Add attic

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

.gitignore

@@ -0,0 +1,7 @@
+# ---> Nix
+# Ignore build outputs from performing a nix-build or `nix build` command
+result
+result-*
+
+# Ignore automatically generated direnv output
+.direnv

.gitlab-ci.yml

@@ -1,27 +0,0 @@
-stages:
-  - build
-  - test
-
-variables:
-  GIT_SUBMODULE_STRATEGY: recursive
-
-cache: &global_cache
-  key:
-    files:
-      - flake.lock
-      - flake.nix
-  paths:
-    - /nix/store
-  policy: pull-push
-
-build:
-  image: nixos/nix
-  stage: build
-  timeout: 48h
-  cache:
-    <<: *global_cache
-  script:
-    - nix --experimental-features 'nix-command flakes' flake check --show-trace
-
-include:
-  - template: Jobs/Secret-Detection.gitlab-ci.yml

.gitmodules

@@ -1,8 +1,9 @@
-[submodule "submodules/nixpkgs"]
-	path = submodules/nixpkgs
-	url = git@github.com:karaolidis/nixpkgs.git
-	branch = integration
-[submodule "submodules/home-manager"]
-	path = submodules/home-manager
-	url = git@github.com:karaolidis/home-manager.git
-	branch = integration
+[submodule "secrets"]
+	path = submodules/secrets
+	url = git@karaolidis.com:karaolidis/nix-secrets.git
+[submodule "sas"]
+	path = submodules/sas
+	url = git@karaolidis.com:karaolidis/nix-sas.git
+[submodule "lib"]
+	path = submodules/lib
+	url = git@karaolidis.com:karaolidis/nix-lib.git

.vscode/settings.json

@@ -1,3 +0,0 @@
-{
-  "sops.defaults.ageKeyFile": "./secrets/personal/key.txt"
-}

README.md

@@ -7,7 +7,6 @@ NixOS dotfiles and configuration for various hosts and users.
 - [`flake.lock`](./flake.lock) and [`flake.nix`](./flake.nix): Core Nix flake files defining the repository's dependencies and entry points.
 
 - [`hosts/`](./hosts): All host-specific configurations.
-
   - [`common/`](./hosts/common): Shared configuration definitions.
     - [`shells/`](./hosts/common/shells): Nix dev shells.
     - [`configs/`](./hosts/common/configs): System configurations applicable to all hosts.
@@ -17,19 +16,16 @@ NixOS dotfiles and configuration for various hosts and users.
         - [`gui/`](./hosts/common/configs/user/gui): GUI-related settings.
   - `<name>/`: Individual host configurations.
 
+- [`overlays/`](./overlays/): Custom patches.
+
 - [`packages/`](./packages/): Custom packages.
 
-- `secrets/<namespace>/`: Global secrets for individual namespaces that apply across all hosts.
-
-- [`lib/`](./lib): Nix library function definitions and utilities.
-
-  - [`scripts/`](./lib/scripts): Utility scripts for managing the repository.
-    - [`add-host.sh`](./lib/scripts/add-host.sh): Instantiate the keys for a new host configuration.
-    - [`remove-host.sh`](./lib/scripts/remove-host.sh): Remove references to a host.
-    - [`update-keys.sh`](./lib/scripts/update-keys.sh): Update the encryption keys in all relevant files using `sops.yaml` configurations.
-    - [`update.sh`](./lib/scripts/update.sh): Update flake and all git submodules.
-
-- [`submodules/`](./submodules): Flake forks used in the repository, such as [`nixpkgs`](https://github.com/NixOS/nixpkgs) and [`home-manager`](https://github.com/nix-community/home-manager).
+- [`scripts/`](./scripts): Utility scripts for managing the repository.
+  - [`add-host.sh`](./scripts/add-host.sh): Instantiate the keys for a new host configuration.
+  - [`remove-host.sh`](./scripts/remove-host.sh): Remove references to a host.
+  - [`update-keys.sh`](./scripts/update-keys.sh): Update the encryption keys in all relevant files using `sops.yaml` configurations.
+  - [`update.sh`](./scripts/update.sh): Update flake and all packages.
+  - [`cache.sh`](./scripts/cache.sh): Build all `nixosConfiguration`s and push them to `attic`.
 
 Any `options.nix` files create custom option definitions when present.
 

flake.lock

@@ -10,16 +10,15 @@
         ]
       },
       "locked": {
-        "lastModified": 1744557573,
-        "narHash": "sha256-XAyj0iDuI51BytJ1PwN53uLpzTDdznPDQFG4RwihlTQ=",
+        "lastModified": 1756487002,
+        "narHash": "sha256-hN9RfNXy53qAkT68T+IYZpl68uE1uPOVMkw0MqC43KA=",
         "owner": "aylur",
         "repo": "ags",
-        "rev": "3ed9737bdbc8fc7a7c7ceef2165c9109f336bff6",
+        "rev": "8ff792dba6cc82eed10e760f551075564dd0a407",
         "type": "github"
       },
       "original": {
         "owner": "aylur",
-        "ref": "main",
         "repo": "ags",
         "type": "github"
       }
@@ -31,20 +30,34 @@
         ]
       },
       "locked": {
-        "lastModified": 1749559749,
-        "narHash": "sha256-TM95tg1G7S6rVBBoMwurXMz8Il4xlnuZ2TI4h6lfZzg=",
+        "lastModified": 1756474652,
+        "narHash": "sha256-iiBU6itpEqE0spXeNJ3uJTfioSyKYjt5bNepykpDXTE=",
         "owner": "aylur",
         "repo": "astal",
-        "rev": "dd8a4662f2f17fb4326a7bd0fb2d054f5d477ba3",
+        "rev": "20bd8318e4136fbd3d4eb2d64dbabc3acbc915dd",
         "type": "github"
       },
       "original": {
         "owner": "aylur",
-        "ref": "main",
         "repo": "astal",
         "type": "github"
       }
     },
+    "crane": {
+      "locked": {
+        "lastModified": 1754269165,
+        "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=",
+        "owner": "ipetkov",
+        "repo": "crane",
+        "rev": "444e81206df3f7d92780680e45858e31d2f07a08",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ipetkov",
+        "repo": "crane",
+        "type": "github"
+      }
+    },
     "disko": {
       "inputs": {
         "nixpkgs": [
@@ -52,33 +65,67 @@
         ]
       },
       "locked": {
-        "lastModified": 1749436314,
-        "narHash": "sha256-CqmqU5FRg5AadtIkxwu8ulDSOSoIisUMZRLlcED3Q5w=",
+        "lastModified": 1746728054,
+        "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "dfa4d1b9c39c0342ef133795127a3af14598017a",
+        "rev": "ff442f5d1425feb86344c028298548024f21256d",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "master",
+        "ref": "latest",
         "repo": "disko",
         "type": "github"
       }
     },
+    "flake-compat": {
+      "locked": {
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "revCount": 69,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+      }
+    },
+    "flake-input-patcher": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": [
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1751871600,
+        "narHash": "sha256-I4/2ekJrbRMhOpKfzgnlrN45nQj9YQmZnoSeAaRa1SU=",
+        "owner": "jfly",
+        "repo": "flake-input-patcher",
+        "rev": "4ff068126d49829b106280738944bde91951d59d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "jfly",
+        "repo": "flake-input-patcher",
+        "type": "github"
+      }
+    },
     "flake-parts": {
       "inputs": {
-        "nixpkgs-lib": [
-          "nur",
-          "nixpkgs"
-        ]
+        "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1733312601,
-        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "lastModified": 1754487366,
+        "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
         "type": "github"
       },
       "original": {
@@ -103,11 +150,32 @@
       },
       "original": {
         "owner": "numtide",
-        "ref": "main",
         "repo": "flake-utils",
         "type": "github"
       }
     },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "lanzaboote",
+          "pre-commit-hooks-nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1709087332,
+        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -115,39 +183,50 @@
         ]
       },
       "locked": {
-        "lastModified": 1749678254,
-        "narHash": "sha256-6I+qez0MnHu9M2spLj3LsGA/cUGgfx17/hMPvmrUMoU=",
-        "owner": "karaolidis",
+        "lastModified": 1756579987,
+        "narHash": "sha256-duCce8zGsaMsrqqOmLOsuaV1PVIw/vXWnKuLKZClsGg=",
+        "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e248f54290b483a47c7550f69faecb8ed97e4831",
+        "rev": "99a69bdf8a3c6bf038c4121e9c4b6e99706a187a",
         "type": "github"
       },
       "original": {
-        "owner": "karaolidis",
-        "ref": "integration",
+        "owner": "nix-community",
         "repo": "home-manager",
         "type": "github"
       }
     },
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1749678247,
-        "narHash": "sha256-K83Q3c/o5CdMB3Npk3P1kCIz6FcUuJV8E4k6z1YN8AQ=",
-        "owner": "karaolidis",
-        "repo": "nixpkgs",
-        "rev": "4d408c92fe165ab68f012a3fa36d4c58d84e83bd",
-        "type": "github"
-      },
-      "original": {
-        "owner": "karaolidis",
-        "ref": "integration",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nur": {
+    "lanzaboote": {
+      "inputs": {
+        "crane": "crane",
+        "flake-compat": [
+          "flake-compat"
+        ],
+        "flake-parts": [
+          "flake-parts"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "pre-commit-hooks-nix": "pre-commit-hooks-nix",
+        "rust-overlay": "rust-overlay"
+      },
+      "locked": {
+        "lastModified": 1754297745,
+        "narHash": "sha256-aD6/scLN3L4ZszmNbhhd3JQ9Pzv1ScYFphz14wHinfs=",
+        "owner": "nix-community",
+        "repo": "lanzaboote",
+        "rev": "892cbdca865d6b42f9c0d222fe309f7720259855",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "lanzaboote",
+        "type": "github"
+      }
+    },
+    "lib": {
       "inputs": {
-        "flake-parts": "flake-parts",
         "nixpkgs": [
           "nixpkgs"
         ],
@@ -156,32 +235,202 @@
         ]
       },
       "locked": {
-        "lastModified": 1749675110,
-        "narHash": "sha256-NkDE/JyeQJmLtpXjyFZK2wKs5K7isap7MBIzoYMC9nk=",
+        "lastModified": 1755506074,
+        "narHash": "sha256-SztuKbAPppW5grMJLSGO5rBCXEWCOfhb39cPDONEUfo=",
+        "ref": "refs/heads/main",
+        "rev": "ac85b6f608ed88d424621ec30f3848d621383487",
+        "revCount": 6,
+        "type": "git",
+        "url": "https://git.karaolidis.com/karaolidis/nix-lib.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.karaolidis.com/karaolidis/nix-lib.git"
+      }
+    },
+    "mnw": {
+      "locked": {
+        "lastModified": 1748710831,
+        "narHash": "sha256-eZu2yH3Y2eA9DD3naKWy/sTxYS5rPK2hO7vj8tvUCSU=",
+        "owner": "Gerg-L",
+        "repo": "mnw",
+        "rev": "cff958a4e050f8d917a6ff3a5624bc4681c6187d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Gerg-L",
+        "repo": "mnw",
+        "type": "github"
+      }
+    },
+    "nixos-wsl": {
+      "inputs": {
+        "flake-compat": [
+          "flake-compat"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1755774185,
+        "narHash": "sha256-XjKqiTA19mkoBkja0VOy90qp2gC1f2fGgsLb9m1lg5Q=",
+        "owner": "karaolidis",
+        "repo": "NixOS-WSL",
+        "rev": "b1f426697f62006b99fac0cc25a106626c78f874",
+        "type": "github"
+      },
+      "original": {
+        "owner": "karaolidis",
+        "ref": "extra-files",
+        "repo": "NixOS-WSL",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1756542300,
+        "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-lib": {
+      "locked": {
+        "lastModified": 1753579242,
+        "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=",
         "owner": "nix-community",
-        "repo": "NUR",
-        "rev": "0e8328c18d801a253ed5dfd17bd78254d9669d06",
+        "repo": "nixpkgs.lib",
+        "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "main",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nur": {
+      "inputs": {
+        "flake-parts": [
+          "flake-parts"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1756630008,
+        "narHash": "sha256-weZiVKbiWQzTifm6qCxzhxghEu5mbh9mWNUdkzOLCR0=",
+        "owner": "nix-community",
         "repo": "NUR",
+        "rev": "f6a5a7b60dd6065e78ef06390767e689ffa3c23f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "NUR",
+        "type": "github"
+      }
+    },
+    "nvf": {
+      "inputs": {
+        "flake-compat": [
+          "flake-compat"
+        ],
+        "flake-parts": [
+          "flake-parts"
+        ],
+        "mnw": "mnw",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": [
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1755463179,
+        "narHash": "sha256-5Ggb1Mhf7ZlRgGi2puCa2PvWs6KbMnWBlW6KW7Vf79Y=",
+        "owner": "NotAShelf",
+        "repo": "nvf",
+        "rev": "03833118267ad32226b014b360692bdce9d6e082",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NotAShelf",
+        "repo": "nvf",
+        "type": "github"
+      }
+    },
+    "nvidia-patch": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "utils": [
+          "flake-utils"
+        ]
+      },
+      "locked": {
+        "lastModified": 1756052001,
+        "narHash": "sha256-dlLqyHxqiFAoIwshKe9X3PzXcJ+up88Qb2JVQswFaNE=",
+        "owner": "icewind1991",
+        "repo": "nvidia-patch-nixos",
+        "rev": "780af7357d942fad2ddd9f325615a5f6ea7e37ee",
+        "type": "github"
+      },
+      "original": {
+        "owner": "icewind1991",
+        "repo": "nvidia-patch-nixos",
+        "type": "github"
+      }
+    },
+    "pre-commit-hooks-nix": {
+      "inputs": {
+        "flake-compat": [
+          "lanzaboote",
+          "flake-compat"
+        ],
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "lanzaboote",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1750779888,
+        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
         "type": "github"
       }
     },
     "quadlet-nix": {
       "locked": {
-        "lastModified": 1749099346,
-        "narHash": "sha256-5gi/YaLVsFztGvVH45eB6jsBmZf+HnvDeSA9RXUqbcY=",
+        "lastModified": 1754008153,
+        "narHash": "sha256-MYT1mDtSkiVg343agxgBFsnuNU3xS8vRy399JXX1Vw0=",
         "owner": "SEIAROTg",
         "repo": "quadlet-nix",
-        "rev": "d4119a3423f938427252ba8bbdbe8ce040751864",
+        "rev": "1b2d27d460d8c7e4da5ba44ede463b427160b5c4",
         "type": "github"
       },
       "original": {
         "owner": "SEIAROTg",
-        "ref": "main",
         "repo": "quadlet-nix",
         "type": "github"
       }
@@ -191,17 +440,90 @@
         "ags": "ags",
         "astal": "astal",
         "disko": "disko",
+        "flake-compat": "flake-compat",
+        "flake-input-patcher": "flake-input-patcher",
+        "flake-parts": "flake-parts",
         "flake-utils": "flake-utils",
         "home-manager": "home-manager",
+        "lanzaboote": "lanzaboote",
+        "lib": "lib",
+        "nixos-wsl": "nixos-wsl",
         "nixpkgs": "nixpkgs",
         "nur": "nur",
+        "nvf": "nvf",
+        "nvidia-patch": "nvidia-patch",
         "quadlet-nix": "quadlet-nix",
+        "sas": "sas",
+        "secrets": "secrets",
         "sops-nix": "sops-nix",
         "spicetify-nix": "spicetify-nix",
         "systems": "systems",
         "treefmt-nix": "treefmt-nix"
       }
     },
+    "rust-overlay": {
+      "inputs": {
+        "nixpkgs": [
+          "lanzaboote",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1754189623,
+        "narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "sas": {
+      "inputs": {
+        "lib": [
+          "lib"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "treefmt-nix": [
+          "treefmt-nix"
+        ]
+      },
+      "locked": {
+        "lastModified": 1755532656,
+        "narHash": "sha256-xYb5dJej3emyr4oWWAhkMP8rPc3kdVOXGZcIbAx1Y/I=",
+        "ref": "refs/heads/main",
+        "rev": "b01f3f8456903cb1bde9637cc23b456b47354138",
+        "revCount": 11,
+        "type": "git",
+        "url": "ssh://git@karaolidis.com/karaolidis/nix-sas.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "ssh://git@karaolidis.com/karaolidis/nix-sas.git"
+      }
+    },
+    "secrets": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1756900832,
+        "narHash": "sha256-sMne4dvYzcdbDVcMPY6NLVHiZbgjtDrxttKG0Vig8WQ=",
+        "ref": "refs/heads/main",
+        "rev": "adac63f6daffb4e14ce0fb94e93eb987e2460064",
+        "revCount": 38,
+        "type": "git",
+        "url": "ssh://git@karaolidis.com/karaolidis/nix-secrets.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "ssh://git@karaolidis.com/karaolidis/nix-secrets.git"
+      }
+    },
     "sops-nix": {
       "inputs": {
         "nixpkgs": [
@@ -209,16 +531,15 @@
         ]
       },
       "locked": {
-        "lastModified": 1749592509,
-        "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=",
+        "lastModified": 1754988908,
+        "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "50754dfaa0e24e313c626900d44ef431f3210138",
+        "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
         "type": "github"
       },
       "original": {
         "owner": "Mic92",
-        "ref": "master",
         "repo": "sops-nix",
         "type": "github"
       }
@@ -233,16 +554,15 @@
         ]
       },
       "locked": {
-        "lastModified": 1749357231,
-        "narHash": "sha256-AbrPgGFVYR45TlYLHYTppayG0xzOG9XXhi+1j3Klbw8=",
+        "lastModified": 1756614537,
+        "narHash": "sha256-qyszmZO9CEKAlj5NBQo1AIIADm5Fgqs5ZggW1sU1TVo=",
         "owner": "Gerg-L",
         "repo": "spicetify-nix",
-        "rev": "03783416f7416715c52166d4e8ba0492a7149397",
+        "rev": "374eb5d97092b97f7aaafd58a2012943b388c0df",
         "type": "github"
       },
       "original": {
         "owner": "Gerg-L",
-        "ref": "master",
         "repo": "spicetify-nix",
         "type": "github"
       }
@@ -258,7 +578,6 @@
       },
       "original": {
         "owner": "nix-systems",
-        "ref": "main",
         "repo": "default",
         "type": "github"
       }
@@ -270,16 +589,15 @@
         ]
       },
       "locked": {
-        "lastModified": 1749194973,
-        "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=",
+        "lastModified": 1755934250,
+        "narHash": "sha256-CsDojnMgYsfshQw3t4zjRUkmMmUdZGthl16bXVWgRYU=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5",
+        "rev": "74e1a52d5bd9430312f8d1b8b0354c92c17453e5",
         "type": "github"
       },
       "original": {
         "owner": "numtide",
-        "ref": "main",
         "repo": "treefmt-nix",
         "type": "github"
       }

flake.nix

@@ -1,113 +1,118 @@
 {
   inputs = {
-    nixpkgs = {
-      # --- Official
-      # type = "github";
-      # owner = "NixOS";
-      # repo = "nixpkgs";
-      # ref = "master";
-      # --- Fork
-      type = "github";
-      owner = "karaolidis";
-      repo = "nixpkgs";
-      ref = "integration";
-      # --- Local
-      # url = "git+file:./submodules/nixpkgs";
-    };
+    # Configuration
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
 
     home-manager = {
-      # --- Official
-      # type = "github";
-      # owner = "nix-community"
-      # repo = "home-manager";
-      # --- Fork
-      type = "github";
-      owner = "karaolidis";
-      repo = "home-manager";
-      ref = "integration";
-      # --- Local
-      # url = "git+file:./submodules/home-manager";
-
+      url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    disko = {
-      type = "github";
-      owner = "nix-community";
-      repo = "disko";
-      ref = "master";
-
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    sops-nix = {
-      type = "github";
-      owner = "Mic92";
-      repo = "sops-nix";
-      ref = "master";
-
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
-    systems = {
-      type = "github";
-      owner = "nix-systems";
-      repo = "default";
-      ref = "main";
-    };
-
+    # Packages
     nur = {
-      type = "github";
-      owner = "nix-community";
-      repo = "NUR";
-      ref = "main";
+      url = "github:nix-community/NUR";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        flake-parts.follows = "flake-parts";
+      };
+    };
 
+    # DevOps
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    treefmt-nix = {
+      url = "github:numtide/treefmt-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    flake-input-patcher = {
+      url = "github:jfly/flake-input-patcher";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        systems.follows = "systems";
+      };
+    };
+
+    # Personal
+    lib = {
+      # FIXME: https://github.com/NixOS/nix/issues/12281
+      url = "git+https://git.karaolidis.com/karaolidis/nix-lib.git";
       inputs = {
         nixpkgs.follows = "nixpkgs";
         treefmt-nix.follows = "treefmt-nix";
       };
     };
 
-    flake-utils = {
-      type = "github";
-      owner = "numtide";
-      repo = "flake-utils";
-      ref = "main";
-
-      inputs.systems.follows = "systems";
+    sas = {
+      # FIXME: https://github.com/NixOS/nix/issues/12281
+      url = "git+ssh://git@karaolidis.com/karaolidis/nix-sas.git";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        lib.follows = "lib";
+        treefmt-nix.follows = "treefmt-nix";
+      };
     };
 
-    treefmt-nix = {
-      type = "github";
-      owner = "numtide";
-      repo = "treefmt-nix";
-      ref = "main";
+    secrets = {
+      # FIXME: https://github.com/NixOS/nix/issues/12281
+      url = "git+ssh://git@karaolidis.com/karaolidis/nix-secrets.git";
+      flake = false;
+    };
 
+    # Hardware
+    disko = {
+      url = "github:nix-community/disko/latest";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    quadlet-nix = {
-      type = "github";
-      owner = "SEIAROTg";
-      repo = "quadlet-nix";
-      ref = "main";
+    lanzaboote = {
+      url = "github:nix-community/lanzaboote";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        flake-compat.follows = "flake-compat";
+        flake-parts.follows = "flake-parts";
+      };
+    };
+
+    nixos-wsl = {
+      url = "github:karaolidis/NixOS-WSL/extra-files";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        flake-compat.follows = "flake-compat";
+      };
+    };
+
+    # Applications
+    nvf = {
+      url = "github:NotAShelf/nvf";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        flake-compat.follows = "flake-compat";
+        flake-parts.follows = "flake-parts";
+        systems.follows = "systems";
+      };
+    };
+
+    quadlet-nix.url = "github:SEIAROTg/quadlet-nix";
+
+    nvidia-patch = {
+      url = "github:icewind1991/nvidia-patch-nixos";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        utils.follows = "flake-utils";
+      };
     };
 
     astal = {
-      type = "github";
-      owner = "aylur";
-      repo = "astal";
-      ref = "main";
-
+      url = "github:aylur/astal";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
     ags = {
-      type = "github";
-      owner = "aylur";
-      repo = "ags";
-      ref = "main";
-
+      url = "github:aylur/ags";
       inputs = {
         nixpkgs.follows = "nixpkgs";
         astal.follows = "astal";
@@ -115,70 +120,76 @@
     };
 
     spicetify-nix = {
-      type = "github";
-      owner = "Gerg-L";
-      repo = "spicetify-nix";
-      ref = "master";
-
+      url = "github:Gerg-L/spicetify-nix";
       inputs = {
         nixpkgs.follows = "nixpkgs";
         systems.follows = "systems";
       };
     };
+
+    # Transitive Dependencies
+    systems.url = "github:nix-systems/default";
+
+    flake-parts.url = "github:hercules-ci/flake-parts";
+
+    flake-utils = {
+      url = "github:numtide/flake-utils";
+      inputs.systems.follows = "systems";
+    };
+
+    flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz";
   };
 
   outputs =
-    { self, nixpkgs, ... }@inputs:
+    unpatchedInputs:
+    let
+      patchInputs =
+        system:
+        let
+          patcher = unpatchedInputs.flake-input-patcher.lib.${system};
+          patches = import ./patches.nix { inherit patcher; };
+        in
+        if patches != { } then patcher.patch unpatchedInputs patches else unpatchedInputs;
+
+      mkNixosConfiguration =
+        inputs: system: modules:
+        inputs.nixpkgs.lib.nixosSystem {
+          inherit system modules;
+          specialArgs = { inherit inputs system; };
+        };
+    in
     {
-      nixosConfigurations = {
-        installer = nixpkgs.lib.nixosSystem rec {
-          system = "x86_64-linux";
-          modules = [ ./hosts/installer ];
-          specialArgs = { inherit inputs system; };
-        };
-
-        himalia = nixpkgs.lib.nixosSystem rec {
-          system = "x86_64-linux";
-          modules = [ ./hosts/himalia ];
-          specialArgs = { inherit inputs system; };
-        };
-
-        elara = nixpkgs.lib.nixosSystem rec {
-          system = "x86_64-linux";
-          modules = [ ./hosts/elara ];
-          specialArgs = { inherit inputs system; };
-        };
-
-        jupiter = nixpkgs.lib.nixosSystem rec {
-          system = "x86_64-linux";
-          modules = [ ./hosts/jupiter ];
-          specialArgs = { inherit inputs system; };
-        };
-
-        jupiter-vps = nixpkgs.lib.nixosSystem rec {
-          system = "x86_64-linux";
-          modules = [ ./hosts/jupiter-vps ];
-          specialArgs = { inherit inputs system; };
-        };
-      };
+      overlays.default = import ./overlays;
     }
-    // inputs.flake-utils.lib.eachSystem [ "x86_64-linux" ] (
-      system:
+    // (
       let
-        pkgs = import nixpkgs {
+        system = "x86_64-linux";
+        inputs = patchInputs system;
+
+        pkgs = import inputs.nixpkgs {
           inherit system;
           config.allowUnfree = true;
+          overlays = [
+            inputs.lib.overlays.default
+            inputs.self.overlays.default
+          ];
         };
 
         treefmt = inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
       in
       {
-        devShells = import ./hosts/common/shells { inherit pkgs; };
-        lib = import ./lib { inherit pkgs; };
-        packages = import ./packages { inherit pkgs inputs system; };
+        nixosConfigurations = {
+          installer = mkNixosConfiguration inputs system [ ./hosts/installer ];
+          himalia = mkNixosConfiguration inputs system [ ./hosts/himalia ];
+          elara = mkNixosConfiguration inputs system [ ./hosts/elara ];
+          jupiter = mkNixosConfiguration inputs system [ ./hosts/jupiter ];
+          jupiter-vps = mkNixosConfiguration inputs system [ ./hosts/jupiter-vps ];
+        };
 
-        formatter = treefmt.config.build.wrapper;
-        checks.formatting = treefmt.config.build.check self;
+        devShells.${system} = import ./hosts/common/shells { inherit pkgs; };
+        packages.${system} = import ./packages { inherit pkgs; };
+        formatter.${system} = treefmt.config.build.wrapper;
+        checks.${system}.formatting = treefmt.config.build.check inputs.self;
       }
     );
 }

hosts/common/configs/system/cloudflared/default.nix

@@ -1,5 +0,0 @@
-{ ... }:
-{
-  # https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-local-tunnel/
-  services.cloudflared.enable = true;
-}

hosts/common/configs/system/dnsmasq/default.nix

@@ -1,22 +0,0 @@
-{ lib, pkgs, ... }:
-{
-  networking.networkmanager.dns = "dnsmasq";
-
-  environment.etc."NetworkManager/dnsmasq.d/10-bind-interfaces.conf".source =
-    (pkgs.formats.keyValue {
-      mkKeyValue =
-        name: value:
-        if value == true then
-          name
-        else if value == false then
-          ""
-        else
-          lib.generators.mkKeyValueDefault { } "=" name value;
-      listsAsDuplicateKeys = true;
-    }).generate
-      "10-bind-interfaces.conf"
-      {
-        bind-interfaces = true;
-        listen-address = [ "127.0.0.1" ];
-      };
-}

hosts/common/configs/system/fail2ban/default.nix

@@ -0,0 +1,14 @@
+{ ... }:
+{
+  environment.persistence."/persist/state"."/var/lib/fail2ban" = { };
+
+  services.fail2ban = {
+    enable = true;
+    bantime = "24h";
+    bantime-increment = {
+      enable = true;
+      maxtime = "720h";
+      overalljails = true;
+    };
+  };
+}

hosts/common/configs/system/gpg-agent/default.nix

@@ -1,4 +0,0 @@
-{ ... }:
-{
-  programs.gnupg.agent.enable = true;
-}

hosts/common/configs/system/impermanence/options.nix

@@ -233,11 +233,11 @@ in
           unitConfig.ConditionPathExists = [ (lib.strings.escape [ " " ] c.source) ];
           what = c.source;
           where = c.target;
-          options = lib.strings.concatStringsSep "," ([
+          options = lib.strings.concatStringsSep "," [
             "bind"
             "X-fstrim.notrim"
             "x-gvfs-hide"
-          ]);
+          ];
         }) all;
 
         services = builtins.listToAttrs (

hosts/common/configs/system/lanzaboote/default.nix

@@ -0,0 +1,22 @@
+{
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
+
+  environment = {
+    persistence."/persist/state"."/var/lib/sbctl" = { };
+
+    systemPackages = with pkgs; [ sbctl ];
+  };
+
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/var/lib/sbctl";
+  };
+}

hosts/common/configs/system/libvirt/default.nix

@@ -1,9 +1,4 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
+{ config, pkgs, ... }:
 {
   virtualisation = {
     libvirtd = {

hosts/common/configs/system/nix-install/install.completion.zsh

@@ -4,6 +4,7 @@ _nix-install_completion() {
     '-m[Mode: 'install' or 'repair']:mode:(install repair)'
     '-h[Host to configure]:host:($(_list_hosts))'
     '-k[Key file to copy to user config]:key:($(_list_keys))'
+    '-s[Enroll secure boot keys on current device]'
     '-c[Copy configuration to target]'
     '-r[Reboot after completion]'
   )
@@ -17,8 +18,8 @@ _nix-install_completion() {
 
   _list_keys() {
     local flake="$(realpath ${words[2]})"
-    if [[ -d "$flake/secrets" ]]; then
-      find "$flake/secrets" -type f -name 'key.txt' | sed -E 's|^.*/secrets/([^/]+)/key.txt$|\1|' | sort -u
+    if [[ -d "$flake/submodules/secrets/domains" ]]; then
+      find "$flake/submodules/secrets/domains" -type f -name 'key.txt' | sed -E 's|^.*/submodules/secrets/domains/([^/]+)/key.txt$|\1|' | sort -u
     fi
   }
 

hosts/common/configs/system/nix-install/install.sh

@@ -1,13 +1,14 @@
 # shellcheck shell=bash
 
 usage() {
-  echo "Usage: $0 flake -m install|repair -h host [-k key] [-p password_file] [-c] [-r]"
+  echo "Usage: $0 flake -m install|repair -h host [-k key] [-p password_file] [-s] [-c] [-r]"
   echo
   echo "Options:"
   echo "  flake               Directory containing the flake.nix file."
   echo "  -m mode             Mode: 'install' or 'repair'."
   echo "  -h host             Host to configure."
   echo "  -k key              Key file to copy to user config."
+  echo "  -s                  Enroll secure boot keys on current device."
   echo "  -c                  Copy configuration to target."
   echo "  -r                  Reboot after completion."
   exit 1
@@ -35,23 +36,24 @@ check_flake() {
 }
 
 check_host() {
-  if ! nix flake show --quiet --json "$flake" 2>/dev/null | jq -e ".nixosConfigurations[\"$host\"]" &>/dev/null; then
+  if ! nix flake show --allow-import-from-derivation --quiet --json "$flake" 2>/dev/null | jq -e ".nixosConfigurations[\"$host\"]" &>/dev/null; then
     echo "Host '$host' not found in flake."
     exit 1
   fi
 }
 
 check_key() {
-  if [[ -n "$key" ]] && [[ ! -f "$flake/secrets/$key/key.txt" ]]; then
+  if [[ -n "$key" ]] && [[ ! -f "$flake/submodules/secrets/domains/$key/key.txt" ]]; then
     echo "Key '$key' not found."
     exit 1
   fi
 }
 
 set_password_file() {
-  SOPS_AGE_KEY_FILE="$flake/secrets/$key/key.txt"
+  SOPS_AGE_KEY_FILE="$flake/submodules/secrets/domains/$key/key.txt"
   export SOPS_AGE_KEY_FILE
-  sops --decrypt --extract "['luks']" "$flake/hosts/$host/secrets/secrets.yaml" > /tmp/keyfile
+  install -m 600 /dev/null /tmp/keyfile
+  sops --decrypt --extract "['luks']" "$flake/submodules/secrets/hosts/$host/secrets.yaml" > /tmp/keyfile
   unset SOPS_AGE_KEY_FILE
 }
 
@@ -62,9 +64,9 @@ prepare_disk() {
   disko -m "$disko_mode" --yes-wipe-all-disks --root-mountpoint "$root" "$flake/hosts/$host/format.nix"
 }
 
-copy_keys() {
+copy_sops_keys() {
   mkdir -p "$root/persist/state/etc/ssh"
-  cp -f "$flake/hosts/$host/secrets/ssh_host_ed25519_key" "$root/persist/state/etc/ssh/ssh_host_ed25519_key"
+  cp -f "$flake/submodules/secrets/hosts/$host/ssh_host_ed25519_key" "$root/persist/state/etc/ssh/ssh_host_ed25519_key"
 
   for path in "$flake/hosts/$host/users"/*; do
     if [[ -z "$key" ]]; then
@@ -75,7 +77,7 @@ copy_keys() {
     user=$(basename "$path")
 
     mkdir -p "$root/persist/state/home/$user/.config/sops-nix"
-    cp -f "$flake/secrets/$key/key.txt" "$root/persist/state/home/$user/.config/sops-nix/key.txt"
+    cp -f "$flake/submodules/secrets/domains/$key/key.txt" "$root/persist/state/home/$user/.config/sops-nix/key.txt"
 
     owner=$(cat "$flake/hosts/$host/users/$user/uid")
     group=100
@@ -87,26 +89,46 @@ copy_keys() {
   done
 }
 
-install() {
+copy_secure_boot_keys() {
+  mkdir -p "$root/persist/state/var/lib/sbctl/keys"/{db,KEK,PK}
+
+  SOPS_AGE_KEY_FILE="$flake/submodules/secrets/domains/$key/key.txt"
+  export SOPS_AGE_KEY_FILE
+
+  sops --decrypt --extract "['guid']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/GUID"
+  sops --decrypt --extract "['keys']['kek']['key']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.key"
+  sops --decrypt --extract "['keys']['kek']['pem']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.pem"
+  sops --decrypt --extract "['keys']['pk']['key']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.key"
+  sops --decrypt --extract "['keys']['pk']['pem']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.pem"
+  sops --decrypt --extract "['keys']['db']['key']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.key"
+  sops --decrypt --extract "['keys']['db']['pem']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.pem"
+
+  chmod 400 "$root/persist/state/var/lib/sbctl/keys"/*/*
+
+  unset SOPS_AGE_KEY_FILE
+
+  mkdir -p "$root/var/lib/sbctl"
+  mount --bind -o X-fstrim.notrim,x-gvfs-hide "$root/persist/state/var/lib/sbctl" "$root/var/lib/sbctl"
+}
+
+install_nixos() {
   nixos-install --root "$root" --flake "$flake#$host" --no-root-passwd
 }
 
+enroll_secure_boot() {
+  sbctl enroll-keys --microsoft
+}
+
 copy_config() {
   echo "Copying configuration..."
-  mkdir -p "$root/persist/user/etc/nixos"
+  mkdir -p "$root/persist/user/etc"
   rm -rf "$root/persist/user/etc/nixos"
   cp -r "$flake" "$root/persist/user/etc/nixos"
 }
 
-finish() {
-  echo "Rebooting system..."
-  trap - EXIT
-  cleanup
-  reboot
-}
-
 cleanup() {
   rm -f /tmp/keyfile
+  if [[ -d "$root" ]]; then umount "$root/var/lib/sbctl"; fi
   if [[ -n "$host" ]]; then disko -m "unmount" "$flake/hosts/$host/format.nix"; fi
   if [[ -d "$root" ]]; then rmdir "$root"; fi
 }
@@ -124,14 +146,16 @@ main() {
   mode=""
   host=""
   key=""
+  enroll_secure_boot_flag="false"
   copy_config_flag="false"
   reboot_flag="false"
 
-  while getopts "m:h:k:cr" opt; do
+  while getopts "m:h:k:scr" opt; do
     case "$opt" in
       m) mode="$OPTARG" ;;
       h) host="$OPTARG" ;;
       k) key="$OPTARG" ;;
+      s) enroll_secure_boot_flag="true" ;;
       c) copy_config_flag="true" ;;
       r) reboot_flag="true" ;;
       *) usage ;;
@@ -153,10 +177,17 @@ main() {
       ;;
   esac
 
-  copy_keys
-  install
+  copy_sops_keys
+  copy_secure_boot_keys
+
+  install_nixos
+
+  [[ "$enroll_secure_boot_flag" == "true" ]] && enroll_secure_boot
   [[ "$copy_config_flag" == "true" ]] && copy_config
-  [[ "$reboot_flag" == "true" ]] && finish
+
+  cleanup
+
+  [[ "$reboot_flag" == "true" ]] && reboot
 }
 
 main "$@"

hosts/common/configs/system/nix-update/default.nix

@@ -1,12 +1,4 @@
 { pkgs, ... }:
 {
-  nixpkgs.overlays = [
-    (final: prev: {
-      nix-update = prev.nix-update.overrideAttrs (oldAttrs: {
-        patches = oldAttrs.patches or [ ] ++ [ ./source-attribute.patch ];
-      });
-    })
-  ];
-
   environment.systemPackages = with pkgs; [ nix-update ];
 }

hosts/common/configs/system/nix-update/source-attribute.patch

@@ -1,127 +0,0 @@
-diff --git a/nix_update/__init__.py b/nix_update/__init__.py
-index 89bbe45..93f9322 100644
---- a/nix_update/__init__.py
-+++ b/nix_update/__init__.py
-@@ -124,6 +124,12 @@ def parse_args(args: list[str]) -> Options:
-         default=[],
-     )
- 
-+    parser.add_argument(
-+        "--src-attr",
-+        help="Src attribute",
-+        default="src",
-+    )
-+
-     a = parser.parse_args(args)
-     extra_flags = ["--extra-experimental-features", "flakes nix-command"]
-     if a.system:
-@@ -146,6 +152,7 @@ def parse_args(args: list[str]) -> Options:
-         version=a.version,
-         version_preference=VersionPreference.from_str(a.version),
-         attribute=a.attribute,
-+        source_attribute=a.src_attr,
-         test=a.test,
-         version_regex=a.version_regex,
-         review=a.review,
-diff --git a/nix_update/eval.py b/nix_update/eval.py
-index 1767056..f85ea69 100644
---- a/nix_update/eval.py
-+++ b/nix_update/eval.py
-@@ -105,12 +105,19 @@ class Package:
- def eval_expression(
-     escaped_import_path: str,
-     attr: str,
-+    source_attr: str,
-     flake: bool,
-     system: str | None,
-     override_filename: str | None,
- ) -> str:
-     system = f'"{system}"' if system else "builtins.currentSystem"
- 
-+    source_attrs = source_attr.rpartition(".")
-+    source_attr_last = source_attrs[-1] or source_attr
-+    source_attr_all_but_last = (
-+        f".{source_attrs[0]}" if source_attr_last != source_attr else ""
-+    )
-+
-     if flake:
-         sanitize_position = (
-             f"""
-@@ -164,8 +171,8 @@ let
-     raw_version_position
-   else if pkg ? isPhpExtension then
-     raw_version_position
--  else if (builtins.unsafeGetAttrPos "src" pkg) != null then
--    sanitizePosition (builtins.unsafeGetAttrPos "src" pkg)
-+  else if (builtins.unsafeGetAttrPos "{source_attr_last}" pkg) != null then
-+    sanitizePosition (builtins.unsafeGetAttrPos "{source_attr_last}" pkg{source_attr_all_but_last})
-   else
-     sanitizePosition (positionFromMeta pkg);
- in {{
-@@ -174,11 +181,11 @@ in {{
-   inherit raw_version_position;
-   filename = position.file;
-   line = position.line;
--  urls = pkg.src.urls or null;
--  url = pkg.src.url or null;
--  rev = pkg.src.rev or null;
--  tag = pkg.src.tag or null;
--  hash = pkg.src.outputHash or null;
-+  urls = pkg.{source_attr}.urls or null;
-+  url = pkg.{source_attr}.url or null;
-+  rev = pkg.{source_attr}.rev or null;
-+  tag = pkg.{source_attr}.tag or null;
-+  hash = pkg.{source_attr}.outputHash or null;
-   go_modules = pkg.goModules.outputHash or null;
-   go_modules_old = pkg.go-modules.outputHash or null;
-   cargo_deps = pkg.cargoDeps.outputHash or null;
-@@ -205,7 +212,7 @@ in {{
-   mix_deps = pkg.mixFodDeps.outputHash or null;
-   tests = builtins.attrNames (pkg.passthru.tests or {{}});
-   has_update_script = {has_update_script};
--  src_homepage = pkg.src.meta.homepage or null;
-+  src_homepage = pkg.{source_attr}.meta.homepage or null;
-   changelog = pkg.meta.changelog or null;
-   maintainers = pkg.meta.maintainers or null;
- }}"""
-@@ -215,6 +222,7 @@ def eval_attr(opts: Options) -> Package:
-     expr = eval_expression(
-         opts.escaped_import_path,
-         opts.escaped_attribute,
-+        opts.source_attribute,
-         opts.flake,
-         opts.system,
-         opts.override_filename,
-diff --git a/nix_update/options.py b/nix_update/options.py
-index 2d07b77..ab5c305 100644
---- a/nix_update/options.py
-+++ b/nix_update/options.py
-@@ -8,6 +8,7 @@ from .version.version import VersionPreference
- @dataclass
- class Options:
-     attribute: str
-+    source_attribute: str = "src"
-     flake: bool = False
-     version: str = "stable"
-     version_preference: VersionPreference = VersionPreference.STABLE
-@@ -33,4 +34,7 @@ class Options:
- 
-     def __post_init__(self) -> None:
-         self.escaped_attribute = ".".join(map(json.dumps, self.attribute.split(".")))
-+        self.escaped_source_attribute = ".".join(
-+            map(json.dumps, self.source_attribute.split("."))
-+        )
-         self.escaped_import_path = json.dumps(self.import_path)
-diff --git a/nix_update/update.py b/nix_update/update.py
-index 82b7bc5..464bf3d 100644
---- a/nix_update/update.py
-+++ b/nix_update/update.py
-@@ -155,7 +155,7 @@ def git_prefetch(x: tuple[str, tuple[str, str]]) -> tuple[str, str]:
- 
- 
- def update_src_hash(opts: Options, filename: str, current_hash: str) -> None:
--    target_hash = nix_prefetch(opts, "src")
-+    target_hash = nix_prefetch(opts, opts.source_attribute)
-     replace_hash(filename, current_hash, target_hash)
- 
- 

hosts/common/configs/system/nix/default.nix

@@ -1,29 +1,54 @@
-{ config, inputs, ... }:
+{
+  config,
+  inputs,
+  lib,
+  ...
+}:
 {
   sops = {
     secrets = {
-      "git/credentials/github.com/public/username".sopsFile =
-        ../../../../../secrets/personal/secrets.yaml;
-      "git/credentials/github.com/public/password".sopsFile =
-        ../../../../../secrets/personal/secrets.yaml;
+      "git/credentials/github.com/tokens/public".sopsFile =
+        "${inputs.secrets}/domains/personal/secrets.yaml";
+
+      "nix/cache/nix.karaolidis.com".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
     };
 
-    templates.nix-access-tokens = {
-      content = ''
-        access-tokens = github.com=${config.sops.placeholder."git/credentials/github.com/public/password"}
-      '';
-      group = "users";
+    templates = {
+      nix-access-tokens = {
+        content = ''
+          access-tokens = github.com=${config.sops.placeholder."git/credentials/github.com/tokens/public"}
+        '';
+        group = "users";
+        mode = "0440";
+      };
+
+      nix-netrc = {
+        content = ''
+          machine nix.karaolidis.com
+          password ${config.sops.placeholder."nix/cache/nix.karaolidis.com"}
+        '';
+        group = "users";
+        mode = "0440";
+      };
     };
   };
 
   nix = {
     settings = {
+      trusted-users = [
+        "root"
+        "@wheel"
+      ];
       use-xdg-base-directories = true;
       experimental-features = [
         "nix-command"
         "flakes"
       ];
       download-buffer-size = 524288000;
+      substituters = lib.mkBefore [ "https://nix.karaolidis.com/main" ];
+      trusted-substituters = lib.mkBefore [ "https://nix.karaolidis.com/main" ];
+      trusted-public-keys = lib.mkBefore [ "main:nJVRBnv73MDkwuV5sgm52m4E2ImOhWHvY12qzjPegAk=" ];
+      netrc-file = config.sops.templates.nix-netrc.path;
     };
 
     channel.enable = false;

hosts/common/configs/system/nixpkgs/default.nix

@@ -1,7 +1,5 @@
-{ inputs, system, ... }:
+{ system, ... }:
 {
-  imports = [ inputs.nur.modules.nixos.default ];
-
   nixpkgs = {
     hostPlatform = system;
     config.allowUnfree = true;

hosts/common/configs/system/podman/default.nix

@@ -10,7 +10,10 @@
       storage.settings.storage.driver = "btrfs";
     };
 
-    quadlet.autoEscape = true;
+    quadlet = {
+      enable = true;
+      autoEscape = true;
+    };
   };
 
   environment = {

hosts/common/configs/system/smartmontools/default.nix

@@ -4,4 +4,9 @@
     smartmontools
     nvme-cli
   ];
+
+  services.smartd = {
+    enable = true;
+    defaults.autodetected = "-a -o on -n idle,10 -s (S/../.././02|L/../../7/04)";
+  };
 }

hosts/common/configs/system/sops/default.nix

@@ -18,7 +18,7 @@
   };
 
   sops = {
-    defaultSopsFile = ../../../../. + "/${config.networking.hostName}/secrets/secrets.yaml";
+    defaultSopsFile = "${inputs.secrets}/hosts/${config.networking.hostName}/secrets.yaml";
 
     age = {
       generateKey = true;

hosts/common/configs/system/ssh-agent/default.nix

@@ -1,4 +0,0 @@
-{ ... }:
-{
-  programs.ssh.startAgent = true;
-}

hosts/common/configs/system/ssh/default.nix

@@ -1,22 +1,22 @@
-{ ... }:
+{ inputs, ... }:
 {
   programs.ssh.knownHosts = {
-    installer.publicKeyFile = ../../../../installer/secrets/ssh_host_ed25519_key.pub;
-    elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub;
-    himalia.publicKeyFile = ../../../../himalia/secrets/ssh_host_ed25519_key.pub;
+    installer.publicKeyFile = "${inputs.secrets}/hosts/installer/ssh_host_ed25519_key.pub";
+    elara.publicKeyFile = "${inputs.secrets}/hosts/elara/ssh_host_ed25519_key.pub";
+    himalia.publicKeyFile = "${inputs.secrets}/hosts/himalia/ssh_host_ed25519_key.pub";
 
     jupiter = {
-      publicKeyFile = ../../../../jupiter/secrets/ssh_host_ed25519_key.pub;
+      publicKeyFile = "${inputs.secrets}/hosts/jupiter/ssh_host_ed25519_key.pub";
       extraHostNames = [ "karaolidis.com" ];
     };
 
     jupiter-sish = {
-      publicKeyFile = ../../../../jupiter/users/storm/configs/console/podman/sish/ssh_host_ed25519_key.pub;
-      extraHostNames = [ "karaolidis.com" ];
+      publicKeyFile = "${inputs.secrets}/hosts/jupiter/ssh_sish_ed25519_key.pub";
+      extraHostNames = [ "tunnel.karaolidis.com" ];
     };
 
     jupiter-vps = {
-      publicKeyFile = ../../../../jupiter-vps/secrets/ssh_host_ed25519_key.pub;
+      publicKeyFile = "${inputs.secrets}/hosts/jupiter-vps/ssh_host_ed25519_key.pub";
       extraHostNames = [ "vps.karaolidis.com" ];
     };
   };

hosts/common/configs/system/sshd/default.nix

@@ -1,27 +1,12 @@
-{ ... }:
+{ pkgs, ... }:
 {
-  environment = {
-    enableAllTerminfo = true;
-    persistence."/persist/state"."/var/lib/fail2ban" = { };
-  };
+  environment.systemPackages = with pkgs; [ kitty.terminfo ];
 
-  services = {
-    openssh = {
-      enable = true;
-      settings = {
-        PasswordAuthentication = false;
-        PrintMotd = false;
-      };
-    };
-
-    fail2ban = {
-      enable = true;
-      bantime = "24h";
-      bantime-increment = {
-        enable = true;
-        maxtime = "720h";
-        overalljails = true;
-      };
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      PrintMotd = false;
     };
   };
 }

hosts/common/configs/system/tmux/default.nix

@@ -1,10 +0,0 @@
-{ ... }:
-{
-  programs.tmux = {
-    enable = true;
-    clock24 = true;
-    historyLimit = 10000;
-    keyMode = "vi";
-    newSession = true;
-  };
-}

hosts/common/configs/user/console/android/default.nix

@@ -1,17 +1,6 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { config, pkgs, ... }:
 {
-  nixpkgs.overlays = [
-    (final: prev: {
-      android-tools = prev.android-tools.overrideAttrs (oldAttrs: {
-        patches = oldAttrs.patches or [ ] ++ [ ./env-var-user-home.patch ];
-      });
-    })
-  ];
-
   programs.adb.enable = true;
   services.gvfs.enable = true;
 

hosts/common/configs/user/console/attic/default.nix

@@ -0,0 +1,33 @@
+{ user, home }:
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
+let
+  hmConfig = config.home-manager.users.${user};
+in
+{
+  home-manager.users.${user} = {
+    sops = {
+      secrets."nix/cache/nix.karaolidis.com".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
+
+      templates."attic" = {
+        content = builtins.readFile (
+          (pkgs.formats.toml { }).generate "config.toml" {
+            default-server = "main";
+
+            servers."main" = {
+              endpoint = "https://nix.karaolidis.com/";
+              token = hmConfig.sops.placeholder."nix/cache/nix.karaolidis.com";
+            };
+          }
+        );
+        path = "${home}/.config/attic/config.toml";
+      };
+    };
+
+    home.packages = with pkgs; [ attic-client ];
+  };
+}

hosts/common/configs/user/console/brightnessctl/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { lib, pkgs, ... }:
 {
   users.users.${user}.extraGroups = [

hosts/common/configs/user/console/btop/default.nix

@@ -1,20 +1,34 @@
+{ user, home }:
+{ lib, pkgs, ... }:
 {
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
-{ ... }:
-{
-  home-manager.users.${user}.programs.btop = {
-    enable = true;
-    settings = {
-      theme_background = false;
-      presets = "";
-      vim_keys = true;
-      shown_boxes = "cpu mem net proc gpu0 gpu1";
-      update_ms = 1000;
-      proc_tree = true;
-      cpu_single_graph = true;
-      disks_filter = "/ /nix /persist";
+  home-manager.users.${user} = {
+    programs.btop = {
+      enable = true;
+      settings = {
+        color_theme = "matugen";
+        theme_background = false;
+        presets = "";
+        vim_keys = true;
+        shown_boxes = "cpu mem net proc gpu0 gpu1";
+        update_ms = 1000;
+        proc_tree = true;
+        cpu_single_graph = true;
+        disks_filter = "/ /nix /persist";
+      };
+    };
+
+    theme = {
+      template.".config/btop/themes/matugen.theme".source = ./theme.theme;
+
+      reloadExtraConfig = "${
+        lib.meta.getExe (
+          pkgs.writeShellApplication {
+            name = "reload-btop";
+            runtimeInputs = with pkgs; [ procps ];
+            text = "exec pkill btop -SIGUSR2";
+          }
+        )
+      } &";
     };
   };
 }

hosts/common/configs/user/console/dive/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 {
   config,
   lib,

hosts/common/configs/user/console/fastfetch/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { ... }:
 {
   home-manager.users.${user}.programs.fastfetch.enable = true;

hosts/common/configs/user/console/ffmpeg/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { pkgs, ... }:
 {
   home-manager.users.${user}.home.packages = with pkgs; [

hosts/common/configs/user/console/git/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 {
   config,
   lib,
@@ -44,5 +41,41 @@ in
         );
       };
     };
+
+    home = {
+      packages = with pkgs; [
+        (pkgs.writeShellApplication {
+          name = "gh";
+          runtimeInputs = with pkgs; [ gh ];
+          text = builtins.readFile ./gh.sh;
+        })
+        (pkgs.writeShellApplication {
+          name = "glab";
+          runtimeInputs = with pkgs; [ glab ];
+          text = builtins.readFile ./glab.sh;
+        })
+        (pkgs.writeShellApplication {
+          name = "tea";
+          runtimeInputs = with pkgs; [ tea ];
+          text = builtins.readFile ./tea.sh;
+        })
+      ];
+
+      sessionVariables = {
+        GITEA_HOST = "git.karaolidis.com";
+        GITEA_SSH_HOST = "karaolidis.com";
+      };
+    };
+
+    xdg.configFile = {
+      "gh/config.yml".source = (pkgs.formats.yaml { }).generate "config.yml" {
+        version = 1;
+        git_protocol = "ssh";
+      };
+
+      "glab-cli/config.yml".source = (pkgs.formats.yaml { }).generate "config.yml" {
+        git_protocol = "ssh";
+      };
+    };
   };
 }

hosts/common/configs/user/console/git/gh.sh

@@ -0,0 +1,8 @@
+# shellcheck shell=bash
+
+GH_HOST="${GH_HOST:-github.com}"
+
+GH_TOKEN=$(sed -n "s#https://[^:]*:\([^@]*\)@${GH_HOST}#\1#p" "$HOME/.config/git/credentials")
+export GH_TOKEN
+
+exec gh "$@"

hosts/common/configs/user/console/git/glab.sh

@@ -0,0 +1,8 @@
+# shellcheck shell=bash
+
+GITLAB_HOST="${GITLAB_HOST:-gitlab.com}"
+
+GITLAB_TOKEN=$(sed -n "s#https://[^:]*:\([^@]*\)@${GITLAB_HOST}#\1#p" "$HOME/.config/git/credentials")
+export GITLAB_TOKEN
+
+exec glab "$@"

hosts/common/configs/user/console/git/tea.sh

@@ -0,0 +1,13 @@
+# shellcheck shell=bash
+
+GITEA_HOST="${GITEA_HOST:-gitea.com}"
+GITEA_SSH_HOST="${GITEA_SSH_HOST:-gitea.com}"
+
+GITEA_TOKEN=$(sed -n "s#https://[^:]*:\([^@]*\)@${GITEA_HOST}#\1#p" "$HOME/.config/git/credentials")
+GITEA_INSTANCE_URL="https://${GITEA_HOST}"
+GITEA_INSTANCE_SSH_HOST="$GITEA_SSH_HOST"
+export GITEA_TOKEN
+export GITEA_INSTANCE_URL
+export GITEA_INSTANCE_SSH_HOST
+
+exec tea "$@"

hosts/common/configs/user/console/gpg-agent/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 {
   config,
   lib,
@@ -23,6 +20,10 @@
       enable = true;
       defaultCacheTtl = 31536000;
       maxCacheTtl = 31536000;
+      pinentry = {
+        package = pkgs.pinentry-all;
+        program = "pinentry-tty";
+      };
     };
 
     systemd.user = {

hosts/common/configs/user/console/home-manager/default.nix

@@ -1,8 +1,10 @@
+{ user, home }:
 {
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
+  config,
+  inputs,
+  lib,
+  ...
 }:
-{ config, inputs, ... }:
 {
   imports = [ inputs.home-manager.nixosModules.default ];
 
@@ -18,10 +20,18 @@
       home.stateVersion = "24.11";
       systemd.user.startServices = true;
 
-      nix.settings.experimental-features = [
-        "nix-command"
-        "flakes"
-      ];
+      nix.settings = {
+        use-xdg-base-directories = true;
+        experimental-features = [
+          "nix-command"
+          "flakes"
+        ];
+        download-buffer-size = 524288000;
+        substituters = lib.mkBefore [ "https://nix.karaolidis.com/main" ];
+        trusted-substituters = lib.mkBefore [ "https://nix.karaolidis.com/main" ];
+        trusted-public-keys = lib.mkBefore [ "main:nJVRBnv73MDkwuV5sgm52m4E2ImOhWHvY12qzjPegAk=" ];
+        netrc-file = config.sops.templates.nix-netrc.path;
+      };
     };
   };
 }

hosts/common/configs/user/console/imagemagick/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { pkgs, ... }:
 {
   home-manager.users.${user}.home.packages = with pkgs; [ imagemagick ];

hosts/common/configs/user/console/ip/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { pkgs, ... }:
 {
   home-manager.users.${user}.home.packages = with pkgs; [

hosts/common/configs/user/console/jq/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { ... }:
 {
   home-manager.users.${user}.programs.jq.enable = true;

hosts/common/configs/user/console/kubernetes/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 {
   config,
   lib,

hosts/common/configs/user/console/libvirt/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { pkgs, ... }:
 {
   home-manager.users.${user}.dconf.settings = {

hosts/common/configs/user/console/lsof/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { pkgs, ... }:
 {
   home-manager.users.${user}.home.packages = with pkgs; [ lsof ];

hosts/common/configs/user/console/mprocs/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { pkgs, ... }:
 {
   home-manager.users.${user}.home.packages = with pkgs; [ mprocs ];

hosts/common/configs/user/console/ncdu/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { pkgs, ... }:
 {
   home-manager.users.${user} = {

hosts/common/configs/user/console/ncspot/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { lib, pkgs, ... }:
 {
   environment.persistence = {

hosts/common/configs/user/console/ncspot/theme.toml

@@ -3,6 +3,9 @@ volnorm = true
 default_keybindings = true
 library_tabs = [ "albums", "artists", "playlists", "browse" ]
 
+[keybindings]
+"Esc" = "back"
+
 [theme]
 background = "{{colors.surface.default.hex}}"
 primary = "{{colors.on_surface.default.hex}}"

hosts/common/configs/user/console/neovim/default.nix

@@ -1,25 +1,299 @@
+{ user, home }:
 {
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
+  inputs,
+  lib,
+  pkgs,
+  ...
 }:
-{ ... }:
 {
-  home-manager.users.${user}.programs = {
-    neovim = {
-      enable = true;
-      defaultEditor = true;
-      viAlias = true;
-      vimAlias = true;
-      vimdiffAlias = true;
-      extraConfig = ''
-        set tabstop=2
-        set shiftwidth=2
-        set expandtab
-        set smartindent
-        set mouse=
-      '';
-    };
+  environment.persistence = {
+    "/persist/state"."${home}/.local/share/nvf" = { };
+    "/persist/cache"."${home}/.cache/nvf" = { };
+  };
 
-    zsh.p10k.extraRightPromptElements = [ "vim_shell" ];
+  home-manager.users.${user} = {
+    imports = [ inputs.nvf.homeManagerModules.default ];
+
+    programs = {
+      nvf = {
+        enable = true;
+        defaultEditor = true;
+
+        settings = {
+          vim = {
+            enableLuaLoader = true;
+
+            viAlias = true;
+            vimAlias = true;
+
+            autocomplete = {
+              blink-cmp.enable = true;
+            };
+
+            binds = {
+              # hardtime-nvim.enable = true;
+              whichKey.enable = true;
+            };
+
+            clipboard = {
+              enable = true;
+              providers.wl-copy.enable = true;
+              registers = "unnamedplus";
+            };
+
+            comments = {
+              comment-nvim.enable = true;
+            };
+
+            # dashboard = {
+            #   alpha.enable = true;
+            # };
+
+            filetree = {
+              neo-tree = {
+                enable = true;
+                setupOpts = {
+                  git_status_async = true;
+
+                  window.mappings = lib.generators.mkLuaInline ''
+                    {
+                      ["<space>"] = "noop",
+                    }
+                  '';
+                };
+              };
+            };
+
+            # formatter = {
+            #   conform-nvim.enable = true;
+            # };
+
+            git = {
+              enable = true;
+              # git-conflict.enable = true;
+              gitsigns.enable = true;
+              # neogit.enable = true;
+            };
+
+            languages = {
+              enableDAP = true;
+              enableFormat = true;
+              enableTreesitter = true;
+              enableExtraDiagnostics = true;
+
+              assembly.enable = true;
+              bash.enable = true;
+              clang.enable = true;
+              csharp.enable = true;
+              css.enable = true;
+              go.enable = true;
+              html.enable = true;
+              java.enable = true;
+              lua.enable = true;
+              markdown.enable = true;
+              nix = {
+                enable = true;
+                format.type = "nixfmt";
+                lsp.options.nil = {
+                  nix = {
+                    maxMemoryMB = null;
+                    flake = {
+                      autoArchive = true;
+                      autoEvalInputs = true;
+                    };
+                  };
+                };
+              };
+              php.enable = true;
+              python.enable = true;
+              rust.enable = true;
+              sql.enable = true;
+              svelte.enable = true;
+              ts.enable = true;
+              yaml.enable = true;
+            };
+
+            lsp = {
+              enable = true;
+              formatOnSave = true;
+              # nvim-docs-view.enable = true;
+              # otter-nvim.enable = true;
+              # trouble.enable = true;
+            };
+
+            # minimap = {
+            #   codewindow.enable = true;
+            # };
+
+            notify = {
+              nvim-notify.enable = true;
+            };
+
+            options = {
+              tabstop = 2;
+              shiftwidth = 2;
+              expandtab = true;
+              smartindent = true;
+            };
+
+            # projects = {
+            #   project-nvim.enable = true;
+            # };
+
+            searchCase = "smart";
+
+            # snippets = {
+            #   luasnip.enable = true;
+            # };
+
+            tabline = {
+              nvimBufferline = {
+                enable = true;
+                mappings.closeCurrent = "<leader>bd";
+                setupOpts.options = {
+                  indicator.style = "icon";
+                  show_close_icon = false;
+                  show_buffer_close_icons = false;
+                };
+              };
+            };
+
+            telescope = {
+              enable = true;
+              setupOpts.defaults.file_ignore_patterns = [
+                "node_modules"
+                "%.venv/"
+                "%.git/"
+                "dist/"
+                "build/"
+                "target/"
+                "result/"
+              ];
+            };
+
+            terminal = {
+              toggleterm = {
+                enable = true;
+                setupOpts.winbar.enabled = false;
+              };
+            };
+
+            treesitter = {
+              enable = true;
+              context.enable = true;
+              fold = true;
+              textobjects.enable = true;
+            };
+
+            ui = {
+              # breadcrumbs = {
+              #   enable = true;
+              #   navbuddy.enable = true;
+              # };
+              colorizer.enable = true;
+              # fastaction.enable = true;
+              # illuminate.enable = true;
+            };
+
+            undoFile.enable = true;
+
+            utility = {
+              # diffview-nvim.enable = true;
+              # icon-picker.enable = true;
+              # images = {
+              #   img-clip.enable = true;
+              # };
+              # mkdir.enable = true;
+              motion = {
+                precognition.enable = true;
+              };
+              # nvim-biscuits.enable = true;
+              # smart-splits.enable = true;
+              surround.enable = true;
+              # undotree.enable = true;
+              # yazi-nvim.enable = true;
+            };
+
+            visuals = {
+              # cinnamon-nvim.enable = true;
+              # fidget-nvim.enable = true;
+              # highlight-undo.enable = true;
+              indent-blankline.enable = true;
+              nvim-cursorline.enable = true;
+              # nvim-scrollbar.enable = true;
+              nvim-web-devicons.enable = true;
+            };
+
+            keymaps = [
+              {
+                mode = [ "n" ];
+                key = "<C-b>";
+                action = "<C-b>zz";
+                silent = true;
+                noremap = true;
+                desc = "Page up and center";
+              }
+              {
+                mode = [ "n" ];
+                key = "<C-u>";
+                action = "<C-u>zz";
+                silent = true;
+                noremap = true;
+                desc = "Half-page up and center";
+              }
+              {
+                mode = [ "n" ];
+                key = "<C-d>";
+                action = "<C-d>zz";
+                silent = true;
+                noremap = true;
+                desc = "Half-page down and center";
+              }
+              {
+                mode = [ "n" ];
+                key = "<C-f>";
+                action = "<C-f>zz";
+                silent = true;
+                noremap = true;
+                desc = "Page down and center";
+              }
+              {
+                mode = [ "n" ];
+                key = "<leader>ww";
+                action = "<cmd>w<CR>";
+                silent = true;
+                desc = "Save";
+              }
+              {
+                mode = [ "n" ];
+                key = "<leader>wq";
+                action = "<cmd>wq<CR>";
+                silent = true;
+                desc = "Save & Quit";
+              }
+              {
+                mode = [ "n" ];
+                key = "<leader>ee";
+                action = "<cmd>Neotree toggle<CR>";
+                silent = true;
+                desc = "Toggle Neo-tree";
+              }
+              {
+                mode = [ "n" ];
+                key = "<leader>ef";
+                action = "<cmd>Neotree reveal<CR>";
+                silent = true;
+                desc = "Reveal file in Neo-tree";
+              }
+            ];
+          };
+        };
+      };
+
+      zsh = {
+        p10k.extraRightPromptElements = [ "vim_shell" ];
+        shellAliases.v = "nvim";
+      };
+    };
   };
 }

hosts/common/configs/user/console/nix-cleanup/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { ... }:
 {
   home-manager.users.${user}.programs.zsh.shellAliases.ncl = "sudo nix-cleanup";

hosts/common/configs/user/console/nix-develop/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 {
   lib,
   inputs,

hosts/common/configs/user/console/nix-develop/template.nix

@@ -1,42 +1,31 @@
 {
   inputs = {
-    nixpkgs = {
-      type = "github";
-      owner = "karaolidis";
-      repo = "nixpkgs";
-      ref = "integration";
-    };
-
-    flake-utils = {
-      type = "github";
-      owner = "numtide";
-      repo = "flake-utils";
-      ref = "main";
-    };
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
 
     treefmt-nix = {
-      type = "github";
-      owner = "numtide";
-      repo = "treefmt-nix";
-      ref = "main";
-
+      url = "github:numtide/treefmt-nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
 
   outputs =
-    { self, nixpkgs, ... }@inputs:
-    inputs.flake-utils.lib.eachDefaultSystem (
-      system:
+    inputs:
+    (
       let
-        pkgs = nixpkgs.legacyPackages.${system};
+        system = "x86_64-linux";
+
+        pkgs = import inputs.nixpkgs {
+          inherit system;
+          config.allowUnfree = true;
+        };
+
         treefmt = inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
       in
       {
-        devShells.default = pkgs.mkShell { packages = with pkgs; [ ]; };
+        devShells.${system}.default = pkgs.mkShell { packages = with pkgs; [ ]; };
 
-        formatter = treefmt.config.build.wrapper;
-        checks.formatting = treefmt.config.build.check self;
+        formatter.${system} = treefmt.config.build.wrapper;
+        checks.formatting.${system} = treefmt.config.build.check inputs.self;
       }
     );
 }

hosts/common/configs/user/console/nix-develop/treefmt.nix

@@ -9,9 +9,5 @@
     };
   };
 
-  settings = {
-    global = {
-      excludes = [ ".envrc" ];
-    };
-  };
+  settings.global.excludes = [ ".envrc" ];
 }

hosts/common/configs/user/console/nix-direnv/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 {
   lib,
   pkgs,

hosts/common/configs/user/console/nix/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { pkgs, ... }:
 {
   environment.persistence."/persist/cache"."${home}/.cache/nix" = { };

hosts/common/configs/user/console/ouch/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { pkgs, ... }:
 {
   home-manager.users.${user}.home.packages = with pkgs; [ ouch ];

hosts/common/configs/user/console/pipewire/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { config, pkgs, ... }:
 {
   environment.persistence."/persist/state"."${home}/.local/state/wireplumber" = { };

hosts/common/configs/user/console/podman/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 {
   lib,
   pkgs,
@@ -19,7 +16,10 @@
       settings.storage.storage.driver = "btrfs";
     };
 
-    virtualisation.quadlet.autoEscape = true;
+    virtualisation.quadlet = {
+      enable = true;
+      autoEscape = true;
+    };
 
     home = {
       packages = with pkgs; [

hosts/common/configs/user/console/sops/default.nix

@@ -1,17 +1,20 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { config, inputs, ... }:
 {
   environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt" = { };
 
-  home-manager.users.${user} = {
-    imports = [ inputs.sops-nix.homeManagerModules.sops ];
+  home-manager.users.${user} =
+    let
+      sopsKeyFile =
+        if config.environment.impermanence.enable then
+          config.environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt".source
+        else
+          "${home}/.config/sops-nix/key.txt";
+    in
+    {
+      imports = [ inputs.sops-nix.homeManagerModules.sops ];
 
-    sops.age.keyFile =
-      config.environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt".source;
-    home.sessionVariables.SOPS_AGE_KEY_FILE =
-      config.environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt".source;
-  };
+      sops.age.keyFile = sopsKeyFile;
+      home.sessionVariables.SOPS_AGE_KEY_FILE = sopsKeyFile;
+    };
 }

hosts/common/configs/user/console/ssh-agent/default.nix

@@ -1,11 +1,8 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { ... }:
 {
   home-manager.users.${user} = {
     services.ssh-agent.enable = true;
-    programs.ssh.addKeysToAgent = "yes";
+    programs.ssh.matchBlocks."*".addKeysToAgent = "yes";
   };
 }

hosts/common/configs/user/console/ssh/default.nix

@@ -1,8 +1,9 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { ... }:
 {
-  home-manager.users.${user}.programs.ssh.enable = true;
+  home-manager.users.${user}.programs.ssh = {
+    enable = true;
+    enableDefaultConfig = false;
+    matchBlocks."*".identitiesOnly = true;
+  };
 }

hosts/common/configs/user/console/syncthing/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { config, utils, ... }:
 {
   networking.firewall = {
@@ -17,11 +14,13 @@
     "syncthing/key" = {
       owner = user;
       group = "users";
+      mode = "0440";
     };
     # openssl req -new -x509 -key key.pem -out cert.pem -days 9999 -subj "/CN=syncthing"
     "syncthing/cert" = {
       owner = user;
       group = "users";
+      mode = "0440";
     };
   };
 

hosts/common/configs/user/console/tmux/default.nix

@@ -1,8 +0,0 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
-{ ... }:
-{
-  home-manager.users.${user}.programs.tmux.enable = true;
-}

hosts/common/configs/user/console/tree/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { pkgs, ... }:
 {
   home-manager.users.${user}.home.packages = with pkgs; [ tree ];

hosts/common/configs/user/console/wget/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { pkgs, ... }:
 {
   home-manager.users.${user}.home.packages = with pkgs; [ wget ];

hosts/common/configs/user/console/xdg/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { config, pkgs, ... }:
 {
   environment.persistence."/persist/user" = {

hosts/common/configs/user/console/yazi/default.nix

@@ -1,18 +1,12 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 {
   config,
   lib,
   pkgs,
-  inputs,
-  system,
   ...
 }:
 let
   hmConfig = config.home-manager.users.${user};
-  selfPkgs = inputs.self.packages.${system};
 in
 {
   home-manager.users.${user} = {
@@ -27,19 +21,18 @@ in
           };
 
           opener = {
-            edit =
-              [
-                {
-                  run = "${hmConfig.programs.neovim.finalPackage}/bin/nvim \"$@\"";
-                  desc = "nvim";
-                  block = true;
-                }
-              ]
-              ++ lib.lists.optional hmConfig.programs.vscode.enable {
-                run = "${hmConfig.programs.vscode.package}/bin/code \"$@\"";
-                desc = "code";
-                orphan = true;
-              };
+            edit = [
+              {
+                run = "${hmConfig.programs.nvf.finalPackage}/bin/nvim \"$@\"";
+                desc = "nvim";
+                block = true;
+              }
+            ]
+            ++ lib.lists.optional hmConfig.programs.vscode.enable {
+              run = "${hmConfig.programs.vscode.package}/bin/code \"$@\"";
+              desc = "code";
+              orphan = true;
+            };
             open = [
               {
                 run = "uwsm app -- xdg-open \"$1\"";
@@ -191,9 +184,8 @@ in
             ouch
             mount
             mediainfo
+            custom-shell
             ;
-
-          custom-shell = selfPkgs.yazi-plugin-custom-shell;
         };
       };
 

hosts/common/configs/user/console/yt-dlp/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { config, ... }:
 {
   home-manager.users.${user}.programs.yt-dlp = {

hosts/common/configs/user/console/zellij/default.nix

@@ -0,0 +1,26 @@
+{ user, home }:
+{ ... }:
+{
+  home-manager.users.${user} = {
+    programs.zellij = {
+      enable = true;
+
+      settings = {
+        theme = "matugen";
+
+        pane_frames = false;
+        copy_command = "wl-copy";
+
+        ui.pane_frames.hide_session_name = true;
+
+        pane_viewport_serialization = true;
+        scrollback_lines_to_serialize = 0;
+
+        show_startup_tips = false;
+        show_release_notes = false;
+      };
+    };
+
+    theme.template.".config/zellij/themes/matugen.kdl".source = ./theme.kdl;
+  };
+}

hosts/common/configs/user/console/zellij/theme.kdl

@@ -0,0 +1,128 @@
+themes {
+    matugen {
+        text_unselected {
+            base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
+            background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
+            emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
+            emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
+            emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
+            emphasis_3 {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
+        }
+        text_selected {
+            base {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+            background {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
+            emphasis_0 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+            emphasis_1 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+            emphasis_2 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+            emphasis_3 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+        }
+        ribbon_unselected {
+            base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
+            background {{colors.surface_container.default.red}} {{colors.surface_container.default.green}} {{colors.surface_container.default.blue}}
+            emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
+            emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
+            emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
+            emphasis_3 {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
+        }
+        ribbon_selected {
+            base {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+            background {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
+            emphasis_0 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+            emphasis_1 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+            emphasis_2 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+            emphasis_3 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+        }
+        table_title {
+            base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
+            background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
+            emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
+            emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
+            emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
+            emphasis_3 {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
+        }
+        table_cell_unselected {
+            base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
+            background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
+            emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
+            emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
+            emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
+            emphasis_3 {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
+        }
+        table_cell_selected {
+            base {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+            background {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
+            emphasis_0 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+            emphasis_1 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+            emphasis_2 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+            emphasis_3 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+        }
+        list_unselected {
+            base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
+            background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
+            emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
+            emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
+            emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
+            emphasis_3 {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
+        }
+        list_selected {
+            base {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+            background {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
+            emphasis_0 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+            emphasis_1 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+            emphasis_2 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+            emphasis_3 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
+        }
+        frame_unselected {
+            base {{colors.outline_variant.default.red}} {{colors.outline_variant.default.green}} {{colors.outline_variant.default.blue}}
+            background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
+            emphasis_0 0
+            emphasis_1 0
+            emphasis_2 0
+            emphasis_3 0
+        }
+        frame_selected {
+            base {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
+            background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
+            emphasis_0 0
+            emphasis_1 0
+            emphasis_2 0
+            emphasis_3 0
+        }
+        frame_highlight {
+            base {{colors.error.default.red}} {{colors.error.default.green}} {{colors.error.default.blue}}
+            background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
+            emphasis_0 0
+            emphasis_1 0
+            emphasis_2 0
+            emphasis_3 0
+        }
+        exit_code_success {
+            base {{colors.success.default.red}} {{colors.success.default.green}} {{colors.success.default.blue}}
+            background 0
+            emphasis_0 0
+            emphasis_1 0
+            emphasis_2 0
+            emphasis_3 0
+        }
+        exit_code_error {
+            base {{colors.error.default.red}} {{colors.error.default.green}} {{colors.error.default.blue}}
+            background 0
+            emphasis_0 0
+            emphasis_1 0
+            emphasis_2 0
+            emphasis_3 0
+        }
+        multiplayer_user_colors {
+            player_1 0
+            player_2 0
+            player_3 0
+            player_4 0
+            player_5 0
+            player_6 0
+            player_7 0
+            player_8 0
+            player_9 0
+            player_10 0
+        }
+    }
+}

hosts/common/configs/user/console/zoxide/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { ... }:
 {
   environment.persistence."/persist/state"."${home}/.local/share/zoxide" = { };

hosts/common/configs/user/console/zsh/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { config, pkgs, ... }:
 {
   environment = {
@@ -14,7 +11,7 @@
   home-manager.users.${user} = {
     programs.zsh = {
       enable = true;
-      dotDir = ".config/zsh";
+      dotDir = "${home}/.config/zsh";
       autocd = true;
       history = {
         path = "${home}/.local/share/zsh/history";

hosts/common/configs/user/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { ... }:
 {
   imports = [ ./options.nix ];

hosts/common/configs/user/gui/astal/config/app.ts

@@ -1,6 +1,6 @@
-import { App } from "astal/gtk3";
-import { monitorFile } from "astal/file";
-import { exec } from "astal/process";
+import app from "ags/gtk3/app";
+import { exec } from "ags/process";
+import { monitorFile } from "ags/file";
 import GLib from "gi://GLib";
 import Left from "./widget/Left";
 import Center from "./widget/Center";
@@ -12,15 +12,15 @@ const scss = `${HOME}/.config/astal/theme.sass`;
 
 monitorFile(scss, () => {
   exec(`sassc ${scss} ${css}`);
-  App.apply_css(css, true);
+  app.apply_css(css, true);
 });
 
 exec(`sassc ${scss} ${css}`);
 
-App.start({
+app.start({
   css,
   main() {
-    App.get_monitors().map((monitor) => {
+    app.get_monitors().map((monitor) => {
       Left(monitor);
       Center(monitor);
       Right(monitor);

hosts/common/configs/user/gui/astal/config/lib.ts

@@ -1,8 +1,8 @@
-import { Gdk } from "astal/gtk3";
+import { Gdk } from "ags/gtk3";
 import Hyprland from "gi://AstalHyprland";
 
 export const range = (length: number, start = 1) => {
-  return Array.from({ length }, (n, i) => i + start);
+  return Array.from({ length }, (_, i) => i + start);
 };
 
 export const getHyprlandMonitor = (gdkmonitor: Gdk.Monitor) => {

hosts/common/configs/user/gui/astal/config/package.json

@@ -1,6 +1,5 @@
 {
-  "name": "astal-shell",
   "dependencies": {
-    "astal": "~/.local/share/ags"
+    "ags": "*"
   }
 }

hosts/common/configs/user/gui/astal/config/tsconfig.json

@@ -1,12 +1,12 @@
 {
   "$schema": "https://json.schemastore.org/tsconfig",
   "compilerOptions": {
-    "experimentalDecorators": true,
-    "strict": true,
-    "target": "ES2022",
+    "jsx": "react-jsx",
+    "jsxImportSource": "ags/gtk3",
+    "lib": ["ES2023"],
     "module": "ES2022",
     "moduleResolution": "Bundler",
-    "jsx": "react-jsx",
-    "jsxImportSource": "astal/gtk3"
+    "strict": true,
+    "target": "ES2020"
   }
 }

hosts/common/configs/user/gui/astal/config/widget/Center.tsx

@@ -1,17 +1,19 @@
-import { App, Astal, Gtk, Gdk } from "astal/gtk3";
+import { Astal, Gtk, Gdk } from "ags/gtk3";
 import Date from "./components/Date";
 import Hidden from "./components/Hidden";
+import app from "ags/gtk3/app";
 
 export default (monitor: Gdk.Monitor) => (
   <window
-    className="root"
+    visible
+    class="root"
     gdkmonitor={monitor}
     exclusivity={Astal.Exclusivity.IGNORE}
     anchor={Astal.WindowAnchor.TOP}
-    application={App}
+    application={app}
   >
     <Hidden>
-      <box className="widgets" hexpand halign={Gtk.Align.CENTER}>
+      <box class="widgets" hexpand halign={Gtk.Align.CENTER}>
         <Date />
       </box>
     </Hidden>

hosts/common/configs/user/gui/astal/config/widget/Left.tsx

@@ -1,21 +1,22 @@
-import { App, Astal, Gtk, Gdk } from "astal/gtk3";
+import { Astal, Gtk, Gdk } from "ags/gtk3";
+import app from "ags/gtk3/app";
 import Launcher from "./components/Launcher";
 import Workspace from "./components/Workspaces";
 import Hidden from "./components/Hidden";
-import { getHyprlandMonitor } from "../lib";
 
 export default (monitor: Gdk.Monitor) => (
   <window
-    className="root"
+    visible
+    class="root"
     gdkmonitor={monitor}
     exclusivity={Astal.Exclusivity.IGNORE}
     anchor={Astal.WindowAnchor.TOP | Astal.WindowAnchor.LEFT}
-    application={App}
+    application={app}
   >
     <Hidden>
-      <box className="widgets" hexpand halign={Gtk.Align.START}>
+      <box class="widgets" hexpand halign={Gtk.Align.START}>
         <Launcher />
-        <Workspace monitor={getHyprlandMonitor(monitor)!} />
+        <Workspace gdkmonitor={monitor} />
       </box>
     </Hidden>
   </window>

hosts/common/configs/user/gui/astal/config/widget/Right.tsx

@@ -1,18 +1,21 @@
-import { App, Astal, Gtk, Gdk } from "astal/gtk3";
+import { Astal, Gtk } from "ags/gtk3";
+import app from "ags/gtk3/app";
+import Gdk from "gi://Gdk";
 import Systray from "./components/Tray";
 import Hidden from "./components/Hidden";
 import Battery from "./components/Battery";
 
 export default (monitor: Gdk.Monitor) => (
   <window
-    className="root"
+    visible
+    class="root"
     gdkmonitor={monitor}
     exclusivity={Astal.Exclusivity.IGNORE}
     anchor={Astal.WindowAnchor.TOP | Astal.WindowAnchor.RIGHT}
-    application={App}
+    application={app}
   >
     <Hidden>
-      <box className="widgets" hexpand halign={Gtk.Align.END}>
+      <box class="widgets" hexpand halign={Gtk.Align.END}>
         <Systray />
         <Battery />
       </box>

hosts/common/configs/user/gui/astal/config/widget/components/Battery.tsx

@@ -1,4 +1,4 @@
-import { bind, Variable } from "astal";
+import { createBinding, createComputed } from "ags";
 import AstalBattery from "gi://AstalBattery";
 
 const battery = AstalBattery.get_default();
@@ -9,19 +9,19 @@ const formatTime = (seconds: number) =>
     : "--:--";
 
 export default () => {
-  const percentage = bind(battery, "percentage").as(
+  const percentage = createBinding(battery, "percentage").as(
     (p) => Math.round(p * 100) + "%",
   );
-  const charging = bind(battery, "charging");
-  const timeToFull = bind(battery, "timeToFull");
-  const timeToEmpty = bind(battery, "timeToEmpty");
+  const charging = createBinding(battery, "charging");
+  const timeToFull = createBinding(battery, "timeToFull");
+  const timeToEmpty = createBinding(battery, "timeToEmpty");
 
-  const time = Variable.derive(
+  const time = createComputed(
     [charging, timeToFull, timeToEmpty],
     (charging, full, empty) => formatTime(charging ? full : empty),
   );
 
-  const label = Variable.derive(
+  const label = createComputed(
     [percentage, charging, time],
     (percentage, charging, time) => {
       const arrow = charging ? "▲" : "▼";
@@ -30,8 +30,8 @@ export default () => {
   );
 
   return (
-    <button className="battery">
-      <label className="label" label={bind(label)} />
+    <button class="battery">
+      <label class="label" label={label} />
     </button>
   );
 };

hosts/common/configs/user/gui/astal/config/widget/components/Date.tsx

@@ -1,21 +1,16 @@
-import { bind, Variable } from "astal";
-import { GLib } from "astal";
+import { createPoll } from "ags/time";
+import GLib from "gi://GLib?version=2.0";
 
 export default () => {
-  const time = Variable(
+  const time = createPoll(
     GLib.DateTime.new_now_local().format("%H:%M - %A, %d %B %Y")!,
-  ).poll(
     1000,
     () => GLib.DateTime.new_now_local().format("%H:%M - %A, %d %B %Y")!,
   );
 
   return (
-    <button className="date">
-      <label
-        className="label"
-        onDestroy={() => time.drop()}
-        label={bind(time)}
-      />
+    <button class="date">
+      <label class="label" label={time} />
     </button>
   );
 };

hosts/common/configs/user/gui/astal/config/widget/components/Hidden.tsx

@@ -1,5 +1,6 @@
-import { Gtk } from "astal/gtk3";
-import { Variable, bind, timeout } from "astal";
+import { createState } from "ags";
+import { Gtk } from "ags/gtk3";
+import { timeout } from "ags/time";
 
 export default function Hidden({
   child,
@@ -12,24 +13,20 @@ export default function Hidden({
   orientation?: Gtk.Orientation;
   transitionType?: Gtk.RevealerTransitionType;
 }) {
-  const show = Variable(true);
+  const [show, setShow] = createState(true);
   const contents = child ?? children;
 
   return (
-    <eventbox
-      clickThrough
-      onHover={() => show.set(true)}
-      onHoverLost={() => show.set(false)}
-    >
+    <eventbox onHover={() => setShow(true)} onHoverLost={() => setShow(false)}>
       <box orientation={orientation}>
         <revealer
-          setup={(self) => timeout(2000, () => (self.revealChild = false))}
-          revealChild={bind(show)}
+          onRealize={() => timeout(2000, () => setShow(false))}
+          revealChild={show}
           transitionType={transitionType}
         >
           {Array.isArray(contents) ? <>{contents}</> : contents}
         </revealer>
-        <box clickThrough className="trigger-guard" />
+        <box class="trigger-guard" />
       </box>
     </eventbox>
   );

hosts/common/configs/user/gui/astal/config/widget/components/Launcher.tsx

@@ -1,14 +1,14 @@
-import { execAsync } from "astal/process";
+import { execAsync } from "ags/process";
 
 export default () => (
   <button
-    className="launcher"
-    onClickRelease={() =>
+    class="launcher"
+    onClicked={() =>
       execAsync(
         'rofi -modes drun -show drun -run-command \"uwsm app -- {cmd}\"',
       )
     }
   >
-    <icon className="icon" icon="nix-snowflake-symbolic" />;
+    <icon class="icon" icon="nix-snowflake-symbolic" />;
   </button>
 );

hosts/common/configs/user/gui/astal/config/widget/components/Tray.tsx

@@ -1,28 +1,37 @@
-import { App } from "astal/gtk3";
-import { bind } from "astal";
+import { createBinding, For } from "ags";
+import app from "ags/gtk3/app";
 import Tray from "gi://AstalTray";
 
 const tray = Tray.get_default();
 
 const TrayButton = ({ item }: { item: Tray.TrayItem }) => (
   <menubutton
-    className="item"
-    tooltipMarkup={bind(item, "tooltipMarkup")}
+    class="item"
+    tooltipMarkup={createBinding(item, "tooltipMarkup")}
     usePopover={false}
-    menuModel={bind(item, "menuModel")}
-    actionGroup={bind(item, "actionGroup").as((ag) => ["dbusmenu", ag])}
+    menuModel={createBinding(item, "menuModel")}
+    onRealize={(self) => {
+      createBinding(item, "action_group").as((action_group) =>
+        self.insert_action_group("dbusmenu", action_group),
+      );
+      self.insert_action_group("dbusmenu", item.action_group);
+    }}
   >
-    <icon gicon={bind(item, "gicon")} />
+    <icon gicon={createBinding(item, "gicon")} />
   </menubutton>
 );
 
-export default () => (
-  <box className="systray">
-    {bind(tray, "items").as((items) =>
-      items.map((item) => {
-        if (item.iconThemePath) App.add_icons(item.iconThemePath);
-        return <TrayButton item={item} />;
-      }),
-    )}
-  </box>
-);
+export default () => {
+  let items = createBinding(tray, "items");
+
+  return (
+    <box class="systray">
+      <For each={items}>
+        {(item, _) => {
+          if (item.iconThemePath) app.add_icons(item.iconThemePath);
+          return <TrayButton item={item} />;
+        }}
+      </For>
+    </box>
+  );
+};

hosts/common/configs/user/gui/astal/config/widget/components/Workspaces.tsx

@@ -1,74 +1,83 @@
-import { bind, Variable } from "astal";
 import Hyprland from "gi://AstalHyprland";
-import { range } from "../../lib";
+import { getHyprlandMonitor, range } from "../../lib";
+import {
+  Accessor,
+  createBinding,
+  createComputed,
+  createState,
+  Setter,
+} from "ags";
+import { Gdk, Gtk } from "ags/gtk3";
 
 const hyprland = Hyprland.get_default();
 const BLOCK_SIZE = 10;
 
 const Workspace = ({ id }: { id: number }) => {
-  let clients: Variable<string[]>;
+  let clients: Accessor<string[]>;
+  let setClients: Setter<string[]>;
 
   try {
     const workspace = hyprland.get_workspace(id);
-    clients = Variable(workspace.clients.map((client) => client.address));
+    [clients, setClients] = createState(
+      workspace.clients.map((client) => client.address),
+    );
   } catch (_) {
-    clients = Variable([]);
+    [clients, setClients] = createState<string[]>([]);
   }
 
-  const active = Variable.derive(
-    [bind(hyprland, "focusedWorkspace")],
+  const active = createComputed(
+    [createBinding(hyprland, "focusedWorkspace")],
     (focused) => focused.id == id,
   );
 
   hyprland.connect("workspace-added", (_, workspace) => {
     if (workspace.id != id) return;
-    clients.set(workspace.clients.map((client) => client.address));
+    setClients(workspace.clients.map((client) => client.address));
   });
 
   hyprland.connect("workspace-removed", (_, workspaceId) => {
     if (workspaceId != id) return;
-    clients.set([]);
+    setClients([]);
   });
 
   hyprland.connect("client-added", (_hyprland, client) => {
     if (client.workspace.id != id) return;
-    clients.set([...clients.get(), client.address]);
+    setClients([...clients.get(), client.address]);
   });
 
-  // Explicit separate event handling instead of Variable.derive(workspaces, clients)
-  // because client-moved events appear to be broken if done that way.
   hyprland.connect("client-moved", (_hyprland, client, workspace) => {
     if (workspace.id == id) {
-      clients.set([...clients.get(), client.address]);
+      setClients([...clients.get(), client.address]);
     } else {
-      clients.set(
+      setClients(
         clients.get().filter((oldClient) => oldClient != client.address),
       );
     }
   });
 
   hyprland.connect("client-removed", (_hyprland, address) => {
-    clients.set(clients.get().filter((oldClient) => oldClient != address));
+    setClients(clients.get().filter((oldClient) => oldClient != address));
   });
 
-  const className = Variable.derive([active, clients], (active, clients) => {
+  const className = createComputed([active, clients], (active, clients) => {
     if (active) return "button active";
     if (clients.length > 0) return "button occupied";
     return "button";
   });
 
   return (
-    <box vertical>
+    <box orientation={Gtk.Orientation.VERTICAL}>
       <box vexpand />
       <eventbox onClickRelease={() => hyprland.dispatch("workspace", `${id}`)}>
-        <label className={className()} />
+        <label class={className} />
       </eventbox>
       <box vexpand />
     </box>
   );
 };
 
-export default ({ monitor }: { monitor: Hyprland.Monitor }) => {
+export default ({ gdkmonitor }: { gdkmonitor: Gdk.Monitor }) => {
+  const monitor = getHyprlandMonitor(gdkmonitor)!;
   const workspaces = hyprland.get_workspaces();
   const displayWorkspaces = workspaces.filter(
     (w) => w.monitor.id === monitor.id,
@@ -78,7 +87,7 @@ export default ({ monitor }: { monitor: Hyprland.Monitor }) => {
 
   return (
     <eventbox
-      className="workspaces"
+      class="workspaces"
       onScroll={(_, e) => {
         hyprland.dispatch("workspace", e.delta_y > 0 ? "m+1" : "m-1");
       }}

hosts/common/configs/user/gui/astal/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 {
   config,
   lib,

hosts/common/configs/user/gui/bluetooth/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 {
   config,
   lib,

hosts/common/configs/user/gui/brightnessctl/default.nix

@@ -1,20 +0,0 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
-{ lib, pkgs, ... }:
-{
-  users.users.${user}.extraGroups = [
-    "video"
-    "inputs"
-  ];
-
-  home-manager.users.${user}.wayland.windowManager.hyprland.settings.bindle =
-    let
-      brightnessctl = lib.meta.getExe pkgs.brightnessctl;
-    in
-    [
-      ", XF86MonBrightnessUp, exec, ${brightnessctl} -q s 5%+"
-      ", XF86MonBrightnessDown, exec, ${brightnessctl} -q s 5%-"
-    ];
-}

hosts/common/configs/user/gui/btop/default.nix

@@ -1,29 +0,0 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  home-manager.users.${user} = {
-    programs.btop.settings.color_theme = "matugen";
-
-    theme = {
-      template.".config/btop/themes/matugen.theme".source = ./theme.theme;
-
-      reloadExtraConfig = "${
-        lib.meta.getExe (
-          pkgs.writeShellApplication {
-            name = "reload-btop";
-            runtimeInputs = with pkgs; [ procps ];
-            text = "exec pkill btop -SIGUSR2";
-          }
-        )
-      } &";
-    };
-  };
-}

hosts/common/configs/user/gui/clipbook/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 {
   config,
   lib,

hosts/common/configs/user/gui/cliphist/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 {
   config,
   lib,

hosts/common/configs/user/gui/darktable/default.nix

@@ -1,27 +1,6 @@
+{ user, home }:
+{ pkgs, ... }:
 {
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
-{
-  config,
-  inputs,
-  pkgs,
-  system,
-  ...
-}:
-let
-  selfPkgs = inputs.self.packages.${system};
-  hmConfig = config.home-manager.users.${user};
-in
-{
-  nixpkgs.overlays = [
-    (final: prev: {
-      darktable = prev.darktable.overrideAttrs (oldAttrs: {
-        patches = oldAttrs.patches or [ ] ++ [ ./better-copy-and-import.patch ];
-      });
-    })
-  ];
-
   environment.persistence = {
     "/persist/state" = {
       "${home}/.config/darktable/data.db" = { };
@@ -31,21 +10,10 @@ in
   };
 
   home-manager.users.${user} = {
-    home = {
-      packages =
-        with pkgs;
-        with selfPkgs;
-        [
-          darktable
-          exiftool
-          darktable-ghost-cms-publish
-        ];
-
-      sessionVariables = {
-        GHOST_URL = "https://photos.karaolidis.com";
-        GHOST_ADMIN_API_KEY_PATH = hmConfig.sops.secrets."jupiter/photos.karaolidis.com/admin".path;
-      };
-    };
+    home.packages = with pkgs; [
+      darktable
+      exiftool
+    ];
 
     xdg.configFile = {
       "darktable/darktablerc".source = (pkgs.formats.keyValue { }).generate "darktablerc" {
@@ -72,19 +40,13 @@ in
 
       "darktable/luarc".text = ''
         require "tools/script_manager"
-        require "tools/publish"
       '';
 
-      "darktable/lua/lib".source = "${selfPkgs.darktable-lua-scripts}/lib";
+      "darktable/lua/lib".source = "${pkgs.darktable-lua-scripts}/lib";
       "darktable/lua/tools/script_manager.lua".source =
-        "${selfPkgs.darktable-lua-scripts}/tools/script_manager.lua";
-      "darktable/lua/tools/publish.lua".source =
-        "${selfPkgs.darktable-ghost-cms-publish}/lib/darktable-ghost-cms-publish/publish.lua";
+        "${pkgs.darktable-lua-scripts}/tools/script_manager.lua";
 
-      "darktable/luts".source = selfPkgs.darktable-hald-clut;
+      "darktable/luts".source = pkgs.darktable-hald-clut;
     };
-
-    sops.secrets."jupiter/photos.karaolidis.com/admin".sopsFile =
-      ../../../../../../secrets/personal/secrets.yaml;
   };
 }

hosts/common/configs/user/gui/discord/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { lib, pkgs, ... }:
 {
   environment.persistence."/persist/state"."${home}/.config/vesktop" = { };

hosts/common/configs/user/gui/emoji/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 {
   config,
   lib,

hosts/common/configs/user/gui/feh/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 { lib, pkgs, ... }:
 {
   home-manager.users.${user} = {

hosts/common/configs/user/gui/firefox/default.nix

@@ -1,7 +1,4 @@
-{
-  user ? throw "user argument is required",
-  home ? throw "home argument is required",
-}:
+{ user, home }:
 {
   config,
   lib,
@@ -63,6 +60,7 @@ in
               "browser.bookmarks.restore_default_bookmarks" = false;
               "browser.bookmarks.showMobileBookmarks" = true;
               "browser.download.useDownloadDir" = false;
+              "browser.newtabpage.activity-stream.feeds.system.topstories" = false;
               "browser.toolbars.bookmarks.visibility" = "never";
               "browser.sessionstore.restore_on_demand" = true;
               "browser.sessionstore.restore_pinned_tabs_on_demand" = false;
@@ -74,10 +72,10 @@ in
                     "unified-extensions-area" = [
                       "_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action"
                       "sponsorblocker_ajay_app-browser-action"
-                      "_44df5123-f715-9146-bfaa-c6e8d4461d44_-browser-action"
                       "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action"
                       "_aecec67f-0d10-4fa7-b7c7-609a2db280cf_-browser-action"
                       "languagetool-webextension_languagetool_org-browser-action"
+                      "_a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7_-browser-action"
                     ];
                     "nav-bar" = [
                       "sidebar-button"
@@ -104,7 +102,6 @@ in
                   };
                   "seen" = [
                     "wayback_machine_mozilla_org-browser-action"
-                    "_44df5123-f715-9146-bfaa-c6e8d4461d44_-browser-action"
                     "addon_darkreader_org-browser-action"
                     "ublock0_raymondhill_net-browser-action"
                     "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action"
@@ -113,6 +110,8 @@ in
                     "sponsorblocker_ajay_app-browser-action"
                     "_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action"
                     "developer-button"
+                    "_a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7_-browser-action"
+                    "screenshot-button"
                   ];
                   "dirtyAreaCache" = [
                     "unified-extensions-area"
@@ -143,7 +142,7 @@ in
           ublock-origin
           violentmonkey
           wayback-machine
-          fakespot-fake-reviews-amazon
+          user-agent-string-switcher
         ];
 
         search = {