feat(elcafe): add new server configuration

Add a screen resolution for when logging in remotely from Moonlight,
namely from my Thinkpad x220 and my FydeTab Duo.

.envrc

@@ -1,3 +1,4 @@
+# -*- mode: sh; -*-
 if ! has nix_direnv_version || ! nix_direnv_version 2.2.1; then
   source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.2.1/direnvrc" "sha256-zelF0vLbEl5uaqrfIzbgNzJWGmLzCmYAkInj/LNxvKs="
 fi

flake.lock

@@ -6,7 +6,8 @@
           "devenv"
         ],
         "flake-compat": [
-          "devenv"
+          "devenv",
+          "flake-compat"
         ],
         "git-hooks": [
           "devenv",
@@ -18,11 +19,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1752264895,
-        "narHash": "sha256-1zBPE/PNAkPNUsOWFET4J0cjlvziH8DOekesDmjND+w=",
+        "lastModified": 1760971495,
+        "narHash": "sha256-IwnNtbNVrlZIHh7h4Wz6VP0Furxg9Hh0ycighvL5cZc=",
         "owner": "cachix",
         "repo": "cachix",
-        "rev": "47053aef762f452e816e44eb9a23fbc3827b241a",
+        "rev": "c5bfd933d1033672f51a863c47303fc0e093c2d2",
         "type": "github"
       },
       "original": {
@@ -32,6 +33,27 @@
         "type": "github"
       }
     },
+    "claude-desktop": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1761825061,
+        "narHash": "sha256-AeRQZKr8+1XQer+WmbwtQaQBy05UDgeNNE7YZjNLuS0=",
+        "owner": "k3d3",
+        "repo": "claude-desktop-linux-flake",
+        "rev": "791cd93cfe216ad06ab740f0fdc142119b1d6ec2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "k3d3",
+        "repo": "claude-desktop-linux-flake",
+        "type": "github"
+      }
+    },
     "devenv": {
       "inputs": {
         "cachix": "cachix",
@@ -44,11 +66,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759437797,
-        "narHash": "sha256-+MwJvMExEcRpDIVKMwL1ZsSnC4AuhnooM7PNJh02S5I=",
+        "lastModified": 1761922975,
+        "narHash": "sha256-j4EB5ku/gDm7h7W7A+k70RYj5nUiW/l9wQtXMJUD2hg=",
         "owner": "cachix",
         "repo": "devenv",
-        "rev": "89ce1b7ac66ca381a335a60ad6acc723ef6f42f3",
+        "rev": "c9f0b47815a4895fadac87812de8a4de27e0ace1",
         "type": "github"
       },
       "original": {
@@ -60,11 +82,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1747046372,
-        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "lastModified": 1761588595,
+        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
         "type": "github"
       },
       "original": {
@@ -81,11 +103,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756770412,
-        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
+        "lastModified": 1760948891,
+        "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "4524271976b625a4a605beefd893f270620fd751",
+        "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
         "type": "github"
       },
       "original": {
@@ -112,6 +134,24 @@
         "type": "github"
       }
     },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "git-hooks": {
       "inputs": {
         "flake-compat": [
@@ -125,11 +165,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1758108966,
-        "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=",
+        "lastModified": 1760663237,
+        "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b",
+        "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37",
         "type": "github"
       },
       "original": {
@@ -167,11 +207,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759337100,
-        "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=",
+        "lastModified": 1761878381,
+        "narHash": "sha256-lCRaipHgszaFZ1Cs8fdGJguVycCisBAf2HEFgip5+xU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3",
+        "rev": "4ac96eb21c101a3e5b77ba105febc5641a8959aa",
         "type": "github"
       },
       "original": {
@@ -206,16 +246,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1758763079,
-        "narHash": "sha256-Bx1A+lShhOWwMuy3uDzZQvYiBKBFcKwy6G6NEohhv6A=",
+        "lastModified": 1761648602,
+        "narHash": "sha256-H97KSB/luq/aGobKRuHahOvT1r7C03BgB6D5HBZsbN8=",
         "owner": "cachix",
         "repo": "nix",
-        "rev": "6f0140527c2b0346df4afad7497baa08decb929f",
+        "rev": "3e5644da6830ef65f0a2f7ec22830c46285bfff6",
         "type": "github"
       },
       "original": {
         "owner": "cachix",
-        "ref": "devenv-2.30.5",
+        "ref": "devenv-2.30.6",
         "repo": "nix",
         "type": "github"
       }
@@ -227,11 +267,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759032422,
-        "narHash": "sha256-WZf+FhebP2/1pK2np5xj/NuDjD6fXK2BHnq/tPUN18o=",
+        "lastModified": 1761451000,
+        "narHash": "sha256-qBJL6xEIjqYq9zOcG2vf2nPTeVBppNJzvO0LuQWMwMo=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "ec7a78cb0e098832d8acac091a4df393259c4839",
+        "rev": "ed6b293161b378a7368cda38659eb8d3d9a0dac4",
         "type": "github"
       },
       "original": {
@@ -242,11 +282,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1759381078,
-        "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
+        "lastModified": 1761907660,
+        "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
+        "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15",
         "type": "github"
       },
       "original": {
@@ -258,7 +298,7 @@
     },
     "pumo-system-info": {
       "inputs": {
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
         "nixpkgs": [
           "nixpkgs"
         ],
@@ -285,11 +325,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759303785,
-        "narHash": "sha256-EUXrK7pUIzOQWR1dquZh26A6W8lsY2oiHEEZzQnsarM=",
+        "lastModified": 1761897390,
+        "narHash": "sha256-er4gYrIoThYLjlsOMTysoRfn67d1Gci+ZpqDrtQxrA0=",
         "ref": "refs/heads/master",
-        "rev": "9662234759eb57f2a1057f2a1c667da1bf128c1c",
-        "revCount": 686,
+        "rev": "fc704e6b5d445899a1565955268c91942a4f263f",
+        "revCount": 700,
         "type": "git",
         "url": "https://git.outfoxxed.me/quickshell/quickshell"
       },
@@ -300,6 +340,7 @@
     },
     "root": {
       "inputs": {
+        "claude-desktop": "claude-desktop",
         "devenv": "devenv",
         "home-manager": "home-manager",
         "nix-index-database": "nix-index-database",
@@ -338,11 +379,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759188042,
-        "narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=",
+        "lastModified": 1760998189,
+        "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d",
+        "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
         "type": "github"
       },
       "original": {
@@ -366,6 +407,21 @@
         "type": "github"
       }
     },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "zen-browser": {
       "inputs": {
         "nixpkgs": [
@@ -373,11 +429,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759205174,
-        "narHash": "sha256-LMfGQsy3OibEqr3WtLCOqUVdOy5/6DJKWHV8h+1Vapk=",
+        "lastModified": 1761883599,
+        "narHash": "sha256-ntnfAAqSuXI/+uqXAWUjbY5arB7sRK9cpgFbHbCZgK8=",
         "owner": "youwen5",
         "repo": "zen-browser-flake",
-        "rev": "afd770119e0f9fbb085665738f3fa4c28ff42f78",
+        "rev": "5355c0dc6857a2aa34b126fb4a93a454ed702f52",
         "type": "github"
       },
       "original": {

flake.nix

@@ -34,6 +34,11 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    claude-desktop = {
+      url = "github:k3d3/claude-desktop-linux-flake";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     zen-browser = {
       url = "github:youwen5/zen-browser-flake";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -83,42 +88,33 @@
       ];
     };
 
-    homeConfigurations = {
+    homeConfigurations = let
+      extraSpecialArgs = {inherit inputs outputs system;};
+      pkgs = nixpkgs.legacyPackages.x86_64-linux;
+    in {
       "phundrak@alys" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-        };
+        inherit extraSpecialArgs pkgs;
         modules = [
           ./users/phundrak/host/alys.nix
           inputs.sops-nix.homeManagerModules.sops
         ];
       };
       "phundrak@marpa" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-        };
+        inherit extraSpecialArgs pkgs;
         modules = [
           ./users/phundrak/host/marpa.nix
           inputs.sops-nix.homeManagerModules.sops
         ];
       };
       "phundrak@gampo" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-        };
+        inherit extraSpecialArgs pkgs;
         modules = [
           ./users/phundrak/host/gampo.nix
           inputs.sops-nix.homeManagerModules.sops
         ];
       };
       "phundrak@tilo" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-        };
+        inherit extraSpecialArgs pkgs;
         modules = [
           ./users/phundrak/host/tilo.nix
           inputs.sops-nix.homeManagerModules.sops
@@ -126,30 +122,39 @@
       };
     };
 
-    nixosConfigurations = {
+    nixosConfigurations = let
+      specialArgs = {inherit inputs outputs;};
+    in {
       alys = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+        inherit specialArgs;
         modules = [
           ./hosts/alys/configuration.nix
           inputs.sops-nix.nixosModules.sops
         ];
       };
+      elcafe = nixpkgs.lib.nixosSystem {
+        inherit specialArgs;
+        modules = [
+          ./hosts/elcafe/configuration.nix
+          inputs.sops-nix.nixosModules.sops
+        ];
+      };
       gampo = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+        inherit specialArgs;
         modules = [
           ./hosts/gampo/configuration.nix
           inputs.sops-nix.nixosModules.sops
         ];
       };
       marpa = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+        inherit specialArgs;
         modules = [
           ./hosts/marpa/configuration.nix
           inputs.sops-nix.nixosModules.sops
         ];
       };
       tilo = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+        inherit specialArgs;
         modules = [
           ./hosts/tilo/configuration.nix
           inputs.sops-nix.nixosModules.sops

hosts/elcafe/configuration.nix

@@ -0,0 +1,74 @@
+{
+  inputs,
+  config,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+    inputs.home-manager.nixosModules.default
+    ../../system
+  ];
+
+  sops.secrets = {
+    "elcafe/traefik/env".restartUnits = ["traefik.service"];
+    "elcafe/traefik/dynamic".restartUnits = ["traefik.service"];
+  };
+
+  mySystem = {
+    boot = {
+      kernel = {
+        hardened = true;
+        cpuVendor = "intel";
+      };
+      zfs = {
+        enable = true;
+        pools = ["tank"];
+      };
+    };
+    dev.docker = {
+      enable = true;
+      extraDaemonSettings.data-root = "/tank/docker/";
+    };
+    misc.keymap = "fr";
+    networking = {
+      hostname = "elcafe";
+      id = "501c7fb9";
+    };
+    packages.nix = {
+      gc.automatic = true;
+      trusted-users = [
+        "root"
+        "phundrak"
+      ];
+    };
+    services = {
+      endlessh.enable = true;
+      plex = {
+        enable = true;
+        dataDir = "/tank/web/plex-config";
+      };
+      ssh = {
+        enable = true;
+        allowedUsers = ["phundrak"];
+        passwordAuthentication = false;
+      };
+      traefik = {
+        enable = true;
+        envFiles = [config.sops.secrets."elcafe/traefik/env".path];
+        dynConf = config.sops.secrets."elcafe/traefik/dynamic".path;
+      };
+    };
+    users = {
+      root.disablePassword = true;
+      phundrak.enable = true;
+    };
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.11"; # Did you read the comment?
+}

hosts/elcafe/hardware-configuration.nix

@@ -0,0 +1,42 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = ["ahci" "xhci_pci" "ehci_pci" "megaraid_sas" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
+      kernelModules = [];
+    };
+    kernelModules = ["kvm-intel"];
+    extraModulePackages = [];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/d2e703f7-90e0-43e7-9872-ce036f201c4b";
+    fsType = "ext4";
+  };
+
+  swapDevices = [];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno4.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/marpa/configuration.nix

@@ -76,6 +76,7 @@
         enable = true;
         autostart = true;
       };
+      languagetool.enable = true;
     };
     users = {
       root.disablePassword = true;

secrets/secrets.yaml

@@ -1,3 +1,7 @@
+elcafe:
+    traefik:
+        env: ENC[AES256_GCM,data:Mfm4Wt/7UWrpWGGa/rmC1wY6QtI2G/a6cbZiNjZz1gOTrREehFBZxH5JJ9ZgsxCMSuh/XCQa/75cPg==,iv:nrtTmtdFfTrCYzxFHDVMuaDdoa8SDi+pn4kghP4r9xE=,tag:gjlv8ohv1aDx2PB1rwx6fQ==,type:str]
+        dynamic: ENC[AES256_GCM,data:AYUojopOSi2kZ4ORxs4KrWHgqXZTMVtShb7T2iQ4JDyrlrIWCTpynt8/El9uoDaSryTgqxM8z3g4DIe5nrovh7pcFGVm/QYXfsfAx4kIm//7CwL9UISiyERirJo053Ilut0/lAdw3rlqa9aBYC2fS6AlrHN1ZFzqBttTeyykvZe0qmiW4hPNZ3axXW66juXwe9cxm24bE9bJZuuV9RYbafQ2Om76p/92E42hu6twWaUz/n6QgwaE2ymCekroKaq8+Umohj1XL6UdEEcLSnmc1qRblshhhSssNEtzbKERujt2SH/ppf/LLoohp8v4VbSpVOkx+6fqvyKWvbi2RU3C7eusee+gnBe2mGxGj34Q35iU4RM6dEwwmvzfmCAYy+27SlNVffI8yo8JXACp1aLxqBxLDDU7LokoSUb62/w/mX3NlzYf5a6NeIrHzoh+qHmEXUq63+gsNJaiJPp6DxtAKByg23t1LxSpFhxW7LaYIjh+KjaYZgNYTFR1BerqDu2pyzIrzZQTdtCveX3eiEZ3p9SJxfiuBVKlfQ2FpvJ9JPl9ACTFK6AI4s61ZgiNEeXzqQwo9zt8QrruiixdxPaclOfrBrFxq1mWGBGGXaAryiuZjo4G0KlNVvg/s5YiecYi8prQxXVozti7YI0sGJdGVjDiHwXfnUn+eQD2YBrOH9FlRwO3Vd/yd+42Xf06Hv7IbbYMogcu5y9ZbiXWesVd/TgB+Hu2oWkWxBU3sn6i3rMiZ0z+V/74xCwmfElugGCQ97ga6tQ92UbSBbteoiXpZiH7Z7Wja39rWKPyypH1h71Sccy1rSWrcEVHLC9swtLcB4dzt2JvVdXQ37pmEElfusY0yEb/y0W20vxNArDy035gCXdhUyP65NfrlhcAXoiKQaayL3NO81vBLP+X9+zgKsAV/eINPzM3gsF12QJaaQSL6CIlIF7qdwX8GZwoIg60rE2ogR0XxLcN9CGdMMuILpB9UsSOoPNwgMZd3KIwEB2LJabLKtUwuyKuA0iF6ZwHSghpnkxAIkIGFsbIxslvgCLkVihoSR97lhFpOJbC6n8u408wLD6qxoS6IRAXbIbErkyNyrt9PvbwSiHyWRjF8APCZD2WuQ22GmfBK0t6lM2hF8q7vRKN+SFOvLpql6NFT4n8/Odfr7i+4JqJahRH33RnDqYtRiqgqSSZtq3DOn1aYCivfEMKZrVxP+c6COqpPELDpjBfGWjLhqE/rV48N9x7UZNQKflBlMtaGnB1uEcVuMuZfTRFYQLqYs2p8f5vVXXWF7vSP9mBSHB3oz0seEfLd65y2hppF3J/8F/+QlAyGDrAZFhCYYMRE4eY2dy2cxLNP2M9tGVZMXQSNfys5cDnkYZzvofK7b2scgC9HcCUmBKv8ZxoSa4qyIOzH9XJupY4rlemlJbJQ9paXgAiiTdvLPcncVVnlCPRbEngCDKvoplVnzH9Hd6mIgRCZLyyIeAR8FwikGuZEuQETWanbe4S60KdMpofGM/ysz6eD67q9iVKL1zHCDtpzYQAhKurFUfgcxNOXnWYi8MWdRY9CAvIUJgRgg+IHOV76Nl8ljV6wpgn0qFR0IoQPblI3W8zJ4UASSgvUkf0meR9KLN3pA1D/AnYxi+Zblcz6SuXqBBARkXfW84iJOVanbNxyZpJDEnio6cJmNXX8VJxP0zqlA80FpcMNAvNOYsKx5yEwx3MEAlP7lLU35xgMx/BOgErf9f8XfbxINXPH0an+xQqAm99gbaKamflNQqpXXV+1ViWVWlx7xwqSUq0qy7A2sjs6prZRTR1sTt4i7MONEaRN65zgaPtL8zbO3BCbUecUdzCTmBy/XVnfa2krF8dN4LjBs6/ZswW/KYqc8TU6udiCb6Y1H9kXKsg3l9/5+ftcFB/YC6LzS9ynpOYhw12BJtjEuIuwiKa5J/UTp3IULQDZ2rCKBL09GT1/DGwB5AU8Dc9E9X2OOvWowme/eyYiiX9q+B9yLMYxP6rTsq7vJ8cjwnNRCz8UJbVzTlM9MwntUnyqv1L8E8xD438m0P+soqOc99NwXsuM/aJ6ndctfFNwHYfuau7BJrMRPfjc65yMiayfCxUJmnAsp309ODNS9D6VZkf/l5cBzbd+9xsnK/WA8I7f9bTZgi2/HSNOdEAlwBfRZXrLQAbeixG4qNmRqtOjILYkSkb13Ug/Yx+IFlMIgTxiZzXMduxbloNQU4VqEVY6Qrogu4qlaCWsqICX0SabXFZXUFUHgwswkNqV0G8977QSFTyYkMNr7FZTuFegYjzZZHaOtCJ/2FAJFX/e76rWcoz8GK7lsEqvQnCrqDfGtaSDF0LcJojKXEFg2E6rwENuMumdDJzkHj5dFzGdsf2ogeHqB2+sKpaHAgVjWzfk8CevSKnPDR/6UMhNoi2luW+xbV/DmDLJ5GzO6uGdcSmaQsFcNuFsuQZkC/q3zTf/TqbfH/V/eXR6YS0Etn73/xwVh9b59KazNb7JJ+rXahVHP3aUWocpu7/92Qwh/Odf3qGBJ/KT4a2VWYfBXLq6N0H8g1SI/aRJIAe3JCq2j+ln1PRegcqmwFqJpwp3TebdJEroCZU63Cl6vXm0XHm75MVXz7kYXBnOWeYv63oVyCvRc/yoOTBsCYPiyRxaoLXHUI2e0zCrbSAmAmb5WOUqxq4dJKGZXYYzHlR+aAjBbqmLFyCm92DW0sWlXPBhEeXysOK6IP8NEHatdyCnkpiHsQZyuBITw==,iv:Ooq6tK6nMGuRFJ1ElGCJhOMQVyMNtGBSguQVFSm71fA=,tag:iJviKci+i3tif+sH8UxRZg==,type:str]
 extraHosts: ENC[AES256_GCM,data:YRHvHINgAQv4z+8awMzHY1uZS/K9qSaFsk8G5J2zF5P5YOt4x62eefXgmhWeKZzJI5AIi0312iMQl5qGv+lAkP+VC7j/h1rh7peBDEBU6LvcMgFU2XqxidM/CoKfMkJF8+/4bb+3r1LC/rEeXITTUQsOmoacdyCeKe5yxLaHyic/FaZIJq13wCg/QQSLfenc2Db0Pbxv5/cbRILhKT+ssElVipA40aZpgL7QmD542vObSEa6K4fZd0rawF/nOyibfpPN7Ak8DrYvfygNMw/QAGKY2XosxC86tjxhrIBHRakqmWpV+smoUO6XBFjU2sbwalafYVFdrvYL9BVAPtMZ25Sc5QMm87RCHqzqYdQHKs8C3JpVBHWnyL+0e5DNQrFrml0/FD5nFYsT6zDKVb/rN3YmxvTvKl7FpPKpv3Kke9WG+HnPs90hPy8Jpmg52vLMhaybx6dpJxzcF+ctBSI3J78hfweOCGvNGshCKpME1dujMPctH/kfYcm2j/ixKLjl0ZSbYeI9+l9oURBDwKzmKjAqhwnjuo3sL++ZsRU5Ue1zz9gsxS40R9eYevbq7JiQPX331pY2du1SRoKOxvPpXsDqe+CY5pW2RgPszjEIuDxyoveZolXg/zjlk0Ic/cOxrbflp7bTfQCQqEC7YJ5tRmtctk2lRGQkOFIg9Tn8ReifFxfhDrPFzc8X5vZgH73aqZSd/OkVybI3vEILV5uas0fPL7AHAKnBmeDV3mBNvF8aoZhD5CG8iRd1otta/3AQ660QV8IDoauq8fySC8Kee5B3kG75sqHvwF4Gu6CpSChXkjpiIqVmW0PntJueVHifuGJYkvhkX/CTHK7xm1HhtANnGrk6cr2APjWk1vpOaCmjFNqKTOV9d1HjaNWYTz4AZ+Uq2Za3UzN3oZCtZb96,iv:Z64+4oR/AfSgA7oZ/NPDLOtcmcXO5B4OQIGjOEK1Pf4=,tag:0I/1gXnBH7u6HTbQUz5Fpw==,type:str]
 mopidy:
     spotify: ENC[AES256_GCM,data:SaDT0iSWhsgVOi1s+Nzbr0Mur3t2Zd9z/KIUshGWtbPfkXXIoiJeJFtoZIz5NL/t5FooYsNfU1mGYgDeVYSD4BPibW8hiCYrX6L6OX+Q6ZEWXXx/1eBEs2/q0BrWGvy7frcurq/Px4R3ax0dXJe/YKbpAtU7+bQl,iv:F2zT+uMVBMnSEZqgcRmV8/fc3G/g2fKDuHuBzkyBRN0=,tag:CD8fuOQfe6QCrj4BUh0/xw==,type:str]
@@ -61,7 +65,7 @@ sops:
             QmJKNDJUY0RSakhwNWlkOVpib0trc1kK0tQxD9I82pjfs54eruu+IjzVUmcVBCPw
             9mp1xKiYRRMXt3YQn6MPiyuuX3l3UB5MH0RJMNtRq0D961rs+iiS5A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-07T09:16:46Z"
-    mac: ENC[AES256_GCM,data:3PIJps2hoavPJ6ig+943FE73lBhCfxv8vuzmgTtooH386V12/PQN+Opt/ZoIbXU9w21XelZ/C5xPr8rcuw5ADx9K/KjdMm8jyLCO6/+iBf6SjnbC3E0DyiDit50UtWxKc32ryiJ8m5hYfX6O2H8WIGFa+6wp5KISV9pkc09CNZA=,iv:xzwEhhBJQOlde8Ib+tZpv+2CHfR83dFevdwERkYTsTE=,tag:SzdcZH19kSTnNs16754IMw==,type:str]
+    lastmodified: "2025-11-02T00:42:02Z"
+    mac: ENC[AES256_GCM,data:0rYURFETR06JRNY/vE89jEI+dovFNxsjSOalf1Id3H+yzl4UYdsHN1T3mD1EfssFwCloBxOo+188RkUe7JlNV7hC+tvO3nBrDNuqjzFBQu/IHEz+nTI3mwB7ZsywubvFMG65dohM8H9hB2bUXSSqtEUpFEiz7Ugn2BfGyex4BbI=,iv:vFJk6mz60d6CzSetd+bNvxTEWfGBPaBS4sYj/AiYbq4=,tag:2nHBGQ5P3mxLyzllvstBqg==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.11.0

system/desktop/waydroid.nix

@@ -10,6 +10,6 @@ in {
   options.mySystem.desktop.waydroid.enable = mkEnableOption "Enables Waydroid";
   config = mkIf cfg.enable {
     virtualisation.waydroid.enable = cfg.enable;
-    environment.systemPackages = [ pkgs.waydroid-helper ];
+    environment.systemPackages = [pkgs.waydroid-helper];
   };
 }

system/dev/docker.nix

@@ -9,6 +9,13 @@ with lib; let
 in {
   options.mySystem.dev.docker = {
     enable = mkEnableOption "Enable Docker";
+    extraDaemonSettings = mkOption {
+      type = types.nullOr (types.attrsOf types.str);
+      default = {};
+      example = {
+        data-root = "/custom/path";
+      };
+    };
     podman.enable = mkEnableOption "Enable Podman rather than Docker";
     nvidia.enable = mkEnableOption "Activate Nvidia support";
     autoprune.enable = mkEnableOption "Enable autoprune";
@@ -17,9 +24,10 @@ in {
   config = {
     environment.systemPackages = mkIf cfg.podman.enable [
       pkgs.podman-desktop
+      pkgs.podman-compose
     ];
-    virtualisation = {
-      docker = mkIf (cfg.enable && !cfg.podman.enable) {
+    virtualisation = mkIf cfg.enable {
+      docker = mkIf (!cfg.podman.enable) {
         enable = true;
         enableNvidia = cfg.nvidia.enable;
         autoPrune.enable = cfg.autoprune.enable;

system/dev/qemu.nix

@@ -7,13 +7,27 @@
 with lib; let
   cfg = config.mySystem.dev.qemu;
 in {
-  options.mySystem.dev.qemu.enable = mkEnableOption "Enable QEMU";
+  options.mySystem.dev.qemu = {
+    enable = mkEnableOption "Enable QEMU";
+    users = mkOption {
+      type = types.listOf types.str;
+      default = ["phundrak"];
+      example = ["user1" "user2"];
+    };
+  };
   config = mkIf cfg.enable {
+    programs.virt-manager.enable = true;
+    users.groups.libvirtd.members = cfg.users;
+    virtualisation = {
+      libvirtd.enable = true;
+      spiceUSBRedirection.enable = true;
+    };
     environment.systemPackages = with pkgs; [
       qemu
-      virt-manager
+      quickemu
+      swtpm
     ];
-    systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ];
-    boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+    systemd.tmpfiles.rules = ["L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware"];
+    boot.binfmt.emulatedSystems = ["aarch64-linux"];
   };
 }

system/hardware/amdgpu.nix

@@ -9,14 +9,54 @@ with lib; let
 in {
   options.mySystem.hardware.amdgpu.enable = mkEnableOption "Enables an AMD GPU configuration";
   config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = [
-      "L+    /opt/rocm/hip   -    -    -     -    ${pkgs.rocmPackages.clr}"
-    ];
-    hardware.graphics.extraPackages = with pkgs; [rocmPackages.clr.icd];
+    hardware = {
+      graphics = {
+        enable = true;
+        enable32Bit = true;
+        extraPackages = with pkgs; [
+          mesa # Mesa drivers for AMD GPUs
+          rocmPackages.clr # common language runtime for ROCm
+          rocmPackages.clr.icd # ROCm ICD for OpenCL
+          rocmPackages.rocblas # ROCm BLAS library
+          rocmPackages.hipblas #
+          rocmPackages.rpp # High-performance computer vision library
+          nvtopPackages.amd # GPU utilization monitoring
+        ];
+      };
+      amdgpu = {
+        initrd.enable = true;
+        opencl.enable = true;
+      };
+    };
     environment.systemPackages = with pkgs; [
       clinfo
       amdgpu_top
       nvtopPackages.amd
     ];
+    systemd = {
+      packages = with pkgs; [lact];
+      services.lactd.wantedBy = ["multi-user.target"];
+      tmpfiles.rules = let
+        rocmEnv = pkgs.symlinkJoin {
+          name = "rocm-combined";
+          paths = with pkgs.rocmPackages; [
+            clr
+            clr.icd
+            rocblas
+            hipblas
+            rpp
+          ];
+        };
+      in [
+        "L+    /opt/rocm   -    -    -     -    ${rocmEnv}"
+      ];
+    };
+    environment.variables = {
+      ROCM_PATH = "/opt/rocm"; # Set ROCm path
+      HIP_VISIBLE_DEVICES = "1"; # Use only the eGPU (ID 1)
+      ROCM_VISIBLE_DEVICES = "1"; # Optional: ROCm equivalent for visibility
+      # LD_LIBRARY_PATH = "/opt/rocm/lib";         # Add ROCm libraries
+      HSA_OVERRIDE_GFX_VERSION = "10.3.0"; # Set GFX version override
+    };
   };
 }

system/hardware/default.nix

@@ -1,3 +1,4 @@
+{lib, ...}:
 {
   imports = [
     ./amdgpu.nix
@@ -7,4 +8,5 @@
     ./opentablet.nix
     ./sound.nix
   ];
+  hardware.enableRedistributableFirmware = lib.mkDefault true;
 }

system/services/calibre.nix

@@ -9,26 +9,26 @@ in {
   options.mySystem.services.calibre = {
     enable = mkEnableOption "Enable Calibre Web";
     user = mkOption {
-      type = types.string;
+      type = types.str;
       default = "phundrak";
     };
     group = mkOption {
-      type = types.string;
+      type = types.str;
       default = "users";
     };
     dataDir = mkOption {
-      type = types.string;
+      type = types.str;
       example = "/tank/calibre/conf";
       default = "/tank/calibre/conf";
     };
     library = mkOption {
-      type = types.string;
+      type = types.str;
       example = "/tank/calibre/library";
       default = "/tank/calibre/library";
     };
   };
   config.services.calibre-web = mkIf cfg.enable {
-    inherit (cfg) enable user group dataDir;
+    inherit (cfg) enable user dataDir group;
     options = {
       calibreLibrary = cfg.library;
       enableBookConversion = true;

system/services/default.nix

@@ -4,9 +4,11 @@
     ./endlessh.nix
     ./fwupd.nix
     ./jellyfin.nix
+    ./languagetool.nix
     ./plex.nix
     ./printing.nix
     ./ssh.nix
     ./sunshine.nix
+    ./traefik.nix
   ];
 }

system/services/jellyfin.nix

@@ -9,16 +9,16 @@ in {
   options.mySystem.services.jellyfin = {
     enable = mkEnableOption "Enable Jellyfin";
     dataDir = mkOption {
-      type = types.string;
+      type = types.str;
       default = "/tank/jellyfin/data";
       example = "/tank/jellyfin/data";
     };
     user = mkOption {
-      type = types.string;
+      type = types.str;
       default = "phundrak";
     };
     group = mkOption {
-      type = types.string;
+      type = types.str;
       default = "users";
     };
   };

system/services/languagetool.nix

@@ -0,0 +1,20 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.languagetool;
+in {
+  options.mySystem.services.languagetool = {
+    enable = mkEnableOption "Enables languagetool";
+    port = mkOption {
+      type = types.port;
+      default = 8081;
+      example = 80;
+    };
+  };
+  config.services.languagetool = mkIf cfg.enable {
+    inherit (cfg) enable port;
+  };
+}

system/services/plex.nix

@@ -9,17 +9,17 @@ in {
   options.mySystem.services.plex = {
     enable = mkEnableOption "Enable Plex";
     group = mkOption {
-      type = types.string;
+      type = types.str;
       default = "users";
       example = "users";
       description = "Group under which Plex runs";
     };
     dataDir = mkOption {
-      type = types.string;
+      type = types.str;
       example = "/tank/plex-config";
     };
     user = mkOption {
-      type = types.string;
+      type = types.str;
       default = "phundrak";
     };
   };

system/services/traefik.nix

@@ -0,0 +1,65 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.traefik;
+in {
+  options.mySystem.services.traefik = {
+    enable = mkEnableOption "Enable Traefikse";
+    email = mkOption {
+      type = types.str;
+      default = "lucien@phundrak.com";
+      example = "admin@example.com";
+    };
+    envFiles = mkOption {
+      type = types.listOf types.path;
+      example = ["/run/secrets/traefik.env"];
+      default = [];
+    };
+    dynConf = mkOption {
+      type = types.path;
+      example = "/var/traefik/dynamic.yaml";
+    };
+  };
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [80 443];
+    services.traefik = {
+      inherit (cfg) enable;
+      environmentFiles = cfg.envFiles;
+      dynamicConfigFile = cfg.dynConf;
+      staticConfigOptions = {
+        log = {
+          level = "WARN";
+          filePath = "/var/log/traefik/traefik.log";
+        };
+        accessLog.filePath = "/var/log/traefik/access.log";
+        api.dashboard = true;
+        entryPoints = {
+          web = {
+            address = ":80";
+            http.redirections.entryPoint = {
+              to = "websecure";
+              scheme = "https";
+            };
+          };
+          websecure.address = ":443";
+        };
+        certificatesResolvers.cloudflare.acme = {
+          inherit (cfg) email;
+          storage = "/var/lib/traefik/acme.json";
+          dnsChallenge = {
+            provider = "cloudflare";
+            resolvers = ["1.1.1.1:53" "1.0.0.1:53"];
+            propagation.delayBeforeChecks = 60;
+          };
+        };
+        providers.docker = {
+          endpoint = "unix:///var/run/docker.sock";
+          exposedByDefault = false;
+        };
+      };
+    };
+  };
+}

users/modules/cli/bat.nix

@@ -19,7 +19,6 @@ in {
     extraPackages = mkIf cfg.extras (with pkgs.bat-extras; [
       batman
       batpipe
-      batgrep
     ]);
   };
 }

users/modules/desktop/hyprland.nix

@@ -20,7 +20,6 @@ in {
     emacsPkg = mkOption {
       type = types.package;
       default = config.home.dev.editors.emacs.package or pkgs.emacs;
-      # default = pkgs.emacs;
       example = pkgs.emacs;
     };
     host = mkOption {
@@ -63,6 +62,8 @@ in {
             "marpa" = [
               "DP-1, 3440x1440@144, 1080x550, 1"
               "DP-2, 2560x1080@60, 0x0, 1, transform, 1"
+              # "DP-2, 1366x768@60, 0x0, 1"
+              # "DP-2, 1829x1143@60, 0x0, 1"
             ];
             "gampo" = [];
           }."${cfg.host}";

users/modules/dev/ai/claude.nix

@@ -0,0 +1,18 @@
+{
+  config,
+  lib,
+  inputs,
+  system,
+  ...
+}:
+with lib; let
+  cfg = config.home.dev.ai.claude;
+in {
+  options.home.dev.ai.claude.enable = mkEnableOption "Enables Claude-related packages";
+  config = mkIf cfg.enable {
+    home.packages = [inputs.claude-desktop.packages.${system}.claude-desktop-with-fhs];
+    programs.claude-code = {
+      inherit (cfg) enable;
+    };
+  };
+}

users/modules/dev/ai/default.nix

@@ -0,0 +1,19 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home.dev.ai;
+in {
+  imports = [
+    ./ollama.nix
+    ./claude.nix
+  ];
+
+  options.home.dev.ai.enable = mkEnableOption "Enables AI features";
+  config.home.dev.ai = mkIf cfg.enable {
+    ollama.enable = mkDefault cfg.enable;
+    claude.enable = mkDefault cfg.enable;
+  };
+}

users/modules/dev/ai/ollama.nix

@@ -4,20 +4,21 @@
   ...
 }:
 with lib; let
-  cfg = config.home.dev.ollama;
+  cfg = config.home.dev.ai.ollama;
 in {
-  options.home.dev.ollama = {
+  options.home.dev.ai.ollama = {
     enable = mkEnableOption "Enables Ollama";
     gpu = mkOption {
-      type = types.nullOr types.enum ["none" "amd" "nvidia"];
-      example = "amd";
-      default = "none";
+      type = types.nullOr (types.enum [false "rocm" "cuda"]);
+      example = "rocm";
+      default = null;
       description = "Which type of GPU should be used for hardware acceleration";
     };
   };
 
   config.services.ollama = mkIf cfg.enable {
     inherit (cfg) enable;
+    acceleration = cfg.gpu;
     environmentVariables = {
       OLLAMA_CONTEXT_LENGTH = "8192";
     };

users/modules/dev/default.nix

@@ -7,8 +7,8 @@ with lib; let
   cfg = config.home.dev;
 in {
   imports = [
+    ./ai
     ./editors
-    ./ollama.nix
     ./vcs
   ];
 

users/modules/dev/editors/emacs.nix

@@ -5,7 +5,7 @@
   ...
 }:
 with lib; let
-  emacsDefaultPackage = with pkgs; ((emacsPackagesFor emacsNativeComp).emacsWithPackages (
+  emacsDefaultPackage = with pkgs; ((emacsPackagesFor emacs).emacsWithPackages (
     epkgs: [
       epkgs.mu4e
       epkgs.pdf-tools

users/modules/dev/vcs/git.nix

@@ -90,9 +90,47 @@ in {
         else cfg.sendmail.user;
     in {
       enable = true;
-      userEmail = cfg.email;
-      userName = cfg.name;
-      extraConfig = {
+      ignores = [
+        ".env"
+        ".direnv/"
+
+        "*~"
+        "\#*\#"
+        "*.elc"
+        "auto-save-list"
+        ".\#*"
+        "*_flymake.*"
+        "/auto/"
+        ".projectile"
+        ".dir-locals.el"
+
+        "# Org mode files"
+        ".org-id-locations"
+        "*_archive"
+
+        "*.out"
+        "*.o"
+        "*.so"
+
+        "# Archives"
+        "*.7zz"
+        "*.dmg"
+        "*.gz"
+        "*.iso"
+        "*.jar"
+        "*.rar"
+        "*.tar"
+        "*.zip"
+
+        "*.log"
+        "*.sqlite"
+
+        "dist/"
+      ];
+      settings = {
+        user = {
+          inherit (cfg) name email;
+        };
         color.ui = "auto";
         column.ui = "auto";
         tag.sort = "version:refname";
@@ -180,99 +218,62 @@ in {
             insteadOf = "labs:";
           };
         };
-      };
-      ignores = [
-        ".env"
-        ".direnv/"
-
-        "*~"
-        "\#*\#"
-        "*.elc"
-        "auto-save-list"
-        ".\#*"
-        "*_flymake.*"
-        "/auto/"
-        ".projectile"
-        ".dir-locals.el"
-
-        "# Org mode files"
-        ".org-id-locations"
-        "*_archive"
-
-        "*.out"
-        "*.o"
-        "*.so"
-
-        "# Archives"
-        "*.7zz"
-        "*.dmg"
-        "*.gz"
-        "*.iso"
-        "*.jar"
-        "*.rar"
-        "*.tar"
-        "*.zip"
-
-        "*.log"
-        "*.sqlite"
-
-        "dist/"
-      ];
-      aliases = {
-        a = "add --all";
-        aca = "!git add --all && git commit --amend";
-        acan = "!git add --all && git commit --amend --no-edit";
-        ap = "add --patch";
-        b = "branch";
-        bd = "branch -d";
-        bdd = "branch -D";
-        c = "commit -S";
-        ca = "commit -Sa";
-        can = "commit -Sa --no-edit";
-        cm = "commit -Sm";
-        cam = "commit -Sam";
-        co = "checkout";
-        cob = "checkout -b";
-        cod = "checkout develop";
-        cl = "clone";
-        cl1 = "clone --depth 1";
-        f = "fetch";
-        fp = "fetch --prune";
-        ps = "push";
-        psf = "push --force-with-lease";
-        pso = "push origin";
-        psfo = "push --force-with-lease origin";
-        pushall = "!git remote \vert{} xargs -L1 git push";
-        psl = "!git remote \vert{} xargs -L1 git push";
-        pullall = "!git remote \vert{} xargs -L1 git pull";
-        pll = "!git remote \vert{} xargs -L1 git pull";
-        pl = "pull";
-        pb = "pull --rebase";
-        r = "rebase";
-        ra = "rebase --abort";
-        rc = "rebase --continue";
-        rd = "rebase develop";
-        ri = "rebase -i";
-        rmf = "rm -f";
-        rmd = "rm -r";
-        rmdf = "rm -rf";
-        sm = "submodule";
-        sms = "submodule status";
-        sma = "submodule add";
-        smu = "submodule update";
-        smui = "submodule update --init";
-        smuir = "submodule update --init --recursive";
-        st = "stash";
-        stc = "stash clear";
-        stp = "stash pop";
-        stw = "stash show";
-        u = "reset --";
-        d = "diff -w";
-        l = "log --all --oneline --graph --decorate --pretty=format':%C(magenta)%h %C(white) %an %ar%C(auto) %D%n%s%n'";
-        s = "status";
-        staged = "diff --cached";
-        upstream = "!git push -u origin HEAD";
-        unstage = "reset --";
+        alias = {
+          a = "add --all";
+          aca = "!git add --all && git commit --amend";
+          acan = "!git add --all && git commit --amend --no-edit";
+          ap = "add --patch";
+          b = "branch";
+          bd = "branch -d";
+          bdd = "branch -D";
+          c = "commit -S";
+          ca = "commit -Sa";
+          can = "commit -Sa --no-edit";
+          cm = "commit -Sm";
+          cam = "commit -Sam";
+          co = "checkout";
+          cob = "checkout -b";
+          cod = "checkout develop";
+          cl = "clone";
+          cl1 = "clone --depth 1";
+          f = "fetch";
+          fp = "fetch --prune";
+          ps = "push";
+          psf = "push --force-with-lease";
+          pso = "push origin";
+          psfo = "push --force-with-lease origin";
+          pushall = "!git remote \vert{} xargs -L1 git push";
+          psl = "!git remote \vert{} xargs -L1 git push";
+          pullall = "!git remote \vert{} xargs -L1 git pull";
+          pll = "!git remote \vert{} xargs -L1 git pull";
+          pl = "pull";
+          pb = "pull --rebase";
+          r = "rebase";
+          ra = "rebase --abort";
+          rc = "rebase --continue";
+          rd = "rebase develop";
+          ri = "rebase -i";
+          rmf = "rm -f";
+          rmd = "rm -r";
+          rmdf = "rm -rf";
+          sm = "submodule";
+          sms = "submodule status";
+          sma = "submodule add";
+          smu = "submodule update";
+          smui = "submodule update --init";
+          smuir = "submodule update --init --recursive";
+          st = "stash";
+          stc = "stash clear";
+          stp = "stash pop";
+          stw = "stash show";
+          u = "reset --";
+          d = "diff -w";
+          l = "log --all --oneline --graph --decorate --pretty=format':%C(magenta)%h %C(white) %an %ar%C(auto) %D%n%s%n'";
+          s = "status";
+          staged = "diff --cached";
+          upstream = "!git push -u origin HEAD";
+          unstage = "reset --";
+        };
       };
     };
   };

users/modules/dev/vcs/jujutsu.nix

@@ -45,6 +45,9 @@ in {
         default-command = "st";
         pager = ":builtin";
         show-cryptographic-signatures = true;
+        conflict-marker-style = "git"; # Support for vc-jj.el
+        diff-formatter = ":git"; # Support for vc-jj.el
+        diff-editor = ":builtin";
         inherit (cfg) editor;
       };
       signing = mkIf cfg.signing.enable {

users/modules/security/ssh.nix

@@ -17,6 +17,7 @@ in {
   config = {
     programs.ssh = mkIf cfg.enable {
       enable = true;
+      enableDefaultConfig = false;
       includes = lists.optional (cfg.hosts != null) cfg.hosts;
     };
   };

users/phundrak/home.nix

@@ -11,7 +11,7 @@
   ];
 
   config = let
-    emacsPkg = with pkgs; ((emacsPackagesFor emacsNativeComp).emacsWithPackages (
+    emacsPkg = with pkgs; ((emacsPackagesFor emacs).emacsWithPackages (
       epkgs: [
         epkgs.mu4e
         epkgs.pdf-tools
@@ -37,10 +37,7 @@
       };
 
       desktop.waybar.style = ./config/waybar/style.css;
-      dev.ollama = {
-        enable = true;
-        gpu = "amd";
-      };
+      dev.ai.claude.enable = true;
       fullDesktop = true;
       shell.fish.enable = true;
     };

users/phundrak/host/marpa.nix

@@ -2,6 +2,10 @@
   imports = [../home.nix];
   home = {
     cli.nh.flake = "${config.home.homeDirectory}/.dotfiles";
+    dev.ai.ollama = {
+      enable = true;
+      gpu = "rocm";
+    };
     desktop.hyprland.host = "marpa";
     phundrak.sshKey = {
       content = builtins.readFile ../../../keys/id_marpa.pub;

users/phundrak/packages.nix

@@ -36,11 +36,11 @@ with lib; {
     signal-desktop-bin
 
     # Misc
-    bitwarden
+    bitwarden-desktop
     gplates
     libnotify
     nextcloud-client
-    onlyoffice-bin
+    onlyoffice-desktopeditors
     scrcpy
     syncthing
     watchmate
@@ -65,8 +65,7 @@ with lib; {
     # Graphics
     inkscape
     gimp
-    gimpPlugins.fourier
-    gimpPlugins.farbfeld
+    gimpPlugins.gmic
 
     # Dev
     devenv