flake.lock: Update

Flake lock file updates:

• Updated input 'darwin':
    'github:lnl7/nix-darwin/7220b01d679e93ede8d7b25d6f392855b81dd475' (2025-08-15)
  → 'github:lnl7/nix-darwin/8df64f819698c1fee0c2969696f54a843b2231e8' (2025-08-22)
• Updated input 'disko':
    'github:nix-community/disko/8246829f2e675a46919718f9a64b71afe3bfb22d' (2025-08-12)
  → 'github:nix-community/disko/4073ff2f481f9ef3501678ff479ed81402caae6d' (2025-08-18)
• Updated input 'helix':
    'github:helix-editor/helix/a4a2b50a50971bc43952f5f75d19a56689793a6a' (2025-08-15)
  → 'github:helix-editor/helix/22a3b10dd8ab907367ae1fe57d9703e22b30d391' (2025-08-22)
• Updated input 'home-manager':
    'github:nix-community/home-manager/2a749f4790a14f7168be67cdf6e548ef1c944e10' (2025-08-16)
  → 'github:nix-community/home-manager/8b55a6ac58b678199e5bba701aaff69e2b3281c0' (2025-08-23)
• Updated input 'nix2vim':
    'github:gytis-ivaskevicius/nix2vim/94f136cece965e33aa4ccccb4ca1af04772851f4' (2025-07-15)
  → 'github:gytis-ivaskevicius/nix2vim/78467c8de07719f92397179844bf75cdf2e58b83' (2025-08-16)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/fbcf476f790d8a217c3eab4e12033dc4a0f6d23c' (2025-08-14)
  → 'github:nixos/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4' (2025-08-19)
• Updated input 'nur':
    'github:nix-community/nur/160c1c1c8737a0e2109b6181a191779ac2e42f7f' (2025-08-16)
  → 'github:nix-community/nur/1a47d83c521c098debd6d1f2c2ae313a5bb729f9' (2025-08-23)

.github/workflows/arrow-aws.yml

@@ -3,7 +3,7 @@ name: Arrow (AWS)
 run-name: Arrow (AWS) - ${{ inputs.rebuild && 'Rebuild and ' || '' }}${{ inputs.action == 'create' && 'Create' || ( inputs.action == 'destroy' && 'Destroy' || 'No Action' ) }}
 
 env:
-  TERRAFORM_DIRECTORY: hosts/arrow/aws
+  TERRAFORM_DIRECTORY: deploy/aws
   DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
   ARROW_IDENTITY_BASE64: ${{ secrets.ARROW_IDENTITY_BASE64 }}
   ZONE_NAME: masu.rs

.github/workflows/flame.yml

@@ -0,0 +1,200 @@
+name: Flame
+
+run-name: Flame - ${{ inputs.rebuild && 'Rebuild and ' || '' }}${{ inputs.action == 'create' && 'Create' || ( inputs.action == 'destroy' && 'Destroy' || 'No Action' ) }}
+
+env:
+  TERRAFORM_DIRECTORY: deploy/oracle
+  DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
+  FLAME_IDENTITY_BASE64: ${{ secrets.FLAME_IDENTITY_BASE64 }}
+  ZONE_NAME: masu.rs
+  CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+  CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
+  OCI_CLI_USER: "ocid1.user.oc1..aaaaaaaa6lro2eoxdajjypjysepvzcavq5yn4qyozjyebxdiaoqziribuqba"
+  OCI_CLI_TENANCY: "ocid1.tenancy.oc1..aaaaaaaaudwr2ozedhjnrn76ofjgglgug6gexknjisd7gb7tkj3mjdp763da"
+  OCI_CLI_FINGERPRINT: "dd:d0:da:6d:83:46:8b:b3:d9:45:2b:c7:56:ae:30:94"
+  OCI_CLI_KEY_CONTENT: "${{ secrets.OCI_PRIVATE_KEY }}"
+  TF_VAR_oci_private_key: "${{ secrets.OCI_PRIVATE_KEY }}"
+  OCI_CLI_REGION: "us-ashburn-1"
+
+on:
+  workflow_dispatch:
+    inputs:
+      rebuild:
+        description: Rebuild Image
+        type: boolean
+        default: false
+      action:
+        description: Terraform Action
+        type: choice
+        required: true
+        default: create
+        options:
+          - create
+          - destroy
+          - nothing
+
+permissions:
+  id-token: write
+  contents: write
+
+jobs:
+  build-deploy:
+    name: Build and Deploy
+    # runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
+    steps:
+      - name: Checkout Repo Code
+        uses: actions/checkout@v4
+
+      # - name: Write OCI Key to File
+      #   run: |
+      #     echo "${{ env.OCI_PRIVATE_KEY_BASE64 }}" | base64 -d > OCI_PRIVATE_KEY
+
+      # # Enable access to KVM, required to build an image
+      # - name: Enable KVM group perms
+      #   if: inputs.rebuild && inputs.action != 'destroy'
+      #   run: |
+      #       echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
+      #       sudo udevadm control --reload-rules
+      #       sudo udevadm trigger --name-match=kvm
+      #       sudo apt-get install -y qemu-user-static
+
+      # Install Nix
+      - name: Install Nix
+        # if: inputs.rebuild && inputs.action != 'destroy'
+        uses: cachix/install-nix-action@v31.4.1
+        with:
+          enable_kvm: true
+          extra_nix_config: |
+            system = aarch64-linux
+            system-features = aarch64-linux arm-linux kvm
+
+      # Build the image
+      - name: Build Image
+        if: inputs.rebuild && inputs.action != 'destroy'
+        run: nix build .#flame-qcow --system aarch64-linux
+
+      - name: List Images
+        if: inputs.rebuild && inputs.action != 'destroy'
+        run: |
+          ls -lh result/
+          echo "IMAGE_NAME=$(ls result/nixos.qcow2) >> $GITHUB_ENV
+
+      - name: Upload Image to S3
+        if: inputs.rebuild && inputs.action != 'destroy'
+        # env:
+        #   AWS_ACCESS_KEY_ID: "<YOUR_OCI_ACCESS_KEY>"
+        #   AWS_SECRET_ACCESS_KEY: "<YOUR_OCI_SECRET_KEY>"
+        #   AWS_DEFAULT_REGION: "us-ashburn-1" # e.g., us-ashburn-1, us-phoenix-1
+        #   AWS_ENDPOINT_URL: "https://masur.compat.objectstorage.us-ashburn-1.oraclecloud.com"
+        uses: oracle-actions/run-oci-cli-command@v1.3.2
+        with:
+          command: |
+            os object put \
+              --namespace "idptr5akf9pf" \
+              --bucket-name "noahmasur-images" \
+              --name "nixos.qcow2" \
+              --file "${IMAGE_NAME}" \
+              --part-size 128 \ # Optional: Specify part size in MiB for multipart uploads, default is 128 MiB
+              --parallel-upload-count 5 # Optional: Number of parallel uploads, default is 3
+
+      # Login to AWS
+      - name: AWS Assume Role
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::286370965832:role/github_actions_admin
+          aws-region: us-east-1
+
+      # Installs the Terraform binary and some other accessory functions.
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v2
+
+      # Checks whether Terraform is formatted properly. If this fails, you
+      # should install the pre-commit hook.
+      - name: Check Formatting
+        working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+        run: |
+          terraform fmt -no-color -check -diff -recursive
+
+      # Connects to remote state backend and download providers.
+      - name: Terraform Init
+        working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+        run: terraform init -input=false
+
+      # Deploys infrastructure or changes to infrastructure.
+      - name: Terraform Apply
+        if: inputs.action == 'create'
+        working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+        run: |
+          terraform apply \
+            -auto-approve \
+            -input=false
+
+      # Removes infrastructure.
+      - name: Terraform Destroy
+        if: inputs.action == 'destroy'
+        working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+        run: |
+          terraform destroy \
+            -auto-approve \
+            -input=false
+
+      - name: Get Host IP
+        if: inputs.action == 'create'
+        id: host
+        working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+        run: terraform output -raw host_ip
+
+      - name: Wait on SSH
+        if: inputs.action == 'create'
+        run: |
+          for i in $(seq 1 15); do
+            if $(nc -z -w 3 ${{ steps.host.outputs.stdout }} 22); then
+              exit 0
+            fi
+            sleep 10
+          done
+
+      - name: Write Identity Keys to Files
+        if: inputs.action == 'create'
+        run: |
+          echo "${{ env.DEPLOY_IDENTITY_BASE64 }}" | base64 -d > deploy_ed25519
+          chmod 0600 deploy_ed25519
+          echo "${{ env.FLAME_IDENTITY_BASE64 }}" | base64 -d > flame_ed25519
+          chmod 0600 flame_ed25519
+          mkdir -pv "${HOME}/.ssh/"
+          cp deploy_ed25519 "${HOME}/.ssh/id_ed25519"
+
+      - name: Run nixos-anywhere
+        if: inputs.action == 'create'
+        run: |
+          nix run github:nix-community/nixos-anywhere -- --flake github:nmasur/dotfiles#flame --build-on remote --no-reboot --target-host ubuntu@${{ steps.host.outputs.stdout }}
+          reboot now
+
+      - name: Wait on SSH After Reboot
+        if: inputs.action == 'create'
+        run: |
+          for i in $(seq 1 15); do
+            if $(nc -z -w 3 ${{ steps.host.outputs.stdout }} 22); then
+              exit 0
+            fi
+            sleep 10
+          done
+
+      - name: Copy Identity File to Host
+        if: inputs.action == 'create'
+        run: |
+          ssh -i deploy_ed25519 -o StrictHostKeyChecking=accept-new noah@${{ steps.host.outputs.stdout }} 'mkdir -pv .ssh'
+          scp -i deploy_ed25519 flame_ed25519 noah@${{ steps.host.outputs.stdout }}:~/.ssh/id_ed25519
+
+      # - name: Wipe Records
+      #   if: ${{ inputs.action == 'destroy' }}
+      #   run: |
+      #     RECORD_ID=$(curl --request GET \
+      #        --url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records \
+      #        --header 'Content-Type: application/json' \
+      #        --header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}" | jq -r '.result[] | select(.name == "n8n2.${{ env.ZONE_NAME }}") | .id')
+      #     curl --request DELETE \
+      #        --url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records/${RECORD_ID} \
+      #        --header 'Content-Type: application/json' \
+      #        --header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}"

deploy/oracle/main.tf

@@ -0,0 +1,115 @@
+terraform {
+  backend "s3" {
+    bucket       = "noahmasur-terraform"
+    key          = "flame.tfstate"
+    region       = "us-east-1"
+    use_lockfile = true
+  }
+  required_version = ">= 1.0.0"
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = "7.7.0"
+    }
+  }
+}
+
+provider "oci" {
+  auth         = "APIKey"
+  tenancy_ocid = var.compartment_ocid
+  user_ocid    = "ocid1.user.oc1..aaaaaaaa6lro2eoxdajjypjysepvzcavq5yn4qyozjyebxdiaoqziribuqba"
+  private_key  = var.oci_private_key
+  fingerprint  = "dd:d0:da:6d:83:46:8b:b3:d9:45:2b:c7:56:ae:30:94"
+  region       = "us-ashburn-1"
+}
+
+# Get the latest Ubuntu image OCID
+# We'll filter for a recent Ubuntu LTS version (e.g., 22.04 or 24.04) and pick the latest.
+# Note: Image OCIDs are region-specific. This data source helps find the correct one.
+data "oci_core_images" "ubuntu_image" {
+  compartment_id   = var.compartment_ocid
+  operating_system = "Canonical Ubuntu"
+  # Adjust this version if you prefer a different Ubuntu LTS (e.g., "24.04")
+  operating_system_version = "24.04"
+  shape                    = var.instance_shape # Filter by the shape to ensure compatibility
+  sort_by                  = "TIMECREATED"
+  sort_order               = "DESC"
+}
+
+# resource "oci_core_image" "my_custom_image" {
+#   compartment_id = var.compartment_ocid
+#   display_name   = "noah-nixos"
+
+#   image_source_details {
+#     source_type = "objectStorageTuple" # Use this if specifying namespace, bucket, and object name
+#     # source_type  = "objectStorageUri"  # Use this if you have a pre-authenticated request URL (PAR)
+#     namespace_name = var.object_storage_namespace
+#     bucket_name    = var.object_storage_bucket_name
+#     object_name    = var.object_storage_object_name
+
+#     source_image_type = "QCOW2" # e.g., "QCOW2", "VMDK"
+
+#     # These properties help OCI understand how to launch instances from this image
+#     # Adjust based on your custom image's OS and boot mode
+#     operating_system         = "NixOS" # e.g., "CentOS", "Debian", "Windows"
+#     operating_system_version = "25.05" # e.g., "7", "11", "2019"
+#   }
+
+#   launch_mode = "PARAVIRTUALIZED" # Or "NATIVE", "EMULATED", "CUSTOM"
+#   # Optional: for specific launch options if your image requires them
+#   # launch_options {
+#   #   boot_volume_type = "PARAVIRTUALIZED"
+#   #   firmware         = "UEFI_64" # Or "BIOS"
+#   #   network_type     = "PARAVIRTUALIZED"
+#   # }
+
+#   # Time out for image import operation. Can take a while for large images.
+#   timeouts {
+#     create = "60m" # Default is 20m, often needs to be increased
+#   }
+# }
+
+data "oci_identity_availability_domains" "ads" {
+  compartment_id = var.compartment_ocid
+}
+
+resource "oci_core_instance" "my_compute_instance" {
+  compartment_id      = var.compartment_ocid
+  availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name
+  shape               = var.instance_shape
+  display_name        = var.instance_display_name
+
+  source_details {
+    source_type = "image"
+    # Use the OCID of the latest Ubuntu image found by the data source
+    source_id = data.oci_core_images.ubuntu_image.images[0].id
+    # # Use the OCID of the newly imported custom image
+    # source_id = oci_core_image.my_custom_image.id
+    # Specify the boot volume size
+    boot_volume_size_in_gbs = var.boot_volume_size_in_gbs
+    boot_volume_vpus_per_gb = 20 # Highest free tier option
+  }
+
+  # launch_options {
+  #   is_consistent_volume_naming_enabled = true              # Sets boot device path to /dev/oracleoci/oraclevda
+  #   network_type                        = "PARAVIRTUALIZED" # I think this is the default?
+  # }
+
+  create_vnic_details {
+    subnet_id        = oci_core_subnet.my_public_subnet.id # Use the created subnet's ID
+    display_name     = "primary_vnic"
+    assign_public_ip = true
+    hostname_label   = "flame"
+  }
+
+  metadata = {
+    ssh_authorized_keys = var.ssh_public_key
+    user_data           = base64encode(var.cloud_init_script)
+  }
+
+  # Optional: For flexible shapes (e.g., VM.Standard.E4.Flex), you might need to specify OCPUs and memory
+  shape_config {
+    ocpus         = 4
+    memory_in_gbs = 24
+  }
+}

deploy/oracle/network.tf

@@ -0,0 +1,126 @@
+resource "oci_core_vcn" "my_vpc" {
+  compartment_id = var.compartment_ocid
+  display_name   = "main"
+  cidr_block     = "10.0.0.0/16"
+  is_ipv6enabled = false
+  dns_label      = "mainvcn" # Must be unique within your tenancy
+}
+
+resource "oci_core_internet_gateway" "my_igw" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.my_vpc.id
+  display_name   = "main-igw"
+  enabled        = true
+}
+
+resource "oci_core_route_table" "my_public_route_table" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.my_vpc.id
+  display_name   = "main-public-rt"
+
+  # Default route to the Internet Gateway
+  route_rules {
+    destination       = "0.0.0.0/0"
+    destination_type  = "CIDR_BLOCK"
+    network_entity_id = oci_core_internet_gateway.my_igw.id
+  }
+}
+
+resource "oci_core_security_list" "my_public_security_list" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.my_vpc.id
+  display_name   = "main-public-sl"
+
+  # Egress Rules (Allow all outbound traffic)
+  egress_security_rules {
+    destination      = "0.0.0.0/0"
+    destination_type = "CIDR_BLOCK"
+    protocol         = "all"
+  }
+
+  # Ingress Rules
+  ingress_security_rules {
+    # SSH (TCP 22)
+    protocol    = "6" # TCP
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    tcp_options {
+      min = 22
+      max = 22
+    }
+  }
+
+  ingress_security_rules {
+    # HTTP (TCP 80)
+    protocol    = "6" # TCP
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    tcp_options {
+      min = 80
+      max = 80
+    }
+  }
+
+  ingress_security_rules {
+    # HTTPS (TCP 443)
+    protocol    = "6" # TCP
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    tcp_options {
+      min = 443
+      max = 443
+    }
+  }
+
+  ingress_security_rules {
+    # Custom Minecraft
+    protocol    = "6" # TCP
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    tcp_options {
+      min = 49732
+      max = 49732
+    }
+  }
+
+  ingress_security_rules {
+    # HTTPS (UDP 443) - For QUIC or specific UDP services
+    protocol    = "17" # UDP
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    udp_options {
+      min = 443
+      max = 443
+    }
+  }
+
+  ingress_security_rules {
+    # ICMP (Ping)
+    protocol    = "1" # ICMP
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    icmp_options {
+      type = 3 # Destination Unreachable (common for connectivity checks)
+      code = 4 # Fragmentation needed
+    }
+  }
+  ingress_security_rules {
+    protocol    = "1" # ICMP
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    icmp_options {
+      type = 8 # Echo Request (ping)
+    }
+  }
+}
+
+resource "oci_core_subnet" "my_public_subnet" {
+  compartment_id             = var.compartment_ocid
+  vcn_id                     = oci_core_vcn.my_vpc.id
+  display_name               = "main-public-subnet"
+  cidr_block                 = "10.0.0.0/24"
+  prohibit_public_ip_on_vnic = false # Allows instances in this subnet to get public IPs
+  route_table_id             = oci_core_route_table.my_public_route_table.id
+  security_list_ids          = [oci_core_security_list.my_public_security_list.id]
+  dns_label                  = "mainsub" # Must be unique within the VCN
+}

deploy/oracle/outputs.tf

@@ -0,0 +1,19 @@
+output "host_ip" {
+  description = "The public IP address of the launched instance."
+  value       = oci_core_instance.my_compute_instance.public_ip
+}
+
+output "instance_id" {
+  description = "The OCID of the launched instance."
+  value       = oci_core_instance.my_compute_instance.id
+}
+
+output "vpc_ocid" {
+  description = "The OCID of the created VCN."
+  value       = oci_core_vcn.my_vpc.id
+}
+
+output "subnet_ocid" {
+  description = "The OCID of the created public subnet."
+  value       = oci_core_subnet.my_public_subnet.id
+}

deploy/oracle/variables.tf

@@ -0,0 +1,63 @@
+variable "boot_volume_size_in_gbs" {
+  description = "The size of the boot volume in GBs."
+  type        = number
+  default     = 150
+}
+
+variable "cloud_init_script" {
+  description = "A cloud-init script to run on instance launch."
+  type        = string
+  default     = <<-EOF
+              #!/bin/bash
+              echo "Hello from cloud-init!" > /home/ubuntu/cloud-init-output.txt
+              EOF
+}
+
+variable "compartment_ocid" {
+  description = "The OCID of the compartment where the instance will be created."
+  type        = string
+  default     = "ocid1.tenancy.oc1..aaaaaaaaudwr2ozedhjnrn76ofjgglgug6gexknjisd7gb7tkj3mjdp763da"
+}
+
+variable "instance_display_name" {
+  description = "A user-friendly name for the instance."
+  type        = string
+  default     = "noah-nixos"
+}
+
+variable "instance_shape" {
+  description = "The shape of the OCI compute instance."
+  type        = string
+  default     = "VM.Standard.A1.Flex" # Example shape. Choose one available in your region/AD.
+}
+
+variable "object_storage_namespace" {
+  description = "Your OCI Object Storage namespace (usually your tenancy name)."
+  type        = string
+  default     = "idptr5akf9pf"
+}
+
+variable "object_storage_bucket_name" {
+  description = "The name of the Object Storage bucket where your custom image is located."
+  type        = string
+  default     = "noahmasur-images"
+}
+
+variable "object_storage_object_name" {
+  description = "The object name (file name) of your custom image in Object Storage."
+  type        = string
+  default     = "nixos.qcow2"
+}
+
+variable "oci_private_key" {
+  type        = string
+  description = "API private key for Oracle Cloud management"
+  sensitive   = true
+}
+
+variable "ssh_public_key" {
+  description = "Your public SSH key content."
+  type        = string
+  # default     = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpPU2G9rSF8Q6waH62IJexDCQ6lY+8ZyVufGE3xMDGw actions-deploy"
+}

flake.lock

@@ -22,11 +22,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1746254942,
+        "lastModified": 1755825449,
-        "narHash": "sha256-Y062AuRx6l+TJNX8wxZcT59SSLsqD9EedAY0mqgTtQE=",
+        "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "760a11c87009155afa0140d55c40e7c336d62d7a",
+        "rev": "8df64f819698c1fee0c2969696f54a843b2231e8",
         "type": "github"
       },
       "original": {
@@ -43,11 +43,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1745812220,
+        "lastModified": 1755519972,
-        "narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=",
+        "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "d0c543d740fad42fe2c035b43c9d41127e073c78",
+        "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d",
         "type": "github"
       },
       "original": {
@@ -76,11 +76,11 @@
     "flake-compat_2": {
       "flake": false,
       "locked": {
-        "lastModified": 1733328505,
+        "lastModified": 1747046372,
-        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
         "type": "github"
       },
       "original": {
@@ -111,24 +111,6 @@
       }
     },
     "flake-utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_2": {
       "inputs": {
         "systems": [
           "mac-app-util",
@@ -148,27 +130,9 @@
         "type": "indirect"
       }
     },
-    "flake-utils_3": {
+    "flake-utils_2": {
       "inputs": {
-        "systems": "systems_3"
+        "systems": "systems_2"
-      },
-      "locked": {
-        "lastModified": 1705309234,
-        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_4": {
-      "inputs": {
-        "systems": "systems_4"
       },
       "locked": {
         "lastModified": 1731533236,
@@ -186,18 +150,17 @@
     },
     "helix": {
       "inputs": {
-        "flake-utils": "flake-utils",
         "nixpkgs": [
           "nixpkgs"
         ],
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1746193606,
+        "lastModified": 1755869734,
-        "narHash": "sha256-LD3ce/SlIY8Wr8XG52EI5t9bNa/peBCXykIJBvcGmO8=",
+        "narHash": "sha256-d9hwkPwlpbih4DVbsV0zrK5i2J6cRT7ifrDYK5LZQs8=",
         "owner": "helix-editor",
         "repo": "helix",
-        "rev": "12139a4c30ad20d9a1b181de69532a57601cf96f",
+        "rev": "22a3b10dd8ab907367ae1fe57d9703e22b30d391",
         "type": "github"
       },
       "original": {
@@ -213,11 +176,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1746243165,
+        "lastModified": 1755914636,
-        "narHash": "sha256-DQycVmlyLQNLjLJ/FzpokVmbxGQ8HjQQ4zN4nyq2vII=",
+        "narHash": "sha256-VJ+Gm6YsHlPfUCpmRQxvdiZW7H3YPSrdVOewQHAhZN8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "c0962eeeabfb8127713f859ec8a5f0e86dead0f2",
+        "rev": "8b55a6ac58b678199e5bba701aaff69e2b3281c0",
         "type": "github"
       },
       "original": {
@@ -231,11 +194,11 @@
       "inputs": {
         "cl-nix-lite": "cl-nix-lite",
         "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils",
         "nixpkgs": [
           "nixpkgs"
         ],
-        "systems": "systems_2"
+        "systems": "systems"
       },
       "locked": {
         "lastModified": 1742156590,
@@ -253,17 +216,17 @@
     },
     "nix2vim": {
       "inputs": {
-        "flake-utils": "flake-utils_3",
+        "flake-utils": "flake-utils_2",
         "nixpkgs": [
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1745846717,
+        "lastModified": 1755344765,
-        "narHash": "sha256-GjwZEjCrI1/tQYylAQ+hU5JYD2hJI+rZmfICCIniWuE=",
+        "narHash": "sha256-k/Cvh/mzb5lSvilKdgwNBCyAyYmD8YPr1nc0sTSgwxI=",
         "owner": "gytis-ivaskevicius",
         "repo": "nix2vim",
-        "rev": "0cd899a39b56d665115f72ffc7c37e0f4cf41dbe",
+        "rev": "78467c8de07719f92397179844bf75cdf2e58b83",
         "type": "github"
       },
       "original": {
@@ -295,11 +258,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742568034,
+        "lastModified": 1751903740,
-        "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
+        "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
+        "rev": "032decf9db65efed428afd2fa39d80f7089085eb",
         "type": "github"
       },
       "original": {
@@ -310,11 +273,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1748693115,
+        "lastModified": 1755615617,
-        "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
+        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
+        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
         "type": "github"
       },
       "original": {
@@ -361,15 +324,14 @@
         "flake-parts": "flake-parts",
         "nixpkgs": [
           "nixpkgs"
-        ],
+        ]
-        "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1746282980,
+        "lastModified": 1755918818,
-        "narHash": "sha256-KOkO6aDwI8FOmMMv3MdO2WL95lMOJR4qDMUHPOoFtyM=",
+        "narHash": "sha256-a7k/fml8k4CxIcVW26luwqVl3lsRMNXBRCyC8uSF0GA=",
         "owner": "nix-community",
         "repo": "nur",
-        "rev": "e4be6680a4b231e712fef9c1cd5714f08a1ce51b",
+        "rev": "1a47d83c521c098debd6d1f2c2ae313a5bb729f9",
         "type": "github"
       },
       "original": {
@@ -391,7 +353,6 @@
         "nixpkgs-stable": "nixpkgs-stable",
         "nur": "nur",
         "wsl": "wsl",
-        "yazi": "yazi",
         "zellij-switch": "zellij-switch",
         "zenyd-mpv-scripts": "zenyd-mpv-scripts"
       }
@@ -418,27 +379,6 @@
       }
     },
     "rust-overlay_2": {
-      "inputs": {
-        "nixpkgs": [
-          "yazi",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1745116541,
-        "narHash": "sha256-5xzA6dTfqCfTTDCo3ipPZzrg3wp01xmcr73y4cTNMP8=",
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "rev": "e2142ef330a61c02f274ac9a9cb6f8487a5d0080",
-        "type": "github"
-      },
-      "original": {
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "type": "github"
-      }
-    },
-    "rust-overlay_3": {
       "inputs": {
         "nixpkgs": "nixpkgs_2"
       },
@@ -457,21 +397,6 @@
       }
     },
     "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "systems_2": {
       "locked": {
         "lastModified": 1689347925,
         "narHash": "sha256-ozenz5bFe1UUqOn7f60HRmgc01BgTGIKZ4Xl+HbocGQ=",
@@ -486,6 +411,21 @@
         "type": "github"
       }
     },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "systems_3": {
       "locked": {
         "lastModified": 1681028828,
@@ -501,57 +441,6 @@
         "type": "github"
       }
     },
-    "systems_4": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "systems_5": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "treefmt-nix": {
-      "inputs": {
-        "nixpkgs": [
-          "nur",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1733222881,
-        "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
-        "owner": "numtide",
-        "repo": "treefmt-nix",
-        "rev": "49717b5af6f80172275d47a418c9719a31a78b53",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "treefmt-nix",
-        "type": "github"
-      }
-    },
     "wsl": {
       "inputs": {
         "flake-compat": "flake-compat_2",
@@ -560,11 +449,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1744290088,
+        "lastModified": 1755261305,
-        "narHash": "sha256-/X9XVEl0EiyisNbF5srrxXRSVoRqdwExuqyspYqqEjQ=",
+        "narHash": "sha256-EOqCupB5X5WoGVHVcfOZcqy0SbKWNuY3kq+lj1wHdu8=",
         "owner": "nix-community",
         "repo": "NixOS-WSL",
-        "rev": "60b4904a1390ac4c89e93d95f6ed928975e525ed",
+        "rev": "203a7b463f307c60026136dd1191d9001c43457f",
         "type": "github"
       },
       "original": {
@@ -573,35 +462,13 @@
         "type": "github"
       }
     },
-    "yazi": {
-      "inputs": {
-        "flake-utils": "flake-utils_4",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "rust-overlay": "rust-overlay_2"
-      },
-      "locked": {
-        "lastModified": 1746209831,
-        "narHash": "sha256-1R1MRxHmTbNUASTCdJTaaIEUevx18+XpVVxEcb0q7VM=",
-        "owner": "sxyazi",
-        "repo": "yazi",
-        "rev": "a201c93419bede1f35c69a6b8b21ebbf4a752e6e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "sxyazi",
-        "repo": "yazi",
-        "type": "github"
-      }
-    },
     "zellij-switch": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
         ],
-        "rust-overlay": "rust-overlay_3",
+        "rust-overlay": "rust-overlay_2",
-        "systems": "systems_5"
+        "systems": "systems_3"
       },
       "locked": {
         "lastModified": 1742588229,

flake.nix

@@ -76,12 +76,6 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    # Terminal file manager
-    yazi = {
-      url = "github:sxyazi/yazi";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     # # Nextcloud Apps
     # nextcloud-news = {
     #   # https://github.com/nextcloud/news/releases
@@ -132,6 +126,7 @@
           metrics = "metrics.${baseName}";
           minecraft = "minecraft.${baseName}";
           n8n = "n8n.${baseName}";
+          navidrome = "music.${baseName}";
           notifications = "ntfy.${baseName}";
           paperless = "paper.${baseName}";
           photos = "photos.${baseName}";
@@ -183,16 +178,18 @@
         ) hosts
       ) lib.hosts;
 
-      homeConfigurations = builtins.mapAttrs (
+      homeConfigurations = flattenAttrset (
-        system: hosts:
         builtins.mapAttrs (
-          name: module:
+          system: hosts:
-          lib.buildHome {
+          builtins.mapAttrs (
-            inherit system module;
+            name: module:
-            specialArgs = { inherit hostnames; };
+            lib.buildHome {
-          }
+              inherit system module;
-        ) hosts
+              specialArgs = { inherit hostnames; };
-      ) homeModules;
+            }
+          ) hosts
+        ) homeModules
+      );
 
       # Disk formatting, only used once
       diskoConfigurations = {
@@ -213,6 +210,12 @@
             format = "iso";
             specialArgs = { inherit hostnames; };
           };
+          "${name}-qcow" = lib.generateImage {
+            inherit system module;
+            format = "qcow-efi";
+            specialArgs = { inherit hostnames; };
+            # extraModules = [ "${nixpkgs}/nixos/modules/virtualisation/oci-image.nix" ];
+          };
         }) hosts)
       ) lib.linuxHosts # x86_64-linux = { arrow = ...; swan = ...; }
       ;
@@ -229,7 +232,13 @@
         lib.pkgsBySystem.${system}.nmasur
         //
           # Share generated images for each relevant host
-          generators.${system}
+          (if (lib.hasInfix "linux" system) then generators.${system} else { })
+
+        # //
+        #   # Oracle
+        #   {
+        #     flame-oci = nixosConfigurations.flame.config.system.build.OCIImage;
+        #   }
       );
 
       # Development environments

hosts/aarch64-linux/flame/default.nix

@@ -37,18 +37,18 @@ rec {
   system.stateVersion = "23.05";
   # File systems must be declared in order to boot
 
-  # This is the root filesystem containing NixOS
+  # # This is the root filesystem containing NixOS
-  # I forgot to set a clean label for it
+  # # I forgot to set a clean label for it
-  fileSystems."/" = {
+  # fileSystems."/" = {
-    device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
+  #   device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
-    fsType = "ext4";
+  #   fsType = "ext4";
-  };
+  # };
 
-  # This is the boot filesystem for systemd-boot
+  # # This is the boot filesystem for systemd-boot
-  fileSystems."/boot" = {
+  # fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/D5CA-237A";
+  #   device = "/dev/disk/by-uuid/D5CA-237A";
-    fsType = "vfat";
+  #   fsType = "vfat";
-  };
+  # };
 
   # Allows private remote access over the internet
   nmasur.presets.services.cloudflared = {
@@ -58,4 +58,111 @@ rec {
       ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
     };
   };
+
+  # Taken from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-common.nix
+
+  # fileSystems."/" = {
+  #   device = "/dev/disk/by-label/nixos";
+  #   fsType = "ext4";
+  #   autoResize = true;
+  # };
+
+  # fileSystems."/boot" = {
+  #   device = "/dev/disk/by-label/ESP";
+  #   fsType = "vfat";
+  # };
+
+  boot.loader.efi.canTouchEfiVariables = false;
+  boot.loader.grub = {
+    device = "nodev";
+    splashImage = null;
+    extraConfig = ''
+      serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
+      terminal_input --append serial
+      terminal_output --append serial
+    '';
+    efiInstallAsRemovable = true;
+    efiSupport = true;
+  };
+  boot.loader.systemd-boot.enable = false;
+
+  # https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/configuringntpservice.htm#Configuring_the_Oracle_Cloud_Infrastructure_NTP_Service_for_an_Instance
+  networking.timeServers = [ "169.254.169.254" ];
+
+  boot.growPartition = true;
+  boot.kernelParams = [
+    "net.ifnames=0"
+
+    "nvme.shutdown_timeout=10"
+    "nvme_core.shutdown_timeout=10"
+    "libiscsi.debug_libiscsi_eh=1"
+    "crash_kexec_post_notifiers"
+
+    # aarch64-linux
+    "console=ttyAMA0,115200n8"
+
+    # VNC console
+    "console=tty1"
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "virtio_net"
+    "virtio_pci"
+    "virtio_mmio"
+    "virtio_blk"
+    "virtio_scsi"
+    "9p"
+    "9pnet_virtio"
+  ];
+  boot.initrd.kernelModules = [
+    "virtio_balloon"
+    "virtio_console"
+    "virtio_rng"
+    "virtio_gpu"
+  ];
+
+  networking.useDHCP = true;
+  # networking = {
+  #   defaultGateway = "10.0.0.1";
+  #   interfaces.eth0 = {
+  #     ipAddress = throw "set your own";
+  #     prefixLength = 24;
+  #   };
+  # };
+
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        # device = "/dev/oracleoci/oraclevda"; # Consistent volume naming
+        device = "/dev/sda"; # Consistent volume naming
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+
+  # # Otherwise the instance may not have a working network-online.target,
+  # # making the fetch-ssh-keys.service fail
+  # networking.useNetworkd = true;
 }

lib/default.nix

@@ -68,7 +68,6 @@ lib
     inputs.nix2vim.overlay
     inputs.zellij-switch.overlays.default
     inputs.helix.overlays.default
-    inputs.yazi.overlays.default
   ] ++ (importOverlays ../overlays);
 
   # System types to support.
@@ -193,6 +192,11 @@ lib
       nmasur.profiles.wsl.enable = lib.mkForce false;
       boot.loader.grub.enable = lib.mkForce false;
     };
+    qcow-efi = {
+      nmasur.profiles.wsl.enable = lib.mkForce false;
+      boot.loader.grub.enable = lib.mkForce false;
+      fileSystems."/boot".device = lib.mkForce "/dev/disk/by-label/ESP";
+    };
   };
 
   generateImage =

modules/darwin/homebrew.nix

@@ -9,8 +9,8 @@
   # Homebrew - Mac-specific packages that aren't in Nix
   config = lib.mkIf pkgs.stdenv.isDarwin {
 
-    # Requires Homebrew to be installed
+    # # Requires Homebrew to be installed
-    system.activationScripts.preUserActivation.text = ''
+    system.activationScripts.preActivation.text = ''
       if ! xcode-select --version 2>/dev/null; then
         $DRY_RUN_CMD xcode-select --install
       fi

pkgs/slsk-batchdl/nuget-deps.nix

@@ -0,0 +1,248 @@
+{ fetchNuGet }:
+[
+  (fetchNuGet {
+    pname = "AngleSharp";
+    version = "1.2.0";
+    hash = "sha256-l8+Var9o773VL6Ybih3boaFf9sYjS7eqtLGd8DCIPsk=";
+  })
+  (fetchNuGet {
+    pname = "EmbedIO";
+    version = "3.5.2";
+    hash = "sha256-e6GfVHXxYeUw3ntCrHokNoAS6mXArO7+vdMeUFnsSo8=";
+  })
+  (fetchNuGet {
+    pname = "Goblinfactory.ProgressBar";
+    version = "1.0.0";
+    hash = "sha256-tV3Fw792zfYhB2dN97VKXBwS5eypqKExgAJy+bcDo8I=";
+  })
+  (fetchNuGet {
+    pname = "Google.Apis";
+    version = "1.69.0";
+    hash = "sha256-/9JN0CZIFZnmGS69ki38RlNzQiwp4yO0MFDeRk1slsg=";
+  })
+  (fetchNuGet {
+    pname = "Google.Apis.Auth";
+    version = "1.69.0";
+    hash = "sha256-T6n3hc+KpgHNqQQeJLOmgHQWkjBvnhIob5giHabREV8=";
+  })
+  (fetchNuGet {
+    pname = "Google.Apis.Core";
+    version = "1.69.0";
+    hash = "sha256-IW1AOY8o6hHkrc/tINsS/VCOUrOSoXb6OCSEF6gamkc=";
+  })
+  (fetchNuGet {
+    pname = "Google.Apis.YouTube.v3";
+    version = "1.69.0.3680";
+    hash = "sha256-3aNScBqmchnDkLejK5HYHiLVVDexrFUtZ6xe8cGP28M=";
+  })
+  (fetchNuGet {
+    pname = "HtmlAgilityPack";
+    version = "1.11.72";
+    hash = "sha256-MRt7yj6+/ORmr2WBERpQ+1gMRzIaPFKddHoB4zZmv2k=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.ApplicationInsights";
+    version = "2.22.0";
+    hash = "sha256-mUQ63atpT00r49ca50uZu2YCiLg3yd6r3HzTryqcuEA=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.AspNetCore.App.Ref";
+    version = "6.0.36";
+    hash = "sha256-9jDkWbjw/nd8yqdzVTagCuqr6owJ/DUMi4BlUZT4hWU=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.Bcl.AsyncInterfaces";
+    version = "9.0.1";
+    hash = "sha256-A3W2Hvhlf1ODx1NYWHwUyziZOGMaDPvXHZ/ubgNLYJA=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.CodeCoverage";
+    version = "17.9.0";
+    hash = "sha256-OaGa4+jRPHs+T+p/oekm2Miluqfd2IX8Rt+BmUx8kr4=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.CSharp";
+    version = "4.7.0";
+    hash = "sha256-Enknv2RsFF68lEPdrf5M+BpV1kHoLTVRApKUwuk/pj0=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.NET.Test.Sdk";
+    version = "17.9.0";
+    hash = "sha256-q/1AJ7eNlk02wvN76qvjl2xBx5iJ+h5ssiE/4akLmtI=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.NETCore.App.Host.linux-x64";
+    version = "6.0.36";
+    hash = "sha256-VFRDzx7LJuvI5yzKdGmw/31NYVbwHWPKQvueQt5xc10=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.NETCore.App.Ref";
+    version = "6.0.36";
+    hash = "sha256-9LZgVoIFF8qNyUu8kdJrYGLutMF/cL2K82HN2ywwlx8=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.Testing.Extensions.Telemetry";
+    version = "1.5.3";
+    hash = "sha256-bIXwPSa3jkr2b6xINOqMUs6/uj/r4oVFM7xq3uVIZDU=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.Testing.Extensions.TrxReport.Abstractions";
+    version = "1.5.3";
+    hash = "sha256-IfMRfcyaIKEMRtx326ICKtinDBEfGw/Sv8ZHawJ96Yc=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.Testing.Extensions.VSTestBridge";
+    version = "1.5.3";
+    hash = "sha256-XpM/yFjhLSsuzyDV+xKubs4V1zVVYiV05E0+N4S1h0g=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.Testing.Platform";
+    version = "1.5.3";
+    hash = "sha256-y61Iih6w5D79dmrj2V675mcaeIiHoj1HSa1FRit2BLM=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.Testing.Platform.MSBuild";
+    version = "1.5.3";
+    hash = "sha256-YspvjE5Jfi587TAfsvfDVJXNrFOkx1B3y1CKV6m7YLY=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.TestPlatform.ObjectModel";
+    version = "17.12.0";
+    hash = "sha256-3XBHBSuCxggAIlHXmKNQNlPqMqwFlM952Av6RrLw1/w=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.TestPlatform.ObjectModel";
+    version = "17.9.0";
+    hash = "sha256-iiXUFzpvT8OWdzMj9FGJDqanwHx40s1TXVY9l3ii+s0=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.TestPlatform.TestHost";
+    version = "17.9.0";
+    hash = "sha256-1BZIY1z+C9TROgdTV/tq4zsPy7Q71GQksr/LoMKAzqU=";
+  })
+  (fetchNuGet {
+    pname = "MSTest.Analyzers";
+    version = "3.7.3";
+    hash = "sha256-6mNfHtx9FBWA6/QrRUepwbxXWG/54GRyeZYazDiMacg=";
+  })
+  (fetchNuGet {
+    pname = "MSTest.TestAdapter";
+    version = "3.7.3";
+    hash = "sha256-3O/AXeS+3rHWstinivt73oa0QDp+xQpTc9p46EF+Mtc=";
+  })
+  (fetchNuGet {
+    pname = "MSTest.TestFramework";
+    version = "3.7.3";
+    hash = "sha256-RweCMMf14GI6HqjDIP68JM67IaJKYQTZy0jk5Q4DFxs=";
+  })
+  (fetchNuGet {
+    pname = "Newtonsoft.Json";
+    version = "13.0.1";
+    hash = "sha256-K2tSVW4n4beRPzPu3rlVaBEMdGvWSv/3Q1fxaDh4Mjo=";
+  })
+  (fetchNuGet {
+    pname = "Newtonsoft.Json";
+    version = "13.0.3";
+    hash = "sha256-hy/BieY4qxBWVVsDqqOPaLy1QobiIapkbrESm6v2PHc=";
+  })
+  (fetchNuGet {
+    pname = "SmallestCSVParser";
+    version = "1.1.1";
+    hash = "sha256-64E87w+4FcQtYsFIOMGGmYmjXVGBwsBqgLVb7p0wc04=";
+  })
+  (fetchNuGet {
+    pname = "Soulseek";
+    version = "7.1.0";
+    hash = "sha256-n6LUNuPmmy9QYNNALR0ObYyR9LJalf0H8P+SKnoqfFc=";
+  })
+  (fetchNuGet {
+    pname = "SpotifyAPI.Web";
+    version = "7.2.1";
+    hash = "sha256-gbTLJaj7DSXZQlo0xpegZ8HLruMe6WmDyD8+l6YE3hg=";
+  })
+  (fetchNuGet {
+    pname = "SpotifyAPI.Web.Auth";
+    version = "7.2.1";
+    hash = "sha256-uzpyPlXNCuSHrcK4SKH0ydY2HlDKXU51W5ahk2Oqu98=";
+  })
+  (fetchNuGet {
+    pname = "System.Buffers";
+    version = "4.5.1";
+    hash = "sha256-wws90sfi9M7kuCPWkv1CEYMJtCqx9QB/kj0ymlsNaxI=";
+  })
+  (fetchNuGet {
+    pname = "System.CodeDom";
+    version = "7.0.0";
+    hash = "sha256-7IPt39cY+0j0ZcRr/J45xPtEjnSXdUJ/5ai3ebaYQiE=";
+  })
+  (fetchNuGet {
+    pname = "System.Diagnostics.DiagnosticSource";
+    version = "5.0.0";
+    hash = "sha256-6mW3N6FvcdNH/pB58pl+pFSCGWgyaP4hfVtC/SMWDV4=";
+  })
+  (fetchNuGet {
+    pname = "System.IO.Pipelines";
+    version = "9.0.1";
+    hash = "sha256-CnmDanknCGbNnoDjgZw62M/Grg8IMTJDa8x3P07UR2A=";
+  })
+  (fetchNuGet {
+    pname = "System.Management";
+    version = "7.0.2";
+    hash = "sha256-bJ21ILQfbHb8mX2wnVh7WP/Ip7gdVPIw+BamQuifTVY=";
+  })
+  (fetchNuGet {
+    pname = "System.Memory";
+    version = "4.5.5";
+    hash = "sha256-EPQ9o1Kin7KzGI5O3U3PUQAZTItSbk9h/i4rViN3WiI=";
+  })
+  (fetchNuGet {
+    pname = "System.Memory";
+    version = "4.6.0";
+    hash = "sha256-OhAEKzUM6eEaH99DcGaMz2pFLG/q/N4KVWqqiBYUOFo=";
+  })
+  (fetchNuGet {
+    pname = "System.Reflection.Metadata";
+    version = "1.6.0";
+    hash = "sha256-JJfgaPav7UfEh4yRAQdGhLZF1brr0tUWPl6qmfNWq/E=";
+  })
+  (fetchNuGet {
+    pname = "System.Runtime.CompilerServices.Unsafe";
+    version = "6.0.0";
+    hash = "sha256-bEG1PnDp7uKYz/OgLOWs3RWwQSVYm+AnPwVmAmcgp2I=";
+  })
+  (fetchNuGet {
+    pname = "System.Text.Encodings.Web";
+    version = "9.0.1";
+    hash = "sha256-iuAVcTiiZQLCZjDfDqdLLPHqZdZqvFabwLFHiVYdRJo=";
+  })
+  (fetchNuGet {
+    pname = "System.Text.Json";
+    version = "9.0.1";
+    hash = "sha256-2dqE+Mx5eJZ8db74ofUiUXHOSxDCmXw5n9VC9w4fUr0=";
+  })
+  (fetchNuGet {
+    pname = "System.Threading.Tasks.Extensions";
+    version = "4.6.0";
+    hash = "sha256-OwIB0dpcdnyfvTUUj6gQfKW2XF2pWsQhykwM1HNCHqY=";
+  })
+  (fetchNuGet {
+    pname = "System.ValueTuple";
+    version = "4.5.0";
+    hash = "sha256-niH6l2fU52vAzuBlwdQMw0OEoRS/7E1w5smBFoqSaAI=";
+  })
+  (fetchNuGet {
+    pname = "TagLibSharp";
+    version = "2.3.0";
+    hash = "sha256-PD9bVZiPaeC8hNx2D+uDUf701cCaMi2IRi5oPTNN+/w=";
+  })
+  (fetchNuGet {
+    pname = "Unosquare.Swan.Lite";
+    version = "3.1.0";
+    hash = "sha256-PL8N3CqIz/wku8/mkRMC3X868Byv47C20/rBLBhkS3o=";
+  })
+  (fetchNuGet {
+    pname = "YoutubeExplode";
+    version = "6.5.4";
+    hash = "sha256-5sexIiBj5XP9rP5DA0NQ+vHJ9lpjwp00EvVux901WLc=";
+  })
+]

pkgs/slsk-batchdl/package.nix

@@ -0,0 +1,39 @@
+{
+  lib,
+  buildDotnetModule,
+  fetchFromGitHub,
+  dotnetCorePackages,
+}:
+
+buildDotnetModule rec {
+  pname = "slsk-batchdl";
+  version = "2.4.7";
+
+  src = fetchFromGitHub {
+    owner = "fiso64";
+    repo = "slsk-batchdl";
+    rev = "v${version}";
+    sha256 = "sha256-P7V7YJUA1bkfp13Glb1Q+NJ7iTya/xgO1TM88z1Nddc=";
+  };
+
+  projectFile = "slsk-batchdl/slsk-batchdl.csproj";
+  nugetDeps = ./nuget-deps.nix;
+
+  dotnet-sdk = dotnetCorePackages.sdk_8_0;
+  dotnet-runtime = dotnetCorePackages.runtime_8_0;
+
+  # Patch the project file to use .NET 8
+  postPatch = ''
+    substituteInPlace slsk-batchdl/slsk-batchdl.csproj \
+      --replace-fail "net6.0" "net8.0"
+  '';
+
+  doCheck = false;
+
+  meta = with lib; {
+    description = "A batch downloader for Soulseek";
+    homepage = "https://github.com/fiso64/slsk-batchdl";
+    platforms = platforms.linux;
+    mainProgram = "slsk-batchdl";
+  };
+}

platforms/home-manager/modules/nmasur/presets/programs/aerc.nix

@@ -18,6 +18,7 @@ in
     home.packages = with pkgs; [
       w3m # Render HTML
       dante # Socksify for rendering HTML
+      aba # Address book
     ];
 
     programs.aerc = {
@@ -110,6 +111,7 @@ in
           "<C-j>" = ":next-part<Enter>";
           J = ":next <Enter>";
           K = ":prev<Enter>";
+          aa = ":pipe -m aba parse --all<Enter>";
         };
 
         "view::passthrough" = {
@@ -185,6 +187,7 @@ in
         };
         compose = {
           editor = config.home.sessionVariables.EDITOR;
+          address-book-cmd = "aba ls \"%s\"";
         };
       };
     };

platforms/home-manager/modules/nmasur/presets/programs/direnv.nix

@@ -17,6 +17,9 @@ in
     programs.direnv = {
       enable = true;
       nix-direnv.enable = true;
+      config = {
+        global.hide_env_diff = true;
+      };
     };
   };
 }

platforms/home-manager/modules/nmasur/presets/programs/feishin.nix

@@ -0,0 +1,19 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.presets.programs.feishin;
+in
+
+{
+
+  options.nmasur.presets.programs.feishin.enable = lib.mkEnableOption "Feishin music player";
+
+  config = lib.mkIf cfg.enable {
+    home.packages = [ pkgs.feishin ];
+  };
+}

platforms/home-manager/modules/nmasur/presets/programs/firefox.nix

@@ -74,6 +74,8 @@ in
           "svg.context-properties.content.enabled" = true; # Sidebery styling
           "browser.tabs.hoverPreview.enabled" = false; # Disable tab previews
           "browser.tabs.hoverPreview.showThumbnails" = false; # Disable tab previews
+          "browser.gesture.swipe.left" = "cmd_scrollLeft"; # Disable swipe to go back
+          "browser.gesture.swipe.right" = "cmd_scrollRight"; # Disable swipe to go forward
         };
         userChrome = ''
           :root {

platforms/home-manager/modules/nmasur/presets/programs/ghostty.nix

@@ -33,6 +33,7 @@ in
         macos-titlebar-style = "hidden";
         window-decoration = false;
         macos-non-native-fullscreen = true;
+        quit-after-last-window-closed = lib.mkIf pkgs.stdenv.isDarwin true;
         fullscreen = if pkgs.stdenv.isDarwin then true else false;
         keybind = [
           "super+t=unbind" # Pass super-t to underlying tool (e.g. zellij tabs)

platforms/home-manager/modules/nmasur/presets/programs/git-work.nix

@@ -1,6 +1,5 @@
 {
   config,
-  pkgs,
   lib,
   ...
 }:
@@ -66,6 +65,18 @@ in
       };
     };
 
+    # Personal jj config
+    programs.jujutsu.settings = {
+      "--scope" = [
+        {
+          "--when".repositories = [ "~/dev/personal" ];
+          user = {
+            name = cfg.personal.name;
+            email = cfg.personal.email;
+          };
+        }
+      ];
+    };
   };
 
 }

platforms/home-manager/modules/nmasur/presets/programs/helix.nix

@@ -130,6 +130,7 @@ in
 
       ignores = [
         "content/.obsidian/**"
+        ".direnv/**"
       ];
 
       settings = {
@@ -146,6 +147,10 @@ in
             "keep_primary_selection"
           ];
 
+          # Quit shortcuts
+          space.q = ":quit-all";
+          space.x = ":quit-all!";
+
           # Enable and disable inlay hints
           space.H = ":toggle lsp.display-inlay-hints";
 
@@ -160,7 +165,7 @@ in
           space.l = [
             ":write-all"
             ":new"
-            ":insert-output ${lib.getExe pkgs.lazygit}"
+            ":insert-output ${lib.getExe pkgs.lazygit} > /dev/tty"
             ":buffer-close!"
             ":redraw"
             ":reload-all"
@@ -168,6 +173,9 @@ in
             ":set mouse true"
           ];
 
+          # Commandline git blame
+          space.B = ":echo %sh{git log -n1 --date=short --pretty=format:'%%h %%ad %%s' $(git blame -L %{cursor_line},+1 \"%{buffer_name}\" | cut -d' ' -f1)}";
+
           # Open yazi
           # https://github.com/sxyazi/yazi/pull/2461
           # Won't work until next Helix release
@@ -195,6 +203,27 @@ in
             "paste_before"
           ];
 
+          A-S-ret = [
+            "open_above"
+            "normal_mode"
+          ];
+          A-ret = [
+            "open_below"
+            "normal_mode"
+          ];
+
+        };
+
+        keys.insert = {
+          # Allows not continuing the comment
+          "A-ret" = [
+            "insert_newline"
+            "extend_to_line_bounds"
+            "delete_selection"
+            "insert_newline"
+            "move_line_up"
+            "insert_mode"
+          ];
         };
 
         editor = {
@@ -216,10 +245,10 @@ in
 
           # Show hidden files
           file-picker = {
-            hidden = false;
+            hidden = false; # Show hidden files
-            git-ignore = true;
+            git-ignore = true; # Skip gitignore files
-            git-global = true;
+            git-global = true; # Skip global gitignore files
-            git-exclude = true;
+            git-exclude = true; # Skip excluded files
           };
 
           # Show whitespace visible to the user
@@ -322,7 +351,7 @@ in
           bg = config.theme.colors.base00;
         };
         "ui.cursor" = {
-          fg = config.theme.colors.base0A;
+          fg = config.theme.colors.base04;
           modifiers = [ "reversed" ];
         };
         "ui.cursor.insert" = {
@@ -334,11 +363,11 @@ in
           bg = config.theme.colors.base01;
         };
         "ui.cursor.match" = {
-          fg = config.theme.colors.base0A;
+          fg = config.theme.colors.base03;
           modifiers = [ "reversed" ];
         };
         "ui.cursor.select" = {
-          fg = config.theme.colors.base0A;
+          fg = config.theme.colors.base04;
           modifiers = [ "reversed" ];
         };
         "ui.gutter" = {

platforms/home-manager/modules/nmasur/presets/programs/jujutsu.nix

@@ -1,5 +1,6 @@
 {
   config,
+  pkgs,
   lib,
   ...
 }:
@@ -22,8 +23,18 @@ in
           name = config.programs.git.userName;
           email = config.programs.git.userEmail;
         };
+        ui.paginate = "never";
+
+        # Automatically snapshot when files change
+        fsmonitor.backend = "watchman";
+        fsmonitor.watchman.register-snapshot-trigger = true;
       };
     };
 
+    home.packages = [
+      # Required for the fsmonitor to auto-snapshot
+      pkgs.watchman
+    ];
+
   };
 }

platforms/home-manager/modules/nmasur/presets/programs/nixpkgs-darwin.nix

@@ -24,7 +24,7 @@ in
     # These are useful for triggering from zellij (rather than running directly in the shell)
     nmasur.presets.programs.nixpkgs.commands.rebuildNixos = pkgs.writeShellScriptBin "rebuild-darwin" ''
       git -C ${config.nmasur.presets.programs.dotfiles.path} add --intent-to-add --all
-      darwin-rebuild switch --flake "${config.nmasur.presets.programs.dotfiles.path}#${config.nmasur.settings.host}"
+      sudo darwin-rebuild switch --flake "${config.nmasur.presets.programs.dotfiles.path}#${config.nmasur.settings.host}"
     '';
 
     programs.fish = {
@@ -40,13 +40,13 @@ in
         rebuild-darwin = {
           body = ''
             git -C ${config.nmasur.presets.programs.dotfiles.path} add --intent-to-add --all
-            echo "darwin-rebuild switch --flake ${config.nmasur.presets.programs.dotfiles.path}#lookingglass"
+            echo "sudo darwin-rebuild switch --flake ${config.nmasur.presets.programs.dotfiles.path}#lookingglass"
           '';
         };
         rebuild-darwin-offline = {
           body = ''
             git -C ${config.nmasur.presets.programs.dotfiles.path} add --intent-to-add --all
-            echo "darwin-rebuild switch --option substitute false --flake ${config.nmasur.presets.programs.dotfiles.path}#lookingglass"
+            echo "sudo darwin-rebuild switch --option substitute false --flake ${config.nmasur.presets.programs.dotfiles.path}#lookingglass"
           '';
         };
         rebuild-home = lib.mkForce {

platforms/home-manager/modules/nmasur/presets/programs/nixpkgs.nix

@@ -35,6 +35,7 @@ in
   config = lib.mkIf cfg.enable {
 
     home.packages = [
+      pkgs.nh # Allows rebuilding with a cleaner TUI
       cfg.commands.rebuildHome
       cfg.commands.rebuildNixos
     ];

platforms/home-manager/modules/nmasur/presets/programs/starship.nix

@@ -19,6 +19,7 @@ in
       enable = true;
       enableFishIntegration = true;
       enableBashIntegration = true;
+      enableTransience = true; # Replace previous prompts with custom string
       settings = {
         add_newline = false; # Don't print new line at the start of the prompt
         format = lib.concatStrings [
@@ -80,6 +81,17 @@ in
         };
       };
     };
+    programs.fish = {
+      functions = {
+        # Adjust the prompt in previous commands
+        starship_transient_prompt_func = {
+          body = "echo '$ '";
+        };
+        starship_transient_rprompt_func = {
+          body = "echo ' '";
+        };
+      };
+    };
 
   };
 }

platforms/home-manager/modules/nmasur/presets/programs/zellij.nix

@@ -7,6 +7,15 @@
 
 let
   cfg = config.nmasur.presets.programs.zellij;
+
+  zellij-switch-to-last = pkgs.writeShellScriptBin "zellij-switch-to-last" ''
+    TARGET_SESSION=$(cat ~/.local/state/zellij-last-session)
+    if [ -z "$TARGET_SESSION" ]; then
+      return 1
+    fi
+    echo "$ZELLIJ_SESSION_NAME" > ~/.local/state/zellij-last-session
+    zellij pipe --plugin file:$(which zellij-switch.wasm) -- "--session $TARGET_SESSION"
+  '';
 in
 
 {
@@ -31,6 +40,7 @@ in
               if test "$TARGET_DIR" = $(pwd)
                 return 1
               end
+              echo "$ZELLIJ_SESSION_NAME" > ~/.local/state/zellij-last-session
               zellij pipe --plugin file:$(which zellij-switch.wasm) -- "--cwd $TARGET_DIR --layout default --session $(basename $TARGET_DIR)"
             '';
         };
@@ -69,13 +79,13 @@ in
     programs.zellij = {
 
       enable = true;
+
+      # Auto start on shell init
       enableBashIntegration = true;
       enableFishIntegration = true;
       enableZshIntegration = true;
-
+      attachExistingSession = true;
-      # Not yet available in unstable
+      exitShellOnExit = false;
-      # attachExistingSession = true;
-      # exitShellOnExit = true;
 
       settings = {
         default_mode = "locked";
@@ -88,8 +98,6 @@ in
         show_startup_tips = false;
 
         keybinds = {
-          normal = {
-          };
           session = {
             "bind \"w\"" = {
               LaunchOrFocusPlugin = {
@@ -111,6 +119,14 @@ in
             };
           };
           shared = {
+            "bind \"Alt Shift s\"" = {
+              Run = {
+                _args = [
+                  (lib.getExe zellij-switch-to-last)
+                ];
+                close_on_exit = true;
+              };
+            };
             "bind \"Alt Shift p\"" = {
               Run = {
                 _args = [
@@ -169,6 +185,19 @@ in
                 ];
               };
             };
+            "bind \"Alt Shift j\"" = {
+              Run = {
+                _args = [
+                  (lib.getExe pkgs.lazyjj)
+                ];
+                close_on_exit = true;
+                floating = true;
+                x = "1%";
+                y = "1%";
+                width = "99%";
+                height = "99%";
+              };
+            };
             "bind \"Super Shift ]\"" = {
               GoToNextTab = { };
             };
@@ -192,11 +221,6 @@ in
                 _args = [ "scroll" ];
               };
             };
-            "bind \"Alt k\"" = lib.mkIf pkgs.stdenv.isLinux {
-              SwitchToMode = {
-                _args = [ "scroll" ];
-              };
-            };
             "bind \"Super Shift e\"" = lib.mkIf pkgs.stdenv.isDarwin {
               EditScrollback = { };
               SwitchToMode = {

platforms/home-manager/modules/nmasur/presets/services/i3.nix

@@ -214,9 +214,9 @@ in
               cfg.commands.lockScreen != null
             ) "exec ${cfg.commands.lockScreen}";
             "${modifier}+Mod1+h" =
-              "exec --no-startup-id ${lib.getExe cfg.terminal} --command sh -c '${pkgs.home-manager}/bin/home-manager switch --flake ${config.nmasur.presets.programs.dotfiles.path} || read'";
+              ''exec --no-startup-id ${lib.getExe cfg.terminal} --command="${pkgs.home-manager}/bin/home-manager switch --flake ${config.nmasur.presets.programs.dotfiles.path}#''${hostname} || read" '';
             "${modifier}+Mod1+r" =
-              "exec --no-startup-id ${lib.getExe cfg.terminal} --command sh -c 'doas nixos-rebuild switch --flake ${config.nmasur.presets.programs.dotfiles.path} || read'";
+              "exec --no-startup-id ${lib.getExe cfg.terminal} --command='doas nixos-rebuild switch --flake ${config.nmasur.presets.programs.dotfiles.path} || read'";
 
             # Window options
             "${modifier}+q" = "kill";

platforms/home-manager/modules/nmasur/presets/services/polybar.nix

@@ -142,9 +142,9 @@ in
                 if config.nmasur.presets.services.i3.terminal == pkgs.wezterm then
                   "start --class aerc -- aerc"
                 else
-                  "--class=aerc --command=aerc";
+                  "--class=com.noah.aerc --command=aerc";
             in
-            "i3-msg 'exec --no-startup-id ${config.nmasur.presets.services.i3.terminal} ${startupCommand}'; sleep 0.15; i3-msg '[class=aerc] focus'";
+            "i3-msg 'exec --no-startup-id ${lib.getExe config.nmasur.presets.services.i3.terminal} ${startupCommand}'; sleep 0.15; i3-msg '[class=com.noah.aerc] focus'";
         };
         "module/network" = {
           type = "internal/network";
@@ -221,7 +221,7 @@ in
           label = "%date%";
           label-foreground = config.theme.colors.base06;
           # format-background = colors.background;
-          click-right = lib.getExe config.nmasur.presets.services.i3.terminal;
+          click-right = "i3-msg 'exec --no-startup-id ${lib.getExe config.nmasur.presets.services.i3.terminal}'";
         };
         "module/power" = {
           type = "custom/text";

platforms/home-manager/modules/nmasur/profiles/experimental.nix

@@ -17,10 +17,7 @@ in
 
     nmasur.presets.programs = {
       zed-editor.enable = lib.mkDefault true;
-      ghostty.enable = lib.mkDefault true;
+      jujutsu.enable = lib.mkDefault true;
-      helix.enable = lib.mkDefault true;
-      zellij.enable = lib.mkDefault true;
-      lazygit.enable = lib.mkDefault true;
     };
 
     home.packages = [
@@ -32,8 +29,6 @@ in
       pkgs.charm # Manage account and filesystem
       pkgs.pop # Send emails from a TUI
 
-      pkgs.yazi # TUI file explorer
-
     ];
 
     programs.gh-dash.enable = lib.mkDefault true;

platforms/home-manager/modules/nmasur/profiles/linux-gui.nix

@@ -23,6 +23,7 @@ in
         aerc.enable = lib.mkDefault true;
         discord.enable = lib.mkDefault true;
         dotfiles.enable = lib.mkDefault true;
+        feishin.enable = lib.mkDefault true;
         firefox.enable = lib.mkDefault true;
         ghostty.enable = lib.mkDefault true;
         mpv.enable = lib.mkDefault true;

platforms/home-manager/modules/nmasur/profiles/power-user.nix

@@ -25,6 +25,7 @@ in
       pkgs.jless # JSON viewer
       pkgs.jo # JSON output
       pkgs.mpd # TUI slideshows
+      pkgs.nixfmt-rfc-style # Format Nix code
       pkgs.nmasur.jqr # FZF fq JSON tool
       pkgs.nmasur.osc # Clipboard over SSH
       pkgs.nmasur.ren-find # Rename files
@@ -35,6 +36,8 @@ in
       pkgs.tealdeer # Cheatsheets
       pkgs.tree # Print tree in terminal
       pkgs.vimv-rs # Batch rename files
+      pkgs.yazi # TUI file explorer
+
     ];
 
     programs.fish.shellAliases = {
@@ -57,8 +60,10 @@ in
       fd.enable = lib.mkDefault true;
       fish.enable = lib.mkDefault true;
       fzf.enable = lib.mkDefault true;
+      ghostty.enable = lib.mkDefault true;
       git.enable = lib.mkDefault true;
       helix.enable = lib.mkDefault true;
+      lazygit.enable = lib.mkDefault true;
       neovim.enable = lib.mkDefault true;
       nix-index.enable = lib.mkDefault true;
       nixpkgs.enable = lib.mkDefault true;
@@ -67,6 +72,7 @@ in
       ripgrep.enable = lib.mkDefault true;
       weather.enable = lib.mkDefault true;
       yt-dlp.enable = lib.mkDefault true;
+      zellij.enable = lib.mkDefault true;
       zoxide.enable = lib.mkDefault true;
     };
 

platforms/nix-darwin/modules/nmasur/presets/programs/homebrew.nix

@@ -15,7 +15,7 @@ in
 
   config = lib.mkIf cfg.enable {
     # Requires Homebrew to be installed
-    system.activationScripts.preUserActivation.text = ''
+    system.activationScripts.preActivation.text = ''
       if ! xcode-select --version 2>/dev/null; then
         $DRY_RUN_CMD xcode-select --install
       fi

platforms/nix-darwin/modules/nmasur/presets/services/finder.nix

@@ -59,7 +59,7 @@ in
     };
 
     # User-level settings
-    system.activationScripts.postUserActivation.text = ''
+    system.activationScripts.postActivation.text = ''
       echo "Show the ~/Library folder"
       chflags nohidden ~/Library
     '';

platforms/nix-darwin/modules/nmasur/presets/services/hammerspoon.nix

@@ -18,7 +18,7 @@ in
 
     homebrew.casks = [ "hammerspoon" ];
 
-    system.activationScripts.postUserActivation.text = ''
+    system.activationScripts.postActivation.text = ''
       defaults write org.hammerspoon.Hammerspoon MJConfigFile "${
         config.home-manager.users.${username}.xdg.configHome
       }/hammerspoon/init.lua"

platforms/nix-darwin/modules/nmasur/presets/services/menubar.nix

@@ -15,7 +15,7 @@ in
   config = lib.mkIf cfg.enable {
 
     # User-level settings
-    system.activationScripts.postUserActivation.text = ''
+    system.activationScripts.postActivation.text = ''
       echo "Reduce Menu Bar padding"
       defaults write -globalDomain NSStatusItemSelectionPadding -int 6
       defaults write -globalDomain NSStatusItemSpacing -int 6

platforms/nix-darwin/modules/nmasur/profiles/base.nix

@@ -14,6 +14,8 @@ in
 
   config = lib.mkIf cfg.enable {
 
+    system.primaryUser = config.nmasur.settings.username;
+
     nmasur.presets = {
       programs = {
         fish.enable = lib.mkDefault true;

platforms/nix-darwin/modules/nmasur/profiles/extra.nix

@@ -20,5 +20,13 @@ in
       "keybase" # GUI on Nix not available for macOS
     ];
 
+    nix.linux-builder = {
+      enable = true;
+      systems = [
+        "x86_64-linux"
+        "aarch64-linux"
+      ];
+    };
+
   };
 }

platforms/nixos/modules/nmasur/presets/programs/slsk-batchdl.nix

@@ -0,0 +1,21 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.presets.programs.slsk-batchdl;
+in
+
+{
+
+  options.nmasur.presets.programs.slsk-batchdl.enable = lib.mkEnableOption "slsk downloader";
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = [
+      pkgs.nmasur.slsk-batchdl
+    ];
+  };
+}

platforms/nixos/modules/nmasur/presets/services/arr/arr.nix

@@ -27,6 +27,11 @@ let
       url = "localhost:8989";
       apiKey = config.secrets.sonarrApiKey.dest;
     };
+    lidarr = {
+      exportarrPort = "9712";
+      url = "localhost:8686";
+      apiKey = config.secrets.lidarrApiKey.dest;
+    };
     prowlarr = {
       exportarrPort = "9709";
       url = "localhost:9696";
@@ -57,6 +62,11 @@ in
     #   "dotnet-sdk-6.0.428"
     # ];
 
+    secrets.slskd = {
+      source = ./slskd.age;
+      dest = "/var/private/slskd";
+    };
+
     services = {
       bazarr = {
         enable = true;
@@ -69,6 +79,21 @@ in
         # It contains server configs and credentials
         configFile = "/data/downloads/sabnzbd/sabnzbd.ini";
       };
+      slskd = {
+        enable = true;
+        domain = null;
+        environmentFile = config.secrets.slskd.dest;
+        settings = {
+          shares.directories = [ ];
+          directories.downloads = "/data/audio/music";
+          web = {
+            url_base = "/slskd";
+            port = 5030;
+          };
+          soulseek.listen_port = 50300;
+        };
+        openFirewall = false;
+      };
       sonarr = {
         enable = true;
       };
@@ -78,6 +103,9 @@ in
       readarr = {
         enable = true;
       };
+      lidarr = {
+        enable = true;
+      };
     };
 
     # Allows shared group to read/write the sabnzbd directory
@@ -133,6 +161,20 @@ in
           }
         ];
       }
+      {
+        match = [
+          {
+            host = [ hostnames.download ];
+            path = [ "/lidarr*" ];
+          }
+        ];
+        handle = [
+          {
+            handler = "reverse_proxy";
+            upstreams = [ { dial = arrConfig.lidarr.url; } ];
+          }
+        ];
+      }
       {
         match = [
           {
@@ -181,6 +223,22 @@ in
           }
         ];
       }
+      {
+        match = [
+          {
+            host = [ hostnames.download ];
+            path = [ "/slskd*" ];
+          }
+        ];
+        handle = [
+          {
+            handler = "reverse_proxy";
+            upstreams = [
+              { dial = "localhost:${builtins.toString config.services.slskd.settings.web.port}"; }
+            ];
+          }
+        ];
+      }
       {
         match = [ { host = [ hostnames.download ]; } ];
         handle = [
@@ -252,6 +310,11 @@ in
       dest = "/var/private/sonarr-api";
       prefix = "API_KEY=";
     };
+    secrets.lidarrApiKey = {
+      source = ./lidarr-api-key.age;
+      dest = "/var/private/lidarr-api";
+      prefix = "API_KEY=";
+    };
     secrets.prowlarrApiKey = {
       source = ./prowlarr-api-key.age;
       dest = "/var/private/prowlarr-api";

platforms/nixos/modules/nmasur/presets/services/arr/lidarr-api-key.age

@@ -0,0 +1,17 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBjUGJG
+dDZiN3RkMzV2WlFUd3Vsam5IV3ZqajN2VFVvdUFiNFVIdVZRZzE0CkplWlBrRndG
+SEIxa0pGaFAzWmFEOGlIUTM2K2I0VWUyQ1pKbVcvd1I5UDAKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIFRuVXp3dTNHaDhWNTVmN2tLd1FXaUttT1VqL2I1dktWaW45VnN2
+TlVZd2MKYlpEdWFJNmRtNWcxMDVndExIY21icjY2c252QmJnekorNnFnZHRCcHQr
+dwotPiBzc2gtZWQyNTUxOSBuanZYNUEgd3hZNDZwWDg0UnFlNndqazFNNDB0bkxx
+RTVTamR1Nk51VkREVVlRTjEybwpGVXJEUFFuYXpEQzRHeWJqRTMrUUpIYmhtT2NY
+SUQyeGwrYjBKdW9ucThjCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBVdFB6ZndMb3Zx
+dTV5L2Z1Nk9rQVRHWkozcG01cW9zZUFTUW5HaDV1TWtvCnE4MUtTV0laalIwbVNJ
+NlU0K0JJcGMyN3ZSVXpVU1BteDVIVU9BYU9ZeG8KLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IGhCbWhHbG9WWU9CR3RkTVEyNUE1akM3Q0hGZEx1cURSRitIbi9vZXRMZ3cK
+clR6bjljTU9FS0UzdC9seDlad1E1aHZ5QXNiQmRWWDc5L0NQSkRsVUYyNAotLS0g
+ZEMwTE83MWxYMUYzWVdiSXNxM1BoOEJNMzJHS3o4M1NzWXMyQWZwR3dDVQpp8Lb0
+E1vJN/UjSubXuFGT9NqLCYhc2n20m4v6sM7h4HYRh10pngyxapyN9DvUvY0maPpm
+S9afVD6V/XjxOUZ2lA==
+-----END AGE ENCRYPTED FILE-----

platforms/nixos/modules/nmasur/presets/services/arr/slskd.age

@@ -0,0 +1,19 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBmaUlP
+QTFSRGlKbTVFalppZm9XczhOT2dKTkJpTDVDYTNGZWM2N05NTlRjCjVmUDdBb2VW
+M1BVMVlNdnoxWUNOTmkraVdhR3ZRTFJpTjMxT1duYS9HV3cKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIFdzczRSbDgyM3ZGN2tzV1VOeTFsQUtlY00xRWNTaTU5UmxLamFm
+NDVkQVEKa3ZkUmx2RnNjSGUwWGh2ZzVqK3JwckMwdy9LMmRBeGZ3Vk5wUHFMYUc3
+RQotPiBzc2gtZWQyNTUxOSBuanZYNUEgR3lvZ054YkRaNzg5ZDZBK2NrSElndC9P
+YnFUUm83c25hYVdSU2dMSytrWQp4ZWthazZLcVFiMUpoUWp1VEZvZjhlSGxSc0ZO
+blJnelkvNlc3aDVTOGQ0Ci0+IHNzaC1lZDI1NTE5IENxSU9VQSBUTHNNTUhwaHJT
+aUlxTGwzdHhaRytzc3VpVldMb29WNGQyTUN1VXVOZmhzCnYzWjZzZ055YTJtVE1x
+UTB4VjgwMzZzNmg2dVJrUVgxNnNSTXpqbURHaUkKLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IFhvR3orWEI0dXVqdGZlbGZyb3FaZ0JGeGdvbE1RSEQwVHNMTU5MLy91WGMK
+eldiMlJGeGNJY01OeElBZVNCaTIrMlhibEFZd3pReE5JMWJyMk00Nm9xZwotLS0g
+SGpVUzFtMjdHRFlCMmJqMjJJcGl1Z3Z4ZWJXaE9leTVQL016aFAyT3BoRQoM3TpF
+3xJOKidMRbB6bqccVENPZ3Truxk7xMC99xvAL9Z0BmjxzV23Z2Fl58xOSx+p7IdE
+HWIfSrfhHqhJwanTSeFTYCGEak/e2bljgP3t2j1jNuTJAyUgRWwJg92nOIVX/Q7m
+AbhM0tSWdRD7jipqKFt6vvem+QGH0NhenSTZHdKr5gasqHVP7/10MZGSueqwj/Jm
+Q3S1ToPvVyoH8DrXlsMX37Qwxn0fVmLIdOrhEhHPLxxRrwkf7bA6Zpk/gSMT
+-----END AGE ENCRYPTED FILE-----

platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix

@@ -67,8 +67,8 @@ in
 
     # Tell Caddy to use Cloudflare DNS for ACME challenge validation
     services.caddy.package = pkgs.caddy.withPlugins {
-      plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ];
+      plugins = [ "github.com/caddy-dns/cloudflare@8cbec3f04d5b4a768c52941a5468c4b71436509e" ]; # v0.2.1
-      hash = "sha256-saKJatiBZ4775IV2C5JLOmZ4BwHKFtRZan94aS5pO90=";
+      hash = "sha256-2D7dnG50CwtCho+U+iHmSj2w14zllQXPjmTHr6lJZ/A=";
     };
     nmasur.presets.services.caddy.tlsPolicies = [
       {
@@ -159,12 +159,13 @@ in
       requires = [ "cloudflare-api-secret.service" ];
       script =
         let
-          args =
+          args = [
-            [ "--cache-file /var/lib/cloudflare-dyndns/ip.cache" ]
+            "--cache-file /var/lib/cloudflare-dyndns/ip.cache"
-            ++ (if config.services.cloudflare-dyndns.ipv4 then [ "-4" ] else [ "-no-4" ])
+          ]
-            ++ (if config.services.cloudflare-dyndns.ipv6 then [ "-6" ] else [ "-no-6" ])
+          ++ (if config.services.cloudflare-dyndns.ipv4 then [ "-4" ] else [ "-no-4" ])
-            ++ lib.optional config.services.cloudflare-dyndns.deleteMissing "--delete-missing"
+          ++ (if config.services.cloudflare-dyndns.ipv6 then [ "-6" ] else [ "-no-6" ])
-            ++ lib.optional config.services.cloudflare-dyndns.proxied "--proxied";
+          ++ lib.optional config.services.cloudflare-dyndns.deleteMissing "--delete-missing"
+          ++ lib.optional config.services.cloudflare-dyndns.proxied "--proxied";
         in
         lib.mkForce ''
           export CLOUDFLARE_API_TOKEN=$(cat ''${CREDENTIALS_DIRECTORY}/apiToken)

platforms/nixos/modules/nmasur/presets/services/gitea.nix

@@ -20,6 +20,7 @@ in
       settings = {
         actions.ENABLED = true;
         metrics.ENABLED = true;
+        mailer.SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
         repository = {
           # Pushing to a repo that doesn't exist automatically creates one as
           # private.

platforms/nixos/modules/nmasur/presets/services/litestream/litestream.nix

@@ -37,6 +37,7 @@ in
   config = lib.mkIf (cfg.enable) {
 
     users.groups.backup = { };
+    users.groups.litestream = { };
 
     secrets.litestream-backup = {
       source = cfg.s3.accessKeySecret;
@@ -45,6 +46,7 @@ in
       permissions = "0440";
     };
 
+    users.users.litestream.group = "litestream";
     users.users.litestream.extraGroups = [ "backup" ];
 
     services.litestream = {

platforms/nixos/modules/nmasur/presets/services/navidrome/navidrome-integrations.age

@@ -0,0 +1,20 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBwVzM0
+bElnSVdUTjFBT1BEWEJrUDRXMHNIVVVLbEJLNFFVcFZHcUlVcDNJCllmTWpNWDJz
+ckVyMGV2T1VUbnZHejNqOGdBdEh6TEU2MnNPeTM1aVFlaDgKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIE1DR1BjdlZ5eUxQZlBaTXNUN2ZhcjRMSk1IcXlEMWRxRHBzL29o
+YWl5Z28KREU0YUcwZ3JrZDFNN3FBUWJDUnVoRjlSQ0x0aDVEWWhBZnVGR3pGbFBO
+SQotPiBzc2gtZWQyNTUxOSBuanZYNUEganNXRDBESFM0MGN4WjlQSmgxNlRMU2tD
+YW5LS05PNEpIakFjQW1yV3VsWQp0d0VCdUdyY1VLd0RIcmQ0RkQ5QkE5bWZhZnBk
+REIwYW5rMFl2VysxVjQwCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBnYm1TYU5rQkFH
+UDVrQ0NkVTBmV3A3ektyVWt4Y3E4V2ZwUS9KZFpkcjFBCmZtd3FBSnN4K2o4QTFE
+cEFCRHRiWjlZeDBQZFdVNmt6UkZQM3BDMlhCdkUKLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IFJoaFp1azcvbllXdUxLSVhkclh6cmgrL1psOUlqNUZjRkNvZTNIdVp4eGcK
+VWczN01seXhueEprQ3lVeE9Eazg2MGRjK0ZkMkpSQ3FoMFU2QURLZ0EzMAotLS0g
+eng3TnlPeVI5L2FCWWpVM29iRGM2Ynpnck1yZlJSbExZL1NrME5qV3Y5RQoUmoxB
+ehmbWdeYxoPQ+lNcQn6U84J2hsdB6PvEwDMLlCwwSeMJD8lJfH5MBzp4Mok2aFpM
+WPdgVtWdo5AOqOJWv8iU4HJpvcNQCiUfCKjG4DpdS1xcZcgEj1RIxPjB1z2if49s
+Vcnxe1My6ZGCu99AD9U2haJb40ZyjRotHhmDZ6TYZU277qaoWwGnDG/ZgRortN3W
+I4iS4bfn+KUflctnir5cRxcLFRDj9+ut+USHBO0hTCldckTEGFnlG8En0EjR4emH
+QNhp5oz9jJK6p+mjnJFPGXOPTVnrsRkjAfQAsUZa8DdKJw==
+-----END AGE ENCRYPTED FILE-----

platforms/nixos/modules/nmasur/presets/services/navidrome/navidrome.nix

@@ -0,0 +1,49 @@
+# Navidrome is a self-hosted music streaming service. This means I can play
+# files from my server to devices.
+
+{ config, lib, ... }:
+
+let
+  inherit (config.nmasur.settings) hostnames;
+  cfg = config.nmasur.presets.services.navidrome;
+in
+
+{
+
+  options.nmasur.presets.services.navidrome.enable = lib.mkEnableOption "Navidrome music streaming";
+
+  config = lib.mkIf cfg.enable {
+
+    secrets.navidrome-integrations = {
+      source = ./navidrome-integrations.age;
+      dest = "/var/private/navidrome-integrations";
+    };
+
+    services.navidrome = {
+      enable = true;
+      settings = {
+        MusicFolder = "/data/audio/music";
+        EnableInsightsCollector = false;
+      };
+      environmentFile = config.secrets.navidrome-integrations.dest;
+    };
+
+    # Configure Cloudflare DNS to point to this machine
+    services.cloudflare-dyndns.domains = [ hostnames.navidrome ];
+
+    # Allow web traffic to Caddy
+    nmasur.presets.services.caddy.routes = [
+      {
+        match = [ { host = [ hostnames.navidrome ]; } ];
+        handle = [
+          {
+            handler = "reverse_proxy";
+            upstreams = [
+              { dial = "localhost:${builtins.toString config.services.navidrome.settings.Port}"; }
+            ];
+          }
+        ];
+      }
+    ];
+  };
+}

platforms/nixos/modules/nmasur/presets/services/restic/restic.nix

@@ -54,6 +54,11 @@ in
           "--keep-monthly 12"
           "--keep-yearly 100"
         ];
+        timerConfig = {
+          OnCalendar = "daily";
+          Persistent = true;
+          RandomizedDelaySec = "3h";
+        };
       };
     };
 

platforms/nixos/modules/nmasur/profiles/gui.nix

@@ -21,6 +21,9 @@ in
     nmasur.presets.programs.nautilus.enable = lib.mkDefault true;
     nmasur.presets.services.pipewire.enable = lib.mkDefault true;
 
+    # Allow cross-compiling my aarch64 builds
+    boot.binfmt.emulatedSystems = lib.mkDefault [ "aarch64-linux" ];
+
     # Lock the system
     services.betterlockscreen.enable = lib.mkDefault true;
 

platforms/nixos/modules/nmasur/profiles/home.nix

@@ -24,6 +24,11 @@ in
 
     # Enable automatic timezone updates based on location
     services.automatic-timezoned.enable = lib.mkDefault true;
+    services.geoclue2 = {
+      # see: https://github.com/NixOS/nixpkgs/issues/68489#issuecomment-1484030107
+      enableDemoAgent = lib.mkForce true;
+      geoProviderUrl = "https://beacondb.net/v1/geolocate";
+    };
 
     # Allow reading from Windows drives
     boot.supportedFilesystems = [ "ntfs" ];

platforms/nixos/modules/nmasur/profiles/nas.nix

@@ -18,6 +18,7 @@ in
       zfs.enable = lib.mkDefault true;
       programs = {
         msmtp.enable = lib.mkDefault true;
+        slsk-batchdl.enable = lib.mkDefault true;
       };
       services = {
         arrs.enable = lib.mkDefault true;
@@ -31,6 +32,7 @@ in
         immich.enable = lib.mkDefault true;
         jellyfin.enable = lib.mkDefault true;
         litestream.enable = lib.mkDefault true;
+        navidrome.enable = lib.mkDefault true;
         nextcloud.enable = lib.mkDefault true;
         nix-autoupgrade.enable = lib.mkDefault false; # Off by default for NAS
         paperless.enable = lib.mkDefault true;

platforms/nixos/modules/nmasur/profiles/shared-media.nix

@@ -25,9 +25,11 @@ in
       audiobookshelf.group = "shared";
       bazarr.group = "shared";
       jellyfin.group = "shared";
+      lidarr.group = "shared";
       radarr.group = "shared";
       readarr.group = "shared";
       sabnzbd.group = "shared";
+      slskd.group = "shared";
       sonarr.group = "shared";
       immich.group = "shared";
       calibre-web.group = "shared";