auto-upgrades and notify using email

add killall to utilities
enable msmtp and ignore mbsyncstate files
2025-07-06 17:50:15 +00:00 · 2023-07-28 23:28:08 -04:00 · 2023-07-28 18:49:48 -04:00 · 2023-07-28 18:49:24 -04:00 · 2023-07-28 18:46:59 -04:00 · 2023-07-26 11:55:58 -04:00
334 changed files with 6520 additions and 4561 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,7 +3,6 @@
 *.db
 **/.direnv/**
 result
 .luarc.json
 private/**
 templates/**/flake.lock
 !private/**.age
 !private/**.sha512
--- a/README.md
+++ b/README.md
@ -1,99 +1,69 @@
 # System Configurations
 This repository contains configuration files for my NixOS, macOS, and WSL
 hosts.
 They are organized and managed by [Nix](https://nixos.org), so some of the
 configuration may be difficult to translate to a non-Nix system.
-However, some of the configurations are easier to lift directly:
+## System Features
- [Neovim](https://github.com/nmasur/dotfiles/tree/master/modules/neovim/lua)
+| Feature        | Program                                             | Configuration                                 |
- [Fish functions](https://github.com/nmasur/dotfiles/tree/master/modules/shell/fish/functions)
+| ---            | ---                                                 | ---                                           |
- [More fish aliases](https://github.com/nmasur/dotfiles/blob/master/modules/shell/fish/default.nix)
+| OS             | [NixOS](https://nixos.org)                          | [Link](./modules/nixos)                       |
- [Git aliases](https://github.com/nmasur/dotfiles/blob/master/modules/shell/git.nix)
+| Display Server | [X11](https://www.x.org/wiki/)                      | [Link](./modules/nixos/graphical/xorg.nix)    |
- [Hammerspoon](https://github.com/nmasur/dotfiles/tree/master/modules/darwin/hammerspoon)
+| Compositor     | [Picom](https://github.com/yshui/picom)             | [Link](./modules/nixos/graphical/picom.nix)   |
 | Window Manager | [i3](https://i3wm.org/)                             | [Link](./modules/nixos/graphical/i3.nix)      |
 | Panel          | [Polybar](https://polybar.github.io/)               | [Link](./modules/nixos/graphical/polybar.nix) |
 | Font           | [Victor Mono](https://rubjo.github.io/victor-mono/) | [Link](./modules/nixos/graphical/fonts.nix)   |
 | Launcher       | [Rofi](https://github.com/davatorium/rofi)          | [Link](./modules/nixos/graphical/rofi.nix)    |
 ## User Features
 | Feature      | Program                                                                          | Configuration                                      |
 | ---          | ---                                                                              | ---                                                |
 | Dotfiles     | [Home-Manager](https://github.com/nix-community/home-manager)                    | [Link](./modules/common)                           |
 | Terminal     | [Kitty](https://sw.kovidgoyal.net/kitty/)                                        | [Link](./modules/common/applications/kitty.nix)    |
 | Shell        | [Fish](https://fishshell.com/)                                                   | [Link](./modules/common/shell/fish)                |
 | Shell Prompt | [Starship](https://starship.rs/)                                                 | [Link](./modules/common/shell/starhip.nix)         |
 | Colorscheme  | [Gruvbox](https://github.com/morhetz/gruvbox)                                    | [Link](./colorscheme/gruvbox/default.nix)          |
 | Wallpaper    | [Road](https://gitlab.com/exorcist365/wallpapers/-/blob/master/gruvbox/road.jpg) | [Link](./hosts/tempest/default.nix)                |
 | Text Editor  | [Neovim](https://neovim.io/)                                                     | [Link](./modules/common/neovim/config)             |
 | Browser      | [Firefox](https://www.mozilla.org/en-US/firefox/new/)                            | [Link](./modules/common/applications/firefox.nix)  |
 | E-Mail       | [Aerc](https://aerc-mail.org/)                                                   | [Link](./modules/common/mail/aerc.nix)             |
 | File Manager | [Nautilus](https://wiki.gnome.org/action/show/Apps/Files)                        | [Link](./modules/common/applications/nautilus.nix) |
 | PDF Reader   | [Zathura](https://pwmt.org/projects/zathura/)                                    | [Link](./modules/common/applications/media.nix)    |
 | Video Player | [mpv](https://mpv.io/)                                                           | [Link](./modules/common/applications/media.nix)    |
 ## macOS Features
 | Feature  | Program                                     | Configuration                        |
 | ---      | ---                                         | ---                                  |
 | Keybinds | [Hammerspoon](https://www.hammerspoon.org/) | [Link](./modules/darwin/hammerspoon) |
 ---
 # Installation
-## NixOS - From Live Disk
+Click [here](./docs/installation.md) for detailed installation instructions.
-Format drives and build system from any NixOS host, including the live
+# Neovim
 installer disk:
-**This will erase your drives; use at your own risk!**
+Try out my Neovim config with nix:
 ```bash
-lsblk # Choose the disk you want to wipe
+nix run github:nmasur/dotfiles#neovim
 nix-shell -p nixVersions.stable
 nix run github:nmasur/dotfiles#installer -- nvme0n1 desktop
 ```
-## NixOS - From Existing System
+Or build it as a package:
 If you're already running NixOS, you can switch to this configuration with the
 following command:
 ```bash
-nix-shell -p nixVersions.stable
+nix build github:nmasur/dotfiles#neovim
 sudo nixos-rebuild switch --flake github:nmasur/dotfiles#desktop
 ```
-## Windows - From NixOS WSL
+If you already have a Neovim configuration, you may need to move it out of
-
+`~/.config/nvim` or set `XDG_CONFIG_HOME` to another value; otherwise both
-After [installing NixOS on
+configs might conflict with each other.
 WSL](https://xeiaso.net/blog/nix-flakes-4-wsl-2022-05-01), you can switch to
 the WSL configuration:
 ```
 nix-shell -p nixVersions.stable
 sudo nixos-rebuild switch --flake github:nmasur/dotfiles#wsl
 ```
 You should also download the
 [FiraCode](https://github.com/ryanoasis/nerd-fonts/releases/download/v2.2.2/FiraCode.zip)
 font and install it on Windows. Install [Alacritty](https://alacritty.org/) and
 move the `windows/alacritty.yml` file to
 `C:\Users\<user>\AppData\Roaming\alacritty`.
 ## macOS
 To get started on a bare macOS installation, first install Nix:
 ```bash
 sh -c "$(curl -L https://nixos.org/nix/install)"
 ```
 Then use Nix to build nix-darwin:
 ```bash
 nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A installer
 ./result/bin/darwin-installer
 ```
 Then switch to the macOS configuration:
 ```bash
 darwin-rebuild switch --flake github:nmasur/dotfiles#macbook
 ```
 ### Dealing with corporate MITM SSL certificates:
 ```bash
 # Get the certificates
 openssl s_client -showcerts -verify 5 -connect cache.nixos.org:443 < /dev/null
 # Paste them in here
 sudo nvim $NIX_SSL_CERT_FILE
 ```
 ### Dealing with Neovim issues:
 Update Neovim Packer plugins: `:PackerSync`
 Update TreeSitter languages: `:TSUpdateSync`
 ---
 # Flake Templates
--- a/apps/default.nix
+++ b/apps/default.nix
@ -1,13 +1,20 @@
 { pkgs, ... }: rec {
-  default = readme;
+  # Show quick helper
  default = import ./help.nix { inherit pkgs; };
-  # Format and install from nothing
+  # Format primary disk
  format-root = import ./format-root.nix { inherit pkgs; };
  # Format and install from nothing (deprecated)
  installer = import ./installer.nix { inherit pkgs; };
  # Display the readme for this repository
  readme = import ./readme.nix { inherit pkgs; };
  # Rebuild
  rebuild = import ./rebuild.nix { inherit pkgs; };
  # Load the SSH key for this machine
  loadkey = import ./loadkey.nix { inherit pkgs; };
@ -20,4 +27,8 @@
  # Connect machine metrics to Netdata Cloud
  netdata = import ./netdata-cloud.nix { inherit pkgs; };
  # Run neovim as an app
  neovim = import ./neovim.nix { inherit pkgs; };
  nvim = neovim;
 }
--- a/apps/encrypt-secret.nix
+++ b/apps/encrypt-secret.nix
@ -11,7 +11,7 @@
    tmpfile=$(mktemp)
    echo "''${secret}" > ''${tmpfile}
    ${pkgs.age}/bin/age --encrypt --armor --recipients-file ${
-      builtins.toString ../hosts/public-keys
+      builtins.toString ../public-keys
    } $tmpfile
    rm $tmpfile
  '');
--- a/apps/format-root.nix
+++ b/apps/format-root.nix
@ -0,0 +1,39 @@
 { pkgs, ... }: {
  # This script will partition and format drives; use at your own risk!
  type = "app";
  program = builtins.toString (pkgs.writeShellScript "format-root" ''
    set -e
    DISK=$1
    if [ -z "''${DISK}" ]; then
        ${pkgs.gum}/bin/gum style --width 50 --margin "1 2" --padding "2 4" \
            --foreground "#fb4934" \
            "Missing required parameter." \
            "Usage: format-root -- <disk>" \
            "Flake example: nix run github:nmasur/dotfiles#format-root -- nvme0n1"
        echo "(exiting)"
        exit 1
    fi
    ${pkgs.disko-packaged}/bin/disko \
        --mode create \
        --dry-run \
        --flake "path:$(pwd)#root" \
        --arg disk \""/dev/''${DISK}"\"
    ${pkgs.gum}/bin/gum confirm \
        "This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \
        --default=false
    ${pkgs.disko-packaged}/bin/disko \
        --mode create \
        --flake "path:$(pwd)#root" \
        --arg disk "/dev/''${DISK}"
  '');
 }
--- a/apps/help.nix
+++ b/apps/help.nix
@ -0,0 +1,23 @@
 { pkgs, ... }: {
  type = "app";
  program = builtins.toString (pkgs.writeShellScript "default" ''
    ${pkgs.gum}/bin/gum style --margin "1 2" --padding "0 2" --foreground "15" --background "55" "Options"
    ${pkgs.gum}/bin/gum format --type=template -- '  {{ Italic "Run with" }} {{ Color "15" "69" " nix run github:nmasur/dotfiles#" }}{{ Color "15" "62" "someoption" }}{{ Color "15" "69" " " }}.'
    echo ""
    echo ""
    ${pkgs.gum}/bin/gum format --type=template -- \
        '  • {{ Color "15" "57" " readme " }} {{ Italic "Documentation for this repository." }}' \
        '  • {{ Color "15" "57" " rebuild " }} {{ Italic "Switch to this configuration." }}' \
        '  • {{ Color "15" "57" " installer " }} {{ Italic "Format and install from nothing." }}' \
        '  • {{ Color "15" "57" " neovim " }} {{ Italic "Test out the Neovim package." }}' \
        '  • {{ Color "15" "57" " loadkey " }} {{ Italic "Load an ssh key for this machine using melt." }}' \
        '  • {{ Color "15" "57" " encrypt-secret " }} {{ Italic "Encrypt a secret for all machines." }}' \
        '  • {{ Color "15" "57" " reencrypt-secrets " }} {{ Italic "Reencrypt all secrets when new machine is added." }}' \
        '  • {{ Color "15" "57" " netdata " }} {{ Italic "Connect a machine to Netdata cloud." }}'
    echo ""
    echo ""
  '');
 }
--- a/apps/neovim.nix
+++ b/apps/neovim.nix
@ -0,0 +1,12 @@
 { pkgs, ... }: {
  type = "app";
  program = "${
      (import ../modules/common/neovim/package {
        inherit pkgs;
        colors = (import ../colorscheme/nord).dark;
      })
    }/bin/nvim";
 }
--- a/apps/readme.nix
+++ b/apps/readme.nix
@ -3,7 +3,7 @@
  type = "app";
  program = builtins.toString (pkgs.writeShellScript "readme" ''
-    ${pkgs.glow}/bin/glow ${builtins.toString ../README.md}
+    ${pkgs.glow}/bin/glow --pager ${builtins.toString ../README.md}
  '');
 }
--- a/apps/rebuild.nix
+++ b/apps/rebuild.nix
@ -0,0 +1,15 @@
 { pkgs, ... }: {
  type = "app";
  program = builtins.toString (pkgs.writeShellScript "rebuild" ''
    echo ${pkgs.system}
    SYSTEM=${if pkgs.stdenv.isDarwin then "darwin" else "linux"}
    if [ "$SYSTEM" == "darwin" ]; then
        sudo darwin-rebuild switch --flake ${builtins.toString ../.}
    else
        doas nixos-rebuild switch --flake ${builtins.toString ../.}
    fi
  '');
 }
--- a/apps/reencrypt-secrets.nix
+++ b/apps/reencrypt-secrets.nix
@ -17,7 +17,7 @@
        --identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile
      echo "Encrypting ''${encryptedfile}..."
      ${pkgs.age}/bin/age --encrypt --armor --recipients-file ${
-        builtins.toString ../hosts/public-keys
+        builtins.toString ../public-keys
      } $tmpfile > $encryptedfile
      rm $tmpfile
    done
--- a/colorscheme/everforest/default.nix
+++ b/colorscheme/everforest/default.nix
@ -0,0 +1,24 @@
 {
  name = "everforest"; # dark, hard
  author = "Sainnhe Park";
  dark = {
    base00 = "#2b3339"; # Default Background
    base01 = "#323c41"; # Lighter Background
    base02 = "#503946"; # Selection Background
    base03 = "#868d80"; # Comments, Invisibles, Line Highlighting
    base04 = "#d3c6aa"; # Dark Foreground (Used for status bars)
    base05 = "#d3c6aa"; # Default Foreground, Caret, Delimiters, Operators
    base06 = "#e9e8d2"; # Light Foreground (Not often used)
    base07 = "#fff9e8"; # Light Background (Not often used)
    base08 = "#7fbbb3"; # Variables, XML Tags, Markup Link Text, ...
    base09 = "#d699b6"; # Integers, Boolean, Constants, ...
    base0A = "#83c092"; # Classes, Markup Bold, Search Text Background
    base0B = "#dbbc7f"; # Strings, Inherited Class, Markup Code, Diff Inserted
    base0C = "#e69875"; # Support, Regular Expressions, Escape Characters, ...
    base0D = "#a7c080"; # Functions, Methods, Attribute IDs, Headings
    base0E =
      "#e67e80"; # Keywords, Storage, Selector, Markup Italic, Diff Changed
    base0F =
      "#d699b6"; # Deprecated, Opening/Closing Embedded Language Tags, ...
  };
 }
--- a/colorscheme/gruvbox-dark/default.nix
+++ b/colorscheme/gruvbox-dark/default.nix
@ -0,0 +1,45 @@
 # Gruvbox with a darker background for greater contrast
 {
  name = "gruvbox-dark"; # Dark, Medium
  author =
    "Dawid Kurek (dawikur@gmail.com), morhetz (https://github.com/morhetz/gruvbox), ElRastaOk (https://www.reddit.com/user/ElRastaOk)";
  dark = {
    base00 = "#1D2122"; # ---- This is the change from normal gruvbox
    base01 = "#3c3836"; # ---
    base02 = "#504945"; # --
    base03 = "#665c54"; # -
    base04 = "#bdae93"; # +
    base05 = "#d5c4a1"; # ++
    base06 = "#ebdbb2"; # +++
    base07 = "#fbf1c7"; # ++++
    base08 = "#fb4934"; # red
    base09 = "#fe8019"; # orange
    base0A = "#fabd2f"; # yellow
    base0B = "#b8bb26"; # green
    base0C = "#8ec07c"; # aqua/cyan
    base0D = "#83a598"; # blue
    base0E = "#d3869b"; # purple
    base0F = "#d65d0e"; # brown
    batTheme = "gruvbox-dark";
  };
  light = {
    base00 = "#fbf1c7"; # ----
    base01 = "#ebdbb2"; # ---
    base02 = "#d5c4a1"; # --
    base03 = "#bdae93"; # -
    base04 = "#665c54"; # +
    base05 = "#504945"; # ++
    base06 = "#3c3836"; # +++
    base07 = "#1D2122"; # ++++ Adjusted darker here
    base08 = "#9d0006"; # red
    base09 = "#af3a03"; # orange
    base0A = "#b57614"; # yellow
    base0B = "#79740e"; # green
    base0C = "#427b58"; # aqua/cyan
    base0D = "#076678"; # blue
    base0E = "#8f3f71"; # purple
    base0F = "#d65d0e"; # brown
    batTheme = "gruvbox-light";
  };
 }
--- a/modules/colorscheme/gruvbox/default.nix
+++ b/modules/colorscheme/gruvbox/default.nix
@ -19,7 +19,6 @@
    base0D = "#83a598"; # blue
    base0E = "#d3869b"; # purple
    base0F = "#d65d0e"; # brown
    neovimConfig = ./neovim.lua;
    batTheme = "gruvbox-dark";
  };
  light = {
@ -39,7 +38,6 @@
    base0D = "#076678"; # blue
    base0E = "#8f3f71"; # purple
    base0F = "#d65d0e"; # brown
    neovimConfig = ./neovim.lua;
    batTheme = "gruvbox-light";
  };
 }
--- a/colorscheme/nord/default.nix
+++ b/colorscheme/nord/default.nix
@ -0,0 +1,23 @@
 {
  name = "nord";
  author = "arcticicestudio";
  dark = {
    base00 = "#2E3440";
    base01 = "#3B4252";
    base02 = "#434C5E";
    base03 = "#4C566A";
    base04 = "#D8DEE9";
    base05 = "#E5E9F0";
    base06 = "#ECEFF4";
    base07 = "#8FBCBB";
    base08 = "#88C0D0";
    base09 = "#81A1C1";
    base0A = "#5E81AC";
    base0B = "#BF616A";
    base0C = "#D08770";
    base0D = "#EBCB8B";
    base0E = "#A3BE8C";
    base0F = "#B48EAD";
    batTheme = "nord";
  };
 }
--- a/disks/root.nix
+++ b/disks/root.nix
@ -0,0 +1,42 @@
 { disk, ... }: {
  disk = {
    boot = {
      type = "disk";
      device = disk;
      content = {
        type = "table";
        format = "gpt";
        partitions = [
          # Boot partition
          {
            name = "ESP";
            start = "0";
            end = "512MiB";
            fs-type = "fat32";
            bootable = true;
            content = {
              type = "filesystem";
              format = "vfat";
              mountpoint = "/boot";
              extraArgs = [ "-n boot" ];
            };
          }
          # Root partition ext4
          {
            name = "root";
            start = "512MiB";
            end = "100%";
            part-type = "primary";
            bootable = true;
            content = {
              type = "filesystem";
              format = "ext4";
              mountpoint = "/";
              extraArgs = [ "-L nixos" ];
            };
          }
        ];
      };
    };
  };
 }
--- a/disks/zfs.nix
+++ b/disks/zfs.nix
@ -0,0 +1,95 @@
 { pool, disks, ... }: {
  disk = lib.genAttrs disks (disk: {
    "${disk}" = {
      type = "disk";
      device = "/dev/${disk}";
      content = {
        type = "table";
        format = "gpt";
        partitions = [{
          type = "partition";
          name = "zfs";
          start = "128MiB";
          end = "100%";
          content = {
            type = "zfs";
            pool = pool;
          };
        }];
      };
    };
  });
  zpool = {
    "${pool}" = {
      type = "zpool";
      mode = "raidz1";
      rootFsOptions = {
        compression = "on"; # lz4 by default
        "com.sun:auto-snapshot" = "false";
        ashift = "12";
      };
      # mountpoint = "/";
      datasets = {
        root = {
          zfs_type = "filesystem";
          mountpoint = null;
          options."com.sun:auto-snapshot" = "false";
        };
        # "media/movies" = {
        #   zfs_type = "filesystem";
        #   mountpoint = "/media/movies";
        #   options.recordsize = "1M";
        # };
        # "media/tv" = {
        #   zfs_type = "filesystem";
        #   mountpoint = "/media/tv";
        #   options.recordsize = "1M";
        # };
        # "media/books" = {
        #   zfs_type = "filesystem";
        #   mountpoint = "/media/books";
        # };
        # archive = {
        #   zfs_type = "filesystem";
        #   mountpoint = "/archive";
        #   options.compression = "zstd";
        #   options."com.sun:auto-snapshot" = "true";
        # };
        # zfs_unmounted_fs = {
        #   zfs_type = "filesystem";
        #   options.mountpoint = "none";
        # };
        # zfs_legacy_fs = {
        #   zfs_type = "filesystem";
        #   options.mountpoint = "legacy";
        #   mountpoint = "/zfs_legacy_fs";
        # };
        # zfs_testvolume = {
        #   zfs_type = "volume";
        #   size = "10M";
        #   content = {
        #     type = "filesystem";
        #     format = "ext4";
        #     mountpoint = "/ext4onzfs";
        #   };
        # };
        # encrypted = {
        #   zfs_type = "filesystem";
        #   size = "20M";
        #   options = {
        #     mountpoint = "none";
        #     encryption = "aes-256-gcm";
        #     keyformat = "passphrase";
        #     keylocation = "file:///tmp/secret.key";
        #   };
        # };
        # "encrypted/test" = {
        #   zfs_type = "filesystem";
        #   size = "2M";
        #   mountpoint = "/zfs_crypted";
        # };
      };
    };
  };
 }
--- a/docs/installation.md
+++ b/docs/installation.md
@ -0,0 +1,67 @@
 [Back to README](../README.md)
 ---
 # Installation
 ## NixOS - From Live Disk
 Format drives and build system from any NixOS host, including the live
 installer disk:
 **This will erase your drives; use at your own risk!**
 ```bash
 lsblk # Choose the disk you want to wipe
 nix-shell -p nixVersions.stable
 nix run github:nmasur/dotfiles#installer -- nvme0n1 tempest
 ```
 ## NixOS - From Existing System
 If you're already running NixOS, you can switch to this configuration with the
 following command:
 ```bash
 nix-shell -p nixVersions.stable
 sudo nixos-rebuild switch --flake github:nmasur/dotfiles#tempest
 ```
 ## Windows - From NixOS WSL
 After [installing NixOS on
 WSL](https://xeiaso.net/blog/nix-flakes-4-wsl-2022-05-01), you can switch to
 the WSL configuration:
 ```
 nix-shell -p nixVersions.stable
 sudo nixos-rebuild switch --flake github:nmasur/dotfiles#hydra
 ```
 You should also download the
 [FiraCode](https://github.com/ryanoasis/nerd-fonts/releases/download/v2.2.2/FiraCode.zip)
 font and install it on Windows. Install [Alacritty](https://alacritty.org/) and
 move the `windows/alacritty.yml` file to
 `C:\Users\<user>\AppData\Roaming\alacritty`.
 ## macOS
 To get started on a bare macOS installation, first install Nix:
 ```bash
 sh -c "$(curl -L https://nixos.org/nix/install)"
 ```
 Then use Nix to build nix-darwin:
 ```bash
 nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A installer
 ./result/bin/darwin-installer
 ```
 Then switch to the macOS configuration:
 ```bash
 darwin-rebuild switch --flake github:nmasur/dotfiles#lookingglass
 ```
--- a/docs/restore-calibre.md
+++ b/docs/restore-calibre.md
@ -0,0 +1,23 @@
 # Restoring Calibre From Backup
 The `metadata.db` holds the library and `app.db` and `gdrive.db` contain the
 web/account information.
 Place books directories in `/data/books/`.
 Place `metadata.db` in `/var/lib/calibre-web-db/`.
 Symlink `metadata.db` to the library:
 ```
 sudo ln -s /var/lib/calibre-web-db/metadata.db /data/books/metadata.db
 ```
 Place `app.db` and `gdrive.db` in `/var/lib/calibre-web/`.
 Restart Calibre:
 ```
 sudo systemctl restart calibre-web.service
 ```
--- a/docs/restore-nextcloud.md
+++ b/docs/restore-nextcloud.md
@ -0,0 +1,43 @@
 # Restoring Nextcloud From Backup
 Install the `litestream` package.
 ```
 nix-shell --run fish -p litestream
 ```
 Set the S3 credentials:
 ```
 set -x AWS_ACCESS_KEY_ID (read)
 set -x AWS_SECRET_ACCESS_KEY (read)
 ```
 Restore from S3:
 ```
 litestream restore -o nextcloud.db s3://noahmasur-backup.s3.us-west-002.backblazeb2.com/nextcloud
 ```
 Install Nextcloud. Then copy DB:
 ```
 sudo rm /data/nextcloud/data/nextcloud.db*
 sudo mv nextcloud.db /data/nextcloud/data/
 sudo chown nextcloud:nextcloud /data/nextcloud/data/nextcloud.db
 sudo chmod 770 /data/nextcloud/data/nextcloud.db
 ```
 Restart Nextcloud:
 ```
 sudo systemctl restart phpfpm-nextcloud.service
 ```
 Adjust Permissions and Directories:
 ```
 sudo mkdir /data/nextcloud/data/noah/files
 sudo chown nextcloud:nextcloud /data/nextcloud/data/noah/files
 ```
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,71 @@
 {
  "nodes": {
    "Comment-nvim-src": {
      "flake": false,
      "locked": {
        "lastModified": 1681214440,
        "narHash": "sha256-48hy+hiaDJLlgWqC7IeZI3dT+VwWkRo4atQbyPxu/ys=",
        "owner": "numToStr",
        "repo": "Comment.nvim",
        "rev": "e51f2b142d88bb666dcaa77d93a07f4b419aca70",
        "type": "github"
      },
      "original": {
        "owner": "numToStr",
        "ref": "v0.8.0",
        "repo": "Comment.nvim",
        "type": "github"
      }
    },
    "baleia-nvim-src": {
      "flake": false,
      "locked": {
        "lastModified": 1681806450,
        "narHash": "sha256-jxRlIzWbnSj89032msc5w+2TVt7zVyzlxdXxiH1dQqY=",
        "owner": "m00qek",
        "repo": "baleia.nvim",
        "rev": "00bb4af31c8c3865b735d40ebefa6c3f07b2dd16",
        "type": "github"
      },
      "original": {
        "owner": "m00qek",
        "repo": "baleia.nvim",
        "type": "github"
      }
    },
    "bufferline-nvim-src": {
      "flake": false,
      "locked": {
        "lastModified": 1687763763,
        "narHash": "sha256-wbOeylzjjScQXkrDbBU2HtrOZrp2YUK+wQ2aOkgxmRQ=",
        "owner": "akinsho",
        "repo": "bufferline.nvim",
        "rev": "bf2f6b7edd0abf6b0732f5e5c0a8f30e51611c75",
        "type": "github"
      },
      "original": {
        "owner": "akinsho",
        "ref": "v4.2.0",
        "repo": "bufferline.nvim",
        "type": "github"
      }
    },
    "cmp-nvim-lsp-src": {
      "flake": false,
      "locked": {
        "lastModified": 1687494203,
        "narHash": "sha256-mU0soCz79erJXMMqD/FyrJZ0mu2n6fE0deymPzQlxts=",
        "owner": "hrsh7th",
        "repo": "cmp-nvim-lsp",
        "rev": "44b16d11215dce86f253ce0c30949813c0a90765",
        "type": "github"
      },
      "original": {
        "owner": "hrsh7th",
        "repo": "cmp-nvim-lsp",
        "type": "github"
      }
    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
@ -7,11 +73,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1666776005,
+        "lastModified": 1690247892,
-        "narHash": "sha256-HwSMF19PpczfqNHKcFsA6cF4PVbG00uUSdbq6q3jB5o=",
+        "narHash": "sha256-WMGc1yq1cqRd+kzjWgbvHxckJIe8VQfiZ5RfR8tgABw=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "f6648ca0698d1611d7eadfa72b122252b833f86c",
+        "rev": "efd35d99ce412335c478dff9da9a4256bbd39757",
        "type": "github"
      },
      "original": {
@ -21,16 +87,38 @@
        "type": "github"
      }
    },
-    "firefox-darwin": {
+    "disko": {
      "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1668992358,
+        "lastModified": 1690148072,
-        "narHash": "sha256-24iH+wIbE1bKCFmqslwOpfrDypJ40mk1uGIqRUxDXxY=",
+        "narHash": "sha256-R7bk2ij1b06Wc8S3L/guz6Mape5HtKp/YZUyJaxSFa8=",
        "owner": "nix-community",
        "repo": "disko",
        "rev": "713eb78002e69bd77f5a69595756fd2e564233f3",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "disko",
        "type": "github"
      }
    },
    "firefox-darwin": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1689987164,
        "narHash": "sha256-piroYVZtJ6hK1QRBtof4d701FRchO+FgkFK4JwMOWxI=",
        "owner": "bandithedoge",
        "repo": "nixpkgs-firefox-darwin",
-        "rev": "066d4fd658acd075b45405eda9e3bca6a71a47b1",
+        "rev": "9f5f2b9396724b807818f889abfa7ccf61e20afa",
        "type": "github"
      },
      "original": {
@ -42,11 +130,11 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1650374568,
+        "lastModified": 1673956053,
-        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
        "type": "github"
      },
      "original": {
@ -57,11 +145,47 @@
    },
    "flake-utils": {
      "locked": {
-        "lastModified": 1659877975,
+        "lastModified": 1678901627,
-        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_2": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1685518550,
        "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_3": {
      "inputs": {
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1689068808,
        "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
        "type": "github"
      },
      "original": {
@ -74,15 +198,14 @@
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
-        ],
+        ]
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1666903647,
+        "lastModified": 1690208251,
-        "narHash": "sha256-sFI1Gh9DTGzHnBINondupUGYbe+T0wZcpcZjkW0qffM=",
+        "narHash": "sha256-eb/KANeuQADVl5j4wVid4jyPCOMTorSI2+gqoXp3LME=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "213a06295dff96668a1d673b9fd1c03ce1de6745",
+        "rev": "d309a62ee81faec56dd31a263a0184b0e3227e36",
        "type": "github"
      },
      "original": {
@ -92,13 +215,57 @@
        "type": "github"
      }
    },
    "nil": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
        ],
        "rust-overlay": "rust-overlay"
      },
      "locked": {
        "lastModified": 1680544266,
        "narHash": "sha256-d/TusDXmIo8IT5DNRA21lN+nOVSER8atIx9TJteR6LQ=",
        "owner": "oxalica",
        "repo": "nil",
        "rev": "56a1fa87b98a9508920f4b0ab8fe36d5b54b2362",
        "type": "github"
      },
      "original": {
        "owner": "oxalica",
        "ref": "2023-04-03",
        "repo": "nil",
        "type": "github"
      }
    },
    "nix2vim": {
      "inputs": {
        "flake-utils": "flake-utils_2",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1685980282,
        "narHash": "sha256-uQyVaoqkiocA8bXKMfrgizuKmz0hUzHye5owFoUd2AQ=",
        "owner": "gytis-ivaskevicius",
        "repo": "nix2vim",
        "rev": "3836a348503ae27340c7f83f0bc7bcb907f3781d",
        "type": "github"
      },
      "original": {
        "owner": "gytis-ivaskevicius",
        "repo": "nix2vim",
        "type": "github"
      }
    },
    "nixlib": {
      "locked": {
-        "lastModified": 1636849918,
+        "lastModified": 1689469483,
-        "narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=",
+        "narHash": "sha256-2SBhY7rZQ/iNCxe04Eqxlz9YK9KgbaTMBssq3/BgdWY=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5",
+        "rev": "02fea408f27186f139153e1ae88f8ab2abd9c22c",
        "type": "github"
      },
      "original": {
@ -115,11 +282,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1666812839,
+        "lastModified": 1690133435,
-        "narHash": "sha256-0nBDgjPU+iDsvz89W+cDEyhnFGSwCJmwDl/gMGqYiU0=",
+        "narHash": "sha256-YNZiefETggroaTLsLJG2M+wpF0pJPwiauKG4q48ddNU=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "41f3518bc194389df22a3d198215eae75e6b5ab9",
+        "rev": "b1171de4d362c022130c92d7c8adc4bf2b83d586",
        "type": "github"
      },
      "original": {
@ -130,27 +297,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1639237670,
+        "lastModified": 1690179384,
-        "narHash": "sha256-RTdL4rEQcgaZGpvtDgkp3oK/V+1LM3I53n0ACPSroAQ=",
+        "narHash": "sha256-+arbgqFTAtoeKtepW9wCnA0njCOyoiDFyl0Q0SBSOtE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "edfb969386ebe6c3cf8f878775a7975cd88f926d",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "master",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1666959691,
        "narHash": "sha256-TRpWA3t8ata79HOGtFd5dDCl1kJQmIE16PDF53/Hcxo=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "448a599c49978c2794401bfc3a2e1fba1a8663be",
+        "rev": "b12803b6d90e2e583429bb79b859ca53c348b39a",
        "type": "github"
      },
      "original": {
@ -160,28 +311,45 @@
        "type": "github"
      }
    },
-    "nixpkgs_3": {
+    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1660318005,
+        "lastModified": 1689605451,
-        "narHash": "sha256-g9WCa9lVUmOV6dYRbEPjv/TLOR5hamjeCcKExVGS3OQ=",
+        "narHash": "sha256-u2qp2k9V1smCfk6rdUcgMKvBj3G9jVvaPHyeXinjN9E=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "5c211b47aeadcc178c5320afd4e74c7eed5c389f",
+        "rev": "53657afe29748b3e462f1f892287b7e254c26d77",
        "type": "github"
      },
      "original": {
-        "id": "nixpkgs",
+        "owner": "NixOS",
-        "ref": "nixos-22.05",
+        "ref": "nixos-23.05",
-        "type": "indirect"
+        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "null-ls-nvim-src": {
      "flake": false,
      "locked": {
        "lastModified": 1688652536,
        "narHash": "sha256-6KJtj9pbvBm6fOVpnyzO2fEVC+cVrw2XtZHOgq9ieIw=",
        "owner": "jose-elias-alvarez",
        "repo": "null-ls.nvim",
        "rev": "db09b6c691def0038c456551e4e2772186449f35",
        "type": "github"
      },
      "original": {
        "owner": "jose-elias-alvarez",
        "repo": "null-ls.nvim",
        "type": "github"
      }
    },
    "nur": {
      "locked": {
-        "lastModified": 1667025500,
+        "lastModified": 1690247650,
-        "narHash": "sha256-88akaieCIrqta3Uyha7Zv3FJWzKJebb2BrOdZba1zdI=",
+        "narHash": "sha256-xasDfDeXnR9PgUhOEzjn1NrvAcqloEgoNFUcQjv20Wg=",
        "owner": "nix-community",
        "repo": "nur",
-        "rev": "21dd192519af12a01f1348bbfa86cde47f7aa392",
+        "rev": "ed0946320360d3a08404d93077c0847c176d4da0",
        "type": "github"
      },
      "original": {
@ -190,30 +358,201 @@
        "type": "github"
      }
    },
    "nvim-lspconfig-src": {
      "flake": false,
      "locked": {
        "lastModified": 1675639052,
        "narHash": "sha256-B8IgpypxzCACZ5VcqM6KiWyClaN+KrmemtkwMznmj5Y=",
        "owner": "neovim",
        "repo": "nvim-lspconfig",
        "rev": "255e07ce2a05627d482d2de77308bba51b90470c",
        "type": "github"
      },
      "original": {
        "owner": "neovim",
        "ref": "v0.1.6",
        "repo": "nvim-lspconfig",
        "type": "github"
      }
    },
    "nvim-tree-lua-src": {
      "flake": false,
      "locked": {
        "lastModified": 1690096369,
        "narHash": "sha256-aLw0ysDIJWOP2x1XppaHBmmRYfL4IzM5xQ+1WuW0QLM=",
        "owner": "kyazdani42",
        "repo": "nvim-tree.lua",
        "rev": "273c1700eb68c27dce4e518efafc8144fd7ce4ab",
        "type": "github"
      },
      "original": {
        "owner": "kyazdani42",
        "repo": "nvim-tree.lua",
        "type": "github"
      }
    },
    "nvim-treesitter-src": {
      "flake": false,
      "locked": {
        "lastModified": 1681121236,
        "narHash": "sha256-iPsPDLhVKJ14iP1/2cCgcY9SCKK/DQz9Y0mQB1DqNiM=",
        "owner": "nvim-treesitter",
        "repo": "nvim-treesitter",
        "rev": "cc360a9beb1b30d172438f640e2c3450358c4086",
        "type": "github"
      },
      "original": {
        "owner": "nvim-treesitter",
        "ref": "v0.9.0",
        "repo": "nvim-treesitter",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "Comment-nvim-src": "Comment-nvim-src",
        "baleia-nvim-src": "baleia-nvim-src",
        "bufferline-nvim-src": "bufferline-nvim-src",
        "cmp-nvim-lsp-src": "cmp-nvim-lsp-src",
        "darwin": "darwin",
        "disko": "disko",
        "firefox-darwin": "firefox-darwin",
        "home-manager": "home-manager",
        "nil": "nil",
        "nix2vim": "nix2vim",
        "nixos-generators": "nixos-generators",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
        "null-ls-nvim-src": "null-ls-nvim-src",
        "nur": "nur",
        "nvim-lspconfig-src": "nvim-lspconfig-src",
        "nvim-tree-lua-src": "nvim-tree-lua-src",
        "nvim-treesitter-src": "nvim-treesitter-src",
        "telescope-nvim-src": "telescope-nvim-src",
        "telescope-project-nvim-src": "telescope-project-nvim-src",
        "toggleterm-nvim-src": "toggleterm-nvim-src",
        "vscode-terraform-snippets": "vscode-terraform-snippets",
        "wallpapers": "wallpapers",
        "wsl": "wsl"
      }
    },
-    "utils": {
+    "rust-overlay": {
      "inputs": {
        "flake-utils": [
          "nil",
          "flake-utils"
        ],
        "nixpkgs": [
          "nil",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1659877975,
+        "lastModified": 1680488274,
-        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "narHash": "sha256-0vYMrZDdokVmPQQXtFpnqA2wEgCCUXf5a3dDuDVshn0=",
-        "owner": "numtide",
+        "owner": "oxalica",
-        "repo": "flake-utils",
+        "repo": "rust-overlay",
-        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "rev": "7ec2ff598a172c6e8584457167575b3a1a5d80d8",
        "type": "github"
      },
      "original": {
-        "owner": "numtide",
+        "owner": "oxalica",
-        "repo": "flake-utils",
+        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "telescope-nvim-src": {
      "flake": false,
      "locked": {
        "lastModified": 1686302912,
        "narHash": "sha256-fV3LLRwAPykVGc4ImOnUSP+WTrPp9Ad9OTfBJ6wqTMk=",
        "owner": "nvim-telescope",
        "repo": "telescope.nvim",
        "rev": "776b509f80dd49d8205b9b0d94485568236d1192",
        "type": "github"
      },
      "original": {
        "owner": "nvim-telescope",
        "ref": "0.1.2",
        "repo": "telescope.nvim",
        "type": "github"
      }
    },
    "telescope-project-nvim-src": {
      "flake": false,
      "locked": {
        "lastModified": 1682606566,
        "narHash": "sha256-H6lrPjpOUVleKHB0ziI+6dthg9ymitHhEWtcgYJTrKo=",
        "owner": "nvim-telescope",
        "repo": "telescope-project.nvim",
        "rev": "7c64b181dd4e72deddcf6f319e3bf1e95b2a2f30",
        "type": "github"
      },
      "original": {
        "owner": "nvim-telescope",
        "repo": "telescope-project.nvim",
        "type": "github"
      }
    },
    "toggleterm-nvim-src": {
      "flake": false,
      "locked": {
        "lastModified": 1685434104,
        "narHash": "sha256-oiCnBrvft6XxiQtQH8E4F842xhh348SaTpHzaeb+iDY=",
        "owner": "akinsho",
        "repo": "toggleterm.nvim",
        "rev": "95204ece0f2a54c89c4395295432f9aeedca7b5f",
        "type": "github"
      },
      "original": {
        "owner": "akinsho",
        "ref": "v2.7.0",
        "repo": "toggleterm.nvim",
        "type": "github"
      }
    },
    "vscode-terraform-snippets": {
      "flake": false,
      "locked": {
        "lastModified": 1614849738,
        "narHash": "sha256-v392tyzXV+zyBNt5OCB2NBCK7JcByrTa5Ne/nFtSCJI=",
        "owner": "run-at-scale",
        "repo": "vscode-terraform-doc-snippets",
        "rev": "6ab3e44b566e660f38922cf908e6e547eaa5d4b4",
        "type": "github"
      },
      "original": {
        "owner": "run-at-scale",
        "repo": "vscode-terraform-doc-snippets",
        "type": "github"
      }
    },
@ -236,15 +575,15 @@
    "wsl": {
      "inputs": {
        "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_3",
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1666720338,
+        "lastModified": 1690187332,
-        "narHash": "sha256-7V91ZtTz7zDXb6hivktQ9RlBglP+WEkYFSciPJHwMJw=",
+        "narHash": "sha256-8iyH0LXszole3kUjPfg4S8uprJ0RGDQbZLyBvKFiQ3s=",
        "owner": "nix-community",
        "repo": "NixOS-WSL",
-        "rev": "7bfb8f5aa91fee30a189eae32cda8ddc465076df",
+        "rev": "01112baf546b5577038e2a422a5215eedd9bc84b",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -16,18 +16,27 @@
    # Used for Windows Subsystem for Linux compatibility
    wsl.url = "github:nix-community/NixOS-WSL";
-    # Used for user packages
+    # Used for user packages and dotfiles
    home-manager = {
      url = "github:nix-community/home-manager/master";
      inputs.nixpkgs.follows =
-        "nixpkgs"; # Use system packages list where available
+        "nixpkgs"; # Use system packages list for their inputs
    };
    # Community packages; used for Firefox extensions
    nur.url = "github:nix-community/nur";
    # Use official Firefox binary for macOS
-    firefox-darwin.url = "github:bandithedoge/nixpkgs-firefox-darwin";
+    firefox-darwin = {
      url = "github:bandithedoge/nixpkgs-firefox-darwin";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Manage disk format and partitioning
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Wallpapers
    wallpapers = {
@ -41,22 +50,108 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Convert Nix to Neovim config
    nix2vim = {
      url = "github:gytis-ivaskevicius/nix2vim";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Nix language server
    nil = {
      url = "github:oxalica/nil/2023-04-03";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Neovim plugins
    nvim-lspconfig-src = {
      url = "github:neovim/nvim-lspconfig/v0.1.6";
      flake = false;
    };
    cmp-nvim-lsp-src = {
      url = "github:hrsh7th/cmp-nvim-lsp";
      flake = false;
    };
    null-ls-nvim-src = {
      url = "github:jose-elias-alvarez/null-ls.nvim";
      flake = false;
    };
    baleia-nvim-src = {
      url = "github:m00qek/baleia.nvim";
      flake = false;
    };
    Comment-nvim-src = {
      url = "github:numToStr/Comment.nvim/v0.8.0";
      flake = false;
    };
    nvim-treesitter-src = {
      url = "github:nvim-treesitter/nvim-treesitter/v0.9.0";
      flake = false;
    };
    telescope-nvim-src = {
      url = "github:nvim-telescope/telescope.nvim/0.1.2";
      flake = false;
    };
    telescope-project-nvim-src = {
      url = "github:nvim-telescope/telescope-project.nvim";
      flake = false;
    };
    toggleterm-nvim-src = {
      url = "github:akinsho/toggleterm.nvim/v2.7.0";
      flake = false;
    };
    bufferline-nvim-src = {
      url = "github:akinsho/bufferline.nvim/v4.2.0";
      flake = false;
    };
    nvim-tree-lua-src = {
      url = "github:kyazdani42/nvim-tree.lua";
      flake = false;
    };
    vscode-terraform-snippets = {
      url = "github:run-at-scale/vscode-terraform-doc-snippets";
      flake = false;
    };
  };
-  outputs = { self, nixpkgs, ... }@inputs:
+  outputs = { nixpkgs, ... }@inputs:
    let
      # Global configuration for my systems
-      globals = rec {
+      globals = let baseName = "masu.rs";
      in rec {
        user = "noah";
        fullName = "Noah Masur";
        gitName = fullName;
        gitEmail = "7386960+nmasur@users.noreply.github.com";
-        mailServer = "noahmasur.com";
+        mail.server = "noahmasur.com";
-        dotfilesRepo = "git@github.com:nmasur/dotfiles";
+        mail.imapHost = "imap.purelymail.com";
        mail.smtpHost = "smtp.purelymail.com";
        dotfilesRepo = "https://github.com/nmasur/dotfiles";
        hostnames = {
          git = "git.${baseName}";
          metrics = "metrics.${baseName}";
          prometheus = "prom.${baseName}";
          secrets = "vault.${baseName}";
          stream = "stream.${baseName}";
          content = "cloud.${baseName}";
          books = "books.${baseName}";
          download = "download.${baseName}";
        };
      };
      # Common overlays to always use
      overlays = [
        inputs.nur.overlay
        inputs.nix2vim.overlay
        (import ./overlays/neovim-plugins.nix inputs)
        (import ./overlays/calibre-web.nix)
        (import ./overlays/disko.nix inputs)
        (import ./overlays/tree-sitter.nix inputs)
        (import ./overlays/betterlockscreen.nix)
      ];
      # System types to support.
      supportedSystems =
        [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
@ -66,37 +161,64 @@
    in rec {
      # Contains my full system builds, including home-manager
      # nixos-rebuild switch --flake .#tempest
      nixosConfigurations = {
-        desktop = import ./hosts/desktop { inherit inputs globals; };
+        tempest = import ./hosts/tempest { inherit inputs globals overlays; };
-        wsl = import ./hosts/wsl { inherit inputs globals; };
+        hydra = import ./hosts/hydra { inherit inputs globals overlays; };
-        oracle = import ./hosts/oracle { inherit inputs globals; };
+        flame = import ./hosts/flame { inherit inputs globals overlays; };
        swan = import ./hosts/swan { inherit inputs globals overlays; };
      };
      # Contains my full Mac system builds, including home-manager
      # darwin-rebuild switch --flake .#lookingglass
      darwinConfigurations = {
-        macbook = import ./hosts/macbook { inherit inputs globals; };
+        lookingglass =
          import ./hosts/lookingglass { inherit inputs globals overlays; };
      };
-      # For quickly applying local settings with:
+      # For quickly applying home-manager settings with:
-      # home-manager switch --flake .#desktop
+      # home-manager switch --flake .#tempest
      homeConfigurations = {
-        desktop =
+        tempest =
-          nixosConfigurations.desktop.config.home-manager.users.${globals.user}.home;
+          nixosConfigurations.tempest.config.home-manager.users.${globals.user}.home;
-        macbook =
+        lookingglass =
-          darwinConfigurations.macbook.config.home-manager.users."Noah.Masur".home;
+          darwinConfigurations.lookingglass.config.home-manager.users."Noah.Masur".home;
      };
-      # Package servers into images with a generator
+      # Disk formatting, only used once
-      packages.aws = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ]
+      diskoConfigurations = { root = import ./disks/root.nix; };
        (system: {
          "${system}" = import ./hosts/aws { inherit inputs globals system; };
        });
      packages = let
        aws = system:
          import ./hosts/aws { inherit inputs globals overlays system; };
        staff = system:
          import ./hosts/staff { inherit inputs globals overlays system; };
        neovim = system:
          let pkgs = import nixpkgs { inherit system overlays; };
          in import ./modules/common/neovim/package {
            inherit pkgs;
            colors = (import ./colorscheme/gruvbox-dark).dark;
          };
      in {
        x86_64-linux.aws = aws "x86_64-linux";
        x86_64-linux.staff = staff "x86_64-linux";
        # Package Neovim config into standalone package
        x86_64-linux.neovim = neovim "x86_64-linux";
        x86_64-darwin.neovim = neovim "x86_64-darwin";
        aarch64-linux.neovim = neovim "aarch64-linux";
        aarch64-darwin.neovim = neovim "aarch64-darwin";
      };
      # Programs that can be run by calling this flake
      apps = forAllSystems (system:
-        let pkgs = import nixpkgs { inherit system; };
+        let pkgs = import nixpkgs { inherit system overlays; };
        in import ./apps { inherit pkgs; });
      # Development environments
      devShells = forAllSystems (system:
-        let pkgs = import nixpkgs { inherit system; };
+        let pkgs = import nixpkgs { inherit system overlays; };
        in {
          # Used to run commands and edit files in this repo
@ -104,23 +226,6 @@
            buildInputs = with pkgs; [ git stylua nixfmt shfmt shellcheck ];
          };
          # Used for cloud and systems development and administration
          devops = pkgs.mkShell {
            buildInputs = with pkgs; [
              git
              terraform
              consul
              vault
              awscli2
              google-cloud-sdk
              ansible
              kubectl
              kubernetes-helm
              kustomize
              fluxcd
            ];
          };
        });
      # Templates for starting other projects quickly
--- a/hosts/README.md
+++ b/hosts/README.md
@ -0,0 +1,12 @@
 # Hosts
 | Host                                       | Purpose             |
 | ---                                        | ---                 |
 | [aws](./aws/default.nix)                   | AWS AMI             |
 | [staff](./staff/default.nix)               | Live USB stick      |
 | [flame](./flame/default.nix)               | Oracle cloud server |
 | [hydra](./hydra/default.nix)               | WSL config          |
 | [lookingglass](./lookingglass/default.nix) | Work MacBook        |
 | [swan](./swan/default.nix)                 | Home server         |
 | [tempest](./tempest/default.nix)           | Linux desktop       |
--- a/hosts/aws/default.nix
+++ b/hosts/aws/default.nix
@ -1,13 +1,12 @@
-{ inputs, globals, ... }:
+{ inputs, system, globals, overlays, ... }:
-with inputs;
+inputs.nixos-generators.nixosGenerate {
 nixos-generators.nixosGenerate {
  inherit system;
  format = "amazon";
  modules = [
-    home-manager.nixosModules.home-manager
+    inputs.home-manager.nixosModules.home-manager
    {
      nixpkgs.overlays = overlays;
      user = globals.user;
      fullName = globals.fullName;
      dotfilesRepo = globals.dotfilesRepo;
@ -15,16 +14,16 @@ nixos-generators.nixosGenerate {
      gitEmail = globals.gitEmail;
      networking.hostName = "sheep";
      gui.enable = false;
-      colorscheme = (import ../modules/colorscheme/gruvbox);
+      theme.colors = (import ../../colorscheme/gruvbox).dark;
      passwordHash = null;
      publicKey =
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
      # AWS settings require this
      permitRootLogin = "prohibit-password";
    }
-    ../../hosts/common.nix
+    ../../modules/common
    ../../modules/nixos
-    ../../modules/services/sshd.nix
+    ../../modules/nixos/services/sshd.nix
  ] ++ [
    # Required to fix diskSize errors during build
    ({ ... }: { amazonImage.sizeMB = 16 * 1024; })
--- a/hosts/aws/workflow.yml
+++ b/hosts/aws/workflow.yml
@ -1,7 +1,6 @@
 name: 'Terraform'
 env:
  AWS_ACCOUNT_NUMBER: ''
  AWS_PLAN_ROLE_NAME: github_actions_plan
  AWS_APPLY_ROLE_NAME: github_actions_admin
@ -82,15 +81,14 @@ jobs:
      # Downloads the current repo code to the runner.
      - name: Checkout Repo Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
-      # Install Nix
+      # Enable access to KVM, required to build an image
-      - name: Install Nix
+      - name: Enable KVM group perms
-        uses: cachix/install-nix-action@v17
+        run: |
-
+            echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
-      # Build the image
+            sudo udevadm control --reload-rules
-      - name: Build Image
+            sudo udevadm trigger --name-match=kvm
        run: nix build .#aws
      # Login to AWS
      - name: AWS Assume Role
@ -99,6 +97,28 @@ jobs:
          role-to-assume: ${{ env.AWS_ROLE_ARN }}
          aws-region: ${{ env.AWS_REGION }}
      # Install Nix
      - name: Install Nix
        uses: cachix/install-nix-action@v17
        with:
          extra_nix_config: |
            substituters = s3://insert-cache-bucket https://cache.nixos.org/
            trusted-public-keys = insert-cache-bucket:M6PsZjHXcLvbQyPUBLICKEYGVoNwI84g1FBQzouRU= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
      # Build the image
      - name: Build Image
        run: nix build .#aws
      # Copy the image to S3
      - name: Upload Image to Cache
        env:
          NIX_CACHE_PRIVATE_KEY: ${{ secrets.NIX_CACHE_PRIVATE_KEY }}
        run: |
          echo "$NIX_CACHE_PRIVATE_KEY" > cache.key
          nix store sign --key-file cache.key $(readlink result)
          nix copy --to s3://t2-aws-nixos-test $(readlink result)
          rm cache.key
      # Exports all GitHub Secrets as environment variables prefixed by
      # "TF_VAR_", which exposes them to Terraform. The name of each GitHub
      # Secret must match its Terraform variable name exactly.
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@ -1,48 +0,0 @@
 { inputs, globals, ... }:
 with inputs;
 # System configuration for my desktop
 nixpkgs.lib.nixosSystem {
  system = "x86_64-linux";
  specialArgs = { };
  modules = [
    globals
    home-manager.nixosModules.home-manager
    {
      networking.hostName = "desktop";
      nixpkgs.overlays = [ nur.overlay ];
      # Set registry to flake packages, used for nix X commands
      nix.registry.nixpkgs.flake = nixpkgs;
      identityFile = "/home/${globals.user}/.ssh/id_ed25519";
      gui.enable = true;
      theme = {
        colors = (import ../../modules/colorscheme/gruvbox).dark;
        dark = true;
      };
      wallpaper = "${wallpapers}/gruvbox/road.jpg";
      gtk.theme.name = nixpkgs.lib.mkDefault "Adwaita-dark";
      passwordHash = nixpkgs.lib.fileContents ../../private/password.sha512;
    }
    ./hardware-configuration.nix
    ../common.nix
    ../../modules/hardware
    ../../modules/nixos
    ../../modules/graphical
    ../../modules/applications/media.nix
    ../../modules/applications/firefox.nix
    ../../modules/applications/kitty.nix
    ../../modules/applications/1password.nix
    ../../modules/applications/discord.nix
    ../../modules/applications/nautilus.nix
    ../../modules/applications/obsidian.nix
    ../../modules/mail
    ../../modules/gaming/steam.nix
    ../../modules/gaming/legendary.nix
    ../../modules/repositories/notes.nix
    ../../modules/services/keybase.nix
    ../../modules/services/mullvad.nix
    ../../modules/programming/nix.nix
  ];
 }
--- a/hosts/desktop/hardware-configuration.nix
+++ b/hosts/desktop/hardware-configuration.nix
@ -1,30 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot.initrd.availableKernelModules =
    [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" = {
    device = "/dev/disk/by-label/nixos";
    fsType = "ext4";
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-label/boot";
    fsType = "vfat";
  };
  swapDevices = [ ];
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode =
    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/flame/default.nix
+++ b/hosts/flame/default.nix
@ -0,0 +1,112 @@
 # The Flame
 # System configuration for an Oracle free server
 # How to install:
 # https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
 { inputs, globals, overlays, ... }:
 inputs.nixpkgs.lib.nixosSystem {
  system = "aarch64-linux";
  specialArgs = { };
  modules = [
    globals
    inputs.home-manager.nixosModules.home-manager
    ../../modules/common
    ../../modules/nixos
    {
      nixpkgs.overlays = overlays;
      # Hardware
      server = true;
      networking.hostName = "flame";
      imports = [ (inputs.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ];
      boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ];
      fileSystems."/" = {
        device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
        fsType = "ext4";
      };
      fileSystems."/boot" = {
        device = "/dev/disk/by-uuid/D5CA-237A";
        fsType = "vfat";
      };
      # Theming
      gui.enable = false;
      theme = { colors = (import ../../colorscheme/gruvbox).dark; };
      # Disable passwords, only use SSH key
      publicKey =
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
      # Programs and services
      cloudflare.enable = true; # Proxy traffic with Cloudflare
      dotfiles.enable = true; # Clone dotfiles
      neovim.enable = true;
      services.caddy.enable = true;
      services.grafana.enable = true;
      services.openssh.enable = true;
      services.victoriametrics.enable = true;
      services.gitea.enable = true;
      services.vaultwarden.enable = true;
      services.minecraft-server.enable = true; # Setup Minecraft server
      cloudflareTunnel = {
        enable = true;
        id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
        credentialsFile = ../../private/cloudflared-flame.age;
        ca =
          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
      };
      giteaRunner.enable = true;
      # Nextcloud backup config
      backup.s3 = {
        endpoint = "s3.us-west-002.backblazeb2.com";
        bucket = "noahmasur-backup";
        accessKeyId = "0026b0e73b2e2c80000000005";
      };
      # # Grant access to Jellyfin directories from Nextcloud
      # users.users.nextcloud.extraGroups = [ "jellyfin" ];
      # # Wireguard config for Transmission
      # wireguard.enable = true;
      # networking.wireguard.interfaces.wg0 = {
      #
      #   # The local IPs for this machine within the Wireguard network
      #   # Any inbound traffic bound for these IPs should be kept on localhost
      #   ips = [ "10.66.13.200/32" "fc00:bbbb:bbbb:bb01::3:dc7/128" ];
      #
      #   peers = [{
      #
      #     # Identity of Wireguard target peer (VPN)
      #     publicKey = "bOOP5lIjqCdDx5t+mP/kEcSbHS4cZqE0rMlBI178lyY=";
      #
      #     # The public internet address of the target peer
      #     endpoint = "86.106.143.132:51820";
      #
      #     # Which outgoing IP ranges should be sent through Wireguard
      #     allowedIPs = [ "0.0.0.0/0" "::0/0" ];
      #
      #     # Send heartbeat signal within the network
      #     persistentKeepalive = 25;
      #
      #   }];
      #
      # };
      # # VPN port forwarding
      # services.transmission.settings.peer-port = 57599;
      # # Grant access to Transmission directories from Jellyfin
      # users.users.jellyfin.extraGroups = [ "transmission" ];
    }
  ];
 }
--- a/hosts/hydra/default.nix
+++ b/hosts/hydra/default.nix
@ -0,0 +1,46 @@
 # The Hydra
 # System configuration for WSL
 { inputs, globals, overlays, ... }:
 inputs.nixpkgs.lib.nixosSystem {
  system = "x86_64-linux";
  specialArgs = { };
  modules = [
    ../../modules/common
    ../../modules/nixos
    ../../modules/wsl
    globals
    inputs.wsl.nixosModules.wsl
    inputs.home-manager.nixosModules.home-manager
    {
      networking.hostName = "hydra";
      nixpkgs.overlays = overlays;
      identityFile = "/home/${globals.user}/.ssh/id_ed25519";
      gui.enable = false;
      theme = {
        colors = (import ../../colorscheme/gruvbox).dark;
        dark = true;
      };
      passwordHash = inputs.nixpkgs.lib.fileContents ../../password.sha512;
      wsl = {
        enable = true;
        wslConf.automount.root = "/mnt";
        defaultUser = globals.user;
        startMenuLaunchers = true;
        nativeSystemd = true;
        wslConf.network.generateResolvConf = true; # Turn off if it breaks VPN
        interop.includePath =
          false; # Including Windows PATH will slow down Neovim command mode
      };
      neovim.enable = true;
      mail.enable = true;
      mail.aerc.enable = true;
      mail.himalaya.enable = true;
      dotfiles.enable = true;
      nixlang.enable = true;
      lua.enable = true;
    }
  ];
 }
--- a/hosts/lookingglass/default.nix
+++ b/hosts/lookingglass/default.nix
@ -0,0 +1,46 @@
 # The Looking Glass
 # System configuration for my work Macbook
 { inputs, globals, overlays, ... }:
 inputs.darwin.lib.darwinSystem {
  system = "x86_64-darwin";
  specialArgs = { };
  modules = [
    ../../modules/common
    ../../modules/darwin
    (globals // rec {
      user = "Noah.Masur";
      gitName = "Noah-Masur_1701";
      gitEmail = "${user}@take2games.com";
    })
    inputs.home-manager.darwinModules.home-manager
    {
      nixpkgs.overlays = [ inputs.firefox-darwin.overlay ] ++ overlays;
      networking.hostName = "lookingglass";
      identityFile = "/Users/Noah.Masur/.ssh/id_ed25519";
      gui.enable = true;
      theme = {
        colors = (import ../../colorscheme/gruvbox-dark).dark;
        dark = true;
      };
      mail.user = globals.user;
      charm.enable = true;
      neovim.enable = true;
      mail.enable = true;
      mail.aerc.enable = true;
      mail.himalaya.enable = false;
      kitty.enable = true;
      discord.enable = true;
      firefox.enable = true;
      dotfiles.enable = true;
      nixlang.enable = true;
      terraform.enable = true;
      python.enable = true;
      lua.enable = true;
      kubernetes.enable = true;
      _1password.enable = true;
      slack.enable = true;
    }
  ];
 }
--- a/hosts/macbook/default.nix
+++ b/hosts/macbook/default.nix
@ -1,43 +0,0 @@
 { inputs, globals, ... }:
 with inputs;
 # System configuration for my work MacBook
 darwin.lib.darwinSystem {
  system = "x86_64-darwin";
  specialArgs = { };
  modules = [
    (globals // {
      user = "Noah.Masur";
      gitName = "Noah-Masur_1701";
      gitEmail = "Noah.Masur@take2games.com";
    })
    home-manager.darwinModules.home-manager
    {
      identityFile = "/Users/Noah.Masur/.ssh/id_ed25519";
      gui.enable = true;
      theme = {
        colors = (import ../../modules/colorscheme/gruvbox).dark;
        dark = true;
      };
      mailUser = globals.user;
      networking.hostName = "noah-masur-mac";
      nixpkgs.overlays = [ nur.overlay firefox-darwin.overlay ];
      # Set registry to flake packages, used for nix X commands
      nix.registry.nixpkgs.flake = nixpkgs;
    }
    ../common.nix
    ../../modules/darwin
    ../../modules/mail
    ../../modules/applications/alacritty.nix
    ../../modules/applications/kitty.nix
    ../../modules/applications/discord.nix
    ../../modules/applications/firefox.nix
    ../../modules/repositories/notes.nix
    ../../modules/programming/nix.nix
    ../../modules/programming/terraform.nix
    ../../modules/programming/python.nix
    ../../modules/programming/lua.nix
    ../../modules/programming/kubernetes.nix
  ];
 }
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@ -1,90 +0,0 @@
 { inputs, globals, ... }:
 with inputs;
 # System configuration for an Oracle free server
 # How to install:
 # https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
 nixpkgs.lib.nixosSystem {
  system = "aarch64-linux";
  specialArgs = { };
  modules = [
    (removeAttrs globals [ "mailServer" ])
    home-manager.nixosModules.home-manager
    {
      gui.enable = false;
      colorscheme = (import ../../modules/colorscheme/gruvbox);
      # FQDNs for various services
      networking.hostName = "oracle";
      bookServer = "books.masu.rs";
      streamServer = "stream.masu.rs";
      nextcloudServer = "cloud.masu.rs";
      transmissionServer = "download.masu.rs";
      metricsServer = "metrics.masu.rs";
      vaultwardenServer = "vault.masu.rs";
      giteaServer = "git.masu.rs";
      # Disable passwords, only use SSH key
      publicKey =
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
      # Nextcloud backup config
      backupS3 = {
        endpoint = "s3.us-west-002.backblazeb2.com";
        bucket = "noahmasur-backup";
        accessKeyId = "0026b0e73b2e2c80000000005";
      };
      # Grant access to Jellyfin directories from Nextcloud
      users.users.nextcloud.extraGroups = [ "jellyfin" ];
      # Wireguard config for Transmission
      networking.wireguard.interfaces.wg0 = {
        # The local IPs for this machine within the Wireguard network
        # Any inbound traffic bound for these IPs should be kept on localhost
        ips = [ "10.66.13.200/32" "fc00:bbbb:bbbb:bb01::3:dc7/128" ];
        peers = [{
          # Identity of Wireguard target peer (VPN)
          publicKey = "bOOP5lIjqCdDx5t+mP/kEcSbHS4cZqE0rMlBI178lyY=";
          # The public internet address of the target peer
          endpoint = "86.106.143.132:51820";
          # Which outgoing IP ranges should be sent through Wireguard
          allowedIPs = [ "0.0.0.0/0" "::0/0" ];
          # Send heartbeat signal within the network
          persistentKeepalive = 25;
        }];
      };
      # VPN port forwarding
      services.transmission.settings.peer-port = 57599;
      # Grant access to Transmission directories from Jellyfin
      users.users.jellyfin.extraGroups = [ "transmission" ];
    }
    ./hardware-configuration.nix
    ../common.nix
    ../../modules/nixos
    ../../modules/hardware/server.nix
    ../../modules/services/sshd.nix
    ../../modules/services/calibre.nix
    ../../modules/services/jellyfin.nix
    ../../modules/services/nextcloud.nix
    ../../modules/services/cloudflare.nix
    ../../modules/services/transmission.nix
    ../../modules/services/prometheus.nix
    ../../modules/services/vaultwarden.nix
    ../../modules/services/gitea.nix
    ../../modules/gaming/minecraft-server.nix
  ];
 }
--- a/hosts/oracle/hardware-configuration.nix
+++ b/hosts/oracle/hardware-configuration.nix
@ -1,34 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
    fsType = "ext4";
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/D5CA-237A";
    fsType = "vfat";
  };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
 }
--- a/hosts/staff/default.nix
+++ b/hosts/staff/default.nix
@ -0,0 +1,43 @@
 # The Staff
 # ISO configuration for my USB drive
 { inputs, system, overlays, ... }:
 inputs.nixos-generators.nixosGenerate {
  inherit system;
  format = "install-iso";
  modules = [{
    nixpkgs.overlays = overlays;
    networking.hostName = "staff";
    users.extraUsers.root.openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"
    ];
    services.openssh = {
      enable = true;
      ports = [ 22 ];
      allowSFTP = true;
      settings = {
        GatewayPorts = "no";
        X11Forwarding = false;
        PasswordAuthentication = false;
        PermitRootLogin = "yes";
      };
    };
    environment.systemPackages =
      let pkgs = import inputs.nixpkgs { inherit system overlays; };
      in with pkgs; [
        git
        vim
        wget
        curl
        (import ../../modules/common/neovim/package {
          inherit pkgs;
          colors = (import ../../colorscheme/gruvbox).dark;
        })
      ];
    nix.extraOptions = ''
      experimental-features = nix-command flakes
      warn-dirty = false
    '';
  }];
 }
--- a/hosts/swan/default.nix
+++ b/hosts/swan/default.nix
@ -0,0 +1,85 @@
 # The Swan
 # System configuration for my home NAS server
 { inputs, globals, overlays, ... }:
 inputs.nixpkgs.lib.nixosSystem {
  system = "x86_64-linux";
  specialArgs = { };
  modules = [
    globals
    inputs.home-manager.nixosModules.home-manager
    inputs.disko.nixosModules.disko
    ../../modules/common
    ../../modules/nixos
    {
      # Hardware
      server = true;
      physical = true;
      networking.hostName = "swan";
      boot.initrd.availableKernelModules =
        [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
      # Required for transcoding
      boot.initrd.kernelModules = [ "amdgpu" ];
      boot.kernelParams = [
        "radeon.si_support=0"
        "amdgpu.si_support=1"
        "radeon.cik_support=0"
        "amdgpu.cik_support=1"
        "amdgpu.dc=1"
      ];
      hardware.enableRedistributableFirmware = true;
      powerManagement.cpuFreqGovernor = "powersave";
      hardware.cpu.intel.updateMicrocode = true;
      # ZFS
      zfs.enable = true;
      # Generated with: head -c 8 /etc/machine-id
      networking.hostId = "600279f4"; # Random ID required for ZFS
      disko = {
        enableConfig = true;
        devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
      };
      boot.zfs.extraPools = [ "tank" ];
      gui.enable = false;
      theme = { colors = (import ../../colorscheme/gruvbox).dark; };
      nixpkgs.overlays = overlays;
      neovim.enable = true;
      cloudflare.enable = true;
      dotfiles.enable = true;
      arrs.enable = true;
      services.bind.enable = true;
      services.caddy.enable = true;
      services.jellyfin.enable = true;
      services.nextcloud.enable = true;
      services.calibre-web.enable = true;
      services.openssh.enable = true;
      services.prometheus.enable = false;
      services.vmagent.enable = true;
      services.samba.enable = true;
      cloudflareTunnel = {
        enable = true;
        id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
        credentialsFile = ../../private/cloudflared-swan.age;
        ca =
          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
      };
      backup.s3 = {
        endpoint = "s3.us-west-002.backblazeb2.com";
        bucket = "noahmasur-backup";
        accessKeyId = "0026b0e73b2e2c80000000005";
      };
      # Disable passwords, only use SSH key
      publicKey =
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
    }
  ];
 }
--- a/hosts/tempest/default.nix
+++ b/hosts/tempest/default.nix
@ -0,0 +1,110 @@
 # The Tempest
 # System configuration for my desktop
 { inputs, globals, overlays, ... }:
 inputs.nixpkgs.lib.nixosSystem {
  system = "x86_64-linux";
  modules = [
    globals
    inputs.home-manager.nixosModules.home-manager
    ../../modules/common
    ../../modules/nixos
    {
      nixpkgs.overlays = overlays;
      # Hardware
      physical = true;
      networking.hostName = "tempest";
      boot.initrd.availableKernelModules =
        [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
      boot.initrd.kernelModules = [ "amdgpu" ];
      boot.kernelModules = [ "kvm-amd" ];
      services.xserver.videoDrivers = [ "amdgpu" ];
      hardware.enableRedistributableFirmware = true;
      powerManagement.cpuFreqGovernor = "performance";
      hardware.cpu.amd.updateMicrocode = true;
      hardware.fancontrol.enable = true;
      hardware.fancontrol.config = ''
        # Configuration file generated by pwmconfig, changes will be lost
        INTERVAL=10
        DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0
        DEVNAME=hwmon0=amdgpu
        FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input
        FCFANS= hwmon0/pwm1=hwmon0/fan1_input
        MINTEMP=hwmon0/pwm1=50
        MAXTEMP=hwmon0/pwm1=70
        MINSTART=hwmon0/pwm1=100
        MINSTOP=hwmon0/pwm1=10
        MINPWM=hwmon0/pwm1=10
        MAXPWM=hwmon0/pwm1=240
      '';
      fileSystems."/" = {
        device = "/dev/disk/by-label/nixos";
        fsType = "ext4";
      };
      fileSystems."/boot" = {
        device = "/dev/disk/by-label/boot";
        fsType = "vfat";
      };
      # Must be prepared ahead
      identityFile = "/home/${globals.user}/.ssh/id_ed25519";
      passwordHash = inputs.nixpkgs.lib.fileContents ../../password.sha512;
      # Theming
      gui.enable = true;
      theme = {
        colors = (import ../../colorscheme/gruvbox-dark).dark;
        dark = true;
      };
      wallpaper = "${inputs.wallpapers}/gruvbox/road.jpg";
      gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
      # Programs and services
      charm.enable = true;
      neovim.enable = true;
      media.enable = true;
      dotfiles.enable = true;
      firefox.enable = true;
      kitty.enable = true;
      _1password.enable = true;
      discord.enable = true;
      nautilus.enable = true;
      obsidian.enable = true;
      mail.enable = true;
      mail.aerc.enable = true;
      mail.himalaya.enable = true;
      keybase.enable = true;
      mullvad.enable = false;
      nixlang.enable = true;
      yt-dlp.enable = true;
      gaming = {
        dwarf-fortress.enable = true;
        enable = true;
        steam.enable = true;
        legendary.enable = true;
        lutris.enable = true;
        leagueoflegends.enable = true;
        ryujinx.enable = true;
      };
      services.vmagent.enable = true;
      services.openssh.enable = true; # Required for Cloudflare tunnel
      cloudflareTunnel = {
        enable = true;
        id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
        credentialsFile = ../../private/cloudflared-tempest.age;
        ca =
          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
      };
      # Allows requests to force machine to wake up
      networking.interfaces.enp5s0.wakeOnLan.enable = true;
    }
  ];
 }
--- a/hosts/wsl/default.nix
+++ b/hosts/wsl/default.nix
@ -1,42 +0,0 @@
 { inputs, globals, ... }:
 with inputs;
 # System configuration for WSL
 nixpkgs.lib.nixosSystem {
  system = "x86_64-linux";
  specialArgs = { };
  modules = [
    globals
    wsl.nixosModules.wsl
    home-manager.nixosModules.home-manager
    {
      networking.hostName = "wsl";
      # Set registry to flake packages, used for nix X commands
      nix.registry.nixpkgs.flake = nixpkgs;
      identityFile = "/home/${globals.user}/.ssh/id_ed25519";
      gui.enable = false;
      theme = {
        colors = (import ../../modules/colorscheme/gruvbox).dark;
        dark = true;
      };
      passwordHash = nixpkgs.lib.fileContents ../../private/password.sha512;
      wsl = {
        enable = true;
        automountPath = "/mnt";
        defaultUser = globals.user;
        startMenuLaunchers = true;
        wslConf.network.generateResolvConf = true; # Turn off if it breaks VPN
        interop.includePath =
          false; # Including Windows PATH will slow down Neovim command mode
      };
    }
    ../common.nix
    ../../modules/wsl
    ../../modules/nixos
    ../../modules/mail
    ../../modules/repositories/notes.nix
    ../../modules/programming/nix.nix
    ../../modules/programming/lua.nix
  ];
 }
--- a/legacy/bin/biggest
+++ b/legacy/bin/biggest
@ -1,4 +0,0 @@
 #!/usr/local/bin/nu
 ls | sort-by size | reverse | keep 10
--- a/legacy/bin/biggest-files
+++ b/legacy/bin/biggest-files
@ -1,3 +0,0 @@
 #!/usr/local/bin/nu
 ls **/* | where type == File | sort-by size | reverse | keep 10
--- a/legacy/bin/docker_cleanup
+++ b/legacy/bin/docker_cleanup
@ -1,26 +0,0 @@
 #!/bin/sh
 # Stop all containers
 if [ "$(docker ps -a -q)" ]; then
    echo "Stopping docker containers..."
    docker stop "$(docker ps -a -q)"
 else
    echo "No running docker containers."
 fi
 # Remove all stopped containers
 if [ "$(docker ps -a -q)" ]; then
    echo "Removing docker containers..."
    docker rm "$(docker ps -a -q)"
 else
    echo "No stopped docker containers."
 fi
 # Remove all untagged images
 if [[ $(docker images | grep "^<none>") ]]; then
    docker rmi "$(docker images | grep "^<none>" | awk '{print $3}')"
 else
    echo "No untagged docker images."
 fi
 echo "Cleaned up docker."
--- a/legacy/bin/jira-checkout
+++ b/legacy/bin/jira-checkout
@ -1,37 +0,0 @@
 #!/bin/sh
 # Adapted from: https://seb.jambor.dev/posts/improving-shell-workflows-with-fzf/
 # Requires the following variables to be set:
 # - ATLASSIAN_EMAIL
 # - ATLASSIAN_API_TOKEN
 # - JIRA_HOSTNAME
 # - JIRA_PROJECT
 choose_issue() {
    jq_template='"\(.key): \(.fields.summary)"'
    query="project=$JIRA_PROJECT AND status not in (\"Done\") AND assignee=currentUser()"
    branch_name=$(
    curl \
      --data-urlencode "jql=$query" \
      --get \
      --user "$ATLASSIAN_EMAIL:$ATLASSIAN_API_TOKEN" \
      --silent \
      --compressed \
      "https://$JIRA_HOSTNAME/rest/api/2/search" |
      jq ".issues[] | $jq_template" |
      sed -e 's/"\(.*\)"/\1/' |
    fzf \
      --preview='jira-details {1}' \
      --preview-window=top:wrap |
    sed -e 's/: /:/' -e 's/[^a-zA-Z0-9:]/-/g' |
    awk -F ":" '{printf "%s/%s", $1, tolower($2)}'
    )
    echo "$branch_name"
 }
 issue_branch=$(choose_issue)
 if [ -n "$issue_branch" ]; then
    echo "git checkout -b \"$issue_branch\""
 fi
--- a/legacy/bin/jira-details
+++ b/legacy/bin/jira-details
@ -1,38 +0,0 @@
 #!/bin/sh
 # Adapted from: https://seb.jambor.dev/posts/improving-shell-workflows-with-fzf/
 # Requires the following variables to be set:
 # - ATLASSIAN_EMAIL
 # - ATLASSIAN_API_TOKEN
 # - JIRA_HOSTNAME
 # - JIRA_PROJECT (for other script)
 issue_details() {
    jira_key=$(echo "$1" | cut -d":" -f1)
    jq_template='"'\
 '# \(.key): \(.fields.summary)\n'\
 '\n'\
 '*Created*: \(.fields.created)\n'\
 '*Status*: \(.fields.status.statusCategory.name)\n'\
 '*Reporter*: \(.fields.reporter.displayName)\n'\
 '*Priority*: \(.fields.priority.name)\n'\
 "*Epic*: https://$JIRA_HOSTNAME/browse/\(.fields.customfield_10014)\n"\
 '\n'\
 '## Link\n\n'\
 "https://$JIRA_HOSTNAME/browse/\(.key)\n"\
 '\n'\
 '## Description\n\n'\
 '\(.fields.description)'\
 '"'
    curl \
      --get \
      --user "$ATLASSIAN_EMAIL:$ATLASSIAN_API_TOKEN" \
      --silent \
      --compressed \
      "https://$JIRA_HOSTNAME/rest/api/2/issue/$jira_key" |
    jq "$jq_template" |
    xargs printf |
    bat -l md --color always --style plain
 }
 issue_details "$1"
--- a/legacy/bin/kube-dashboard
+++ b/legacy/bin/kube-dashboard
@ -1,14 +0,0 @@
 #!/bin/sh
 kubectl -n kube-system get secret "$(
    kubectl -n kube-system get secret |
        grep dashboard-admin |
        awk '{print $1}'
 )" -o json |
    jq -j --raw-output '.data.token' |
    base64 --decode |
    pbcopy
 open http://localhost:8001/api/v1/namespaces/default/services/https:kubernetes-dashboard:https/proxy/#!/login
 kubectl proxy
--- a/legacy/bin/newest
+++ b/legacy/bin/newest
@ -1,3 +0,0 @@
 #!/usr/local/bin/nu
 ls | sort-by modified | reverse | keep 5
--- a/legacy/bin/oldest
+++ b/legacy/bin/oldest
@ -1,3 +0,0 @@
 #!/usr/local/bin/nu
 ls | sort-by modified | keep 5
--- a/legacy/bin/pod
+++ b/legacy/bin/pod
@ -1,16 +0,0 @@
 #!/usr/bin/env bash
 # Credit: https://github.com/junegunn/fzf/blob/master/ADVANCED.md
 read -ra tokens < <(
  kubectl get pods --all-namespaces |
    fzf --info=inline --layout=reverse --header-lines=1 --border \
        --prompt "$(kubectl config current-context | sed 's/-context$//')> " \
        --header $'Press CTRL-O to open log in editor\n\n' \
        --bind ctrl-/:toggle-preview \
        --bind "ctrl-o:execute:${EDITOR:-vim} <(kubectl logs --namespace {1} {2}) > /dev/tty" \
        --preview-window up,follow \
        --preview 'kubectl logs --follow --tail=100000 --namespace {1} {2}' "$@"
 )
 [ ${#tokens} -gt 1 ] &&
  kubectl exec -it --namespace "${tokens[0]}" "${tokens[1]}" -- /bin/sh
--- a/legacy/bin/symlinks
+++ b/legacy/bin/symlinks
@ -1,3 +0,0 @@
 #!/usr/local/bin/nu
 ls -al | where type == Symlink | select name target
--- a/legacy/bin/url-decode
+++ b/legacy/bin/url-decode
@ -1,5 +0,0 @@
 #!/bin/bash
 function urldecode() { : "${*//+/ }"; echo -e "${_//%/\\x}"; }
 urldecode "$@"
--- a/legacy/newsboat/com.noah.newsboat.plist
+++ b/legacy/newsboat/com.noah.newsboat.plist
@ -1,28 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
  <key>Label</key>
  <string>com.noah.newsboat</string>
  <key>ProgramArguments</key>
  <array>
    <string>/usr/local/bin/newsboat -x reload</string>
  </array>
  <key>Nice</key>
  <integer>1</integer>
  <key>StartInterval</key>
  <integer>1800</integer>
  <key>RunAtLoad</key>
  <false/>
  <key>StandardErrorPath</key>
  <string>/tmp/newsboat.err</string>
  <key>StandardOutPath</key>
  <string>/tmp/newsboat.out</string>
 </dict>
 </plist>
--- a/legacy/newsboat/config
+++ b/legacy/newsboat/config
@ -1,40 +0,0 @@
 browser "$BROWSER %u"
 prepopulate-query-feeds yes
 feed-sort-order lastupdated
 reload-only-visible-feeds yes
 text-width 72
 bind-key j down
 bind-key k up
 bind-key j next articlelist
 bind-key k prev articlelist
 bind-key G end
 bind-key g home
 bind-key d pagedown
 bind-key u pageup
 bind-key n next-unread
 bind-key p prev-unread
 bind-key ; macro-prefix
 bind-key B bookmark
 bind-key f edit-flags
 macro v set browser "mpv %u"; open-in-browser; set browser "$BROWSER %u"
 macro p set browser "echo %u"; one; set browser "$BROWSER %u"
 macro H set browser "clx view $(echo %u | cut -d '=' -f2)"; one; set browser "$BROWSER %u"
 macro h set browser "clx view $(echo %u | cut -d '=' -f2)"; two; set browser "$BROWSER %u"
 macro w set browser "w3m -o confirm_qq=false %u"; open-in-browser; set browser "$BROWSER %u"
 macro r set browser "url-markdown %u | glow -p -w 72 -"; open-in-browser; set browser "$BROWSER %u"
 macro d set browser "youtube-dl -o ~/Downloads/%(title)s.%(ext)s %u &"; open-in-browser-noninteractively; set browser "$BROWSER %u"
 macro n set-tag News; reload-all
 macro a set-tag All
 macro e set-tag Reddit; reload-all
 macro y set-tag YouTube; reload-all
 bookmark-cmd "bookmark"
 highlight article "^(Feed|Title|Author|Link|Date):.*" color243 default
 highlight article "^(Links):.*" color243 default
 highlight article "^(\\[[0-9]+\\]):.*" color243 default
 highlight article "^(\\[[0-9]+\\])" color243 default
 highlight article "^\\[.*\\]$" color243 default
 highlight article "^(Title:).*" color249 default
--- a/legacy/nix-env.fish
+++ b/legacy/nix-env.fish
@ -1,137 +0,0 @@
 # Setup Nix
 # We need to distinguish between single-user and multi-user installs.
 # This is difficult because there's no official way to do this.
 # We could look for the presence of /nix/var/nix/daemon-socket/socket but this will fail if the
 # daemon hasn't started yet. /nix/var/nix/daemon-socket will exist if the daemon has ever run, but
 # I don't think there's any protection against accidentally running `nix-daemon` as a user.
 # We also can't just look for /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh because
 # older single-user installs used the default profile instead of a per-user profile.
 # We can still check for it first, because all multi-user installs should have it, and so if it's
 # not present that's a pretty big indicator that this is a single-user install. If it does exist,
 # we still need to verify the install type. To that end we'll look for a root owner and sticky bit
 # on /nix/store. Multi-user installs set both, single-user installs don't. It's certainly possible
 # someone could do a single-user install as root and then manually set the sticky bit but that
 # would be extremely unusual.
 set -l nix_profile_path /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
 set -l single_user_profile_path ~/.nix-profile/etc/profile.d/nix.sh
 if test -e $nix_profile_path
    # The path exists. Double-check that this is a multi-user install.
    # We can't just check for ~/.nix-profile/… because this may be a single-user install running as
    # the wrong user.
    # stat is not portable. Splitting the output of ls -nd is reliable on most platforms.
    set -l owner (string split -n ' ' (command ls -nd /nix/store 2>/dev/null))[3]
    if not test -k /nix/store -a $owner -eq 0
        # /nix/store is either not owned by root or not sticky. Assume single-user.
        set nix_profile_path $single_user_profile_path
    end
 else
    # The path doesn't exist. Assume single-user
    set nix_profile_path $single_user_profile_path
 end
 if test -e $nix_profile_path
    # Source the nix setup script
    # We're going to run the regular Nix profile under bash and then print out a few variables
    for line in (command env -u BASH_ENV bash -c '. "$0"; for name in PATH "${!NIX_@}"; do printf "%s=%s\0" "$name" "${!name}"; done' $nix_profile_path | string split0)
        set -xg (string split -m 1 = $line)
    end
    # Insert Nix's fish share directories into fish's special variables.
    # nixpkgs-installed fish tries to set these up already if NIX_PROFILES is defined, which won't
    # be the case when sourcing $__fish_data_dir/share/config.fish normally, but might be for a
    # recursive invocation. To guard against that, we'll only insert paths that don't already exit.
    # Furthermore, for the vendor_conf.d sourcing, we'll use the pre-existing presence of a path in
    # $fish_function_path to determine whether we want to source the relevant vendor_conf.d folder.
    # To start, let's locally define NIX_PROFILES if it doesn't already exist.
    set -al NIX_PROFILES
    if test (count $NIX_PROFILES) -eq 0
        set -a NIX_PROFILES $HOME/.nix-profile
    end
    # Replicate the logic from nixpkgs version of $__fish_data_dir/__fish_build_paths.fish.
    set -l __nix_profile_paths (string split ' ' -- $NIX_PROFILES)[-1..1]
    set -l __extra_completionsdir \
        $__nix_profile_paths/etc/fish/completions \
        $__nix_profile_paths/share/fish/vendor_completions.d
    set -l __extra_functionsdir \
        $__nix_profile_paths/etc/fish/functions \
        $__nix_profile_paths/share/fish/vendor_functions.d
    set -l __extra_confdir \
        $__nix_profile_paths/etc/fish/conf.d \
        $__nix_profile_paths/share/fish/vendor_conf.d
    ### Configure fish_function_path ###
    # Remove any of our extra paths that may already exist.
    # Record the equivalent __extra_confdir path for any function path that exists.
    set -l existing_conf_paths
    for path in $__extra_functionsdir
        if set -l idx (contains --index -- $path $fish_function_path)
            set -e fish_function_path[$idx]
            set -a existing_conf_paths $__extra_confdir[(contains --index -- $path $__extra_functionsdir)]
        end
    end
    # Insert the paths before $__fish_data_dir.
    if set -l idx (contains --index -- $__fish_data_dir/functions $fish_function_path)
        # Fish has no way to simply insert into the middle of an array.
        set -l new_path $fish_function_path[1..$idx]
        set -e new_path[$idx]
        set -a new_path $__extra_functionsdir
        set fish_function_path $new_path $fish_function_path[$idx..-1]
    else
        set -a fish_function_path $__extra_functionsdir
    end
    ### Configure fish_complete_path ###
    # Remove any of our extra paths that may already exist.
    for path in $__extra_completionsdir
        if set -l idx (contains --index -- $path $fish_complete_path)
            set -e fish_complete_path[$idx]
        end
    end
    # Insert the paths before $__fish_data_dir.
    if set -l idx (contains --index -- $__fish_data_dir/completions $fish_complete_path)
        set -l new_path $fish_complete_path[1..$idx]
        set -e new_path[$idx]
        set -a new_path $__extra_completionsdir
        set fish_complete_path $new_path $fish_complete_path[$idx..-1]
    else
        set -a fish_complete_path $__extra_completionsdir
    end
    ### Source conf directories ###
    # The built-in directories were already sourced during shell initialization.
    # Any __extra_confdir that came from $__fish_data_dir/__fish_build_paths.fish was also sourced.
    # As explained above, we're using the presence of pre-existing paths in $fish_function_path as a
    # signal that the corresponding conf dir has also already been sourced.
    # In order to simulate this, we'll run through the same algorithm as found in
    # $__fish_data_dir/config.fish except we'll avoid sourcing the file if it comes from an
    # already-sourced location.
    # Caveats:
    # * Files will be sourced in a different order than we'd ideally do (because we're coming in
    #   after the fact to source them).
    # * If there are existing extra conf paths, files in them may have been sourced that should have
    #   been suppressed by paths we're inserting in front.
    # * Similarly any files in $__fish_data_dir/vendor_conf.d that should have been suppressed won't
    #   have been.
    set -l sourcelist
    for file in $__fish_config_dir/conf.d/*.fish $__fish_sysconf_dir/conf.d/*.fish
        # We know these paths were sourced already. Just record them.
        set -l basename (string replace -r '^.*/' '' -- $file)
        contains -- $basename $sourcelist
        or set -a sourcelist $basename
    end
    for root in $__extra_confdir
        for file in $root/*.fish
            set -l basename (string replace -r '^.*/' '' -- $file)
            contains -- $basename $sourcelist
            and continue
            set -a sourcelist $basename
            contains -- $root $existing_conf_paths
            and continue # this is a pre-existing path, it will have been sourced already
            [ -f $file -a -r $file ]
            and source $file
        end
    end
 end
--- a/legacy/scripts/configure_macos
+++ b/legacy/scripts/configure_macos
@ -1,168 +0,0 @@
 #!/bin/sh
 echo "Enable full keyboard access for all controls (e.g. enable Tab in modal dialogs)"
 defaults write NSGlobalDomain AppleKeyboardUIMode -int 3
 echo "Automatically show and hide the dock"
 defaults write com.apple.dock autohide -bool true
 echo "Automatically show and hide the menu bar"
 defaults write NSGlobalDomain _HIHideMenuBar -bool true
 echo "Make Dock icons of hidden applications translucent"
 defaults write com.apple.dock showhidden -bool true
 echo "Use current directory as default search scope in Finder"
 defaults write com.apple.finder FXDefaultSearchScope -string "SCcf"
 echo "Expand save panel by default"
 defaults write NSGlobalDomain NSNavPanelExpandedStateForSaveMode -bool true
 echo "Expand print panel by default"
 defaults write NSGlobalDomain PMPrintingExpandedStateForPrint -bool true
 echo "Disable the \"Are you sure you want to open this application?\" dialog"
 defaults write com.apple.LaunchServices LSQuarantine -bool false
 echo "Enable highlight hover effect for the grid view of a stack (Dock)"
 defaults write com.apple.dock mouse-over-hilte-stack -bool true
 echo "Enable spring loading for all Dock items"
 defaults write enable-spring-load-actions-on-all-items -bool true
 echo "Disable press-and-hold for keys in favor of key repeat"
 defaults write NSGlobalDomain ApplePressAndHoldEnabled -bool false
 defaults write -g ApplePressAndHoldEnabled -bool false
 echo "Set a blazingly fast keyboard repeat rate"
 defaults write NSGlobalDomain KeyRepeat -int 2
 echo "Set a shorter Delay until key repeat"
 defaults write NSGlobalDomain InitialKeyRepeat -int 12
 echo "Disable disk image verification"
 defaults write com.apple.frameworks.diskimages skip-verify -bool true
 defaults write com.apple.frameworks.diskimages skip-verify-locked -bool true
 defaults write com.apple.frameworks.diskimages skip-verify-remote -bool true
 echo "Avoid creating .DS_Store files on network volumes"
 defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool true
 echo "Disable the warning when changing a file extension"
 defaults write com.apple.finder FXEnableExtensionChangeWarning -bool false
 # echo "Enable snap-to-grid for desktop icons"
 # /usr/libexec/PlistBuddy -c "Set :DesktopViewSettings:IconViewSettings:arrangeBy grid" ~/Library/Preferences/com.apple.finder.plist
 echo "Disable the warning before emptying the Trash"
 defaults write com.apple.finder WarnOnEmptyTrash -bool false
 echo "Disable tap to click (Trackpad)"
 defaults write com.apple.driver.AppleBluetoothMultitouch.trackpad Clicking -bool false
 echo "Enable Safari’s debug menu"
 defaults write com.apple.Safari IncludeInternalDebugMenu -bool true
 echo "Make Safari’s search banners default to Contains instead of Starts With"
 defaults write com.apple.Safari FindOnPageMatchesWordStartsOnly -bool false
 echo "Add a context menu item for showing the Web Inspector in web views"
 defaults write NSGlobalDomain WebKitDeveloperExtras -bool true
 echo "Save to disk (not to iCloud) by default"
 defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool false
 echo "Disable automatic capitalization as it’s annoying when typing code"
 defaults write NSGlobalDomain NSAutomaticCapitalizationEnabled -bool false
 echo "Disable smart dashes as they’re annoying when typing code"
 defaults write NSGlobalDomain NSAutomaticDashSubstitutionEnabled -bool false
 echo "Disable automatic period substitution as it’s annoying when typing code"
 defaults write NSGlobalDomain NSAutomaticPeriodSubstitutionEnabled -bool false
 echo "Disable smart quotes as they’re annoying when typing code"
 defaults write NSGlobalDomain NSAutomaticQuoteSubstitutionEnabled -bool false
 echo "Disable auto-correct"
 defaults write NSGlobalDomain NSAutomaticSpellingCorrectionEnabled -bool false
 echo "Use scroll gesture with the Ctrl (^) modifier key to zoom"
 defaults write com.apple.universalaccess closeViewScrollWheelToggle -bool true
 defaults write com.apple.universalaccess HIDScrollZoomModifierMask -int 262144
 echo "Follow the keyboard focus while zoomed in"
 defaults write com.apple.universalaccess closeViewZoomFollowsFocus -bool true
 echo "Require password immediately after sleep or screen saver begins"
 defaults write com.apple.screensaver askForPassword -int 1
 defaults write com.apple.screensaver askForPasswordDelay -int 0
 echo "Save screenshots to downloads"
 defaults write com.apple.screencapture location -string "${HOME}/Downloads"
 echo "Finder: allow quitting via ⌘ + Q; doing so will also hide desktop icons"
 defaults write com.apple.finder QuitMenuItem -bool true
 echo "Show the ~/Library folder"
 chflags nohidden ~/Library && xattr -d com.apple.FinderInfo ~/Library
 # Noah Prefs
 echo "Enable dock magnification"
 defaults write com.apple.dock magnification -bool true
 echo "Set dock size"
 defaults write com.apple.dock largesize -int 48
 defaults write com.apple.dock tilesize -int 44
 echo "Choose and order dock icons"
 __dock_item() {
    printf '%s%s%s%s%s' \
           '<dict><key>tile-data</key><dict><key>file-data</key><dict>' \
           '<key>_CFURLString</key><string>' \
           "$1" \
           '</string><key>_CFURLStringType</key><integer>0</integer>' \
           '</dict></dict></dict>'
 }
 defaults write com.apple.dock persistent-apps -array \
    "$(__dock_item /Applications/1Password\ 7.app)" \
    "$(__dock_item /Applications/Slack.app)" \
    "$(__dock_item /System/Applications/Calendar.app)" \
    "$(__dock_item /Applications/Firefox.app)" \
    "$(__dock_item /System/Applications/Messages.app)" \
    "$(__dock_item /System/Applications/Mail.app)" \
    "$(__dock_item /Applications/Mimestream.app)" \
    "$(__dock_item /Applications/zoom.us.app)" \
    "$(__dock_item /Applications/Obsidian.app)" \
    "$(__dock_item /Applications/Alacritty.app)" \
    "$(__dock_item /System/Applications/System\ Preferences.app)"
 echo "No recent items in dock"
 defaults write com.apple.dock show-recents -bool FALSE
 echo "Switch to dark mode"
 defaults write "Apple Global Domain" "AppleInterfaceStyle" "Dark"
 echo "Turn on Scroll Reverser"
 open /Applications/Scroll\ Reverser.app
 osascript -e 'tell application "System Events" to make login item at end with properties {path:"/Applications/Scroll Reverser.app", hidden:false}'
 echo "Allow apps from anywhere"
 SPCTL=$(spctl --status)
 if ! [ "$SPCTL" = "assessments disabled" ]
 then
    sudo spctl --master-disable
 fi
 # ---
 echo "Reset Launchpad"
 # [ -e ~/Library/Application\ Support/Dock/*.db ] && rm ~/Library/Application\ Support/Dock/*.db
 rm ~/Library/Application\ Support/Dock/*.db
 echo "Show the ~/Library folder"
 chflags nohidden ~/Library
 # Clean up
 echo "Kill affected applications"
 for app in Safari Finder Dock Mail SystemUIServer; do killall "$app" >/dev/null 2>&1; done
--- a/legacy/scripts/npm
+++ b/legacy/scripts/npm
@ -1,5 +0,0 @@
 #!/bin/sh
 npm update -g
 npm install -g pyright
 npm install -g diagnostic-languageserver
--- a/legacy/scripts/rust
+++ b/legacy/scripts/rust
@ -1,48 +0,0 @@
 #!/bin/sh
 install_rust() {
    if ! (which ~/.cargo/bin/rustup > /dev/null)
    then
        echo "installing rustup"
        curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
    fi
    echo "rustup ✓"
 }
 update_rust() {
    ~/.cargo/bin/rustup update > /dev/null 2>&1
    rust_version=$(~/.cargo/bin/rustc --version | awk '{print $2}')
    echo "latest rust: $rust_version ✓"
 }
 download_rust_analyzer() {
    if ! (which rust-analyzer > /dev/null)
    then
        echo "downloading rust analyzer"
        rust_analyzer_bin=/usr/local/bin/rust-analyzer
        curl -s -L https://github.com/rust-analyzer/rust-analyzer/releases/latest/download/rust-analyzer-mac -o $rust_analyzer_bin
        chmod +x $rust_analyzer_bin
    fi
    echo "rust-analyzer ✓"
 }
 # cargo-edit: quickly add and remove packages
 # whatfeatures: see optional features for a package
 install_cargos() {
    set -- \
        'cargo-edit' \
        'cargo-whatfeatures'
    for program do
        cargo install "$program"
    done
    echo "cargos ✓"
 }
 install_rust
 update_rust
 download_rust_analyzer
 install_cargos
--- a/legacy/scripts/setup_cheatsheet
+++ b/legacy/scripts/setup_cheatsheet
@ -1,6 +0,0 @@
 #!/bin/sh
 echo "downloading cheatsheet"
 curl https://cht.sh/:cht.sh > ~/.local/bin/cheat
 chmod 755 ~/.local/bin/cheat
 echo "cheatsheet ✓"
--- a/legacy/scripts/setup_fish
+++ b/legacy/scripts/setup_fish
@ -1,46 +0,0 @@
 #!/usr/bin/env fish
 set -U FISH_DIR (readlink ~/.config/fish) # Used for getting to this repo
 set -Ux DOTS (dirname $FISH_DIR) # Directory of this config repo
 set -U CDPATH . $HOME # Directories available for immediate cd
 set -Ux EDITOR nvim # Preferred text editor
 set -U PROJ $HOME/dev/work # Projects directory
 set -Ux NOTES_PATH "$HOME/dev/personal/notes" # Notes directory
 set -Ux MANPAGER "nvim +Man!" # Used for reading man pages
 set -Ux DIRENV_LOG_FORMAT "" # Disable direnv output
 set -Ux BROWSER "/Applications/Firefox.app/Contents/MacOS/firefox"
 # Load abbreviations
 abbrs
 # Turn off greeting
 set -U fish_greeting ""
 # Set colors (Base16 Eighties)
 set -U fish_color_normal normal
 set -U fish_color_command 99cc99
 set -U fish_color_quote ffcc66
 set -U fish_color_redirection d3d0c8
 set -U fish_color_end cc99cc
 set -U fish_color_error f2777a
 set -U fish_color_selection white --bold --background=brblack
 set -U fish_color_search_match bryellow --background=brblack
 set -U fish_color_history_current --bold
 set -U fish_color_operator 6699cc
 set -U fish_color_escape 66cccc
 set -U fish_color_cwd green
 set -U fish_color_cwd_root red
 set -U fish_color_valid_path --underline
 set -U fish_color_autosuggestion 747369
 set -U fish_color_user brgreen
 set -U fish_color_host normal
 set -U fish_color_cancel -r
 set -U fish_pager_color_completion normal
 set -U fish_pager_color_description B3A06D yellow
 set -U fish_pager_color_prefix white --bold --underline
 set -U fish_pager_color_progress brwhite --background=cyan
 set -U fish_color_comment ffcc66
 set -U fish_color_param d3d0c8
 set -U fish_color_match 6699cc
 echo "fish setup ✓"
--- a/legacy/scripts/setup_ytfzf
+++ b/legacy/scripts/setup_ytfzf
@ -1,7 +0,0 @@
 #!/bin/sh
 echo "downloading ytfzf"
 mkdir -p ~/.local/bin
 curl -sL "https://raw.githubusercontent.com/pystardust/ytfzf/master/ytfzf" >~/.local/bin/ytfzf
 chmod 755 ~/.local/bin/ytfzf
 echo "ytfzf ✓"
--- a/legacy/templates/kubernetes/clusterrole.yaml
+++ b/legacy/templates/kubernetes/clusterrole.yaml
@ -1,8 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name:
 rules:
  - apiGroups: [""]
    resources:
    verbs: []
--- a/legacy/templates/kubernetes/clusterrolebinding.yaml
+++ b/legacy/templates/kubernetes/clusterrolebinding.yaml
@ -1,12 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name:
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name:
 subjects:
 - kind: ServiceAccount
  name:
  namespace: default
--- a/legacy/templates/kubernetes/configmap.yaml
+++ b/legacy/templates/kubernetes/configmap.yaml
@ -1,8 +0,0 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name:
  namespace: default
  annotations:
    replicator.v1.mittwald.de/replicate-to: ".*"
 data:
--- a/legacy/templates/kubernetes/deployment.yaml
+++ b/legacy/templates/kubernetes/deployment.yaml
@ -1,33 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name:
  namespace: default
 spec:
  replicas: 1
  selector:
    matchLabels:
      app:
  template:
    metadata:
      labels:
        app:
    spec:
      serviceAccountName:
      containers:
      - name:
        image:
        imagePullPolicy: Always
        envFrom:
        - configMapRef:
            name:
        - secretRef:
            name:
        ports:
        - containerPort:
          protocol: TCP
        resources:
          limits:
            cpu:
          requests:
            cpu:
--- a/legacy/templates/kubernetes/ingress.yaml
+++ b/legacy/templates/kubernetes/ingress.yaml
@ -1,21 +0,0 @@
 apiVersion: networking.k8s.io/v1beta1 # must be beta until k8s 1.19
 kind: Ingress
 metadata:
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/group.name:
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/security-groups:
    alb.ingress.kubernetes.io/tags: Project=
    alb.ingress.kubernetes.io/target-type: instance
  name:
  namespace:
 spec:
  rules:
  - host:
    http:
      paths:
      - backend:
          serviceName:
          servicePort:
--- a/legacy/templates/kubernetes/role.yaml
+++ b/legacy/templates/kubernetes/role.yaml
@ -1,10 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name:
  namespace: default
 rules:
 - apiGroups: [""]
  resourceNames:
  resources:
  verbs:
--- a/legacy/templates/kubernetes/rolebinding.yaml
+++ b/legacy/templates/kubernetes/rolebinding.yaml
@ -1,13 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name:
  namespace: default
 roleRef:
  kind:
  name:
  apiGroup: rbac.authorization.k8s.io
 subjects:
 - kind:
  name:
  apiGroup: rbac.authorization.k8s.io
--- a/legacy/templates/kubernetes/secret.yaml
+++ b/legacy/templates/kubernetes/secret.yaml
@ -1,8 +0,0 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name:
  namespace: default
  annotations:
    replicator.v1.mittwald.de/replicate-to: ".*"
 data:
--- a/legacy/templates/kubernetes/service.yaml
+++ b/legacy/templates/kubernetes/service.yaml
@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  annotations:
    alb.ingress.kubernetes.io/healthcheck-path:
  name:
  namespace: default
 spec:
  ports:
  - port: 443
    protocol: TCP
    targetPort: 80
  selector:
    app:
  type: NodePort
--- a/legacy/templates/kubernetes/serviceaccount.yaml
+++ b/legacy/templates/kubernetes/serviceaccount.yaml
@ -1,5 +0,0 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name:
  namespace: default
--- a/legacy/templates/programs/skeleton.py
+++ b/legacy/templates/programs/skeleton.py
@ -1,12 +0,0 @@
 #!/usr/bin/env python
 """
 Program
 """
 def main():
    """Run the program"""
    pass
 if __name__ == "__main__":
    main()
--- a/legacy/templates/programs/skeleton.sh
+++ b/legacy/templates/programs/skeleton.sh
@ -1,8 +0,0 @@
 #!/bin/sh
 if [ "$1" = "--help" ] || [ "$1" = "-h" ]; then
  cat <<EOH
 Help text
 EOH
  exit
 fi
--- a/modules/README.md
+++ b/modules/README.md
@ -0,0 +1,8 @@
 # Modules
 | Module                         | Purpose                                     |
 | ---                            | ---                                         |
 | [common](./common/default.nix) | User programs and OS-agnostic configuration |
 | [darwin](./darwin/default.nix) | macOS-specific configuration                |
 | [nixos](./nixos/default.nix)   | NixOS-specific configuration                |
--- a/modules/applications/1password.nix
+++ b/modules/applications/1password.nix
@ -1,10 +0,0 @@
 { config, pkgs, lib, ... }: {
  config = lib.mkIf config.gui.enable {
    unfreePackages = [ "1password" "_1password-gui" ];
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [ _1password-gui ];
    };
  };
 }
--- a/modules/applications/media.nix
+++ b/modules/applications/media.nix
@ -1,12 +0,0 @@
 { config, pkgs, lib, ... }: {
  config = lib.mkIf config.gui.enable {
    home-manager.users.${config.user}.home.packages = with pkgs; [
      mpv # Video viewer
      sxiv # Image viewer
      mupdf # PDF viewer
      zathura # PDF viewer
    ];
  };
 }
--- a/modules/applications/nautilus.nix
+++ b/modules/applications/nautilus.nix
@ -1,20 +0,0 @@
 { config, pkgs, lib, ... }: {
  # Install Nautilus file manager
  config = lib.mkIf config.gui.enable {
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [
        gnome.nautilus
        gnome.sushi # Quick preview with spacebar
      ];
      programs.fish.functions = {
        qr = {
          body =
            "${pkgs.qrencode}/bin/qrencode $argv[1] -o /tmp/qr.png | ${pkgs.gnome.sushi}/bin/sushi /tmp/qr.png";
        };
      };
    };
  };
 }
--- a/modules/applications/obsidian.nix
+++ b/modules/applications/obsidian.nix
@ -1,10 +0,0 @@
 { config, pkgs, lib, ... }: {
  config = lib.mkIf config.gui.enable {
    unfreePackages = [ "obsidian" ];
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [ obsidian ];
    };
  };
 }
--- a/modules/applications/qbittorrent.nix
+++ b/modules/applications/qbittorrent.nix
@ -1,12 +0,0 @@
 { config, pkgs, lib, ... }: {
  config = lib.mkIf config.gui.enable {
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [ qbittorrent ];
    };
  };
 }
--- a/modules/colorscheme/everforest/default.nix
+++ b/modules/colorscheme/everforest/default.nix
@ -1,20 +0,0 @@
 {
  name = "everforest"; # dark, hard
  author = "Sainnhe Park";
  base00 = "#2b3339"; # Default Background
  base01 = "#323c41"; # Lighter Background
  base02 = "#503946"; # Selection Background
  base03 = "#868d80"; # Comments, Invisibles, Line Highlighting
  base04 = "#d3c6aa"; # Dark Foreground (Used for status bars)
  base05 = "#d3c6aa"; # Default Foreground, Caret, Delimiters, Operators
  base06 = "#e9e8d2"; # Light Foreground (Not often used)
  base07 = "#fff9e8"; # Light Background (Not often used)
  base08 = "#7fbbb3"; # Variables, XML Tags, Markup Link Text, ...
  base09 = "#d699b6"; # Integers, Boolean, Constants, ...
  base0A = "#83c092"; # Classes, Markup Bold, Search Text Background
  base0B = "#dbbc7f"; # Strings, Inherited Class, Markup Code, Diff Inserted
  base0C = "#e69875"; # Support, Regular Expressions, Escape Characters, ...
  base0D = "#a7c080"; # Functions, Methods, Attribute IDs, Headings
  base0E = "#e67e80"; # Keywords, Storage, Selector, Markup Italic, Diff Changed
  base0F = "#d699b6"; # Deprecated, Opening/Closing Embedded Language Tags, ...
 }
--- a/modules/colorscheme/gruvbox/neovim.lua
+++ b/modules/colorscheme/gruvbox/neovim.lua
@ -1,13 +0,0 @@
 local M = {}
 M.packer = function(use)
    use({
        "lifepillar/vim-gruvbox8",
        config = function()
            vim.g.gruvbox_italicize_strings = 0
            vim.cmd("colorscheme gruvbox8")
        end,
    })
 end
 return M
--- a/modules/colorscheme/nord/default.nix
+++ b/modules/colorscheme/nord/default.nix
@ -1,21 +0,0 @@
 {
  name = "nord";
  author = "arcticicestudio";
  base00 = "#2E3440";
  base01 = "#3B4252";
  base02 = "#434C5E";
  base03 = "#4C566A";
  base04 = "#D8DEE9";
  base05 = "#E5E9F0";
  base06 = "#ECEFF4";
  base07 = "#8FBCBB";
  base08 = "#88C0D0";
  base09 = "#81A1C1";
  base0A = "#5E81AC";
  base0B = "#BF616A";
  base0C = "#D08770";
  base0D = "#EBCB8B";
  base0E = "#A3BE8C";
  base0F = "#B48EAD";
  neovimConfig = ./neovim.lua;
 }
--- a/modules/colorscheme/nord/neovim.lua
+++ b/modules/colorscheme/nord/neovim.lua
@ -1,13 +0,0 @@
 local M = {}
 M.packer = function(use)
    use({
        "shaunsingh/nord.nvim",
        config = function()
            vim.g.nord_italic = true
            vim.cmd("colorscheme nord")
        end,
    })
 end
 return M
--- a/modules/common/applications/1password.nix
+++ b/modules/common/applications/1password.nix
@ -0,0 +1,20 @@
 { config, pkgs, lib, ... }: {
  options = {
    _1password = {
      enable = lib.mkEnableOption {
        description = "Enable 1Password.";
        default = false;
      };
    };
  };
  config = lib.mkIf
    (config.gui.enable && config._1password.enable && pkgs.stdenv.isLinux) {
      unfreePackages = [ "1password" "_1password-gui" ];
      home-manager.users.${config.user} = {
        home.packages = with pkgs; [ _1password-gui ];
      };
    };
 }
--- a/modules/common/applications/alacritty.nix
+++ b/modules/common/applications/alacritty.nix
@ -1,6 +1,15 @@
 { config, pkgs, lib, ... }: {
-  config = lib.mkIf config.gui.enable {
+  options = {
    alacritty = {
      enable = lib.mkEnableOption {
        description = "Enable Alacritty.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.gui.enable && config.alacritty.enable) {
    home-manager.users.${config.user} = {
      xsession.windowManager.i3.config.terminal = "alacritty";
      programs.rofi.terminal = "${pkgs.alacritty}/bin/alacritty";
--- a/modules/common/applications/default.nix
+++ b/modules/common/applications/default.nix
@ -3,14 +3,14 @@
  imports = [
    ./1password.nix
    ./alacritty.nix
    ./calibre.nix
    ./discord.nix
    ./firefox.nix
    ./kitty.nix
    ./media.nix
    ./obsidian.nix
    ./qbittorrent.nix
-    ./nautilus.nix
+    ./slack.nix
    ./yt-dlp.nix
  ];
 }
--- a/modules/common/applications/discord.nix
+++ b/modules/common/applications/discord.nix
@ -1,6 +1,15 @@
 { config, pkgs, lib, ... }: {
-  config = lib.mkIf config.gui.enable {
+  options = {
    discord = {
      enable = lib.mkEnableOption {
        description = "Enable Discord.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.gui.enable && config.discord.enable) {
    unfreePackages = [ "discord" ];
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [ discord ];
--- a/modules/common/applications/firefox.nix
+++ b/modules/common/applications/firefox.nix
@ -1,45 +1,66 @@
 { config, pkgs, lib, ... }:
 {
  config = lib.mkIf config.gui.enable {
-    unfreePackages = [ "onepassword-password-manager" "okta-browser-plugin" ];
+  options = {
    firefox = {
      enable = lib.mkEnableOption {
        description = "Enable Firefox.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.gui.enable && config.firefox.enable) {
    unfreePackages = [
      (lib.mkIf config._1password.enable "onepassword-password-manager")
      "okta-browser-plugin"
    ];
    home-manager.users.${config.user} = {
      programs.firefox = {
        enable = true;
-        package = lib.mkIf pkgs.stdenv.isDarwin pkgs.firefox-bin;
+        package =
-        extensions = with pkgs.nur.repos.rycee.firefox-addons; [
+          if pkgs.stdenv.isDarwin then pkgs.firefox-bin else pkgs.firefox;
-          ublock-origin
+        profiles.default = {
          vimium
          multi-account-containers
          facebook-container
          temporary-containers
          onepassword-password-manager
          okta-browser-plugin
          sponsorblock
          reddit-enhancement-suite
          bypass-paywalls-clean
          markdownload
          darkreader
          snowflake
          don-t-fuck-with-paste
          i-dont-care-about-cookies
        ];
        profiles.Profile0 = {
          id = 0;
          name = "default";
          isDefault = true;
          extensions = with pkgs.nur.repos.rycee.firefox-addons; [
            ublock-origin
            vimium
            multi-account-containers
            facebook-container
            (lib.mkIf config._1password.enable onepassword-password-manager)
            okta-browser-plugin
            sponsorblock
            reddit-enhancement-suite
            return-youtube-dislikes
            markdownload
            darkreader
            snowflake
            don-t-fuck-with-paste
            i-dont-care-about-cookies
            wappalyzer
          ];
          settings = {
            "app.update.auto" = false;
            "browser.aboutConfig.showWarning" = false;
            "browser.warnOnQuit" = false;
-            "browser.quitShortcut.disabled" = true;
+            "browser.quitShortcut.disabled" =
              if pkgs.stdenv.isLinux then true else false;
            "browser.theme.dark-private-windows" = true;
-            "browser.toolbars.bookmarks.visibility" = "newtab";
+            "browser.toolbars.bookmarks.visibility" = false;
            "browser.startup.page" = 3; # Restore previous session
            "browser.newtabpage.enabled" = false; # Make new tabs blank
            "trailhead.firstrun.didSeeAboutWelcome" =
              true; # Disable welcome splash
            "dom.forms.autocomplete.formautofill" = false; # Disable autofill
            "extensions.formautofill.creditCards.enabled" =
              false; # Disable credit cards
            "dom.payments.defaults.saveAddress" = false; # Disable address save
            "general.autoScroll" = true; # Drag middle-mouse to scroll
            "services.sync.prefs.sync.general.autoScroll" =
              false; # Prevent disabling autoscroll
@ -49,6 +70,10 @@
            "layout.css.color-mix.enabled" = true;
            "ui.systemUsesDarkTheme" =
              if config.theme.dark == true then 1 else 0;
            "media.ffmpeg.vaapi.enabled" =
              true; # Enable hardware video acceleration
            "cookiebanners.ui.desktop.enabled" = true; # Reject cookie popups
            "svg.context-properties.content.enabled" = true; # Sidebery styling
          };
          userChrome = ''
            :root {
@ -60,6 +85,22 @@
            .toolbar-items {
              background-color: ${config.theme.colors.base00} !important;
            }
            /* Extra tab bar sides on macOS */
            .titlebar-spacer {
              background-color: ${config.theme.colors.base00} !important;
            }
            .titlebar-buttonbox-container {
              background-color: ${config.theme.colors.base00} !important;
            }
            #tabbrowser-tabs {
              border-inline-start: 0 !important;
            }
            /* Private Browsing indicator on macOS */
            #private-browsing-indicator-with-label {
              background-color: ${config.theme.colors.base00} !important;
              margin-inline: 0 !important;
              padding-inline: 7px;
            }
            /* Tabs themselves */
            .tabbrowser-tab .tab-stack {
              border-radius: 5px 5px 0 0;
@ -119,6 +160,24 @@
        };
      };
      xsession.windowManager.i3.config.keybindings =
        lib.mkIf pkgs.stdenv.isLinux {
          "${
            config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier
          }+Shift+b" = "exec ${
            # Don't name the script `firefox` or it will affect grep
              builtins.toString (pkgs.writeShellScript "focus-ff.sh" ''
                count=$(ps aux | grep -c firefox)
                if [ "$count" -eq 1 ]; then
                    i3-msg "exec --no-startup-id firefox"
                    sleep 0.5
                fi
                i3-msg "[class=firefox] focus"
              '')
            }";
        };
    };
  };
--- a/modules/common/applications/kitty.nix
+++ b/modules/common/applications/kitty.nix
@ -1,9 +1,39 @@
 { config, pkgs, lib, ... }: {
-  config = lib.mkIf config.gui.enable {
+  options = {
    kitty = {
      enable = lib.mkEnableOption {
        description = "Enable Kitty.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.gui.enable && config.kitty.enable) {
    # Set the Rofi-Systemd terminal for viewing logs
    # Using optionalAttrs because only available in NixOS
    environment = { } // lib.attrsets.optionalAttrs
      (builtins.hasAttr "sessionVariables" config.environment) {
        sessionVariables.ROFI_SYSTEMD_TERM = "${pkgs.kitty}/bin/kitty";
      };
    home-manager.users.${config.user} = {
-      # xsession.windowManager.i3.config.terminal = "kitty";
+
-      # programs.rofi.terminal = "${pkgs.kitty}/bin/kitty";
+      # Set the i3 terminal
      xsession.windowManager.i3.config.terminal =
        lib.mkIf pkgs.stdenv.isLinux "kitty";
      # Set the Rofi terminal for running programs
      programs.rofi.terminal =
        lib.mkIf pkgs.stdenv.isLinux "${pkgs.kitty}/bin/kitty";
      # Display images in the terminal
      programs.fish.shellAliases = {
        icat = "kitty +kitten icat";
        ssh = "kitty +kitten ssh";
      };
      programs.kitty = {
        enable = true;
        environment = { };
@ -61,8 +91,6 @@
          # Scrollback
          scrolling_lines = 10000;
          scrollback_pager_history_size = 10; # MB
          scrollback_pager = ''
            ${pkgs.neovim}/bin/nvim -c 'setlocal nonumber nolist showtabline=0 foldcolumn=0|Man!' -c "autocmd VimEnter * normal G" -'';
          # Window
          window_padding_width = 6;
--- a/modules/common/applications/media.nix
+++ b/modules/common/applications/media.nix
@ -0,0 +1,73 @@
 { config, pkgs, lib, ... }: {
  options = {
    media = {
      enable = lib.mkEnableOption {
        description = "Enable media programs.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.gui.enable && config.media.enable) {
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [
        nsxiv # Image viewer
        mupdf # PDF viewer
        zathura # PDF viewer
      ];
      # Video player
      programs.mpv = {
        enable = true;
        bindings = { };
        config = {
          image-display-duration = 2;
          hwdec = "auto-safe";
        };
        scripts = [
          # Automatically load playlist entries before and after current file
          pkgs.mpvScripts.autoload
          # Delete current file after quitting
          (pkgs.stdenv.mkDerivation rec {
            pname = "mpv-delete-file";
            version = "0.1"; # made-up
            src = pkgs.fetchFromGitHub {
              owner = "zenyd";
              repo = "mpv-scripts";
              rev = "19ea069abcb794d1bf8fac2f59b50d71ab992130";
              sha256 = "sha256-OBCuzCtgfSwj0i/rBNranuu4LRc47jObwQIJgQQoerg=";
            } + "/delete_file.lua";
            dontBuild = true;
            dontUnpack = true;
            installPhase =
              "install -Dm644 ${src} $out/share/mpv/scripts/delete_file.lua";
            passthru.scriptName = "delete_file.lua";
          })
        ];
      };
      # Set default for opening PDFs
      xdg.mimeApps = {
        associations.added = {
          "application/pdf" = [ "pwmt.zathura-cb.desktop" ];
          "image/jpeg" = [ "nsxiv.desktop" ];
          "image/*" = [ "nsxiv.desktop" ];
        };
        associations.removed = {
          "application/pdf" = [ "mupdf.desktop" "wine-extension-pdf.desktop" ];
        };
        defaultApplications = {
          "application/pdf" = [ "pwmt.zathura-cb.desktop" ];
          "image/jpeg" = [ "nsxiv.desktop" ];
          "image/*" = [ "nsxiv.desktop" ];
        };
      };
    };
  };
 }
--- a/modules/common/applications/obsidian.nix
+++ b/modules/common/applications/obsidian.nix
@ -0,0 +1,23 @@
 { config, pkgs, lib, ... }: {
  options = {
    obsidian = {
      enable = lib.mkEnableOption {
        description = "Enable Obsidian.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.gui.enable && config.obsidian.enable) {
    unfreePackages = [ "obsidian" ];
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [ obsidian ];
    };
    # Broken on 2023-04-16
    nixpkgs.config.permittedInsecurePackages = [ "electron-21.4.0" ];
  };
 }
--- a/modules/common/applications/qbittorrent.nix
+++ b/modules/common/applications/qbittorrent.nix
@ -0,0 +1,21 @@
 { config, pkgs, lib, ... }: {
  options = {
    qbittorrent = {
      enable = lib.mkEnableOption {
        description = "Enable qBittorrent.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.gui.enable && config.qbittorrent.enable) {
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [ qbittorrent ];
    };
  };
 }
--- a/modules/common/applications/slack.nix
+++ b/modules/common/applications/slack.nix
@ -0,0 +1,19 @@
 { config, pkgs, lib, ... }: {
  options = {
    slack = {
      enable = lib.mkEnableOption {
        description = "Enable Slack.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.gui.enable && config.slack.enable) {
    unfreePackages = [ "slack" ];
    home-manager.users.${config.user} = {
      home.packages = with pkgs; [ slack ];
    };
  };
 }
--- a/modules/common/applications/yt-dlp.nix
+++ b/modules/common/applications/yt-dlp.nix
@ -0,0 +1,35 @@
 { config, pkgs, lib, ... }: {
  options = {
    yt-dlp = {
      enable = lib.mkEnableOption {
        description = "Enable YouTube downloader.";
        default = false;
      };
    };
  };
  config = lib.mkIf (config.yt-dlp.enable) {
    home-manager.users.${config.user} = {
      programs.yt-dlp = {
        enable = true;
        extraConfig = "";
        settings = {
          no-continue = true; # Always re-download each fragment
          no-overwrites = true; # Don't overwrite existing files
          download-archive = "archive.log"; # Log of archives
          embed-metadata = true;
          embed-thumbnail = true;
          embed-subs = true;
          sub-langs = "en.*";
          concurrent-fragments = 4; # Parallel download chunks
        };
      };
      programs.fish.shellAbbrs.yt = "yt-dlp";
    };
  };
 }
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@ -1,9 +1,9 @@
 { config, lib, pkgs, ... }: {
  imports =
-    [ ../modules/shell ../modules/neovim ../modules/repositories/dotfiles.nix ];
+    [ ./applications ./mail ./neovim ./programming ./repositories ./shell ];
-  options = rec {
+  options = {
    user = lib.mkOption {
      type = lib.types.str;
      description = "Primary user of the system";
@ -36,7 +36,7 @@
      colors = lib.mkOption {
        type = lib.types.attrs;
        description = "Base16 color scheme.";
-        default = (import ../modules/colorscheme/gruvbox).dark;
+        default = (import ../colorscheme/gruvbox).dark;
      };
      dark = lib.mkOption {
        type = lib.types.bool;
@ -44,11 +44,6 @@
        default = true;
      };
    };
    # colorscheme = lib.mkOption {
    #   type = types.attrs;
    #   description = "Base16 color scheme";
    # };
    homePath = lib.mkOption {
      type = lib.types.path;
      description = "Path of user's home directory.";
@ -57,7 +52,6 @@
      else
        "/home/${config.user}");
    };
    dotfilesPath = lib.mkOption {
      type = lib.types.path;
      description = "Path of dotfiles repository.";
@ -65,23 +59,83 @@
    };
    dotfilesRepo = lib.mkOption {
      type = lib.types.str;
-      description = "Link to dotfiles repository.";
+      description = "Link to dotfiles repository HTTPS URL.";
    };
    unfreePackages = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      description = "List of unfree packages to allow.";
      default = [ ];
    };
    hostnames = {
      git = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for git server (Gitea).";
      };
      metrics = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for metrics server.";
      };
      prometheus = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for Prometheus server.";
      };
      secrets = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for passwords and secrets (Vaultwarden).";
      };
      stream = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for video/media library (Jellyfin).";
      };
      content = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for personal content system (Nextcloud).";
      };
      books = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for books library (Calibre-Web).";
      };
      download = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for download services.";
      };
    };
  };
-  config = let stateVersion = "22.11";
+  config = let stateVersion = "23.05";
  in {
-    # Enable features in Nix commands
+    nix = {
-    nix.extraOptions = ''
+
-      experimental-features = nix-command flakes
+      # Enable features in Nix commands
-      warn-dirty = false
+      extraOptions = ''
-    '';
+        experimental-features = nix-command flakes
        warn-dirty = false
      '';
      gc = {
        automatic = true;
        options = "--delete-older-than 7d";
      };
      settings = {
        # Add community Cachix to binary cache
        # Don't use with macOS because blocked by corporate firewall
        builders-use-substitutes = true;
        substituters = lib.mkIf (!pkgs.stdenv.isDarwin)
          [ "https://nix-community.cachix.org" ];
        trusted-public-keys = lib.mkIf (!pkgs.stdenv.isDarwin) [
          "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
        ];
        # Scans and hard links identical files in the store
        # Not working with macOS: https://github.com/NixOS/nix/issues/7273
        auto-optimise-store = lib.mkIf (!pkgs.stdenv.isDarwin) true;
      };
    };
    # Basic common system packages for all devices
    environment.systemPackages = with pkgs; [ git vim wget curl ];
--- a/modules/common/mail/aerc.nix
+++ b/modules/common/mail/aerc.nix
@ -1,6 +1,8 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, lib, ... }: {
-  config = {
+  options.mail.aerc.enable = lib.mkEnableOption "Aerc email.";
  config = lib.mkIf config.mail.aerc.enable {
    home-manager.users.${config.user} = {
@ -152,22 +154,20 @@
          general.unsafe-accounts-conf = true;
          viewer = { pager = "${pkgs.less}/bin/less -R"; };
          filters = {
-            "text/plain" =
+            "text/plain" = "${pkgs.aerc}/libexec/aerc/filters/colorize";
              "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/share/aerc/filters/colorize";
            "text/calendar" =
-              "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/share/aerc/filters/calendar";
+              "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/libexec/aerc/filters/calendar";
            "text/html" =
-              "${pkgs.aerc}/share/aerc/filters/html"; # Requires w3m, dante
+              "${pkgs.aerc}/libexec/aerc/filters/html | ${pkgs.aerc}/libexec/aerc/filters/colorize"; # Requires w3m, dante
            # "text/html" =
            #   "${pkgs.aerc}/share/aerc/filters/html | ${pkgs.aerc}/share/aerc/filters/colorize";
            # "text/*" =
            #   ''${pkgs.bat}/bin/bat -fP --file-name="$AERC_FILENAME "'';
            "message/delivery-status" =
-              "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/share/aerc/filters/colorize";
+              "${pkgs.aerc}/libexec/aerc/filters/colorize";
-            "message/rfc822" =
+            "message/rfc822" = "${pkgs.aerc}/libexec/aerc/filters/colorize";
              "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/share/aerc/filters/colorize";
            "application/x-sh" = "${pkgs.bat}/bin/bat -fP -l sh";
            "application/pdf" = "${pkgs.zathura}/bin/zathura -";
            "audio/*" = "${pkgs.mpv}/bin/mpv -";
            "image/*" = "${pkgs.feh}/bin/feh -";
          };
        };
      };
@ -179,6 +179,27 @@
        };
      };
      xdg.desktopEntries.aerc = lib.mkIf pkgs.stdenv.isLinux {
        name = "aerc";
        exec = "kitty aerc %u";
      };
      xsession.windowManager.i3.config.keybindings =
        lib.mkIf pkgs.stdenv.isLinux {
          "${
            config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier
          }+Shift+e" = "exec ${
            # Don't name the script `aerc` or it will affect grep
              builtins.toString (pkgs.writeShellScript "focus-mail.sh" ''
                count=$(ps aux | grep -c aerc)
                if [ "$count" -eq 1 ]; then
                    i3-msg "exec --no-startup-id kitty --class aerc aerc"
                    sleep 0.25
                fi
                i3-msg "[class=aerc] focus"
              '')
            }";
        };
      programs.fish.shellAbbrs = { ae = "aerc"; };
    };
--- a/modules/common/mail/default.nix
+++ b/modules/common/mail/default.nix
@ -0,0 +1,99 @@
 { config, pkgs, lib, ... }: {
  imports = [ ./himalaya.nix ./aerc.nix ./system.nix ];
  options = {
    mail.enable = lib.mkEnableOption "Mail service.";
    mail.user = lib.mkOption {
      type = lib.types.str;
      description = "User name for the email address.";
      default = config.user;
    };
    mail.server = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
      description = "Server name for the email address.";
    };
    mail.imapHost = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
      description = "Server host for IMAP (reading mail).";
    };
    mail.smtpHost = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
      description = "Server host for SMTP (sending mail).";
    };
  };
  config = lib.mkIf config.mail.enable {
    home-manager.users.${config.user} = {
      programs.mbsync = { enable = true; };
      services.mbsync = lib.mkIf pkgs.stdenv.isLinux {
        enable = true;
        frequency = "*:0/5";
        postExec = "${pkgs.notmuch}/bin/notmuch new";
      };
      services.imapnotify.enable = pkgs.stdenv.isLinux;
      programs.msmtp.enable = true;
      programs.notmuch = {
        enable = true;
        new.ignore = [ ".mbsyncstate.lock" ".mbsyncstate.journal" ];
      };
      accounts.email = {
        maildirBasePath = "${config.homePath}/mail";
        accounts = {
          home = let address = "${config.mail.user}@${config.mail.server}";
          in {
            userName = address;
            realName = config.fullName;
            primary = true;
            inherit address;
            aliases = map (user: "${user}@${config.mail.server}") [
              "me"
              "hey"
              "admin"
            ];
            alot = { };
            flavor = "plain";
            imap = {
              host = config.mail.imapHost;
              port = 993;
              tls.enable = true;
            };
            imapnotify = {
              enable = true;
              boxes = [ "Inbox" ];
              onNotify = "${pkgs.isync}/bin/mbsync -a";
              onNotifyPost = lib.mkIf
                config.home-manager.users.${config.user}.services.dunst.enable
                "${pkgs.libnotify}/bin/notify-send 'New mail arrived'";
            };
            maildir = { path = "main"; };
            mbsync = {
              enable = true;
              create = "both";
              expunge = "both";
              remove = "both";
              patterns = [ "*" ];
              extraConfig.channel = {
                CopyArrivalDate = "yes"; # Sync time of original message
              };
            };
            notmuch.enable = true;
            passwordCommand =
              "${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${
                pkgs.writeText "mailpass.age"
                (builtins.readFile ../../../private/mailpass.age)
              }";
            smtp = {
              host = config.mail.smtpHost;
              port = 465;
              tls.enable = true;
            };
          };
        };
      };
    };
  };
 }
--- a/modules/common/mail/himalaya.nix
+++ b/modules/common/mail/himalaya.nix
@ -1,15 +1,17 @@
-{ config, ... }: {
+{ config, lib, ... }: {
-  config = {
+  options.mail.himalaya.enable = lib.mkEnableOption "Himalaya email.";
  config = lib.mkIf config.mail.himalaya.enable {
    home-manager.users.${config.user} = {
      programs.himalaya = { enable = true; };
      accounts.email.accounts.home.himalaya = {
        enable = true;
        backend = "imap";
        sender = "smtp";
        settings = {
          backend = "imap";
          sender = "smtp";
          downloads-dir = config.userDirs.download;
          smtp-insecure = true;
        };
--- a/modules/common/mail/system.nix
+++ b/modules/common/mail/system.nix
@ -0,0 +1,32 @@
 { config, pkgs, lib, ... }: {
  config = lib.mkIf (config.mail.enable || config.server) {
    home-manager.users.${config.user} = {
      programs.msmtp.enable = true;
      accounts.email.accounts.system =
        let address = "system@${config.mail.server}";
        in {
          userName = address;
          realName = "NixOS System";
          primary = false;
          inherit address;
          passwordCommand =
            "${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${
              pkgs.writeText "mailpass-system.age"
              (builtins.readFile ../../../private/mailpass-system.age)
            }";
          msmtp.enable = true;
          smtp = {
            host = config.mail.smtpHost;
            port = 465;
            tls.enable = true;
          };
        };
    };
  };
 }
--- a/modules/common/neovim/config/align.nix
+++ b/modules/common/neovim/config/align.nix
@ -0,0 +1,9 @@
 { pkgs, ... }: {
  plugins = [ pkgs.vimPlugins.tabular ];
  lua = ''
    -- Align
    vim.keymap.set("", "<Leader>ta", ":Tabularize /")
    vim.keymap.set("", "<Leader>t#", ":Tabularize /#<CR>")
    vim.keymap.set("", "<Leader>tl", ":Tabularize /---<CR>")
  '';
 }
--- a/modules/common/neovim/config/bufferline.nix
+++ b/modules/common/neovim/config/bufferline.nix
@ -0,0 +1,22 @@
 { pkgs, ... }: {
  plugins = [
    pkgs.vimPlugins.bufferline-nvim
    pkgs.vimPlugins.vim-bbye # Better closing of buffers
  ];
  setup.bufferline = {
    options = {
      diagnostics = "nvim_lsp";
      always_show_bufferline = false;
      separator_style = "slant";
      offsets = [{ filetype = "NvimTree"; }];
    };
  };
  lua = ''
    -- Move buffers
    vim.keymap.set("n", "L", ":BufferLineCycleNext<CR>", { silent = true })
    vim.keymap.set("n", "H", ":BufferLineCyclePrev<CR>", { silent = true })
    -- Kill buffer
    vim.keymap.set("n", "<Leader>x", " :Bdelete<CR>", { silent = true })
  '';
 }
--- a/modules/common/neovim/config/colors.nix
+++ b/modules/common/neovim/config/colors.nix
@ -0,0 +1,20 @@
 { pkgs, lib, config, ... }: {
  options.colors = lib.mkOption {
    type = lib.types.attrsOf lib.types.str;
    description = "Attrset of base16 colorscheme key value pairs.";
  };
  config = {
    plugins = [ pkgs.vimPlugins.nvim-base16 ];
    setup.base16-colorscheme = config.colors;
    # Telescope isn't working, shut off for now
    lua = ''
      require('base16-colorscheme').with_config {
          telescope = false,
      }
    '';
  };
 }
--- a/modules/common/neovim/config/completion.nix
+++ b/modules/common/neovim/config/completion.nix
@ -0,0 +1,162 @@
 { pkgs, dsl, ... }: {
  plugins = [
    pkgs.vimPlugins.cmp-nvim-lsp
    pkgs.vimPlugins.cmp-buffer
    pkgs.vimPlugins.cmp-path
    pkgs.vimPlugins.cmp-cmdline
    pkgs.vimPlugins.cmp-nvim-lua
    pkgs.vimPlugins.luasnip
    pkgs.vimPlugins.cmp_luasnip
    pkgs.vimPlugins.cmp-rg
    pkgs.vimPlugins.friendly-snippets
  ];
  use.cmp.setup = dsl.callWith {
    # Disable in telescope buffers
    enabled = dsl.rawLua ''
      function()
          if vim.bo.buftype == "prompt" then
              return false
          end
          return true
      end
    '';
    snippet.expand = dsl.rawLua ''
      function(args)
          require("luasnip").lsp_expand(args.body)
      end
    '';
    mapping = {
      "['<C-n>']" = dsl.rawLua
        "require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Insert })";
      "['<C-p>']" = dsl.rawLua
        "require('cmp').mapping.select_prev_item({ behavior = require('cmp').SelectBehavior.Insert })";
      "['<Down>']" = dsl.rawLua
        "require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Select })";
      "['<Up>']" = dsl.rawLua
        "require('cmp').mapping.select_prev_item({ behavior = require('cmp').SelectBehavior.Select })";
      "['<C-d>']" = dsl.rawLua "require('cmp').mapping.scroll_docs(-4)";
      "['<C-f>']" = dsl.rawLua "require('cmp').mapping.scroll_docs(4)";
      "['<C-e>']" = dsl.rawLua "require('cmp').mapping.abort()";
      "['<CR>']" = dsl.rawLua
        "require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Replace, select = true, })";
      "['<C-r>']" = dsl.rawLua
        "require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Replace, select = true, })";
      "['<Esc>']" = dsl.rawLua ''
        function(_)
            cmp.mapping({
                i = cmp.mapping.abort(),
                c = cmp.mapping.close(),
            })
            vim.cmd("stopinsert") --- Abort and leave insert mode
        end
      '';
      "['<C-l>']" = dsl.rawLua ''
        cmp.mapping(function(_)
            if require("luasnip").expand_or_jumpable() then
                require("luasnip").expand_or_jump()
            end
        end, { "i", "s" })
      '';
    };
    sources = [
      { name = "nvim_lua"; }
      { name = "nvim_lsp"; }
      { name = "luasnip"; }
      { name = "path"; }
      {
        name = "buffer";
        keyword_length = 3;
        max_item_count = 10;
      }
      {
        name = "rg";
        keyword_length = 6;
        max_item_count = 10;
        option = { additional_arguments = "--ignore-case"; };
      }
    ];
    formatting = {
      fields = [ "kind" "abbr" "menu" ];
      format = dsl.rawLua ''
        function(entry, vim_item)
            local kind_icons = {
                Text = "",
                Method = "m",
                Function = "",
                Constructor = "",
                Field = "",
                Variable = "",
                Class = "",
                Interface = "",
                Module = "",
                Property = "",
                Unit = "",
                Value = "",
                Enum = "",
                Keyword = "",
                Snippet = "",
                Color = "",
                File = "",
                Reference = "",
                Folder = "",
                EnumMember = "",
                Constant = "",
                Struct = "",
                Event = "",
                Operator = "",
                TypeParameter = "",
            }
            vim_item.kind = string.format("%s", kind_icons[vim_item.kind])
            vim_item.menu = ({
                luasnip = "[Snippet]",
                buffer = "[Buffer]",
                path = "[Path]",
                rg = "[Grep]",
                nvim_lsp = "[LSP]",
                nvim_lua = "[Lua]",
            })[entry.source.name]
            return vim_item
        end
      '';
    };
    experimental = {
      native_menu = false; # Use cmp menu instead of Vim menu
      ghost_text = true; # Show preview auto-completion
    };
  };
  lua = ''
    -- Load snippets
    -- Check status: :lua require("luasnip").log.open()
    require("luasnip.loaders.from_vscode").lazy_load()
    require("luasnip.loaders.from_vscode").lazy_load({ paths = { "${
      builtins.toString pkgs.vscode-terraform-snippets
    }" } })
    -- Use buffer source for `/`
    require('cmp').setup.cmdline("/", {
        sources = {
            { name = "buffer", keyword_length = 5 },
        },
    })
    -- Use cmdline & path source for ':'
    require('cmp').setup.cmdline(":", {
        sources = require('cmp').config.sources({
            { name = "path" },
        }, {
            { name = "cmdline" },
        }),
    })
  '';
 }
--- a/modules/common/neovim/config/gitsigns.lua
+++ b/modules/common/neovim/config/gitsigns.lua
@ -0,0 +1,35 @@
 vim.keymap.set("", "<Space>", "<Nop>", { silent = true })
 vim.g.mapleader = " "
 vim.g.maplocalleader = " "
 local gitsigns = require("gitsigns")
 vim.keymap.set("n", "<Leader>gB", gitsigns.blame_line)
 vim.keymap.set("n", "<Leader>gp", gitsigns.preview_hunk)
 vim.keymap.set("v", "<Leader>gp", gitsigns.preview_hunk)
 vim.keymap.set("n", "<Leader>gd", gitsigns.diffthis)
 vim.keymap.set("v", "<Leader>gd", gitsigns.diffthis)
 vim.keymap.set("n", "<Leader>rgf", gitsigns.reset_buffer)
 vim.keymap.set("v", "<Leader>hs", gitsigns.stage_hunk)
 vim.keymap.set("n", "<Leader>hr", gitsigns.reset_hunk)
 vim.keymap.set("v", "<Leader>hr", gitsigns.reset_hunk)
 -- Navigation
 vim.keymap.set("n", "]g", function()
    if vim.wo.diff then
        return "]g"
    end
    vim.schedule(function()
        gitsigns.next_hunk()
    end)
    return "<Ignore>"
 end, { expr = true })
 vim.keymap.set("n", "[g", function()
    if vim.wo.diff then
        return "[g"
    end
    vim.schedule(function()
        gitsigns.prev_hunk()
    end)
    return "<Ignore>"
 end, { expr = true })
--- a/modules/common/neovim/config/gitsigns.nix
+++ b/modules/common/neovim/config/gitsigns.nix
@ -0,0 +1,5 @@
 { pkgs, ... }: {
  plugins = [ pkgs.vimPlugins.gitsigns-nvim ];
  setup.gitsigns = { };
  lua = builtins.readFile ./gitsigns.lua;
 }
--- a/Show More
+++ b/Show More
		`@ -1,4 +0,0 @@`
			`#!/usr/local/bin/nu`

			`ls \| sort-by size \| reverse \| keep 10`
		`@ -1,3 +0,0 @@`
			`#!/usr/local/bin/nu`

			`ls */ \| where type == File \| sort-by size \| reverse \| keep 10`
		`@ -1,3 +0,0 @@`
			`#!/usr/local/bin/nu`

			`ls \| sort-by modified \| reverse \| keep 5`
		`@ -1,3 +0,0 @@`
			`#!/usr/local/bin/nu`

			`ls \| sort-by modified \| keep 5`
		`@ -1,3 +0,0 @@`
			`#!/usr/local/bin/nu`

			`ls -al \| where type == Symlink \| select name target`