Still not working.

Same issue with package based on 2ship2harkinian.
Add a package for starship (Star Fox 64).
2025-01-27 20:38:45 -05:00 · 2025-01-27 19:26:38 -05:00 · 2025-01-27 19:26:38 -05:00 · 2025-01-26 19:04:17 -05:00 · 2025-01-26 18:55:53 -05:00 · 2025-01-26 16:57:18 -05:00
198 changed files with 10255 additions and 309 deletions
--- a/ansible/environments/home/host_vars/homeserver
+++ b/ansible/environments/home/host_vars/homeserver
@@ -77,8 +77,17 @@ jail_list:
  #     - name: mumbledb
  #       mount: /var/db/murmur
 bhyve_dataset: zmass/encrypted/vm
-bhyve_canmount: "on"
+# Disable mounting bhyve dataset so it doesn't hide the unencrypted linfi vm
 bhyve_canmount: "off"
 bhyve_mountpoint: "none"
 bhyve_bemount: "on"
 wireguard_directory: homeserver
 enabled_wireguard:
  - wgh
 linfi:
  enabled: true
  zfs_dataset: zmass/unencrypted/vm/linfi
  zfs_mountpoint: /vm/linfi
  driver_blocklist: "ath if_ath if_ath_pci ath_hal if_iwm if_iwlwifi"
  pci_blocklist: "6/0/0"
  amd: false
--- a/ansible/environments/home/hosts
+++ b/ansible/environments/home/hosts
@@ -1,2 +1,2 @@
 [headless]
-homeserver ansible_user=talexander ansible_host=10.216.1.1
+homeserver ansible_user=talexander ansible_host=homeserver
--- a/ansible/environments/laptop/host_vars/odofreebsd
+++ b/ansible/environments/laptop/host_vars/odofreebsd
@@ -59,3 +59,10 @@ enabled_wireguard:
  - wgh
  - drmario
  - colo
 linfi:
  enabled: true
  zfs_dataset: zroot/freebsd/current/vm/linfi
  zfs_mountpoint: /vm/linfi
  driver_blocklist: "if_iwm if_iwlwifi"
  pci_blocklist: "1/0/0"
  amd: true
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@@ -126,12 +126,14 @@
  vars:
    ansible_become: True
  roles:
    - linfi
    - framework_laptop
 - hosts: homeserver
  vars:
    ansible_become: True
  roles:
    - linfi
    - homeserver
 - hosts: odowork
--- a/ansible/roles/base/files/login.conf
+++ b/ansible/roles/base/files/login.conf
@@ -44,6 +44,7 @@ default:\
 	:pseudoterminals=unlimited:\
 	:kqueues=unlimited:\
 	:umtxp=unlimited:\
 	:pipebuf=unlimited:\
 	:priority=0:\
 	:ignoretime@:\
 	:umask=022:\
--- a/ansible/roles/devfs/files/homeserver_devfs.rules
+++ b/ansible/roles/devfs/files/homeserver_devfs.rules
@@ -17,3 +17,9 @@ add include $devfsrules_hide_all
 add include $devfsrules_unhide_basic
 add include $devfsrules_unhide_login
 add path 'bpf*' unhide
 [tajailrand=15]
 add include $devfsrules_hide_all
 add include $devfsrules_unhide_basic
 add include $devfsrules_unhide_login
 add path urandom unhide
--- a/ansible/roles/docker/tasks/linux.yaml
+++ b/ansible/roles/docker/tasks/linux.yaml
@@ -3,6 +3,7 @@
    name:
      - docker
      - docker-compose
      - docker-buildx
    state: present
 - name: Create docker zfs dataset
--- a/ansible/roles/emacs/files/elisp/lang-nix.el
+++ b/ansible/roles/emacs/files/elisp/lang-nix.el
@@ -0,0 +1,22 @@
 (require 'common-lsp)
 (require 'util-tree-sitter)
 (use-package nix-mode
  :mode (("\\.nix\\'" . nix-mode)
         )
  :commands nix-mode
  :hook (
         (nix-mode . (lambda ()
                             ;; (eglot-ensure)
                             ;; (defclass my/eglot-nix (eglot-lsp-server) ()
                             ;;   :documentation
                             ;;   "Own eglot server class.")
                             ;; (add-to-list 'eglot-server-programs
                             ;;              '(nix-mode . (my/eglot-nix "nixd")))
                             ;; (add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
                             ))
         )
  )
 (provide 'lang-nix)
--- a/ansible/roles/emacs/files/init.el
+++ b/ansible/roles/emacs/files/init.el
@@ -36,4 +36,6 @@
 (require 'lang-xml)
 (require 'lang-nix)
 (load-directory autoload-directory)
--- a/ansible/roles/emacs/meta/main.yaml
+++ b/ansible/roles/emacs/meta/main.yaml
@@ -7,3 +7,5 @@ dependencies:
    when: 'emacs_flavor == "full"'
  - role: terraform
    when: 'emacs_flavor == "full"'
  - role: nix
    when: 'emacs_flavor == "full"'
--- a/ansible/roles/firefox/defaults/main.yaml
+++ b/ansible/roles/firefox/defaults/main.yaml
@@ -28,7 +28,7 @@ firefox_config:
  # Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
  #
  # This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540
-  dom.event.clipboardevents.enabled: false
+  # dom.event.clipboardevents.enabled: false
  # Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
  privacy.firstparty.isolate: true
  # Do not preload URLs that auto-complete in the address bar.
--- a/ansible/roles/firewall/files/homeserver_pf.conf
+++ b/ansible/roles/firewall/files/homeserver_pf.conf
@@ -1,5 +1,5 @@
-ext_if = "{ igb0 igb1 ix0 ix1 wlan0 }"
+ext_if = "{ igb0 igb1 ix0 ix1 linfi_host }"
-not_ext_if = "{ !igb0 !igb1 !ix0 !ix1 !wlan0 }"
+not_ext_if = "{ !igb0 !igb1 !ix0 !ix1 !linfi_host }"
 jail_nat_v4 = "{ 10.215.1.0/24 }"
 not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
 restricted_nat_v4 = "{ 10.215.2.0/24 }"
@@ -19,17 +19,17 @@ unifi_ports = "{ 8443 3478 10001 8080 1900 8843 8880 6789 5514 }"
 set skip on lo
 # queueing
-# altq on wlan0 cbq queue { def, stuff }
+# altq on linfi_host cbq queue { def, stuff }
 # queue def cbq(default borrow)
 # queue stuff bandwidth	8Mb cbq { dagger }
 # queue dagger cbq(borrow)
 # redirections
-nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (wlan0)
+nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (linfi_host)
 rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 172.16.0.1 port 53
 # cloak
-nat pass on $ext_if inet from 10.215.2.0/24 to !10.215.2.0/24 -> (wlan0)
+nat pass on $ext_if inet from 10.215.2.0/24 to !10.215.2.0/24 -> (linfi_host)
 rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.2.1 port 53 -> 172.16.0.1 port 53
 # bastion
@@ -42,6 +42,10 @@ nat pass on restricted_nat proto {tcp, udp} from 10.215.1.217/32 to 10.215.2.2 p
 rdr pass on $ext_if inet proto {tcp, udp} from $not_restricted_nat_v4 to any port 8082 -> 10.215.2.2 port 8082
 nat pass on restricted_nat proto {tcp, udp} from any to 10.215.2.2 port 8082 -> 10.215.2.1
 # cloak -> dagger old
 rdr pass on $ext_if inet proto {tcp, udp} from $not_restricted_nat_v4 to any port 8083 -> 10.215.2.2 port 8083
 nat pass on restricted_nat proto {tcp, udp} from any to 10.215.2.2 port 8083 -> 10.215.2.1
 # -> sftp
 # TODO: Limit bandwidth for sftp
 rdr pass on $ext_if inet proto {tcp, udp} from $not_jail_nat_v4 to any port 8022 -> 10.215.1.216 port 22
--- a/ansible/roles/firewall/files/odofreebsd_pf.conf
+++ b/ansible/roles/firewall/files/odofreebsd_pf.conf
@@ -1,5 +1,5 @@
-ext_if = "{ wlan0 }"
+ext_if = "{ linfi_host }"
-not_ext_if = "{ !wlan0 }"
+not_ext_if = "{ !linfi_host }"
 jail_nat_v4 = "{ 10.215.1.0/24 }"
 not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
 rfc1918 = "{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }"
@@ -16,7 +16,7 @@ udp_pass_in = "{ 53 51820 }"
 set skip on lo
 # redirections
-nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (wlan0)
+nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (linfi_host)
 rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 172.16.0.1 port 53
 # Redirect jaeger ports to virtual machine.
--- a/ansible/roles/framework_laptop/files/wifi_us_modprobe.conf
+++ b/ansible/roles/framework_laptop/files/wifi_us_modprobe.conf
@@ -0,0 +1 @@
 options cfg80211 ieee80211_regdom=US
--- a/ansible/roles/framework_laptop/tasks/linux.yaml
+++ b/ansible/roles/framework_laptop/tasks/linux.yaml
@@ -30,6 +30,7 @@
    - iwlwifi
    - snd_hda_intel
    - disable_sp5100_watchdog
    - wifi_us
 - name: Configure kernel command line
  zfs:
@@ -95,4 +96,5 @@
  package:
    name:
      - fw-ectool-git
      - wireless-regdb
    state: present
--- a/ansible/roles/jail/files/jails/dagger.conf
+++ b/ansible/roles/jail/files/jails/dagger.conf
@@ -6,6 +6,8 @@ dagger {
    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start cloak ${name} 192.168.1.0/24";
    exec.poststop += "sleep 10; /usr/local/bin/jail_netgraph_bridge stop cloak ${name}";
    devfs_ruleset = 15;
    mount.devfs;
    mount.fstab = "/etc/fstab.${name}";
    exec.start += "/bin/sh /etc/rc";
--- a/ansible/roles/kubernetes/files/k8s_remove_finalizers_pipeline_runs
+++ b/ansible/roles/kubernetes/files/k8s_remove_finalizers_pipeline_runs
@@ -0,0 +1,7 @@
 #!/usr/bin/env bash
 #
 set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 kubectl get pipelinerun --all-namespaces -o go-template='{{range .items}}{{.metadata.namespace}}/{{.metadata.name}}{{"\n"}}{{end}}' | while read p; do namespace=$(cut -d '/' -f 1 <<<"$p"); name=$(cut -d '/' -f 2 <<<"$p"); kubectl patch pipelinerun -n "$namespace" "$name" -p '{"metadata":{"finalizers":null}}' --type=merge; done
--- a/ansible/roles/linfi/defaults/main.yaml
+++ b/ansible/roles/linfi/defaults/main.yaml
@@ -0,0 +1,7 @@
 # linfi:
 #   enabled: true
 #   zfs_dataset: zroot/freebsd/current/vm/linfi
 #   zfs_mountpoint: /vm/linfi
 #   driver_blocklist: "if_iwm if_iwlwifi"
 #   pci_blocklist: "1/0/0"
 #   amd: true
--- a/ansible/roles/linfi/files/launch_linfi.bash
+++ b/ansible/roles/linfi/files/launch_linfi.bash
@@ -0,0 +1,239 @@
 #!/usr/local/bin/bash
 #
 set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 # Share a host directory to the guest via 9pfs.
 #
 # Inside the VM run:
 #   mount -t virtfs -o trans=virtio sharename /some/vm/path
 #   mount -t 9p -o cache=mmap -o msize=512000 sharename /mnt/9p
 #   mount -t 9p -o trans=virtio,cache=mmap,msize=512000 sharename /path/to/mountpoint
 # bhyve_options="-s 28,virtio-9p,sharename=/"
 # Enable Sound
 # bhyve_options="-s 16,hda,play=/dev/dsp,rec=/dev/dsp"
 # Example usage:
 #
 #   doas bhyve_netgraph_bridge create-disk zdata/vm/poudriere /vm/poudriere 10
 #   doas bhyve_netgraph_bridge start poudriere zdata/vm/poudriere /vm/poudriere /vm/iso/FreeBSD-13.2-RELEASE-amd64-bootonly.iso
 #   doas bhyve_netgraph_bridge start poudriere zdata/vm/poudriere /vm/poudriere
 : ${VERBOSE:="NO"} # or YES
 : ${CPU_CORES:="1"}
 : ${MEMORY:="1G"}
 : ${NETWORK:="NAT"} # or RAW or BOTH
 : ${IP_RANGE:="10.215.1.1/24"} # Ignored for RAW networks
 : ${INTERFACE_NAME:="linfi_host"} # or the external interface like lagg0 for RAW networks
 : ${BRIDGE_NAME:="bridge_$INTERFACE_NAME"} # or bridge_raw for RAW networks
 : ${VNC_ENABLE:="NO"}
 : ${VNC_LISTEN:="127.0.0.1:5900"}
 : ${VNC_WIDTH:="1920"}
 : ${VNC_HEIGHT:="1080"}
 : ${PASSTHROUGH:="1/0/0"}
 if [ "$VERBOSE" = "YES" ]; then
    set -x
 fi
 ############## Setup #########################
 function cleanup {
    for vm in "${vms[@]}"; do
        log "Destroying bhyve vm $vm"
        bhyvectl "--vm=$vm" --destroy
        log "Destroyed bhyve vm $vm"
    done
 }
 vms=()
 for sig in EXIT; do
  trap "set +e; sleep 10; cleanup" "$sig"
 done
 function die {
    local status_code="$1"
    shift
    (>&2 echo "${@}")
    exit "$status_code"
 }
 function log {
    (>&2 echo "${@}")
 }
 ############## Program #########################
 function main {
    local cmd="$1"
    shift 1
    if [ "$cmd" = "create-disk" ]; then
        create_disk "${@}"
    elif [ "$cmd" = "start" ]; then
        start_vm "${@}"
    else
        die 1 "Unrecognized command $cmd"
    fi
 }
 function create_disk {
    local zfs_path="$1"
    local mount_path="$2"
    local gigabytes="$3"
    zfs create -o "mountpoint=$mount_path" "$zfs_path"
    cp /usr/local/share/edk2-bhyve/BHYVE_UEFI_VARS.fd "${mount_path}/"
    tee "${mount_path}/settings" <<EOF
 CPU_CORES="$CPU_CORES"
 MEMORY="$MEMORY"
 NETWORK="$NETWORK"
 IP_RANGE="$IP_RANGE"
 BRIDGE_NAME="$BRIDGE_NAME"
 INTERFACE_NAME="$INTERFACE_NAME"
 EOF
    zfs create -s "-V${gigabytes}G" -o volmode=dev -o primarycache=metadata -o secondarycache=none -o volblocksize=64K "$zfs_path/disk0"
 }
 function start_vm {
    local name="$1"
    local zfs_path="$2"
    local mount_path="$3"
    local mount_cd="${4:-}"
    if [ -e "${mount_path}/settings" ]; then
        source "${mount_path}/settings"
    fi
    local additional_args=()
    local host_interface_name="linfi_host"
    local bridge_name="linfi_bridge"
    assert_bridge "$host_interface_name" "$bridge_name"
    local mac_address
    mac_address=$(calculate_mac_address "$name")
    local bridge_link_name
    bridge_link_name=$(detect_available_link "${bridge_name}")
    additional_args+=("-s" "2:0,virtio-net,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name},mac=${mac_address}")
    # -H release the CPU when guest issues HLT instruction. Otherwise 100% of core will be consumed.
         # -s 3,ahci-cd,/vm/.iso/archlinux-2023.04.01-x86_64.iso \
             # -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080,wait \
            # -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080 \
    # TODO: Look into using nmdm instead of stdio for serial console
    if [ -n "$mount_cd" ]; then
        additional_args+=("-s" "5,ahci-cd,$mount_cd")
    fi
    if [ "$VNC_ENABLE" = "YES" ]; then
        additional_args+=("-s" "29,fbuf,tcp=$VNC_LISTEN,w=$VNC_WIDTH,h=$VNC_HEIGHT")
    fi
    vms+=("$name")
    while true; do
        set -x
        set +e
        bhyve \
            -D \
            -c sockets=1,cores=1,threads=1 \
            -m "$MEMORY" \
            -H \
            -w \
            -o 'rtc.use_localtime=false' \
            -s 0,hostbridge \
            -s "4,nvme,/dev/zvol/${zfs_path}/disk0" \
            -S \
            -s "7,passthru,${PASSTHROUGH}" \
            -s 30,xhci,tablet \
            -s 31,lpc -l com1,stdio \
            -l "bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd,${mount_path}/BHYVE_UEFI_VARS.fd" \
            -U '08421734-875e-11ef-a0f3-f426796942c7' \
            "${additional_args[@]}" \
            "$name"
        local exit_code=$?
        set -e
        set +x
        if [ $exit_code -eq 0 ]; then
            echo "Rebooting."
            sleep 5
        elif [ $exit_code -eq 1 ]; then
            echo "Powered off."
            break
        elif [ $exit_code -eq 2 ]; then
            echo "Halted."
            break
        elif [ $exit_code -eq 3 ]; then
            echo "Triple fault."
            break
        elif [ $exit_code -eq 4 ]; then
            echo "Exited due to an error."
            break
        fi
    done
 }
 function detect_available_link {
    local bridge_name="$1"
    local linknum=1
    while true; do
        local link_name="link${linknum}"
        if ! ng_exists "${bridge_name}:${link_name}"; then
            echo "$link_name"
            return
        fi
        linknum=$((linknum + 1))
        if [ "$linknum" -gt 90 ]; then
            (>&2 echo "No available links on bridge $bridge_name")
            exit 1
        fi
    done
 }
 function assert_bridge {
    local host_interface_name="$1"
    local bridge_name="$2"
    if ! ng_exists "${bridge_name}:"; then
        ngctl -d -f - <<EOF
 mkpeer . eiface hook ether
 name .:hook $host_interface_name
 EOF
        ngctl -d -f - <<EOF
 mkpeer ${host_interface_name}: bridge ether link0
 name ${host_interface_name}:ether $bridge_name
 EOF
        ifconfig $(ngctl msg "${host_interface_name}:" getifname | grep Args | cut -d '"' -f 2) name "${host_interface_name}" 192.168.253.2/24 up
        route add default 192.168.253.1
    fi
 }
 function ng_exists {
    ngctl status "${1}" >/dev/null 2>&1
 }
 function calculate_mac_address {
    local name="$1"
    local source
    source=$(md5 -r -s "$name" | awk '{print $1}')
    echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
 }
 function find_available_port {
    local start_port="$1"
    local port="$start_port"
    while true; do
        sockstat -P tcp -p 443
        port=$((port + 1))
    done
 }
 function ngctlcat {
    if [ "$VERBOSE" = "YES" ]; then
        tee /dev/tty | ngctl -d -f -
    else
        ngctl -d -f -
    fi
 }
 main "${@}"
--- a/ansible/roles/linfi/files/linfi_rc.conf
+++ b/ansible/roles/linfi/files/linfi_rc.conf
@@ -0,0 +1 @@
 linfi_enable="YES"
--- a/ansible/roles/linfi/meta/main.yaml
+++ b/ansible/roles/linfi/meta/main.yaml
@@ -0,0 +1,3 @@
 dependencies:
  - role: bhyve
    when: 'os_flavor == "freebsd"'
--- a/ansible/roles/linfi/tasks/common.yaml
+++ b/ansible/roles/linfi/tasks/common.yaml
@@ -0,0 +1,55 @@
 # - name: Create directories
 #   file:
 #     name: "{{ item }}"
 #     state: directory
 #     mode: 0755
 #     owner: root
 #     group: wheel
 #   loop:
 #     - /foo/bar
 # - name: Install scripts
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ item.dest }}"
 #     mode: 0755
 #     owner: root
 #     group: wheel
 #   loop:
 #     - src: foo.bash
 #       dest: /usr/local/bin/foo
 # - name: Install Configuration
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ item.dest }}"
 #     mode: 0600
 #     owner: root
 #     group: wheel
 #   loop:
 #     - src: foo.conf
 #       dest: /usr/local/etc/foo.conf
 # - name: Clone Source
 #   git:
 #     repo: "https://foo.bar/baz.git"
 #     dest: /foo/bar
 #     version: "v1.0.2"
 #     force: true
 #   diff: false
 - import_tasks: tasks/freebsd.yaml
  when: 'os_flavor == "freebsd"'
 - import_tasks: tasks/linux.yaml
  when: 'os_flavor == "linux"'
 - include_tasks:
    file: tasks/peruser.yaml
    apply:
      become: yes
      become_user: "{{ initialize_user }}"
  when: users is defined
  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
  loop_control:
    loop_var: initialize_user
--- a/ansible/roles/linfi/tasks/freebsd.yaml
+++ b/ansible/roles/linfi/tasks/freebsd.yaml
@@ -0,0 +1,50 @@
 - name: Install loader.conf
  template:
    src: "templates/{{ item }}_loader.conf.j2"
    dest: "/boot/loader.conf.d/{{ item }}.conf"
    mode: 0644
    owner: root
    group: wheel
  loop:
    - linfi
 - name: Install scripts
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0755
    owner: root
    group: wheel
  loop:
    - src: launch_linfi.bash
      dest: /usr/local/bin/launch_linfi
 - name: Install rc script
  template:
    src: "templates/{{ item.src }}.j2"
    dest: "/usr/local/etc/rc.d/{{ item.dest|default(item.src) }}"
    owner: root
    group: wheel
    mode: 0755
  loop:
    - src: linfi
 - name: Install service configuration
  copy:
    src: "files/{{ item }}_rc.conf"
    dest: "/etc/rc.conf.d/{{ item }}"
    mode: 0644
    owner: root
    group: wheel
  loop:
    - linfi
 - name: Install service configuration
  template:
    src: "templates/{{ item }}_rc.conf.j2"
    dest: "/etc/rc.conf.d/{{ item }}"
    mode: 0644
    owner: root
    group: wheel
  loop:
    - devmatch
--- a/ansible/roles/linfi/tasks/linux.yaml
+++ b/ansible/roles/linfi/tasks/linux.yaml
@@ -0,0 +1,29 @@
 # - name: Build aur packages
 #   register: buildaur
 #   become_user: "{{ build_user.name }}"
 #   command: "aurutils-sync --no-view {{ item }}"
 #   args:
 #     creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
 #   loop:
 #     - foo
 # - name: Update cache
 #   when: buildaur.changed
 #   pacman:
 #     name: []
 #     state: present
 #     update_cache: true
 # - name: Install packages
 #   package:
 #     name:
 #       - foo
 #     state: present
 # - name: Enable services
 #   systemd:
 #     enabled: yes
 #     name: "{{ item }}"
 #     daemon_reload: yes
 #   loop:
 #     - foo.service
--- a/ansible/roles/linfi/tasks/main.yaml
+++ b/ansible/roles/linfi/tasks/main.yaml
@@ -0,0 +1,2 @@
 - import_tasks: tasks/common.yaml
  when: linfi is defined and linfi.enabled
--- a/ansible/roles/linfi/tasks/peruser.yaml
+++ b/ansible/roles/linfi/tasks/peruser.yaml
@@ -0,0 +1,29 @@
 - include_role:
    name: per_user
 # - name: Create directories
 #   file:
 #     name: "{{ account_homedir.stdout }}/{{ item }}"
 #     state: directory
 #     mode: 0700
 #     owner: "{{ account_name.stdout }}"
 #     group: "{{ group_name.stdout }}"
 #   loop:
 #     - ".config/foo"
 # - name: Copy files
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
 #     mode: 0600
 #     owner: "{{ account_name.stdout }}"
 #     group: "{{ group_name.stdout }}"
 #   loop:
 #     - src: foo.conf
 #       dest: .config/foo/foo.conf
 - import_tasks: tasks/peruser_freebsd.yaml
  when: 'os_flavor == "freebsd"'
 - import_tasks: tasks/peruser_linux.yaml
  when: 'os_flavor == "linux"'
--- a/ansible/roles/linfi/tasks/peruser_freebsd.yaml
+++ b/ansible/roles/linfi/tasks/peruser_freebsd.yaml
--- a/ansible/roles/linfi/tasks/peruser_linux.yaml
+++ b/ansible/roles/linfi/tasks/peruser_linux.yaml
--- a/ansible/roles/linfi/templates/devmatch_rc.conf.j2
+++ b/ansible/roles/linfi/templates/devmatch_rc.conf.j2
@@ -0,0 +1,2 @@
 devmatch_enable="YES"
 devmatch_blocklist="{{ linfi.driver_blocklist }}"
--- a/ansible/roles/linfi/templates/linfi.j2
+++ b/ansible/roles/linfi/templates/linfi.j2
@@ -0,0 +1,46 @@
 #!/bin/sh
 #
 # PROVIDE: linfi
 # REQUIRE: LOGIN
 # KEYWORD: shutdown nojail
 . /etc/rc.subr
 name=linfi
 rcvar=${name}_enable
 start_cmd="${name}_start"
 stop_cmd="${name}_stop"
 status_cmd="${name}_status"
 load_rc_config $name
 tmux_name="linfi"
 linfi_start() {
    /usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env PASSTHROUGH='{{ linfi.pci_blocklist }}' /usr/local/bin/bash /usr/local/bin/launch_linfi start linfi {{ linfi.zfs_dataset }} {{ linfi.zfs_mountpoint }}"
    # /vm/.iso/alpine-extended-3.20.3-x86_64.iso
 }
 linfi_status() {
    if /usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null; then
        echo "$tmux_name is running."
    else
        echo "$tmux_name is not running."
        return 1
    fi
 }
 linfi_stop() {
    /usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null && (
        /usr/local/bin/tmux kill-session -t $tmux_name
        sleep 10
        bhyvectl --vm=linfi --destroy
        # kill `cat /var/run/linfi.pid`
    )
    linfi_wait_for_end
 }
 linfi_wait_for_end() {
    while /usr/local/bin/tmux has-session -t $tmux_name 2>dev/null; do
        sleep 1
    done
 }
 run_rc_command "$1"
--- a/ansible/roles/linfi/templates/linfi_loader.conf.j2
+++ b/ansible/roles/linfi/templates/linfi_loader.conf.j2
@@ -0,0 +1,5 @@
 vmm_load="YES"
 pptdevs="{{ linfi.pci_blocklist }}"
 {% if linfi.amd %}
 hw.vmm.amdvi.enable="1"
 {% endif %}
--- a/ansible/roles/media/files/cast_file_vaapi
+++ b/ansible/roles/media/files/cast_file_vaapi
@@ -4,7 +4,23 @@ set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 : ${VIDEO_BITRATE:="1M"} # Only for encoding modes targeting bitrate
 : ${AUDIO_BITRATE:="192k"}
 ############## Setup #########################
 function die {
    local status_code="$1"
    shift
    (>&2 echo "${@}")
    exit "$status_code"
 }
 function log {
    (>&2 echo "${@}")
 }
 ############## Program #########################
 function main {
    local cmd
@@ -12,28 +28,10 @@ function main {
    shift
    if [ "$cmd" = "copy" ]; then
        copy "${@}"
-    elif [ "$cmd" = "av1" ]; then
+    elif [ "$cmd" = "convert" ]; then
-        av1 "${@}"
+        convert "${@}"
-    elif [ "$cmd" = "stream_software_h264" ]; then
+    elif [ "$cmd" = "stream" ]; then
-        stream_software_h264 "${@}"
+        stream "${@}"
    elif [ "$cmd" = "stream_hardware_h264" ]; then
        stream_hardware_h264 "${@}"
    elif [ "$cmd" = "preprocess_software_h264" ]; then
        preprocess_software_h264 "${@}"
    elif [ "$cmd" = "preprocess_hardware_h264" ]; then
        preprocess_hardware_h264 "${@}"
    elif [ "$cmd" = "vp9" ]; then
        vp9 "${@}"
    elif [ "$cmd" = "preprocess_hardware_vp9" ]; then
        preprocess_hardware_vp9 "${@}"
    elif [ "$cmd" = "vp8" ]; then
        vp8 "${@}"
    elif [ "$cmd" = "software_vp8" ]; then
        software_vp8 "${@}"
    elif [ "$cmd" = "preprocess_h264" ]; then
        preprocess_h264 "${@}"
    elif [ "$cmd" = "preprocess_vp8" ]; then
        preprocess_vp8 "${@}"
    elif [ "$cmd" = "webcam" ]; then
        webcam "${@}"
    elif [ "$cmd" = "encode_webcam" ]; then
@@ -64,286 +62,106 @@ function copy {
        "rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
 }
-
+function convert {
 function av1 {
    # local additional_flags=()
    # additional_flags+=(--profile "$PROFILE")
    # (cd "$DIR/../" && cargo build --no-default-features "${additional_flags[@]}")
    local destination_type="$1" # "stream" or "preprocess"
    local acceleration_type="$2" # "software" or "hardware"
    # shift 2
    local args=()
    local acceleration_type="$1" # "software" or "hardware"
    local codec="$2" # "h264" or "av1"
    local file_to_cast="$3"
    local file_to_save="$4"
-    if [ "$destination_type" == "stream" ]; then
+
-        args+=(-re -stream_loop -1)
+
-    elif [ "$destination_type" == "preproces" ]; then
+    # Verify parameters
    if [ "$acceleration_type" == "software" ]; then
        true
    elif [ "$acceleration_type" == "hardware" ]; then
        true
    else
-        (>&2 echo "Unknown destination type: $destination_type")
+        die 1 "Unknown acceleration type: $acceleration_type"
        exit 1
    fi
    if [ "$codec" == "h264" ]; then
        true
    elif [ "$codec" == "av1" ]; then
        true
    else
        die 1 "Unknown codec: $codec"
    fi
    # Build command
    if [ "$acceleration_type" == "software" ]; then
        true
    elif [ "$acceleration_type" == "hardware" ]; then
        args+=(-vaapi_device /dev/dri/renderD128)
    else
        (>&2 echo "Unknown acceleration type: $acceleration_type")
        exit 1
    fi
    args+=(-i "$file_to_cast")
-    if [ "$acceleration_type" == "software" ]; then
+    if [ "$codec" == "h264" ]; then
-        args+=(-c:v h264)
+        if [ "$acceleration_type" == "software" ]; then
-    elif [ "$acceleration_type" == "hardware" ]; then
+            args+=(-c:v h264)
-        args+=(-vf 'format=nv12|vaapi,hwupload')
+            args+=(-profile:v high)
-        args+=(-c:v h264_vaapi)
+            args+=(-b:v "$VIDEO_BITRATE")
-    else
+        elif [ "$acceleration_type" == "hardware" ]; then
-        (>&2 echo "Unknown acceleration type: $acceleration_type")
+            args+=(-vf 'format=nv12|vaapi,hwupload')
-        exit 1
+            args+=(-c:v h264_vaapi)
            args+=(-profile:v high)
            args+=(-b:v "$VIDEO_BITRATE")
        fi
    elif [ "$codec" == "av1" ]; then
        if [ "$acceleration_type" == "software" ]; then
            args+=(-c:v libsvtav1)
            args+=(-preset 4) # [0-13] default 10, lower = higher quality / slower encode
            args+=(-crf 20) # [0-63] default 35, lower = higher quality / larger file
            # Parameters: https://gitlab.com/AOMediaCodec/SVT-AV1/-/blob/master/Docs/Parameters.md
            # fast-decode [0-2] default 0 (off), higher = faster decode
            # tune [0-2] default 1, Specifies whether to use PSNR or VQ as the tuning metric [0 = VQ, 1 = PSNR, 2 = SSIM]
            # film-grain-denoise, setting to 0 uses the original frames instead of denoising the film grain
            args+=(-svtav1-params "fast-decode=1:film-grain-denoise=0")
        elif [ "$acceleration_type" == "hardware" ]; then
            # -c:v av1_amf -quality quality
            args+=(-vf 'format=nv12|vaapi,hwupload')
            args+=(-c:v av1_vaapi)
            args+=(-b:v "$VIDEO_BITRATE")
        fi
    fi
-    args+=(-b:v 2M)
+
-    args+=(-profile:v high)
+
    # -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
    args+=(-bf 0)
    args+=(-strict -2)
    args+=(-c:a opus)
    args+=(-ac 2)
-    args+=(-b:a 320k)
+    args+=(-b:a "$AUDIO_BITRATE")
    args+=(-ar 48000)
-
+    args+=("$file_to_save")
-    if [ "$destination_type" == "stream" ]; then
+    set -x
-        args+=(-f rtsp)
+    </dev/null exec ffmpeg "${args[@]}"
        args+=(-rtsp_transport tcp)
        args+=("rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch")
    elif [ "$destination_type" == "preproces" ]; then
        args+=("$file_to_save")
    else
        (>&2 echo "Unknown destination type: $destination_type")
        exit 1
    fi
 }
-function stream_software_h264 {
+function stream {
-    local file_to_cast
+    local args=()
-    file_to_cast="$3"
+    local acceleration_type="$1" # "software" or "hardware"
    local codec="$2" # "h264" or "av1"
-    local USERNAME PASSWORD
+    local USERNAME="$3"
-    USERNAME="$1"
+    local PASSWORD="$4"
-    PASSWORD="$2"
+    local file_to_cast="$5"
    set -x
-    # -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
+    args+=(-re -stream_loop -1)
    </dev/null exec ffmpeg \
               -re \
               -stream_loop -1 \
               -i "$file_to_cast" \
               -c:v h264 \
               -b:v 2M \
               -profile:v high \
               -bf 0 \
               -strict -2 \
               -c:a opus \
               -ac 2 \
               -b:a 320k \
               -ar 48000 \
               -f rtsp \
               -rtsp_transport tcp \
               "rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
 }
-function stream_hardware_h264 {
+    args+=(-f rtsp)
-    local file_to_cast
+    args+=(-rtsp_transport tcp)
-    file_to_cast="$3"
+    args+=("rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch")
    local USERNAME PASSWORD
    USERNAME="$1"
    PASSWORD="$2"
    set -x
    # -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
    </dev/null exec ffmpeg \
               -re \
               -stream_loop -1 \
               -vaapi_device /dev/dri/renderD128 \
               -i "$file_to_cast" \
               -vf 'format=nv12|vaapi,hwupload' \
               -c:v h264_vaapi \
               -b:v 2M \
               -profile:v high \
               -bf 0 \
               -strict -2 \
               -c:a opus \
               -ac 2 \
               -b:a 320k \
               -ar 48000 \
               -f rtsp \
               -rtsp_transport tcp \
               "rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
 }
 function preprocess_software_h264 {
    local file_to_cast file_to_save
    file_to_cast="$1"
    file_to_save="$2"
    set -x
    # -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
    </dev/null exec ffmpeg \
               -i "$file_to_cast" \
               -c:v h264 \
               -b:v 2M \
               -profile:v high \
               -bf 0 \
               -strict -2 \
               -c:a opus \
               -ac 2 \
               -b:a 320k \
               -ar 48000 \
               "$file_to_save"
 }
 function preprocess_hardware_h264 {
    local file_to_cast file_to_save
    file_to_cast="$1"
    file_to_save="$2"
    set -x
    # -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
    </dev/null exec ffmpeg \
               -vaapi_device /dev/dri/renderD128 \
               -i "$file_to_cast" \
               -vf 'format=nv12,hwupload' \
               -c:v h264_vaapi \
               -b:v 2M \
               -profile:v high \
               -bf 0 \
               -strict -2 \
               -c:a opus \
               -ac 2 \
               -b:a 320k \
               -ar 48000 \
               "$file_to_save"
 }
 function vp9 {
    local file_to_cast
    file_to_cast="$3"
    local USERNAME PASSWORD
    USERNAME="$1"
    PASSWORD="$2"
    set -x
    # -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
    </dev/null exec ffmpeg \
        -re \
        -stream_loop -1 \
        -init_hw_device vaapi=foo:/dev/dri/renderD128 \
        -hwaccel vaapi \
        -hwaccel_output_format vaapi \
        -hwaccel_device foo \
        -i "$file_to_cast" \
        -filter_hw_device foo \
        -vf 'format=nv12|vaapi,hwupload' \
        -c:v vp9_vaapi \
        -bf 0 \
        -strict -2 \
        -c:a opus \
        -b:a 320k \
        -ar 48000 \
        -f rtsp \
        -rtsp_transport tcp \
        "rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
 }
 function preprocess_hardware_vp9 {
    local file_to_cast file_to_save
    file_to_cast="$1"
    file_to_save="$2"
    set -x
    # -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
    </dev/null exec ffmpeg \
        -init_hw_device vaapi=foo:/dev/dri/renderD128 \
        -hwaccel vaapi \
        -hwaccel_output_format vaapi \
        -hwaccel_device foo \
        -i "$file_to_cast" \
        -filter_hw_device foo \
        -vf 'format=nv12|vaapi,hwupload' \
        -c:v vp9_vaapi \
        -bf 0 \
        -strict -2 \
        -c:a opus \
        -b:a 320k \
        -ar 48000 \
        "$file_to_save"
 }
 function software_vp8 {
    local USERNAME PASSWORD
    USERNAME="$1"
    PASSWORD="$2"
    local file_to_cast
    file_to_cast="$3"
    set -x
    # -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
    # -strict -2 :: Enable support for experimental codecs like opus.
    # -b:v 2M :: Target 2 megabit/s
    # -crf 10 :: Target a quality level and adjust bitrate accordingly. This should be preferred, but ideally both should be used.
    </dev/null exec ffmpeg \
        -re \
        -stream_loop -1 \
        -i "$file_to_cast" \
        -c:v vp8 \
        -b:v 2M \
        -crf 10 \
        -bf 0 \
        -c:a opus \
        -b:a 320k \
        -ar 48000 \
        -strict -2 \
        -f rtsp \
        -rtsp_transport tcp \
        "rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
 }
 function preprocess_vp8 {
    local file_to_cast file_to_save
    file_to_cast="$1"
    file_to_save="$2"
    set -x
    # -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
    # -strict -2 :: Enable support for experimental codecs like opus.
    # -b:v 2M :: Target 2 megabit/s
    # -crf 10 :: Target a quality level and adjust bitrate accordingly. This should be preferred, but ideally both should be used.
    </dev/null exec ffmpeg \
        -i "$file_to_cast" \
        -c:v vp8 \
        -b:v 2M \
        -crf 10 \
        -bf 0 \
        -c:a opus \
        -b:a 320k \
        -ar 48000 \
        -strict -2 \
        "$file_to_save"
 }
 function webcam {
--- a/ansible/roles/media/tasks/linux.yaml
+++ b/ansible/roles/media/tasks/linux.yaml
@@ -1,3 +1,5 @@
 # Maybe install https://github.com/alexheretic/ab-av1 to find good crf values for encoding
 - name: Build aur packages
  register: buildaur
  become_user: "{{ build_user.name }}"
--- a/ansible/roles/network/files/homeserver_network.conf
+++ b/ansible/roles/network/files/homeserver_network.conf
@@ -1,4 +1,4 @@
-wlans_ath0="wlan0"
+# wlans_ath0="wlan0"
-ifconfig_wlan0="WPA DHCP"
+# ifconfig_wlan0="WPA DHCP"
-ifconfig_wlan0_ipv6="inet6 accept_rtadv"
+# ifconfig_wlan0_ipv6="inet6 accept_rtadv"
-ipv6_cpe_wanif="wlan0"
+# ipv6_cpe_wanif="wlan0"
--- a/ansible/roles/network/files/main.conf
+++ b/ansible/roles/network/files/main.conf
@@ -1,3 +1,6 @@
 [General]
 EnableNetworkConfiguration=true
 # AddressRandomization=network
 # Needed for Qualcomm WCN785x
 ControlPortOverNL80211=false
--- a/ansible/roles/network/files/next_hop_freebsd.bash
+++ b/ansible/roles/network/files/next_hop_freebsd.bash
@@ -0,0 +1,7 @@
 #!/usr/bin/env bash
 #
 set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 exec route get "${@}"
--- a/ansible/roles/network/files/next_hop_linux.bash
+++ b/ansible/roles/network/files/next_hop_linux.bash
@@ -0,0 +1,7 @@
 #!/usr/bin/env bash
 #
 set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 exec ip route get "${@}"
--- a/ansible/roles/network/files/odofreebsd_network.conf
+++ b/ansible/roles/network/files/odofreebsd_network.conf
@@ -1,4 +1,4 @@
-wlans_iwlwifi0="wlan0"
+# wlans_iwlwifi0="wlan0"
-ifconfig_wlan0="WPA DHCP"
+# ifconfig_wlan0="WPA DHCP"
-ifconfig_wlan0_ipv6="inet6 accept_rtadv"
+# ifconfig_wlan0_ipv6="inet6 accept_rtadv"
-ipv6_cpe_wanif="wlan0"
+# ipv6_cpe_wanif="wlan0"
--- a/ansible/roles/network/tasks/freebsd.yaml
+++ b/ansible/roles/network/tasks/freebsd.yaml
@@ -75,3 +75,14 @@
  file:
    path: "/etc/rc.conf.d/ip6addrctl"
    state: absent
 - name: Install scripts
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0755
    owner: root
    group: wheel
  loop:
    - src: next_hop_freebsd.bash
      dest: /usr/local/bin/next_hop
--- a/ansible/roles/network/tasks/linux.yaml
+++ b/ansible/roles/network/tasks/linux.yaml
@@ -58,3 +58,14 @@
    - iwd.service
    # - systemd-networkd.service
    - systemd-resolved.service
 - name: Install scripts
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0755
    owner: root
    group: wheel
  loop:
    - src: next_hop_linux.bash
      dest: /usr/local/bin/next_hop
--- a/ansible/roles/nix/tasks/common.yaml
+++ b/ansible/roles/nix/tasks/common.yaml
@@ -0,0 +1,55 @@
 # - name: Create directories
 #   file:
 #     name: "{{ item }}"
 #     state: directory
 #     mode: 0755
 #     owner: root
 #     group: wheel
 #   loop:
 #     - /foo/bar
 # - name: Install scripts
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ item.dest }}"
 #     mode: 0755
 #     owner: root
 #     group: wheel
 #   loop:
 #     - src: foo.bash
 #       dest: /usr/local/bin/foo
 # - name: Install Configuration
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ item.dest }}"
 #     mode: 0600
 #     owner: root
 #     group: wheel
 #   loop:
 #     - src: foo.conf
 #       dest: /usr/local/etc/foo.conf
 # - name: Clone Source
 #   git:
 #     repo: "https://foo.bar/baz.git"
 #     dest: /foo/bar
 #     version: "v1.0.2"
 #     force: true
 #   diff: false
 - import_tasks: tasks/freebsd.yaml
  when: 'os_flavor == "freebsd"'
 - import_tasks: tasks/linux.yaml
  when: 'os_flavor == "linux"'
 - include_tasks:
    file: tasks/peruser.yaml
    apply:
      become: yes
      become_user: "{{ initialize_user }}"
  when: users is defined
  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
  loop_control:
    loop_var: initialize_user
--- a/ansible/roles/nix/tasks/freebsd.yaml
+++ b/ansible/roles/nix/tasks/freebsd.yaml
@@ -0,0 +1,5 @@
 # - name: Install packages
 #   package:
 #     name:
 #       - foo
 #     state: present
--- a/ansible/roles/nix/tasks/linux.yaml
+++ b/ansible/roles/nix/tasks/linux.yaml
@@ -0,0 +1,21 @@
 # - name: Build aur packages
 #   register: buildaur
 #   become_user: "{{ build_user.name }}"
 #   command: "aurutils-sync --no-view {{ item }}"
 #   args:
 #     creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
 #   loop:
 #     - nixd
 # - name: Update cache
 #   when: buildaur.changed
 #   pacman:
 #     name: []
 #     state: present
 #     update_cache: true
 # - name: Install packages
 #   package:
 #     name:
 #       - nixd
 #     state: present
--- a/ansible/roles/nix/tasks/main.yaml
+++ b/ansible/roles/nix/tasks/main.yaml
@@ -0,0 +1,2 @@
 - import_tasks: tasks/common.yaml
  # when: foo is defined
--- a/ansible/roles/nix/tasks/peruser.yaml
+++ b/ansible/roles/nix/tasks/peruser.yaml
@@ -0,0 +1,29 @@
 - include_role:
    name: per_user
 # - name: Create directories
 #   file:
 #     name: "{{ account_homedir.stdout }}/{{ item }}"
 #     state: directory
 #     mode: 0700
 #     owner: "{{ account_name.stdout }}"
 #     group: "{{ group_name.stdout }}"
 #   loop:
 #     - ".config/foo"
 # - name: Copy files
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
 #     mode: 0600
 #     owner: "{{ account_name.stdout }}"
 #     group: "{{ group_name.stdout }}"
 #   loop:
 #     - src: foo.conf
 #       dest: .config/foo/foo.conf
 - import_tasks: tasks/peruser_freebsd.yaml
  when: 'os_flavor == "freebsd"'
 - import_tasks: tasks/peruser_linux.yaml
  when: 'os_flavor == "linux"'
--- a/ansible/roles/nix/tasks/peruser_freebsd.yaml
+++ b/ansible/roles/nix/tasks/peruser_freebsd.yaml
--- a/ansible/roles/nix/tasks/peruser_linux.yaml
+++ b/ansible/roles/nix/tasks/peruser_linux.yaml
--- a/ansible/roles/portshaker/files/freebsd
+++ b/ansible/roles/portshaker/files/freebsd
@@ -5,6 +5,7 @@ if [ "$1" != '--' ]; then
 fi
 shift
 method="git"
-git_clone_uri="https://git.FreeBSD.org/ports.git"
+git_clone_uri="https://code.fizz.buzz/mirror/freebsd-ports.git"
 # git_clone_uri="https://git.FreeBSD.org/ports.git"
 git_branch="main"
 run_portshaker_command $*
--- a/ansible/roles/portshaker/files/portshaker.conf
+++ b/ansible/roles/portshaker/files/portshaker.conf
@@ -5,5 +5,5 @@ mirror_base_dir="/var/cache/portshaker"
 ports_trees="main"
 main_ports_tree="/usr/local/portshaker/trees/main"
-# main_merge_from="freebsd myrepo"
+main_merge_from="freebsd myrepo"
-main_merge_from="freebsd"
+# main_merge_from="freebsd"
--- a/ansible/roles/poudriere/files/poudriere.d/14broadwell-default-computer-make.conf
+++ b/ansible/roles/poudriere/files/poudriere.d/14broadwell-default-computer-make.conf
@@ -2,7 +2,7 @@ CPUTYPE?=broadwell
 # CPU optimizations for go
 .if ${.CURDIR:M*/lang/go*}
-OPTIONS_SET+=V2
+OPTIONS_UNSET+=V1
 OPTIONS_SET+=V3
 .endif
--- a/ansible/roles/poudriere/files/poudriere.d/currentznver4-default-framework-make.conf
+++ b/ansible/roles/poudriere/files/poudriere.d/currentznver4-default-framework-make.conf
@@ -9,8 +9,7 @@ CPUTYPE?=znver4
 # CPU optimizations for go
 .if ${.CURDIR:M*/lang/go*}
-OPTIONS_SET+=V2
+OPTIONS_UNSET+=V1
 OPTIONS_SET+=V3
 OPTIONS_SET+=V4
 .endif
@@ -34,6 +33,7 @@ OPTIONS_SET+=STATIC LTO
 .if ${.CURDIR:M*/editors/emacs*}
 OPTIONS_SET+=NATIVECOMP PGTK
 OPTIONS_UNSET+=XPM
 .endif
 .if ${.CURDIR:M*/www/firefox*}
--- a/ansible/roles/poudriere/files/poudriere.d/currentznver4-default-framework-pkglist
+++ b/ansible/roles/poudriere/files/poudriere.d/currentznver4-default-framework-pkglist
@@ -1,3 +1,4 @@
 #sysutils/kubeswitch
 accessibility/wlsunset
 archivers/unrar
 archivers/unzip
@@ -104,6 +105,7 @@ sysutils/pv
 sysutils/radeontop
 sysutils/rust-coreutils
 sysutils/shuf
 sysutils/stern
 sysutils/terraform
 sysutils/tmux
 sysutils/tree
--- a/ansible/roles/sftp/tasks/common.yaml
+++ b/ansible/roles/sftp/tasks/common.yaml
@@ -64,6 +64,23 @@
 #     force: true
 #   diff: false
 - name: Create directories
  file:
    name: "{{ item }}"
    state: directory
    mode: 0700
    owner: nochainstounlock
    group: nochainstounlock
  loop:
    - /home/nochainstounlock/.ssh
 - name: Set authorized keys
  authorized_key:
    user: nochainstounlock
    key: |
      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrjXsXjtxEm47XnRZfo67kJULoc0NBLrB0lPYFiS2Ar kodi@neelix
    exclusive: true
 - import_tasks: tasks/freebsd.yaml
  when: 'os_flavor == "freebsd"'
--- a/ansible/roles/sway/files/config
+++ b/ansible/roles/sway/files/config
@@ -21,6 +21,9 @@ set $term alacritty
 # set $menu dmenu_path | dmenu | xargs swaymsg exec
 set $menu wofi --show drun --gtk-dark
 # Do not show a title bar on windows
 default_border pixel 2
 bindsym $mod+grave exec $term
 include ~/.config/sway/config.d/*.conf
--- a/ansible/roles/sway/files/sway_config_files/screenshots.conf
+++ b/ansible/roles/sway/files/sway_config_files/screenshots.conf
@@ -3,7 +3,7 @@
 bindsym $mod+print exec slurp | grim -g - "$HOME/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"
 bindsym print exec grim "$HOME/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"
 # Maybe add --audio flag? can optionally specify specific device name from `pactl list sources | grep Name`
-bindsym $mod+Shift+print exec wl-screenrec -g "$(slurp)" -f "$HOME/$(date +'screencast_%Y-%m-%d-%H%M%S.mkv')"
+bindsym $mod+Shift+print exec wl-screenrec -g "$(slurp)" --codec av1 -f "$HOME/$(date +'screencast_%Y-%m-%d-%H%M%S.mkv')"
-bindsym Shift+print exec wl-screenrec -f "$HOME/$(date +'screencast_%Y-%m-%d-%H%M%S.mkv')"
+bindsym Shift+print exec wl-screenrec --codec av1 -f "$HOME/$(date +'screencast_%Y-%m-%d-%H%M%S.mkv')"
-bindsym $mod+ctrl+Shift+print exec killall -SIGINT wl-sceenrec
+bindsym $mod+ctrl+Shift+print exec pkill -SIGINT wl-screenrec
 # Need to make a hotkey to end the recording
--- a/ansible/roles/waybar/files/style.css
+++ b/ansible/roles/waybar/files/style.css
@@ -149,6 +149,11 @@ tooltip {
  padding-bottom: 2px;
 }
 #window {
  padding-left: 10px;
  padding-right: 10px;
 }
 #network {
  /* No styles */
 }
--- a/ansible/roles/waybar/files/waybar_config.json
+++ b/ansible/roles/waybar/files/waybar_config.json
@@ -1,6 +1,7 @@
 {
  // "height": 10, // Waybar height (to be removed for auto height)
  "modules-left": ["sway/workspaces", "sway/mode"],
  "modules-center": ["sway/window"],
  "modules-right": ["custom/night_mode", "custom/temperature", "custom/sound", "custom/available_memory", "custom/battery", "idle_inhibitor", "custom/clock", "tray"],
  "sway/workspaces": {
    "disable-scroll": true
@@ -8,6 +9,9 @@
  "sway/mode": {
    "format": "<span style=\"italic\">{}</span>"
  },
  "sway/window": {
    "format": "{title}"
  },
  "idle_inhibitor": {
    "format": "{icon}",
    "format-icons": {
--- a/ansible/roles/waybar/files/waybar_scripts/waybar_night_mode.bash
+++ b/ansible/roles/waybar/files/waybar_scripts/waybar_night_mode.bash
@@ -8,7 +8,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 SLEEP_INTERVAL=${SLEEP_INTERVAL:-30}
 # ◓◒●◌◎
-# 🟠🟡🟢🟣🟤
+# 🔴🔵🟠🟡🟢🟣🟤
 # 🟥🟦🟧🟨🟩🟪🟫
 # ☀☯⭐🌝🌞⏾
 # 🌑🌓🌗🌕
@@ -42,7 +42,7 @@ function main {
    local night_mode_icon night_mode_text night_mode_class
    night_mode_mode="auto"
    night_mode_class=""
-    wlsunset -l 40.7 -L -74.0 &
+    wlsunset -S 07:00 -s 22:00 &
    wlsunset_pid=$!
    while true; do
--- a/ansible/roles/zfs/tasks/linux.yaml
+++ b/ansible/roles/zfs/tasks/linux.yaml
@@ -1,7 +1,8 @@
 - name: Install packages
  package:
    name:
-      - linux-lts-headers
+      # - linux-lts-headers
      - linux-headers
    state: present
 - name: Check trusted gpg keys
@@ -26,7 +27,7 @@
  args:
    creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
  loop:
-    - zfs-dkms
+    - zfs-dkms-git
    - zfs-utils
 - name: Update cache
@@ -39,7 +40,7 @@
 - name: Install packages
  package:
    name:
-      - zfs-dkms
+      - zfs-dkms-git
      - zfs-utils
    state: present
--- a/nix/configuration/configuration.nix
+++ b/nix/configuration/configuration.nix
@@ -0,0 +1,254 @@
 {
  config,
  lib,
  pkgs,
  home-manager,
  ...
 }:
 {
  imports = [
    ./roles/reset
    ./roles/global_options
    ./util/unfree_polyfill
    ./roles/iso
    "${
      builtins.fetchTarball {
        url = "https://github.com/nix-community/disko/archive/refs/tags/v1.9.0.tar.gz";
        sha256 = "0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388";
      }
    }/module.nix"
    ./roles/boot
    ./roles/zfs
    ./roles/network
    ./roles/firewall
    ./roles/zsh
    ./roles/zrepl
    ./roles/graphics
    ./roles/sound
    ./roles/sway
    ./roles/kanshi
    ./roles/alacritty
    ./roles/firefox
    ./roles/chromium
    ./roles/emacs
    ./roles/git
    ./roles/fonts
    ./roles/gpg
    ./roles/waybar
    ./roles/qemu
    ./roles/wireguard
    ./roles/ares
    ./roles/ssh
    ./roles/python
    ./roles/docker
    ./roles/kubernetes
    ./roles/rust
    ./roles/media
    ./roles/steam
    ./roles/latex
    ./roles/launch_keyboard
    ./roles/lvfs
    ./roles/nvme
    ./roles/terraform
    ./roles/vscode
    ./roles/wasm
    ./roles/vnc_client
    ./roles/chromecast
    ./roles/memtest86
    ./roles/kodi
    ./roles/ansible
    ./roles/bluetooth
    ./roles/sm64ex
    ./roles/shipwright
    ./roles/2ship2harkinian
    ./roles/nix_index
  ];
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];
  nix.settings.trusted-users = [ "@wheel" ];
  # boot.kernelPackages = pkgs.linuxPackages_6_11;
  hardware.enableRedistributableFirmware = true;
  services.getty = {
    autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
    autologinOnce = true;
  };
  users.mutableUsers = false;
  users.users.talexander = {
    isNormalUser = true;
    createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
    group = "talexander";
    extraGroups = [ "wheel" ];
    uid = 11235;
    packages = with pkgs; [
      tree
    ];
    # Generate with `mkpasswd -m scrypt`
    hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
    ];
  };
  users.groups.talexander.gid = 11235;
  home-manager.users.talexander =
    { pkgs, ... }:
    {
      home.packages = [
        pkgs.atool
        pkgs.httpie
      ];
      programs.bash.enable = true;
      # The state version is required and should stay at the version you
      # originally installed.
      home.stateVersion = "24.11";
    };
  # Automatic garbage collection
  nix.gc = lib.mkIf (!config.me.buildingIso) {
    # Runs nix-collect-garbage --delete-older-than 5d
    automatic = true;
    randomizedDelaySec = "14m";
    options = "--delete-older-than 30d";
  };
  nix.settings.auto-optimise-store = !config.me.buildingIso;
  # Use doas instead of sudo
  security.doas.enable = true;
  security.doas.wheelNeedsPassword = false;
  security.sudo.enable = false;
  security.doas.extraRules = [
    {
      # Retain environment (for example NIX_PATH)
      keepEnv = true;
      persist = true; # Only ask for a password the first time.
    }
  ];
  environment.systemPackages = with pkgs; [
    wget
    mg
    rsync
    libinput
    htop
    tmux
    file
    usbutils # for lsusb
    pciutils # for lspci
    ripgrep
    strace
    ltrace
    trace-cmd # ftrace
    tcpdump
    git-crypt
    gnumake
    ncdu
    nix-tree
    libarchive # bsdtar
  ];
  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
    };
    hostKeys = [
      {
        path = "/persist/ssh/ssh_host_ed25519_key";
        type = "ed25519";
      }
      {
        path = "/persist/ssh/ssh_host_rsa_key";
        type = "rsa";
        bits = 4096;
      }
    ];
  };
  environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
    hideMounts = true;
    directories = [
      "/var/lib/iwd" # Wifi settings
      "/var/lib/nixos" # Contains user information (uids/gids)
      "/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
      "/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
    ];
    files = [
      "/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
      "/etc/ssh/ssh_host_rsa_key"
      "/etc/ssh/ssh_host_rsa_key.pub"
      "/etc/ssh/ssh_host_ed25519_key"
      "/etc/ssh/ssh_host_ed25519_key.pub"
    ];
    users.talexander = {
      directories = [
        {
          directory = "persist";
          user = "talexander";
          group = "talexander";
          mode = "0700";
        }
      ];
    };
  };
  # Write a list of the currently installed packages to /etc/current-system-packages
  environment.etc."current-system-packages".text =
    let
      packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
      sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
      formatted = builtins.concatStringsSep "\n" sortedUnique;
    in
    formatted;
  # environment.etc."system-packages-with-source".text = builtins.concatStringsSep "\n\n" (
  #   builtins.map (
  #     x: x.file + "\n" + builtins.concatStringsSep "\n" (builtins.map (s: "  " + s) x.value)
  #   ) config.environment.systemPackages.definitionsWithLocations
  # );
  # nixpkgs.overlays = [
  #   (final: prev: {
  #     nix = pkgs-unstable.nix;
  #   })
  # ];
  # nixpkgs.overlays = [
  #   (final: prev: {
  #     foot = throw "foo";
  #   })
  # ];
  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;
  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
  # Most users should NEVER change this value after the initial install, for any reason,
  # even if you've upgraded your system to a new NixOS release.
  #
  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
  # to actually do that.
  #
  # This value being lower than the current NixOS release does NOT mean your system is
  # out of date, out of support, or vulnerable.
  #
  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
  # and migrated your data accordingly.
  #
  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "24.11"; # Did you read the comment?
 }
--- a/nix/configuration/flake.lock
+++ b/nix/configuration/flake.lock
@@ -0,0 +1,350 @@
 {
  "nodes": {
    "ansible-sshjail": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1,
        "narHash": "sha256-c4Ds4E/10Zj5AQLuJ3JvJTuDK8o2WjVXLcIL7eyhTfw=",
        "path": "flakes/ansible-sshjail",
        "type": "path"
      },
      "original": {
        "path": "flakes/ansible-sshjail",
        "type": "path"
      }
    },
    "crane": {
      "locked": {
        "lastModified": 1731098351,
        "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
        "owner": "ipetkov",
        "repo": "crane",
        "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
        "type": "github"
      },
      "original": {
        "owner": "ipetkov",
        "repo": "crane",
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1730504689,
        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "type": "github"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_2": {
      "inputs": {
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
          "lanzaboote",
          "pre-commit-hooks-nix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1709087332,
        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1737762889,
        "narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "impermanence": {
      "locked": {
        "lastModified": 1737831083,
        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
        "owner": "nix-community",
        "repo": "impermanence",
        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "impermanence",
        "type": "github"
      }
    },
    "lanzaboote": {
      "inputs": {
        "crane": "crane",
        "flake-compat": "flake-compat",
        "flake-parts": "flake-parts",
        "nixpkgs": [
          "nixpkgs"
        ],
        "pre-commit-hooks-nix": "pre-commit-hooks-nix",
        "rust-overlay": "rust-overlay"
      },
      "locked": {
        "lastModified": 1737639419,
        "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
        "owner": "nix-community",
        "repo": "lanzaboote",
        "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "v0.4.2",
        "repo": "lanzaboote",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1737885589,
        "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-b93b4e9b5": {
      "locked": {
        "lastModified": 1713721570,
        "narHash": "sha256-R0s+O5UjTePQRb72XPgtkTmEiOOW8n+1q9Gxt/OJnKU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
        "type": "github"
      }
    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1730741070,
        "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "pre-commit-hooks-nix": {
      "inputs": {
        "flake-compat": [
          "lanzaboote",
          "flake-compat"
        ],
        "gitignore": "gitignore",
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ],
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
        "lastModified": 1731363552,
        "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "ansible-sshjail": "ansible-sshjail",
        "home-manager": "home-manager",
        "impermanence": "impermanence",
        "lanzaboote": "lanzaboote",
        "nixpkgs": "nixpkgs",
        "nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5",
        "zsh-histdb": "zsh-histdb"
      }
    },
    "rust-overlay": {
      "inputs": {
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1731897198,
        "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
        "owner": "oxalica",
        "repo": "rust-overlay",
        "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
        "type": "github"
      },
      "original": {
        "owner": "oxalica",
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "zsh-histdb": {
      "inputs": {
        "flake-utils": "flake-utils_2",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1,
        "narHash": "sha256-5DWw7GnwVZ98HUp/UUJcyUmmy9Bh/mcQB8MQQ0t3ZRo=",
        "path": "flakes/zsh-histdb",
        "type": "path"
      },
      "original": {
        "path": "flakes/zsh-histdb",
        "type": "path"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/nix/configuration/flake.nix
+++ b/nix/configuration/flake.nix
@@ -0,0 +1,153 @@
 # Build ISO image
 #   nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#iso.odo
 #   output: result/iso/nixos.iso
 # Run the ISO image
 #   "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
 #        -accel kvm \
 #        -cpu host \
 #        -smp cores=8 \
 #        -m 32768 \
 #        -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
 #        -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" \
 #        -nic user,hostfwd=tcp::60022-:22 \
 #        -boot order=d \
 #        -cdrom "$(readlink -f ./result/iso/nixos.iso)" \
 #        -display vnc=127.0.0.1:0
 #
 # doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd
 # doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" -accel kvm -cpu host -smp cores=8 -m 32768 -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" -nic user,hostfwd=tcp::60022-:22 -boot order=d -cdrom /persist/machine_setup/nix/configuration/result/iso/nixos*.iso -display vnc=127.0.0.1:0
 # Get a repl for this flake
 #   nix repl --expr "builtins.getFlake \"$PWD\""
 # TODO maybe use `nix eval --raw .#iso.odo.outPath`
 # iso.odo.isoName == "nixos.iso"
 # full path = <outPath> / iso / <isoName>
 {
  description = "My system configuration";
  inputs = {
    impermanence.url = "github:nix-community/impermanence";
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4";
    home-manager.url = "github:nix-community/home-manager";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
    lanzaboote = {
      url = "github:nix-community/lanzaboote/v0.4.2";
      # Optional but recommended to limit the size of your system closure.
      inputs.nixpkgs.follows = "nixpkgs";
    };
    zsh-histdb = {
      url = "path:flakes/zsh-histdb";
      # Optional but recommended to limit the size of your system closure.
      inputs.nixpkgs.follows = "nixpkgs";
    };
    ansible-sshjail = {
      url = "path:flakes/ansible-sshjail";
      # Optional but recommended to limit the size of your system closure.
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs =
    {
      self,
      nixpkgs,
      nixpkgs-b93b4e9b5,
      impermanence,
      home-manager,
      lanzaboote,
      zsh-histdb,
      ansible-sshjail,
      ...
    }@inputs:
    let
      base_x86_64_linux = rec {
        system = "x86_64-linux";
        specialArgs = {
          pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
            inherit system;
          };
        };
        modules = [
          impermanence.nixosModules.impermanence
          home-manager.nixosModules.home-manager
          lanzaboote.nixosModules.lanzaboote
          {
            home-manager.useGlobalPkgs = true;
            home-manager.useUserPackages = true;
          }
          {
            nixpkgs.overlays = [
              zsh-histdb.overlays.default
              ansible-sshjail.overlays.default
            ];
          }
          ./configuration.nix
        ];
      };
      systems = {
        odo = {
          main = nixpkgs.lib.nixosSystem (
            base_x86_64_linux
            // {
              modules = base_x86_64_linux.modules ++ [
                ./hosts/odo
              ];
            }
          );
          iso = nixpkgs.lib.nixosSystem (
            base_x86_64_linux
            // {
              modules = base_x86_64_linux.modules ++ [
                ./hosts/odo
                (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
                # TODO: Figure out how to do image based appliances
                # (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
                {
                  isoImage.makeEfiBootable = true;
                  isoImage.makeUsbBootable = true;
                  me.buildingIso = true;
                }
              ];
            }
          );
        };
        neelix = {
          main = nixpkgs.lib.nixosSystem (
            base_x86_64_linux
            // {
              modules = base_x86_64_linux.modules ++ [
                ./hosts/neelix
              ];
            }
          );
          iso = nixpkgs.lib.nixosSystem (
            base_x86_64_linux
            // {
              modules = base_x86_64_linux.modules ++ [
                ./hosts/neelix
                (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
                {
                  isoImage.makeEfiBootable = true;
                  isoImage.makeUsbBootable = true;
                  me.buildingIso = true;
                }
              ];
            }
          );
        };
      };
    in
    {
      nixosConfigurations.odo = systems.odo.main;
      iso.odo = systems.odo.iso.config.system.build.isoImage;
      nixosConfigurations.neelix = systems.neelix.main;
      iso.neelix = systems.neelix.iso.config.system.build.isoImage;
    };
 }
--- a/nix/configuration/flakes/ansible-sshjail/flake.lock
+++ b/nix/configuration/flakes/ansible-sshjail/flake.lock
@@ -0,0 +1,61 @@
 {
  "nodes": {
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1735141468,
        "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-24.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/nix/configuration/flakes/ansible-sshjail/flake.nix
+++ b/nix/configuration/flakes/ansible-sshjail/flake.nix
@@ -0,0 +1,34 @@
 {
  description = "A slightly better history for zsh";
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
  inputs.flake-utils.url = "github:numtide/flake-utils";
  outputs =
    {
      self,
      nixpkgs,
      flake-utils,
      ...
    }:
    let
      out =
        system:
        let
          pkgs = nixpkgs.legacyPackages.${system};
          # Maybe pkgs = import nixpkgs { inherit system; }; ?
          appliedOverlay = self.overlays.default pkgs pkgs;
        in
        {
          packages = rec {
            default = ansible-sshjail;
            ansible-sshjail = appliedOverlay.ansible-sshjail;
          };
        };
    in
    flake-utils.lib.eachDefaultSystem out
    // {
      overlays.default = final: prev: {
        ansible-sshjail = final.callPackage ./package.nix { };
      };
    };
 }
--- a/nix/configuration/flakes/ansible-sshjail/package.nix
+++ b/nix/configuration/flakes/ansible-sshjail/package.nix
@@ -0,0 +1,33 @@
 # unpackPhase
 # patchPhase
 # configurePhase
 # buildPhase
 # checkPhase
 # installPhase
 # fixupPhase
 # installCheckPhase
 # distPhase
 {
  stdenv,
  fetchgit,
  ...
 }:
 stdenv.mkDerivation {
  name = "ansible-sshjail";
  src = fetchgit {
    url = "https://github.com/austinhyde/ansible-sshjail.git";
    rev = "a7b0076fdb680b915d35efafd1382919100532b6";
    sha256 = "sha256-4QX/017fDRzb363NexgvHZ/VFKXOjRgGPDKKygyUylM=";
  };
  phases = [
    "installPhase"
  ];
  installPhase = ''
    runHook preInstall
    mkdir -p $out/share/ansible/plugins/connection_plugins
    cp $src/sshjail.py $out/share/ansible/plugins/connection_plugins/
    runHook postInstall
  '';
 }
--- a/nix/configuration/flakes/starship-game/flake.lock
+++ b/nix/configuration/flakes/starship-game/flake.lock
@@ -0,0 +1,61 @@
 {
  "nodes": {
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1735141468,
        "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-24.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/nix/configuration/flakes/starship-game/flake.nix
+++ b/nix/configuration/flakes/starship-game/flake.nix
@@ -0,0 +1,34 @@
 {
  description = "A slightly better history for zsh";
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
  inputs.flake-utils.url = "github:numtide/flake-utils";
  outputs =
    {
      self,
      nixpkgs,
      flake-utils,
      ...
    }:
    let
      out =
        system:
        let
          pkgs = nixpkgs.legacyPackages.${system};
          # Maybe pkgs = import nixpkgs { inherit system; }; ?
          appliedOverlay = self.overlays.default pkgs pkgs;
        in
        {
          packages = rec {
            default = starship-game;
            starship-game = appliedOverlay.starship-game;
          };
        };
    in
    flake-utils.lib.eachDefaultSystem out
    // {
      overlays.default = final: prev: {
        starship-game = final.callPackage ./package.nix { };
      };
    };
 }
--- a/nix/configuration/flakes/starship-game/package.nix
+++ b/nix/configuration/flakes/starship-game/package.nix
@@ -0,0 +1,261 @@
 {
  lib,
  stdenv,
  SDL2,
  cmake,
  copyDesktopItems,
  fetchFromGitHub,
  fetchpatch,
  fetchurl,
  imagemagick,
  imgui,
  libpng,
  libpulseaudio,
  libzip,
  lsb-release,
  makeDesktopItem,
  makeWrapper,
  ninja,
  nlohmann_json,
  pkg-config,
  python3,
  spdlog,
  stormlib,
  tinyxml-2,
  writeTextFile,
  zenity,
 }:
 let
  # This would get fetched at build time otherwise, see:
  # https://github.com/HarbourMasters/2ship2harkinian/blob/1.0.2/mm/CMakeLists.txt#L708
  gamecontrollerdb = fetchurl {
    name = "gamecontrollerdb.txt";
    url = "https://raw.githubusercontent.com/gabomdq/SDL_GameControllerDB/b1759cf84028aab89caa1c395e198c340b8dfd89/gamecontrollerdb.txt";
    hash = "sha256-7C5EkqBIhLGNJuhi3832y0ffW5Ep7iuTYXb1bL5h2Js=";
  };
  # 2ship needs a specific imgui version
  imgui' = imgui.overrideAttrs rec {
    version = "1.90.6";
    src = fetchFromGitHub {
      owner = "ocornut";
      repo = "imgui";
      rev = "v${version}-docking";
      hash = "sha256-Y8lZb1cLJF48sbuxQ3vXq6GLru/WThR78pq7LlORIzc=";
    };
  };
  libgfxd = fetchFromGitHub {
    owner = "glankk";
    repo = "libgfxd";
    rev = "96fd3b849f38b3a7c7b7f3ff03c5921d328e6cdf";
    hash = "sha256-dedZuV0BxU6goT+rPvrofYqTz9pTA/f6eQcsvpDWdvQ=";
  };
  yaml_cpp = fetchFromGitHub {
    owner = "jbeder";
    repo = "yaml-cpp";
    rev = "f7320141120f720aecc4c32be25586e7da9eb978";
    hash = "sha256-J87oS6Az1/vNdyXu3L7KmUGWzU0IAkGrGMUUha+xDXI=";
  };
  # spdlog = fetchFromGitHub {
  #   owner = "gabime";
  #   repo = "spdlog";
  #   rev = "7e635fca68d014934b4af8a1cf874f63989352b7";
  #   hash = "sha256-cxTaOuLXHRU8xMz9gluYz0a93O0ez2xOxbloyc1m1ns=";
  # };
  # stb_impl = writeTextFile {
  #   name = "stb_impl.c";
  #   text = ''
  #     #define STB_IMAGE_IMPLEMENTATION
  #     #include "stb_image.h"
  #   '';
  # };
  # stb' = fetchurl {
  #   name = "stb_image.h";
  #   url = "https://raw.githubusercontent.com/nothings/stb/0bc88af4de5fb022db643c2d8e549a0927749354/stb_image.h";
  #   hash = "sha256-xUsVponmofMsdeLsI6+kQuPg436JS3PBl00IZ5sg3Vw=";
  # };
  # Apply 2ship's patch for stormlib
  stormlib' = stormlib.overrideAttrs (prev: rec {
    version = "9.25";
    src = fetchFromGitHub {
      owner = "ladislav-zezula";
      repo = "StormLib";
      rev = "v${version}";
      hash = "sha256-HTi2FKzKCbRaP13XERUmHkJgw8IfKaRJvsK3+YxFFdc=";
    };
    nativeBuildInputs = prev.nativeBuildInputs ++ [ pkg-config ];
    patches = (prev.patches or [ ]) ++ [
      (fetchpatch {
        name = "stormlib-optimizations.patch";
        url = "https://github.com/briaguya-ai/StormLib/commit/ff338b230544f8b2bb68d2fbe075175ed2fd758c.patch";
        hash = "sha256-Jbnsu5E6PkBifcx/yULMVC//ab7tszYgktS09Azs5+4=";
      })
    ];
  });
  thread_pool = fetchFromGitHub {
    owner = "bshoshany";
    repo = "thread-pool";
    rev = "v4.1.0";
    hash = "sha256-zhRFEmPYNFLqQCfvdAaG5VBNle9Qm8FepIIIrT9sh88=";
  };
 in
 stdenv.mkDerivation (finalAttrs: {
  pname = "starship-game";
  version = "v1.0.0";
  src = fetchFromGitHub {
    owner = "HarbourMasters";
    repo = "starship";
    # rev = "5e5e49da93e066f51c3010ba38f09331d866f2db";
    tag = finalAttrs.version;
    hash = "sha256-kaLLlLuonqE2DJcRlWR4tCEBNjwIYFlzeDLcYsvMO7I=";
    fetchSubmodules = true;
  };
  # patches = [
  #   # remove fetching stb as we will patch our own
  #   ./0001-deps.patch
  # ];
  nativeBuildInputs = [
    cmake
    copyDesktopItems
    imagemagick
    lsb-release
    makeWrapper
    ninja
    pkg-config
    python3
  ];
  buildInputs = [
    SDL2
    imgui'
    libpng
    libpulseaudio
    libzip
    nlohmann_json
    spdlog
    stormlib'
    tinyxml-2
    zenity
  ];
  cmakeFlags = [
    (lib.cmakeBool "NON_PORTABLE" true)
    (lib.cmakeFeature "CMAKE_INSTALL_PREFIX" "${placeholder "out"}/starship-game")
    (lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_IMGUI" "${imgui'.src}")
    (lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_LIBGFXD" "${libgfxd}")
    (lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_STORMLIB" "${stormlib'}")
    (lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_THREADPOOL" "${thread_pool}")
  ];
  dontAddPrefix = true;
  # Linking fails without this
  hardeningDisable = [ "format" ];
  # Pie needs to be enabled or else it segfaults
  hardeningEnable = [ "pie" ];
  # preConfigure = ''
  #   # mirror 2ship's stb
  #   mkdir stb
  #   cp ${stb'} ./stb/${stb'.name}
  #   cp ${stb_impl} ./stb/${stb_impl.name}
  #   substituteInPlace libultraship/cmake/dependencies/common.cmake \
  #     --replace-fail "\''${STB_DIR}" "/build/source/stb"
  # '';
  # (cd tools/Torch && cmake -H. -Bbuild-cmake -GNinja \
  # -DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
  # -DFETCHCONTENT_SOURCE_DIR_YAML-CPP=${finalAttrs.yaml_cpp_src} \
  # -DFETCHCONTENT_SOURCE_DIR_SPDLOG=${finalAttrs.spdlog_src}
  # )
  configurePhase = ''
    cmake -H. -Bbuild-cmake -GNinja \
    -DFETCHCONTENT_SOURCE_DIR_IMGUI=${imgui'.src} \
    -DFETCHCONTENT_SOURCE_DIR_STORMLIB=${stormlib'} \
    -DFETCHCONTENT_SOURCE_DIR_THREADPOOL=${thread_pool}
    (cd tools/Torch && cmake -H. -Bbuild-cmake -GNinja \
    -DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
    -DFETCHCONTENT_SOURCE_DIR_YAML-CPP=${yaml_cpp} \
    -DFETCHCONTENT_SOURCE_DIR_SPDLOG=${spdlog}
    )
    (cd libultraship && cmake -H. -Bbuild-cmake -GNinja \
    -DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
    -DFETCHCONTENT_SOURCE_DIR_IMGUI=${imgui'.src} \
    -DFETCHCONTENT_SOURCE_DIR_STORMLIB=${stormlib'} \
    -DFETCHCONTENT_SOURCE_DIR_THREADPOOL=${thread_pool}
    )
  '';
  buildPhase = ''
    cmake --build build-cmake
  '';
  postBuild = ''
    cp ${gamecontrollerdb} ${gamecontrollerdb.name}
    pushd ../OTRExporter
    python3 ./extract_assets.py -z ../build/ZAPD/ZAPD.out --norom --xml-root ../mm/assets/xml --custom-assets-path ../mm/assets/custom --custom-otr-file 2ship.o2r --port-ver ${finalAttrs.version}
    popd
  '';
  preInstall = ''
    # Cmake likes it here for its install paths
    cp ../OTRExporter/2ship.o2r mm/
  '';
  postInstall = ''
    mkdir -p $out/bin
    ln -s $out/2s2h/2s2h.elf $out/bin/2s2h
    install -Dm644 ../mm/linux/2s2hIcon.png $out/share/pixmaps/2s2h.png
  '';
  postFixup = ''
    wrapProgram $out/2s2h/2s2h.elf --prefix PATH ":" ${lib.makeBinPath [ zenity ]}
  '';
  desktopItems = [
    (makeDesktopItem {
      name = "starship";
      icon = "starship";
      exec = "starship";
      comment = finalAttrs.meta.description;
      genericName = "Starship";
      desktopName = "starship";
      categories = [ "Game" ];
    })
  ];
  meta = {
    homepage = "https://github.com/HarbourMasters/2ship2harkinian";
    description = "A PC port of Majora's Mask with modern controls, widescreen, high-resolution, and more";
    mainProgram = "starship";
    platforms = [ "x86_64-linux" ];
    maintainers = with lib.maintainers; [ ];
    license = with lib.licenses; [
      # # OTRExporter, OTRGui, ZAPDTR, libultraship
      # mit
      # # 2 Ship 2 Harkinian
      # cc0
      # # Reverse engineering
      # unfree
    ];
  };
 })
--- a/nix/configuration/flakes/zsh-histdb/flake.lock
+++ b/nix/configuration/flakes/zsh-histdb/flake.lock
@@ -0,0 +1,61 @@
 {
  "nodes": {
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1735141468,
        "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-24.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/nix/configuration/flakes/zsh-histdb/flake.nix
+++ b/nix/configuration/flakes/zsh-histdb/flake.nix
@@ -0,0 +1,34 @@
 {
  description = "A slightly better history for zsh";
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
  inputs.flake-utils.url = "github:numtide/flake-utils";
  outputs =
    {
      self,
      nixpkgs,
      flake-utils,
      ...
    }:
    let
      out =
        system:
        let
          pkgs = nixpkgs.legacyPackages.${system};
          # Maybe pkgs = import nixpkgs { inherit system; }; ?
          appliedOverlay = self.overlays.default pkgs pkgs;
        in
        {
          packages = rec {
            default = zsh-histdb;
            zsh-histdb = appliedOverlay.zsh-histdb;
          };
        };
    in
    flake-utils.lib.eachDefaultSystem out
    // {
      overlays.default = final: prev: {
        zsh-histdb = final.callPackage ./package.nix { };
      };
    };
 }
--- a/nix/configuration/flakes/zsh-histdb/package.nix
+++ b/nix/configuration/flakes/zsh-histdb/package.nix
@@ -0,0 +1,36 @@
 # unpackPhase
 # patchPhase
 # configurePhase
 # buildPhase
 # checkPhase
 # installPhase
 # fixupPhase
 # installCheckPhase
 # distPhase
 {
  stdenv,
  pkgs,
  sqlite,
  ...
 }:
 stdenv.mkDerivation {
  name = "zsh-histdb";
  src = pkgs.fetchgit {
    url = "https://github.com/larkery/zsh-histdb.git";
    rev = "90a6c104d0fcc0410d665e148fa7da28c49684eb";
    sha256 = "sha256-vtG1poaRVbfb/wKPChk1WpPgDq+7udLqLfYfLqap4Vg=";
  };
  buildInputs = [ sqlite ];
  phases = [
    "installPhase"
  ];
  installPhase = ''
    runHook preInstall
    mkdir -p $out/share/zsh/plugins/zsh-histdb
    cp -r $src/histdb-* $src/*.zsh $src/db_migrations $out/share/zsh/plugins/zsh-histdb/
    runHook postInstall
  '';
  postInstall = ''
    substituteInPlace $out/share/zsh/plugins/zsh-histdb/sqlite-history.zsh $out/share/zsh/plugins/zsh-histdb/histdb-merge $out/share/zsh/plugins/zsh-histdb/histdb-migrate --replace-fail "sqlite3" "${sqlite}/bin/sqlite3"
  '';
 }
--- a/nix/configuration/hosts/neelix/default.nix
+++ b/nix/configuration/hosts/neelix/default.nix
@@ -0,0 +1,38 @@
 { config, pkgs, ... }:
 {
  imports = [
    ./hardware-configuration.nix
    ./disk-config.nix
    ./optimized_build.nix
    ./power_management.nix
  ];
  # Generate with `head -c4 /dev/urandom | od -A none -t x4`
  networking.hostId = "fbd233d8";
  networking.hostName = "neelix"; # Define your hostname.
  time.timeZone = "America/New_York";
  i18n.defaultLocale = "en_US.UTF-8";
  me.secureBoot.enable = false;
  # Early KMS
  boot.initrd.kernelModules = [ "i915" ];
  # Mount tmpfs at /tmp
  boot.tmp.useTmpfs = true;
  me.bluetooth.enable = true;
  me.emacs_flavor = "plainmacs";
  me.graphical = true;
  me.graphics_card_type = "intel";
  me.kodi.enable = true;
  me.lvfs.enable = true;
  me.sound.enable = true;
  me.wireguard.activated = [ "wgh" ];
  me.wireguard.deactivated = [ "wgf" ];
  me.zrepl.enable = true;
  me.zsh.enable = true;
 }
--- a/nix/configuration/hosts/neelix/disk-config.nix
+++ b/nix/configuration/hosts/neelix/disk-config.nix
@@ -0,0 +1,140 @@
 # Manual Step:
 #   Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
 #   Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
 {
  config,
  lib,
  pkgs,
  ...
 }:
 lib.mkIf (!config.me.buildingIso) {
  disko.devices = {
    disk = {
      main = {
        type = "disk";
        device = "/dev/nvme0n1";
        content = {
          type = "gpt";
          partitions = {
            ESP = {
              size = "1G";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
                mountOptions = [
                  "umask=0077"
                  "noatime"
                  "discard"
                ];
              };
            };
            zfs = {
              size = "100%";
              content = {
                type = "zfs";
                pool = "zroot";
              };
            };
          };
        };
      };
    };
    zpool = {
      zroot = {
        type = "zpool";
        # mode = "mirror";
        # Workaround: cannot import 'zroot': I/O error in disko tests
        options.cachefile = "none";
        options = {
          ashift = "12";
          compatibility = "openzfs-2.2-freebsd";
          autotrim = "on";
        };
        rootFsOptions = {
          acltype = "posixacl";
          atime = "off";
          relatime = "off";
          xattr = "sa";
          mountpoint = "none";
          compression = "lz4";
          canmount = "off";
          utf8only = "on";
          dnodesize = "auto";
          normalization = "formD";
        };
        datasets = {
          "linux/nix" = {
            type = "zfs_fs";
            options.mountpoint = "none";
          };
          "linux/nix/root" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
          };
          "linux/nix/nix" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/nix";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
            options = {
              recordsize = "1MiB";
              compression = "lz4";
            };
          };
          "linux/nix/home" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/home";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
          };
          "linux/nix/persist" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/persist";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
          };
          "linux/nix/state" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/state";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
          };
        };
      };
    };
  };
  # Make sure all persistent volumes are marked as neededForBoot
  #
  # Also mounts /home so it is mounted before the user home directories are created.
  fileSystems."/persist".neededForBoot = true;
  fileSystems."/state".neededForBoot = true;
  fileSystems."/home".neededForBoot = true;
  fileSystems."/".options = [
    "noatime"
    "norelatime"
  ];
  fileSystems."/nix".options = [
    "noatime"
    "norelatime"
  ];
  fileSystems."/persist".options = [
    "noatime"
    "norelatime"
  ];
  fileSystems."/state".options = [
    "noatime"
    "norelatime"
  ];
  fileSystems."/home".options = [
    "noatime"
    "norelatime"
  ];
 }
--- a/nix/configuration/hosts/neelix/hardware-configuration.nix
+++ b/nix/configuration/hosts/neelix/hardware-configuration.nix
@@ -0,0 +1,32 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/nix/configuration/hosts/neelix/optimized_build.nix
+++ b/nix/configuration/hosts/neelix/optimized_build.nix
@@ -0,0 +1,78 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  config = lib.mkMerge [
    { }
    (lib.mkIf (!config.me.buildingIso) {
      nix.settings.system-features = lib.mkForce [
        "gccarch-alderlake"
        "gccarch-x86-64-v3"
        "benchmark"
        "big-parallel"
        "kvm"
        "nixos-test"
      ];
      # nixpkgs.hostPlatform = {
      #   gcc.arch = "alderlake";
      #   gcc.tune = "alderlake";
      #   system = "x86_64-linux";
      # };
      nixpkgs.overlays = [
        (
          self: super:
          let
            optimizeWithFlags =
              pkg: flags:
              pkg.overrideAttrs (old: {
                NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
              });
            addConfig =
              additionalConfig: pkg:
              pkg.override (oldconfig: {
                structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
              });
          in
          {
            linux_alderlake =
              addConfig
                {
                  # Full preemption
                  PREEMPT = lib.mkOverride 60 lib.kernel.yes;
                  PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
                  # Google's BBRv3 TCP congestion Control
                  TCP_CONG_BBR = lib.kernel.yes;
                  DEFAULT_BBR = lib.kernel.yes;
                  # Preemptive Full Tickless Kernel at 300Hz
                  HZ = lib.kernel.freeform "300";
                  HZ_300 = lib.kernel.yes;
                  HZ_1000 = lib.kernel.no;
                }
                (
                  optimizeWithFlags super.linux_6_12 [
                    "-march=alderlake"
                    "-mtune=alderlake"
                  ]
                );
          }
        )
      ];
      boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_alderlake;
    })
    (lib.mkIf (config.me.buildingIso) {
      boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
      boot.supportedFilesystems = [ "zfs" ];
    })
  ];
 }
--- a/nix/configuration/hosts/neelix/power_management.nix
+++ b/nix/configuration/hosts/neelix/power_management.nix
@@ -0,0 +1,35 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  environment.systemPackages = with pkgs; [
    powertop
  ];
  # pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
  # nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
  boot.kernelParams = [
    "pcie_aspm=force"
    # "pcie_aspm.policy=powersupersave"
    "nowatchdog"
  ];
  # default performance balance_performance balance_power power
  # defaults to balance_performance
  # systemd.tmpfiles.rules = [
  #   "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
  #   "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
  #   "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
  #   "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
  # ];
  boot.extraModprobeConfig = ''
    options snd_hda_intel power_save=1
  '';
 }
--- a/nix/configuration/hosts/odo/default.nix
+++ b/nix/configuration/hosts/odo/default.nix
@@ -0,0 +1,75 @@
 { config, pkgs, ... }:
 {
  imports = [
    ./hardware-configuration.nix
    ./disk-config.nix
    ./optimized_build.nix
    ./power_management.nix
    ./screen_brightness.nix
    ./wifi.nix
  ];
  # Generate with `head -c4 /dev/urandom | od -A none -t x4`
  networking.hostId = "908cbf04";
  networking.hostName = "odo"; # Define your hostname.
  time.timeZone = "America/New_York";
  i18n.defaultLocale = "en_US.UTF-8";
  me.secureBoot.enable = true;
  # Early KMS
  boot.initrd.kernelModules = [ "amdgpu" ];
  # Mount tmpfs at /tmp
  boot.tmp.useTmpfs = true;
  environment.systemPackages = with pkgs; [
    fw-ectool
  ];
  me.alacritty.enable = true;
  me.ansible.enable = true;
  me.ares.enable = true;
  me.bluetooth.enable = true;
  me.chromecast.enable = true;
  me.chromium.enable = true;
  me.docker.enable = true;
  me.emacs_flavor = "full";
  me.firefox.enable = true;
  me.git.config = ../../roles/git/files/gitconfig_home;
  me.gpg.enable = true;
  me.graphical = true;
  me.graphics_card_type = "amd";
  me.kanshi.enable = true;
  me.kubernetes.enable = true;
  me.latex.enable = true;
  me.launch_keyboard.enable = true;
  me.lvfs.enable = true;
  me.media.enable = true;
  me.nix_index.enable = true;
  me.python.enable = true;
  me.qemu.enable = true;
  me.rust.enable = true;
  me.sound.enable = true;
  me.steam.enable = true;
  me.sway.enable = true;
  me.terraform.enable = true;
  me.vnc_client.enable = true;
  me.vscode.enable = true;
  me.wasm.enable = true;
  me.waybar.enable = true;
  me.wireguard.activated = [
    "drmario"
    "wgh"
    "colo"
  ];
  me.wireguard.deactivated = [ "wgf" ];
  me.zrepl.enable = true;
  me.zsh.enable = true;
  me.sm64ex.enable = true;
  me.shipwright.enable = true;
  me.ship2harkinian.enable = true;
 }
--- a/nix/configuration/hosts/odo/disk-config.nix
+++ b/nix/configuration/hosts/odo/disk-config.nix
@@ -0,0 +1,148 @@
 # Manual Step:
 #   Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
 #   Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
 {
  config,
  lib,
  pkgs,
  ...
 }:
 lib.mkIf (!config.me.buildingIso) {
  disko.devices = {
    disk = {
      main = {
        type = "disk";
        device = "/dev/nvme0n1";
        content = {
          type = "gpt";
          partitions = {
            ESP = {
              size = "1G";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
                mountOptions = [
                  "umask=0077"
                  "noatime"
                  "discard"
                ];
              };
            };
            zfs = {
              size = "100%";
              content = {
                type = "zfs";
                pool = "zroot";
              };
            };
          };
        };
      };
    };
    zpool = {
      zroot = {
        type = "zpool";
        # mode = "mirror";
        # Workaround: cannot import 'zroot': I/O error in disko tests
        options.cachefile = "none";
        options = {
          ashift = "12";
          compatibility = "openzfs-2.2-freebsd";
          autotrim = "on";
        };
        rootFsOptions = {
          acltype = "posixacl";
          atime = "off";
          relatime = "off";
          xattr = "sa";
          mountpoint = "none";
          compression = "lz4";
          canmount = "off";
          utf8only = "on";
          dnodesize = "auto";
          normalization = "formD";
        };
        datasets = {
          "linux/nix" = {
            type = "zfs_fs";
            options.mountpoint = "none";
            options = {
              encryption = "aes-256-gcm";
              keyformat = "passphrase";
              # keylocation = "file:///tmp/secret.key";
            };
          };
          "linux/nix/root" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
          };
          "linux/nix/nix" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/nix";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
            options = {
              recordsize = "16MiB";
              compression = "zstd-19";
            };
          };
          "linux/nix/home" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/home";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
          };
          "linux/nix/persist" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/persist";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
          };
          "linux/nix/state" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/state";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
          };
        };
      };
    };
  };
  # Make sure all persistent volumes are marked as neededForBoot
  #
  # Also mounts /home so it is mounted before the user home directories are created.
  fileSystems."/persist".neededForBoot = true;
  fileSystems."/state".neededForBoot = true;
  fileSystems."/home".neededForBoot = true;
  fileSystems."/".options = [
    "noatime"
    "norelatime"
  ];
  fileSystems."/nix".options = [
    "noatime"
    "norelatime"
  ];
  fileSystems."/persist".options = [
    "noatime"
    "norelatime"
  ];
  fileSystems."/state".options = [
    "noatime"
    "norelatime"
  ];
  fileSystems."/home".options = [
    "noatime"
    "norelatime"
  ];
  # Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
  boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
 }
--- a/nix/configuration/hosts/odo/hardware-configuration.nix
+++ b/nix/configuration/hosts/odo/hardware-configuration.nix
@@ -0,0 +1,36 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot.initrd.availableKernelModules = [
    "nvme"
    "xhci_pci"
    "thunderbolt"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/nix/configuration/hosts/odo/optimized_build.nix
+++ b/nix/configuration/hosts/odo/optimized_build.nix
@@ -0,0 +1,81 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  config = lib.mkMerge [
    { }
    (lib.mkIf (!config.me.buildingIso) {
      nix.settings.system-features = lib.mkForce [
        "gccarch-znver4"
        "gccarch-skylake"
        # "gccarch-alderlake" missing WAITPKG
        "gccarch-x86-64-v3"
        "gccarch-x86-64-v4"
        "benchmark"
        "big-parallel"
        "kvm"
        "nixos-test"
      ];
      # nixpkgs.hostPlatform = {
      #   gcc.arch = "znver4";
      #   gcc.tune = "znver4";
      #   system = "x86_64-linux";
      # };
      nixpkgs.overlays = [
        (
          self: super:
          let
            optimizeWithFlags =
              pkg: flags:
              pkg.overrideAttrs (old: {
                NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
              });
            addConfig =
              additionalConfig: pkg:
              pkg.override (oldconfig: {
                structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
              });
          in
          {
            linux_znver4 =
              addConfig
                {
                  # Full preemption
                  PREEMPT = lib.mkOverride 60 lib.kernel.yes;
                  PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
                  # Google's BBRv3 TCP congestion Control
                  TCP_CONG_BBR = lib.kernel.yes;
                  DEFAULT_BBR = lib.kernel.yes;
                  # Preemptive Full Tickless Kernel at 300Hz
                  HZ = lib.kernel.freeform "300";
                  HZ_300 = lib.kernel.yes;
                  HZ_1000 = lib.kernel.no;
                }
                (
                  optimizeWithFlags super.linux_6_12 [
                    "-march=znver4"
                    "-mtune=znver4"
                  ]
                );
          }
        )
      ];
      boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_znver4;
    })
    (lib.mkIf (config.me.buildingIso) {
      boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
      boot.supportedFilesystems.zfs = true;
    })
  ];
 }
--- a/nix/configuration/hosts/odo/power_management.nix
+++ b/nix/configuration/hosts/odo/power_management.nix
@@ -0,0 +1,59 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  environment.systemPackages = with pkgs; [
    powertop
  ];
  # amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction.
  # pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
  # nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
  # amd_pstate=passive :: Fully automated hardware pstate control.
  # amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency.
  # amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
  # amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
  boot.kernelParams = [
    "amdgpu.abmlevel=3"
    "pcie_aspm=force"
    # "pcie_aspm.policy=powersupersave"
    "nowatchdog"
    # I don't see a measurable benefit from these two:
    # "cpufreq.default_governor=powersave"
    # "initcall_blacklist=cpufreq_gov_userspace_init"
  ];
  systemd.tmpfiles.rules = [
    "w- /sys/firmware/acpi/platform_profile - - - - low-power"
    "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
  ];
  boot.extraModprobeConfig = ''
    # Disable the hardware watchdog inside AMD 700 chipset series for power savings.
    blacklist sp5100_tco
    # Sound power-saving was causing chat notifications to be inaudible.
    # options snd_hda_intel power_save=1
  '';
 }
--- a/nix/configuration/hosts/odo/screen_brightness.nix
+++ b/nix/configuration/hosts/odo/screen_brightness.nix
@@ -0,0 +1,14 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  systemd.tmpfiles.rules = [
    "w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 85"
  ];
 }
--- a/nix/configuration/hosts/odo/wifi.nix
+++ b/nix/configuration/hosts/odo/wifi.nix
@@ -0,0 +1,21 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  config = {
    environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
      doas iw dev wlan0 set power_save off
    '';
    # Enable debug logging for ath12k wifi card.
    boot.kernelParams = [
      "ath12k.debug_mask=0xffffffff"
    ];
  };
 }
--- a/nix/configuration/roles/2ship2harkinian/default.nix
+++ b/nix/configuration/roles/2ship2harkinian/default.nix
@@ -0,0 +1,48 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    ship2harkinian.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install 2ship2harkinian.";
    };
  };
  config = lib.mkIf config.me.ship2harkinian.enable (
    lib.mkMerge [
      {
        allowedUnfree = [ "2ship2harkinian" ];
      }
      (lib.mkIf config.me.graphical {
        environment.systemPackages = with pkgs; [
          _2ship2harkinian
        ];
        # TODO perhaps install ~/.local/share/2ship/2ship2harkinian.json
        environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
          hideMounts = true;
          users.talexander = {
            directories = [
              {
                directory = ".local/share/2ship";
                user = "talexander";
                group = "talexander";
                mode = "0755";
              }
            ];
          };
        };
      })
    ]
  );
 }
--- a/nix/configuration/roles/alacritty/default.nix
+++ b/nix/configuration/roles/alacritty/default.nix
@@ -0,0 +1,38 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    alacritty.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install alacritty.";
    };
  };
  config = lib.mkIf config.me.alacritty.enable (
    lib.mkMerge [
      (lib.mkIf config.me.graphical {
        environment.systemPackages = with pkgs; [
          alacritty
          xdg-utils # for xdg-open
        ];
        home-manager.users.talexander =
          { pkgs, ... }:
          {
            home.file.".config/alacritty/alacritty.toml" = {
              source = ./files/alacritty.toml;
            };
          };
      })
    ]
  );
 }
--- a/nix/configuration/roles/alacritty/files/alacritty.toml
+++ b/nix/configuration/roles/alacritty/files/alacritty.toml
@@ -0,0 +1,44 @@
 [colors]
 draw_bold_text_with_bright_colors = true
 indexed_colors = []
 [colors.bright]
 black = "0x666666"
 blue = "0x7aa6da"
 cyan = "0x54ced6"
 green = "0x9ec400"
 magenta = "0xb77ee0"
 red = "0xff3334"
 white = "0xffffff"
 yellow = "0xe7c547"
 [colors.normal]
 black = "0x000000"
 blue = "0x7aa6da"
 cyan = "0x70c0ba"
 green = "0xb9ca4a"
 magenta = "0xc397d8"
 red = "0xd54e53"
 white = "0xeaeaea"
 yellow = "0xe6c547"
 [colors.primary]
 background = "0x000000"
 foreground = "0xeaeaea"
 [font]
 size = 11.0
 [[hints.enabled]]
 command = "xdg-open"
 post_processing = true
 regex = "(ipfs:|ipns:|magnet:|mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)[^\u0000-\u001F\u007F-<>\"\\s{-}\\^⟨⟩`]+"
 [hints.enabled.mouse]
 enabled = false
 mods = "None"
 [scrolling]
 history = 10000
 # Lines moved per scroll.
 multiplier = 3
--- a/nix/configuration/roles/ansible/default.nix
+++ b/nix/configuration/roles/ansible/default.nix
@@ -0,0 +1,86 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    ansible.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install ansible.";
    };
  };
  config = lib.mkIf config.me.ansible.enable (
    lib.mkMerge [
      {
        environment.systemPackages = with pkgs; [
          ansible
        ];
        nixpkgs.overlays = [
          (final: prev: {
            ansible = pkgs.symlinkJoin {
              name = "ansible";
              paths = [
                (prev.ansible.overridePythonAttrs {
                  propagatedBuildInputs = prev.ansible.propagatedBuildInputs ++ [ prev.python3Packages.jmespath ];
                })
                pkgs.ansible-sshjail
              ];
              buildInputs = [ pkgs.makeWrapper ];
              postBuild = ''
                ${lib.concatMapStringsSep "\n"
                  (
                    prog:
                    (
                      "wrapProgram $out/bin/${prog} ${
                        lib.concatMapStringsSep " "
                          (
                            plugin_type:
                            "--set ANSIBLE_${lib.toUpper plugin_type}_PLUGINS $out/share/ansible/plugins/${lib.toLower plugin_type}_plugins"
                          )
                          [
                            "action"
                            "cache"
                            "callback"
                            "connection"
                            "filter"
                            "inventory"
                            "lookup"
                            "shell"
                            "strategy"
                            "test"
                            "vars"
                          ]
                      } --prefix PATH : ${lib.makeBinPath [ ]}"
                    )
                  )
                  [
                    "ansible"
                    "ansible-config"
                    "ansible-console"
                    "ansible-doc"
                    "ansible-galaxy"
                    "ansible-inventory"
                    "ansible-playbook"
                    "ansible-pull"
                    "ansible-test"
                    "ansible-vault"
                  ]
                }
              '';
            };
          })
        ];
      }
    ]
  );
 }
--- a/nix/configuration/roles/ares/default.nix
+++ b/nix/configuration/roles/ares/default.nix
@@ -0,0 +1,44 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    ares.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install ares.";
    };
  };
  config = lib.mkIf config.me.ares.enable (
    lib.mkMerge [
      { }
      (lib.mkIf config.me.graphical {
        environment.systemPackages = with pkgs; [
          ares
        ];
        environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
          hideMounts = true;
          users.talexander = {
            directories = [
              {
                directory = ".local/share/ares";
                user = "talexander";
                group = "talexander";
                mode = "0755";
              }
            ];
          };
        };
      })
    ]
  );
 }
--- a/nix/configuration/roles/blank/default.nix
+++ b/nix/configuration/roles/blank/default.nix
@@ -0,0 +1,30 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    blank.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install blank.";
    };
  };
  config = lib.mkIf config.me.blank.enable (
    lib.mkMerge [
      {
        environment.systemPackages = with pkgs; [
        ];
      }
      (lib.mkIf config.me.graphical {
      })
    ]
  );
 }
--- a/nix/configuration/roles/bluetooth/default.nix
+++ b/nix/configuration/roles/bluetooth/default.nix
@@ -0,0 +1,46 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    bluetooth.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install bluetooth.";
    };
  };
  config = lib.mkIf config.me.bluetooth.enable (
    lib.mkMerge [
      {
        environment.systemPackages = with pkgs; [
        ];
        hardware.bluetooth = {
          enable = true;
          powerOnBoot = true;
          settings = {
            General = {
              # Enable support for showing battery charge level.
              Experimental = true;
            };
          };
        };
        environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
          hideMounts = true;
          directories = [
            "/var/lib/bluetooth" # Bluetooth pairing information.
          ];
        };
      }
    ]
  );
 }
--- a/nix/configuration/roles/boot/default.nix
+++ b/nix/configuration/roles/boot/default.nix
@@ -0,0 +1,105 @@
 # ISO does not work with systemd initrd yet https://github.com/NixOS/nixpkgs/pull/291750
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options = {
    me.secureBoot = {
      enable = lib.mkOption {
        default = false;
        type = lib.types.bool;
        description = ''
          Enable to use secure boot.
        '';
      };
    };
  };
  config = lib.mkMerge [
    {
      environment.systemPackages = with pkgs; [
        tpm2-tools # For tpm2_eventlog to check for OptionRoms
        # cp /sys/kernel/security/tpm0/binary_bios_measurements eventlog
        # tpm2_eventlog eventlog | grep "BOOT_SERVICES_DRIVER"
        sbctl # For debugging and troubleshooting Secure Boot.
      ];
    }
    (lib.mkIf (!config.me.buildingIso) {
      boot.loader.grub.enable = false;
      # Use the systemd-boot EFI boot loader.
      boot.loader.systemd-boot.enable = true;
      # TODO: make not write bootx64.efi
      boot.loader.efi.canTouchEfiVariables = false;
      # Automatically delete old generations
      boot.loader.systemd-boot.configurationLimit = 3;
      boot.loader.systemd-boot.memtest86.enable = true;
      # Check what will be lost with `zfs diff zroot/linux/root@blank`
      boot.initrd.systemd.enable = lib.mkDefault true;
      boot.initrd.systemd.services.zfs-rollback = {
        description = "Rollback ZFS root dataset to blank snapshot";
        wantedBy = [
          "initrd.target"
        ];
        after = [
          "zfs-import-zroot.service"
        ];
        before = [
          "sysroot.mount"
        ];
        path = with pkgs; [
          zfs
        ];
        unitConfig.DefaultDependencies = "no";
        serviceConfig.Type = "oneshot";
        script = ''
          zfs rollback -r zroot/linux/nix/root@blank
          zfs rollback -r zroot/linux/nix/home@blank
          echo "rollback complete"
        '';
      };
      # boot.loader.systemd-boot.extraEntries = {
      #   "windows.conf" = ''
      #     title Windows
      #     efi /EFI/Microsoft/Boot/bootmgfw.efi
      #     options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa
      #   '';
      # };
    })
    (lib.mkIf (config.me.secureBoot.enable) {
      environment.systemPackages = with pkgs; [
        sbctl
      ];
      boot.loader.systemd-boot.enable = lib.mkForce false;
      boot.lanzaboote = {
        enable = true;
        pkiBundle = "/var/lib/sbctl";
      };
      environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
        hideMounts = true;
        directories = [
          "/var/lib/sbctl" # Secure Boot Keys
        ];
      };
    })
  ];
 }
 # efibootmgr -c -d /dev/sda -p 1 -L NixOS-boot -l '\EFI\NixOS-boot\grubx64.efi'
 # Text-only:
 # sudo cp "$(nix-build '<nixpkgs>' --no-out-link -A 'refind')/share/refind/refind_x64.efi" /boot/EFI/boot/bootx64.efi
 # Full graphics:
 # $ sudo nix-shell -p refind efibootmgr
 # $ refind-install
--- a/nix/configuration/roles/chromecast/default.nix
+++ b/nix/configuration/roles/chromecast/default.nix
@@ -0,0 +1,31 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    chromecast.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install chromecast.";
    };
  };
  config = lib.mkIf config.me.chromecast.enable (
    lib.mkMerge [
      {
        environment.systemPackages = with pkgs; [
          catt
        ];
      }
      (lib.mkIf config.me.graphical {
      })
    ]
  );
 }
--- a/nix/configuration/roles/chromium/default.nix
+++ b/nix/configuration/roles/chromium/default.nix
@@ -0,0 +1,65 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    chromium.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install chromium.";
    };
  };
  config = lib.mkIf config.me.chromium.enable (
    lib.mkMerge [
      { }
      (lib.mkIf config.me.graphical {
        environment.systemPackages = with pkgs; [
          (chromium.override { enableWideVine = true; })
        ];
        allowedUnfree = [
          "chromium"
          "chromium-unwrapped"
          "widevine-cdm"
        ];
        environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
          hideMounts = true;
          users.talexander = {
            directories = [
              {
                directory = ".config/chromium";
                user = "talexander";
                group = "talexander";
                mode = "0700";
              }
            ];
          };
        };
        environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
          hideMounts = true;
          users.talexander = {
            directories = [
              {
                directory = ".cache/chromium";
                user = "talexander";
                group = "talexander";
                mode = "0700";
              }
            ];
          };
        };
        # Enabling vulkan causes video to render as white
        # nixpkgs.config.chromium.commandLineArgs = "--enable-features=Vulkan";
      })
    ]
  );
 }
--- a/nix/configuration/roles/docker/default.nix
+++ b/nix/configuration/roles/docker/default.nix
@@ -0,0 +1,64 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    docker.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install docker.";
    };
  };
  config = lib.mkIf config.me.docker.enable (
    lib.mkMerge [
      {
        virtualisation.docker.enable = true;
        # Use docker activation
        virtualisation.docker.enableOnBoot = false;
        # Rootless docker breaks access to ssh for buildkit.
        # virtualisation.docker.rootless = {
        #   enable = true;
        #   setSocketVariable = true;
        # };
        # Give docker access to ssh for fetching repos with buildkit.
        virtualisation.docker.extraPackages = [ pkgs.openssh ];
        environment.systemPackages = with pkgs; [
          docker-buildx
        ];
        environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
          hideMounts = true;
          directories = [
            {
              directory = "/var/lib/docker";
              user = "root";
              group = "root";
              mode = "0740";
            }
          ];
          # users.talexander = {
          #   directories = [
          #     {
          #       directory = ".local/share/docker";
          #       user = "talexander";
          #       group = "talexander";
          #       mode = "0740";
          #     }
          #   ];
          # };
        };
        # Needed for non-rootless docker
        users.users.talexander.extraGroups = [ "docker" ];
      }
    ]
  );
 }
--- a/nix/configuration/roles/emacs/default.nix
+++ b/nix/configuration/roles/emacs/default.nix
@@ -0,0 +1,167 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 let
  plainmacs =
    emacs_package:
    pkgs.writeShellScriptBin "plainmacs" ''
      INIT_SCRIPT=$(cat <<EOF
      (progn
        (setq make-backup-files nil auto-save-default nil create-lockfiles nil)
        (load-theme 'tango-dark t)
        (set-face-attribute 'default nil :background "black")
        ;; Bright yellow highlighting for selected region
        (set-face-attribute 'region nil :background "#ffff50" :foreground "black")
        ;; Bright green cursor to distinguish from yellow region
        (set-cursor-color "#ccff66")
        ;; Hightlight the current line
        (set-face-attribute 'line-number-current-line nil :foreground "white")
        ;; Set default font
        (set-face-attribute 'default nil :height 100 :width 'regular :weight 'regular :family "Cascadia Mono")
        ;; Set fallback font for unicode glyphs
        (when (display-graphic-p)
          (set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji")))
        (menu-bar-mode -1)
        (when (fboundp 'tool-bar-mode)
          (tool-bar-mode -1))
        (when (  fboundp 'scroll-bar-mode)
          (scroll-bar-mode -1))
        (pixel-scroll-precision-mode)
        (setq frame-resize-pixelwise t)
        )
      EOF
      )
      exec ${emacs_package}/bin/emacs -q --eval "$INIT_SCRIPT" "''${@}"
    '';
  e_shorthand =
    emacs_package:
    pkgs.writeShellScriptBin "e" ''
      exec ${emacs_package}/bin/emacs "''${@}"
    '';
 in
 {
  imports = [ ];
  options.me.emacs_flavor = lib.mkOption {
    type = lib.types.nullOr (
      lib.types.enum [
        "full"
        "plainmacs"
      ]
    );
    default = null;
    example = "full";
    description = "What flavor of emacs to set up.";
  };
  config = lib.mkIf (config.me.emacs_flavor != null) (
    lib.mkMerge [
      {
        environment.systemPackages = with pkgs; [
          my_emacs
          (plainmacs my_emacs)
          (e_shorthand my_emacs)
        ];
        environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
          hideMounts = true;
          users.talexander = {
            directories = [
              ".config/emacs/eln-cache" # Installed packages
              ".config/emacs/elpa" # Installed packages
              ".config/emacs/private" # For recentf
              ".config/emacs/tree-sitter" # Compiled tree-sitter grammars
            ];
            files = [
              ".config/emacs/history" # For savehist
              ".config/emacs/.last-package-update-day" # For use-package
            ];
          };
        };
        environment.variables.EDITOR = "plainmacs";
      }
      (lib.mkIf (config.me.graphical) {
        nixpkgs.overlays = [
          (final: prev: {
            my_emacs = final.emacs29-pgtk;
          })
        ];
      })
      (lib.mkIf (!config.me.graphical) {
        nixpkgs.overlays = [
          (final: prev: {
            my_emacs = final.emacs-nox;
          })
        ];
      })
      (lib.mkIf (config.me.emacs_flavor == "full") {
        nixpkgs.overlays = [
          (final: prev: {
            my_emacs = pkgs.buildEnv {
              name = prev.my_emacs.name;
              paths = with prev; [
                my_emacs
              ];
              extraOutputsToInstall = [
                "man"
                "doc"
                "info"
              ];
              buildInputs = [ final.makeWrapper ];
              postBuild = ''
                wrapProgram $out/bin/emacs --prefix PATH : ${
                  lib.makeBinPath [
                    (final.aspellWithDicts (
                      dicts: with dicts; [
                        en
                        en-computers
                      ]
                    ))
                    final.nixd # nix language server
                    final.nixfmt-rfc-style # auto-formatting nix files through nixd
                    final.clang # To compile tree-sitter grammars
                    final.shellcheck
                    final.cmake-language-server
                    final.cmake # Used by cmake-language-server
                  ]
                }
              '';
            };
          })
        ];
        home-manager.users.talexander =
          { pkgs, ... }:
          {
            home.file.".config/emacs" = {
              source = ./files/emacs;
              recursive = true;
            };
          };
      })
      (lib.mkIf (config.me.emacs_flavor == "plainmacs") {
        nixpkgs.overlays = [
          (final: prev: {
            my_emacs = pkgs.buildEnv {
              name = prev.my_emacs.name;
              paths = with prev; [
                my_emacs
              ];
              extraOutputsToInstall = [
                "man"
                "doc"
                "info"
              ];
            };
          })
        ];
      })
    ]
  );
 }
--- a/nix/configuration/roles/emacs/files/emacs/early-init.el
+++ b/nix/configuration/roles/emacs/files/emacs/early-init.el
@@ -0,0 +1,25 @@
 (setq gc-cons-threshold (* 128 1024 1024)) ;; 128MiB Increase garbage collection threshold for performance (default 800000)
 ;; Increase amount of data read from processes, default 4k
 (when (version<= "27.0" emacs-version)
  (setq read-process-output-max (* 10 1024 1024)) ;; 10MiB
  )
 ;; Suppress warnings
 (setq byte-compile-warnings '(not obsolete))
 (setq warning-suppress-log-types '((comp) (bytecomp)))
 (setq native-comp-async-report-warnings-errors 'silent)
 ;; Set up default visual settings
 (setq frame-resize-pixelwise t)
 ;; Disable toolbar & menubar
 (menu-bar-mode -1)
 (when (fboundp 'tool-bar-mode)
  (tool-bar-mode -1))
 (when (display-graphic-p)
  (context-menu-mode +1))
 (setq default-frame-alist '((fullscreen . maximized)
                            (vertical-scroll-bars . nil)
                            (horizontal-scroll-bars . nil)
                            ;; Set dark colors in early-init to prevent flashes of white.
                            (background-color . "#000000")))
--- a/nix/configuration/roles/emacs/files/emacs/elisp/base-extensions.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/base-extensions.el
@@ -0,0 +1,86 @@
 (use-package diminish)
 ;; Eglot recommends pulling the latest of the standard libraries it
 ;; uses from ELPA if you're not tracking the current.config/emacsevelopment
 ;; branch.
 (use-package xref
  :pin gnu
  )
 (use-package eldoc
  :pin gnu
  :diminish
  )
 ;; Other packages
 (use-package emacs
  :config
  (setq enable-recursive-minibuffers t)
  ;; Filter the M-x list base on the current mode
  (setq read-extended-command-predicate #'command-completion-default-include-p)
  ;; Enable triggering completion with the tab key.
  (setq tab-always-indent 'complete)
  )
 (use-package dashboard
  :config
  (dashboard-setup-startup-hook))
 (when (version<= "26.0.50" emacs-version )
  (add-hook 'prog-mode-hook 'display-line-numbers-mode)
  (add-hook 'prog-mode-hook 'column-number-mode)
  )
 ;; Display a horizontal line instead of ^L for page break characters
 (use-package page-break-lines
  :diminish
  :config
  (global-page-break-lines-mode +1)
  )
 (use-package recentf
  ;; This is an emacs built-in but we're pulling the latest version
  :config
  (setq recentf-max-saved-items 100)
  (setq recentf-save-file (recentf-expand-file-name "~/.config/emacs/private/cache/recentf"))
  (recentf-mode 1))
 ;; Persist history over Emacs restarts. Vertico sorts by history position.
 (use-package savehist
  ;; This is an emacs built-in but we're pulling the latest version
  :config
  (savehist-mode))
 (use-package which-key
  :diminish
  :config
  (which-key-mode))
 (use-package windmove
  :config
  (windmove-default-keybindings))
 (setq tramp-default-method "ssh")
 (use-package nginx-mode
  :mode (
         ("headers\\.include\\'" . nginx-mode)
         )
  :config
  (setq nginx-indent-level 4))
 (use-package systemd
  :mode
  (("\\.service\\'" . systemd-mode)
   ("\\.timer\\'" . systemd-mode))
  )
 (use-package pkgbuild-mode
  :mode
  (("PKGBUILD\\'" . pkgbuild-mode))
  )
 (provide 'base-extensions)
--- a/nix/configuration/roles/emacs/files/emacs/elisp/base-functions.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/base-functions.el
@@ -0,0 +1,127 @@
 ;; ========== Function to reload current file =================
 (defun reload-file ()
    "Revert buffer without confirmation."
    (interactive)
    (revert-buffer :ignore-auto :noconfirm))
 ;; ===========================================================
 ;; ============= Run commands ================================
 (defun run-command-on-buffer (cmd &rest args)
  "Run a command using the current buffer as stdin and replacing its contents if the command succeeds with the stdout from the command. This is useful for code formatters."
  (let (
        (stdout-buffer (generate-new-buffer "tmp-stdout" t))
        (full-cmd (append '(call-process-region nil nil cmd nil stdout-buffer nil) args))
        )
    (unwind-protect
        (let ((exit-status (eval full-cmd)))
          (if (eq exit-status 0)
              (save-excursion
                (replace-buffer-contents stdout-buffer)
                )
            (message "FAILED running command on buffer %s" (append (list cmd) args))
            )
          )
      (kill-buffer stdout-buffer)
      )
    )
  )
 (defun run-command-in-directory (dir cmd &rest args)
  "Run a command in the specified directory. If the directory is nil, the directory of the file is used. The stdout result is trimmed of whitespace and returned."
  (let (
        (default-directory (or dir default-directory))
        (stdout-buffer (generate-new-buffer "tmp-stdout" t))
        (full-cmd (append '(call-process cmd nil (list stdout-buffer nil) nil) args))
        )
    (unwind-protect
        (let ((exit-status (condition-case nil (eval full-cmd) (file-missing nil))))
          (if (eq exit-status 0)
              (progn
                (with-current-buffer stdout-buffer
                  (string-trim (buffer-string))
                  )
                )
            )
          )
      (kill-buffer stdout-buffer)
      )
    )
  )
 (defun load-directory (dir)
  (let ((load-it (lambda (f)
                   (load-file (concat (file-name-as-directory dir) f)))
                 ))
    (mapc load-it (directory-files dir nil "\\.el$"))))
 (defun generate-vc-link ()
  (interactive)
  (or
   (generate-github-link)
   (generate-source-hut-link)
   )
  )
 (defun generate-github-link ()
  "Generate a permalink to the current line."
  (interactive)
  (let (
        (current-rev (vc-working-revision buffer-file-name))
        (line-number (line-number-at-pos))
        (repository-url (vc-git-repository-url buffer-file-name))
        (relative-path (file-relative-name buffer-file-name (vc-root-dir)))
        )
    (save-match-data
      (and (string-match "\\(git@github\.com:\\|https://github\.com/\\)\\([^/]+\\)/\\([^.]+\\).git" repository-url)
           (let* (
                 (gh-org (match-string 2 repository-url))
                 (gh-repo (match-string 3 repository-url))
                 (full-url (format "https://github.com/%s/%s/blob/%s/%s?plain=1#L%s" gh-org gh-repo current-rev relative-path line-number))
                 )
             (message "%s" full-url)
             (kill-new full-url)
             t
             )
           )
      )
    )
  )
 (defun generate-source-hut-link ()
  "Generate a permalink to the current line."
  (interactive)
  (let (
        (current-rev (vc-working-revision buffer-file-name))
        (line-number (line-number-at-pos))
        (repository-url (vc-git-repository-url buffer-file-name))
        (relative-path (file-relative-name buffer-file-name (vc-root-dir)))
        )
    (message "Using repo url %s" repository-url)
    (save-match-data
      (and (string-match "https://git.sr.ht/\\([^/]+\\)/\\([^/]+\\)" repository-url)
           (let* (
                 (sh-org (match-string 1 repository-url))
                 (sh-repo (match-string 2 repository-url))
                 (full-url (format "https://git.sr.ht/%s/%s/tree/%s/%s#L%s" sh-org sh-repo current-rev relative-path line-number))
                 )
             (message "%s" full-url)
             (kill-new full-url)
             t
             )
           )
      )
    )
  )
 (defmacro when-linux (&rest body)
  "Execute only when on Linux."
  (declare (indent defun))
  `(when (eq system-type 'gnu/linux) ,@body))
 (defmacro when-freebsd (&rest body)
  "Execute only when on FreeBSD."
  (declare (indent defun))
  `(when (eq system-type 'berkeley-unix) ,@body))
 (provide 'base-functions)
--- a/nix/configuration/roles/emacs/files/emacs/elisp/base-global-keys.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/base-global-keys.el
@@ -0,0 +1,12 @@
 ;; Add your keys here, as such
 ;; Disable the suspend frame hotkeys
 (global-unset-key (kbd "C-z"))
 (global-unset-key (kbd "C-x C-z"))
 ;; dabbrev-expand. Seems to be some sort of dumb-expand. Accidentally hitting it when trying to use M-?
 (global-unset-key (kbd "M-/"))
 (global-set-key (kbd "C-x g l") 'generate-vc-link)
 (provide 'base-global-keys)
--- a/nix/configuration/roles/emacs/files/emacs/elisp/base-theme.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/base-theme.el
@@ -0,0 +1,15 @@
 ;; Set theme
 (load-theme 'tango-dark t)
 (set-face-attribute 'default nil :background "black")
 ;; Bright yellow highlighting for selected region
 (set-face-attribute 'region nil :background "#ffff50" :foreground "black")
 ;; Bright green cursor to distinguish from yellow region
 (set-face-attribute 'cursor nil :background "#ccff66")
 ;; Hightlight the current line
 (set-face-attribute 'line-number-current-line nil :foreground "white")
 ;; Set default font
 (set-face-attribute 'default nil :height 100 :width 'regular :weight 'regular :family "Cascadia Mono")
 ;; Set fallback font for unicode glyphs
 (set-fontset-font t 'emoji (font-spec :name "Noto Color Emoji") nil 'prepend)
 (provide 'base-theme)
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Tom Alexander	9513882870	Still not working.	2025-01-27 20:38:45 -05:00
Tom Alexander	71a6843b37	Same issue with package based on 2ship2harkinian.	2025-01-27 19:26:38 -05:00
Tom Alexander	7d9d1ca80e	Add a package for starship (Star Fox 64).	2025-01-27 19:26:38 -05:00
Tom Alexander	2f2d33296b	Persist ares data.	2025-01-26 19:04:17 -05:00
Tom Alexander	2c1cf54de0	Update packages.	2025-01-26 18:55:53 -05:00
Tom Alexander	65be133ffe	Update lanzaboote.	2025-01-26 16:57:18 -05:00
Tom Alexander	ee47c3cfa3	Enable debugging on ath12k.	2025-01-26 10:11:53 -05:00
Tom Alexander	ff8bb0653b	Enable bluetooth on odo.	2025-01-25 21:28:14 -05:00
Tom Alexander	ff98873b32	Persist save data for ship of harkinian and 2ship2harkinian.	2025-01-25 21:22:55 -05:00
Tom Alexander	67ad4e2dff	Persist sm64ex save data.	2025-01-25 20:47:48 -05:00
Tom Alexander	60452b0aeb	Persist the nix-index index.	2025-01-25 20:22:41 -05:00
Tom Alexander	e043320e5c	Clean up experiments in the gpg role.	2025-01-25 19:35:05 -05:00
Tom Alexander	2f8c4fbfe8	Disable verbose logging for gpg.	2025-01-25 19:10:48 -05:00
Tom Alexander	233bf4e967	Put the sleep back into wireguard.	2025-01-25 17:58:56 -05:00
Tom Alexander	f7adfaf54d	Update lockfile.	2025-01-25 16:28:53 -05:00
Tom Alexander	78c9dec4c4	Disable rom name override. The latest nixpkgs does not support overriding the name so I am removing it now for compatibility.	2025-01-25 16:22:04 -05:00
Tom Alexander	53c12a5b1e	Add sshjail as an ansible plugin.	2025-01-25 15:30:30 -05:00
Tom Alexander	7d94210d8f	Add cmake support to emacs.	2025-01-25 10:20:22 -05:00
Tom Alexander	1ebf31dc11	Remove sleep from wireguard service.	2025-01-25 10:20:22 -05:00
Tom Alexander	82c30bdb77	Add a role for 2ship2harkinian (Majora's Mask).	2025-01-24 21:25:41 -05:00
Tom Alexander	d5e7fdd097	Add bsdtar.	2025-01-24 20:58:03 -05:00
Tom Alexander	40fd7931d0	Add a persist folder for the talexander user.	2025-01-24 20:36:37 -05:00
Tom Alexander	835fd340a2	Add role for Ocarina of Time (shipwright).	2025-01-24 20:23:49 -05:00
Tom Alexander	94ef9ff3c8	Add role to build sm64ex.	2025-01-24 20:08:10 -05:00
Tom Alexander	62d3c010f5	Install nix-tree.	2025-01-24 19:01:51 -05:00
Tom Alexander	e9e792961c	Add a not-working snippet to show where system packages are imported.	2025-01-24 18:53:57 -05:00
Tom Alexander	281dffc9c0	Do not install foot.	2025-01-24 18:42:57 -05:00
Tom Alexander	5bd67bb02a	Move defaultPackages into the reset role.	2025-01-24 18:36:14 -05:00
Tom Alexander	4a76097a5e	Refactor the wireguard role to use lib.mkMerge.	2025-01-24 17:59:07 -05:00
Tom Alexander	facfd01661	Make zsh install conditional.	2025-01-23 21:55:22 -05:00
Tom Alexander	2ce4520cd6	Make zrepl a conditional install.	2025-01-23 21:52:50 -05:00
Tom Alexander	814769b3e9	Do not install waybar on neelix.	2025-01-23 21:43:08 -05:00
Tom Alexander	6424129da3	Do not install wasm role on neelix.	2025-01-23 21:41:08 -05:00
Tom Alexander	415edbad91	Do not install vscode on neelix.	2025-01-23 21:39:57 -05:00
Tom Alexander	a773f94593	Do not install vnc client on neelix.	2025-01-23 21:37:16 -05:00
Tom Alexander	226610c926	Do not install steam or terraform on neelix.	2025-01-23 21:37:15 -05:00
Tom Alexander	7c6afef2bb	Do not install pavucontrol on non-graphical installs.	2025-01-23 21:25:19 -05:00
Tom Alexander	55654fafb1	Do not install rust on neelix.	2025-01-23 21:21:37 -05:00
Tom Alexander	8946868fd6	Do not install qemu on neelix.	2025-01-23 21:18:57 -05:00
Tom Alexander	cd8e9002d0	Do not install python on neelix.	2025-01-23 21:15:48 -05:00
Tom Alexander	e1a274c88e	Do not install media role on neelix.	2025-01-23 21:06:11 -05:00
Tom Alexander	cdc4bdffb6	Git buildEnv is failing.	2025-01-23 20:59:39 -05:00
Tom Alexander	9b9a103e49	Do not install gnome-firmware on non-graphical installs.	2025-01-23 20:46:03 -05:00
Tom Alexander	ea7bf809fc	Do not install the launch keyboard configurator on neelix or non-graphical installs.	2025-01-23 20:42:22 -05:00
Tom Alexander	88a6d046b8	Do not install LaTeX on neelix.	2025-01-23 20:38:54 -05:00
Tom Alexander	d8e16f0b05	Do not install kubernetes clients on neelix.	2025-01-23 20:35:28 -05:00
Tom Alexander	e3fee206a1	Don't install kanshi on non-graphical installs.	2025-01-23 20:20:08 -05:00
Tom Alexander	3be710b4ad	Install meld to git's path when doing a graphical install.	2025-01-23 20:07:23 -05:00
Tom Alexander	b37f8a8e1a	Do not install my git config on neelix.	2025-01-23 19:55:13 -05:00
Tom Alexander	509cceb220	Only install fonts in graphical installs.	2025-01-23 19:48:25 -05:00
Tom Alexander	47408cfce0	Do not install firefox on neelix.	2025-01-23 19:14:25 -05:00
Tom Alexander	812dc40257	Do not install docker on neelix.	2025-01-23 19:09:59 -05:00
Tom Alexander	0e370c0d62	Do not install chromium or catt on neelix.	2025-01-23 19:04:19 -05:00
Tom Alexander	0598c796b7	Do not install ares on neelix.	2025-01-23 18:53:36 -05:00
Tom Alexander	df2efb728d	Don't install alacritty on neelix or non-graphical installs.	2025-01-23 18:47:03 -05:00
Tom Alexander	62fc955b68	Merge branch 'plainmacs' into nix	2025-01-23 18:44:30 -05:00
Tom Alexander	e0644a069d	Add support for non-graphical emacs.	2025-01-23 01:52:56 -05:00
Tom Alexander	054e056d00	Switch to buildEnv instead of symlinkJoin for better control over the joining process.	2025-01-23 01:52:56 -05:00
Tom Alexander	d3ea8b3667	Introduce a plainmacs emacs install flavor.	2025-01-22 21:01:34 -05:00
Tom Alexander	3f945f8ae3	Merge branch 'neelix' into nix	2025-01-22 20:29:12 -05:00
Tom Alexander	93c4aa4c76	Clean up the host-specific configs.	2025-01-22 20:28:58 -05:00
Tom Alexander	4664804d90	Comment out the kodi configs so they remain mutable until I've made a config I like.	2025-01-22 20:12:50 -05:00
Tom Alexander	edc48d00a2	Add some config files.	2025-01-21 23:07:05 -05:00
Tom Alexander	37aa0e6732	Add a bluetooth role.	2025-01-21 22:19:28 -05:00
Tom Alexander	a739728d41	Add neelix public key to sftp server.	2025-01-21 21:23:21 -05:00
Tom Alexander	48c5aebd82	Install jmespath for ansible.	2025-01-21 20:56:48 -05:00
Tom Alexander	c33a1b6c50	Set up memtest86 on neelix.	2025-01-20 22:50:44 -05:00
Tom Alexander	368c455b7f	Persist ssh keys for kodi user.	2025-01-20 22:38:54 -05:00
Tom Alexander	5a5d34911c	Add /etc/hosts entry for neelix.	2025-01-20 21:00:35 -05:00
Tom Alexander	d0c1bb1b65	Do not install sway on neelix.	2025-01-20 20:14:59 -05:00
Tom Alexander	9d49eb9d6a	Add an empty kodi role.	2025-01-20 19:40:54 -05:00
Tom Alexander	ccbc999744	Add a global options role.	2025-01-20 19:27:49 -05:00
Tom Alexander	d537aa599b	Stop the sway-session.target when exiting sway.	2025-01-20 18:43:54 -05:00
Tom Alexander	95d06dfe0e	Enable memtest86 when building the ISO.	2025-01-20 18:43:54 -05:00
Tom Alexander	f2adb9328b	Build zfs into the ISO image.	2025-01-20 18:43:54 -05:00
Tom Alexander	7bc6e0c470	Add a config for neelix.	2025-01-20 18:43:54 -05:00
Tom Alexander	99edb2d161	Use full emacs for e alias.	2025-01-19 23:15:33 -05:00
Tom Alexander	938f8676ff	Add chromecast support.	2025-01-19 13:44:01 -05:00
Tom Alexander	d365b6aea9	Add ncdu to inspect disk usage.	2025-01-19 11:05:00 -05:00
Tom Alexander	8d911ff893	Wrap tofi without forcing a rebuild.	2025-01-19 10:53:54 -05:00
Tom Alexander	2aca77ea1a	Merge branch 'emacs_refactor' into nix	2025-01-19 10:16:27 -05:00
Tom Alexander	1b342d3402	Switch from buildEnv to symlinkJoin to keep dependencies out of the system path.	2025-01-19 10:09:49 -05:00
Tom Alexander	9976e232e6	Move packages out of systemPackages and into the emacs_full package.	2025-01-18 23:11:35 -05:00
Tom Alexander	3baf18f435	Install aspell into the emacs_full environment.	2025-01-18 22:53:09 -05:00
Tom Alexander	e00331bf94	Wrap emacs settings in a mkMerge.	2025-01-18 21:26:17 -05:00
Tom Alexander	8e22d8febb	Switch to a 300hz tickless kernel and enable BBR. Aside from BBR, these settings are copied from arch linux.	2025-01-18 20:15:20 -05:00
Tom Alexander	ed0d1e41d6	Add a notification daemon.	2025-01-18 18:44:00 -05:00
Tom Alexander	2c27d580f4	Add a mode to force focus a window.	2025-01-18 18:40:08 -05:00
Tom Alexander	75ac4b91f3	Add screenshot / screen recording.	2025-01-18 18:33:46 -05:00
Tom Alexander	9abe43096b	Add swaylock.	2025-01-18 18:13:30 -05:00
Tom Alexander	1535800e2f	Replace wofi with tofi.	2025-01-18 17:39:51 -05:00
Tom Alexander	dcffced35a	Add rofimoji.	2025-01-18 14:32:44 -05:00
Tom Alexander	1da36ab7c5	Remove unused portion of zshrc. I will probably move to a similar import system to what I am doing with sway.	2025-01-18 13:18:06 -05:00
Tom Alexander	c694c6ae4c	Make zsh-histdb use sqlite3 directly instead of depending on systemPackages.	2025-01-18 13:12:24 -05:00
Tom Alexander	f524aa168a	Stick with imv instead of swayimg.	2025-01-18 12:16:11 -05:00
Tom Alexander	308206d1cc	Launch a terminal at boot in the live ISO.	2025-01-18 11:55:12 -05:00
Tom Alexander	8ac235cb8c	Move disabling wifi power saving to a host-specific file.	2025-01-18 11:48:53 -05:00
Tom Alexander	5170678a25	Don't garbage collect in a built ISO. The ISO is immutable so garbage collection does not make sense.	2025-01-18 11:33:39 -05:00
Tom Alexander	19cf31b094	Move a zfs setting into the zfs role.	2025-01-18 11:14:19 -05:00
Tom Alexander	4f0024c4f9	Move some graphics bits into the graphics role.	2025-01-18 11:00:30 -05:00
Tom Alexander	41138ab34a	Update to the new secureboot location.	2025-01-18 10:54:34 -05:00
Tom Alexander	f9b18809f9	An update fixed firefox's launch time.	2025-01-17 22:42:57 -05:00
Tom Alexander	fefe46b512	Remove kvm-amd from boot.kernelModules.	2025-01-17 21:36:34 -05:00
Tom Alexander	b4947bcff6	Add vnc client.	2025-01-17 20:30:16 -05:00
Tom Alexander	14baaddcff	Persist factorio data.	2025-01-17 19:07:54 -05:00
Tom Alexander	1c8f2f1c74	Switch back to regular linux.	2025-01-17 18:55:59 -05:00
Tom Alexander	1bfe24f457	Remove duplicate entry for xdg-desktop-portal-wlr.	2025-01-16 20:51:17 -05:00
Tom Alexander	08feb8bad6	Add more tracing commands.	2025-01-15 21:12:28 -05:00
Tom Alexander	cb3b01a74c	Blacklist hardward watchdog for AMD 700 chipset series for power savings.	2025-01-15 21:01:30 -05:00
Tom Alexander	0e95edd8e7	Switch to unstable.	2025-01-15 21:00:57 -05:00
Tom Alexander	d172b1dea2	Add some wasm utilities.	2025-01-14 23:57:24 -05:00
Tom Alexander	2a97a1ee92	Add vscode role.	2025-01-14 23:57:24 -05:00
Tom Alexander	ba4085df1a	Add terraform.	2025-01-14 23:17:26 -05:00
Tom Alexander	7c542364a2	Add firmware updating through fwupd via the Linux Vendor firmware Service (LVFS).	2025-01-14 22:42:52 -05:00
Tom Alexander	0299ebcb43	Add nvme role.	2025-01-14 21:51:53 -05:00
Tom Alexander	c23245b97c	Add TODO.	2025-01-14 21:40:38 -05:00
Tom Alexander	491412c33c	Add seatd.	2025-01-14 21:10:03 -05:00
Tom Alexander	5a5839482d	Add support for the system76 launch keyboard configurator.	2025-01-14 20:16:06 -05:00
Tom Alexander	63408f5664	Set up latex.	2025-01-14 18:04:04 -05:00
Tom Alexander	d338b77d23	Install sshfs.	2025-01-14 17:56:29 -05:00
Tom Alexander	ce9140aa73	Add role for zrepl.	2025-01-13 17:59:03 -05:00
Tom Alexander	dbf3f2e983	Disable the fallback DNS servers.	2025-01-13 17:43:38 -05:00
Tom Alexander	0ca26e73fb	Add more firefox extensions.	2025-01-12 22:43:23 -05:00
Tom Alexander	0fb53a4294	Add preparations for the new location for secureboot keys.	2025-01-12 21:17:47 -05:00
Tom Alexander	4019e6d132	Fix buildkit access to SSH agent.	2025-01-12 21:17:47 -05:00
Tom Alexander	8b1e76d9d7	Add a script to resume a zfs send/recv.	2025-01-12 19:55:15 -05:00
Tom Alexander	477637ae62	Add a script to test fetching PGP keys from a Web Key Directory (WKD).	2025-01-12 18:29:48 -05:00
Tom Alexander	5146a114eb	Introduce a variable for sway includes and disable relatime on the zfs legacy mounts.	2025-01-12 15:39:46 -05:00
Tom Alexander	a817464b38	Preserve steam directories.	2025-01-11 22:36:09 -05:00
Tom Alexander	1acf889c68	Instll steam and the zfs_clone_send / zfs_clone_recv scripts.	2025-01-11 13:48:46 -05:00
Tom Alexander	af07d43c18	Add asian fonts.	2025-01-11 12:50:13 -05:00
Tom Alexander	33f13d898d	Switch to ares instead of bsnes.	2025-01-11 12:09:02 -05:00
Tom Alexander	47d9e203f3	Add media role.	2025-01-10 22:54:32 -05:00
Tom Alexander	1a2ff987fe	Add fw-ectool to framework laptop.	2025-01-09 23:31:27 -05:00
Tom Alexander	16480b3749	Switch to ladspa.	2025-01-09 21:32:37 -05:00
Tom Alexander	0d3901788d	Installing ccid and libusb-compat does not fix it.	2025-01-09 19:04:44 -05:00
Tom Alexander	a3cb2c8632	Add kanshi.	2025-01-09 18:14:45 -05:00
Tom Alexander	6b9660bc44	Switch to mono noise suppression for voice and disable vulkan for chromium.	2025-01-09 17:56:46 -05:00
Tom Alexander	5c41b7efa2	Update software.	2025-01-08 21:43:39 -05:00
Tom Alexander	ead5db241e	Install packages needed to run amd_s2idle.	2025-01-07 23:02:22 -05:00
Tom Alexander	8b074617e8	Use Adwaita cursor theme.	2025-01-06 19:34:28 -05:00
Tom Alexander	13970b53ad	Only decrypt the nix zfs dataset.	2025-01-06 19:21:20 -05:00
Tom Alexander	13d7319a0f	Add nix-index.	2025-01-06 14:32:07 -05:00
Tom Alexander	bd9a85efd3	Add klog alias.	2025-01-05 15:43:23 -05:00
Tom Alexander	4a4c54def4	Disable DNS settings for hotel.	2025-01-02 22:50:55 -05:00
Tom Alexander	18d372c8ee	Revert "Switching to a home-manager config did not fix it." This reverts commit `4599b38ebf`.	2025-01-02 10:27:25 -05:00
Tom Alexander	4599b38ebf	Switching to a home-manager config did not fix it.	2025-01-02 10:27:21 -05:00
Tom Alexander	04a95a2543	More failed attempts to get gpg working.	2025-01-02 09:43:00 -05:00
Tom Alexander	7c5f14ee61	Persist kubernetes client config.	2025-01-02 09:03:19 -05:00
Tom Alexander	d49f12f58f	Enable panel replay.	2025-01-01 19:59:02 -05:00
Tom Alexander	936d3bc34d	Add rust.	2025-01-01 19:16:08 -05:00
Tom Alexander	1b34841921	Comment out specific version of gpg.	2025-01-01 18:43:29 -05:00
Tom Alexander	611904761e	Add kubernetes client.	2025-01-01 18:43:29 -05:00
Tom Alexander	f843b7924f	Add docker.	2025-01-01 18:29:27 -05:00
Tom Alexander	7bb7b89b82	Try a specific version of gpg.	2025-01-01 13:35:29 -05:00
Tom Alexander	c1103775b6	Keep 30 days of /nix.	2025-01-01 13:31:45 -05:00
Tom Alexander	24d89ed704	Default to power-saving mode.	2024-12-31 12:51:23 -05:00
Tom Alexander	e8dff5ece1	Set up wireguard networks using functions.	2024-12-31 11:04:24 -05:00
Tom Alexander	e22b5c1c6c	Add power management kernel parameters.	2024-12-31 10:27:15 -05:00
Tom Alexander	d9bc4f15d8	Add powertop.	2024-12-31 07:44:02 -05:00
Tom Alexander	77ae96ca7a	Set up python.	2024-12-31 07:37:48 -05:00
Tom Alexander	d2f908005c	Persist the .ssh known_hosts.	2024-12-31 07:00:41 -05:00
Tom Alexander	5e74a874ba	Persist sound settings (for example, muted status) and do not enable wireguard in built ISO.	2024-12-29 15:45:52 -05:00
Tom Alexander	fe820e5843	Move remaining nix configs into folders.	2024-12-29 15:27:03 -05:00
Tom Alexander	81315e4c7b	Add a snes emulator.	2024-12-29 15:12:31 -05:00
Tom Alexander	ce8718b042	Add wgh wireguard network.	2024-12-28 21:05:45 -05:00
Tom Alexander	720164497d	More attempts to fix gpg decrypt with yubikey.	2024-12-27 20:53:43 -05:00
Tom Alexander	0b31b91c69	Set up wireguard.	2024-12-27 15:44:00 -05:00
Tom Alexander	2ef181cfab	Attempt to fix gpg decrypt with yubikey. Did not succeed.	2024-12-27 13:09:13 -05:00
Tom Alexander	5a3450fdf8	Add gvfs and git-crypt.	2024-12-26 21:28:31 -05:00
Tom Alexander	aae534308a	Add noise supression to microphone.	2024-12-25 09:17:30 -05:00
Tom Alexander	cbd8f70ce4	Merge branch 'zsh' into nix	2024-12-25 09:17:23 -05:00
Tom Alexander	64d495afa5	Use zsh-histdb package.	2024-12-23 17:28:31 -05:00
Tom Alexander	5e424b35e4	Make a zsh-histdb package.	2024-12-23 15:41:45 -05:00
Tom Alexander	7decd40844	Switch to zsh.	2024-12-23 11:14:18 -05:00
Tom Alexander	9c0f3ce601	Use dark themes.	2024-12-23 10:56:57 -05:00
Tom Alexander	e09eea2049	Switch to zen kernel optimized for znver4.	2024-12-23 10:00:01 -05:00
Tom Alexander	5d23126205	Enable secure boot.	2024-12-22 22:03:03 -05:00
Tom Alexander	748e6dee68	Set firefox as default browser.	2024-12-22 16:14:12 -05:00
Tom Alexander	27aa2f077b	Set up chromium with support for wayland and widevine.	2024-12-22 00:48:57 -05:00
Tom Alexander	69098488f6	Switch to a raw file for fontconfig.	2024-12-21 17:15:54 -05:00
Tom Alexander	14e6e78aee	Add the waybar scripts.	2024-12-21 16:25:40 -05:00
Tom Alexander	a0f9f4baa4	Set up waybar and building ISOs.	2024-12-21 15:46:05 -05:00
Tom Alexander	a7f3754d25	Add more sway config files.	2024-12-20 23:03:51 -05:00
Tom Alexander	54c8459fa1	Switch to vulkan renderer for sway.	2024-12-20 22:45:09 -05:00
Tom Alexander	e26118af4f	Reformat all nix files.	2024-12-20 22:37:44 -05:00
Tom Alexander	764a8c58ce	Add alias for emacs.	2024-12-20 22:36:32 -05:00
Tom Alexander	8f89f1c6c1	Add alacritty config.	2024-12-20 21:59:20 -05:00
Tom Alexander	862829c57c	Preserve firefox cache.	2024-12-20 21:38:19 -05:00
Tom Alexander	aba96213c3	Enable the nixd language server in emacs.	2024-12-20 21:19:22 -05:00
Tom Alexander	e7ab762ee4	Fix firefox launch time.	2024-12-20 21:06:04 -05:00
Tom Alexander	b314982196	Set up firefox.	2024-12-20 18:30:35 -05:00
Tom Alexander	27060fed8d	Preserve gpg directory.	2024-12-20 16:50:27 -05:00
Tom Alexander	20c1c46d12	Set up fonts.	2024-12-20 16:07:12 -05:00
Tom Alexander	3b133ed86c	Do not launch alacritty at the start.	2024-12-20 15:34:02 -05:00
Tom Alexander	0aad0c39f4	Enable wayland support for emacs. This unfortunately means pinning to a specific version (or using 3rd party emacs-overlay).	2024-12-20 15:30:51 -05:00
Tom Alexander	fe1033fa4b	Switch to uid/gid 11235.	2024-12-20 15:22:46 -05:00
Tom Alexander	2ce635d028	Fix emacs config.	2024-12-20 15:03:33 -05:00
Tom Alexander	ba3a6e74eb	Add git config and initial emacs config.	2024-12-20 13:17:13 -05:00
Tom Alexander	7e768022e7	Add hotkeys and window management to sway.	2024-12-19 23:08:19 -05:00
Tom Alexander	a76bd4ebd3	Fix wifi config	2024-12-19 22:20:55 -05:00
Tom Alexander	df89d1b973	Enable redistributable firmware.	2024-12-19 19:52:27 -05:00
Tom Alexander	50811aad77	Set up building an ISO from the config.	2024-12-19 19:36:10 -05:00
Tom Alexander	df3528d62a	Enable graphics acceleration.	2024-12-19 18:59:38 -05:00
Tom Alexander	e97c570bb2	Trust wheel.	2024-12-19 18:09:48 -05:00
Tom Alexander	fbcb0826d2	Extremely minimal sway setup.	2024-12-19 17:33:21 -05:00
Tom Alexander	74499fb6a0	Switch to a different way of building the VM.	2024-12-19 16:28:40 -05:00
Tom Alexander	fbbff409a0	Add a build for a qemu virtual machine.	2024-12-19 16:14:47 -05:00
Tom Alexander	05da118d8f	Start module for sway.	2024-12-19 15:13:56 -05:00
Tom Alexander	033d695fd9	Only set bootloader when in VM.	2024-12-19 15:06:57 -05:00
Tom Alexander	6953cdb81f	Set up a minimal initial config.	2024-12-17 16:46:44 -05:00
Tom Alexander	48f700b803	Add script for managing nix testing vm.	2024-12-17 16:46:43 -05:00
Tom Alexander	e2f8696ed6	Move the window title to the center.	2024-12-16 23:00:50 -05:00
Tom Alexander	3bd4f15fe1	Add window title to waybar.	2024-12-16 22:43:10 -05:00
Tom Alexander	157471952a	Get rid of window title bars.	2024-12-16 18:18:18 -05:00
Tom Alexander	a555876a7e	Sort icons.	2024-12-13 23:06:54 -05:00
Tom Alexander	3116d34994	Add nix support to emacs.	2024-11-29 21:27:08 -05:00
Tom Alexander	5c823f3353	Try a convert vs stream function instead for video conversion.	2024-11-17 21:29:42 -05:00
Tom Alexander	c2f1a0db1c	Merge branch 'template_linfi'	2024-10-21 18:10:49 -04:00
Tom Alexander	c0c12b9eea	Hard-code my wifi regulatory domain to US.	2024-10-21 18:10:39 -04:00
Tom Alexander	d2ff39b5e6	Move my home server over to linfi.	2024-10-21 18:10:39 -04:00
Tom Alexander	e9e6e141d2	Switch to av1 for screen recording.	2024-10-14 18:18:20 -04:00
Tom Alexander	d2c1f5c94f	Disable pf so fileserver doesn't go dark accidentally.	2024-10-14 18:18:20 -04:00
Tom Alexander	cd0208f3fc	Add a script to get the next hop in a route. I never remember the incantation, and its slightly different between FreeBSD and Linux so I am adding this script essentially as a note.	2024-10-13 22:02:59 -04:00
Tom Alexander	9d6ddfd1bd	Merge branch 'linfi'	2024-10-13 20:48:29 -04:00
Tom Alexander	117769d1ab	Set up a linux VM for running wifi.	2024-10-13 20:45:33 -04:00
Tom Alexander	91a138ab9d	Add my custom ports.	2024-10-12 13:17:02 -04:00
`@@ -1,2 +1,2 @@`
	`[headless]`	`[headless]`
	`homeserver ansible_user=talexander ansible_host=10.216.1.1`	`homeserver ansible_user=talexander ansible_host=homeserver`
		`@@ -0,0 +1,2 @@`
							`- import_tasks: tasks/common.yaml`
							`when: linfi is defined and linfi.enabled`
		`@@ -0,0 +1,2 @@`
							`devmatch_enable="YES"`
							`devmatch_blocklist="{{ linfi.driver_blocklist }}"`
		`@@ -0,0 +1,2 @@`
							`- import_tasks: tasks/common.yaml`
							`# when: foo is defined`