auth

Co-authored-by: mjallen18 <matt.l.jallen@gmail.com>
Reviewed-on: #3

.gitignore

@@ -1,5 +1,14 @@
 hosts/nas/*.conf
 hosts/nas/*.users
-result
+result*
 *.raw
-.codegpt
+.codegpt
+.direnv
+shell.nix
+.vscode
+**/*/*.py
+.envrc
+.DS_Store
+*.qcow2
+keys
+iso-*

.sops.yaml

@@ -1,75 +1,92 @@
 # See https://github.com/Mic92/dotfiles/blob/d6114726d859df36ccaa32891c4963ae5717ef7f/nixos/.sops.yaml
 keys:
+  - &matt-pgp CBCB9B18A6B8930B0B6ABFD1CCB8CBEB30633684
   - &matt age157jemphjzg6zmk373vpccuguyw6e75qnkqmz8pcnn2yue85p939swqqhy0
-  - &matt_pi4 age13g9a4d4jrvckfddpgn8sm4kjtzajr67le56pfdg78ktr5pd09phq32j89u
   - &matt_pi5 age1wpvfpv5n32lruk7c0da4uaeapsmhjxdvg8z4ljehn06l6g2y0e0sum404l
   - &desktop age1jv8ap5zwa49ftv0gg7wqf5ps0e68uuwxe2fekjsn0zkyql964unqyc58rf
   - &admin age1pm3fehmmk0vmnrscz9vm96rakn46aaldr5ydpscmde3v9x0k3faswwdzxs
   - &jallen-nas age1mn2afyp9my7y7hcyzum0wdwt49zufnkt8swnyy8pj30cwzs4zvgsthj0lt
-  - &pi4 age1ykkjw57t3z3deup3gtp7dujyaslskn74e0d9hsmqaha2pj3rvazqgndw5a
   - &pi5 age1t2d5scrukk0guva5sr97a8tge5j8kd865adezrcru7p269pzwvpsamkgje
   - &deck age1c8qw59ffcq9l77gfmtyc3djtvt3md0u6dwhrjcgsm98ntyf72ufqugj7cg
   - &steamdeck age1er5qucsc2mugrzrr7n3xhzv7kemkrqrw4m84r544fkk7nkg5g5eswxkqj0
-  - &matt_macbook-pro age1xg6mvj3x6s3t8058c6rsk3q4kskvm6nsffwckxkkjzhyn7r6tczqgkj23p
-  - &macbook-pro age1rdn39ywgzmc8wlsl5lrfe77e652wzjmjx58gx4k2ydghd35kdqvqscrf3h
+  - &matt_macbook-pro age12gu9hqhd56yl5x3t5yenkn9yg57du08h77vzjqsmnu5hdppne38qcur5a0
+  - &macbook-pro age1t7378n8kmd3f32fkye2gw3jj6qswv3exjdx0dq8kl0xra3tmcdnsvddq3u
+  - &nuc age102el4snus37dj807rwvsmlvwu2sg2d8rw3vfmtntgczfkz04l9nshetcq0
+  - &admin_nuc age1yn82e39pxt0d0pgny34ux4lkge4ff7wxvsye8ragvwngehemt4ps27phyw
+  - &matt_allyx age1n5frpwgvps7c2348ynu9g7g47kqar4srdplw5kkcyn4x80eqzetqw3ej2m
+  - &allyx age1lvks0rdf743cn9rvvx90mzu3mjldydlzslpmv9608wn4j0m8u3xsmu7yew
 creation_rules:
   - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
-    - age:
-      - *matt
-      - *matt_pi4
-      - *matt_pi5
-      - *desktop
-      - *admin
-      - *jallen-nas
-      - *pi4
-      - *pi5
-      - *deck
-      - *steamdeck
-      - *matt_macbook-pro
-      - *macbook-pro
+      - pgp:
+          - *matt-pgp
+        age:
+          - *matt
+          - *matt_pi5
+          - *desktop
+          - *admin
+          - *jallen-nas
+          - *pi5
+          - *deck
+          - *steamdeck
+          - *matt_macbook-pro
+          - *macbook-pro
+          - *admin_nuc
+          - *nuc
+          - *matt_allyx
+          - *allyx
   - path_regex: nas-secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
-    - age:
-      - *matt
-      - *desktop
-      - *admin
-      - *jallen-nas
+      - pgp:
+          - *matt-pgp
+        age:
+          - *matt
+          - *desktop
+          - *admin
+          - *jallen-nas
   - path_regex: desktop-secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
-    - age:
-      - *matt
-      - *desktop
-      - *admin
-      - *jallen-nas
+      - pgp:
+          - *matt-pgp
+        age:
+          - *matt
+          - *desktop
+          - *admin
+          - *jallen-nas
   - path_regex: steamdeck-secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
-    - age:
-      - *matt
-      - *desktop
-      - *deck
-      - *steamdeck
-      - *admin
-      - *jallen-nas
-  - path_regex: pi4-secrets/[^/]+\.(yaml|json|env|ini)$
-    key_groups:
-    - age:
-      - *matt
-      - *matt_pi4
-      - *matt_pi5
-      - *desktop
-      - *pi4
-      - *pi5
-      - *admin
-      - *jallen-nas
+      - pgp:
+          - *matt-pgp
+        age:
+          - *matt
+          - *desktop
+          - *deck
+          - *steamdeck
+          - *admin
+          - *jallen-nas
+          - *matt_allyx
+          - *allyx
   - path_regex: pi5-secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
-    - age:
-      - *matt
-      - *matt_pi4
-      - *matt_pi5
-      - *desktop
-      - *pi4
-      - *pi5
-      - *admin
-      - *jallen-nas
+      - pgp:
+          - *matt-pgp
+        age:
+          - *matt
+          - *matt_pi5
+          - *desktop
+          - *pi5
+          - *admin
+          - *jallen-nas
+  - path_regex: mac-secrets/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+      - pgp:
+          - *matt-pgp
+        age:
+          - *matt
+          - *matt_pi5
+          - *desktop
+          - *pi5
+          - *admin
+          - *jallen-nas
+          - *matt_macbook-pro
+          - *macbook-pro

README.md

@@ -1,50 +1,129 @@
-# nixOS Config
+# NixOS Configuration Repository
 
-### Common Files
-* [flake.nix](./flake.nix)
-* [impermenance.nix](./share/impermanence/default.nix)
-* [share](./share)
-* [overlays](./overlays)
+This repository contains my personal NixOS configurations for multiple systems, managed using [Snowfall Lib](https://github.com/snowfallorg/lib) and the Nix Flakes system.
+
+## Overview
+
+This repository provides a centralized, declarative configuration for all my systems, including:
+
+- Desktop PC (AMD)
+- NAS server
+- Steam Deck
+- Intel NUC
+- Raspberry Pi 4
+- Raspberry Pi 5
+- MacBook Pro (NixOS on Apple Silicon)
+- MacBook Pro (Darwin/macOS)
+
+## Repository Structure
+
+```
+.
+├── checks/                # Pre-commit hooks and other checks
+├── flake.nix              # Main flake configuration
+├── homes/                 # Home-manager configurations for users
+│   ├── aarch64-darwin/    # macOS home configurations
+│   ├── aarch64-linux/     # ARM Linux home configurations
+│   └── x86_64-linux/      # x86 Linux home configurations
+├── modules/               # Reusable configuration modules
+│   ├── home/              # Home-manager modules
+│   └── nixos/             # NixOS system modules
+├── overlays/              # Nixpkgs overlays
+├── packages/              # Custom package definitions
+├── secrets/               # Encrypted secrets (managed with sops-nix)
+└── systems/               # System-specific configurations
+    ├── aarch64-darwin/    # macOS system configurations
+    ├── aarch64-linux/     # ARM Linux system configurations
+    └── x86_64-linux/      # x86 Linux system configurations
+```
+
+## Key Features
+
+- **Modular Design**: Reusable modules for various system components
+- **Multi-System Support**: Configurations for different hardware platforms
+- **Home Manager Integration**: User environment management
+- **Secret Management**: Encrypted secrets with sops-nix
+- **Disk Management**: Declarative disk partitioning with disko
+- **State Management**: Persistent state management with impermanence
+- **Desktop Environments**: Support for GNOME, Hyprland, and COSMIC
+- **Hardware-Specific Optimizations**: Tailored configurations for different hardware
+
+## Key Technologies
+
+- [Nix](https://nixos.org/) and [NixOS](https://nixos.org/)
+- [Nix Flakes](https://nixos.wiki/wiki/Flakes)
+- [Snowfall Lib](https://github.com/snowfallorg/lib)
+- [Home Manager](https://github.com/nix-community/home-manager)
+- [sops-nix](https://github.com/Mic92/sops-nix)
+- [disko](https://github.com/nix-community/disko)
+- [impermanence](https://github.com/nix-community/impermanence)
+- [lanzaboote](https://github.com/nix-community/lanzaboote) (Secure Boot)
+
+## Notable System Configurations
 
 ### Desktop
-* [boot.nix](./hosts/desktop/boot.nix)
-* [configuration.nix](./hosts/desktop/configuration.nix)
-* [hardware-configuration.nix](./hosts/desktop/hardware-configuration.nix)
-* [filesystems.nix](./hosts/desktop/filesystems.nix)
-* [home.nix](./hosts/desktop/home.nix)
-* [sops.nix](./hosts/desktop/sops.nix)
-* [specialisations.hyprland](./hosts/desktop/hyprland)
-* [specialisations.gnome](./hosts/desktop/gnome)
-* [specialisations.cosmic](./hosts/desktop/cosmic)
+
+A powerful AMD-based desktop with gaming capabilities, featuring:
+- AMD CPU and GPU optimizations
+- Multiple desktop environment options (GNOME, Hyprland, COSMIC)
+- Gaming setup with Steam and related tools
 
 ### NAS
-* [boot.nix](./hosts/nas/boot.nix)
-* [configuration.nix](./hosts/nas/configuration.nix)
-* [hardware-configuration.nix](./hosts/nas/hardware-configuration.nix)
-* [impermenance.nix](./hosts/nas/impermenance.nix)
-* [apps.nix](./hosts/desktop/apps.nix)
-* [home.nix](./hosts/desktop/home.nix)
-* [networking.nix](./hosts/desktop/networking.nix)
-* [services.nix](./hosts/desktop/services.nix)
-* [sops.nix](./hosts/desktop/sops.nix)
-* [ups.nix](./hosts/desktop/ups.nix)
-* [samba](./modules/samba)
-* nas-apps
-    * [arrs](./hosts/nas/apps/arrs/default.nix)
-    * [free-games-claimer](./modules/apps/free-games-claimer)
-    * [jackett](./modules/apps/jackett)
-    * [jellyfin](./hosts/nas/apps/jellyfin/default.nix)
-    * [jellyseerr](./hosts/nas/apps/jellyseerr/default.nix)
-    * [jackett](./modules/apps/manyfold)
-    * [mariadb](./modules/apps/mariadb)
-    * [mealie](./modules/apps/mealie)
-    * [nextcloud+onlyoffice](./hosts/nas/apps/nextcloud/default.nix)
-    * [ollama](./hosts/nas/apps/ollama/default.nix)
-    * [paperless](./hosts/nas/apps/paperless/default.nix)
-    * [tdarr](./modules/apps/tdarr)
-    * [traefik](./hosts/nas/apps/traefik/default.nix)
-    * [wireguard](./modules/apps/your-spotify)
 
-### Raspberry Pi 4
-* [configuration.nix](./hosts/pi4/configuration.nix)
-* [hardware-configuration.nix](./hosts/pi4/hardware-configuration.nix)
+A home server with various self-hosted services:
+- Media management (Jellyfin, Jellyseerr)
+- Download automation (Sonarr, Radarr, etc.)
+- Document management (Paperless)
+- File sharing (Samba, Nextcloud)
+- AI services (Ollama)
+
+### Raspberry Pi
+
+Configurations for both Pi 4 and Pi 5:
+- Hardware-specific optimizations
+- Disk partitioning suitable for ARM devices
+- Bluetooth and wireless support
+
+### Steam Deck
+
+Custom NixOS configuration for the Steam Deck:
+- Integration with Jovian for Steam Deck compatibility
+- Gaming optimizations
+- Steam ROM Manager
+
+### MacBook Pro
+
+Configurations for both:
+- NixOS on Apple Silicon
+- nix-darwin for macOS
+
+## Usage
+
+### Building a System Configuration
+
+```bash
+# Build and activate a system configuration
+sudo nixos-rebuild switch --flake .#hostname
+```
+
+### Building a Home Configuration
+
+```bash
+# Build and activate a home configuration
+home-manager switch --flake .#username@hostname
+```
+
+## Documentation
+
+Comprehensive documentation is available in the [docs](./docs) directory:
+
+- [Getting Started](./docs/getting-started.md) - Instructions for setting up new systems
+- [Architecture](./docs/architecture.md) - Overview of the repository structure
+- [System Configurations](./docs/systems/README.md) - Details about each system
+- [Home Assistant](./docs/home-assistant/README.md) - Home Assistant setup and automations
+- [Custom Modules](./docs/modules/README.md) - Details about reusable configuration modules
+- [Troubleshooting](./docs/troubleshooting.md) - Common issues and solutions
+
+## License
+
+This project is licensed under the MIT License - see the LICENSE file for details.

checks/disksnstuff.sh

@@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+
+disk=/dev/mapper/nuc-nixos-cryptroot
+
+# sudo mkfs.vfat "$disk"1
+# sudo bcachefs format --label ssd.ssd1 --compression=zstd --discard "$disk"
+
+sudo mount -t tmpfs -o mode=755 none /mnt
+sudo mkdir -p /mnt/{boot,home,root,etc,nix,var/log,tmp,persist}
+sudo mount /dev/disk/by-partlabel/disk-main-nuc-nixos-EFI /mnt/boot
+# sudo mkdir -p /mnt/boot/firmware
+# sudo mount "$disk"2 /mnt/boot/firmware
+# sudo mount "$disk"2 -o compress=zstd,subvol=home /mnt/home
+# sudo mount "$disk"2 -o compress=zstd,noatime,subvol=root /mnt/root
+# sudo mount "$disk"2 -o compress=zstd,noatime,subvol=etc /mnt/etc
+# sudo mount "$disk"2 -o compress=zstd,noatime,subvol=nix /mnt/nix
+# sudo mount "$disk"2 -o compress=zstd,noatime,subvol=log /mnt/var/log
+
+# bcachefs unlock -k session /dev/disk/by-partlabel/disk-main-nuc-nixos-bcachefs-root
+sudo cryptsetup open /dev/disk/by-partlabel/disk-main-nuc-nixos-cryptroot nuc-nixos-cryptroot  
+# sudo bcachefs unlock -k session "$disk"2
+# sudo mount "$disk" /mnt/tmp
+# cd /mnt/tmp
+# ls -alh
+
+# sudo bcachefs subvolume create nix
+# sudo bcachefs subvolume create etc
+# sudo bcachefs subvolume create log
+# sudo bcachefs subvolume create root
+# sudo bcachefs subvolume create persist
+# sudo bcachefs subvolume create home
+
+# ls -alh
+# cd /etc/nixos
+# sudo umount /mnt/tmp
+
+sudo mount -o noatime,X-mount.subdir=nix "$disk" /mnt/nix
+sudo mount -o noatime,X-mount.subdir=etc "$disk" /mnt/etc
+sudo mount -o noatime,X-mount.subdir=log "$disk" /mnt/var/log
+sudo mount -o noatime,X-mount.subdir=root "$disk" /mnt/root
+sudo mount -o noatime,X-mount.subdir=persist "$disk" /mnt/persist
+sudo mount -o X-mount.subdir=home "$disk" /mnt/home
+
+# tree /mnt
+
+# sudo nixos-install --flake /etc/nixos#nuc-nixos
+
+# sudo umount /mnt/boot
+# sudo umount /mnt/var/log
+# sudo umount /mnt/persist
+# sudo umount /mnt/home
+# sudo umount /mnt/root
+# sudo umount /mnt/etc
+# sudo umount /mnt/nix
+# sudo umount /mnt
+
+# wpa_passphrase "Joey's Jungle 5G" "kR8v&3Qd" > 5g.conf
+# wpa_supplicant -i wlp6s0 -c 5g.conf -B
+# dhcpcd
+
+# keyctl link @u @s
+# clevis decrypt < "/etc/clevis/nas_pool.jwe" | bcachefs unlock /dev/disk/by-label/nas_pool

checks/pre-commit-hooks/default.nix

@@ -0,0 +1,22 @@
+{
+  inputs,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  inherit (inputs) pre-commit-hooks-nix;
+in
+pre-commit-hooks-nix.lib.${pkgs.stdenv.hostPlatform.system}.run {
+  src = ../..;
+  hooks = {
+    pre-commit-hook-ensure-sops.enable = true;
+    treefmt = {
+      enable = lib.mkForce true;
+      settings.fail-on-change = lib.mkForce false;
+      packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs (
+        lib.snowfall.fs.get-file "treefmt.nix"
+      );
+    };
+  };
+}

docs/README.md

@@ -0,0 +1,12 @@
+# Documentation
+
+This directory contains comprehensive documentation for the NixOS configuration.
+
+## Contents
+
+- [Getting Started](./getting-started.md) - Instructions for setting up new systems
+- [System Configurations](./systems/README.md) - Detailed information about each system
+- [Home Assistant](./home-assistant/README.md) - Documentation for the Home Assistant setup
+- [Custom Modules](./modules/README.md) - Information about reusable modules
+- [Architecture](./architecture.md) - Overview of the repository architecture
+- [Troubleshooting](./troubleshooting.md) - Common issues and solutions

docs/architecture.md

@@ -0,0 +1,104 @@
+# Repository Architecture
+
+This document provides an overview of the repository architecture, explaining how the various components fit together.
+
+## Overview
+
+This NixOS configuration repository is built using [Nix Flakes](https://nixos.wiki/wiki/Flakes) and [Snowfall Lib](https://github.com/snowfallorg/lib) to provide a modular, maintainable configuration for multiple systems.
+
+## Directory Structure
+
+```
+.
+├── checks/                # Pre-commit hooks and other checks
+├── flake.nix              # Main flake configuration
+├── homes/                 # Home-manager configurations for users
+│   ├── aarch64-darwin/    # macOS home configurations
+│   ├── aarch64-linux/     # ARM Linux home configurations
+│   └── x86_64-linux/      # x86 Linux home configurations
+├── modules/               # Reusable configuration modules
+│   ├── home/              # Home-manager modules
+│   └── nixos/             # NixOS system modules
+│       ├── boot/          # Boot configuration modules
+│       ├── desktop/       # Desktop environment modules
+│       ├── hardware/      # Hardware-specific modules
+│       ├── homeassistant/ # Home Assistant modules
+│       ├── network/       # Network configuration modules
+│       ├── services/      # Service configuration modules
+│       └── ...            # Other module categories
+├── overlays/              # Nixpkgs overlays
+├── packages/              # Custom package definitions
+├── secrets/               # Encrypted secrets (managed with sops-nix)
+└── systems/               # System-specific configurations
+    ├── aarch64-darwin/    # macOS system configurations
+    ├── aarch64-linux/     # ARM Linux system configurations
+    └── x86_64-linux/      # x86 Linux system configurations
+        ├── jallen-nas/    # NAS server configuration
+        ├── matt-nixos/    # Desktop configuration
+        ├── nuc-nixos/     # NUC configuration
+        └── ...            # Other system configurations
+```
+
+## Flake Structure
+
+The `flake.nix` file defines the inputs (external dependencies) and outputs (configurations) of this repository:
+
+### Inputs
+
+- **nixpkgs-unstable**: The unstable channel of Nixpkgs
+- **nixpkgs-stable**: The stable channel of Nixpkgs (25.11)
+- **home-manager**: User environment management
+- **snowfall-lib**: Library for structuring flake repositories
+- **impermanence**: Persistent state management
+- **lanzaboote**: Secure boot implementation
+- **nixos-hardware**: Hardware-specific configurations
+- **sops-nix**: Secret management
+- **disko**: Disk partitioning and formatting
+- **And more specialized inputs**
+
+### Outputs
+
+The outputs are generated using Snowfall Lib's `mkFlake` function, which automatically discovers and assembles:
+
+- **NixOS system configurations**: For each system in the `systems/` directory
+- **Home Manager configurations**: For each configuration in the `homes/` directory
+- **Packages**: From the `packages/` directory
+- **Modules**: From the `modules/` directory
+- **Overlays**: From the `overlays/` directory
+
+## Module System
+
+The module system uses a modular approach where:
+
+1. **Common modules** are defined in `modules/nixos/` and `modules/home/`
+2. **System-specific modules** are defined in `systems/<architecture>/<hostname>/`
+
+Each module follows the NixOS module pattern, with:
+- `default.nix`: Main module implementation
+- `options.nix`: Option declarations
+
+## Integration with Snowfall Lib
+
+Snowfall Lib provides:
+1. **Automatic discovery** of modules, overlays, and packages
+2. **Consistent structure** across the repository
+3. **Common utilities** for working with flakes
+
+## Secrets Management
+
+Secrets are managed using [sops-nix](https://github.com/Mic92/sops-nix), with:
+- Encrypted secret files in the `secrets/` directory
+- `.sops.yaml` configuration file in the root
+- Key management integrated into the configuration
+
+## Deployment Process
+
+Systems are built and deployed using:
+```bash
+nixos-rebuild switch --flake .#hostname
+```
+
+This command:
+1. Evaluates the flake for the specified hostname
+2. Builds the resulting configuration
+3. Activates it on the current system

docs/getting-started.md

@@ -0,0 +1,172 @@
+# Getting Started
+
+This guide will help you get started with this NixOS configuration repository.
+
+## Prerequisites
+
+- Basic knowledge of NixOS and the Nix language
+- Git installed on your system
+- Physical access to the machine you want to configure
+
+## Initial Setup
+
+### 1. Cloning the Repository
+
+Clone this repository to your local machine:
+
+```bash
+git clone ssh://nix-apps@localhost:2222/mjallen/nix-config.git
+cd nix-config
+```
+
+### 2. Setting Up a New System
+
+#### Option 1: Using an Existing Configuration
+
+If you're setting up a new machine that should be identical to an existing configuration:
+
+1. Boot from a NixOS installation media
+2. Mount your target partitions to `/mnt`
+3. Clone this repository:
+   ```bash
+   nixos-enter
+   cd /mnt
+   mkdir -p /mnt/etc/nixos
+   git clone ssh://nix-apps@localhost:2222/mjallen/nix-config.git /mnt/etc/nixos
+   ```
+4. Install NixOS with the desired system profile:
+   ```bash
+   nixos-install --flake /mnt/etc/nixos#hostname
+   ```
+   Replace `hostname` with the target system name (e.g., `matt-nixos`, `jallen-nas`, etc.)
+
+#### Option 2: Creating a New System Configuration
+
+If you're adding a completely new system:
+
+1. Create a new directory for your system configuration:
+   ```bash
+   mkdir -p systems/$(uname -m)-linux/new-hostname
+   ```
+   
+2. Create the basic configuration files:
+   ```bash
+   cat > systems/$(uname -m)-linux/new-hostname/default.nix << EOF
+   { lib, pkgs, ... }:
+   {
+     imports = [
+       ./hardware-configuration.nix
+       # Add other needed module imports here
+     ];
+   
+     networking.hostName = "new-hostname";
+   
+     # Add your system-specific configuration here
+   }
+   EOF
+   ```
+
+3. Generate the hardware configuration:
+   ```bash
+   nixos-generate-config --no-filesystems --dir systems/$(uname -m)-linux/new-hostname/
+   ```
+
+4. Add your new system to the flake by adding it to the `hosts` section in `flake.nix`
+
+5. Build and install the configuration:
+   ```bash
+   sudo nixos-rebuild switch --flake .#new-hostname
+   ```
+
+## Secret Management
+
+### Setting Up Sops-Nix
+
+1. Create a GPG key if you don't already have one:
+   ```bash
+   gpg --full-generate-key
+   ```
+   
+2. Add your key to `.sops.yaml`:
+   ```bash
+   # Get your key fingerprint
+   gpg --list-secret-keys --keyid-format=long
+   
+   # Edit the .sops.yaml file to add your key
+   ```
+
+3. Create a new encrypted secret:
+   ```bash
+   sops secrets/newsecret.yaml
+   ```
+
+## Common Tasks
+
+### Updating the Repository
+
+```bash
+git pull
+sudo nixos-rebuild switch --flake .#hostname
+```
+
+### Adding a New Package
+
+1. For standard packages, add them to your system or home configuration:
+   ```nix
+   environment.systemPackages = with pkgs; [
+     new-package
+   ];
+   ```
+
+2. For custom packages, add them to the `packages` directory:
+   ```bash
+   mkdir -p packages/new-package
+   # Create the necessary Nix files
+   ```
+
+### Adding a New Module
+
+1. Create a new module directory:
+   ```bash
+   mkdir -p modules/nixos/new-module
+   ```
+
+2. Create the module files:
+   ```bash
+   # Create options.nix
+   cat > modules/nixos/new-module/options.nix << EOF
+   { lib, namespace, ... }:
+   with lib;
+   {
+     options.${namespace}.new-module = {
+       enable = mkEnableOption "Enable new module";
+       # Add other options here
+     };
+   }
+   EOF
+   
+   # Create default.nix
+   cat > modules/nixos/new-module/default.nix << EOF
+   { config, lib, namespace, ... }:
+   let
+     cfg = config.${namespace}.new-module;
+   in
+   {
+     imports = [ ./options.nix ];
+   
+     config = lib.mkIf cfg.enable {
+       # Add your configuration here
+     };
+   }
+   EOF
+   ```
+
+3. Import your module in your system configuration:
+   ```nix
+   imports = [
+     # ...
+     ../../../modules/nixos/new-module
+   ];
+   
+   ${namespace}.new-module.enable = true;
+   ```

docs/home-assistant/README.md

@@ -0,0 +1,188 @@
+# Home Assistant Configuration
+
+This document provides comprehensive information about the Home Assistant setup in this NixOS configuration.
+
+## Overview
+
+Home Assistant is configured as a NixOS service with custom components, integrations, and automations. The configuration uses a modular approach with separate files for different aspects of the setup.
+
+## Module Structure
+
+The Home Assistant configuration is organized in the following structure:
+
+```
+modules/nixos/homeassistant/
+├── automations/              # Automation configurations
+│   ├── lightswitch/          # Light switch automations
+│   └── motion-light/         # Motion-activated light automations
+├── default.nix               # Main module configuration
+├── options.nix               # Module options definition
+└── services/                 # Related service configurations
+    ├── govee2mqtt/           # Govee integration via MQTT
+    ├── homeassistant/        # Core Home Assistant service
+    ├── music-assistant/      # Music Assistant integration
+    ├── thread/               # Thread border router
+    └── zigbee2mqtt/          # Zigbee to MQTT bridge
+```
+
+## Installation
+
+The Home Assistant module is enabled in the system configuration by setting:
+
+```nix
+mjallen.services.home-assistant.enable = true;
+```
+
+This activates Home Assistant and related services such as MQTT, Zigbee2MQTT, and the Matter server.
+
+## Configuration Options
+
+The module provides several configuration options:
+
+| Option | Type | Default | Description |
+|--------|------|---------|-------------|
+| `enable` | boolean | `false` | Enable Home Assistant and related services |
+| `mosquittoPort` | integer | `1883` | Port for the MQTT broker |
+| `zigbee2mqttPort` | integer | `8080` | Port for the Zigbee2MQTT web interface |
+| `zigbeeDevicePath` | string | `/dev/ttyUSB0` | Path to the Zigbee USB device |
+
+## Core Services
+
+### Home Assistant
+
+The main Home Assistant service is configured in `services/homeassistant/default.nix` with:
+
+- PostgreSQL database backend
+- Custom components
+- Custom Lovelace modules
+- HTTPS access with authentication
+- Integration with other services
+
+### MQTT
+
+MQTT is used as a messaging protocol for various smart home devices. The Mosquitto MQTT broker is automatically configured when Home Assistant is enabled.
+
+### Zigbee2MQTT
+
+Zigbee2MQTT allows integration with Zigbee devices. It's configured with:
+
+- Automatic discovery for Home Assistant
+- OTA updates for Zigbee devices
+- Web interface for management
+
+### Thread Border Router
+
+The Thread Border Router provides integration with Thread-based devices like Matter devices.
+
+## Custom Components
+
+The following custom components are included:
+
+- `ha-anycubic` - Anycubic 3D printer integration
+- `ha-bambulab` - Bambu Lab 3D printer integration
+- `ha-bedjet` - BedJet climate control integration
+- `ha-gehome` - GE Home appliance integration
+- `ha-icloud3` - Enhanced iCloud device tracking
+- `ha-local-llm` - Local LLM integration
+- `ha-mail-and-packages` - Mail and package delivery tracking
+- `ha-nanokvm` - NanoKVM integration
+- `ha-openhasp` - openHASP integration for DIY displays
+- `ha-overseerr` - Overseerr media request integration
+- `ha-petlibro` - PetLibro pet feeder integration
+- `ha-wyzeapi` - Wyze device integration
+
+## Automations
+
+### Light Switch Automations
+
+The light switch automations handle physical switch inputs for controlling smart lights.
+
+### Motion Light Automations
+
+Motion light automations turn lights on when motion is detected and off after a period of inactivity.
+
+### Custom Automations
+
+Additional automations are placed in the `/etc/hass` directory and are included in the Home Assistant configuration. These include:
+
+- `fountain_automation.yaml` - Toggles the water dispensing mode on the Dockstream Smart RFID Fountain every 15 minutes between constant and intermittent flow.
+
+## Smart Home Devices
+
+The configuration includes support for various smart home devices:
+
+### Lighting
+
+- Various smart lights throughout the home
+
+### Climate
+
+- Smart thermostat
+- Humidifier control
+
+### Pet Care
+
+- Dockstream Smart RFID Fountain with scheduling
+- Smart pet feeders for pets named Joey and Luci
+- Litter-Robot 4 smart litter box
+
+### Media
+
+- Google Cast devices
+- Smart TVs
+- Media players
+
+### Sensors
+
+- Temperature, humidity, and motion sensors
+- Door and window sensors
+- Presence detection
+
+## Integration with Other Services
+
+Home Assistant is integrated with:
+
+- **Music Assistant** - For enhanced music streaming capabilities
+- **Govee Integration** - For Govee smart devices
+- **Matter** - For Matter-compatible devices
+
+## Adding New Automations
+
+To add a new automation:
+
+1. Create a YAML file with the automation definition
+2. Place it in `/etc/hass`
+3. The automation will be automatically included in Home Assistant
+
+Example automation format:
+
+```yaml
+alias: "Automation Name"
+description: "Description of what the automation does"
+trigger:
+  - platform: state
+    entity_id: binary_sensor.motion_sensor
+    to: "on"
+condition: []
+action:
+  - service: light.turn_on
+    target:
+      entity_id: light.living_room
+mode: single
+```
+
+## Troubleshooting
+
+### Common Issues
+
+1. **Zigbee Device Pairing Issues**
+   - Make sure the Zigbee coordinator is properly connected
+   - Check the Zigbee2MQTT logs for errors
+
+2. **Service Unavailable**
+   - Check if all related services are running
+   - Verify firewall rules allow access to the services
+
+3. **Database Issues**
+   - Check PostgreSQL service status
+   - Verify database connection settings

docs/home-assistant/automations.md

@@ -0,0 +1,148 @@
+# Home Assistant Automations
+
+This document details the automations configured in the Home Assistant setup.
+
+## Automation Types
+
+Automations in this configuration are managed in several ways:
+
+1. **Module-Based Automations**: Defined in Nix modules within the `modules/nixos/homeassistant/automations/` directory
+2. **YAML Automations**: Defined in YAML files and included via the `automation manual` directive
+3. **UI-Created Automations**: Created through the Home Assistant UI and stored in `automations.yaml`
+
+## Module-Based Automations
+
+### Light Switch Automations
+
+**Location**: `modules/nixos/homeassistant/automations/lightswitch/`
+
+These automations link physical light switches to smart lights:
+
+- **Bedroom Light Switch**: Controls the bedroom lights
+- **Living Room Light Switch**: Controls the living room lights
+- **Bedroom Closet Lights**: Controls the closet lights
+
+### Motion-Activated Light Automations
+
+**Location**: `modules/nixos/homeassistant/automations/motion-light/`
+
+These automations turn lights on when motion is detected and off after a period of inactivity.
+
+## YAML Automations
+
+### Fountain Cycling Automation
+
+**Location**: `/etc/nixos/fountain_automation.yaml`
+
+This automation toggles the water dispensing mode on the Dockstream Smart RFID Fountain every 15 minutes:
+
+```yaml
+alias: "Fountain Cycle Mode"
+description: "Toggles fountain water mode every 15 minutes between constant and intermittent flow"
+trigger:
+  - platform: time_pattern
+    minutes: "/15"  # Every 15 minutes
+condition: []
+action:
+  - service: select.select_next
+    target:
+      entity_id: select.dockstream_smart_rfid_fountain_water_dispensing_mode
+mode: single
+id: fountain_cycle_mode
+```
+
+This automation:
+1. Triggers every 15 minutes
+2. Uses the `select.select_next` service to toggle between the two available options:
+   - "Flowing Water (Constant)"
+   - "Intermittent Water (Scheduled)"
+
+The fountain is also configured with:
+- Water Interval: 10 minutes
+- Water Dispensing Duration: 15 minutes
+
+## Creating New Automations
+
+### Method 1: Module-Based Automation
+
+For reusable, complex automations that should be managed in code:
+
+1. Create a new directory in `modules/nixos/homeassistant/automations/`
+2. Create a `default.nix` file with the automation logic
+
+Example:
+```nix
+{ config, lib, ... }:
+{
+  config = {
+    services.home-assistant.config."automation manual" = [
+      {
+        alias = "Example Automation";
+        description = "Example automation created via Nix module";
+        trigger = [
+          {
+            platform = "state";
+            entity_id = "binary_sensor.example_sensor";
+            to = "on";
+          }
+        ];
+        action = [
+          {
+            service = "light.turn_on";
+            target.entity_id = "light.example_light";
+          }
+        ];
+        mode = "single";
+      }
+    ];
+  };
+}
+```
+
+### Method 2: YAML Automation
+
+For simpler automations:
+
+1. Create a YAML file with the automation definition
+2. Place it in `/etc/hass/`
+
+Example:
+```yaml
+alias: "Example Automation"
+description: "Example automation in YAML"
+trigger:
+  - platform: state
+    entity_id: binary_sensor.example_sensor
+    to: "on"
+action:
+  - service: light.turn_on
+    target:
+      entity_id: light.example_light
+mode: single
+```
+
+### Method 3: UI Creation
+
+For quick prototyping or simple automations:
+
+1. Go to Home Assistant UI > Settings > Automations & Scenes
+2. Click "+ Add Automation"
+3. Configure using the UI editor
+
+## Testing Automations
+
+To test an automation:
+
+1. In the Home Assistant UI, go to Developer Tools > Services
+2. Select `automation.trigger` as the service
+3. Enter the entity_id of your automation in the service data field
+4. Click "Call Service" to trigger the automation manually
+
+## Troubleshooting
+
+If an automation isn't working as expected:
+
+1. Check the Home Assistant logs for errors
+2. Verify entity names and service calls are correct
+3. Test individual triggers and actions separately
+4. Use the "Debug" section in the automation editor to trace execution

docs/home-assistant/fountain-automation.md

@@ -0,0 +1,96 @@
+# Pet Fountain Automation
+
+This document details the automation for the Dockstream Smart RFID Fountain device.
+
+## Overview
+
+The Dockstream Smart RFID Fountain is a smart pet fountain controlled through Home Assistant. A custom automation has been created to toggle the water dispensing mode between constant flow and intermittent flow every 15 minutes. This cycling helps keep the water fresh while reducing energy consumption.
+
+## Fountain Configuration
+
+The Dockstream Smart RFID Fountain has the following settings in Home Assistant:
+
+| Setting | Entity ID | Value | Description |
+|---------|-----------|-------|-------------|
+| Water Dispensing Mode | `select.dockstream_smart_rfid_fountain_water_dispensing_mode` | Toggles between modes | Controls how water flows |
+| Water Interval | `number.dockstream_smart_rfid_fountain_water_interval` | 10 minutes | Time between water dispensing in intermittent mode |
+| Water Dispensing Duration | `number.dockstream_smart_rfid_fountain_water_dispensing_duration` | 15 minutes | How long water flows in intermittent mode |
+| Cleaning Cycle | `number.dockstream_smart_rfid_fountain_cleaning_cycle` | 14 days | Reminder interval for cleaning |
+
+## Available Modes
+
+The fountain supports two water dispensing modes:
+
+1. **Flowing Water (Constant)** - Water flows continuously
+2. **Intermittent Water (Scheduled)** - Water flows according to the interval and duration settings
+
+## Automation Details
+
+The fountain cycling automation is defined in `/etc/nixos/fountain_automation.yaml`:
+
+```yaml
+alias: "Fountain Cycle Mode"
+description: "Toggles fountain water mode every 15 minutes between constant and intermittent flow"
+trigger:
+  - platform: time_pattern
+    minutes: "/15"  # Every 15 minutes
+condition: []
+action:
+  - service: select.select_next
+    target:
+      entity_id: select.dockstream_smart_rfid_fountain_water_dispensing_mode
+mode: single
+id: fountain_cycle_mode
+```
+
+### How It Works
+
+1. **Trigger**: The automation runs every 15 minutes based on the time pattern trigger
+2. **Action**: It uses the `select.select_next` service to toggle to the next available option
+3. **Mode**: Set to "single" to prevent multiple executions if triggers overlap
+
+## Installation
+
+The automation is included in Home Assistant via the `automation manual` directive in the Home Assistant configuration:
+
+```yaml
+"automation manual" = "!include_dir_merge_list /etc/hass";
+```
+
+The YAML file needs to be placed in the `/etc/hass` directory to be loaded.
+
+## Testing
+
+To manually test the automation:
+
+1. In Home Assistant UI, go to Developer Tools > Services
+2. Select `automation.trigger` as the service
+3. Enter the following service data:
+   ```yaml
+   entity_id: automation.fountain_cycle_mode
+   ```
+4. Click "Call Service" to trigger the automation
+
+## Customizing
+
+To adjust the cycling interval:
+
+1. Edit the YAML file at `/etc/nixos/fountain_automation.yaml`
+2. Change the `minutes` value in the trigger section (e.g., from `"/15"` to `"/30"` for every 30 minutes)
+3. Save the file
+4. Restart Home Assistant or reload automations
+
+To adjust fountain settings:
+
+1. In Home Assistant UI, go to Settings > Devices & Services
+2. Find the Dockstream Smart RFID Fountain device
+3. Adjust the water interval or dispensing duration settings
+
+## Troubleshooting
+
+If the automation is not working as expected:
+
+1. Check that the entity ID is correct and the fountain is online
+2. Verify that Home Assistant is including the automation file correctly
+3. Look for errors in the Home Assistant logs related to the automation or the fountain
+4. Try manually controlling the fountain to ensure it responds to commands

docs/modules/README.md

@@ -0,0 +1,116 @@
+# Custom Modules
+
+This directory contains documentation for the custom modules used in this NixOS configuration.
+
+## Module Types
+
+The repository uses two main types of modules:
+
+1. **NixOS Modules** - System-level configurations in `modules/nixos/`
+2. **Home Manager Modules** - User-level configurations in `modules/home/`
+
+## NixOS Modules
+
+These modules configure the system-level aspects of NixOS:
+
+- [Boot Modules](./boot.md) - Boot loader and kernel configurations
+- [Desktop Modules](./desktop.md) - Desktop environment configurations
+- [Development Modules](./development.md) - Development tools and environments
+- [Hardware Modules](./hardware.md) - Hardware-specific configurations
+- [Home Assistant Modules](./homeassistant.md) - Home automation configuration
+- [Networking Modules](./network.md) - Network configuration and services
+- [Security Modules](./security.md) - Security-related configurations
+- [Services Modules](./services.md) - Various service configurations
+- [System Modules](./system.md) - General system configurations
+- [Virtualization Modules](./virtualization.md) - Virtualization and containerization
+
+## Home Manager Modules
+
+These modules configure user environments:
+
+- [Applications](./home/applications.md) - User applications
+- [Desktop](./home/desktop.md) - User desktop environments
+- [Development](./home/development.md) - User development environments
+- [Media](./home/media.md) - Media applications
+- [Shell](./home/shell.md) - Shell configurations
+
+## Module Structure
+
+Each module follows a standard structure:
+
+```
+modules/nixos/example-module/
+├── default.nix       # Main implementation
+├── options.nix       # Option declarations
+└── submodule/        # Optional submodules
+    └── default.nix   # Submodule implementation
+```
+
+### default.nix
+
+The `default.nix` file contains the main implementation of the module:
+
+```nix
+{
+  config,
+  lib,
+  pkgs,
+  namespace,
+  ...
+}:
+let
+  cfg = config.${namespace}.example-module;
+in
+{
+  imports = [ ./options.nix ];
+
+  config = lib.mkIf cfg.enable {
+    # Module implementation when enabled
+  };
+}
+```
+
+### options.nix
+
+The `options.nix` file declares the module's configuration options:
+
+```nix
+{ lib, namespace, ... }:
+with lib;
+let
+  inherit (lib.${namespace}) mkOpt;
+in
+{
+  options.${namespace}.example-module = {
+    enable = mkEnableOption "enable example module";
+    # Other option declarations
+  };
+}
+```
+
+## Using Modules
+
+To use a module in your system configuration:
+
+1. Enable the module in your system configuration:
+
+```nix
+{ config, ... }:
+{
+  mjallen.example-module = {
+    enable = true;
+    # Other options
+  };
+}
+```
+
+## Creating New Modules
+
+To create a new module:
+
+1. Create a new directory in `modules/nixos/` or `modules/home/`
+2. Create `default.nix` and `options.nix` files
+3. Implement your module functionality
+4. Import the module in your system configuration
+
+See the [Getting Started](../getting-started.md) guide for more details on creating modules.

docs/modules/homeassistant.md

@@ -0,0 +1,190 @@
+# Home Assistant Module
+
+This document details the Home Assistant module configuration.
+
+## Module Structure
+
+The Home Assistant module is organized in the following structure:
+
+```
+modules/nixos/homeassistant/
+├── automations/              # Automation configurations
+│   ├── lightswitch/          # Light switch automations
+│   └── motion-light/         # Motion-activated light automations
+├── default.nix               # Main module configuration
+├── options.nix               # Module options definition
+└── services/                 # Related service configurations
+    ├── govee2mqtt/           # Govee integration via MQTT
+    ├── homeassistant/        # Core Home Assistant service
+    ├── music-assistant/      # Music Assistant integration
+    ├── thread/               # Thread border router
+    └── zigbee2mqtt/          # Zigbee to MQTT bridge
+```
+
+## Module Options
+
+The module is configured through options defined in `options.nix`:
+
+```nix
+options.${namespace}.services.home-assistant = {
+  enable = mkEnableOption "enable home-assistant";
+  mosquittoPort = mkOpt types.int 1883 "Port for MQTT";
+  zigbee2mqttPort = mkOpt types.int 8080 "Port for zigbee2mqtt web interface";
+  zigbeeDevicePath = mkOpt types.str "/dev/ttyUSB0" "Path to zigbee usb device";
+};
+```
+
+## Main Configuration
+
+The main module configuration in `default.nix` includes:
+
+1. **Activation Scripts** - For setting up custom components
+2. **Service Configurations** - For Matter, PostgreSQL, etc.
+3. **Firewall Rules** - For allowing required ports
+
+```nix
+config = lib.mkIf cfg.enable {
+  # Activation script for custom components
+  system.activationScripts.installCustomComponents = ''
+    chown -R hass:hass ${config.services.home-assistant.configDir}
+    chmod -R 750 ${config.services.home-assistant.configDir}
+  '';
+
+  # Service configurations
+  services = {
+    matter-server.enable = true;
+    postgresql = {
+      enable = false;
+      ensureDatabases = [ "hass" ];
+      ensureUsers = [
+        {
+          name = "hass";
+          ensureDBOwnership = true;
+        }
+      ];
+    };
+  };
+
+  # Firewall rules
+  networking.firewall.allowedTCPPorts = [
+    cfg.mosquittoPort
+    cfg.zigbee2mqttPort
+    8095 # music-assistant
+    8097 # home-assistant
+    5580 # matter-server
+  ];
+};
+```
+
+## Home Assistant Service
+
+The core Home Assistant service configuration in `services/homeassistant/default.nix` includes:
+
+1. **Package Selection** - Using the standard Home Assistant package
+2. **Component Configuration** - Enabling required components
+3. **Custom Components** - Adding custom components from packages
+4. **Lovelace Modules** - Adding custom UI components
+5. **Integration Configuration** - Setting up integrations with other systems
+
+```nix
+services.home-assistant = {
+  enable = true;
+  package = pkgs.home-assistant;
+  openFirewall = true;
+  configDir = "/var/lib/homeassistant";
+  configWritable = true;
+  
+  # Components
+  extraComponents = [
+    "mqtt"
+    "zha"
+    "homekit"
+    # ... many more components
+  ];
+  
+  # Custom components
+  customComponents = [
+    # ... custom components
+  ];
+  
+  # Lovelace modules
+  customLovelaceModules = [
+    # ... custom UI modules
+  ];
+  
+  # Configuration
+  config = {
+    # ... Home Assistant configuration
+  };
+};
+```
+
+## Related Services
+
+### Zigbee2MQTT
+
+The Zigbee2MQTT service in `services/zigbee2mqtt/default.nix` connects Zigbee devices to MQTT:
+
+```nix
+services.zigbee2mqtt = {
+  enable = true;
+  settings = {
+    mqtt = {
+      server = "mqtt://localhost:${toString cfg.mosquittoPort}";
+    };
+    serial = {
+      port = cfg.zigbeeDevicePath;
+    };
+    # ... additional settings
+  };
+};
+```
+
+### MQTT
+
+MQTT is configured as a dependency for the Home Assistant module.
+
+### Thread Border Router
+
+The Thread Border Router in `services/thread/default.nix` provides Thread network connectivity for Matter devices.
+
+## Automations
+
+The module includes predefined automations in the `automations/` directory:
+
+1. **Light Switch Automations** - For controlling lights via physical switches
+2. **Motion Light Automations** - For motion-activated lighting
+
+## Using the Module
+
+To use this module in a system configuration:
+
+```nix
+{ config, ... }:
+{
+  mjallen.services.home-assistant = {
+    enable = true;
+    # Optional: customize ports and device paths
+    mosquittoPort = 1883;
+    zigbee2mqttPort = 8080;
+    zigbeeDevicePath = "/dev/ttyUSB0";
+  };
+}
+```
+
+## Extending the Module
+
+### Adding Custom Components
+
+To add a custom component:
+
+1. Add the package to `packages/`
+2. Add it to the `customComponents` list in `services/homeassistant/default.nix`
+
+### Adding Custom Automations
+
+To add a custom automation:
+
+1. Create a new directory in `automations/`
+2. Implement the automation in `default.nix`
+3. Import it in the system configuration

docs/systems/README.md

@@ -0,0 +1,22 @@
+# System Configurations
+
+This directory contains documentation for each system configuration in this repository.
+
+## Systems
+
+- [Desktop (matt-nixos)](./matt-nixos.md) - Main desktop computer
+- [NAS (jallen-nas)](./jallen-nas.md) - Home server and NAS
+- [NUC (nuc-nixos)](./nuc-nixos.md) - Intel NUC
+- [Raspberry Pi 5](./pi5.md) - Raspberry Pi 5
+- [MacBook Pro (nixOS)](./macbook-pro-nixos.md) - MacBook Pro running NixOS
+
+## Common Configuration
+
+All systems share certain common configurations through the modules system. These include:
+
+- Base system configuration
+- User management
+- Network configuration
+- Security settings
+
+Each system then adds its specific configurations on top of these common modules.

docs/systems/jallen-nas.md

@@ -0,0 +1,101 @@
+# NAS Server (jallen-nas)
+
+This document describes the configuration for the NAS server system.
+
+## Hardware
+
+The NAS server is built on AMD hardware:
+
+- CPU: AMD processor
+- Hardware-specific modules:
+  - `nixos-hardware.nixosModules.common-pc`
+  - `nixos-hardware.nixosModules.common-cpu-amd`
+  - `nixos-hardware.nixosModules.common-cpu-amd-pstate`
+  - `nixos-hardware.nixosModules.common-hidpi`
+
+## Services
+
+The NAS hosts various services:
+
+### Media Services
+
+- **Jellyfin** - Media server
+- **Jellyseerr** - Media request manager
+- **Sonarr** - TV show management
+- **Radarr** - Movie management
+- **Lidarr** - Music management
+- **Bazarr** - Subtitle management
+- **Music Assistant** - Music streaming integration with Home Assistant
+
+### Download Services
+
+- **Transmission** - Torrent client
+- **NZBGet** - Usenet downloader
+- **Prowlarr** - Indexer manager
+
+### Document Management
+
+- **Paperless-ngx** - Document management system
+
+### File Sharing
+
+- **Samba** - Windows file sharing
+- **Nextcloud** - Self-hosted cloud storage
+
+### AI Services
+
+- **Ollama** - Local AI model hosting
+
+### Smart Home
+
+- **Home Assistant** - Smart home controller
+- **Zigbee2MQTT** - Zigbee device integration
+- **MQTT** - Message broker for IoT devices
+- **Thread Border Router** - Thread network for smart home devices
+
+## Storage Configuration
+
+The NAS uses multiple storage devices:
+
+1. **System Drive** - For the operating system
+2. **Data Drives** - Configured as a storage array for media and data
+
+## Network Configuration
+
+The NAS is configured with:
+
+- Static IP address
+- Firewall rules for the various services
+- Tailscale for secure remote access
+
+## Backup Strategy
+
+The NAS implements a comprehensive backup strategy:
+
+1. **System Backup** - Regular backups of the NixOS configuration
+2. **Data Backup** - Backups of important data to secondary storage
+3. **Off-site Backup** - Critical data is backed up off-site
+
+## Usage and Management
+
+### Accessing Services
+
+Most services are available through a reverse proxy, which provides:
+- HTTPS access
+- Authentication via Authentik
+- Subdomain-based routing
+
+### Adding Storage
+
+To add additional storage to the NAS:
+
+1. Add the physical drive to the system
+2. Update the disko configuration
+3. Rebuild the system with `nixos-rebuild switch`
+
+### Monitoring
+
+The system can be monitored through:
+- Prometheus metrics
+- Grafana dashboards
+- Home Assistant sensors

docs/troubleshooting.md

@@ -0,0 +1,213 @@
+# Troubleshooting Guide
+
+This guide provides solutions for common issues that may arise when using this NixOS configuration.
+
+## System Issues
+
+### Failed System Build
+
+**Problem**: `nixos-rebuild switch` fails with an error.
+
+**Solutions**:
+
+1. **Syntax Errors**:
+   - Check the error message for file and line number information
+   - Verify the syntax in the mentioned file
+   - Common issues include missing semicolons, curly braces, or mismatched quotes
+
+2. **Missing Dependencies**:
+   - If the error mentions a missing package or dependency:
+     ```
+     git pull  # Update to the latest version
+     nix flake update  # Update the flake inputs
+     ```
+
+3. **Conflicting Modules**:
+   - Look for modules that might be configuring the same options incompatibly
+   - Disable one of the conflicting modules or adjust their configurations
+
+4. **Disk Space Issues**:
+   - Check available disk space with `df -h`
+   - Clear old generations: `sudo nix-collect-garbage -d`
+
+### Boot Issues
+
+**Problem**: System fails to boot after a configuration change.
+
+**Solutions**:
+
+1. **Boot into a Previous Generation**:
+   - At the boot menu, select an older generation
+   - Once booted, revert the problematic change:
+     ```
+     cd /etc/nixos
+     git revert HEAD  # Or edit the files directly
+     sudo nixos-rebuild switch
+     ```
+
+2. **Boot from Installation Media**:
+   - Boot from a NixOS installation media
+   - Mount your system:
+     ```
+     sudo mount /dev/disk/by-label/nixos /mnt
+     sudo mount /dev/disk/by-label/boot /mnt/boot  # If separate boot partition
+     ```
+   - Chroot into your system:
+     ```
+     sudo nixos-enter --root /mnt
+     cd /etc/nixos
+     git revert HEAD  # Or edit the files directly
+     nixos-rebuild switch --install-bootloader
+     ```
+
+## Home Assistant Issues
+
+### Home Assistant Fails to Start
+
+**Problem**: Home Assistant service fails to start.
+
+**Solutions**:
+
+1. **Check Service Status**:
+   ```
+   systemctl status home-assistant
+   journalctl -u home-assistant -n 100
+   ```
+
+2. **Database Issues**:
+   - Check PostgreSQL is running: `systemctl status postgresql`
+   - Verify database connection settings in Home Assistant configuration
+
+3. **Permission Issues**:
+   - Check ownership and permissions on config directory:
+     ```
+     ls -la /var/lib/homeassistant
+     sudo chown -R hass:hass /var/lib/homeassistant
+     sudo chmod -R 750 /var/lib/homeassistant
+     ```
+
+4. **Custom Component Issues**:
+   - Try disabling custom components to isolate the issue:
+     - Edit `modules/nixos/homeassistant/services/homeassistant/default.nix`
+     - Comment out the `customComponents` section
+     - Rebuild: `sudo nixos-rebuild switch`
+
+### Zigbee Device Connection Issues
+
+**Problem**: Zigbee devices fail to connect or are unstable.
+
+**Solutions**:
+
+1. **Verify Device Path**:
+   - Check the Zigbee coordinator is properly detected:
+     ```
+     ls -la /dev/ttyUSB*
+     ```
+   - Update the device path if needed:
+     - Edit your system configuration
+     - Set `mjallen.services.home-assistant.zigbeeDevicePath` to the correct path
+     - Rebuild: `sudo nixos-rebuild switch`
+
+2. **Interference Issues**:
+   - Move the Zigbee coordinator away from other wireless devices
+   - Try a USB extension cable to improve positioning
+   - Change Zigbee channel in Zigbee2MQTT configuration
+
+3. **Reset Zigbee2MQTT**:
+   ```
+   systemctl restart zigbee2mqtt
+   ```
+
+### Automation Issues
+
+**Problem**: Automations don't run as expected.
+
+**Solutions**:
+
+1. **Check Automation Status**:
+   - In Home Assistant UI, verify the automation is enabled
+   - Check Home Assistant logs for automation execution errors
+
+2. **Entity Issues**:
+   - Verify entity IDs are correct
+   - Check if entities are available/connected
+   - Test direct service calls to verify entity control works
+
+3. **Trigger Issues**:
+   - Test the automation manually via Developer Tools > Services
+   - Use `automation.trigger` service with the automation's entity_id
+
+## Flake Issues
+
+### Flake Input Update Errors
+
+**Problem**: `nix flake update` fails or causes issues.
+
+**Solutions**:
+
+1. **Selective Updates**:
+   - Update specific inputs instead of all at once:
+     ```
+     nix flake lock --update-input nixpkgs
+     ```
+
+2. **Rollback Flake Lock**:
+   - If an update causes issues, revert to previous flake.lock:
+     ```
+     git checkout HEAD^ -- flake.lock
+     ```
+
+3. **Pin to Specific Revisions**:
+   - In `flake.nix`, pin problematic inputs to specific revisions:
+     ```nix
+     nixpkgs-stable.url = "github:NixOS/nixpkgs/5233fd2ba76a3accb05f88b08917450363be8899";
+     ```
+
+## Secret Management Issues
+
+### Sops Decryption Errors
+
+**Problem**: Sops fails to decrypt secrets.
+
+**Solutions**:
+
+1. **Key Issues**:
+   - Verify your GPG key is available and unlocked
+   - Check `.sops.yaml` includes your key fingerprint
+
+2. **Permission Issues**:
+   - Check file permissions on secret files
+   - Make sure the user running `nixos-rebuild` has access to the GPG key
+
+## Network Issues
+
+### Firewall Blocks Services
+
+**Problem**: Services are not accessible due to firewall rules.
+
+**Solutions**:
+
+1. **Check Firewall Status**:
+   ```
+   sudo nix-shell -p iptables --run "iptables -L"
+   ```
+
+2. **Verify Firewall Configuration**:
+   - Check if ports are properly allowed in the configuration
+   - Add missing ports if necessary
+
+3. **Temporary Disable Firewall** (for testing only):
+   ```
+   sudo systemctl stop firewall
+   # After testing
+   sudo systemctl start firewall
+   ```
+
+## Getting Help
+
+If you encounter an issue not covered in this guide:
+
+1. Check the NixOS Wiki: https://nixos.wiki/
+2. Search the NixOS Discourse forum: https://discourse.nixos.org/
+3. Join the NixOS Matrix/Discord community for real-time help
+4. File an issue in the repository if you believe you've found a bug

docs/version.schema.json

@@ -0,0 +1,208 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://example.invalid/version.schema.json",
+  "title": "Unified Package Version Schema",
+  "description": "Schema for a unified version.json used by packages/",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "schemaVersion",
+    "sources"
+  ],
+  "properties": {
+    "schemaVersion": {
+      "type": "integer",
+      "enum": [1],
+      "description": "Schema version. Start at 1; bump on breaking changes."
+    },
+    "variables": {
+      "type": "object",
+      "description": "Common variables available for template substitution in string fields.",
+      "additionalProperties": {
+        "type": "string"
+      }
+    },
+    "defaultVariant": {
+      "type": "string",
+      "description": "Optional default variant name for consumers."
+    },
+    "sources": {
+      "type": "object",
+      "description": "Base component sources keyed by component name.",
+      "minProperties": 1,
+      "additionalProperties": {
+        "$ref": "#/$defs/SourceSpec"
+      }
+    },
+    "variants": {
+      "type": "object",
+      "description": "Optional variants/channels/flavors; each overlays the base.",
+      "additionalProperties": {
+        "$ref": "#/$defs/VariantSpec"
+      }
+    },
+    "notes": {
+      "type": "object",
+      "description": "Optional free-form human notes/documentation.",
+      "additionalProperties": true
+    }
+  },
+  "$defs": {
+    "SourceSpecBase": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "fetcher": {
+          "type": "string",
+          "enum": ["github", "git", "url", "pypi", "none"],
+          "description": "Fetcher type for this source."
+        },
+        "hash": {
+          "type": "string",
+          "pattern": "^sha[0-9]+-",
+          "description": "SRI hash for the fetched artifact. Required unless fetcher is 'none'."
+        },
+        "version": {
+          "type": "string",
+          "description": "Optional version string metadata for this component."
+        },
+        "extra": {
+          "type": "object",
+          "description": "Optional free-form metadata for consumer logic.",
+          "additionalProperties": true
+        },
+
+        "owner": { "type": "string", "description": "GitHub owner/org (github fetcher)." },
+        "repo":  { "type": "string", "description": "GitHub repository (github fetcher)." },
+        "tag":   { "type": "string", "description": "Git tag (github fetcher). Mutually exclusive with 'rev'." },
+        "rev":   { "type": "string", "description": "Commit revision (github/git fetchers)." },
+        "submodules": { "type": "boolean", "description": "Whether to fetch submodules (github/git fetchers)." },
+
+        "url": { "type": "string", "description": "Final URL (url fetcher). May be templated." },
+        "urlTemplate": { "type": "string", "description": "Template for URL (url fetcher); supports ${var}." },
+
+        "name": { "type": "string", "description": "PyPI dist name (pypi fetcher)." }
+      }
+    },
+
+    "SourceSpec": {
+      "allOf": [
+        { "$ref": "#/$defs/SourceSpecBase" },
+        {
+          "if": {
+            "properties": { "fetcher": { "const": "github" } },
+            "required": ["fetcher"]
+          },
+          "then": {
+            "required": ["owner", "repo"],
+            "oneOf": [
+              { "required": ["tag"] },
+              { "required": ["rev"] }
+            ]
+          }
+        },
+        {
+          "if": {
+            "properties": { "fetcher": { "const": "git" } },
+            "required": ["fetcher"]
+          },
+          "then": {
+            "required": ["url", "rev"]
+          }
+        },
+        {
+          "if": {
+            "properties": { "fetcher": { "const": "url" } },
+            "required": ["fetcher"]
+          },
+          "then": {
+            "oneOf": [
+              { "required": ["url"] },
+              { "required": ["urlTemplate"] }
+            ]
+          }
+        },
+        {
+          "if": {
+            "properties": { "fetcher": { "const": "pypi" } },
+            "required": ["fetcher"]
+          },
+          "then": {
+            "required": ["name", "version"]
+          }
+        },
+        {
+          "if": {
+            "properties": { "fetcher": { "enum": ["github", "git", "url", "pypi"] } },
+            "required": ["fetcher"]
+          },
+          "then": {
+            "required": ["hash"]
+          }
+        }
+      ]
+    },
+
+    "SourceOverride": {
+      "type": "object",
+      "additionalProperties": false,
+      "description": "Partial override of a source within a variant. All fields optional.",
+      "properties": {
+        "fetcher": { "type": "string", "enum": ["github", "git", "url", "pypi", "none"] },
+        "hash":    { "type": "string", "pattern": "^sha[0-9]+-" },
+        "version": { "type": "string" },
+        "extra":   { "type": "object", "additionalProperties": true },
+
+        "owner": { "type": "string" },
+        "repo":  { "type": "string" },
+        "tag":   { "type": "string" },
+        "rev":   { "type": "string" },
+        "submodules": { "type": "boolean" },
+
+        "url":         { "type": "string" },
+        "urlTemplate": { "type": "string" },
+
+        "name": { "type": "string" }
+      }
+    },
+
+    "VariantSpec": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "inherits": {
+          "type": "string",
+          "description": "Optional base variant to inherit from."
+        },
+        "variables": {
+          "type": "object",
+          "description": "Variant-level variables that overlay top-level variables.",
+          "additionalProperties": { "type": "string" }
+        },
+        "sources": {
+          "type": "object",
+          "description": "Per-component overrides for this variant.",
+          "additionalProperties": { "$ref": "#/$defs/SourceOverride" }
+        },
+        "platforms": {
+          "type": "object",
+          "description": "Optional per-system overrides to support differing hashes/fields by platform.",
+          "additionalProperties": {
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+              "sources": {
+                "type": "object",
+                "additionalProperties": { "$ref": "#/$defs/SourceOverride" }
+              },
+              "variables": {
+                "type": "object",
+                "additionalProperties": { "type": "string" }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}

homes/aarch64-darwin/mattjallen@macbook-pro/default.nix

@@ -0,0 +1,280 @@
+{
+  lib,
+  pkgs,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) enabled disabled;
+  shellAliases = {
+    update-switch = "darwin-rebuild switch --flake ~/nix-config";
+    update-flake = "nix flake update ~/nix-config";
+    ducks = "du -cksh * | sort -hr | head -n 15";
+  };
+  packages = with pkgs; [
+    age
+    cpufetch
+    deadnix
+    iproute2mac
+    nebula
+    nixfmt
+    nodePackages.nodejs
+    uv
+    sops
+    tree
+    wget
+  ];
+in
+{
+  # Home Manager needs a bit of information about you and the
+  # paths it should manage.
+  home = {
+    username = "mattjallen";
+    homeDirectory = "/Users/mattjallen";
+    packages = lib.mkForce packages;
+    sessionVariables = {
+      NH_DARWIN_FLAKE = lib.mkForce "/Users/mattjallen/nix-config";
+    };
+  };
+
+  programs = {
+    zsh = {
+      shellAliases = shellAliases;
+    };
+  };
+
+  # programs.nix-plist-manager = {
+  #   enable = true;
+  #   options = {
+  #     applications = {
+  #       finder = {
+  #         settings = {
+  #           general = {
+  #             showTheseItemsOnTheDesktop = {
+  #               hardDisks = false;
+  #               externalDisks = true;
+  #               cdsDvdsAndiPods = false;
+  #               connectedServers = false;
+  #             };
+  #             openFoldersInTabsInsteadOfNewWindows = true;
+  #           };
+  #           sidebar = {
+  #             recentTags = true;
+  #           };
+  #           advanced = {
+  #             removeItemsFromTheTrashAfter30Days = true;
+  #             showAllFilenameExtensions = true;
+  #             showWarningBeforeChangingAnExtension = true;
+  #             showWarningBeforeRemovingFromiCloudDrive = true;
+  #             showWarningBeforeEmptyingTheTrash = true;
+  #             keepFoldersOnTop = {
+  #               inWindowsWhenSortingByName = true;
+  #               onDesktop = true;
+  #             };
+  #             whenPerformingASearch = "Search This Mac";
+  #           };
+  #         };
+  #         menuBar = {
+  #           view = {
+  #             showTabBar = true;
+  #             showSidebar = true;
+  #             showPathBar = true;
+  #             showStatusBar = true;
+  #           };
+  #         };
+  #       };
+  #       systemSettings = {
+  #         appearance = {
+  #           appearance = "Dark";
+  #           accentColor = "Multicolor";
+  #           # clickInTheScrollBarTo = "Jump to the next page";
+  #           sidebarIconSize = "Medium";
+  #           showScrollBars = "When scrolling";
+  #         };
+  #         controlCenter = {
+  #           wifi = true;
+  #           bluetooth = true;
+  #           airdrop = true;
+  #           stageManager = true;
+  #           focusModes = "active";
+  #           screenMirroring = "active";
+  #           display = "never";
+  #           sound = "always";
+  #           nowPlaying = "active";
+  #           accessibilityShortcuts = "unset";
+  #           musicRecognition = {
+  #             showInMenuBar = false;
+  #             showInControlCenter = true;
+  #           };
+  #           hearing = "unset";
+  #           fastUserSwitching = {
+  #             showInMenuBar = false;
+  #             showInControlCenter = true;
+  #           };
+  #           keyboardBrightness = {
+  #             showInMenuBar = false;
+  #             showInControlCenter = true;
+  #           };
+  #           battery = {
+  #             showInMenuBar = false;
+  #             showInControlCenter = false;
+  #           };
+  #           batteryShowPercentage = true;
+  #           # menuBarOnly = {
+  #           #   spotlight = false;
+  #           #   siri = true;
+  #           # };
+  #           # automaticallyHideAndShowTheMenuBar = "In Full Screen Only";
+  #         };
+  #         desktopAndDock = {
+  #           desktopAndStageManager = {
+  #             showItems = {
+  #               onDesktop = true;
+  #               inStageManager = true;
+  #             };
+  #             clickWallpaperToRevealDesktop = "Always";
+  #             stageManager = false;
+  #             showRecentAppsInStageManager = true;
+  #             showWindowsFromAnApplication = "All at Once";
+  #           };
+  #           dock = {
+  #             animateOpeningApplications = true;
+  #             automaticallyHideAndShowTheDock = enabled;
+  #             doubleClickAWindowsTitleBarTo = "Minimize";
+  #             magnification = disabled;
+  #             minimizeWindowsIntoApplicationIcon = true;
+  #             minimizeWindowsUsing = "Genie Effect";
+  #             positionOnScreen = "Bottom";
+  #             showIndicatorsForOpenApplications = true;
+  #             showSuggestedAndRecentAppsInDock = false;
+  #             size = 64; # 16 - 128
+  #             #     persistentApps = [
+  #             #       { app = "/Applications/Clock.app"; }
+  #             #       { folder = "/Applications"; }
+  #             #       { app = "/Applications/Safari.app"; }
+  #             #       { app = "/Applications/Firefox.app"; }
+  #             #       { app = "/Applications/Tabby.app"; }
+  #             #       { app = "/Applications/Termius.app"; }
+  #             #       { app = "/Applications/Muic.app"; }
+  #             #       { app = "/Applications/Vesktop.app"; }
+  #             #       { app = "/Applications/Messages.app"; }
+  #             #       { app = "/Applications/Calendar.app"; }
+  #             #       { app = "/Applications/Reminders.app"; }
+  #             #       { app = "/Applications/Notes.app"; }
+  #             #       { app = "/Applications/Weather.app"; }
+  #             #       { app = "/Applications/Maps.app"; }
+  #             #       { app = "/Applications/App Store.app"; }
+  #             #       { app = "/Applications/System Settings.app"; }
+  #             #       { app = "/Applications/ChatGPT.app"; }
+  #             #       { app = "/Applications/Nextcloud.app"; }
+  #             #       { app = "/Applications/VSCodium.app"; }
+  #             #       { app = "/Applications/Omnissa Horizon Client.app"; }
+  #             #       { app = "/Applications/Proton Pass.app"; }
+  #             #       { app = "/Applications/OrcaSlicer.app"; }
+  #             #       { app = "/Applications/AlDente.app"; }
+  #             #     ];
+  #             #     persistentOthers = [
+  #             #       "~/Downloads"
+  #             #     ];
+  #           };
+  #           hotCorners = {
+  #             # ["-" "Mission Control" "Application Windows" "Desktop" "Start Screen Saver" "Disable Screen Saver" "Dashboard" "Put Display to Sleep" "Launchpad" "Notification Center" "Lock Screen" "Quick Note"]
+  #             topLeft = "-";
+  #             topRight = "-";
+  #             bottomLeft = "-";
+  #             bottomRight = "-";
+  #           };
+  #           missionControl = {
+  #             automaticallyRearrangeSpacesBasedOnMostRecentUse = true;
+  #             displaysHaveSeparateSpaces = true;
+  #             dragWindowsToTopOfScreenToEnterMissionControl = true;
+  #             groupWindowsByApplication = true;
+  #             whenSwitchingToAnApplicationSwitchToAspaceWithOpenWindowsForTheApplication = true;
+  #           };
+  #           widgets = {
+  #             showWidgets = {
+  #               onDesktop = true;
+  #               inStageManager = true;
+  #             };
+  #             widgetStyle = "Automatic";
+  #             useIphoneWidgets = true;
+  #           };
+  #           windows = {
+  #             askToKeepChangesWhenClosingDocuments = true;
+  #             closeWindowsWhenQuittingAnApplication = true;
+  #             dragWindowsToScreenEdgesToTile = true;
+  #             dragWindowsToMenuBarToFillScreen = true;
+  #             holdOptionKeyWhileDraggingWindowsToTile = true;
+  #             preferTabsWhenOpeningDocuments = "In Full Screen";
+  #             tiledWindowsHaveMargin = false;
+  #           };
+  #         };
+  #         focus = {
+  #           shareAcrossDevices = true;
+  #         };
+  #         # general.dateAndTime."24HourTime" = false;
+  #         notifications = {
+  #           notificationCenter = {
+  #             showPreviews = "When Unlocked";
+  #             summarizeNotifications = true;
+  #           };
+  #         };
+  #         sound = {
+  #           soundEffects = {
+  #             alertSound = "Boop";
+  #             alertVolume = 0.7;
+  #             playFeedbackWhenVolumeIsChanged = true;
+  #             playUserInterfaceSoundEffects = true;
+  #           };
+  #         };
+  #         spotlight = {
+  #           helpAppleImproveSearch = false;
+  #           # searchResults = {
+  #           #   applications = true;
+  #           #   calculator = true;
+  #           #   contacts = true;
+  #           #   conversion = true;
+  #           #   definition = true;
+  #           #   developer = true;
+  #           #   documents = true;
+  #           #   eventsAndReminders = true;
+  #           #   folders = true;
+  #           #   fonts = false;
+  #           #   images = true;
+  #           #   mailAndMessages = true;
+  #           #   movies = true;
+  #           #   music = true;
+  #           #   other = false;
+  #           #   pdfDocuments = true;
+  #           #   presentations = true;
+  #           #   siriSuggestions = false;
+  #           #   systemSettings = true;
+  #           #   tips = false;
+  #           #   websites = true;
+  #         };
+  #       };
+  #     };
+  #   };
+  # };
+
+  # Manage bug in compilations - who uses manpages in 2024 anyways? :P
+  manual.manpages = enabled;
+
+  # Override defaults that arent supported
+  programs = {
+    mangohud = lib.mkForce disabled;
+
+    nh = {
+      flake = lib.mkForce "/Users/mattjallen/nix-config";
+    };
+  };
+
+  services = {
+    pass-secret-service = lib.mkForce disabled;
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/aarch64-linux/matt@macbook-pro-nixos/default.nix

@@ -0,0 +1,174 @@
+{
+  lib,
+  pkgs,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) enabled disabled;
+  # Displays
+  display = {
+    input = "eDP-1";
+    resolution = "3456x2234";
+    refreshRate = "60.00000";
+  };
+in
+{
+
+  home.username = "matt";
+  home.homeDirectory = "/home/matt";
+  home.stateVersion = "23.11";
+
+  ${namespace} = {
+    desktop.gnome = enabled;
+    programs.hyprland = {
+      enable = false;
+      primaryDisplay = "eDP-1";
+      debug.disableScaleChecks = true;
+
+      monitorv2 = [
+        {
+          name = display.input;
+          mode = "${display.resolution}@${display.refreshRate}";
+          position = "0x0";
+          scale = 1.25;
+          extra = [
+            "bitdepth"
+            "10"
+            "cm"
+            "hdr"
+            "sdrbrightness"
+            "1.2"
+            "sdrsaturation"
+            "0.98"
+          ];
+        }
+      ];
+
+      workspace = [
+        "name:firefox, monitor:${display.input}, default:false, special, class:(.*firefox.*)"
+        "name:discord, monitor:${display.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
+        "name:steam, monitor:${display.input}, default:false, special, class:(.*[Ss]team.*)"
+      ];
+
+      windowRule = [
+        # "size 2160 3356, tag:horizonrdp"
+      ];
+
+      hyprpaper = {
+        wallpaperPath = "/run/wallpaper.jpg";
+      };
+
+      keybinds = {
+        bind = [
+          "$mod, A, exec, chromium --app=\"https://music.apple.com\""
+
+          "SHIFT, XF86MonBrightnessUp, exec, lightctl -D kbd_backlight up"
+          "SHIFT, XF86MonBrightnessDown, exec, lightctl -D kbd_backlight down"
+        ];
+      };
+
+      defaultApps = {
+        browser = pkgs.firefox;
+      };
+
+      extraConfig = ''
+        exec-once = brightnessctl -d kbd_backlight s 50%
+      '';
+    };
+    programs = {
+      btop = enabled;
+      kitty = disabled;
+      mako = disabled;
+      nwg-dock = disabled;
+      nwg-drawer = disabled;
+      nwg-panel = disabled;
+      waybar = {
+        enable = false;
+
+        layer = "bottom";
+
+        temperature = {
+          cpu = enabled;
+          gpu = enabled;
+        };
+
+        extraModules = {
+          "custom/lights" = {
+            tooltip = false;
+            exec = "waybar-hass --get_light light.living_room_lights";
+            interval = "once";
+            format = "{text}"; # "󱉓";
+            on-click = "waybar-hass --toggle_light light.living_room_lights";
+            return-type = "json";
+          };
+        };
+
+        extraModulesStyle = ''
+          #custom-lights {
+            color: @base0C;
+            opacity: 0.85;
+            background-color: @base00;
+          }
+
+          #custom-lights:hover {
+            background: @base03;
+          }
+        '';
+
+        windowOffset = 75;
+      };
+      wlogout = disabled;
+      wofi = disabled;
+    };
+  };
+
+  home.packages =
+    with pkgs.${namespace};
+    [
+      # librepods
+    ]
+    ++ (with pkgs; [
+      bolt-launcher
+      iw
+      iwd
+      orca-slicer
+      vscodium
+
+      gnomeExtensions.notch-clock-offset
+    ]);
+
+  services = {
+    kdeconnect = {
+      enable = lib.mkForce true;
+      indicator = lib.mkForce true;
+    };
+  };
+
+  programs = {
+    password-store = enabled;
+  };
+
+  dconf = {
+    enable = true;
+    settings = {
+      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".name =  "Keyboard Backlight +";
+      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".binding = "<Super>MonBrightnessUp";
+      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".command = "brightnessctl -d kbd_backlight s +10";
+      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".name =  "Keyboard Backlight -";
+      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".binding = "<Super>MonBrightnessDown";
+      "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".command = "brightnessctl -d kbd_backlight s 10-";
+
+      "org/gnome/shell".enabled-extensions = [
+        "notch-clock-offset@christophbrill.de"
+      ];
+
+      "org/gnome/shell/extensions/notch-clock-offset".percent = 40;
+
+      "org/gnome/settings-daemon/plugins/media-keys".custom-keybindings = [
+        "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
+        "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
+      ];
+    };
+  };
+}

homes/aarch64-linux/matt@pi5/default.nix

@@ -1,22 +1,13 @@
-{ pkgs, lib, config, ... }:
+{
+  config,
+  lib,
+  namespace,
+  ...
+}:
 let
-  shellAliases = {
-    update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
-    update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
-    update-flake = "nix flake update pi5-nixpkgs pi5-home-manager pi5-impermanence pi5-nixos-hardware pi5-sops-nix nixos-raspberrypi --flake /etc/nixos";
-    update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
-    nas-ssh = "kitten ssh admin@10.0.1.3";
-  };
+  inherit (lib.${namespace}) disabled;
 in
 {
-  imports = [
-    ../../share/home/defaults.nix
-    ../../share/home/git.nix
-    ../../share/home/gnome.nix
-    ../../share/home/librewolf.nix
-    ../../share/home/shell.nix
-    ../../share/home/vscode.nix
-  ];
 
   home.username = "matt";
 
@@ -59,7 +50,11 @@ in
     };
   };
 
-  programs = {
-    zsh.shellAliases = shellAliases;
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
   };
 }

homes/aarch64-linux/root@macbook-pro-nixos/default.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "root";
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/aarch64-linux/root@pi5/default.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "root";
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/x86_64-linux/admin@jallen-nas/default.nix

@@ -0,0 +1,168 @@
+{ pkgs, namespace, ... }:
+{
+  home = {
+    username = "admin";
+    packages =
+      with pkgs;
+      [
+        heroic
+        python3
+        python3Packages.requests
+        python3Packages.mcp
+        jq
+      ]
+      ++ (with pkgs.${namespace}; [
+        moondeck-buddy
+      ]);
+  };
+
+  ${namespace} = {
+    sops.enable = true;
+  };
+
+  sops = {
+    age.keyFile = "/home/admin/.config/sops/age/keys.txt";
+    defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
+    validateSopsFiles = false;
+    secrets = {
+      "ssh-keys-public/jallen-nas" = {
+        path = "/home/admin/.ssh/id_ed25519.pub";
+        mode = "0644";
+      };
+      "ssh-keys-private/jallen-nas" = {
+        path = "/home/admin/.ssh/id_ed25519";
+        mode = "0600";
+      };
+      "ssh-keys-public/desktop-nixos" = {
+        path = "/home/admin/.ssh/authorized_keys";
+        mode = "0600";
+      };
+
+      "ssh-keys-public/desktop-nixos-root" = {
+        path = "/home/admin/.ssh/authorized_keys2";
+        mode = "0600";
+      };
+
+      "ssh-keys-public/desktop-windows" = {
+        path = "/home/admin/.ssh/authorized_keys3";
+        mode = "0600";
+      };
+
+      "ssh-keys-public/macbook-macos" = {
+        path = "/home/admin/.ssh/authorized_keys4";
+        mode = "0600";
+      };
+    };
+  };
+
+  programs = {
+    bash = {
+      shellAliases = {
+        "llama-status" =
+          "curl -s http://localhost:8127/health 2>/dev/null && echo 'LLaMA.cpp server is running' || echo 'LLaMA.cpp server is not responding'";
+      };
+    };
+
+    neovim = {
+      enable = true;
+      viAlias = true;
+      vimAlias = true;
+      defaultEditor = true;
+      plugins = [
+        pkgs.vimPlugins.nvim-tree-lua
+        {
+          plugin = pkgs.vimPlugins.vim-startify;
+          config = "let g:startify_change_to_vcs_root = 0";
+        }
+      ];
+    };
+    steam-rom-manager = {
+      enable = true;
+      steamUsername = "mjallen18";
+
+      # Optional: override default paths if needed
+      environmentVariables = {
+        romsDirectory = "/home/admin/Emulation/roms";
+        steamDirectory = "/home/admin/.local/share/Steam";
+      };
+
+      emulators = {
+        "Non-SRM Shortcuts" = {
+          enable = true;
+          parserType = "Non-SRM Shortcuts";
+          extraArgs = "";
+        };
+      };
+    };
+
+    opencode = {
+      enable = true;
+      enableMcpIntegration = true;
+      settings = {
+        provider = {
+          nas = {
+            npm = "@ai-sdk/openai-compatible";
+            name = "llama-server (local)";
+            options = {
+              baseURL = "http://jallen-nas.local:8127/v1";
+            };
+            models = {
+              Qwen3-Coder-Next-Q4_0 = {
+                name = "Qwen3 Coder (local)";
+                modalities = {
+                  input = [
+                    "image"
+                    "text"
+                  ];
+                  output = [ "text" ];
+                };
+                limit = {
+                  context = 262144;
+                  output = 262144;
+                };
+              };
+              # "GLM-4.7-Flash-REAP-23B-A3B-UD-Q3_K_XL": {
+              #   "name": "GLM 4.7 Flash (local)",
+              #   "modalities": { "input": ["image", "text"], "output": ["text"] },
+              #   "limit": {
+              #     "context": 262144,
+              #     "output": 262144
+              #   }
+              # };
+              # "Nemotron-3-Nano-30B-A3B-IQ4_XS": {
+              #   "name": "Nemotron-3-Nano (local)",
+              #   "modalities": { "input": ["image", "text"], "output": ["text"] },
+              #   "limit": {
+              #     "context": 262144,
+              #     "output": 262144
+              #   }
+              # };
+            };
+          };
+        };
+      };
+    };
+
+    mcp = {
+      enable = true;
+      servers = {
+        nixos = {
+          command = "nix";
+          args = [
+            "run"
+            "github:utensils/mcp-nixos"
+            "--"
+          ];
+        };
+        hass-mcp = {
+          command = "uvx";
+          args = [ "hass-mcp" ];
+          env = {
+            HA_URL = "http://nuc-nixos.local:8123";
+            HA_TOKEN = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI1ZDM2MTliNWNjMGY0ZGI2OWQzOTQ4Mjk0ZDFmNjAxMCIsImlhdCI6MTc3MDc2MjA1NywiZXhwIjoyMDg2MTIyMDU3fQ.P52jeX8GQcdGdzpbU3NCWZMUjkJZHFnOeR8--jy9dF8";
+          };
+        };
+      };
+    };
+  };
+}

homes/x86_64-linux/admin@nuc-nixos/default.nix

@@ -0,0 +1,37 @@
+{
+  lib,
+  pkgs,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "admin";
+
+  # Configure systemd user service for protonmail-bridge
+  systemd.user.services.protonmail-bridge = {
+    Service = {
+      Environment = [
+        "GNUPGHOME=/home/admin/.gnupg"
+        "PASSWORD_STORE_DIR=/home/admin/.local/password-store"
+      ];
+    };
+  };
+
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+    protonmail-bridge = {
+      enable = true;
+      extraPackages = with pkgs; [
+        pass
+        libsecret
+      ];
+    };
+  };
+}

homes/x86_64-linux/matt@allyx/default.nix

@@ -0,0 +1,88 @@
+{
+  lib,
+  pkgs,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) enabled;
+in
+{
+  home.username = "matt";
+
+  ${namespace}.desktop.gnome = enabled;
+
+  sops = {
+    age.keyFile = "/home/matt/.config/sops/age/keys.txt";
+    defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
+    validateSopsFiles = false;
+    secrets = {
+      "ssh-keys-public/matt" = {
+        path = "/home/matt/.ssh/id_ed25519.pub";
+        mode = "0644";
+      };
+      "ssh-keys-private/matt" = {
+        path = "/home/matt/.ssh/id_ed25519";
+        mode = "0600";
+      };
+    };
+  };
+
+  programs = {
+    steam-rom-manager = {
+      enable = true;
+      steamUsername = "mjallen18";
+
+      # Optional: override default paths if needed
+      environmentVariables = {
+        romsDirectory = "/home/matt/Emulation/roms";
+        steamDirectory = "/home/matt/.local/share/Steam";
+      };
+
+      emulators = {
+        ryujinx = enabled;
+
+        dolphin-gamecube = {
+          enable = true;
+          package = pkgs.dolphin-emu;
+          romFolder = "gc";
+          fileTypes = [
+            ".iso"
+            ".ISO"
+            ".gcm"
+            ".GCM"
+            ".ciso"
+            ".CISO"
+            "rvz"
+          ];
+          extraArgs = "-b -e \"\${filePath}\"";
+        };
+
+        pcsx2 = enabled;
+        mgba = enabled;
+
+        "Non-SRM Shortcuts" = {
+          enable = true;
+          parserType = "Non-SRM Shortcuts";
+          extraArgs = "";
+        };
+      };
+    };
+  };
+
+  home.packages =
+    with pkgs;
+    [
+      dolphin-emu
+      heroic
+      mgba
+      moonlight-qt
+      prismlauncher
+      ryubing
+      omnissa-horizon-client
+    ]
+    ++ (with pkgs.${namespace}; [
+      discord-krisp
+      librepods-beta
+    ]);
+}

homes/x86_64-linux/matt@matt-nixos/default.nix

@@ -0,0 +1,210 @@
+{
+  lib,
+  pkgs,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) enabled disabled;
+  displayLeft = {
+    input = "DP-1";
+    resolution = "3840x2160";
+    refreshRate = "120.00000";
+  };
+  displayRight = {
+    input = "DP-2";
+    resolution = "3840x2160";
+    refreshRate = "240.00000";
+  };
+in
+{
+  home.username = "matt";
+
+  ${namespace} = {
+    sops = {
+      enable = true;
+    };
+    shell-aliases = {
+      enable = true;
+    };
+
+    desktop.gnome = enabled;
+
+    programs = {
+      hyprland = {
+        enable = false;
+        primaryDisplay = "DP-1";
+
+        monitorv2 = [
+          {
+            name = displayLeft.input;
+            mode = "${displayLeft.resolution}@${displayLeft.refreshRate}";
+            position = "0x0";
+            scale = 1.0;
+            extra = [
+              # "bitdepth"
+              # "10"
+              # "cm"
+              # "hdredid"
+              # "sdrbrightness"
+              # "1.2"
+              # "sdrsaturation"
+              # "0.98"
+            ];
+          }
+          {
+            name = displayRight.input;
+            mode = "${displayRight.resolution}@${displayRight.refreshRate}";
+            position = "3840x0";
+            scale = 1.0;
+            extra = [
+              # "bitdepth"
+              # "10"
+              # "cm"
+              # "hdredid"
+              # "sdrbrightness"
+              # "1.5"
+              # "sdrsaturation"
+              # "0.98"
+            ];
+          }
+        ];
+
+        workspace = [
+          "name:firefox, monitor:${displayRight.input}, default:false, special, class:(.*firefox.*)"
+          "name:discord, monitor:${displayRight.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
+          "name:steam, monitor:${displayLeft.input}, default:false, special, class:(.*[Ss]team.*)"
+        ];
+
+        windowRule = [
+          "match:tag horizonrdp, size 2160 7680"
+        ];
+
+        autostartCommands = [
+          "[silent] firefox"
+          "[silent] discord"
+          "[silent] chromium --app=\"https://music.apple.com\""
+          "[silent] steam"
+        ];
+
+        hyprpaper = {
+          wallpaperPath = "/run/wallpaper.jpg";
+        };
+
+        keybinds = {
+          bind = [
+            "$mod, A, exec, chromium --app=\"https://music.apple.com\""
+            "$mod, C, exec, discord"
+            "$mod, G, exec, steam"
+          ];
+        };
+
+        defaultApps = {
+          browser = pkgs.firefox;
+        };
+      };
+      btop = enabled;
+      kitty = disabled;
+      mako = disabled;
+      nwg-dock = disabled;
+      nwg-drawer = disabled;
+      nwg-panel = disabled;
+      waybar = {
+        enable = false;
+
+        layer = "bottom";
+
+        network.interface = "wlp9s0";
+        temperature = {
+          cpu = enabled;
+          gpu = enabled;
+        };
+
+        extraModules = {
+          "custom/lights" = {
+            tooltip = false;
+            exec = "waybar-hass --get_light light.living_room_lights";
+            interval = "once";
+            format = "{text}"; # "󱉓";
+            on-click = "waybar-hass --toggle_light light.living_room_lights";
+            return-type = "json";
+          };
+        };
+
+        extraModulesStyle = ''
+          #custom-lights {
+            color: @base0C;
+            background-color: @base00;
+            opacity: 0.85;
+            border-left: 5px solid @base0C;
+          }
+
+          #custom-lights:hover {
+            background: @base03;
+          }
+        '';
+      };
+      wlogout = disabled;
+      wofi = disabled;
+    };
+  };
+
+  services = {
+    remmina = {
+      enable = true;
+      addRdpMimeTypeAssoc = true;
+    };
+  };
+
+  programs = {
+    password-store = enabled;
+  };
+
+  home.packages =
+    with pkgs;
+    [
+      bolt-launcher
+      clevis
+      compose2nix
+      distrobox
+      heroic
+      home-manager
+      omnissa-horizon-client
+      jq
+      lzip
+      morph
+      orca-slicer
+      piper
+      prismlauncher
+      protontricks
+      protonvpn-gui
+      runelite
+      smile
+      via
+      virt-manager
+      vorta
+      waydroid-helper
+    ]
+    ++ (with pkgs.${namespace}; [
+      discord-krisp
+      # librepods
+    ]);
+
+  specialisation = {
+    "cosmic".configuration = {
+      ${namespace} = {
+        programs = {
+          hyprland = lib.mkForce disabled;
+          kitty = lib.mkForce disabled;
+          mako = lib.mkForce disabled;
+          nwg-dock = lib.mkForce disabled;
+          nwg-drawer = lib.mkForce disabled;
+          nwg-panel = lib.mkForce disabled;
+          waybar = lib.mkForce disabled;
+          wlogout = lib.mkForce disabled;
+          wofi = lib.mkForce disabled;
+        };
+      };
+    };
+  };
+}

homes/x86_64-linux/nixos@iso-minimal/default.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "root";
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/x86_64-linux/root@allyx/default.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "root";
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/x86_64-linux/root@iso-minimal/default.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "root";
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/x86_64-linux/root@jallen-nas/default.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "root";
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/x86_64-linux/root@matt-nixos/default.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "root";
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

homes/x86_64-linux/root@nuc-nixos/default.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib.${namespace}) disabled;
+in
+{
+  home.username = "root";
+  services = {
+    nextcloud-client = lib.mkForce disabled;
+    kdeconnect = {
+      enable = false;
+      indicator = false;
+    };
+  };
+}

hosts/base/base-gui/default.nix

@@ -1,8 +0,0 @@
-{ ... }:
-{
-  imports = [
-    ./hardware.nix
-    ./programs.nix
-    ./services.nix
-  ];
-}

hosts/base/base-gui/hardware.nix

@@ -1,11 +0,0 @@
-{ lib, ... }:
-{
-  # Hardware configs
-  hardware = {
-    # Enable graphics
-    graphics = {
-      enable = lib.mkDefault true;
-      enable32Bit = lib.mkDefault true;
-    };
-  };
-}

hosts/base/base-gui/programs.nix

@@ -1,31 +0,0 @@
-{ lib, pkgs, ... }:
-{
-  programs = {
-    nix-ld = {
-      enable = lib.mkDefault true;
-      libraries = with pkgs; [
-        alsa-lib
-        bash
-        expat
-        fontconfig
-        freetype
-        icu
-        glib
-        gtk3
-        libgcc
-        libgdiplus
-        libGL
-        libpulseaudio
-        SDL2
-        vulkan-loader
-        xorg.libX11
-        xorg.libICE
-        xorg.libSM
-        xorg.libXcursor
-        xorg.libXrandr
-        xorg.libXi
-        zlib
-      ];
-    };
-    seahorse.enable = lib.mkDefault true;
-  };}

hosts/base/base-gui/services.nix

@@ -1,17 +0,0 @@
-{ lib, ... }:
-{
-  services = {
-    kmscon.enable = lib.mkForce false;
-    
-    # configure pipewire
-    pipewire = {
-      enable = lib.mkDefault true;
-      alsa.enable = lib.mkDefault true;
-      alsa.support32Bit = lib.mkDefault true;
-      pulse.enable = lib.mkDefault true;
-    };
-
-    # Enable CUPS to print documents.
-    printing.enable = lib.mkDefault true;
-  };
-}

hosts/base/base-nogui/default.nix

@@ -1,36 +0,0 @@
-{ lib, pkgs, ... }:
-let
-  timezone = "America/Chicago";
-in
-{
-  imports = [
-    ./boot.nix
-    ./environment.nix
-    ./hardware.nix
-    ./nix-settings.nix
-    ./programs.nix
-    ./security.nix
-    ./services.nix
-  ];
-
-  # Time config
-  time = {
-    # Set your time zone.
-    timeZone = timezone;
-  };
-
-  fonts.packages = with pkgs; [
-    font-awesome
-    noto-fonts
-    noto-fonts-color-emoji
-    meslo-lgs-nf
-  ] ++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
-
-  fonts.fontconfig.defaultFonts = {
-    emoji = [
-      "Noto Color Emoji"
-    ];
-  };
-
-  system.stateVersion = "23.11";
-}

hosts/base/base-nogui/environment.nix

@@ -1,13 +0,0 @@
-{ pkgs, ... }:
-{
-  environment = {
-    systemPackages = with pkgs; [
-      attic-client
-      uutils-coreutils
-      uutils-diffutils
-      uutils-findutils
-      coreutils
-      nixd
-    ];
-  };
-}

hosts/base/base-nogui/hardware.nix

@@ -1,12 +0,0 @@
-{ lib, ... }:
-{
-  hardware = {
-    # Bluetooth
-    bluetooth.enable = lib.mkDefault true;
-
-    i2c.enable = lib.mkDefault true;
-
-    # Enable all firmware
-    enableAllFirmware = lib.mkForce true;
-  };
-}

hosts/base/base-nogui/nix-settings.nix

@@ -1,41 +0,0 @@
-{ lib, outputs, ... }:
-{
-  nix = {
-    settings = {
-      substituters = [
-        "https://nix-community.cachix.org"
-        "https://cache.nixos.org/"
-      ];
-      trusted-public-keys = [
-        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-      ];
-      warn-dirty = lib.mkForce false;
-      experimental-features = lib.mkForce [
-        "nix-command"
-        "flakes"
-      ];
-      trusted-users = [ "@wheel" ];
-    };
-
-    # Garbage collect automatically every week
-    gc.automatic = lib.mkDefault true;
-    gc.options = lib.mkDefault "--delete-older-than 30d";
-
-    optimise.automatic = lib.mkDefault true;
-  };
-
-  # Nixpkgs configuration
-  nixpkgs = {
-    # add unstable and stable overlays
-    overlays = [
-      outputs.overlays.nixpkgs-unstable
-      outputs.overlays.nixpkgs-stable
-    ];
-    config = {
-      allowUnfree = lib.mkForce true;
-      permittedInsecurePackages = [
-        # ...
-      ];
-    };
-  };
-}

hosts/base/base-nogui/security.nix

@@ -1,31 +0,0 @@
-{ lib, pkgs, ... }:
-{
-  security = {
-    rtkit.enable = lib.mkDefault true;
-
-    # configure sudo
-    sudo.enable = lib.mkDefault false;
-    sudo-rs = {
-      enable = lib.mkDefault true;
-      extraRules = [
-        {
-          commands = [
-            {
-              command = "${pkgs.systemd}/bin/systemctl suspend";
-              options = [ "NOPASSWD" ];
-            }
-            {
-              command = "${pkgs.systemd}/bin/reboot";
-              options = [ "NOPASSWD" ];
-            }
-            {
-              command = "${pkgs.systemd}/bin/poweroff";
-              options = [ "NOPASSWD" ];
-            }
-          ];
-          groups = [ "wheel" ];
-        }
-      ];
-    };
-  };
-}

hosts/base/default.nix

@@ -1,27 +0,0 @@
-# { lib, config, ... }:
-
-# let
-#   cfg = config.base;
-
-#   cosmicPath =
-#     if cfg.desktopEnvironments.cosmic.enableSpecialisation then
-#       ../../modules/desktop-environments/cosmic/specialisation.nix
-#     else
-#       ../../modules/desktop-environments/cosmic/default.nix;
-
-#   hyprlandPath =
-#     if cfg.desktopEnvironments.hyprland.enableSpecialisation then
-#       ../../modules/desktop-environments/hyprland/specialisation.nix
-#     else
-#       ../../modules/desktop-environments/hyprland/default.nix;
-
-#   extraImports = lib.optionals cfg.enable (
-#     [ ./base-nogui ]
-#     ++ lib.optional cfg.baseGui.enable ./base-gui
-#     ++ lib.optional cfg.desktopEnvironments.cosmic.enable cosmicPath
-#     ++ lib.optional cfg.desktopEnvironments.hyprland.enable hyprlandPath
-#   );
-# in
-# {
-#   imports = [ ./options.nix ] ++ extraImports;
-# }

hosts/base/options.nix

@@ -1,35 +0,0 @@
-{ lib, ... }:
-with lib;
-{
-  options.base = {
-    enable = mkEnableOption "base config";
-
-    baseGui.enable = mkOption {
-      type = types.bool;
-      default = false;
-    };
-
-    desktopEnvironments = {
-      cosmic = {
-        enable = mkOption {
-          type = types.bool;
-          default = false;
-        };
-        enableSpecialisation = mkOption {
-          type = types.bool;
-          default = false;
-        };
-      };
-      hyprland = {
-        enable = mkOption {
-          type = types.bool;
-          default = false;
-        };
-        enableSpecialisation = mkOption {
-          type = types.bool;
-          default = false;
-        };
-      };
-    };
-  };
-}

hosts/deck/boot.nix

@@ -1,76 +0,0 @@
-{ pkgs, ... }:
-let
-  kernel = pkgs.linuxPackages_cachyos;
-in
-{
-  # Configure bootloader with lanzaboot and secureboot
-  boot = {
-    consoleLogLevel = 0;
-    initrd.verbose = false;
-    kernelModules = [ "nct6775" ];
-    loader = {
-      systemd-boot = {
-        enable = false;
-        configurationLimit = 5;
-        extraInstallCommands = ''
-          ${pkgs.uutils-coreutils}/bin/uutils-echo "timeout 0
-          console-mode 1
-          default nixos-*" > /boot/loader/loader.conf
-        '';
-      };
-
-      efi = {
-        canTouchEfiVariables = true;
-        efiSysMountPoint = "/boot";
-      };
-    };
-
-    lanzaboote = {
-      enable = true;
-      pkiBundle = "/etc/secureboot";
-      settings = {
-        console-mode = "max";
-        timeout = "0"; 
-     };
-      configurationLimit = 5;
-#      extraInstallCommands = ''
-#        ${pkgs.uutils-coreutils}/bin/uutils-echo "timeout 0
-#        console-mode 1
-#        default nixos-*" > /boot/loader/loader.conf
-#      '';
-    };
-
-    plymouth = {
-      enable = true;
-    };
-
-    kernelPackages = kernel;
-
-    kernelParams = [
-      "quiet"
-      "amdgpu.ppfeaturemask=0xffffffff"
-      "splash"
-      "rd.systemd.show_status=false"
-      "rd.udev.log_level=3"
-      "udev.log_priority=3"
-      "loglevel=0"
-      "vt.global_cursor_default=0"
-      "rd.shell=0"
-      # Disable audit messages
-      "audit=0"
-      # Disable CPU mitigations messages
-      "mitigations=off"
-    ];
-    
-    bootspec.enable = true;
-  };
-  
-  # Further reduce systemd output
-  systemd = {
-    services.systemd-udev-settle.enable = false;
-    extraConfig = ''
-      ShowStatus=no
-      DefaultTimeoutStartSec=15s
-    '';
-  };
-}

hosts/deck/configuration.nix

@@ -1,100 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page, on
-# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-
-{ config, lib, pkgs, ... }:
-
-{
-  imports =
-  [
-    ./boot.nix
-    ./jovian.nix
-    ./networking.nix
-    ./sops.nix
-  ];
-
-  nix = {
-    settings = {
-      substituters = [
-        "https://cache.mjallen.dev"
-      ];
-      trusted-public-keys = [
-        "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
-      ];
-      builders-use-substitutes = true;
-    };
-    distributedBuilds = true;
-    buildMachines = [
-      {
-        hostName = "jalle-nas.local";
-        system = "x86_64-linux";
-        maxJobs = 10;
-        sshUser = "admin";
-        supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
-      }
-    ];
-  };
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users = {
-    deck = {
-      hashedPasswordFile = config.sops.secrets."steamdeck/deck-password".path;
-      isNormalUser = true;
-      extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-      openssh.authorizedKeys.keys = [
-        # macBook
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
-        # desktop windows
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
-        # desktop nixos
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
-      ];
-      packages = with pkgs; [
-        firefox
-        tree
-      ];
-      shell = pkgs.zsh;
-    };
-
-    root.shell = pkgs.zsh;
-  };
-
-  programs.coolercontrol.enable = true;
-
-  services = {
-    btrfs = {
-      autoScrub.enable = lib.mkDefault true;
-      autoScrub.fileSystems = lib.mkDefault [
-        "/nix"
-        "/root"
-        "/etc"
-        "/var/log"
-        "/home"
-      ];
-    };
-  };
-
-  chaotic.mesa-git.enable = true;
-
-  services.displayManager.gdm.enable = lib.mkForce false;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment = {
-    systemPackages = with pkgs; [
-      fuse
-      jq
-      newt
-      sbctl
-      steam-run
-      udisks2
-      zenity
-    ];
-
-    variables = {
-      STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
-      GDK_SCALE = "1";
-    };
-  };
-}
-

hosts/deck/home.nix

@@ -1,73 +0,0 @@
-{ pkgs, ... }:
-let
-  shellAliases = {
-    update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
-    update-switch = "sudo nixos-rebuild switch --max-jobs 10";
-    update-flake = "nix flake update steamdeck-nixpkgs steamdeck-chaotic steamdeck-home-manager steamdeck-impermanence steamdeck-jovian steamdeck-lanzaboote steamdeck-nixos-hardware steamdeck-sops-nix steamdeck-steam-rom-manager --flake /etc/nixos";
-    nas-ssh = "ssh admin@10.0.1.3";
-  };
-in
-{
-  home.username = "deck";
-
-  sops = {
-    age.keyFile = "/home/deck/.config/sops/age/keys.txt";
-    defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
-    validateSopsFiles = false;
-    secrets = {
-      "ssh-keys-public/deck" = {
-        path = "/home/deck/.ssh/id_ed25519.pub";
-        mode = "0644";
-      };
-      "ssh-keys-private/deck" = {
-        path = "/home/deck/.ssh/id_ed25519";
-        mode = "0600";
-      };
-    };
-  };
-
-  programs = {
-    steam-rom-manager = {
-      enable = true;
-      steamUsername = "mjallen18";
-      
-      # Optional: override default paths if needed
-      environmentVariables = {
-        romsDirectory = "/home/deck/Emulation/roms";
-        steamDirectory = "/home/deck/.local/share/Steam";
-      };
-      
-      emulators = {
-        ryujinx.enable = true;
-
-        dolphin-gamecube = {
-          enable = true;
-          package = pkgs.dolphin-emu;
-          romFolder = "gc";
-          fileTypes = [ ".iso" ".ISO" ".gcm" ".GCM" ".ciso" ".CISO" "rvz" ];
-          extraArgs = "-b -e \"\${filePath}\"";
-        };
-        
-        pcsx2.enable = true;
-        mgba.enable = true;
-        
-        "Non-SRM Shortcuts" = {
-          enable = true;
-          parserType = "Non-SRM Shortcuts";
-          extraArgs = "";
-        };
-      };
-    };
-
-    zsh.shellAliases = shellAliases;
-  };
-
-  home.packages = with pkgs; [
-    dolphin-emu
-    heroic
-    mgba
-    prismlauncher
-    ryujinx-greemdev
-    vmware-horizon-client
-  ];
-}

hosts/deck/jovian.nix

@@ -1,24 +0,0 @@
-{ ... }:
-{
-  jovian = {
-    steam = {
-      enable = true;
-      autoStart = true;
-      user = "deck";
-      desktopSession = "gnome";
-    };
-
-    steamos = {
-      useSteamOSConfig = true;
-    };
-
-    devices = {
-      steamdeck = {
-        enable = true;
-        enableGyroDsuService = true; # If enabled, motion data from the gyroscope can be used in Cemu with Cemuhoo
-      };
-    };
-
-    hardware.has.amd.gpu = true;
-  };
-}

hosts/deck/networking.nix

@@ -1,44 +0,0 @@
-{ config, lib, ... }:
-let
-  hostname = "steamdeck";
-  wifiSsid = "Joey's Jungle 5G";
-in
-{
-  networking = {
-    hostName = hostname;
-    networkmanager = {
-      enable = true;
-      wifi.powersave = lib.mkDefault false;
-      settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
-      ensureProfiles = {
-        environmentFiles = [
-          config.sops.secrets.wifi.path
-        ];
-
-        profiles = {
-          wifiSsid = {
-            connection = {
-              id = wifiSsid;
-              type = "wifi";
-            };
-            ipv4 = {
-              method = "auto";
-            };
-            ipv6 = {
-              addr-gen-mode = "stable-privacy";
-              method = "auto";
-            };
-            wifi = {
-              mode = "infrastructure";
-              ssid = wifiSsid;
-            };
-            wifi-security = {
-              key-mgmt = "sae";
-              psk = "$PSK";
-            };
-          };
-        };
-      };
-    };
-  };
-}

hosts/desktop/configuration.nix

@@ -1,125 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page, on
-# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-
-{
-  lib,
-  pkgs,
-  ...
-}:
-let
-  pkgsVersion = pkgs; #.unstable;
-  environmentVariables = {
-    STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
-    GDK_SCALE = "1";
-    EDITOR = "${pkgs.vscodium}/bin/codium --wait";
-    VISUAL = "${pkgs.vscodium}/bin/codium --wait";
-  };
-  systemPackages = with pkgsVersion; [
-    acpilight
-    aha
-    aspell
-    aspellDicts.en
-    aspellDicts.en-computers
-    aspellDicts.en-science
-    borgbackup
-    brightnessctl
-    # brscan5
-    ddcui
-    ddcutil
-    ddccontrol
-    ddccontrol-db
-    efibootmgr
-    kdePackages.ksvg
-    memtest86-efi
-    memtest86plus
-    os-prober
-    nil
-    qemu_full
-    rclone
-    rclone-browser
-    restic
-    restic-browser
-    restic-integrity
-    sane-frontends
-    sbctl
-    tpm2-tools
-    tpm2-tss
-    udisks2
-    unzip
-    winetricks
-  ];
-in
-{
-  imports = [
-    ./boot.nix
-    ./filesystems.nix
-    ./hardware-configuration.nix
-    ./networking.nix
-    ./nix.nix
-    ./services.nix
-    ./sops.nix
-    ./users.nix
-  ];
-
-  nix = {
-    settings = {
-      substituters = [
-        "https://cache.mjallen.dev"
-      ];
-      trusted-public-keys = [
-        "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
-      ];
-    };
-  };
-
-  chaotic.mesa-git.enable = true;
-
-  # Environment configuration
-  environment = {
-    systemPackages = systemPackages;
-
-    variables = environmentVariables;
-  };
-
-  # Hardware configuration
-  hardware = {
-    # Enable the QMK firmware flashing tool.
-    keyboard = {
-      qmk.enable = true;
-    };
-
-    # Enable Sane and Brother printer support.
-    sane = {
-      enable = true;
-      brscan5.enable = false;
-      # extraBackends = [ pkgsVersion.brscan5 ];
-    };
-  };
-
-  # Common Configuration
-  share = {
-    gaming.enable = true;
-    hardware.amd = {
-      enable = lib.mkDefault true;
-      lact.enable = lib.mkDefault true;
-    };
-  };
-
-  programs.coolercontrol.enable = true;
-
-  # Time configuration
-  time = {
-    hardwareClockInLocalTime = lib.mkDefault false;
-  };
-
-  # Virtualisation configuration
-  virtualisation = {
-    libvirtd.enable = lib.mkDefault true;
-    waydroid.enable = lib.mkDefault true;
-  };
-
-  services.udev.extraRules = ''
-    KERNEL=="i2c-[0-9]*", GROUP="i2c", MODE="0660"
-  '';
-}

hosts/desktop/hardware-configuration.nix

@@ -1,95 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  modulesPath,
-  ...
-}:
-let
-  defeaultBtrfsOptions = [
-    "compress=zstd"
-    "autodefrag"
-  ];
-in 
-{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  fileSystems."/" = {
-    device = "none";
-    fsType = "tmpfs";
-    options = [
-      "defaults"
-      "size=25%"
-      "mode=755"
-    ];
-  };
-
-  fileSystems."/nix" = {
-    device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
-    fsType = "btrfs";
-    options = [
-      "subvol=nix"
-      "noatime"
-    ] ++ defeaultBtrfsOptions;
-  };
-
-  fileSystems."/etc" = {
-    device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
-    fsType = "btrfs";
-    options = [
-      "subvol=etc"
-      "noatime"
-    ] ++ defeaultBtrfsOptions;
-  };
-
-  fileSystems."/root" = {
-    device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
-    fsType = "btrfs";
-    options = [
-      "subvol=root"
-      "noatime"
-    ] ++ defeaultBtrfsOptions;
-  };
-
-  fileSystems."/var/log" = {
-    device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
-    fsType = "btrfs";
-    options = [
-      "subvol=log"
-      "noatime"
-    ] ++ defeaultBtrfsOptions;
-  };
-
-  fileSystems."/home" = {
-    device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
-    fsType = "btrfs";
-    options = [
-      "subvol=home"
-    ] ++ defeaultBtrfsOptions;
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/216E-A7AC";
-    fsType = "vfat";
-  };
-
-  swapDevices = [
-    {
-      device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_1TB_S5P2NS0T307907H-part2";
-      randomEncryption.enable = true;
-    }
-  ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp10s0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp9s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

hosts/desktop/home.nix

@@ -1,66 +0,0 @@
-{ pkgs, ... }:
-let
-  shellAliases = {
-    update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
-    update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
-    update-flake = "nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager --flake /etc/nixos";
-    update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
-  };
-in
-{
-  home.username = "matt";
-
-  sops = {
-    age.keyFile = "/home/matt/.config/sops/age/keys.txt";
-    defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
-    validateSopsFiles = false;
-    secrets = {
-      "ssh-keys-public/desktop-nixos" = {
-        path = "/home/matt/.ssh/id_ed25519.pub";
-        mode = "0644";
-      };
-      "ssh-keys-private/desktop-nixos" = {
-        path = "/home/matt/.ssh/id_ed25519";
-        mode = "0600";
-      };
-    };
-  };
-
-  services = {
-    remmina = {
-      enable = true;
-      addRdpMimeTypeAssoc = true;
-    };
-  };
-
-  programs = {
-    password-store.enable = true;
-
-    zsh.shellAliases = shellAliases;
-  };
-
-  home.packages = with pkgs; [
-    bottles
-    unstable.compose2nix
-    discord
-    heroic
-    stable.vmware-horizon-client
-    jq
-    lutris
-    lzip
-    morph
-    orca-slicer
-    piper
-    prismlauncher
-    protontricks
-    protonvpn-gui
-    python3
-    qmk
-    smile
-    unigine-heaven
-    via
-    virt-manager
-    vorta
-    waydroid-helper
-  ];
-}

hosts/desktop/networking.nix

@@ -1,46 +0,0 @@
-{ lib, config, ... }:
-let
-  hostname = "matt-nixos";
-in
-{
-  # Networking configs
-  networking = {
-    hostName = lib.mkDefault hostname;
-
-    # Enable Network Manager
-    networkmanager = {
-      enable = lib.mkDefault true;
-      wifi.powersave = lib.mkDefault false;
-      settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
-      ensureProfiles = {
-        environmentFiles = [
-          config.sops.secrets.wifi.path
-        ];
-
-        profiles = {
-          "Joey's Jungle 6G" = {
-            connection = {
-              id = "Joey's Jungle 6G";
-              type = "wifi";
-            };
-            ipv4 = {
-              method = "auto";
-            };
-            ipv6 = {
-              addr-gen-mode = "stable-privacy";
-              method = "auto";
-            };
-            wifi = {
-              mode = "infrastructure";
-              ssid = "Joey's Jungle 6G";
-            };
-            wifi-security = {
-              key-mgmt = "sae";
-              psk = "$PSK";
-            };
-          };
-        };
-      };
-    };
-  };
-}

hosts/desktop/nix.nix

@@ -1,33 +0,0 @@
-{ lib, ... }:
-let
-  user = "matt";
-in
-{
-  nix = {
-    settings = {
-      substituters = [
-        "https://cache.mjallen.dev/nas-cache"
-      ];
-      trusted-public-keys = [
-        "nas-cache:5ibTWOXJYlKBaoNtdDEPmvdLPtfnbwf9jvdnfwi5dUs="
-      ];
-      warn-dirty = lib.mkForce false;
-      experimental-features = lib.mkForce [
-        "nix-command"
-        "flakes"
-      ];
-      trusted-users = [ user ];
-    };
-    # settings.builders-use-substitutes = true;
-    # distributedBuilds = true;
-    buildMachines = [
-      {
-        hostName = "jallen-nas.local";
-        system = "x86_64-linux";
-        maxJobs = 10;
-        sshUser = "admin";
-        supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
-      }
-    ];
-  };
-}

hosts/desktop/services.nix

@@ -1,108 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  pkgsVersion = pkgs; #.unstable;
-in 
-{
-  services = {
-    # Enable Flatpak
-    flatpak.enable = lib.mkDefault false;
-
-    # enable auto discovery of printers
-    avahi = {
-      enable = lib.mkDefault true;
-      nssmdns4 = lib.mkDefault true;
-      openFirewall = lib.mkDefault true;
-    };
-
-    restic.backups = {
-      jallen-nas = {
-        initialize = true;
-        createWrapper = true;
-        inhibitsSleep = true;
-        environmentFile = config.sops.templates."restic.env".path;
-        passwordFile = config.sops.secrets."desktop/restic/password".path;
-        repositoryFile = config.sops.secrets."desktop/restic/repo".path;
-        paths = [
-          "/home/matt"
-        ];
-        exclude = [
-          "/home/matt/Steam"
-          "/home/matt/Heroic"
-          "/home/matt/1TB"
-          "/home/matt/Downloads"
-          "/home/matt/Nextcloud"
-          "/home/matt/.cache"
-          "/home/matt/.local/share/Steam"
-          "/home/matt/.var/app/com.valvesoftware.Steam"
-          "/home/matt/.tmp"
-          "/home/matt/.thumbnails"
-          "/home/matt/.compose-cache"
-        ];
-      };
-      proton-drive = {
-        initialize = true;
-        createWrapper = true;
-        inhibitsSleep = true;
-        passwordFile = config.sops.secrets."desktop/restic/password".path;
-        rcloneConfigFile = "/home/matt/.config/rclone/rclone.conf";
-        repository = "rclone:proton-drive:backup-nix";
-        paths = [
-          "/home/matt"
-        ];
-        exclude = [
-          "/home/matt/Steam"
-          "/home/matt/Heroic"
-          "/home/matt/1TB"
-          "/home/matt/Downloads"
-          "/home/matt/Nextcloud"
-          "/home/matt/.cache"
-          "/home/matt/.local/share/Steam"
-          "/home/matt/.var/app/com.valvesoftware.Steam"
-          "/home/matt/.tmp"
-          "/home/matt/.thumbnails"
-          "/home/matt/.compose-cache"
-        ];
-      };
-    };
-
-    btrfs = {
-      autoScrub.enable = lib.mkDefault true;
-      autoScrub.fileSystems = lib.mkDefault [
-        "/nix"
-        "/root"
-        "/etc"
-        "/var/log"
-        "/home"
-      ];
-    };
-
-    ratbagd.enable = lib.mkDefault true;
-  };
-
-  systemd = {
-    user.services = {
-      rclone-home-proton = {
-        enable = lib.mkDefault false;
-        path = with pkgsVersion; [
-          bash
-          pkgs.rclone
-        ];
-        script = ''
-          rclone sync /home/matt proton-drive:backup-nix --exclude '/home/matt/Games/**' --exclude '/home/matt/1TB/**' --exclude '/home/matt/Downloads/**'
-        '';
-      };
-
-      rsync-home = {
-        enable = lib.mkDefault false;
-        path = with pkgsVersion; [
-          bash
-          rsync
-          openssh
-        ];
-        script = ''
-          rsync -rtpogvPlHzs --ignore-existing --exclude={'/home/matt/Games', '/home/matt/1TB', '/home/matt/Downloads/*', '/home/matt/.cache'} -e ssh /home/matt admin@10.0.1.3:/media/nas/main/backup/desktop-nix/home 
-        '';
-      };
-    };
-  };
-}

hosts/desktop/users.nix

@@ -1,26 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  user = "matt";
-  passwordFile = config.sops.secrets."desktop/matt_password".path;
-  pkgsVersion = pkgs; #.unstable;
-in 
-{
-  users.users."${user}" = {
-    isNormalUser = lib.mkDefault true;
-    extraGroups = [
-      "wheel"
-      "keys"
-      "networkmanager"
-      "ratbagd"
-      "input"
-      "scanner"
-      "lp"
-      "video"
-      "i2c"
-    ]; # Enable ‘sudo’ for the user.
-    hashedPasswordFile = passwordFile;
-    shell = pkgsVersion.zsh;
-  };
-
-  users.users.root.shell = pkgsVersion.zsh;
-}

hosts/homeassistant/automations.yaml

@@ -1,236 +0,0 @@
-- id: '1740678838632'
-  alias: Bedroom Light Switch
-  description: ''
-  triggers:
-  - domain: mqtt
-    device_id: 8b3a5a5b6faaba744c70ee940446a8af
-    type: action
-    subtype: on-press
-    trigger: device
-    id: on press
-  - domain: mqtt
-    device_id: 8b3a5a5b6faaba744c70ee940446a8af
-    type: action
-    subtype: off-press
-    trigger: device
-    id: off press
-  - domain: mqtt
-    device_id: 8b3a5a5b6faaba744c70ee940446a8af
-    type: action
-    subtype: up-press
-    trigger: device
-    id: up press
-  - domain: mqtt
-    device_id: 8b3a5a5b6faaba744c70ee940446a8af
-    type: action
-    subtype: down-press
-    trigger: device
-    id: down press
-  conditions: []
-  actions:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - on press
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          transition: 2
-          brightness_pct: 100
-          kelvin: 6004
-        target:
-          entity_id: light.bedroom_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - off press
-      sequence:
-      - action: light.turn_off
-        metadata: {}
-        data:
-          transition: 2
-        target:
-          entity_id: light.bedroom_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - up press
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          brightness_step_pct: 10
-        target:
-          entity_id: light.bedroom_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - down press
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          brightness_step_pct: -10
-        target:
-          entity_id: light.bedroom_lights
-  mode: single
-- id: '1740697291423'
-  alias: Living Rooom Lights
-  description: ''
-  triggers:
-  - domain: mqtt
-    device_id: b4fb325dfe68d4f80391417998f35843
-    type: action
-    subtype: on-press
-    trigger: device
-    id: on press
-  - domain: mqtt
-    device_id: b4fb325dfe68d4f80391417998f35843
-    type: action
-    subtype: off-press
-    trigger: device
-    id: off press
-  - domain: mqtt
-    device_id: b4fb325dfe68d4f80391417998f35843
-    type: action
-    subtype: up-press
-    trigger: device
-    id: up press
-  - domain: mqtt
-    device_id: b4fb325dfe68d4f80391417998f35843
-    type: action
-    subtype: down-press
-    trigger: device
-    id: down press
-  - domain: mqtt
-    device_id: b4fb325dfe68d4f80391417998f35843
-    type: action
-    subtype: on-hold
-    trigger: device
-    id: on-hold
-  conditions: []
-  actions:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - on press
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          transition: 2
-          brightness_pct: 100
-          kelvin: 6004
-        target:
-          entity_id:
-          - light.living_room_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - off press
-      sequence:
-      - action: light.turn_off
-        metadata: {}
-        data:
-          transition: 2
-        target:
-          entity_id:
-          - light.living_room_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - up press
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          brightness_step_pct: 10
-        target:
-          entity_id: light.living_room_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - down press
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          brightness_step_pct: -10
-        target:
-          entity_id: light.living_room_light_1
-    - conditions:
-      - condition: trigger
-        id:
-        - on-hold
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          transition: 0
-          brightness_pct: 100
-          rgb_color:
-          - 224
-          - 27
-          - 36
-        target:
-          entity_id: light.living_room_lights
-  mode: single
-- id: '1741048414771'
-  alias: Front Closet
-  description: ''
-  triggers:
-  - type: present
-    device_id: c6519ea1e715f397dbbf7b73452f9e49
-    entity_id: c3a7b8892b8b372d2c40556e770ddc68
-    domain: binary_sensor
-    trigger: device
-    for:
-      hours: 0
-      minutes: 0
-      seconds: 0
-    id: present
-  - type: not_present
-    device_id: c6519ea1e715f397dbbf7b73452f9e49
-    entity_id: c3a7b8892b8b372d2c40556e770ddc68
-    domain: binary_sensor
-    trigger: device
-    for:
-      hours: 0
-      minutes: 0
-      seconds: 5
-    id: not
-  conditions: []
-  actions:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - present
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          transition: 2
-          brightness_pct: 100
-          kelvin: 6010
-        target:
-          entity_id:
-          - light.front_closet_light_1
-          - light.front_closet_light_2
-    - conditions:
-      - condition: trigger
-        id:
-        - not
-      sequence:
-      - action: light.turn_off
-        metadata: {}
-        data:
-          transition: 2
-        target:
-          entity_id:
-          - light.front_closet_light_1
-          - light.front_closet_light_2
-  mode: single

hosts/homeassistant/automations.yaml.ori

@@ -1,576 +0,0 @@
-- id: '1692388103102'
-  alias: Weekly Backup
-  description: Create a full backup every Sunday at 3 am and store it on the NAS
-  trigger:
-  - platform: time
-    at: 03:00:00
-  condition:
-  - condition: time
-    weekday:
-    - sun
-  action:
-  - service: hassio.backup_full
-    data:
-      compressed: true
-  mode: single
-- id: '1692389901297'
-  alias: Livingroom Lights
-  description: ''
-  trigger:
-  - platform: device
-    domain: mqtt
-    device_id: 37d42431de65199af00220b43dae04c1
-    type: action
-    subtype: on_press
-    id: 'on'
-  - platform: device
-    domain: mqtt
-    device_id: 37d42431de65199af00220b43dae04c1
-    type: action
-    subtype: off_press
-    id: 'off'
-  - platform: device
-    domain: mqtt
-    device_id: 37d42431de65199af00220b43dae04c1
-    type: action
-    subtype: up_press
-    id: up
-  - platform: device
-    domain: mqtt
-    device_id: 37d42431de65199af00220b43dae04c1
-    type: action
-    subtype: down_press
-    id: down
-  - platform: device
-    domain: mqtt
-    device_id: 37d42431de65199af00220b43dae04c1
-    type: action
-    subtype: on_hold
-    id: hold
-  condition: []
-  action:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - 'on'
-      sequence:
-      - data:
-          brightness_pct: 100
-          color_temp_kelvin: 5000
-          transition: 1
-        target:
-          entity_id: light.livingroom_lights
-        action: light.turn_on
-    - conditions:
-      - condition: trigger
-        id:
-        - 'off'
-      sequence:
-      - data:
-          transition: 1
-        target:
-          entity_id: light.livingroom_lights
-        action: light.turn_off
-    - conditions:
-      - condition: trigger
-        id:
-        - hold
-      sequence:
-      - data:
-          brightness_pct: 100
-          rgb_color:
-          - 255
-          - 38
-          - 0
-          transition: 1
-        target:
-          entity_id: light.livingroom_lights
-        action: light.turn_on
-    - conditions:
-      - condition: trigger
-        id:
-        - dim up
-      sequence:
-      - data:
-          brightness_step_pct: 20
-        target:
-          entity_id: light.livingroom_lights
-        action: light.turn_on
-    - conditions:
-      - condition: trigger
-        id:
-        - dim down
-      sequence:
-      - data:
-          brightness_step_pct: -20
-        target:
-          entity_id: light.livingroom_lights
-        action: light.turn_on
-  mode: single
-- id: '1692390365798'
-  alias: Bedroom Lights
-  description: ''
-  triggers:
-  - domain: mqtt
-    device_id: a492c0abb8f14e0888df08101f77f484
-    type: action
-    subtype: off_press
-    id: 'off'
-    trigger: device
-  - domain: mqtt
-    device_id: a492c0abb8f14e0888df08101f77f484
-    type: action
-    subtype: on_press
-    id: 'on'
-    trigger: device
-  - domain: mqtt
-    device_id: a492c0abb8f14e0888df08101f77f484
-    type: action
-    subtype: up_press
-    id: up
-    trigger: device
-  - domain: mqtt
-    device_id: a492c0abb8f14e0888df08101f77f484
-    type: action
-    subtype: down_press
-    id: down
-    trigger: device
-  - domain: mqtt
-    device_id: a492c0abb8f14e0888df08101f77f484
-    type: action
-    subtype: on_hold
-    id: hold on
-    trigger: device
-  conditions: []
-  actions:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - 'on'
-      sequence:
-      - data:
-          brightness_pct: 100
-          color_temp_kelvin: 5000
-          transition: 1
-        target:
-          entity_id: light.bedroom_lights
-        action: light.turn_on
-    - conditions:
-      - condition: trigger
-        id:
-        - 'off'
-      sequence:
-      - data:
-          transition: 1
-        target:
-          entity_id:
-          - light.bedroom_lights
-        action: light.turn_off
-    - conditions:
-      - condition: trigger
-        id:
-        - up
-      sequence:
-      - device_id: 171fa001578683249ff26f2d85817fef
-        domain: light
-        entity_id: 55d41329665f60a55a732c5bbececd22
-        type: brightness_increase
-      - device_id: c92fea3d569ca668e6617a189f917a28
-        domain: light
-        entity_id: 0c8630c2b37ae9615f9cf815aaebf40f
-        type: brightness_increase
-    - conditions:
-      - condition: trigger
-        id:
-        - down
-      sequence:
-      - device_id: 171fa001578683249ff26f2d85817fef
-        domain: light
-        entity_id: 55d41329665f60a55a732c5bbececd22
-        type: brightness_decrease
-      - device_id: c92fea3d569ca668e6617a189f917a28
-        domain: light
-        entity_id: 0c8630c2b37ae9615f9cf815aaebf40f
-        type: brightness_decrease
-    - conditions:
-      - condition: trigger
-        id:
-        - hold on
-      sequence:
-      - metadata: {}
-        data:
-          rgb_color:
-          - 255
-          - 0
-          - 0
-          brightness_pct: 100
-        target:
-          entity_id: light.bedroom_lights
-        action: light.turn_on
-  mode: single
-- id: '1694441037420'
-  alias: Air Purifier Schedule
-  description: ''
-  trigger:
-  - platform: time
-    at: 07:00:00
-    id: fan off
-  - platform: time
-    at: '23:00:00'
-    id: fan on
-  condition: []
-  action:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - fan on
-      sequence:
-      - service: fan.set_percentage
-        data:
-          percentage: 100
-        target:
-          entity_id: fan.bedroom_air_purifier
-    - conditions:
-      - condition: trigger
-        id:
-        - fan off
-      sequence:
-      - service: fan.set_preset_mode
-        data:
-          preset_mode: auto
-        target:
-          entity_id: fan.bedroom_air_purifier
-  mode: single
-- id: '1705949582146'
-  alias: Ice Maker Power Schedule
-  description: ''
-  trigger:
-  - platform: time_pattern
-    hours: '*'
-    minutes: '0'
-    seconds: '0'
-  condition: []
-  action:
-  - type: toggle
-    device_id: 41c66532e23aadc4c6ac95e520e5d345
-    entity_id: bd17ac75a91e62ed7e6b148cfe33d43d
-    domain: switch
-  - alias: Set Ice Maker Light to Dim
-    device_id: 41c66532e23aadc4c6ac95e520e5d345
-    domain: select
-    entity_id: 8f4f90c62b00df9008d14f7ce8967199
-    type: select_option
-    option: 'On'
-  mode: single
-- id: '1708978401738'
-  alias: Soundbar
-  description: ''
-  trigger: []
-  condition: []
-  action:
-  - service: media_player.turn_on
-    metadata: {}
-    data: {}
-    target:
-      entity_id: media_player.soundbar
-  - service: media_player.select_source
-    metadata: {}
-    data:
-      source: wifi
-    target:
-      entity_id: media_player.soundbar
-  - service: media_player.play_media
-    metadata: {}
-    data:
-      media_content_id: media-source://radio_browser/2eff3a1f-b821-4267-9f37-f8d7e72061e4
-      media_content_type: audio/mpeg
-    target:
-      entity_id: media_player.soundbar
-  mode: single
-- id: '1711147285926'
-  alias: Grow Light Schedule
-  description: ''
-  trigger:
-  - platform: time
-    at: 07:00:00
-    id: day
-  - platform: time
-    at: '20:00:00'
-    id: night
-  condition: []
-  action:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - day
-      sequence:
-      - service: switch.turn_on
-        metadata: {}
-        data: {}
-        target:
-          entity_id: switch.grow_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - night
-      sequence:
-      - service: switch.turn_off
-        metadata: {}
-        data: {}
-        target:
-          entity_id: switch.grow_lights
-  mode: single
-- id: '1723142554607'
-  alias: Restart Luci's Box
-  description: for some reason this box sucks and needs to get reboot periodically
-  trigger:
-  - platform: time_pattern
-    hours: '*'
-  condition: []
-  action:
-  - type: turn_off
-    device_id: e7f8974c31567dddbbffb036fe8381bc
-    entity_id: e1e71e4acdfcbb6c4afdc174807ad8be
-    domain: switch
-  - delay:
-      hours: 0
-      minutes: 0
-      seconds: 1
-      milliseconds: 0
-  - type: turn_on
-    device_id: e7f8974c31567dddbbffb036fe8381bc
-    entity_id: e1e71e4acdfcbb6c4afdc174807ad8be
-    domain: switch
-  - type: turn_on
-    device_id: d5eb3c182a1ef2a231b94b09c26aed45
-    entity_id: 7106df7ebde274ac4bc2b197d5c45bea
-    domain: fan
-  - device_id: d5eb3c182a1ef2a231b94b09c26aed45
-    domain: number
-    entity_id: 59a7cd3cb2883bf6002f789c2ff4824c
-    type: set_value
-    value: 3
-  mode: single
-- id: '1724707092916'
-  alias: HASS Updates
-  description: ''
-  use_blueprint:
-    path: edwardtfn/auto_update_scheduled.yaml
-    input:
-      schedule_entity: schedule.updates
-      restart_bool: true
-- id: '1724707291994'
-  alias: IOT Battery Checker
-  description: ''
-  use_blueprint:
-    path: sbyx/low-battery-level-detection-notification-for-all-battery-sensors.yaml
-    input:
-      exclude:
-        entity_id: []
-        device_id:
-        - 66e9cee67a740e8925dae5fc9ce940f0
-        - df76e3a3e48b49e13bd3006350826740
-      actions:
-      - action: notify.persistent_notification
-        metadata: {}
-        data:
-          message: Device Battery Low
-- id: '1729708621620'
-  alias: Closet Lights
-  description: ''
-  triggers:
-  - type: present
-    device_id: 0924cbdcd24416e768caa52301db59f7
-    entity_id: e9f0acef50550033cd96155bd501b7c3
-    domain: binary_sensor
-    trigger: device
-    for:
-      hours: 0
-      minutes: 0
-      seconds: 0
-    id: Present
-  - type: not_present
-    device_id: 0924cbdcd24416e768caa52301db59f7
-    entity_id: e9f0acef50550033cd96155bd501b7c3
-    domain: binary_sensor
-    trigger: device
-    for:
-      hours: 0
-      minutes: 0
-      seconds: 0
-    id: empty
-  conditions: []
-  actions:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - Present
-      sequence:
-      - action: light.turn_on
-        metadata: {}
-        data:
-          transition: 3
-          brightness_pct: 100
-          kelvin: 5008
-        target:
-          device_id:
-          - e25128ac8fcf62af66a039cde3104760
-          - ddcfd5ea4fc5f5a88e18325b01c615db
-    - conditions:
-      - condition: trigger
-        id:
-        - empty
-      sequence:
-      - action: light.turn_off
-        metadata: {}
-        data:
-          transition: 3
-        target:
-          device_id:
-          - e25128ac8fcf62af66a039cde3104760
-          - ddcfd5ea4fc5f5a88e18325b01c615db
-  mode: single
-- id: '1729881464325'
-  alias: Bedroom Closet
-  description: ''
-  triggers:
-  - type: present
-    device_id: 28e7f211c72409fe244183219abf6ffa
-    entity_id: aa474f323868586cef62070654f36936
-    domain: binary_sensor
-    trigger: device
-    id: Present
-  - type: not_present
-    device_id: 28e7f211c72409fe244183219abf6ffa
-    entity_id: aa474f323868586cef62070654f36936
-    domain: binary_sensor
-    trigger: device
-    id: empty
-  conditions: []
-  actions:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - Present
-      sequence:
-      - type: turn_on
-        device_id: f5936d6143b7927433e9c0430c79acab
-        entity_id: f6ec42c9db2c191866a335a346b1ec44
-        domain: switch
-    - conditions:
-      - condition: trigger
-        id:
-        - empty
-      sequence:
-      - type: turn_off
-        device_id: f5936d6143b7927433e9c0430c79acab
-        entity_id: f6ec42c9db2c191866a335a346b1ec44
-        domain: switch
-  mode: single
-- id: '1740179328446'
-  alias: Living Room Lights
-  description: ''
-  triggers:
-  - domain: mqtt
-    device_id: f7482a462dc7cc05b4ceaa0d882dc469
-    type: action
-    subtype: off_press
-    trigger: device
-    id: 'off'
-  - domain: mqtt
-    device_id: f7482a462dc7cc05b4ceaa0d882dc469
-    type: action
-    subtype: on_press
-    trigger: device
-    id: 'on'
-  - domain: mqtt
-    device_id: f7482a462dc7cc05b4ceaa0d882dc469
-    type: action
-    subtype: up_press
-    trigger: device
-    id: up
-  - domain: mqtt
-    device_id: f7482a462dc7cc05b4ceaa0d882dc469
-    type: action
-    subtype: down_press
-    trigger: device
-    id: down
-  - domain: mqtt
-    device_id: f7482a462dc7cc05b4ceaa0d882dc469
-    type: action
-    subtype: on_hold
-    trigger: device
-    id: hold on
-  conditions: []
-  actions:
-  - choose:
-    - conditions:
-      - condition: trigger
-        id:
-        - 'on'
-      sequence:
-      - data:
-          brightness_pct: 100
-          color_temp_kelvin: 5000
-          transition: 1
-        action: light.turn_on
-        target:
-          entity_id: light.livingroom_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - 'off'
-      sequence:
-      - data:
-          transition: 1
-        action: light.turn_off
-        target:
-          entity_id: light.livingroom_lights
-    - conditions:
-      - condition: trigger
-        id:
-        - up
-      sequence:
-      - device_id: 8bc2033b03d5a474ca3204c5ca53e308
-        domain: light
-        entity_id: 4a3cc9043ff985e9271683e1916bd9e1
-        type: brightness_increase
-      - device_id: 8f4f51aed9b3b4284f520af25358efd9
-        domain: light
-        entity_id: f45e74498c4b6bae65aaf5adf67e29d6
-        type: brightness_increase
-    - conditions:
-      - condition: trigger
-        id:
-        - down
-      sequence:
-      - device_id: 8bc2033b03d5a474ca3204c5ca53e308
-        domain: light
-        entity_id: 4a3cc9043ff985e9271683e1916bd9e1
-        type: brightness_decrease
-      - device_id: 8bc2033b03d5a474ca3204c5ca53e308
-        domain: light
-        entity_id: 4a3cc9043ff985e9271683e1916bd9e1
-        type: brightness_decrease
-    - conditions:
-      - condition: trigger
-        id:
-        - hold on
-      sequence:
-      - metadata: {}
-        data:
-          rgb_color:
-          - 255
-          - 0
-          - 0
-          brightness_pct: 100
-        action: light.turn_on
-        target:
-          entity_id: light.livingroom_lights
-  mode: single

hosts/homeassistant/boot.nix

@@ -1,40 +0,0 @@
-{ lib, pkgs, ... }:
-let
-  kernel = pkgs.linuxPackages_latest;
-in
-{
-  # Configure bootloader with lanzaboot and secureboot
-  boot = {
-    kernelModules = [ "nct6775" ];
-    loader = {
-      systemd-boot.enable = true;
-      efi = {
-        canTouchEfiVariables = true;
-        efiSysMountPoint = "/boot";
-      };
-    };
-
-    initrd = {
-      verbose = false;
-      systemd.enable = true;
-    };
-
-    plymouth = {
-      enable = true;
-    };
-
-    kernelPackages = kernel;
-
-    kernelParams = [
-      "quiet"
-      "splash"
-    ];
-
-    consoleLogLevel = 3;
-    bootspec.enable = true;
-  };
-
-  environment.systemPackages = with pkgs; [ 
-    edk2-uefi-shell
-   ];
-}

hosts/homeassistant/configuration.nix

@@ -1,141 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page, on
-# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-
-{ config, lib, pkgs, ... }:
-
-let
-  user = "hass-admin";
-  password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
-  SSID = "Joey's Jungle 5G";
-  SSIDpassword = "kR8v&3Qd"; # config.sops.templates."wifi-password".content;
-  interface = "wlp0s20f3";
-  timezone = "America/Chicago";
-  hostname = "jallen-hass";
-in
-{
-  imports = [
-    # Include the results of the hardware scan.
-    ./boot.nix
-    ./hardware-configuration.nix
-    ./impermanence.nix
-    ./homeassistant.nix
-    ../default.nix
-  ];
-
-  # Enable nix flakes and nix-command tools
-  nix.settings.experimental-features = [
-    "nix-command"
-    "flakes"
-  ];
-
-  nix.settings.trusted-users = [ "@wheel" ];
-
-  # Set your time zone.
-  time.timeZone = timezone;
-
-  networking = {
-    networkmanager = {
-      enable = true;
-      
-      # Configure the static connection for eno1
-#      ensureProfiles = {
-#        profiles = {
-#          joeys-jungle = {
-#            connection = {
-#              id = "joeys-jungle";
-#              permissions = "";
-#              type = "wifi";
-#            };
-#            ipv4 = {
-#              dns-search = "";
-#              method = "auto";
-#            };
-#            ipv6 = {
-#              addr-gen-mode = "stable-privacy";
-#              dns-search = "";
-#               method = "auto";
-#            };
-#            wifi = {
-#              mac-address-blacklist = "";
-#              mode = "infrastructure";
-##              ssid = SSID;
-#            };
-#            wifi-security = {
-#              auth-alg = "open";
-#              key-mgmt = "wpa-psk";
-#              psk = SSIDpassword;
-#            };
-#          };
-#          "static-eno1" = {
-#            connection = {
-#              id = "static-eno1";
-#              type = "ethernet";
-#              interface-name = "eno1";
-#            };
-#            ipv4 = {
-#              method = "manual";
-#              addresses = "10.0.1.19/24";
-#              gateway = "10.0.1.1";
-#              dns = "10.0.1.1";
-#            };
-#          };
-#        };
-#      };
-    };
-    hostName = hostname;
-    wireless = {
-      enable = false;
-      networks."${SSID}".psk = SSIDpassword;
-      interfaces = [ interface ];
-    };
-  };
-
-  environment.systemPackages = with pkgs; [
-    vim
-    htop
-    git
-    protonmail-bridge
-    pass
-    gnome-keyring
-    openssl
-  ];
-
-  services.xserver.desktopManager.surf-display = {
-    enable = true;
-    defaultWwwUri = "http://jallen-hass:8123"; # todo: external maybe for reasons???
-  };
-
-  services.openssh.enable = true;
-  services.protonmail-bridge = {
-    enable = true;
-    path = with pkgs; [ pass gnome-keyring ];
-  };
-  
-  # Enable Avahi for .local hostname resolution
-  services.avahi = {
-    enable = true;
-    nssmdns4 = true;  # For modern systems, use nssmdns4 instead of nssmdns
-    publish = {
-      enable = true;
-      addresses = true;
-      domain = true;
-      workstation = true;
-    };
-  };
-
-  users = {
-    mutableUsers = false;
-    users."${user}" = {
-      isNormalUser = lib.mkForce true;
-      initialHashedPassword = password;
-      extraGroups = [
-        "wheel"
-        "docker"
-        "network-manager"
-        "hass"
-      ];
-      shell = pkgs.zsh;
-    };
-  };
-}

hosts/homeassistant/hardware-configuration.nix

@@ -1,70 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "none";
-      fsType = "tmpfs";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/AB0D-A6A2";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
-      fsType = "btrfs";
-      options = [ "subvol=nix" ];
-    };
-
-  fileSystems."/etc" =
-    { device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
-      fsType = "btrfs";
-      options = [ "subvol=etc" ];
-    };
-
-  fileSystems."/var/log" =
-    { device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
-      fsType = "btrfs";
-      options = [ "subvol=log" ];
-    };
-
-  fileSystems."/root" =
-    { device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
-      fsType = "btrfs";
-      options = [ "subvol=root" ];
-    };
-
-  fileSystems."/home" =
-    { device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
-      fsType = "btrfs";
-      options = [ "subvol=home" ];
-    };
-
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/d631d42b-b70a-4579-bfb4-57412ae7c682"; }
-    ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

hosts/homeassistant/home.nix

@@ -1,64 +0,0 @@
-{ lib, pkgs, ... }:
-let
-  shellAliases = {
-    ll = "ls -alh";
-    update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
-    update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
-    update-flake = "sudo nix flake update ~/nix-config";
-    update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
-    nas-ssh = "kitten ssh admin@10.0.1.3";
-    ducks = "du -cksh * | sort -hr | head -n 15";
-  };
-
-  gitAliases = {
-    co = "checkout";
-    ci = "commit";
-    cia = "commit --amend";
-    s = "status";
-    st = "status";
-    b = "branch";
-    p = "pull --rebase";
-    pu = "push";
-  };
-in
-{
-
-  home.username = "hass-admin";
-  home.homeDirectory = "/home/hass-admin";
-  home.stateVersion = "23.11";
-  programs.home-manager.enable = true;
-
-  programs = {
-    fish.enable = false;
-    mangohud.enable = true;
-    java.enable = true;
-
-    zsh = {
-      enable = true;
-      enableCompletion = true;
-      autosuggestion.enable = true;
-      syntaxHighlighting.enable = true;
-
-      shellAliases = shellAliases;
-
-      oh-my-zsh = {
-        enable = true;
-        plugins = [ "git" ];
-        theme = "fishy";
-      };
-    };
-  };
-
-  programs.git = {
-    enable = true;
-    userName = "mjallen18";
-    userEmail = "matt.l.jallen@gmail.com";
-    aliases = gitAliases;
-  };
-
-  home.packages = with pkgs; [
-    age
-    fastfetch
-    firefox
-  ];
-}

hosts/homeassistant/homeassistant.nix

@@ -1,453 +0,0 @@
-{ config, pkgs, ... }:
-let
-  mosquittoPort = 1883;
-  zigbee2mqttPort = 8080;
-  # "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
-  ha-bambulab = pkgs.stdenv.mkDerivation {
-    pname = "ha-bambulab";
-    version = "v2.1.5";  # Update with correct version
-    
-    src = pkgs.fetchFromGitHub {
-      owner = "greghesp";  # Update with correct owner
-      repo = "ha-bambulab";  # Update with correct repo name
-      rev = "v2.1.5";  # Or specific tag/commit 
-      sha256 = "sha256-iVcNFdkzdMVjbQuzrTLib8fhirnc+OJdPzM60EnyVe0=";  # Replace with actual hash
-    };
-    
-    installPhase = ''
-      mkdir -p $out/custom_components
-      cp -r custom_components/bambu_lab $out/custom_components/
-    '';
-  };
-  ha-gehome = pkgs.stdenv.mkDerivation {
-    pname = "ha-gehome";
-    version = "v2025.2.1";  # Update with correct version
-    
-    src = pkgs.fetchFromGitHub {
-      owner = "simbaja";  # Update with correct owner
-      repo = "ha_gehome";  # Update with correct repo name
-      rev = "v2025.2.1";  # Or specific tag/commit 
-      sha256 = "sha256-nb+KrJoWqvhqH6E7A22xXwQzTYp7yn+hl9WRDXn95Cc=";  # Replace with actual hash
-    };
-    
-    installPhase = ''
-      mkdir -p $out/custom_components
-      cp -r custom_components/ge_home $out/custom_components/
-    '';
-  };
-  ha-mail-and-packages = pkgs.stdenv.mkDerivation {
-    pname = "Home-Assistant-Mail-And-Packages";
-    version = "0.4.2";  # Update with correct version
-    
-    src = pkgs.fetchFromGitHub {
-      owner = "moralmunky";  # Update with correct owner
-      repo = "Home-Assistant-Mail-And-Packages";  # Update with correct repo name
-      rev = "0.4.2";  # Or specific tag/commit 
-      sha256 = "sha256-5LBTlRlkSUx8DOY+F7UvUs4dzjZKdBdgnDUdK6DBdew=";  # Replace with actual hash
-    };
-    
-    installPhase = ''
-      mkdir -p $out/custom_components
-      cp -r custom_components/mail_and_packages $out/custom_components/
-    '';
-  };
-  ha-overseerr = pkgs.stdenv.mkDerivation {
-    pname = "ha-overseerr";
-    version = "0.1.42";  # Update with correct version
-    
-    src = pkgs.fetchFromGitHub {
-      owner = "vaparr";  # Update with correct owner
-      repo = "ha-overseerr";  # Update with correct repo name
-      rev = "0.1.42";  # Or specific tag/commit 
-      sha256 = "sha256-UvUowCgfay9aRV+iC/AQ9vvJzhGZbH+/1kVjxPFBKcI=";  # Replace with actual hash
-    };
-    
-    installPhase = ''
-      mkdir -p $out/custom_components
-      cp -r custom_components/overseerr $out/custom_components/
-    '';
-  };
-  ha-petlibro = pkgs.stdenv.mkDerivation {
-    pname = "ha-petlibro";
-    version = "v1.0.21.1";  # Update with correct version
-    
-    src = pkgs.fetchzip {
-      url = "https://github.com/jjjonesjr33/petlibro/archive/refs/tags/v1.0.21.1.zip";
-      sha256 = "sha256-3EckyAgWxlZeqy9g13yP2nKCcjnyVIp8EdiE/A1pNu4=";  # Replace with actual hash
-    };
-    
-    installPhase = ''
-      mkdir -p $out/custom_components
-      cp -r custom_components/petlibro $out/custom_components/
-    '';
-  };
-  ha-wyzeapi = pkgs.stdenv.mkDerivation {
-    pname = "ha-wyzeapi";
-    version = "0.1.32";  # Update with correct version
-    
-    src = pkgs.fetchzip {
-      url = "https://github.com/SecKatie/ha-wyzeapi/archive/refs/tags/0.1.32.zip";
-      sha256 = "sha256-3xUynZBEHuO2hKLYCb2sBpJAe0JF/8uKqR304Y7JQmE=";  # Replace with actual hash
-    };
-    
-    installPhase = ''
-      mkdir -p $out/custom_components
-      cp -r custom_components/wyzeapi $out/custom_components/
-    '';
-  };
-  
-  # In configuration.nix or a separate file
-  pythonSteam = pkgs.python3.withPackages (ps: [
-    (ps.buildPythonPackage rec {
-      pname = "steam";
-      version = "1.4.4";  # Check for the latest version
-      src = pkgs.fetchPypi {
-        inherit pname version;
-        sha256 = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; # Get the correct hash
-      };
-      doCheck = false;
-      propagatedBuildInputs = [ ps.requests ps.protobuf ];
-    })
-  ]);
-in
-{
-
-  services.home-assistant = {
-    enable = true;
-    openFirewall = true;
-    configWritable = true; # todo
-    extraComponents = [
-      # Components required to complete the onboarding
-      "analytics"
-      "google_translate"
-      "met"
-      "radio_browser"
-      "shopping_list"
-      # Recommended for fast zlib compression
-      # https://www.home-assistant.io/integrations/isal
-      "isal"
-      "subaru"
-      "vesync"
-      "mqtt" # Enables MQTT integration in HA
-      "ffmpeg" # Enables camera streams
-      "zha" # Enables Zigbee integration
-      "homekit"
-      "music_assistant"
-    ];
-    customComponents = with pkgs.home-assistant-custom-components; [
-      auth-header
-    ];
-    customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
-      atomic-calendar-revive
-      bubble-card
-      button-card
-      hourly-weather
-      mini-graph-card
-      mini-media-player
-      multiple-entity-row
-      mushroom
-      vacuum-card
-      weather-chart-card
-      zigbee2mqtt-networkmap
-    ];
-    # use postgresql instead of sqlite
-    extraPackages = ps: with ps; [
-      # Core functionality
-      aiohttp
-      aiodns
-      paho-mqtt
-      pillow
-      pytz
-      pyyaml
-      sqlalchemy
-      
-      # Discovery & networking
-      zeroconf
-      netdisco
-      ifaddr
-      ssdp
-      
-      # Device protocols
-      pyserial                # Serial communications
-      bluepy                  # Bluetooth LE
-      
-      # Smart home ecosystems
-      mutagen                 # Media file metadata
-      pysonos                 # Sonos
-      pywemo                  # Belkin WeMo
-      python-miio             # Xiaomi devices
-      python-kasa             # TP-Link
-      
-      # Sensors & monitoring
-      meteocalc               # Weather calculations
-      speedtest-cli           # Internet speed
-      
-      # Visualization & UI
-      matplotlib              # Graphing
-      
-      # Security
-      bcrypt
-      cryptography
-      pyjwt
-      
-      # Media
-      ha-ffmpeg               # Camera streams
-      
-      # Specialized integrations
-      python-matter-server    # Matter protocol
-      
-      # System integrations
-      psutil                  # System monitoring
-      
-      psycopg2
-      numpy
-      hassil 
-      pyturbojpeg
-      paho-mqtt
-      pychromecast
-      pyatv 
-      python-otbr-api 
-      brother
-      pyipp
-      govee-ble
-      adguardhome
-      nextcord
-      aiogithubapi
-      jellyfin-apiclient-python
-      pylitterbot
-      dateparser
-      aionut
-      nextcloudmonitor
-      ollama
-      pynecil
-      aiopyarr
-      pysabnzbd
-      getmac
-      zigpy
-      bellows         # For Zigbee EmberZNet-based adapters
-      zigpy-xbee      # For XBee adapters
-      zigpy-deconz    # For ConBee/RaspBee adapters
-      pyicloud        # iCloud
-      pyatv           # Apple TV
-      opencv-python
-      face-recognition
-      ibeacon-ble
-      gehomesdk
-      onedrive-personal-sdk
-      python-roborock
-      pythonSteam
-      apple-weatherkit
-    ];
-    
-    config = {
-      # Includes dependencies for a basic setup
-      # https://www.home-assistant.io/integrations/default_config/
-      default_config = {};
-
-      cloud = false;
-      
-      frontend = {
-        themes = "!include_dir_merge_named themes";
-      };
-
-      "automation ui" = "!include /etc/nixos/hosts/homeassistant/automations.yaml";
-      "scene ui" = "!include /etc/nixos/hosts/homeassistant/scenes.yaml";
-      "script ui" = "!include /etc/nixos/hosts/homeassistant/scripts.yaml";
-
-      http = {
-        use_x_forwarded_for = true;
-        trusted_proxies = [
-          "172.30.33.0/24"
-          "10.0.1.3"
-          "10.0.1.0/24"
-        ];
-      };
-
-      recorder = {
-        db_url = "postgresql://@/hass";
-        purge_keep_days = 180;
-      };
-
-      auth_header = {
-        debug = false;
-        username_header = "X-authentik-username";
-      };
-
-      # https://www.home-assistant.io/integrations/ota_updater/
-      zha.zigpy_config.ota.z2m_remote_index = "https://raw.githubusercontent.com/Koenkk/zigbee-OTA/master/index.json";
-    };
-  };
-
-  # https://www.home-assistant.io/integrations/automation/
-  # systemd.tmpfiles.rules = [
-  #   "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass"
-  # ];
-
-  # This bypasses the component validation and places it directly in HA's data directory
-  system.activationScripts.installCustomComponents = ''
-    mkdir -p ${config.services.home-assistant.configDir}/custom_components
-    cp -r ${ha-bambulab}/custom_components/bambu_lab ${config.services.home-assistant.configDir}/custom_components/
-    cp -r ${ha-gehome}/custom_components/ge_home ${config.services.home-assistant.configDir}/custom_components/
-    cp -r ${ha-mail-and-packages}/custom_components/mail_and_packages ${config.services.home-assistant.configDir}/custom_components/
-    cp -r ${ha-overseerr}/custom_components/overseerr ${config.services.home-assistant.configDir}/custom_components/
-    cp -r ${ha-petlibro}/custom_components/petlibro ${config.services.home-assistant.configDir}/custom_components/
-    cp -r ${ha-wyzeapi}/custom_components/wyzeapi ${config.services.home-assistant.configDir}/custom_components/
-
-    ln -sf /etc/nixos/hosts/homeassistant/automations.yaml ${config.services.home-assistant.configDir}/automations.yaml
-    ln -sf /etc/nixos/hosts/homeassistant/scenes.yaml ${config.services.home-assistant.configDir}/scenes.yaml
-    ln -sf /etc/nixos/hosts/homeassistant/scripts.yaml ${config.services.home-assistant.configDir}/scripts.yaml
-
-
-    chown -R hass:hass ${config.services.home-assistant.configDir}
-    chmod -R 750 ${config.services.home-assistant.configDir}
-  '';
-
-  services = {
-    postgresql = {
-      enable = true;
-      ensureDatabases = [ "hass" ];
-      ensureUsers = [{
-        name = "hass";
-        ensureDBOwnership = true;
-      }];
-    };
-
-    # Enable and configure Mosquitto MQTT broker
-    mosquitto = {
-      enable = true;
-      listeners = [
-        {
-          acl = [ "pattern readwrite #" ];
-          omitPasswordAuth = true;
-          settings.allow_anonymous = true;
-        }
-      ];
-    };
-
-    zigbee2mqtt = {
-      enable = true;
-      settings = {
-        homeassistant = {
-          enabled = config.services.home-assistant.enable;
-          # Optional: Home Assistant discovery topic (default: shown below)
-          # Note: should be different from [MQTT base topic](../mqtt.md) to prevent errors in HA software
-          discovery_topic = "homeassistant";
-          # Optional: Home Assistant status topic (default: shown below)
-          status_topic = "homeassistant/status";
-          # Optional: Experimental support for Home Assistant event entities, may break in the future (default: shown below) when enabled:
-          # - An `event` entity will be discovered for each 'action'.
-          # - The `event_type` attribute will contain the action itself, additional attributes like `button` will have further information.
-          experimental_event_entities = false;
-          # Optional: Home Assistant legacy action sensor (default: `false`), when enabled:
-          # - Zigbee2MQTT will send an empty 'action' after one has been send
-          # - A 'sensor_action' will be discovered
-          legacy_action_sensor = false;
-        };
-
-        permit_join = true;
-        # Web interface
-        frontend = {
-          port = zigbee2mqttPort;  # Choose an available port
-        };
-        # MQTT configuration
-        mqtt = {
-          base_topic = "zigbee2mqtt";
-          server = "mqtt://localhost:1883";
-          # If using authentication:
-          # user = "mqttuser";
-          # password = "your-password";
-        };
-        serial = {
-          port = "/dev/ttyUSB0";
-        };
-      };
-    };
-
-    music-assistant = {
-      enable = true;
-      providers = [
-        # "airplay" # music-assistant: airplay support is missing libraop, a library we will not package because it depends on OpenSSL 1.1.
-        "apple_music"
-        "bluesound"
-        "builtin"
-        "chromecast"
-        "deezer"
-        "dlna"
-        "fanarttv"
-        "filesystem_local"
-        "filesystem_smb"
-        "fully_kiosk"
-        "hass"
-        "hass_players"
-        "jellyfin"
-        "musicbrainz"
-        "opensubsonic"
-        "player_group"
-        "plex"
-        "qobuz"
-        "radiobrowser"
-        "siriusxm"
-        "snapcast"
-        "sonos"
-        "sonos_s1"
-        "soundcloud"
-        "spotify"
-        "template_player_provider"
-        "test"
-        "theaudiodb"
-        "tidal"
-        "tunein"
-        "ytmusic"
-      ];
-    };
-
-    # Enable AirPlay
-    pipewire = {
-      # opens UDP ports 6001-6002
-      raopOpenFirewall = true;
-
-      extraConfig.pipewire = {
-        "10-airplay" = {
-          "context.modules" = [
-            {
-              name = "libpipewire-module-raop-discover";
-
-              # increase the buffer size if you get dropouts/glitches
-              # args = {
-              #   "raop.latency.ms" = 500;
-              # };
-            }
-          ];
-        };
-      };
-    };
-  };
-
-  # Enable required hardware support for the Zigbee adapter
-  hardware.bluetooth.enable = true;  # Some adapters use Bluetooth
-  
-  # Ensure proper permissions for Zigbee USB devices
-  # services.udev.extraRules = ''
-  #   # For CC2531, CC2530, CC1352P-2, CC2538 and similar adapters
-  #   SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="zigbee", MODE="0666"
-  #   SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="zigbee", MODE="0666"
-    
-  #   # For ConBee/RaspBee by Dresden Elektronik
-  #   SUBSYSTEM=="tty", ATTRS{idVendor}=="1cf1", ATTRS{idProduct}=="0030", SYMLINK+="zigbee", MODE="0666"
-    
-  #   # For Electrolama zig-a-zig-ah (zzh!)
-  #   SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="zigbee", MODE="0666"
-  # '';
-
-  environment.systemPackages = with pkgs; [
-    mosquitto  # MQTT command-line tools
-    usbutils   # For lsusb to help identify your adapter
-  ];
-
-  networking.firewall.allowedTCPPorts = [
-    mosquittoPort
-    zigbee2mqttPort
-    8095
-    8097
-  ];
-}

hosts/homeassistant/impermanence.nix

@@ -1,57 +0,0 @@
-{ ... }:
-{
-  # Set up impernance configuration for things like bluetooth
-  # In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
-
-  environment.persistence."/nix/persist/system" = {
-    hideMounts = true;
-    directories = [
-      "/var/lib/bluetooth"
-      "/var/lib/nixos"
-      "/var/lib/tailscale"
-      "/var/lib/systemd/coredump"
-      "/var/lib/zigbee2mqtt"
-      "/var/lib/postgresql"
-#      "/var/lib/music-assistant"
-      "/etc/NetworkManager/system-connections"
-      "/etc/secureboot"
-      {
-        directory = "/var/lib/private/authentik/media";
-        user = "authentik";
-        group = "authentik";
-        mode = "u=rwx,g=,o=";
-      }
-      {
-        directory = "/var/lib/hass";
-        user = "hass";
-        group = "hass";
-        mode = "u=rwx,g=,o=";
-      }
-      {
-        directory = "/var/lib/private";
-        mode = "u=rwx,g=rx,o=";
-      }
-      {
-        directory = "/var/lib/colord";
-        user = "colord";
-        group = "colord";
-        mode = "u=rwx,g=rx,o=";
-      }
-      {
-        directory = "/etc/nix";
-        user = "root";
-        group = "wheel";
-        mode = "u=rwx,g=rx,o=rx";
-      }
-    ];
-    files = [
-      "/var/cache-priv-key.pem"
-      "/etc/machine-id"
-    ];
-  };
-
-  security.sudo.extraConfig = ''
-    # rollback results in sudo lectures after each reboot
-    Defaults lecture = never
-  '';
-}

hosts/mac-nixos/apple-silicon-support/default.nix

@@ -1,7 +0,0 @@
-{ ... }:
-
-{
-  imports = [
-    ./modules/default.nix
-  ];
-}

hosts/mac-nixos/apple-silicon-support/modules/boot-m1n1/default.nix

@@ -1,55 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  pkgs' = config.hardware.asahi.pkgs;
-
-  bootM1n1 = pkgs'.m1n1.override {
-    isRelease = true;
-    withTools = false;
-    customLogo = config.boot.m1n1CustomLogo;
-  };
-
-  bootUBoot = pkgs'.uboot-asahi.override {
-    m1n1 = bootM1n1;
-  };
-
-  bootFiles = {
-    "m1n1/boot.bin" = pkgs.runCommand "boot.bin" {} ''
-      cat ${bootM1n1}/build/m1n1.bin > $out
-      cat ${config.boot.kernelPackages.kernel}/dtbs/apple/*.dtb >> $out
-      cat ${bootUBoot}/u-boot-nodtb.bin.gz >> $out
-      if [ -n "${config.boot.m1n1ExtraOptions}" ]; then
-        echo '${config.boot.m1n1ExtraOptions}' >> $out
-      fi
-    '';
-  };
-in {
-  config = lib.mkIf config.hardware.asahi.enable {
-    # install m1n1 with the boot loader
-    boot.loader.grub.extraFiles = bootFiles;
-    boot.loader.systemd-boot.extraFiles = bootFiles;
-
-    # ensure the installer has m1n1 in the image
-    system.extraDependencies = lib.mkForce [ bootM1n1 bootUBoot ];
-    system.build.m1n1 = bootFiles."m1n1/boot.bin";
-  };
-
-  options.boot = {
-    m1n1ExtraOptions = lib.mkOption {
-      type = lib.types.str;
-      default = "";
-      description = ''
-        Append extra options to the m1n1 boot binary. Might be useful for fixing
-        display problems on Mac minis.
-        https://github.com/AsahiLinux/m1n1/issues/159
-      '';
-    };
-
-    m1n1CustomLogo = lib.mkOption {
-      type = lib.types.nullOr lib.types.path;
-      default = null;
-      description = ''
-        Custom logo to build into m1n1. The path must point to a 256x256 PNG.
-      '';
-    };
-  };
-}

hosts/mac-nixos/apple-silicon-support/modules/default.nix

@@ -1,92 +0,0 @@
-{ config, pkgs, lib, ... }:
-{
-  imports = [
-    ./kernel
-    ./mesa
-    ./peripheral-firmware
-    ./boot-m1n1
-    ./sound
-  ];
-
-  config = let
-      cfg = config.hardware.asahi;
-    in lib.mkIf cfg.enable {
-      nixpkgs.overlays = lib.mkBefore [ cfg.overlay ];
-
-      # patch systemd-boot to boot in Apple Silicon UEFI environment.
-      # This regression only appeared in systemd 256.7.
-      # see https://github.com/NixOS/nixpkgs/pull/355290
-      # and https://github.com/systemd/systemd/issues/35026
-      systemd.package = let
-        systemdBroken = (pkgs.systemd.version == "256.7");
-
-        systemdPatched = pkgs.systemd.overrideAttrs (old: {
-          patches = let
-            oldPatches = (old.patches or []);
-            # not sure why there are non-paths in there but oh well
-            patchNames = (builtins.map (p: if ((builtins.typeOf p) == "path") then builtins.baseNameOf p else "") oldPatches);
-            fixName = "0019-Revert-boot-Make-initrd_prepare-semantically-equival.patch";
-            alreadyPatched = builtins.elem fixName patchNames;
-          in oldPatches ++ lib.optionals (!alreadyPatched) [
-            (pkgs.fetchpatch {
-              url = "https://raw.githubusercontent.com/NixOS/nixpkgs/125e99477b0ac0a54b7cddc6c5a704821a3074c7/pkgs/os-specific/linux/systemd/${fixName}";
-              hash = "sha256-UW3DZiaykQUUNcGA5UFxN+/wgNSW3ufxDDCZ7emD16o=";
-            })
-          ];
-        });
-      in if systemdBroken then systemdPatched else pkgs.systemd;
-
-      hardware.asahi.pkgs =
-        if cfg.pkgsSystem != "aarch64-linux"
-        then
-          import (pkgs.path) {
-            crossSystem.system = "aarch64-linux";
-            localSystem.system = cfg.pkgsSystem;
-            overlays = [ cfg.overlay ];
-          }
-        else pkgs;
-    };
-
-  options.hardware.asahi = {
-    enable = lib.mkOption {
-      type = lib.types.bool;
-      default = true;
-      description = ''
-        Enable the basic Asahi Linux components, such as kernel and boot setup.
-      '';
-    };
-
-    pkgsSystem = lib.mkOption {
-      type = lib.types.str;
-      default = "aarch64-linux";
-      description = ''
-        System architecture that should be used to build the major Asahi
-        packages, if not the default aarch64-linux. This allows installing from
-        a cross-built ISO without rebuilding them during installation.
-      '';
-    };
-
-    pkgs = lib.mkOption {
-      type = lib.types.raw;
-      description = ''
-        Package set used to build the major Asahi packages. Defaults to the
-        ambient set if not cross-built, otherwise re-imports the ambient set
-        with the system defined by `hardware.asahi.pkgsSystem`.
-      '';
-    };
-
-    overlay = lib.mkOption {
-      type = lib.mkOptionType {
-        name = "nixpkgs-overlay";
-        description = "nixpkgs overlay";
-        check = lib.isFunction;
-        merge = lib.mergeOneOption;
-      };
-      default = import ../packages/overlay.nix;
-      defaultText = "overlay provided with the module";
-      description = ''
-        The nixpkgs overlay for asahi packages.
-      '';
-    };
-  };
-}

hosts/mac-nixos/apple-silicon-support/modules/kernel/default.nix

@@ -1,106 +0,0 @@
-# the Asahi Linux kernel and options that must go along with it
-
-{ config, pkgs, lib, ... }:
-{
-  config = lib.mkIf config.hardware.asahi.enable {
-    boot.kernelPackages = let
-      pkgs' = config.hardware.asahi.pkgs;
-    in
-      pkgs'.linux-asahi.override {
-        _kernelPatches = config.boot.kernelPatches;
-        withRust = config.hardware.asahi.withRust;
-      };
-
-    # we definitely want to use CONFIG_ENERGY_MODEL, and
-    # schedutil is a prerequisite for using it
-    # source: https://www.kernel.org/doc/html/latest/scheduler/sched-energy.html
-    powerManagement.cpuFreqGovernor = lib.mkOverride 800 "schedutil";
-
-    boot.initrd.includeDefaultModules = false;
-    boot.initrd.availableKernelModules = [
-      # list of initrd modules stolen from
-      # https://github.com/AsahiLinux/asahi-scripts/blob/f461f080a1d2575ae4b82879b5624360db3cff8c/initcpio/install/asahi
-      "apple-mailbox"
-      "nvme_apple"
-      "pinctrl-apple-gpio"
-      "macsmc"
-      "macsmc-rtkit"
-      "i2c-pasemi-platform"
-      "tps6598x"
-      "apple-dart"
-      "dwc3"
-      "dwc3-of-simple"
-      "xhci-pci"
-      "pcie-apple"
-      "gpio_macsmc"
-      "phy-apple-atc"
-      "nvmem_apple_efuses"
-      "spi-apple"
-      "spi-hid-apple"
-      "spi-hid-apple-of"
-      "rtc-macsmc"
-      "simple-mfd-spmi"
-      "spmi-apple-controller"
-      "nvmem_spmi_mfd"
-      "apple-dockchannel"
-      "dockchannel-hid"
-      "apple-rtkit-helper"
-
-      # additional stuff necessary to boot off USB for the installer
-      # and if the initrd (i.e. stage 1) goes wrong
-      "usb-storage"
-      "xhci-plat-hcd"
-      "usbhid"
-      "hid_generic"
-    ];
-
-    boot.kernelParams = [
-      "earlycon"
-      "console=tty0"
-      "boot.shell_on_fail"
-      # Apple's SSDs are slow (~dozens of ms) at processing flush requests which
-      # slows down programs that make a lot of fsync calls. This parameter sets
-      # a delay in ms before actually flushing so that such requests can be
-      # coalesced. Be warned that increasing this parameter above zero (default
-      # is 1000) has the potential, though admittedly unlikely, risk of
-      # UNBOUNDED data corruption in case of power loss!!!! Don't even think
-      # about it on desktops!!
-      "nvme_apple.flush_interval=0"
-    ];
-
-    # U-Boot does not support EFI variables
-    boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
-
-    # U-Boot does not support switching console mode
-    boot.loader.systemd-boot.consoleMode = "0";
-
-    # GRUB has to be installed as removable if the user chooses to use it
-    boot.loader.grub = lib.mkDefault {
-      efiSupport = true;
-      efiInstallAsRemovable = true;
-      device = "nodev";
-    };
-
-    # autosuspend was enabled as safe for the PCI SD card reader
-    # "Genesys Logic, Inc GL9755 SD Host Controller [17a0:9755] (rev 01)"
-    # by recent systemd versions, but this has a "negative interaction"
-    # with our kernel/SoC and causes random boot hangs. disable it!
-    services.udev.extraHwdb = ''
-      pci:v000017A0d00009755*
-        ID_AUTOSUSPEND=0
-    '';
-  };
-
-  imports = [
-    (lib.mkRemovedOptionModule [ "hardware" "asahi" "addEdgeKernelConfig" ]
-      "All edge kernel config options are now the default.")
-  ];
-
-  options.hardware.asahi.withRust = lib.mkOption {
-    type = lib.types.bool;
-    default = false;
-    description = ''
-      Build the Asahi Linux kernel with Rust support.
-    '';
-  };
-}

hosts/mac-nixos/apple-silicon-support/modules/mesa/default.nix

@@ -1,53 +0,0 @@
-{ options, config, pkgs, lib, ... }:
-{
-  config = let
-    isMode = mode: (config.hardware.asahi.useExperimentalGPUDriver
-        && config.hardware.asahi.experimentalGPUInstallMode == mode);
-  in lib.mkIf config.hardware.asahi.enable (lib.mkMerge [
-    {
-      # required for proper DRM setup even without GPU driver
-      services.xserver.config = ''
-        Section "OutputClass"
-            Identifier "appledrm"
-            MatchDriver "apple"
-            Driver "modesetting"
-            Option "PrimaryGPU" "true"
-        EndSection
-      '';
-    }
-    (lib.mkIf config.hardware.asahi.useExperimentalGPUDriver {
-      # install the Asahi Mesa version
-      hardware.graphics.package = config.hardware.asahi.pkgs.mesa-asahi-edge;
-      # required for in-kernel GPU driver
-      hardware.asahi.withRust = true;
-    })
-  ]);
-
-  options.hardware.asahi.useExperimentalGPUDriver = lib.mkOption {
-    type = lib.types.bool;
-    default = false;
-    description = ''
-      Use the experimental Asahi Mesa GPU driver.
-
-      Do not report issues using this driver under NixOS to the Asahi project.
-    '';
-  };
-
-  # hopefully no longer used, should be deprecated eventually
-  options.hardware.asahi.experimentalGPUInstallMode = lib.mkOption {
-    type = lib.types.enum [ "driver" "replace" "overlay" ];
-    default = "replace";
-    description = ''
-      Mode to use to install the experimental GPU driver into the system.
-
-      driver: install only as a driver, do not replace system Mesa.
-        Causes issues with certain programs like Plasma Wayland.
-
-      replace (default): use replaceRuntimeDependencies to replace system Mesa with Asahi Mesa.
-        Does not work in pure evaluation context (i.e. in flakes by default).
-
-      overlay: overlay system Mesa with Asahi Mesa
-        Requires rebuilding the world.
-    '';
-  };
-}

hosts/mac-nixos/apple-silicon-support/modules/peripheral-firmware/default.nix

@@ -1,69 +0,0 @@
-{ config, pkgs, lib, ... }:
-{
-  config = lib.mkIf config.hardware.asahi.enable {
-    assertions = lib.mkIf config.hardware.asahi.extractPeripheralFirmware [
-      { assertion = config.hardware.asahi.peripheralFirmwareDirectory != null;
-        message = ''
-          Asahi peripheral firmware extraction is enabled but the firmware
-          location appears incorrect.
-        '';
-      }
-    ];
-
-    hardware.firmware = let
-      pkgs' = config.hardware.asahi.pkgs;
-    in
-      lib.mkIf ((config.hardware.asahi.peripheralFirmwareDirectory != null)
-          && config.hardware.asahi.extractPeripheralFirmware) [
-        (pkgs.stdenv.mkDerivation {
-          name = "asahi-peripheral-firmware";
-
-          nativeBuildInputs = [ pkgs'.asahi-fwextract pkgs.cpio ];
-
-          buildCommand = ''
-            mkdir extracted
-            asahi-fwextract ${config.hardware.asahi.peripheralFirmwareDirectory} extracted
-
-            mkdir -p $out/lib/firmware
-            cat extracted/firmware.cpio | cpio -id --quiet --no-absolute-filenames
-            mv vendorfw/* $out/lib/firmware
-          '';
-        })
-      ];
-  };
-
-  options.hardware.asahi = {
-    extractPeripheralFirmware = lib.mkOption {
-      type = lib.types.bool;
-      default = true;
-      description = ''
-        Automatically extract the non-free non-redistributable peripheral
-        firmware necessary for features like Wi-Fi.
-      '';
-    };
-
-    peripheralFirmwareDirectory = lib.mkOption {
-      type = lib.types.nullOr lib.types.path;
-
-      default = lib.findFirst (path: builtins.pathExists (path + "/all_firmware.tar.gz")) null
-        [
-          # path when the system is operating normally
-          /boot/asahi
-          # path when the system is mounted in the installer
-          /mnt/boot/asahi
-        ];
-
-      description = ''
-        Path to the directory containing the non-free non-redistributable
-        peripheral firmware necessary for features like Wi-Fi. Ordinarily, this
-        will automatically point to the appropriate location on the ESP. Flake
-        users and those interested in maximum purity will want to copy those
-        files elsewhere and specify this manually.
-
-        Currently, this consists of the files `all-firmware.tar.gz` and
-        `kernelcache*`. The official Asahi Linux installer places these files
-        in the `asahi` directory of the EFI system partition when creating it.
-      '';
-    };
-  };
-}

hosts/mac-nixos/apple-silicon-support/modules/sound/default.nix

@@ -1,49 +0,0 @@
-{ config, options, pkgs, lib, ... }:
-
-{
-  options.hardware.asahi = {
-    setupAsahiSound = lib.mkOption {
-      type = lib.types.bool;
-      default = config.hardware.asahi.enable;
-      description = ''
-        Set up the Asahi DSP components so that the speakers and headphone jack
-        work properly and safely.
-      '';
-    };
-  };
-
-  config = let
-    cfg = config.hardware.asahi;
-  in lib.mkIf (cfg.setupAsahiSound && cfg.enable) (lib.mkMerge [
-    {
-      # can't be used by Asahi sound infrastructure
-      services.pulseaudio.enable = false;
-      # enable pipewire to run real-time and avoid audible glitches
-      security.rtkit.enable = true;
-      # set up pipewire with the supported capabilities (instead of pulseaudio)
-      # and asahi-audio configs and plugins
-      services.pipewire = {
-        enable = true;
-        alsa.enable = true;
-        pulse.enable = true;
-
-        configPackages = [ pkgs.asahi-audio ];
-
-        wireplumber = {
-          enable = true;
-
-          configPackages = [ pkgs.asahi-audio ];
-        };
-      };
-
-      # set up enivronment so that UCM configs are used as well
-      environment.variables.ALSA_CONFIG_UCM2 = "${pkgs.alsa-ucm-conf-asahi}/share/alsa/ucm2";
-      systemd.user.services.pipewire.environment.ALSA_CONFIG_UCM2 = config.environment.variables.ALSA_CONFIG_UCM2;
-      systemd.user.services.wireplumber.environment.ALSA_CONFIG_UCM2 = config.environment.variables.ALSA_CONFIG_UCM2;
-
-      # enable speakersafetyd to protect speakers
-      systemd.packages = [ pkgs.speakersafetyd ];
-      services.udev.packages = [ pkgs.speakersafetyd ];
-    }
-  ]);
-}

hosts/mac-nixos/apple-silicon-support/packages/alsa-ucm-conf-asahi/default.nix

@@ -1,22 +0,0 @@
-{ lib
-, fetchFromGitHub
-, alsa-ucm-conf
-}:
-
-(alsa-ucm-conf.overrideAttrs (oldAttrs: let
-  versionAsahi = "8";
-
-  srcAsahi = fetchFromGitHub {
-    # tracking: https://src.fedoraproject.org/rpms/alsa-ucm-asahi
-    owner = "AsahiLinux";
-    repo = "alsa-ucm-conf-asahi";
-    rev = "v${versionAsahi}";
-    hash = "sha256-FPrAzscc1ICSCQSqULaGLqG4UCq8GZU9XLV7TUSBBRM=";
-  };
-in {
-  name = "${oldAttrs.pname}-${oldAttrs.version}-asahi-${versionAsahi}";
-
-  postInstall = oldAttrs.postInstall or "" + ''
-    cp -r ${srcAsahi}/ucm2 $out/share/alsa
-  '';
-}))

hosts/mac-nixos/apple-silicon-support/packages/asahi-audio/default.nix

@@ -1,46 +0,0 @@
-{ stdenv
-, lib
-, fetchFromGitHub
-, lsp-plugins
-, bankstown-lv2
-, triforce-lv2
-}:
-
-stdenv.mkDerivation rec {
-  pname = "asahi-audio";
-  # tracking: https://src.fedoraproject.org/rpms/asahi-audio
-  version = "3.3";
-
-  src = fetchFromGitHub {
-    owner = "AsahiLinux";
-    repo = "asahi-audio";
-    rev = "v${version}";
-    hash = "sha256-p0M1pPxov+wSLT2F4G6y5NZpCXzbjZkzle+75zQ4xxU=";
-  };
-
-  preBuild = ''
-    export PREFIX=$out
-
-    readarray -t configs < <(\
-          find . \
-                -name '*.conf' -or \
-                -name '*.json' -or \
-                -name '*.lua'
-    )
-
-    substituteInPlace "''${configs[@]}" --replace \
-          "/usr/share/asahi-audio" \
-          "$out/asahi-audio"
-  '';
-
-  postInstall = ''
-    # no need to link the asahi-audio dir globally
-    mv $out/share/asahi-audio $out
-  '';
-
-  passthru.requiredLv2Packages = [
-    lsp-plugins
-    bankstown-lv2
-    triforce-lv2
-  ];
-}

hosts/mac-nixos/apple-silicon-support/packages/asahi-fwextract/default.nix

@@ -1,32 +0,0 @@
-{ lib
-, python3
-, fetchFromGitHub
-, gzip
-, gnutar
-, lzfse
-}:
-
-python3.pkgs.buildPythonApplication rec {
-  pname = "asahi-fwextract";
-  version = "0.7.8";
-
-  # tracking version: https://packages.fedoraproject.org/pkgs/asahi-installer/python3-asahi_firmware/
-  src = fetchFromGitHub {
-    owner = "AsahiLinux";
-    repo = "asahi-installer";
-    rev = "v${version}";
-    hash = "sha256-UmgHWKIRbcg9PK44YPPM4tyuEDC0+ANKO3Mzc4N9RHo=";
-  };
-
-  postPatch = ''
-    substituteInPlace asahi_firmware/img4.py \
-      --replace 'liblzfse.so' '${lzfse}/lib/liblzfse.so'
-    substituteInPlace asahi_firmware/update.py \
-      --replace '"tar"' '"${gnutar}/bin/tar"' \
-      --replace '"xf"' '"-x", "-I", "${gzip}/bin/gzip", "-f"'
-  '';
-
-  nativeBuildInputs = [ python3.pkgs.setuptools ];
-
-  doCheck = false;
-}

hosts/mac-nixos/apple-silicon-support/packages/linux-asahi/default.nix

@@ -1,104 +0,0 @@
-{ lib
-, callPackage
-, writeText
-, linuxPackagesFor
-, withRust ? true
-, _kernelPatches ? [ ]
-}:
-
-let
-  i = builtins.elemAt;
-
-  # parse <OPT> [ymn]|foo style configuration as found in a patch's extraConfig
-  # into a list of k, v tuples
-  parseExtraConfig = config:
-    let
-      lines =
-        builtins.filter (s: s != "") (lib.strings.splitString "\n" config);
-      parseLine = line: let
-        t = lib.strings.splitString " " line;
-        join = l: builtins.foldl' (a: b: "${a} ${b}")
-          (builtins.head l) (builtins.tail l);
-        v = if (builtins.length t) > 2 then join (builtins.tail t) else (i t 1);
-      in [ "CONFIG_${i t 0}" v ];
-    in map parseLine lines;
-
-  # parse <OPT>=lib.kernel.(yes|module|no)|lib.kernel.freeform "foo"
-  # style configuration as found in a patch's extraStructuredConfig into
-  # a list of k, v tuples
-  parseExtraStructuredConfig = config: lib.attrsets.mapAttrsToList
-    (k: v: [ "CONFIG_${k}" (v.tristate or v.freeform) ] ) config;
-
-  parsePatchConfig = { extraConfig ? "", extraStructuredConfig ? {}, ... }:
-    (parseExtraConfig extraConfig) ++
-    (parseExtraStructuredConfig extraStructuredConfig);
-
-  # parse CONFIG_<OPT>=[ymn]|"foo" style configuration as found in a config file
-  # into a list of k, v tuples
-  parseConfig = config:
-    let
-      parseLine = builtins.match ''(CONFIG_[[:upper:][:digit:]_]+)=(([ymn])|"([^"]*)")'';
-      # get either the [ymn] option or the "foo" option; whichever matched
-      t = l: let v = (i l 2); in [ (i l 0) (if v != null then v else (i l 3)) ];
-      lines = lib.strings.splitString "\n" config;
-    in map t (builtins.filter (l: l != null) (map parseLine lines));
-
-  origConfigfile = ./config;
-
-  linux-asahi-pkg = { stdenv, lib, fetchFromGitHub, fetchpatch, linuxKernel,
-      rustc, rust-bindgen, ... } @ args:
-    let
-      origConfigText = builtins.readFile origConfigfile;
-
-      # extraConfig from all patches in order
-      extraConfig =
-        lib.fold (patch: ex: ex ++ (parsePatchConfig patch)) [] _kernelPatches
-        ++ (lib.optional withRust [ "CONFIG_RUST" "y" ]);
-      # config file text for above
-      extraConfigText = let
-        text = k: v: if (v == "y") || (v == "m") || (v == "n")
-          then "${k}=${v}" else ''${k}="${v}"'';
-      in (map (t: text (i t 0) (i t 1)) extraConfig);
-
-      # final config as a text file path
-      configfile = if extraConfig == [] then origConfigfile else
-        writeText "config" ''
-          ${origConfigText}
-
-          # Patches
-          ${lib.strings.concatStringsSep "\n" extraConfigText}
-        '';
-      # final config as an attrset
-      configAttrs = let
-        makePair = t: lib.nameValuePair (i t 0) (i t 1);
-        configList = (parseConfig origConfigText) ++ extraConfig;
-      in builtins.listToAttrs (map makePair (lib.lists.reverseList configList));
-
-      # used to fix issues when nixpkgs gets ahead of the kernel
-      rustAtLeast = version: withRust && (lib.versionAtLeast rustc.version version);
-      bindgenAtLeast = version: withRust && (lib.versionAtLeast rust-bindgen.unwrapped.version version);
-    in
-    linuxKernel.manualConfig rec {
-      inherit stdenv lib;
-
-      version = "6.14.8-asahi";
-      modDirVersion = version;
-      extraMeta.branch = "6.14";
-
-      src = fetchFromGitHub {
-        # tracking: https://github.com/AsahiLinux/linux/tree/asahi-wip (w/ fedora verification)
-        owner = "AsahiLinux";
-        repo = "linux";
-        rev = "asahi-6.14.8-1";
-        hash = "sha256-JrWVw1FiF9LYMiOPm0QI0bg/CrZAMSSVcs4AWNDIH3Q=";
-      };
-
-      kernelPatches = [
-      ] ++ _kernelPatches;
-
-      inherit configfile;
-      config = configAttrs;
-    };
-
-  linux-asahi = (callPackage linux-asahi-pkg { });
-in lib.recurseIntoAttrs (linuxPackagesFor linux-asahi)

hosts/mac-nixos/apple-silicon-support/packages/m1n1/default.nix

@@ -1,110 +0,0 @@
-{ stdenv
-, buildPackages
-, lib
-, fetchFromGitHub
-, python3
-, dtc
-, imagemagick
-, isRelease ? false
-, withTools ? true
-, withChainloading ? false
-, customLogo ? null
-}:
-
-let
-  pyenv = python3.withPackages (p: with p; [
-    construct
-    pyserial
-  ]);
-
-  stdenvOpts = {
-    targetPlatform.system = "aarch64-none-elf";
-    targetPlatform.rust.rustcTarget = "${stdenv.hostPlatform.parsed.cpu.name}-unknown-none-softfloat";
-    targetPlatform.rust.rustcTargetSpec = "${stdenv.hostPlatform.parsed.cpu.name}-unknown-none-softfloat";
-  };
-  rust = buildPackages.rust.override {
-    stdenv = lib.recursiveUpdate buildPackages.stdenv stdenvOpts;
-  };
-  rustPackages = rust.packages.stable.overrideScope (f: p: {
-    rustc-unwrapped = p.rustc-unwrapped.override {
-      stdenv = lib.recursiveUpdate p.rustc-unwrapped.stdenv stdenvOpts;
-    };
-  });
-  rustPlatform = buildPackages.makeRustPlatform rustPackages;
-
-in stdenv.mkDerivation rec {
-  pname = "m1n1";
-  version = "1.4.21";
-
-  src = fetchFromGitHub {
-    # tracking: https://src.fedoraproject.org/rpms/m1n1
-    owner = "AsahiLinux";
-    repo = "m1n1";
-    rev = "v${version}";
-    hash = "sha256-PEjTaSwcsV8PzM9a3rDWMYXGX9FlrM0oeElrP5HYRPg=";
-    fetchSubmodules = true;
-  };
-  cargoVendorDir = ".";
-
-  makeFlags = [ "ARCH=${stdenv.cc.targetPrefix}" ]
-    ++ lib.optional isRelease "RELEASE=1"
-    ++ lib.optional withChainloading "CHAINLOADING=1";
-
-  nativeBuildInputs = [
-    dtc
-  ] ++ lib.optionals withChainloading [rustPackages.rustc rustPackages.cargo rustPlatform.cargoSetupHook]
-    ++ lib.optional (customLogo != null) imagemagick;
-
-  postPatch = ''
-    substituteInPlace proxyclient/m1n1/asm.py \
-      --replace 'aarch64-linux-gnu-' 'aarch64-unknown-linux-gnu-' \
-      --replace 'TOOLCHAIN = ""' 'TOOLCHAIN = "'$out'/toolchain-bin/"'
-  '';
-
-  preConfigure = lib.optionalString (customLogo != null) ''
-    pushd data &>/dev/null
-    ln -fs ${customLogo} bootlogo_256.png
-    if [[ "$(magick identify bootlogo_256.png)" != 'bootlogo_256.png PNG 256x256'* ]]; then
-      echo "Custom logo is not a 256x256 PNG"
-      exit 1
-    fi
-
-    rm bootlogo_128.png
-    convert bootlogo_256.png -resize 128x128 bootlogo_128.png
-    patchShebangs --build ./makelogo.sh
-    ./makelogo.sh
-    popd &>/dev/null
-  '';
-
-  installPhase = ''
-    runHook preInstall
-
-    mkdir -p $out/build
-    cp build/m1n1.bin $out/build
-  '' + (lib.optionalString withTools ''
-    mkdir -p $out/{bin,script,toolchain-bin}
-    cp -r proxyclient $out/script
-    cp -r tools $out/script
-
-    for toolpath in $out/script/proxyclient/tools/*.py; do
-      tool=$(basename $toolpath .py)
-      script=$out/bin/m1n1-$tool
-      cat > $script <<EOF
-#!/bin/sh
-${pyenv}/bin/python $toolpath "\$@"
-EOF
-      chmod +x $script
-    done
-
-    GCC=${buildPackages.gcc}
-    BINUTILS=${buildPackages.binutils-unwrapped}
-
-    ln -s $GCC/bin/${stdenv.cc.targetPrefix}gcc $out/toolchain-bin/
-    ln -s $GCC/bin/${stdenv.cc.targetPrefix}ld $out/toolchain-bin/
-    ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objcopy $out/toolchain-bin/
-    ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objdump $out/toolchain-bin/
-    ln -s $GCC/bin/${stdenv.cc.targetPrefix}nm $out/toolchain-bin/
-  '') + ''
-    runHook postInstall
-  '';
-}

hosts/mac-nixos/apple-silicon-support/packages/mesa-asahi-edge/default.nix

@@ -1,48 +0,0 @@
-{ lib
-, fetchFromGitLab
-, mesa
-}:
-
-(mesa.override {
-  galliumDrivers = [ "softpipe" "llvmpipe" "asahi" ];
-  vulkanDrivers = [ "swrast" "asahi" ];
-}).overrideAttrs (oldAttrs: {
-  version = "25.1.0-asahi";
-  src = fetchFromGitLab {
-    # tracking: https://pagure.io/fedora-asahi/mesa/commits/asahi
-    domain = "gitlab.freedesktop.org";
-    owner = "asahi";
-    repo = "mesa";
-    tag = "asahi-20250425";
-    hash = "sha256-3c3uewzKv5wL9BRwaVL4E3FnyA04veQwAPxfHiL7wII=";
-  };
-
-  mesonFlags =
-    let
-      badFlags = [
-        "-Dinstall-mesa-clc"
-        "-Dgallium-nine"
-        "-Dtools"
-      ];
-      isBadFlagList = f: builtins.map (b: lib.hasPrefix b f) badFlags;
-      isGoodFlag = f: !(builtins.foldl' (x: y: x || y) false (isBadFlagList f));
-    in
-    (builtins.filter isGoodFlag oldAttrs.mesonFlags) ++ [
-      # we do not build any graphics drivers these features can be enabled for
-      "-Dgallium-va=disabled"
-      "-Dgallium-vdpau=disabled"
-      "-Dgallium-xa=disabled"
-      "-Dtools=asahi"
-    ];
-
-  # replace patches with ones tweaked slightly to apply to this version
-  patches = [
-    ./opencl.patch
-  ];
-
-  postInstall = (oldAttrs.postInstall or "") + ''
-    # we don't build anything to go in this output but it needs to exist
-    touch $spirv2dxil
-    touch $cross_tools
-  '';
-})

hosts/mac-nixos/apple-silicon-support/packages/mesa-asahi-edge/opencl.patch

@@ -1,54 +0,0 @@
-diff --git a/meson.build b/meson.build
-index 07991a6..4c875b9 100644
---- a/meson.build
-+++ b/meson.build
-@@ -1900,7 +1900,7 @@ endif
-
- dep_clang = null_dep
- if with_clc or with_gallium_clover
--  llvm_libdir = dep_llvm.get_variable(cmake : 'LLVM_LIBRARY_DIR', configtool: 'libdir')
-+  llvm_libdir = get_option('clang-libdir')
-
-   dep_clang = cpp.find_library('clang-cpp', dirs : llvm_libdir, required : false)
-
-diff --git a/meson.options b/meson.options
-index 84e0f20..38ea92c 100644
---- a/meson.options
-+++ b/meson.options
-@@ -795,3 +795,10 @@ option(
-   value : false,
-   description : 'Install the drivers internal shader compilers (if needed for cross builds).'
- )
-+
-+option(
-+  'clang-libdir',
-+  type : 'string',
-+  value : '',
-+  description : 'Locations to search for clang libraries.'
-+)
-diff --git a/src/gallium/targets/opencl/meson.build b/src/gallium/targets/opencl/meson.build
-index ab2c835..a59e88e 100644
---- a/src/gallium/targets/opencl/meson.build
-+++ b/src/gallium/targets/opencl/meson.build
-@@ -56,7 +56,7 @@ if with_opencl_icd
-     configuration : _config,
-     input : 'mesa.icd.in',
-     output : 'mesa.icd',
--    install : true,
-+    install : false,
-     install_tag : 'runtime',
-     install_dir : join_paths(get_option('sysconfdir'), 'OpenCL', 'vendors'),
-   )
-diff --git a/src/gallium/targets/rusticl/meson.build b/src/gallium/targets/rusticl/meson.build
-index 2b214ad..7f91939 100644
---- a/src/gallium/targets/rusticl/meson.build
-+++ b/src/gallium/targets/rusticl/meson.build
-@@ -64,7 +64,7 @@ configure_file(
-   configuration : _config,
-   input : 'rusticl.icd.in',
-   output : 'rusticl.icd',
--  install : true,
-+  install : false,
-   install_tag : 'runtime',
-   install_dir : join_paths(get_option('sysconfdir'), 'OpenCL', 'vendors'),
- )

hosts/mac-nixos/apple-silicon-support/packages/overlay.nix

@@ -1,9 +0,0 @@
-final: prev: {
-  linux-asahi = final.callPackage ./linux-asahi { };
-  m1n1 = final.callPackage ./m1n1 { };
-  uboot-asahi = final.callPackage ./uboot-asahi { };
-  asahi-fwextract = final.callPackage ./asahi-fwextract { };
-  mesa-asahi-edge = final.callPackage ./mesa-asahi-edge { };
-  alsa-ucm-conf-asahi = final.callPackage ./alsa-ucm-conf-asahi { inherit (prev) alsa-ucm-conf; };
-  asahi-audio = final.callPackage ./asahi-audio { };
-}

hosts/mac-nixos/apple-silicon-support/packages/uboot-asahi/default.nix

@@ -1,44 +0,0 @@
-{ lib
-, fetchFromGitHub
-, buildUBoot
-, m1n1
-}:
-
-(buildUBoot rec {
-  src = fetchFromGitHub {
-    # tracking: https://pagure.io/fedora-asahi/uboot-tools/commits/main
-    owner = "AsahiLinux";
-    repo = "u-boot";
-    rev = "asahi-v2025.04-1";
-    hash = "sha256-/z37qj26AqsyEBsFT6UEN3GjG6KVsoJOoUB4s9BRDbE=";
-  };
-  version = "2025.04-1-asahi";
-
-  defconfig = "apple_m1_defconfig";
-  extraMeta.platforms = [ "aarch64-linux" ];
-  filesToInstall = [
-    "u-boot-nodtb.bin.gz"
-    "m1n1-u-boot.bin"
-  ];
-  extraConfig = ''
-    CONFIG_IDENT_STRING=" ${version}"
-    CONFIG_VIDEO_FONT_4X6=n
-    CONFIG_VIDEO_FONT_8X16=n
-    CONFIG_VIDEO_FONT_SUN12X22=n
-    CONFIG_VIDEO_FONT_16X32=y
-    CONFIG_CMD_BOOTMENU=y
-  '';
-}).overrideAttrs (o: {
-  # nixos's downstream patches are not applicable
-  patches = [ 
-  ];
-
-  # DTC= flag somehow breaks DTC compilation so we remove it
-  makeFlags = builtins.filter (s: (!(lib.strings.hasPrefix "DTC=" s))) o.makeFlags;
-
-  preInstall = ''
-    # compress so that m1n1 knows U-Boot's size and can find things after it
-    gzip -n u-boot-nodtb.bin
-    cat ${m1n1}/build/m1n1.bin arch/arm/dts/t[68]*.dtb u-boot-nodtb.bin.gz > m1n1-u-boot.bin
-  '';
-})

hosts/mac-nixos/boot.nix

@@ -1,34 +0,0 @@
-{ pkgs, lib, ... }:
-{
-  # Use the systemd-boot EFI boot loader.
-  boot = {
-    loader = {
-      systemd-boot = {
-        enable = true;
-        configurationLimit = 15;
-        consoleMode = lib.mkDefault "max";
-      };
-      efi.canTouchEfiVariables = lib.mkForce false;
-    };
-
-    kernelParams = [
-      "apple_dcp.show_notch=1"
-    ];
-
-    extraModprobeConfig = ''
-      options hid_apple iso_layout=0
-    '';
-
-    binfmt.registrations. "x86_64-linux" = {
-      magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
-      mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
-      openBinary = true;
-      interpreter = "${pkgs.box64}/bin/box64";
-      preserveArgvZero = true; 
-      matchCredentials = true;
-      fixBinary = false;
-    };
-  };
-
-  zramSwap.enable = true;
-}

hosts/mac-nixos/configuration.nix

@@ -1,70 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page, on
-# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-
-{ pkgs, lib, ... }:
-let
-  plasma = false;
-in
-{
-  imports = [
-    ./boot.nix
-    ./hardware-configuration.nix
-    ./networking.nix
-    ./services.nix
-  ];
-
-  hardware.asahi = {
-    enable = true;
-    useExperimentalGPUDriver = true;
-    peripheralFirmwareDirectory = ./firmware;
-    setupAsahiSound = true;
-  };
-
-  hardware.graphics.enable32Bit = lib.mkForce false;
-
-  nixpkgs.config.allowUnfree = true;
-  nixpkgs.config.allowUnsupportedSystem = true;
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.matt = {
-    isNormalUser = true;
-    extraGroups = [
-      "wheel"
-      "keys"
-      "networkmanager"
-      "ratbagd"
-      "input"
-      "scanner"
-      "lp"
-      "video"
-      "i2c"
-     ]; # Enable ‘sudo’ for the user.
-    shell = pkgs.zsh;
-    packages = with pkgs; [
-      firefox
-      tree
-      git
-      box64
-      prismlauncher
-      distrobox
-    ];
-  };
-
-  virtualisation = {
-    containers.enable = true;
-    podman.enable = true;
-  };
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    micro
-    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-    wget
-  ];
-
-  environment.sessionVariables = {
-    DBX_CONTAINER_MANAGER = "podman";
-  };
-}

hosts/mac-nixos/hardware-configuration.nix

@@ -1,78 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "uas" "sdhci_pci" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "none";
-      fsType = "tmpfs";
-    };
-
-  fileSystems."/root" =
-    { device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
-      fsType = "btrfs";
-      options = [ "compress=zstd" "noatime" "subvol=root" ];
-    };
-
-  fileSystems."/etc" =
-    { device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
-      fsType = "btrfs";
-      options = [ "compress=zstd" "noatime" "subvol=etc" ];
-    };
-
-  fileSystems."/tmp" =
-    { device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
-      fsType = "btrfs";
-      options = [ "compress=zstd" "noatime" "subvol=tmp" ];
-    };
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
-      fsType = "btrfs";
-      options = [ "compress=zstd" "noatime" "subvol=nix" ];
-    };
-
-  fileSystems."/var/log" =
-    { device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
-      fsType = "btrfs";
-      options = [ "compress=zstd" "noatime" "subvol=log" ];
-    };
-
-  fileSystems."/home" =
-    { device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
-      fsType = "btrfs";
-      options = [ "compress=zstd" "subvol=home" ];
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/23FA-AD3E";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
-
-  swapDevices = [
-    {
-      device = "/tmp/swapfile";
-      randomEncryption.enable = true;
-    }
-  ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
-}

hosts/mac-nixos/home.nix

@@ -1,14 +0,0 @@
-{ pkgs, ... }:
-{
-
-  home.username = "matt";
-  home.homeDirectory = "/home/matt";
-  home.stateVersion = "23.11";
-
-  home.packages = with pkgs; [
-    iw
-    iwd
-    orca-slicer
-    vscodium
-  ];
-}

hosts/mac-nixos/hyprland-settings.nix

@@ -1,44 +0,0 @@
-{
-  monitor = [
-    "eDP-1,3456x2234@60.00000,0x0,1.0,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98"
-  ];
-  
-  workspace = [
-    "name:firefox, monitor:eDP-1, default:false, special, class:(.*firefox.*)"
-    "name:discord, monitor:eDP-1, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
-    "name:steam, monitor:eDP-1, default:false, special, class:(.*[Ss]team.*)"
-  ];
-
-  windowRule = [
-    # "tag +fakefull, fullscreen: 0"
-    # "float, tag:fakefull"
-    # "size 3356 2160, tag:fakefull"
-    # "move 100 74, tag:fakefull"
-    # "noanim, tag:fakefull"
-    # "noblur, tag:fakefull"
-    # "norounding, tag:fakefull"
-    # "noshadow, tag:fakefull"
-    # "immediate, tag:fakefull"
-    # "noborder, tag:fakefull"
-    # "nodim, tag:fakefull"
-    # "idleinhibit, tag:fakefull"
-    "size 2160 3356, tag:horizonrdp"
-  ];
-
-  waybar = {
-    modules-right = [
-      "tray"
-      "temperature"
-      "temperature#gpu"
-      "keyboard-state#capslock"
-      "keyboard-state#numlock"
-      "wireplumber#sink"
-      # "wireplumber#source"
-      "bluetooth"
-      "network"
-      "clock"
-      "battery"
-      "custom/weather"
-    ];
-  };
-}

hosts/mac-nixos/networking.nix

@@ -1,37 +0,0 @@
-{ pkgs, lib, ... }:
-{
-  # Networking configs
-  networking = {
-    hostName = "macbook-pro-nixos";
-
-    wireless.iwd = {
-      enable = true;
-      settings = {
-        General = {
-            EnableNetworkConfiguration = true;
-        };
-        Rank = {
-          BandModifier2_4GHz = 1.0;
-          BandModifier5GHz = 5.0;
-          BandModifier6GHz = 10.0;
-        };
-        # DriverQuirks = {
-        #   PowerSaveDisable = "hci_bcm4377,brcmfmac";
-        # };
-        Network = {
-          AutoConnect = true;
-        };
-      };
-    };
-
-    # Enable Network Manager
-    networkmanager = {
-      enable = lib.mkForce false;
-      wifi = {
-        backend = lib.mkForce "iwd";
-        powersave = lib.mkDefault false;
-      };
-      settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
-    };
-  };
-}

hosts/mac-nixos/omnissa.nix

@@ -1,123 +0,0 @@
-{ stdenv
-, lib
-, buildFHSEnv
-, fetchurl
-, makeWrapper
-, gsettings-desktop-schemas
-, opensc
-, writeTextDir
-, configText ? ""
-}:
-
-let
-  version = "2503-8.15.0";
-  sysArch = "armhf";
-  mainProgram = "horizon-client";
-
-  wrapBinCommands = path: name: ''
-    makeWrapper "$out/${path}/${name}" "$out/bin/${name}_wrapper" \
-      --set GTK_THEME Adwaita \
-      --suffix XDG_DATA_DIRS : "${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name}" \
-      --suffix LD_LIBRARY_PATH : "$out/lib/omnissa/horizon:$out/lib/omnissa/horizon/vdpService:$out/lib/omnissa"
-  '';
-
-  omnissaHorizonClientFiles = stdenv.mkDerivation {
-    pname = "omnissa-horizon-armhf-files";
-    inherit version;
-
-    src = fetchurl {
-      url = "https://download3.omnissa.com/software/CART26FQ1_LIN_2503_TARBALL/Omnissa-Horizon-Client-Linux-2503-8.15.0-14256322247.tar.gz";
-      sha256 = "sha256-x98ITXF9xwzlPq375anQ2qBpMbZAcCqDVXBfvZPha7Q=";
-    };
-
-    nativeBuildInputs = [ makeWrapper ];
-
-    installPhase = ''
-      mkdir ext
-      tar -xzf $src
-      cd Omnissa-Horizon-Client-Linux-*/${sysArch}
-
-      mkdir -p ext
-      for archive in *.tar.gz; do
-        tar -C ext --strip-components=1 -xf "$archive"
-      done
-
-      chmod -R u+w ext/usr/lib
-
-      mkdir -p $out
-      mv ext/usr $out
-      mv ext/${sysArch}/lib $out/
-      mv ext/${sysArch}/include $out/
-
-      mkdir -p $out/lib/omnissa/horizon/pkcs11
-      ln -s ${opensc}/lib/pkcs11/opensc-pkcs11.so $out/lib/omnissa/horizon/pkcs11/libopenscpkcs11.so
-
-      chmod +x "$out/usr/bin/horizon-client"
-      ${wrapBinCommands "usr/bin" "horizon-client"}
-    '';
-  };
-
-  omnissaFHSUserEnv =
-    pname:
-    buildFHSEnv {
-      inherit pname version;
-
-      runScript = "${omnissaHorizonClientFiles}/bin/${pname}_wrapper";
-
-      targetPkgs = pkgs: with pkgs; [
-        atk
-        cairo
-        dbus
-        file
-        fontconfig
-        freetype
-        gdk-pixbuf
-        glib
-        gtk3
-        libjpeg
-        libpng
-        libpulseaudio
-        libtiff
-        libuuid
-        libv4l
-        libxml2
-        pango
-        pcsclite
-        pixman
-        udev
-        omnissaHorizonClientFiles
-        xorg.libX11
-        xorg.libXau
-        xorg.libXcursor
-        xorg.libXext
-        xorg.libXi
-        xorg.libXrandr
-        xorg.libXrender
-        xorg.libXtst
-        zlib
-
-        (writeTextDir "etc/omnissa/config" configText)
-      ];
-    };
-in
-stdenv.mkDerivation {
-  pname = "omnissa-horizon-client";
-  inherit version;
-
-  dontUnpack = true;
-
-  installPhase = ''
-    mkdir -p $out/bin
-    ln -s ${omnissaFHSUserEnv "horizon-client"}/bin/horizon-client $out/bin/
-    ln -s ${omnissaFHSUserEnv "horizon-eucusbarbitrator"}/bin/horizon-eucusbarbitrator $out/bin/
-  '';
-
-  passthru.unwrapped = omnissaHorizonClientFiles;
-
-  meta = {
-    description = "Omnissa Horizon Client for ARM";
-    homepage = "https://www.omnissa.com/products/horizon-8/";
-    license = lib.licenses.unfree;
-    platforms = [ "aarch64-linux" "armv7l-linux" ];
-  };
-}

hosts/mac-nixos/services.nix

@@ -1,83 +0,0 @@
-{ lib, ... }:
-{
-  services = {
-    auto-cpufreq = {
-      enable = true;
-      settings = {
-        # settings for when connected to a power source
-        charger = {
-          # see available governors by running: cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors
-          # preferred governor
-          governor = "performance";
-
-          # minimum cpu frequency (in kHz)
-          # example: for 800 MHz = 800000 kHz --> scaling_min_freq = 800000
-          # see conversion info: https://www.rapidtables.com/convert/frequency/mhz-to-hz.html
-          # to use this feature, uncomment the following line and set the value accordingly
-          # scaling_min_freq = 800000
-
-          # maximum cpu frequency (in kHz)
-          # example: for 1GHz = 1000 MHz = 1000000 kHz -> scaling_max_freq = 1000000
-          # see conversion info: https://www.rapidtables.com/convert/frequency/mhz-to-hz.html
-          # to use this feature, uncomment the following line and set the value accordingly
-          # scaling_max_freq = 1000000
-
-          # turbo boost setting. possible values: always, auto, never
-          turbo = "auto";
-        };
-        # settings for when using battery power
-        battery = {
-          # see available governors by running: cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors
-          # preferred governor
-          governor = "schedutil";
-
-          # minimum cpu frequency (in kHz)
-          # example: for 800 MHz = 800000 kHz --> scaling_min_freq = 800000
-          # see conversion info: https://www.rapidtables.com/convert/frequency/mhz-to-hz.html
-          # to use this feature, uncomment the following line and set the value accordingly
-          # scaling_min_freq = 800000
-
-          # maximum cpu frequency (in kHz)
-          # see conversion info: https://www.rapidtables.com/convert/frequency/mhz-to-hz.html
-          # example: for 1GHz = 1000 MHz = 1000000 kHz -> scaling_max_freq = 1000000
-          # to use this feature, uncomment the following line and set the value accordingly
-          # scaling_max_freq = 1000000
-
-          # turbo boost setting (always, auto, or never)
-          turbo = "auto";
-
-          # battery charging threshold
-          # reference: https://github.com/AdnanHodzic/auto-cpufreq/#battery-charging-thresholds
-          #enable_thresholds = true
-          #start_threshold = 20
-          #stop_threshold = 80
-        };
-      };
-    };
-  
-    displayManager = {
-      sddm = {
-        enable = lib.mkForce true;
-        wayland.enable = lib.mkForce true;
-      };
-      gdm.enable = lib.mkForce false;
-    };
-  
-    desktopManager = {
-      plasma6.enable = lib.mkForce false;
-      gnome.enable = lib.mkForce false;
-    };
-
-    logind = {
-      lidSwitch = "suspend";
-      lidSwitchExternalPower = "ignore";
-      powerKey = "suspend";
-      powerKeyLongPress = "poweroff";
-    };
-
-    # Enable Flatpak
-    flatpak.enable = lib.mkDefault false;
-
-    gvfs.enable = true;
-  };
-}

hosts/mac/configuration.nix

@@ -1,78 +0,0 @@
-{ pkgs, ... }:
-{
-  #nix run nix-darwin -- switch --flake ~/nix-config
-
-  # List packages installed in system profile. To search by name, run:
-  # $ nix-env -qaP | grep wget
-  environment.systemPackages = with pkgs; [
-    asitop
-    mas
-    python3
-    python3Packages.beautifulsoup4
-    python3Packages.requests
-    python3Packages.selenium
-    vim
-  ];
-
-  # Homebrew
-  homebrew.enable = true;
-  homebrew.casks = [
-    "spotify"
-    "protonvpn"
-    "omnissa-horizon-client"
-    "tg-pro"
-    "steam"
-    "orcaslicer"
-    "vscodium"
-    "epic-games"
-    "wine-stable"
-    "scroll-reverser"
-  ];
-
-  homebrew.masApps = {
-    Tailscale = 1475387142;
-    Infuse = 1136220934;
-    Amphetamine = 937984704;
-  };
-  # homebrew.global.autoUpdate = true;
-
-  security.pam.services.sudo_local.touchIdAuth = true;
-
-  # Auto upgrade nix package and the daemon service.
-  # services.nix-daemon.enable = true;
-  # nix.package = pkgs.nix;
-
-  # Necessary for using flakes on this system.
-  nix.settings.experimental-features = "nix-command flakes";
-
-  # Allow unfree
-  nixpkgs.config.allowUnfree = true;
-
-  # Create /etc/zshrc that loads the nix-darwin environment.
-  programs.zsh.enable = true;  # default shell on catalina
-
-  system = {
-    defaults = {
-      trackpad.Clicking = true;
-      dock.autohide = false;
-
-      NSGlobalDomain = {
-        AppleInterfaceStyle = "Dark";
-        "com.apple.mouse.tapBehavior" = 1;
-        "com.apple.keyboard.fnState" = false;
-      };
-    };
-
-    # Used for backwards compatibility, please read the changelog before changing.
-    # $ darwin-rebuild changelog
-    stateVersion = 5;
-  };
-
-  # The platform the configuration will be used on.
-  nixpkgs.hostPlatform = "aarch64-darwin";
-
-  users.users.mattjallen = {
-    name = "mattjallen";
-    home = "/Users/mattjallen";
-  };
-}

hosts/mac/home.nix

@@ -1,111 +0,0 @@
-{ ... }:
-let
-  shellAliases = {
-    update-switch = "darwin-rebuild switch --flake ~/nix-config";
-    update-flake = "nix flake update ~/nix-config";
-    ducks = "du -cksh * | sort -hr | head -n 15";
-  };
-
-  gitAliases = {
-    co = "checkout";
-    ci = "commit";
-    cia = "commit --amend";
-    s = "status";
-    st = "status";
-    b = "branch";
-    p = "pull --rebase";
-    pu = "push";
-  };
-in
-{
-  imports = [ ./trampoline-apps ];
-  # Home Manager needs a bit of information about you and the
-  # paths it should manage.
-  home.username = "mattjallen";
-  home.homeDirectory = "/Users/mattjallen";
-
-  # This value determines the Home Manager release that your
-  # configuration is compatible with. This helps avoid breakage
-  # when a new Home Manager release introduces backwards
-  # incompatible changes.
-  #
-  # You can update Home Manager without changing this value. See
-  # the Home Manager release notes for a list of state version
-  # changes in each release.
-  home.stateVersion = "23.11";
-
-  programs = {
-    # Let Home Manager install and manage itself.
-    home-manager = {
-      enable = true;
-    };
-
-    vscode = {
-      enable = true;
-    };
-
-    btop.enable = true;
-
-    zsh = {
-      enable = true;
-      enableCompletion = true;
-      autosuggestion.enable = true;
-      syntaxHighlighting.enable = true;
-
-      shellAliases = shellAliases;
-
-      oh-my-zsh = {
-        enable = true;
-        plugins = [ "git" ];
-        theme = "fishy";
-      };
-    };
-
-    librewolf = {
-      enable = true;
-      settings = {
-        "identity.fxaccounts.enabled" = true; # Enable Firefox Accounts
-        "privacy.clearOnShutdown.history" = false; # Disable clearing history on shutdown
-        "privacy.clearOnShutdown.downloads" = false; # Disable clearing downloads on shutdown
-        "privacy.clearOnShutdown.cache" = false; # Disable clearing cache on shutdown
-        "privacy.clearOnShutdown.cookiesAndStorage" = false; # Disable clearing cookies and storage on shutdown
-        "privacy.clearOnShutdown.cookies" = false; # Disable clearing cookies on shutdown
-        "privacy.clearOnShutdown_v2.cache" = false; # Disable clearing cache on shutdown
-        "privacy.clearOnShutdown_v2.cookiesAndStorage" = false; # Disable clearing cookies and storage on shutdown
-        "privacy.clearOnShutdown.formdata" = false; # Disable clearing form data on shutdown
-        "privacy.clearOnShutdown.offlineApps" = false; # Disable clearing offline apps on shutdown
-        "privacy.clearHistory.cache" = false; # Disable clearing cache on history clear
-        "privacy.clearHistory.cookiesAndStorage" = false; # Disable clearing cookies on history clear
-        "privacy.clearHistory.historyFormDataAndDownloads" = false; # Disable clearing history, form data, and downloads on history clear
-        "privacy.clearHistory.browsingHistoryAndDownloads" = false; # Disable clearing browsing history and downloads on history clear
-        "privacy.clearSiteData.cache" = false; # Disable clearing cache on site data clear
-        "privacy.clearSiteData.cookiesAndStorage" = false; # Disable clearing cookies on site data clear
-        "services.sync.prefs.sync.privacy.clearOnShutdown.cache" = true; # Enable syncing cache clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown.cookies" = true; # Enable syncing cookies clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown.downloads" = true; # Enable syncing downloads clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown.formdata" = true; # Enable syncing form data clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown.history" = true; # Enable syncing history clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps" = true; # Enable syncing offline apps clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown.sessions" = true; # Enable syncing sessions clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings" = true; # Enable syncing site settings clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown_v2.cache" = true; # Enable syncing cache clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown_v2.cookiesAndStorage" = true; # Enable syncing cookies clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown_v2.downloads" = true; # Enable syncing downloads clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; # Enable syncing form data clear on shutdown
-        "services.sync.prefs.sync.privacy.clearOnShutdown_v2.siteSettings" = true; # Enable syncing site settings clear on shutdown
-        "browser.newtabpage.activity-stream.feeds.topsites" = true; # Enable top sites on new tab page
-        "browser.newtabpage.activity-stream.topSitesRows" = 3; # Set number of rows for top sites on new tab page
-      };
-    };
-  };
-
-  programs.git = {
-    enable = true;
-    userName = "mjallen18";
-    userEmail = "matt.l.jallen@gmail.com";
-    aliases = gitAliases;
-  };
-
-  # Manage bug in compilations - who uses manpages in 2024 anyways? :P
-  manual.manpages.enable = false;
-}

hosts/mac/trampoline-apps/default.nix

@@ -1,25 +0,0 @@
-# Hook home-manager to make a trampoline for each app we install
-# from: https://github.com/nix-community/home-manager/issues/1341#issuecomment-1870352014
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-with lib;
-{
-  config = mkIf pkgs.stdenv.hostPlatform.isDarwin {
-    # Install MacOS applications to the user Applications folder. Also update Docked applications
-    home.extraActivationPath = with pkgs; [
-      rsync
-      dockutil
-      gawk
-    ];
-    home.activation.trampolineApps = hm.dag.entryAfter [ "writeBoundary" ] ''
-      ${builtins.readFile ./lib-bash/trampoline-apps.sh}
-      fromDir="$HOME/Applications/Home Manager Apps"
-      toDir="$HOME/Applications/Home Manager Trampolines"
-      sync_trampolines "$fromDir" "$toDir"
-    '';
-  };
-}

hosts/mac/trampoline-apps/lib-bash/trampoline-apps.sh

@@ -1,131 +0,0 @@
-# Utilities not in nixpkgs.
-plutil="/usr/bin/plutil"
-killall="/usr/bin/killall"
-osacompile="/usr/bin/osacompile"
-
-copyable_app_props=(
-  "CFBundleDevelopmentRegion"
-  "CFBundleDocumentTypes"
-  "CFBundleGetInfoString"
-  "CFBundleIconFile"
-  "CFBundleIdentifier"
-  "CFBundleInfoDictionaryVersion"
-  "CFBundleName"
-  "CFBundleShortVersionString"
-  "CFBundleURLTypes"
-  "NSAppleEventsUsageDescription"
-  "NSAppleScriptEnabled"
-  "NSDesktopFolderUsageDescription"
-  "NSDocumentsFolderUsageDescription"
-  "NSDownloadsFolderUsageDescription"
-  "NSPrincipalClass"
-  "NSRemovableVolumesUsageDescription"
-  "NSServices"
-  "UTExportedTypeDeclarations"
-)
-
-function sync_icons() {
-  local from="$1"
-  local to="$2"
-  from_resources="$from/Contents/Resources/"
-  to_resources="$to/Contents/Resources/"
-
-  find "$to_resources" -name "*.icns" -delete
-  rsync --include "*.icns" --exclude "*" --recursive "$from_resources" "$to_resources"
-}
-
-function copy_paths() {
-  local from="$1"
-  local to="$2"
-  local paths=("${@:3}")
-
-  keys=$(jq -n '$ARGS.positional' --args "${paths[@]}")
-  jqfilter="to_entries |[.[]| select(.key as \$item| \$keys | index(\$item) >= 0) ] | from_entries"
-
-  temp_dir=$(mktemp -d)
-  trap 'rm -rf "$temp_dir"' EXIT
-
-  pushd $temp_dir >/dev/null
-
-  cp "$from" "orig"
-  chmod u+w "orig"
-
-  cp "$to" "bare-wrapper"
-  chmod u+w "bare-wrapper"
-
-  $plutil -convert json -- "orig"
-  $plutil -convert json -- "bare-wrapper"
-  jq --argjson keys "$keys" "$jqfilter" <"orig" >"filtered"
-  cat "bare-wrapper" "filtered" | jq -s add >"final"
-  $plutil -convert xml1 -- "final"
-
-  cp "final" "$to"
-  popd >/dev/null
-}
-
-function sync_dock() {
-  # Make sure all environment variables are cleared that might affect dockutil
-  unset SUDO_USER
-
-  # Array of applications to sync
-  declare -a apps=("$@")
-
-  # Iterate through each provided app
-  for app_path in "${apps[@]}"; do
-    if [ -d "$app_path" ]; then
-      # Extract the name of the app from the path
-      app_name=$(basename "$app_path")
-      app_name=${app_name%.*} # Remove the '.app' extension
-      resolved_path=$(realpath "$app_path")
-
-      # Find the current Dock item for the app, if it exists
-      current_dock_item=$(dockutil --list --no-restart | grep "$app_name.app" | awk -F "\t" '{print $1}' || echo "")
-
-      if [ -n "$current_dock_item" ]; then
-        # The app is currently in the Dock, attempt to replace it
-        echo "Updating $app_name in Dock..."
-        dockutil --add "$resolved_path" --replacing "$current_dock_item" --no-restart
-      else
-        # The app is not in the Dock; you might choose to add it or do nothing
-        echo "$app_name is not currently in the Dock."
-      fi
-    else
-      echo "Warning: Provided path $app_path is not valid."
-    fi
-  done
-
-  # Restart the Dock to apply changes
-  $killall Dock
-}
-
-function mktrampoline() {
-  local app="$1"
-  local trampoline="$2"
-
-  if [[ ! -d $app ]]; then
-    echo "app path is not directory."
-    return 1
-  fi
-
-  cmd="do shell script \"open '$app'\""
-  $osacompile -o "$trampoline" -e "$cmd"
-  sync_icons "$app" "$trampoline"
-  copy_paths "$(realpath "$app/Contents/Info.plist")" "$(realpath "$trampoline/Contents/Info.plist")" "${copyable_app_props[@]}"
-}
-
-function sync_trampolines() {
-  [[ ! -d "$1" ]] && echo "Source directory does not exist" && return 1
-
-  if [[ -d "$2" ]]; then
-    rm -rf "$2"
-  fi
-  mkdir -p "$2"
-
-  apps=("$1"/*.app)
-
-  for app in "${apps[@]}"; do
-    trampoline="$2/$(basename "$app")"
-    mktrampoline "$app" "$trampoline"
-  done
-  sync_dock "${apps[@]}"
-}

hosts/nas/apps.nix

@@ -1,105 +0,0 @@
-{ pkgs, lib, ... }:
-let
-  settings = import ./settings.nix;
-in
-{
-  imports = [
-    ./apps/actual
-    ./apps/arrs
-    ./apps/crowdsec
-    ./apps/excalidraw
-    ./apps/gitea
-    ./apps/immich
-    ./apps/jellyfin
-    ./apps/jellyseerr
-    ./apps/lubelogger
-    ./apps/nextcloud
-    ./apps/ollama
-    ./apps/orca
-    ./apps/paperless
-    ./apps/traefik
-    ./apps/wyoming
-    ../../modules
-  ];
-
-  nas-apps = {
-    actual = {
-      enable = true;
-      port = 3333;
-      localAddress = "10.0.3.18";
-      dataDir = "/media/nas/ssd/nix-app-data/actual";
-      reverseProxy = {
-        enable = true;
-        host = "actual.mjallen.dev";
-        middlewares = [ "crowdsec" "whitelist-geoblock" ];
-      };
-    };
-
-    arrs = {
-      enable = true;
-      localAddress = "10.0.1.51";
-      downloadsDir = "/media/nas/ssd/ssd_app_data/downloads";
-      incompleteDownloadsDir = "/media/nas/ssd/ssd_app_data/downloads-incomplete";
-      moviesDir = "/media/nas/main/movies";
-      tvDir = "/media/nas/main/tv";
-      isosDir = "/media/nas/main/isos";
-      radarr = {
-        enable = true;
-        port = 7878;
-        dataDir = "/media/nas/ssd/nix-app-data/radarr";
-      };
-      sonarr = {
-        enable = true;
-        port = 8989;
-        dataDir = "/media/nas/ssd/nix-app-data/sonarr";
-      };
-      sabnzbd = {
-        enable = true;
-        port = 8280;
-        dataDir = "/media/nas/ssd/nix-app-data/sabnzbd";
-      };
-      deluge = {
-        enable = true;
-        port = 8112;
-      };
-      jackett = {
-        enable = true;
-        port = 9117;
-        dataDir = "/media/nas/ssd/nix-app-data/jackett";
-      };
-    };
-
-    crowdsec = {
-      enable = true;
-      port = 9898;
-      apiAddress = settings.hostAddress;
-      apiKey = "1daH89qmJ41r2Lpd9hvDw4sxtOAtBzaj3aKFOFqE";
-      dataDir = "/media/nas/ssd/nix-app-data/crowdsec";
-    };
-
-    gitea = {
-      enable = true;
-      httpPort = 3000;
-      sshPort = 2222;
-      localAddress = "10.0.4.18";
-      dataDir = "/media/nas/ssd/nix-app-data/gitea";
-      reverseProxy = {
-        enable = true;
-        host = "gitea.mjallen.dev";
-        middlewares = [ "crowdsec" "whitelist-geoblock" ];
-      };
-    };
-
-    free-games-claimer.enable = true;
-
-    manyfold.enable = true;
-
-    orca-slicer = {
-      enable = true;
-      httpPort = "3100";
-      httpsPort = "3101";
-    };
-
-    tdarr.enable = true;
-  };
-}

hosts/nas/apps/actual/default.nix

@@ -1,125 +0,0 @@
-{ config, pkgs, lib, ... }:
-with lib;
-let
-  cfg = config.nas-apps.actual;
-  settings = import ../settings.nix;
-  dataDir = "/data";
-  hostAddress = settings.hostAddress;
-  actualUserId = config.users.users.nix-apps.uid;
-  actualGroupId = config.users.groups.jallen-nas.gid;
-in
-{
-  imports = [ ./options.nix ];
-
-  config = mkIf cfg.enable {
-    containers.actual = {
-      autoStart = true;
-      privateNetwork = true;
-      hostAddress = hostAddress;
-      localAddress = cfg.localAddress;
-
-      bindMounts = {
-        ${dataDir} = {
-          hostPath = cfg.dataDir;
-          isReadOnly = false;
-        };
-      };
-
-      config = { lib, ... }:
-        {
-          services.actual = {
-            enable = true;
-            openFirewall = true;
-            settings = {
-              trustedProxies = [ hostAddress ];
-              port = cfg.port;
-              dataDir = dataDir;
-              serverFiles = "${dataDir}/server-files";
-              userFiles = "${dataDir}/user-files";
-            };
-          };
-
-          users.users.actual = {
-            isSystemUser = true;
-            uid = lib.mkForce actualUserId;
-            group = "actual";
-          };
-
-          users.groups = {
-            actual = {
-              gid = lib.mkForce actualGroupId;
-            };
-          };
-
-          # System packages
-          environment.systemPackages = with pkgs; [
-            sqlite
-          ];
-
-          # Create and set permissions for required directories
-          system.activationScripts.actual-dirs = ''
-            mkdir -p ${dataDir}
-            chown -R actual:actual ${dataDir}
-            chmod -R 0700 ${dataDir}
-          '';
-
-          systemd.services = {
-            actual = {            
-              environment.ACTUAL_CONFIG_PATH = lib.mkForce "${dataDir}/config.json";
-              serviceConfig = {
-                ExecStart = lib.mkForce "${pkgs.actual-server}/bin/actual-server --config ${dataDir}/config.json";
-                WorkingDirectory = lib.mkForce dataDir;
-                StateDirectory = lib.mkForce dataDir;
-                StateDirectoryMode = lib.mkForce 0700;
-                DynamicUser = lib.mkForce false;
-                ProtectSystem = lib.mkForce null;
-              };
-            };
-          };
-
-          networking = {
-            firewall = {
-              enable = true;
-              allowedTCPPorts = [ cfg.port ];
-            };
-            # Use systemd-resolved inside the container
-            # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
-            useHostResolvConf = lib.mkForce false;
-          };
-
-          services.resolved.enable = true;
-          system.stateVersion = "23.11";
-        };
-    };
-
-    services.traefik.dynamicConfigOptions = lib.mkIf cfg.reverseProxy.enable {
-      services.actual.loadBalancer.servers = [
-        {
-          url = "http://${cfg.localAddress}:${toString cfg.port}";
-        }
-      ];
-      routers.actual = {
-        entryPoints = [ "websecure" ];
-        rule = "Host(`${cfg.reverseProxy.host}`)";
-        service = "actual";
-        middlewares = cfg.reverseProxy.middlewares;
-        tls.certResolver = "letsencrypt";
-      };
-    };
-
-    networking = {
-      nat = {
-        forwardPorts = [
-          {
-            destination = "${cfg.localAddress}:${toString cfg.port}";
-            sourcePort = cfg.port;
-          }
-        ];
-      };
-      firewall = {
-        allowedTCPPorts = [ cfg.port ];
-        allowedUDPPorts = [ cfg.port ];
-      };
-    };
-  };
-}

hosts/nas/apps/actual/options.nix

@@ -1,37 +0,0 @@
-{ lib, ... }:
-with lib;
-{
-  options.nas-apps.actual = {
-    enable = mkEnableOption "actual service";
-
-    port = mkOption {
-      type = types.int;
-      default = 80;
-    };
-
-    localAddress = mkOption {
-      type = types.str;
-      default = "127.0.0.1";
-    };
-
-    dataDir = mkOption {
-      type = types.str;
-      default = "";
-    };
-
-    reverseProxy = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-      };
-      host = mkOption {
-        type = types.str;
-        default = "";
-      };
-      middlewares = mkOption {
-        type = with types; listOf str;
-        default = [ ];
-      };
-    };
-  };
-}

hosts/nas/apps/arrs/default.nix

@@ -1,237 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-with lib;
-let
-  cfg = config.nas-apps.arrs;
-  settings = import ../settings.nix;
-  radarrDataDir = "/var/lib/radarr";
-  downloadDir = "/downloads";
-  incompleteDir = "/downloads-incomplete";
-  sonarrDataDir = "/var/lib/sonarr";
-  sabnzbdConfig = "/var/lib/sabnzbd";
-  jackettDir = "/var/lib/jackett/.config/Jackett";
-  mediaDir = "/media";
-  arrUserId = config.users.users.nix-apps.uid;
-  arrGroupId = config.users.groups.jallen-nas.gid;
-  radarrPkg = pkgs.radarr;
-  sonarrPkg = pkgs.sonarr;
-  delugePkg = pkgs.deluge;
-  jackettPkg = pkgs.jackett;
-  sabnzbdPkg = pkgs.sabnzbd;
-in
-{
-  imports = [ ./options.nix ];
-
-  config = mkIf cfg.enable {
-    containers.arrs = {
-      autoStart = true;
-      privateNetwork = true;
-      hostAddress = settings.hostAddress;
-      localAddress = cfg.localAddress;
-
-      config =
-        {
-          pkgs,
-          lib,
-          ...
-        }:
-        {
-          nixpkgs.config.allowUnfree = true;
-
-          # Enable radarr service
-          services.radarr = {
-            enable = cfg.radarr.enable;
-            openFirewall = true;
-            user = "arrs";
-            group = "media";
-            dataDir = radarrDataDir;
-            package = radarrPkg;
-          };
-
-          # Enable Sonarr service
-          services.sonarr = {
-            enable = cfg.sonarr.enable;
-            openFirewall = true;
-            user = "arrs";
-            group = "media";
-            dataDir = sonarrDataDir;
-            package = sonarrPkg;
-          };
-
-          # Enable Sabnzbd service
-          services.sabnzbd = {
-            enable = cfg.sabnzbd.enable;
-            openFirewall = true;
-            user = "arrs";
-            group = "media";
-            configFile = "${sabnzbdConfig}/sabnzbd.ini";
-            package = sabnzbdPkg;
-          };
-
-          services.deluge = {
-            enable = cfg.deluge.enable;
-            user = "arrs";
-            group = "media";
-            openFirewall = true;
-            dataDir = "/media";
-            package = delugePkg;
-            web = {
-              enable = true;
-              port = cfg.deluge.port;
-              openFirewall = true;
-            };
-          };
-
-          services.jackett = {
-            enable = cfg.jackett.enable;
-            user = "arrs";
-            group = "media";
-            openFirewall = true;
-            package = jackettPkg;
-          };
-
-          # Create required users and groups
-          users.users.arrs = {
-            isSystemUser = true;
-            uid = lib.mkForce arrUserId;
-            group = "media";
-            extraGroups = [ "downloads" ];
-          };
-
-          users.groups = {
-            media = {
-              gid = lib.mkForce arrGroupId;
-            };
-            downloads = { };
-          };
-
-          # System packages
-          environment.systemPackages = with pkgs; [
-            glib
-            sqlite
-            mono
-            mediainfo
-            protonvpn-cli_2
-          ];
-
-          # Create and set permissions for required directories
-          system.activationScripts.arr-dirs = ''
-            mkdir -p ${radarrDataDir}
-            mkdir -p ${sonarrDataDir}
-            mkdir -p ${sabnzbdConfig}
-            mkdir -p ${downloadDir}
-            mkdir -p ${incompleteDir}
-            mkdir -p ${mediaDir}
-
-            chown -R arrs:media ${radarrDataDir}
-            chown -R arrs:media ${sonarrDataDir}
-            chown -R arrs:media ${sabnzbdConfig}
-            chown -R arrs:media ${downloadDir}
-            chown -R arrs:media ${incompleteDir}
-            chown -R arrs:media ${mediaDir}
-
-            chmod -R 775 ${radarrDataDir}
-            chmod -R 775 ${sonarrDataDir}
-            chmod -R 775 ${sabnzbdConfig}
-            chmod -R 775 ${downloadDir}
-            chmod -R 775 ${incompleteDir}
-            chmod -R 775 ${mediaDir}
-
-          '';
-
-          networking = {
-            firewall = {
-              enable = true;
-              allowedTCPPorts = [
-                cfg.radarr.port
-                cfg.sonarr.port
-                cfg.sabnzbd.port
-                8080
-              ];
-            };
-            # Use systemd-resolved inside the container
-            # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
-            useHostResolvConf = lib.mkForce false;
-          };
-
-          services.resolved.enable = true;
-          system.stateVersion = "23.11";
-        };
-
-      # Bind mount directories from host
-      bindMounts = {
-        "${radarrDataDir}" = {
-          hostPath = cfg.radarr.dataDir;
-          isReadOnly = false;
-        };
-        "${sonarrDataDir}" = {
-          hostPath = cfg.sonarr.dataDir;
-          isReadOnly = false;
-        };
-        "${sabnzbdConfig}" = {
-          hostPath = cfg.sabnzbd.dataDir;
-          isReadOnly = false;
-        };
-        "${downloadDir}" = {
-          hostPath = cfg.downloadsDir;
-          isReadOnly = false;
-        };
-        "${incompleteDir}" = {
-          hostPath = cfg.incompleteDownloadsDir;
-          isReadOnly = false;
-        };
-        "${jackettDir}" = {
-          hostPath = cfg.jackett.dataDir;
-          isReadOnly = false;
-        };
-        "/media/movies" = {
-          hostPath = cfg.moviesDir;
-          isReadOnly = false;
-        };
-        "/media/tv" = {
-          hostPath = cfg.tvDir;
-          isReadOnly = false;
-        };
-        "/media/isos" = {
-          hostPath = cfg.isosDir;
-          isReadOnly = false;
-        };
-      };
-    };
-
-    networking = {
-        nat = {
-        forwardPorts = [
-          {
-            destination = "${cfg.localAddress}:${toString cfg.radarr.port}";
-            sourcePort = cfg.radarr.port;
-          }
-          {
-            destination = "${cfg.localAddress}:${toString cfg.sonarr.port}";
-            sourcePort = cfg.sonarr.port;
-          }
-          {
-            destination = "${cfg.localAddress}:8080";
-            sourcePort = cfg.sabnzbd.port;
-          }
-          {
-            destination = "${cfg.localAddress}:${toString cfg.deluge.port}";
-            sourcePort = cfg.deluge.port;
-          }
-          {
-            destination = "${cfg.localAddress}:${toString cfg.jackett.port}";
-            sourcePort = cfg.jackett.port;
-          }
-        ];
-      };
-      firewall = {
-        allowedTCPPorts = [ cfg.radarr.port cfg.sonarr.port cfg.sabnzbd.port 8080 cfg.deluge.port cfg.jackett.port ];
-        allowedUDPPorts = [ cfg.radarr.port cfg.sonarr.port cfg.sabnzbd.port 8080 cfg.deluge.port cfg.jackett.port ];
-      };
-    };
-  };
-}