update atuin, lazygit

there are overlays and are out of date

defaults/sway/config

@@ -13,9 +13,9 @@ set $term alacritty
 set $menu wofi --term '$term'
 
 ### Output configuration
-output DP-3 pos 3840 0 res 1920x1080@59Hz
-output HDMI-A-1 pos 0 0 res 1920x1080@59Hz
-output DP-2 pos 1920 0 res 1920x1080@60Hz
+output DP-3 pos 1920 0 res 1920x1080@60Hz
+output HDMI-A-1 pos 0 0 res 1920x1080@60Hz
+output DP-2 pos 3840 0 res 1920x1080@60Hz
 
 ### Wallpaper
 output HDMI-A-1 bg ~/.wallpaper/.wallpaper.png fill
@@ -25,22 +25,22 @@ output DP-3 bg ~/.wallpaper/.wallpaper.png fill
 ### Workspace binding
 
 ## DP-3 bindings
-workspace 1 output DP-2
-workspace 2 output DP-2
-workspace 4 output DP-2
-workspace 5 output DP-2
+workspace 1 output DP-3
+workspace 2 output DP-3
+workspace 4 output DP-3
+workspace 5 output DP-3
 
 ## HDMI-A-1 bindings
 workspace 3 output HDMI-A-1
 workspace 9 output HDMI-A-1
 
 ## DP-2 bindings
-workspace 6 output DP-3
-workspace 7 output DP-3
-workspace 8 output DP-3
+workspace 6 output DP-2
+workspace 7 output DP-2
+workspace 8 output DP-2
 
 ### Colour options
-set $bg 	#24283b
+set $bg 	       #24283b
 set $bg-inactive   #323232
 set $bg-urgent     #000000
 set $text          #eeeeec

flake.lock

@@ -1,5 +1,27 @@
 {
   "nodes": {
+    "aagl": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "rust-overlay": "rust-overlay"
+      },
+      "locked": {
+        "lastModified": 1774186997,
+        "narHash": "sha256-hyNVlhAqmwcBPl7XRkxbGcMt1BfCOdvuEfBDUf0k8Oo=",
+        "owner": "ezKEa",
+        "repo": "aagl-gtk-on-nix",
+        "rev": "546e95f7ec74892a31f883a10b1723c35f2c2edd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ezKEa",
+        "repo": "aagl-gtk-on-nix",
+        "type": "github"
+      }
+    },
     "darwin": {
       "inputs": {
         "nixpkgs": [
@@ -7,16 +29,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1749744770,
-        "narHash": "sha256-MEM9XXHgBF/Cyv1RES1t6gqAX7/tvayBC1r/KPyK1ls=",
+        "lastModified": 1772129556,
+        "narHash": "sha256-Utk0zd8STPsUJPyjabhzPc5BpPodLTXrwkpXBHYnpeg=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "536f951efb1ccda9b968e3c9dee39fbeb6d3fdeb",
+        "rev": "ebec37af18215214173c98cf6356d0aca24a2585",
         "type": "github"
       },
       "original": {
         "owner": "lnl7",
-        "ref": "nix-darwin-25.05",
+        "ref": "nix-darwin-25.11",
         "repo": "nix-darwin",
         "type": "github"
       }
@@ -24,11 +46,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1747046372,
-        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "lastModified": 1767039857,
+        "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
         "type": "github"
       },
       "original": {
@@ -37,16 +59,60 @@
         "type": "github"
       }
     },
+    "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1761588595,
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-schemas": {
+      "locked": {
+        "lastModified": 1761577921,
+        "narHash": "sha256-eK3/xbUOrxp9fFlei09XNjqcdiHXxndzrTXp7jFpOk8=",
+        "rev": "47849c7625e223d36766968cc6dc23ba0e135922",
+        "revCount": 107,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.2.0/019a4a84-544d-7c59-b26d-e334e320c932/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%2A"
+      }
+    },
+    "flake-schemas_2": {
+      "locked": {
+        "lastModified": 1761577921,
+        "narHash": "sha256-eK3/xbUOrxp9fFlei09XNjqcdiHXxndzrTXp7jFpOk8=",
+        "rev": "47849c7625e223d36766968cc6dc23ba0e135922",
+        "revCount": 107,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.2.0/019a4a84-544d-7c59-b26d-e334e320c932/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%2A"
+      }
+    },
     "flake-utils": {
       "inputs": {
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "lastModified": 1701680307,
+        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
         "type": "github"
       },
       "original": {
@@ -55,25 +121,68 @@
         "type": "github"
       }
     },
-    "ghostty": {
+    "git-hooks": {
       "inputs": {
-        "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs",
-        "zig": "zig",
-        "zon2nix": "zon2nix"
+        "flake-compat": "flake-compat_2",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "go-overlay",
+          "nixpkgs"
+        ]
       },
       "locked": {
-        "lastModified": 1751123364,
-        "narHash": "sha256-Nb3pxs1onnbdhhnoNc+IfHzrW9dM+UbEdjK0AguR2J4=",
-        "owner": "ghostty-org",
-        "repo": "ghostty",
-        "rev": "f6d1c274b9c0e095dc0a1b411dec7410ad779bf5",
+        "lastModified": 1765016596,
+        "narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=",
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c",
         "type": "github"
       },
       "original": {
-        "owner": "ghostty-org",
-        "repo": "ghostty",
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "go-overlay",
+          "git-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1709087332,
+        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
+    "go-overlay": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "git-hooks": "git-hooks",
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1775676807,
+        "narHash": "sha256-l7B5l6cGBZoW4bs+4Zq/FMgxaZWWJqdUDkCVuH98hMY=",
+        "owner": "purpleclay",
+        "repo": "go-overlay",
+        "rev": "c5bd812957211f42c207da6b1415f49de30e183f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "purpleclay",
+        "repo": "go-overlay",
         "type": "github"
       }
     },
@@ -84,16 +193,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1750792728,
-        "narHash": "sha256-Lh3dopA8DdY+ZoaAJPrtkZOZaFEJGSYjOdAYYgOPgE4=",
+        "lastModified": 1774274588,
+        "narHash": "sha256-dnHvv5EMUgTzGZmA+3diYjQU2O6BEpGLEOgJ1Qe9LaY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "366f00797b1efb70f2882d3da485e3c10fd3d557",
+        "rev": "cf9686ba26f5ef788226843bc31fda4cf72e373b",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-25.05",
+        "ref": "release-25.11",
         "repo": "home-manager",
         "type": "github"
       }
@@ -116,40 +225,162 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1748189127,
-        "narHash": "sha256-zRDR+EbbeObu4V2X5QCd2Bk5eltfDlCr5yvhBwUT6pY=",
-        "rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334",
-        "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.802491.7c43f080a7f2/nixexprs.tar.xz"
+        "lastModified": 1744536153,
+        "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11",
+        "type": "github"
       },
       "original": {
-        "type": "tarball",
-        "url": "https://channels.nixos.org/nixos-25.05/nixexprs.tar.xz"
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
       }
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1750969886,
-        "narHash": "sha256-zW/OFnotiz/ndPFdebpo3X0CrbVNf22n4DjN2vxlb58=",
+        "lastModified": 1765779637,
+        "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "a676066377a2fe7457369dd37c31fd2263b662f4",
+        "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-25.05",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1774244481,
+        "narHash": "sha256-4XfMXU0DjN83o6HWZoKG9PegCvKvIhNUnRUI19vzTcQ=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "4590696c8693fea477850fe379a01544293ca4e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-25.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1744536153,
+        "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_5": {
+      "locked": {
+        "lastModified": 1766201043,
+        "narHash": "sha256-eplAP+rorKKd0gNjV3rA6+0WMzb1X1i16F5m5pASnjA=",
+        "rev": "b3aad468604d3e488d627c0b43984eb60e75e782",
+        "revCount": 904049,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2511.904049%2Brev-b3aad468604d3e488d627c0b43984eb60e75e782/019b3f6c-8b33-7edb-b858-9979590f270b/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/NixOS/nixpkgs/%2A"
+      }
+    },
+    "nixpkgs_6": {
+      "locked": {
+        "lastModified": 1769089682,
+        "narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=",
+        "rev": "078d69f03934859a181e81ba987c2bb033eebfc5",
+        "revCount": 906333,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2511.906333%2Brev-078d69f03934859a181e81ba987c2bb033eebfc5/019bebf2-031c-7119-8fdc-ce9d29d005fa/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/NixOS/nixpkgs/%2A"
+      }
+    },
     "root": {
       "inputs": {
+        "aagl": "aagl",
         "darwin": "darwin",
-        "ghostty": "ghostty",
+        "go-overlay": "go-overlay",
         "home-manager": "home-manager",
         "nix-flatpak": "nix-flatpak",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_3",
+        "rust-overlay": "rust-overlay_2",
+        "swaytreesave": "swaytreesave",
+        "vintage-story": "vintage-story"
+      }
+    },
+    "rust-overlay": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1770952264,
+        "narHash": "sha256-CjymNrJZWBtpavyuTkfPVPaZkwzIzGaf0E/3WgcwM14=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "ec6a3d5cdf14bb5a1dd03652bd3f6351004d2188",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "rust-overlay_2": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_4"
+      },
+      "locked": {
+        "lastModified": 1774321696,
+        "narHash": "sha256-g18xMjMNla/nsF5XyQCNyWmtb2UlZpkY0XE8KinIXAA=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "49a67e6894d4cb782842ee6faa466aa90c92812d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "swaytreesave": {
+      "inputs": {
+        "flake-schemas": "flake-schemas",
+        "nixpkgs": "nixpkgs_5"
+      },
+      "locked": {
+        "lastModified": 1767148467,
+        "narHash": "sha256-W0O7SWq8ucokt4ctEAEvRvNoSM/oF7fBfb2kTN+lwTs=",
+        "ref": "refs/heads/master",
+        "rev": "0f4bb9bb450b28aa4f29d5eb2062deac6c26687a",
+        "revCount": 4,
+        "type": "git",
+        "url": "https://scm.wyattjmiller.com/wymiller/swaytreesave-nix.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://scm.wyattjmiller.com/wymiller/swaytreesave-nix.git"
       }
     },
     "systems": {
@@ -167,58 +398,23 @@
         "type": "github"
       }
     },
-    "zig": {
+    "vintage-story": {
       "inputs": {
-        "flake-compat": [
-          "ghostty"
-        ],
-        "flake-utils": [
-          "ghostty",
-          "flake-utils"
-        ],
-        "nixpkgs": [
-          "ghostty",
-          "nixpkgs"
-        ]
+        "flake-schemas": "flake-schemas_2",
+        "nixpkgs": "nixpkgs_6"
       },
       "locked": {
-        "lastModified": 1748261582,
-        "narHash": "sha256-3i0IL3s18hdDlbsf0/E+5kyPRkZwGPbSFngq5eToiAA=",
-        "owner": "mitchellh",
-        "repo": "zig-overlay",
-        "rev": "aafb1b093fb838f7a02613b719e85ec912914221",
-        "type": "github"
+        "lastModified": 1769397199,
+        "narHash": "sha256-MSajncUGZtlpl88rqFdj42eGGyWnk2jw84VbK3AgUBA=",
+        "ref": "refs/heads/master",
+        "rev": "4d2313c50933645040a0d12556016fc2916bfa65",
+        "revCount": 1,
+        "type": "git",
+        "url": "https://scm.wyattjmiller.com/wymiller/vintage-story-nix.git"
       },
       "original": {
-        "owner": "mitchellh",
-        "repo": "zig-overlay",
-        "type": "github"
-      }
-    },
-    "zon2nix": {
-      "inputs": {
-        "flake-utils": [
-          "ghostty",
-          "flake-utils"
-        ],
-        "nixpkgs": [
-          "ghostty",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1742104771,
-        "narHash": "sha256-LhidlyEA9MP8jGe1rEnyjGFCzLLgCdDpYeWggibayr0=",
-        "owner": "jcollie",
-        "repo": "zon2nix",
-        "rev": "56c159be489cc6c0e73c3930bd908ddc6fe89613",
-        "type": "github"
-      },
-      "original": {
-        "owner": "jcollie",
-        "ref": "56c159be489cc6c0e73c3930bd908ddc6fe89613",
-        "repo": "zon2nix",
-        "type": "github"
+        "type": "git",
+        "url": "https://scm.wyattjmiller.com/wymiller/vintage-story-nix.git"
       }
     }
   },

flake.nix

@@ -1,17 +1,26 @@
 {
   description = "Wyatt's nix configuration suite";
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
     nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=v0.6.0";
     home-manager = {
-      url = "github:nix-community/home-manager/release-25.05";
+      url = "github:nix-community/home-manager/release-25.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     darwin = {
-      url = "github:lnl7/nix-darwin/nix-darwin-25.05";
+      url = "github:lnl7/nix-darwin/nix-darwin-25.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    ghostty.url = "github:ghostty-org/ghostty";
+    rust-overlay.url = "github:oxalica/rust-overlay";
+    go-overlay.url = "github:purpleclay/go-overlay";
+    aagl = {
+      url = "github:ezKEa/aagl-gtk-on-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    # My personal flakes
+    swaytreesave.url = "git+https://scm.wyattjmiller.com/wymiller/swaytreesave-nix.git";
+    vintage-story.url = "git+https://scm.wyattjmiller.com/wymiller/vintage-story-nix.git";
   };
 
   outputs = inputs @ {
@@ -20,26 +29,44 @@
     nix-flatpak,
     darwin,
     home-manager,
-    ghostty,
+    rust-overlay,
+    go-overlay,
+    aagl,
+    swaytreesave,
+    vintage-story,
     ...
   }: let
     userName = "wyatt";
     userEmail = "wyatt@wyattjmiller.com";
     extraSpecialArgs = {
-      inherit userName userEmail ghostty;
+      inherit userName userEmail swaytreesave;
+    };
+
+    myOverlays = { ... }: {
+      nixpkgs.overlays = [
+        rust-overlay.overlays.default
+        go-overlay.overlays.default
+        aagl.overlays.default
+        self.common.overlays
+      ];
     };
   in {
     meta = import ./meta;
 
+    common = {
+      overlays = import ./modules/common/overlays.nix;
+    };
+
     # Primary laptop - MacBook Pro (2023, M3)
     darwinConfigurations."sephiroth" = darwin.lib.darwinSystem {
       system = "aarch64-darwin";
       specialArgs = {
-        inherit userName userEmail ghostty;
+        inherit userName userEmail;
         hostname = "sephiroth";
-        role = "devel";
+        role = "workstation";
       };
       modules = [
+        myOverlays
         ./modules/common
         ./modules/machine/sephiroth
 
@@ -47,7 +74,9 @@
         {
           home-manager.useGlobalPkgs = true;
           home-manager.useUserPackages = true;
-          home-manager.extraSpecialArgs = extraSpecialArgs;
+          home-manager.extraSpecialArgs = extraSpecialArgs // { isNixOS = false; role = "workstation"; };
+          # home-manager.extraSpecialArgs = extraSpecialArgs;
+          home-manager.backupFileExtension = "bak";
           home-manager.users.${userName} = import ./home;
         }
       ];
@@ -57,11 +86,12 @@
     nixosConfigurations."cloud" = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
       specialArgs = {
-        inherit userName userEmail ghostty;
+        inherit userName userEmail aagl vintage-story;
         hostname = "cloud";
-        role = "devel";
+        role = "workstation";
       };
       modules = [
+        myOverlays
         nix-flatpak.nixosModules.nix-flatpak
         ./modules/common
         ./modules/machine/cloud
@@ -70,7 +100,8 @@
         {
           home-manager.useGlobalPkgs = true;
           home-manager.useUserPackages = true;
-          home-manager.extraSpecialArgs = extraSpecialArgs;
+          home-manager.extraSpecialArgs = extraSpecialArgs // { isNixOS = true; role = "workstation"; };
+          home-manager.backupFileExtension = "bak";
           home-manager.users.${userName}.imports = [
             ./home
           ];
@@ -87,6 +118,7 @@
         role = "server";
       };
       modules = [
+        myOverlays
         ./modules/common
         ./modules/machine/valefor
 
@@ -95,6 +127,7 @@
           home-manager.useGlobalPkgs = true;
           home-manager.useUserPackages = true;
           home-manager.extraSpecialArgs = extraSpecialArgs;
+          home-manager.backupFileExtension = "bak";
           home-manager.users.${userName}.imports = [
             ./home
           ];
@@ -111,6 +144,7 @@
         role = "server";
       };
       # modules = [
+      #   myOverlays
       #   nix-flatpak.nixosModules.nix-flatpak
       #   nix-ld.nixosModules.nix-ld
       #   ./modules/nixos/hardware-configuration.nix
@@ -123,11 +157,88 @@
       #     home-manager.useGlobalPkgs = true;
       #     home-manager.useUserPackages = true;
       #     home-manager.extraSpecialArgs = extraSpecialArgs;
+      #     home-manager.backupFileExtension = "bak";
       #     home-manager.users.${userName}.imports = [
       #       ./home
       #     ];
       #   }
       # ];
     };
+
+    # Vintage story server
+    nixosConfigurations."thancred" = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      specialArgs = {
+        inherit userName userEmail vintage-story;
+        hostname = "thancred";
+        role = "server";
+      };
+      modules = [
+        myOverlays
+        ./modules/common
+        ./modules/machine/thancred
+
+        home-manager.nixosModules.home-manager
+        {
+          home-manager.useGlobalPkgs = true;
+          home-manager.useUserPackages = true;
+          home-manager.extraSpecialArgs = extraSpecialArgs // { isNixOS = true; role = "server"; };
+          home-manager.backupFileExtension = "bak";
+          home-manager.users.${userName}.imports = [
+            ./home
+          ];
+        }
+      ];
+    };
+
+    # Matrix and Mastodon server
+    nixosConfigurations."yshtola" = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      specialArgs = {
+        inherit userName userEmail;
+        hostname = "yshtola";
+        role = "server";
+      };
+      modules = [
+        myOverlays
+        ./modules/common
+        ./modules/machine/yshtola
+
+        home-manager.nixosModules.home-manager
+        {
+          home-manager.useGlobalPkgs = true;
+          home-manager.useUserPackages = true;
+          home-manager.extraSpecialArgs = extraSpecialArgs // { isNixOS = true; role = "server"; };
+          home-manager.backupFileExtension = "bak";
+          home-manager.users.${userName}.imports = [
+            ./home
+          ];
+        }
+      ];
+    };
+
+    # generic non-NixOS Linux machine
+    homeConfigurations."generic" = let
+      hostname = builtins.getEnv "HOSTNAME";
+      system = "x86_64-linux";
+    in home-manager.lib.homeManagerConfiguration {
+      pkgs = nixpkgs.legacyPackages.${system};
+      
+      extraSpecialArgs = {
+        inherit userName userEmail hostname;
+        isNixOS = false;
+        role = "workstation";
+      };
+      modules = [
+        {
+          nixpkgs.overlays = [
+            rust-overlay.overlays.default
+            go-overlay.overlays.default
+            self.common.overlays
+          ];
+        }
+        ./home
+      ];
+    };
   };
 }

home/atuin.nix

@@ -1,6 +1,7 @@
-{...}: {
+{ pkgs, ...}: {
   programs.atuin = {
     enable = true;
     enableFishIntegration = true;
+    package = pkgs.atuinLatest;
   };
 }

home/browser.nix

@@ -1,6 +1,7 @@
 {
   pkgs,
   lib,
+  isNixOS ? true,
   ...
 }: {
   programs.firefox = {
@@ -9,7 +10,7 @@
   };
 
   programs.chromium = {
-    enable = pkgs.stdenv.isLinux;
+    enable = pkgs.stdenv.isLinux && isNixOS;
     package = pkgs.ungoogled-chromium.override {
       enableWideVine = true;
       commandLineArgs = [
@@ -40,14 +41,37 @@
         id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";
         sha256 = "sha256:0pdh1v0vx1d5vnl1zh7nbk6j1fh4k4hhwp1ljs203icn306lahsn";
         # sha256 = lib.fakeSha256;
-        version = "1.64.0";
+        version = "1.67.0";
       })
       (createChromiumExtension {
         # bitwarden
         id = "nngceckbapebfimnlniiiahkandclblb";
         sha256 = "sha256:0jxk3cqmgd5qj8hnw7s0k5s4bfrcmr0w0rckp3x0bmng07azw4gi";
-        # sha256 = lib.fakeSha256;
-        version = "2025.5.0";
+        version = "2025.10.0";
+      })
+      (createChromiumExtension {
+        # react dev tools
+        id = "fmkadmapgofadopljbjfkapdkoienihi";
+        sha256 = "sha256:01vy0x7hdkj4g3m2l4kw5rwldhhpkcxmd2miy5rj2dzxdnbchw2z";
+        version = "7.0.1";
+      })
+      (createChromiumExtension {
+        # wappalyzer
+        id = "gppongmhjkpfnbhagpmjfkannfbllamg";
+        sha256 = "sha256:1mi1wpm714r8yp0zh0yg6kccnld36rj4xb8j4y0c18y9176vc6wx";
+        version = "6.10.86";
+      })
+      (createChromiumExtension {
+        # obsidian web clipper
+        id = "cnjifjpddelmedmihgijeibhnjfabmlf";
+        sha256 = "sha256:0bp6g63g9hk2xbq054lpf5hzwmn73jzh3hswyjfp9r7yqj83mzgy";
+        version = "0.12.0";
+      })
+      (createChromiumExtension {
+        # dark reader
+        id = "eimadpbcbfnmbkopoojfekhnkhdbieeh";
+        sha256 = "sha256:06a9dz589i1da519kivzp7bljksl2xxsd151y7ww0hx28jd1694b";
+        version = "4.9.113";
       })
     ];
   };

home/default.nix

@@ -1,63 +1,59 @@
-{
-  lib,
-  pkgs,
-  userName,
-  userEmail,
-  ghostty,
-  ...
+{ lib
+, pkgs
+, userName
+, swaytreesave
+, isNixOS ? true
+, ...
 }: let
   # Have a file sturcture that holds all the configuration files that can't be configured by Nix
   # or maybe I'm too lazy to do anything about it? I dunno
   dirs = {
     defaults = ../defaults;
   };
-in {
+in
+{
+  _module.args = {
+    inherit dirs;
+  };
+
   # Import sub modules
-  imports = map (module: import module {inherit lib pkgs dirs userName userEmail ghostty;}) [
-    ./atuin.nix
-    ./shell.nix
+  imports = [
     ./packages
-    ./git.nix
-    ./starship.nix
-    ./eza.nix
-    ./neovim.nix
-    ./direnv.nix
-    ./sway.nix
-    ./terminal.nix
-    ./browser.nix
-    ./zellij.nix
-    ./bat.nix
   ];
 
-  # Home Manager needs a bit of information about you and the
-  # paths it should manage.
-  home = {
-    username = userName;
-    homeDirectory =
-      if pkgs.stdenv.isDarwin
-      then "/Users/${userName}"
-      else "/home/${userName}";
+  home = lib.mkMerge [
+    {
+      username = userName;
+      homeDirectory =
+        if pkgs.stdenv.isDarwin
+        then "/Users/${userName}"
+        else "/home/${userName}";
 
-    sessionVariables = {
-      XDG_CURRENT_DESKTOP = "sway";
-      XDG_SESSION_TYPE = "wayland";
-      XDG_SESSION_DESKTOP="sway";
-      XDG_CONFIG_HOME = "$HOME/.config";
-      XDG_CACHE_HOME = "$HOME/.cache";
-      XDG_DATA_HOME = "$HOME/.local/share";
-      XDG_STATE_HOME = "$HOME/.local/state";
-      NIXOS_OZONE_WL = "1";
-    };
+      stateVersion = "24.11";
+    }
 
-    pointerCursor = lib.mkIf pkgs.stdenv.isLinux {
-      gtk.enable = true;
-      package = pkgs.catppuccin-cursors.mochaDark;
-      name = "catppuccin-mocha-dark-cursors";
-      size = 22;
-    };
+    (lib.mkIf isNixOS {
+      sessionVariables = {
+        XDG_CURRENT_DESKTOP = "sway";
+        XDG_SESSION_TYPE = "wayland";
+        XDG_SESSION_DESKTOP = "sway";
+        XDG_CONFIG_HOME = "$HOME/.config";
+        XDG_CACHE_HOME = "$HOME/.cache";
+        XDG_DATA_HOME = "$HOME/.local/share";
+        XDG_STATE_HOME = "$HOME/.local/state";
+        NIXOS_OZONE_WL = "1";
+      };
+    })
 
-    stateVersion = "24.11";
-  };
+    (lib.mkIf pkgs.stdenv.isLinux {
+      pointerCursor = {
+        gtk.enable = true;
+        package = pkgs.catppuccin-cursors.mochaDark;
+        name = "catppuccin-mocha-dark-cursors";
+        size = 22;
+      };
+    })
+  ];
 
   # Let Home Manager install and manage itself.
   programs.home-manager.enable = true;

home/git.nix

@@ -15,7 +15,7 @@
     extraConfig = {
       init.defaultBranch = "master";
       push.autoSetupRemote = true;
-      pull.merge = true;
+      pull.rebase = false;
       merge.tool = "nvimdiff";
       mergetool.keepBackup = false;
     };
@@ -31,6 +31,7 @@
       a = "add";
       ap = "add -p";
       br = "branch";
+      cb = "checkout -b";
       co = "checkout";
       st = "status -sb";
       status = "status -sb";
@@ -40,6 +41,11 @@
       ca = "commit -am";
       dc = "diff --cached";
       amend = "commit --amend -m";
+      wipe = "reset --hard";
+      gg = "reset --hard";
+      ggs = "reset --hard";
+      sw = "switch";
+      r = "restore";
 
       # aliases for submodules
       update = "submodule update --init --recursive";

home/k9s.nix

@@ -0,0 +1,32 @@
+{ pkgs, ... }: {
+  programs.k9s = {
+    enable = true;
+    package = pkgs.k9s;
+    settings.k9s = {
+      refreshRate = "2s";
+      liveViewAutoRefresh = false;
+      apiServerTimeout = "30s";
+      maxConnRetry = 5;
+      readOnly = true;
+      noExitOnCtrlC = false;
+      portForwardAddress = "localhost";
+      skipLatestRevCheck = false;
+      
+      skin = {
+        catppuccin-mocha = ../defaults/k9s/catppuccin-mocha.yaml;
+      };
+
+      ui = {
+        skin = "catppuccin-mocha";
+        enableMouse = true;
+        headless = false;
+        logoless = true;
+        crumbsless = false;
+        splashless = true;
+        reactive = false;
+        noIcons = false;
+        defaultsToFullscreen = false;
+      };
+    };
+  };
+}

home/krew.nix

@@ -0,0 +1,14 @@
+{ pkgs, lib, ... }:
+with pkgs;
+let
+  plugins = [
+    "krew"
+    "oidc-login"
+  ];
+in {
+  home.activation.krew = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
+    ${lib.concatMapStringsSep "\n" (plugin: ''
+      $DRY_RUN_CMD ${krew}/bin/krew install ${plugin} || true
+    '') plugins}
+  '';
+}

home/lazygit.nix

@@ -1,6 +1,7 @@
-{...}: {
+{ pkgs, ... }: {
   programs.lazygit = {
     enable = true;
+    package = pkgs.lazygitLatest;
 
     settings = {
       gui.theme = {

home/neovim.nix

@@ -1,4 +1,8 @@
-{dirs, ...}: {
+{...}: let
+  dirs = {
+    defaults = ../defaults;
+  };
+in {
   programs.neovim = {
     enable = true;
     defaultEditor = true;

home/packages/common.nix

@@ -1,11 +1,20 @@
 {
-  lib,
   pkgs,
   ...
 }: {
-  home.packages = with pkgs; [
-    yazi # terminal file manager
+  imports = [
+    ../atuin.nix
+    ../shell.nix
+    ../git.nix
+    ../starship.nix
+    ../eza.nix
+    ../neovim.nix
+    ../bat.nix
+  ];
 
+  nixpkgs.config.allowUnfree = true;
+
+  home.packages = with pkgs; [
     # archives
     zip
     xz
@@ -13,40 +22,21 @@
     p7zip
 
     # utils
+    yazi
     tmux
-    lazygit
     bottom
     ripgrep
     jq
     yq-go
     fzf
-    fh
     aria2
-    yt-dlp
-    obsidian
-    vscode
-    weechat
-    inetutils
+    gnupg
 
     # misc
-    cowsay
     file
     which
     tree
     gnutar
-    gnupg
-    zoxide
     babelfish
-
-    # language-specific package managers
-    nodejs
-    cargo
-    python3
-
-    # nix specific stuff
-    nixd
-    deadnix
-    alejandra
-    statix
   ];
 }

home/packages/darwin.nix

@@ -1,10 +1,7 @@
-{
-  pkgs,
-  lib,
-  ...
-}: {
-  home.packages = lib.mkIf pkgs.stdenv.isDarwin (with pkgs; [
+{ lib, pkgs, ... }:
+lib.mkIf pkgs.stdenv.isDarwin {
+  home.packages = with pkgs; [
     discord
     ollama
-  ]);
+  ];
 }

home/packages/default.nix

@@ -1,11 +1,11 @@
+{ lib, role ? "workstation", ... }:
 {
-  pkgs,
-  lib,
-  ...
-}: {
-  imports = [
-    ./common.nix
-    ./darwin.nix
-    ./linux.nix
-  ];
+  imports =
+    [
+      ./common.nix
+      ./darwin.nix
+      ./linux.nix
+    ]
+    ++ lib.optional (role == "workstation") ./workstation.nix
+    ++ lib.optional (role == "server") ./server.nix;
 }

home/packages/linux.nix

@@ -1,20 +1,16 @@
-{
-  pkgs,
-  lib,
-  ...
-}: {
-  home.packages = lib.mkIf pkgs.stdenv.isLinux (with pkgs; [
+{ lib, pkgs, isNixOS ? true, ... }:
+lib.mkIf pkgs.stdenv.isLinux {
+  home.packages = with pkgs; [
     imv
-    betterdiscordctl
-    vesktop
     xdg-utils
-    mcrcon
+  ] ++ lib.optionals isNixOS [
+    vesktop
     xfce.thunar
     pavucontrol
-    godot
-    aseprite
+    zathura
     gpu-screen-recorder
     gpu-screen-recorder-gtk
-    # ungoogled-chromium
-  ]);
+    inetutils
+    easyeffects
+  ];
 }

home/packages/server.nix

@@ -0,0 +1,4 @@
+{ pkgs, ... }: {
+  home.packages = [
+  ];
+}

home/packages/workstation.nix

@@ -0,0 +1,37 @@
+{
+  lib,
+  pkgs,
+  isNixOS ? true,
+  ...
+}: {
+  imports = [
+    ../terminal.nix
+    ../browser.nix
+    ../zellij.nix
+    ../lazygit.nix
+    ../k9s.nix
+    ../krew.nix
+    ../direnv.nix
+  ] ++ lib.optional isNixOS ../sway.nix;
+
+  home.packages = with pkgs; [
+    fh
+    kubectl # kube config is deliberately not included
+    kubectx
+    vscode
+    yt-dlp
+    weechat
+    nodejs
+    cargo
+    python3
+    nixd
+    deadnix
+    alejandra
+    statix
+    gh
+    ghDashLatest
+    diffNavLatest
+  ] ++ lib.optionals isNixOS [
+    obsidian
+  ];
+}

home/shell.nix

@@ -1,9 +1,11 @@
-{pkgs, ...}: {
+{pkgs, lib, ...}: {
   programs.fish = {
     enable = true;
-    # initExtra = ''
-    #   export PATH="$PATH:$HOME/bin:$HOME/.local/bin:$HOME/go/bin"
-    # '';
+    shellInit = ''
+      if test -d $HOME/.krew/bin
+        set -gx PATH $HOME/.krew/bin $PATH
+      end
+    '';
 
     shellAliases = {
       # ls aliases
@@ -43,7 +45,31 @@
             "Can I get a waffle? Can I please get a waffle?" \
             "I'm lesbian. I thought you were American." \
             "You gotta give 'em that 'hawk tuah' and spit on that thang!" \
-            "We don't do that here..."
+            "We don't do that here..." \
+            "What are those?! They are my crocs..." \
+            "It's an avocado... Thanks!" \
+            "I am once again asking for your financial support" \
+            "Is that a weed?" \
+            "No, this is Patrick!" \
+            "Come ride, heroes, ride" \
+            "Away with the tide" \
+            "Concede your mind unto the fiend" \
+            "Darkness come, rend the shield of light" \
+            "The sun is setting, darkness taking over - a date with chaos and you're dressed to the nines" \
+            "Now kneel overdweller, your lord commands, there's no salvation for the sons of man" \
+            "Snap click clank whirr whizz wham boom!" \
+            "Rohs an kyn ala na" \
+            "If you’ve brought your ivory standard, I’ll be happy to tell you where you can stick it" \
+            "Speeches? Oh, yes, I love them. There's nothing like a good exposition when you're having trouble sleeping!" \
+            "Somehow, the boy just isn't very buoyant" \
+            "I am...not interested, little sun. Try again when you have become a man" \
+            "I am rightousness! And rightousness shall previal!" \
+            "Ahhh such bliss!" \
+            "The gods themselves will be my meal. Your dear companions my dessert. Upon this world I'll feast, and death shall follow in my wake. All your hate, all your rage, you will render unto me." \
+            "Boring, boring, boring" \
+            "Would you be 'happier' had I a 'good reason'?" \
+            "A test of your reflexes!"
+
 
           set choose_meme (random)"%"(count $memes)
           set choose_meme $memes[(math $choose_meme"+1")]
@@ -52,6 +78,27 @@
         '';
         onEvent = "fish_greeting";
       };
+    } // lib.optionalAttrs pkgs.stdenv.isLinux {
+      block = {
+        body = ''
+          systemd-inhibit --what=sleep --who="$USER" --why="manual invocation" --mode=block sleep infinity &
+          set -g INHIBIT_PID $last_pid
+          echo "Sleep inhibited. PID: $INHIBIT_PID"
+        '';
+      };
+
+      unblock = {
+        body = ''
+          if set -q INHIBIT_PID
+            kill $INHIBIT_PID 2>/dev/null
+            and echo "Sleep inhibitor removed. PID: $INHIBIT_PID"
+            or echo "Failed to kill process or already terminated."
+            set -e INHIBIT_PID
+          else
+            echo "No active sleep inhibitor found."
+          end
+        '';
+      };
     };
   };
 

home/sway.nix

@@ -1,6 +1,7 @@
 {
   lib,
   pkgs,
+  swaytreesave,
   ...
 }: let
   dirs = {
@@ -15,6 +16,12 @@
     hash = "sha256-ZDFbI69ECsUTjbhlw2kHRufZbQMu+FQSMmncCJ5pagg=";
   };
 in {
+  imports = [
+    swaytreesave.homeManagerModules.default
+  ];
+
+  programs.swaytreesave.enable = if pkgs.stdenv.isLinux then true else false;
+
   wayland.windowManager.sway = {
     enable = pkgs.stdenv.isLinux;
     extraOptions = []; # Extra arguments to pass into sway. If sway goes haywire, we might need something in here
@@ -147,20 +154,6 @@ in {
   programs.waybar = {
     enable = pkgs.stdenv.isLinux;
     systemd.enable = true;
-
-    package = pkgs.waybar.overrideAttrs (old: {
-      version = "0.11.0";
-
-      src = pkgs.fetchFromGitHub {
-        owner = "Alexays";
-        repo = "Waybar";
-        rev = "d56dd6ee7fdf8c5ba4e90790af62b7f7829d3a47";
-        sha256 = "sha256-3lc0voMU5RS+mEtxKuRayq/uJO09X7byq6Rm5NZohq8=";
-        fetchSubmodules = true;
-      };
-
-      buildInputs = old.buildInputs ++ [ pkgs.fftw pkgs.libcava ];
-      # mesonFlags = (old.mesonFlags or []) ++ [ "-Dcava=disabled" ];
-    });
   };
+
 }

home/terminal.nix

@@ -1,4 +1,4 @@
-{ lib, pkgs, ghostty, ... }: {
+{ pkgs, ... }: {
   programs.alacritty = {
     enable = pkgs.stdenv.isLinux;
     settings = {
@@ -103,9 +103,4 @@
   programs.kitty = {
     enable = false; # TODO: to enable later
   };
-
-  home.packages = if pkgs.stdenv.isLinux then
-    [ ghostty.packages.${pkgs.system}.default ]
-  else
-    [ ];
 }

modules/apps/appimage.nix

@@ -0,0 +1,19 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.appimage;
+in {
+  options.appimage = {
+    enable = mkEnableOption "AppImage support";
+  };
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      appimageupdate
+      appimage-run
+    ];
+  };
+}

modules/apps/gaming.nix

@@ -1,11 +1,17 @@
-{
+{ 
   config,
   lib,
   pkgs,
+  aagl,
+  vintage-story,
   ...
 }: let
   cfg = config.gaming;
 in {
+  imports = [ 
+    aagl.nixosModules.default 
+  ];
+
   options.gaming = {
     steam = {
       enable = lib.mkEnableOption "Steam gaming platform";
@@ -62,6 +68,14 @@ in {
       };
     };
 
+    vkbasalt = {
+      enable = lib.mkEnableOption "vkBasalt/ReShade/GShade post processing shaders";
+    };
+
+    mangohud = {
+      enable = lib.mkEnableOption "OpenGL/Vulkan overlay tool shown in games presenting FPS, CPU/GPU/memory utilization, load, etc.";
+    };
+
     lutris = {
       enable = lib.mkEnableOption "Lutris game manager and launcher";
       package = lib.mkOption {
@@ -108,9 +122,38 @@ in {
     ffxiv = {
       enable = lib.mkEnableOption "Final Fantasy XIV and it's accompanied (unofficial) launcher";
     };
+
+    # TODO: when aagl gets it's unified launcher all finished/in a stable state, transition to that launcher
+    aagl = {
+      anime-game-launcher = {
+        enable = lib.mkEnableOption "Genshin Impact launcher (legacy)";
+      };
+
+      honkers-railway-launcher = {
+        enable = lib.mkEnableOption "Honkai: Star Rail launcher";
+      };
+
+      honkers-launcher = {
+        enable = lib.mkEnableOption "Honkai: Impact 3rd launcher";
+      };
+
+      wavey-launcher = {
+        enable = lib.mkEnableOption "Wuthering Waves launcher";
+      };
+
+      sleepy-launcher = {
+        enable = lib.mkEnableOption "Zenless Zone Zero (ZZZ) launcher";
+      };
+    };
+
+    vintage-story = {
+      enable = lib.mkEnableOption "Vintage Story client and server";
+    };
   };
 
-  config = {
+  config = let 
+    agl = cfg.aagl;
+  in {
     programs.steam = lib.mkIf cfg.steam.enable {
       enable = true;
       remotePlay.openFirewall = cfg.steam.firewall.remotePlay;
@@ -139,6 +182,26 @@ in {
         ];
     };
 
+    programs.anime-game-launcher = lib.mkIf agl.anime-game-launcher.enable {
+      enable = true;
+    };
+
+    programs.honkers-railway-launcher = lib.mkIf agl.honkers-railway-launcher.enable {
+      enable = true;
+    };
+
+    programs.honkers-launcher = lib.mkIf agl.honkers-launcher.enable {
+      enable = true;
+    };
+
+    programs.wavey-launcher = lib.mkIf agl.wavey-launcher.enable {
+      enable = true;
+    };
+
+    programs.sleepy-launcher = lib.mkIf agl.sleepy-launcher.enable {
+      enable = true;
+    };
+
     environment.systemPackages =
       (lib.optionals cfg.lutris.enable (
         [cfg.lutris.package] ++
@@ -154,6 +217,20 @@ in {
         cfg.lutris.extraPackages
       )) ++
       (lib.optionals cfg.minecraft.enable [pkgs.prismlauncher]) ++
-      (lib.optionals cfg.ffxiv.enable [pkgs.xivlauncher]);
+      (lib.optionals cfg.ffxiv.enable [pkgs.xivlauncher pkgs.fflogs]) ++
+      (lib.optionals cfg.vintage-story.enable [vintage-story.packages.${pkgs.system}.default]) ++
+      (lib.optionals cfg.vkbasalt.enable [pkgs.vkbasalt pkgs.vkbasalt-cli]) ++
+      (lib.optionals cfg.mangohud.enable [pkgs.mangohud]) ++
+      (lib.optionals (cfg.vkbasalt.enable || cfg.mangohud.enable) [pkgs.goverlay pkgs.mesa-demos pkgs.vulkan-tools]);
+
+    nix.settings = let 
+      inherit agl;
+    in (lib.mkIf
+      (agl.anime-game-launcher.enable || agl.honkers-railway-laucher.enable || agl.honkers-launcher.enable || agl.wavey-launcher.enable || agl.sleepy-launcher.enable)
+      {
+        substituters = [ "https://ezkea.cachix.org" ];
+        trusted-public-keys = [ "ezkea.cachix.org-1:ioBmUbJTZIKsHmWWXPe1FSFbeVe+afhfgqgTSNd34eI=" ];
+      }
+    );
   };
 }

modules/common/README.md

@@ -7,3 +7,11 @@ Licensed by the Mozilla Public License v2
 ## Synopsis
 
 This is the directory that holds shared configuration files amongst computers that I own. They are called by the root `flake.nix` file.
+
+Here's a quick synopsis of each file:
+
+- core: Sane Nix options that I set for myself
+- environment: Core packages and environment variables to be set and installed
+- fonts: Fonts and icons that are to be installed
+- overlays: Customized packages tailored to my needs
+- users: Users to be set on my system

modules/common/core.nix

@@ -8,6 +8,9 @@
 
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
+  nixpkgs.config.permittedInsecurePackages = [
+    "mbedtls-2.28.10"
+  ];
 
   nix.package = pkgs.nix;
 

modules/common/default.nix

@@ -1,12 +1,9 @@
-{
-  pkgs,
-  lib,
-  ...
-}: {
+{ ... }: {
   imports = [
     ./core.nix
     ./environment.nix
     ./fonts.nix
+    # ./overlays.nix
     ./users.nix
   ];
 }

modules/common/environment.nix

@@ -1,20 +1,22 @@
 { lib, pkgs, ... }: {
-  # Common packages that every system will use
   environment.systemPackages = with pkgs; [
     git
     vim
     neovim
     usbutils
     coreutils
-    lshw
-    systemd
-    dmidecode
     pciutils
-    nix-ld
     patchelf
     htop
-  ];
+  ] ++ 
+  lib.optionals pkgs.stdenv.isLinux (with pkgs; [
+    systemd
+    lshw
+    dmidecode
+  ]) ++
+  lib.optionals pkgs.stdenv.isDarwin (with pkgs; [
+      # nothing here, yet ;)
+  ]);
 
-  # Common environment variables that every system will use
   environment.variables.EDITOR = "nvim";
 }

modules/common/fonts.nix

@@ -6,10 +6,14 @@
   fonts.packages = with pkgs;
     [
       noto-fonts
-      noto-fonts-emoji
+      noto-fonts-color-emoji
       liberation_ttf
       noto-fonts-cjk-sans
       monaspace
     ]
     ++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
+
+  environment.systemPackages = with pkgs; [
+    adwaita-icon-theme
+  ];
 }

modules/common/linker.nix

@@ -0,0 +1,62 @@
+{ pkgs, ... }: {
+  programs.nix-ld = {
+    enable = true;
+    libraries = with pkgs;
+    [
+      acl
+      attr
+      bzip2
+      dbus
+      expat
+      fontconfig
+      freetype
+      fuse3
+      icu
+      libnotify
+      libsodium
+      libssh
+      libunwind
+      libusb1
+      libuuid
+      nspr
+      nss
+      stdenv.cc.cc
+      util-linux
+      zlib
+      zstd 
+      pipewire
+      cups
+      libxkbcommon
+      pango
+      mesa
+      libdrm
+      libglvnd
+      libpulseaudio
+      atk
+      cairo
+      alsa-lib
+      at-spi2-atk
+      at-spi2-core
+      gdk-pixbuf
+      glib
+      gtk3
+      libGL
+      libappindicator-gtk3
+      vulkan-loader
+      xorg.libX11
+      xorg.libXScrnSaver
+      xorg.libXcomposite
+      xorg.libXcursor
+      xorg.libXdamage
+      xorg.libXext
+      xorg.libXfixes
+      xorg.libXi
+      xorg.libXrandr
+      xorg.libXrender
+      xorg.libXtst
+      xorg.libxcb
+      xorg.libxkbfile
+      xorg.libxshmfence
+    ];
+  };
+}

modules/common/overlays.nix

@@ -0,0 +1,128 @@
+final: prev: let
+  rust_latest = prev.rust-bin.stable.latest.default;
+  golang_latest = prev.go-bin.latestStable;
+  buildGoModuleLatest = prev.buildGoModule.override {
+    go = golang_latest;
+  };
+  myRustPlatform = prev.makeRustPlatform {
+    cargo = rust_latest;
+    rustc = rust_latest;
+  };
+in {
+  lazygitLatest = prev.lazygit.overrideAttrs (_: rec {
+    version = "0.61.0";
+    src = prev.fetchFromGitHub {
+      owner = "jesseduffield";
+      repo = "lazygit";
+      rev = "v${version}";
+      hash = "sha256-G7JulCK9WUVWbp1V7lYuM3fehCdn1cNAJHYjr3aKDvQ=";
+    };
+
+    vendorHash = null;
+    subPackages = [ "." ];
+    ldflags = [
+      "-X main.version=${version}"
+      "-X main.buildSource=nix"
+    ];
+  });
+
+  atuinLatest = (prev.atuin.override {
+    rustPlatform = myRustPlatform;
+  }).overrideAttrs (oldAttrs: rec {
+    version = "18.13.6";
+
+    src = prev.fetchFromGitHub {
+      owner = "atuinsh";
+      repo = "atuin";
+      rev = "v${version}";
+      hash = "sha256-yAw+ty6FUnFbiRTdAe2QQHzj6uU24fZ/bEIXcHl/thg=";
+    };
+
+    cargoDeps = myRustPlatform.fetchCargoVendor {
+      # name = "atuin-${version}-vendor.tar.gz";
+      inherit src;
+      hash = "sha256-jirVe0+N5+UHZWioj8AipUhawMBameqEJJpa8HPTnfw=";
+    };
+
+    cargoBuildFeatures = [
+      "ai"
+      "client"
+      "clipboard"
+      "daemon"
+      "hex"
+      "sync"
+    ];
+    cargoCheckFeatures = cargoBuildFeatures;
+
+    preCheck = (oldAttrs.preCheck or "") + ''
+      export HOME="$TMPDIR"
+      export XDG_CONFIG_HOME="$TMPDIR/.config"
+      export XDG_DATA_HOME="$TMPDIR/.local/share"
+      export XDG_STATE_HOME="$TMPDIR/.local/state"
+      mkdir -p "$XDG_CONFIG_HOME" "$XDG_DATA_HOME" "$XDG_STATE_HOME"
+    '';
+  });
+
+  # k9sLatest = prev.k9s.overrideAttrs (oldAttrs: rec {
+  #   version = "0.30.16";
+  #   src = prev.fetchFromGitHub {
+  #     owner = "derailed";
+  #     repo = "k9s";
+  #     rev = "v${version}";
+  #     hash = "sha256-1z6r6v3n1p6vd2q6n4pl5q3f7q3q7q1p7j5j1k3l4m5n6o7p8q9r";
+  #   };
+  #   ldflags = [
+  #     "-X github.com/derailed/k9s/version.Version=${version}"
+  #     "-X github.com/derailed/k9s/version.BuildSource=nix"
+  #   ];
+  # });
+
+  ghDashLatest = (prev.gh-dash.override {
+    buildGoModule = buildGoModuleLatest;
+  }).overrideAttrs (oldAttrs: rec {
+    version = "4.23.2";
+    src = prev.fetchFromGitHub {
+      owner = "dlvhdr";
+      repo = "gh-dash";
+      rev = "v${version}";
+      hash = "sha256-C06LPVoE23ITJpMG0x75Djgeup+eb5uYwA8wL7xxvWU=";
+    };
+
+    vendorHash = "sha256-4AbeoH0l7eIS7d0yyJxM7+woC7Q/FCh0BOJj3d1zyX4=";
+    doCheck = false;
+    checkFlags = [
+      "-skip=TestFullOutput"
+    ];
+
+    ldflags = [
+      "-s"
+      "-w"
+      "-X github.com/dlvhdr/gh-dash/v4/cmd.Version=${version}"
+    ];
+
+    passthru = (oldAttrs.passthru or {}) // {
+      tests = {
+        version = oldAttrs.testers.testVersion { package = final.ghDashLatest; };
+      };
+    };
+  });
+
+  diffNavLatest = (prev.diffnav.override {
+    buildGoModule = buildGoModuleLatest;
+  }).overrideAttrs (_: rec {
+    version = "0.10.0";
+    src = prev.fetchFromGitHub {
+      owner = "dlvhdr";
+      repo = "diffnav";
+      rev = "v${version}";
+      hash = "sha256-6VtAQzZNLQrf8QYVXxLUgb3F6xguFDbwaE9kahPhbSE=";
+    };
+
+    vendorHash = "sha256-gmmckzR0D1oFuTG5TAb6gLMoNbcZl9EsjbFjhPfJqnQ=";
+
+    ldflags = [
+      "-s"
+      "-w"
+    ];
+  });
+}

modules/common/users.nix

@@ -1,30 +1,23 @@
+{ lib, pkgs, userName, hostname, ... }:
+
 {
-  lib,
-  pkgs,
-  userName,
-  hostname,
-  ...
-} @ args: {
   networking.hostName = hostname;
+  
+  users.users."${userName}" = {
+    home = if pkgs.stdenv.isDarwin 
+           then "/Users/${userName}" 
+           else "/home/${userName}";
+    description = userName;
+  } // lib.optionalAttrs pkgs.stdenv.isLinux {
+    group = "${userName}";
+    isNormalUser = true;
+  };
+  
+  users.groups.wyatt = {};
+  nix.settings.trusted-users = [userName];
 
-  # Don't forget to set a password with ‘passwd’!
-  users.users."${userName}" = lib.mkMerge [
-    {
-      home =
-        if pkgs.stdenv.isDarwin
-        then "/Users/${userName}"
-        else "/home/${userName}";
-      description = userName;
-    }
-
-    (lib.mkIf (pkgs.stdenv.isLinux) {
-      group = "${userName}";
-      isNormalUser = true;
-    })
-  ];
-
-  security.sudo = {
-    extraRules = [
+  security = lib.optionalAttrs pkgs.stdenv.isLinux {
+    sudo.extraRules = [
       {
         groups = [ "wheel" ];
         commands = [
@@ -37,7 +30,9 @@
     ];
   };
 
-  users.groups.wyatt = {};
-
-  nix.settings.trusted-users = [userName];
+  environment = lib.optionalAttrs pkgs.stdenv.isDarwin {
+    etc."sudoers.d/wheel-nopasswd".text = ''
+      %wheel ALL=(ALL:ALL) NOPASSWD: SETENV: ALL
+    '';
+  };
 }

modules/graphics/default.nix

@@ -40,7 +40,6 @@ in {
   config = mkIf cfg.enable (mkMerge [
     {
       environment.systemPackages = with pkgs; [
-        glxinfo
         vulkan-tools
         mesa-demos
       ];
@@ -62,9 +61,9 @@ in {
 
     (mkIf (cfg.gpuVendor == "amd") {
       services.xserver.videoDrivers = ["amdgpu"];
-      hardware.graphics.extraPackages = with pkgs; [
-        amdvlk
-      ];
+      # hardware.graphics.extraPackages = with pkgs; [
+      #   amdvlk
+      # ];
       environment.systemPackages = with pkgs; [
         radeontop
       ];

modules/machine/README.md

@@ -10,6 +10,10 @@ I like Final Fantasy, alright? Isn't everyone supposed to have a hobby?
 
 These are named after Final Fantasy VII characters.
 
-### Servers/Network Infrastructure
+### Servers/Network Infrastructure (bare metal)
 
-These are named after Final Fantasy summons.
+These are named after Final Fantasy summons. There is some infrastructure missing here like my routers and switches that I also name after summons.
+
+### Servers/Network Infrastructure (virtual machines)
+
+These are named after Final Fantasy XIV Online characters (currently, these are named after the Scions of the Seventh Dawn).

modules/machine/cloud/configuration.nix

@@ -1,8 +1,8 @@
 {
-  config,
   lib,
   pkgs,
   userName,
+  aagl,
   ...
 }: let
   flatpakPackages = [
@@ -18,14 +18,16 @@
 in {
   imports = [
     (import ../../apps/flatpak.nix {
-      inherit lib pkgs flatpakPackages;
+      inherit lib pkgs flatpakPackages userName aagl;
     })
     ../../apps/gaming.nix
+    ../../apps/appimage.nix
     ../../graphics
     ../../pwrMgmt
     ../../networking/core.nix
     ../../sound/pipewire.nix
     ../../sound/shairport.nix
+    ../../sound/focusrite.nix
     ../../virtualization/podman.nix
     ../../virtualization/hardware.nix
   ];
@@ -34,9 +36,13 @@ in {
   nix.settings.experimental-features = ["nix-command" "flakes"];
 
   # Custom kernel/boot stuff
-  boot.kernelPackages = pkgs.linuxPackages_latest;
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };
 
   # Enable Bluetooth if present
   hardware.bluetooth.enable = true;
@@ -63,21 +69,6 @@ in {
     wl-clip-persist
   ];
 
-  # Enable OpenSSH
-  services.openssh.enable = true;
-
-  # Enable keyring
-  services.gnome.gnome-keyring.enable = true;
-
-  # Enable GnuPG
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-  };
-
-  # Enable SUID wrappers (some programs need them)
-  programs.mtr.enable = true;
-
   # Enable Polkit
   security.polkit.enable = true;
 
@@ -98,8 +89,10 @@ in {
         localNetworkGameTransfers = true;
       };
     };
+    vkbasalt.enable = true;
     gamemode.enable = true;
     gamescope.enable = true;
+    mangohud.enable = true;
     lutris = {
       enable = true;
       wine = {
@@ -109,14 +102,12 @@ in {
       compatibility = {
         protonSupport = true;
       };
-      extraPackages = with pkgs; [
-        gamemode
-        mangohud
-      ];
     };
 
     ffxiv.enable = true;
     minecraft.enable = true;
+    aagl.anime-game-launcher.enable = true;
+    vintage-story.enable = true;
   };
 
   # Power management (see ../../pwrMgmt/default.nix)
@@ -145,14 +136,39 @@ in {
     networkManager.enable = true;
   };
 
-  # Enable dconf
-  programs.dconf.enable = true;
+  programs = {
+    # Enable GnuPG
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+
+    # Enable SUID wrappers (some programs need them)
+    mtr.enable = true;
+
+    # Enable dconf
+    dconf.enable = true;
+  };
 
   # Add username to groups "wheel" and "video" - more may be added here later
-  users.users.${userName}.extraGroups = ["wheel" "video" "gamemode" "podman" "network"];
+  users.users.${userName}.extraGroups = ["wheel" "video" "gamemode" "podman" "network" "libvirtd"];
 
-  # Flatpak packages (see ../../apps/flatpak.nix)
-  services.flatpak.packages = flatpakPackages;
+  services = {
+    # Enable OpenSSH
+    openssh.enable = true;
+
+    # Enable keyring
+    gnome.gnome-keyring.enable = true;
+
+    # Flatpak packages (see ../../apps/flatpak.nix)
+    flatpak.packages = flatpakPackages;
+  };
+
+  # Focusrite Scarlett audio interface support (see ../../sound/focusrite.nix)
+  sound.hardware.focusrite.enable = true;
+
+  # AppImage support
+  appimage.enable = true;
 
   # XDG stuff
   xdg = {
@@ -160,12 +176,12 @@ in {
       enable = true;
       config = {
         sway = {
-          default = [ "wlr" "gtk" ];
-          "org.freedesktop.impl.portal.Secret" = [ "gnome-keyring" ];
+          default = ["wlr" "gtk"];
+          "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
         };
         common = {
-          default = [ "gtk" ];
-          "org.freedesktop.impl.portal.Secret" = [ "gnome-keyring" ];
+          default = ["gtk"];
+          "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
         };
       };
       extraPortals = with pkgs; [
@@ -175,5 +191,23 @@ in {
     };
   };
 
+  # sched_ext userspace CPU scheduling stuff - idk
+  services.scx = {
+    enable = true;
+    scheduler = "scx_bpfland";
+  };
+
+  programs.obs-studio = {
+    enable = true;
+    plugins = with pkgs.obs-studio-plugins; [
+      wlrobs
+      obs-backgroundremoval
+      obs-pipewire-audio-capture
+      obs-vaapi #optional AMD hardware acceleration
+      obs-gstreamer
+      obs-vkcapture
+    ];
+  };
+
   system.stateVersion = "24.11";
 }

modules/machine/cloud/default.nix

@@ -2,5 +2,6 @@
   imports = [
     ./configuration.nix
     ./hardware-configuration.nix
+    ../../common/linker.nix
   ];
 }

modules/machine/cloud/hardware-configuration.nix

@@ -12,24 +12,24 @@
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
+  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "ahci" "usb_storage" "usbhid" "sd_mod"];
   boot.initrd.kernelModules = [];
   boot.kernelModules = ["kvm-amd"];
   boot.extraModulePackages = [];
 
   fileSystems."/" = {
-    device = "/dev/disk/by-label/COMPUTER";
+    device = "/dev/disk/by-uuid/f8f39aae-61d2-437d-a8e1-01066bbb3c5c";
     fsType = "xfs";
   };
 
   fileSystems."/boot" = {
-    device = "/dev/disk/by-label/BOOT";
+    device = "/dev/disk/by-uuid/B72F-087F";
     fsType = "vfat";
     options = ["fmask=0022" "dmask=0022"];
   };
 
   swapDevices = [
-    {device = "/dev/disk/by-label/SWAP";}
+    {device = "/dev/disk/by-uuid/6d6bcc02-20a9-4ae8-9c1e-5124fb2b2634";}
   ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

modules/machine/thancred/configuration.nix

@@ -0,0 +1,121 @@
+{
+  pkgs,
+  userName,
+  vintage-story,
+  ...
+}: {
+  imports = [
+    ../../pwrMgmt
+    ../../networking/core.nix
+    ../../virtualization/podman.nix
+  ];
+
+  # Enable flakes for NixOS
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+
+  # Custom kernel/boot stuff
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # Set your timezone
+  time.timeZone = "America/Detroit";
+
+  # Enable OpenSSH
+  services.openssh.enable = true;
+
+  # Enable keyring
+  services.gnome.gnome-keyring.enable = true;
+
+  # Enable GnuPG
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  # Enable SUID wrappers (some programs need them)
+  programs.mtr.enable = true;
+
+  # Enable Polkit
+  security.polkit.enable = true;
+
+  # Power management (see ../../pwrMgmt/default.nix)
+  pwrMgmt = {
+    enable = true;
+    cpuFreqGovernor = "performance";
+    powertop.enable = false;
+  };
+
+  network = {
+    firewall = {
+      enable = true;
+      tcpPorts = {
+        allowedPorts = [ 42420 ];
+      };
+      udpPorts = {
+        allowedPorts = [ 42420 ];
+      };
+    };
+    networkManager.enable = true;
+  };
+
+  environment.systemPackages = [
+    vintage-story.packages.${pkgs.system}.default
+  ];
+
+  systemd.services.vintagestory-server = {
+    description = "Vintage Story Server";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    serviceConfig = {
+      Type = "simple";
+      User = userName;
+      WorkingDirectory = "/home/${userName}";
+      ExecStart = "${vintage-story.packages.${pkgs.system}.default}/bin/vintagestory-server";
+      Restart = "on-failure";
+      RestartSec = "5s";
+    };
+  };
+
+  # Add username to groups "wheel" and "video" - more may be added here later
+  users = {
+    groups.hazel = {};
+    users = {
+      ${userName} = {
+        extraGroups = [ "wheel" "network" ];
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFV9eSc9L+aJLoKoexq2f/jb5rpyZnhuGiyhS8YQAbaS wyatt@wyattjmiller.com"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4WKvKnnYpTbzZHFEslOKyfiiMqWxhW3AfX6E7ACmYU wyatt@wyattjmiller.com"
+        ];
+      };
+      "hazel" = {
+        home = "/home/hazel";
+        group = "hazel";
+        extraGroups = [ "wheel" ];
+        description = "hazel";
+        isNormalUser = true;
+        openssh.authorizedKeys.keys = [
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZnyiQx+k1ygX8E1lsUCB6aTdMc+OKzlZ4admlzknc5ulj0YrtUyqhbNhkNd6pP0QDBFMnXO/rzUvHp4TAyZXKFfpcBCa4zhK97ufymAfvzAjM4vRBqRNcr2n+2iRzxtolbklfjs3ocBQVxXW+pRT5wWxTgK2fcmP2xviDVldr7qte37x5YkQb5SAhYNH8tqJRnuGPe+Q0A3oN4HyHZFnrMq/HlbL5yg/0VKPTtF/IgHf+2dDz5OQQpBx3/N9u/QLwuIm9lkyOG03s0TGmE7up/i0jX2vIqp2BbGSnwdQEL/eSVZx73qQB/J62VFafg13P5yQWDJ33WSoiwhac6bg26HPmPOnCJp5R3c+7jM8N1F1ZbtsKicHSVsRg1RQSree4lchPy7FOPkCuUrB7LNE71mbpOzZNR767S6UAPaXxRw6QNYGBaDqQBwhlU8ZDF5F7EW6ahSUMOI6ECyoibzIMb56xs9osuNeUhB/BcL5sHSFpJjIbdcDLNkEKggrBl6s="
+        ];
+      };
+    };
+  };
+
+  services.fail2ban = {
+    enable = true;
+    package = pkgs.fail2ban;
+    maxretry = 5;
+    bantime = "3h";
+    bantime-increment = {
+      enable = true;
+      rndtime = "10m";
+    };
+  };
+
+  services.tailscale = {
+    enable = true;
+    package = pkgs.tailscale;
+  };
+
+  system.stateVersion = "24.11";
+}

modules/machine/thancred/default.nix

@@ -0,0 +1,6 @@
+{ ... }: {
+  imports = [
+    ./configuration.nix
+    ./hardware-configuration.nix
+  ];
+}

modules/machine/thancred/hardware-configuration.nix

@@ -0,0 +1,32 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/e2e621c1-0090-472a-99d9-61c6a87bd068";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/663E-15C0";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/60104b1a-4285-4dd1-be5e-3c3dee24515a"; }
+    ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

modules/machine/yshtola/configuration.nix

@@ -0,0 +1,271 @@
+{
+  pkgs,
+  userName,
+  ...
+}: let
+  # INFO: set these to your liking
+  matrixFqdn = "chat.wyattjmiller.com";
+  rtcFqdn = "rtc.wyattjmiller.com";
+
+  supportEmail = "wyatt@wyattjmiller.com";
+  livekitKeyFile = "/var/lib/livekit/livekit.key";
+  matrixRegistrationTokenFile = "/var/lib/matrix.key";
+in {
+  imports = [
+    ../../pwrMgmt
+  ];
+
+  # Enable flakes for NixOS
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+
+  nix.settings = {
+    download-buffer-size = 134217728;  # 128 MiB in bytes
+  };
+
+  # Custom kernel/boot stuff
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  # Set your timezone
+  time.timeZone = "America/Detroit";
+
+  # Enable OpenSSH
+  services.openssh = {
+    enable = true;
+    settings.PermitRootLogin = "no";
+    settings.PasswordAuthentication = false;
+  };
+
+  # Enable keyring
+  services.gnome.gnome-keyring.enable = true;
+
+  # Enable GnuPG
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  # Enable SUID wrappers (some programs need them)
+  programs.mtr.enable = true;
+
+  # Enable Polkit
+  security.polkit.enable = true;
+
+  # Power management (see ../../pwrMgmt/default.nix)
+  pwrMgmt = {
+    enable = true;
+    cpuFreqGovernor = "performance";
+    powertop.enable = false;
+  };
+
+  # Firewall settings (fallback, upstream way of doing things)
+  networking.firewall = {
+    enable = true;
+
+    allowedTCPPorts = [
+      80
+      443
+      8448
+      3478
+      5349
+      7880
+      7881
+      8080
+      8081
+    ];
+
+    allowedUDPPorts = [
+      3478
+      7881
+      8448
+    ];
+
+    allowedUDPPortRanges =[
+      # TURN UDP relays
+      { 
+        from = 49000;
+        to = 50000;
+      }
+      # 
+      {
+        from = 50100;
+        to = 50200;
+      }
+    ];
+  };
+
+  # Add username to groups "wheel" and "video" - more may be added here later
+  users.users.${userName} = {
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFV9eSc9L+aJLoKoexq2f/jb5rpyZnhuGiyhS8YQAbaS wyatt@wyattjmiller.com"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4WKvKnnYpTbzZHFEslOKyfiiMqWxhW3AfX6E7ACmYU wyatt@wyattjmiller.com"
+    ];
+    extraGroups = ["wheel" "video" "network"];
+  };
+
+  # fail2ban
+  services.fail2ban = {
+    enable = true;
+    package = pkgs.fail2ban;
+    maxretry = 5;
+    bantime = "3h";
+    bantime-increment = {
+      enable = true;
+      rndtime = "10m";
+    };
+  };
+
+  # Matrix server
+  services.matrix-tuwunel = {
+    enable = true;
+    package = pkgs.matrix-tuwunel;
+    settings = {
+      global = {
+        server_name = matrixFqdn;
+        allow_encryption = true;
+        allow_federation = true;
+        allow_registration = true;
+        registration_token = matrixRegistrationTokenFile;
+        allow_unstable_room_versions = false;
+        allow_experimental_room_versions = false;
+        zstd_compression = true;
+        new_user_displayname_suffix = "✨";
+        max_request_size = 1048575600; # 100MB in bytes, for file uploads
+        database_backup_path = "/var/lib/tuwunel/database_backups";
+        database_backups_to_keep = 2;
+
+        address = [
+          "127.0.0.1"
+          "::1"
+        ];
+        port = [ 8008 ];
+
+        well_known = {
+          client = "https://${matrixFqdn}";
+          server = "${matrixFqdn}:443";
+          support_email = supportEmail;
+          support_mxid = "@wymiller:${matrixFqdn}";
+          
+          rtc_transports = [{
+            type = "livekit";
+            livekit_service_url = "https://${rtcFqdn}";
+          }];
+        };
+      };
+    };
+  };
+
+  # LiveKit (Matrix RTC)
+  services.livekit = {
+    enable = true;
+    package = pkgs.livekit;
+    openFirewall = true;
+    keyFile = livekitKeyFile;
+    settings = {
+      port = 7880;
+      room.auto_create = true;
+      rtc = {
+        use_external_ip = true;
+      };
+    };
+  };
+
+  # Reverse proxy
+  services.caddy = {
+    enable = true;
+    package = pkgs.caddy;
+    virtualHosts = {
+      "${matrixFqdn}" = {
+        extraConfig = ''
+          encode zstd gzip
+          reverse_proxy localhost:8008
+        '';
+      };
+      "${matrixFqdn}:8448" = {
+        extraConfig = ''
+          encode zstd gzip
+          reverse_proxy localhost:8008
+        '';
+      };
+      "${rtcFqdn}" = {
+        extraConfig = ''
+          @jwt_service {
+            path /sfu/get* /healthz*
+          }
+
+          handle @jwt_service {
+            reverse_proxy localhost:8080
+          }
+
+          handle {
+            reverse_proxy localhost:7880 {
+              header_up Connection "upgrade"
+              header_up Upgrade {http.request.header.Upgrade}
+            }
+          }
+        '';
+      };
+    };
+  };
+
+  # LiveKit JWT service
+  services.lk-jwt-service = {
+    enable = true;
+    port = 8080;
+    livekitUrl = "wss://rtc.wyattjmiller.com";
+    keyFile = livekitKeyFile;
+  };
+
+  # Generate LiveKit key if it doesn't exist
+  systemd.services = {
+    matrix-registration-token-gen = {
+      before = [ "tuwunel.service" ];
+      wantedBy = [ "multi-user.target" ];
+      path = with pkgs; [ coreutils openssl ];
+      script = ''
+        set -eu
+
+        if [ -f "${matrixRegistrationTokenFile}" ]; then
+          exit 0
+        fi
+
+        install -d -m 0700 "$(dirname "${matrixRegistrationTokenFile}")"
+
+        TOKEN="$(openssl rand -hex 32)"
+
+        umask 077
+        printf '%s\n' "$TOKEN" > "${matrixRegistrationTokenFile}"
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+        User = "root";
+      };
+    };
+
+    livekit-key-gen = {
+      before = [ "lk-jwt-service.service" "livekit.service" ];
+      wantedBy = [ "multi-user.target" ];
+      path = with pkgs; [ coreutils openssl ];
+      script = ''
+        set -eu
+
+        if [ -f "${livekitKeyFile}" ]; then
+          exit 0
+        fi
+
+        install -d -m 0700 "$(dirname "${livekitKeyFile}")"
+
+        API_KEY="$(openssl rand -hex 8)"
+        API_SECRET="$(openssl rand -hex 32)"
+
+        umask 077
+        printf '%s: %s\n' "$API_KEY" "$API_SECRET" > "${livekitKeyFile}"
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+        User = "root";
+      };
+    };
+  };
+
+  system.stateVersion = "25.11";
+}

modules/machine/yshtola/default.nix

@@ -0,0 +1,6 @@
+{ ... }: {
+  imports = [
+    ./configuration.nix
+    ./hardware-configuration.nix
+  ];
+}

modules/machine/yshtola/hardware-configuration.nix

@@ -0,0 +1,35 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];
+  boot.kernelParams = [ "console=ttyS0,19200n8" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+  boot.loader.grub.extraConfig = ''
+    serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
+    terminal_input serial;
+    terminal_output serial;
+  '';
+  boot.loader.grub.forceInstall = true;
+#  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "nodev";
+  boot.loader.timeout = 10;
+
+  fileSystems."/" =
+    { device = "/dev/sda";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/sdb"; }
+    ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

modules/security/sudo.nix

@@ -5,7 +5,7 @@
 }:
 with lib; {
   options = {
-    security.sudo = {
+    security.sudoers = {
       needsPassword = mkOption {
         type = types.bool;
         default = true;

modules/sound/focusrite.nix

@@ -0,0 +1,33 @@
+# Must be paired with the pipewire Nix module, this does nothing but install packages
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.sound.hardware.focusrite;
+in {
+  options.sound.hardware.focusrite = {
+    enable = mkEnableOption "Focusrite audio interface support";
+    guiSupport = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable GUI support for Focusrite Scarlett audio interface (installs alsa-scarlett-gui)";
+    };
+  };
+  config = mkIf cfg.enable (mkMerge [
+    {
+      environment.systemPackages = with pkgs;
+        [
+          scarlett2
+          alsa-scarlett-gui
+        ]
+        ++ (
+          if cfg.guiSupport
+          then [pkgs.alsa-scarlett-gui]
+          else []
+        );
+    }
+  ]);
+}

modules/sound/pipewire.nix

@@ -1,6 +1,11 @@
-{...}: {
+# TODO: refactor into module
+{ pkgs, ...}: {
   services.pipewire = {
     enable = true;
     pulse.enable = true;
   };
+
+  environment.systemPackages = with pkgs; [
+    helvum
+  ];
 }

modules/sound/shairport.nix

@@ -1,7 +1,16 @@
-{pkgs, ...}: {
+{ lib, pkgs, userName, ...}: {
   services.shairport-sync = {
     enable = pkgs.stdenv.isLinux;
     openFirewall = pkgs.stdenv.isLinux;
-    arguments = "-v -o pw";
+    # arguments = "-v -o pa";
+  };
+
+  systemd.services.shairport-sync = {
+    serviceConfig = {
+      User = lib.mkForce "${userName}";
+    };
+    environment = {
+      XDG_RUNTIME_DIR = "/run/user/1000";
+    };
   };
 }

modules/virtualization/hardware.nix

@@ -1,4 +1,10 @@
-{...}: {
+{ pkgs, ... }: {
   virtualisation.libvirtd.enable = true;
   programs.virt-manager.enable = true;
+  services.qemuGuest.enable = true;
+  services.spice-vdagentd.enable = true;  
+  environment.systemPackages = with pkgs; [
+    qemu
+    quickemu
+  ];
 }