[i3] Setup brightness control with ddcutil

- Switch nix-deck to use nixpkgs-unstable and unstable home-manager/plasma-manager
- Remove jovian-compat.nix shim (not needed on unstable)
- Add bitwarden-desktop compatibility overlay for stable/unstable coexistence
- Update hardware-configuration.nix with actual Steam Deck hardware detection
- Add 8GB swap file configuration
- Configure AMD CPU microcode updates

This allows nix-deck to work with the latest Jovian-NixOS while keeping other
machines on stable 25.05.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

STEAM_DECK_JOVIAN_SETUP.md

@@ -0,0 +1,280 @@
+# Steam Deck (nix-deck) Jovian-NixOS Setup Guide
+
+This document describes the setup for installing and maintaining NixOS with Jovian-NixOS on a Steam Deck.
+
+## Overview
+
+The `nix-deck` configuration provides:
+- **Jovian-NixOS integration** for Steam Deck hardware support
+- **Remote building** using `zix790prors` as the build host
+- **SteamOS role** for easy Steam Deck UI configuration
+- **Compatibility shim** for using Jovian on NixOS 25.05 stable
+
+## Architecture
+
+### Remote Building
+
+The setup uses distributed builds to avoid slow compilation on the Steam Deck:
+
+- **Build Host**: `zix790prors` (powerful desktop)
+  - Runs as a dedicated `nix-builder` user (not root)
+  - Accepts SSH connections from client machines
+  - Performs all heavy compilation work
+
+- **Build Clients**: `nix-book` and `nix-deck`
+  - Automatically offload builds to `zix790prors`
+  - Fall back to local building if remote builder is unavailable
+  - Steam Deck heavily prefers remote (speedFactor=4)
+
+### Jovian-NixOS Integration
+
+- **Jovian module**: Provides Steam Deck hardware support, drivers, and Steam UI
+- **Compatibility layer**: `roles/jovian-compat.nix` provides `services.logind.settings` for NixOS 25.05
+  - **IMPORTANT**: Remove this when upgrading to NixOS 25.11+
+  - An assertion will fail the build if used on 25.11+
+
+- **SteamOS role**: `roles.desktop.steamos` abstracts Jovian configuration
+  ```nix
+  roles.desktop.steamos = {
+    enable = true;
+    autoStart = false;  # Set to true to boot directly to Steam UI
+    desktopSession = "plasmawayland";
+  };
+  ```
+
+## Initial Installation
+
+### Prerequisites
+
+1. Steam Deck in recovery mode or booted to a live Linux environment
+2. SSH access enabled on the Steam Deck
+3. SSH key set up for passwordless authentication
+
+### Option 1: Using nixos-anywhere (Initial Install Only)
+
+```bash
+# From your main machine
+nix run github:nix-community/nixos-anywhere -- \
+  --flake .#nix-deck \
+  root@<steam-deck-ip>
+```
+
+**Note**: This is only for the initial install. For updates, see below.
+
+### Option 2: Manual Installation
+
+1. Boot Steam Deck from NixOS installer USB
+2. Partition and format the disk
+3. Mount filesystems
+4. Clone this repository
+5. Generate hardware config:
+   ```bash
+   nixos-generate-config --show-hardware-config > /tmp/hw.nix
+   ```
+6. Copy the hardware config content to `machines/nix-deck/hardware-configuration.nix`
+7. Keep the `jovian.devices.steamdeck` settings in the file
+8. Install:
+   ```bash
+   nixos-install --flake .#nix-deck
+   ```
+
+## Updates and Rebuilds
+
+### Method 1: Remote Build and Deploy (Recommended)
+
+Build on your main machine, deploy to Steam Deck:
+
+```bash
+# From nix-book or zix790prors
+nixos-rebuild switch \
+  --flake .#nix-deck \
+  --target-host root@nix-deck \
+  --build-host localhost
+```
+
+### Method 2: On-Device Rebuild (Uses Remote Builder)
+
+The Steam Deck is configured to automatically use `zix790prors` as a remote builder:
+
+```bash
+# SSH into the Steam Deck
+ssh root@nix-deck
+
+# This will automatically build on zix790prors
+nixos-rebuild switch --flake /path/to/nixos-configs#nix-deck
+```
+
+The build will automatically happen on `zix790prors` and be deployed locally.
+
+## Remote Builder Setup
+
+### On the Build Host (zix790prors)
+
+The configuration creates a `nix-builder` user that client machines connect to:
+
+```nix
+roles.remote-build.enableBuilder = true;
+```
+
+### On Client Machines (nix-book, nix-deck)
+
+Configure the remote builder:
+
+```nix
+roles.remote-build.builders = [{
+  hostName = "zix790prors";
+  maxJobs = 16;
+  speedFactor = 4;  # Higher = prefer remote more
+}];
+```
+
+### SSH Key Setup
+
+1. Generate SSH key on the builder host for the `nix-builder` user:
+   ```bash
+   sudo -u nix-builder ssh-keygen -t ed25519 -f /var/lib/nix-builder/.ssh/id_ed25519
+   ```
+
+2. Copy the public key to client machines:
+   ```bash
+   # Add to /var/lib/nix-builder/.ssh/authorized_keys on zix790prors
+   ```
+
+3. On client machines, ensure you can connect:
+   ```bash
+   ssh nix-builder@zix790prors
+   ```
+
+## Configuration Files
+
+### Key Files Created/Modified
+
+- `flake.nix` - Added Jovian input and nix-deck configuration
+- `roles/jovian-compat.nix` - Compatibility shim (remove in 25.11+)
+- `roles/desktop/steamos.nix` - SteamOS/Jovian role abstraction
+- `roles/remote-build/default.nix` - Remote builder role
+- `machines/nix-deck/configuration.nix` - Steam Deck system config
+- `machines/nix-deck/hardware-configuration.nix` - Hardware config (placeholder)
+
+### Example Configuration
+
+```nix
+# machines/nix-deck/configuration.nix
+{
+  roles = {
+    desktop = {
+      enable = true;
+      wayland = true;
+      gaming.enable = true;
+      kde = true;
+      sddm = true;
+      steamos = {
+        enable = true;
+        autoStart = false;  # or true to boot to Steam UI
+        desktopSession = "plasmawayland";
+      };
+    };
+    remote-build.builders = [{
+      hostName = "zix790prors";
+      maxJobs = 16;
+      speedFactor = 4;
+    }];
+  };
+}
+```
+
+## Jovian Features
+
+### Enabled by Default
+
+- Steam Deck hardware support (`jovian.devices.steamdeck.enable`)
+- Steam UI (`jovian.steam.enable`)
+- Decky Loader plugin system (`jovian.decky-loader.enable`)
+
+### Optional Features
+
+Set in the hardware-configuration.nix:
+
+```nix
+jovian.devices.steamdeck = {
+  enable = true;
+  autoUpdate = false;  # Auto-update BIOS/controller firmware
+};
+```
+
+### Manual Firmware Updates
+
+```bash
+# BIOS update
+sudo jupiter-biosupdate
+
+# Controller update
+sudo jupiter-controller-update
+
+# Docking station (connect via USB-C first)
+jupiter-dock-updater
+```
+
+## Troubleshooting
+
+### Remote Builds Not Working
+
+1. Check SSH connectivity:
+   ```bash
+   ssh nix-builder@zix790prors
+   ```
+
+2. Verify builder is trusted:
+   ```bash
+   # On zix790prors
+   nix show-config | grep trusted-users
+   ```
+
+3. Check build logs:
+   ```bash
+   journalctl -u nix-daemon -f
+   ```
+
+### Jovian Not Working
+
+1. Ensure you're on NixOS 25.05 or the compatibility layer is removed for 25.11+
+2. Check Jovian is imported in flake.nix
+3. Verify hardware config has `jovian.devices.steamdeck.enable = true`
+
+### Compatibility Layer Issues
+
+If you see an error about `jovian-compat.nix` being incompatible:
+
+1. You're running NixOS 25.11 or later
+2. Remove `./roles/jovian-compat.nix` from `flake.nix`
+3. Jovian should work natively on 25.11+
+
+## Future Upgrades
+
+### Upgrading to NixOS 25.11
+
+1. Update `nixpkgs` input in flake.nix to 25.11
+2. Remove `./roles/jovian-compat.nix` from flake.nix imports
+3. The assertion in jovian-compat.nix will prevent accidental use
+4. Test the build
+5. Deploy
+
+### Switching to Unstable
+
+If you need Jovian to follow unstable nixpkgs:
+
+1. Edit `flake.nix`:
+   ```nix
+   jovian = {
+     url = "github:Jovian-Experiments/Jovian-NixOS";
+     inputs.nixpkgs.follows = "nixpkgs-unstable";
+   };
+   ```
+
+2. This only affects Jovian packages, not your base system
+
+## Additional Resources
+
+- [Jovian-NixOS Documentation](https://jovian-experiments.github.io/Jovian-NixOS/)
+- [Jovian Steam Deck Guide](https://jovian-experiments.github.io/Jovian-NixOS/devices/valve-steam-deck/)
+- [NixOS Remote Builds](https://nixos.org/manual/nix/stable/advanced-topics/distributed-builds.html)

flake.lock

@@ -3,11 +3,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1747046372,
-        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "lastModified": 1761588595,
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
         "type": "github"
       },
       "original": {
@@ -23,11 +23,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1752428473,
-        "narHash": "sha256-IsE7fdAYbRlZuc0H5FtPfhhuHvlxnDGoAxdlnjpVNCU=",
+        "lastModified": 1761423376,
+        "narHash": "sha256-pMy3cnUFfue4vz/y0jx71BfcPGxZf+hk/DtnzWvfU0c=",
         "ref": "refs/heads/main",
-        "rev": "1fad66b55144ab6beaecd900172a21ac3c34dc52",
-        "revCount": 10,
+        "rev": "a1f695665771841a988afc965526cbf99160cd77",
+        "revCount": 11,
         "type": "git",
         "url": "https://git.johnogle.info/johno/google-cookie-retrieval.git"
       },
@@ -43,19 +43,62 @@
         ]
       },
       "locked": {
-        "lastModified": 1759172751,
-        "narHash": "sha256-E8W8sRXfrvkFW26GuuiWq6QfReU7m5+cngwHuRo/3jc=",
+        "lastModified": 1758463745,
+        "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "12fa8548feefa9a10266ba65152fd1a787cdde8f",
+        "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
+        "ref": "release-25.05",
         "repo": "home-manager",
         "type": "github"
       }
     },
+    "home-manager-unstable": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-unstable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1763416652,
+        "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "master",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "jovian": {
+      "inputs": {
+        "nix-github-actions": "nix-github-actions",
+        "nixpkgs": [
+          "nixpkgs-unstable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1763223001,
+        "narHash": "sha256-Hi6XxTJJjKsDrO+D0fYXS88ehCYzQkZlp9qxX1zoM1s=",
+        "owner": "Jovian-Experiments",
+        "repo": "Jovian-NixOS",
+        "rev": "68a1bcc019378272e601558719f82005a80ddab0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Jovian-Experiments",
+        "repo": "Jovian-NixOS",
+        "type": "github"
+      }
+    },
     "nix-darwin": {
       "inputs": {
         "nixpkgs": [
@@ -63,30 +106,53 @@
         ]
       },
       "locked": {
-        "lastModified": 1758805352,
-        "narHash": "sha256-BHdc43Lkayd+72W/NXRKHzX5AZ+28F3xaUs3a88/Uew=",
+        "lastModified": 1762912391,
+        "narHash": "sha256-4hpBE7bGd24SfD28rzMdUGXsLsNEYxCCrTipFdoqoNM=",
         "owner": "nix-darwin",
         "repo": "nix-darwin",
-        "rev": "c48e963a5558eb1c3827d59d21c5193622a1477c",
+        "rev": "d76299b2cd01837c4c271a7b5186e3d5d8ebd126",
         "type": "github"
       },
       "original": {
         "owner": "nix-darwin",
+        "ref": "nix-darwin-25.05",
         "repo": "nix-darwin",
         "type": "github"
       }
     },
+    "nix-github-actions": {
+      "inputs": {
+        "nixpkgs": [
+          "jovian",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1729697500,
+        "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
+        "owner": "zhaofengli",
+        "repo": "nix-github-actions",
+        "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
+        "type": "github"
+      },
+      "original": {
+        "owner": "zhaofengli",
+        "ref": "matrix-name",
+        "repo": "nix-github-actions",
+        "type": "github"
+      }
+    },
     "nixos-wsl": {
       "inputs": {
         "flake-compat": "flake-compat",
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1758785683,
-        "narHash": "sha256-mRn51IeEBXeNh5a6xNLylk4PKBX0s/QQxgkEbYoPq/w=",
+        "lastModified": 1763385941,
+        "narHash": "sha256-99CBNgyMvg3Zu/hxqixtShevrF4Kfr/qjtizQ6oseVI=",
         "owner": "nix-community",
         "repo": "NixOS-WSL",
-        "rev": "1bfb978f2f6261b6086e04af17f9418e1fe36d70",
+        "rev": "cc6483354b236c2fc95cc1d4ba1f0f40b7345e69",
         "type": "github"
       },
       "original": {
@@ -98,11 +164,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1758277210,
-        "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=",
+        "lastModified": 1762977756,
+        "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8eaee110344796db060382e15d3af0a9fc396e0e",
+        "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
         "type": "github"
       },
       "original": {
@@ -112,13 +178,13 @@
         "type": "github"
       }
     },
-    "nixpkgs_2": {
+    "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1759036355,
-        "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=",
+        "lastModified": 1763283776,
+        "narHash": "sha256-Y7TDFPK4GlqrKrivOcsHG8xSGqQx3A6c+i7novT85Uk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127",
+        "rev": "50a96edd8d0db6cc8db57dab6bb6d6ee1f3dc49a",
         "type": "github"
       },
       "original": {
@@ -128,6 +194,22 @@
         "type": "github"
       }
     },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1763049705,
+        "narHash": "sha256-A5LS0AJZ1yDPTa2fHxufZN++n8MCmtgrJDtxFxrH4S8=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "3acb677ea67d4c6218f33de0db0955f116b7588c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "plasma-manager": {
       "inputs": {
         "home-manager": [
@@ -138,11 +220,34 @@
         ]
       },
       "locked": {
-        "lastModified": 1759157415,
-        "narHash": "sha256-Fg8cOnVoIe0uQ38UpR6XZzRCwDsjjozVwfevW9yCLI0=",
+        "lastModified": 1762784320,
+        "narHash": "sha256-odsk96Erywk5hs0dhArF38zb7Oe0q6LZ70gXbxAPKno=",
         "owner": "nix-community",
         "repo": "plasma-manager",
-        "rev": "df5b3e6da631f732c26c6044c7cccb8706b4f479",
+        "rev": "7911a0f8a44c7e8b29d031be3149ee8943144321",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "plasma-manager",
+        "type": "github"
+      }
+    },
+    "plasma-manager-unstable": {
+      "inputs": {
+        "home-manager": [
+          "home-manager-unstable"
+        ],
+        "nixpkgs": [
+          "nixpkgs-unstable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1762784320,
+        "narHash": "sha256-odsk96Erywk5hs0dhArF38zb7Oe0q6LZ70gXbxAPKno=",
+        "owner": "nix-community",
+        "repo": "plasma-manager",
+        "rev": "7911a0f8a44c7e8b29d031be3149ee8943144321",
         "type": "github"
       },
       "original": {
@@ -155,10 +260,14 @@
       "inputs": {
         "google-cookie-retrieval": "google-cookie-retrieval",
         "home-manager": "home-manager",
+        "home-manager-unstable": "home-manager-unstable",
+        "jovian": "jovian",
         "nix-darwin": "nix-darwin",
         "nixos-wsl": "nixos-wsl",
         "nixpkgs": "nixpkgs_2",
-        "plasma-manager": "plasma-manager"
+        "nixpkgs-unstable": "nixpkgs-unstable",
+        "plasma-manager": "plasma-manager",
+        "plasma-manager-unstable": "plasma-manager-unstable"
       }
     }
   },

flake.nix

@@ -2,41 +2,98 @@
   description = "A very basic flake";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
     nixos-wsl.url = "github:nix-community/NixOS-WSL/main";
     
     nix-darwin = {
-      url = "github:nix-darwin/nix-darwin";
+      url = "github:nix-darwin/nix-darwin/nix-darwin-25.05";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
     home-manager = {
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager/release-25.05";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    home-manager-unstable = {
+      url = "github:nix-community/home-manager/master";
+      inputs.nixpkgs.follows = "nixpkgs-unstable";
+    };
+
     plasma-manager = {
       url = "github:nix-community/plasma-manager";
       inputs.nixpkgs.follows = "nixpkgs";
       inputs.home-manager.follows = "home-manager";
     };
 
+    plasma-manager-unstable = {
+      url = "github:nix-community/plasma-manager";
+      inputs.nixpkgs.follows = "nixpkgs-unstable";
+      inputs.home-manager.follows = "home-manager-unstable";
+    };
+
     google-cookie-retrieval = {
       url = "git+https://git.johnogle.info/johno/google-cookie-retrieval.git";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    jovian = {
+      url = "github:Jovian-Experiments/Jovian-NixOS";
+      inputs.nixpkgs.follows = "nixpkgs-unstable";
+    };
   };
 
-  outputs = { self, nixpkgs, nixos-wsl, ... } @ inputs: let
+  outputs = { self, nixpkgs, nixpkgs-unstable, nixos-wsl, ... } @ inputs: let
     nixosModules = [
       ./roles
     ] ++ [
+      ./roles/jovian-compat.nix
       inputs.home-manager.nixosModules.home-manager
       {
+        nixpkgs.overlays = [
+          (final: prev: {
+            unstable = import nixpkgs-unstable {
+              system = prev.system;
+              config.allowUnfree = true;
+            };
+            custom = prev.callPackage ./packages {};
+            # Compatibility: bitwarden renamed to bitwarden-desktop in unstable
+            bitwarden-desktop = prev.bitwarden-desktop or prev.bitwarden;
+          })
+        ];
         home-manager.useGlobalPkgs = true;
         home-manager.useUserPackages = true;
         home-manager.sharedModules = [
-          inputs.plasma-manager.homeManagerModules.plasma-manager
+          inputs.plasma-manager.homeModules.plasma-manager
+        ];
+        home-manager.extraSpecialArgs = {
+          globalInputs = inputs;
+        };
+      }
+    ];
+    # Modules for unstable-based systems (like nix-deck)
+    nixosModulesUnstable = [
+      ./roles
+    ] ++ [
+      inputs.home-manager-unstable.nixosModules.home-manager
+      inputs.jovian.nixosModules.jovian
+      {
+        nixpkgs.overlays = [
+          (final: prev: {
+            unstable = import nixpkgs-unstable {
+              system = prev.system;
+              config.allowUnfree = true;
+            };
+            custom = prev.callPackage ./packages {};
+            # Compatibility: bitwarden renamed to bitwarden-desktop in unstable
+            bitwarden-desktop = prev.bitwarden-desktop or prev.bitwarden;
+          })
+        ];
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.sharedModules = [
+          inputs.plasma-manager-unstable.homeModules.plasma-manager
         ];
         home-manager.extraSpecialArgs = {
           globalInputs = inputs;
@@ -48,6 +105,17 @@
     ] ++ [
       inputs.home-manager.darwinModules.home-manager
       {
+        nixpkgs.overlays = [
+          (final: prev: {
+            unstable = import nixpkgs-unstable {
+              system = prev.system;
+              config.allowUnfree = true;
+            };
+            custom = prev.callPackage ./packages {};
+            # Compatibility: bitwarden renamed to bitwarden-desktop in unstable
+            bitwarden-desktop = prev.bitwarden-desktop or prev.bitwarden;
+          })
+        ];
         home-manager.useGlobalPkgs = true;
         home-manager.useUserPackages = true;
         home-manager.extraSpecialArgs = {
@@ -123,6 +191,18 @@
       ];
     };
 
+    # Steam Deck configuration (using unstable for better Jovian compatibility)
+    nixosConfigurations.nix-deck = nixpkgs-unstable.lib.nixosSystem rec {
+      system = "x86_64-linux";
+      modules = nixosModulesUnstable ++ [
+        ./machines/nix-deck/configuration.nix
+        {
+          home-manager.users.johno = import ./home/home-desktop.nix;
+          home-manager.extraSpecialArgs = { inherit system; };
+        }
+      ];
+    };
+
     # Darwin/macOS configurations
     darwinConfigurations."blkfv4yf49kt7" = inputs.nix-darwin.lib.darwinSystem rec {
       system = "aarch64-darwin";

home/home-darwin-work.nix

@@ -1,11 +1,9 @@
 { config, lib, pkgs, globalInputs, system, ... }:
 
 let
-  customPkgs = pkgs.callPackage ../packages {};
+  leader = "cmd"; # Change this to experiment with different leader keys (e.g., "cmd", "ctrl")
 in
 {
-  # Provide arguments to role modules
-  _module.args = { inherit customPkgs; };
   # Home Manager configuration for Darwin work laptop
   # Corporate-friendly setup with essential development tools
 
@@ -13,28 +11,114 @@ in
   home.homeDirectory = lib.mkForce "/Users/johno";
   home.stateVersion = "24.05";
 
+  # System packages
+  home.packages = with pkgs; [
+    autoraise
+  ];
+
+  # Note: ghostty installed via Homebrew (managed outside of nix)
+
+  # Auto-start autoraise on login
+  launchd.agents.autoraise = {
+    enable = true;
+    config = {
+      ProgramArguments = [
+        "${pkgs.autoraise}/bin/AutoRaise"
+        "-pollMillis" "50"
+        "-delay" "2"
+        "-focusDelay" "2"
+      ];
+      RunAtLoad = true;
+      KeepAlive = true;
+    };
+  };
+
+  # Auto-start aerospace on login
+  # NOTE: In 25.11+, this can be simplified to `programs.aerospace.launchd.enable = true`
+  launchd.agents.aerospace = {
+    enable = true;
+    config = {
+      Program = "${pkgs.aerospace}/Applications/AeroSpace.app/Contents/MacOS/AeroSpace";
+      RunAtLoad = true;
+      KeepAlive = true;
+      StandardOutPath = "/tmp/aerospace.log";
+      StandardErrorPath = "/tmp/aerospace.err.log";
+    };
+  };
+
   # Override Darwin-incompatible settings from base role
   programs.rbw.settings.pinentry = lib.mkForce pkgs.pinentry_mac;
 
-  programs.bash.initExtra = ''
-    export NODE_EXTRA_CA_CERTS=/opt/homebrew/etc/ca-certificates/cert.pem
-    export COREPACK_NPM_REGISTRY=https://global.block-artifacts.com/artifactory/api/npm/square-npm/
-    export COREPACK_INTEGRITY_KEYS=0
+  # Disable Home Manager from managing shell RC files
+  # topsoil/compost will manage these files instead
+  programs.bash.enable = lib.mkForce false;
+  programs.zsh.enable = lib.mkForce false;
 
-    export NVM_DIR="$HOME/.nvm"
-    [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
-    [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
-  '';
+  # Create a local nix integration file that topsoil-managed configs can source
+  home.file.".nix-integration.sh" = {
+    text = ''
+      # Source Home Manager session variables (nix paths, environment, etc.)
+      if [ -e /etc/profiles/per-user/johno/etc/profile.d/hm-session-vars.sh ]; then
+        . /etc/profiles/per-user/johno/etc/profile.d/hm-session-vars.sh
+      fi
 
-  programs.zsh.enable = true;
-  programs.zsh.initContent = ''
-    export NODE_EXTRA_CA_CERTS=/opt/homebrew/etc/ca-certificates/cert.pem
-    export COREPACK_NPM_REGISTRY=https://global.block-artifacts.com/artifactory/api/npm/square-npm/
-    export COREPACK_INTEGRITY_KEYS=0
-    export NVM_DIR="$HOME/.nvm"
-    [ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" # This loads nvm
-    [ -s "$NVM_DIR/bash_completion" ] && . "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
-  '';
+      # Setup bash completions from nix profiles
+      if [[ ! -v BASH_COMPLETION_VERSINFO ]] && [ -n "$NIX_PROFILES" ]; then
+        for profile in $NIX_PROFILES; do
+          if [ -f "$profile/etc/profile.d/bash_completion.sh" ]; then
+            . "$profile/etc/profile.d/bash_completion.sh"
+            break
+          fi
+        done
+      fi
+
+      # command-not-found handler
+      command_not_found_handle() {
+        local p=/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite
+        if [ -n "$NIX_PROFILES" ]; then
+          for profile in $NIX_PROFILES; do
+            if [ -x "$profile/bin/command-not-found" ] && [ -f "$p" ]; then
+              "$profile/bin/command-not-found" "$@"
+              return $?
+            fi
+          done
+        fi
+        echo "$1: command not found" >&2
+        return 127
+      }
+    '';
+  };
+
+  home.file.".nix-integration.zsh" = {
+    text = ''
+      # Source Home Manager session variables (nix paths, environment, etc.)
+      if [ -e /etc/profiles/per-user/johno/etc/profile.d/hm-session-vars.sh ]; then
+        . /etc/profiles/per-user/johno/etc/profile.d/hm-session-vars.sh
+      fi
+
+      # Setup zsh completions from nix profiles
+      typeset -U path cdpath fpath manpath
+      for profile in ''${(z)NIX_PROFILES}; do
+        fpath+=($profile/share/zsh/site-functions $profile/share/zsh/$ZSH_VERSION/functions $profile/share/zsh/vendor-completions)
+      done
+      autoload -U compinit && compinit
+
+      # command-not-found handler
+      command_not_found_handler() {
+        local p=/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite
+        if [ -n "$NIX_PROFILES" ]; then
+          for profile in ''${(z)NIX_PROFILES}; do
+            if [ -x "$profile/bin/command-not-found" ] && [ -f "$p" ]; then
+              "$profile/bin/command-not-found" "$@"
+              return $?
+            fi
+          done
+        fi
+        echo "$1: command not found" >&2
+        return 127
+      }
+    '';
+  };
 
   # Keep SSH and Git disabled to avoid conflicts with work environment
   programs.ssh.enable = lib.mkForce false;
@@ -43,6 +127,99 @@ in
 
   home.shell.enableShellIntegration = true;
 
+  # TODO: Move this to its own role and/or module
+  programs.aerospace = {
+    enable = true;
+    userSettings.mode.main.binding = {
+      "${leader}-slash" = "layout tiles horizontal vertical";
+      "${leader}-comma" = "layout accordion horizontal vertical";
+      "${leader}-shift-q" = "close";
+      "${leader}-shift-f" = "fullscreen";
+      "${leader}-h" = "focus left";
+      "${leader}-j" = "focus down";
+      "${leader}-k" = "focus up";
+      "${leader}-l" = "focus right";
+      "${leader}-shift-h" = "move left";
+      "${leader}-shift-j" = "move down";
+      "${leader}-shift-k" = "move up";
+      "${leader}-shift-l" = "move right";
+      "${leader}-minus" = "resize smart -50";
+      "${leader}-equal" = "resize smart +50";
+      "${leader}-1" = "workspace 1";
+      "${leader}-2" = "workspace 2";
+      "${leader}-3" = "workspace 3";
+      "${leader}-4" = "workspace 4";
+      "${leader}-5" = "workspace 5";
+      "${leader}-6" = "workspace 6";
+      "${leader}-7" = "workspace 7";
+      "${leader}-8" = "workspace 8";
+      "${leader}-9" = "workspace 9";
+      "${leader}-0" = "workspace 10";
+      "${leader}-shift-1" = "move-node-to-workspace 1";
+      "${leader}-shift-2" = "move-node-to-workspace 2";
+      "${leader}-shift-3" = "move-node-to-workspace 3";
+      "${leader}-shift-4" = "move-node-to-workspace 4";
+      "${leader}-shift-5" = "move-node-to-workspace 5";
+      "${leader}-shift-6" = "move-node-to-workspace 6";
+      "${leader}-shift-7" = "move-node-to-workspace 7";
+      "${leader}-shift-8" = "move-node-to-workspace 8";
+      "${leader}-shift-9" = "move-node-to-workspace 9";
+      "${leader}-shift-0" = "move-node-to-workspace 10";
+      "${leader}-tab" = "workspace-back-and-forth";
+      "${leader}-shift-tab" = "move-workspace-to-monitor --wrap-around next";
+
+      "${leader}-enter" = ''
+        exec-and-forget osascript <<'APPLESCRIPT'
+        tell application "Ghostty"
+            activate
+            tell application "System Events"
+                keystroke "n" using {command down}
+            end tell
+        end tell
+        APPLESCRIPT
+      '';
+
+      "${leader}-shift-enter" = ''
+        exec-and-forget osascript <<'APPLESCRIPT'
+        tell application "Google Chrome"
+            set newWindow to make new window
+            activate
+            tell newWindow to set index to 1
+        end tell
+        APPLESCRIPT
+      '';
+
+      "${leader}-shift-e" = "exec-and-forget zsh --login -c \"emacsclient -c -n\"";
+
+      # Service mode: Deliberate aerospace window management
+      "${leader}-i" = "mode service";
+
+      # Passthrough mode: Temporarily disable aerospace to use macOS shortcuts
+      # Press Cmd-P, then use any macOS shortcut (like Cmd-K in Slack), then press Cmd-P again to exit
+      "${leader}-p" = "mode passthrough";
+    };
+
+    # Service mode: For deliberate aerospace window management operations
+    userSettings.mode.service.binding = {
+      esc = ["reload-config" "mode main"];
+      r = ["flatten-workspace-tree" "mode main"]; # reset layout
+      f = ["layout floating tiling" "mode main"]; # Toggle between floating and tiling layout
+      backspace = ["close-all-windows-but-current" "mode main"];
+
+      "${leader}-shift-h" = ["join-with left" "mode main"];
+      "${leader}-shift-j" = ["join-with down" "mode main"];
+      "${leader}-shift-k" = ["join-with up" "mode main"];
+      "${leader}-shift-l" = ["join-with right" "mode main"];
+    };
+
+    # Passthrough mode: All shortcuts pass through to macOS
+    # This mode has minimal bindings - just ways to exit back to main mode
+    userSettings.mode.passthrough.binding = {
+      esc = "mode main";
+      "${leader}-p" = "mode main";  # Toggle back with same key (Cmd-P)
+    };
+  };
+
   home.roles = {
     base.enable = true;
   };

home/home-desktop.nix

@@ -1,11 +1,6 @@
 { pkgs, globalInputs, system, ... }:
 
-let
-  customPkgs = pkgs.callPackage ../packages {};
-in
 {
-  # Provide arguments to role modules
-  _module.args = { inherit customPkgs; };
   # Home Manager configuration for full desktop experience
   home.username = "johno";
   home.homeDirectory = "/home/johno";

home/home-laptop-compact.nix

@@ -1,11 +1,6 @@
 { config, lib, pkgs, globalInputs, system, ... }:
 
-let
-  customPkgs = pkgs.callPackage ../packages {};
-in
 {
-  # Provide arguments to role modules
-  _module.args = { inherit customPkgs; };
   # Home Manager configuration for compact laptop setups
   # Optimized for space-constrained environments
   

home/home-live-usb.nix

@@ -1,11 +1,6 @@
 { pkgs, globalInputs, system, ... }:
 
-let
-  customPkgs = pkgs.callPackage ../packages {};
-in
 {
-  # Provide arguments to role modules
-  _module.args = { inherit customPkgs; };
   # Home Manager configuration for live USB environments
   # Minimal setup without persistent services
   

home/home-media-center.nix

@@ -1,11 +1,6 @@
 { pkgs, globalInputs, system, ... }:
 
-let
-  customPkgs = pkgs.callPackage ../packages {};
-in
 {
-  # Provide arguments to role modules
-  _module.args = { inherit customPkgs; };
   # Home Manager configuration for media center setups
   # Optimized for living room media consumption and gaming
   

home/modules/i3+sway/default.nix

@@ -1,20 +1,18 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 
 with lib;
 
 let
   cfg = config.home.i3_sway;
-  i3_cfg = config.xsession.windowManager.i3.config;
 
   shared_config = recursiveUpdate rec {
     modifier = "Mod4";
-    terminal = "kitty";
+    terminal = "ghostty";
     defaultWorkspace = "workspace number 1";
 
     keybindings = {
       "${shared_config.modifier}+Return" = "exec ${terminal}";
       "${shared_config.modifier}+Shift+q" = "kill";
-      "${shared_config.modifier}+d" = "exec ${i3_cfg.menu}";
 
       "${shared_config.modifier}+h" = "focus left";
       "${shared_config.modifier}+j" = "focus down";
@@ -38,7 +36,7 @@ let
 
       #"${shared_config.modifier}+h" = "split h";
       "${shared_config.modifier}+v" = "split v";
-      "${shared_config.modifier}+f" = "fullscreen toggle";
+      "${shared_config.modifier}+Shift+f" = "fullscreen toggle";
 
       "${shared_config.modifier}+s" = "layout stacking";
       "${shared_config.modifier}+w" = "layout tabbed";
@@ -89,8 +87,8 @@ let
 
       "${shared_config.modifier}+r" = "mode resize";
 
-      "XF86MonBrightnessUp" = "exec brightnessctl s +5%";
-      "XF86MonBrightnessDown" = "exec brightnessctl s 5%-";
+      "XF86MonBrightnessUp" = "exec ddcutil setvcp 10 + 5";
+      "XF86MonBrightnessDown" = "exec ddcutil setvcp 10 - 5";
     };
   } cfg.extraSharedConfig;
 in {
@@ -107,12 +105,176 @@ in {
   };
 
   config = {
+    # i3blocks configuration file
+    home.file.".config/i3blocks/config".text = ''
+      # i3blocks config - replicating waybar setup
+      separator_block_width=15
+      markup=pango
+
+      [disk]
+      command=df -h / | awk 'NR==2 {print "💾 " $5}'
+      interval=30
+      separator=true
+
+      [cpu]
+      command=top -bn1 | grep "Cpu(s)" | sed "s/.*, *\([0-9.]*\)%* id.*/\1/" | awk '{print "🧠 " int(100 - $1) "%"}'
+      interval=2
+      separator=true
+
+      [memory]
+      command=free | awk 'NR==2 {printf "🐏 %.0f%%\n", $3*100/$2}'
+      interval=5
+      separator=true
+
+      [pulseaudio]
+      command=${pkgs.writeShellScript "i3blocks-pulseaudio" ''
+        volume=$(pactl get-sink-volume @DEFAULT_SINK@ | grep -Po '\d+%' | head -1)
+        muted=$(pactl get-sink-mute @DEFAULT_SINK@ | grep -o 'yes')
+        if [ "$muted" = "yes" ]; then
+          echo "🔇"
+        else
+          vol_num=''${volume%\%}
+          if [ $vol_num -le 33 ]; then
+            echo "🔈 $volume"
+          elif [ $vol_num -le 66 ]; then
+            echo "🔉 $volume"
+          else
+            echo "🔊 $volume"
+          fi
+        fi
+      ''}
+      interval=1
+      signal=10
+      separator=true
+
+      [backlight]
+      command=${pkgs.writeShellScript "i3blocks-backlight" ''
+        if command -v ddcutil &>/dev/null; then
+          # Handle mouse scroll events
+          case $BLOCK_BUTTON in
+            4) ddcutil setvcp 10 + 5 ;;  # Scroll up - increase brightness
+            5) ddcutil setvcp 10 - 5 ;;  # Scroll down - decrease brightness
+          esac
+
+          # Display current brightness
+          brightness=$(ddcutil getvcp 10 2>/dev/null | grep -oP 'current value =\s*\K\d+')
+          if [ -n "$brightness" ]; then
+            echo "☀️ $brightness%"
+          fi
+        fi
+      ''}
+      interval=5
+      separator=true
+
+      [network]
+      command=${pkgs.writeShellScript "i3blocks-network" ''
+        if iwgetid -r &>/dev/null; then
+          ssid=$(iwgetid -r)
+          signal=$(grep "^\s*w" /proc/net/wireless | awk '{print int($3 * 100 / 70)}')
+          echo "📶 $ssid ($signal%)"
+        else
+          ip=$(ip -4 addr show | grep -oP '(?<=inet\s)\d+(\.\d+){3}' | grep -v '127.0.0.1' | head -1)
+          if [ -n "$ip" ]; then
+            echo "🔌 $ip"
+          else
+            echo "❌"
+          fi
+        fi
+      ''}
+      interval=5
+      separator=true
+
+      [battery]
+      command=${pkgs.writeShellScript "i3blocks-battery" ''
+        if [ -d /sys/class/power_supply/BAT0 ]; then
+          capacity=$(cat /sys/class/power_supply/BAT0/capacity)
+          status=$(cat /sys/class/power_supply/BAT0/status)
+
+          if [ "$status" = "Charging" ]; then
+            echo "⚡ $capacity%"
+          else
+            echo "🔋 $capacity%"
+          fi
+        fi
+      ''}
+      interval=10
+      separator=true
+
+      [time]
+      command=date '+%Y-%m-%d %H:%M'
+      interval=1
+      separator=false
+    '';
+
     xsession.windowManager.i3 = let
       base_i3_config = recursiveUpdate shared_config {
-        keybindings = {
+        bars = [{
+          position = "bottom";
+          statusCommand = "${pkgs.i3blocks}/bin/i3blocks";
+          trayOutput = "primary";  # Enable system tray on primary output
+          fonts = {
+            names = [ "Fira Code" "monospace" ];
+            size = 11.0;
+          };
+          colors = {
+            background = "#000000";
+            statusline = "#ffffff";
+            separator = "#666666";
+
+            # Workspace button colors (matching waybar)
+            focusedWorkspace = {
+              border = "#285577";
+              background = "#285577";
+              text = "#ffffff";
+            };
+            activeWorkspace = {
+              border = "#5f676a";
+              background = "#5f676a";
+              text = "#ffffff";
+            };
+            inactiveWorkspace = {
+              border = "#222222";
+              background = "#222222";
+              text = "#888888";
+            };
+            urgentWorkspace = {
+              border = "#900000";
+              background = "#900000";
+              text = "#ffffff";
+            };
+          };
+        }];
+        keybindings = shared_config.keybindings // {
+          "${shared_config.modifier}+d" = "exec rofi -show drun";
           "${shared_config.modifier}+Shift+e" =
             "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
         };
+        startup = [
+          # GNOME polkit authentication agent
+          {
+            command = "/run/current-system/sw/libexec/polkit-gnome-authentication-agent-1";
+            always = false;
+            notification = false;
+          }
+          # Picom compositor for smooth rendering and no tearing (important for Nvidia)
+          {
+            command = "picom --backend glx -b";
+            always = false;
+            notification = false;
+          }
+          # NetworkManager system tray applet
+          {
+            command = "nm-applet";
+            always = false;
+            notification = false;
+          }
+          # Set wallpaper with feh
+          {
+            command = "feh --bg-scale ${../../wallpapers/metroid-samus-returns-kz-3440x1440.jpg}";
+            always = false;
+            notification = false;
+          }
+        ];
       };
     in {
       enable = true;
@@ -121,7 +283,9 @@ in {
 
     wayland.windowManager.sway = let
       base_sway_config = recursiveUpdate shared_config {
-        keybindings = {
+        bars = [];  # Disable default bar, use waybar instead
+        keybindings = shared_config.keybindings // {
+          "${shared_config.modifier}+d" = "exec wofi --show drun";
           "${shared_config.modifier}+Shift+e" =
             "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
         };
@@ -137,10 +301,158 @@ in {
             dwt = "enabled";
           };
         };
+        output = {
+          "*" = {
+            bg = "${../../wallpapers/metroid-samus-returns-kz-3440x1440.jpg} fill";
+          };
+        };
+        startup = [
+          # Launch waybar status bar
+          {
+            command = "waybar";
+            always = false;
+          }
+        ];
       };
     in {
       enable = true;
       config = recursiveUpdate base_sway_config cfg.extraSwayConfig;
     };
+
+    programs.waybar = {
+      enable = true;
+      systemd.enable = false;  # Don't auto-start via systemd - only launch in sway
+      settings = {
+        mainBar = {
+          layer = "top";
+          position = "bottom";
+          height = 30;
+          spacing = 4;
+
+          modules-left = [ "sway/workspaces" "sway/mode" ];
+          modules-center = [ ];
+          modules-right = [ "disk" "cpu" "memory" "pulseaudio" "backlight" "network" "battery" "tray" "clock" ];
+
+          "sway/workspaces" = {
+            disable-scroll = true;
+            all-outputs = true;
+          };
+
+          "clock" = {
+            format = "{:%Y-%m-%d %H:%M}";
+            tooltip-format = "<tt><small>{calendar}</small></tt>";
+            calendar = {
+              mode = "year";
+              mode-mon-col = 3;
+              weeks-pos = "right";
+              on-scroll = 1;
+              format = {
+                months = "<span color='#ffead3'><b>{}</b></span>";
+                days = "<span color='#ecc6d9'><b>{}</b></span>";
+                weeks = "<span color='#99ffdd'><b>W{}</b></span>";
+                weekdays = "<span color='#ffcc66'><b>{}</b></span>";
+                today = "<span color='#ff6699'><b><u>{}</u></b></span>";
+              };
+            };
+          };
+
+          "disk" = {
+            interval = 30;
+            format = "💾 {percentage_used}%";
+            path = "/";
+            tooltip-format = "Used: {used} / {total} ({percentage_used}%)\nFree: {free} ({percentage_free}%)";
+          };
+
+          "cpu" = {
+            format = "🧠 {usage}%";
+            tooltip = false;
+          };
+
+          "memory" = {
+            format = "🐏 {percentage}%";
+            tooltip-format = "RAM: {used:0.1f}G / {total:0.1f}G";
+          };
+
+          "pulseaudio" = {
+            format = "{icon} {volume}%";
+            format-muted = "🔇";
+            format-icons = {
+              headphone = "🎧";
+              default = [ "🔈" "🔉" "🔊" ];
+            };
+            on-click = "pavucontrol";
+          };
+
+          "backlight" = {
+            format = "☀️ {percent}%";
+            tooltip = false;
+          };
+
+          "network" = {
+            format-wifi = "📶 {essid} ({signalStrength}%)";
+            format-ethernet = "🔌 {ipaddr}";
+            format-disconnected = "❌";
+            tooltip-format = "{ifname}: {ipaddr}/{cidr}";
+          };
+
+          "battery" = {
+            states = {
+              warning = 30;
+              critical = 15;
+            };
+            format = "{icon} {capacity}%";
+            format-charging = "⚡ {capacity}%";
+            format-icons = [ "🪫" "🔋" "🔋" "🔋" "🔋" ];
+          };
+
+          "tray" = {
+            spacing = 10;
+          };
+        };
+      };
+      style = ''
+        * {
+          padding: 0 4px;
+          font-family: "Fira Code", monospace;
+          font-size: 13px;
+        }
+
+        #workspaces button {
+          padding: 0 8px;
+          background-color: transparent;
+          color: #ffffff;
+          border: none;
+        }
+
+        #workspaces button.focused {
+          background-color: #285577;
+          font-weight: bold;
+        }
+
+        #workspaces button.visible {
+          background-color: #5f676a;
+        }
+
+        #workspaces button.urgent {
+          background-color: #900000;
+        }
+      '';
+    };
+
+    programs.rofi = {
+      enable = true;
+      theme = "solarized";
+      extraConfig = {
+        modi = "drun,run,window";
+        show-icons = true;
+        drun-display-format = "{name}";
+        disable-history = false;
+        hide-scrollbar = true;
+        display-drun = " Apps";
+        display-run = " Run";
+        display-window = " Windows";
+        sidebar-mode = true;
+      };
+    };
   };
 }

home/modules/plasma-manager/default.nix

@@ -13,10 +13,10 @@
     enable = true;
     overrideConfig = true;
 
-    hotkeys.commands."launch-konsole" = {
-      name = "Launch Konsole";
+    hotkeys.commands."launch-ghostty" = {
+      name = "Launch Ghostty";
       key = "Meta+Return";
-      command = "konsole";
+      command = "ghostty";
     };
 
     shortcuts = {
@@ -167,6 +167,12 @@
         AutoRaiseInterval = 750;  # Delay in ms before auto-raise (if enabled)
         DelayFocusInterval = 0;  # Delay in ms before focus follows mouse
       };
+
+      # Desktop wallpaper configuration
+      plasma-localerc.Formats.LANG = "en_US.UTF-8";
+      
+      # Set wallpaper for all desktops
+      plasmarc.Wallpapers.usersWallpapers = "${../../wallpapers/metroid-samus-returns-kz-3440x1440.jpg}";
     };
   };
 }

home/roles/base/default.nix

@@ -58,11 +58,11 @@ in
 
     programs.ssh = {
       enable = true;
+      addKeysToAgent = "yes";
       matchBlocks = {
         "nucdeb1" = {
           hostname = "nucdeb1.oglehome";
           user = "root";
-          addKeysToAgent = "yes";
         };
       };
     };

home/roles/communication/default.nix

@@ -14,7 +14,7 @@ in
     home.packages = [
       # Communication apps
       pkgs.element-desktop
-      pkgs.fluffychat
+      #pkgs.fluffychat #marked insecure as of nixos 25.05
       pkgs.nextcloud-talk-desktop
       
       # For logging back into google chat

home/roles/desktop/default.nix

@@ -13,15 +13,18 @@ in
   config = mkIf cfg.enable {
     home.packages = with pkgs; [
       # Desktop applications
-      bitwarden
+      bitwarden-desktop
       dunst
       keepassxc
-      kitty
+      unstable.ghostty
       
       # Desktop utilities
+      feh # Image viewer and wallpaper setter for X11
+      rofi # Application launcher for X11
       solaar # Logitech management software
       waybar
-      wofi
+      wofi # Application launcher for Wayland
+      xdg-utils # XDG utilities for opening files/URLs with default applications
       
       # System utilities with GUI components
       (snapcast.override { pulseaudioSupport = true; })
@@ -37,6 +40,14 @@ in
       kdePackages.kaddressbook
       kdePackages.kontact
       
+      # KDE System components needed for proper integration
+      kdePackages.kded
+      kdePackages.systemsettings
+      kdePackages.kmenuedit
+      
+      # Desktop menu support
+      kdePackages.plasma-desktop # Contains applications.menu
+      
       # KDE Online Accounts support
       kdePackages.kaccounts-integration
       kdePackages.kaccounts-providers
@@ -70,8 +81,80 @@ in
       enable = true;
     };
 
-    xdg.enable = true;
+    # KDE environment variables for proper integration
+    home.sessionVariables = {
+      QT_QPA_PLATFORMTHEME = "kde";
+      KDE_SESSION_VERSION = "6";
+    };
+
+    xdg = {
+      enable = true;
+      
+      # Ensure desktop files are made available for discovery
+      desktopEntries = {};  # This creates the desktop files directory structure
+      
+      mimeApps = {
+        enable = true;
+        associations.added = {
+          # Ensure associations are properly registered
+          "text/html" = "firefox.desktop";
+          "x-scheme-handler/http" = "firefox.desktop";
+          "x-scheme-handler/https" = "firefox.desktop";
+        };
+        defaultApplications = {
+          # Web browsers
+          "text/html" = "firefox.desktop";
+          "x-scheme-handler/http" = "firefox.desktop";
+          "x-scheme-handler/https" = "firefox.desktop";
+          "x-scheme-handler/about" = "firefox.desktop";
+          "x-scheme-handler/unknown" = "firefox.desktop";
+          
+          # Documents
+          "application/pdf" = "okular.desktop";
+          "text/plain" = "kate.desktop";
+          "text/x-tex" = "kate.desktop";
+          "text/x-c" = "kate.desktop";
+          "text/x-python" = "kate.desktop";
+          "application/x-shellscript" = "kate.desktop";
+          
+          # Images
+          "image/png" = "gwenview.desktop";
+          "image/jpeg" = "gwenview.desktop";
+          "image/jpg" = "gwenview.desktop";
+          "image/gif" = "gwenview.desktop";
+          "image/bmp" = "gwenview.desktop";
+          "image/tiff" = "gwenview.desktop";
+          "image/webp" = "gwenview.desktop";
+          
+          # Archives
+          "application/zip" = "ark.desktop";
+          "application/x-tar" = "ark.desktop";
+          "application/x-compressed-tar" = "ark.desktop";
+          "application/x-7z-compressed" = "ark.desktop";
+          "application/x-rar" = "ark.desktop";
+          
+          # Audio
+          "audio/mpeg" = "elisa.desktop";
+          "audio/mp4" = "elisa.desktop";
+          "audio/flac" = "elisa.desktop";
+          "audio/ogg" = "elisa.desktop";
+          "audio/wav" = "elisa.desktop";
+          
+          # Email
+          "message/rfc822" = "kmail.desktop";
+          "x-scheme-handler/mailto" = "kmail.desktop";
+          
+          # Calendar
+          "text/calendar" = "korganizer.desktop";
+          "application/x-vnd.akonadi.calendar.event" = "korganizer.desktop";
+        };
+      };
+    };
+
+    # Fix for KDE applications.menu file issue on Plasma 6
+    # KDE still looks for applications.menu but Plasma 6 renamed it to plasma-applications.menu
+    xdg.configFile."menus/applications.menu".source = "${pkgs.kdePackages.plasma-workspace}/etc/xdg/menus/plasma-applications.menu";
 
     # Note: modules must be imported at top-level home config
   };
-}
+}

home/roles/development/default.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, customPkgs, globalInputs, system, ... }:
+{ config, lib, pkgs, globalInputs, system, ... }:
 
 with lib;
 
@@ -12,12 +12,11 @@ in
 
   config = mkIf cfg.enable {
     home.packages = [
-      pkgs.claude-code
+      pkgs.unstable.claude-code
       pkgs.codex
-      pkgs.goose-cli
 
       # Custom packages
-      customPkgs.tea-rbw
+      pkgs.custom.tea-rbw
     ];
 
     programs.kubectl-secure.enable = true;

home/roles/media/default.nix

@@ -18,6 +18,10 @@ in
       delfin
       moonlight-qt
       vlc
+
+      # Spotify client
+      # Using unstable version for better authentication support
+      unstable.ncspot
     ];
   };
 }

machines/boxy/configuration.nix

@@ -24,7 +24,7 @@ with lib;
     };
     kodi = {
       enable = true;
-      autologin = false;
+      autologin = true;
       wayland = true;
     };
     users.enable = true;

machines/live-usb/configuration.nix

@@ -65,6 +65,8 @@
 
   # Enable NetworkManager for easy wifi setup
   networking.networkmanager.enable = true;
+  # Disable wireless networking (conflicts with NetworkManager)
+  networking.wireless.enable = false;
   
   # Enable SSH daemon for remote access
   services.openssh = {

machines/nix-book/configuration.nix

@@ -21,6 +21,11 @@
     };
     nfs-mounts.enable = true;
     printing.enable = true;
+    remote-build.builders = [{
+      hostName = "zix790prors";
+      maxJobs = 16;
+      speedFactor = 3;
+    }];
     spotifyd.enable = true;
     users = {
       enable = true;
@@ -37,9 +42,6 @@
   networking.hostName = "nix-book"; # Define your hostname.
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
 
-  boot.kernelPackages = pkgs.linuxPackages_latest;
-
-
   # Enable networking
   networking.networkmanager.enable = true;
 

machines/nix-deck/configuration.nix

@@ -0,0 +1,40 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  roles = {
+    audio.enable = true;
+    bluetooth.enable = true;
+    desktop = {
+      enable = true;
+      wayland = true;
+      gaming.enable = true;
+      kde = true;
+      steamos = {
+        enable = true;
+        autoStart = true;
+        desktopSession = "plasma";
+      };
+    };
+    remote-build.builders = [{
+      hostName = "zix790prors";
+      maxJobs = 16;
+      speedFactor = 4;  # Prefer remote heavily on Steam Deck
+    }];
+    users = {
+      enable = true;
+      extraGroups = [ "video" ];
+    };
+  };
+
+  # Bootloader
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "nix-deck";
+  networking.networkmanager.enable = true;
+
+  system.stateVersion = "25.05";
+}

machines/nix-deck/hardware-configuration.nix

@@ -0,0 +1,51 @@
+# Hardware configuration for Steam Deck (nix-deck)
+# Generated from nixos-generate-config on 2025-11-17
+
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  # Steam Deck specific hardware configuration (Jovian)
+  jovian.devices.steamdeck = {
+    enable = true;
+    autoUpdate = false;  # Set to true if you want automatic firmware updates
+  };
+
+  # Kernel modules detected by nixos-generate-config
+  boot.initrd.availableKernelModules = [
+    "nvme"
+    "xhci_pci"
+    "usb_storage"
+    "uas"
+    "usbhid"
+    "sd_mod"
+    "sdhci_pci"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  # IMPORTANT: Update these filesystem configurations based on your actual partition layout
+  # The configuration below is a placeholder - adjust according to how you partitioned the disk
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+  };
+
+  swapDevices = [{
+    device = "/swapfile";
+    size = 8192;  # 8GB swap file
+  }];
+
+  # AMD CPU microcode updates
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

machines/zix790prors/configuration.nix

@@ -19,15 +19,16 @@ with lib;
       enable = true;
       gaming = {
         enable = true;
-        emulation = true;
       };
       kde = true;
       sddm = true;
       wayland = true;
+      x11 = true;
     };
     nfs-mounts.enable = true;
     nvidia.enable = true;
     printing.enable = true;
+    remote-build.enableBuilder = true;
     users.enable = true;
     virtualisation.enable = true;
   };
@@ -51,19 +52,15 @@ with lib;
   hardware.graphics.enable = true;
   hardware.graphics.enable32Bit = true;
   
+  # Set DP-0 as primary display with 164.90Hz refresh rate
+  services.xserver.displayManager.sessionCommands = ''
+    ${pkgs.xorg.xrandr}/bin/xrandr --output DP-0 --mode 3440x1440 --rate 164.90 --primary
+  '';
+
   hardware.nvidia = {
-    # Modesetting is required.
     modesetting.enable = true;
-    
-    # Enable the Nvidia settings menu,
-    # accessible via `nvidia-settings`.
     nvidiaSettings = true;
-    
-    # Optionally, you may need to select the appropriate driver version for your specific GPU.
     package = pkgs.linuxPackages.nvidiaPackages.stable;
-    
-    # Use open source kernel modules (recommended for RTX/GTX 16xx and newer)
-    # Set to false if you have an older GPU
     open = true;
     
     # For gaming performance

packages/app-launcher-server/app-launcher-server.py

@@ -7,6 +7,7 @@ import subprocess
 import sys
 from http.server import BaseHTTPRequestHandler, HTTPServer
 from urllib.parse import urlparse
+import psutil
 
 # Configure logging
 logging.basicConfig(
@@ -21,6 +22,60 @@ ALLOWED_APPS = {
     'kodi': 'kodi'
 }
 
+def is_app_running(app_name):
+    """Check if an application is already running, returns (is_running, pid)"""
+    command = ALLOWED_APPS.get(app_name)
+    if not command:
+        return False, None
+
+    logger.debug(f"Looking for processes related to app '{app_name}' (command: '{command}')")
+
+    for proc in psutil.process_iter(['name', 'cmdline', 'pid']):
+        try:
+            proc_name = proc.info['name']
+            cmdline = proc.info['cmdline'] or []
+
+            logger.debug(f"Checking process PID {proc.info['pid']}: name='{proc_name}', cmdline={cmdline}")
+
+            # Check multiple patterns for the application:
+            # 1. Process name exactly matches command
+            # 2. Process name contains the command (e.g., "kodi.bin" contains "kodi")
+            # 3. Command line starts with the command
+            # 4. Command line contains the wrapped version (e.g., ".kodi-wrapped")
+            # 5. Any command line argument ends with the command executable
+
+            matches = False
+            match_reason = ""
+
+            if proc_name == command:
+                matches = True
+                match_reason = f"exact process name match: '{proc_name}'"
+            elif command in proc_name:
+                matches = True
+                match_reason = f"process name contains command: '{proc_name}' contains '{command}'"
+            elif cmdline and cmdline[0] == command:
+                matches = True
+                match_reason = f"exact cmdline match: '{cmdline[0]}'"
+            elif cmdline and cmdline[0].endswith('/' + command):
+                matches = True
+                match_reason = f"cmdline path ends with command: '{cmdline[0]}'"
+            elif cmdline and any(f'.{command}-wrapped' in arg for arg in cmdline):
+                matches = True
+                match_reason = f"wrapped command in cmdline: {cmdline}"
+            elif cmdline and any(f'{command}.bin' in arg for arg in cmdline):
+                matches = True
+                match_reason = f"binary command in cmdline: {cmdline}"
+
+            if matches:
+                logger.info(f"Found running {app_name} process: PID {proc.info['pid']} ({match_reason})")
+                return True, proc.info['pid']
+
+        except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess):
+            continue
+
+    logger.debug(f"No running process found for {app_name}")
+    return False, None
+
 class AppLauncherHandler(BaseHTTPRequestHandler):
     def log_message(self, format, *args):
         logger.info(format % args)
@@ -56,6 +111,22 @@ class AppLauncherHandler(BaseHTTPRequestHandler):
 
         command = ALLOWED_APPS[app_name]
 
+        # Check if app is already running
+        is_running, existing_pid = is_app_running(app_name)
+        if is_running:
+            logger.info(f"Application {app_name} is already running (PID: {existing_pid}), skipping launch")
+            self.send_response(200)
+            self.send_header('Content-type', 'application/json')
+            self.end_headers()
+            response = {
+                'status': 'success',
+                'message': f'{app_name} is already running',
+                'pid': existing_pid,
+                'already_running': True
+            }
+            self.wfile.write(json.dumps(response).encode())
+            return
+
         try:
             # Launch the application in the background
             # Ensure we have the proper environment for GUI apps
@@ -76,7 +147,8 @@ class AppLauncherHandler(BaseHTTPRequestHandler):
             response = {
                 'status': 'success',
                 'message': f'Successfully launched {app_name}',
-                'pid': process.pid
+                'pid': process.pid,
+                'already_running': False
             }
             self.wfile.write(json.dumps(response).encode())
 

packages/app-launcher-server/default.nix

@@ -1,5 +1,10 @@
 { pkgs }:
 
+let
+  python = pkgs.python3.withPackages (ps: with ps; [
+    psutil
+  ]);
+in
 pkgs.writeShellScriptBin "app-launcher-server" ''
-  exec ${pkgs.python3}/bin/python3 ${./app-launcher-server.py} "$@"
+  exec ${python}/bin/python3 ${./app-launcher-server.py} "$@"
 ''

roles/darwin.nix

@@ -15,6 +15,7 @@ in
     environment.etc."bashrc".enable = false;
     environment.etc."zshrc".enable = false;
     environment.etc."zshenv".enable = false;
+    environment.etc."zprofile".enable = false;
 
     # Create .local files with nix environment setup
     environment.etc."bash.local".text = ''
@@ -44,6 +45,41 @@ in
 
     time.timeZone = "America/Los_Angeles";
 
+    # System preferences
+    system.defaults = {
+      # Custom keyboard shortcuts
+      CustomUserPreferences = {
+        "com.apple.symbolichotkeys" = {
+          AppleSymbolicHotKeys = {
+            # Screenshot - Capture entire screen (Cmd+Ctrl+3)
+            "28" = {
+              enabled = true;
+              value = {
+                parameters = [ 51 20 1310720 ];
+                type = "standard";
+              };
+            };
+            # Screenshot - Capture selected portion (Cmd+Ctrl+4)
+            "30" = {
+              enabled = true;
+              value = {
+                parameters = [ 52 21 1310720 ];
+                type = "standard";
+              };
+            };
+            # Screenshot - Show screenshot toolbar (Cmd+Ctrl+5)
+            "184" = {
+              enabled = true;
+              value = {
+                parameters = [ 53 23 1310720 ];
+                type = "standard";
+              };
+            };
+          };
+        };
+      };
+    };
+
     environment.systemPackages = with pkgs; [
       git
       glances

roles/default.nix

@@ -12,6 +12,7 @@ with lib;
     ./nfs-mounts
     ./nvidia
     ./printing
+    ./remote-build
     ./spotifyd
     ./users
     ./virtualisation

roles/desktop/default.nix

@@ -11,7 +11,6 @@ with lib;
     kde = mkOption { type = types.bool; default = false; description = "Enable KDE."; };
     gaming = {
       enable = mkOption { type = types.bool; default = false; description = "Enable gaming support."; };
-      emulation = mkOption { type = types.bool; default = false; description = "Enable emulation support."; };
     };
     sddm = mkOption { type = types.bool; default = false; description = "Enable SDDM greeter."; };
   };
@@ -23,5 +22,6 @@ with lib;
     ./kde.nix
     ./programs.nix
     ./sddm.nix
+    ./steamos.nix
   ];
 }

roles/desktop/gaming.nix

@@ -12,15 +12,20 @@ in
         steam
         lutris
         moonlight
-      ];
 
-      # Possibly other gaming specific services or settings
-    })
-
-    (mkIf (cfg.enable && cfg.gaming.emulation) {
-      environment.systemPackages = with pkgs; [
-        ryubing
+        # Emulators
         dolphin-emu
+        dolphin-emu-primehack
+        retroarch-full
+        ryubing
+      ];
+      # TODO: Remove me once dolphin-emu and dolphin-emu-primehack update
+      #       dependencies to mbedtls from mbedtls_2 (which is currently)
+      #       unmaintained
+      nixpkgs.config.permittedInsecurePackages = [ "mbedtls-2.28.10" ];
+
+      warnings = [
+        "Using insecure mbedtls-2.28.10 for Dolphin Emu - check for updates regularly"
       ];
     })
   ];

roles/desktop/programs.nix

@@ -16,5 +16,22 @@ in
     programs.dconf.enable = true;
     services.gnome.gnome-keyring.enable = true;
     programs.kdeconnect.enable = true;
+
+    # XDG Desktop Portal for default application handling in non-KDE environments
+    xdg.portal = {
+      enable = true;
+      extraPortals = with pkgs; [
+        kdePackages.xdg-desktop-portal-kde  # For KDE application integration
+        xdg-desktop-portal-gtk  # Fallback for GTK applications
+      ];
+      config = {
+        common = {
+          default = "kde";
+        };
+        i3 = {
+          default = ["kde" "gtk"];
+        };
+      };
+    };
   };
 }

roles/desktop/steamos.nix

@@ -0,0 +1,51 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.desktop;
+in
+{
+  options.roles.desktop.steamos = {
+    enable = mkEnableOption "SteamOS (Jovian) configuration";
+
+    autoStart = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Automatically start Steam Deck UI on boot";
+    };
+
+    user = mkOption {
+      type = types.str;
+      default = "johno";
+      description = "User to run Steam as";
+    };
+
+    desktopSession = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      description = "Desktop session to launch when switching to Desktop Mode";
+    };
+
+    enableDeckyLoader = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Enable Decky Loader plugin system";
+    };
+  };
+
+  config = mkIf (cfg.enable && cfg.steamos.enable) {
+    jovian.steam = {
+      enable = true;
+      autoStart = cfg.steamos.autoStart;
+      user = cfg.steamos.user;
+      desktopSession = cfg.steamos.desktopSession;
+    };
+
+    jovian.decky-loader.enable = cfg.steamos.enableDeckyLoader;
+
+    environment.systemPackages = with pkgs; [
+      maliit-keyboard
+    ];
+  };
+}

roles/desktop/x11.nix

@@ -12,8 +12,27 @@ in
 
       windowManager.i3 = {
         enable = true;
-        extraPackages = with pkgs; [ dmenu i3status i3lock ];
+        extraPackages = with pkgs; [
+          dmenu
+          i3status
+          i3lock
+          polkit_gnome                    # GNOME polkit authentication agent (more stable with i3)
+          picom                           # Compositor for smooth rendering (important for Nvidia)
+          networkmanagerapplet            # NetworkManager system tray applet
+          ddcutil                         # DDC/CI monitor control for brightness
+        ];
       };
     };
+
+    # Enable DDC/CI support for monitor brightness control
+    boot.kernelModules = [ "i2c-dev" ];
+
+    # Add ddcutil udev rules and user permissions
+    hardware.i2c.enable = true;
+
+    # Install ddcutil system-wide
+    environment.systemPackages = with pkgs; [
+      ddcutil
+    ];
   };
 }

roles/jovian-compat.nix

@@ -0,0 +1,64 @@
+{ lib, config, ... }:
+
+# Minimal Jovian compatibility layer for NixOS stable (25.05)
+# Defines only the Jovian options used by roles/desktop/steamos.nix
+# No actual implementation - just option definitions to prevent evaluation errors
+# REMOVE THIS FILE when all systems are on NixOS 25.11+ or unstable
+
+with lib;
+
+let
+  nixosVersion = config.system.nixos.release;
+  isCompatibleVersion = versionOlder nixosVersion "25.11";
+in
+{
+  options.jovian = {
+    steam = {
+      enable = mkEnableOption "Steam (jovian-compat stub)";
+
+      autoStart = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Auto-start Steam (jovian-compat stub)";
+      };
+
+      user = mkOption {
+        type = types.str;
+        default = "user";
+        description = "Steam user (jovian-compat stub)";
+      };
+
+      desktopSession = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = "Desktop session (jovian-compat stub)";
+      };
+    };
+
+    decky-loader = {
+      enable = mkEnableOption "Decky Loader (jovian-compat stub)";
+    };
+  };
+
+  config = mkMerge [
+    {
+      assertions = [
+        {
+          assertion = isCompatibleVersion;
+          message = ''
+            The Jovian compatibility shim (roles/jovian-compat.nix) is only needed for NixOS 25.05 and earlier.
+            You are running NixOS ${nixosVersion}.
+            Please remove 'roles/jovian-compat.nix' from your flake.nix nixosModules list.
+          '';
+        }
+      ];
+    }
+    # No config implementation - these options do nothing on stable systems
+    # steamos role is only enabled on nix-deck which uses unstable anyway
+    (mkIf config.jovian.steam.enable {
+      warnings = [
+        "Jovian is enabled but you're using the compatibility stub. This won't work correctly. Use NixOS unstable for Jovian support."
+      ];
+    })
+  ];
+}

roles/kodi/default.nix

@@ -4,7 +4,6 @@ with lib;
 
 let
   cfg = config.roles.kodi;
-  customPkgs = pkgs.callPackage ../../packages {};
 in
 {
   options.roles.kodi = {
@@ -54,7 +53,7 @@ in
         kodiPkg
         wget
         firefox
-      ] ++ optional cfg.appLauncherServer.enable customPkgs.app-launcher-server;
+      ] ++ optional cfg.appLauncherServer.enable pkgs.custom.app-launcher-server;
 
       programs.kdeconnect.enable = true;
 
@@ -65,7 +64,7 @@ in
           after = [ "graphical-session.target" ];
           serviceConfig = {
             Type = "simple";
-            ExecStart = "${customPkgs.app-launcher-server}/bin/app-launcher-server ${toString cfg.appLauncherServer.port}";
+            ExecStart = "${pkgs.custom.app-launcher-server}/bin/app-launcher-server ${toString cfg.appLauncherServer.port}";
             Restart = "always";
             RestartSec = "5s";
             Environment = [
@@ -75,13 +74,10 @@ in
         };
       };
 
-      services = if cfg.autologin then {
-          displayManager = {
-            autoLogin.enable = true;
-            autoLogin.user = "kodi";
-            defaultSession = "kodi";
-            sessionData.autologinSession = "plasma";
-          };
-      } else {};
+      services.displayManager = mkIf cfg.autologin {
+        autoLogin.enable = true;
+        autoLogin.user = "kodi";
+        defaultSession = "plasma";
+      };
     };
 }

roles/printing/default.nix

@@ -26,5 +26,11 @@ in
         model = "everywhere";
       }];
       hardware.printers.ensureDefaultPrinter = "MFC-L8900CDW_series";
+
+      # Fix ensure-printers service to wait for network availability
+      systemd.services.ensure-printers = {
+        after = [ "cups.service" "network-online.target" ];
+        wants = [ "cups.service" "network-online.target" ];
+      };
     };
 }

roles/remote-build/default.nix

@@ -0,0 +1,132 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.remote-build;
+in
+{
+  options.roles.remote-build = {
+    enableBuilder = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable this machine as a remote build host for other machines";
+    };
+
+    builderUser = mkOption {
+      type = types.str;
+      default = "nix-builder";
+      description = "User account for remote builders to connect as";
+    };
+
+    builders = mkOption {
+      type = types.listOf (types.submodule {
+        options = {
+          hostName = mkOption {
+            type = types.str;
+            description = "Hostname or IP address of the build machine";
+          };
+
+          systems = mkOption {
+            type = types.listOf types.str;
+            default = [ "x86_64-linux" ];
+            description = "Supported systems";
+          };
+
+          maxJobs = mkOption {
+            type = types.int;
+            default = 8;
+            description = "Maximum number of parallel build jobs";
+          };
+
+          speedFactor = mkOption {
+            type = types.int;
+            default = 2;
+            description = "Speed factor compared to local building (higher = prefer remote)";
+          };
+
+          supportedFeatures = mkOption {
+            type = types.listOf types.str;
+            default = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
+            description = "Supported build features";
+          };
+
+          sshUser = mkOption {
+            type = types.str;
+            default = "nix-builder";
+            description = "SSH user for connecting to the builder";
+          };
+
+          sshKey = mkOption {
+            type = types.nullOr types.path;
+            default = null;
+            description = "Path to SSH private key for authentication";
+          };
+        };
+      });
+      default = [];
+      description = "List of remote build machines to use";
+    };
+
+    fallbackToLocalBuild = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Fallback to local building if remote builders are unavailable";
+    };
+  };
+
+  config = mkMerge [
+    # Builder host configuration
+    (mkIf cfg.enableBuilder {
+      # Create dedicated builder user
+      users.users.${cfg.builderUser} = {
+        isSystemUser = true;
+        group = cfg.builderUser;
+        description = "Nix remote build user";
+        home = "/var/lib/${cfg.builderUser}";
+        createHome = true;
+        shell = pkgs.bashInteractive;
+        openssh.authorizedKeys.keyFiles = [];  # Will be populated by client machines
+      };
+
+      users.groups.${cfg.builderUser} = {};
+
+      # Ensure home directory has correct permissions
+      systemd.tmpfiles.rules = [
+        "d /var/lib/${cfg.builderUser} 0700 ${cfg.builderUser} ${cfg.builderUser} -"
+      ];
+
+      # Allow builder user to perform builds
+      nix.settings.trusted-users = [ cfg.builderUser ];
+
+      # Allow remote builds
+      services.openssh.enable = true;
+
+      # Ensure nix-daemon is accessible
+      nix.settings.allowed-users = [ "*" ];
+    })
+
+    # Client configuration (machines using remote builders)
+    (mkIf (cfg.builders != []) {
+      nix.buildMachines = map (builder: {
+        hostName = builder.hostName;
+        systems = builder.systems;
+        maxJobs = builder.maxJobs;
+        speedFactor = builder.speedFactor;
+        supportedFeatures = builder.supportedFeatures;
+        sshUser = builder.sshUser;
+        sshKey = builder.sshKey;
+      }) cfg.builders;
+
+      nix.distributedBuilds = true;
+
+      # Use substitutes from remote builders
+      nix.extraOptions = ''
+        builders-use-substitutes = true
+      '';
+
+      # Fallback to local build if remote unavailable
+      nix.settings.fallback = cfg.fallbackToLocalBuild;
+    })
+  ];
+}