Attempt to fix custom package format

This is potentially temporary. But jellyfin-media-player has been
flagged as having a security problem by using an old version of
qtwebengine. So we'll maybe find time to try out delfin or maybe just
wait until the security issue gets fixed or maybe just use the web
browser. We have options

CLAUDE.md

@@ -10,7 +10,7 @@ This is a NixOS configuration repository using flakes, managing multiple machine
 
 ### Flake Structure
 - **flake.nix**: Main entry point defining inputs (nixpkgs, home-manager, plasma-manager, etc.) and outputs for multiple NixOS configurations
-- **Machines**: `nix-book`, `boxy`, `wixos` (WSL configuration)
+- **Machines**: `nix-book`, `boxy`, `wixos` (WSL configuration), `zix790prors`, `live-usb`, `johno-macbookpro` (Darwin/macOS)
 - **Home configurations**: Standalone home-manager configuration for user `johno`
 
 ### Directory Structure
@@ -28,6 +28,12 @@ The repository uses a custom "roles" system where each role is a NixOS module wi
 - `roles.users`: User account management
 - `roles.virtualisation`: Virtualization setup
 - `roles.kodi`: Kodi media center
+- `roles.nvidia`: NVIDIA GPU configuration
+- `roles.printing`: Printing support (CUPS)
+- `roles.spotifyd`: Spotify daemon
+- `roles.btrfs`: Btrfs filesystem configuration
+- `roles.nfs-mounts`: NFS mount configuration
+- `roles.darwin`: macOS-specific configurations
 
 Example role usage in machine configuration:
 ```nix
@@ -60,8 +66,9 @@ The repository also uses a modular home-manager role system for user-space confi
 **Role-Based Home Configurations:**
 - `home-desktop.nix`: Full-featured desktop for development workstations
 - `home-media-center.nix`: Living room media consumption and gaming setup (boxy)
-- `home-laptop-compact.nix`: Essential tools only, excludes office/media for storage constraints (nix-book)  
+- `home-laptop-compact.nix`: Essential tools only, excludes office/media for storage constraints (nix-book)
 - `home-live-usb.nix`: Minimal setup for live environments, no persistent services
+- `home-darwin-work.nix`: macOS work laptop configuration
 
 **Machine-Specific Role Usage:**
 - **nix-book**: Compact laptop → excludes office/media roles due to SSD space constraints
@@ -69,10 +76,13 @@ The repository also uses a modular home-manager role system for user-space confi
 - **zix790prors**: All-purpose workstation → full desktop experience with all roles enabled
 - **wixos**: WSL2 development → full desktop experience, inherits from zix790prors Windows host
 - **live-usb**: Temporary environment → only base + desktop roles, no persistent services
+- **johno-macbookpro**: macOS work laptop → Darwin-specific configuration with development tools
 
 ## Common Commands
 
 ### Building and Switching Configurations
+
+**NixOS (Linux):**
 ```bash
 # Build and switch to a specific machine configuration
 sudo nixos-rebuild switch --flake .#<hostname>
@@ -84,12 +94,22 @@ nixos-rebuild build --flake .#<hostname>
 home-manager switch --flake .#johno
 ```
 
+**Darwin (macOS):**
+```bash
+# Build and switch to Darwin configuration
+darwin-rebuild switch --flake .#johno-macbookpro
+
+# Build without switching
+darwin-rebuild build --flake .#johno-macbookpro
+```
+
 ### Available Machine Configurations
 - `nix-book`: Compact laptop with storage constraints, uses `home/home-laptop-compact.nix`
 - `boxy`: Shared living room media center/gaming desktop with AMD GPU, uses `home/home-media-center.nix`
 - `zix790prors`: Powerful all-purpose workstation (gaming, 3D modeling, development), dual-boots Windows 11 with shared btrfs /games partition, uses `home/home-desktop.nix`
 - `wixos`: WSL2 development environment running in Windows partition of zix790prors, uses `home/home-desktop.nix`
 - `live-usb`: Bootable ISO configuration, uses `home/home-live-usb.nix`
+- `johno-macbookpro`: macOS work laptop, uses `home/home-darwin-work.nix`
 
 ### Flake Operations
 ```bash
@@ -110,14 +130,28 @@ sudo ./bootstrap.sh <hostname>
 ```
 This script pulls from the remote git repository and applies the configuration.
 
+### Build Live USB ISO
+Use the provided script to build a bootable ISO:
+```bash
+./build-liveusb.sh
+```
+Creates an ISO suitable for Ventoy and other USB boot tools in `./result/iso/`.
+
 ## Development Workflow
 
 ### Adding New Machines
+
+**NixOS:**
 1. Create new directory in `machines/<hostname>/`
 2. Add `configuration.nix` with role assignments
 3. Include hardware-configuration.nix (generated by nixos-generate-config)
 4. Add nixosConfiguration to flake.nix outputs
 
+**Darwin (macOS):**
+1. Create new directory in `machines/<hostname>/`
+2. Add `configuration.nix` with Darwin role assignments
+3. Add darwinConfiguration to flake.nix outputs
+
 ### Adding New Roles
 1. Create directory in `roles/<role-name>/`
 2. Create `default.nix` with module definition using mkEnableOption

flake.lock

@@ -43,11 +43,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755914636,
+        "lastModified": 1759172751,
-        "narHash": "sha256-VJ+Gm6YsHlPfUCpmRQxvdiZW7H3YPSrdVOewQHAhZN8=",
+        "narHash": "sha256-E8W8sRXfrvkFW26GuuiWq6QfReU7m5+cngwHuRo/3jc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "8b55a6ac58b678199e5bba701aaff69e2b3281c0",
+        "rev": "12fa8548feefa9a10266ba65152fd1a787cdde8f",
         "type": "github"
       },
       "original": {
@@ -56,17 +56,37 @@
         "type": "github"
       }
     },
+    "nix-darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1758805352,
+        "narHash": "sha256-BHdc43Lkayd+72W/NXRKHzX5AZ+28F3xaUs3a88/Uew=",
+        "owner": "nix-darwin",
+        "repo": "nix-darwin",
+        "rev": "c48e963a5558eb1c3827d59d21c5193622a1477c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-darwin",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "nixos-wsl": {
       "inputs": {
         "flake-compat": "flake-compat",
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1755261305,
+        "lastModified": 1758785683,
-        "narHash": "sha256-EOqCupB5X5WoGVHVcfOZcqy0SbKWNuY3kq+lj1wHdu8=",
+        "narHash": "sha256-mRn51IeEBXeNh5a6xNLylk4PKBX0s/QQxgkEbYoPq/w=",
         "owner": "nix-community",
         "repo": "NixOS-WSL",
-        "rev": "203a7b463f307c60026136dd1191d9001c43457f",
+        "rev": "1bfb978f2f6261b6086e04af17f9418e1fe36d70",
         "type": "github"
       },
       "original": {
@@ -78,11 +98,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1754725699,
+        "lastModified": 1758277210,
-        "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=",
+        "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054",
+        "rev": "8eaee110344796db060382e15d3af0a9fc396e0e",
         "type": "github"
       },
       "original": {
@@ -94,11 +114,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1755615617,
+        "lastModified": 1759036355,
-        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
+        "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
+        "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127",
         "type": "github"
       },
       "original": {
@@ -118,11 +138,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754501628,
+        "lastModified": 1759157415,
-        "narHash": "sha256-FExJ54tVB5iu7Dh2tLcyCSWpaV+lmUzzWKZUkemwXvo=",
+        "narHash": "sha256-Fg8cOnVoIe0uQ38UpR6XZzRCwDsjjozVwfevW9yCLI0=",
         "owner": "nix-community",
         "repo": "plasma-manager",
-        "rev": "cca090f8115c4172b9aef6c5299ae784bdd5e133",
+        "rev": "df5b3e6da631f732c26c6044c7cccb8706b4f479",
         "type": "github"
       },
       "original": {
@@ -135,6 +155,7 @@
       "inputs": {
         "google-cookie-retrieval": "google-cookie-retrieval",
         "home-manager": "home-manager",
+        "nix-darwin": "nix-darwin",
         "nixos-wsl": "nixos-wsl",
         "nixpkgs": "nixpkgs_2",
         "plasma-manager": "plasma-manager"

flake.nix

@@ -4,6 +4,11 @@
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     nixos-wsl.url = "github:nix-community/NixOS-WSL/main";
+    
+    nix-darwin = {
+      url = "github:nix-darwin/nix-darwin";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
 
     home-manager = {
       url = "github:nix-community/home-manager";
@@ -23,8 +28,9 @@
   };
 
   outputs = { self, nixpkgs, nixos-wsl, ... } @ inputs: let
-    baseModules = [
+    nixosModules = [
       ./roles
+    ] ++ [
       inputs.home-manager.nixosModules.home-manager
       {
         home-manager.useGlobalPkgs = true;
@@ -37,10 +43,23 @@
         };
       }
     ];
+    darwinModules = [
+      ./roles/darwin.nix
+    ] ++ [
+      inputs.home-manager.darwinModules.home-manager
+      {
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.extraSpecialArgs = {
+          globalInputs = inputs;
+        };
+      }
+    ];
+
   in {
     nixosConfigurations.nix-book = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/nix-book/configuration.nix
         {
           home-manager.users.johno = {
@@ -57,7 +76,7 @@
 
     nixosConfigurations.boxy = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/boxy/configuration.nix
         inputs.home-manager.nixosModules.home-manager
         {
@@ -69,7 +88,7 @@
 
     nixosConfigurations.wixos = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         nixos-wsl.nixosModules.default
         ./machines/wixos/configuration.nix
         inputs.home-manager.nixosModules.home-manager
@@ -82,7 +101,7 @@
 
     nixosConfigurations.zix790prors = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/zix790prors/configuration.nix
         inputs.home-manager.nixosModules.home-manager
         {
@@ -95,7 +114,7 @@
     # Live USB ISO configuration
     nixosConfigurations.live-usb = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/live-usb/configuration.nix
         {
           home-manager.users.nixos = import ./home/home-live-usb.nix;
@@ -104,42 +123,16 @@
       ];
     };
 
-    # Standalone home-manager configurations for non-NixOS systems
+    # Darwin/macOS configurations
-    homeConfigurations."johno@desktop" = inputs.home-manager.lib.homeManagerConfiguration {
+    darwinConfigurations."blkfv4yf49kt7" = inputs.nix-darwin.lib.darwinSystem rec {
-      pkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
+      system = "aarch64-darwin";
-      modules = [
+      modules = darwinModules ++ [
-        inputs.plasma-manager.homeManagerModules.plasma-manager
+        ./machines/johno-macbookpro/configuration.nix
-        ./home/home-desktop.nix
+        {
+          home-manager.users.johno = import ./home/home-darwin-work.nix;
+          home-manager.extraSpecialArgs = { inherit system; };
+        }
       ];
-      extraSpecialArgs = {
-        system = "x86_64-linux";
-        globalInputs = inputs;
-      };
-    };
-
-    homeConfigurations."johno@laptop-compact" = inputs.home-manager.lib.homeManagerConfiguration {
-      pkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
-      modules = [
-        inputs.plasma-manager.homeManagerModules.plasma-manager
-        ./home/home-laptop-compact.nix
-      ];
-      extraSpecialArgs = {
-        system = "x86_64-linux";
-        globalInputs = inputs;
-      };
-    };
-
-    # Legacy configuration for backward compatibility
-    homeConfigurations."johno" = inputs.home-manager.lib.homeManagerConfiguration {
-      pkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
-      modules = [
-        inputs.plasma-manager.homeManagerModules.plasma-manager
-        ./home/home-desktop.nix
-      ];
-      extraSpecialArgs = {
-        system = "x86_64-linux";
-        globalInputs = inputs;
-      };
     };
   };
 }

home/home-darwin-work.nix

@@ -0,0 +1,56 @@
+{ config, lib, pkgs, globalInputs, system, ... }:
+
+let
+  customPkgs = pkgs.callPackage ../packages {};
+in
+{
+  # Provide arguments to role modules
+  _module.args = { inherit customPkgs; };
+  # Home Manager configuration for Darwin work laptop
+  # Corporate-friendly setup with essential development tools
+
+  home.username = lib.mkForce "johno";
+  home.homeDirectory = lib.mkForce "/Users/johno";
+  home.stateVersion = "24.05";
+
+  # Override Darwin-incompatible settings from base role
+  programs.rbw.settings.pinentry = lib.mkForce pkgs.pinentry_mac;
+
+  programs.bash.initExtra = ''
+    export NODE_EXTRA_CA_CERTS=/opt/homebrew/etc/ca-certificates/cert.pem
+    export COREPACK_NPM_REGISTRY=https://global.block-artifacts.com/artifactory/api/npm/square-npm/
+    export COREPACK_INTEGRITY_KEYS=0
+
+    export NVM_DIR="$HOME/.nvm"
+    [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
+    [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
+  '';
+
+  programs.zsh.enable = true;
+  programs.zsh.initContent = ''
+    export NODE_EXTRA_CA_CERTS=/opt/homebrew/etc/ca-certificates/cert.pem
+    export COREPACK_NPM_REGISTRY=https://global.block-artifacts.com/artifactory/api/npm/square-npm/
+    export COREPACK_INTEGRITY_KEYS=0
+    export NVM_DIR="$HOME/.nvm"
+    [ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" # This loads nvm
+    [ -s "$NVM_DIR/bash_completion" ] && . "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
+  '';
+
+  # Keep SSH and Git disabled to avoid conflicts with work environment
+  programs.ssh.enable = lib.mkForce false;
+  programs.git.enable = lib.mkForce false;
+  programs.rbw.enable = lib.mkForce false;
+
+  home.shell.enableShellIntegration = true;
+
+  home.roles = {
+    base.enable = true;
+  };
+
+  imports = [
+    ./roles
+    ./modules/emacs
+    ./modules/kubectl
+    ./modules/tmux
+  ];
+}

home/modules/emacs/default.nix

@@ -9,20 +9,28 @@ let
     rev = "8f55404781edacf66fa330205533b002de3fb5ee";
     sha256 = "sha256-vHwgENjip2+AFzs4oZfnKEAJKwf5Zid7fakImvxxQUw=";
   };
+
+  # Shared emacs packages
+  emacsPackages = epkgs: [
+    epkgs.vterm
+    epkgs.treesit-grammars.with-all-grammars
+  ];
+
+  # Default emacs configuration with vterm support
+  defaultEmacsPackage = 
+    if pkgs.stdenv.isDarwin 
+    then pkgs.emacs-macport.pkgs.withPackages emacsPackages
+    else pkgs.emacs.pkgs.withPackages emacsPackages;
 in
 {
   config = {
     home.packages = [
-      (pkgs.emacs.pkgs.withPackages (epkgs: [
-        epkgs.vterm
-      ]))
-
       pkgs.emacs-all-the-icons-fonts
       pkgs.fira-code
       pkgs.fontconfig
       pkgs.graphviz
       pkgs.isort
-      pkgs.libvterm # native vterm library
+      #pkgs.libvterm # native vterm library
       pkgs.nerd-fonts.fira-code
       pkgs.nerd-fonts.droid-sans-mono
       pkgs.nil # nix lsp language server
@@ -33,9 +41,18 @@ in
       pkgs.python3
     ];
 
+    programs.emacs = {
+      enable = true;
+      package = defaultEmacsPackage;
+    };
+
     fonts.fontconfig.enable = true;
 
-    home.file."${config.xdg.configHome}/emacs".source = doomEmacs;
+    # Mount emacs and tree-sitter grammars from nix store
+    home.file = {
+      "${config.xdg.configHome}/emacs".source = doomEmacs;
+    };
+
     home.sessionPath = [
       "${config.xdg.configHome}/emacs/bin"
     ];
@@ -45,15 +62,11 @@ in
       DOOMLOCALDIR = "${config.xdg.dataHome}/doom";
     };
 
+    # TODO: Use mkOutOfStoreSymlink instead?
     home.activation.doomConfig = lib.hm.dag.entryAfter ["writeBoundary"] ''
       # Always remove and recreate the symlink to ensure it points to the source directory
       rm -rf "${config.xdg.configHome}/doom"
       ln -sf "${config.home.homeDirectory}/nixos-configs/home/modules/emacs/doom" "${config.xdg.configHome}/doom"
-      
-      # Run doom sync to apply any configuration changes
-      if command -v doom >/dev/null 2>&1; then
-        doom sync
-      fi
     '';
   };
 }

home/modules/emacs/doom/config.el

@@ -54,6 +54,7 @@
 (setq org-directory "~/org/")
 (after! org
   (setq org-agenda-span 'week
+        org-agenda-start-with-log-mode t
         my-agenda-dirs '("projects" "roam")
         org-agenda-files (cons org-directory (mapcan (lambda (x) (directory-files-recursively
                                                                   (expand-file-name x org-directory)
@@ -72,6 +73,13 @@
           '(("t" "Todo" entry (file+headline "~/org/todo.org" "Inbox")
              "* TODO %? \n %i \n%a" :prepend t))))
 
+(map! :after org-agenda
+      :map org-agenda-mode-map
+      :localleader
+      (:prefix ("v" . "view")
+       "d" #'org-agenda-day-view
+       "w" #'org-agenda-week-view))
+
 ;; (use-package! org-caldav
 ;;   :defer t
 ;;   :config

home/modules/plasma-manager/default.nix

@@ -92,7 +92,7 @@
         "Window to Desktop 9" = "Meta+(";    # Meta+Shift+9
         "Window to Desktop 10" = "Meta+)";   # Meta+Shift+0
 
-        "view_actual_size" = "Meta+Ctrl+Equal";
+        "view_actual_size" = "Meta+Ctrl+=";
         "view_zoom_in" = ["Meta++" "Meta+=,Meta++" "Meta+=,Zoom In"];
         "view_zoom_out" = "Meta+-";
       };

home/roles/base/default.nix

@@ -12,8 +12,8 @@ in
 
   config = mkIf cfg.enable {
     home.packages = with pkgs; [
-      # Core CLI utilities
       fd
+      glances
       gzip
       htop
       killall
@@ -21,12 +21,7 @@ in
       ncdu
       shellcheck
       tmux
-      
+      tree
-      # Development/automation tools that are widely used
-      claude-code
-      codex
-      goose-cli
-      pandoc
     ];
 
     # Essential programs everyone needs
@@ -63,11 +58,11 @@ in
 
     programs.ssh = {
       enable = true;
-      addKeysToAgent = "yes";
       matchBlocks = {
         "nucdeb1" = {
           hostname = "nucdeb1.oglehome";
           user = "root";
+          addKeysToAgent = "yes";
         };
       };
     };
@@ -83,4 +78,4 @@ in
 
     # Note: modules must be imported at top-level home config
   };
-}
+}

home/roles/desktop/default.nix

@@ -41,6 +41,23 @@ in
       kdePackages.kaccounts-integration
       kdePackages.kaccounts-providers
       kdePackages.signond
+      
+      # KDE Mapping
+      kdePackages.marble  # Virtual globe and world atlas
+      
+      # KDE Productivity
+      kdePackages.kate        # Advanced text editor with syntax highlighting
+      kdePackages.okular      # Universal document viewer (PDF, ePub, etc.)
+      kdePackages.spectacle   # Screenshot capture utility
+      kdePackages.filelight   # Visual disk usage analyzer
+      
+      # KDE Multimedia
+      kdePackages.gwenview    # Image viewer and basic editor
+      kdePackages.elisa       # Music player
+      
+      # KDE System Utilities  
+      kdePackages.ark         # Archive manager (zip, tar, 7z, etc.)
+      kdePackages.yakuake     # Drop-down terminal emulator
     ];
 
     programs.firefox = {

home/roles/development/default.nix

@@ -12,6 +12,10 @@ in
 
   config = mkIf cfg.enable {
     home.packages = [
+      pkgs.claude-code
+      pkgs.codex
+      pkgs.goose-cli
+
       # Custom packages
       customPkgs.tea-rbw
     ];
@@ -20,4 +24,4 @@ in
 
     # Note: modules must be imported at top-level home config
   };
-}
+}

home/roles/media/default.nix

@@ -13,7 +13,9 @@ in
   config = mkIf cfg.enable {
     home.packages = with pkgs; [
       # Media players and streaming
-      jellyfin-media-player
+      # Using delfin instead of jellyfin-media-player to avoid qtwebengine security issues
+      # For full Jellyfin features, use web interface at http://jellyfin-server:8096
+      delfin
       moonlight-qt
       vlc
     ];

machines/johno-macbookpro/configuration.nix

@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Basic system configuration for macOS work laptop
+  system.stateVersion = 6;
+
+  # Set primary user for nix-darwin
+  system.primaryUser = "johno";
+
+  # System preferences (can be expanded later)
+  system.defaults = {
+    dock.autohide = true;
+    finder.AppleShowAllExtensions = true;
+    NSGlobalDomain.AppleShowAllExtensions = true;
+  };
+
+  # TODO: Find a way to not duplicate this
+  launchd.user.envVariables = {
+    # DOOM Emacs environment variables
+    DOOMDIR = "/Users/johno/.config/doom";
+    DOOMLOCALDIR = "/Users/johno/.local/doom";
+  };
+}

machines/zix790prors/configuration.nix

@@ -34,7 +34,7 @@ with lib;
 
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
-  boot.loader.systemd-boot.configurationLimit = 2; # Reduced to save /boot space (TODO Increase /boot partition size)
+  boot.loader.systemd-boot.configurationLimit = 20;
   boot.loader.efi.canTouchEfiVariables = true;
   boot.loader.timeout = 10;
 

machines/zix790prors/hardware-configuration.nix

@@ -14,7 +14,7 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/76B0-738E";
+    { device = "/dev/disk/by-uuid/11C1-EB58";
       fsType = "vfat";
       options = [ "fmask=0077" "dmask=0077" ];
     };

packages/app-launcher-server/app-launcher-server.py

@@ -0,0 +1,104 @@
+#!/usr/bin/env python3
+
+import json
+import logging
+import os
+import subprocess
+import sys
+from http.server import BaseHTTPRequestHandler, HTTPServer
+from urllib.parse import urlparse
+
+# Configure logging
+logging.basicConfig(
+    level=logging.INFO,
+    format='%(asctime)s - %(levelname)s - %(message)s'
+)
+logger = logging.getLogger(__name__)
+
+# Allowlisted applications that can be launched
+ALLOWED_APPS = {
+    'firefox': 'firefox',
+    'kodi': 'kodi'
+}
+
+class AppLauncherHandler(BaseHTTPRequestHandler):
+    def log_message(self, format, *args):
+        logger.info(format % args)
+
+    def do_GET(self):
+        if self.path == '/':
+            self.send_response(200)
+            self.send_header('Content-type', 'application/json')
+            self.end_headers()
+            response = {
+                'status': 'running',
+                'available_apps': list(ALLOWED_APPS.keys()),
+                'usage': 'POST /launch/<app_name> to launch an application'
+            }
+            self.wfile.write(json.dumps(response, indent=2).encode())
+        else:
+            self.send_error(404)
+
+    def do_POST(self):
+        parsed_path = urlparse(self.path)
+        path_parts = parsed_path.path.strip('/').split('/')
+
+        if len(path_parts) == 2 and path_parts[0] == 'launch':
+            app_name = path_parts[1]
+            self.launch_app(app_name)
+        else:
+            self.send_error(404, "Invalid endpoint. Use /launch/<app_name>")
+
+    def launch_app(self, app_name):
+        if app_name not in ALLOWED_APPS:
+            self.send_error(400, f"Application '{app_name}' not allowed. Available apps: {list(ALLOWED_APPS.keys())}")
+            return
+
+        command = ALLOWED_APPS[app_name]
+
+        try:
+            # Launch the application in the background
+            # Ensure we have the proper environment for GUI apps
+            env = os.environ.copy()
+
+            logger.info(f"Launching application: {command}")
+            process = subprocess.Popen(
+                [command],
+                env=env,
+                stdout=subprocess.DEVNULL,
+                stderr=subprocess.DEVNULL,
+                start_new_session=True
+            )
+
+            self.send_response(200)
+            self.send_header('Content-type', 'application/json')
+            self.end_headers()
+            response = {
+                'status': 'success',
+                'message': f'Successfully launched {app_name}',
+                'pid': process.pid
+            }
+            self.wfile.write(json.dumps(response).encode())
+
+        except FileNotFoundError:
+            logger.error(f"Application not found: {command}")
+            self.send_error(500, f"Application '{app_name}' not found on system")
+        except Exception as e:
+            logger.error(f"Error launching {command}: {e}")
+            self.send_error(500, f"Failed to launch {app_name}: {str(e)}")
+
+def main():
+    port = int(sys.argv[1]) if len(sys.argv) > 1 else 8081
+
+    server = HTTPServer(('0.0.0.0', port), AppLauncherHandler)
+    logger.info(f"App launcher server starting on port {port}")
+    logger.info(f"Available applications: {list(ALLOWED_APPS.keys())}")
+
+    try:
+        server.serve_forever()
+    except KeyboardInterrupt:
+        logger.info("Server shutting down...")
+        server.server_close()
+
+if __name__ == '__main__':
+    main()

packages/app-launcher-server/default.nix

@@ -0,0 +1,5 @@
+{ pkgs }:
+
+pkgs.writeShellScriptBin "app-launcher-server" ''
+  exec ${pkgs.python3}/bin/python3 ${./app-launcher-server.py} "$@"
+''

packages/default.nix

@@ -2,4 +2,5 @@
 {
   vulkanHDRLayer = pkgs.callPackage ./vulkan-hdr-layer {};
   tea-rbw = pkgs.callPackage ./tea-rbw {};
+  app-launcher-server = pkgs.callPackage ./app-launcher-server {};
 }

roles/darwin.nix

@@ -0,0 +1,84 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  # Extract the set-environment path that nix-darwin generates
+  setEnvironmentPath = "${config.system.build.setEnvironment}";
+in
+{
+  config = {
+    # Salt manages /etc/bashrc, /etc/zshrc, /etc/zshenv
+    # nix-darwin writes to .local variants for nix-specific configuration
+
+    # Disable nix-darwin from managing the main shell files
+    environment.etc."bashrc".enable = false;
+    environment.etc."zshrc".enable = false;
+    environment.etc."zshenv".enable = false;
+
+    # Create .local files with nix environment setup
+    environment.etc."bash.local".text = ''
+      # Nix environment setup
+      if [ -z "$__NIX_DARWIN_SET_ENVIRONMENT_DONE" ]; then
+        . ${setEnvironmentPath}
+      fi
+    '';
+
+    environment.etc."zshrc.local".text = ''
+      # Nix environment setup (already done in zshenv.local)
+    '';
+
+    environment.etc."zshenv.local".text = ''
+      # Nix environment setup
+      if [[ -o rcs ]]; then
+        if [ -z "''${__NIX_DARWIN_SET_ENVIRONMENT_DONE-}" ]; then
+          . ${setEnvironmentPath}
+        fi
+
+        # Tell zsh how to find installed completions
+        for p in ''${(z)NIX_PROFILES}; do
+          fpath=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions $fpath)
+        done
+      fi
+    '';
+
+    time.timeZone = "America/Los_Angeles";
+
+    environment.systemPackages = with pkgs; [
+      git
+      glances
+      pciutils
+      tree
+      usbutils
+      vim
+    ];
+
+    nix = {
+      package = pkgs.nix;
+      # distributedBuilds = true;
+      # buildMachines = [{
+      #   hostName = "z790prors.oglehome";
+      #   system = "x86_64-linux";
+      #   protocol = "ssh-ng";
+      #   sshUser = "johno";
+      #   sshKey = "/root/.ssh/id_ed25519";
+      #   maxJobs = 3;
+      #   speedFactor = 2;
+      # }];
+      settings = {
+        experimental-features = [ "nix-command" "flakes" ];
+        max-jobs = "auto";
+        trusted-users = [ "johno" ];
+        substituters = [
+        ];
+      };
+
+      gc = {
+        automatic = true;
+        options = "--delete-older-than 10d";
+      };
+    };
+
+    nixpkgs.config.allowUnfree = true;
+  };
+}

roles/kodi/default.nix

@@ -4,6 +4,7 @@ with lib;
 
 let
   cfg = config.roles.kodi;
+  customPkgs = pkgs.callPackage ../../packages {};
 in
 {
   options.roles.kodi = {
@@ -14,6 +15,18 @@ in
     wayland = mkOption {
       default = true;
     };
+    appLauncherServer = {
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Enable HTTP app launcher server for remote control";
+      };
+      port = mkOption {
+        type = types.int;
+        default = 8081;
+        description = "Port for the app launcher HTTP server";
+      };
+    };
   };
 
 
@@ -33,17 +46,35 @@ in
       };
 
       networking.firewall = {
-        allowedTCPPorts = [ 8080 ];
+        allowedTCPPorts = [ 8080 ] ++ optional cfg.appLauncherServer.enable cfg.appLauncherServer.port;
         allowedUDPPorts = [ 8080 ];
       };
 
       environment.systemPackages = with pkgs; [
         kodiPkg
         wget
-      ];
+        firefox
+      ] ++ optional cfg.appLauncherServer.enable customPkgs.app-launcher-server;
 
       programs.kdeconnect.enable = true;
 
+      systemd.user.services = mkIf cfg.appLauncherServer.enable {
+        app-launcher-server = {
+          description = "HTTP App Launcher Server";
+          wantedBy = [ "graphical-session.target" ];
+          after = [ "graphical-session.target" ];
+          serviceConfig = {
+            Type = "simple";
+            ExecStart = "${customPkgs.app-launcher-server}/bin/app-launcher-server ${toString cfg.appLauncherServer.port}";
+            Restart = "always";
+            RestartSec = "5s";
+            Environment = [
+              "PATH=${pkgs.firefox}/bin:${kodiPkg}/bin:/run/current-system/sw/bin"
+            ];
+          };
+        };
+      };
+
       services = if cfg.autologin then {
           displayManager = {
             autoLogin.enable = true;