[i3] Setup brightness control with ddcutil

- Switch nix-deck to use nixpkgs-unstable and unstable home-manager/plasma-manager
- Remove jovian-compat.nix shim (not needed on unstable)
- Add bitwarden-desktop compatibility overlay for stable/unstable coexistence
- Update hardware-configuration.nix with actual Steam Deck hardware detection
- Add 8GB swap file configuration
- Configure AMD CPU microcode updates

This allows nix-deck to work with the latest Jovian-NixOS while keeping other
machines on stable 25.05.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

AGENTS.md

@@ -10,7 +10,7 @@ This is a NixOS configuration repository using flakes, managing multiple machine
 
 ### Flake Structure
 - **flake.nix**: Main entry point defining inputs (nixpkgs, home-manager, plasma-manager, etc.) and outputs for multiple NixOS configurations
-- **Machines**: `nix-book`, `boxy`, `wixos` (WSL configuration)
+- **Machines**: `nix-book`, `boxy`, `wixos` (WSL configuration), `zix790prors`, `live-usb`, `johno-macbookpro` (Darwin/macOS)
 - **Home configurations**: Standalone home-manager configuration for user `johno`
 
 ### Directory Structure
@@ -28,6 +28,12 @@ The repository uses a custom "roles" system where each role is a NixOS module wi
 - `roles.users`: User account management
 - `roles.virtualisation`: Virtualization setup
 - `roles.kodi`: Kodi media center
+- `roles.nvidia`: NVIDIA GPU configuration
+- `roles.printing`: Printing support (CUPS)
+- `roles.spotifyd`: Spotify daemon
+- `roles.btrfs`: Btrfs filesystem configuration
+- `roles.nfs-mounts`: NFS mount configuration
+- `roles.darwin`: macOS-specific configurations
 
 Example role usage in machine configuration:
 ```nix
@@ -60,8 +66,9 @@ The repository also uses a modular home-manager role system for user-space confi
 **Role-Based Home Configurations:**
 - `home-desktop.nix`: Full-featured desktop for development workstations
 - `home-media-center.nix`: Living room media consumption and gaming setup (boxy)
-- `home-laptop-compact.nix`: Essential tools only, excludes office/media for storage constraints (nix-book)  
+- `home-laptop-compact.nix`: Essential tools only, excludes office/media for storage constraints (nix-book)
 - `home-live-usb.nix`: Minimal setup for live environments, no persistent services
+- `home-darwin-work.nix`: macOS work laptop configuration
 
 **Machine-Specific Role Usage:**
 - **nix-book**: Compact laptop → excludes office/media roles due to SSD space constraints
@@ -69,10 +76,13 @@ The repository also uses a modular home-manager role system for user-space confi
 - **zix790prors**: All-purpose workstation → full desktop experience with all roles enabled
 - **wixos**: WSL2 development → full desktop experience, inherits from zix790prors Windows host
 - **live-usb**: Temporary environment → only base + desktop roles, no persistent services
+- **johno-macbookpro**: macOS work laptop → Darwin-specific configuration with development tools
 
 ## Common Commands
 
 ### Building and Switching Configurations
+
+**NixOS (Linux):**
 ```bash
 # Build and switch to a specific machine configuration
 sudo nixos-rebuild switch --flake .#<hostname>
@@ -84,12 +94,22 @@ nixos-rebuild build --flake .#<hostname>
 home-manager switch --flake .#johno
 ```
 
+**Darwin (macOS):**
+```bash
+# Build and switch to Darwin configuration
+darwin-rebuild switch --flake .#johno-macbookpro
+
+# Build without switching
+darwin-rebuild build --flake .#johno-macbookpro
+```
+
 ### Available Machine Configurations
 - `nix-book`: Compact laptop with storage constraints, uses `home/home-laptop-compact.nix`
 - `boxy`: Shared living room media center/gaming desktop with AMD GPU, uses `home/home-media-center.nix`
 - `zix790prors`: Powerful all-purpose workstation (gaming, 3D modeling, development), dual-boots Windows 11 with shared btrfs /games partition, uses `home/home-desktop.nix`
 - `wixos`: WSL2 development environment running in Windows partition of zix790prors, uses `home/home-desktop.nix`
 - `live-usb`: Bootable ISO configuration, uses `home/home-live-usb.nix`
+- `johno-macbookpro`: macOS work laptop, uses `home/home-darwin-work.nix`
 
 ### Flake Operations
 ```bash
@@ -110,14 +130,28 @@ sudo ./bootstrap.sh <hostname>
 ```
 This script pulls from the remote git repository and applies the configuration.
 
+### Build Live USB ISO
+Use the provided script to build a bootable ISO:
+```bash
+./build-liveusb.sh
+```
+Creates an ISO suitable for Ventoy and other USB boot tools in `./result/iso/`.
+
 ## Development Workflow
 
 ### Adding New Machines
+
+**NixOS:**
 1. Create new directory in `machines/<hostname>/`
 2. Add `configuration.nix` with role assignments
 3. Include hardware-configuration.nix (generated by nixos-generate-config)
 4. Add nixosConfiguration to flake.nix outputs
 
+**Darwin (macOS):**
+1. Create new directory in `machines/<hostname>/`
+2. Add `configuration.nix` with Darwin role assignments
+3. Add darwinConfiguration to flake.nix outputs
+
 ### Adding New Roles
 1. Create directory in `roles/<role-name>/`
 2. Create `default.nix` with module definition using mkEnableOption

STEAM_DECK_JOVIAN_SETUP.md

@@ -0,0 +1,280 @@
+# Steam Deck (nix-deck) Jovian-NixOS Setup Guide
+
+This document describes the setup for installing and maintaining NixOS with Jovian-NixOS on a Steam Deck.
+
+## Overview
+
+The `nix-deck` configuration provides:
+- **Jovian-NixOS integration** for Steam Deck hardware support
+- **Remote building** using `zix790prors` as the build host
+- **SteamOS role** for easy Steam Deck UI configuration
+- **Compatibility shim** for using Jovian on NixOS 25.05 stable
+
+## Architecture
+
+### Remote Building
+
+The setup uses distributed builds to avoid slow compilation on the Steam Deck:
+
+- **Build Host**: `zix790prors` (powerful desktop)
+  - Runs as a dedicated `nix-builder` user (not root)
+  - Accepts SSH connections from client machines
+  - Performs all heavy compilation work
+
+- **Build Clients**: `nix-book` and `nix-deck`
+  - Automatically offload builds to `zix790prors`
+  - Fall back to local building if remote builder is unavailable
+  - Steam Deck heavily prefers remote (speedFactor=4)
+
+### Jovian-NixOS Integration
+
+- **Jovian module**: Provides Steam Deck hardware support, drivers, and Steam UI
+- **Compatibility layer**: `roles/jovian-compat.nix` provides `services.logind.settings` for NixOS 25.05
+  - **IMPORTANT**: Remove this when upgrading to NixOS 25.11+
+  - An assertion will fail the build if used on 25.11+
+
+- **SteamOS role**: `roles.desktop.steamos` abstracts Jovian configuration
+  ```nix
+  roles.desktop.steamos = {
+    enable = true;
+    autoStart = false;  # Set to true to boot directly to Steam UI
+    desktopSession = "plasmawayland";
+  };
+  ```
+
+## Initial Installation
+
+### Prerequisites
+
+1. Steam Deck in recovery mode or booted to a live Linux environment
+2. SSH access enabled on the Steam Deck
+3. SSH key set up for passwordless authentication
+
+### Option 1: Using nixos-anywhere (Initial Install Only)
+
+```bash
+# From your main machine
+nix run github:nix-community/nixos-anywhere -- \
+  --flake .#nix-deck \
+  root@<steam-deck-ip>
+```
+
+**Note**: This is only for the initial install. For updates, see below.
+
+### Option 2: Manual Installation
+
+1. Boot Steam Deck from NixOS installer USB
+2. Partition and format the disk
+3. Mount filesystems
+4. Clone this repository
+5. Generate hardware config:
+   ```bash
+   nixos-generate-config --show-hardware-config > /tmp/hw.nix
+   ```
+6. Copy the hardware config content to `machines/nix-deck/hardware-configuration.nix`
+7. Keep the `jovian.devices.steamdeck` settings in the file
+8. Install:
+   ```bash
+   nixos-install --flake .#nix-deck
+   ```
+
+## Updates and Rebuilds
+
+### Method 1: Remote Build and Deploy (Recommended)
+
+Build on your main machine, deploy to Steam Deck:
+
+```bash
+# From nix-book or zix790prors
+nixos-rebuild switch \
+  --flake .#nix-deck \
+  --target-host root@nix-deck \
+  --build-host localhost
+```
+
+### Method 2: On-Device Rebuild (Uses Remote Builder)
+
+The Steam Deck is configured to automatically use `zix790prors` as a remote builder:
+
+```bash
+# SSH into the Steam Deck
+ssh root@nix-deck
+
+# This will automatically build on zix790prors
+nixos-rebuild switch --flake /path/to/nixos-configs#nix-deck
+```
+
+The build will automatically happen on `zix790prors` and be deployed locally.
+
+## Remote Builder Setup
+
+### On the Build Host (zix790prors)
+
+The configuration creates a `nix-builder` user that client machines connect to:
+
+```nix
+roles.remote-build.enableBuilder = true;
+```
+
+### On Client Machines (nix-book, nix-deck)
+
+Configure the remote builder:
+
+```nix
+roles.remote-build.builders = [{
+  hostName = "zix790prors";
+  maxJobs = 16;
+  speedFactor = 4;  # Higher = prefer remote more
+}];
+```
+
+### SSH Key Setup
+
+1. Generate SSH key on the builder host for the `nix-builder` user:
+   ```bash
+   sudo -u nix-builder ssh-keygen -t ed25519 -f /var/lib/nix-builder/.ssh/id_ed25519
+   ```
+
+2. Copy the public key to client machines:
+   ```bash
+   # Add to /var/lib/nix-builder/.ssh/authorized_keys on zix790prors
+   ```
+
+3. On client machines, ensure you can connect:
+   ```bash
+   ssh nix-builder@zix790prors
+   ```
+
+## Configuration Files
+
+### Key Files Created/Modified
+
+- `flake.nix` - Added Jovian input and nix-deck configuration
+- `roles/jovian-compat.nix` - Compatibility shim (remove in 25.11+)
+- `roles/desktop/steamos.nix` - SteamOS/Jovian role abstraction
+- `roles/remote-build/default.nix` - Remote builder role
+- `machines/nix-deck/configuration.nix` - Steam Deck system config
+- `machines/nix-deck/hardware-configuration.nix` - Hardware config (placeholder)
+
+### Example Configuration
+
+```nix
+# machines/nix-deck/configuration.nix
+{
+  roles = {
+    desktop = {
+      enable = true;
+      wayland = true;
+      gaming.enable = true;
+      kde = true;
+      sddm = true;
+      steamos = {
+        enable = true;
+        autoStart = false;  # or true to boot to Steam UI
+        desktopSession = "plasmawayland";
+      };
+    };
+    remote-build.builders = [{
+      hostName = "zix790prors";
+      maxJobs = 16;
+      speedFactor = 4;
+    }];
+  };
+}
+```
+
+## Jovian Features
+
+### Enabled by Default
+
+- Steam Deck hardware support (`jovian.devices.steamdeck.enable`)
+- Steam UI (`jovian.steam.enable`)
+- Decky Loader plugin system (`jovian.decky-loader.enable`)
+
+### Optional Features
+
+Set in the hardware-configuration.nix:
+
+```nix
+jovian.devices.steamdeck = {
+  enable = true;
+  autoUpdate = false;  # Auto-update BIOS/controller firmware
+};
+```
+
+### Manual Firmware Updates
+
+```bash
+# BIOS update
+sudo jupiter-biosupdate
+
+# Controller update
+sudo jupiter-controller-update
+
+# Docking station (connect via USB-C first)
+jupiter-dock-updater
+```
+
+## Troubleshooting
+
+### Remote Builds Not Working
+
+1. Check SSH connectivity:
+   ```bash
+   ssh nix-builder@zix790prors
+   ```
+
+2. Verify builder is trusted:
+   ```bash
+   # On zix790prors
+   nix show-config | grep trusted-users
+   ```
+
+3. Check build logs:
+   ```bash
+   journalctl -u nix-daemon -f
+   ```
+
+### Jovian Not Working
+
+1. Ensure you're on NixOS 25.05 or the compatibility layer is removed for 25.11+
+2. Check Jovian is imported in flake.nix
+3. Verify hardware config has `jovian.devices.steamdeck.enable = true`
+
+### Compatibility Layer Issues
+
+If you see an error about `jovian-compat.nix` being incompatible:
+
+1. You're running NixOS 25.11 or later
+2. Remove `./roles/jovian-compat.nix` from `flake.nix`
+3. Jovian should work natively on 25.11+
+
+## Future Upgrades
+
+### Upgrading to NixOS 25.11
+
+1. Update `nixpkgs` input in flake.nix to 25.11
+2. Remove `./roles/jovian-compat.nix` from flake.nix imports
+3. The assertion in jovian-compat.nix will prevent accidental use
+4. Test the build
+5. Deploy
+
+### Switching to Unstable
+
+If you need Jovian to follow unstable nixpkgs:
+
+1. Edit `flake.nix`:
+   ```nix
+   jovian = {
+     url = "github:Jovian-Experiments/Jovian-NixOS";
+     inputs.nixpkgs.follows = "nixpkgs-unstable";
+   };
+   ```
+
+2. This only affects Jovian packages, not your base system
+
+## Additional Resources
+
+- [Jovian-NixOS Documentation](https://jovian-experiments.github.io/Jovian-NixOS/)
+- [Jovian Steam Deck Guide](https://jovian-experiments.github.io/Jovian-NixOS/devices/valve-steam-deck/)
+- [NixOS Remote Builds](https://nixos.org/manual/nix/stable/advanced-topics/distributed-builds.html)

flake.lock

@@ -3,11 +3,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1747046372,
-        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "lastModified": 1761588595,
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
         "type": "github"
       },
       "original": {
@@ -23,11 +23,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1752428473,
-        "narHash": "sha256-IsE7fdAYbRlZuc0H5FtPfhhuHvlxnDGoAxdlnjpVNCU=",
+        "lastModified": 1761423376,
+        "narHash": "sha256-pMy3cnUFfue4vz/y0jx71BfcPGxZf+hk/DtnzWvfU0c=",
         "ref": "refs/heads/main",
-        "rev": "1fad66b55144ab6beaecd900172a21ac3c34dc52",
-        "revCount": 10,
+        "rev": "a1f695665771841a988afc965526cbf99160cd77",
+        "revCount": 11,
         "type": "git",
         "url": "https://git.johnogle.info/johno/google-cookie-retrieval.git"
       },
@@ -43,30 +43,116 @@
         ]
       },
       "locked": {
-        "lastModified": 1755914636,
-        "narHash": "sha256-VJ+Gm6YsHlPfUCpmRQxvdiZW7H3YPSrdVOewQHAhZN8=",
+        "lastModified": 1758463745,
+        "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "8b55a6ac58b678199e5bba701aaff69e2b3281c0",
+        "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
+        "ref": "release-25.05",
         "repo": "home-manager",
         "type": "github"
       }
     },
+    "home-manager-unstable": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-unstable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1763416652,
+        "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "master",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "jovian": {
+      "inputs": {
+        "nix-github-actions": "nix-github-actions",
+        "nixpkgs": [
+          "nixpkgs-unstable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1763223001,
+        "narHash": "sha256-Hi6XxTJJjKsDrO+D0fYXS88ehCYzQkZlp9qxX1zoM1s=",
+        "owner": "Jovian-Experiments",
+        "repo": "Jovian-NixOS",
+        "rev": "68a1bcc019378272e601558719f82005a80ddab0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Jovian-Experiments",
+        "repo": "Jovian-NixOS",
+        "type": "github"
+      }
+    },
+    "nix-darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1762912391,
+        "narHash": "sha256-4hpBE7bGd24SfD28rzMdUGXsLsNEYxCCrTipFdoqoNM=",
+        "owner": "nix-darwin",
+        "repo": "nix-darwin",
+        "rev": "d76299b2cd01837c4c271a7b5186e3d5d8ebd126",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-darwin",
+        "ref": "nix-darwin-25.05",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
+    "nix-github-actions": {
+      "inputs": {
+        "nixpkgs": [
+          "jovian",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1729697500,
+        "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
+        "owner": "zhaofengli",
+        "repo": "nix-github-actions",
+        "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
+        "type": "github"
+      },
+      "original": {
+        "owner": "zhaofengli",
+        "ref": "matrix-name",
+        "repo": "nix-github-actions",
+        "type": "github"
+      }
+    },
     "nixos-wsl": {
       "inputs": {
         "flake-compat": "flake-compat",
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1755261305,
-        "narHash": "sha256-EOqCupB5X5WoGVHVcfOZcqy0SbKWNuY3kq+lj1wHdu8=",
+        "lastModified": 1763385941,
+        "narHash": "sha256-99CBNgyMvg3Zu/hxqixtShevrF4Kfr/qjtizQ6oseVI=",
         "owner": "nix-community",
         "repo": "NixOS-WSL",
-        "rev": "203a7b463f307c60026136dd1191d9001c43457f",
+        "rev": "cc6483354b236c2fc95cc1d4ba1f0f40b7345e69",
         "type": "github"
       },
       "original": {
@@ -78,11 +164,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1754725699,
-        "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=",
+        "lastModified": 1762977756,
+        "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054",
+        "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
         "type": "github"
       },
       "original": {
@@ -92,13 +178,13 @@
         "type": "github"
       }
     },
-    "nixpkgs_2": {
+    "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1755615617,
-        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
+        "lastModified": 1763283776,
+        "narHash": "sha256-Y7TDFPK4GlqrKrivOcsHG8xSGqQx3A6c+i7novT85Uk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
+        "rev": "50a96edd8d0db6cc8db57dab6bb6d6ee1f3dc49a",
         "type": "github"
       },
       "original": {
@@ -108,6 +194,22 @@
         "type": "github"
       }
     },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1763049705,
+        "narHash": "sha256-A5LS0AJZ1yDPTa2fHxufZN++n8MCmtgrJDtxFxrH4S8=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "3acb677ea67d4c6218f33de0db0955f116b7588c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "plasma-manager": {
       "inputs": {
         "home-manager": [
@@ -118,11 +220,34 @@
         ]
       },
       "locked": {
-        "lastModified": 1754501628,
-        "narHash": "sha256-FExJ54tVB5iu7Dh2tLcyCSWpaV+lmUzzWKZUkemwXvo=",
+        "lastModified": 1762784320,
+        "narHash": "sha256-odsk96Erywk5hs0dhArF38zb7Oe0q6LZ70gXbxAPKno=",
         "owner": "nix-community",
         "repo": "plasma-manager",
-        "rev": "cca090f8115c4172b9aef6c5299ae784bdd5e133",
+        "rev": "7911a0f8a44c7e8b29d031be3149ee8943144321",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "plasma-manager",
+        "type": "github"
+      }
+    },
+    "plasma-manager-unstable": {
+      "inputs": {
+        "home-manager": [
+          "home-manager-unstable"
+        ],
+        "nixpkgs": [
+          "nixpkgs-unstable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1762784320,
+        "narHash": "sha256-odsk96Erywk5hs0dhArF38zb7Oe0q6LZ70gXbxAPKno=",
+        "owner": "nix-community",
+        "repo": "plasma-manager",
+        "rev": "7911a0f8a44c7e8b29d031be3149ee8943144321",
         "type": "github"
       },
       "original": {
@@ -135,9 +260,14 @@
       "inputs": {
         "google-cookie-retrieval": "google-cookie-retrieval",
         "home-manager": "home-manager",
+        "home-manager-unstable": "home-manager-unstable",
+        "jovian": "jovian",
+        "nix-darwin": "nix-darwin",
         "nixos-wsl": "nixos-wsl",
         "nixpkgs": "nixpkgs_2",
-        "plasma-manager": "plasma-manager"
+        "nixpkgs-unstable": "nixpkgs-unstable",
+        "plasma-manager": "plasma-manager",
+        "plasma-manager-unstable": "plasma-manager-unstable"
       }
     }
   },

flake.nix

@@ -2,45 +2,132 @@
   description = "A very basic flake";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
     nixos-wsl.url = "github:nix-community/NixOS-WSL/main";
+    
+    nix-darwin = {
+      url = "github:nix-darwin/nix-darwin/nix-darwin-25.05";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
 
     home-manager = {
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager/release-25.05";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    home-manager-unstable = {
+      url = "github:nix-community/home-manager/master";
+      inputs.nixpkgs.follows = "nixpkgs-unstable";
+    };
+
     plasma-manager = {
       url = "github:nix-community/plasma-manager";
       inputs.nixpkgs.follows = "nixpkgs";
       inputs.home-manager.follows = "home-manager";
     };
 
+    plasma-manager-unstable = {
+      url = "github:nix-community/plasma-manager";
+      inputs.nixpkgs.follows = "nixpkgs-unstable";
+      inputs.home-manager.follows = "home-manager-unstable";
+    };
+
     google-cookie-retrieval = {
       url = "git+https://git.johnogle.info/johno/google-cookie-retrieval.git";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    jovian = {
+      url = "github:Jovian-Experiments/Jovian-NixOS";
+      inputs.nixpkgs.follows = "nixpkgs-unstable";
+    };
   };
 
-  outputs = { self, nixpkgs, nixos-wsl, ... } @ inputs: let
-    baseModules = [
+  outputs = { self, nixpkgs, nixpkgs-unstable, nixos-wsl, ... } @ inputs: let
+    nixosModules = [
       ./roles
+    ] ++ [
+      ./roles/jovian-compat.nix
       inputs.home-manager.nixosModules.home-manager
       {
+        nixpkgs.overlays = [
+          (final: prev: {
+            unstable = import nixpkgs-unstable {
+              system = prev.system;
+              config.allowUnfree = true;
+            };
+            custom = prev.callPackage ./packages {};
+            # Compatibility: bitwarden renamed to bitwarden-desktop in unstable
+            bitwarden-desktop = prev.bitwarden-desktop or prev.bitwarden;
+          })
+        ];
         home-manager.useGlobalPkgs = true;
         home-manager.useUserPackages = true;
         home-manager.sharedModules = [
-          inputs.plasma-manager.homeManagerModules.plasma-manager
+          inputs.plasma-manager.homeModules.plasma-manager
         ];
         home-manager.extraSpecialArgs = {
           globalInputs = inputs;
         };
       }
     ];
+    # Modules for unstable-based systems (like nix-deck)
+    nixosModulesUnstable = [
+      ./roles
+    ] ++ [
+      inputs.home-manager-unstable.nixosModules.home-manager
+      inputs.jovian.nixosModules.jovian
+      {
+        nixpkgs.overlays = [
+          (final: prev: {
+            unstable = import nixpkgs-unstable {
+              system = prev.system;
+              config.allowUnfree = true;
+            };
+            custom = prev.callPackage ./packages {};
+            # Compatibility: bitwarden renamed to bitwarden-desktop in unstable
+            bitwarden-desktop = prev.bitwarden-desktop or prev.bitwarden;
+          })
+        ];
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.sharedModules = [
+          inputs.plasma-manager-unstable.homeModules.plasma-manager
+        ];
+        home-manager.extraSpecialArgs = {
+          globalInputs = inputs;
+        };
+      }
+    ];
+    darwinModules = [
+      ./roles/darwin.nix
+    ] ++ [
+      inputs.home-manager.darwinModules.home-manager
+      {
+        nixpkgs.overlays = [
+          (final: prev: {
+            unstable = import nixpkgs-unstable {
+              system = prev.system;
+              config.allowUnfree = true;
+            };
+            custom = prev.callPackage ./packages {};
+            # Compatibility: bitwarden renamed to bitwarden-desktop in unstable
+            bitwarden-desktop = prev.bitwarden-desktop or prev.bitwarden;
+          })
+        ];
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.extraSpecialArgs = {
+          globalInputs = inputs;
+        };
+      }
+    ];
+
   in {
     nixosConfigurations.nix-book = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/nix-book/configuration.nix
         {
           home-manager.users.johno = {
@@ -57,7 +144,7 @@
 
     nixosConfigurations.boxy = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/boxy/configuration.nix
         inputs.home-manager.nixosModules.home-manager
         {
@@ -69,7 +156,7 @@
 
     nixosConfigurations.wixos = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         nixos-wsl.nixosModules.default
         ./machines/wixos/configuration.nix
         inputs.home-manager.nixosModules.home-manager
@@ -82,7 +169,7 @@
 
     nixosConfigurations.zix790prors = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/zix790prors/configuration.nix
         inputs.home-manager.nixosModules.home-manager
         {
@@ -95,7 +182,7 @@
     # Live USB ISO configuration
     nixosConfigurations.live-usb = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/live-usb/configuration.nix
         {
           home-manager.users.nixos = import ./home/home-live-usb.nix;
@@ -104,42 +191,28 @@
       ];
     };
 
-    # Standalone home-manager configurations for non-NixOS systems
-    homeConfigurations."johno@desktop" = inputs.home-manager.lib.homeManagerConfiguration {
-      pkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
-      modules = [
-        inputs.plasma-manager.homeManagerModules.plasma-manager
-        ./home/home-desktop.nix
+    # Steam Deck configuration (using unstable for better Jovian compatibility)
+    nixosConfigurations.nix-deck = nixpkgs-unstable.lib.nixosSystem rec {
+      system = "x86_64-linux";
+      modules = nixosModulesUnstable ++ [
+        ./machines/nix-deck/configuration.nix
+        {
+          home-manager.users.johno = import ./home/home-desktop.nix;
+          home-manager.extraSpecialArgs = { inherit system; };
+        }
       ];
-      extraSpecialArgs = {
-        system = "x86_64-linux";
-        globalInputs = inputs;
-      };
     };
 
-    homeConfigurations."johno@laptop-compact" = inputs.home-manager.lib.homeManagerConfiguration {
-      pkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
-      modules = [
-        inputs.plasma-manager.homeManagerModules.plasma-manager
-        ./home/home-laptop-compact.nix
+    # Darwin/macOS configurations
+    darwinConfigurations."blkfv4yf49kt7" = inputs.nix-darwin.lib.darwinSystem rec {
+      system = "aarch64-darwin";
+      modules = darwinModules ++ [
+        ./machines/johno-macbookpro/configuration.nix
+        {
+          home-manager.users.johno = import ./home/home-darwin-work.nix;
+          home-manager.extraSpecialArgs = { inherit system; };
+        }
       ];
-      extraSpecialArgs = {
-        system = "x86_64-linux";
-        globalInputs = inputs;
-      };
-    };
-
-    # Legacy configuration for backward compatibility
-    homeConfigurations."johno" = inputs.home-manager.lib.homeManagerConfiguration {
-      pkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
-      modules = [
-        inputs.plasma-manager.homeManagerModules.plasma-manager
-        ./home/home-desktop.nix
-      ];
-      extraSpecialArgs = {
-        system = "x86_64-linux";
-        globalInputs = inputs;
-      };
     };
   };
 }

home/home-darwin-work.nix

@@ -0,0 +1,233 @@
+{ config, lib, pkgs, globalInputs, system, ... }:
+
+let
+  leader = "cmd"; # Change this to experiment with different leader keys (e.g., "cmd", "ctrl")
+in
+{
+  # Home Manager configuration for Darwin work laptop
+  # Corporate-friendly setup with essential development tools
+
+  home.username = lib.mkForce "johno";
+  home.homeDirectory = lib.mkForce "/Users/johno";
+  home.stateVersion = "24.05";
+
+  # System packages
+  home.packages = with pkgs; [
+    autoraise
+  ];
+
+  # Note: ghostty installed via Homebrew (managed outside of nix)
+
+  # Auto-start autoraise on login
+  launchd.agents.autoraise = {
+    enable = true;
+    config = {
+      ProgramArguments = [
+        "${pkgs.autoraise}/bin/AutoRaise"
+        "-pollMillis" "50"
+        "-delay" "2"
+        "-focusDelay" "2"
+      ];
+      RunAtLoad = true;
+      KeepAlive = true;
+    };
+  };
+
+  # Auto-start aerospace on login
+  # NOTE: In 25.11+, this can be simplified to `programs.aerospace.launchd.enable = true`
+  launchd.agents.aerospace = {
+    enable = true;
+    config = {
+      Program = "${pkgs.aerospace}/Applications/AeroSpace.app/Contents/MacOS/AeroSpace";
+      RunAtLoad = true;
+      KeepAlive = true;
+      StandardOutPath = "/tmp/aerospace.log";
+      StandardErrorPath = "/tmp/aerospace.err.log";
+    };
+  };
+
+  # Override Darwin-incompatible settings from base role
+  programs.rbw.settings.pinentry = lib.mkForce pkgs.pinentry_mac;
+
+  # Disable Home Manager from managing shell RC files
+  # topsoil/compost will manage these files instead
+  programs.bash.enable = lib.mkForce false;
+  programs.zsh.enable = lib.mkForce false;
+
+  # Create a local nix integration file that topsoil-managed configs can source
+  home.file.".nix-integration.sh" = {
+    text = ''
+      # Source Home Manager session variables (nix paths, environment, etc.)
+      if [ -e /etc/profiles/per-user/johno/etc/profile.d/hm-session-vars.sh ]; then
+        . /etc/profiles/per-user/johno/etc/profile.d/hm-session-vars.sh
+      fi
+
+      # Setup bash completions from nix profiles
+      if [[ ! -v BASH_COMPLETION_VERSINFO ]] && [ -n "$NIX_PROFILES" ]; then
+        for profile in $NIX_PROFILES; do
+          if [ -f "$profile/etc/profile.d/bash_completion.sh" ]; then
+            . "$profile/etc/profile.d/bash_completion.sh"
+            break
+          fi
+        done
+      fi
+
+      # command-not-found handler
+      command_not_found_handle() {
+        local p=/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite
+        if [ -n "$NIX_PROFILES" ]; then
+          for profile in $NIX_PROFILES; do
+            if [ -x "$profile/bin/command-not-found" ] && [ -f "$p" ]; then
+              "$profile/bin/command-not-found" "$@"
+              return $?
+            fi
+          done
+        fi
+        echo "$1: command not found" >&2
+        return 127
+      }
+    '';
+  };
+
+  home.file.".nix-integration.zsh" = {
+    text = ''
+      # Source Home Manager session variables (nix paths, environment, etc.)
+      if [ -e /etc/profiles/per-user/johno/etc/profile.d/hm-session-vars.sh ]; then
+        . /etc/profiles/per-user/johno/etc/profile.d/hm-session-vars.sh
+      fi
+
+      # Setup zsh completions from nix profiles
+      typeset -U path cdpath fpath manpath
+      for profile in ''${(z)NIX_PROFILES}; do
+        fpath+=($profile/share/zsh/site-functions $profile/share/zsh/$ZSH_VERSION/functions $profile/share/zsh/vendor-completions)
+      done
+      autoload -U compinit && compinit
+
+      # command-not-found handler
+      command_not_found_handler() {
+        local p=/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite
+        if [ -n "$NIX_PROFILES" ]; then
+          for profile in ''${(z)NIX_PROFILES}; do
+            if [ -x "$profile/bin/command-not-found" ] && [ -f "$p" ]; then
+              "$profile/bin/command-not-found" "$@"
+              return $?
+            fi
+          done
+        fi
+        echo "$1: command not found" >&2
+        return 127
+      }
+    '';
+  };
+
+  # Keep SSH and Git disabled to avoid conflicts with work environment
+  programs.ssh.enable = lib.mkForce false;
+  programs.git.enable = lib.mkForce false;
+  programs.rbw.enable = lib.mkForce false;
+
+  home.shell.enableShellIntegration = true;
+
+  # TODO: Move this to its own role and/or module
+  programs.aerospace = {
+    enable = true;
+    userSettings.mode.main.binding = {
+      "${leader}-slash" = "layout tiles horizontal vertical";
+      "${leader}-comma" = "layout accordion horizontal vertical";
+      "${leader}-shift-q" = "close";
+      "${leader}-shift-f" = "fullscreen";
+      "${leader}-h" = "focus left";
+      "${leader}-j" = "focus down";
+      "${leader}-k" = "focus up";
+      "${leader}-l" = "focus right";
+      "${leader}-shift-h" = "move left";
+      "${leader}-shift-j" = "move down";
+      "${leader}-shift-k" = "move up";
+      "${leader}-shift-l" = "move right";
+      "${leader}-minus" = "resize smart -50";
+      "${leader}-equal" = "resize smart +50";
+      "${leader}-1" = "workspace 1";
+      "${leader}-2" = "workspace 2";
+      "${leader}-3" = "workspace 3";
+      "${leader}-4" = "workspace 4";
+      "${leader}-5" = "workspace 5";
+      "${leader}-6" = "workspace 6";
+      "${leader}-7" = "workspace 7";
+      "${leader}-8" = "workspace 8";
+      "${leader}-9" = "workspace 9";
+      "${leader}-0" = "workspace 10";
+      "${leader}-shift-1" = "move-node-to-workspace 1";
+      "${leader}-shift-2" = "move-node-to-workspace 2";
+      "${leader}-shift-3" = "move-node-to-workspace 3";
+      "${leader}-shift-4" = "move-node-to-workspace 4";
+      "${leader}-shift-5" = "move-node-to-workspace 5";
+      "${leader}-shift-6" = "move-node-to-workspace 6";
+      "${leader}-shift-7" = "move-node-to-workspace 7";
+      "${leader}-shift-8" = "move-node-to-workspace 8";
+      "${leader}-shift-9" = "move-node-to-workspace 9";
+      "${leader}-shift-0" = "move-node-to-workspace 10";
+      "${leader}-tab" = "workspace-back-and-forth";
+      "${leader}-shift-tab" = "move-workspace-to-monitor --wrap-around next";
+
+      "${leader}-enter" = ''
+        exec-and-forget osascript <<'APPLESCRIPT'
+        tell application "Ghostty"
+            activate
+            tell application "System Events"
+                keystroke "n" using {command down}
+            end tell
+        end tell
+        APPLESCRIPT
+      '';
+
+      "${leader}-shift-enter" = ''
+        exec-and-forget osascript <<'APPLESCRIPT'
+        tell application "Google Chrome"
+            set newWindow to make new window
+            activate
+            tell newWindow to set index to 1
+        end tell
+        APPLESCRIPT
+      '';
+
+      "${leader}-shift-e" = "exec-and-forget zsh --login -c \"emacsclient -c -n\"";
+
+      # Service mode: Deliberate aerospace window management
+      "${leader}-i" = "mode service";
+
+      # Passthrough mode: Temporarily disable aerospace to use macOS shortcuts
+      # Press Cmd-P, then use any macOS shortcut (like Cmd-K in Slack), then press Cmd-P again to exit
+      "${leader}-p" = "mode passthrough";
+    };
+
+    # Service mode: For deliberate aerospace window management operations
+    userSettings.mode.service.binding = {
+      esc = ["reload-config" "mode main"];
+      r = ["flatten-workspace-tree" "mode main"]; # reset layout
+      f = ["layout floating tiling" "mode main"]; # Toggle between floating and tiling layout
+      backspace = ["close-all-windows-but-current" "mode main"];
+
+      "${leader}-shift-h" = ["join-with left" "mode main"];
+      "${leader}-shift-j" = ["join-with down" "mode main"];
+      "${leader}-shift-k" = ["join-with up" "mode main"];
+      "${leader}-shift-l" = ["join-with right" "mode main"];
+    };
+
+    # Passthrough mode: All shortcuts pass through to macOS
+    # This mode has minimal bindings - just ways to exit back to main mode
+    userSettings.mode.passthrough.binding = {
+      esc = "mode main";
+      "${leader}-p" = "mode main";  # Toggle back with same key (Cmd-P)
+    };
+  };
+
+  home.roles = {
+    base.enable = true;
+  };
+
+  imports = [
+    ./roles
+    ./modules/emacs
+    ./modules/kubectl
+    ./modules/tmux
+  ];
+}

home/home-desktop.nix

@@ -1,11 +1,6 @@
 { pkgs, globalInputs, system, ... }:
 
-let
-  customPkgs = pkgs.callPackage ../packages {};
-in
 {
-  # Provide arguments to role modules
-  _module.args = { inherit customPkgs; };
   # Home Manager configuration for full desktop experience
   home.username = "johno";
   home.homeDirectory = "/home/johno";

home/home-laptop-compact.nix

@@ -1,11 +1,6 @@
 { config, lib, pkgs, globalInputs, system, ... }:
 
-let
-  customPkgs = pkgs.callPackage ../packages {};
-in
 {
-  # Provide arguments to role modules
-  _module.args = { inherit customPkgs; };
   # Home Manager configuration for compact laptop setups
   # Optimized for space-constrained environments
   

home/home-live-usb.nix

@@ -1,11 +1,6 @@
 { pkgs, globalInputs, system, ... }:
 
-let
-  customPkgs = pkgs.callPackage ../packages {};
-in
 {
-  # Provide arguments to role modules
-  _module.args = { inherit customPkgs; };
   # Home Manager configuration for live USB environments
   # Minimal setup without persistent services
   

home/home-media-center.nix

@@ -1,11 +1,6 @@
 { pkgs, globalInputs, system, ... }:
 
-let
-  customPkgs = pkgs.callPackage ../packages {};
-in
 {
-  # Provide arguments to role modules
-  _module.args = { inherit customPkgs; };
   # Home Manager configuration for media center setups
   # Optimized for living room media consumption and gaming
   

home/modules/emacs/default.nix

@@ -9,20 +9,28 @@ let
     rev = "8f55404781edacf66fa330205533b002de3fb5ee";
     sha256 = "sha256-vHwgENjip2+AFzs4oZfnKEAJKwf5Zid7fakImvxxQUw=";
   };
+
+  # Shared emacs packages
+  emacsPackages = epkgs: [
+    epkgs.vterm
+    epkgs.treesit-grammars.with-all-grammars
+  ];
+
+  # Default emacs configuration with vterm support
+  defaultEmacsPackage = 
+    if pkgs.stdenv.isDarwin 
+    then pkgs.emacs-macport.pkgs.withPackages emacsPackages
+    else pkgs.emacs.pkgs.withPackages emacsPackages;
 in
 {
   config = {
     home.packages = [
-      (pkgs.emacs.pkgs.withPackages (epkgs: [
-        epkgs.vterm
-      ]))
-
       pkgs.emacs-all-the-icons-fonts
       pkgs.fira-code
       pkgs.fontconfig
       pkgs.graphviz
       pkgs.isort
-      pkgs.libvterm # native vterm library
+      #pkgs.libvterm # native vterm library
       pkgs.nerd-fonts.fira-code
       pkgs.nerd-fonts.droid-sans-mono
       pkgs.nil # nix lsp language server
@@ -33,9 +41,18 @@ in
       pkgs.python3
     ];
 
+    programs.emacs = {
+      enable = true;
+      package = defaultEmacsPackage;
+    };
+
     fonts.fontconfig.enable = true;
 
-    home.file."${config.xdg.configHome}/emacs".source = doomEmacs;
+    # Mount emacs and tree-sitter grammars from nix store
+    home.file = {
+      "${config.xdg.configHome}/emacs".source = doomEmacs;
+    };
+
     home.sessionPath = [
       "${config.xdg.configHome}/emacs/bin"
     ];
@@ -45,11 +62,11 @@ in
       DOOMLOCALDIR = "${config.xdg.dataHome}/doom";
     };
 
+    # TODO: Use mkOutOfStoreSymlink instead?
     home.activation.doomConfig = lib.hm.dag.entryAfter ["writeBoundary"] ''
-      if [ ! -L "${config.xdg.configHome}/doom" ]; then
-        rm -rf "${config.xdg.configHome}/doom"
-        ln -sf "${./doom}" "${config.xdg.configHome}/doom"
-      fi
+      # Always remove and recreate the symlink to ensure it points to the source directory
+      rm -rf "${config.xdg.configHome}/doom"
+      ln -sf "${config.home.homeDirectory}/nixos-configs/home/modules/emacs/doom" "${config.xdg.configHome}/doom"
     '';
   };
 }

home/modules/emacs/doom/config.el

@@ -30,10 +30,20 @@
 ;; wasn't installed correctly. Font issues are rarely Doom issues!
 (setq doom-font (font-spec :family "Fira Code"))
 
+;; Auto-install nerd-icons fonts if they're missing
+(defun my/ensure-nerd-icons-fonts ()
+  "Check if nerd-icons fonts are installed and install them if missing."
+  (when (display-graphic-p)
+    (unless (find-font (font-spec :name "Symbols Nerd Font Mono"))
+      (when (fboundp 'nerd-icons-install-fonts)
+        (nerd-icons-install-fonts t)))))
+
+(add-hook 'doom-init-ui-hook #'my/ensure-nerd-icons-fonts)
+
 ;; There are two ways to load a theme. Both assume the theme is installed and
 ;; available. You can either set `doom-theme' or manually load a theme with the
 ;; `load-theme' function. This is the default:
-(setq doom-theme 'doom-one)
+(setq doom-theme 'doom-tokyo-night)
 
 ;; This determines the style of line numbers in effect. If set to `nil', line
 ;; numbers are disabled. For relative line numbers, set this to `relative'.
@@ -44,6 +54,7 @@
 (setq org-directory "~/org/")
 (after! org
   (setq org-agenda-span 'week
+        org-agenda-start-with-log-mode t
         my-agenda-dirs '("projects" "roam")
         org-agenda-files (cons org-directory (mapcan (lambda (x) (directory-files-recursively
                                                                   (expand-file-name x org-directory)
@@ -62,6 +73,13 @@
           '(("t" "Todo" entry (file+headline "~/org/todo.org" "Inbox")
              "* TODO %? \n %i \n%a" :prepend t))))
 
+(map! :after org-agenda
+      :map org-agenda-mode-map
+      :localleader
+      (:prefix ("v" . "view")
+       "d" #'org-agenda-day-view
+       "w" #'org-agenda-week-view))
+
 ;; (use-package! org-caldav
 ;;   :defer t
 ;;   :config

home/modules/emacs/doom/init.el

@@ -33,7 +33,7 @@
        doom              ; what makes DOOM look the way it does
        doom-dashboard    ; a nifty splash screen for Emacs
        ;;doom-quit         ; DOOM quit-message prompts when you quit Emacs
-       (emoji +unicode)  ; 🙂
+       ;;(emoji +unicode)  ; 🙂
        hl-todo           ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
        ;;indent-guides     ; highlighted indent columns
        ;;ligatures         ; ligatures and symbols to make your code pretty again

home/modules/i3+sway/default.nix

@@ -1,20 +1,18 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 
 with lib;
 
 let
   cfg = config.home.i3_sway;
-  i3_cfg = config.xsession.windowManager.i3.config;
 
   shared_config = recursiveUpdate rec {
     modifier = "Mod4";
-    terminal = "kitty";
+    terminal = "ghostty";
     defaultWorkspace = "workspace number 1";
 
     keybindings = {
       "${shared_config.modifier}+Return" = "exec ${terminal}";
       "${shared_config.modifier}+Shift+q" = "kill";
-      "${shared_config.modifier}+d" = "exec ${i3_cfg.menu}";
 
       "${shared_config.modifier}+h" = "focus left";
       "${shared_config.modifier}+j" = "focus down";
@@ -38,7 +36,7 @@ let
 
       #"${shared_config.modifier}+h" = "split h";
       "${shared_config.modifier}+v" = "split v";
-      "${shared_config.modifier}+f" = "fullscreen toggle";
+      "${shared_config.modifier}+Shift+f" = "fullscreen toggle";
 
       "${shared_config.modifier}+s" = "layout stacking";
       "${shared_config.modifier}+w" = "layout tabbed";
@@ -89,8 +87,8 @@ let
 
       "${shared_config.modifier}+r" = "mode resize";
 
-      "XF86MonBrightnessUp" = "exec brightnessctl s +5%";
-      "XF86MonBrightnessDown" = "exec brightnessctl s 5%-";
+      "XF86MonBrightnessUp" = "exec ddcutil setvcp 10 + 5";
+      "XF86MonBrightnessDown" = "exec ddcutil setvcp 10 - 5";
     };
   } cfg.extraSharedConfig;
 in {
@@ -107,12 +105,176 @@ in {
   };
 
   config = {
+    # i3blocks configuration file
+    home.file.".config/i3blocks/config".text = ''
+      # i3blocks config - replicating waybar setup
+      separator_block_width=15
+      markup=pango
+
+      [disk]
+      command=df -h / | awk 'NR==2 {print "💾 " $5}'
+      interval=30
+      separator=true
+
+      [cpu]
+      command=top -bn1 | grep "Cpu(s)" | sed "s/.*, *\([0-9.]*\)%* id.*/\1/" | awk '{print "🧠 " int(100 - $1) "%"}'
+      interval=2
+      separator=true
+
+      [memory]
+      command=free | awk 'NR==2 {printf "🐏 %.0f%%\n", $3*100/$2}'
+      interval=5
+      separator=true
+
+      [pulseaudio]
+      command=${pkgs.writeShellScript "i3blocks-pulseaudio" ''
+        volume=$(pactl get-sink-volume @DEFAULT_SINK@ | grep -Po '\d+%' | head -1)
+        muted=$(pactl get-sink-mute @DEFAULT_SINK@ | grep -o 'yes')
+        if [ "$muted" = "yes" ]; then
+          echo "🔇"
+        else
+          vol_num=''${volume%\%}
+          if [ $vol_num -le 33 ]; then
+            echo "🔈 $volume"
+          elif [ $vol_num -le 66 ]; then
+            echo "🔉 $volume"
+          else
+            echo "🔊 $volume"
+          fi
+        fi
+      ''}
+      interval=1
+      signal=10
+      separator=true
+
+      [backlight]
+      command=${pkgs.writeShellScript "i3blocks-backlight" ''
+        if command -v ddcutil &>/dev/null; then
+          # Handle mouse scroll events
+          case $BLOCK_BUTTON in
+            4) ddcutil setvcp 10 + 5 ;;  # Scroll up - increase brightness
+            5) ddcutil setvcp 10 - 5 ;;  # Scroll down - decrease brightness
+          esac
+
+          # Display current brightness
+          brightness=$(ddcutil getvcp 10 2>/dev/null | grep -oP 'current value =\s*\K\d+')
+          if [ -n "$brightness" ]; then
+            echo "☀️ $brightness%"
+          fi
+        fi
+      ''}
+      interval=5
+      separator=true
+
+      [network]
+      command=${pkgs.writeShellScript "i3blocks-network" ''
+        if iwgetid -r &>/dev/null; then
+          ssid=$(iwgetid -r)
+          signal=$(grep "^\s*w" /proc/net/wireless | awk '{print int($3 * 100 / 70)}')
+          echo "📶 $ssid ($signal%)"
+        else
+          ip=$(ip -4 addr show | grep -oP '(?<=inet\s)\d+(\.\d+){3}' | grep -v '127.0.0.1' | head -1)
+          if [ -n "$ip" ]; then
+            echo "🔌 $ip"
+          else
+            echo "❌"
+          fi
+        fi
+      ''}
+      interval=5
+      separator=true
+
+      [battery]
+      command=${pkgs.writeShellScript "i3blocks-battery" ''
+        if [ -d /sys/class/power_supply/BAT0 ]; then
+          capacity=$(cat /sys/class/power_supply/BAT0/capacity)
+          status=$(cat /sys/class/power_supply/BAT0/status)
+
+          if [ "$status" = "Charging" ]; then
+            echo "⚡ $capacity%"
+          else
+            echo "🔋 $capacity%"
+          fi
+        fi
+      ''}
+      interval=10
+      separator=true
+
+      [time]
+      command=date '+%Y-%m-%d %H:%M'
+      interval=1
+      separator=false
+    '';
+
     xsession.windowManager.i3 = let
       base_i3_config = recursiveUpdate shared_config {
-        keybindings = {
+        bars = [{
+          position = "bottom";
+          statusCommand = "${pkgs.i3blocks}/bin/i3blocks";
+          trayOutput = "primary";  # Enable system tray on primary output
+          fonts = {
+            names = [ "Fira Code" "monospace" ];
+            size = 11.0;
+          };
+          colors = {
+            background = "#000000";
+            statusline = "#ffffff";
+            separator = "#666666";
+
+            # Workspace button colors (matching waybar)
+            focusedWorkspace = {
+              border = "#285577";
+              background = "#285577";
+              text = "#ffffff";
+            };
+            activeWorkspace = {
+              border = "#5f676a";
+              background = "#5f676a";
+              text = "#ffffff";
+            };
+            inactiveWorkspace = {
+              border = "#222222";
+              background = "#222222";
+              text = "#888888";
+            };
+            urgentWorkspace = {
+              border = "#900000";
+              background = "#900000";
+              text = "#ffffff";
+            };
+          };
+        }];
+        keybindings = shared_config.keybindings // {
+          "${shared_config.modifier}+d" = "exec rofi -show drun";
           "${shared_config.modifier}+Shift+e" =
             "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
         };
+        startup = [
+          # GNOME polkit authentication agent
+          {
+            command = "/run/current-system/sw/libexec/polkit-gnome-authentication-agent-1";
+            always = false;
+            notification = false;
+          }
+          # Picom compositor for smooth rendering and no tearing (important for Nvidia)
+          {
+            command = "picom --backend glx -b";
+            always = false;
+            notification = false;
+          }
+          # NetworkManager system tray applet
+          {
+            command = "nm-applet";
+            always = false;
+            notification = false;
+          }
+          # Set wallpaper with feh
+          {
+            command = "feh --bg-scale ${../../wallpapers/metroid-samus-returns-kz-3440x1440.jpg}";
+            always = false;
+            notification = false;
+          }
+        ];
       };
     in {
       enable = true;
@@ -121,7 +283,9 @@ in {
 
     wayland.windowManager.sway = let
       base_sway_config = recursiveUpdate shared_config {
-        keybindings = {
+        bars = [];  # Disable default bar, use waybar instead
+        keybindings = shared_config.keybindings // {
+          "${shared_config.modifier}+d" = "exec wofi --show drun";
           "${shared_config.modifier}+Shift+e" =
             "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
         };
@@ -137,10 +301,158 @@ in {
             dwt = "enabled";
           };
         };
+        output = {
+          "*" = {
+            bg = "${../../wallpapers/metroid-samus-returns-kz-3440x1440.jpg} fill";
+          };
+        };
+        startup = [
+          # Launch waybar status bar
+          {
+            command = "waybar";
+            always = false;
+          }
+        ];
       };
     in {
       enable = true;
       config = recursiveUpdate base_sway_config cfg.extraSwayConfig;
     };
+
+    programs.waybar = {
+      enable = true;
+      systemd.enable = false;  # Don't auto-start via systemd - only launch in sway
+      settings = {
+        mainBar = {
+          layer = "top";
+          position = "bottom";
+          height = 30;
+          spacing = 4;
+
+          modules-left = [ "sway/workspaces" "sway/mode" ];
+          modules-center = [ ];
+          modules-right = [ "disk" "cpu" "memory" "pulseaudio" "backlight" "network" "battery" "tray" "clock" ];
+
+          "sway/workspaces" = {
+            disable-scroll = true;
+            all-outputs = true;
+          };
+
+          "clock" = {
+            format = "{:%Y-%m-%d %H:%M}";
+            tooltip-format = "<tt><small>{calendar}</small></tt>";
+            calendar = {
+              mode = "year";
+              mode-mon-col = 3;
+              weeks-pos = "right";
+              on-scroll = 1;
+              format = {
+                months = "<span color='#ffead3'><b>{}</b></span>";
+                days = "<span color='#ecc6d9'><b>{}</b></span>";
+                weeks = "<span color='#99ffdd'><b>W{}</b></span>";
+                weekdays = "<span color='#ffcc66'><b>{}</b></span>";
+                today = "<span color='#ff6699'><b><u>{}</u></b></span>";
+              };
+            };
+          };
+
+          "disk" = {
+            interval = 30;
+            format = "💾 {percentage_used}%";
+            path = "/";
+            tooltip-format = "Used: {used} / {total} ({percentage_used}%)\nFree: {free} ({percentage_free}%)";
+          };
+
+          "cpu" = {
+            format = "🧠 {usage}%";
+            tooltip = false;
+          };
+
+          "memory" = {
+            format = "🐏 {percentage}%";
+            tooltip-format = "RAM: {used:0.1f}G / {total:0.1f}G";
+          };
+
+          "pulseaudio" = {
+            format = "{icon} {volume}%";
+            format-muted = "🔇";
+            format-icons = {
+              headphone = "🎧";
+              default = [ "🔈" "🔉" "🔊" ];
+            };
+            on-click = "pavucontrol";
+          };
+
+          "backlight" = {
+            format = "☀️ {percent}%";
+            tooltip = false;
+          };
+
+          "network" = {
+            format-wifi = "📶 {essid} ({signalStrength}%)";
+            format-ethernet = "🔌 {ipaddr}";
+            format-disconnected = "❌";
+            tooltip-format = "{ifname}: {ipaddr}/{cidr}";
+          };
+
+          "battery" = {
+            states = {
+              warning = 30;
+              critical = 15;
+            };
+            format = "{icon} {capacity}%";
+            format-charging = "⚡ {capacity}%";
+            format-icons = [ "🪫" "🔋" "🔋" "🔋" "🔋" ];
+          };
+
+          "tray" = {
+            spacing = 10;
+          };
+        };
+      };
+      style = ''
+        * {
+          padding: 0 4px;
+          font-family: "Fira Code", monospace;
+          font-size: 13px;
+        }
+
+        #workspaces button {
+          padding: 0 8px;
+          background-color: transparent;
+          color: #ffffff;
+          border: none;
+        }
+
+        #workspaces button.focused {
+          background-color: #285577;
+          font-weight: bold;
+        }
+
+        #workspaces button.visible {
+          background-color: #5f676a;
+        }
+
+        #workspaces button.urgent {
+          background-color: #900000;
+        }
+      '';
+    };
+
+    programs.rofi = {
+      enable = true;
+      theme = "solarized";
+      extraConfig = {
+        modi = "drun,run,window";
+        show-icons = true;
+        drun-display-format = "{name}";
+        disable-history = false;
+        hide-scrollbar = true;
+        display-drun = " Apps";
+        display-run = " Run";
+        display-window = " Windows";
+        sidebar-mode = true;
+      };
+    };
   };
 }

home/modules/plasma-manager/default.nix

@@ -13,10 +13,10 @@
     enable = true;
     overrideConfig = true;
 
-    hotkeys.commands."launch-konsole" = {
-      name = "Launch Konsole";
+    hotkeys.commands."launch-ghostty" = {
+      name = "Launch Ghostty";
       key = "Meta+Return";
-      command = "konsole";
+      command = "ghostty";
     };
 
     shortcuts = {
@@ -92,7 +92,7 @@
         "Window to Desktop 9" = "Meta+(";    # Meta+Shift+9
         "Window to Desktop 10" = "Meta+)";   # Meta+Shift+0
 
-        "view_actual_size" = "Meta+Ctrl+Equal";
+        "view_actual_size" = "Meta+Ctrl+=";
         "view_zoom_in" = ["Meta++" "Meta+=,Meta++" "Meta+=,Zoom In"];
         "view_zoom_out" = "Meta+-";
       };
@@ -131,6 +131,22 @@
         value = 10;
         immutable = true;
       };
+      
+      # Enable KWin tiling features
+      kwinrc.Tiling = {
+        # Enable tiling functionality  
+        "padding" = 4;
+      };
+      
+      # Enable krohnkite plugin automatically
+      kwinrc.Plugins = {
+        krohnkiteEnabled = true;
+      };
+      
+      kwinrc.Effect-overview = {
+        # Configure overview effect for better tiling workflow
+        BorderActivate = 9;  # Top-left corner activation
+      };
 
       kcminputrc.Libinput = {
         AccelerationProfile = "adaptive";
@@ -143,6 +159,20 @@
       };
 
       kdeglobals.KDE.LookAndFeelPackage = "org.kde.breezedark.desktop";
+
+      # Focus follows mouse configuration
+      kwinrc.Windows = {
+        FocusPolicy = "FocusFollowsMouse";
+        AutoRaise = true;  # Set to true if you want windows to auto-raise on focus
+        AutoRaiseInterval = 750;  # Delay in ms before auto-raise (if enabled)
+        DelayFocusInterval = 0;  # Delay in ms before focus follows mouse
+      };
+
+      # Desktop wallpaper configuration
+      plasma-localerc.Formats.LANG = "en_US.UTF-8";
+      
+      # Set wallpaper for all desktops
+      plasmarc.Wallpapers.usersWallpapers = "${../../wallpapers/metroid-samus-returns-kz-3440x1440.jpg}";
     };
   };
 }

home/roles/base/default.nix

@@ -12,8 +12,8 @@ in
 
   config = mkIf cfg.enable {
     home.packages = with pkgs; [
-      # Core CLI utilities
       fd
+      glances
       gzip
       htop
       killall
@@ -21,12 +21,7 @@ in
       ncdu
       shellcheck
       tmux
-      
-      # Development/automation tools that are widely used
-      claude-code
-      codex
-      goose-cli
-      pandoc
+      tree
     ];
 
     # Essential programs everyone needs
@@ -83,4 +78,4 @@ in
 
     # Note: modules must be imported at top-level home config
   };
-}
+}

home/roles/communication/default.nix

@@ -14,7 +14,7 @@ in
     home.packages = [
       # Communication apps
       pkgs.element-desktop
-      pkgs.fluffychat
+      #pkgs.fluffychat #marked insecure as of nixos 25.05
       pkgs.nextcloud-talk-desktop
       
       # For logging back into google chat

home/roles/desktop/default.nix

@@ -13,21 +13,62 @@ in
   config = mkIf cfg.enable {
     home.packages = with pkgs; [
       # Desktop applications
-      bitwarden
+      bitwarden-desktop
       dunst
       keepassxc
-      kitty
+      unstable.ghostty
       
       # Desktop utilities
+      feh # Image viewer and wallpaper setter for X11
+      rofi # Application launcher for X11
       solaar # Logitech management software
       waybar
-      wofi
+      wofi # Application launcher for Wayland
+      xdg-utils # XDG utilities for opening files/URLs with default applications
       
       # System utilities with GUI components
       (snapcast.override { pulseaudioSupport = true; })
       
       # KDE tiling window management
       kdePackages.krohnkite  # Dynamic tiling extension for KWin 6
+      
+      # KDE PIM applications for email, calendar, and contacts
+      kdePackages.kmail
+      kdePackages.kmail-account-wizard
+      kdePackages.kmailtransport
+      kdePackages.korganizer
+      kdePackages.kaddressbook
+      kdePackages.kontact
+      
+      # KDE System components needed for proper integration
+      kdePackages.kded
+      kdePackages.systemsettings
+      kdePackages.kmenuedit
+      
+      # Desktop menu support
+      kdePackages.plasma-desktop # Contains applications.menu
+      
+      # KDE Online Accounts support
+      kdePackages.kaccounts-integration
+      kdePackages.kaccounts-providers
+      kdePackages.signond
+      
+      # KDE Mapping
+      kdePackages.marble  # Virtual globe and world atlas
+      
+      # KDE Productivity
+      kdePackages.kate        # Advanced text editor with syntax highlighting
+      kdePackages.okular      # Universal document viewer (PDF, ePub, etc.)
+      kdePackages.spectacle   # Screenshot capture utility
+      kdePackages.filelight   # Visual disk usage analyzer
+      
+      # KDE Multimedia
+      kdePackages.gwenview    # Image viewer and basic editor
+      kdePackages.elisa       # Music player
+      
+      # KDE System Utilities  
+      kdePackages.ark         # Archive manager (zip, tar, 7z, etc.)
+      kdePackages.yakuake     # Drop-down terminal emulator
     ];
 
     programs.firefox = {
@@ -40,8 +81,80 @@ in
       enable = true;
     };
 
-    xdg.enable = true;
+    # KDE environment variables for proper integration
+    home.sessionVariables = {
+      QT_QPA_PLATFORMTHEME = "kde";
+      KDE_SESSION_VERSION = "6";
+    };
+
+    xdg = {
+      enable = true;
+      
+      # Ensure desktop files are made available for discovery
+      desktopEntries = {};  # This creates the desktop files directory structure
+      
+      mimeApps = {
+        enable = true;
+        associations.added = {
+          # Ensure associations are properly registered
+          "text/html" = "firefox.desktop";
+          "x-scheme-handler/http" = "firefox.desktop";
+          "x-scheme-handler/https" = "firefox.desktop";
+        };
+        defaultApplications = {
+          # Web browsers
+          "text/html" = "firefox.desktop";
+          "x-scheme-handler/http" = "firefox.desktop";
+          "x-scheme-handler/https" = "firefox.desktop";
+          "x-scheme-handler/about" = "firefox.desktop";
+          "x-scheme-handler/unknown" = "firefox.desktop";
+          
+          # Documents
+          "application/pdf" = "okular.desktop";
+          "text/plain" = "kate.desktop";
+          "text/x-tex" = "kate.desktop";
+          "text/x-c" = "kate.desktop";
+          "text/x-python" = "kate.desktop";
+          "application/x-shellscript" = "kate.desktop";
+          
+          # Images
+          "image/png" = "gwenview.desktop";
+          "image/jpeg" = "gwenview.desktop";
+          "image/jpg" = "gwenview.desktop";
+          "image/gif" = "gwenview.desktop";
+          "image/bmp" = "gwenview.desktop";
+          "image/tiff" = "gwenview.desktop";
+          "image/webp" = "gwenview.desktop";
+          
+          # Archives
+          "application/zip" = "ark.desktop";
+          "application/x-tar" = "ark.desktop";
+          "application/x-compressed-tar" = "ark.desktop";
+          "application/x-7z-compressed" = "ark.desktop";
+          "application/x-rar" = "ark.desktop";
+          
+          # Audio
+          "audio/mpeg" = "elisa.desktop";
+          "audio/mp4" = "elisa.desktop";
+          "audio/flac" = "elisa.desktop";
+          "audio/ogg" = "elisa.desktop";
+          "audio/wav" = "elisa.desktop";
+          
+          # Email
+          "message/rfc822" = "kmail.desktop";
+          "x-scheme-handler/mailto" = "kmail.desktop";
+          
+          # Calendar
+          "text/calendar" = "korganizer.desktop";
+          "application/x-vnd.akonadi.calendar.event" = "korganizer.desktop";
+        };
+      };
+    };
+
+    # Fix for KDE applications.menu file issue on Plasma 6
+    # KDE still looks for applications.menu but Plasma 6 renamed it to plasma-applications.menu
+    xdg.configFile."menus/applications.menu".source = "${pkgs.kdePackages.plasma-workspace}/etc/xdg/menus/plasma-applications.menu";
 
     # Note: modules must be imported at top-level home config
   };
-}
+}

home/roles/development/default.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, customPkgs, globalInputs, system, ... }:
+{ config, lib, pkgs, globalInputs, system, ... }:
 
 with lib;
 
@@ -12,12 +12,15 @@ in
 
   config = mkIf cfg.enable {
     home.packages = [
+      pkgs.unstable.claude-code
+      pkgs.codex
+
       # Custom packages
-      customPkgs.tea-rbw
+      pkgs.custom.tea-rbw
     ];
 
     programs.kubectl-secure.enable = true;
 
     # Note: modules must be imported at top-level home config
   };
-}
+}

home/roles/media/default.nix

@@ -13,9 +13,15 @@ in
   config = mkIf cfg.enable {
     home.packages = with pkgs; [
       # Media players and streaming
-      jellyfin-media-player
+      # Using delfin instead of jellyfin-media-player to avoid qtwebengine security issues
+      # For full Jellyfin features, use web interface at http://jellyfin-server:8096
+      delfin
       moonlight-qt
       vlc
+
+      # Spotify client
+      # Using unstable version for better authentication support
+      unstable.ncspot
     ];
   };
 }

machines/boxy/configuration.nix

@@ -24,7 +24,7 @@ with lib;
     };
     kodi = {
       enable = true;
-      autologin = false;
+      autologin = true;
       wayland = true;
     };
     users.enable = true;

machines/johno-macbookpro/configuration.nix

@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Basic system configuration for macOS work laptop
+  system.stateVersion = 6;
+
+  # Set primary user for nix-darwin
+  system.primaryUser = "johno";
+
+  # System preferences (can be expanded later)
+  system.defaults = {
+    dock.autohide = true;
+    finder.AppleShowAllExtensions = true;
+    NSGlobalDomain.AppleShowAllExtensions = true;
+  };
+
+  # TODO: Find a way to not duplicate this
+  launchd.user.envVariables = {
+    # DOOM Emacs environment variables
+    DOOMDIR = "/Users/johno/.config/doom";
+    DOOMLOCALDIR = "/Users/johno/.local/doom";
+  };
+}

machines/live-usb/configuration.nix

@@ -65,6 +65,8 @@
 
   # Enable NetworkManager for easy wifi setup
   networking.networkmanager.enable = true;
+  # Disable wireless networking (conflicts with NetworkManager)
+  networking.wireless.enable = false;
   
   # Enable SSH daemon for remote access
   services.openssh = {

machines/nix-book/configuration.nix

@@ -21,6 +21,11 @@
     };
     nfs-mounts.enable = true;
     printing.enable = true;
+    remote-build.builders = [{
+      hostName = "zix790prors";
+      maxJobs = 16;
+      speedFactor = 3;
+    }];
     spotifyd.enable = true;
     users = {
       enable = true;
@@ -37,9 +42,6 @@
   networking.hostName = "nix-book"; # Define your hostname.
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
 
-  boot.kernelPackages = pkgs.linuxPackages_latest;
-
-
   # Enable networking
   networking.networkmanager.enable = true;
 

machines/nix-deck/configuration.nix

@@ -0,0 +1,40 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  roles = {
+    audio.enable = true;
+    bluetooth.enable = true;
+    desktop = {
+      enable = true;
+      wayland = true;
+      gaming.enable = true;
+      kde = true;
+      steamos = {
+        enable = true;
+        autoStart = true;
+        desktopSession = "plasma";
+      };
+    };
+    remote-build.builders = [{
+      hostName = "zix790prors";
+      maxJobs = 16;
+      speedFactor = 4;  # Prefer remote heavily on Steam Deck
+    }];
+    users = {
+      enable = true;
+      extraGroups = [ "video" ];
+    };
+  };
+
+  # Bootloader
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "nix-deck";
+  networking.networkmanager.enable = true;
+
+  system.stateVersion = "25.05";
+}

machines/nix-deck/hardware-configuration.nix

@@ -0,0 +1,51 @@
+# Hardware configuration for Steam Deck (nix-deck)
+# Generated from nixos-generate-config on 2025-11-17
+
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  # Steam Deck specific hardware configuration (Jovian)
+  jovian.devices.steamdeck = {
+    enable = true;
+    autoUpdate = false;  # Set to true if you want automatic firmware updates
+  };
+
+  # Kernel modules detected by nixos-generate-config
+  boot.initrd.availableKernelModules = [
+    "nvme"
+    "xhci_pci"
+    "usb_storage"
+    "uas"
+    "usbhid"
+    "sd_mod"
+    "sdhci_pci"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  # IMPORTANT: Update these filesystem configurations based on your actual partition layout
+  # The configuration below is a placeholder - adjust according to how you partitioned the disk
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+  };
+
+  swapDevices = [{
+    device = "/swapfile";
+    size = 8192;  # 8GB swap file
+  }];
+
+  # AMD CPU microcode updates
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

machines/zix790prors/configuration.nix

@@ -19,22 +19,23 @@ with lib;
       enable = true;
       gaming = {
         enable = true;
-        emulation = true;
       };
       kde = true;
       sddm = true;
       wayland = true;
+      x11 = true;
     };
     nfs-mounts.enable = true;
     nvidia.enable = true;
     printing.enable = true;
+    remote-build.enableBuilder = true;
     users.enable = true;
     virtualisation.enable = true;
   };
 
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
-  boot.loader.systemd-boot.configurationLimit = 2; # Reduced to save /boot space (TODO Increase /boot partition size)
+  boot.loader.systemd-boot.configurationLimit = 20;
   boot.loader.efi.canTouchEfiVariables = true;
   boot.loader.timeout = 10;
 
@@ -51,19 +52,15 @@ with lib;
   hardware.graphics.enable = true;
   hardware.graphics.enable32Bit = true;
   
+  # Set DP-0 as primary display with 164.90Hz refresh rate
+  services.xserver.displayManager.sessionCommands = ''
+    ${pkgs.xorg.xrandr}/bin/xrandr --output DP-0 --mode 3440x1440 --rate 164.90 --primary
+  '';
+
   hardware.nvidia = {
-    # Modesetting is required.
     modesetting.enable = true;
-    
-    # Enable the Nvidia settings menu,
-    # accessible via `nvidia-settings`.
     nvidiaSettings = true;
-    
-    # Optionally, you may need to select the appropriate driver version for your specific GPU.
     package = pkgs.linuxPackages.nvidiaPackages.stable;
-    
-    # Use open source kernel modules (recommended for RTX/GTX 16xx and newer)
-    # Set to false if you have an older GPU
     open = true;
     
     # For gaming performance

machines/zix790prors/hardware-configuration.nix

@@ -14,7 +14,7 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/76B0-738E";
+    { device = "/dev/disk/by-uuid/11C1-EB58";
       fsType = "vfat";
       options = [ "fmask=0077" "dmask=0077" ];
     };

packages/app-launcher-server/app-launcher-server.py

@@ -0,0 +1,176 @@
+#!/usr/bin/env python3
+
+import json
+import logging
+import os
+import subprocess
+import sys
+from http.server import BaseHTTPRequestHandler, HTTPServer
+from urllib.parse import urlparse
+import psutil
+
+# Configure logging
+logging.basicConfig(
+    level=logging.INFO,
+    format='%(asctime)s - %(levelname)s - %(message)s'
+)
+logger = logging.getLogger(__name__)
+
+# Allowlisted applications that can be launched
+ALLOWED_APPS = {
+    'firefox': 'firefox',
+    'kodi': 'kodi'
+}
+
+def is_app_running(app_name):
+    """Check if an application is already running, returns (is_running, pid)"""
+    command = ALLOWED_APPS.get(app_name)
+    if not command:
+        return False, None
+
+    logger.debug(f"Looking for processes related to app '{app_name}' (command: '{command}')")
+
+    for proc in psutil.process_iter(['name', 'cmdline', 'pid']):
+        try:
+            proc_name = proc.info['name']
+            cmdline = proc.info['cmdline'] or []
+
+            logger.debug(f"Checking process PID {proc.info['pid']}: name='{proc_name}', cmdline={cmdline}")
+
+            # Check multiple patterns for the application:
+            # 1. Process name exactly matches command
+            # 2. Process name contains the command (e.g., "kodi.bin" contains "kodi")
+            # 3. Command line starts with the command
+            # 4. Command line contains the wrapped version (e.g., ".kodi-wrapped")
+            # 5. Any command line argument ends with the command executable
+
+            matches = False
+            match_reason = ""
+
+            if proc_name == command:
+                matches = True
+                match_reason = f"exact process name match: '{proc_name}'"
+            elif command in proc_name:
+                matches = True
+                match_reason = f"process name contains command: '{proc_name}' contains '{command}'"
+            elif cmdline and cmdline[0] == command:
+                matches = True
+                match_reason = f"exact cmdline match: '{cmdline[0]}'"
+            elif cmdline and cmdline[0].endswith('/' + command):
+                matches = True
+                match_reason = f"cmdline path ends with command: '{cmdline[0]}'"
+            elif cmdline and any(f'.{command}-wrapped' in arg for arg in cmdline):
+                matches = True
+                match_reason = f"wrapped command in cmdline: {cmdline}"
+            elif cmdline and any(f'{command}.bin' in arg for arg in cmdline):
+                matches = True
+                match_reason = f"binary command in cmdline: {cmdline}"
+
+            if matches:
+                logger.info(f"Found running {app_name} process: PID {proc.info['pid']} ({match_reason})")
+                return True, proc.info['pid']
+
+        except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess):
+            continue
+
+    logger.debug(f"No running process found for {app_name}")
+    return False, None
+
+class AppLauncherHandler(BaseHTTPRequestHandler):
+    def log_message(self, format, *args):
+        logger.info(format % args)
+
+    def do_GET(self):
+        if self.path == '/':
+            self.send_response(200)
+            self.send_header('Content-type', 'application/json')
+            self.end_headers()
+            response = {
+                'status': 'running',
+                'available_apps': list(ALLOWED_APPS.keys()),
+                'usage': 'POST /launch/<app_name> to launch an application'
+            }
+            self.wfile.write(json.dumps(response, indent=2).encode())
+        else:
+            self.send_error(404)
+
+    def do_POST(self):
+        parsed_path = urlparse(self.path)
+        path_parts = parsed_path.path.strip('/').split('/')
+
+        if len(path_parts) == 2 and path_parts[0] == 'launch':
+            app_name = path_parts[1]
+            self.launch_app(app_name)
+        else:
+            self.send_error(404, "Invalid endpoint. Use /launch/<app_name>")
+
+    def launch_app(self, app_name):
+        if app_name not in ALLOWED_APPS:
+            self.send_error(400, f"Application '{app_name}' not allowed. Available apps: {list(ALLOWED_APPS.keys())}")
+            return
+
+        command = ALLOWED_APPS[app_name]
+
+        # Check if app is already running
+        is_running, existing_pid = is_app_running(app_name)
+        if is_running:
+            logger.info(f"Application {app_name} is already running (PID: {existing_pid}), skipping launch")
+            self.send_response(200)
+            self.send_header('Content-type', 'application/json')
+            self.end_headers()
+            response = {
+                'status': 'success',
+                'message': f'{app_name} is already running',
+                'pid': existing_pid,
+                'already_running': True
+            }
+            self.wfile.write(json.dumps(response).encode())
+            return
+
+        try:
+            # Launch the application in the background
+            # Ensure we have the proper environment for GUI apps
+            env = os.environ.copy()
+
+            logger.info(f"Launching application: {command}")
+            process = subprocess.Popen(
+                [command],
+                env=env,
+                stdout=subprocess.DEVNULL,
+                stderr=subprocess.DEVNULL,
+                start_new_session=True
+            )
+
+            self.send_response(200)
+            self.send_header('Content-type', 'application/json')
+            self.end_headers()
+            response = {
+                'status': 'success',
+                'message': f'Successfully launched {app_name}',
+                'pid': process.pid,
+                'already_running': False
+            }
+            self.wfile.write(json.dumps(response).encode())
+
+        except FileNotFoundError:
+            logger.error(f"Application not found: {command}")
+            self.send_error(500, f"Application '{app_name}' not found on system")
+        except Exception as e:
+            logger.error(f"Error launching {command}: {e}")
+            self.send_error(500, f"Failed to launch {app_name}: {str(e)}")
+
+def main():
+    port = int(sys.argv[1]) if len(sys.argv) > 1 else 8081
+
+    server = HTTPServer(('0.0.0.0', port), AppLauncherHandler)
+    logger.info(f"App launcher server starting on port {port}")
+    logger.info(f"Available applications: {list(ALLOWED_APPS.keys())}")
+
+    try:
+        server.serve_forever()
+    except KeyboardInterrupt:
+        logger.info("Server shutting down...")
+        server.server_close()
+
+if __name__ == '__main__':
+    main()

packages/app-launcher-server/default.nix

@@ -0,0 +1,10 @@
+{ pkgs }:
+
+let
+  python = pkgs.python3.withPackages (ps: with ps; [
+    psutil
+  ]);
+in
+pkgs.writeShellScriptBin "app-launcher-server" ''
+  exec ${python}/bin/python3 ${./app-launcher-server.py} "$@"
+''

packages/default.nix

@@ -2,4 +2,5 @@
 {
   vulkanHDRLayer = pkgs.callPackage ./vulkan-hdr-layer {};
   tea-rbw = pkgs.callPackage ./tea-rbw {};
+  app-launcher-server = pkgs.callPackage ./app-launcher-server {};
 }

roles/darwin.nix

@@ -0,0 +1,120 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  # Extract the set-environment path that nix-darwin generates
+  setEnvironmentPath = "${config.system.build.setEnvironment}";
+in
+{
+  config = {
+    # Salt manages /etc/bashrc, /etc/zshrc, /etc/zshenv
+    # nix-darwin writes to .local variants for nix-specific configuration
+
+    # Disable nix-darwin from managing the main shell files
+    environment.etc."bashrc".enable = false;
+    environment.etc."zshrc".enable = false;
+    environment.etc."zshenv".enable = false;
+    environment.etc."zprofile".enable = false;
+
+    # Create .local files with nix environment setup
+    environment.etc."bash.local".text = ''
+      # Nix environment setup
+      if [ -z "$__NIX_DARWIN_SET_ENVIRONMENT_DONE" ]; then
+        . ${setEnvironmentPath}
+      fi
+    '';
+
+    environment.etc."zshrc.local".text = ''
+      # Nix environment setup (already done in zshenv.local)
+    '';
+
+    environment.etc."zshenv.local".text = ''
+      # Nix environment setup
+      if [[ -o rcs ]]; then
+        if [ -z "''${__NIX_DARWIN_SET_ENVIRONMENT_DONE-}" ]; then
+          . ${setEnvironmentPath}
+        fi
+
+        # Tell zsh how to find installed completions
+        for p in ''${(z)NIX_PROFILES}; do
+          fpath=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions $fpath)
+        done
+      fi
+    '';
+
+    time.timeZone = "America/Los_Angeles";
+
+    # System preferences
+    system.defaults = {
+      # Custom keyboard shortcuts
+      CustomUserPreferences = {
+        "com.apple.symbolichotkeys" = {
+          AppleSymbolicHotKeys = {
+            # Screenshot - Capture entire screen (Cmd+Ctrl+3)
+            "28" = {
+              enabled = true;
+              value = {
+                parameters = [ 51 20 1310720 ];
+                type = "standard";
+              };
+            };
+            # Screenshot - Capture selected portion (Cmd+Ctrl+4)
+            "30" = {
+              enabled = true;
+              value = {
+                parameters = [ 52 21 1310720 ];
+                type = "standard";
+              };
+            };
+            # Screenshot - Show screenshot toolbar (Cmd+Ctrl+5)
+            "184" = {
+              enabled = true;
+              value = {
+                parameters = [ 53 23 1310720 ];
+                type = "standard";
+              };
+            };
+          };
+        };
+      };
+    };
+
+    environment.systemPackages = with pkgs; [
+      git
+      glances
+      pciutils
+      tree
+      usbutils
+      vim
+    ];
+
+    nix = {
+      package = pkgs.nix;
+      # distributedBuilds = true;
+      # buildMachines = [{
+      #   hostName = "z790prors.oglehome";
+      #   system = "x86_64-linux";
+      #   protocol = "ssh-ng";
+      #   sshUser = "johno";
+      #   sshKey = "/root/.ssh/id_ed25519";
+      #   maxJobs = 3;
+      #   speedFactor = 2;
+      # }];
+      settings = {
+        experimental-features = [ "nix-command" "flakes" ];
+        max-jobs = "auto";
+        trusted-users = [ "johno" ];
+        substituters = [
+        ];
+      };
+
+      gc = {
+        automatic = true;
+        options = "--delete-older-than 10d";
+      };
+    };
+
+    nixpkgs.config.allowUnfree = true;
+  };
+}

roles/default.nix

@@ -12,6 +12,7 @@ with lib;
     ./nfs-mounts
     ./nvidia
     ./printing
+    ./remote-build
     ./spotifyd
     ./users
     ./virtualisation

roles/desktop/default.nix

@@ -11,7 +11,6 @@ with lib;
     kde = mkOption { type = types.bool; default = false; description = "Enable KDE."; };
     gaming = {
       enable = mkOption { type = types.bool; default = false; description = "Enable gaming support."; };
-      emulation = mkOption { type = types.bool; default = false; description = "Enable emulation support."; };
     };
     sddm = mkOption { type = types.bool; default = false; description = "Enable SDDM greeter."; };
   };
@@ -23,5 +22,6 @@ with lib;
     ./kde.nix
     ./programs.nix
     ./sddm.nix
+    ./steamos.nix
   ];
 }

roles/desktop/gaming.nix

@@ -12,15 +12,20 @@ in
         steam
         lutris
         moonlight
-      ];
 
-      # Possibly other gaming specific services or settings
-    })
-
-    (mkIf (cfg.enable && cfg.gaming.emulation) {
-      environment.systemPackages = with pkgs; [
-        ryubing
+        # Emulators
         dolphin-emu
+        dolphin-emu-primehack
+        retroarch-full
+        ryubing
+      ];
+      # TODO: Remove me once dolphin-emu and dolphin-emu-primehack update
+      #       dependencies to mbedtls from mbedtls_2 (which is currently)
+      #       unmaintained
+      nixpkgs.config.permittedInsecurePackages = [ "mbedtls-2.28.10" ];
+
+      warnings = [
+        "Using insecure mbedtls-2.28.10 for Dolphin Emu - check for updates regularly"
       ];
     })
   ];

roles/desktop/programs.nix

@@ -16,5 +16,22 @@ in
     programs.dconf.enable = true;
     services.gnome.gnome-keyring.enable = true;
     programs.kdeconnect.enable = true;
+
+    # XDG Desktop Portal for default application handling in non-KDE environments
+    xdg.portal = {
+      enable = true;
+      extraPortals = with pkgs; [
+        kdePackages.xdg-desktop-portal-kde  # For KDE application integration
+        xdg-desktop-portal-gtk  # Fallback for GTK applications
+      ];
+      config = {
+        common = {
+          default = "kde";
+        };
+        i3 = {
+          default = ["kde" "gtk"];
+        };
+      };
+    };
   };
 }

roles/desktop/steamos.nix

@@ -0,0 +1,51 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.desktop;
+in
+{
+  options.roles.desktop.steamos = {
+    enable = mkEnableOption "SteamOS (Jovian) configuration";
+
+    autoStart = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Automatically start Steam Deck UI on boot";
+    };
+
+    user = mkOption {
+      type = types.str;
+      default = "johno";
+      description = "User to run Steam as";
+    };
+
+    desktopSession = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      description = "Desktop session to launch when switching to Desktop Mode";
+    };
+
+    enableDeckyLoader = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Enable Decky Loader plugin system";
+    };
+  };
+
+  config = mkIf (cfg.enable && cfg.steamos.enable) {
+    jovian.steam = {
+      enable = true;
+      autoStart = cfg.steamos.autoStart;
+      user = cfg.steamos.user;
+      desktopSession = cfg.steamos.desktopSession;
+    };
+
+    jovian.decky-loader.enable = cfg.steamos.enableDeckyLoader;
+
+    environment.systemPackages = with pkgs; [
+      maliit-keyboard
+    ];
+  };
+}

roles/desktop/x11.nix

@@ -12,8 +12,27 @@ in
 
       windowManager.i3 = {
         enable = true;
-        extraPackages = with pkgs; [ dmenu i3status i3lock ];
+        extraPackages = with pkgs; [
+          dmenu
+          i3status
+          i3lock
+          polkit_gnome                    # GNOME polkit authentication agent (more stable with i3)
+          picom                           # Compositor for smooth rendering (important for Nvidia)
+          networkmanagerapplet            # NetworkManager system tray applet
+          ddcutil                         # DDC/CI monitor control for brightness
+        ];
       };
     };
+
+    # Enable DDC/CI support for monitor brightness control
+    boot.kernelModules = [ "i2c-dev" ];
+
+    # Add ddcutil udev rules and user permissions
+    hardware.i2c.enable = true;
+
+    # Install ddcutil system-wide
+    environment.systemPackages = with pkgs; [
+      ddcutil
+    ];
   };
 }

roles/jovian-compat.nix

@@ -0,0 +1,64 @@
+{ lib, config, ... }:
+
+# Minimal Jovian compatibility layer for NixOS stable (25.05)
+# Defines only the Jovian options used by roles/desktop/steamos.nix
+# No actual implementation - just option definitions to prevent evaluation errors
+# REMOVE THIS FILE when all systems are on NixOS 25.11+ or unstable
+
+with lib;
+
+let
+  nixosVersion = config.system.nixos.release;
+  isCompatibleVersion = versionOlder nixosVersion "25.11";
+in
+{
+  options.jovian = {
+    steam = {
+      enable = mkEnableOption "Steam (jovian-compat stub)";
+
+      autoStart = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Auto-start Steam (jovian-compat stub)";
+      };
+
+      user = mkOption {
+        type = types.str;
+        default = "user";
+        description = "Steam user (jovian-compat stub)";
+      };
+
+      desktopSession = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = "Desktop session (jovian-compat stub)";
+      };
+    };
+
+    decky-loader = {
+      enable = mkEnableOption "Decky Loader (jovian-compat stub)";
+    };
+  };
+
+  config = mkMerge [
+    {
+      assertions = [
+        {
+          assertion = isCompatibleVersion;
+          message = ''
+            The Jovian compatibility shim (roles/jovian-compat.nix) is only needed for NixOS 25.05 and earlier.
+            You are running NixOS ${nixosVersion}.
+            Please remove 'roles/jovian-compat.nix' from your flake.nix nixosModules list.
+          '';
+        }
+      ];
+    }
+    # No config implementation - these options do nothing on stable systems
+    # steamos role is only enabled on nix-deck which uses unstable anyway
+    (mkIf config.jovian.steam.enable {
+      warnings = [
+        "Jovian is enabled but you're using the compatibility stub. This won't work correctly. Use NixOS unstable for Jovian support."
+      ];
+    })
+  ];
+}

roles/kodi/default.nix

@@ -14,6 +14,18 @@ in
     wayland = mkOption {
       default = true;
     };
+    appLauncherServer = {
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Enable HTTP app launcher server for remote control";
+      };
+      port = mkOption {
+        type = types.int;
+        default = 8081;
+        description = "Port for the app launcher HTTP server";
+      };
+    };
   };
 
 
@@ -33,24 +45,39 @@ in
       };
 
       networking.firewall = {
-        allowedTCPPorts = [ 8080 ];
+        allowedTCPPorts = [ 8080 ] ++ optional cfg.appLauncherServer.enable cfg.appLauncherServer.port;
         allowedUDPPorts = [ 8080 ];
       };
 
       environment.systemPackages = with pkgs; [
         kodiPkg
         wget
-      ];
+        firefox
+      ] ++ optional cfg.appLauncherServer.enable pkgs.custom.app-launcher-server;
 
       programs.kdeconnect.enable = true;
 
-      services = if cfg.autologin then {
-          displayManager = {
-            autoLogin.enable = true;
-            autoLogin.user = "kodi";
-            defaultSession = "kodi";
-            sessionData.autologinSession = "plasma";
+      systemd.user.services = mkIf cfg.appLauncherServer.enable {
+        app-launcher-server = {
+          description = "HTTP App Launcher Server";
+          wantedBy = [ "graphical-session.target" ];
+          after = [ "graphical-session.target" ];
+          serviceConfig = {
+            Type = "simple";
+            ExecStart = "${pkgs.custom.app-launcher-server}/bin/app-launcher-server ${toString cfg.appLauncherServer.port}";
+            Restart = "always";
+            RestartSec = "5s";
+            Environment = [
+              "PATH=${pkgs.firefox}/bin:${kodiPkg}/bin:/run/current-system/sw/bin"
+            ];
           };
-      } else {};
+        };
+      };
+
+      services.displayManager = mkIf cfg.autologin {
+        autoLogin.enable = true;
+        autoLogin.user = "kodi";
+        defaultSession = "plasma";
+      };
     };
 }

roles/printing/default.nix

@@ -26,5 +26,11 @@ in
         model = "everywhere";
       }];
       hardware.printers.ensureDefaultPrinter = "MFC-L8900CDW_series";
+
+      # Fix ensure-printers service to wait for network availability
+      systemd.services.ensure-printers = {
+        after = [ "cups.service" "network-online.target" ];
+        wants = [ "cups.service" "network-online.target" ];
+      };
     };
 }

roles/remote-build/default.nix

@@ -0,0 +1,132 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.remote-build;
+in
+{
+  options.roles.remote-build = {
+    enableBuilder = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable this machine as a remote build host for other machines";
+    };
+
+    builderUser = mkOption {
+      type = types.str;
+      default = "nix-builder";
+      description = "User account for remote builders to connect as";
+    };
+
+    builders = mkOption {
+      type = types.listOf (types.submodule {
+        options = {
+          hostName = mkOption {
+            type = types.str;
+            description = "Hostname or IP address of the build machine";
+          };
+
+          systems = mkOption {
+            type = types.listOf types.str;
+            default = [ "x86_64-linux" ];
+            description = "Supported systems";
+          };
+
+          maxJobs = mkOption {
+            type = types.int;
+            default = 8;
+            description = "Maximum number of parallel build jobs";
+          };
+
+          speedFactor = mkOption {
+            type = types.int;
+            default = 2;
+            description = "Speed factor compared to local building (higher = prefer remote)";
+          };
+
+          supportedFeatures = mkOption {
+            type = types.listOf types.str;
+            default = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
+            description = "Supported build features";
+          };
+
+          sshUser = mkOption {
+            type = types.str;
+            default = "nix-builder";
+            description = "SSH user for connecting to the builder";
+          };
+
+          sshKey = mkOption {
+            type = types.nullOr types.path;
+            default = null;
+            description = "Path to SSH private key for authentication";
+          };
+        };
+      });
+      default = [];
+      description = "List of remote build machines to use";
+    };
+
+    fallbackToLocalBuild = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Fallback to local building if remote builders are unavailable";
+    };
+  };
+
+  config = mkMerge [
+    # Builder host configuration
+    (mkIf cfg.enableBuilder {
+      # Create dedicated builder user
+      users.users.${cfg.builderUser} = {
+        isSystemUser = true;
+        group = cfg.builderUser;
+        description = "Nix remote build user";
+        home = "/var/lib/${cfg.builderUser}";
+        createHome = true;
+        shell = pkgs.bashInteractive;
+        openssh.authorizedKeys.keyFiles = [];  # Will be populated by client machines
+      };
+
+      users.groups.${cfg.builderUser} = {};
+
+      # Ensure home directory has correct permissions
+      systemd.tmpfiles.rules = [
+        "d /var/lib/${cfg.builderUser} 0700 ${cfg.builderUser} ${cfg.builderUser} -"
+      ];
+
+      # Allow builder user to perform builds
+      nix.settings.trusted-users = [ cfg.builderUser ];
+
+      # Allow remote builds
+      services.openssh.enable = true;
+
+      # Ensure nix-daemon is accessible
+      nix.settings.allowed-users = [ "*" ];
+    })
+
+    # Client configuration (machines using remote builders)
+    (mkIf (cfg.builders != []) {
+      nix.buildMachines = map (builder: {
+        hostName = builder.hostName;
+        systems = builder.systems;
+        maxJobs = builder.maxJobs;
+        speedFactor = builder.speedFactor;
+        supportedFeatures = builder.supportedFeatures;
+        sshUser = builder.sshUser;
+        sshKey = builder.sshKey;
+      }) cfg.builders;
+
+      nix.distributedBuilds = true;
+
+      # Use substitutes from remote builders
+      nix.extraOptions = ''
+        builders-use-substitutes = true
+      '';
+
+      # Fallback to local build if remote unavailable
+      nix.settings.fallback = cfg.fallbackToLocalBuild;
+    })
+  ];
+}