[home] Update syncthingtray config

Change from explicitly launching syncthingtray to just having it
accessible. I attempted to get plasma-manager to automatically add the
plasmoid but was unsuccessful.

flake.lock

@@ -43,11 +43,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1752402455,
-        "narHash": "sha256-mCHfZhQKdTj2JhCFcqfOfa3uKZbwUkPQbd0/zPnhOE8=",
+        "lastModified": 1755914636,
+        "narHash": "sha256-VJ+Gm6YsHlPfUCpmRQxvdiZW7H3YPSrdVOewQHAhZN8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "bf893ad4cbf46610dd1b620c974f824e266cd1df",
+        "rev": "8b55a6ac58b678199e5bba701aaff69e2b3281c0",
         "type": "github"
       },
       "original": {
@@ -62,11 +62,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1752199438,
-        "narHash": "sha256-xSBMmGtq8K4Qv80TMqREmESCAsRLJRHAbFH2T/2Bf1Y=",
+        "lastModified": 1755261305,
+        "narHash": "sha256-EOqCupB5X5WoGVHVcfOZcqy0SbKWNuY3kq+lj1wHdu8=",
         "owner": "nix-community",
         "repo": "NixOS-WSL",
-        "rev": "d34d9412556d3a896e294534ccd25f53b6822e80",
+        "rev": "203a7b463f307c60026136dd1191d9001c43457f",
         "type": "github"
       },
       "original": {
@@ -78,11 +78,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1751792365,
-        "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
+        "lastModified": 1754725699,
+        "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
+        "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054",
         "type": "github"
       },
       "original": {
@@ -94,11 +94,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1751984180,
-        "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
+        "lastModified": 1755615617,
+        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
+        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
         "type": "github"
       },
       "original": {
@@ -118,11 +118,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1748196248,
-        "narHash": "sha256-1iHjsH6/5UOerJEoZKE+Gx1BgAoge/YcnUsOA4wQ/BU=",
+        "lastModified": 1754501628,
+        "narHash": "sha256-FExJ54tVB5iu7Dh2tLcyCSWpaV+lmUzzWKZUkemwXvo=",
         "owner": "nix-community",
         "repo": "plasma-manager",
-        "rev": "b7697abe89967839b273a863a3805345ea54ab56",
+        "rev": "cca090f8115c4172b9aef6c5299ae784bdd5e133",
         "type": "github"
       },
       "original": {

flake.nix

@@ -74,6 +74,18 @@
       ];
     };
 
+    nixosConfigurations.zix790prors = nixpkgs.lib.nixosSystem rec {
+      system = "x86_64-linux";
+      modules = baseModules ++ [
+        ./machines/zix790prors/configuration.nix
+        inputs.home-manager.nixosModules.home-manager
+        {
+          home-manager.users.johno = import ./home/home.nix;
+          home-manager.extraSpecialArgs = { inherit system; };
+        }
+      ];
+    };
+
     # Live USB ISO configuration
     nixosConfigurations.live-usb = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";

home/home.nix

@@ -57,6 +57,7 @@ in
     pkgs.ncdu
     pkgs.nextcloud-talk-desktop
     pkgs.openscad-unstable
+    pkgs.syncthingtray
     pkgs.pandoc
     #pkgs.pinentry-qt
     #pkgs.pytest
@@ -68,9 +69,7 @@ in
     pkgs.wofi
     pkgs.vlc
 
-    ## Kubernetes cluster management
-    pkgs.kubectl
-    pkgs.kubernetes-helm
+    ## Kubernetes cluster management handled by kubectl-secure module
 
     globalInputs.google-cookie-retrieval.packages.${system}.default
   ];
@@ -117,6 +116,7 @@ in
   imports = [
     ./modules/emacs
     ./modules/i3+sway
+    ./modules/kubectl
     ./modules/plasma-manager
     ./modules/tmux
   ];
@@ -152,7 +152,7 @@ in
 
   programs.jq.enable = true;
 
-  programs.k9s.enable = true;
+  programs.kubectl-secure.enable = true;
 
   programs.neovim = {
     enable = true;
@@ -194,10 +194,6 @@ in
 
   services.syncthing = {
     enable = true;
-    tray = {
-      enable = true;
-      command = "syncthingtray --wait";
-    };
   };
 
   xdg.enable = true;

home/modules/kubectl/default.nix

@@ -0,0 +1,249 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.programs.kubectl-secure;
+in
+{
+  options.programs.kubectl-secure = {
+    enable = mkEnableOption "secure kubectl configuration with Bitwarden integration";
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = with pkgs; [
+      kubectl
+      kubernetes-helm
+    ];
+
+    programs.k9s.enable = true;
+
+    programs.bash.initExtra = mkAfter ''
+      # Kubectl secure session management
+      export KUBECTL_SESSION_DIR="/dev/shm/kubectl-$$"
+      
+      kube-select() {
+        if [[ $# -ne 1 ]]; then
+          echo "Usage: kube-select <context-name>"
+          echo "Available contexts: $(kube-list)"
+          return 1
+        fi
+        
+        local context="$1"
+        
+        # Clean up any existing session first
+        kube-clear 2>/dev/null
+        
+        # Create new session directory
+        mkdir -p "$KUBECTL_SESSION_DIR"
+        chmod 700 "$KUBECTL_SESSION_DIR"
+        
+        # Set cleanup trap for this shell session
+        trap "rm -rf '$KUBECTL_SESSION_DIR' 2>/dev/null" EXIT
+        
+        # Set KUBECONFIG for this session
+        export KUBECONFIG="$KUBECTL_SESSION_DIR/config"
+        
+        # Load config from Bitwarden secure notes
+        if ! rbw get "kubectl-$context" > "$KUBECONFIG" 2>/dev/null; then
+          echo "Error: Could not retrieve kubectl-$context from Bitwarden"
+          echo "Make sure the entry exists with name: kubectl-$context"
+          kube-clear
+          return 1
+        fi
+        
+        # Verify the kubeconfig is valid
+        if ! kubectl config view >/dev/null 2>&1; then
+          echo "Error: Invalid kubeconfig retrieved from Bitwarden"
+          kube-clear
+          return 1
+        fi
+        
+        echo "✓ Loaded kubectl context: $context (session: $$)"
+        echo "  Config location: $KUBECONFIG"
+      }
+      
+      kube-list() {
+        echo "Available kubectl contexts in Bitwarden:"
+        rbw search kubectl- 2>/dev/null | grep "^kubectl-" | sed 's/^kubectl-/  - /' || echo "  (none found or rbw not accessible)"
+      }
+      
+      kube-clear() {
+        if [[ -n "$KUBECTL_TIMEOUT_PID" ]]; then
+          kill "$KUBECTL_TIMEOUT_PID" 2>/dev/null
+          unset KUBECTL_TIMEOUT_PID
+        fi
+        
+        if [[ -d "$KUBECTL_SESSION_DIR" ]]; then
+          rm -rf "$KUBECTL_SESSION_DIR"
+          echo "Cleared kubectl session ($$)"
+        fi
+        
+        unset KUBECONFIG
+      }
+      
+      kube-status() {
+        if [[ -f "$KUBECONFIG" ]]; then
+          local current_context
+          current_context=$(kubectl config current-context 2>/dev/null)
+          if [[ -n "$current_context" ]]; then
+            echo "Active kubectl context: $current_context"
+            echo "Session: $$ | Config: $KUBECONFIG"
+            
+            # Show cluster info
+            local cluster_server
+            cluster_server=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}' 2>/dev/null)
+            if [[ -n "$cluster_server" ]]; then
+              echo "Cluster: $cluster_server"
+            fi
+          else
+            echo "No active context in current session"
+          fi
+        else
+          echo "No kubectl session active in this shell"
+          echo "Use 'kube-select <context>' to start a session"
+        fi
+      }
+
+      # Helper function to show available commands
+      kube-help() {
+        echo "Secure kubectl session management commands:"
+        echo ""
+        echo "Session management:"
+        echo "  kube-select <context>     - Load kubeconfig from Bitwarden"
+        echo "  kube-status              - Show current session status"
+        echo "  kube-clear               - Clear current session"
+        echo ""
+        echo "Configuration management:"
+        echo "  kube-list                - List available contexts in Bitwarden"
+        echo ""
+        echo "Help:"
+        echo "  kube-help                - Show this help"
+        echo ""
+        echo "Examples:"
+        echo "  kube-select prod                     # Loads from secure note"
+        echo "  kubectl get pods"
+        echo "  kube-clear"
+        echo ""
+        echo "Note: Kubeconfigs are stored as secure notes in Bitwarden"
+      }
+    '';
+    
+    programs.zsh.initExtra = mkAfter ''
+      # Kubectl secure session management (zsh)
+      export KUBECTL_SESSION_DIR="/dev/shm/kubectl-$$"
+      
+      kube-select() {
+        if [[ $# -ne 1 ]]; then
+          echo "Usage: kube-select <context-name>"
+          echo "Available contexts: $(kube-list)"
+          return 1
+        fi
+        
+        local context="$1"
+        
+        # Clean up any existing session first
+        kube-clear 2>/dev/null
+        
+        # Create new session directory
+        mkdir -p "$KUBECTL_SESSION_DIR"
+        chmod 700 "$KUBECTL_SESSION_DIR"
+        
+        # Set cleanup trap for this shell session
+        trap "rm -rf '$KUBECTL_SESSION_DIR' 2>/dev/null" EXIT
+        
+        # Set KUBECONFIG for this session
+        export KUBECONFIG="$KUBECTL_SESSION_DIR/config"
+        
+        # Load config from Bitwarden secure notes
+        if ! rbw get "kubectl-$context" > "$KUBECONFIG" 2>/dev/null; then
+          echo "Error: Could not retrieve kubectl-$context from Bitwarden"
+          echo "Make sure the entry exists with name: kubectl-$context"
+          kube-clear
+          return 1
+        fi
+        
+        # Verify the kubeconfig is valid
+        if ! kubectl config view >/dev/null 2>&1; then
+          echo "Error: Invalid kubeconfig retrieved from Bitwarden"
+          kube-clear
+          return 1
+        fi
+        
+        echo "✓ Loaded kubectl context: $context (session: $$)"
+        echo "  Config location: $KUBECONFIG"
+        
+        # Optional: Set timeout cleanup
+        if [[ ${toString cfg.sessionTimeout} -gt 0 ]]; then
+          (sleep ${toString cfg.sessionTimeout}; kube-clear 2>/dev/null) &
+          export KUBECTL_TIMEOUT_PID=$!
+        fi
+      }
+      
+      kube-list() {
+        echo "Available kubectl contexts in Bitwarden:"
+        rbw search kubectl- 2>/dev/null | grep "^kubectl-" | sed 's/^kubectl-/  - /' || echo "  (none found or rbw not accessible)"
+      }
+      
+      kube-clear() {
+        if [[ -n "$KUBECTL_TIMEOUT_PID" ]]; then
+          kill "$KUBECTL_TIMEOUT_PID" 2>/dev/null
+          unset KUBECTL_TIMEOUT_PID
+        fi
+        
+        if [[ -d "$KUBECTL_SESSION_DIR" ]]; then
+          rm -rf "$KUBECTL_SESSION_DIR"
+          echo "Cleared kubectl session ($$)"
+        fi
+        
+        unset KUBECONFIG
+      }
+      
+      kube-status() {
+        if [[ -f "$KUBECONFIG" ]]; then
+          local current_context
+          current_context=$(kubectl config current-context 2>/dev/null)
+          if [[ -n "$current_context" ]]; then
+            echo "Active kubectl context: $current_context"
+            echo "Session: $$ | Config: $KUBECONFIG"
+            
+            # Show cluster info
+            local cluster_server
+            cluster_server=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}' 2>/dev/null)
+            if [[ -n "$cluster_server" ]]; then
+              echo "Cluster: $cluster_server"
+            fi
+          else
+            echo "No active context in current session"
+          fi
+        else
+          echo "No kubectl session active in this shell"
+          echo "Use 'kube-select <context>' to start a session"
+        fi
+      }
+
+      # Helper function to show available commands
+      kube-help() {
+        echo "Secure kubectl session management commands:"
+        echo ""
+        echo "Session management:"
+        echo "  kube-select <context>     - Load kubeconfig from Bitwarden"
+        echo "  kube-status              - Show current session status"
+        echo "  kube-clear               - Clear current session"
+        echo ""
+        echo "Configuration management:"
+        echo "  kube-list                - List available contexts in Bitwarden"
+        echo ""
+        echo "Help:"
+        echo "  kube-help                - Show this help"
+        echo ""
+        echo "Examples:"
+        echo "  kube-select prod                     # Loads from secure note"
+        echo "  kubectl get pods"
+        echo "  kube-clear"
+        echo ""
+        echo "Note: Kubeconfigs are stored as secure notes in Bitwarden"
+      }
+    '';
+  };
+}

machines/boxy/configuration.nix

@@ -17,7 +17,7 @@ with lib;
     bluetooth.enable = true;
     desktop = {
       enable = true;
-      gaming = true;
+      gaming.enable = true;
       kde = true;
       sddm = true;
       wayland = true;

machines/nix-book/configuration.nix

@@ -15,7 +15,7 @@
     desktop = {
       enable = true;
       wayland = true;
-      gaming = false;
+      gaming.enable = false;
       kde = true;
       sddm = true;
     };

machines/zix790prors/configuration.nix

@@ -0,0 +1,92 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+{ lib, pkgs, ... }:
+
+with lib;
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  roles = {
+    audio.enable = true;
+    bluetooth.enable = true;
+    desktop = {
+      enable = true;
+      gaming = {
+        enable = true;
+        emulation = true;
+      };
+      kde = true;
+      sddm = true;
+      wayland = true;
+    };
+    nfs-mounts.enable = true;
+    printing.enable = true;
+    users.enable = true;
+    virtualisation.enable = true;
+  };
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.systemd-boot.configurationLimit = 2; # Reduced to save /boot space (TODO Increase /boot partition size)
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.timeout = 10;
+
+  networking.hostName = "zix790prors"; # Define your hostname.
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Fix dual boot clock sync - tell Linux to use local time for hardware clock
+  time.hardwareClockInLocalTime = true;
+
+  # NVIDIA Graphics configuration
+  services.xserver.videoDrivers = [ "nvidia" ];
+  hardware.graphics.enable = true;
+  hardware.graphics.enable32Bit = true;
+  
+  hardware.nvidia = {
+    # Modesetting is required.
+    modesetting.enable = true;
+    
+    # Enable the Nvidia settings menu,
+    # accessible via `nvidia-settings`.
+    nvidiaSettings = true;
+    
+    # Optionally, you may need to select the appropriate driver version for your specific GPU.
+    package = pkgs.linuxPackages.nvidiaPackages.stable;
+    
+    # Use open source kernel modules (recommended for RTX/GTX 16xx and newer)
+    # Set to false if you have an older GPU
+    open = true;
+    
+    # For gaming performance
+    powerManagement.enable = false;
+    powerManagement.finegrained = false;
+  };
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+  # to actually do that.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "25.11"; # Did you read the comment?
+
+}

machines/zix790prors/hardware-configuration.nix

@@ -0,0 +1,57 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/76B0-738E";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  roles.btrfs = {
+    enable = true;
+    filesystems."/dev/disk/by-uuid/ec22734b-d1a3-4c99-8c6f-86f6a8d79007" = {
+      mountpoints = {
+        "/" = {
+          compression = "zstd";
+          extraOptions = [ "noatime" ];
+        };
+      };
+      scrub.enable = true;
+      deduplication = {
+        enable = true;
+        hashTableSizeMB = 128;
+        verbosity = "err";
+      };
+    };
+    filesystems."/dev/disk/by-uuid/4f9844ac-c1ad-4426-8eb3-21f2306345fb" = {
+      mountpoints = {
+        "/games" = {
+          extraOptions = [ "noatime" ];
+        };
+      };
+      scrub.enable = true;
+      deduplication = {
+        enable = true;
+        hashTableSizeMB = 256;
+        verbosity = "err";
+      };
+    };
+  };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

roles/btrfs/default.nix

@@ -102,6 +102,11 @@ in
   };
 
   config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      btrfs-progs
+      compsize
+    ];
+
     # Generate fileSystems configuration from mountpoints
     fileSystems = mkMerge (flatten (mapAttrsToList (device: fsCfg:
       mapAttrsToList (mountpoint: mountCfg:
@@ -165,4 +170,4 @@ in
       };
     }) cfg.filesystems);
   };
-}
+}

roles/desktop/default.nix

@@ -9,7 +9,10 @@ with lib;
     x11 = mkOption { type = types.bool; default = false; description = "Enable X11 support."; };
     wayland = mkOption { type = types.bool; default = false; description = "Enable Wayland support."; };
     kde = mkOption { type = types.bool; default = false; description = "Enable KDE."; };
-    gaming = mkOption { type = types.bool; default = false; description = "Enable gaming support."; };
+    gaming = {
+      enable = mkOption { type = types.bool; default = false; description = "Enable gaming support."; };
+      emulation = mkOption { type = types.bool; default = false; description = "Enable emulation support."; };
+    };
     sddm = mkOption { type = types.bool; default = false; description = "Enable SDDM greeter."; };
   };
 

roles/desktop/gaming.nix

@@ -6,13 +6,22 @@ let
   cfg = config.roles.desktop;
 in
 {
-  config = mkIf (cfg.enable && cfg.gaming) {
-    environment.systemPackages = with pkgs; [
-      steam
-      lutris
-      moonlight
-    ];
+  config = mkMerge [
+    (mkIf (cfg.enable && cfg.gaming.enable) {
+      environment.systemPackages = with pkgs; [
+        steam
+        lutris
+        moonlight
+      ];
 
-    # Possibly other gaming specific services or settings
-  };
+      # Possibly other gaming specific services or settings
+    })
+
+    (mkIf (cfg.enable && cfg.gaming.emulation) {
+      environment.systemPackages = with pkgs; [
+        ryubing
+        dolphin-emu
+      ];
+    })
+  ];
 }