sab

Co-authored-by: mjallen18 <matt.l.jallen@gmail.com>
Reviewed-on: #3

.gitignore

@@ -1,5 +1,14 @@
 hosts/nas/*.conf
 hosts/nas/*.users
-result
+result*
 *.raw
-.codegpt
+.codegpt
+.direnv
+shell.nix
+.vscode
+**/*/*.py
+.envrc
+.DS_Store
+*.qcow2
+keys
+iso-*

.sops.yaml

@@ -1,5 +1,6 @@
 # See https://github.com/Mic92/dotfiles/blob/d6114726d859df36ccaa32891c4963ae5717ef7f/nixos/.sops.yaml
 keys:
+  - &matt-pgp CBCB9B18A6B8930B0B6ABFD1CCB8CBEB30633684
   - &matt age157jemphjzg6zmk373vpccuguyw6e75qnkqmz8pcnn2yue85p939swqqhy0
   - &matt_pi4 age13g9a4d4jrvckfddpgn8sm4kjtzajr67le56pfdg78ktr5pd09phq32j89u
   - &matt_pi5 age1wpvfpv5n32lruk7c0da4uaeapsmhjxdvg8z4ljehn06l6g2y0e0sum404l
@@ -10,66 +11,101 @@ keys:
   - &pi5 age1t2d5scrukk0guva5sr97a8tge5j8kd865adezrcru7p269pzwvpsamkgje
   - &deck age1c8qw59ffcq9l77gfmtyc3djtvt3md0u6dwhrjcgsm98ntyf72ufqugj7cg
   - &steamdeck age1er5qucsc2mugrzrr7n3xhzv7kemkrqrw4m84r544fkk7nkg5g5eswxkqj0
-  - &matt_macbook-pro age1xg6mvj3x6s3t8058c6rsk3q4kskvm6nsffwckxkkjzhyn7r6tczqgkj23p
-  - &macbook-pro age1rdn39ywgzmc8wlsl5lrfe77e652wzjmjx58gx4k2ydghd35kdqvqscrf3h
+  - &matt_macbook-pro age12gu9hqhd56yl5x3t5yenkn9yg57du08h77vzjqsmnu5hdppne38qcur5a0
+  - &macbook-pro age1t7378n8kmd3f32fkye2gw3jj6qswv3exjdx0dq8kl0xra3tmcdnsvddq3u
+  - &nuc age102el4snus37dj807rwvsmlvwu2sg2d8rw3vfmtntgczfkz04l9nshetcq0
+  - &admin_nuc age1yn82e39pxt0d0pgny34ux4lkge4ff7wxvsye8ragvwngehemt4ps27phyw
+  - &matt_allyx age1n5frpwgvps7c2348ynu9g7g47kqar4srdplw5kkcyn4x80eqzetqw3ej2m
+  - &allyx age1lvks0rdf743cn9rvvx90mzu3mjldydlzslpmv9608wn4j0m8u3xsmu7yew
 creation_rules:
   - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
-    - age:
-      - *matt
-      - *matt_pi4
-      - *matt_pi5
-      - *desktop
-      - *admin
-      - *jallen-nas
-      - *pi4
-      - *pi5
-      - *deck
-      - *steamdeck
-      - *matt_macbook-pro
-      - *macbook-pro
+      - pgp:
+          - *matt-pgp
+        age:
+          - *matt
+          - *matt_pi4
+          - *matt_pi5
+          - *desktop
+          - *admin
+          - *jallen-nas
+          - *pi4
+          - *pi5
+          - *deck
+          - *steamdeck
+          - *matt_macbook-pro
+          - *macbook-pro
+          - *admin_nuc
+          - *nuc
+          - *matt_allyx
+          - *allyx
   - path_regex: nas-secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
-    - age:
-      - *matt
-      - *desktop
-      - *admin
-      - *jallen-nas
+      - pgp:
+          - *matt-pgp
+        age:
+          - *matt
+          - *desktop
+          - *admin
+          - *jallen-nas
   - path_regex: desktop-secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
-    - age:
-      - *matt
-      - *desktop
-      - *admin
-      - *jallen-nas
+      - pgp:
+          - *matt-pgp
+        age:
+          - *matt
+          - *desktop
+          - *admin
+          - *jallen-nas
   - path_regex: steamdeck-secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
-    - age:
-      - *matt
-      - *desktop
-      - *deck
-      - *steamdeck
-      - *admin
-      - *jallen-nas
+      - pgp:
+          - *matt-pgp
+        age:
+          - *matt
+          - *desktop
+          - *deck
+          - *steamdeck
+          - *admin
+          - *jallen-nas
+          - *matt_allyx
+          - *allyx
   - path_regex: pi4-secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
-    - age:
-      - *matt
-      - *matt_pi4
-      - *matt_pi5
-      - *desktop
-      - *pi4
-      - *pi5
-      - *admin
-      - *jallen-nas
+      - pgp:
+          - *matt-pgp
+        age:
+          - *matt
+          - *matt_pi4
+          - *matt_pi5
+          - *desktop
+          - *pi4
+          - *pi5
+          - *admin
+          - *jallen-nas
   - path_regex: pi5-secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
-    - age:
-      - *matt
-      - *matt_pi4
-      - *matt_pi5
-      - *desktop
-      - *pi4
-      - *pi5
-      - *admin
-      - *jallen-nas
+      - pgp:
+          - *matt-pgp
+        age:
+          - *matt
+          - *matt_pi4
+          - *matt_pi5
+          - *desktop
+          - *pi4
+          - *pi5
+          - *admin
+          - *jallen-nas
+  - path_regex: mac-secrets/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+      - pgp:
+          - *matt-pgp
+        age:
+          - *matt
+          - *matt_pi5
+          - *desktop
+          - *pi5
+          - *admin
+          - *jallen-nas
+          - *matt_macbook-pro
+          - *macbook-pro

README.md

@@ -1,50 +1,118 @@
-# nixOS Config
+# NixOS Configuration Repository
 
-### Common Files
-* [flake.nix](./flake.nix)
-* [impermenance.nix](./share/impermanence/default.nix)
-* [share](./share)
-* [overlays](./overlays)
+This repository contains my personal NixOS configurations for multiple systems, managed using [Snowfall Lib](https://github.com/snowfallorg/lib) and the Nix Flakes system.
+
+## Overview
+
+This repository provides a centralized, declarative configuration for all my systems, including:
+
+- Desktop PC (AMD)
+- NAS server
+- Steam Deck
+- Intel NUC
+- Raspberry Pi 4
+- Raspberry Pi 5
+- MacBook Pro (NixOS on Apple Silicon)
+- MacBook Pro (Darwin/macOS)
+
+## Repository Structure
+
+```
+.
+├── checks/                # Pre-commit hooks and other checks
+├── flake.nix              # Main flake configuration
+├── homes/                 # Home-manager configurations for users
+│   ├── aarch64-darwin/    # macOS home configurations
+│   ├── aarch64-linux/     # ARM Linux home configurations
+│   └── x86_64-linux/      # x86 Linux home configurations
+├── modules/               # Reusable configuration modules
+│   ├── home/              # Home-manager modules
+│   └── nixos/             # NixOS system modules
+├── overlays/              # Nixpkgs overlays
+├── packages/              # Custom package definitions
+├── secrets/               # Encrypted secrets (managed with sops-nix)
+└── systems/               # System-specific configurations
+    ├── aarch64-darwin/    # macOS system configurations
+    ├── aarch64-linux/     # ARM Linux system configurations
+    └── x86_64-linux/      # x86 Linux system configurations
+```
+
+## Key Features
+
+- **Modular Design**: Reusable modules for various system components
+- **Multi-System Support**: Configurations for different hardware platforms
+- **Home Manager Integration**: User environment management
+- **Secret Management**: Encrypted secrets with sops-nix
+- **Disk Management**: Declarative disk partitioning with disko
+- **State Management**: Persistent state management with impermanence
+- **Desktop Environments**: Support for GNOME, Hyprland, and COSMIC
+- **Hardware-Specific Optimizations**: Tailored configurations for different hardware
+
+## Key Technologies
+
+- [Nix](https://nixos.org/) and [NixOS](https://nixos.org/)
+- [Nix Flakes](https://nixos.wiki/wiki/Flakes)
+- [Snowfall Lib](https://github.com/snowfallorg/lib)
+- [Home Manager](https://github.com/nix-community/home-manager)
+- [sops-nix](https://github.com/Mic92/sops-nix)
+- [disko](https://github.com/nix-community/disko)
+- [impermanence](https://github.com/nix-community/impermanence)
+- [lanzaboote](https://github.com/nix-community/lanzaboote) (Secure Boot)
+
+## Notable System Configurations
 
 ### Desktop
-* [boot.nix](./hosts/desktop/boot.nix)
-* [configuration.nix](./hosts/desktop/configuration.nix)
-* [hardware-configuration.nix](./hosts/desktop/hardware-configuration.nix)
-* [filesystems.nix](./hosts/desktop/filesystems.nix)
-* [home.nix](./hosts/desktop/home.nix)
-* [sops.nix](./hosts/desktop/sops.nix)
-* [specialisations.hyprland](./hosts/desktop/hyprland)
-* [specialisations.gnome](./hosts/desktop/gnome)
-* [specialisations.cosmic](./hosts/desktop/cosmic)
+
+A powerful AMD-based desktop with gaming capabilities, featuring:
+- AMD CPU and GPU optimizations
+- Multiple desktop environment options (GNOME, Hyprland, COSMIC)
+- Gaming setup with Steam and related tools
 
 ### NAS
-* [boot.nix](./hosts/nas/boot.nix)
-* [configuration.nix](./hosts/nas/configuration.nix)
-* [hardware-configuration.nix](./hosts/nas/hardware-configuration.nix)
-* [impermenance.nix](./hosts/nas/impermenance.nix)
-* [apps.nix](./hosts/desktop/apps.nix)
-* [home.nix](./hosts/desktop/home.nix)
-* [networking.nix](./hosts/desktop/networking.nix)
-* [services.nix](./hosts/desktop/services.nix)
-* [sops.nix](./hosts/desktop/sops.nix)
-* [ups.nix](./hosts/desktop/ups.nix)
-* [samba](./modules/samba)
-* nas-apps
-    * [arrs](./hosts/nas/apps/arrs/default.nix)
-    * [free-games-claimer](./modules/apps/free-games-claimer)
-    * [jackett](./modules/apps/jackett)
-    * [jellyfin](./hosts/nas/apps/jellyfin/default.nix)
-    * [jellyseerr](./hosts/nas/apps/jellyseerr/default.nix)
-    * [jackett](./modules/apps/manyfold)
-    * [mariadb](./modules/apps/mariadb)
-    * [mealie](./modules/apps/mealie)
-    * [nextcloud+onlyoffice](./hosts/nas/apps/nextcloud/default.nix)
-    * [ollama](./hosts/nas/apps/ollama/default.nix)
-    * [paperless](./hosts/nas/apps/paperless/default.nix)
-    * [tdarr](./modules/apps/tdarr)
-    * [traefik](./hosts/nas/apps/traefik/default.nix)
-    * [wireguard](./modules/apps/your-spotify)
 
-### Raspberry Pi 4
-* [configuration.nix](./hosts/pi4/configuration.nix)
-* [hardware-configuration.nix](./hosts/pi4/hardware-configuration.nix)
+A home server with various self-hosted services:
+- Media management (Jellyfin, Jellyseerr)
+- Download automation (Sonarr, Radarr, etc.)
+- Document management (Paperless)
+- File sharing (Samba, Nextcloud)
+- AI services (Ollama)
+
+### Raspberry Pi
+
+Configurations for both Pi 4 and Pi 5:
+- Hardware-specific optimizations
+- Disk partitioning suitable for ARM devices
+- Bluetooth and wireless support
+
+### Steam Deck
+
+Custom NixOS configuration for the Steam Deck:
+- Integration with Jovian for Steam Deck compatibility
+- Gaming optimizations
+- Steam ROM Manager
+
+### MacBook Pro
+
+Configurations for both:
+- NixOS on Apple Silicon
+- nix-darwin for macOS
+
+## Usage
+
+### Building a System Configuration
+
+```bash
+# Build and activate a system configuration
+sudo nixos-rebuild switch --flake .#hostname
+```
+
+### Building a Home Configuration
+
+```bash
+# Build and activate a home configuration
+home-manager switch --flake .#username@hostname
+```
+
+## License
+
+This project is licensed under the MIT License - see the LICENSE file for details.

checks/disksnstuff.sh

@@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+
+disk=/dev/mapper/nuc-nixos-cryptroot
+
+# sudo mkfs.vfat "$disk"1
+# sudo bcachefs format --label ssd.ssd1 --compression=zstd --discard "$disk"
+
+sudo mount -t tmpfs -o mode=755 none /mnt
+sudo mkdir -p /mnt/{boot,home,root,etc,nix,var/log,tmp,persist}
+sudo mount /dev/disk/by-partlabel/disk-main-nuc-nixos-EFI /mnt/boot
+# sudo mkdir -p /mnt/boot/firmware
+# sudo mount "$disk"2 /mnt/boot/firmware
+# sudo mount "$disk"2 -o compress=zstd,subvol=home /mnt/home
+# sudo mount "$disk"2 -o compress=zstd,noatime,subvol=root /mnt/root
+# sudo mount "$disk"2 -o compress=zstd,noatime,subvol=etc /mnt/etc
+# sudo mount "$disk"2 -o compress=zstd,noatime,subvol=nix /mnt/nix
+# sudo mount "$disk"2 -o compress=zstd,noatime,subvol=log /mnt/var/log
+
+# bcachefs unlock -k session /dev/disk/by-partlabel/disk-main-nuc-nixos-bcachefs-root
+sudo cryptsetup open /dev/disk/by-partlabel/disk-main-nuc-nixos-cryptroot nuc-nixos-cryptroot  
+# sudo bcachefs unlock -k session "$disk"2
+# sudo mount "$disk" /mnt/tmp
+# cd /mnt/tmp
+# ls -alh
+
+# sudo bcachefs subvolume create nix
+# sudo bcachefs subvolume create etc
+# sudo bcachefs subvolume create log
+# sudo bcachefs subvolume create root
+# sudo bcachefs subvolume create persist
+# sudo bcachefs subvolume create home
+
+# ls -alh
+# cd /etc/nixos
+# sudo umount /mnt/tmp
+
+sudo mount -o noatime,X-mount.subdir=nix "$disk" /mnt/nix
+sudo mount -o noatime,X-mount.subdir=etc "$disk" /mnt/etc
+sudo mount -o noatime,X-mount.subdir=log "$disk" /mnt/var/log
+sudo mount -o noatime,X-mount.subdir=root "$disk" /mnt/root
+sudo mount -o noatime,X-mount.subdir=persist "$disk" /mnt/persist
+sudo mount -o X-mount.subdir=home "$disk" /mnt/home
+
+# tree /mnt
+
+# sudo nixos-install --flake /etc/nixos#nuc-nixos
+
+# sudo umount /mnt/boot
+# sudo umount /mnt/var/log
+# sudo umount /mnt/persist
+# sudo umount /mnt/home
+# sudo umount /mnt/root
+# sudo umount /mnt/etc
+# sudo umount /mnt/nix
+# sudo umount /mnt
+
+# wpa_passphrase "Joey's Jungle 5G" "kR8v&3Qd" > 5g.conf
+# wpa_supplicant -i wlp6s0 -c 5g.conf -B
+# dhcpcd
+
+# keyctl link @u @s
+# clevis decrypt < "/etc/clevis/nas_pool.jwe" | bcachefs unlock /dev/disk/by-label/nas_pool

checks/pre-commit-hooks/default.nix

@@ -0,0 +1,22 @@
+{
+  inputs,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  inherit (inputs) pre-commit-hooks-nix;
+in
+pre-commit-hooks-nix.lib.${pkgs.stdenv.hostPlatform.system}.run {
+  src = ../..;
+  hooks = {
+    pre-commit-hook-ensure-sops.enable = true;
+    treefmt = {
+      enable = lib.mkForce true;
+      settings.fail-on-change = lib.mkForce false;
+      packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs (
+        lib.snowfall.fs.get-file "treefmt.nix"
+      );
+    };
+  };
+}

docs/version.schema.json

@@ -0,0 +1,208 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://example.invalid/version.schema.json",
+  "title": "Unified Package Version Schema",
+  "description": "Schema for a unified version.json used by packages/",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "schemaVersion",
+    "sources"
+  ],
+  "properties": {
+    "schemaVersion": {
+      "type": "integer",
+      "enum": [1],
+      "description": "Schema version. Start at 1; bump on breaking changes."
+    },
+    "variables": {
+      "type": "object",
+      "description": "Common variables available for template substitution in string fields.",
+      "additionalProperties": {
+        "type": "string"
+      }
+    },
+    "defaultVariant": {
+      "type": "string",
+      "description": "Optional default variant name for consumers."
+    },
+    "sources": {
+      "type": "object",
+      "description": "Base component sources keyed by component name.",
+      "minProperties": 1,
+      "additionalProperties": {
+        "$ref": "#/$defs/SourceSpec"
+      }
+    },
+    "variants": {
+      "type": "object",
+      "description": "Optional variants/channels/flavors; each overlays the base.",
+      "additionalProperties": {
+        "$ref": "#/$defs/VariantSpec"
+      }
+    },
+    "notes": {
+      "type": "object",
+      "description": "Optional free-form human notes/documentation.",
+      "additionalProperties": true
+    }
+  },
+  "$defs": {
+    "SourceSpecBase": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "fetcher": {
+          "type": "string",
+          "enum": ["github", "git", "url", "pypi", "none"],
+          "description": "Fetcher type for this source."
+        },
+        "hash": {
+          "type": "string",
+          "pattern": "^sha[0-9]+-",
+          "description": "SRI hash for the fetched artifact. Required unless fetcher is 'none'."
+        },
+        "version": {
+          "type": "string",
+          "description": "Optional version string metadata for this component."
+        },
+        "extra": {
+          "type": "object",
+          "description": "Optional free-form metadata for consumer logic.",
+          "additionalProperties": true
+        },
+
+        "owner": { "type": "string", "description": "GitHub owner/org (github fetcher)." },
+        "repo":  { "type": "string", "description": "GitHub repository (github fetcher)." },
+        "tag":   { "type": "string", "description": "Git tag (github fetcher). Mutually exclusive with 'rev'." },
+        "rev":   { "type": "string", "description": "Commit revision (github/git fetchers)." },
+        "submodules": { "type": "boolean", "description": "Whether to fetch submodules (github/git fetchers)." },
+
+        "url": { "type": "string", "description": "Final URL (url fetcher). May be templated." },
+        "urlTemplate": { "type": "string", "description": "Template for URL (url fetcher); supports ${var}." },
+
+        "name": { "type": "string", "description": "PyPI dist name (pypi fetcher)." }
+      }
+    },
+
+    "SourceSpec": {
+      "allOf": [
+        { "$ref": "#/$defs/SourceSpecBase" },
+        {
+          "if": {
+            "properties": { "fetcher": { "const": "github" } },
+            "required": ["fetcher"]
+          },
+          "then": {
+            "required": ["owner", "repo"],
+            "oneOf": [
+              { "required": ["tag"] },
+              { "required": ["rev"] }
+            ]
+          }
+        },
+        {
+          "if": {
+            "properties": { "fetcher": { "const": "git" } },
+            "required": ["fetcher"]
+          },
+          "then": {
+            "required": ["url", "rev"]
+          }
+        },
+        {
+          "if": {
+            "properties": { "fetcher": { "const": "url" } },
+            "required": ["fetcher"]
+          },
+          "then": {
+            "oneOf": [
+              { "required": ["url"] },
+              { "required": ["urlTemplate"] }
+            ]
+          }
+        },
+        {
+          "if": {
+            "properties": { "fetcher": { "const": "pypi" } },
+            "required": ["fetcher"]
+          },
+          "then": {
+            "required": ["name", "version"]
+          }
+        },
+        {
+          "if": {
+            "properties": { "fetcher": { "enum": ["github", "git", "url", "pypi"] } },
+            "required": ["fetcher"]
+          },
+          "then": {
+            "required": ["hash"]
+          }
+        }
+      ]
+    },
+
+    "SourceOverride": {
+      "type": "object",
+      "additionalProperties": false,
+      "description": "Partial override of a source within a variant. All fields optional.",
+      "properties": {
+        "fetcher": { "type": "string", "enum": ["github", "git", "url", "pypi", "none"] },
+        "hash":    { "type": "string", "pattern": "^sha[0-9]+-" },
+        "version": { "type": "string" },
+        "extra":   { "type": "object", "additionalProperties": true },
+
+        "owner": { "type": "string" },
+        "repo":  { "type": "string" },
+        "tag":   { "type": "string" },
+        "rev":   { "type": "string" },
+        "submodules": { "type": "boolean" },
+
+        "url":         { "type": "string" },
+        "urlTemplate": { "type": "string" },
+
+        "name": { "type": "string" }
+      }
+    },
+
+    "VariantSpec": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "inherits": {
+          "type": "string",
+          "description": "Optional base variant to inherit from."
+        },
+        "variables": {
+          "type": "object",
+          "description": "Variant-level variables that overlay top-level variables.",
+          "additionalProperties": { "type": "string" }
+        },
+        "sources": {
+          "type": "object",
+          "description": "Per-component overrides for this variant.",
+          "additionalProperties": { "$ref": "#/$defs/SourceOverride" }
+        },
+        "platforms": {
+          "type": "object",
+          "description": "Optional per-system overrides to support differing hashes/fields by platform.",
+          "additionalProperties": {
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+              "sources": {
+                "type": "object",
+                "additionalProperties": { "$ref": "#/$defs/SourceOverride" }
+              },
+              "variables": {
+                "type": "object",
+                "additionalProperties": { "type": "string" }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}

homes/aarch64-darwin/mattjallen@macbook-pro/default.nix

@@ -0,0 +1,278 @@
+{
+  lib,
+  pkgs,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) enabled disabled;
+  shellAliases = {
+    update-switch = "darwin-rebuild switch --flake ~/nix-config";
+    update-flake = "nix flake update ~/nix-config";
+    ducks = "du -cksh * | sort -hr | head -n 15";
+  };
+  packages = with pkgs; [
+    age
+    cpufetch
+    deadnix
+    nixfmt
+    nodePackages.nodejs
+    uv
+    sops
+    tree
+    wget
+  ];
+in
+{
+  # Home Manager needs a bit of information about you and the
+  # paths it should manage.
+  home = {
+    username = "mattjallen";
+    homeDirectory = "/Users/mattjallen";
+    packages = lib.mkForce packages;
+    sessionVariables = {
+      NH_DARWIN_FLAKE = lib.mkForce "/Users/mattjallen/nix-config";
+    };
+  };
+
+  programs = {
+    zsh = {
+      shellAliases = shellAliases;
+    };
+  };
+
+  # programs.nix-plist-manager = {
+  #   enable = true;
+  #   options = {
+  #     applications = {
+  #       finder = {
+  #         settings = {
+  #           general = {
+  #             showTheseItemsOnTheDesktop = {
+  #               hardDisks = false;
+  #               externalDisks = true;
+  #               cdsDvdsAndiPods = false;
+  #               connectedServers = false;
+  #             };
+  #             openFoldersInTabsInsteadOfNewWindows = true;
+  #           };
+  #           sidebar = {
+  #             recentTags = true;
+  #           };
+  #           advanced = {
+  #             removeItemsFromTheTrashAfter30Days = true;
+  #             showAllFilenameExtensions = true;
+  #             showWarningBeforeChangingAnExtension = true;
+  #             showWarningBeforeRemovingFromiCloudDrive = true;
+  #             showWarningBeforeEmptyingTheTrash = true;
+  #             keepFoldersOnTop = {
+  #               inWindowsWhenSortingByName = true;
+  #               onDesktop = true;
+  #             };
+  #             whenPerformingASearch = "Search This Mac";
+  #           };
+  #         };
+  #         menuBar = {
+  #           view = {
+  #             showTabBar = true;
+  #             showSidebar = true;
+  #             showPathBar = true;
+  #             showStatusBar = true;
+  #           };
+  #         };
+  #       };
+  #       systemSettings = {
+  #         appearance = {
+  #           appearance = "Dark";
+  #           accentColor = "Multicolor";
+  #           # clickInTheScrollBarTo = "Jump to the next page";
+  #           sidebarIconSize = "Medium";
+  #           showScrollBars = "When scrolling";
+  #         };
+  #         controlCenter = {
+  #           wifi = true;
+  #           bluetooth = true;
+  #           airdrop = true;
+  #           stageManager = true;
+  #           focusModes = "active";
+  #           screenMirroring = "active";
+  #           display = "never";
+  #           sound = "always";
+  #           nowPlaying = "active";
+  #           accessibilityShortcuts = "unset";
+  #           musicRecognition = {
+  #             showInMenuBar = false;
+  #             showInControlCenter = true;
+  #           };
+  #           hearing = "unset";
+  #           fastUserSwitching = {
+  #             showInMenuBar = false;
+  #             showInControlCenter = true;
+  #           };
+  #           keyboardBrightness = {
+  #             showInMenuBar = false;
+  #             showInControlCenter = true;
+  #           };
+  #           battery = {
+  #             showInMenuBar = false;
+  #             showInControlCenter = false;
+  #           };
+  #           batteryShowPercentage = true;
+  #           # menuBarOnly = {
+  #           #   spotlight = false;
+  #           #   siri = true;
+  #           # };
+  #           # automaticallyHideAndShowTheMenuBar = "In Full Screen Only";
+  #         };
+  #         desktopAndDock = {
+  #           desktopAndStageManager = {
+  #             showItems = {
+  #               onDesktop = true;
+  #               inStageManager = true;
+  #             };
+  #             clickWallpaperToRevealDesktop = "Always";
+  #             stageManager = false;
+  #             showRecentAppsInStageManager = true;
+  #             showWindowsFromAnApplication = "All at Once";
+  #           };
+  #           dock = {
+  #             animateOpeningApplications = true;
+  #             automaticallyHideAndShowTheDock = enabled;
+  #             doubleClickAWindowsTitleBarTo = "Minimize";
+  #             magnification = disabled;
+  #             minimizeWindowsIntoApplicationIcon = true;
+  #             minimizeWindowsUsing = "Genie Effect";
+  #             positionOnScreen = "Bottom";
+  #             showIndicatorsForOpenApplications = true;
+  #             showSuggestedAndRecentAppsInDock = false;
+  #             size = 64; # 16 - 128
+  #             #     persistentApps = [
+  #             #       { app = "/Applications/Clock.app"; }
+  #             #       { folder = "/Applications"; }
+  #             #       { app = "/Applications/Safari.app"; }
+  #             #       { app = "/Applications/Firefox.app"; }
+  #             #       { app = "/Applications/Tabby.app"; }
+  #             #       { app = "/Applications/Termius.app"; }
+  #             #       { app = "/Applications/Muic.app"; }
+  #             #       { app = "/Applications/Vesktop.app"; }
+  #             #       { app = "/Applications/Messages.app"; }
+  #             #       { app = "/Applications/Calendar.app"; }
+  #             #       { app = "/Applications/Reminders.app"; }
+  #             #       { app = "/Applications/Notes.app"; }
+  #             #       { app = "/Applications/Weather.app"; }
+  #             #       { app = "/Applications/Maps.app"; }
+  #             #       { app = "/Applications/App Store.app"; }
+  #             #       { app = "/Applications/System Settings.app"; }
+  #             #       { app = "/Applications/ChatGPT.app"; }
+  #             #       { app = "/Applications/Nextcloud.app"; }
+  #             #       { app = "/Applications/VSCodium.app"; }
+  #             #       { app = "/Applications/Omnissa Horizon Client.app"; }
+  #             #       { app = "/Applications/Proton Pass.app"; }
+  #             #       { app = "/Applications/OrcaSlicer.app"; }
+  #             #       { app = "/Applications/AlDente.app"; }
+  #             #     ];
+  #             #     persistentOthers = [
+  #             #       "~/Downloads"
+  #             #     ];
+  #           };
+  #           hotCorners = {
+  #             # ["-" "Mission Control" "Application Windows" "Desktop" "Start Screen Saver" "Disable Screen Saver" "Dashboard" "Put Display to Sleep" "Launchpad" "Notification Center" "Lock Screen" "Quick Note"]
+  #             topLeft = "-";
+  #             topRight = "-";
+  #             bottomLeft = "-";
+  #             bottomRight = "-";
+  #           };
+  #           missionControl = {
+  #             automaticallyRearrangeSpacesBasedOnMostRecentUse = true;
+  #             displaysHaveSeparateSpaces = true;
+  #             dragWindowsToTopOfScreenToEnterMissionControl = true;
+  #             groupWindowsByApplication = true;
+  #             whenSwitchingToAnApplicationSwitchToAspaceWithOpenWindowsForTheApplication = true;
+  #           };
+  #           widgets = {
+  #             showWidgets = {
+  #               onDesktop = true;
+  #               inStageManager = true;
+  #             };
+  #             widgetStyle = "Automatic";
+  #             useIphoneWidgets = true;
+  #           };
+  #           windows = {
+  #             askToKeepChangesWhenClosingDocuments = true;
+  #             closeWindowsWhenQuittingAnApplication = true;
+  #             dragWindowsToScreenEdgesToTile = true;
+  #             dragWindowsToMenuBarToFillScreen = true;
+  #             holdOptionKeyWhileDraggingWindowsToTile = true;
+  #             preferTabsWhenOpeningDocuments = "In Full Screen";
+  #             tiledWindowsHaveMargin = false;
+  #           };
+  #         };
+  #         focus = {
+  #           shareAcrossDevices = true;
+  #         };
+  #         # general.dateAndTime."24HourTime" = false;
+  #         notifications = {
+  #           notificationCenter = {
+  #             showPreviews = "When Unlocked";
+  #             summarizeNotifications = true;
+  #           };
+  #         };
+  #         sound = {
+  #           soundEffects = {
+  #             alertSound = "Boop";
+  #             alertVolume = 0.7;
+  #             playFeedbackWhenVolumeIsChanged = true;
+  #             playUserInterfaceSoundEffects = true;
+  #           };
+  #         };
+  #         spotlight = {
+  #           helpAppleImproveSearch = false;
+  #           # searchResults = {
+  #           #   applications = true;
+  #           #   calculator = true;
+  #           #   contacts = true;
+  #           #   conversion = true;
+  #           #   definition = true;
+  #           #   developer = true;
+  #           #   documents = true;
+  #           #   eventsAndReminders = true;
+  #           #   folders = true;
+  #           #   fonts = false;
+  #           #   images = true;
+  #           #   mailAndMessages = true;
+  #           #   movies = true;
+  #           #   music = true;
+  #           #   other = false;
+  #           #   pdfDocuments = true;
+  #           #   presentations = true;
+  #           #   siriSuggestions = false;
+  #           #   systemSettings = true;
+  #           #   tips = false;
+  #           #   websites = true;
+  #         };
+  #       };
+  #     };
+  #   };
+  # };
+
+  # Manage bug in compilations - who uses manpages in 2024 anyways? :P
+  manual.manpages = enabled;
+
+  # Override defaults that arent supported
+  programs = {
+    mangohud = lib.mkForce disabled;
+
+    nh = {
+      flake = lib.mkForce "/Users/mattjallen/nix-config";
+    };
+  };
+
+  services = {
+    pass-secret-service = lib.mkForce disabled;
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/aarch64-linux/matt@macbook-pro-nixos/default.nix

@@ -0,0 +1,149 @@
+{
+  lib,
+  pkgs,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) enabled disabled;
+  # Displays
+  display = {
+    input = "eDP-1";
+    resolution = "3456x2234";
+    refreshRate = "60.00000";
+  };
+in
+{
+
+  home.username = "matt";
+  home.homeDirectory = "/home/matt";
+  home.stateVersion = "23.11";
+
+  ${namespace} = {
+    desktop.gnome = enabled;
+    programs.hyprland = {
+      enable = false;
+      primaryDisplay = "eDP-1";
+      debug.disableScaleChecks = true;
+
+      monitorv2 = [
+        {
+          name = display.input;
+          mode = "${display.resolution}@${display.refreshRate}";
+          position = "0x0";
+          scale = 1.25;
+          extra = [
+            "bitdepth"
+            "10"
+            "cm"
+            "hdr"
+            "sdrbrightness"
+            "1.2"
+            "sdrsaturation"
+            "0.98"
+          ];
+        }
+      ];
+
+      workspace = [
+        "name:firefox, monitor:${display.input}, default:false, special, class:(.*firefox.*)"
+        "name:discord, monitor:${display.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
+        "name:steam, monitor:${display.input}, default:false, special, class:(.*[Ss]team.*)"
+      ];
+
+      windowRule = [
+        # "size 2160 3356, tag:horizonrdp"
+      ];
+
+      hyprpaper = {
+        wallpaperPath = "/run/wallpaper.jpg";
+      };
+
+      keybinds = {
+        bind = [
+          "$mod, A, exec, chromium --app=\"https://music.apple.com\""
+
+          "SHIFT, XF86MonBrightnessUp, exec, lightctl -D kbd_backlight up"
+          "SHIFT, XF86MonBrightnessDown, exec, lightctl -D kbd_backlight down"
+        ];
+      };
+
+      defaultApps = {
+        browser = pkgs.firefox;
+      };
+
+      extraConfig = ''
+        exec-once = brightnessctl -d kbd_backlight s 50%
+      '';
+    };
+    programs = {
+      btop = enabled;
+      kitty = disabled;
+      mako = disabled;
+      nwg-dock = disabled;
+      nwg-drawer = disabled;
+      nwg-panel = disabled;
+      waybar = {
+        enable = false;
+
+        layer = "bottom";
+
+        temperature = {
+          cpu = enabled;
+          gpu = enabled;
+        };
+
+        extraModules = {
+          "custom/lights" = {
+            tooltip = false;
+            exec = "waybar-hass --get_light light.living_room_lights";
+            interval = "once";
+            format = "{text}"; # "󱉓";
+            on-click = "waybar-hass --toggle_light light.living_room_lights";
+            return-type = "json";
+          };
+        };
+
+        extraModulesStyle = ''
+          #custom-lights {
+            color: @base0C;
+            opacity: 0.85;
+            background-color: @base00;
+          }
+
+          #custom-lights:hover {
+            background: @base03;
+          }
+        '';
+
+        windowOffset = 75;
+      };
+      wlogout = disabled;
+      wofi = disabled;
+    };
+  };
+
+  home.packages =
+    with pkgs.${namespace};
+    [
+      # librepods
+    ]
+    ++ (with pkgs; [
+      bolt-launcher
+      iw
+      iwd
+      orca-slicer
+      vscodium
+    ]);
+
+  services = {
+    kdeconnect = {
+      enable = lib.mkForce true;
+      indicator = lib.mkForce true;
+    };
+  };
+
+  programs = {
+    password-store = enabled;
+  };
+}

homes/aarch64-linux/matt@pi4/default.nix

@@ -0,0 +1,54 @@
+{ lib, namespace, ... }:
+let
+  inherit (lib.${namespace}) enabled disabled;
+in
+{
+  home.username = "matt";
+
+  sops = {
+    age.keyFile = "/home/matt/.config/sops/age/keys.txt";
+    defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
+    validateSopsFiles = false;
+    secrets = {
+      "ssh-keys-public/pi4" = {
+        path = "/home/matt/.ssh/id_ed25519.pub";
+        mode = "0644";
+      };
+      "ssh-keys-private/pi4" = {
+        path = "/home/matt/.ssh/id_ed25519";
+        mode = "0600";
+      };
+      #     "ssh-keys-public/desktop-nixos" = {
+      #       path = "/home/matt/.ssh/authorized_keys";
+      #       mode = "0600";
+      #     };
+
+      #     "ssh-keys-public/desktop-nixos-root" = {
+      #       path = "/home/matt/.ssh/authorized_keys2";
+      #       mode = "0600";
+      #     };
+
+      #     "ssh-keys-public/desktop-windows" = {
+      #       path = "/home/matt/.ssh/authorized_keys3";
+      #       mode = "0600";
+      #     };
+
+      #     "ssh-keys-public/macbook-macos" = {
+      #       path = "/home/matt/.ssh/authorized_keys4";
+      #       mode = "0600";
+      #     };
+    };
+  };
+
+  programs = {
+    mangohud = lib.mkForce enabled;
+  };
+
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/aarch64-linux/matt@pi5/default.nix

@@ -1,22 +1,13 @@
-{ pkgs, lib, config, ... }:
+{
+  config,
+  lib,
+  namespace,
+  ...
+}:
 let
-  shellAliases = {
-    update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
-    update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
-    update-flake = "nix flake update pi5-nixpkgs pi5-home-manager pi5-impermanence pi5-nixos-hardware pi5-sops-nix nixos-raspberrypi --flake /etc/nixos";
-    update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
-    nas-ssh = "kitten ssh admin@10.0.1.3";
-  };
+  inherit (lib.${namespace}) disabled;
 in
 {
-  imports = [
-    ../../share/home/defaults.nix
-    ../../share/home/git.nix
-    ../../share/home/gnome.nix
-    ../../share/home/librewolf.nix
-    ../../share/home/shell.nix
-    ../../share/home/vscode.nix
-  ];
 
   home.username = "matt";
 
@@ -59,7 +50,11 @@ in
     };
   };
 
-  programs = {
-    zsh.shellAliases = shellAliases;
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
   };
 }

homes/aarch64-linux/root@macbook-pro-nixos/default.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "root";
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/aarch64-linux/root@pi4/default.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "root";
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/aarch64-linux/root@pi5/default.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "root";
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/x86_64-linux/admin@jallen-nas/default.nix

@@ -1,13 +1,20 @@
-{ pkgs,... }:
-let
-  shellAliases = {
-    update-boot = "sudo nixos-rebuild boot --max-jobs 10";
-    update-switch = "sudo nixos-rebuild switch --max-jobs 10";
-    update-flake = "nix flake update nas-nixpkgs nas-authentik-nix nas-cosmic nas-crowdsec nas-home-manager nas-impermanence nas-lanzaboote nas-nixos-hardware nas-sops-nix --flake /etc/nixos";
-  };
-in
+{ pkgs, namespace, ... }:
 {
-  home.username = "admin";
+  home = {
+    username = "admin";
+    packages =
+      with pkgs;
+      [
+        heroic
+      ]
+      ++ (with pkgs.${namespace}; [
+        moondeck-buddy
+      ]);
+  };
+
+  ${namespace} = {
+    sops.enable = true;
+  };
 
   sops = {
     age.keyFile = "/home/admin/.config/sops/age/keys.txt";
@@ -58,18 +65,23 @@ in
         }
       ];
     };
+    steam-rom-manager = {
+      enable = true;
+      steamUsername = "mjallen18";
 
-    zsh.shellAliases = shellAliases;
+      # Optional: override default paths if needed
+      environmentVariables = {
+        romsDirectory = "/home/admin/Emulation/roms";
+        steamDirectory = "/home/admin/.local/share/Steam";
+      };
+
+      emulators = {
+        "Non-SRM Shortcuts" = {
+          enable = true;
+          parserType = "Non-SRM Shortcuts";
+          extraArgs = "";
+        };
+      };
+    };
   };
-
-  # services.nixai = {
-  #   enable = true;
-  #   mcp = {
-  #     enable = true;
-  #     # Optional: custom socket path (uses `$HOME` expansion)
-  #     socketPath = "$HOME/.local/share/nixai/mcp.sock";
-  #   };
-  #   # Optional: integrate with VS Code
-  #   vscodeIntegration = true;
-  # };
 }

homes/x86_64-linux/admin@nuc-nixos/default.nix

@@ -0,0 +1,37 @@
+{
+  lib,
+  pkgs,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "admin";
+
+  # Configure systemd user service for protonmail-bridge
+  systemd.user.services.protonmail-bridge = {
+    Service = {
+      Environment = [
+        "GNUPGHOME=/home/admin/.gnupg"
+        "PASSWORD_STORE_DIR=/home/admin/.local/password-store"
+      ];
+    };
+  };
+
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+    protonmail-bridge = {
+      enable = true;
+      extraPackages = with pkgs; [
+        pass
+        libsecret
+      ];
+    };
+  };
+}

homes/x86_64-linux/matt@allyx/default.nix

@@ -0,0 +1,88 @@
+{
+  lib,
+  pkgs,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) enabled;
+in
+{
+  home.username = "matt";
+
+  ${namespace}.desktop.gnome = enabled;
+
+  sops = {
+    age.keyFile = "/home/matt/.config/sops/age/keys.txt";
+    defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
+    validateSopsFiles = false;
+    secrets = {
+      "ssh-keys-public/matt" = {
+        path = "/home/matt/.ssh/id_ed25519.pub";
+        mode = "0644";
+      };
+      "ssh-keys-private/matt" = {
+        path = "/home/matt/.ssh/id_ed25519";
+        mode = "0600";
+      };
+    };
+  };
+
+  programs = {
+    steam-rom-manager = {
+      enable = true;
+      steamUsername = "mjallen18";
+
+      # Optional: override default paths if needed
+      environmentVariables = {
+        romsDirectory = "/home/matt/Emulation/roms";
+        steamDirectory = "/home/matt/.local/share/Steam";
+      };
+
+      emulators = {
+        ryujinx = enabled;
+
+        dolphin-gamecube = {
+          enable = true;
+          package = pkgs.dolphin-emu;
+          romFolder = "gc";
+          fileTypes = [
+            ".iso"
+            ".ISO"
+            ".gcm"
+            ".GCM"
+            ".ciso"
+            ".CISO"
+            "rvz"
+          ];
+          extraArgs = "-b -e \"\${filePath}\"";
+        };
+
+        pcsx2 = enabled;
+        mgba = enabled;
+
+        "Non-SRM Shortcuts" = {
+          enable = true;
+          parserType = "Non-SRM Shortcuts";
+          extraArgs = "";
+        };
+      };
+    };
+  };
+
+  home.packages =
+    with pkgs;
+    [
+      dolphin-emu
+      heroic
+      mgba
+      moonlight-qt
+      prismlauncher
+      ryubing
+      omnissa-horizon-client
+    ]
+    ++ (with pkgs.${namespace}; [
+      discord-krisp
+      librepods-beta
+    ]);
+}

homes/x86_64-linux/matt@matt-nixos/default.nix

@@ -0,0 +1,242 @@
+{
+  lib,
+  pkgs,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) enabled disabled;
+  displayLeft = {
+    input = "DP-1";
+    resolution = "3840x2160";
+    refreshRate = "120.00000";
+  };
+  displayRight = {
+    input = "DP-2";
+    resolution = "3840x2160";
+    refreshRate = "240.00000";
+  };
+in
+{
+  home.username = "matt";
+
+  ${namespace} = {
+    sops = {
+      enable = true;
+    };
+    shell-aliases = {
+      enable = true;
+    };
+
+    programs = {
+      hyprland = {
+        enable = true;
+        primaryDisplay = "DP-1";
+
+        monitorv2 = [
+          {
+            name = displayLeft.input;
+            mode = "${displayLeft.resolution}@${displayLeft.refreshRate}";
+            position = "0x0";
+            scale = 1.0;
+            extra = [
+              # "bitdepth"
+              # "10"
+              # "cm"
+              # "hdredid"
+              # "sdrbrightness"
+              # "1.2"
+              # "sdrsaturation"
+              # "0.98"
+            ];
+          }
+          {
+            name = displayRight.input;
+            mode = "${displayRight.resolution}@${displayRight.refreshRate}";
+            position = "3840x0";
+            scale = 1.0;
+            extra = [
+              # "bitdepth"
+              # "10"
+              # "cm"
+              # "hdredid"
+              # "sdrbrightness"
+              # "1.5"
+              # "sdrsaturation"
+              # "0.98"
+            ];
+          }
+        ];
+
+        workspace = [
+          "name:firefox, monitor:${displayRight.input}, default:false, special, class:(.*firefox.*)"
+          "name:discord, monitor:${displayRight.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
+          "name:steam, monitor:${displayLeft.input}, default:false, special, class:(.*[Ss]team.*)"
+        ];
+
+        windowRule = [
+          "match:tag horizonrdp, size 2160 7680"
+        ];
+
+        autostartCommands = [
+          "[silent] firefox"
+          "[silent] discord"
+          "[silent] chromium --app=\"https://music.apple.com\""
+          "[silent] steam"
+        ];
+
+        hyprpaper = {
+          wallpaperPath = "/run/wallpaper.jpg";
+        };
+
+        keybinds = {
+          bind = [
+            "$mod, A, exec, chromium --app=\"https://music.apple.com\""
+            "$mod, C, exec, discord"
+            "$mod, G, exec, steam"
+          ];
+        };
+
+        defaultApps = {
+          browser = pkgs.firefox;
+        };
+      };
+      btop = enabled;
+      kitty = enabled;
+      mako = enabled;
+      nwg-dock = enabled;
+      nwg-drawer = enabled;
+      nwg-panel = {
+        enable = true;
+        defaultApps = {
+          browser = pkgs.firefox;
+        };
+      };
+      waybar = {
+        enable = true;
+
+        layer = "bottom";
+
+        network.interface = "wlp9s0";
+        temperature = {
+          cpu = enabled;
+          gpu = enabled;
+        };
+
+        extraModules = {
+          "custom/lights" = {
+            tooltip = false;
+            exec = "waybar-hass --get_light light.living_room_lights";
+            interval = "once";
+            format = "{text}"; # "󱉓";
+            on-click = "waybar-hass --toggle_light light.living_room_lights";
+            return-type = "json";
+          };
+        };
+
+        extraModulesStyle = ''
+          #custom-lights {
+            color: @base0C;
+            background-color: @base00;
+            opacity: 0.85;
+            border-left: 5px solid @base0C;
+          }
+
+          #custom-lights:hover {
+            background: @base03;
+          }
+        '';
+      };
+      wlogout = enabled;
+      wofi = enabled;
+    };
+  };
+
+  services = {
+    remmina = {
+      enable = true;
+      addRdpMimeTypeAssoc = true;
+    };
+  };
+
+  programs = {
+    password-store = enabled;
+  };
+
+  home.packages =
+    with pkgs;
+    [
+      bolt-launcher
+      clevis
+      compose2nix
+      distrobox
+      heroic
+      home-manager
+      omnissa-horizon-client
+      jq
+      lzip
+      morph
+      orca-slicer
+      piper
+      prismlauncher
+      protontricks
+      protonvpn-gui
+      runelite
+      smile
+      via
+      virt-manager
+      vorta
+      waydroid-helper
+    ]
+    ++ (with pkgs.${namespace}; [
+      discord-krisp
+      # librepods
+    ]);
+
+  specialisation = {
+    "end4".configuration = {
+      programs = {
+        illogical-impulse = {
+          enable = true;
+
+          dotfiles = {
+            fish = lib.mkForce disabled;
+            starship = lib.mkForce disabled;
+          };
+
+          hyprland.plugins = [
+            pkgs.hyprlandPlugins.hyprbars
+            pkgs.hyprlandPlugins.hyprexpo
+          ];
+        };
+      };
+      stylix.targets.qt = lib.mkForce disabled;
+      ${namespace} = {
+        programs = {
+          mako = lib.mkForce disabled;
+          nwg-dock = lib.mkForce disabled;
+          nwg-drawer = lib.mkForce disabled;
+          nwg-panel = lib.mkForce disabled;
+          waybar = lib.mkForce disabled;
+          wlogout = lib.mkForce disabled;
+          wofi = lib.mkForce disabled;
+        };
+      };
+    };
+    "cosmic".configuration = {
+      ${namespace} = {
+        programs = {
+          hyprland = lib.mkForce disabled;
+          kitty = lib.mkForce disabled;
+          mako = lib.mkForce disabled;
+          nwg-dock = lib.mkForce disabled;
+          nwg-drawer = lib.mkForce disabled;
+          nwg-panel = lib.mkForce disabled;
+          waybar = lib.mkForce disabled;
+          wlogout = lib.mkForce disabled;
+          wofi = lib.mkForce disabled;
+        };
+      };
+    };
+  };
+}

homes/x86_64-linux/nixos@iso-minimal/default.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "root";
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/x86_64-linux/root@allyx/default.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "root";
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/x86_64-linux/root@iso-minimal/default.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "root";
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/x86_64-linux/root@jallen-nas/default.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "root";
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/x86_64-linux/root@matt-nixos/default.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "root";
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/x86_64-linux/root@nuc-nixos/default.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "root";
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

hosts/base/base-gui/default.nix

@@ -1,8 +0,0 @@
-{ ... }:
-{
-  imports = [
-    ./hardware.nix
-    ./programs.nix
-    ./services.nix
-  ];
-}

hosts/base/base-gui/hardware.nix

@@ -1,11 +0,0 @@
-{ lib, ... }:
-{
-  # Hardware configs
-  hardware = {
-    # Enable graphics
-    graphics = {
-      enable = lib.mkDefault true;
-      enable32Bit = lib.mkDefault true;
-    };
-  };
-}

hosts/base/base-gui/programs.nix

@@ -1,31 +0,0 @@
-{ lib, pkgs, ... }:
-{
-  programs = {
-    nix-ld = {
-      enable = lib.mkDefault true;
-      libraries = with pkgs; [
-        alsa-lib
-        bash
-        expat
-        fontconfig
-        freetype
-        icu
-        glib
-        gtk3
-        libgcc
-        libgdiplus
-        libGL
-        libpulseaudio
-        SDL2
-        vulkan-loader
-        xorg.libX11
-        xorg.libICE
-        xorg.libSM
-        xorg.libXcursor
-        xorg.libXrandr
-        xorg.libXi
-        zlib
-      ];
-    };
-    seahorse.enable = lib.mkDefault true;
-  };}

hosts/base/base-gui/services.nix

@@ -1,17 +0,0 @@
-{ lib, ... }:
-{
-  services = {
-    kmscon.enable = lib.mkForce false;
-    
-    # configure pipewire
-    pipewire = {
-      enable = lib.mkDefault true;
-      alsa.enable = lib.mkDefault true;
-      alsa.support32Bit = lib.mkDefault true;
-      pulse.enable = lib.mkDefault true;
-    };
-
-    # Enable CUPS to print documents.
-    printing.enable = lib.mkDefault true;
-  };
-}

hosts/base/base-nogui/default.nix

@@ -1,36 +0,0 @@
-{ lib, pkgs, ... }:
-let
-  timezone = "America/Chicago";
-in
-{
-  imports = [
-    ./boot.nix
-    ./environment.nix
-    ./hardware.nix
-    ./nix-settings.nix
-    ./programs.nix
-    ./security.nix
-    ./services.nix
-  ];
-
-  # Time config
-  time = {
-    # Set your time zone.
-    timeZone = timezone;
-  };
-
-  fonts.packages = with pkgs; [
-    font-awesome
-    noto-fonts
-    noto-fonts-color-emoji
-    meslo-lgs-nf
-  ] ++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
-
-  fonts.fontconfig.defaultFonts = {
-    emoji = [
-      "Noto Color Emoji"
-    ];
-  };
-
-  system.stateVersion = "23.11";
-}

hosts/base/base-nogui/environment.nix

@@ -1,13 +0,0 @@
-{ pkgs, ... }:
-{
-  environment = {
-    systemPackages = with pkgs; [
-      attic-client
-      uutils-coreutils
-      uutils-diffutils
-      uutils-findutils
-      coreutils
-      nixd
-    ];
-  };
-}

hosts/base/base-nogui/hardware.nix

@@ -1,12 +0,0 @@
-{ lib, ... }:
-{
-  hardware = {
-    # Bluetooth
-    bluetooth.enable = lib.mkDefault true;
-
-    i2c.enable = lib.mkDefault true;
-
-    # Enable all firmware
-    enableAllFirmware = lib.mkForce true;
-  };
-}

hosts/base/base-nogui/nix-settings.nix

@@ -1,41 +0,0 @@
-{ lib, outputs, ... }:
-{
-  nix = {
-    settings = {
-      substituters = [
-        "https://nix-community.cachix.org"
-        "https://cache.nixos.org/"
-      ];
-      trusted-public-keys = [
-        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-      ];
-      warn-dirty = lib.mkForce false;
-      experimental-features = lib.mkForce [
-        "nix-command"
-        "flakes"
-      ];
-      trusted-users = [ "@wheel" ];
-    };
-
-    # Garbage collect automatically every week
-    gc.automatic = lib.mkDefault true;
-    gc.options = lib.mkDefault "--delete-older-than 30d";
-
-    optimise.automatic = lib.mkDefault true;
-  };
-
-  # Nixpkgs configuration
-  nixpkgs = {
-    # add unstable and stable overlays
-    overlays = [
-      outputs.overlays.nixpkgs-unstable
-      outputs.overlays.nixpkgs-stable
-    ];
-    config = {
-      allowUnfree = lib.mkForce true;
-      permittedInsecurePackages = [
-        # ...
-      ];
-    };
-  };
-}

hosts/base/base-nogui/security.nix

@@ -1,31 +0,0 @@
-{ lib, pkgs, ... }:
-{
-  security = {
-    rtkit.enable = lib.mkDefault true;
-
-    # configure sudo
-    sudo.enable = lib.mkDefault false;
-    sudo-rs = {
-      enable = lib.mkDefault true;
-      extraRules = [
-        {
-          commands = [
-            {
-              command = "${pkgs.systemd}/bin/systemctl suspend";
-              options = [ "NOPASSWD" ];
-            }
-            {
-              command = "${pkgs.systemd}/bin/reboot";
-              options = [ "NOPASSWD" ];
-            }
-            {
-              command = "${pkgs.systemd}/bin/poweroff";
-              options = [ "NOPASSWD" ];
-            }
-          ];
-          groups = [ "wheel" ];
-        }
-      ];
-    };
-  };
-}

hosts/base/default.nix

@@ -1,27 +0,0 @@
-# { lib, config, ... }:
-
-# let
-#   cfg = config.base;
-
-#   cosmicPath =
-#     if cfg.desktopEnvironments.cosmic.enableSpecialisation then
-#       ../../modules/desktop-environments/cosmic/specialisation.nix
-#     else
-#       ../../modules/desktop-environments/cosmic/default.nix;
-
-#   hyprlandPath =
-#     if cfg.desktopEnvironments.hyprland.enableSpecialisation then
-#       ../../modules/desktop-environments/hyprland/specialisation.nix
-#     else
-#       ../../modules/desktop-environments/hyprland/default.nix;
-
-#   extraImports = lib.optionals cfg.enable (
-#     [ ./base-nogui ]
-#     ++ lib.optional cfg.baseGui.enable ./base-gui
-#     ++ lib.optional cfg.desktopEnvironments.cosmic.enable cosmicPath
-#     ++ lib.optional cfg.desktopEnvironments.hyprland.enable hyprlandPath
-#   );
-# in
-# {
-#   imports = [ ./options.nix ] ++ extraImports;
-# }

hosts/base/options.nix

@@ -1,35 +0,0 @@
-{ lib, ... }:
-with lib;
-{
-  options.base = {
-    enable = mkEnableOption "base config";
-
-    baseGui.enable = mkOption {
-      type = types.bool;
-      default = false;
-    };
-
-    desktopEnvironments = {
-      cosmic = {
-        enable = mkOption {
-          type = types.bool;
-          default = false;
-        };
-        enableSpecialisation = mkOption {
-          type = types.bool;
-          default = false;
-        };
-      };
-      hyprland = {
-        enable = mkOption {
-          type = types.bool;
-          default = false;
-        };
-        enableSpecialisation = mkOption {
-          type = types.bool;
-          default = false;
-        };
-      };
-    };
-  };
-}

hosts/deck/boot.nix

@@ -1,76 +0,0 @@
-{ pkgs, ... }:
-let
-  kernel = pkgs.linuxPackages_cachyos;
-in
-{
-  # Configure bootloader with lanzaboot and secureboot
-  boot = {
-    consoleLogLevel = 0;
-    initrd.verbose = false;
-    kernelModules = [ "nct6775" ];
-    loader = {
-      systemd-boot = {
-        enable = false;
-        configurationLimit = 5;
-        extraInstallCommands = ''
-          ${pkgs.uutils-coreutils}/bin/uutils-echo "timeout 0
-          console-mode 1
-          default nixos-*" > /boot/loader/loader.conf
-        '';
-      };
-
-      efi = {
-        canTouchEfiVariables = true;
-        efiSysMountPoint = "/boot";
-      };
-    };
-
-    lanzaboote = {
-      enable = true;
-      pkiBundle = "/etc/secureboot";
-      settings = {
-        console-mode = "max";
-        timeout = "0"; 
-     };
-      configurationLimit = 5;
-#      extraInstallCommands = ''
-#        ${pkgs.uutils-coreutils}/bin/uutils-echo "timeout 0
-#        console-mode 1
-#        default nixos-*" > /boot/loader/loader.conf
-#      '';
-    };
-
-    plymouth = {
-      enable = true;
-    };
-
-    kernelPackages = kernel;
-
-    kernelParams = [
-      "quiet"
-      "amdgpu.ppfeaturemask=0xffffffff"
-      "splash"
-      "rd.systemd.show_status=false"
-      "rd.udev.log_level=3"
-      "udev.log_priority=3"
-      "loglevel=0"
-      "vt.global_cursor_default=0"
-      "rd.shell=0"
-      # Disable audit messages
-      "audit=0"
-      # Disable CPU mitigations messages
-      "mitigations=off"
-    ];
-    
-    bootspec.enable = true;
-  };
-  
-  # Further reduce systemd output
-  systemd = {
-    services.systemd-udev-settle.enable = false;
-    extraConfig = ''
-      ShowStatus=no
-      DefaultTimeoutStartSec=15s
-    '';
-  };
-}

hosts/deck/configuration.nix

@@ -1,100 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page, on
-# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-
-{ config, lib, pkgs, ... }:
-
-{
-  imports =
-  [
-    ./boot.nix
-    ./jovian.nix
-    ./networking.nix
-    ./sops.nix
-  ];
-
-  nix = {
-    settings = {
-      substituters = [
-        "https://cache.mjallen.dev"
-      ];
-      trusted-public-keys = [
-        "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
-      ];
-      builders-use-substitutes = true;
-    };
-    distributedBuilds = true;
-    buildMachines = [
-      {
-        hostName = "jalle-nas.local";
-        system = "x86_64-linux";
-        maxJobs = 10;
-        sshUser = "admin";
-        supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
-      }
-    ];
-  };
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users = {
-    deck = {
-      hashedPasswordFile = config.sops.secrets."steamdeck/deck-password".path;
-      isNormalUser = true;
-      extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-      openssh.authorizedKeys.keys = [
-        # macBook
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
-        # desktop windows
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
-        # desktop nixos
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
-      ];
-      packages = with pkgs; [
-        firefox
-        tree
-      ];
-      shell = pkgs.zsh;
-    };
-
-    root.shell = pkgs.zsh;
-  };
-
-  programs.coolercontrol.enable = true;
-
-  services = {
-    btrfs = {
-      autoScrub.enable = lib.mkDefault true;
-      autoScrub.fileSystems = lib.mkDefault [
-        "/nix"
-        "/root"
-        "/etc"
-        "/var/log"
-        "/home"
-      ];
-    };
-  };
-
-  chaotic.mesa-git.enable = true;
-
-  services.displayManager.gdm.enable = lib.mkForce false;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment = {
-    systemPackages = with pkgs; [
-      fuse
-      jq
-      newt
-      sbctl
-      steam-run
-      udisks2
-      zenity
-    ];
-
-    variables = {
-      STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
-      GDK_SCALE = "1";
-    };
-  };
-}
-

hosts/deck/home.nix

@@ -1,73 +0,0 @@
-{ pkgs, ... }:
-let
-  shellAliases = {
-    update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
-    update-switch = "sudo nixos-rebuild switch --max-jobs 10";
-    update-flake = "nix flake update steamdeck-nixpkgs steamdeck-chaotic steamdeck-home-manager steamdeck-impermanence steamdeck-jovian steamdeck-lanzaboote steamdeck-nixos-hardware steamdeck-sops-nix steamdeck-steam-rom-manager --flake /etc/nixos";
-    nas-ssh = "ssh admin@10.0.1.3";
-  };
-in
-{
-  home.username = "deck";
-
-  sops = {
-    age.keyFile = "/home/deck/.config/sops/age/keys.txt";
-    defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
-    validateSopsFiles = false;
-    secrets = {
-      "ssh-keys-public/deck" = {
-        path = "/home/deck/.ssh/id_ed25519.pub";
-        mode = "0644";
-      };
-      "ssh-keys-private/deck" = {
-        path = "/home/deck/.ssh/id_ed25519";
-        mode = "0600";
-      };
-    };
-  };
-
-  programs = {
-    steam-rom-manager = {
-      enable = true;
-      steamUsername = "mjallen18";
-      
-      # Optional: override default paths if needed
-      environmentVariables = {
-        romsDirectory = "/home/deck/Emulation/roms";
-        steamDirectory = "/home/deck/.local/share/Steam";
-      };
-      
-      emulators = {
-        ryujinx.enable = true;
-
-        dolphin-gamecube = {
-          enable = true;
-          package = pkgs.dolphin-emu;
-          romFolder = "gc";
-          fileTypes = [ ".iso" ".ISO" ".gcm" ".GCM" ".ciso" ".CISO" "rvz" ];
-          extraArgs = "-b -e \"\${filePath}\"";
-        };
-        
-        pcsx2.enable = true;
-        mgba.enable = true;
-        
-        "Non-SRM Shortcuts" = {
-          enable = true;
-          parserType = "Non-SRM Shortcuts";
-          extraArgs = "";
-        };
-      };
-    };
-
-    zsh.shellAliases = shellAliases;
-  };
-
-  home.packages = with pkgs; [
-    dolphin-emu
-    heroic
-    mgba
-    prismlauncher
-    ryujinx-greemdev
-    vmware-horizon-client
-  ];
-}

hosts/deck/jovian.nix

@@ -1,24 +0,0 @@
-{ ... }:
-{
-  jovian = {
-    steam = {
-      enable = true;
-      autoStart = true;
-      user = "deck";
-      desktopSession = "gnome";
-    };
-
-    steamos = {
-      useSteamOSConfig = true;
-    };
-
-    devices = {
-      steamdeck = {
-        enable = true;
-        enableGyroDsuService = true; # If enabled, motion data from the gyroscope can be used in Cemu with Cemuhoo
-      };
-    };
-
-    hardware.has.amd.gpu = true;
-  };
-}

hosts/deck/networking.nix

@@ -1,44 +0,0 @@
-{ config, lib, ... }:
-let
-  hostname = "steamdeck";
-  wifiSsid = "Joey's Jungle 5G";
-in
-{
-  networking = {
-    hostName = hostname;
-    networkmanager = {
-      enable = true;
-      wifi.powersave = lib.mkDefault false;
-      settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
-      ensureProfiles = {
-        environmentFiles = [
-          config.sops.secrets.wifi.path
-        ];
-
-        profiles = {
-          wifiSsid = {
-            connection = {
-              id = wifiSsid;
-              type = "wifi";
-            };
-            ipv4 = {
-              method = "auto";
-            };
-            ipv6 = {
-              addr-gen-mode = "stable-privacy";
-              method = "auto";
-            };
-            wifi = {
-              mode = "infrastructure";
-              ssid = wifiSsid;
-            };
-            wifi-security = {
-              key-mgmt = "sae";
-              psk = "$PSK";
-            };
-          };
-        };
-      };
-    };
-  };
-}

hosts/desktop/configuration.nix

@@ -1,125 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page, on
-# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-
-{
-  lib,
-  pkgs,
-  ...
-}:
-let
-  pkgsVersion = pkgs; #.unstable;
-  environmentVariables = {
-    STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
-    GDK_SCALE = "1";
-    EDITOR = "${pkgs.vscodium}/bin/codium --wait";
-    VISUAL = "${pkgs.vscodium}/bin/codium --wait";
-  };
-  systemPackages = with pkgsVersion; [
-    acpilight
-    aha
-    aspell
-    aspellDicts.en
-    aspellDicts.en-computers
-    aspellDicts.en-science
-    borgbackup
-    brightnessctl
-    # brscan5
-    ddcui
-    ddcutil
-    ddccontrol
-    ddccontrol-db
-    efibootmgr
-    kdePackages.ksvg
-    memtest86-efi
-    memtest86plus
-    os-prober
-    nil
-    qemu_full
-    rclone
-    rclone-browser
-    restic
-    restic-browser
-    restic-integrity
-    sane-frontends
-    sbctl
-    tpm2-tools
-    tpm2-tss
-    udisks2
-    unzip
-    winetricks
-  ];
-in
-{
-  imports = [
-    ./boot.nix
-    ./filesystems.nix
-    ./hardware-configuration.nix
-    ./networking.nix
-    ./nix.nix
-    ./services.nix
-    ./sops.nix
-    ./users.nix
-  ];
-
-  nix = {
-    settings = {
-      substituters = [
-        "https://cache.mjallen.dev"
-      ];
-      trusted-public-keys = [
-        "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
-      ];
-    };
-  };
-
-  chaotic.mesa-git.enable = true;
-
-  # Environment configuration
-  environment = {
-    systemPackages = systemPackages;
-
-    variables = environmentVariables;
-  };
-
-  # Hardware configuration
-  hardware = {
-    # Enable the QMK firmware flashing tool.
-    keyboard = {
-      qmk.enable = true;
-    };
-
-    # Enable Sane and Brother printer support.
-    sane = {
-      enable = true;
-      brscan5.enable = false;
-      # extraBackends = [ pkgsVersion.brscan5 ];
-    };
-  };
-
-  # Common Configuration
-  share = {
-    gaming.enable = true;
-    hardware.amd = {
-      enable = lib.mkDefault true;
-      lact.enable = lib.mkDefault true;
-    };
-  };
-
-  programs.coolercontrol.enable = true;
-
-  # Time configuration
-  time = {
-    hardwareClockInLocalTime = lib.mkDefault false;
-  };
-
-  # Virtualisation configuration
-  virtualisation = {
-    libvirtd.enable = lib.mkDefault true;
-    waydroid.enable = lib.mkDefault true;
-  };
-
-  services.udev.extraRules = ''
-    KERNEL=="i2c-[0-9]*", GROUP="i2c", MODE="0660"
-  '';
-}

hosts/desktop/hardware-configuration.nix

@@ -1,95 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  modulesPath,
-  ...
-}:
-let
-  defeaultBtrfsOptions = [
-    "compress=zstd"
-    "autodefrag"
-  ];
-in 
-{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  fileSystems."/" = {
-    device = "none";
-    fsType = "tmpfs";
-    options = [
-      "defaults"
-      "size=25%"
-      "mode=755"
-    ];
-  };
-
-  fileSystems."/nix" = {
-    device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
-    fsType = "btrfs";
-    options = [
-      "subvol=nix"
-      "noatime"
-    ] ++ defeaultBtrfsOptions;
-  };
-
-  fileSystems."/etc" = {
-    device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
-    fsType = "btrfs";
-    options = [
-      "subvol=etc"
-      "noatime"
-    ] ++ defeaultBtrfsOptions;
-  };
-
-  fileSystems."/root" = {
-    device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
-    fsType = "btrfs";
-    options = [
-      "subvol=root"
-      "noatime"
-    ] ++ defeaultBtrfsOptions;
-  };
-
-  fileSystems."/var/log" = {
-    device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
-    fsType = "btrfs";
-    options = [
-      "subvol=log"
-      "noatime"
-    ] ++ defeaultBtrfsOptions;
-  };
-
-  fileSystems."/home" = {
-    device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
-    fsType = "btrfs";
-    options = [
-      "subvol=home"
-    ] ++ defeaultBtrfsOptions;
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/216E-A7AC";
-    fsType = "vfat";
-  };
-
-  swapDevices = [
-    {
-      device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_1TB_S5P2NS0T307907H-part2";
-      randomEncryption.enable = true;
-    }
-  ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp10s0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp9s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

hosts/desktop/home.nix

@@ -1,66 +0,0 @@
-{ pkgs, ... }:
-let
-  shellAliases = {
-    update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
-    update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
-    update-flake = "nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager --flake /etc/nixos";
-    update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
-  };
-in
-{
-  home.username = "matt";
-
-  sops = {
-    age.keyFile = "/home/matt/.config/sops/age/keys.txt";
-    defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
-    validateSopsFiles = false;
-    secrets = {
-      "ssh-keys-public/desktop-nixos" = {
-        path = "/home/matt/.ssh/id_ed25519.pub";
-        mode = "0644";
-      };
-      "ssh-keys-private/desktop-nixos" = {
-        path = "/home/matt/.ssh/id_ed25519";
-        mode = "0600";
-      };
-    };
-  };
-
-  services = {
-    remmina = {
-      enable = true;
-      addRdpMimeTypeAssoc = true;
-    };
-  };
-
-  programs = {
-    password-store.enable = true;
-
-    zsh.shellAliases = shellAliases;
-  };
-
-  home.packages = with pkgs; [
-    bottles
-    unstable.compose2nix
-    discord
-    heroic
-    stable.vmware-horizon-client
-    jq
-    lutris
-    lzip
-    morph
-    orca-slicer
-    piper
-    prismlauncher
-    protontricks
-    protonvpn-gui
-    python3
-    qmk
-    smile
-    unigine-heaven
-    via
-    virt-manager
-    vorta
-    waydroid-helper
-  ];
-}

hosts/desktop/networking.nix

@@ -1,46 +0,0 @@
-{ lib, config, ... }:
-let
-  hostname = "matt-nixos";
-in
-{
-  # Networking configs
-  networking = {
-    hostName = lib.mkDefault hostname;
-
-    # Enable Network Manager
-    networkmanager = {
-      enable = lib.mkDefault true;
-      wifi.powersave = lib.mkDefault false;
-      settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
-      ensureProfiles = {
-        environmentFiles = [
-          config.sops.secrets.wifi.path
-        ];
-
-        profiles = {
-          "Joey's Jungle 6G" = {
-            connection = {
-              id = "Joey's Jungle 6G";
-              type = "wifi";
-            };
-            ipv4 = {
-              method = "auto";
-            };
-            ipv6 = {
-              addr-gen-mode = "stable-privacy";
-              method = "auto";
-            };
-            wifi = {
-              mode = "infrastructure";
-              ssid = "Joey's Jungle 6G";
-            };
-            wifi-security = {
-              key-mgmt = "sae";
-              psk = "$PSK";
-            };
-          };
-        };
-      };
-    };
-  };
-}

hosts/desktop/nix.nix

@@ -1,33 +0,0 @@
-{ lib, ... }:
-let
-  user = "matt";
-in
-{
-  nix = {
-    settings = {
-      substituters = [
-        "https://cache.mjallen.dev/nas-cache"
-      ];
-      trusted-public-keys = [
-        "nas-cache:5ibTWOXJYlKBaoNtdDEPmvdLPtfnbwf9jvdnfwi5dUs="
-      ];
-      warn-dirty = lib.mkForce false;
-      experimental-features = lib.mkForce [
-        "nix-command"
-        "flakes"
-      ];
-      trusted-users = [ user ];
-    };
-    # settings.builders-use-substitutes = true;
-    # distributedBuilds = true;
-    buildMachines = [
-      {
-        hostName = "jallen-nas.local";
-        system = "x86_64-linux";
-        maxJobs = 10;
-        sshUser = "admin";
-        supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
-      }
-    ];
-  };
-}

hosts/desktop/services.nix

@@ -1,108 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  pkgsVersion = pkgs; #.unstable;
-in 
-{
-  services = {
-    # Enable Flatpak
-    flatpak.enable = lib.mkDefault false;
-
-    # enable auto discovery of printers
-    avahi = {
-      enable = lib.mkDefault true;
-      nssmdns4 = lib.mkDefault true;
-      openFirewall = lib.mkDefault true;
-    };
-
-    restic.backups = {
-      jallen-nas = {
-        initialize = true;
-        createWrapper = true;
-        inhibitsSleep = true;
-        environmentFile = config.sops.templates."restic.env".path;
-        passwordFile = config.sops.secrets."desktop/restic/password".path;
-        repositoryFile = config.sops.secrets."desktop/restic/repo".path;
-        paths = [
-          "/home/matt"
-        ];
-        exclude = [
-          "/home/matt/Steam"
-          "/home/matt/Heroic"
-          "/home/matt/1TB"
-          "/home/matt/Downloads"
-          "/home/matt/Nextcloud"
-          "/home/matt/.cache"
-          "/home/matt/.local/share/Steam"
-          "/home/matt/.var/app/com.valvesoftware.Steam"
-          "/home/matt/.tmp"
-          "/home/matt/.thumbnails"
-          "/home/matt/.compose-cache"
-        ];
-      };
-      proton-drive = {
-        initialize = true;
-        createWrapper = true;
-        inhibitsSleep = true;
-        passwordFile = config.sops.secrets."desktop/restic/password".path;
-        rcloneConfigFile = "/home/matt/.config/rclone/rclone.conf";
-        repository = "rclone:proton-drive:backup-nix";
-        paths = [
-          "/home/matt"
-        ];
-        exclude = [
-          "/home/matt/Steam"
-          "/home/matt/Heroic"
-          "/home/matt/1TB"
-          "/home/matt/Downloads"
-          "/home/matt/Nextcloud"
-          "/home/matt/.cache"
-          "/home/matt/.local/share/Steam"
-          "/home/matt/.var/app/com.valvesoftware.Steam"
-          "/home/matt/.tmp"
-          "/home/matt/.thumbnails"
-          "/home/matt/.compose-cache"
-        ];
-      };
-    };
-
-    btrfs = {
-      autoScrub.enable = lib.mkDefault true;
-      autoScrub.fileSystems = lib.mkDefault [
-        "/nix"
-        "/root"
-        "/etc"
-        "/var/log"
-        "/home"
-      ];
-    };
-
-    ratbagd.enable = lib.mkDefault true;
-  };
-
-  systemd = {
-    user.services = {
-      rclone-home-proton = {
-        enable = lib.mkDefault false;
-        path = with pkgsVersion; [
-          bash
-          pkgs.rclone
-        ];
-        script = ''
-          rclone sync /home/matt proton-drive:backup-nix --exclude '/home/matt/Games/**' --exclude '/home/matt/1TB/**' --exclude '/home/matt/Downloads/**'
-        '';
-      };
-
-      rsync-home = {
-        enable = lib.mkDefault false;
-        path = with pkgsVersion; [
-          bash
-          rsync
-          openssh
-        ];
-        script = ''
-          rsync -rtpogvPlHzs --ignore-existing --exclude={'/home/matt/Games', '/home/matt/1TB', '/home/matt/Downloads/*', '/home/matt/.cache'} -e ssh /home/matt admin@10.0.1.3:/media/nas/main/backup/desktop-nix/home 
-        '';
-      };
-    };
-  };
-}

hosts/desktop/users.nix

@@ -1,26 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  user = "matt";
-  passwordFile = config.sops.secrets."desktop/matt_password".path;
-  pkgsVersion = pkgs; #.unstable;
-in 
-{
-  users.users."${user}" = {
-    isNormalUser = lib.mkDefault true;
-    extraGroups = [
-      "wheel"
-      "keys"
-      "networkmanager"
-      "ratbagd"
-      "input"
-      "scanner"
-      "lp"
-      "video"
-      "i2c"
-    ]; # Enable ‘sudo’ for the user.
-    hashedPasswordFile = passwordFile;
-    shell = pkgsVersion.zsh;
-  };
-
-  users.users.root.shell = pkgsVersion.zsh;
-}

hosts/homeassistant/automations.yaml

@@ -1,236 +0,0 @@
-- id: '1740678838632'
-  alias: Bedroom Light Switch
-  description: ''
-  triggers:
-  - domain: mqtt
-    device_id: 8b3a5a5b6faaba744c70ee940446a8af
-    type: action
-    subtype: on-press
-    trigger: device
-    id: on press
-  - domain: mqtt
-    device_id: 8b3a5a5b6faaba744c70ee940446a8af
-    type: action
-    subtype: off-press
-    trigger: device
-    id: off press
-  - domain: mqtt
-    device_id: 8b3a5a5b6faaba744c70ee940446a8af
-    type: action
-    subtype: up-press
-    trigger: device
-    id: up press
-  - domain: mqtt
-    device_id: 8b3a5a5b6faaba744c70ee940446a8af
-    type: action
-    subtype: down-press
-    trigger: device
-    id: down press
-  conditions: []
-  actions:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - on press
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          transition: 2
-          brightness_pct: 100
-          kelvin: 6004
-        target:
-          entity_id: light.bedroom_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - off press
-      sequence:
-      - action: light.turn_off
-        metadata: {}
-        data:
-          transition: 2
-        target:
-          entity_id: light.bedroom_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - up press
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          brightness_step_pct: 10
-        target:
-          entity_id: light.bedroom_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - down press
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          brightness_step_pct: -10
-        target:
-          entity_id: light.bedroom_lights
-  mode: single
-- id: '1740697291423'
-  alias: Living Rooom Lights
-  description: ''
-  triggers:
-  - domain: mqtt
-    device_id: b4fb325dfe68d4f80391417998f35843
-    type: action
-    subtype: on-press
-    trigger: device
-    id: on press
-  - domain: mqtt
-    device_id: b4fb325dfe68d4f80391417998f35843
-    type: action
-    subtype: off-press
-    trigger: device
-    id: off press
-  - domain: mqtt
-    device_id: b4fb325dfe68d4f80391417998f35843
-    type: action
-    subtype: up-press
-    trigger: device
-    id: up press
-  - domain: mqtt
-    device_id: b4fb325dfe68d4f80391417998f35843
-    type: action
-    subtype: down-press
-    trigger: device
-    id: down press
-  - domain: mqtt
-    device_id: b4fb325dfe68d4f80391417998f35843
-    type: action
-    subtype: on-hold
-    trigger: device
-    id: on-hold
-  conditions: []
-  actions:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - on press
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          transition: 2
-          brightness_pct: 100
-          kelvin: 6004
-        target:
-          entity_id:
-          - light.living_room_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - off press
-      sequence:
-      - action: light.turn_off
-        metadata: {}
-        data:
-          transition: 2
-        target:
-          entity_id:
-          - light.living_room_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - up press
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          brightness_step_pct: 10
-        target:
-          entity_id: light.living_room_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - down press
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          brightness_step_pct: -10
-        target:
-          entity_id: light.living_room_light_1
-    - conditions:
-      - condition: trigger
-        id:
-        - on-hold
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          transition: 0
-          brightness_pct: 100
-          rgb_color:
-          - 224
-          - 27
-          - 36
-        target:
-          entity_id: light.living_room_lights
-  mode: single
-- id: '1741048414771'
-  alias: Front Closet
-  description: ''
-  triggers:
-  - type: present
-    device_id: c6519ea1e715f397dbbf7b73452f9e49
-    entity_id: c3a7b8892b8b372d2c40556e770ddc68
-    domain: binary_sensor
-    trigger: device
-    for:
-      hours: 0
-      minutes: 0
-      seconds: 0
-    id: present
-  - type: not_present
-    device_id: c6519ea1e715f397dbbf7b73452f9e49
-    entity_id: c3a7b8892b8b372d2c40556e770ddc68
-    domain: binary_sensor
-    trigger: device
-    for:
-      hours: 0
-      minutes: 0
-      seconds: 5
-    id: not
-  conditions: []
-  actions:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - present
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          transition: 2
-          brightness_pct: 100
-          kelvin: 6010
-        target:
-          entity_id:
-          - light.front_closet_light_1
-          - light.front_closet_light_2
-    - conditions:
-      - condition: trigger
-        id:
-        - not
-      sequence:
-      - action: light.turn_off
-        metadata: {}
-        data:
-          transition: 2
-        target:
-          entity_id:
-          - light.front_closet_light_1
-          - light.front_closet_light_2
-  mode: single

hosts/homeassistant/automations.yaml.ori

@@ -1,576 +0,0 @@
-- id: '1692388103102'
-  alias: Weekly Backup
-  description: Create a full backup every Sunday at 3 am and store it on the NAS
-  trigger:
-  - platform: time
-    at: 03:00:00
-  condition:
-  - condition: time
-    weekday:
-    - sun
-  action:
-  - service: hassio.backup_full
-    data:
-      compressed: true
-  mode: single
-- id: '1692389901297'
-  alias: Livingroom Lights
-  description: ''
-  trigger:
-  - platform: device
-    domain: mqtt
-    device_id: 37d42431de65199af00220b43dae04c1
-    type: action
-    subtype: on_press
-    id: 'on'
-  - platform: device
-    domain: mqtt
-    device_id: 37d42431de65199af00220b43dae04c1
-    type: action
-    subtype: off_press
-    id: 'off'
-  - platform: device
-    domain: mqtt
-    device_id: 37d42431de65199af00220b43dae04c1
-    type: action
-    subtype: up_press
-    id: up
-  - platform: device
-    domain: mqtt
-    device_id: 37d42431de65199af00220b43dae04c1
-    type: action
-    subtype: down_press
-    id: down
-  - platform: device
-    domain: mqtt
-    device_id: 37d42431de65199af00220b43dae04c1
-    type: action
-    subtype: on_hold
-    id: hold
-  condition: []
-  action:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - 'on'
-      sequence:
-      - data:
-          brightness_pct: 100
-          color_temp_kelvin: 5000
-          transition: 1
-        target:
-          entity_id: light.livingroom_lights
-        action: light.turn_on
-    - conditions:
-      - condition: trigger
-        id:
-        - 'off'
-      sequence:
-      - data:
-          transition: 1
-        target:
-          entity_id: light.livingroom_lights
-        action: light.turn_off
-    - conditions:
-      - condition: trigger
-        id:
-        - hold
-      sequence:
-      - data:
-          brightness_pct: 100
-          rgb_color:
-          - 255
-          - 38
-          - 0
-          transition: 1
-        target:
-          entity_id: light.livingroom_lights
-        action: light.turn_on
-    - conditions:
-      - condition: trigger
-        id:
-        - dim up
-      sequence:
-      - data:
-          brightness_step_pct: 20
-        target:
-          entity_id: light.livingroom_lights
-        action: light.turn_on
-    - conditions:
-      - condition: trigger
-        id:
-        - dim down
-      sequence:
-      - data:
-          brightness_step_pct: -20
-        target:
-          entity_id: light.livingroom_lights
-        action: light.turn_on
-  mode: single
-- id: '1692390365798'
-  alias: Bedroom Lights
-  description: ''
-  triggers:
-  - domain: mqtt
-    device_id: a492c0abb8f14e0888df08101f77f484
-    type: action
-    subtype: off_press
-    id: 'off'
-    trigger: device
-  - domain: mqtt
-    device_id: a492c0abb8f14e0888df08101f77f484
-    type: action
-    subtype: on_press
-    id: 'on'
-    trigger: device
-  - domain: mqtt
-    device_id: a492c0abb8f14e0888df08101f77f484
-    type: action
-    subtype: up_press
-    id: up
-    trigger: device
-  - domain: mqtt
-    device_id: a492c0abb8f14e0888df08101f77f484
-    type: action
-    subtype: down_press
-    id: down
-    trigger: device
-  - domain: mqtt
-    device_id: a492c0abb8f14e0888df08101f77f484
-    type: action
-    subtype: on_hold
-    id: hold on
-    trigger: device
-  conditions: []
-  actions:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - 'on'
-      sequence:
-      - data:
-          brightness_pct: 100
-          color_temp_kelvin: 5000
-          transition: 1
-        target:
-          entity_id: light.bedroom_lights
-        action: light.turn_on
-    - conditions:
-      - condition: trigger
-        id:
-        - 'off'
-      sequence:
-      - data:
-          transition: 1
-        target:
-          entity_id:
-          - light.bedroom_lights
-        action: light.turn_off
-    - conditions:
-      - condition: trigger
-        id:
-        - up
-      sequence:
-      - device_id: 171fa001578683249ff26f2d85817fef
-        domain: light
-        entity_id: 55d41329665f60a55a732c5bbececd22
-        type: brightness_increase
-      - device_id: c92fea3d569ca668e6617a189f917a28
-        domain: light
-        entity_id: 0c8630c2b37ae9615f9cf815aaebf40f
-        type: brightness_increase
-    - conditions:
-      - condition: trigger
-        id:
-        - down
-      sequence:
-      - device_id: 171fa001578683249ff26f2d85817fef
-        domain: light
-        entity_id: 55d41329665f60a55a732c5bbececd22
-        type: brightness_decrease
-      - device_id: c92fea3d569ca668e6617a189f917a28
-        domain: light
-        entity_id: 0c8630c2b37ae9615f9cf815aaebf40f
-        type: brightness_decrease
-    - conditions:
-      - condition: trigger
-        id:
-        - hold on
-      sequence:
-      - metadata: {}
-        data:
-          rgb_color:
-          - 255
-          - 0
-          - 0
-          brightness_pct: 100
-        target:
-          entity_id: light.bedroom_lights
-        action: light.turn_on
-  mode: single
-- id: '1694441037420'
-  alias: Air Purifier Schedule
-  description: ''
-  trigger:
-  - platform: time
-    at: 07:00:00
-    id: fan off
-  - platform: time
-    at: '23:00:00'
-    id: fan on
-  condition: []
-  action:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - fan on
-      sequence:
-      - service: fan.set_percentage
-        data:
-          percentage: 100
-        target:
-          entity_id: fan.bedroom_air_purifier
-    - conditions:
-      - condition: trigger
-        id:
-        - fan off
-      sequence:
-      - service: fan.set_preset_mode
-        data:
-          preset_mode: auto
-        target:
-          entity_id: fan.bedroom_air_purifier
-  mode: single
-- id: '1705949582146'
-  alias: Ice Maker Power Schedule
-  description: ''
-  trigger:
-  - platform: time_pattern
-    hours: '*'
-    minutes: '0'
-    seconds: '0'
-  condition: []
-  action:
-  - type: toggle
-    device_id: 41c66532e23aadc4c6ac95e520e5d345
-    entity_id: bd17ac75a91e62ed7e6b148cfe33d43d
-    domain: switch
-  - alias: Set Ice Maker Light to Dim
-    device_id: 41c66532e23aadc4c6ac95e520e5d345
-    domain: select
-    entity_id: 8f4f90c62b00df9008d14f7ce8967199
-    type: select_option
-    option: 'On'
-  mode: single
-- id: '1708978401738'
-  alias: Soundbar
-  description: ''
-  trigger: []
-  condition: []
-  action:
-  - service: media_player.turn_on
-    metadata: {}
-    data: {}
-    target:
-      entity_id: media_player.soundbar
-  - service: media_player.select_source
-    metadata: {}
-    data:
-      source: wifi
-    target:
-      entity_id: media_player.soundbar
-  - service: media_player.play_media
-    metadata: {}
-    data:
-      media_content_id: media-source://radio_browser/2eff3a1f-b821-4267-9f37-f8d7e72061e4
-      media_content_type: audio/mpeg
-    target:
-      entity_id: media_player.soundbar
-  mode: single
-- id: '1711147285926'
-  alias: Grow Light Schedule
-  description: ''
-  trigger:
-  - platform: time
-    at: 07:00:00
-    id: day
-  - platform: time
-    at: '20:00:00'
-    id: night
-  condition: []
-  action:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - day
-      sequence:
-      - service: switch.turn_on
-        metadata: {}
-        data: {}
-        target:
-          entity_id: switch.grow_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - night
-      sequence:
-      - service: switch.turn_off
-        metadata: {}
-        data: {}
-        target:
-          entity_id: switch.grow_lights
-  mode: single
-- id: '1723142554607'
-  alias: Restart Luci's Box
-  description: for some reason this box sucks and needs to get reboot periodically
-  trigger:
-  - platform: time_pattern
-    hours: '*'
-  condition: []
-  action:
-  - type: turn_off
-    device_id: e7f8974c31567dddbbffb036fe8381bc
-    entity_id: e1e71e4acdfcbb6c4afdc174807ad8be
-    domain: switch
-  - delay:
-      hours: 0
-      minutes: 0
-      seconds: 1
-      milliseconds: 0
-  - type: turn_on
-    device_id: e7f8974c31567dddbbffb036fe8381bc
-    entity_id: e1e71e4acdfcbb6c4afdc174807ad8be
-    domain: switch
-  - type: turn_on
-    device_id: d5eb3c182a1ef2a231b94b09c26aed45
-    entity_id: 7106df7ebde274ac4bc2b197d5c45bea
-    domain: fan
-  - device_id: d5eb3c182a1ef2a231b94b09c26aed45
-    domain: number
-    entity_id: 59a7cd3cb2883bf6002f789c2ff4824c
-    type: set_value
-    value: 3
-  mode: single
-- id: '1724707092916'
-  alias: HASS Updates
-  description: ''
-  use_blueprint:
-    path: edwardtfn/auto_update_scheduled.yaml
-    input:
-      schedule_entity: schedule.updates
-      restart_bool: true
-- id: '1724707291994'
-  alias: IOT Battery Checker
-  description: ''
-  use_blueprint:
-    path: sbyx/low-battery-level-detection-notification-for-all-battery-sensors.yaml
-    input:
-      exclude:
-        entity_id: []
-        device_id:
-        - 66e9cee67a740e8925dae5fc9ce940f0
-        - df76e3a3e48b49e13bd3006350826740
-      actions:
-      - action: notify.persistent_notification
-        metadata: {}
-        data:
-          message: Device Battery Low
-- id: '1729708621620'
-  alias: Closet Lights
-  description: ''
-  triggers:
-  - type: present
-    device_id: 0924cbdcd24416e768caa52301db59f7
-    entity_id: e9f0acef50550033cd96155bd501b7c3
-    domain: binary_sensor
-    trigger: device
-    for:
-      hours: 0
-      minutes: 0
-      seconds: 0
-    id: Present
-  - type: not_present
-    device_id: 0924cbdcd24416e768caa52301db59f7
-    entity_id: e9f0acef50550033cd96155bd501b7c3
-    domain: binary_sensor
-    trigger: device
-    for:
-      hours: 0
-      minutes: 0
-      seconds: 0
-    id: empty
-  conditions: []
-  actions:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - Present
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          transition: 3
-          brightness_pct: 100
-          kelvin: 5008
-        target:
-          device_id:
-          - e25128ac8fcf62af66a039cde3104760
-          - ddcfd5ea4fc5f5a88e18325b01c615db
-    - conditions:
-      - condition: trigger
-        id:
-        - empty
-      sequence:
-      - action: light.turn_off
-        metadata: {}
-        data:
-          transition: 3
-        target:
-          device_id:
-          - e25128ac8fcf62af66a039cde3104760
-          - ddcfd5ea4fc5f5a88e18325b01c615db
-  mode: single
-- id: '1729881464325'
-  alias: Bedroom Closet
-  description: ''
-  triggers:
-  - type: present
-    device_id: 28e7f211c72409fe244183219abf6ffa
-    entity_id: aa474f323868586cef62070654f36936
-    domain: binary_sensor
-    trigger: device
-    id: Present
-  - type: not_present
-    device_id: 28e7f211c72409fe244183219abf6ffa
-    entity_id: aa474f323868586cef62070654f36936
-    domain: binary_sensor
-    trigger: device
-    id: empty
-  conditions: []
-  actions:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - Present
-      sequence:
-      - type: turn_on
-        device_id: f5936d6143b7927433e9c0430c79acab
-        entity_id: f6ec42c9db2c191866a335a346b1ec44
-        domain: switch
-    - conditions:
-      - condition: trigger
-        id:
-        - empty
-      sequence:
-      - type: turn_off
-        device_id: f5936d6143b7927433e9c0430c79acab
-        entity_id: f6ec42c9db2c191866a335a346b1ec44
-        domain: switch
-  mode: single
-- id: '1740179328446'
-  alias: Living Room Lights
-  description: ''
-  triggers:
-  - domain: mqtt
-    device_id: f7482a462dc7cc05b4ceaa0d882dc469
-    type: action
-    subtype: off_press
-    trigger: device
-    id: 'off'
-  - domain: mqtt
-    device_id: f7482a462dc7cc05b4ceaa0d882dc469
-    type: action
-    subtype: on_press
-    trigger: device
-    id: 'on'
-  - domain: mqtt
-    device_id: f7482a462dc7cc05b4ceaa0d882dc469
-    type: action
-    subtype: up_press
-    trigger: device
-    id: up
-  - domain: mqtt
-    device_id: f7482a462dc7cc05b4ceaa0d882dc469
-    type: action
-    subtype: down_press
-    trigger: device
-    id: down
-  - domain: mqtt
-    device_id: f7482a462dc7cc05b4ceaa0d882dc469
-    type: action
-    subtype: on_hold
-    trigger: device
-    id: hold on
-  conditions: []
-  actions:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - 'on'
-      sequence:
-      - data:
-          brightness_pct: 100
-          color_temp_kelvin: 5000
-          transition: 1
-        action: light.turn_on
-        target:
-          entity_id: light.livingroom_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - 'off'
-      sequence:
-      - data:
-          transition: 1
-        action: light.turn_off
-        target:
-          entity_id: light.livingroom_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - up
-      sequence:
-      - device_id: 8bc2033b03d5a474ca3204c5ca53e308
-        domain: light
-        entity_id: 4a3cc9043ff985e9271683e1916bd9e1
-        type: brightness_increase
-      - device_id: 8f4f51aed9b3b4284f520af25358efd9
-        domain: light
-        entity_id: f45e74498c4b6bae65aaf5adf67e29d6
-        type: brightness_increase
-    - conditions:
-      - condition: trigger
-        id:
-        - down
-      sequence:
-      - device_id: 8bc2033b03d5a474ca3204c5ca53e308
-        domain: light
-        entity_id: 4a3cc9043ff985e9271683e1916bd9e1
-        type: brightness_decrease
-      - device_id: 8bc2033b03d5a474ca3204c5ca53e308
-        domain: light
-        entity_id: 4a3cc9043ff985e9271683e1916bd9e1
-        type: brightness_decrease
-    - conditions:
-      - condition: trigger
-        id:
-        - hold on
-      sequence:
-      - metadata: {}
-        data:
-          rgb_color:
-          - 255
-          - 0
-          - 0
-          brightness_pct: 100
-        action: light.turn_on
-        target:
-          entity_id: light.livingroom_lights
-  mode: single

hosts/homeassistant/boot.nix

@@ -1,40 +0,0 @@
-{ lib, pkgs, ... }:
-let
-  kernel = pkgs.linuxPackages_latest;
-in
-{
-  # Configure bootloader with lanzaboot and secureboot
-  boot = {
-    kernelModules = [ "nct6775" ];
-    loader = {
-      systemd-boot.enable = true;
-      efi = {
-        canTouchEfiVariables = true;
-        efiSysMountPoint = "/boot";
-      };
-    };
-
-    initrd = {
-      verbose = false;
-      systemd.enable = true;
-    };
-
-    plymouth = {
-      enable = true;
-    };
-
-    kernelPackages = kernel;
-
-    kernelParams = [
-      "quiet"
-      "splash"
-    ];
-
-    consoleLogLevel = 3;
-    bootspec.enable = true;
-  };
-
-  environment.systemPackages = with pkgs; [ 
-    edk2-uefi-shell
-   ];
-}

hosts/homeassistant/configuration.nix

@@ -1,141 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page, on
-# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-
-{ config, lib, pkgs, ... }:
-
-let
-  user = "hass-admin";
-  password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
-  SSID = "Joey's Jungle 5G";
-  SSIDpassword = "kR8v&3Qd"; # config.sops.templates."wifi-password".content;
-  interface = "wlp0s20f3";
-  timezone = "America/Chicago";
-  hostname = "jallen-hass";
-in
-{
-  imports = [
-    # Include the results of the hardware scan.
-    ./boot.nix
-    ./hardware-configuration.nix
-    ./impermanence.nix
-    ./homeassistant.nix
-    ../default.nix
-  ];
-
-  # Enable nix flakes and nix-command tools
-  nix.settings.experimental-features = [
-    "nix-command"
-    "flakes"
-  ];
-
-  nix.settings.trusted-users = [ "@wheel" ];
-
-  # Set your time zone.
-  time.timeZone = timezone;
-
-  networking = {
-    networkmanager = {
-      enable = true;
-      
-      # Configure the static connection for eno1
-#      ensureProfiles = {
-#        profiles = {
-#          joeys-jungle = {
-#            connection = {
-#              id = "joeys-jungle";
-#              permissions = "";
-#              type = "wifi";
-#            };
-#            ipv4 = {
-#              dns-search = "";
-#              method = "auto";
-#            };
-#            ipv6 = {
-#              addr-gen-mode = "stable-privacy";
-#              dns-search = "";
-#               method = "auto";
-#            };
-#            wifi = {
-#              mac-address-blacklist = "";
-#              mode = "infrastructure";
-##              ssid = SSID;
-#            };
-#            wifi-security = {
-#              auth-alg = "open";
-#              key-mgmt = "wpa-psk";
-#              psk = SSIDpassword;
-#            };
-#          };
-#          "static-eno1" = {
-#            connection = {
-#              id = "static-eno1";
-#              type = "ethernet";
-#              interface-name = "eno1";
-#            };
-#            ipv4 = {
-#              method = "manual";
-#              addresses = "10.0.1.19/24";
-#              gateway = "10.0.1.1";
-#              dns = "10.0.1.1";
-#            };
-#          };
-#        };
-#      };
-    };
-    hostName = hostname;
-    wireless = {
-      enable = false;
-      networks."${SSID}".psk = SSIDpassword;
-      interfaces = [ interface ];
-    };
-  };
-
-  environment.systemPackages = with pkgs; [
-    vim
-    htop
-    git
-    protonmail-bridge
-    pass
-    gnome-keyring
-    openssl
-  ];
-
-  services.xserver.desktopManager.surf-display = {
-    enable = true;
-    defaultWwwUri = "http://jallen-hass:8123"; # todo: external maybe for reasons???
-  };
-
-  services.openssh.enable = true;
-  services.protonmail-bridge = {
-    enable = true;
-    path = with pkgs; [ pass gnome-keyring ];
-  };
-  
-  # Enable Avahi for .local hostname resolution
-  services.avahi = {
-    enable = true;
-    nssmdns4 = true;  # For modern systems, use nssmdns4 instead of nssmdns
-    publish = {
-      enable = true;
-      addresses = true;
-      domain = true;
-      workstation = true;
-    };
-  };
-
-  users = {
-    mutableUsers = false;
-    users."${user}" = {
-      isNormalUser = lib.mkForce true;
-      initialHashedPassword = password;
-      extraGroups = [
-        "wheel"
-        "docker"
-        "network-manager"
-        "hass"
-      ];
-      shell = pkgs.zsh;
-    };
-  };
-}

hosts/homeassistant/hardware-configuration.nix

@@ -1,70 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "none";
-      fsType = "tmpfs";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/AB0D-A6A2";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
-      fsType = "btrfs";
-      options = [ "subvol=nix" ];
-    };
-
-  fileSystems."/etc" =
-    { device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
-      fsType = "btrfs";
-      options = [ "subvol=etc" ];
-    };
-
-  fileSystems."/var/log" =
-    { device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
-      fsType = "btrfs";
-      options = [ "subvol=log" ];
-    };
-
-  fileSystems."/root" =
-    { device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
-      fsType = "btrfs";
-      options = [ "subvol=root" ];
-    };
-
-  fileSystems."/home" =
-    { device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
-      fsType = "btrfs";
-      options = [ "subvol=home" ];
-    };
-
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/d631d42b-b70a-4579-bfb4-57412ae7c682"; }
-    ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

hosts/homeassistant/home.nix

@@ -1,64 +0,0 @@
-{ lib, pkgs, ... }:
-let
-  shellAliases = {
-    ll = "ls -alh";
-    update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
-    update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
-    update-flake = "sudo nix flake update ~/nix-config";
-    update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
-    nas-ssh = "kitten ssh admin@10.0.1.3";
-    ducks = "du -cksh * | sort -hr | head -n 15";
-  };
-
-  gitAliases = {
-    co = "checkout";
-    ci = "commit";
-    cia = "commit --amend";
-    s = "status";
-    st = "status";
-    b = "branch";
-    p = "pull --rebase";
-    pu = "push";
-  };
-in
-{
-
-  home.username = "hass-admin";
-  home.homeDirectory = "/home/hass-admin";
-  home.stateVersion = "23.11";
-  programs.home-manager.enable = true;
-
-  programs = {
-    fish.enable = false;
-    mangohud.enable = true;
-    java.enable = true;
-
-    zsh = {
-      enable = true;
-      enableCompletion = true;
-      autosuggestion.enable = true;
-      syntaxHighlighting.enable = true;
-
-      shellAliases = shellAliases;
-
-      oh-my-zsh = {
-        enable = true;
-        plugins = [ "git" ];
-        theme = "fishy";
-      };
-    };
-  };
-
-  programs.git = {
-    enable = true;
-    userName = "mjallen18";
-    userEmail = "matt.l.jallen@gmail.com";
-    aliases = gitAliases;
-  };
-
-  home.packages = with pkgs; [
-    age
-    fastfetch
-    firefox
-  ];
-}

hosts/homeassistant/homeassistant.nix

@@ -1,453 +0,0 @@
-{ config, pkgs, ... }:
-let
-  mosquittoPort = 1883;
-  zigbee2mqttPort = 8080;
-  # "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
-  ha-bambulab = pkgs.stdenv.mkDerivation {
-    pname = "ha-bambulab";
-    version = "v2.1.5";  # Update with correct version
-    
-    src = pkgs.fetchFromGitHub {
-      owner = "greghesp";  # Update with correct owner
-      repo = "ha-bambulab";  # Update with correct repo name
-      rev = "v2.1.5";  # Or specific tag/commit 
-      sha256 = "sha256-iVcNFdkzdMVjbQuzrTLib8fhirnc+OJdPzM60EnyVe0=";  # Replace with actual hash
-    };
-    
-    installPhase = ''
-      mkdir -p $out/custom_components
-      cp -r custom_components/bambu_lab $out/custom_components/
-    '';
-  };
-  ha-gehome = pkgs.stdenv.mkDerivation {
-    pname = "ha-gehome";
-    version = "v2025.2.1";  # Update with correct version
-    
-    src = pkgs.fetchFromGitHub {
-      owner = "simbaja";  # Update with correct owner
-      repo = "ha_gehome";  # Update with correct repo name
-      rev = "v2025.2.1";  # Or specific tag/commit 
-      sha256 = "sha256-nb+KrJoWqvhqH6E7A22xXwQzTYp7yn+hl9WRDXn95Cc=";  # Replace with actual hash
-    };
-    
-    installPhase = ''
-      mkdir -p $out/custom_components
-      cp -r custom_components/ge_home $out/custom_components/
-    '';
-  };
-  ha-mail-and-packages = pkgs.stdenv.mkDerivation {
-    pname = "Home-Assistant-Mail-And-Packages";
-    version = "0.4.2";  # Update with correct version
-    
-    src = pkgs.fetchFromGitHub {
-      owner = "moralmunky";  # Update with correct owner
-      repo = "Home-Assistant-Mail-And-Packages";  # Update with correct repo name
-      rev = "0.4.2";  # Or specific tag/commit 
-      sha256 = "sha256-5LBTlRlkSUx8DOY+F7UvUs4dzjZKdBdgnDUdK6DBdew=";  # Replace with actual hash
-    };
-    
-    installPhase = ''
-      mkdir -p $out/custom_components
-      cp -r custom_components/mail_and_packages $out/custom_components/
-    '';
-  };
-  ha-overseerr = pkgs.stdenv.mkDerivation {
-    pname = "ha-overseerr";
-    version = "0.1.42";  # Update with correct version
-    
-    src = pkgs.fetchFromGitHub {
-      owner = "vaparr";  # Update with correct owner
-      repo = "ha-overseerr";  # Update with correct repo name
-      rev = "0.1.42";  # Or specific tag/commit 
-      sha256 = "sha256-UvUowCgfay9aRV+iC/AQ9vvJzhGZbH+/1kVjxPFBKcI=";  # Replace with actual hash
-    };
-    
-    installPhase = ''
-      mkdir -p $out/custom_components
-      cp -r custom_components/overseerr $out/custom_components/
-    '';
-  };
-  ha-petlibro = pkgs.stdenv.mkDerivation {
-    pname = "ha-petlibro";
-    version = "v1.0.21.1";  # Update with correct version
-    
-    src = pkgs.fetchzip {
-      url = "https://github.com/jjjonesjr33/petlibro/archive/refs/tags/v1.0.21.1.zip";
-      sha256 = "sha256-3EckyAgWxlZeqy9g13yP2nKCcjnyVIp8EdiE/A1pNu4=";  # Replace with actual hash
-    };
-    
-    installPhase = ''
-      mkdir -p $out/custom_components
-      cp -r custom_components/petlibro $out/custom_components/
-    '';
-  };
-  ha-wyzeapi = pkgs.stdenv.mkDerivation {
-    pname = "ha-wyzeapi";
-    version = "0.1.32";  # Update with correct version
-    
-    src = pkgs.fetchzip {
-      url = "https://github.com/SecKatie/ha-wyzeapi/archive/refs/tags/0.1.32.zip";
-      sha256 = "sha256-3xUynZBEHuO2hKLYCb2sBpJAe0JF/8uKqR304Y7JQmE=";  # Replace with actual hash
-    };
-    
-    installPhase = ''
-      mkdir -p $out/custom_components
-      cp -r custom_components/wyzeapi $out/custom_components/
-    '';
-  };
-  
-  # In configuration.nix or a separate file
-  pythonSteam = pkgs.python3.withPackages (ps: [
-    (ps.buildPythonPackage rec {
-      pname = "steam";
-      version = "1.4.4";  # Check for the latest version
-      src = pkgs.fetchPypi {
-        inherit pname version;
-        sha256 = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; # Get the correct hash
-      };
-      doCheck = false;
-      propagatedBuildInputs = [ ps.requests ps.protobuf ];
-    })
-  ]);
-in
-{
-
-  services.home-assistant = {
-    enable = true;
-    openFirewall = true;
-    configWritable = true; # todo
-    extraComponents = [
-      # Components required to complete the onboarding
-      "analytics"
-      "google_translate"
-      "met"
-      "radio_browser"
-      "shopping_list"
-      # Recommended for fast zlib compression
-      # https://www.home-assistant.io/integrations/isal
-      "isal"
-      "subaru"
-      "vesync"
-      "mqtt" # Enables MQTT integration in HA
-      "ffmpeg" # Enables camera streams
-      "zha" # Enables Zigbee integration
-      "homekit"
-      "music_assistant"
-    ];
-    customComponents = with pkgs.home-assistant-custom-components; [
-      auth-header
-    ];
-    customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
-      atomic-calendar-revive
-      bubble-card
-      button-card
-      hourly-weather
-      mini-graph-card
-      mini-media-player
-      multiple-entity-row
-      mushroom
-      vacuum-card
-      weather-chart-card
-      zigbee2mqtt-networkmap
-    ];
-    # use postgresql instead of sqlite
-    extraPackages = ps: with ps; [
-      # Core functionality
-      aiohttp
-      aiodns
-      paho-mqtt
-      pillow
-      pytz
-      pyyaml
-      sqlalchemy
-      
-      # Discovery & networking
-      zeroconf
-      netdisco
-      ifaddr
-      ssdp
-      
-      # Device protocols
-      pyserial                # Serial communications
-      bluepy                  # Bluetooth LE
-      
-      # Smart home ecosystems
-      mutagen                 # Media file metadata
-      pysonos                 # Sonos
-      pywemo                  # Belkin WeMo
-      python-miio             # Xiaomi devices
-      python-kasa             # TP-Link
-      
-      # Sensors & monitoring
-      meteocalc               # Weather calculations
-      speedtest-cli           # Internet speed
-      
-      # Visualization & UI
-      matplotlib              # Graphing
-      
-      # Security
-      bcrypt
-      cryptography
-      pyjwt
-      
-      # Media
-      ha-ffmpeg               # Camera streams
-      
-      # Specialized integrations
-      python-matter-server    # Matter protocol
-      
-      # System integrations
-      psutil                  # System monitoring
-      
-      psycopg2
-      numpy
-      hassil 
-      pyturbojpeg
-      paho-mqtt
-      pychromecast
-      pyatv 
-      python-otbr-api 
-      brother
-      pyipp
-      govee-ble
-      adguardhome
-      nextcord
-      aiogithubapi
-      jellyfin-apiclient-python
-      pylitterbot
-      dateparser
-      aionut
-      nextcloudmonitor
-      ollama
-      pynecil
-      aiopyarr
-      pysabnzbd
-      getmac
-      zigpy
-      bellows         # For Zigbee EmberZNet-based adapters
-      zigpy-xbee      # For XBee adapters
-      zigpy-deconz    # For ConBee/RaspBee adapters
-      pyicloud        # iCloud
-      pyatv           # Apple TV
-      opencv-python
-      face-recognition
-      ibeacon-ble
-      gehomesdk
-      onedrive-personal-sdk
-      python-roborock
-      pythonSteam
-      apple-weatherkit
-    ];
-    
-    config = {
-      # Includes dependencies for a basic setup
-      # https://www.home-assistant.io/integrations/default_config/
-      default_config = {};
-
-      cloud = false;
-      
-      frontend = {
-        themes = "!include_dir_merge_named themes";
-      };
-
-      "automation ui" = "!include /etc/nixos/hosts/homeassistant/automations.yaml";
-      "scene ui" = "!include /etc/nixos/hosts/homeassistant/scenes.yaml";
-      "script ui" = "!include /etc/nixos/hosts/homeassistant/scripts.yaml";
-
-      http = {
-        use_x_forwarded_for = true;
-        trusted_proxies = [
-          "172.30.33.0/24"
-          "10.0.1.3"
-          "10.0.1.0/24"
-        ];
-      };
-
-      recorder = {
-        db_url = "postgresql://@/hass";
-        purge_keep_days = 180;
-      };
-
-      auth_header = {
-        debug = false;
-        username_header = "X-authentik-username";
-      };
-
-      # https://www.home-assistant.io/integrations/ota_updater/
-      zha.zigpy_config.ota.z2m_remote_index = "https://raw.githubusercontent.com/Koenkk/zigbee-OTA/master/index.json";
-    };
-  };
-
-  # https://www.home-assistant.io/integrations/automation/
-  # systemd.tmpfiles.rules = [
-  #   "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass"
-  # ];
-
-  # This bypasses the component validation and places it directly in HA's data directory
-  system.activationScripts.installCustomComponents = ''
-    mkdir -p ${config.services.home-assistant.configDir}/custom_components
-    cp -r ${ha-bambulab}/custom_components/bambu_lab ${config.services.home-assistant.configDir}/custom_components/
-    cp -r ${ha-gehome}/custom_components/ge_home ${config.services.home-assistant.configDir}/custom_components/
-    cp -r ${ha-mail-and-packages}/custom_components/mail_and_packages ${config.services.home-assistant.configDir}/custom_components/
-    cp -r ${ha-overseerr}/custom_components/overseerr ${config.services.home-assistant.configDir}/custom_components/
-    cp -r ${ha-petlibro}/custom_components/petlibro ${config.services.home-assistant.configDir}/custom_components/
-    cp -r ${ha-wyzeapi}/custom_components/wyzeapi ${config.services.home-assistant.configDir}/custom_components/
-
-    ln -sf /etc/nixos/hosts/homeassistant/automations.yaml ${config.services.home-assistant.configDir}/automations.yaml
-    ln -sf /etc/nixos/hosts/homeassistant/scenes.yaml ${config.services.home-assistant.configDir}/scenes.yaml
-    ln -sf /etc/nixos/hosts/homeassistant/scripts.yaml ${config.services.home-assistant.configDir}/scripts.yaml
-
-
-    chown -R hass:hass ${config.services.home-assistant.configDir}
-    chmod -R 750 ${config.services.home-assistant.configDir}
-  '';
-
-  services = {
-    postgresql = {
-      enable = true;
-      ensureDatabases = [ "hass" ];
-      ensureUsers = [{
-        name = "hass";
-        ensureDBOwnership = true;
-      }];
-    };
-
-    # Enable and configure Mosquitto MQTT broker
-    mosquitto = {
-      enable = true;
-      listeners = [
-        {
-          acl = [ "pattern readwrite #" ];
-          omitPasswordAuth = true;
-          settings.allow_anonymous = true;
-        }
-      ];
-    };
-
-    zigbee2mqtt = {
-      enable = true;
-      settings = {
-        homeassistant = {
-          enabled = config.services.home-assistant.enable;
-          # Optional: Home Assistant discovery topic (default: shown below)
-          # Note: should be different from [MQTT base topic](../mqtt.md) to prevent errors in HA software
-          discovery_topic = "homeassistant";
-          # Optional: Home Assistant status topic (default: shown below)
-          status_topic = "homeassistant/status";
-          # Optional: Experimental support for Home Assistant event entities, may break in the future (default: shown below) when enabled:
-          # - An `event` entity will be discovered for each 'action'.
-          # - The `event_type` attribute will contain the action itself, additional attributes like `button` will have further information.
-          experimental_event_entities = false;
-          # Optional: Home Assistant legacy action sensor (default: `false`), when enabled:
-          # - Zigbee2MQTT will send an empty 'action' after one has been send
-          # - A 'sensor_action' will be discovered
-          legacy_action_sensor = false;
-        };
-
-        permit_join = true;
-        # Web interface
-        frontend = {
-          port = zigbee2mqttPort;  # Choose an available port
-        };
-        # MQTT configuration
-        mqtt = {
-          base_topic = "zigbee2mqtt";
-          server = "mqtt://localhost:1883";
-          # If using authentication:
-          # user = "mqttuser";
-          # password = "your-password";
-        };
-        serial = {
-          port = "/dev/ttyUSB0";
-        };
-      };
-    };
-
-    music-assistant = {
-      enable = true;
-      providers = [
-        # "airplay" # music-assistant: airplay support is missing libraop, a library we will not package because it depends on OpenSSL 1.1.
-        "apple_music"
-        "bluesound"
-        "builtin"
-        "chromecast"
-        "deezer"
-        "dlna"
-        "fanarttv"
-        "filesystem_local"
-        "filesystem_smb"
-        "fully_kiosk"
-        "hass"
-        "hass_players"
-        "jellyfin"
-        "musicbrainz"
-        "opensubsonic"
-        "player_group"
-        "plex"
-        "qobuz"
-        "radiobrowser"
-        "siriusxm"
-        "snapcast"
-        "sonos"
-        "sonos_s1"
-        "soundcloud"
-        "spotify"
-        "template_player_provider"
-        "test"
-        "theaudiodb"
-        "tidal"
-        "tunein"
-        "ytmusic"
-      ];
-    };
-
-    # Enable AirPlay
-    pipewire = {
-      # opens UDP ports 6001-6002
-      raopOpenFirewall = true;
-
-      extraConfig.pipewire = {
-        "10-airplay" = {
-          "context.modules" = [
-            {
-              name = "libpipewire-module-raop-discover";
-
-              # increase the buffer size if you get dropouts/glitches
-              # args = {
-              #   "raop.latency.ms" = 500;
-              # };
-            }
-          ];
-        };
-      };
-    };
-  };
-
-  # Enable required hardware support for the Zigbee adapter
-  hardware.bluetooth.enable = true;  # Some adapters use Bluetooth
-  
-  # Ensure proper permissions for Zigbee USB devices
-  # services.udev.extraRules = ''
-  #   # For CC2531, CC2530, CC1352P-2, CC2538 and similar adapters
-  #   SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="zigbee", MODE="0666"
-  #   SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="zigbee", MODE="0666"
-    
-  #   # For ConBee/RaspBee by Dresden Elektronik
-  #   SUBSYSTEM=="tty", ATTRS{idVendor}=="1cf1", ATTRS{idProduct}=="0030", SYMLINK+="zigbee", MODE="0666"
-    
-  #   # For Electrolama zig-a-zig-ah (zzh!)
-  #   SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="zigbee", MODE="0666"
-  # '';
-
-  environment.systemPackages = with pkgs; [
-    mosquitto  # MQTT command-line tools
-    usbutils   # For lsusb to help identify your adapter
-  ];
-
-  networking.firewall.allowedTCPPorts = [
-    mosquittoPort
-    zigbee2mqttPort
-    8095
-    8097
-  ];
-}

hosts/homeassistant/impermanence.nix

@@ -1,57 +0,0 @@
-{ ... }:
-{
-  # Set up impernance configuration for things like bluetooth
-  # In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
-
-  environment.persistence."/nix/persist/system" = {
-    hideMounts = true;
-    directories = [
-      "/var/lib/bluetooth"
-      "/var/lib/nixos"
-      "/var/lib/tailscale"
-      "/var/lib/systemd/coredump"
-      "/var/lib/zigbee2mqtt"
-      "/var/lib/postgresql"
-#      "/var/lib/music-assistant"
-      "/etc/NetworkManager/system-connections"
-      "/etc/secureboot"
-      {
-        directory = "/var/lib/private/authentik/media";
-        user = "authentik";
-        group = "authentik";
-        mode = "u=rwx,g=,o=";
-      }
-      {
-        directory = "/var/lib/hass";
-        user = "hass";
-        group = "hass";
-        mode = "u=rwx,g=,o=";
-      }
-      {
-        directory = "/var/lib/private";
-        mode = "u=rwx,g=rx,o=";
-      }
-      {
-        directory = "/var/lib/colord";
-        user = "colord";
-        group = "colord";
-        mode = "u=rwx,g=rx,o=";
-      }
-      {
-        directory = "/etc/nix";
-        user = "root";
-        group = "wheel";
-        mode = "u=rwx,g=rx,o=rx";
-      }
-    ];
-    files = [
-      "/var/cache-priv-key.pem"
-      "/etc/machine-id"
-    ];
-  };
-
-  security.sudo.extraConfig = ''
-    # rollback results in sudo lectures after each reboot
-    Defaults lecture = never
-  '';
-}

hosts/mac-nixos/apple-silicon-support/default.nix

@@ -1,7 +0,0 @@
-{ ... }:
-
-{
-  imports = [
-    ./modules/default.nix
-  ];
-}

hosts/mac-nixos/apple-silicon-support/modules/boot-m1n1/default.nix

@@ -1,55 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  pkgs' = config.hardware.asahi.pkgs;
-
-  bootM1n1 = pkgs'.m1n1.override {
-    isRelease = true;
-    withTools = false;
-    customLogo = config.boot.m1n1CustomLogo;
-  };
-
-  bootUBoot = pkgs'.uboot-asahi.override {
-    m1n1 = bootM1n1;
-  };
-
-  bootFiles = {
-    "m1n1/boot.bin" = pkgs.runCommand "boot.bin" {} ''
-      cat ${bootM1n1}/build/m1n1.bin > $out
-      cat ${config.boot.kernelPackages.kernel}/dtbs/apple/*.dtb >> $out
-      cat ${bootUBoot}/u-boot-nodtb.bin.gz >> $out
-      if [ -n "${config.boot.m1n1ExtraOptions}" ]; then
-        echo '${config.boot.m1n1ExtraOptions}' >> $out
-      fi
-    '';
-  };
-in {
-  config = lib.mkIf config.hardware.asahi.enable {
-    # install m1n1 with the boot loader
-    boot.loader.grub.extraFiles = bootFiles;
-    boot.loader.systemd-boot.extraFiles = bootFiles;
-
-    # ensure the installer has m1n1 in the image
-    system.extraDependencies = lib.mkForce [ bootM1n1 bootUBoot ];
-    system.build.m1n1 = bootFiles."m1n1/boot.bin";
-  };
-
-  options.boot = {
-    m1n1ExtraOptions = lib.mkOption {
-      type = lib.types.str;
-      default = "";
-      description = ''
-        Append extra options to the m1n1 boot binary. Might be useful for fixing
-        display problems on Mac minis.
-        https://github.com/AsahiLinux/m1n1/issues/159
-      '';
-    };
-
-    m1n1CustomLogo = lib.mkOption {
-      type = lib.types.nullOr lib.types.path;
-      default = null;
-      description = ''
-        Custom logo to build into m1n1. The path must point to a 256x256 PNG.
-      '';
-    };
-  };
-}

hosts/mac-nixos/apple-silicon-support/modules/default.nix

@@ -1,92 +0,0 @@
-{ config, pkgs, lib, ... }:
-{
-  imports = [
-    ./kernel
-    ./mesa
-    ./peripheral-firmware
-    ./boot-m1n1
-    ./sound
-  ];
-
-  config = let
-      cfg = config.hardware.asahi;
-    in lib.mkIf cfg.enable {
-      nixpkgs.overlays = lib.mkBefore [ cfg.overlay ];
-
-      # patch systemd-boot to boot in Apple Silicon UEFI environment.
-      # This regression only appeared in systemd 256.7.
-      # see https://github.com/NixOS/nixpkgs/pull/355290
-      # and https://github.com/systemd/systemd/issues/35026
-      systemd.package = let
-        systemdBroken = (pkgs.systemd.version == "256.7");
-
-        systemdPatched = pkgs.systemd.overrideAttrs (old: {
-          patches = let
-            oldPatches = (old.patches or []);
-            # not sure why there are non-paths in there but oh well
-            patchNames = (builtins.map (p: if ((builtins.typeOf p) == "path") then builtins.baseNameOf p else "") oldPatches);
-            fixName = "0019-Revert-boot-Make-initrd_prepare-semantically-equival.patch";
-            alreadyPatched = builtins.elem fixName patchNames;
-          in oldPatches ++ lib.optionals (!alreadyPatched) [
-            (pkgs.fetchpatch {
-              url = "https://raw.githubusercontent.com/NixOS/nixpkgs/125e99477b0ac0a54b7cddc6c5a704821a3074c7/pkgs/os-specific/linux/systemd/${fixName}";
-              hash = "sha256-UW3DZiaykQUUNcGA5UFxN+/wgNSW3ufxDDCZ7emD16o=";
-            })
-          ];
-        });
-      in if systemdBroken then systemdPatched else pkgs.systemd;
-
-      hardware.asahi.pkgs =
-        if cfg.pkgsSystem != "aarch64-linux"
-        then
-          import (pkgs.path) {
-            crossSystem.system = "aarch64-linux";
-            localSystem.system = cfg.pkgsSystem;
-            overlays = [ cfg.overlay ];
-          }
-        else pkgs;
-    };
-
-  options.hardware.asahi = {
-    enable = lib.mkOption {
-      type = lib.types.bool;
-      default = true;
-      description = ''
-        Enable the basic Asahi Linux components, such as kernel and boot setup.
-      '';
-    };
-
-    pkgsSystem = lib.mkOption {
-      type = lib.types.str;
-      default = "aarch64-linux";
-      description = ''
-        System architecture that should be used to build the major Asahi
-        packages, if not the default aarch64-linux. This allows installing from
-        a cross-built ISO without rebuilding them during installation.
-      '';
-    };
-
-    pkgs = lib.mkOption {
-      type = lib.types.raw;
-      description = ''
-        Package set used to build the major Asahi packages. Defaults to the
-        ambient set if not cross-built, otherwise re-imports the ambient set
-        with the system defined by `hardware.asahi.pkgsSystem`.
-      '';
-    };
-
-    overlay = lib.mkOption {
-      type = lib.mkOptionType {
-        name = "nixpkgs-overlay";
-        description = "nixpkgs overlay";
-        check = lib.isFunction;
-        merge = lib.mergeOneOption;
-      };
-      default = import ../packages/overlay.nix;
-      defaultText = "overlay provided with the module";
-      description = ''
-        The nixpkgs overlay for asahi packages.
-      '';
-    };
-  };
-}

hosts/mac-nixos/apple-silicon-support/modules/kernel/default.nix

@@ -1,106 +0,0 @@
-# the Asahi Linux kernel and options that must go along with it
-
-{ config, pkgs, lib, ... }:
-{
-  config = lib.mkIf config.hardware.asahi.enable {
-    boot.kernelPackages = let
-      pkgs' = config.hardware.asahi.pkgs;
-    in
-      pkgs'.linux-asahi.override {
-        _kernelPatches = config.boot.kernelPatches;
-        withRust = config.hardware.asahi.withRust;
-      };
-
-    # we definitely want to use CONFIG_ENERGY_MODEL, and
-    # schedutil is a prerequisite for using it
-    # source: https://www.kernel.org/doc/html/latest/scheduler/sched-energy.html
-    powerManagement.cpuFreqGovernor = lib.mkOverride 800 "schedutil";
-
-    boot.initrd.includeDefaultModules = false;
-    boot.initrd.availableKernelModules = [
-      # list of initrd modules stolen from
-      # https://github.com/AsahiLinux/asahi-scripts/blob/f461f080a1d2575ae4b82879b5624360db3cff8c/initcpio/install/asahi
-      "apple-mailbox"
-      "nvme_apple"
-      "pinctrl-apple-gpio"
-      "macsmc"
-      "macsmc-rtkit"
-      "i2c-pasemi-platform"
-      "tps6598x"
-      "apple-dart"
-      "dwc3"
-      "dwc3-of-simple"
-      "xhci-pci"
-      "pcie-apple"
-      "gpio_macsmc"
-      "phy-apple-atc"
-      "nvmem_apple_efuses"
-      "spi-apple"
-      "spi-hid-apple"
-      "spi-hid-apple-of"
-      "rtc-macsmc"
-      "simple-mfd-spmi"
-      "spmi-apple-controller"
-      "nvmem_spmi_mfd"
-      "apple-dockchannel"
-      "dockchannel-hid"
-      "apple-rtkit-helper"
-
-      # additional stuff necessary to boot off USB for the installer
-      # and if the initrd (i.e. stage 1) goes wrong
-      "usb-storage"
-      "xhci-plat-hcd"
-      "usbhid"
-      "hid_generic"
-    ];
-
-    boot.kernelParams = [
-      "earlycon"
-      "console=tty0"
-      "boot.shell_on_fail"
-      # Apple's SSDs are slow (~dozens of ms) at processing flush requests which
-      # slows down programs that make a lot of fsync calls. This parameter sets
-      # a delay in ms before actually flushing so that such requests can be
-      # coalesced. Be warned that increasing this parameter above zero (default
-      # is 1000) has the potential, though admittedly unlikely, risk of
-      # UNBOUNDED data corruption in case of power loss!!!! Don't even think
-      # about it on desktops!!
-      "nvme_apple.flush_interval=0"
-    ];
-
-    # U-Boot does not support EFI variables
-    boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
-
-    # U-Boot does not support switching console mode
-    boot.loader.systemd-boot.consoleMode = "0";
-
-    # GRUB has to be installed as removable if the user chooses to use it
-    boot.loader.grub = lib.mkDefault {
-      efiSupport = true;
-      efiInstallAsRemovable = true;
-      device = "nodev";
-    };
-
-    # autosuspend was enabled as safe for the PCI SD card reader
-    # "Genesys Logic, Inc GL9755 SD Host Controller [17a0:9755] (rev 01)"
-    # by recent systemd versions, but this has a "negative interaction"
-    # with our kernel/SoC and causes random boot hangs. disable it!
-    services.udev.extraHwdb = ''
-      pci:v000017A0d00009755*
-        ID_AUTOSUSPEND=0
-    '';
-  };
-
-  imports = [
-    (lib.mkRemovedOptionModule [ "hardware" "asahi" "addEdgeKernelConfig" ]
-      "All edge kernel config options are now the default.")
-  ];
-
-  options.hardware.asahi.withRust = lib.mkOption {
-    type = lib.types.bool;
-    default = false;
-    description = ''
-      Build the Asahi Linux kernel with Rust support.
-    '';
-  };
-}

hosts/mac-nixos/apple-silicon-support/modules/mesa/default.nix

@@ -1,53 +0,0 @@
-{ options, config, pkgs, lib, ... }:
-{
-  config = let
-    isMode = mode: (config.hardware.asahi.useExperimentalGPUDriver
-        && config.hardware.asahi.experimentalGPUInstallMode == mode);
-  in lib.mkIf config.hardware.asahi.enable (lib.mkMerge [
-    {
-      # required for proper DRM setup even without GPU driver
-      services.xserver.config = ''
-        Section "OutputClass"
-            Identifier "appledrm"
-            MatchDriver "apple"
-            Driver "modesetting"
-            Option "PrimaryGPU" "true"
-        EndSection
-      '';
-    }
-    (lib.mkIf config.hardware.asahi.useExperimentalGPUDriver {
-      # install the Asahi Mesa version
-      hardware.graphics.package = config.hardware.asahi.pkgs.mesa-asahi-edge;
-      # required for in-kernel GPU driver
-      hardware.asahi.withRust = true;
-    })
-  ]);
-
-  options.hardware.asahi.useExperimentalGPUDriver = lib.mkOption {
-    type = lib.types.bool;
-    default = false;
-    description = ''
-      Use the experimental Asahi Mesa GPU driver.
-
-      Do not report issues using this driver under NixOS to the Asahi project.
-    '';
-  };
-
-  # hopefully no longer used, should be deprecated eventually
-  options.hardware.asahi.experimentalGPUInstallMode = lib.mkOption {
-    type = lib.types.enum [ "driver" "replace" "overlay" ];
-    default = "replace";
-    description = ''
-      Mode to use to install the experimental GPU driver into the system.
-
-      driver: install only as a driver, do not replace system Mesa.
-        Causes issues with certain programs like Plasma Wayland.
-
-      replace (default): use replaceRuntimeDependencies to replace system Mesa with Asahi Mesa.
-        Does not work in pure evaluation context (i.e. in flakes by default).
-
-      overlay: overlay system Mesa with Asahi Mesa
-        Requires rebuilding the world.
-    '';
-  };
-}

hosts/mac-nixos/apple-silicon-support/modules/peripheral-firmware/default.nix

@@ -1,69 +0,0 @@
-{ config, pkgs, lib, ... }:
-{
-  config = lib.mkIf config.hardware.asahi.enable {
-    assertions = lib.mkIf config.hardware.asahi.extractPeripheralFirmware [
-      { assertion = config.hardware.asahi.peripheralFirmwareDirectory != null;
-        message = ''
-          Asahi peripheral firmware extraction is enabled but the firmware
-          location appears incorrect.
-        '';
-      }
-    ];
-
-    hardware.firmware = let
-      pkgs' = config.hardware.asahi.pkgs;
-    in
-      lib.mkIf ((config.hardware.asahi.peripheralFirmwareDirectory != null)
-          && config.hardware.asahi.extractPeripheralFirmware) [
-        (pkgs.stdenv.mkDerivation {
-          name = "asahi-peripheral-firmware";
-
-          nativeBuildInputs = [ pkgs'.asahi-fwextract pkgs.cpio ];
-
-          buildCommand = ''
-            mkdir extracted
-            asahi-fwextract ${config.hardware.asahi.peripheralFirmwareDirectory} extracted
-
-            mkdir -p $out/lib/firmware
-            cat extracted/firmware.cpio | cpio -id --quiet --no-absolute-filenames
-            mv vendorfw/* $out/lib/firmware
-          '';
-        })
-      ];
-  };
-
-  options.hardware.asahi = {
-    extractPeripheralFirmware = lib.mkOption {
-      type = lib.types.bool;
-      default = true;
-      description = ''
-        Automatically extract the non-free non-redistributable peripheral
-        firmware necessary for features like Wi-Fi.
-      '';
-    };
-
-    peripheralFirmwareDirectory = lib.mkOption {
-      type = lib.types.nullOr lib.types.path;
-
-      default = lib.findFirst (path: builtins.pathExists (path + "/all_firmware.tar.gz")) null
-        [
-          # path when the system is operating normally
-          /boot/asahi
-          # path when the system is mounted in the installer
-          /mnt/boot/asahi
-        ];
-
-      description = ''
-        Path to the directory containing the non-free non-redistributable
-        peripheral firmware necessary for features like Wi-Fi. Ordinarily, this
-        will automatically point to the appropriate location on the ESP. Flake
-        users and those interested in maximum purity will want to copy those
-        files elsewhere and specify this manually.
-
-        Currently, this consists of the files `all-firmware.tar.gz` and
-        `kernelcache*`. The official Asahi Linux installer places these files
-        in the `asahi` directory of the EFI system partition when creating it.
-      '';
-    };
-  };
-}

hosts/mac-nixos/apple-silicon-support/modules/sound/default.nix

@@ -1,49 +0,0 @@
-{ config, options, pkgs, lib, ... }:
-
-{
-  options.hardware.asahi = {
-    setupAsahiSound = lib.mkOption {
-      type = lib.types.bool;
-      default = config.hardware.asahi.enable;
-      description = ''
-        Set up the Asahi DSP components so that the speakers and headphone jack
-        work properly and safely.
-      '';
-    };
-  };
-
-  config = let
-    cfg = config.hardware.asahi;
-  in lib.mkIf (cfg.setupAsahiSound && cfg.enable) (lib.mkMerge [
-    {
-      # can't be used by Asahi sound infrastructure
-      services.pulseaudio.enable = false;
-      # enable pipewire to run real-time and avoid audible glitches
-      security.rtkit.enable = true;
-      # set up pipewire with the supported capabilities (instead of pulseaudio)
-      # and asahi-audio configs and plugins
-      services.pipewire = {
-        enable = true;
-        alsa.enable = true;
-        pulse.enable = true;
-
-        configPackages = [ pkgs.asahi-audio ];
-
-        wireplumber = {
-          enable = true;
-
-          configPackages = [ pkgs.asahi-audio ];
-        };
-      };
-
-      # set up enivronment so that UCM configs are used as well
-      environment.variables.ALSA_CONFIG_UCM2 = "${pkgs.alsa-ucm-conf-asahi}/share/alsa/ucm2";
-      systemd.user.services.pipewire.environment.ALSA_CONFIG_UCM2 = config.environment.variables.ALSA_CONFIG_UCM2;
-      systemd.user.services.wireplumber.environment.ALSA_CONFIG_UCM2 = config.environment.variables.ALSA_CONFIG_UCM2;
-
-      # enable speakersafetyd to protect speakers
-      systemd.packages = [ pkgs.speakersafetyd ];
-      services.udev.packages = [ pkgs.speakersafetyd ];
-    }
-  ]);
-}

hosts/mac-nixos/apple-silicon-support/packages/alsa-ucm-conf-asahi/default.nix

@@ -1,22 +0,0 @@
-{ lib
-, fetchFromGitHub
-, alsa-ucm-conf
-}:
-
-(alsa-ucm-conf.overrideAttrs (oldAttrs: let
-  versionAsahi = "8";
-
-  srcAsahi = fetchFromGitHub {
-    # tracking: https://src.fedoraproject.org/rpms/alsa-ucm-asahi
-    owner = "AsahiLinux";
-    repo = "alsa-ucm-conf-asahi";
-    rev = "v${versionAsahi}";
-    hash = "sha256-FPrAzscc1ICSCQSqULaGLqG4UCq8GZU9XLV7TUSBBRM=";
-  };
-in {
-  name = "${oldAttrs.pname}-${oldAttrs.version}-asahi-${versionAsahi}";
-
-  postInstall = oldAttrs.postInstall or "" + ''
-    cp -r ${srcAsahi}/ucm2 $out/share/alsa
-  '';
-}))

hosts/mac-nixos/apple-silicon-support/packages/asahi-audio/default.nix

@@ -1,46 +0,0 @@
-{ stdenv
-, lib
-, fetchFromGitHub
-, lsp-plugins
-, bankstown-lv2
-, triforce-lv2
-}:
-
-stdenv.mkDerivation rec {
-  pname = "asahi-audio";
-  # tracking: https://src.fedoraproject.org/rpms/asahi-audio
-  version = "3.3";
-
-  src = fetchFromGitHub {
-    owner = "AsahiLinux";
-    repo = "asahi-audio";
-    rev = "v${version}";
-    hash = "sha256-p0M1pPxov+wSLT2F4G6y5NZpCXzbjZkzle+75zQ4xxU=";
-  };
-
-  preBuild = ''
-    export PREFIX=$out
-
-    readarray -t configs < <(\
-          find . \
-                -name '*.conf' -or \
-                -name '*.json' -or \
-                -name '*.lua'
-    )
-
-    substituteInPlace "''${configs[@]}" --replace \
-          "/usr/share/asahi-audio" \
-          "$out/asahi-audio"
-  '';
-
-  postInstall = ''
-    # no need to link the asahi-audio dir globally
-    mv $out/share/asahi-audio $out
-  '';
-
-  passthru.requiredLv2Packages = [
-    lsp-plugins
-    bankstown-lv2
-    triforce-lv2
-  ];
-}

hosts/mac-nixos/apple-silicon-support/packages/asahi-fwextract/default.nix

@@ -1,32 +0,0 @@
-{ lib
-, python3
-, fetchFromGitHub
-, gzip
-, gnutar
-, lzfse
-}:
-
-python3.pkgs.buildPythonApplication rec {
-  pname = "asahi-fwextract";
-  version = "0.7.8";
-
-  # tracking version: https://packages.fedoraproject.org/pkgs/asahi-installer/python3-asahi_firmware/
-  src = fetchFromGitHub {
-    owner = "AsahiLinux";
-    repo = "asahi-installer";
-    rev = "v${version}";
-    hash = "sha256-UmgHWKIRbcg9PK44YPPM4tyuEDC0+ANKO3Mzc4N9RHo=";
-  };
-
-  postPatch = ''
-    substituteInPlace asahi_firmware/img4.py \
-      --replace 'liblzfse.so' '${lzfse}/lib/liblzfse.so'
-    substituteInPlace asahi_firmware/update.py \
-      --replace '"tar"' '"${gnutar}/bin/tar"' \
-      --replace '"xf"' '"-x", "-I", "${gzip}/bin/gzip", "-f"'
-  '';
-
-  nativeBuildInputs = [ python3.pkgs.setuptools ];
-
-  doCheck = false;
-}

hosts/mac-nixos/apple-silicon-support/packages/linux-asahi/default.nix

@@ -1,104 +0,0 @@
-{ lib
-, callPackage
-, writeText
-, linuxPackagesFor
-, withRust ? true
-, _kernelPatches ? [ ]
-}:
-
-let
-  i = builtins.elemAt;
-
-  # parse <OPT> [ymn]|foo style configuration as found in a patch's extraConfig
-  # into a list of k, v tuples
-  parseExtraConfig = config:
-    let
-      lines =
-        builtins.filter (s: s != "") (lib.strings.splitString "\n" config);
-      parseLine = line: let
-        t = lib.strings.splitString " " line;
-        join = l: builtins.foldl' (a: b: "${a} ${b}")
-          (builtins.head l) (builtins.tail l);
-        v = if (builtins.length t) > 2 then join (builtins.tail t) else (i t 1);
-      in [ "CONFIG_${i t 0}" v ];
-    in map parseLine lines;
-
-  # parse <OPT>=lib.kernel.(yes|module|no)|lib.kernel.freeform "foo"
-  # style configuration as found in a patch's extraStructuredConfig into
-  # a list of k, v tuples
-  parseExtraStructuredConfig = config: lib.attrsets.mapAttrsToList
-    (k: v: [ "CONFIG_${k}" (v.tristate or v.freeform) ] ) config;
-
-  parsePatchConfig = { extraConfig ? "", extraStructuredConfig ? {}, ... }:
-    (parseExtraConfig extraConfig) ++
-    (parseExtraStructuredConfig extraStructuredConfig);
-
-  # parse CONFIG_<OPT>=[ymn]|"foo" style configuration as found in a config file
-  # into a list of k, v tuples
-  parseConfig = config:
-    let
-      parseLine = builtins.match ''(CONFIG_[[:upper:][:digit:]_]+)=(([ymn])|"([^"]*)")'';
-      # get either the [ymn] option or the "foo" option; whichever matched
-      t = l: let v = (i l 2); in [ (i l 0) (if v != null then v else (i l 3)) ];
-      lines = lib.strings.splitString "\n" config;
-    in map t (builtins.filter (l: l != null) (map parseLine lines));
-
-  origConfigfile = ./config;
-
-  linux-asahi-pkg = { stdenv, lib, fetchFromGitHub, fetchpatch, linuxKernel,
-      rustc, rust-bindgen, ... } @ args:
-    let
-      origConfigText = builtins.readFile origConfigfile;
-
-      # extraConfig from all patches in order
-      extraConfig =
-        lib.fold (patch: ex: ex ++ (parsePatchConfig patch)) [] _kernelPatches
-        ++ (lib.optional withRust [ "CONFIG_RUST" "y" ]);
-      # config file text for above
-      extraConfigText = let
-        text = k: v: if (v == "y") || (v == "m") || (v == "n")
-          then "${k}=${v}" else ''${k}="${v}"'';
-      in (map (t: text (i t 0) (i t 1)) extraConfig);
-
-      # final config as a text file path
-      configfile = if extraConfig == [] then origConfigfile else
-        writeText "config" ''
-          ${origConfigText}
-
-          # Patches
-          ${lib.strings.concatStringsSep "\n" extraConfigText}
-        '';
-      # final config as an attrset
-      configAttrs = let
-        makePair = t: lib.nameValuePair (i t 0) (i t 1);
-        configList = (parseConfig origConfigText) ++ extraConfig;
-      in builtins.listToAttrs (map makePair (lib.lists.reverseList configList));
-
-      # used to fix issues when nixpkgs gets ahead of the kernel
-      rustAtLeast = version: withRust && (lib.versionAtLeast rustc.version version);
-      bindgenAtLeast = version: withRust && (lib.versionAtLeast rust-bindgen.unwrapped.version version);
-    in
-    linuxKernel.manualConfig rec {
-      inherit stdenv lib;
-
-      version = "6.14.8-asahi";
-      modDirVersion = version;
-      extraMeta.branch = "6.14";
-
-      src = fetchFromGitHub {
-        # tracking: https://github.com/AsahiLinux/linux/tree/asahi-wip (w/ fedora verification)
-        owner = "AsahiLinux";
-        repo = "linux";
-        rev = "asahi-6.14.8-1";
-        hash = "sha256-JrWVw1FiF9LYMiOPm0QI0bg/CrZAMSSVcs4AWNDIH3Q=";
-      };
-
-      kernelPatches = [
-      ] ++ _kernelPatches;
-
-      inherit configfile;
-      config = configAttrs;
-    };
-
-  linux-asahi = (callPackage linux-asahi-pkg { });
-in lib.recurseIntoAttrs (linuxPackagesFor linux-asahi)

hosts/mac-nixos/apple-silicon-support/packages/m1n1/default.nix

@@ -1,110 +0,0 @@
-{ stdenv
-, buildPackages
-, lib
-, fetchFromGitHub
-, python3
-, dtc
-, imagemagick
-, isRelease ? false
-, withTools ? true
-, withChainloading ? false
-, customLogo ? null
-}:
-
-let
-  pyenv = python3.withPackages (p: with p; [
-    construct
-    pyserial
-  ]);
-
-  stdenvOpts = {
-    targetPlatform.system = "aarch64-none-elf";
-    targetPlatform.rust.rustcTarget = "${stdenv.hostPlatform.parsed.cpu.name}-unknown-none-softfloat";
-    targetPlatform.rust.rustcTargetSpec = "${stdenv.hostPlatform.parsed.cpu.name}-unknown-none-softfloat";
-  };
-  rust = buildPackages.rust.override {
-    stdenv = lib.recursiveUpdate buildPackages.stdenv stdenvOpts;
-  };
-  rustPackages = rust.packages.stable.overrideScope (f: p: {
-    rustc-unwrapped = p.rustc-unwrapped.override {
-      stdenv = lib.recursiveUpdate p.rustc-unwrapped.stdenv stdenvOpts;
-    };
-  });
-  rustPlatform = buildPackages.makeRustPlatform rustPackages;
-
-in stdenv.mkDerivation rec {
-  pname = "m1n1";
-  version = "1.4.21";
-
-  src = fetchFromGitHub {
-    # tracking: https://src.fedoraproject.org/rpms/m1n1
-    owner = "AsahiLinux";
-    repo = "m1n1";
-    rev = "v${version}";
-    hash = "sha256-PEjTaSwcsV8PzM9a3rDWMYXGX9FlrM0oeElrP5HYRPg=";
-    fetchSubmodules = true;
-  };
-  cargoVendorDir = ".";
-
-  makeFlags = [ "ARCH=${stdenv.cc.targetPrefix}" ]
-    ++ lib.optional isRelease "RELEASE=1"
-    ++ lib.optional withChainloading "CHAINLOADING=1";
-
-  nativeBuildInputs = [
-    dtc
-  ] ++ lib.optionals withChainloading [rustPackages.rustc rustPackages.cargo rustPlatform.cargoSetupHook]
-    ++ lib.optional (customLogo != null) imagemagick;
-
-  postPatch = ''
-    substituteInPlace proxyclient/m1n1/asm.py \
-      --replace 'aarch64-linux-gnu-' 'aarch64-unknown-linux-gnu-' \
-      --replace 'TOOLCHAIN = ""' 'TOOLCHAIN = "'$out'/toolchain-bin/"'
-  '';
-
-  preConfigure = lib.optionalString (customLogo != null) ''
-    pushd data &>/dev/null
-    ln -fs ${customLogo} bootlogo_256.png
-    if [[ "$(magick identify bootlogo_256.png)" != 'bootlogo_256.png PNG 256x256'* ]]; then
-      echo "Custom logo is not a 256x256 PNG"
-      exit 1
-    fi
-
-    rm bootlogo_128.png
-    convert bootlogo_256.png -resize 128x128 bootlogo_128.png
-    patchShebangs --build ./makelogo.sh
-    ./makelogo.sh
-    popd &>/dev/null
-  '';
-
-  installPhase = ''
-    runHook preInstall
-
-    mkdir -p $out/build
-    cp build/m1n1.bin $out/build
-  '' + (lib.optionalString withTools ''
-    mkdir -p $out/{bin,script,toolchain-bin}
-    cp -r proxyclient $out/script
-    cp -r tools $out/script
-
-    for toolpath in $out/script/proxyclient/tools/*.py; do
-      tool=$(basename $toolpath .py)
-      script=$out/bin/m1n1-$tool
-      cat > $script <<EOF
-#!/bin/sh
-${pyenv}/bin/python $toolpath "\$@"
-EOF
-      chmod +x $script
-    done
-
-    GCC=${buildPackages.gcc}
-    BINUTILS=${buildPackages.binutils-unwrapped}
-
-    ln -s $GCC/bin/${stdenv.cc.targetPrefix}gcc $out/toolchain-bin/
-    ln -s $GCC/bin/${stdenv.cc.targetPrefix}ld $out/toolchain-bin/
-    ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objcopy $out/toolchain-bin/
-    ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objdump $out/toolchain-bin/
-    ln -s $GCC/bin/${stdenv.cc.targetPrefix}nm $out/toolchain-bin/
-  '') + ''
-    runHook postInstall
-  '';
-}

hosts/mac-nixos/apple-silicon-support/packages/mesa-asahi-edge/default.nix

@@ -1,48 +0,0 @@
-{ lib
-, fetchFromGitLab
-, mesa
-}:
-
-(mesa.override {
-  galliumDrivers = [ "softpipe" "llvmpipe" "asahi" ];
-  vulkanDrivers = [ "swrast" "asahi" ];
-}).overrideAttrs (oldAttrs: {
-  version = "25.1.0-asahi";
-  src = fetchFromGitLab {
-    # tracking: https://pagure.io/fedora-asahi/mesa/commits/asahi
-    domain = "gitlab.freedesktop.org";
-    owner = "asahi";
-    repo = "mesa";
-    tag = "asahi-20250425";
-    hash = "sha256-3c3uewzKv5wL9BRwaVL4E3FnyA04veQwAPxfHiL7wII=";
-  };
-
-  mesonFlags =
-    let
-      badFlags = [
-        "-Dinstall-mesa-clc"
-        "-Dgallium-nine"
-        "-Dtools"
-      ];
-      isBadFlagList = f: builtins.map (b: lib.hasPrefix b f) badFlags;
-      isGoodFlag = f: !(builtins.foldl' (x: y: x || y) false (isBadFlagList f));
-    in
-    (builtins.filter isGoodFlag oldAttrs.mesonFlags) ++ [
-      # we do not build any graphics drivers these features can be enabled for
-      "-Dgallium-va=disabled"
-      "-Dgallium-vdpau=disabled"
-      "-Dgallium-xa=disabled"
-      "-Dtools=asahi"
-    ];
-
-  # replace patches with ones tweaked slightly to apply to this version
-  patches = [
-    ./opencl.patch
-  ];
-
-  postInstall = (oldAttrs.postInstall or "") + ''
-    # we don't build anything to go in this output but it needs to exist
-    touch $spirv2dxil
-    touch $cross_tools
-  '';
-})

hosts/mac-nixos/apple-silicon-support/packages/mesa-asahi-edge/opencl.patch

@@ -1,54 +0,0 @@
-diff --git a/meson.build b/meson.build
-index 07991a6..4c875b9 100644
---- a/meson.build
-+++ b/meson.build
-@@ -1900,7 +1900,7 @@ endif
-
- dep_clang = null_dep
- if with_clc or with_gallium_clover
--  llvm_libdir = dep_llvm.get_variable(cmake : 'LLVM_LIBRARY_DIR', configtool: 'libdir')
-+  llvm_libdir = get_option('clang-libdir')
-
-   dep_clang = cpp.find_library('clang-cpp', dirs : llvm_libdir, required : false)
-
-diff --git a/meson.options b/meson.options
-index 84e0f20..38ea92c 100644
---- a/meson.options
-+++ b/meson.options
-@@ -795,3 +795,10 @@ option(
-   value : false,
-   description : 'Install the drivers internal shader compilers (if needed for cross builds).'
- )
-+
-+option(
-+  'clang-libdir',
-+  type : 'string',
-+  value : '',
-+  description : 'Locations to search for clang libraries.'
-+)
-diff --git a/src/gallium/targets/opencl/meson.build b/src/gallium/targets/opencl/meson.build
-index ab2c835..a59e88e 100644
---- a/src/gallium/targets/opencl/meson.build
-+++ b/src/gallium/targets/opencl/meson.build
-@@ -56,7 +56,7 @@ if with_opencl_icd
-     configuration : _config,
-     input : 'mesa.icd.in',
-     output : 'mesa.icd',
--    install : true,
-+    install : false,
-     install_tag : 'runtime',
-     install_dir : join_paths(get_option('sysconfdir'), 'OpenCL', 'vendors'),
-   )
-diff --git a/src/gallium/targets/rusticl/meson.build b/src/gallium/targets/rusticl/meson.build
-index 2b214ad..7f91939 100644
---- a/src/gallium/targets/rusticl/meson.build
-+++ b/src/gallium/targets/rusticl/meson.build
-@@ -64,7 +64,7 @@ configure_file(
-   configuration : _config,
-   input : 'rusticl.icd.in',
-   output : 'rusticl.icd',
--  install : true,
-+  install : false,
-   install_tag : 'runtime',
-   install_dir : join_paths(get_option('sysconfdir'), 'OpenCL', 'vendors'),
- )

hosts/mac-nixos/apple-silicon-support/packages/overlay.nix

@@ -1,9 +0,0 @@
-final: prev: {
-  linux-asahi = final.callPackage ./linux-asahi { };
-  m1n1 = final.callPackage ./m1n1 { };
-  uboot-asahi = final.callPackage ./uboot-asahi { };
-  asahi-fwextract = final.callPackage ./asahi-fwextract { };
-  mesa-asahi-edge = final.callPackage ./mesa-asahi-edge { };
-  alsa-ucm-conf-asahi = final.callPackage ./alsa-ucm-conf-asahi { inherit (prev) alsa-ucm-conf; };
-  asahi-audio = final.callPackage ./asahi-audio { };
-}

hosts/mac-nixos/apple-silicon-support/packages/uboot-asahi/default.nix

@@ -1,44 +0,0 @@
-{ lib
-, fetchFromGitHub
-, buildUBoot
-, m1n1
-}:
-
-(buildUBoot rec {
-  src = fetchFromGitHub {
-    # tracking: https://pagure.io/fedora-asahi/uboot-tools/commits/main
-    owner = "AsahiLinux";
-    repo = "u-boot";
-    rev = "asahi-v2025.04-1";
-    hash = "sha256-/z37qj26AqsyEBsFT6UEN3GjG6KVsoJOoUB4s9BRDbE=";
-  };
-  version = "2025.04-1-asahi";
-
-  defconfig = "apple_m1_defconfig";
-  extraMeta.platforms = [ "aarch64-linux" ];
-  filesToInstall = [
-    "u-boot-nodtb.bin.gz"
-    "m1n1-u-boot.bin"
-  ];
-  extraConfig = ''
-    CONFIG_IDENT_STRING=" ${version}"
-    CONFIG_VIDEO_FONT_4X6=n
-    CONFIG_VIDEO_FONT_8X16=n
-    CONFIG_VIDEO_FONT_SUN12X22=n
-    CONFIG_VIDEO_FONT_16X32=y
-    CONFIG_CMD_BOOTMENU=y
-  '';
-}).overrideAttrs (o: {
-  # nixos's downstream patches are not applicable
-  patches = [ 
-  ];
-
-  # DTC= flag somehow breaks DTC compilation so we remove it
-  makeFlags = builtins.filter (s: (!(lib.strings.hasPrefix "DTC=" s))) o.makeFlags;
-
-  preInstall = ''
-    # compress so that m1n1 knows U-Boot's size and can find things after it
-    gzip -n u-boot-nodtb.bin
-    cat ${m1n1}/build/m1n1.bin arch/arm/dts/t[68]*.dtb u-boot-nodtb.bin.gz > m1n1-u-boot.bin
-  '';
-})

hosts/mac-nixos/boot.nix

@@ -1,34 +0,0 @@
-{ pkgs, lib, ... }:
-{
-  # Use the systemd-boot EFI boot loader.
-  boot = {
-    loader = {
-      systemd-boot = {
-        enable = true;
-        configurationLimit = 15;
-        consoleMode = lib.mkDefault "max";
-      };
-      efi.canTouchEfiVariables = lib.mkForce false;
-    };
-
-    kernelParams = [
-      "apple_dcp.show_notch=1"
-    ];
-
-    extraModprobeConfig = ''
-      options hid_apple iso_layout=0
-    '';
-
-    binfmt.registrations. "x86_64-linux" = {
-      magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
-      mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
-      openBinary = true;
-      interpreter = "${pkgs.box64}/bin/box64";
-      preserveArgvZero = true; 
-      matchCredentials = true;
-      fixBinary = false;
-    };
-  };
-
-  zramSwap.enable = true;
-}

hosts/mac-nixos/configuration.nix

@@ -1,70 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page, on
-# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-
-{ pkgs, lib, ... }:
-let
-  plasma = false;
-in
-{
-  imports = [
-    ./boot.nix
-    ./hardware-configuration.nix
-    ./networking.nix
-    ./services.nix
-  ];
-
-  hardware.asahi = {
-    enable = true;
-    useExperimentalGPUDriver = true;
-    peripheralFirmwareDirectory = ./firmware;
-    setupAsahiSound = true;
-  };
-
-  hardware.graphics.enable32Bit = lib.mkForce false;
-
-  nixpkgs.config.allowUnfree = true;
-  nixpkgs.config.allowUnsupportedSystem = true;
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.matt = {
-    isNormalUser = true;
-    extraGroups = [
-      "wheel"
-      "keys"
-      "networkmanager"
-      "ratbagd"
-      "input"
-      "scanner"
-      "lp"
-      "video"
-      "i2c"
-     ]; # Enable ‘sudo’ for the user.
-    shell = pkgs.zsh;
-    packages = with pkgs; [
-      firefox
-      tree
-      git
-      box64
-      prismlauncher
-      distrobox
-    ];
-  };
-
-  virtualisation = {
-    containers.enable = true;
-    podman.enable = true;
-  };
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    micro
-    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-    wget
-  ];
-
-  environment.sessionVariables = {
-    DBX_CONTAINER_MANAGER = "podman";
-  };
-}

hosts/mac-nixos/hardware-configuration.nix

@@ -1,78 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "uas" "sdhci_pci" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "none";
-      fsType = "tmpfs";
-    };
-
-  fileSystems."/root" =
-    { device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
-      fsType = "btrfs";
-      options = [ "compress=zstd" "noatime" "subvol=root" ];
-    };
-
-  fileSystems."/etc" =
-    { device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
-      fsType = "btrfs";
-      options = [ "compress=zstd" "noatime" "subvol=etc" ];
-    };
-
-  fileSystems."/tmp" =
-    { device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
-      fsType = "btrfs";
-      options = [ "compress=zstd" "noatime" "subvol=tmp" ];
-    };
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
-      fsType = "btrfs";
-      options = [ "compress=zstd" "noatime" "subvol=nix" ];
-    };
-
-  fileSystems."/var/log" =
-    { device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
-      fsType = "btrfs";
-      options = [ "compress=zstd" "noatime" "subvol=log" ];
-    };
-
-  fileSystems."/home" =
-    { device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
-      fsType = "btrfs";
-      options = [ "compress=zstd" "subvol=home" ];
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/23FA-AD3E";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
-
-  swapDevices = [
-    {
-      device = "/tmp/swapfile";
-      randomEncryption.enable = true;
-    }
-  ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
-}

hosts/mac-nixos/home.nix

@@ -1,14 +0,0 @@
-{ pkgs, ... }:
-{
-
-  home.username = "matt";
-  home.homeDirectory = "/home/matt";
-  home.stateVersion = "23.11";
-
-  home.packages = with pkgs; [
-    iw
-    iwd
-    orca-slicer
-    vscodium
-  ];
-}

hosts/mac-nixos/hyprland-settings.nix

@@ -1,44 +0,0 @@
-{
-  monitor = [
-    "eDP-1,3456x2234@60.00000,0x0,1.0,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98"
-  ];
-  
-  workspace = [
-    "name:firefox, monitor:eDP-1, default:false, special, class:(.*firefox.*)"
-    "name:discord, monitor:eDP-1, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
-    "name:steam, monitor:eDP-1, default:false, special, class:(.*[Ss]team.*)"
-  ];
-
-  windowRule = [
-    # "tag +fakefull, fullscreen: 0"
-    # "float, tag:fakefull"
-    # "size 3356 2160, tag:fakefull"
-    # "move 100 74, tag:fakefull"
-    # "noanim, tag:fakefull"
-    # "noblur, tag:fakefull"
-    # "norounding, tag:fakefull"
-    # "noshadow, tag:fakefull"
-    # "immediate, tag:fakefull"
-    # "noborder, tag:fakefull"
-    # "nodim, tag:fakefull"
-    # "idleinhibit, tag:fakefull"
-    "size 2160 3356, tag:horizonrdp"
-  ];
-
-  waybar = {
-    modules-right = [
-      "tray"
-      "temperature"
-      "temperature#gpu"
-      "keyboard-state#capslock"
-      "keyboard-state#numlock"
-      "wireplumber#sink"
-      # "wireplumber#source"
-      "bluetooth"
-      "network"
-      "clock"
-      "battery"
-      "custom/weather"
-    ];
-  };
-}

hosts/mac-nixos/networking.nix

@@ -1,37 +0,0 @@
-{ pkgs, lib, ... }:
-{
-  # Networking configs
-  networking = {
-    hostName = "macbook-pro-nixos";
-
-    wireless.iwd = {
-      enable = true;
-      settings = {
-        General = {
-            EnableNetworkConfiguration = true;
-        };
-        Rank = {
-          BandModifier2_4GHz = 1.0;
-          BandModifier5GHz = 5.0;
-          BandModifier6GHz = 10.0;
-        };
-        # DriverQuirks = {
-        #   PowerSaveDisable = "hci_bcm4377,brcmfmac";
-        # };
-        Network = {
-          AutoConnect = true;
-        };
-      };
-    };
-
-    # Enable Network Manager
-    networkmanager = {
-      enable = lib.mkForce false;
-      wifi = {
-        backend = lib.mkForce "iwd";
-        powersave = lib.mkDefault false;
-      };
-      settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
-    };
-  };
-}

hosts/mac-nixos/omnissa.nix

@@ -1,123 +0,0 @@
-{ stdenv
-, lib
-, buildFHSEnv
-, fetchurl
-, makeWrapper
-, gsettings-desktop-schemas
-, opensc
-, writeTextDir
-, configText ? ""
-}:
-
-let
-  version = "2503-8.15.0";
-  sysArch = "armhf";
-  mainProgram = "horizon-client";
-
-  wrapBinCommands = path: name: ''
-    makeWrapper "$out/${path}/${name}" "$out/bin/${name}_wrapper" \
-      --set GTK_THEME Adwaita \
-      --suffix XDG_DATA_DIRS : "${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name}" \
-      --suffix LD_LIBRARY_PATH : "$out/lib/omnissa/horizon:$out/lib/omnissa/horizon/vdpService:$out/lib/omnissa"
-  '';
-
-  omnissaHorizonClientFiles = stdenv.mkDerivation {
-    pname = "omnissa-horizon-armhf-files";
-    inherit version;
-
-    src = fetchurl {
-      url = "https://download3.omnissa.com/software/CART26FQ1_LIN_2503_TARBALL/Omnissa-Horizon-Client-Linux-2503-8.15.0-14256322247.tar.gz";
-      sha256 = "sha256-x98ITXF9xwzlPq375anQ2qBpMbZAcCqDVXBfvZPha7Q=";
-    };
-
-    nativeBuildInputs = [ makeWrapper ];
-
-    installPhase = ''
-      mkdir ext
-      tar -xzf $src
-      cd Omnissa-Horizon-Client-Linux-*/${sysArch}
-
-      mkdir -p ext
-      for archive in *.tar.gz; do
-        tar -C ext --strip-components=1 -xf "$archive"
-      done
-
-      chmod -R u+w ext/usr/lib
-
-      mkdir -p $out
-      mv ext/usr $out
-      mv ext/${sysArch}/lib $out/
-      mv ext/${sysArch}/include $out/
-
-      mkdir -p $out/lib/omnissa/horizon/pkcs11
-      ln -s ${opensc}/lib/pkcs11/opensc-pkcs11.so $out/lib/omnissa/horizon/pkcs11/libopenscpkcs11.so
-
-      chmod +x "$out/usr/bin/horizon-client"
-      ${wrapBinCommands "usr/bin" "horizon-client"}
-    '';
-  };
-
-  omnissaFHSUserEnv =
-    pname:
-    buildFHSEnv {
-      inherit pname version;
-
-      runScript = "${omnissaHorizonClientFiles}/bin/${pname}_wrapper";
-
-      targetPkgs = pkgs: with pkgs; [
-        atk
-        cairo
-        dbus
-        file
-        fontconfig
-        freetype
-        gdk-pixbuf
-        glib
-        gtk3
-        libjpeg
-        libpng
-        libpulseaudio
-        libtiff
-        libuuid
-        libv4l
-        libxml2
-        pango
-        pcsclite
-        pixman
-        udev
-        omnissaHorizonClientFiles
-        xorg.libX11
-        xorg.libXau
-        xorg.libXcursor
-        xorg.libXext
-        xorg.libXi
-        xorg.libXrandr
-        xorg.libXrender
-        xorg.libXtst
-        zlib
-
-        (writeTextDir "etc/omnissa/config" configText)
-      ];
-    };
-in
-stdenv.mkDerivation {
-  pname = "omnissa-horizon-client";
-  inherit version;
-
-  dontUnpack = true;
-
-  installPhase = ''
-    mkdir -p $out/bin
-    ln -s ${omnissaFHSUserEnv "horizon-client"}/bin/horizon-client $out/bin/
-    ln -s ${omnissaFHSUserEnv "horizon-eucusbarbitrator"}/bin/horizon-eucusbarbitrator $out/bin/
-  '';
-
-  passthru.unwrapped = omnissaHorizonClientFiles;
-
-  meta = {
-    description = "Omnissa Horizon Client for ARM";
-    homepage = "https://www.omnissa.com/products/horizon-8/";
-    license = lib.licenses.unfree;
-    platforms = [ "aarch64-linux" "armv7l-linux" ];
-  };
-}

hosts/mac-nixos/services.nix

@@ -1,83 +0,0 @@
-{ lib, ... }:
-{
-  services = {
-    auto-cpufreq = {
-      enable = true;
-      settings = {
-        # settings for when connected to a power source
-        charger = {
-          # see available governors by running: cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors
-          # preferred governor
-          governor = "performance";
-
-          # minimum cpu frequency (in kHz)
-          # example: for 800 MHz = 800000 kHz --> scaling_min_freq = 800000
-          # see conversion info: https://www.rapidtables.com/convert/frequency/mhz-to-hz.html
-          # to use this feature, uncomment the following line and set the value accordingly
-          # scaling_min_freq = 800000
-
-          # maximum cpu frequency (in kHz)
-          # example: for 1GHz = 1000 MHz = 1000000 kHz -> scaling_max_freq = 1000000
-          # see conversion info: https://www.rapidtables.com/convert/frequency/mhz-to-hz.html
-          # to use this feature, uncomment the following line and set the value accordingly
-          # scaling_max_freq = 1000000
-
-          # turbo boost setting. possible values: always, auto, never
-          turbo = "auto";
-        };
-        # settings for when using battery power
-        battery = {
-          # see available governors by running: cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors
-          # preferred governor
-          governor = "schedutil";
-
-          # minimum cpu frequency (in kHz)
-          # example: for 800 MHz = 800000 kHz --> scaling_min_freq = 800000
-          # see conversion info: https://www.rapidtables.com/convert/frequency/mhz-to-hz.html
-          # to use this feature, uncomment the following line and set the value accordingly
-          # scaling_min_freq = 800000
-
-          # maximum cpu frequency (in kHz)
-          # see conversion info: https://www.rapidtables.com/convert/frequency/mhz-to-hz.html
-          # example: for 1GHz = 1000 MHz = 1000000 kHz -> scaling_max_freq = 1000000
-          # to use this feature, uncomment the following line and set the value accordingly
-          # scaling_max_freq = 1000000
-
-          # turbo boost setting (always, auto, or never)
-          turbo = "auto";
-
-          # battery charging threshold
-          # reference: https://github.com/AdnanHodzic/auto-cpufreq/#battery-charging-thresholds
-          #enable_thresholds = true
-          #start_threshold = 20
-          #stop_threshold = 80
-        };
-      };
-    };
-  
-    displayManager = {
-      sddm = {
-        enable = lib.mkForce true;
-        wayland.enable = lib.mkForce true;
-      };
-      gdm.enable = lib.mkForce false;
-    };
-  
-    desktopManager = {
-      plasma6.enable = lib.mkForce false;
-      gnome.enable = lib.mkForce false;
-    };
-
-    logind = {
-      lidSwitch = "suspend";
-      lidSwitchExternalPower = "ignore";
-      powerKey = "suspend";
-      powerKeyLongPress = "poweroff";
-    };
-
-    # Enable Flatpak
-    flatpak.enable = lib.mkDefault false;
-
-    gvfs.enable = true;
-  };
-}

hosts/mac/configuration.nix

@@ -1,78 +0,0 @@
-{ pkgs, ... }:
-{
-  #nix run nix-darwin -- switch --flake ~/nix-config
-
-  # List packages installed in system profile. To search by name, run:
-  # $ nix-env -qaP | grep wget
-  environment.systemPackages = with pkgs; [
-    asitop
-    mas
-    python3
-    python3Packages.beautifulsoup4
-    python3Packages.requests
-    python3Packages.selenium
-    vim
-  ];
-
-  # Homebrew
-  homebrew.enable = true;
-  homebrew.casks = [
-    "spotify"
-    "protonvpn"
-    "omnissa-horizon-client"
-    "tg-pro"
-    "steam"
-    "orcaslicer"
-    "vscodium"
-    "epic-games"
-    "wine-stable"
-    "scroll-reverser"
-  ];
-
-  homebrew.masApps = {
-    Tailscale = 1475387142;
-    Infuse = 1136220934;
-    Amphetamine = 937984704;
-  };
-  # homebrew.global.autoUpdate = true;
-
-  security.pam.services.sudo_local.touchIdAuth = true;
-
-  # Auto upgrade nix package and the daemon service.
-  # services.nix-daemon.enable = true;
-  # nix.package = pkgs.nix;
-
-  # Necessary for using flakes on this system.
-  nix.settings.experimental-features = "nix-command flakes";
-
-  # Allow unfree
-  nixpkgs.config.allowUnfree = true;
-
-  # Create /etc/zshrc that loads the nix-darwin environment.
-  programs.zsh.enable = true;  # default shell on catalina
-
-  system = {
-    defaults = {
-      trackpad.Clicking = true;
-      dock.autohide = false;
-
-      NSGlobalDomain = {
-        AppleInterfaceStyle = "Dark";
-        "com.apple.mouse.tapBehavior" = 1;
-        "com.apple.keyboard.fnState" = false;
-      };
-    };
-
-    # Used for backwards compatibility, please read the changelog before changing.
-    # $ darwin-rebuild changelog
-    stateVersion = 5;
-  };
-
-  # The platform the configuration will be used on.
-  nixpkgs.hostPlatform = "aarch64-darwin";
-
-  users.users.mattjallen = {
-    name = "mattjallen";
-    home = "/Users/mattjallen";
-  };
-}

hosts/mac/home.nix

@@ -1,111 +0,0 @@
-{ ... }:
-let
-  shellAliases = {
-    update-switch = "darwin-rebuild switch --flake ~/nix-config";
-    update-flake = "nix flake update ~/nix-config";
-    ducks = "du -cksh * | sort -hr | head -n 15";
-  };
-
-  gitAliases = {
-    co = "checkout";
-    ci = "commit";
-    cia = "commit --amend";
-    s = "status";
-    st = "status";
-    b = "branch";
-    p = "pull --rebase";
-    pu = "push";
-  };
-in
-{
-  imports = [ ./trampoline-apps ];
-  # Home Manager needs a bit of information about you and the
-  # paths it should manage.
-  home.username = "mattjallen";
-  home.homeDirectory = "/Users/mattjallen";
-
-  # This value determines the Home Manager release that your
-  # configuration is compatible with. This helps avoid breakage
-  # when a new Home Manager release introduces backwards
-  # incompatible changes.
-  #
-  # You can update Home Manager without changing this value. See
-  # the Home Manager release notes for a list of state version
-  # changes in each release.
-  home.stateVersion = "23.11";
-
-  programs = {
-    # Let Home Manager install and manage itself.
-    home-manager = {
-      enable = true;
-    };
-
-    vscode = {
-      enable = true;
-    };
-
-    btop.enable = true;
-
-    zsh = {
-      enable = true;
-      enableCompletion = true;
-      autosuggestion.enable = true;
-      syntaxHighlighting.enable = true;
-
-      shellAliases = shellAliases;
-
-      oh-my-zsh = {
-        enable = true;
-        plugins = [ "git" ];
-        theme = "fishy";
-      };
-    };
-
-    librewolf = {
-      enable = true;
-      settings = {
-        "identity.fxaccounts.enabled" = true; # Enable Firefox Accounts
-        "privacy.clearOnShutdown.history" = false; # Disable clearing history on shutdown
-        "privacy.clearOnShutdown.downloads" = false; # Disable clearing downloads on shutdown
-        "privacy.clearOnShutdown.cache" = false; # Disable clearing cache on shutdown
-        "privacy.clearOnShutdown.cookiesAndStorage" = false; # Disable clearing cookies and storage on shutdown
-        "privacy.clearOnShutdown.cookies" = false; # Disable clearing cookies on shutdown
-        "privacy.clearOnShutdown_v2.cache" = false; # Disable clearing cache on shutdown
-        "privacy.clearOnShutdown_v2.cookiesAndStorage" = false; # Disable clearing cookies and storage on shutdown
-        "privacy.clearOnShutdown.formdata" = false; # Disable clearing form data on shutdown
-        "privacy.clearOnShutdown.offlineApps" = false; # Disable clearing offline apps on shutdown
-        "privacy.clearHistory.cache" = false; # Disable clearing cache on history clear
-        "privacy.clearHistory.cookiesAndStorage" = false; # Disable clearing cookies on history clear
-        "privacy.clearHistory.historyFormDataAndDownloads" = false; # Disable clearing history, form data, and downloads on history clear
-        "privacy.clearHistory.browsingHistoryAndDownloads" = false; # Disable clearing browsing history and downloads on history clear
-        "privacy.clearSiteData.cache" = false; # Disable clearing cache on site data clear
-        "privacy.clearSiteData.cookiesAndStorage" = false; # Disable clearing cookies on site data clear
-        "services.sync.prefs.sync.privacy.clearOnShutdown.cache" = true; # Enable syncing cache clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown.cookies" = true; # Enable syncing cookies clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown.downloads" = true; # Enable syncing downloads clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown.formdata" = true; # Enable syncing form data clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown.history" = true; # Enable syncing history clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps" = true; # Enable syncing offline apps clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown.sessions" = true; # Enable syncing sessions clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings" = true; # Enable syncing site settings clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown_v2.cache" = true; # Enable syncing cache clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown_v2.cookiesAndStorage" = true; # Enable syncing cookies clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown_v2.downloads" = true; # Enable syncing downloads clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; # Enable syncing form data clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown_v2.siteSettings" = true; # Enable syncing site settings clear on shutdown
-        "browser.newtabpage.activity-stream.feeds.topsites" = true; # Enable top sites on new tab page
-        "browser.newtabpage.activity-stream.topSitesRows" = 3; # Set number of rows for top sites on new tab page
-      };
-    };
-  };
-
-  programs.git = {
-    enable = true;
-    userName = "mjallen18";
-    userEmail = "matt.l.jallen@gmail.com";
-    aliases = gitAliases;
-  };
-
-  # Manage bug in compilations - who uses manpages in 2024 anyways? :P
-  manual.manpages.enable = false;
-}

hosts/mac/trampoline-apps/default.nix

@@ -1,25 +0,0 @@
-# Hook home-manager to make a trampoline for each app we install
-# from: https://github.com/nix-community/home-manager/issues/1341#issuecomment-1870352014
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-with lib;
-{
-  config = mkIf pkgs.stdenv.hostPlatform.isDarwin {
-    # Install MacOS applications to the user Applications folder. Also update Docked applications
-    home.extraActivationPath = with pkgs; [
-      rsync
-      dockutil
-      gawk
-    ];
-    home.activation.trampolineApps = hm.dag.entryAfter [ "writeBoundary" ] ''
-      ${builtins.readFile ./lib-bash/trampoline-apps.sh}
-      fromDir="$HOME/Applications/Home Manager Apps"
-      toDir="$HOME/Applications/Home Manager Trampolines"
-      sync_trampolines "$fromDir" "$toDir"
-    '';
-  };
-}

hosts/mac/trampoline-apps/lib-bash/trampoline-apps.sh

@@ -1,131 +0,0 @@
-# Utilities not in nixpkgs.
-plutil="/usr/bin/plutil"
-killall="/usr/bin/killall"
-osacompile="/usr/bin/osacompile"
-
-copyable_app_props=(
-  "CFBundleDevelopmentRegion"
-  "CFBundleDocumentTypes"
-  "CFBundleGetInfoString"
-  "CFBundleIconFile"
-  "CFBundleIdentifier"
-  "CFBundleInfoDictionaryVersion"
-  "CFBundleName"
-  "CFBundleShortVersionString"
-  "CFBundleURLTypes"
-  "NSAppleEventsUsageDescription"
-  "NSAppleScriptEnabled"
-  "NSDesktopFolderUsageDescription"
-  "NSDocumentsFolderUsageDescription"
-  "NSDownloadsFolderUsageDescription"
-  "NSPrincipalClass"
-  "NSRemovableVolumesUsageDescription"
-  "NSServices"
-  "UTExportedTypeDeclarations"
-)
-
-function sync_icons() {
-  local from="$1"
-  local to="$2"
-  from_resources="$from/Contents/Resources/"
-  to_resources="$to/Contents/Resources/"
-
-  find "$to_resources" -name "*.icns" -delete
-  rsync --include "*.icns" --exclude "*" --recursive "$from_resources" "$to_resources"
-}
-
-function copy_paths() {
-  local from="$1"
-  local to="$2"
-  local paths=("${@:3}")
-
-  keys=$(jq -n '$ARGS.positional' --args "${paths[@]}")
-  jqfilter="to_entries |[.[]| select(.key as \$item| \$keys | index(\$item) >= 0) ] | from_entries"
-
-  temp_dir=$(mktemp -d)
-  trap 'rm -rf "$temp_dir"' EXIT
-
-  pushd $temp_dir >/dev/null
-
-  cp "$from" "orig"
-  chmod u+w "orig"
-
-  cp "$to" "bare-wrapper"
-  chmod u+w "bare-wrapper"
-
-  $plutil -convert json -- "orig"
-  $plutil -convert json -- "bare-wrapper"
-  jq --argjson keys "$keys" "$jqfilter" <"orig" >"filtered"
-  cat "bare-wrapper" "filtered" | jq -s add >"final"
-  $plutil -convert xml1 -- "final"
-
-  cp "final" "$to"
-  popd >/dev/null
-}
-
-function sync_dock() {
-  # Make sure all environment variables are cleared that might affect dockutil
-  unset SUDO_USER
-
-  # Array of applications to sync
-  declare -a apps=("$@")
-
-  # Iterate through each provided app
-  for app_path in "${apps[@]}"; do
-    if [ -d "$app_path" ]; then
-      # Extract the name of the app from the path
-      app_name=$(basename "$app_path")
-      app_name=${app_name%.*} # Remove the '.app' extension
-      resolved_path=$(realpath "$app_path")
-
-      # Find the current Dock item for the app, if it exists
-      current_dock_item=$(dockutil --list --no-restart | grep "$app_name.app" | awk -F "\t" '{print $1}' || echo "")
-
-      if [ -n "$current_dock_item" ]; then
-        # The app is currently in the Dock, attempt to replace it
-        echo "Updating $app_name in Dock..."
-        dockutil --add "$resolved_path" --replacing "$current_dock_item" --no-restart
-      else
-        # The app is not in the Dock; you might choose to add it or do nothing
-        echo "$app_name is not currently in the Dock."
-      fi
-    else
-      echo "Warning: Provided path $app_path is not valid."
-    fi
-  done
-
-  # Restart the Dock to apply changes
-  $killall Dock
-}
-
-function mktrampoline() {
-  local app="$1"
-  local trampoline="$2"
-
-  if [[ ! -d $app ]]; then
-    echo "app path is not directory."
-    return 1
-  fi
-
-  cmd="do shell script \"open '$app'\""
-  $osacompile -o "$trampoline" -e "$cmd"
-  sync_icons "$app" "$trampoline"
-  copy_paths "$(realpath "$app/Contents/Info.plist")" "$(realpath "$trampoline/Contents/Info.plist")" "${copyable_app_props[@]}"
-}
-
-function sync_trampolines() {
-  [[ ! -d "$1" ]] && echo "Source directory does not exist" && return 1
-
-  if [[ -d "$2" ]]; then
-    rm -rf "$2"
-  fi
-  mkdir -p "$2"
-
-  apps=("$1"/*.app)
-
-  for app in "${apps[@]}"; do
-    trampoline="$2/$(basename "$app")"
-    mktrampoline "$app" "$trampoline"
-  done
-  sync_dock "${apps[@]}"
-}

hosts/nas/apps.nix

@@ -1,105 +0,0 @@
-{ pkgs, lib, ... }:
-let
-  settings = import ./settings.nix;
-in
-{
-  imports = [
-    ./apps/actual
-    ./apps/arrs
-    ./apps/crowdsec
-    ./apps/excalidraw
-    ./apps/gitea
-    ./apps/immich
-    ./apps/jellyfin
-    ./apps/jellyseerr
-    ./apps/lubelogger
-    ./apps/nextcloud
-    ./apps/ollama
-    ./apps/orca
-    ./apps/paperless
-    ./apps/traefik
-    ./apps/wyoming
-    ../../modules
-  ];
-
-  nas-apps = {
-    actual = {
-      enable = true;
-      port = 3333;
-      localAddress = "10.0.3.18";
-      dataDir = "/media/nas/ssd/nix-app-data/actual";
-      reverseProxy = {
-        enable = true;
-        host = "actual.mjallen.dev";
-        middlewares = [ "crowdsec" "whitelist-geoblock" ];
-      };
-    };
-
-    arrs = {
-      enable = true;
-      localAddress = "10.0.1.51";
-      downloadsDir = "/media/nas/ssd/ssd_app_data/downloads";
-      incompleteDownloadsDir = "/media/nas/ssd/ssd_app_data/downloads-incomplete";
-      moviesDir = "/media/nas/main/movies";
-      tvDir = "/media/nas/main/tv";
-      isosDir = "/media/nas/main/isos";
-      radarr = {
-        enable = true;
-        port = 7878;
-        dataDir = "/media/nas/ssd/nix-app-data/radarr";
-      };
-      sonarr = {
-        enable = true;
-        port = 8989;
-        dataDir = "/media/nas/ssd/nix-app-data/sonarr";
-      };
-      sabnzbd = {
-        enable = true;
-        port = 8280;
-        dataDir = "/media/nas/ssd/nix-app-data/sabnzbd";
-      };
-      deluge = {
-        enable = true;
-        port = 8112;
-      };
-      jackett = {
-        enable = true;
-        port = 9117;
-        dataDir = "/media/nas/ssd/nix-app-data/jackett";
-      };
-    };
-
-    crowdsec = {
-      enable = true;
-      port = 9898;
-      apiAddress = settings.hostAddress;
-      apiKey = "1daH89qmJ41r2Lpd9hvDw4sxtOAtBzaj3aKFOFqE";
-      dataDir = "/media/nas/ssd/nix-app-data/crowdsec";
-    };
-
-    gitea = {
-      enable = true;
-      httpPort = 3000;
-      sshPort = 2222;
-      localAddress = "10.0.4.18";
-      dataDir = "/media/nas/ssd/nix-app-data/gitea";
-      reverseProxy = {
-        enable = true;
-        host = "gitea.mjallen.dev";
-        middlewares = [ "crowdsec" "whitelist-geoblock" ];
-      };
-    };
-
-    free-games-claimer.enable = true;
-
-    manyfold.enable = true;
-
-    orca-slicer = {
-      enable = true;
-      httpPort = "3100";
-      httpsPort = "3101";
-    };
-
-    tdarr.enable = true;
-  };
-}

hosts/nas/apps/actual/default.nix

@@ -1,125 +0,0 @@
-{ config, pkgs, lib, ... }:
-with lib;
-let
-  cfg = config.nas-apps.actual;
-  settings = import ../settings.nix;
-  dataDir = "/data";
-  hostAddress = settings.hostAddress;
-  actualUserId = config.users.users.nix-apps.uid;
-  actualGroupId = config.users.groups.jallen-nas.gid;
-in
-{
-  imports = [ ./options.nix ];
-
-  config = mkIf cfg.enable {
-    containers.actual = {
-      autoStart = true;
-      privateNetwork = true;
-      hostAddress = hostAddress;
-      localAddress = cfg.localAddress;
-
-      bindMounts = {
-        ${dataDir} = {
-          hostPath = cfg.dataDir;
-          isReadOnly = false;
-        };
-      };
-
-      config = { lib, ... }:
-        {
-          services.actual = {
-            enable = true;
-            openFirewall = true;
-            settings = {
-              trustedProxies = [ hostAddress ];
-              port = cfg.port;
-              dataDir = dataDir;
-              serverFiles = "${dataDir}/server-files";
-              userFiles = "${dataDir}/user-files";
-            };
-          };
-
-          users.users.actual = {
-            isSystemUser = true;
-            uid = lib.mkForce actualUserId;
-            group = "actual";
-          };
-
-          users.groups = {
-            actual = {
-              gid = lib.mkForce actualGroupId;
-            };
-          };
-
-          # System packages
-          environment.systemPackages = with pkgs; [
-            sqlite
-          ];
-
-          # Create and set permissions for required directories
-          system.activationScripts.actual-dirs = ''
-            mkdir -p ${dataDir}
-            chown -R actual:actual ${dataDir}
-            chmod -R 0700 ${dataDir}
-          '';
-
-          systemd.services = {
-            actual = {            
-              environment.ACTUAL_CONFIG_PATH = lib.mkForce "${dataDir}/config.json";
-              serviceConfig = {
-                ExecStart = lib.mkForce "${pkgs.actual-server}/bin/actual-server --config ${dataDir}/config.json";
-                WorkingDirectory = lib.mkForce dataDir;
-                StateDirectory = lib.mkForce dataDir;
-                StateDirectoryMode = lib.mkForce 0700;
-                DynamicUser = lib.mkForce false;
-                ProtectSystem = lib.mkForce null;
-              };
-            };
-          };
-
-          networking = {
-            firewall = {
-              enable = true;
-              allowedTCPPorts = [ cfg.port ];
-            };
-            # Use systemd-resolved inside the container
-            # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
-            useHostResolvConf = lib.mkForce false;
-          };
-
-          services.resolved.enable = true;
-          system.stateVersion = "23.11";
-        };
-    };
-
-    services.traefik.dynamicConfigOptions = lib.mkIf cfg.reverseProxy.enable {
-      services.actual.loadBalancer.servers = [
-        {
-          url = "http://${cfg.localAddress}:${toString cfg.port}";
-        }
-      ];
-      routers.actual = {
-        entryPoints = [ "websecure" ];
-        rule = "Host(`${cfg.reverseProxy.host}`)";
-        service = "actual";
-        middlewares = cfg.reverseProxy.middlewares;
-        tls.certResolver = "letsencrypt";
-      };
-    };
-
-    networking = {
-      nat = {
-        forwardPorts = [
-          {
-            destination = "${cfg.localAddress}:${toString cfg.port}";
-            sourcePort = cfg.port;
-          }
-        ];
-      };
-      firewall = {
-        allowedTCPPorts = [ cfg.port ];
-        allowedUDPPorts = [ cfg.port ];
-      };
-    };
-  };
-}

hosts/nas/apps/actual/options.nix

@@ -1,37 +0,0 @@
-{ lib, ... }:
-with lib;
-{
-  options.nas-apps.actual = {
-    enable = mkEnableOption "actual service";
-
-    port = mkOption {
-      type = types.int;
-      default = 80;
-    };
-
-    localAddress = mkOption {
-      type = types.str;
-      default = "127.0.0.1";
-    };
-
-    dataDir = mkOption {
-      type = types.str;
-      default = "";
-    };
-
-    reverseProxy = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-      };
-      host = mkOption {
-        type = types.str;
-        default = "";
-      };
-      middlewares = mkOption {
-        type = with types; listOf str;
-        default = [ ];
-      };
-    };
-  };
-}

hosts/nas/apps/arrs/default.nix

@@ -1,237 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-with lib;
-let
-  cfg = config.nas-apps.arrs;
-  settings = import ../settings.nix;
-  radarrDataDir = "/var/lib/radarr";
-  downloadDir = "/downloads";
-  incompleteDir = "/downloads-incomplete";
-  sonarrDataDir = "/var/lib/sonarr";
-  sabnzbdConfig = "/var/lib/sabnzbd";
-  jackettDir = "/var/lib/jackett/.config/Jackett";
-  mediaDir = "/media";
-  arrUserId = config.users.users.nix-apps.uid;
-  arrGroupId = config.users.groups.jallen-nas.gid;
-  radarrPkg = pkgs.radarr;
-  sonarrPkg = pkgs.sonarr;
-  delugePkg = pkgs.deluge;
-  jackettPkg = pkgs.jackett;
-  sabnzbdPkg = pkgs.sabnzbd;
-in
-{
-  imports = [ ./options.nix ];
-
-  config = mkIf cfg.enable {
-    containers.arrs = {
-      autoStart = true;
-      privateNetwork = true;
-      hostAddress = settings.hostAddress;
-      localAddress = cfg.localAddress;
-
-      config =
-        {
-          pkgs,
-          lib,
-          ...
-        }:
-        {
-          nixpkgs.config.allowUnfree = true;
-
-          # Enable radarr service
-          services.radarr = {
-            enable = cfg.radarr.enable;
-            openFirewall = true;
-            user = "arrs";
-            group = "media";
-            dataDir = radarrDataDir;
-            package = radarrPkg;
-          };
-
-          # Enable Sonarr service
-          services.sonarr = {
-            enable = cfg.sonarr.enable;
-            openFirewall = true;
-            user = "arrs";
-            group = "media";
-            dataDir = sonarrDataDir;
-            package = sonarrPkg;
-          };
-
-          # Enable Sabnzbd service
-          services.sabnzbd = {
-            enable = cfg.sabnzbd.enable;
-            openFirewall = true;
-            user = "arrs";
-            group = "media";
-            configFile = "${sabnzbdConfig}/sabnzbd.ini";
-            package = sabnzbdPkg;
-          };
-
-          services.deluge = {
-            enable = cfg.deluge.enable;
-            user = "arrs";
-            group = "media";
-            openFirewall = true;
-            dataDir = "/media";
-            package = delugePkg;
-            web = {
-              enable = true;
-              port = cfg.deluge.port;
-              openFirewall = true;
-            };
-          };
-
-          services.jackett = {
-            enable = cfg.jackett.enable;
-            user = "arrs";
-            group = "media";
-            openFirewall = true;
-            package = jackettPkg;
-          };
-
-          # Create required users and groups
-          users.users.arrs = {
-            isSystemUser = true;
-            uid = lib.mkForce arrUserId;
-            group = "media";
-            extraGroups = [ "downloads" ];
-          };
-
-          users.groups = {
-            media = {
-              gid = lib.mkForce arrGroupId;
-            };
-            downloads = { };
-          };
-
-          # System packages
-          environment.systemPackages = with pkgs; [
-            glib
-            sqlite
-            mono
-            mediainfo
-            protonvpn-cli_2
-          ];
-
-          # Create and set permissions for required directories
-          system.activationScripts.arr-dirs = ''
-            mkdir -p ${radarrDataDir}
-            mkdir -p ${sonarrDataDir}
-            mkdir -p ${sabnzbdConfig}
-            mkdir -p ${downloadDir}
-            mkdir -p ${incompleteDir}
-            mkdir -p ${mediaDir}
-
-            chown -R arrs:media ${radarrDataDir}
-            chown -R arrs:media ${sonarrDataDir}
-            chown -R arrs:media ${sabnzbdConfig}
-            chown -R arrs:media ${downloadDir}
-            chown -R arrs:media ${incompleteDir}
-            chown -R arrs:media ${mediaDir}
-
-            chmod -R 775 ${radarrDataDir}
-            chmod -R 775 ${sonarrDataDir}
-            chmod -R 775 ${sabnzbdConfig}
-            chmod -R 775 ${downloadDir}
-            chmod -R 775 ${incompleteDir}
-            chmod -R 775 ${mediaDir}
-
-          '';
-
-          networking = {
-            firewall = {
-              enable = true;
-              allowedTCPPorts = [
-                cfg.radarr.port
-                cfg.sonarr.port
-                cfg.sabnzbd.port
-                8080
-              ];
-            };
-            # Use systemd-resolved inside the container
-            # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
-            useHostResolvConf = lib.mkForce false;
-          };
-
-          services.resolved.enable = true;
-          system.stateVersion = "23.11";
-        };
-
-      # Bind mount directories from host
-      bindMounts = {
-        "${radarrDataDir}" = {
-          hostPath = cfg.radarr.dataDir;
-          isReadOnly = false;
-        };
-        "${sonarrDataDir}" = {
-          hostPath = cfg.sonarr.dataDir;
-          isReadOnly = false;
-        };
-        "${sabnzbdConfig}" = {
-          hostPath = cfg.sabnzbd.dataDir;
-          isReadOnly = false;
-        };
-        "${downloadDir}" = {
-          hostPath = cfg.downloadsDir;
-          isReadOnly = false;
-        };
-        "${incompleteDir}" = {
-          hostPath = cfg.incompleteDownloadsDir;
-          isReadOnly = false;
-        };
-        "${jackettDir}" = {
-          hostPath = cfg.jackett.dataDir;
-          isReadOnly = false;
-        };
-        "/media/movies" = {
-          hostPath = cfg.moviesDir;
-          isReadOnly = false;
-        };
-        "/media/tv" = {
-          hostPath = cfg.tvDir;
-          isReadOnly = false;
-        };
-        "/media/isos" = {
-          hostPath = cfg.isosDir;
-          isReadOnly = false;
-        };
-      };
-    };
-
-    networking = {
-        nat = {
-        forwardPorts = [
-          {
-            destination = "${cfg.localAddress}:${toString cfg.radarr.port}";
-            sourcePort = cfg.radarr.port;
-          }
-          {
-            destination = "${cfg.localAddress}:${toString cfg.sonarr.port}";
-            sourcePort = cfg.sonarr.port;
-          }
-          {
-            destination = "${cfg.localAddress}:8080";
-            sourcePort = cfg.sabnzbd.port;
-          }
-          {
-            destination = "${cfg.localAddress}:${toString cfg.deluge.port}";
-            sourcePort = cfg.deluge.port;
-          }
-          {
-            destination = "${cfg.localAddress}:${toString cfg.jackett.port}";
-            sourcePort = cfg.jackett.port;
-          }
-        ];
-      };
-      firewall = {
-        allowedTCPPorts = [ cfg.radarr.port cfg.sonarr.port cfg.sabnzbd.port 8080 cfg.deluge.port cfg.jackett.port ];
-        allowedUDPPorts = [ cfg.radarr.port cfg.sonarr.port cfg.sabnzbd.port 8080 cfg.deluge.port cfg.jackett.port ];
-      };
-    };
-  };
-}

hosts/nas/apps/arrs/options.nix

@@ -1,112 +0,0 @@
-{ lib, ... }:
-with lib;
-{
-  options.nas-apps.arrs = {
-    enable = mkEnableOption "arrs services";
-
-    radarr = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-      };
-      port = mkOption {
-        type = types.int;
-        default = 7878;
-      };
-      dataDir = mkOption {
-        type = types.str;
-        default = "";
-      };
-    };
-
-    sonarr = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-      };
-      port = mkOption {
-        type = types.int;
-        default = 8989;
-      };
-      dataDir = mkOption {
-        type = types.str;
-        default = "";
-      };
-    };
-
-    sabnzbd = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-      };
-      port = mkOption {
-        type = types.int;
-        default = 8280;
-      };
-      dataDir = mkOption {
-        type = types.str;
-        default = "";
-      };
-    };
-
-    deluge = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-      };
-      port = mkOption {
-        type = types.int;
-        default = 8112;
-      };
-      dataDir = mkOption {
-        type = types.str;
-        default = "";
-      };
-    };
-
-    jackett = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-      };
-      port = mkOption {
-        type = types.int;
-        default = 9117;
-      };
-      dataDir = mkOption {
-        type = types.str;
-        default = "";
-      };
-    };
-
-    localAddress = mkOption {
-      type = types.str;
-      default = "127.0.0.1";
-    };
-
-    downloadsDir = mkOption {
-      type = types.str;
-      default = "";
-    };
-
-    incompleteDownloadsDir = mkOption {
-      type = types.str;
-      default = "";
-    };
-
-    moviesDir = mkOption {
-      type = types.str;
-      default = "";
-    };
-
-    tvDir = mkOption {
-      type = types.str;
-      default = "";
-    };
-
-    isosDir = mkOption {
-      type = types.str;
-      default = "";
-    };
-  };
-}

hosts/nas/apps/crowdsec/default.nix

@@ -1,58 +0,0 @@
-{ outputs, config, lib, pkgs, ... }:
-with lib;
-let
-  cfg = config.nas-apps.crowdsec;
-in
-{
-  imports = [ ./options.nix ];
-  config = lib.mkIf cfg.enable {
-    services = {
-      crowdsec = let
-        yaml = (pkgs.formats.yaml {}).generate;
-        acquisitions_file = yaml "acquisitions.yaml" {
-          source = "journalctl";
-          journalctl_filter = ["_SYSTEMD_UNIT=sshd.service"];
-          labels.type = "syslog";
-        };
-      in  {
-        enable = true;
-        enrollKeyFile = "${cfg.dataDir}/enroll.key";
-        settings = {
-          crowdsec_service.acquisition_path = acquisitions_file;
-          api.server = {
-            listen_uri = "0.0.0.0:${toString cfg.port}";
-          };
-        };
-      };
-
-      crowdsec-firewall-bouncer = {
-        enable = true;
-        settings = {
-          api_key = cfg.apiKey;
-          api_url = "http://${cfg.apiAddress}:${toString cfg.port}";
-        };
-      };
-    };
-
-    systemd.services.crowdsec.serviceConfig = {
-      ExecStartPre = let
-        script = pkgs.writeScriptBin "register-bouncer" ''
-          #!${pkgs.runtimeShell}
-          set -eu
-          set -o pipefail
-
-          if ! cscli bouncers list | grep -q "nas-bouncer"; then
-            cscli bouncers add "nas-bouncer" --key "${cfg.apiKey}"
-          fi
-        '';
-      in ["${script}/bin/register-bouncer"];
-    };
-
-    networking = {
-      firewall = {
-        allowedTCPPorts = [ cfg.port ];
-        allowedUDPPorts = [ cfg.port ];
-      };
-    };
-  };
-}

hosts/nas/apps/crowdsec/options.nix

@@ -1,27 +0,0 @@
-{ lib, ... }:
-with lib;
-{
-  options.nas-apps.crowdsec = {
-    enable = mkEnableOption "crowdsec service";
-
-    port = mkOption {
-      type = types.int;
-      default = 9898;
-    };
-
-    apiAddress = mkOption {
-      type = types.str;
-      default = "127.0.0.1";
-    };
-
-    apiKey = mkOption {
-      type = types.str;
-      default = "";
-    };
-
-    dataDir = mkOption {
-      type = types.str;
-      default = "";
-    };
-  };
-}

hosts/nas/apps/excalidraw/default.nix

@@ -1,13 +0,0 @@
-{ config, ... }:
-{
-  virtualisation.oci-containers.containers.excalidraw = {
-    autoStart = true;
-    image = "excalidraw/excalidraw";
-    ports = [ "8765:80" ];
-    environment = {
-      PUID = toString config.users.users.nix-apps.uid;
-      PGID = toString config.users.groups.jallen-nas.gid;
-      TZ = "America/Chicago";
-    };
-  };
-}

hosts/nas/apps/gitea/default.nix

@@ -1,131 +0,0 @@
-{ config, lib, ... }:
-with lib;
-let
-  cfg = config.nas-apps.gitea;
-  settings = import ../settings.nix;
-  hostAddress = settings.hostAddress;
-  # localAddress = "10.0.4.18";
-  # httpPort = 3000;
-  # sshPort = 2222;
-  rootUrl = "https://gitea.mjallen.dev/";
-  # stateDir = "/media/nas/ssd/nix-app-data/gitea";
-  dataDir = "/var/lib/gitea";
-  secretsDir = "/run/secrets/jallen-nas/gitea";
-  mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path;
-  metricsTokenFile = config.sops.secrets."jallen-nas/gitea/metrics-key".path;
-in
-{
-  imports = [ ./options.nix ];
-  config = mkIf cfg.enable {
-    containers.gitea = {
-      autoStart = true;
-      privateNetwork = true;
-      hostAddress = hostAddress;
-      localAddress = cfg.localAddress;
-
-      bindMounts = {
-        ${dataDir} = {
-          hostPath = cfg.dataDir;
-          isReadOnly = false;
-        };
-        secrets = {
-          hostPath = secretsDir;
-          isReadOnly = true;
-          mountPoint = secretsDir;
-        };
-      };
-
-      config = { lib, ... }:
-        {
-          services.gitea = {
-            enable = true;
-            stateDir = dataDir;
-            mailerPasswordFile = mailerPasswordFile;
-            metricsTokenFile = metricsTokenFile;
-            settings = {
-              server = {
-                DOMAIN = "jallen-nas";
-                HTTP_ADDR = "0.0.0.0";
-                HTTP_PORT = cfg.httpPort;
-                PROTOCOL = "http";
-                ROOT_URL = rootUrl;
-                START_SSH_SERVER = true;
-                SSH_PORT = cfg.sshPort;
-              };
-              service = {
-                REGISTER_EMAIL_CONFIRM = false;
-                ENABLE_CAPTCHA = false;
-                DISABLE_REGISTRATION = true;
-                ENABLE_OPENID_SIGNIN = false;
-                ENABLE_LDAP_SIGNIN = false;
-                ENABLE_SSH_SIGNIN = true;
-                ENABLE_BUILTIN_SSH_SERVER = true;
-                ENABLE_REVERSE_PROXY_AUTHENTICATION = true;
-              };
-            };
-          };
-
-          users.users.gitea = {
-            extraGroups = [ "keys" ];
-          };
-
-          networking = {
-            firewall = {
-              enable = true;
-              allowedTCPPorts = [ cfg.httpPort cfg.sshPort ];
-            };
-            # Use systemd-resolved inside the container
-            # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
-            useHostResolvConf = lib.mkForce false;
-          };
-
-          # Create and set permissions for required directories
-          system.activationScripts.gitea-dirs = ''
-            mkdir -p /var/lib/gitea
-            chown -R gitea:gitea /var/lib/gitea
-            chmod -R 775 /var/lib/gitea
-            mkdir -p /run/secrets/jallen-nas
-            chown -R gitea:gitea /run/secrets/jallen-nas
-            chmod -R 775 /run/secrets/jallen-nas
-          '';
-
-          services.resolved.enable = true;
-          system.stateVersion = "23.11";
-        };
-    };
-
-    services.traefik.dynamicConfigOptions = lib.mkIf cfg.reverseProxy.enable {
-      services.gitea.loadBalancer.servers = [
-        {
-          url = "http://${cfg.localAddress}:${toString cfg.httpPort}";
-        }
-      ];
-      routers.gitea = {
-        entryPoints = [ "websecure" ];
-        rule = "Host(`${cfg.reverseProxy.host}`)";
-        service = "gitea";
-        middlewares = cfg.reverseProxy.middlewares;
-        tls.certResolver = "letsencrypt";
-      };
-    };
-
-    networking = {
-      nat = {
-        forwardPorts = [
-          {
-            destination = "${cfg.localAddress}:${toString cfg.httpPort}";
-            sourcePort = cfg.httpPort;
-          }
-          {
-            destination = "${cfg.localAddress}:${toString cfg.sshPort}";
-            sourcePort = cfg.sshPort;
-          }
-        ];
-      };
-      firewall = {
-        allowedTCPPorts = [ cfg.httpPort cfg.sshPort ];
-        allowedUDPPorts = [ cfg.httpPort cfg.sshPort ];
-      };
-    };
-  };
-}

hosts/nas/apps/gitea/options.nix

@@ -1,42 +0,0 @@
-{ lib, ... }:
-with lib;
-{
-  options.nas-apps.gitea = {
-    enable = mkEnableOption "gitea service";
-
-    httpPort = mkOption {
-      type = types.int;
-      default = 80;
-    };
-
-    sshPort = mkOption {
-      type = types.int;
-      default = 22;
-    };
-
-    localAddress = mkOption {
-      type = types.str;
-      default = "127.0.0.1";
-    };
-
-    dataDir = mkOption {
-      type = types.str;
-      default = "";
-    };
-
-    reverseProxy = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-      };
-      host = mkOption {
-        type = types.str;
-        default = "";
-      };
-      middlewares = mkOption {
-        type = with types; listOf str;
-        default = [ ];
-      };
-    };
-  };
-}

hosts/nas/apps/immich/default.nix

@@ -1,27 +0,0 @@
-{ config, lib, ... }:
-let
-  settings = import ../settings.nix;
-  immichPort = 2283;
-  dataDir = "/media/nas/main/photos";
-  dbPassword = config.sops.secrets."jallen-nas/immich/db-password".path;
-in
-{
-  # Enable immich service
-  services.immich = {
-    enable = true;
-    port = immichPort;
-    openFirewall = true;
-    secretsFile = dbPassword;
-    mediaLocation = dataDir;
-
-    environment = {
-      IMMICH_HOST = lib.mkForce "0.0.0.0";
-      IMMICH_TRUSTED_PROXIES = settings.hostAddress;
-      TZ = "America/Chicago";
-    };
-
-    machine-learning = {
-      enable = true;
-    };
-  };
-}

hosts/nas/apps/jellyfin/default.nix

@@ -1,11 +0,0 @@
-{ ... }:
-{
-  services.jellyfin = {
-    enable = true;
-    openFirewall = true;
-    user = "nix-apps";
-    group = "jallen-nas";
-    dataDir = "/media/nas/ssd/nix-app-data/jellyfin";
-    # cacheDir = "/cache";
-  };
-}

hosts/nas/apps/jellyseerr/default.nix

@@ -1,73 +0,0 @@
-{ ... }:
-
-let
-  jellyseerrPort = 5055;
-  dataDir = "/var/lib/private/jellyseerr";
-  settings = import ../settings.nix;
-in
-{
-  containers.jellyseerr = {
-    autoStart = true;
-    privateNetwork = true;
-    hostAddress = settings.hostAddress;
-    localAddress = "10.0.1.52";
-    hostAddress6 = "fc00::1";
-    localAddress6 = "fc00::4";
-
-    bindMounts = {
-      ${dataDir} = {
-        hostPath = "/media/nas/ssd/nix-app-data/jellyseerr";
-        isReadOnly = false;
-      };
-    };
-
-    config =
-      {
-        lib,
-        ...
-      }:
-      {
-        # Enable jellyseerr service
-        services.jellyseerr = {
-          enable = true;
-          port = jellyseerrPort;
-          # package = package;
-          openFirewall = true;
-        };
-
-        networking = {
-          firewall = {
-            enable = true;
-            allowedTCPPorts = [ jellyseerrPort ];
-          };
-          # Use systemd-resolved inside the container
-          # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
-          useHostResolvConf = lib.mkForce false;
-        };
-
-        # Create and set permissions for required directories
-        system.activationScripts.jellyseerr-dirs = ''
-          mkdir -p /var/lib/private/jellyseerr
-
-          chown -R jellyseerr:jellyseerr /var/lib/private/jellyseerr
-
-          chmod -R 775 /var/lib/private/jellyseerr
-
-          ln -sf /var/lib/private/jellyseerr /var/lib/jellyfin
-
-        '';
-
-        services.resolved.enable = true;
-        system.stateVersion = "23.11";
-      };
-  };
-
-  networking.nat = {
-    forwardPorts = [
-      {
-        destination = "10.0.1.52:5055";
-        sourcePort = jellyseerrPort;
-      }
-    ];
-  };
-}