Still not working.

Same issue with package based on 2ship2harkinian.
Add a package for starship (Star Fox 64).
2025-01-27 20:38:45 -05:00 · 2025-01-27 19:26:38 -05:00 · 2025-01-27 19:26:38 -05:00 · 2025-01-26 19:04:17 -05:00 · 2025-01-26 18:55:53 -05:00 · 2025-01-26 16:57:18 -05:00
189 changed files with 9605 additions and 886 deletions
--- a/ansible/environments/colo/host_vars/mrmanager
+++ b/ansible/environments/colo/host_vars/mrmanager
@ -14,8 +14,6 @@ pf_config: "mrmanager_pf.conf"
 pflog_conf:
  - name: 0
    dev: pflog0
  - name: 1
    dev: pflog1
 cputype: "amd"
 hwpstate: true
 etc_hosts: {}
@ -38,10 +36,6 @@ jail_list:
    enabled: true
    conf:
      src: public_dns
  - name: rg
    enabled: true
    conf:
      src: rg
 bhyve_dataset: zdata/vm
 bhyve_canmount: "on"
 # efi_dev: /dev/gpt/EFI
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@ -53,7 +53,7 @@
    - javascript
    - launch_keyboard
    - lvfs
-    # - restaurant_health_rating
+    - restaurant_health_rating
    - wasm
    - noise_suppression
--- a/ansible/roles/base/files/gitconfig_home
+++ b/ansible/roles/base/files/gitconfig_home
@ -1,54 +1,35 @@
 [user]
 	email = tom@fizz.buzz
 	name = Tom Alexander
-	signingkey = 36C99E8B3C39D85F
+	signingkey = D3A179C9A53C0EDE
 [push]
-	default = simple # (default since 2.0)
+	default = simple
 [alias]
 	lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
 	bh = log --oneline --branches=* --remotes=* --graph --decorate
 	amend = commit --amend --no-edit
        authorcount = shortlog --summary --numbered --all --no-merges
 [core]
 	excludesfile = ~/.gitignore_global
 [commit]
 	gpgsign = true
 	verbose = true
 [pull]
 	rebase = true
 [log]
 	date = local
 [init]
 	defaultBranch = main
 # Use meld for `git difftool` and `git mergetool`
 [diff]
-	tool = meld # Use meld for `git difftool` and `git mergetool`
+	tool = meld
 	algorithm = histogram
 	colorMoved = plain
 	mnemonicPrefix = true
 	renames = true
 [difftool]
 	prompt = false
 [difftool "meld"]
 	cmd = meld "$LOCAL" "$REMOTE"
 [merge]
 	tool = meld
 	conflictStyle = zdiff3
 [mergetool "meld"]
        # Make the middle pane start with partially-merged contents:
 	cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
        # Make the middle pane start without any merge progress:
 	# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"
 [column]
 	ui = auto
 [branch]
 	sort = -committerdate
 [tag]
 	sort = version:refname
 [fetch]
 	prune = true
 	pruneTags = true
 	all = true
 [rebase]
 	autoSquash = true
 	autoStash = true
 	updateRefs = false
--- a/ansible/roles/base/files/gitconfig_work
+++ b/ansible/roles/base/files/gitconfig_work
@ -1,38 +1,33 @@
 [user]
 	email = ThomasA.Alexander@hmhn.org
 	name = Tom Alexander
-	signingkey = 36C99E8B3C39D85F
+	signingkey = D3A179C9A53C0EDE
 [push]
-	default = simple # (default since 2.0)
+	default = simple
 [alias]
 	lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
 	bh = log --oneline --branches=* --remotes=* --graph --decorate
 	amend = commit --amend --no-edit
        authorcount = shortlog --summary --numbered --all --no-merges
 [core]
 	excludesfile = ~/.gitignore_global
 [commit]
 	gpgsign = true
 	verbose = true
 [pull]
 	rebase = true
 [log]
 	date = local
 [init]
 	defaultBranch = main
 # Use meld for `git difftool` and `git mergetool`
 [diff]
-	tool = meld # Use meld for `git difftool` and `git mergetool`
+	tool = meld
 	algorithm = histogram
 	colorMoved = plain
 	mnemonicPrefix = true
 	renames = true
 [difftool]
 	prompt = false
 [difftool "meld"]
 	cmd = meld "$LOCAL" "$REMOTE"
 [merge]
 	tool = meld
 	conflictStyle = zdiff3
 [mergetool "meld"]
        # Make the middle pane start with partially-merged contents:
 	cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
@ -40,19 +35,3 @@
 	# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"
 [includeIf "gitdir:/bridge/"]
 	path = /bridge/git/machine_setup/ansible/roles/base/files/gitconfig_home
 [includeIf "gitdir:/persist/"]
 	path = /bridge/git/machine_setup/ansible/roles/base/files/gitconfig_home
 [column]
 	ui = auto
 [branch]
 	sort = -committerdate
 [tag]
 	sort = version:refname
 [fetch]
 	prune = true
 	pruneTags = true
 	all = true
 [rebase]
 	autoSquash = true
 	autoStash = true
 	updateRefs = false
--- a/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
+++ b/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
@ -153,7 +153,6 @@ function start_vm {
            -D \
            -c $CPU_CORES \
            -m $MEMORY \
            -S \
            -H \
            -P \
            -o 'rtc.use_localtime=false' \
@ -217,7 +216,7 @@ EOF
 mkpeer ${host_interface_name}: bridge ether link0
 name ${host_interface_name}:ether $bridge_name
 EOF
-        ifconfig "$(ngctl msg "${host_interface_name}:" getifname | grep Args | cut -d '"' -f 2)" name "${host_interface_name}" "$ip_range" up
+        ifconfig $(ngctl msg "${host_interface_name}:" getifname | grep Args | cut -d '"' -f 2) name "${host_interface_name}" "$ip_range" up
    fi
 }
--- a/ansible/roles/bhyve/files/bhyverc.bash
+++ b/ansible/roles/bhyve/files/bhyverc.bash
@ -1,464 +0,0 @@
 #!/usr/bin/env bash
 #
 set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 # Share a host directory to the guest via 9pfs.
 #
 # Inside the VM run:
 #   mount -t virtfs -o trans=virtio sharename /some/vm/path
 #   mount -t 9p -o cache=mmap -o msize=512000 sharename /mnt/9p
 #   mount -t 9p -o trans=virtio,cache=mmap,msize=512000 bind9p /path/to/mountpoint
 # bhyve_options="-s 28,virtio-9p,sharename=/"
 # Enable Sound
 # bhyve_options="-s 16,hda,play=/dev/dsp,rec=/dev/dsp"
 # Example usage:
 #
 #   doas bhyverc create-disk zdata/vm/poudriere /vm/poudriere 10
 #   doas bhyverc start poudriere zdata/vm/poudriere /vm/poudriere /vm/iso/FreeBSD-13.2-RELEASE-amd64-bootonly.iso
 #   doas bhyverc start poudriere zdata/vm/poudriere /vm/poudriere
 : ${VERBOSE:="NO"} # or YES
 if [ "$VERBOSE" = "YES" ]; then
    set -x
 fi
 : ${CPU_CORES:="1"}
 : ${MEMORY:="1G"}
 : ${NETWORK:="NAT"} # or RAW or BOTH
 : ${IP_RANGE:="10.215.1.1/24"} # Ignored for RAW networks
 : ${INTERFACE_NAME:="jail_nat"} # or the external interface like lagg0 for RAW networks
 : ${BRIDGE_NAME:="bridge_$INTERFACE_NAME"} # or bridge_raw for RAW networks
 : ${VNC_ENABLE:="NO"}
 : ${VNC_LISTEN:="127.0.0.1:5900"}
 : ${VNC_WIDTH:="1920"}
 : ${VNC_HEIGHT:="1080"}
 : ${BIND9P:=""}
 : ${PREVENT_OOM:="NO"}
 : "${CD:=}"
 : ${SHUTDOWN_TIMEOUT:="600"} # 10 minutes
 ############## Setup #########################
 function die {
    local status_code="$1"
    shift
    (>&2 echo "${@}")
    exit "$status_code"
 }
 function log {
    (>&2 echo "${@}")
 }
 ############## Program #########################
 function main {
    local cmd
    cmd=$1
    shift
    if [ "$cmd" = "start" ]; then
        init
        start "${@}"
    elif [ "$cmd" = "stop" ]; then
        init
        stop "${@}"
    elif [ "$cmd" = "status" ]; then
        init
        status "${@}"
    elif [ "$cmd" = "console" ]; then
        init
        console "${@}"
    elif [ "$cmd" = "_start_body" ]; then
        init
        start_body "${@}"
    elif [ "$cmd" = "create-disk" ]; then
        create_disk "${@}"
    else
        (>&2 echo "Unknown command: $cmd")
        exit 1
    fi
 }
 function start {
    local num_vms="$#"
    if [ "$num_vms" -eq 0 ]; then
        log "No VMs specified."
        return 0
    fi
    while [ "$#" -gt 0 ]; do
        local name="$1"
        shift 1
        log "Starting VM $name."
        start_one "$name"
        [ "$#" -eq 0 ] || sleep 5
    done
 }
 function start_one {
    local name="$1"
    local tmux_name="$name"
    /usr/local/bin/tmux new-session -d -s "$tmux_name" "$0" "_start_body" "$name"
    # /usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env VNC_ENABLE=NO VNC_LISTEN=0.0.0.0:5900 /usr/local/bin/bash /home/talexander/launch_opnsense.bash"
 }
 function launch_pidfile {
    local pidfile="$1"
    shift 1
    mkdir -p "$(dirname "$pidfile")"
    cat > "${pidfile}" <<< "$$"
    set -x
    exec "${@}"
 }
 export -f launch_pidfile
 function stop {
    local num_vms="$#"
    if [ "$num_vms" -eq 0 ]; then
        log "No VMs specified."
        return 0
    fi
    while [ "$#" -gt 0 ]; do
        local name="$1"
        shift 1
        log "Stopping VM $name."
        stop_one "$name"
        [ "$#" -eq 0 ] || sleep 5
    done
 }
 function stop_one {
    local name="$1"
    local pidfile="/run/bhyverc/${name}/pid"
    if [ ! -e "$pidfile" ]; then
        log "Pid file $pidfile does not exist."
        return 0
    fi
    local bhyve_pid
    bhyve_pid=$(cat "$pidfile")
    if ps -p "$bhyve_pid" >/dev/null; then
        # Send ACPI shutdown command
        log "Sending ACPI shutdown to ${name}:${bhyve_pid}."
        kill -SIGTERM "$bhyve_pid"
    fi
    local timeout_start timeout_end
    timeout_start=$(date +%s)
    while ps -p "$bhyve_pid" >/dev/null; do
        timeout_end=$(date +%s)
        if [ $((timeout_end-timeout_start)) -ge "$SHUTDOWN_TIMEOUT" ]; then
            log "${name}:${bhyve_pid} took more than $SHUTDOWN_TIMEOUT seconds to shut down. Hard powering down."
            break
        fi
        log "Waiting for ${name}:${bhyve_pid} to exit."
        sleep 2
    done
    bhyvectl "--vm=$name" --destroy || true
    local timeout_start timeout_end
    timeout_start=$(date +%s)
    while ps -p "$bhyve_pid" >/dev/null; do
        timeout_end=$(date +%s)
        if [ $((timeout_end-timeout_start)) -ge "$SHUTDOWN_TIMEOUT" ]; then
            log "${name}:${bhyve_pid} took more than $SHUTDOWN_TIMEOUT seconds to hard power down. Giving up."
            break
        fi
        log "Waiting for ${name}:${bhyve_pid} to hard power down."
        sleep 2
    done
    rm -f "$pidfile"
    log "Finished stopping $name."
 }
 function status {
    local num_vms="$#"
    if [ "$num_vms" -gt 0 ]; then
        for name in "$@"; do
            status_one "$name"
        done
    else
        log "No VMs specified."
    fi
 }
 function status_one {
    local name="$1"
    local pidfile="/run/bhyverc/${name}/pid"
    if [ ! -e "$pidfile" ]; then
        log "$name is not running."
        return 0
    fi
    local bhyve_pid
    bhyve_pid=$(cat "$pidfile")
    if ! ps -p "$bhyve_pid" >/dev/null; then
        log "$name is not running."
        return 0
    fi
    log "$name is running as pid $bhyve_pid."
 }
 function console {
    local num_vms="$#"
    if [ "$num_vms" -gt 0 ]; then
        for name in "$@"; do
            log "Attaching to console of VM $name."
            console_one "$name"
        done
    else
        log "No VMs specified."
    fi
 }
 function console_one {
    local name="$1"
    local tmux_name="$name"
    exec tmux a -t "$tmux_name"
 }
 function init {
    mkdir -p /run/bhyverc
 }
 ############## Bhyve ###########################
 function create_disk {
    local zfs_path="$1"
    local mount_path="$2"
    local gigabytes="$3"
    zfs create -o "mountpoint=$mount_path" "$zfs_path"
    cp /usr/local/share/edk2-bhyve/BHYVE_UEFI_VARS.fd "${mount_path}/"
    tee "${mount_path}/settings" <<EOF
 CPU_CORES="$CPU_CORES"
 MEMORY="$MEMORY"
 NETWORK="$NETWORK"
 IP_RANGE="$IP_RANGE"
 BRIDGE_NAME="$BRIDGE_NAME"
 INTERFACE_NAME="$INTERFACE_NAME"
 EOF
    zfs create -s "-V${gigabytes}G" -o volmode=dev -o primarycache=metadata -o secondarycache=none "$zfs_path/disk0"
 }
 function start_body {
    local name="$1"
    local zfs_path="zdata/vm/$name"
    local mount_path="/vm/$name"
    local mount_cd="$CD"
    if [ -e "${mount_path}/settings" ]; then
        source "${mount_path}/settings"
    fi
    local host_interface_name="$INTERFACE_NAME" # for raw, external interface
    local bridge_name="$BRIDGE_NAME"
    local ip_range="$IP_RANGE" # for raw this value does not matter
    local mac_address
    mac_address=$(calculate_mac_address "$name")
    if [ "$PREVENT_OOM" = "YES" ]; then
        protect -d -i -p "$$"
    fi
    local additional_args=()
    if [ "$NETWORK" = "NAT" ]; then
        assert_bridge "$host_interface_name" "$bridge_name" "$ip_range"
        local bridge_link_name=$(detect_available_link "${bridge_name}")
        additional_args+=("-s" "2:0,virtio-net,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name},mac=${mac_address}")
    elif [ "$NETWORK" = "RAW" ]; then
        assert_raw "$host_interface_name" "$bridge_name"
        local bridge_link_name=$(detect_available_link "${bridge_name}")
        additional_args+=("-s" "2:0,virtio-net,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name},mac=${mac_address}")
    elif [ "$NETWORK" = "BOTH" ]; then
        assert_bridge "jail_nat" "$bridge_name" "$ip_range"
        assert_raw "$host_interface_name" "bridge_raw"
        local bridge_link_name=$(detect_available_link "${bridge_name}")
        local raw_bridge_link_name=$(detect_available_link "bridge_raw")
        local raw_mac_address=$(calculate_mac_address "${name}_raw")
        additional_args+=("-s" "2:0,virtio-net,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name},mac=${mac_address}")
        additional_args+=("-s" "3:0,virtio-net,netgraph,path=bridge_raw:,peerhook=${raw_bridge_link_name},mac=${raw_mac_address}")
    else
        die 1 "Unrecognized NETWORK type $NETWORK"
    fi
    if [ -n "$BIND9P" ]; then
        additional_args+=("-s" "28,virtio-9p,bind9p=${BIND9P}")
    fi
    # -H release the CPU when guest issues HLT instruction. Otherwise 100% of core will be consumed.
         # -s 3,ahci-cd,/vm/.iso/archlinux-2023.04.01-x86_64.iso \
             # -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080,wait \
            # -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080 \
    # TODO: Look into using nmdm instead of stdio for serial console
    if [ -n "$mount_cd" ]; then
        additional_args+=("-s" "5,ahci-cd,$mount_cd")
    fi
    if [ "$VNC_ENABLE" = "YES" ]; then
        additional_args+=("-s" "29,fbuf,tcp=$VNC_LISTEN,w=$VNC_WIDTH,h=$VNC_HEIGHT")
    fi
    vms+=("$name")
    while true; do
        local pidfile="/run/bhyverc/${name}/pid"
        trap "set +e; stop_one '${name}'" EXIT
        local launch_cmd=()
        launch_cmd+=(
            launch_pidfile "$pidfile"
            bhyve
            -D
            -c "$CPU_CORES"
            -m "$MEMORY"
            -S
            -H
            -o 'rtc.use_localtime=false'
            -s "0,hostbridge"
            -s "4,nvme,/dev/zvol/${zfs_path}/disk0"
            -s "30,xhci,tablet"
            -s "31,lpc" -l "com1,stdio"
            -l "bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd,${mount_path}/BHYVE_UEFI_VARS.fd"
            "${additional_args[@]}"
            "$name"
        )
        set +e
        rm -f "$pidfile"
        (
            IFS=$' \n\t'
            set -ex
            bash -c "${launch_cmd[*]}"
        )
        local exit_code=$?
        log "Exit code ${exit_code}"
        set -e
        if [ $exit_code -eq 0 ]; then
            echo "Rebooting."
            sleep 5
        elif [ $exit_code -eq 1 ]; then
            echo "Powered off."
            break
        elif [ $exit_code -eq 2 ]; then
            echo "Halted."
            break
        elif [ $exit_code -eq 3 ]; then
            echo "Triple fault."
            break
        elif [ $exit_code -eq 4 ]; then
            echo "Exited due to an error."
            break
        fi
    done
 }
 function detect_available_link {
    local bridge_name="$1"
    local linknum=1
    while true; do
        local link_name="link${linknum}"
        if ! ng_exists "${bridge_name}:${link_name}"; then
            echo "$link_name"
            return
        fi
        linknum=$((linknum + 1))
        if [ "$linknum" -gt 90 ]; then
            (>&2 echo "No available links on bridge $bridge_name")
            exit 1
        fi
    done
 }
 function assert_bridge {
    local host_interface_name="$1"
    local bridge_name="$2"
    local ip_range="$3"
    if ! ng_exists "${bridge_name}:"; then
        ngctl -d -f - <<EOF
 mkpeer . eiface hook ether
 name .:hook $host_interface_name
 EOF
        ngctl -d -f - <<EOF
 mkpeer ${host_interface_name}: bridge ether link0
 name ${host_interface_name}:ether $bridge_name
 EOF
        ifconfig "$(ngctl msg "${host_interface_name}:" getifname | grep Args | cut -d '"' -f 2)" name "${host_interface_name}" "$ip_range" up
    fi
 }
 function assert_raw {
    local extif="$1"
    local bridge_name="$2"
    kldload -n ng_bridge ng_eiface ng_ether
    if ! ng_exists "${bridge_name}:"; then
        ngctlcat <<EOF
 # Create a bridge.
 mkpeer $extif: bridge lower link0
 # Assign a name to the bridge.
 name $extif:lower ${bridge_name}
 # Since the host is also using $extif, we need to connect the upper hook also. Otherwise we will lose connectivity.
 connect $extif: ${bridge_name}: upper link1
 # Enable promiscuous mode so the host ethernet adapter accepts packets for all addresses
 msg $extif: setpromisc 1
 # Do not overwrite source address on packets
 msg $extif: setautosrc 0
 EOF
    fi
 }
 function ng_exists {
    ngctl status "${1}" >/dev/null 2>&1
 }
 function calculate_mac_address {
    local name="$1"
    local source
    source=$(md5 -r -s "$name" | awk '{print $1}')
    echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
 }
 function find_available_port {
    local start_port="$1"
    local port="$start_port"
    while true; do
        sockstat -P tcp -p 443
        port=$((port + 1))
    done
 }
 function ngctlcat {
    if [ "$VERBOSE" = "YES" ]; then
        tee /dev/tty | ngctl -d -f -
    else
        ngctl -d -f -
    fi
 }
 main "${@}"
--- a/ansible/roles/bhyve/files/bhyverc.sh
+++ b/ansible/roles/bhyve/files/bhyverc.sh
@ -1,37 +0,0 @@
 #!/bin/sh
 #
 # REQUIRE: LOGIN FILESYSTEMS
 # PROVIDE: bhyverc
 # KEYWORD: shutdown
 . /etc/rc.subr
 name=bhyverc
 rcvar=${name}_enable
 start_cmd="${name}_start"
 stop_cmd="${name}_stop"
 status_cmd="${name}_status"
 console_cmd="${name}_console"
 extra_commands="console"
 load_rc_config $name
 bhyverc_start() {
    export PATH="$PATH:/usr/local/bin"
    exec /usr/local/bin/bhyverc start "${@}"
 }
 bhyverc_status() {
    export PATH="$PATH:/usr/local/bin"
    exec /usr/local/bin/bhyverc status "${@}"
 }
 bhyverc_stop() {
    export PATH="$PATH:/usr/local/bin"
    exec /usr/local/bin/bhyverc stop "${@}"
 }
 bhyverc_console() {
    export PATH="$PATH:/usr/local/bin"
    exec /usr/local/bin/bhyverc console "${@}"
 }
 run_rc_command "$@"
--- a/ansible/roles/bhyve/tasks/freebsd.yaml
+++ b/ansible/roles/bhyve/tasks/freebsd.yaml
@ -22,25 +22,6 @@
  loop:
    - src: bhyve_netgraph_bridge.bash
      dest: /usr/local/bin/bhyve_netgraph_bridge
    - src: bhyverc.bash
      dest: /usr/local/bin/bhyverc
 - name: Install rc script
  copy:
    src: "files/{{ item.src }}"
    dest: "/usr/local/etc/rc.d/{{ item.dest|default(item.src) }}"
    owner: root
    group: wheel
    mode: 0755
  loop:
    - src: bhyverc.sh
      dest: bhyverc
 - name: Enable bhyverc
  community.general.sysrc:
    name: bhyverc_enable
    value: "YES"
    path: /etc/rc.conf.d/bhyverc
 - name: Create zfs dataset
  zfs:
--- a/ansible/roles/build/files/aurutils-sync
+++ b/ansible/roles/build/files/aurutils-sync
@ -5,4 +5,4 @@ set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-GPGKEY=4278299FB84F6875 exec aur sync --makepkg-conf /etc/aurutils/makepkg.conf -c --sign "$@"
+GPGKEY=27DE40D9B8455C1B exec aur sync --makepkg-conf /etc/aurutils/makepkg.conf -c --sign "$@"
--- a/ansible/roles/build/files/gpg.asc
+++ b/ansible/roles/build/files/gpg.asc
@ -1,27 +1,27 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-mDMEaNLjzBYJKwYBBAHaRw8BAQdAoegj6iXzJgxBkW8LyRS8ANRzp0LqyFbW1kRr
+mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
-Z4VtVRK0HlRvbSBBbGV4YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEE
+0H+RsWG0HlRvbSBBbGV4YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEE
-0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS7GoCGwEFCwkIBwIGFQoJCAsCBBYCAwEC
+uEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwEC
-HgECF4AACgkQQngpn7hPaHXNRAEAxOHPULwbf/FIzS7spmdSYrcCX/foaB78rpCT
+HgECF4AACgkQJ95A2bhFXBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0C
-/MzDPvMBANy0PcseR1ZxoHZDcAsYDa0CSCrO6oLwPFriVss3RA0GtB1Ub20gQWxl
+uU4m1/MA+gPDKME7syEtJsTpELEMrxWWpDW0tD/W1iJE7roGYPQPtB1Ub20gQWxl
-eGFuZGVyIDx0b21AZml6ei5idXp6PoiTBBMWCAA7AhsBBQsJCAcCBhUKCQgLAgQW
+eGFuZGVyIDx0b21AZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A
-AgMBAh4BAheAFiEE0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS7MkCGQEACgkQQngp
+2bhFXBsFAl2cFhoCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQJ95A2bhF
-n7hPaHX9fQEA4ngwEKr0nlKxH5bQV9u/EJeI3wbSgBjlnyTQuI79AB4BAO6+frGt
+XBvYJQEA19wc2s/bEKcnHONC3i8UikLFqZXyYoH6/MFjoAteU8sBAKpE7Qq0zbJb
-8S+p6qFZ4ufqyGPfklxPeOJLSYk0PLKVNMcHuDMEaNLm8xYJKwYBBAHaRw8BAQdA
+XWRESzK3u6p7/+kUqOeDltAuKXTe1FAGuDMEXZwWyhYJKwYBBAHaRw8BAQdAPyIL
-HDhppS6yD8j1Bb/i6ku16uQ3qhshDNA9cOQeMxBae9aI9QQYFggAJhYhBNJyyNYW
+4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI9QQYFggAJgIbAhYhBLhIFZNj
-fyaFlGdmb0J4KZ+4T2h1BQJo0ubzAhsCBQkDwmcAAIEJEEJ4KZ+4T2h1diAEGRYI
+wod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2IAQZFggAHRYhBIHmRDmWdVAu
-AB0WIQS9v3ap15pUELURqaY2yZ6LPDnYXwUCaNLm8wAKCRA2yZ6LPDnYXyaNAPsF
+sSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7ejJ4A/iq7N2mMhx+ovOXm1REo
-gR37jEqfgEByVsoKY6bB82T79o9d4FQe1iPsURyuLwD/fkQyV3NwGjysxkoZqYmK
+ASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZLuka/KVB/etkkJvDzvaTtiQQ
-mXJYqtWRBTe2G2UUkm6E/QafHwD+IbkCZ6sGTcexsqzex5x6U8TOvbdVS4dKjSf1
+QG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/EZ3/d8wxfA9E3Fb/1mt4c2Zr
-nVRGxvwBAPiIJsXWVuwmskWMDpcaW/qgQ8hOEuq7/vlkZDGOnMgOuDgEaNLnDBIK
+NnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/duA4lwsLuDMEXZwXARYJKwYB
-KwYBBAGXVQEFAQEHQBcOCDGnrRwv51c5B7QVLMkLC2UKUzPPrahLZHT3RWhmAwEI
+BAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+UiQb8x0k1z2DmTKIfgQYFggA
-B4h+BBgWCAAmFiEE0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS5wwCGwwFCQPCZwAA
+JgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdZgAAoJECfeQNm4
-CgkQQngpn7hPaHUZIAD/ZwQ9sLIwuO5qPFAAkqcaNyt68O6WkD8sKaq1r/TPviAA
+RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SBPG4VvrCzXrmlAP46wUjIRpkM
-/j92d7cRUIkJtS8odRYlK51r9eMeTGh2npaO+j3VKCgBuDMEaNLnJRYJKwYBBAHa
+rTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2cFygSCisGAQQBl1UBBQEBB0AO
-Rw8BAQdAPT7jOLbozd5hacityJHniQ6UbHN+AJcb6jh5rXOnOuSIfgQYFggAJhYh
+0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWIEgMBCAeIfgQYFggAJgIbDBYh
-BNJyyNYWfyaFlGdmb0J4KZ+4T2h1BQJo0uclAhsgBQkDwmcAAAoJEEJ4KZ+4T2h1
+BLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdY5AAoJECfeQNm4RVwbXscA
-rREA/3QE6suVUDl4OS2tCi4z2fh/7kjt29I3IFo+/B0AOumgAP0ao8FGqJyFC8YA
+/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcWd5t8APwIwcuFVZZA3yayhIxi
-7V6T4qrXHbhlqTeofGhQ+iu7HqZVCw==
+3aqYpMRxpn2t6Nswax1MIM8DBQ==
-=OfDR
+=dzEV
 -----END PGP PUBLIC KEY BLOCK-----
--- a/ansible/roles/build/files/gpg_work.asc
+++ b/ansible/roles/build/files/gpg_work.asc
@ -1,27 +1,27 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-mDMEaNLjzBYJKwYBBAHaRw8BAQdAoegj6iXzJgxBkW8LyRS8ANRzp0LqyFbW1kRr
+mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
-Z4VtVRK0HlRvbSBBbGV4YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEE
+0H+RsWG0LVRob21hcyBBbGV4YW5kZXIgPFRob21hc0EuQWxleGFuZGVyQGhtaG4u
-0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS7GoCGwEFCwkIBwIGFQoJCAsCBBYCAwEC
+b3JnPoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAmULicsCGwMFCwkI
-HgECF4AACgkQQngpn7hPaHXNRAEAxOHPULwbf/FIzS7spmdSYrcCX/foaB78rpCT
+BwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhFXBsUtQD9GWPdWc/nSmO0Gp7p
-/MzDPvMBANy0PcseR1ZxoHZDcAsYDa0CSCrO6oLwPFriVss3RA0GtB1Ub20gQWxl
+DzxrieliriAnO+ZCHp31mFbMtToBAPxPYN9y4kgSiXhLiFLoRK5k5FCspksTSitg
-eGFuZGVyIDx0b21AZml6ei5idXp6PoiTBBMWCAA7AhsBBQsJCAcCBhUKCQgLAgQW
+0CbXDE4LuDgEXZwWGhIKKwYBBAGXVQEFAQEHQK202EIAwTBuxARUygOvn+AloMJd
-AgMBAh4BAheAFiEE0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS7MkCGQEACgkQQngp
+ui39m+nMghn1MNo+AwEIB4h4BBgWCAAgFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsF
-n7hPaHX9fQEA4ngwEKr0nlKxH5bQV9u/EJeI3wbSgBjlnyTQuI79AB4BAO6+frGt
+Al2cFhoCGwwACgkQJ95A2bhFXBtNzAEAq5I6xPjIbb23xmhxh5cM/UJxdGedfWMy
-8S+p6qFZ4ufqyGPfklxPeOJLSYk0PLKVNMcHuDMEaNLm8xYJKwYBBAHaRw8BAQdA
+vF6/JtDvtPUBAPQRQn5AMwTOA+CSnliYf7ZjfVOlHscy60XWPlvXLoAJuDMEXZwW
-HDhppS6yD8j1Bb/i6ku16uQ3qhshDNA9cOQeMxBae9aI9QQYFggAJhYhBNJyyNYW
+yhYJKwYBBAHaRw8BAQdAPyIL4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI
-fyaFlGdmb0J4KZ+4T2h1BQJo0ubzAhsCBQkDwmcAAIEJEEJ4KZ+4T2h1diAEGRYI
+9QQYFggAJgIbAhYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2
-AB0WIQS9v3ap15pUELURqaY2yZ6LPDnYXwUCaNLm8wAKCRA2yZ6LPDnYXyaNAPsF
+IAQZFggAHRYhBIHmRDmWdVAusSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7e
-gR37jEqfgEByVsoKY6bB82T79o9d4FQe1iPsURyuLwD/fkQyV3NwGjysxkoZqYmK
+jJ4A/iq7N2mMhx+ovOXm1REoASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZ
-mXJYqtWRBTe2G2UUkm6E/QafHwD+IbkCZ6sGTcexsqzex5x6U8TOvbdVS4dKjSf1
+Luka/KVB/etkkJvDzvaTtiQQQG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/
-nVRGxvwBAPiIJsXWVuwmskWMDpcaW/qgQ8hOEuq7/vlkZDGOnMgOuDgEaNLnDBIK
+EZ3/d8wxfA9E3Fb/1mt4c2ZrNnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/
-KwYBBAGXVQEFAQEHQBcOCDGnrRwv51c5B7QVLMkLC2UKUzPPrahLZHT3RWhmAwEI
+duA4lwsLuDMEXZwXARYJKwYBBAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+
-B4h+BBgWCAAmFiEE0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS5wwCGwwFCQPCZwAA
+UiQb8x0k1z2DmTKIfgQYFggAJgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJl
-CgkQQngpn7hPaHUZIAD/ZwQ9sLIwuO5qPFAAkqcaNyt68O6WkD8sKaq1r/TPviAA
+C4ZwBQkLMdZgAAoJECfeQNm4RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SB
-/j92d7cRUIkJtS8odRYlK51r9eMeTGh2npaO+j3VKCgBuDMEaNLnJRYJKwYBBAHa
+PG4VvrCzXrmlAP46wUjIRpkMrTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2c
-Rw8BAQdAPT7jOLbozd5hacityJHniQ6UbHN+AJcb6jh5rXOnOuSIfgQYFggAJhYh
+FygSCisGAQQBl1UBBQEBB0AO0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWI
-BNJyyNYWfyaFlGdmb0J4KZ+4T2h1BQJo0uclAhsgBQkDwmcAAAoJEEJ4KZ+4T2h1
+EgMBCAeIfgQYFggAJgIbDBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkL
-rREA/3QE6suVUDl4OS2tCi4z2fh/7kjt29I3IFo+/B0AOumgAP0ao8FGqJyFC8YA
+MdY5AAoJECfeQNm4RVwbXscA/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcW
-7V6T4qrXHbhlqTeofGhQ+iu7HqZVCw==
+d5t8APwIwcuFVZZA3yayhIxi3aqYpMRxpn2t6Nswax1MIM8DBQ==
-=OfDR
+=0HtE
 -----END PGP PUBLIC KEY BLOCK-----
--- a/ansible/roles/build/tasks/linux.yaml
+++ b/ansible/roles/build/tasks/linux.yaml
@ -40,11 +40,11 @@
  command: pacman-key -a -
  args:
    stdin: "{{ lookup('file', pgp_key|default('gpg.asc')) }}"
-  when: '"D272C8D6167F26859467666F4278299FB84F6875" not in pacmankeys.stdout'
+  when: '"B848159363C2877917954BE127DE40D9B8455C1B" not in pacmankeys.stdout'
  register: my_key_imported
 - name: Sign my signing key
-  command: pacman-key --lsign-key "D272C8D6167F26859467666F4278299FB84F6875"
+  command: pacman-key --lsign-key "B848159363C2877917954BE127DE40D9B8455C1B"
  when: my_key_imported.changed
 - name: Build the aurutils package
@ -103,8 +103,7 @@
    - /var/cache/pacman/custom/
 - name: Create custom repo db
-  # shell: repo-add --new --sign /var/cache/pacman/custom/custom.db.tar "/home/{{ build_user.name }}/.config/ansible_deploy/aurutils/aurutils-*-any.pkg.tar.*"
+  command: repo-add --new --sign /var/cache/pacman/custom/custom.db.tar "/home/{{ build_user.name }}/.config/ansible_deploy/aurutils/aurutils-*-any.pkg.tar.*"
  command: repo-add --new --sign /var/cache/pacman/custom/custom.db.tar
  become: true
  become_user: "{{ build_user.name }}"
  args:
--- a/ansible/roles/chromium/files/chromium-flags.conf
+++ b/ansible/roles/chromium/files/chromium-flags.conf
@ -1,2 +1,2 @@
 --ozone-platform-hint=auto
--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE,AcceleratedVideoEncoder
+--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE
--- a/ansible/roles/emacs/files/elisp/base-extensions.el
+++ b/ansible/roles/emacs/files/elisp/base-extensions.el
@ -51,27 +51,17 @@
 ;; Persist history over Emacs restarts. Vertico sorts by history position.
 (use-package savehist
  ;; This is an emacs built-in but we're pulling the latest version
  :pin gnu
  :config
  (savehist-mode))
 (use-package which-key
  :pin gnu
  :diminish
  :config
  (which-key-mode))
 (use-package windmove
-  ;; This is an emacs built-in but we're pulling the latest version
+  :config
-  :pin gnu
+  (windmove-default-keybindings))
  :bind
  (
   ("S-<up>" . windmove-up)
   ("S-<right>" . windmove-right)
   ("S-<down>" . windmove-down)
   ("S-<left>" . windmove-left)
   )
  )
 (setq tramp-default-method "ssh")
--- a/ansible/roles/emacs/files/elisp/base.el
+++ b/ansible/roles/emacs/files/elisp/base.el
@ -63,9 +63,6 @@
 show-trailing-whitespace t
 ;; Remove the line when killing it with ctrl-k
 kill-whole-line t
 ;; Show the current project in the mode line
 project-mode-line t
 )
 ;; (setq-default fringes-outside-margins t)
--- a/ansible/roles/emacs/files/elisp/lang-d2.el
+++ b/ansible/roles/emacs/files/elisp/lang-d2.el
@ -1,16 +0,0 @@
 (defun d2-format-buffer ()
  "Run prettier."
  (interactive)
  (run-command-on-buffer "d2" "fmt" "-")
  )
 (use-package d2-mode
  :commands (d2-mode)
  :hook (
         (d2-mode . (lambda ()
                      ;; (add-hook 'before-save-hook 'd2-format-buffer nil 'local)
                      ))
         )
  )
 (provide 'lang-d2)
--- a/ansible/roles/emacs/files/elisp/lang-nix.el
+++ b/ansible/roles/emacs/files/elisp/lang-nix.el
@ -7,14 +7,14 @@
  :commands nix-mode
  :hook (
         (nix-mode . (lambda ()
-                       (eglot-ensure)
+                             ;; (eglot-ensure)
-                       (defclass my/eglot-nix (eglot-lsp-server) ()
+                             ;; (defclass my/eglot-nix (eglot-lsp-server) ()
-                         :documentation
+                             ;;   :documentation
-                         "Own eglot server class.")
+                             ;;   "Own eglot server class.")
-                       (add-to-list 'eglot-server-programs
+                             ;; (add-to-list 'eglot-server-programs
-                                    '(nix-mode . (my/eglot-nix "nixd")))
+                             ;;              '(nix-mode . (my/eglot-nix "nixd")))
-                       (add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
+                             ;; (add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
                             ))
         )
  )
--- a/ansible/roles/emacs/files/elisp/lang-org.el
+++ b/ansible/roles/emacs/files/elisp/lang-org.el
@ -1,23 +1,16 @@
 (use-package org
  :ensure nil
  :commands org-mode
-  :bind (:map org-mode-map
+  :bind (
         ("C-c l" . org-store-link)
         ("C-c a" . org-agenda)
-         ("S-<up>" . org-shiftup)
+         ("C--" . org-timestamp-down)
-         ("S-<right>" . org-shiftright)
+         ("C-=" . org-timestamp-up)
         ("S-<down>" . org-shiftdown)
         ("S-<left>" . org-shiftleft)
         )
  :hook (
         (org-mode . (lambda ()
                       (org-indent-mode +1)
                        ))
         ;; Make windmove work in Org mode:
         (org-shiftup-final . windmove-up)
         (org-shiftleft-final . windmove-left)
         (org-shiftdown-final . windmove-down)
         (org-shiftright-final . windmove-right)
         )
  :config
  (require 'org-tempo)
@ -45,8 +38,6 @@
  ;; TODO: There is an option to set the compiler, could be better than manually doing this here https://orgmode.org/manual/LaTeX_002fPDF-export-commands.html
  ;; (setq org-latex-compiler "lualatex")
  ;; TODO: nixos latex page recommends this line, figure out what it does / why its needed:
  ;; (setq org-preview-latex-default-process 'dvisvgm)
  (setq org-latex-pdf-process
        '("lualatex -shell-escape -interaction nonstopmode -output-directory %o %f"
          "lualatex -shell-escape -interaction nonstopmode -output-directory %o %f"
@ -87,8 +78,4 @@
 (use-package gnuplot)
 (use-package graphviz-dot-mode)
 (use-package htmlize
  ;; For syntax highlighting when exporting to HTML.
  )
 (provide 'lang-org)
--- a/ansible/roles/emacs/files/elisp/util-tree-sitter.el
+++ b/ansible/roles/emacs/files/elisp/util-tree-sitter.el
@ -4,8 +4,6 @@
  :commands (treesit-install-language-grammar treesit-ready-p)
  :init
  (setq treesit-language-source-alist '())
  :custom
  (treesit-max-buffer-size 209715200) ;; 200MiB
  :config
  ;; Default to the max level of detail in treesitter highlighting. This
  ;; can be overridden in each language's use-package call with:
--- a/ansible/roles/emacs/files/init.el
+++ b/ansible/roles/emacs/files/init.el
@ -38,8 +38,4 @@
 (require 'lang-nix)
 (require 'lang-cmake)
 (require 'lang-d2)
 (load-directory autoload-directory)
--- a/ansible/roles/emacs/tasks/linux.yaml
+++ b/ansible/roles/emacs/tasks/linux.yaml
@ -15,7 +15,6 @@
      - typescript-language-server
      - shellcheck
      - vscode-css-languageserver
      - d2 # Generating diagrams
    state: present
 - name: Create directories
--- a/ansible/roles/firefox/defaults/main.yaml
+++ b/ansible/roles/firefox/defaults/main.yaml
@ -40,8 +40,6 @@ firefox_config:
  privacy.fingerprintingProtection: true
  # Allow sending dark mode preference to websites.
  # Allow sending timezone to websites.
-  privacy.fingerprintingProtection.overrides: "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt,-CanvasExtractionFromThirdPartiesIsBlocked"
+  privacy.fingerprintingProtection.overrides: "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked"
  # Disable weather on new tab page
  browser.newtabpage.activity-stream.showWeather: false
  browser.ml.chat.enabled: false
  browser.ml.enabled: false
--- a/ansible/roles/firefox/tasks/linux.yaml
+++ b/ansible/roles/firefox/tasks/linux.yaml
@ -3,5 +3,4 @@
    name:
      - libfido2
      - firefox-developer-edition
      - speech-dispatcher # For TTS
    state: present
--- a/ansible/roles/firewall/files/mrmanager_pf.conf
+++ b/ansible/roles/firewall/files/mrmanager_pf.conf
@ -2,8 +2,7 @@ ext_if = "lagg0"
 not_ext_if = "{ !lagg0 }"
 jail_nat_v4 = "{ 10.215.1.0/24 }"
 not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
-# pub_k8s = "{ 74.80.180.136/29, !74.80.180.138 }"
+pub_k8s = "{ 74.80.180.136/29, !74.80.180.138 }"
 pub_k8s = "{ 74.80.180.137, 74.80.180.139, 74.80.180.140, 74.80.180.141, 74.80.180.142 }"
 dhcp = "{ bootpc, bootps }"
 allow = "{ colo }"
@ -36,22 +35,18 @@ scrub in on $ext_if all fragment reassemble
 nat on $ext_if inet from ! ($ext_if) to ! ($ext_if) -> ($ext_if)
 rdr pass on jail_nat proto {tcp, udp} from any to 10.215.1.1 port 53 tag REDIREXTERNAL -> 1.1.1.1 port 53
-rdr pass on $ext_if proto {tcp, udp} to ($ext_if) port 6443 tag REDIRINTERNAL -> 10.215.1.204 port 6443
+rdr pass on $ext_if proto {tcp, udp} to ($ext_if) port 6443 -> 10.215.1.204 port 6443
 rdr pass on jail_nat proto {tcp, udp} to ($ext_if) port 6443 tag REDIRINTERNAL -> 10.215.1.204 port 6443
-rdr pass on $ext_if proto {tcp, udp} to ($ext_if) port 19993 tag REDIRINTERNAL -> 10.215.1.204 port 19993
+rdr pass on $ext_if proto {tcp, udp} to ($ext_if) port 19993 -> 10.215.1.204 port 19993
 rdr pass on jail_nat proto {tcp, udp} to ($ext_if) port 19993 tag REDIRINTERNAL -> 10.215.1.204 port 19993
-rdr pass proto {tcp, udp} from $not_jail_nat_v4 to ($ext_if) port 65099 tag REDIRINTERNAL -> 10.215.1.210 port 22
+rdr pass proto {tcp, udp} from $not_jail_nat_v4 to ($ext_if) port 65099 -> 10.215.1.210 port 22
 rdr pass proto {tcp, udp} from $jail_nat_v4 to ($ext_if) port 65099 tag REDIRINTERNAL -> 10.215.1.210 port 22
-# log (to pflog1)
+rdr pass proto {tcp, udp} from $not_jail_nat_v4 to ($ext_if) port 53 -> 10.215.1.211 port 53
 rdr pass proto {tcp, udp} from $not_jail_nat_v4 to ($ext_if) port 53 tag REDIRINTERNAL -> 10.215.1.211 port 53
 rdr pass proto {tcp, udp} from $jail_nat_v4 to ($ext_if) port 53 tag REDIRINTERNAL -> 10.215.1.211 port 53
 rdr pass proto {tcp, udp} from $not_jail_nat_v4 to ($ext_if) port 65122 tag REDIRINTERNAL -> 10.215.1.219 port 22
 rdr pass proto {tcp, udp} from $jail_nat_v4 to ($ext_if) port 65122 tag REDIRINTERNAL -> 10.215.1.219 port 22
 nat pass tagged REDIRINTERNAL -> (jail_nat)
 nat pass tagged REDIREXTERNAL -> ($ext_if)
--- a/ansible/roles/framework_laptop/files/screen_brightness_tmpfiles.conf
+++ b/ansible/roles/framework_laptop/files/screen_brightness_tmpfiles.conf
@ -1,2 +1,2 @@
 # Set screen brightness. Ever since enabling adaptive brightness management, my brightness ends up sinking lower on re-boots (I suspect it is saving the actual brightness rather than the set brightness). This forces the brightness back to the level I prefer.
-w- /sys/class/backlight/amdgpu_bl0/brightness - - - - 21845
+w- /sys/class/backlight/amdgpu_bl0/brightness - - - - 85
--- a/ansible/roles/framework_laptop/tasks/linux.yaml
+++ b/ansible/roles/framework_laptop/tasks/linux.yaml
@ -34,7 +34,7 @@
 - name: Configure kernel command line
  zfs:
-    name: "zroot/linux/archwork/be"
+    name: "zroot/linux"
    state: present
    extra_zfs_properties:
      # amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction.
@ -44,7 +44,7 @@
      # amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency.
      # amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
      # amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
-      "org.zfsbootmenu:commandline": "rw quiet amdgpu.abmlevel=2 pcie_aspm=force pcie_aspm.policy=powersupersave nowatchdog amdgpu.dcdebugmask=0x10"
+      "org.zfsbootmenu:commandline": "rw quiet amdgpu.abmlevel=3 pcie_aspm=force pcie_aspm.policy=powersupersave nowatchdog amdgpu.dcdebugmask=0x10"
 - name: Install Configuration
  copy:
--- a/ansible/roles/gpg/files/gpg.asc
+++ b/ansible/roles/gpg/files/gpg.asc
@ -1,27 +1,27 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-mDMEaNLjzBYJKwYBBAHaRw8BAQdAoegj6iXzJgxBkW8LyRS8ANRzp0LqyFbW1kRr
+mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
-Z4VtVRK0HlRvbSBBbGV4YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEE
+0H+RsWG0HlRvbSBBbGV4YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEE
-0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS7GoCGwEFCwkIBwIGFQoJCAsCBBYCAwEC
+uEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwEC
-HgECF4AACgkQQngpn7hPaHXNRAEAxOHPULwbf/FIzS7spmdSYrcCX/foaB78rpCT
+HgECF4AACgkQJ95A2bhFXBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0C
-/MzDPvMBANy0PcseR1ZxoHZDcAsYDa0CSCrO6oLwPFriVss3RA0GtB1Ub20gQWxl
+uU4m1/MA+gPDKME7syEtJsTpELEMrxWWpDW0tD/W1iJE7roGYPQPtB1Ub20gQWxl
-eGFuZGVyIDx0b21AZml6ei5idXp6PoiTBBMWCAA7AhsBBQsJCAcCBhUKCQgLAgQW
+eGFuZGVyIDx0b21AZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A
-AgMBAh4BAheAFiEE0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS7MkCGQEACgkQQngp
+2bhFXBsFAl2cFhoCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQJ95A2bhF
-n7hPaHX9fQEA4ngwEKr0nlKxH5bQV9u/EJeI3wbSgBjlnyTQuI79AB4BAO6+frGt
+XBvYJQEA19wc2s/bEKcnHONC3i8UikLFqZXyYoH6/MFjoAteU8sBAKpE7Qq0zbJb
-8S+p6qFZ4ufqyGPfklxPeOJLSYk0PLKVNMcHuDMEaNLm8xYJKwYBBAHaRw8BAQdA
+XWRESzK3u6p7/+kUqOeDltAuKXTe1FAGuDMEXZwWyhYJKwYBBAHaRw8BAQdAPyIL
-HDhppS6yD8j1Bb/i6ku16uQ3qhshDNA9cOQeMxBae9aI9QQYFggAJhYhBNJyyNYW
+4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI9QQYFggAJgIbAhYhBLhIFZNj
-fyaFlGdmb0J4KZ+4T2h1BQJo0ubzAhsCBQkDwmcAAIEJEEJ4KZ+4T2h1diAEGRYI
+wod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2IAQZFggAHRYhBIHmRDmWdVAu
-AB0WIQS9v3ap15pUELURqaY2yZ6LPDnYXwUCaNLm8wAKCRA2yZ6LPDnYXyaNAPsF
+sSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7ejJ4A/iq7N2mMhx+ovOXm1REo
-gR37jEqfgEByVsoKY6bB82T79o9d4FQe1iPsURyuLwD/fkQyV3NwGjysxkoZqYmK
+ASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZLuka/KVB/etkkJvDzvaTtiQQ
-mXJYqtWRBTe2G2UUkm6E/QafHwD+IbkCZ6sGTcexsqzex5x6U8TOvbdVS4dKjSf1
+QG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/EZ3/d8wxfA9E3Fb/1mt4c2Zr
-nVRGxvwBAPiIJsXWVuwmskWMDpcaW/qgQ8hOEuq7/vlkZDGOnMgOuDgEaNLnDBIK
+NnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/duA4lwsLuDMEXZwXARYJKwYB
-KwYBBAGXVQEFAQEHQBcOCDGnrRwv51c5B7QVLMkLC2UKUzPPrahLZHT3RWhmAwEI
+BAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+UiQb8x0k1z2DmTKIfgQYFggA
-B4h+BBgWCAAmFiEE0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS5wwCGwwFCQPCZwAA
+JgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdZgAAoJECfeQNm4
-CgkQQngpn7hPaHUZIAD/ZwQ9sLIwuO5qPFAAkqcaNyt68O6WkD8sKaq1r/TPviAA
+RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SBPG4VvrCzXrmlAP46wUjIRpkM
-/j92d7cRUIkJtS8odRYlK51r9eMeTGh2npaO+j3VKCgBuDMEaNLnJRYJKwYBBAHa
+rTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2cFygSCisGAQQBl1UBBQEBB0AO
-Rw8BAQdAPT7jOLbozd5hacityJHniQ6UbHN+AJcb6jh5rXOnOuSIfgQYFggAJhYh
+0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWIEgMBCAeIfgQYFggAJgIbDBYh
-BNJyyNYWfyaFlGdmb0J4KZ+4T2h1BQJo0uclAhsgBQkDwmcAAAoJEEJ4KZ+4T2h1
+BLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdY5AAoJECfeQNm4RVwbXscA
-rREA/3QE6suVUDl4OS2tCi4z2fh/7kjt29I3IFo+/B0AOumgAP0ao8FGqJyFC8YA
+/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcWd5t8APwIwcuFVZZA3yayhIxi
-7V6T4qrXHbhlqTeofGhQ+iu7HqZVCw==
+3aqYpMRxpn2t6Nswax1MIM8DBQ==
-=OfDR
+=dzEV
 -----END PGP PUBLIC KEY BLOCK-----
--- a/ansible/roles/gpg/files/gpg_work.asc
+++ b/ansible/roles/gpg/files/gpg_work.asc
@ -1,27 +1,27 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-mDMEaNLjzBYJKwYBBAHaRw8BAQdAoegj6iXzJgxBkW8LyRS8ANRzp0LqyFbW1kRr
+mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
-Z4VtVRK0HlRvbSBBbGV4YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEE
+0H+RsWG0LVRob21hcyBBbGV4YW5kZXIgPFRob21hc0EuQWxleGFuZGVyQGhtaG4u
-0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS7GoCGwEFCwkIBwIGFQoJCAsCBBYCAwEC
+b3JnPoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAmULicsCGwMFCwkI
-HgECF4AACgkQQngpn7hPaHXNRAEAxOHPULwbf/FIzS7spmdSYrcCX/foaB78rpCT
+BwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhFXBsUtQD9GWPdWc/nSmO0Gp7p
-/MzDPvMBANy0PcseR1ZxoHZDcAsYDa0CSCrO6oLwPFriVss3RA0GtB1Ub20gQWxl
+DzxrieliriAnO+ZCHp31mFbMtToBAPxPYN9y4kgSiXhLiFLoRK5k5FCspksTSitg
-eGFuZGVyIDx0b21AZml6ei5idXp6PoiTBBMWCAA7AhsBBQsJCAcCBhUKCQgLAgQW
+0CbXDE4LuDgEXZwWGhIKKwYBBAGXVQEFAQEHQK202EIAwTBuxARUygOvn+AloMJd
-AgMBAh4BAheAFiEE0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS7MkCGQEACgkQQngp
+ui39m+nMghn1MNo+AwEIB4h4BBgWCAAgFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsF
-n7hPaHX9fQEA4ngwEKr0nlKxH5bQV9u/EJeI3wbSgBjlnyTQuI79AB4BAO6+frGt
+Al2cFhoCGwwACgkQJ95A2bhFXBtNzAEAq5I6xPjIbb23xmhxh5cM/UJxdGedfWMy
-8S+p6qFZ4ufqyGPfklxPeOJLSYk0PLKVNMcHuDMEaNLm8xYJKwYBBAHaRw8BAQdA
+vF6/JtDvtPUBAPQRQn5AMwTOA+CSnliYf7ZjfVOlHscy60XWPlvXLoAJuDMEXZwW
-HDhppS6yD8j1Bb/i6ku16uQ3qhshDNA9cOQeMxBae9aI9QQYFggAJhYhBNJyyNYW
+yhYJKwYBBAHaRw8BAQdAPyIL4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI
-fyaFlGdmb0J4KZ+4T2h1BQJo0ubzAhsCBQkDwmcAAIEJEEJ4KZ+4T2h1diAEGRYI
+9QQYFggAJgIbAhYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2
-AB0WIQS9v3ap15pUELURqaY2yZ6LPDnYXwUCaNLm8wAKCRA2yZ6LPDnYXyaNAPsF
+IAQZFggAHRYhBIHmRDmWdVAusSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7e
-gR37jEqfgEByVsoKY6bB82T79o9d4FQe1iPsURyuLwD/fkQyV3NwGjysxkoZqYmK
+jJ4A/iq7N2mMhx+ovOXm1REoASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZ
-mXJYqtWRBTe2G2UUkm6E/QafHwD+IbkCZ6sGTcexsqzex5x6U8TOvbdVS4dKjSf1
+Luka/KVB/etkkJvDzvaTtiQQQG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/
-nVRGxvwBAPiIJsXWVuwmskWMDpcaW/qgQ8hOEuq7/vlkZDGOnMgOuDgEaNLnDBIK
+EZ3/d8wxfA9E3Fb/1mt4c2ZrNnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/
-KwYBBAGXVQEFAQEHQBcOCDGnrRwv51c5B7QVLMkLC2UKUzPPrahLZHT3RWhmAwEI
+duA4lwsLuDMEXZwXARYJKwYBBAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+
-B4h+BBgWCAAmFiEE0nLI1hZ/JoWUZ2ZvQngpn7hPaHUFAmjS5wwCGwwFCQPCZwAA
+UiQb8x0k1z2DmTKIfgQYFggAJgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJl
-CgkQQngpn7hPaHUZIAD/ZwQ9sLIwuO5qPFAAkqcaNyt68O6WkD8sKaq1r/TPviAA
+C4ZwBQkLMdZgAAoJECfeQNm4RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SB
-/j92d7cRUIkJtS8odRYlK51r9eMeTGh2npaO+j3VKCgBuDMEaNLnJRYJKwYBBAHa
+PG4VvrCzXrmlAP46wUjIRpkMrTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2c
-Rw8BAQdAPT7jOLbozd5hacityJHniQ6UbHN+AJcb6jh5rXOnOuSIfgQYFggAJhYh
+FygSCisGAQQBl1UBBQEBB0AO0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWI
-BNJyyNYWfyaFlGdmb0J4KZ+4T2h1BQJo0uclAhsgBQkDwmcAAAoJEEJ4KZ+4T2h1
+EgMBCAeIfgQYFggAJgIbDBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkL
-rREA/3QE6suVUDl4OS2tCi4z2fh/7kjt29I3IFo+/B0AOumgAP0ao8FGqJyFC8YA
+MdY5AAoJECfeQNm4RVwbXscA/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcW
-7V6T4qrXHbhlqTeofGhQ+iu7HqZVCw==
+d5t8APwIwcuFVZZA3yayhIxi3aqYpMRxpn2t6Nswax1MIM8DBQ==
-=OfDR
+=0HtE
 -----END PGP PUBLIC KEY BLOCK-----
--- a/ansible/roles/jail/files/jails/rg.conf
+++ b/ansible/roles/jail/files/jails/rg.conf
@ -1,15 +0,0 @@
 rg {
    path = "/jail/${name}";
    vnet;
    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24";
    exec.poststop += "sleep 10; /usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}";
    vnet.interface += "jail${name}";
    devfs_ruleset = 14;
    mount.devfs;
    mount.fstab = "/etc/fstab.${name}";
    exec.start += "/bin/sh /etc/rc";
    exec.stop = "/bin/sh /etc/rc.shutdown jail";
    exec.consolelog = "/var/log/jail_${name}_console.log";
 }
--- a/ansible/roles/jail/templates/new_jail.bash.j2
+++ b/ansible/roles/jail/templates/new_jail.bash.j2
@ -26,7 +26,7 @@ function by_src {
 }
 function by_bin {
-    DESTRELEASE=14.3-RELEASE
+    DESTRELEASE=13.2-RELEASE
    DESTARCH=`uname -m`
    SOURCEURL=http://ftp.freebsd.org/pub/FreeBSD/releases/$DESTARCH/$DESTRELEASE/
    for component in base ports; do fetch $SOURCEURL/$component.txz -o - | tar -xf - -C "$DESTDIR" ; done
--- a/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf
+++ b/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf
@ -94,18 +94,7 @@
                        // momlaptop - hard-coded in rc.conf, reproduced here to reserve ip
                        "hw-address": "06:85:69:c5:6a:d6",
                        "ip-address": "10.215.1.218"
                    },
                    {
                        // hydra
                        "hw-address": "06:84:36:68:03:77",
                        "ip-address": "10.215.1.219"
                    },
                    {
                        // certificate - hard-coded in rc.conf, reproduced here to reserve ip
                        "hw-address": "06:7b:e0:08:16:5d",
                        "ip-address": "10.215.1.220"
                    }
                ]
            }
        ],
--- a/ansible/roles/javascript/tasks/linux.yaml
+++ b/ansible/roles/javascript/tasks/linux.yaml
@ -1,3 +1,19 @@
 - name: Build aur packages
  register: buildaur
  become_user: "{{ build_user.name }}"
  command: "aurutils-sync --no-view {{ item }}"
  args:
    creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
  loop:
    - nvm
 - name: Update cache
  when: buildaur.changed
  pacman:
    name: []
    state: present
    update_cache: true
 - name: Install packages
  package:
    name:
--- a/ansible/roles/kanshi/files/config_kanshi
+++ b/ansible/roles/kanshi/files/config_kanshi
@ -1,11 +1,3 @@
 profile office {
 	output eDP-1 disable
 	output "Dell Inc. DELL C2722DE 6PH6T83" enable
 }
 profile office2 {
 	output eDP-1 disable
 	output "BOE 0x0BCA Unknown" enable
 }
 profile docked {
 	output eDP-1 disable
 	output "Dell Inc. DELL U3014 P1V6N35M329L" enable
--- a/ansible/roles/mrmanager/files/nfsd_rc.conf
+++ b/ansible/roles/mrmanager/files/nfsd_rc.conf
@ -1,4 +1 @@
 nfs_server_enable="YES"
 # nfsv4_server_enable="YES"
 # nfsv4_server_only="YES"
 nfs_server_flags="-u -t --minthreads 1 --maxthreads 32"
--- a/ansible/roles/mrmanager/tasks/freebsd.yaml
+++ b/ansible/roles/mrmanager/tasks/freebsd.yaml
@ -8,37 +8,37 @@
    - name: net.link.ether.inet.proxyall
      value: "1"
-# - name: Install service configuration
+- name: Install service configuration
-#   copy:
+  copy:
-#     src: "files/{{ item }}_rc.conf"
+    src: "files/{{ item }}_rc.conf"
-#     dest: "/etc/rc.conf.d/{{ item }}"
+    dest: "/etc/rc.conf.d/{{ item }}"
-#     mode: 0644
+    mode: 0644
-#     owner: root
+    owner: root
-#     group: wheel
+    group: wheel
-#   loop:
+  loop:
-#     - nfsd
+    - nfsd
-#     - mountd
+    - mountd
-#     - lockd
+    - lockd
-#     - statd
+    - statd
-#     - rpcbind
+    - rpcbind
-# - name: Create zfs datasets
+- name: Create zfs datasets
-#   zfs:
+  zfs:
-#     name: zdata/k8spersistent
+    name: zdata/k8spersistent
-#     state: present
+    state: present
-#     extra_zfs_properties:
+    extra_zfs_properties:
-#       sharenfs: "-network 10.215.1.0/24,-alldirs,-maproot=root:root"
+      sharenfs: "-network 10.215.1.0/24,-alldirs,-maproot=root:root"
-#       mountpoint: /k8spersistent
+      mountpoint: /k8spersistent
-# - name: Update ownership
+- name: Update ownership
-#   file:
+  file:
-#     name: "{{ item }}"
+    name: "{{ item }}"
-#     state: directory
+    state: directory
-#     mode: 0777
+    mode: 0777
-#     owner: root
+    owner: root
-#     group: wheel
+    group: wheel
-#   loop:
+  loop:
-#     - /k8spersistent
+    - /k8spersistent
 - name: Install scripts
  copy:
--- a/ansible/roles/network/files/main.conf
+++ b/ansible/roles/network/files/main.conf
@ -1,11 +1,6 @@
 [DriverQuirks]
 PowerSaveDisable=*
 [General]
 AddressRandomization=network
 EnableNetworkConfiguration=true
 # AddressRandomization=network
-[Rank]
+# Needed for Qualcomm WCN785x
-BandModifier2_4GHz=1.000000
+ControlPortOverNL80211=false
 BandModifier5GHz=1.000000
 BandModifier6GHz=0.000000
--- a/ansible/roles/package_manager/files/freeze_kernel.conf
+++ b/ansible/roles/package_manager/files/freeze_kernel.conf
@ -1,2 +1,2 @@
 [options]
-IgnorePkg   = linux linux-headers chromium
+IgnorePkg   = linux linux-headers
--- a/ansible/roles/package_manager/files/pacman.conf
+++ b/ansible/roles/package_manager/files/pacman.conf
@ -81,6 +81,12 @@ Include = /etc/pacman.d/mirrorlist
 [extra]
 Include = /etc/pacman.d/mirrorlist
 #[community-testing]
 #Include = /etc/pacman.d/mirrorlist
 [community]
 Include = /etc/pacman.d/mirrorlist
 # If you want to run 32 bit applications on your x86_64 system,
 # enable the multilib repositories as required here.
--- a/ansible/roles/public_dns/files/master.db
+++ b/ansible/roles/public_dns/files/master.db
@ -23,9 +23,6 @@ $ORIGIN fizz.buzz.
 ; Allows receivers to know you send your mail via Fastmail, and other servers
 IN TXT v=spf1 include:spf.messagingengine.com ?all
 ; Tell receivers what to do with fake email
 _dmarc IN TXT "v=DMARC1; p=none; rua=mailto:postmaster@fizz.buzz;"
 ns1     IN A     74.80.180.138
 ns2     IN A     74.80.180.138
--- a/ansible/roles/sftp/tasks/common.yaml
+++ b/ansible/roles/sftp/tasks/common.yaml
@ -64,6 +64,23 @@
 #     force: true
 #   diff: false
 - name: Create directories
  file:
    name: "{{ item }}"
    state: directory
    mode: 0700
    owner: nochainstounlock
    group: nochainstounlock
  loop:
    - /home/nochainstounlock/.ssh
 - name: Set authorized keys
  authorized_key:
    user: nochainstounlock
    key: |
      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrjXsXjtxEm47XnRZfo67kJULoc0NBLrB0lPYFiS2Ar kodi@neelix
    exclusive: true
 - import_tasks: tasks/freebsd.yaml
  when: 'os_flavor == "freebsd"'
--- a/ansible/roles/sshd/files/keys/yubikey.pub
+++ b/ansible/roles/sshd/files/keys/yubikey.pub
@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky cardno:000611194908
--- a/ansible/roles/sway/files/config
+++ b/ansible/roles/sway/files/config
@ -23,7 +23,6 @@ set $menu wofi --show drun --gtk-dark
 # Do not show a title bar on windows
 default_border pixel 2
 hide_edge_borders smart_no_gaps
 bindsym $mod+grave exec $term
--- a/ansible/roles/sway/files/start_screen_share.bash
+++ b/ansible/roles/sway/files/start_screen_share.bash
@ -5,6 +5,6 @@ set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-makoctl mode -s do-not-disturb
+makoctl set-mode do-not-disturb
 swaymsg output "'Dell Inc. DELL U3014 P1V6N35M329L'" scale 2
--- a/ansible/roles/sway/files/stop_screen_share.bash
+++ b/ansible/roles/sway/files/stop_screen_share.bash
@ -5,6 +5,6 @@ set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-makoctl mode -s default
+makoctl set-mode default
 swaymsg output "'Dell Inc. DELL U3014 P1V6N35M329L'" scale 1
--- a/ansible/roles/sway/tasks/linux.yaml
+++ b/ansible/roles/sway/tasks/linux.yaml
@ -5,7 +5,7 @@
  args:
    creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
  loop:
-    # - wlvncc-git
+    - wlvncc-git
    - wl-screenrec-git
 - name: Update cache
@ -23,7 +23,7 @@
      - xorg-xeyes
      - xorg-xwayland
      - rofimoji
-      # - wlvncc-git
+      - wlvncc-git
      - wl-screenrec-git # screen recording
 - name: Install scripts
--- a/ansible/roles/vscode/files/keybindings.json
+++ b/ansible/roles/vscode/files/keybindings.json
@ -20,12 +20,6 @@
        "command": "-workbench.action.navigateBack",
        "when": "canNavigateBack"
    },
  {
    // This isn't quite right. In emacs it would go back to the last location you performed an action which could include navigation. This goes back to the place where you last changed the text. Either way, close enough.
        "key": "ctrl+x ctrl+x",
        "command": "workbench.action.navigateToLastEditLocation",
        "when": "canNavigateToLastEditLocation"
    },
    {
        "key": "shift+alt+/",
        "command": "editor.action.goToReferences",
@ -282,15 +276,5 @@
    {
        "key": "ctrl+k ctrl+p",
        "command": "-workbench.action.showAllEditors"
    },
    {
        "key": "shift+enter",
        "command": "-python.execInREPL",
        "when": "config.python.REPL.sendToNativeREPL && editorTextFocus && !isCompositeNotebook && !jupyter.ownsSelection && !notebookEditorFocused && editorLangId == 'python'"
    },
    {
        "key": "shift+enter",
        "command": "-python.execSelectionInTerminal",
        "when": "editorTextFocus && !findInputFocussed && !isCompositeNotebook && !jupyter.ownsSelection && !notebookEditorFocused && !replaceInputFocussed && editorLangId == 'python'"
    }
 ]
--- a/ansible/roles/vscode/files/settings.json
+++ b/ansible/roles/vscode/files/settings.json
@ -18,7 +18,6 @@
  "workbench.editor.showTabs": "none",
  "workbench.activityBar.location": "hidden",
  "window.menuBarVisibility": "toggle",
  "window.commandCenter": false,
  "explorer.autoReveal": false,
  "[python]": {
    "editor.defaultFormatter": "ms-python.black-formatter",
@ -32,25 +31,11 @@
    "editor.defaultFormatter": "hashicorp.terraform",
    "editor.formatOnSave": true
  },
  "[typescript]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true
  },
  "[typescriptreact]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true
  },
  "javascript.autoClosingTags": false,
  "typescript.autoClosingTags": false,
  "black-formatter.importStrategy": "fromEnvironment",
  "workbench.statusBar.visible": false,
  "git.openRepositoryInParentFolders": "never",
  "files.autoSave": "afterDelay",
  "editor.rulers": [
    100
-  ],
+  ]
  "workbench.secondarySideBar.defaultVisibility": "hidden",
  "editor.autoClosingBrackets": "never",
  "editor.autoSurround": "never",
  "workbench.editor.navigationScope": "editorGroup"
 }
--- a/ansible/roles/zfs/tasks/linux.yaml
+++ b/ansible/roles/zfs/tasks/linux.yaml
@ -27,8 +27,7 @@
  args:
    creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
  loop:
-    # - zfs-dkms-git
+    - zfs-dkms-git
    - zfs-dkms
    - zfs-utils
 - name: Update cache
@ -41,8 +40,7 @@
 - name: Install packages
  package:
    name:
-      # - zfs-dkms-git
+      - zfs-dkms-git
      - zfs-dkms
      - zfs-utils
    state: present
--- a/nix/configuration/configuration.nix
+++ b/nix/configuration/configuration.nix
@ -0,0 +1,254 @@
 {
  config,
  lib,
  pkgs,
  home-manager,
  ...
 }:
 {
  imports = [
    ./roles/reset
    ./roles/global_options
    ./util/unfree_polyfill
    ./roles/iso
    "${
      builtins.fetchTarball {
        url = "https://github.com/nix-community/disko/archive/refs/tags/v1.9.0.tar.gz";
        sha256 = "0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388";
      }
    }/module.nix"
    ./roles/boot
    ./roles/zfs
    ./roles/network
    ./roles/firewall
    ./roles/zsh
    ./roles/zrepl
    ./roles/graphics
    ./roles/sound
    ./roles/sway
    ./roles/kanshi
    ./roles/alacritty
    ./roles/firefox
    ./roles/chromium
    ./roles/emacs
    ./roles/git
    ./roles/fonts
    ./roles/gpg
    ./roles/waybar
    ./roles/qemu
    ./roles/wireguard
    ./roles/ares
    ./roles/ssh
    ./roles/python
    ./roles/docker
    ./roles/kubernetes
    ./roles/rust
    ./roles/media
    ./roles/steam
    ./roles/latex
    ./roles/launch_keyboard
    ./roles/lvfs
    ./roles/nvme
    ./roles/terraform
    ./roles/vscode
    ./roles/wasm
    ./roles/vnc_client
    ./roles/chromecast
    ./roles/memtest86
    ./roles/kodi
    ./roles/ansible
    ./roles/bluetooth
    ./roles/sm64ex
    ./roles/shipwright
    ./roles/2ship2harkinian
    ./roles/nix_index
  ];
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];
  nix.settings.trusted-users = [ "@wheel" ];
  # boot.kernelPackages = pkgs.linuxPackages_6_11;
  hardware.enableRedistributableFirmware = true;
  services.getty = {
    autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
    autologinOnce = true;
  };
  users.mutableUsers = false;
  users.users.talexander = {
    isNormalUser = true;
    createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
    group = "talexander";
    extraGroups = [ "wheel" ];
    uid = 11235;
    packages = with pkgs; [
      tree
    ];
    # Generate with `mkpasswd -m scrypt`
    hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
    ];
  };
  users.groups.talexander.gid = 11235;
  home-manager.users.talexander =
    { pkgs, ... }:
    {
      home.packages = [
        pkgs.atool
        pkgs.httpie
      ];
      programs.bash.enable = true;
      # The state version is required and should stay at the version you
      # originally installed.
      home.stateVersion = "24.11";
    };
  # Automatic garbage collection
  nix.gc = lib.mkIf (!config.me.buildingIso) {
    # Runs nix-collect-garbage --delete-older-than 5d
    automatic = true;
    randomizedDelaySec = "14m";
    options = "--delete-older-than 30d";
  };
  nix.settings.auto-optimise-store = !config.me.buildingIso;
  # Use doas instead of sudo
  security.doas.enable = true;
  security.doas.wheelNeedsPassword = false;
  security.sudo.enable = false;
  security.doas.extraRules = [
    {
      # Retain environment (for example NIX_PATH)
      keepEnv = true;
      persist = true; # Only ask for a password the first time.
    }
  ];
  environment.systemPackages = with pkgs; [
    wget
    mg
    rsync
    libinput
    htop
    tmux
    file
    usbutils # for lsusb
    pciutils # for lspci
    ripgrep
    strace
    ltrace
    trace-cmd # ftrace
    tcpdump
    git-crypt
    gnumake
    ncdu
    nix-tree
    libarchive # bsdtar
  ];
  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
    };
    hostKeys = [
      {
        path = "/persist/ssh/ssh_host_ed25519_key";
        type = "ed25519";
      }
      {
        path = "/persist/ssh/ssh_host_rsa_key";
        type = "rsa";
        bits = 4096;
      }
    ];
  };
  environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
    hideMounts = true;
    directories = [
      "/var/lib/iwd" # Wifi settings
      "/var/lib/nixos" # Contains user information (uids/gids)
      "/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
      "/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
    ];
    files = [
      "/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
      "/etc/ssh/ssh_host_rsa_key"
      "/etc/ssh/ssh_host_rsa_key.pub"
      "/etc/ssh/ssh_host_ed25519_key"
      "/etc/ssh/ssh_host_ed25519_key.pub"
    ];
    users.talexander = {
      directories = [
        {
          directory = "persist";
          user = "talexander";
          group = "talexander";
          mode = "0700";
        }
      ];
    };
  };
  # Write a list of the currently installed packages to /etc/current-system-packages
  environment.etc."current-system-packages".text =
    let
      packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
      sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
      formatted = builtins.concatStringsSep "\n" sortedUnique;
    in
    formatted;
  # environment.etc."system-packages-with-source".text = builtins.concatStringsSep "\n\n" (
  #   builtins.map (
  #     x: x.file + "\n" + builtins.concatStringsSep "\n" (builtins.map (s: "  " + s) x.value)
  #   ) config.environment.systemPackages.definitionsWithLocations
  # );
  # nixpkgs.overlays = [
  #   (final: prev: {
  #     nix = pkgs-unstable.nix;
  #   })
  # ];
  # nixpkgs.overlays = [
  #   (final: prev: {
  #     foot = throw "foo";
  #   })
  # ];
  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;
  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
  # Most users should NEVER change this value after the initial install, for any reason,
  # even if you've upgraded your system to a new NixOS release.
  #
  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
  # to actually do that.
  #
  # This value being lower than the current NixOS release does NOT mean your system is
  # out of date, out of support, or vulnerable.
  #
  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
  # and migrated your data accordingly.
  #
  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "24.11"; # Did you read the comment?
 }
--- a/nix/configuration/flake.lock
+++ b/nix/configuration/flake.lock
@ -0,0 +1,350 @@
 {
  "nodes": {
    "ansible-sshjail": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1,
        "narHash": "sha256-c4Ds4E/10Zj5AQLuJ3JvJTuDK8o2WjVXLcIL7eyhTfw=",
        "path": "flakes/ansible-sshjail",
        "type": "path"
      },
      "original": {
        "path": "flakes/ansible-sshjail",
        "type": "path"
      }
    },
    "crane": {
      "locked": {
        "lastModified": 1731098351,
        "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
        "owner": "ipetkov",
        "repo": "crane",
        "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
        "type": "github"
      },
      "original": {
        "owner": "ipetkov",
        "repo": "crane",
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1730504689,
        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "type": "github"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_2": {
      "inputs": {
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
          "lanzaboote",
          "pre-commit-hooks-nix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1709087332,
        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1737762889,
        "narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "impermanence": {
      "locked": {
        "lastModified": 1737831083,
        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
        "owner": "nix-community",
        "repo": "impermanence",
        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "impermanence",
        "type": "github"
      }
    },
    "lanzaboote": {
      "inputs": {
        "crane": "crane",
        "flake-compat": "flake-compat",
        "flake-parts": "flake-parts",
        "nixpkgs": [
          "nixpkgs"
        ],
        "pre-commit-hooks-nix": "pre-commit-hooks-nix",
        "rust-overlay": "rust-overlay"
      },
      "locked": {
        "lastModified": 1737639419,
        "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
        "owner": "nix-community",
        "repo": "lanzaboote",
        "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "v0.4.2",
        "repo": "lanzaboote",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1737885589,
        "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-b93b4e9b5": {
      "locked": {
        "lastModified": 1713721570,
        "narHash": "sha256-R0s+O5UjTePQRb72XPgtkTmEiOOW8n+1q9Gxt/OJnKU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
        "type": "github"
      }
    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1730741070,
        "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "pre-commit-hooks-nix": {
      "inputs": {
        "flake-compat": [
          "lanzaboote",
          "flake-compat"
        ],
        "gitignore": "gitignore",
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ],
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
        "lastModified": 1731363552,
        "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "ansible-sshjail": "ansible-sshjail",
        "home-manager": "home-manager",
        "impermanence": "impermanence",
        "lanzaboote": "lanzaboote",
        "nixpkgs": "nixpkgs",
        "nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5",
        "zsh-histdb": "zsh-histdb"
      }
    },
    "rust-overlay": {
      "inputs": {
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1731897198,
        "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
        "owner": "oxalica",
        "repo": "rust-overlay",
        "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
        "type": "github"
      },
      "original": {
        "owner": "oxalica",
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "zsh-histdb": {
      "inputs": {
        "flake-utils": "flake-utils_2",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1,
        "narHash": "sha256-5DWw7GnwVZ98HUp/UUJcyUmmy9Bh/mcQB8MQQ0t3ZRo=",
        "path": "flakes/zsh-histdb",
        "type": "path"
      },
      "original": {
        "path": "flakes/zsh-histdb",
        "type": "path"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/nix/configuration/flake.nix
+++ b/nix/configuration/flake.nix
@ -0,0 +1,153 @@
 # Build ISO image
 #   nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#iso.odo
 #   output: result/iso/nixos.iso
 # Run the ISO image
 #   "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
 #        -accel kvm \
 #        -cpu host \
 #        -smp cores=8 \
 #        -m 32768 \
 #        -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
 #        -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" \
 #        -nic user,hostfwd=tcp::60022-:22 \
 #        -boot order=d \
 #        -cdrom "$(readlink -f ./result/iso/nixos.iso)" \
 #        -display vnc=127.0.0.1:0
 #
 # doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd
 # doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" -accel kvm -cpu host -smp cores=8 -m 32768 -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" -nic user,hostfwd=tcp::60022-:22 -boot order=d -cdrom /persist/machine_setup/nix/configuration/result/iso/nixos*.iso -display vnc=127.0.0.1:0
 # Get a repl for this flake
 #   nix repl --expr "builtins.getFlake \"$PWD\""
 # TODO maybe use `nix eval --raw .#iso.odo.outPath`
 # iso.odo.isoName == "nixos.iso"
 # full path = <outPath> / iso / <isoName>
 {
  description = "My system configuration";
  inputs = {
    impermanence.url = "github:nix-community/impermanence";
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4";
    home-manager.url = "github:nix-community/home-manager";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
    lanzaboote = {
      url = "github:nix-community/lanzaboote/v0.4.2";
      # Optional but recommended to limit the size of your system closure.
      inputs.nixpkgs.follows = "nixpkgs";
    };
    zsh-histdb = {
      url = "path:flakes/zsh-histdb";
      # Optional but recommended to limit the size of your system closure.
      inputs.nixpkgs.follows = "nixpkgs";
    };
    ansible-sshjail = {
      url = "path:flakes/ansible-sshjail";
      # Optional but recommended to limit the size of your system closure.
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs =
    {
      self,
      nixpkgs,
      nixpkgs-b93b4e9b5,
      impermanence,
      home-manager,
      lanzaboote,
      zsh-histdb,
      ansible-sshjail,
      ...
    }@inputs:
    let
      base_x86_64_linux = rec {
        system = "x86_64-linux";
        specialArgs = {
          pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
            inherit system;
          };
        };
        modules = [
          impermanence.nixosModules.impermanence
          home-manager.nixosModules.home-manager
          lanzaboote.nixosModules.lanzaboote
          {
            home-manager.useGlobalPkgs = true;
            home-manager.useUserPackages = true;
          }
          {
            nixpkgs.overlays = [
              zsh-histdb.overlays.default
              ansible-sshjail.overlays.default
            ];
          }
          ./configuration.nix
        ];
      };
      systems = {
        odo = {
          main = nixpkgs.lib.nixosSystem (
            base_x86_64_linux
            // {
              modules = base_x86_64_linux.modules ++ [
                ./hosts/odo
              ];
            }
          );
          iso = nixpkgs.lib.nixosSystem (
            base_x86_64_linux
            // {
              modules = base_x86_64_linux.modules ++ [
                ./hosts/odo
                (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
                # TODO: Figure out how to do image based appliances
                # (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
                {
                  isoImage.makeEfiBootable = true;
                  isoImage.makeUsbBootable = true;
                  me.buildingIso = true;
                }
              ];
            }
          );
        };
        neelix = {
          main = nixpkgs.lib.nixosSystem (
            base_x86_64_linux
            // {
              modules = base_x86_64_linux.modules ++ [
                ./hosts/neelix
              ];
            }
          );
          iso = nixpkgs.lib.nixosSystem (
            base_x86_64_linux
            // {
              modules = base_x86_64_linux.modules ++ [
                ./hosts/neelix
                (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
                {
                  isoImage.makeEfiBootable = true;
                  isoImage.makeUsbBootable = true;
                  me.buildingIso = true;
                }
              ];
            }
          );
        };
      };
    in
    {
      nixosConfigurations.odo = systems.odo.main;
      iso.odo = systems.odo.iso.config.system.build.isoImage;
      nixosConfigurations.neelix = systems.neelix.main;
      iso.neelix = systems.neelix.iso.config.system.build.isoImage;
    };
 }
--- a/nix/configuration/flakes/ansible-sshjail/flake.lock
+++ b/nix/configuration/flakes/ansible-sshjail/flake.lock
@ -0,0 +1,61 @@
 {
  "nodes": {
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1735141468,
        "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-24.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/nix/configuration/flakes/ansible-sshjail/flake.nix
+++ b/nix/configuration/flakes/ansible-sshjail/flake.nix
@ -0,0 +1,34 @@
 {
  description = "A slightly better history for zsh";
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
  inputs.flake-utils.url = "github:numtide/flake-utils";
  outputs =
    {
      self,
      nixpkgs,
      flake-utils,
      ...
    }:
    let
      out =
        system:
        let
          pkgs = nixpkgs.legacyPackages.${system};
          # Maybe pkgs = import nixpkgs { inherit system; }; ?
          appliedOverlay = self.overlays.default pkgs pkgs;
        in
        {
          packages = rec {
            default = ansible-sshjail;
            ansible-sshjail = appliedOverlay.ansible-sshjail;
          };
        };
    in
    flake-utils.lib.eachDefaultSystem out
    // {
      overlays.default = final: prev: {
        ansible-sshjail = final.callPackage ./package.nix { };
      };
    };
 }
--- a/nix/configuration/flakes/ansible-sshjail/package.nix
+++ b/nix/configuration/flakes/ansible-sshjail/package.nix
@ -0,0 +1,33 @@
 # unpackPhase
 # patchPhase
 # configurePhase
 # buildPhase
 # checkPhase
 # installPhase
 # fixupPhase
 # installCheckPhase
 # distPhase
 {
  stdenv,
  fetchgit,
  ...
 }:
 stdenv.mkDerivation {
  name = "ansible-sshjail";
  src = fetchgit {
    url = "https://github.com/austinhyde/ansible-sshjail.git";
    rev = "a7b0076fdb680b915d35efafd1382919100532b6";
    sha256 = "sha256-4QX/017fDRzb363NexgvHZ/VFKXOjRgGPDKKygyUylM=";
  };
  phases = [
    "installPhase"
  ];
  installPhase = ''
    runHook preInstall
    mkdir -p $out/share/ansible/plugins/connection_plugins
    cp $src/sshjail.py $out/share/ansible/plugins/connection_plugins/
    runHook postInstall
  '';
 }
--- a/nix/configuration/flakes/starship-game/flake.lock
+++ b/nix/configuration/flakes/starship-game/flake.lock
@ -0,0 +1,61 @@
 {
  "nodes": {
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1735141468,
        "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-24.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/nix/configuration/flakes/starship-game/flake.nix
+++ b/nix/configuration/flakes/starship-game/flake.nix
@ -0,0 +1,34 @@
 {
  description = "A slightly better history for zsh";
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
  inputs.flake-utils.url = "github:numtide/flake-utils";
  outputs =
    {
      self,
      nixpkgs,
      flake-utils,
      ...
    }:
    let
      out =
        system:
        let
          pkgs = nixpkgs.legacyPackages.${system};
          # Maybe pkgs = import nixpkgs { inherit system; }; ?
          appliedOverlay = self.overlays.default pkgs pkgs;
        in
        {
          packages = rec {
            default = starship-game;
            starship-game = appliedOverlay.starship-game;
          };
        };
    in
    flake-utils.lib.eachDefaultSystem out
    // {
      overlays.default = final: prev: {
        starship-game = final.callPackage ./package.nix { };
      };
    };
 }
--- a/nix/configuration/flakes/starship-game/package.nix
+++ b/nix/configuration/flakes/starship-game/package.nix
@ -0,0 +1,261 @@
 {
  lib,
  stdenv,
  SDL2,
  cmake,
  copyDesktopItems,
  fetchFromGitHub,
  fetchpatch,
  fetchurl,
  imagemagick,
  imgui,
  libpng,
  libpulseaudio,
  libzip,
  lsb-release,
  makeDesktopItem,
  makeWrapper,
  ninja,
  nlohmann_json,
  pkg-config,
  python3,
  spdlog,
  stormlib,
  tinyxml-2,
  writeTextFile,
  zenity,
 }:
 let
  # This would get fetched at build time otherwise, see:
  # https://github.com/HarbourMasters/2ship2harkinian/blob/1.0.2/mm/CMakeLists.txt#L708
  gamecontrollerdb = fetchurl {
    name = "gamecontrollerdb.txt";
    url = "https://raw.githubusercontent.com/gabomdq/SDL_GameControllerDB/b1759cf84028aab89caa1c395e198c340b8dfd89/gamecontrollerdb.txt";
    hash = "sha256-7C5EkqBIhLGNJuhi3832y0ffW5Ep7iuTYXb1bL5h2Js=";
  };
  # 2ship needs a specific imgui version
  imgui' = imgui.overrideAttrs rec {
    version = "1.90.6";
    src = fetchFromGitHub {
      owner = "ocornut";
      repo = "imgui";
      rev = "v${version}-docking";
      hash = "sha256-Y8lZb1cLJF48sbuxQ3vXq6GLru/WThR78pq7LlORIzc=";
    };
  };
  libgfxd = fetchFromGitHub {
    owner = "glankk";
    repo = "libgfxd";
    rev = "96fd3b849f38b3a7c7b7f3ff03c5921d328e6cdf";
    hash = "sha256-dedZuV0BxU6goT+rPvrofYqTz9pTA/f6eQcsvpDWdvQ=";
  };
  yaml_cpp = fetchFromGitHub {
    owner = "jbeder";
    repo = "yaml-cpp";
    rev = "f7320141120f720aecc4c32be25586e7da9eb978";
    hash = "sha256-J87oS6Az1/vNdyXu3L7KmUGWzU0IAkGrGMUUha+xDXI=";
  };
  # spdlog = fetchFromGitHub {
  #   owner = "gabime";
  #   repo = "spdlog";
  #   rev = "7e635fca68d014934b4af8a1cf874f63989352b7";
  #   hash = "sha256-cxTaOuLXHRU8xMz9gluYz0a93O0ez2xOxbloyc1m1ns=";
  # };
  # stb_impl = writeTextFile {
  #   name = "stb_impl.c";
  #   text = ''
  #     #define STB_IMAGE_IMPLEMENTATION
  #     #include "stb_image.h"
  #   '';
  # };
  # stb' = fetchurl {
  #   name = "stb_image.h";
  #   url = "https://raw.githubusercontent.com/nothings/stb/0bc88af4de5fb022db643c2d8e549a0927749354/stb_image.h";
  #   hash = "sha256-xUsVponmofMsdeLsI6+kQuPg436JS3PBl00IZ5sg3Vw=";
  # };
  # Apply 2ship's patch for stormlib
  stormlib' = stormlib.overrideAttrs (prev: rec {
    version = "9.25";
    src = fetchFromGitHub {
      owner = "ladislav-zezula";
      repo = "StormLib";
      rev = "v${version}";
      hash = "sha256-HTi2FKzKCbRaP13XERUmHkJgw8IfKaRJvsK3+YxFFdc=";
    };
    nativeBuildInputs = prev.nativeBuildInputs ++ [ pkg-config ];
    patches = (prev.patches or [ ]) ++ [
      (fetchpatch {
        name = "stormlib-optimizations.patch";
        url = "https://github.com/briaguya-ai/StormLib/commit/ff338b230544f8b2bb68d2fbe075175ed2fd758c.patch";
        hash = "sha256-Jbnsu5E6PkBifcx/yULMVC//ab7tszYgktS09Azs5+4=";
      })
    ];
  });
  thread_pool = fetchFromGitHub {
    owner = "bshoshany";
    repo = "thread-pool";
    rev = "v4.1.0";
    hash = "sha256-zhRFEmPYNFLqQCfvdAaG5VBNle9Qm8FepIIIrT9sh88=";
  };
 in
 stdenv.mkDerivation (finalAttrs: {
  pname = "starship-game";
  version = "v1.0.0";
  src = fetchFromGitHub {
    owner = "HarbourMasters";
    repo = "starship";
    # rev = "5e5e49da93e066f51c3010ba38f09331d866f2db";
    tag = finalAttrs.version;
    hash = "sha256-kaLLlLuonqE2DJcRlWR4tCEBNjwIYFlzeDLcYsvMO7I=";
    fetchSubmodules = true;
  };
  # patches = [
  #   # remove fetching stb as we will patch our own
  #   ./0001-deps.patch
  # ];
  nativeBuildInputs = [
    cmake
    copyDesktopItems
    imagemagick
    lsb-release
    makeWrapper
    ninja
    pkg-config
    python3
  ];
  buildInputs = [
    SDL2
    imgui'
    libpng
    libpulseaudio
    libzip
    nlohmann_json
    spdlog
    stormlib'
    tinyxml-2
    zenity
  ];
  cmakeFlags = [
    (lib.cmakeBool "NON_PORTABLE" true)
    (lib.cmakeFeature "CMAKE_INSTALL_PREFIX" "${placeholder "out"}/starship-game")
    (lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_IMGUI" "${imgui'.src}")
    (lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_LIBGFXD" "${libgfxd}")
    (lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_STORMLIB" "${stormlib'}")
    (lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_THREADPOOL" "${thread_pool}")
  ];
  dontAddPrefix = true;
  # Linking fails without this
  hardeningDisable = [ "format" ];
  # Pie needs to be enabled or else it segfaults
  hardeningEnable = [ "pie" ];
  # preConfigure = ''
  #   # mirror 2ship's stb
  #   mkdir stb
  #   cp ${stb'} ./stb/${stb'.name}
  #   cp ${stb_impl} ./stb/${stb_impl.name}
  #   substituteInPlace libultraship/cmake/dependencies/common.cmake \
  #     --replace-fail "\''${STB_DIR}" "/build/source/stb"
  # '';
  # (cd tools/Torch && cmake -H. -Bbuild-cmake -GNinja \
  # -DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
  # -DFETCHCONTENT_SOURCE_DIR_YAML-CPP=${finalAttrs.yaml_cpp_src} \
  # -DFETCHCONTENT_SOURCE_DIR_SPDLOG=${finalAttrs.spdlog_src}
  # )
  configurePhase = ''
    cmake -H. -Bbuild-cmake -GNinja \
    -DFETCHCONTENT_SOURCE_DIR_IMGUI=${imgui'.src} \
    -DFETCHCONTENT_SOURCE_DIR_STORMLIB=${stormlib'} \
    -DFETCHCONTENT_SOURCE_DIR_THREADPOOL=${thread_pool}
    (cd tools/Torch && cmake -H. -Bbuild-cmake -GNinja \
    -DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
    -DFETCHCONTENT_SOURCE_DIR_YAML-CPP=${yaml_cpp} \
    -DFETCHCONTENT_SOURCE_DIR_SPDLOG=${spdlog}
    )
    (cd libultraship && cmake -H. -Bbuild-cmake -GNinja \
    -DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
    -DFETCHCONTENT_SOURCE_DIR_IMGUI=${imgui'.src} \
    -DFETCHCONTENT_SOURCE_DIR_STORMLIB=${stormlib'} \
    -DFETCHCONTENT_SOURCE_DIR_THREADPOOL=${thread_pool}
    )
  '';
  buildPhase = ''
    cmake --build build-cmake
  '';
  postBuild = ''
    cp ${gamecontrollerdb} ${gamecontrollerdb.name}
    pushd ../OTRExporter
    python3 ./extract_assets.py -z ../build/ZAPD/ZAPD.out --norom --xml-root ../mm/assets/xml --custom-assets-path ../mm/assets/custom --custom-otr-file 2ship.o2r --port-ver ${finalAttrs.version}
    popd
  '';
  preInstall = ''
    # Cmake likes it here for its install paths
    cp ../OTRExporter/2ship.o2r mm/
  '';
  postInstall = ''
    mkdir -p $out/bin
    ln -s $out/2s2h/2s2h.elf $out/bin/2s2h
    install -Dm644 ../mm/linux/2s2hIcon.png $out/share/pixmaps/2s2h.png
  '';
  postFixup = ''
    wrapProgram $out/2s2h/2s2h.elf --prefix PATH ":" ${lib.makeBinPath [ zenity ]}
  '';
  desktopItems = [
    (makeDesktopItem {
      name = "starship";
      icon = "starship";
      exec = "starship";
      comment = finalAttrs.meta.description;
      genericName = "Starship";
      desktopName = "starship";
      categories = [ "Game" ];
    })
  ];
  meta = {
    homepage = "https://github.com/HarbourMasters/2ship2harkinian";
    description = "A PC port of Majora's Mask with modern controls, widescreen, high-resolution, and more";
    mainProgram = "starship";
    platforms = [ "x86_64-linux" ];
    maintainers = with lib.maintainers; [ ];
    license = with lib.licenses; [
      # # OTRExporter, OTRGui, ZAPDTR, libultraship
      # mit
      # # 2 Ship 2 Harkinian
      # cc0
      # # Reverse engineering
      # unfree
    ];
  };
 })
--- a/nix/configuration/flakes/zsh-histdb/flake.lock
+++ b/nix/configuration/flakes/zsh-histdb/flake.lock
@ -0,0 +1,61 @@
 {
  "nodes": {
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1735141468,
        "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-24.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/nix/configuration/flakes/zsh-histdb/flake.nix
+++ b/nix/configuration/flakes/zsh-histdb/flake.nix
@ -0,0 +1,34 @@
 {
  description = "A slightly better history for zsh";
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
  inputs.flake-utils.url = "github:numtide/flake-utils";
  outputs =
    {
      self,
      nixpkgs,
      flake-utils,
      ...
    }:
    let
      out =
        system:
        let
          pkgs = nixpkgs.legacyPackages.${system};
          # Maybe pkgs = import nixpkgs { inherit system; }; ?
          appliedOverlay = self.overlays.default pkgs pkgs;
        in
        {
          packages = rec {
            default = zsh-histdb;
            zsh-histdb = appliedOverlay.zsh-histdb;
          };
        };
    in
    flake-utils.lib.eachDefaultSystem out
    // {
      overlays.default = final: prev: {
        zsh-histdb = final.callPackage ./package.nix { };
      };
    };
 }
--- a/nix/configuration/flakes/zsh-histdb/package.nix
+++ b/nix/configuration/flakes/zsh-histdb/package.nix
@ -0,0 +1,36 @@
 # unpackPhase
 # patchPhase
 # configurePhase
 # buildPhase
 # checkPhase
 # installPhase
 # fixupPhase
 # installCheckPhase
 # distPhase
 {
  stdenv,
  pkgs,
  sqlite,
  ...
 }:
 stdenv.mkDerivation {
  name = "zsh-histdb";
  src = pkgs.fetchgit {
    url = "https://github.com/larkery/zsh-histdb.git";
    rev = "90a6c104d0fcc0410d665e148fa7da28c49684eb";
    sha256 = "sha256-vtG1poaRVbfb/wKPChk1WpPgDq+7udLqLfYfLqap4Vg=";
  };
  buildInputs = [ sqlite ];
  phases = [
    "installPhase"
  ];
  installPhase = ''
    runHook preInstall
    mkdir -p $out/share/zsh/plugins/zsh-histdb
    cp -r $src/histdb-* $src/*.zsh $src/db_migrations $out/share/zsh/plugins/zsh-histdb/
    runHook postInstall
  '';
  postInstall = ''
    substituteInPlace $out/share/zsh/plugins/zsh-histdb/sqlite-history.zsh $out/share/zsh/plugins/zsh-histdb/histdb-merge $out/share/zsh/plugins/zsh-histdb/histdb-migrate --replace-fail "sqlite3" "${sqlite}/bin/sqlite3"
  '';
 }
--- a/nix/configuration/hosts/neelix/default.nix
+++ b/nix/configuration/hosts/neelix/default.nix
@ -0,0 +1,38 @@
 { config, pkgs, ... }:
 {
  imports = [
    ./hardware-configuration.nix
    ./disk-config.nix
    ./optimized_build.nix
    ./power_management.nix
  ];
  # Generate with `head -c4 /dev/urandom | od -A none -t x4`
  networking.hostId = "fbd233d8";
  networking.hostName = "neelix"; # Define your hostname.
  time.timeZone = "America/New_York";
  i18n.defaultLocale = "en_US.UTF-8";
  me.secureBoot.enable = false;
  # Early KMS
  boot.initrd.kernelModules = [ "i915" ];
  # Mount tmpfs at /tmp
  boot.tmp.useTmpfs = true;
  me.bluetooth.enable = true;
  me.emacs_flavor = "plainmacs";
  me.graphical = true;
  me.graphics_card_type = "intel";
  me.kodi.enable = true;
  me.lvfs.enable = true;
  me.sound.enable = true;
  me.wireguard.activated = [ "wgh" ];
  me.wireguard.deactivated = [ "wgf" ];
  me.zrepl.enable = true;
  me.zsh.enable = true;
 }
--- a/nix/configuration/hosts/neelix/disk-config.nix
+++ b/nix/configuration/hosts/neelix/disk-config.nix
@ -0,0 +1,140 @@
 # Manual Step:
 #   Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
 #   Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
 {
  config,
  lib,
  pkgs,
  ...
 }:
 lib.mkIf (!config.me.buildingIso) {
  disko.devices = {
    disk = {
      main = {
        type = "disk";
        device = "/dev/nvme0n1";
        content = {
          type = "gpt";
          partitions = {
            ESP = {
              size = "1G";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
                mountOptions = [
                  "umask=0077"
                  "noatime"
                  "discard"
                ];
              };
            };
            zfs = {
              size = "100%";
              content = {
                type = "zfs";
                pool = "zroot";
              };
            };
          };
        };
      };
    };
    zpool = {
      zroot = {
        type = "zpool";
        # mode = "mirror";
        # Workaround: cannot import 'zroot': I/O error in disko tests
        options.cachefile = "none";
        options = {
          ashift = "12";
          compatibility = "openzfs-2.2-freebsd";
          autotrim = "on";
        };
        rootFsOptions = {
          acltype = "posixacl";
          atime = "off";
          relatime = "off";
          xattr = "sa";
          mountpoint = "none";
          compression = "lz4";
          canmount = "off";
          utf8only = "on";
          dnodesize = "auto";
          normalization = "formD";
        };
        datasets = {
          "linux/nix" = {
            type = "zfs_fs";
            options.mountpoint = "none";
          };
          "linux/nix/root" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
          };
          "linux/nix/nix" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/nix";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
            options = {
              recordsize = "1MiB";
              compression = "lz4";
            };
          };
          "linux/nix/home" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/home";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
          };
          "linux/nix/persist" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/persist";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
          };
          "linux/nix/state" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/state";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
          };
        };
      };
    };
  };
  # Make sure all persistent volumes are marked as neededForBoot
  #
  # Also mounts /home so it is mounted before the user home directories are created.
  fileSystems."/persist".neededForBoot = true;
  fileSystems."/state".neededForBoot = true;
  fileSystems."/home".neededForBoot = true;
  fileSystems."/".options = [
    "noatime"
    "norelatime"
  ];
  fileSystems."/nix".options = [
    "noatime"
    "norelatime"
  ];
  fileSystems."/persist".options = [
    "noatime"
    "norelatime"
  ];
  fileSystems."/state".options = [
    "noatime"
    "norelatime"
  ];
  fileSystems."/home".options = [
    "noatime"
    "norelatime"
  ];
 }
--- a/nix/configuration/hosts/neelix/hardware-configuration.nix
+++ b/nix/configuration/hosts/neelix/hardware-configuration.nix
@ -0,0 +1,32 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/nix/configuration/hosts/neelix/optimized_build.nix
+++ b/nix/configuration/hosts/neelix/optimized_build.nix
@ -0,0 +1,78 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  config = lib.mkMerge [
    { }
    (lib.mkIf (!config.me.buildingIso) {
      nix.settings.system-features = lib.mkForce [
        "gccarch-alderlake"
        "gccarch-x86-64-v3"
        "benchmark"
        "big-parallel"
        "kvm"
        "nixos-test"
      ];
      # nixpkgs.hostPlatform = {
      #   gcc.arch = "alderlake";
      #   gcc.tune = "alderlake";
      #   system = "x86_64-linux";
      # };
      nixpkgs.overlays = [
        (
          self: super:
          let
            optimizeWithFlags =
              pkg: flags:
              pkg.overrideAttrs (old: {
                NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
              });
            addConfig =
              additionalConfig: pkg:
              pkg.override (oldconfig: {
                structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
              });
          in
          {
            linux_alderlake =
              addConfig
                {
                  # Full preemption
                  PREEMPT = lib.mkOverride 60 lib.kernel.yes;
                  PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
                  # Google's BBRv3 TCP congestion Control
                  TCP_CONG_BBR = lib.kernel.yes;
                  DEFAULT_BBR = lib.kernel.yes;
                  # Preemptive Full Tickless Kernel at 300Hz
                  HZ = lib.kernel.freeform "300";
                  HZ_300 = lib.kernel.yes;
                  HZ_1000 = lib.kernel.no;
                }
                (
                  optimizeWithFlags super.linux_6_12 [
                    "-march=alderlake"
                    "-mtune=alderlake"
                  ]
                );
          }
        )
      ];
      boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_alderlake;
    })
    (lib.mkIf (config.me.buildingIso) {
      boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
      boot.supportedFilesystems = [ "zfs" ];
    })
  ];
 }
--- a/nix/configuration/hosts/neelix/power_management.nix
+++ b/nix/configuration/hosts/neelix/power_management.nix
@ -0,0 +1,35 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  environment.systemPackages = with pkgs; [
    powertop
  ];
  # pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
  # nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
  boot.kernelParams = [
    "pcie_aspm=force"
    # "pcie_aspm.policy=powersupersave"
    "nowatchdog"
  ];
  # default performance balance_performance balance_power power
  # defaults to balance_performance
  # systemd.tmpfiles.rules = [
  #   "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
  #   "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
  #   "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
  #   "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
  # ];
  boot.extraModprobeConfig = ''
    options snd_hda_intel power_save=1
  '';
 }
--- a/nix/configuration/hosts/odo/default.nix
+++ b/nix/configuration/hosts/odo/default.nix
@ -0,0 +1,75 @@
 { config, pkgs, ... }:
 {
  imports = [
    ./hardware-configuration.nix
    ./disk-config.nix
    ./optimized_build.nix
    ./power_management.nix
    ./screen_brightness.nix
    ./wifi.nix
  ];
  # Generate with `head -c4 /dev/urandom | od -A none -t x4`
  networking.hostId = "908cbf04";
  networking.hostName = "odo"; # Define your hostname.
  time.timeZone = "America/New_York";
  i18n.defaultLocale = "en_US.UTF-8";
  me.secureBoot.enable = true;
  # Early KMS
  boot.initrd.kernelModules = [ "amdgpu" ];
  # Mount tmpfs at /tmp
  boot.tmp.useTmpfs = true;
  environment.systemPackages = with pkgs; [
    fw-ectool
  ];
  me.alacritty.enable = true;
  me.ansible.enable = true;
  me.ares.enable = true;
  me.bluetooth.enable = true;
  me.chromecast.enable = true;
  me.chromium.enable = true;
  me.docker.enable = true;
  me.emacs_flavor = "full";
  me.firefox.enable = true;
  me.git.config = ../../roles/git/files/gitconfig_home;
  me.gpg.enable = true;
  me.graphical = true;
  me.graphics_card_type = "amd";
  me.kanshi.enable = true;
  me.kubernetes.enable = true;
  me.latex.enable = true;
  me.launch_keyboard.enable = true;
  me.lvfs.enable = true;
  me.media.enable = true;
  me.nix_index.enable = true;
  me.python.enable = true;
  me.qemu.enable = true;
  me.rust.enable = true;
  me.sound.enable = true;
  me.steam.enable = true;
  me.sway.enable = true;
  me.terraform.enable = true;
  me.vnc_client.enable = true;
  me.vscode.enable = true;
  me.wasm.enable = true;
  me.waybar.enable = true;
  me.wireguard.activated = [
    "drmario"
    "wgh"
    "colo"
  ];
  me.wireguard.deactivated = [ "wgf" ];
  me.zrepl.enable = true;
  me.zsh.enable = true;
  me.sm64ex.enable = true;
  me.shipwright.enable = true;
  me.ship2harkinian.enable = true;
 }
--- a/nix/configuration/hosts/odo/disk-config.nix
+++ b/nix/configuration/hosts/odo/disk-config.nix
@ -0,0 +1,148 @@
 # Manual Step:
 #   Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
 #   Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
 {
  config,
  lib,
  pkgs,
  ...
 }:
 lib.mkIf (!config.me.buildingIso) {
  disko.devices = {
    disk = {
      main = {
        type = "disk";
        device = "/dev/nvme0n1";
        content = {
          type = "gpt";
          partitions = {
            ESP = {
              size = "1G";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
                mountOptions = [
                  "umask=0077"
                  "noatime"
                  "discard"
                ];
              };
            };
            zfs = {
              size = "100%";
              content = {
                type = "zfs";
                pool = "zroot";
              };
            };
          };
        };
      };
    };
    zpool = {
      zroot = {
        type = "zpool";
        # mode = "mirror";
        # Workaround: cannot import 'zroot': I/O error in disko tests
        options.cachefile = "none";
        options = {
          ashift = "12";
          compatibility = "openzfs-2.2-freebsd";
          autotrim = "on";
        };
        rootFsOptions = {
          acltype = "posixacl";
          atime = "off";
          relatime = "off";
          xattr = "sa";
          mountpoint = "none";
          compression = "lz4";
          canmount = "off";
          utf8only = "on";
          dnodesize = "auto";
          normalization = "formD";
        };
        datasets = {
          "linux/nix" = {
            type = "zfs_fs";
            options.mountpoint = "none";
            options = {
              encryption = "aes-256-gcm";
              keyformat = "passphrase";
              # keylocation = "file:///tmp/secret.key";
            };
          };
          "linux/nix/root" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
          };
          "linux/nix/nix" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/nix";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
            options = {
              recordsize = "16MiB";
              compression = "zstd-19";
            };
          };
          "linux/nix/home" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/home";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
          };
          "linux/nix/persist" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/persist";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
          };
          "linux/nix/state" = {
            type = "zfs_fs";
            options.mountpoint = "legacy";
            mountpoint = "/state";
            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
          };
        };
      };
    };
  };
  # Make sure all persistent volumes are marked as neededForBoot
  #
  # Also mounts /home so it is mounted before the user home directories are created.
  fileSystems."/persist".neededForBoot = true;
  fileSystems."/state".neededForBoot = true;
  fileSystems."/home".neededForBoot = true;
  fileSystems."/".options = [
    "noatime"
    "norelatime"
  ];
  fileSystems."/nix".options = [
    "noatime"
    "norelatime"
  ];
  fileSystems."/persist".options = [
    "noatime"
    "norelatime"
  ];
  fileSystems."/state".options = [
    "noatime"
    "norelatime"
  ];
  fileSystems."/home".options = [
    "noatime"
    "norelatime"
  ];
  # Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
  boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
 }
--- a/nix/configuration/hosts/odo/hardware-configuration.nix
+++ b/nix/configuration/hosts/odo/hardware-configuration.nix
@ -0,0 +1,36 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot.initrd.availableKernelModules = [
    "nvme"
    "xhci_pci"
    "thunderbolt"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/nix/configuration/hosts/odo/optimized_build.nix
+++ b/nix/configuration/hosts/odo/optimized_build.nix
@ -0,0 +1,81 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  config = lib.mkMerge [
    { }
    (lib.mkIf (!config.me.buildingIso) {
      nix.settings.system-features = lib.mkForce [
        "gccarch-znver4"
        "gccarch-skylake"
        # "gccarch-alderlake" missing WAITPKG
        "gccarch-x86-64-v3"
        "gccarch-x86-64-v4"
        "benchmark"
        "big-parallel"
        "kvm"
        "nixos-test"
      ];
      # nixpkgs.hostPlatform = {
      #   gcc.arch = "znver4";
      #   gcc.tune = "znver4";
      #   system = "x86_64-linux";
      # };
      nixpkgs.overlays = [
        (
          self: super:
          let
            optimizeWithFlags =
              pkg: flags:
              pkg.overrideAttrs (old: {
                NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
              });
            addConfig =
              additionalConfig: pkg:
              pkg.override (oldconfig: {
                structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
              });
          in
          {
            linux_znver4 =
              addConfig
                {
                  # Full preemption
                  PREEMPT = lib.mkOverride 60 lib.kernel.yes;
                  PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
                  # Google's BBRv3 TCP congestion Control
                  TCP_CONG_BBR = lib.kernel.yes;
                  DEFAULT_BBR = lib.kernel.yes;
                  # Preemptive Full Tickless Kernel at 300Hz
                  HZ = lib.kernel.freeform "300";
                  HZ_300 = lib.kernel.yes;
                  HZ_1000 = lib.kernel.no;
                }
                (
                  optimizeWithFlags super.linux_6_12 [
                    "-march=znver4"
                    "-mtune=znver4"
                  ]
                );
          }
        )
      ];
      boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_znver4;
    })
    (lib.mkIf (config.me.buildingIso) {
      boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
      boot.supportedFilesystems.zfs = true;
    })
  ];
 }
--- a/nix/configuration/hosts/odo/power_management.nix
+++ b/nix/configuration/hosts/odo/power_management.nix
@ -0,0 +1,59 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  environment.systemPackages = with pkgs; [
    powertop
  ];
  # amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction.
  # pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
  # nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
  # amd_pstate=passive :: Fully automated hardware pstate control.
  # amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency.
  # amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
  # amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
  boot.kernelParams = [
    "amdgpu.abmlevel=3"
    "pcie_aspm=force"
    # "pcie_aspm.policy=powersupersave"
    "nowatchdog"
    # I don't see a measurable benefit from these two:
    # "cpufreq.default_governor=powersave"
    # "initcall_blacklist=cpufreq_gov_userspace_init"
  ];
  systemd.tmpfiles.rules = [
    "w- /sys/firmware/acpi/platform_profile - - - - low-power"
    "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
    "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
  ];
  boot.extraModprobeConfig = ''
    # Disable the hardware watchdog inside AMD 700 chipset series for power savings.
    blacklist sp5100_tco
    # Sound power-saving was causing chat notifications to be inaudible.
    # options snd_hda_intel power_save=1
  '';
 }
--- a/nix/configuration/hosts/odo/screen_brightness.nix
+++ b/nix/configuration/hosts/odo/screen_brightness.nix
@ -0,0 +1,14 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  systemd.tmpfiles.rules = [
    "w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 85"
  ];
 }
--- a/nix/configuration/hosts/odo/wifi.nix
+++ b/nix/configuration/hosts/odo/wifi.nix
@ -0,0 +1,21 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  config = {
    environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
      doas iw dev wlan0 set power_save off
    '';
    # Enable debug logging for ath12k wifi card.
    boot.kernelParams = [
      "ath12k.debug_mask=0xffffffff"
    ];
  };
 }
--- a/nix/configuration/roles/2ship2harkinian/default.nix
+++ b/nix/configuration/roles/2ship2harkinian/default.nix
@ -0,0 +1,48 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    ship2harkinian.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install 2ship2harkinian.";
    };
  };
  config = lib.mkIf config.me.ship2harkinian.enable (
    lib.mkMerge [
      {
        allowedUnfree = [ "2ship2harkinian" ];
      }
      (lib.mkIf config.me.graphical {
        environment.systemPackages = with pkgs; [
          _2ship2harkinian
        ];
        # TODO perhaps install ~/.local/share/2ship/2ship2harkinian.json
        environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
          hideMounts = true;
          users.talexander = {
            directories = [
              {
                directory = ".local/share/2ship";
                user = "talexander";
                group = "talexander";
                mode = "0755";
              }
            ];
          };
        };
      })
    ]
  );
 }
--- a/nix/configuration/roles/alacritty/default.nix
+++ b/nix/configuration/roles/alacritty/default.nix
@ -0,0 +1,38 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    alacritty.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install alacritty.";
    };
  };
  config = lib.mkIf config.me.alacritty.enable (
    lib.mkMerge [
      (lib.mkIf config.me.graphical {
        environment.systemPackages = with pkgs; [
          alacritty
          xdg-utils # for xdg-open
        ];
        home-manager.users.talexander =
          { pkgs, ... }:
          {
            home.file.".config/alacritty/alacritty.toml" = {
              source = ./files/alacritty.toml;
            };
          };
      })
    ]
  );
 }
--- a/nix/configuration/roles/alacritty/files/alacritty.toml
+++ b/nix/configuration/roles/alacritty/files/alacritty.toml
@ -0,0 +1,44 @@
 [colors]
 draw_bold_text_with_bright_colors = true
 indexed_colors = []
 [colors.bright]
 black = "0x666666"
 blue = "0x7aa6da"
 cyan = "0x54ced6"
 green = "0x9ec400"
 magenta = "0xb77ee0"
 red = "0xff3334"
 white = "0xffffff"
 yellow = "0xe7c547"
 [colors.normal]
 black = "0x000000"
 blue = "0x7aa6da"
 cyan = "0x70c0ba"
 green = "0xb9ca4a"
 magenta = "0xc397d8"
 red = "0xd54e53"
 white = "0xeaeaea"
 yellow = "0xe6c547"
 [colors.primary]
 background = "0x000000"
 foreground = "0xeaeaea"
 [font]
 size = 11.0
 [[hints.enabled]]
 command = "xdg-open"
 post_processing = true
 regex = "(ipfs:|ipns:|magnet:|mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)[^\u0000-\u001F\u007F-<>\"\\s{-}\\^⟨⟩`]+"
 [hints.enabled.mouse]
 enabled = false
 mods = "None"
 [scrolling]
 history = 10000
 # Lines moved per scroll.
 multiplier = 3
--- a/nix/configuration/roles/ansible/default.nix
+++ b/nix/configuration/roles/ansible/default.nix
@ -0,0 +1,86 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    ansible.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install ansible.";
    };
  };
  config = lib.mkIf config.me.ansible.enable (
    lib.mkMerge [
      {
        environment.systemPackages = with pkgs; [
          ansible
        ];
        nixpkgs.overlays = [
          (final: prev: {
            ansible = pkgs.symlinkJoin {
              name = "ansible";
              paths = [
                (prev.ansible.overridePythonAttrs {
                  propagatedBuildInputs = prev.ansible.propagatedBuildInputs ++ [ prev.python3Packages.jmespath ];
                })
                pkgs.ansible-sshjail
              ];
              buildInputs = [ pkgs.makeWrapper ];
              postBuild = ''
                ${lib.concatMapStringsSep "\n"
                  (
                    prog:
                    (
                      "wrapProgram $out/bin/${prog} ${
                        lib.concatMapStringsSep " "
                          (
                            plugin_type:
                            "--set ANSIBLE_${lib.toUpper plugin_type}_PLUGINS $out/share/ansible/plugins/${lib.toLower plugin_type}_plugins"
                          )
                          [
                            "action"
                            "cache"
                            "callback"
                            "connection"
                            "filter"
                            "inventory"
                            "lookup"
                            "shell"
                            "strategy"
                            "test"
                            "vars"
                          ]
                      } --prefix PATH : ${lib.makeBinPath [ ]}"
                    )
                  )
                  [
                    "ansible"
                    "ansible-config"
                    "ansible-console"
                    "ansible-doc"
                    "ansible-galaxy"
                    "ansible-inventory"
                    "ansible-playbook"
                    "ansible-pull"
                    "ansible-test"
                    "ansible-vault"
                  ]
                }
              '';
            };
          })
        ];
      }
    ]
  );
 }
--- a/nix/configuration/roles/ares/default.nix
+++ b/nix/configuration/roles/ares/default.nix
@ -0,0 +1,44 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    ares.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install ares.";
    };
  };
  config = lib.mkIf config.me.ares.enable (
    lib.mkMerge [
      { }
      (lib.mkIf config.me.graphical {
        environment.systemPackages = with pkgs; [
          ares
        ];
        environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
          hideMounts = true;
          users.talexander = {
            directories = [
              {
                directory = ".local/share/ares";
                user = "talexander";
                group = "talexander";
                mode = "0755";
              }
            ];
          };
        };
      })
    ]
  );
 }
--- a/nix/configuration/roles/blank/default.nix
+++ b/nix/configuration/roles/blank/default.nix
@ -0,0 +1,30 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    blank.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install blank.";
    };
  };
  config = lib.mkIf config.me.blank.enable (
    lib.mkMerge [
      {
        environment.systemPackages = with pkgs; [
        ];
      }
      (lib.mkIf config.me.graphical {
      })
    ]
  );
 }
--- a/nix/configuration/roles/bluetooth/default.nix
+++ b/nix/configuration/roles/bluetooth/default.nix
@ -0,0 +1,46 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    bluetooth.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install bluetooth.";
    };
  };
  config = lib.mkIf config.me.bluetooth.enable (
    lib.mkMerge [
      {
        environment.systemPackages = with pkgs; [
        ];
        hardware.bluetooth = {
          enable = true;
          powerOnBoot = true;
          settings = {
            General = {
              # Enable support for showing battery charge level.
              Experimental = true;
            };
          };
        };
        environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
          hideMounts = true;
          directories = [
            "/var/lib/bluetooth" # Bluetooth pairing information.
          ];
        };
      }
    ]
  );
 }
--- a/nix/configuration/roles/boot/default.nix
+++ b/nix/configuration/roles/boot/default.nix
@ -0,0 +1,105 @@
 # ISO does not work with systemd initrd yet https://github.com/NixOS/nixpkgs/pull/291750
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options = {
    me.secureBoot = {
      enable = lib.mkOption {
        default = false;
        type = lib.types.bool;
        description = ''
          Enable to use secure boot.
        '';
      };
    };
  };
  config = lib.mkMerge [
    {
      environment.systemPackages = with pkgs; [
        tpm2-tools # For tpm2_eventlog to check for OptionRoms
        # cp /sys/kernel/security/tpm0/binary_bios_measurements eventlog
        # tpm2_eventlog eventlog | grep "BOOT_SERVICES_DRIVER"
        sbctl # For debugging and troubleshooting Secure Boot.
      ];
    }
    (lib.mkIf (!config.me.buildingIso) {
      boot.loader.grub.enable = false;
      # Use the systemd-boot EFI boot loader.
      boot.loader.systemd-boot.enable = true;
      # TODO: make not write bootx64.efi
      boot.loader.efi.canTouchEfiVariables = false;
      # Automatically delete old generations
      boot.loader.systemd-boot.configurationLimit = 3;
      boot.loader.systemd-boot.memtest86.enable = true;
      # Check what will be lost with `zfs diff zroot/linux/root@blank`
      boot.initrd.systemd.enable = lib.mkDefault true;
      boot.initrd.systemd.services.zfs-rollback = {
        description = "Rollback ZFS root dataset to blank snapshot";
        wantedBy = [
          "initrd.target"
        ];
        after = [
          "zfs-import-zroot.service"
        ];
        before = [
          "sysroot.mount"
        ];
        path = with pkgs; [
          zfs
        ];
        unitConfig.DefaultDependencies = "no";
        serviceConfig.Type = "oneshot";
        script = ''
          zfs rollback -r zroot/linux/nix/root@blank
          zfs rollback -r zroot/linux/nix/home@blank
          echo "rollback complete"
        '';
      };
      # boot.loader.systemd-boot.extraEntries = {
      #   "windows.conf" = ''
      #     title Windows
      #     efi /EFI/Microsoft/Boot/bootmgfw.efi
      #     options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa
      #   '';
      # };
    })
    (lib.mkIf (config.me.secureBoot.enable) {
      environment.systemPackages = with pkgs; [
        sbctl
      ];
      boot.loader.systemd-boot.enable = lib.mkForce false;
      boot.lanzaboote = {
        enable = true;
        pkiBundle = "/var/lib/sbctl";
      };
      environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
        hideMounts = true;
        directories = [
          "/var/lib/sbctl" # Secure Boot Keys
        ];
      };
    })
  ];
 }
 # efibootmgr -c -d /dev/sda -p 1 -L NixOS-boot -l '\EFI\NixOS-boot\grubx64.efi'
 # Text-only:
 # sudo cp "$(nix-build '<nixpkgs>' --no-out-link -A 'refind')/share/refind/refind_x64.efi" /boot/EFI/boot/bootx64.efi
 # Full graphics:
 # $ sudo nix-shell -p refind efibootmgr
 # $ refind-install
--- a/nix/configuration/roles/chromecast/default.nix
+++ b/nix/configuration/roles/chromecast/default.nix
@ -0,0 +1,31 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    chromecast.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install chromecast.";
    };
  };
  config = lib.mkIf config.me.chromecast.enable (
    lib.mkMerge [
      {
        environment.systemPackages = with pkgs; [
          catt
        ];
      }
      (lib.mkIf config.me.graphical {
      })
    ]
  );
 }
--- a/nix/configuration/roles/chromium/default.nix
+++ b/nix/configuration/roles/chromium/default.nix
@ -0,0 +1,65 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    chromium.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install chromium.";
    };
  };
  config = lib.mkIf config.me.chromium.enable (
    lib.mkMerge [
      { }
      (lib.mkIf config.me.graphical {
        environment.systemPackages = with pkgs; [
          (chromium.override { enableWideVine = true; })
        ];
        allowedUnfree = [
          "chromium"
          "chromium-unwrapped"
          "widevine-cdm"
        ];
        environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
          hideMounts = true;
          users.talexander = {
            directories = [
              {
                directory = ".config/chromium";
                user = "talexander";
                group = "talexander";
                mode = "0700";
              }
            ];
          };
        };
        environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
          hideMounts = true;
          users.talexander = {
            directories = [
              {
                directory = ".cache/chromium";
                user = "talexander";
                group = "talexander";
                mode = "0700";
              }
            ];
          };
        };
        # Enabling vulkan causes video to render as white
        # nixpkgs.config.chromium.commandLineArgs = "--enable-features=Vulkan";
      })
    ]
  );
 }
--- a/nix/configuration/roles/docker/default.nix
+++ b/nix/configuration/roles/docker/default.nix
@ -0,0 +1,64 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ];
  options.me = {
    docker.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install docker.";
    };
  };
  config = lib.mkIf config.me.docker.enable (
    lib.mkMerge [
      {
        virtualisation.docker.enable = true;
        # Use docker activation
        virtualisation.docker.enableOnBoot = false;
        # Rootless docker breaks access to ssh for buildkit.
        # virtualisation.docker.rootless = {
        #   enable = true;
        #   setSocketVariable = true;
        # };
        # Give docker access to ssh for fetching repos with buildkit.
        virtualisation.docker.extraPackages = [ pkgs.openssh ];
        environment.systemPackages = with pkgs; [
          docker-buildx
        ];
        environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
          hideMounts = true;
          directories = [
            {
              directory = "/var/lib/docker";
              user = "root";
              group = "root";
              mode = "0740";
            }
          ];
          # users.talexander = {
          #   directories = [
          #     {
          #       directory = ".local/share/docker";
          #       user = "talexander";
          #       group = "talexander";
          #       mode = "0740";
          #     }
          #   ];
          # };
        };
        # Needed for non-rootless docker
        users.users.talexander.extraGroups = [ "docker" ];
      }
    ]
  );
 }
--- a/nix/configuration/roles/emacs/default.nix
+++ b/nix/configuration/roles/emacs/default.nix
@ -0,0 +1,167 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 let
  plainmacs =
    emacs_package:
    pkgs.writeShellScriptBin "plainmacs" ''
      INIT_SCRIPT=$(cat <<EOF
      (progn
        (setq make-backup-files nil auto-save-default nil create-lockfiles nil)
        (load-theme 'tango-dark t)
        (set-face-attribute 'default nil :background "black")
        ;; Bright yellow highlighting for selected region
        (set-face-attribute 'region nil :background "#ffff50" :foreground "black")
        ;; Bright green cursor to distinguish from yellow region
        (set-cursor-color "#ccff66")
        ;; Hightlight the current line
        (set-face-attribute 'line-number-current-line nil :foreground "white")
        ;; Set default font
        (set-face-attribute 'default nil :height 100 :width 'regular :weight 'regular :family "Cascadia Mono")
        ;; Set fallback font for unicode glyphs
        (when (display-graphic-p)
          (set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji")))
        (menu-bar-mode -1)
        (when (fboundp 'tool-bar-mode)
          (tool-bar-mode -1))
        (when (  fboundp 'scroll-bar-mode)
          (scroll-bar-mode -1))
        (pixel-scroll-precision-mode)
        (setq frame-resize-pixelwise t)
        )
      EOF
      )
      exec ${emacs_package}/bin/emacs -q --eval "$INIT_SCRIPT" "''${@}"
    '';
  e_shorthand =
    emacs_package:
    pkgs.writeShellScriptBin "e" ''
      exec ${emacs_package}/bin/emacs "''${@}"
    '';
 in
 {
  imports = [ ];
  options.me.emacs_flavor = lib.mkOption {
    type = lib.types.nullOr (
      lib.types.enum [
        "full"
        "plainmacs"
      ]
    );
    default = null;
    example = "full";
    description = "What flavor of emacs to set up.";
  };
  config = lib.mkIf (config.me.emacs_flavor != null) (
    lib.mkMerge [
      {
        environment.systemPackages = with pkgs; [
          my_emacs
          (plainmacs my_emacs)
          (e_shorthand my_emacs)
        ];
        environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
          hideMounts = true;
          users.talexander = {
            directories = [
              ".config/emacs/eln-cache" # Installed packages
              ".config/emacs/elpa" # Installed packages
              ".config/emacs/private" # For recentf
              ".config/emacs/tree-sitter" # Compiled tree-sitter grammars
            ];
            files = [
              ".config/emacs/history" # For savehist
              ".config/emacs/.last-package-update-day" # For use-package
            ];
          };
        };
        environment.variables.EDITOR = "plainmacs";
      }
      (lib.mkIf (config.me.graphical) {
        nixpkgs.overlays = [
          (final: prev: {
            my_emacs = final.emacs29-pgtk;
          })
        ];
      })
      (lib.mkIf (!config.me.graphical) {
        nixpkgs.overlays = [
          (final: prev: {
            my_emacs = final.emacs-nox;
          })
        ];
      })
      (lib.mkIf (config.me.emacs_flavor == "full") {
        nixpkgs.overlays = [
          (final: prev: {
            my_emacs = pkgs.buildEnv {
              name = prev.my_emacs.name;
              paths = with prev; [
                my_emacs
              ];
              extraOutputsToInstall = [
                "man"
                "doc"
                "info"
              ];
              buildInputs = [ final.makeWrapper ];
              postBuild = ''
                wrapProgram $out/bin/emacs --prefix PATH : ${
                  lib.makeBinPath [
                    (final.aspellWithDicts (
                      dicts: with dicts; [
                        en
                        en-computers
                      ]
                    ))
                    final.nixd # nix language server
                    final.nixfmt-rfc-style # auto-formatting nix files through nixd
                    final.clang # To compile tree-sitter grammars
                    final.shellcheck
                    final.cmake-language-server
                    final.cmake # Used by cmake-language-server
                  ]
                }
              '';
            };
          })
        ];
        home-manager.users.talexander =
          { pkgs, ... }:
          {
            home.file.".config/emacs" = {
              source = ./files/emacs;
              recursive = true;
            };
          };
      })
      (lib.mkIf (config.me.emacs_flavor == "plainmacs") {
        nixpkgs.overlays = [
          (final: prev: {
            my_emacs = pkgs.buildEnv {
              name = prev.my_emacs.name;
              paths = with prev; [
                my_emacs
              ];
              extraOutputsToInstall = [
                "man"
                "doc"
                "info"
              ];
            };
          })
        ];
      })
    ]
  );
 }
--- a/nix/configuration/roles/emacs/files/emacs/early-init.el
+++ b/nix/configuration/roles/emacs/files/emacs/early-init.el
@ -0,0 +1,25 @@
 (setq gc-cons-threshold (* 128 1024 1024)) ;; 128MiB Increase garbage collection threshold for performance (default 800000)
 ;; Increase amount of data read from processes, default 4k
 (when (version<= "27.0" emacs-version)
  (setq read-process-output-max (* 10 1024 1024)) ;; 10MiB
  )
 ;; Suppress warnings
 (setq byte-compile-warnings '(not obsolete))
 (setq warning-suppress-log-types '((comp) (bytecomp)))
 (setq native-comp-async-report-warnings-errors 'silent)
 ;; Set up default visual settings
 (setq frame-resize-pixelwise t)
 ;; Disable toolbar & menubar
 (menu-bar-mode -1)
 (when (fboundp 'tool-bar-mode)
  (tool-bar-mode -1))
 (when (display-graphic-p)
  (context-menu-mode +1))
 (setq default-frame-alist '((fullscreen . maximized)
                            (vertical-scroll-bars . nil)
                            (horizontal-scroll-bars . nil)
                            ;; Set dark colors in early-init to prevent flashes of white.
                            (background-color . "#000000")))
--- a/nix/configuration/roles/emacs/files/emacs/elisp/base-extensions.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/base-extensions.el
@ -0,0 +1,86 @@
 (use-package diminish)
 ;; Eglot recommends pulling the latest of the standard libraries it
 ;; uses from ELPA if you're not tracking the current.config/emacsevelopment
 ;; branch.
 (use-package xref
  :pin gnu
  )
 (use-package eldoc
  :pin gnu
  :diminish
  )
 ;; Other packages
 (use-package emacs
  :config
  (setq enable-recursive-minibuffers t)
  ;; Filter the M-x list base on the current mode
  (setq read-extended-command-predicate #'command-completion-default-include-p)
  ;; Enable triggering completion with the tab key.
  (setq tab-always-indent 'complete)
  )
 (use-package dashboard
  :config
  (dashboard-setup-startup-hook))
 (when (version<= "26.0.50" emacs-version )
  (add-hook 'prog-mode-hook 'display-line-numbers-mode)
  (add-hook 'prog-mode-hook 'column-number-mode)
  )
 ;; Display a horizontal line instead of ^L for page break characters
 (use-package page-break-lines
  :diminish
  :config
  (global-page-break-lines-mode +1)
  )
 (use-package recentf
  ;; This is an emacs built-in but we're pulling the latest version
  :config
  (setq recentf-max-saved-items 100)
  (setq recentf-save-file (recentf-expand-file-name "~/.config/emacs/private/cache/recentf"))
  (recentf-mode 1))
 ;; Persist history over Emacs restarts. Vertico sorts by history position.
 (use-package savehist
  ;; This is an emacs built-in but we're pulling the latest version
  :config
  (savehist-mode))
 (use-package which-key
  :diminish
  :config
  (which-key-mode))
 (use-package windmove
  :config
  (windmove-default-keybindings))
 (setq tramp-default-method "ssh")
 (use-package nginx-mode
  :mode (
         ("headers\\.include\\'" . nginx-mode)
         )
  :config
  (setq nginx-indent-level 4))
 (use-package systemd
  :mode
  (("\\.service\\'" . systemd-mode)
   ("\\.timer\\'" . systemd-mode))
  )
 (use-package pkgbuild-mode
  :mode
  (("PKGBUILD\\'" . pkgbuild-mode))
  )
 (provide 'base-extensions)
--- a/nix/configuration/roles/emacs/files/emacs/elisp/base-functions.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/base-functions.el
@ -0,0 +1,127 @@
 ;; ========== Function to reload current file =================
 (defun reload-file ()
    "Revert buffer without confirmation."
    (interactive)
    (revert-buffer :ignore-auto :noconfirm))
 ;; ===========================================================
 ;; ============= Run commands ================================
 (defun run-command-on-buffer (cmd &rest args)
  "Run a command using the current buffer as stdin and replacing its contents if the command succeeds with the stdout from the command. This is useful for code formatters."
  (let (
        (stdout-buffer (generate-new-buffer "tmp-stdout" t))
        (full-cmd (append '(call-process-region nil nil cmd nil stdout-buffer nil) args))
        )
    (unwind-protect
        (let ((exit-status (eval full-cmd)))
          (if (eq exit-status 0)
              (save-excursion
                (replace-buffer-contents stdout-buffer)
                )
            (message "FAILED running command on buffer %s" (append (list cmd) args))
            )
          )
      (kill-buffer stdout-buffer)
      )
    )
  )
 (defun run-command-in-directory (dir cmd &rest args)
  "Run a command in the specified directory. If the directory is nil, the directory of the file is used. The stdout result is trimmed of whitespace and returned."
  (let (
        (default-directory (or dir default-directory))
        (stdout-buffer (generate-new-buffer "tmp-stdout" t))
        (full-cmd (append '(call-process cmd nil (list stdout-buffer nil) nil) args))
        )
    (unwind-protect
        (let ((exit-status (condition-case nil (eval full-cmd) (file-missing nil))))
          (if (eq exit-status 0)
              (progn
                (with-current-buffer stdout-buffer
                  (string-trim (buffer-string))
                  )
                )
            )
          )
      (kill-buffer stdout-buffer)
      )
    )
  )
 (defun load-directory (dir)
  (let ((load-it (lambda (f)
                   (load-file (concat (file-name-as-directory dir) f)))
                 ))
    (mapc load-it (directory-files dir nil "\\.el$"))))
 (defun generate-vc-link ()
  (interactive)
  (or
   (generate-github-link)
   (generate-source-hut-link)
   )
  )
 (defun generate-github-link ()
  "Generate a permalink to the current line."
  (interactive)
  (let (
        (current-rev (vc-working-revision buffer-file-name))
        (line-number (line-number-at-pos))
        (repository-url (vc-git-repository-url buffer-file-name))
        (relative-path (file-relative-name buffer-file-name (vc-root-dir)))
        )
    (save-match-data
      (and (string-match "\\(git@github\.com:\\|https://github\.com/\\)\\([^/]+\\)/\\([^.]+\\).git" repository-url)
           (let* (
                 (gh-org (match-string 2 repository-url))
                 (gh-repo (match-string 3 repository-url))
                 (full-url (format "https://github.com/%s/%s/blob/%s/%s?plain=1#L%s" gh-org gh-repo current-rev relative-path line-number))
                 )
             (message "%s" full-url)
             (kill-new full-url)
             t
             )
           )
      )
    )
  )
 (defun generate-source-hut-link ()
  "Generate a permalink to the current line."
  (interactive)
  (let (
        (current-rev (vc-working-revision buffer-file-name))
        (line-number (line-number-at-pos))
        (repository-url (vc-git-repository-url buffer-file-name))
        (relative-path (file-relative-name buffer-file-name (vc-root-dir)))
        )
    (message "Using repo url %s" repository-url)
    (save-match-data
      (and (string-match "https://git.sr.ht/\\([^/]+\\)/\\([^/]+\\)" repository-url)
           (let* (
                 (sh-org (match-string 1 repository-url))
                 (sh-repo (match-string 2 repository-url))
                 (full-url (format "https://git.sr.ht/%s/%s/tree/%s/%s#L%s" sh-org sh-repo current-rev relative-path line-number))
                 )
             (message "%s" full-url)
             (kill-new full-url)
             t
             )
           )
      )
    )
  )
 (defmacro when-linux (&rest body)
  "Execute only when on Linux."
  (declare (indent defun))
  `(when (eq system-type 'gnu/linux) ,@body))
 (defmacro when-freebsd (&rest body)
  "Execute only when on FreeBSD."
  (declare (indent defun))
  `(when (eq system-type 'berkeley-unix) ,@body))
 (provide 'base-functions)
--- a/nix/configuration/roles/emacs/files/emacs/elisp/base-global-keys.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/base-global-keys.el
@ -0,0 +1,12 @@
 ;; Add your keys here, as such
 ;; Disable the suspend frame hotkeys
 (global-unset-key (kbd "C-z"))
 (global-unset-key (kbd "C-x C-z"))
 ;; dabbrev-expand. Seems to be some sort of dumb-expand. Accidentally hitting it when trying to use M-?
 (global-unset-key (kbd "M-/"))
 (global-set-key (kbd "C-x g l") 'generate-vc-link)
 (provide 'base-global-keys)
--- a/nix/configuration/roles/emacs/files/emacs/elisp/base-theme.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/base-theme.el
@ -0,0 +1,15 @@
 ;; Set theme
 (load-theme 'tango-dark t)
 (set-face-attribute 'default nil :background "black")
 ;; Bright yellow highlighting for selected region
 (set-face-attribute 'region nil :background "#ffff50" :foreground "black")
 ;; Bright green cursor to distinguish from yellow region
 (set-face-attribute 'cursor nil :background "#ccff66")
 ;; Hightlight the current line
 (set-face-attribute 'line-number-current-line nil :foreground "white")
 ;; Set default font
 (set-face-attribute 'default nil :height 100 :width 'regular :weight 'regular :family "Cascadia Mono")
 ;; Set fallback font for unicode glyphs
 (set-fontset-font t 'emoji (font-spec :name "Noto Color Emoji") nil 'prepend)
 (provide 'base-theme)
--- a/nix/configuration/roles/emacs/files/emacs/elisp/base.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/base.el
@ -0,0 +1,94 @@
 (package-initialize)
 (use-package use-package)
 (add-to-list 'package-archives
             '("melpa" . "https://melpa.org/packages/")
             )
 (use-package auto-package-update
   :ensure t
   :config
   (setq auto-package-update-delete-old-versions t
         auto-package-update-interval 14)
   (auto-package-update-maybe))
 (defun assert-directory (p)
  (unless (file-exists-p p) (make-directory p t))
  p
  )
 (defconst private-dir  (expand-file-name "private" user-emacs-directory))
 (defconst temp-dir (format "%s/cache" private-dir)
  "Hostname-based elisp temp directories")
 (assert-directory (concat temp-dir "/auto-save-list/"))
 (setq autoload-directory (concat user-emacs-directory (file-name-as-directory "elisp") (file-name-as-directory "autoload")))
 (add-to-list 'load-path (assert-directory autoload-directory))
 (setq-default
 ;; Disable backup files and lockfiles
 make-backup-files nil
 auto-save-default nil
 create-lockfiles nil
 ;; Unless otherwise specified, always install packages if they are absent.
 use-package-always-ensure t
 ;; Point custom-file at /dev/null so emacs does not write any settings to my dotfiles.
 custom-file "/dev/null"
 ;; Don't pop up a small window at the bottom of emacs at launch.
 inhibit-startup-screen t
 inhibit-startup-message t
 ;; Don't show the list of buffers when opening many files.
 inhibit-startup-buffer-menu t
 ;; Give the scratch buffer a clean slate.
 initial-major-mode 'fundamental-mode
 initial-scratch-message nil
 ;; Send prompts to mini-buffer not the GUI
 use-dialog-box nil
 ;; End files with line break
 require-final-newline t
 ;; Use spaces, not tabs
 indent-tabs-mode nil
 ;; Use a better frame title
 frame-title-format '("" invocation-name ": "(:eval (if (buffer-file-name)
                                                        (abbreviate-file-name (buffer-file-name))
                                                      "%b")))
 ;; Use 'y' or 'n' instead of 'yes' or 'no'
 use-short-answers t
 ;; Natively compile packages
 package-native-compile t
 ;; Confirm when opening a file that does not exist
 confirm-nonexistent-file-or-buffer t
 ;; Do not require double space to end a sentence.
 sentence-end-double-space nil
 ;; Show trailing whitespace
 show-trailing-whitespace t
 ;; Remove the line when killing it with ctrl-k
 kill-whole-line t
 )
 ;; (setq-default fringes-outside-margins t)
 ;; Per-pixel scrolling instead of per-line
 (pixel-scroll-precision-mode)
 ;; Typed text replaces selection
 (delete-selection-mode)
 ;; Delete trailing whitespace before save
 (add-hook 'before-save-hook 'delete-trailing-whitespace)
 ;; If the underlying file changes, reload it automatically. This is useful for moving around in git without confusing language servers.
 (setopt auto-revert-avoid-polling t)
 (setopt auto-revert-interval 5)
 (setopt auto-revert-check-vc-info t)
 (global-auto-revert-mode)
 ;;;;; Performance
 ;; Run garbage collect when emacs is idle
 (run-with-idle-timer 5 t (lambda () (garbage-collect)))
 (add-function :after after-focus-change-function
              (lambda ()
                (unless (frame-focus-state)
                  (garbage-collect))))
 (provide 'base)
--- a/nix/configuration/roles/emacs/files/emacs/elisp/common-lsp.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/common-lsp.el
@ -0,0 +1,47 @@
 (use-package eglot
  :pin gnu
  :commands (eglot eglot-ensure)
  :bind (:map eglot-mode-map
              ;; M-.
              ;; ([remap xref-find-definitions] . lsp-ui-peek-find-definitions)
              ;; M-?
              ;; ([remap xref-find-references] . lsp-ui-peek-find-references)
              ("C-c C-a" . eglot-code-actions)
              ;; C-M-.
              ([remap xref-find-apropos] . #'consult-eglot-symbols)
              )
  ;; :hook (
  ;;        (eglot-managed-mode . (lambda ()
  ;;                                (when (eglot-managed-p)
  ;;                                  (corfu-mode +1)
  ;;                                  )
  ;;                                ))
  ;;        )
  :config
  (fset #'jsonrpc--log-event #'ignore) ;; Disable logging LSP traffic for performance boost
  (set-face-attribute 'eglot-highlight-symbol-face nil :background "#0291a1" :foreground "black")
  (set-face-attribute 'eglot-mode-line nil :inherit 'mode-line :bold nil)
  :custom
  (eglot-autoshutdown t "Shut down server when last buffer is killed.")
  (eglot-sync-connect 0 "Don't block on language server starting.")
  (eglot-send-changes-idle-time 0.1)
  )
 (use-package consult-eglot
  :commands (consult-eglot-symbols)
  )
 (use-package company
  :after eglot
  :hook (eglot-managed-mode . company-mode)
  :config
  (setq company-backends '((company-capf)))
  (setq company-idle-delay 0) ;; Default 0.2
  )
 ;; (use-package company-box
 ;;   :hook (company-mode . company-box-mode))
 (provide 'common-lsp)
--- a/nix/configuration/roles/emacs/files/emacs/elisp/lang-bash.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/lang-bash.el
@ -0,0 +1,16 @@
 (require 'util-tree-sitter)
 (use-package bash-ts-mode
  :ensure nil
  :commands (bash-ts-mode)
  :hook (
         (bash-ts-mode . (lambda ()
                           (flymake-mode +1)
                           )))
  :init
  (add-to-list 'major-mode-remap-alist '(sh-mode . bash-ts-mode))
  (add-to-list 'treesit-language-source-alist '(bash "https://github.com/tree-sitter/tree-sitter-bash"))
  (unless (treesit-ready-p 'bash) (treesit-install-language-grammar 'bash))
  )
 (provide 'lang-bash)
--- a/nix/configuration/roles/emacs/files/emacs/elisp/lang-c.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/lang-c.el
@ -0,0 +1,49 @@
 (require 'common-lsp)
 (require 'util-tree-sitter)
 (defun locate-compile-commands-file ()
  "See if compile_commands.json exists."
  ;; This can be generated by prefixing the make command with `intercept-build15 --append`
  (let ((compile-commands-file (locate-dominating-file (buffer-file-name) "compile_commands.json")))
    compile-commands-file
    )
  )
 (defun activate-c-eglot ()
  "Activate eglot for the c family of languages."
  (when (locate-compile-commands-file)
    (eglot-ensure)
    (defclass my/eglot-c (eglot-lsp-server) ()
      :documentation
      "Own eglot server class.")
    (add-to-list 'eglot-server-programs
                 '(c-ts-mode . (my/eglot-c "/usr/local/bin/clangd15")))
    (add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
    )
  )
 (use-package c-mode
  :mode (
         ("\\.c\\'" . c-ts-mode)
         ("\\.h\\'" . c-or-c++-ts-mode)
         )
  :commands (c-mode c-ts-mode)
  :pin manual
  :ensure nil
  :hook (
         (c-ts-mode . (lambda ()
                        (activate-c-eglot)
                        ))
         )
  :init
  (add-to-list 'major-mode-remap-alist '(c-mode . c-ts-mode))
  (add-to-list 'major-mode-remap-alist '(c++-mode . c++-ts-mode))
  (add-to-list 'major-mode-remap-alist '(c-or-c++-mode . c-or-c++-ts-mode))
  (add-to-list 'treesit-language-source-alist '(c "https://github.com/tree-sitter/tree-sitter-c"))
  (add-to-list 'treesit-language-source-alist '(cpp "https://github.com/tree-sitter/tree-sitter-cpp"))
  (unless (treesit-ready-p 'c) (treesit-install-language-grammar 'c))
  (unless (treesit-ready-p 'cpp) (treesit-install-language-grammar 'cpp))
  )
 (provide 'lang-c)
--- a/nix/configuration/roles/emacs/files/emacs/elisp/lang-cmake.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/lang-cmake.el
--- a/nix/configuration/roles/emacs/files/emacs/elisp/lang-dockerfile.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/lang-dockerfile.el
@ -0,0 +1,13 @@
 (use-package dockerfile-ts-mode
  :pin manual
  :mode (
         ("Dockerfile\\'" . dockerfile-ts-mode)
         )
  :commands (dockerfile-mode dockerfile-ts-mode)
  :init
  (add-to-list 'major-mode-remap-alist '(dockerfile-mode . dockerfile-ts-mode))
  (add-to-list 'treesit-language-source-alist '(dockerfile "https://github.com/camdencheek/tree-sitter-dockerfile"))
  (unless (treesit-ready-p 'dockerfile) (treesit-install-language-grammar 'dockerfile))
  )
 (provide 'lang-dockerfile)
--- a/nix/configuration/roles/emacs/files/emacs/elisp/lang-go.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/lang-go.el
@ -0,0 +1,33 @@
 (require 'common-lsp)
 (require 'util-tree-sitter)
 (use-package go-ts-mode
  :pin manual
  :mode (
         ("\\.go\\'" . go-ts-mode)
         ("/go\\.mod\\'" . go-mod-ts-mode)
         )
  :commands (go-ts-mode go-mod-ts-mode)
  :hook (
         (go-ts-mode . (lambda ()
                         (when-linux
                           (eglot-ensure)
                           )
                         ))
         (go-mod-ts-mode . (lambda ()
                         (when-linux
                           (eglot-ensure)
                           )
                         ))
         ;; (before-save . lsp-format-buffer)
         )
  :init
  (add-to-list 'treesit-language-source-alist '(go "https://github.com/tree-sitter/tree-sitter-go"))
  (add-to-list 'treesit-language-source-alist '(gomod "https://github.com/camdencheek/tree-sitter-go-mod"))
  (unless (treesit-ready-p 'go) (treesit-install-language-grammar 'go))
  (unless (treesit-ready-p 'gomod) (treesit-install-language-grammar 'gomod))
  )
 (provide 'lang-go)
--- a/nix/configuration/roles/emacs/files/emacs/elisp/lang-javascript.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/lang-javascript.el
@ -0,0 +1,177 @@
 (require 'common-lsp)
 (require 'util-tree-sitter)
 (use-package json-ts-mode
  :ensure nil
  :pin manual
  :mode (
         ("\\.json\\'" . json-ts-mode)
         )
  :commands (json-ts-mode)
  :hook (
         (json-ts-mode . (lambda ()
                           (add-hook 'before-save-hook 'json-fmt-jq nil 'local)
                           ))
         )
  :init
  (add-to-list 'treesit-language-source-alist '(json "https://github.com/tree-sitter/tree-sitter-json"))
  (unless (treesit-ready-p 'json) (treesit-install-language-grammar 'json))
  )
 (defun json-fmt-jq ()
  "Run jq."
  (run-command-on-buffer "jq" "--monochrome-output" ".")
  )
 (defun configure-typescript-language-server ()
  "Configures the typescript language server."
  (when-linux
    ;; Either initializationOptions or workspace/didChangeConfiguration works.
    (setq eglot-workspace-configuration
          (list (cons ':typescript '(:inlayHints (:includeInlayParameterNameHints
                                                  "all"
                                                  :includeInlayParameterNameHintsWhenArgumentMatchesName
                                                  t
                                                  :includeInlayFunctionParameterTypeHints
                                                  t
                                                  :includeInlayVariableTypeHints
                                                  t
                                                  :includeInlayVariableTypeHintsWhenTypeMatchesName
                                                  t
                                                  :includeInlayPRopertyDeclarationTypeHints
                                                  t
                                                  :includeInlayFunctionLikeReturnTypeHints
                                                  t
                                                  :includeInlayEnumMemberValueHints
                                                  t)))))
    (eglot-ensure)
    ;; (defclass my/eglot-typescript (eglot-lsp-server) ()
    ;;   :documentation
    ;;   "Own eglot server class.")
    ;; (add-to-list 'eglot-server-programs
    ;;              '((js-mode js-ts-mode tsx-ts-mode typescript-ts-mode typescript-mode) . (my/eglot-typescript "typescript-language-server" "--stdio" :initializationOptions (:preferences (:includeInlayParameterNameHints
    ;;                                                                                                                                                                                        "all"
    ;;                                                                                                                                                                                        :includeInlayParameterNameHintsWhenArgumentMatchesName
    ;;                                                                                                                                                                                        t
    ;;                                                                                                                                                                                        :includeInlayFunctionParameterTypeHints
    ;;                                                                                                                                                                                        t
    ;;                                                                                                                                                                                        :includeInlayVariableTypeHints
    ;;                                                                                                                                                                                        t
    ;;                                                                                                                                                                                        :includeInlayVariableTypeHintsWhenTypeMatchesName
    ;;                                                                                                                                                                                        t
    ;;                                                                                                                                                                                        :includeInlayPRopertyDeclarationTypeHints
    ;;                                                                                                                                                                                        t
    ;;                                                                                                                                                                                        :includeInlayFunctionLikeReturnTypeHints
    ;;                                                                                                                                                                                        t
    ;;                                                                                                                                                                                        :includeInlayEnumMemberValueHints
    ;;                                                                                                                                                                                        t)))))
    )
  )
 (use-package tsx-ts-mode
  :ensure nil
  :pin manual
  :mode (
         ("\\.tsx\\'" . tsx-ts-mode)
         )
  :commands (tsx-ts-mode)
  :hook (
         (tsx-ts-mode . (lambda ()
                          (when-linux
                            (configure-typescript-language-server)
                            )
                          ))
         )
  :init
  (add-to-list 'treesit-language-source-alist '(tsx . ("https://github.com/tree-sitter/tree-sitter-typescript" "master" "tsx/src")))
  (unless (treesit-ready-p 'tsx) (treesit-install-language-grammar 'tsx))
  )
 (use-package typescript-ts-mode
  :ensure nil
  :pin manual
  :mode (
         ("\\.ts\\'" . typescript-ts-mode)
         )
  :commands (typescript-ts-mode)
  :hook (
         (typescript-ts-mode . (lambda ()
                                 (configure-typescript-language-server)
                                 ))
         )
  :init
  (add-to-list 'treesit-language-source-alist '(typescript . ("https://github.com/tree-sitter/tree-sitter-typescript" "master" "typescript/src")))
  (unless (treesit-ready-p 'typescript) (treesit-install-language-grammar 'typescript))
  )
 (use-package js-ts-mode
  :ensure nil
  :pin manual
  :mode (
         ("\\.js\\'" . js-ts-mode)
         )
  :commands (js-ts-mode)
  :hook (
         (js-ts-mode . (lambda ()
                                 (when-linux
                                   (eglot-ensure)
                                   )
                                 ))
         )
  :init
  (add-to-list 'treesit-language-source-alist '(javascript . ("https://github.com/tree-sitter/tree-sitter-javascript" "master" "src")))
  (unless (treesit-ready-p 'javascript) (treesit-install-language-grammar 'javascript))
  )
 (defun prettier-fmt ()
  "Run prettier."
  (run-command-on-buffer "prettier" "--stdin-filepath" buffer-file-name)
  )
 (use-package css-ts-mode
  :ensure nil
  :pin manual
  :mode (
         ("\\.css\\'" . css-ts-mode)
         )
  :commands (css-ts-mode)
  :custom (css-indent-offset 2)
  :init
  (add-to-list 'treesit-language-source-alist '(css "https://github.com/tree-sitter/tree-sitter-css"))
  (unless (treesit-ready-p 'css) (treesit-install-language-grammar 'css))
  :hook (
         (css-ts-mode . (lambda ()
                             (eglot-ensure)
                             (defclass my/eglot-css (eglot-lsp-server) ()
                               :documentation
                               "Own eglot server class.")
                             (add-to-list 'eglot-server-programs
                                          '(css-ts-mode . (my/eglot-css "vscode-css-language-server" "--stdio")))
                             ;; (add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
                             (add-hook 'before-save-hook 'prettier-fmt nil 'local)
                             ))
         )
  )
 (use-package web-mode
  :mode (("\\.dust\\'" . dust-mode)
         )
  :config
  (setq web-mode-markup-indent-offset 2)
  (setq web-mode-enable-current-element-highlight t)
  )
 ;; Define a custom mode for dust so that org-mode handle #+BEGIN_SRC dust blocks
 (define-derived-mode dust-mode web-mode "WebDust"
  "Major mode for editing dust templates in web-mode."
  (web-mode)
  (web-mode-set-engine "dust")
  ;; (setq web-mode-content-type "html")
  )
 (provide 'lang-javascript)
--- a/nix/configuration/roles/emacs/files/emacs/elisp/lang-lua.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/lang-lua.el
@ -0,0 +1,21 @@
 (defun lua-format-buffer ()
  "Run stylua."
  (interactive)
  (run-command-on-buffer "stylua" "--search-parent-directories" "--stdin-filepath" buffer-file-name "-")
  )
 (use-package lua-mode
  :mode
  (("\\.lua\\'" . lua-mode)
   ("\\.rockspec\\'" . lua-mode))
  :commands lua-mode
  :hook (
         (lua-mode . (lambda ()
                        (add-hook 'before-save-hook 'lua-format-buffer nil 'local)
                        ))
         )
  :custom
  (lua-indent-level 4)
  )
 (provide 'lang-lua)
--- a/nix/configuration/roles/emacs/files/emacs/elisp/lang-markdown.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/lang-markdown.el
@ -0,0 +1,14 @@
 (use-package markdown-mode
  :ensure t
  :commands (markdown-mode gfm-mode)
  :mode (("README\\.md\\'" . gfm-mode)
         ("\\.md\\'" . markdown-mode)
         ("\\.markdown\\'" . markdown-mode))
  :init (setq markdown-command "multimarkdown"))
 ;; For code block editing
 (use-package edit-indirect
  :commands (edit-indirect-region edit-indirect-save edit-indirect-abort edit-indirect-commit edit-indirect-display-active-buffer)
  )
 (provide 'lang-markdown)
--- a/nix/configuration/roles/emacs/files/emacs/elisp/lang-nix.el
+++ b/nix/configuration/roles/emacs/files/emacs/elisp/lang-nix.el
@ -0,0 +1,22 @@
 (require 'common-lsp)
 (require 'util-tree-sitter)
 (use-package nix-mode
  :mode (("\\.nix\\'" . nix-mode)
         )
  :commands nix-mode
  :hook (
         (nix-mode . (lambda ()
                       (eglot-ensure)
                       (defclass my/eglot-nix (eglot-lsp-server) ()
                         :documentation
                         "Own eglot server class.")
                       (add-to-list 'eglot-server-programs
                                    '(nix-mode . (my/eglot-nix "nixd")))
                       (add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
                       ))
         )
  )
 (provide 'lang-nix)
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Tom Alexander	9513882870	Still not working.	2025-01-27 20:38:45 -05:00
Tom Alexander	71a6843b37	Same issue with package based on 2ship2harkinian.	2025-01-27 19:26:38 -05:00
Tom Alexander	7d9d1ca80e	Add a package for starship (Star Fox 64).	2025-01-27 19:26:38 -05:00
Tom Alexander	2f2d33296b	Persist ares data.	2025-01-26 19:04:17 -05:00
Tom Alexander	2c1cf54de0	Update packages.	2025-01-26 18:55:53 -05:00
Tom Alexander	65be133ffe	Update lanzaboote.	2025-01-26 16:57:18 -05:00
Tom Alexander	ee47c3cfa3	Enable debugging on ath12k.	2025-01-26 10:11:53 -05:00
Tom Alexander	ff8bb0653b	Enable bluetooth on odo.	2025-01-25 21:28:14 -05:00
Tom Alexander	ff98873b32	Persist save data for ship of harkinian and 2ship2harkinian.	2025-01-25 21:22:55 -05:00
Tom Alexander	67ad4e2dff	Persist sm64ex save data.	2025-01-25 20:47:48 -05:00
Tom Alexander	60452b0aeb	Persist the nix-index index.	2025-01-25 20:22:41 -05:00
Tom Alexander	e043320e5c	Clean up experiments in the gpg role.	2025-01-25 19:35:05 -05:00
Tom Alexander	2f8c4fbfe8	Disable verbose logging for gpg.	2025-01-25 19:10:48 -05:00
Tom Alexander	233bf4e967	Put the sleep back into wireguard.	2025-01-25 17:58:56 -05:00
Tom Alexander	f7adfaf54d	Update lockfile.	2025-01-25 16:28:53 -05:00
Tom Alexander	78c9dec4c4	Disable rom name override. The latest nixpkgs does not support overriding the name so I am removing it now for compatibility.	2025-01-25 16:22:04 -05:00
Tom Alexander	53c12a5b1e	Add sshjail as an ansible plugin.	2025-01-25 15:30:30 -05:00
Tom Alexander	7d94210d8f	Add cmake support to emacs.	2025-01-25 10:20:22 -05:00
Tom Alexander	1ebf31dc11	Remove sleep from wireguard service.	2025-01-25 10:20:22 -05:00
Tom Alexander	82c30bdb77	Add a role for 2ship2harkinian (Majora's Mask).	2025-01-24 21:25:41 -05:00
Tom Alexander	d5e7fdd097	Add bsdtar.	2025-01-24 20:58:03 -05:00
Tom Alexander	40fd7931d0	Add a persist folder for the talexander user.	2025-01-24 20:36:37 -05:00
Tom Alexander	835fd340a2	Add role for Ocarina of Time (shipwright).	2025-01-24 20:23:49 -05:00
Tom Alexander	94ef9ff3c8	Add role to build sm64ex.	2025-01-24 20:08:10 -05:00
Tom Alexander	62d3c010f5	Install nix-tree.	2025-01-24 19:01:51 -05:00
Tom Alexander	e9e792961c	Add a not-working snippet to show where system packages are imported.	2025-01-24 18:53:57 -05:00
Tom Alexander	281dffc9c0	Do not install foot.	2025-01-24 18:42:57 -05:00
Tom Alexander	5bd67bb02a	Move defaultPackages into the reset role.	2025-01-24 18:36:14 -05:00
Tom Alexander	4a76097a5e	Refactor the wireguard role to use lib.mkMerge.	2025-01-24 17:59:07 -05:00
Tom Alexander	facfd01661	Make zsh install conditional.	2025-01-23 21:55:22 -05:00
Tom Alexander	2ce4520cd6	Make zrepl a conditional install.	2025-01-23 21:52:50 -05:00
Tom Alexander	814769b3e9	Do not install waybar on neelix.	2025-01-23 21:43:08 -05:00
Tom Alexander	6424129da3	Do not install wasm role on neelix.	2025-01-23 21:41:08 -05:00
Tom Alexander	415edbad91	Do not install vscode on neelix.	2025-01-23 21:39:57 -05:00
Tom Alexander	a773f94593	Do not install vnc client on neelix.	2025-01-23 21:37:16 -05:00
Tom Alexander	226610c926	Do not install steam or terraform on neelix.	2025-01-23 21:37:15 -05:00
Tom Alexander	7c6afef2bb	Do not install pavucontrol on non-graphical installs.	2025-01-23 21:25:19 -05:00
Tom Alexander	55654fafb1	Do not install rust on neelix.	2025-01-23 21:21:37 -05:00
Tom Alexander	8946868fd6	Do not install qemu on neelix.	2025-01-23 21:18:57 -05:00
Tom Alexander	cd8e9002d0	Do not install python on neelix.	2025-01-23 21:15:48 -05:00
Tom Alexander	e1a274c88e	Do not install media role on neelix.	2025-01-23 21:06:11 -05:00
Tom Alexander	cdc4bdffb6	Git buildEnv is failing.	2025-01-23 20:59:39 -05:00
Tom Alexander	9b9a103e49	Do not install gnome-firmware on non-graphical installs.	2025-01-23 20:46:03 -05:00
Tom Alexander	ea7bf809fc	Do not install the launch keyboard configurator on neelix or non-graphical installs.	2025-01-23 20:42:22 -05:00
Tom Alexander	88a6d046b8	Do not install LaTeX on neelix.	2025-01-23 20:38:54 -05:00
Tom Alexander	d8e16f0b05	Do not install kubernetes clients on neelix.	2025-01-23 20:35:28 -05:00
Tom Alexander	e3fee206a1	Don't install kanshi on non-graphical installs.	2025-01-23 20:20:08 -05:00
Tom Alexander	3be710b4ad	Install meld to git's path when doing a graphical install.	2025-01-23 20:07:23 -05:00
Tom Alexander	b37f8a8e1a	Do not install my git config on neelix.	2025-01-23 19:55:13 -05:00
Tom Alexander	509cceb220	Only install fonts in graphical installs.	2025-01-23 19:48:25 -05:00
Tom Alexander	47408cfce0	Do not install firefox on neelix.	2025-01-23 19:14:25 -05:00
Tom Alexander	812dc40257	Do not install docker on neelix.	2025-01-23 19:09:59 -05:00
Tom Alexander	0e370c0d62	Do not install chromium or catt on neelix.	2025-01-23 19:04:19 -05:00
Tom Alexander	0598c796b7	Do not install ares on neelix.	2025-01-23 18:53:36 -05:00
Tom Alexander	df2efb728d	Don't install alacritty on neelix or non-graphical installs.	2025-01-23 18:47:03 -05:00
Tom Alexander	62fc955b68	Merge branch 'plainmacs' into nix	2025-01-23 18:44:30 -05:00
Tom Alexander	e0644a069d	Add support for non-graphical emacs.	2025-01-23 01:52:56 -05:00
Tom Alexander	054e056d00	Switch to buildEnv instead of symlinkJoin for better control over the joining process.	2025-01-23 01:52:56 -05:00
Tom Alexander	d3ea8b3667	Introduce a plainmacs emacs install flavor.	2025-01-22 21:01:34 -05:00
Tom Alexander	3f945f8ae3	Merge branch 'neelix' into nix	2025-01-22 20:29:12 -05:00
Tom Alexander	93c4aa4c76	Clean up the host-specific configs.	2025-01-22 20:28:58 -05:00
Tom Alexander	4664804d90	Comment out the kodi configs so they remain mutable until I've made a config I like.	2025-01-22 20:12:50 -05:00
Tom Alexander	edc48d00a2	Add some config files.	2025-01-21 23:07:05 -05:00
Tom Alexander	37aa0e6732	Add a bluetooth role.	2025-01-21 22:19:28 -05:00
Tom Alexander	a739728d41	Add neelix public key to sftp server.	2025-01-21 21:23:21 -05:00
Tom Alexander	48c5aebd82	Install jmespath for ansible.	2025-01-21 20:56:48 -05:00
Tom Alexander	c33a1b6c50	Set up memtest86 on neelix.	2025-01-20 22:50:44 -05:00
Tom Alexander	368c455b7f	Persist ssh keys for kodi user.	2025-01-20 22:38:54 -05:00
Tom Alexander	5a5d34911c	Add /etc/hosts entry for neelix.	2025-01-20 21:00:35 -05:00
Tom Alexander	d0c1bb1b65	Do not install sway on neelix.	2025-01-20 20:14:59 -05:00
Tom Alexander	9d49eb9d6a	Add an empty kodi role.	2025-01-20 19:40:54 -05:00
Tom Alexander	ccbc999744	Add a global options role.	2025-01-20 19:27:49 -05:00
Tom Alexander	d537aa599b	Stop the sway-session.target when exiting sway.	2025-01-20 18:43:54 -05:00
Tom Alexander	95d06dfe0e	Enable memtest86 when building the ISO.	2025-01-20 18:43:54 -05:00
Tom Alexander	f2adb9328b	Build zfs into the ISO image.	2025-01-20 18:43:54 -05:00
Tom Alexander	7bc6e0c470	Add a config for neelix.	2025-01-20 18:43:54 -05:00
Tom Alexander	99edb2d161	Use full emacs for e alias.	2025-01-19 23:15:33 -05:00
Tom Alexander	938f8676ff	Add chromecast support.	2025-01-19 13:44:01 -05:00
Tom Alexander	d365b6aea9	Add ncdu to inspect disk usage.	2025-01-19 11:05:00 -05:00
Tom Alexander	8d911ff893	Wrap tofi without forcing a rebuild.	2025-01-19 10:53:54 -05:00
Tom Alexander	2aca77ea1a	Merge branch 'emacs_refactor' into nix	2025-01-19 10:16:27 -05:00
Tom Alexander	1b342d3402	Switch from buildEnv to symlinkJoin to keep dependencies out of the system path.	2025-01-19 10:09:49 -05:00
Tom Alexander	9976e232e6	Move packages out of systemPackages and into the emacs_full package.	2025-01-18 23:11:35 -05:00
Tom Alexander	3baf18f435	Install aspell into the emacs_full environment.	2025-01-18 22:53:09 -05:00
Tom Alexander	e00331bf94	Wrap emacs settings in a mkMerge.	2025-01-18 21:26:17 -05:00
Tom Alexander	8e22d8febb	Switch to a 300hz tickless kernel and enable BBR. Aside from BBR, these settings are copied from arch linux.	2025-01-18 20:15:20 -05:00
Tom Alexander	ed0d1e41d6	Add a notification daemon.	2025-01-18 18:44:00 -05:00
Tom Alexander	2c27d580f4	Add a mode to force focus a window.	2025-01-18 18:40:08 -05:00
Tom Alexander	75ac4b91f3	Add screenshot / screen recording.	2025-01-18 18:33:46 -05:00
Tom Alexander	9abe43096b	Add swaylock.	2025-01-18 18:13:30 -05:00
Tom Alexander	1535800e2f	Replace wofi with tofi.	2025-01-18 17:39:51 -05:00
Tom Alexander	dcffced35a	Add rofimoji.	2025-01-18 14:32:44 -05:00
Tom Alexander	1da36ab7c5	Remove unused portion of zshrc. I will probably move to a similar import system to what I am doing with sway.	2025-01-18 13:18:06 -05:00
Tom Alexander	c694c6ae4c	Make zsh-histdb use sqlite3 directly instead of depending on systemPackages.	2025-01-18 13:12:24 -05:00
Tom Alexander	f524aa168a	Stick with imv instead of swayimg.	2025-01-18 12:16:11 -05:00
Tom Alexander	308206d1cc	Launch a terminal at boot in the live ISO.	2025-01-18 11:55:12 -05:00
Tom Alexander	8ac235cb8c	Move disabling wifi power saving to a host-specific file.	2025-01-18 11:48:53 -05:00
Tom Alexander	5170678a25	Don't garbage collect in a built ISO. The ISO is immutable so garbage collection does not make sense.	2025-01-18 11:33:39 -05:00
Tom Alexander	19cf31b094	Move a zfs setting into the zfs role.	2025-01-18 11:14:19 -05:00
Tom Alexander	4f0024c4f9	Move some graphics bits into the graphics role.	2025-01-18 11:00:30 -05:00
Tom Alexander	41138ab34a	Update to the new secureboot location.	2025-01-18 10:54:34 -05:00
Tom Alexander	f9b18809f9	An update fixed firefox's launch time.	2025-01-17 22:42:57 -05:00
Tom Alexander	fefe46b512	Remove kvm-amd from boot.kernelModules.	2025-01-17 21:36:34 -05:00
Tom Alexander	b4947bcff6	Add vnc client.	2025-01-17 20:30:16 -05:00
Tom Alexander	14baaddcff	Persist factorio data.	2025-01-17 19:07:54 -05:00
Tom Alexander	1c8f2f1c74	Switch back to regular linux.	2025-01-17 18:55:59 -05:00
Tom Alexander	1bfe24f457	Remove duplicate entry for xdg-desktop-portal-wlr.	2025-01-16 20:51:17 -05:00
Tom Alexander	08feb8bad6	Add more tracing commands.	2025-01-15 21:12:28 -05:00
Tom Alexander	cb3b01a74c	Blacklist hardward watchdog for AMD 700 chipset series for power savings.	2025-01-15 21:01:30 -05:00
Tom Alexander	0e95edd8e7	Switch to unstable.	2025-01-15 21:00:57 -05:00
Tom Alexander	d172b1dea2	Add some wasm utilities.	2025-01-14 23:57:24 -05:00
Tom Alexander	2a97a1ee92	Add vscode role.	2025-01-14 23:57:24 -05:00
Tom Alexander	ba4085df1a	Add terraform.	2025-01-14 23:17:26 -05:00
Tom Alexander	7c542364a2	Add firmware updating through fwupd via the Linux Vendor firmware Service (LVFS).	2025-01-14 22:42:52 -05:00
Tom Alexander	0299ebcb43	Add nvme role.	2025-01-14 21:51:53 -05:00
Tom Alexander	c23245b97c	Add TODO.	2025-01-14 21:40:38 -05:00
Tom Alexander	491412c33c	Add seatd.	2025-01-14 21:10:03 -05:00
Tom Alexander	5a5839482d	Add support for the system76 launch keyboard configurator.	2025-01-14 20:16:06 -05:00
Tom Alexander	63408f5664	Set up latex.	2025-01-14 18:04:04 -05:00
Tom Alexander	d338b77d23	Install sshfs.	2025-01-14 17:56:29 -05:00
Tom Alexander	ce9140aa73	Add role for zrepl.	2025-01-13 17:59:03 -05:00
Tom Alexander	dbf3f2e983	Disable the fallback DNS servers.	2025-01-13 17:43:38 -05:00
Tom Alexander	0ca26e73fb	Add more firefox extensions.	2025-01-12 22:43:23 -05:00
Tom Alexander	0fb53a4294	Add preparations for the new location for secureboot keys.	2025-01-12 21:17:47 -05:00
Tom Alexander	4019e6d132	Fix buildkit access to SSH agent.	2025-01-12 21:17:47 -05:00
Tom Alexander	8b1e76d9d7	Add a script to resume a zfs send/recv.	2025-01-12 19:55:15 -05:00
Tom Alexander	477637ae62	Add a script to test fetching PGP keys from a Web Key Directory (WKD).	2025-01-12 18:29:48 -05:00
Tom Alexander	5146a114eb	Introduce a variable for sway includes and disable relatime on the zfs legacy mounts.	2025-01-12 15:39:46 -05:00
Tom Alexander	a817464b38	Preserve steam directories.	2025-01-11 22:36:09 -05:00
Tom Alexander	1acf889c68	Instll steam and the zfs_clone_send / zfs_clone_recv scripts.	2025-01-11 13:48:46 -05:00
Tom Alexander	af07d43c18	Add asian fonts.	2025-01-11 12:50:13 -05:00
Tom Alexander	33f13d898d	Switch to ares instead of bsnes.	2025-01-11 12:09:02 -05:00
Tom Alexander	47d9e203f3	Add media role.	2025-01-10 22:54:32 -05:00
Tom Alexander	1a2ff987fe	Add fw-ectool to framework laptop.	2025-01-09 23:31:27 -05:00
Tom Alexander	16480b3749	Switch to ladspa.	2025-01-09 21:32:37 -05:00
Tom Alexander	0d3901788d	Installing ccid and libusb-compat does not fix it.	2025-01-09 19:04:44 -05:00
Tom Alexander	a3cb2c8632	Add kanshi.	2025-01-09 18:14:45 -05:00
Tom Alexander	6b9660bc44	Switch to mono noise suppression for voice and disable vulkan for chromium.	2025-01-09 17:56:46 -05:00
Tom Alexander	5c41b7efa2	Update software.	2025-01-08 21:43:39 -05:00
Tom Alexander	ead5db241e	Install packages needed to run amd_s2idle.	2025-01-07 23:02:22 -05:00
Tom Alexander	8b074617e8	Use Adwaita cursor theme.	2025-01-06 19:34:28 -05:00
Tom Alexander	13970b53ad	Only decrypt the nix zfs dataset.	2025-01-06 19:21:20 -05:00
Tom Alexander	13d7319a0f	Add nix-index.	2025-01-06 14:32:07 -05:00
Tom Alexander	bd9a85efd3	Add klog alias.	2025-01-05 15:43:23 -05:00
Tom Alexander	4a4c54def4	Disable DNS settings for hotel.	2025-01-02 22:50:55 -05:00
Tom Alexander	18d372c8ee	Revert "Switching to a home-manager config did not fix it." This reverts commit 4599b38ebf5e36495c50ed73ee4149ddc3378841.	2025-01-02 10:27:25 -05:00
Tom Alexander	4599b38ebf	Switching to a home-manager config did not fix it.	2025-01-02 10:27:21 -05:00
Tom Alexander	04a95a2543	More failed attempts to get gpg working.	2025-01-02 09:43:00 -05:00
Tom Alexander	7c5f14ee61	Persist kubernetes client config.	2025-01-02 09:03:19 -05:00
Tom Alexander	d49f12f58f	Enable panel replay.	2025-01-01 19:59:02 -05:00
Tom Alexander	936d3bc34d	Add rust.	2025-01-01 19:16:08 -05:00
Tom Alexander	1b34841921	Comment out specific version of gpg.	2025-01-01 18:43:29 -05:00
Tom Alexander	611904761e	Add kubernetes client.	2025-01-01 18:43:29 -05:00
Tom Alexander	f843b7924f	Add docker.	2025-01-01 18:29:27 -05:00
Tom Alexander	7bb7b89b82	Try a specific version of gpg.	2025-01-01 13:35:29 -05:00
Tom Alexander	c1103775b6	Keep 30 days of /nix.	2025-01-01 13:31:45 -05:00
Tom Alexander	24d89ed704	Default to power-saving mode.	2024-12-31 12:51:23 -05:00
Tom Alexander	e8dff5ece1	Set up wireguard networks using functions.	2024-12-31 11:04:24 -05:00
Tom Alexander	e22b5c1c6c	Add power management kernel parameters.	2024-12-31 10:27:15 -05:00
Tom Alexander	d9bc4f15d8	Add powertop.	2024-12-31 07:44:02 -05:00
Tom Alexander	77ae96ca7a	Set up python.	2024-12-31 07:37:48 -05:00
Tom Alexander	d2f908005c	Persist the .ssh known_hosts.	2024-12-31 07:00:41 -05:00
Tom Alexander	5e74a874ba	Persist sound settings (for example, muted status) and do not enable wireguard in built ISO.	2024-12-29 15:45:52 -05:00
Tom Alexander	fe820e5843	Move remaining nix configs into folders.	2024-12-29 15:27:03 -05:00
Tom Alexander	81315e4c7b	Add a snes emulator.	2024-12-29 15:12:31 -05:00
Tom Alexander	ce8718b042	Add wgh wireguard network.	2024-12-28 21:05:45 -05:00
Tom Alexander	720164497d	More attempts to fix gpg decrypt with yubikey.	2024-12-27 20:53:43 -05:00
Tom Alexander	0b31b91c69	Set up wireguard.	2024-12-27 15:44:00 -05:00
Tom Alexander	2ef181cfab	Attempt to fix gpg decrypt with yubikey. Did not succeed.	2024-12-27 13:09:13 -05:00
Tom Alexander	5a3450fdf8	Add gvfs and git-crypt.	2024-12-26 21:28:31 -05:00
Tom Alexander	aae534308a	Add noise supression to microphone.	2024-12-25 09:17:30 -05:00
Tom Alexander	cbd8f70ce4	Merge branch 'zsh' into nix	2024-12-25 09:17:23 -05:00
Tom Alexander	64d495afa5	Use zsh-histdb package.	2024-12-23 17:28:31 -05:00
Tom Alexander	5e424b35e4	Make a zsh-histdb package.	2024-12-23 15:41:45 -05:00
Tom Alexander	7decd40844	Switch to zsh.	2024-12-23 11:14:18 -05:00
Tom Alexander	9c0f3ce601	Use dark themes.	2024-12-23 10:56:57 -05:00
Tom Alexander	e09eea2049	Switch to zen kernel optimized for znver4.	2024-12-23 10:00:01 -05:00
Tom Alexander	5d23126205	Enable secure boot.	2024-12-22 22:03:03 -05:00
Tom Alexander	748e6dee68	Set firefox as default browser.	2024-12-22 16:14:12 -05:00
Tom Alexander	27aa2f077b	Set up chromium with support for wayland and widevine.	2024-12-22 00:48:57 -05:00
Tom Alexander	69098488f6	Switch to a raw file for fontconfig.	2024-12-21 17:15:54 -05:00
Tom Alexander	14e6e78aee	Add the waybar scripts.	2024-12-21 16:25:40 -05:00
Tom Alexander	a0f9f4baa4	Set up waybar and building ISOs.	2024-12-21 15:46:05 -05:00
Tom Alexander	a7f3754d25	Add more sway config files.	2024-12-20 23:03:51 -05:00
Tom Alexander	54c8459fa1	Switch to vulkan renderer for sway.	2024-12-20 22:45:09 -05:00
Tom Alexander	e26118af4f	Reformat all nix files.	2024-12-20 22:37:44 -05:00
Tom Alexander	764a8c58ce	Add alias for emacs.	2024-12-20 22:36:32 -05:00
Tom Alexander	8f89f1c6c1	Add alacritty config.	2024-12-20 21:59:20 -05:00
Tom Alexander	862829c57c	Preserve firefox cache.	2024-12-20 21:38:19 -05:00
Tom Alexander	aba96213c3	Enable the nixd language server in emacs.	2024-12-20 21:19:22 -05:00
Tom Alexander	e7ab762ee4	Fix firefox launch time.	2024-12-20 21:06:04 -05:00
Tom Alexander	b314982196	Set up firefox.	2024-12-20 18:30:35 -05:00
Tom Alexander	27060fed8d	Preserve gpg directory.	2024-12-20 16:50:27 -05:00
Tom Alexander	20c1c46d12	Set up fonts.	2024-12-20 16:07:12 -05:00
Tom Alexander	3b133ed86c	Do not launch alacritty at the start.	2024-12-20 15:34:02 -05:00
Tom Alexander	0aad0c39f4	Enable wayland support for emacs. This unfortunately means pinning to a specific version (or using 3rd party emacs-overlay).	2024-12-20 15:30:51 -05:00
Tom Alexander	fe1033fa4b	Switch to uid/gid 11235.	2024-12-20 15:22:46 -05:00
Tom Alexander	2ce635d028	Fix emacs config.	2024-12-20 15:03:33 -05:00
Tom Alexander	ba3a6e74eb	Add git config and initial emacs config.	2024-12-20 13:17:13 -05:00
Tom Alexander	7e768022e7	Add hotkeys and window management to sway.	2024-12-19 23:08:19 -05:00
Tom Alexander	a76bd4ebd3	Fix wifi config	2024-12-19 22:20:55 -05:00
Tom Alexander	df89d1b973	Enable redistributable firmware.	2024-12-19 19:52:27 -05:00
Tom Alexander	50811aad77	Set up building an ISO from the config.	2024-12-19 19:36:10 -05:00
Tom Alexander	df3528d62a	Enable graphics acceleration.	2024-12-19 18:59:38 -05:00
Tom Alexander	e97c570bb2	Trust wheel.	2024-12-19 18:09:48 -05:00
Tom Alexander	fbcb0826d2	Extremely minimal sway setup.	2024-12-19 17:33:21 -05:00
Tom Alexander	74499fb6a0	Switch to a different way of building the VM.	2024-12-19 16:28:40 -05:00
Tom Alexander	fbbff409a0	Add a build for a qemu virtual machine.	2024-12-19 16:14:47 -05:00
Tom Alexander	05da118d8f	Start module for sway.	2024-12-19 15:13:56 -05:00
Tom Alexander	033d695fd9	Only set bootloader when in VM.	2024-12-19 15:06:57 -05:00
Tom Alexander	6953cdb81f	Set up a minimal initial config.	2024-12-17 16:46:44 -05:00
Tom Alexander	48f700b803	Add script for managing nix testing vm.	2024-12-17 16:46:43 -05:00
`@ -1,2 +1,2 @@`
	`--ozone-platform-hint=auto`	`--ozone-platform-hint=auto`
	`--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE,AcceleratedVideoEncoder`	`--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE`
`@ -1,2 +1,2 @@`
	`# Set screen brightness. Ever since enabling adaptive brightness management, my brightness ends up sinking lower on re-boots (I suspect it is saving the actual brightness rather than the set brightness). This forces the brightness back to the level I prefer.`	`# Set screen brightness. Ever since enabling adaptive brightness management, my brightness ends up sinking lower on re-boots (I suspect it is saving the actual brightness rather than the set brightness). This forces the brightness back to the level I prefer.`
	`w- /sys/class/backlight/amdgpu_bl0/brightness - - - - 21845`	`w- /sys/class/backlight/amdgpu_bl0/brightness - - - - 85`
`@ -1,2 +1,2 @@`
	`[options]`	`[options]`
	`IgnorePkg = linux linux-headers chromium`	`IgnorePkg = linux linux-headers`
`@ -1 +1 @@`
	`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8`	`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky cardno:000611194908`