Attempt to fix custom package format

This is potentially temporary. But jellyfin-media-player has been
flagged as having a security problem by using an old version of
qtwebengine. So we'll maybe find time to try out delfin or maybe just
wait until the security issue gets fixed or maybe just use the web
browser. We have options

CLAUDE.md

@@ -10,7 +10,7 @@ This is a NixOS configuration repository using flakes, managing multiple machine
 
 ### Flake Structure
 - **flake.nix**: Main entry point defining inputs (nixpkgs, home-manager, plasma-manager, etc.) and outputs for multiple NixOS configurations
-- **Machines**: `nix-book`, `boxy`, `wixos` (WSL configuration)
+- **Machines**: `nix-book`, `boxy`, `wixos` (WSL configuration), `zix790prors`, `live-usb`, `johno-macbookpro` (Darwin/macOS)
 - **Home configurations**: Standalone home-manager configuration for user `johno`
 
 ### Directory Structure
@@ -28,6 +28,12 @@ The repository uses a custom "roles" system where each role is a NixOS module wi
 - `roles.users`: User account management
 - `roles.virtualisation`: Virtualization setup
 - `roles.kodi`: Kodi media center
+- `roles.nvidia`: NVIDIA GPU configuration
+- `roles.printing`: Printing support (CUPS)
+- `roles.spotifyd`: Spotify daemon
+- `roles.btrfs`: Btrfs filesystem configuration
+- `roles.nfs-mounts`: NFS mount configuration
+- `roles.darwin`: macOS-specific configurations
 
 Example role usage in machine configuration:
 ```nix
@@ -43,9 +49,40 @@ roles = {
 };
 ```
 
+### Home-Manager Role System
+The repository also uses a modular home-manager role system for user-space configuration:
+
+**Available Home Roles:**
+- `home.roles.base`: Core CLI tools, git, ssh, bash, rbw (enabled everywhere)
+- `home.roles.desktop`: GUI applications, Firefox, KDE services
+- `home.roles.office`: LibreOffice, OpenSCAD (heavy packages)
+- `home.roles.media`: VLC, Jellyfin, Moonlight (media consumption)
+- `home.roles.development`: Custom packages, kubectl, development tools
+- `home.roles.communication`: Element, Nextcloud Talk, Google cookie tools
+- `home.roles.sync`: Syncthing service and tray (for file synchronization)
+- `home.roles.kdeconnect`: KDE Connect for device integration
+- `home.roles.gaming`: Gaming applications (future expansion)
+
+**Role-Based Home Configurations:**
+- `home-desktop.nix`: Full-featured desktop for development workstations
+- `home-media-center.nix`: Living room media consumption and gaming setup (boxy)
+- `home-laptop-compact.nix`: Essential tools only, excludes office/media for storage constraints (nix-book)
+- `home-live-usb.nix`: Minimal setup for live environments, no persistent services
+- `home-darwin-work.nix`: macOS work laptop configuration
+
+**Machine-Specific Role Usage:**
+- **nix-book**: Compact laptop → excludes office/media roles due to SSD space constraints
+- **boxy**: Living room media center → optimized for media consumption, excludes sync/office (shared machine)
+- **zix790prors**: All-purpose workstation → full desktop experience with all roles enabled
+- **wixos**: WSL2 development → full desktop experience, inherits from zix790prors Windows host
+- **live-usb**: Temporary environment → only base + desktop roles, no persistent services
+- **johno-macbookpro**: macOS work laptop → Darwin-specific configuration with development tools
+
 ## Common Commands
 
 ### Building and Switching Configurations
+
+**NixOS (Linux):**
 ```bash
 # Build and switch to a specific machine configuration
 sudo nixos-rebuild switch --flake .#<hostname>
@@ -57,10 +94,22 @@ nixos-rebuild build --flake .#<hostname>
 home-manager switch --flake .#johno
 ```
 
+**Darwin (macOS):**
+```bash
+# Build and switch to Darwin configuration
+darwin-rebuild switch --flake .#johno-macbookpro
+
+# Build without switching
+darwin-rebuild build --flake .#johno-macbookpro
+```
+
 ### Available Machine Configurations
-- `nix-book`: Uses `home/home-nix-book.nix`
-- `boxy`: Gaming desktop with AMD GPU, uses `home/home.nix`
-- `wixos`: WSL configuration, uses `home/home.nix`
+- `nix-book`: Compact laptop with storage constraints, uses `home/home-laptop-compact.nix`
+- `boxy`: Shared living room media center/gaming desktop with AMD GPU, uses `home/home-media-center.nix`
+- `zix790prors`: Powerful all-purpose workstation (gaming, 3D modeling, development), dual-boots Windows 11 with shared btrfs /games partition, uses `home/home-desktop.nix`
+- `wixos`: WSL2 development environment running in Windows partition of zix790prors, uses `home/home-desktop.nix`
+- `live-usb`: Bootable ISO configuration, uses `home/home-live-usb.nix`
+- `johno-macbookpro`: macOS work laptop, uses `home/home-darwin-work.nix`
 
 ### Flake Operations
 ```bash
@@ -81,14 +130,28 @@ sudo ./bootstrap.sh <hostname>
 ```
 This script pulls from the remote git repository and applies the configuration.
 
+### Build Live USB ISO
+Use the provided script to build a bootable ISO:
+```bash
+./build-liveusb.sh
+```
+Creates an ISO suitable for Ventoy and other USB boot tools in `./result/iso/`.
+
 ## Development Workflow
 
 ### Adding New Machines
+
+**NixOS:**
 1. Create new directory in `machines/<hostname>/`
 2. Add `configuration.nix` with role assignments
 3. Include hardware-configuration.nix (generated by nixos-generate-config)
 4. Add nixosConfiguration to flake.nix outputs
 
+**Darwin (macOS):**
+1. Create new directory in `machines/<hostname>/`
+2. Add `configuration.nix` with Darwin role assignments
+3. Add darwinConfiguration to flake.nix outputs
+
 ### Adding New Roles
 1. Create directory in `roles/<role-name>/`
 2. Create `default.nix` with module definition using mkEnableOption
@@ -108,3 +171,7 @@ This script pulls from the remote git repository and applies the configuration.
 - **SSH**: OpenSSH enabled on all configurations
 - **Garbage collection**: Automatic, deletes older than 10 days
 - **Unfree packages**: Allowed globally
+
+## Important Notes
+
+- **Sudo access**: Claude Code does not have sudo access. Ask the user to run elevated commands like `sudo nixos-rebuild switch`

flake.lock

@@ -43,11 +43,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1752402455,
-        "narHash": "sha256-mCHfZhQKdTj2JhCFcqfOfa3uKZbwUkPQbd0/zPnhOE8=",
+        "lastModified": 1759172751,
+        "narHash": "sha256-E8W8sRXfrvkFW26GuuiWq6QfReU7m5+cngwHuRo/3jc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "bf893ad4cbf46610dd1b620c974f824e266cd1df",
+        "rev": "12fa8548feefa9a10266ba65152fd1a787cdde8f",
         "type": "github"
       },
       "original": {
@@ -56,17 +56,37 @@
         "type": "github"
       }
     },
+    "nix-darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1758805352,
+        "narHash": "sha256-BHdc43Lkayd+72W/NXRKHzX5AZ+28F3xaUs3a88/Uew=",
+        "owner": "nix-darwin",
+        "repo": "nix-darwin",
+        "rev": "c48e963a5558eb1c3827d59d21c5193622a1477c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-darwin",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "nixos-wsl": {
       "inputs": {
         "flake-compat": "flake-compat",
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1752199438,
-        "narHash": "sha256-xSBMmGtq8K4Qv80TMqREmESCAsRLJRHAbFH2T/2Bf1Y=",
+        "lastModified": 1758785683,
+        "narHash": "sha256-mRn51IeEBXeNh5a6xNLylk4PKBX0s/QQxgkEbYoPq/w=",
         "owner": "nix-community",
         "repo": "NixOS-WSL",
-        "rev": "d34d9412556d3a896e294534ccd25f53b6822e80",
+        "rev": "1bfb978f2f6261b6086e04af17f9418e1fe36d70",
         "type": "github"
       },
       "original": {
@@ -78,11 +98,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1751792365,
-        "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
+        "lastModified": 1758277210,
+        "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
+        "rev": "8eaee110344796db060382e15d3af0a9fc396e0e",
         "type": "github"
       },
       "original": {
@@ -94,11 +114,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1751984180,
-        "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
+        "lastModified": 1759036355,
+        "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
+        "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127",
         "type": "github"
       },
       "original": {
@@ -118,11 +138,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1748196248,
-        "narHash": "sha256-1iHjsH6/5UOerJEoZKE+Gx1BgAoge/YcnUsOA4wQ/BU=",
+        "lastModified": 1759157415,
+        "narHash": "sha256-Fg8cOnVoIe0uQ38UpR6XZzRCwDsjjozVwfevW9yCLI0=",
         "owner": "nix-community",
         "repo": "plasma-manager",
-        "rev": "b7697abe89967839b273a863a3805345ea54ab56",
+        "rev": "df5b3e6da631f732c26c6044c7cccb8706b4f479",
         "type": "github"
       },
       "original": {
@@ -135,6 +155,7 @@
       "inputs": {
         "google-cookie-retrieval": "google-cookie-retrieval",
         "home-manager": "home-manager",
+        "nix-darwin": "nix-darwin",
         "nixos-wsl": "nixos-wsl",
         "nixpkgs": "nixpkgs_2",
         "plasma-manager": "plasma-manager"

flake.nix

@@ -5,6 +5,11 @@
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     nixos-wsl.url = "github:nix-community/NixOS-WSL/main";
     
+    nix-darwin = {
+      url = "github:nix-darwin/nix-darwin";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -23,8 +28,9 @@
   };
 
   outputs = { self, nixpkgs, nixos-wsl, ... } @ inputs: let
-    baseModules = [
+    nixosModules = [
       ./roles
+    ] ++ [
       inputs.home-manager.nixosModules.home-manager
       {
         home-manager.useGlobalPkgs = true;
@@ -37,13 +43,32 @@
         };
       }
     ];
+    darwinModules = [
+      ./roles/darwin.nix
+    ] ++ [
+      inputs.home-manager.darwinModules.home-manager
+      {
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.extraSpecialArgs = {
+          globalInputs = inputs;
+        };
+      }
+    ];
+
   in {
     nixosConfigurations.nix-book = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/nix-book/configuration.nix
         {
-          home-manager.users.johno = import ./home/home-nix-book.nix;
+          home-manager.users.johno = {
+            imports = [ ./home/home-laptop-compact.nix ];
+            # Machine-specific overrides
+            home.i3_sway.extraSwayConfig = {
+              output.eDP-1.scale = "1.75";
+            };
+          };
           home-manager.extraSpecialArgs = { inherit system; };
         }
       ];
@@ -51,11 +76,11 @@
 
     nixosConfigurations.boxy = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/boxy/configuration.nix
         inputs.home-manager.nixosModules.home-manager
         {
-          home-manager.users.johno = import ./home/home.nix;
+          home-manager.users.johno = import ./home/home-media-center.nix;
           home-manager.extraSpecialArgs = { inherit system; };
         }
       ];
@@ -63,12 +88,24 @@
 
     nixosConfigurations.wixos = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         nixos-wsl.nixosModules.default
         ./machines/wixos/configuration.nix
         inputs.home-manager.nixosModules.home-manager
         {
-          home-manager.users.johno = import ./home/home.nix;
+          home-manager.users.johno = import ./home/home-desktop.nix;
+          home-manager.extraSpecialArgs = { inherit system; };
+        }
+      ];
+    };
+
+    nixosConfigurations.zix790prors = nixpkgs.lib.nixosSystem rec {
+      system = "x86_64-linux";
+      modules = nixosModules ++ [
+        ./machines/zix790prors/configuration.nix
+        inputs.home-manager.nixosModules.home-manager
+        {
+          home-manager.users.johno = import ./home/home-desktop.nix;
           home-manager.extraSpecialArgs = { inherit system; };
         }
       ];
@@ -77,29 +114,25 @@
     # Live USB ISO configuration
     nixosConfigurations.live-usb = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";
-      modules = baseModules ++ [
+      modules = nixosModules ++ [
         ./machines/live-usb/configuration.nix
         {
-          home-manager.users.nixos = { ... }: {
-            imports = [ ./home/home.nix ];
-            home.username = nixpkgs.lib.mkForce "nixos";
-            home.homeDirectory = nixpkgs.lib.mkForce "/home/nixos";
-          };
+          home-manager.users.nixos = import ./home/home-live-usb.nix;
           home-manager.extraSpecialArgs = { inherit system; };
         }
       ];
     };
 
-    homeConfigurations."johno" = inputs.home-manager.lib.homeManagerConfiguration {
-      pkgs = inputs.nixpkgs.legacyPackages."x86_64-linux";
-      modules = [
-        inputs.plasma-manager.homeManagerModules.plasma-manager
-        ./home/home.nix
+    # Darwin/macOS configurations
+    darwinConfigurations."blkfv4yf49kt7" = inputs.nix-darwin.lib.darwinSystem rec {
+      system = "aarch64-darwin";
+      modules = darwinModules ++ [
+        ./machines/johno-macbookpro/configuration.nix
+        {
+          home-manager.users.johno = import ./home/home-darwin-work.nix;
+          home-manager.extraSpecialArgs = { inherit system; };
+        }
       ];
-      extraSpecialArgs = {
-        system = "x86_64-linux";
-        globalInputs = inputs;
-      };
     };
   };
 }

home/home-darwin-work.nix

@@ -0,0 +1,56 @@
+{ config, lib, pkgs, globalInputs, system, ... }:
+
+let
+  customPkgs = pkgs.callPackage ../packages {};
+in
+{
+  # Provide arguments to role modules
+  _module.args = { inherit customPkgs; };
+  # Home Manager configuration for Darwin work laptop
+  # Corporate-friendly setup with essential development tools
+
+  home.username = lib.mkForce "johno";
+  home.homeDirectory = lib.mkForce "/Users/johno";
+  home.stateVersion = "24.05";
+
+  # Override Darwin-incompatible settings from base role
+  programs.rbw.settings.pinentry = lib.mkForce pkgs.pinentry_mac;
+
+  programs.bash.initExtra = ''
+    export NODE_EXTRA_CA_CERTS=/opt/homebrew/etc/ca-certificates/cert.pem
+    export COREPACK_NPM_REGISTRY=https://global.block-artifacts.com/artifactory/api/npm/square-npm/
+    export COREPACK_INTEGRITY_KEYS=0
+
+    export NVM_DIR="$HOME/.nvm"
+    [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
+    [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
+  '';
+
+  programs.zsh.enable = true;
+  programs.zsh.initContent = ''
+    export NODE_EXTRA_CA_CERTS=/opt/homebrew/etc/ca-certificates/cert.pem
+    export COREPACK_NPM_REGISTRY=https://global.block-artifacts.com/artifactory/api/npm/square-npm/
+    export COREPACK_INTEGRITY_KEYS=0
+    export NVM_DIR="$HOME/.nvm"
+    [ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" # This loads nvm
+    [ -s "$NVM_DIR/bash_completion" ] && . "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
+  '';
+
+  # Keep SSH and Git disabled to avoid conflicts with work environment
+  programs.ssh.enable = lib.mkForce false;
+  programs.git.enable = lib.mkForce false;
+  programs.rbw.enable = lib.mkForce false;
+
+  home.shell.enableShellIntegration = true;
+
+  home.roles = {
+    base.enable = true;
+  };
+
+  imports = [
+    ./roles
+    ./modules/emacs
+    ./modules/kubectl
+    ./modules/tmux
+  ];
+}

home/home-desktop.nix

@@ -0,0 +1,38 @@
+{ pkgs, globalInputs, system, ... }:
+
+let
+  customPkgs = pkgs.callPackage ../packages {};
+in
+{
+  # Provide arguments to role modules
+  _module.args = { inherit customPkgs; };
+  # Home Manager configuration for full desktop experience
+  home.username = "johno";
+  home.homeDirectory = "/home/johno";
+  home.stateVersion = "24.05";
+
+  # Enable all desktop roles for full-featured experience
+  home.roles = {
+    base.enable = true;
+    desktop.enable = true;
+    office.enable = true;
+    media.enable = true;
+    development.enable = true;
+    communication.enable = true;
+    sync.enable = true;
+    kdeconnect.enable = true;
+  };
+
+  targets.genericLinux.enable = true;
+  home.sessionVariables = {};
+  home.sessionPath = [];
+
+  imports = [
+    ./roles
+    ./modules/emacs
+    ./modules/i3+sway
+    ./modules/kubectl
+    ./modules/plasma-manager
+    ./modules/tmux
+  ];
+}

home/home-laptop-compact.nix

@@ -0,0 +1,41 @@
+{ config, lib, pkgs, globalInputs, system, ... }:
+
+let
+  customPkgs = pkgs.callPackage ../packages {};
+in
+{
+  # Provide arguments to role modules
+  _module.args = { inherit customPkgs; };
+  # Home Manager configuration for compact laptop setups
+  # Optimized for space-constrained environments
+  
+  home.username = "johno";
+  home.homeDirectory = "/home/johno";
+  home.stateVersion = "24.05";
+
+  # Enable essential roles only (exclude heavy office/media packages)
+  home.roles = {
+    base.enable = true;
+    desktop.enable = true;
+    development.enable = true;
+    communication.enable = true;
+    kdeconnect.enable = true;
+    media.enable = true;
+    sync.enable = true;
+    # office.enable = false;  # Excluded for storage constraints
+  };
+
+  targets.genericLinux.enable = true;
+  home.sessionVariables = {};
+  home.sessionPath = [];
+
+  imports = [
+    ./roles
+    ./modules/emacs
+    ./modules/i3+sway
+    ./modules/kubectl
+    ./modules/plasma-manager
+    ./modules/tmux
+  ];
+
+}

home/home-live-usb.nix

@@ -0,0 +1,42 @@
+{ pkgs, globalInputs, system, ... }:
+
+let
+  customPkgs = pkgs.callPackage ../packages {};
+in
+{
+  # Provide arguments to role modules
+  _module.args = { inherit customPkgs; };
+  # Home Manager configuration for live USB environments
+  # Minimal setup without persistent services
+  
+  home.username = "nixos";
+  home.homeDirectory = "/home/nixos";
+  home.stateVersion = "24.05";
+
+  # Enable minimal roles only (no sync or kdeconnect for live environment)
+  home.roles = {
+    base.enable = true;
+    desktop.enable = true;
+    # development.enable = false;  # Not needed for live USB
+    # communication.enable = false; # Not needed for live USB  
+    # office.enable = false;       # Not needed for live USB
+    # media.enable = false;        # Not needed for live USB
+    # sync.enable = false;         # No persistent sync on live USB
+    # kdeconnect.enable = false;   # No device integration on live USB
+  };
+
+  targets.genericLinux.enable = true;
+  home.sessionVariables = {};
+  home.sessionPath = [];
+
+  imports = [
+    ./roles
+    ./modules/emacs
+    ./modules/i3+sway
+    ./modules/kubectl
+    ./modules/plasma-manager
+    ./modules/tmux
+  ];
+
+  # Live USB specific overrides can go here if needed
+}

home/home-media-center.nix

@@ -0,0 +1,42 @@
+{ pkgs, globalInputs, system, ... }:
+
+let
+  customPkgs = pkgs.callPackage ../packages {};
+in
+{
+  # Provide arguments to role modules
+  _module.args = { inherit customPkgs; };
+  # Home Manager configuration for media center setups
+  # Optimized for living room media consumption and gaming
+  
+  home.username = "johno";
+  home.homeDirectory = "/home/johno";
+  home.stateVersion = "24.05";
+
+  # Enable media center focused roles
+  home.roles = {
+    base.enable = true;
+    desktop.enable = true;
+    media.enable = true;
+    communication.enable = true;
+    kdeconnect.enable = true;
+    development.enable = true;
+    # office.enable = false;    # Not needed for media center
+    # sync.enable = false;      # Shared machine, no personal file sync
+  };
+
+  targets.genericLinux.enable = true;
+  home.sessionVariables = {};
+  home.sessionPath = [];
+
+  imports = [
+    ./roles
+    ./modules/emacs
+    ./modules/i3+sway
+    ./modules/kubectl
+    ./modules/plasma-manager
+    ./modules/tmux
+  ];
+
+  # Media center specific overrides can go here if needed
+}

home/home-nix-book.nix

@@ -1,11 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  imports = [
-    ./home.nix
-  ];
-
-  home.i3_sway.extraSwayConfig = {
-    output.eDP-1.scale = "1.75";
-  };
-}

home/home.nix

@@ -1,204 +0,0 @@
-{ pkgs, customPkgs, globalInputs, system, ... }:
-
-let
-  customPkgs = pkgs.callPackage ../packages {};
-in
-{
-  # Home Manager needs a bit of information about you and the paths it should
-  # manage.
-  home.username = "johno";
-  home.homeDirectory = "/home/johno";
-
-  # This value determines the Home Manager release that your configuration is
-  # compatible with. This helps avoid breakage when a new Home Manager release
-  # introduces backwards incompatible changes.
-  #
-  # You should not change this value, even if you update Home Manager. If you do
-  # want to update the value, then make sure to first check the Home Manager
-  # release notes.
-  home.stateVersion = "24.05"; # Please read the comment before changing.
-
-  # The home.packages option allows you to install Nix packages into your
-  # environment.
-  home.packages = [
-    # # Adds the 'hello' command to your environment. It prints a friendly
-    # # "Hello, world!" when run.
-    # pkgs.hello
-
-    # # It is sometimes useful to fine-tune packages, for example, by applying
-    # # overrides. You can do that directly here, just don't forget the
-    # # parentheses. Maybe you want to install Nerd Fonts with a limited number of
-    # # fonts?
-    # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
-
-    # # You can also create simple shell scripts directly inside your
-    # # configuration. For example, this adds a command 'my-hello' to your
-    # # environment:
-    # (pkgs.writeShellScriptBin "my-hello" ''
-    #   echo "Hello, ${config.home.username}!"
-    # '')
-
-    pkgs.bitwarden
-    pkgs.claude-code
-    pkgs.codex
-    pkgs.dunst
-    pkgs.element-desktop
-    pkgs.fd
-    #pkgs.fluffychat # security vulnerability in current version
-    pkgs.goose-cli
-    pkgs.gzip
-    pkgs.htop
-    pkgs.jellyfin-media-player
-    pkgs.keepassxc
-    pkgs.killall
-    pkgs.kitty
-    pkgs.less
-    pkgs.moonlight-qt
-    pkgs.ncdu
-    pkgs.nextcloud-talk-desktop
-    pkgs.openscad-unstable
-    pkgs.pandoc
-    #pkgs.pinentry-qt
-    #pkgs.pytest
-    pkgs.shellcheck
-    pkgs.solaar # Logitech management software
-    (pkgs.snapcast.override { pulseaudioSupport = true; })
-    pkgs.tmux
-    pkgs.waybar
-    pkgs.wofi
-    pkgs.vlc
-
-    ## Kubernetes cluster management
-    pkgs.kubectl
-    pkgs.kubernetes-helm
-
-    globalInputs.google-cookie-retrieval.packages.${system}.default
-  ];
-
-  # Home Manager is pretty good at managing dotfiles. The primary way to manage
-  # plain files is through 'home.file'.
-  home.file = {
-    # # Building this configuration will create a copy of 'dotfiles/screenrc' in
-    # # the Nix store. Activating the configuration will then make '~/.screenrc' a
-    # # symlink to the Nix store copy.
-    # ".screenrc".source = dotfiles/screenrc;
-
-    # # You can also set the file content immediately.
-    # ".gradle/gradle.properties".text = ''
-    #   org.gradle.console=verbose
-    #   org.gradle.daemon.idletimeout=3600000
-    # '';
-  };
-
-  targets.genericLinux.enable = true;
-
-  # Home Manager can also manage your environment variables through
-  # 'home.sessionVariables'. These will be explicitly sourced when using a
-  # shell provided by Home Manager. If you don't want to manage your shell
-  # through Home Manager then you have to manually source 'hm-session-vars.sh'
-  # located at either
-  #
-  #  ~/.nix-profile/etc/profile.d/hm-session-vars.sh
-  #
-  # or
-  #
-  #  ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
-  #
-  # or
-  #
-  #  /etc/profiles/per-user/johno/etc/profile.d/hm-session-vars.sh
-  #
-  home.sessionVariables = {
-  };
-
-  home.sessionPath = [
-  ];
-
-  imports = [
-    ./modules/emacs
-    ./modules/i3+sway
-    ./modules/plasma-manager
-    ./modules/tmux
-  ];
-
-  programs.bash = {
-    enable = true;
-    initExtra = ''
-      codex() {
-        local key
-        key="$(rbw get openai-api-key-codex)"
-        OPENAI_API_KEY="$key" command codex "$@"
-      }
-    '';
-  };
-
-  # Let Home Manager install and manage itself.
-  programs.home-manager.enable = true;
-
-  programs.command-not-found.enable = true;
-
-  programs.firefox = {
-    enable = true;
-  };
-
-  programs.git = {
-    enable = true;
-    userName = "John Ogle";
-    userEmail = "john@ogle.fyi";
-    extraConfig = {
-      safe.directory = "/etc/nixos";
-    };
-  };
-
-  programs.jq.enable = true;
-
-  programs.k9s.enable = true;
-
-  programs.neovim = {
-    enable = true;
-    viAlias = true;
-    vimAlias = true;
-  };
-
-  programs.rbw = {
-    enable = true;
-    settings = {
-      email = "john@johnogle.info";
-      base_url = "https://bitwarden.johnogle.info";
-      pinentry = pkgs.pinentry-qt;
-    };
-  };
-
-  programs.spotify-player.enable = true;
-
-  programs.ssh = {
-    enable = true;
-    addKeysToAgent = "yes";
-    matchBlocks = {
-      "nucdeb1" = {
-        hostname = "nucdeb1.oglehome";
-        user = "root";
-      };
-    };
-  };
-
-  services.kdeconnect = {
-    enable = true;
-    indicator = true;
-    package = pkgs.kdePackages.kdeconnect-kde;
-  };
-
-  services.gnome-keyring = {
-    enable = true;
-  };
-
-  services.syncthing = {
-    enable = true;
-    tray = {
-      enable = true;
-      command = "syncthingtray --wait";
-    };
-  };
-
-  xdg.enable = true;
-}

home/modules/emacs/default.nix

@@ -6,20 +6,31 @@ let
   doomEmacs = pkgs.fetchFromGitHub {
     owner = "doomemacs";
     repo = "doomemacs";
-    rev = "8406c1ff22b95bd0f816de4a0223fa3ce3c82568";
-    sha256 = "sha256-rOkgOdmLESVAbOeEM9nJTzxyI+akdk48Ed2VlktOy3Q=";
+    rev = "8f55404781edacf66fa330205533b002de3fb5ee";
+    sha256 = "sha256-vHwgENjip2+AFzs4oZfnKEAJKwf5Zid7fakImvxxQUw=";
   };
+
+  # Shared emacs packages
+  emacsPackages = epkgs: [
+    epkgs.vterm
+    epkgs.treesit-grammars.with-all-grammars
+  ];
+
+  # Default emacs configuration with vterm support
+  defaultEmacsPackage = 
+    if pkgs.stdenv.isDarwin 
+    then pkgs.emacs-macport.pkgs.withPackages emacsPackages
+    else pkgs.emacs.pkgs.withPackages emacsPackages;
 in
 {
   config = {
     home.packages = [
-      pkgs.emacs
-
       pkgs.emacs-all-the-icons-fonts
       pkgs.fira-code
       pkgs.fontconfig
       pkgs.graphviz
       pkgs.isort
+      #pkgs.libvterm # native vterm library
       pkgs.nerd-fonts.fira-code
       pkgs.nerd-fonts.droid-sans-mono
       pkgs.nil # nix lsp language server
@@ -30,9 +41,18 @@ in
       pkgs.python3
     ];
 
+    programs.emacs = {
+      enable = true;
+      package = defaultEmacsPackage;
+    };
+
     fonts.fontconfig.enable = true;
 
-    home.file."${config.xdg.configHome}/emacs".source = doomEmacs;
+    # Mount emacs and tree-sitter grammars from nix store
+    home.file = {
+      "${config.xdg.configHome}/emacs".source = doomEmacs;
+    };
+
     home.sessionPath = [
       "${config.xdg.configHome}/emacs/bin"
     ];
@@ -42,6 +62,11 @@ in
       DOOMLOCALDIR = "${config.xdg.dataHome}/doom";
     };
 
-    home.file."${config.xdg.configHome}/doom".source = ./doom;
+    # TODO: Use mkOutOfStoreSymlink instead?
+    home.activation.doomConfig = lib.hm.dag.entryAfter ["writeBoundary"] ''
+      # Always remove and recreate the symlink to ensure it points to the source directory
+      rm -rf "${config.xdg.configHome}/doom"
+      ln -sf "${config.home.homeDirectory}/nixos-configs/home/modules/emacs/doom" "${config.xdg.configHome}/doom"
+    '';
   };
 }

home/modules/emacs/doom/config.el

@@ -30,10 +30,20 @@
 ;; wasn't installed correctly. Font issues are rarely Doom issues!
 (setq doom-font (font-spec :family "Fira Code"))
 
+;; Auto-install nerd-icons fonts if they're missing
+(defun my/ensure-nerd-icons-fonts ()
+  "Check if nerd-icons fonts are installed and install them if missing."
+  (when (display-graphic-p)
+    (unless (find-font (font-spec :name "Symbols Nerd Font Mono"))
+      (when (fboundp 'nerd-icons-install-fonts)
+        (nerd-icons-install-fonts t)))))
+
+(add-hook 'doom-init-ui-hook #'my/ensure-nerd-icons-fonts)
+
 ;; There are two ways to load a theme. Both assume the theme is installed and
 ;; available. You can either set `doom-theme' or manually load a theme with the
 ;; `load-theme' function. This is the default:
-(setq doom-theme 'doom-one)
+(setq doom-theme 'doom-tokyo-night)
 
 ;; This determines the style of line numbers in effect. If set to `nil', line
 ;; numbers are disabled. For relative line numbers, set this to `relative'.
@@ -44,6 +54,7 @@
 (setq org-directory "~/org/")
 (after! org
   (setq org-agenda-span 'week
+        org-agenda-start-with-log-mode t
         my-agenda-dirs '("projects" "roam")
         org-agenda-files (cons org-directory (mapcan (lambda (x) (directory-files-recursively
                                                                   (expand-file-name x org-directory)
@@ -62,6 +73,13 @@
           '(("t" "Todo" entry (file+headline "~/org/todo.org" "Inbox")
              "* TODO %? \n %i \n%a" :prepend t))))
 
+(map! :after org-agenda
+      :map org-agenda-mode-map
+      :localleader
+      (:prefix ("v" . "view")
+       "d" #'org-agenda-day-view
+       "w" #'org-agenda-week-view))
+
 ;; (use-package! org-caldav
 ;;   :defer t
 ;;   :config
@@ -78,10 +96,68 @@
          (output  (shell-command-to-string cmd)))
     (string-trim output)))
 
-(use-package! gptel
+(after! gptel
+  :config
+  (setq! gptel-api-key (my/get-rbw-password "openai-api-key-chatgpt-el")
+         gptel-default-mode 'org-mode
+         gptel-use-tools t
+         gptel-confirm-tool-calls 'always
+         gptel-include-reasoning 'ignore
+         gptel-model "qwen3:30b")
+
+  ;; Set default backend to be Ollama-Local
+  (setq! gptel-backend
+         (gptel-make-ollama "Ollama-Local"
+           :host "localhost:11434"
+           :stream t
+           :models '(deepseek-r1 deepseek-r1-fullctx qwen3:30b qwen3:4b llama3.1 qwen2.5-coder mistral-nemo gpt-oss)))
+
+  ;; Define custom tools
+  (gptel-make-tool
+   :name "run_shell_command"
+   :description "Execute shell commands and return output. Use this to run system commands, check file contents, or perform system operations."
+   :function (lambda (command)
+               (condition-case err
+                   (shell-command-to-string command)
+                 (error (format "Error running command: %s" (error-message-string err)))))
+   :args (list '(:name "command" :type "string" :description "Shell command to execute")))
+
+  (gptel-make-tool
+   :name "read_file"
+   :description "Read the contents of a file and return as text"
+   :function (lambda (filepath)
+               (condition-case err
+                   (with-temp-buffer
+                     (insert-file-contents (expand-file-name filepath))
+                     (buffer-string))
+                 (error (format "Error reading file %s: %s" filepath (error-message-string err)))))
+   :args (list '(:name "filepath" :type "string" :description "Path to the file to read")))
+
+  (gptel-make-tool
+   :name "list_directory"
+   :description "List contents of a directory"
+   :function (lambda (dirpath)
+               (condition-case err
+                   (mapconcat 'identity 
+                              (directory-files (expand-file-name dirpath) nil "^[^.]")
+                              "\n")
+                 (error (format "Error listing directory %s: %s" dirpath (error-message-string err)))))
+   :args (list '(:name "dirpath" :type "string" :description "Directory path to list"))))
+
+(use-package! claude-code-ide
   :defer t
   :config
-  (setq! gptel-api-key (my/get-rbw-password "openai-api-key-chatgpt-el")))
+  (claude-code-ide-emacs-tools-setup)
+  (map! :leader
+        (:prefix ("o" . "open")
+         :desc "Claude Code IDE" "c" #'claude-code-ide-menu)))
+
+(after! gptel
+  (require 'gptel-tool-library)
+  (setq gptel-tool-library-use-maybe-safe t
+        gptel-tool-library-use-unsafe t)
+  (dolist (module '("bbdb" "buffer" "elisp" "emacs" "gnus" "os" "search-and-replace" "url"))
+    (gptel-tool-library-load-module module)))
 
 ;; Whenever you reconfigure a package, make sure to wrap your config in an
 ;; `after!' block, otherwise Doom's defaults may override your settings. E.g.

home/modules/emacs/doom/init.el

@@ -33,7 +33,7 @@
        doom              ; what makes DOOM look the way it does
        doom-dashboard    ; a nifty splash screen for Emacs
        ;;doom-quit         ; DOOM quit-message prompts when you quit Emacs
-       (emoji +unicode)  ; 🙂
+       ;;(emoji +unicode)  ; 🙂
        hl-todo           ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
        ;;indent-guides     ; highlighted indent columns
        ;;ligatures         ; ligatures and symbols to make your code pretty again
@@ -45,7 +45,7 @@
        (popup +defaults)   ; tame sudden yet inevitable temporary windows
        ;;tabs              ; a tab bar for Emacs
        ;;treemacs          ; a project drawer, like neotree but cooler
-       ;;unicode           ; extended unicode support for various languages
+       unicode           ; extended unicode support for various languages
        (vc-gutter +pretty) ; vcs diff in the fringe
        vi-tilde-fringe   ; fringe tildes to mark beyond EOB
        ;;window-select     ; visually switch windows
@@ -59,7 +59,7 @@
        ;;(format +onsave)  ; automated prettiness
        ;;god               ; run Emacs commands without modifier keys
        ;;lispy             ; vim for lisp, for people who don't like vim
-       ;;multiple-cursors  ; editing in many places at once
+       multiple-cursors  ; editing in many places at once
        ;;objed             ; text object editing for the innocent
        ;;parinfer          ; turn lisp into python, sort of
        ;;rotate-text       ; cycle region at point between text candidates
@@ -77,7 +77,7 @@
        ;;eshell            ; the elisp shell that works everywhere
        ;;shell             ; simple shell REPL for Emacs
        ;;term              ; basic terminal emulator for Emacs
-       ;;vterm             ; the best terminal emulation in Emacs
+       vterm             ; the best terminal emulation in Emacs
 
        :checkers
        syntax              ; tasing you for every semicolon you forget
@@ -94,6 +94,7 @@
        ;;editorconfig      ; let someone else argue about tabs vs spaces
        ;;ein               ; tame Jupyter notebooks with emacs
        (eval +overlay)     ; run code, run (also, repls)
+       llm               ; When I said  you needed friends, I didn't mean...
        lookup              ; navigate your code and its documentation
        lsp               ; M-x vscode
        magit             ; a git porcelain for Emacs

home/modules/emacs/doom/packages.el

@@ -52,3 +52,10 @@
 ;; (package! org-caldav)
 
 (package! gptel :recipe (:nonrecursive t))
+
+(package! claude-code-ide
+  :recipe (:host github :repo "manzaltu/claude-code-ide.el"))
+
+(package! gptel-tool-library
+  :recipe (:host github :repo "aard-fi/gptel-tool-library"
+           :files ("*.el")))

home/modules/kubectl/default.nix

@@ -0,0 +1,249 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.programs.kubectl-secure;
+in
+{
+  options.programs.kubectl-secure = {
+    enable = mkEnableOption "secure kubectl configuration with Bitwarden integration";
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = with pkgs; [
+      kubectl
+      kubernetes-helm
+    ];
+
+    programs.k9s.enable = true;
+
+    programs.bash.initExtra = mkAfter ''
+      # Kubectl secure session management
+      export KUBECTL_SESSION_DIR="/dev/shm/kubectl-$$"
+      
+      kube-select() {
+        if [[ $# -ne 1 ]]; then
+          echo "Usage: kube-select <context-name>"
+          echo "Available contexts: $(kube-list)"
+          return 1
+        fi
+        
+        local context="$1"
+        
+        # Clean up any existing session first
+        kube-clear 2>/dev/null
+        
+        # Create new session directory
+        mkdir -p "$KUBECTL_SESSION_DIR"
+        chmod 700 "$KUBECTL_SESSION_DIR"
+        
+        # Set cleanup trap for this shell session
+        trap "rm -rf '$KUBECTL_SESSION_DIR' 2>/dev/null" EXIT
+        
+        # Set KUBECONFIG for this session
+        export KUBECONFIG="$KUBECTL_SESSION_DIR/config"
+        
+        # Load config from Bitwarden secure notes
+        if ! rbw get "kubectl-$context" > "$KUBECONFIG" 2>/dev/null; then
+          echo "Error: Could not retrieve kubectl-$context from Bitwarden"
+          echo "Make sure the entry exists with name: kubectl-$context"
+          kube-clear
+          return 1
+        fi
+        
+        # Verify the kubeconfig is valid
+        if ! kubectl config view >/dev/null 2>&1; then
+          echo "Error: Invalid kubeconfig retrieved from Bitwarden"
+          kube-clear
+          return 1
+        fi
+        
+        echo "✓ Loaded kubectl context: $context (session: $$)"
+        echo "  Config location: $KUBECONFIG"
+      }
+      
+      kube-list() {
+        echo "Available kubectl contexts in Bitwarden:"
+        rbw search kubectl- 2>/dev/null | grep "^kubectl-" | sed 's/^kubectl-/  - /' || echo "  (none found or rbw not accessible)"
+      }
+      
+      kube-clear() {
+        if [[ -n "$KUBECTL_TIMEOUT_PID" ]]; then
+          kill "$KUBECTL_TIMEOUT_PID" 2>/dev/null
+          unset KUBECTL_TIMEOUT_PID
+        fi
+        
+        if [[ -d "$KUBECTL_SESSION_DIR" ]]; then
+          rm -rf "$KUBECTL_SESSION_DIR"
+          echo "Cleared kubectl session ($$)"
+        fi
+        
+        unset KUBECONFIG
+      }
+      
+      kube-status() {
+        if [[ -f "$KUBECONFIG" ]]; then
+          local current_context
+          current_context=$(kubectl config current-context 2>/dev/null)
+          if [[ -n "$current_context" ]]; then
+            echo "Active kubectl context: $current_context"
+            echo "Session: $$ | Config: $KUBECONFIG"
+            
+            # Show cluster info
+            local cluster_server
+            cluster_server=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}' 2>/dev/null)
+            if [[ -n "$cluster_server" ]]; then
+              echo "Cluster: $cluster_server"
+            fi
+          else
+            echo "No active context in current session"
+          fi
+        else
+          echo "No kubectl session active in this shell"
+          echo "Use 'kube-select <context>' to start a session"
+        fi
+      }
+
+      # Helper function to show available commands
+      kube-help() {
+        echo "Secure kubectl session management commands:"
+        echo ""
+        echo "Session management:"
+        echo "  kube-select <context>     - Load kubeconfig from Bitwarden"
+        echo "  kube-status              - Show current session status"
+        echo "  kube-clear               - Clear current session"
+        echo ""
+        echo "Configuration management:"
+        echo "  kube-list                - List available contexts in Bitwarden"
+        echo ""
+        echo "Help:"
+        echo "  kube-help                - Show this help"
+        echo ""
+        echo "Examples:"
+        echo "  kube-select prod                     # Loads from secure note"
+        echo "  kubectl get pods"
+        echo "  kube-clear"
+        echo ""
+        echo "Note: Kubeconfigs are stored as secure notes in Bitwarden"
+      }
+    '';
+    
+    programs.zsh.initExtra = mkAfter ''
+      # Kubectl secure session management (zsh)
+      export KUBECTL_SESSION_DIR="/dev/shm/kubectl-$$"
+      
+      kube-select() {
+        if [[ $# -ne 1 ]]; then
+          echo "Usage: kube-select <context-name>"
+          echo "Available contexts: $(kube-list)"
+          return 1
+        fi
+        
+        local context="$1"
+        
+        # Clean up any existing session first
+        kube-clear 2>/dev/null
+        
+        # Create new session directory
+        mkdir -p "$KUBECTL_SESSION_DIR"
+        chmod 700 "$KUBECTL_SESSION_DIR"
+        
+        # Set cleanup trap for this shell session
+        trap "rm -rf '$KUBECTL_SESSION_DIR' 2>/dev/null" EXIT
+        
+        # Set KUBECONFIG for this session
+        export KUBECONFIG="$KUBECTL_SESSION_DIR/config"
+        
+        # Load config from Bitwarden secure notes
+        if ! rbw get "kubectl-$context" > "$KUBECONFIG" 2>/dev/null; then
+          echo "Error: Could not retrieve kubectl-$context from Bitwarden"
+          echo "Make sure the entry exists with name: kubectl-$context"
+          kube-clear
+          return 1
+        fi
+        
+        # Verify the kubeconfig is valid
+        if ! kubectl config view >/dev/null 2>&1; then
+          echo "Error: Invalid kubeconfig retrieved from Bitwarden"
+          kube-clear
+          return 1
+        fi
+        
+        echo "✓ Loaded kubectl context: $context (session: $$)"
+        echo "  Config location: $KUBECONFIG"
+        
+        # Optional: Set timeout cleanup
+        if [[ ${toString cfg.sessionTimeout} -gt 0 ]]; then
+          (sleep ${toString cfg.sessionTimeout}; kube-clear 2>/dev/null) &
+          export KUBECTL_TIMEOUT_PID=$!
+        fi
+      }
+      
+      kube-list() {
+        echo "Available kubectl contexts in Bitwarden:"
+        rbw search kubectl- 2>/dev/null | grep "^kubectl-" | sed 's/^kubectl-/  - /' || echo "  (none found or rbw not accessible)"
+      }
+      
+      kube-clear() {
+        if [[ -n "$KUBECTL_TIMEOUT_PID" ]]; then
+          kill "$KUBECTL_TIMEOUT_PID" 2>/dev/null
+          unset KUBECTL_TIMEOUT_PID
+        fi
+        
+        if [[ -d "$KUBECTL_SESSION_DIR" ]]; then
+          rm -rf "$KUBECTL_SESSION_DIR"
+          echo "Cleared kubectl session ($$)"
+        fi
+        
+        unset KUBECONFIG
+      }
+      
+      kube-status() {
+        if [[ -f "$KUBECONFIG" ]]; then
+          local current_context
+          current_context=$(kubectl config current-context 2>/dev/null)
+          if [[ -n "$current_context" ]]; then
+            echo "Active kubectl context: $current_context"
+            echo "Session: $$ | Config: $KUBECONFIG"
+            
+            # Show cluster info
+            local cluster_server
+            cluster_server=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}' 2>/dev/null)
+            if [[ -n "$cluster_server" ]]; then
+              echo "Cluster: $cluster_server"
+            fi
+          else
+            echo "No active context in current session"
+          fi
+        else
+          echo "No kubectl session active in this shell"
+          echo "Use 'kube-select <context>' to start a session"
+        fi
+      }
+
+      # Helper function to show available commands
+      kube-help() {
+        echo "Secure kubectl session management commands:"
+        echo ""
+        echo "Session management:"
+        echo "  kube-select <context>     - Load kubeconfig from Bitwarden"
+        echo "  kube-status              - Show current session status"
+        echo "  kube-clear               - Clear current session"
+        echo ""
+        echo "Configuration management:"
+        echo "  kube-list                - List available contexts in Bitwarden"
+        echo ""
+        echo "Help:"
+        echo "  kube-help                - Show this help"
+        echo ""
+        echo "Examples:"
+        echo "  kube-select prod                     # Loads from secure note"
+        echo "  kubectl get pods"
+        echo "  kube-clear"
+        echo ""
+        echo "Note: Kubeconfigs are stored as secure notes in Bitwarden"
+      }
+    '';
+  };
+}

home/modules/plasma-manager/default.nix

@@ -52,26 +52,47 @@
         "Window Operations Menu" = "Alt+F3";
         "Window Resize" = "Meta+R,,Resize Window";
 
-        "Overview" = "Meta+W";
+        "Overview" = "Meta+Ctrl+W";
         "Grid View" = "Meta+G";
         "Edit Tiles" = "Meta+T";
 
         "Activate Window Demanding Attention" = "Meta+Ctrl+A";
 
-        "Show Desktop" = "Meta+D";
+        "Show Desktop" = "Meta+Ctrl+D";
 
         "Walk Through Windows" = "Alt+Tab";
         "Walk Through Windows (Reverse)" = "Alt+Shift+Tab";
         "Walk Through Windows of Current Application" = "Alt+`";
         "Walk Through Windows of Current Application (Reverse)" = "Alt+~";
-        "Window Fullscreen" = "Meta+Shift+F,,Make Window Fullscreen";
 
         "Window Quick Tile Bottom" = "Meta+Down";
         "Window Quick Tile Left" = "Meta+Left";
         "Window Quick Tile Right" = "Meta+Right";
         "Window Quick Tile Top" = "Meta+Up";
 
-        "view_actual_size" = "Meta+0";
+        "Switch to Desktop 1" = "Meta+1";
+        "Switch to Desktop 2" = "Meta+2";
+        "Switch to Desktop 3" = "Meta+3";
+        "Switch to Desktop 4" = "Meta+4";
+        "Switch to Desktop 5" = "Meta+5";
+        "Switch to Desktop 6" = "Meta+6";
+        "Switch to Desktop 7" = "Meta+7";
+        "Switch to Desktop 8" = "Meta+8";
+        "Switch to Desktop 9" = "Meta+9";
+        "Switch to Desktop 10" = "Meta+0";
+        
+        "Window to Desktop 1" = "Meta+!";    # Meta+Shift+1
+        "Window to Desktop 2" = "Meta+@";    # Meta+Shift+2
+        "Window to Desktop 3" = "Meta+#";    # Meta+Shift+3
+        "Window to Desktop 4" = "Meta+$";    # Meta+Shift+4
+        "Window to Desktop 5" = "Meta+%";    # Meta+Shift+5
+        "Window to Desktop 6" = "Meta+^";    # Meta+Shift+6
+        "Window to Desktop 7" = "Meta+&";    # Meta+Shift+7
+        "Window to Desktop 8" = "Meta+*";    # Meta+Shift+8
+        "Window to Desktop 9" = "Meta+(";    # Meta+Shift+9
+        "Window to Desktop 10" = "Meta+)";   # Meta+Shift+0
+
+        "view_actual_size" = "Meta+Ctrl+=";
         "view_zoom_in" = ["Meta++" "Meta+=,Meta++" "Meta+=,Zoom In"];
         "view_zoom_out" = "Meta+-";
       };
@@ -111,6 +132,22 @@
         immutable = true;
       };
       
+      # Enable KWin tiling features
+      kwinrc.Tiling = {
+        # Enable tiling functionality  
+        "padding" = 4;
+      };
+      
+      # Enable krohnkite plugin automatically
+      kwinrc.Plugins = {
+        krohnkiteEnabled = true;
+      };
+      
+      kwinrc.Effect-overview = {
+        # Configure overview effect for better tiling workflow
+        BorderActivate = 9;  # Top-left corner activation
+      };
+
       kcminputrc.Libinput = {
         AccelerationProfile = "adaptive";
         PointerAcceleration = 0.5;
@@ -122,6 +159,14 @@
       };
 
       kdeglobals.KDE.LookAndFeelPackage = "org.kde.breezedark.desktop";
+
+      # Focus follows mouse configuration
+      kwinrc.Windows = {
+        FocusPolicy = "FocusFollowsMouse";
+        AutoRaise = true;  # Set to true if you want windows to auto-raise on focus
+        AutoRaiseInterval = 750;  # Delay in ms before auto-raise (if enabled)
+        DelayFocusInterval = 0;  # Delay in ms before focus follows mouse
+      };
     };
   };
 }

home/roles/base/default.nix

@@ -0,0 +1,81 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.home.roles.base;
+in
+{
+  options.home.roles.base = {
+    enable = mkEnableOption "Enable base CLI tools and essential programs";
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = with pkgs; [
+      fd
+      glances
+      gzip
+      htop
+      killall
+      less
+      ncdu
+      shellcheck
+      tmux
+      tree
+    ];
+
+    # Essential programs everyone needs
+    programs.bash = {
+      enable = true;
+      initExtra = ''
+        codex() {
+          local key
+          key="$(rbw get openai-api-key-codex)"
+          OPENAI_API_KEY="$key" command codex "$@"
+        }
+      '';
+    };
+
+    programs.home-manager.enable = true;
+    programs.command-not-found.enable = true;
+
+    programs.git = {
+      enable = true;
+      userName = "John Ogle";
+      userEmail = "john@ogle.fyi";
+      extraConfig = {
+        safe.directory = "/etc/nixos";
+      };
+    };
+
+    programs.jq.enable = true;
+
+    programs.neovim = {
+      enable = true;
+      viAlias = true;
+      vimAlias = true;
+    };
+
+    programs.ssh = {
+      enable = true;
+      matchBlocks = {
+        "nucdeb1" = {
+          hostname = "nucdeb1.oglehome";
+          user = "root";
+          addKeysToAgent = "yes";
+        };
+      };
+    };
+
+    programs.rbw = {
+      enable = true;
+      settings = {
+        email = "john@johnogle.info";
+        base_url = "https://bitwarden.johnogle.info";
+        pinentry = pkgs.pinentry-qt;
+      };
+    };
+
+    # Note: modules must be imported at top-level home config
+  };
+}

home/roles/communication/default.nix

@@ -0,0 +1,24 @@
+{ config, lib, pkgs, globalInputs, system, ... }:
+
+with lib;
+
+let
+  cfg = config.home.roles.communication;
+in
+{
+  options.home.roles.communication = {
+    enable = mkEnableOption "Enable communication and messaging applications";
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = [
+      # Communication apps
+      pkgs.element-desktop
+      pkgs.fluffychat
+      pkgs.nextcloud-talk-desktop
+      
+      # For logging back into google chat
+      globalInputs.google-cookie-retrieval.packages.${system}.default
+    ];
+  };
+}

home/roles/default.nix

@@ -0,0 +1,13 @@
+{
+  imports = [
+    ./base
+    ./communication
+    ./desktop
+    ./development
+    ./gaming
+    ./kdeconnect
+    ./media
+    ./office
+    ./sync
+  ];
+}

home/roles/desktop/default.nix

@@ -0,0 +1,77 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.home.roles.desktop;
+in
+{
+  options.home.roles.desktop = {
+    enable = mkEnableOption "Enable desktop GUI applications and utilities";
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = with pkgs; [
+      # Desktop applications
+      bitwarden
+      dunst
+      keepassxc
+      kitty
+      
+      # Desktop utilities
+      solaar # Logitech management software
+      waybar
+      wofi
+      
+      # System utilities with GUI components
+      (snapcast.override { pulseaudioSupport = true; })
+      
+      # KDE tiling window management
+      kdePackages.krohnkite  # Dynamic tiling extension for KWin 6
+      
+      # KDE PIM applications for email, calendar, and contacts
+      kdePackages.kmail
+      kdePackages.kmail-account-wizard
+      kdePackages.kmailtransport
+      kdePackages.korganizer
+      kdePackages.kaddressbook
+      kdePackages.kontact
+      
+      # KDE Online Accounts support
+      kdePackages.kaccounts-integration
+      kdePackages.kaccounts-providers
+      kdePackages.signond
+      
+      # KDE Mapping
+      kdePackages.marble  # Virtual globe and world atlas
+      
+      # KDE Productivity
+      kdePackages.kate        # Advanced text editor with syntax highlighting
+      kdePackages.okular      # Universal document viewer (PDF, ePub, etc.)
+      kdePackages.spectacle   # Screenshot capture utility
+      kdePackages.filelight   # Visual disk usage analyzer
+      
+      # KDE Multimedia
+      kdePackages.gwenview    # Image viewer and basic editor
+      kdePackages.elisa       # Music player
+      
+      # KDE System Utilities  
+      kdePackages.ark         # Archive manager (zip, tar, 7z, etc.)
+      kdePackages.yakuake     # Drop-down terminal emulator
+    ];
+
+    programs.firefox = {
+      enable = true;
+    };
+
+    programs.spotify-player.enable = true;
+
+    services.gnome-keyring = {
+      enable = true;
+    };
+
+    xdg.enable = true;
+
+    # Note: modules must be imported at top-level home config
+  };
+}

home/roles/development/default.nix

@@ -0,0 +1,27 @@
+{ config, lib, pkgs, customPkgs, globalInputs, system, ... }:
+
+with lib;
+
+let
+  cfg = config.home.roles.development;
+in
+{
+  options.home.roles.development = {
+    enable = mkEnableOption "Enable development tools and utilities";
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = [
+      pkgs.claude-code
+      pkgs.codex
+      pkgs.goose-cli
+
+      # Custom packages
+      customPkgs.tea-rbw
+    ];
+
+    programs.kubectl-secure.enable = true;
+
+    # Note: modules must be imported at top-level home config
+  };
+}

home/roles/gaming/default.nix

@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.home.roles.gaming;
+in
+{
+  options.home.roles.gaming = {
+    enable = mkEnableOption "Enable gaming applications and tools";
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = with pkgs; [
+      # Gaming applications would go here
+      # This role is created for future expansion
+      # moonlight-qt is currently in media role but could be moved here
+    ];
+  };
+}

home/roles/kdeconnect/default.nix

@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.home.roles.kdeconnect;
+in
+{
+  options.home.roles.kdeconnect = {
+    enable = mkEnableOption "Enable KDE Connect for device integration";
+  };
+
+  config = mkIf cfg.enable {
+    services.kdeconnect = {
+      enable = true;
+      indicator = true;
+      package = pkgs.kdePackages.kdeconnect-kde;
+    };
+  };
+}

home/roles/media/default.nix

@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.home.roles.media;
+in
+{
+  options.home.roles.media = {
+    enable = mkEnableOption "Enable media and multimedia applications";
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = with pkgs; [
+      # Media players and streaming
+      # Using delfin instead of jellyfin-media-player to avoid qtwebengine security issues
+      # For full Jellyfin features, use web interface at http://jellyfin-server:8096
+      delfin
+      moonlight-qt
+      vlc
+    ];
+  };
+}

home/roles/office/default.nix

@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.home.roles.office;
+in
+{
+  options.home.roles.office = {
+    enable = mkEnableOption "Enable office applications and document processing tools";
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = with pkgs; [
+      # Office suite
+      libreoffice
+      
+      # CAD/Design tools
+      openscad-unstable
+    ];
+  };
+}

home/roles/sync/default.nix

@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.home.roles.sync;
+in
+{
+  options.home.roles.sync = {
+    enable = mkEnableOption "Enable file synchronization services";
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = with pkgs; [
+      syncthingtray
+    ];
+
+    services.syncthing = {
+      enable = true;
+    };
+  };
+}

machines/boxy/configuration.nix

@@ -17,7 +17,7 @@ with lib;
     bluetooth.enable = true;
     desktop = {
       enable = true;
-      gaming = true;
+      gaming.enable = true;
       kde = true;
       sddm = true;
       wayland = true;

machines/johno-macbookpro/configuration.nix

@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Basic system configuration for macOS work laptop
+  system.stateVersion = 6;
+
+  # Set primary user for nix-darwin
+  system.primaryUser = "johno";
+
+  # System preferences (can be expanded later)
+  system.defaults = {
+    dock.autohide = true;
+    finder.AppleShowAllExtensions = true;
+    NSGlobalDomain.AppleShowAllExtensions = true;
+  };
+
+  # TODO: Find a way to not duplicate this
+  launchd.user.envVariables = {
+    # DOOM Emacs environment variables
+    DOOMDIR = "/Users/johno/.config/doom";
+    DOOMLOCALDIR = "/Users/johno/.local/doom";
+  };
+}

machines/nix-book/configuration.nix

@@ -15,7 +15,7 @@
     desktop = {
       enable = true;
       wayland = true;
-      gaming = false;
+      gaming.enable = false;
       kde = true;
       sddm = true;
     };
@@ -43,6 +43,13 @@
   # Enable networking
   networking.networkmanager.enable = true;
 
+  # WireGuard setup
+  networking.wg-quick.interfaces = {
+    ogleNet = {
+      configFile = "/root/Oglehome-VPN-johno-nixbook.conf";
+    };
+  };
+
   hardware.graphics = {
     enable = true;
     extraPackages = with pkgs; [

machines/zix790prors/README.org

@@ -0,0 +1,31 @@
+* zix790prors
+
+The re-birthed NixOS install of my 2024/2025 gaming pc / workstation.
+
+** Specs
+- **CPU:** Intel Core i7-14700K (20 cores, 28 threads, up to 5.6 GHz)
+- **Memory:** 64 GB RAM
+- **Storage:**
+  - 4TB NVMe SSD (main drive with dual-boot partitions)
+    - Windows 11 partition (NTFS)
+    - NixOS /nix/store partition (btrfs)
+    - Shared /games partition (btrfs, accessible from both Windows and NixOS)
+- **GPU:** NVIDIA GeForce RTX 4070 Ti
+- **Boot:** UEFI with 100MB EFI System Partition
+
+This is a powerful all-purpose workstation optimized for gaming, 3D modeling, and development. It dual-boots Windows 11 with a shared btrfs /games partition accessible from both operating systems.
+*** Validation
+Given the above specs, I want to run shell commands to validate them for accuracy. Use the run_shell_command tool to get the results required to complete this validation. Do not return to the user until you have exhausted your self-serve options for accomplishing your task.
+
+** BIOS Settings
+
+**2025-09-08**
+
+I underclocked the CPU today. I set the cpu/cache voltage offset to -50mV and lowered the P-Core multiplier from 56x to 50x. I was able to run Intel XTU benchmarks and the CPU stayed around 80C without any throttling kicking in, whereas before it would bounce around various cores at 100C with lots of throttling taking place.
+
+My goals for this change are:
+- CPU longevity
+- Fan noise
+- Addressing various apps that say 100C is a "critical temperature" (though I believe the CPU is rated for up to 110C)
+
+I'm leaving some performance on the table, but it almost feels like the default settings for this CPU were to effectively be overclocked.

machines/zix790prors/configuration.nix

@@ -0,0 +1,99 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+{ lib, pkgs, ... }:
+
+with lib;
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  roles = {
+    audio.enable = true;
+    bluetooth.enable = true;
+    desktop = {
+      enable = true;
+      gaming = {
+        enable = true;
+        emulation = true;
+      };
+      kde = true;
+      sddm = true;
+      wayland = true;
+    };
+    nfs-mounts.enable = true;
+    nvidia.enable = true;
+    printing.enable = true;
+    users.enable = true;
+    virtualisation.enable = true;
+  };
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.systemd-boot.configurationLimit = 20;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.timeout = 10;
+
+  networking.hostName = "zix790prors"; # Define your hostname.
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Fix dual boot clock sync - tell Linux to use local time for hardware clock
+  time.hardwareClockInLocalTime = true;
+
+  # NVIDIA Graphics configuration
+  services.xserver.videoDrivers = [ "nvidia" ];
+  hardware.graphics.enable = true;
+  hardware.graphics.enable32Bit = true;
+  
+  hardware.nvidia = {
+    # Modesetting is required.
+    modesetting.enable = true;
+    
+    # Enable the Nvidia settings menu,
+    # accessible via `nvidia-settings`.
+    nvidiaSettings = true;
+    
+    # Optionally, you may need to select the appropriate driver version for your specific GPU.
+    package = pkgs.linuxPackages.nvidiaPackages.stable;
+    
+    # Use open source kernel modules (recommended for RTX/GTX 16xx and newer)
+    # Set to false if you have an older GPU
+    open = true;
+    
+    # For gaming performance
+    powerManagement.enable = false;
+    powerManagement.finegrained = false;
+  };
+
+  services.ollama = {
+    enable = true;
+    acceleration = "cuda";
+    loadModels = [ "gpt-oss" "deepseek-r1" "qwen3:30b" ];
+  };
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+  # to actually do that.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "25.11"; # Did you read the comment?
+
+}

machines/zix790prors/hardware-configuration.nix

@@ -0,0 +1,57 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/11C1-EB58";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  roles.btrfs = {
+    enable = true;
+    filesystems."/dev/disk/by-uuid/ec22734b-d1a3-4c99-8c6f-86f6a8d79007" = {
+      mountpoints = {
+        "/" = {
+          compression = "zstd";
+          extraOptions = [ "noatime" ];
+        };
+      };
+      scrub.enable = true;
+      deduplication = {
+        enable = true;
+        hashTableSizeMB = 128;
+        verbosity = "err";
+      };
+    };
+    filesystems."/dev/disk/by-uuid/4f9844ac-c1ad-4426-8eb3-21f2306345fb" = {
+      mountpoints = {
+        "/games" = {
+          extraOptions = [ "noatime" ];
+        };
+      };
+      scrub.enable = true;
+      deduplication = {
+        enable = true;
+        hashTableSizeMB = 256;
+        verbosity = "err";
+      };
+    };
+  };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

packages/app-launcher-server/app-launcher-server.py

@@ -0,0 +1,104 @@
+#!/usr/bin/env python3
+
+import json
+import logging
+import os
+import subprocess
+import sys
+from http.server import BaseHTTPRequestHandler, HTTPServer
+from urllib.parse import urlparse
+
+# Configure logging
+logging.basicConfig(
+    level=logging.INFO,
+    format='%(asctime)s - %(levelname)s - %(message)s'
+)
+logger = logging.getLogger(__name__)
+
+# Allowlisted applications that can be launched
+ALLOWED_APPS = {
+    'firefox': 'firefox',
+    'kodi': 'kodi'
+}
+
+class AppLauncherHandler(BaseHTTPRequestHandler):
+    def log_message(self, format, *args):
+        logger.info(format % args)
+
+    def do_GET(self):
+        if self.path == '/':
+            self.send_response(200)
+            self.send_header('Content-type', 'application/json')
+            self.end_headers()
+            response = {
+                'status': 'running',
+                'available_apps': list(ALLOWED_APPS.keys()),
+                'usage': 'POST /launch/<app_name> to launch an application'
+            }
+            self.wfile.write(json.dumps(response, indent=2).encode())
+        else:
+            self.send_error(404)
+
+    def do_POST(self):
+        parsed_path = urlparse(self.path)
+        path_parts = parsed_path.path.strip('/').split('/')
+
+        if len(path_parts) == 2 and path_parts[0] == 'launch':
+            app_name = path_parts[1]
+            self.launch_app(app_name)
+        else:
+            self.send_error(404, "Invalid endpoint. Use /launch/<app_name>")
+
+    def launch_app(self, app_name):
+        if app_name not in ALLOWED_APPS:
+            self.send_error(400, f"Application '{app_name}' not allowed. Available apps: {list(ALLOWED_APPS.keys())}")
+            return
+
+        command = ALLOWED_APPS[app_name]
+
+        try:
+            # Launch the application in the background
+            # Ensure we have the proper environment for GUI apps
+            env = os.environ.copy()
+
+            logger.info(f"Launching application: {command}")
+            process = subprocess.Popen(
+                [command],
+                env=env,
+                stdout=subprocess.DEVNULL,
+                stderr=subprocess.DEVNULL,
+                start_new_session=True
+            )
+
+            self.send_response(200)
+            self.send_header('Content-type', 'application/json')
+            self.end_headers()
+            response = {
+                'status': 'success',
+                'message': f'Successfully launched {app_name}',
+                'pid': process.pid
+            }
+            self.wfile.write(json.dumps(response).encode())
+
+        except FileNotFoundError:
+            logger.error(f"Application not found: {command}")
+            self.send_error(500, f"Application '{app_name}' not found on system")
+        except Exception as e:
+            logger.error(f"Error launching {command}: {e}")
+            self.send_error(500, f"Failed to launch {app_name}: {str(e)}")
+
+def main():
+    port = int(sys.argv[1]) if len(sys.argv) > 1 else 8081
+
+    server = HTTPServer(('0.0.0.0', port), AppLauncherHandler)
+    logger.info(f"App launcher server starting on port {port}")
+    logger.info(f"Available applications: {list(ALLOWED_APPS.keys())}")
+
+    try:
+        server.serve_forever()
+    except KeyboardInterrupt:
+        logger.info("Server shutting down...")
+        server.server_close()
+
+if __name__ == '__main__':
+    main()

packages/app-launcher-server/default.nix

@@ -0,0 +1,5 @@
+{ pkgs }:
+
+pkgs.writeShellScriptBin "app-launcher-server" ''
+  exec ${pkgs.python3}/bin/python3 ${./app-launcher-server.py} "$@"
+''

packages/default.nix

@@ -1,4 +1,6 @@
 { pkgs, ... }:
 {
   vulkanHDRLayer = pkgs.callPackage ./vulkan-hdr-layer {};
+  tea-rbw = pkgs.callPackage ./tea-rbw {};
+  app-launcher-server = pkgs.callPackage ./app-launcher-server {};
 }

packages/tea-rbw/default.nix

@@ -0,0 +1,58 @@
+{ pkgs, ... }:
+
+pkgs.writeShellScriptBin "tea" ''
+  set -euo pipefail
+
+  # Check if tea config directory exists and has authentication
+  TEA_CONFIG_DIR="''${XDG_CONFIG_HOME:-$HOME/.config}/tea"
+  TEA_CONFIG_FILE="$TEA_CONFIG_DIR/config.yml"
+
+  # Function to setup tea authentication with rbw
+  setup_tea_auth() {
+    echo "Tea authentication not found. Setting up with rbw..."
+    
+    # Check if rbw is available
+    if ! command -v rbw &> /dev/null; then
+      echo "Error: rbw is not available. Please ensure rbw is installed and configured."
+      exit 1
+    fi
+
+    # Try to get the token from rbw
+    echo "Attempting to retrieve Gitea token from rbw..."
+    echo "Please enter the rbw entry name for your Gitea token:"
+    read -r rbw_entry
+
+    if ! token=$(rbw get "$rbw_entry" 2>/dev/null); then
+      echo "Error: Failed to retrieve token from rbw entry '$rbw_entry'"
+      echo "Available rbw entries:"
+      rbw list 2>/dev/null || echo "Failed to list rbw entries"
+      exit 1
+    fi
+
+    # Prompt for Gitea URL
+    echo "Please enter your Gitea URL (e.g., https://git.example.com):"
+    read -r gitea_url
+
+    # Create tea config directory if it doesn't exist
+    mkdir -p "$TEA_CONFIG_DIR"
+
+    # Setup tea login
+    if ! ${pkgs.tea}/bin/tea login add --name "default" --url "$gitea_url" --token "$token"; then
+      echo "Error: Failed to setup tea authentication"
+      exit 1
+    fi
+
+    echo "Tea authentication setup complete!"
+  }
+
+  # Check if tea is already configured
+  if [[ ! -f "$TEA_CONFIG_FILE" ]]; then
+    setup_tea_auth
+  elif ! ${pkgs.tea}/bin/tea whoami &>/dev/null; then
+    echo "Tea config exists but authentication failed. Re-running setup..."
+    setup_tea_auth
+  fi
+
+  # Execute tea with all provided arguments
+  exec ${pkgs.tea}/bin/tea "$@"
+''

roles/audio/default.nix

@@ -13,6 +13,7 @@ in
   config = mkIf cfg.enable
     {
       environment.systemPackages = with pkgs; [
+        easyeffects
         paprefs
         pavucontrol
         pulsemixer

roles/btrfs/default.nix

@@ -102,6 +102,11 @@ in
   };
 
   config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      btrfs-progs
+      compsize
+    ];
+
     # Generate fileSystems configuration from mountpoints
     fileSystems = mkMerge (flatten (mapAttrsToList (device: fsCfg:
       mapAttrsToList (mountpoint: mountCfg:

roles/darwin.nix

@@ -0,0 +1,84 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  # Extract the set-environment path that nix-darwin generates
+  setEnvironmentPath = "${config.system.build.setEnvironment}";
+in
+{
+  config = {
+    # Salt manages /etc/bashrc, /etc/zshrc, /etc/zshenv
+    # nix-darwin writes to .local variants for nix-specific configuration
+
+    # Disable nix-darwin from managing the main shell files
+    environment.etc."bashrc".enable = false;
+    environment.etc."zshrc".enable = false;
+    environment.etc."zshenv".enable = false;
+
+    # Create .local files with nix environment setup
+    environment.etc."bash.local".text = ''
+      # Nix environment setup
+      if [ -z "$__NIX_DARWIN_SET_ENVIRONMENT_DONE" ]; then
+        . ${setEnvironmentPath}
+      fi
+    '';
+
+    environment.etc."zshrc.local".text = ''
+      # Nix environment setup (already done in zshenv.local)
+    '';
+
+    environment.etc."zshenv.local".text = ''
+      # Nix environment setup
+      if [[ -o rcs ]]; then
+        if [ -z "''${__NIX_DARWIN_SET_ENVIRONMENT_DONE-}" ]; then
+          . ${setEnvironmentPath}
+        fi
+
+        # Tell zsh how to find installed completions
+        for p in ''${(z)NIX_PROFILES}; do
+          fpath=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions $fpath)
+        done
+      fi
+    '';
+
+    time.timeZone = "America/Los_Angeles";
+
+    environment.systemPackages = with pkgs; [
+      git
+      glances
+      pciutils
+      tree
+      usbutils
+      vim
+    ];
+
+    nix = {
+      package = pkgs.nix;
+      # distributedBuilds = true;
+      # buildMachines = [{
+      #   hostName = "z790prors.oglehome";
+      #   system = "x86_64-linux";
+      #   protocol = "ssh-ng";
+      #   sshUser = "johno";
+      #   sshKey = "/root/.ssh/id_ed25519";
+      #   maxJobs = 3;
+      #   speedFactor = 2;
+      # }];
+      settings = {
+        experimental-features = [ "nix-command" "flakes" ];
+        max-jobs = "auto";
+        trusted-users = [ "johno" ];
+        substituters = [
+        ];
+      };
+
+      gc = {
+        automatic = true;
+        options = "--delete-older-than 10d";
+      };
+    };
+
+    nixpkgs.config.allowUnfree = true;
+  };
+}

roles/default.nix

@@ -10,6 +10,7 @@ with lib;
     ./desktop
     ./kodi
     ./nfs-mounts
+    ./nvidia
     ./printing
     ./spotifyd
     ./users

roles/desktop/default.nix

@@ -9,7 +9,10 @@ with lib;
     x11 = mkOption { type = types.bool; default = false; description = "Enable X11 support."; };
     wayland = mkOption { type = types.bool; default = false; description = "Enable Wayland support."; };
     kde = mkOption { type = types.bool; default = false; description = "Enable KDE."; };
-    gaming = mkOption { type = types.bool; default = false; description = "Enable gaming support."; };
+    gaming = {
+      enable = mkOption { type = types.bool; default = false; description = "Enable gaming support."; };
+      emulation = mkOption { type = types.bool; default = false; description = "Enable emulation support."; };
+    };
     sddm = mkOption { type = types.bool; default = false; description = "Enable SDDM greeter."; };
   };
 

roles/desktop/gaming.nix

@@ -6,7 +6,8 @@ let
   cfg = config.roles.desktop;
 in
 {
-  config = mkIf (cfg.enable && cfg.gaming) {
+  config = mkMerge [
+    (mkIf (cfg.enable && cfg.gaming.enable) {
       environment.systemPackages = with pkgs; [
         steam
         lutris
@@ -14,5 +15,13 @@ in
       ];
 
       # Possibly other gaming specific services or settings
-  };
+    })
+
+    (mkIf (cfg.enable && cfg.gaming.emulation) {
+      environment.systemPackages = with pkgs; [
+        ryubing
+        dolphin-emu
+      ];
+    })
+  ];
 }

roles/kodi/default.nix

@@ -4,6 +4,7 @@ with lib;
 
 let
   cfg = config.roles.kodi;
+  customPkgs = pkgs.callPackage ../../packages {};
 in
 {
   options.roles.kodi = {
@@ -14,6 +15,18 @@ in
     wayland = mkOption {
       default = true;
     };
+    appLauncherServer = {
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Enable HTTP app launcher server for remote control";
+      };
+      port = mkOption {
+        type = types.int;
+        default = 8081;
+        description = "Port for the app launcher HTTP server";
+      };
+    };
   };
 
 
@@ -33,17 +46,35 @@ in
       };
 
       networking.firewall = {
-        allowedTCPPorts = [ 8080 ];
+        allowedTCPPorts = [ 8080 ] ++ optional cfg.appLauncherServer.enable cfg.appLauncherServer.port;
         allowedUDPPorts = [ 8080 ];
       };
 
       environment.systemPackages = with pkgs; [
         kodiPkg
         wget
-      ];
+        firefox
+      ] ++ optional cfg.appLauncherServer.enable customPkgs.app-launcher-server;
 
       programs.kdeconnect.enable = true;
 
+      systemd.user.services = mkIf cfg.appLauncherServer.enable {
+        app-launcher-server = {
+          description = "HTTP App Launcher Server";
+          wantedBy = [ "graphical-session.target" ];
+          after = [ "graphical-session.target" ];
+          serviceConfig = {
+            Type = "simple";
+            ExecStart = "${customPkgs.app-launcher-server}/bin/app-launcher-server ${toString cfg.appLauncherServer.port}";
+            Restart = "always";
+            RestartSec = "5s";
+            Environment = [
+              "PATH=${pkgs.firefox}/bin:${kodiPkg}/bin:/run/current-system/sw/bin"
+            ];
+          };
+        };
+      };
+
       services = if cfg.autologin then {
           displayManager = {
             autoLogin.enable = true;

roles/nvidia/default.nix

@@ -0,0 +1,20 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.nvidia;
+in
+{
+  options.roles.nvidia = {
+    enable = mkEnableOption "Enable the nvidia role";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      libva-utils
+      nvidia-vaapi-driver
+      nvtopPackages.nvidia
+    ];
+  };
+}

roles/printing/default.nix

@@ -22,7 +22,7 @@ in
 
       hardware.printers.ensurePrinters = [{
         name = "MFC-L8900CDW_series";
-        deviceUri = "dnssd://Brother%20MFC-L8900CDW%20series._ipp._tcp.local/?uuid=e3248000-80ce-11db-8000-b422006699d8";
+        deviceUri = "ipp://brother.oglehome/ipp/print";
         model = "everywhere";
       }];
       hardware.printers.ensureDefaultPrinter = "MFC-L8900CDW_series";