Add nerdfonts

Remove unused variable
Switch to lunarvim
2024-03-09 21:35:42 +00:00 · 2024-03-09 21:17:54 +00:00 · 2024-03-03 23:17:42 +00:00 · 2024-03-03 19:44:38 +00:00 · 2024-03-03 19:44:04 +00:00 · 2024-03-03 16:11:54 +00:00
88 changed files with 2712 additions and 1238 deletions
--- a/README.md
+++ b/README.md
@ -7,10 +7,18 @@ System and user configuration for NixOS-based systems.
 | **Shell:** | zsh |
 | **DE:** | GNOME |
 | **Theme:** | adwaita |
-| **Terminal:** | BlackBox |
+| **Terminal:** | Console |
-## Quick start
+## Provisioning
-1. Copy SSH keypair and `known_hosts` to `~/.ssh`
+> [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) is the module used for provisioning
-1. Import GPG keys and set ultimate trust with `echo "KEYID:6:" | gpg --import-ownertrust`
+
-1. `git clone git@git.vimium.com:jordan/nix-config.git projects/jordan/nix-config`
+Generate a new SSH host key in "$temp/etc/ssh" as per [this guide](https://nix-community.github.io/nixos-anywhere/howtos/secrets.html#example-decrypting-an-openssh-host-key-with-pass).
-1. `sudo nixos-rebuild switch --flake .#`
+
 Then run;
 ```
 nix run github:nix-community/nixos-anywhere -- \
  --disk-encryption-keys /tmp/secret.key /tmp/secret.key \
  --extra-files "$temp" \
  --flake .#<hostname> \
  root@<ip>
 ```
--- a/flake.lock
+++ b/flake.lock
@ -1,73 +1,307 @@
 {
  "nodes": {
-    "firefox-gnome-theme": {
+    "agenix": {
-      "flake": false,
+      "inputs": {
        "darwin": "darwin",
        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs",
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1699621711,
+        "lastModified": 1707830867,
-        "narHash": "sha256-GUvBQbagF/7W1AriPVvJYA1cmk9Y/iWXghj3cIFYQzU=",
+        "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
-        "owner": "rafaelmardojai",
+        "owner": "ryantm",
-        "repo": "firefox-gnome-theme",
+        "repo": "agenix",
-        "rev": "1c32013cdbe17406de496cdf5f6899b84c4bbfed",
+        "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
        "type": "github"
      },
      "original": {
-        "owner": "rafaelmardojai",
+        "owner": "ryantm",
-        "repo": "firefox-gnome-theme",
+        "repo": "agenix",
        "type": "github"
      }
    },
-    "home-manager": {
+    "darwin": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1700795494,
        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
        "owner": "lnl7",
        "repo": "nix-darwin",
        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
        "type": "github"
      },
      "original": {
        "owner": "lnl7",
        "ref": "master",
        "repo": "nix-darwin",
        "type": "github"
      }
    },
    "deploy-rs": {
      "inputs": {
        "flake-compat": "flake-compat",
        "nixpkgs": "nixpkgs_2",
        "utils": "utils"
      },
      "locked": {
        "lastModified": 1708091384,
        "narHash": "sha256-dTGGw2y8wvfjr+J9CjQbfdulOq72hUG17HXVNxpH1yE=",
        "owner": "serokell",
        "repo": "deploy-rs",
        "rev": "0a0187794ac7f7a1e62cda3dabf8dc041f868790",
        "type": "github"
      },
      "original": {
        "owner": "serokell",
        "repo": "deploy-rs",
        "type": "github"
      }
    },
    "disko": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1699748081,
+        "lastModified": 1709439398,
-        "narHash": "sha256-MOmMapBydd7MTjhX4eeQZzKlCABWw8W6iSHSG4OeFKE=",
+        "narHash": "sha256-MW0zp3ta7SvdpjvhVCbtP20ewRwQZX2vRFn14gTc4Kg=",
        "owner": "nix-community",
-        "repo": "home-manager",
+        "repo": "disko",
-        "rev": "04bac349d585c9df38d78e0285b780a140dc74a4",
+        "rev": "1f76b318aa11170c8ca8c225a9b4c458a5fcbb57",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-23.05",
+        "repo": "disko",
        "type": "github"
      }
    },
    "firefox-gnome-theme": {
      "flake": false,
      "locked": {
        "lastModified": 1708965002,
        "narHash": "sha256-gIBZCPB0sA8Gagrxd8w4+y9uUkWBnXJBmq9Ur5BYTQU=",
        "owner": "rafaelmardojai",
        "repo": "firefox-gnome-theme",
        "rev": "4e966509c180f93ba8665cd73cad8456bf44baab",
        "type": "github"
      },
      "original": {
        "owner": "rafaelmardojai",
        "repo": "firefox-gnome-theme",
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1703113217,
        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "home-manager_2": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1706981411,
        "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "652fda4ca6dafeb090943422c34ae9145787af37",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-23.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "nixos-hardware": {
      "locked": {
        "lastModified": 1709410583,
        "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
        "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "repo": "nixos-hardware",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1700097215,
+        "lastModified": 1703013332,
-        "narHash": "sha256-ODQ3gBTv1iHd7lG21H+ErVISB5wVeOhd/dEogOqHs/I=",
+        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9fb122519e9cd465d532f736a98c1e1eb541ef6f",
+        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
        "lastModified": 1709237383,
        "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-23.05",
+        "ref": "nixos-unstable",
        "type": "indirect"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1702272962,
        "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1709309926,
        "narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "79baff8812a0d68e24a836df0a364c678089e2c7",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
        "ref": "nixos-23.11",
        "type": "indirect"
      }
    },
    "root": {
      "inputs": {
        "agenix": "agenix",
        "deploy-rs": "deploy-rs",
        "disko": "disko",
        "firefox-gnome-theme": "firefox-gnome-theme",
-        "home-manager": "home-manager",
+        "home-manager": "home-manager_2",
-        "nixpkgs": "nixpkgs",
+        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs_3",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "secrets": "secrets",
        "thunderbird-gnome-theme": "thunderbird-gnome-theme"
      }
    },
    "secrets": {
      "flake": false,
      "locked": {
        "lastModified": 1709495020,
        "narHash": "sha256-eiz0qUjUbdeb6m28XPY7OVnrGMZ45JiT2dZZ0Bmq2X0=",
        "ref": "refs/heads/master",
        "rev": "d135b4d6d5f0079999188895f8b5f35e821b0d4b",
        "revCount": 14,
        "type": "git",
        "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
      },
      "original": {
        "type": "git",
        "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "thunderbird-gnome-theme": {
      "flake": false,
      "locked": {
-        "lastModified": 1699285862,
+        "lastModified": 1701889124,
-        "narHash": "sha256-3TQYBJAeQ2fPFxQnD5iKRKKWFlN3GJhz1EkdwE+4m0k=",
+        "narHash": "sha256-K+6oh7+J6RDBFkxphY/pzf0B+q5+IY54ZMKZrFSKXlc=",
        "owner": "rafaelmardojai",
        "repo": "thunderbird-gnome-theme",
-        "rev": "a899ca12204d19f4834fbd092aa5bb05dc4bd127",
+        "rev": "966e9dd54bd2ce9d36d51cd6af8c3bac7a764a68",
        "type": "github"
      },
      "original": {
@ -75,6 +309,24 @@
        "repo": "thunderbird-gnome-theme",
        "type": "github"
      }
    },
    "utils": {
      "inputs": {
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1701680307,
        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -1,83 +1,119 @@
 {
-  description = "NixOS/Darwin system configuration";
+  description = "NixOS system configuration";
  inputs = {
-    nixpkgs.url = "nixpkgs/nixos-23.05";
+    nixpkgs.url = "nixpkgs/nixos-23.11";
    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
    # nixpkgs-master.url = "nixpkgs";
    agenix.url = "github:ryantm/agenix";
    deploy-rs.url = "github:serokell/deploy-rs";
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    home-manager = {
-      url = "github:nix-community/home-manager/release-23.05";
+      url = "github:nix-community/home-manager/release-23.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    firefox-gnome-theme = {
      url = "github:rafaelmardojai/firefox-gnome-theme";
      flake = false;
    };
    nixos-hardware.url = "github:NixOS/nixos-hardware";
    secrets = {
      url = "git+ssh://git@git.vimium.com/jordan/nix-secrets.git";
      flake = false;
    };
    thunderbird-gnome-theme = {
      url = "github:rafaelmardojai/thunderbird-gnome-theme";
      flake = false;
    };
  };
-  outputs = inputs @ { self, nixpkgs, home-manager, ... }:
+  outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, agenix, deploy-rs, disko, home-manager, nixos-hardware, secrets, ... }:
    let
-      inherit (lib) attrValues;
+      mkPkgsForSystem = system: inputs.nixpkgs;
-      inherit (lib.my) mapModules mapModulesRec;
+      overlays = [
-
+        agenix.overlays.default
-      system = "x86_64-linux";
+        (import ./overlays/gnome.nix)
-
+        (
-      mkPkgs = pkgs: extraOverlays:
+          final: prev: {
-        import pkgs {
+            unstable = import inputs.nixpkgs-unstable { system = final.system; };
-          inherit system;
+            custom = self.packages { system = final.system; };
          }
        )
      ];
      commonModules = [
        agenix.nixosModules.age
        disko.nixosModules.disko
        home-manager.nixosModule
        ./modules
      ];
      mkNixosSystem = { system, name, extraModules ? [] }:
        let
          nixpkgs = mkPkgsForSystem system;
          lib = (import nixpkgs { inherit overlays system; }).lib;
        in
        inputs.nixpkgs.lib.nixosSystem {
          inherit lib system;
          specialArgs = { modulesPath = toString (nixpkgs + "/nixos/modules"); inherit inputs; };
          baseModules = import (nixpkgs + "/nixos/modules/module-list.nix");
          modules = commonModules ++ [
            ({ config, ... }:
              {
                nixpkgs.pkgs = import nixpkgs {
                  inherit overlays system;
                  config.allowUnfree = true;
          overlays = extraOverlays ++ (lib.attrValues self.overlays);
                };
-      pkgs = mkPkgs nixpkgs [];
+                networking.hostName = name;
-
+              })
-      lib = nixpkgs.lib.extend (self: super: {
+            ./hosts/${name}
-        my = import ./lib {
+          ] ++ extraModules;
          inherit pkgs inputs;
          lib = self;
        };
-      });
+    in
-    in {
+    {
      lib = lib.my;
      nixosConfigurations = {
-        atlas = nixpkgs.lib.nixosSystem {
+        atlas = mkNixosSystem { system = "x86_64-linux"; name = "atlas"; };
-          modules = [
+        eos = mkNixosSystem { system = "x86_64-linux"; name = "eos"; };
-            inputs.home-manager.nixosModules.home-manager
+        helios = mkNixosSystem { system = "x86_64-linux"; name = "helios"; };
-            { nixpkgs.overlays = [ (import ./overlays/gnome.nix) ]; }
+        hypnos = mkNixosSystem { system = "x86_64-linux"; name = "hypnos"; };
-            (import ./modules)
+        library = mkNixosSystem { system = "x86_64-linux"; name = "library"; };
-            ./hosts/atlas
+        odyssey = mkNixosSystem { system = "x86_64-linux"; name = "odyssey"; };
        pi = mkNixosSystem { system = "aarch64-linux"; name = "pi"; extraModules = [ nixos-hardware.nixosModules.raspberry-pi-4 ]; };
        vps1 = mkNixosSystem { system = "x86_64-linux"; name = "vps1"; };
      };
      devShells.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.mkShell {
        buildInputs = [
          deploy-rs.packages.x86_64-linux.deploy-rs
        ];
          specialArgs = { inherit lib inputs; };
      };
-        eos = nixpkgs.lib.nixosSystem {
+
-          modules = [
+      deploy = {
-            inputs.home-manager.nixosModules.home-manager
+        magicRollback = true;
-            { nixpkgs.overlays = [ (import ./overlays/gnome.nix) ]; }
+        autoRollback = true;
-            (import ./modules)
+        sshUser = "root";
-            ./hosts/eos
+        nodes = {
-          ];
+          vps1 = {
-          specialArgs = { inherit lib inputs; };
+            hostname = "vps1.mesh.vimium.net";
-        };
+
-        helios = nixpkgs.lib.nixosSystem {
+            profiles.system = {
-          modules = [
+              user = "root";
-            inputs.home-manager.nixosModules.home-manager
+              path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.vps1;
            { nixpkgs.overlays = [ (import ./overlays/gnome.nix) ]; }
            (import ./modules)
            ./hosts/helios
          ];
          specialArgs = { inherit lib inputs; };
        };
        odyssey = nixpkgs.lib.nixosSystem {
          modules = [
            inputs.home-manager.nixosModules.home-manager
            { nixpkgs.overlays = [ (import ./overlays/gnome.nix) ]; }
            (import ./modules)
            ./hosts/odyssey
          ];
          specialArgs = { inherit lib inputs; };
            };
          };
          # pi = {
          #   hostname = "10.0.1.191";
          #
          #   profiles.system = {
          #     user = "root";
          #     path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pi;
          #   };
          # };
        };
      };
      checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
    };
 }
--- a/hosts/atlas/default.nix
+++ b/hosts/atlas/default.nix
@ -1,27 +1,20 @@
 { config, lib, pkgs, ... }:
 with lib.my;
 {
  imports = [
    ./hardware-configuration.nix
    ../desktop.nix
  ];
-  boot.loader.systemd-boot.enable = true;
+  boot.loader = {
-  boot.loader.efi.canTouchEfiVariables = true;
+    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
  };
-  networking.hostName = "atlas";
+  networking = {
-  networking.hostId = "8425e349";
+    hostId = "8425e349";
-  networking.networkmanager.enable = true;
+    networkmanager.enable = true;
-
+  };
  nix.package = pkgs.nixFlakes;
  nix.extraOptions = ''
    experimental-features = nix-command flakes
  '';
  users.defaultUserShell = pkgs.zsh;
  system.stateVersion = "22.11";
  modules = {
    desktop = {
@ -49,9 +42,20 @@ with lib.my;
      gpg.enable = true;
      pass.enable = true;
    };
    services = {
      borgmatic = {
        enable = true;
        directories = [
          "/home/jordan/Documents"
        ];
        repoPath = "ssh://uzu2y5b1@uzu2y5b1.repo.borgbase.com/./repo";
      };
    };
    shell = {
      git.enable = true;
      zsh.enable = true;
    };
  };
  system.stateVersion = "22.11";
 }
--- a/hosts/atlas/hardware-configuration.nix
+++ b/hosts/atlas/hardware-configuration.nix
@ -1,70 +1,66 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
-  imports =
+  imports = [
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/installer/scan/not-detected.nix")
  ];
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot = {
-  boot.initrd.kernelModules = [ ];
+    initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.supportedFilesystems = [ "zfs" ];
+    initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
+    initrd.supportedFilesystems = [ "zfs" ];
-  boot.kernelParams = [ "elevator=none" ];
+    kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
+    kernelParams = [ "elevator=none" ];
-  boot.supportedFilesystems = [ "zfs" ];
+    extraModulePackages = [ ];
    supportedFilesystems = [ "zfs" ];
  };
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "rpool/system/root";
+    device = "rpool/system/root";
    fsType = "zfs";
  };
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "rpool/user/home";
+    device = "rpool/user/home";
    fsType = "zfs";
  };
-  fileSystems."/nix" =
+  fileSystems."/nix" = {
-    { device = "rpool/local/nix";
+    device = "rpool/local/nix";
    fsType = "zfs";
  };
-  fileSystems."/tmp" =
+  fileSystems."/tmp" = {
-    { device = "rpool/local/tmp";
+    device = "rpool/local/tmp";
    fsType = "zfs";
  };
-  fileSystems."/var" =
+  fileSystems."/var" = {
-    { device = "rpool/system/var";
+    device = "rpool/system/var";
    fsType = "zfs";
  };
-  fileSystems."/var/log" =
+  fileSystems."/var/log" = {
-    { device = "rpool/system/var/log";
+    device = "rpool/system/var/log";
    fsType = "zfs";
  };
-  fileSystems."/var/tmp" =
+  fileSystems."/var/tmp" = {
-    { device = "rpool/system/var/tmp";
+    device = "rpool/system/var/tmp";
    fsType = "zfs";
  };
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-uuid/00B2-0384";
+    device = "/dev/disk/by-uuid/00B2-0384";
    fsType = "vfat";
  };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/common.nix
+++ b/hosts/common.nix
@ -0,0 +1,72 @@
 { config, lib, pkgs, ... }:
 {
  time.timeZone = "Europe/London";
  i18n.defaultLocale = "en_GB.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_GB.UTF-8";
    LC_IDENTIFICATION = "en_GB.UTF-8";
    LC_MEASUREMENT = "en_GB.UTF-8";
    LC_MONETARY = "en_GB.UTF-8";
    LC_NAME = "en_GB.UTF-8";
    LC_NUMERIC = "en_GB.UTF-8";
    LC_PAPER = "en_GB.UTF-8";
    LC_TELEPHONE = "en_GB.UTF-8";
    LC_TIME = "en_GB.UTF-8";
  };
  console.keyMap = "uk";
  security.sudo.execWheelOnly = true;
  services.openssh = {
    enable = true;
    settings = {
      KbdInteractiveAuthentication = false;
      PasswordAuthentication = false;
      PermitRootLogin = "no";
    };
  };
  services.journald.extraConfig = ''
    SystemMaxUse=4G
    MaxRetentionSec=90day
  '';
  users.defaultUserShell = pkgs.zsh;
  programs.zsh.enable = true;
  nix = {
    package = pkgs.nixFlakes;
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
    settings = {
      connect-timeout = 5;
      log-lines = 25;
      min-free = 128000000;
      max-free = 1000000000;
      fallback = true;
      allowed-users = [ "@wheel" ];
      auto-optimise-store = true;
      substituters = [
        "http://odyssey.mesh.vimium.net"
        "https://cache.nixos.org"
      ];
      trusted-public-keys = [
        "odyssey.mesh.vimium.net:ZhQhjscPWjoN4rlZwoMELznEiBnZ9O26iyGA27ibilQ="
      ];
    };
    gc = {
      automatic = true;
      dates = "weekly";
      options = "-d --delete-older-than 7d";
    };
  };
  environment.systemPackages = with pkgs; [
    git
    neovim
  ];
 }
--- a/hosts/desktop.nix
+++ b/hosts/desktop.nix
@ -1,35 +1,12 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 {
-  time.timeZone = "Europe/London";
+  imports = [
-
+    ./common.nix
-  i18n.defaultLocale = "en_GB.UTF-8";
+  ];
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_GB.UTF-8";
    LC_IDENTIFICATION = "en_GB.UTF-8";
    LC_MEASUREMENT = "en_GB.UTF-8";
    LC_MONETARY = "en_GB.UTF-8";
    LC_NAME = "en_GB.UTF-8";
    LC_NUMERIC = "en_GB.UTF-8";
    LC_PAPER = "en_GB.UTF-8";
    LC_TELEPHONE = "en_GB.UTF-8";
    LC_TIME = "en_GB.UTF-8";
  };
  console.keyMap = "uk";
  services.printing.enable = true;
-  services.openssh = {
+  services.openssh.startWhenNeeded = true;
    enable = true;
    settings = {
      KbdInteractiveAuthentication = false;
      PasswordAuthentication = false;
      PermitRootLogin = "no";
    };
    startWhenNeeded = true;
  };
  sound.enable = true;
  hardware.pulseaudio.enable = false;
@ -41,27 +18,20 @@ with lib.my;
    pulse.enable = true;
  };
-  environment.systemPackages = with pkgs; [
+  fileSystems."/mnt/library" = {
-    git
+    device = "library.mesh.vimium.net:/mnt/library";
-    neovim
+    fsType = "nfs";
-  ];
+    options = [ "nfsvers=4.2" "soft" "nocto" "ro" "x-systemd.automount" "noauto" ];
  nix.settings = {
    connect-timeout = 5;
    log-lines = 25;
    min-free = 128000000;
    max-free = 1000000000;
    fallback = true;
    auto-optimise-store = true;
    substituters = [
      "http://odyssey.mesh.vimium.net"
      "https://cache.nixos.org"
    ];
    trusted-public-keys = [
      "odyssey.mesh.vimium.net:ZhQhjscPWjoN4rlZwoMELznEiBnZ9O26iyGA27ibilQ="
    ];
  };
-  modules.desktop.gnome.enable = true;
+  system.autoUpgrade = {
-  modules.networking.tailscale.enable = true;
+    enable = true;
    flake = "git+ssh://git@git.vimium.com/jordan/nix-config.git";
    randomizedDelaySec = "10min";
  };
  modules = {
    desktop.gnome.enable = true;
    networking.tailscale.enable = true;
  };
 }
--- a/hosts/eos/default.nix
+++ b/hosts/eos/default.nix
@ -1,28 +1,20 @@
 { config, lib, pkgs, ... }:
 with lib.my;
 {
  imports = [
    ./hardware-configuration.nix
    ../desktop.nix
  ];
-  boot.loader.systemd-boot.enable = true;
+  boot.loader = {
-  boot.loader.efi.canTouchEfiVariables = true;
+    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
  };
-  networking.hostName = "eos";
+  networking = {
-  networking.hostId = "cc858347";
+    hostId = "cc858347";
-  networking.networkmanager.enable = true;
+    networkmanager.enable = true;
-
+  };
  nix.package = pkgs.nixFlakes;
  nix.extraOptions = ''
    experimental-features = nix-command flakes
  '';
  nix.settings.auto-optimise-store = true;
  users.defaultUserShell = pkgs.zsh;
  system.stateVersion = "22.11";
  dconf.settings = {
    "org/gnome/desktop/interface" = {
@ -52,4 +44,6 @@ with lib.my;
      zsh.enable = true;
    };
  };
  system.stateVersion = "22.11";
 }
--- a/hosts/eos/hardware-configuration.nix
+++ b/hosts/eos/hardware-configuration.nix
@ -1,71 +1,65 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
-  imports =
+  imports = [
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/installer/scan/not-detected.nix")
  ];
-  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot = {
-  boot.initrd.kernelModules = [ ];
+    initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
-  boot.initrd.supportedFilesystems = [ "zfs" ];
+    initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
+    initrd.supportedFilesystems = [ "zfs" ];
-  boot.kernelParams = [ "elevator=none" ];
+    kernelModules = [ ];
-  boot.extraModulePackages = [ ];
+    kernelParams = [ "elevator=none" ];
-  boot.supportedFilesystems = [ "zfs" ];
+    extraModulePackages = [ ];
    supportedFilesystems = [ "zfs" ];
  };
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "rpool/system/root";
+    device = "rpool/system/root";
    fsType = "zfs";
  };
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "rpool/user/home";
+    device = "rpool/user/home";
    fsType = "zfs";
  };
-  fileSystems."/nix" =
+  fileSystems."/nix" = {
-    { device = "rpool/local/nix";
+    device = "rpool/local/nix";
    fsType = "zfs";
  };
-  fileSystems."/tmp" =
+  fileSystems."/tmp" = {
-    { device = "rpool/local/tmp";
+    device = "rpool/local/tmp";
    fsType = "zfs";
  };
-  fileSystems."/var" =
+  fileSystems."/var" = {
-    { device = "rpool/system/var";
+    device = "rpool/system/var";
    fsType = "zfs";
  };
-  fileSystems."/var/log" =
+  fileSystems."/var/log" = {
-    { device = "rpool/system/var/log";
+    device = "rpool/system/var/log";
    fsType = "zfs";
  };
-  fileSystems."/var/tmp" =
+  fileSystems."/var/tmp" = {
-    { device = "rpool/system/var/tmp";
+    device = "rpool/system/var/tmp";
    fsType = "zfs";
  };
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-uuid/28E6-5509";
+    device = "/dev/disk/by-uuid/28E6-5509";
    fsType = "vfat";
  };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/helios/default.nix
+++ b/hosts/helios/default.nix
@ -1,28 +1,23 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, inputs, ... }:
 with lib.my;
 {
  imports = [
    ./hardware-configuration.nix
    ../desktop.nix
  ];
-  boot.loader.grub.enable = true;
+  boot = {
-  boot.loader.grub.device = "/dev/sda";
+    loader.grub = {
-  boot.loader.grub.zfsSupport = true;
+      enable = true;
      device = "/dev/sda";
      zfsSupport = true;
    };
  };
-  networking.hostName = "helios";
+  networking = {
-  networking.hostId = "47d23505";
+    hostId = "47d23505";
-  networking.networkmanager.enable = true;
+    networkmanager.enable = true;
-
+  };
  nix.package = pkgs.nixFlakes;
  nix.extraOptions = ''
    experimental-features = nix-command flakes
  '';
  users.defaultUserShell = pkgs.zsh;
  system.stateVersion = "22.11";
  modules = {
    desktop = {
@ -41,9 +36,20 @@ with lib.my;
      gpg.enable = true;
      pass.enable = true;
    };
    services = {
      borgmatic = {
        enable = true;
        directories = [
          "/home/jordan/Documents"
        ];
        repoPath = "ssh://b9cjl9hq@b9cjl9hq.repo.borgbase.com/./repo";
      };
    };
    shell = {
      git.enable = true;
      zsh.enable = true;
    };
  };
  system.stateVersion = "22.11";
 }
--- a/hosts/helios/hardware-configuration.nix
+++ b/hosts/helios/hardware-configuration.nix
@ -1,65 +1,61 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
-  imports =
+  imports = [
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/installer/scan/not-detected.nix")
  ];
-  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" "zfs" ];
+  boot = {
-  boot.initrd.kernelModules = [ ];
+    initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" "zfs" ];
-  boot.initrd.supportedFilesystems = [ "zfs" ];
+    initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
+    initrd.supportedFilesystems = [ "zfs" ];
-  boot.kernelParams = [ "elevator=none" ];
+    kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
+    kernelParams = [ "elevator=none" ];
-  boot.supportedFilesystems = [ "zfs" ];
+    extraModulePackages = [ ];
    supportedFilesystems = [ "zfs" ];
  };
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "rpool/system/root";
+    device = "rpool/system/root";
    fsType = "zfs";
  };
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "rpool/user/home";
+    device = "rpool/user/home";
    fsType = "zfs";
  };
-  fileSystems."/nix" =
+  fileSystems."/nix" = {
-    { device = "rpool/local/nix";
+    device = "rpool/local/nix";
    fsType = "zfs";
  };
-  fileSystems."/tmp" =
+  fileSystems."/tmp" = {
-    { device = "rpool/local/tmp";
+    device = "rpool/local/tmp";
    fsType = "zfs";
  };
-  fileSystems."/var/log" =
+  fileSystems."/var/log" = {
-    { device = "rpool/system/var/log";
+    device = "rpool/system/var/log";
    fsType = "zfs";
  };
-  fileSystems."/var/tmp" =
+  fileSystems."/var/tmp" = {
-    { device = "rpool/system/var/tmp";
+    device = "rpool/system/var/tmp";
    fsType = "zfs";
  };
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/sda1";
+    device = "/dev/sda1";
    fsType = "ext2";
  };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/hypnos/README.md
+++ b/hosts/hypnos/README.md
@ -0,0 +1,35 @@
 # Hypnos
 ## Overview
 15-inch MacBook Pro 11,3 (Mid 2014).
 ## Specs
 * CPU - Intel Core i7-4870HQ @ 2.50GHz
 * Memory - 16 GB DDR3
 * GPU - Intel Iris Pro 5200
 * GPU - NVIDIA GeForce GT 750M
 * NIC - Broadcom BCM43xx 802.11ac
 ### Disks
 Device | Partitions _(filesystem, size, usage)_
 --- | ---
 Apple SSD SM0512F | `/dev/sda1` (EFI, 256 MiB, NixOS Boot) <br> `/dev/sda2` (ZFS, 500 GiB, NixOS Root)
 #### ZFS pool layout
 ```
 rpool/
 ├── local
 │   ├── nix
 │   └── tmp
 ├── system
 │   ├── root
 │   └── var
 └── user
    └── home
 ```
 See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind these datasets.
 ### Networks
 - DHCP on `10.0.1.0/24` subnet.
 - Tailscale on `100.64.0.0/10` subnet. FQDN: `hypnos.mesh.vimium.net`.
--- a/hosts/hypnos/default.nix
+++ b/hosts/hypnos/default.nix
@ -0,0 +1,43 @@
 { config, lib, pkgs, ... }:
 {
  imports = [
    ./hardware-configuration.nix
    ./disko-config.nix
    ../desktop.nix
  ];
  boot.loader = {
    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
  };
  networking.hostId = "cf791898";
  modules = {
    desktop = {
      browsers = {
        firefox.enable = true;
      };
      media.recording = {
        audio.enable = true;
      };
    };
    dev = {
      node.enable = true;
    };
    editors = {
      neovim.enable = true;
    };
    security = {
      gpg.enable = true;
      pass.enable = true;
    };
    shell = {
      git.enable = true;
      zsh.enable = true;
    };
  };
  system.stateVersion = "22.11";
 }
--- a/hosts/hypnos/disko-config.nix
+++ b/hosts/hypnos/disko-config.nix
@ -0,0 +1,126 @@
 { lib, ... }:
 {
  disko.devices = {
    disk = {
      main = {
        type = "disk";
        device = "/dev/disk/by-id/ata-APPLE_SSD_SM0512F_S1K5NYBF736152";
        content = {
          type = "gpt";
          partitions = {
            ESP = {
              size = "256M";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
              };
            };
            zfs = {
              size = "100%";
              content = {
                type = "zfs";
                pool = "rpool";
              };
            };
          };
        };
      };
    };
    zpool = {
      rpool = {
        type = "zpool";
        options = {
          ashift = "12";
        };
        rootFsOptions = {
          canmount = "off";
          mountpoint = "none";
          dnodesize = "auto";
          xattr = "sa";
        };
        postCreateHook = "zfs snapshot rpool@blank";
        datasets = {
          local = {
            type = "zfs_fs";
            options = {
              mountpoint = "none";
            };
          };
          "local/nix" = {
            type = "zfs_fs";
            mountpoint = "/nix";
            options = {
              atime = "off";
              mountpoint = "legacy";
            };
          };
          "local/tmp" = {
            type = "zfs_fs";
            mountpoint = "/tmp";
            options = {
              setuid = "off";
              devices = "off";
              mountpoint = "legacy";
            };
          };
          system = {
            type = "zfs_fs";
            mountpoint = "/";
            options = {
              mountpoint = "legacy";
            };
          };
          "system/var" = {
            type = "zfs_fs";
            mountpoint = "/var";
            options = {
              mountpoint = "legacy";
            };
          };
          "system/var/tmp" = {
            type = "zfs_fs";
            mountpoint = "/var/tmp";
            options = {
              devices = "off";
              mountpoint = "legacy";
            };
          };
          "system/var/log" = {
            type = "zfs_fs";
            mountpoint = "/var/log";
            options = {
              compression = "on";
              acltype = "posix";
              mountpoint = "legacy";
            };
          };
          user = {
            type = "zfs_fs";
            options = {
              mountpoint = "none";
              encryption = "aes-256-gcm";
              keyformat = "passphrase";
              keylocation = "file:///tmp/secret.key";
            };
            # use this to read the key during boot
            postCreateHook = ''
              zfs set keylocation="prompt" "rpool/$name";
            '';
          };
          "user/home" = {
            type = "zfs_fs";
            mountpoint = "/home";
            options = {
              setuid = "off";
              devices = "off";
              mountpoint = "legacy";
            };
          };
        };
      };
    };
  };
 }
--- a/hosts/hypnos/hardware-configuration.nix
+++ b/hosts/hypnos/hardware-configuration.nix
@ -0,0 +1,27 @@
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot = {
    initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
    initrd.kernelModules = [ ];
    kernelModules = [ "applesmc" "kvm-intel" "wl" ];
    extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
  };
  networking.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware = {
    cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
    nvidia = {
      modesetting.enable = true;
      powerManagement.enable = true;
    };
  };
 }
--- a/hosts/library/README.md
+++ b/hosts/library/README.md
@ -0,0 +1,46 @@
 # Library
 ## Overview
 Media and public file server.
 ## Specs
 * CPU - AMD Ryzen 5 5600G @ 3.90GHz
 * Chipset - AMD B550
 * Memory - 64 GB DDR4
 * Motherboard - ASRock B550M Pro4
 * Case - Fractal Design Node 804
 ### Disks
 Device | Partitions _(filesystem, size, usage)_
 --- | ---
 Samsung 980 Evo | `/dev/nvme0n1p1` (EFI, 512 MiB, NixOS Boot) <br> `/dev/nvme0n1p2` (ZFS `rpool`, 200 GiB, NixOS Root)
 #### ZFS datasets
 ```
 rpool/
 ├── local
 │   ├── nix
 │   └── tmp
 ├── system
 │   ├── root
 │   └── var
 └── user
    └── home
 library/
 ├── books
 ├── fonts
 ├── movies
 ├── music
 ├── software
 ├── tv
 ├── videos
 └── web
 ```
 See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind the `rpool` datasets.
 ### Networks
 - DHCP on `10.0.1.0/24` subnet.
 - Tailscale on `100.64.0.0/10` subnet. FQDN: `library.mesh.vimium.net`.
--- a/hosts/library/default.nix
+++ b/hosts/library/default.nix
@ -0,0 +1,175 @@
 { config, lib, pkgs, ... }:
 with lib.my;
 {
  imports = [
    ./hardware-configuration.nix
    ../server.nix
  ];
  boot = {
    loader.systemd-boot.enable = true;
    loader.efi.canTouchEfiVariables = true;
    zfs.extraPools = [ "library" ];
  };
  networking = {
    domain = "mesh.vimium.net";
    hostId = "d24ae953";
    firewall = {
      enable = true;
      allowedTCPPorts = [
        22  # SSH
      ];
      interfaces."podman+" = {
        allowedUDPPorts = [ 53 ];
        allowedTCPPorts = [ 53 ];
      };
    };
    networkmanager.enable = true;
  };
  services.zfs = {
    autoScrub = {
      enable = true;
      pools = [ "library" ];
    };
    autoSnapshot = {
      enable = true;
      flags = "-k -p --utc";
      frequent = 0;
      hourly = 0;
      daily = 7;
      monthly = 1;
    };
  };
  services.nfs.server = {
    enable = true;
  };
  services.prometheus = {
    enable = true;
    port = 9001;
    exporters = {
      node = {
        enable = true;
        enabledCollectors = [ "systemd" ];
        port = 9002;
      };
      zfs = {
        enable = true;
        port = 9003;
      };
    };
    scrapeConfigs = [
      {
        job_name = "library";
        static_configs = [{
          targets = [
            "127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
            "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}"
          ];
        }];
      }
    ];
  };
  systemd.services.vps1-tunnel = {
    enable = true;
    description = "vps1.mesh.vimium.net SSH tunnel";
    after = [
      "network-online.target"
      "jellyfin.service"
    ];
    wants = [ "network-online.target" ];
    serviceConfig = {
      Type="simple";
      ExecStart=pkgs.lib.mkForce ''
        ${pkgs.openssh}/bin/ssh \
          -NT \
          -o ExitOnForwardFailure=yes \
          -o ServerAliveInterval=60 \
          -o TCPKeepAlive=no \
          -i %h/.ssh/id_jellyfin \
          -R localhost:8000:localhost:8000 \
          jellyfin@vps1.mesh.vimium.net
      '';
      Restart="always";
      RestartSec=20;
    };
    wantedBy = [ "default.target" ];
  };
  services.nginx = let
    proxyConfig = ''
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header Range $http_range;
      proxy_set_header If-Range $http_if_range;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
    '';
  in {
    enable = true;
    package = pkgs.openresty;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedTlsSettings = true;
    clientMaxBodySize = "2G";
    virtualHosts = {
      "library.mesh.vimium.net" = {
        locations."/" = {
          root = "/mnt/library";
          extraConfig = ''
            autoindex on;
          '';
        };
      };
      "jellyfin.vimium.com" = {
        default = true;
        listen = [
          {
            addr = "127.0.0.1";
            port = 8000;
          }
        ];
        locations."/" = {
          proxyPass = "http://localhost:8096";
          extraConfig = proxyConfig;
        };
        locations."/metrics" = {
          return = "404";
        };
      };
    };
  };
  services.jellyfin.enable = true;
  modules = {
    security = {
      gpg.enable = true;
    };
    shell = {
      zsh.enable = true;
    };
    services = {
      borgmatic = {
        enable = true;
        directories = [
          "/home/jordan"
        ];
        repoPath = "ssh://b61758r4@b61758r4.repo.borgbase.com/./repo";
      };
    };
  };
  system.stateVersion = "22.11";
 }
--- a/hosts/library/hardware-configuration.nix
+++ b/hosts/library/hardware-configuration.nix
@ -0,0 +1,68 @@
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot = {
    initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
    initrd.kernelModules = [ ];
    kernelModules = [ "kvm-amd" ];
    extraModulePackages = [ ];
  };
  fileSystems."/" = {
    device = "rpool/system/root";
    fsType = "zfs";
  };
  fileSystems."/var" = {
    device = "rpool/system/var";
    fsType = "zfs";
  };
  fileSystems."/var/log" = {
    device = "rpool/system/var/log";
    fsType = "zfs";
  };
  fileSystems."/var/tmp" = {
    device = "rpool/system/var/tmp";
    fsType = "zfs";
  };
  fileSystems."/var/lib/containers/storage" = {
    device = "rpool/system/var/lib-containers-storage";
    fsType = "zfs";
  };
  fileSystems."/nix" = {
    device = "rpool/local/nix";
    fsType = "zfs";
  };
  fileSystems."/tmp" = {
    device = "rpool/local/tmp";
    fsType = "zfs";
  };
  fileSystems."/home" = {
    device = "rpool/user/home";
    fsType = "zfs";
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/F697-F1C0";
    fsType = "vfat";
  };
  swapDevices = [ ];
  networking.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/odyssey/default.nix
+++ b/hosts/odyssey/default.nix
@ -1,57 +1,30 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, inputs, ... }:
 with lib.my;
 {
  imports = [
    ./hardware-configuration.nix
    ../desktop.nix
  ];
-  boot.loader.systemd-boot = {
+  boot.loader = {
    systemd-boot = {
      enable = true;
      graceful = true;
      netbootxyz.enable = true;
    };
-  boot.loader.efi.canTouchEfiVariables = true;
+    efi.canTouchEfiVariables = true;
  };
-  networking.hostName = "odyssey";
+  networking = {
-  networking.hostId = "c5e68d78";
+    hostId = "c5e68d78";
    networkmanager.enable = true;
    firewall.trustedInterfaces = [ "lxdbr0" "virbr0" ]; # Work around https://github.com/NixOS/nixpkgs/issues/263359
  };
-  networking.networkmanager.enable = true;
+  virtualisation = {
-
+    libvirtd.enable = true;
-  environment.etc."pipewire/pipewire.conf.d/surround.conf".text = ''
+    lxd.enable = true;
-    context.modules = [
+  };
      {
        name = libpipewire-module-loopback
        args = {
          node.description = "1824c Surround"
          capture.props = {
            node.name = "1824c_Speakers"
            media.class = "Audio/Sink"
            audio.position = [ FL FR FC SL SR LFE ]
          }
          playback.props = {
            node.name = "playback.1824c_Speakers"
            audio.position = [ AUX0 AUX1 AUX2 AUX3 AUX4 AUX5 ]
            target.object = "alsa_output.usb-PreSonus_Studio_1824c_SC4E21110775-00.multichannel-output"
            stream.dont-remix = true
            node.passive = true
          }
        }
      }
    ]
  '';
  nix.package = pkgs.nixFlakes;
  nix.extraOptions = ''
    experimental-features = nix-command flakes
  '';
  virtualisation.libvirtd.enable = true;
  users.defaultUserShell = pkgs.zsh;
  system.stateVersion = "22.11";
  services.nix-serve = {
    enable = true;
@ -74,6 +47,14 @@ with lib.my;
      browsers = {
        firefox.enable = true;
      };
      gaming.emulators = {
        gamecube.enable = true;
        ps2.enable = true;
        ps3.enable = true;
        psp.enable = true;
        wii.enable = true;
        xbox.enable = true;
      };
      media.graphics = {
        modeling.enable = true;
        raster.enable = true;
@ -89,14 +70,27 @@ with lib.my;
    };
    editors = {
      neovim.enable = true;
      vscode.enable = true;
    };
    hardware.presonus-studio.enable = true;
    security = {
      gpg.enable = true;
      pass.enable = true;
    };
    services = {
      borgmatic = {
        enable = true;
        directories = [
          "/home/jordan/Documents"
        ];
        repoPath = "ssh://iqwu22oq@iqwu22oq.repo.borgbase.com/./repo";
      };
    };
    shell = {
      git.enable = true;
      zsh.enable = true;
    };
  };
  system.stateVersion = "22.11";
 }
--- a/hosts/odyssey/hardware-configuration.nix
+++ b/hosts/odyssey/hardware-configuration.nix
@ -1,78 +1,72 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
-let
+{
-  snd-usb-audio-module = pkgs.callPackage ./snd-usb-audio.nix {
+  imports = [
-    kernel = config.boot.kernelPackages.kernel;
+    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot = {
    initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
    initrd.kernelModules = [ ];
    initrd.supportedFilesystems = [ "zfs" ];
    kernelModules = [ "kvm-intel" ];
    kernelPackages = pkgs.linuxPackages;
    supportedFilesystems = [ "ntfs" ];
    binfmt.emulatedSystems = [ "aarch64-linux" ];
  };
 in {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  hardware = {
-  boot.initrd.kernelModules = [ ];
+    cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-  boot.kernelModules = [ "kvm-intel" ];
+    nvidia = {
  boot.extraModulePackages = [
    (snd-usb-audio-module.overrideAttrs (_: {
      patches = [ ./0001-Update-device-ID-for-PreSonus-1824c.patch ];
    }))
  ];
  boot.supportedFilesystems = [ "ntfs" ];
  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
  hardware.nvidia = {
      modesetting.enable = true;
      powerManagement.enable = true;
    };
  };
  services.xserver.videoDrivers = [ "nvidia" ];
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "rpool/system/root";
+    device = "rpool/system/root";
    fsType = "zfs";
  };
-  fileSystems."/home" =
+  fileSystems."/home" = {
-    { device = "rpool/user/home";
+    device = "rpool/user/home";
    fsType = "zfs";
  };
-  fileSystems."/var" =
+  fileSystems."/var" = {
-    { device = "rpool/system/var";
+    device = "rpool/system/var";
    fsType = "zfs";
  };
-  fileSystems."/tmp" =
+  fileSystems."/tmp" = {
-    { device = "rpool/local/tmp";
+    device = "rpool/local/tmp";
    fsType = "zfs";
  };
-  fileSystems."/var/log" =
+  fileSystems."/var/log" = {
-    { device = "rpool/system/var/log";
+    device = "rpool/system/var/log";
    fsType = "zfs";
  };
-  fileSystems."/var/tmp" =
+  fileSystems."/var/tmp" = {
-    { device = "rpool/system/var/tmp";
+    device = "rpool/system/var/tmp";
    fsType = "zfs";
  };
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-uuid/E63E-8E75";
+    device = "/dev/disk/by-uuid/E63E-8E75";
    fsType = "vfat";
  };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+
  environment.systemPackages = [
    pkgs.apfs-fuse
  ];
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/pi/README.md
+++ b/hosts/pi/README.md
@ -0,0 +1,25 @@
 # Pi
 ## Overview
 Raspberry Pi 4
 ## Specs
 * SoC - Broadcom BCM2711
 * CPU - ARM Cortex-A72 @ 1.8 GHz
 * Memory - 8 GB LPDDR4
 ### Disks
 Device | Partitions _(filesystem, usage)_
 --- | ---
 SD card | `/dev/mmcblk0` (ext4, NixOS Root)
 ### Networks
 - DHCP on `10.0.1.0/24` subnet.
 - Tailscale on `100.64.0.0/10` subnet. FQDN: `pi.mesh.vimium.net`.
 ## Devices and connections
 - SONOFF Zigbee 3.0 USB Dongle Plus (connected to USB 2.0 port to avoid [interference](https://www.unit3compliance.co.uk/2-4ghz-intra-system-or-self-platform-interference-demonstration/))
 - HDMI to ONKYO HT-R990
 - S/PDIF to ONKYO HT-R990
 - Ethernet to ONKYO HT-R990
--- a/hosts/pi/default.nix
+++ b/hosts/pi/default.nix
@ -0,0 +1,250 @@
 { config, lib, pkgs, inputs, ... }:
 {
  imports = [
    ./hardware-configuration.nix
    ../server.nix
  ];
  networking.hostId = "731d1660";
  hardware = {
    raspberry-pi."4" = {
      apply-overlays-dtmerge.enable = true;
      audio.enable = false;
      fkms-3d.enable = false;
      xhci.enable = false;
    };
    deviceTree = {
      enable = true;
      filter = "*rpi-4-*.dtb";
      overlays = [
        {
          name = "audio-off-overlay";
          dtsText = ''
            /dts-v1/;
            /plugin/;
            / {
              compatible = "brcm,bcm2711";
              fragment@0 {
                target = <&vchiq>;
                __overlay__ {
                  status = "disabled";
                };
              };
            };
          '';
        }
        {
          # Adapted from: https://github.com/raspberrypi/linux/blob/rpi-6.1.y/arch/arm/boot/dts/overlays/hifiberry-digi-pro-overlay.dts
          # changes:
          # - modified top-level "compatible" field from bcm2835 to bcm2711
          # - s/i2s_clk_consumer/i2s/ (name on bcm2711 platform)
          name = "hifiberry-digi-pro";
          dtsText = ''
            /dts-v1/;
            /plugin/;
            / {
                compatible = "brcm,bcm2711";
                fragment@0 {
                    target = <&i2s>;
                    __overlay__ {
                        status = "okay";
                    };
                };
                fragment@1 {
                    target = <&i2c1>;
                    __overlay__ {
                        #address-cells = <1>;
                        #size-cells = <0>;
                        status = "okay";
                        wm8804@3b {
                            #sound-dai-cells = <0>;
                            compatible = "wlf,wm8804";
                            reg = <0x3b>;
                            PVDD-supply = <&vdd_3v3_reg>;
                            DVDD-supply = <&vdd_3v3_reg>;
                            status = "okay";
                        };
                    };
                };
                fragment@2 {
                    target = <&sound>;
                    __overlay__ {
                        compatible = "hifiberry,hifiberry-digi";
                        i2s-controller = <&i2s>;
                        status = "okay";
                        clock44-gpio = <&gpio 5 0>;
                        clock48-gpio = <&gpio 6 0>;
                    };
                };
            };
          '';
        }
      ];
    };
    firmware = with pkgs; [
      firmwareLinuxNonfree
      wireless-regdb
    ];
  };
  sound.enable = true;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };
  age.secrets."files/services/home-assistant/secrets.yaml" = {
    file = "${inputs.secrets}/files/services/home-assistant/secrets.yaml.age";
    path = "${config.services.home-assistant.configDir}/secrets.yaml";
    owner = "hass";
    group = "hass";
  };
  services.home-assistant = {
    enable = true;
    extraComponents = [
      "api"
      "alert"
      "auth"
      "backup"
      "command_line"
      "default_config"
      "homekit_controller"
      "homekit"
      "http"
      "icloud"
      "jellyfin"
      "metoffice"
      "mqtt"
      "onkyo"
      "ping"
      "proximity"
      "radio_browser"
      "scrape"
      "sensor"
      "system_health"
    ];
    config = {
      default_config = {};
      backup = {};
      homeassistant = {
        name = "Home";
        latitude = "!secret latitude";
        longitude = "!secret longitude";
        country = "GB";
        temperature_unit = "C";
        time_zone = config.time.timeZone;
        unit_system = "metric";
      };
      mqtt = { };
      scene = "!include scenes.yaml";
      automation = "!include automations.yaml";
      system_health = { };
      recorder = {
        purge_keep_days = 365;
      };
    };
  };
  services.mosquitto = {
    enable = true;
    listeners = [{
      acl = [ "pattern readwrite #" ];
      omitPasswordAuth = true;
      port = 1883;
      settings = {
        allow_anonymous = true;
      };
    }];
  };
  age.secrets."files/services/zigbee2mqtt/secret.yaml" = {
    file = "${inputs.secrets}/files/services/zigbee2mqtt/secret.yaml.age";
    path = "${config.services.zigbee2mqtt.dataDir}/secret.yaml";
    owner = "zigbee2mqtt";
    group = "zigbee2mqtt";
  };
  services.zigbee2mqtt = {
    package = pkgs.unstable.zigbee2mqtt;
    enable = true;
    dataDir = "/var/lib/zigbee2mqtt";
    settings = {
      homeassistant = lib.optionalAttrs config.services.home-assistant.enable {
        discovery_topic = "homeassistant";
        status_topic = "hass/status";
        legacy_entity_attributes = true;
        legacy_triggers = true;
      };
      availability = true;
      frontend = true;
      device_options = {
        retain = true;
      };
      serial = {
        port = "/dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0";
      };
      advanced = {
        channel = 20;
        network_key = "!secret.yaml network_key";
        pan_id = 13001;
        ext_pan_id = [ 79 1 73 47 250 136 124 222 ];
        transmit_power = 20;
      };
      mqtt = {
        version = 5;
        server = "mqtt://localhost:1883";
      };
    };
  };
  modules = {
    networking = {
      wireless = {
        enable = true;
        interfaces = [ "wlan0" ];
      };
    };
    services = {
      borgmatic = {
        enable = true;
        directories = [
          "/var/lib/mosquitto"
          "/var/lib/zigbee2mqtt"
        ];
        repoPath = "ssh://qcw86s11@qcw86s11.repo.borgbase.com/./repo";
      };
    };
  };
  # Connection to ONKYO HT-R990
  networking.interfaces.end0 = {
    ipv4.addresses = [{
      address = "172.16.0.1";
      prefixLength = 30;
    }];
  };
  environment.systemPackages = with pkgs; [
    python311Packages.onkyo-eiscp
    libraspberrypi
    raspberrypi-eeprom
  ];
  system.stateVersion = "22.11";
 }
--- a/hosts/pi/hardware-configuration.nix
+++ b/hosts/pi/hardware-configuration.nix
@ -0,0 +1,31 @@
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports = [
    (modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
  ];
  boot = {
    # Stop ZFS kernel being built
    supportedFilesystems = lib.mkForce [ "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs" ];
    tmp.cleanOnBoot = true;
  };
  # Fix missing modules
  # https://github.com/NixOS/nixpkgs/issues/154163
  nixpkgs.overlays = [
    (final: super: {
      makeModulesClosure = x:
        super.makeModulesClosure (x // { allowMissing = true; });
    })
  ];
  fileSystems = {
    "/" = {
      device = "/dev/disk/by-label/NIXOS_SD";
      fsType = "ext4";
      options = [ "noatime" ];
    };
  };
 }
--- a/hosts/server.nix
+++ b/hosts/server.nix
@ -1,39 +1,23 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 {
-  time.timeZone = "Europe/London";
+  imports = [
-
+    ./common.nix
  i18n.defaultLocale = "en_GB.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_GB.UTF-8";
    LC_IDENTIFICATION = "en_GB.UTF-8";
    LC_MEASUREMENT = "en_GB.UTF-8";
    LC_MONETARY = "en_GB.UTF-8";
    LC_NAME = "en_GB.UTF-8";
    LC_NUMERIC = "en_GB.UTF-8";
    LC_PAPER = "en_GB.UTF-8";
    LC_TELEPHONE = "en_GB.UTF-8";
    LC_TIME = "en_GB.UTF-8";
  };
  console.keyMap = "uk";
  services.openssh = {
    enable = true;
    settings = {
      KbdInteractiveAuthentication = false;
      PasswordAuthentication = false;
      PermitRootLogin = "no";
    };
  };
  environment.systemPackages = with pkgs; [
    git
    neovim
  ];
  documentation.enable = false;
  security = {
    acme.acceptTerms = true;
    auditd.enable = true;
    audit = {
      enable = true;
      rules = [
        "-a exit,always -F arch=b64 -S execve"
      ];
    };
  };
  modules.networking.tailscale = {
    enable = true;
    restrictSSH = false;
--- a/hosts/vps1/README.md
+++ b/hosts/vps1/README.md
@ -0,0 +1,18 @@
 # vps1
 ## Overview
 VPS hosted in OVH.
 ## Specs
 * CPU - ??
 * Memory - ??
 ### Disks
 Device | Partitions _(filesystem, usage)_
 --- | ---
 NVMe | `/dev/sda1` (ext4, NixOS Root)
 ### Networks
 - DHCP on `10.0.1.0/24` subnet.
 - Tailscale on `100.64.0.0/10` subnet. FQDN: `vps1.mesh.vimium.net`.
--- a/hosts/vps1/default.nix
+++ b/hosts/vps1/default.nix
@ -0,0 +1,69 @@
 { config, lib, pkgs, inputs, ... }:
 {
  imports = [
    ./hardware-configuration.nix
    ../server.nix
  ];
  networking = {
    hostId = "08bf6db3";
    domain = "mesh.vimium.net";
    firewall = {
      enable = true;
      allowedTCPPorts = [
        22    # SSH
      ];
    };
  };
  users = {
    users = {
      jellyfin = {
        isSystemUser = true;
        group = "jellyfin";
        shell = "/bin/sh";
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaaS+KMAEAymZhIJGC4LK8aMhUzhpmloUgvP2cxeBH4 jellyfin"
        ];
      };
      root = {
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
        ];
      };
    };
    groups = {
      jellyfin = { };
    };
  };
  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
  security.acme.defaults = {
    email = "hostmaster@vimium.com";
    group = "nginx";
    webroot = "/var/lib/acme/acme-challenge";
  };
  modules = {
    services = {
      borgmatic = {
        enable = true;
        directories = [
          "/home"
          "/var/lib"
          "/var/www"
        ];
        repoPath = "ssh://p91y8oh7@p91y8oh7.repo.borgbase.com/./repo";
      };
      coturn.enable = true;
      gitea.enable = true;
      headscale.enable = true;
      matrix-synapse.enable = true;
      nginx.enable = true;
    };
  };
  system.stateVersion = "22.11";
 }
--- a/hosts/vps1/hardware-configuration.nix
+++ b/hosts/vps1/hardware-configuration.nix
@ -0,0 +1,26 @@
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
  boot = {
    initrd = {
      availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
      kernelModules = [ "nvme" ];
    };
    loader.grub.device = "/dev/sda";
    tmp.cleanOnBoot = true;
  };
  zramSwap.enable = true;
  fileSystems = {
    "/" = {
      device = "/dev/sda1";
      fsType = "ext4";
    };
  };
 }
--- a/lib/attrs.nix
+++ b/lib/attrs.nix
@ -1,26 +0,0 @@
 { lib, ... }:
 with builtins;
 with lib;
 rec {
  # attrsToList
  attrsToList = attrs:
    mapAttrsToList (name: value: { inherit name value; }) attrs;
  # mapFilterAttrs ::
  #   (name -> value -> bool)
  #   (name -> value -> { name = any; value = any; })
  #   attrs
  mapFilterAttrs = pred: f: attrs: filterAttrs pred (mapAttrs' f attrs);
  # Generate an attribute set by mapping a function over a list of values.
  genAttrs' = values: f: listToAttrs (map f values);
  # anyAttrs :: (name -> value -> bool) attrs
  anyAttrs = pred: attrs:
    any (attr: pred attr.name attr.value) (attrsToList attrs);
  # countAttrs :: (name -> value -> bool) attrs
  countAttrs = pred: attrs:
    count (attr: pred attr.name attr.value) (attrsToList attrs);
 }
--- a/lib/default.nix
+++ b/lib/default.nix
@ -1,19 +0,0 @@
 { inputs, lib, pkgs, ... }:
 let
  inherit (lib) makeExtensible attrValues foldr;
  inherit (modules) mapModules;
  modules = import ./modules.nix {
    inherit lib;
    self.attrs = import ./attrs.nix { inherit lib; self = {}; };
  };
  mylib = makeExtensible (self:
    with self; mapModules ./.
      (file: import file { inherit self lib pkgs inputs; }));
 in
 mylib.extend
  (self: super:
    foldr (a: b: a // b) {} (attrValues super))
--- a/lib/modules.nix
+++ b/lib/modules.nix
@ -1,53 +0,0 @@
 { self, lib, ... }:
 let
  inherit (builtins) attrValues readDir pathExists concatLists;
  inherit (lib) id mapAttrsToList filterAttrs hasPrefix hasSuffix nameValuePair removeSuffix;
  inherit (self.attrs) mapFilterAttrs;
 in
 rec {
  mapModules = dir: fn:
    mapFilterAttrs
      (n: v:
        v != null &&
        !(hasPrefix "_" n))
      (n: v:
        let path = "${toString dir}/${n}"; in
        if v == "directory" && pathExists "${path}/default.nix"
        then nameValuePair n (fn path)
        else if v == "regular" &&
                n != "default.nix" &&
                hasSuffix ".nix" n
        then nameValuePair (removeSuffix ".nix" n) (fn path)
        else nameValuePair "" null)
      (readDir dir);
  mapModules' = dir: fn:
    attrValues (mapModules dir fn);
  mapModulesRec = dir: fn:
    mapFilterAttrs
      (n: v:
        v != null &&
        !(hasPrefix "_" n))
      (n: v:
        let path = "${toString dir}/${n}"; in
        if v == "directory"
        then nameValuePair n (mapModulesRec path fn)
        else if v == "regular" && n != "default.nix" && hasSuffix ".nix" n
        then nameValuePair (removeSuffix ".nix" n) (fn path)
        else nameValuePair "" null)
      (readDir dir);
  mapModulesRec' = dir: fn:
    let
      dirs =
        mapAttrsToList
          (k: _: "${dir}/${k}")
          (filterAttrs
            (n: v: v == "directory" && !(hasPrefix "_" n))
            (readDir dir));
      files = attrValues (mapModules dir id);
      paths = files ++ concatLists (map (d: mapModulesRec' d id) dirs);
    in map fn paths;
 }
--- a/lib/nixos.nix
+++ b/lib/nixos.nix
@ -1,25 +0,0 @@
 { inputs, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let sys = "x86_64-linux";
 in {
  mkHost = path: attrs @ { system ? sys, ... }:
    nixosSystem {
      inherit system;
      specialArgs = { inherit lib inputs system; };
      modules = [
        {
          nixpkgs.pkgs = pkgs;
          networking.hostName = mkDefault (removeSuffix ".nix" (baseNameOf path));
        }
        (filterAttrs (n: v: !elem n [ "system" ]) attrs)
        ../.   # /default.nix
        (import path)
      ];
    };
  mapHosts = dir: attrs @ { system ? system, ... }:
    mapModules dir
      (hostPath: mkHost hostPath attrs);
 }
--- a/lib/options.nix
+++ b/lib/options.nix
@ -1,35 +0,0 @@
 { lib, ... }:
 let
  inherit (lib) mkOption types;
 in
 rec {
  mkOpt = type: default:
    mkOption { inherit type default; };
  mkOpt' = type: default: description:
    mkOption { inherit type default description; };
  mkBoolOpt = default: mkOption {
    inherit default;
    type = types.bool;
    example = true;
  };
  mkStringOpt = default: mkOption {
    inherit default;
    type = types.lines;
    example = "";
  };
  mkListOfStringOpt = default: mkOption {
    inherit default;
    type = types.listOf types.lines;
    example = [ "a" "b" "c" ];
  };
  mkPath = path:
    if path != null
    then toString path
    else "";
 }
--- a/modules/default.nix
+++ b/modules/default.nix
@ -25,9 +25,17 @@
    ./dev/zig.nix
    ./editors/neovim
    ./editors/vscode.nix
    ./hardware/presonus-studio.nix
    ./networking/tailscale.nix
    ./networking/wireless.nix
    ./security/gpg.nix
    ./security/pass.nix
    ./services/borgmatic
    ./services/coturn
    ./services/gitea
    ./services/headscale
    ./services/matrix-synapse
    ./services/nginx
    ./shell/git
    ./shell/zsh
  ];
--- a/modules/desktop/apps/qbittorrent.nix
+++ b/modules/desktop/apps/qbittorrent.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.desktop.apps.qbittorrent;
 in {
  options.modules.desktop.apps.qbittorrent = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    user.packages = with pkgs; [
      qbittorrent
    ];
--- a/modules/desktop/apps/slack.nix
+++ b/modules/desktop/apps/slack.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.desktop.apps.slack;
 in {
  options.modules.desktop.apps.slack = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    user.packages = with pkgs; [
      slack
    ];
--- a/modules/desktop/apps/thunderbird.nix
+++ b/modules/desktop/apps/thunderbird.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, inputs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.desktop.apps.thunderbird;
 in {
  options.modules.desktop.apps.thunderbird = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    home.file.".thunderbird/Default/chrome/thunderbird-gnome-theme".source = inputs.thunderbird-gnome-theme;
    home.programs.thunderbird = {
--- a/modules/desktop/apps/zoom.nix
+++ b/modules/desktop/apps/zoom.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.desktop.apps.zoom;
 in {
  options.modules.desktop.apps.zoom = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    user.packages = with pkgs; [
      zoom-us
    ];
--- a/modules/desktop/browsers/firefox.nix
+++ b/modules/desktop/browsers/firefox.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, inputs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.desktop.browsers.firefox;
 in {
  options.modules.desktop.browsers.firefox = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    home.file.".mozilla/firefox/Default/chrome/firefox-gnome-theme".source = inputs.firefox-gnome-theme;
    home.programs.firefox = {
@ -26,10 +27,11 @@ in {
        '';
        settings = {
          ## GNOME theme
-          "toolkit.legacyUserProfileCustomizations.stylesheets" = true; # Enable customChrome.cs
+          "toolkit.legacyUserProfileCustomizations.stylesheets" = true; # Enable customChrome.css
          "browser.uidensity" = 0; # Set UI density to normal
          "svg.context-properties.content.enabled" = true; # Enable SVG context-propertes
          "browser.theme.dark-private-windows" = false; # Disable private window dark theme
          "widget.gtk.rounded-bottom-corners.enabled" = true; # Enable rounded bottom window corners
          ## Preferences
          "browser.ctrlTab.sortByRecentlyUsed" = true;
--- a/modules/desktop/gaming/emulators.nix
+++ b/modules/desktop/gaming/emulators.nix
@ -1,34 +1,74 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.desktop.gaming.emulators;
 in {
  options.modules.desktop.gaming.emulators = {
-    ds.enable       = mkBoolOpt false;
+    ds.enable       = lib.mkOption {
-    gb.enable       = mkBoolOpt false;
+      default = false;
-    gba.enable      = mkBoolOpt false;
+      example = true;
-    gamecube.enable = mkBoolOpt false;
+    };
-    ps2.enable      = mkBoolOpt false;
+    gb.enable       = lib.mkOption {
-    ps3.enable      = mkBoolOpt false;
+      default = false;
-    psp.enable      = mkBoolOpt false;
+      example = true;
-    snes.enable     = mkBoolOpt false;
+    };
-    wii.enable      = mkBoolOpt false;
+    gba.enable      = lib.mkOption {
      default = false;
      example = true;
    };
    gamecube.enable = lib.mkOption {
      default = false;
      example = true;
    };
    ps1.enable      = lib.mkOption {
      default = false;
      example = true;
    };
    ps2.enable      = lib.mkOption {
      default = false;
      example = true;
    };
    ps3.enable      = lib.mkOption {
      default = false;
      example = true;
    };
    psp.enable      = lib.mkOption {
      default = false;
      example = true;
    };
    snes.enable     = lib.mkOption {
      default = false;
      example = true;
    };
    switch.enable   = lib.mkOption {
      default = false;
      example = true;
    };
    wii.enable      = lib.mkOption {
      default = false;
      example = true;
    };
    xbox.enable     = lib.mkOption {
      default = false;
      example = true;
    };
  };
  config = {
-    user.packages = with pkgs; [
+    user.packages = with pkgs.unstable; [
-      (mkIf cfg.ps2.enable pcsx2)
+      (lib.mkIf cfg.ps1.enable duckstation)
-      (mkIf cfg.ps3.enable rpcs3)
+      (lib.mkIf cfg.ps2.enable pcsx2)
-      (mkIf cfg.psp.enable ppsspp)
+      (lib.mkIf cfg.ps3.enable rpcs3)
-      (mkIf cfg.ds.enable desmume)
+      (lib.mkIf cfg.psp.enable ppsspp)
-      (mkIf (cfg.gba.enable ||
+      (lib.mkIf cfg.ds.enable desmume)
      (lib.mkIf (cfg.gba.enable ||
             cfg.gb.enable  ||
             cfg.snes.enable)
        higan)
-      (mkIf (cfg.wii.enable ||
+      (lib.mkIf cfg.switch.enable yuzuPackages.mainline)
      (lib.mkIf (cfg.wii.enable ||
             cfg.gamecube.enable)
        dolphin-emu)
      (lib.mkIf cfg.xbox.enable xemu)
    ];
  };
 }
--- a/modules/desktop/gaming/lutris.nix
+++ b/modules/desktop/gaming/lutris.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.desktop.gaming.lutris;
 in {
  options.modules.desktop.gaming.lutris = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    user.packages = with pkgs; [
      lutris
      vulkan-loader
--- a/modules/desktop/gaming/steam.nix
+++ b/modules/desktop/gaming/steam.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.desktop.gaming.steam;
 in {
  options.modules.desktop.gaming.steam = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    programs.steam.enable = true;
    systemd.extraConfig = "DefaultLimitNOFILE=1048576";
--- a/modules/desktop/gnome.nix
+++ b/modules/desktop/gnome.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.desktop.gnome;
 in {
  options.modules.desktop.gnome = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    services.xserver = {
      enable = true;
      displayManager.gdm.enable = true;
@ -16,14 +17,10 @@ in {
    };
    services.flatpak.enable = true;
    services.fwupd.enable = true;
    programs.dconf.enable = true;
    dconf.settings = {
      "com/raggesilver/BlackBox" = {
        theme-dark = "Dracula";
        font = "Ubuntu Mono 14";
        remember-window-size = true;
      };
      "org/gnome/shell" = {
        disable-user-extensions = false;
        enabled-extensions = [
@ -33,13 +30,14 @@ in {
          # "desktop-cube@schneegans.github.com"
          # "desktop-zoom@colin.kinlo.ch"
          "espresso@coadmunkee.github.com"
-          "flypie@schneegans.github.com"
+          # "flypie@schneegans.github.com"
          # "forge@jmmaranan.com"
          "hue-lights@chlumskyvaclav@gmail.com"
          "just-perfection-desktop@just-perfection"
-          "paperwm@hedning:matrix.org"
+          # "pano@elhan.io"
          # "paperwm@hedning:matrix.org"
          # "search-light@icedman.github.com"
-          # "space-bar@luchrioh"
+          "space-bar@luchrioh"
          # "smart-auto-move@khimaros.com"
          # "systemd-manager@hardpixel.eu"
          # "tailscale-status@maxgallup.github.com"
@ -50,7 +48,6 @@ in {
        favorite-apps = [
          "firefox.desktop"
          "org.gnome.Nautilus.desktop"
          "com.raggesilver.BlackBox.desktop"
        ];
      };
      "org/gnome/shell/extensions/another-window-session-manager" = {
@ -103,8 +100,14 @@ in {
        window-gap = 8;
      };
      "org/gnome/desktop/background" = {
-        picture-uri = "file://${pkgs.gnome.gnome-backgrounds}/share/backgrounds/gnome/adwaita-l.webp";
+        picture-uri = "file://${pkgs.gnome.gnome-backgrounds}/share/backgrounds/gnome/adwaita-l.jpg";
-        picture-uri-dark = "file://${pkgs.gnome.gnome-backgrounds}/share/backgrounds/gnome/adwaita-d.webp";
+        picture-uri-dark = "file://${pkgs.gnome.gnome-backgrounds}/share/backgrounds/gnome/adwaita-d.jpg";
      };
      "org/gnome/desktop/peripherals/touchpad" = {
        tap-to-click = true;
      };
      "org/gnome/desktop/search-providers" = {
        disabled = [ "org.gnome.Epiphany.desktop" ];
      };
      "org/gtk/settings/file-chooser" = {
        show-hidden = true;
@ -123,9 +126,6 @@ in {
          "<Shift>F11"
          "XF86AudioLowerVolume"
        ];
        screensaver = [
          "<Shift><Super>l"
        ];
      };
      "org/gnome/gnome-session" = {
        auto-save-session = true;
@ -138,12 +138,13 @@ in {
      };
      "org/gnome/mutter" = {
        center-new-windows = true;
        edge-tiling = true;
        experimental-features = [ "scale-monitor-framebuffer" ];
      };
      "org/gnome/desktop/interface" = {
        color-scheme = "prefer-dark";
        enable-hot-corners = false;
-        monospace-font-name = "Ubuntu Mono 11";
+        monospace-font-name = "UbuntuMono Nerd Font 11";
      };
      "org/gnome/desktop/wm/keybindings" = {
        switch-group = [ "<Super>grave" ];
@ -154,18 +155,36 @@ in {
      };
    };
-    fonts.fonts = with pkgs; [
+    fonts.packages = with pkgs; [
      noto-fonts
-      ubuntu_font_family
+      (nerdfonts.override { fonts = [ "BigBlueTerminal" "ComicShannsMono" "UbuntuMono" ]; })
    ];
    user.packages = with pkgs; [
      authenticator
      bottles
      bustle
      celluloid
      d-spy
      drawing
      fragments
      gnome.ghex
      # gnome-builder
      gnome-decoder
      gnome-firmware
      gnome-frog
      gnome-obfuscate
      gnome-podcasts
      identity
      mission-center
      newsflash
      schemes
      shortwave
    ];
    environment.systemPackages = with pkgs; [
      adw-gtk3
      bind
      blackbox-terminal
      bmon
      fd
      ffmpeg
@ -184,8 +203,10 @@ in {
      gnomeExtensions.hue-lights
      gnomeExtensions.just-perfection
      # gnomeExtensions.mutter-primary-gpu
      gnomeExtensions.pano
      gnomeExtensions.paperwm
      # gnomeExtensions.pip-on-top
      gnomeExtensions.rounded-window-corners
      gnomeExtensions.search-light
      gnomeExtensions.smart-auto-move
      gnomeExtensions.space-bar
@ -198,13 +219,16 @@ in {
      # gnomeExtensions.worksets
      # gnomeExtensions.workspace-matrix
      iotop
      unstable.morewaita-icon-theme
      ripgrep
      rsync
      tcpdump
      tokei
      tree
      wl-clipboard
-    ];
+    ] ++ (if config.virtualisation.podman.enable then [
      pods
    ] else []);
    home.services.gpg-agent.pinentryFlavor = "gnome3";
  };
--- a/modules/desktop/media/graphics.nix
+++ b/modules/desktop/media/graphics.nix
@ -1,21 +1,28 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.desktop.media.graphics;
 in {
  options.modules.desktop.media.graphics = {
-    modeling.enable = mkBoolOpt false;
+    modeling.enable = lib.mkOption {
-    raster.enable   = mkBoolOpt false;
+      default = false;
-    vector.enable   = mkBoolOpt false;
+      example = true;
    };
    raster.enable   = lib.mkOption {
      default = false;
      example = true;
    };
    vector.enable   = lib.mkOption {
      default = false;
      example = true;
    };
  };
  config = {
    user.packages = with pkgs; [
-      (mkIf cfg.modeling.enable blender)
+      (lib.mkIf cfg.modeling.enable blender)
-      (mkIf cfg.raster.enable gimp)
+      (lib.mkIf cfg.raster.enable gimp)
-      (mkIf cfg.raster.enable krita)
+      (lib.mkIf cfg.raster.enable krita)
-      (mkIf cfg.vector.enable inkscape)
+      (lib.mkIf cfg.vector.enable inkscape)
    ];
  };
 }
--- a/modules/desktop/media/recording.nix
+++ b/modules/desktop/media/recording.nix
@ -1,12 +1,16 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.desktop.media.recording;
 in {
  options.modules.desktop.media.recording = {
-    audio.enable = mkBoolOpt false;
+    audio.enable = lib.mkOption {
-    video.enable = mkBoolOpt false;
+      default = false;
      example = true;
    };
    video.enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
  config = {
--- a/modules/desktop/mimeapps.nix
+++ b/modules/desktop/mimeapps.nix
@ -1,17 +1,18 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let
  cfg = config.modules.desktop.mimeapps;
  avApp = "io.github.celluloid_player.Celluloid.desktop";
  imageApp = "org.gnome.eog.desktop";
 in {
  options.modules.desktop.mimeapps = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    xdg.mime.defaultApplications = {
      # Audio/video
      "audio/x-vorbis+ogg" = avApp;
--- a/modules/desktop/office/libreoffice.nix
+++ b/modules/desktop/office/libreoffice.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.desktop.office.libreoffice;
 in {
  options.modules.desktop.office.libreoffice = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    user.packages = with pkgs; [
      libreoffice
    ];
--- a/modules/dev/cc.nix
+++ b/modules/dev/cc.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.dev.cc;
 in {
  options.modules.dev.cc = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    user.packages = with pkgs; [
      clang
      gcc
--- a/modules/dev/java.nix
+++ b/modules/dev/java.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.dev.java;
 in {
  options.modules.dev.java = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    user.packages = with pkgs; [
      jdk
    ];
--- a/modules/dev/lua.nix
+++ b/modules/dev/lua.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.dev.lua;
 in {
  options.modules.dev.lua = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    user.packages = with pkgs; [
      lua
    ];
--- a/modules/dev/node.nix
+++ b/modules/dev/node.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.dev.node;
 in {
  options.modules.dev.node = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    user.packages = with pkgs; [
      nodejs_latest
    ];
--- a/modules/dev/python.nix
+++ b/modules/dev/python.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.dev.python;
 in {
  options.modules.dev.python = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    user.packages = with pkgs; [
      python310
    ];
--- a/modules/dev/rust.nix
+++ b/modules/dev/rust.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.dev.rust;
 in {
  options.modules.dev.rust = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    user.packages = with pkgs; [
      rustc
      rustup
--- a/modules/dev/scala.nix
+++ b/modules/dev/scala.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.dev.scala;
 in {
  options.modules.dev.scala = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    user.packages = with pkgs; [
      jdk
      sbt
--- a/modules/dev/shell.nix
+++ b/modules/dev/shell.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.dev.shell;
 in {
  options.modules.dev.shell = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    user.packages = with pkgs; [
      shellcheck
    ];
--- a/modules/dev/zig.nix
+++ b/modules/dev/zig.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.dev.zig;
 in {
  options.modules.dev.zig = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    user.packages = with pkgs; [
      zig
    ];
--- a/modules/editors/neovim/default.nix
+++ b/modules/editors/neovim/default.nix
@ -1,134 +1,25 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let
  cfg = config.modules.editors.neovim;
  dev = config.modules.dev;
 in {
  options.modules.editors.neovim = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
-    user.packages = with pkgs; [
+    user.packages = with pkgs.unstable; [
-      (neovim.override {
+      lunarvim
        configure = {
          customRC = ''
            luafile ~/.config/nvim/init.lua
          '';
          packages.myPlugins = with pkgs.vimPlugins; {
            start = [
              (nvim-treesitter.withPlugins (
                plugins: with plugins; [
                  bash
                  c
                  cmake
                  cpp
                  css
                  dockerfile
                  elm
                  glsl
                  graphql
                  haskell
                  http
                  html
                  java
                  javascript
                  jsdoc
                  json
                  json5
                  latex
                  lua
                  markdown
                  ninja
                  nix
                  org
                  perl
                  php
                  pug
                  python
                  regex
                  rst
                  ruby
                  rust
                  scala
                  scss
                  toml
                  tsx
                  typescript
                  vim
                  yaml
                  zig
                ]
              ))
              nvim-treesitter-context
              nvim-treesitter-textobjects
              nvim-lspconfig
    ];
          };
        };
      })
    ] ++
-    # Install appropriate language servers
+    env.EDITOR = "lvim";
    (if dev.cc.enable then [
      ccls                                            # C/C++
    ] else []) ++
    (if dev.java.enable then [
      java-language-server                            # Java
      ltex-ls                                         # LaTeX
    ] else []) ++
    (if dev.lua.enable then [
      sumneko-lua-language-server                     # Lua
    ] else []) ++
    (if dev.node.enable then [
      nodePackages.bash-language-server               # Bash
      nodePackages.dockerfile-language-server-nodejs  # Dockerfile
      nodePackages.graphql-language-service-cli       # GraphQL
      nodePackages.purescript-language-server         # PureScript
      nodePackages.svelte-language-server             # Svelte
      nodePackages.typescript-language-server         # JavaScript/TypeScript
      nodePackages.vim-language-server                # Vim
      nodePackages.vscode-langservers-extracted       # HTML, CSS, JSON, ESLint
      nodePackages.vue-language-server                # Vue.js
      nodePackages.yaml-language-server               # YAML
    ] else []) ++
    (if dev.python.enable then [
      cmake-language-server                           # CMake
      python310Packages.python-lsp-server             # Python
    ] else []) ++
    (if dev.rust.enable then [
      rust-analyzer                                   # Rust
    ] else []) ++
    (if dev.scala.enable then [
      metals                                          # Scala
    ] else []) ++
    (if dev.zig.enable then [
      zls                                             # Zig
    ] else []);
    home.configFile = {
      "nvim/init.lua".source = ./init.lua;
      "nvim/lua" = { source = ./lua; recursive = true; };
      "nvim/lua/config/lsp.lua".text = ''
        -- This file is autogenerated, do not edit.
        ${if dev.cc.enable then "require('config.lsp.cc')\n" else ""}
        ${if dev.java.enable then "require('config.lsp.java')\n" else ""}
        ${if dev.lua.enable then "require('config.lsp.lua')\n" else ""}
        ${if dev.node.enable then "require('config.lsp.node')\n" else ""}
        ${if dev.python.enable then "require('config.lsp.python')\n" else ""}
        ${if dev.rust.enable then "require('config.lsp.rust')\n" else ""}
        ${if dev.scala.enable then "require('config.lsp.scala')\n" else ""}
        ${if dev.zig.enable then "require('config.lsp.zig')\n" else ""}
      '';
    };
    env.EDITOR = "nvim";
    environment.shellAliases = {
-      vim = "nvim";
+      vim = "lvim";
-      v   = "nvim";
+      v   = "lvim";
    };
  };
 }
--- a/modules/editors/neovim/init.lua
+++ b/modules/editors/neovim/init.lua
@ -1,6 +0,0 @@
 require("config.core")
 require("config.keymap")
 require("config.treesitter")
 require("config.plugins")
 require("config.lsp")
--- a/modules/editors/neovim/lua/config/core.lua
+++ b/modules/editors/neovim/lua/config/core.lua
@ -1,36 +0,0 @@
 local o = vim.opt
 local wo = vim.wo
 local bo = vim.bo
 -- Global dirs
 local cachedir = os.getenv("XDG_CACHE_HOME")
 o.backupdir = cachedir .. "/nvim/backup/"
 o.directory = cachedir .. "/nvim/swap/"
 o.undodir   = cachedir .. "/nvim/undo/"
 -- Global
 o.breakindent = true
 o.clipboard = "unnamedplus"
 o.compatible = false
 o.encoding = "utf-8"
 o.expandtab = true
 o.foldlevel = 99
 o.hidden = true
 o.hlsearch = false
 o.ignorecase = true
 o.laststatus = 2
 o.listchars = { eol = '↲', tab = '▸ ', trail = '·' }
 o.relativenumber = true
 o.shiftwidth = 2
 o.showmode = false
 o.smartcase = true
 o.smarttab = true
 o.softtabstop = 2
 o.synmaxcol = 150
 o.tabstop = 4
 o.undofile = true
 o.wildmenu = true
 -- Window
 -- Buffer
--- a/modules/editors/neovim/lua/config/keymap.lua
+++ b/modules/editors/neovim/lua/config/keymap.lua
@ -1,35 +0,0 @@
 local keymap = vim.keymap.set
 local opts = { noremap = true, silent = true }
 vim.g.mapleader = ","
 -- Modes
 --   Normal = "n",
 --   Insert = "i",
 --   Visual = "v",
 --   Visual Block = "x",
 --   Term = "t",
 --   Command = "c"
 keymap("n", "<Left>", "<Nop>", opts)
 keymap("n", "<Right>", "<Nop>", opts)
 keymap("n", "<Up>", "<Nop>", opts)
 keymap("n", "<Down>", "<Nop>", opts)
 keymap("n", "<C-h>", "<C-w>h", { noremap = true })
 keymap("n", "<C-j>", "<C-w>j", { noremap = true })
 keymap("n", "<C-k>", "<C-w>k", { noremap = true })
 keymap("n", "<C-l>", "<C-w>l", { noremap = true })
 keymap("n", "gV", "`[v`]", opts)
 keymap("n", ";", ":", { noremap = true })
 -- Bubble single lines with vim-unimpaired
 keymap("n", "<C-Up>", "[e", opts)
 keymap("n", "<C-Down>", "]e", opts)
 -- Bubble multiple lines with vim-unimpaired
 keymap("v", "<C-Up>", "[egv", opts)
 keymap("v", "<C-Down>", "]egv", opts)
--- a/modules/editors/neovim/lua/config/lsp/cc.lua
+++ b/modules/editors/neovim/lua/config/lsp/cc.lua
@ -1,5 +0,0 @@
 lspconfig = require('lspconfig')
 -- Requires C/C++
 lspconfig.ccls.setup{}
--- a/modules/editors/neovim/lua/config/lsp/java.lua
+++ b/modules/editors/neovim/lua/config/lsp/java.lua
@ -1,6 +0,0 @@
 lspconfig = require('lspconfig')
 -- Requires Java
 lspconfig.java_language_server.setup{}
 lspconfig.ltex.setup{}
--- a/modules/editors/neovim/lua/config/lsp/lua.lua
+++ b/modules/editors/neovim/lua/config/lsp/lua.lua
@ -1,22 +0,0 @@
 lspconfig = require('lspconfig')
 -- Requires Lua
 lspconfig.sumneko_lua.setup {
  settings = {
    Lua = {
      runtime = {
        -- Tell the language server which version of Lua you're using (most likely LuaJIT in the case of Neovim)
        version = 'LuaJIT',
      },
      diagnostics = {
        -- Get the language server to recognize the `vim` global
        globals = {'vim'},
      },
      -- Do not send telemetry data containing a randomized but unique identifier
      telemetry = {
        enable = false,
      },
    },
  },
 }
--- a/modules/editors/neovim/lua/config/lsp/node.lua
+++ b/modules/editors/neovim/lua/config/lsp/node.lua
@ -1,17 +0,0 @@
 lspconfig = require('lspconfig')
 -- Requires Node.js
 lspconfig.bashls.setup{}
 lspconfig.cssls.setup{}
 lspconfig.dockerls.setup{}
 lspconfig.eslint.setup{}
 lspconfig.graphql.setup{}
 lspconfig.html.setup{}
 lspconfig.jsonls.setup{}
 lspconfig.purescriptls.setup{}
 lspconfig.svelte.setup{}
 lspconfig.tsserver.setup{}
 lspconfig.vimls.setup{}
 lspconfig.vuels.setup{}
 lspconfig.yamlls.setup{}
--- a/modules/editors/neovim/lua/config/lsp/python.lua
+++ b/modules/editors/neovim/lua/config/lsp/python.lua
@ -1,6 +0,0 @@
 lspconfig = require('lspconfig')
 -- Requires Python
 lspconfig.cmake.setup{}
 lspconfig.pylsp.setup{}
--- a/modules/editors/neovim/lua/config/lsp/rust.lua
+++ b/modules/editors/neovim/lua/config/lsp/rust.lua
@ -1,5 +0,0 @@
 lspconfig = require('lspconfig')
 -- Requires Rust
 lspconfig.rls.setup{}
--- a/modules/editors/neovim/lua/config/lsp/scala.lua
+++ b/modules/editors/neovim/lua/config/lsp/scala.lua
@ -1,5 +0,0 @@
 lspconfig = require('lspconfig')
 -- Requires Scala
 lspconfig.metals.setup{}
--- a/modules/editors/neovim/lua/config/lsp/zig.lua
+++ b/modules/editors/neovim/lua/config/lsp/zig.lua
@ -1,5 +0,0 @@
 lspconfig = require('lspconfig')
 -- Requires Zig
 lspconfig.zls.setup{}
--- a/modules/editors/neovim/lua/config/plugins.lua
+++ b/modules/editors/neovim/lua/config/plugins.lua
@ -1,77 +0,0 @@
 local fn = vim.fn
 local install_path = fn.stdpath "data" .. "/site/pack/packer/start/packer.nvim"
 if fn.empty(fn.glob(install_path)) > 0 then
  PACKER_BOOTSTRAP = fn.system {
    "git",
    "clone",
    "--depth",
    "1",
    "https://github.com/wbthomason/packer.nvim",
    install_path,
  }
  print "Installing packer close and reopen Neovim..."
  vim.cmd [[packadd packer.nvim]]
 end
 vim.cmd [[
  augroup packer_user_config
    autocmd!
    autocmd BufWritePost plugins.lua source <afile> | PackerSync
  augroup end
 ]]
 local status_ok, packer = pcall(require, "packer")
 if not status_ok then
  return
 end
 packer.init {
  display = {
    open_fn = function()
      return require("packer.util").float { border = "rounded" }
    end,
  },
 }
 return packer.startup(function(use)
  -- Utilities
  use { "wbthomason/packer.nvim", opt = true }
  use { "mbbill/undotree" }
  use { "nvim-lua/plenary.nvim" }
  use { "tpope/vim-fugitive", event = "User InGitRepo" }
  -- Editing
  use { "andymass/vim-matchup" }
  use { "godlygeek/tabular" }
  use { "JoosepAlviste/nvim-ts-context-commentstring" }
  use { "kana/vim-textobj-user" }
  use { "mg979/vim-visual-multi", branch = "master" }
  use { "p00f/nvim-ts-rainbow" }
  use { "terryma/vim-expand-region" }
  use { "tommcdo/vim-exchange", event = "VimEnter" }
  use { "tpope/vim-abolish" }
  use { "tpope/vim-commentary", event = "VimEnter" }
  use { "tpope/vim-repeat", event = "VimEnter" }
  use { "tpope/vim-surround", event = "VimEnter" }
  use { "windwp/nvim-autopairs" }
  use { "windwp/nvim-ts-autotag" }
  -- UI
  use { "junegunn/goyo.vim" }
  use { "junegunn/limelight.vim" }
  use { "markonm/traces.vim" }
  -- Searching
  use { "nvim-telescope/telescope.nvim", config = [[require('config.telescope')]] }
  use { "cljoly/telescope-repo.nvim", requires = "telescope.nvim" }
  use { "dyng/ctrlsf.vim" }
  -- LSP
  use { "jose-elias-alvarez/null-ls.nvim" }
  if PACKER_BOOTSTRAP then
    require("packer").sync()
  end
 end)
--- a/modules/editors/neovim/lua/config/telescope.lua
+++ b/modules/editors/neovim/lua/config/telescope.lua
@ -1,46 +0,0 @@
 local status_ok, telescope = pcall(require, "telescope")
 if not status_ok then
  return
 end
 local actions = require("telescope.actions")
 telescope.setup({
  defaults = {
    file_ignore_patterns = { ".git/", "node_modules" },
  },
  mappings = {
    i = {
      ["<Down>"] = actions.cycle_history_next,
      ["<Up>"] = actions.cycle_history_prev,
      ["<C-j>"] = actions.move_selection_next,
      ["<C-k>"] = actions.move_selection_previous,
    },
  },
  extensions = {
    repo = {
      list = {
        fd_opts = {
          "--no-ignore-vcs",
        },
        search_dirs = {
          "~/projects",
          "~/repos",
          "~/workspace",
        },
      },
    },
  },
 })
 telescope.load_extension("repo")
 local keymap = vim.keymap.set
 local opts = { noremap = true, silent = true }
 keymap("n", "<Leader>ff", "<cmd>Telescope find_files<cr>", opts)
 keymap("n", "<Leader>fg", "<cmd>Telescope live_grep<cr>", opts)
 keymap("n", "<Leader>fb", "<cmd>Telescope buffers<cr>", opts)
 keymap("n", "<Leader>fh", "<cmd>Telescope help_tags<cr>", opts)
 keymap("n", "<Leader>fr", "<cmd>Telescope repo list<cr>", opts)
--- a/modules/editors/neovim/lua/config/treesitter.lua
+++ b/modules/editors/neovim/lua/config/treesitter.lua
@ -1,35 +0,0 @@
 require("nvim-treesitter.configs").setup({
  ignore_install = {},
  highlight = {
    enable = true,
    disable = {},
  },
  indent = { enable = true },
  incremental_selection = {
    enable = true,
    keymaps = {
      init_selection = "gnn",
      node_incremental = "grn",
      scope_incremental = "grc",
      node_decremental = "grm",
    },
  },
  -- Extensions
  autotag = { enable = true },
  context_commentstring = { enable = true },
  matchup = { enable = true },
  rainbow = { enable = true },
  textobjects = {
    select = {
      enable = true,
      keymaps = {
        ["af"] = "@function.outer",
        ["if"] = "@function.inner",
      },
    },
  },
 })
 vim.opt.foldmethod = "expr"
 vim.opt.foldexpr = "nvim_treesitter#foldexpr()"
--- a/modules/editors/vscode.nix
+++ b/modules/editors/vscode.nix
@ -1,16 +1,49 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.editors.vscode;
 in {
  options.modules.editors.vscode = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    environment.sessionVariables.NIXOS_OZONE_WL = "1";
    home.programs.vscode = {
      enable = true;
      extensions = with pkgs.vscode-extensions; [
        asvetliakov.vscode-neovim
        brettm12345.nixfmt-vscode
        coolbear.systemd-unit-file
        editorconfig.editorconfig
        golang.go
        graphql.vscode-graphql-syntax
        mattn.lisp
        # mkhl.direnv
        ms-python.vscode-pylance
        ms-vscode.cpptools
        ms-vscode.hexeditor
        piousdeer.adwaita-theme
        # redhat.java
        # sumneko.lua
      ];
      userSettings = {
        "editor.renderLineHighlight" = "none";
        "extensions.experimental.affinity" = {
          "asvetliakov.vscode-neovim" = 1;
        };
        "files.autoSave" = "off";
        "window.autoDetectColorScheme" = true;
        "window.commandCenter" = true;
        "window.titleBarStyle" = "custom";
        "workbench.iconTheme" = null;
        "workbench.preferredDarkColorTheme" = "Adwaita Dark";
        "workbench.preferredLightColorTheme" = "Adwaita Light";
        "workbench.tree.indent" = 12;
      };
    };
  };
 }
--- a/modules/hardware/0001-Update-device-ID-for-PreSonus-1824c.patch
+++ b/modules/hardware/0001-Update-device-ID-for-PreSonus-1824c.patch
@ -1,4 +1,4 @@
-From c16be6b3b4da5a55e3ff4258ada123b5f03757e5 Mon Sep 17 00:00:00 2001
+From daebf42bd955f6f8d971af967c675e4e339cb0b2 Mon Sep 17 00:00:00 2001
 From: Jordan Holt <jordan@vimium.com>
 Date: Sun, 12 Nov 2023 12:13:39 +0000
 Subject: [PATCH] Update device ID for PreSonus 1824c
@ -6,8 +6,9 @@ Subject: [PATCH] Update device ID for PreSonus 1824c
 ---
 sound/usb/format.c       | 4 ++--
 sound/usb/mixer_quirks.c | 2 +-
 sound/usb/mixer_s1810c.c | 2 +-
 sound/usb/quirks.c       | 4 ++--
- 3 files changed, 5 insertions(+), 5 deletions(-)
+ 4 files changed, 6 insertions(+), 6 deletions(-)
 diff --git a/sound/usb/format.c b/sound/usb/format.c
 index ab5fed9f55b6..da50a4782414 100644
@ -37,6 +38,19 @@ index 898bc3baca7b..c3135459c38c 100644
 		err = snd_sc1810_init_mixer(mixer);
 		break;
 	case USB_ID(0x2a39, 0x3fb0): /* RME Babyface Pro FS */
 diff --git a/sound/usb/mixer_s1810c.c b/sound/usb/mixer_s1810c.c
 index fac4bbc6b275..5bc2e66d452c 100644
 --- a/sound/usb/mixer_s1810c.c
 +++ b/sound/usb/mixer_s1810c.c
@@ -552,7 +552,7 @@ int snd_sc1810_init_mixer(struct usb_mixer_interface *mixer)
 		return 0;
 	dev_info(&dev->dev,
 -		 "Presonus Studio 1810c, device_setup: %u\n", chip->setup);
 +		 "Presonus Studio 1824c, device_setup: %u\n", chip->setup);
 	if (chip->setup == 1)
 		dev_info(&dev->dev, "(8out/18in @ 48kHz)\n");
 	else if (chip->setup == 2)
 diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
 index ab2b938502eb..b86832edaaa0 100644
 --- a/sound/usb/quirks.c
@ -53,5 +67,5 @@ index ab2b938502eb..b86832edaaa0 100644
 -- 
-2.40.1
+2.42.0
--- a/modules/hardware/presonus-studio.nix
+++ b/modules/hardware/presonus-studio.nix
@ -0,0 +1,69 @@
 { config, lib, pkgs, ... }:
 let
  cfg = config.modules.hardware.presonus-studio;
  snd-usb-audio-module = pkgs.callPackage ./snd-usb-audio.nix {
    kernel = config.boot.kernelPackages.kernel;
  };
  patched = snd-usb-audio-module.overrideAttrs (prev: {
    patches = [ ./0001-Update-device-ID-for-PreSonus-1824c.patch ];
  });
  upmixConfig = ''
    stream.properties = {
      channelmix.upmix = true
      channelmix.upmix-method = psd
    }
  '';
 in {
  options.modules.hardware.presonus-studio = {
    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
  config = lib.mkIf cfg.enable {
    boot.kernelModules = [ "snd-usb-audio" ];
    boot.extraModulePackages = [
      (patched)
    ];
    environment.etc = {
      "pipewire/pipewire.conf.d/10-network.conf".text = ''
        context.modules = [
          {
            name = libpipewire-module-rtp-session
            args = {
              stream.props = {
                node.name = "rtp-source"
              }
            }
          }
        ]
      '';
      "pipewire/pipewire.conf.d/surround.conf".text = ''
        context.modules = [
          {
            name = libpipewire-module-loopback
            args = {
              node.description = "Genelec 4.1 Surround"
              capture.props = {
                node.name = "Genelec_Speakers"
                media.class = "Audio/Sink"
                audio.position = [ FL FR SL SR LFE ]
              }
              playback.props = {
                node.name = "playback.Genelec_Speakers"
                audio.position = [ AUX0 AUX1 AUX3 AUX4 AUX5 ]
                target.object = "alsa_output.usb-PreSonus_Studio_1824c_SC4E21110775-00.multichannel-output"
                stream.dont-remix = true
                node.passive = true
              }
            }
          }
        ]
      '';
      "pipewire/pipewire-pulse.conf.d/40-upmix.conf".text = upmixConfig;
      "pipewire/client-rt.conf.d/40-upmix.conf".text = upmixConfig;
    };
  };
 } 
--- a/modules/hardware/snd-usb-audio.nix
+++ b/modules/hardware/snd-usb-audio.nix
--- a/modules/networking/tailscale.nix
+++ b/modules/networking/tailscale.nix
@ -1,15 +1,19 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.networking.tailscale;
 in {
  options.modules.networking.tailscale = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
-    restrictSSH = mkBoolOpt true;
+      default = false;
      example = true;
    };
    restrictSSH = lib.mkOption {
      default = true;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    services.tailscale.enable = true;
    services.openssh.openFirewall = !cfg.restrictSSH;
    networking.firewall = {
--- a/modules/networking/wireless.nix
+++ b/modules/networking/wireless.nix
@ -0,0 +1,60 @@
 { config, lib, pkgs, inputs, ... }:
 with lib;
 let cfg = config.modules.networking.wireless;
 in {
  options.modules.networking.wireless = {
    enable = mkOption {
      default = false;
      example = true;
      description = mdDoc "Automatically connect to known networks";
    };
    interfaces = mkOption {
      default = [ ];  # All interfaces
      example = [ "wlan0" ];
      description = mdDoc "Interfaces for `wpa_supplicant` to bind to";
    };
  };
  config = mkIf cfg.enable {
    age.secrets."passwords/networks" = {
      file = "${inputs.secrets}/passwords/networks.age";
    };
    networking = {
      wireless = {
        enable = true;
        interfaces = cfg.interfaces;
        environmentFile = config.age.secrets."passwords/networks".path;
        networks = {
          "Apollo 600 Mbps".psk = "@PSK_APOLLO@";
        };
      };
      networkmanager.ensureProfiles.profiles = {
        "Apollo" = {
          connection = {
            id = "Apollo 600 Mbps";
            type = "wifi";
          };
          wifi = {
            mode = "infrastructure";
            ssid = "Apollo 600 Mbps";
          };
          wifi-security = {
            auth-alg = "open";
            key-mgmt = "wpa-psk";
            psk = "";
          };
          ipv4 = {
            method = "auto";
          };
          ipv6 = {
            addr-gen-mode = "stable-privacy";
            method = "auto";
          };
        };
      };
    };
  };
 }
--- a/modules/options.nix
+++ b/modules/options.nix
@ -1,21 +1,20 @@
-{ config, options, lib, home-manager, ... }:
+{ config, options, lib, home-manager, inputs, ... }:
 with lib;
 with lib.my;
 {
  options = with types; {
-    user = mkOpt attrs { };
+    user = mkOption { type = attrs; default = { }; };
    home = {
-      configFile  = mkOpt' attrs { } "Files to place in $XDG_CONFIG_HOME";
+      configFile  = mkOption { type = attrs; default = { }; description = "Files to place in $XDG_CONFIG_HOME"; };
-      dataFile    = mkOpt' attrs { } "Files to place in $XDG_DATA_HOME";
+      dataFile    = mkOption { type = attrs; default = { }; description = "Files to place in $XDG_DATA_HOME"; };
-      file        = mkOpt' attrs { } "Files to place directly in $HOME";
+      file        = mkOption { type = attrs; default = { }; description = "Files to place directly in $HOME"; };
-      packages    = mkOpt' attrs { } "User-level installed packages";
+      packages    = mkOption { type = attrs; default = { }; description = "User-level installed packages"; };
-      programs    = mkOpt' attrs { } "Programs managed directly from home-manager";
+      programs    = mkOption { type = attrs; default = { }; description = "Programs managed directly from home-manager"; };
-      services    = mkOpt' attrs { } "Services managed directly from home-manager";
+      services    = mkOption { type = attrs; default = { }; description = "Services managed directly from home-manager"; };
    };
-    dconf.settings = mkOpt' attrs { } "dconf settings to enable";
+    dconf.settings = mkOption { type = attrs; default = { }; description = "dconf settings to enable"; };
    env = mkOption {
      type = attrsOf (oneOf [ str path (listOf (either str path)) ]);
@ -30,18 +29,20 @@ with lib.my;
  };
  config = {
    age.secrets."passwords/users/jordan".file = "${inputs.secrets}/passwords/users/jordan.age";
    user =
      let user = builtins.getEnv "USER";
          name = if elem user [ "" "root" ] then "jordan" else user;
      in {
        inherit name;
        isNormalUser = true;
-        extraGroups = [ "networkmanager" "wheel" ];
+        extraGroups = [ "networkmanager" "wheel" "lxd" ];
        description = "Jordan Holt";
        useDefaultShell = true;
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
        ];
        hashedPasswordFile = config.age.secrets."passwords/users/jordan".path;
        home = "/home/${name}";
        group = "users";
        uid = 1000;
@ -69,8 +70,6 @@ with lib.my;
    users.users.${config.user.name} = mkAliasDefinitions options.user;
    nixpkgs.config.allowUnfree = true;
    environment.extraInit =
      concatStringsSep "\n"
        (mapAttrsToList (n: v: "export ${n}=\"${v}\"") config.env);
--- a/modules/security/gpg.nix
+++ b/modules/security/gpg.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.security.gpg;
 in {
  options.modules.security.gpg = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    home.programs.gpg = {
      enable = true;
    };
--- a/modules/security/pass.nix
+++ b/modules/security/pass.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.security.pass;
 in {
  options.modules.security.pass = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    home.programs.password-store = {
      enable = true;
      package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
--- a/modules/services/borgmatic/default.nix
+++ b/modules/services/borgmatic/default.nix
@ -0,0 +1,53 @@
 { config, lib, pkgs, inputs, ... }:
 with lib;
 let
  cfg = config.modules.services.borgmatic;
  hostname = config.networking.hostName;
 in {
  options.modules.services.borgmatic = {
    enable = mkOption {
      default = false;
      example = true;
      description = mdDoc "Enable backups on this host with `borgmatic`";
    };
    directories = mkOption {
      type = types.listOf types.str;
      default = [];
      example = [
        "/home/jordan/Documents"
      ];
      description = mdDoc "List of directories to backup";
    };
    repoPath = mkOption {
      type = types.str;
      example = "ssh://example@example.repo.borgbase.com/./repo";
      description = mdDoc "Destination borg repository for backup";
    };
  };
  config = mkIf cfg.enable {
    age.secrets."passwords/services/borg/${hostname}-passphrase" = {
      file = "${inputs.secrets}/passwords/services/borg/${hostname}-passphrase.age";
    };
    services.borgmatic = {
      enable = true;
      settings = {
        source_directories = cfg.directories;
        repositories = [
          { label = "borgbase"; path = cfg.repoPath; }
        ];
        encryption_passcommand = "cat ${config.age.secrets."passwords/services/borg/${hostname}-passphrase".path}";
        ssh_command = "ssh -i /etc/ssh/ssh_host_ed25519_key";
        keep_daily = 7;
        keep_weekly = 4;
        keep_monthly = 6;
      };
    };
    # Without this override, `cat` is unavailable for `encryption_passcommand`
    systemd.services.borgmatic.confinement.fullUnit = true;
  };
 }
--- a/modules/services/coturn/default.nix
+++ b/modules/services/coturn/default.nix
@ -0,0 +1,60 @@
 { config, lib, pkgs, inputs, ... }:
 with lib;
 let
  cfg = config.modules.services.coturn;
 in {
  options.modules.services.coturn = {
    enable = mkOption {
      default = false;
      example = true;
    };
  };
  config = mkIf cfg.enable {
    networking.firewall = {
      allowedTCPPorts = [
        5349  # STUN TLS
        5350  # STUN TLS alt
      ];
      allowedUDPPortRanges = [
        { from = 49152; to = 49999; } # TURN relay
      ];
    };
    security.acme.certs = {
      "turn.vimium.com" = {
        reloadServices = [ "coturn" ];
      };
    };
    age.secrets."passwords/services/coturn/shared-secret" = {
      file = "${inputs.secrets}/passwords/services/coturn/shared-secret.age";
      owner = "turnserver";
      group = "turnserver";
    };
    services.coturn = {
      enable = true;
      lt-cred-mech = true;
      use-auth-secret = true;
      static-auth-secret-file = config.age.secrets."passwords/services/coturn/shared-secret".path;
      realm = "turn.vimium.com";
      relay-ips = [
        "198.244.190.160"
      ];
      no-tcp-relay = true;
      extraConfig = ''
        cipher-list="HIGH"
        no-loopback-peers
        no-multicast-peers
      '';
      secure-stun = true;
      cert = "/var/lib/acme/turn.vimium.com/fullchain.pem";
      pkey = "/var/lib/acme/turn.vimium.com/key.pem";
      min-port = 49152;
      max-port = 49999;
    };
  };
 }
--- a/modules/services/gitea/default.nix
+++ b/modules/services/gitea/default.nix
@ -0,0 +1,83 @@
 { config, lib, pkgs, inputs, ... }:
 with lib;
 let
  cfg = config.modules.services.gitea;
 in {
  options.modules.services.gitea = {
    enable = mkOption {
      default = false;
      example = true;
    };
  };
  config = mkIf cfg.enable {
    users = {
      users.git = {
        isSystemUser = true;
        useDefaultShell = true;
        group =  "git";
        extraGroups = [ "gitea" ];
        home = config.services.gitea.stateDir;
      };
      groups.git = { };
    };
    services.nginx = {
      upstreams.gitea = {
        servers = {
          "unix:${config.services.gitea.settings.server.HTTP_ADDR}" = { };
        };
      };
      virtualHosts = {
        "git.vimium.com" = {
          forceSSL = true;
          enableACME = true;
          locations."/".proxyPass = "http://gitea";
        };
      };
    };
    services.gitea = rec {
      package = pkgs.unstable.gitea;
      enable = true;
      user = "git";
      appName = "Vimium Git";
      stateDir = "/var/lib/gitea";
      repositoryRoot = "${stateDir}/repositories";
      database = {
        type = "sqlite3";
        inherit user;
        path = "${stateDir}/gitea.db";
      };
      lfs = {
        enable = true;
        contentDir = "${stateDir}/lfs";
      };
      settings = {
        server = {
          SSH_USER = "git";
          SSH_DOMAIN = "git.vimium.com";
          SSH_PORT = lib.head config.services.openssh.ports;
          OFFLINE_MODE = true;
          PROTOCOL = "http+unix";
          DOMAIN = config.networking.domain;
          ROOT_URL = "https://git.vimium.com/";
        };
        service.DISABLE_REGISTRATION = true;
        session.COOKIE_SECURE = true;
        log.ROOT_PATH = "${stateDir}/log";
        ui = {
          THEMES = "gitea,arc-green,github-dark,bthree-dark";
          DEFAULT_THEME = "github-dark";
        };
        actions.ENABLED = true;
        indexer = {
          REPO_INDEXER_ENABLED = true;
        };
        packages.CHUNKED_UPLOAD_PATH = lib.mkForce "${stateDir}/data/tmp/package-upload";
      };
    };
  };
 }
--- a/modules/services/headscale/default.nix
+++ b/modules/services/headscale/default.nix
@ -0,0 +1,43 @@
 { config, lib, pkgs, inputs, ... }:
 with lib;
 let
  cfg = config.modules.services.headscale;
 in {
  options.modules.services.headscale = {
    enable = mkOption {
      default = false;
      example = true;
    };
  };
  config = mkIf cfg.enable {
    services.nginx.virtualHosts = {
      "headscale.vimium.net" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://localhost:${toString config.services.headscale.port}";
          proxyWebsockets = true;
        };
      };
    };
    services.headscale = {
      enable = true;
      port = 8080;
      settings = {
        server_url = "https://headscale.vimium.net";
        dns_config = {
          base_domain = "vimium.net";
        };
        logtail.enabled = false;
      };
    };
    environment.systemPackages = with pkgs; [
      config.services.headscale.package
    ];
  };
 }
--- a/modules/services/matrix-synapse/default.nix
+++ b/modules/services/matrix-synapse/default.nix
@ -0,0 +1,127 @@
 { config, lib, pkgs, inputs, ... }:
 with lib;
 let
  cfg = config.modules.services.matrix-synapse;
  matrixClientConfig = {
    "m.homeserver" = {
      base_url = "https://matrix.vimium.com";
      server_name = "vimium.com";
    };
    "m.identity_server" = {};
  };
  matrixServerConfig."m.server" = "matrix.vimium.com:443";
  mkWellKnown = data: ''
    more_set_headers 'Content-Type: application/json';
    return 200 '${builtins.toJSON data}';
  '';
 in {
  options.modules.services.matrix-synapse = {
    enable = mkOption {
      default = false;
      example = true;
    };
  };
  config = mkIf cfg.enable {
    networking.firewall.allowedTCPPorts = [
      8448 # Matrix federation
    ];
    security.acme.certs = {
      "matrix.vimium.com" = {
        reloadServices = [ "matrix-synapse" ];
      };
    };
    services.nginx.virtualHosts = {
      "chat.vimium.com" = {
        forceSSL = true;
        enableACME = true;
        root = pkgs.unstable.element-web.override {
          conf = {
            default_server_config = matrixClientConfig;
            brand = "Vimium Chat";
            branding = {
              auth_header_logo_url = "https://vimium.com/images/logo.svg";
              auth_footer_links = [
                { "text" = "Vimium.com"; "url" = "https://vimium.com"; }
              ];
            };
          };
        };
      };
      "matrix.vimium.com" = {
        forceSSL = true;
        enableACME = true;
        listen = [
          {
            addr = "0.0.0.0";
            port = 443;
            ssl = true;
          }
          {
            addr = "0.0.0.0";
            port = 80;
          }
          {
            addr = "0.0.0.0";
            port = 8448;
            ssl = true;
          }
          {
            addr = "[::1]";
            port = 443;
            ssl = true;
          }
          {
            addr = "[::1]";
            port = 80;
          }
          {
            addr = "[::1]";
            port = 8448;
            ssl = true;
          }
        ];
        locations = {
          "/" = {
            proxyPass = "http://localhost:8008";
            extraConfig = ''
              proxy_set_header X-Forwarded-For $remote_addr;
            '';
          };
          "/_matrix" = {
            proxyPass = "http://localhost:8008";
            extraConfig = ''
              proxy_set_header X-Forwarded-For $remote_addr;
              client_max_body_size 50M;
            '';
          };
          "/_synapse/client".proxyPass = "http://localhost:8008";
        };
      };
      "vimium.com" = {
        locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig);
        locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig);
      };
    };
    services.matrix-synapse = {
      enable = true;
      settings = {
        database.name = "sqlite3";
        enable_registration = false;
        server_name = "vimium.com";
        # turn_shared_secret = "???";
        # turn_uris = [
        #   "turn:turn.vimium.com:5349?transport=udp"
        #   "turn:turn.vimium.com:5350?transport=udp"
        #   "turn:turn.vimium.com:5349?transport=tcp"
        #   "turn:turn.vimium.com:5350?transport=tcp"
        # ];
      };
    };
  };
 }
--- a/modules/services/nginx/default.nix
+++ b/modules/services/nginx/default.nix
@ -0,0 +1,157 @@
 { config, lib, pkgs, inputs, ... }:
 with lib;
 let
  cfg = config.modules.services.nginx;
  nginxErrorPages = ''
    location @error_pages {
      rewrite ^.*$ /''${status}.html break;
      root "/var/www/html/errors";
    }
  '';
  nginxEdgeHeaders = ''
    more_set_headers 'Server: Vimium';
    more_set_headers 'Access-Control-Allow-Origin: *';
    add_header Expect-CT max-age=30 always;
    add_header Referrer-Policy strict-origin-when-cross-origin always;
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
    add_header Vimium-Responding-Instance $hostname;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options nosniff always;
  '';
  nginxStrictHeaders = ''
    add_header X-Frame-Options SAMEORIGIN always;
    add_header Permissions-Policy "fullscreen=(self), sync-xhr=(self)" always;
  '';
  mkRedirect = from: to: {
    "${from}" = {
      forceSSL = true;
      enableACME = true;
      serverAliases = [ "www.${from}" ];
      locations."/".return = "301 https://${to}$request_uri";
      extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
    };
  };
 in {
  options.modules.services.nginx = {
    enable = mkOption {
      default = false;
      example = true;
    };
  };
  config = mkIf cfg.enable {
    networking.firewall.allowedTCPPorts = [
      80    # HTTP
      443   # HTTPS
    ];
    services.nginx = {
      enable = true;
      package = pkgs.openresty;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedTlsSettings = true;
      clientMaxBodySize = "2G";
      sslProtocols = "TLSv1.2 TLSv1.3";
      sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
      appendHttpConfig = ''
        error_page 400 @error_pages;
        error_page 401 @error_pages;
        error_page 403 @error_pages;
        error_page 404 @error_pages;
        error_page 405 @error_pages;
        error_page 429 @error_pages;
        error_page 500 @error_pages;
        error_page 501 @error_pages;
        error_page 502 @error_pages;
        error_page 503 @error_pages;
        error_page 504 @error_pages;
        client_body_buffer_size 16k;
        client_header_buffer_size 8k;
      '';
      appendConfig = ''
        worker_processes auto;
        worker_cpu_affinity auto;
        worker_rlimit_nofile 50000;
      '';
      eventsConfig = ''
        worker_connections 20000;
        multi_accept off;
      '';
      virtualHosts = {
        ## Static sites
        "jellyfin.vimium.com" = {
          forceSSL = true;
          enableACME = true;
          extraConfig = nginxErrorPages + nginxEdgeHeaders;
          locations."/" = {
            proxyPass = "http://localhost:8000";
            extraConfig = ''
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header X-Forwarded-Proto $scheme;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header Host $host;
              proxy_set_header Range $http_range;
              proxy_set_header If-Range $http_if_range;
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection "upgrade";
            '';
          };
        };
        "pki.vimium.com" = {
          addSSL = true;
          forceSSL = false;
          enableACME = true;
          extraConfig = ''
            ${nginxErrorPages}
            more_set_headers 'Server: Vimium';
          '';
          locations."/" = {
            root = "/var/www/pki.vimium.com";
          };
        };
        "suhailhussain.com" = {
          forceSSL = true;
          enableACME = true;
          serverAliases = [ "www.suhailhussain.com" ];
          extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
          locations."/" = {
            root = "/var/www/suhailhussain.com";
          };
        };
        "vimium.com" = {
          default = true;
          forceSSL = true;
          enableACME = true;
          serverAliases = [ "www.vimium.com" ];
          extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders + ''
            add_header Content-Security-Policy "default-src 'self' https://vimium.com https://www.vimium.com; style-src 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests" always;
          '';
          locations."/" = {
            root = "/var/www/vimium.com";
          };
        };
      }
      ## Redirects
      // (mkRedirect "h0lt.com" "jdholt.com")
      // (mkRedirect "jordanholt.xyz" "jdholt.com")
      // (mkRedirect "jdholt.com" "vimium.com")
      // (mkRedirect "omnimagic.com" "vimium.com")
      // (mkRedirect "omnimagic.net" "vimium.com")
      // (mkRedirect "thelostlegend.com" "suhailhussain.com")
      // (mkRedirect "vimium.co" "vimium.com")
      // (mkRedirect "vimium.co.uk" "vimium.com")
      // (mkRedirect "vimium.info" "vimium.com")
      // (mkRedirect "vimium.net" "vimium.com")
      // (mkRedirect "vimium.org" "vimium.com")
      // (mkRedirect "vimium.xyz" "vimium.com");
    };
  };
 }
--- a/modules/shell/git/default.nix
+++ b/modules/shell/git/default.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.shell.git;
 in {
  options.modules.shell.git = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    home.programs.git = {
      enable = true;
      aliases = {
--- a/modules/shell/zsh/default.nix
+++ b/modules/shell/zsh/default.nix
@ -1,14 +1,15 @@
 { config, lib, pkgs, ... }:
 with lib;
 with lib.my;
 let cfg = config.modules.shell.zsh;
 in {
  options.modules.shell.zsh = {
-    enable = mkBoolOpt false;
+    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
    users.defaultUserShell = pkgs.zsh;
    programs.zsh = {
--- a/overlays/gnome.nix
+++ b/overlays/gnome.nix
@ -3,8 +3,8 @@ self: super:
  gnome = super.gnome.overrideScope' (gself: gsuper: {
    mutter = gsuper.mutter.overrideAttrs (oldAttrs: {
      src = super.fetchurl {
-        url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-44/mutter-triple-buffering-v4-44.tar.gz";
+        url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-45/mutter-triple-buffering-v4-45.tar.gz";
-        sha256 = "UhCbdAh5AtYWTi0GX8RmexUAS0nbvISPuErX/8NTdoA=";
+        sha256 = "tN+zQ5brk+hc+louIipqPV/Bqft42ghKOzjZZMj5Q8A=";
      };
    });
  });