flake.lock: Update

Flake lock file updates: • Updated input 'darwin': 'github:lnl7/nix-darwin/7220b01d679e93ede8d7b25d6f392855b81dd475' (2025-08-15) → 'github:lnl7/nix-darwin/8df64f819698c1fee0c2969696f54a843b2231e8' (2025-08-22) • Updated input 'disko': 'github:nix-community/disko/8246829f2e675a46919718f9a64b71afe3bfb22d' (2025-08-12) → 'github:nix-community/disko/4073ff2f481f9ef3501678ff479ed81402caae6d' (2025-08-18) • Updated input 'helix': 'github:helix-editor/helix/a4a2b50a50971bc43952f5f75d19a56689793a6a' (2025-08-15) → 'github:helix-editor/helix/22a3b10dd8ab907367ae1fe57d9703e22b30d391' (2025-08-22) • Updated input 'home-manager': 'github:nix-community/home-manager/2a749f4790a14f7168be67cdf6e548ef1c944e10' (2025-08-16) → 'github:nix-community/home-manager/8b55a6ac58b678199e5bba701aaff69e2b3281c0' (2025-08-23) • Updated input 'nix2vim': 'github:gytis-ivaskevicius/nix2vim/94f136cece965e33aa4ccccb4ca1af04772851f4' (2025-07-15) → 'github:gytis-ivaskevicius/nix2vim/78467c8de07719f92397179844bf75cdf2e58b83' (2025-08-16) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/fbcf476f790d8a217c3eab4e12033dc4a0f6d23c' (2025-08-14) → 'github:nixos/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4' (2025-08-19) • Updated input 'nur': 'github:nix-community/nur/160c1c1c8737a0e2109b6181a191779ac2e42f7f' (2025-08-16) → 'github:nix-community/nur/1a47d83c521c098debd6d1f2c2ae313a5bb729f9' (2025-08-23)
Try to fix automatic timezone issues
2025-08-23 16:04:40 +00:00 · 2025-08-23 03:58:42 +00:00 · 2025-08-19 08:51:18 -04:00 · 2025-08-17 20:23:22 -04:00 · 2025-08-17 20:23:17 -04:00 · 2025-08-17 20:04:49 -04:00
127 changed files with 3982 additions and 947 deletions
--- a/.github/workflows/arrow-aws.yml
+++ b/.github/workflows/arrow-aws.yml
@@ -3,7 +3,7 @@ name: Arrow (AWS)
 run-name: Arrow (AWS) - ${{ inputs.rebuild && 'Rebuild and ' || '' }}${{ inputs.action == 'create' && 'Create' || ( inputs.action == 'destroy' && 'Destroy' || 'No Action' ) }}

 env:
-  TERRAFORM_DIRECTORY: hosts/arrow/aws
+  TERRAFORM_DIRECTORY: deploy/aws
  DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
  ARROW_IDENTITY_BASE64: ${{ secrets.ARROW_IDENTITY_BASE64 }}
  ZONE_NAME: masu.rs
--- a/.github/workflows/flame.yml
+++ b/.github/workflows/flame.yml
@@ -0,0 +1,200 @@
+name: Flame
+
+run-name: Flame - ${{ inputs.rebuild && 'Rebuild and ' || '' }}${{ inputs.action == 'create' && 'Create' || ( inputs.action == 'destroy' && 'Destroy' || 'No Action' ) }}
+
+env:
+  TERRAFORM_DIRECTORY: deploy/oracle
+  DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
+  FLAME_IDENTITY_BASE64: ${{ secrets.FLAME_IDENTITY_BASE64 }}
+  ZONE_NAME: masu.rs
+  CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+  CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
+  OCI_CLI_USER: "ocid1.user.oc1..aaaaaaaa6lro2eoxdajjypjysepvzcavq5yn4qyozjyebxdiaoqziribuqba"
+  OCI_CLI_TENANCY: "ocid1.tenancy.oc1..aaaaaaaaudwr2ozedhjnrn76ofjgglgug6gexknjisd7gb7tkj3mjdp763da"
+  OCI_CLI_FINGERPRINT: "dd:d0:da:6d:83:46:8b:b3:d9:45:2b:c7:56:ae:30:94"
+  OCI_CLI_KEY_CONTENT: "${{ secrets.OCI_PRIVATE_KEY }}"
+  TF_VAR_oci_private_key: "${{ secrets.OCI_PRIVATE_KEY }}"
+  OCI_CLI_REGION: "us-ashburn-1"
+
+on:
+  workflow_dispatch:
+    inputs:
+      rebuild:
+        description: Rebuild Image
+        type: boolean
+        default: false
+      action:
+        description: Terraform Action
+        type: choice
+        required: true
+        default: create
+        options:
+          - create
+          - destroy
+          - nothing
+
+permissions:
+  id-token: write
+  contents: write
+
+jobs:
+  build-deploy:
+    name: Build and Deploy
+    # runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04-arm
+    steps:
+      - name: Checkout Repo Code
+        uses: actions/checkout@v4
+
+      # - name: Write OCI Key to File
+      #   run: |
+      #     echo "${{ env.OCI_PRIVATE_KEY_BASE64 }}" | base64 -d > OCI_PRIVATE_KEY
+
+      # # Enable access to KVM, required to build an image
+      # - name: Enable KVM group perms
+      #   if: inputs.rebuild && inputs.action != 'destroy'
+      #   run: |
+      #       echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
+      #       sudo udevadm control --reload-rules
+      #       sudo udevadm trigger --name-match=kvm
+      #       sudo apt-get install -y qemu-user-static
+
+      # Install Nix
+      - name: Install Nix
+        # if: inputs.rebuild && inputs.action != 'destroy'
+        uses: cachix/install-nix-action@v31.4.1
+        with:
+          enable_kvm: true
+          extra_nix_config: |
+            system = aarch64-linux
+            system-features = aarch64-linux arm-linux kvm
+
+      # Build the image
+      - name: Build Image
+        if: inputs.rebuild && inputs.action != 'destroy'
+        run: nix build .#flame-qcow --system aarch64-linux
+
+      - name: List Images
+        if: inputs.rebuild && inputs.action != 'destroy'
+        run: |
+          ls -lh result/
+          echo "IMAGE_NAME=$(ls result/nixos.qcow2) >> $GITHUB_ENV
+
+      - name: Upload Image to S3
+        if: inputs.rebuild && inputs.action != 'destroy'
+        # env:
+        #   AWS_ACCESS_KEY_ID: "<YOUR_OCI_ACCESS_KEY>"
+        #   AWS_SECRET_ACCESS_KEY: "<YOUR_OCI_SECRET_KEY>"
+        #   AWS_DEFAULT_REGION: "us-ashburn-1" # e.g., us-ashburn-1, us-phoenix-1
+        #   AWS_ENDPOINT_URL: "https://masur.compat.objectstorage.us-ashburn-1.oraclecloud.com"
+        uses: oracle-actions/run-oci-cli-command@v1.3.2
+        with:
+          command: |
+            os object put \
+              --namespace "idptr5akf9pf" \
+              --bucket-name "noahmasur-images" \
+              --name "nixos.qcow2" \
+              --file "${IMAGE_NAME}" \
+              --part-size 128 \ # Optional: Specify part size in MiB for multipart uploads, default is 128 MiB
+              --parallel-upload-count 5 # Optional: Number of parallel uploads, default is 3
+
+      # Login to AWS
+      - name: AWS Assume Role
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::286370965832:role/github_actions_admin
+          aws-region: us-east-1
+
+      # Installs the Terraform binary and some other accessory functions.
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v2
+
+      # Checks whether Terraform is formatted properly. If this fails, you
+      # should install the pre-commit hook.
+      - name: Check Formatting
+        working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+        run: |
+          terraform fmt -no-color -check -diff -recursive
+
+      # Connects to remote state backend and download providers.
+      - name: Terraform Init
+        working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+        run: terraform init -input=false
+
+      # Deploys infrastructure or changes to infrastructure.
+      - name: Terraform Apply
+        if: inputs.action == 'create'
+        working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+        run: |
+          terraform apply \
+            -auto-approve \
+            -input=false
+
+      # Removes infrastructure.
+      - name: Terraform Destroy
+        if: inputs.action == 'destroy'
+        working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+        run: |
+          terraform destroy \
+            -auto-approve \
+            -input=false
+
+      - name: Get Host IP
+        if: inputs.action == 'create'
+        id: host
+        working-directory: ${{ env.TERRAFORM_DIRECTORY }}
+        run: terraform output -raw host_ip
+
+      - name: Wait on SSH
+        if: inputs.action == 'create'
+        run: |
+          for i in $(seq 1 15); do
+            if $(nc -z -w 3 ${{ steps.host.outputs.stdout }} 22); then
+              exit 0
+            fi
+            sleep 10
+          done
+
+      - name: Write Identity Keys to Files
+        if: inputs.action == 'create'
+        run: |
+          echo "${{ env.DEPLOY_IDENTITY_BASE64 }}" | base64 -d > deploy_ed25519
+          chmod 0600 deploy_ed25519
+          echo "${{ env.FLAME_IDENTITY_BASE64 }}" | base64 -d > flame_ed25519
+          chmod 0600 flame_ed25519
+          mkdir -pv "${HOME}/.ssh/"
+          cp deploy_ed25519 "${HOME}/.ssh/id_ed25519"
+
+      - name: Run nixos-anywhere
+        if: inputs.action == 'create'
+        run: |
+          nix run github:nix-community/nixos-anywhere -- --flake github:nmasur/dotfiles#flame --build-on remote --no-reboot --target-host ubuntu@${{ steps.host.outputs.stdout }}
+          reboot now
+
+      - name: Wait on SSH After Reboot
+        if: inputs.action == 'create'
+        run: |
+          for i in $(seq 1 15); do
+            if $(nc -z -w 3 ${{ steps.host.outputs.stdout }} 22); then
+              exit 0
+            fi
+            sleep 10
+          done
+
+      - name: Copy Identity File to Host
+        if: inputs.action == 'create'
+        run: |
+          ssh -i deploy_ed25519 -o StrictHostKeyChecking=accept-new noah@${{ steps.host.outputs.stdout }} 'mkdir -pv .ssh'
+          scp -i deploy_ed25519 flame_ed25519 noah@${{ steps.host.outputs.stdout }}:~/.ssh/id_ed25519
+
+      # - name: Wipe Records
+      #   if: ${{ inputs.action == 'destroy' }}
+      #   run: |
+      #     RECORD_ID=$(curl --request GET \
+      #        --url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records \
+      #        --header 'Content-Type: application/json' \
+      #        --header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}" | jq -r '.result[] | select(.name == "n8n2.${{ env.ZONE_NAME }}") | .id')
+      #     curl --request DELETE \
+      #        --url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records/${RECORD_ID} \
+      #        --header 'Content-Type: application/json' \
+      #        --header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}"
--- a/README.md
+++ b/README.md
@@ -9,37 +9,37 @@ configuration may be difficult to translate to a non-Nix system.
 ## System Features

 | Feature        | Program                                             | Configuration                                                                     |
-|----------------|-----------------------------------------------------|-----------------------------------------------|
-| OS             | [NixOS](https://nixos.org)                          | [Link](./modules/nixos)                       |
-| Display Server | [X11](https://www.x.org/wiki/)                      | [Link](./modules/nixos/graphical/xorg.nix)    |
-| Compositor     | [Picom](https://github.com/yshui/picom)             | [Link](./modules/nixos/graphical/picom.nix)   |
-| Window Manager | [i3](https://i3wm.org/)                             | [Link](./modules/nixos/graphical/i3.nix)      |
-| Panel          | [Polybar](https://polybar.github.io/)               | [Link](./modules/nixos/graphical/polybar.nix) |
-| Font           | [Victor Mono](https://rubjo.github.io/victor-mono/) | [Link](./modules/nixos/graphical/fonts.nix)   |
-| Launcher       | [Rofi](https://github.com/davatorium/rofi)          | [Link](./modules/nixos/graphical/rofi.nix)    |
+|----------------|-----------------------------------------------------|-----------------------------------------------------------------------------------|
+| OS             | [NixOS](https://nixos.org)                          | [Link](./platforms/nixos)                                                         |
+| Display Server | [X11](https://www.x.org/wiki/)                      | [Link](./platforms/nixos/modules/nmasur/profiles/gui.nix)                         |
+| Compositor     | [Picom](https://github.com/yshui/picom)             | [Link](./platforms/home-manager/modules/nmasur/presets/services/picom.nix)        |
+| Window Manager | [i3](https://i3wm.org/)                             | [Link](./platforms/home-manager/modules/nmasur/presets/services/i3.nix)           |
+| Panel          | [Polybar](https://polybar.github.io/)               | [Link](./platforms/home-manager/modules/nmasur/presets/services/polybar.nix)      |
+| Font           | [Victor Mono](https://rubjo.github.io/victor-mono/) | [Link](./platforms/home-manager/modules/nmasur/presets/fonts.nix)                 |
+| Launcher       | [Rofi](https://github.com/davatorium/rofi)          | [Link](./platforms/home-manager/modules/nmasur/presets/programs/rofi/default.nix) |

 ## User Features

 | Feature      | Program                                                                          | Configuration                                                                 |
-|--------------|----------------------------------------------------------------------------------|----------------------------------------------------|
-| Dotfiles     | [Home-Manager](https://github.com/nix-community/home-manager)                    | [Link](./modules/common)                           |
-| Terminal     | [Kitty](https://sw.kovidgoyal.net/kitty/)                                        | [Link](./modules/common/applications/kitty.nix)    |
-| Shell        | [Fish](https://fishshell.com/)                                                   | [Link](./modules/common/shell/fish)                |
-| Shell Prompt | [Starship](https://starship.rs/)                                                 | [Link](./modules/common/shell/starship.nix)        |
+|--------------|----------------------------------------------------------------------------------|-------------------------------------------------------------------------------|
+| Dotfiles     | [Home-Manager](https://github.com/nix-community/home-manager)                    | [Link](./platforms/home-manager)                                              |
+| Terminal     | [Ghostty](https://sw.kovidgoyal.net/kitty/)                                      | [Link](./platforms/home-manager/modules/nmasur/presets/programs/ghostty.nix)  |
+| Shell        | [Fish](https://fishshell.com/)                                                   | [Link](./platforms/home-manager/modules/nmasur/presets/programs/fish.nix)     |
+| Shell Prompt | [Starship](https://starship.rs/)                                                 | [Link](./platforms/home-manager/modules/nmasur/presets/programs/starship.nix) |
 | Colorscheme  | [Gruvbox](https://github.com/morhetz/gruvbox)                                    | [Link](./colorscheme/gruvbox/default.nix)                                     |
-| Wallpaper    | [Road](https://gitlab.com/exorcist365/wallpapers/-/blob/master/gruvbox/road.jpg) | [Link](./hosts/tempest/default.nix)                |
-| Text Editor  | [Neovim](https://neovim.io/)                                                     | [Link](./modules/common/neovim/config)             |
-| Browser      | [Firefox](https://www.mozilla.org/en-US/firefox/new/)                            | [Link](./modules/common/applications/firefox.nix)  |
-| E-Mail       | [Aerc](https://aerc-mail.org/)                                                   | [Link](./modules/common/mail/aerc.nix)             |
-| File Manager | [Nautilus](https://wiki.gnome.org/action/show/Apps/Files)                        | [Link](./modules/common/applications/nautilus.nix) |
-| PDF Reader   | [Zathura](https://pwmt.org/projects/zathura/)                                    | [Link](./modules/common/applications/media.nix)    |
-| Video Player | [mpv](https://mpv.io/)                                                           | [Link](./modules/common/applications/media.nix)    |
+| Wallpaper    | [Road](https://gitlab.com/exorcist365/wallpapers/-/blob/master/gruvbox/road.jpg) | [Link](./hosts/x86_64-linux/tempest/default.nix)                              |
+| Text Editor  | [Neovim](https://neovim.io/)                                                     | [Link](./pkgs/applications/editors/neovim/nmasur/neovim/package.nix)          |
+| Browser      | [Firefox](https://www.mozilla.org/en-US/firefox/new/)                            | [Link](./platforms/home-manager/modules/nmasur/presets/programs/firefox.nix)  |
+| E-Mail       | [Aerc](https://aerc-mail.org/)                                                   | [Link](./platforms/home-manager/modules/nmasur/presets/programs/aerc.nix)     |
+| File Manager | [Nautilus](https://wiki.gnome.org/action/show/Apps/Files)                        | [Link](./platforms/home-manager/modules/nmasur/presets/programs/nautilus.nix) |
+| PDF Reader   | [Zathura](https://pwmt.org/projects/zathura/)                                    | [Link](./platforms/home-manager/modules/nmasur/presets/programs/zathura.nix)  |
+| Video Player | [mpv](https://mpv.io/)                                                           | [Link](./platforms/home-manager/modules/nmasur/presets/programs/mpv.nix)      |

 ## macOS Features

 | Feature  | Program                                     | Configuration                        |
 |----------|---------------------------------------------|--------------------------------------|
-| Keybinds | [Hammerspoon](https://www.hammerspoon.org/) | [Link](./modules/darwin/hammerspoon) |
+| Keybinds | [Hammerspoon](https://www.hammerspoon.org/) | [Link](./platforms/home-manager/modules/nmasur/presets/services/hammerspoon/) |

 # Diagram

@@ -51,15 +51,16 @@ configuration may be difficult to translate to a non-Nix system.

 This repo contains a few more elaborate elements of configuration.

- [Neovim config](./modules/common/neovim/default.nix) generated with Nix2Vim
-and source-controlled plugins, differing based on installed LSPs, for example.
- [Caddy JSON](./modules/nixos/services/caddy.nix) file (routes, etc.) based
-dynamically on enabled services rendered with Nix.
- [Grafana config](./modules/nixos/services/grafana.nix) rendered with Nix.
- Custom [secrets deployment](./modules/nixos/services/secrets.nix) similar to
-agenix.
- Base16 [colorschemes](./colorscheme/) applied to multiple applications,
-including Firefox userChrome.
+- [Neovim config](./pkgs/applications/editors/neovim/nmasur/neovim/package.nix)
+generated with Nix2Vim and source-controlled plugins,
+differing based on installed LSPs, for example. - [Caddy
+JSON](./platforms/nixos/modules/nmasur/presets/services/caddy.nix) file (routes,
+etc.) based dynamically on enabled services rendered with Nix. - [Grafana
+config](./platforms/nixos/modules/nmasur/presets/services/grafana/grafana.nix)
+rendered with Nix. - Custom [secrets
+deployment](./platforms/nixos/modules/secrets.nix) similar to agenix. - Base16
+[colorschemes](./colorscheme/) applied to multiple applications, including
+Firefox userChrome.

 ---

--- a/deploy/oracle/main.tf
+++ b/deploy/oracle/main.tf
@@ -0,0 +1,115 @@
+terraform {
+  backend "s3" {
+    bucket       = "noahmasur-terraform"
+    key          = "flame.tfstate"
+    region       = "us-east-1"
+    use_lockfile = true
+  }
+  required_version = ">= 1.0.0"
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = "7.7.0"
+    }
+  }
+}
+
+provider "oci" {
+  auth         = "APIKey"
+  tenancy_ocid = var.compartment_ocid
+  user_ocid    = "ocid1.user.oc1..aaaaaaaa6lro2eoxdajjypjysepvzcavq5yn4qyozjyebxdiaoqziribuqba"
+  private_key  = var.oci_private_key
+  fingerprint  = "dd:d0:da:6d:83:46:8b:b3:d9:45:2b:c7:56:ae:30:94"
+  region       = "us-ashburn-1"
+}
+
+# Get the latest Ubuntu image OCID
+# We'll filter for a recent Ubuntu LTS version (e.g., 22.04 or 24.04) and pick the latest.
+# Note: Image OCIDs are region-specific. This data source helps find the correct one.
+data "oci_core_images" "ubuntu_image" {
+  compartment_id   = var.compartment_ocid
+  operating_system = "Canonical Ubuntu"
+  # Adjust this version if you prefer a different Ubuntu LTS (e.g., "24.04")
+  operating_system_version = "24.04"
+  shape                    = var.instance_shape # Filter by the shape to ensure compatibility
+  sort_by                  = "TIMECREATED"
+  sort_order               = "DESC"
+}
+
+# resource "oci_core_image" "my_custom_image" {
+#   compartment_id = var.compartment_ocid
+#   display_name   = "noah-nixos"
+
+#   image_source_details {
+#     source_type = "objectStorageTuple" # Use this if specifying namespace, bucket, and object name
+#     # source_type  = "objectStorageUri"  # Use this if you have a pre-authenticated request URL (PAR)
+#     namespace_name = var.object_storage_namespace
+#     bucket_name    = var.object_storage_bucket_name
+#     object_name    = var.object_storage_object_name
+
+#     source_image_type = "QCOW2" # e.g., "QCOW2", "VMDK"
+
+#     # These properties help OCI understand how to launch instances from this image
+#     # Adjust based on your custom image's OS and boot mode
+#     operating_system         = "NixOS" # e.g., "CentOS", "Debian", "Windows"
+#     operating_system_version = "25.05" # e.g., "7", "11", "2019"
+#   }
+
+#   launch_mode = "PARAVIRTUALIZED" # Or "NATIVE", "EMULATED", "CUSTOM"
+#   # Optional: for specific launch options if your image requires them
+#   # launch_options {
+#   #   boot_volume_type = "PARAVIRTUALIZED"
+#   #   firmware         = "UEFI_64" # Or "BIOS"
+#   #   network_type     = "PARAVIRTUALIZED"
+#   # }
+
+#   # Time out for image import operation. Can take a while for large images.
+#   timeouts {
+#     create = "60m" # Default is 20m, often needs to be increased
+#   }
+# }
+
+data "oci_identity_availability_domains" "ads" {
+  compartment_id = var.compartment_ocid
+}
+
+resource "oci_core_instance" "my_compute_instance" {
+  compartment_id      = var.compartment_ocid
+  availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name
+  shape               = var.instance_shape
+  display_name        = var.instance_display_name
+
+  source_details {
+    source_type = "image"
+    # Use the OCID of the latest Ubuntu image found by the data source
+    source_id = data.oci_core_images.ubuntu_image.images[0].id
+    # # Use the OCID of the newly imported custom image
+    # source_id = oci_core_image.my_custom_image.id
+    # Specify the boot volume size
+    boot_volume_size_in_gbs = var.boot_volume_size_in_gbs
+    boot_volume_vpus_per_gb = 20 # Highest free tier option
+  }
+
+  # launch_options {
+  #   is_consistent_volume_naming_enabled = true              # Sets boot device path to /dev/oracleoci/oraclevda
+  #   network_type                        = "PARAVIRTUALIZED" # I think this is the default?
+  # }
+
+  create_vnic_details {
+    subnet_id        = oci_core_subnet.my_public_subnet.id # Use the created subnet's ID
+    display_name     = "primary_vnic"
+    assign_public_ip = true
+    hostname_label   = "flame"
+  }
+
+  metadata = {
+    ssh_authorized_keys = var.ssh_public_key
+    user_data           = base64encode(var.cloud_init_script)
+  }
+
+  # Optional: For flexible shapes (e.g., VM.Standard.E4.Flex), you might need to specify OCPUs and memory
+  shape_config {
+    ocpus         = 4
+    memory_in_gbs = 24
+  }
+}
--- a/deploy/oracle/network.tf
+++ b/deploy/oracle/network.tf
@@ -0,0 +1,126 @@
+resource "oci_core_vcn" "my_vpc" {
+  compartment_id = var.compartment_ocid
+  display_name   = "main"
+  cidr_block     = "10.0.0.0/16"
+  is_ipv6enabled = false
+  dns_label      = "mainvcn" # Must be unique within your tenancy
+}
+
+resource "oci_core_internet_gateway" "my_igw" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.my_vpc.id
+  display_name   = "main-igw"
+  enabled        = true
+}
+
+resource "oci_core_route_table" "my_public_route_table" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.my_vpc.id
+  display_name   = "main-public-rt"
+
+  # Default route to the Internet Gateway
+  route_rules {
+    destination       = "0.0.0.0/0"
+    destination_type  = "CIDR_BLOCK"
+    network_entity_id = oci_core_internet_gateway.my_igw.id
+  }
+}
+
+resource "oci_core_security_list" "my_public_security_list" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.my_vpc.id
+  display_name   = "main-public-sl"
+
+  # Egress Rules (Allow all outbound traffic)
+  egress_security_rules {
+    destination      = "0.0.0.0/0"
+    destination_type = "CIDR_BLOCK"
+    protocol         = "all"
+  }
+
+  # Ingress Rules
+  ingress_security_rules {
+    # SSH (TCP 22)
+    protocol    = "6" # TCP
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    tcp_options {
+      min = 22
+      max = 22
+    }
+  }
+
+  ingress_security_rules {
+    # HTTP (TCP 80)
+    protocol    = "6" # TCP
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    tcp_options {
+      min = 80
+      max = 80
+    }
+  }
+
+  ingress_security_rules {
+    # HTTPS (TCP 443)
+    protocol    = "6" # TCP
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    tcp_options {
+      min = 443
+      max = 443
+    }
+  }
+
+  ingress_security_rules {
+    # Custom Minecraft
+    protocol    = "6" # TCP
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    tcp_options {
+      min = 49732
+      max = 49732
+    }
+  }
+
+  ingress_security_rules {
+    # HTTPS (UDP 443) - For QUIC or specific UDP services
+    protocol    = "17" # UDP
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    udp_options {
+      min = 443
+      max = 443
+    }
+  }
+
+  ingress_security_rules {
+    # ICMP (Ping)
+    protocol    = "1" # ICMP
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    icmp_options {
+      type = 3 # Destination Unreachable (common for connectivity checks)
+      code = 4 # Fragmentation needed
+    }
+  }
+  ingress_security_rules {
+    protocol    = "1" # ICMP
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    icmp_options {
+      type = 8 # Echo Request (ping)
+    }
+  }
+}
+
+resource "oci_core_subnet" "my_public_subnet" {
+  compartment_id             = var.compartment_ocid
+  vcn_id                     = oci_core_vcn.my_vpc.id
+  display_name               = "main-public-subnet"
+  cidr_block                 = "10.0.0.0/24"
+  prohibit_public_ip_on_vnic = false # Allows instances in this subnet to get public IPs
+  route_table_id             = oci_core_route_table.my_public_route_table.id
+  security_list_ids          = [oci_core_security_list.my_public_security_list.id]
+  dns_label                  = "mainsub" # Must be unique within the VCN
+}
--- a/deploy/oracle/outputs.tf
+++ b/deploy/oracle/outputs.tf
@@ -0,0 +1,19 @@
+output "host_ip" {
+  description = "The public IP address of the launched instance."
+  value       = oci_core_instance.my_compute_instance.public_ip
+}
+
+output "instance_id" {
+  description = "The OCID of the launched instance."
+  value       = oci_core_instance.my_compute_instance.id
+}
+
+output "vpc_ocid" {
+  description = "The OCID of the created VCN."
+  value       = oci_core_vcn.my_vpc.id
+}
+
+output "subnet_ocid" {
+  description = "The OCID of the created public subnet."
+  value       = oci_core_subnet.my_public_subnet.id
+}
--- a/deploy/oracle/variables.tf
+++ b/deploy/oracle/variables.tf
@@ -0,0 +1,63 @@
+variable "boot_volume_size_in_gbs" {
+  description = "The size of the boot volume in GBs."
+  type        = number
+  default     = 150
+}
+
+variable "cloud_init_script" {
+  description = "A cloud-init script to run on instance launch."
+  type        = string
+  default     = <<-EOF
+              #!/bin/bash
+              echo "Hello from cloud-init!" > /home/ubuntu/cloud-init-output.txt
+              EOF
+}
+
+variable "compartment_ocid" {
+  description = "The OCID of the compartment where the instance will be created."
+  type        = string
+  default     = "ocid1.tenancy.oc1..aaaaaaaaudwr2ozedhjnrn76ofjgglgug6gexknjisd7gb7tkj3mjdp763da"
+}
+
+variable "instance_display_name" {
+  description = "A user-friendly name for the instance."
+  type        = string
+  default     = "noah-nixos"
+}
+
+variable "instance_shape" {
+  description = "The shape of the OCI compute instance."
+  type        = string
+  default     = "VM.Standard.A1.Flex" # Example shape. Choose one available in your region/AD.
+}
+
+variable "object_storage_namespace" {
+  description = "Your OCI Object Storage namespace (usually your tenancy name)."
+  type        = string
+  default     = "idptr5akf9pf"
+}
+
+variable "object_storage_bucket_name" {
+  description = "The name of the Object Storage bucket where your custom image is located."
+  type        = string
+  default     = "noahmasur-images"
+}
+
+variable "object_storage_object_name" {
+  description = "The object name (file name) of your custom image in Object Storage."
+  type        = string
+  default     = "nixos.qcow2"
+}
+
+variable "oci_private_key" {
+  type        = string
+  description = "API private key for Oracle Cloud management"
+  sensitive   = true
+}
+
+variable "ssh_public_key" {
+  description = "Your public SSH key content."
+  type        = string
+  # default     = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpPU2G9rSF8Q6waH62IJexDCQ6lY+8ZyVufGE3xMDGw actions-deploy"
+}
--- a/flake.lock
+++ b/flake.lock
@@ -22,11 +22,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1742013980,
-        "narHash": "sha256-34YbfwABU5nb0F5eaaJE3ujldaNDhmyxw7CWqhXJV08=",
+        "lastModified": 1755825449,
+        "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "9175b4bb5f127fb7b5784b14f7e01abff24c378f",
+        "rev": "8df64f819698c1fee0c2969696f54a843b2231e8",
        "type": "github"
      },
      "original": {
@@ -43,11 +43,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1741786315,
-        "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=",
+        "lastModified": 1755519972,
+        "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de",
+        "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d",
        "type": "github"
      },
      "original": {
@@ -76,11 +76,11 @@
    "flake-compat_2": {
      "flake": false,
      "locked": {
-        "lastModified": 1733328505,
-        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "lastModified": 1747046372,
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
        "type": "github"
      },
      "original": {
@@ -135,11 +135,11 @@
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1705309234,
-        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
@@ -148,6 +148,27 @@
        "type": "github"
      }
    },
+    "helix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "rust-overlay": "rust-overlay"
+      },
+      "locked": {
+        "lastModified": 1755869734,
+        "narHash": "sha256-d9hwkPwlpbih4DVbsV0zrK5i2J6cRT7ifrDYK5LZQs8=",
+        "owner": "helix-editor",
+        "repo": "helix",
+        "rev": "22a3b10dd8ab907367ae1fe57d9703e22b30d391",
+        "type": "github"
+      },
+      "original": {
+        "owner": "helix-editor",
+        "repo": "helix",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@@ -155,11 +176,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1741955947,
-        "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=",
+        "lastModified": 1755914636,
+        "narHash": "sha256-VJ+Gm6YsHlPfUCpmRQxvdiZW7H3YPSrdVOewQHAhZN8=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4",
+        "rev": "8b55a6ac58b678199e5bba701aaff69e2b3281c0",
        "type": "github"
      },
      "original": {
@@ -180,11 +201,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1739821351,
-        "narHash": "sha256-QlVtMzAhECs9Esq3txqVW7/vM78ipB5IcI8uyCbTP7A=",
+        "lastModified": 1742156590,
+        "narHash": "sha256-aTM/2CrNN5utdVEQGsOA+kl4UozgH7VPLBQL5OXtBrg=",
        "owner": "hraban",
        "repo": "mac-app-util",
-        "rev": "c00d5b21ca1fdab8acef65e696795f0f15ec1158",
+        "rev": "341ede93f290df7957047682482c298e47291b4d",
        "type": "github"
      },
      "original": {
@@ -193,58 +214,6 @@
        "type": "github"
      }
    },
-    "nextcloud-cookbook": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1726214817,
-        "narHash": "sha256-Pfa+Xbopg20os+pnGgg+wpEX1MI5fz5JMb0K4a8rBhs=",
-        "type": "tarball",
-        "url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.2/cookbook-0.11.2.tar.gz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.2/cookbook-0.11.2.tar.gz"
-      }
-    },
-    "nextcloud-external": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1729501365,
-        "narHash": "sha256-OV6HhFBzmnQBO5btGEnqmKlaUMY7/t2Qm3XebclpBlM=",
-        "type": "tarball",
-        "url": "https://github.com/nextcloud-releases/external/releases/download/v5.5.2/external-v5.5.2.tar.gz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://github.com/nextcloud-releases/external/releases/download/v5.5.2/external-v5.5.2.tar.gz"
-      }
-    },
-    "nextcloud-news": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1729667622,
-        "narHash": "sha256-pnvyMZQ+NYMgH0Unfh5S19HdZSjnghgoUDAoi2KIXNI=",
-        "type": "tarball",
-        "url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha12/news.tar.gz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha12/news.tar.gz"
-      }
-    },
-    "nextcloud-snappymail": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1728502660,
-        "narHash": "sha256-oCw6Brs85rINBHvz3UJXheyLVqvA3RgPXG03b30Fx7E=",
-        "type": "tarball",
-        "url": "https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz"
-      },
-      "original": {
-        "type": "tarball",
-        "url": "https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz"
-      }
-    },
    "nix2vim": {
      "inputs": {
        "flake-utils": "flake-utils_2",
@@ -253,11 +222,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1740943170,
-        "narHash": "sha256-A0F7T/euSMen004cVQN/ZkMpLkgLXDs+mq/merhd+0Y=",
+        "lastModified": 1755344765,
+        "narHash": "sha256-k/Cvh/mzb5lSvilKdgwNBCyAyYmD8YPr1nc0sTSgwxI=",
        "owner": "gytis-ivaskevicius",
        "repo": "nix2vim",
-        "rev": "a562f32ff2393d0ed198103c65a3035bcdf83d4d",
+        "rev": "78467c8de07719f92397179844bf75cdf2e58b83",
        "type": "github"
      },
      "original": {
@@ -289,11 +258,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1740947705,
-        "narHash": "sha256-Co2kAD2SZalOm+5zoxmzEVZNvZ17TyafuFsD46BwSdY=",
+        "lastModified": 1751903740,
+        "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "507911df8c35939050ae324caccc7cf4ffb76565",
+        "rev": "032decf9db65efed428afd2fa39d80f7089085eb",
        "type": "github"
      },
      "original": {
@@ -304,11 +273,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1742069588,
-        "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=",
+        "lastModified": 1755615617,
+        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5",
+        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
        "type": "github"
      },
      "original": {
@@ -334,20 +303,35 @@
        "type": "github"
      }
    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1728538411,
+        "narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "b69de56fac8c2b6f8fd27f2eca01dcda8e0a4221",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "nur": {
      "inputs": {
        "flake-parts": "flake-parts",
        "nixpkgs": [
          "nixpkgs"
-        ],
-        "treefmt-nix": "treefmt-nix"
+        ]
      },
      "locked": {
-        "lastModified": 1742145955,
-        "narHash": "sha256-ju1J45e22ebpLH3eSm0ZZYg7WHkN01ryTFv+4UNwCOA=",
+        "lastModified": 1755918818,
+        "narHash": "sha256-a7k/fml8k4CxIcVW26luwqVl3lsRMNXBRCyC8uSF0GA=",
        "owner": "nix-community",
        "repo": "nur",
-        "rev": "d6ba59dd58ebe6c184f955e1d3a4bbca9484c018",
+        "rev": "1a47d83c521c098debd6d1f2c2ae313a5bb729f9",
        "type": "github"
      },
      "original": {
@@ -360,21 +344,58 @@
      "inputs": {
        "darwin": "darwin",
        "disko": "disko",
+        "helix": "helix",
        "home-manager": "home-manager",
        "mac-app-util": "mac-app-util",
-        "nextcloud-cookbook": "nextcloud-cookbook",
-        "nextcloud-external": "nextcloud-external",
-        "nextcloud-news": "nextcloud-news",
-        "nextcloud-snappymail": "nextcloud-snappymail",
        "nix2vim": "nix2vim",
        "nixos-generators": "nixos-generators",
        "nixpkgs": "nixpkgs",
        "nixpkgs-stable": "nixpkgs-stable",
        "nur": "nur",
        "wsl": "wsl",
+        "zellij-switch": "zellij-switch",
        "zenyd-mpv-scripts": "zenyd-mpv-scripts"
      }
    },
+    "rust-overlay": {
+      "inputs": {
+        "nixpkgs": [
+          "helix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1740623427,
+        "narHash": "sha256-3SdPQrZoa4odlScFDUHd4CUPQ/R1gtH4Mq9u8CBiK8M=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "d342e8b5fd88421ff982f383c853f0fc78a847ab",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "rust-overlay_2": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1736476219,
+        "narHash": "sha256-+qyv3QqdZCdZ3cSO/cbpEY6tntyYjfe1bB12mdpNFaY=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "de30cc5963da22e9742bbbbb9a3344570ed237b9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
    "systems": {
      "locked": {
        "lastModified": 1689347925,
@@ -405,24 +426,18 @@
        "type": "github"
      }
    },
-    "treefmt-nix": {
-      "inputs": {
-        "nixpkgs": [
-          "nur",
-          "nixpkgs"
-        ]
-      },
+    "systems_3": {
      "locked": {
-        "lastModified": 1733222881,
-        "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
-        "owner": "numtide",
-        "repo": "treefmt-nix",
-        "rev": "49717b5af6f80172275d47a418c9719a31a78b53",
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
-        "owner": "numtide",
-        "repo": "treefmt-nix",
+        "owner": "nix-systems",
+        "repo": "default",
        "type": "github"
      }
    },
@@ -434,11 +449,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1741870048,
-        "narHash": "sha256-odXRdNZGdXg1LmwlAeWL85kgy/FVHsgKlDwrvbR2BsU=",
+        "lastModified": 1755261305,
+        "narHash": "sha256-EOqCupB5X5WoGVHVcfOZcqy0SbKWNuY3kq+lj1wHdu8=",
        "owner": "nix-community",
        "repo": "NixOS-WSL",
-        "rev": "5d76001e33ee19644a598ad80e7318ab0957b122",
+        "rev": "203a7b463f307c60026136dd1191d9001c43457f",
        "type": "github"
      },
      "original": {
@@ -447,6 +462,28 @@
        "type": "github"
      }
    },
+    "zellij-switch": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "rust-overlay": "rust-overlay_2",
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1742588229,
+        "narHash": "sha256-IPg0pBw0ciF+xl6viq3nK+dvZoDZrfBDui7dkPLz258=",
+        "owner": "mostafaqanbaryan",
+        "repo": "zellij-switch",
+        "rev": "0e3c303c19890ccb03589230ac5a7c4307e573e4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "mostafaqanbaryan",
+        "repo": "zellij-switch",
+        "type": "github"
+      }
+    },
    "zenyd-mpv-scripts": {
      "flake": false,
      "locked": {
--- a/flake.nix
+++ b/flake.nix
@@ -58,93 +58,60 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

-    # # Tree-Sitter Grammars
-    # tree-sitter-bash = {
-    #   url = "github:tree-sitter/tree-sitter-bash/master";
-    #   flake = false;
-    # };
-    # tree-sitter-python = {
-    #   url = "github:tree-sitter/tree-sitter-python/master";
-    #   flake = false;
-    # };
-    # tree-sitter-lua = {
-    #   url = "github:MunifTanjim/tree-sitter-lua/main";
-    #   flake = false;
-    # };
-    # tree-sitter-ini = {
-    #   url = "github:justinmk/tree-sitter-ini";
-    #   flake = false;
-    # };
-    # tree-sitter-puppet = {
-    #   url = "github:amaanq/tree-sitter-puppet";
-    #   flake = false;
-    # };
-    # tree-sitter-rasi = {
-    #   url = "github:Fymyte/tree-sitter-rasi";
-    #   flake = false;
-    # };
-    # tree-sitter-vimdoc = {
-    #   url = "github:neovim/tree-sitter-vimdoc";
-    #   flake = false;
-    # };
-
    # MPV Scripts
    zenyd-mpv-scripts = {
      url = "github:zenyd/mpv-scripts";
      flake = false;
    };

-    # # Git alternative
-    # # Fixes: https://github.com/martinvonz/jj/issues/4784
-    # jujutsu = {
-    #   url = "github:martinvonz/jj";
-    #   inputs.nixpkgs.follows = "nixpkgs";
-    # };
+    # Zellij Switcher
+    zellij-switch = {
+      url = "github:mostafaqanbaryan/zellij-switch";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };

-    # Nextcloud Apps
-    nextcloud-news = {
-      # https://github.com/nextcloud/news/releases
-      url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha12/news.tar.gz";
-      flake = false;
-    };
-    nextcloud-external = {
-      # https://github.com/nextcloud-releases/external/releases
-      url = "https://github.com/nextcloud-releases/external/releases/download/v5.5.2/external-v5.5.2.tar.gz";
-      flake = false;
-    };
-    nextcloud-cookbook = {
-      # https://github.com/christianlupus-nextcloud/cookbook-releases/releases/
-      url = "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.2/cookbook-0.11.2.tar.gz";
-      flake = false;
-    };
-    nextcloud-snappymail = {
-      # https://github.com/the-djmaze/snappymail/releases
-      # https://snappymail.eu/repository/nextcloud
-      url = "https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz";
-      # url = "https://github.com/nmasur/snappymail-nextcloud/releases/download/v2.36.3/snappymail-2.36.3-nextcloud.tar.gz";
-      flake = false;
+    # Text editor
+    helix = {
+      url = "github:helix-editor/helix";
+      inputs.nixpkgs.follows = "nixpkgs";
    };
+
+    # # Nextcloud Apps
+    # nextcloud-news = {
+    #   # https://github.com/nextcloud/news/releases
+    #   url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha12/news.tar.gz";
+    #   flake = false;
+    # };
+    # nextcloud-external = {
+    #   # https://github.com/nextcloud-releases/external/releases
+    #   url = "https://github.com/nextcloud-releases/external/releases/download/v5.5.2/external-v5.5.2.tar.gz";
+    #   flake = false;
+    # };
+    # nextcloud-cookbook = {
+    #   # https://github.com/christianlupus-nextcloud/cookbook-releases/releases/
+    #   url = "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.2/cookbook-0.11.2.tar.gz";
+    #   flake = false;
+    # };
+    # nextcloud-snappymail = {
+    #   # https://github.com/the-djmaze/snappymail/releases
+    #   # https://snappymail.eu/repository/nextcloud
+    #   url = "https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz";
+    #   # url = "https://github.com/nmasur/snappymail-nextcloud/releases/download/v2.36.3/snappymail-2.36.3-nextcloud.tar.gz";
+    #   flake = false;
+    # };
  };

  outputs =
    { nixpkgs, ... }@inputs:

    let
-      lib = import ./lib inputs;
-
-      # Global configuration for my systems
-      globals =
+      hostnames =
        let
          baseName = "masu.rs";
        in
-        rec {
-          user = "noah";
-          fullName = "Noah Masur";
-          gitName = fullName;
-          gitEmail = "7386960+nmasur@users.noreply.github.com";
-          dotfilesRepo = "https://github.com/nmasur/dotfiles";
-          hostnames = {
+        {
          audiobooks = "read.${baseName}";
+          bookmarks = "keep.${baseName}";
          books = "books.${baseName}";
          budget = "money.${baseName}";
          content = "cloud.${baseName}";
@@ -155,12 +122,15 @@
          influxdb = "influxdb.${baseName}";
          irc = "irc.${baseName}";
          mail = "noahmasur.com";
+          mathesar = "mathesar.${baseName}";
          metrics = "metrics.${baseName}";
          minecraft = "minecraft.${baseName}";
          n8n = "n8n.${baseName}";
+          navidrome = "music.${baseName}";
          notifications = "ntfy.${baseName}";
          paperless = "paper.${baseName}";
          photos = "photos.${baseName}";
+          postgresql = "pg.${baseName}";
          prometheus = "prom.${baseName}";
          secrets = "vault.${baseName}";
          smtp = "smtp.purelymail.com";
@@ -168,44 +138,38 @@
          stream = "stream.${baseName}";
          transmission = "transmission.${baseName}";
        };
-        };

    in
    rec {

-      inherit lib;
+      lib = import ./lib inputs;
+      flattenAttrset = attrs: builtins.foldl' lib.mergeAttrs { } (builtins.attrValues attrs);

-      nixosConfigurations = builtins.mapAttrs (
+      nixosConfigurations = flattenAttrset (
+        builtins.mapAttrs (
          system: hosts:
          builtins.mapAttrs (
            name: module:
            lib.buildNixos {
              inherit system module;
-            specialArgs = { inherit (globals) hostnames; };
+              specialArgs = { inherit hostnames; };
            }
          ) hosts
-      ) lib.linuxHosts;
+        ) lib.linuxHosts
+      );

-      # darwinConfigurations = {
-      #   aarch64-darwin = {
-      #     lookingglass = lib.buildDarwin {
-      #       system = "aarch64-darwin";
-      #       module = { };
-      #       specialArgs = { };
-      #     };
-      #   };
-      # };
-
-      darwinConfigurations = builtins.mapAttrs (
+      darwinConfigurations = flattenAttrset (
+        builtins.mapAttrs (
          system: hosts:
          builtins.mapAttrs (
            name: module:
            lib.buildDarwin {
              inherit system module;
-            specialArgs = { inherit (globals) hostnames; };
+              specialArgs = { inherit hostnames; };
            }
          ) hosts
-      ) lib.darwinHosts;
+        ) lib.darwinHosts
+      );

      homeModules = builtins.mapAttrs (
        system: hosts:
@@ -214,63 +178,67 @@
        ) hosts
      ) lib.hosts;

-      homeConfigurations = builtins.mapAttrs (
+      homeConfigurations = flattenAttrset (
+        builtins.mapAttrs (
          system: hosts:
          builtins.mapAttrs (
            name: module:
            lib.buildHome {
              inherit system module;
-            specialArgs = { inherit (globals) hostnames; };
+              specialArgs = { inherit hostnames; };
            }
          ) hosts
-      ) homeModules;
+        ) homeModules
+      );

      # Disk formatting, only used once
      diskoConfigurations = {
        root = import ./hosts/x86_64-linux/swan/root.nix;
      };

-      # generators = {
-      #   arrow.aws.x86_64-linux = lib.generateImage {
-      #     system = "x86_64-linux";
-      #     format = "amazon";
-      #     specialArgs = { inherit (globals) hostnames; };
-      #   };
-      #   arrow.iso.x86_64-linux = lib.generateImage {
-      #     system = "x86_64-linux";
-      #     format = "iso";
-      #     specialArgs = { inherit (globals) hostnames; };
-      #   };
-      # };
-
      generators = builtins.mapAttrs (
+        # x86_64-linux = { arrow = ...; swan = ...; }
        system: hosts:
-        builtins.mapAttrs (name: module: {
-          aws = lib.generateImage {
+        (lib.concatMapAttrs (name: module: {
+          "${name}-aws" = lib.generateImage {
            inherit system module;
            format = "amazon";
-            specialArgs = { inherit (globals) hostnames; };
+            specialArgs = { inherit hostnames; };
          };
-          iso = lib.generateImage {
+          "${name}-iso" = lib.generateImage {
            inherit system module;
            format = "iso";
-            specialArgs = { inherit (globals) hostnames; };
+            specialArgs = { inherit hostnames; };
          };
-        }) hosts
-      ) lib.linuxHosts;
+          "${name}-qcow" = lib.generateImage {
+            inherit system module;
+            format = "qcow-efi";
+            specialArgs = { inherit hostnames; };
+            # extraModules = [ "${nixpkgs}/nixos/modules/virtualisation/oci-image.nix" ];
+          };
+        }) hosts)
+      ) lib.linuxHosts # x86_64-linux = { arrow = ...; swan = ...; }
+      ;
+
+      # packages =
+      #   lib.forSystems lib.linuxSystems (
+      #     system: generateImagesForHosts system // lib.pkgsBySystem.${system}.nmasur
+      #   )
+      #   // lib.forSystems lib.darwinSystems (system: lib.pkgsBySystem.${system}.nmasur);

      packages = lib.forAllSystems (
        system:
-        # Get the configurations that we normally use
-        {
-          nixosConfigurations = nixosConfigurations.${system};
-          darwinConfigurations = darwinConfigurations.${system};
-          homeConfigurations = homeConfigurations.${system};
-          generators = generators.${system};
-        }
-        //
-          # Get the custom packages that I have placed under the nmasur namespace
+        # Share the custom packages that I have placed under the nmasur namespace
        lib.pkgsBySystem.${system}.nmasur
+        //
+          # Share generated images for each relevant host
+          (if (lib.hasInfix "linux" system) then generators.${system} else { })
+
+        # //
+        #   # Oracle
+        #   {
+        #     flame-oci = nixosConfigurations.flame.config.system.build.OCIImage;
+        #   }
      );

      # Development environments
@@ -315,6 +283,6 @@
      );

      # Templates for starting other projects quickly
-      templates = (import ./templates nixpkgs.lib);
+      templates = (import ./templates { inherit lib; });
    };
 }
--- a/hosts/aarch64-darwin/lookingglass/default.nix
+++ b/hosts/aarch64-darwin/lookingglass/default.nix
@@ -21,6 +21,7 @@ rec {
    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
+      host = "lookingglass";
    };
    nmasur.profiles = {
      common.enable = true;
--- a/hosts/aarch64-linux/flame/default.nix
+++ b/hosts/aarch64-linux/flame/default.nix
@@ -23,30 +23,32 @@ rec {
    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
+      host = networking.hostName;
    };
    nmasur.profiles = {
      common.enable = true;
      linux-base.enable = true;
      power-user.enable = true;
    };
+    nmasur.presets.programs.helix.enable = true;
    home.stateVersion = "23.05";
  };

  system.stateVersion = "23.05";
  # File systems must be declared in order to boot

-  # This is the root filesystem containing NixOS
-  # I forgot to set a clean label for it
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
-    fsType = "ext4";
-  };
+  # # This is the root filesystem containing NixOS
+  # # I forgot to set a clean label for it
+  # fileSystems."/" = {
+  #   device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
+  #   fsType = "ext4";
+  # };

-  # This is the boot filesystem for systemd-boot
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/D5CA-237A";
-    fsType = "vfat";
-  };
+  # # This is the boot filesystem for systemd-boot
+  # fileSystems."/boot" = {
+  #   device = "/dev/disk/by-uuid/D5CA-237A";
+  #   fsType = "vfat";
+  # };

  # Allows private remote access over the internet
  nmasur.presets.services.cloudflared = {
@@ -56,4 +58,111 @@ rec {
      ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
    };
  };
+
+  # Taken from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-common.nix
+
+  # fileSystems."/" = {
+  #   device = "/dev/disk/by-label/nixos";
+  #   fsType = "ext4";
+  #   autoResize = true;
+  # };
+
+  # fileSystems."/boot" = {
+  #   device = "/dev/disk/by-label/ESP";
+  #   fsType = "vfat";
+  # };
+
+  boot.loader.efi.canTouchEfiVariables = false;
+  boot.loader.grub = {
+    device = "nodev";
+    splashImage = null;
+    extraConfig = ''
+      serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
+      terminal_input --append serial
+      terminal_output --append serial
+    '';
+    efiInstallAsRemovable = true;
+    efiSupport = true;
+  };
+  boot.loader.systemd-boot.enable = false;
+
+  # https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/configuringntpservice.htm#Configuring_the_Oracle_Cloud_Infrastructure_NTP_Service_for_an_Instance
+  networking.timeServers = [ "169.254.169.254" ];
+
+  boot.growPartition = true;
+  boot.kernelParams = [
+    "net.ifnames=0"
+
+    "nvme.shutdown_timeout=10"
+    "nvme_core.shutdown_timeout=10"
+    "libiscsi.debug_libiscsi_eh=1"
+    "crash_kexec_post_notifiers"
+
+    # aarch64-linux
+    "console=ttyAMA0,115200n8"
+
+    # VNC console
+    "console=tty1"
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "virtio_net"
+    "virtio_pci"
+    "virtio_mmio"
+    "virtio_blk"
+    "virtio_scsi"
+    "9p"
+    "9pnet_virtio"
+  ];
+  boot.initrd.kernelModules = [
+    "virtio_balloon"
+    "virtio_console"
+    "virtio_rng"
+    "virtio_gpu"
+  ];
+
+  networking.useDHCP = true;
+  # networking = {
+  #   defaultGateway = "10.0.0.1";
+  #   interfaces.eth0 = {
+  #     ipAddress = throw "set your own";
+  #     prefixLength = 24;
+  #   };
+  # };
+
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        # device = "/dev/oracleoci/oraclevda"; # Consistent volume naming
+        device = "/dev/sda"; # Consistent volume naming
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+
+  # # Otherwise the instance may not have a working network-online.target,
+  # # making the fetch-ssh-keys.service fail
+  # networking.useNetworkd = true;
 }
--- a/hosts/x86_64-darwin/readme.md
+++ b/hosts/x86_64-darwin/readme.md
@@ -0,0 +1 @@
+# No x86 Darwin Hosts Currently
--- a/hosts/x86_64-linux/arrow/default.nix
+++ b/hosts/x86_64-linux/arrow/default.nix
@@ -19,6 +19,7 @@ rec {
    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
+      host = networking.hostName;
    };
    nmasur.profiles = {
      common.enable = true;
@@ -29,4 +30,18 @@ rec {

  system.stateVersion = "23.05";

+  # These filesystems are ignored by nixos-generators
+
+  # This is the root filesystem containing NixOS
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+  };
+
+  # This is the boot filesystem for Grub
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+  };
+
 }
--- a/hosts/x86_64-linux/hydra/default.nix
+++ b/hosts/x86_64-linux/hydra/default.nix
@@ -19,6 +19,7 @@ rec {
    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
+      host = networking.hostName;
    };
    nmasur.profiles = {
      common.enable = true;
@@ -30,4 +31,24 @@ rec {

  system.stateVersion = "23.05";

+  # This is the root filesystem containing NixOS
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+  };
+
+  # This is the boot filesystem for Grub
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+  };
+
+  # Not sure what's necessary but too afraid to remove anything
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "nvme"
+    "usb_storage"
+    "sd_mod"
+  ];
 }
--- a/hosts/x86_64-linux/staff/default.nix
+++ b/hosts/x86_64-linux/staff/default.nix
@@ -23,6 +23,7 @@ rec {
    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
+      host = networking.hostName;
    };
    nmasur.profiles = {
      common.enable = true;
@@ -41,6 +42,9 @@ rec {
  # Not sure what's necessary but too afraid to remove anything
  # File systems must be declared in order to boot

+  # Required to have a boot loader to work
+  boot.loader.systemd-boot.enable = true;
+
  # This is the root filesystem containing NixOS
  fileSystems."/" = {
    device = "/dev/disk/by-label/nixos";
--- a/hosts/x86_64-linux/swan/default.nix
+++ b/hosts/x86_64-linux/swan/default.nix
@@ -14,20 +14,25 @@ rec {
    server.enable = true;
    home.enable = true;
    nas.enable = true;
+    shared-media.enable = true;
  };

  home-manager.users."noah" = {
    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
+      host = networking.hostName;
    };
    nmasur.profiles = {
      common.enable = true;
      linux-base.enable = true;
+      power-user.enable = true;
    };
    home.stateVersion = "23.05";
  };

+  system.stateVersion = "23.05";
+
  # Not sure what's necessary but too afraid to remove anything
  boot.initrd.availableKernelModules = [
    "xhci_pci"
@@ -63,7 +68,7 @@ rec {
  # Sets root ext4 filesystem instead of declaring it manually
  disko = {
    enableConfig = true;
-    devices = (import ../../../disks/root.nix { disk = "/dev/nvme0n1"; });
+    devices = (import ./root.nix { disk = "/dev/nvme0n1"; });
  };

  # Allows private remote access over the internet
--- a/hosts/x86_64-linux/tempest/default.nix
+++ b/hosts/x86_64-linux/tempest/default.nix
@@ -17,10 +17,13 @@ rec {
    gaming.enable = true;
  };

+  nmasur.presets.services.grub.enable = true;
+
  home-manager.users."noah" = {
    nmasur.settings = {
      username = nmasur.settings.username;
      fullName = nmasur.settings.fullName;
+      host = networking.hostName;
    };
    nmasur.profiles = {
      common.enable = true;
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -66,6 +66,8 @@ lib
  overlays = [
    inputs.nur.overlays.default
    inputs.nix2vim.overlay
+    inputs.zellij-switch.overlays.default
+    inputs.helix.overlays.default
  ] ++ (importOverlays ../overlays);

  # System types to support.
@@ -186,7 +188,15 @@ lib
    amazon = {
      aws.enable = true;
    };
-    iso = { };
+    iso = {
+      nmasur.profiles.wsl.enable = lib.mkForce false;
+      boot.loader.grub.enable = lib.mkForce false;
+    };
+    qcow-efi = {
+      nmasur.profiles.wsl.enable = lib.mkForce false;
+      boot.loader.grub.enable = lib.mkForce false;
+      fileSystems."/boot".device = lib.mkForce "/dev/disk/by-label/ESP";
+    };
  };

  generateImage =
@@ -198,6 +208,7 @@ lib
    }:
    inputs.nixos-generators.nixosGenerate {
      inherit system format;
+      pkgs = pkgsBySystem.${system};
      modules = [
        inputs.home-manager.nixosModules.home-manager
        inputs.disko.nixosModules.disko
--- a/modules/common/shell/work.nix
+++ b/modules/common/shell/work.nix
@@ -0,0 +1,67 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+{
+
+  home-manager.users.${config.user} = lib.mkIf pkgs.stdenv.isDarwin {
+
+    home.packages =
+      let
+        ldap_scheme = "ldaps";
+        magic_prefix = "take";
+        ldap_port = 3269;
+        jq_parse = pkgs.writeShellScriptBin "ljq" ''
+          jq --slurp \
+            --raw-input 'split("\n\n")|map(split("\n")|map(select(.[0:1]!="#" and length>0)) |select(length > 0)|map(capture("^(?<key>[^:]*:?): *(?<value>.*)") |if .key[-1:.key|length] == ":" then .key=.key[0:-1]|.value=(.value|@base64d) else . end)| group_by(.key) | map({key:.[0].key,value:(if .|length > 1 then [.[].value] else .[].value end)}) | from_entries)' | jq -r 'del(.[].thumbnailPhoto)'
+        '';
+        ldap_script = pkgs.writeShellScriptBin "ldap" ''
+          if ! [ "$LDAP_HOST" ]; then
+              echo "No LDAP_HOST specified!"
+              exit 1
+          fi
+          SEARCH_FILTER="$@"
+          ldapsearch -LLL \
+              -B -o ldif-wrap=no \
+              -E pr=5000/prompt \
+              -H "${ldap_scheme}://''${LDAP_HOST}:${builtins.toString ldap_port}" \
+              -D "${pkgs.lib.toUpper magic_prefix}2\\${pkgs.lib.toLower config.user}" \
+              -w "$(${pkgs._1password-cli}/bin/op item get T2 --fields label=password --reveal)" \
+              -b "dc=''${LDAP_HOST//./,dc=}" \
+              -s "sub" -x "(cn=''${SEARCH_FILTER})" \
+              | ${jq_parse}/bin/ljq
+        '';
+        ldapm_script = pkgs.writeShellScriptBin "ldapm" ''
+          if ! [ "$LDAP_HOST" ]; then
+              echo "No LDAP_HOST specified!"
+              exit 1
+          fi
+          ${ldap_script}/bin/ldap "$@" | jq '[ .[].memberOf] | add'
+        '';
+        ldapg_script = pkgs.writeShellScriptBin "ldapg" ''
+          if ! [ "$LDAP_HOST" ]; then
+              echo "No LDAP_HOST specified!"
+              exit 1
+          fi
+          ${ldap_script}/bin/ldap "$@" | jq '[ .[].member] | add'
+        '';
+        ldapl_script = pkgs.writeShellScriptBin "ldapl" ''
+          if ! [ "$LDAP_HOST" ]; then
+              echo "No LDAP_HOST specified!"
+              exit 1
+          fi
+          ${ldap_script}/bin/ldap "*$@*" | jq -r '.[].name'
+        '';
+      in
+      [
+        ldap_script
+        ldapm_script
+        ldapg_script
+        ldapl_script
+        jq_parse
+      ];
+  };
+}
--- a/modules/darwin/homebrew.nix
+++ b/modules/darwin/homebrew.nix
@@ -0,0 +1,56 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
+
+  # Homebrew - Mac-specific packages that aren't in Nix
+  config = lib.mkIf pkgs.stdenv.isDarwin {
+
+    # # Requires Homebrew to be installed
+    system.activationScripts.preActivation.text = ''
+      if ! xcode-select --version 2>/dev/null; then
+        $DRY_RUN_CMD xcode-select --install
+      fi
+      if ! /opt/homebrew/bin/brew --version 2>/dev/null; then
+        $DRY_RUN_CMD /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+      fi
+    '';
+
+    # Add homebrew paths to CLI path
+    home-manager.users.${config.user}.home.sessionPath = [
+      "/opt/homebrew/bin/"
+      "/opt/homebrew/opt/trash/bin/"
+    ];
+
+    homebrew = {
+      enable = true;
+      onActivation = {
+        autoUpdate = false; # Don't update during rebuild
+        cleanup = "zap"; # Uninstall all programs not declared
+        upgrade = true;
+      };
+      global = {
+        brewfile = true; # Run brew bundle from anywhere
+        lockfiles = false; # Don't save lockfile (since running from anywhere)
+      };
+      brews = [
+        "trash" # Delete files and folders to trash instead of rm
+      ];
+      casks = [
+        "1password" # 1Password will not launch from Nix on macOS
+        # "gitify" # Git notifications in menu bar (downgrade manually from 4.6.1)
+        "keybase" # GUI on Nix not available for macOS
+        # "logitech-g-hub" # Mouse and keyboard management
+        "logitune" # Logitech webcam firmware
+        "meetingbar" # Show meetings in menu bar
+        "scroll-reverser" # Different scroll style for mouse vs. trackpad
+        "notunes" # Don't launch Apple Music with the play button
+        "steam" # Not packaged for Nixon macOS
+        "epic-games" # Not packaged for Nix
+      ];
+    };
+  };
+}
--- a/pkgs/applications/editors/neovim/nmasur/neovim/config/colors.nix
+++ b/pkgs/applications/editors/neovim/nmasur/neovim/config/colors.nix
@@ -9,7 +9,7 @@
  # Sets Neovim colors based on Nix colorscheme

  options.colors = lib.mkOption {
-    type = lib.types.attrsOf lib.types.str;
+    type = lib.types.nullOr (lib.types.attrsOf lib.types.str);
    description = "Attrset of base16 colorscheme key value pairs.";
    default = {
      # Nord
@@ -32,7 +32,7 @@
    };
  };

-  config = {
+  config = lib.mkIf (config.colors != null) {
    plugins = [ pkgs.vimPlugins.base16-nvim ];
    setup.base16-colorscheme = config.colors;

--- a/pkgs/applications/editors/neovim/nmasur/neovim/config/lsp.nix
+++ b/pkgs/applications/editors/neovim/nmasur/neovim/config/lsp.nix
@@ -8,9 +8,9 @@
 {

  # Terraform optional because non-free
-  options.terraform = lib.mkEnableOption "Whether to enable Terraform LSP";
-  options.github = lib.mkEnableOption "Whether to enable GitHub features";
-  options.kubernetes = lib.mkEnableOption "Whether to enable Kubernetes features";
+  options.enableTerraform = lib.mkEnableOption "Whether to enable Terraform LSP";
+  options.enableGithub = lib.mkEnableOption "Whether to enable GitHub features";
+  options.enableKubernetes = lib.mkEnableOption "Whether to enable Kubernetes features";

  config = {
    plugins = [
@@ -54,7 +54,7 @@

    use.lspconfig.terraformls.setup = dsl.callWith {
      cmd =
-        if config.terraform then
+        if config.enableTerraform then
          [
            "${pkgs.terraform-ls}/bin/terraform-ls"
            "serve"
@@ -93,7 +93,7 @@
        nix = [ "nixfmt" ];
        rust = [ "rustfmt" ];
        sh = [ "shfmt" ];
-        terraform = if config.terraform then [ "terraform_fmt" ] else [ ];
+        terraform = if config.enableTerraform then [ "terraform_fmt" ] else [ ];
        hcl = [ "hcl" ];
      };
      formatters = {
@@ -110,7 +110,7 @@
            "-ci"
          ];
        };
-        terraform_fmt.command = if config.terraform then "${pkgs.terraform}/bin/terraform" else "";
+        terraform_fmt.command = if config.enableTerraform then "${pkgs.terraform}/bin/terraform" else "";
        hcl.command = "${pkgs.hclfmt}/bin/hclfmt";
      };
    };
--- a/pkgs/applications/editors/neovim/nmasur/neovim/config/toggleterm.nix
+++ b/pkgs/applications/editors/neovim/nmasur/neovim/config/toggleterm.nix
@@ -18,7 +18,7 @@

  lua = ''
    ${builtins.readFile ./toggleterm.lua}
-    ${if config.github then (builtins.readFile ./github.lua) else ""}
-    ${if config.kubernetes then (builtins.readFile ./kubernetes.lua) else ""}
+    ${if config.enableGithub then (builtins.readFile ./github.lua) else ""}
+    ${if config.enableKubernetes then (builtins.readFile ./kubernetes.lua) else ""}
  '';
 }
--- a/pkgs/applications/editors/neovim/nmasur/neovim/package.nix
+++ b/pkgs/applications/editors/neovim/nmasur/neovim/package.nix
@@ -29,9 +29,9 @@
 {
  pkgs,
  colors ? null,
-  terraform ? false,
-  github ? false,
-  kubernetes ? false,
+  enableTerraform ? false,
+  enableGithub ? false,
+  enableKubernetes ? false,
  ...
 }:

@@ -41,9 +41,9 @@ pkgs.neovimBuilder {
  package = pkgs.neovim-unwrapped;
  inherit
    colors
-    terraform
-    github
-    kubernetes
+    enableTerraform
+    enableGithub
+    enableKubernetes
    ;
  imports = [
    ./config/align.nix
--- a/pkgs/mathesar/package.nix
+++ b/pkgs/mathesar/package.nix
@@ -0,0 +1,295 @@
+{
+  runtimeShell,
+  python313,
+  python313Packages,
+  fetchFromGitHub,
+  fetchPypi,
+  fetchurl,
+  gettext,
+  unzip,
+  ...
+}:
+let
+
+  django-modern-rpc = python313Packages.buildPythonPackage rec {
+    pname = "django_modern_rpc";
+    version = "1.1.0";
+    src = fetchPypi {
+      inherit pname version;
+      hash = "sha256-+LBIfkBxe9lvfZIqPI2lFSshTZBL1NpmCWBAgToyJns=";
+    };
+    doCheck = false;
+    pyproject = true;
+    build-system = [
+      python313Packages.setuptools
+      python313Packages.wheel
+      python313Packages.poetry-core
+    ];
+  };
+  django-property-filter = python313Packages.buildPythonPackage rec {
+    pname = "django_property_filter";
+    version = "1.3.0";
+    src = fetchPypi {
+      inherit pname version;
+      hash = "sha256-dpsF4hm0S4lQ6tIRJ0bXgPjWTr1fq1NSCZP0M6L4Efk=";
+    };
+    doCheck = false;
+    pyproject = true;
+    build-system = [
+      python313Packages.setuptools
+      python313Packages.wheel
+      python313Packages.django
+      python313Packages.django-filter
+    ];
+  };
+  django-fernet-encrypted-fields = python313Packages.buildPythonPackage rec {
+    pname = "django-fernet-encrypted-fields";
+    version = "0.3.0";
+    src = fetchPypi {
+      inherit pname version;
+      hash = "sha256-OAMb2vFySm6IXuE3zGaivX3DcmxDjhiep+RHmewLqbM=";
+    };
+    doCheck = false;
+    pyproject = true;
+    build-system = [
+      python313Packages.setuptools
+      python313Packages.wheel
+    ];
+    propagatedBuildInputs = with python313Packages; [
+      django
+      cryptography
+    ];
+  };
+  drf-access-policy = python313Packages.buildPythonPackage rec {
+    pname = "drf-access-policy";
+    version = "1.5.0";
+    src = fetchPypi {
+      inherit pname version;
+      hash = "sha256-EsahQYIgjUBUSi/W8GXbc7pvYLPRJ6kpJg6A3RkrjL8=";
+    };
+    doCheck = false;
+    pyproject = true;
+    build-system = [
+      python313Packages.setuptools
+      python313Packages.wheel
+    ];
+    propagatedBuildInputs = with python313Packages; [
+      pyparsing
+      djangorestframework
+    ];
+  };
+
+  pythonPkg = python313.override {
+    self = python313;
+    packageOverrides = pyfinal: pyprev: {
+      inherit
+        django-modern-rpc
+        django-property-filter
+        django-fernet-encrypted-fields
+        drf-access-policy
+        # psycopg-binary
+        ;
+    };
+  };
+
+  python = pythonPkg.withPackages (
+    ps: with ps; [
+      gunicorn
+      django
+      clevercsv
+      django
+      dj-database-url
+      django-filter
+      django-modern-rpc
+      django-property-filter
+      djangorestframework
+      django-fernet-encrypted-fields
+      drf-access-policy
+      frozendict
+      gunicorn
+      psycopg
+      # psycopg-binary
+      psycopg2-binary
+      requests
+      sqlalchemy
+      whitenoise
+    ]
+  );
+
+  staticAssets = fetchurl {
+    url = "https://github.com/mathesar-foundation/mathesar/releases/download/0.2.2/static_files.zip";
+    sha256 = "sha256-1X2zFpCSwilUxhqHlCw/tg8C5zVcVL6CxDa9yh0ylGA=";
+  };
+
+in
+python313Packages.buildPythonApplication rec {
+  pname = "mathesar";
+  version = "0.2.2";
+  src = fetchFromGitHub {
+    owner = "mathesar-foundation";
+    repo = "mathesar";
+    rev = version;
+    sha256 = "sha256-LHxFJpPV0GJfokSPzfZQO44bBg/+QjXsk04Ry9uhUAs=";
+  };
+  format = "other";
+  nativeBuildInputs = [ unzip ];
+  propagatedBuildInputs = [
+    python.pkgs.gunicorn
+    python.pkgs.django
+  ];
+  buildInputs = [
+    gettext
+  ];
+  dependencies = [
+    pythonPkg.pkgs.clevercsv
+    pythonPkg.pkgs.django
+    pythonPkg.pkgs.dj-database-url
+    pythonPkg.pkgs.django-filter
+    pythonPkg.pkgs.django-modern-rpc
+    pythonPkg.pkgs.django-property-filter
+    pythonPkg.pkgs.djangorestframework
+    pythonPkg.pkgs.django-fernet-encrypted-fields
+    pythonPkg.pkgs.drf-access-policy
+    pythonPkg.pkgs.frozendict
+    pythonPkg.pkgs.gunicorn
+    pythonPkg.pkgs.psycopg
+    pythonPkg.pkgs.psycopg2-binary
+    pythonPkg.pkgs.requests
+    pythonPkg.pkgs.sqlalchemy
+    pythonPkg.pkgs.whitenoise
+  ];
+
+  # Manually unzip the extra zip file into a temporary directory
+  postUnpack = ''
+    mkdir -p $TMPDIR/unzipped
+    unzip ${staticAssets} -d $TMPDIR/unzipped
+  '';
+
+  # Override the default build phase to prevent it from looking for setup.py
+  # Add any non-Python build commands here if needed (e.g., building frontend assets)
+  buildPhase = ''
+    runHook preBuild
+
+    echo "Skipping standard Python build phase; application files copied in installPhase."
+    # If you had frontend assets to build, you'd run the command here, e.g.:
+    # npm install
+    # npm run build
+
+    runHook postBuild
+  '';
+
+  # This copies the application code into the Nix store output
+  installPhase = ''
+    runHook preInstall
+
+    # Destination: python's site-packages directory within $out
+    # This makes 'import mathesar', 'import db', etc. work more easily.
+    INSTALL_PATH="$out/lib/${python.libPrefix}/site-packages/${pname}"
+    mkdir -p "$INSTALL_PATH"
+
+    echo "Copying application code to $INSTALL_PATH"
+
+    # Copy all essential source directories needed at runtime
+    # Adjust this list based on mathesar's actual structure and runtime needs!
+    cp -r mathesar "$INSTALL_PATH/"
+    cp -r db "$INSTALL_PATH/"
+    cp -r config "$INSTALL_PATH/"
+    cp -r translations "$INSTALL_PATH/"
+    cp -r mathesar_ui "$INSTALL_PATH/" # If needed
+
+    # Copy the management script
+    cp manage.py "$INSTALL_PATH/"
+
+    # Copy assets from unzipped directory
+    mkdir -p "$INSTALL_PATH/mathesar/static/mathesar"
+    cp -r $TMPDIR/unzipped/static_files/* "$INSTALL_PATH/mathesar/static/mathesar"
+
+    # Create wrapper scripts in $out/bin for easy execution
+
+    mkdir -p $out/bin
+
+    # Wrapper for manage.py
+    # It ensures the app code is in PYTHONPATH and runs manage.py
+    echo "Creating manage.py wrapper..."
+    cat <<EOF > $out/bin/mathesar-manage
+    #!${python.interpreter}
+    import os
+    import sys
+
+    # Add the installation path to the Python path
+    sys.path.insert(0, "$INSTALL_PATH")
+
+    # Set DJANGO_SETTINGS_MODULE environment variable if required by mathesar
+    # You might need to adjust 'config.settings.production' to the actual settings file used
+    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'config.settings.production')
+
+    # Change directory to where manage.py is, if necessary for relative paths
+    # os.chdir("$INSTALL_PATH")
+
+    print(f"Running manage.py from: $INSTALL_PATH/manage.py")
+    print(f"Python path includes: $INSTALL_PATH")
+    print(f"Executing with args: {sys.argv[1:]}")
+
+    # Find manage.py and execute it
+    manage_py_path = os.path.join("$INSTALL_PATH", "manage.py")
+    if not os.path.exists(manage_py_path):
+        print(f"Error: manage.py not found at {manage_py_path}", file=sys.stderr)
+        sys.exit(1)
+
+    # Prepare arguments for execute_from_command_line
+    # The first argument should be the script name itself
+    argv = [manage_py_path] + sys.argv[1:]
+
+    try:
+        from django.core.management import execute_from_command_line
+        execute_from_command_line(argv)
+    except Exception as e:
+        print(f"Error executing manage.py: {e}", file=sys.stderr)
+        # Optionally re-raise or exit with error
+        import traceback
+        traceback.print_exc()
+        sys.exit(1)
+
+    EOF
+    chmod +x $out/bin/mathesar-manage
+
+    # Wrapper for install
+    echo "Creating install wrapper..."
+    cat <<EOF > $out/bin/mathesar-install
+    #!${runtimeShell}
+    # Add the app to the Python Path
+    export PYTHONPATH="$INSTALL_PATH:\${"PYTHONPATH:-"}"
+
+    # Set Django settings module if needed
+    export DJANGO_SETTINGS_MODULE='config.settings.production'
+
+    # Change to the app directory
+    cd "$INSTALL_PATH"
+    ${python}/bin/python -m mathesar.install
+    EOF
+    chmod +x $out/bin/mathesar-install
+
+    # Wrapper for gunicorn (example)
+    # Assumes mathesar uses a standard wsgi entry point, e.g., config/wsgi.py
+    # Adjust 'config.wsgi:application' if necessary
+    echo "Creating gunicorn wrapper..."
+    cat <<EOF > $out/bin/mathesar-gunicorn
+    #!${runtimeShell}
+    # Add the app to the Python Path
+    export PYTHONPATH="$INSTALL_PATH:\${"PYTHONPATH:-"}"
+
+    # Set Django settings module if needed
+    export DJANGO_SETTINGS_MODULE='config.settings.production'
+
+    # Change to the app directory if gunicorn needs it
+    # cd "$INSTALL_PATH"
+
+    # Execute gunicorn, passing along any arguments
+    # Ensure the gunicorn package is in propagatedBuildInputs
+    exec ${python}/bin/gunicorn config.wsgi:application "\$@"
+    EOF
+    chmod +x $out/bin/mathesar-gunicorn
+
+    runHook postInstall
+  '';
+}
--- a/pkgs/misc/bypass-paywalls-clean/package.nix
+++ b/pkgs/misc/bypass-paywalls-clean/package.nix
@@ -5,11 +5,11 @@

 pkgs.stdenv.mkDerivation rec {
  pname = "bypass-paywalls-clean";
-  version = "4.0.6.1";
+  version = "4.1.1.4";
  src = builtins.fetchGit {
-    url = "https://gitflic.ru/project/magnolia1234/bpc_uploads.git";
+    url = "https://git.masu.rs/noah/bpc-uploads.git";
    ref = "main";
-    rev = "85a367220f5ae2181354f65fb1093e2f1ac9e417";
+    rev = "9166b13355721b047878f259e04c2e9b476b4210";
  };
  preferLocalBuild = true;
  allowSubstitutes = true;
--- a/pkgs/prometheus-actual-exporter/package.nix
+++ b/pkgs/prometheus-actual-exporter/package.nix
@@ -0,0 +1,91 @@
+{
+  lib,
+  fetchFromGitHub,
+  nodejs_20,
+  buildNpmPackage,
+  nodePackages,
+  python3,
+  gcc,
+  gnumake,
+}:
+let
+
+in
+
+buildNpmPackage (finalAttrs: rec {
+  pname = "prometheus-actual-exporter";
+
+  version = "1.1.5";
+
+  src = fetchFromGitHub {
+    owner = "sakowicz";
+    repo = "actual-budget-prometheus-exporter";
+    tag = version;
+    hash = "sha256-DAmWr1HngxAjhOJW9OnMfDqpxBcZT+Tpew/w/YYJIYU=";
+  };
+
+  patches = [ ./tsconfig.patch ];
+
+  npmDepsHash = "sha256-N8xqRYFelolNGTEhG22M7KJ7B5U/uW7o+/XfLF8rHMg=";
+
+  nativeBuildInputs = [
+    nodejs_20
+    nodePackages.typescript
+    python3
+    nodePackages.node-gyp
+    gcc
+    gnumake
+  ];
+
+  postPatch = ''
+    echo "Removing better-sqlite3 install script before npm install"
+    sed -i '/"install"/d' node_modules/better-sqlite3/package.json || true
+    sed -i '/"install"/d' package.json || true
+  '';
+
+  preBuild = ''
+    echo "Disabling prebuilt install script from better-sqlite3"
+    find node_modules/better-sqlite3 -name package.json -exec sed -i '/"install"/d' {} +
+    rm -f node_modules/better-sqlite3/build/Release/better_sqlite3.node || true
+  '';
+
+  buildPhase = ''
+    # export npm_config_build_from_source=true
+    # export npm_config_unsafe_perm=true
+    # export BINARY_SITE=none
+    # export PATH=${nodePackages.node-gyp}/bin:$PATH
+    # export npm_config_node_gyp=${nodePackages.node-gyp}/bin/node-gyp
+
+    # npm rebuild better-sqlite3 --build-from-source --verbose
+
+    npm run build
+  '';
+
+  installPhase = ''
+    mkdir -p $out/{bin,lib}
+    cp -r . $out/lib/prometheus-actual-exporter
+    makeWrapper ${lib.getExe nodejs_20} $out/bin/prometheus-actual-exporter \
+      --add-flags "$out/lib/prometheus-actual-exporter/dist/app.js"
+  '';
+
+  postInstall = ''
+    echo "Removing prebuilt .node and rebuilding better-sqlite3"
+
+    export npm_config_build_from_source=true
+    export npm_config_unsafe_perm=true
+    export BINARY_SITE=none
+    export PATH=${nodePackages.node-gyp}/bin:$PATH
+    export npm_config_node_gyp=${nodePackages.node-gyp}/bin/node-gyp
+
+    sed -i '/"install"/d' node_modules/better-sqlite3/package.json
+    rm -f node_modules/better-sqlite3/build/Release/better_sqlite3.node || true
+
+    npm rebuild better-sqlite3 --build-from-source --verbose
+  '';
+
+  meta = {
+    description = "Prometheus exporter for Actual Budget";
+    homepage = "https://github.com/sakowicz/actual-budget-prometheus-exporter";
+    mainProgram = "prometheus-actual-exporter";
+  };
+})
--- a/pkgs/prometheus-actual-exporter/tsconfig.patch
+++ b/pkgs/prometheus-actual-exporter/tsconfig.patch
@@ -0,0 +1,12 @@
+diff --git a/tsconfig.json b/tsconfig.json
+index 5106135..3a340f6 100644
+--- a/tsconfig.json
+++ b/tsconfig.json
+@@ -8,5 +8,6 @@
+     "skipLibCheck": true,
+     "lib": ["es2020"],
+     "outDir": "./dist"
+-  }
+  },
+  "include": ["src/**/*", "app.ts"]
+ }
--- a/pkgs/slsk-batchdl/nuget-deps.nix
+++ b/pkgs/slsk-batchdl/nuget-deps.nix
@@ -0,0 +1,248 @@
+{ fetchNuGet }:
+[
+  (fetchNuGet {
+    pname = "AngleSharp";
+    version = "1.2.0";
+    hash = "sha256-l8+Var9o773VL6Ybih3boaFf9sYjS7eqtLGd8DCIPsk=";
+  })
+  (fetchNuGet {
+    pname = "EmbedIO";
+    version = "3.5.2";
+    hash = "sha256-e6GfVHXxYeUw3ntCrHokNoAS6mXArO7+vdMeUFnsSo8=";
+  })
+  (fetchNuGet {
+    pname = "Goblinfactory.ProgressBar";
+    version = "1.0.0";
+    hash = "sha256-tV3Fw792zfYhB2dN97VKXBwS5eypqKExgAJy+bcDo8I=";
+  })
+  (fetchNuGet {
+    pname = "Google.Apis";
+    version = "1.69.0";
+    hash = "sha256-/9JN0CZIFZnmGS69ki38RlNzQiwp4yO0MFDeRk1slsg=";
+  })
+  (fetchNuGet {
+    pname = "Google.Apis.Auth";
+    version = "1.69.0";
+    hash = "sha256-T6n3hc+KpgHNqQQeJLOmgHQWkjBvnhIob5giHabREV8=";
+  })
+  (fetchNuGet {
+    pname = "Google.Apis.Core";
+    version = "1.69.0";
+    hash = "sha256-IW1AOY8o6hHkrc/tINsS/VCOUrOSoXb6OCSEF6gamkc=";
+  })
+  (fetchNuGet {
+    pname = "Google.Apis.YouTube.v3";
+    version = "1.69.0.3680";
+    hash = "sha256-3aNScBqmchnDkLejK5HYHiLVVDexrFUtZ6xe8cGP28M=";
+  })
+  (fetchNuGet {
+    pname = "HtmlAgilityPack";
+    version = "1.11.72";
+    hash = "sha256-MRt7yj6+/ORmr2WBERpQ+1gMRzIaPFKddHoB4zZmv2k=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.ApplicationInsights";
+    version = "2.22.0";
+    hash = "sha256-mUQ63atpT00r49ca50uZu2YCiLg3yd6r3HzTryqcuEA=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.AspNetCore.App.Ref";
+    version = "6.0.36";
+    hash = "sha256-9jDkWbjw/nd8yqdzVTagCuqr6owJ/DUMi4BlUZT4hWU=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.Bcl.AsyncInterfaces";
+    version = "9.0.1";
+    hash = "sha256-A3W2Hvhlf1ODx1NYWHwUyziZOGMaDPvXHZ/ubgNLYJA=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.CodeCoverage";
+    version = "17.9.0";
+    hash = "sha256-OaGa4+jRPHs+T+p/oekm2Miluqfd2IX8Rt+BmUx8kr4=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.CSharp";
+    version = "4.7.0";
+    hash = "sha256-Enknv2RsFF68lEPdrf5M+BpV1kHoLTVRApKUwuk/pj0=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.NET.Test.Sdk";
+    version = "17.9.0";
+    hash = "sha256-q/1AJ7eNlk02wvN76qvjl2xBx5iJ+h5ssiE/4akLmtI=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.NETCore.App.Host.linux-x64";
+    version = "6.0.36";
+    hash = "sha256-VFRDzx7LJuvI5yzKdGmw/31NYVbwHWPKQvueQt5xc10=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.NETCore.App.Ref";
+    version = "6.0.36";
+    hash = "sha256-9LZgVoIFF8qNyUu8kdJrYGLutMF/cL2K82HN2ywwlx8=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.Testing.Extensions.Telemetry";
+    version = "1.5.3";
+    hash = "sha256-bIXwPSa3jkr2b6xINOqMUs6/uj/r4oVFM7xq3uVIZDU=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.Testing.Extensions.TrxReport.Abstractions";
+    version = "1.5.3";
+    hash = "sha256-IfMRfcyaIKEMRtx326ICKtinDBEfGw/Sv8ZHawJ96Yc=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.Testing.Extensions.VSTestBridge";
+    version = "1.5.3";
+    hash = "sha256-XpM/yFjhLSsuzyDV+xKubs4V1zVVYiV05E0+N4S1h0g=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.Testing.Platform";
+    version = "1.5.3";
+    hash = "sha256-y61Iih6w5D79dmrj2V675mcaeIiHoj1HSa1FRit2BLM=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.Testing.Platform.MSBuild";
+    version = "1.5.3";
+    hash = "sha256-YspvjE5Jfi587TAfsvfDVJXNrFOkx1B3y1CKV6m7YLY=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.TestPlatform.ObjectModel";
+    version = "17.12.0";
+    hash = "sha256-3XBHBSuCxggAIlHXmKNQNlPqMqwFlM952Av6RrLw1/w=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.TestPlatform.ObjectModel";
+    version = "17.9.0";
+    hash = "sha256-iiXUFzpvT8OWdzMj9FGJDqanwHx40s1TXVY9l3ii+s0=";
+  })
+  (fetchNuGet {
+    pname = "Microsoft.TestPlatform.TestHost";
+    version = "17.9.0";
+    hash = "sha256-1BZIY1z+C9TROgdTV/tq4zsPy7Q71GQksr/LoMKAzqU=";
+  })
+  (fetchNuGet {
+    pname = "MSTest.Analyzers";
+    version = "3.7.3";
+    hash = "sha256-6mNfHtx9FBWA6/QrRUepwbxXWG/54GRyeZYazDiMacg=";
+  })
+  (fetchNuGet {
+    pname = "MSTest.TestAdapter";
+    version = "3.7.3";
+    hash = "sha256-3O/AXeS+3rHWstinivt73oa0QDp+xQpTc9p46EF+Mtc=";
+  })
+  (fetchNuGet {
+    pname = "MSTest.TestFramework";
+    version = "3.7.3";
+    hash = "sha256-RweCMMf14GI6HqjDIP68JM67IaJKYQTZy0jk5Q4DFxs=";
+  })
+  (fetchNuGet {
+    pname = "Newtonsoft.Json";
+    version = "13.0.1";
+    hash = "sha256-K2tSVW4n4beRPzPu3rlVaBEMdGvWSv/3Q1fxaDh4Mjo=";
+  })
+  (fetchNuGet {
+    pname = "Newtonsoft.Json";
+    version = "13.0.3";
+    hash = "sha256-hy/BieY4qxBWVVsDqqOPaLy1QobiIapkbrESm6v2PHc=";
+  })
+  (fetchNuGet {
+    pname = "SmallestCSVParser";
+    version = "1.1.1";
+    hash = "sha256-64E87w+4FcQtYsFIOMGGmYmjXVGBwsBqgLVb7p0wc04=";
+  })
+  (fetchNuGet {
+    pname = "Soulseek";
+    version = "7.1.0";
+    hash = "sha256-n6LUNuPmmy9QYNNALR0ObYyR9LJalf0H8P+SKnoqfFc=";
+  })
+  (fetchNuGet {
+    pname = "SpotifyAPI.Web";
+    version = "7.2.1";
+    hash = "sha256-gbTLJaj7DSXZQlo0xpegZ8HLruMe6WmDyD8+l6YE3hg=";
+  })
+  (fetchNuGet {
+    pname = "SpotifyAPI.Web.Auth";
+    version = "7.2.1";
+    hash = "sha256-uzpyPlXNCuSHrcK4SKH0ydY2HlDKXU51W5ahk2Oqu98=";
+  })
+  (fetchNuGet {
+    pname = "System.Buffers";
+    version = "4.5.1";
+    hash = "sha256-wws90sfi9M7kuCPWkv1CEYMJtCqx9QB/kj0ymlsNaxI=";
+  })
+  (fetchNuGet {
+    pname = "System.CodeDom";
+    version = "7.0.0";
+    hash = "sha256-7IPt39cY+0j0ZcRr/J45xPtEjnSXdUJ/5ai3ebaYQiE=";
+  })
+  (fetchNuGet {
+    pname = "System.Diagnostics.DiagnosticSource";
+    version = "5.0.0";
+    hash = "sha256-6mW3N6FvcdNH/pB58pl+pFSCGWgyaP4hfVtC/SMWDV4=";
+  })
+  (fetchNuGet {
+    pname = "System.IO.Pipelines";
+    version = "9.0.1";
+    hash = "sha256-CnmDanknCGbNnoDjgZw62M/Grg8IMTJDa8x3P07UR2A=";
+  })
+  (fetchNuGet {
+    pname = "System.Management";
+    version = "7.0.2";
+    hash = "sha256-bJ21ILQfbHb8mX2wnVh7WP/Ip7gdVPIw+BamQuifTVY=";
+  })
+  (fetchNuGet {
+    pname = "System.Memory";
+    version = "4.5.5";
+    hash = "sha256-EPQ9o1Kin7KzGI5O3U3PUQAZTItSbk9h/i4rViN3WiI=";
+  })
+  (fetchNuGet {
+    pname = "System.Memory";
+    version = "4.6.0";
+    hash = "sha256-OhAEKzUM6eEaH99DcGaMz2pFLG/q/N4KVWqqiBYUOFo=";
+  })
+  (fetchNuGet {
+    pname = "System.Reflection.Metadata";
+    version = "1.6.0";
+    hash = "sha256-JJfgaPav7UfEh4yRAQdGhLZF1brr0tUWPl6qmfNWq/E=";
+  })
+  (fetchNuGet {
+    pname = "System.Runtime.CompilerServices.Unsafe";
+    version = "6.0.0";
+    hash = "sha256-bEG1PnDp7uKYz/OgLOWs3RWwQSVYm+AnPwVmAmcgp2I=";
+  })
+  (fetchNuGet {
+    pname = "System.Text.Encodings.Web";
+    version = "9.0.1";
+    hash = "sha256-iuAVcTiiZQLCZjDfDqdLLPHqZdZqvFabwLFHiVYdRJo=";
+  })
+  (fetchNuGet {
+    pname = "System.Text.Json";
+    version = "9.0.1";
+    hash = "sha256-2dqE+Mx5eJZ8db74ofUiUXHOSxDCmXw5n9VC9w4fUr0=";
+  })
+  (fetchNuGet {
+    pname = "System.Threading.Tasks.Extensions";
+    version = "4.6.0";
+    hash = "sha256-OwIB0dpcdnyfvTUUj6gQfKW2XF2pWsQhykwM1HNCHqY=";
+  })
+  (fetchNuGet {
+    pname = "System.ValueTuple";
+    version = "4.5.0";
+    hash = "sha256-niH6l2fU52vAzuBlwdQMw0OEoRS/7E1w5smBFoqSaAI=";
+  })
+  (fetchNuGet {
+    pname = "TagLibSharp";
+    version = "2.3.0";
+    hash = "sha256-PD9bVZiPaeC8hNx2D+uDUf701cCaMi2IRi5oPTNN+/w=";
+  })
+  (fetchNuGet {
+    pname = "Unosquare.Swan.Lite";
+    version = "3.1.0";
+    hash = "sha256-PL8N3CqIz/wku8/mkRMC3X868Byv47C20/rBLBhkS3o=";
+  })
+  (fetchNuGet {
+    pname = "YoutubeExplode";
+    version = "6.5.4";
+    hash = "sha256-5sexIiBj5XP9rP5DA0NQ+vHJ9lpjwp00EvVux901WLc=";
+  })
+]
--- a/pkgs/slsk-batchdl/package.nix
+++ b/pkgs/slsk-batchdl/package.nix
@@ -0,0 +1,39 @@
+{
+  lib,
+  buildDotnetModule,
+  fetchFromGitHub,
+  dotnetCorePackages,
+}:
+
+buildDotnetModule rec {
+  pname = "slsk-batchdl";
+  version = "2.4.7";
+
+  src = fetchFromGitHub {
+    owner = "fiso64";
+    repo = "slsk-batchdl";
+    rev = "v${version}";
+    sha256 = "sha256-P7V7YJUA1bkfp13Glb1Q+NJ7iTya/xgO1TM88z1Nddc=";
+  };
+
+  projectFile = "slsk-batchdl/slsk-batchdl.csproj";
+  nugetDeps = ./nuget-deps.nix;
+
+  dotnet-sdk = dotnetCorePackages.sdk_8_0;
+  dotnet-runtime = dotnetCorePackages.runtime_8_0;
+
+  # Patch the project file to use .NET 8
+  postPatch = ''
+    substituteInPlace slsk-batchdl/slsk-batchdl.csproj \
+      --replace-fail "net6.0" "net8.0"
+  '';
+
+  doCheck = false;
+
+  meta = with lib; {
+    description = "A batch downloader for Soulseek";
+    homepage = "https://github.com/fiso64/slsk-batchdl";
+    platforms = platforms.linux;
+    mainProgram = "slsk-batchdl";
+  };
+}
--- a/platforms/generators/aws/default.nix
+++ b/platforms/generators/aws/default.nix
@@ -21,10 +21,12 @@ in
    virtualisation.diskSize = lib.mkDefault (16 * 1024); # In MB

    boot.kernelPackages = lib.mkDefault pkgs.linuxKernel.packages.linux_6_6;
-    boot.loader.systemd-boot.enable = false;
-    boot.loader.efi.canTouchEfiVariables = false;
+    boot.loader.systemd-boot.enable = lib.mkForce false;
+    boot.loader.efi.canTouchEfiVariables = lib.mkForce false; # Default, conflicts with tempest
    services.amazon-ssm-agent.enable = lib.mkDefault true;
    users.users.ssm-user.extraGroups = [ "wheel" ];
-
+    services.udisks2.enable = lib.mkForce false; # Off by default already; conflicts with gvfs for nautilus
+    boot.loader.grub.device = lib.mkForce "/dev/xvda"; # Default, conflicts with tempest
+    boot.loader.grub.efiSupport = lib.mkForce false; # Default, conflicts with tempest
  };
 }
--- a/platforms/home-manager/modules/nmasur/presets/fonts.nix
+++ b/platforms/home-manager/modules/nmasur/presets/fonts.nix
@@ -33,6 +33,7 @@ in
    programs.alacritty.settings.font.normal.family = "VictorMono";
    programs.kitty.font.name = "VictorMono Nerd Font Mono";
    nmasur.presets.programs.wezterm.font = "VictorMono Nerd Font Mono";
+    programs.ghostty.settings.font-family = "VictorMono Nerd Font Mono";
    services.dunst.settings.global.font = "Hack Nerd Font 14";
  };
 }
--- a/platforms/home-manager/modules/nmasur/presets/programs/aerc.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/aerc.nix
@@ -18,6 +18,7 @@ in
    home.packages = with pkgs; [
      w3m # Render HTML
      dante # Socksify for rendering HTML
+      aba # Address book
    ];

    programs.aerc = {
@@ -110,6 +111,7 @@ in
          "<C-j>" = ":next-part<Enter>";
          J = ":next <Enter>";
          K = ":prev<Enter>";
+          aa = ":pipe -m aba parse --all<Enter>";
        };

        "view::passthrough" = {
@@ -183,6 +185,10 @@ in
          "audio/*" = "${pkgs.mpv}/bin/mpv -";
          "image/*" = "${pkgs.feh}/bin/feh -";
        };
+        compose = {
+          editor = config.home.sessionVariables.EDITOR;
+          address-book-cmd = "aba ls \"%s\"";
+        };
      };
    };
    accounts.email.accounts.home.aerc = {
@@ -199,16 +205,25 @@ in
      exec = "${lib.getExe config.nmasur.presets.services.i3.terminal} aerc %u";
    };
    xsession.windowManager.i3.config.keybindings = lib.mkIf pkgs.stdenv.isLinux {
-      "${config.xsession.windowManager.i3.config.modifier}+Shift+e" = "exec ${
+      "${config.xsession.windowManager.i3.config.modifier}+Shift+e" =
+        let
+          terminal = config.nmasur.presets.services.i3.terminal;
+          startupCommand =
+            if terminal == pkgs.wezterm then
+              "start --class com.noah.aerc -- aerc"
+            else
+              "--class=com.noah.aerc --command=aerc";
+        in
+        "exec ${
          # Don't name the script `aerc` or it will affect grep
          builtins.toString (
            pkgs.writeShellScript "focus-mail.sh" ''
              count=$(ps aux | grep -c aerc)
              if [ "$count" -eq 1 ]; then
-                i3-msg "exec --no-startup-id ${lib.getExe config.nmasur.presets.services.i3.terminal} start --class aerc -- aerc"
+                  i3-msg "exec --no-startup-id ${lib.getExe terminal} ${startupCommand}"
                  sleep 0.25
              fi
-            i3-msg "[class=aerc] focus"
+              i3-msg "[class=com.noah.aerc] focus"
            ''
          )
        }";
--- a/platforms/home-manager/modules/nmasur/presets/programs/atuin.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/atuin.nix
@@ -15,6 +15,7 @@ in
  config = lib.mkIf cfg.enable {
    programs.atuin = {
      enable = true;
+      daemon.enable = true;
      flags = [
        "--disable-up-arrow"
        "--disable-ctrl-r"
@@ -33,6 +34,7 @@ in
        secrets_filter = true;
        enter_accept = false;
        keymap_mode = "vim-normal";
+        records = true; # Sync v2
      };
    };

--- a/platforms/home-manager/modules/nmasur/presets/programs/aws-ssh/aws-ssh.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/aws-ssh/aws-ssh.nix
@@ -0,0 +1,19 @@
+{ config, lib, ... }:
+
+let
+  cfg = config.nmasur.presets.programs.aws-ssh;
+in
+
+{
+  options.nmasur.presets.programs.aws-ssh.enable = lib.mkEnableOption "AWS SSH tools";
+
+  config = lib.mkIf cfg.enable {
+
+    # Ignore wine directories in searches
+    home.file.".ssh/aws-ssm-ssh-proxy-command.sh" = {
+      text = builtins.readFile ./aws-ssm-ssh-proxy-command.sh;
+      executable = true;
+    };
+
+  };
+}
--- a/platforms/home-manager/modules/nmasur/presets/programs/aws-ssh/aws-ssm-ssh-proxy-command.sh
+++ b/platforms/home-manager/modules/nmasur/presets/programs/aws-ssh/aws-ssm-ssh-proxy-command.sh
@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+set -eu
+
+################################################################################
+#
+# For documentation see https://github.com/qoomon/aws-ssm-ssh-proxy-command
+#
+################################################################################
+
+getInstanceId() {
+  local instance_name="$1"
+  local instance_id=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=${instance_name}" --query "Reservations[].Instances[?State.Name == 'running'].InstanceId" --output text)
+
+  echo "${instance_id}"
+}
+
+instance_name="$1"
+ssh_user="$2"
+ssh_port="$3"
+ssh_public_key_path="$4"
+
+ec2InstanceIdPattern='^m?i-[0-9a-f]{8,17}$'
+if [[ $instance_name =~ $ec2InstanceIdPattern ]]; then
+  instance_id=$instance_name
+else
+  instance_id=$(getInstanceId "$instance_name")
+
+  if [[ -z $instance_id ]]; then
+    echo "Found no running instances with name \"${instance_name}\"."
+    exit 1
+  else
+    echo "Instance ID for \"${instance_name}\": \"${instance_id}\""
+  fi
+fi
+
+REGION_SEPARATOR='--'
+if echo "$instance_id" | grep -q -e "${REGION_SEPARATOR}"; then
+  export AWS_REGION="${instance_id##*"${REGION_SEPARATOR}"}"
+  instance_id="${instance_id%%"$REGION_SEPARATOR"*}"
+fi
+
+>/dev/stderr echo "Add public key ${ssh_public_key_path} for ${ssh_user} at instance ${instance_id} for 10 seconds"
+ssh_public_key="$(cat "${ssh_public_key_path}")"
+aws ssm send-command \
+  --instance-ids "${instance_id}" \
+  --document-name 'AWS-RunShellScript' \
+  --comment "Add an SSH public key to authorized_keys for 10 seconds" \
+  --parameters commands="
+  \"
+    set -eu
+    
+    mkdir -p ~${ssh_user}/.ssh && cd ~${ssh_user}/.ssh
+
+    authorized_key='${ssh_public_key} ssm-session'
+    
+    echo \\\"\${authorized_key}\\\" >> authorized_keys
+    
+    sleep 10
+    
+    (grep -v -F \\\"\${authorized_key}\\\" authorized_keys || true) > authorized_keys~
+    mv authorized_keys~ authorized_keys
+  \"
+  "
+
+>/dev/stderr echo "Start ssm session to instance ${instance_id}"
+aws ssm start-session \
+  --target "${instance_id}" \
+  --document-name 'AWS-StartSSHSession' \
+  --parameters "portNumber=${ssh_port}"
--- a/platforms/home-manager/modules/nmasur/presets/programs/direnv.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/direnv.nix
@@ -17,6 +17,9 @@ in
    programs.direnv = {
      enable = true;
      nix-direnv.enable = true;
+      config = {
+        global.hide_env_diff = true;
+      };
    };
  };
 }
--- a/platforms/home-manager/modules/nmasur/presets/programs/feishin.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/feishin.nix
@@ -0,0 +1,19 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.presets.programs.feishin;
+in
+
+{
+
+  options.nmasur.presets.programs.feishin.enable = lib.mkEnableOption "Feishin music player";
+
+  config = lib.mkIf cfg.enable {
+    home.packages = [ pkgs.feishin ];
+  };
+}
--- a/platforms/home-manager/modules/nmasur/presets/programs/firefox.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/firefox.nix
@@ -23,7 +23,7 @@ in

    programs.firefox = {
      enable = true;
-      package = if pkgs.stdenv.isDarwin then pkgs.firefox-unwrapped else pkgs.firefox;
+      package = pkgs.firefox;
      profiles.default = {
        id = 0;
        name = "default";
@@ -74,6 +74,8 @@ in
          "svg.context-properties.content.enabled" = true; # Sidebery styling
          "browser.tabs.hoverPreview.enabled" = false; # Disable tab previews
          "browser.tabs.hoverPreview.showThumbnails" = false; # Disable tab previews
+          "browser.gesture.swipe.left" = "cmd_scrollLeft"; # Disable swipe to go back
+          "browser.gesture.swipe.right" = "cmd_scrollRight"; # Disable swipe to go forward
        };
        userChrome = ''
          :root {
--- a/platforms/home-manager/modules/nmasur/presets/programs/fish.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/fish.nix
@@ -24,9 +24,12 @@ in

    nmasur.presets.programs.fish.fish_user_key_bindings = # fish
      ''
+        for mode in insert default visual
            # Shift-Enter (defined by terminal)
-        bind -M insert \x1F accept-autosuggestion
-        bind -M default \x1F accept-autosuggestion
+            bind -M $mode \x1F accept-autosuggestion
+            # Ctrl-f to accept auto-suggestions
+            bind -M $mode \cf forward-char
+        end
      '';

    programs.fish = {
--- a/platforms/home-manager/modules/nmasur/presets/programs/fzf/default.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/fzf/default.nix
@@ -25,7 +25,13 @@ in
      functions = {
        edit = {
          description = "Open a file in Vim";
-          body = builtins.readFile ./fish/edit.fish;
+          body = # fish
+            ''
+              set vimfile (fzf)
+              and set vimfile (echo $vimfile | tr -d '\r')
+              and commandline -r "${builtins.baseNameOf config.home.sessionVariables.EDITOR} \"$vimfile\""
+              and commandline -f execute
+            '';
        };
        fcd = {
          description = "Jump to directory";
@@ -51,11 +57,40 @@ in
        };
        recent = {
          description = "Open a recent file in Vim";
-          body = builtins.readFile ./fish/recent.fish;
+          body = # fish
+            ''
+              set vimfile (fd -t f --exec /usr/bin/stat -f "%m%t%N" | sort -nr | cut -f2 | fzf)
+              and set vimfile (echo $vimfile | tr -d '\r')
+              and commandline -r "${builtins.baseNameOf config.home.sessionVariables.EDITOR} $vimfile"
+              and commandline -f execute
+            '';
        };
        search-and-edit = {
          description = "Search and open the relevant file in Vim";
-          body = builtins.readFile ./fish/search-and-edit.fish;
+          body = # fish
+            ''
+              set vimfile ( \
+                  rg \
+                    --color=always \
+                    --line-number \
+                    --no-heading \
+                    --smart-case \
+                    --iglob "!/Library/**" \
+                    --iglob "!/System/**" \
+                    --iglob "!Users/$HOME/Library/*" \
+                    ".*" \
+                  | fzf --ansi \
+                      --height "80%" \
+                      --color "hl:-1:underline,hl+:-1:underline:reverse" \
+                      --delimiter : \
+                      --preview 'bat --color=always {1} --highlight-line {2}' \
+                      --preview-window 'up,60%,border-bottom,+{2}+3/3,~3'
+              )
+              and set line_number (echo $vimfile | tr -d '\r' | cut -d':' -f2)
+              and set vimfile (echo $vimfile | tr -d '\r' | cut -d':' -f1)
+              and commandline -r "${builtins.baseNameOf config.home.sessionVariables.EDITOR} +$line_number \"$vimfile\""
+              and commandline -f execute
+            '';
        };
      };
      shellAbbrs = {
@@ -77,9 +112,6 @@ in
        # Ctrl-e
        bind -M insert \ce recent
        bind -M default \ce recent
-        # Ctrl-f
-        bind -M insert \cf fcd
-        bind -M default \cf fcd
        # Ctrl-p
        bind -M insert \cp projects
        bind -M default \cp projects
--- a/platforms/home-manager/modules/nmasur/presets/programs/fzf/fish/edit.fish
+++ b/platforms/home-manager/modules/nmasur/presets/programs/fzf/fish/edit.fish
@@ -1,4 +0,0 @@
-set vimfile (fzf)
-and set vimfile (echo $vimfile | tr -d '\r')
-and commandline -r "vim \"$vimfile\""
-and commandline -f execute
--- a/platforms/home-manager/modules/nmasur/presets/programs/fzf/fish/recent.fish
+++ b/platforms/home-manager/modules/nmasur/presets/programs/fzf/fish/recent.fish
@@ -1,4 +0,0 @@
-set vimfile (fd -t f --exec /usr/bin/stat -f "%m%t%N" | sort -nr | cut -f2 | fzf)
-and set vimfile (echo $vimfile | tr -d '\r')
-and commandline -r "vim $vimfile"
-and commandline -f execute
--- a/platforms/home-manager/modules/nmasur/presets/programs/fzf/fish/search-and-edit.fish
+++ b/platforms/home-manager/modules/nmasur/presets/programs/fzf/fish/search-and-edit.fish
@@ -1,21 +0,0 @@
-set vimfile ( \
-    rg \
-      --color=always \
-      --line-number \
-      --no-heading \
-      --smart-case \
-      --iglob "!/Library/**" \
-      --iglob "!/System/**" \
-      --iglob "!Users/$HOME/Library/*" \
-      ".*" \
-    | fzf --ansi \
-        --height "80%" \
-        --color "hl:-1:underline,hl+:-1:underline:reverse" \
-        --delimiter : \
-        --preview 'bat --color=always {1} --highlight-line {2}' \
-        --preview-window 'up,60%,border-bottom,+{2}+3/3,~3'
-)
-and set line_number (echo $vimfile | tr -d '\r' | cut -d':' -f2)
-and set vimfile (echo $vimfile | tr -d '\r' | cut -d':' -f1)
-and commandline -r "vim +$line_number \"$vimfile\""
-and commandline -f execute
--- a/platforms/home-manager/modules/nmasur/presets/programs/ghostty.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/ghostty.nix
@@ -14,6 +14,10 @@ in
  options.nmasur.presets.programs.ghostty.enable = lib.mkEnableOption "Ghostty terminal";

  config = lib.mkIf cfg.enable {
+
+    # Set the i3 terminal
+    nmasur.presets.services.i3.terminal = config.programs.ghostty.package;
+
    programs.ghostty = {
      enable = true;

@@ -22,10 +26,26 @@ in
      enableFishIntegration = true;
      enableBashIntegration = true;
      enableZshIntegration = true;
-      installBatSyntax = true;
+      installBatSyntax = false; # The file doesn't seem to exist in the pkg
      settings = {
        theme = config.theme.name;
        font-size = 16;
+        macos-titlebar-style = "hidden";
+        window-decoration = false;
+        macos-non-native-fullscreen = true;
+        quit-after-last-window-closed = lib.mkIf pkgs.stdenv.isDarwin true;
+        fullscreen = if pkgs.stdenv.isDarwin then true else false;
+        keybind = [
+          "super+t=unbind" # Pass super-t to underlying tool (e.g. zellij tabs)
+          "super+shift+]=unbind"
+          "super+shift+[=unbind"
+          "ctrl+tab=unbind"
+          "ctrl+shift+tab=unbind"
+          "ctrl+tab=text:\\x1b[9;5u"
+          "ctrl+shift+tab=text:\\x1b[9;6u"
+          "super+k=unbind"
+          "super+shift+e=unbind"
+        ];
      };
      themes."gruvbox" = {
        background = config.theme.colors.base00;
--- a/platforms/home-manager/modules/nmasur/presets/programs/git-work.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/git-work.nix
@@ -1,6 +1,5 @@
 {
  config,
-  pkgs,
  lib,
  ...
 }:
@@ -66,6 +65,18 @@ in
      };
    };

+    # Personal jj config
+    programs.jujutsu.settings = {
+      "--scope" = [
+        {
+          "--when".repositories = [ "~/dev/personal" ];
+          user = {
+            name = cfg.personal.name;
+            email = cfg.personal.email;
+          };
+        }
+      ];
+    };
  };

 }
--- a/platforms/home-manager/modules/nmasur/presets/programs/git/default.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/git/default.nix
@@ -32,7 +32,7 @@ in
      userName = cfg.name;
      userEmail = cfg.email;
      extraConfig = {
-        core.pager = "${pkgs.git}/share/git/contrib/diff-highlight/diff-highlight | less -F";
+        core.pager = "${pkgs.git}/share/git/contrib/diff-highlight/diff-highlight | less --no-init";
        interactive.difffilter = "${pkgs.git}/share/git/contrib/diff-highlight/diff-highlight";
        pager = {
          branch = "false";
--- a/platforms/home-manager/modules/nmasur/presets/programs/helix.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/helix.nix
@@ -0,0 +1,454 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.presets.programs.helix;
+in
+
+{
+
+  options.nmasur.presets.programs.helix.enable = lib.mkEnableOption "Helix text editor";
+
+  config = lib.mkIf cfg.enable {
+
+    # Use Neovim as the editor for git commit messages
+    programs.git.extraConfig.core.editor = lib.mkForce "${lib.getExe pkgs.helix}";
+    programs.jujutsu.settings.ui.editor = lib.mkForce "${lib.getExe pkgs.helix}";
+
+    # Set Neovim as the default app for text editing and manual pages
+    home.sessionVariables = {
+      EDITOR = lib.mkForce "${lib.getExe pkgs.helix}";
+      MANPAGER = lib.mkForce "sh -c 'col -bx | ${lib.getExe pkgs.helix}'";
+      MANWIDTH = 87;
+      MANROFFOPT = "-c";
+    };
+
+    # Create quick aliases for launching Helix
+    programs.fish = {
+      shellAbbrs = {
+        h = lib.mkForce "hx";
+      };
+    };
+
+    programs.helix = {
+
+      enable = true;
+
+      package = pkgs.helix; # pkgs.evil-helix
+
+      languages = {
+
+        language-server.nixd = {
+          command = "${pkgs.nixd}/bin/nixd";
+        };
+
+        language-server.fish-lsp = {
+          command = "${pkgs.fish-lsp}/bin/fish-lsp";
+        };
+
+        language-server.yaml-language-server = {
+          command = lib.getExe pkgs.yaml-language-server;
+        };
+
+        language-server.marksman = {
+          command = lib.getExe pkgs.marksman;
+        };
+
+        language-server.terraform-ls = {
+          command = "${lib.getExe pkgs.terraform-ls} serve";
+        };
+
+        language-server.bash-language-server = {
+          command = lib.getExe (
+            pkgs.bash-language-server.overrideAttrs {
+              buildInputs = [
+                pkgs.shellcheck
+                pkgs.shfmt
+              ];
+            }
+          );
+        };
+
+        language = [
+          {
+            name = "nix";
+            auto-format = true;
+            language-servers = [ "nixd" ];
+          }
+          {
+            name = "markdown";
+            auto-format = false;
+            language-servers = [ "marksman" ];
+            formatter = {
+              command = lib.getExe pkgs.mdformat;
+              args = [ "-" ];
+            };
+            # Allows return key to continue the token on the next line
+            comment-tokens = [
+              "-"
+              "+"
+              "*"
+              "- [ ]"
+              ">"
+            ];
+          }
+          {
+            name = "tfvars";
+            auto-format = true;
+            language-servers = [ "terraform-ls" ];
+            formatter = {
+              command = lib.getExe pkgs.terraform;
+              args = [
+                "fmt"
+                "-"
+              ];
+            };
+          }
+          {
+            name = "hcl";
+            auto-format = true;
+            language-servers = [ "terraform-ls" ];
+            formatter = {
+              command = lib.getExe pkgs.terraform;
+              args = [
+                "fmt"
+                "-"
+              ];
+            };
+          }
+          {
+            name = "bash";
+            auto-format = true;
+          }
+        ];
+
+      };
+
+      ignores = [
+        "content/.obsidian/**"
+        ".direnv/**"
+      ];
+
+      settings = {
+        theme = "base16";
+
+        keys.normal = {
+
+          # Use the enter key to save the file
+          ret = ":write";
+
+          # Get out of multiple cursors and selection
+          esc = [
+            "collapse_selection"
+            "keep_primary_selection"
+          ];
+
+          # Quit shortcuts
+          space.q = ":quit-all";
+          space.x = ":quit-all!";
+
+          # Enable and disable inlay hints
+          space.H = ":toggle lsp.display-inlay-hints";
+
+          # Toggle floating pane
+          space.t = ":sh zellij action toggle-floating-panes";
+
+          # Today's note
+          space.n = ":vsplit %sh{fish -c 'generate-today'}";
+
+          # Open lazygit
+          # Unfortunately, this breaks mouse input and the terminal after quitting Helix
+          space.l = [
+            ":write-all"
+            ":new"
+            ":insert-output ${lib.getExe pkgs.lazygit} > /dev/tty"
+            ":buffer-close!"
+            ":redraw"
+            ":reload-all"
+            ":set mouse false"
+            ":set mouse true"
+          ];
+
+          # Commandline git blame
+          space.B = ":echo %sh{git log -n1 --date=short --pretty=format:'%%h %%ad %%s' $(git blame -L %{cursor_line},+1 \"%{buffer_name}\" | cut -d' ' -f1)}";
+
+          # Open yazi
+          # https://github.com/sxyazi/yazi/pull/2461
+          # Won't work until next Helix release
+          C-y = [
+            ":sh rm -f /tmp/unique-file"
+            ":insert-output ${lib.getExe pkgs.yazi} %{buffer_name} --chooser-file=/tmp/unique-file"
+            ":insert-output echo \\x1b[?1049h\\x1b[?2004h > /dev/tty"
+            ":open %sh{cat /tmp/unique-file}"
+            ":redraw"
+          ];
+
+          # Extend selection above
+          X = "select_line_above";
+
+          # Move lines up or down
+          A-j = [
+            "extend_to_line_bounds"
+            "delete_selection"
+            "paste_after"
+          ];
+          A-k = [
+            "extend_to_line_bounds"
+            "delete_selection"
+            "move_line_up"
+            "paste_before"
+          ];
+
+          A-S-ret = [
+            "open_above"
+            "normal_mode"
+          ];
+          A-ret = [
+            "open_below"
+            "normal_mode"
+          ];
+
+        };
+
+        keys.insert = {
+          # Allows not continuing the comment
+          "A-ret" = [
+            "insert_newline"
+            "extend_to_line_bounds"
+            "delete_selection"
+            "insert_newline"
+            "move_line_up"
+            "insert_mode"
+          ];
+        };
+
+        editor = {
+
+          # Change cursors depending on the mode
+          cursor-shape = {
+            insert = "bar";
+            normal = "block";
+            select = "underline";
+          };
+
+          # Text width
+          soft-wrap = {
+            enable = true;
+          };
+
+          # View line numbers relative to the current cursors
+          line-number = "relative";
+
+          # Show hidden files
+          file-picker = {
+            hidden = false; # Show hidden files
+            git-ignore = true; # Skip gitignore files
+            git-global = true; # Skip global gitignore files
+            git-exclude = true; # Skip excluded files
+          };
+
+          # Show whitespace visible to the user
+          # Waiting for trailing whitespace option ideally
+          whitespace = {
+            render = {
+              # space = "all";
+              tab = "all";
+            };
+            characters = {
+              # space = "·";
+              tab = "→";
+            };
+          };
+        };
+
+      };
+
+      themes."${config.programs.helix.settings.theme}" = {
+        "attributes" = config.theme.colors.base09;
+        "comment" = {
+          fg = config.theme.colors.base03;
+          modifiers = [ "italic" ];
+        };
+        "constant" = config.theme.colors.base09;
+        "constant.character.escape" = config.theme.colors.base0C;
+        "constant.numeric" = config.theme.colors.base09;
+        "constructor" = config.theme.colors.base0D;
+        "debug" = config.theme.colors.base03;
+        "diagnostic" = {
+          modifiers = [ "underlined" ];
+        };
+        "diff.delta" = config.theme.colors.base09;
+        "diff.minus" = config.theme.colors.base08;
+        "diff.plus" = config.theme.colors.base0B;
+        "error" = config.theme.colors.base08;
+        "function" = config.theme.colors.base0D;
+        "hint" = config.theme.colors.base03;
+        "info" = config.theme.colors.base0D;
+        "keyword" = config.theme.colors.base0E;
+        "label" = config.theme.colors.base0E;
+        "namespace" = config.theme.colors.base0E;
+        "operator" = config.theme.colors.base05;
+        "special" = config.theme.colors.base0D;
+        "string" = config.theme.colors.base0B;
+        "type" = config.theme.colors.base0A;
+        "variable" = config.theme.colors.base08;
+        "variable.other.member" = config.theme.colors.base05;
+        "warning" = config.theme.colors.base09;
+        "markup.bold" = {
+          fg = config.theme.colors.base0A;
+          modifiers = [ "bold" ];
+        };
+        "markup.heading" = config.theme.colors.base0D;
+        "markup.italic" = {
+          fg = config.theme.colors.base0E;
+          modifiers = [ "italic" ];
+        };
+        "markup.link.text" = config.theme.colors.base08;
+        "markup.link.url" = {
+          fg = config.theme.colors.base09;
+          modifiers = [ "underlined" ];
+        };
+        "markup.list" = config.theme.colors.base08;
+        "markup.quote" = config.theme.colors.base0C;
+        "markup.raw" = config.theme.colors.base0B;
+        "markup.strikethrough" = {
+          modifiers = [ "crossed_out" ];
+        };
+        "diagnostic.hint" = {
+          underline = {
+            style = "curl";
+          };
+        };
+        "diagnostic.info" = {
+          underline = {
+            style = "curl";
+          };
+        };
+        "diagnostic.warning" = {
+          underline = {
+            style = "curl";
+          };
+        };
+        "diagnostic.error" = {
+          underline = {
+            style = "curl";
+          };
+        };
+        "ui.background" = {
+          bg = config.theme.colors.base00;
+        };
+        "ui.bufferline.active" = {
+          fg = config.theme.colors.base00;
+          bg = config.theme.colors.base03;
+          modifiers = [ "bold" ];
+        };
+        "ui.bufferline" = {
+          fg = config.theme.colors.base04;
+          bg = config.theme.colors.base00;
+        };
+        "ui.cursor" = {
+          fg = config.theme.colors.base04;
+          modifiers = [ "reversed" ];
+        };
+        "ui.cursor.insert" = {
+          fg = config.theme.colors.base0A;
+          modifiers = [ "reversed" ];
+        };
+        "ui.cursorline.primary" = {
+          fg = config.theme.colors.base05;
+          bg = config.theme.colors.base01;
+        };
+        "ui.cursor.match" = {
+          fg = config.theme.colors.base03;
+          modifiers = [ "reversed" ];
+        };
+        "ui.cursor.select" = {
+          fg = config.theme.colors.base04;
+          modifiers = [ "reversed" ];
+        };
+        "ui.gutter" = {
+          bg = config.theme.colors.base00;
+        };
+        "ui.help" = {
+          fg = config.theme.colors.base06;
+          bg = config.theme.colors.base01;
+        };
+        "ui.linenr" = {
+          fg = config.theme.colors.base03;
+          bg = config.theme.colors.base00;
+        };
+        "ui.linenr.selected" = {
+          fg = config.theme.colors.base04;
+          bg = config.theme.colors.base01;
+          modifiers = [ "bold" ];
+        };
+        "ui.menu" = {
+          fg = config.theme.colors.base05;
+          bg = config.theme.colors.base01;
+        };
+        "ui.menu.scroll" = {
+          fg = config.theme.colors.base03;
+          bg = config.theme.colors.base01;
+        };
+        "ui.menu.selected" = {
+          fg = config.theme.colors.base01;
+          bg = config.theme.colors.base04;
+        };
+        "ui.popup" = {
+          bg = config.theme.colors.base01;
+        };
+        "ui.selection" = {
+          bg = config.theme.colors.base01;
+        };
+        "ui.selection.primary" = {
+          bg = config.theme.colors.base02;
+        };
+        "ui.statusline" = {
+          fg = config.theme.colors.base04;
+          bg = config.theme.colors.base01;
+        };
+        "ui.statusline.inactive" = {
+          bg = config.theme.colors.base01;
+          fg = config.theme.colors.base03;
+        };
+        "ui.statusline.insert" = {
+          fg = config.theme.colors.base00;
+          bg = config.theme.colors.base0B;
+        };
+        "ui.statusline.normal" = {
+          fg = config.theme.colors.base00;
+          bg = config.theme.colors.base03;
+        };
+        "ui.statusline.select" = {
+          fg = config.theme.colors.base00;
+          bg = config.theme.colors.base0F;
+        };
+        "ui.text" = config.theme.colors.base05;
+        "ui.text.focus" = config.theme.colors.base05;
+        "ui.virtual.indent-guide" = {
+          fg = config.theme.colors.base03;
+        };
+        "ui.virtual.inlay-hint" = {
+          fg = config.theme.colors.base03;
+        };
+        "ui.virtual.ruler" = {
+          bg = config.theme.colors.base01;
+        };
+        "ui.virtual.jump-label" = {
+          fg = config.theme.colors.base0A;
+          modifiers = [ "bold" ];
+        };
+        "ui.window" = {
+          bg = config.theme.colors.base01;
+        };
+      };
+
+    };
+
+  };
+
+}
--- a/platforms/home-manager/modules/nmasur/presets/programs/jujutsu.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/jujutsu.nix
@@ -1,5 +1,6 @@
 {
  config,
+  pkgs,
  lib,
  ...
 }:
@@ -22,8 +23,18 @@ in
          name = config.programs.git.userName;
          email = config.programs.git.userEmail;
        };
+        ui.paginate = "never";
+
+        # Automatically snapshot when files change
+        fsmonitor.backend = "watchman";
+        fsmonitor.watchman.register-snapshot-trigger = true;
      };
    };

+    home.packages = [
+      # Required for the fsmonitor to auto-snapshot
+      pkgs.watchman
+    ];
+
  };
 }
--- a/platforms/home-manager/modules/nmasur/presets/programs/lazygit.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/lazygit.nix
@@ -0,0 +1,96 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.presets.programs.lazygit;
+in
+
+{
+  options.nmasur.presets.programs.lazygit.enable = lib.mkEnableOption "Lazygit git TUI";
+
+  config = lib.mkIf cfg.enable {
+    programs.lazygit = {
+      enable = true;
+      settings = {
+        git.paging = {
+          # useConfig = true;
+          pager = "${pkgs.git}/share/git/contrib/diff-highlight/diff-highlight";
+        };
+        os = {
+          edit = "${config.home.sessionVariables.EDITOR} {{filename}}";
+          editAtLine = "${config.home.sessionVariables.EDITOR} {{filename}}:{{line}}";
+          editAtLineAndWait = "${config.home.sessionVariables.EDITOR} {{filename}}:{{line}}";
+          openDirInEditor = "${config.home.sessionVariables.EDITOR}";
+          open = "${config.home.sessionVariables.EDITOR} {{filename}}";
+        };
+        customCommands = [
+          {
+            key = "N";
+            context = "files";
+            command = "git add -N {{.SelectedFile.Name}}";
+          }
+          {
+            key = "<a-enter>";
+            context = "global";
+            command =
+              let
+                openGitUrl = pkgs.writeShellScriptBin "open-git-url" ''
+                  # Try to get the remote URL using two common methods; suppress stderr for individual commands.
+                  # "git remote get-url origin" is generally preferred.
+                  # "git config --get remote.origin.url" is a fallback.
+                  URL=$(git remote get-url origin 2>/dev/null || git config --get remote.origin.url 2>/dev/null);
+
+                  # Check if a URL was actually found.
+                  if [ -z "$URL" ]; then
+                    # Send error message to stderr so it might appear in lazygit logs or notifications.
+                    echo "Lazygit: Could not determine remote URL for 'origin'." >&2;
+                    # Exit with an error code.
+                    exit 1;
+                  fi;
+
+                  # Check if the URL is a GitHub SSH URL and convert it to HTTPS.
+                  # This uses echo and grep to check for "@github.com" and then sed for transformation.
+                  if echo "$URL" | grep -q "@github.com:"; then
+                    # Transform git@github.com:user/repo.git to https://github.com/user/repo
+                    # The first sed handles the main transformation.
+                    # The second sed removes a trailing .git if present, for a cleaner URL.
+                    URL=$(echo "$URL" | sed "s|git@github.com:|https://github.com/|" | sed "s|\.git$||");
+                    # Optional: Log the transformation for debugging.
+                    # echo "Lazygit: Transformed GitHub SSH URL to '$URL'" >&2;
+                  fi;
+
+                  # Determine the operating system.
+                  OS="$(uname -s)";
+
+                  # Optional: Echo for debugging. This might appear in lazygit logs or as a brief message.
+                  # Remove " >&2" if you want to see it as a potential success message in lazygit UI (if it shows stdout).
+                  # echo "Lazygit: Opening URL '$URL' on '$OS'" >&2;
+
+                  # Execute the appropriate command to open the URL based on the OS.
+                  case "$OS" in
+                    Darwin*) # macOS
+                      open "$URL";;
+                    Linux*)  # Linux
+                      xdg-open "$URL";;
+                    *)       # Unsupported OS
+                      echo "Lazygit: Unsupported OS ('$OS'). Could not open URL." >&2;
+                      exit 1;;
+                  esac
+                '';
+              in
+              lib.getExe openGitUrl;
+          }
+        ];
+      };
+    };
+
+    programs.fish.shellAbbrs = {
+      lg = "lazygit";
+    };
+
+  };
+}
--- a/platforms/home-manager/modules/nmasur/presets/programs/mpv.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/mpv.nix
@@ -31,5 +31,9 @@ in
        pkgs.mpvScripts.mpv-delete-file
      ];
    };
+
+    programs.fish.shellAbbrs = {
+      mpvs = "mpv --shuffle=yes";
+    };
  };
 }
--- a/platforms/home-manager/modules/nmasur/presets/programs/nixpkgs-darwin.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/nixpkgs-darwin.nix
@@ -21,6 +21,12 @@ in

  config = lib.mkIf (cfg.enable) {

+    # These are useful for triggering from zellij (rather than running directly in the shell)
+    nmasur.presets.programs.nixpkgs.commands.rebuildNixos = pkgs.writeShellScriptBin "rebuild-darwin" ''
+      git -C ${config.nmasur.presets.programs.dotfiles.path} add --intent-to-add --all
+      sudo darwin-rebuild switch --flake "${config.nmasur.presets.programs.dotfiles.path}#${config.nmasur.settings.host}"
+    '';
+
    programs.fish = {
      shellAbbrs = lib.mkIf config.nmasur.presets.programs.dotfiles.enable {
        nr = {
@@ -34,13 +40,13 @@ in
        rebuild-darwin = {
          body = ''
            git -C ${config.nmasur.presets.programs.dotfiles.path} add --intent-to-add --all
-            echo "darwin-rebuild switch --flake ${config.nmasur.presets.programs.dotfiles.path}#lookingglass"
+            echo "sudo darwin-rebuild switch --flake ${config.nmasur.presets.programs.dotfiles.path}#lookingglass"
          '';
        };
        rebuild-darwin-offline = {
          body = ''
            git -C ${config.nmasur.presets.programs.dotfiles.path} add --intent-to-add --all
-            echo "darwin-rebuild switch --option substitute false --flake ${config.nmasur.presets.programs.dotfiles.path}#lookingglass"
+            echo "sudo darwin-rebuild switch --option substitute false --flake ${config.nmasur.presets.programs.dotfiles.path}#lookingglass"
          '';
        };
        rebuild-home = lib.mkForce {
--- a/platforms/home-manager/modules/nmasur/presets/programs/nixpkgs.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/nixpkgs.nix
@@ -11,10 +11,35 @@ in

 {

-  options.nmasur.presets.programs.nixpkgs.enable = lib.mkEnableOption "Nixpkgs presets";
+  options.nmasur.presets.programs.nixpkgs = {
+    enable = lib.mkEnableOption "Nixpkgs presets";
+    commands = {
+      # These are useful for triggering from zellij (rather than running directly in the shell)
+      rebuildHome = lib.mkOption {
+        type = lib.types.package;
+        default = pkgs.writeShellScriptBin "rebuild-home" ''
+          git -C ${config.nmasur.presets.programs.dotfiles.path} add --intent-to-add --all
+          ${lib.getExe pkgs.home-manager} switch --flake "${config.nmasur.presets.programs.dotfiles.path}#${config.nmasur.settings.host}"
+        '';
+      };
+      rebuildNixos = lib.mkOption {
+        type = lib.types.package;
+        default = pkgs.writeShellScriptBin "rebuild-nixos" ''
+          git -C ${config.nmasur.presets.programs.dotfiles.path} add --intent-to-add --all
+          doas nixos-rebuild switch --flake ${config.nmasur.presets.programs.dotfiles.path}
+        '';
+      };
+    };
+  };

  config = lib.mkIf cfg.enable {

+    home.packages = [
+      pkgs.nh # Allows rebuilding with a cleaner TUI
+      cfg.commands.rebuildHome
+      cfg.commands.rebuildNixos
+    ];
+
    programs.fish = {
      shellAbbrs = {
        n = "nix";
--- a/platforms/home-manager/modules/nmasur/presets/programs/notes/default.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/notes/default.nix
@@ -44,21 +44,22 @@ in
    programs.fish.functions = {
      syncnotes = {
        description = "Full git commit on notes";
-        body = builtins.readFile lib.getExe (
-          pkgs.writers.writeFishBin "syncnotes" {
-            makeWrapperArgs = [
-              "--prefix"
-              "PATH"
-              ":"
-              "${lib.makeBinPath [ pkgs.git ]}"
-            ];
-          } builtins.readFile ./syncnotes.fish
-        );
+        body =
+          let
+            git = lib.getExe pkgs.git;
+          in
+          # fish
+          ''
+            ${git} -C ${cfg.path} pull
+            ${git} -C ${cfg.path} add -A
+            ${git} -C ${cfg.path} commit -m autosync
+            ${git} -C ${cfg.path} push
+          '';
      };
      note = {
        description = "Edit or create a note";
        argumentNames = "filename";
-        body = builtins.readFile lib.getExe (
+        body = lib.getExe (
          pkgs.writers.writeFishBin "note" {
            makeWrapperArgs = [
              "--prefix"
@@ -69,7 +70,44 @@ in
                pkgs.fzf
              ]}"
            ];
-          } builtins.readFile ./note.fish
+          } (builtins.readFile ./note.fish)
+        );
+      };
+      generate-today = {
+        description = "Create today's note";
+        body = # fish
+          ''
+            set filename $(date +%Y-%m-%d_%a)
+            set filepath "${cfg.path}/content/journal/$filename.md"
+            if ! test -e "$filepath"
+              echo -e  "---\ntitle: $(date +"%A, %B %e %Y") - $(curl "https://wttr.in/New+York+City?u&format=1")\ntags: [ journal ]\n---\n\n" > "$filepath"
+            end
+            echo "$filepath"
+          '';
+      };
+      today = {
+        description = "Edit or create today's note";
+        body = lib.getExe (
+          pkgs.writers.writeFishBin "today"
+            {
+              makeWrapperArgs = [
+                "--prefix"
+                "PATH"
+                ":"
+                "${lib.makeBinPath [
+                  pkgs.curl
+                  pkgs.helix
+                ]}"
+              ];
+            } # fish
+            ''
+              set filename $(date +%Y-%m-%d_%a)
+              set filepath "${cfg.path}/content/journal/$filename.md"
+              if ! test -e "$filepath"
+                echo -e  "---\ntitle: $(date +"%A, %B %e %Y") - $(curl "https://wttr.in/New+York+City?u&format=1")\ntags: [ journal ]\n---\n\n" > "$filepath"
+              end
+              hx "$filepath"
+            ''
        );
      };
    };
--- a/platforms/home-manager/modules/nmasur/presets/programs/rofi/themes/common.rasi
+++ b/platforms/home-manager/modules/nmasur/presets/programs/rofi/themes/common.rasi
@@ -5,7 +5,7 @@

 * {
  /* General */
-  font:                                 "Hack Nerd Font 60";
+  font:                                 "Hack Nerd Font Mono 60";

  /* option menus: i3-layout, music, power and screenshot
   *
@@ -13,7 +13,6 @@
   * around using this character: ■
   * We then add add 100 actual padding around the icons.
   *                                    -12px 0px   -19px -96px */
-  option-element-padding:               1% 1% 1% 1%;
  option-5-window-padding:              4% 4%;
  option-5-listview-spacing:            15px;

@@ -46,7 +45,7 @@
  layout: horizontal;
 }
 element {
-  padding: 40px 68px 43px 30px;
+  padding: 40px 62px 40px 36px;
 }
 #window {
  padding: 20px;
--- a/platforms/home-manager/modules/nmasur/presets/programs/starship.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/starship.nix
@@ -19,6 +19,7 @@ in
      enable = true;
      enableFishIntegration = true;
      enableBashIntegration = true;
+      enableTransience = true; # Replace previous prompts with custom string
      settings = {
        add_newline = false; # Don't print new line at the start of the prompt
        format = lib.concatStrings [
@@ -80,6 +81,17 @@ in
        };
      };
    };
+    programs.fish = {
+      functions = {
+        # Adjust the prompt in previous commands
+        starship_transient_prompt_func = {
+          body = "echo '$ '";
+        };
+        starship_transient_rprompt_func = {
+          body = "echo ' '";
+        };
+      };
+    };

  };
 }
--- a/platforms/home-manager/modules/nmasur/presets/programs/zed-editor.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/zed-editor.nix
@@ -17,7 +17,10 @@ in
    programs.zed-editor = {
      enable = true;

-      extensions = [ "nix" ];
+      extensions = [
+        "nix"
+        "rust"
+      ];

      extraPackages = [ pkgs.nixd ];

--- a/platforms/home-manager/modules/nmasur/presets/programs/zellij.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/zellij.nix
@@ -0,0 +1,269 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.presets.programs.zellij;
+
+  zellij-switch-to-last = pkgs.writeShellScriptBin "zellij-switch-to-last" ''
+    TARGET_SESSION=$(cat ~/.local/state/zellij-last-session)
+    if [ -z "$TARGET_SESSION" ]; then
+      return 1
+    fi
+    echo "$ZELLIJ_SESSION_NAME" > ~/.local/state/zellij-last-session
+    zellij pipe --plugin file:$(which zellij-switch.wasm) -- "--session $TARGET_SESSION"
+  '';
+in
+
+{
+
+  options.nmasur.presets.programs.zellij.enable = lib.mkEnableOption "Zellij terminal multiplexer";
+
+  config = lib.mkIf cfg.enable {
+
+    home.packages = [ pkgs.zellij-switch ];
+
+    programs.fish = {
+      shellAbbrs.z = "zellij";
+      functions = {
+        zellij-session = {
+          # description = "Open a session in Zellij";
+          body = # fish
+            ''
+              set TARGET_DIR $(zoxide query --interactive)
+              if test -z $TARGET_DIR
+                return 0
+              end
+              if test "$TARGET_DIR" = $(pwd)
+                return 1
+              end
+              echo "$ZELLIJ_SESSION_NAME" > ~/.local/state/zellij-last-session
+              zellij pipe --plugin file:$(which zellij-switch.wasm) -- "--cwd $TARGET_DIR --layout default --session $(basename $TARGET_DIR)"
+            '';
+        };
+        gh-run = {
+          body = # fish
+            ''
+              zellij action new-pane --start-suspended -- gh run watch
+            '';
+        };
+      };
+    };
+
+    xdg.configFile."zellij/layouts/compact-top.kdl".text = # kdl
+      ''
+        layout {
+          pane size=1 borderless=true {
+            plugin location="compact-bar"
+          }
+          pane
+        }
+      '';
+
+    xdg.configFile."zellij/layouts/default.kdl".text = # kdl
+      ''
+        layout {
+            pane size=1 borderless=true {
+                plugin location="tab-bar"
+            }
+            pane
+            pane size=1 borderless=true {
+                plugin location="status-bar"
+            }
+        }
+      '';
+
+    programs.zellij = {
+
+      enable = true;
+
+      # Auto start on shell init
+      enableBashIntegration = true;
+      enableFishIntegration = true;
+      enableZshIntegration = true;
+      attachExistingSession = true;
+      exitShellOnExit = false;
+
+      settings = {
+        default_mode = "locked";
+        # default_layout = "compact-top";
+        # Remove border
+        pane_frames = false;
+        # Scrollback
+        scrollback_editor = config.home.sessionVariables.EDITOR;
+
+        show_startup_tips = false;
+
+        keybinds = {
+          session = {
+            "bind \"w\"" = {
+              LaunchOrFocusPlugin = {
+                _args = [ "session-manager" ];
+                floating = true;
+                move_to_focused_tab = true;
+              };
+              SwitchToMode = {
+                _args = [ "locked" ];
+              };
+            };
+          };
+          scroll = {
+            "bind \"e\"" = {
+              EditScrollback = { };
+              SwitchToMode = {
+                _args = [ "locked" ];
+              };
+            };
+          };
+          shared = {
+            "bind \"Alt Shift s\"" = {
+              Run = {
+                _args = [
+                  (lib.getExe zellij-switch-to-last)
+                ];
+                close_on_exit = true;
+              };
+            };
+            "bind \"Alt Shift p\"" = {
+              Run = {
+                _args = [
+                  "${pkgs.fish}/bin/fish"
+                  "-c"
+                  "zellij-session"
+                ];
+                close_on_exit = true;
+              };
+            };
+            "bind \"Alt Shift h\"" = {
+              Run = {
+                _args = [
+                  (lib.getExe config.nmasur.presets.programs.nixpkgs.commands.rebuildHome)
+                ];
+                # close_on_exit = false;
+              };
+            };
+            "bind \"Alt Shift r\"" = {
+              Run = {
+                _args = [
+                  (lib.getExe config.nmasur.presets.programs.nixpkgs.commands.rebuildNixos)
+                ];
+                # close_on_exit = false;
+              };
+            };
+            "bind \"Alt Shift w\"" = {
+              Run = {
+                _args = [
+                  (lib.getExe pkgs.gh)
+                  "run"
+                  "watch"
+                ];
+                # direction = "Right";
+                # close_on_exit = false;
+                # start_suspended = true;
+              };
+            };
+            "bind \"Alt Shift l\"" = {
+              Run = {
+                _args = [
+                  (lib.getExe pkgs.gh)
+                  "run"
+                  "view"
+                  "--log"
+                ];
+              };
+            };
+            "bind \"Alt Shift f\"" = {
+              Run = {
+                _args = [
+                  (lib.getExe pkgs.gh)
+                  "run"
+                  "view"
+                  "--log-failed"
+                ];
+              };
+            };
+            "bind \"Alt Shift j\"" = {
+              Run = {
+                _args = [
+                  (lib.getExe pkgs.lazyjj)
+                ];
+                close_on_exit = true;
+                floating = true;
+                x = "1%";
+                y = "1%";
+                width = "99%";
+                height = "99%";
+              };
+            };
+            "bind \"Super Shift ]\"" = {
+              GoToNextTab = { };
+            };
+            "bind \"Super Shift [\"" = {
+              GoToPreviousTab = { };
+            };
+            "bind \"Ctrl Tab\"" = {
+              GoToNextTab = { };
+            };
+            "bind \"Ctrl Shift Tab\"" = {
+              GoToPreviousTab = { };
+            };
+            "bind \"Super t\"" = lib.mkIf pkgs.stdenv.isDarwin {
+              NewTab = { };
+            };
+            "bind \"Alt t\"" = lib.mkIf pkgs.stdenv.isLinux {
+              NewTab = { };
+            };
+            "bind \"Super k\"" = lib.mkIf pkgs.stdenv.isDarwin {
+              SwitchToMode = {
+                _args = [ "scroll" ];
+              };
+            };
+            "bind \"Super Shift e\"" = lib.mkIf pkgs.stdenv.isDarwin {
+              EditScrollback = { };
+              SwitchToMode = {
+                _args = [ "locked" ];
+              };
+            };
+            "bind \"Alt Shift e\"" = lib.mkIf pkgs.stdenv.isLinux {
+              EditScrollback = { };
+              SwitchToMode = {
+                _args = [ "locked" ];
+              };
+            };
+            "bind \"Alt l\"" = {
+              MoveFocusOrTab = {
+                _args = [ "Right" ];
+              };
+            };
+            "bind \"Alt h\"" = {
+              MoveFocusOrTab = {
+                _args = [ "Left" ];
+              };
+            };
+          };
+
+        };
+        theme = "custom";
+        themes.custom = {
+          fg = "${config.theme.colors.base03}";
+          bg = "${config.theme.colors.base02}";
+          black = "${config.theme.colors.base00}";
+          red = "${config.theme.colors.base08}";
+          green = "${config.theme.colors.base04}";
+          yellow = "${config.theme.colors.base0A}";
+          blue = "${config.theme.colors.base0D}";
+          magenta = "${config.theme.colors.base0E}";
+          cyan = "${config.theme.colors.base0C}";
+          white = "${config.theme.colors.base04}";
+          orange = "${config.theme.colors.base09}";
+        };
+      };
+
+    };
+
+  };
+
+}
--- a/platforms/home-manager/modules/nmasur/presets/services/hammerspoon/Spoons/DismissAlerts.spoon/close_notifications.applescript
+++ b/platforms/home-manager/modules/nmasur/presets/services/hammerspoon/Spoons/DismissAlerts.spoon/close_notifications.applescript
@@ -1,21 +1,96 @@
-# Credit: https://github.com/Ptujec/LaunchBar/blob/f7b5a0dba9919c2fec879513f68a044f78748539/Notifications/Dismiss%20all%20notifications.lbaction/Contents/Scripts/default.applescript
+# Credit: https://github.com/Ptujec/LaunchBar/blob/a6dca4f21f3474eab0454fdd306bff6bab0d4f16/Notifications/Dismiss%20all%20notifications.lbaction/Contents/Scripts/default.applescript

-tell application "System Events"
+(* 
+Close notifications Applescript Action for LaunchBar
+by Christian Bender (@ptujec)
+2024-10-15
+
+requires macOS 15.2 
+
+Copyright see: https://github.com/Ptujec/LaunchBar/blob/master/LICENSE
+
+Helpful:
+- https://applehelpwriter.com/2016/08/09/applescript-get-item-number-of-list-item/
+- https://www.macscripter.net/t/coerce-gui-scripting-information-into-string/62842/3
+- https://forum.keyboardmaestro.com/t/understanding-applescript-ui-scripting-to-click-menus/29039/23?page=2
+*)
+
+use AppleScript version "2.4" -- Yosemite (10.10) or later
+use scripting additions
+use framework "Foundation"
+property NSArray : a reference to current application's NSArray
+property alertAndBannerSet : {"AXNotificationCenterAlert", "AXNotificationCenterBanner"}
+property closeActionSet : {"Close", "Clear All", "Schließen", "Alle entfernen", "Cerrar", "Borrar todo", "关闭", "清除全部", "Fermer", "Tout effacer", "Закрыть", "Очистить все", "إغلاق", "مسح الكل", "Fechar", "Limpar tudo", "閉じる", "すべてクリア", "बंद करें", "सभी हटाएं", "Zamknij", "Wyczyść wszystko"}
+
+on run
+	tell application "System Events"
 		try
-		set _groups to groups of UI element 1 of scroll area 1 of group 1 of window "Notification Center" of application process "NotificationCenter"
+			set _main_group to group 1 of scroll area 1 of group 1 of group 1 of window 1 of application process "NotificationCenter"
+		on error eStr number eNum
+			display notification eStr with title "Error " & eNum sound name "Frog"
+			return
+		end try
 		
-		repeat with _group in _groups
 		
-			set _actions to actions of _group
+		set _headings to UI elements of _main_group whose role is "AXHeading"
 		
+		set _headingscount to count of _headings
+		
+		
+	end tell
+	
+	repeat _headingscount times
+		tell application "System Events" to set _roles to role of UI elements of _main_group
+		set _headingIndex to its getIndexOfItem:"AXHeading" inList:_roles
+		set _closeButtonIndex to _headingIndex + 1
+		tell application "System Events" to click item _closeButtonIndex of UI elements of _main_group
+		delay 0.4
+	end repeat
+	
+	
+	tell application "System Events"
+		try
+			set _groups to groups of _main_group
+			if _groups is {} then
+				if subrole of _main_group is in alertAndBannerSet then
+					set _actions to actions of _main_group
 					repeat with _action in _actions
-				if description of _action is in {"Schlie§en", "Alle entfernen", "Close", "Clear All"} then
+						if description of _action is in closeActionSet then
 							perform _action
-					
 						end if
 					end repeat
+				end if
+				return
+			end if
 			
+			repeat with _group in _groups
+				set _actions to actions of first item of _groups # always picking the first to avoid index error
+				repeat with _action in _actions
+					if description of _action is in closeActionSet then
+						perform _action
+					end if
 				end repeat
-		
+			end repeat
+		on error
+			if subrole of _main_group is in alertAndBannerSet then
+				set _actions to actions of _main_group
+				repeat with _action in _actions
+					if description of _action is in closeActionSet then
+						perform _action
+					end if
+				end repeat
+			end if
 		end try
-end tell
+	end tell
+end run
+
+on getIndexOfItem:anItem inList:aList
+	set anArray to NSArray's arrayWithArray:aList
+	set ind to ((anArray's indexOfObject:anItem) as number) + 1
+	if ind is greater than (count of aList) then
+		display dialog "Item '" & anItem & "' not found in list." buttons "OK" default button "OK" with icon 2 with title "Error"
+		return 0
+	else
+		return ind
+	end if
+end getIndexOfItem:inList:
--- a/platforms/home-manager/modules/nmasur/presets/services/hammerspoon/Spoons/DismissAlerts.spoon/close_notifications_applescript.js
+++ b/platforms/home-manager/modules/nmasur/presets/services/hammerspoon/Spoons/DismissAlerts.spoon/close_notifications_applescript.js
@@ -1,298 +0,0 @@
-/* Credit: https://gist.github.com/lancethomps/a5ac103f334b171f70ce2ff983220b4f */
-
-function run(input, parameters) {
-
-  const appNames = [];
-  const skipAppNames = [];
-  const verbose = true;
-
-  const scriptName = "close_notifications_applescript";
-
-  const CLEAR_ALL_ACTION = "Clear All";
-  const CLEAR_ALL_ACTION_TOP = "Clear";
-  const CLOSE_ACTION = "Close";
-
-  const notNull = (val) => {
-    return val !== null && val !== undefined;
-  };
-
-  const isNull = (val) => {
-    return !notNull(val);
-  };
-
-  const notNullOrEmpty = (val) => {
-    return notNull(val) && val.length > 0;
-  };
-
-  const isNullOrEmpty = (val) => {
-    return !notNullOrEmpty(val);
-  };
-
-  const isError = (maybeErr) => {
-    return notNull(maybeErr) && (maybeErr instanceof Error || maybeErr.message);
-  };
-
-  const systemVersion = () => {
-    return Application("Finder").version().split(".").map(val => parseInt(val));
-  };
-
-  const systemVersionGreaterThanOrEqualTo = (vers) => {
-    return systemVersion()[0] >= vers;
-  };
-
-  const isBigSurOrGreater = () => {
-    return systemVersionGreaterThanOrEqualTo(11);
-  };
-
-  const V11_OR_GREATER = isBigSurOrGreater();
-  const APP_NAME_MATCHER_ROLE = V11_OR_GREATER ? "AXStaticText" : "AXImage";
-  const hasAppNames = notNullOrEmpty(appNames);
-  const hasSkipAppNames = notNullOrEmpty(skipAppNames);
-  const hasAppNameFilters = hasAppNames || hasSkipAppNames;
-  const appNameForLog = hasAppNames ? ` [${appNames.join(",")}]` : "";
-
-  const logs = [];
-  const log = (message, ...optionalParams) => {
-    let message_with_prefix = `${new Date().toISOString().replace("Z", "").replace("T", " ")} [${scriptName}]${appNameForLog} ${message}`;
-    console.log(message_with_prefix, optionalParams);
-    logs.push(message_with_prefix);
-  };
-
-  const logError = (message, ...optionalParams) => {
-    if (isError(message)) {
-      let err = message;
-      message = `${err}${err.stack ? (" " + err.stack) : ""}`;
-    }
-    log(`ERROR ${message}`, optionalParams);
-  };
-
-  const logErrorVerbose = (message, ...optionalParams) => {
-    if (verbose) {
-      logError(message, optionalParams);
-    }
-  };
-
-  const logVerbose = (message) => {
-    if (verbose) {
-      log(message);
-    }
-  };
-
-  const getLogLines = () => {
-    return logs.join("\n");
-  };
-
-  const getSystemEvents = () => {
-    let systemEvents = Application("System Events");
-    systemEvents.includeStandardAdditions = true;
-    return systemEvents;
-  };
-
-  const getNotificationCenter = () => {
-    try {
-      return getSystemEvents().processes.byName("NotificationCenter");
-    } catch (err) {
-      logError("Could not get NotificationCenter");
-      throw err;
-    }
-  };
-
-  const getNotificationCenterGroups = (retryOnError = false) => {
-    try {
-      let notificationCenter = getNotificationCenter();
-      if (notificationCenter.windows.length <= 0) {
-        return [];
-      }
-      if (!V11_OR_GREATER) {
-        return notificationCenter.windows();
-      }
-      return notificationCenter.windows[0].uiElements[0].uiElements[0].uiElements();
-    } catch (err) {
-      logError("Could not get NotificationCenter groups");
-      if (retryOnError) {
-        logError(err);
-        log("Retrying getNotificationCenterGroups...");
-        return getNotificationCenterGroups(false);
-      } else {
-        throw err;
-      }
-    }
-  };
-
-  const isClearButton = (description, name) => {
-    return description === "button" && name === CLEAR_ALL_ACTION_TOP;
-  };
-
-  const matchesAnyAppNames = (value, checkValues) => {
-    if (isNullOrEmpty(checkValues)) {
-      return false;
-    }
-    let lowerAppName = value.toLowerCase();
-    for (let checkValue of checkValues) {
-      if (lowerAppName === checkValue.toLowerCase()) {
-        return true;
-      }
-    }
-    return false;
-  };
-
-  const matchesAppName = (role, value) => {
-    if (role !== APP_NAME_MATCHER_ROLE) {
-      return false;
-    }
-    if (hasAppNames) {
-      return matchesAnyAppNames(value, appNames);
-    }
-    return !matchesAnyAppNames(value, skipAppNames);
-  };
-
-  const notificationGroupMatches = (group) => {
-    try {
-      let description = group.description();
-      if (V11_OR_GREATER && isClearButton(description, group.name())) {
-        return true;
-      }
-      if (V11_OR_GREATER && description !== "group") {
-        return false;
-      }
-      if (!V11_OR_GREATER) {
-        let matchedAppName = !hasAppNameFilters;
-        if (!matchedAppName) {
-          for (let elem of group.uiElements()) {
-            if (matchesAppName(elem.role(), elem.description())) {
-              matchedAppName = true;
-              break;
-            }
-          }
-        }
-        if (matchedAppName) {
-          return notNull(findCloseActionV10(group, -1));
-        }
-        return false;
-      }
-      if (!hasAppNameFilters) {
-        return true;
-      }
-      let firstElem = group.uiElements[0];
-      return matchesAppName(firstElem.role(), firstElem.value());
-    } catch (err) {
-      logErrorVerbose(`Caught error while checking window, window is probably closed: ${err}`);
-      logErrorVerbose(err);
-    }
-    return false;
-  };
-
-  const findCloseActionV10 = (group, closedCount) => {
-    try {
-      for (let elem of group.uiElements()) {
-        if (elem.role() === "AXButton" && elem.title() === CLOSE_ACTION) {
-          return elem.actions["AXPress"];
-        }
-      }
-    } catch (err) {
-      logErrorVerbose(`(group_${closedCount}) Caught error while searching for close action, window is probably closed: ${err}`);
-      logErrorVerbose(err);
-      return null;
-    }
-    log("No close action found for notification");
-    return null;
-  };
-
-  const findCloseAction = (group, closedCount) => {
-    try {
-      if (!V11_OR_GREATER) {
-        return findCloseActionV10(group, closedCount);
-      }
-      let checkForPress = isClearButton(group.description(), group.name());
-      let clearAllAction;
-      let closeAction;
-      for (let action of group.actions()) {
-        let description = action.description();
-        if (description === CLEAR_ALL_ACTION) {
-          clearAllAction = action;
-          break;
-        } else if (description === CLOSE_ACTION) {
-          closeAction = action;
-        } else if (checkForPress && description === "press") {
-          clearAllAction = action;
-          break;
-        }
-      }
-      if (notNull(clearAllAction)) {
-        return clearAllAction;
-      } else if (notNull(closeAction)) {
-        return closeAction;
-      }
-    } catch (err) {
-      logErrorVerbose(`(group_${closedCount}) Caught error while searching for close action, window is probably closed: ${err}`);
-      logErrorVerbose(err);
-      return null;
-    }
-    log("No close action found for notification");
-    return null;
-  };
-
-  const closeNextGroup = (groups, closedCount) => {
-    try {
-      for (let group of groups) {
-        if (notificationGroupMatches(group)) {
-          let closeAction = findCloseAction(group, closedCount);
-
-          if (notNull(closeAction)) {
-            try {
-              closeAction.perform();
-              return [true, 1];
-            } catch (err) {
-              logErrorVerbose(`(group_${closedCount}) Caught error while performing close action, window is probably closed: ${err}`);
-              logErrorVerbose(err);
-            }
-          }
-          return [true, 0];
-        }
-      }
-      return false;
-    } catch (err) {
-      logError("Could not run closeNextGroup");
-      throw err;
-    }
-  };
-
-  try {
-    let groupsCount = getNotificationCenterGroups(true).filter(group => notificationGroupMatches(group)).length;
-
-    if (groupsCount > 0) {
-      logVerbose(`Closing ${groupsCount}${appNameForLog} notification group${(groupsCount > 1 ? "s" : "")}`);
-
-      let startTime = new Date().getTime();
-      let closedCount = 0;
-      let maybeMore = true;
-      let maxAttempts = 2;
-      let attempts = 1;
-      while (maybeMore && ((new Date().getTime() - startTime) <= (1000 * 30))) {
-        try {
-          let closeResult = closeNextGroup(getNotificationCenterGroups(), closedCount);
-          maybeMore = closeResult[0];
-          if (maybeMore) {
-            closedCount = closedCount + closeResult[1];
-          }
-        } catch (innerErr) {
-          if (maybeMore && closedCount === 0 && attempts < maxAttempts) {
-            log(`Caught an error before anything closed, trying ${maxAttempts - attempts} more time(s).`)
-            attempts++;
-          } else {
-            throw innerErr;
-          }
-        }
-      }
-    } else {
-      throw Error(`No${appNameForLog} notifications found...`);
-    }
-  } catch (err) {
-    logError(err);
-    logError(err.message);
-    getLogLines();
-    throw err;
-  }
-
-  return getLogLines();
-}
--- a/platforms/home-manager/modules/nmasur/presets/services/hammerspoon/Spoons/Launcher.spoon/init.lua
+++ b/platforms/home-manager/modules/nmasur/presets/services/hammerspoon/Spoons/Launcher.spoon/init.lua
@@ -105,6 +105,9 @@ function obj:init()
    self.launcher:bind("", "Z", function()
        self:switch("zoom.us.app")
    end)
+    self.launcher:bind("shift", "Z", function()
+        self:switch("@zed@")
+    end)
 end

 function obj:switch(app)
--- a/platforms/home-manager/modules/nmasur/presets/services/hammerspoon/Spoons/MoveWindow.spoon/worklayout.lua
+++ b/platforms/home-manager/modules/nmasur/presets/services/hammerspoon/Spoons/MoveWindow.spoon/worklayout.lua
@@ -42,6 +42,7 @@ local function worklayout()
        -- set the layout
        local left = {
            { "WezTerm", nil, WORK_ONLY_MONITOR, u(0, 0, 1 / 2, 1), nil, nil, visible = true },
+            { "Ghostty", nil, WORK_ONLY_MONITOR, u(0, 0, 1 / 2, 1), nil, nil, visible = true },
        }
        local right = {
            { "Slack", nil, WORK_ONLY_MONITOR, u(1 / 2, 0, 1 / 2, 1), nil, nil, visible = true },
--- a/platforms/home-manager/modules/nmasur/presets/services/hammerspoon/default.nix
+++ b/platforms/home-manager/modules/nmasur/presets/services/hammerspoon/default.nix
@@ -18,14 +18,16 @@ in
    xdg.configFile."hammerspoon/init.lua".source = ./init.lua;
    xdg.configFile."hammerspoon/Spoons/ControlEscape.spoon".source = ./Spoons/ControlEscape.spoon;
    xdg.configFile."hammerspoon/Spoons/DismissAlerts.spoon".source = ./Spoons/DismissAlerts.spoon;
-    xdg.configFile."hammerspoon/Spoons/Launcher.spoon/init.lua".source = pkgs.substituteAll {
-      src = ./Spoons/Launcher.spoon/init.lua;
+    xdg.configFile."hammerspoon/Spoons/Launcher.spoon/init.lua".source =
+      pkgs.replaceVars ./Spoons/Launcher.spoon/init.lua
+        {
          discord = "${pkgs.discord}/Applications/Discord.app";
          firefox = "${pkgs.firefox-unwrapped}/Applications/Firefox.app";
          ghostty = "${config.programs.ghostty.package}/Applications/Ghostty.app";
          obsidian = "${pkgs.obsidian}/Applications/Obsidian.app";
          slack = "${pkgs.slack}/Applications/Slack.app";
          wezterm = "${pkgs.wezterm}/Applications/WezTerm.app";
+          zed = "${pkgs.zed-editor}/Applications/Zed.app";
        };
    xdg.configFile."hammerspoon/Spoons/MoveWindow.spoon".source = ./Spoons/MoveWindow.spoon;

--- a/platforms/home-manager/modules/nmasur/presets/services/i3.nix
+++ b/platforms/home-manager/modules/nmasur/presets/services/i3.nix
@@ -94,7 +94,7 @@ in
          ws10 = "10:X";
        in
        {
-          terminal = cfg.terminal.meta.mainProgram;
+          # terminal = cfg.terminal.meta.mainProgram;
          modifier = modifier;
          assigns = {
            "${ws1}" = [ { class = "Firefox"; } ];
@@ -103,6 +103,7 @@ in
              { class = "kitty"; }
              { class = "obsidian"; }
              { class = "wezterm"; }
+              { class = "ghostty"; }
            ];
            "${ws3}" = [ { class = "discord"; } ];
            "${ws4}" = [
@@ -213,9 +214,9 @@ in
              cfg.commands.lockScreen != null
            ) "exec ${cfg.commands.lockScreen}";
            "${modifier}+Mod1+h" =
-              "exec --no-startup-id ${lib.getExe cfg.terminal} -e sh -c '${pkgs.home-manager}/bin/home-manager switch --flake ${config.nmasur.presets.programs.dotfiles.path} || read'";
+              ''exec --no-startup-id ${lib.getExe cfg.terminal} --command="${pkgs.home-manager}/bin/home-manager switch --flake ${config.nmasur.presets.programs.dotfiles.path}#''${hostname} || read" '';
            "${modifier}+Mod1+r" =
-              "exec --no-startup-id ${lib.getExe cfg.terminal} -e sh -c 'doas nixos-rebuild switch --flake ${config.nmasur.presets.programs.dotfiles.path} || read'";
+              "exec --no-startup-id ${lib.getExe cfg.terminal} --command='doas nixos-rebuild switch --flake ${config.nmasur.presets.programs.dotfiles.path} || read'";

            # Window options
            "${modifier}+q" = "kill";
--- a/platforms/home-manager/modules/nmasur/presets/services/keybase.nix
+++ b/platforms/home-manager/modules/nmasur/presets/services/keybase.nix
@@ -35,5 +35,9 @@ in
        ".rgignore".text = ignorePatterns;
        ".fdignore".text = ignorePatterns;
      };
+    # Ignore in zoxide
+    home.sessionVariables = {
+      _ZO_EXCLUDE_DIRS = "$HOME/keybase/*";
+    };
  };
 }
--- a/platforms/home-manager/modules/nmasur/presets/services/polybar.nix
+++ b/platforms/home-manager/modules/nmasur/presets/services/polybar.nix
@@ -136,7 +136,15 @@ in
              fi
            ''
          );
-          click-left = "i3-msg 'exec --no-startup-id kitty --class aerc aerc'; sleep 0.15; i3-msg '[class=aerc] focus'";
+          click-left =
+            let
+              startupCommand =
+                if config.nmasur.presets.services.i3.terminal == pkgs.wezterm then
+                  "start --class aerc -- aerc"
+                else
+                  "--class=com.noah.aerc --command=aerc";
+            in
+            "i3-msg 'exec --no-startup-id ${lib.getExe config.nmasur.presets.services.i3.terminal} ${startupCommand}'; sleep 0.15; i3-msg '[class=com.noah.aerc] focus'";
        };
        "module/network" = {
          type = "internal/network";
@@ -213,12 +221,12 @@ in
          label = "%date%";
          label-foreground = config.theme.colors.base06;
          # format-background = colors.background;
-          click-right = lib.getExe config.nmasur.presets.services.i3.terminal;
+          click-right = "i3-msg 'exec --no-startup-id ${lib.getExe config.nmasur.presets.services.i3.terminal}'";
        };
        "module/power" = {
          type = "custom/text";
          content = "  ";
-          click-left = config.nmasur.presets.services.i3.commands.toggleBar;
+          click-left = config.nmasur.presets.services.i3.commands.power;
          click-right = "polybar-msg cmd restart";
          content-foreground = config.theme.colors.base04;
        };
--- a/platforms/home-manager/modules/nmasur/profiles/darwin-base.nix
+++ b/platforms/home-manager/modules/nmasur/profiles/darwin-base.nix
@@ -19,6 +19,7 @@ in
      fonts.enable = lib.mkDefault true;
      services.hammerspoon.enable = lib.mkDefault true;
      programs.nixpkgs-darwin.enable = lib.mkDefault true;
+      programs.mpv.enable = lib.mkDefault true;
    };

    home.homeDirectory = lib.mkForce "/Users/${config.home.username}";
@@ -31,6 +32,8 @@ in
    # Used for aerc
    xdg.enable = lib.mkDefault pkgs.stdenv.isDarwin;

+    programs.fish.shellAbbrs.t = "trash";
+
    # Add homebrew paths to CLI path
    home.sessionPath = [
      "/opt/homebrew/bin/"
@@ -39,6 +42,7 @@ in

    home.packages = [
      pkgs.noti # Create notifications programmatically
+      pkgs.ice-bar # Menu bar hiding
    ];
  };

--- a/platforms/home-manager/modules/nmasur/profiles/experimental.nix
+++ b/platforms/home-manager/modules/nmasur/profiles/experimental.nix
@@ -17,7 +17,7 @@ in

    nmasur.presets.programs = {
      zed-editor.enable = lib.mkDefault true;
-      ghostty.enable = lib.mkDefault true;
+      jujutsu.enable = lib.mkDefault true;
    };

    home.packages = [
@@ -32,9 +32,7 @@ in
    ];

    programs.gh-dash.enable = lib.mkDefault true;
-    programs.helix.enable = lib.mkDefault true;
    programs.himalaya.enable = lib.mkDefault true;
-
  };

 }
--- a/platforms/home-manager/modules/nmasur/profiles/linux-gui.nix
+++ b/platforms/home-manager/modules/nmasur/profiles/linux-gui.nix
@@ -23,14 +23,15 @@ in
        aerc.enable = lib.mkDefault true;
        discord.enable = lib.mkDefault true;
        dotfiles.enable = lib.mkDefault true;
+        feishin.enable = lib.mkDefault true;
        firefox.enable = lib.mkDefault true;
+        ghostty.enable = lib.mkDefault true;
        mpv.enable = lib.mkDefault true;
        nautilus.enable = lib.mkDefault true;
        notmuch.enable = lib.mkDefault true;
        nsxiv.enable = lib.mkDefault true;
        obsidian.enable = lib.mkDefault true;
        rofi.enable = lib.mkDefault true;
-        wezterm.enable = lib.mkDefault true;
        xclip.enable = lib.mkDefault true;
        zathura.enable = lib.mkDefault true;
      };
--- a/platforms/home-manager/modules/nmasur/profiles/power-user.nix
+++ b/platforms/home-manager/modules/nmasur/profiles/power-user.nix
@@ -15,25 +15,29 @@ in
    home.packages = [
      pkgs.age # Encryption
      pkgs.bc # Calculator
+      pkgs.bottom # System monitor (top)
      pkgs.delta # Fancy diffs
      pkgs.difftastic # Other fancy diffs
+      pkgs.doggo # DNS client (dig)
+      pkgs.du-dust # Disk usage tree (ncdu)
+      pkgs.dua # File sizes (du)
+      pkgs.duf # Basic disk information (df)
      pkgs.jless # JSON viewer
      pkgs.jo # JSON output
+      pkgs.mpd # TUI slideshows
+      pkgs.nixfmt-rfc-style # Format Nix code
+      pkgs.nmasur.jqr # FZF fq JSON tool
      pkgs.nmasur.osc # Clipboard over SSH
-      pkgs.qrencode # Generate qr codes
      pkgs.nmasur.ren-find # Rename files
      pkgs.nmasur.rep-grep # Replace text in files
+      pkgs.pandoc # Convert text documents
+      pkgs.qrencode # Generate qr codes
      pkgs.spacer # Output lines in terminal
      pkgs.tealdeer # Cheatsheets
+      pkgs.tree # Print tree in terminal
      pkgs.vimv-rs # Batch rename files
-      pkgs.dua # File sizes (du)
-      pkgs.du-dust # Disk usage tree (ncdu)
-      pkgs.duf # Basic disk information (df)
-      pkgs.pandoc # Convert text documents
-      pkgs.mpd # TUI slideshows
-      pkgs.doggo # DNS client (dig)
-      pkgs.bottom # System monitor (top)
-      pkgs.nmasur.jqr # FZF fq JSON tool
+      pkgs.yazi # TUI file explorer
+
    ];

    programs.fish.shellAliases = {
@@ -56,14 +60,19 @@ in
      fd.enable = lib.mkDefault true;
      fish.enable = lib.mkDefault true;
      fzf.enable = lib.mkDefault true;
+      ghostty.enable = lib.mkDefault true;
      git.enable = lib.mkDefault true;
+      helix.enable = lib.mkDefault true;
+      lazygit.enable = lib.mkDefault true;
      neovim.enable = lib.mkDefault true;
      nix-index.enable = lib.mkDefault true;
      nixpkgs.enable = lib.mkDefault true;
+      notes.enable = lib.mkDefault true;
      prettyping.enable = lib.mkDefault true;
      ripgrep.enable = lib.mkDefault true;
      weather.enable = lib.mkDefault true;
      yt-dlp.enable = lib.mkDefault true;
+      zellij.enable = lib.mkDefault true;
      zoxide.enable = lib.mkDefault true;
    };

--- a/platforms/home-manager/modules/nmasur/profiles/work.nix
+++ b/platforms/home-manager/modules/nmasur/profiles/work.nix
@@ -39,11 +39,14 @@ in
      pkgs.nmasur.terraform-init # Quick shortcut for initializing Terraform backend
    ];

+    programs.fish.shellAliases.ec2 = "aws-ec2";
+
    nmasur.presets = {
      fonts.enable = lib.mkDefault true;
      programs = {
        _1password.enable = lib.mkDefault true;
        atuin.enable = lib.mkDefault true;
+        aws-ssh.enable = lib.mkDefault true;
        bash.enable = lib.mkDefault true;
        bat.enable = lib.mkDefault true;
        direnv.enable = lib.mkDefault true;
@@ -52,6 +55,7 @@ in
        firefox.enable = lib.mkDefault true;
        fish.enable = lib.mkDefault true;
        fzf.enable = lib.mkDefault true;
+        ghostty.enable = lib.mkDefault true;
        git-work.enable = lib.mkDefault true;
        git.enable = lib.mkDefault true;
        github.enable = lib.mkDefault true;
@@ -64,7 +68,6 @@ in
        starship.enable = lib.mkDefault true;
        terraform.enable = lib.mkDefault true;
        weather.enable = lib.mkDefault true;
-        wezterm.enable = lib.mkDefault true;
      };
    };

--- a/platforms/home-manager/modules/nmasur/settings.nix
+++ b/platforms/home-manager/modules/nmasur/settings.nix
@@ -10,6 +10,10 @@
      type = lib.types.str;
      description = "Human readable name of the user";
    };
+    host = lib.mkOption {
+      type = lib.types.str;
+      description = "Name of the host of this deployment";
+    };
    hostnames = lib.mkOption {
      type = lib.types.attrsOf lib.types.str;
      description = "Map of service names to FQDNs";
--- a/platforms/nix-darwin/modules/nmasur/presets/programs/homebrew.nix
+++ b/platforms/nix-darwin/modules/nmasur/presets/programs/homebrew.nix
@@ -15,7 +15,7 @@ in

  config = lib.mkIf cfg.enable {
    # Requires Homebrew to be installed
-    system.activationScripts.preUserActivation.text = ''
+    system.activationScripts.preActivation.text = ''
      if ! xcode-select --version 2>/dev/null; then
        $DRY_RUN_CMD xcode-select --install
      fi
--- a/platforms/nix-darwin/modules/nmasur/presets/services/dock.nix
+++ b/platforms/nix-darwin/modules/nmasur/presets/services/dock.nix
@@ -6,6 +6,7 @@
 }:

 let
+  inherit (config.nmasur.settings) username;
  cfg = config.nmasur.presets.services.dock;
 in

@@ -49,9 +50,9 @@ in
        "/System/Applications/Messages.app"
        "/System/Applications/Mail.app"
        "/Applications/zoom.us.app"
+        "${config.home-manager.users.${username}.programs.ghostty.package}/Applications/Ghostty.app"
        "${pkgs.discord}/Applications/Discord.app"
        "${pkgs.obsidian}/Applications/Obsidian.app"
-        "${pkgs.wezterm}/Applications/WezTerm.app"
      ];
    };
  };
--- a/platforms/nix-darwin/modules/nmasur/presets/services/finder.nix
+++ b/platforms/nix-darwin/modules/nmasur/presets/services/finder.nix
@@ -59,7 +59,7 @@ in
    };

    # User-level settings
-    system.activationScripts.postUserActivation.text = ''
+    system.activationScripts.postActivation.text = ''
      echo "Show the ~/Library folder"
      chflags nohidden ~/Library
    '';
--- a/platforms/nix-darwin/modules/nmasur/presets/services/hammerspoon.nix
+++ b/platforms/nix-darwin/modules/nmasur/presets/services/hammerspoon.nix
@@ -18,7 +18,7 @@ in

    homebrew.casks = [ "hammerspoon" ];

-    system.activationScripts.postUserActivation.text = ''
+    system.activationScripts.postActivation.text = ''
      defaults write org.hammerspoon.Hammerspoon MJConfigFile "${
        config.home-manager.users.${username}.xdg.configHome
      }/hammerspoon/init.lua"
--- a/platforms/nix-darwin/modules/nmasur/presets/services/menubar.nix
+++ b/platforms/nix-darwin/modules/nmasur/presets/services/menubar.nix
@@ -15,7 +15,7 @@ in
  config = lib.mkIf cfg.enable {

    # User-level settings
-    system.activationScripts.postUserActivation.text = ''
+    system.activationScripts.postActivation.text = ''
      echo "Reduce Menu Bar padding"
      defaults write -globalDomain NSStatusItemSelectionPadding -int 6
      defaults write -globalDomain NSStatusItemSpacing -int 6
--- a/platforms/nix-darwin/modules/nmasur/profiles/base.nix
+++ b/platforms/nix-darwin/modules/nmasur/profiles/base.nix
@@ -14,6 +14,8 @@ in

  config = lib.mkIf cfg.enable {

+    system.primaryUser = config.nmasur.settings.username;
+
    nmasur.presets = {
      programs = {
        fish.enable = lib.mkDefault true;
@@ -36,6 +38,7 @@ in
    homebrew.casks = [
      "scroll-reverser" # Different scroll style for mouse vs. trackpad
      "notunes" # Don't launch Apple Music with the play button
+      "topnotch" # Darkens the menu bar to complete black
    ];

  };
--- a/platforms/nix-darwin/modules/nmasur/profiles/extra.nix
+++ b/platforms/nix-darwin/modules/nmasur/profiles/extra.nix
@@ -20,5 +20,13 @@ in
      "keybase" # GUI on Nix not available for macOS
    ];

+    nix.linux-builder = {
+      enable = true;
+      systems = [
+        "x86_64-linux"
+        "aarch64-linux"
+      ];
+    };
+
  };
 }
--- a/platforms/nixos/modules/nmasur/presets/programs/slsk-batchdl.nix
+++ b/platforms/nixos/modules/nmasur/presets/programs/slsk-batchdl.nix
@@ -0,0 +1,21 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.presets.programs.slsk-batchdl;
+in
+
+{
+
+  options.nmasur.presets.programs.slsk-batchdl.enable = lib.mkEnableOption "slsk downloader";
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = [
+      pkgs.nmasur.slsk-batchdl
+    ];
+  };
+}
--- a/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
@@ -1,85 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}:
-
-let
-  inherit (config.nmasur.settings) hostnames;
-  cfg = config.nmasur.presets.services.actualbudget;
-in
-
-{
-
-  options.nmasur.presets.services.actualbudget = {
-    enable = lib.mkEnableOption "ActualBudget budgeting service";
-    port = lib.mkOption {
-      type = lib.types.port;
-      description = "Port to use for the localhost";
-      default = 5006;
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-
-    virtualisation.podman.enable = true;
-
-    # Create a shared group for generic services
-    users.groups.shared = { };
-
-    users.users.actualbudget = {
-      isSystemUser = true;
-      group = "shared";
-      uid = 980;
-    };
-
-    # Create budget directory, allowing others to manage it
-    systemd.tmpfiles.rules = [
-      "d /var/lib/actualbudget 0770 actualbudget shared"
-    ];
-
-    virtualisation.oci-containers.containers.actualbudget = {
-      workdir = null;
-      volumes = [ "/var/lib/actualbudget:/data" ];
-      user = "${toString (builtins.toString config.users.users.actualbudget.uid)}";
-      pull = "missing";
-      privileged = false;
-      ports = [ "127.0.0.1:${builtins.toString cfg.port}:5006" ];
-      networks = [ ];
-      log-driver = "journald";
-      labels = {
-        app = "actualbudget";
-      };
-      image = "ghcr.io/actualbudget/actual-server:25.1.0";
-      hostname = null;
-      environmentFiles = [ ];
-      environment = {
-        DEBUG = "actual:config"; # Enable debug logging
-        ACTUAL_TRUSTED_PROXIES = builtins.concatStringsSep "," [ "127.0.0.1" ];
-      };
-      dependsOn = [ ];
-      autoStart = true;
-    };
-
-    # Allow web traffic to Caddy
-    nmasur.presets.services.caddy.routes = [
-      {
-        match = [ { host = [ hostnames.budget ]; } ];
-        handle = [
-          {
-            handler = "reverse_proxy";
-            upstreams = [ { dial = "localhost:${builtins.toString cfg.port}"; } ];
-          }
-        ];
-      }
-    ];
-
-    # Configure Cloudflare DNS to point to this machine
-    services.cloudflare-dyndns.domains = [ hostnames.budget ];
-
-    # Backups
-    services.restic.backups.default.paths = [ "/var/lib/actualbudget" ];
-
-  };
-
-}
--- a/platforms/nixos/modules/nmasur/presets/services/actualbudget/actualbudget-budget-id.age
+++ b/platforms/nixos/modules/nmasur/presets/services/actualbudget/actualbudget-budget-id.age
@@ -0,0 +1,17 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyA0VjJk
+a2c0Q1pVcEVCdjd3OE1xZ2s2a29YdjdWTUZkK1hnMFNwVTRVMVFVCkhpY2tjQmFz
+K3dzVEgrcnBuRlgyZzYwWGtiQzh6RjNtNmNUb2FSVCsxMTAKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIFM3cVpTaVFYK1NEYitaSEtLUE5yVDhXTGNHSnN3UjdROTVDeXND
+VjFUQjAKYnF6RWtjaFZNM1cxSTJUV0p4UExoenhicGpESEk0R2Q0VncrUldwSndi
+UQotPiBzc2gtZWQyNTUxOSBuanZYNUEgOTltRmlNNFQzTWpsVVdHUXBqS1lKRldJ
+dW9kVHJqZFRrQWFTK2ZDMi8zZwpTUlRqZUkzSWlibGhMVzRwQmdldVREeGpsRTRr
+L1FUZHowdVprNlEvVVJ3Ci0+IHNzaC1lZDI1NTE5IENxSU9VQSBjeUZRdmtENUQw
+Ukoxb3NNYU5JeE1OSVBGcWhPZS9mY1BEb0tVbnB3bVdNCnRHRXhpd0dEbWZuNEg0
+a1BMdk5yc2x6Y0EzQXo1U1hwZnJuUzJ1ckt1VDAKLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IExJeHhnTlgrSXpVYkxWdnZldlR4Q1JzZE9PWFowbWJSQ1pTbkp3YWFoUzgK
+L1ErSnZ3cWVXeVU0TThPaFVsVjBTdHh1YlQ3cTduQ2xIejZScEJSZGp6MAotLS0g
+SFJpT2JlSktBaFZhdjlyOWRhLzJiT21OditjczZJcU9iMFJMUzhNdzVZMAp0yAab
+89wcmBqmuQLoFYRs/Tj+UvWa4UaXvNFGZM9zIH8WEJDxO+QviDL1NETOuI4T9X1q
+JYa7c4PAwV8KgMkdKpHVJ3sN1+Kg82UXXSCTjpRHa33OBZTC
+-----END AGE ENCRYPTED FILE-----
--- a/platforms/nixos/modules/nmasur/presets/services/actualbudget/actualbudget-password.age
+++ b/platforms/nixos/modules/nmasur/presets/services/actualbudget/actualbudget-password.age
@@ -0,0 +1,17 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBQY3lv
+SG9kNkN1S3RZdE80cWJTd0k0UkdiNmZXT085Um9Vd0FGYWpObHc0CnQvVjF4L0xu
+ajNvQkFueVREaWxLWFhyNGkvL2ZlOHdEYXdTRkowbk9WUUUKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIE5aT3ZlMDJjNkJaZmFDV3ZKSHo5UEhnTlM5dHk1R0dYSXFNOWxJ
+OThEaGcKcmNsMVUxaTI1b0FtbFdtMzlVYVZxcnllVmlwaDRuUkR4d3BNbm12eU5x
+OAotPiBzc2gtZWQyNTUxOSBuanZYNUEgR3BmQk5Nd0E3RC9UQ1ZoWmxTNlhubjVZ
+Vi8xL3V3YTNqUVh2ZVZrRkNtawpLaWhxY1FQajJZeGJzakd3ZDhrbmd4T2JNVlUy
+dzFOMGcwRmJML3hPTzRBCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBDNTQzZ0syVHNS
+TTJPUm9OMUcyNTY5VGZkNEVESmt2eVQrSzJlUEgwS0E4ClRqbk9FTGZNRG9zSHlC
+UXQyN0N1WDN4MHNrNFgrUjdQQUc4aU8xajRVdkEKLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IHpiaEsvbCtwMlkyMWpJMS9XWExudDRpaE4xMmQ4eXIzU2RaTGd3TUg3eHMK
+anpIV01KVDdvZGI5M1dmME1KaC9jcFkrVlN4TmlXN21tUnhIYnlEMEdHcwotLS0g
+dy9LeGpiNkowQkNwOFNFeHUveGRveDRhajVtNEU3SWE0MEhOYTl6ZHM0QQq/Dg+2
+OrqL8yCAai3J8djSktSmhAc/jdbEnHVdl3943Enyrn+Zz2HcUe96RySrleCt+QxL
+Dezprhehi7jK7KmIAGOspicA0e/4GQ8txsb2fQ==
+-----END AGE ENCRYPTED FILE-----
--- a/platforms/nixos/modules/nmasur/presets/services/actualbudget/actualbudget.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/actualbudget/actualbudget.nix
@@ -0,0 +1,132 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  inherit (config.nmasur.settings) hostnames;
+  cfg = config.nmasur.presets.services.actualbudget;
+in
+
+{
+
+  options.nmasur.presets.services.actualbudget = {
+    enable = lib.mkEnableOption "ActualBudget budgeting service";
+    port = lib.mkOption {
+      type = lib.types.port;
+      description = "Port to use for the localhost";
+      default = 5006;
+    };
+    prometheusPort = lib.mkOption {
+      type = lib.types.port;
+      description = "Port to use for prometheus actual exporter";
+      default = 5007;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    services.actual = {
+      enable = true;
+      settings = {
+        port = cfg.port;
+      };
+    };
+
+    # systemd.services.prometheus-actual-exporter = {
+    #   enable = true;
+    #   description = "Prometheus exporter for Actual budget";
+    #   serviceConfig = {
+    #     DynamicUser = true;
+    #     Environment = [
+    #       "ACTUAL_SERVER_URL=https://${hostnames.budget}:443"
+    #       "PORT=${builtins.toString cfg.prometheusPort}"
+    #     ];
+    #     EnvironmentFile = [
+    #       config.secrets.actualbudget-password.dest
+    #       config.secrets.actualbudget-budget-id.dest
+    #     ];
+    #     ExecStart = lib.getExe pkgs.nmasur.prometheus-actual-exporter;
+    #   };
+    #   wantedBy = [
+    #     "multi-user.target"
+    #   ];
+    # };
+
+    # Used for prometheus exporter
+    virtualisation.podman.enable = true;
+
+    # Create a shared group for generic services
+    users.groups.shared = { };
+
+    users.users.actualbudget = {
+      isSystemUser = true;
+      group = "shared";
+      uid = 980;
+    };
+
+    virtualisation.oci-containers.containers.actualbudget-prometheus-exporter = {
+      workdir = null;
+      user = builtins.toString config.users.users.actualbudget.uid;
+      pull = "missing";
+      privileged = false;
+      ports = [ "127.0.0.1:5007:3001" ];
+      networks = [ ];
+      log-driver = "journald";
+      labels = {
+        app = "actualbudget-prometheus-exporter";
+      };
+      image = "docker.io/sakowicz/actual-budget-prometheus-exporter:1.1.5";
+      hostname = null;
+      environmentFiles = [
+        config.secrets.actualbudget-password.dest
+        config.secrets.actualbudget-budget-id.dest
+      ];
+      environment = {
+        ACTUAL_SERVER_URL = "https://${hostnames.budget}:443";
+      };
+      # dependsOn = [ "actualbudget" ];
+      autoStart = true;
+    };
+
+    nmasur.presets.services.prometheus-exporters.scrapeTargets = [
+      "127.0.0.1:${builtins.toString cfg.prometheusPort}"
+    ];
+
+    secrets.actualbudget-password = {
+      source = ./actualbudget-password.age;
+      dest = "${config.secretsDirectory}/actualbudget-password";
+      owner = builtins.toString config.users.users.actualbudget.uid;
+      group = builtins.toString config.users.users.actualbudget.uid;
+    };
+    secrets.actualbudget-budget-id = {
+      source = ./actualbudget-budget-id.age;
+      dest = "${config.secretsDirectory}/actualbudget-budget-id";
+      owner = builtins.toString config.users.users.actualbudget.uid;
+      group = builtins.toString config.users.users.actualbudget.uid;
+    };
+
+    # Allow web traffic to Caddy
+    nmasur.presets.services.caddy.routes = [
+      {
+        match = [ { host = [ hostnames.budget ]; } ];
+        handle = [
+          {
+            handler = "reverse_proxy";
+            upstreams = [ { dial = "localhost:${builtins.toString cfg.port}"; } ];
+          }
+        ];
+      }
+    ];
+
+    # Configure Cloudflare DNS to point to this machine
+    services.cloudflare-dyndns.domains = [ hostnames.budget ];
+
+    # Backups
+    services.restic.backups.default.paths = [ "/var/lib/actual" ];
+
+  };
+
+}
--- a/platforms/nixos/modules/nmasur/presets/services/arr/arr.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/arr/arr.nix
@@ -27,6 +27,11 @@ let
      url = "localhost:8989";
      apiKey = config.secrets.sonarrApiKey.dest;
    };
+    lidarr = {
+      exportarrPort = "9712";
+      url = "localhost:8686";
+      apiKey = config.secrets.lidarrApiKey.dest;
+    };
    prowlarr = {
      exportarrPort = "9709";
      url = "localhost:9696";
@@ -57,31 +62,49 @@ in
    #   "dotnet-sdk-6.0.428"
    # ];

+    secrets.slskd = {
+      source = ./slskd.age;
+      dest = "/var/private/slskd";
+    };
+
    services = {
      bazarr = {
        enable = true;
-        group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
      };
      jellyseerr.enable = true;
      prowlarr.enable = true;
      sabnzbd = {
        enable = true;
-        group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
        # The config file must be editable within the application
        # It contains server configs and credentials
        configFile = "/data/downloads/sabnzbd/sabnzbd.ini";
      };
+      slskd = {
+        enable = true;
+        domain = null;
+        environmentFile = config.secrets.slskd.dest;
+        settings = {
+          shares.directories = [ ];
+          directories.downloads = "/data/audio/music";
+          web = {
+            url_base = "/slskd";
+            port = 5030;
+          };
+          soulseek.listen_port = 50300;
+        };
+        openFirewall = false;
+      };
      sonarr = {
        enable = true;
-        group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
      };
      radarr = {
        enable = true;
-        group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
      };
      readarr = {
        enable = true;
-        group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
+      };
+      lidarr = {
+        enable = true;
      };
    };

@@ -96,7 +119,6 @@ in
      {
        # Group means that routes with the same name are mutually exclusive,
        # so they are split between the appropriate services.
-        group = "download";
        match = [
          {
            host = [ hostnames.download ];
@@ -112,7 +134,6 @@ in
        ];
      }
      {
-        group = "download";
        match = [
          {
            host = [ hostnames.download ];
@@ -127,7 +148,6 @@ in
        ];
      }
      {
-        group = "download";
        match = [
          {
            host = [ hostnames.download ];
@@ -142,7 +162,20 @@ in
        ];
      }
      {
-        group = "download";
+        match = [
+          {
+            host = [ hostnames.download ];
+            path = [ "/lidarr*" ];
+          }
+        ];
+        handle = [
+          {
+            handler = "reverse_proxy";
+            upstreams = [ { dial = arrConfig.lidarr.url; } ];
+          }
+        ];
+      }
+      {
        match = [
          {
            host = [ hostnames.download ];
@@ -158,7 +191,6 @@ in
        ];
      }
      {
-        group = "download";
        match = [
          {
            host = [ hostnames.download ];
@@ -178,7 +210,6 @@ in
        ];
      }
      {
-        group = "download";
        match = [
          {
            host = [ hostnames.download ];
@@ -193,7 +224,22 @@ in
        ];
      }
      {
-        group = "download";
+        match = [
+          {
+            host = [ hostnames.download ];
+            path = [ "/slskd*" ];
+          }
+        ];
+        handle = [
+          {
+            handler = "reverse_proxy";
+            upstreams = [
+              { dial = "localhost:${builtins.toString config.services.slskd.settings.web.port}"; }
+            ];
+          }
+        ];
+      }
+      {
        match = [ { host = [ hostnames.download ]; } ];
        handle = [
          {
@@ -255,7 +301,7 @@ in
      prefix = "API_KEY=";
    };
    secrets.readarrApiKey = {
-      source = ./radarr-api-key.age;
+      source = ./readarr-api-key.age;
      dest = "/var/private/readarr-api";
      prefix = "API_KEY=";
    };
@@ -264,6 +310,11 @@ in
      dest = "/var/private/sonarr-api";
      prefix = "API_KEY=";
    };
+    secrets.lidarrApiKey = {
+      source = ./lidarr-api-key.age;
+      dest = "/var/private/lidarr-api";
+      prefix = "API_KEY=";
+    };
    secrets.prowlarrApiKey = {
      source = ./prowlarr-api-key.age;
      dest = "/var/private/prowlarr-api";
--- a/platforms/nixos/modules/nmasur/presets/services/arr/lidarr-api-key.age
+++ b/platforms/nixos/modules/nmasur/presets/services/arr/lidarr-api-key.age
@@ -0,0 +1,17 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBjUGJG
+dDZiN3RkMzV2WlFUd3Vsam5IV3ZqajN2VFVvdUFiNFVIdVZRZzE0CkplWlBrRndG
+SEIxa0pGaFAzWmFEOGlIUTM2K2I0VWUyQ1pKbVcvd1I5UDAKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIFRuVXp3dTNHaDhWNTVmN2tLd1FXaUttT1VqL2I1dktWaW45VnN2
+TlVZd2MKYlpEdWFJNmRtNWcxMDVndExIY21icjY2c252QmJnekorNnFnZHRCcHQr
+dwotPiBzc2gtZWQyNTUxOSBuanZYNUEgd3hZNDZwWDg0UnFlNndqazFNNDB0bkxx
+RTVTamR1Nk51VkREVVlRTjEybwpGVXJEUFFuYXpEQzRHeWJqRTMrUUpIYmhtT2NY
+SUQyeGwrYjBKdW9ucThjCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBVdFB6ZndMb3Zx
+dTV5L2Z1Nk9rQVRHWkozcG01cW9zZUFTUW5HaDV1TWtvCnE4MUtTV0laalIwbVNJ
+NlU0K0JJcGMyN3ZSVXpVU1BteDVIVU9BYU9ZeG8KLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IGhCbWhHbG9WWU9CR3RkTVEyNUE1akM3Q0hGZEx1cURSRitIbi9vZXRMZ3cK
+clR6bjljTU9FS0UzdC9seDlad1E1aHZ5QXNiQmRWWDc5L0NQSkRsVUYyNAotLS0g
+ZEMwTE83MWxYMUYzWVdiSXNxM1BoOEJNMzJHS3o4M1NzWXMyQWZwR3dDVQpp8Lb0
+E1vJN/UjSubXuFGT9NqLCYhc2n20m4v6sM7h4HYRh10pngyxapyN9DvUvY0maPpm
+S9afVD6V/XjxOUZ2lA==
+-----END AGE ENCRYPTED FILE-----
--- a/platforms/nixos/modules/nmasur/presets/services/arr/readarr-api-key.age
+++ b/platforms/nixos/modules/nmasur/presets/services/arr/readarr-api-key.age
@@ -0,0 +1,17 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBRRXo3
+ZmpER1kyWC9JUld3WVVTS0owb1RRZFhzNHRtT0dickJhbnQ1UWxRCjBIR3JxbGho
+c2h0bk8vV2lta2NzcXl0OXZYTzJ0ZkhNV3lPTVl0ZjQ0b00KLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIHlMWW4zNnJCTGNwcFRxOTQrTldzRFlENGd1TG4yRFJSQlhnSHVL
+TGlWdzAKMlZ4L0thbFZQWjZ0c3pJaE1XNmRtZmNKVTIxeTkwMFFGYWxKZTRMV3h0
+VQotPiBzc2gtZWQyNTUxOSBuanZYNUEgbm5pVE0zYzNQTW15c01DRk1HeDRLVlRW
+aGpkVUFHdG13THNDL1JlbEUyawp6SWQ5Nm1veDdwbCtDbjZPUkhQU0hkRXE1b1RY
+ZkxHY0ZqMFdvcGJ6WitvCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBWeE1LaU5TRkpK
+bElLQWNidHZQeTF6Yk80ZzVlL005RTEyZzlDR2dTSGg0CkdZK2VDSGtMTE43VWRY
+ZnA0cDRKc016OVYvZGpDcDFad3o5YmpoOGhVNGsKLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IDBEV3pWVEI3QjFRUnRjK0VPZFF6U09iTHljOE9jZ1lka1lpbU9BSEtOeFUK
+RlF0WEFBMElzU1pOdDBEenUrWEhsaFkrTWpUc0gzb1hVRjVpUGpyc25FcwotLS0g
+aXhPbUtHWXc4MXJ4bUtZOWlkdVNOMmo1N1U2NXlxdU5VVXltZXh5aDRyWQoCjoWs
+rOf41MK9789YHLzXMZNbMoWt9tHGfOGZKOyPhYFq/j2d88ZLtzEHAuHKvQ561ffK
+Si0uTiTcTCyhCr/rsQ==
+-----END AGE ENCRYPTED FILE-----
--- a/platforms/nixos/modules/nmasur/presets/services/arr/slskd.age
+++ b/platforms/nixos/modules/nmasur/presets/services/arr/slskd.age
@@ -0,0 +1,19 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBmaUlP
+QTFSRGlKbTVFalppZm9XczhOT2dKTkJpTDVDYTNGZWM2N05NTlRjCjVmUDdBb2VW
+M1BVMVlNdnoxWUNOTmkraVdhR3ZRTFJpTjMxT1duYS9HV3cKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIFdzczRSbDgyM3ZGN2tzV1VOeTFsQUtlY00xRWNTaTU5UmxLamFm
+NDVkQVEKa3ZkUmx2RnNjSGUwWGh2ZzVqK3JwckMwdy9LMmRBeGZ3Vk5wUHFMYUc3
+RQotPiBzc2gtZWQyNTUxOSBuanZYNUEgR3lvZ054YkRaNzg5ZDZBK2NrSElndC9P
+YnFUUm83c25hYVdSU2dMSytrWQp4ZWthazZLcVFiMUpoUWp1VEZvZjhlSGxSc0ZO
+blJnelkvNlc3aDVTOGQ0Ci0+IHNzaC1lZDI1NTE5IENxSU9VQSBUTHNNTUhwaHJT
+aUlxTGwzdHhaRytzc3VpVldMb29WNGQyTUN1VXVOZmhzCnYzWjZzZ055YTJtVE1x
+UTB4VjgwMzZzNmg2dVJrUVgxNnNSTXpqbURHaUkKLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IFhvR3orWEI0dXVqdGZlbGZyb3FaZ0JGeGdvbE1RSEQwVHNMTU5MLy91WGMK
+eldiMlJGeGNJY01OeElBZVNCaTIrMlhibEFZd3pReE5JMWJyMk00Nm9xZwotLS0g
+SGpVUzFtMjdHRFlCMmJqMjJJcGl1Z3Z4ZWJXaE9leTVQL016aFAyT3BoRQoM3TpF
+3xJOKidMRbB6bqccVENPZ3Truxk7xMC99xvAL9Z0BmjxzV23Z2Fl58xOSx+p7IdE
+HWIfSrfhHqhJwanTSeFTYCGEak/e2bljgP3t2j1jNuTJAyUgRWwJg92nOIVX/Q7m
+AbhM0tSWdRD7jipqKFt6vvem+QGH0NhenSTZHdKr5gasqHVP7/10MZGSueqwj/Jm
+Q3S1ToPvVyoH8DrXlsMX37Qwxn0fVmLIdOrhEhHPLxxRrwkf7bA6Zpk/gSMT
+-----END AGE ENCRYPTED FILE-----
--- a/platforms/nixos/modules/nmasur/presets/services/audiobookshelf.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/audiobookshelf.nix
@@ -19,10 +19,6 @@ in
    services.audiobookshelf = {
      enable = true;

-      # Setting a generic group to make it easier for the different programs
-      # that make use of the same files
-      group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
-
      # This is the default /var/lib/audiobookshelf
      dataDir = "audiobookshelf";
    };
--- a/platforms/nixos/modules/nmasur/presets/services/bind.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/bind.nix
@@ -23,6 +23,7 @@ let
    hostnames.books
    hostnames.download
    hostnames.photos
+    hostnames.audiobooks
  ];
  mkRecord = service: "${service}       A       ${localIp}";
  localRecords = lib.concatLines (map mkRecord localServices);
--- a/platforms/nixos/modules/nmasur/presets/services/caddy.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/caddy.nix
@@ -103,8 +103,9 @@ in
                  value = name;
                }) hostname_map;
              };
+
+              metrics = { }; # Enables Prometheus metrics
            };
-            apps.http.servers.metrics = { }; # Enables Prometheus metrics
            apps.tls.automation.policies = cfg.tlsPolicies;

            # Setup logging to journal and files
--- a/platforms/nixos/modules/nmasur/presets/services/calibre-web.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/calibre-web.nix
@@ -26,7 +26,7 @@ in
  config = lib.mkIf cfg.enable {

    services.calibre-web = {
-      group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
+      enable = true;
      openFirewall = true;
      options = {
        reverseProxyAuth.enable = false;
--- a/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare-api.age
+++ b/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare-api.age
@@ -1,17 +1,17 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBkckt3
-c1NtVEo1bm1XREk2ZE9PL1FkOFd0LzQ1R0J4TXN4VGd2clVrZ25NCjZKenFTdHFK
-MWVZSXI0NXdVTkhJQXRFRFBRRnIxRHZaOHY1UWVDYW9vTm8KLT4gc3NoLWVkMjU1
-MTkgWXlTVU1RIHBmRERwcXdGanBVV0JOczg0Q0hOa1dVM09EeGMxWmJDMm9YU2Mx
-djhxQkUKS2U2aHVza2JNdzltRW5wcWhqaTVPUEZoZGNWN2szQXlVYjZ3eXpwc2ZE
-OAotPiBzc2gtZWQyNTUxOSBuanZYNUEgbWU0WXA4RjVZWFdPcXZ5M1UwT3lON1JD
-cGhlRXZ2NEhWMHdEMitLWERqRQpKRGgwMUhISWE1Uk1ka1dteGo0dlhZcmNjVjN6
-QmJBQWo0Mko4aE5jUm9rCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBLaU9sSmRzMlFG
-NjBYYTBYeFErNXJwZGVtZ1kvVmVCOXBDZWVoNWhDZ2hrCnE2dkJJSk8rbDRvSHYy
-bEVTdXg0VTg1RzZUNi84K1ZvOVB2aUJzNHVPRkEKLT4gc3NoLWVkMjU1MTkgejFP
-Y1p3IEM0Mnlockc2SlA1bXJhdnpQNXFnQ2w5bzFSTWpIajJybTBIM3VuNTN5bFUK
-bXNIUVVhTzlRMUJTSEpJUURUMXZjRU5zczNjYnBUVVFmMDVEZllONjFjWQotLS0g
-NXdIUWduN2Q2eXFzNlFueFR6OWxITVBranpsNTdXaktiSFZ0TTBxRFNlNAr9JzVO
-Rhx5rG7CSGdYfeMcuzye4jyE2yiVKi5TVr/qp3vbDpyDQKZLlAUSF/K0rTY9K7Rm
-ocY+y/V9ffh3LO2m1Y6BkRqWRJ7v4wcsc3jNGjDHlSB7EqnOwMCXyQAg
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBKNXVz
+RCtWVURFT2JmbUk1dXdWQjJuSVBoamVGaHZUWDNJL1pyREZyTFN3CnVpTnRKSDR5
+U0N3QWZ6L3hpcEVEampWSUlDTVFvWmRuWEFKVUE0bmVDZ0UKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIGJ2czRsU2RWN2RaMnc5NEZNbEhxWTNTdkEydWpjd1NVQ0k2RHFC
+anVubU0KQkhxL1kwSGt3N21OSVJwcHJCM2p0TnlOQVJ5c2VTejJoL2ZZUGk4REtL
+bwotPiBzc2gtZWQyNTUxOSBuanZYNUEgaXFJR3IrVHVNQVhjNFFmN1d3ZHhZS04r
+K0FGRXppQkE4MHZhVUI5SHBWRQpxbDdqc2RYZmo0ejBOYUFCcGtrbXVZbDBJVVRJ
+Q2ZlQlFtYmQ4Z3dqcGIwCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBzNlQxNGxDRlNz
+amVMWjI2WFhIYTFIMDQxY1NDRXYvWU9LaUFQMVZMZjMwCm15a3lPVkkyMnZoOGx0
+bTdYbWtZWGQzTVBJb2g4WmM5Z25tcHhKWDNZencKLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IG1VWm1JRUUwUWhnWVMvdjdmaUZNN1F1eExXRU1xaXpzY2VFMTE3SWE3dzQK
+SWN5b3llVU5WSk1HNW1Wc1dvVm82a1NyQVQ4NmhjRExuQzB2UGpPSGFDcwotLS0g
+ZkdtZ1o4KzlveDBCdkx4eFc2RGNjUjFrb1ZyZXdjZHpLVWtkN2ZaenlKOArVhdOP
+2ifpmAQNOfBbQyY9UPhxPxrF7jnZ8B5jumaip8QJuh6xEYkF17tSEzTPVf6ER9wr
+OrND9IR2kbZVFAxb3/uUD9I3jegJ
 -----END AGE ENCRYPTED FILE-----
--- a/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix
@@ -67,8 +67,8 @@ in

    # Tell Caddy to use Cloudflare DNS for ACME challenge validation
    services.caddy.package = pkgs.caddy.withPlugins {
-      plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de" ];
-      hash = "sha256-3nvVGW+ZHLxQxc1VCc/oTzCLZPBKgw4mhn+O3IoyiSs=";
+      plugins = [ "github.com/caddy-dns/cloudflare@8cbec3f04d5b4a768c52941a5468c4b71436509e" ]; # v0.2.1
+      hash = "sha256-2D7dnG50CwtCho+U+iHmSj2w14zllQXPjmTHr6lJZ/A=";
    };
    nmasur.presets.services.caddy.tlsPolicies = [
      {
@@ -90,11 +90,14 @@ in
        ];
      }
    ];
+    systemd.services.caddy.serviceConfig = {
      # Allow Caddy to read Cloudflare API key for DNS validation
-    systemd.services.caddy.serviceConfig.EnvironmentFile = [
-      config.secrets.cloudflare-api.dest
+      # Allow Caddy to use letsencrypt account key for TLS verification
+      EnvironmentFile = [
        config.secrets.letsencrypt-key.dest
+        config.secrets.cloudflare-api-prefixed.dest
      ];
+    };

    # Private key is used for LetsEncrypt
    secrets.letsencrypt-key = {
@@ -111,15 +114,21 @@ in
      owner = "caddy";
      group = "caddy";
    };
-
+    secrets.cloudflare-api-prefixed = {
+      source = ./cloudflare-api.age;
+      dest = "${config.secretsDirectory}/cloudflare-api-prefixed";
+      owner = "caddy";
+      group = "caddy";
+      prefix = "CLOUDFLARE_API_TOKEN=";
+    };
    # Wait for secret to exist
    systemd.services.caddy = {
      after = [
-        "cloudflare-api-secret.service"
+        "cloudflare-api-prefixed-secret.service"
        "letsencrypt-key-secret.service"
      ];
      requires = [
-        "cloudflare-api-secret.service"
+        "cloudflare-api-prefixed-secret.service"
        "letsencrypt-key-secret.service"
      ];
    };
@@ -148,7 +157,24 @@ in
    systemd.services.cloudflare-dyndns = lib.mkIf config.services.cloudflare-dyndns.enable {
      after = [ "cloudflare-api-secret.service" ];
      requires = [ "cloudflare-api-secret.service" ];
+      script =
+        let
+          args = [
+            "--cache-file /var/lib/cloudflare-dyndns/ip.cache"
+          ]
+          ++ (if config.services.cloudflare-dyndns.ipv4 then [ "-4" ] else [ "-no-4" ])
+          ++ (if config.services.cloudflare-dyndns.ipv6 then [ "-6" ] else [ "-no-6" ])
+          ++ lib.optional config.services.cloudflare-dyndns.deleteMissing "--delete-missing"
+          ++ lib.optional config.services.cloudflare-dyndns.proxied "--proxied";
+        in
+        lib.mkForce ''
+          export CLOUDFLARE_API_TOKEN=$(cat ''${CREDENTIALS_DIRECTORY}/apiToken)
+          exec ${lib.getExe pkgs.cloudflare-dyndns} ${toString args}
+        '';
    };

+    # Enable the home-made service that we created for non-proxied records
+    services.cloudflare-dyndns-noproxy.enable = true;
+
  };
 }
--- a/platforms/nixos/modules/nmasur/presets/services/cloudflared.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/cloudflared.nix
@@ -94,9 +94,6 @@ in
    secrets.cloudflared = {
      source = cfg.tunnel.credentialsFile;
      dest = "${config.secretsDirectory}/cloudflared";
-      owner = "cloudflared";
-      group = "cloudflared";
-      permissions = "0440";
    };
    systemd.services.cloudflared-secret = {
      requiredBy = [ "cloudflared-tunnel-${cfg.tunnel.id}.service" ];
--- a/platforms/nixos/modules/nmasur/presets/services/filebrowser.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/filebrowser.nix
@@ -13,10 +13,17 @@ in

  config = lib.mkIf cfg.enable {

-    services.filebrowser = {
+    nmasur.services.filebrowser = {
      enable = true;
      # Generate password: htpasswd -nBC 10 "" | tr -d ':\n'
      passwordHash = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
+      # settings = {
+      #   database = "/var/lib/filebrowser/filebrowser.db";
+      #   port = 8020;
+      #   address = "localhost";
+      #   log = "stdout";
+      #   "auth.method" = "json";
+      # };
    };

    nmasur.presets.services.caddy.routes = [
--- a/platforms/nixos/modules/nmasur/presets/services/gitea.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/gitea.nix
@@ -20,6 +20,7 @@ in
      settings = {
        actions.ENABLED = true;
        metrics.ENABLED = true;
+        mailer.SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
        repository = {
          # Pushing to a repo that doesn't exist automatically creates one as
          # private.
@@ -94,6 +95,9 @@ in
    # Configure Cloudflare DNS to point to this machine
    services.cloudflare-dyndns.domains = [ hostnames.git ];

+    # Configure DNS to point to this machine without a proxy
+    nmasur.presets.services.cloudflare.noProxyDomains = [ "ssh.${hostnames.git}" ];
+
    # Scrape the metrics endpoint for Prometheus.
    nmasur.presets.services.prometheus-exporters.scrapeTargets = [
      "127.0.0.1:${builtins.toString config.services.gitea.settings.server.HTTP_PORT}"
--- a/platforms/nixos/modules/nmasur/presets/services/immich.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/immich.nix
@@ -13,7 +13,6 @@ in
    services.immich = {
      enable = true;
      port = 2283;
-      group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
      database.enable = true;
      redis.enable = true;
      machine-learning.enable = true;
--- a/platforms/nixos/modules/nmasur/presets/services/jellyfin.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/jellyfin.nix
@@ -18,10 +18,11 @@ in

  config = lib.mkIf cfg.enable {

-    services.jellyfin.group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
-    users.users.jellyfin = {
-      isSystemUser = true;
-    };
+    services.jellyfin.enable = true;
+
+    # users.users.jellyfin = {
+    #   isSystemUser = true;
+    # };

    nmasur.presets.services.caddy.routes = [
      # Prevent public access to Prometheus metrics.
@@ -77,9 +78,6 @@ in
      "video"
    ]; # Access to /dev/dri

-    # Fix issue where Jellyfin-created directories don't allow access for media group
-    systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0007";
-
    # Requires MetricsEnable is true in /var/lib/jellyfin/config/system.xml
    nmasur.presets.services.prometheus-exporters.scrapeTargets = [ "127.0.0.1:8096" ];
  };
--- a/platforms/nixos/modules/nmasur/presets/services/karakeep.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/karakeep.nix
@@ -0,0 +1,46 @@
+{
+  config,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.presets.services.karakeep;
+  inherit (config.nmasur.settings) hostnames;
+in
+
+{
+  options.nmasur.presets.services.karakeep.enable = lib.mkEnableOption "Karakeep bookmark manager";
+
+  config = lib.mkIf cfg.enable {
+    services.karakeep = {
+      enable = true;
+      meilisearch.enable = true;
+      extraEnvironment = {
+        PORT = "5599";
+        DISABLE_SIGNUPS = "true";
+        DISABLE_NEW_RELEASE_CHECK = "true";
+        CRAWLER_FULL_PAGE_SCREENSHOT = "true";
+        CRAWLER_FULL_PAGE_ARCHIVE = "true";
+      };
+    };
+
+    nmasur.presets.services.caddy.routes = [
+      {
+        match = [ { host = [ hostnames.bookmarks ]; } ];
+        handle = [
+          {
+            handler = "reverse_proxy";
+            upstreams = [
+              { dial = "localhost:${config.services.karakeep.extraEnvironment.PORT}"; }
+            ];
+          }
+        ];
+      }
+    ];
+
+    # Configure Cloudflare DNS to point to this machine
+    services.cloudflare-dyndns.domains = [ hostnames.bookmarks ];
+
+  };
+}
--- a/Show More
+++ b/Show More