Attempt to fix custom package format

This is potentially temporary. But jellyfin-media-player has been
flagged as having a security problem by using an old version of
qtwebengine. So we'll maybe find time to try out delfin or maybe just
wait until the security issue gets fixed or maybe just use the web
browser. We have options

CLAUDE.md

@@ -10,7 +10,7 @@ This is a NixOS configuration repository using flakes, managing multiple machine
 
 ### Flake Structure
 - **flake.nix**: Main entry point defining inputs (nixpkgs, home-manager, plasma-manager, etc.) and outputs for multiple NixOS configurations
-- **Machines**: `nix-book`, `boxy`, `wixos` (WSL configuration)
+- **Machines**: `nix-book`, `boxy`, `wixos` (WSL configuration), `zix790prors`, `live-usb`, `johno-macbookpro` (Darwin/macOS)
 - **Home configurations**: Standalone home-manager configuration for user `johno`
 
 ### Directory Structure
@@ -28,6 +28,12 @@ The repository uses a custom "roles" system where each role is a NixOS module wi
 - `roles.users`: User account management
 - `roles.virtualisation`: Virtualization setup
 - `roles.kodi`: Kodi media center
+- `roles.nvidia`: NVIDIA GPU configuration
+- `roles.printing`: Printing support (CUPS)
+- `roles.spotifyd`: Spotify daemon
+- `roles.btrfs`: Btrfs filesystem configuration
+- `roles.nfs-mounts`: NFS mount configuration
+- `roles.darwin`: macOS-specific configurations
 
 Example role usage in machine configuration:
 ```nix
@@ -62,6 +68,7 @@ The repository also uses a modular home-manager role system for user-space confi
 - `home-media-center.nix`: Living room media consumption and gaming setup (boxy)
 - `home-laptop-compact.nix`: Essential tools only, excludes office/media for storage constraints (nix-book)
 - `home-live-usb.nix`: Minimal setup for live environments, no persistent services
+- `home-darwin-work.nix`: macOS work laptop configuration
 
 **Machine-Specific Role Usage:**
 - **nix-book**: Compact laptop → excludes office/media roles due to SSD space constraints
@@ -69,10 +76,13 @@ The repository also uses a modular home-manager role system for user-space confi
 - **zix790prors**: All-purpose workstation → full desktop experience with all roles enabled
 - **wixos**: WSL2 development → full desktop experience, inherits from zix790prors Windows host
 - **live-usb**: Temporary environment → only base + desktop roles, no persistent services
+- **johno-macbookpro**: macOS work laptop → Darwin-specific configuration with development tools
 
 ## Common Commands
 
 ### Building and Switching Configurations
+
+**NixOS (Linux):**
 ```bash
 # Build and switch to a specific machine configuration
 sudo nixos-rebuild switch --flake .#<hostname>
@@ -84,12 +94,22 @@ nixos-rebuild build --flake .#<hostname>
 home-manager switch --flake .#johno
 ```
 
+**Darwin (macOS):**
+```bash
+# Build and switch to Darwin configuration
+darwin-rebuild switch --flake .#johno-macbookpro
+
+# Build without switching
+darwin-rebuild build --flake .#johno-macbookpro
+```
+
 ### Available Machine Configurations
 - `nix-book`: Compact laptop with storage constraints, uses `home/home-laptop-compact.nix`
 - `boxy`: Shared living room media center/gaming desktop with AMD GPU, uses `home/home-media-center.nix`
 - `zix790prors`: Powerful all-purpose workstation (gaming, 3D modeling, development), dual-boots Windows 11 with shared btrfs /games partition, uses `home/home-desktop.nix`
 - `wixos`: WSL2 development environment running in Windows partition of zix790prors, uses `home/home-desktop.nix`
 - `live-usb`: Bootable ISO configuration, uses `home/home-live-usb.nix`
+- `johno-macbookpro`: macOS work laptop, uses `home/home-darwin-work.nix`
 
 ### Flake Operations
 ```bash
@@ -110,14 +130,28 @@ sudo ./bootstrap.sh <hostname>
 ```
 This script pulls from the remote git repository and applies the configuration.
 
+### Build Live USB ISO
+Use the provided script to build a bootable ISO:
+```bash
+./build-liveusb.sh
+```
+Creates an ISO suitable for Ventoy and other USB boot tools in `./result/iso/`.
+
 ## Development Workflow
 
 ### Adding New Machines
+
+**NixOS:**
 1. Create new directory in `machines/<hostname>/`
 2. Add `configuration.nix` with role assignments
 3. Include hardware-configuration.nix (generated by nixos-generate-config)
 4. Add nixosConfiguration to flake.nix outputs
 
+**Darwin (macOS):**
+1. Create new directory in `machines/<hostname>/`
+2. Add `configuration.nix` with Darwin role assignments
+3. Add darwinConfiguration to flake.nix outputs
+
 ### Adding New Roles
 1. Create directory in `roles/<role-name>/`
 2. Create `default.nix` with module definition using mkEnableOption
@@ -137,3 +171,7 @@ This script pulls from the remote git repository and applies the configuration.
 - **SSH**: OpenSSH enabled on all configurations
 - **Garbage collection**: Automatic, deletes older than 10 days
 - **Unfree packages**: Allowed globally
+
+## Important Notes
+
+- **Sudo access**: Claude Code does not have sudo access. Ask the user to run elevated commands like `sudo nixos-rebuild switch`

flake.lock

@@ -43,11 +43,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755914636,
+        "lastModified": 1759172751,
-        "narHash": "sha256-VJ+Gm6YsHlPfUCpmRQxvdiZW7H3YPSrdVOewQHAhZN8=",
+        "narHash": "sha256-E8W8sRXfrvkFW26GuuiWq6QfReU7m5+cngwHuRo/3jc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "8b55a6ac58b678199e5bba701aaff69e2b3281c0",
+        "rev": "12fa8548feefa9a10266ba65152fd1a787cdde8f",
         "type": "github"
       },
       "original": {
@@ -56,17 +56,37 @@
         "type": "github"
       }
     },
+    "nix-darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1758805352,
+        "narHash": "sha256-BHdc43Lkayd+72W/NXRKHzX5AZ+28F3xaUs3a88/Uew=",
+        "owner": "nix-darwin",
+        "repo": "nix-darwin",
+        "rev": "c48e963a5558eb1c3827d59d21c5193622a1477c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-darwin",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "nixos-wsl": {
       "inputs": {
         "flake-compat": "flake-compat",
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1755261305,
+        "lastModified": 1758785683,
-        "narHash": "sha256-EOqCupB5X5WoGVHVcfOZcqy0SbKWNuY3kq+lj1wHdu8=",
+        "narHash": "sha256-mRn51IeEBXeNh5a6xNLylk4PKBX0s/QQxgkEbYoPq/w=",
         "owner": "nix-community",
         "repo": "NixOS-WSL",
-        "rev": "203a7b463f307c60026136dd1191d9001c43457f",
+        "rev": "1bfb978f2f6261b6086e04af17f9418e1fe36d70",
         "type": "github"
       },
       "original": {
@@ -78,11 +98,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1754725699,
+        "lastModified": 1758277210,
-        "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=",
+        "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054",
+        "rev": "8eaee110344796db060382e15d3af0a9fc396e0e",
         "type": "github"
       },
       "original": {
@@ -94,11 +114,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1755615617,
+        "lastModified": 1759036355,
-        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
+        "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
+        "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127",
         "type": "github"
       },
       "original": {
@@ -118,11 +138,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754501628,
+        "lastModified": 1759157415,
-        "narHash": "sha256-FExJ54tVB5iu7Dh2tLcyCSWpaV+lmUzzWKZUkemwXvo=",
+        "narHash": "sha256-Fg8cOnVoIe0uQ38UpR6XZzRCwDsjjozVwfevW9yCLI0=",
         "owner": "nix-community",
         "repo": "plasma-manager",
-        "rev": "cca090f8115c4172b9aef6c5299ae784bdd5e133",
+        "rev": "df5b3e6da631f732c26c6044c7cccb8706b4f479",
         "type": "github"
       },
       "original": {
@@ -135,6 +155,7 @@
       "inputs": {
         "google-cookie-retrieval": "google-cookie-retrieval",
         "home-manager": "home-manager",
+        "nix-darwin": "nix-darwin",
         "nixos-wsl": "nixos-wsl",
         "nixpkgs": "nixpkgs_2",
         "plasma-manager": "plasma-manager"

flake.nix

@@ -5,6 +5,11 @@
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     nixos-wsl.url = "github:nix-community/NixOS-WSL/main";
     
+    nix-darwin = {
+      url = "github:nix-darwin/nix-darwin";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -23,8 +28,9 @@
   };
 
   outputs = { self, nixpkgs, nixos-wsl, ... } @ inputs: let
-    baseModules = [
+    nixosModules = [
       ./roles
+    ] ++ [
       inputs.home-manager.nixosModules.home-manager
       {
         home-manager.useGlobalPkgs = true;
@@ -37,10 +43,23 @@
         };
       }
     ];
+    darwinModules = [
+      ./roles/darwin.nix
+    ] ++ [
+      inputs.home-manager.darwinModules.home-manager
+      {
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.extraSpecialArgs = {
+          globalInputs = inputs;
+        };
+      }
+    ];
+
   in {
     nixosConfigurations.nix-book = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/nix-book/configuration.nix
         {
           home-manager.users.johno = {
@@ -57,7 +76,7 @@
 
     nixosConfigurations.boxy = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/boxy/configuration.nix
         inputs.home-manager.nixosModules.home-manager
         {
@@ -69,7 +88,7 @@
 
     nixosConfigurations.wixos = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         nixos-wsl.nixosModules.default
         ./machines/wixos/configuration.nix
         inputs.home-manager.nixosModules.home-manager
@@ -82,7 +101,7 @@
 
     nixosConfigurations.zix790prors = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/zix790prors/configuration.nix
         inputs.home-manager.nixosModules.home-manager
         {
@@ -95,7 +114,7 @@
     # Live USB ISO configuration
     nixosConfigurations.live-usb = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/live-usb/configuration.nix
         {
           home-manager.users.nixos = import ./home/home-live-usb.nix;
@@ -104,42 +123,16 @@
       ];
     };
 
-    # Standalone home-manager configurations for non-NixOS systems
+    # Darwin/macOS configurations
-    homeConfigurations."johno@desktop" = inputs.home-manager.lib.homeManagerConfiguration {
+    darwinConfigurations."blkfv4yf49kt7" = inputs.nix-darwin.lib.darwinSystem rec {
-      pkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
+      system = "aarch64-darwin";
-      modules = [
+      modules = darwinModules ++ [
-        inputs.plasma-manager.homeManagerModules.plasma-manager
+        ./machines/johno-macbookpro/configuration.nix
-        ./home/home-desktop.nix
+        {
+          home-manager.users.johno = import ./home/home-darwin-work.nix;
+          home-manager.extraSpecialArgs = { inherit system; };
+        }
       ];
-      extraSpecialArgs = {
-        system = "x86_64-linux";
-        globalInputs = inputs;
-      };
-    };
-
-    homeConfigurations."johno@laptop-compact" = inputs.home-manager.lib.homeManagerConfiguration {
-      pkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
-      modules = [
-        inputs.plasma-manager.homeManagerModules.plasma-manager
-        ./home/home-laptop-compact.nix
-      ];
-      extraSpecialArgs = {
-        system = "x86_64-linux";
-        globalInputs = inputs;
-      };
-    };
-
-    # Legacy configuration for backward compatibility
-    homeConfigurations."johno" = inputs.home-manager.lib.homeManagerConfiguration {
-      pkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
-      modules = [
-        inputs.plasma-manager.homeManagerModules.plasma-manager
-        ./home/home-desktop.nix
-      ];
-      extraSpecialArgs = {
-        system = "x86_64-linux";
-        globalInputs = inputs;
-      };
     };
   };
 }

home/home-darwin-work.nix

@@ -0,0 +1,56 @@
+{ config, lib, pkgs, globalInputs, system, ... }:
+
+let
+  customPkgs = pkgs.callPackage ../packages {};
+in
+{
+  # Provide arguments to role modules
+  _module.args = { inherit customPkgs; };
+  # Home Manager configuration for Darwin work laptop
+  # Corporate-friendly setup with essential development tools
+
+  home.username = lib.mkForce "johno";
+  home.homeDirectory = lib.mkForce "/Users/johno";
+  home.stateVersion = "24.05";
+
+  # Override Darwin-incompatible settings from base role
+  programs.rbw.settings.pinentry = lib.mkForce pkgs.pinentry_mac;
+
+  programs.bash.initExtra = ''
+    export NODE_EXTRA_CA_CERTS=/opt/homebrew/etc/ca-certificates/cert.pem
+    export COREPACK_NPM_REGISTRY=https://global.block-artifacts.com/artifactory/api/npm/square-npm/
+    export COREPACK_INTEGRITY_KEYS=0
+
+    export NVM_DIR="$HOME/.nvm"
+    [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
+    [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
+  '';
+
+  programs.zsh.enable = true;
+  programs.zsh.initContent = ''
+    export NODE_EXTRA_CA_CERTS=/opt/homebrew/etc/ca-certificates/cert.pem
+    export COREPACK_NPM_REGISTRY=https://global.block-artifacts.com/artifactory/api/npm/square-npm/
+    export COREPACK_INTEGRITY_KEYS=0
+    export NVM_DIR="$HOME/.nvm"
+    [ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" # This loads nvm
+    [ -s "$NVM_DIR/bash_completion" ] && . "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
+  '';
+
+  # Keep SSH and Git disabled to avoid conflicts with work environment
+  programs.ssh.enable = lib.mkForce false;
+  programs.git.enable = lib.mkForce false;
+  programs.rbw.enable = lib.mkForce false;
+
+  home.shell.enableShellIntegration = true;
+
+  home.roles = {
+    base.enable = true;
+  };
+
+  imports = [
+    ./roles
+    ./modules/emacs
+    ./modules/kubectl
+    ./modules/tmux
+  ];
+}

home/home-laptop-compact.nix

@@ -19,10 +19,10 @@ in
     desktop.enable = true;
     development.enable = true;
     communication.enable = true;
-    sync.enable = true;
     kdeconnect.enable = true;
+    media.enable = true;
+    sync.enable = true;
     # office.enable = false;  # Excluded for storage constraints
-    # media.enable = false;   # Excluded for storage constraints  
   };
 
   targets.genericLinux.enable = true;

home/modules/emacs/default.nix

@@ -9,20 +9,28 @@ let
     rev = "8f55404781edacf66fa330205533b002de3fb5ee";
     sha256 = "sha256-vHwgENjip2+AFzs4oZfnKEAJKwf5Zid7fakImvxxQUw=";
   };
+
+  # Shared emacs packages
+  emacsPackages = epkgs: [
+    epkgs.vterm
+    epkgs.treesit-grammars.with-all-grammars
+  ];
+
+  # Default emacs configuration with vterm support
+  defaultEmacsPackage = 
+    if pkgs.stdenv.isDarwin 
+    then pkgs.emacs-macport.pkgs.withPackages emacsPackages
+    else pkgs.emacs.pkgs.withPackages emacsPackages;
 in
 {
   config = {
     home.packages = [
-      (pkgs.emacs.pkgs.withPackages (epkgs: [
-        epkgs.vterm
-      ]))
-
       pkgs.emacs-all-the-icons-fonts
       pkgs.fira-code
       pkgs.fontconfig
       pkgs.graphviz
       pkgs.isort
-      pkgs.libvterm # native vterm library
+      #pkgs.libvterm # native vterm library
       pkgs.nerd-fonts.fira-code
       pkgs.nerd-fonts.droid-sans-mono
       pkgs.nil # nix lsp language server
@@ -33,9 +41,18 @@ in
       pkgs.python3
     ];
 
+    programs.emacs = {
+      enable = true;
+      package = defaultEmacsPackage;
+    };
+
     fonts.fontconfig.enable = true;
 
-    home.file."${config.xdg.configHome}/emacs".source = doomEmacs;
+    # Mount emacs and tree-sitter grammars from nix store
+    home.file = {
+      "${config.xdg.configHome}/emacs".source = doomEmacs;
+    };
+
     home.sessionPath = [
       "${config.xdg.configHome}/emacs/bin"
     ];
@@ -45,11 +62,11 @@ in
       DOOMLOCALDIR = "${config.xdg.dataHome}/doom";
     };
 
+    # TODO: Use mkOutOfStoreSymlink instead?
     home.activation.doomConfig = lib.hm.dag.entryAfter ["writeBoundary"] ''
-      if [ ! -L "${config.xdg.configHome}/doom" ]; then
+      # Always remove and recreate the symlink to ensure it points to the source directory
-        rm -rf "${config.xdg.configHome}/doom"
+      rm -rf "${config.xdg.configHome}/doom"
-        ln -sf "${./doom}" "${config.xdg.configHome}/doom"
+      ln -sf "${config.home.homeDirectory}/nixos-configs/home/modules/emacs/doom" "${config.xdg.configHome}/doom"
-      fi
     '';
   };
 }

home/modules/emacs/doom/config.el

@@ -30,10 +30,20 @@
 ;; wasn't installed correctly. Font issues are rarely Doom issues!
 (setq doom-font (font-spec :family "Fira Code"))
 
+;; Auto-install nerd-icons fonts if they're missing
+(defun my/ensure-nerd-icons-fonts ()
+  "Check if nerd-icons fonts are installed and install them if missing."
+  (when (display-graphic-p)
+    (unless (find-font (font-spec :name "Symbols Nerd Font Mono"))
+      (when (fboundp 'nerd-icons-install-fonts)
+        (nerd-icons-install-fonts t)))))
+
+(add-hook 'doom-init-ui-hook #'my/ensure-nerd-icons-fonts)
+
 ;; There are two ways to load a theme. Both assume the theme is installed and
 ;; available. You can either set `doom-theme' or manually load a theme with the
 ;; `load-theme' function. This is the default:
-(setq doom-theme 'doom-one)
+(setq doom-theme 'doom-tokyo-night)
 
 ;; This determines the style of line numbers in effect. If set to `nil', line
 ;; numbers are disabled. For relative line numbers, set this to `relative'.
@@ -44,6 +54,7 @@
 (setq org-directory "~/org/")
 (after! org
   (setq org-agenda-span 'week
+        org-agenda-start-with-log-mode t
         my-agenda-dirs '("projects" "roam")
         org-agenda-files (cons org-directory (mapcan (lambda (x) (directory-files-recursively
                                                                   (expand-file-name x org-directory)
@@ -62,6 +73,13 @@
           '(("t" "Todo" entry (file+headline "~/org/todo.org" "Inbox")
              "* TODO %? \n %i \n%a" :prepend t))))
 
+(map! :after org-agenda
+      :map org-agenda-mode-map
+      :localleader
+      (:prefix ("v" . "view")
+       "d" #'org-agenda-day-view
+       "w" #'org-agenda-week-view))
+
 ;; (use-package! org-caldav
 ;;   :defer t
 ;;   :config
@@ -80,11 +98,51 @@
 
 (after! gptel
   :config
-  (setq! gptel-api-key (my/get-rbw-password "openai-api-key-chatgpt-el"))
+  (setq! gptel-api-key (my/get-rbw-password "openai-api-key-chatgpt-el")
-  (gptel-make-ollama "Ollama-Local"
+         gptel-default-mode 'org-mode
-    :host "localhost:11434"
+         gptel-use-tools t
-    :stream t
+         gptel-confirm-tool-calls 'always
-    :models '(deepseek-r1 deepseek-r1-fullctx qwen3 qwen3-coder)))
+         gptel-include-reasoning 'ignore
+         gptel-model "qwen3:30b")
+
+  ;; Set default backend to be Ollama-Local
+  (setq! gptel-backend
+         (gptel-make-ollama "Ollama-Local"
+           :host "localhost:11434"
+           :stream t
+           :models '(deepseek-r1 deepseek-r1-fullctx qwen3:30b qwen3:4b llama3.1 qwen2.5-coder mistral-nemo gpt-oss)))
+
+  ;; Define custom tools
+  (gptel-make-tool
+   :name "run_shell_command"
+   :description "Execute shell commands and return output. Use this to run system commands, check file contents, or perform system operations."
+   :function (lambda (command)
+               (condition-case err
+                   (shell-command-to-string command)
+                 (error (format "Error running command: %s" (error-message-string err)))))
+   :args (list '(:name "command" :type "string" :description "Shell command to execute")))
+
+  (gptel-make-tool
+   :name "read_file"
+   :description "Read the contents of a file and return as text"
+   :function (lambda (filepath)
+               (condition-case err
+                   (with-temp-buffer
+                     (insert-file-contents (expand-file-name filepath))
+                     (buffer-string))
+                 (error (format "Error reading file %s: %s" filepath (error-message-string err)))))
+   :args (list '(:name "filepath" :type "string" :description "Path to the file to read")))
+
+  (gptel-make-tool
+   :name "list_directory"
+   :description "List contents of a directory"
+   :function (lambda (dirpath)
+               (condition-case err
+                   (mapconcat 'identity 
+                              (directory-files (expand-file-name dirpath) nil "^[^.]")
+                              "\n")
+                 (error (format "Error listing directory %s: %s" dirpath (error-message-string err)))))
+   :args (list '(:name "dirpath" :type "string" :description "Directory path to list"))))
 
 (use-package! claude-code-ide
   :defer t
@@ -94,6 +152,13 @@
         (:prefix ("o" . "open")
          :desc "Claude Code IDE" "c" #'claude-code-ide-menu)))
 
+(after! gptel
+  (require 'gptel-tool-library)
+  (setq gptel-tool-library-use-maybe-safe t
+        gptel-tool-library-use-unsafe t)
+  (dolist (module '("bbdb" "buffer" "elisp" "emacs" "gnus" "os" "search-and-replace" "url"))
+    (gptel-tool-library-load-module module)))
+
 ;; Whenever you reconfigure a package, make sure to wrap your config in an
 ;; `after!' block, otherwise Doom's defaults may override your settings. E.g.
 ;;

home/modules/emacs/doom/init.el

@@ -33,7 +33,7 @@
        doom              ; what makes DOOM look the way it does
        doom-dashboard    ; a nifty splash screen for Emacs
        ;;doom-quit         ; DOOM quit-message prompts when you quit Emacs
-       (emoji +unicode)  ; 🙂
+       ;;(emoji +unicode)  ; 🙂
        hl-todo           ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
        ;;indent-guides     ; highlighted indent columns
        ;;ligatures         ; ligatures and symbols to make your code pretty again
@@ -59,7 +59,7 @@
        ;;(format +onsave)  ; automated prettiness
        ;;god               ; run Emacs commands without modifier keys
        ;;lispy             ; vim for lisp, for people who don't like vim
-       ;;multiple-cursors  ; editing in many places at once
+       multiple-cursors  ; editing in many places at once
        ;;objed             ; text object editing for the innocent
        ;;parinfer          ; turn lisp into python, sort of
        ;;rotate-text       ; cycle region at point between text candidates

home/modules/emacs/doom/packages.el

@@ -55,3 +55,7 @@
 
 (package! claude-code-ide
   :recipe (:host github :repo "manzaltu/claude-code-ide.el"))
+
+(package! gptel-tool-library
+  :recipe (:host github :repo "aard-fi/gptel-tool-library"
+           :files ("*.el")))

home/modules/plasma-manager/default.nix

@@ -52,26 +52,47 @@
         "Window Operations Menu" = "Alt+F3";
         "Window Resize" = "Meta+R,,Resize Window";
 
-        "Overview" = "Meta+W";
+        "Overview" = "Meta+Ctrl+W";
         "Grid View" = "Meta+G";
         "Edit Tiles" = "Meta+T";
 
         "Activate Window Demanding Attention" = "Meta+Ctrl+A";
 
-        "Show Desktop" = "Meta+D";
+        "Show Desktop" = "Meta+Ctrl+D";
 
         "Walk Through Windows" = "Alt+Tab";
         "Walk Through Windows (Reverse)" = "Alt+Shift+Tab";
         "Walk Through Windows of Current Application" = "Alt+`";
         "Walk Through Windows of Current Application (Reverse)" = "Alt+~";
-        "Window Fullscreen" = "Meta+Shift+F,,Make Window Fullscreen";
 
         "Window Quick Tile Bottom" = "Meta+Down";
         "Window Quick Tile Left" = "Meta+Left";
         "Window Quick Tile Right" = "Meta+Right";
         "Window Quick Tile Top" = "Meta+Up";
 
-        "view_actual_size" = "Meta+0";
+        "Switch to Desktop 1" = "Meta+1";
+        "Switch to Desktop 2" = "Meta+2";
+        "Switch to Desktop 3" = "Meta+3";
+        "Switch to Desktop 4" = "Meta+4";
+        "Switch to Desktop 5" = "Meta+5";
+        "Switch to Desktop 6" = "Meta+6";
+        "Switch to Desktop 7" = "Meta+7";
+        "Switch to Desktop 8" = "Meta+8";
+        "Switch to Desktop 9" = "Meta+9";
+        "Switch to Desktop 10" = "Meta+0";
+        
+        "Window to Desktop 1" = "Meta+!";    # Meta+Shift+1
+        "Window to Desktop 2" = "Meta+@";    # Meta+Shift+2
+        "Window to Desktop 3" = "Meta+#";    # Meta+Shift+3
+        "Window to Desktop 4" = "Meta+$";    # Meta+Shift+4
+        "Window to Desktop 5" = "Meta+%";    # Meta+Shift+5
+        "Window to Desktop 6" = "Meta+^";    # Meta+Shift+6
+        "Window to Desktop 7" = "Meta+&";    # Meta+Shift+7
+        "Window to Desktop 8" = "Meta+*";    # Meta+Shift+8
+        "Window to Desktop 9" = "Meta+(";    # Meta+Shift+9
+        "Window to Desktop 10" = "Meta+)";   # Meta+Shift+0
+
+        "view_actual_size" = "Meta+Ctrl+=";
         "view_zoom_in" = ["Meta++" "Meta+=,Meta++" "Meta+=,Zoom In"];
         "view_zoom_out" = "Meta+-";
       };
@@ -111,6 +132,22 @@
         immutable = true;
       };
       
+      # Enable KWin tiling features
+      kwinrc.Tiling = {
+        # Enable tiling functionality  
+        "padding" = 4;
+      };
+      
+      # Enable krohnkite plugin automatically
+      kwinrc.Plugins = {
+        krohnkiteEnabled = true;
+      };
+      
+      kwinrc.Effect-overview = {
+        # Configure overview effect for better tiling workflow
+        BorderActivate = 9;  # Top-left corner activation
+      };
+
       kcminputrc.Libinput = {
         AccelerationProfile = "adaptive";
         PointerAcceleration = 0.5;
@@ -122,6 +159,14 @@
       };
 
       kdeglobals.KDE.LookAndFeelPackage = "org.kde.breezedark.desktop";
+
+      # Focus follows mouse configuration
+      kwinrc.Windows = {
+        FocusPolicy = "FocusFollowsMouse";
+        AutoRaise = true;  # Set to true if you want windows to auto-raise on focus
+        AutoRaiseInterval = 750;  # Delay in ms before auto-raise (if enabled)
+        DelayFocusInterval = 0;  # Delay in ms before focus follows mouse
+      };
     };
   };
 }

home/roles/base/default.nix

@@ -12,8 +12,8 @@ in
 
   config = mkIf cfg.enable {
     home.packages = with pkgs; [
-      # Core CLI utilities
       fd
+      glances
       gzip
       htop
       killall
@@ -21,12 +21,7 @@ in
       ncdu
       shellcheck
       tmux
-      
+      tree
-      # Development/automation tools that are widely used
-      claude-code
-      codex
-      goose-cli
-      pandoc
     ];
 
     # Essential programs everyone needs
@@ -63,11 +58,11 @@ in
 
     programs.ssh = {
       enable = true;
-      addKeysToAgent = "yes";
       matchBlocks = {
         "nucdeb1" = {
           hostname = "nucdeb1.oglehome";
           user = "root";
+          addKeysToAgent = "yes";
         };
       };
     };

home/roles/desktop/default.nix

@@ -25,6 +25,39 @@ in
       
       # System utilities with GUI components
       (snapcast.override { pulseaudioSupport = true; })
+      
+      # KDE tiling window management
+      kdePackages.krohnkite  # Dynamic tiling extension for KWin 6
+      
+      # KDE PIM applications for email, calendar, and contacts
+      kdePackages.kmail
+      kdePackages.kmail-account-wizard
+      kdePackages.kmailtransport
+      kdePackages.korganizer
+      kdePackages.kaddressbook
+      kdePackages.kontact
+      
+      # KDE Online Accounts support
+      kdePackages.kaccounts-integration
+      kdePackages.kaccounts-providers
+      kdePackages.signond
+      
+      # KDE Mapping
+      kdePackages.marble  # Virtual globe and world atlas
+      
+      # KDE Productivity
+      kdePackages.kate        # Advanced text editor with syntax highlighting
+      kdePackages.okular      # Universal document viewer (PDF, ePub, etc.)
+      kdePackages.spectacle   # Screenshot capture utility
+      kdePackages.filelight   # Visual disk usage analyzer
+      
+      # KDE Multimedia
+      kdePackages.gwenview    # Image viewer and basic editor
+      kdePackages.elisa       # Music player
+      
+      # KDE System Utilities  
+      kdePackages.ark         # Archive manager (zip, tar, 7z, etc.)
+      kdePackages.yakuake     # Drop-down terminal emulator
     ];
 
     programs.firefox = {

home/roles/development/default.nix

@@ -12,6 +12,10 @@ in
 
   config = mkIf cfg.enable {
     home.packages = [
+      pkgs.claude-code
+      pkgs.codex
+      pkgs.goose-cli
+
       # Custom packages
       customPkgs.tea-rbw
     ];

home/roles/media/default.nix

@@ -13,7 +13,9 @@ in
   config = mkIf cfg.enable {
     home.packages = with pkgs; [
       # Media players and streaming
-      jellyfin-media-player
+      # Using delfin instead of jellyfin-media-player to avoid qtwebengine security issues
+      # For full Jellyfin features, use web interface at http://jellyfin-server:8096
+      delfin
       moonlight-qt
       vlc
     ];

machines/johno-macbookpro/configuration.nix

@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Basic system configuration for macOS work laptop
+  system.stateVersion = 6;
+
+  # Set primary user for nix-darwin
+  system.primaryUser = "johno";
+
+  # System preferences (can be expanded later)
+  system.defaults = {
+    dock.autohide = true;
+    finder.AppleShowAllExtensions = true;
+    NSGlobalDomain.AppleShowAllExtensions = true;
+  };
+
+  # TODO: Find a way to not duplicate this
+  launchd.user.envVariables = {
+    # DOOM Emacs environment variables
+    DOOMDIR = "/Users/johno/.config/doom";
+    DOOMLOCALDIR = "/Users/johno/.local/doom";
+  };
+}

machines/nix-book/configuration.nix

@@ -43,6 +43,13 @@
   # Enable networking
   networking.networkmanager.enable = true;
 
+  # WireGuard setup
+  networking.wg-quick.interfaces = {
+    ogleNet = {
+      configFile = "/root/Oglehome-VPN-johno-nixbook.conf";
+    };
+  };
+
   hardware.graphics = {
     enable = true;
     extraPackages = with pkgs; [

machines/zix790prors/README.md

@@ -1,30 +0,0 @@
-# zix790prors
-
-The re-birthed NixOS install of my 2024/2025 gaming pc / workstation.
-
-## Specs
-
-**CPU:** Intel Core i7-14700K (20 cores, 28 threads, up to 5.6 GHz)
-**Memory:** 64 GB RAM
-**Storage:** 
-- 4TB NVMe SSD (main drive with dual-boot partitions)
-  - Windows 11 partition (NTFS)
-  - NixOS /nix/store partition (btrfs)
-  - Shared /games partition (btrfs, accessible from both Windows and NixOS)
-**GPU:** NVIDIA GeForce RTX 4070 Ti
-**Boot:** UEFI with 100MB EFI System Partition
-
-This is a powerful all-purpose workstation optimized for gaming, 3D modeling, and development. It dual-boots Windows 11 with a shared btrfs /games partition accessible from both operating systems.
-
-## BIOS Settings
-
-### 2025-09-08
-
-I underclocked the CPU today. I set the cpu/cache voltage offset to -50mV and lowered the P-Core multiplier from 56x to 50x. I was able to run Intel XTU benchmarks and the CPU stayed around 80C without any throttling kicking in, whereas before it would bounce around various cores at 100C with lots of throttling taking place.
-
-My goals for this change are:
-1. CPU longevity
-2. Fan noise
-3. Addressing various apps that say 100C is a "critical temperature" (though I believe the CPU is rated for up to 110C)
-
-I'm leaving some performance on the table, but it almost feels like the default settings for this CPU were to effectively be overclocked.

machines/zix790prors/README.org

@@ -0,0 +1,31 @@
+* zix790prors
+
+The re-birthed NixOS install of my 2024/2025 gaming pc / workstation.
+
+** Specs
+- **CPU:** Intel Core i7-14700K (20 cores, 28 threads, up to 5.6 GHz)
+- **Memory:** 64 GB RAM
+- **Storage:**
+  - 4TB NVMe SSD (main drive with dual-boot partitions)
+    - Windows 11 partition (NTFS)
+    - NixOS /nix/store partition (btrfs)
+    - Shared /games partition (btrfs, accessible from both Windows and NixOS)
+- **GPU:** NVIDIA GeForce RTX 4070 Ti
+- **Boot:** UEFI with 100MB EFI System Partition
+
+This is a powerful all-purpose workstation optimized for gaming, 3D modeling, and development. It dual-boots Windows 11 with a shared btrfs /games partition accessible from both operating systems.
+*** Validation
+Given the above specs, I want to run shell commands to validate them for accuracy. Use the run_shell_command tool to get the results required to complete this validation. Do not return to the user until you have exhausted your self-serve options for accomplishing your task.
+
+** BIOS Settings
+
+**2025-09-08**
+
+I underclocked the CPU today. I set the cpu/cache voltage offset to -50mV and lowered the P-Core multiplier from 56x to 50x. I was able to run Intel XTU benchmarks and the CPU stayed around 80C without any throttling kicking in, whereas before it would bounce around various cores at 100C with lots of throttling taking place.
+
+My goals for this change are:
+- CPU longevity
+- Fan noise
+- Addressing various apps that say 100C is a "critical temperature" (though I believe the CPU is rated for up to 110C)
+
+I'm leaving some performance on the table, but it almost feels like the default settings for this CPU were to effectively be overclocked.

machines/zix790prors/configuration.nix

@@ -26,6 +26,7 @@ with lib;
       wayland = true;
     };
     nfs-mounts.enable = true;
+    nvidia.enable = true;
     printing.enable = true;
     users.enable = true;
     virtualisation.enable = true;
@@ -33,7 +34,7 @@ with lib;
 
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
-  boot.loader.systemd-boot.configurationLimit = 2; # Reduced to save /boot space (TODO Increase /boot partition size)
+  boot.loader.systemd-boot.configurationLimit = 20;
   boot.loader.efi.canTouchEfiVariables = true;
   boot.loader.timeout = 10;
 
@@ -70,9 +71,11 @@ with lib;
     powerManagement.finegrained = false;
   };
 
-  environment.systemPackages = [
+  services.ollama = {
-    (pkgs.ollama.override { acceleration = "cuda"; })
+    enable = true;
-  ];
+    acceleration = "cuda";
+    loadModels = [ "gpt-oss" "deepseek-r1" "qwen3:30b" ];
+  };
 
   # This option defines the first version of NixOS you have installed on this particular machine,
   # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.

machines/zix790prors/hardware-configuration.nix

@@ -14,7 +14,7 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/76B0-738E";
+    { device = "/dev/disk/by-uuid/11C1-EB58";
       fsType = "vfat";
       options = [ "fmask=0077" "dmask=0077" ];
     };

packages/app-launcher-server/app-launcher-server.py

@@ -0,0 +1,104 @@
+#!/usr/bin/env python3
+
+import json
+import logging
+import os
+import subprocess
+import sys
+from http.server import BaseHTTPRequestHandler, HTTPServer
+from urllib.parse import urlparse
+
+# Configure logging
+logging.basicConfig(
+    level=logging.INFO,
+    format='%(asctime)s - %(levelname)s - %(message)s'
+)
+logger = logging.getLogger(__name__)
+
+# Allowlisted applications that can be launched
+ALLOWED_APPS = {
+    'firefox': 'firefox',
+    'kodi': 'kodi'
+}
+
+class AppLauncherHandler(BaseHTTPRequestHandler):
+    def log_message(self, format, *args):
+        logger.info(format % args)
+
+    def do_GET(self):
+        if self.path == '/':
+            self.send_response(200)
+            self.send_header('Content-type', 'application/json')
+            self.end_headers()
+            response = {
+                'status': 'running',
+                'available_apps': list(ALLOWED_APPS.keys()),
+                'usage': 'POST /launch/<app_name> to launch an application'
+            }
+            self.wfile.write(json.dumps(response, indent=2).encode())
+        else:
+            self.send_error(404)
+
+    def do_POST(self):
+        parsed_path = urlparse(self.path)
+        path_parts = parsed_path.path.strip('/').split('/')
+
+        if len(path_parts) == 2 and path_parts[0] == 'launch':
+            app_name = path_parts[1]
+            self.launch_app(app_name)
+        else:
+            self.send_error(404, "Invalid endpoint. Use /launch/<app_name>")
+
+    def launch_app(self, app_name):
+        if app_name not in ALLOWED_APPS:
+            self.send_error(400, f"Application '{app_name}' not allowed. Available apps: {list(ALLOWED_APPS.keys())}")
+            return
+
+        command = ALLOWED_APPS[app_name]
+
+        try:
+            # Launch the application in the background
+            # Ensure we have the proper environment for GUI apps
+            env = os.environ.copy()
+
+            logger.info(f"Launching application: {command}")
+            process = subprocess.Popen(
+                [command],
+                env=env,
+                stdout=subprocess.DEVNULL,
+                stderr=subprocess.DEVNULL,
+                start_new_session=True
+            )
+
+            self.send_response(200)
+            self.send_header('Content-type', 'application/json')
+            self.end_headers()
+            response = {
+                'status': 'success',
+                'message': f'Successfully launched {app_name}',
+                'pid': process.pid
+            }
+            self.wfile.write(json.dumps(response).encode())
+
+        except FileNotFoundError:
+            logger.error(f"Application not found: {command}")
+            self.send_error(500, f"Application '{app_name}' not found on system")
+        except Exception as e:
+            logger.error(f"Error launching {command}: {e}")
+            self.send_error(500, f"Failed to launch {app_name}: {str(e)}")
+
+def main():
+    port = int(sys.argv[1]) if len(sys.argv) > 1 else 8081
+
+    server = HTTPServer(('0.0.0.0', port), AppLauncherHandler)
+    logger.info(f"App launcher server starting on port {port}")
+    logger.info(f"Available applications: {list(ALLOWED_APPS.keys())}")
+
+    try:
+        server.serve_forever()
+    except KeyboardInterrupt:
+        logger.info("Server shutting down...")
+        server.server_close()
+
+if __name__ == '__main__':
+    main()

packages/app-launcher-server/default.nix

@@ -0,0 +1,5 @@
+{ pkgs }:
+
+pkgs.writeShellScriptBin "app-launcher-server" ''
+  exec ${pkgs.python3}/bin/python3 ${./app-launcher-server.py} "$@"
+''

packages/default.nix

@@ -2,4 +2,5 @@
 {
   vulkanHDRLayer = pkgs.callPackage ./vulkan-hdr-layer {};
   tea-rbw = pkgs.callPackage ./tea-rbw {};
+  app-launcher-server = pkgs.callPackage ./app-launcher-server {};
 }

roles/darwin.nix

@@ -0,0 +1,84 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  # Extract the set-environment path that nix-darwin generates
+  setEnvironmentPath = "${config.system.build.setEnvironment}";
+in
+{
+  config = {
+    # Salt manages /etc/bashrc, /etc/zshrc, /etc/zshenv
+    # nix-darwin writes to .local variants for nix-specific configuration
+
+    # Disable nix-darwin from managing the main shell files
+    environment.etc."bashrc".enable = false;
+    environment.etc."zshrc".enable = false;
+    environment.etc."zshenv".enable = false;
+
+    # Create .local files with nix environment setup
+    environment.etc."bash.local".text = ''
+      # Nix environment setup
+      if [ -z "$__NIX_DARWIN_SET_ENVIRONMENT_DONE" ]; then
+        . ${setEnvironmentPath}
+      fi
+    '';
+
+    environment.etc."zshrc.local".text = ''
+      # Nix environment setup (already done in zshenv.local)
+    '';
+
+    environment.etc."zshenv.local".text = ''
+      # Nix environment setup
+      if [[ -o rcs ]]; then
+        if [ -z "''${__NIX_DARWIN_SET_ENVIRONMENT_DONE-}" ]; then
+          . ${setEnvironmentPath}
+        fi
+
+        # Tell zsh how to find installed completions
+        for p in ''${(z)NIX_PROFILES}; do
+          fpath=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions $fpath)
+        done
+      fi
+    '';
+
+    time.timeZone = "America/Los_Angeles";
+
+    environment.systemPackages = with pkgs; [
+      git
+      glances
+      pciutils
+      tree
+      usbutils
+      vim
+    ];
+
+    nix = {
+      package = pkgs.nix;
+      # distributedBuilds = true;
+      # buildMachines = [{
+      #   hostName = "z790prors.oglehome";
+      #   system = "x86_64-linux";
+      #   protocol = "ssh-ng";
+      #   sshUser = "johno";
+      #   sshKey = "/root/.ssh/id_ed25519";
+      #   maxJobs = 3;
+      #   speedFactor = 2;
+      # }];
+      settings = {
+        experimental-features = [ "nix-command" "flakes" ];
+        max-jobs = "auto";
+        trusted-users = [ "johno" ];
+        substituters = [
+        ];
+      };
+
+      gc = {
+        automatic = true;
+        options = "--delete-older-than 10d";
+      };
+    };
+
+    nixpkgs.config.allowUnfree = true;
+  };
+}

roles/default.nix

@@ -10,6 +10,7 @@ with lib;
     ./desktop
     ./kodi
     ./nfs-mounts
+    ./nvidia
     ./printing
     ./spotifyd
     ./users

roles/kodi/default.nix

@@ -4,6 +4,7 @@ with lib;
 
 let
   cfg = config.roles.kodi;
+  customPkgs = pkgs.callPackage ../../packages {};
 in
 {
   options.roles.kodi = {
@@ -14,6 +15,18 @@ in
     wayland = mkOption {
       default = true;
     };
+    appLauncherServer = {
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Enable HTTP app launcher server for remote control";
+      };
+      port = mkOption {
+        type = types.int;
+        default = 8081;
+        description = "Port for the app launcher HTTP server";
+      };
+    };
   };
 
 
@@ -33,17 +46,35 @@ in
       };
 
       networking.firewall = {
-        allowedTCPPorts = [ 8080 ];
+        allowedTCPPorts = [ 8080 ] ++ optional cfg.appLauncherServer.enable cfg.appLauncherServer.port;
         allowedUDPPorts = [ 8080 ];
       };
 
       environment.systemPackages = with pkgs; [
         kodiPkg
         wget
-      ];
+        firefox
+      ] ++ optional cfg.appLauncherServer.enable customPkgs.app-launcher-server;
 
       programs.kdeconnect.enable = true;
 
+      systemd.user.services = mkIf cfg.appLauncherServer.enable {
+        app-launcher-server = {
+          description = "HTTP App Launcher Server";
+          wantedBy = [ "graphical-session.target" ];
+          after = [ "graphical-session.target" ];
+          serviceConfig = {
+            Type = "simple";
+            ExecStart = "${customPkgs.app-launcher-server}/bin/app-launcher-server ${toString cfg.appLauncherServer.port}";
+            Restart = "always";
+            RestartSec = "5s";
+            Environment = [
+              "PATH=${pkgs.firefox}/bin:${kodiPkg}/bin:/run/current-system/sw/bin"
+            ];
+          };
+        };
+      };
+
       services = if cfg.autologin then {
           displayManager = {
             autoLogin.enable = true;

roles/nvidia/default.nix

@@ -0,0 +1,20 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.nvidia;
+in
+{
+  options.roles.nvidia = {
+    enable = mkEnableOption "Enable the nvidia role";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      libva-utils
+      nvidia-vaapi-driver
+      nvtopPackages.nvidia
+    ];
+  };
+}