fixes for caddy and adding paperless to local dns

try to statically set caddy to prevent cloudflare hash breaking
fix: ghostty keybinds invalid after update
2025-11-04 15:13:16 +00:00 · 2025-10-12 17:25:50 +00:00 · 2025-10-11 13:27:44 -04:00 · 2025-09-23 15:40:01 -04:00 · 2025-09-20 11:28:26 -04:00 · 2025-09-20 11:27:55 -04:00
488 changed files with 14684 additions and 9494 deletions
--- a/.github/workflows/arrow-aws.yml
+++ b/.github/workflows/arrow-aws.yml
@@ -3,7 +3,7 @@ name: Arrow (AWS)
 run-name: Arrow (AWS) - ${{ inputs.rebuild && 'Rebuild and ' || '' }}${{ inputs.action == 'create' && 'Create' || ( inputs.action == 'destroy' && 'Destroy' || 'No Action' ) }}
 env:
-  TERRAFORM_DIRECTORY: hosts/arrow/aws
+  TERRAFORM_DIRECTORY: deploy/aws
  DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
  ARROW_IDENTITY_BASE64: ${{ secrets.ARROW_IDENTITY_BASE64 }}
  ZONE_NAME: masu.rs
--- a/.github/workflows/flame.yml
+++ b/.github/workflows/flame.yml
@@ -0,0 +1,200 @@
 name: Flame
 run-name: Flame - ${{ inputs.rebuild && 'Rebuild and ' || '' }}${{ inputs.action == 'create' && 'Create' || ( inputs.action == 'destroy' && 'Destroy' || 'No Action' ) }}
 env:
  TERRAFORM_DIRECTORY: deploy/oracle
  DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
  FLAME_IDENTITY_BASE64: ${{ secrets.FLAME_IDENTITY_BASE64 }}
  ZONE_NAME: masu.rs
  CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
  CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
  OCI_CLI_USER: "ocid1.user.oc1..aaaaaaaa6lro2eoxdajjypjysepvzcavq5yn4qyozjyebxdiaoqziribuqba"
  OCI_CLI_TENANCY: "ocid1.tenancy.oc1..aaaaaaaaudwr2ozedhjnrn76ofjgglgug6gexknjisd7gb7tkj3mjdp763da"
  OCI_CLI_FINGERPRINT: "dd:d0:da:6d:83:46:8b:b3:d9:45:2b:c7:56:ae:30:94"
  OCI_CLI_KEY_CONTENT: "${{ secrets.OCI_PRIVATE_KEY }}"
  TF_VAR_oci_private_key: "${{ secrets.OCI_PRIVATE_KEY }}"
  OCI_CLI_REGION: "us-ashburn-1"
 on:
  workflow_dispatch:
    inputs:
      rebuild:
        description: Rebuild Image
        type: boolean
        default: false
      action:
        description: Terraform Action
        type: choice
        required: true
        default: create
        options:
          - create
          - destroy
          - nothing
 permissions:
  id-token: write
  contents: write
 jobs:
  build-deploy:
    name: Build and Deploy
    # runs-on: ubuntu-latest
    runs-on: ubuntu-24.04-arm
    steps:
      - name: Checkout Repo Code
        uses: actions/checkout@v4
      # - name: Write OCI Key to File
      #   run: |
      #     echo "${{ env.OCI_PRIVATE_KEY_BASE64 }}" | base64 -d > OCI_PRIVATE_KEY
      # # Enable access to KVM, required to build an image
      # - name: Enable KVM group perms
      #   if: inputs.rebuild && inputs.action != 'destroy'
      #   run: |
      #       echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
      #       sudo udevadm control --reload-rules
      #       sudo udevadm trigger --name-match=kvm
      #       sudo apt-get install -y qemu-user-static
      # Install Nix
      - name: Install Nix
        # if: inputs.rebuild && inputs.action != 'destroy'
        uses: cachix/install-nix-action@v31.4.1
        with:
          enable_kvm: true
          extra_nix_config: |
            system = aarch64-linux
            system-features = aarch64-linux arm-linux kvm
      # Build the image
      - name: Build Image
        if: inputs.rebuild && inputs.action != 'destroy'
        run: nix build .#flame-qcow --system aarch64-linux
      - name: List Images
        if: inputs.rebuild && inputs.action != 'destroy'
        run: |
          ls -lh result/
          echo "IMAGE_NAME=$(ls result/nixos.qcow2) >> $GITHUB_ENV
      - name: Upload Image to S3
        if: inputs.rebuild && inputs.action != 'destroy'
        # env:
        #   AWS_ACCESS_KEY_ID: "<YOUR_OCI_ACCESS_KEY>"
        #   AWS_SECRET_ACCESS_KEY: "<YOUR_OCI_SECRET_KEY>"
        #   AWS_DEFAULT_REGION: "us-ashburn-1" # e.g., us-ashburn-1, us-phoenix-1
        #   AWS_ENDPOINT_URL: "https://masur.compat.objectstorage.us-ashburn-1.oraclecloud.com"
        uses: oracle-actions/run-oci-cli-command@v1.3.2
        with:
          command: |
            os object put \
              --namespace "idptr5akf9pf" \
              --bucket-name "noahmasur-images" \
              --name "nixos.qcow2" \
              --file "${IMAGE_NAME}" \
              --part-size 128 \ # Optional: Specify part size in MiB for multipart uploads, default is 128 MiB
              --parallel-upload-count 5 # Optional: Number of parallel uploads, default is 3
      # Login to AWS
      - name: AWS Assume Role
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: arn:aws:iam::286370965832:role/github_actions_admin
          aws-region: us-east-1
      # Installs the Terraform binary and some other accessory functions.
      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v2
      # Checks whether Terraform is formatted properly. If this fails, you
      # should install the pre-commit hook.
      - name: Check Formatting
        working-directory: ${{ env.TERRAFORM_DIRECTORY }}
        run: |
          terraform fmt -no-color -check -diff -recursive
      # Connects to remote state backend and download providers.
      - name: Terraform Init
        working-directory: ${{ env.TERRAFORM_DIRECTORY }}
        run: terraform init -input=false
      # Deploys infrastructure or changes to infrastructure.
      - name: Terraform Apply
        if: inputs.action == 'create'
        working-directory: ${{ env.TERRAFORM_DIRECTORY }}
        run: |
          terraform apply \
            -auto-approve \
            -input=false
      # Removes infrastructure.
      - name: Terraform Destroy
        if: inputs.action == 'destroy'
        working-directory: ${{ env.TERRAFORM_DIRECTORY }}
        run: |
          terraform destroy \
            -auto-approve \
            -input=false
      - name: Get Host IP
        if: inputs.action == 'create'
        id: host
        working-directory: ${{ env.TERRAFORM_DIRECTORY }}
        run: terraform output -raw host_ip
      - name: Wait on SSH
        if: inputs.action == 'create'
        run: |
          for i in $(seq 1 15); do
            if $(nc -z -w 3 ${{ steps.host.outputs.stdout }} 22); then
              exit 0
            fi
            sleep 10
          done
      - name: Write Identity Keys to Files
        if: inputs.action == 'create'
        run: |
          echo "${{ env.DEPLOY_IDENTITY_BASE64 }}" | base64 -d > deploy_ed25519
          chmod 0600 deploy_ed25519
          echo "${{ env.FLAME_IDENTITY_BASE64 }}" | base64 -d > flame_ed25519
          chmod 0600 flame_ed25519
          mkdir -pv "${HOME}/.ssh/"
          cp deploy_ed25519 "${HOME}/.ssh/id_ed25519"
      - name: Run nixos-anywhere
        if: inputs.action == 'create'
        run: |
          nix run github:nix-community/nixos-anywhere -- --flake github:nmasur/dotfiles#flame --build-on remote --no-reboot --target-host ubuntu@${{ steps.host.outputs.stdout }}
          reboot now
      - name: Wait on SSH After Reboot
        if: inputs.action == 'create'
        run: |
          for i in $(seq 1 15); do
            if $(nc -z -w 3 ${{ steps.host.outputs.stdout }} 22); then
              exit 0
            fi
            sleep 10
          done
      - name: Copy Identity File to Host
        if: inputs.action == 'create'
        run: |
          ssh -i deploy_ed25519 -o StrictHostKeyChecking=accept-new noah@${{ steps.host.outputs.stdout }} 'mkdir -pv .ssh'
          scp -i deploy_ed25519 flame_ed25519 noah@${{ steps.host.outputs.stdout }}:~/.ssh/id_ed25519
      # - name: Wipe Records
      #   if: ${{ inputs.action == 'destroy' }}
      #   run: |
      #     RECORD_ID=$(curl --request GET \
      #        --url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records \
      #        --header 'Content-Type: application/json' \
      #        --header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}" | jq -r '.result[] | select(.name == "n8n2.${{ env.ZONE_NAME }}") | .id')
      #     curl --request DELETE \
      #        --url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records/${RECORD_ID} \
      #        --header 'Content-Type: application/json' \
      #        --header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}"
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@@ -3,7 +3,7 @@ name: Update Flake
 on:
  workflow_dispatch: # allows manual triggering
  schedule:
-    - cron: '33 3 * * 0' # runs weekly on Sunday at 03:33
+    - cron: '33 3 * * 6' # runs weekly on Saturday at 03:33
 permissions:
  contents: write
@@ -19,12 +19,14 @@ jobs:
        uses: actions/checkout@v3
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@v11
        with:
          nix-package-url: https://releases.nixos.org/nix/nix-2.18.4/nix-2.18.4-x86_64-linux.tar.xz
      - name: Check Nixpkgs Inputs
        uses: DeterminateSystems/flake-checker-action@v7
      - name: Add Nix Cache
        uses: DeterminateSystems/magic-nix-cache-action@v6
      - name: Update flake.lock
-        uses: DeterminateSystems/update-flake-lock@v21
+        uses: DeterminateSystems/update-flake-lock@v23
        id: update
        with:
          pr-title: "Update flake.lock" # Title of PR to be created
--- a/README.md
+++ b/README.md
@@ -8,38 +8,38 @@ configuration may be difficult to translate to a non-Nix system.
 ## System Features
-| Feature        | Program                                             | Configuration                                 |
+| Feature        | Program                                             | Configuration                                                                     |
-|----------------|-----------------------------------------------------|-----------------------------------------------|
+|----------------|-----------------------------------------------------|-----------------------------------------------------------------------------------|
-| OS             | [NixOS](https://nixos.org)                          | [Link](./modules/nixos)                       |
+| OS             | [NixOS](https://nixos.org)                          | [Link](./platforms/nixos)                                                         |
-| Display Server | [X11](https://www.x.org/wiki/)                      | [Link](./modules/nixos/graphical/xorg.nix)    |
+| Display Server | [X11](https://www.x.org/wiki/)                      | [Link](./platforms/nixos/modules/nmasur/profiles/gui.nix)                         |
-| Compositor     | [Picom](https://github.com/yshui/picom)             | [Link](./modules/nixos/graphical/picom.nix)   |
+| Compositor     | [Picom](https://github.com/yshui/picom)             | [Link](./platforms/home-manager/modules/nmasur/presets/services/picom.nix)        |
-| Window Manager | [i3](https://i3wm.org/)                             | [Link](./modules/nixos/graphical/i3.nix)      |
+| Window Manager | [i3](https://i3wm.org/)                             | [Link](./platforms/home-manager/modules/nmasur/presets/services/i3.nix)           |
-| Panel          | [Polybar](https://polybar.github.io/)               | [Link](./modules/nixos/graphical/polybar.nix) |
+| Panel          | [Polybar](https://polybar.github.io/)               | [Link](./platforms/home-manager/modules/nmasur/presets/services/polybar.nix)      |
-| Font           | [Victor Mono](https://rubjo.github.io/victor-mono/) | [Link](./modules/nixos/graphical/fonts.nix)   |
+| Font           | [Victor Mono](https://rubjo.github.io/victor-mono/) | [Link](./platforms/home-manager/modules/nmasur/presets/fonts.nix)                 |
-| Launcher       | [Rofi](https://github.com/davatorium/rofi)          | [Link](./modules/nixos/graphical/rofi.nix)    |
+| Launcher       | [Rofi](https://github.com/davatorium/rofi)          | [Link](./platforms/home-manager/modules/nmasur/presets/programs/rofi/default.nix) |
 ## User Features
-| Feature      | Program                                                                          | Configuration                                      |
+| Feature      | Program                                                                          | Configuration                                                                 |
-|--------------|----------------------------------------------------------------------------------|----------------------------------------------------|
+|--------------|----------------------------------------------------------------------------------|-------------------------------------------------------------------------------|
-| Dotfiles     | [Home-Manager](https://github.com/nix-community/home-manager)                    | [Link](./modules/common)                           |
+| Dotfiles     | [Home-Manager](https://github.com/nix-community/home-manager)                    | [Link](./platforms/home-manager)                                              |
-| Terminal     | [Kitty](https://sw.kovidgoyal.net/kitty/)                                        | [Link](./modules/common/applications/kitty.nix)    |
+| Terminal     | [Ghostty](https://sw.kovidgoyal.net/kitty/)                                      | [Link](./platforms/home-manager/modules/nmasur/presets/programs/ghostty.nix)  |
-| Shell        | [Fish](https://fishshell.com/)                                                   | [Link](./modules/common/shell/fish)                |
+| Shell        | [Fish](https://fishshell.com/)                                                   | [Link](./platforms/home-manager/modules/nmasur/presets/programs/fish.nix)     |
-| Shell Prompt | [Starship](https://starship.rs/)                                                 | [Link](./modules/common/shell/starship.nix)        |
+| Shell Prompt | [Starship](https://starship.rs/)                                                 | [Link](./platforms/home-manager/modules/nmasur/presets/programs/starship.nix) |
-| Colorscheme  | [Gruvbox](https://github.com/morhetz/gruvbox)                                    | [Link](./colorscheme/gruvbox/default.nix)          |
+| Colorscheme  | [Gruvbox](https://github.com/morhetz/gruvbox)                                    | [Link](./colorscheme/gruvbox/default.nix)                                     |
-| Wallpaper    | [Road](https://gitlab.com/exorcist365/wallpapers/-/blob/master/gruvbox/road.jpg) | [Link](./hosts/tempest/default.nix)                |
+| Wallpaper    | [Road](https://gitlab.com/exorcist365/wallpapers/-/blob/master/gruvbox/road.jpg) | [Link](./hosts/x86_64-linux/tempest/default.nix)                              |
-| Text Editor  | [Neovim](https://neovim.io/)                                                     | [Link](./modules/common/neovim/config)             |
+| Text Editor  | [Neovim](https://neovim.io/)                                                     | [Link](./pkgs/applications/editors/neovim/nmasur/neovim/package.nix)          |
-| Browser      | [Firefox](https://www.mozilla.org/en-US/firefox/new/)                            | [Link](./modules/common/applications/firefox.nix)  |
+| Browser      | [Firefox](https://www.mozilla.org/en-US/firefox/new/)                            | [Link](./platforms/home-manager/modules/nmasur/presets/programs/firefox.nix)  |
-| E-Mail       | [Aerc](https://aerc-mail.org/)                                                   | [Link](./modules/common/mail/aerc.nix)             |
+| E-Mail       | [Aerc](https://aerc-mail.org/)                                                   | [Link](./platforms/home-manager/modules/nmasur/presets/programs/aerc.nix)     |
-| File Manager | [Nautilus](https://wiki.gnome.org/action/show/Apps/Files)                        | [Link](./modules/common/applications/nautilus.nix) |
+| File Manager | [Nautilus](https://wiki.gnome.org/action/show/Apps/Files)                        | [Link](./platforms/home-manager/modules/nmasur/presets/programs/nautilus.nix) |
-| PDF Reader   | [Zathura](https://pwmt.org/projects/zathura/)                                    | [Link](./modules/common/applications/media.nix)    |
+| PDF Reader   | [Zathura](https://pwmt.org/projects/zathura/)                                    | [Link](./platforms/home-manager/modules/nmasur/presets/programs/zathura.nix)  |
-| Video Player | [mpv](https://mpv.io/)                                                           | [Link](./modules/common/applications/media.nix)    |
+| Video Player | [mpv](https://mpv.io/)                                                           | [Link](./platforms/home-manager/modules/nmasur/presets/programs/mpv.nix)      |
 ## macOS Features
 | Feature  | Program                                     | Configuration                        |
 |----------|---------------------------------------------|--------------------------------------|
-| Keybinds | [Hammerspoon](https://www.hammerspoon.org/) | [Link](./modules/darwin/hammerspoon) |
+| Keybinds | [Hammerspoon](https://www.hammerspoon.org/) | [Link](./platforms/home-manager/modules/nmasur/presets/services/hammerspoon/) |
 # Diagram
@@ -51,15 +51,16 @@ configuration may be difficult to translate to a non-Nix system.
 This repo contains a few more elaborate elements of configuration.
- [Neovim config](./modules/common/neovim/default.nix) generated with Nix2Vim
+- [Neovim config](./pkgs/applications/editors/neovim/nmasur/neovim/package.nix)
-and source-controlled plugins, differing based on installed LSPs, for example.
+generated with Nix2Vim and source-controlled plugins,
- [Caddy JSON](./modules/nixos/services/caddy.nix) file (routes, etc.) based
+differing based on installed LSPs, for example. - [Caddy
-dynamically on enabled services rendered with Nix.
+JSON](./platforms/nixos/modules/nmasur/presets/services/caddy.nix) file (routes,
- [Grafana config](./modules/nixos/services/grafana.nix) rendered with Nix.
+etc.) based dynamically on enabled services rendered with Nix. - [Grafana
- Custom [secrets deployment](./modules/nixos/services/secrets.nix) similar to
+config](./platforms/nixos/modules/nmasur/presets/services/grafana/grafana.nix)
-agenix.
+rendered with Nix. - Custom [secrets
- Base16 [colorschemes](./colorscheme/) applied to multiple applications,
+deployment](./platforms/nixos/modules/secrets.nix) similar to agenix. - Base16
-including Firefox userChrome.
+[colorschemes](./colorscheme/) applied to multiple applications, including
 Firefox userChrome.
 ---
--- a/apps/README.md
+++ b/apps/README.md
@@ -1,9 +0,0 @@
 # Apps
 These are all my miscellaneous utilies and scripts to accompany this project.
 They can be run with:
 ```
 nix run github:nmasur/dotfiles#appname
 ```
--- a/apps/default.nix
+++ b/apps/default.nix
@@ -1,34 +0,0 @@
 { pkgs, ... }:
 rec {
  # Show quick helper
  default = import ./help.nix { inherit pkgs; };
  # Format primary disk
  format-root = import ./format-root.nix { inherit pkgs; };
  # Format and install from nothing (deprecated)
  installer = import ./installer.nix { inherit pkgs; };
  # Display the readme for this repository
  readme = import ./readme.nix { inherit pkgs; };
  # Rebuild
  rebuild = import ./rebuild.nix { inherit pkgs; };
  # Load the SSH key for this machine
  loadkey = import ./loadkey.nix { inherit pkgs; };
  # Encrypt secret for all machines
  encrypt-secret = import ./encrypt-secret.nix { inherit pkgs; };
  # Re-encrypt secrets for all machines
  reencrypt-secrets = import ./reencrypt-secrets.nix { inherit pkgs; };
  # Connect machine metrics to Netdata Cloud
  netdata = import ./netdata-cloud.nix { inherit pkgs; };
  # Run neovim as an app
  neovim = import ./neovim.nix { inherit pkgs; };
  nvim = neovim;
 }
--- a/apps/encrypt-secret.nix
+++ b/apps/encrypt-secret.nix
@@ -1,19 +0,0 @@
 { pkgs, ... }:
 {
  # nix run github:nmasur/dotfiles#encrypt-secret > private/mysecret.age
  type = "app";
  program = builtins.toString (
    pkgs.writeShellScript "encrypt-secret" ''
      printf "\nEnter the secret data to encrypt for all hosts...\n\n" 1>&2
      read -p "Secret: " secret
      printf "\nEncrypting...\n\n" 1>&2
      tmpfile=$(mktemp)
      echo "''${secret}" > ''${tmpfile}
      ${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../misc/public-keys} $tmpfile
      rm $tmpfile
    ''
  );
 }
--- a/apps/format-root.nix
+++ b/apps/format-root.nix
@@ -1,41 +0,0 @@
 { pkgs, ... }:
 {
  # This script will partition and format drives; use at your own risk!
  type = "app";
  program = builtins.toString (
    pkgs.writeShellScript "format-root" ''
      set -e
      DISK=$1
      if [ -z "''${DISK}" ]; then
          ${pkgs.gum}/bin/gum style --width 50 --margin "1 2" --padding "2 4" \
              --foreground "#fb4934" \
              "Missing required parameter." \
              "Usage: format-root -- <disk>" \
              "Flake example: nix run github:nmasur/dotfiles#format-root -- nvme0n1"
          echo "(exiting)"
          exit 1
      fi
      ${pkgs.disko-packaged}/bin/disko \
          --mode create \
          --dry-run \
          --flake "path:$(pwd)#root" \
          --arg disk \""/dev/''${DISK}"\"
      ${pkgs.gum}/bin/gum confirm \
          "This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \
          --default=false
      ${pkgs.disko-packaged}/bin/disko \
          --mode create \
          --flake "path:$(pwd)#root" \
          --arg disk "/dev/''${DISK}"
    ''
  );
 }
--- a/apps/help.nix
+++ b/apps/help.nix
@@ -1,25 +0,0 @@
 { pkgs, ... }:
 {
  type = "app";
  program = builtins.toString (
    pkgs.writeShellScript "default" ''
      ${pkgs.gum}/bin/gum style --margin "1 2" --padding "0 2" --foreground "15" --background "55" "Options"
      ${pkgs.gum}/bin/gum format --type=template -- '  {{ Italic "Run with" }} {{ Color "15" "69" " nix run github:nmasur/dotfiles#" }}{{ Color "15" "62" "someoption" }}{{ Color "15" "69" " " }}.'
      echo ""
      echo ""
      ${pkgs.gum}/bin/gum format --type=template -- \
          '  • {{ Color "15" "57" " readme " }} {{ Italic "Documentation for this repository." }}' \
          '  • {{ Color "15" "57" " rebuild " }} {{ Italic "Switch to this configuration." }}' \
          '  • {{ Color "15" "57" " installer " }} {{ Italic "Format and install from nothing." }}' \
          '  • {{ Color "15" "57" " neovim " }} {{ Italic "Test out the Neovim package." }}' \
          '  • {{ Color "15" "57" " loadkey " }} {{ Italic "Load an ssh key for this machine using melt." }}' \
          '  • {{ Color "15" "57" " encrypt-secret " }} {{ Italic "Encrypt a secret for all machines." }}' \
          '  • {{ Color "15" "57" " reencrypt-secrets " }} {{ Italic "Reencrypt all secrets when new machine is added." }}' \
          '  • {{ Color "15" "57" " netdata " }} {{ Italic "Connect a machine to Netdata cloud." }}'
      echo ""
      echo ""
    ''
  );
 }
--- a/apps/installer.nix
+++ b/apps/installer.nix
@@ -1,50 +0,0 @@
 { pkgs, ... }:
 {
  # Inspired by https://github.com/cleverca22/nix-tests/blob/master/kexec/justdoit.nix
  # This script will partition and format drives; use at your own risk!
  type = "app";
  program = builtins.toString (
    pkgs.writeShellScript "installer" ''
      set -e
      DISK=$1
      FLAKE=$2
      PARTITION_PREFIX=""
      if [ -z "$DISK" ] || [ -z "$FLAKE" ]; then
          ${pkgs.gum}/bin/gum style --width 50 --margin "1 2" --padding "2 4" \
              --foreground "#fb4934" \
              "Missing required parameter." \
              "Usage: installer -- <disk> <host>" \
              "Example: installer -- nvme0n1 tempest" \
              "Flake example: nix run github:nmasur/dotfiles#installer -- nvme0n1 tempest"
          echo "(exiting)"
          exit 1
      fi
      case "$DISK" in nvme*)
          PARTITION_PREFIX="p"
      esac
      ${pkgs.gum}/bin/gum confirm \
          "This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \
          --default=false
      ${pkgs.parted}/bin/parted /dev/''${DISK} -- mklabel gpt
      ${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart primary 512MiB 100%
      ${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart ESP fat32 1MiB 512MiB
      ${pkgs.parted}/bin/parted /dev/''${DISK} -- set 3 esp on
      mkfs.ext4 -L nixos /dev/''${DISK}''${PARTITION_PREFIX}1
      mkfs.fat -F 32 -n boot /dev/''${DISK}''${PARTITION_PREFIX}2
      mount /dev/disk/by-label/nixos /mnt
      mkdir --parents /mnt/boot
      mount /dev/disk/by-label/boot /mnt/boot
      ${pkgs.nixos-install-tools}/bin/nixos-install --flake github:nmasur/dotfiles#''${FLAKE}
    ''
  );
 }
--- a/apps/loadkey.nix
+++ b/apps/loadkey.nix
@@ -1,15 +0,0 @@
 { pkgs, ... }:
 {
  type = "app";
  program = builtins.toString (
    pkgs.writeShellScript "loadkey" ''
      printf "\nEnter the seed phrase for your SSH key...\n"
      printf "\nThen press ^D when complete.\n\n"
      mkdir -p ~/.ssh/
      ${pkgs.melt}/bin/melt restore ~/.ssh/id_ed25519
      printf "\n\nContinuing activation.\n\n"
    ''
  );
 }
--- a/apps/neovim.nix
+++ b/apps/neovim.nix
@@ -1,12 +0,0 @@
 { pkgs, ... }:
 {
  type = "app";
  program = "${
    (import ../modules/common/neovim/package {
      inherit pkgs;
      colors = (import ../colorscheme/nord).dark;
    })
  }/bin/nvim";
 }
--- a/apps/netdata-cloud.nix
+++ b/apps/netdata-cloud.nix
@@ -1,21 +0,0 @@
 { pkgs, ... }:
 {
  type = "app";
  program = builtins.toString (
    pkgs.writeShellScript "netdata-cloud" ''
      if [ "$EUID" -ne 0 ]; then
        echo "Please run as root"
        exit 1
      fi
      mkdir --parents --mode 0750 /var/lib/netdata/cloud.d
      printf "\nEnter the claim token for netdata cloud...\n\n"
      read -p "Token: " token
      echo "''${token}" > /var/lib/netdata/cloud.d/token
      chown -R netdata:netdata /var/lib/netdata
      ${pkgs.netdata}/bin/netdata-claim.sh -id=$(uuidgen)
      printf "\n\nNow restart netdata service.\n\n"
    ''
  );
 }
--- a/apps/readme.nix
+++ b/apps/readme.nix
@@ -1,11 +0,0 @@
 { pkgs, ... }:
 {
  type = "app";
  program = builtins.toString (
    pkgs.writeShellScript "readme" ''
      ${pkgs.glow}/bin/glow --pager ${builtins.toString ../README.md}
    ''
  );
 }
--- a/apps/rebuild.nix
+++ b/apps/rebuild.nix
@@ -1,17 +0,0 @@
 { pkgs, ... }:
 {
  type = "app";
  program = builtins.toString (
    pkgs.writeShellScript "rebuild" ''
      echo ${pkgs.system}
      SYSTEM=${if pkgs.stdenv.isDarwin then "darwin" else "linux"}
      if [ "$SYSTEM" == "darwin" ]; then
          sudo darwin-rebuild switch --flake ${builtins.toString ../.}
      else
          doas nixos-rebuild switch --flake ${builtins.toString ../.}
      fi
    ''
  );
 }
--- a/apps/reencrypt-secrets.nix
+++ b/apps/reencrypt-secrets.nix
@@ -1,27 +0,0 @@
 { pkgs, ... }:
 {
  # nix run github:nmasur/dotfiles#reencrypt-secrets ./private
  type = "app";
  program = builtins.toString (
    pkgs.writeShellScript "reencrypt-secrets" ''
      if [ $# -eq 0 ]; then
        echo "Must provide directory to reencrypt."
        exit 1
      fi
      encrypted=$1
      for encryptedfile in ''${1}/*; do
        tmpfile=$(mktemp)
        echo "Decrypting ''${encryptedfile}..."
        ${pkgs.age}/bin/age --decrypt \
          --identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile
        echo "Encrypting ''${encryptedfile}..."
        ${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../misc/public-keys} $tmpfile > $encryptedfile
        rm $tmpfile
      done
      echo "Finished."
    ''
  );
 }
--- a/hosts/arrow/aws/ec2.tf
+++ b/hosts/arrow/aws/ec2.tf
--- a/hosts/arrow/aws/image.tf
+++ b/hosts/arrow/aws/image.tf
--- a/hosts/arrow/aws/main.tf
+++ b/hosts/arrow/aws/main.tf
--- a/hosts/arrow/aws/outputs.tf
+++ b/hosts/arrow/aws/outputs.tf
--- a/hosts/arrow/aws/variables.tf
+++ b/hosts/arrow/aws/variables.tf
--- a/deploy/oracle/main.tf
+++ b/deploy/oracle/main.tf
@@ -0,0 +1,115 @@
 terraform {
  backend "s3" {
    bucket       = "noahmasur-terraform"
    key          = "flame.tfstate"
    region       = "us-east-1"
    use_lockfile = true
  }
  required_version = ">= 1.0.0"
  required_providers {
    oci = {
      source  = "oracle/oci"
      version = "7.7.0"
    }
  }
 }
 provider "oci" {
  auth         = "APIKey"
  tenancy_ocid = var.compartment_ocid
  user_ocid    = "ocid1.user.oc1..aaaaaaaa6lro2eoxdajjypjysepvzcavq5yn4qyozjyebxdiaoqziribuqba"
  private_key  = var.oci_private_key
  fingerprint  = "dd:d0:da:6d:83:46:8b:b3:d9:45:2b:c7:56:ae:30:94"
  region       = "us-ashburn-1"
 }
 # Get the latest Ubuntu image OCID
 # We'll filter for a recent Ubuntu LTS version (e.g., 22.04 or 24.04) and pick the latest.
 # Note: Image OCIDs are region-specific. This data source helps find the correct one.
 data "oci_core_images" "ubuntu_image" {
  compartment_id   = var.compartment_ocid
  operating_system = "Canonical Ubuntu"
  # Adjust this version if you prefer a different Ubuntu LTS (e.g., "24.04")
  operating_system_version = "24.04"
  shape                    = var.instance_shape # Filter by the shape to ensure compatibility
  sort_by                  = "TIMECREATED"
  sort_order               = "DESC"
 }
 # resource "oci_core_image" "my_custom_image" {
 #   compartment_id = var.compartment_ocid
 #   display_name   = "noah-nixos"
 #   image_source_details {
 #     source_type = "objectStorageTuple" # Use this if specifying namespace, bucket, and object name
 #     # source_type  = "objectStorageUri"  # Use this if you have a pre-authenticated request URL (PAR)
 #     namespace_name = var.object_storage_namespace
 #     bucket_name    = var.object_storage_bucket_name
 #     object_name    = var.object_storage_object_name
 #     source_image_type = "QCOW2" # e.g., "QCOW2", "VMDK"
 #     # These properties help OCI understand how to launch instances from this image
 #     # Adjust based on your custom image's OS and boot mode
 #     operating_system         = "NixOS" # e.g., "CentOS", "Debian", "Windows"
 #     operating_system_version = "25.05" # e.g., "7", "11", "2019"
 #   }
 #   launch_mode = "PARAVIRTUALIZED" # Or "NATIVE", "EMULATED", "CUSTOM"
 #   # Optional: for specific launch options if your image requires them
 #   # launch_options {
 #   #   boot_volume_type = "PARAVIRTUALIZED"
 #   #   firmware         = "UEFI_64" # Or "BIOS"
 #   #   network_type     = "PARAVIRTUALIZED"
 #   # }
 #   # Time out for image import operation. Can take a while for large images.
 #   timeouts {
 #     create = "60m" # Default is 20m, often needs to be increased
 #   }
 # }
 data "oci_identity_availability_domains" "ads" {
  compartment_id = var.compartment_ocid
 }
 resource "oci_core_instance" "my_compute_instance" {
  compartment_id      = var.compartment_ocid
  availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name
  shape               = var.instance_shape
  display_name        = var.instance_display_name
  source_details {
    source_type = "image"
    # Use the OCID of the latest Ubuntu image found by the data source
    source_id = data.oci_core_images.ubuntu_image.images[0].id
    # # Use the OCID of the newly imported custom image
    # source_id = oci_core_image.my_custom_image.id
    # Specify the boot volume size
    boot_volume_size_in_gbs = var.boot_volume_size_in_gbs
    boot_volume_vpus_per_gb = 20 # Highest free tier option
  }
  # launch_options {
  #   is_consistent_volume_naming_enabled = true              # Sets boot device path to /dev/oracleoci/oraclevda
  #   network_type                        = "PARAVIRTUALIZED" # I think this is the default?
  # }
  create_vnic_details {
    subnet_id        = oci_core_subnet.my_public_subnet.id # Use the created subnet's ID
    display_name     = "primary_vnic"
    assign_public_ip = true
    hostname_label   = "flame"
  }
  metadata = {
    ssh_authorized_keys = var.ssh_public_key
    user_data           = base64encode(var.cloud_init_script)
  }
  # Optional: For flexible shapes (e.g., VM.Standard.E4.Flex), you might need to specify OCPUs and memory
  shape_config {
    ocpus         = 4
    memory_in_gbs = 24
  }
 }
--- a/deploy/oracle/network.tf
+++ b/deploy/oracle/network.tf
@@ -0,0 +1,126 @@
 resource "oci_core_vcn" "my_vpc" {
  compartment_id = var.compartment_ocid
  display_name   = "main"
  cidr_block     = "10.0.0.0/16"
  is_ipv6enabled = false
  dns_label      = "mainvcn" # Must be unique within your tenancy
 }
 resource "oci_core_internet_gateway" "my_igw" {
  compartment_id = var.compartment_ocid
  vcn_id         = oci_core_vcn.my_vpc.id
  display_name   = "main-igw"
  enabled        = true
 }
 resource "oci_core_route_table" "my_public_route_table" {
  compartment_id = var.compartment_ocid
  vcn_id         = oci_core_vcn.my_vpc.id
  display_name   = "main-public-rt"
  # Default route to the Internet Gateway
  route_rules {
    destination       = "0.0.0.0/0"
    destination_type  = "CIDR_BLOCK"
    network_entity_id = oci_core_internet_gateway.my_igw.id
  }
 }
 resource "oci_core_security_list" "my_public_security_list" {
  compartment_id = var.compartment_ocid
  vcn_id         = oci_core_vcn.my_vpc.id
  display_name   = "main-public-sl"
  # Egress Rules (Allow all outbound traffic)
  egress_security_rules {
    destination      = "0.0.0.0/0"
    destination_type = "CIDR_BLOCK"
    protocol         = "all"
  }
  # Ingress Rules
  ingress_security_rules {
    # SSH (TCP 22)
    protocol    = "6" # TCP
    source      = "0.0.0.0/0"
    source_type = "CIDR_BLOCK"
    tcp_options {
      min = 22
      max = 22
    }
  }
  ingress_security_rules {
    # HTTP (TCP 80)
    protocol    = "6" # TCP
    source      = "0.0.0.0/0"
    source_type = "CIDR_BLOCK"
    tcp_options {
      min = 80
      max = 80
    }
  }
  ingress_security_rules {
    # HTTPS (TCP 443)
    protocol    = "6" # TCP
    source      = "0.0.0.0/0"
    source_type = "CIDR_BLOCK"
    tcp_options {
      min = 443
      max = 443
    }
  }
  ingress_security_rules {
    # Custom Minecraft
    protocol    = "6" # TCP
    source      = "0.0.0.0/0"
    source_type = "CIDR_BLOCK"
    tcp_options {
      min = 49732
      max = 49732
    }
  }
  ingress_security_rules {
    # HTTPS (UDP 443) - For QUIC or specific UDP services
    protocol    = "17" # UDP
    source      = "0.0.0.0/0"
    source_type = "CIDR_BLOCK"
    udp_options {
      min = 443
      max = 443
    }
  }
  ingress_security_rules {
    # ICMP (Ping)
    protocol    = "1" # ICMP
    source      = "0.0.0.0/0"
    source_type = "CIDR_BLOCK"
    icmp_options {
      type = 3 # Destination Unreachable (common for connectivity checks)
      code = 4 # Fragmentation needed
    }
  }
  ingress_security_rules {
    protocol    = "1" # ICMP
    source      = "0.0.0.0/0"
    source_type = "CIDR_BLOCK"
    icmp_options {
      type = 8 # Echo Request (ping)
    }
  }
 }
 resource "oci_core_subnet" "my_public_subnet" {
  compartment_id             = var.compartment_ocid
  vcn_id                     = oci_core_vcn.my_vpc.id
  display_name               = "main-public-subnet"
  cidr_block                 = "10.0.0.0/24"
  prohibit_public_ip_on_vnic = false # Allows instances in this subnet to get public IPs
  route_table_id             = oci_core_route_table.my_public_route_table.id
  security_list_ids          = [oci_core_security_list.my_public_security_list.id]
  dns_label                  = "mainsub" # Must be unique within the VCN
 }
--- a/deploy/oracle/outputs.tf
+++ b/deploy/oracle/outputs.tf
@@ -0,0 +1,19 @@
 output "host_ip" {
  description = "The public IP address of the launched instance."
  value       = oci_core_instance.my_compute_instance.public_ip
 }
 output "instance_id" {
  description = "The OCID of the launched instance."
  value       = oci_core_instance.my_compute_instance.id
 }
 output "vpc_ocid" {
  description = "The OCID of the created VCN."
  value       = oci_core_vcn.my_vpc.id
 }
 output "subnet_ocid" {
  description = "The OCID of the created public subnet."
  value       = oci_core_subnet.my_public_subnet.id
 }
--- a/deploy/oracle/variables.tf
+++ b/deploy/oracle/variables.tf
@@ -0,0 +1,63 @@
 variable "boot_volume_size_in_gbs" {
  description = "The size of the boot volume in GBs."
  type        = number
  default     = 150
 }
 variable "cloud_init_script" {
  description = "A cloud-init script to run on instance launch."
  type        = string
  default     = <<-EOF
              #!/bin/bash
              echo "Hello from cloud-init!" > /home/ubuntu/cloud-init-output.txt
              EOF
 }
 variable "compartment_ocid" {
  description = "The OCID of the compartment where the instance will be created."
  type        = string
  default     = "ocid1.tenancy.oc1..aaaaaaaaudwr2ozedhjnrn76ofjgglgug6gexknjisd7gb7tkj3mjdp763da"
 }
 variable "instance_display_name" {
  description = "A user-friendly name for the instance."
  type        = string
  default     = "noah-nixos"
 }
 variable "instance_shape" {
  description = "The shape of the OCI compute instance."
  type        = string
  default     = "VM.Standard.A1.Flex" # Example shape. Choose one available in your region/AD.
 }
 variable "object_storage_namespace" {
  description = "Your OCI Object Storage namespace (usually your tenancy name)."
  type        = string
  default     = "idptr5akf9pf"
 }
 variable "object_storage_bucket_name" {
  description = "The name of the Object Storage bucket where your custom image is located."
  type        = string
  default     = "noahmasur-images"
 }
 variable "object_storage_object_name" {
  description = "The object name (file name) of your custom image in Object Storage."
  type        = string
  default     = "nixos.qcow2"
 }
 variable "oci_private_key" {
  type        = string
  description = "API private key for Oracle Cloud management"
  sensitive   = true
 }
 variable "ssh_public_key" {
  description = "Your public SSH key content."
  type        = string
  # default     = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpPU2G9rSF8Q6waH62IJexDCQ6lY+8ZyVufGE3xMDGw actions-deploy"
 }
--- a/hosts/arrow/vultr/main.tf
+++ b/hosts/arrow/vultr/main.tf
--- a/disks/README.md
+++ b/disks/README.md
@@ -1,5 +0,0 @@
 # Disks
 These are my [disko](https://github.com/nix-community/disko) configurations,
 which allow me to save desired disk formatting layouts as a declarative file so
 I don't have to remember how to format my disks later on.
--- a/disks/zfs.nix
+++ b/disks/zfs.nix
@@ -1,98 +0,0 @@
 { pool, disks, ... }:
 {
  disk = lib.genAttrs disks (disk: {
    "${disk}" = {
      type = "disk";
      device = "/dev/${disk}";
      content = {
        type = "table";
        format = "gpt";
        partitions = [
          {
            type = "partition";
            name = "zfs";
            start = "128MiB";
            end = "100%";
            content = {
              type = "zfs";
              pool = pool;
            };
          }
        ];
      };
    };
  });
  zpool = {
    "${pool}" = {
      type = "zpool";
      mode = "raidz1";
      rootFsOptions = {
        compression = "on"; # lz4 by default
        "com.sun:auto-snapshot" = "false";
        ashift = "12";
      };
      # mountpoint = "/";
      datasets = {
        root = {
          zfs_type = "filesystem";
          mountpoint = null;
          options."com.sun:auto-snapshot" = "false";
        };
        # "media/movies" = {
        #   zfs_type = "filesystem";
        #   mountpoint = "/media/movies";
        #   options.recordsize = "1M";
        # };
        # "media/tv" = {
        #   zfs_type = "filesystem";
        #   mountpoint = "/media/tv";
        #   options.recordsize = "1M";
        # };
        # "media/books" = {
        #   zfs_type = "filesystem";
        #   mountpoint = "/media/books";
        # };
        # archive = {
        #   zfs_type = "filesystem";
        #   mountpoint = "/archive";
        #   options.compression = "zstd";
        #   options."com.sun:auto-snapshot" = "true";
        # };
        # zfs_unmounted_fs = {
        #   zfs_type = "filesystem";
        #   options.mountpoint = "none";
        # };
        # zfs_legacy_fs = {
        #   zfs_type = "filesystem";
        #   options.mountpoint = "legacy";
        #   mountpoint = "/zfs_legacy_fs";
        # };
        # zfs_testvolume = {
        #   zfs_type = "volume";
        #   size = "10M";
        #   content = {
        #     type = "filesystem";
        #     format = "ext4";
        #     mountpoint = "/ext4onzfs";
        #   };
        # };
        # encrypted = {
        #   zfs_type = "filesystem";
        #   size = "20M";
        #   options = {
        #     mountpoint = "none";
        #     encryption = "aes-256-gcm";
        #     keyformat = "passphrase";
        #     keylocation = "file:///tmp/secret.key";
        #   };
        # };
        # "encrypted/test" = {
        #   zfs_type = "filesystem";
        #   size = "2M";
        #   mountpoint = "/zfs_crypted";
        # };
      };
    };
  };
 }
--- a/flake.lock
+++ b/flake.lock
@@ -1,61 +1,12 @@
 {
  "nodes": {
    "baleia-nvim-src": {
      "flake": false,
      "locked": {
        "lastModified": 1717182435,
        "narHash": "sha256-duI3myrJSvmtjF9n7NVrVOsuSo1O3JEypA5ghBHsULc=",
        "owner": "m00qek",
        "repo": "baleia.nvim",
        "rev": "4d3b27dbec65a44ceecd9306f605a980bcf4e9b1",
        "type": "github"
      },
      "original": {
        "owner": "m00qek",
        "repo": "baleia.nvim",
        "type": "github"
      }
    },
    "base16-nvim-src": {
      "flake": false,
      "locked": {
        "lastModified": 1716483968,
        "narHash": "sha256-GRF/6AobXHamw8TZ3FjL7SI6ulcpwpcohsIuZeCSh2A=",
        "owner": "RRethy",
        "repo": "base16-nvim",
        "rev": "6ac181b5733518040a33017dde654059cd771b7c",
        "type": "github"
      },
      "original": {
        "owner": "RRethy",
        "repo": "base16-nvim",
        "type": "github"
      }
    },
    "bufferline-nvim-src": {
      "flake": false,
      "locked": {
        "lastModified": 1716555412,
        "narHash": "sha256-8PCkY1zrlMrPGnQOb7MjqDXNlkeX46jrT4ScIL+MOwM=",
        "owner": "akinsho",
        "repo": "bufferline.nvim",
        "rev": "99337f63f0a3c3ab9519f3d1da7618ca4f91cffe",
        "type": "github"
      },
      "original": {
        "owner": "akinsho",
        "ref": "v4.6.1",
        "repo": "bufferline.nvim",
        "type": "github"
      }
    },
    "cl-nix-lite": {
      "locked": {
-        "lastModified": 1717972076,
+        "lastModified": 1728174978,
-        "narHash": "sha256-hnZEsDInTcsVSL5LBGDAZegAxVLBus/wiJh+sNM15zU=",
+        "narHash": "sha256-Grqqg+xuicANB85j0gNEXxi9SBKY7bzGeTuyi95eGcY=",
        "owner": "hraban",
        "repo": "cl-nix-lite",
-        "rev": "cc920bfb0a6402d3871f470c98d65266126973e4",
+        "rev": "31cfe6275c341eb3120a99f4b1c8516c49a29d87",
        "type": "github"
      },
      "original": {
@@ -64,22 +15,6 @@
        "type": "github"
      }
    },
    "cmp-nvim-lsp-src": {
      "flake": false,
      "locked": {
        "lastModified": 1715931395,
        "narHash": "sha256-CT1+Z4XJBVsl/RqvJeGmyitD6x7So0ylXvvef5jh7I8=",
        "owner": "hrsh7th",
        "repo": "cmp-nvim-lsp",
        "rev": "39e2eda76828d88b773cc27a3f61d2ad782c922d",
        "type": "github"
      },
      "original": {
        "owner": "hrsh7th",
        "repo": "cmp-nvim-lsp",
        "type": "github"
      }
    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
@@ -87,11 +22,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1718662658,
+        "lastModified": 1755825449,
-        "narHash": "sha256-AKG7BsqtVWDlefgzyKz7vjaKTLi4+bmTSBhowbQoZtM=",
+        "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "29b3096a6e283d7e6779187244cb2a3942239fdf",
+        "rev": "8df64f819698c1fee0c2969696f54a843b2231e8",
        "type": "github"
      },
      "original": {
@@ -108,11 +43,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1718846788,
+        "lastModified": 1756115622,
-        "narHash": "sha256-9dtXYtEkmXoUJV+PGLqscqF7qTn4AIhAKpFWRFU2NYs=",
+        "narHash": "sha256-iv8xVtmLMNLWFcDM/HcAPLRGONyTRpzL9NS09RnryRM=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "e1174d991944a01eaaa04bc59c6281edca4c0e6e",
+        "rev": "bafad29f89e83b2d861b493aa23034ea16595560",
        "type": "github"
      },
      "original": {
@@ -121,51 +56,14 @@
        "type": "github"
      }
    },
    "fidget-nvim-src": {
      "flake": false,
      "locked": {
        "lastModified": 1716093309,
        "narHash": "sha256-Gpk/G0ByOAIE8uX4Xr94CvAjJBSJMEOwBuvrhmYYGsg=",
        "owner": "j-hui",
        "repo": "fidget.nvim",
        "rev": "ef99df04a1c53a453602421bc0f756997edc8289",
        "type": "github"
      },
      "original": {
        "owner": "j-hui",
        "ref": "v1.4.5",
        "repo": "fidget.nvim",
        "type": "github"
      }
    },
    "firefox-darwin": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1718930737,
        "narHash": "sha256-+nKJ/VP6X+hirXqRry3GzdNn4OJvOdB4nRnJY22ixFw=",
        "owner": "bandithedoge",
        "repo": "nixpkgs-firefox-darwin",
        "rev": "087919070dffc9798a8cb753e97babe287f06c25",
        "type": "github"
      },
      "original": {
        "owner": "bandithedoge",
        "repo": "nixpkgs-firefox-darwin",
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1697816753,
+        "lastModified": 1730663653,
-        "narHash": "sha256-40to80AEIyKCQI0xMKCeF5ePoIKTYgjVVCZeu4CnTxM=",
+        "narHash": "sha256-kFCUWettiFHDIqxCWWQ9qY8pVh+Lj+XL0Giyy/kdomg=",
        "owner": "hraban",
        "repo": "flake-compat",
-        "rev": "6025bade1336a36014639bc3f67eacc853dab78f",
+        "rev": "e5b16676185cb7548581c852f51ce7f3a49bba5e",
        "type": "github"
      },
      "original": {
@@ -178,11 +76,11 @@
    "flake-compat_2": {
      "flake": false,
      "locked": {
-        "lastModified": 1696426674,
+        "lastModified": 1747046372,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
        "type": "github"
      },
      "original": {
@@ -191,16 +89,40 @@
        "type": "github"
      }
    },
-    "flake-utils": {
+    "flake-parts": {
      "inputs": {
-        "systems": "systems"
+        "nixpkgs-lib": [
          "nur",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1710146030,
+        "lastModified": 1733312601,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "type": "github"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": [
          "mac-app-util",
          "systems"
        ]
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
@@ -213,11 +135,11 @@
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1705309234,
+        "lastModified": 1731533236,
-        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
@@ -226,37 +148,24 @@
        "type": "github"
      }
    },
-    "flake-utils_3": {
+    "helix": {
      "inputs": {
-        "systems": "systems_3"
+        "nixpkgs": [
          "nixpkgs"
        ],
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1710146030,
+        "lastModified": 1756477005,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "narHash": "sha256-e/FNNIT/LPuoruzRQZf5z5L5GApq1G2y2PShy+Lakhs=",
-        "owner": "numtide",
+        "owner": "helix-editor",
-        "repo": "flake-utils",
+        "repo": "helix",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "rev": "77ff51caa440b1066e0a1920007ab5e148dd4856",
        "type": "github"
      },
      "original": {
-        "owner": "numtide",
+        "owner": "helix-editor",
-        "repo": "flake-utils",
+        "repo": "helix",
        "type": "github"
      }
    },
    "hmts-nvim-src": {
      "flake": false,
      "locked": {
        "lastModified": 1715076655,
        "narHash": "sha256-vDTqJQzLyg0nmlC+CrLnPkYti1rPxmvRW8eQq/9Zg+M=",
        "owner": "calops",
        "repo": "hmts.nvim",
        "rev": "19a91816c123173a4551a6a04f2882338f20db1d",
        "type": "github"
      },
      "original": {
        "owner": "calops",
        "repo": "hmts.nvim",
        "type": "github"
      }
    },
@@ -267,11 +176,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1718983978,
+        "lastModified": 1756496801,
-        "narHash": "sha256-lp6stESwTLBZUQ5GBivxwNehShmBp4jqeX/1xahM61w=",
+        "narHash": "sha256-IYIsnPy+cJxe8RbDHBrCtfJY0ry2bG2H7WvMcewiGS8=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "c559542f0aa87971a7f4c1b3478fe33cc904b902",
+        "rev": "77a71380c38fb2a440b4b5881bbc839f6230e1cb",
        "type": "github"
      },
      "original": {
@@ -288,14 +197,16 @@
        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
-        ]
+        ],
        "systems": "systems",
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1718893255,
+        "lastModified": 1756057867,
-        "narHash": "sha256-NdSDGdz5eU/EcnGn8ECP1V+mn5hyGOZQ4ybv2bWTpuk=",
+        "narHash": "sha256-ziR5eQGqRWhW8tf8r0TIplaqNt+HXu1G1X41LUr4IYo=",
        "owner": "hraban",
        "repo": "mac-app-util",
-        "rev": "1857b26aceaf64c2b6a357eb83cf34139b6365cc",
+        "rev": "8414fa1e2cb775b17793104a9095aabeeada63ef",
        "type": "github"
      },
      "original": {
@@ -304,74 +215,6 @@
        "type": "github"
      }
    },
    "markview-nvim-src": {
      "flake": false,
      "locked": {
        "lastModified": 1719592662,
        "narHash": "sha256-E1lHSjbnOOIeieaFJ+INvxJHCbfVS3mwbQ6wrlKeGSQ=",
        "owner": "OXY2DEV",
        "repo": "markview.nvim",
        "rev": "f60219dce7283192d549f21847fcf8537bf6d260",
        "type": "github"
      },
      "original": {
        "owner": "OXY2DEV",
        "repo": "markview.nvim",
        "type": "github"
      }
    },
    "nextcloud-cookbook": {
      "flake": false,
      "locked": {
        "lastModified": 1719431638,
        "narHash": "sha256-a8ekMnEzudHGiqHF53jPtgsVTOTc2QLuPg6YtTw5h68=",
        "type": "tarball",
        "url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.1/cookbook-0.11.1.tar.gz"
      },
      "original": {
        "type": "tarball",
        "url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.1/cookbook-0.11.1.tar.gz"
      }
    },
    "nextcloud-external": {
      "flake": false,
      "locked": {
        "lastModified": 1710338675,
        "narHash": "sha256-bJJ/dVmE1o04QCyrxD0sko0okRsnxJmT6sOTOmBiifs=",
        "type": "tarball",
        "url": "https://github.com/nextcloud-releases/external/releases/download/v5.4.0/external-v5.4.0.tar.gz"
      },
      "original": {
        "type": "tarball",
        "url": "https://github.com/nextcloud-releases/external/releases/download/v5.4.0/external-v5.4.0.tar.gz"
      }
    },
    "nextcloud-news": {
      "flake": false,
      "locked": {
        "lastModified": 1718102703,
        "narHash": "sha256-XNGjf7SWgJYFdVNOh3ED0jxSG0GJwWImVQq4cJT1Lo4=",
        "type": "tarball",
        "url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha7/news.tar.gz"
      },
      "original": {
        "type": "tarball",
        "url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha7/news.tar.gz"
      }
    },
    "nextcloud-snappymail": {
      "flake": false,
      "locked": {
        "lastModified": 1719667523,
        "narHash": "sha256-1bPStkTKgVCc/puq0G7EiEZy/xrNlNXaO/tiOaZ/Ovw=",
        "type": "tarball",
        "url": "https://snappymail.eu/repository/nextcloud/snappymail-2.36.3-nextcloud.tar.gz"
      },
      "original": {
        "type": "tarball",
        "url": "https://snappymail.eu/repository/nextcloud/snappymail-2.36.3-nextcloud.tar.gz"
      }
    },
    "nix2vim": {
      "inputs": {
        "flake-utils": "flake-utils_2",
@@ -380,11 +223,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1718621825,
+        "lastModified": 1755344765,
-        "narHash": "sha256-bSfjwRgKKpLyjEDPRAF1hlJKc7QDoqopalHwNCB/eAA=",
+        "narHash": "sha256-k/Cvh/mzb5lSvilKdgwNBCyAyYmD8YPr1nc0sTSgwxI=",
        "owner": "gytis-ivaskevicius",
        "repo": "nix2vim",
-        "rev": "1db11dbf8a4d124e02244fa5c4ff219b672a8e5b",
+        "rev": "78467c8de07719f92397179844bf75cdf2e58b83",
        "type": "github"
      },
      "original": {
@@ -395,11 +238,11 @@
    },
    "nixlib": {
      "locked": {
-        "lastModified": 1712450863,
+        "lastModified": 1736643958,
-        "narHash": "sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw=",
+        "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "3c62b6a12571c9a7f65ab037173ee153d539905f",
+        "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
        "type": "github"
      },
      "original": {
@@ -416,11 +259,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1718025593,
+        "lastModified": 1751903740,
-        "narHash": "sha256-WZ1gdKq/9u1Ns/oXuNsDm+W0salonVA0VY1amw8urJ4=",
+        "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "35c20ba421dfa5059e20e0ef2343c875372bdcf3",
+        "rev": "032decf9db65efed428afd2fa39d80f7089085eb",
        "type": "github"
      },
      "original": {
@@ -431,11 +274,43 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1718895438,
+        "lastModified": 1754340878,
-        "narHash": "sha256-k3JqJrkdoYwE3fHE6xGDY676AYmyh4U2Zw+0Bwe5DLU=",
+        "narHash": "sha256-lgmUyVQL9tSnvvIvBp7x1euhkkCho7n3TMzgjdvgPoU=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "d603719ec6e294f034936c0d0dc06f689d91b6c3",
+        "rev": "cab778239e705082fe97bb4990e0d24c50924c04",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1735563628,
        "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1756386758,
        "narHash": "sha256-1wxxznpW2CKvI9VdniaUnTT2Os6rdRJcRUf65ZK9OtE=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "dfb2f12e899db4876308eba6d93455ab7da304cd",
        "type": "github"
      },
      "original": {
@@ -445,29 +320,35 @@
        "type": "github"
      }
    },
-    "nixpkgs-caddy": {
+    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1699107987,
+        "lastModified": 1728538411,
-        "narHash": "sha256-nWXETr4Oqy/vOfzgWyMY04qzEN2iREFJc5ycQ3XNu0A=",
+        "narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=",
-        "owner": "jpds",
+        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "a33b02fa9d664f31dadc8a874eb1a5dbaa9f4ecf",
+        "rev": "b69de56fac8c2b6f8fd27f2eca01dcda8e0a4221",
        "type": "github"
      },
      "original": {
-        "owner": "jpds",
+        "owner": "NixOS",
-        "ref": "caddy-external-plugins",
+        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nur": {
      "inputs": {
        "flake-parts": "flake-parts",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1719001822,
+        "lastModified": 1756524478,
-        "narHash": "sha256-rbEP1CTzYvdSAKf1a729De9t8GMIrZ5GmD+PdYCnrgg=",
+        "narHash": "sha256-2oSBlcYCgwrVxUZwM8MV6hBFsfsWFbeN5ErQiCA+38s=",
        "owner": "nix-community",
        "repo": "nur",
-        "rev": "e7edcaeae9db01224266febe88eb7d3411055636",
+        "rev": "e82a8b0095f54edb6bbbb1d862f3da502dca1396",
        "type": "github"
      },
      "original": {
@@ -476,160 +357,74 @@
        "type": "github"
      }
    },
    "nvim-lint-src": {
      "flake": false,
      "locked": {
        "lastModified": 1717789608,
        "narHash": "sha256-LNYFxAM9lQNNOIOc+IgKgbSRp2U09B/9HivSCwMyUpQ=",
        "owner": "mfussenegger",
        "repo": "nvim-lint",
        "rev": "941fa1220a61797a51f3af9ec6b7d74c8c7367ce",
        "type": "github"
      },
      "original": {
        "owner": "mfussenegger",
        "repo": "nvim-lint",
        "type": "github"
      }
    },
    "nvim-lspconfig-src": {
      "flake": false,
      "locked": {
        "lastModified": 1716281382,
        "narHash": "sha256-foJ7a59N0a3QaBW24PtwbyYDQVlIsFxiatADLO/hQvc=",
        "owner": "neovim",
        "repo": "nvim-lspconfig",
        "rev": "0b8165cf95806bc4bb8f745bb0c92021b2ed4b98",
        "type": "github"
      },
      "original": {
        "owner": "neovim",
        "ref": "v0.1.8",
        "repo": "nvim-lspconfig",
        "type": "github"
      }
    },
    "nvim-tree-lua-src": {
      "flake": false,
      "locked": {
        "lastModified": 1717900986,
        "narHash": "sha256-7KO3wPW65IH4m0jEoyFScNiAVwrlNHU+p0H55AuwlWk=",
        "owner": "kyazdani42",
        "repo": "nvim-tree.lua",
        "rev": "2086e564c4d23fea714e8a6d63b881e551af2f41",
        "type": "github"
      },
      "original": {
        "owner": "kyazdani42",
        "repo": "nvim-tree.lua",
        "type": "github"
      }
    },
    "nvim-treesitter-src": {
      "flake": false,
      "locked": {
        "lastModified": 1718957498,
        "narHash": "sha256-GEuKEAZxLGMkyjdJGzrIKNR1X10RHlACC6s1lNOq7aw=",
        "owner": "nvim-treesitter",
        "repo": "nvim-treesitter",
        "rev": "b967bbc27b564001c3d3b8ea93444cf6d0b21d23",
        "type": "github"
      },
      "original": {
        "owner": "nvim-treesitter",
        "ref": "master",
        "repo": "nvim-treesitter",
        "type": "github"
      }
    },
    "ren": {
      "flake": false,
      "locked": {
        "lastModified": 1704996573,
        "narHash": "sha256-zVIt6Xp+Mvym6gySvHIZJt1QgzKVP/wbTGTubWk6kzI=",
        "owner": "robenkleene",
        "repo": "ren-find",
        "rev": "50c40172e354caffee48932266edd7c7a76a20fd",
        "type": "github"
      },
      "original": {
        "owner": "robenkleene",
        "repo": "ren-find",
        "type": "github"
      }
    },
    "rep": {
      "flake": false,
      "locked": {
        "lastModified": 1707216692,
        "narHash": "sha256-/dH+mNtNHaYFndVhoqmz4Sc3HeemoQt1HGD98mb9Qhw=",
        "owner": "robenkleene",
        "repo": "rep-grep",
        "rev": "10510d47e392cb9d30a861c69f702fd194b3fa88",
        "type": "github"
      },
      "original": {
        "owner": "robenkleene",
        "repo": "rep-grep",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "baleia-nvim-src": "baleia-nvim-src",
        "base16-nvim-src": "base16-nvim-src",
        "bufferline-nvim-src": "bufferline-nvim-src",
        "cmp-nvim-lsp-src": "cmp-nvim-lsp-src",
        "darwin": "darwin",
        "disko": "disko",
-        "fidget-nvim-src": "fidget-nvim-src",
+        "helix": "helix",
        "firefox-darwin": "firefox-darwin",
        "hmts-nvim-src": "hmts-nvim-src",
        "home-manager": "home-manager",
        "mac-app-util": "mac-app-util",
        "markview-nvim-src": "markview-nvim-src",
        "nextcloud-cookbook": "nextcloud-cookbook",
        "nextcloud-external": "nextcloud-external",
        "nextcloud-news": "nextcloud-news",
        "nextcloud-snappymail": "nextcloud-snappymail",
        "nix2vim": "nix2vim",
        "nixos-generators": "nixos-generators",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
-        "nixpkgs-caddy": "nixpkgs-caddy",
+        "nixpkgs-stable": "nixpkgs-stable",
        "nur": "nur",
        "nvim-lint-src": "nvim-lint-src",
        "nvim-lspconfig-src": "nvim-lspconfig-src",
        "nvim-tree-lua-src": "nvim-tree-lua-src",
        "nvim-treesitter-src": "nvim-treesitter-src",
        "ren": "ren",
        "rep": "rep",
        "telescope-nvim-src": "telescope-nvim-src",
        "telescope-project-nvim-src": "telescope-project-nvim-src",
        "toggleterm-nvim-src": "toggleterm-nvim-src",
        "tree-sitter-bash": "tree-sitter-bash",
        "tree-sitter-ini": "tree-sitter-ini",
        "tree-sitter-lua": "tree-sitter-lua",
        "tree-sitter-puppet": "tree-sitter-puppet",
        "tree-sitter-python": "tree-sitter-python",
        "tree-sitter-rasi": "tree-sitter-rasi",
        "tree-sitter-vimdoc": "tree-sitter-vimdoc",
        "wallpapers": "wallpapers",
        "wsl": "wsl",
        "zellij-switch": "zellij-switch",
        "zenyd-mpv-scripts": "zenyd-mpv-scripts"
      }
    },
    "rust-overlay": {
      "inputs": {
        "nixpkgs": [
          "helix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1740623427,
        "narHash": "sha256-3SdPQrZoa4odlScFDUHd4CUPQ/R1gtH4Mq9u8CBiK8M=",
        "owner": "oxalica",
        "repo": "rust-overlay",
        "rev": "d342e8b5fd88421ff982f383c853f0fc78a847ab",
        "type": "github"
      },
      "original": {
        "owner": "oxalica",
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "rust-overlay_2": {
      "inputs": {
        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1736476219,
        "narHash": "sha256-+qyv3QqdZCdZ3cSO/cbpEY6tntyYjfe1bB12mdpNFaY=",
        "owner": "oxalica",
        "repo": "rust-overlay",
        "rev": "de30cc5963da22e9742bbbbb9a3344570ed237b9",
        "type": "github"
      },
      "original": {
        "owner": "oxalica",
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
-        "lastModified": 1681028828,
+        "lastModified": 1689347925,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "narHash": "sha256-ozenz5bFe1UUqOn7f60HRmgc01BgTGIKZ4Xl+HbocGQ=",
        "owner": "nix-systems",
-        "repo": "default",
+        "repo": "default-darwin",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "rev": "2235d7e6cc29ae99878133c95e9fe5e157661ffb",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
-        "repo": "default",
+        "repo": "default-darwin",
        "type": "github"
      }
    },
@@ -663,201 +458,37 @@
        "type": "github"
      }
    },
-    "telescope-nvim-src": {
+    "treefmt-nix": {
-      "flake": false,
+      "inputs": {
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1716532947,
+        "lastModified": 1755934250,
-        "narHash": "sha256-e1ulhc4IIvUgpjKQrSqPY4WpXuez6wlxL6Min9U0o5Q=",
+        "narHash": "sha256-CsDojnMgYsfshQw3t4zjRUkmMmUdZGthl16bXVWgRYU=",
-        "owner": "nvim-telescope",
+        "owner": "numtide",
-        "repo": "telescope.nvim",
+        "repo": "treefmt-nix",
-        "rev": "a0bbec21143c7bc5f8bb02e0005fa0b982edc026",
+        "rev": "74e1a52d5bd9430312f8d1b8b0354c92c17453e5",
        "type": "github"
      },
      "original": {
-        "owner": "nvim-telescope",
+        "owner": "numtide",
-        "ref": "0.1.8",
+        "repo": "treefmt-nix",
        "repo": "telescope.nvim",
        "type": "github"
      }
    },
    "telescope-project-nvim-src": {
      "flake": false,
      "locked": {
        "lastModified": 1701464478,
        "narHash": "sha256-touMCltcnqkrQYV1NtNeWLQeFVGt+WM3aIWIdKilA7w=",
        "owner": "nvim-telescope",
        "repo": "telescope-project.nvim",
        "rev": "1aaf16580a614601a7f7077d9639aeb457dc5559",
        "type": "github"
      },
      "original": {
        "owner": "nvim-telescope",
        "repo": "telescope-project.nvim",
        "type": "github"
      }
    },
    "toggleterm-nvim-src": {
      "flake": false,
      "locked": {
        "lastModified": 1713792255,
        "narHash": "sha256-mM5bGgAemsRJD9U6U5K6ia5qb8NaTusM99x6xrtEBfw=",
        "owner": "akinsho",
        "repo": "toggleterm.nvim",
        "rev": "066cccf48a43553a80a210eb3be89a15d789d6e6",
        "type": "github"
      },
      "original": {
        "owner": "akinsho",
        "ref": "v2.11.0",
        "repo": "toggleterm.nvim",
        "type": "github"
      }
    },
    "tree-sitter-bash": {
      "flake": false,
      "locked": {
        "lastModified": 1715005250,
        "narHash": "sha256-rCuQbnQAOnQWKYreNH80nlL+0A1qbWbjMvtczcoWPrY=",
        "owner": "tree-sitter",
        "repo": "tree-sitter-bash",
        "rev": "2fbd860f802802ca76a6661ce025b3a3bca2d3ed",
        "type": "github"
      },
      "original": {
        "owner": "tree-sitter",
        "ref": "master",
        "repo": "tree-sitter-bash",
        "type": "github"
      }
    },
    "tree-sitter-ini": {
      "flake": false,
      "locked": {
        "lastModified": 1716889525,
        "narHash": "sha256-IyHrIxcmuzs60zUiJv4E3nSkhSkgbcaLDUdeDx5mlHk=",
        "owner": "justinmk",
        "repo": "tree-sitter-ini",
        "rev": "87176e524f0a98f5be75fa44f4f0ff5c6eac069c",
        "type": "github"
      },
      "original": {
        "owner": "justinmk",
        "repo": "tree-sitter-ini",
        "type": "github"
      }
    },
    "tree-sitter-lua": {
      "flake": false,
      "locked": {
        "lastModified": 1710150044,
        "narHash": "sha256-uFaEptW4wPrqgHfB1mYmVltf+4no61L2cPgpsr5qBIU=",
        "owner": "MunifTanjim",
        "repo": "tree-sitter-lua",
        "rev": "a24dab177e58c9c6832f96b9a73102a0cfbced4a",
        "type": "github"
      },
      "original": {
        "owner": "MunifTanjim",
        "ref": "main",
        "repo": "tree-sitter-lua",
        "type": "github"
      }
    },
    "tree-sitter-puppet": {
      "flake": false,
      "locked": {
        "lastModified": 1713617121,
        "narHash": "sha256-+zMgzyuGerJ8l+i5ZtWnmGr3i4fFiSLD5FssyKESsmI=",
        "owner": "amaanq",
        "repo": "tree-sitter-puppet",
        "rev": "584522f32495d648b18a53ccb52d988e60de127d",
        "type": "github"
      },
      "original": {
        "owner": "amaanq",
        "repo": "tree-sitter-puppet",
        "type": "github"
      }
    },
    "tree-sitter-python": {
      "flake": false,
      "locked": {
        "lastModified": 1714528221,
        "narHash": "sha256-hHQ5gK4dTRSdp0fLKarytU9vFhsBeQp7Ka61vFoIr7Y=",
        "owner": "tree-sitter",
        "repo": "tree-sitter-python",
        "rev": "71778c2a472ed00a64abf4219544edbf8e4b86d7",
        "type": "github"
      },
      "original": {
        "owner": "tree-sitter",
        "ref": "master",
        "repo": "tree-sitter-python",
        "type": "github"
      }
    },
    "tree-sitter-rasi": {
      "flake": false,
      "locked": {
        "lastModified": 1716296585,
        "narHash": "sha256-sPrIVgGGaBaXeqHNxjcdJ/S2FvxyV6rD9UPKU/tpspw=",
        "owner": "Fymyte",
        "repo": "tree-sitter-rasi",
        "rev": "6c9bbcfdf5f0f553d9ebc01750a3aa247a37b8aa",
        "type": "github"
      },
      "original": {
        "owner": "Fymyte",
        "repo": "tree-sitter-rasi",
        "type": "github"
      }
    },
    "tree-sitter-vimdoc": {
      "flake": false,
      "locked": {
        "lastModified": 1717834376,
        "narHash": "sha256-v+XSWGm2Wdn9/rxNFMqXYACkGn6AvxZdxkClLuKnWGU=",
        "owner": "neovim",
        "repo": "tree-sitter-vimdoc",
        "rev": "2249c44ecd3f5cf22da3dcccfb74f816ddb29245",
        "type": "github"
      },
      "original": {
        "owner": "neovim",
        "repo": "tree-sitter-vimdoc",
        "type": "github"
      }
    },
    "wallpapers": {
      "flake": false,
      "locked": {
        "lastModified": 1657544922,
        "narHash": "sha256-1c1uDz37MhksWC75myv6jao5q2mIzD8X8I+TykXXmWg=",
        "owner": "exorcist365",
        "repo": "wallpapers",
        "rev": "8d2860ac6c05cec0f78d5c9d07510f4ff5da90dc",
        "type": "gitlab"
      },
      "original": {
        "owner": "exorcist365",
        "repo": "wallpapers",
        "type": "gitlab"
      }
    },
    "wsl": {
      "inputs": {
        "flake-compat": "flake-compat_2",
        "flake-utils": "flake-utils_3",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1718710563,
+        "lastModified": 1755261305,
-        "narHash": "sha256-O4rrM0Bkh3IRe8D600iniQ52QTmlnuTSp2KyXV7C2jE=",
+        "narHash": "sha256-EOqCupB5X5WoGVHVcfOZcqy0SbKWNuY3kq+lj1wHdu8=",
        "owner": "nix-community",
        "repo": "NixOS-WSL",
-        "rev": "2fb93bea657ad99a7005ef601c67cb2820560a41",
+        "rev": "203a7b463f307c60026136dd1191d9001c43457f",
        "type": "github"
      },
      "original": {
@@ -866,6 +497,28 @@
        "type": "github"
      }
    },
    "zellij-switch": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ],
        "rust-overlay": "rust-overlay_2",
        "systems": "systems_3"
      },
      "locked": {
        "lastModified": 1742588229,
        "narHash": "sha256-IPg0pBw0ciF+xl6viq3nK+dvZoDZrfBDui7dkPLz258=",
        "owner": "mostafaqanbaryan",
        "repo": "zellij-switch",
        "rev": "0e3c303c19890ccb03589230ac5a7c4307e573e4",
        "type": "github"
      },
      "original": {
        "owner": "mostafaqanbaryan",
        "repo": "zellij-switch",
        "type": "github"
      }
    },
    "zenyd-mpv-scripts": {
      "flake": false,
      "locked": {
--- a/flake.nix
+++ b/flake.nix
@@ -1,5 +1,5 @@
 {
-  description = "My system";
+  description = "An opinionated flake containing the NixOS, nix-darwin, and home-manager configurations for multiple systems.";
  # Other flakes that we want to pull from
  inputs = {
@@ -7,8 +7,8 @@
    # Used for system packages
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
-    # Used for caddy plugins
+    # Used for specific stable packages
-    nixpkgs-caddy.url = "github:jpds/nixpkgs/caddy-external-plugins";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
    # Used for MacOS system config
    darwin = {
@@ -29,11 +29,8 @@
    };
    # Community packages; used for Firefox extensions
-    nur.url = "github:nix-community/nur";
+    nur = {
-
+      url = "github:nix-community/nur";
    # Use official Firefox binary for macOS
    firefox-darwin = {
      url = "github:bandithedoge/nixpkgs-firefox-darwin";
      inputs.nixpkgs.follows = "nixpkgs";
    };
@@ -49,12 +46,6 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Wallpapers
    wallpapers = {
      url = "gitlab:exorcist365/wallpapers";
      flake = false;
    };
    # Used to generate NixOS images for other platforms
    nixos-generators = {
      url = "github:nix-community/nixos-generators";
@@ -67,378 +58,232 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Neovim plugins
    base16-nvim-src = {
      url = "github:RRethy/base16-nvim";
      flake = false;
    };
    nvim-lspconfig-src = {
      # https://github.com/neovim/nvim-lspconfig/tags
      url = "github:neovim/nvim-lspconfig/v0.1.8";
      flake = false;
    };
    cmp-nvim-lsp-src = {
      url = "github:hrsh7th/cmp-nvim-lsp";
      flake = false;
    };
    baleia-nvim-src = {
      # https://github.com/m00qek/baleia.nvim/tags
      url = "github:m00qek/baleia.nvim";
      flake = false;
    };
    nvim-treesitter-src = {
      # https://github.com/nvim-treesitter/nvim-treesitter/tags
      url = "github:nvim-treesitter/nvim-treesitter/master";
      flake = false;
    };
    telescope-nvim-src = {
      # https://github.com/nvim-telescope/telescope.nvim/releases
      url = "github:nvim-telescope/telescope.nvim/0.1.8";
      flake = false;
    };
    telescope-project-nvim-src = {
      url = "github:nvim-telescope/telescope-project.nvim";
      flake = false;
    };
    toggleterm-nvim-src = {
      # https://github.com/akinsho/toggleterm.nvim/tags
      url = "github:akinsho/toggleterm.nvim/v2.11.0";
      flake = false;
    };
    bufferline-nvim-src = {
      # https://github.com/akinsho/bufferline.nvim/releases
      url = "github:akinsho/bufferline.nvim/v4.6.1";
      flake = false;
    };
    nvim-tree-lua-src = {
      url = "github:kyazdani42/nvim-tree.lua";
      flake = false;
    };
    hmts-nvim-src = {
      url = "github:calops/hmts.nvim";
      flake = false;
    };
    fidget-nvim-src = {
      # https://github.com/j-hui/fidget.nvim/tags
      url = "github:j-hui/fidget.nvim/v1.4.5";
      flake = false;
    };
    nvim-lint-src = {
      url = "github:mfussenegger/nvim-lint";
      flake = false;
    };
    markview-nvim-src = {
      url = "github:OXY2DEV/markview.nvim";
      flake = false;
    };
    # Tree-Sitter Grammars
    tree-sitter-bash = {
      url = "github:tree-sitter/tree-sitter-bash/master";
      flake = false;
    };
    tree-sitter-python = {
      url = "github:tree-sitter/tree-sitter-python/master";
      flake = false;
    };
    tree-sitter-lua = {
      url = "github:MunifTanjim/tree-sitter-lua/main";
      flake = false;
    };
    tree-sitter-ini = {
      url = "github:justinmk/tree-sitter-ini";
      flake = false;
    };
    tree-sitter-puppet = {
      url = "github:amaanq/tree-sitter-puppet";
      flake = false;
    };
    tree-sitter-rasi = {
      url = "github:Fymyte/tree-sitter-rasi";
      flake = false;
    };
    tree-sitter-vimdoc = {
      url = "github:neovim/tree-sitter-vimdoc";
      flake = false;
    };
    # MPV Scripts
    zenyd-mpv-scripts = {
      url = "github:zenyd/mpv-scripts";
      flake = false;
    };
-    # Ren and rep - CLI find and replace
+    # Zellij Switcher
-    rep = {
+    zellij-switch = {
-      url = "github:robenkleene/rep-grep";
+      url = "github:mostafaqanbaryan/zellij-switch";
-      flake = false;
+      inputs.nixpkgs.follows = "nixpkgs";
    };
    ren = {
      url = "github:robenkleene/ren-find";
      flake = false;
    };
-    # Nextcloud Apps
+    # Text editor
-    nextcloud-news = {
+    helix = {
-      # https://github.com/nextcloud/news/releases
+      url = "github:helix-editor/helix";
-      url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha7/news.tar.gz";
+      inputs.nixpkgs.follows = "nixpkgs";
      flake = false;
    };
    nextcloud-external = {
      # https://github.com/nextcloud-releases/external/releases
      url = "https://github.com/nextcloud-releases/external/releases/download/v5.4.0/external-v5.4.0.tar.gz";
      flake = false;
    };
    nextcloud-cookbook = {
      # https://github.com/christianlupus-nextcloud/cookbook-releases/releases/
      url = "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.1/cookbook-0.11.1.tar.gz";
      flake = false;
    };
    nextcloud-snappymail = {
      # https://github.com/the-djmaze/snappymail/releases
      # https://snappymail.eu/repository/nextcloud
      url = "https://snappymail.eu/repository/nextcloud/snappymail-2.36.3-nextcloud.tar.gz";
      flake = false;
    };
    # # Nextcloud Apps
    # nextcloud-news = {
    #   # https://github.com/nextcloud/news/releases
    #   url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha12/news.tar.gz";
    #   flake = false;
    # };
    # nextcloud-external = {
    #   # https://github.com/nextcloud-releases/external/releases
    #   url = "https://github.com/nextcloud-releases/external/releases/download/v5.5.2/external-v5.5.2.tar.gz";
    #   flake = false;
    # };
    # nextcloud-cookbook = {
    #   # https://github.com/christianlupus-nextcloud/cookbook-releases/releases/
    #   url = "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.2/cookbook-0.11.2.tar.gz";
    #   flake = false;
    # };
    # nextcloud-snappymail = {
    #   # https://github.com/the-djmaze/snappymail/releases
    #   # https://snappymail.eu/repository/nextcloud
    #   url = "https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz";
    #   # url = "https://github.com/nmasur/snappymail-nextcloud/releases/download/v2.36.3/snappymail-2.36.3-nextcloud.tar.gz";
    #   flake = false;
    # };
  };
  outputs =
    { nixpkgs, ... }@inputs:
    let
-
+      hostnames =
      # Global configuration for my systems
      globals =
        let
          baseName = "masu.rs";
        in
-        rec {
+        {
-          user = "noah";
+          audiobooks = "read.${baseName}";
-          fullName = "Noah Masur";
+          bookmarks = "keep.${baseName}";
-          gitName = fullName;
+          books = "books.${baseName}";
-          gitEmail = "7386960+nmasur@users.noreply.github.com";
+          budget = "money.${baseName}";
-          mail.server = "noahmasur.com";
+          contacts = "contacts.${baseName}";
-          mail.imapHost = "imap.purelymail.com";
+          content = "cloud.${baseName}";
-          mail.smtpHost = "smtp.purelymail.com";
+          download = "download.${baseName}";
-          dotfilesRepo = "https://github.com/nmasur/dotfiles";
+          files = "files.${baseName}";
-          hostnames = {
+          git = "git.${baseName}";
-            git = "git.${baseName}";
+          imap = "imap.purelymail.com";
-            influxdb = "influxdb.${baseName}";
+          influxdb = "influxdb.${baseName}";
-            irc = "irc.${baseName}";
+          irc = "irc.${baseName}";
-            metrics = "metrics.${baseName}";
+          mail = "noahmasur.com";
-            minecraft = "minecraft.${baseName}";
+          mathesar = "mathesar.${baseName}";
-            n8n = "n8n2.${baseName}";
+          metrics = "metrics.${baseName}";
-            prometheus = "prom.${baseName}";
+          minecraft = "minecraft.${baseName}";
-            paperless = "paper.${baseName}";
+          n8n = "n8n.${baseName}";
-            secrets = "vault.${baseName}";
+          navidrome = "music.${baseName}";
-            stream = "stream.${baseName}";
+          notifications = "ntfy.${baseName}";
-            content = "cloud.${baseName}";
+          paperless = "paper.${baseName}";
-            books = "books.${baseName}";
+          photos = "photos.${baseName}";
-            download = "download.${baseName}";
+          postgresql = "pg.${baseName}";
-            transmission = "transmission.${baseName}";
+          prometheus = "prom.${baseName}";
-          };
+          secrets = "vault.${baseName}";
          smtp = "smtp.purelymail.com";
          status = "status.${baseName}";
          stream = "stream.${baseName}";
          transmission = "transmission.${baseName}";
        };
      # Common overlays to always use
      overlays = [
        inputs.nur.overlay
        inputs.nix2vim.overlay
        (import ./overlays/neovim-plugins.nix inputs)
        (import ./overlays/calibre-web.nix)
        (import ./overlays/disko.nix inputs)
        (import ./overlays/tree-sitter.nix inputs)
        (import ./overlays/mpv-scripts.nix inputs)
        (import ./overlays/nextcloud-apps.nix inputs)
        (import ./overlays/betterlockscreen.nix)
        (import ./overlays/gh-collaborators.nix)
        (import ./overlays/ren-rep.nix inputs)
      ];
      # System types to support.
      supportedSystems = [
        "x86_64-linux"
        "x86_64-darwin"
        "aarch64-linux"
        "aarch64-darwin"
      ];
      # Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'.
      forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
    in
    rec {
-      # Contains my full system builds, including home-manager
+      lib = import ./lib inputs;
-      # nixos-rebuild switch --flake .#tempest
+      flattenAttrset = attrs: builtins.foldl' lib.mergeAttrs { } (builtins.attrValues attrs);
      nixosConfigurations = {
        arrow = import ./hosts/arrow { inherit inputs globals overlays; };
        tempest = import ./hosts/tempest { inherit inputs globals overlays; };
        hydra = import ./hosts/hydra { inherit inputs globals overlays; };
        flame = import ./hosts/flame { inherit inputs globals overlays; };
        swan = import ./hosts/swan { inherit inputs globals overlays; };
      };
-      # Contains my full Mac system builds, including home-manager
+      nixosConfigurations = flattenAttrset (
-      # darwin-rebuild switch --flake .#lookingglass
+        builtins.mapAttrs (
-      darwinConfigurations = {
+          system: hosts:
-        lookingglass = import ./hosts/lookingglass { inherit inputs globals overlays; };
+          builtins.mapAttrs (
-      };
+            name: module:
            lib.buildNixos {
              inherit system module;
              specialArgs = { inherit hostnames; };
            }
          ) hosts
        ) lib.linuxHosts
      );
-      # For quickly applying home-manager settings with:
+      darwinConfigurations = flattenAttrset (
-      # home-manager switch --flake .#tempest
+        builtins.mapAttrs (
-      homeConfigurations = {
+          system: hosts:
-        tempest = nixosConfigurations.tempest.config.home-manager.users.${globals.user}.home;
+          builtins.mapAttrs (
-        lookingglass = darwinConfigurations.lookingglass.config.home-manager.users."Noah.Masur".home;
+            name: module:
-      };
+            lib.buildDarwin {
              inherit system module;
              specialArgs = { inherit hostnames; };
            }
          ) hosts
        ) lib.darwinHosts
      );
      homeModules = builtins.mapAttrs (
        system: hosts:
        builtins.mapAttrs (
          name: module: (builtins.head (lib.attrsToList module.home-manager.users)).value
        ) hosts
      ) lib.hosts;
      homeConfigurations = flattenAttrset (
        builtins.mapAttrs (
          system: hosts:
          builtins.mapAttrs (
            name: module:
            lib.buildHome {
              inherit system module;
              specialArgs = { inherit hostnames; };
            }
          ) hosts
        ) homeModules
      );
      # Disk formatting, only used once
      diskoConfigurations = {
-        root = import ./disks/root.nix;
+        root = import ./hosts/x86_64-linux/swan/root.nix;
      };
-      packages =
+      generators = builtins.mapAttrs (
-        let
+        # x86_64-linux = { arrow = ...; swan = ...; }
-          staff =
+        system: hosts:
-            system:
+        (lib.concatMapAttrs (name: module: {
-            import ./hosts/staff {
+          "${name}-aws" = lib.generateImage {
-              inherit
+            inherit system module;
                inputs
                globals
                overlays
                system
                ;
            };
          neovim =
            system:
            let
              pkgs = import nixpkgs { inherit system overlays; };
            in
            import ./modules/common/neovim/package {
              inherit pkgs;
              colors = (import ./colorscheme/gruvbox-dark).dark;
            };
        in
        {
          x86_64-linux.staff = staff "x86_64-linux";
          x86_64-linux.arrow = inputs.nixos-generators.nixosGenerate rec {
            system = "x86_64-linux";
            format = "iso";
            specialArgs = {
              pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
            };
            modules = import ./hosts/arrow/modules.nix { inherit inputs globals overlays; };
          };
          x86_64-linux.arrow-aws = inputs.nixos-generators.nixosGenerate rec {
            system = "x86_64-linux";
            format = "amazon";
-            specialArgs = {
+            specialArgs = { inherit hostnames; };
              pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
            };
            modules = import ./hosts/arrow/modules.nix { inherit inputs globals overlays; } ++ [
              (
                { ... }:
                {
                  boot.kernelPackages = inputs.nixpkgs.legacyPackages.x86_64-linux.linuxKernel.packages.linux_6_6;
                  amazonImage.sizeMB = 16 * 1024;
                  permitRootLogin = "prohibit-password";
                  boot.loader.systemd-boot.enable = inputs.nixpkgs.lib.mkForce false;
                  boot.loader.efi.canTouchEfiVariables = inputs.nixpkgs.lib.mkForce false;
                  services.amazon-ssm-agent.enable = true;
                  users.users.ssm-user.extraGroups = [ "wheel" ];
                }
              )
            ];
          };
          "${name}-iso" = lib.generateImage {
            inherit system module;
            format = "iso";
            specialArgs = { inherit hostnames; };
          };
          "${name}-qcow" = lib.generateImage {
            inherit system module;
            format = "qcow-efi";
            specialArgs = { inherit hostnames; };
            # extraModules = [ "${nixpkgs}/nixos/modules/virtualisation/oci-image.nix" ];
          };
        }) hosts)
      ) lib.linuxHosts # x86_64-linux = { arrow = ...; swan = ...; }
      ;
-          # Package Neovim config into standalone package
+      # packages =
-          x86_64-linux.neovim = neovim "x86_64-linux";
+      #   lib.forSystems lib.linuxSystems (
-          x86_64-darwin.neovim = neovim "x86_64-darwin";
+      #     system: generateImagesForHosts system // lib.pkgsBySystem.${system}.nmasur
-          aarch64-linux.neovim = neovim "aarch64-linux";
+      #   )
-          aarch64-darwin.neovim = neovim "aarch64-darwin";
+      #   // lib.forSystems lib.darwinSystems (system: lib.pkgsBySystem.${system}.nmasur);
        };
-      # Programs that can be run by calling this flake
+      packages = lib.forAllSystems (
      apps = forAllSystems (
        system:
-        let
+        # Share the custom packages that I have placed under the nmasur namespace
-          pkgs = import nixpkgs { inherit system overlays; };
+        lib.pkgsBySystem.${system}.nmasur
-        in
+        //
-        import ./apps { inherit pkgs; }
+          # Share generated images for each relevant host
          (if (lib.hasInfix "linux" system) then generators.${system} else { })
        # //
        #   # Oracle
        #   {
        #     flame-oci = nixosConfigurations.flame.config.system.build.OCIImage;
        #   }
      );
      # Development environments
-      devShells = forAllSystems (
+      devShells = lib.forAllSystems (system: {
        default = lib.pkgsBySystem.${system}.nmasur.dotfiles-devshell;
      });
      # checks = lib.forAllSystems (
      #   system:
      #   let
      #     pkgs = import nixpkgs {
      #       inherit system;
      #       overlays = lib.overlays;
      #     };
      #   in
      #   {
      #     neovim =
      #       pkgs.runCommand "neovim-check-health" { buildInputs = [ inputs.self.packages.${system}.neovim ]; }
      #         ''
      #           mkdir -p $out
      #           export HOME=$TMPDIR
      #           nvim -c "checkhealth" -c "write $out/health.log" -c "quitall"
      #           # Check for errors inside the health log
      #           if $(grep "ERROR" $out/health.log); then
      #             cat $out/health.log
      #             exit 1
      #           fi
      #         '';
      #   }
      # );
      formatter = lib.forAllSystems (
        system:
        let
-          pkgs = import nixpkgs { inherit system overlays; };
+          pkgs = import nixpkgs {
-        in
+            inherit system;
-        {
+            inherit (lib) overlays;
          # Used to run commands and edit files in this repo
          default = pkgs.mkShell {
            buildInputs = with pkgs; [
              git
              stylua
              nixfmt-rfc-style
              shfmt
              shellcheck
            ];
          };
        }
      );
      checks = forAllSystems (
        system:
        let
          pkgs = import nixpkgs { inherit system overlays; };
        in
        {
          neovim =
            pkgs.runCommand "neovim-check-health" { buildInputs = [ inputs.self.packages.${system}.neovim ]; }
              ''
                mkdir -p $out
                export HOME=$TMPDIR
                nvim -c "checkhealth" -c "write $out/health.log" -c "quitall"
                # Check for errors inside the health log
                if $(grep "ERROR" $out/health.log); then
                  cat $out/health.log
                  exit 1
                fi
              '';
        }
      );
      formatter = forAllSystems (
        system:
        let
          pkgs = import nixpkgs { inherit system overlays; };
        in
        pkgs.nixfmt-rfc-style
      );
      # Templates for starting other projects quickly
-      templates = rec {
+      templates = (import ./templates { inherit lib; });
        default = basic;
        basic = {
          path = ./templates/basic;
          description = "Basic program template";
        };
        poetry = {
          path = ./templates/poetry;
          description = "Poetry template";
        };
        python = {
          path = ./templates/python;
          description = "Legacy Python template";
        };
        haskell = {
          path = ./templates/haskell;
          description = "Haskell template";
        };
        rust = {
          path = ./templates/rust;
          description = "Rust template";
        };
      };
    };
 }
--- a/hosts/README.md
+++ b/hosts/README.md
@@ -1,26 +0,0 @@
 # Hosts
 These are the individual machines managed by this flake.
 | Host                                       | Purpose             |
 | ---                                        | ---                 |
 | [aws](./aws/default.nix)                   | AWS AMI             |
 | [staff](./staff/default.nix)               | Live USB stick      |
 | [flame](./flame/default.nix)               | Oracle cloud server |
 | [hydra](./hydra/default.nix)               | WSL config          |
 | [lookingglass](./lookingglass/default.nix) | Work MacBook        |
 | [swan](./swan/default.nix)                 | Home server         |
 | [tempest](./tempest/default.nix)           | Linux desktop       |
 ## NixOS Workflow
 Each hosts file is imported into [nixosConfigurations](../flake.nix) and passed
 the arguments from the flake (inputs, globals, overlays). The `nixosSystem`
 function in that hosts file will be called by the NixOS module system during a
 nixos-rebuild.
 Each module in the each host's `modules` list is either a function or an
 attrset. The attrsets will simply apply values to options that have been
 declared in the config by other modules. Meanwhile, the functions will be
 passed various arguments, several of which you will see listed at the top of
 each of their files.
--- a/hosts/aarch64-darwin/lookingglass/default.nix
+++ b/hosts/aarch64-darwin/lookingglass/default.nix
@@ -0,0 +1,41 @@
 # The Looking Glass
 # System configuration for my work Macbook
 rec {
  networking.hostName = "NYCM-NMASUR2";
  networking.computerName = "NYCM-NMASUR2";
  nmasur.settings = {
    username = "Noah.Masur";
    fullName = "Noah Masur";
  };
  nmasur.profiles = {
    base.enable = true;
    work.enable = true;
    extra.enable = true;
    gaming.enable = true;
  };
  home-manager.users."Noah.Masur" = {
    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
      host = "lookingglass";
    };
    nmasur.profiles = {
      common.enable = true;
      darwin-base.enable = true;
      power-user.enable = true;
      work.enable = true;
      experimental.enable = true;
    };
    nmasur.presets.programs.git-work.work = {
      name = "Noah-Masur_1701";
      email = "${nmasur.settings.username}@take2games.com";
    };
    home.stateVersion = "23.05";
  };
  system.stateVersion = 5;
 }
--- a/hosts/aarch64-linux/flame/cloudflared-flame.age
+++ b/hosts/aarch64-linux/flame/cloudflared-flame.age
--- a/hosts/aarch64-linux/flame/default.nix
+++ b/hosts/aarch64-linux/flame/default.nix
@@ -0,0 +1,168 @@
 # The Flame
 # System configuration for an Oracle free server
 # How to install:
 # https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
 # These days, probably use nixos-anywhere instead.
 rec {
  networking.hostName = "flame";
  nmasur.settings = {
    username = "noah";
    fullName = "Noah Masur";
  };
  nmasur.profiles = {
    base.enable = true;
    server.enable = true;
    communications.enable = true;
  };
  home-manager.users."noah" = {
    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
      host = networking.hostName;
    };
    nmasur.profiles = {
      common.enable = true;
      linux-base.enable = true;
      power-user.enable = true;
    };
    nmasur.presets.programs.helix.enable = true;
    home.stateVersion = "25.05";
  };
  system.stateVersion = "25.05";
  # File systems must be declared in order to boot
  # # This is the root filesystem containing NixOS
  # # I forgot to set a clean label for it
  # fileSystems."/" = {
  #   device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
  #   fsType = "ext4";
  # };
  # # This is the boot filesystem for systemd-boot
  # fileSystems."/boot" = {
  #   device = "/dev/disk/by-uuid/D5CA-237A";
  #   fsType = "vfat";
  # };
  # Allows private remote access over the internet
  nmasur.presets.services.cloudflared = {
    tunnel = {
      id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
      credentialsFile = ./cloudflared-flame.age;
      ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
    };
  };
  # Taken from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-common.nix
  # fileSystems."/" = {
  #   device = "/dev/disk/by-label/nixos";
  #   fsType = "ext4";
  #   autoResize = true;
  # };
  # fileSystems."/boot" = {
  #   device = "/dev/disk/by-label/ESP";
  #   fsType = "vfat";
  # };
  boot.loader.efi.canTouchEfiVariables = false;
  boot.loader.grub = {
    device = "nodev";
    splashImage = null;
    extraConfig = ''
      serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
      terminal_input --append serial
      terminal_output --append serial
    '';
    efiInstallAsRemovable = true;
    efiSupport = true;
  };
  boot.loader.systemd-boot.enable = false;
  # https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/configuringntpservice.htm#Configuring_the_Oracle_Cloud_Infrastructure_NTP_Service_for_an_Instance
  networking.timeServers = [ "169.254.169.254" ];
  boot.growPartition = true;
  boot.kernelParams = [
    "net.ifnames=0"
    "nvme.shutdown_timeout=10"
    "nvme_core.shutdown_timeout=10"
    "libiscsi.debug_libiscsi_eh=1"
    "crash_kexec_post_notifiers"
    # aarch64-linux
    "console=ttyAMA0,115200n8"
    # VNC console
    "console=tty1"
  ];
  boot.initrd.availableKernelModules = [
    "virtio_net"
    "virtio_pci"
    "virtio_mmio"
    "virtio_blk"
    "virtio_scsi"
    "9p"
    "9pnet_virtio"
  ];
  boot.initrd.kernelModules = [
    "virtio_balloon"
    "virtio_console"
    "virtio_rng"
    "virtio_gpu"
  ];
  networking.useDHCP = true;
  # networking = {
  #   defaultGateway = "10.0.0.1";
  #   interfaces.eth0 = {
  #     ipAddress = throw "set your own";
  #     prefixLength = 24;
  #   };
  # };
  disko.devices = {
    disk = {
      main = {
        type = "disk";
        # device = "/dev/oracleoci/oraclevda"; # Consistent volume naming
        device = "/dev/sda"; # Consistent volume naming
        content = {
          type = "gpt";
          partitions = {
            boot = {
              size = "512M";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
              };
            };
            root = {
              size = "100%";
              content = {
                type = "filesystem";
                format = "ext4";
                mountpoint = "/";
              };
            };
          };
        };
      };
    };
  };
  # # Otherwise the instance may not have a working network-online.target,
  # # making the fetch-ssh-keys.service fail
  # networking.useNetworkd = true;
 }
--- a/hosts/arrow/default.nix
+++ b/hosts/arrow/default.nix
@@ -1,41 +0,0 @@
 # The Arrow
 # System configuration for temporary VM
 {
  inputs,
  globals,
  overlays,
  ...
 }:
 inputs.nixpkgs.lib.nixosSystem rec {
  system = "x86_64-linux";
  specialArgs = {
    pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
  };
  modules = import ./modules.nix { inherit inputs globals overlays; } ++ [
    {
      # This is the root filesystem containing NixOS
      fileSystems."/" = {
        device = "/dev/disk/by-label/nixos";
        fsType = "ext4";
      };
      # This is the boot filesystem for Grub
      fileSystems."/boot" = {
        device = "/dev/disk/by-label/boot";
        fsType = "vfat";
      };
      virtualisation.vmVariant = {
        virtualisation.forwardPorts = [
          {
            from = "host";
            host.port = 2222;
            guest.port = 22;
          }
        ];
      };
    }
  ];
 }
--- a/hosts/arrow/modules.nix
+++ b/hosts/arrow/modules.nix
@@ -1,32 +0,0 @@
 {
  inputs,
  globals,
  overlays,
 }:
 [
  globals
  inputs.home-manager.nixosModules.home-manager
  {
    nixpkgs.overlays = overlays;
    networking.hostName = "arrow";
    physical = false;
    server = true;
    gui.enable = false;
    theme.colors = (import ../../colorscheme/gruvbox).dark;
    publicKeys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpPU2G9rSF8Q6waH62IJexDCQ6lY+8ZyVufGE3xMDGw deploy"
    ];
    identityFile = "/home/${globals.user}/.ssh/id_ed25519";
    cloudflare.enable = true;
    services.openssh.enable = true;
    services.caddy.enable = true;
    services.n8n.enable = true;
    # nix-index seems to eat up too much memory for Vultr
    home-manager.users.${globals.user}.programs.nix-index.enable = inputs.nixpkgs.lib.mkForce false;
  }
  ../../modules/common
  ../../modules/nixos
 ]
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -0,0 +1,47 @@
 # Return a list of all hosts
 nixpkgs:
 let
  inherit (nixpkgs) lib;
 in
 {
  # darwin-hosts = import ./darwin;
  aarch64-darwin-hosts = lib.pipe (lib.filesystem.listFilesRecursive ./aarch64-darwin) [
    # Get only files ending in default.nix
    (builtins.filter (name: lib.hasSuffix "default.nix" name))
    # Import each host function
    (map (file: {
      name = builtins.baseNameOf (builtins.dirOf file);
      value = import file;
    }))
    # Convert to an attrset of hostname -> host function
    (builtins.listToAttrs)
  ];
  aarch64-linux-hosts = lib.pipe (lib.filesystem.listFilesRecursive ./aarch64-linux) [
    # Get only files ending in default.nix
    (builtins.filter (name: lib.hasSuffix "default.nix" name))
    # Remove the first file
    (builtins.filter (name: name != ./aarch64-linux/default.nix))
    # Import each host function
    (map (file: {
      name = builtins.baseNameOf (builtins.dirOf file);
      value = import file;
    }))
    # Convert to an attrset of hostname -> host function
    (builtins.listToAttrs)
  ];
  x86_64-linux-hosts = lib.pipe (lib.filesystem.listFilesRecursive ./x86_64-linux) [
    # Get only files ending in default.nix
    (builtins.filter (name: lib.hasSuffix "default.nix" name))
    # Import each host function
    (map (file: {
      # name = lib.removeSuffix ".nix" (builtins.baseNameOf file);
      name = builtins.baseNameOf (builtins.dirOf file);
      value = import file;
    }))
    # Convert to an attrset of hostname -> host function
    (builtins.listToAttrs)
  ];
 }
--- a/hosts/flame/default.nix
+++ b/hosts/flame/default.nix
@@ -1,134 +0,0 @@
 # The Flame
 # System configuration for an Oracle free server
 # See [readme](../README.md) to explain how this file works.
 # How to install:
 # https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
 # These days, probably use nixos-anywhere instead.
 {
  inputs,
  globals,
  overlays,
  ...
 }:
 inputs.nixpkgs.lib.nixosSystem rec {
  system = "aarch64-linux";
  specialArgs = {
    pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
  };
  modules = [
    globals
    inputs.home-manager.nixosModules.home-manager
    ../../modules/common
    ../../modules/nixos
    {
      nixpkgs.overlays = overlays;
      # Hardware
      server = true;
      networking.hostName = "flame";
      # Not sure what's necessary but too afraid to remove anything
      imports = [ (inputs.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ];
      boot.initrd.availableKernelModules = [
        "xhci_pci"
        "virtio_pci"
        "usbhid"
      ];
      # File systems must be declared in order to boot
      # This is the root filesystem containing NixOS
      # I forgot to set a clean label for it
      fileSystems."/" = {
        device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
        fsType = "ext4";
      };
      # This is the boot filesystem for systemd-boot
      fileSystems."/boot" = {
        device = "/dev/disk/by-uuid/D5CA-237A";
        fsType = "vfat";
      };
      # Theming
      # Server doesn't require GUI
      gui.enable = false;
      # Still require colors for programs like Neovim, K9S
      theme = {
        colors = (import ../../colorscheme/gruvbox).dark;
      };
      # Programs and services
      atuin.enable = true;
      cloudflare.enable = true; # Proxy traffic with Cloudflare
      dotfiles.enable = true; # Clone dotfiles
      neovim.enable = true;
      giteaRunner.enable = true;
      services.caddy.enable = true;
      services.grafana.enable = true;
      services.thelounge.enable = true;
      services.openssh.enable = true;
      services.victoriametrics.enable = true;
      services.influxdb2.enable = true;
      services.gitea.enable = true;
      services.vaultwarden.enable = true;
      services.minecraft-server.enable = true; # Setup Minecraft server
      system.autoUpgrade.enable = true;
      # Allows private remote access over the internet
      cloudflareTunnel = {
        enable = true;
        id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
        credentialsFile = ../../private/cloudflared-flame.age;
        ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
      };
      # Nextcloud backup config
      backup.s3 = {
        endpoint = "s3.us-west-002.backblazeb2.com";
        bucket = "noahmasur-backup";
        accessKeyId = "0026b0e73b2e2c80000000005";
      };
      # Disable passwords, only use SSH key
      publicKeys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
      ];
      # # Wireguard config for Transmission
      # wireguard.enable = true;
      # networking.wireguard.interfaces.wg0 = {
      #
      #   # The local IPs for this machine within the Wireguard network
      #   # Any inbound traffic bound for these IPs should be kept on localhost
      #   ips = [ "10.66.13.200/32" "fc00:bbbb:bbbb:bb01::3:dc7/128" ];
      #
      #   peers = [{
      #
      #     # Identity of Wireguard target peer (VPN)
      #     publicKey = "bOOP5lIjqCdDx5t+mP/kEcSbHS4cZqE0rMlBI178lyY=";
      #
      #     # The public internet address of the target peer
      #     endpoint = "86.106.143.132:51820";
      #
      #     # Which outgoing IP ranges should be sent through Wireguard
      #     allowedIPs = [ "0.0.0.0/0" "::0/0" ];
      #
      #     # Send heartbeat signal within the network
      #     persistentKeepalive = 25;
      #
      #   }];
      #
      # };
      # # VPN port forwarding
      # services.transmission.settings.peer-port = 57599;
    }
  ];
 }
--- a/hosts/hydra/default.nix
+++ b/hosts/hydra/default.nix
@@ -1,51 +0,0 @@
 # The Hydra
 # System configuration for WSL
 # See [readme](../README.md) to explain how this file works.
 {
  inputs,
  globals,
  overlays,
  ...
 }:
 inputs.nixpkgs.lib.nixosSystem {
  system = "x86_64-linux";
  specialArgs = { };
  modules = [
    ../../modules/common
    ../../modules/nixos
    ../../modules/wsl
    globals
    inputs.wsl.nixosModules.wsl
    inputs.home-manager.nixosModules.home-manager
    {
      networking.hostName = "hydra";
      nixpkgs.overlays = overlays;
      identityFile = "/home/${globals.user}/.ssh/id_ed25519";
      gui.enable = false;
      theme = {
        colors = (import ../../colorscheme/gruvbox).dark;
        dark = true;
      };
      passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512;
      wsl = {
        enable = true;
        wslConf.automount.root = "/mnt";
        defaultUser = globals.user;
        startMenuLaunchers = true;
        nativeSystemd = true;
        wslConf.network.generateResolvConf = true; # Turn off if it breaks VPN
        interop.includePath = false; # Including Windows PATH will slow down Neovim command mode
      };
      neovim.enable = true;
      mail.enable = true;
      mail.aerc.enable = true;
      mail.himalaya.enable = true;
      dotfiles.enable = true;
      lua.enable = true;
    }
  ];
 }
--- a/hosts/lookingglass/default.nix
+++ b/hosts/lookingglass/default.nix
@@ -1,58 +0,0 @@
 # The Looking Glass
 # System configuration for my work Macbook
 {
  inputs,
  globals,
  overlays,
  ...
 }:
 inputs.darwin.lib.darwinSystem {
  system = "aarch64-darwin";
  specialArgs = { };
  modules = [
    ../../modules/common
    ../../modules/darwin
    (
      globals
      // rec {
        user = "Noah.Masur";
        gitName = "Noah-Masur_1701";
        gitEmail = "${user}@take2games.com";
      }
    )
    inputs.home-manager.darwinModules.home-manager
    inputs.mac-app-util.darwinModules.default
    {
      nixpkgs.overlays = [ inputs.firefox-darwin.overlay ] ++ overlays;
      networking.hostName = "lookingglass";
      identityFile = "/Users/Noah.Masur/.ssh/id_ed25519";
      gui.enable = true;
      theme = {
        colors = (import ../../colorscheme/gruvbox-dark).dark;
        dark = true;
      };
      mail.user = globals.user;
      atuin.enable = true;
      charm.enable = true;
      neovim.enable = true;
      mail.enable = true;
      mail.aerc.enable = true;
      mail.himalaya.enable = false;
      kitty.enable = true;
      discord.enable = true;
      firefox.enable = true;
      dotfiles.enable = true;
      terraform.enable = true;
      python.enable = true;
      rust.enable = true;
      lua.enable = true;
      obsidian.enable = true;
      kubernetes.enable = true;
      _1password.enable = true;
      slack.enable = true;
      wezterm.enable = true;
    }
  ];
 }
--- a/hosts/staff/default.nix
+++ b/hosts/staff/default.nix
@@ -1,53 +0,0 @@
 # The Staff
 # ISO configuration for my USB drive
 {
  inputs,
  system,
  overlays,
  ...
 }:
 inputs.nixos-generators.nixosGenerate {
  inherit system;
  format = "install-iso";
  modules = [
    {
      nixpkgs.overlays = overlays;
      networking.hostName = "staff";
      users.extraUsers.root.openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"
      ];
      services.openssh = {
        enable = true;
        ports = [ 22 ];
        allowSFTP = true;
        settings = {
          GatewayPorts = "no";
          X11Forwarding = false;
          PasswordAuthentication = false;
          PermitRootLogin = "yes";
        };
      };
      environment.systemPackages =
        let
          pkgs = import inputs.nixpkgs { inherit system overlays; };
        in
        with pkgs;
        [
          git
          vim
          wget
          curl
          (import ../../modules/common/neovim/package {
            inherit pkgs;
            colors = (import ../../colorscheme/gruvbox).dark;
          })
        ];
      nix.extraOptions = ''
        experimental-features = nix-command flakes
        warn-dirty = false
      '';
    }
  ];
 }
--- a/hosts/swan/default.nix
+++ b/hosts/swan/default.nix
@@ -1,133 +0,0 @@
 # The Swan
 # System configuration for my home NAS server
 {
  inputs,
  globals,
  overlays,
  ...
 }:
 inputs.nixpkgs.lib.nixosSystem rec {
  system = "x86_64-linux";
  specialArgs = {
    pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
  };
  modules = [
    globals
    inputs.home-manager.nixosModules.home-manager
    inputs.disko.nixosModules.disko
    ../../modules/common
    ../../modules/nixos
    {
      nixpkgs.overlays = overlays;
      # Hardware
      server = true;
      physical = true;
      networking.hostName = "swan";
      # Not sure what's necessary but too afraid to remove anything
      boot.initrd.availableKernelModules = [
        "xhci_pci"
        "ahci"
        "nvme"
        "usb_storage"
        "sd_mod"
      ];
      # Required for transcoding
      boot.initrd.kernelModules = [ "amdgpu" ];
      boot.kernelParams = [
        "radeon.si_support=0"
        "amdgpu.si_support=1"
        "radeon.cik_support=0"
        "amdgpu.cik_support=1"
        "amdgpu.dc=1"
      ];
      # Required binary blobs to boot on this machine
      hardware.enableRedistributableFirmware = true;
      # Prioritize efficiency over performance
      powerManagement.cpuFreqGovernor = "powersave";
      # Allow firmware updates
      hardware.cpu.intel.updateMicrocode = true;
      # ZFS
      zfs.enable = true;
      # Generated with: head -c 8 /etc/machine-id
      networking.hostId = "600279f4"; # Random ID required for ZFS
      # Sets root ext4 filesystem instead of declaring it manually
      disko = {
        enableConfig = true;
        devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
      };
      boot.zfs = {
        # Automatically load the ZFS pool on boot
        extraPools = [ "tank" ];
        # Only try to decrypt datasets with keyfiles
        requestEncryptionCredentials = [
          "tank/archive"
          "tank/generic"
          "tank/nextcloud"
          "tank/generic/git"
        ];
        # If password is requested and fails, continue to boot eventually
        passwordTimeout = 300;
      };
      # Theming
      # Server doesn't require GUI
      gui.enable = false;
      # Still require colors for programs like Neovim, K9S
      theme = {
        colors = (import ../../colorscheme/gruvbox-dark).dark;
      };
      # Programs and services
      atuin.enable = true;
      neovim.enable = true;
      cloudflare.enable = true;
      dotfiles.enable = true;
      arrs.enable = true;
      services.bind.enable = true;
      services.caddy.enable = true;
      services.jellyfin.enable = true;
      services.nextcloud.enable = true;
      services.calibre-web.enable = true;
      services.openssh.enable = true;
      services.prometheus.enable = false;
      services.vmagent.enable = true;
      services.samba.enable = true;
      services.paperless.enable = true;
      services.postgresql.enable = true;
      system.autoUpgrade.enable = false;
      # Allows private remote access over the internet
      cloudflareTunnel = {
        enable = true;
        id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
        credentialsFile = ../../private/cloudflared-swan.age;
        ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
      };
      # Send regular backups and litestream for DBs to an S3-like bucket
      backup.s3 = {
        endpoint = "s3.us-west-002.backblazeb2.com";
        bucket = "noahmasur-backup";
        accessKeyId = "0026b0e73b2e2c80000000005";
      };
      # Disable passwords, only use SSH key
      publicKeys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
      ];
    }
  ];
 }
--- a/hosts/tempest/default.nix
+++ b/hosts/tempest/default.nix
@@ -1,142 +0,0 @@
 # The Tempest
 # System configuration for my desktop
 {
  inputs,
  globals,
  overlays,
  ...
 }:
 inputs.nixpkgs.lib.nixosSystem {
  system = "x86_64-linux";
  modules = [
    globals
    inputs.home-manager.nixosModules.home-manager
    ../../modules/common
    ../../modules/nixos
    {
      nixpkgs.overlays = overlays;
      # Hardware
      physical = true;
      networking.hostName = "tempest";
      # Not sure what's necessary but too afraid to remove anything
      boot.initrd.availableKernelModules = [
        "nvme"
        "xhci_pci"
        "ahci"
        "usb_storage"
        "usbhid"
        "sd_mod"
      ];
      # Graphics and VMs
      boot.initrd.kernelModules = [ "amdgpu" ];
      boot.kernelModules = [ "kvm-amd" ];
      services.xserver.videoDrivers = [ "amdgpu" ];
      # Required binary blobs to boot on this machine
      hardware.enableRedistributableFirmware = true;
      # Prioritize performance over efficiency
      powerManagement.cpuFreqGovernor = "performance";
      # Allow firmware updates
      hardware.cpu.amd.updateMicrocode = true;
      # Helps reduce GPU fan noise under idle loads
      hardware.fancontrol.enable = true;
      hardware.fancontrol.config = ''
        # Configuration file generated by pwmconfig, changes will be lost
        INTERVAL=10
        DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0
        DEVNAME=hwmon0=amdgpu
        FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input
        FCFANS= hwmon0/pwm1=hwmon0/fan1_input
        MINTEMP=hwmon0/pwm1=50
        MAXTEMP=hwmon0/pwm1=70
        MINSTART=hwmon0/pwm1=100
        MINSTOP=hwmon0/pwm1=10
        MINPWM=hwmon0/pwm1=10
        MAXPWM=hwmon0/pwm1=240
      '';
      # File systems must be declared in order to boot
      # This is the root filesystem containing NixOS
      fileSystems."/" = {
        device = "/dev/disk/by-label/nixos";
        fsType = "ext4";
      };
      # This is the boot filesystem for Grub
      fileSystems."/boot" = {
        device = "/dev/disk/by-label/boot";
        fsType = "vfat";
      };
      # Secrets must be prepared ahead before deploying
      passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512;
      # Theming
      # Turn on all features related to desktop and graphical applications
      gui.enable = true;
      # Set the system-wide theme, also used for non-graphical programs
      theme = {
        colors = (import ../../colorscheme/gruvbox-dark).dark;
        dark = true;
      };
      wallpaper = "${inputs.wallpapers}/gruvbox/road.jpg";
      gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
      # Programs and services
      atuin.enable = true;
      charm.enable = true;
      neovim.enable = true;
      media.enable = true;
      dotfiles.enable = true;
      firefox.enable = true;
      kitty.enable = true;
      _1password.enable = true;
      discord.enable = true;
      nautilus.enable = true;
      obsidian.enable = true;
      mail.enable = true;
      mail.aerc.enable = true;
      mail.himalaya.enable = true;
      keybase.enable = true;
      mullvad.enable = false;
      rust.enable = true;
      terraform.enable = true;
      wezterm.enable = true;
      yt-dlp.enable = true;
      gaming = {
        dwarf-fortress.enable = true;
        enable = true;
        steam.enable = true;
        legendary.enable = true;
        lutris.enable = true;
        ryujinx.enable = true;
      };
      services.vmagent.enable = true; # Enables Prometheus metrics
      services.openssh.enable = true; # Required for Cloudflare tunnel and identity file
      # Allows private remote access over the internet
      cloudflareTunnel = {
        enable = true;
        id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
        credentialsFile = ../../private/cloudflared-tempest.age;
        ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
      };
      # Allows requests to force machine to wake up
      # This network interface might change, needs to be set specifically for each machine.
      # Or set usePredictableInterfaceNames = false
      networking.interfaces.enp5s0.wakeOnLan.enable = true;
    }
  ];
 }
--- a/hosts/x86_64-darwin/readme.md
+++ b/hosts/x86_64-darwin/readme.md
@@ -0,0 +1 @@
 # No x86 Darwin Hosts Currently
--- a/hosts/x86_64-linux/arrow/default.nix
+++ b/hosts/x86_64-linux/arrow/default.nix
@@ -0,0 +1,47 @@
 # The Arrow
 # System configuration for temporary VM
 rec {
  # Hardware
  networking.hostName = "arrow";
  nmasur.settings = {
    username = "noah";
    fullName = "Noah Masur";
  };
  nmasur.profiles = {
    base.enable = true;
    server.enable = true;
  };
  home-manager.users."noah" = {
    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
      host = networking.hostName;
    };
    nmasur.profiles = {
      common.enable = true;
      linux-base.enable = true;
    };
    home.stateVersion = "23.05";
  };
  system.stateVersion = "23.05";
  # These filesystems are ignored by nixos-generators
  # This is the root filesystem containing NixOS
  fileSystems."/" = {
    device = "/dev/disk/by-label/nixos";
    fsType = "ext4";
  };
  # This is the boot filesystem for Grub
  fileSystems."/boot" = {
    device = "/dev/disk/by-label/boot";
    fsType = "vfat";
  };
 }
--- a/hosts/x86_64-linux/hydra/default.nix
+++ b/hosts/x86_64-linux/hydra/default.nix
@@ -0,0 +1,54 @@
 # The Hydra
 # System configuration for WSL
 rec {
  # Hardware
  networking.hostName = "hydra";
  nmasur.settings = {
    username = "noah";
    fullName = "Noah Masur";
  };
  nmasur.profiles = {
    base.enable = true;
    wsl.enable = true;
  };
  home-manager.users."noah" = {
    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
      host = networking.hostName;
    };
    nmasur.profiles = {
      common.enable = true;
      linux-base.enable = true;
      power-user.enable = true;
    };
    home.stateVersion = "23.05";
  };
  system.stateVersion = "23.05";
  # This is the root filesystem containing NixOS
  fileSystems."/" = {
    device = "/dev/disk/by-label/nixos";
    fsType = "ext4";
  };
  # This is the boot filesystem for Grub
  fileSystems."/boot" = {
    device = "/dev/disk/by-label/boot";
    fsType = "vfat";
  };
  # Not sure what's necessary but too afraid to remove anything
  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "ahci"
    "nvme"
    "usb_storage"
    "sd_mod"
  ];
 }
--- a/hosts/x86_64-linux/staff/default.nix
+++ b/hosts/x86_64-linux/staff/default.nix
@@ -0,0 +1,68 @@
 # The Staff
 # System configuration test
 rec {
  # Hardware
  networking.hostName = "staff";
  nmasur.settings = {
    username = "noah";
    fullName = "Noah Masur";
  };
  nmasur.profiles = {
    base.enable = true;
    home.enable = true;
    gui.enable = true;
  };
  nmasur.presets.services.cloudflared.enable = false;
  nmasur.presets.services.kanata.enable = false;
  nmasur.presets.services.openssh.enable = true;
  home-manager.users."noah" = {
    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
      host = networking.hostName;
    };
    nmasur.profiles = {
      common.enable = true;
      linux-base.enable = true;
      linux-gui.enable = true;
      power-user.enable = true;
    };
    nmasur.presets.services.mbsync = {
      user = nmasur.settings.username;
      server = "noahmasur.com";
    };
    home.stateVersion = "23.05";
  };
  system.stateVersion = "23.05";
  # Not sure what's necessary but too afraid to remove anything
  # File systems must be declared in order to boot
  # Required to have a boot loader to work
  boot.loader.systemd-boot.enable = true;
  # This is the root filesystem containing NixOS
  fileSystems."/" = {
    device = "/dev/disk/by-label/nixos";
    fsType = "ext4";
  };
  # This is the boot filesystem for Grub
  fileSystems."/boot" = {
    device = "/dev/disk/by-label/boot";
    fsType = "vfat";
  };
  # Allows private remote access over the internet
  # nmasur.presets.services.cloudflared = {
  #   tunnel = {
  #     id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
  #     credentialsFile = ../../private/cloudflared-tempest.age;
  #     ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
  #   };
  # };
 }
--- a/hosts/x86_64-linux/swan/cloudflared-swan.age
+++ b/hosts/x86_64-linux/swan/cloudflared-swan.age
--- a/hosts/x86_64-linux/swan/default.nix
+++ b/hosts/x86_64-linux/swan/default.nix
@@ -0,0 +1,82 @@
 # The Swan
 # System configuration for my home NAS server
 rec {
  networking.hostName = "swan";
  nmasur.settings = {
    username = "noah";
    fullName = "Noah Masur";
  };
  nmasur.profiles = {
    base.enable = true;
    server.enable = true;
    home.enable = true;
    nas.enable = true;
    shared-media.enable = true;
  };
  home-manager.users."noah" = {
    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
      host = networking.hostName;
    };
    nmasur.profiles = {
      common.enable = true;
      linux-base.enable = true;
      power-user.enable = true;
    };
    home.stateVersion = "23.05";
  };
  system.stateVersion = "23.05";
  # Not sure what's necessary but too afraid to remove anything
  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "ahci"
    "nvme"
    "usb_storage"
    "sd_mod"
  ];
  # Required for transcoding
  boot.initrd.kernelModules = [ "amdgpu" ];
  boot.kernelParams = [
    "radeon.si_support=0"
    "amdgpu.si_support=1"
    "radeon.cik_support=0"
    "amdgpu.cik_support=1"
    "amdgpu.dc=1"
  ];
  # Required binary blobs to boot on this machine
  hardware.enableRedistributableFirmware = true;
  # Prioritize efficiency over performance
  powerManagement.cpuFreqGovernor = "powersave";
  # Allow firmware updates
  hardware.cpu.intel.updateMicrocode = true;
  # ZFS
  # Generated with: head -c 8 /etc/machine-id
  networking.hostId = "600279f4"; # Random ID required for ZFS
  # Sets root ext4 filesystem instead of declaring it manually
  disko = {
    enableConfig = true;
    devices = (import ./root.nix { disk = "/dev/nvme0n1"; });
  };
  # Allows private remote access over the internet
  nmasur.presets.services.cloudflared = {
    tunnel = {
      id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
      credentialsFile = ./cloudflared-swan.age;
      ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
    };
  };
 }
--- a/hosts/x86_64-linux/swan/root.nix
+++ b/hosts/x86_64-linux/swan/root.nix
--- a/hosts/x86_64-linux/tempest/cloudflared-tempest.age
+++ b/hosts/x86_64-linux/tempest/cloudflared-tempest.age
--- a/hosts/x86_64-linux/tempest/default.nix
+++ b/hosts/x86_64-linux/tempest/default.nix
@@ -0,0 +1,110 @@
 # The Tempest
 # System configuration for my desktop
 rec {
  # Hardware
  networking.hostName = "tempest";
  nmasur.settings = {
    username = "noah";
    fullName = "Noah Masur";
  };
  nmasur.profiles = {
    base.enable = true;
    home.enable = true;
    gui.enable = true;
    gaming.enable = true;
  };
  nmasur.presets.services.grub.enable = true;
  home-manager.users."noah" = {
    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
      host = networking.hostName;
    };
    nmasur.profiles = {
      common.enable = true;
      linux-base.enable = true;
      linux-gui.enable = true;
      linux-gaming.enable = true;
      power-user.enable = true;
      developer.enable = true;
      experimental.enable = true;
    };
    home.stateVersion = "23.05";
  };
  system.stateVersion = "23.05";
  # Not sure what's necessary but too afraid to remove anything
  boot.initrd.availableKernelModules = [
    "nvme"
    "xhci_pci"
    "ahci"
    "usb_storage"
    "usbhid"
    "sd_mod"
  ];
  # Graphics and VMs
  boot.initrd.kernelModules = [ "amdgpu" ];
  boot.kernelModules = [ "kvm-amd" ];
  services.xserver.videoDrivers = [ "amdgpu" ];
  # Required binary blobs to boot on this machine
  hardware.enableRedistributableFirmware = true;
  # Prioritize performance over efficiency
  powerManagement.cpuFreqGovernor = "performance";
  # Allow firmware updates
  hardware.cpu.amd.updateMicrocode = true;
  # Helps reduce GPU fan noise under idle loads
  hardware.fancontrol.enable = true;
  hardware.fancontrol.config = ''
    # Configuration file generated by pwmconfig, changes will be lost
    INTERVAL=10
    DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0
    DEVNAME=hwmon0=amdgpu
    FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input
    FCFANS= hwmon0/pwm1=hwmon0/fan1_input
    MINTEMP=hwmon0/pwm1=50
    MAXTEMP=hwmon0/pwm1=70
    MINSTART=hwmon0/pwm1=100
    MINSTOP=hwmon0/pwm1=10
    MINPWM=hwmon0/pwm1=10
    MAXPWM=hwmon0/pwm1=240
  '';
  # File systems must be declared in order to boot
  # This is the root filesystem containing NixOS
  fileSystems."/" = {
    device = "/dev/disk/by-label/nixos";
    fsType = "ext4";
  };
  # This is the boot filesystem for Grub
  fileSystems."/boot" = {
    device = "/dev/disk/by-label/boot";
    fsType = "vfat";
  };
  # Allows private remote access over the internet
  nmasur.presets.services.cloudflared = {
    tunnel = {
      id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
      credentialsFile = ./cloudflared-tempest.age;
      ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
    };
  };
  # Allows requests to force machine to wake up
  # This network interface might change, needs to be set specifically for each machine.
  # Or set usePredictableInterfaceNames = false
  networking.interfaces.enp5s0.wakeOnLan.enable = true;
 }
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -0,0 +1,233 @@
 inputs:
 let
  lib = inputs.nixpkgs.lib;
 in
 lib
 // rec {
  # Returns all files in a directory matching a suffix
  filesInDirectoryWithSuffix =
    directory: suffix:
    lib.pipe (lib.filesystem.listFilesRecursive directory) [
      # Get only files ending in .nix
      (builtins.filter (name: lib.hasSuffix suffix name))
    ];
  # Returns all files ending in .nix for a directory
  nixFiles = directory: filesInDirectoryWithSuffix directory ".nix";
  # Returns all files ending in default.nix for a directory
  defaultFiles = directory: filesInDirectoryWithSuffix directory "default.nix";
  # Imports all files in a directory and passes inputs
  importOverlays =
    directory:
    lib.pipe (nixFiles directory) [
      # Import each overlay file
      (map (file: (import file) inputs))
    ];
  # Import default files as attrset with keys provided by parent directory
  defaultFilesToAttrset =
    directory:
    lib.pipe (defaultFiles directory) [
      # Import each file
      (map (file: {
        name = builtins.baseNameOf (builtins.dirOf file);
        value = import file;
      }))
      # Convert to an attrset of parent dir name -> file
      (builtins.listToAttrs)
    ];
  # [ package1/package.nix package2/package.nix package2/hello.sh ]
  buildPkgsFromDirectoryAndPkgs =
    directory: pkgs:
    lib.pipe (filesInDirectoryWithSuffix directory "package.nix") [
      # Apply callPackage to create a derivation
      # Must use final.callPackage to avoid infinite recursion
      # [ package1.drv package2.drv ]
      (builtins.map (name: pkgs.callPackage name { }))
      # Convert the list to an attrset with keys from pname or name attr
      # { package1 = package1.drv, package2 = package2.drv }
      (builtins.listToAttrs (
        map (v: {
          name = v."pname" or v."name";
          value = v;
        })
      ))
    ];
  # Common overlays to always use
  overlays = [
    inputs.nur.overlays.default
    inputs.nix2vim.overlay
    inputs.zellij-switch.overlays.default
    inputs.helix.overlays.default
  ] ++ (importOverlays ../overlays);
  # System types to support.
  supportedSystems = [
    "x86_64-linux"
    "x86_64-darwin"
    "aarch64-linux"
    "aarch64-darwin"
  ];
  # Split system types by operating system
  linuxSystems = builtins.filter (lib.hasSuffix "linux") supportedSystems;
  darwinSystems = builtins.filter (lib.hasSuffix "darwin") supportedSystems;
  # Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'.
  forSystems = systems: lib.genAttrs systems;
  forAllSystems = lib.genAttrs supportedSystems;
  # { x86_64-linux = { tempest = { settings = ...; }; }; };
  hosts = forAllSystems (system: defaultFilesToAttrset ../hosts/${system});
  linuxHosts = lib.filterAttrs (name: value: builtins.elem name linuxSystems) hosts;
  darwinHosts = lib.filterAttrs (name: value: builtins.elem name darwinSystems) hosts;
  # { system -> pkgs }
  pkgsBySystem = forAllSystems (
    system:
    import inputs.nixpkgs {
      inherit system overlays;
      config.permittedInsecurePackages = [ "litestream-0.3.13" ];
      config.allowUnfree = true;
    }
  );
  colorscheme = defaultFilesToAttrset ../colorscheme;
  homeModule = {
    home-manager = {
      # Include home-manager config in NixOS
      sharedModules = nixFiles ../platforms/home-manager;
      # Use the system-level nixpkgs instead of Home Manager's
      useGlobalPkgs = lib.mkDefault true;
      # Install packages to /etc/profiles instead of ~/.nix-profile, useful when
      # using multiple profiles for one user
      useUserPackages = lib.mkDefault true;
    };
  };
  buildHome =
    {
      system,
      module,
      specialArgs,
    }:
    inputs.home-manager.lib.homeManagerConfiguration {
      pkgs = pkgsBySystem.${system};
      modules = [
        { imports = (nixFiles ../platforms/home-manager); }
        module
      ];
      extraSpecialArgs = {
        inherit colorscheme;
      } // specialArgs;
    };
  buildNixos =
    {
      system,
      module,
      specialArgs,
    }:
    inputs.nixpkgs.lib.nixosSystem {
      inherit specialArgs;
      pkgs = pkgsBySystem.${system};
      modules = [
        inputs.home-manager.nixosModules.home-manager
        inputs.disko.nixosModules.disko
        inputs.wsl.nixosModules.wsl
        { imports = (nixFiles ../platforms/nixos); }
        module
        {
          home-manager = {
            extraSpecialArgs = {
              inherit colorscheme;
            } // specialArgs;
          } // homeModule.home-manager;
        }
      ];
    };
  buildDarwin =
    {
      system,
      module,
      specialArgs,
    }:
    inputs.darwin.lib.darwinSystem {
      inherit system specialArgs;
      modules = [
        inputs.home-manager.darwinModules.home-manager
        inputs.mac-app-util.darwinModules.default
        {
          imports = (nixFiles ../platforms/nix-darwin);
          nixpkgs.pkgs = pkgsBySystem.${system};
        }
        module
        {
          home-manager = {
            extraSpecialArgs = {
              inherit colorscheme;
            } // specialArgs;
          } // homeModule.home-manager;
        }
      ];
    };
  generatorOptions = {
    amazon = {
      aws.enable = true;
    };
    iso = {
      nmasur.profiles.wsl.enable = lib.mkForce false;
      boot.loader.grub.enable = lib.mkForce false;
    };
    qcow-efi = {
      nmasur.profiles.wsl.enable = lib.mkForce false;
      boot.loader.grub.enable = lib.mkForce false;
      fileSystems."/boot".device = lib.mkForce "/dev/disk/by-label/ESP";
    };
  };
  generateImage =
    {
      system,
      module,
      format,
      specialArgs,
    }:
    inputs.nixos-generators.nixosGenerate {
      inherit system format;
      pkgs = pkgsBySystem.${system};
      modules = [
        inputs.home-manager.nixosModules.home-manager
        inputs.disko.nixosModules.disko
        inputs.wsl.nixosModules.wsl
        {
          imports = (nixFiles ../platforms/nixos) ++ (nixFiles ../platforms/generators);
        }
        generatorOptions.${format}
        module
        {
          home-manager = {
            extraSpecialArgs = {
              inherit colorscheme;
            } // specialArgs;
          } // homeModule.home-manager;
        }
      ];
      specialArgs = {
      } // specialArgs;
    };
 }
--- a/modules/README.md
+++ b/modules/README.md
@@ -1,9 +0,0 @@
 # Modules
 | Module                         | Purpose                                     |
 | ---                            | ---                                         |
 | [common](./common/default.nix) | User programs and OS-agnostic configuration |
 | [darwin](./darwin/default.nix) | macOS-specific configuration                |
 | [nixos](./nixos/default.nix)   | NixOS-specific configuration                |
 | [wsl](./wsl/default.nix)       | WSL-specific configuration                  |
--- a/modules/aws/default.nix
+++ b/modules/aws/default.nix
@@ -1,9 +0,0 @@
 { ... }:
 {
  # AWS settings require this
  permitRootLogin = "prohibit-password";
  # Make sure disk size is large enough
  # https://github.com/nix-community/nixos-generators/issues/150
  amazonImage.sizeMB = 16 * 1024;
 }
--- a/modules/common/applications/1password.nix
+++ b/modules/common/applications/1password.nix
@@ -1,42 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options = {
    _1password = {
      enable = lib.mkEnableOption {
        description = "Enable 1Password.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.gui.enable && config._1password.enable) {
    unfreePackages = [
      "1password"
      "_1password-gui"
      "1password-cli"
    ];
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [
        _1password-gui
        _1password
      ];
    };
    # https://1password.community/discussion/135462/firefox-extension-does-not-connect-to-linux-app
    # On Mac, does not apply: https://1password.community/discussion/142794/app-and-browser-integration
    # However, the button doesn't work either:
    # https://1password.community/discussion/140735/extending-support-for-trusted-web-browsers
    environment.etc."1password/custom_allowed_browsers".text = ''
      ${
        config.home-manager.users.${config.user}.programs.firefox.package
      }/Applications/Firefox.app/Contents/MacOS/firefox
      firefox
    '';
  };
 }
--- a/modules/common/applications/alacritty.nix
+++ b/modules/common/applications/alacritty.nix
@@ -1,107 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options = {
    alacritty = {
      enable = lib.mkEnableOption {
        description = "Enable Alacritty.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.gui.enable && config.alacritty.enable) {
    home-manager.users.${config.user} = {
      xsession.windowManager.i3.config.terminal = "alacritty";
      programs.rofi.terminal = "${pkgs.alacritty}/bin/alacritty";
      programs.alacritty = {
        enable = true;
        settings = {
          window = {
            dimensions = {
              columns = 85;
              lines = 30;
            };
            padding = {
              x = 20;
              y = 20;
            };
            opacity = 1.0;
          };
          scrolling.history = 10000;
          font = {
            size = 14.0;
          };
          key_bindings = [
            # Used for word completion in fish_user_key_bindings
            {
              key = "Return";
              mods = "Shift";
              chars = "\\x1F";
            }
            # Used for searching nixpkgs in fish_user_key_bindings
            {
              key = "N";
              mods = "Control|Shift";
              chars = "\\x11F";
            }
            {
              key = "H";
              mods = "Control|Shift";
              mode = "~Vi";
              action = "ToggleViMode";
            }
            {
              key = "Return";
              mode = "Vi";
              action = "ToggleViMode";
            }
            # Used to enable $ keybind in Vi mode
            {
              key = 5; # Scancode for key4
              mods = "Shift";
              mode = "Vi|~Search";
              action = "Last";
            }
          ];
          colors = {
            primary = {
              background = config.theme.colors.base00;
              foreground = config.theme.colors.base05;
            };
            cursor = {
              text = "#1d2021";
              cursor = config.theme.colors.base05;
            };
            normal = {
              black = "#1d2021";
              red = config.theme.colors.base08;
              green = config.theme.colors.base0B;
              yellow = config.theme.colors.base0A;
              blue = config.theme.colors.base0D;
              magenta = config.theme.colors.base0E;
              cyan = config.theme.colors.base0C;
              white = config.theme.colors.base05;
            };
            bright = {
              black = config.theme.colors.base03;
              red = config.theme.colors.base09;
              green = config.theme.colors.base01;
              yellow = config.theme.colors.base02;
              blue = config.theme.colors.base04;
              magenta = config.theme.colors.base06;
              cyan = config.theme.colors.base0F;
              white = config.theme.colors.base07;
            };
          };
          draw_bold_text_with_bright_colors = false;
        };
      };
    };
  };
 }
--- a/modules/common/applications/default.nix
+++ b/modules/common/applications/default.nix
@@ -1,17 +0,0 @@
 { ... }:
 {
  imports = [
    ./1password.nix
    ./alacritty.nix
    ./discord.nix
    ./firefox.nix
    ./kitty.nix
    ./media.nix
    ./obsidian.nix
    ./qbittorrent.nix
    ./slack.nix
    ./wezterm.nix
    ./yt-dlp.nix
  ];
 }
--- a/modules/common/applications/discord.nix
+++ b/modules/common/applications/discord.nix
@@ -1,34 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options = {
    discord = {
      enable = lib.mkEnableOption {
        description = "Enable Discord.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.gui.enable && config.discord.enable) {
    unfreePackages = [ "discord" ];
    environment.systemPackages = [ pkgs.discord ];
    home-manager.users.${config.user} = {
      xdg.configFile."discord/settings.json".text = ''
        {
          "BACKGROUND_COLOR": "#202225",
          "IS_MAXIMIZED": false,
          "IS_MINIMIZED": false,
          "OPEN_ON_STARTUP": false,
          "MINIMIZE_TO_TRAY": false,
          "SKIP_HOST_UPDATE": true
        }
      '';
    };
  };
 }
--- a/modules/common/applications/firefox.nix
+++ b/modules/common/applications/firefox.nix
@@ -1,192 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options = {
    firefox = {
      enable = lib.mkEnableOption {
        description = "Enable Firefox.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.gui.enable && config.firefox.enable) {
    unfreePackages = [
      (lib.mkIf config._1password.enable "onepassword-password-manager")
      "okta-browser-plugin"
    ];
    home-manager.users.${config.user} = {
      programs.firefox = {
        enable = true;
        package = if pkgs.stdenv.isDarwin then pkgs.firefox-bin else pkgs.firefox;
        profiles.default = {
          id = 0;
          name = "default";
          isDefault = true;
          # https://nur.nix-community.org/repos/rycee/
          extensions = with pkgs.nur.repos.rycee.firefox-addons; [
            (lib.mkIf config._1password.enable onepassword-password-manager)
            darkreader
            don-t-fuck-with-paste
            facebook-container
            markdownload
            multi-account-containers
            okta-browser-plugin
            reddit-enhancement-suite
            return-youtube-dislikes
            sponsorblock
            ublock-origin
            ublacklist
            vimium
          ];
          settings = {
            "app.update.auto" = false;
            "browser.aboutConfig.showWarning" = false;
            "browser.warnOnQuit" = false;
            "browser.quitShortcut.disabled" = if pkgs.stdenv.isLinux then true else false;
            "browser.theme.dark-private-windows" = true;
            "browser.toolbars.bookmarks.visibility" = false;
            "browser.startup.page" = 3; # Restore previous session
            "browser.newtabpage.enabled" = false; # Make new tabs blank
            "trailhead.firstrun.didSeeAboutWelcome" = true; # Disable welcome splash
            "dom.forms.autocomplete.formautofill" = false; # Disable autofill
            "extensions.formautofill.creditCards.enabled" = false; # Disable credit cards
            "dom.payments.defaults.saveAddress" = false; # Disable address save
            "general.autoScroll" = true; # Drag middle-mouse to scroll
            "services.sync.prefs.sync.general.autoScroll" = false; # Prevent disabling autoscroll
            "extensions.pocket.enabled" = false;
            "toolkit.legacyUserProfileCustomizations.stylesheets" = true; # Allow userChrome.css
            "layout.css.color-mix.enabled" = true;
            "ui.systemUsesDarkTheme" = if config.theme.dark == true then 1 else 0;
            "media.ffmpeg.vaapi.enabled" = true; # Enable hardware video acceleration
            "cookiebanners.ui.desktop.enabled" = true; # Reject cookie popups
            "devtools.command-button-screenshot.enabled" = true; # Scrolling screenshot of entire page
            "svg.context-properties.content.enabled" = true; # Sidebery styling
          };
          userChrome = ''
            :root {
              --focus-outline-color: ${config.theme.colors.base04} !important;
              --toolbar-color: ${config.theme.colors.base07} !important;
              --tab-min-height: 30px !important;
            }
            /* Background of tab bar */
            .toolbar-items {
              background-color: ${config.theme.colors.base00} !important;
            }
            /* Extra tab bar sides on macOS */
            .titlebar-spacer {
              background-color: ${config.theme.colors.base00} !important;
            }
            .titlebar-buttonbox-container {
              background-color: ${config.theme.colors.base00} !important;
            }
            #tabbrowser-tabs {
              border-inline-start: 0 !important;
            }
            /* Private Browsing indicator on macOS */
            #private-browsing-indicator-with-label {
              background-color: ${config.theme.colors.base00} !important;
              margin-inline: 0 !important;
              padding-inline: 7px;
            }
            /* Tabs themselves */
            .tabbrowser-tab .tab-stack {
              border-radius: 5px 5px 0 0;
              overflow: hidden;
              background-color: ${config.theme.colors.base00};
              color: ${config.theme.colors.base06} !important;
            }
            .tab-content {
              border-bottom: 2px solid color-mix(in srgb, var(--identity-tab-color) 40%, transparent);
              border-radius: 5px 5px 0 0;
              background-color: ${config.theme.colors.base00};
              color: ${config.theme.colors.base06} !important;
            }
            .tab-content[selected] {
              border-bottom: 2px solid color-mix(in srgb, var(--identity-tab-color) 25%, transparent);
              background-color: ${config.theme.colors.base01} !important;
              color: ${config.theme.colors.base07} !important;
            }
            /* Below tab bar */
            #nav-bar {
              background: ${config.theme.colors.base01} !important;
            }
            /* URL bar in nav bar */
            #urlbar[focused=true] {
              color: ${config.theme.colors.base07} !important;
              background: ${config.theme.colors.base02} !important;
              caret-color: ${config.theme.colors.base05} !important;
            }
            #urlbar:not([focused=true]) {
              color: ${config.theme.colors.base04} !important;
              background: ${config.theme.colors.base02} !important;
            }
            #urlbar ::-moz-selection {
              color: ${config.theme.colors.base07} !important;
              background: ${config.theme.colors.base02} !important;
            }
            #urlbar-input-container {
              border: 1px solid ${config.theme.colors.base01} !important;
            }
            #urlbar-background {
              background: ${config.theme.colors.base01} !important;
            }
            /* Text in URL bar */
            #urlbar-input, #urlbar-scheme, .searchbar-textbox {
              color: ${config.theme.colors.base07} !important;
            }
          '';
          userContent = ''
            @-moz-document url-prefix(about:blank) {
              * {
                background-color:${config.theme.colors.base01} !important;
              }
            }
          '';
          extraConfig = "";
        };
      };
      xdg.mimeApps = {
        associations.added = {
          "text/html" = [ "firefox.desktop" ];
        };
        defaultApplications = {
          "text/html" = [ "firefox.desktop" ];
        };
        associations.removed = {
          "text/html" = [ "wine-extension-htm.desktop" ];
        };
      };
      xsession.windowManager.i3.config.keybindings = lib.mkIf pkgs.stdenv.isLinux {
        "${
          config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier
        }+Shift+b" = "exec ${
          # Don't name the script `firefox` or it will affect grep
          builtins.toString (
            pkgs.writeShellScript "focus-ff.sh" ''
              count=$(ps aux | grep -c firefox)
              if [ "$count" -eq 1 ]; then
                  i3-msg "exec --no-startup-id firefox"
                  sleep 0.5
              fi
              i3-msg "[class=firefox] focus"
            ''
          )
        }";
      };
    };
  };
 }
--- a/modules/common/applications/kitty.nix
+++ b/modules/common/applications/kitty.nix
@@ -1,118 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options = {
    kitty = {
      enable = lib.mkEnableOption {
        description = "Enable Kitty.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.gui.enable && config.kitty.enable) {
    # Set the Rofi-Systemd terminal for viewing logs
    # Using optionalAttrs because only available in NixOS
    environment =
      { }
      // lib.attrsets.optionalAttrs (builtins.hasAttr "sessionVariables" config.environment) {
        sessionVariables.ROFI_SYSTEMD_TERM = lib.mkDefault "${pkgs.kitty}/bin/kitty";
      };
    home-manager.users.${config.user} = {
      # Set the i3 terminal
      xsession.windowManager.i3.config.terminal = lib.mkIf pkgs.stdenv.isLinux "kitty";
      # Set the Rofi terminal for running programs
      programs.rofi.terminal = lib.mkIf pkgs.stdenv.isLinux (lib.mkDefault "${pkgs.kitty}/bin/kitty");
      # Display images in the terminal
      programs.fish.interactiveShellInit = # fish
        ''
          if test "$TERM" = "xterm-kitty"
              alias icat="kitty +kitten icat"
              alias ssh="kitty +kitten ssh"
          end
        '';
      programs.kitty = {
        enable = true;
        environment = { };
        extraConfig = "";
        font.size = 14;
        keybindings = {
          # Use shift+enter to complete text suggestions in fish
          "shift+enter" = "send_text all \\x1F";
          # Easy fullscreen toggle (for macOS)
          "super+f" = "toggle_fullscreen";
        };
        settings = {
          # Colors (adapted from: https://github.com/kdrag0n/base16-kitty/blob/master/templates/default-256.mustache)
          background = config.theme.colors.base00;
          foreground = config.theme.colors.base05;
          selection_background = config.theme.colors.base05;
          selection_foreground = config.theme.colors.base00;
          url_color = config.theme.colors.base04;
          cursor = config.theme.colors.base05;
          active_border_color = config.theme.colors.base03;
          inactive_border_color = config.theme.colors.base01;
          active_tab_background = config.theme.colors.base00;
          active_tab_foreground = config.theme.colors.base05;
          inactive_tab_background = config.theme.colors.base01;
          inactive_tab_foreground = config.theme.colors.base04;
          tab_bar_background = config.theme.colors.base01;
          # normal
          color0 = config.theme.colors.base00;
          color1 = config.theme.colors.base08;
          color2 = config.theme.colors.base0B;
          color3 = config.theme.colors.base0A;
          color4 = config.theme.colors.base0D;
          color5 = config.theme.colors.base0E;
          color6 = config.theme.colors.base0C;
          color7 = config.theme.colors.base05;
          # bright
          color8 = config.theme.colors.base03;
          color9 = config.theme.colors.base08;
          color10 = config.theme.colors.base0B;
          color11 = config.theme.colors.base0A;
          color12 = config.theme.colors.base0D;
          color13 = config.theme.colors.base0E;
          color14 = config.theme.colors.base0C;
          color15 = config.theme.colors.base07;
          # extended base16 colors
          color16 = config.theme.colors.base09;
          color17 = config.theme.colors.base0F;
          color18 = config.theme.colors.base01;
          color19 = config.theme.colors.base02;
          color20 = config.theme.colors.base04;
          color21 = config.theme.colors.base06;
          # Scrollback
          scrollback_lines = 10000;
          scrollback_pager_history_size = 300; # MB
          # Window
          window_padding_width = 6;
          tab_bar_edge = "top";
          tab_bar_style = "slant";
          # Disable audio
          enable_audio_bell = false;
        };
      };
    };
  };
 }
--- a/modules/common/applications/media.nix
+++ b/modules/common/applications/media.nix
@@ -1,67 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options = {
    media = {
      enable = lib.mkEnableOption {
        description = "Enable media programs.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.gui.enable && config.media.enable) {
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [
        nsxiv # Image viewer
        mupdf # PDF viewer
        zathura # PDF viewer
      ];
      # Video player
      programs.mpv = {
        enable = true;
        bindings = { };
        config = {
          image-display-duration = 2; # For cycling through images
          hwdec = "auto-safe"; # Attempt to use GPU decoding for video
        };
        scripts = [
          # Automatically load playlist entries before and after current file
          pkgs.mpvScripts.autoload
          # Delete current file after quitting
          pkgs.mpvScripts.mpv-delete-file
        ];
      };
      # Set default programs for opening PDFs and other media
      xdg.mimeApps = {
        associations.added = {
          "application/pdf" = [ "pwmt.zathura-cb.desktop" ];
          "image/jpeg" = [ "nsxiv.desktop" ];
          "image/png" = [ "nsxiv.desktop" ];
          "image/*" = [ "nsxiv.desktop" ];
        };
        associations.removed = {
          "application/pdf" = [
            "mupdf.desktop"
            "wine-extension-pdf.desktop"
          ];
        };
        defaultApplications = {
          "application/pdf" = [ "pwmt.zathura-cb.desktop" ];
          "image/jpeg" = [ "nsxiv.desktop" ];
          "image/png" = [ "nsxiv.desktop" ];
          "image/*" = [ "nsxiv.desktop" ];
        };
      };
    };
  };
 }
--- a/modules/common/applications/obsidian.nix
+++ b/modules/common/applications/obsidian.nix
@@ -1,28 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options = {
    obsidian = {
      enable = lib.mkEnableOption {
        description = "Enable Obsidian.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.gui.enable && config.obsidian.enable) {
    unfreePackages = [ "obsidian" ];
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [ obsidian ];
    };
    # Broken on 2023-12-11
    # https://forum.obsidian.md/t/electron-25-is-now-eol-please-upgrade-to-a-newer-version/72878/8
    nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ];
  };
 }
--- a/modules/common/applications/qbittorrent.nix
+++ b/modules/common/applications/qbittorrent.nix
@@ -1,25 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options = {
    qbittorrent = {
      enable = lib.mkEnableOption {
        description = "Enable qBittorrent.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.gui.enable && config.qbittorrent.enable) {
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [ qbittorrent ];
    };
  };
 }
--- a/modules/common/applications/slack.nix
+++ b/modules/common/applications/slack.nix
@@ -1,24 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options = {
    slack = {
      enable = lib.mkEnableOption {
        description = "Enable Slack.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.gui.enable && config.slack.enable) {
    unfreePackages = [ "slack" ];
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [ slack ];
    };
  };
 }
--- a/modules/common/applications/wezterm.nix
+++ b/modules/common/applications/wezterm.nix
@@ -1,235 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options = {
    wezterm = {
      enable = lib.mkEnableOption {
        description = "Enable WezTerm terminal.";
        default = false;
      };
    };
  };
  config =
    let
      font = config.home-manager.users.${config.user}.programs.kitty.font.name;
    in
    lib.mkIf (config.gui.enable && config.wezterm.enable) {
      # Set the Rofi-Systemd terminal for viewing logs
      # Using optionalAttrs because only available in NixOS
      environment =
        { }
        // lib.attrsets.optionalAttrs (builtins.hasAttr "sessionVariables" config.environment) {
          sessionVariables.ROFI_SYSTEMD_TERM = "${pkgs.wezterm}/bin/wezterm";
        };
      home-manager.users.${config.user} = {
        # Set the i3 terminal
        xsession.windowManager.i3.config.terminal = lib.mkIf pkgs.stdenv.isLinux "wezterm";
        # Set the Rofi terminal for running programs
        programs.rofi.terminal = lib.mkIf pkgs.stdenv.isLinux "${pkgs.wezterm}/bin/wezterm";
        # Display images in the terminal
        programs.fish.shellAliases = {
          icat = lib.mkForce "wezterm imgcat";
        };
        programs.wezterm = {
          enable = true;
          colorSchemes = {
            myTheme = {
              background = config.theme.colors.base00;
              foreground = config.theme.colors.base05;
              cursor_bg = config.theme.colors.base05;
              cursor_fg = config.theme.colors.base00;
              cursor_border = config.theme.colors.base05;
              selection_bg = config.theme.colors.base05;
              selection_fg = config.theme.colors.base00;
              scrollbar_thumb = config.theme.colors.base03;
              ansi = [
                config.theme.colors.base01 # black
                config.theme.colors.base0F # maroon
                config.theme.colors.base0B # green
                config.theme.colors.base0A # olive
                config.theme.colors.base0D # navy
                config.theme.colors.base0E # purple
                config.theme.colors.base0C # teal
                config.theme.colors.base06 # silver
              ];
              brights = [
                config.theme.colors.base03 # grey
                config.theme.colors.base08 # red
                config.theme.colors.base0B # lime
                config.theme.colors.base0A # yellow
                config.theme.colors.base0D # blue
                config.theme.colors.base0E # fuchsia
                config.theme.colors.base0C # aqua
                config.theme.colors.base07 # white
              ];
              compose_cursor = config.theme.colors.base09; # orange
              copy_mode_active_highlight_bg = {
                Color = config.theme.colors.base03;
              };
              copy_mode_active_highlight_fg = {
                Color = config.theme.colors.base07;
              };
              copy_mode_inactive_highlight_bg = {
                Color = config.theme.colors.base02;
              };
              copy_mode_inactive_highlight_fg = {
                Color = config.theme.colors.base06;
              };
              quick_select_label_bg = {
                Color = config.theme.colors.base02;
              };
              quick_select_label_fg = {
                Color = config.theme.colors.base06;
              };
              quick_select_match_bg = {
                Color = config.theme.colors.base03;
              };
              quick_select_match_fg = {
                Color = config.theme.colors.base07;
              };
            };
          };
          extraConfig = ''
            return {
                color_scheme = "myTheme",
                -- Scrollback
                scrollback_lines = 10000,
                -- Window
                window_padding = {
                  left = 10,
                  right = 10,
                  top = 10,
                  bottom = 10,
                },
                font = wezterm.font('${font}', { weight = 'Bold'}),
                font_size = ${if pkgs.stdenv.isLinux then "14.0" else "18.0"},
                -- Tab Bar
                hide_tab_bar_if_only_one_tab = true,
                window_frame = {
                  font = wezterm.font('${font}', { weight = 'Bold'}),
                  font_size = ${if pkgs.stdenv.isLinux then "12.0" else "16.0"},
                },
                colors = {
                  tab_bar = {
                    active_tab = {
                      bg_color = '${config.theme.colors.base00}',
                      fg_color = '${config.theme.colors.base04}',
                    },
                  },
                },
                -- Disable audio
                audible_bell = "Disabled",
                initial_rows = 80,
                initial_cols = 200,
                keys = {
                  -- sends completion string for fish autosuggestions
                  {
                    key = 'Enter',
                    mods = 'SHIFT',
                    action = wezterm.action.SendString '\x1F'
                  },
                  -- ctrl-shift-h was "hide"
                  {
                    key = 'H',
                    mods = 'SHIFT|CTRL',
                    action = wezterm.action.DisableDefaultAssignment
                  },
                  -- alt-enter was "fullscreen"
                  {
                    key = 'Enter',
                    mods = 'ALT',
                    action = wezterm.action.DisableDefaultAssignment
                  },
                  -- make super-f "fullscreen"
                  {
                    key = 'f',
                    mods = 'SUPER',
                    action = wezterm.action.ToggleFullScreen
                  },
                  -- super-t open new tab in new dir
                  {
                    key = 't',
                    mods = 'SUPER',
                    action = wezterm.action.SpawnCommandInNewTab {
                      cwd = wezterm.home_dir,
                    },
                  },
                  -- shift-super-t open new tab in same dir
                  {
                    key = 't',
                    mods = 'SUPER|SHIFT',
                    action = wezterm.action.SpawnTab 'CurrentPaneDomain'
                  },
                  -- project switcher
                  {
                     key = 'P',
                     mods = 'SUPER',
                     action = wezterm.action_callback(function(window, pane)
                       local choices = {}
                       wezterm.log_info "working?"
                       function scandir(directory)
                           local i, t, popen = 0, {}, io.popen
                           local pfile = popen('${pkgs.fd}/bin/fd --search-path "'..directory..'" --type directory --exact-depth 2 | ${pkgs.proximity-sort}/bin/proximity-sort "'..os.getenv("HOME").."/dev/work"..'"')
                           for filename in pfile:lines() do
                               i = i + 1
                               t[i] = filename
                           end
                           pfile:close()
                           return t
                       end
                       for _, v in pairs(scandir(os.getenv("HOME").."/dev")) do
                         table.insert(choices, { label = v })
                       end
                       window:perform_action(
                         wezterm.action.InputSelector {
                           action = wezterm.action_callback(function(window, pane, id, label)
                             if not id and not label then
                               wezterm.log_info "cancelled"
                             else
                               window:perform_action(
                                 wezterm.action.SpawnCommandInNewTab {
                                   cwd = label,
                                 },
                                 pane
                               )
                             end
                           end),
                           fuzzy = true,
                           title = "Select Project",
                           choices = choices,
                         },
                         pane
                       )
                     end),
                  },
                },
            }
          '';
        };
      };
    };
 }
--- a/modules/common/applications/yt-dlp.nix
+++ b/modules/common/applications/yt-dlp.nix
@@ -1,38 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options = {
    yt-dlp = {
      enable = lib.mkEnableOption {
        description = "Enable YouTube downloader.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.yt-dlp.enable) {
    home-manager.users.${config.user} = {
      programs.yt-dlp = {
        enable = true;
        extraConfig = "";
        settings = {
          no-continue = true; # Always re-download each fragment
          no-overwrites = true; # Don't overwrite existing files
          download-archive = "archive.log"; # Log of archives
          embed-metadata = true;
          embed-thumbnail = true;
          embed-subs = true;
          sub-langs = "en.*";
          concurrent-fragments = 4; # Parallel download chunks
        };
      };
      programs.fish.shellAbbrs.yt = "yt-dlp";
    };
  };
 }
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@@ -1,168 +0,0 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [
    ./applications
    ./mail
    ./neovim
    ./programming
    ./repositories
    ./shell
  ];
  options = {
    user = lib.mkOption {
      type = lib.types.str;
      description = "Primary user of the system";
    };
    fullName = lib.mkOption {
      type = lib.types.str;
      description = "Human readable name of the user";
    };
    userDirs = {
      # Required to prevent infinite recursion when referenced by himalaya
      download = lib.mkOption {
        type = lib.types.str;
        description = "XDG directory for downloads";
        default = if pkgs.stdenv.isDarwin then "$HOME/Downloads" else "$HOME/downloads";
      };
    };
    identityFile = lib.mkOption {
      type = lib.types.str;
      description = "Path to existing private key file.";
      default = "/etc/ssh/ssh_host_ed25519_key";
    };
    gui = {
      enable = lib.mkEnableOption {
        description = "Enable graphics.";
        default = false;
      };
    };
    theme = {
      colors = lib.mkOption {
        type = lib.types.attrs;
        description = "Base16 color scheme.";
        default = (import ../colorscheme/gruvbox).dark;
      };
      dark = lib.mkOption {
        type = lib.types.bool;
        description = "Enable dark mode.";
        default = true;
      };
    };
    homePath = lib.mkOption {
      type = lib.types.path;
      description = "Path of user's home directory.";
      default = builtins.toPath (
        if pkgs.stdenv.isDarwin then "/Users/${config.user}" else "/home/${config.user}"
      );
    };
    dotfilesPath = lib.mkOption {
      type = lib.types.path;
      description = "Path of dotfiles repository.";
      default = config.homePath + "/dev/personal/dotfiles";
    };
    dotfilesRepo = lib.mkOption {
      type = lib.types.str;
      description = "Link to dotfiles repository HTTPS URL.";
    };
    unfreePackages = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      description = "List of unfree packages to allow.";
      default = [ ];
    };
    hostnames = {
      git = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for git server (Gitea).";
      };
      metrics = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for metrics server.";
      };
      minecraft = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for Minecraft server.";
      };
      paperless = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for document server (paperless-ngx).";
      };
      prometheus = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for Prometheus server.";
      };
      influxdb = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for InfluxDB2 server.";
      };
      secrets = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for passwords and secrets (Vaultwarden).";
      };
      stream = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for video/media library (Jellyfin).";
      };
      content = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for personal content system (Nextcloud).";
      };
      books = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for books library (Calibre-Web).";
      };
      download = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for download services.";
      };
      irc = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for IRC services.";
      };
      n8n = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for n8n automation.";
      };
      transmission = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for peer2peer downloads (Transmission).";
      };
    };
  };
  config =
    let
      stateVersion = "23.05";
    in
    {
      # Basic common system packages for all devices
      environment.systemPackages = with pkgs; [
        git
        vim
        wget
        curl
      ];
      # Use the system-level nixpkgs instead of Home Manager's
      home-manager.useGlobalPkgs = true;
      # Install packages to /etc/profiles instead of ~/.nix-profile, useful when
      # using multiple profiles for one user
      home-manager.useUserPackages = true;
      # Allow specified unfree packages (identified elsewhere)
      # Retrieves package object based on string name
      nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.unfreePackages;
      # Pin a state version to prevent warnings
      home-manager.users.${config.user}.home.stateVersion = stateVersion;
      home-manager.users.root.home.stateVersion = stateVersion;
    };
 }
--- a/modules/common/mail/aerc.nix
+++ b/modules/common/mail/aerc.nix
@@ -1,220 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options.mail.aerc.enable = lib.mkEnableOption "Aerc email.";
  config = lib.mkIf config.mail.aerc.enable {
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [
        w3m # Render HTML
        dante # Socksify for rendering HTML
      ];
      programs.aerc = {
        enable = true;
        extraBinds = {
          # Binds are of the form <key sequence> = <command to run>
          # To use '=' in a key sequence, substitute it with "Eq": "<Ctrl+Eq>"
          # If you wish to bind #, you can wrap the key sequence in quotes: "#" = quit
          global = {
            "<C-p>" = ":prev-tab<Enter>";
            "<C-n>" = ":next-tab <Enter>";
            "<C-t>" = ":term<Enter>";
            "?" = ":help keys<Enter>";
          };
          messages = {
            q = ":quit<Enter>";
            j = ":next <Enter>";
            "<Down>" = ":next<Enter>";
            "<C-d>" = ":next 50%<Enter>";
            "<C-f>" = ":next 100%<Enter>";
            "<PgDn>" = ":next 100%<Enter>";
            k = ":prev <Enter>";
            "<Up>" = ":prev<Enter>";
            "<C-u>" = ":prev 50%<Enter>";
            "<C-b>" = ":prev 100%<Enter>";
            "<PgUp>" = ":prev 100%<Enter>";
            g = ":select 0 <Enter>";
            G = ":select -1<Enter>";
            J = ":next-folder <Enter>";
            K = ":prev-folder<Enter>";
            H = ":collapse-folder<Enter>";
            L = ":expand-folder<Enter>";
            v = ":mark -t<Enter>";
            V = ":mark -v<Enter>";
            T = ":toggle-threads<Enter>";
            "<Enter>" = ":view<Enter>";
            d = ":prompt 'Really delete this message?' 'delete-message'<Enter>";
            D = ":move Trash<Enter>";
            A = ":archive flat<Enter>";
            C = ":compose<Enter>";
            rr = ":reply -a<Enter>";
            rq = ":reply -aq<Enter>";
            Rr = ":reply<Enter>";
            Rq = ":reply -q<Enter>";
            c = ":cf<space>";
            "$" = ":term<space>";
            "!" = ":term<space>";
            "|" = ":pipe<space>";
            "/" = ":search<space>-a<space>";
            "\\" = ":filter <space>";
            n = ":next-result<Enter>";
            N = ":prev-result<Enter>";
            "<Esc>" = ":clear<Enter>";
          };
          "messages:folder=Drafts" = {
            "<Enter>" = ":recall<Enter>";
          };
          view = {
            "/" = ":toggle-key-passthrough <Enter> /";
            q = ":close<Enter>";
            O = ":open<Enter>";
            S = ":save<space>";
            "|" = ":pipe<space>";
            D = ":move Trash<Enter>";
            A = ":archive flat<Enter>";
            "<C-l>" = ":open-link <space>";
            f = ":forward <Enter>";
            rr = ":reply -a<Enter>";
            rq = ":reply -aq<Enter>";
            Rr = ":reply<Enter>";
            Rq = ":reply -q<Enter>";
            H = ":toggle-headers<Enter>";
            "<C-k>" = ":prev-part<Enter>";
            "<C-j>" = ":next-part<Enter>";
            J = ":next <Enter>";
            K = ":prev<Enter>";
          };
          "view::passthrough" = {
            "$noinherit" = "true";
            "$ex" = "<C-x>";
            "<Esc>" = ":toggle-key-passthrough<Enter>";
          };
          compose = {
            # Keybindings used when the embedded terminal is not selected in the compose
            # view
            "$noinherit" = "true";
            "$ex" = "<C-x>";
            "<C-k>" = ":prev-field<Enter>";
            "<C-j>" = ":next-field<Enter>";
            "<A-p>" = ":switch-account -p<Enter>";
            "<A-n>" = ":switch-account -n<Enter>";
            "<tab>" = ":next-field<Enter>";
            "<C-p>" = ":prev-tab<Enter>";
            "<C-n>" = ":next-tab<Enter>";
          };
          "compose::editor" = {
            # Keybindings used when the embedded terminal is selected in the compose view
            "$noinherit" = "true";
            "$ex" = "<C-x>";
            "<C-k>" = ":prev-field<Enter>";
            "<C-j>" = ":next-field<Enter>";
            "<C-p>" = ":prev-tab<Enter>";
            "<C-n>" = ":next-tab<Enter>";
          };
          "compose::review" = {
            # Keybindings used when reviewing a message to be sent
            y = ":send <Enter>";
            n = ":abort<Enter>";
            p = ":postpone<Enter>";
            q = ":choose -o d discard abort -o p postpone postpone<Enter>";
            e = ":edit<Enter>";
            a = ":attach<space>";
            d = ":detach<space>";
          };
          terminal = {
            "$noinherit" = "true";
            "$ex" = "<C-x>";
            "<C-p>" = ":prev-tab<Enter>";
            "<C-n>" = ":next-tab<Enter>";
          };
        };
        extraConfig = {
          general = {
            unsafe-accounts-conf = true;
            # log-file = "~/.cache/aerc.log";
            # log-level = "debug";
          };
          viewer = {
            pager = "${pkgs.less}/bin/less -R";
          };
          filters = {
            "text/plain" = "${pkgs.aerc}/libexec/aerc/filters/colorize";
            "text/calendar" = "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/libexec/aerc/filters/calendar";
            "text/html" = "${pkgs.aerc}/libexec/aerc/filters/html | ${pkgs.aerc}/libexec/aerc/filters/colorize"; # Requires w3m, dante
            # "text/*" =
            #   ''${pkgs.bat}/bin/bat -fP --file-name="$AERC_FILENAME "'';
            "message/delivery-status" = "${pkgs.aerc}/libexec/aerc/filters/colorize";
            "message/rfc822" = "${pkgs.aerc}/libexec/aerc/filters/colorize";
            "application/x-sh" = "${pkgs.bat}/bin/bat -fP -l sh";
            "application/pdf" = "${pkgs.zathura}/bin/zathura -";
            "audio/*" = "${pkgs.mpv}/bin/mpv -";
            "image/*" = "${pkgs.feh}/bin/feh -";
          };
        };
      };
      accounts.email.accounts.home.aerc = {
        enable = true;
        extraAccounts = {
          check-mail = "5m";
          check-mail-cmd = "${pkgs.isync}/bin/mbsync -a";
          check-mail-timeout = "15s";
        };
      };
      xdg.desktopEntries.aerc = lib.mkIf pkgs.stdenv.isLinux {
        name = "aerc";
        exec = "kitty aerc %u";
      };
      xsession.windowManager.i3.config.keybindings = lib.mkIf pkgs.stdenv.isLinux {
        "${
          config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier
        }+Shift+e" = "exec ${
          # Don't name the script `aerc` or it will affect grep
          builtins.toString (
            pkgs.writeShellScript "focus-mail.sh" ''
              count=$(ps aux | grep -c aerc)
              if [ "$count" -eq 1 ]; then
                  i3-msg "exec --no-startup-id kitty --class aerc aerc"
                  sleep 0.25
              fi
              i3-msg "[class=aerc] focus"
            ''
          )
        }";
      };
      programs.fish.shellAbbrs = {
        ae = "aerc";
      };
    };
  };
 }
--- a/modules/common/mail/default.nix
+++ b/modules/common/mail/default.nix
@@ -1,139 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  imports = [
    ./himalaya.nix
    ./aerc.nix
    ./system.nix
  ];
  options = {
    mail.enable = lib.mkEnableOption "Mail service.";
    mail.user = lib.mkOption {
      type = lib.types.str;
      description = "User name for the email address.";
      default = config.user;
    };
    mail.server = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
      description = "Server name for the email address.";
    };
    mail.imapHost = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
      description = "Server host for IMAP (reading mail).";
    };
    mail.smtpHost = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
      description = "Server host for SMTP (sending mail).";
    };
  };
  config = lib.mkIf config.mail.enable {
    home-manager.users.${config.user} = {
      programs.mbsync = {
        enable = true;
      };
      # Automatically check for mail and keep files synced locally
      services.mbsync = lib.mkIf pkgs.stdenv.isLinux {
        enable = true;
        frequency = "*:0/5";
        postExec = "${pkgs.notmuch}/bin/notmuch new";
      };
      # Used to watch for new mail and trigger sync
      services.imapnotify.enable = pkgs.stdenv.isLinux;
      # Allows sending email from CLI/sendmail
      programs.msmtp.enable = true;
      # Better local mail search
      programs.notmuch = {
        enable = true;
        new.ignore = [
          ".mbsyncstate.lock"
          ".mbsyncstate.journal"
          ".mbsyncstate.new"
        ];
      };
      accounts.email = {
        # Where email files are stored
        maildirBasePath = "${config.homePath}/mail";
        accounts = {
          home =
            let
              address = "${config.mail.user}@${config.mail.server}";
            in
            {
              userName = address;
              realName = config.fullName;
              primary = true;
              inherit address;
              aliases = map (user: "${user}@${config.mail.server}") [
                "me"
                "hey"
                "admin"
              ];
              # Options for contact completion
              alot = { };
              imap = {
                host = config.mail.imapHost;
                port = 993;
                tls.enable = true;
              };
              # Watch for mail and run notifications or sync
              imapnotify = {
                enable = true;
                boxes = [ "Inbox" ];
                onNotify = "${pkgs.isync}/bin/mbsync -a";
                onNotifyPost =
                  lib.mkIf config.home-manager.users.${config.user}.services.dunst.enable
                    "${pkgs.libnotify}/bin/notify-send 'New mail arrived'";
              };
              # Name of the directory in maildir for this account
              maildir = {
                path = "main";
              };
              # Bi-directional syncing options for local files
              mbsync = {
                enable = true;
                create = "both";
                expunge = "both";
                remove = "both";
                patterns = [ "*" ];
                extraConfig.channel = {
                  CopyArrivalDate = "yes"; # Sync time of original message
                };
              };
              # Enable indexing
              notmuch.enable = true;
              # Used to login and send and receive emails
              passwordCommand = "${pkgs.age}/bin/age --decrypt --identity ~/.ssh/id_ed25519 ${pkgs.writeText "mailpass.age" (builtins.readFile ../../../private/mailpass.age)}";
              smtp = {
                host = config.mail.smtpHost;
                port = 465;
                tls.enable = true;
              };
            };
        };
      };
    };
  };
 }
--- a/modules/common/mail/himalaya.nix
+++ b/modules/common/mail/himalaya.nix
@@ -1,26 +0,0 @@
 { config, lib, ... }:
 {
  options.mail.himalaya.enable = lib.mkEnableOption "Himalaya email.";
  config = lib.mkIf config.mail.himalaya.enable {
    home-manager.users.${config.user} = {
      programs.himalaya = {
        enable = true;
      };
      accounts.email.accounts.home.himalaya = {
        enable = true;
        settings = {
          downloads-dir = config.userDirs.download;
          smtp-insecure = true;
        };
      };
      programs.fish.shellAbbrs = {
        hi = "himalaya";
      };
    };
  };
 }
--- a/modules/common/mail/system.nix
+++ b/modules/common/mail/system.nix
@@ -1,35 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  config = lib.mkIf (config.mail.enable || config.server) {
    home-manager.users.${config.user} = {
      programs.msmtp.enable = true;
      # The system user for sending automatic notifications
      accounts.email.accounts.system =
        let
          address = "system@${config.mail.server}";
        in
        {
          userName = address;
          realName = "NixOS System";
          primary = !config.mail.enable; # Only primary if mail not enabled
          inherit address;
          passwordCommand = "${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${pkgs.writeText "mailpass-system.age" (builtins.readFile ../../../private/mailpass-system.age)}";
          msmtp.enable = true;
          smtp = {
            host = config.mail.smtpHost;
            port = 465;
            tls.enable = true;
          };
        };
    };
  };
 }
--- a/modules/common/neovim/config/colors.nix
+++ b/modules/common/neovim/config/colors.nix
@@ -1,27 +0,0 @@
 {
  pkgs,
  lib,
  config,
  ...
 }:
 {
  # Sets Neovim colors based on Nix colorscheme
  options.colors = lib.mkOption {
    type = lib.types.attrsOf lib.types.str;
    description = "Attrset of base16 colorscheme key value pairs.";
  };
  config = {
    plugins = [ pkgs.vimPlugins.base16-nvim ];
    setup.base16-colorscheme = config.colors;
    # Telescope isn't working, shut off for now
    lua = ''
      require('base16-colorscheme').with_config {
          telescope = false,
      }
    '';
  };
 }
--- a/modules/common/neovim/default.nix
+++ b/modules/common/neovim/default.nix
@@ -1,67 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 let
  neovim = import ./package {
    inherit pkgs;
    colors = config.theme.colors;
    terraform = config.terraform.enable;
    github = true;
    kubernetes = config.kubernetes.enable;
  };
 in
 {
  options.neovim.enable = lib.mkEnableOption "Neovim.";
  config = lib.mkIf config.neovim.enable {
    home-manager.users.${config.user} =
      {
        home.packages = [ neovim ];
        # Use Neovim as the editor for git commit messages
        programs.git.extraConfig.core.editor = "nvim";
        programs.jujutsu.settings.ui.editor = "nvim";
        # Set Neovim as the default app for text editing and manual pages
        home.sessionVariables = {
          EDITOR = "nvim";
          MANPAGER = "nvim +Man!";
        };
        # Create quick aliases for launching Neovim
        programs.fish = {
          shellAliases = {
            vim = "nvim";
          };
          shellAbbrs = {
            v = lib.mkForce "nvim";
            vl = lib.mkForce "nvim -c 'normal! `0' -c 'bdelete 1'";
            vll = "nvim -c 'Telescope oldfiles'";
          };
        };
        # Create a desktop option for launching Neovim from a file manager
        # (Requires launching the terminal and then executing Neovim)
        xdg.desktopEntries.nvim = lib.mkIf pkgs.stdenv.isLinux {
          name = "Neovim wrapper";
          exec = "kitty nvim %F";
          mimeType = [
            "text/plain"
            "text/markdown"
          ];
        };
        xdg.mimeApps.defaultApplications = lib.mkIf pkgs.stdenv.isLinux {
          "text/plain" = [ "nvim.desktop" ];
          "text/markdown" = [ "nvim.desktop" ];
        };
      };
  };
 }
--- a/modules/common/programming/default.nix
+++ b/modules/common/programming/default.nix
@@ -1,12 +0,0 @@
 { ... }:
 {
  imports = [
    ./haskell.nix
    ./kubernetes.nix
    ./lua.nix
    ./python.nix
    ./rust.nix
    ./terraform.nix
  ];
 }
--- a/modules/common/programming/kubernetes.nix
+++ b/modules/common/programming/kubernetes.nix
@@ -1,164 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options.kubernetes.enable = lib.mkEnableOption "Kubernetes tools.";
  config = lib.mkIf config.kubernetes.enable {
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [
        kubectl # Basic Kubernetes queries
        kubernetes-helm # Helm CLI
        fluxcd # Bootstrap clusters with Flux
        kustomize # Kustomize CLI (for Flux)
      ];
      programs.fish.shellAbbrs = {
        k = "kubectl";
        pods = "kubectl get pods -A";
        nodes = "kubectl get nodes";
        deploys = "kubectl get deployments -A";
        dash = "kube-dashboard";
        ks = "k9s";
      };
      # Terminal Kubernetes UI
      programs.k9s = {
        enable = true;
        settings = {
          k9s = {
            ui = {
              enableMouse = true;
              headless = true;
              logoless = true;
              crumbsless = false;
              skin = "main";
            };
          };
        };
        skins = {
          main = {
            k9s = {
              body = {
                fgColor = config.theme.colors.base06;
                bgColor = "default";
                logoColor = config.theme.colors.base02; # *blue ?
              };
              # Search bar
              prompt = {
                fgColor = config.theme.colors.base06;
                bgColor = "default";
                suggestColor = config.theme.colors.base03;
              };
              # Header left side
              info = {
                fgColor = config.theme.colors.base04;
                sectionColor = config.theme.colors.base05;
              };
              dialog = {
                fgColor = config.theme.colors.base06;
                bgColor = "default";
                buttonFgColor = config.theme.colors.base06;
                buttonBgColor = config.theme.colors.base0E;
                buttonFocusFgColor = config.theme.colors.base07;
                buttonFocusBgColor = config.theme.colors.base02; # *cyan
                labelFgColor = config.theme.colors.base09;
                fieldFgColor = config.theme.colors.base06;
              };
              frame = {
                border = {
                  fgColor = config.theme.colors.base01;
                  focusColor = config.theme.colors.base06;
                };
                menu = {
                  fgColor = config.theme.colors.base06;
                  keyColor = config.theme.colors.base0E; # *magenta
                  numKeyColor = config.theme.colors.base0E; # *magenta
                };
                crumbs = {
                  fgColor = config.theme.colors.base06;
                  bgColor = config.theme.colors.base01;
                  activeColor = config.theme.colors.base03;
                };
                status = {
                  newColor = config.theme.colors.base04; # *cyan
                  modifyColor = config.theme.colors.base0D; # *blue
                  addColor = config.theme.colors.base0B; # *green
                  errorColor = config.theme.colors.base08; # *red
                  highlightColor = config.theme.colors.base09; # *orange
                  killColor = config.theme.colors.base03; # *comment
                  completedColor = config.theme.colors.base03; # *comment
                };
                title = {
                  fgColor = config.theme.colors.base06;
                  bgColor = "default";
                  highlightColor = config.theme.colors.base09; # *orange
                  counterColor = config.theme.colors.base0D; # *blue
                  filterColor = config.theme.colors.base0E; # *magenta
                };
              };
              views = {
                charts = {
                  bgColor = "default";
                  defaultDialColors = [
                    config.theme.colors.base0D
                    config.theme.colors.base08
                  ];
                  # - *blue
                  # - *red
                  defaultChartColors = [
                    config.theme.colors.base0D
                    config.theme.colors.base08
                  ];
                  # - *blue
                  # - *red
                };
                table = {
                  # List of resources
                  fgColor = config.theme.colors.base06;
                  bgColor = "default";
                  # Row selection
                  cursorFgColor = config.theme.colors.base07;
                  cursorBgColor = config.theme.colors.base01;
                  # Header row
                  header = {
                    fgColor = config.theme.colors.base0D;
                    bgColor = "default";
                    sorterColor = config.theme.colors.base0A; # *selection
                  };
                };
                xray = {
                  fgColor = config.theme.colors.base06;
                  bgColor = "default";
                  cursorColor = config.theme.colors.base06;
                  graphicColor = config.theme.colors.base0D;
                  showIcons = false;
                };
                yaml = {
                  keyColor = config.theme.colors.base0D;
                  colonColor = config.theme.colors.base04;
                  fgColor = config.theme.colors.base03;
                };
                logs = {
                  fgColor = config.theme.colors.base06;
                  bgColor = "default";
                  indicator = {
                    fgColor = config.theme.colors.base06;
                    bgColor = "default";
                  };
                };
              };
            };
          };
        };
      };
    };
  };
 }
--- a/modules/common/programming/lua.nix
+++ b/modules/common/programming/lua.nix
@@ -1,17 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options.lua.enable = lib.mkEnableOption "Lua programming language.";
  config = lib.mkIf config.lua.enable {
    home-manager.users.${config.user}.home.packages = with pkgs; [
      stylua # Lua formatter
      sumneko-lua-language-server # Lua LSP
    ];
  };
 }
--- a/modules/common/programming/python.nix
+++ b/modules/common/programming/python.nix
@@ -1,27 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options.python.enable = lib.mkEnableOption "Python programming language.";
  config = lib.mkIf config.python.enable {
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [
        # python310 # Standard Python interpreter
        pyright # Python language server
        black # Python formatter
        python310Packages.flake8 # Python linter
      ];
      programs.fish.shellAbbrs = {
        py = "python3";
      };
    };
  };
 }
--- a/modules/common/programming/rust.nix
+++ b/modules/common/programming/rust.nix
@@ -1,27 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options.rust.enable = lib.mkEnableOption "Rust programming language.";
  config = lib.mkIf config.rust.enable {
    home-manager.users.${config.user} = {
      programs.fish.shellAbbrs = {
        ca = "cargo";
      };
      home.packages = with pkgs; [
        cargo
        rustc
        clippy
        gcc
      ];
    };
  };
 }
--- a/modules/common/programming/terraform.nix
+++ b/modules/common/programming/terraform.nix
@@ -1,26 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  options.terraform.enable = lib.mkEnableOption "Terraform tools.";
  config = lib.mkIf config.terraform.enable {
    unfreePackages = [ "terraform" ];
    home-manager.users.${config.user} = {
      programs.fish.shellAbbrs = {
        # Terraform
        te = "terraform";
      };
      home.packages = with pkgs; [
        terraform # Terraform executable
        terraform-ls # Language server
        tflint # Linter
      ];
    };
  };
 }
--- a/modules/common/repositories/default.nix
+++ b/modules/common/repositories/default.nix
@@ -1,8 +0,0 @@
 { ... }:
 {
  imports = [
    ./dotfiles.nix
    ./notes.nix
  ];
 }
--- a/modules/common/repositories/dotfiles.nix
+++ b/modules/common/repositories/dotfiles.nix
@@ -1,33 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  # Allows me to make sure I can work on my dotfiles locally
  options.dotfiles.enable = lib.mkEnableOption "Clone dotfiles.";
  config = lib.mkIf config.dotfiles.enable {
    home-manager.users.${config.user} = {
      home.activation = {
        # Always clone dotfiles repository if it doesn't exist
        cloneDotfiles = config.home-manager.users.${config.user}.lib.dag.entryAfter [ "writeBoundary" ] ''
          if [ ! -d "${config.dotfilesPath}" ]; then
              $DRY_RUN_CMD mkdir --parents $VERBOSE_ARG $(dirname "${config.dotfilesPath}")
              $DRY_RUN_CMD ${pkgs.git}/bin/git \
                  clone ${config.dotfilesRepo} "${config.dotfilesPath}"
          fi
        '';
      };
      # Set a variable for dotfiles repo, not necessary but convenient
      home.sessionVariables.DOTS = config.dotfilesPath;
    };
  };
 }
--- a/modules/common/repositories/notes.nix
+++ b/modules/common/repositories/notes.nix
@@ -1,36 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  # This is just a placeholder as I expect to interact with my notes in a
  # certain location
  home-manager.users.${config.user} = {
    home.sessionVariables = {
      NOTES_PATH = "${config.homePath}/dev/personal/notes/content";
    };
    # Sync notes for Nextcloud automatically
    systemd.user.timers.refresh-notes = lib.mkIf config.services.nextcloud.enable {
      Timer = {
        OnCalendar = "*-*-* *:0/10:50"; # Every 10 minutes
        Unit = "refresh-notes.service";
      };
    };
    systemd.user.services.refresh-notes = {
      Unit.Description = "Get latest notes.";
      Service = {
        Type = "oneshot";
        ExecStartPre = "${pkgs.git}/bin/git -C /data/git/notes reset --hard master";
        ExecStart = "${pkgs.git}/bin/git -C /data/git/notes pull";
        WorkingDirectory = config.homePath;
        Environment = "PATH=${pkgs.openssh}/bin";
      };
    };
  };
 }
--- a/modules/common/shell/atuin.nix
+++ b/modules/common/shell/atuin.nix
@@ -1,39 +0,0 @@
 { config, lib, ... }:
 {
  # Shell history sync
  options.atuin.enable = lib.mkEnableOption "Atuin";
  config = {
    home-manager.users.${config.user} = lib.mkIf config.atuin.enable {
      programs.atuin = {
        enable = true;
        flags = [
          "--disable-up-arrow"
          "--disable-ctrl-r"
        ];
        settings = {
          auto_sync = true;
          update_check = false;
          sync_address = "https://api.atuin.sh";
          search_mode = "fuzzy";
          filter_mode = "host"; # global, host, session, directory
          search_mode_shell_up_key_binding = "fuzzy";
          filter_mode_shell_up_key_binding = "session";
          style = "compact"; # or auto,full
          show_help = true;
          history_filter = [ ];
          secrets_filter = true;
          enter_accept = false;
          keymap_mode = "vim-normal";
        };
      };
    };
    # Give root user the same setup
    home-manager.users.root.programs.atuin = config.home-manager.users.${config.user}.programs.atuin;
  };
 }
--- a/modules/common/shell/bash/default.nix
+++ b/modules/common/shell/bash/default.nix
@@ -1,24 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  config = {
    home-manager.users.${config.user} = {
      programs.bash = {
        enable = true;
        shellAliases = config.home-manager.users.${config.user}.programs.fish.shellAliases;
        initExtra = "";
        profileExtra = "";
      };
      programs.starship.enableBashIntegration = false;
      programs.zoxide.enableBashIntegration = true;
      programs.fzf.enableBashIntegration = true;
    };
  };
 }
--- a/modules/common/shell/charm.nix
+++ b/modules/common/shell/charm.nix
@@ -1,22 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  # Convenience utilities from charm.sh
  options.charm.enable = lib.mkEnableOption "Charm utilities.";
  config.home-manager.users.${config.user} = lib.mkIf config.charm.enable {
    home.packages = with pkgs; [
      glow # Markdown previews
      skate # Key-value store
      charm # Manage account and filesystem
      pop # Send emails from a TUI
    ];
  };
 }
--- a/modules/common/shell/default.nix
+++ b/modules/common/shell/default.nix
@@ -1,18 +0,0 @@
 { ... }:
 {
  imports = [
    ./atuin.nix
    ./bash
    ./charm.nix
    ./direnv.nix
    ./fish
    ./fzf.nix
    ./git.nix
    ./github.nix
    ./jujutsu.nix
    ./nixpkgs.nix
    ./starship.nix
    ./utilities.nix
    ./work.nix
  ];
 }
--- a/modules/common/shell/direnv.nix
+++ b/modules/common/shell/direnv.nix
@@ -1,36 +0,0 @@
 { config, ... }:
 {
  # Enables quickly entering Nix shells when changing directories
  home-manager.users.${config.user}.programs.direnv = {
    enable = true;
    nix-direnv.enable = true;
    config = {
      whitelist = {
        prefix = [ config.dotfilesPath ];
      };
    };
  };
  # programs.direnv.direnvrcExtra = ''
  #   layout_postgres() {
  #       export PGDATA="$(direnv_layout_dir)/postgres"
  #       export PGHOST="$PGDATA"
  #
  #       if [[ ! -d "PGDATA" ]]; then
  #           initdb
  #           cat >> "$PGDATA/postgres.conf" <<- EOF
  #                   listen_addresses = '''
  #                   unix_socket_directories = '$PGHOST'
  #           EOF
  #           echo "CREATE DATABASE $USER;" | postgres --single -E postgres
  #       fi
  #   }
  # '';
  # Prevent garbage collection
  nix.extraOptions = ''
    keep-outputs = true
    keep-derivations = true
  '';
 }
--- a/modules/common/shell/fish/functions/edit.fish
+++ b/modules/common/shell/fish/functions/edit.fish
@@ -1,4 +0,0 @@
 set vimfile (fzf)
 and set vimfile (echo $vimfile | tr -d '\r')
 and commandline -r "vim $vimfile"
 and commandline -f execute
--- a/modules/common/shell/fish/functions/fish_user_key_bindings.fish
+++ b/modules/common/shell/fish/functions/fish_user_key_bindings.fish
@@ -1,22 +0,0 @@
 bind -M insert \co edit
 bind -M default \co edit
 bind -M insert \cs search-and-edit
 bind -M default \cs search-and-edit
 bind -M insert \ca 'cd ~; and edit; and commandline -a "; cd -"; commandline -f execute'
 bind -M default \ca 'cd ~; and edit; and commandline -a "; cd -"; commandline -f execute'
 bind -M insert \ce recent
 bind -M default \ce recent
 bind -M default \cg commandline-git-commits
 bind -M insert \cg 'commandline -i (git rev-parse --show-toplevel 2>/dev/null || echo ".")'
 bind -M insert \cf fcd
 bind -M default \cf fcd
 bind -M insert \cp projects
 bind -M default \cp projects
 bind -M insert \x1F accept-autosuggestion
 bind -M default \x1F accept-autosuggestion
 bind -M insert \cn 'commandline -r "nix shell nixpkgs#"'
 bind -M default \cn 'commandline -r "nix shell nixpkgs#"'
 bind -M insert \x11F nix-fzf
 bind -M default \x11F nix-fzf
 bind -M insert \ch '_atuin_search --filter-mode global'
 bind -M default \ch '_atuin_search --filter-mode global'
--- a/modules/common/shell/fish/functions/fish_vi_cursor.fish
+++ b/modules/common/shell/fish/functions/fish_vi_cursor.fish
@@ -1,122 +0,0 @@
 #!/usr/local/bin/fish
 function fish_vi_cursor -d 'Set cursor shape for different vi modes'
    # If we're not interactive, there is effectively no bind mode.
    if not status is-interactive
        return
    end
    # This is hard to test in expect, since the exact sequences depend on the environment.
    # Instead disable it.
    if set -q FISH_UNIT_TESTS_RUNNING
        return
    end
    # If this variable is set, skip all checks
    if not set -q fish_vi_force_cursor
        # Emacs Makes All Cursors Suck
        if set -q INSIDE_EMACS
            return
        end
        # vte-based terms set $TERM = xterm*, but only gained support in 2015.
        # From https://bugzilla.gnome.org/show_bug.cgi?id=720821, it appears it was version 0.40.0
        if set -q VTE_VERSION
            and test "$VTE_VERSION" -lt 4000 2>/dev/null
            return
        end
        # Similarly, genuine XTerm can do it since v280.
        if set -q XTERM_VERSION
            and not test (string replace -r "XTerm\((\d+)\)" '$1' -- "$XTERM_VERSION") -ge 280 2>/dev/null
            return
        end
        # We need one of these terms.
        # It would be lovely if we could rely on terminfo, but:
        # - The "Ss" entry isn't a thing in macOS' old and crusty terminfo
        # - It is set for xterm, and everyone and their dog claims to be xterm
        #
        # So we just don't care about $TERM, unless it is one of the few terminals that actually have their own entry.
        #
        # Note: Previous versions also checked $TMUX, and made sure that then $TERM was screen* or tmux*.
        # We don't care, since we *cannot* handle term-in-a-terms 100% correctly.
        if not set -q KONSOLE_PROFILE_NAME
            and not test -n "$KONSOLE_VERSION" -a "$KONSOLE_VERSION" -ge 200400 # konsole, but new.
            and not set -q ITERM_PROFILE
            and not set -q VTE_VERSION # which version is already checked above
            and not set -q WT_PROFILE_ID
            and not set -q XTERM_VERSION
            and not string match -rq '^st(-.*)$' -- $TERM
            and not string match -q 'xterm-kitty*' -- $TERM
            and not string match -q 'rxvt*' -- $TERM
            and not string match -q 'alacritty*' -- $TERM
            return
        end
        # HACK: Explicitly disable on ITERM because of #3696, which is weirdness with multi-line prompts.
        # --force-iterm is now deprecated; set $fish_vi_force_cursor instead
        if contains -- $argv[1] --force-iterm
            set -e argv[1]
        else if set -q ITERM_PROFILE
            return
        end
    end
    set -l terminal $argv[1]
    set -q terminal[1]
    or set terminal auto
    set -l function
    switch "$terminal"
        case auto
            # Nowadays, konsole does not set $KONSOLE_PROFILE_NAME anymore,
            # and it uses the xterm sequences.
            if set -q KONSOLE_PROFILE_NAME
                set function __fish_cursor_konsole
            else if set -q ITERM_PROFILE
                set function __fish_cursor_1337
            else
                set function __fish_cursor_xterm
            end
        case konsole
            set function __fish_cursor_konsole
        case xterm
            set function __fish_cursor_xterm
    end
    set -l tmux_prefix
    set -l tmux_postfix
    if set -q TMUX
        set tmux_prefix echo -ne "'\ePtmux;\e'"
        set tmux_postfix echo -ne "'\e\\\\'"
    end
    set -q fish_cursor_unknown
    or set -g fish_cursor_unknown block blink
    echo "
          function fish_vi_cursor_handle --on-variable fish_bind_mode --on-event fish_postexec --on-event fish_focus_in
              set -l varname fish_cursor_\$fish_bind_mode
              if not set -q \$varname
                set varname fish_cursor_unknown
              end
              $tmux_prefix
              $function \$\$varname
              $tmux_postfix
          end
         " | source
    echo "
          function fish_vi_cursor_handle_preexec --on-event fish_preexec
              set -l varname fish_cursor_default
              if not set -q \$varname
                set varname fish_cursor_unknown
              end
              $tmux_prefix
              $function \$\$varname
              $tmux_postfix
          end
         " | source
 end
--- a/modules/common/shell/fish/functions/recent.fish
+++ b/modules/common/shell/fish/functions/recent.fish
@@ -1,4 +0,0 @@
 set vimfile (fd -t f --exec /usr/bin/stat -f "%m%t%N" | sort -nr | cut -f2 | fzf)
 and set vimfile (echo $vimfile | tr -d '\r')
 and commandline -r "vim $vimfile"
 and commandline -f execute
--- a/modules/common/shell/fish/functions/search-and-edit.fish
+++ b/modules/common/shell/fish/functions/search-and-edit.fish
@@ -1,21 +0,0 @@
 set vimfile ( \
    rg \
      --color=always \
      --line-number \
      --no-heading \
      --smart-case \
      --iglob "!/Library/**" \
      --iglob "!/System/**" \
      --iglob "!Users/$HOME/Library/*" \
      ".*" \
    | fzf --ansi \
        --height "80%" \
        --color "hl:-1:underline,hl+:-1:underline:reverse" \
        --delimiter : \
        --preview 'bat --color=always {1} --highlight-line {2}' \
        --preview-window 'up,60%,border-bottom,+{2}+3/3,~3'
 )
 and set line_number (echo $vimfile | tr -d '\r' | cut -d':' -f2)
 and set vimfile (echo $vimfile | tr -d '\r' | cut -d':' -f1)
 and commandline -r "vim +$line_number $vimfile"
 and commandline -f execute
--- a/modules/common/shell/fzf.nix
+++ b/modules/common/shell/fzf.nix
@@ -1,45 +0,0 @@
 { config, pkgs, ... }:
 {
  # FZF is a fuzzy-finder for the terminal
  home-manager.users.${config.user} = {
    programs.fzf.enable = true;
    programs.fish = {
      functions = {
        projects = {
          description = "Jump to a project";
          body = ''
            set projdir ( \
                fd \
                    --search-path $HOME/dev \
                    --type directory \
                    --exact-depth 2 \
                | ${pkgs.proximity-sort}/bin/proximity-sort $PWD \
                | sed 's/\\/$//' \
                | fzf --tiebreak=index \
            )
            and cd $projdir
            and commandline -f execute
          '';
        };
      };
      shellAbbrs = {
        lsf = "ls -lh | fzf";
      };
    };
    # Global fzf configuration
    home.sessionVariables =
      let
        fzfCommand = "fd --type file";
      in
      {
        FZF_DEFAULT_COMMAND = fzfCommand;
        FZF_CTRL_T_COMMAND = fzfCommand;
        FZF_DEFAULT_OPTS = "-m --height 50% --border";
      };
  };
 }
--- a/modules/common/shell/git.nix
+++ b/modules/common/shell/git.nix
@@ -1,183 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 let
  home-packages = config.home-manager.users.${config.user}.home.packages;
 in
 {
  options = {
    gitName = lib.mkOption {
      type = lib.types.str;
      description = "Name to use for git commits";
    };
    gitEmail = lib.mkOption {
      type = lib.types.str;
      description = "Email to use for git commits";
    };
  };
  config = {
    home-manager.users.root.programs.git = {
      enable = true;
      extraConfig.safe.directory = config.dotfilesPath;
    };
    home-manager.users.${config.user} = {
      programs.git = {
        enable = true;
        userName = config.gitName;
        userEmail = config.gitEmail;
        extraConfig = {
          core.pager = "${pkgs.git}/share/git/contrib/diff-highlight/diff-highlight | less -F";
          interactive.difffilter = "${pkgs.git}/share/git/contrib/diff-highlight/diff-highlight";
          pager = {
            branch = "false";
          };
          safe = {
            directory = config.dotfilesPath;
          };
          pull = {
            ff = "only";
          };
          push = {
            autoSetupRemote = "true";
          };
          init = {
            defaultBranch = "master";
          };
          rebase = {
            autosquash = "true";
          };
          gpg = {
            format = "ssh";
            ssh.allowedSignersFile = "~/.config/git/allowed-signers";
          };
          # commit.gpgsign = true;
          # tag.gpgsign = true;
        };
        ignores = [
          ".direnv/**"
          "result"
        ];
        includes = [
          {
            path = "~/.config/git/personal";
            condition = "gitdir:~/dev/personal/";
          }
        ];
      };
      # Personal git config
      # TODO: fix with variables
      xdg.configFile."git/personal".text = ''
        [user]
            name = "${config.fullName}"
            email = "7386960+nmasur@users.noreply.github.com"
            signingkey = ~/.ssh/id_ed25519
        [commit]
            gpgsign = true
        [tag]
            gpgsign = true
      '';
      xdg.configFile."git/allowed-signers".text = ''
        7386960+nmasur@users.noreply.github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s
      '';
      programs.fish.shellAbbrs = {
        g = "git";
        gs = "git status";
        gd = "git diff";
        gds = "git diff --staged";
        gdp = "git diff HEAD^";
        ga = "git add";
        gaa = "git add -A";
        gac = "git commit -am";
        gc = "git commit -m";
        gca = "git commit --amend --no-edit";
        gcae = "git commit --amend";
        gu = "git pull";
        gp = "git push";
        gl = "git log --graph --decorate --oneline -20";
        gll = "git log --graph --decorate --oneline";
        gco = "git checkout";
        gcom = ''git switch (git symbolic-ref refs/remotes/origin/HEAD | cut -d"/" -f4)'';
        gcob = "git switch -c";
        gb = "git branch";
        gpd = "git push origin -d";
        gbd = "git branch -d";
        gbD = "git branch -D";
        gr = "git reset";
        grh = "git reset --hard";
        gm = "git merge";
        gcp = "git cherry-pick";
        cdg = "cd (git rev-parse --show-toplevel)";
      };
      # Required for fish commands
      home.packages = with pkgs; [
        fish
        fzf
        bat
      ];
      programs.fish.functions =
        lib.mkIf (builtins.elem pkgs.fzf home-packages && builtins.elem pkgs.bat home-packages)
          {
            git = {
              body = builtins.readFile ./fish/functions/git.fish;
            };
            git-add-fuzzy = {
              body = builtins.readFile ./fish/functions/git-add-fuzzy.fish;
            };
            git-fuzzy-branch = {
              argumentNames = "header";
              body = builtins.readFile ./fish/functions/git-fuzzy-branch.fish;
            };
            git-checkout-fuzzy = {
              body = ''
                set branch (git-fuzzy-branch "checkout branch...")
                and git checkout $branch
              '';
            };
            git-delete-fuzzy = {
              body = ''
                set branch (git-fuzzy-branch "delete branch...")
                and git branch -d $branch
              '';
            };
            git-force-delete-fuzzy = {
              body = ''
                set branch (git-fuzzy-branch "force delete branch...")
                and git branch -D $branch
              '';
            };
            git-merge-fuzzy = {
              body = ''
                set branch (git-fuzzy-branch "merge from...")
                and git merge $branch
              '';
            };
            git-show-fuzzy = {
              body = builtins.readFile ./fish/functions/git-show-fuzzy.fish;
            };
            git-commits = {
              body = builtins.readFile ./fish/functions/git-commits.fish;
            };
            git-history = {
              body = builtins.readFile ./fish/functions/git-history.fish;
            };
            uncommitted = {
              description = "Find uncommitted git repos";
              body = builtins.readFile ./fish/functions/uncommitted.fish;
            };
          };
    };
  };
 }
--- a/modules/common/shell/jujutsu.nix
+++ b/modules/common/shell/jujutsu.nix
@@ -1,18 +0,0 @@
 { config, ... }:
 {
  config = {
    home-manager.users.${config.user}.programs.jujutsu = {
      enable = true;
      # https://github.com/martinvonz/jj/blob/main/docs/config.md
      settings = {
        user = {
          name = config.home-manager.users.${config.user}.programs.git.userName;
          email = config.home-manager.users.${config.user}.programs.git.userEmail;
        };
      };
    };
  };
 }
--- a/modules/common/shell/nixpkgs.nix
+++ b/modules/common/shell/nixpkgs.nix
@@ -1,132 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  home-manager.users.${config.user} = {
    programs.fish = {
      shellAbbrs = {
        n = "nix";
        ns = "nix-shell -p";
        nsf = "nix-shell --run fish -p";
        nsr = "nix-shell-run";
        nps = "nix repl '<nixpkgs>'";
        nixo = "man configuration.nix";
        nixh = "man home-configuration.nix";
        nr = "rebuild-nixos";
        nro = "rebuild-nixos offline";
        hm = "rebuild-home";
      };
      functions = {
        nix-shell-run = {
          body = ''
            set program $argv[1]
            if test (count $argv) -ge 2
                commandline -r "nix run nixpkgs#$program -- $argv[2..-1]"
            else
                commandline -r "nix run nixpkgs#$program"
            end
            commandline -f execute
          '';
        };
        nix-fzf = {
          body = ''
            commandline -i (nix-instantiate --eval --json \
              -E 'builtins.attrNames (import <nixpkgs> {})' \
              | jq '.[]' -r | fzf)
            commandline -f repaint
          '';
        };
        rebuild-nixos = {
          body = ''
            if test "$argv[1]" = "offline"
                set option "--option substitute false"
            end
            git -C ${config.dotfilesPath} add --intent-to-add --all
            commandline -r "doas nixos-rebuild switch $option --flake ${config.dotfilesPath}#${config.networking.hostName}"
            commandline --function execute
          '';
        };
        rebuild-home = {
          body = ''
            git -C ${config.dotfilesPath} add --intent-to-add --all
            commandline -r "${pkgs.home-manager}/bin/home-manager switch --flake ${config.dotfilesPath}#${config.networking.hostName}";
            commandline --function execute
          '';
        };
      };
    };
    # Provides "command-not-found" options
    programs.nix-index = {
      enable = true;
      enableFishIntegration = true;
    };
    # Create nix-index if doesn't exist
    home.activation.createNixIndex =
      let
        cacheDir = "${config.homePath}/.cache/nix-index";
      in
      lib.mkIf config.home-manager.users.${config.user}.programs.nix-index.enable (
        config.home-manager.users.${config.user}.lib.dag.entryAfter [ "writeBoundary" ] ''
          if [ ! -d ${cacheDir} ]; then
              $DRY_RUN_CMD ${pkgs.nix-index}/bin/nix-index -f ${pkgs.path}
          fi
        ''
      );
    # Set automatic generation cleanup for home-manager
    nix.gc = {
      automatic = config.nix.gc.automatic;
      options = config.nix.gc.options;
    };
  };
  nix = {
    # Set channel to flake packages, used for nix-shell commands
    nixPath = [ "nixpkgs=${pkgs.path}" ];
    # Set registry to this flake's packages, used for nix X commands
    registry.nixpkgs.to = {
      type = "path";
      path = builtins.toString pkgs.path;
    };
    # For security, only allow specific users
    settings.allowed-users = [
      "@wheel"
      config.user
    ];
    # Enable features in Nix commands
    extraOptions = ''
      experimental-features = nix-command flakes
      warn-dirty = false
    '';
    gc = {
      automatic = true;
      options = "--delete-older-than 10d";
    };
    settings = {
      # Add community Cachix to binary cache
      # Don't use with macOS because blocked by corporate firewall
      builders-use-substitutes = true;
      substituters = lib.mkIf (!pkgs.stdenv.isDarwin) [ "https://nix-community.cachix.org" ];
      trusted-public-keys = lib.mkIf (!pkgs.stdenv.isDarwin) [
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      # Scans and hard links identical files in the store
      # Not working with macOS: https://github.com/NixOS/nix/issues/7273
      auto-optimise-store = lib.mkIf (!pkgs.stdenv.isDarwin) true;
    };
  };
 }
--- a/modules/common/shell/starship.nix
+++ b/modules/common/shell/starship.nix
@@ -1,72 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  home-manager.users.${config.user}.programs.starship = {
    enable = true;
    settings = {
      add_newline = false; # Don't print new line at the start of the prompt
      format = lib.concatStrings [
        "$directory"
        "$git_branch"
        "$git_commit"
        "$git_status"
        "$hostname"
        "$cmd_duration"
        "$character"
      ];
      right_format = "$nix_shell";
      character = {
        success_symbol = "[❯](bold green)";
        error_symbol = "[❯](bold red)";
        vicmd_symbol = "[❮](bold green)";
      };
      cmd_duration = {
        min_time = 5000;
        show_notifications = if pkgs.stdenv.isLinux then false else true;
        min_time_to_notify = 30000;
        format = "[$duration]($style) ";
      };
      directory = {
        truncate_to_repo = true;
        truncation_length = 100;
      };
      git_branch = {
        format = "[$symbol$branch]($style)";
      };
      git_commit = {
        format = "( @ [$hash]($style) )";
        only_detached = false;
      };
      git_status = {
        format = "([$all_status$ahead_behind]($style) )";
        conflicted = "=";
        ahead = "⇡";
        behind = "⇣";
        diverged = "⇕";
        untracked = "⋄";
        stashed = "⩮";
        modified = "∽";
        staged = "+";
        renamed = "»";
        deleted = "✘";
        style = "red";
      };
      hostname = {
        ssh_only = true;
        format = "on [$hostname](bold red) ";
      };
      nix_shell = {
        format = "[$symbol $name]($style)";
        symbol = "❄️";
      };
      python = {
        format = "[\${version}\\(\${virtualenv}\\)]($style)";
      };
    };
  };
 }
--- a/modules/common/shell/utilities.nix
+++ b/modules/common/shell/utilities.nix
@@ -1,75 +0,0 @@
 { config, pkgs, ... }:
 let
  ignorePatterns = ''
    !.env*
    !.github/
    !.gitignore
    !*.tfvars
    .terraform/
    .target/
    /Library/'';
 in
 {
  config = {
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [
        age # Encryption
        bc # Calculator
        delta # Fancy diffs
        difftastic # Other fancy diffs
        dig # DNS lookup
        fd # find
        htop # Show system processes
        killall # Force quit
        inetutils # Includes telnet, whois
        jless # JSON viewer
        jo # JSON output
        jq # JSON manipulation
        lf # File viewer
        qrencode # Generate qr codes
        rsync # Copy folders
        ren # Rename files
        # rep # Replace text in files
        ripgrep # grep
        sd # sed
        tealdeer # Cheatsheets
        tree # View directory hierarchy
        vimv-rs # Batch rename files
        unzip # Extract zips
        dua # File sizes (du)
        du-dust # Disk usage tree (ncdu)
        duf # Basic disk information (df)
      ];
      programs.zoxide.enable = true; # Shortcut jump command
      home.file = {
        ".rgignore".text = ignorePatterns;
        ".digrc".text = "+noall +answer"; # Cleaner dig commands
      };
      xdg.configFile."fd/ignore".text = ignorePatterns;
      programs.bat = {
        enable = true; # cat replacement
        config = {
          theme = config.theme.colors.batTheme;
          pager = "less -R"; # Don't auto-exit if one screen
        };
      };
      programs.fish.functions = {
        ping = {
          description = "Improved ping";
          argumentNames = "target";
          body = "${pkgs.prettyping}/bin/prettyping --nolegend $target";
        };
      };
    };
  };
 }
--- a/modules/common/shell/work.nix
+++ b/modules/common/shell/work.nix
@@ -12,41 +12,56 @@
    home.packages =
      let
        ldap_scheme = "ldaps";
        magic_number = "2";
        magic_end_seq = "corp";
        magic_prefix = "take";
-        ldap_host = "${magic_prefix}${magic_number}.t${magic_number}.${magic_end_seq}";
+        ldap_port = 3269;
-        ldap_port = 636;
+        jq_parse = pkgs.writeShellScriptBin "ljq" ''
-        ldap_dc_1 = "${magic_prefix}${magic_number}";
+          jq --slurp \
-        ldap_dc_2 = "t${magic_number}";
+            --raw-input 'split("\n\n")|map(split("\n")|map(select(.[0:1]!="#" and length>0)) |select(length > 0)|map(capture("^(?<key>[^:]*:?): *(?<value>.*)") |if .key[-1:.key|length] == ":" then .key=.key[0:-1]|.value=(.value|@base64d) else . end)| group_by(.key) | map({key:.[0].key,value:(if .|length > 1 then [.[].value] else .[].value end)}) | from_entries)' | jq -r 'del(.[].thumbnailPhoto)'
-        ldap_dc_3 = magic_end_seq;
+        '';
        ldap_script = pkgs.writeShellScriptBin "ldap" ''
-          # if ! [ "$LDAP_HOST" ]; then
+          if ! [ "$LDAP_HOST" ]; then
-          #     echo "No LDAP_HOST specified!"
+              echo "No LDAP_HOST specified!"
-          #     exit 1
+              exit 1
-          # fi
+          fi
          SEARCH_FILTER="$@"
          ldapsearch -LLL \
              -B -o ldif-wrap=no \
-              -H "${ldap_scheme}://${ldap_host}:${builtins.toString ldap_port}" \
+              -E pr=5000/prompt \
-              -D "${pkgs.lib.toUpper magic_prefix}${magic_number}\\${pkgs.lib.toLower config.user}" \
+              -H "${ldap_scheme}://''${LDAP_HOST}:${builtins.toString ldap_port}" \
-              -w "$(${pkgs._1password}/bin/op item get T${magic_number} --fields label=password)" \
+              -D "${pkgs.lib.toUpper magic_prefix}2\\${pkgs.lib.toLower config.user}" \
-              -b "DC=${ldap_dc_1},DC=${ldap_dc_2},DC=${ldap_dc_3}" \
+              -w "$(${pkgs._1password-cli}/bin/op item get T2 --fields label=password --reveal)" \
-              -s "sub" -x "(cn=$SEARCH_FILTER)" \
+              -b "dc=''${LDAP_HOST//./,dc=}" \
-              | jq --slurp \
+              -s "sub" -x "(cn=''${SEARCH_FILTER})" \
-                  --raw-input 'split("\n\n")|map(split("\n")|map(select(.[0:1]!="#" and length>0)) |select(length > 0)|map(capture("^(?<key>[^:]*:?): *(?<value>.*)") |if .key[-1:.key|length] == ":" then .key=.key[0:-1]|.value=(.value|@base64d) else . end)| group_by(.key) | map({key:.[0].key,value:(if .|length > 1 then [.[].value] else .[].value end)}) | from_entries)' | jq -r 'del(.[].thumbnailPhoto)'
+              | ${jq_parse}/bin/ljq
        '';
        ldapm_script = pkgs.writeShellScriptBin "ldapm" ''
          if ! [ "$LDAP_HOST" ]; then
              echo "No LDAP_HOST specified!"
              exit 1
          fi
          ${ldap_script}/bin/ldap "$@" | jq '[ .[].memberOf] | add'
        '';
        ldapg_script = pkgs.writeShellScriptBin "ldapg" ''
          if ! [ "$LDAP_HOST" ]; then
              echo "No LDAP_HOST specified!"
              exit 1
          fi
          ${ldap_script}/bin/ldap "$@" | jq '[ .[].member] | add'
        '';
        ldapl_script = pkgs.writeShellScriptBin "ldapl" ''
          if ! [ "$LDAP_HOST" ]; then
              echo "No LDAP_HOST specified!"
              exit 1
          fi
          ${ldap_script}/bin/ldap "*$@*" | jq -r '.[].name'
        '';
      in
      [
        ldap_script
        ldapm_script
        ldapg_script
        ldapl_script
        jq_parse
      ];
  };
 }
--- a/Show More
+++ b/Show More