Attempt to fix custom package format

This is potentially temporary. But jellyfin-media-player has been
flagged as having a security problem by using an old version of
qtwebengine. So we'll maybe find time to try out delfin or maybe just
wait until the security issue gets fixed or maybe just use the web
browser. We have options

CLAUDE.md

@@ -10,7 +10,7 @@ This is a NixOS configuration repository using flakes, managing multiple machine
 
 ### Flake Structure
 - **flake.nix**: Main entry point defining inputs (nixpkgs, home-manager, plasma-manager, etc.) and outputs for multiple NixOS configurations
-- **Machines**: `nix-book`, `boxy`, `wixos` (WSL configuration)
+- **Machines**: `nix-book`, `boxy`, `wixos` (WSL configuration), `zix790prors`, `live-usb`, `johno-macbookpro` (Darwin/macOS)
 - **Home configurations**: Standalone home-manager configuration for user `johno`
 
 ### Directory Structure
@@ -28,6 +28,12 @@ The repository uses a custom "roles" system where each role is a NixOS module wi
 - `roles.users`: User account management
 - `roles.virtualisation`: Virtualization setup
 - `roles.kodi`: Kodi media center
+- `roles.nvidia`: NVIDIA GPU configuration
+- `roles.printing`: Printing support (CUPS)
+- `roles.spotifyd`: Spotify daemon
+- `roles.btrfs`: Btrfs filesystem configuration
+- `roles.nfs-mounts`: NFS mount configuration
+- `roles.darwin`: macOS-specific configurations
 
 Example role usage in machine configuration:
 ```nix
@@ -60,8 +66,9 @@ The repository also uses a modular home-manager role system for user-space confi
 **Role-Based Home Configurations:**
 - `home-desktop.nix`: Full-featured desktop for development workstations
 - `home-media-center.nix`: Living room media consumption and gaming setup (boxy)
-- `home-laptop-compact.nix`: Essential tools only, excludes office/media for storage constraints (nix-book)  
+- `home-laptop-compact.nix`: Essential tools only, excludes office/media for storage constraints (nix-book)
 - `home-live-usb.nix`: Minimal setup for live environments, no persistent services
+- `home-darwin-work.nix`: macOS work laptop configuration
 
 **Machine-Specific Role Usage:**
 - **nix-book**: Compact laptop → excludes office/media roles due to SSD space constraints
@@ -69,10 +76,13 @@ The repository also uses a modular home-manager role system for user-space confi
 - **zix790prors**: All-purpose workstation → full desktop experience with all roles enabled
 - **wixos**: WSL2 development → full desktop experience, inherits from zix790prors Windows host
 - **live-usb**: Temporary environment → only base + desktop roles, no persistent services
+- **johno-macbookpro**: macOS work laptop → Darwin-specific configuration with development tools
 
 ## Common Commands
 
 ### Building and Switching Configurations
+
+**NixOS (Linux):**
 ```bash
 # Build and switch to a specific machine configuration
 sudo nixos-rebuild switch --flake .#<hostname>
@@ -84,12 +94,22 @@ nixos-rebuild build --flake .#<hostname>
 home-manager switch --flake .#johno
 ```
 
+**Darwin (macOS):**
+```bash
+# Build and switch to Darwin configuration
+darwin-rebuild switch --flake .#johno-macbookpro
+
+# Build without switching
+darwin-rebuild build --flake .#johno-macbookpro
+```
+
 ### Available Machine Configurations
 - `nix-book`: Compact laptop with storage constraints, uses `home/home-laptop-compact.nix`
 - `boxy`: Shared living room media center/gaming desktop with AMD GPU, uses `home/home-media-center.nix`
 - `zix790prors`: Powerful all-purpose workstation (gaming, 3D modeling, development), dual-boots Windows 11 with shared btrfs /games partition, uses `home/home-desktop.nix`
 - `wixos`: WSL2 development environment running in Windows partition of zix790prors, uses `home/home-desktop.nix`
 - `live-usb`: Bootable ISO configuration, uses `home/home-live-usb.nix`
+- `johno-macbookpro`: macOS work laptop, uses `home/home-darwin-work.nix`
 
 ### Flake Operations
 ```bash
@@ -110,14 +130,28 @@ sudo ./bootstrap.sh <hostname>
 ```
 This script pulls from the remote git repository and applies the configuration.
 
+### Build Live USB ISO
+Use the provided script to build a bootable ISO:
+```bash
+./build-liveusb.sh
+```
+Creates an ISO suitable for Ventoy and other USB boot tools in `./result/iso/`.
+
 ## Development Workflow
 
 ### Adding New Machines
+
+**NixOS:**
 1. Create new directory in `machines/<hostname>/`
 2. Add `configuration.nix` with role assignments
 3. Include hardware-configuration.nix (generated by nixos-generate-config)
 4. Add nixosConfiguration to flake.nix outputs
 
+**Darwin (macOS):**
+1. Create new directory in `machines/<hostname>/`
+2. Add `configuration.nix` with Darwin role assignments
+3. Add darwinConfiguration to flake.nix outputs
+
 ### Adding New Roles
 1. Create directory in `roles/<role-name>/`
 2. Create `default.nix` with module definition using mkEnableOption
@@ -136,4 +170,8 @@ This script pulls from the remote git repository and applies the configuration.
 - **Locale**: en_US.UTF-8, America/Los_Angeles timezone
 - **SSH**: OpenSSH enabled on all configurations
 - **Garbage collection**: Automatic, deletes older than 10 days
-- **Unfree packages**: Allowed globally
+- **Unfree packages**: Allowed globally
+
+## Important Notes
+
+- **Sudo access**: Claude Code does not have sudo access. Ask the user to run elevated commands like `sudo nixos-rebuild switch`

flake.lock

@@ -43,11 +43,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755914636,
+        "lastModified": 1759172751,
-        "narHash": "sha256-VJ+Gm6YsHlPfUCpmRQxvdiZW7H3YPSrdVOewQHAhZN8=",
+        "narHash": "sha256-E8W8sRXfrvkFW26GuuiWq6QfReU7m5+cngwHuRo/3jc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "8b55a6ac58b678199e5bba701aaff69e2b3281c0",
+        "rev": "12fa8548feefa9a10266ba65152fd1a787cdde8f",
         "type": "github"
       },
       "original": {
@@ -56,17 +56,37 @@
         "type": "github"
       }
     },
+    "nix-darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1758805352,
+        "narHash": "sha256-BHdc43Lkayd+72W/NXRKHzX5AZ+28F3xaUs3a88/Uew=",
+        "owner": "nix-darwin",
+        "repo": "nix-darwin",
+        "rev": "c48e963a5558eb1c3827d59d21c5193622a1477c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-darwin",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "nixos-wsl": {
       "inputs": {
         "flake-compat": "flake-compat",
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1755261305,
+        "lastModified": 1758785683,
-        "narHash": "sha256-EOqCupB5X5WoGVHVcfOZcqy0SbKWNuY3kq+lj1wHdu8=",
+        "narHash": "sha256-mRn51IeEBXeNh5a6xNLylk4PKBX0s/QQxgkEbYoPq/w=",
         "owner": "nix-community",
         "repo": "NixOS-WSL",
-        "rev": "203a7b463f307c60026136dd1191d9001c43457f",
+        "rev": "1bfb978f2f6261b6086e04af17f9418e1fe36d70",
         "type": "github"
       },
       "original": {
@@ -78,11 +98,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1754725699,
+        "lastModified": 1758277210,
-        "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=",
+        "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054",
+        "rev": "8eaee110344796db060382e15d3af0a9fc396e0e",
         "type": "github"
       },
       "original": {
@@ -94,11 +114,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1755615617,
+        "lastModified": 1759036355,
-        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
+        "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
+        "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127",
         "type": "github"
       },
       "original": {
@@ -118,11 +138,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754501628,
+        "lastModified": 1759157415,
-        "narHash": "sha256-FExJ54tVB5iu7Dh2tLcyCSWpaV+lmUzzWKZUkemwXvo=",
+        "narHash": "sha256-Fg8cOnVoIe0uQ38UpR6XZzRCwDsjjozVwfevW9yCLI0=",
         "owner": "nix-community",
         "repo": "plasma-manager",
-        "rev": "cca090f8115c4172b9aef6c5299ae784bdd5e133",
+        "rev": "df5b3e6da631f732c26c6044c7cccb8706b4f479",
         "type": "github"
       },
       "original": {
@@ -135,6 +155,7 @@
       "inputs": {
         "google-cookie-retrieval": "google-cookie-retrieval",
         "home-manager": "home-manager",
+        "nix-darwin": "nix-darwin",
         "nixos-wsl": "nixos-wsl",
         "nixpkgs": "nixpkgs_2",
         "plasma-manager": "plasma-manager"

flake.nix

@@ -4,6 +4,11 @@
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     nixos-wsl.url = "github:nix-community/NixOS-WSL/main";
+    
+    nix-darwin = {
+      url = "github:nix-darwin/nix-darwin";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
 
     home-manager = {
       url = "github:nix-community/home-manager";
@@ -23,8 +28,9 @@
   };
 
   outputs = { self, nixpkgs, nixos-wsl, ... } @ inputs: let
-    baseModules = [
+    nixosModules = [
       ./roles
+    ] ++ [
       inputs.home-manager.nixosModules.home-manager
       {
         home-manager.useGlobalPkgs = true;
@@ -37,10 +43,23 @@
         };
       }
     ];
+    darwinModules = [
+      ./roles/darwin.nix
+    ] ++ [
+      inputs.home-manager.darwinModules.home-manager
+      {
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.extraSpecialArgs = {
+          globalInputs = inputs;
+        };
+      }
+    ];
+
   in {
     nixosConfigurations.nix-book = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/nix-book/configuration.nix
         {
           home-manager.users.johno = {
@@ -57,7 +76,7 @@
 
     nixosConfigurations.boxy = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/boxy/configuration.nix
         inputs.home-manager.nixosModules.home-manager
         {
@@ -69,7 +88,7 @@
 
     nixosConfigurations.wixos = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         nixos-wsl.nixosModules.default
         ./machines/wixos/configuration.nix
         inputs.home-manager.nixosModules.home-manager
@@ -82,7 +101,7 @@
 
     nixosConfigurations.zix790prors = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/zix790prors/configuration.nix
         inputs.home-manager.nixosModules.home-manager
         {
@@ -95,7 +114,7 @@
     # Live USB ISO configuration
     nixosConfigurations.live-usb = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/live-usb/configuration.nix
         {
           home-manager.users.nixos = import ./home/home-live-usb.nix;
@@ -104,42 +123,16 @@
       ];
     };
 
-    # Standalone home-manager configurations for non-NixOS systems
+    # Darwin/macOS configurations
-    homeConfigurations."johno@desktop" = inputs.home-manager.lib.homeManagerConfiguration {
+    darwinConfigurations."blkfv4yf49kt7" = inputs.nix-darwin.lib.darwinSystem rec {
-      pkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
+      system = "aarch64-darwin";
-      modules = [
+      modules = darwinModules ++ [
-        inputs.plasma-manager.homeManagerModules.plasma-manager
+        ./machines/johno-macbookpro/configuration.nix
-        ./home/home-desktop.nix
+        {
+          home-manager.users.johno = import ./home/home-darwin-work.nix;
+          home-manager.extraSpecialArgs = { inherit system; };
+        }
       ];
-      extraSpecialArgs = {
-        system = "x86_64-linux";
-        globalInputs = inputs;
-      };
-    };
-
-    homeConfigurations."johno@laptop-compact" = inputs.home-manager.lib.homeManagerConfiguration {
-      pkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
-      modules = [
-        inputs.plasma-manager.homeManagerModules.plasma-manager
-        ./home/home-laptop-compact.nix
-      ];
-      extraSpecialArgs = {
-        system = "x86_64-linux";
-        globalInputs = inputs;
-      };
-    };
-
-    # Legacy configuration for backward compatibility
-    homeConfigurations."johno" = inputs.home-manager.lib.homeManagerConfiguration {
-      pkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
-      modules = [
-        inputs.plasma-manager.homeManagerModules.plasma-manager
-        ./home/home-desktop.nix
-      ];
-      extraSpecialArgs = {
-        system = "x86_64-linux";
-        globalInputs = inputs;
-      };
     };
   };
 }

home/home-darwin-work.nix

@@ -0,0 +1,56 @@
+{ config, lib, pkgs, globalInputs, system, ... }:
+
+let
+  customPkgs = pkgs.callPackage ../packages {};
+in
+{
+  # Provide arguments to role modules
+  _module.args = { inherit customPkgs; };
+  # Home Manager configuration for Darwin work laptop
+  # Corporate-friendly setup with essential development tools
+
+  home.username = lib.mkForce "johno";
+  home.homeDirectory = lib.mkForce "/Users/johno";
+  home.stateVersion = "24.05";
+
+  # Override Darwin-incompatible settings from base role
+  programs.rbw.settings.pinentry = lib.mkForce pkgs.pinentry_mac;
+
+  programs.bash.initExtra = ''
+    export NODE_EXTRA_CA_CERTS=/opt/homebrew/etc/ca-certificates/cert.pem
+    export COREPACK_NPM_REGISTRY=https://global.block-artifacts.com/artifactory/api/npm/square-npm/
+    export COREPACK_INTEGRITY_KEYS=0
+
+    export NVM_DIR="$HOME/.nvm"
+    [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
+    [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
+  '';
+
+  programs.zsh.enable = true;
+  programs.zsh.initContent = ''
+    export NODE_EXTRA_CA_CERTS=/opt/homebrew/etc/ca-certificates/cert.pem
+    export COREPACK_NPM_REGISTRY=https://global.block-artifacts.com/artifactory/api/npm/square-npm/
+    export COREPACK_INTEGRITY_KEYS=0
+    export NVM_DIR="$HOME/.nvm"
+    [ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" # This loads nvm
+    [ -s "$NVM_DIR/bash_completion" ] && . "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
+  '';
+
+  # Keep SSH and Git disabled to avoid conflicts with work environment
+  programs.ssh.enable = lib.mkForce false;
+  programs.git.enable = lib.mkForce false;
+  programs.rbw.enable = lib.mkForce false;
+
+  home.shell.enableShellIntegration = true;
+
+  home.roles = {
+    base.enable = true;
+  };
+
+  imports = [
+    ./roles
+    ./modules/emacs
+    ./modules/kubectl
+    ./modules/tmux
+  ];
+}

home/home-laptop-compact.nix

@@ -19,10 +19,10 @@ in
     desktop.enable = true;
     development.enable = true;
     communication.enable = true;
-    sync.enable = true;
     kdeconnect.enable = true;
+    media.enable = true;
+    sync.enable = true;
     # office.enable = false;  # Excluded for storage constraints
-    # media.enable = false;   # Excluded for storage constraints  
   };
 
   targets.genericLinux.enable = true;
@@ -38,4 +38,4 @@ in
     ./modules/tmux
   ];
 
-}
+}

home/modules/emacs/default.nix

@@ -9,20 +9,28 @@ let
     rev = "8f55404781edacf66fa330205533b002de3fb5ee";
     sha256 = "sha256-vHwgENjip2+AFzs4oZfnKEAJKwf5Zid7fakImvxxQUw=";
   };
+
+  # Shared emacs packages
+  emacsPackages = epkgs: [
+    epkgs.vterm
+    epkgs.treesit-grammars.with-all-grammars
+  ];
+
+  # Default emacs configuration with vterm support
+  defaultEmacsPackage = 
+    if pkgs.stdenv.isDarwin 
+    then pkgs.emacs-macport.pkgs.withPackages emacsPackages
+    else pkgs.emacs.pkgs.withPackages emacsPackages;
 in
 {
   config = {
     home.packages = [
-      (pkgs.emacs.pkgs.withPackages (epkgs: [
-        epkgs.vterm
-      ]))
-
       pkgs.emacs-all-the-icons-fonts
       pkgs.fira-code
       pkgs.fontconfig
       pkgs.graphviz
       pkgs.isort
-      pkgs.libvterm # native vterm library
+      #pkgs.libvterm # native vterm library
       pkgs.nerd-fonts.fira-code
       pkgs.nerd-fonts.droid-sans-mono
       pkgs.nil # nix lsp language server
@@ -33,9 +41,18 @@ in
       pkgs.python3
     ];
 
+    programs.emacs = {
+      enable = true;
+      package = defaultEmacsPackage;
+    };
+
     fonts.fontconfig.enable = true;
 
-    home.file."${config.xdg.configHome}/emacs".source = doomEmacs;
+    # Mount emacs and tree-sitter grammars from nix store
+    home.file = {
+      "${config.xdg.configHome}/emacs".source = doomEmacs;
+    };
+
     home.sessionPath = [
       "${config.xdg.configHome}/emacs/bin"
     ];
@@ -45,11 +62,11 @@ in
       DOOMLOCALDIR = "${config.xdg.dataHome}/doom";
     };
 
+    # TODO: Use mkOutOfStoreSymlink instead?
     home.activation.doomConfig = lib.hm.dag.entryAfter ["writeBoundary"] ''
-      if [ ! -L "${config.xdg.configHome}/doom" ]; then
+      # Always remove and recreate the symlink to ensure it points to the source directory
-        rm -rf "${config.xdg.configHome}/doom"
+      rm -rf "${config.xdg.configHome}/doom"
-        ln -sf "${./doom}" "${config.xdg.configHome}/doom"
+      ln -sf "${config.home.homeDirectory}/nixos-configs/home/modules/emacs/doom" "${config.xdg.configHome}/doom"
-      fi
     '';
   };
 }

home/modules/emacs/doom/config.el

@@ -30,10 +30,20 @@
 ;; wasn't installed correctly. Font issues are rarely Doom issues!
 (setq doom-font (font-spec :family "Fira Code"))
 
+;; Auto-install nerd-icons fonts if they're missing
+(defun my/ensure-nerd-icons-fonts ()
+  "Check if nerd-icons fonts are installed and install them if missing."
+  (when (display-graphic-p)
+    (unless (find-font (font-spec :name "Symbols Nerd Font Mono"))
+      (when (fboundp 'nerd-icons-install-fonts)
+        (nerd-icons-install-fonts t)))))
+
+(add-hook 'doom-init-ui-hook #'my/ensure-nerd-icons-fonts)
+
 ;; There are two ways to load a theme. Both assume the theme is installed and
 ;; available. You can either set `doom-theme' or manually load a theme with the
 ;; `load-theme' function. This is the default:
-(setq doom-theme 'doom-one)
+(setq doom-theme 'doom-tokyo-night)
 
 ;; This determines the style of line numbers in effect. If set to `nil', line
 ;; numbers are disabled. For relative line numbers, set this to `relative'.
@@ -44,6 +54,7 @@
 (setq org-directory "~/org/")
 (after! org
   (setq org-agenda-span 'week
+        org-agenda-start-with-log-mode t
         my-agenda-dirs '("projects" "roam")
         org-agenda-files (cons org-directory (mapcan (lambda (x) (directory-files-recursively
                                                                   (expand-file-name x org-directory)
@@ -62,6 +73,13 @@
           '(("t" "Todo" entry (file+headline "~/org/todo.org" "Inbox")
              "* TODO %? \n %i \n%a" :prepend t))))
 
+(map! :after org-agenda
+      :map org-agenda-mode-map
+      :localleader
+      (:prefix ("v" . "view")
+       "d" #'org-agenda-day-view
+       "w" #'org-agenda-week-view))
+
 ;; (use-package! org-caldav
 ;;   :defer t
 ;;   :config

home/modules/emacs/doom/init.el

@@ -33,7 +33,7 @@
        doom              ; what makes DOOM look the way it does
        doom-dashboard    ; a nifty splash screen for Emacs
        ;;doom-quit         ; DOOM quit-message prompts when you quit Emacs
-       (emoji +unicode)  ; 🙂
+       ;;(emoji +unicode)  ; 🙂
        hl-todo           ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
        ;;indent-guides     ; highlighted indent columns
        ;;ligatures         ; ligatures and symbols to make your code pretty again

home/modules/plasma-manager/default.nix

@@ -52,26 +52,47 @@
         "Window Operations Menu" = "Alt+F3";
         "Window Resize" = "Meta+R,,Resize Window";
 
-        "Overview" = "Meta+W";
+        "Overview" = "Meta+Ctrl+W";
         "Grid View" = "Meta+G";
         "Edit Tiles" = "Meta+T";
 
         "Activate Window Demanding Attention" = "Meta+Ctrl+A";
 
-        "Show Desktop" = "Meta+D";
+        "Show Desktop" = "Meta+Ctrl+D";
 
         "Walk Through Windows" = "Alt+Tab";
         "Walk Through Windows (Reverse)" = "Alt+Shift+Tab";
         "Walk Through Windows of Current Application" = "Alt+`";
         "Walk Through Windows of Current Application (Reverse)" = "Alt+~";
-        "Window Fullscreen" = "Meta+Shift+F,,Make Window Fullscreen";
 
         "Window Quick Tile Bottom" = "Meta+Down";
         "Window Quick Tile Left" = "Meta+Left";
         "Window Quick Tile Right" = "Meta+Right";
         "Window Quick Tile Top" = "Meta+Up";
 
-        "view_actual_size" = "Meta+0";
+        "Switch to Desktop 1" = "Meta+1";
+        "Switch to Desktop 2" = "Meta+2";
+        "Switch to Desktop 3" = "Meta+3";
+        "Switch to Desktop 4" = "Meta+4";
+        "Switch to Desktop 5" = "Meta+5";
+        "Switch to Desktop 6" = "Meta+6";
+        "Switch to Desktop 7" = "Meta+7";
+        "Switch to Desktop 8" = "Meta+8";
+        "Switch to Desktop 9" = "Meta+9";
+        "Switch to Desktop 10" = "Meta+0";
+        
+        "Window to Desktop 1" = "Meta+!";    # Meta+Shift+1
+        "Window to Desktop 2" = "Meta+@";    # Meta+Shift+2
+        "Window to Desktop 3" = "Meta+#";    # Meta+Shift+3
+        "Window to Desktop 4" = "Meta+$";    # Meta+Shift+4
+        "Window to Desktop 5" = "Meta+%";    # Meta+Shift+5
+        "Window to Desktop 6" = "Meta+^";    # Meta+Shift+6
+        "Window to Desktop 7" = "Meta+&";    # Meta+Shift+7
+        "Window to Desktop 8" = "Meta+*";    # Meta+Shift+8
+        "Window to Desktop 9" = "Meta+(";    # Meta+Shift+9
+        "Window to Desktop 10" = "Meta+)";   # Meta+Shift+0
+
+        "view_actual_size" = "Meta+Ctrl+=";
         "view_zoom_in" = ["Meta++" "Meta+=,Meta++" "Meta+=,Zoom In"];
         "view_zoom_out" = "Meta+-";
       };
@@ -110,6 +131,22 @@
         value = 10;
         immutable = true;
       };
+      
+      # Enable KWin tiling features
+      kwinrc.Tiling = {
+        # Enable tiling functionality  
+        "padding" = 4;
+      };
+      
+      # Enable krohnkite plugin automatically
+      kwinrc.Plugins = {
+        krohnkiteEnabled = true;
+      };
+      
+      kwinrc.Effect-overview = {
+        # Configure overview effect for better tiling workflow
+        BorderActivate = 9;  # Top-left corner activation
+      };
 
       kcminputrc.Libinput = {
         AccelerationProfile = "adaptive";
@@ -122,6 +159,14 @@
       };
 
       kdeglobals.KDE.LookAndFeelPackage = "org.kde.breezedark.desktop";
+
+      # Focus follows mouse configuration
+      kwinrc.Windows = {
+        FocusPolicy = "FocusFollowsMouse";
+        AutoRaise = true;  # Set to true if you want windows to auto-raise on focus
+        AutoRaiseInterval = 750;  # Delay in ms before auto-raise (if enabled)
+        DelayFocusInterval = 0;  # Delay in ms before focus follows mouse
+      };
     };
   };
 }

home/roles/base/default.nix

@@ -12,8 +12,8 @@ in
 
   config = mkIf cfg.enable {
     home.packages = with pkgs; [
-      # Core CLI utilities
       fd
+      glances
       gzip
       htop
       killall
@@ -21,12 +21,7 @@ in
       ncdu
       shellcheck
       tmux
-      
+      tree
-      # Development/automation tools that are widely used
-      claude-code
-      codex
-      goose-cli
-      pandoc
     ];
 
     # Essential programs everyone needs
@@ -63,11 +58,11 @@ in
 
     programs.ssh = {
       enable = true;
-      addKeysToAgent = "yes";
       matchBlocks = {
         "nucdeb1" = {
           hostname = "nucdeb1.oglehome";
           user = "root";
+          addKeysToAgent = "yes";
         };
       };
     };
@@ -83,4 +78,4 @@ in
 
     # Note: modules must be imported at top-level home config
   };
-}
+}

home/roles/desktop/default.nix

@@ -25,6 +25,39 @@ in
       
       # System utilities with GUI components
       (snapcast.override { pulseaudioSupport = true; })
+      
+      # KDE tiling window management
+      kdePackages.krohnkite  # Dynamic tiling extension for KWin 6
+      
+      # KDE PIM applications for email, calendar, and contacts
+      kdePackages.kmail
+      kdePackages.kmail-account-wizard
+      kdePackages.kmailtransport
+      kdePackages.korganizer
+      kdePackages.kaddressbook
+      kdePackages.kontact
+      
+      # KDE Online Accounts support
+      kdePackages.kaccounts-integration
+      kdePackages.kaccounts-providers
+      kdePackages.signond
+      
+      # KDE Mapping
+      kdePackages.marble  # Virtual globe and world atlas
+      
+      # KDE Productivity
+      kdePackages.kate        # Advanced text editor with syntax highlighting
+      kdePackages.okular      # Universal document viewer (PDF, ePub, etc.)
+      kdePackages.spectacle   # Screenshot capture utility
+      kdePackages.filelight   # Visual disk usage analyzer
+      
+      # KDE Multimedia
+      kdePackages.gwenview    # Image viewer and basic editor
+      kdePackages.elisa       # Music player
+      
+      # KDE System Utilities  
+      kdePackages.ark         # Archive manager (zip, tar, 7z, etc.)
+      kdePackages.yakuake     # Drop-down terminal emulator
     ];
 
     programs.firefox = {

home/roles/development/default.nix

@@ -12,6 +12,10 @@ in
 
   config = mkIf cfg.enable {
     home.packages = [
+      pkgs.claude-code
+      pkgs.codex
+      pkgs.goose-cli
+
       # Custom packages
       customPkgs.tea-rbw
     ];
@@ -20,4 +24,4 @@ in
 
     # Note: modules must be imported at top-level home config
   };
-}
+}

home/roles/media/default.nix

@@ -13,7 +13,9 @@ in
   config = mkIf cfg.enable {
     home.packages = with pkgs; [
       # Media players and streaming
-      jellyfin-media-player
+      # Using delfin instead of jellyfin-media-player to avoid qtwebengine security issues
+      # For full Jellyfin features, use web interface at http://jellyfin-server:8096
+      delfin
       moonlight-qt
       vlc
     ];

machines/johno-macbookpro/configuration.nix

@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Basic system configuration for macOS work laptop
+  system.stateVersion = 6;
+
+  # Set primary user for nix-darwin
+  system.primaryUser = "johno";
+
+  # System preferences (can be expanded later)
+  system.defaults = {
+    dock.autohide = true;
+    finder.AppleShowAllExtensions = true;
+    NSGlobalDomain.AppleShowAllExtensions = true;
+  };
+
+  # TODO: Find a way to not duplicate this
+  launchd.user.envVariables = {
+    # DOOM Emacs environment variables
+    DOOMDIR = "/Users/johno/.config/doom";
+    DOOMLOCALDIR = "/Users/johno/.local/doom";
+  };
+}

machines/nix-book/configuration.nix

@@ -43,8 +43,11 @@
   # Enable networking
   networking.networkmanager.enable = true;
 
-  services.openvpn.servers = {
+  # WireGuard setup
-    ogleNet = { config = '' config /root/Oglehome-VPN-johno-nixbook.conf ''; };
+  networking.wg-quick.interfaces = {
+    ogleNet = {
+      configFile = "/root/Oglehome-VPN-johno-nixbook.conf";
+    };
   };
 
   hardware.graphics = {

machines/zix790prors/configuration.nix

@@ -34,7 +34,7 @@ with lib;
 
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
-  boot.loader.systemd-boot.configurationLimit = 2; # Reduced to save /boot space (TODO Increase /boot partition size)
+  boot.loader.systemd-boot.configurationLimit = 20;
   boot.loader.efi.canTouchEfiVariables = true;
   boot.loader.timeout = 10;
 

machines/zix790prors/hardware-configuration.nix

@@ -14,7 +14,7 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/76B0-738E";
+    { device = "/dev/disk/by-uuid/11C1-EB58";
       fsType = "vfat";
       options = [ "fmask=0077" "dmask=0077" ];
     };

packages/app-launcher-server/app-launcher-server.py

@@ -0,0 +1,104 @@
+#!/usr/bin/env python3
+
+import json
+import logging
+import os
+import subprocess
+import sys
+from http.server import BaseHTTPRequestHandler, HTTPServer
+from urllib.parse import urlparse
+
+# Configure logging
+logging.basicConfig(
+    level=logging.INFO,
+    format='%(asctime)s - %(levelname)s - %(message)s'
+)
+logger = logging.getLogger(__name__)
+
+# Allowlisted applications that can be launched
+ALLOWED_APPS = {
+    'firefox': 'firefox',
+    'kodi': 'kodi'
+}
+
+class AppLauncherHandler(BaseHTTPRequestHandler):
+    def log_message(self, format, *args):
+        logger.info(format % args)
+
+    def do_GET(self):
+        if self.path == '/':
+            self.send_response(200)
+            self.send_header('Content-type', 'application/json')
+            self.end_headers()
+            response = {
+                'status': 'running',
+                'available_apps': list(ALLOWED_APPS.keys()),
+                'usage': 'POST /launch/<app_name> to launch an application'
+            }
+            self.wfile.write(json.dumps(response, indent=2).encode())
+        else:
+            self.send_error(404)
+
+    def do_POST(self):
+        parsed_path = urlparse(self.path)
+        path_parts = parsed_path.path.strip('/').split('/')
+
+        if len(path_parts) == 2 and path_parts[0] == 'launch':
+            app_name = path_parts[1]
+            self.launch_app(app_name)
+        else:
+            self.send_error(404, "Invalid endpoint. Use /launch/<app_name>")
+
+    def launch_app(self, app_name):
+        if app_name not in ALLOWED_APPS:
+            self.send_error(400, f"Application '{app_name}' not allowed. Available apps: {list(ALLOWED_APPS.keys())}")
+            return
+
+        command = ALLOWED_APPS[app_name]
+
+        try:
+            # Launch the application in the background
+            # Ensure we have the proper environment for GUI apps
+            env = os.environ.copy()
+
+            logger.info(f"Launching application: {command}")
+            process = subprocess.Popen(
+                [command],
+                env=env,
+                stdout=subprocess.DEVNULL,
+                stderr=subprocess.DEVNULL,
+                start_new_session=True
+            )
+
+            self.send_response(200)
+            self.send_header('Content-type', 'application/json')
+            self.end_headers()
+            response = {
+                'status': 'success',
+                'message': f'Successfully launched {app_name}',
+                'pid': process.pid
+            }
+            self.wfile.write(json.dumps(response).encode())
+
+        except FileNotFoundError:
+            logger.error(f"Application not found: {command}")
+            self.send_error(500, f"Application '{app_name}' not found on system")
+        except Exception as e:
+            logger.error(f"Error launching {command}: {e}")
+            self.send_error(500, f"Failed to launch {app_name}: {str(e)}")
+
+def main():
+    port = int(sys.argv[1]) if len(sys.argv) > 1 else 8081
+
+    server = HTTPServer(('0.0.0.0', port), AppLauncherHandler)
+    logger.info(f"App launcher server starting on port {port}")
+    logger.info(f"Available applications: {list(ALLOWED_APPS.keys())}")
+
+    try:
+        server.serve_forever()
+    except KeyboardInterrupt:
+        logger.info("Server shutting down...")
+        server.server_close()
+
+if __name__ == '__main__':
+    main()

packages/app-launcher-server/default.nix

@@ -0,0 +1,5 @@
+{ pkgs }:
+
+pkgs.writeShellScriptBin "app-launcher-server" ''
+  exec ${pkgs.python3}/bin/python3 ${./app-launcher-server.py} "$@"
+''

packages/default.nix

@@ -2,4 +2,5 @@
 {
   vulkanHDRLayer = pkgs.callPackage ./vulkan-hdr-layer {};
   tea-rbw = pkgs.callPackage ./tea-rbw {};
+  app-launcher-server = pkgs.callPackage ./app-launcher-server {};
 }

roles/darwin.nix

@@ -0,0 +1,84 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  # Extract the set-environment path that nix-darwin generates
+  setEnvironmentPath = "${config.system.build.setEnvironment}";
+in
+{
+  config = {
+    # Salt manages /etc/bashrc, /etc/zshrc, /etc/zshenv
+    # nix-darwin writes to .local variants for nix-specific configuration
+
+    # Disable nix-darwin from managing the main shell files
+    environment.etc."bashrc".enable = false;
+    environment.etc."zshrc".enable = false;
+    environment.etc."zshenv".enable = false;
+
+    # Create .local files with nix environment setup
+    environment.etc."bash.local".text = ''
+      # Nix environment setup
+      if [ -z "$__NIX_DARWIN_SET_ENVIRONMENT_DONE" ]; then
+        . ${setEnvironmentPath}
+      fi
+    '';
+
+    environment.etc."zshrc.local".text = ''
+      # Nix environment setup (already done in zshenv.local)
+    '';
+
+    environment.etc."zshenv.local".text = ''
+      # Nix environment setup
+      if [[ -o rcs ]]; then
+        if [ -z "''${__NIX_DARWIN_SET_ENVIRONMENT_DONE-}" ]; then
+          . ${setEnvironmentPath}
+        fi
+
+        # Tell zsh how to find installed completions
+        for p in ''${(z)NIX_PROFILES}; do
+          fpath=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions $fpath)
+        done
+      fi
+    '';
+
+    time.timeZone = "America/Los_Angeles";
+
+    environment.systemPackages = with pkgs; [
+      git
+      glances
+      pciutils
+      tree
+      usbutils
+      vim
+    ];
+
+    nix = {
+      package = pkgs.nix;
+      # distributedBuilds = true;
+      # buildMachines = [{
+      #   hostName = "z790prors.oglehome";
+      #   system = "x86_64-linux";
+      #   protocol = "ssh-ng";
+      #   sshUser = "johno";
+      #   sshKey = "/root/.ssh/id_ed25519";
+      #   maxJobs = 3;
+      #   speedFactor = 2;
+      # }];
+      settings = {
+        experimental-features = [ "nix-command" "flakes" ];
+        max-jobs = "auto";
+        trusted-users = [ "johno" ];
+        substituters = [
+        ];
+      };
+
+      gc = {
+        automatic = true;
+        options = "--delete-older-than 10d";
+      };
+    };
+
+    nixpkgs.config.allowUnfree = true;
+  };
+}

roles/kodi/default.nix

@@ -4,6 +4,7 @@ with lib;
 
 let
   cfg = config.roles.kodi;
+  customPkgs = pkgs.callPackage ../../packages {};
 in
 {
   options.roles.kodi = {
@@ -14,6 +15,18 @@ in
     wayland = mkOption {
       default = true;
     };
+    appLauncherServer = {
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Enable HTTP app launcher server for remote control";
+      };
+      port = mkOption {
+        type = types.int;
+        default = 8081;
+        description = "Port for the app launcher HTTP server";
+      };
+    };
   };
 
 
@@ -33,17 +46,35 @@ in
       };
 
       networking.firewall = {
-        allowedTCPPorts = [ 8080 ];
+        allowedTCPPorts = [ 8080 ] ++ optional cfg.appLauncherServer.enable cfg.appLauncherServer.port;
         allowedUDPPorts = [ 8080 ];
       };
 
       environment.systemPackages = with pkgs; [
         kodiPkg
         wget
-      ];
+        firefox
+      ] ++ optional cfg.appLauncherServer.enable customPkgs.app-launcher-server;
 
       programs.kdeconnect.enable = true;
 
+      systemd.user.services = mkIf cfg.appLauncherServer.enable {
+        app-launcher-server = {
+          description = "HTTP App Launcher Server";
+          wantedBy = [ "graphical-session.target" ];
+          after = [ "graphical-session.target" ];
+          serviceConfig = {
+            Type = "simple";
+            ExecStart = "${customPkgs.app-launcher-server}/bin/app-launcher-server ${toString cfg.appLauncherServer.port}";
+            Restart = "always";
+            RestartSec = "5s";
+            Environment = [
+              "PATH=${pkgs.firefox}/bin:${kodiPkg}/bin:/run/current-system/sw/bin"
+            ];
+          };
+        };
+      };
+
       services = if cfg.autologin then {
           displayManager = {
             autoLogin.enable = true;