feat: re-enable affine service

- Remove comment from audacity.nix to enable Audacity application
- Add Ollama provider configuration for local LLM access
- Configure glm-4.7-flash model with custom base URL

.ignore

@@ -0,0 +1 @@
+*.lock

AGENTS.md

@@ -0,0 +1,198 @@
+# Agent Guidelines for NixOS/nix-darwin Dotfiles
+
+This repository contains NixOS, nix-darwin, and Home Manager configurations in Nix. You are a sysadmin managing server configurations and deployments.
+
+## Build, Test, and Deployment Commands
+
+### Build and Apply Configurations
+
+**Linux (NixOS):**
+```bash
+just build                          # Build configuration
+just install cores='32'             # Apply with 32 cores
+sudo nixos-rebuild test --fast --flake .  # Test without activation
+sudo nixos-rebuild switch --rollback --flake .  # Rollback
+```
+
+**macOS (nix-darwin):**
+```bash
+just build                          # Build configuration
+just install                        # Apply configuration
+```
+
+**Home Manager:**
+```bash
+just home
+```
+
+### Deploy to Remote Machines (deploy-rs)
+
+```bash
+deploy -s .#ryu      # Desktop (x86_64-linux)
+deploy -s .#tako     # Server (x86_64-linux)
+deploy -s .#tsuba    # Raspberry Pi (aarch64-linux)
+deploy -s .#kuro     # MacBook M4 Pro (aarch64-darwin)
+deploy -s .#shiro    # Mac Mini M4 (aarch64-darwin)
+```
+
+### Validation and Formatting
+
+```bash
+nix flake check --show-trace        # Check flake for errors
+alejandra fmt .                     # Format all files
+alejandra fmt <file>.nix            # Format single file
+```
+
+## Directory Structure
+
+- `flake.nix` - Main entry point, device definitions
+- `nixos/` - NixOS machine configs (ryu, tako, tsuba)
+- `darwin/` - macOS machine configs (kuro, shiro)
+- `home/` - Home Manager modules (programs/, services/, apps/)
+- `modules/` - Custom modules (nixos/, darwin/, home/)
+- `secrets/` - SOPS encrypted secrets
+- `overlays.nix`, `deploy.nix`, `sops.nix`, `stylix.nix` - Config files
+
+## Code Style Guidelines
+
+### Nix Language Conventions
+
+**File Structure:**
+```nix
+{inputs, config, pkgs, lib, device, ...}: {
+  # Configuration here
+}
+```
+
+**Imports:**
+- Order: `inputs`, `config`, `pkgs`, `lib`, `device`, custom params, `...`
+- Use set destructuring for clarity
+
+**Formatting:**
+- Use `alejandra` formatter (run before committing)
+- 2-space indentation
+- Trailing commas in lists and attribute sets
+
+**Naming Conventions:**
+- Files: lowercase-with-hyphens (e.g., `my-module.nix`)
+- Attributes: camelCase (e.g., `enableMyFeature`)
+- Functions: camelCase (e.g., `mkDevice`)
+- Constants: UPPER_SNAKE_CASE (e.g., `API_KEY`)
+- Device names: lowercase (e.g., `ryu`, `tako`)
+
+**Let Expressions:**
+```nix
+with lib; let
+  cfg = config.programs.myProgram;
+in {
+  options = { ... };
+  config = mkIf cfg.enable { ... };
+}
+```
+
+**Conditionals:**
+- Use `mkIf` for config options
+- Use `lib.optionalAttrs` for attribute sets
+- Use `lib.optionals` for lists
+
+### Module Patterns
+
+**Simple Package Module:**
+```nix
+{pkgs, ...}: {
+  home.packages = [pkgs.myPackage];
+}
+```
+
+**Program Configuration Module:**
+```nix
+{config, pkgs, lib, ...}:
+with lib; let
+  cfg = config.programs.myProgram;
+in {
+  options.programs.myProgram = {
+    enable = mkEnableOption "myProgram";
+  };
+  config = mkIf cfg.enable {
+    home.packages = [pkgs.myProgram];
+  };
+}
+```
+
+**Device-Specific Logic:**
+```nix
+home.packages = lib.optionals device.isLinux [pkgs.linuxPackage]
+  ++ lib.optionals device.isDarwin [pkgs.macPackage];
+
+sessionVariables.BROWSER = if device.isDarwin then "open" else "xdg-open";
+```
+
+## Important Rules
+
+1. **NEVER create markdown files** unless explicitly requested
+2. **DO NOT add shell scripts** - use Nix expressions
+3. **All configurations must use Nix expressions** when possible
+4. **Follow existing naming conventions** and directory structure
+5. Create custom application entries in `~/.local/share/applications/{appname}.desktop`
+
+## Secrets Management
+
+- Secrets are managed with SOPS in `secrets/` directory
+- Encrypted secrets in `secrets/` directory
+- Configuration in `.sops.yaml`
+- Access via `config.sops.secrets."secret/value".path`
+    ```yaml
+    foo:
+        bar: somesecret
+    ```
+    The path is the file that contains `somesecret`
+- Add new secrets using `sops set` 
+  Example
+  ```bash
+    openssl rand -hex 32 | tr -d '\n' | jq -sR | sops set --value-stdin secrets/secrets.yaml '["foo"]["bar"]'
+  ```
+  This will add a randomly generated secret to the sops file
+
+
+## Common Patterns
+
+### Adding a New Program
+
+```bash
+just add program myprogram  # Creates home/programs/myprogram.nix and adds import
+```
+
+### Adding a new dns entry
+```bash
+cfcli add --type A foobar.bazbar.biz 192.168.0.1
+```
+
+### Creating a Module
+
+1. Determine location: `modules/nixos/`, `modules/darwin/`, or `modules/home/`
+2. Create file with proper structure
+3. Add to `modules/default.nix` imports
+
+### Device Configuration
+
+Devices are defined in `flake.nix` using `mkDevice`. Properties available:
+- `device.isLinux`, `device.isDarwin`, `device.isArm`
+- `device.isServer`, `device.hasGui`, `device.isDesktopLinux`
+- `device.name`, `device.user`, `device.home`
+
+## Error Handling
+
+- Use `mkIf` to conditionally enable configurations
+- Handle both Linux and macOS cases when adding cross-platform features
+
+## Testing Changes
+
+1. Build first: `just build` or `nixos-rebuild build --flake .`
+2. Check for errors with `--show-trace` flag
+
+## Version Information
+
+- Nix Version: 2.32+
+- Flakes: Enabled (required)
+- Formatter: alejandra
+- State Version: (varies by machine & never change this)

Makefile

@@ -1,9 +1,9 @@
-.PHONY: darwin home default nixos just
+.PHONY: darwin home default nixos install
 
-default: just
+default: install
 
-just:
-	just
+install:
+	sudo nixos-rebuild switch --flake . --builders '' --max-jobs 1
 
 build:
 	sudo nixos-rebuild build --flake . --show-trace

README.md

@@ -1,6 +1,6 @@
 # Machines
 
-1. Ryu Dektop (Intel i9-14900KS / Nvidia 5090 / DDR5 64GB CL36@6000MTs) 
+1. Ryu Dektop (Intel i9-14900KS / Nvidia RTX 5090 / DDR5 64GB CL36@6000MTs) 
     ```
     deploy -s .#ryu
     ```

builders/mirai.nix

@@ -1,7 +0,0 @@
-# {
-#   hostName = "mirai.darksailor.dev";
-#   sshUser = "remotebuilder";
-#   systems = ["x86_64-linux" "aarch64-linux"];
-#   protocol = "ssh-ng";
-#   supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
-# }

darwin/default.nix

@@ -3,6 +3,7 @@
   inputs,
   nix-darwin,
   overlays,
+  nixpkgs,
   ...
 }: (builtins.mapAttrs (
     name: device:
@@ -11,6 +12,7 @@
         specialArgs = {
           inherit device inputs;
           stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system};
+          cratesNix = inputs.crates-nix.mkLib {pkgs = nixpkgs.legacyPackages.${device.system};};
         };
         modules = [
           inputs.home-manager.darwinModules.home-manager

darwin/kuro/configuration.nix

@@ -28,7 +28,7 @@
       extra-nix-path = nixpkgs=flake:nixpkgs
       builders-use-substitutes = true
     '';
-    package = pkgs.nixVersions.latest;
+    package = pkgs.nixVersions.nix_2_32;
     buildMachines = [
       ../../builders/tako.nix
       ../../builders/shiro.nix

darwin/kuro/homebrew.nix

@@ -8,11 +8,8 @@
       "lunar"
       "orcaslicer"
       "raycast"
-      "shapr3d"
-      "vlc"
       "zed"
       "zen"
-      "lm-studio"
     ];
   };
 }

darwin/kuro/services/tailscale.nix

@@ -1,6 +1,5 @@
-{stablePkgs, ...}: {
+{...}: {
   services.tailscale = {
     enable = true;
-    package = stablePkgs.tailscale;
   };
 }

darwin/shiro/homebrew.nix

@@ -5,12 +5,10 @@
       "docker-compose"
     ];
     casks = [
+      "1password"
       "docker"
       "raycast"
       "lunar"
-      "virtual-desktop-streamer"
-      "kicad"
-      "shapr3d"
       "orcaslicer"
       "zed"
       "zen"

deploy.nix

@@ -55,13 +55,13 @@
         user = "root";
       };
     };
-    # deck = {
-    #   hostname = "steamdeck";
-    #   profiles.system = {
-    #     sshUser = "deck";
-    #     path = deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations.deck;
-    #     user = "deck";
-    #   };
-    # };
+    deck = {
+      hostname = "sdeck";
+      profiles.system = {
+        sshUser = "deck";
+        path = deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations.deck;
+        user = "deck";
+      };
+    };
   };
 }

flake.nix

@@ -3,7 +3,7 @@
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     nixpkgs-master.url = "github:nixos/nixpkgs/master";
-    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11";
     flake-utils.url = "github:numtide/flake-utils";
     disko = {
       url = "github:nix-community/disko/latest";
@@ -18,11 +18,11 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     stylix-stable = {
-      url = "github:nix-community/stylix/release-25.05";
+      url = "github:nix-community/stylix/release-25.11";
       inputs.nixpkgs.follows = "nixpkgs-stable";
     };
     home-manager-stable = {
-      url = "github:nix-community/home-manager/release-25.05";
+      url = "github:nix-community/home-manager/release-25.11";
       inputs.nixpkgs.follows = "nixpkgs-stable";
     };
     nix-darwin = {
@@ -155,9 +155,9 @@
     };
     zen-browser = {
       url = "github:0xc000022070/zen-browser-flake";
-      # IMPORTANT: we're using "libgbm" and is only available in unstable so ensure
-      # to have it up-to-date or simply don't specify the nixpkgs input
+      # IMPORTANT: To ensure compatibility with the latest Firefox version, use nixpkgs-unstable.
       inputs.nixpkgs.follows = "nixpkgs";
+      inputs.home-manager.follows = "home-manager";
     };
 
     anyrun = {
@@ -189,11 +189,6 @@
       url = "github:uttarayan21/ddcbacklight";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    command-runner = {
-      url = "github:uttarayan21/command-runner";
-      # url = "path:/home/servius/Projects/command-runner";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
     hyprmonitors = {
       url = "git+https://git.darksailor.dev/servius/hyprmonitors";
       # url = "path:/home/servius/Projects/hyprmonitors";
@@ -230,7 +225,14 @@
       url = "github:xatuke/handoff";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    crates-nix.url = "github:uttarayan21/crates.nix";
+    crates-io-index = {
+      url = "git+https://github.com/rust-lang/crates.io-index?shallow=1";
+      flake = false;
+    };
+    crates-nix = {
+      url = "github:uttarayan21/crates.nix";
+      inputs.crates-io-index.follows = "crates-io-index";
+    };
     headplane = {
       url = "github:tale/headplane";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -247,6 +249,9 @@
       url = "github:christo-auer/eilmeldung";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    hytale-launcher = {
+      url = "github:JPyke3/hytale-launcher-nix";
+    };
   };
 
   outputs = {
@@ -431,7 +436,7 @@
         # };
         devShells = {
           default = pkgs.mkShell {
-            packages = with pkgs; [sops just openssl];
+            packages = with pkgs; [sops just openssl ast-grep];
           };
         };
       }

home/accounts/fastmail.nix

@@ -5,42 +5,61 @@
 }: {
   sops = {
     secrets."accounts/mail/fastmail" = {};
+    secrets."accounts/calendar/fastmail" = {};
   };
-  accounts.email = {
-    maildirBasePath = "Mail";
-    accounts = {
-      fastmail = rec {
-        maildir = {
-          path = "fastmail";
+  accounts = {
+    email = {
+      maildirBasePath = "Mail";
+      accounts = {
+        fastmail = rec {
+          maildir = {
+            path = "fastmail";
+          };
+          primary = true;
+          address = "email@uttarayan.me";
+          aliases = ["servius@darksailor.dev"];
+          userName = address;
+          realName = "Uttarayan Mondal";
+          imap = {
+            host = "imap.fastmail.com";
+            port = 993;
+            tls.enable = true;
+            # authentication = "login";
+          };
+          smtp = {
+            host = "smtp.fastmail.com";
+            port = 465;
+            tls.enable = true;
+          };
+          passwordCommand = ["cat" "${config.sops.secrets."accounts/mail/fastmail".path}"];
+          mbsync = {
+            enable = true;
+            create = "both";
+          };
         };
-        primary = true;
-        address = "email@uttarayan.me";
-        userName = address;
-        realName = "Uttarayan Mondal";
-        imap = {
-          host = "imap.fastmail.com";
-          port = 993;
-          tls.enable = true;
-          # authentication = "login";
-        };
-        smtp = {
-          host = "smtp.fastmail.com";
-          port = 465;
-          tls.enable = true;
-        };
-        imapnotify = {
-          enable = true;
-        };
-        passwordCommand = ["cat" "${config.sops.secrets."accounts/mail/fastmail".path}"];
-        mbsync = {
-          enable = true;
-          create = "both";
+      };
+    };
+    calendar = {
+      basePath = "Calendar";
+      accounts = {
+        fastmail = {
+          remote = {
+            url = "https://caldav.fastmail.com/dav/calendars/user/email@uttarayan.me";
+            userName = "email@uttarayan.me";
+            passwordCommand = ["cat" "${config.sops.secrets."accounts/calendar/fastmail".path}"];
+            type = "caldav";
+          };
+          khal = {
+            enable = true;
+            addresses = ["email@uttarayan.me"];
+          };
+          vdirsyncer = {
+            enable = true;
+          };
         };
       };
     };
   };
-  programs.mbsync.enable = true;
-  services.mbsync.enable = pkgs.stdenv.isLinux;
   # accounts.email.accounts.<name>.mbsync.create
   # services.mbsync.enable = true;
 }

home/apps/affine.nix

@@ -0,0 +1,9 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  home.packages = lib.optionals pkgs.stdenv.isLinux [
+    pkgs.affine
+  ];
+}

home/apps/default.nix

@@ -6,38 +6,41 @@
 lib.optionalAttrs device.hasGui {
   imports = [
     # ./audacity.nix
-    # ./blueman.nix
     # ./bottles.nix
-    ./chromium.nix
     # ./cursor.nix
-    ./discord.nix
-    ./firefox.nix
-    ./ghostty.nix
-    ./gimp.nix
+    # ./gimp.nix
     # ./guitarix.nix
-    ./hyprpicker.nix
-    ./ida.nix
+    # ./ida.nix
     # ./jellyflix.nix
     # ./kicad.nix
-    ./kitty.nix
-    ./lmstudio.nix
-    ./mpv.nix
+    # ./lmstudio.nix
     # ./neovide.nix
-    ./nextcloud.nix
-    ./obs-studio.nix
     # ./openscad.nix
     # ./orcaslicer.nix
     # ./pcsx2.nix
-    ./prismlauncher.nix
+    # ./prismlauncher.nix
     # ./rpcs3.nix
-    ./shadps4.nix
-    ./slack.nix
+    # ./shadps4.nix
     # ./thunderbird.nix
     # ./tsukimi.nix
     # ./vial.nix
+    # ./vlc.nix
+    # ./vscode.nix
+
+    ./affine.nix
+    ./blueman.nix
+    ./chromium.nix
+    ./discord.nix
+    ./firefox.nix
+    ./ghostty.nix
+    ./hyprpicker.nix
+    ./kitty.nix
+    ./matrix.nix
+    ./mpv.nix
+    ./nextcloud.nix
+    ./obs-studio.nix
+    ./slack.nix
     ./vicinae.nix
-    ./vlc.nix
-    ./vscode.nix
     ./wezterm.nix
     ./zathura.nix
     ./zed.nix

home/apps/discord.nix

@@ -4,9 +4,12 @@
   ...
 }: {
   home.packages = lib.optionals pkgs.stdenv.isLinux [
-    pkgs.discord
-    pkgs.vesktop
-    pkgs.discord-canary
-    pkgs.discord-ptb
+    (pkgs.discord.override {
+      withOpenASAR = true;
+      withVencord = true;
+    })
+    # pkgs.vesktop
+    # pkgs.discord-canary
+    # pkgs.discord-ptb
   ];
 }

home/apps/ghostty.nix

@@ -12,10 +12,63 @@
         "Hasklug Nerd Font Mono"
       ];
       window-decoration = false;
-      title = "";
+      title = "ghostty";
       command = "fish";
       background-opacity = 0.8;
       theme = "catppuccin-mocha";
+      custom-shader = "~/.config/ghostty/shader.glsl";
+      # custom-shader = toString (pkgs.writeText "shader.glsl"
+      #   /*
+      #   glsl
+      #   */
+      #   ''
+      #     const float CURSOR_ANIMATION_SPEED = 150.0; // ms
+      #     const float TRAILING_CURSORS = 3.0;
+      #     bool at_pos(vec2 fragCoord, vec2 pos, vec2 size) {
+      #         return (pos.x <= fragCoord.x && fragCoord.x <= pos.x + size.x &&
+      #             pos.y - size.y <= fragCoord.y && fragCoord.y <= pos.y);
+      #     }
+      #     void mainImage(out vec4 fragColor, in vec2 fragCoord) {
+      #         // Normalized pixel coordinates (from 0 to 1)
+      #         vec2 uv = fragCoord / iResolution.xy;
+      #         vec2 current_cursor = iCurrentCursor.xy;
+      #         vec2 previous_cursor = iPreviousCursor.xy;
+      #         float time_passed = (iTime - iTimeCursorChange) * 1000.0; // in ms
+      #
+      #         if (time_passed > CURSOR_ANIMATION_SPEED) {
+      #             // No animation, just render normally
+      #             fragColor = texture(iChannel0, uv);
+      #             return;
+      #         }
+      #         // Animate cursor meovement
+      #         vec4 col = texture(iChannel0, uv);
+      #         // linear interpolation between current and previous cursor position based on time passed
+      #         vec2 animated_cursor_pos = mix(previous_cursor, current_cursor, time_passed / CURSOR_ANIMATION_SPEED);
+      #         // make 3 trailing cursors for smoother animation
+      #         for (int i = 1; i <= int(TRAILING_CURSORS); i++) {
+      #             float t = float(i) / TRAILING_CURSORS;
+      #             vec2 trail_pos = mix(previous_cursor, current_cursor, (time_passed / CURSOR_ANIMATION_SPEED) * t);
+      #             if (at_pos(fragCoord, trail_pos, iCurrentCursor.zw)) {
+      #                 col = mix(col, iCurrentCursorColor, t);
+      #             }
+      #         }
+      #
+      #         // vec4 cursor_color = mix(iPreviousCursorColor, iCurrentCursorColor, time_passed / CURSOR_ANIMATION_SPEED);
+      #         vec4 cursor_color = iCurrentCursorColor; // no color animation for now
+      #         vec2 cursor_size = iCurrentCursor.zw;
+      #         // check if fragCoord is within the animated cursor rectangle
+      #         // y is in the negative direction
+      #         // if (animated_cursor_pos.x <= fragCoord.x && fragCoord.x <= animated_cursor_pos.x + cursor_size.x &&
+      #         //         animated_cursor_pos.y - cursor_size.y <= fragCoord.y && fragCoord.y <= animated_cursor_pos.y) {
+      #         //     col = cursor_color;
+      #         // }
+      #         if (at_pos(fragCoord, animated_cursor_pos, cursor_size)) {
+      #             col = cursor_color;
+      #         }
+      #
+      #         fragColor = col;
+      #     }
+      #   '');
     };
     systemd.enable = true;
     themes = {

home/apps/matrix.nix

@@ -0,0 +1,12 @@
+{
+  pkgs,
+  lib,
+  device,
+  ...
+}: {
+  home.packages = lib.optionals (device.is "ryu") [
+    pkgs.fluffychat
+    pkgs.fractal
+    # pkgs.quaternion
+  ];
+}

home/apps/mpv.nix

@@ -1,6 +1,6 @@
 {pkgs, ...}: {
   programs.mpv = {
-    enable = true;
+    enable = pkgs.stdenv.isLinux;
     config = {
       vo = "gpu-next";
       gpu-api = "vulkan";
@@ -8,25 +8,20 @@
       loop-playlist = "inf";
     };
     profiles = {
-      hdr = {
-        vo = "gpu-next";
-        gpu-api = "vulkan";
-        hdr-compute-peak = "yes";
-        hdr-peak-detect = "yes";
-        target-peak = 400;
-        target-prim = "bt.2020";
-        target-trc = "pq";
-        inverse-tone-mapping = "yes";
-        tone-mapping = "spline";
-        tone-mapping-mode = "auto";
-        target-colorspace-hint = "auto";
-        gamut-mapping = "desaturate";
-      };
+      # hdr = {
+      #   vo = "gpu-next";
+      #   gpu-api = "vulkan";
+      #   hdr-compute-peak = "yes";
+      #   hdr-peak-detect = "yes";
+      #   target-peak = 400;
+      #   target-prim = "bt.2020";
+      #   target-trc = "pq";
+      #   inverse-tone-mapping = "yes";
+      #   tone-mapping = "spline";
+      #   tone-mapping-mode = "auto";
+      #   target-colorspace-hint = "auto";
+      #   gamut-mapping = "desaturate";
+      # };
     };
-
-    package =
-      if pkgs.stdenv.isLinux
-      then pkgs.mpv-unwrapped.wrapper {mpv = pkgs.mpv-unwrapped.override {sixelSupport = true;};}
-      else pkgs.mpv;
   };
 }

home/apps/shadps4.nix

@@ -2,12 +2,122 @@
   pkgs,
   lib,
   ...
-}: {
+}: let
+  shadps4_qtlauncher = pkgs.fetchFromGitHub {
+    owner = "shadps4-emu";
+    repo = "shadps4-qtlauncher";
+    rev = "1f4e59f6110d5f991cead5a3e9f72671fced2c70";
+    sha256 = "sha256-AAxj3Eqp7iGJgRgJki/93fln5Z6ae8AydJLGZ6Dbb00=";
+    fetchSubmodules = true;
+  };
+  # diegolixShadps4 = pkgs.fetchFromGitHub {
+  #   owner = "diegolix";
+  #   repo = "shadps4-qtlauncher";
+  #   rev = "a1b2c3d4e5f67890123456789abcdef01234567";
+  #   sha256 = "sha256-PLACEHOLDERFORHASHVALUE1234567890ABCDEFGH=";
+  #   fetchSubmodules = true;
+  # };
+  bblauncher = pkgs.fetchFromGitHub {
+    owner = "rainmakerv3";
+    repo = "BB_Launcher";
+    rev = "2280c90974d2d741ce927dfc88f0ecf98c8bd2df";
+    sha256 = "sha256-jPcIQp2EBAEiaTLvC/OBH0BgcfYv3zo2H7akHJSlPaI=";
+    fetchSubmodules = true;
+  };
+in {
   home.packages = lib.optionals pkgs.stdenv.isLinux [
     (pkgs.shadps4.overrideAttrs
       (oldAttrs: {
         nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [pkgs.cudatoolkit];
         buildInputs = oldAttrs.buildInputs ++ [pkgs.cudatoolkit];
       }))
+    (pkgs.stdenv.mkDerivation {
+      pname = "shadps4-qt";
+      version = "1.0.0";
+      src = shadps4_qtlauncher;
+      nativeBuildInputs = [
+        pkgs.cmake
+        pkgs.pkg-config
+        pkgs.qt6.wrapQtAppsHook
+      ];
+      buildInputs = [
+        pkgs.alsa-lib
+        pkgs.ffmpeg
+        pkgs.fmt
+        pkgs.glslang
+        pkgs.jack2
+        pkgs.libedit
+        pkgs.libevdev
+        pkgs.libpng
+        pkgs.libpulseaudio
+        pkgs.libxkbcommon
+        pkgs.openal
+        pkgs.openssl
+        pkgs.qt6.qtbase
+        pkgs.qt6.qtmultimedia
+        pkgs.qt6.qttools
+        pkgs.qt6.qtwayland
+        pkgs.SDL2
+        pkgs.sdl3
+        pkgs.sndio
+        pkgs.stb
+        pkgs.udev
+        pkgs.vulkan-headers
+        pkgs.vulkan-tools
+        pkgs.vulkan-utility-libraries
+        pkgs.wayland
+        pkgs.wayland-protocols
+        pkgs.xorg.libxcb
+        pkgs.xorg.xcbutil
+        pkgs.xorg.xcbutilkeysyms
+        pkgs.xorg.xcbutilwm
+        pkgs.zlib
+      ];
+    })
+
+    (pkgs.stdenv.mkDerivation {
+      pname = "BBLauncher";
+      version = "1.0.0";
+      src = bblauncher;
+      nativeBuildInputs = [
+        pkgs.cmake
+        pkgs.pkg-config
+        pkgs.qt6.wrapQtAppsHook
+      ];
+      buildInputs = [
+        pkgs.alsa-lib
+        pkgs.ffmpeg
+        pkgs.fmt
+        pkgs.glslang
+        pkgs.jack2
+        pkgs.libedit
+        pkgs.libevdev
+        pkgs.libpng
+        pkgs.libpulseaudio
+        pkgs.libxkbcommon
+        pkgs.openal
+        pkgs.openssl
+        pkgs.qt6.qtbase
+        pkgs.qt6.qtmultimedia
+        pkgs.qt6.qttools
+        pkgs.qt6.qtwayland
+        pkgs.qt6.qtwebview
+        pkgs.SDL2
+        pkgs.sdl3
+        pkgs.sndio
+        pkgs.stb
+        pkgs.udev
+        pkgs.vulkan-headers
+        pkgs.vulkan-tools
+        pkgs.vulkan-utility-libraries
+        pkgs.wayland
+        pkgs.wayland-protocols
+        pkgs.xorg.libxcb
+        pkgs.xorg.xcbutil
+        pkgs.xorg.xcbutilkeysyms
+        pkgs.xorg.xcbutilwm
+        pkgs.zlib
+      ];
+    })
   ];
 }

home/apps/vicinae.nix

@@ -11,16 +11,10 @@
       enable = true;
       autoStart = true;
     };
-    extensions = [];
-    settings = {
-      theme = {
-        dark = {
-          name = "catppuccin-mocha";
-        };
-      };
-    };
-    # package = pkgs.vicinae.overrideAttrs (old: {
-    #   patches = [../../patches/vicinae-ctrl-np.patch];
-    # });
   };
+  home.packages = with pkgs;
+    lib.optionals (device.is "ryu") [
+      # pulseaudio
+      playerctl
+    ];
 }

home/apps/zed.nix

@@ -175,7 +175,7 @@
         };
       }
     ];
-    package = stablePkgs.zed-editor;
+    package = pkgs.zed-editor;
     extraPackages = with pkgs; [
       nixd
       nil

home/apps/zen.nix

@@ -2,6 +2,7 @@
   pkgs,
   inputs,
   device,
+  config,
   ...
 }: {
   imports = [
@@ -10,6 +11,47 @@
   programs.zen-browser = {
     enable = device.isLinux;
     profiles.default = {
+      containersForce = true;
+      containers = {
+        Personal = {
+          color = "purple";
+          icon = "fingerprint";
+          id = 1;
+        };
+        Work = {
+          color = "blue";
+          icon = "briefcase";
+          id = 2;
+        };
+        Shopping = {
+          color = "yellow";
+          icon = "dollar";
+          id = 3;
+        };
+      };
+      spacesForce = true;
+      spaces = let
+        containers = config.programs.zen-browser.profiles."default".containers;
+      in {
+        "Personal" = {
+          id = "";
+          icon = "👤";
+          container = containers."Personal".id;
+          position = 1000;
+        };
+        "Work" = {
+          id = "00bdd434-e31b-4e2b-b8f5-fa7055631a64";
+          icon = "💼";
+          container = containers."Work".id;
+          position = 2000;
+        };
+        "Shopping" = {
+          id = "77452260-56e6-4c9e-8d5f-417958bc4fa4";
+          icon = "💸";
+          container = containers."Shopping".id;
+          position = 3000;
+        };
+      };
       extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [
         privacy-badger
         violentmonkey
@@ -42,5 +84,6 @@
         Fingerprinting = true;
       };
     };
+    suppressXdgMigrationWarning = true;
   };
 }

home/default.nix

@@ -15,18 +15,19 @@
     ./scripts.nix
     ./services
     ./accounts
+    ./fonts.nix
   ];
 
   xdg.enable = true;
   xdg.userDirs = {
     enable = device.isLinux;
-    # music = "${config.home.homeDirectory}/Nextcloud/Music";
   };
 
   programs = {
     home-manager = {
       enable = true;
     };
+    man.generateCaches = true;
   };
 
   fonts.fontconfig.enable = true;
@@ -35,26 +36,6 @@
     username = device.user;
     homeDirectory = lib.mkForce device.home;
 
-    file = {
-      ".config/fish/themes".source = pkgs.catppuccinThemes.fish + "/themes";
-      ".cargo/config.toml".text =
-        # toml
-        ''
-          [alias]
-          lldb = ["with", "rust-lldb", "--"]
-          t = ["nextest", "run"]
-
-          [net]
-          git-fetch-with-cli = true
-
-          [registries.catscii]
-          index = "https://git.shipyard.rs/catscii/crate-index.git"
-
-          [http]
-          user-agent = "shipyard J0/QFq2Sa5y6nTxJQAb8t+e/3qLSub1/sa3zn0leZv6LKG/zmQcoikT9U3xPwbzp8hQ="
-        '';
-    };
-
     sessionVariables = {
       EDITOR = "nvim";
       SHELL = "${pkgs.bash}/bin/bash";

home/fonts.nix

@@ -0,0 +1,20 @@
+{
+  pkgs,
+  device,
+  ...
+}: {
+  home.packages = with pkgs;
+    lib.optionals (!device.isServer) [
+      monaspace
+      nerd-fonts.fira-code
+      nerd-fonts.hasklug
+      nerd-fonts.symbols-only
+      noto-fonts
+      noto-fonts-cjk-sans
+      noto-fonts-color-emoji
+      liberation_ttf
+      fira-code
+      fira-code-symbols
+      mplus-outline-fonts.githubRelease
+    ];
+}

home/module.nix

@@ -1,6 +1,7 @@
 {
   device,
   inputs,
+  pkgs,
   ...
 }: {
   nixpkgs.config.allowUnfree = true;
@@ -12,6 +13,7 @@
       inherit inputs;
       inherit device;
       stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system};
+      cratesNix = inputs.crates-nix.mkLib {inherit pkgs;};
     };
     users.${device.user}.imports = [
       inputs.nixvim.homeModules.nixvim

home/programs/1password-cli.nix

@@ -0,0 +1,5 @@
+{pkgs, ...}: {
+  home.packages = [
+    pkgs._1password-cli
+  ];
+}

home/programs/aichat.nix

@@ -1,4 +1,8 @@
-{config, ...}: {
+{
+  pkgs,
+  config,
+  ...
+}: {
   sops = {
     secrets."llama/api_key" = {};
     secrets."openai/api_key" = {};
@@ -16,25 +20,40 @@
     enableNushellIntegration = false;
     settings = {
       save_session = true;
-      # model = "openai:gpt-4o";
-      model = "ryu:qwen3-coder-30b";
-      rag_embedding_model = "ollama:RobinBially/nomic-embed-text-8k";
+      model = "ryu:qwen3:30b-a3b";
+      rag_embedding_model = "ryu:RobinBially/nomic-embed-text-8k";
       clients = [
         {
           type = "openai-compatible";
-          name = "mirai";
+          name = "ryu";
           api_base = "https://ollama.darksailor.dev/v1";
           api_key_cmd = "cat ${config.sops.secrets."llama/api_key".path}";
           models = [
+            {
+              name = "gpt-oss:20b";
+              type = "chat";
+            }
             # {
-            #   name = "RobinBially/nomic-embed-text-8k";
-            #   type = "embedding";
-            #   default_chunk_size = 8000;
+            #   name = "gpt-oss:20b-instruct";
+            #   type = "chat";
+            #   real_name = "gpt-oss:20b";
+            #   patch = {
+            #     body = {
+            #       think = "low";
+            #     };
+            #   };
             # }
             {
-              name = "gpt-oss-20b";
+              name = "qwen3:30b-a3b";
               type = "chat";
             }
+            {
+              name = "RobinBially/nomic-embed-text-8k";
+              type = "embedding";
+              default_chunk_size = 1000;
+              max_tokens_per_chunk = 8192;
+              max_batch_size = 100;
+            }
             # {
             #   name = "deepseek-r1:14b";
             #   type = "chat";
@@ -45,42 +64,6 @@
             # }
           ];
         }
-        {
-          type = "openai-compatible";
-          name = "ryu";
-          api_base = "https://llama.ryu.darksailor.dev/v1";
-          models = [
-            {
-              name = "qwen3-coder-30b";
-              type = "chat";
-            }
-            # {
-            #   name = "RobinBially/nomic-embed-text-8k";
-            #   type = "embedding";
-            #   default_chunk_size = 8000;
-            # }
-            # {
-            #   name = "deepseek-r1:7b";
-            #   type = "chat";
-            # }
-            # {
-            #   name = "qwen3:30b-a3b";
-            #   type = "chat";
-            # }
-            # {
-            #   name = "deepseek-r1:14b";
-            #   type = "chat";
-            # }
-            # {
-            #   name = "qwen3:8b";
-            #   type = "chat";
-            # }
-            # {
-            #   name = "qwen3:14b";
-            #   type = "chat";
-            # }
-          ];
-        }
         {
           type = "gemini";
           name = "gemini";
@@ -166,18 +149,29 @@
           };
         }
       ];
+      document_loaders = {
+        git =
+          /*
+          sh
+          */
+          ''sh -c "yek $1 --json | jq '[.[] | { path: .filename, contents: .content }]'"'';
+      };
     };
     roles = {
-      "%git-commit%" =
+      "git-commit" =
         /*
         md
         */
         ''
           ---
-          model: ryu:qwen3-coder-30b
+          model: ryu:gpt-oss:20b
           ---
           Your task is to generate a concise and informative commit message based on the provided diff. Use the conventional commit format, which includes a type (feat, fix, chore, docs, style, refactor, perf, test) and an optional scope. The message should be in the imperative mood and should not exceed 72 characters in the subject line. Do not under any circumstance include any additional text or explanations, just add the commit message.
         '';
     };
+    extraPackages = with pkgs; [
+      jq
+      yek
+    ];
   };
 }

home/programs/alejandra.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.alejandra];}

home/programs/aria2.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.aria2];}

home/programs/ast-grep.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.ast-grep];}

home/programs/attic.nix

@@ -0,0 +1,35 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  attic-unwrapped = pkgs.attic-client.overrideAttrs (oldAttrs: {
+    patches =
+      (oldAttrs.patches or [])
+      ++ [
+        # PR #309: Add environment variable support for login
+        # https://github.com/zhaofengli/attic/pull/309
+        (pkgs.fetchpatch {
+          url = "https://github.com/zhaofengli/attic/pull/309.patch";
+          hash = "sha256-mDoxA+e2bBZDvERp03SyYvkEdtH/bfWtZqKZv0uCS0M=";
+        })
+      ];
+  });
+in {
+  sops.secrets."attic/token" = {};
+  home.packages = [
+    (pkgs.stdenv.mkDerivation {
+      pname = "attic-client";
+      version = "0.1.0";
+      src = attic-unwrapped;
+      buildInputs = [];
+      nativeBuildInputs = [pkgs.makeWrapper];
+      installPhase = ''
+        install -Dm755 $src/bin/attic $out/bin/attic
+        wrapProgram $out/bin/attic \
+          --run "export ATTIC_LOGIN_TOKEN=\`cat -v ${config.sops.secrets."attic/token".path}\`"
+      '';
+    })
+  ];
+}

home/programs/atuin.nix

@@ -9,9 +9,49 @@
       auto_sync = true;
       sync_frequency = "1m";
       sync_address = "https://atuin.darksailor.dev";
+      sync = {
+        records = true;
+      };
+      daemon = {
+        enabled = true;
+      };
     };
     enable = true;
     enableFishIntegration = true;
     enableNushellIntegration = true;
   };
+  systemd.user.services.atuin-daemon = {
+    Unit = {
+      Description = "Atuin Daemon";
+      After = ["network.target"];
+    };
+    Install = {
+      WantedBy = ["default.target"];
+    };
+    Service = {
+      ExecStart = "${pkgs.atuin}/bin/atuin daemon";
+      Restart = "on-failure";
+      RestartSec = "10s";
+      # Environment = lib.mkForce "ATUIN_DATA_DIR=${device.home}/.local/share/atuin";
+    };
+  };
+  launchd.agents.atuin-daemon = {
+    enable = true;
+    config = {
+      # A label for the service
+      Label = "dev.darksailor.atuin-daemon";
+      # The command to run
+      ProgramArguments = [
+        "${pkgs.atuin}/bin/atuin"
+        "daemon"
+      ];
+      # Run the service when you log in
+      RunAtLoad = true;
+      # Keep the process alive, or restart if it dies
+      KeepAlive = true;
+      # Log files
+      StandardOutPath = "${device.home}/Library/Logs/atuin-daemon.log";
+      StandardErrorPath = "${device.home}/Library/Logs/atuin-daemon.error.log";
+    };
+  };
 }

home/programs/bat.nix

@@ -1,11 +1,5 @@
-{
-  pkgs,
-  lib,
-  device,
-  ...
-}: {
-  programs.
-    bat = {
+{...}: {
+  programs.bat = {
     enable = true;
     # extraPackages = with pkgs.bat-extras; [batman batgrep batwatch];
   };

home/programs/binwalk.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.binwalk];}

home/programs/blobdrop.nix

@@ -0,0 +1,8 @@
+{
+  pkgs,
+  device,
+  lib,
+  ...
+}: {
+  home.packages = lib.optionals (device.name == "ryu") [pkgs.blobdrop];
+}

home/programs/bottom.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.bottom];}

home/programs/btop.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.btop];}

home/programs/cachix.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.cachix];}

home/programs/calendar.nix

@@ -0,0 +1,6 @@
+{pkgs, ...}: {
+  programs.khal.enable = true;
+  programs.qcal.enable = true;
+  programs.vdirsyncer.enable = true;
+  accounts.calendar.accounts.fastmail.qcal.enable = true;
+}

home/programs/carapace.nix

@@ -1,13 +1,8 @@
-{
-  pkgs,
-  lib,
-  device,
-  ...
-}: {
+{...}: {
   programs.
     carapace = {
     enable = false;
-    enableFishIntegration = true;
+    enableFishIntegration = false;
     enableNushellIntegration = true;
   };
 }

home/programs/cargo.nix

@@ -0,0 +1,30 @@
+{
+  lib,
+  device,
+  cratesNix,
+  ...
+}: let
+  cargo-credential-1password = cratesNix.buildCrate "cargo-credential-1password" {};
+in
+  lib.mkIf (!device.isServer) {
+    home.file.".cargo/config.toml".text =
+      # toml
+      ''
+        [alias]
+        lldb = ["with", "rust-lldb", "--"]
+        t = ["nextest", "run"]
+        pkgs = ["metadata", "--no-deps", "--format-version", "1"]
+
+        [net]
+        git-fetch-with-cli = true
+
+        [registries.kellnr]
+        index = "sparse+https://crates.darksailor.dev/api/v1/crates/"
+
+        [registry]
+        global-credential-providers = ["cargo:token", "${lib.getExe cargo-credential-1password} --account my.1password.com"]
+      '';
+    home.packages = [
+      cargo-credential-1password
+    ];
+  }

home/programs/cfcli.nix

@@ -0,0 +1,27 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  sops.secrets."cloudflare/darksailor_dev_api_key" = {};
+  home.packages = [
+    # (pkgs.stdenv.mkDerivation {
+    #   pname = "cfcli";
+    #   version = "0.1.0";
+    #   buildInputs = [pkgs.cloudflare-cli];
+    #   nativeBuildInputs = [pkgs.makeWrapper];
+    #   installPhase = ''
+    #     $out/bin/cfcli \
+    #       --run "export CF_API_KEY=\`cat -v ${config.sops.secrets."cloudflare/darksailor_dev_api_key".path}\`"
+    #   '';
+    # })
+    (pkgs.writeShellScriptBin
+      "cfcli"
+      ''
+        #!/bin/sh
+        export CF_API_KEY="$(cat -v ${config.sops.secrets."cloudflare/darksailor_dev_api_key".path})"
+        exec ${pkgs.cloudflare-cli}/bin/cfcli "$@"
+      '')
+  ];
+}

home/programs/default.nix

@@ -4,95 +4,84 @@
   ...
 }: {
   imports = [
+    # ./bluetui.nix
+    # ./goread.nix
+    # ./helix.nix
+    # ./magika.nix
+    # ./mpd.nix
+    # ./mpris-scrobbler.nix
+    # ./ncmpcpp.nix
+    # ./newsboat.nix
+    # ./nh.nix
+    # ./ryujinx.nix
+    # ./sxiv.nix
+    # ./tea.nix
+    # ./template.nix
+    # ./tuifeed.nix
+    # ./xh.nix
+    # ./zellij.nix
+
     ../../modules
+
+    ./1password-cli.nix
     ./aichat.nix
+    ./alejandra.nix
+    ./aria2.nix
+    ./ast-grep.nix
+    ./attic.nix
     ./atuin.nix
     ./bat.nix
-    # ./bluetui.nix
+    ./binwalk.nix
+    ./blobdrop.nix
+    ./bottom.nix
+    ./btop.nix
+    ./cachix.nix
+    ./calendar.nix
     ./carapace.nix
+    ./cargo.nix
+    ./cfcli.nix
     ./ddcbacklight.nix
+    ./deploy-rs.nix
     ./direnv.nix
+    ./dust.nix
+    ./dysk.nix
+    ./eilmeldung.nix
     ./eza.nix
     ./fastfetch.nix
+    ./fd.nix
+    ./file.nix
     ./fish.nix
     ./fzf.nix
     ./gh.nix
     ./git.nix
+    ./gnupg.nix
     ./himalaya.nix
-    ./mpd.nix
+    ./hyprshade.nix
+    ./jq.nix
+    ./jujutsu.nix
+    ./just.nix
     ./ncpamixer.nix
     ./neomutt.nix
     ./neovim.nix
-    ./nh.nix
     ./nix-index.nix
     ./nushell.nix
     ./omnix.nix
     ./opencode.nix
+    ./p7zip.nix
+    ./pkg-config.nix
     ./retroarch.nix
+    ./ripgrep.nix
     ./rustup.nix
-    ./ryujinx.nix
+    ./sd.nix
     ./sops.nix
     ./ssh.nix
     ./starship.nix
-    ./sxiv.nix
-    ./tea.nix
     ./television.nix
     ./tmux.nix
-    ./tuifeed.nix
     ./uv.nix
-    ./xh.nix
     ./yazi.nix
     ./yt-dlp.nix
     ./zoxide.nix
-    ./eilmeldung.nix
-
-    # ./goread.nix
-    # ./helix.nix
-    # ./magika.nix
-    # ./mpris-scrobbler.nix
-    # ./ncmpcpp.nix
-    # ./neomutt.nix
-    # ./neovim.nix
-    # ./newsboat.nix
-    # ./template.nix
-    # ./zellij.nix
+    ./yq.nix
   ];
-  home.packages = with pkgs;
-    [
-      _1password-cli
-      alejandra
-      aria2
-      bottom
-      btop
-      cachix
-      deploy-rs.deploy-rs
-      dust
-      fd
-      file
-      fzf
-      gnupg
-      jq
-      just
-      macchina
-      p7zip
-      pfetch-rs
-      pkg-config
-      ripgrep
-      sd
-    ]
-    ++ lib.optionals (!device.isServer) [
-      monaspace
-      nerd-fonts.fira-code
-      nerd-fonts.hasklug
-      nerd-fonts.symbols-only
-      noto-fonts
-      noto-fonts-cjk-sans
-      noto-fonts-color-emoji
-      liberation_ttf
-      fira-code
-      fira-code-symbols
-      mplus-outline-fonts.githubRelease
-    ]
-    ++ lib.optionals device.isLinux []
-    ++ lib.optionals device.isDarwin [];
 }

home/programs/deploy-rs.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.deploy-rs.deploy-rs];}

home/programs/dust.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.dust];}

home/programs/dysk.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.dysk];}

home/programs/fd.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.fd];}

home/programs/file.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.file];}

home/programs/fish.nix

@@ -4,8 +4,11 @@
   device,
   config,
   ...
-}: {
-  stylix.targets.fish.enable = false;
+}:
+{
+  home.file = {
+    ".config/fish/themes".source = pkgs.catppuccinThemes.fish + "/themes";
+  };
   programs.fish = {
     enable = true;
     shellAbbrs = {
@@ -21,21 +24,16 @@
       # t = "zellij a -c --index 0";
       t = "tmux";
     };
-    shellAliases =
-      {
-        g = "git";
-      }
-      // lib.optionalAttrs pkgs.stdenv.isLinux {
-        kmpv = "mpv --vo-kitty-use-shm=yes --vo=kitty --really-quiet";
-        smpv = "mpv --vo-sixel-buffered=yes --vo=sixel --profile=sw-fast";
-      };
+    shellAliases = {
+      g = "git";
+    };
     shellInit = ''
       set fish_greeting
       yes | fish_config theme save "Catppuccin Mocha"
     '';
     # ${pkgs.spotify-player}/bin/spotify_player generate fish | source
     interactiveShellInit = ''
-      ${lib.getExe pkgs.fastfetch}
+      if test -n "$TMUX"; ${lib.getExe pkgs.fastfetch} --logo-type sixel; else ${lib.getExe pkgs.fastfetch}; end
       # ${pkgs.nb}/bin/nb todo undone
       ${lib.optionalString (device.isLinux && !device.isNix) "source /etc/profile.d/nix-daemon.fish"}
       ${lib.optionalString (device.is "ryu") ''
@@ -45,4 +43,8 @@
       ''}
     '';
   };
+  home.shell.enableFishIntegration = true;
+}
+// lib.optionalAttrs (!(device.is "tsuba")) {
+  stylix.targets.fish.enable = false;
 }

home/programs/fzf.nix

@@ -1,13 +1 @@
-{
-  pkgs,
-  lib,
-  device,
-  ...
-}: {
-  programs.fzf = {
-    enable = true;
-    package = pkgs.fzf;
-    enableFishIntegration = true;
-    tmux.enableShellIntegration = true;
-  };
-}
+{pkgs, ...}: {home.packages = [pkgs.fzf];}

home/programs/git.nix

@@ -10,8 +10,8 @@ lib.optionalAttrs (!(device.is "tsuba")) {
     enable = true;
     lfs.enable = true;
     settings = {
-      user.name = "uttarayan21";
-      user.email = config.accounts.email.accounts.fastmail.address;
+      user.name = "servius";
+      user.email = builtins.elemAt config.accounts.email.accounts.fastmail.aliases 0;
       user.signingkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJfKKrX8yeIHUUury0aPwMY6Ha+BJyUR7P0Gqid90ik/";
       color.ui = true;
       core.editor = "nvim";

home/programs/gnupg.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.gnupg];}

home/programs/hyprshade.nix

@@ -0,0 +1,10 @@
+{
+  pkgs,
+  device,
+  ...
+}: {
+  home.packages = with pkgs;
+    lib.mkIf (device.is "ryu") [
+      hyprshade
+    ];
+}

home/programs/jq.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.jq];}

home/programs/jujutsu.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.jujutsu];}

home/programs/just.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.just];}

home/programs/neomutt.nix

@@ -1,4 +1,9 @@
-{pkgs, ...}: {
+{pkgs, ...}: let
+  theme = builtins.fetchurl {
+    url = "https://raw.githubusercontent.com/catppuccin/neomutt/refs/heads/main/neomuttrc";
+    sha256 = "sha256:1q086p5maqwxa4gh6z8g7h3nfavdmkbql025ibdhglpz46hsq0hs";
+  };
+in {
   programs.neomutt = {
     enable = true;
     vimKeys = true;
@@ -6,6 +11,9 @@
     sidebar = {
       enable = true;
     };
+    extraConfig = ''
+      source ${theme}
+    '';
   };
   programs.notmuch = {
     enable = true;
@@ -17,4 +25,38 @@
     enable = true;
     neomutt.enable = true;
   };
+  services.imapnotify = {
+    enable = true;
+    path = [pkgs.coreutils pkgs.isync pkgs.libnotify];
+  };
+  accounts.email.accounts.fastmail.imapnotify = {
+    enable = true;
+    boxes = ["Inbox"];
+    onNotify = "${pkgs.writeShellScript "mbsync-notify" ''
+      ${pkgs.isync}/bin/mbsync $1
+      ${pkgs.libnotify}/bin/notify-send "New Mail" "New email in $1"
+    ''} %s";
+  };
+  programs.mbsync.enable = true;
+  services.mbsync.enable = pkgs.stdenv.isLinux;
+
+  # launchd.agents.mbsync = {
+  #   enable = true;
+  #   config = {
+  #     # A label for the service
+  #     Label = "dev.darksailor.atuin-daemon";
+  #     # The command to run
+  #     ProgramArguments = [
+  #       "${pkgs.atuin}/bin/atuin"
+  #       "daemon"
+  #     ];
+  #     # Run the service when you log in
+  #     RunAtLoad = true;
+  #     # Keep the process alive, or restart if it dies
+  #     KeepAlive = true;
+  #     # Log files
+  #     StandardOutPath = "${device.home}/Library/Logs/atuin-daemon.log";
+  #     StandardErrorPath = "${device.home}/Library/Logs/atuin-daemon.error.log";
+  #   };
+  # };
 }

home/programs/neovim.nix

@@ -4,8 +4,8 @@
   stablePkgs,
   lib,
   ...
-}: {
-  stylix.targets.nixvim.enable = false;
+}:
+{
   programs = lib.optionalAttrs (device.is "ryu" || device.is "kuro" || device.is "mirai" || device.is "tako" || device.is "shiro") {
     nixvim =
       {
@@ -19,3 +19,6 @@
       // (import ./../../neovim {inherit pkgs stablePkgs;});
   };
 }
+// lib.optionalAttrs (!(device.is "tsuba")) {
+  stylix.targets.nixvim.enable = false;
+}

home/programs/nushell.nix

@@ -26,4 +26,5 @@
       }
     '';
   };
+  home.shell.enableNushellIntegration = true;
 }

home/programs/opencode.nix

@@ -3,8 +3,23 @@
   lib,
   ...
 }:
-lib.optionalAttrs (device.is "ryu") {
+lib.optionalAttrs (device.is "ryu" || device.is "kuro") {
   programs.opencode = {
     enable = true;
+    settings.provider = {
+      ollama = {
+        models = {
+          "glm-4.7-flash" = {
+            # "_launch" = true;
+            name = "glm-4.7-flash";
+          };
+        };
+        name = "Ollama (local)";
+        npm = "@ai-sdk/openai-compatible";
+        options = {
+          baseURL = "https://ollama.darksailor.dev/v1";
+        };
+      };
+    };
   };
 }

home/programs/p7zip.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.p7zip];}

home/programs/pkg-config.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.pkg-config];}

home/programs/ripgrep.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.ripgrep];}

home/programs/sd.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.sd];}

home/programs/sops.nix

@@ -12,4 +12,12 @@
     defaultSopsFormat = "yaml";
     age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
   };
+  launchd.agents.sops-nix = pkgs.lib.mkIf pkgs.stdenv.isDarwin {
+    enable = true;
+    config = {
+      EnvironmentVariables = {
+        PATH = pkgs.lib.mkForce "/usr/bin:/bin:/usr/sbin:/sbin";
+      };
+    };
+  };
 }

home/programs/ssh.nix

@@ -6,6 +6,7 @@
 }: {
   programs.ssh = {
     enable = true;
+    enableDefaultConfig = false;
     matchBlocks = {
       tsuba = {
         user = "servius";
@@ -45,13 +46,13 @@
         hostname = "steamdeck";
         forwardAgent = true;
       };
-      # "*" = {
-      #   forwardAgent = false;
-      #   addKeysToAgent = "no";
-      #   # compression = true;
-      #   # HashKnownHosts = "no";
-      #   serverAliveInterval = 60;
-      # };
+      "*" = {
+        forwardAgent = false;
+        addKeysToAgent = "no";
+        # compression = true;
+        # HashKnownHosts = "no";
+        serverAliveInterval = 60;
+      };
     };
     extraConfig =
       lib.strings.optionalString (pkgs.stdenv.isDarwin && !device.isServer)

home/programs/starship.nix

@@ -3,8 +3,8 @@
   lib,
   device,
   ...
-}: {
-  stylix.targets.starship.enable = false;
+}:
+{
   programs.starship = {
     enable = true;
     enableFishIntegration = true;
@@ -30,3 +30,6 @@
         (pkgs.catppuccinThemes.starship + /palettes/${flavour}.toml));
   };
 }
+// lib.optionalAttrs (!(device.is "tsuba")) {
+  stylix.targets.starship.enable = false;
+}

home/programs/yazi.nix

@@ -1,4 +1,4 @@
-{...}: {
+{config, ...}: {
   programs. yazi = {
     enable = true;
     enableFishIntegration = true;
@@ -13,6 +13,10 @@
           }
         ];
       };
+      preview = {
+        cache_dir = config.home.homeDirectory + "/.cache/yazi/previews";
+      };
     };
+    shellWrapperName = "yy";
   };
 }

home/programs/yq.nix

@@ -0,0 +1 @@
+{pkgs, ...}: {home.packages = [pkgs.yq];}

home/services/command-runner.nix

@@ -1,31 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  inputs,
-  ...
-}: {
-  imports = [
-    inputs.command-runner.homeManagerModules.command-runner
-  ];
-  services.command-runner = {
-    enable = true;
-    port = 5599;
-    database.path = "${config.home.homeDirectory}/.local/share/command-runner.db";
-    commands = let
-      hyprctl = "${pkgs.hyprland}/bin/hyprctl";
-    in
-      {
-        "display_on" = [hyprctl "-i" "{instance}" "dispatch" "dpms" "on"];
-        "display_off" = [hyprctl "-i" "{instance}" "dispatch" "dpms" "off"];
-        "display_toggle" = [hyprctl "-i" "{instance}" "dispatch" "dpms" "toggle"];
-        "display_status" = [hyprctl "-i" "{instance}" "-j" "monitors"];
-        "hyprland_instance" = [hyprctl "-j" "instances"];
-      }
-      // (builtins.foldl' (acc: elem: acc // elem) {} (lib.map (name: {
-        "display_on_${name}" = [hyprctl "-i" "{instance}" "dispatch" "dpms" "on" name];
-        "display_off_${name}" = [hyprctl "-i" "{instance}" "dispatch" "dpms" "off" name];
-        "display_toggle_${name}" = [hyprctl "-i" "{instance}" "dispatch" "dpms" "toggle" name];
-      }) ["HDMI-A-1" "DP-3" "DP-1"]));
-  };
-}

home/services/default.nix

@@ -4,10 +4,10 @@
     ./swayosd.nix
     ./kdeconnect.nix
     ./gtk.nix
-    ./anyrun.nix
+    # ./anyrun.nix
     ./ironbar
     ./gui.nix
-    ./eww.nix
+    # ./eww.nix
     ./xdg.nix
     ./hyprmon.nix
     ./hyprland.nix

home/services/gui.nix

@@ -2,24 +2,8 @@
   pkgs,
   device,
   lib,
-  inputs,
   ...
 }: {
-  systemd.user.services.onepassword-gui = lib.optionalAttrs (device.is "ryu") {
-    Unit = {
-      Description = "1Password GUI";
-      BindsTo = ["graphical-session.target"];
-      After = ["graphical-session-pre.target"];
-    };
-
-    Service = {
-      ExecStart = "${pkgs._1password-gui}/bin/1password";
-      Restart = "always";
-    };
-    Install = {
-      WantedBy = ["graphical-session.target"];
-    };
-  };
   home.packages = with pkgs;
     lib.optionals (device.is "ryu") [
       nautilus

home/services/hyprland.nix

@@ -35,13 +35,15 @@
     settings = {
       # source = "${pkgs.catppuccinThemes.hyprland}/themes/mocha.conf";
       render = {
-        direct_scanout = true;
-        cm_fs_passthrough = 1;
-        cm_auto_hdr = 1;
-      };
-      experimental = {
-        xx_color_management_v4 = true;
+        cm_enabled = true;
+        direct_scanout = 2; # 0 - off; 1 - on; 2 - auto based on `game`
+        cm_fs_passthrough = 1; # 0 - off; 1 - always; 2 - hdr only
+        send_content_type = true; # automatic monitor mode switch
+        cm_auto_hdr = 1; # 0 - off; 1 - switch to cm,hdr 2; 2 - switch to cm,hdredid
       };
+      # experimental = {
+      #   xx_color_management_v4 = true;
+      # };
       monitorv2 = [
         {
           output = device.monitors.primary;
@@ -59,9 +61,9 @@
         {
           output = device.monitors.secondary;
           mode = "2560x1440@170";
-          position = "-1440x-1120";
+          position = "-2560x0";
           scale = 1;
-          transform = 1;
+          transform = 0;
         }
         {
           output = device.monitors.tertiary;
@@ -123,12 +125,12 @@
         bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
 
         animation = [
-          "windows, 1, 7, myBezier"
-          "windowsOut, 1, 7, default, popin 80%"
+          "windows, 1, 2, myBezier"
+          "windowsOut, 1, 2, default, popin 80%"
           "border, 1, 10, default"
           "borderangle, 1, 8, default"
-          "fade, 1, 7, default"
-          "workspaces, 1, 6, default"
+          "fade, 1, 2, default"
+          "workspaces, 1, 2, default"
         ];
       };
 
@@ -154,21 +156,20 @@
       # windowrulev2 = float,class:^(kitty)$,title:^(kitty)$
       # See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
 
-      windowrulev2 = [
-        # "float, title:^(Steam)$"
-        "float, title:^(Archetype.*)$"
-        "float, class:(.*nextcloud.*)"
-        "float, class:org.kde.kdeconnect.app"
+      windowrule = [
+        # "match:title ^(Steam)$ float"
+        "match:title ^(Archetype.*)$ float"
+        "match:class (.*nextcloud.*) float"
+        "match:class org.kde.kdeconnect.app float"
       ];
 
-      # "misc:vfr" = true;
-
       env = [
         "XCURSOR_SIZE,24"
         "XDG_SESSION_TYPE,wayland"
         "MOZ_ENABLE_WAYLAND,1"
         "QT_QPA_PLATFORM,wayland"
       ];
+
       exec-once = [
         # "${pkgs.polkit-kde-agent}/libexec/polkit-kde-authentication-agent-1"
         "${pkgs.mate.mate-polkit}/libexec/polkit-mate-authentication-agent-1"
@@ -188,8 +189,8 @@
       ];
       bind = [
         # Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
-        "$mainMod, Return, exec, ${lib.getExe pkgs.wezterm}"
-        "$mainModShift, Return, exec, ${lib.getExe pkgs.kitty}"
+        "$mainMod, Return, exec, ${lib.getExe pkgs.kitty}"
+        "$mainModShift, Return, exec, ${lib.getExe pkgs.ghostty}"
         # "$mainModShift, Return, exec, ${pkgs.foot}/bin/foot"
         "$mainModShift, Q, killactive,"
         "$mainModShift, s, exec, ${lib.getExe pkgs.hyprshot} -m region -o ~/Pictures/Screenshots/"

home/services/hyprpaper.nix

@@ -4,25 +4,33 @@
   config,
   ...
 }: {
-  imports = [
-    ../../modules/hyprpaper.nix
-  ];
-  programs.hyprpaper = let
+  services.hyprpaper = let
     wallpapers = import ../../utils/wallhaven.nix {inherit pkgs;};
     nextcloudWallpapers = name: config.home.homeDirectory + "/Nextcloud/Wallpapers/" + name;
-    silksongFleas = nextcloudWallpapers "silksong-fleas.jpg";
+    # silksongFleas = nextcloudWallpapers "silksong-fleas.jpg";
+    bocchiVertical = nextcloudWallpapers "bocchi-vertical.jpg";
     silksongShadeLord = nextcloudWallpapers "silksong-shadelord.jpg";
-  in rec {
+  in {
     enable = device.is "ryu";
-    systemd.enable = true;
-    systemd.target = "hyprland-session.target";
-    settings.preload =
-      wallpapers.all
-      ++ pkgs.lib.mapAttrsToList (_: value: value) settings.wallpapers;
-    settings.wallpapers = {
-      "${device.monitors.primary}" = silksongShadeLord;
-      "${device.monitors.secondary}" = wallpapers.frieren_3;
-      "${device.monitors.tertiary}" = silksongFleas;
+    settings = {
+      splash = false;
+      wallpaper = [
+        {
+          monitor = device.monitors.primary;
+          path = silksongShadeLord;
+          fit_mode = "cover";
+        }
+        {
+          monitor = device.monitors.secondary;
+          path = wallpapers.frieren_3;
+          fit_mode = "cover";
+        }
+        {
+          monitor = device.monitors.tertiary;
+          path = bocchiVertical;
+          fit_mode = "cover";
+        }
+      ];
     };
   };
 }

home/services/ironbar/default.nix

@@ -13,13 +13,14 @@
       "${device.monitors.secondary}" = {
         position = "bottom";
         start = [
-          {
-            type = "launcher";
-            favourites = ["firefox" "discord"];
-            show_names = false;
-            show_icons = true;
-          }
-          {type = "focused";}
+          {type = "tray";}
+          # {
+          #   type = "launcher";
+          #   favourites = ["firefox" "discord"];
+          #   show_names = false;
+          #   show_icons = true;
+          # }
+          # {type = "focused";}
         ];
         end = [
           {
@@ -35,46 +36,45 @@
           {type = "clock";}
         ];
       };
-      "${device.monitors.primary}" = {
-        position = "bottom";
-        icon_theme = "Papirus-Dark";
-        end = [
-          {
-            type = "sys_info";
-            format = [
-              "  CPU {cpu_percent}% | {temp_c:coretemp-Package-id-0}°C"
-              "  RAM {memory_used}GB/{memory_total}GB"
-            ];
-            interval = {
-              cpu = 1;
-              temps = 5;
-              memory = 30;
-              # disks= 300;
-              # networks= 3;
-            };
-          }
-          {type = "tray";}
-        ];
-        start = [
-          {
-            type = "workspaces";
-            name_map = {
-              "1" = "icon:foot";
-              "2" = "icon:code";
-              "3" = "icon:firefox";
-              "4" = "icon:slack";
-              "5" = "icon:steam";
-              "6" = "icon:foot";
-              "7" = "icon:foot";
-              "8" = "icon:firefox";
-              "9" = "icon:discord";
-              "10" = "icon:spotify";
-            };
-            favorites = ["1" "2" "3" "4" "5" "6" "7" "8" "9" "10"];
-            all_monitors = true;
-          }
-        ];
-      };
+      # "${device.monitors.primary}" = {
+      #   position = "bottom";
+      #   icon_theme = "Papirus-Dark";
+      #   end = [
+      #     {
+      #       type = "sys_info";
+      #       format = [
+      #         "  CPU {cpu_percent}% | {temp_c:coretemp-Package-id-0}°C"
+      #         "  RAM {memory_used}GB/{memory_total}GB"
+      #       ];
+      #       interval = {
+      #         cpu = 1;
+      #         temps = 5;
+      #         memory = 30;
+      #         # disks= 300;
+      #         # networks= 3;
+      #       };
+      #     }
+      #   ];
+      #   start = [
+      #     {
+      #       type = "workspaces";
+      #       name_map = {
+      #         "1" = "icon:kitty";
+      #         "2" = "icon:code";
+      #         "3" = "icon:firefox";
+      #         "4" = "icon:slack";
+      #         # "5" = "icon:steam";
+      #         # "6" = "icon:foot";
+      #         # "7" = "icon:foot";
+      #         # "8" = "icon:firefox";
+      #         # "9" = "icon:discord";
+      #         # "10" = "icon:spotify";
+      #       };
+      #       favorites = ["1" "2" "3" "4"];
+      #       all_monitors = false;
+      #     }
+      #   ];
+      # };
       "${device.monitors.tertiary}" = {
         position = "bottom";
         icon_theme = "Papirus-Dark";

home/services/remmina.nix

@@ -1,7 +1,68 @@
-{...}: {
+{
+  device,
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  remminaDir = "${config.home.homeDirectory}/.local/share/remmina";
+  applicationsDir = "${config.home.homeDirectory}/.local/share/applications";
+
+  # Script to generate desktop entries for Remmina connections
+  generateRemminaDesktopEntries = pkgs.writeShellScript "generate-remmina-desktop-entries" ''
+    REMMINA_DIR="${remminaDir}"
+    APPS_DIR="${applicationsDir}"
+
+    # Create applications directory if it doesn't exist
+    mkdir -p "$APPS_DIR"
+
+    # Remove old remmina desktop entries
+    rm -f "$APPS_DIR"/remmina-*.desktop
+
+    # Exit if remmina directory doesn't exist
+    [[ ! -d "$REMMINA_DIR" ]] && exit 0
+
+    # Generate desktop entries for each .remmina file
+    find "$REMMINA_DIR" -name "*.remmina" -type f | while read -r file; do
+      # Extract connection details
+      name=$(${pkgs.gnugrep}/bin/grep "^name=" "$file" | ${pkgs.coreutils}/bin/cut -d'=' -f2-)
+      server=$(${pkgs.gnugrep}/bin/grep "^server=" "$file" | ${pkgs.coreutils}/bin/cut -d'=' -f2-)
+      protocol=$(${pkgs.gnugrep}/bin/grep "^protocol=" "$file" | ${pkgs.coreutils}/bin/cut -d'=' -f2-)
+
+      # Use filename as fallback if name is empty
+      [[ -z "$name" ]] && name=$(${pkgs.coreutils}/bin/basename "$file" .remmina)
+      [[ -z "$protocol" ]] && protocol="Unknown"
+
+      # Generate desktop entry filename
+      desktop_name=$(${pkgs.coreutils}/bin/basename "$file" .remmina | ${pkgs.gnused}/bin/sed 's/[^a-zA-Z0-9_-]/-/g')
+      desktop_file="$APPS_DIR/remmina-$desktop_name.desktop"
+
+      # Create desktop entry
+      cat > "$desktop_file" <<EOF
+    [Desktop Entry]
+    Type=Application
+    Name=Remmina - $name
+    GenericName=$protocol Connection to $server
+    Comment=Connect to $server via $protocol
+    Exec=${pkgs.remmina}/bin/remmina -c "$file"
+    Icon=org.remmina.Remmina
+    Terminal=false
+    Categories=Network;RemoteAccess;
+    EOF
+    done
+  '';
+in {
   services.remmina = {
-    enable = true;
+    enable = device.is "ryu";
     systemdService.enable = true;
     addRdpMimeTypeAssoc = true;
   };
+
+  # Activation script to generate desktop entries
+  home.activation.generateRemminaDesktopEntries = mkIf (device.is "ryu") (
+    lib.hm.dag.entryAfter ["writeBoundary"] ''
+      run ${generateRemminaDesktopEntries}
+    ''
+  );
 }

home/services/wallpaperengine.nix

@@ -5,28 +5,28 @@
   ...
 }:
 lib.mkIf (device.is "ryu") {
-  # systemd.user.services.wallpaperengine = {
-  #   Unit = {
-  #     Description = "Linux Wallpaper Engine";
-  #     After = ["hyprland-session.target"];
-  #     Wants = ["hyprland-session.target"];
-  #     PartOf = ["hyprland-session.target"];
-  #   };
-  #
-  #   Service = {
-  #     Environment = [
-  #       "XDG_SESSION_TYPE=wayland"
-  #     ];
-  #     Type = "simple";
-  #     ExecStartPre = "${pkgs.coreutils}/bin/sleep 3";
-  #     ExecStart = "${pkgs.linux-wallpaperengine}/bin/linux-wallpaperengine --silent --no-audio-processing -f 15 --scaling fill --screen-root HDMI-A-1 --bg 2780316434";
-  #     Restart = "on-failure";
-  #     RestartSec = 5;
-  #     TimeoutStartSec = 30;
-  #   };
-  #
-  #   Install = {
-  #     WantedBy = ["hyprland-session.target"];
-  #   };
-  # };
+  systemd.user.services.wallpaperengine = {
+    Unit = {
+      Description = "Linux Wallpaper Engine";
+      After = ["hyprland-session.target"];
+      Wants = ["hyprland-session.target"];
+      PartOf = ["hyprland-session.target"];
+    };
+
+    Service = {
+      Environment = [
+        "XDG_SESSION_TYPE=wayland"
+      ];
+      Type = "simple";
+      ExecStartPre = "${pkgs.coreutils}/bin/sleep 3";
+      ExecStart = "${pkgs.linux-wallpaperengine}/bin/linux-wallpaperengine --silent --no-audio-processing -f 15 --scaling fill --screen-root HDMI-A-1 --bg 2780316434";
+      Restart = "on-failure";
+      RestartSec = 5;
+      TimeoutStartSec = 30;
+    };
+
+    Install = {
+      WantedBy = ["hyprland-session.target"];
+    };
+  };
 }

home/services/xdg.nix

@@ -3,12 +3,11 @@
   lib,
   device,
   ...
-}:
-lib.optionalAttrs (device.is "ryu") {
+}: {
   xdg.portal = {
-    enable = pkgs.stdenv.isLinux;
+    enable = device.is "ryu";
     config = {
-      hyprland.default = ["kde" "hyprland"];
+      hyprland.default = ["hyprland"];
       common.default = ["*" "hyprland"];
     };
     extraPortals = with pkgs; [

justfile

@@ -1,12 +1,13 @@
 set dotenv-load
 
+
 [macos]
 install: 
     sudo nix run nix-darwin -- switch --flake .
 
 [linux]
-install:
-	sudo nixos-rebuild switch --flake . --builders '' --max-jobs 1
+install cores='32':
+	sudo nixos-rebuild switch --flake . --builders '' --max-jobs 1 --cores {{cores}}
 
 [macos]
 build:
@@ -30,3 +31,15 @@ nvim:
 [linux]
 rollback:
 	sudo nixos-rebuild switch --rollback --flake .
+
+
+add program:
+    echo '{pkgs, ...}: { home.packages = [pkgs.{{program}}];}' > home/programs/{{program}}.nix
+    # https://ast-grep.github.io/advanced/pattern-parse.html#incomplete-pattern-code
+    # Since the imports doesn't match the whole pattern we need to use the selector binding and the attr expression to match it properly.
+    ast-grep run -p '{ imports = [$$$ITEMS] }' --selector binding --rewrite 'imports = [$$$ITEMS ./{{program}}.nix ]' home/programs/default.nix -i
+    alejandra fmt home/programs/{{program}}.nix home/programs/default.nix
+    git add home/programs/{{program}}.nix 
+
+# add-secret secret:
+#     openssl rand -hex 32 | tr -d '\n' | jq -sR | sops set --value-stdin secrets/secrets.yaml {{secret}}

modules/aichat.nix

@@ -81,6 +81,14 @@ in {
         type = lib.types.attrsOf lib.types.str;
         description = "Roles for the AI chat clients";
       };
+      extraPackages = mkOption {
+        type = lib.types.listOf lib.types.package;
+        default = [];
+        example = literalExpression "with pkgs; [ jq yek ];";
+        description = ''
+          Additional packages to install.
+        '';
+      };
     };
   };
 
@@ -99,7 +107,7 @@ in {
       '';
     };
   in {
-    home.packages = mkIf cfg.enable [aichat-wrapped];
+    home.packages = mkIf cfg.enable ([aichat-wrapped] ++ cfg.extraPackages);
 
     programs.fish.interactiveShellInit = mkIf cfg.enableFishIntegration fishIntegration;
     programs.bash.initExtra = mkIf cfg.enableBashIntegration bashIntegration;

modules/default.nix

@@ -4,10 +4,10 @@
   ...
 }: {
   imports = [
-    ./goread.nix
-    ./hyprpaper.nix
+    # ./goread.nix
+    # ./hyprpaper.nix
     # ./aichat.nix
-    ./tuifeed.nix
+    # ./tuifeed.nix
     #./ghostty.nix
     # ./sketchybar.nix
   ];

modules/hyprpaper.nix

@@ -1,104 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}:
-with lib; let
-  cfg = config.programs.hyprpaper;
-in {
-  options = {
-    programs.hyprpaper = {
-      enable = mkEnableOption "Hyprpaper - Wayland wallpaper utility";
-
-      systemd = {
-        enable = mkEnableOption "autostart service for Hyprpaper";
-
-        target = mkOption {
-          type = types.str;
-          default = "graphical-session.target";
-          example = "hyprland-session.target";
-          description = ''
-            The systemd target that will automatically start the Hyprpaper service.
-          '';
-        };
-      };
-
-      settings = with types; {
-        preload = mkOption {
-          type = listOf path;
-          default = [];
-          description = ''
-            Wallpaper images that should be preloaded into memory
-          '';
-          example = [./wallpapers/tensura.png];
-        };
-
-        wallpapers = mkOption {
-          type = attrsOf str;
-          default = {};
-          example = {"DP-1" = ./wallpapers/tensura.png;};
-          description = ''
-            Wallpaper to monitor mapper
-          '';
-        };
-
-        extraConfig = mkOption {
-          type = str;
-          default = "";
-          description = "Check https://github.com/hyprwm/hyprpaper#usage for info";
-          example = ''
-            newConfigOption = foo,bar
-          '';
-        };
-      };
-    };
-  };
-
-  config = {
-    home.packages = mkIf cfg.enable [pkgs.hyprpaper];
-
-    systemd.user.services.hyprpaper = mkIf cfg.systemd.enable {
-      Unit = {
-        Description = "autostart service for Hyprpaper";
-        Documentation = "https://github.com/hyprwm/hyprpaper";
-        BindsTo = ["graphical-session.target"];
-        After = ["graphical-session-pre.target"];
-      };
-
-      Service = {
-        ExecStart = "${pkgs.hyprpaper}/bin/hyprpaper";
-        ExecReload = "${pkgs.coreutils}/bin/kill -SIGUSR2 $MAINPID";
-        Restart = "on-failure";
-        KillMode = "mixed";
-      };
-
-      Install = {WantedBy = [cfg.systemd.target];};
-    };
-
-    xdg.configFile = mkIf cfg.enable {
-      "hypr/hyprpaper.conf".text = ''
-        # Auto-generated by Nix home-manager module
-
-        # hyprpaper.settings.preload
-        ${(lists.foldl (acc: v:
-          acc
-          + ''
-            preload = ${v}
-          '') ""
-        cfg.settings.preload)}
-
-        # hyprpaper.settings.wallpapers
-        ${(lists.foldl (acc: v:
-          acc
-          + ''
-            wallpaper = ${v}
-          '') "" (pkgs.lib.attrsets.mapAttrsToList (name: val: name + "," + val)
-          cfg.settings.wallpapers))}
-
-        # hyprpaper.settings.extraConfig
-        ${cfg.settings.extraConfig}
-      '';
-    };
-  };
-}

modules/nixos/affine.nix

@@ -0,0 +1,162 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.services.affine;
+  dbName = "affine";
+  dbUser = "affine";
+in {
+  options.services.affine = {
+    enable = mkEnableOption "AFFiNE self-hosted workspace";
+
+    port = mkOption {
+      type = types.port;
+      default = 3010;
+      description = "Port for the AFFiNE server to listen on";
+    };
+
+    domain = mkOption {
+      type = types.str;
+      description = "Public domain for AFFiNE (e.g. notes.darksailor.dev)";
+    };
+
+    imageTag = mkOption {
+      type = types.str;
+      default = "stable";
+      description = "Docker image tag for AFFiNE (stable, beta, canary)";
+    };
+
+    dataDir = mkOption {
+      type = types.str;
+      default = "/var/lib/affine";
+      description = "Base data directory for AFFiNE storage";
+    };
+
+    environmentFiles = mkOption {
+      type = types.listOf types.path;
+      default = [];
+      description = "Environment files containing secrets (DB password, etc.)";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Create data directories
+    systemd.tmpfiles.rules = [
+      "d ${cfg.dataDir} 0755 root root -"
+      "d ${cfg.dataDir}/storage 0755 root root -"
+      "d ${cfg.dataDir}/config 0755 root root -"
+      "d ${cfg.dataDir}/postgres 0700 root root -"
+      "d ${cfg.dataDir}/redis 0755 root root -"
+    ];
+
+    virtualisation.oci-containers = {
+      backend = "docker";
+      containers = {
+        affine-postgres = {
+          image = "pgvector/pgvector:pg16";
+          volumes = [
+            "${cfg.dataDir}/postgres:/var/lib/postgresql/data"
+          ];
+          environment = {
+            POSTGRES_USER = dbUser;
+            POSTGRES_DB = dbName;
+            POSTGRES_INITDB_ARGS = "--data-checksums";
+            POSTGRES_HOST_AUTH_METHOD = "trust";
+          };
+          environmentFiles = cfg.environmentFiles;
+          extraOptions = [
+            "--health-cmd=pg_isready -U ${dbUser} -d ${dbName}"
+            "--health-interval=10s"
+            "--health-timeout=5s"
+            "--health-retries=5"
+          ];
+          networks = ["affine-net"];
+        };
+
+        affine-redis = {
+          image = "redis:7";
+          volumes = [
+            "${cfg.dataDir}/redis:/data"
+          ];
+          networks = ["affine-net"];
+          extraOptions = [
+            "--health-cmd=redis-cli --raw incr ping"
+            "--health-interval=10s"
+            "--health-timeout=5s"
+            "--health-retries=5"
+          ];
+        };
+
+        affine = {
+          image = "ghcr.io/toeverything/affine:${cfg.imageTag}";
+          ports = ["127.0.0.1:${toString cfg.port}:3010"];
+          dependsOn = [
+            "affine-postgres"
+            "affine-redis"
+            "affine-migration"
+          ];
+          volumes = [
+            "${cfg.dataDir}/storage:/root/.affine/storage"
+            "${cfg.dataDir}/config:/root/.affine/config"
+          ];
+          environment = {
+            AFFINE_SERVER_PORT = "3010";
+            AFFINE_SERVER_HOST = cfg.domain;
+            AFFINE_SERVER_HTTPS = "true";
+            AFFINE_SERVER_EXTERNAL_URL = "https://${cfg.domain}";
+            REDIS_SERVER_HOST = "affine-redis";
+            DATABASE_URL = "postgresql://${dbUser}:$${AFFINE_DB_PASSWORD:-affine}@affine-postgres:5432/${dbName}";
+            AFFINE_INDEXER_ENABLED = "false";
+          };
+          environmentFiles = cfg.environmentFiles;
+          networks = ["affine-net"];
+        };
+
+        affine-migration = {
+          image = "ghcr.io/toeverything/affine:${cfg.imageTag}";
+          dependsOn = [
+            "affine-postgres"
+            "affine-redis"
+          ];
+          volumes = [
+            "${cfg.dataDir}/storage:/root/.affine/storage"
+            "${cfg.dataDir}/config:/root/.affine/config"
+          ];
+          cmd = ["sh" "-c" "node ./scripts/self-host-predeploy.js"];
+          environment = {
+            REDIS_SERVER_HOST = "affine-redis";
+            DATABASE_URL = "postgresql://${dbUser}:$${AFFINE_DB_PASSWORD:-affine}@affine-postgres:5432/${dbName}";
+            AFFINE_INDEXER_ENABLED = "false";
+          };
+          environmentFiles = cfg.environmentFiles;
+          networks = ["affine-net"];
+        };
+      };
+    };
+
+    # Create the Docker network
+    # systemd.services.affine-network = {
+    #   description = "Create AFFiNE Docker network";
+    #   after = ["docker.service"];
+    #   wantedBy = ["multi-user.target"];
+    #   serviceConfig = {
+    #     Type = "oneshot";
+    #     RemainAfterExit = true;
+    #     # ExecStart = "${config.virtualisation.docker.package}/bin/docker network create affine-net";
+    #     # ExecStop = "${config.virtualisation.docker.package}/bin/docker network remove affine-net";
+    #   };
+    # };
+    #
+    # Ensure containers start after the network is created
+    # systemd.services.docker-affine.after = ["affine-network.service"];
+    # systemd.services.docker-affine.requires = ["affine-network.service"];
+    # systemd.services.docker-affine-postgres.after = ["affine-network.service"];
+    # systemd.services.docker-affine-postgres.requires = ["affine-network.service"];
+    # systemd.services.docker-affine-redis.after = ["affine-network.service"];
+    # systemd.services.docker-affine-redis.requires = ["affine-network.service"];
+    # systemd.services.docker-affine-migration.after = ["affine-network.service"];
+    # systemd.services.docker-affine-migration.requires = ["affine-network.service"];
+  };
+}

modules/nixos/caddy/default.nix

@@ -1,480 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-with lib; let
-  cfg = config.services.caddy;
-
-  certs = config.security.acme.certs;
-  virtualHosts = attrValues cfg.virtualHosts;
-  acmeEnabledVhosts = filter (hostOpts: hostOpts.useACMEHost != null) virtualHosts;
-  vhostCertNames = unique (map (hostOpts: hostOpts.useACMEHost) acmeEnabledVhosts);
-  dependentCertNames = filter (cert: certs.${cert}.dnsProvider == null) vhostCertNames; # those that might depend on the HTTP server
-  independentCertNames = filter (cert: certs.${cert}.dnsProvider != null) vhostCertNames; # those that don't depend on the HTTP server
-
-  mkVHostConf = hostOpts: let
-    sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory;
-  in ''
-    ${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} {
-      ${optionalString (
-      hostOpts.listenAddresses != []
-    ) "bind ${concatStringsSep " " hostOpts.listenAddresses}"}
-      ${optionalString (
-      hostOpts.useACMEHost != null
-    ) "tls ${sslCertDir}/cert.pem ${sslCertDir}/key.pem"}
-      log {
-        ${hostOpts.logFormat}
-      }
-
-      ${hostOpts.extraConfig}
-    }
-  '';
-
-  settingsFormat = pkgs.formats.json {};
-
-  configFile =
-    if cfg.settings != {}
-    then settingsFormat.generate "caddy.json" cfg.settings
-    else let
-      Caddyfile = pkgs.writeTextDir "Caddyfile" ''
-        {
-          ${cfg.globalConfig}
-        }
-        ${cfg.extraConfig}
-        ${concatMapStringsSep "\n" mkVHostConf virtualHosts}
-      '';
-
-      Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" {} ''
-        mkdir -p $out
-        cp --no-preserve=mode ${Caddyfile}/Caddyfile $out/Caddyfile
-        ${lib.getExe cfg.package} fmt --overwrite $out/Caddyfile
-      '';
-    in "${
-      if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform
-      then Caddyfile-formatted
-      else Caddyfile
-    }/Caddyfile";
-
-  etcConfigFile = "caddy/caddy_config";
-
-  configPath = "/etc/${etcConfigFile}";
-
-  mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix lib;
-in {
-  imports = [
-    (mkRemovedOptionModule [
-      "services"
-      "caddy"
-      "agree"
-    ] "this option is no longer necessary for Caddy 2")
-    (mkRenamedOptionModule ["services" "caddy" "ca"] ["services" "caddy" "acmeCA"])
-    (mkRenamedOptionModule ["services" "caddy" "config"] ["services" "caddy" "extraConfig"])
-  ];
-
-  # interface
-  options.services.caddy = {
-    enable = mkEnableOption "Caddy web server";
-
-    user = mkOption {
-      default = "caddy";
-      type = types.str;
-      description = ''
-        User account under which caddy runs.
-
-        ::: {.note}
-        If left as the default value this user will automatically be created
-        on system activation, otherwise you are responsible for
-        ensuring the user exists before the Caddy service starts.
-        :::
-      '';
-    };
-
-    group = mkOption {
-      default = "caddy";
-      type = types.str;
-      description = ''
-        Group under which caddy runs.
-
-        ::: {.note}
-        If left as the default value this group will automatically be created
-        on system activation, otherwise you are responsible for
-        ensuring the group exists before the Caddy service starts.
-        :::
-      '';
-    };
-
-    package = mkPackageOption pkgs "caddy" {};
-
-    dataDir = mkOption {
-      type = types.path;
-      default = "/var/lib/caddy";
-      description = ''
-        The data directory for caddy.
-
-        ::: {.note}
-        If left as the default value this directory will automatically be created
-        before the Caddy server starts, otherwise you are responsible for ensuring
-        the directory exists with appropriate ownership and permissions.
-
-        Caddy v2 replaced `CADDYPATH` with XDG directories.
-        See <https://caddyserver.com/docs/conventions#file-locations>.
-        :::
-      '';
-    };
-
-    logDir = mkOption {
-      type = types.path;
-      default = "/var/log/caddy";
-      description = ''
-        Directory for storing Caddy access logs.
-
-        ::: {.note}
-        If left as the default value this directory will automatically be created
-        before the Caddy server starts, otherwise the sysadmin is responsible for
-        ensuring the directory exists with appropriate ownership and permissions.
-        :::
-      '';
-    };
-
-    logFormat = mkOption {
-      type = types.lines;
-      default = ''
-        level ERROR
-      '';
-      example = literalExpression ''
-        mkForce "level INFO";
-      '';
-      description = ''
-        Configuration for the default logger. See
-        <https://caddyserver.com/docs/caddyfile/options#log>
-        for details.
-      '';
-    };
-
-    configFile = mkOption {
-      type = types.path;
-      default = configFile;
-      defaultText = "A Caddyfile automatically generated by values from services.caddy.*";
-      example = literalExpression ''
-        pkgs.writeText "Caddyfile" '''
-          example.com
-
-          root * /var/www/wordpress
-          php_fastcgi unix//run/php/php-version-fpm.sock
-          file_server
-        ''';
-      '';
-      description = ''
-        Override the configuration file used by Caddy. By default,
-        NixOS generates one automatically.
-
-        The configuration file is exposed at {file}`${configPath}`.
-      '';
-    };
-
-    adapter = mkOption {
-      default =
-        if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile")
-        then "caddyfile"
-        else null;
-      defaultText = literalExpression ''
-        if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile") then "caddyfile" else null
-      '';
-      example = literalExpression "nginx";
-      type = with types; nullOr str;
-      description = ''
-        Name of the config adapter to use.
-        See <https://caddyserver.com/docs/config-adapters>
-        for the full list.
-
-        If `null` is specified, the `--adapter` argument is omitted when
-        starting or restarting Caddy. Notably, this allows specification of a
-        configuration file in Caddy's native JSON format, as long as the
-        filename does not start with `Caddyfile` (in which case the `caddyfile`
-        adapter is implicitly enabled). See
-        <https://caddyserver.com/docs/command-line#caddy-run> for details.
-
-        ::: {.note}
-        Any value other than `null` or `caddyfile` is only valid when providing
-        your own `configFile`.
-        :::
-      '';
-    };
-
-    resume = mkOption {
-      default = false;
-      type = types.bool;
-      description = ''
-        Use saved config, if any (and prefer over any specified configuration passed with `--config`).
-      '';
-    };
-
-    globalConfig = mkOption {
-      type = types.lines;
-      default = "";
-      example = ''
-        debug
-        servers {
-          protocol {
-            experimental_http3
-          }
-        }
-      '';
-      description = ''
-        Additional lines of configuration appended to the global config section
-        of the `Caddyfile`.
-
-        Refer to <https://caddyserver.com/docs/caddyfile/options#global-options>
-        for details on supported values.
-      '';
-    };
-
-    extraConfig = mkOption {
-      type = types.lines;
-      default = "";
-      example = ''
-        example.com {
-          encode gzip
-          log
-          root /srv/http
-        }
-      '';
-      description = ''
-        Additional lines of configuration appended to the automatically
-        generated `Caddyfile`.
-      '';
-    };
-
-    virtualHosts = mkOption {
-      type = with types; attrsOf (submodule (import ./vhost-options.nix {inherit cfg;}));
-      default = {};
-      example = literalExpression ''
-        {
-          "hydra.example.com" = {
-            serverAliases = [ "www.hydra.example.com" ];
-            extraConfig = '''
-              encode gzip
-              root * /srv/http
-            ''';
-          };
-        };
-      '';
-      description = ''
-        Declarative specification of virtual hosts served by Caddy.
-      '';
-    };
-
-    acmeCA = mkOption {
-      default = null;
-      example = "https://acme-v02.api.letsencrypt.org/directory";
-      type = with types; nullOr str;
-      description = ''
-        ::: {.note}
-        Sets the [`acme_ca` option](https://caddyserver.com/docs/caddyfile/options#acme-ca)
-        in the global options block of the resulting Caddyfile.
-        :::
-
-        The URL to the ACME CA's directory. It is strongly recommended to set
-        this to `https://acme-staging-v02.api.letsencrypt.org/directory` for
-        Let's Encrypt's [staging endpoint](https://letsencrypt.org/docs/staging-environment/)
-        while testing or in development.
-
-        Value `null` should be prefered for production setups,
-        as it omits the `acme_ca` option to enable
-        [automatic issuer fallback](https://caddyserver.com/docs/automatic-https#issuer-fallback).
-      '';
-    };
-
-    email = mkOption {
-      default = null;
-      type = with types; nullOr str;
-      description = ''
-        Your email address. Mainly used when creating an ACME account with your
-        CA, and is highly recommended in case there are problems with your
-        certificates.
-      '';
-    };
-
-    enableReload = mkOption {
-      default = true;
-      type = types.bool;
-      description = ''
-        Reload Caddy instead of restarting it when configuration file changes.
-
-        Note that enabling this option requires the [admin API](https://caddyserver.com/docs/caddyfile/options#admin)
-        to not be turned off.
-
-        If you enable this option, consider setting [`grace_period`](https://caddyserver.com/docs/caddyfile/options#grace-period)
-        to a non-infinite value in {option}`services.caddy.globalConfig`
-        to prevent Caddy waiting for active connections to finish,
-        which could delay the reload essentially indefinitely.
-      '';
-    };
-
-    settings = mkOption {
-      type = settingsFormat.type;
-      default = {};
-      description = ''
-        Structured configuration for Caddy to generate a Caddy JSON configuration file.
-        See <https://caddyserver.com/docs/json/> for available options.
-
-        ::: {.warning}
-        Using a [Caddyfile](https://caddyserver.com/docs/caddyfile) instead of a JSON config is highly recommended by upstream.
-        There are only very few exception to this.
-
-        Please use a Caddyfile via {option}`services.caddy.configFile`, {option}`services.caddy.virtualHosts` or
-        {option}`services.caddy.extraConfig` with {option}`services.caddy.globalConfig` instead.
-        :::
-
-        ::: {.note}
-        Takes presence over most `services.caddy.*` options, such as {option}`services.caddy.configFile` and {option}`services.caddy.virtualHosts`, if specified.
-        :::
-      '';
-    };
-
-    environmentFile = mkOption {
-      type = with types; nullOr path;
-      default = null;
-      example = "/run/secrets/caddy.env";
-      description = ''
-        Environment file as defined in {manpage}`systemd.exec(5)`.
-
-        You can use environment variables to pass secrets to the service without adding
-        them to the world-redable nix store.
-
-        ```
-        # in configuration.nix
-        services.caddy.environmentFile = "/run/secrets/caddy.env";
-        services.caddy.globalConfig = '''
-          {
-            acme_ca https://acme.zerossl.com/v2/DV90
-            acme_eab {
-              key_id {$EAB_KEY_ID}
-              mac_key {$EAB_MAC_KEY}
-            }
-          }
-        ''';
-        ```
-
-        ```
-        # in /run/secrets/caddy.env
-        EAB_KEY_ID=secret
-        EAB_MAC_KEY=secret
-        ```
-
-        Find more examples
-        [here](https://caddyserver.com/docs/caddyfile/concepts#environment-variables)
-      '';
-    };
-  };
-
-  # implementation
-  config = mkIf cfg.enable {
-    assertions =
-      [
-        {
-          assertion = cfg.configFile == configFile -> cfg.adapter == "caddyfile" || cfg.adapter == null;
-          message = "To specify an adapter other than 'caddyfile' please provide your own configuration via `services.caddy.configFile`";
-        }
-      ]
-      ++ map (
-        name:
-          mkCertOwnershipAssertion {
-            cert = config.security.acme.certs.${name};
-            groups = config.users.groups;
-            services = [config.systemd.services.caddy];
-          }
-      )
-      vhostCertNames;
-
-    services.caddy.globalConfig = ''
-      ${optionalString (cfg.email != null) "email ${cfg.email}"}
-      ${optionalString (cfg.acmeCA != null) "acme_ca ${cfg.acmeCA}"}
-      log {
-        ${cfg.logFormat}
-      }
-    '';
-
-    # https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
-    boot.kernel.sysctl."net.core.rmem_max" = mkDefault 2500000;
-    boot.kernel.sysctl."net.core.wmem_max" = mkDefault 2500000;
-
-    systemd.packages = [cfg.package];
-    systemd.services.caddy = {
-      wants = map (certName: "acme-finished-${certName}.target") vhostCertNames;
-      after =
-        map (certName: "acme-selfsigned-${certName}.service") vhostCertNames
-        ++ map (certName: "acme-${certName}.service") independentCertNames; # avoid loading self-signed key w/ real cert, or vice-versa
-      before = map (certName: "acme-${certName}.service") dependentCertNames;
-
-      wantedBy = ["multi-user.target"];
-      startLimitIntervalSec = 14400;
-      startLimitBurst = 10;
-      reloadTriggers = optional cfg.enableReload cfg.configFile;
-      restartTriggers = optional (!cfg.enableReload) cfg.configFile;
-
-      serviceConfig = let
-        runOptions = ''--config ${configPath} ${
-            optionalString (cfg.adapter != null) "--adapter ${cfg.adapter}"
-          }'';
-      in {
-        # Override the `ExecStart` line from upstream's systemd unit file by our own:
-        # https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
-        # If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
-        ExecStart = [
-          ""
-          ''${lib.getExe cfg.package} run ${runOptions} ${optionalString cfg.resume "--resume"}''
-        ];
-        # Validating the configuration before applying it ensures we’ll get a proper error that will be reported when switching to the configuration
-        ExecReload =
-          [
-            ""
-          ]
-          ++ lib.optional cfg.enableReload "${lib.getExe cfg.package} reload ${runOptions} --force";
-        User = cfg.user;
-        Group = cfg.group;
-        ReadWritePaths = [cfg.dataDir];
-        StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") ["caddy"];
-        LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") ["caddy"];
-        Restart = "on-failure";
-        RestartPreventExitStatus = 1;
-        RestartSec = "5s";
-        EnvironmentFile = optional (cfg.environmentFile != null) cfg.environmentFile;
-
-        # TODO: attempt to upstream these options
-        NoNewPrivileges = true;
-        PrivateDevices = true;
-        ProtectHome = true;
-      };
-    };
-
-    users.users = optionalAttrs (cfg.user == "caddy") {
-      caddy = {
-        group = cfg.group;
-        uid = config.ids.uids.caddy;
-        home = cfg.dataDir;
-      };
-    };
-
-    users.groups = optionalAttrs (cfg.group == "caddy") {
-      caddy.gid = config.ids.gids.caddy;
-    };
-
-    security.acme.certs = let
-      certCfg =
-        map (
-          certName:
-            nameValuePair certName {
-              group = mkDefault cfg.group;
-              reloadServices = ["caddy.service"];
-            }
-        )
-        vhostCertNames;
-    in
-      listToAttrs certCfg;
-
-    environment.etc.${etcConfigFile}.source = cfg.configFile;
-  };
-}

modules/nixos/caddy/vhost-options.nix

@@ -1,83 +0,0 @@
-{cfg}: {
-  config,
-  lib,
-  name,
-  ...
-}: let
-  inherit (lib) literalExpression mkOption types;
-in {
-  options = {
-    hostName = mkOption {
-      type = types.str;
-      default = name;
-      description = "Canonical hostname for the server.";
-    };
-
-    serverAliases = mkOption {
-      type = with types; listOf str;
-      default = [];
-      example = [
-        "www.example.org"
-        "example.org"
-      ];
-      description = ''
-        Additional names of virtual hosts served by this virtual host configuration.
-      '';
-    };
-
-    listenAddresses = mkOption {
-      type = with types; listOf str;
-      description = ''
-        A list of host interfaces to bind to for this virtual host.
-      '';
-      default = [];
-      example = [
-        "127.0.0.1"
-        "::1"
-      ];
-    };
-
-    useACMEHost = mkOption {
-      type = types.nullOr types.str;
-      default = null;
-      description = ''
-        A host of an existing Let's Encrypt certificate to use.
-        This is mostly useful if you use DNS challenges but Caddy does not
-        currently support your provider.
-
-        *Note that this option does not create any certificates, nor
-        does it add subdomains to existing ones – you will need to create them
-        manually using [](#opt-security.acme.certs).*
-      '';
-    };
-
-    logFormat = mkOption {
-      type = types.lines;
-      default = ''
-        output file ${cfg.logDir}/access-${lib.replaceStrings ["/" " "] ["_" "_"] config.hostName}.log
-      '';
-      defaultText = ''
-        output file ''${config.services.caddy.logDir}/access-''${hostName}.log
-      '';
-      example = literalExpression ''
-        mkForce '''
-          output discard
-        ''';
-      '';
-      description = ''
-        Configuration for HTTP request logging (also known as access logs). See
-        <https://caddyserver.com/docs/caddyfile/directives/log#log>
-        for details.
-      '';
-    };
-
-    extraConfig = mkOption {
-      type = types.lines;
-      default = "";
-      description = ''
-        Additional lines of configuration appended to this virtual host in the
-        automatically generated `Caddyfile`.
-      '';
-    };
-  };
-}

modules/nixos/substituters.nix

@@ -0,0 +1,50 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.nix.substituters;
+in {
+  options.nix.substituters = {
+    enableCuda = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable NixOS CUDA cache";
+    };
+
+    enableLlamaCpp = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable llama-cpp cache";
+    };
+  };
+
+  config = {
+    nix.settings = {
+      trusted-substituters =
+        [
+          "https://nix-community.cachix.org"
+          "https://nixos-raspberrypi.cachix.org"
+        ]
+        ++ optionals cfg.enableLlamaCpp [
+          "https://llama-cpp.cachix.org"
+        ]
+        ++ optionals cfg.enableCuda [
+          "https://cache.nixos-cuda.org"
+        ];
+
+      trusted-public-keys =
+        [
+          "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+          "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
+        ]
+        ++ optionals cfg.enableLlamaCpp [
+          "llama-cpp.cachix.org-1:H75X+w83wUKTIPSO1KWy9ADUrzThyGs8P5tmAbkWhQc="
+        ]
+        ++ optionals cfg.enableCuda [
+          "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M="
+        ];
+    };
+  };
+}

neovim/default.nix

@@ -1,8 +1,4 @@
-{
-  pkgs,
-  stablePkgs,
-  ...
-}: let
+{pkgs, ...}: let
   mkMappings = mappings:
     []
     ++ (pkgs.lib.optionals (builtins.hasAttr "normal" mappings) (mkMode mappings.normal "n"))
@@ -17,16 +13,6 @@
       mode = mode;
     })
     mappings;
-  border = [
-    "╭"
-    "─"
-    "╮"
-    "│"
-    "╯"
-    "─"
-    "╰"
-    "│"
-  ];
   rawLua = lua: {
     "__raw" = ''
       ${lua}
@@ -34,6 +20,7 @@
   };
 in {
   opts = {
+    autoread = true;
     completeopt = "menu,menuone,popup,noselect";
     expandtab = true;
     foldenable = true;
@@ -60,7 +47,20 @@ in {
   colorschemes = {
     catppuccin = {
       enable = true;
-      settings.flavour = "mocha";
+      settings = {
+        flavour = "mocha";
+        integrations = {
+          cmp = true;
+          gitsigns = true;
+          nvimtree = true;
+          treesitter = true;
+          notify = true;
+          mini = {
+            enabled = true;
+            indentscope_color = "";
+          };
+        };
+      };
     };
   };
   keymaps = mkMappings {
@@ -107,7 +107,7 @@ in {
       "<C-q>x" = "[[<cmd>tabclose<cr>]]";
       "<C-q>n" = "[[<cmd>tabnext<cr>]]";
       "<C-q>p" = "[[<cmd>tabprevious<cr>]]";
-      "<c-.>" = "require('sidekick.cli').toggle";
+      "<C-.>" = "require('opencode').toggle";
     };
     terminal = {
       "<C-\\>" = "require('FTerm').toggle";
@@ -178,16 +178,19 @@ in {
     trouble.enable = true;
     ts-context-commentstring.enable = true;
     which-key.enable = true;
-
-    sidekick = {
+    opencode = {
       enable = true;
-      settings = {
-        nes = {
-          enabled = false;
-        };
-      };
     };
 
+    # sidekick = {
+    #   enable = true;
+    #   settings = {
+    #     nes = {
+    #       enabled = false;
+    #     };
+    #   };
+    # };
+
     conform-nvim = {
       enable = true;
       settings = {
@@ -330,10 +333,6 @@ in {
       settings.image_provider = "image.nvim";
     };
 
-    markdown-preview = {
-      enable = true;
-    };
-
     noice = {
       enable = true;
       settings = {
@@ -363,17 +362,17 @@ in {
         };
       };
       folding.enable = true;
-      grammarPackages =
-        (with pkgs.tree-sitter-grammars; [
-          tree-sitter-norg
-          tree-sitter-norg-meta
-          tree-sitter-just
-          tree-sitter-nu
-          tree-sitter-pest
-          tree-sitter-slint
-        ])
-        ++ pkgs.vimPlugins.nvim-treesitter.allGrammars;
-      nixGrammars = true;
+      # grammarPackages =
+      #   (with pkgs.tree-sitter-grammars; [
+      #     tree-sitter-norg
+      #     tree-sitter-norg-meta
+      #     tree-sitter-just
+      #     tree-sitter-nu
+      #     tree-sitter-pest
+      #     tree-sitter-slint
+      #   ])
+      #   ++ pkgs.vimPlugins.nvim-treesitter.allGrammars;
+      # nixGrammars = true;
     };
 
     telescope = {
@@ -407,6 +406,15 @@ in {
       };
     };
 
+    tv = {
+      enable = true;
+      settings = {
+        global_keybindings = {
+          channels = "<leader>tv";
+        };
+      };
+    };
+
     fidget = {
       enable = true;
       settings.notification.override_vim_notify = true;
@@ -543,6 +551,8 @@ in {
         sqls.enable = true;
         pyright.enable = true;
         slint_lsp.enable = true;
+        wgsl_analyzer.enable = true;
+        glsl_analyzer.enable = true;
         # sourcekit.enable = true;
         openscad_lsp.enable = true;
         tinymist.enable = true;
@@ -610,6 +620,21 @@ in {
         };
         sources = {
           cmdline = [];
+          # default =
+          # rawLua
+          # /*
+          # lua
+          # */
+          # ''
+          #   function(ctx)
+          #     local success, node = pcall(vim.treesitter.get_node)
+          #     if success and node and vim.tbl_contains({ 'comment', 'line_comment', 'block_comment' }, node:type()) then
+          #       return { 'buffer' }
+          #     else
+          #       return { 'git', 'lsp', 'path', 'snippets', 'buffer', 'dictionary', 'ripgrep', 'tmux' }
+          #     end
+          #   end
+          # '';
           default = [
             "git"
             "lsp"
@@ -618,6 +643,7 @@ in {
             "path"
             "buffer"
             "ripgrep"
+            # "tmux"
           ];
           providers = {
             buffer = {
@@ -629,23 +655,30 @@ in {
             path = {};
             dictionary = {
               module = "blink-cmp-dictionary";
-              name = "Dict";
+              name = "dict";
               min_keyword_length = 3;
               opts = {
               };
             };
             git = {
               module = "blink-cmp-git";
-              name = "Git";
+              name = "git";
               opts = {
                 # -- options for the blink-cmp-git
               };
             };
             ripgrep = {
               module = "blink-ripgrep";
-              name = "Ripgrep";
+              name = "ripgrep";
               opts = {};
             };
+            # tmux = {
+            #   module = "blink-cmp-tmux";
+            #   name = "tmux";
+            #   opts = {
+            #     triggered_only = false;
+            #   };
+            # };
           };
         };
       };
@@ -655,6 +688,7 @@ in {
     blink-cmp-dictionary.enable = true;
     blink-cmp-copilot.enable = true;
     blink-cmp-spell.enable = true;
+    blink-cmp-tmux.enable = true;
     blink-compat = {
       enable = true;
       settings.impersonate_nvim_cmp = true;
@@ -851,6 +885,6 @@ in {
     pkgs.lua
     pkgs.ripgrep
     pkgs.nodejs-slim
-    pkgs.qwen-code
+    pkgs.lsof
   ];
 }

neovim/overlays.nix

@@ -47,36 +47,3 @@ in [
   vimPlugins
   tree-sitter-grammars
 ]
-# tree-sitter-grammars = final: prev: {
-#   tree-sitter-grammars =
-#     prev.tree-sitter-grammars
-#     // {
-#       # tree-sitter-just = final.pkgs.tree-sitter.buildGrammar {
-#       #   language = "just";
-#       #   version = "1";
-#       #   src = inputs.tree-sitter-just;
-#       # };
-#       # tree-sitter-nu = final.pkgs.tree-sitter.buildGrammar {
-#       #   language = "nu";
-#       #   version = "1";
-#       #   src = inputs.tree-sitter-nu;
-#       # };
-#       tree-sitter-d2 = final.pkgs.tree-sitter.buildGrammar {
-#         language = "d2";
-#         version = "1";
-#         src = inputs.tree-sitter-d2;
-#       };
-#     };
-# };
-# vimPlugins = final: prev: {
-#   vimPlugins =
-#     prev.vimPlugins
-#     // {
-#       d2 = final.pkgs.vimUtils.buildVimPlugin {
-#         name = "d2";
-#         version = "1";
-#         src = inputs.d2;
-#       };
-#     };
-# };
-

nixos/documentation.nix

@@ -4,4 +4,5 @@
   documentation.dev.enable = true;
   documentation.doc.enable = true;
   documentation.nixos.enable = true;
+  documentation.man.generateCaches = true;
 }

nixos/ryu/apps/default.nix

@@ -7,5 +7,11 @@
     # ./alvr.nix
     ./easyeffects.nix
     ./vr.nix
+    ./helvum.nix
+    # ./wine.nix
+    # ./virt.nix
+    ./gparted.nix
+    ./nvtop.nix
+    # ./qpwgraph.nix
   ];
 }

nixos/ryu/apps/gparted.nix

@@ -0,0 +1,3 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [gparted];
+}

nixos/ryu/apps/helvum.nix

@@ -0,0 +1,3 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [helvum];
+}

nixos/ryu/apps/nvtop.nix

@@ -0,0 +1,3 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [nvtopPackages.nvidia];
+}

nixos/ryu/apps/qpwgraph.nix

@@ -0,0 +1,3 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [qpwgraph];
+}

nixos/ryu/apps/virt.nix

@@ -0,0 +1,6 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    virt-manager
+    quickemu
+  ];
+}

nixos/ryu/apps/vr.nix

@@ -1,8 +1,9 @@
 {pkgs, ...}: {
   environment.systemPackages = with pkgs; [
-    wlx-overlay-s
-    wayvr-dashboard
-    bs-manager
+    wayvr
+    # wlx-overlay-s
+    # wayvr-dashboard
+    # bs-manager
     monado-vulkan-layers
     # envision
   ];

nixos/ryu/apps/wine.nix

@@ -0,0 +1,7 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    wine-wayland
+    winetricks
+    wineWowPackages.waylandFull
+  ];
+}

nixos/ryu/configuration.nix

@@ -2,6 +2,7 @@
   pkgs,
   lib,
   device,
+  config,
   ...
 }: {
   imports = [
@@ -10,7 +11,9 @@
     ./programs
     ./containers
     ./apps
-    # ./vms
+    ./vms
+    ./games
+    ../../modules/nixos/substituters.nix
   ];
 
   security.tpm2 = {
@@ -25,6 +28,7 @@
       withUWSM = true;
       xwayland.enable = true;
     };
+    uwsm.enable = true;
   };
 
   systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
@@ -44,18 +48,7 @@
       auto-optimise-store = true;
       extra-experimental-features = "nix-command flakes auto-allocate-uids";
       trusted-users = [device.user];
-      trusted-substituters = [
-        "https://nix-community.cachix.org"
-        "https://nixos-raspberrypi.cachix.org"
-        "https://llama-cpp.cachix.org"
-        "https://cuda-maintainers.cachix.org"
-      ];
-      trusted-public-keys = [
-        "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
-        "llama-cpp.cachix.org-1:H75X+w83wUKTIPSO1KWy9ADUrzThyGs8P5tmAbkWhQc="
-        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-        "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
-      ];
+      extra-sandbox-paths = [config.programs.ccache.cacheDir];
     };
     extraOptions = ''
       build-users-group = nixbld
@@ -67,19 +60,24 @@
       dates = "daily";
       options = "--delete-older-than +5";
     };
-    package = pkgs.nixVersions.latest; # deploy-rs doesn't work with nix >= 2.32
+    package = pkgs.nixVersions.nix_2_32; # deploy-rs doesn't work with nix >= 2.33
     buildMachines = [
       ../../builders/tako.nix
       ../../builders/shiro.nix
       # ../../builders/tsuba.nix
     ];
     distributedBuilds = true;
+    # Enable CUDA and llama-cpp caches
+    substituters = {
+      enableCuda = true;
+      enableLlamaCpp = true;
+    };
   };
 
   users.users.${device.user} = {
     uid = device.uid;
     isNormalUser = true;
-    extraGroups = ["wheel" "audio" "i2c" "media" "video" "tss"];
+    extraGroups = ["wheel" "audio" "i2c" "media" "video" "tss" "plugdev"];
     openssh.authorizedKeys.keyFiles = [
       ../../secrets/id_ed25519.pub
       ../../secrets/id_ios.pub
@@ -109,12 +107,6 @@
     };
     displayManager.gdm.enable = true;
     # desktopManager.gnome.enable = true;
-    pipewire = {
-      enable = true;
-      alsa.enable = true;
-      alsa.support32Bit = true;
-      pulse.enable = true;
-    };
   };
 
   boot = {
@@ -167,12 +159,31 @@
           Name = "Ryu";
           Enable = "Source,Sink,Media,Socket";
           ControllerMode = "dual";
-          FactConnectable = "true";
-          Experimental = "true";
+          FactConnectable = true;
+          Experimental = true;
         };
       };
     };
   };
+  boot.extraModprobeConfig = ''
+    # Keep Bluetooth coexistence disabled for better BT audio stability
+    options iwlwifi bt_coex_active=0
+
+    # Enable software crypto (helps BT coexistence sometimes)
+    options iwlwifi swcrypto=1
+
+    # Disable power saving on Wi-Fi module to reduce radio state changes that might disrupt BT
+    options iwlwifi power_save=0
+
+    # Disable Unscheduled Automatic Power Save Delivery (U-APSD) to improve BT audio stability
+    options iwlwifi uapsd_disable=1
+
+    # Disable D0i3 power state to avoid problematic power transitions
+    options iwlwifi d0i3_disable=1
+
+    # Set power scheme for performance (iwlmvm)
+    options iwlmvm power_scheme=1
+  '';
 
   networking = {
     interfaces.eno1.wakeOnLan = {
@@ -282,41 +293,6 @@
   fonts.fontconfig.enable = true;
   fonts.fontDir.enable = true;
   environment = {
-    # List packages installed in system profile. To search, run:
-    # $ nix search wget
-    systemPackages = with pkgs; [
-      v4l-utils
-      polychromatic
-      openrazer-daemon
-      cudatoolkit
-      # Wine
-      wine-wayland
-      winetricks
-      wineWowPackages.waylandFull
-
-      virt-manager
-      gparted
-      nvtopPackages.nvidia
-      quickemu
-      # (nixvim.makeNixvim (import ../../neovim))
-      qpwgraph
-      hyprland
-      xorg.xhost
-      foot
-      git
-      fish
-      nushell
-      # (pkgs.wrapFirefox
-      #   (pkgs.firefox-unwrapped.override {pipewireSupport = true;})
-      #   {})
-      gnumake
-      python3
-      nerd-fonts.fira-code
-      nerd-fonts.hasklug
-      nerd-fonts.symbols-only
-      monaspace
-      ddcutil
-    ];
     sessionVariables = {
       WLR_NO_HARDWARE_CURSORS = "1";
       NIXOS_OZONE_WL = "1";