Attempt to fix custom package format

[app-launcher] Add app-launcher to boxy
[zix790prors] Increase boot partition size
2025-10-13 14:25:23 -07:00 · 2025-10-13 14:25:13 -07:00 · 2025-10-04 09:06:18 -07:00 · 2025-10-01 21:35:18 -07:00 · 2025-10-01 21:35:18 -07:00 · 2025-10-01 21:35:18 -07:00
66 changed files with 3885 additions and 568 deletions
--- a/.goosehints
+++ b/.goosehints
@@ -0,0 +1,21 @@
 NixOS Configurations Repository
 ================================
 Overview:
 ---------
 This repository hosts modular and reproducible NixOS configurations managed via Nix flakes. It is structured to separate concerns across machine-specific setups, common roles, and custom packages.
 Directory Structure:
 ----------------------
 • packages/      - Custom Nix packages leveraged across various configurations.
 • roles/         - Role-based configurations (e.g., kodi, bluetooth) each with its own module (default.nix) for inclusion in machine setups.
 • machines/      - Machine-specific configurations (e.g., nix-book, z790prors, boxy, wixos) including configuration.nix and hardware-configuration.nix tailored for each hardware.
 • home/          - Home-manager configurations for personal environments and application settings (e.g., home-nix-book.nix, home-z790prors.nix).
 Design Principles:
 ------------------
 • Modularity: Clear separation between roles, machines, and packages allows for flexible and reusable configurations.
 • Declarative & Reproducible: Using Nix flakes guarantees a fully declarative setup that can be effortlessly reproduced across systems.
 • Scalability: The structure is designed to accommodate adding new roles or machines with minimal disruption to existing configurations.
 This file serves as a concise guide for navigating and understanding the repository from an advanced Nix perspective. Further documentation can be found within the respective directories or individual README files where applicable.
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -0,0 +1,177 @@
 # CLAUDE.md
 This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
 ## Repository Overview
 This is a NixOS configuration repository using flakes, managing multiple machines and home-manager configurations. The repository follows a modular architecture with reusable "roles" that can be composed for different machines.
 ## Architecture
 ### Flake Structure
 - **flake.nix**: Main entry point defining inputs (nixpkgs, home-manager, plasma-manager, etc.) and outputs for multiple NixOS configurations
 - **Machines**: `nix-book`, `boxy`, `wixos` (WSL configuration), `zix790prors`, `live-usb`, `johno-macbookpro` (Darwin/macOS)
 - **Home configurations**: Standalone home-manager configuration for user `johno`
 ### Directory Structure
 - `machines/`: Machine-specific configurations with hardware-configuration.nix
 - `roles/`: Modular system configurations (audio, bluetooth, desktop, users, etc.)
 - `home/`: Home Manager configurations and user-specific modules
 - `home/modules/`: User environment modules (emacs, i3+sway, plasma-manager, tmux)
 - `packages/`: Custom package definitions
 ### Role-Based Configuration System
 The repository uses a custom "roles" system where each role is a NixOS module with enable options:
 - `roles.desktop`: Desktop environment with sub-options for X11, Wayland, KDE, gaming, SDDM
 - `roles.audio`: Audio configuration
 - `roles.bluetooth`: Bluetooth support
 - `roles.users`: User account management
 - `roles.virtualisation`: Virtualization setup
 - `roles.kodi`: Kodi media center
 - `roles.nvidia`: NVIDIA GPU configuration
 - `roles.printing`: Printing support (CUPS)
 - `roles.spotifyd`: Spotify daemon
 - `roles.btrfs`: Btrfs filesystem configuration
 - `roles.nfs-mounts`: NFS mount configuration
 - `roles.darwin`: macOS-specific configurations
 Example role usage in machine configuration:
 ```nix
 roles = {
  audio.enable = true;
  desktop = {
    enable = true;
    gaming = true;
    kde = true;
    wayland = true;
  };
  users.enable = true;
 };
 ```
 ### Home-Manager Role System
 The repository also uses a modular home-manager role system for user-space configuration:
 **Available Home Roles:**
 - `home.roles.base`: Core CLI tools, git, ssh, bash, rbw (enabled everywhere)
 - `home.roles.desktop`: GUI applications, Firefox, KDE services
 - `home.roles.office`: LibreOffice, OpenSCAD (heavy packages)
 - `home.roles.media`: VLC, Jellyfin, Moonlight (media consumption)
 - `home.roles.development`: Custom packages, kubectl, development tools
 - `home.roles.communication`: Element, Nextcloud Talk, Google cookie tools
 - `home.roles.sync`: Syncthing service and tray (for file synchronization)
 - `home.roles.kdeconnect`: KDE Connect for device integration
 - `home.roles.gaming`: Gaming applications (future expansion)
 **Role-Based Home Configurations:**
 - `home-desktop.nix`: Full-featured desktop for development workstations
 - `home-media-center.nix`: Living room media consumption and gaming setup (boxy)
 - `home-laptop-compact.nix`: Essential tools only, excludes office/media for storage constraints (nix-book)
 - `home-live-usb.nix`: Minimal setup for live environments, no persistent services
 - `home-darwin-work.nix`: macOS work laptop configuration
 **Machine-Specific Role Usage:**
 - **nix-book**: Compact laptop → excludes office/media roles due to SSD space constraints
 - **boxy**: Living room media center → optimized for media consumption, excludes sync/office (shared machine)
 - **zix790prors**: All-purpose workstation → full desktop experience with all roles enabled
 - **wixos**: WSL2 development → full desktop experience, inherits from zix790prors Windows host
 - **live-usb**: Temporary environment → only base + desktop roles, no persistent services
 - **johno-macbookpro**: macOS work laptop → Darwin-specific configuration with development tools
 ## Common Commands
 ### Building and Switching Configurations
 **NixOS (Linux):**
 ```bash
 # Build and switch to a specific machine configuration
 sudo nixos-rebuild switch --flake .#<hostname>
 # Build without switching
 nixos-rebuild build --flake .#<hostname>
 # Build home-manager configuration only
 home-manager switch --flake .#johno
 ```
 **Darwin (macOS):**
 ```bash
 # Build and switch to Darwin configuration
 darwin-rebuild switch --flake .#johno-macbookpro
 # Build without switching
 darwin-rebuild build --flake .#johno-macbookpro
 ```
 ### Available Machine Configurations
 - `nix-book`: Compact laptop with storage constraints, uses `home/home-laptop-compact.nix`
 - `boxy`: Shared living room media center/gaming desktop with AMD GPU, uses `home/home-media-center.nix`
 - `zix790prors`: Powerful all-purpose workstation (gaming, 3D modeling, development), dual-boots Windows 11 with shared btrfs /games partition, uses `home/home-desktop.nix`
 - `wixos`: WSL2 development environment running in Windows partition of zix790prors, uses `home/home-desktop.nix`
 - `live-usb`: Bootable ISO configuration, uses `home/home-live-usb.nix`
 - `johno-macbookpro`: macOS work laptop, uses `home/home-darwin-work.nix`
 ### Flake Operations
 ```bash
 # Update flake inputs
 nix flake update
 # Check flake
 nix flake check
 # Show flake info
 nix flake show
 ```
 ### Bootstrap New Machine
 Use the provided bootstrap script:
 ```bash
 sudo ./bootstrap.sh <hostname>
 ```
 This script pulls from the remote git repository and applies the configuration.
 ### Build Live USB ISO
 Use the provided script to build a bootable ISO:
 ```bash
 ./build-liveusb.sh
 ```
 Creates an ISO suitable for Ventoy and other USB boot tools in `./result/iso/`.
 ## Development Workflow
 ### Adding New Machines
 **NixOS:**
 1. Create new directory in `machines/<hostname>/`
 2. Add `configuration.nix` with role assignments
 3. Include hardware-configuration.nix (generated by nixos-generate-config)
 4. Add nixosConfiguration to flake.nix outputs
 **Darwin (macOS):**
 1. Create new directory in `machines/<hostname>/`
 2. Add `configuration.nix` with Darwin role assignments
 3. Add darwinConfiguration to flake.nix outputs
 ### Adding New Roles
 1. Create directory in `roles/<role-name>/`
 2. Create `default.nix` with module definition using mkEnableOption
 3. Add role import to `roles/default.nix`
 4. Configure role options in machine configurations
 ### Home Manager Modules
 - Located in `home/modules/`
 - Each module has its own `default.nix`
 - Imported in main home configuration files
 ## Key Configuration Details
 - **Experimental features**: nix-command and flakes are enabled
 - **User**: Primary user is `johno` with trusted-user privileges
 - **Locale**: en_US.UTF-8, America/Los_Angeles timezone
 - **SSH**: OpenSSH enabled on all configurations
 - **Garbage collection**: Automatic, deletes older than 10 days
 - **Unfree packages**: Allowed globally
 ## Important Notes
 - **Sudo access**: Claude Code does not have sudo access. Ask the user to run elevated commands like `sudo nixos-rebuild switch`
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -0,0 +1,11 @@
 #!/usr/bin/env bash
 # bootstrap.sh
 # Usage: sudo ./bootstrap.sh <hostname>
 set -euo pipefail
 NEW_HOSTNAME="${1:?missing hostname}"
 FLAKE_URI="git+https://git.johnogle.info/johno/nixos-configs.git#${NEW_HOSTNAME}"
 export NIX_CONFIG="experimental-features = nix-command flakes"
 nixos-rebuild switch --flake "$FLAKE_URI"
--- a/build-liveusb.sh
+++ b/build-liveusb.sh
@@ -0,0 +1,19 @@
 #!/usr/bin/env bash
 # Build Live USB ISO from flake configuration
 # Creates an uncompressed ISO suitable for Ventoy and other USB boot tools
 set -e
 echo "Building Live USB ISO..."
 nix build .#nixosConfigurations.live-usb.config.system.build.isoImage --show-trace
 if [ -f "./result/iso/"*.iso ]; then
    iso_file=$(ls ./result/iso/*.iso)
    echo "✅ Build complete!"
    echo "📁 ISO location: $iso_file"
    echo "💾 Ready for Ventoy or dd to USB"
 else
    echo "❌ Build failed - no ISO file found"
    exit 1
 fi
--- a/flake.lock
+++ b/flake.lock
@@ -1,38 +1,41 @@
 {
  "nodes": {
-    "aquamarine": {
+    "flake-compat": {
-      "inputs": {
+      "flake": false,
        "hyprutils": [
          "hyprland",
          "hyprutils"
        ],
        "hyprwayland-scanner": [
          "hyprland",
          "hyprwayland-scanner"
        ],
        "nixpkgs": [
          "hyprland",
          "nixpkgs"
        ],
        "systems": [
          "hyprland",
          "systems"
        ]
      },
      "locked": {
-        "lastModified": 1722347739,
+        "lastModified": 1747046372,
-        "narHash": "sha256-rAoh+K6KG+b1DwSWtqRVocdojnH6nGk6q07mNltoUSM=",
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
-        "owner": "hyprwm",
+        "owner": "edolstra",
-        "repo": "aquamarine",
+        "repo": "flake-compat",
-        "rev": "7c3565f9bedc7cb601cc0baa14792247e4dc1d5a",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
        "type": "github"
      },
      "original": {
-        "owner": "hyprwm",
+        "owner": "edolstra",
-        "repo": "aquamarine",
+        "repo": "flake-compat",
        "type": "github"
      }
    },
    "google-cookie-retrieval": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1752428473,
        "narHash": "sha256-IsE7fdAYbRlZuc0H5FtPfhhuHvlxnDGoAxdlnjpVNCU=",
        "ref": "refs/heads/main",
        "rev": "1fad66b55144ab6beaecd900172a21ac3c34dc52",
        "revCount": 10,
        "type": "git",
        "url": "https://git.johnogle.info/johno/google-cookie-retrieval.git"
      },
      "original": {
        "type": "git",
        "url": "https://git.johnogle.info/johno/google-cookie-retrieval.git"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@@ -40,11 +43,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1723986931,
+        "lastModified": 1759172751,
-        "narHash": "sha256-Fy+KEvDQ+Hc8lJAV3t6leXhZJ2ncU5/esxkgt3b8DEY=",
+        "narHash": "sha256-E8W8sRXfrvkFW26GuuiWq6QfReU7m5+cngwHuRo/3jc=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "2598861031b78aadb4da7269df7ca9ddfc3e1671",
+        "rev": "12fa8548feefa9a10266ba65152fd1a787cdde8f",
        "type": "github"
      },
      "original": {
@@ -53,176 +56,53 @@
        "type": "github"
      }
    },
-    "hyprcursor": {
+    "nix-darwin": {
      "inputs": {
        "hyprlang": [
          "hyprland",
          "hyprlang"
        ],
        "nixpkgs": [
          "hyprland",
          "nixpkgs"
        ],
        "systems": [
          "hyprland",
          "systems"
        ]
      },
      "locked": {
-        "lastModified": 1721330371,
+        "lastModified": 1758805352,
-        "narHash": "sha256-aYlHTWylczLt6ERJyg6E66Y/XSCbVL7leVcRuJmVbpI=",
+        "narHash": "sha256-BHdc43Lkayd+72W/NXRKHzX5AZ+28F3xaUs3a88/Uew=",
-        "owner": "hyprwm",
+        "owner": "nix-darwin",
-        "repo": "hyprcursor",
+        "repo": "nix-darwin",
-        "rev": "4493a972b48f9c3014befbbf381ed5fff91a65dc",
+        "rev": "c48e963a5558eb1c3827d59d21c5193622a1477c",
        "type": "github"
      },
      "original": {
-        "owner": "hyprwm",
+        "owner": "nix-darwin",
-        "repo": "hyprcursor",
+        "repo": "nix-darwin",
        "type": "github"
      }
    },
-    "hyprland": {
+    "nixos-wsl": {
      "inputs": {
-        "aquamarine": "aquamarine",
+        "flake-compat": "flake-compat",
-        "hyprcursor": "hyprcursor",
+        "nixpkgs": "nixpkgs"
        "hyprlang": "hyprlang",
        "hyprutils": "hyprutils",
        "hyprwayland-scanner": "hyprwayland-scanner",
        "nixpkgs": "nixpkgs",
        "systems": "systems",
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1723058230,
+        "lastModified": 1758785683,
-        "narHash": "sha256-deu8zvgseDg2gQEnZiCda4TrbA6pleE9iItoZlsoMtE=",
+        "narHash": "sha256-mRn51IeEBXeNh5a6xNLylk4PKBX0s/QQxgkEbYoPq/w=",
-        "ref": "refs/heads/main",
+        "owner": "nix-community",
-        "rev": "9a09eac79b85c846e3a865a9078a3f8ff65a9259",
+        "repo": "NixOS-WSL",
-        "revCount": 5069,
+        "rev": "1bfb978f2f6261b6086e04af17f9418e1fe36d70",
        "submodules": true,
        "type": "git",
        "url": "https://github.com/hyprwm/Hyprland"
      },
      "original": {
        "rev": "9a09eac79b85c846e3a865a9078a3f8ff65a9259",
        "submodules": true,
        "type": "git",
        "url": "https://github.com/hyprwm/Hyprland"
      }
    },
    "hyprland-protocols": {
      "inputs": {
        "nixpkgs": [
          "hyprland",
          "xdph",
          "nixpkgs"
        ],
        "systems": [
          "hyprland",
          "xdph",
          "systems"
        ]
      },
      "locked": {
        "lastModified": 1721326555,
        "narHash": "sha256-zCu4R0CSHEactW9JqYki26gy8h9f6rHmSwj4XJmlHgg=",
        "owner": "hyprwm",
        "repo": "hyprland-protocols",
        "rev": "5a11232266bf1a1f5952d5b179c3f4b2facaaa84",
        "type": "github"
      },
      "original": {
-        "owner": "hyprwm",
+        "owner": "nix-community",
-        "repo": "hyprland-protocols",
+        "ref": "main",
-        "type": "github"
+        "repo": "NixOS-WSL",
      }
    },
    "hyprlang": {
      "inputs": {
        "hyprutils": [
          "hyprland",
          "hyprutils"
        ],
        "nixpkgs": [
          "hyprland",
          "nixpkgs"
        ],
        "systems": [
          "hyprland",
          "systems"
        ]
      },
      "locked": {
        "lastModified": 1721324361,
        "narHash": "sha256-BiJKO0IIdnSwHQBSrEJlKlFr753urkLE48wtt0UhNG4=",
        "owner": "hyprwm",
        "repo": "hyprlang",
        "rev": "adbefbf49664a6c2c8bf36b6487fd31e3eb68086",
        "type": "github"
      },
      "original": {
        "owner": "hyprwm",
        "repo": "hyprlang",
        "type": "github"
      }
    },
    "hyprutils": {
      "inputs": {
        "nixpkgs": [
          "hyprland",
          "nixpkgs"
        ],
        "systems": [
          "hyprland",
          "systems"
        ]
      },
      "locked": {
        "lastModified": 1722098849,
        "narHash": "sha256-D3wIZlBNh7LuZ0NaoCpY/Pvu+xHxIVtSN+KkWZYvvVs=",
        "owner": "hyprwm",
        "repo": "hyprutils",
        "rev": "5dcbbc1e3de40b2cecfd2007434d86e924468f1f",
        "type": "github"
      },
      "original": {
        "owner": "hyprwm",
        "repo": "hyprutils",
        "type": "github"
      }
    },
    "hyprwayland-scanner": {
      "inputs": {
        "nixpkgs": [
          "hyprland",
          "nixpkgs"
        ],
        "systems": [
          "hyprland",
          "systems"
        ]
      },
      "locked": {
        "lastModified": 1721324119,
        "narHash": "sha256-SOOqIT27/X792+vsLSeFdrNTF+OSRp5qXv6Te+fb2Qg=",
        "owner": "hyprwm",
        "repo": "hyprwayland-scanner",
        "rev": "a048a6cb015340bd82f97c1f40a4b595ca85cc30",
        "type": "github"
      },
      "original": {
        "owner": "hyprwm",
        "repo": "hyprwayland-scanner",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1722185531,
+        "lastModified": 1758277210,
-        "narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=",
+        "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d",
+        "rev": "8eaee110344796db060382e15d3af0a9fc396e0e",
        "type": "github"
      },
      "original": {
@@ -234,11 +114,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1723637854,
+        "lastModified": 1759036355,
-        "narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=",
+        "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9",
+        "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127",
        "type": "github"
      },
      "original": {
@@ -248,57 +128,38 @@
        "type": "github"
      }
    },
-    "root": {
+    "plasma-manager": {
      "inputs": {
-        "home-manager": "home-manager",
+        "home-manager": [
-        "hyprland": "hyprland",
+          "home-manager"
        "nixpkgs": "nixpkgs_2"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1689347949,
        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
        "owner": "nix-systems",
        "repo": "default-linux",
        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default-linux",
        "type": "github"
      }
    },
    "xdph": {
      "inputs": {
        "hyprland-protocols": "hyprland-protocols",
        "hyprlang": [
          "hyprland",
          "hyprlang"
        ],
        "nixpkgs": [
          "hyprland",
          "nixpkgs"
        ],
        "systems": [
          "hyprland",
          "systems"
        ]
      },
      "locked": {
-        "lastModified": 1722365976,
+        "lastModified": 1759157415,
-        "narHash": "sha256-Khdm+mDzYA//XaU0M+hftod+rKr5q9SSHSEuiQ0/9ow=",
+        "narHash": "sha256-Fg8cOnVoIe0uQ38UpR6XZzRCwDsjjozVwfevW9yCLI0=",
-        "owner": "hyprwm",
+        "owner": "nix-community",
-        "repo": "xdg-desktop-portal-hyprland",
+        "repo": "plasma-manager",
-        "rev": "7f2a77ddf60390248e2a3de2261d7102a13e5341",
+        "rev": "df5b3e6da631f732c26c6044c7cccb8706b4f479",
        "type": "github"
      },
      "original": {
-        "owner": "hyprwm",
+        "owner": "nix-community",
-        "repo": "xdg-desktop-portal-hyprland",
+        "repo": "plasma-manager",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "google-cookie-retrieval": "google-cookie-retrieval",
        "home-manager": "home-manager",
        "nix-darwin": "nix-darwin",
        "nixos-wsl": "nixos-wsl",
        "nixpkgs": "nixpkgs_2",
        "plasma-manager": "plasma-manager"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@@ -2,32 +2,136 @@
  description = "A very basic flake";
  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    nixos-wsl.url = "github:nix-community/NixOS-WSL/main";
    nix-darwin = {
      url = "github:nix-darwin/nix-darwin";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    home-manager.url = "github:nix-community/home-manager";
+    home-manager = {
-    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    hyprland = {
+    plasma-manager = {
-      type = "git";
+      url = "github:nix-community/plasma-manager";
-      url = "https://github.com/hyprwm/Hyprland";
+      inputs.nixpkgs.follows = "nixpkgs";
-      submodules = true;
+      inputs.home-manager.follows = "home-manager";
-      rev = "9a09eac79b85c846e3a865a9078a3f8ff65a9259";
+    };
    google-cookie-retrieval = {
      url = "git+https://git.johnogle.info/johno/google-cookie-retrieval.git";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
-  outputs = { self, nixpkgs, home-manager, ... } @ inputs: {
+  outputs = { self, nixpkgs, nixos-wsl, ... } @ inputs: let
-    nixosConfigurations.z790prors-nix = nixpkgs.lib.nixosSystem {
+    nixosModules = [
      ./roles
    ] ++ [
      inputs.home-manager.nixosModules.home-manager
      {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.sharedModules = [
          inputs.plasma-manager.homeManagerModules.plasma-manager
        ];
        home-manager.extraSpecialArgs = {
          globalInputs = inputs;
        };
      }
    ];
    darwinModules = [
      ./roles/darwin.nix
    ] ++ [
      inputs.home-manager.darwinModules.home-manager
      {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = {
          globalInputs = inputs;
        };
      }
    ];
  in {
    nixosConfigurations.nix-book = nixpkgs.lib.nixosSystem rec {
      system = "x86_64-linux";
-      specialArgs = { inherit inputs; };
+      modules = nixosModules ++ [
-      modules = [ ./machines/z790prors/configuration.nix ];
+        ./machines/nix-book/configuration.nix
        {
          home-manager.users.johno = {
            imports = [ ./home/home-laptop-compact.nix ];
            # Machine-specific overrides
            home.i3_sway.extraSwayConfig = {
              output.eDP-1.scale = "1.75";
            };
          };
          home-manager.extraSpecialArgs = { inherit system; };
        }
      ];
    };
-    nixosConfigurations.nix-book = nixpkgs.lib.nixosSystem {
+    nixosConfigurations.boxy = nixpkgs.lib.nixosSystem rec {
      system = "x86_64-linux";
-      specialArgs = { inherit inputs; };
+      modules = nixosModules ++ [
-      modules = [ 
+        ./machines/boxy/configuration.nix
-        ./machines/nix-book/configuration.nix
+        inputs.home-manager.nixosModules.home-manager
-        home-manager.nixosModules.home-manager
+        {
          home-manager.users.johno = import ./home/home-media-center.nix;
          home-manager.extraSpecialArgs = { inherit system; };
        }
      ];
    };
    nixosConfigurations.wixos = nixpkgs.lib.nixosSystem rec {
      system = "x86_64-linux";
      modules = nixosModules ++ [
        nixos-wsl.nixosModules.default
        ./machines/wixos/configuration.nix
        inputs.home-manager.nixosModules.home-manager
        {
          home-manager.users.johno = import ./home/home-desktop.nix;
          home-manager.extraSpecialArgs = { inherit system; };
        }
      ];
    };
    nixosConfigurations.zix790prors = nixpkgs.lib.nixosSystem rec {
      system = "x86_64-linux";
      modules = nixosModules ++ [
        ./machines/zix790prors/configuration.nix
        inputs.home-manager.nixosModules.home-manager
        {
          home-manager.users.johno = import ./home/home-desktop.nix;
          home-manager.extraSpecialArgs = { inherit system; };
        }
      ];
    };
    # Live USB ISO configuration
    nixosConfigurations.live-usb = nixpkgs.lib.nixosSystem rec {
      system = "x86_64-linux";
      modules = nixosModules ++ [
        ./machines/live-usb/configuration.nix
        {
          home-manager.users.nixos = import ./home/home-live-usb.nix;
          home-manager.extraSpecialArgs = { inherit system; };
        }
      ];
    };
    # Darwin/macOS configurations
    darwinConfigurations."blkfv4yf49kt7" = inputs.nix-darwin.lib.darwinSystem rec {
      system = "aarch64-darwin";
      modules = darwinModules ++ [
        ./machines/johno-macbookpro/configuration.nix
        {
          home-manager.users.johno = import ./home/home-darwin-work.nix;
          home-manager.extraSpecialArgs = { inherit system; };
        }
      ];
    };
  };
--- a/home/home-darwin-work.nix
+++ b/home/home-darwin-work.nix
@@ -0,0 +1,56 @@
 { config, lib, pkgs, globalInputs, system, ... }:
 let
  customPkgs = pkgs.callPackage ../packages {};
 in
 {
  # Provide arguments to role modules
  _module.args = { inherit customPkgs; };
  # Home Manager configuration for Darwin work laptop
  # Corporate-friendly setup with essential development tools
  home.username = lib.mkForce "johno";
  home.homeDirectory = lib.mkForce "/Users/johno";
  home.stateVersion = "24.05";
  # Override Darwin-incompatible settings from base role
  programs.rbw.settings.pinentry = lib.mkForce pkgs.pinentry_mac;
  programs.bash.initExtra = ''
    export NODE_EXTRA_CA_CERTS=/opt/homebrew/etc/ca-certificates/cert.pem
    export COREPACK_NPM_REGISTRY=https://global.block-artifacts.com/artifactory/api/npm/square-npm/
    export COREPACK_INTEGRITY_KEYS=0
    export NVM_DIR="$HOME/.nvm"
    [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
    [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
  '';
  programs.zsh.enable = true;
  programs.zsh.initContent = ''
    export NODE_EXTRA_CA_CERTS=/opt/homebrew/etc/ca-certificates/cert.pem
    export COREPACK_NPM_REGISTRY=https://global.block-artifacts.com/artifactory/api/npm/square-npm/
    export COREPACK_INTEGRITY_KEYS=0
    export NVM_DIR="$HOME/.nvm"
    [ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" # This loads nvm
    [ -s "$NVM_DIR/bash_completion" ] && . "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
  '';
  # Keep SSH and Git disabled to avoid conflicts with work environment
  programs.ssh.enable = lib.mkForce false;
  programs.git.enable = lib.mkForce false;
  programs.rbw.enable = lib.mkForce false;
  home.shell.enableShellIntegration = true;
  home.roles = {
    base.enable = true;
  };
  imports = [
    ./roles
    ./modules/emacs
    ./modules/kubectl
    ./modules/tmux
  ];
 }
--- a/home/home-desktop.nix
+++ b/home/home-desktop.nix
@@ -0,0 +1,38 @@
 { pkgs, globalInputs, system, ... }:
 let
  customPkgs = pkgs.callPackage ../packages {};
 in
 {
  # Provide arguments to role modules
  _module.args = { inherit customPkgs; };
  # Home Manager configuration for full desktop experience
  home.username = "johno";
  home.homeDirectory = "/home/johno";
  home.stateVersion = "24.05";
  # Enable all desktop roles for full-featured experience
  home.roles = {
    base.enable = true;
    desktop.enable = true;
    office.enable = true;
    media.enable = true;
    development.enable = true;
    communication.enable = true;
    sync.enable = true;
    kdeconnect.enable = true;
  };
  targets.genericLinux.enable = true;
  home.sessionVariables = {};
  home.sessionPath = [];
  imports = [
    ./roles
    ./modules/emacs
    ./modules/i3+sway
    ./modules/kubectl
    ./modules/plasma-manager
    ./modules/tmux
  ];
 }
--- a/home/home-laptop-compact.nix
+++ b/home/home-laptop-compact.nix
@@ -0,0 +1,41 @@
 { config, lib, pkgs, globalInputs, system, ... }:
 let
  customPkgs = pkgs.callPackage ../packages {};
 in
 {
  # Provide arguments to role modules
  _module.args = { inherit customPkgs; };
  # Home Manager configuration for compact laptop setups
  # Optimized for space-constrained environments
  home.username = "johno";
  home.homeDirectory = "/home/johno";
  home.stateVersion = "24.05";
  # Enable essential roles only (exclude heavy office/media packages)
  home.roles = {
    base.enable = true;
    desktop.enable = true;
    development.enable = true;
    communication.enable = true;
    kdeconnect.enable = true;
    media.enable = true;
    sync.enable = true;
    # office.enable = false;  # Excluded for storage constraints
  };
  targets.genericLinux.enable = true;
  home.sessionVariables = {};
  home.sessionPath = [];
  imports = [
    ./roles
    ./modules/emacs
    ./modules/i3+sway
    ./modules/kubectl
    ./modules/plasma-manager
    ./modules/tmux
  ];
 }
--- a/home/home-live-usb.nix
+++ b/home/home-live-usb.nix
@@ -0,0 +1,42 @@
 { pkgs, globalInputs, system, ... }:
 let
  customPkgs = pkgs.callPackage ../packages {};
 in
 {
  # Provide arguments to role modules
  _module.args = { inherit customPkgs; };
  # Home Manager configuration for live USB environments
  # Minimal setup without persistent services
  home.username = "nixos";
  home.homeDirectory = "/home/nixos";
  home.stateVersion = "24.05";
  # Enable minimal roles only (no sync or kdeconnect for live environment)
  home.roles = {
    base.enable = true;
    desktop.enable = true;
    # development.enable = false;  # Not needed for live USB
    # communication.enable = false; # Not needed for live USB  
    # office.enable = false;       # Not needed for live USB
    # media.enable = false;        # Not needed for live USB
    # sync.enable = false;         # No persistent sync on live USB
    # kdeconnect.enable = false;   # No device integration on live USB
  };
  targets.genericLinux.enable = true;
  home.sessionVariables = {};
  home.sessionPath = [];
  imports = [
    ./roles
    ./modules/emacs
    ./modules/i3+sway
    ./modules/kubectl
    ./modules/plasma-manager
    ./modules/tmux
  ];
  # Live USB specific overrides can go here if needed
 }
--- a/home/home-media-center.nix
+++ b/home/home-media-center.nix
@@ -0,0 +1,42 @@
 { pkgs, globalInputs, system, ... }:
 let
  customPkgs = pkgs.callPackage ../packages {};
 in
 {
  # Provide arguments to role modules
  _module.args = { inherit customPkgs; };
  # Home Manager configuration for media center setups
  # Optimized for living room media consumption and gaming
  home.username = "johno";
  home.homeDirectory = "/home/johno";
  home.stateVersion = "24.05";
  # Enable media center focused roles
  home.roles = {
    base.enable = true;
    desktop.enable = true;
    media.enable = true;
    communication.enable = true;
    kdeconnect.enable = true;
    development.enable = true;
    # office.enable = false;    # Not needed for media center
    # sync.enable = false;      # Shared machine, no personal file sync
  };
  targets.genericLinux.enable = true;
  home.sessionVariables = {};
  home.sessionPath = [];
  imports = [
    ./roles
    ./modules/emacs
    ./modules/i3+sway
    ./modules/kubectl
    ./modules/plasma-manager
    ./modules/tmux
  ];
  # Media center specific overrides can go here if needed
 }
--- a/home/modules/emacs/default.nix
+++ b/home/modules/emacs/default.nix
@@ -0,0 +1,72 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  doomEmacs = pkgs.fetchFromGitHub {
    owner = "doomemacs";
    repo = "doomemacs";
    rev = "8f55404781edacf66fa330205533b002de3fb5ee";
    sha256 = "sha256-vHwgENjip2+AFzs4oZfnKEAJKwf5Zid7fakImvxxQUw=";
  };
  # Shared emacs packages
  emacsPackages = epkgs: [
    epkgs.vterm
    epkgs.treesit-grammars.with-all-grammars
  ];
  # Default emacs configuration with vterm support
  defaultEmacsPackage = 
    if pkgs.stdenv.isDarwin 
    then pkgs.emacs-macport.pkgs.withPackages emacsPackages
    else pkgs.emacs.pkgs.withPackages emacsPackages;
 in
 {
  config = {
    home.packages = [
      pkgs.emacs-all-the-icons-fonts
      pkgs.fira-code
      pkgs.fontconfig
      pkgs.graphviz
      pkgs.isort
      #pkgs.libvterm # native vterm library
      pkgs.nerd-fonts.fira-code
      pkgs.nerd-fonts.droid-sans-mono
      pkgs.nil # nix lsp language server
      pkgs.nixfmt-rfc-style
      (pkgs.ripgrep.override {withPCRE2 = true;})
      pkgs.pipenv
      pkgs.poetry
      pkgs.python3
    ];
    programs.emacs = {
      enable = true;
      package = defaultEmacsPackage;
    };
    fonts.fontconfig.enable = true;
    # Mount emacs and tree-sitter grammars from nix store
    home.file = {
      "${config.xdg.configHome}/emacs".source = doomEmacs;
    };
    home.sessionPath = [
      "${config.xdg.configHome}/emacs/bin"
    ];
    home.sessionVariables = {
      DOOMDIR = "${config.xdg.configHome}/doom";
      DOOMLOCALDIR = "${config.xdg.dataHome}/doom";
    };
    # TODO: Use mkOutOfStoreSymlink instead?
    home.activation.doomConfig = lib.hm.dag.entryAfter ["writeBoundary"] ''
      # Always remove and recreate the symlink to ensure it points to the source directory
      rm -rf "${config.xdg.configHome}/doom"
      ln -sf "${config.home.homeDirectory}/nixos-configs/home/modules/emacs/doom" "${config.xdg.configHome}/doom"
    '';
  };
 }
--- a/home/modules/emacs/doom/config.el
+++ b/home/modules/emacs/doom/config.el
@@ -0,0 +1,192 @@
 ;;; $DOOMDIR/config.el -*- lexical-binding: t; -*-
 ;; Place your private configuration here! Remember, you do not need to run 'doom
 ;; sync' after modifying this file!
 ;; Some functionality uses this to identify you, e.g. GPG configuration, email
 ;; clients, file templates and snippets. It is optional.
 ;; (setq user-full-name "John Doe"
 ;;       user-mail-address "john@doe.com")
 ;; Doom exposes five (optional) variables for controlling fonts in Doom:
 ;;
 ;; - `doom-font' -- the primary font to use
 ;; - `doom-variable-pitch-font' -- a non-monospace font (where applicable)
 ;; - `doom-big-font' -- used for `doom-big-font-mode'; use this for
 ;;   presentations or streaming.
 ;; - `doom-symbol-font' -- for symbols
 ;; - `doom-serif-font' -- for the `fixed-pitch-serif' face
 ;;
 ;; See 'C-h v doom-font' for documentation and more examples of what they
 ;; accept. For example:
 ;;
 ;;(setq doom-font (font-spec :family "Fira Code" :size 12 :weight 'semi-light)
 ;;      doom-variable-pitch-font (font-spec :family "Fira Sans" :size 13))
 ;;
 ;; If you or Emacs can't find your font, use 'M-x describe-font' to look them
 ;; up, `M-x eval-region' to execute elisp code, and 'M-x doom/reload-font' to
 ;; refresh your font settings. If Emacs still can't find your font, it likely
 ;; wasn't installed correctly. Font issues are rarely Doom issues!
 (setq doom-font (font-spec :family "Fira Code"))
 ;; Auto-install nerd-icons fonts if they're missing
 (defun my/ensure-nerd-icons-fonts ()
  "Check if nerd-icons fonts are installed and install them if missing."
  (when (display-graphic-p)
    (unless (find-font (font-spec :name "Symbols Nerd Font Mono"))
      (when (fboundp 'nerd-icons-install-fonts)
        (nerd-icons-install-fonts t)))))
 (add-hook 'doom-init-ui-hook #'my/ensure-nerd-icons-fonts)
 ;; There are two ways to load a theme. Both assume the theme is installed and
 ;; available. You can either set `doom-theme' or manually load a theme with the
 ;; `load-theme' function. This is the default:
 (setq doom-theme 'doom-tokyo-night)
 ;; This determines the style of line numbers in effect. If set to `nil', line
 ;; numbers are disabled. For relative line numbers, set this to `relative'.
 (setq display-line-numbers-type t)
 ;; If you use `org' and don't want your org files in the default location below,
 ;; change `org-directory'. It must be set before org loads!
 (setq org-directory "~/org/")
 (after! org
  (setq org-agenda-span 'week
        org-agenda-start-with-log-mode t
        my-agenda-dirs '("projects" "roam")
        org-agenda-files (cons org-directory (mapcan (lambda (x) (directory-files-recursively
                                                                  (expand-file-name x org-directory)
                                                                  "\.org$"))
                                                     my-agenda-dirs))
        org-log-done 'time
        org-agenda-custom-commands '(("n" "Agenda"
                                      ((agenda "")
                                       (tags-todo "-someday-recurring")))
                                     ("s" "Someday Items"
                                      ((tags-todo "+someday"))))
        org-todo-keywords '((sequence "TODO(t)" "IN-PROGRESS(p)" "WAIT(w)" "|" "DONE(d)" "KILL(k)"))
        org-journal-file-type 'weekly
        org-journal-file-format "%Y-%m-%d.org"
        org-capture-templates
          '(("t" "Todo" entry (file+headline "~/org/todo.org" "Inbox")
             "* TODO %? \n %i \n%a" :prepend t))))
 (map! :after org-agenda
      :map org-agenda-mode-map
      :localleader
      (:prefix ("v" . "view")
       "d" #'org-agenda-day-view
       "w" #'org-agenda-week-view))
 ;; (use-package! org-caldav
 ;;   :defer t
 ;;   :config
 ;;   (setq org-caldav-url "https://nextcloud.johnogle.info/remote.php/dav/calendars/johno"
 ;;         org-caldav-calendar-id "personal"
 ;;         org-icalendar-timezone "America/Los_Angeles"
 ;;         org-caldav-inbox "~/org/calendar.org"
 ;;         org-caldav-files nil
 ;;         org-caldav-sync-direction 'cal->org))
 (defun my/get-rbw-password (alias)
  "Return the password for ALIAS via rbw, unlocking the vault only if needed."
  (let* ((cmd     (format "rbw get %s 2>&1" alias))
         (output  (shell-command-to-string cmd)))
    (string-trim output)))
 (after! gptel
  :config
  (setq! gptel-api-key (my/get-rbw-password "openai-api-key-chatgpt-el")
         gptel-default-mode 'org-mode
         gptel-use-tools t
         gptel-confirm-tool-calls 'always
         gptel-include-reasoning 'ignore
         gptel-model "qwen3:30b")
  ;; Set default backend to be Ollama-Local
  (setq! gptel-backend
         (gptel-make-ollama "Ollama-Local"
           :host "localhost:11434"
           :stream t
           :models '(deepseek-r1 deepseek-r1-fullctx qwen3:30b qwen3:4b llama3.1 qwen2.5-coder mistral-nemo gpt-oss)))
  ;; Define custom tools
  (gptel-make-tool
   :name "run_shell_command"
   :description "Execute shell commands and return output. Use this to run system commands, check file contents, or perform system operations."
   :function (lambda (command)
               (condition-case err
                   (shell-command-to-string command)
                 (error (format "Error running command: %s" (error-message-string err)))))
   :args (list '(:name "command" :type "string" :description "Shell command to execute")))
  (gptel-make-tool
   :name "read_file"
   :description "Read the contents of a file and return as text"
   :function (lambda (filepath)
               (condition-case err
                   (with-temp-buffer
                     (insert-file-contents (expand-file-name filepath))
                     (buffer-string))
                 (error (format "Error reading file %s: %s" filepath (error-message-string err)))))
   :args (list '(:name "filepath" :type "string" :description "Path to the file to read")))
  (gptel-make-tool
   :name "list_directory"
   :description "List contents of a directory"
   :function (lambda (dirpath)
               (condition-case err
                   (mapconcat 'identity 
                              (directory-files (expand-file-name dirpath) nil "^[^.]")
                              "\n")
                 (error (format "Error listing directory %s: %s" dirpath (error-message-string err)))))
   :args (list '(:name "dirpath" :type "string" :description "Directory path to list"))))
 (use-package! claude-code-ide
  :defer t
  :config
  (claude-code-ide-emacs-tools-setup)
  (map! :leader
        (:prefix ("o" . "open")
         :desc "Claude Code IDE" "c" #'claude-code-ide-menu)))
 (after! gptel
  (require 'gptel-tool-library)
  (setq gptel-tool-library-use-maybe-safe t
        gptel-tool-library-use-unsafe t)
  (dolist (module '("bbdb" "buffer" "elisp" "emacs" "gnus" "os" "search-and-replace" "url"))
    (gptel-tool-library-load-module module)))
 ;; Whenever you reconfigure a package, make sure to wrap your config in an
 ;; `after!' block, otherwise Doom's defaults may override your settings. E.g.
 ;;
 ;;   (after! PACKAGE
 ;;     (setq x y))
 ;;
 ;; The exceptions to this rule:
 ;;
 ;;   - Setting file/directory variables (like `org-directory')
 ;;   - Setting variables which explicitly tell you to set them before their
 ;;     package is loaded (see 'C-h v VARIABLE' to look up their documentation).
 ;;   - Setting doom variables (which start with 'doom-' or '+').
 ;;
 ;; Here are some additional functions/macros that will help you configure Doom.
 ;;
 ;; - `load!' for loading external *.el files relative to this one
 ;; - `use-package!' for configuring packages
 ;; - `after!' for running code after a package has loaded
 ;; - `add-load-path!' for adding directories to the `load-path', relative to
 ;;   this file. Emacs searches the `load-path' when you load packages with
 ;;   `require' or `use-package'.
 ;; - `map!' for binding new keys
 ;;
 ;; To get information about any of these functions/macros, move the cursor over
 ;; the highlighted symbol at press 'K' (non-evil users must press 'C-c c k').
 ;; This will open documentation for it, including demos of how they are used.
 ;; Alternatively, use `C-h o' to look up a symbol (functions, variables, faces,
 ;; etc).
 ;;
 ;; You can also try 'gd' (or 'C-c c d') to jump to their definition and see how
 ;; they are implemented.
--- a/home/modules/emacs/doom/init.el
+++ b/home/modules/emacs/doom/init.el
@@ -0,0 +1,192 @@
 ;;; init.el -*- lexical-binding: t; -*-
 ;; This file controls what Doom modules are enabled and what order they load
 ;; in. Remember to run 'doom sync' after modifying it!
 ;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
 ;;      documentation. There you'll find a link to Doom's Module Index where all
 ;;      of our modules are listed, including what flags they support.
 ;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
 ;;      'C-c c k' for non-vim users) to view its documentation. This works on
 ;;      flags as well (those symbols that start with a plus).
 ;;
 ;;      Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
 ;;      directory (for easy access to its source code).
 (doom! :input
       ;;bidi              ; (tfel ot) thgir etirw uoy gnipleh
       ;;chinese
       ;;japanese
       ;;layout            ; auie,ctsrnm is the superior home row
       :completion
       ;;company           ; the ultimate code completion backend
       (corfu +orderless)  ; complete with cap(f), cape and a flying feather!
       ;;helm              ; the *other* search engine for love and life
       ;;ido               ; the other *other* search engine...
       ;;ivy               ; a search engine for love and life
       vertico           ; the search engine of the future
       :ui
       ;;deft              ; notational velocity for Emacs
       doom              ; what makes DOOM look the way it does
       doom-dashboard    ; a nifty splash screen for Emacs
       ;;doom-quit         ; DOOM quit-message prompts when you quit Emacs
       ;;(emoji +unicode)  ; 🙂
       hl-todo           ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
       ;;indent-guides     ; highlighted indent columns
       ;;ligatures         ; ligatures and symbols to make your code pretty again
       ;;minimap           ; show a map of the code on the side
       modeline          ; snazzy, Atom-inspired modeline, plus API
       ;;nav-flash         ; blink cursor line after big motions
       ;;neotree           ; a project drawer, like NERDTree for vim
       ophints           ; highlight the region an operation acts on
       (popup +defaults)   ; tame sudden yet inevitable temporary windows
       ;;tabs              ; a tab bar for Emacs
       ;;treemacs          ; a project drawer, like neotree but cooler
       unicode           ; extended unicode support for various languages
       (vc-gutter +pretty) ; vcs diff in the fringe
       vi-tilde-fringe   ; fringe tildes to mark beyond EOB
       ;;window-select     ; visually switch windows
       workspaces        ; tab emulation, persistence & separate workspaces
       ;;zen               ; distraction-free coding or writing
       :editor
       (evil +everywhere); come to the dark side, we have cookies
       file-templates    ; auto-snippets for empty files
       fold              ; (nigh) universal code folding
       ;;(format +onsave)  ; automated prettiness
       ;;god               ; run Emacs commands without modifier keys
       ;;lispy             ; vim for lisp, for people who don't like vim
       multiple-cursors  ; editing in many places at once
       ;;objed             ; text object editing for the innocent
       ;;parinfer          ; turn lisp into python, sort of
       ;;rotate-text       ; cycle region at point between text candidates
       snippets          ; my elves. They type so I don't have to
       ;;word-wrap         ; soft wrapping with language-aware indent
       :emacs
       dired             ; making dired pretty [functional]
       electric          ; smarter, keyword-based electric-indent
       ;;ibuffer         ; interactive buffer management
       undo              ; persistent, smarter undo for your inevitable mistakes
       vc                ; version-control and Emacs, sitting in a tree
       :term
       ;;eshell            ; the elisp shell that works everywhere
       ;;shell             ; simple shell REPL for Emacs
       ;;term              ; basic terminal emulator for Emacs
       vterm             ; the best terminal emulation in Emacs
       :checkers
       syntax              ; tasing you for every semicolon you forget
       ;;(spell +flyspell) ; tasing you for misspelling mispelling
       ;;grammar           ; tasing grammar mistake every you make
       :tools
       ansible
       ;;biblio            ; Writes a PhD for you (citation needed)
       ;;collab            ; buffers with friends
       ;;debugger          ; FIXME stepping through code, to help you add bugs
       ;;direnv
       docker
       ;;editorconfig      ; let someone else argue about tabs vs spaces
       ;;ein               ; tame Jupyter notebooks with emacs
       (eval +overlay)     ; run code, run (also, repls)
       llm               ; When I said  you needed friends, I didn't mean...
       lookup              ; navigate your code and its documentation
       lsp               ; M-x vscode
       magit             ; a git porcelain for Emacs
       ;;make              ; run make tasks from Emacs
       ;;pass              ; password manager for nerds
       pdf               ; pdf enhancements
       ;;prodigy           ; FIXME managing external services & code builders
       ;;terraform         ; infrastructure as code
       ;;tmux              ; an API for interacting with tmux
       tree-sitter       ; syntax and parsing, sitting in a tree...
       ;;upload            ; map local to remote projects via ssh/ftp
       :os
       (:if (featurep :system 'macos) macos)  ; improve compatibility with macOS
       tty               ; improve the terminal Emacs experience
       :lang
       ;;agda              ; types of types of types of types...
       ;;beancount         ; mind the GAAP
       ;;(cc +lsp)         ; C > C++ == 1
       ;;clojure           ; java with a lisp
       ;;common-lisp       ; if you've seen one lisp, you've seen them all
       ;;coq               ; proofs-as-programs
       ;;crystal           ; ruby at the speed of c
       ;;csharp            ; unity, .NET, and mono shenanigans
       ;;data              ; config/data formats
       ;;(dart +flutter)   ; paint ui and not much else
       ;;dhall
       ;;elixir            ; erlang done right
       ;;elm               ; care for a cup of TEA?
       emacs-lisp        ; drown in parentheses
       ;;erlang            ; an elegant language for a more civilized age
       ;;ess               ; emacs speaks statistics
       ;;factor
       ;;faust             ; dsp, but you get to keep your soul
       ;;fortran           ; in FORTRAN, GOD is REAL (unless declared INTEGER)
       ;;fsharp            ; ML stands for Microsoft's Language
       ;;fstar             ; (dependent) types and (monadic) effects and Z3
       ;;gdscript          ; the language you waited for
       ;;(go +lsp)         ; the hipster dialect
       ;;(graphql +lsp)    ; Give queries a REST
       ;;(haskell +lsp)    ; a language that's lazier than I am
       ;;hy                ; readability of scheme w/ speed of python
       ;;idris             ; a language you can depend on
       ;;json              ; At least it ain't XML
       ;;(java +lsp)       ; the poster child for carpal tunnel syndrome
       ;;javascript        ; all(hope(abandon(ye(who(enter(here))))))
       ;;julia             ; a better, faster MATLAB
       ;;kotlin            ; a better, slicker Java(Script)
       ;;latex             ; writing papers in Emacs has never been so fun
       ;;lean              ; for folks with too much to prove
       ;;ledger            ; be audit you can be
       ;;lua               ; one-based indices? one-based indices
       markdown          ; writing docs for people to ignore
       ;;nim               ; python + lisp at the speed of c
       (nix +tree-sitter)               ; I hereby declare "nix geht mehr!"
       ;;ocaml             ; an objective camel
       (org +roam2)               ; organize your plain life in plain text
       ;;php               ; perl's insecure younger brother
       ;;plantuml          ; diagrams for confusing people more
       ;;purescript        ; javascript, but functional
       (python +poetry)            ; beautiful is better than ugly
       ;;qt                ; the 'cutest' gui framework ever
       ;;racket            ; a DSL for DSLs
       ;;raku              ; the artist formerly known as perl6
       ;;rest              ; Emacs as a REST client
       ;;rst               ; ReST in peace
       ;;(ruby +rails)     ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
       ;;(rust +lsp)       ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
       ;;scala             ; java, but good
       ;;(scheme +guile)   ; a fully conniving family of lisps
       sh                ; she sells {ba,z,fi}sh shells on the C xor
       ;;sml
       ;;solidity          ; do you need a blockchain? No.
       ;;swift             ; who asked for emoji variables?
       ;;terra             ; Earth and Moon in alignment for performance.
       ;;web               ; the tubes
       ;;yaml              ; JSON, but readable
       ;;zig               ; C, but simpler
       :email
       ;;(mu4e +org +gmail)
       ;;notmuch
       ;;(wanderlust +gmail)
       :app
       ;;calendar
       ;;emms
       ;;everywhere        ; *leave* Emacs!? You must be joking
       ;;irc               ; how neckbeards socialize
       ;;(rss +org)        ; emacs as an RSS reader
       :config
       ;;literate
       (default +bindings +smartparens))
--- a/home/modules/emacs/doom/packages.el
+++ b/home/modules/emacs/doom/packages.el
@@ -0,0 +1,61 @@
 ;; -*- no-byte-compile: t; -*-
 ;;; $DOOMDIR/packages.el
 ;; To install a package with Doom you must declare them here and run 'doom sync'
 ;; on the command line, then restart Emacs for the changes to take effect -- or
 ;; use 'M-x doom/reload'.
 ;; To install SOME-PACKAGE from MELPA, ELPA or emacsmirror:
 ;; (package! some-package)
 ;; To install a package directly from a remote git repo, you must specify a
 ;; `:recipe'. You'll find documentation on what `:recipe' accepts here:
 ;; https://github.com/radian-software/straight.el#the-recipe-format
 ;; (package! another-package
 ;;   :recipe (:host github :repo "username/repo"))
 ;; If the package you are trying to install does not contain a PACKAGENAME.el
 ;; file, or is located in a subdirectory of the repo, you'll need to specify
 ;; `:files' in the `:recipe':
 ;; (package! this-package
 ;;   :recipe (:host github :repo "username/repo"
 ;;            :files ("some-file.el" "src/lisp/*.el")))
 ;; If you'd like to disable a package included with Doom, you can do so here
 ;; with the `:disable' property:
 ;; (package! builtin-package :disable t)
 ;; You can override the recipe of a built in package without having to specify
 ;; all the properties for `:recipe'. These will inherit the rest of its recipe
 ;; from Doom or MELPA/ELPA/Emacsmirror:
 ;; (package! builtin-package :recipe (:nonrecursive t))
 ;; (package! builtin-package-2 :recipe (:repo "myfork/package"))
 ;; Specify a `:branch' to install a package from a particular branch or tag.
 ;; This is required for some packages whose default branch isn't 'master' (which
 ;; our package manager can't deal with; see radian-software/straight.el#279)
 ;; (package! builtin-package :recipe (:branch "develop"))
 ;; Use `:pin' to specify a particular commit to install.
 ;; (package! builtin-package :pin "1a2b3c4d5e")
 ;; Doom's packages are pinned to a specific commit and updated from release to
 ;; release. The `unpin!' macro allows you to unpin single packages...
 ;; (unpin! pinned-package)
 ;; ...or multiple packages
 ;; (unpin! pinned-package another-pinned-package)
 ;; ...Or *all* packages (NOT RECOMMENDED; will likely break things)
 ;; (unpin! t)
 ;; (package! org-caldav)
 (package! gptel :recipe (:nonrecursive t))
 (package! claude-code-ide
  :recipe (:host github :repo "manzaltu/claude-code-ide.el"))
 (package! gptel-tool-library
  :recipe (:host github :repo "aard-fi/gptel-tool-library"
           :files ("*.el")))
--- a/home/modules/i3+sway/default.nix
+++ b/home/modules/i3+sway/default.nix
@@ -0,0 +1,146 @@
 { config, lib, ... }:
 with lib;
 let
  cfg = config.home.i3_sway;
  i3_cfg = config.xsession.windowManager.i3.config;
  shared_config = recursiveUpdate rec {
    modifier = "Mod4";
    terminal = "kitty";
    defaultWorkspace = "workspace number 1";
    keybindings = {
      "${shared_config.modifier}+Return" = "exec ${terminal}";
      "${shared_config.modifier}+Shift+q" = "kill";
      "${shared_config.modifier}+d" = "exec ${i3_cfg.menu}";
      "${shared_config.modifier}+h" = "focus left";
      "${shared_config.modifier}+j" = "focus down";
      "${shared_config.modifier}+k" = "focus up";
      "${shared_config.modifier}+l" = "focus right";
      "${shared_config.modifier}+Shift+h" = "move left";
      "${shared_config.modifier}+Shift+j" = "move down";
      "${shared_config.modifier}+Shift+k" = "move up";
      "${shared_config.modifier}+Shift+l" = "move right";
      "${shared_config.modifier}+Left" = "focus left";
      "${shared_config.modifier}+Down" = "focus down";
      "${shared_config.modifier}+Up" = "focus up";
      "${shared_config.modifier}+Right" = "focus right";
      "${shared_config.modifier}+Shift+Left" = "move left";
      "${shared_config.modifier}+Shift+Down" = "move down";
      "${shared_config.modifier}+Shift+Up" = "move up";
      "${shared_config.modifier}+Shift+Right" = "move right";
      #"${shared_config.modifier}+h" = "split h";
      "${shared_config.modifier}+v" = "split v";
      "${shared_config.modifier}+f" = "fullscreen toggle";
      "${shared_config.modifier}+s" = "layout stacking";
      "${shared_config.modifier}+w" = "layout tabbed";
      "${shared_config.modifier}+e" = "layout toggle split";
      "${shared_config.modifier}+Shift+space" = "floating toggle";
      "${shared_config.modifier}+space" = "focus mode_toggle";
      "${shared_config.modifier}+a" = "focus parent";
      "${shared_config.modifier}+Shift+minus" = "move scratchpad";
      "${shared_config.modifier}+minus" = "scratchpad show";
      "${shared_config.modifier}+1" = "workspace number 1";
      "${shared_config.modifier}+2" = "workspace number 2";
      "${shared_config.modifier}+3" = "workspace number 3";
      "${shared_config.modifier}+4" = "workspace number 4";
      "${shared_config.modifier}+5" = "workspace number 5";
      "${shared_config.modifier}+6" = "workspace number 6";
      "${shared_config.modifier}+7" = "workspace number 7";
      "${shared_config.modifier}+8" = "workspace number 8";
      "${shared_config.modifier}+9" = "workspace number 9";
      "${shared_config.modifier}+0" = "workspace number 10";
      "${shared_config.modifier}+Shift+1" =
        "move container to workspace number 1";
      "${shared_config.modifier}+Shift+2" =
        "move container to workspace number 2";
      "${shared_config.modifier}+Shift+3" =
        "move container to workspace number 3";
      "${shared_config.modifier}+Shift+4" =
        "move container to workspace number 4";
      "${shared_config.modifier}+Shift+5" =
        "move container to workspace number 5";
      "${shared_config.modifier}+Shift+6" =
        "move container to workspace number 6";
      "${shared_config.modifier}+Shift+7" =
        "move container to workspace number 7";
      "${shared_config.modifier}+Shift+8" =
        "move container to workspace number 8";
      "${shared_config.modifier}+Shift+9" =
        "move container to workspace number 9";
      "${shared_config.modifier}+Shift+0" =
        "move container to workspace number 10";
      "${shared_config.modifier}+Shift+c" = "reload";
      "${shared_config.modifier}+Shift+r" = "restart";
      "${shared_config.modifier}+r" = "mode resize";
      "XF86MonBrightnessUp" = "exec brightnessctl s +5%";
      "XF86MonBrightnessDown" = "exec brightnessctl s 5%-";
    };
  } cfg.extraSharedConfig;
 in {
  options.home.i3_sway = {
    extraSharedConfig = mkOption {
      default = {};
    };
    extraI3Config = mkOption {
      default = {};
    };
    extraSwayConfig = mkOption {
      default = {};
    };
  };
  config = {
    xsession.windowManager.i3 = let
      base_i3_config = recursiveUpdate shared_config {
        keybindings = {
          "${shared_config.modifier}+Shift+e" =
            "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
        };
      };
    in {
      enable = true;
      config = recursiveUpdate base_i3_config cfg.extraI3Config;
    };
    wayland.windowManager.sway = let
      base_sway_config = recursiveUpdate shared_config {
        keybindings = {
          "${shared_config.modifier}+Shift+e" =
            "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
        };
        input = {
          "type:keyboard" = {
            xkb_options = "caps:escape";
          };
          "type:touchpad" = {
            tap = "enabled";
            tap_button_map = "lrm";
            drag = "enabled";
            natural_scroll = "disabled";
            dwt = "enabled";
          };
        };
      };
    in {
      enable = true;
      config = recursiveUpdate base_sway_config cfg.extraSwayConfig;
    };
  };
 }
--- a/home/modules/kubectl/default.nix
+++ b/home/modules/kubectl/default.nix
@@ -0,0 +1,249 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.programs.kubectl-secure;
 in
 {
  options.programs.kubectl-secure = {
    enable = mkEnableOption "secure kubectl configuration with Bitwarden integration";
  };
  config = mkIf cfg.enable {
    home.packages = with pkgs; [
      kubectl
      kubernetes-helm
    ];
    programs.k9s.enable = true;
    programs.bash.initExtra = mkAfter ''
      # Kubectl secure session management
      export KUBECTL_SESSION_DIR="/dev/shm/kubectl-$$"
      kube-select() {
        if [[ $# -ne 1 ]]; then
          echo "Usage: kube-select <context-name>"
          echo "Available contexts: $(kube-list)"
          return 1
        fi
        local context="$1"
        # Clean up any existing session first
        kube-clear 2>/dev/null
        # Create new session directory
        mkdir -p "$KUBECTL_SESSION_DIR"
        chmod 700 "$KUBECTL_SESSION_DIR"
        # Set cleanup trap for this shell session
        trap "rm -rf '$KUBECTL_SESSION_DIR' 2>/dev/null" EXIT
        # Set KUBECONFIG for this session
        export KUBECONFIG="$KUBECTL_SESSION_DIR/config"
        # Load config from Bitwarden secure notes
        if ! rbw get "kubectl-$context" > "$KUBECONFIG" 2>/dev/null; then
          echo "Error: Could not retrieve kubectl-$context from Bitwarden"
          echo "Make sure the entry exists with name: kubectl-$context"
          kube-clear
          return 1
        fi
        # Verify the kubeconfig is valid
        if ! kubectl config view >/dev/null 2>&1; then
          echo "Error: Invalid kubeconfig retrieved from Bitwarden"
          kube-clear
          return 1
        fi
        echo "✓ Loaded kubectl context: $context (session: $$)"
        echo "  Config location: $KUBECONFIG"
      }
      kube-list() {
        echo "Available kubectl contexts in Bitwarden:"
        rbw search kubectl- 2>/dev/null | grep "^kubectl-" | sed 's/^kubectl-/  - /' || echo "  (none found or rbw not accessible)"
      }
      kube-clear() {
        if [[ -n "$KUBECTL_TIMEOUT_PID" ]]; then
          kill "$KUBECTL_TIMEOUT_PID" 2>/dev/null
          unset KUBECTL_TIMEOUT_PID
        fi
        if [[ -d "$KUBECTL_SESSION_DIR" ]]; then
          rm -rf "$KUBECTL_SESSION_DIR"
          echo "Cleared kubectl session ($$)"
        fi
        unset KUBECONFIG
      }
      kube-status() {
        if [[ -f "$KUBECONFIG" ]]; then
          local current_context
          current_context=$(kubectl config current-context 2>/dev/null)
          if [[ -n "$current_context" ]]; then
            echo "Active kubectl context: $current_context"
            echo "Session: $$ | Config: $KUBECONFIG"
            # Show cluster info
            local cluster_server
            cluster_server=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}' 2>/dev/null)
            if [[ -n "$cluster_server" ]]; then
              echo "Cluster: $cluster_server"
            fi
          else
            echo "No active context in current session"
          fi
        else
          echo "No kubectl session active in this shell"
          echo "Use 'kube-select <context>' to start a session"
        fi
      }
      # Helper function to show available commands
      kube-help() {
        echo "Secure kubectl session management commands:"
        echo ""
        echo "Session management:"
        echo "  kube-select <context>     - Load kubeconfig from Bitwarden"
        echo "  kube-status              - Show current session status"
        echo "  kube-clear               - Clear current session"
        echo ""
        echo "Configuration management:"
        echo "  kube-list                - List available contexts in Bitwarden"
        echo ""
        echo "Help:"
        echo "  kube-help                - Show this help"
        echo ""
        echo "Examples:"
        echo "  kube-select prod                     # Loads from secure note"
        echo "  kubectl get pods"
        echo "  kube-clear"
        echo ""
        echo "Note: Kubeconfigs are stored as secure notes in Bitwarden"
      }
    '';
    programs.zsh.initExtra = mkAfter ''
      # Kubectl secure session management (zsh)
      export KUBECTL_SESSION_DIR="/dev/shm/kubectl-$$"
      kube-select() {
        if [[ $# -ne 1 ]]; then
          echo "Usage: kube-select <context-name>"
          echo "Available contexts: $(kube-list)"
          return 1
        fi
        local context="$1"
        # Clean up any existing session first
        kube-clear 2>/dev/null
        # Create new session directory
        mkdir -p "$KUBECTL_SESSION_DIR"
        chmod 700 "$KUBECTL_SESSION_DIR"
        # Set cleanup trap for this shell session
        trap "rm -rf '$KUBECTL_SESSION_DIR' 2>/dev/null" EXIT
        # Set KUBECONFIG for this session
        export KUBECONFIG="$KUBECTL_SESSION_DIR/config"
        # Load config from Bitwarden secure notes
        if ! rbw get "kubectl-$context" > "$KUBECONFIG" 2>/dev/null; then
          echo "Error: Could not retrieve kubectl-$context from Bitwarden"
          echo "Make sure the entry exists with name: kubectl-$context"
          kube-clear
          return 1
        fi
        # Verify the kubeconfig is valid
        if ! kubectl config view >/dev/null 2>&1; then
          echo "Error: Invalid kubeconfig retrieved from Bitwarden"
          kube-clear
          return 1
        fi
        echo "✓ Loaded kubectl context: $context (session: $$)"
        echo "  Config location: $KUBECONFIG"
        # Optional: Set timeout cleanup
        if [[ ${toString cfg.sessionTimeout} -gt 0 ]]; then
          (sleep ${toString cfg.sessionTimeout}; kube-clear 2>/dev/null) &
          export KUBECTL_TIMEOUT_PID=$!
        fi
      }
      kube-list() {
        echo "Available kubectl contexts in Bitwarden:"
        rbw search kubectl- 2>/dev/null | grep "^kubectl-" | sed 's/^kubectl-/  - /' || echo "  (none found or rbw not accessible)"
      }
      kube-clear() {
        if [[ -n "$KUBECTL_TIMEOUT_PID" ]]; then
          kill "$KUBECTL_TIMEOUT_PID" 2>/dev/null
          unset KUBECTL_TIMEOUT_PID
        fi
        if [[ -d "$KUBECTL_SESSION_DIR" ]]; then
          rm -rf "$KUBECTL_SESSION_DIR"
          echo "Cleared kubectl session ($$)"
        fi
        unset KUBECONFIG
      }
      kube-status() {
        if [[ -f "$KUBECONFIG" ]]; then
          local current_context
          current_context=$(kubectl config current-context 2>/dev/null)
          if [[ -n "$current_context" ]]; then
            echo "Active kubectl context: $current_context"
            echo "Session: $$ | Config: $KUBECONFIG"
            # Show cluster info
            local cluster_server
            cluster_server=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}' 2>/dev/null)
            if [[ -n "$cluster_server" ]]; then
              echo "Cluster: $cluster_server"
            fi
          else
            echo "No active context in current session"
          fi
        else
          echo "No kubectl session active in this shell"
          echo "Use 'kube-select <context>' to start a session"
        fi
      }
      # Helper function to show available commands
      kube-help() {
        echo "Secure kubectl session management commands:"
        echo ""
        echo "Session management:"
        echo "  kube-select <context>     - Load kubeconfig from Bitwarden"
        echo "  kube-status              - Show current session status"
        echo "  kube-clear               - Clear current session"
        echo ""
        echo "Configuration management:"
        echo "  kube-list                - List available contexts in Bitwarden"
        echo ""
        echo "Help:"
        echo "  kube-help                - Show this help"
        echo ""
        echo "Examples:"
        echo "  kube-select prod                     # Loads from secure note"
        echo "  kubectl get pods"
        echo "  kube-clear"
        echo ""
        echo "Note: Kubeconfigs are stored as secure notes in Bitwarden"
      }
    '';
  };
 }
--- a/home/modules/plasma-manager/default.nix
+++ b/home/modules/plasma-manager/default.nix
@@ -0,0 +1,172 @@
 { config, lib, pkgs, ... }:
 # The current KDE config can be output with the command:
 # nix run github:nix-community/plasma-manager
 #
 # Plasma-manager options documentation
 # https://nix-community.github.io/plasma-manager/options.xhtml
 #
 # TODO: (ambitious) Add Kmail support to plasma-manager
 {
  programs.plasma = {
    enable = true;
    overrideConfig = true;
    hotkeys.commands."launch-konsole" = {
      name = "Launch Konsole";
      key = "Meta+Return";
      command = "konsole";
    };
    shortcuts = {
      kmix = {
        "decrease_microphone_volume" = "Microphone Volume Down";
        "decrease_volume" = "Volume Down";
        "decrease_volume_small" = "Shift+Volume Down";
        "increase_microphone_volume" = "Microphone Volume Up";
        "increase_volume" = "Volume Up";
        "increase_volume_small" = "Shift+Volume Up";
        "mic_mute" = ["Microphone Mute" "Meta+Volume Mute,Microphone Mute" "Meta+Volume Mute,Mute Microphone"];
        "mute" = "Volume Mute";
      };
      mediacontrol = {
        "mediavolumedown" = "none,,Media volume down";
        "mediavolumeup" = "none,,Media volume up";
        "nextmedia" = "Media Next";
        "pausemedia" = "Media Pause";
        "playmedia" = "none,,Play media playback";
        "playpausemedia" = "Media Play";
        "previousmedia" = "Media Previous";
        "stopmedia" = "Media Stop";
      };
      ksmserver = {
        "Lock Session" = ["Meta+Ctrl+Q" "Screensaver" "Screensaver,Lock Session"];
      };
      kwin = {
        "Window Close" = "Meta+Shift+Q";
        "Kill Window" = "Meta+Ctrl+Esc";
        "Window Operations Menu" = "Alt+F3";
        "Window Resize" = "Meta+R,,Resize Window";
        "Overview" = "Meta+Ctrl+W";
        "Grid View" = "Meta+G";
        "Edit Tiles" = "Meta+T";
        "Activate Window Demanding Attention" = "Meta+Ctrl+A";
        "Show Desktop" = "Meta+Ctrl+D";
        "Walk Through Windows" = "Alt+Tab";
        "Walk Through Windows (Reverse)" = "Alt+Shift+Tab";
        "Walk Through Windows of Current Application" = "Alt+`";
        "Walk Through Windows of Current Application (Reverse)" = "Alt+~";
        "Window Quick Tile Bottom" = "Meta+Down";
        "Window Quick Tile Left" = "Meta+Left";
        "Window Quick Tile Right" = "Meta+Right";
        "Window Quick Tile Top" = "Meta+Up";
        "Switch to Desktop 1" = "Meta+1";
        "Switch to Desktop 2" = "Meta+2";
        "Switch to Desktop 3" = "Meta+3";
        "Switch to Desktop 4" = "Meta+4";
        "Switch to Desktop 5" = "Meta+5";
        "Switch to Desktop 6" = "Meta+6";
        "Switch to Desktop 7" = "Meta+7";
        "Switch to Desktop 8" = "Meta+8";
        "Switch to Desktop 9" = "Meta+9";
        "Switch to Desktop 10" = "Meta+0";
        "Window to Desktop 1" = "Meta+!";    # Meta+Shift+1
        "Window to Desktop 2" = "Meta+@";    # Meta+Shift+2
        "Window to Desktop 3" = "Meta+#";    # Meta+Shift+3
        "Window to Desktop 4" = "Meta+$";    # Meta+Shift+4
        "Window to Desktop 5" = "Meta+%";    # Meta+Shift+5
        "Window to Desktop 6" = "Meta+^";    # Meta+Shift+6
        "Window to Desktop 7" = "Meta+&";    # Meta+Shift+7
        "Window to Desktop 8" = "Meta+*";    # Meta+Shift+8
        "Window to Desktop 9" = "Meta+(";    # Meta+Shift+9
        "Window to Desktop 10" = "Meta+)";   # Meta+Shift+0
        "view_actual_size" = "Meta+Ctrl+=";
        "view_zoom_in" = ["Meta++" "Meta+=,Meta++" "Meta+=,Zoom In"];
        "view_zoom_out" = "Meta+-";
      };
      "org_kde_powerdevil"."Decrease Keyboard Brightness" = "Keyboard Brightness Down";
      "org_kde_powerdevil"."Decrease Screen Brightness" = "Monitor Brightness Down";
      "org_kde_powerdevil"."Decrease Screen Brightness Small" = "Shift+Monitor Brightness Down";
      "org_kde_powerdevil"."Hibernate" = "Hibernate";
      "org_kde_powerdevil"."Increase Keyboard Brightness" = "Keyboard Brightness Up";
      "org_kde_powerdevil"."Increase Screen Brightness" = "Monitor Brightness Up";
      "org_kde_powerdevil"."Increase Screen Brightness Small" = "Shift+Monitor Brightness Up";
      "org_kde_powerdevil"."PowerDown" = "Power Down";
      "org_kde_powerdevil"."PowerOff" = "Power Off";
      "org_kde_powerdevil"."Sleep" = "Sleep";
      "org_kde_powerdevil"."Toggle Keyboard Backlight" = "Keyboard Light On/Off";
      "org_kde_powerdevil"."Turn Off Screen" = [ ];
      "org_kde_powerdevil"."powerProfile" = ["Battery" "Meta+B,Battery" "Meta+B,Switch Power Profile"];
      plasmashell = {
        "activate application launcher" = ["Meta" "Alt+F1,Meta" "Alt+F1,Activate Application Launcher"];
        "activate task manager entry 1" = "none,,";
        "activate task manager entry 2" = "none,,";
        "activate task manager entry 3" = "none,,";
        "activate task manager entry 4" = "none,,";
        "activate task manager entry 5" = "none,,";
        "activate task manager entry 6" = "none,,";
        "activate task manager entry 7" = "none,,";
        "activate task manager entry 8" = "none,,";
        "activate task manager entry 9" = "none,,";
        "activate task manager entry 10" = "none,,";
        "show activity switcher" = "none,,";
      };
    };
    configFile = {
      kwinrc.Desktops.Number = {
        value = 10;
        immutable = true;
      };
      # Enable KWin tiling features
      kwinrc.Tiling = {
        # Enable tiling functionality  
        "padding" = 4;
      };
      # Enable krohnkite plugin automatically
      kwinrc.Plugins = {
        krohnkiteEnabled = true;
      };
      kwinrc.Effect-overview = {
        # Configure overview effect for better tiling workflow
        BorderActivate = 9;  # Top-left corner activation
      };
      kcminputrc.Libinput = {
        AccelerationProfile = "adaptive";
        PointerAcceleration = 0.5;
      };
      kcminputrc.Mouse = {
        X11LibInputXAccelProfileFlat = false;
        XLbInptAccelProfileFlat = false;
      };
      kdeglobals.KDE.LookAndFeelPackage = "org.kde.breezedark.desktop";
      # Focus follows mouse configuration
      kwinrc.Windows = {
        FocusPolicy = "FocusFollowsMouse";
        AutoRaise = true;  # Set to true if you want windows to auto-raise on focus
        AutoRaiseInterval = 750;  # Delay in ms before auto-raise (if enabled)
        DelayFocusInterval = 0;  # Delay in ms before focus follows mouse
      };
    };
  };
 }
--- a/home/modules/tmux/default.nix
+++ b/home/modules/tmux/default.nix
@@ -0,0 +1,52 @@
 { config, lib, pkgs, ... }:
 let
  tokyo-night = pkgs.tmuxPlugins.mkTmuxPlugin {
    pluginName = "tokyo-night";
    rtpFilePath = "tokyo-night.tmux";
    version = "1.6.1";
    src = pkgs.fetchFromGitHub {
      owner = "janoamaral";
      repo = "tokyo-night-tmux";
      rev = "d610ced20d5f602a7995854931440e4a1e0ab780";
      sha256 = "sha256-17vEgkL7C51p/l5gpT9dkOy0bY9n8l0/LV51mR1k+V8=";
    };
  };
 in
 {
  programs.tmux.enable = true;
  programs.tmux.terminal = "tmux-direct";
  programs.tmux.keyMode = "vi";
  programs.tmux.escapeTime = 0;
  programs.tmux.mouse = true;
  programs.tmux.newSession = true;
  programs.tmux.historyLimit = 50000;
  programs.tmux.clock24 = true;
  programs.tmux.baseIndex = 1;
  programs.tmux.prefix = "M-\\\\";
  programs.tmux.plugins = with pkgs; [
    tmuxPlugins.cpu
    tmuxPlugins.battery
    tmuxPlugins.better-mouse-mode
    tmuxPlugins.net-speed
    tmuxPlugins.online-status
    tmuxPlugins.pain-control
    tmuxPlugins.tilish
    tmuxPlugins.yank
    {
      plugin = tmuxPlugins.resurrect;
      extraConfig = "set -g @resurrect-strategy-nvim 'session'";
    }
    {
      plugin = tmuxPlugins.continuum;
      extraConfig = ''
        set -g @continuum-restore 'on'
        set -g @continuum-save-interval '15' # minutes
      '';
    }
    tokyo-night
  ];
 }
--- a/home/roles/base/default.nix
+++ b/home/roles/base/default.nix
@@ -0,0 +1,81 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.home.roles.base;
 in
 {
  options.home.roles.base = {
    enable = mkEnableOption "Enable base CLI tools and essential programs";
  };
  config = mkIf cfg.enable {
    home.packages = with pkgs; [
      fd
      glances
      gzip
      htop
      killall
      less
      ncdu
      shellcheck
      tmux
      tree
    ];
    # Essential programs everyone needs
    programs.bash = {
      enable = true;
      initExtra = ''
        codex() {
          local key
          key="$(rbw get openai-api-key-codex)"
          OPENAI_API_KEY="$key" command codex "$@"
        }
      '';
    };
    programs.home-manager.enable = true;
    programs.command-not-found.enable = true;
    programs.git = {
      enable = true;
      userName = "John Ogle";
      userEmail = "john@ogle.fyi";
      extraConfig = {
        safe.directory = "/etc/nixos";
      };
    };
    programs.jq.enable = true;
    programs.neovim = {
      enable = true;
      viAlias = true;
      vimAlias = true;
    };
    programs.ssh = {
      enable = true;
      matchBlocks = {
        "nucdeb1" = {
          hostname = "nucdeb1.oglehome";
          user = "root";
          addKeysToAgent = "yes";
        };
      };
    };
    programs.rbw = {
      enable = true;
      settings = {
        email = "john@johnogle.info";
        base_url = "https://bitwarden.johnogle.info";
        pinentry = pkgs.pinentry-qt;
      };
    };
    # Note: modules must be imported at top-level home config
  };
 }
--- a/home/roles/communication/default.nix
+++ b/home/roles/communication/default.nix
@@ -0,0 +1,24 @@
 { config, lib, pkgs, globalInputs, system, ... }:
 with lib;
 let
  cfg = config.home.roles.communication;
 in
 {
  options.home.roles.communication = {
    enable = mkEnableOption "Enable communication and messaging applications";
  };
  config = mkIf cfg.enable {
    home.packages = [
      # Communication apps
      pkgs.element-desktop
      pkgs.fluffychat
      pkgs.nextcloud-talk-desktop
      # For logging back into google chat
      globalInputs.google-cookie-retrieval.packages.${system}.default
    ];
  };
 }
--- a/home/roles/default.nix
+++ b/home/roles/default.nix
@@ -0,0 +1,13 @@
 {
  imports = [
    ./base
    ./communication
    ./desktop
    ./development
    ./gaming
    ./kdeconnect
    ./media
    ./office
    ./sync
  ];
 }
--- a/home/roles/desktop/default.nix
+++ b/home/roles/desktop/default.nix
@@ -0,0 +1,77 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.home.roles.desktop;
 in
 {
  options.home.roles.desktop = {
    enable = mkEnableOption "Enable desktop GUI applications and utilities";
  };
  config = mkIf cfg.enable {
    home.packages = with pkgs; [
      # Desktop applications
      bitwarden
      dunst
      keepassxc
      kitty
      # Desktop utilities
      solaar # Logitech management software
      waybar
      wofi
      # System utilities with GUI components
      (snapcast.override { pulseaudioSupport = true; })
      # KDE tiling window management
      kdePackages.krohnkite  # Dynamic tiling extension for KWin 6
      # KDE PIM applications for email, calendar, and contacts
      kdePackages.kmail
      kdePackages.kmail-account-wizard
      kdePackages.kmailtransport
      kdePackages.korganizer
      kdePackages.kaddressbook
      kdePackages.kontact
      # KDE Online Accounts support
      kdePackages.kaccounts-integration
      kdePackages.kaccounts-providers
      kdePackages.signond
      # KDE Mapping
      kdePackages.marble  # Virtual globe and world atlas
      # KDE Productivity
      kdePackages.kate        # Advanced text editor with syntax highlighting
      kdePackages.okular      # Universal document viewer (PDF, ePub, etc.)
      kdePackages.spectacle   # Screenshot capture utility
      kdePackages.filelight   # Visual disk usage analyzer
      # KDE Multimedia
      kdePackages.gwenview    # Image viewer and basic editor
      kdePackages.elisa       # Music player
      # KDE System Utilities  
      kdePackages.ark         # Archive manager (zip, tar, 7z, etc.)
      kdePackages.yakuake     # Drop-down terminal emulator
    ];
    programs.firefox = {
      enable = true;
    };
    programs.spotify-player.enable = true;
    services.gnome-keyring = {
      enable = true;
    };
    xdg.enable = true;
    # Note: modules must be imported at top-level home config
  };
 }
--- a/home/roles/development/default.nix
+++ b/home/roles/development/default.nix
@@ -0,0 +1,27 @@
 { config, lib, pkgs, customPkgs, globalInputs, system, ... }:
 with lib;
 let
  cfg = config.home.roles.development;
 in
 {
  options.home.roles.development = {
    enable = mkEnableOption "Enable development tools and utilities";
  };
  config = mkIf cfg.enable {
    home.packages = [
      pkgs.claude-code
      pkgs.codex
      pkgs.goose-cli
      # Custom packages
      customPkgs.tea-rbw
    ];
    programs.kubectl-secure.enable = true;
    # Note: modules must be imported at top-level home config
  };
 }
--- a/home/roles/gaming/default.nix
+++ b/home/roles/gaming/default.nix
@@ -0,0 +1,20 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.home.roles.gaming;
 in
 {
  options.home.roles.gaming = {
    enable = mkEnableOption "Enable gaming applications and tools";
  };
  config = mkIf cfg.enable {
    home.packages = with pkgs; [
      # Gaming applications would go here
      # This role is created for future expansion
      # moonlight-qt is currently in media role but could be moved here
    ];
  };
 }
--- a/home/roles/kdeconnect/default.nix
+++ b/home/roles/kdeconnect/default.nix
@@ -0,0 +1,20 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.home.roles.kdeconnect;
 in
 {
  options.home.roles.kdeconnect = {
    enable = mkEnableOption "Enable KDE Connect for device integration";
  };
  config = mkIf cfg.enable {
    services.kdeconnect = {
      enable = true;
      indicator = true;
      package = pkgs.kdePackages.kdeconnect-kde;
    };
  };
 }
--- a/home/roles/media/default.nix
+++ b/home/roles/media/default.nix
@@ -0,0 +1,23 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.home.roles.media;
 in
 {
  options.home.roles.media = {
    enable = mkEnableOption "Enable media and multimedia applications";
  };
  config = mkIf cfg.enable {
    home.packages = with pkgs; [
      # Media players and streaming
      # Using delfin instead of jellyfin-media-player to avoid qtwebengine security issues
      # For full Jellyfin features, use web interface at http://jellyfin-server:8096
      delfin
      moonlight-qt
      vlc
    ];
  };
 }
--- a/home/roles/office/default.nix
+++ b/home/roles/office/default.nix
@@ -0,0 +1,22 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.home.roles.office;
 in
 {
  options.home.roles.office = {
    enable = mkEnableOption "Enable office applications and document processing tools";
  };
  config = mkIf cfg.enable {
    home.packages = with pkgs; [
      # Office suite
      libreoffice
      # CAD/Design tools
      openscad-unstable
    ];
  };
 }
--- a/home/roles/sync/default.nix
+++ b/home/roles/sync/default.nix
@@ -0,0 +1,22 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.home.roles.sync;
 in
 {
  options.home.roles.sync = {
    enable = mkEnableOption "Enable file synchronization services";
  };
  config = mkIf cfg.enable {
    home.packages = with pkgs; [
      syncthingtray
    ];
    services.syncthing = {
      enable = true;
    };
  };
 }
--- a/machines/boxy/configuration.nix
+++ b/machines/boxy/configuration.nix
@@ -0,0 +1,69 @@
 # Edit this configuration file to define what should be installed on
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 { lib, pkgs, ... }:
 with lib;
 {
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];
  roles = {
    audio.enable = true;
    bluetooth.enable = true;
    desktop = {
      enable = true;
      gaming.enable = true;
      kde = true;
      sddm = true;
      wayland = true;
    };
    kodi = {
      enable = true;
      autologin = false;
      wayland = true;
    };
    users.enable = true;
  };
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  networking.hostName = "boxy"; # Define your hostname.
  services.xserver.videoDrivers = [ "amdgpu" ];
  hardware.graphics.enable = true;
  hardware.graphics.enable32Bit = true;
  hardware.graphics.extraPackages = with pkgs; [
    amdvlk
  ];
  hardware.graphics.extraPackages32 = with pkgs; [
    driversi686Linux.amdvlk
  ];
  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
  # Most users should NEVER change this value after the initial install, for any reason,
  # even if you've upgraded your system to a new NixOS release.
  #
  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
  # to actually do that.
  #
  # This value being lower than the current NixOS release does NOT mean your system is
  # out of date, out of support, or vulnerable.
  #
  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
  # and migrated your data accordingly.
  #
  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "24.05"; # Did you read the comment?
 }
--- a/machines/boxy/hardware-configuration.nix
+++ b/machines/boxy/hardware-configuration.nix
@@ -0,0 +1,39 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ "amdgpu" ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/5b0e8428-c9ef-41f9-8beb-a8ccb65ab573";
      fsType = "ext4";
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/59A7-C2A3";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/machines/johno-macbookpro/configuration.nix
+++ b/machines/johno-macbookpro/configuration.nix
@@ -0,0 +1,23 @@
 { config, lib, pkgs, ... }:
 {
  # Basic system configuration for macOS work laptop
  system.stateVersion = 6;
  # Set primary user for nix-darwin
  system.primaryUser = "johno";
  # System preferences (can be expanded later)
  system.defaults = {
    dock.autohide = true;
    finder.AppleShowAllExtensions = true;
    NSGlobalDomain.AppleShowAllExtensions = true;
  };
  # TODO: Find a way to not duplicate this
  launchd.user.envVariables = {
    # DOOM Emacs environment variables
    DOOMDIR = "/Users/johno/.config/doom";
    DOOMLOCALDIR = "/Users/johno/.local/doom";
  };
 }
--- a/machines/live-usb/configuration.nix
+++ b/machines/live-usb/configuration.nix
@@ -0,0 +1,89 @@
 # Live USB ISO configuration for recovery and installation
 { pkgs, modulesPath, ... }:
 {
  imports = [
    # Use minimal installation CD as base
    (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
  ];
  # Use roles structure for consistent configuration
  roles = {
    audio.enable = true;
    bluetooth.enable = true;
    desktop = {
      enable = true;
      kde = true;
      x11 = true;
      wayland = true;
      sddm = true;
    };
  };
  # Allow unfree packages for broader hardware support
  nixpkgs.config.allowUnfree = true;
  # Essential packages for system recovery and installation
  environment.systemPackages = with pkgs; [
    # Text editors
    neovim
    nano
    # System tools
    git
    curl
    wget
    htop
    tree
    lsof
    strace
    # Filesystem tools
    btrfs-progs
    e2fsprogs
    xfsprogs
    ntfs3g
    dosfstools
    # Network tools
    networkmanager
    wirelesstools
    # Hardware tools
    pciutils
    usbutils
    smartmontools
    # Archive tools
    unzip
    p7zip
    # Development tools (for quick fixes)
    gcc
    binutils
  ];
  # Enable NetworkManager for easy wifi setup
  networking.networkmanager.enable = true;
  # Enable SSH daemon for remote access
  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "yes";
      PasswordAuthentication = true;
    };
  };
  # ISO customization
  isoImage = {
    volumeID = "NIXOS-LIVE";
  };
  # Enable some useful services
  services.udisks2.enable = true; # For mounting USB drives
  # Hardware support
  hardware.enableAllFirmware = true;
  hardware.enableRedistributableFirmware = true;
 }
--- a/machines/nix-book/configuration.nix
+++ b/machines/nix-book/configuration.nix
@@ -2,43 +2,31 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
-{ config, pkgs, inputs, ... }:
+{ pkgs, ... }:
 {
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];
-  nix = {
+  roles = {
-    package = pkgs.nixFlakes;
+    audio.enable = true;
-
+    bluetooth.enable = true;
-    distributedBuilds = true;
+    desktop = {
-    buildMachines = [{
+      enable = true;
-      hostName = "z790prors.oglehome";
+      wayland = true;
-      system = "x86_64-linux";
+      gaming.enable = false;
-      protocol = "ssh-ng";
+      kde = true;
-      sshUser = "johno";
+      sddm = true;
      sshKey = "/nix/id_ed25519";
      maxJobs = 3;
      speedFactor = 2;
    }];
    settings = {
      experimental-features = [ "nix-command" "flakes" ];
      substituters = [ 
        "https://hyprland.cachix.org"
        "ssh://johno@z790prors.oglehome"
      ];
      builders-use-substitutes = true;
      trusted-public-keys = [
        "arch-store:lBSsckiRVH+A2ZyZWIzPwpSFstAGXcf/d7H1lSmiFo8="
 	"z790prors:2zFp1rh6cS+2aAHwmcKKkkg13LV+x2YVuAh7TCWSckw="
 	"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
      ];
    };
    nfs-mounts.enable = true;
    printing.enable = true;
    spotifyd.enable = true;
    users = {
      enable = true;
      extraGroups = [ "video" ];
    };
    virtualisation.enable = true;
  };
  # Bootloader.
@@ -51,83 +39,26 @@
  boot.kernelPackages = pkgs.linuxPackages_latest;
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
  # Enable networking
  networking.networkmanager.enable = true;
-  # Set your time zone.
+  # WireGuard setup
-  time.timeZone = "America/Los_Angeles";
+  networking.wg-quick.interfaces = {
-
+    ogleNet = {
-  # Select internationalisation properties.
+      configFile = "/root/Oglehome-VPN-johno-nixbook.conf";
-  i18n.defaultLocale = "en_US.UTF-8";
+    };
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_US.UTF-8";
    LC_IDENTIFICATION = "en_US.UTF-8";
    LC_MEASUREMENT = "en_US.UTF-8";
    LC_MONETARY = "en_US.UTF-8";
    LC_NAME = "en_US.UTF-8";
    LC_NUMERIC = "en_US.UTF-8";
    LC_PAPER = "en_US.UTF-8";
    LC_TELEPHONE = "en_US.UTF-8";
    LC_TIME = "en_US.UTF-8";
  };
-  # Configure keymap in X11
+  hardware.graphics = {
  services.xserver.xkb = {
    layout = "us";
    variant = "";
    options = "caps:escape";
  };
  hardware.pulseaudio.enable = true;
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.johno = {
    isNormalUser = true;
    description = "John Ogle";
    extraGroups = [ "networkmanager" "wheel" "audio" ];
    packages = with pkgs; [];
  };
  # Enable automatic login for the user.
  services.getty.autologinUser = "johno";
  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
  #  wget
  ];
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  programs.gnupg.agent = {
    enable = true;
-    enableSSHSupport = true;
+    extraPackages = with pkgs; [
      intel-media-driver
      intel-vaapi-driver
      libvdpau-va-gl
    ];
  };
  virtualisation.docker.enable = true;
  users.extraGroups.docker.members = [ "johno" ];
  # List services that you want to enable:
  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;
  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
@@ -135,21 +66,4 @@
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "24.05"; # Did you read the comment?
  # Desktop
  programs.steam.enable = true;
  #services.xserver.enable = true;
  services.displayManager = {
    sddm.enable = true;
    sddm.wayland.enable = true;
    #defaultSession = "plasmax11";
  };
  services.desktopManager.plasma6.enable = true;
  programs.hyprland = {
    enable = true;
    package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
  };
 }
--- a/machines/nix-book/hardware-configuration.nix
+++ b/machines/nix-book/hardware-configuration.nix
@@ -10,15 +10,27 @@
  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "sdhci_pci" ];
  boot.initrd.kernelModules = [ ];
  boot.initrd.luks.devices."luks-4126fbd4-bd09-4ece-af0d-6fff414c21b3".device = "/dev/disk/by-uuid/4126fbd4-bd09-4ece-af0d-6fff414c21b3";
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
-  fileSystems."/" =
+  roles.btrfs = {
-    { device = "/dev/disk/by-uuid/bd396529-e2c4-47cb-b844-8d6ed841f81a";
+    enable = true;
-      fsType = "ext4";
+    filesystems."/dev/disk/by-uuid/223a44e5-91e2-4272-830e-129166042a1d" = {
      mountpoints = {
        "/" = {
          compression = "zstd";
          extraOptions = [ "noatime" ];
        };
      };
      scrub.enable = true;
      deduplication = {
        enable = true;
        hashTableSizeMB = 32;
        verbosity = "err";
      };
    };
-
+  };
  boot.initrd.luks.devices."luks-4126fbd4-bd09-4ece-af0d-6fff414c21b3".device = "/dev/disk/by-uuid/4126fbd4-bd09-4ece-af0d-6fff414c21b3";
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/7A0B-CF88";
@@ -29,6 +41,7 @@
  swapDevices =
    [ { device = "/dev/disk/by-uuid/ec1f70ea-27b6-4646-ad3b-eac41bd83e3e"; }
    ];
  zramSwap.enable = true;
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
--- a/machines/nix-book/nixbook-btrfs-migration.md
+++ b/machines/nix-book/nixbook-btrfs-migration.md
@@ -0,0 +1,223 @@
 # NixBook ext4 to btrfs Migration Guide
 ## Overview
 This guide converts your nixbook machine from ext4 to btrfs with zstd compression and beesd deduplication while preserving your LUKS encryption and all data.
 ## Current System Info
 - **Hostname**: nix-book
 - **Root filesystem**: ext4 on `/dev/disk/by-uuid/bd396529-e2c4-47cb-b844-8d6ed841f81a`
 - **Encryption**: LUKS with two devices configured
 - **Current usage**: 138GB used / 225GB total (65% full)
 - **Free space**: 76GB available (sufficient for conversion)
 ## Pre-Migration Checklist
 ### 1. Create Full System Backup (CRITICAL)
 ```bash
 # Boot from NixOS live USB
 # Mount encrypted filesystem
 cryptsetup luksOpen /dev/disk/by-uuid/4126fbd4-bd09-4ece-af0d-6fff414c21b3 luks-nixbook
 mount /dev/mapper/luks-nixbook /mnt
 # Create backup to external drive (adjust target as needed)
 rsync -avxHAX --progress /mnt/ /path/to/backup/nixbook-backup/
 ```
 ### 2. Verify Configuration Changes
 The following files have been updated for btrfs:
 - `machines/nix-book/configuration.nix` - Added beesd service
 - `machines/nix-book/hardware-configuration.nix` - Changed fsType to btrfs with compression
 ## Migration Process
 ### Phase 1: Boot to Live Environment
 1. **Create NixOS live USB**:
   ```bash
   # Download latest NixOS ISO
   # Flash to USB drive
   dd if=nixos-minimal-xx.xx-x86_64-linux.iso of=/dev/sdX bs=4M status=progress
   ```
 2. **Boot from live USB** and ensure you can access the encrypted drives
 ### Phase 2: Filesystem Conversion
 3. **Unlock LUKS volumes**:
   ```bash
   cryptsetup luksOpen /dev/disk/by-uuid/4126fbd4-bd09-4ece-af0d-6fff414c21b3 luks-nixbook
   cryptsetup luksOpen /dev/disk/by-uuid/b614167b-9045-4234-a441-ac6f60a96d81 luks-nixbook2
   ```
 4. **Check filesystem before conversion**:
   ```bash
   fsck.ext4 -f /dev/mapper/luks-nixbook
   ```
 5. **Convert ext4 to btrfs** (this preserves all data):
   ```bash
   # Install btrfs-progs if not available
   nix-shell -p btrfs-progs
   # Convert the filesystem (takes 15-45 minutes depending on data)
   btrfs-convert /dev/mapper/luks-nixbook
   # Verify conversion succeeded
   mount /dev/mapper/luks-nixbook /mnt
   ls -la /mnt  # Should show your normal filesystem
   btrfs filesystem show /mnt
   ```
 6. **Get new filesystem UUID** (may have changed):
   ```bash
   blkid /dev/mapper/luks-nixbook
   # Note the new UUID if it changed
   ```
 ### Phase 3: Configuration Update
 7. **Mount and chroot into system**:
   ```bash
   mount -o compress=zstd,noatime /dev/mapper/luks-nixbook /mnt
   mount /dev/disk/by-uuid/7A0B-CF88 /mnt/boot
   nixos-enter --root /mnt
   ```
 8. **Update hardware-configuration.nix** if UUID changed:
   ```bash
   # Edit /etc/nixos/hardware-configuration.nix if needed
   # Update the UUID in fileSystems."/" section
   ```
 9. **Rebuild system with btrfs configuration**:
   ```bash
   cd /home/johno/nixos-configs
   nixos-rebuild switch --flake .#nix-book
   ```
 ### Phase 4: Enable Compression and Deduplication
 10. **Reboot into new btrfs system**:
    ```bash
    exit  # Exit chroot
    umount -R /mnt
    reboot
    ```
 11. **Verify btrfs is working**:
    ```bash
    mount | grep btrfs
    btrfs filesystem usage /
    ```
 12. **Enable and start beesd**:
    ```bash
    systemctl status beesd-root
    systemctl start beesd-root
    systemctl enable beesd-root
    ```
 13. **Force compression on existing files** (optional but recommended):
    ```bash
    # This will compress existing files with zstd
    btrfs filesystem defragment -r -czstd /
    ```
 ## Post-Migration Verification
 ### Check System Health
 ```bash
 # Verify btrfs health
 btrfs scrub start /
 btrfs scrub status /
 # Check compression effectiveness
 compsize /
 # Monitor beesd deduplication
 journalctl -u beesd-root -f
 # Check filesystem usage
 btrfs filesystem usage /
 df -h /
 ```
 ### Performance Monitoring
 ```bash
 # Monitor beesd hash table
 ls -lh /.beeshash
 # Check compression ratio over time
 compsize /home /nix /var
 ```
 ## Expected Benefits
 ### Space Savings
 - **Compression**: 20-30% reduction in disk usage from zstd
 - **Deduplication**: Additional 10-20% savings on duplicate files
 - **Combined**: Potentially 30-40% total space savings
 ### Performance Impact
 - **Compression**: Minimal CPU overhead, often improves I/O performance
 - **Deduplication**: Background process, minimal impact during normal use
 - **Overall**: Should be neutral to positive performance impact
 ## Rollback Plan (Emergency)
 If something goes wrong:
 1. **Boot from live USB**
 2. **Restore from backup**:
   ```bash
   cryptsetup luksOpen /dev/disk/by-uuid/4126fbd4-bd09-4ece-af0d-6fff414c21b3 luks-nixbook
   mkfs.ext4 /dev/mapper/luks-nixbook
   mount /dev/mapper/luks-nixbook /mnt
   rsync -avxHAX --progress /path/to/backup/nixbook-backup/ /mnt/
   ```
 3. **Restore original hardware-configuration.nix** with ext4 settings
 4. **Rebuild and reboot**
 ## Troubleshooting
 ### Common Issues
 **"Device busy" during conversion**:
 - Ensure no processes are accessing the filesystem
 - Check with `lsof` and `fuser`
 **UUID changed after conversion**:
 - Update hardware-configuration.nix with new UUID
 - Regenerate initrd: `nixos-rebuild switch`
 **Beesd service fails to start**:
 - Check disk space for hash table
 - Verify filesystem is btrfs: `mount | grep btrfs`
 - Check logs: `journalctl -u beesd-root`
 **Boot issues after conversion**:
 - Boot from live USB
 - Check /boot partition is mounted correctly
 - Verify LUKS UUIDs match in configuration
 - Rebuild bootloader: `nixos-rebuild switch --install-bootloader`
 ## Maintenance
 ### Regular Tasks
 ```bash
 # Monthly scrub (checks for corruption)
 btrfs scrub start /
 # Monitor compression effectiveness
 compsize /
 # Check beesd deduplication status
 systemctl status beesd-root
 ```
 ### Space Management
 ```bash
 # Balance filesystem (defragments and optimizes)
 btrfs balance start -dusage=50 /
 # Check for space issues
 btrfs filesystem usage /
 ```
 This migration preserves all your data while gaining the benefits of modern btrfs features including transparent compression and automatic deduplication.
--- a/machines/wixos/configuration.nix
+++ b/machines/wixos/configuration.nix
@@ -0,0 +1,62 @@
 # Edit this configuration file to define what should be installed on
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 # NixOS-WSL specific options are documented on the NixOS-WSL repository:
 # https://github.com/nix-community/NixOS-WSL
 { config, lib, pkgs, ... }:
 {
  imports = [
  ];
  roles = {
    audio.enable = true;
    desktop = {
      enable = true;
      wayland = true;
    };
    users.enable = true;
  };
  networking.hostName = "wixos";
  wsl.enable = true;
  wsl.defaultUser = "johno";
  wsl.startMenuLaunchers = true;
  wsl.useWindowsDriver = true;
  wsl.wslConf.network.hostname = "wixos";
  wsl.wslConf.user.default = "johno";
  services.xserver.videoDrivers = [ "nvidia" ];
  hardware.graphics = { 
    enable = true;
    extraPackages = with pkgs; [
      mesa
      libvdpau-va-gl
      vaapiVdpau
    ];
  };
  environment.sessionVariables = {
    LD_LIBRARY_PATH = [
      "/usr/lib/wsl/lib"
      "/run/opengl-driver/lib"
    ];
  };
  hardware.nvidia = {
    modesetting.enable = true;
    nvidiaSettings = true;
    open = true;
    package = config.boot.kernelPackages.nvidiaPackages.latest;
  };
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It's perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "24.05"; # Did you read the comment?
 }
--- a/machines/z790prors/configuration.nix
+++ b/machines/z790prors/configuration.nix
@@ -1,173 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { inputs, config, pkgs, ... }:
 let
  kidsPackages = with pkgs; [
    firefox
  ];
 in
 {
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ../../roles/virtualisation/default.nix
      ../../roles/nfs-mounts/default.nix
    ];
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.grub.useOSProber = true;
  networking.hostName = "z790prors-nix"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  # Set your time zone.
  time.timeZone = "America/Los_Angeles";
  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
  # Per-interface useDHCP will be mandatory in the future, so this generated config
  # replicates the default behaviour.
  networking.useDHCP = false;
  networking.interfaces.enp3s0.useDHCP = true;
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  # console = {
  #   font = "Lat2-Terminus16";
  #   keyMap = "us";
  # };
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  nix.settings.secret-key-files = /root/cache-priv-key.pem;
  nix.settings.max-jobs = "auto";
  nix.settings.trusted-users = [ "johno" ];
  nix.settings.substituters = [
    "https://hyprland.cachix.org"
  ];
  nix.settings.trusted-public-keys = [
    "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
  ];
  nixpkgs.config.allowUnfree = true;
  # Enable the X11 windowing system.
  services.xserver.enable = true;
  hardware.graphics.enable = true;
  services.xserver.videoDrivers = ["nvidia"];
  hardware.nvidia = {
    modesetting.enable = true;
    powerManagement.enable = false;
    powerManagement.finegrained = false;
    open = false;
    nvidiaSettings = true;
    package = config.boot.kernelPackages.nvidiaPackages.production;
  };
  # Configure keymap in X11
  # services.xserver.layout = "us";
  # services.xserver.xkbOptions = "eurosign:e";
  # Enable CUPS to print documents.
  # services.printing.enable = true;
  # Enable sound.
  hardware.pulseaudio.enable = true;
  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.johno = {
    isNormalUser = true;
    description = "John Ogle";
    extraGroups = [ "wheel" "networkmanager" "audio" "libvirtd" ]; # Enable ‘sudo’ for the user.
  };
  users.users.eli = {
    isNormalUser = true;
    description = "Eli";
    home = "/arch/@home/eli";
    packages = kidsPackages;
  };
  users.users.andrew = {
    isNormalUser = true;
    description = "Andrew";
    home = "/arch/@home/andrew";
    packages = kidsPackages;
  };
  users.users.jules = {
    isNormalUser = true;
    description = "Jules";
    home = "/arch/@home/jules";
    packages = kidsPackages;
  };
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
    git
  ];
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };
  # List services that you want to enable:
  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
  services.displayManager = {
    sddm.enable = true;
    sddm.wayland.enable = true;
    #defaultSession = "plasmax11";
  };
  services.desktopManager.plasma6.enable = true;
  programs.hyprland = {
    enable = true;
    package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
  };
  programs.java.enable = true;
  programs.steam = {
    enable = true;
    remotePlay.openFirewall = true;
    localNetworkGameTransfers.openFirewall = true;
    #package = pkgs.steam.override {
      #withJava = true;
      #withPrimus = true;
      #extraPkgs = pkgs: [ bumblebee glxinfo ];
    #};
  };
  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "21.11"; # Did you read the comment?
 }
--- a/machines/z790prors/hardware-configuration.nix
+++ b/machines/z790prors/hardware-configuration.nix
@@ -1,35 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/8d996d13-6d55-4524-83a2-6f6fb47a09ea";
      fsType = "btrfs";
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/7445-C336";
      fsType = "vfat";
    };
  fileSystems."/arch" =
    { device = "/dev/disk/by-label/endeavouros";
      fsType = "btrfs";
    };
  swapDevices = [ ];
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/machines/zix790prors/README.org
+++ b/machines/zix790prors/README.org
@@ -0,0 +1,31 @@
 * zix790prors
 The re-birthed NixOS install of my 2024/2025 gaming pc / workstation.
 ** Specs
 - **CPU:** Intel Core i7-14700K (20 cores, 28 threads, up to 5.6 GHz)
 - **Memory:** 64 GB RAM
 - **Storage:**
  - 4TB NVMe SSD (main drive with dual-boot partitions)
    - Windows 11 partition (NTFS)
    - NixOS /nix/store partition (btrfs)
    - Shared /games partition (btrfs, accessible from both Windows and NixOS)
 - **GPU:** NVIDIA GeForce RTX 4070 Ti
 - **Boot:** UEFI with 100MB EFI System Partition
 This is a powerful all-purpose workstation optimized for gaming, 3D modeling, and development. It dual-boots Windows 11 with a shared btrfs /games partition accessible from both operating systems.
 *** Validation
 Given the above specs, I want to run shell commands to validate them for accuracy. Use the run_shell_command tool to get the results required to complete this validation. Do not return to the user until you have exhausted your self-serve options for accomplishing your task.
 ** BIOS Settings
 **2025-09-08**
 I underclocked the CPU today. I set the cpu/cache voltage offset to -50mV and lowered the P-Core multiplier from 56x to 50x. I was able to run Intel XTU benchmarks and the CPU stayed around 80C without any throttling kicking in, whereas before it would bounce around various cores at 100C with lots of throttling taking place.
 My goals for this change are:
 - CPU longevity
 - Fan noise
 - Addressing various apps that say 100C is a "critical temperature" (though I believe the CPU is rated for up to 110C)
 I'm leaving some performance on the table, but it almost feels like the default settings for this CPU were to effectively be overclocked.
--- a/machines/zix790prors/configuration.nix
+++ b/machines/zix790prors/configuration.nix
@@ -0,0 +1,99 @@
 # Edit this configuration file to define what should be installed on
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 { lib, pkgs, ... }:
 with lib;
 {
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];
  roles = {
    audio.enable = true;
    bluetooth.enable = true;
    desktop = {
      enable = true;
      gaming = {
        enable = true;
        emulation = true;
      };
      kde = true;
      sddm = true;
      wayland = true;
    };
    nfs-mounts.enable = true;
    nvidia.enable = true;
    printing.enable = true;
    users.enable = true;
    virtualisation.enable = true;
  };
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.systemd-boot.configurationLimit = 20;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.timeout = 10;
  networking.hostName = "zix790prors"; # Define your hostname.
  # Enable networking
  networking.networkmanager.enable = true;
  # Fix dual boot clock sync - tell Linux to use local time for hardware clock
  time.hardwareClockInLocalTime = true;
  # NVIDIA Graphics configuration
  services.xserver.videoDrivers = [ "nvidia" ];
  hardware.graphics.enable = true;
  hardware.graphics.enable32Bit = true;
  hardware.nvidia = {
    # Modesetting is required.
    modesetting.enable = true;
    # Enable the Nvidia settings menu,
    # accessible via `nvidia-settings`.
    nvidiaSettings = true;
    # Optionally, you may need to select the appropriate driver version for your specific GPU.
    package = pkgs.linuxPackages.nvidiaPackages.stable;
    # Use open source kernel modules (recommended for RTX/GTX 16xx and newer)
    # Set to false if you have an older GPU
    open = true;
    # For gaming performance
    powerManagement.enable = false;
    powerManagement.finegrained = false;
  };
  services.ollama = {
    enable = true;
    acceleration = "cuda";
    loadModels = [ "gpt-oss" "deepseek-r1" "qwen3:30b" ];
  };
  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
  # Most users should NEVER change this value after the initial install, for any reason,
  # even if you've upgraded your system to a new NixOS release.
  #
  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
  # to actually do that.
  #
  # This value being lower than the current NixOS release does NOT mean your system is
  # out of date, out of support, or vulnerable.
  #
  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
  # and migrated your data accordingly.
  #
  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "25.11"; # Did you read the comment?
 }
--- a/machines/zix790prors/hardware-configuration.nix
+++ b/machines/zix790prors/hardware-configuration.nix
@@ -0,0 +1,57 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/11C1-EB58";
      fsType = "vfat";
      options = [ "fmask=0077" "dmask=0077" ];
    };
  roles.btrfs = {
    enable = true;
    filesystems."/dev/disk/by-uuid/ec22734b-d1a3-4c99-8c6f-86f6a8d79007" = {
      mountpoints = {
        "/" = {
          compression = "zstd";
          extraOptions = [ "noatime" ];
        };
      };
      scrub.enable = true;
      deduplication = {
        enable = true;
        hashTableSizeMB = 128;
        verbosity = "err";
      };
    };
    filesystems."/dev/disk/by-uuid/4f9844ac-c1ad-4426-8eb3-21f2306345fb" = {
      mountpoints = {
        "/games" = {
          extraOptions = [ "noatime" ];
        };
      };
      scrub.enable = true;
      deduplication = {
        enable = true;
        hashTableSizeMB = 256;
        verbosity = "err";
      };
    };
  };
  swapDevices = [ ];
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/packages/app-launcher-server/app-launcher-server.py
+++ b/packages/app-launcher-server/app-launcher-server.py
@@ -0,0 +1,104 @@
 #!/usr/bin/env python3
 import json
 import logging
 import os
 import subprocess
 import sys
 from http.server import BaseHTTPRequestHandler, HTTPServer
 from urllib.parse import urlparse
 # Configure logging
 logging.basicConfig(
    level=logging.INFO,
    format='%(asctime)s - %(levelname)s - %(message)s'
 )
 logger = logging.getLogger(__name__)
 # Allowlisted applications that can be launched
 ALLOWED_APPS = {
    'firefox': 'firefox',
    'kodi': 'kodi'
 }
 class AppLauncherHandler(BaseHTTPRequestHandler):
    def log_message(self, format, *args):
        logger.info(format % args)
    def do_GET(self):
        if self.path == '/':
            self.send_response(200)
            self.send_header('Content-type', 'application/json')
            self.end_headers()
            response = {
                'status': 'running',
                'available_apps': list(ALLOWED_APPS.keys()),
                'usage': 'POST /launch/<app_name> to launch an application'
            }
            self.wfile.write(json.dumps(response, indent=2).encode())
        else:
            self.send_error(404)
    def do_POST(self):
        parsed_path = urlparse(self.path)
        path_parts = parsed_path.path.strip('/').split('/')
        if len(path_parts) == 2 and path_parts[0] == 'launch':
            app_name = path_parts[1]
            self.launch_app(app_name)
        else:
            self.send_error(404, "Invalid endpoint. Use /launch/<app_name>")
    def launch_app(self, app_name):
        if app_name not in ALLOWED_APPS:
            self.send_error(400, f"Application '{app_name}' not allowed. Available apps: {list(ALLOWED_APPS.keys())}")
            return
        command = ALLOWED_APPS[app_name]
        try:
            # Launch the application in the background
            # Ensure we have the proper environment for GUI apps
            env = os.environ.copy()
            logger.info(f"Launching application: {command}")
            process = subprocess.Popen(
                [command],
                env=env,
                stdout=subprocess.DEVNULL,
                stderr=subprocess.DEVNULL,
                start_new_session=True
            )
            self.send_response(200)
            self.send_header('Content-type', 'application/json')
            self.end_headers()
            response = {
                'status': 'success',
                'message': f'Successfully launched {app_name}',
                'pid': process.pid
            }
            self.wfile.write(json.dumps(response).encode())
        except FileNotFoundError:
            logger.error(f"Application not found: {command}")
            self.send_error(500, f"Application '{app_name}' not found on system")
        except Exception as e:
            logger.error(f"Error launching {command}: {e}")
            self.send_error(500, f"Failed to launch {app_name}: {str(e)}")
 def main():
    port = int(sys.argv[1]) if len(sys.argv) > 1 else 8081
    server = HTTPServer(('0.0.0.0', port), AppLauncherHandler)
    logger.info(f"App launcher server starting on port {port}")
    logger.info(f"Available applications: {list(ALLOWED_APPS.keys())}")
    try:
        server.serve_forever()
    except KeyboardInterrupt:
        logger.info("Server shutting down...")
        server.server_close()
 if __name__ == '__main__':
    main()
--- a/packages/app-launcher-server/default.nix
+++ b/packages/app-launcher-server/default.nix
@@ -0,0 +1,5 @@
 { pkgs }:
 pkgs.writeShellScriptBin "app-launcher-server" ''
  exec ${pkgs.python3}/bin/python3 ${./app-launcher-server.py} "$@"
 ''
--- a/packages/default.nix
+++ b/packages/default.nix
@@ -0,0 +1,6 @@
 { pkgs, ... }:
 {
  vulkanHDRLayer = pkgs.callPackage ./vulkan-hdr-layer {};
  tea-rbw = pkgs.callPackage ./tea-rbw {};
  app-launcher-server = pkgs.callPackage ./app-launcher-server {};
 }
--- a/packages/tea-rbw/default.nix
+++ b/packages/tea-rbw/default.nix
@@ -0,0 +1,58 @@
 { pkgs, ... }:
 pkgs.writeShellScriptBin "tea" ''
  set -euo pipefail
  # Check if tea config directory exists and has authentication
  TEA_CONFIG_DIR="''${XDG_CONFIG_HOME:-$HOME/.config}/tea"
  TEA_CONFIG_FILE="$TEA_CONFIG_DIR/config.yml"
  # Function to setup tea authentication with rbw
  setup_tea_auth() {
    echo "Tea authentication not found. Setting up with rbw..."
    # Check if rbw is available
    if ! command -v rbw &> /dev/null; then
      echo "Error: rbw is not available. Please ensure rbw is installed and configured."
      exit 1
    fi
    # Try to get the token from rbw
    echo "Attempting to retrieve Gitea token from rbw..."
    echo "Please enter the rbw entry name for your Gitea token:"
    read -r rbw_entry
    if ! token=$(rbw get "$rbw_entry" 2>/dev/null); then
      echo "Error: Failed to retrieve token from rbw entry '$rbw_entry'"
      echo "Available rbw entries:"
      rbw list 2>/dev/null || echo "Failed to list rbw entries"
      exit 1
    fi
    # Prompt for Gitea URL
    echo "Please enter your Gitea URL (e.g., https://git.example.com):"
    read -r gitea_url
    # Create tea config directory if it doesn't exist
    mkdir -p "$TEA_CONFIG_DIR"
    # Setup tea login
    if ! ${pkgs.tea}/bin/tea login add --name "default" --url "$gitea_url" --token "$token"; then
      echo "Error: Failed to setup tea authentication"
      exit 1
    fi
    echo "Tea authentication setup complete!"
  }
  # Check if tea is already configured
  if [[ ! -f "$TEA_CONFIG_FILE" ]]; then
    setup_tea_auth
  elif ! ${pkgs.tea}/bin/tea whoami &>/dev/null; then
    echo "Tea config exists but authentication failed. Re-running setup..."
    setup_tea_auth
  fi
  # Execute tea with all provided arguments
  exec ${pkgs.tea}/bin/tea "$@"
 ''
--- a/packages/vulkan-hdr-layer/default.nix
+++ b/packages/vulkan-hdr-layer/default.nix
@@ -0,0 +1,34 @@
 { lib, stdenv, fetchFromGitHub, meson, pkg-config, vulkan-loader, ninja, writeText, vulkan-headers, vulkan-utility-libraries,  jq, libX11, libXrandr, libxcb, wayland, wayland-scanner }:
 stdenv.mkDerivation rec {
  pname = "vulkan-hdr-layer";
  version = "63d2eec";
  src = (fetchFromGitHub {
    owner = "Zamundaaa";
    repo = "VK_hdr_layer";
    rev = "869199cd2746e7f69cf19955153080842b6dacfc";
    fetchSubmodules = true;
    hash = "sha256-xfVYI+Aajmnf3BTaY2Ysg5fyDO6SwDFGyU0L+F+E3is=";
  }).overrideAttrs (_: {
    GIT_CONFIG_COUNT = 1;
    GIT_CONFIG_KEY_0 = "url.https://github.com/.insteadOf";
    GIT_CONFIG_VALUE_0 = "git@github.com:";
  });
  nativeBuildInputs = [ vulkan-headers meson ninja pkg-config jq ];
  buildInputs = [ vulkan-headers vulkan-loader vulkan-utility-libraries libX11 libXrandr libxcb wayland wayland-scanner ];
  # Help vulkan-loader find the validation layers
  setupHook = writeText "setup-hook" ''
    addToSearchPath XDG_DATA_DIRS @out@/share
  '';
  meta = with lib; {
    description = "Layers providing Vulkan HDR";
    homepage = "https://github.com/Zamundaaa/VK_hdr_layer";
    platforms = platforms.linux;
    license = licenses.mit;
  };
 }
--- a/roles/audio/default.nix
+++ b/roles/audio/default.nix
@@ -0,0 +1,41 @@
 { lib, config, pkgs, ... }:
 with lib;
 let
  cfg = config.roles.audio;
 in
 {
  options.roles.audio = {
    enable = mkEnableOption "Enable the audio role";
  };
  config = mkIf cfg.enable
    {
      environment.systemPackages = with pkgs; [
        easyeffects
        paprefs
        pavucontrol
        pulsemixer
      ];
      services.pipewire = {
        enable = true;
        pulse.enable = true;
      };
      services.pulseaudio = {
        package = pkgs.pulseaudioFull;
        extraConfig = ''
          load-module module-combine-sink
          load-module module-switch-on-connect
        '';
      };
      services.squeezelite = {
        #enable = true;
        pulseAudio = true;
      };
    };
 }
--- a/roles/bluetooth/default.nix
+++ b/roles/bluetooth/default.nix
@@ -0,0 +1,26 @@
 { lib, config, pkgs, ... }:
 with lib;
 let
  cfg = config.roles.bluetooth;
 in
 {
  options.roles.bluetooth = {
    enable = mkEnableOption "Enable the bluetooth role";
  };
  config = mkIf cfg.enable
    {
      hardware.bluetooth.enable = true;
      hardware.bluetooth.powerOnBoot = true;
      hardware.bluetooth.settings = {
        General = {
          Enable = "Source,Sink,Media,Socket";
        };
      };
      services.blueman.enable = true;
    };
 }
--- a/roles/btrfs/default.nix
+++ b/roles/btrfs/default.nix
@@ -0,0 +1,173 @@
 { lib, config, pkgs, ... }:
 with lib;
 let
  cfg = config.roles.btrfs;
 in
 {
  options.roles.btrfs = {
    enable = mkEnableOption "Enable btrfs filesystem management";
    filesystems = mkOption {
      type = types.attrsOf (types.submodule {
        options = {
          # Filesystem-level maintenance options
          scrub = {
            enable = mkOption { 
              type = types.bool; 
              default = true;
              description = "Enable automatic scrubbing for this filesystem";
            };
            interval = mkOption { 
              type = types.str; 
              default = "weekly";
              description = "Scrub interval (systemd timer format)";
            };
          };
          deduplication = {
            enable = mkOption { 
              type = types.bool; 
              default = false;
              description = "Enable beesd deduplication for this filesystem";
            };
            hashTableSizeMB = mkOption { 
              type = types.int; 
              default = 1024;
              description = "Hash table size in MB (should be multiple of 16)";
            };
            verbosity = mkOption { 
              type = types.str; 
              default = "info";
              description = "Logging verbosity level";
            };
          };
          balance = {
            enable = mkOption { 
              type = types.bool; 
              default = false;
              description = "Enable periodic balance operations";
            };
            interval = mkOption { 
              type = types.str; 
              default = "monthly";
              description = "Balance interval (systemd timer format)";
            };
            dataUsage = mkOption { 
              type = types.int; 
              default = 50;
              description = "Data usage threshold for balance";
            };
            metadataUsage = mkOption { 
              type = types.int; 
              default = 50;
              description = "Metadata usage threshold for balance";
            };
          };
          # Mountpoint-based configuration
          mountpoints = mkOption {
            type = types.attrsOf (types.submodule {
              options = {
                subvolume = mkOption { 
                  type = types.nullOr types.str; 
                  default = null;
                  description = "Subvolume name. If null, uses default subvolume.";
                };
                compression = mkOption { 
                  type = types.str; 
                  default = "zstd";
                  description = "Compression algorithm (zstd, lzo, lz4, none)";
                };
                autodefrag = mkOption { 
                  type = types.bool; 
                  default = false;
                  description = "Enable automatic defragmentation";
                };
                extraOptions = mkOption { 
                  type = types.listOf types.str; 
                  default = [];
                  description = "Additional mount options";
                };
              };
            });
            default = {};
            description = "Mountpoint configurations for this filesystem";
          };
        };
      });
      default = {};
      description = "Btrfs filesystems configuration";
    };
  };
  config = mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
      btrfs-progs
      compsize
    ];
    # Generate fileSystems configuration from mountpoints
    fileSystems = mkMerge (flatten (mapAttrsToList (device: fsCfg:
      mapAttrsToList (mountpoint: mountCfg:
        {
          ${mountpoint} = {
            device = device;
            fsType = "btrfs";
            options = 
              (optional (mountCfg.subvolume != null) "subvol=${mountCfg.subvolume}") ++
              [ "compress=${mountCfg.compression}" ] ++
              (optional mountCfg.autodefrag "autodefrag") ++
              mountCfg.extraOptions;
          };
        }
      ) fsCfg.mountpoints
    ) cfg.filesystems));
    # Configure scrub service using NixOS built-in
    services.btrfs.autoScrub = mkIf (any (fs: fs.scrub.enable) (attrValues cfg.filesystems)) {
      enable = true;
      interval = "weekly"; # TODO: Make this configurable per filesystem
      fileSystems = attrNames (filterAttrs (_: fs: fs.scrub.enable) cfg.filesystems);
    };
    # Configure beesd for filesystems with deduplication enabled
    services.beesd.filesystems = mapAttrs' (device: fsCfg: 
      nameValuePair (replaceStrings ["/"] ["_"] (replaceStrings ["-"] ["_"] device)) {
        spec = device;
        hashTableSizeMB = fsCfg.deduplication.hashTableSizeMB;
        verbosity = fsCfg.deduplication.verbosity;
      }
    ) (filterAttrs (_: fs: fs.deduplication.enable) cfg.filesystems);
    # Custom balance services for filesystems with balance enabled
    systemd.services = mkMerge (mapAttrsToList (device: fsCfg: mkIf fsCfg.balance.enable {
      "btrfs-balance-${replaceStrings ["/"] ["-"] (replaceStrings ["-"] ["_"] device)}" = {
        description = "Balance btrfs filesystem ${device}";
        script = ''
          ${pkgs.btrfs-progs}/bin/btrfs balance start \
            -dusage=${toString fsCfg.balance.dataUsage} \
            -musage=${toString fsCfg.balance.metadataUsage} \
            ${device}
        '';
        serviceConfig = {
          Type = "oneshot";
          Nice = 19;
          IOSchedulingClass = "idle";
        };
      };
    }) cfg.filesystems);
    # Balance timers
    systemd.timers = mkMerge (mapAttrsToList (device: fsCfg: mkIf fsCfg.balance.enable {
      "btrfs-balance-${replaceStrings ["/"] ["-"] (replaceStrings ["-"] ["_"] device)}" = {
        description = "Periodic balance for ${device}";
        wantedBy = [ "timers.target" ];
        timerConfig = {
          OnCalendar = fsCfg.balance.interval;
          Persistent = true;
        };
      };
    }) cfg.filesystems);
  };
 }
--- a/roles/darwin.nix
+++ b/roles/darwin.nix
@@ -0,0 +1,84 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  # Extract the set-environment path that nix-darwin generates
  setEnvironmentPath = "${config.system.build.setEnvironment}";
 in
 {
  config = {
    # Salt manages /etc/bashrc, /etc/zshrc, /etc/zshenv
    # nix-darwin writes to .local variants for nix-specific configuration
    # Disable nix-darwin from managing the main shell files
    environment.etc."bashrc".enable = false;
    environment.etc."zshrc".enable = false;
    environment.etc."zshenv".enable = false;
    # Create .local files with nix environment setup
    environment.etc."bash.local".text = ''
      # Nix environment setup
      if [ -z "$__NIX_DARWIN_SET_ENVIRONMENT_DONE" ]; then
        . ${setEnvironmentPath}
      fi
    '';
    environment.etc."zshrc.local".text = ''
      # Nix environment setup (already done in zshenv.local)
    '';
    environment.etc."zshenv.local".text = ''
      # Nix environment setup
      if [[ -o rcs ]]; then
        if [ -z "''${__NIX_DARWIN_SET_ENVIRONMENT_DONE-}" ]; then
          . ${setEnvironmentPath}
        fi
        # Tell zsh how to find installed completions
        for p in ''${(z)NIX_PROFILES}; do
          fpath=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions $fpath)
        done
      fi
    '';
    time.timeZone = "America/Los_Angeles";
    environment.systemPackages = with pkgs; [
      git
      glances
      pciutils
      tree
      usbutils
      vim
    ];
    nix = {
      package = pkgs.nix;
      # distributedBuilds = true;
      # buildMachines = [{
      #   hostName = "z790prors.oglehome";
      #   system = "x86_64-linux";
      #   protocol = "ssh-ng";
      #   sshUser = "johno";
      #   sshKey = "/root/.ssh/id_ed25519";
      #   maxJobs = 3;
      #   speedFactor = 2;
      # }];
      settings = {
        experimental-features = [ "nix-command" "flakes" ];
        max-jobs = "auto";
        trusted-users = [ "johno" ];
        substituters = [
        ];
      };
      gc = {
        automatic = true;
        options = "--delete-older-than 10d";
      };
    };
    nixpkgs.config.allowUnfree = true;
  };
 }
--- a/roles/default.nix
+++ b/roles/default.nix
@@ -0,0 +1,89 @@
 { lib, pkgs, ... }:
 with lib;
 {
  imports = [
    ./audio
    ./bluetooth
    ./btrfs
    ./desktop
    ./kodi
    ./nfs-mounts
    ./nvidia
    ./printing
    ./spotifyd
    ./users
    ./virtualisation
  ];
  config = {
    i18n.defaultLocale = "en_US.UTF-8";
    i18n.extraLocaleSettings = {
      LC_ADDRESS = "en_US.UTF-8";
      LC_IDENTIFICATION = "en_US.UTF-8";
      LC_MEASUREMENT = "en_US.UTF-8";
      LC_MONETARY = "en_US.UTF-8";
      LC_NAME = "en_US.UTF-8";
      LC_NUMERIC = "en_US.UTF-8";
      LC_PAPER = "en_US.UTF-8";
      LC_TELEPHONE = "en_US.UTF-8";
      LC_TIME = "en_US.UTF-8";
    };
    time.timeZone = "America/Los_Angeles";
    services.xserver.xkb = {
      layout = "us";
      variant = "";
      options = "caps:escape";
    };
    # Don't go to emergency mode if we aren't able to mount filesystems.
    # This is silly if you have multiple hard drives or partitions
    # configured on a machine and then one goes away intentionally or
    # unintentionally. If the system is already booting, let it continue
    # to try and boot.
    systemd.enableEmergencyMode = false;
    # Enable the OpenSSH daemon.
    services.openssh.enable = true;
    environment.systemPackages = with pkgs; [
      git
      glances
      pciutils
      tree
      usbutils
      vim
    ];
    nix = {
      package = pkgs.nix;
      # distributedBuilds = true;
      # buildMachines = [{
      #   hostName = "z790prors.oglehome";
      #   system = "x86_64-linux";
      #   protocol = "ssh-ng";
      #   sshUser = "johno";
      #   sshKey = "/root/.ssh/id_ed25519";
      #   maxJobs = 3;
      #   speedFactor = 2;
      # }];
      settings = {
        experimental-features = [ "nix-command" "flakes" ];
        max-jobs = "auto";
        trusted-users = [ "johno" ];
        substituters = [
        ];
      };
      gc = {
        automatic = true;
        randomizedDelaySec = "14m";
        options = "--delete-older-than 10d";
      };
    };
    nixpkgs.config.allowUnfree = true;
  };
 }
--- a/roles/desktop/default.nix
+++ b/roles/desktop/default.nix
@@ -0,0 +1,27 @@
 { lib, config, pkgs, ... }:
 with lib;
 {
  options.roles.desktop = {
    enable = mkEnableOption "Enable the desktop role.";
    x11 = mkOption { type = types.bool; default = false; description = "Enable X11 support."; };
    wayland = mkOption { type = types.bool; default = false; description = "Enable Wayland support."; };
    kde = mkOption { type = types.bool; default = false; description = "Enable KDE."; };
    gaming = {
      enable = mkOption { type = types.bool; default = false; description = "Enable gaming support."; };
      emulation = mkOption { type = types.bool; default = false; description = "Enable emulation support."; };
    };
    sddm = mkOption { type = types.bool; default = false; description = "Enable SDDM greeter."; };
  };
  imports = [
    ./x11.nix
    ./wayland.nix
    ./gaming.nix
    ./kde.nix
    ./programs.nix
    ./sddm.nix
  ];
 }
--- a/roles/desktop/gaming.nix
+++ b/roles/desktop/gaming.nix
@@ -0,0 +1,27 @@
 { lib, config, pkgs, ... }:
 with lib;
 let
  cfg = config.roles.desktop;
 in
 {
  config = mkMerge [
    (mkIf (cfg.enable && cfg.gaming.enable) {
      environment.systemPackages = with pkgs; [
        steam
        lutris
        moonlight
      ];
      # Possibly other gaming specific services or settings
    })
    (mkIf (cfg.enable && cfg.gaming.emulation) {
      environment.systemPackages = with pkgs; [
        ryubing
        dolphin-emu
      ];
    })
  ];
 }
--- a/roles/desktop/kde.nix
+++ b/roles/desktop/kde.nix
@@ -0,0 +1,12 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.roles.desktop;
 in
 {
  config = mkIf (cfg.enable && cfg.kde) {
    services.desktopManager.plasma6.enable = true;
  };
 }
--- a/roles/desktop/programs.nix
+++ b/roles/desktop/programs.nix
@@ -0,0 +1,20 @@
 { lib, config, pkgs, ... }:
 with lib;
 let
  cfg = config.roles.desktop;
 in
 {
  config = mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
      brightnessctl
      emacs-nox
      moonlight-qt
    ];
    programs.dconf.enable = true;
    services.gnome.gnome-keyring.enable = true;
    programs.kdeconnect.enable = true;
  };
 }
--- a/roles/desktop/sddm.nix
+++ b/roles/desktop/sddm.nix
@@ -0,0 +1,15 @@
 { lib, config, pkgs, ... }:
 with lib;
 let
  cfg = config.roles.desktop;
 in
 {
  config = mkIf (cfg.enable && cfg.sddm) {
    services.displayManager.sddm = {
      enable = true;
      wayland.enable = (!cfg.x11 && cfg.wayland);
    };
  };
 }
--- a/roles/desktop/wayland.nix
+++ b/roles/desktop/wayland.nix
@@ -0,0 +1,23 @@
 { lib, config, pkgs, ... }:
 with lib;
 let
  cfg = config.roles.desktop;
 in
 {
  config = mkIf (cfg.enable && cfg.wayland) {
    programs.sway = {
      enable = true;
      wrapperFeatures.gtk = true;
    };
    programs.light.enable = true;
    environment.systemPackages = with pkgs; [
      grim
      slurp
      wl-clipboard
      mako
    ];
  };
 }
--- a/roles/desktop/x11.nix
+++ b/roles/desktop/x11.nix
@@ -0,0 +1,19 @@
 { lib, config, pkgs, ... }:
 with lib;
 let
  cfg = config.roles.desktop;
 in
 {
  config = mkIf (cfg.enable && cfg.x11) {
    services.xserver = {
      enable = true;
      windowManager.i3 = {
        enable = true;
        extraPackages = with pkgs; [ dmenu i3status i3lock ];
      };
    };
  };
 }
--- a/roles/kodi/default.nix
+++ b/roles/kodi/default.nix
@@ -0,0 +1,87 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.roles.kodi;
  customPkgs = pkgs.callPackage ../../packages {};
 in
 {
  options.roles.kodi = {
    enable = mkEnableOption "Enable Kodi";
    autologin = mkOption {
      default = false;
    };
    wayland = mkOption {
      default = true;
    };
    appLauncherServer = {
      enable = mkOption {
        type = types.bool;
        default = true;
        description = "Enable HTTP app launcher server for remote control";
      };
      port = mkOption {
        type = types.int;
        default = 8081;
        description = "Port for the app launcher HTTP server";
      };
    };
  };
  config = let
    kodiBasePkg = if cfg.wayland then pkgs.kodi-wayland else pkgs.kodi;
    kodiPkg = kodiBasePkg.withPackages (pkgs: with pkgs; [
      jellyfin
      steam-launcher
      steam-library
      youtube
    ]);
  in mkIf cfg.enable
    {
      users.extraUsers.kodi = {
        isNormalUser = true;
        extraGroups = [ "wheel" "networkmanager" "audio" "video" ];
      };
      networking.firewall = {
        allowedTCPPorts = [ 8080 ] ++ optional cfg.appLauncherServer.enable cfg.appLauncherServer.port;
        allowedUDPPorts = [ 8080 ];
      };
      environment.systemPackages = with pkgs; [
        kodiPkg
        wget
        firefox
      ] ++ optional cfg.appLauncherServer.enable customPkgs.app-launcher-server;
      programs.kdeconnect.enable = true;
      systemd.user.services = mkIf cfg.appLauncherServer.enable {
        app-launcher-server = {
          description = "HTTP App Launcher Server";
          wantedBy = [ "graphical-session.target" ];
          after = [ "graphical-session.target" ];
          serviceConfig = {
            Type = "simple";
            ExecStart = "${customPkgs.app-launcher-server}/bin/app-launcher-server ${toString cfg.appLauncherServer.port}";
            Restart = "always";
            RestartSec = "5s";
            Environment = [
              "PATH=${pkgs.firefox}/bin:${kodiPkg}/bin:/run/current-system/sw/bin"
            ];
          };
        };
      };
      services = if cfg.autologin then {
          displayManager = {
            autoLogin.enable = true;
            autoLogin.user = "kodi";
            defaultSession = "kodi";
            sessionData.autologinSession = "plasma";
          };
      } else {};
    };
 }
--- a/roles/nfs-mounts/default.nix
+++ b/roles/nfs-mounts/default.nix
@@ -1,8 +1,31 @@
-{ config, ... }:
+{ config, lib, ... }:
 with lib;
 let
  cfg = config.roles.nfs-mounts;
 in
 {
-  fileSystems."/media" = {
+  options.roles.nfs-mounts = {
-    device = "10.0.0.43:/media";
+    enable = mkEnableOption "Enable default NFS mounts";
-    fsType = "nfs";
+    # TODO: implement requireMount
    requireMount = mkOption {
      type = types.bool;
      description = "Hard fail if the NFS mounts are not available";
      default = false;
    };
  };
  config = mkIf cfg.enable
    {
      fileSystems."/media" = {
        device = "10.0.0.43:/media";
        fsType = "nfs";
        options = [
          "defaults"
          "nofail"
          "softreval"
        ];
      };
    };
 }
--- a/roles/nvidia/default.nix
+++ b/roles/nvidia/default.nix
@@ -0,0 +1,20 @@
 { lib, config, pkgs, ... }:
 with lib;
 let
  cfg = config.roles.nvidia;
 in
 {
  options.roles.nvidia = {
    enable = mkEnableOption "Enable the nvidia role";
  };
  config = mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
      libva-utils
      nvidia-vaapi-driver
      nvtopPackages.nvidia
    ];
  };
 }
--- a/roles/printing/default.nix
+++ b/roles/printing/default.nix
@@ -0,0 +1,30 @@
 { config, lib, ... }:
 with lib;
 let
  cfg = config.roles.printing;
 in
 {
  options.roles.printing = {
    enable = mkEnableOption "Enable default printing setup";
  };
  config = mkIf cfg.enable
    {
      services.printing.enable = true;
      services.avahi = {
        enable = true;
        nssmdns4 = true;
        openFirewall = true;
      };
      hardware.printers.ensurePrinters = [{
        name = "MFC-L8900CDW_series";
        deviceUri = "ipp://brother.oglehome/ipp/print";
        model = "everywhere";
      }];
      hardware.printers.ensureDefaultPrinter = "MFC-L8900CDW_series";
    };
 }
--- a/roles/spotifyd/default.nix
+++ b/roles/spotifyd/default.nix
@@ -0,0 +1,40 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.roles.spotifyd;
 in
 {
  options.roles.spotifyd = {
    enable = mkEnableOption "Enable the spotifyd role";
  };
  config = mkIf cfg.enable
    {
      roles.audio.enable = true;
      services.spotifyd = {
        enable = true;
        settings = {
          global = {
            use_mpris = false;
            backend = "alsa";
            device = "sysdefault";
            bitrate = 320;
            cache_path = "";
            zeroconf_port = 1234;
            autoplay = false;
          };
        };
      };
      networking.firewall.allowedTCPPorts = [
        1234
        57621
      ];
      networking.firewall.allowedUDPPorts = [
        5353
      ];
    };
 }
--- a/roles/users/default.nix
+++ b/roles/users/default.nix
@@ -0,0 +1,52 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.roles.users;
 in
 {
  options.roles.users = {
    enable = mkEnableOption "Enable default users";
    extraGroups = mkOption {
      default = [];
    };
    kids = mkOption {
      type = types.bool;
      default = false;
    };
  };
  config = let
    kidsPackages = with pkgs; [
      firefox
    ];
  in mkIf cfg.enable {
    users.users.johno = {
      isNormalUser = true;
      description = "John Ogle";
      extraGroups = [ "wheel" "networkmanager" "audio" "video" ] ++ cfg.extraGroups;
    };
    users.users.eli = mkIf cfg.kids {
      isNormalUser = true;
      description = "Eli";
      home = "/home/eli";
      packages = kidsPackages;
    };
    users.users.andrew = mkIf cfg.kids {
      isNormalUser = true;
      description = "Andrew";
      home = "/home/andrew";
      packages = kidsPackages;
    };
    users.users.jules = mkIf cfg.kids {
      isNormalUser = true;
      description = "Jules";
      home = "/home/jules";
      packages = kidsPackages;
    };
  };
 }
--- a/roles/virtualisation/default.nix
+++ b/roles/virtualisation/default.nix
@@ -1,6 +1,20 @@
-{ config, ... }:
+{ config, lib, ... }:
 with lib;
 let
  cfg = config.roles.virtualisation;
 in
 {
-  virtualisation.libvirtd.enable = true;
+  options.roles.virtualisation = {
-  programs.virt-manager.enable = true;
+    enable = mkEnableOption "Enable virtualisation";
  };
  config = mkIf cfg.enable
    {
      virtualisation.libvirtd.enable = true;
      programs.virt-manager.enable = true;
      virtualisation.docker.enable = true;
      users.extraGroups.docker.members = [ "johno" ];
    };
 }