huge

flake.lock

@@ -20,11 +20,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1764714051,
+        "lastModified": 1765900596,
-        "narHash": "sha256-AjcMlM3UoavFoLzr0YrcvsIxALShjyvwe+o7ikibpCM=",
+        "narHash": "sha256-+hn8v9jkkLP9m+o0Nm5SiEq10W0iWDSotH2XfjU45fA=",
         "owner": "hyprwm",
         "repo": "aquamarine",
-        "rev": "a43bedcceced5c21ad36578ed823e6099af78214",
+        "rev": "d83c97f8f5c0aae553c1489c7d9eff3eadcadace",
         "type": "github"
       },
       "original": {
@@ -124,6 +124,28 @@
         "type": "github"
       }
     },
+    "blueprint_2": {
+      "inputs": {
+        "nixpkgs": [
+          "mypackages",
+          "nixpkgs"
+        ],
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1763308703,
+        "narHash": "sha256-O9Y+Wer8wOh+N+4kcCK5p/VLrXyX+ktk0/s3HdZvJzk=",
+        "owner": "numtide",
+        "repo": "blueprint",
+        "rev": "5a9bba070f801d63e2af3c9ef00b86b212429f4f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "blueprint",
+        "type": "github"
+      }
+    },
     "chaotic": {
       "inputs": {
         "flake-schemas": "flake-schemas",
@@ -153,11 +175,11 @@
     },
     "crane": {
       "locked": {
-        "lastModified": 1731098351,
+        "lastModified": 1766194365,
-        "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
+        "narHash": "sha256-4AFsUZ0kl6MXSm4BaQgItD0VGlEKR3iq7gIaL7TjBvc=",
         "owner": "ipetkov",
         "repo": "crane",
-        "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
+        "rev": "7d8ec2c71771937ab99790b45e6d9b93d15d9379",
         "type": "github"
       },
       "original": {
@@ -368,7 +390,43 @@
     },
     "flake-utils_2": {
       "inputs": {
-        "systems": "systems_2"
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_3": {
+      "inputs": {
+        "systems": "systems_4"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_4": {
+      "inputs": {
+        "systems": "systems_6"
       },
       "locked": {
         "lastModified": 1731533236,
@@ -414,11 +472,11 @@
         "zon2nix": "zon2nix"
       },
       "locked": {
-        "lastModified": 1766101315,
+        "lastModified": 1766784567,
-        "narHash": "sha256-FZLl2/ufs2l4XBNO5gelF9g0XmrAvyTiiHJ7GRTB0aI=",
+        "narHash": "sha256-fpRgcNFEGRidNTDk3CVsvKxWIgB9Ph5EM+q5DGe6CI8=",
         "owner": "ghostty-org",
         "repo": "ghostty",
-        "rev": "fa0a982ff26ac851b6cb5d31717ad3deb037be9c",
+        "rev": "c00d7fc5c4dc28bfa14935a84c70591d7103c284",
         "type": "github"
       },
       "original": {
@@ -490,6 +548,24 @@
         "type": "gitlab"
       }
     },
+    "helium-browser": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1766767872,
+        "narHash": "sha256-3CkM0Wm8Bq3081SjfWTZ99KDlbn4qoH8TTjZ47EvHX4=",
+        "path": "/storage/git/helium-browser-nix-flake",
+        "type": "path"
+      },
+      "original": {
+        "path": "/storage/git/helium-browser-nix-flake",
+        "type": "path"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -497,11 +573,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1765980955,
+        "lastModified": 1766682973,
-        "narHash": "sha256-rB45jv4uwC90vM9UZ70plfvY/2Kdygs+zlQ07dGQFk4=",
+        "narHash": "sha256-GKO35onS711ThCxwWcfuvbIBKXwriahGqs+WZuJ3v9E=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "89c9508bbe9b40d36b3dc206c2483ef176f15173",
+        "rev": "91cdb0e2d574c64fae80d221f4bf09d5592e9ec2",
         "type": "github"
       },
       "original": {
@@ -589,11 +665,11 @@
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1766078604,
+        "lastModified": 1766787391,
-        "narHash": "sha256-ECrUjlHZw/jQaLYS1lb10V3gmcHsYgJUgFtP9Z+aOKo=",
+        "narHash": "sha256-YDEf0chnHpMl+symW6UJDM/nvffUO4l7/Orpm4MQBe0=",
         "owner": "hyprwm",
         "repo": "Hyprland",
-        "rev": "6175ecd4c4ba817c4620f66a75e1e11da7c7a8ca",
+        "rev": "d7f26038ee2b44f3d02fe2a7556bafb91a02f46e",
         "type": "github"
       },
       "original": {
@@ -635,11 +711,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1764812575,
+        "lastModified": 1765643131,
-        "narHash": "sha256-1bK1yGgaR82vajUrt6z+BSljQvFn91D74WJ/vJsydtE=",
+        "narHash": "sha256-CCGohW5EBIRy4B7vTyBMqPgsNcaNenVad/wszfddET0=",
         "owner": "hyprwm",
         "repo": "hyprland-guiutils",
-        "rev": "fd321368a40c782cfa299991e5584ca338e36ebe",
+        "rev": "e50ae912813bdfa8372d62daf454f48d6df02297",
         "type": "github"
       },
       "original": {
@@ -660,11 +736,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759610243,
+        "lastModified": 1765214753,
-        "narHash": "sha256-+KEVnKBe8wz+a6dTLq8YDcF3UrhQElwsYJaVaHXJtoI=",
+        "narHash": "sha256-P9zdGXOzToJJgu5sVjv7oeOGPIIwrd9hAUAP3PsmBBs=",
         "owner": "hyprwm",
         "repo": "hyprland-protocols",
-        "rev": "bd153e76f751f150a09328dbdeb5e4fab9d23622",
+        "rev": "3f3860b869014c00e8b9e0528c7b4ddc335c21ab",
         "type": "github"
       },
       "original": {
@@ -729,11 +805,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1762891302,
+        "lastModified": 1766160737,
-        "narHash": "sha256-0SpAxDdbuQamQKh2vnQ9oLr0k3ERF6xlnAsviT/6QEw=",
+        "narHash": "sha256-Z4ZxrRiB9gwnJlPWw6vHE3nXnQipntlBEvygyienhFc=",
         "owner": "hyprwm",
         "repo": "hyprsunset",
-        "rev": "a9243e37778cbe43b1e8566f26956cb3d20cf811",
+        "rev": "3a73694a796ed6a8dd871de130fa0f09fcea9eb2",
         "type": "github"
       },
       "original": {
@@ -806,11 +882,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1764962281,
+        "lastModified": 1766160771,
-        "narHash": "sha256-rGbEMhTTyTzw4iyz45lch5kXseqnqcEpmrHdy+zHsfo=",
+        "narHash": "sha256-roINUGikWRqqgKrD4iotKbGj3ZKJl3hjMz5l/SyKrHw=",
         "owner": "hyprwm",
         "repo": "hyprutils",
-        "rev": "fe686486ac867a1a24f99c753bb40ffed338e4b0",
+        "rev": "5ac060bfcf2f12b3a6381156ebbc13826a05b09f",
         "type": "github"
       },
       "original": {
@@ -860,11 +936,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1764872015,
+        "lastModified": 1766253200,
-        "narHash": "sha256-INI9AVrQG5nJZFvGPSiUZ9FEUZJLfGdsqjF1QSak7Gc=",
+        "narHash": "sha256-26qPwrd3od+xoYVywSB7hC2cz9ivN46VPLlrsXyGxvE=",
         "owner": "hyprwm",
         "repo": "hyprwire",
-        "rev": "7997451dcaab7b9d9d442f18985d514ec5891608",
+        "rev": "1079777525b30a947c8d657fac158e00ae85de9d",
         "type": "github"
       },
       "original": {
@@ -873,6 +949,64 @@
         "type": "github"
       }
     },
+    "ixx": {
+      "inputs": {
+        "flake-utils": [
+          "mypackages",
+          "nix-bwrapper",
+          "nuschtosSearch",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "mypackages",
+          "nix-bwrapper",
+          "nuschtosSearch",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1754860581,
+        "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=",
+        "owner": "NuschtOS",
+        "repo": "ixx",
+        "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NuschtOS",
+        "ref": "v0.1.1",
+        "repo": "ixx",
+        "type": "github"
+      }
+    },
+    "ixx_2": {
+      "inputs": {
+        "flake-utils": [
+          "nix-bwrapper",
+          "nuschtosSearch",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "nix-bwrapper",
+          "nuschtosSearch",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1754860581,
+        "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=",
+        "owner": "NuschtOS",
+        "repo": "ixx",
+        "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NuschtOS",
+        "ref": "v0.1.1",
+        "repo": "ixx",
+        "type": "github"
+      }
+    },
     "jovian": {
       "inputs": {
         "nix-github-actions": "nix-github-actions",
@@ -905,11 +1039,11 @@
         "rust-overlay": "rust-overlay_2"
       },
       "locked": {
-        "lastModified": 1766225539,
+        "lastModified": 1766582277,
-        "narHash": "sha256-0Y6o3oUmQCxrzLIvZTcUAQCPEXAc+tU+N3ZjmzdrC28=",
+        "narHash": "sha256-mUZRMKId7Uycwnt31RytPwhmY/8UTbk92ckZWHoS0Eg=",
         "owner": "nix-community",
         "repo": "lanzaboote",
-        "rev": "14455220bef50f8df94f05e5763cdf51bc704acd",
+        "rev": "4c78502846c1ef668eedbd4f55d818ebac5388ac",
         "type": "github"
       },
       "original": {
@@ -918,6 +1052,26 @@
         "type": "github"
       }
     },
+    "mypackages": {
+      "inputs": {
+        "blueprint": "blueprint_2",
+        "nix-bwrapper": "nix-bwrapper",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "zen-browser": "zen-browser"
+      },
+      "locked": {
+        "lastModified": 1767081883,
+        "narHash": "sha256-L8+rA/HCaJaDrVLRbifRyQoFANN96Y2Sq8E8Fbx+Qkc=",
+        "path": "/storage/git/packages-blueprint",
+        "type": "path"
+      },
+      "original": {
+        "path": "/storage/git/packages-blueprint",
+        "type": "path"
+      }
+    },
     "mysecrets": {
       "flake": false,
       "locked": {
@@ -948,11 +1102,11 @@
         "xwayland-satellite-unstable": "xwayland-satellite-unstable"
       },
       "locked": {
-        "lastModified": 1766090778,
+        "lastModified": 1766765523,
-        "narHash": "sha256-e1SOJYHe5IbKFIOpWswB/4nIog1Zx5iXA4YB49XTFxE=",
+        "narHash": "sha256-DCk3GKdKZNjpvNuDy9ZVfVwCy3tlm96/UZnYkJO7N44=",
         "owner": "sodiboo",
         "repo": "niri-flake",
-        "rev": "d06ab0308d797dc4b2f9025d5952cca90afd11a7",
+        "rev": "a3e638c75d07de759421e6f34bd69c3f9a0a3567",
         "type": "github"
       },
       "original": {
@@ -981,11 +1135,11 @@
     "niri-unstable": {
       "flake": false,
       "locked": {
-        "lastModified": 1766085543,
+        "lastModified": 1766751930,
-        "narHash": "sha256-96X+37m2HH8IG3BzXEN3d4eHeUbiu9g1Q+KJQRX/Jpw=",
+        "narHash": "sha256-83/YSW6c58i/iwGzAFApuMy6MCgoIaROeCcoIGh+ViU=",
         "owner": "YaLTeR",
         "repo": "niri",
-        "rev": "c4462d0c7fddfc11c9e98d43e3ef68a5b3c844ca",
+        "rev": "b5640d5293ad8dca06cb447692ea7cbb21680eb1",
         "type": "github"
       },
       "original": {
@@ -994,6 +1148,51 @@
         "type": "github"
       }
     },
+    "nix-bwrapper": {
+      "inputs": {
+        "nixpkgs": [
+          "mypackages",
+          "nixpkgs"
+        ],
+        "nuschtosSearch": "nuschtosSearch",
+        "treefmt-nix": "treefmt-nix"
+      },
+      "locked": {
+        "lastModified": 1766319780,
+        "narHash": "sha256-Uh5180wjvBtSgtJ9zccZ7hu7bd7nvrnb6ff0nDwT2Rw=",
+        "owner": "Naxdy",
+        "repo": "nix-bwrapper",
+        "rev": "3b0d58d4d3e8da89147369d803926998798443e4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Naxdy",
+        "repo": "nix-bwrapper",
+        "type": "github"
+      }
+    },
+    "nix-bwrapper_2": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nuschtosSearch": "nuschtosSearch_2",
+        "treefmt-nix": "treefmt-nix_2"
+      },
+      "locked": {
+        "lastModified": 1766319780,
+        "narHash": "sha256-Uh5180wjvBtSgtJ9zccZ7hu7bd7nvrnb6ff0nDwT2Rw=",
+        "owner": "Naxdy",
+        "repo": "nix-bwrapper",
+        "rev": "3b0d58d4d3e8da89147369d803926998798443e4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Naxdy",
+        "repo": "nix-bwrapper",
+        "type": "github"
+      }
+    },
     "nix-flatpak": {
       "locked": {
         "lastModified": 1754777568,
@@ -1079,11 +1278,11 @@
     },
     "nixos-facter-modules": {
       "locked": {
-        "lastModified": 1765442039,
+        "lastModified": 1766558141,
-        "narHash": "sha256-k3lYQ+A1F7aTz8HnlU++bd9t/x/NP2A4v9+x6opcVg0=",
+        "narHash": "sha256-Ud9v49ZPsoDBFuyJSQ2Mpw1ZgAH/aMwUwwzrVoetNus=",
         "owner": "numtide",
         "repo": "nixos-facter-modules",
-        "rev": "9dd775ee92de63f14edd021d59416e18ac2c00f1",
+        "rev": "e796d536e3d83de74267069e179dc620a608ed7d",
         "type": "github"
       },
       "original": {
@@ -1094,11 +1293,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1765779637,
+        "lastModified": 1766651565,
-        "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=",
+        "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4",
+        "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539",
         "type": "github"
       },
       "original": {
@@ -1110,11 +1309,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1765838191,
+        "lastModified": 1766736597,
-        "narHash": "sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8=",
+        "narHash": "sha256-BASnpCLodmgiVn0M1MU2Pqyoz0aHwar/0qLkp7CjvSQ=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c6f52ebd45e5925c188d1a20119978aa4ffd5ef6",
+        "rev": "f560ccec6b1116b22e6ed15f4c510997d99d5852",
         "type": "github"
       },
       "original": {
@@ -1124,6 +1323,22 @@
         "type": "github"
       }
     },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1766070988,
+        "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nur": {
       "inputs": {
         "flake-parts": [
@@ -1149,6 +1364,51 @@
         "type": "github"
       }
     },
+    "nuschtosSearch": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "ixx": "ixx",
+        "nixpkgs": [
+          "mypackages",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1758662783,
+        "narHash": "sha256-igrxT+/MnmcftPOHEb+XDwAMq3Xg1Xy7kVYQaHhPlAg=",
+        "owner": "NuschtOS",
+        "repo": "search",
+        "rev": "7d4c0fc4ffe3bd64e5630417162e9e04e64b27a4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NuschtOS",
+        "repo": "search",
+        "type": "github"
+      }
+    },
+    "nuschtosSearch_2": {
+      "inputs": {
+        "flake-utils": "flake-utils_3",
+        "ixx": "ixx_2",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1758662783,
+        "narHash": "sha256-igrxT+/MnmcftPOHEb+XDwAMq3Xg1Xy7kVYQaHhPlAg=",
+        "owner": "NuschtOS",
+        "repo": "search",
+        "rev": "7d4c0fc4ffe3bd64e5630417162e9e04e64b27a4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NuschtOS",
+        "repo": "search",
+        "type": "github"
+      }
+    },
     "pre-commit": {
       "inputs": {
         "flake-compat": "flake-compat_3",
@@ -1182,11 +1442,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1765016596,
+        "lastModified": 1765911976,
-        "narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=",
+        "narHash": "sha256-t3T/xm8zstHRLx+pIHxVpQTiySbKqcQbK+r+01XVKc0=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c",
+        "rev": "b68b780b69702a090c8bb1b973bab13756cc7a27",
         "type": "github"
       },
       "original": {
@@ -1224,12 +1484,15 @@
         "disko": "disko",
         "dms": "dms",
         "ghostty": "ghostty",
+        "helium-browser": "helium-browser",
         "home-manager": "home-manager",
         "hyprland": "hyprland",
         "hyprsunset": "hyprsunset",
         "lanzaboote": "lanzaboote",
+        "mypackages": "mypackages",
         "mysecrets": "mysecrets",
         "niri-flake": "niri-flake",
+        "nix-bwrapper": "nix-bwrapper_2",
         "nix-flatpak": "nix-flatpak",
         "nix-index-database": "nix-index-database",
         "nixos-cosmic": "nixos-cosmic",
@@ -1238,8 +1501,9 @@
         "nixpkgs-stable": "nixpkgs-stable",
         "sops-nix": "sops-nix",
         "stylix": "stylix",
-        "systems": "systems",
+        "systems": "systems_5",
         "vicinae": "vicinae",
+        "zen-browser": "zen-browser_2",
         "zmx": "zmx"
       }
     },
@@ -1272,11 +1536,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1731897198,
+        "lastModified": 1766285238,
-        "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
+        "narHash": "sha256-DqVXFZ4ToiFHgnxebMWVL70W+U+JOxpmfD37eWD/Qc8=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
+        "rev": "c4249d0c370d573d95e33b472014eae4f2507c2f",
         "type": "github"
       },
       "original": {
@@ -1313,11 +1577,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1765836173,
+        "lastModified": 1766289575,
-        "narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=",
+        "narHash": "sha256-BOKCwOQQIP4p9z8DasT5r+qjri3x7sPCOq+FTjY8Z+o=",
         "owner": "mic92",
         "repo": "sops-nix",
-        "rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63",
+        "rev": "9836912e37aef546029e48c8749834735a6b9dad",
         "type": "github"
       },
       "original": {
@@ -1349,11 +1613,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1765897595,
+        "lastModified": 1766603026,
-        "narHash": "sha256-NgTRxiEC5y96zrhdBygnY+mSzk5FWMML39PcRGVJmxg=",
+        "narHash": "sha256-J2DDdRqSU4w9NNgkMfmMeaLIof5PXtS9RG7y6ckDvQE=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "e6829552d4bb659ebab00f08c61d8c62754763f3",
+        "rev": "551df12ee3ebac52c5712058bd97fd9faa4c3430",
         "type": "github"
       },
       "original": {
@@ -1392,6 +1656,66 @@
         "type": "github"
       }
     },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_4": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_5": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_6": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "tinted-foot": {
       "flake": false,
       "locked": {
@@ -1473,6 +1797,65 @@
         "type": "github"
       }
     },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "mypackages",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1758728421,
+        "narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    },
+    "treefmt-nix_2": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1758728421,
+        "narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    },
+    "utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "vicinae": {
       "inputs": {
         "nixpkgs": [
@@ -1483,11 +1866,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1765982567,
+        "lastModified": 1766796267,
-        "narHash": "sha256-lii6QTyRYIaQk9eDsvwzSZ1ZlICQoP/sIAWDGlXVpbI=",
+        "narHash": "sha256-X0BnS+bb7pj8LwIaTkJeU9CZ8Nqh4sNjyN5JQXggOvc=",
         "owner": "vicinaehq",
         "repo": "vicinae",
-        "rev": "69f8a116929b9bc5f4b0e3b822a148ae657bb9c6",
+        "rev": "b6229556c2cbabda6ce9c63863b11265b2dba134",
         "type": "github"
       },
       "original": {
@@ -1557,11 +1940,11 @@
     "xwayland-satellite-unstable": {
       "flake": false,
       "locked": {
-        "lastModified": 1765935116,
+        "lastModified": 1766429945,
-        "narHash": "sha256-lNyckAdrhNKXsi9pNOBYajntNFlWs+BITVoIZuNuwX0=",
+        "narHash": "sha256-9Kv4gWagx/u4RfZJzBMAoagW9ava5waxd+XoTkzqF7E=",
         "owner": "Supreeeme",
         "repo": "xwayland-satellite",
-        "rev": "979eab242e60cf481a31d9de508a1bdaf2dcf7d4",
+        "rev": "0dde7ca1d3a8e8c5082533d76084e2aa02bef70e",
         "type": "github"
       },
       "original": {
@@ -1570,6 +1953,45 @@
         "type": "github"
       }
     },
+    "zen-browser": {
+      "inputs": {
+        "nixpkgs": [
+          "mypackages",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1766377218,
+        "narHash": "sha256-y3g3OqPB0tmRjbHJNnJKivSQRtAJR+/9S1xbxBWEatg=",
+        "owner": "youwen5",
+        "repo": "zen-browser-flake",
+        "rev": "2f61341b32dd69c07e147188e67e09ba2bb99c33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "youwen5",
+        "repo": "zen-browser-flake",
+        "type": "github"
+      }
+    },
+    "zen-browser_2": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1766377218,
+        "narHash": "sha256-y3g3OqPB0tmRjbHJNnJKivSQRtAJR+/9S1xbxBWEatg=",
+        "owner": "youwen5",
+        "repo": "zen-browser-flake",
+        "rev": "2f61341b32dd69c07e147188e67e09ba2bb99c33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "youwen5",
+        "repo": "zen-browser-flake",
+        "type": "github"
+      }
+    },
     "zig": {
       "inputs": {
         "flake-compat": [
@@ -1601,7 +2023,7 @@
     },
     "zig2nix": {
       "inputs": {
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils_4",
         "nixpkgs": [
           "nixpkgs"
         ]

flake.nix

@@ -6,14 +6,17 @@
     chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
     # TODO: unpin when refactor is fixed
     dms.url = "github:AvengeMedia/DankMaterialShell/42a283";
+    # TODO: remove disko
     disko.url = "github:nix-community/disko/latest";
     ghostty.url = "github:ghostty-org/ghostty";
     home-manager.url = "github:nix-community/home-manager";
     hyprland.url = "github:hyprwm/Hyprland";
     hyprsunset.url = "github:hyprwm/hyprsunset";
     lanzaboote.url = "github:nix-community/lanzaboote";
+    mypackages.url = "path:/storage/git/packages-blueprint";
     mysecrets.url = "git+ssh://gitea@gitea.linerds.us/unexplrd/nix-secrets";
     niri-flake.url = "github:sodiboo/niri-flake";
+    nix-bwrapper.url = "github:Naxdy/nix-bwrapper";
     nix-flatpak.url = "github:gmodena/nix-flatpak";
     nix-index-database.url = "github:nix-community/nix-index-database";
     nixos-cosmic.url = "github:lilyinstarlight/nixos-cosmic";
@@ -24,8 +27,11 @@
     stylix.url = "github:danth/stylix";
     systems.url = "github:nix-systems/default";
     vicinae.url = "github:vicinaehq/vicinae";
+    zen-browser.url = "github:youwen5/zen-browser-flake";
     zmx.url = "github:brittonr/zmx";
+    helium-browser.url = "path:/storage/git/helium-browser-nix-flake";
 
+    # the absolute horror of input deduplication
     blueprint.inputs.nixpkgs.follows = "nixpkgs";
     blueprint.inputs.systems.follows = "systems";
     chaotic.inputs.home-manager.follows = "home-manager";
@@ -45,9 +51,13 @@
     hyprsunset.inputs.nixpkgs.follows = "nixpkgs";
     hyprsunset.inputs.systems.follows = "hyprland/systems";
     lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
+    mypackages.inputs.nixpkgs.follows = "nixpkgs";
     mysecrets.flake = false;
     niri-flake.inputs.nixpkgs-stable.follows = "nixpkgs-stable";
     niri-flake.inputs.nixpkgs.follows = "nixpkgs";
+    nix-bwrapper.inputs.nixpkgs.follows = "nixpkgs";
+    nix-bwrapper.inputs.nuschtosSearch.inputs.nixpkgs.follows = "nixpkgs";
+    nix-bwrapper.inputs.treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
     nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
     nixos-cosmic.inputs.nixpkgs-stable.follows = "nixpkgs-stable";
     nixos-cosmic.inputs.nixpkgs.follows = "nixpkgs";
@@ -57,6 +67,7 @@
     vicinae.inputs.nixpkgs.follows = "nixpkgs";
     vicinae.inputs.systems.follows = "systems";
     zmx.inputs.zig2nix.inputs.nixpkgs.follows = "nixpkgs";
+    helium-browser.inputs.nixpkgs.follows = "nixpkgs";
   };
 
   outputs = inputs: inputs.blueprint {inherit inputs;};

hosts/sarien/misc/default.nix

@@ -1,5 +1,5 @@
 {
   imports = [
-    # ./distributed-build.nix
+    ./distributed-build.nix
   ];
 }

hosts/sarien/misc/distributed-build.nix

@@ -0,0 +1,28 @@
+{
+  config,
+  inputs,
+  ...
+}: let
+  inherit (builtins) readFile;
+  inherit (config.networking) hostName;
+  inherit (config.sops) secrets;
+  inherit (inputs) mysecrets;
+  pubHost = readFile "${mysecrets}/ssh/ssh_host_ed25519_dunamis.base64";
+in {
+  nix = {
+    distributedBuilds = true;
+    buildMachines = [
+      {
+        hostName = "dunamis";
+        maxJobs = 3;
+        protocol = "ssh-ng";
+        publicHostKey = pubHost;
+        speedFactor = 2;
+        sshKey = secrets."ssh-${hostName}-user".path;
+        sshUser = "nix-ssh";
+        supportedFeatures = ["benchmark" "big-parallel" "kvm" "nixos-test"];
+        system = "x86_64-linux";
+      }
+    ];
+  };
+}

justfile

@@ -1,5 +1,5 @@
 set unstable
-flake_path := "/etc/nixos"
+flake_path := "path:/etc/nixos"
 
 privesc := if which("sudo") != "" { 
     "sudo" 
@@ -13,22 +13,35 @@ privesc := if which("sudo") != "" {
     error("No privilege escalation tool found")
 }
 
+alias b := build
+alias sw := switch
+alias up := update
+alias upp := update-input
+alias gc := collect-garbage
+alias ca := clean-all
+
 default:
     @just --list
 
 # Rebuild and switch
 [group('nix')]
-sw:
+build:
-    nh os switch {{flake_path}}
+    nh os build {{flake_path}}
+    @rm -f result
+
+# Don't want to enter password 3 times with doas/run0
+[group('nix')]
+switch:
+    {{privesc}} nixos-rebuild switch --flake {{flake_path}}
 
 # Update and switch
 [group('nix')]
-up:
+update:
     nh os switch --update {{flake_path}}
 
 # Update specific input: `just upp nixpkgs`
 [group('nix')]
-upp input:
+update-input input:
     nix flake update {{input}}
 
 # Test
@@ -38,12 +51,12 @@ test:
 
 # Collect garbage
 [group('nix')]
-gc:
+collect-garbage:
     nix-collect-garbage --delete-old
     {{privesc}} nix-collect-garbage -d
     {{privesc}} /run/current-system/bin/switch-to-configuration boot
 
 # Run `nh clean all`
 [group('nix')]
-ca:
+clean-all:
     nh clean all

modules/hm-programs/fish.nix

@@ -1,44 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
-  inherit (lib) mkIf mkEnableOption getExe;
-in {
-  programs = {
-    atuin = {
-      enable = true;
-      flags = [
-        "--disable-up-arrow"
-      ];
-    };
-    fish = {
-      enable = true; # friendly interactive shell in rust
-      shellAliases = {
-        cd = "z";
-        ed = "$EDITOR";
-        jf = "jj-fzf"; # think of jeff
-        jo = "joshuto"; # think of josh
-        l = "ls -lah";
-        la = "ls -ah";
-        ll = "ls -lh";
-        p = "pueue";
-        s = "systemctl";
-        stui = "systemctl-tui";
-      };
-      shellAbbrs = {
-        pa = "pueue add --";
-        pl = "pueue log";
-      };
-      interactiveShellInit = ''
-        bind \e\[3\;5~ kill-word
-        bind \cH backward-kill-word
-        set fish_greeting
-        set fish_cursor_default     block      blink
-        # ${getExe pkgs.bat-extras.batman} --export-env | source
-        if test -e ~/.profile; source ~/.profile; end
-      '';
-    };
-  };
-}

modules/home/desktop/dms/programs/niri.nix

@@ -57,7 +57,7 @@ in {
           variant =
             "colemak_dh"
             + (
-              if osConfig.module.host.name == "dunamis"
+              if osConfig.unexplrd.host.name == "dunamis"
               then "_ortho"
               else ""
             )

modules/home/desktop/dms/services.nix

@@ -34,11 +34,11 @@
       };
     };
   in {
-    polkit-agent = mkGraphicalService {
+    # polkit-agent = mkGraphicalService {
-      Service = {
+    #   Service = {
-        Type = "simple";
+    #     Type = "simple";
-        ExecStart = pkgs.mate.mate-polkit + "/libexec/polkit-mate-authentication-agent-1";
+    #     ExecStart = pkgs.mate.mate-polkit + "/libexec/polkit-mate-authentication-agent-1";
-      };
+    #   };
-    };
+    # };
   };
 }

modules/home/programs/atuin.nix

@@ -0,0 +1,7 @@
+{
+  programs.atuin = {
+    flags = [
+      "--disable-up-arrow"
+    ];
+  };
+}

modules/home/programs/default.nix

@@ -1,6 +1,15 @@
 {
   imports = [
+    ./atuin.nix
+    ./fish.nix
+    ./ghostty.nix
+    ./helix.nix
+    ./kitty.nix
+    ./oh-my-posh.nix
     ./syncthing.nix
+    ./wezterm.nix
     ./wl-kbptr.nix
+    ./yazi.nix
+    ./zed-editor.nix
   ];
 }

modules/home/programs/fish.nix

@@ -0,0 +1,34 @@
+{
+  pkgs,
+  lib,
+  ...
+}: let
+  inherit (lib) getExe;
+in {
+  programs.fish = {
+    shellAliases = {
+      cd = "z";
+      ed = "$EDITOR";
+      jf = "jj-fzf"; # think of jeff
+      jo = "joshuto"; # think of josh
+      l = "ls -lah";
+      la = "ls -ah";
+      ll = "ls -lh";
+      p = "pueue";
+      s = "systemctl";
+      stui = "systemctl-tui";
+    };
+    shellAbbrs = {
+      pa = "pueue add --";
+      pl = "pueue log";
+    };
+    interactiveShellInit = ''
+      bind \e\[3\;5~ kill-word
+      bind \cH backward-kill-word
+      set fish_greeting
+      set fish_cursor_default     block      blink
+      # ${getExe pkgs.bat-extras.batman} --export-env | source
+      if test -e ~/.profile; source ~/.profile; end
+    '';
+  };
+}

modules/home/programs/ghostty.nix

@@ -5,7 +5,6 @@
   ...
 }: {
   programs.ghostty = {
-    enable = true;
     package = perSystem.ghostty.ghostty;
     settings = {
       gtk-single-instance = true;

modules/home/programs/helix.nix

@@ -7,8 +7,7 @@
   inherit (lib) getExe;
 in {
   programs.helix = {
-    enable = true; # vim-like editor in rust
+    # defaultEditor = true;
-    defaultEditor = true;
     settings = {
       editor = {
         bufferline = "multiple";

modules/home/programs/kitty.nix

@@ -4,7 +4,6 @@
   ...
 }: {
   programs.kitty = {
-    enable = true;
     settings = {
       tab_bar_edge = "bottom";
       tab_bar_align = "left";

modules/home/programs/oh-my-posh.nix

@@ -4,7 +4,6 @@
   ...
 }: {
   programs.oh-my-posh = {
-    enable = true;
     settings = {
       # version = 2;
       final_space = true;

modules/home/programs/wezterm.nix

@@ -6,7 +6,6 @@
   ...
 }: {
   programs.wezterm = {
-    enable = true;
     # package = inputs.wezterm.packages.${pkgs.system}.default;
     extraConfig = let
       arrows = {

modules/home/programs/yazi.nix

@@ -5,8 +5,6 @@
   ...
 }: {
   programs.yazi = {
-    enable = true; # file manager in rust
-    enableNushellIntegration = true;
     shellWrapperName = "y";
     settings = {
       opener = {

modules/home/programs/zed-editor.nix

@@ -4,10 +4,9 @@
   lib,
   ...
 }: let
-  inherit (lib) getExe;
+  inherit (lib) getExe mkForce;
 in {
   programs.zed-editor = {
-    enable = true;
     extensions = [
       "bash"
       "fsharp"

modules/nixos/desktop/common/default.nix

@@ -6,11 +6,6 @@
     ./pipewire.nix
   ];
   fonts.fontDir.enable = true;
-  security = {
-    pam = {
-      services.greetd.enableGnomeKeyring = config.services.greetd.enable && config.services.gnome.gnome-keyring.enable;
-    };
-  };
   services.udisks2.enable = true;
   programs.dconf.enable = true;
 }

modules/nixos/desktop/common/gnome-keyring.nix

@@ -5,21 +5,16 @@
   ...
 }: let
   inherit (lib) mkEnableOption mkIf;
-  cfg = config.module.desktop.gnome-keyring;
+  cfg = config.module.gnome-keyring;
 in {
   options = {
-    module.desktop.gnome-keyring.enable = mkEnableOption "enable gnome keyring";
+    module.gnome-keyring.enable = mkEnableOption "enable gnome keyring";
   };
 
   config = mkIf cfg.enable {
-    environment.systemPackages = with pkgs; [
+    environment.systemPackages = with pkgs; [gcr_4 libsecret];
-      gcr_4
-      libsecret
-    ];
     programs.seahorse.enable = true;
     services.gnome.gnome-keyring.enable = true;
-    xdg.portal.config.common = {
+    xdg.portal.config.common."org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
-      "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
-    };
   };
 }

modules/nixos/desktop/common/greeter.nix

@@ -31,6 +31,7 @@ in {
       };
     })
     (mkIf (cfg.displayManager == "greetd") {
+      security.pam.services.greetd.enableGnomeKeyring = config.services.greetd.enable && config.services.gnome.gnome-keyring.enable;
       programs.regreet.enable = true;
       services.greetd = {
         enable = true;

modules/nixos/desktop/common/pipewire.nix

@@ -5,57 +5,60 @@
 }: let
   inherit (lib) mkEnableOption mkIf;
 
-  cfg = config.sound.pipewire;
+  cfg = config.module.pipewire;
 in {
   options = {
-    sound.pipewire.enable = mkEnableOption "enable pipewire";
+    module.pipewire.enable = mkEnableOption "enable pipewire";
   };
 
   config = mkIf cfg.enable {
-    security.rtkit.enable = true;
+    security.rtkit = {
+      enable = true;
+      args = ["--no-canary"];
+    };
     services.pulseaudio.enable = false;
     services.pipewire = {
       enable = true;
       alsa.enable = true;
       pulse.enable = true;
-
+      # extraConfig.pipewire."92-low-latency" = {
-      extraConfig = {
+      #   "context.properties" = {
-        pipewire = {
+      #     "default.clock.rate" = 48000;
-          "92-low-latency" = {
+      #     "default.clock.quantum" = 32;
-            "context.properties" = {
+      #     "default.clock.min-quantum" = 32;
-              "default.clock.rate" = 48000;
+      #     "default.clock.max-quantum" = 32;
-              "default.clock.allowed-rates" = [
+      #   };
-                44100
+      # };
-                48000
+      wireplumber.extraConfig."10-alsa-vm" = {
-                88200
+        "api.alsa.period-size" = 1024 / 2; # seems to fix random crackling
-                96000
-              ];
-
-              "default.clock.min-quantum" = 512;
-              "default.clock.quantum" = 4096;
-              "default.clock.max-quantum" = 8192;
       };
-          };
+      extraConfig.pipewire-pulse."93-auto-connect" = {
-
+        "pulse.cmd" = [
-          "93-no-resampling" = {
+          {
-            "context.properties" = {
+            cmd = "load-module";
-              "default.clock.rate" = 48000;
+            args = "module-switch-on-connect";
-              "default.clock.allowed-rates" = [
+          }
-                44100
-                48000
-                96000
-                192000
         ];
       };
-          };
+      # extraConfig.pipewire-pulse."92-low-latency" = {
-
+      #   "context.properties" = [
-          "94-no-upmixing" = {
+      #     {
-            "stream.properties" = {
+      #       name = "libpipewire-module-protocol-pulse";
-              "channelmix.upmix" = false;
+      #       args = {};
-            };
+      #     }
-          };
+      #   ];
-        };
+      #   "pulse.properties" = {
-      };
+      #     "pulse.min.req" = "32/48000";
+      #     "pulse.default.req" = "32/48000";
+      #     "pulse.max.req" = "32/48000";
+      #     "pulse.min.quantum" = "32/48000";
+      #     "pulse.max.quantum" = "32/48000";
+      #   };
+      #   "stream.properties" = {
+      #     "node.latency" = "32/48000";
+      #     "resample.quality" = 1;
+      #   };
+      # };
     };
   };
 }

modules/nixos/desktop/cosmic/default.nix

@@ -17,7 +17,7 @@ in {
   };
   config = mkIf cfg.enable {
     module.desktop.displayManager = "cosmic";
-    sound.pipewire.enable = true;
+    module.pipewire.enable = true;
 
     environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1;
     services.desktopManager.cosmic.enable = true;

modules/nixos/desktop/default.nix

@@ -4,8 +4,8 @@
     ./cosmic
     ./dms
     ./gnome
-    ./hyprland
+    # ./hyprland
-    ./niri
+    # ./niri
-    ./plasma
+    # ./plasma
   ];
 }

modules/nixos/desktop/dms/default.nix

@@ -23,21 +23,19 @@ in {
       enable = true;
       extraPortals = with pkgs; [xdg-desktop-portal-gnome xdg-desktop-portal-gtk];
       config.niri.default = ["gnome" "gtk"];
+      config.common."org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
     };
 
-    module.desktop.gnome-keyring.enable = true;
+    module.gnome-keyring.enable = true;
-    sound.pipewire.enable = true;
+    module.pipewire.enable = true;
 
     services.gvfs.enable = true;
-
-    programs.niri = {
-      enable = true;
-      package = perSystem.niri-flake.niri-unstable;
-    };
-
     systemd.user.services.niri-flake-polkit.enable = false;
 
-    programs.dankMaterialShell = {
+    programs = {
+      niri.enable = true;
+      niri.package = perSystem.niri-flake.niri-unstable;
+      dankMaterialShell = {
         enable = true;
         greeter = {
           enable = true;
@@ -46,4 +44,5 @@ in {
         };
       };
     };
+  };
 }

modules/nixos/desktop/gnome/default.nix

@@ -14,7 +14,7 @@ in {
   config = lib.mkMerge [
     (mkIf cfg.enable {
       module.desktop.displayManager = "gdm";
-      sound.pipewire.enable = true;
+      module.pipewire.enable = true;
       services.desktopManager.gnome.enable = true;
       environment.gnome.excludePackages = with pkgs; [
         orca

modules/nixos/desktop/jay.nix

@@ -5,7 +5,7 @@
   ...
 }: let
   inherit (lib) mkIf mkEnableOption getExe;
-  cfg = config.desktop.niri;
+  cfg = config.desktop.jay;
 in {
   options = {
     desktop.niri.enable =

modules/nixos/desktop/niri/default.nix

@@ -15,11 +15,9 @@ in {
   };
   config = lib.mkMerge [
     (mkIf cfg.enable {
-      module.desktop = {
+      module.desktop.displayManager = "greetd";
-        displayManager = "greetd";
+      module.gnome-keyring.enable = true;
-        gnome-keyring.enable = true;
+      module.pipewire.enable = true;
-      };
-      sound.pipewire.enable = true;
 
       # nixpkgs.overlays = [inputs.niri.overlays.default];
 

modules/nixos/system/common.nix

@@ -1,45 +0,0 @@
-{
-  lib,
-  pkgs,
-  ...
-}: {
-  boot.tmp.cleanOnBoot = lib.mkDefault true;
-
-  console.font = "${pkgs.spleen}/share/consolefonts/spleen-16x32.psfu";
-
-  environment = {
-    ldso32 = null;
-    # memoryAllocator.provider = "mimalloc"; # weird memory consumption stuff
-    variables = {
-      LESS = "-R --mouse";
-    };
-  };
-
-  networking.networkmanager.enable = true;
-
-  services.openssh.settings = {
-    X11Forwarding = false;
-    KbdInteractiveAuthentication = false;
-    PasswordAuthentication = false;
-    UseDns = false;
-    # unbind gnupg sockets if they exists
-    StreamLocalBindUnlink = true;
-
-    # Use key exchange algorithms recommended by `nixpkgs#ssh-audit`
-    KexAlgorithms = [
-      "curve25519-sha256"
-      "curve25519-sha256@libssh.org"
-      "diffie-hellman-group16-sha512"
-      "diffie-hellman-group18-sha512"
-      "sntrup761x25519-sha512@openssh.com"
-    ];
-  };
-
-  services.journald.extraConfig = ''
-    SystemMaxUse=1G
-  '';
-  systemd.coredump.extraConfig = ''
-    Storage=none
-    ProcessSizeMax=0
-  '';
-}

modules/nixos/system/default.nix

@@ -1,8 +0,0 @@
-{
-  imports = [
-    ./common.nix
-    ./misc
-    ./stylix
-    ./virt
-  ];
-}

modules/nixos/system/misc/default.nix

@@ -1,6 +0,0 @@
-{
-  imports = [
-    ./opentabletdriver.nix
-    ./qmk-vial.nix
-  ];
-}

modules/nixos/system/misc/opentabletdriver.nix

@@ -1,22 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  inherit (lib) mkIf mkEnableOption;
-in {
-  options = {
-    module.misc.opentabletdriver.enable =
-      mkEnableOption "enables opentabletdriver";
-  };
-  config = mkIf config.module.misc.opentabletdriver.enable {
-    hardware.opentabletdriver = {
-      enable = true;
-      daemon.enable = true;
-      blacklistedKernelModules = [
-        "hid-uclogic"
-        "wacom"
-      ];
-    };
-  };
-}

modules/nixos/system/misc/qmk-vial.nix

@@ -1,17 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  inherit (lib) mkIf mkEnableOption;
-in {
-  options = {
-    module.misc.qmk-vial.enable =
-      mkEnableOption "adds a udev rule for vial keyboards";
-  };
-  config = mkIf config.module.misc.qmk-vial.enable {
-    services.udev.extraRules = ''
-      KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
-    '';
-  };
-}

modules/nixos/system/virt/default.nix

@@ -1,7 +0,0 @@
-{
-  imports = [
-    ./libvirt.nix
-    ./podman.nix
-    ./docker.nix
-  ];
-}

modules/nixos/system/virt/docker.nix

@@ -1,29 +0,0 @@
-{
-  # pkgs,
-  config,
-  lib,
-  ...
-}:
-with lib; let
-  cfg = config.module.virt.docker;
-in {
-  options = {
-    module.virt.docker.enable =
-      mkEnableOption "enable docker";
-  };
-  config = mkIf cfg.enable {
-    virtualisation.docker = {
-      enable = true;
-      rootless = {
-        enable = true;
-        setSocketVariable = true;
-      };
-      storageDriver = "btrfs";
-      autoPrune.enable = true;
-      #defaultNetwork.settings = {
-      #  dns_enabled = true;
-      #};
-    };
-    virtualisation.oci-containers.backend = "docker";
-  };
-}

modules/nixos/system/virt/libvirt.nix

@@ -1,35 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}:
-with lib; let
-  cfg = config.module.virt.libvirt;
-in {
-  options = {
-    module.virt.libvirt.enable =
-      mkEnableOption "enables virtualisation";
-  };
-  config = mkIf cfg.enable {
-    virtualisation.libvirtd = {
-      enable = true;
-      qemu = {
-        package = pkgs.qemu_kvm;
-        runAsRoot = false;
-        swtpm.enable = true;
-        vhostUserPackages = [pkgs.virtiofsd];
-        # ovmf = {
-        #   enable = true;
-        #   packages = [
-        #     (pkgs.OVMF.override {
-        #       secureBoot = true;
-        #       tpmSupport = true;
-        #     })
-        #     .fd
-        #   ];
-        # };
-      };
-    };
-  };
-}

modules/nixos/system/virt/podman.nix

@@ -1,29 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}:
-with lib; let
-  cfg = config.module.virt.podman;
-in {
-  options = {
-    module.virt.podman.enable =
-      mkEnableOption "enables podman";
-  };
-  config = mkIf cfg.enable {
-    virtualisation = {
-      containers.enable = true;
-      podman = {
-        enable = true;
-        dockerCompat = true;
-        defaultNetwork.settings.dns_enabled = true;
-      };
-    };
-    virtualisation.oci-containers.backend = "podman";
-    environment.systemPackages = with pkgs; [
-      podman-tui
-      podman-compose
-    ];
-  };
-}

modules/programs-nixos/docker.nix

@@ -0,0 +1,20 @@
+{
+  # pkgs,
+  config,
+  lib,
+  ...
+}: {
+  virtualisation.docker = {
+    enable = true;
+    rootless = {
+      enable = true;
+      setSocketVariable = true;
+    };
+    storageDriver = "btrfs";
+    autoPrune.enable = true;
+    #defaultNetwork.settings = {
+    #  dns_enabled = true;
+    #};
+  };
+  virtualisation.oci-containers.backend = "docker";
+}

modules/programs-nixos/libvirt.nix

@@ -0,0 +1,26 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: {
+  virtualisation.libvirtd = {
+    enable = true;
+    qemu = {
+      package = pkgs.qemu_kvm;
+      runAsRoot = false;
+      swtpm.enable = true;
+      vhostUserPackages = [pkgs.virtiofsd];
+      # ovmf = {
+      #   enable = true;
+      #   packages = [
+      #     (pkgs.OVMF.override {
+      #       secureBoot = true;
+      #       tpmSupport = true;
+      #     })
+      #     .fd
+      #   ];
+      # };
+    };
+  };
+}

modules/programs-nixos/opentabletdriver.nix

@@ -0,0 +1,14 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  hardware.opentabletdriver = {
+    enable = true;
+    daemon.enable = true;
+    blacklistedKernelModules = [
+      "hid-uclogic"
+      "wacom"
+    ];
+  };
+}

modules/programs-nixos/podman.nix

@@ -0,0 +1,20 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: {
+  virtualisation = {
+    containers.enable = true;
+    podman = {
+      enable = true;
+      dockerCompat = true;
+      defaultNetwork.settings.dns_enabled = true;
+    };
+  };
+  virtualisation.oci-containers.backend = "podman";
+  environment.systemPackages = with pkgs; [
+    podman-tui
+    podman-compose
+  ];
+}

modules/programs-nixos/qmk-vial.nix

@@ -0,0 +1,9 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  services.udev.extraRules = ''
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
+  '';
+}

modules/shared/nixos/boot/default.nix

@@ -1,21 +0,0 @@
-{
-  inputs,
-  pkgs,
-  ...
-}: {
-  imports = with inputs; [
-    chaotic.nixosModules.default
-    ./loader.nix
-    ./lanzaboote.nix
-  ];
-  boot = {
-    consoleLogLevel = 0;
-    kernel.sysctl."vm.swappiness" = 10;
-    # kernelPackages = pkgs.linuxPackages_cachyos;
-    kernelPackages = pkgs.linuxPackages_latest;
-    plymouth.enable = true;
-    initrd = {
-      systemd.enable = true;
-    };
-  };
-}

modules/shared/nixos/boot/loader.nix

@@ -1,14 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: {
-  boot.loader = {
-    timeout = 0;
-    efi.canTouchEfiVariables = true;
-    systemd-boot = {
-      consoleMode = "auto";
-      configurationLimit = lib.mkOverride 1337 10;
-    };
-  };
-}

modules/shared/nixos/default.nix

@@ -6,23 +6,25 @@
   ...
 }: let
   inherit (lib) mkDefault mkOption mkEnableOption mkIf;
-  cfg = config.module.config;
+  cfg = config.unexplrd.config;
+  cfgHost = config.unexplrd.host;
 in {
   imports = [
-    ./boot
     ./hardware
     ./misc
+    ./module/lanzaboote.nix
+    ./module/locale.nix
     ./networking
     ./nix
     ./security
-    ./locale.nix
+    ./stylix
     ./programs.nix
     ./services.nix
     ./sops.nix
     ./users.nix
   ];
   options = {
-    module.host = {
+    unexplrd.host = {
       name = mkOption {
         type = lib.types.str;
       };
@@ -36,7 +38,7 @@ in {
         type = lib.types.enum ["laptop" "server" "workstation"];
       };
     };
-    module.config = {
+    unexplrd.config = {
       laptop.homeRowMods = mkEnableOption "set to have mods on asdfjkl;";
       powerSave = mkEnableOption "set to use various power saving daemons";
       secureBoot = mkEnableOption "set if secure boot is configured";
@@ -50,11 +52,9 @@ in {
   };
   config = lib.mkMerge [
     {
-      system.stateVersion = config.module.host.stateVersion;
+      system.stateVersion = cfgHost.stateVersion;
-      networking = {
+      networking.hostName = cfgHost.name;
-        hostName = config.module.host.name;
+      networking.hostId = cfgHost.id;
-        hostId = config.module.host.id;
-      };
     }
     {
       boot.initrd.systemd.tpm2.enable = mkDefault cfg.tpmDiskUnlock;

modules/shared/nixos/misc/default.nix

@@ -1,3 +1,59 @@
 {
-  imports = [./slim.nix ./zram.nix];
+  lib,
+  pkgs,
+  # inputs,
+  ...
+}: {
+  imports = [
+    # inputs.chaotic.nixosModules.default
+    ./slim.nix
+  ];
+  boot = {
+    consoleLogLevel = 0;
+    kernel.sysctl."vm.swappiness" = 10;
+    plymouth.enable = true;
+    initrd = {
+      systemd.enable = true;
+    };
+
+    kernelPackages = pkgs.linuxPackages_latest;
+    # kernelPackages = pkgs.linuxPackages_cachyos;
+
+    loader = {
+      timeout = 0;
+      efi.canTouchEfiVariables = true;
+      systemd-boot = {
+        consoleMode = "auto";
+        configurationLimit = lib.mkOverride 1337 10;
+      };
+    };
+    tmp.cleanOnBoot = lib.mkDefault true;
+  };
+
+  console.font = "${pkgs.spleen}/share/consolefonts/spleen-16x32.psfu";
+
+  environment = {
+    ldso32 = null;
+    # memoryAllocator.provider = "mimalloc"; # weird memory consumption stuff
+    variables = {
+      LESS = "-R --mouse";
+    };
+  };
+
+  networking.networkmanager.enable = true;
+
+  services.journald.extraConfig = ''
+    SystemMaxUse=1G
+  '';
+  systemd.coredump.extraConfig = ''
+    Storage=none
+    ProcessSizeMax=0
+  '';
+
+  zramSwap = {
+    enable = true;
+    algorithm = "zstd";
+    memoryPercent = 25;
+    priority = 5;
+  };
 }

modules/shared/nixos/misc/zram.nix

@@ -1,8 +0,0 @@
-{
-  zramSwap = {
-    enable = true;
-    algorithm = "zstd";
-    memoryPercent = 25;
-    priority = 5;
-  };
-}

modules/shared/nixos/module/lanzaboote.nix

@@ -8,7 +8,7 @@
   ];
   boot = {
     lanzaboote = {
-      enable = config.module.config.secureBoot;
+      enable = config.unexplrd.config.secureBoot;
       pkiBundle = "/var/lib/sbctl";
     };
   };

modules/shared/nixos/module/locale.nix

@@ -4,9 +4,10 @@
   ...
 }: let
   inherit (lib) types mkOption;
+  cfg = config.unexplrd.config;
 in {
   options = {
-    module.config = {
+    unexplrd.config = {
       locale = mkOption {
         type = types.strMatching "[a-z]{2}_[A-Z]{2}\\.UTF-8";
         default = "en_US.UTF-8";
@@ -19,9 +20,9 @@ in {
     };
   };
   config = {
-    time.timeZone = config.module.config.timeZone;
+    time.timeZone = cfg.timeZone;
     i18n = let
-      inherit (config.module.config) locale;
+      inherit (cfg) locale;
     in {
       defaultLocale = locale;
       extraLocaleSettings = {

modules/shared/nixos/networking/default.nix

@@ -1,18 +1,11 @@
 {
-  networking = {
+  networking.networkmanager = {
-    hosts = import ./hosts.nix;
-    networkmanager = {
     ethernet.macAddress = "stable";
-      wifi = {
+    wifi.macAddress = "random";
-        macAddress = "random";
+    wifi.scanRandMacAddress = true;
-        scanRandMacAddress = true;
-      };
-    };
-    wireless.iwd = {
-      settings = {
-        General.AddressRandomization = "network";
-        Settings.AlwaysRandomizeAddress = true;
-      };
   };
+  networking.wireless.iwd = {
+    settings.General.AddressRandomization = "network";
+    settings.Settings.AlwaysRandomizeAddress = true;
   };
 }

modules/shared/nixos/networking/hosts.nix

@@ -1,3 +1,5 @@
 {
+  networking.hosts = {
     "192.168.1.42" = ["dunamis"];
+  };
 }

modules/shared/nixos/nix/common.nix

@@ -1,7 +1,7 @@
 {
   pkgs,
   # inputs,
-  config,
+  # config,
   lib,
   ...
 }: {
@@ -15,11 +15,13 @@
       automatic = true;
       dates = ["weekly"];
     };
-    settings = {
+  };
+  nix.settings = {
     auto-optimise-store = true;
     experimental-features = [
       "nix-command"
       "flakes"
+
       # for container in builds support
       "auto-allocate-uids"
       "cgroups"
@@ -33,15 +35,15 @@
       # Allow the use of the impure-env setting.
       # "configurable-impure-env"
     ];
-      use-xdg-base-directories = true;
-    };
-  };
     # no longer need to pre-allocate build users for everything
-  nix.settings.auto-allocate-uids = lib.mkDefault true;
+    auto-allocate-uids = lib.mkDefault true;
+
     # Needs a patch in Nix to work properly: https://github.com/NixOS/nix/pull/13135
-  nix.settings.use-cgroups = true;
+    use-cgroups = true;
 
     # for container in builds support
-  nix.settings.system-features = ["uid-range"];
+    system-features = ["uid-range"];
-  systemd.services.nix-daemon.serviceConfig.RestrictNamespaces = lib.mkForce []; # (lib.remove "~cgroup" config.systemd.services.nix-daemon.serviceConfig.RestrictNamespaces);
+
+    use-xdg-base-directories = true;
+  };
 }

modules/shared/nixos/nix/default.nix

@@ -1,7 +1,6 @@
 {
   imports = [
     ./common.nix
-    ./distibuted-build.nix
     ./substituters.nix
   ];
 }

modules/shared/nixos/nix/distibuted-build.nix

@@ -1,49 +0,0 @@
-{
-  config,
-  inputs,
-  lib,
-  ...
-}: let
-  isBuildHost = config.module.host.name == "dunamis";
-in {
-  config = lib.mkMerge [
-    (lib.mkIf isBuildHost {
-      nix = let
-        inherit (builtins) readFile;
-        inherit (config.users.users) user;
-      in {
-        sshServe = {
-          enable = true;
-          keys = map (f: readFile f) user.openssh.authorizedKeys.keyFiles;
-          protocol = "ssh-ng";
-          trusted = true;
-          write = true;
-        };
-      };
-    })
-    (lib.mkIf (!isBuildHost) {
-      nix = let
-        inherit (builtins) readFile;
-        inherit (config.networking) hostName;
-        inherit (config.sops) secrets;
-        inherit (inputs) mysecrets;
-        pubHost = readFile "${mysecrets}/ssh/ssh_host_ed25519_dunamis.base64";
-      in {
-        distributedBuilds = true;
-        buildMachines = [
-          {
-            hostName = "dunamis";
-            maxJobs = 3;
-            protocol = "ssh-ng";
-            publicHostKey = pubHost;
-            speedFactor = 2;
-            sshKey = secrets."ssh-${hostName}-user".path;
-            sshUser = "nix-ssh";
-            supportedFeatures = ["benchmark" "big-parallel" "kvm" "nixos-test"];
-            system = "x86_64-linux";
-          }
-        ];
-      };
-    })
-  ];
-}

modules/shared/nixos/programs.nix

@@ -14,6 +14,7 @@
   };
   environment.systemPackages = with pkgs; [
     (lib.hiPrio uutils-coreutils-noprefix)
+    git
     helix
     nushell
   ];

modules/shared/nixos/security/boot.nix

@@ -66,7 +66,7 @@
 
     # Userspace
     # restrict usage of ptrace
-    "kernel.yama.ptrace_scope" = 2;
+    # "kernel.yama.ptrace_scope" = 2; # breaks anti-cheat
 
     # ASLR memory protection (64-bit systems)
     "vm.mmap_rnd_bits" = 32;
@@ -94,8 +94,8 @@
     "net.core.default_qdisc" = "cake";
   };
   boot.kernelParams = [
-    "systemd.unified_cgroup_hierarchy=1"
+    # "systemd.unified_cgroup_hierarchy=1"
-    "cgroup_no_v1=all"
+    # "cgroup_no_v1=all"
     "amd_iommu=force_isolation"
     "debugfs=off"
     "efi=disable_early_pci_dma"

modules/shared/nixos/security/coredump.nix

@@ -0,0 +1,11 @@
+{
+  security.pam.loginLimits = [
+    {
+      domain = "*"; # Applies to all users/sessions
+      type = "-"; # Set both soft and hard limits
+      item = "core"; # The soft/hard limit item
+      value = "0"; # Core dumps size is limited to 0 (effectively disabled)
+    }
+  ];
+  systemd.coredump.enable = false;
+}

modules/shared/nixos/security/default.nix

@@ -4,44 +4,39 @@
   pkgs,
   ...
 }: let
-  inherit (lib) mkIf mkDefault;
+  inherit (lib) mkIf;
-  systemd-services-hardened = fetchGit {
-    url = "https://github.com/wallago/nix-system-services-hardened.git";
-    ref = "main";
-    rev = "3c6c8738868277aa145e0f17c645172b1c9d81e3";
-  };
-  fromHardened = a: map (f: "${systemd-services-hardened}/services/${f}.nix") a;
 in {
-  imports =
+  imports = [
-    [./boot.nix ./ssh.nix]
+    ./boot.nix
-    ++ fromHardened [
+    ./coredump.nix
-      "accounts-daemon"
+    ./services.nix
-      "getty"
+    ./ssh.nix
-      # "nix-daemon" # TODO: breaks cgroups, ...
-      "nscd"
-      "rescue"
-      "sshd"
-      "systemd-machined"
-      "systemd-rfkill"
-      "systemd-udevd"
   ];
+
   networking.modemmanager.enable = false;
+
+  nix.settings.allowed-users = ["@users"];
+  nix.settings.trusted-users = ["@wheel"];
+
+  environment.systemPackages = with pkgs; [
+    (mkIf config.security.doas.enable doas-sudo-shim)
+  ];
+
   security =
     lib.attrsets.recursiveUpdate {
       # doas.enable = true;
       polkit.enable = true;
       sudo-rs.enable = false;
       sudo.enable = false;
+
+      wrappers = {
+        newgrp.enable = false;
+        pkexec.enable = false;
+        sg.enable = false;
+        su.enable = false;
+      };
     } {
       sudo-rs.execWheelOnly = true;
-      pam.loginLimits = [
-        {
-          domain = "*"; # Applies to all users/sessions
-          type = "-"; # Set both soft and hard limits
-          item = "core"; # The soft/hard limit item
-          value = "0"; # Core dumps size is limited to 0 (effectively disabled)
-        }
-      ];
       # pam.sshAgentAuth.enable = true;
       polkit.extraConfig = ''
         polkit.addRule(function(action, subject) {
@@ -61,14 +56,13 @@ in {
       '';
     };
 
-  environment.systemPackages = with pkgs; [
+  services.dbus.implementation = "broker";
-    (mkIf config.security.doas.enable doas-sudo-shim) # if doas install doas sudo shim
+  services.chrony = {
-  ];
-  systemd.coredump.enable = false;
-  services = {
-    chrony = {
     enable = true;
+    enableRTCTrimming = false;
     enableNTS = true;
+    extraConfig = "rtcsync";
+    extraFlags = ["-r" "-s"];
     servers = [
       "time.cloudflare.com iburst nts"
       "ntppool1.time.nl iburst nts"
@@ -78,8 +72,4 @@ in {
       "time.cifelli.xyz iburst nts"
     ];
   };
-    dbus.implementation = "broker";
-  };
-
-  nix.settings.allowed-users = mkDefault ["@users"];
 }

modules/shared/nixos/security/services.nix

@@ -0,0 +1,29 @@
+{
+  # config,
+  lib,
+  # pkgs,
+  ...
+}: let
+  systemd-services-hardened = fetchGit {
+    url = "https://github.com/wallago/nix-system-services-hardened.git";
+    ref = "main";
+    rev = "3c6c8738868277aa145e0f17c645172b1c9d81e3";
+  };
+  fromHardened = a: map (f: "${systemd-services-hardened}/services/${f}.nix") a;
+in {
+  imports = fromHardened [
+    "accounts-daemon"
+    "getty"
+    # "nix-daemon" # TODO: breaks cgroups, ...
+    "nscd"
+    "rescue"
+    "sshd"
+    "systemd-machined"
+    "systemd-rfkill"
+    "systemd-udevd"
+  ];
+  systemd.services = {
+    nix-daemon.serviceConfig.RestrictNamespaces = lib.mkForce [];
+    sshd.serviceConfig.ProtectHome = lib.mkForce "no";
+  };
+}

modules/shared/nixos/services.nix

@@ -3,7 +3,7 @@
     lib.attrsets.recursiveUpdate {
       # hardware.openrgb.enable = true;
       avahi.enable = true;
-      dnscrypt-proxy.enable = true;
+      # dnscrypt-proxy.enable = true;
       flatpak.enable = true;
       fstrim.enable = true;
       fwupd.enable = true;

modules/shared/nixos/stylix/default.nix

@@ -9,7 +9,7 @@
   inherit (lib) optionalAttrs;
   inherit (lib.types) bool str;
 
-  cfg = config.module.stylix;
+  cfg = config.unexplrd.stylix;
 
   fromBase16Schemes = f: "${pkgs.base16-schemes}/share/themes/${f}.yaml";
 
@@ -312,7 +312,7 @@ in {
   ];
 
   options = {
-    module.stylix = {
+    unexplrd.stylix = {
       enable = mkEnableOption "enable stylix";
 
       useCursor = mkOption {

modules/shared/nixos/users.nix

@@ -2,20 +2,18 @@
   inputs,
   config,
   pkgs,
-  lib,
   ...
 }: let
-  inherit (config.networking) hostName;
   inherit (config.sops) secrets;
   inherit (inputs) mysecrets;
   sshKeys = f: "${mysecrets}/ssh/user/id_${f}_ed25519.pub";
 in {
-  users.groups.admin = {};
+  users = {
+    mutableUsers = false;
 
-  nix.settings.trusted-users = ["user" "admin"];
+    # groups.admin = {};
-  users.mutableUsers = false;
+
-  users.users = {
+    users.admin = {
-    admin = {
       isNormalUser = true;
       description = "System administrator";
       extraGroups = ["wheel"]; # wheel = sudo
@@ -28,7 +26,7 @@ in {
         "sarien"
       ];
     };
-    user = {
+    users.user = {
       extraGroups = ["video" "libvirtd" "dialout"];
       hashedPasswordFile = secrets."user-password-hashed".path;
       isNormalUser = true;

modules/users/user/common.nix

@@ -33,5 +33,5 @@
     music = homeDir "music";
   };
 
-  dconf.settings."org/gnome/desktop/interface".enable-animations = false;
+  # dconf.settings."org/gnome/desktop/interface".enable-animations = false;
 }

modules/users/user/default.nix

@@ -3,5 +3,6 @@
     ./common.nix
     ./flatpak.nix
     ./programs.nix
+    ./services.nix
   ];
 }

modules/users/user/flatpak.nix

@@ -1,5 +1,7 @@
 {
+  config,
   inputs,
+  lib,
   pkgs,
   ...
 }: {
@@ -34,9 +36,7 @@
         "com.github.PintaProject.Pinta" # bootleg paint
         "org.gimp.GIMP" # the holy gimp
         "org.kde.kdenlive" # video editor
-        {
+        "com.collabora.Office" # libreoffice but pretty pixel-wasting ui
-          appId = "com.collabora.Office";
-        }
       ]
       ++ [
         # chatting
@@ -71,10 +71,10 @@
         "com.bitwarden.desktop"
         "com.github.johnfactotum.Foliate" # book reader
         "com.github.tchx84.Flatseal" # control flatpak permissions
-        "com.logseq.Logseq"
+        # "com.logseq.Logseq"
         "com.obsproject.Studio"
         "com.usebottles.bottles" # wine containers
-        "de.capypara.FieldMonitor" # libvirt
+        "de.capypara.FieldMonitor" # qemu and rdp/vnc client
         "org.qbittorrent.qBittorrent" # torrents
         "io.github.amit9838.mousam" # weather
         "io.github.finefindus.Hieroglyphic" # find latex symbols (in rust)
@@ -83,6 +83,7 @@
         "md.obsidian.Obsidian"
         "me.iepure.devtoolbox" # some cool utils
         "org.nicotine_plus.Nicotine" # soulseek
+        (lib.mkIf config.programs.distrobox.enable "com.ranfdev.DistroShelf")
       ];
     overrides = let
       homeNoNetwork = {

modules/users/user/programs.nix

@@ -11,18 +11,9 @@
   inherit (osConfig.virtualisation) libvirtd;
   inherit (osConfig.hardware) bluetooth;
 in {
-  imports = with flake.modules.hm-programs;
+  imports = with flake.homeModules; [
-    [
+    programs
-      yazi
+  ];
-      helix
-      fish
-      oh-my-posh
-      wezterm
-      ghostty
-    ]
-    ++ [./vicinae.nix];
-
-  syncthing.enable = true;
 
   systemd.user.settings.Manager.DefaultEnvironment = {
     TERMINAL = "wezterm";
@@ -37,14 +28,19 @@ in {
     # NPM_CONFIG_TMP = ''"$XDG_RUNTIME_DIR"/npm'';
   };
 
-  services = {
-    # pueue.enable = true; # process queue in rust
-    ssh-agent.enable = true;
-  };
-
   programs =
     lib.attrsets.recursiveUpdate
     {
+      atuin.enable = true;
+      fish.enable = true; # friendly interactive shell in rust
+      oh-my-posh.enable = true;
+
+      helix.enable = true;
+      yazi.enable = true;
+
+      wezterm.enable = true;
+      ghostty.enable = true;
+
       bat.enable = true; # cat in rust
       btop.enable = true;
       # direnv.enable = true;
@@ -60,6 +56,7 @@ in {
       nix-index-database.comma.enable = true;
       nix-index.enable = true;
       nix-your-shell.enable = true;
+      obsidian.enable = true;
       pay-respects.enable = true; # thefuck in rust
       ripgrep.enable = true; # grep in rust
       zellij.enable = true;
@@ -68,16 +65,31 @@ in {
     }
     {
       btop.settings.update_ms = 200;
+      btop.package = pkgs.btop-rocm;
 
       difftastic.git.enable = true;
       difftastic.git.diffToolMode = true;
 
-      git.signing.format = "ssh";
+      helix.defaultEditor = true;
 
+      git.signing.format = "ssh";
       git.settings.alias.cl = "clone";
       git.settings.alias.co = "checkout";
 
       keychain.keys = ["id_ed25519"];
+
+      obsidian.package = perSystem.mypackages.obsidian-bwrapped.override {
+        bwrapperOpts = {
+          sockets.x11 = false;
+          mounts.readWrite = [
+            "$HOME/Obsidian"
+          ];
+        };
+      };
+      # obsidian.vaults = {
+      #   personal.target = "Obsidian/Personal";
+      #   university.target = "Obsidian/University";
+      # };
     };
 
   home.packages = with pkgs;
@@ -103,6 +115,70 @@ in {
       systemctl-tui # systemctl tui in rust
       trashy # trash cli in rust
       up # ultimate plumber in go
+
+      (perSystem.mypackages.prismlauncher-bwrapped.override {
+        addPkgs = with pkgs; [mangohud gamemode gamescope glfw3-minecraft];
+        packageOverrides = {
+          jdks = with pkgs; [
+            # graalvmPackages.graalvm-ce
+            # zulu8
+            zulu17
+            zulu
+          ];
+        };
+      })
+      (perSystem.mypackages.zen-browser-bwrapped.override {
+        bwrapperOpts = {
+          sockets.x11 = false;
+        };
+      })
+      (perSystem.mypackages.legcord-bwrapped.override {
+        bwrapperOpts = {
+          sockets.x11 = false;
+        };
+      })
+      (perSystem.mypackages.helium-browser-bwrapped.override {
+        bwrapperOpts = {
+          sockets.x11 = false;
+          mounts.readWrite = [
+            # "$XDG_DOCUMENTS_DIR"
+            "$XDG_DOWNLOAD_DIR"
+            # "$XDG_MUSIC_DIR"
+            # "$XDG_VIDEOS_DIR"
+            # "$XDG_PICTURES_DIR"
+          ];
+        };
+      })
+      (pkgs.mkBwrapper rec {
+        app = {
+          addPkgs = with pkgs; [mangohud gamemode gamescope];
+          package = pkgs.heroic.override {
+            extraPkgs = pkgs: app.addPkgs;
+          };
+          id = "com.heroicgameslauncher.hgl_bwrapper";
+          runScript = "heroic";
+          # isFhsenv = true;
+        };
+        dbus.session.talks = [
+          "com.canonical.Unity"
+          "org.freedesktop.Notifications"
+          "org.freedesktop.PowerManagement"
+          "org.freedesktop.ScreenSaver"
+          "org.gnome.SettingsDaemon.MediaKeys"
+          "org.kde.StatusNotifierWatcher"
+        ];
+        dbus.system.talks = [
+          "org.freedesktop.UDisks2"
+          "org.freedesktop.UPower"
+        ];
+        mounts.readWrite = [
+          "/storage/games/heroic"
+          "$HOME/.config/wine-tools"
+        ];
+        mounts.read = [
+          "$XDG_CONFIG_HOME/mangohud"
+        ];
+      })
     ]
     ++ [
       (pkgs.writeShellApplication {
@@ -150,6 +226,8 @@ in {
       # sonusmix # pipewire routing tool in rust
     ];
 
+  xdg.systemDirs.data = ["/home/user/.bwrapper/helium/local/share"];
+
   # xdg.desktopEntries.uni = {
   #   actions."Copy".exec = "fish -c \"~/.local/bin/uni --copy\"";
   #   categories = ["Utility" "X-Launch" "Network"];

modules/users/user/services.nix

@@ -0,0 +1,17 @@
+{inputs, ...}: {
+  imports = [inputs.vicinae.homeManagerModules.default];
+
+  syncthing.enable = true;
+
+  services.easyeffects.enable = true;
+
+  # services.pueue.enable = true; # process queue in rust
+  services.ssh-agent.enable = true;
+
+  services.vicinae = {
+    enable = true;
+    systemd.enable = true;
+  };
+
+  xdg.configFile."vicinae/settings.json".enable = false;
+}

modules/users/user/vicinae.nix

@@ -1,7 +0,0 @@
-{inputs, ...}: {
-  imports = [inputs.vicinae.homeManagerModules.default];
-
-  services.vicinae.enable = true;
-
-  xdg.configFile."vicinae/vicinae.json".enable = false;
-}