Add support for authenticating to GKE with gcloud.

Set the steam launcher to run /home/deck/.nix-profile/bin/steam_<GAME> to have it work inside steam gaming mode.

nix/configuration/configuration.nix

@@ -63,6 +63,12 @@
     ./roles/shipwright
     ./roles/2ship2harkinian
     ./roles/nix_index
+    ./roles/flux
+    ./roles/tekton
+    ./roles/gnuplot
+    ./roles/sops
+    ./roles/gcloud
+    ./roles/steam_run_free
   ];
 
   nix.settings.experimental-features = [
@@ -152,6 +158,10 @@
     ncdu
     nix-tree
     libarchive # bsdtar
+    lsof
+    doas-sudo-shim # To support --use-remote-sudo for remote builds
+    dmidecode # Read SMBIOS information.
+    ipcalc
   ];
 
   services.openssh = {

nix/configuration/flake.lock

@@ -135,11 +135,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737762889,
+        "lastModified": 1740432748,
-        "narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
+        "narHash": "sha256-BCeFtoJ/+LrZc03viRJWHfzAqqG8gPu/ikZeurv05xs=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
+        "rev": "c12dcc9b61429b2ad437a7d4974399ad8f910319",
         "type": "github"
       },
       "original": {
@@ -191,11 +191,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1737885589,
+        "lastModified": 1740367490,
-        "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
+        "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
+        "rev": "0196c0175e9191c474c26ab5548db27ef5d34b05",
         "type": "github"
       },
       "original": {

nix/configuration/hosts/neelix/default.nix

@@ -21,7 +21,7 @@
   boot.initrd.kernelModules = [ "i915" ];
 
   # Mount tmpfs at /tmp
-  boot.tmp.useTmpfs = true;
+  # boot.tmp.useTmpfs = true;
 
   me.bluetooth.enable = true;
   me.emacs_flavor = "plainmacs";

nix/configuration/hosts/odo/default.nix

@@ -1,4 +1,9 @@
-{ config, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 {
   imports = [
     ./hardware-configuration.nix
@@ -7,6 +12,7 @@
     ./power_management.nix
     ./screen_brightness.nix
     ./wifi.nix
+    ./framework_module.nix
   ];
 
   # Generate with `head -c4 /dev/urandom | od -A none -t x4`
@@ -27,8 +33,15 @@
 
   environment.systemPackages = with pkgs; [
     fw-ectool
+    framework-tool
   ];
 
+  # Enable light sensor
+  # hardware.sensor.iio.enable = lib.mkDefault true;
+
+  # Enable TRIM
+  # services.fstrim.enable = lib.mkDefault true;
+
   me.alacritty.enable = true;
   me.ansible.enable = true;
   me.ares.enable = true;
@@ -38,7 +51,10 @@
   me.docker.enable = true;
   me.emacs_flavor = "full";
   me.firefox.enable = true;
+  me.flux.enable = true;
+  me.gcloud.enable = true;
   me.git.config = ../../roles/git/files/gitconfig_home;
+  me.gnuplot.enable = true;
   me.gpg.enable = true;
   me.graphical = true;
   me.graphics_card_type = "amd";
@@ -52,9 +68,12 @@
   me.python.enable = true;
   me.qemu.enable = true;
   me.rust.enable = true;
+  me.sops.enable = true;
   me.sound.enable = true;
   me.steam.enable = true;
+  me.steam_run_free.enable = true;
   me.sway.enable = true;
+  me.tekton.enable = true;
   me.terraform.enable = true;
   me.vnc_client.enable = true;
   me.vscode.enable = true;

nix/configuration/hosts/odo/framework_module.nix

@@ -0,0 +1,23 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  config = lib.mkMerge [
+    {
+      boot.extraModulePackages = with config.boot.kernelPackages; [
+        framework-laptop-kmod
+      ];
+      # https://github.com/DHowett/framework-laptop-kmod?tab=readme-ov-file#usage
+      boot.kernelModules = [
+        "cros_ec"
+        "cros_ec_lpcs"
+      ];
+    }
+  ];
+}

nix/configuration/roles/docker/default.nix

@@ -56,6 +56,32 @@
           # };
         };
 
+        systemd.services.link-docker-creds = {
+          # Contains credentials so it cannot be added to the nix store
+          enable = true;
+          description = "link-docker-creds";
+          wantedBy = [ "multi-user.target" ];
+          wants = [ "multi-user.target" ];
+          after = [ "multi-user.target" ];
+          # path = with pkgs; [
+          #   zfs
+          # ];
+          unitConfig.DefaultDependencies = "no";
+          serviceConfig = {
+            Type = "oneshot";
+            RemainAfterExit = "yes";
+          };
+          script = ''
+            if [ -e /persist/manual/docker/config.json ]; then
+              install --directory --owner talexander --group talexander --mode 0700 /home/talexander/.docker
+              ln -s /persist/manual/docker/config.json /home/talexander/.docker/config.json
+            fi
+          '';
+          preStop = ''
+            rm -f /home/talexander/.docker/config.json
+          '';
+        };
+
         # Needed for non-rootless docker
         users.users.talexander.extraGroups = [ "docker" ];
       }

nix/configuration/roles/emacs/default.nix

@@ -89,7 +89,7 @@ in
       (lib.mkIf (config.me.graphical) {
         nixpkgs.overlays = [
           (final: prev: {
-            my_emacs = final.emacs29-pgtk;
+            my_emacs = final.emacs30-pgtk;
           })
         ];
       })
@@ -121,6 +121,7 @@ in
                       dicts: with dicts; [
                         en
                         en-computers
+                        # en-science # TODO: Why is en-science non-free?
                       ]
                     ))
                     final.nixd # nix language server
@@ -129,6 +130,9 @@ in
                     final.shellcheck
                     final.cmake-language-server
                     final.cmake # Used by cmake-language-server
+                    final.rust-analyzer
+                    final.nodePackages_latest.prettier # Format yaml, json, and JS
+                    final.terraform-ls
                   ]
                 }
               '';

nix/configuration/roles/emacs/files/emacs/elisp/base-extensions.el

@@ -51,17 +51,27 @@
 ;; Persist history over Emacs restarts. Vertico sorts by history position.
 (use-package savehist
   ;; This is an emacs built-in but we're pulling the latest version
+  :pin gnu
   :config
   (savehist-mode))
 
 (use-package which-key
+  :pin gnu
   :diminish
   :config
   (which-key-mode))
 
 (use-package windmove
-  :config
+  ;; This is an emacs built-in but we're pulling the latest version
-  (windmove-default-keybindings))
+  :pin gnu
+  :bind
+  (
+   ("S-<up>" . windmove-up)
+   ("S-<right>" . windmove-right)
+   ("S-<down>" . windmove-down)
+   ("S-<left>" . windmove-left)
+   )
+  )
 
 (setq tramp-default-method "ssh")
 

nix/configuration/roles/emacs/files/emacs/elisp/base.el

@@ -63,6 +63,9 @@
  show-trailing-whitespace t
  ;; Remove the line when killing it with ctrl-k
  kill-whole-line t
+
+ ;; Show the current project in the mode line
+ project-mode-line t
  )
 
 ;; (setq-default fringes-outside-margins t)

nix/configuration/roles/emacs/files/emacs/elisp/lang-org.el

@@ -1,16 +1,23 @@
 (use-package org
   :ensure nil
   :commands org-mode
-  :bind (
+  :bind (:map org-mode-map
          ("C-c l" . org-store-link)
          ("C-c a" . org-agenda)
-         ("C--" . org-timestamp-down)
+         ("S-<up>" . org-shiftup)
-         ("C-=" . org-timestamp-up)
+         ("S-<right>" . org-shiftright)
+         ("S-<down>" . org-shiftdown)
+         ("S-<left>" . org-shiftleft)
          )
   :hook (
          (org-mode . (lambda ()
                        (org-indent-mode +1)
                        ))
+         ;; Make windmove work in Org mode:
+         (org-shiftup-final . windmove-up)
+         (org-shiftleft-final . windmove-left)
+         (org-shiftdown-final . windmove-down)
+         (org-shiftright-final . windmove-right)
          )
   :config
   (require 'org-tempo)

nix/configuration/roles/flux/default.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    flux.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install flux.";
+    };
+  };
+
+  config = lib.mkIf config.me.flux.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+          fluxcd
+        ];
+      }
+    ]
+  );
+}

nix/configuration/roles/gcloud/default.nix

@@ -0,0 +1,43 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    gcloud.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install gcloud.";
+    };
+  };
+
+  config = lib.mkIf config.me.gcloud.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+          (google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ])
+        ];
+
+        environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
+          hideMounts = true;
+          users.talexander = {
+            directories = [
+              {
+                directory = ".config/gcloud";
+                user = "talexander";
+                group = "talexander";
+                mode = "0700";
+              }
+            ];
+          };
+        };
+      }
+    ]
+  );
+}

nix/configuration/roles/git/files/gitconfig_home

@@ -3,7 +3,7 @@
 	name = Tom Alexander
 	signingkey = D3A179C9A53C0EDE
 [push]
-	default = simple
+	default = simple # (default since 2.0)
 [alias]
 	lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
 	bh = log --oneline --branches=* --remotes=* --graph --decorate
@@ -12,24 +12,42 @@
 	excludesfile = ~/.gitignore_global
 [commit]
 	gpgsign = true
+	verbose = true
 [pull]
 	rebase = true
 [log]
 	date = local
 [init]
 	defaultBranch = main
-
-# Use meld for `git difftool` and `git mergetool`
 [diff]
-	tool = meld
+	tool = meld # Use meld for `git difftool` and `git mergetool`
+	algorithm = histogram
+	colorMoved = plain
+	mnemonicPrefix = true
+	renames = true
 [difftool]
 	prompt = false
 [difftool "meld"]
 	cmd = meld "$LOCAL" "$REMOTE"
 [merge]
 	tool = meld
+	conflictStyle = zdiff3
 [mergetool "meld"]
         # Make the middle pane start with partially-merged contents:
 	cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
         # Make the middle pane start without any merge progress:
 	# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"
+[column]
+	ui = auto
+[branch]
+	sort = -committerdate
+[tag]
+	sort = version:refname
+[fetch]
+	prune = true
+	pruneTags = true
+	all = true
+[rebase]
+	autoSquash = true
+	autoStash = true
+	updateRefs = true

nix/configuration/roles/gnuplot/default.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    gnuplot.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install gnuplot.";
+    };
+  };
+
+  config = lib.mkIf config.me.gnuplot.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+          gnuplot
+        ];
+      }
+    ]
+  );
+}

nix/configuration/roles/graphics/default.nix

@@ -37,6 +37,11 @@
           xorg.xeyes # to test which windows are using x11
         ];
         hardware.graphics.enable = true;
+        # hardware.graphics.enable32Bit = true;
+
+        # Vulkan Support (64-bit is enabled by default, 32-bit is disabled by default)
+        # hardware.opengl.driSupport = true; # This is already enabled by default
+        # hardware.opengl.driSupport32Bit = true; # For 32 bit applications
       })
     ]
   );

nix/configuration/roles/kubernetes/default.nix

@@ -28,6 +28,21 @@ let
   alias_klog = pkgs.writeShellScriptBin "klog" ''
     exec ${pkgs.kubectl}/bin/kubectl logs --all-containers "$@"
   '';
+  decrypt_k8s_secret =
+    (pkgs.writeScriptBin "decrypt_k8s_secret" (builtins.readFile ./files/decrypt_k8s_secret.bash))
+    .overrideAttrs
+      (old: {
+        buildCommand = "${old.buildCommand}\n patchShebangs $out";
+        buildInputs = [ pkgs.makeWrapper ];
+        postBuild = ''
+          wrapProgram $out/bin/decrypt_k8s_secret --prefix PATH : ${
+            lib.makeBinPath [
+              pkgs.kubectl
+              pkgs.jq
+            ]
+          }
+        '';
+      });
 in
 {
   imports = [ ];
@@ -55,6 +70,7 @@ in
           alias_kdel
           alias_kd
           alias_klog
+          decrypt_k8s_secret
         ];
 
         environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {

nix/configuration/roles/kubernetes/files/decrypt_k8s_secret.bash

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+kubectl get secret -o json "${@}" | jq '.data[] |= @base64d | .data'

nix/configuration/roles/media/default.nix

@@ -17,6 +17,8 @@ let
         buildCommand = "${old.buildCommand}\n patchShebangs $out";
 
       });
+  kernel_version_check = lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.12";
+  nixos_version_check = lib.versionAtLeast (lib.versions.majorMinor lib.version) "25.05";
 in
 {
   imports = [ ];
@@ -35,6 +37,8 @@ in
       {
         environment.systemPackages = with pkgs; [
           ffmpeg
+          libva-utils # for vainfo
+          vdpauinfo
         ];
       }
       (lib.mkIf config.me.graphical {
@@ -59,6 +63,21 @@ in
           cast_file_vaapi
         ];
       })
+      (lib.mkIf (config.me.graphics_card_type == "amd") {
+        environment.sessionVariables = {
+          VDPAU_DRIVER = "radeonsi";
+        };
+      })
+      (lib.mkIf (config.me.graphics_card_type == "intel") {
+        hardware.graphics.extraPackages = with pkgs; [
+          intel-media-driver
+          libvdpau-va-gl # Support vdpau applications using va-api
+        ];
+
+        environment.sessionVariables = {
+          VDPAU_DRIVER = "va_gl";
+        };
+      })
     ]
   );
 }

nix/configuration/roles/network/default.nix

@@ -61,6 +61,7 @@
     iwd
     ldns # for drill
     arp-scan # To find devices on the network
+    wavemon
   ];
 
   boot.extraModprobeConfig = ''

nix/configuration/roles/rust/default.nix

@@ -1,3 +1,6 @@
+# MANUAL: rustup target add x86_64-unknown-linux-musl
+# MANUAL: rustup target add wasm32-unknown-unknown
+# MANUAL: rustup component add rustc-codegen-cranelift
 {
   config,
   lib,
@@ -5,6 +8,21 @@
   ...
 }:
 
+let
+  cargo_wrapped =
+    package: prog:
+    pkgs.writeShellScriptBin "${prog}" ''
+      export PATH="$PATH:${
+        lib.makeBinPath [
+          pkgs.clang
+          pkgs.pkg-config # Needed for openssl-sys
+        ]
+      }"
+      # Needed for openssl-sys
+      export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:${pkgs.openssl.dev}/lib/pkgconfig"
+      exec ${package}/bin/${prog} "''${@}"
+    '';
+in
 {
   imports = [ ];
 
@@ -24,7 +42,6 @@
           rustup
           lldb # for lldb-vscode
           musl # for building static binaries
-          rust-analyzer
           cargo-semver-checks
           # ? cargo-bloat
           # ? cargo-outdated
@@ -38,17 +55,89 @@
               ".cargo/config.toml" = {
                 source = ./files/cargo_config.toml;
               };
-              # # TODO: Figure out what to do with credentials.
+              ".rustup/settings.toml" = {
-              # ".cargo/credentials.toml" = {
+                source = ./files/rustup_settings.toml;
-              #   source = ./files/cargo_credentials.toml;
+              };
-              # };
             };
           };
 
+        environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
+          hideMounts = true;
+          users.talexander = {
+            directories = [
+              {
+                directory = ".rustup";
+                user = "talexander";
+                group = "talexander";
+                mode = "0755";
+              }
+              {
+                directory = ".cargo/registry";
+                user = "talexander";
+                group = "talexander";
+                mode = "0755";
+              }
+            ];
+          };
+        };
+
+        systemd.services.link-rust-creds = {
+          # Contains credentials so it cannot be added to the nix store
+          enable = true;
+          description = "link-rust-creds";
+          wantedBy = [ "multi-user.target" ];
+          wants = [ "multi-user.target" ];
+          after = [ "multi-user.target" ];
+          # path = with pkgs; [
+          #   zfs
+          # ];
+          unitConfig.DefaultDependencies = "no";
+          serviceConfig = {
+            Type = "oneshot";
+            RemainAfterExit = "yes";
+          };
+          script = ''
+            if [ -e /persist/manual/rust/cargo_credentials.toml ]; then
+              install --directory --owner talexander --group talexander --mode 0755 /home/talexander/.cargo
+              ln -s /persist/manual/rust/cargo_credentials.toml /home/talexander/.cargo/credentials.toml
+            fi
+          '';
+          preStop = ''
+            rm -f /home/talexander/.cargo/credentials.toml
+          '';
+        };
+
+        nixpkgs.overlays = [
+          (final: prev: {
+            rustup = pkgs.symlinkJoin {
+              name = "rustup";
+              paths =
+                (builtins.map (cargo_wrapped prev.rustup) [
+                  "cargo"
+                  "cargo-clippy"
+                  "cargo-fmt"
+                  "cargo-miri"
+                  "clippy-driver"
+                  "rls"
+                  "rust-analyzer"
+                  "rust-gdb"
+                  "rust-gdbgui"
+                  "rust-lldb"
+                  "rustc"
+                  "rustdoc"
+                  "rustfmt"
+                  "rustup"
+                ])
+                ++ [
+                  prev.rustup
+                ];
+              buildInputs = [ pkgs.makeWrapper ];
+            };
+          })
+        ];
       }
     ]
   );
 }
 
 # TODO: Install clippy, cranelift, rust-src
-# TODO: Install rust targets x86_64-unknown-linux-musl and wasm32-unknown-unknown

nix/configuration/roles/rust/files/rustup_settings.toml

@@ -0,0 +1,5 @@
+default_toolchain = "nightly-x86_64-unknown-linux-gnu"
+profile = "default"
+version = "12"
+
+[overrides]

nix/configuration/roles/sops/default.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    sops.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install sops.";
+    };
+  };
+
+  config = lib.mkIf config.me.sops.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+          sops # For encrypting kubernetes secrets.
+        ];
+      }
+    ]
+  );
+}

nix/configuration/roles/ssh/default.nix

@@ -20,4 +20,12 @@
       ];
     };
   };
+
+  home-manager.users.talexander =
+    { pkgs, ... }:
+    {
+      home.file.".ssh/config" = {
+        source = ./files/ssh_config;
+      };
+    };
 }

nix/configuration/roles/ssh/files/ssh_config

@@ -0,0 +1,34 @@
+Host poudriere
+  ProxyJump talexander@mrmanager
+  HostName 10.215.1.203
+
+Host controller0
+  ProxyJump talexander@mrmanager
+  HostName 10.215.1.204
+
+Host controller1
+  ProxyJump talexander@mrmanager
+  HostName 10.215.1.205
+
+Host controller2
+  ProxyJump talexander@mrmanager
+  HostName 10.215.1.206
+
+Host worker0
+  ProxyJump talexander@mrmanager
+  HostName 10.215.1.207
+
+Host worker1
+  ProxyJump talexander@mrmanager
+  HostName 10.215.1.208
+
+Host worker2
+  ProxyJump talexander@mrmanager
+  HostName 10.215.1.209
+
+Host brianai
+  ProxyJump talexander@mrmanager
+  HostName 10.215.1.215
+
+Host *
+  Compression yes

nix/configuration/roles/steam_run_free/default.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    steam_run_free.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install steam_run_free.";
+    };
+  };
+
+  config = lib.mkIf config.me.steam_run_free.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+          steam-run-free
+        ];
+      }
+    ]
+  );
+}

nix/configuration/roles/tekton/default.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    tekton.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install tekton.";
+    };
+  };
+
+  config = lib.mkIf config.me.tekton.enable (
+    lib.mkMerge [
+      {
+        environment.systemPackages = with pkgs; [
+          tektoncd-cli
+        ];
+      }
+    ]
+  );
+}

nix/configuration/roles/waybar/files/style.css

@@ -53,6 +53,7 @@
 }
 
 tooltip {
+  /* CSS for hover menu */
   background-color: #323232;
 }
 
@@ -183,7 +184,23 @@ tooltip {
 }
 
 #tray {
-  /* No styles */
+  /* CSS rules for the tray (not the right-click or hover menu) */
+}
+
+/* #tray menu menuitem */
+#tray menu {
+  /* CSS for right click menu */
+  background: #323232;
+  padding: 5px;
+  border: 1px solid white;
+}
+#tray menu menuitem {
+  /* CSS for menu items in the right click menu */
+}
+
+#tray menu menuitem:hover {
+  /* CSS for hovering over a right-click menu item. */
+  background-color: #434343;
 }
 
 #window {

nix/steam_deck/configuration/flake.lock

@@ -0,0 +1,101 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1739314552,
+        "narHash": "sha256-ggVf2BclyIW3jexc/uvgsgJH4e2cuG6Nyg54NeXgbFI=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "83bd3a26ac0526ae04fa74df46738bb44b89dcdd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1737831083,
+        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
+    "nixgl": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1713543440,
+        "narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=",
+        "owner": "nix-community",
+        "repo": "nixGL",
+        "rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixGL",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1739138025,
+        "narHash": "sha256-M4ilIfGxzbBZuURokv24aqJTbdjPA9K+DtKUzrJaES4=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "b2243f41e860ac85c0b446eadc6930359b294e79",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "home-manager": "home-manager",
+        "impermanence": "impermanence",
+        "nixgl": "nixgl",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

nix/steam_deck/configuration/flake.nix

@@ -0,0 +1,47 @@
+{
+  description = "My system configuration";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+    nixgl.url = "github:nix-community/nixGL";
+    nixgl.inputs.nixpkgs.follows = "nixpkgs";
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    impermanence = {
+      url = "github:nix-community/impermanence";
+    };
+  };
+  outputs =
+    {
+      nixpkgs,
+      nixgl,
+      home-manager,
+      impermanence,
+      ...
+    }:
+    let
+      system = "x86_64-linux";
+      pkgs = import nixpkgs {
+        inherit system;
+        overlays = [ nixgl.overlay ];
+      };
+    in
+    # pkgs = nixpkgs.legacyPackages.${system};
+    {
+      defaultPackage.${system} = home-manager.defaultPackage.${system};
+      homeConfigurations."deck" = home-manager.lib.homeManagerConfiguration {
+        inherit pkgs;
+
+        extraSpecialArgs = { inherit nixgl; };
+
+        modules = [
+          { nixpkgs.overlays = [ nixgl.overlay ]; }
+          impermanence.homeManagerModules.impermanence
+          ./hosts/deck
+          ./home.nix
+        ];
+      };
+    };
+}

nix/steam_deck/configuration/home.nix

@@ -0,0 +1,52 @@
+# TODO: Optimize for znver2
+{
+  config,
+  pkgs,
+  nixgl,
+  ...
+}:
+{
+  imports = [
+    ./roles/2ship2harkinian
+    ./roles/graphics
+    ./roles/shipwright
+    ./roles/sm64ex
+    ./roles/steam_rom_manager
+    ./util/unfree_polyfill
+  ];
+
+  home.username = "deck";
+  home.homeDirectory = "/home/deck";
+  home.stateVersion = "24.11";
+
+  programs.home-manager.enable = true;
+
+  # enable flakes
+  nix = {
+    package = pkgs.nix;
+    settings.experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+  };
+  # Automatic garbage collection
+  nix.gc = {
+    # Runs nix-collect-garbage --delete-older-than 30d
+    automatic = true;
+    randomizedDelaySec = "14m";
+    options = "--delete-older-than 30d";
+  };
+  nix.settings.auto-optimise-store = true;
+
+  home.packages = with pkgs; [
+    pkgs.nixgl.nixGLIntel
+    (pkgs.nixgl.nixGLCommon pkgs.nixgl.nixGLIntel)
+    pkgs.nixgl.nixVulkanIntel
+  ];
+
+  # This would keep build-time dependencies so I can rebuild while offline.
+  # nix.settings = {
+  #   keep-outputs = true;
+  #   keep-derivations = true;
+  # };
+}

nix/steam_deck/configuration/hosts/deck/default.nix

@@ -0,0 +1,18 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  config = {
+    me.graphical = true;
+    me.ship2harkinian.enable = true;
+    me.shipwright.enable = true;
+    me.sm64ex.enable = true;
+    me.steam_rom_manager.enable = true; # Steam rom manager UI does not render. I think it wants to be in an AppImage.
+  };
+}

nix/steam_deck/configuration/roles/2ship2harkinian/default.nix

@@ -0,0 +1,78 @@
+# MANUAL: mkdir -p ~/.persist/.local/share/2ship/saves
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  steam_2s2h = pkgs.writeScriptBin "steam_2s2h" ''
+    export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${pkgs.libglvnd}/lib"
+    exec ${pkgs._2ship2harkinian}/bin/2s2h
+  '';
+in
+{
+  imports = [ ];
+
+  options.me = {
+    ship2harkinian.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install 2ship2harkinian.";
+    };
+  };
+
+  config = lib.mkIf config.me.ship2harkinian.enable (
+    lib.mkMerge [
+      {
+        allowedUnfree = [ "2ship2harkinian" ];
+      }
+      (lib.mkIf config.me.graphical {
+        home.packages = with pkgs; [
+          _2ship2harkinian
+          steam_2s2h
+        ];
+
+        home.file.".local/share/2ship/2ship2harkinian.json" = {
+          source = ./files/2ship2harkinian.json;
+        };
+
+        home.persistence."/home/deck/.persist" = {
+          directories = [
+            {
+              directory = ".local/share/2ship/saves";
+              method = "symlink";
+            }
+          ];
+        };
+        home.persistence."/home/deck/.state" = {
+          files = [
+            ".local/share/2ship/mm.o2r"
+          ];
+        };
+
+        nixpkgs.overlays = [
+          (final: prev: {
+            _2ship2harkinian = pkgs.buildEnv {
+              name = prev._2ship2harkinian.name;
+              paths = [
+                (config.lib.nixGL.wrap prev._2ship2harkinian)
+              ];
+              extraOutputsToInstall = [
+                "man"
+                "doc"
+                "info"
+              ];
+              # We have to use 555 instead of the normal 444 here because the .desktop file ends up inside $HOME on steam deck and desktop files must be either not in $HOME or must be executable, otherwise KDE Plasma refuses to execute them.
+              postBuild = ''
+                chmod 0555 $out/share/applications/2s2h.desktop
+              '';
+            };
+          })
+        ];
+      })
+    ]
+  );
+}

nix/steam_deck/configuration/roles/2ship2harkinian/files/2ship2harkinian.json

@@ -0,0 +1,15 @@
+{
+  "CVars": {
+    "gInterpolationFPS": 60,
+    "gSettings": {
+      "InternalResolution": 2.0,
+      "MSAAValue": 2,
+      "OpenMenuBar": 0
+    }
+  },
+  "Window": {
+    "Fullscreen": {
+      "Enabled": true
+    }
+  }
+}

nix/steam_deck/configuration/roles/blank/default.nix

@@ -0,0 +1,30 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    blank.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install blank.";
+    };
+  };
+
+  config = lib.mkIf config.me.blank.enable (
+    lib.mkMerge [
+      {
+        home.packages = with pkgs; [
+        ];
+      }
+      (lib.mkIf config.me.graphical {
+      })
+    ]
+  );
+}

nix/steam_deck/configuration/roles/graphics/default.nix

@@ -0,0 +1,43 @@
+{
+  config,
+  lib,
+  pkgs,
+  nixgl,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me.graphics_card_type = lib.mkOption {
+    type = lib.types.nullOr (
+      lib.types.enum [
+        "amd"
+        "intel"
+        "nvidia"
+      ]
+    );
+    default = null;
+    example = "amd";
+    description = "What graphics card type is in the computer.";
+  };
+
+  options.me.graphical = lib.mkOption {
+    type = lib.types.bool;
+    default = false;
+    example = true;
+    description = "Whether we want to install graphical programs.";
+  };
+
+  config = (
+    lib.mkMerge [
+      (lib.mkIf config.me.graphical {
+        nixGL.packages = nixgl.packages;
+        # home.packages = with pkgs; [
+        #   mesa-demos # for glxgears
+        #   vulkan-tools # for vkcube
+        # ];
+      })
+    ]
+  );
+}

nix/steam_deck/configuration/roles/shipwright/default.nix

@@ -0,0 +1,78 @@
+# MANUAL: mkdir -p ~/.persist/.local/share/soh/Save
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  steam_shipwright = pkgs.writeScriptBin "steam_soh" ''
+    export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${pkgs.libglvnd}/lib"
+    exec ${pkgs.shipwright}/bin/soh
+  '';
+in
+{
+  imports = [ ];
+
+  options.me = {
+    shipwright.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install shipwright.";
+    };
+  };
+
+  config = lib.mkIf config.me.shipwright.enable (
+    lib.mkMerge [
+      {
+        allowedUnfree = [ "shipwright" ];
+      }
+      (lib.mkIf config.me.graphical {
+        home.packages = with pkgs; [
+          shipwright
+          steam_shipwright
+        ];
+
+        home.file.".local/share/soh/shipofharkinian.json" = {
+          source = ./files/shipofharkinian.json;
+        };
+
+        home.persistence."/home/deck/.persist" = {
+          directories = [
+            {
+              directory = ".local/share/soh/Save";
+              method = "symlink";
+            }
+          ];
+        };
+        home.persistence."/home/deck/.state" = {
+          files = [
+            ".local/share/soh/oot.otr"
+          ];
+        };
+
+        nixpkgs.overlays = [
+          (final: prev: {
+            shipwright = pkgs.buildEnv {
+              name = prev.shipwright.name;
+              paths = [
+                (config.lib.nixGL.wrap prev.shipwright)
+              ];
+              extraOutputsToInstall = [
+                "man"
+                "doc"
+                "info"
+              ];
+              # We have to use 555 instead of the normal 444 here because the .desktop file ends up inside $HOME on steam deck and desktop files must be either not in $HOME or must be executable, otherwise KDE Plasma refuses to execute them.
+              postBuild = ''
+                chmod 0555 $out/share/applications/soh.desktop
+              '';
+            };
+          })
+        ];
+      })
+    ]
+  );
+}

nix/steam_deck/configuration/roles/shipwright/files/shipofharkinian.json

@@ -0,0 +1,19 @@
+{
+  "CVars": {
+    "gInternalResolution": 2.0,
+    "gInterpolationFPS": 60,
+    "gMSAAValue": 2,
+    "gMatchRefreshRate": 0,
+    "gOnFileSelectNameEntry": 0,
+    "gOpenWindows": {
+      "modalWindowEnabled": 1
+    },
+    "gZFightingMode": 0
+  },
+  "ConfigVersion": 2,
+  "Window": {
+    "Fullscreen": {
+      "Enabled": true
+    }
+  }
+}

nix/steam_deck/configuration/roles/sm64ex/default.nix

@@ -0,0 +1,91 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  steam_sm64ex = pkgs.writeScriptBin "steam_sm64ex" ''
+    export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${pkgs.libglvnd}/lib"
+    exec ${pkgs.sm64ex}/bin/sm64ex
+  '';
+in
+{
+  imports = [ ];
+
+  options.me = {
+    sm64ex.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install sm64ex.";
+    };
+  };
+
+  config = lib.mkIf config.me.sm64ex.enable (
+    lib.mkMerge [
+      (lib.mkIf config.me.graphical {
+        allowedUnfree = [ "sm64ex" ];
+
+        home.packages = with pkgs; [
+          sm64ex
+          steam_sm64ex
+        ];
+
+        # nixpkgs.overlays = [
+        #   (final: prev: {
+        #     sm4ex = prev.sm64ex.override {
+        #       baseRom.name = "SuperMario64.z64";
+        #     };
+        #   })
+        # ];
+
+        home.file.".local/share/sm64ex/sm64config.txt" = {
+          source = ./files/sm64config.txt;
+        };
+
+        home.persistence."/home/deck/.persist" = {
+          files = [
+            ".local/share/sm64ex/sm64_save_file.bin"
+          ];
+        };
+
+        nixpkgs.overlays = [
+          (final: prev: {
+            sm64ex =
+              let
+                desktop_item = pkgs.makeDesktopItem {
+                  name = "sm64ex";
+                  desktopName = "Super Mario 64";
+                  comment = "A PC Port of Super Mario 64.";
+                  categories = [
+                    "Game"
+                  ];
+                  icon = "sm64ex";
+                  type = "Application";
+                  exec = "sm64ex";
+                };
+              in
+              pkgs.buildEnv {
+                name = prev.sm64ex.name;
+                paths = [
+                  (config.lib.nixGL.wrap prev.sm64ex)
+                ];
+                extraOutputsToInstall = [
+                  "man"
+                  "doc"
+                  "info"
+                ];
+                # We have to use 555 instead of the normal 444 here because the .desktop file ends up inside $HOME on steam deck and desktop files must be either not in $HOME or must be executable, otherwise KDE Plasma refuses to execute them.
+                postBuild = ''
+                  install -m 555 -D "${desktop_item}/share/applications/"* -t $out/share/applications/
+                  install -m 444 -D "${./files/icon.png}" $out/share/pixmaps/sm64ex.png
+                '';
+              };
+          })
+        ];
+      })
+    ]
+  );
+}

nix/steam_deck/configuration/roles/sm64ex/files/sm64config.txt

@@ -0,0 +1 @@
+fullscreen true

nix/steam_deck/configuration/roles/steam_rom_manager/default.nix

@@ -0,0 +1,33 @@
+{
+  stdenv,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  package = (pkgs.callPackage ./package.nix { });
+in
+{
+  imports = [ ];
+
+  options.me = {
+    steam_rom_manager.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install steam_rom_manager.";
+    };
+  };
+
+  config = lib.mkIf config.me.steam_rom_manager.enable (
+    lib.mkMerge [
+      (lib.mkIf config.me.graphical {
+        home.packages = with pkgs; [
+          package
+        ];
+      })
+    ]
+  );
+}

nix/steam_deck/configuration/roles/steam_rom_manager/package.nix

@@ -0,0 +1,49 @@
+{
+  stdenv,
+  lib,
+  pkgs,
+  makeDesktopItem,
+}:
+
+let
+  version = "2.5.29";
+  icon = pkgs.fetchurl {
+    url = "https://github.com/SteamGridDB/steam-rom-manager/blob/master/src/assets/icons/512x512.png?raw=true";
+    hash = "sha256-Nx29nJ2+44AYrTLP+CNmDJFAf2sjrH7sfYhg9fJx2qo=";
+  };
+in
+stdenv.mkDerivation {
+  name = "steam-rom-manager";
+  src = pkgs.fetchurl {
+    url = "https://github.com/SteamGridDB/steam-rom-manager/releases/download/v${version}/Steam-ROM-Manager-${version}.AppImage";
+    hash = "sha256-6ZJ+MGIgr2osuQuqD6N9NnPiJFNq/HW6ivG8tyXUhvs=";
+  };
+  phases = [
+    "installPhase"
+  ];
+  installPhase = ''
+    runHook preInstall
+    mkdir -p $out/bin
+    install --mode=0755 $src $out/bin/steam-rom-manager
+    runHook postInstall
+  '';
+  # We have to use 555 instead of the normal 444 here because the .desktop file ends up inside $HOME on steam deck and desktop files must be either not in $HOME or must be executable, otherwise KDE Plasma refuses to execute them.
+  postInstall = ''
+    mkdir -p $out/share/{applications,pixmaps}
+    install -m 555 -D "$desktopItem/share/applications/"* -t $out/share/applications/
+    install -m 444 -D "${icon}" $out/share/pixmaps/steamrommanager.png
+  '';
+
+  desktopItem = makeDesktopItem {
+    name = "steam-rom-manager";
+    desktopName = "Steam Rom Manager";
+    comment = "Manage additional entries in the Steam launcher.";
+    categories = [
+      "Application"
+      "Utility"
+    ];
+    icon = "steamrommanager";
+    type = "Application";
+    exec = "steam-rom-manager";
+  };
+}

nix/steam_deck/configuration/util/unfree_polyfill/default.nix

@@ -0,0 +1,15 @@
+{ config, lib, ... }:
+
+let
+  inherit (builtins) elem;
+  inherit (lib) getName mkOption;
+  inherit (lib.types) listOf str;
+in
+{
+  # Pending https://github.com/NixOS/nixpkgs/issues/55674
+  options.allowedUnfree = mkOption {
+    type = listOf str;
+    default = [ ];
+  };
+  config.nixpkgs.config.allowUnfreePredicate = p: elem (getName p) config.allowedUnfree;
+}