli
-  # {{{ Sops 
+  # {{{ Sops
  satellite.persistence.at.state.apps.sops.directories = [ "${config.xdg.configHome}/sops/age" ];
  # }}}
  # {{{ QMK
  home.sessionVariables.QMK_HOME = "${config.xdg.dataHome}/qmk";
  satellite.persistence.at.state.apps.qmk.directories = [ config.home.sessionVariables.QMK_HOME ];
  # }}}
  # }}}
 }
--- a/home/features/wayland/global.nix
+++ b/home/features/wayland/global.nix
@ -1,5 +1,6 @@
 # Common wayland stuff
-{ lib, pkgs, ... }: {
+{ lib, pkgs, ... }:
 {
  imports = [
    ./wlsunset.nix
    ./wlogout.nix
@ -20,7 +21,6 @@
      wl-copy = "${pkgs.wl-clipboard}/bin/wl-copy";
      wl-paste = "${pkgs.wl-clipboard}/bin/wl-paste";
      # TODO: put this in it's own file perhaps?
      # Taken from [here](https://github.com/fufexan/dotfiles/blob/3b0075fa7a5d38de13c8c32140c4b020b6b32761/home/wayland/default.nix#L14)
      wl-ocr = pkgs.writeShellScriptBin "wl-ocr" ''
        ${_ pkgs.grim} -g "$(${_ pkgs.slurp})" -t ppm - \
@ -36,9 +36,10 @@
          | ${wl-copy}
        ${_ pkgs.libnotify} "Scanned qr code on area with output \"$(${wl-paste})\""
      '';
      # }}}
    in
-    with pkgs; [
+    # }}}
    with pkgs;
    [
      libnotify # Send notifications
      wl-ocr # Custom ocr script
      wl-qr # Custom qr scanner script
--- a/home/features/wayland/hyprland/default.nix
+++ b/home/features/wayland/hyprland/default.nix
@ -1,6 +1,18 @@
 { pkgs, lib, config, ... }:
 {
-  imports = [ ../global.nix ./hyprpaper.nix ];
+  pkgs,
  lib,
  config,
  ...
 }:
 {
  imports = [
    ../global.nix
    ./hyprpaper.nix
  ];
  home.packages = [
    pkgs.gtk3 # Contains gtk-launch
  ];
  stylix.targets.hyprland.enable = true;
  wayland.windowManager.hyprland = {
@ -23,13 +35,14 @@
          passes = config.satellite.theming.blur.passes;
          contrast = config.satellite.theming.blur.contrast;
          brightness = config.satellite.theming.blur.brightness;
-          noise = 0.05;
+          noise = 5.0e-2;
        };
      };
      # }}}
      # {{{ Monitors
      # Configure monitor properties
-      monitor = lib.forEach config.satellite.monitors (m:
+      monitor = lib.forEach config.satellite.monitors (
        m:
        lib.concatStringsSep "," [
          m.name
          "${toString m.width}x${toString m.height}@${toString m.refreshRate}"
@ -39,11 +52,10 @@
      );
      # Map monitors to workspaces
-      workspace = lib.lists.concatMap
+      workspace = lib.lists.concatMap (
-        (m: lib.lists.optional (m.workspace != null) "${m.name},${m.workspace}")
+        m: lib.lists.optional (m.workspace != null) "${m.name},${m.workspace}"
-        config.satellite.monitors;
+      ) config.satellite.monitors;
      # }}}
    };
  };
 }
--- a/home/features/wayland/hyprland/hyprland.conf
+++ b/home/features/wayland/hyprland/hyprland.conf
@ -4,22 +4,32 @@
 monitor=,preferred,auto,1
 general {
-  cursor_inactive_timeout = 30 # Hide cursor after being inactive for 30s
+  # cursor_inactive_timeout = 30 # Hide cursor after being inactive for 30s
  resize_on_border = true # Click on borders with the mouse to resize
 }
 decoration {
  blur {
    popups = true
  }
 }
 # Blur extra surfaces
 layerrule = blur,gtk-layer-shell
 layerrule = blur,osd
 layerrule = blur,logout_dialog
 layerrule = blur,anyrun
 layerrule = blur,waybar
 layerrule = ignorezero,gtk-layer-shell
 layerrule = ignorezero,osd
 layerrule = ignorezero,waybar
 layerrule = ignorezero,anyrun
 layerrule = ignorezero,waybar
 input {
  kb_layout = us
  # TODO: standardize the touchpad settings.
  # Right now I also have similar settings for xorg.
  touchpad {
    natural_scroll = true # Invert scrolling direction
  }
@ -34,7 +44,7 @@ misc {
  # Configure the default hyprland branding
  disable_hyprland_logo = true
  disable_splash_rendering = true
-  force_hypr_chan = true
+  # force_hypr_chan = true
 }
 animations {
@ -44,7 +54,7 @@ animations {
 }
 # Execute apps at launch
-exec-once = wezterm & firefox & discocss & spotify & obsidiantui & smostui
+exec-once = foot & firefox & discocss & gtk-launch obsidiantui & gtk-launch smostui & Spotify
 # Without this, xdg-open doesn't work
 exec = systemctl --user import-environment PATH && systemctl --user restart xdg-desktop-portal.service
@ -52,17 +62,11 @@ exec = systemctl --user import-environment PATH && systemctl --user restart xdg-
 # {{{ Window rules
 # {{{ Automatically move stuff to workspaces
 windowrulev2 = workspace 2 silent, title:^(.*Firefox.*)$
 windowrulev2 = workspace 3 silent, title:^(.*(Disc|WebC)ord.*)$
 windowrulev2 = workspace 3 silent, title:^(.*Element.*)$
 windowrulev2 = workspace 6 silent, title:^(.*(S|s)pot(ify)?.*)$
-
+windowrulev2 = workspace 7 silent, class:^(.*Obsidian.*)$
-windowrulev2 = workspace 7 silent, title:^(.*Obsidian.*)$
+windowrulev2 = workspace 8 silent, class:^(.*Smos.*)$
 windowrulev2 = workspace 7 silent, title:^(.*stellar-sanctum)$
 windowrulev2 = workspace 7 silent, class:^(org\.wezfurlong\.wezterm\.obsidian)$
 windowrulev2 = workspace 8 silent, class:^(org\.wezfurlong\.wezterm\.smos)$
 # }}}
 # {{{ Idleinhibit rules
 # - while firefox is fullscreen
@ -80,7 +84,7 @@ bind = $mod, C, killactive, # Kill current
 bind = $mod, F, fullscreen, # Fullscreen
 # Execute external things
-bind = $mod, return, exec, wezterm
+bind = $mod, return, exec, foot
 bind = $mod, T, exec, wl-ocr
 bind = $mod SHIFT, T, exec, wl-qr
 bind = $mod CONTROL, T, exec, hyprpicker | wl-copy && libnotify "Copied color $(wp-paste)" # Color picker
@ -88,8 +92,8 @@ bind = $mod, Q, exec, wlogout # Show logout menu
 bind = $mod, L, exec, loginctl lock-session # Lock screen
 bind = $mod, P, exec, anyrun
 bind = $mod, B, exec, wlsunset-toggle # Toggle blue light filter thingy
-bind = $mod, V, exec, wezterm start vimclip # Vim anywhere!
+bind = $mod, V, exec, foot vimclip # Vim anywhere!
-bind = $mod, W, exec, ~/projects/form-filler/type.sh
+# bind = $mod, W, exec, ~/projects/form-filler/type.sh
 # Work with the special workspace
 bind = $mod, x, togglespecialworkspace,
@ -157,11 +161,15 @@ bind=,escape,submap,reset
 submap=reset
 # }}}
 # {{{ Volume & brightness
-binde=, XF86AudioRaiseVolume,  exec, swayosd --output-volume raise
+binde=, XF86AudioRaiseVolume,  exec, swayosd-client --output-volume raise
-binde=, XF86AudioLowerVolume,  exec, swayosd --output-volume lower
+binde=, XF86AudioLowerVolume,  exec, swayosd-client --output-volume lower
-binde=, XF86AudioMute,         exec, swayosd --output-volume mute-toggle
+binde=, XF86AudioMute,         exec, swayosd-client --output-volume mute-toggle
-binde=, XF86AudioMicMute,      exec, swayosd --input-volume  mute-toggle
+binde=, XF86AudioMicMute,      exec, swayosd-client --input-volume  mute-toggle
-binde=, XF86MonBrightnessUp,   exec, swayosd --brightness    raise
+binde=, XF86MonBrightnessUp,   exec, swayosd-client --brightness    raise
-binde=, XF86MonBrightnessDown, exec, swayosd --brightness    lower
+binde=, XF86MonBrightnessDown, exec, swayosd-client --brightness    lower
 # }}}
 # {{{ App-specific global keybinds
 # OBS
 bind = SUPER, F4, pass, ^(com\.obsproject\.Studio)$ # Start / Stop recording
 # }}}
 # }}}
--- a/home/global.nix
+++ b/home/global.nix
@ -1,4 +1,10 @@
-{ inputs, lib, config, outputs, ... }:
+{
  inputs,
  lib,
  config,
  outputs,
  ...
 }:
 let
  # {{{ Imports
  imports = [
@ -21,10 +27,10 @@ let
    ./features/cli
    ./features/persistence.nix
    ../common
-    # }}} 
+    # }}}
  ];
  # }}} 
 in
 # }}}
 {
  # Import all modules defined in modules/home-manager
  imports = builtins.attrValues outputs.homeManagerModules ++ imports;
@ -32,10 +38,9 @@ in
  # {{{ Nixpkgs
  nixpkgs = {
    # Add all overlays defined in the overlays directory
-    overlays = builtins.attrValues outputs.overlays ++
+    overlays =
-      lib.lists.optional
+      builtins.attrValues outputs.overlays
-        config.satellite.toggles.neovim-nightly.enable
+      ++ lib.lists.optional config.satellite.toggles.neovim-nightly.enable inputs.neovim-nightly-overlay.overlay;
        inputs.neovim-nightly-overlay.overlay;
    config.allowUnfree = true;
@ -55,13 +60,15 @@ in
  home = {
    username = lib.mkDefault "adrielus";
    homeDirectory = "/home/${config.home.username}";
    stateVersion = lib.mkDefault "23.05";
  };
-  # }}} 
+  # }}}
-  # {{{ Ad-hoc settings 
+  # {{{ Ad-hoc settings
  # Nicely reload system units when changing configs
  systemd.user.startServices = lib.mkForce "sd-switch";
  # Enable default application management
  xdg.mimeApps.enable = true;
  # Tell sops-nix to use ssh keys for decrypting secrets
  sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
@ -92,5 +99,10 @@ in
    extraConfig.XDG_SCREENSHOTS_DIR = "${config.xdg.userDirs.pictures}/screenshots";
    extraConfig.XDG_PROJECTS_DIR = "${config.home.homeDirectory}/projects";
  };
  systemd.user.tmpfiles.rules = [
    # Clean screenshots older than a week
    "d ${config.xdg.userDirs.extraConfig.XDG_SCREENSHOTS_DIR} - - - 7d"
  ];
  # }}}
 }
--- a/home/lapetus.nix
+++ b/home/lapetus.nix
@ -1,3 +0,0 @@
 {
  imports = [ ./global.nix ];
 }
--- a/home/tethys.nix
+++ b/home/tethys.nix
@ -1,36 +1,37 @@
-{ pkgs, upkgs, lib, config, ... }: {
+{ pkgs, ... }:
 {
  imports = [
    ./global.nix
    ./features/desktop/zathura.nix
    ./features/desktop/spotify.nix
    ./features/desktop/obsidian.nix
    ./features/desktop/firefox
    ./features/desktop/discord
    ./features/cli/productivity
    ./features/cli/pass.nix
    ./features/cli/nix-index.nix
    ./features/cli/catgirl.nix
    ./features/cli/lazygit.nix
    ./features/cli/nix-index.nix
    ./features/cli/productivity
    ./features/cli/zellij.nix
    ./features/desktop/discord
    ./features/desktop/firefox
    ./features/desktop/foot.nix
    ./features/desktop/obsidian.nix
    ./features/desktop/spotify.nix
    ./features/desktop/zathura.nix
    ./features/wayland/hyprland
    ./features/neovim
  ];
  # Arbitrary extra packages
  home.packages = with pkgs; [
    # Desktop apps
    # {{{ Communication
    # signal-desktop # Signal client
    element-desktop # Matrix client
    # zoom-us # Zoom client 🤮
    # }}}
-    # {{{ Editors for different formats 
+    # {{{ Editors for different formats
-    # gimp # Image editing
+    gimp # Image editing
    # lmms # Music software
    # kicad # PCB editing
    # libreoffice # Free office suite
    # }}}
-    # {{{ Gaming 
+    # {{{ Gaming
    # wine # Windows compat layer or whatever
    # lutris # Game launcher
    # }}}
@ -38,15 +39,14 @@
    sops # Secret editing
    # sherlock # Search for usernames across different websites
    # }}}
-    # {{{ Misc 
+    # {{{ Misc
    bitwarden # Password-manager
    qbittorrent # Torrent client
    # google-chrome # Not my primary browser, but sometimes needed in webdev
    # plover.dev # steno engine
-    # REASON: not available in nixpkgs-stable just yet
+    overskride # Bluetooth client
-    upkgs.overskride # Bluetooth client
+    # }}}
    # }}} 
    # {{{ Media playing/recording
    mpv # Video player
    imv # Image viewer
@ -56,15 +56,18 @@
  ];
  home.sessionVariables.QT_SCREEN_SCALE_FACTORS = 1.4; # Bigger text in qt apps
  home.stateVersion = "23.05";
  satellite = {
    # Symlink some commonly modified dotfiles outside the nix store
    dev.enable = true;
-    monitors = [{
+    monitors = [
-      name = "eDP-1";
+      {
-      width = 1920;
+        name = "eDP-1";
-      height = 1080;
+        width = 1920;
-    }];
+        height = 1080;
      }
    ];
  };
 }
--- a/hosts/nixos/calypso/default.nix
+++ b/hosts/nixos/calypso/default.nix
@ -0,0 +1,66 @@
 { config, ... }:
 {
  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
  system.stateVersion = "24.05";
  # {{{ Imports
  imports = [
    ../common/global
    ../common/optional/users/pilot.nix
    ../common/optional/bluetooth.nix
    ../common/optional/greetd.nix
    ../common/optional/oci.nix
    ../common/optional/quietboot.nix
    ../common/optional/desktop
    ../common/optional/desktop/steam.nix
    ../common/optional/wayland/hyprland.nix
    ../common/optional/services/kanata.nix
    ../common/optional/services/nginx.nix
    ../common/optional/services/syncthing.nix
    ../common/optional/services/tailscale.nix
    ../common/optional/services/restic
    ../common/optional/services/iwd
    ./services/snapper.nix
    ./filesystems
    ./hardware
  ];
  # }}}
  # {{{ Machine ids
  networking.hostName = "calypso";
  networking.hostId = "3f69ae4b";
  environment.etc.machine-id.text = "24fe28515de243f6ae4c6aa7e4291aac";
  # }}}
  # {{{ Tailscale internal IP DNS records
  satellite.dns.records = [
    {
      at = config.networking.hostName;
      type = "A";
      value = "100.74.40.5";
    }
    {
      at = config.networking.hostName;
      type = "AAAA";
      value = "fd7a:115c:a1e0::1201:2806";
    }
  ];
  # }}}
  # {{{ A few ad-hoc programs
  programs.kdeconnect.enable = true;
  programs.firejail.enable = true;
  programs.nix-ld.enable = true; # Useful for running non-nix executables
  # }}}
  # {{{ SSH keys
  users.users.pilot.openssh.authorizedKeys.keyFiles = [ ../tethys/keys/id_ed25519.pub ];
  # }}}
  programs.adb.enable = true;
  users.users.pilot.extraGroups = [ "adbusers" ];
  satellite.pilot.name = "moon";
  boot.loader.systemd-boot.enable = true;
 }
--- a/hosts/nixos/calypso/filesystems/default.nix
+++ b/hosts/nixos/calypso/filesystems/default.nix
@ -0,0 +1,71 @@
 { lib, ... }:
 {
  imports = [ (import ./partitions.nix { }) ];
  boot.supportedFilesystems = [ "btrfs" ];
  services.btrfs.autoScrub.enable = true;
  # {{{ Mark a bunch of paths as needed for boot
  fileSystems =
    lib.attrsets.genAttrs
      [
        "/"
        "/nix"
        "/persist/data"
        "/persist/state"
        "/persist/local/cache"
        "/boot"
      ]
      (p: {
        neededForBoot = true;
      });
  # }}}
  # {{{ Rollback
  boot.initrd.systemd.services.rollback = {
    description = "Rollback BTRFS root subvolume to a pristine state";
    wantedBy = [ "initrd.target" ];
    after = [ "systemd-cryptsetup@crypted.service" ];
    before = [ "sysroot.mount" ];
    unitConfig.DefaultDependencies = "no";
    serviceConfig.Type = "oneshot";
    script = ''
      mkdir -p /mnt
      # We first mount the btrfs root to /mnt
      # so we can manipulate btrfs subvolumes.
      mount -o subvol=/ /dev/mapper/crypted /mnt
      # While we're tempted to just delete /root and create
      # a new snapshot from /root-blank, /root is already
      # populated at this point with a number of subvolumes,
      # which makes `btrfs subvolume delete` fail.
      # So, we remove them first.
      #
      # /root contains subvolumes:
      # - /root/var/lib/portables
      # - /root/var/lib/machines
      #
      # I suspect these are related to systemd-nspawn, but
      # since I don't use it I'm not 100% sure.
      # Anyhow, deleting these subvolumes hasn't resulted
      # in any issues so far, except for fairly
      # benign-looking errors from systemd-tmpfiles.
      btrfs subvolume list -o /mnt/root |
        cut -f9 -d' ' |
        while read subvolume; do
          echo "deleting /$subvolume subvolume..."
          btrfs subvolume delete "/mnt/$subvolume"
        done &&
        echo "deleting /root subvolume..." &&
        btrfs subvolume delete /mnt/root
      echo "restoring blank /root subvolume..."
      btrfs subvolume snapshot /mnt/blank /mnt/root
      # Once we're done rolling back to a blank snapshot,
      # we can unmount /mnt and continue on the boot process.
      umount /mnt
    '';
  };
  # }}}
 }
--- a/hosts/nixos/calypso/filesystems/partitions.nix
+++ b/hosts/nixos/calypso/filesystems/partitions.nix
@ -0,0 +1,100 @@
 {
  disks ? [ "/dev/nvme0n1" ],
  ...
 }:
 {
  disko.devices.disk.main = {
    type = "disk";
    device = builtins.elemAt disks 0;
    content = {
      type = "gpt";
      partitions = {
        # {{{ Boot
        ESP = {
          size = "512M";
          type = "EF00";
          content = {
            type = "filesystem";
            format = "vfat";
            mountpoint = "/boot";
            mountOptions = [ "defaults" ];
          };
        };
        # }}}
        # {{{ Luks
        luks = {
          size = "384G"; # The remaining space is left for windows
          content = {
            type = "luks";
            name = "crypted";
            passwordFile = "/hermes/secrets/calypso/disk.key";
            settings.allowDiscards = true;
            content = {
              type = "btrfs";
              extraArgs = [ "-f" ];
              subvolumes = {
                # {{{ /
                "root" = {
                  mountpoint = "/";
                  mountOptions = [
                    "compress=zstd"
                    "noatime"
                  ];
                };
                # }}}
                # {{{ /blank
                "blank" = {
                  mountpoint = "/blank";
                  # should we reuse the `root` options here?
                  mountOptions = [
                    "compress=zstd"
                    "noatime"
                  ];
                };
                # }}}
                # {{{ /swap
                "swap" = {
                  mountpoint = "/.swapvol";
                  swap.swapfile.size = "20G";
                };
                # }}}
                # {{{ /persist/data
                "persist-data" = {
                  mountpoint = "/persist/data";
                  mountOptions = [ "compress=zstd" ];
                };
                # }}}
                # {{{ /persist/state
                "persist-state" = {
                  mountpoint = "/persist/state";
                  mountOptions = [ "compress=zstd" ];
                };
                # }}}
                # {{{ /local/nix
                "local-nix" = {
                  mountpoint = "/nix";
                  mountOptions = [
                    "compress=zstd"
                    "noatime"
                  ];
                };
                # }}}
                # {{{ /local/cache
                "local-cache" = {
                  mountpoint = "/persist/local/cache";
                  mountOptions = [
                    "compress=zstd"
                    "noatime"
                  ];
                };
                # }}}
              };
            };
          };
        };
        # }}}
      };
    };
  };
 }
--- a/hosts/nixos/calypso/hardware/default.nix
+++ b/hosts/nixos/calypso/hardware/default.nix
@ -0,0 +1,28 @@
 { inputs, ... }:
 {
  # {{{ Imports
  imports = with inputs.nixos-hardware.nixosModules; [
    common-cpu-amd
    common-gpu-amd
    common-pc-laptop
    common-pc-ssd
    ./generated.nix
  ];
  # }}}
  # {{{ Misc
  hardware.enableAllFirmware = true;
  hardware.opengl.enable = true;
  hardware.opentabletdriver.enable = true;
  hardware.keyboard.qmk.enable = true;
  # }}}
  # {{{ Power management
  powerManagement.cpuFreqGovernor = "performance";
  services.tlp = {
    enable = true;
    settings = {
      CPU_SCALING_GOVERNOR_ON_BAT = "performance";
      CPU_SCALING_GOVERNOR_ON_AC = "performance";
    };
  };
  # }}}
 }
--- a/hosts/nixos/calypso/hardware/generated.nix
+++ b/hosts/nixos/calypso/hardware/generated.nix
@ -0,0 +1,26 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/nixos/calypso/keys/id_ed25519.pub
+++ b/hosts/nixos/calypso/keys/id_ed25519.pub
@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBwFNYf8q84oGOwiGCXmJqeBPdglTPcWJB9nnLpmS2RG moon@calypso
--- a/hosts/nixos/calypso/keys/ssh_host_ed25519_key.pub
+++ b/hosts/nixos/calypso/keys/ssh_host_ed25519_key.pub
@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASX1E4WYg5dydret3G0fWYJLQn2oRxNZdHWWaJojW1a root@calypso
--- a/hosts/nixos/calypso/keys/ssh_host_rsa_key.pub
+++ b/hosts/nixos/calypso/keys/ssh_host_rsa_key.pub
@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAfRDNDA5B0YlnR0K5wQ0w6pMl0Pi8WIjanKol5SA615VDye3caBdv3UzxdC221ECIa9bZQcaKt/ncIuj/3fE49W8D0+2wL/1Eruy4ximAVAtLgIMzm+hl/dP3KsyTjUajIUbso08S9PUjtJl8PgmiiEPEppMAo++hwKycn5bRoUywE/VoNgPhAB5sgKaFZiQhPu4q0mZWhikGiaJzKPRi84bP4gCL9/h0slSWP3VmhWE7Vyvyjv6OKHdfjXoJA/AjSd3VogmGnzDWUI5lkwJzkHv/ybie9+7y+0o+wBu4+0lJlchBEq0f6dp9fw0MZRt84DYw8/MFDa+SXq5cO5aAwHARpRYeAHkPIRnwJbxTqn6uDlAdWrIxY8SPXIrrBpfnVSoaH8SJN/spsEoILkqrOpncQi5QP1rY8Bi2zaI13WD1kYsh9l4FqmqvCeawEgN0pedudZf2qqHWD93lDTAWxM7k5rPHSSgnnfsgwE35peBpmepJH8ZNFaBqw+aCvIM= root@calypso
--- a/hosts/nixos/calypso/services/snapper.nix
+++ b/hosts/nixos/calypso/services/snapper.nix
@ -0,0 +1,43 @@
 { config, lib, ... }:
 {
  # Why is this not part of the nixos module...
  systemd.tmpfiles.rules = lib.mapAttrsToList (
    _: c: "Q ${c.SUBVOLUME}/.snapshots"
  ) config.services.snapper.configs;
  services.snapper = {
    snapshotInterval = "hourly";
    cleanupInterval = "1d";
    # http://snapper.io/manpages/snapper-configs.html
    configs = {
      # {{{ Data
      data = {
        SUBVOLUME = "/persist/data";
        TIMELINE_CREATE = true;
        TIMELINE_CLEANUP = true;
        BACKGROUND_COMPARISON = "yes";
        TIMELINE_LIMIT_HOURLY = "24";
        TIMELINE_LIMIT_DAILY = "7";
        TIMELINE_LIMIT_WEEKLY = "4";
        TIMELINE_LIMIT_MONTHLY = "12";
        TIMELINE_LIMIT_YEARLY = "0";
      };
      # }}}
      # {{{ State
      state = {
        SUBVOLUME = "/persist/state";
        TIMELINE_CREATE = true;
        TIMELINE_CLEANUP = true;
        BACKGROUND_COMPARISON = "yes";
        TIMELINE_LIMIT_HOURLY = "6";
        TIMELINE_LIMIT_DAILY = "3";
        TIMELINE_LIMIT_WEEKLY = "1";
        TIMELINE_LIMIT_MONTHLY = "1";
        TIMELINE_LIMIT_YEARLY = "0";
      };
      # }}}
    };
  };
 }
--- a/hosts/nixos/common/global/cli/htop.nix
+++ b/hosts/nixos/common/global/cli/htop.nix
@ -1,8 +0,0 @@
 {
  programs.htop = {
    enable = true;
    settings = {
      tree_view = true;
    };
  };
 }
--- a/hosts/nixos/common/global/cli/sudo.nix
+++ b/hosts/nixos/common/global/cli/sudo.nix
@ -1,12 +0,0 @@
 { pkgs, inputs, lib, ... }: {
  security.sudo = {
    enable = true;
    extraRules = [{
      commands = [{
        command = lib.getExe inputs.deploy-rs.packages.${pkgs.system}.default;
        options = [ "NOPASSWD" ];
      }];
      groups = [ "wheel" ];
    }];
  };
 }
--- a/hosts/nixos/common/global/default.nix
+++ b/hosts/nixos/common/global/default.nix
@ -1,30 +1,33 @@
 # Configuration pieces included on all (nixos) hosts
-{ inputs, lib, config, outputs, ... }:
+{
  inputs,
  lib,
  config,
  outputs,
  ...
 }:
 let
  # {{{ Imports
  imports = [
-    # {{{ flake inputs 
+    # {{{ flake inputs
    inputs.disko.nixosModules.default
    inputs.stylix.nixosModules.stylix
    inputs.sops-nix.nixosModules.sops
    inputs.nixos-dns.nixosModules.dns
    # }}}
    # {{{ global configuration
    ./cli/fish.nix
    ./cli/htop.nix
    ./services/openssh.nix
    ./services/tailscale.nix
    ./nix.nix
    ./locale.nix
    ./unicode.nix
    ./persistence.nix
    ./ports.nix
    ./wireless
    ../../../../common
    # }}}
  ];
  # }}}
 in
 # }}}
 {
  # Import all modules defined in modules/nixos
  imports = builtins.attrValues outputs.nixosModules ++ imports;
@ -47,10 +50,9 @@ in
  nixpkgs = {
    # Add all overlays defined in the overlays directory
-    overlays = builtins.attrValues outputs.overlays ++
+    overlays =
-      lib.lists.optional
+      builtins.attrValues outputs.overlays
-        config.satellite.toggles.neovim-nightly.enable
+      ++ lib.lists.optional config.satellite.toggles.neovim-nightly.enable inputs.neovim-nightly-overlay.overlay;
        inputs.neovim-nightly-overlay.overlay;
    config.allowUnfree = true;
  };
--- a/hosts/nixos/common/global/nix.nix
+++ b/hosts/nixos/common/global/nix.nix
@ -1,7 +1,14 @@
-{ config, lib, pkgs, inputs, ... }: {
+{
  config,
  lib,
  pkgs,
  inputs,
  ...
 }:
 {
  nix = {
    # Flake support and whatnot
-    package = pkgs.nixUnstable;
+    package = pkgs.lix;
    # Weekly clean up the store, I think
    gc = {
@ -32,7 +39,7 @@
      experimental-features = [
        "nix-command"
        "flakes"
-        "repl-flake"
+        # "repl-flake"
        "auto-allocate-uids"
        # "configurable-impure-env"
      ];
@ -43,8 +50,10 @@
      # Deduplicate and optimize nix store
      auto-optimise-store = true;
-      # TODO: what is a trusted user?
+      trusted-users = [
-      trusted-users = [ "root" "@wheel" ];
+        "root"
        "@wheel"
      ];
    };
  };
 }
--- a/hosts/nixos/common/global/persistence.nix
+++ b/hosts/nixos/common/global/persistence.nix
@ -3,7 +3,13 @@
 # users' home persist dir exists and has the right permissions
 #
 # It works even if / is tmpfs, btrfs snapshot, or even not ephemeral at all.
-{ lib, inputs, config, ... }: {
+{
  lib,
  inputs,
  config,
  ...
 }:
 {
  imports = [ inputs.impermanence.nixosModules.impermanence ];
  environment.persistence."/persist/state".directories = [
@ -16,14 +22,21 @@
  # See [the imperanence readme](https://github.com/nix-community/impermanence#home-manager)
  programs.fuse.userAllowOther = true;
  # {{{ Disable sudo default lecture
  security.sudo.extraConfig = ''
    Defaults lecture = never
  '';
  # }}}
  # {{{ Create home directories
  systemd.tmpfiles.rules =
    let
-      users = lib.filter (v: v != null && v.isNormalUser)
+      users = lib.filter (v: v != null && v.isNormalUser) (
-        (lib.mapAttrsToList (_: u: u) config.users.users);
+        lib.mapAttrsToList (_: u: u) config.users.users
      );
-      mkHomePersistFor = location: lib.forEach users
+      mkHomePersistFor =
-        (user: "Q ${location}${user.home} ${user.homeMode} ${user.name} ${user.group} -");
+        location:
        lib.forEach users (user: "d ${location}${user.home} ${user.homeMode} ${user.name} ${user.group} -");
    in
    lib.flatten [
      (mkHomePersistFor "/persist/data")
@ -32,4 +45,3 @@
    ];
  # }}}
 }
--- a/hosts/nixos/common/global/ports.nix
+++ b/hosts/nixos/common/global/ports.nix
@ -24,5 +24,6 @@
    jupyterhub = 8420;
    guacamole = 8421;
    syncthing = 8422;
    forgejo-ssh = 8423;
  };
 }
--- a/hosts/nixos/common/global/services/openssh.nix
+++ b/hosts/nixos/common/global/services/openssh.nix
@ -1,6 +1,10 @@
-# This setups a SSH server. 
+# This setups a SSH server.
-# TODO: persistence
+{
-{ outputs, config, lib, ... }:
+  outputs,
  config,
  lib,
  ...
 }:
 let
  # Record containing all the hosts
  hosts = outputs.nixosConfigurations;
@ -16,8 +20,8 @@ in
    enable = true;
    settings = {
-      PermitRootLogin = "no"; # Forbid root login through SSH.
+      PermitRootLogin = lib.mkDefault "no"; # Forbid root login through SSH.
-      PasswordAuthentication = false; # Use keys only.
+      PasswordAuthentication = lib.mkDefault false; # Use keys only.
    };
    # Automatically remove stale sockets
@ -27,7 +31,10 @@ in
    # Generate ssh key
    hostKeys =
-      let mkKey = type: path: extra: { inherit type path; } // extra;
+      let
        mkKey =
          type: path: extra:
          { inherit type path; } // extra;
      in
      [
        (mkKey "ed25519" "/persist/state/etc/ssh/ssh_host_ed25519_key" { })
@ -35,35 +42,33 @@ in
      ];
  };
  # TODO: is this safe? Can we ssh back and gain root access this way?
  # Passwordless sudo when SSH'ing with keys
  # security.pam.enableSSHAgentAuth = true;
  # SSH on slow connections
  programs.mosh.enable = true;
  # Add each host in this repo to the knownHosts list
  programs.ssh = {
    knownHosts = lib.pipe hosts [
      # attrsetof host -> attrsetof { ... }
      (builtins.mapAttrs
        # string -> host -> { ... }
-        (name: _: {
+        (
-          publicKeyFile = pubKey name;
+          name: _: {
-          extraHostNames = lib.optional (name == hostname) "localhost";
+            publicKeyFile = pubKey name;
-        }))
+            extraHostNames = lib.optional (name == hostname) "localhost";
          }
        )
      )
      # attrsetof { ... } -> attrsetof { ... }
      (lib.attrsets.filterAttrs
        # string -> { ... } -> bool
-        (_: { publicKeyFile, ... }: builtins.pathExists publicKeyFile))
+        (_: { publicKeyFile, ... }: builtins.pathExists publicKeyFile)
      )
    ];
  };
  # By default, this will ban failed ssh attempts
  services.fail2ban.enable = true;
  # Makes it easy to copy host keys at install time without messing up permissions
-  systemd.tmpfiles.rules = [ "d /persist/state/etc/ssh" ];
+  systemd.tmpfiles.rules = [
    "d /persist/state/etc/ssh"
  ] ++ (lib.lists.forEach config.services.openssh.hostKeys (key: "e ${key.path} 0700"));
 }
--- a/hosts/nixos/common/global/unicode.nix
+++ b/hosts/nixos/common/global/unicode.nix
@ -0,0 +1,11 @@
 { pkgs, ... }:
 {
  i18n.inputMethod = {
    enabled = "fcitx5";
    fcitx5.addons = with pkgs; [
      fcitx5-gtk
      fcitx5-configtool
    ];
  };
 }
--- a/hosts/nixos/common/optional/desktop/default.nix
+++ b/hosts/nixos/common/optional/desktop/default.nix
@ -0,0 +1,8 @@
 {
  imports = [
    ../pipewire.nix
    ./xdg-portal.nix
  ];
  stylix.targets.gtk.enable = true;
 }
--- a/hosts/nixos/common/optional/desktop/steam.nix
+++ b/hosts/nixos/common/optional/desktop/steam.nix
@ -1,8 +1,7 @@
-# TODO(imperanence): handle persistence
+{
 { lib, ... }: {
  programs.steam = {
    enable = true;
    remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
-    dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+    # gamescopeSession.enable = true;
  };
 }
--- a/hosts/nixos/common/optional/oci.nix
+++ b/hosts/nixos/common/optional/oci.nix
@ -2,12 +2,7 @@
  virtualisation.oci-containers.backend = "docker";
  environment.persistence = {
-    "/persist/state".directories = [
+    "/persist/state".directories = [ "/var/lib/containers/storage" ];
-      "/var/lib/containers/storage"
+    "/persist/local/cache".directories = [ "/var/lib/containers/cache" ];
    ];
    "/persist/local/cache".directories = [
      "/var/lib/containers/cache"
    ];
  };
 }
--- a/hosts/nixos/common/optional/pipewire.nix
+++ b/hosts/nixos/common/optional/pipewire.nix
@ -1,5 +1,5 @@
 # This handles audio stuff
-{ pkgs, ... }: {
+{
  security.rtkit.enable = true;
  hardware.pulseaudio.enable = false;
--- a/hosts/nixos/common/optional/services/iwd/README.md
+++ b/hosts/nixos/common/optional/services/iwd/README.md
@ -0,0 +1 @@
 The certificate is taken from the source code of the python script found at [cat.eduroam.org](https://cat.eduroam.org/) for my university, so I assume it's ok to share around?
--- a/hosts/nixos/common/optional/services/iwd/default.nix
+++ b/hosts/nixos/common/optional/services/iwd/default.nix
@ -0,0 +1,29 @@
 { config, ... }:
 {
  networking.wireless.iwd = {
    enable = true;
    settings = {
      IPv6.Enabled = true;
      Settings.AutoConnect = true;
    };
  };
  environment.persistence."/persist/state".directories = [ "/var/lib/iwd" ];
  sops.templates."eduroam.8021x".path = "/var/lib/iwd/eduroam.8021x";
  sops.secrets.eduroam_pass.sopsFile = ../../../secrets.yaml;
  sops.templates."eduroam.8021x".content = ''
    [Security]
    EAP-Method=PEAP
    EAP-Identity=s5260329@rug.nl
    EAP-PEAP-CACert=${./eduroam.pem}
    EAP-PEAP-Phase2-Method=MSCHAPV2
    EAP-PEAP-Phase2-Identity=s5260329@rug.nl
    EAP-PEAP-Phase2-Password=${config.sops.placeholder.eduroam_pass}
    EAP-PEAP-ServerDomainMask=radius.rug.nl
    [Settings]
    AutoConnect=true
  '';
 }
--- a/hosts/nixos/common/optional/services/iwd/eduroam.pem
+++ b/hosts/nixos/common/optional/services/iwd/eduroam.pem
@ -0,0 +1,98 @@
 -----BEGIN CERTIFICATE-----
 MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
 MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
 GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
 YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
 MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
 BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
 GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
 BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
 3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
 YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
 rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
 ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
 oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
 MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
 QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
 b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
 AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
 GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
 Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
 G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
 l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
 smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB
 iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
 cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
 BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw
 MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV
 BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
 aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy
 dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
 AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B
 3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY
 tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/
 Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2
 VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT
 79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6
 c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT
 Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l
 c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee
 UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE
 Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
 BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G
 A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF
 Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO
 VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3
 ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs
 8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR
 iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze
 Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ
 XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/
 qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB
 VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
 L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
 jjxDah2nGN59PRbxYvnKkKj9
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIG5TCCBM2gAwIBAgIRANpDvROb0li7TdYcrMTz2+AwDQYJKoZIhvcNAQEMBQAw
 gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
 ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
 VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIw
 MDIxODAwMDAwMFoXDTMzMDUwMTIzNTk1OVowRDELMAkGA1UEBhMCTkwxGTAXBgNV
 BAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNVBAMTEUdFQU5UIE9WIFJTQSBDQSA0
 MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApYhi1aEiPsg9ZKRMAw9Q
 r8Mthsr6R20VSfFeh7TgwtLQi6RSRLOh4or4EMG/1th8lijv7xnBMVZkTysFiPmT
 PiLOfvz+QwO1NwjvgY+Jrs7fSoVA/TQkXzcxu4Tl3WHi+qJmKLJVu/JOuHud6mOp
 LWkIbhODSzOxANJ24IGPx9h4OXDyy6/342eE6UPXCtJ8AzeumTG6Dfv5KVx24lCF
 TGUzHUB+j+g0lSKg/Sf1OzgCajJV9enmZ/84ydh48wPp6vbWf1H0O3Rd3LhpMSVn
 TqFTLKZSbQeLcx/l9DOKZfBCC9ghWxsgTqW9gQ7v3T3aIfSaVC9rnwVxO0VjmDdP
 FNbdoxnh0zYwf45nV1QQgpRwZJ93yWedhp4ch1a6Ajwqs+wv4mZzmBSjovtV0mKw
 d+CQbSToalEUP4QeJq4Udz5WNmNMI4OYP6cgrnlJ50aa0DZPlJqrKQPGL69KQQz1
 2WgxvhCuVU70y6ZWAPopBa1ykbsttpLxADZre5cH573lIuLHdjx7NjpYIXRx2+QJ
 URnX2qx37eZIxYXz8ggM+wXH6RDbU3V2o5DP67hXPHSAbA+p0orjAocpk2osxHKo
 NSE3LCjNx8WVdxnXvuQ28tKdaK69knfm3bB7xpdfsNNTPH9ElcjscWZxpeZ5Iij8
 lyrCG1z0vSWtSBsgSnUyG/sCAwEAAaOCAYswggGHMB8GA1UdIwQYMBaAFFN5v1qq
 K0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBRvHTVJEGwy+lmgnryK6B+VvnF6DDAO
 BgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggr
 BgEFBQcDAQYIKwYBBQUHAwIwOAYDVR0gBDEwLzAtBgRVHSAAMCUwIwYIKwYBBQUH
 AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMFAGA1UdHwRJMEcwRaBDoEGGP2h0
 dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9u
 QXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6
 Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAl
 BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B
 AQwFAAOCAgEAUtlC3e0xj/1BMfPhdQhUXeLjb0xp8UE28kzWE5xDzGKbfGgnrT2R
 lw5gLIx+/cNVrad//+MrpTppMlxq59AsXYZW3xRasrvkjGfNR3vt/1RAl8iI31lG
 hIg6dfIX5N4esLkrQeN8HiyHKH6khm4966IkVVtnxz5CgUPqEYn4eQ+4eeESrWBh
 AqXaiv7HRvpsdwLYekAhnrlGpioZ/CJIT2PTTxf+GHM6cuUnNqdUzfvrQgA8kt1/
 ASXx2od/M+c8nlJqrGz29lrJveJOSEMX0c/ts02WhsfMhkYa6XujUZLmvR1Eq08r
 48/EZ4l+t5L4wt0DV8VaPbsEBF1EOFpz/YS2H6mSwcFaNJbnYqqJHIvm3PLJHkFm
 EoLXRVrQXdCT+3wgBfgU6heCV5CYBz/YkrdWES7tiiT8sVUDqXmVlTsbiRNiyLs2
 bmEWWFUl76jViIJog5fongEqN3jLIGTG/mXrJT1UyymIcobnIGrbwwRVz/mpFQo0
 vBYIi1k2ThVh0Dx88BbF9YiP84dd8Fkn5wbE6FxXYJ287qfRTgmhePecPc73Yrzt
 apdRcsKVGkOpaTIJP/l+lAHRLZxk/dUtyN95G++bOSQqnOCpVPabUGl2E/OEyFrp
 Ipwgu2L/WJclvd6g+ZA/iWkLSMcpnFb+uX6QBqvD6+RNxul1FaB5iHY=
 -----END CERTIFICATE-----
--- a/hosts/nixos/common/optional/services/kanata.nix
+++ b/hosts/nixos/common/optional/services/kanata.nix
@ -20,103 +20,56 @@ let
      em (unicode —)
    )
    ;; }}}
-    ;; {{{ Chord aliases
+    (defchordsv2-experimental
    (defalias
      chq (chord mainchords q)
      chw (chord mainchords w)
      che (chord mainchords e)
      chr (chord mainchords r)
      cha (chord mainchords a)
      chs (chord mainchords s)
      chd (chord mainchords d)
      chf (chord mainchords f)
      chz (chord mainchords z)
      chx (chord mainchords x)
      chc (chord mainchords c)
      chg (chord mainchords g)
      chh (chord mainchords h)
      chi (chord mainchords i)
      chp (chord mainchords p)
      chj (chord mainchords j)
      chk (chord mainchords k)
      chl (chord mainchords l)
      ch: (chord mainchords :)
      chn (chord mainchords n)
    ) 
    ;; }}}
    (defchords mainchords ${toString chordDelay}
    ;; {{{ Single keys
      (q) q
      (w) w
      (e) e
      (r) r
      (a) a
      (s) s
      (d) d
      (f) f
      (z) z
      (x) x
      (c) c
      (g) g
      (h) h
      (i) i
      (p) p
      (j) j
      (k) k
      (l) l
      (:) ;
      (n) n
    ;; }}}
      ;; {{{ Left modifiers
-      (a s    ) lalt
+      (a s d f) (multi lctl lalt lsft) ${toString chordDelay} all-released ()
-      (  s d  ) lsft
+      (a s d  ) (multi lalt lsft) ${toString chordDelay} all-released ()
-      (  s   f) lctl
+      (  s d f) (multi lctl lsft) ${toString chordDelay} all-released ()
-      (  s d f) C-lsft
+      (a s    ) lalt ${toString chordDelay} all-released ()
-      (a s d  ) S-lalt
+      (  s d  ) lsft ${toString chordDelay} all-released ()
-      (a s d f) C-S-lalt
+      (  s   f) lctl ${toString chordDelay} all-released ()
      ;; }}}
      ;; {{{ Right modifiers
-      (    l :) ralt
+      (j k l ;) (multi rctl ralt rsft) ${toString chordDelay} all-released ()
-      (  k l  ) rsft
+      (j k l  ) (multi rctl rsft) ${toString chordDelay} all-released ()
-      (j   l  ) rctl
+      (  k l ;) (multi ralt rsft) ${toString chordDelay} all-released ()
-      (j k l  ) C-rsft
+      (j   l  ) rctl ${toString chordDelay} all-released ()
-      (  k l :) S-ralt
+      (  k l  ) rsft ${toString chordDelay} all-released ()
-      (j k l :) C-S-ralt
+      (    l ;) ralt ${toString chordDelay} all-released ()
      ;; }}}
      ;; {{{ Special keys
-      (d f) tab
+      (d f) tab ${toString chordDelay} all-released ()
-      (e f) ret
+      (e f) ret ${toString chordDelay} all-released ()
-      (q w) esc
+      (q w) esc ${toString chordDelay} all-released ()
-      (g h) bspc
+      (g h) bspc ${toString chordDelay} all-released ()
-      (n l) rmet
+      (n l) rmet ${toString chordDelay} all-released ()
-      (j k) f10
+      (j k) f10 ${toString chordDelay} all-released ()
-      (c p) f11
+      (c p) f11 ${toString chordDelay} all-released ()
-      (j i) f12
+      (j i) f12 ${toString chordDelay} all-released ()
      ;; }}}
      ;; {{{ Wm keybinds
-      (n l k) M-p
+      (n l k) M-p ${toString chordDelay} all-released ()
-      (n l q) M-1
+      (n l q) M-1 ${toString chordDelay} all-released ()
-      (n l w) M-2
+      (n l w) M-2 ${toString chordDelay} all-released ()
-      (n l e) M-3
+      (n l e) M-3 ${toString chordDelay} all-released ()
-      (n l r) M-4
+      (n l r) M-4 ${toString chordDelay} all-released ()
-      (n l a) M-5
+      (n l t) M-5 ${toString chordDelay} all-released ()
-      (n l s) M-6
+      (n l a) M-6 ${toString chordDelay} all-released ()
-      (n l d) M-7
+      (n l s) M-7 ${toString chordDelay} all-released ()
-      (n l f) M-8
+      (n l d) M-8 ${toString chordDelay} all-released ()
-      (n l z) M-9
+      (n l f) M-9 ${toString chordDelay} all-released ()
-      (n l x) M-0
+      (n l g) M-0 ${toString chordDelay} all-released ()
      ;; }}}
    )
    ;; {{{ Qwerty
    (deflayer qwerty
      XX   XX   XX   XX   XX   XX   XX   XX   XX   XX   XX   XX   XX   XX
-      XX   @chq @chw @che @chr t    y    u    @chi o    @chp XX   XX   XX
+      XX   q    w    e    r    t    y    u    i    o    p    XX   XX   XX
-      XX   @cha @chs @chd @chf @chg @chh @chj @chk @chl @ch: XX   XX
+      XX   a    s    d    f    g    h    j    k    l    ;    XX   XX
-      lsft @chz @chx @chc v    b    @chn m    ,    .    '    XX
+      lsft z    x    c    v    b    n    m    ,    .    '    XX
      XX   lmet @red           spc           @blue
    )
    ;; }}}
@ -167,11 +120,17 @@ let
    )
    ;; }}}
  '';
  extraDefCfg = ''
    concurrent-tap-hold true ;; Required by chords
  '';
 in
 {
  services.kanata = {
    enable = true;
    keyboards.tethysLaptop = {
      inherit extraDefCfg;
      devices = [ "/dev/input/by-path/platform-i8042-serio-0-event-kbd" ];
      config = mkConfig {
@ -182,6 +141,8 @@ in
    };
    keyboards.keychronK6 = {
      inherit extraDefCfg;
      devices = [ "/dev/input/by-id/usb-Keychron_Keychron_K6-event-kbd" ];
      config = mkConfig {
--- a/hosts/nixos/common/optional/services/restic/default.nix
+++ b/hosts/nixos/common/optional/services/restic/default.nix
@ -3,24 +3,31 @@ let
  backupUrl = lib.removeSuffix "\n" (builtins.readFile ./url.txt);
  # {{{ Backup helper
-  createBackup = { name, paths, exclude, pruneOpts }: {
+  createBackup =
-    inherit pruneOpts paths;
+    {
      name,
      paths,
      exclude,
      pruneOpts,
    }:
    {
      inherit pruneOpts paths;
-    initialize = true;
+      initialize = true;
-    repository = "sftp:${backupUrl}:backups/${name}";
+      repository = "sftp:${backupUrl}:backups/${name}";
-    passwordFile = config.sops.secrets.backup_password.path;
+      passwordFile = config.sops.secrets.backup_password.path;
-    extraOptions = [ "sftp.args='-i ${config.users.users.pilot.home}/.ssh/id_ed25519'" ];
+      extraOptions = [ "sftp.args='-i /persist/state/etc/ssh/ssh_host_ed25519_key'" ];
-    exclude = [
+      exclude = [
-      # Syncthing / direnv / git stuff
+        ".direnv" # Direnv
-      ".direnv"
+        ".git" # Git
-      ".git"
+        ".stfolder" # Syncthing
-      ".stfolder"
+        ".stversions" # Syncthing
-      ".stversions"
+        ".snapshots" # Snapper
-    ] ++ exclude;
+      ] ++ exclude;
-  };
+    };
  # }}}
 in
 # }}}
 {
  sops.secrets.backup_password.sopsFile = ../../../secrets.yaml;
@ -28,6 +35,8 @@ in
    # {{{ Data
    data = createBackup {
      name = "data";
      # Kept for at most 1 year
      pruneOpts = [
        "--keep-daily 7"
        "--keep-weekly 4"
@ -39,12 +48,17 @@ in
      exclude = [
        # Projects are available on github and in my own forge already
        "/persist/data${config.users.users.pilot.home}/projects"
        # Screenshots are usually worthless
        "/persist/data${config.users.users.pilot.home}/media/pictures/screenshots"
      ];
    };
    # }}}
    # {{{ State
    state = createBackup {
      name = "state";
      # Kept for at most 1 month
      pruneOpts = [
        "--keep-daily 3"
        "--keep-weekly 1"
@ -54,14 +68,28 @@ in
      paths = [ "/persist/state" ];
      exclude =
-        let home = "/persist/state/${config.users.users.pilot.home}";
+        let
          home = "/persist/state${config.users.users.pilot.home}";
        in
        [
-          "${home}/discord" # There's lots of cache stored in here
+          "/persist/state/var/log"
-          "${home}/steam" # Games can be quite big
+          "${home}/discord"
          "${home}/element"
          "${home}/firefox"
          "${home}/lutris"
          "${home}/qmk"
          "${home}/signal"
          "${home}/spotify"
          "${home}/steam"
          "${home}/whatsapp"
          "${home}/wine"
        ];
    };
    # }}}
  };
 }
  environment.persistence."/persist/local/cache".directories = [
    "/var/cache/restic-backups-data"
    "/var/cache/restic-backups-state"
  ];
 }
--- a/hosts/nixos/common/optional/services/syncthing.nix
+++ b/hosts/nixos/common/optional/services/syncthing.nix
@ -18,7 +18,7 @@ in
    overrideFolders = true;
    settings = {
-      # {{{ Device ids 
+      # {{{ Device ids
      devices = {
        enceladus.id = "QWOAERM-V2FNXPI-TB7NFUS-LKW7JTB-IZY4OEZ-FYDPJNP-6IKPW4Y-YREXDQM";
        lapetus.id = "VVHM7RC-ZSDOZJI-EGBIJR4-2DOGAXG-OEJZWSH-OYUK5XT-7CDMWSL-3AVM2AZ";
--- a/hosts/nixos/common/optional/services/tailscale.nix
+++ b/hosts/nixos/common/optional/services/tailscale.nix
@ -1,4 +1,5 @@
-{ lib, ... }: {
+{ lib, ... }:
 {
  # enable the tailscale service
  services.tailscale = {
    enable = true;
--- a/hosts/nixos/common/optional/services/wpa_supplicant.nix
+++ b/hosts/nixos/common/optional/services/wpa_supplicant.nix
@ -1,4 +1,5 @@
-{ config, ... }: {
+{ config, ... }:
 {
  sops.secrets.wireless.sopsFile = ../../secrets.yaml;
  # https://github.com/NixOS/nixpkgs/blob/nixos-22.11/nixos/modules/services/networking/wpa_supplicant.nix
@ -21,6 +22,7 @@
      "Ziggo1721699".psk = "@NL_PLACE_1_PASS@";
      "Konijntjes".psk = "@NL_PLACE_1_PODS_PASS@";
      "InfoEdu12".psk = "@INFOEDU_PASS@";
      "CNU19".psk = "@INFOEDU_PASS@";
      "ZTE_F7A321".psk = "@MADALINA_PASS@";
      # [Working solution](https://bbs.archlinux.org/viewtopic.php?id=271336)
--- a/hosts/nixos/common/optional/users/pilot.nix
+++ b/hosts/nixos/common/optional/users/pilot.nix
@ -0,0 +1,72 @@
 {
  pkgs,
  outputs,
  config,
  lib,
  ...
 }:
 {
  # This is it's own attribute in order to prevent infinite recursion
  # in certain places.
  satellite.pilot.name = lib.mkDefault "adrielus";
  # {{{ Password handling
  sops.secrets.pilot_password = {
    sopsFile = ../../secrets.yaml;
    neededForUsers = true;
  };
  # }}}
  users = {
    # Configure users through nix only
    mutableUsers = false;
    # Sync up root and `pilot` shell
    users.root.shell = config.users.users.pilot.shell;
    # {{{ Create pilot user
    users.pilot = {
      inherit (config.satellite.pilot) name;
      # This gets referenced in other parts of the config
      uid = 1000;
      # Adds me to some default groups, and creates the home dir
      isNormalUser = true;
      # Picked up by our persistence module
      homeMode = "700";
      # Add user to the following groups
      extraGroups = [
        "wheel" # Access to sudo
        "lp" # Printers
        "audio" # Audio devices
        "video" # Webcam and the like
        "network" # wpa_supplicant
        "syncthing" # syncthing!
      ];
      hashedPasswordFile = config.sops.secrets.pilot_password.path;
      shell = pkgs.fish;
    };
    # }}}
  };
  # {{{ Set user-specific ssh permissions
  # This is mainly useful because home-manager can often fail if the perms on
  # `~/.ssh` are incorrect.
  systemd.tmpfiles.rules =
    let
      user = config.users.users.pilot;
      root = "/persist/state/${user.home}/ssh";
    in
    [
      "d ${root}                 0755 ${user.name} ${user.group}"
      "d ${root}/.ssh            0755 ${user.name} ${user.group}"
      "z ${root}/.ssh/id_*.pub   0755 ${user.name} ${user.group}"
      "z ${root}/.ssh/id_rsa     0700 ${user.name} ${user.group}"
      "z ${root}/.ssh/id_ed25519 0700 ${user.name} ${user.group}"
    ];
  # }}}
 }
--- a/hosts/nixos/common/optional/xorg/xmonad/Main.hs
+++ b/hosts/nixos/common/optional/xorg/xmonad/Main.hs
@ -43,7 +43,7 @@ main =
      [ ("M-p", spawn "rofi -show drun"),
        ("M-g", spawn myBrowser),
        ("M-d", spawn "Discord"),
-        ("M-v", spawn "wezterm start vimclip"),
+        ("M-v", spawn "$TERMLAUNCH vimclip"),
        ("M-s", spawn "spectacle -rcb"),
        ("M-S-s", spawn "spectacle -mcb"),
        ("M-C-s", spawn "spectacle -ucb"),
@ -61,7 +61,7 @@ main =
    myLayoutHook = spacingHook layouts
    startupApps = []
-    -- [ (0, "wezterm"),
+    -- [ (0, "$TERMSTART"),
    --   (1, "firefox"),
    --   (2, "Discord")
    -- ]
--- a/hosts/nixos/common/optional/xorg/xmonad/default.nix
+++ b/hosts/nixos/common/optional/xorg/xmonad/default.nix
@ -1,6 +1,9 @@
 { config, ... }:
 {
-  imports = [ ../xserver.nix ../touchpad.nix ];
+  imports = [
    ../xserver.nix
    ../touchpad.nix
  ];
  services.xserver = {
    enable = true;
@ -9,13 +12,11 @@
      enable = true;
      enableContribAndExtras = true;
-      config = builtins.readFile (config.lib.stylix.colors {
+      # TODO: substitute the missing $TERM* variables
-        template = builtins.readFile ./Main.hs;
+      config = builtins.readFile (config.lib.stylix.colors { template = builtins.readFile ./Main.hs; });
      });
    };
    # Proper wallpaper zooming
    desktopManager.wallpaper.mode = "fill";
  };
 }
--- a/hosts/nixos/common/secrets.yaml
+++ b/hosts/nixos/common/secrets.yaml
@ -1,4 +1,5 @@
-wireless: ENC[AES256_GCM,data:Ib0PdBd2r/DPyE6Ah9NffT8Tw8c2y+seGFrE0e9GkyRaStdYMiiIlWCiaBO0u1HHaVV+2MQ33MnMdqyCGRlqGk45kl0GIwVR5iAiSYnobj/6wcse+kx/+5mzNOHXD1kJRGJBm5+SN9ntiGABNkQXJdn/Qoc/ukY1uaGe2nBeFKmGdD9JL7KfgdI5jYjQYyDbCL9JUszxkXNcplIRBAAy8JDaBVeo9HgI0QDIZToPKwuEeQoA9XzdimrjbCazlZy3ZvjAuoQXmrc1nIRHF5GabSRGTFTnTfcBeW2fGpUxmIhLyucn2DIQBXLm+RDdMLWoqcGbKiLVqKyUXck3ZZyoHMf2b9N52xMUwcS7,iv:ozkDwWmurWTD8TZHGvWL9Yh8cOrP1PzSBkz+1bBZybo=,tag:iGPjRaOoGRcOWJMweTL2yA==,type:str]
+wireless: ENC[AES256_GCM,data:uHQOb3ilMi0kHsLFz9QZpSiYB6w9cTjCKwBN+TONY+H4arV4EUxzTottEDKQAFZbrNIeq2BU22QpfYMdmiH/6QiODLybWDJQ4fG3L2RzzUTlqZ9uL/uvkRmIXVh9Y4yHn9F+HftYvUaPgKEuVtHfqWleNCjOl6caKZcWEGM0/ow4nGcEfpT5PZsFn27yzKpcVn8A6XUJLTGhdvSSnkixauybEsQh9IszESVb44QYabjEemB7w05bBHn3R148OqDXaBs4LdrDQNjEIJlGTaMeE4WRrRMXu6DMcYexUFRUHZQBJ+RbOkL+qh0U2127AoC7lUTSO0isHw+LG1U78he80sQzvqBBAeK3Crgk,iv:Rmqsj4j69JEKkmuJTn7+JR9q72Fx+Ko7DZeGakxPCFc=,tag:zKXYbjdvgCkvuZLQEubt9g==,type:str]
 eduroam_pass: ENC[AES256_GCM,data:MFEwZVi9zF3N67sqGtTY,iv:oxwpPaXZlzHv7BEZhAnT+/Tr3QGm15d6suGMaV1W7Kw=,tag:0G/wXkjNkfh8mjpXBJxaxA==,type:str]
 pilot_password: ENC[AES256_GCM,data:PiKJCv5x68O9HFM4UvqLnsSPtqFslBLeAg67OkvFAbw7WaqbXh/p5SQblhPHcJ7jQDc4kI3XesOxruZrfJ0aZNDV1g7MWecgKg==,iv:EVs/m83Zfx2NRQMO52cF6pCe1ETpYfaR6lmXg2Na/DI=,tag:dl2x1aTsaTgtHEZYdW2lmg==,type:str]
 cloudflare_dns_api_token: ENC[AES256_GCM,data:QlLxQ/4AQsdqdWJC//FRgbMRqR0Ni51JgCDlyXfNe4pfPtiPs+Gb6Q==,iv:7SS+EzeHk0J1DzVvKxd40AuZUidV2asoQbSr5vyxl+U=,tag:T1KGXOsZ26sICYbrcmU8+w==,type:str]
 backup_password: ENC[AES256_GCM,data:Tu7ODTALfQLX7Mbo/BqiM6gaErGv07urwN1iHwGgurKWDuuE1h5NMV5J0cJqW6orTIloVtoZTJgSJ2lZlMcfUQ==,iv:78ha833ZzgEDChIuGjCMVA89U4qY9lWqUmfPCiiQeQM=,tag:u8KWw/060UVP+OOoPhbjRA==,type:str]
@ -11,32 +12,59 @@ sops:
        - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbzNLcXFBcTlIM3hjZTN0
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzeDFhc1R1T053aG5sNXRw
-            bTFZUDJnS3lROExSREVkd0FMeHU3RGVWdzJnCkszOVROZlBmZWl2cjFkcTZ1OWZw
+            TG9xY2dSdDFOT1FvOGpteHBuRTlQQTErc3kwClNxSmlXUDB5eXIwSVJUcmxmRkpL
-            eThXSTliNmxHM3o3NzhUOUkvU0YzNzgKLS0tIHBWSmRTTlJBdmlKQy9YWHR0NGds
+            RWM5UUI2MHkwd1VvZFIzSGFOQmNyaUkKLS0tIDdQc0VkRUdhbnZvTUlMYmFwT3hU
-            ak5kUFRJK3JCcUYvSFY2eGtIOTk3RkkKl3yBZjjBExU9RoZbaKBixfsywqFWFnq4
+            MTc2eVAvN2gycEd0Nm1yT3c0KzVsRTQKABHr4EwjwJBmJGdzanMBk09NjWcXTSFS
-            n7olhkNMVIC+BcLYno0oIT2oILASMkE3NbH85IHlYZY2qQvFKDbG7w==
+            cHGB28MRArjGsbZiXNM2K6aOjMKKS7uwpa2dwzJn5eds74shvk3ayA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1c1U4OHc4U2VMQUl2Y0FS
            ekJCcEEwMzhpUXNQa2FVUUFTbnUzTXVRUVRBCnJ0M3I0V0JBUy9uMTd0Rmc3YU1S
            VFo4eWF4ZGFWaUdyQlVBL1JOUWhPVmsKLS0tIGljbmxJRFdNUU1ISGJFdjdxeUsz
            S1Z6c3ZsNEhjRHZBMFE1OHdZRzVQdlkK0r71nWgb9JssKfJm7EH2q5vu4uv+yRl3
            xBVF8eQlxbhIYPrOJtDb4QFFp9qapvP6815/KdzDy1QeMHUWEhm06w==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aExaRC9SclVvT1g4WFI0
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSU1HYzFyUlpPc09seXZ4
-            N1grVzZWWmpPaGEwRmx3TjUyK0dvL0RNdmhjClY5UmI0eWZOTXZqbGFxT05OSnk1
+            VkFMZlVMU092RnRlaUZvaUwrU1ZkTERKRWlJCjd5S0RHclRtRHI5eGNleGhjVW92
-            RTAyYStRN0NsRnZlWk03eXIrajdiRjQKLS0tIHlMdzBVNFEzR2FuVFZEWStFY1hh
+            ZHFUaVh2a0hSdk56VWJvcVR2dDhPWjAKLS0tIHhyVVJBVlFEMU9yakliZzBlTlF2
-            MnFiSGt3dWZxWnF3M2FkbTJzSTA2VTAKtD40Gp12vB24Wnr8NvY7/ZWr9XVDF9Bl
+            ditjcmpwc2Nqd2pXbVgrRnlBNUhKVDQK5EvRZNbmhSVObrG+UFxYgvzaR8W57oj7
-            FUL34R1mpgweNJ1IowFPgQbxsyMTG7iYB4jC50JZNOKJxe9NaeOUlQ==
+            Ns32L0V8epKRvtIoQSg7ZapsBUPXuIx/HBAz4YBS6UDhE6bk7ZTVyg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtK0pFcWlheEwzV3N3bVFQ
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMS1dNV21oK1N2N3hkTDBz
-            K3EwNXI5MXQyYld6Z3J1aVNHWlQ4UjlxSzIwCktDbG9iMFRVQnJBenhWVFhLa2N1
+            cU1uRHF5OHJJdEVPUzhCZVlFQWFrbUJaWlNVCmMzcU9JaGVpZ2U0OXJ5RndPL1lT
-            SWRMR3JLajJscWFqMy84aGNFcy9UK1UKLS0tIEZoT0d2bVJpV3ByWmV0eENZVjM3
+            bko2RzkzVjBMMktEZnE1TmUrRER4R0kKLS0tIGo4U0MyZEtuems2UUE1VUpybTJa
-            WFd4ZFNHWG5Cakw5cU9MRE9HWHQ4THMKr/S7v1Oj3zQziMtI/NuFVm6AaJF5JV5U
+            dHhScUtHeHZ2Snh2R0lqVjBiaGo5b2cKNyqY5PmCfIhJXja+vNkS/AA7KbuMezMJ
-            sEr2nEptYFz4G6YL5psQGXHaKzQKBg+crgKRbYL4akhqT7pfYPC0bQ==
+            0HjbYOrW884uSBXOFTV4TCevX1rxJRh/UqXLSYHVgTQ0oSJR6FBWOg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-07-08T00:25:56Z"
+        - recipient: age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe
-    mac: ENC[AES256_GCM,data:v+p223kf9JLRMJ6moIpA5wZOemJY0+BSnX30MY8g28RBGaR+I7AbUHOrd+GUPAXLqwfqtrFdPt8pULT+fzuxL4wnlB9NPZxCYFMhSGGj8HysmDuytYXfSD1LZWD9fymE4KuyTZHv7I/coEM/iobbvutu9cmTKN05i1atjeh4B30=,iv:hPiQkvbeFjLyzTNoHMqqPikMPuDvT2X2iAo7JBlEpHY=,tag:fdHvvH+qPrv8UhwIA6aZSA==,type:str]
+          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUk42M1VRMnBlS0lRekMr
            RzZUY3AxV2lBQXEwdk96RnBvZ2pYSUVydlRvCkRxV2dNTGJ1T2grWC85NXBlbXRT
            MGpjc3JKZjJac2JTYXQ0TTBIRlgxckEKLS0tIDJNRkgzWUYwOGVMZWY3S3g5b0E2
            b0RTcURGL2dqWDUvZndXMUZkY1pwNU0K0rp/XCEL2HZpaERLqLAf+f2rc/HAqkuf
            y0J1w580VL/0IabjK07SZbkpznWdig3P9TKSIpddMRoKGjQp/PSmXA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1r2vlh9tgdmf6r0xj025zun0cvudn2p6jqav84pql8k928newtepq9ttw8z
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDWXhkbXVxdSs4eXlRVlBo
            NzlNbmpuRHN5QXRqZVQyMEVxeTBrK2VDKzJ3CnBWK05KN0E4RnROREszd0IwNWZ4
            RVhkOVV4TTVLK2FyZzNDYWdSN3l3emsKLS0tIHBMdFk2RlpIMzFiOXNrRUtpdndO
            YnQ4SnljYXBBOUZWQisxZTBrcERYZVUKvMK8LbBt482Vs5i+yBE6SmKWiLLIaEwD
            oSnmItFMeqtW+D1YR+YfODckgKjCuDYoIHmHe0TGYnYZpd/xo0vHTA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-09-11T13:44:03Z"
    mac: ENC[AES256_GCM,data:uRdBwVDRiagp3Wh8e/JxxVK4p8SE5BardFh8Jin0wDg9VIILzPrYjoqb3qMS10xqrM3QcXy3CfobrogfWLaS2G88FziiUFGm0eSQnq29gGrFDJFOu7zUwGHwFIQ4BaABytj04bLY6u4E1AAEIpaTCs9ODc0c/WS0Cpaad/XtdF0=,iv:dkkH0/cBVk4WjqXgsbhjHMjF2QhcrRlA9ckok83jlfw=,tag:hHobJ9oWlTIo2PQgt6WnTA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/hosts/nixos/common/users/common.nix
+++ b/hosts/nixos/common/users/common.nix
@ -1,21 +0,0 @@
 {
  authorizedKeys = { outputs, lib }:
    let
      # Record containing all the hosts
      hosts = outputs.nixosConfigurations;
      # Function from hostname to relative path to public ssh key
      idKey = host: ../../${host}/keys/id_ed25519.pub;
    in
    lib.pipe hosts [
      # attrsetof host -> attrsetof path
      (builtins.mapAttrs
        (name: _: idKey name)) # string -> host -> path
      # attrsetof path -> path[]
      builtins.attrValues
      # path[] -> path[]
      (builtins.filter builtins.pathExists)
    ];
 }
--- a/hosts/nixos/common/users/guest.nix
+++ b/hosts/nixos/common/users/guest.nix
@ -1,13 +0,0 @@
 # For more comments check out [pilot](./pilot.nix)
 { pkgs, outputs, lib, ... }:
 {
  users.mutableUsers = false;
  users.users.guest = {
    isNormalUser = true;
    shell = pkgs.fish;
    extraGroups = [ "wheel" "audio" "video" "network" "tty" ];
    password = "heyo";
    openssh.authorizedKeys.keyFiles =
      (import ./common.nix).authorizedKeys { inherit outputs lib; };
  };
 }
--- a/hosts/nixos/common/users/pilot.nix
+++ b/hosts/nixos/common/users/pilot.nix
@ -1,44 +0,0 @@
 { pkgs, outputs, config, lib, ... }:
 {
  satellite.pilot.name = "adrielus";
  sops.secrets.pilot_password = {
    sopsFile = ../secrets.yaml;
    neededForUsers = true;
  };
  users = {
    # Configure users through nix only
    mutableUsers = false;
    users.pilot = {
      inherit (config.satellite.pilot) name;
      # This gets referenced in other parts of the config
      uid = 1000;
      # Adds me to some default groups, and creates the home dir 
      isNormalUser = true;
      # Picked up by our persistence module
      homeMode = "700";
      # Add user to the following groups
      extraGroups = [
        "wheel" # Access to sudo
        "lp" # Printers
        "audio" # Audio devices
        "video" # Webcam and the like
        "network" # wpa_supplicant
        "syncthing" # syncthing!
      ];
      hashedPasswordFile = config.sops.secrets.pilot_password.path;
      shell = pkgs.fish;
      openssh.authorizedKeys.keyFiles =
        (import ./common.nix).authorizedKeys { inherit outputs lib; };
    };
  };
 }
--- a/hosts/nixos/euporie/default.nix
+++ b/hosts/nixos/euporie/default.nix
@ -1,20 +0,0 @@
 { lib, ... }: {
  imports = [
    ../common/global
    ../common/users/guest.nix
    ../common/optional/greetd.nix
    ../common/optional/pipewire.nix
    ../common/optional/desktop/xdg-portal.nix
    ../common/optional/wayland/hyprland.nix
  ];
  # Usually included in the hardware-configuration
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  # Set the name of this machine!
  networking.hostName = "euporie";
  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
  system.stateVersion = "22.11";
 }
--- a/hosts/nixos/iso/default.nix
+++ b/hosts/nixos/iso/default.nix
@ -0,0 +1,74 @@
 # See the wiki for more details https://wiki.nixos.org/wiki/Creating_a_NixOS_live_CD
 #
 # Can be built with
 # nix build .#nixosConfigurations.iso.config.system.build.isoImage
 {
  modulesPath,
  inputs,
  outputs,
  pkgs,
  ...
 }:
 {
  # {{{ Imports
  imports = builtins.attrValues outputs.nixosModules ++ [
    "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
    inputs.sops-nix.nixosModules.sops
    ../common/global/cli/fish.nix
    ../common/optional/services/wpa_supplicant.nix
    ../common/optional/services/kanata.nix
  ];
  # }}}
  # {{{ Automount hermes
  fileSystems."/hermes" = {
    device = "/dev/disk/by-uuid/41311200-3403-4324-9ad3-4fc45a061152";
    neededForBoot = true;
    options = [
      "nofail"
      "x-systemd.automount"
    ];
  };
  # }}}
  # {{{ Nix config
  nix = {
    # Flake support and whatnot
    package = pkgs.lix;
    # Enable flakes and new 'nix' command
    settings.experimental-features = [
      "nix-command"
      "flakes"
    ];
  };
  # }}}
  #  {{{ SSH keys
  users.users.pilot.openssh.authorizedKeys.keyFiles = [
    ../calypso/keys/id_ed25519.pub
    ../lapetus/keys/id_ed25519.pub
    ../tethys/keys/id_ed25519.pub
  ];
  #  }}}
  #  {{{ Install some packages
  environment.systemPackages =
    let
      cloneConfig = pkgs.writeShellScriptBin "liftoff" ''
        git clone git@github.com:prescientmoon/everything-nix.git
        cd everything-nix
      '';
    in
    with pkgs;
    [
      sops # Secret editing
      neovim # Text editor
      cloneConfig # Clones my nixos config from github
    ];
  #  }}}
  # Tell sops-nix to use the hermes keys for decrypting secrets
  sops.age.sshKeyPaths = [ "/hermes/secrets/hermes/ssh_host_ed25519_key" ];
  # Fast but bad compression
  # isoImage.squashfsCompression = "gzip -Xcompression-level 1";
 }
--- a/hosts/nixos/lapetus/default.nix
+++ b/hosts/nixos/lapetus/default.nix
@ -1,14 +1,21 @@
-{ config, ... }: {
+{ config, ... }:
 {
  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
  system.stateVersion = "23.05";
  # {{{ Imports
  imports = [
    ../common/global
-    ../common/users/pilot.nix
+    ../common/optional/users/pilot.nix
    ../common/optional/oci.nix
    ../common/optional/services/tailscale.nix
    ../common/optional/services/acme.nix
    ../common/optional/services/kanata.nix
    ../common/optional/services/nginx.nix
    ../common/optional/services/postgres.nix
    ../common/optional/services/syncthing.nix
    ../common/optional/services/restic
    ../common/optional/services/wpa_supplicant.nix
    # ./services/commafeed.nix
    # ./services/ddclient.nix
@ -19,7 +26,7 @@
    ./services/grafana.nix
    ./services/guacamole
    ./services/homer.nix
-    ./services/intray.nix
+    # ./services/intray.nix
    ./services/invidious.nix
    ./services/jellyfin.nix
    ./services/jupyter.nix
@ -30,7 +37,7 @@
    ./services/qbittorrent.nix # turned on/off depending on whether my vpn is paid for
    ./services/radicale.nix
    ./services/redlib.nix
-    ./services/smos.nix
+    # ./services/smos.nix
    ./services/vaultwarden.nix
    ./services/whoogle.nix
    ./services/zfs.nix
@ -38,19 +45,13 @@
    ./filesystems
    ./hardware
  ];
-
+  # }}}
-  # Machine ids
+  # {{{ Machine ids
  networking.hostName = "lapetus";
  networking.hostId = "08357db3";
  environment.etc.machine-id.text = "d9571439c8a34e34b89727b73bad3587";
-
+  # }}}
-  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+  # {{{ Tailscale internal IP DNS records
  system.stateVersion = "23.05";
  # Bootloader
  boot.loader.systemd-boot.enable = true;
  # Tailscale internal IP DNS records
  satellite.dns.records = [
    {
      at = config.networking.hostName;
@ -63,4 +64,16 @@
      value = "fd7a:115c:a1e0::e75d:883b";
    }
  ];
  # }}}
  # {{{ SSH keys
  users.users.pilot.openssh.authorizedKeys.keyFiles = [
    ../calypso/keys/id_ed25519.pub
    ../tethys/keys/id_ed25519.pub
  ];
  users.users.root.openssh.authorizedKeys.keyFiles =
    config.users.users.pilot.openssh.authorizedKeys.keyFiles;
  # }}}
  boot.loader.systemd-boot.enable = true;
 }
--- a/hosts/nixos/lapetus/hardware/default.nix
+++ b/hosts/nixos/lapetus/hardware/default.nix
@ -2,7 +2,6 @@
 {
  imports = with inputs.nixos-hardware.nixosModules; [
    common-cpu-intel
    common-gpu-intel
    common-pc-laptop
    common-pc-laptop-hdd
    common-pc-hdd
--- a/hosts/nixos/lapetus/secrets.yaml
+++ b/hosts/nixos/lapetus/secrets.yaml
@ -18,20 +18,38 @@ sops:
        - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcjFoRm1WNW9jOUJjUC9W
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIa2V4QmJURmVNYVRlTmdJ
-            NmxhWGRjWlFHd2tRaXJ6WnpaaWlxSFQ0RlZnCllVNTZ0b0MvL0VURDhQRUE1dDdW
+            ZTQ3dGlpY1J4Z2ZCZ2pmR1pmZU10aTR2S3h3CjRUeEZ3NmZWSXlZWjFaUis3bXNF
-            L1NkYzBRRDFLcFpwTTgzRnphLy9GT00KLS0tIFcvU2ZUQ21FZU1NTEFJaHRTVjV3
+            VUhFUlFRTGROL01JWjJCTEVCSDZSQkUKLS0tIEZTT2Yza1NCN3hDYVlyYll0TUVG
-            eU1YeEZIOTJKa3I4c3ZwbVdPMlBLbmMKCBhopcTXWiAwR8ACyDf+P11SYcPrPSSv
+            OUdPK0VPL2pzcTVZenhGVXRlZ1JsQUEKApVFIAhjYXsc9YCwR+BM3ZAt+Q7cvAqF
-            QRPJ6I8Y1Lc7KTCbkO8zW2hBb6fdbvWBJQtW0rOfCuGQ831OyArr0w==
+            N6oYq31BaPXdEjc1UPoSYBfbyonTSlf3cK66c2Pq2as2Y7YDUmX6QA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnaUl6ZkFyWGh5YVRxTFgy
            WEI1R0NGMjREeG83M2g3blA5S1NidjUxTVQ0ClVWeTVscXpuanF0NXhKNlhPZWRZ
            aUd0akJzYTN3QUdzZUhGbXp4bWliVEkKLS0tIGdudUJVM2ZKbDlGSHc1ZC8va3FJ
            Um1vUVRob0phckdJQ1ZmaFR6WEUyTWMKzDa1gfFbNJZlfk48nGynqG0bvzFQDo07
            5xKDzvxIbPlWTufH0vGlOjmA7d8JF718cTE6DQ9z9hCynLiwEfhJzQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGV2VmdmJ2QlVVbUF6MUtt
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHVHFpZ0NRTGpsM0t5TnZV
-            dzZFUGJFS3cyKzlTTHJiWjlqRmJkUm04WXh3CktSdGRIUWxJRU5oVVdkUTFwaEZr
+            c1NidmZXTnh6Tm5hNzJsVGx6bmRPNStyNFY0CkhqU2JYcXVjVGdPNXVlVk0wUmJ3
-            M1Y4NnRtclZVTkltOHNjNXAxVW9yaFEKLS0tIGlRYjgwd0FkN0FBU1RSQjRnVWpW
+            K0k2NWRPZUM3Zmd1NTBhUVVLcHhGV1kKLS0tIEtIRWtZdWQ0ZjczYmM3Z1NIc2ZT
-            RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U
+            bHhJU0p0VkUzQUhwcFVsQS9CdlFFUGMKgc22KPc4yYIlqkUoBLmtlMhUkU3Pq+Qq
-            lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ==
+            ZnrabCP+uw4oNplel8VEUgICuGuVv4xasAzSVJYu0wlCee7GkBtGRw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1r2vlh9tgdmf6r0xj025zun0cvudn2p6jqav84pql8k928newtepq9ttw8z
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZVVtTHFoZXJKUjlxZmpr
            aVJJM0MxdzRkZFdMd212bFhQOC9VMU1udjJBCmxpOWV4TlRuZHdNUU8zNmwwdGJl
            cE5sd2N4WGRlSVZPL1BCVW51NnZQb2sKLS0tIDVmTHdCNnVQTjRmRUhTMS9kbndN
            RkpibTJpVzVtR0txL1dHbmFkdlkvUk0KDgqO8c7CggeXhEMzx/tcLqtMG6MmuOi/
            UmG9eSUO9im0Q7q7FG4Z+/lZ7+Iu15Dj8qA2/5MtDYPW+vxN3gzZrg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-06-13T14:52:30Z"
    mac: ENC[AES256_GCM,data:EXVbpc8P8SzTSYw0TWwJBEWYZRpGOAXm4wFS0JbzeiNaWEybZk6Y07Vr5tyaEWucpu52VxLrVwoZn8YSdF9JPAHtTQYYY35MccBkB01+GVXpVDQfxCG9UNYO24qExNboQIs5QRWmtaX7zTbut+ETcOFKHlkqR9g95PZQhsNZx4c=,iv:1Bu9g4/V2ixRvJJBijlkdNO9pdoR+qwDGTeUgr24dsg=,tag:gyF34lCSbF0It4KPmtQYJA==,type:str]
--- a/hosts/nixos/lapetus/services/forgejo.nix
+++ b/hosts/nixos/lapetus/services/forgejo.nix
@ -7,6 +7,10 @@
  };
  satellite.cloudflared.at.git.port = config.satellite.ports.forgejo;
  satellite.cloudflared.at."ssh.git" = {
    protocol = "ssh";
    port = config.satellite.ports.forgejo-ssh;
  };
  services.forgejo = {
    enable = true;
@ -29,6 +33,8 @@
        HTTP_PORT = config.satellite.cloudflared.at.git.port;
        ROOT_URL = config.satellite.cloudflared.at.git.url;
        LANDING_PAGE = "prescientmoon"; # Make my profile the landing page
        SSH_DOMAIN = config.satellite.cloudflared.at."ssh.git".host;
        SSH_PORT = config.satellite.ports.forgejo-ssh;
      };
      cron.ENABLED = true;
@ -45,9 +51,7 @@
      repository = {
        DISABLE_STARS = true;
        DISABLED_REPO_UNITS = "";
-        DEFAULT_REPO_UNITS = lib.strings.concatStringsSep "," [
+        DEFAULT_REPO_UNITS = lib.strings.concatStringsSep "," [ "repo.code" ];
          "repo.code"
        ];
      };
    };
  };
--- a/hosts/nixos/lapetus/services/invidious.nix
+++ b/hosts/nixos/lapetus/services/invidious.nix
@ -1,4 +1,5 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, ... }:
 {
  sops.secrets.invidious_hmac_key.sopsFile = ../secrets.yaml;
  sops.templates."invidious_hmac_key.json" = {
    content = ''{ "hmac_key": "${config.sops.placeholder.invidious_hmac_key}" }'';
@ -18,21 +19,18 @@
      admins = [ "prescientmoon" ];
      default_user_preferences = {
        default_home = "Subscriptions";
-        comments = [ "youtube" "reddit" ];
+        comments = [
          "youtube"
          "reddit"
        ];
        save_player_pos = true;
        automatic_instance_redirect = true;
      };
      # The error when updating to 24.05 asked me to set this
      db.user = "invidious";
    };
-    # REASON: the current invidious is broken, and cannot play videos
+    package = pkgs.invidious;
    package = pkgs.invidious.overrideAttrs (_oldAttrs: {
      src = pkgs.fetchFromGitHub {
        owner = "iv-org";
        repo = "invidious";
        fetchSubmodules = true;
        rev = "eda7444ca46dbc3941205316baba8030fe0b2989";
        sha256 = "0iafxgb93jxx9ams6ll2yx8il4d7h89a630hcx9y8jj4gn3ax7v1";
      };
    });
  };
 }
--- a/hosts/nixos/lapetus/services/jupyter.nix
+++ b/hosts/nixos/lapetus/services/jupyter.nix
@ -1,15 +1,22 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 let
  # {{{ Jupyterhub/lab env
-  appEnv = pkgs.python3.withPackages (p: with p; [
+  appEnv = pkgs.python3.withPackages (
-    jupyterhub
+    p: with p; [
-    jupyterlab
+      jupyterhub
-    jupyterhub-systemdspawner
+      jupyterlab
-    jupyter-collaboration
+      jupyterhub-systemdspawner
-    jupyterlab-git
+      jupyter-collaboration
-  ]);
+      jupyterlab-git
-  # }}}
+    ]
  );
 in
 # }}}
 {
  systemd.services.jupyterhub.path = [
    pkgs.texlive.combined.scheme-full # LaTeX stuff is useful for matplotlib
@ -25,8 +32,8 @@ in
    # {{{ Spwaner & auth config
    extraConfig = ''
-      c.Authenticator.allowed_users = {'adrielus', 'javi'}
+      c.Authenticator.allowed_users = {'${config.users.users.pilot.name}', 'javi'}
-      c.Authenticator.admin_users = {'adrielus'}
+      c.Authenticator.admin_users = {'${config.users.users.pilot.name}'}
      c.Spawner.notebook_dir='${config.users.users.pilot.home}/projects/notebooks'
      c.SystemdSpawner.mem_limit = '2G'
@ -35,13 +42,18 @@ in
    # }}}
    # {{{ Python 3 kernel
    kernels.python3 =
-      let env = (pkgs.python3.withPackages (p: with p; [
+      let
-        ipykernel
+        env = (
-        numpy
+          pkgs.python3.withPackages (
-        scipy
+            p: with p; [
-        matplotlib
+              ipykernel
-        tabulate
+              numpy
-      ]));
+              scipy
              matplotlib
              tabulate
            ]
          )
        );
      in
      {
        displayName = "Numerical mathematics setup";
--- a/hosts/nixos/lapetus/services/zfs.nix
+++ b/hosts/nixos/lapetus/services/zfs.nix
@ -1,11 +1,12 @@
-{ config, ... }: {
+{ config, ... }:
-  # {{{ Zfs config 
+{
  # {{{ Zfs config
  services.zfs = {
    trim.enable = true;
    autoScrub.enable = true;
  };
  # }}}
-  # {{{ Sanoid config 
+  # {{{ Sanoid config
  # Sanoid allows me to configure snapshot frequency on a per-dataset basis.
  services.sanoid = {
    enable = true;
@ -36,12 +37,4 @@
    # }}}
  };
  # }}}
  # {{{ Syncoid 
  # Automatically sync certain snapshot to rsync.net
  services.syncoid = {
    enable = true;
    commands."zroot/root/persist/data".target = "root@rsync.net:zroot/root/persist/data";
    commands."zroot/root/persist/state".target = "root@rsync.net:zroot/root/persist/state";
  };
  # }}}
 }
--- a/hosts/nixos/tethys/default.nix
+++ b/hosts/nixos/tethys/default.nix
@ -1,89 +1,65 @@
-{ config, lib, pkgs, ... }: {
+{ pkgs, config, ... }:
-  # {{{ Imports
+{
  imports = [
    ../common/global
    ../common/users/pilot.nix
    ../common/optional/pipewire.nix
    ../common/optional/bluetooth.nix
    ../common/optional/greetd.nix
    ../common/optional/quietboot.nix
    ../common/optional/desktop/steam.nix
    ../common/optional/desktop/xdg-portal.nix
    ../common/optional/wayland/hyprland.nix
    ../common/optional/services/kanata.nix
    ../common/optional/services/restic
    ./hardware
    ./boot.nix
    ./services/syncthing.nix
  ];
  # }}}
  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
  system.stateVersion = "22.11";
-  services.mullvad-vpn.enable = true;
+  # {{{ Imports
  imports = [
    ../common/global
    ../common/optional/users/pilot.nix
    ../common/optional/bluetooth.nix
    ../common/optional/greetd.nix
    ../common/optional/oci.nix
    ../common/optional/quietboot.nix
    ../common/optional/desktop
    ../common/optional/desktop/steam.nix
    ../common/optional/wayland/hyprland.nix
    ../common/optional/services/wpa_supplicant.nix
    ../common/optional/services/tailscale.nix
    ../common/optional/services/kanata.nix
    ../common/optional/services/restic
    ../common/optional/services/nginx.nix
    ./services/syncthing.nix
    ./hardware
    ./boot.nix
  ];
  # }}}
  # {{{ Machine ids
  networking.hostName = "tethys";
  environment.etc.machine-id.text = "08357db3540c4cd2b76d4bb7f825ec88";
  # }}}
  # {{{ A few ad-hoc hardware settings
  hardware.enableAllFirmware = true;
  hardware.opengl.enable = true;
  hardware.opentabletdriver.enable = true;
  hardware.keyboard.qmk.enable = true;
  powerManagement.cpuFreqGovernor = "ondemand";
  services.tlp.enable = true;
  services.thermald.enable = true;
  # }}}
  # {{{ A few ad-hoc programs
  programs.kdeconnect.enable = true;
  programs.firejail.enable = true;
-  programs.extra-container.enable = true;
+  services.mullvad-vpn.enable = true;
  virtualisation.docker.enable = true;
  virtualisation.waydroid.enable = true;
  # virtualisation.spiceUSBRedirection.enable = true; # This was required for the vm usb passthrough tomfoolery
  # }}}
  # {{{ Ad-hoc stylix targets
  # TODO: include this on all gui hosts
  # TODO: is this useful outside of home-manager?
  stylix.targets.gtk.enable = true;
  # }}}
  # {{{ Some ad-hoc site blocking
  networking.extraHosts =
    let
      blacklisted = [
        # "twitter.com"
        # "www.reddit.com"
        "minesweeper.online"
      ];
      blacklist = lib.concatStringsSep "\n" (lib.forEach blacklisted (host: "127.0.0.1 ${host}"));
    in
    blacklist;
  # }}}
  services.mysql = {
    enable = true;
    package = pkgs.mysql80;
  };
-
+  # }}}
-  programs.dconf.enable = true;
+  # {{{ Ad-hoc stylix targets
-  services.gnome.evolution-data-server.enable = true;
+  stylix.targets.gtk.enable = true;
-  services.gnome.gnome-online-accounts.enable = true;
+  # }}}
-
+  # {{{ Tailscale internal IP DNS records
  # Tailscale internal IP DNS records
  satellite.dns.records = [
-    # {
+    {
-    #   at = config.networking.hostName;
+      at = config.networking.hostName;
-    #   type = "A";
+      type = "A";
-    #   value = "100.93.136.59";
+      value = "100.93.136.59";
-    # }
+    }
-    # {
+    {
-    #   at = config.networking.hostName;
+      at = config.networking.hostName;
-    #   type = "AAAA";
+      type = "AAAA";
-    #   value = "fd7a:115c:a1e0::e75d:883b";
+      value = "fd7a:115c:a1e0::e75d:883b";
-    # }
+    }
  ];
  # }}}
  # {{{ SSH keys
  users.users.pilot.openssh.authorizedKeys.keyFiles = [ ../calypso/keys/id_ed25519.pub ];
  # }}}
 }
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
prescientmoon	78198f18b2	Add tailscale internal dns entries to all the hosts	2024-10-11 13:18:05 +02:00
prescientmoon	52d0513ab3	Fix lapetus invidous db user	2024-10-11 12:44:13 +02:00
prescientmoon	f64c0e35bf	Fix lapetus again - remove lapetus home manager usage - try to fix nixos hardware import error	2024-10-11 12:40:05 +02:00
prescientmoon	5f8f646ae1	Fix tethys	2024-10-11 12:20:59 +02:00
prescientmoon	1e511f9e04	Too many changes - edopro - fix resstic & rsync setup - prepare lapetus redeploy - ...more I forgot about (should've commited more times...)	2024-10-11 12:16:46 +02:00
prescientmoon	5926fbaf5f	Update readme	2024-09-24 06:30:00 +02:00
prescientmoon	5230faf7c4	Uhhhh, lots of changes I forgot to push earlier	2024-09-24 05:41:40 +02:00
prescientmoon	de5e4fe049	Make zathura the default for opening pdf files	2024-09-18 09:28:18 +02:00
prescientmoon	a94ba0499d	Set up forgejo ssh	2024-09-11 16:30:19 +02:00
prescientmoon	861f2e81e2	Connect to eduroam via iwd declaratively	2024-09-11 15:59:57 +02:00
prescientmoon	7c7e067c1a	Some neovim changes I forgot about	2024-09-11 15:59:50 +02:00
prescientmoon	2eb3151562	Format rebuild script a bit	2024-09-11 15:59:23 +02:00
prescientmoon	04a66f7f98	Clean up home dir a bit	2024-09-01 00:15:33 +02:00
prescientmoon	c0a5d1f8cc	Allow choosing between iwd and wpa_supplicant	2024-08-31 18:38:31 +02:00
prescientmoon	0a2f22b0af	Remove htop Additionally, tweak restic a bit and add more comments there	2024-08-30 01:20:13 +02:00
prescientmoon	366ed55d6f	Disable lazygit popup It keps popping up over and over again (because of impermanence)	2024-08-30 01:13:01 +02:00
prescientmoon	8ff62cb40d	Lots of changes, I guess...	2024-08-30 01:10:41 +02:00
prescientmoon	f02308a40e	Fix systemd `after` for rollback	2024-08-28 01:05:39 +02:00
prescientmoon	efeb877394	New partition rollback mechanism!	2024-08-28 00:52:27 +02:00
prescientmoon	9d6964d0f1	Fix ssh persmissions (last take)	2024-08-28 00:18:45 +02:00
prescientmoon	819dfd483f	Fix ssh permissions (take 6)	2024-08-28 00:14:16 +02:00
prescientmoon	ec239297dd	Fix ssh permissions (take 5)	2024-08-28 00:10:02 +02:00
prescientmoon	bdb0aab8a1	Make calypso non-minimal again	2024-08-27 23:47:44 +02:00
prescientmoon	75425faa20	Fix ssh permissions (take 4)	2024-08-27 23:35:21 +02:00
prescientmoon	b6118974ec	Fix ssh permissions (take 3)	2024-08-27 23:28:37 +02:00
prescientmoon	e3147858c3	Fix ssh persmissions (take 2)	2024-08-27 23:15:18 +02:00
prescientmoon	b655497e4d	Set up backup file extension for HM	2024-08-27 23:05:59 +02:00
prescientmoon	95336a2c37	Fix ~/.ssh permisions	2024-08-27 23:01:36 +02:00
prescientmoon	d650f153a1	Update iso again	2024-08-27 22:11:56 +02:00
prescientmoon	1b962254d1	Regenerate hermes key	2024-08-27 21:56:19 +02:00
prescientmoon	141b023739	Simplify iso	2024-08-27 21:32:51 +02:00
prescientmoon	c13f4b9c11	Make calypso minimal one last time	2024-08-27 20:55:57 +02:00
prescientmoon	19d2ef374c	New rollback script	2024-08-27 20:52:29 +02:00
prescientmoon	c217465409	Fix changed partition names	2024-08-27 16:36:17 +02:00
prescientmoon	b95a4e55c2	A lot of iso changes	2024-08-27 16:28:49 +02:00
prescientmoon	2b2e74a75d	Add emojis to more scripts	2024-08-27 13:54:32 +02:00
prescientmoon	1b180a8a25	Improve custom iso	2024-08-27 13:30:17 +02:00
prescientmoon	2357c5d3d6	Finalize calypso install!	2024-08-26 23:30:04 +02:00
prescientmoon	b67cf3fde7	Add generated hardware config for calypso	2024-08-26 21:28:35 +02:00
prescientmoon	8823274d15	Make calypso less minimal again	2024-08-26 21:24:34 +02:00
prescientmoon	a67c49e605	Update calypso keys	2024-08-26 21:18:39 +02:00
prescientmoon	e2d0f8f0c8	Make callypso even more minimal for now	2024-08-26 20:16:57 +02:00
prescientmoon	4d3e573895	Make calypso more minimal for now	2024-08-26 19:49:12 +02:00
prescientmoon	9d584ec88b	Fix emergency script not reading the disko mode	2024-08-26 19:27:17 +02:00
prescientmoon	3836681223	Fix emergency script arg counting	2024-08-26 19:25:44 +02:00
prescientmoon	c26282c605	Update emergency script to support more than one host	2024-08-26 19:22:16 +02:00
prescientmoon	b9ba99c6f4	Update emergency script	2024-08-26 19:17:13 +02:00
prescientmoon	896bd7b217	Update catppuccin hashes	2024-08-26 18:40:58 +02:00
prescientmoon	09332ba001	Generate calypso machine ids	2024-08-26 18:21:34 +02:00
prescientmoon	e382175004	Fix HM import in flake.nix	2024-08-26 18:12:43 +02:00
prescientmoon	5eb6987d6c	Auto create blank snapshot using disko	2024-08-26 18:11:59 +02:00
prescientmoon	070a6774ec	Remove blank btrfs auto snapshot	2024-08-26 18:06:28 +02:00
prescientmoon	c4c41ff68a	Fix default calypso disk name	2024-08-26 18:00:25 +02:00
prescientmoon	454aae8f88	Prepare calypso install	2024-08-26 17:38:47 +02:00
prescientmoon	3a4d400fef	Move away from wezterm	2024-08-05 20:31:34 +02:00
prescientmoon	afea4bacd0	Improved nix setup	2024-07-28 20:01:45 +02:00
prescientmoon	a6293a1ba4	Update to nixpgks 24.05	2024-07-26 20:18:26 +02:00
		`@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBwFNYf8q84oGOwiGCXmJqeBPdglTPcWJB9nnLpmS2RG moon@calypso`
		`@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASX1E4WYg5dydret3G0fWYJLQn2oRxNZdHWWaJojW1a root@calypso`
		`@ -0,0 +1 @@`
							ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAfRDNDA5B0YlnR0K5wQ0w6pMl0Pi8WIjanKol5SA615VDye3caBdv3UzxdC221ECIa9bZQcaKt/ncIuj/3fE49W8D0+2wL/1Eruy4ximAVAtLgIMzm+hl/dP3KsyTjUajIUbso08S9PUjtJl8PgmiiEPEppMAo++hwKycn5bRoUywE/VoNgPhAB5sgKaFZiQhPu4q0mZWhikGiaJzKPRi84bP4gCL9/h0slSWP3VmhWE7Vyvyjv6OKHdfjXoJA/AjSd3VogmGnzDWUI5lkwJzkHv/ybie9+7y+0o+wBu4+0lJlchBEq0f6dp9fw0MZRt84DYw8/MFDa+SXq5cO5aAwHARpRYeAHkPIRnwJbxTqn6uDlAdWrIxY8SPXIrrBpfnVSoaH8SJN/spsEoILkqrOpncQi5QP1rY8Bi2zaI13WD1kYsh9l4FqmqvCeawEgN0pedudZf2qqHWD93lDTAWxM7k5rPHSSgnnfsgwE35peBpmepJH8ZNFaBqw+aCvIM= root@calypso
		`@ -0,0 +1 @@`
							`The certificate is taken from the source code of the python script found at [cat.eduroam.org](https://cat.eduroam.org/) for my university, so I assume it's ok to share around?`