feat: switch frow waybar to quickshell and caelestia

.sops.yaml

@@ -5,6 +5,8 @@ keys:
   - &marpa-host age1cnnpnglkvgw5ffv8qpgwpqvj203lh4uwt698y9mxjwklxt8nysmsa8hepn
   - &tilo age1g68hxv73llkyc7etzh499ztcrt93pwawy0n8p93px4taqu58mehsp88vjq
   - &tilo-host age1awytvphvty4f9wmdn86xnjg9kgetqjx8qlwj5d2882t4fyyzy58s3vg5k4
+  - &NaroMk3 age1erkn7dd022e90ktyj66aux9j9xvl0uzd6ru5cmrjsvcm5rtr5pfs7q6k9h
+  - &NaroMk3-host age16crkeglm3j3f6rveylytuerptjf9mwtv3hl89ywkmnnvdkntfchsuvrsk5
 creation_rules:
   - path_regex: secrets/secrets.yaml$
     key_groups:
@@ -15,3 +17,5 @@ creation_rules:
       - *marpa-host
       - *tilo
       - *tilo-host
+      - *NaroMk3
+      - *NaroMk3-host

flake.lock

@@ -33,24 +33,49 @@
         "type": "github"
       }
     },
-    "claude-desktop": {
+    "caelestia-cli": {
       "inputs": {
-        "flake-utils": "flake-utils",
+        "caelestia-shell": [
+          "caelestia-shell"
+        ],
         "nixpkgs": [
+          "caelestia-shell",
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1764098187,
+        "lastModified": 1766195958,
-        "narHash": "sha256-H6JjWXhKqxZ8QLMoqndZx9e5x0Sv5AiipSmqvIxIbgo=",
+        "narHash": "sha256-YGawjW7RDzzOEiovrRGyRoXfjISbgLz4BVN9ZMb8LEc=",
-        "owner": "k3d3",
+        "owner": "caelestia-dots",
-        "repo": "claude-desktop-linux-flake",
+        "repo": "cli",
-        "rev": "b2b040cb68231d2118906507d9cc8fd181ca6308",
+        "rev": "8c83ae1e6a60de7d496d346bf3623f789a9f53e3",
         "type": "github"
       },
       "original": {
-        "owner": "k3d3",
+        "owner": "caelestia-dots",
-        "repo": "claude-desktop-linux-flake",
+        "repo": "cli",
+        "type": "github"
+      }
+    },
+    "caelestia-shell": {
+      "inputs": {
+        "caelestia-cli": "caelestia-cli",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "quickshell": "quickshell"
+      },
+      "locked": {
+        "lastModified": 1766280311,
+        "narHash": "sha256-Ty4GT6EaQFaL9E/dKcJB1Q30ByGkxXV6U1eu8+PS5Dc=",
+        "owner": "caelestia-dots",
+        "repo": "shell",
+        "rev": "66e509ae488b2c0468f2c803fd34c2625ca725dc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "caelestia-dots",
+        "repo": "shell",
         "type": "github"
       }
     },
@@ -134,24 +159,6 @@
         "type": "github"
       }
     },
-    "flake-utils_2": {
-      "inputs": {
-        "systems": "systems_2"
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
     "git-hooks": {
       "inputs": {
         "flake-compat": [
@@ -296,9 +303,25 @@
         "type": "github"
       }
     },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1764767520,
+        "narHash": "sha256-gs0x3CIkBN/2ALvfNkKZ82NJe/k/WrddcwT/NstLpUo=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "511f22afbfaccda862e13f8f2441c717bc962e89",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable-small",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "pumo-system-info": {
       "inputs": {
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils",
         "nixpkgs": [
           "nixpkgs"
         ],
@@ -321,6 +344,7 @@
     "quickshell": {
       "inputs": {
         "nixpkgs": [
+          "caelestia-shell",
           "nixpkgs"
         ]
       },
@@ -331,23 +355,23 @@
         "rev": "26531fc46ef17e9365b03770edd3fb9206fcb460",
         "revCount": 713,
         "type": "git",
-        "url": "https://git.outfoxxed.me/quickshell/quickshell"
+        "url": "https://git.outfoxxed.me/outfoxxed/quickshell"
       },
       "original": {
         "type": "git",
-        "url": "https://git.outfoxxed.me/quickshell/quickshell"
+        "url": "https://git.outfoxxed.me/outfoxxed/quickshell"
       }
     },
     "root": {
       "inputs": {
-        "claude-desktop": "claude-desktop",
+        "caelestia-shell": "caelestia-shell",
         "devenv": "devenv",
         "home-manager": "home-manager",
         "nix-index-database": "nix-index-database",
         "nixpkgs": "nixpkgs",
         "pumo-system-info": "pumo-system-info",
-        "quickshell": "quickshell",
         "sops-nix": "sops-nix",
+        "srvos": "srvos",
         "zen-browser": "zen-browser"
       }
     },
@@ -392,22 +416,25 @@
         "type": "github"
       }
     },
-    "systems": {
+    "srvos": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2"
+      },
       "locked": {
-        "lastModified": 1681028828,
+        "lastModified": 1764811239,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "narHash": "sha256-O98nsREqOegA/ckOi1lj5cC8+FlzZmgE2q2RD9eKrnw=",
-        "owner": "nix-systems",
+        "owner": "nix-community",
-        "repo": "default",
+        "repo": "srvos",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "rev": "0ed5a0abca19cb199796e77180499cb9b6cca493",
         "type": "github"
       },
       "original": {
-        "owner": "nix-systems",
+        "owner": "nix-community",
-        "repo": "default",
+        "repo": "srvos",
         "type": "github"
       }
     },
-    "systems_2": {
+    "systems": {
       "locked": {
         "lastModified": 1681028828,
         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",

flake.nix

@@ -24,8 +24,8 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    quickshell = {
+    caelestia-shell = {
-      url = "git+https://git.outfoxxed.me/quickshell/quickshell";
+      url = "github:caelestia-dots/shell";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
@@ -34,10 +34,7 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    claude-desktop = {
+    srvos.url = "github:nix-community/srvos";
-      url = "github:k3d3/claude-desktop-linux-flake";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
 
     zen-browser = {
       url = "github:youwen5/zen-browser-flake";
@@ -55,6 +52,7 @@
     nixpkgs,
     home-manager,
     devenv,
+    srvos,
     ...
   } @ inputs: let
     inherit (self) outputs;
@@ -100,14 +98,21 @@
         inherit extraSpecialArgs pkgs;
         modules = withUserModules ./users/phundrak/host/alys.nix;
       };
-      "phundrak@marpa" = home-manager.lib.homeManagerConfiguration {
-        inherit extraSpecialArgs pkgs;
-        modules = withUserModules ./users/phundrak/host/marpa.nix;
-      };
       "phundrak@gampo" = home-manager.lib.homeManagerConfiguration {
         inherit extraSpecialArgs pkgs;
         modules = withUserModules ./users/phundrak/host/gampo.nix;
       };
+      "phundrak@marpa" = home-manager.lib.homeManagerConfiguration {
+        inherit extraSpecialArgs pkgs;
+        modules = withUserModules [
+          inputs.caelestia-shell.homeManagerModules.default
+          ./users/phundrak/host/marpa.nix
+        ];
+      };
+      "phundrak@NaroMk3" = home-manager.lib.homeManagerConfiguration {
+        inherit extraSpecialArgs pkgs;
+        modules = withUserModules ./users/phundrak/host/naromk3.nix;
+      };
       "phundrak@tilo" = home-manager.lib.homeManagerConfiguration {
         inherit extraSpecialArgs pkgs;
         modules = withUserModules ./users/phundrak/host/tilo.nix;
@@ -133,6 +138,15 @@
         inherit specialArgs;
         modules = withSystemModules ./hosts/marpa/configuration.nix;
       };
+      NaroMk3 = nixpkgs.lib.nixosSystem {
+        inherit specialArgs;
+        modules = withSystemModules [
+          srvos.nixosModules.server
+          srvos.nixosModules.hardware-hetzner-cloud
+          srvos.nixosModules.mixins-terminfo
+          ./hosts/naromk3/configuration.nix
+        ];
+      };
       tilo = nixpkgs.lib.nixosSystem {
         inherit specialArgs;
         modules = withSystemModules ./hosts/tilo/configuration.nix;

hosts/naromk3/configuration.nix

@@ -0,0 +1,75 @@
+{inputs, ...}: {
+  imports = [
+    ./hardware-configuration.nix
+    inputs.home-manager.nixosModules.default
+    ../../system
+  ];
+
+  mySystem = {
+    boot = {
+      kernel = {
+        hardened = true;
+        cpuVendor = "amd";
+      };
+      grub = {
+        enable = true;
+        device = "/dev/sdb";
+      };
+    };
+    dev.docker.enable = true;
+    misc.keymap = "fr-bepo";
+    networking = {
+      hostname = "NaroMk3";
+      id = "0003beef";
+      firewall = {
+        openPorts = [
+          22 # Gitea SSH
+          80 # HTTP
+          443 # HTTPS
+        ];
+      };
+    };
+    packages.nix = {
+      gc.automatic = true;
+      trusted-users = ["phundrak"];
+    };
+    services = {
+      endlessh.enable = false;
+      ssh = {
+        enable = true;
+        allowedUsers = ["phundrak"];
+        passwordAuthentication = false;
+        port = 2222; # port 22 will be used by Gitea
+      };
+    };
+    users = {
+      root.disablePassword = true;
+      phundrak.enable = true;
+    };
+  };
+
+  # This option defines the first version of NixOS you have installed
+  # on this particular machine, and is used to maintain compatibility
+  # with application data (e.g. databases) created on older NixOS
+  # versions.
+  #
+  # Most users should NEVER change this value after the initial
+  # install, for any reason, even if you've upgraded your system to a
+  # new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and
+  # OS are pulled from, so changing it will NOT upgrade your system -
+  # see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+  # to actually do that.
+  #
+  # This value being lower than the current NixOS release does NOT
+  # mean your system is out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all
+  # the changes it would make to your configuration, and migrated your
+  # data accordingly.
+  #
+  # For more information, see `man configuration.nix` or
+  # https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion
+  system.stateVersion = "25.05"; # Did you read the comment?
+}

hosts/naromk3/hardware-configuration.nix

@@ -0,0 +1,46 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = [];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/28b965a5-940b-4990-87fe-039c9f373bf0";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/EBAD-6B85";
+    fsType = "vfat";
+    options = ["fmask=0022" "dmask=0022"];
+  };
+
+  fileSystems."/tank" = {
+    device = "/dev/disk/by-uuid/ed00871e-a14a-428f-b6e4-5b56febd756a";
+    fsType = "ext4";
+  };
+
+  swapDevices = [];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

hosts/tilo/configuration.nix

@@ -1,6 +1,3 @@
-# Edit this configuration file to define what should be installed on your
-# system.  Help is available in the configuration.nix(5) man page and in
-# the NixOS manual (accessible by running ‘nixos-help’).
 {inputs, ...}: {
   imports = [
     ./hardware-configuration.nix

keys/id_naromk3.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8C2Upks4/feloFsgZkQ6iOZBEJ6o87NdXdHeBYNUhg lucien@phundrak.com

secrets/secrets.yaml

@@ -1,67 +1,85 @@
-extraHosts: ENC[AES256_GCM,data:i2B5DEjVm7P0V77oVzGIgU08dcpmxy8EgoJz4nPuhfpOBZI1BQpRTOOoSVRZzY6SNpLQCcNDVCwvuhtS12w7NAgIFvBhSigzwJVaWZiC78qTjXanbjSW6fvT1SQqb+YOD+4qkpuuxT5pdBKkyHZvjGM6elyA0K6JzpiCE33+Ag/4SIFTyDrdhJN2HQule54aBDVObg5s7zmPnDo9bCX0XXXCbFpdOfJMKI+89c+Gfm0dJrnDwHcks3p1ZrrSfLn3NhC+Rryc8FHMCtw936WKv+TcP124XGYxXrdEFKngB/pJLhUZlzDeC4v33xtPemOdQrK7vGjO0YZ7WBbO5oXvHw6R1pqC7iMDWjKQBbPit8IB3rngXeMOPEHxbEp1W0MEHbp3bg4GH/SAnxKkfeAFxhMNMBolO12KTntaLCurTSKXhXCIn9SSxFcoWK6kIeo6cpejcHdqGbtV8eL3znZ+MXzvEDRwiy5Sofxa31aAoItwX7kK1YHbpMT95jfr8rKc4yR7tkJWmJkmU494x/lhLkyQbXj25cNcJE7v+hLtQkJ1gdHRgYxYJFxG+VbroSS5HjkRvameuLMfk5dHxg+0bifXEV1FjhKtZqM5JQNEFOHUzvrs5u8m3NKNr13onuT5soh3GKAlh8AMX7p5Etud0BpQPdU7HT5WXRyuP7JMZL5wsjRsGWRxnQaQbnV6qg1b1JP25b6iRj0DFHZJeIEEOU20wDwDQDCoXzJS8vlMbZOC0W9/NVWgwz+UAWQz/yxzRGbconWr6zUhvwcwYBtDhYb6KD0GFxn6yfB/zfMvRHZz8AFF4w00Bx4F2L3nvF4lltnkHkdy9Qql6RsshsVFpPjrhzCrABFBrP0js1OCRw==,iv:Mx7LgF/1z/aZtyvIYafELx2tg2VZ3wTpV0zI04DLxU0=,tag:ZZImkH5/6atDOIzaXJC0Bg==,type:str]
+extraHosts: ENC[AES256_GCM,data:P6Ho3CVFpJcJEVd8MVq9K0X4/OU4kJ270ZrzU+gdhlzeULzkYMcWBIa1mmMixbRnyuc+8wCeT1RpKSfl0zQNVjSazyj+V1C5+ZS8qboxD/8ehRMWnVtAFuyL4sruuyxpiXC+8op+sjAAWJWBfvQ0KCRD2H83+txz335XZZPYPmHvYjZ0FS3A23Zf4yVZHGXY6oxbUWhmeOhDf3vaARQe9MEqp/dPn/4QFrq8LwwEghnukbBPHY49VZ+pRV4HTOUnwjLjgfflqxXLqTHIYRu5GPEzRjC3ZT/5Hr4syLzPAFW12mVEOBjT4wpKLdnZypjlYaF0MfvUTE+qkTAACObUvcm1q+GT1qGmVr5M1VqOvSaWi+QgM9mlZBSJQzwrQ5tcBQ/GdrahyxjyVJOsz//mYRWqNerSIFr06znaAhAeZN2YRQRckzIPj+Crmdy2BNW8KDCWBiOjrgAb7MQOIVQ53JBwN0F/hgABKFgUd9lTSao3CEJEx9RooIezvu7SbXD3vxHSzrfhpyoSlJMx8hPNUoPqs0VnKdpGs4nudiMAgrdPG4eDsHqXZ6qVa4a3LpODFEDpsnstQuF8MgMmQFiEHJBID7j/uXyvcye7ZY3GQv6mAo5YkHjUts9j0UH+EkRD84AxVDv+TyroLKAgSZqZQVr3uUBS0CK50BPflwoP2scU+giTWm6L947LhHBIJvxfxtsHVj39kiCLjUJTKU1sLsb779938kXuEa/kd9XpMU4MQcMhD/gSzf0eemDPEe47HNYLjgDypPxkqnV/cNk+LkGOELLuvzqESsgUQLULG1rIS1kXYMJF1OZ9RRswf39AQnlZSovkw+phX8jOpvwfJHIax+35tkH+rkf621klXA==,iv:oAsOGZHilhBZYewYoWPxfloNjqLL92fvhcU+agd+oQA=,tag:2cuosGghq/+5akitPp4C4g==,type:str]
 mopidy:
-    spotify: ENC[AES256_GCM,data:SaDT0iSWhsgVOi1s+Nzbr0Mur3t2Zd9z/KIUshGWtbPfkXXIoiJeJFtoZIz5NL/t5FooYsNfU1mGYgDeVYSD4BPibW8hiCYrX6L6OX+Q6ZEWXXx/1eBEs2/q0BrWGvy7frcurq/Px4R3ax0dXJe/YKbpAtU7+bQl,iv:F2zT+uMVBMnSEZqgcRmV8/fc3G/g2fKDuHuBzkyBRN0=,tag:CD8fuOQfe6QCrj4BUh0/xw==,type:str]
+    spotify: ENC[AES256_GCM,data:89vPpgJ53eYou01qgxfqxOO6G/raBA0Vzck31PLchE4Jhi6HcNnoW4wwhHW3pG0AfCu5sE1CuryhRpWTc62fXIBoenKiCiU7chFhBF0UNq3Fcie26l6hdEx+XYVcM/MNBBbkb8VZq1mR0sgGmUESuZVzeI3LMykF,iv:n+LxuijWCZGW2YacrYQ2QIF2BTSilLmJ72piFRK25vw=,tag:iOQatj2UJdlMvn6C40IILg==,type:str]
-    bandcamp: ENC[AES256_GCM,data:diEx2fbkOR1oUav81jU5bNt/KNmbOaVzLV+G3zBUVXE7nEQpZNqVom0rgNrEVDGzH3u/IaA5eqG5ce9lE0BomeY8Z4MWI1xujhX5KsXdv21aw4UwsNgyLPuWhkN2POUMfCJlvekc/TFfFvJHyysx8aKxeI4dsg==,iv:cxx0cVkjOPG+hMD8JctJHdcICJt7ozpfRBVSCDBo6Ro=,tag:JRjwwvieGaGZJ+k56HWFaw==,type:str]
+    bandcamp: ENC[AES256_GCM,data:Sas5Sk0gNaq2E1XnsK8lvaZEzsaFZKY+zDxvgTiqTm2hrI2BnWieRWcZV6u1yRKjLAhh1rdSYhnZJHWUGIAY9qnFOk4vUVUHLtxnkxO/bJN/sykc4qwXRg4/NNap+8TcsN/S1AFJYKmXYn1Otx/02wbMEzHIuw==,iv:VGC7COqF3goMyyJvasiT0yVxOk4QKLOuXd2FbHjuRwk=,tag:pvyX4Q+dvlWFkdSJzTlgwA==,type:str]
-emailPassword: ENC[AES256_GCM,data:LALAvyuNN9bfa8D6ZK1YiFXRfxLOBi9kXA0N0Kr7h18eAI4hWQ==,iv:WtidILFfWCMKylax52JP+X57GfZyYlxJtiwrC6SADik=,tag:NvOrsL3fbmxQZp06GZhUZA==,type:str]
+emailPassword: ENC[AES256_GCM,data:RXmfWKIm5CzZrqhT6bAPZdijByO1NvrSwN1YO4/huVQnQh5p1g==,iv:lh/mxH5sPce+to6TsK2f0SrpHJuuGUiKWzrNmQfJcY0=,tag:EyR7Nml7Jyh4Modsq7DuBw==,type:str]
 ssh:
-    hosts: ENC[AES256_GCM,data:nuMA50lZVxi/b2Y95Om00DIXkfHV+5epXzgFJTUk1r78y71/q/1wDa0bb9bqaMhElivDrX2mzS7IplLqLry43VkGAiE00WrdT7pLM+NSDtm7VV3kake7qorkpydxczHeVg5VP/b1FMzpQ1gFoAVg6iY9tYBnfTa5MdQI3ktQBRYWU5XmVMFNquTBG10wOKxgTUdkh6smcYmU5YlDUdeM6gTt9QPSHlglOGCe/w3tuXOWkBNcNtNiwQoaKTwIkhisu8R6h/qwtOBBt0wEpOv+KtdYQ0Y9o7/KiN2mG24+/mASfAYTAhifSnCY0vDe145gkrQzFttzZDI6l4OgjYF9rIsP+hKwUChGObW90HVVKQbJ8oDoG+l9L+IxLxs8v/v1690Xtra+PPvZCgGqhXqpoqBL/OgNdR26p/G8Oid81Nb0ob8DstYLjYlcg7ZjPiruMtRwhKoa4z++pe+poepGAPHdKkLvAvzFUKwcqRfR7RNgNgZR8hFAe7Tg5m3ApF+koGWjcoKCyALgc/hP6LTBmiJuj6OySFl1cTtkKHPsYXa49St+lOB32MXCH2ysAI6860ZcJqpAFTQ1Yd2XYu+Xrbxcm381mE02Tw20+VP2OPyEYt+ida2TKAzM3aXiMGTRpSkwzkKXsRoBskVQxv3z+6c+w87I9ZmoZHqHM7dWcRAuj2bT2ZWeExPyEmUFczMjCcFFEepnlKWOYmkUZmjDfqZ1mtR3bBK271AnVHakS5jajbhhyu6VDMLYIQmBPDFpZnyCE2qgb9FbXBbqoq+qc/9w+7gCdXNnb1tDdiJ8E4k7no6oU5jrRMGHNX3UOMDs/Y9NS0vPsnqBpr7Pf+H6bxncXWoaimijoi1OxvUFMbRvT5uUgP/JNDZDGBhlY3zRiUnDhTuHF5vP8wisqsba7zwpoqIchI3hbxm+lWXt09ZTnR2A1uR3DTlEEjGUMpD5K5CWkgTalgaHYI9jh9n66rYop9evlngZlg5Cth/Lieh/34fcIUzHAQMbxUKqoRU9zHHQJ51AZIovTtegXmgPmQ8fw6F3uBQ5gg+T1CiaCqs5nUd9ERM=,iv:DNg2EEPmylLf2CqR9eqJYzngGizTraPNImIGTJwl8kI=,tag:StZ6H+1ec/i0l94Cv+AhOA==,type:str]
+    hosts: ENC[AES256_GCM,data:0KRAZyfgcO2HRio7GFKgZ0DeRdbLkawEpS2+UT6aWvDM7MrTXvA0sCkn57Y8Akq3+Lg+90eWgBNOWwkPG36S2+2dLgH7HdILUuqLY56QXJiv1lLf/JM9F6zDoJOoXBf4gwCBZ0wwRBJFbtMCkRGVtkYKeWMvDDnkrdyDjn9bFcJrECbb3c4upGp7kCCo43ATi1QL4HWTUhbt24gVnFHHH993vH3rNrgVBdX3GzzHh4M/aLcMaVXaAvf6F2dSCCzdruB3giYt0n0TciVDcINnbnOpBHnVJwzKNY387PYLlgeDfA1qL5ak4FUeNg+e79qXIqeLeQ0Gmmbjrq3jJl3jEDu/m2Ze6T2UTDDjSvs6Nq20lxarWCpa814oLzU7Ih5t+3Tpy99KDkFtfrawPm4GuEceGW6anGV5EAPFxIjSxZMCnsZaAFlhe17ZeHnSMdF/kDhcaAVNjFexXv5xwD9R4ga9eqDPwmawhpLjecooXws+u322MFheinI4mxaIuoPpSN26z4Svpxf2qL0NnQh0IAVEJ0S4PRp6FfAktuJbCE93YxJzCpgOrLbesyrRM6L/JN2Apv6ERU6VfkS6E25aO1O1l3lWII3YFpfn+6BXBMnb7y4e2nvABluyp9vJDjWuc1W7qE4tPOOp6a10Gy5sWi1vXz2DI5UtmjrPpYiLAbwZVpqyuaPMoVeeRpSPReIrOqdJtlU9Hu06fOMj7zm7FR6redSfXdL8UsV0ct1kI4W2ITy+NR8DTIe1aJCe+ES0J7WNtAZkEdLAfA1Urq9Gxvxt1c6U4sSNXPzvqFNrqfz+dzUSrOlFkWudJMxarXt3fRBgRIt0hE/gVoeOjRpAzJTurtyvOotDVKlszIQrQ8nN4aAD4t1v5bsVwgUc2lnhFjfNa38BZjNdiXf/6E0UpkB2GrofKWmP02sXVsD0NGI0hGOOKzJn3vbuhaXDPD0KSHkVjOZGUXYizwqxgyOQtMIOE9+w42xVCYht9M3A7USQ69Fcm9FvxUfSYNxPznSdZ2zNHxRheowrmX10S9fxEA9vxvic8H86TuAVfZ1S+P6GqpgSH7FDikSLyJNj3PyznRTBar7M65BCCN2zA9aM+SgnSAvkrmz1qQjd3jedcm9xdqvMXw5fYaLFHpYHDdZsi8w=,iv:eRcfkOg5vNI+HxsNELJe20cmKSThtBXwc7c69Jaj/3M=,tag:t0ux5jZRBx9DQbTzr9YHKg==,type:str]
 sops:
     age:
         - recipient: age1ajemtm502nn2n4q7v4j8meyd5mxtcqngkkedxq2pqzuwu78zp93qnw8q48
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiYU1MR2w4Njh2cVBocmJq
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLMG1wWDcrSjN0NjEzY05q
-            YkxvSmVsWDdGT0h0S3NSbDYxb21EVTlxT21nCjB3WlVmK0hkR1B6Z2lhbndvNFdC
+            YVBWbXJ1ZTlMYkdxZmRMakNZdm9qQnFxYzBFClMzS3RUVzM1aVRoazhXNkxwZFdv
-            aE9YMHphU1JoV2hwZ0RITXhHZnJmeTAKLS0tIDk4akc0T1FvbURLRFpXNHlRQ3Vx
+            OVVIQWlWS0dLS2puN0ZZVjNwaGpWeE0KLS0tIGtaVWJoZmN3bnFtbWt6RmhvUnpK
-            TUZMTENMbVNjeVFxMGVSc2FpZ0dXcDgKcacaFS2diAKeKwmVz7KghKjkNI2ij4Ns
+            NnlaM2VmdnRVQitxUXZueGxXeWdhQlkK99cfnUusVZO/icWY2pDLExVveLtf1xPp
-            fYSd8sq/bEDTvn1wNpF1zLmzX9jmoXc5iORuRKaYcT8OaoUX7SsFvQ==
+            43QVMMWTnkF8fS1SyM6KT7T12gFOeCIxa06IDKs1AIvuOuaq6OxEhw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age197lfdanym647wdaz9uy8hrfqjwj9fs8rm7vs3fsrctceu8mr9gms2jedhz
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNlhkZzFoa21tR244dVJ0
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SjlaZGdmNWZOKzRUYU5B
-            cXJWbDA0eVBrZWU4QVRVQm85bVVScFdYbHdnCjRWQWRNajIyQ0JoYTFFQ3RsOFA4
+            NlpDeEREOUlkamhINnREeVFoYUJqSkNlc1U0CkU2QUpBTi9DUDI0RmV3M3U3Vmgv
-            cTZGNVhCN2k0NHBMb1Z4VmVqRzNjbEkKLS0tIFhJTVBCM0E4dTkweld6WUx5Z1hQ
+            UTJ5ZXBlaEcxeUtzUjcwcGw0MG9xKzAKLS0tIFpWeHRMWDlDekVMOWtLWFR2S05y
-            WXdwVFJ3cXQzUnFPUnV2NzdqcWwwZkkKqS9IQpB/MjnsVQ4IfIRtH6FESzLkdHq/
+            MHNUYUlJVHc4cnRwdGpKYXJOUE9ydWcKrJmvP3y+xVMGvS17iIzAzrKjvO4LAFOH
-            GJnMHt0VcLt/gYrz+lrPc1ecQwNvVGH2Qt++BbSJxUFftoDLdEMlig==
+            mQV2c2WwZpNFYb63zwKKVxxRsTMCZjQviMXywCB7GRuUk1/aCEjZyA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age17pn6suvz2f7zmrm9zxj5hr0putvcvdamqxqt7ewhncgg6ccgmp2qr00xm2
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcVZPWVNBc1pFWm8zN3hm
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMlUrWnFoZGZuZi8yVUJW
-            M1RtenlCbGl3Q0xhWlRWN1BmOUNDK3I0cVQwCk82Vm5IcmZZeVRBdlVUb0NtTXdz
+            R1lJeUYydHZCMWZFeTZBNGVVRDQxTmlGZ0RjCmVKZ3BocEVLTUl3M1VoWjRvTi96
-            QTlVMEhCWkpJN0JOM09mSGtqbzl5ZUkKLS0tIE4vTGhEQlRDZ1Vma0VEQ0xtcU9V
+            SzNaWUIrUkxpVjZPVytJTmNEV2g5SkkKLS0tIDlyY1E4T1cxSXNuZDFtT3lhdFVl
-            MitPc29VYUV3UmJSNXdmMUhwck9MOXMKLXHEKpNvzModiTR1Q6cE1xKSGewV/9PJ
+            c2pDd2hCUE9RWHRCN1pXZ2prRk9iNFEKFWnDpPTFbi/l+aJnILF5NWwXLdpzzA7P
-            rEbTgsa0E9C4vm5sDKjSjuvpSF9tNOSByf5So5kzX0ZTxgjdTjsFbw==
+            RWoYja2qWNyIH8+6p+hazvezEVOpGECK5EVCH1dkLv52utuznmwsYg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1cnnpnglkvgw5ffv8qpgwpqvj203lh4uwt698y9mxjwklxt8nysmsa8hepn
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkeUlIL2QxQlhGN3RqOFZR
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMkZ6dC84cHY5ZGtOd0cv
-            K1p1bjc5R00yclEzL0hYY0c2OFJhRmN4Y0JvCkpIL0Q4Y1Nic3pFYjNIM1hMK2w2
+            RERqSXI3ejB2andMcldDVmp2SjNVc1hzZlIwCmVoWEFwMXdtVUU3dTVZZ05mRkhB
-            cFNGNVhHcW85R2loZ3JveVVZNGptd1kKLS0tIGYvYjlTMzRzUUNlM3padDJHNkFm
+            Z2ZCMnY3SUlkV0xRQUVlUDE3VE1aTzgKLS0tIHdiYXh1aE5nb3FSZTlpdVNZOUlF
-            VGJHL2c4Z05pTWlxellFMG4rRlp1MkUK4mwb2jMlfHb0ISInZKwbm9+EqBzWfZNU
+            ZEpsL25rcGFZaXBaTXFKbjd2UFpYRzQKNytlpy3cD1OC3FOSfSADjMMzD9qcsLrg
-            +L/WahvTo4Fe9uSOJffpSMleH0ZJS35loCJE5WIdmGnRQB6Mw7LWag==
+            A4w6NqhU8E1DJBln/AiElZ58AhzAb5okPsKRGWMQSb73XN0pLLRwXw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1g68hxv73llkyc7etzh499ztcrt93pwawy0n8p93px4taqu58mehsp88vjq
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIR3FWcElFL2RBRmdFS1cy
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4M1hKditZLytKeVErbit5
-            emRTM201a1ltWndUcDJ5RXptd1RTNHdvWXpNCkxBTXZCNUxvd1dXMDhHK0ZFVUI1
+            UEwyQW13bG1jakphRVA1WEd0WUtFa0I1UUc0ClV6NlUwRkZpZlhmY2t4RVliVExK
-            c2VkRlJJbDNYSzF0djJXN0J4YXltam8KLS0tIEFTZjdWd0NQTVEyU1Q4UCtQVGhy
+            a2k4RkFFampEUUFkQVhvSWJwd1JPVVEKLS0tIDVzdGV4NFFveStkVUROWE1mUHAz
-            K3VUdlpjd0M3RVBHOVVjc04yZzV4UkUKcB8r+FiqZqwsxj40hCtVePnfIZ3S8DFR
+            Z3R3MTRIRVZPc0pNVVhHYWhaSXdtbW8KorG+7fRAt1RT1fUD8Z4b2CJaIwCb+1br
-            tgSRDMp8eEm6vXHbbf49E/cpV4iBwVel9zAe64tYs7atk9dcgMmOpw==
+            Wt1E8hWeYVoHGnZuuJgrorv/GnqpRDkMrXix/qqGKuBlAgTDab5eYg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1awytvphvty4f9wmdn86xnjg9kgetqjx8qlwj5d2882t4fyyzy58s3vg5k4
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0TkVLUnFDMnVoT3BUM0kr
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxTDRWRUJNelRPMitSTm1H
-            ZU5hZE1teGF1M21SbmY5MHZTMytKeWpkYnk0CmkwNXlBMDR1cEp2MkZPeWUyU0hZ
+            U1FTY0xsTXZrWnF2VXdsQWNLcE5zeHJ6bGg4CkRZckY3Q0hBNTgxMUVDdUh3YWZS
-            Wlp4SFIwZUNQa25BRENsYWNoZmZoNjQKLS0tIEtIU3NRVS94SW80VXVGZy9hRkNQ
+            STgwOEZ5cGFkVHFEOWNnNjNONDZIZm8KLS0tIGg1TUZjbmQ5MFU2bG1sZFcycnRR
-            QmJKNDJUY0RSakhwNWlkOVpib0trc1kK0tQxD9I82pjfs54eruu+IjzVUmcVBCPw
+            cDVwRVIxeTVmcmJLekpXcG13cTZJVG8KwXR0NOiHcd0njWwRWzEyGf0vb1kXp766
-            9mp1xKiYRRMXt3YQn6MPiyuuX3l3UB5MH0RJMNtRq0D961rs+iiS5A==
+            FhBxX0RoUToq/UgTQGBWvEODrZTnNd/zXr1J8gA1TeacTEbkoWEkpA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-28T12:26:45Z"
+        - recipient: age1erkn7dd022e90ktyj66aux9j9xvl0uzd6ru5cmrjsvcm5rtr5pfs7q6k9h
-    mac: ENC[AES256_GCM,data:T4/aWHN9ILjaI1WAyO8VUQz87H0dmWjC3E6WnlNaRmTr5kDgpm6nYJHFGnrEEFUTPzAGluMTJzC3Sji6CqLKX7opOUtoDgUqiNHgz0oz7B28+RFGqxspo3IoCM4lJNrKBkZHnrKJFPUooYKc8aNm/goWWHQ/dL2uQ46Hvx9zK+o=,iv:Xq5XcYxkBCWMLFCgCYmkPgwBWMXpLFBPZY3iTTnXRcs=,tag:ZAPZAAv+qy4BM47aCgK89g==,type:str]
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZQUwxenU2aFN5My9wcHpu
+            c2prSCtvbW4xanlxZGhDT1dpT0V2ZUtmcGlvCkNrRkJ2OXVOSFhFcGxSYUdJMHBn
+            M2VydHhVSW5MWTdvTW8vSWlXT3ZnV1UKLS0tIGpydEc5TXNpdXc4czVvNk54K0JO
+            RTlDblJHcUczdmtOdGc4VjUrYk1PTWMKVM07fdDfLWf4T3ELq8G4jsPhR4ZukOjP
+            SATCHMTn3wG4qeGTI4R+4m4iqa3k7CFJUJapmBNHqXWOZeO5w9IonA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age16crkeglm3j3f6rveylytuerptjf9mwtv3hl89ywkmnnvdkntfchsuvrsk5
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1SUtkZysyMU05Q0tlSHZh
+            V21acktNUTA1SjBMNFJtcE9XVHVFWWFvcEhNCm9hRFY3QjZkTk05UTJXZkpyTytE
+            N01WS3E1TERmcVlCTEluT2RoODR0RFUKLS0tIHpoNmkxNlc0YmcvTHBZNUZPRks0
+            VkdKMUVOemNhUnpYSFFocnZRQmxPaUEKgCne7JJRIuvFtDMtaqO21IKjRoDW8D+3
+            V5tGfZOQADuef3n8ZG1j5t1OtNNBu4PjpxZynGx3/nR7+FThsK4vMg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-12-07T10:51:49Z"
+    mac: ENC[AES256_GCM,data:9LYnzgwB/QpEdZ7uDxfT+G+oUB0CJLFuigeocZNjoxb9U0PuckuLWuGOtcWBN0mkSF/Yc/rJS9D3a5ut5svwQ3111ROGvjGMF568+8IBJjejoxJepqz23F901rHBDfEVhBPnLImpIapIR/KJDbD+eW9ETlp/RN2LvIk8Zm91YTg=,iv:9+88oTT5UZBHYjzbDtqMqytcXV/bEjUZeqGxolgm0LY=,tag:ywqu25dQ8BcbPvphTqE78g==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0

system/boot/boot.nix

@@ -38,9 +38,17 @@ in {
     };
     systemd-boot = mkOption {
       type = types.bool;
-      default = true;
+      default = !cfg.grub.enable;
       description = "Does the system use systemd-boot?";
     };
+    grub = {
+      enable = mkEnableOption "Does the system use GRUB? (Disables systemd-boot)";
+      device = mkOption {
+        type = types.str;
+        description = "The GRUB device";
+        default = "";
+      };
+    };
     zfs = {
       enable = mkEnableOption "Enables ZFS";
       pools = mkOption {
@@ -55,6 +63,9 @@ in {
     loader = {
       systemd-boot.enable = cfg.systemd-boot;
       efi.canTouchEfiVariables = cfg.systemd-boot;
+      grub = mkIf cfg.grub.enable {
+        inherit (cfg.grub) enable device;
+      };
     };
     supportedFilesystems = mkIf cfg.zfs.enable ["zfs"];
     zfs.extraPools = mkIf cfg.zfs.enable cfg.zfs.pools;

system/network/tailscale.nix

@@ -12,5 +12,12 @@ in {
       default = true;
     };
   };
-  config.services.tailscale.enable = cfg.enable;
+  config.services.tailscale = {
+    enable = cfg.enable;
+    extraSetFlags = [
+      "--accept-dns"
+      "--accept-routes"
+      "--ssh"
+    ];
+  };
 }

system/services/default.nix

@@ -9,5 +9,6 @@
     ./printing.nix
     ./ssh.nix
     ./sunshine.nix
+    ./traefik.nix
   ];
 }

system/services/ssh.nix

@@ -18,9 +18,14 @@ in {
       example = true;
       default = false;
     };
+    port = mkOption {
+      type = types.int;
+      default = 22;
+    };
   };
   config.services.openssh = mkIf cfg.enable {
     inherit (cfg) enable;
+    ports = [cfg.port];
     settings = {
       AllowUsers = cfg.allowedUsers;
       PermitRootLogin = "no";

system/services/traefik.nix

@@ -0,0 +1,60 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.traefik;
+in {
+  options.mySystem.services.traefik = {
+    enable = mkEnableOption "Enable Traefik";
+    dataDir = mkOption {
+      type = types.path;
+      default = "/tank/traefik";
+    };
+    email = mkOption {
+      type = types.str;
+      default = "";
+    };
+  };
+  config.services.traefik = {
+    inherit (cfg) enable;
+    dynamicConfigFile = "${cfg.dataDir}/dynamic_config.toml";
+    staticConfigOptions = {
+      api.dashboard = true;
+      log = {
+        level = "INFO";
+        filePath = "${cfg.dataDir}/traefik.log";
+        format = "json";
+      };
+      accessLog.filePath = "${cfg.dataDir}/access.log";
+      entryPoints = {
+        http = {
+          address = ":80";
+          asDefault = true;
+          http.redirections.entrypoint = {
+            to = "https";
+            scheme = "https";
+          };
+        };
+        https = {
+          address = ":443";
+          asDefault = true;
+          httpChallenge.entryPoint = "https";
+        };
+      };
+      providers.docker = {
+        endpoint = "unix:///var/run/docker.sock";
+        exposedByDefault = false;
+      };
+      certificatesResolvers.cloudflare.acme = {
+        inherit (cfg) email;
+        storage = "${cfg.dataDir}/acme.json";
+        dnsChallenge = {
+          provider = "cloudflare";
+          resolvers = ["1.1.1.1:53" "1.0.0.1:53"];
+        };
+      };
+    };
+  };
+}

users/modules/desktop/caelestia.nix

@@ -0,0 +1,60 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.home.desktop.caelestia;
+in {
+  options.home.desktop.caelestia.enable = mkEnableOption "Enables Caelestia Shell";
+  config.programs.caelestia = mkIf cfg.enable {
+    inherit (cfg) enable;
+    systemd = {
+      enable = true;
+      target = "graphical-session.target";
+      environment = [
+        "QT3_QPA_PLATFORMTHEME=gtk3"
+      ];
+    };
+    settings = {
+      paths.wallpaperDir = "~/Pictures/Wallpapers/nord";
+      general = {
+        apps = {
+          terminal = ["kitty"];
+          audio = ["pavucontrol"];
+          playback = ["mpv"];
+          explorer = ["${pkgs.nemo-with-extensions}/bin/nemo"];
+        };
+        idle = {
+          timeouts = [
+            {
+              timeout = 300;
+              idleAction = "lock";
+            }
+          ];
+        };
+      };
+      background = {
+        desktopClock.enabled = true;
+        visualiser.enabled = true;
+      };
+      dashboard = {
+        enabled = true;
+        showOnHover = true;
+      };
+      launcher = {
+        enabled = true;
+        showOnHover = true;
+      };
+      bar.status.showAudio = true;
+      session.commands = {
+        logout = ["uwsm" "stop"];
+        shutdown = ["systemctl" "poweroff"];
+        hibernate = ["systemctl" "hibernate"];
+        reboot = ["systemctl" "reboot"];
+      };
+    };
+    cli.enable = true;
+  };
+}

users/modules/desktop/default.nix

@@ -7,6 +7,7 @@ with lib; let
   cfg = config.home.desktop;
 in {
   imports = [
+    ./caelestia.nix
     ./eww.nix
     ./hyprland.nix
     ./kdeconnect.nix

users/modules/desktop/hyprland.nix

@@ -2,11 +2,14 @@
   config,
   lib,
   pkgs,
+  inputs,
   ...
 }:
 with lib; let
   cfg = config.home.desktop.hyprland;
   laptops = ["gampo"];
+  system = pkgs.stdenv.hostPlatform.system;
+  caelestia = inputs.caelestia-shell.packages.${system}.default;
 in {
   imports = [
     ./swaync.nix
@@ -106,7 +109,6 @@ in {
         exec-once = [
           "pactl load-module module-switch-on-connect"
           "${pkgs.mpc}/bin/mpc stop"
-          "${pkgs.networkmanagerapplet}/bin/nm-applet"
           "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"
         ];
       };

users/modules/dev/ai/claude.nix

@@ -2,15 +2,20 @@
   config,
   lib,
   inputs,
-  system,
+  pkgs,
   ...
 }:
 with lib; let
   cfg = config.home.dev.ai.claude;
+  system = pkgs.stdenv.hostPlatform.system;
 in {
   options.home.dev.ai.claude.enable = mkEnableOption "Enables Claude-related packages";
   config = mkIf cfg.enable {
-    home.packages = [inputs.claude-desktop.packages.${system}.claude-desktop-with-fhs];
+    home.packages = let
+      claude-jj = pkgs.writeShellScriptBin "claude-jj" ''
+        ${pkgs.claude-code}/bin/claude --append-system-prompt 'CRITICAL: This repository uses Jujutsu (jj), NOT git. Never use git commands. Use jj equivalents. See CLAUDE.md.' "$@"
+      '';
+    in [claude-jj];
     programs.claude-code = {
       inherit (cfg) enable;
     };

users/modules/dev/ai/default.nix

@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  pkgs,
   ...
 }:
 with lib; let
@@ -12,8 +13,11 @@ in {
   ];
 
   options.home.dev.ai.enable = mkEnableOption "Enables AI features";
-  config.home.dev.ai = mkIf cfg.enable {
+  config.home = mkIf cfg.enable {
+    dev.ai = {
       ollama.enable = mkDefault cfg.enable;
       claude.enable = mkDefault cfg.enable;
     };
+    packages = [pkgs.opencode];
+  };
 }

users/modules/security/gpg.nix

@@ -11,10 +11,7 @@ in {
     enable = mkEnableOption "Enable GPG";
     pinentry.package = mkOption {
       type = types.package;
-      default =
+      default = pkgs.pinentry-gnome3;
-        if config.home.dev.editors.emacs.enable
-        then pkgs.pinentry-emacs
-        else pkgs.pinentry-gtk2;
     };
   };
   config = mkIf cfg.enable {
@@ -25,7 +22,7 @@ in {
     };
     services.gpg-agent = {
       enable = true;
-      enableSshSupport = true;
+      enableSshSupport = false;
       pinentry.package = cfg.pinentry.package;
     };
   };

users/modules/shell/default.nix

@@ -4,7 +4,7 @@
   ...
 }:
 with lib; let
-  aliases = {
+  defaultAliases = {
     df = "df -H";
     diskspace = "sudo df -h | grep -E \"sd|lv|Size\"";
     du = "du -ch";
@@ -81,19 +81,26 @@ in {
     ./zsh.nix
     ./zoxide.nix
   ];
-  options.home.shell.fullDesktop = mkEnableOption "Enable all shells";
+  options.home.shell = {
+    fullDesktop = mkEnableOption "Enable all shells";
+    aliases = mkOption {
+      type = types.attrsOf types.str;
+      default = {};
+      example = {la = "ls -a";};
+    };
+  };
   config.home.shell = {
     enableShellIntegration = cfg.bash.enable or cfg.zsh.enable or cfg.fish.enable;
     bash = {
-      aliases = mkDefault aliases;
+      aliases = cfg.aliases // defaultAliases;
       enable = mkDefault cfg.fullDesktop;
     };
     fish = {
-      abbrs = mkDefault aliases;
+      abbrs = cfg.aliases // defaultAliases;
       enable = mkDefault cfg.fullDesktop;
     };
     zsh = {
-      abbrs = mkDefault aliases;
+      abbrs = cfg.aliases // defaultAliases;
       enable = mkDefault cfg.fullDesktop;
     };
   };

users/phundrak/home.nix

@@ -64,7 +64,10 @@
         LSP_USE_PLISTS = "true";
         OPENAI_API_URL = "http://localhost:1234/";
       };
-      desktop.waybar.style = ./config/waybar/style.css;
+      desktop = {
+        caelestia.enable = true;
+        waybar.enable = false;
+      };
       dev = {
         ai.claude.enable = true;
         editors.emacs.package = emacsPackage;

users/phundrak/host/marpa.nix

@@ -2,9 +2,9 @@
   imports = [../home.nix];
   home = {
     cli.nh.flake = "${config.home.homeDirectory}/.dotfiles";
-    dev.ai.ollama = {
+    dev.ai = {
       enable = true;
-      gpu = "rocm";
+      ollama.gpu = "rocm";
     };
     desktop.hyprland.host = "marpa";
     phundrak.sshKey = {

users/phundrak/host/naromk3.nix

@@ -0,0 +1,7 @@
+{
+  imports = [../light-home.nix];
+  home = {
+    cli.nh.flake = "/home/phundrak/.dotfiles";
+    phundrak.sshKey.content = builtins.readFile ../../../keys/id_naromk3.pub;
+  };
+}

users/phundrak/host/tilo.nix

@@ -1,7 +1,7 @@
 {
   imports = [../light-home.nix];
   home = {
-    cli.nh.flake = "/tank/phundrak/nixos";
+    cli.nh.flake = "/tank/phundrak/.dotfiles";
     phundrak.sshKey.content = builtins.readFile ../../../keys/id_tilo.pub;
   };
 }

users/phundrak/packages.nix

@@ -4,7 +4,10 @@
   lib,
   ...
 }:
-with lib; {
+with lib; let
+  system = pkgs.stdenv.hostPlatform.system;
+in {
+  programs.bun.enable = true;
   home.packages = with pkgs; [
     # Terminal stuff
     duf
@@ -46,7 +49,6 @@ with lib; {
     watchmate
     inputs.zen-browser.packages.${system}.default
     inputs.pumo-system-info.packages.${system}.default
-    inputs.quickshell.packages.${system}.default
 
     # Games
     atlauncher
@@ -56,9 +58,6 @@ with lib; {
     moonlight-qt
 
     # Gnome stuff
-    gnome-tweaks
-    gnomeExtensions.docker
-    gnomeExtensions.syncthing-indicator
     gnomeExtensions.tray-icons-reloaded
     gthumb
 
@@ -81,6 +80,7 @@ with lib; {
     docker-language-server
     kdePackages.qtdeclarative # For QML LSP
     nixd
+    nixfmt
     marksman
     python3 # for Emacs and LSP
     vscode-json-languageserver