Enable optimized builds for steam deck.

Set the steam launcher to run /home/deck/.nix-profile/bin/steam_<GAME> to have it work inside steam gaming mode.

nix/configuration/configuration.nix

@@ -63,6 +63,13 @@
     ./roles/shipwright
     ./roles/2ship2harkinian
     ./roles/nix_index
+    ./roles/flux
+    ./roles/tekton
+    ./roles/gnuplot
+    ./roles/sops
+    ./roles/gcloud
+    ./roles/steam_run_free
+    ./roles/pcsx2
   ];
 
   nix.settings.experimental-features = [
@@ -111,6 +118,14 @@
       home.stateVersion = "24.11";
     };
 
+  home-manager.users.root =
+    { pkgs, ... }:
+    {
+      # The state version is required and should stay at the version you
+      # originally installed.
+      home.stateVersion = "24.11";
+    };
+
   # Automatic garbage collection
   nix.gc = lib.mkIf (!config.me.buildingIso) {
     # Runs nix-collect-garbage --delete-older-than 5d
@@ -152,6 +167,11 @@
     ncdu
     nix-tree
     libarchive # bsdtar
+    lsof
+    doas-sudo-shim # To support --use-remote-sudo for remote builds
+    dmidecode # Read SMBIOS information.
+    ipcalc
+    gptfdisk # for cgdisk
   ];
 
   services.openssh = {

nix/configuration/flake.lock

@@ -135,11 +135,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737762889,
-        "narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
+        "lastModified": 1742588233,
+        "narHash": "sha256-Fi5g8H5FXMSRqy+mU6gPG0v+C9pzjYbkkiePtz8+PpA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
+        "rev": "296ddc64627f4a6a4eb447852d7346b9dd16197d",
         "type": "github"
       },
       "original": {
@@ -191,11 +191,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1737885589,
-        "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
+        "lastModified": 1742422364,
+        "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
+        "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc",
         "type": "github"
       },
       "original": {
@@ -237,6 +237,22 @@
         "type": "github"
       }
     },
+    "nixpkgs-unoptimized": {
+      "locked": {
+        "lastModified": 1742422364,
+        "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "pre-commit-hooks-nix": {
       "inputs": {
         "flake-compat": [
@@ -272,6 +288,7 @@
         "lanzaboote": "lanzaboote",
         "nixpkgs": "nixpkgs",
         "nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5",
+        "nixpkgs-unoptimized": "nixpkgs-unoptimized",
         "zsh-histdb": "zsh-histdb"
       }
     },

nix/configuration/flake.nix

@@ -32,6 +32,7 @@
     impermanence.url = "github:nix-community/impermanence";
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
     nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4";
+    nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable";
     home-manager.url = "github:nix-community/home-manager";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
     lanzaboote = {
@@ -58,6 +59,7 @@
     {
       self,
       nixpkgs,
+      nixpkgs-unoptimized,
       nixpkgs-b93b4e9b5,
       impermanence,
       home-manager,
@@ -73,6 +75,11 @@
           pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
             inherit system;
           };
+          pkgs-unoptimized = import nixpkgs-unoptimized {
+            inherit system;
+            hostPlatform.gcc.arch = "default";
+            hostPlatform.gcc.tune = "default";
+          };
         };
         modules = [
           impermanence.nixosModules.impermanence
@@ -142,6 +149,30 @@
             }
           );
         };
+        hydra = {
+          main = nixpkgs.lib.nixosSystem (
+            base_x86_64_linux
+            // {
+              modules = base_x86_64_linux.modules ++ [
+                ./hosts/hydra
+              ];
+            }
+          );
+          iso = nixpkgs.lib.nixosSystem (
+            base_x86_64_linux
+            // {
+              modules = base_x86_64_linux.modules ++ [
+                ./hosts/hydra
+                (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
+                {
+                  isoImage.makeEfiBootable = true;
+                  isoImage.makeUsbBootable = true;
+                  me.buildingIso = true;
+                }
+              ];
+            }
+          );
+        };
       };
     in
     {
@@ -149,5 +180,7 @@
       iso.odo = systems.odo.iso.config.system.build.isoImage;
       nixosConfigurations.neelix = systems.neelix.main;
       iso.neelix = systems.neelix.iso.config.system.build.isoImage;
+      nixosConfigurations.hydra = systems.hydra.main;
+      iso.hydra = systems.hydra.iso.config.system.build.isoImage;
     };
 }

nix/configuration/hosts/hydra/default.nix

@@ -0,0 +1,32 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./disk-config.nix
+    ./optimized_build.nix
+  ];
+
+  # Generate with `head -c4 /dev/urandom | od -A none -t x4`
+  networking.hostId = "fbd233d8";
+
+  networking.hostName = "hydra"; # Define your hostname.
+
+  time.timeZone = "America/New_York";
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  me.secureBoot.enable = false;
+
+  # Mount tmpfs at /tmp
+  boot.tmp.useTmpfs = true;
+
+  me.emacs_flavor = "plainmacs";
+  me.graphical = false;
+  me.zsh.enable = true;
+  me.wireguard.activated = [ ];
+  me.wireguard.deactivated = [ ];
+
+  # Trust this key so nix running as root can ssh into hydra.
+  users.users.talexander.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo"
+  ];
+}

nix/configuration/hosts/hydra/disk-config.nix

@@ -0,0 +1,140 @@
+# Manual Step:
+#   Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
+#   Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+lib.mkIf (!config.me.buildingIso) {
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "1G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [
+                  "umask=0077"
+                  "noatime"
+                  "discard"
+                ];
+              };
+            };
+            zfs = {
+              size = "100%";
+              content = {
+                type = "zfs";
+                pool = "zroot";
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      zroot = {
+        type = "zpool";
+        # mode = "mirror";
+        # Workaround: cannot import 'zroot': I/O error in disko tests
+        options.cachefile = "none";
+        options = {
+          ashift = "12";
+          compatibility = "openzfs-2.2-freebsd";
+          autotrim = "on";
+        };
+        rootFsOptions = {
+          acltype = "posixacl";
+          atime = "off";
+          relatime = "off";
+          xattr = "sa";
+          mountpoint = "none";
+          compression = "lz4";
+          canmount = "off";
+          utf8only = "on";
+          dnodesize = "auto";
+          normalization = "formD";
+        };
+
+        datasets = {
+          "linux/nix" = {
+            type = "zfs_fs";
+            options.mountpoint = "none";
+          };
+          "linux/nix/root" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/";
+            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
+          };
+          "linux/nix/nix" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/nix";
+            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
+            options = {
+              recordsize = "1MiB";
+              compression = "lz4";
+            };
+          };
+          "linux/nix/home" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/home";
+            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
+          };
+          "linux/nix/persist" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/persist";
+            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
+          };
+          "linux/nix/state" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/state";
+            postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
+          };
+        };
+      };
+    };
+  };
+
+  # Make sure all persistent volumes are marked as neededForBoot
+  #
+  # Also mounts /home so it is mounted before the user home directories are created.
+  fileSystems."/persist".neededForBoot = true;
+  fileSystems."/state".neededForBoot = true;
+  fileSystems."/home".neededForBoot = true;
+
+  fileSystems."/".options = [
+    "noatime"
+    "norelatime"
+  ];
+  fileSystems."/nix".options = [
+    "noatime"
+    "norelatime"
+  ];
+  fileSystems."/persist".options = [
+    "noatime"
+    "norelatime"
+  ];
+  fileSystems."/state".options = [
+    "noatime"
+    "norelatime"
+  ];
+  fileSystems."/home".options = [
+    "noatime"
+    "norelatime"
+  ];
+}

nix/configuration/hosts/hydra/hardware-configuration.nix

@@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "nvme"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+    "sdhci_pci"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.dhcpcd.enable = lib.mkForce true;
+  networking.useDHCP = lib.mkForce true;
+  networking.interfaces.enp0s2.useDHCP = lib.mkForce true;
+  # systemd.network.enable = true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

nix/configuration/hosts/hydra/optimized_build.nix

@@ -0,0 +1,88 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  imports = [ ];
+
+  config = lib.mkMerge [
+    {
+      nix.settings.system-features = lib.mkForce [
+        "gccarch-znver4"
+        "gccarch-x86-64-v3"
+        "gccarch-x86-64-v4"
+        "benchmark"
+        "big-parallel"
+        # "kvm"
+        # "nixos-test"
+      ];
+    }
+    (lib.mkIf (!config.me.buildingIso) {
+      nix.settings.system-features = lib.mkForce [
+        "gccarch-znver4"
+        "gccarch-x86-64-v3"
+        "gccarch-x86-64-v4"
+        "benchmark"
+        "big-parallel"
+        # "kvm"
+        # "nixos-test"
+      ];
+
+      # nixpkgs.hostPlatform = {
+      #   gcc.arch = "alderlake";
+      #   gcc.tune = "alderlake";
+      #   system = "x86_64-linux";
+      # };
+
+      nixpkgs.overlays = [
+        (
+          final: prev:
+          let
+            optimizeWithFlags =
+              pkg: flags:
+              pkg.overrideAttrs (old: {
+                NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
+              });
+            addConfig =
+              additionalConfig: pkg:
+              pkg.override (oldconfig: {
+                structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
+              });
+          in
+          {
+            linux_znver4 =
+              addConfig
+                {
+                  # Full preemption
+                  PREEMPT = lib.mkOverride 60 lib.kernel.yes;
+                  PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
+
+                  # Google's BBRv3 TCP congestion Control
+                  TCP_CONG_BBR = lib.kernel.yes;
+                  DEFAULT_BBR = lib.kernel.yes;
+
+                  # Preemptive Full Tickless Kernel at 300Hz
+                  HZ = lib.kernel.freeform "300";
+                  HZ_300 = lib.kernel.yes;
+                  HZ_1000 = lib.kernel.no;
+                }
+                (
+                  optimizeWithFlags prev.linux_6_13 [
+                    "-march=znver4"
+                    "-mtune=znver4"
+                  ]
+                );
+          }
+        )
+      ];
+
+      boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_znver4;
+    })
+    (lib.mkIf (config.me.buildingIso) {
+      boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_13;
+      boot.supportedFilesystems = [ "zfs" ];
+    })
+  ];
+}

nix/configuration/hosts/neelix/default.nix

@@ -21,7 +21,7 @@
   boot.initrd.kernelModules = [ "i915" ];
 
   # Mount tmpfs at /tmp
-  boot.tmp.useTmpfs = true;
+  # boot.tmp.useTmpfs = true;
 
   me.bluetooth.enable = true;
   me.emacs_flavor = "plainmacs";

nix/configuration/hosts/odo/default.nix

@@ -1,12 +1,19 @@
-{ config, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 {
   imports = [
     ./hardware-configuration.nix
     ./disk-config.nix
     ./optimized_build.nix
+    ./distributed_build.nix
     ./power_management.nix
     ./screen_brightness.nix
     ./wifi.nix
+    ./framework_module.nix
   ];
 
   # Generate with `head -c4 /dev/urandom | od -A none -t x4`
@@ -27,8 +34,15 @@
 
   environment.systemPackages = with pkgs; [
     fw-ectool
+    framework-tool
   ];
 
+  # Enable light sensor
+  # hardware.sensor.iio.enable = lib.mkDefault true;
+
+  # Enable TRIM
+  # services.fstrim.enable = lib.mkDefault true;
+
   me.alacritty.enable = true;
   me.ansible.enable = true;
   me.ares.enable = true;
@@ -38,7 +52,10 @@
   me.docker.enable = true;
   me.emacs_flavor = "full";
   me.firefox.enable = true;
+  me.flux.enable = true;
+  me.gcloud.enable = true;
   me.git.config = ../../roles/git/files/gitconfig_home;
+  me.gnuplot.enable = true;
   me.gpg.enable = true;
   me.graphical = true;
   me.graphics_card_type = "amd";
@@ -49,12 +66,16 @@
   me.lvfs.enable = true;
   me.media.enable = true;
   me.nix_index.enable = true;
+  me.pcsx2.enable = true;
   me.python.enable = true;
   me.qemu.enable = true;
   me.rust.enable = true;
+  me.sops.enable = true;
   me.sound.enable = true;
   me.steam.enable = true;
+  me.steam_run_free.enable = true;
   me.sway.enable = true;
+  me.tekton.enable = true;
   me.terraform.enable = true;
   me.vnc_client.enable = true;
   me.vscode.enable = true;

nix/configuration/hosts/odo/distributed_build.nix

@@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  imports = [ ];
+
+  config = lib.mkMerge [
+    {
+      nix.distributedBuilds = true;
+      nix.buildMachines = [
+        {
+          hostName = "hydra";
+          systems = [
+            "x86_64-linux"
+            # "aarch64-linux"
+          ];
+          maxJobs = 1;
+          speedFactor = 2;
+          supportedFeatures = [
+            # "nixos-test"
+            "benchmark"
+            "big-parallel"
+            # "kvm"
+          ];
+        }
+      ];
+    }
+  ];
+}

nix/configuration/hosts/odo/framework_module.nix

@@ -0,0 +1,23 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  config = lib.mkMerge [
+    {
+      boot.extraModulePackages = with config.boot.kernelPackages; [
+        framework-laptop-kmod
+      ];
+      # https://github.com/DHowett/framework-laptop-kmod?tab=readme-ov-file#usage
+      boot.kernelModules = [
+        "cros_ec"
+        "cros_ec_lpcs"
+      ];
+    }
+  ];
+}

nix/configuration/hosts/odo/optimized_build.nix

@@ -2,6 +2,7 @@
   config,
   lib,
   pkgs,
+  pkgs-unoptimized,
   ...
 }:
 {
@@ -22,16 +23,18 @@
         "nixos-test"
       ];
 
-      # nixpkgs.hostPlatform = {
-      #   gcc.arch = "znver4";
-      #   gcc.tune = "znver4";
-      #   system = "x86_64-linux";
+      # Keep ALL dependencies so we can rebuild offline. This DRASTICALLY increase disk usage, but disk space is cheap.
+      # system.includeBuildDependencies = true;
 
-      # };
+      nixpkgs.hostPlatform = {
+        gcc.arch = "znver4";
+        gcc.tune = "znver4";
+        system = "x86_64-linux";
+      };
 
       nixpkgs.overlays = [
         (
-          self: super:
+          final: prev:
           let
             optimizeWithFlags =
               pkg: flags:
@@ -62,19 +65,45 @@
                   HZ_1000 = lib.kernel.no;
                 }
                 (
-                  optimizeWithFlags super.linux_6_12 [
+                  optimizeWithFlags prev.linux_6_13 [
                     "-march=znver4"
                     "-mtune=znver4"
                   ]
                 );
+            # gsl = prev.gsl.overrideAttrs (old: {
+            #   # gsl tests fails when optimizations are enabled.
+            #   # > FAIL: cholesky_invert unscaled hilbert (  4,  4)[0,2]: 2.55795384873636067e-13                        0
+            #   # >  (2.55795384873636067e-13 observed vs 0 expected) [28259614]
+            #   doCheck = false;
+            # });
           }
         )
+        (final: prev: {
+          haskellPackages = prev.haskellPackages.extend (
+            final': prev': {
+              crypton = pkgs-unoptimized.haskellPackages.crypton;
+            }
+          );
+        })
+        # (final: prev: {
+        #   haskell = prev.haskell // {
+        #     packageOverrides = final.lib.composeExtensions prev.haskell.packageOverrides (
+        #       final': prev': {
+        #         crypton = pkgs-unoptimized.haskellPackages.crypton;
+        #       }
+        #     );
+        #   };
+        # })
+        (final: prev: {
+          redis = pkgs-unoptimized.redis;
+          gsl = pkgs-unoptimized.gsl;
+        })
       ];
 
       boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_znver4;
     })
     (lib.mkIf (config.me.buildingIso) {
-      boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
+      boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_13;
       boot.supportedFilesystems.zfs = true;
     })
   ];

nix/configuration/hosts/odo/wifi.nix

@@ -9,9 +9,10 @@
   imports = [ ];
 
   config = {
-    environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
-      doas iw dev wlan0 set power_save off
-    '';
+    # Doesn't seem necessary starting with 6.13
+    # environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
+    #   doas iw dev wlan0 set power_save off
+    # '';
 
     # Enable debug logging for ath12k wifi card.
     boot.kernelParams = [

nix/configuration/roles/docker/default.nix

@@ -56,6 +56,32 @@
           # };
         };
 
+        systemd.services.link-docker-creds = {
+          # Contains credentials so it cannot be added to the nix store
+          enable = true;
+          description = "link-docker-creds";
+          wantedBy = [ "multi-user.target" ];
+          wants = [ "multi-user.target" ];
+          after = [ "multi-user.target" ];
+          # path = with pkgs; [
+          #   zfs
+          # ];
+          unitConfig.DefaultDependencies = "no";
+          serviceConfig = {
+            Type = "oneshot";
+            RemainAfterExit = "yes";
+          };
+          script = ''
+            if [ -e /persist/manual/docker/config.json ]; then
+              install --directory --owner talexander --group talexander --mode 0700 /home/talexander/.docker
+              ln -s /persist/manual/docker/config.json /home/talexander/.docker/config.json
+            fi
+          '';
+          preStop = ''
+            rm -f /home/talexander/.docker/config.json
+          '';
+        };
+
         # Needed for non-rootless docker
         users.users.talexander.extraGroups = [ "docker" ];
       }

nix/configuration/roles/emacs/default.nix

@@ -89,7 +89,7 @@ in
       (lib.mkIf (config.me.graphical) {
         nixpkgs.overlays = [
           (final: prev: {
-            my_emacs = final.emacs29-pgtk;
+            my_emacs = final.emacs30-pgtk;
           })
         ];
       })
@@ -121,6 +121,7 @@ in
                       dicts: with dicts; [
                         en
                         en-computers
+                        # en-science # TODO: Why is en-science non-free?
                       ]
                     ))
                     final.nixd # nix language server
@@ -129,6 +130,9 @@ in
                     final.shellcheck
                     final.cmake-language-server
                     final.cmake # Used by cmake-language-server
+                    final.rust-analyzer
+                    final.nodePackages_latest.prettier # Format yaml, json, and JS
+                    final.terraform-ls
                   ]
                 }
               '';

nix/configuration/roles/emacs/files/emacs/elisp/base-extensions.el

@@ -51,17 +51,27 @@
 ;; Persist history over Emacs restarts. Vertico sorts by history position.
 (use-package savehist
   ;; This is an emacs built-in but we're pulling the latest version
+  :pin gnu
   :config
   (savehist-mode))
 
 (use-package which-key
+  :pin gnu
   :diminish
   :config
   (which-key-mode))
 
 (use-package windmove
-  :config
-  (windmove-default-keybindings))
+  ;; This is an emacs built-in but we're pulling the latest version
+  :pin gnu
+  :bind
+  (
+   ("S-<up>" . windmove-up)
+   ("S-<right>" . windmove-right)
+   ("S-<down>" . windmove-down)
+   ("S-<left>" . windmove-left)
+   )
+  )
 
 (setq tramp-default-method "ssh")
 

nix/configuration/roles/emacs/files/emacs/elisp/base.el

@@ -63,6 +63,9 @@
  show-trailing-whitespace t
  ;; Remove the line when killing it with ctrl-k
  kill-whole-line t
+
+ ;; Show the current project in the mode line
+ project-mode-line t
  )
 
 ;; (setq-default fringes-outside-margins t)

nix/configuration/roles/emacs/files/emacs/elisp/lang-org.el

@@ -1,16 +1,23 @@
 (use-package org
   :ensure nil
   :commands org-mode
-  :bind (
+  :bind (:map org-mode-map
          ("C-c l" . org-store-link)
          ("C-c a" . org-agenda)
-         ("C--" . org-timestamp-down)
-         ("C-=" . org-timestamp-up)
+         ("S-<up>" . org-shiftup)
+         ("S-<right>" . org-shiftright)
+         ("S-<down>" . org-shiftdown)
+         ("S-<left>" . org-shiftleft)
          )
   :hook (
          (org-mode . (lambda ()
                        (org-indent-mode +1)
-                        ))
+                       ))
+         ;; Make windmove work in Org mode:
+         (org-shiftup-final . windmove-up)
+         (org-shiftleft-final . windmove-left)
+         (org-shiftdown-final . windmove-down)
+         (org-shiftright-final . windmove-right)
          )
   :config
   (require 'org-tempo)

nix/configuration/roles/flux/default.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    flux.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install flux.";
+    };
+  };
+
+  config = lib.mkIf config.me.flux.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+          fluxcd
+        ];
+      }
+    ]
+  );
+}

nix/configuration/roles/gcloud/default.nix

@@ -0,0 +1,43 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    gcloud.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install gcloud.";
+    };
+  };
+
+  config = lib.mkIf config.me.gcloud.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+          (google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ])
+        ];
+
+        environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
+          hideMounts = true;
+          users.talexander = {
+            directories = [
+              {
+                directory = ".config/gcloud";
+                user = "talexander";
+                group = "talexander";
+                mode = "0700";
+              }
+            ];
+          };
+        };
+      }
+    ]
+  );
+}

nix/configuration/roles/git/files/gitconfig_home

@@ -3,7 +3,7 @@
 	name = Tom Alexander
 	signingkey = D3A179C9A53C0EDE
 [push]
-	default = simple
+	default = simple # (default since 2.0)
 [alias]
 	lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
 	bh = log --oneline --branches=* --remotes=* --graph --decorate
@@ -12,24 +12,42 @@
 	excludesfile = ~/.gitignore_global
 [commit]
 	gpgsign = true
+	verbose = true
 [pull]
 	rebase = true
 [log]
 	date = local
 [init]
 	defaultBranch = main
-
-# Use meld for `git difftool` and `git mergetool`
 [diff]
-	tool = meld
+	tool = meld # Use meld for `git difftool` and `git mergetool`
+	algorithm = histogram
+	colorMoved = plain
+	mnemonicPrefix = true
+	renames = true
 [difftool]
 	prompt = false
 [difftool "meld"]
 	cmd = meld "$LOCAL" "$REMOTE"
 [merge]
 	tool = meld
+	conflictStyle = zdiff3
 [mergetool "meld"]
         # Make the middle pane start with partially-merged contents:
 	cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
         # Make the middle pane start without any merge progress:
 	# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"
+[column]
+	ui = auto
+[branch]
+	sort = -committerdate
+[tag]
+	sort = version:refname
+[fetch]
+	prune = true
+	pruneTags = true
+	all = true
+[rebase]
+	autoSquash = true
+	autoStash = true
+	updateRefs = true

nix/configuration/roles/gnuplot/default.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    gnuplot.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install gnuplot.";
+    };
+  };
+
+  config = lib.mkIf config.me.gnuplot.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+          gnuplot
+        ];
+      }
+    ]
+  );
+}

nix/configuration/roles/graphics/default.nix

@@ -37,6 +37,11 @@
           xorg.xeyes # to test which windows are using x11
         ];
         hardware.graphics.enable = true;
+        # hardware.graphics.enable32Bit = true;
+
+        # Vulkan Support (64-bit is enabled by default, 32-bit is disabled by default)
+        # hardware.opengl.driSupport = true; # This is already enabled by default
+        # hardware.opengl.driSupport32Bit = true; # For 32 bit applications
       })
     ]
   );

nix/configuration/roles/kubernetes/default.nix

@@ -28,6 +28,21 @@ let
   alias_klog = pkgs.writeShellScriptBin "klog" ''
     exec ${pkgs.kubectl}/bin/kubectl logs --all-containers "$@"
   '';
+  decrypt_k8s_secret =
+    (pkgs.writeScriptBin "decrypt_k8s_secret" (builtins.readFile ./files/decrypt_k8s_secret.bash))
+    .overrideAttrs
+      (old: {
+        buildCommand = "${old.buildCommand}\n patchShebangs $out";
+        buildInputs = [ pkgs.makeWrapper ];
+        postBuild = ''
+          wrapProgram $out/bin/decrypt_k8s_secret --prefix PATH : ${
+            lib.makeBinPath [
+              pkgs.kubectl
+              pkgs.jq
+            ]
+          }
+        '';
+      });
 in
 {
   imports = [ ];
@@ -55,6 +70,8 @@ in
           alias_kdel
           alias_kd
           alias_klog
+          decrypt_k8s_secret
+          ingress2gateway # Convert ingress yaml to gateway yaml
         ];
 
         environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {

nix/configuration/roles/kubernetes/files/decrypt_k8s_secret.bash

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+kubectl get secret -o json "${@}" | jq '.data[] |= @base64d | .data'

nix/configuration/roles/media/default.nix

@@ -17,6 +17,8 @@ let
         buildCommand = "${old.buildCommand}\n patchShebangs $out";
 
       });
+  kernel_version_check = lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.12";
+  nixos_version_check = lib.versionAtLeast (lib.versions.majorMinor lib.version) "25.05";
 in
 {
   imports = [ ];
@@ -35,6 +37,8 @@ in
       {
         environment.systemPackages = with pkgs; [
           ffmpeg
+          libva-utils # for vainfo
+          vdpauinfo
         ];
       }
       (lib.mkIf config.me.graphical {
@@ -59,6 +63,21 @@ in
           cast_file_vaapi
         ];
       })
+      (lib.mkIf (config.me.graphics_card_type == "amd") {
+        environment.sessionVariables = {
+          VDPAU_DRIVER = "radeonsi";
+        };
+      })
+      (lib.mkIf (config.me.graphics_card_type == "intel") {
+        hardware.graphics.extraPackages = with pkgs; [
+          intel-media-driver
+          libvdpau-va-gl # Support vdpau applications using va-api
+        ];
+
+        environment.sessionVariables = {
+          VDPAU_DRIVER = "va_gl";
+        };
+      })
     ]
   );
 }

nix/configuration/roles/network/default.nix

@@ -61,6 +61,7 @@
     iwd
     ldns # for drill
     arp-scan # To find devices on the network
+    wavemon
   ];
 
   boot.extraModprobeConfig = ''

nix/configuration/roles/pcsx2/default.nix

@@ -0,0 +1,95 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    pcsx2.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install pcsx2.";
+    };
+  };
+
+  config = lib.mkIf config.me.pcsx2.enable (
+    lib.mkMerge [
+      (lib.mkIf config.me.graphical {
+        environment.systemPackages = with pkgs; [
+          pcsx2
+        ];
+
+        environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
+          hideMounts = true;
+          users.talexander = {
+            directories = [
+              {
+                # Shaders, games list, and achievement data.
+                directory = ".config/PCSX2/cache";
+                user = "talexander";
+                group = "talexander";
+                mode = "0755";
+              }
+              {
+                # Save states.
+                directory = ".config/PCSX2/sstates";
+                user = "talexander";
+                group = "talexander";
+                mode = "0755";
+              }
+              {
+                # Screenshots.
+                directory = ".config/PCSX2/snaps";
+                user = "talexander";
+                group = "talexander";
+                mode = "0755";
+              }
+              {
+                # Game covers.
+                directory = ".config/PCSX2/covers";
+                user = "talexander";
+                group = "talexander";
+                mode = "0755";
+              }
+              {
+                # Video recordings.
+                directory = ".config/PCSX2/videos";
+                user = "talexander";
+                group = "talexander";
+                mode = "0755";
+              }
+            ];
+          };
+        };
+
+        environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
+          hideMounts = true;
+          users.talexander = {
+            directories = [
+              {
+                # Game saves
+                directory = ".config/PCSX2/memcards";
+                user = "talexander";
+                group = "talexander";
+                mode = "0755";
+              }
+            ];
+          };
+        };
+
+        home-manager.users.talexander =
+          { pkgs, ... }:
+          {
+            home.file.".config/PCSX2/inis/PCSX2.ini" = {
+              source = ./files/PCSX2.ini;
+            };
+          };
+      })
+    ]
+  );
+}

nix/configuration/roles/pcsx2/files/PCSX2.ini

@@ -0,0 +1,104 @@
+[UI]
+SettingsVersion = 1
+InhibitScreensaver = true
+ConfirmShutdown = false
+StartPaused = false
+PauseOnFocusLoss = true
+StartFullscreen = true
+
+
+[Folders]
+Bios = ../../persist/games/ps2/bios
+Snapshots = snaps
+Savestates = sstates
+MemoryCards = memcards
+Logs = logs
+Cheats = cheats
+Patches = patches
+UserResources = resources
+Cache = cache
+Textures = textures
+InputProfiles = inputprofiles
+Videos = videos
+
+
+[EmuCore/GS]
+VsyncEnable = true
+# Internal resolution aspect corrected
+ScreenshotSize = 1
+# webp
+ScreenshotFormat = 2
+OsdShowFPS = true
+# Capture video at internal resolution
+VideoCaptureAutoResolution = true
+# 2x native resolution
+upscale_multiplier = 2
+CaptureContainer = mkv
+VideoCaptureCodec = av1_vaapi
+AudioCaptureCodec = flac
+
+
+[Filenames]
+BIOS = ps2-0230a-20080220.bin
+
+[MemoryCards]
+Slot1_Enable = true
+Slot1_Filename = Mcd001.ps2
+Slot2_Enable = true
+Slot2_Filename = Mcd002.ps2
+
+
+[InputSources]
+Keyboard = false
+Mouse = false
+SDL = true
+# Enhanced ps4 and ps5 controller support
+SDLControllerEnhancedMode = true
+SDLPS5PlayerLED = true
+
+
+[Pad1]
+Type = DualShock2
+InvertL = 0
+InvertR = 0
+Deadzone = 0
+AxisScale = 1.33
+LargeMotorScale = 1
+SmallMotorScale = 1
+ButtonDeadzone = 0
+PressureModifier = 0.5
+Up = SDL-0/DPadUp
+Right = SDL-0/DPadRight
+Down = SDL-0/DPadDown
+Left = SDL-0/DPadLeft
+Triangle = SDL-0/Y
+Circle = SDL-0/B
+Cross = SDL-0/A
+Square = SDL-0/X
+Select = SDL-0/Back
+Start = SDL-0/Start
+L1 = SDL-0/LeftShoulder
+L2 = SDL-0/+LeftTrigger
+R1 = SDL-0/RightShoulder
+R2 = SDL-0/+RightTrigger
+L3 = SDL-0/LeftStick
+R3 = SDL-0/RightStick
+LUp = SDL-0/-LeftY
+LRight = SDL-0/+LeftX
+LDown = SDL-0/+LeftY
+LLeft = SDL-0/-LeftX
+RUp = SDL-0/-RightY
+RRight = SDL-0/+RightX
+RDown = SDL-0/+RightY
+RLeft = SDL-0/-RightX
+Analog = SDL-0/Guide
+LargeMotor = SDL-0/LargeMotor
+SmallMotor = SDL-0/SmallMotor
+
+
+[AutoUpdater]
+CheckAtStartup = false
+
+
+[GameList]
+RecursivePaths = /home/talexander/persist/games/ps2/roms

nix/configuration/roles/rust/default.nix

@@ -1,3 +1,6 @@
+# MANUAL: rustup target add x86_64-unknown-linux-musl
+# MANUAL: rustup target add wasm32-unknown-unknown
+# MANUAL: rustup component add rustc-codegen-cranelift
 {
   config,
   lib,
@@ -5,6 +8,21 @@
   ...
 }:
 
+let
+  cargo_wrapped =
+    package: prog:
+    pkgs.writeShellScriptBin "${prog}" ''
+      export PATH="$PATH:${
+        lib.makeBinPath [
+          pkgs.clang
+          pkgs.pkg-config # Needed for openssl-sys
+        ]
+      }"
+      # Needed for openssl-sys
+      export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:${pkgs.openssl.dev}/lib/pkgconfig"
+      exec ${package}/bin/${prog} "''${@}"
+    '';
+in
 {
   imports = [ ];
 
@@ -24,7 +42,6 @@
           rustup
           lldb # for lldb-vscode
           musl # for building static binaries
-          rust-analyzer
           cargo-semver-checks
           # ? cargo-bloat
           # ? cargo-outdated
@@ -38,17 +55,89 @@
               ".cargo/config.toml" = {
                 source = ./files/cargo_config.toml;
               };
-              # # TODO: Figure out what to do with credentials.
-              # ".cargo/credentials.toml" = {
-              #   source = ./files/cargo_credentials.toml;
-              # };
+              ".rustup/settings.toml" = {
+                source = ./files/rustup_settings.toml;
+              };
             };
           };
 
+        environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
+          hideMounts = true;
+          users.talexander = {
+            directories = [
+              {
+                directory = ".rustup";
+                user = "talexander";
+                group = "talexander";
+                mode = "0755";
+              }
+              {
+                directory = ".cargo/registry";
+                user = "talexander";
+                group = "talexander";
+                mode = "0755";
+              }
+            ];
+          };
+        };
+
+        systemd.services.link-rust-creds = {
+          # Contains credentials so it cannot be added to the nix store
+          enable = true;
+          description = "link-rust-creds";
+          wantedBy = [ "multi-user.target" ];
+          wants = [ "multi-user.target" ];
+          after = [ "multi-user.target" ];
+          # path = with pkgs; [
+          #   zfs
+          # ];
+          unitConfig.DefaultDependencies = "no";
+          serviceConfig = {
+            Type = "oneshot";
+            RemainAfterExit = "yes";
+          };
+          script = ''
+            if [ -e /persist/manual/rust/cargo_credentials.toml ]; then
+              install --directory --owner talexander --group talexander --mode 0755 /home/talexander/.cargo
+              ln -s /persist/manual/rust/cargo_credentials.toml /home/talexander/.cargo/credentials.toml
+            fi
+          '';
+          preStop = ''
+            rm -f /home/talexander/.cargo/credentials.toml
+          '';
+        };
+
+        nixpkgs.overlays = [
+          (final: prev: {
+            rustup = pkgs.symlinkJoin {
+              name = "rustup";
+              paths =
+                (builtins.map (cargo_wrapped prev.rustup) [
+                  "cargo"
+                  "cargo-clippy"
+                  "cargo-fmt"
+                  "cargo-miri"
+                  "clippy-driver"
+                  "rls"
+                  "rust-analyzer"
+                  "rust-gdb"
+                  "rust-gdbgui"
+                  "rust-lldb"
+                  "rustc"
+                  "rustdoc"
+                  "rustfmt"
+                  "rustup"
+                ])
+                ++ [
+                  prev.rustup
+                ];
+              buildInputs = [ pkgs.makeWrapper ];
+            };
+          })
+        ];
       }
     ]
   );
 }
 
 # TODO: Install clippy, cranelift, rust-src
-# TODO: Install rust targets x86_64-unknown-linux-musl and wasm32-unknown-unknown

nix/configuration/roles/rust/files/rustup_settings.toml

@@ -0,0 +1,5 @@
+default_toolchain = "nightly-x86_64-unknown-linux-gnu"
+profile = "default"
+version = "12"
+
+[overrides]

nix/configuration/roles/sops/default.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    sops.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install sops.";
+    };
+  };
+
+  config = lib.mkIf config.me.sops.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+          sops # For encrypting kubernetes secrets.
+        ];
+      }
+    ]
+  );
+}

nix/configuration/roles/ssh/default.nix

@@ -20,4 +20,20 @@
       ];
     };
   };
+
+  home-manager.users.talexander =
+    { pkgs, ... }:
+    {
+      home.file.".ssh/config" = {
+        source = ./files/ssh_config;
+      };
+    };
+
+  home-manager.users.root =
+    { pkgs, ... }:
+    {
+      home.file.".ssh/config" = {
+        source = ./files/ssh_config_root;
+      };
+    };
 }

nix/configuration/roles/ssh/files/ssh_config

@@ -0,0 +1,38 @@
+Host poudriere
+  ProxyJump talexander@mrmanager
+  HostName 10.215.1.203
+
+Host controller0
+  ProxyJump talexander@mrmanager
+  HostName 10.215.1.204
+
+Host controller1
+  ProxyJump talexander@mrmanager
+  HostName 10.215.1.205
+
+Host controller2
+  ProxyJump talexander@mrmanager
+  HostName 10.215.1.206
+
+Host worker0
+  ProxyJump talexander@mrmanager
+  HostName 10.215.1.207
+
+Host worker1
+  ProxyJump talexander@mrmanager
+  HostName 10.215.1.208
+
+Host worker2
+  ProxyJump talexander@mrmanager
+  HostName 10.215.1.209
+
+Host brianai
+  ProxyJump talexander@mrmanager
+  HostName 10.215.1.215
+
+Host hydra
+  ProxyJump talexander@mrmanager
+  HostName 10.215.1.219
+
+Host *
+  Compression yes

nix/configuration/roles/ssh/files/ssh_config_root

@@ -0,0 +1,9 @@
+Host hydra
+  HostName ns1.fizz.buzz
+  Port 65122
+  User talexander
+  IdentitiesOnly yes
+  IdentityFile /persist/manual/ssh/root/keys/id_ed25519
+
+Host *
+  Compression yes

nix/configuration/roles/steam_run_free/default.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    steam_run_free.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install steam_run_free.";
+    };
+  };
+
+  config = lib.mkIf config.me.steam_run_free.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+          steam-run-free
+        ];
+      }
+    ]
+  );
+}

nix/configuration/roles/tekton/default.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    tekton.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install tekton.";
+    };
+  };
+
+  config = lib.mkIf config.me.tekton.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+          tektoncd-cli
+        ];
+      }
+    ]
+  );
+}

nix/configuration/roles/terraform/default.nix

@@ -48,6 +48,12 @@ in
           };
         };
       }
+      (lib.mkIf config.me.kubernetes.enable {
+        environment.systemPackages = with pkgs; [
+          tfk8s # Converts k8s yaml manifests to terraform kubernetes_manifest.
+          k2tf # Converts k8s yaml manifests to terraform real types.
+        ];
+      })
     ]
   );
 }

nix/configuration/roles/wasm/default.nix

@@ -2,6 +2,7 @@
   config,
   lib,
   pkgs,
+  pkgs-unoptimized,
   ...
 }:
 
@@ -23,7 +24,7 @@
         environment.systemPackages = with pkgs; [
           wabt
           wasm-bindgen-cli
-          binaryen # for wasm-opt
+          pkgs-unoptimized.binaryen # for wasm-opt
         ];
       }
     ]

nix/configuration/roles/waybar/files/style.css

@@ -53,6 +53,7 @@
 }
 
 tooltip {
+  /* CSS for hover menu */
   background-color: #323232;
 }
 
@@ -183,7 +184,23 @@ tooltip {
 }
 
 #tray {
-  /* No styles */
+  /* CSS rules for the tray (not the right-click or hover menu) */
+}
+
+/* #tray menu menuitem */
+#tray menu {
+  /* CSS for right click menu */
+  background: #323232;
+  padding: 5px;
+  border: 1px solid white;
+}
+#tray menu menuitem {
+  /* CSS for menu items in the right click menu */
+}
+
+#tray menu menuitem:hover {
+  /* CSS for hovering over a right-click menu item. */
+  background-color: #434343;
 }
 
 #window {

nix/steam_deck/configuration/flake.lock

@@ -0,0 +1,101 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1739314552,
+        "narHash": "sha256-ggVf2BclyIW3jexc/uvgsgJH4e2cuG6Nyg54NeXgbFI=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "83bd3a26ac0526ae04fa74df46738bb44b89dcdd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1737831083,
+        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
+    "nixgl": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1713543440,
+        "narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=",
+        "owner": "nix-community",
+        "repo": "nixGL",
+        "rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixGL",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1739138025,
+        "narHash": "sha256-M4ilIfGxzbBZuURokv24aqJTbdjPA9K+DtKUzrJaES4=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "b2243f41e860ac85c0b446eadc6930359b294e79",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "home-manager": "home-manager",
+        "impermanence": "impermanence",
+        "nixgl": "nixgl",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

nix/steam_deck/configuration/flake.nix

@@ -0,0 +1,47 @@
+{
+  description = "My system configuration";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+    nixgl.url = "github:nix-community/nixGL";
+    nixgl.inputs.nixpkgs.follows = "nixpkgs";
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    impermanence = {
+      url = "github:nix-community/impermanence";
+    };
+  };
+  outputs =
+    {
+      nixpkgs,
+      nixgl,
+      home-manager,
+      impermanence,
+      ...
+    }:
+    let
+      system = "x86_64-linux";
+      pkgs = import nixpkgs {
+        inherit system;
+        overlays = [ nixgl.overlay ];
+      };
+    in
+    # pkgs = nixpkgs.legacyPackages.${system};
+    {
+      defaultPackage.${system} = home-manager.defaultPackage.${system};
+      homeConfigurations."deck" = home-manager.lib.homeManagerConfiguration {
+        inherit pkgs;
+
+        extraSpecialArgs = { inherit nixgl; };
+
+        modules = [
+          { nixpkgs.overlays = [ nixgl.overlay ]; }
+          impermanence.homeManagerModules.impermanence
+          ./hosts/deck
+          ./home.nix
+        ];
+      };
+    };
+}

nix/steam_deck/configuration/home.nix

@@ -0,0 +1,55 @@
+# TODO: Optimize for znver2
+{
+  config,
+  pkgs,
+  nixgl,
+  ...
+}:
+{
+  imports = [
+    ./roles/2ship2harkinian
+    ./roles/global_options
+    ./roles/graphics
+    ./roles/pcsx2
+    ./roles/rpcs3
+    ./roles/shipwright
+    ./roles/sm64ex
+    ./roles/steam_rom_manager
+    ./util/unfree_polyfill
+  ];
+
+  home.username = "deck";
+  home.homeDirectory = "/home/deck";
+  home.stateVersion = "24.11";
+
+  programs.home-manager.enable = true;
+
+  # enable flakes
+  nix = {
+    package = pkgs.nix;
+    settings.experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+  };
+  # Automatic garbage collection
+  nix.gc = {
+    # Runs nix-collect-garbage --delete-older-than 30d
+    automatic = true;
+    randomizedDelaySec = "14m";
+    options = "--delete-older-than 30d";
+  };
+  nix.settings.auto-optimise-store = true;
+
+  home.packages = with pkgs; [
+    pkgs.nixgl.nixGLIntel
+    (pkgs.nixgl.nixGLCommon pkgs.nixgl.nixGLIntel)
+    pkgs.nixgl.nixVulkanIntel
+  ];
+
+  # This would keep build-time dependencies so I can rebuild while offline.
+  # nix.settings = {
+  #   keep-outputs = true;
+  #   keep-derivations = true;
+  # };
+}

nix/steam_deck/configuration/hosts/deck/default.nix

@@ -0,0 +1,21 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  config = {
+    me.graphical = true;
+    me.optimizations.enable = true;
+    me.pcsx2.enable = true;
+    me.rpcs3.enable = true;
+    me.ship2harkinian.enable = true;
+    me.shipwright.enable = true;
+    me.sm64ex.enable = true;
+    me.steam_rom_manager.enable = true; # Steam rom manager UI does not render. I think it wants to be in an AppImage.
+  };
+}

nix/steam_deck/configuration/roles/2ship2harkinian/default.nix

@@ -0,0 +1,96 @@
+# MANUAL: mkdir -p ~/.persist/.local/share/2ship/saves
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  steam_2s2h = pkgs.writeScriptBin "steam_2s2h" ''
+    export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${pkgs.libglvnd}/lib"
+    exec ${pkgs._2ship2harkinian}/bin/2s2h
+  '';
+in
+{
+  imports = [ ];
+
+  options.me = {
+    ship2harkinian.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install 2ship2harkinian.";
+    };
+  };
+
+  config = lib.mkIf config.me.ship2harkinian.enable (
+    lib.mkMerge [
+      {
+        allowedUnfree = [ "2ship2harkinian" ];
+      }
+      (lib.mkIf config.me.graphical {
+        home.packages = with pkgs; [
+          _2ship2harkinian
+          steam_2s2h
+        ];
+
+        home.file.".local/share/2ship/2ship2harkinian.json" = {
+          source = ./files/2ship2harkinian.json;
+        };
+
+        home.persistence."/home/deck/.persist" = {
+          directories = [
+            {
+              directory = ".local/share/2ship/saves";
+              method = "symlink";
+            }
+          ];
+        };
+        home.persistence."/home/deck/.state" = {
+          files = [
+            ".local/share/2ship/mm.o2r"
+          ];
+        };
+
+        nixpkgs.overlays = [
+          (
+            final: prev:
+            let
+              optimizeWithFlags =
+                pkg: flags:
+                pkg.overrideAttrs (old: {
+                  NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
+                });
+              original_package =
+                if config.me.optimizations.enable then
+                  (optimizeWithFlags prev._2ship2harkinian [
+                    "-march=znver2"
+                    "-mtune=znver2"
+                  ])
+                else
+                  prev._2ship2harkinian;
+            in
+            {
+              _2ship2harkinian = pkgs.buildEnv {
+                name = prev._2ship2harkinian.name;
+                paths = [
+                  (config.lib.nixGL.wrap original_package)
+                ];
+                extraOutputsToInstall = [
+                  "man"
+                  "doc"
+                  "info"
+                ];
+                # We have to use 555 instead of the normal 444 here because the .desktop file ends up inside $HOME on steam deck and desktop files must be either not in $HOME or must be executable, otherwise KDE Plasma refuses to execute them.
+                postBuild = ''
+                  chmod 0555 $out/share/applications/2s2h.desktop
+                '';
+              };
+            }
+          )
+        ];
+      })
+    ]
+  );
+}

nix/steam_deck/configuration/roles/2ship2harkinian/files/2ship2harkinian.json

@@ -0,0 +1,20 @@
+{
+  "CVars": {
+    "gInterpolationFPS": 60,
+    "gEnhancements": {
+      "Graphics": {
+        "AuthenticLogo": 1
+      }
+    },
+    "gSettings": {
+      "InternalResolution": 2.0,
+      "MSAAValue": 2,
+      "OpenMenuBar": 0
+    }
+  },
+  "Window": {
+    "Fullscreen": {
+      "Enabled": true
+    }
+  }
+}

nix/steam_deck/configuration/roles/blank/default.nix

@@ -0,0 +1,30 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    blank.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install blank.";
+    };
+  };
+
+  config = lib.mkIf config.me.blank.enable (
+    lib.mkMerge [
+      {
+        home.packages = with pkgs; [
+        ];
+      }
+      (lib.mkIf config.me.graphical {
+      })
+    ]
+  );
+}

nix/steam_deck/configuration/roles/global_options/default.nix

@@ -0,0 +1,19 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    optimizations.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to enable CPU optimizations (will trigger a rebuild from source).";
+    };
+  };
+}

nix/steam_deck/configuration/roles/graphics/default.nix

@@ -0,0 +1,43 @@
+{
+  config,
+  lib,
+  pkgs,
+  nixgl,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me.graphics_card_type = lib.mkOption {
+    type = lib.types.nullOr (
+      lib.types.enum [
+        "amd"
+        "intel"
+        "nvidia"
+      ]
+    );
+    default = null;
+    example = "amd";
+    description = "What graphics card type is in the computer.";
+  };
+
+  options.me.graphical = lib.mkOption {
+    type = lib.types.bool;
+    default = false;
+    example = true;
+    description = "Whether we want to install graphical programs.";
+  };
+
+  config = (
+    lib.mkMerge [
+      (lib.mkIf config.me.graphical {
+        nixGL.packages = nixgl.packages;
+        # home.packages = with pkgs; [
+        #   mesa-demos # for glxgears
+        #   vulkan-tools # for vkcube
+        # ];
+      })
+    ]
+  );
+}

nix/steam_deck/configuration/roles/pcsx2/default.nix

@@ -0,0 +1,112 @@
+# MANUAL: mkdir -p ~/.persist/.config/PCSX2/memcards ~/.state/.config/PCSX2/cache ~/.state/.config/PCSX2/sstates ~/.state/.config/PCSX2/snaps ~/.state/.config/PCSX2/covers ~/.state/.config/PCSX2/videos
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  steam_pcsx2 = pkgs.writeScriptBin "steam_pcsx2" ''
+    export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${pkgs.libglvnd}/lib"
+    exec ${pkgs.pcsx2}/bin/pcsx2-qt
+  '';
+in
+{
+  imports = [ ];
+
+  options.me = {
+    pcsx2.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install pcsx2.";
+    };
+  };
+
+  config = lib.mkIf config.me.pcsx2.enable (
+    lib.mkMerge [
+      (lib.mkIf config.me.graphical {
+        home.packages = with pkgs; [
+          pcsx2
+          steam_pcsx2
+        ];
+
+        home.file.".config/PCSX2/inis/PCSX2.ini" = {
+          source = ./files/PCSX2.ini;
+        };
+
+        home.persistence."/home/deck/.persist" = {
+          directories = [
+            {
+              directory = ".config/PCSX2/memcards";
+              method = "symlink";
+            }
+          ];
+        };
+        home.persistence."/home/deck/.state" = {
+          directories = [
+            {
+              directory = ".config/PCSX2/cache";
+              method = "symlink";
+            }
+            {
+              directory = ".config/PCSX2/sstates";
+              method = "symlink";
+            }
+            {
+              directory = ".config/PCSX2/snaps";
+              method = "symlink";
+            }
+            {
+              directory = ".config/PCSX2/covers";
+              method = "symlink";
+            }
+            {
+              directory = ".config/PCSX2/videos";
+              method = "symlink";
+            }
+          ];
+        };
+
+        nixpkgs.overlays = [
+          (
+            final: prev:
+            let
+              optimizeWithFlags =
+                pkg: flags:
+                pkg.overrideAttrs (old: {
+                  NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
+                });
+              original_package =
+                if config.me.optimizations.enable then
+                  (optimizeWithFlags prev.pcsx2 [
+                    "-march=znver2"
+                    "-mtune=znver2"
+                  ])
+                else
+                  prev.pcsx2;
+            in
+            {
+              pcsx2 = pkgs.buildEnv {
+                name = prev.pcsx2.name;
+                paths = [
+                  (config.lib.nixGL.wrap original_package)
+                ];
+                extraOutputsToInstall = [
+                  "man"
+                  "doc"
+                  "info"
+                ];
+                # We have to use 555 instead of the normal 444 here because the .desktop file ends up inside $HOME on steam deck and desktop files must be either not in $HOME or must be executable, otherwise KDE Plasma refuses to execute them.
+                postBuild = ''
+                  chmod 0555 $out/share/applications/PCSX2.desktop
+                '';
+              };
+            }
+          )
+        ];
+      })
+    ]
+  );
+}

nix/steam_deck/configuration/roles/pcsx2/files/PCSX2.ini

@@ -0,0 +1,104 @@
+[UI]
+SettingsVersion = 1
+InhibitScreensaver = true
+ConfirmShutdown = false
+StartPaused = false
+PauseOnFocusLoss = true
+StartFullscreen = true
+
+
+[Folders]
+Bios = ../../.persist/manual/games/ps2/bios
+Snapshots = snaps
+Savestates = sstates
+MemoryCards = memcards
+Logs = logs
+Cheats = cheats
+Patches = patches
+UserResources = resources
+Cache = cache
+Textures = textures
+InputProfiles = inputprofiles
+Videos = videos
+
+
+[EmuCore/GS]
+VsyncEnable = true
+# Internal resolution aspect corrected
+ScreenshotSize = 1
+# webp
+ScreenshotFormat = 2
+OsdShowFPS = true
+# Capture video at internal resolution
+VideoCaptureAutoResolution = true
+# 2x native resolution
+upscale_multiplier = 2
+CaptureContainer = mkv
+VideoCaptureCodec = av1_vaapi
+AudioCaptureCodec = flac
+
+
+[Filenames]
+BIOS = ps2-0230a-20080220.bin
+
+[MemoryCards]
+Slot1_Enable = true
+Slot1_Filename = Mcd001.ps2
+Slot2_Enable = true
+Slot2_Filename = Mcd002.ps2
+
+
+[InputSources]
+Keyboard = false
+Mouse = false
+SDL = true
+# Enhanced ps4 and ps5 controller support
+SDLControllerEnhancedMode = true
+SDLPS5PlayerLED = true
+
+
+[Pad1]
+Type = DualShock2
+InvertL = 0
+InvertR = 0
+Deadzone = 0
+AxisScale = 1.33
+LargeMotorScale = 1
+SmallMotorScale = 1
+ButtonDeadzone = 0
+PressureModifier = 0.5
+Up = SDL-0/DPadUp
+Right = SDL-0/DPadRight
+Down = SDL-0/DPadDown
+Left = SDL-0/DPadLeft
+Triangle = SDL-0/Y
+Circle = SDL-0/B
+Cross = SDL-0/A
+Square = SDL-0/X
+Select = SDL-0/Back
+Start = SDL-0/Start
+L1 = SDL-0/LeftShoulder
+L2 = SDL-0/+LeftTrigger
+R1 = SDL-0/RightShoulder
+R2 = SDL-0/+RightTrigger
+L3 = SDL-0/LeftStick
+R3 = SDL-0/RightStick
+LUp = SDL-0/-LeftY
+LRight = SDL-0/+LeftX
+LDown = SDL-0/+LeftY
+LLeft = SDL-0/-LeftX
+RUp = SDL-0/-RightY
+RRight = SDL-0/+RightX
+RDown = SDL-0/+RightY
+RLeft = SDL-0/-RightX
+Analog = SDL-0/Guide
+LargeMotor = SDL-0/LargeMotor
+SmallMotor = SDL-0/SmallMotor
+
+
+[AutoUpdater]
+CheckAtStartup = false
+
+
+[GameList]
+RecursivePaths = /home/deck/.persist/manual/games/ps2/roms

nix/steam_deck/configuration/roles/rpcs3/default.nix

@@ -0,0 +1,112 @@
+# MANUAL: mkdir -p ~/.state/.cache/rpcs3 ~/.persist/.config/rpcs3/dev_hdd0 ~/.persist/.config/rpcs3/dev_hdd1 ~/.persist/.config/rpcs3/savestates ~/.persist/.config/rpcs3/dev_usb000 ~/.persist/.config/rpcs3/dev_flash
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  steam_rpcs3 = pkgs.writeScriptBin "steam_rpcs3" ''
+    export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${pkgs.libglvnd}/lib"
+    exec ${pkgs.rpcs3}/bin/rpcs3
+  '';
+in
+{
+  imports = [ ];
+
+  options.me = {
+    rpcs3.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install rpcs3.";
+    };
+  };
+
+  config = lib.mkIf config.me.rpcs3.enable (
+    lib.mkMerge [
+      (lib.mkIf config.me.graphical {
+        home.packages = with pkgs; [
+          rpcs3
+          steam_rpcs3
+        ];
+
+        # .config/rpcs3/config.yml
+        # .config/rpcs3/GuiConfigs/CurrentSettings.ini
+
+        home.persistence."/home/deck/.persist" = {
+          directories = [
+            {
+              directory = ".config/rpcs3/dev_hdd0";
+              method = "symlink";
+            }
+            {
+              directory = ".config/rpcs3/dev_hdd1";
+              method = "symlink";
+            }
+            {
+              directory = ".config/rpcs3/savestates";
+              method = "symlink";
+            }
+            {
+              directory = ".config/rpcs3/dev_usb000";
+              method = "symlink";
+            }
+            {
+              # Seems to be where the firmware is installed.
+              directory = ".config/rpcs3/dev_flash";
+              method = "symlink";
+            }
+          ];
+        };
+        home.persistence."/home/deck/.state" = {
+          directories = [
+            {
+              directory = ".cache/rpcs3";
+              method = "symlink";
+            }
+          ];
+        };
+
+        nixpkgs.overlays = [
+          (
+            final: prev:
+            let
+              optimizeWithFlags =
+                pkg: flags:
+                pkg.overrideAttrs (old: {
+                  NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
+                });
+              original_package =
+                if config.me.optimizations.enable then
+                  (optimizeWithFlags prev.rpcs3 [
+                    "-march=znver2"
+                    "-mtune=znver2"
+                  ])
+                else
+                  prev.rpcs3;
+            in
+            {
+              rpcs3 = pkgs.buildEnv {
+                name = prev.rpcs3.name;
+                paths = [
+                  (config.lib.nixGL.wrap original_package)
+                ];
+                extraOutputsToInstall = [
+                  "man"
+                  "doc"
+                  "info"
+                ];
+                # We have to use 555 instead of the normal 444 here because the .desktop file ends up inside $HOME on steam deck and desktop files must be either not in $HOME or must be executable, otherwise KDE Plasma refuses to execute them.
+                postBuild = ''
+                  chmod 0555 $out/share/applications/rpcs3.desktop
+                '';
+              };
+            }
+          )
+        ];
+      })
+    ]
+  );
+}

nix/steam_deck/configuration/roles/shipwright/default.nix

@@ -0,0 +1,98 @@
+# MANUAL: mkdir -p ~/.persist/.local/share/soh/Save
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  steam_shipwright = pkgs.writeScriptBin "steam_soh" ''
+    export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${pkgs.libglvnd}/lib"
+    exec ${pkgs.shipwright}/bin/soh
+  '';
+in
+{
+  imports = [ ];
+
+  options.me = {
+    shipwright.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install shipwright.";
+    };
+  };
+
+  config = lib.mkIf config.me.shipwright.enable (
+    lib.mkMerge [
+      {
+        allowedUnfree = [ "shipwright" ];
+      }
+      (lib.mkIf config.me.graphical {
+        home.packages = with pkgs; [
+          shipwright
+          steam_shipwright
+        ];
+
+        home.file.".local/share/soh/shipofharkinian.json" = {
+          source = ./files/shipofharkinian.json;
+        };
+
+        home.persistence."/home/deck/.persist" = {
+          directories = [
+            {
+              directory = ".local/share/soh/Save";
+              method = "symlink";
+            }
+          ];
+        };
+        home.persistence."/home/deck/.state" = {
+          files = [
+            ".local/share/soh/oot.otr"
+          ];
+        };
+
+        nixpkgs.overlays = [
+          (
+            final: prev:
+            let
+              optimizeWithFlags =
+                pkg: flags:
+                pkg.overrideAttrs (old: {
+                  NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
+                });
+              original_package = prev.shipwright;
+              # Optimization is broken for shipwright, fails to build "The following attributes are overlapping"
+              # original_package =
+              #   if !config.me.optimizations.enable then
+              #     (optimizeWithFlags prev.shipwright [
+              #       "-march=znver2"
+              #       "-mtune=znver2"
+              #     ])
+              #   else
+              #     prev.shipwright;
+            in
+            {
+              shipwright = pkgs.buildEnv {
+                name = prev.shipwright.name;
+                paths = [
+                  (config.lib.nixGL.wrap original_package)
+                ];
+                extraOutputsToInstall = [
+                  "man"
+                  "doc"
+                  "info"
+                ];
+                # We have to use 555 instead of the normal 444 here because the .desktop file ends up inside $HOME on steam deck and desktop files must be either not in $HOME or must be executable, otherwise KDE Plasma refuses to execute them.
+                postBuild = ''
+                  chmod 0555 $out/share/applications/soh.desktop
+                '';
+              };
+            }
+          )
+        ];
+      })
+    ]
+  );
+}

nix/steam_deck/configuration/roles/shipwright/files/shipofharkinian.json

@@ -0,0 +1,20 @@
+{
+  "CVars": {
+    "gAuthenticLogo": 1,
+    "gInternalResolution": 2.0,
+    "gInterpolationFPS": 60,
+    "gMSAAValue": 2,
+    "gMatchRefreshRate": 1,
+    "gOnFileSelectNameEntry": 0,
+    "gOpenWindows": {
+      "modalWindowEnabled": 1
+    },
+    "gZFightingMode": 0
+  },
+  "ConfigVersion": 2,
+  "Window": {
+    "Fullscreen": {
+      "Enabled": true
+    }
+  }
+}

nix/steam_deck/configuration/roles/sm64ex/default.nix

@@ -0,0 +1,109 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  steam_sm64ex = pkgs.writeScriptBin "steam_sm64ex" ''
+    export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${pkgs.libglvnd}/lib"
+    exec ${pkgs.sm64ex}/bin/sm64ex
+  '';
+in
+{
+  imports = [ ];
+
+  options.me = {
+    sm64ex.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install sm64ex.";
+    };
+  };
+
+  config = lib.mkIf config.me.sm64ex.enable (
+    lib.mkMerge [
+      (lib.mkIf config.me.graphical {
+        allowedUnfree = [ "sm64ex" ];
+
+        home.packages = with pkgs; [
+          sm64ex
+          steam_sm64ex
+        ];
+
+        # nixpkgs.overlays = [
+        #   (final: prev: {
+        #     sm4ex = prev.sm64ex.override {
+        #       baseRom.name = "SuperMario64.z64";
+        #     };
+        #   })
+        # ];
+
+        home.file.".local/share/sm64ex/sm64config.txt" = {
+          source = ./files/sm64config.txt;
+        };
+
+        home.persistence."/home/deck/.persist" = {
+          files = [
+            ".local/share/sm64ex/sm64_save_file.bin"
+          ];
+        };
+
+        nixpkgs.overlays = [
+          (
+            final: prev:
+            let
+              optimizeWithFlags =
+                pkg: flags:
+                pkg.overrideAttrs (old: {
+                  NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
+                });
+              original_package =
+                if config.me.optimizations.enable then
+                  (optimizeWithFlags prev.sm64ex [
+                    "-march=znver2"
+                    "-mtune=znver2"
+                  ])
+                else
+                  prev.sm64ex;
+            in
+            {
+              sm64ex =
+                let
+                  desktop_item = pkgs.makeDesktopItem {
+                    name = "sm64ex";
+                    desktopName = "Super Mario 64";
+                    comment = "A PC Port of Super Mario 64.";
+                    categories = [
+                      "Game"
+                    ];
+                    icon = "sm64ex";
+                    type = "Application";
+                    exec = "sm64ex";
+                  };
+                in
+                pkgs.buildEnv {
+                  name = prev.sm64ex.name;
+                  paths = [
+                    (config.lib.nixGL.wrap original_package)
+                  ];
+                  extraOutputsToInstall = [
+                    "man"
+                    "doc"
+                    "info"
+                  ];
+                  # We have to use 555 instead of the normal 444 here because the .desktop file ends up inside $HOME on steam deck and desktop files must be either not in $HOME or must be executable, otherwise KDE Plasma refuses to execute them.
+                  postBuild = ''
+                    install -m 555 -D "${desktop_item}/share/applications/"* -t $out/share/applications/
+                    install -m 444 -D "${./files/icon.png}" $out/share/pixmaps/sm64ex.png
+                  '';
+                };
+            }
+          )
+        ];
+      })
+    ]
+  );
+}

nix/steam_deck/configuration/roles/sm64ex/files/sm64config.txt

@@ -0,0 +1 @@
+fullscreen true

nix/steam_deck/configuration/roles/steam_rom_manager/default.nix

@@ -0,0 +1,33 @@
+{
+  stdenv,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  package = (pkgs.callPackage ./package.nix { });
+in
+{
+  imports = [ ];
+
+  options.me = {
+    steam_rom_manager.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install steam_rom_manager.";
+    };
+  };
+
+  config = lib.mkIf config.me.steam_rom_manager.enable (
+    lib.mkMerge [
+      (lib.mkIf config.me.graphical {
+        home.packages = with pkgs; [
+          package
+        ];
+      })
+    ]
+  );
+}

nix/steam_deck/configuration/roles/steam_rom_manager/package.nix

@@ -0,0 +1,49 @@
+{
+  stdenv,
+  lib,
+  pkgs,
+  makeDesktopItem,
+}:
+
+let
+  version = "2.5.29";
+  icon = pkgs.fetchurl {
+    url = "https://github.com/SteamGridDB/steam-rom-manager/blob/master/src/assets/icons/512x512.png?raw=true";
+    hash = "sha256-Nx29nJ2+44AYrTLP+CNmDJFAf2sjrH7sfYhg9fJx2qo=";
+  };
+in
+stdenv.mkDerivation {
+  name = "steam-rom-manager";
+  src = pkgs.fetchurl {
+    url = "https://github.com/SteamGridDB/steam-rom-manager/releases/download/v${version}/Steam-ROM-Manager-${version}.AppImage";
+    hash = "sha256-6ZJ+MGIgr2osuQuqD6N9NnPiJFNq/HW6ivG8tyXUhvs=";
+  };
+  phases = [
+    "installPhase"
+  ];
+  installPhase = ''
+    runHook preInstall
+    mkdir -p $out/bin
+    install --mode=0755 $src $out/bin/steam-rom-manager
+    runHook postInstall
+  '';
+  # We have to use 555 instead of the normal 444 here because the .desktop file ends up inside $HOME on steam deck and desktop files must be either not in $HOME or must be executable, otherwise KDE Plasma refuses to execute them.
+  postInstall = ''
+    mkdir -p $out/share/{applications,pixmaps}
+    install -m 555 -D "$desktopItem/share/applications/"* -t $out/share/applications/
+    install -m 444 -D "${icon}" $out/share/pixmaps/steamrommanager.png
+  '';
+
+  desktopItem = makeDesktopItem {
+    name = "steam-rom-manager";
+    desktopName = "Steam Rom Manager";
+    comment = "Manage additional entries in the Steam launcher.";
+    categories = [
+      "Application"
+      "Utility"
+    ];
+    icon = "steamrommanager";
+    type = "Application";
+    exec = "steam-rom-manager";
+  };
+}

nix/steam_deck/configuration/util/unfree_polyfill/default.nix

@@ -0,0 +1,15 @@
+{ config, lib, ... }:
+
+let
+  inherit (builtins) elem;
+  inherit (lib) getName mkOption;
+  inherit (lib.types) listOf str;
+in
+{
+  # Pending https://github.com/NixOS/nixpkgs/issues/55674
+  options.allowedUnfree = mkOption {
+    type = listOf str;
+    default = [ ];
+  };
+  config.nixpkgs.config.allowUnfreePredicate = p: elem (getName p) config.allowedUnfree;
+}