setting up cleves for muninn

2026-04-21 06:39:09 -04:00 · 2024-11-16 13:28:36 -05:00
56 changed files with 270 additions and 1363 deletions
--- a/.github/workflows/build_systems.yml
+++ b/.github/workflows/build_systems.yml
@@ -1,23 +0,0 @@
 name: build_jeeves
 on:
  workflow_dispatch:
  pull_request:
  push:
    branches: [main]
 jobs:
  build:
    name: build-${{ matrix.system }}
    runs-on: self-hosted
    strategy:
      matrix:
        system:
          - "bob"
          - "jeeves"
          - "muninn"
          - "rhapsody-in-green"
          - "router"
    steps:
      - uses: actions/checkout@v4
      - name: Build default package
        run: "nixos-rebuild build --flake ./#${{ matrix.system }}"
--- a/.github/workflows/update-flake-lock.yml
+++ b/.github/workflows/update-flake-lock.yml
@@ -1,21 +0,0 @@
 name: update-flake-lock
 on:
  workflow_dispatch:
  schedule:
    - cron: "0 0 * * *"
 jobs:
  lockfile:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
      - name: Update flake.lock
        uses: DeterminateSystems/update-flake-lock@main
        with:
          pr-title: "Update flake.lock"
          pr-labels: |
            dependencies
            automated
--- a/.gitignore
+++ b/.gitignore
@@ -162,3 +162,4 @@ cython_debug/
 #.idea/
 test.*
 secrets.*
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,17 +0,0 @@
 keys:
  - &admin_richie age1u8zj599elqqvcmhxn8zuwrufsz8w8w366d3ayrljjejljt2q45kq8mxw9c
  - &system_bob age1q47vup0tjhulkg7d6xwmdsgrw64h4ax3la3evzqpxyy4adsmk9fs56qz3y
  - &system_jeeves age13lmqgc3jvkyah5e3vcwmj4s5wsc2akctcga0lpc0x8v8du3fxprqp4ldkv
  - &system_router age1xzxryqq63x65yuza9lmmkud7crjjxpnkdew070yhx6xn7xe4tdws5twxsv
  - &system_rhapsody age1ufnewppysaq2wwcl4ugngjz8pfzc5a35yg7luq0qmuqvctajcycs5lf6k4
 creation_rules:
  - path_regex: users/secrets\.yaml$
    key_groups:
      - age:
          - *admin_richie
          - *system_bob
          - *system_jeeves
          - *system_router
          - *system_rhapsody
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -16,7 +16,6 @@
    "audiobookshelf",
    "auditd",
    "autofetch",
    "autologin",
    "autopull",
    "autotrim",
    "azuretools",
@@ -32,6 +31,7 @@
    "captivedetect",
    "cgroupdriver",
    "charliermarsh",
    "cleves",
    "cloudflared",
    "codezombiech",
    "compactmode",
@@ -82,8 +82,6 @@
    "globalprivacycontrol",
    "gparted",
    "gtts",
    "gutenprint",
    "hass",
    "healthreport",
    "Heatsink",
    "hediet",
@@ -92,7 +90,6 @@
    "hmac",
    "homeassistant",
    "HPKP",
    "hplip",
    "htmlaboutaddons",
    "hurlenko",
    "hwloc",
@@ -239,7 +236,6 @@
    "urlclassifier",
    "usbhid",
    "usbutils",
    "useragent",
    "usernamehw",
    "userprefs",
    "vfat",
--- a/build.sh
+++ b/build.sh
@@ -1,6 +0,0 @@
 #!/bin/sh
 nixos-rebuild build --flake /home/richie/projects/dotfiles#bob
 nixos-rebuild build --flake /home/richie/projects/dotfiles#jeeves
 nixos-rebuild build --flake /home/richie/projects/dotfiles#muninn
 nixos-rebuild build --flake /home/richie/projects/dotfiles#rhapsody-in-green
--- a/common/global/default.nix
+++ b/common/global/default.nix
@@ -2,13 +2,12 @@
  inputs,
  lib,
  outputs,
  pkgs,
  ...
 }:
 {
  imports = [
    inputs.home-manager.nixosModules.home-manager
-    inputs.sops-nix.nixosModules.sops
+    ./docker.nix
    ./fail2ban.nix
    ./fonts.nix
    ./libs.nix
@@ -20,11 +19,7 @@
    ./snapshot_manager.nix
  ];
-  boot = {
+  boot.tmp.useTmpfs = true;
    tmp.useTmpfs = true;
    kernelPackages = lib.mkDefault pkgs.linuxPackages_6_12;
    zfs.package = lib.mkDefault pkgs.zfs;
  };
  hardware.enableRedistributableFirmware = true;
@@ -47,7 +42,7 @@
  security.auditd.enable = lib.mkDefault true;
-  users.mutableUsers = lib.mkDefault false;
+  users.mutableUsers = lib.mkDefault true;
  zramSwap = {
    enable = lib.mkDefault true;
--- a/common/optional/docker.nix
+++ b/common/optional/docker.nix
--- a/common/global/fonts.nix
+++ b/common/global/fonts.nix
@@ -4,9 +4,7 @@
    fontconfig.enable = true;
    enableDefaultPackages = true;
    packages = with pkgs; [
-      nerd-fonts.roboto-mono
+      nerdfonts
      nerd-fonts.intone-mono
      nerd-fonts.symbols-only
    ];
  };
 }
--- a/common/global/nix.nix
+++ b/common/global/nix.nix
@@ -11,21 +11,6 @@ in {
        "root"
        "@wheel"
      ];
      trusted-substituters = [
        "https://cache.nixos.org"
        "https://cache.tmmworkshop.com"
        "https://nix-community.cachix.org"
      ];
      substituters = [
        "https://cache.nixos.org/?priority=2&want-mass-query=true"
        "https://cache.tmmworkshop.com/?priority=2&want-mass-query=true"
        "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
      ];
      trusted-public-keys = [
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
        "cache.tmmworkshop.com:jHffkpgbmEdstQPoihJPYW9TQe6jnQbWR2LqkNGV3iA="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      auto-optimise-store = lib.mkDefault true;
      experimental-features = [
        "nix-command"
--- a/common/global/programs.nix
+++ b/common/global/programs.nix
@@ -2,6 +2,6 @@
 {
  environment.systemPackages = with pkgs; [
    git
-    python313
+    python312
  ];
 }
--- a/common/global/snapshot_config.toml
+++ b/common/global/snapshot_config.toml
@@ -6,8 +6,8 @@ monthly = 0
 ["root_pool/home"]
 15_min = 8
-hourly = 12
+hourly = 24
-daily = 1
+daily = 14
 monthly = 0
 ["root_pool/root"]
--- a/common/optional/desktop.nix
+++ b/common/optional/desktop.nix
@@ -1,18 +1,11 @@
-{ pkgs, ... }:
+{ lib, pkgs, ... }:
 {
  boot = {
-    kernelPackages = pkgs.linuxPackages_6_12;
+    kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;
-    zfs.package = pkgs.zfs;
+    zfs.package = pkgs.zfs_unstable;
  };
  services = {
    displayManager.sddm = {
      enable = true;
      wayland.enable = true;
    };
    desktopManager.plasma6.enable = true;
    xserver = {
      enable = true;
      xkb = {
@@ -20,13 +13,5 @@
        variant = "";
      };
    };
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
      wireplumber.enable = true;
    };
  };
 }
--- a/common/optional/printing.nix
+++ b/common/optional/printing.nix
@@ -1,7 +0,0 @@
 { pkgs, ... }:
 {
  services.printing = {
    enable = true;
    drivers = with pkgs; [ gutenprint hplip ];
  };
 }
--- a/common/optional/steam.nix
+++ b/common/optional/steam.nix
@@ -10,13 +10,8 @@
      gamescopeSession.enable = true;
      remotePlay.openFirewall = true;
      localNetworkGameTransfers.openFirewall = true;
      protontricks.enable = true;
      extraCompatPackages = with pkgs; [proton-ge-bin];
      extest.enable = true;
    };
    gamescope = {
      enable = true;
      capSysNice = true;
    };
  };
 }
--- a/common/optional/update.nix
+++ b/common/optional/update.nix
@@ -1,24 +1,11 @@
-{  lib, pkgs, ... }:
+{ lib, ... }:
 {
-  systemd = {
+  services.autopull = {
-    services."autopull@dotfiles" = {
+    enable = lib.mkDefault true;
-      requires = [ "multi-user.target" ];
+    repo.dotfiles = {
-      after = [ "multi-user.target" ];
+      enable = lib.mkDefault true;
-      description = "Pull the latest data for dotfiles";
+      ssh-key = lib.mkDefault "/root/.ssh/id_ed25519_ghdeploy";
-      serviceConfig = {
+      path = lib.mkDefault /root/dotfiles;
        Type = "oneshot";
        User = "root";
        WorkingDirectory = /root/dotfiles;
        ExecStart = "${pkgs.git}/bin/git pull --all --prune";
      };
    };
    timers."autopull@dotfiles" = {
      wantedBy = [ "timers.target" ];
      timerConfig = {
        OnBootSec = "1h";
        OnUnitActiveSec = "1h";
        Unit = "autopull@dotfiles.service";
      };
    };
  };
--- a/common/optional/zerotier.nix
+++ b/common/optional/zerotier.nix
@@ -3,9 +3,4 @@
    enable = true;
    joinNetworks = [ "e4da7455b2ae64ca" ];
  };
  nix.settings = {
    trusted-substituters = [ "http://192.168.90.40:5000" ];
    substituters = [ "http://192.168.90.40:5000/?priority=1&want-mass-query=true" ];
    trusted-public-keys = [ "cache.tmmworkshop.com:jHffkpgbmEdstQPoihJPYW9TQe6jnQbWR2LqkNGV3iA=" ];
  };
 }
--- a/flake.lock
+++ b/flake.lock
@@ -9,11 +9,11 @@
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1736279099,
+        "lastModified": 1731643390,
-        "narHash": "sha256-WXbwHw+JeIOo3KvGDjrfsuwj8JWBUkFFxmlm07w9i7Q=",
+        "narHash": "sha256-ckIrZY5i+b7UrxolO54pSRO9dKW7GnMYQ1uQLeWEBsU=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "0ad9cf75bae6a9290e9c83cef19f60595f189979",
+        "rev": "f0fa120121e9ea5c16c7b2c578fbebe37fbcab55",
        "type": "gitlab"
      },
      "original": {
@@ -59,11 +59,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1731533236,
+        "lastModified": 1710146030,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
        "type": "github"
      },
      "original": {
@@ -79,11 +79,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1736277415,
+        "lastModified": 1731604581,
-        "narHash": "sha256-kPDXF6cIPsVqSK08XF5EC6KM7BdMnM9vtJDzsnf+lLU=",
+        "narHash": "sha256-Qq2YZZaDTB3FZLWU/Hgh1uuWlUBl3cMLGB99bm7rFUM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "5c4302313d9207f7ec0886d68f8ff4a3c71209a1",
+        "rev": "1d0862ee2d7c6f6cd720d6f32213fa425004be10",
        "type": "github"
      },
      "original": {
@@ -101,11 +101,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1729742964,
+        "lastModified": 1703863825,
-        "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
+        "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
        "owner": "nix-community",
        "repo": "nix-github-actions",
-        "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
+        "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
        "type": "github"
      },
      "original": {
@@ -124,11 +124,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1736214624,
+        "lastModified": 1731712317,
-        "narHash": "sha256-Pi70vbASZ1O9cR8RO5d2hBiNjIJBKKLoABl4sxWyOgg=",
+        "narHash": "sha256-NpkSAwLFTFRZx+C2yL0JCBnjnZQRs8PsWRqZ0S08Bc8=",
        "owner": "lilyinstarlight",
        "repo": "nixos-cosmic",
-        "rev": "0830abeebf3b2d1bae44652ffb2c89cf0d56ddaa",
+        "rev": "0b0e62252fb3b4e6b0a763190413513be499c026",
        "type": "github"
      },
      "original": {
@@ -139,11 +139,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1736283893,
+        "lastModified": 1731403644,
-        "narHash": "sha256-BG1FfTexFwNty5VhYjaQLMR6CMPfI3QRcaZrFQYu2EM=",
+        "narHash": "sha256-T9V7CTucjRZ4Qc6pUEV/kpgNGzQbHWfGcfK6JJLfUeI=",
        "owner": "nixos",
        "repo": "nixos-hardware",
-        "rev": "4f339f6be2b61662f957c2ee9eda0fa597d8a6d6",
+        "rev": "f6581f1c3b137086e42a08a906bdada63045f991",
        "type": "github"
      },
      "original": {
@@ -155,11 +155,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1736012469,
+        "lastModified": 1731319897,
-        "narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=",
+        "narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d",
+        "rev": "dc460ec76cbff0e66e269457d7b728432263166c",
        "type": "github"
      },
      "original": {
@@ -171,11 +171,11 @@
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1736294919,
+        "lastModified": 1731716707,
-        "narHash": "sha256-6Epm0TQkXt0DcS3akYSeT0PzYMpgkZf0V14+5UGe6oE=",
+        "narHash": "sha256-ykrD4v5e/i2eweFAnamAXXkk/jzhNNwPiDc9yu4MbZs=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "ed6183b173fe27e1d7dceef1ddca2aa64d07aad4",
+        "rev": "3af4d5583961833ab0439b64626190951839c0bc",
        "type": "github"
      },
      "original": {
@@ -187,27 +187,27 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1736061677,
+        "lastModified": 1731386116,
-        "narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=",
+        "narHash": "sha256-lKA770aUmjPHdTaJWnP3yQ9OI1TigenUqVC3wweqZuI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "cbd8ec4de4469333c82ff40d057350c30e9f7d36",
+        "rev": "689fed12a013f56d4c4d3f612489634267d86529",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-24.11",
+        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-stable_2": {
      "locked": {
-        "lastModified": 1735563628,
+        "lastModified": 1731386116,
-        "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
+        "narHash": "sha256-lKA770aUmjPHdTaJWnP3yQ9OI1TigenUqVC3wweqZuI=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
+        "rev": "689fed12a013f56d4c4d3f612489634267d86529",
        "type": "github"
      },
      "original": {
@@ -232,11 +232,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1731205797,
+        "lastModified": 1723343306,
-        "narHash": "sha256-F7N1mxH1VrkVNHR3JGNMRvp9+98KYO4b832KS8Gl2xI=",
+        "narHash": "sha256-/6sRkPq7/5weX2y0V8sQ29Sz35nt8kyj+BsFtkhgbJE=",
        "owner": "nix-community",
        "repo": "poetry2nix",
-        "rev": "f554d27c1544d9c56e5f1f8e2b8aff399803674e",
+        "rev": "4a1c112ff0c67f496573dc345bd0b2247818fc29",
        "type": "github"
      },
      "original": {
@@ -254,7 +254,6 @@
        "nixpkgs": "nixpkgs",
        "nixpkgs-master": "nixpkgs-master",
        "nixpkgs-stable": "nixpkgs-stable_2",
        "sops-nix": "sops-nix",
        "system_tools": "system_tools",
        "systems": "systems_3"
      }
@@ -267,11 +266,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1736130662,
+        "lastModified": 1731551344,
-        "narHash": "sha256-z+WGez9oTR2OsiUWE5ZhIpETqM1ogrv6Xcd24WFi6KQ=",
+        "narHash": "sha256-wr8OOqgw7M1pWfe4W7WA5lErzOVMg3zvrrxx/dy/nPo=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "2f5d4d9cd31cc02c36e51cb2e21c4b25c4f78c52",
+        "rev": "27570abfd3461875f11fc07c9b01c141a6332b4f",
        "type": "github"
      },
      "original": {
@@ -280,26 +279,6 @@
        "type": "github"
      }
    },
    "sops-nix": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1736203741,
        "narHash": "sha256-eSjkBwBdQk+TZWFlLbclF2rAh4JxbGg8az4w/Lfe7f4=",
        "owner": "Mic92",
        "repo": "sops-nix",
        "rev": "c9c88f08e3ee495e888b8d7c8624a0b2519cb773",
        "type": "github"
      },
      "original": {
        "owner": "Mic92",
        "repo": "sops-nix",
        "type": "github"
      }
    },
    "system_tools": {
      "inputs": {
        "flake-utils": "flake-utils_2",
@@ -309,11 +288,11 @@
        "poetry2nix": "poetry2nix"
      },
      "locked": {
-        "lastModified": 1733083480,
+        "lastModified": 1729617389,
-        "narHash": "sha256-B13faNyBbA3MeI7Jp6pFVbp58rI2Rx5Uvd83csW2p48=",
+        "narHash": "sha256-Q05Nhw84FprGiuQHd1ahOhKKIbxzp1rpeCqddjXUSVM=",
        "owner": "RichieCahill",
        "repo": "system_tools",
-        "rev": "bc357d8fabd83c1423611829091e5b1d86dd913c",
+        "rev": "2a2aa711fcf67ed5e4db484e507a4a511b9b4230",
        "type": "github"
      },
      "original": {
@@ -375,11 +354,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1730120726,
+        "lastModified": 1719749022,
-        "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=",
+        "narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15",
+        "rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -3,8 +3,8 @@
  nixConfig = {
    extra-substituters = [
-      "https://cache.nixos.org/?priority=2&want-mass-query=true"
+      "https://cache.nixos.org/?priority=1&want-mass-query=true"
-      "https://cache.tmmworkshop.com/?priority=2&want-mass-query=true"
+      "https://cache.tmmworkshop.com/?priority=1&want-mass-query=true"
      "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
    ];
    extra-trusted-public-keys = [
@@ -42,11 +42,6 @@
      url = "github:lilyinstarlight/nixos-cosmic";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs = {
@@ -55,7 +50,6 @@
    home-manager,
    systems,
    nixos-cosmic,
    sops-nix,
    ...
  } @ inputs: let
    inherit (self) outputs;
@@ -77,31 +71,19 @@
    nixosConfigurations = {
      bob = lib.nixosSystem {
-        modules = [
+        modules = [./systems/bob];
          ./systems/bob
        ];
        specialArgs = {inherit inputs outputs;};
      };
      jeeves = lib.nixosSystem {
-        modules = [
+        modules = [./systems/jeeves];
          ./systems/jeeves
        ];
        specialArgs = {inherit inputs outputs;};
      };
      rhapsody-in-green = lib.nixosSystem {
-        modules = [
+        modules = [./systems/rhapsody-in-green];
          ./systems/rhapsody-in-green
        ];
        specialArgs = {inherit inputs outputs;};
      };
      muninn = lib.nixosSystem {
-        modules = [
+        modules = [./systems/muninn];
          ./systems/muninn
        ];
        specialArgs = {inherit inputs outputs;};
      };
      router = lib.nixosSystem {
        modules = [./systems/router];
        specialArgs = {inherit inputs outputs;};
      };
    };
--- a/systems/bob/default.nix
+++ b/systems/bob/default.nix
@@ -3,13 +3,12 @@
    ../../users/richie
    ../../common/global
    ../../common/optional/desktop.nix
    ../../common/optional/docker.nix
    ../../common/optional/scanner.nix
    ../../common/optional/steam.nix
    ../../common/optional/syncthing_base.nix
    ../../common/optional/systemd-boot.nix
    ../../common/optional/yubikey.nix
    ../../common/optional/zerotier.nix
    ../../common/optional/yubikey.nix
    ./hardware.nix
    ./nvidia.nix
    ./syncthing.nix
@@ -34,8 +33,19 @@
  services = {
    displayManager.sddm.enable = true;
    openssh.ports = [ 262 ];
    printing.enable = true;
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
    };
    snapshot_manager.enable = true;
    zfs = {
--- a/systems/bob/nvidia.nix
+++ b/systems/bob/nvidia.nix
@@ -5,9 +5,8 @@
    nvidia = {
      modesetting.enable = true;
      powerManagement.enable = true;
-      package = config.boot.kernelPackages.nvidiaPackages.beta;
+      package = config.boot.kernelPackages.nvidiaPackages.production;
      nvidiaSettings = true;
      open = true;
    };
    nvidia-container-toolkit.enable = true;
  };
--- a/systems/jeeves/arch_mirror.nix
+++ b/systems/jeeves/arch_mirror.nix
@@ -0,0 +1,39 @@
 { inputs, pkgs, ... }:
 let
  vars = import ./vars.nix;
 in
 {
  users = {
    users.arch-mirror = {
      isSystemUser = true;
      group = "arch-mirror";
    };
    groups.arch-mirror = {};
  };
  virtualisation.oci-containers.containers.arch_mirror = {
    image = "ubuntu/apache2:latest";
    volumes = [
      "${../../common/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/"
      "${vars.media_mirror}:/data"
    ];
    ports = [ "800:80" ];
    extraOptions = [ "--network=web" ];
    autoStart = true;
  };
  systemd.services.sync_mirror = {
    requires = [ "network-online.target" ];
    after = [ "network-online.target" ];
    wantedBy = [ "multi-user.target" ];
    description = "validates startup";
    path = [ pkgs.rsync ];
    serviceConfig = {
      Environment = "MIRROR_DIR=${vars.media_mirror}/archlinux/";
      Type = "simple";
      User = "arch-mirror";
      Group = "arch-mirror";
      ExecStart = "${inputs.system_tools.packages.x86_64-linux.default}/bin/sync_mirror";
    };
  };
 }
--- a/systems/jeeves/default.nix
+++ b/systems/jeeves/default.nix
@@ -5,16 +5,15 @@ in
  imports = [
    ../../users/richie
    ../../common/global
    ../../common/optional/docker.nix
    ../../common/optional/ssh_decrypt.nix
    ../../common/optional/syncthing_base.nix
    ../../common/optional/zerotier.nix
    ./arch_mirror.nix
    ./docker
    ./hardware.nix
    ./home_assistant.nix
    ./networking.nix
    ./programs.nix
    ./runner.nix
    ./services.nix
    ./syncthing.nix
  ];
--- a/systems/jeeves/docker/haproxy.cfg
+++ b/systems/jeeves/docker/haproxy.cfg
@@ -29,18 +29,16 @@ frontend ContentSwitching
  acl host_cache  hdr(host) -i cache.tmmworkshop.com
  acl host_filebrowser  hdr(host) -i filebrowser.tmmworkshop.com
  acl host_grafana  hdr(host) -i grafana.tmmworkshop.com
-  acl host_homeassistant  hdr(host) -i homeassistant.tmmworkshop.com
+  acl host_mirror   hdr(host) -i mirror.tmmworkshop.com
  acl host_photoprism  hdr(host) -i photoprism.tmmworkshop.com
  acl host_share  hdr(host) -i share.tmmworkshop.com
  acl host_uptime_kuma  hdr(host) -i uptimekuma-jeeves.tmmworkshop.com
  use_backend audiobookshelf_nodes if host_audiobookshelf
  use_backend cache_nodes  if host_cache
  use_backend filebrowser_nodes  if host_filebrowser
  use_backend grafana_nodes  if host_grafana
-  use_backend homeassistant_nodes  if host_homeassistant
+  use_backend mirror_nodes   if host_mirror
  use_backend photoprism_nodes  if host_photoprism
  use_backend share_nodes  if host_share
  use_backend uptime_kuma_nodes  if host_uptime_kuma
 backend audiobookshelf_nodes
@@ -59,18 +57,14 @@ backend filebrowser_nodes
  mode http
  server server filebrowser:8080
-backend homeassistant_nodes
+backend mirror_nodes
  mode http
-  server server 192.168.95.14:8123
+  server server arch_mirror:80
 backend photoprism_nodes
  mode http
  server server photoprism:2342
 backend share_nodes
  mode http
  server server share:80
 backend uptime_kuma_nodes
  mode http
  server server uptime_kuma:3001
--- a/systems/jeeves/docker/postgresql.nix
+++ b/systems/jeeves/docker/postgresql.nix
@@ -13,20 +13,20 @@ in
    };
  };
-  virtualisation.oci-containers.containers = {
+  # virtualisation.oci-containers.containers = {
-    postgres = {
+  #   postgres = {
-      image = "postgres:17";
+  #     image = "postgres:16";
-      ports = [ "5432:5432" ];
+  #     ports = [ "5432:5432" ];
-      volumes = [ "${vars.media_database}/postgres:/var/lib/postgresql/data" ];
+  #     volumes = [ "${vars.media_database}/postgres:/var/lib/postgresql/data" ];
-      environment = {
+  #     environment = {
-        POSTGRES_USER = "admin";
+  #       POSTGRES_USER = "admin";
-        POSTGRES_DB = "archive";
+  #       POSTGRES_DB = "archive";
-        POSTGRES_INITDB_ARGS = "--auth-host=scram-sha-256";
+  #       POSTGRES_INITDB_ARGS = "--auth-host=scram-sha-256";
-      };
+  #     };
-      environmentFiles = [ "${vars.storage_secrets}/docker/postgres" ];
+  #     environmentFiles = [/root/secrets/docker/postgres];
-      autoStart = true;
+  #     autoStart = true;
-      user = "postgres:postgres";
+  #     user = "postgres:postgres";
-    };
+  #   };
-  };
+  # };
 }
--- a/systems/jeeves/docker/prowlarr.nix
+++ b/systems/jeeves/docker/prowlarr.nix
@@ -0,0 +1,17 @@
 let
  vars = import ../vars.nix;
 in
 {
  networking.firewall.allowedTCPPorts = [ 9696 ];
  virtualisation.oci-containers.containers.prowlarr = {
    image = "ghcr.io/linuxserver/prowlarr:latest";
    ports = [ "9696:9696" ];
    environment = {
      PUID = "600";
      PGID = "100";
      TZ = "America/New_York";
    };
    volumes = [ "${vars.media_docker_configs}/prowlarr:/config" ];
    autoStart = true;
  };
 }
--- a/systems/jeeves/docker/qbit.nix
+++ b/systems/jeeves/docker/qbit.nix
@@ -4,10 +4,10 @@ in
 {
  networking.firewall = {
    allowedTCPPorts = [ 6881 8082 29432 ]; 
-    allowedUDPPorts = [ 6881 29432 ];
+    allowedUDPPorts = [ 6881 ];
  };
  virtualisation.oci-containers.containers.qbit = {
-    image = "ghcr.io/linuxserver/qbittorrent:5.0.2";
+    image = "ghcr.io/linuxserver/qbittorrent:latest";
    ports = [
      "6881:6881"
      "6881:6881/udp"
--- a/systems/jeeves/docker/qbitvpn.nix
+++ b/systems/jeeves/docker/qbitvpn.nix
@@ -7,8 +7,7 @@ in
    allowedUDPPorts = [ 6882 ];
  };
  virtualisation.oci-containers.containers.qbitvpn = {
-    image = "binhex/arch-qbittorrentvpn:5.0.3-1-01";
+    image = "binhex/arch-qbittorrentvpn:latest";
    devices = [ "/dev/net/tun:/dev/net/tun" ];
    extraOptions = [ "--cap-add=NET_ADMIN" ];
    ports = [
      "6882:6881"
--- a/systems/jeeves/docker/reverse_proxy.nix
+++ b/systems/jeeves/docker/reverse_proxy.nix
@@ -14,6 +14,7 @@ in
        "${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg"
      ];
      dependsOn = [
        "arch_mirror"
        "audiobookshelf"
        "filebrowser"
        "grafana"
--- a/systems/jeeves/docker/share.nix
+++ b/systems/jeeves/docker/share.nix
@@ -1,14 +0,0 @@
 let
  vars = import ../vars.nix;
 in
 {
  virtualisation.oci-containers.containers.share = {
    image = "ubuntu/apache2:latest";
    volumes = [
      "${../../../common/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/"
      "${vars.media_share}:/data"
    ];
    extraOptions = [ "--network=web" ];
    autoStart = true;
  };
 }
--- a/systems/jeeves/docker/sonarr.nix
+++ b/systems/jeeves/docker/sonarr.nix
@@ -0,0 +1,21 @@
 let
  vars = import ../vars.nix;
 in
 {
  networking.firewall.allowedTCPPorts = [ 9696 8989 ];
  virtualisation.oci-containers.containers.sonarr = {
    image = "ghcr.io/linuxserver/sonarr:latest";
    ports = [ "8989:8989" ];
    environment = {
      PUID = "600";
      PGID = "100";
      TZ = "America/New_York";
    };
    volumes = [
      "${vars.media_docker_configs}/sonarr:/config"
      "${vars.storage_plex}/tv:/tv"
      "${vars.torrenting_qbitvpn}:/data"
    ];
    autoStart = true;
  };
 }
--- a/systems/jeeves/home_assistant.nix
+++ b/systems/jeeves/home_assistant.nix
@@ -1,11 +1,7 @@
 let
  vars = import ./vars.nix;
 in
 {
  services.home-assistant = {
    enable = true;
    openFirewall = true;
    configDir = vars.media_home_assistant;
    config = {
      http = {
        server_port = 8123;
@@ -15,7 +11,7 @@ in
          "192.168.98.4"
        ];
        use_x_forwarded_for = true;
-        trusted_proxies = "172.18.0.0/24";
+        trusted_proxies = "172.100.0.4";
      };
      homeassistant = {
        time_zone = "America/New_York";
@@ -38,10 +34,6 @@ in
      sun = { };
      webhook = { };
      zeroconf = { };
      automation = "!include automations.yaml";
      script = "!include scripts.yaml";
      scene = "!include scenes.yaml";
      group = "!include groups.yaml";
    };
    extraPackages =
      python3Packages: with python3Packages; [
--- a/systems/jeeves/networking.nix
+++ b/systems/jeeves/networking.nix
@@ -23,8 +23,7 @@
    networks = {
      "10-1GB_Primary" = {
        matchConfig.Name = "enp98s0f0";
-        address = [ "192.168.95.14/24" ];
+        DHCP = "yes";
        routes = [{ Gateway = "192.168.95.1"; }];
        vlan = [ "ioit-vlan" ];
        linkConfig.RequiredForOnline = "routable";
      };
--- a/systems/jeeves/runner.nix
+++ b/systems/jeeves/runner.nix
@@ -1,29 +0,0 @@
 { pkgs, ... }:
 let
  vars = import ./vars.nix;
 in
 {
  users = {
    users.github-runners = {
      isSystemUser = true;
      group = "github-runners";
      uid = 601;
    };
    groups.github-runners = {
      gid = 601;
    };
  };
  services.github-runners.nix_builder = {
    enable = true;
    replace = true;
    workDir = "/zfs/media/github-runners/nix_builder/";
    url = "https://github.com/RichieCahill/dotfiles";
    extraLabels = [ "nixos" ];
    tokenFile = "${vars.storage_secrets}/services/github_runners/nix_builder";
    user = "github-runners";
    group = "github-runners";
    extraPackages = [ pkgs.nixos-rebuild ];
    # extraEnvironment
  };
 }
--- a/systems/jeeves/scripts/zfs.sh
+++ b/systems/jeeves/scripts/zfs.sh
@@ -18,12 +18,11 @@ sudo zpool add torrenting -o ashift=12 special
 # media datasets
 sudo zfs create -o compression=zstd-9 media/docker
 sudo zfs create -o recordsize=1M -o compression=zstd-19 media/library
-sudo zfs create -o compression=zstd-9 -o sync=disabled media/github-runners
+sudo zfs create -o exec=off media/minio
 sudo zfs create -o exec=off media/mirror
 sudo zfs create -o copies=3 media/notes
 sudo zfs create -o recordsize=16k -o primarycache=metadata -o mountpoint=/zfs/media/database/photoprism_mariadb media/photoprism_mariadb
 sudo zfs create -o compression=zstd-9 media/plex
 sudo zfs create -o compression=zstd-19 media/home_assistant
 sudo zfs create -o exec=off media/share
 sudo zfs create -o recordsize=16k -o primarycache=metadata -o mountpoint=/zfs/media/database/postgres media/postgres
 # storage datasets
--- a/systems/jeeves/vars.nix
+++ b/systems/jeeves/vars.nix
@@ -10,10 +10,8 @@ in
  media_docker = "${zfs_media}/docker";
  media_docker_configs = "${zfs_media}/docker/configs";
  media_mirror = "${zfs_media}/mirror";
  media_share = "${zfs_media}/share";
  media_notes = "${zfs_media}/notes";
  media_plex = "${zfs_media}/plex";
  media_home_assistant = "${zfs_media}/home_assistant";
  # storage
  storage_main = "${zfs_storage}/main";
  storage_photos = "${zfs_storage}/photos";
--- a/systems/muninn/default.nix
+++ b/systems/muninn/default.nix
@@ -1,19 +1,11 @@
 { inputs, pkgs, ... }:
 {
  imports = [
    ../../users/gaming
    ../../users/richie
    ../../common/global
    ../../common/optional/desktop.nix
    ../../common/optional/steam.nix
    ../../common/optional/systemd-boot.nix
    ../../common/optional/update.nix
    ./hardware.nix
    inputs.nixos-hardware.nixosModules.framework-11th-gen-intel
  ];
  environment.systemPackages = with pkgs; [
    plex-media-player
  ];
  networking = {
@@ -29,23 +21,24 @@
      enable = true;
      powerOnBoot = true;
    };
    firmware = [ pkgs.sof-firmware ];
  };
  security.rtkit.enable = true;
  services = {
    displayManager = {
      enable = true;
      autoLogin = {
        user = "gaming";
        enable = true;
      };
      defaultSession = "steam";
      # defaultSession = "plasma";
    };
-    openssh.ports = [ 295 ];
+    displayManager.sddm.enable = true;
    openssh.ports = [ 262 ];
    printing.enable = true;
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
    };
    snapshot_manager.enable = true;
--- a/systems/muninn/hardware.nix
+++ b/systems/muninn/hardware.nix
@@ -12,13 +12,15 @@
        "usb_storage"
        "sd_mod"
      ];
      clevis = {
        enable = true;
        devices."luks-root-pool-nvme-INTEL_SSDPEKKW256G7_BTPY63820XBH256D-part2".secretFile = /root/key.jwe;
      };
      kernelModules = [ ];
      luks.devices."luks-root-pool-nvme-INTEL_SSDPEKKW256G7_BTPY63820XBH256D-part2" = {
        device = "/dev/disk/by-id/nvme-INTEL_SSDPEKKW256G7_BTPY63820XBH256D-part2";
        bypassWorkqueues = true;
        allowDiscards = true;
        keyFileSize = 4096;
        keyFile = "/dev/disk/by-id/usb-SanDisk_Ultra_T_C_4C530001020919102244-0:0";
      };
    };
    kernelModules = [ "kvm-intel" ];
--- a/systems/rhapsody-in-green/default.nix
+++ b/systems/rhapsody-in-green/default.nix
@@ -4,8 +4,6 @@
    ../../users/richie
    ../../common/global
    ../../common/optional/desktop.nix
    ../../common/optional/docker.nix
    ../../common/optional/steam.nix
    ../../common/optional/syncthing_base.nix
    ../../common/optional/systemd-boot.nix
    ../../common/optional/yubikey.nix
@@ -34,8 +32,19 @@
  services = {
    displayManager.sddm.enable = true;
    openssh.ports = [ 922 ];
    printing.enable = true;
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
    };
    snapshot_manager.enable = true;
    zfs = {
--- a/systems/router/default.nix
+++ b/systems/router/default.nix
@@ -1,32 +0,0 @@
 {
  imports = [
    ../../users/richie
    ../../common/global
    ../../common/optional/systemd-boot.nix
    ../../common/optional/zerotier.nix
    ./hardware.nix
  ];
  networking = {
    hostName = "router";
    hostId = "c58bbb8b";
    firewall.enable = true;
    networkmanager.enable = true;
  };
  security.rtkit.enable = true;
  services = {
    openssh.ports = [ 972 ];
    snapshot_manager.enable = true;
    zfs = {
      trim.enable = true;
      autoScrub.enable = true;
    };
  };
  system.stateVersion = "24.05";
 }
--- a/systems/router/hardware.nix
+++ b/systems/router/hardware.nix
@@ -1,67 +0,0 @@
 { config, lib, modulesPath, ... }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot = {
    initrd = {
      availableKernelModules = [ 
        "ahci"
        "ehci_pci"
        "nvme"
        "sd_mod"
        "usb_storage"
        "usbhid"
        "xhci_pci"
      ];
      kernelModules = [ ];
      luks.devices."luks-root-pool-wwn-0x500a0751e6c3c01c-part2"= {
        device = "/dev/disk/by-id/wwn-0x500a0751e6c3c01c-part2";
        bypassWorkqueues = true;
        allowDiscards = true;
        fallbackToPassword = true;
        keyFileSize = 4096;
        keyFile = "/dev/disk/by-id/usb-Samsung_Flash_Drive_FIT_0374220080010715-0:0";
      };
    };
    kernelModules = [ "kvm-intel" ];
    extraModulePackages = [ ];
  };
  fileSystems = {
    "/" = lib.mkDefault {
      device = "root_pool/root";
      fsType = "zfs";
    };
    "/home" = {
      device = "root_pool/home";
      fsType = "zfs";
    };
    "/var" = {
      device = "root_pool/var";
      fsType = "zfs";
    };
    "/nix" = {
      device = "root_pool/nix";
      fsType = "zfs";
    };
    "/boot" = {
      device = "/dev/disk/by-uuid/12CE-A600";
      fsType = "vfat";
      options = [
        "fmask=0077"
        "dmask=0077"
      ];
    };
  };
  swapDevices = [ ];
  networking.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/tools/installer.py
+++ b/tools/installer.py
@@ -2,10 +2,8 @@
 from __future__ import annotations
 import curses
 import logging
 import sys
 from collections import defaultdict
 from os import getenv
 from pathlib import Path
 from random import getrandbits
@@ -111,9 +109,7 @@ def create_zfs_pool(pool_disks: Sequence[str], mnt_dir: str) -> None:
        "-O normalization=formD "
        "-O relatime=on "
        "-O xattr=sa "
-        "-O mountpoint=legacy "
+        "-O mountpoint=none "
        "-O compression=zstd "
        "-O atime=off "
        "root_pool "
    )
    if len(pool_disks) == 1:
@@ -131,101 +127,26 @@ def create_zfs_pool(pool_disks: Sequence[str], mnt_dir: str) -> None:
 def create_zfs_datasets() -> None:
    """Create ZFS datasets."""
    default_options = "-o compression=zstd -o atime=off -o mountpoint=legacy"
-    bash_wrapper("zfs create -o canmount=noauto root_pool/root")
+    bash_wrapper(f"zfs create {default_options} -o canmount=noauto root_pool/root")
-    bash_wrapper("zfs create root_pool/home")
+    for dataset in ("home", "var"):
-    bash_wrapper("zfs create root_pool/var")
+        bash_wrapper(f"zfs create {default_options} root_pool/{dataset}")
    bash_wrapper("zfs create -o compression=zstd-9 root_pool/nix")
    datasets = bash_wrapper("zfs list -o name")
-    expected_datasets = {
+    expected_datasets = {"root_pool/root", "root_pool/home", "root_pool/var"}
        "root_pool/root",
        "root_pool/home",
        "root_pool/var",
        "root_pool/nix",
    }
    missing_datasets = expected_datasets.difference(datasets.splitlines())
    if missing_datasets:
        logging.critical(f"Failed to create pools {missing_datasets}")
        sys.exit(1)
 def get_cpu_manufacturer() -> str:
    """Get the CPU manufacturer."""
    output = bash_wrapper("cat /proc/cpuinfo")
    id_vendor = {"AuthenticAMD": "amd", "GenuineIntel": "intel"}
    for line in output.splitlines():
        if "vendor_id" in line:
            return id_vendor[line.split(": ")[1].strip()]
 def get_boot_drive_id(disk: str) -> str:
    """Get the boot drive ID."""
    output = bash_wrapper(f"lsblk -o UUID {disk}-part1")
    return output.splitlines()[1]
 def create_nix_hardware_file(mnt_dir: str, disks: Sequence[str], encrypt: bool) -> None:
    """Create a NixOS hardware file."""
    cpu_manufacturer = get_cpu_manufacturer()
    devices = ""
    if encrypt:
        disk = disks[0]
        devices = (
            f'     luks.devices."luks-root-pool-{disk.split("/")[-1]}-part2"'
            "= {\n"
            f'        device = "{disk}-part2";\n'
            "        bypassWorkqueues = true;\n"
            "        allowDiscards = true;\n"
            "      };\n"
        )
    host_id = format(getrandbits(32), "08x")
    nix_hardware = (
        "{ config, lib, modulesPath, ... }:\n"
        "{\n"
        '  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];\n\n'
        "  boot = {\n"
        "    initrd = {\n"
        '      availableKernelModules = [ \n        "ahci"\n        "ehci_pci"\n        "nvme"\n        "sd_mod"\n        "usb_storage"\n        "usbhid"\n        "xhci_pci"\n      ];\n'
        "      kernelModules = [ ];\n"
        f" {devices}"
        "    };\n"
        f'    kernelModules = [ "kvm-{cpu_manufacturer}" ];\n'
        "    extraModulePackages = [ ];\n"
        "  };\n\n"
        "  fileSystems = {\n"
        '    "/" = lib.mkDefault {\n      device = "root_pool/root";\n      fsType = "zfs";\n    };\n\n'
        '    "/home" = {\n      device = "root_pool/home";\n      fsType = "zfs";\n    };\n\n'
        '    "/var" = {\n      device = "root_pool/var";\n      fsType = "zfs";\n    };\n\n'
        '    "/nix" = {\n      device = "root_pool/nix";\n      fsType = "zfs";\n    };\n\n'
        '    "/boot" = {\n'
        f'      device = "/dev/disk/by-uuid/{get_boot_drive_id(disks[0])}";\n'
        '      fsType = "vfat";\n      options = [\n        "fmask=0077"\n        "dmask=0077"\n      ];\n    };\n  };\n\n'
        "  swapDevices = [ ];\n\n"
        "  networking.useDHCP = lib.mkDefault true;\n\n"
        '  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";\n'
        f"  hardware.cpu.{cpu_manufacturer}.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;\n"
        f'  networking.hostId = "{host_id}";\n'
        "}\n"
    )
    Path(f"{mnt_dir}/etc/nixos/hardware-configuration.nix").write_text(nix_hardware)
 def install_nixos(mnt_dir: str, disks: Sequence[str], encrypt: bool) -> None:
    """Install NixOS."""
    bash_wrapper(f"mount -o X-mount.mkdir -t zfs root_pool/root {mnt_dir}")
    bash_wrapper(f"mount -o X-mount.mkdir -t zfs root_pool/home {mnt_dir}/home")
    bash_wrapper(f"mount -o X-mount.mkdir -t zfs root_pool/var {mnt_dir}/var")
    bash_wrapper(f"mount -o X-mount.mkdir -t zfs root_pool/nix {mnt_dir}/nix")
    for disk in disks:
        bash_wrapper(f"mkfs.vfat -n EFI {disk}-part1")
@@ -236,20 +157,43 @@ def install_nixos(mnt_dir: str, disks: Sequence[str], encrypt: bool) -> None:
    bash_wrapper(f"nixos-generate-config --root {mnt_dir}")
-    create_nix_hardware_file(mnt_dir, disks, encrypt)
+    host_id = format(getrandbits(32), "08x")
    nix_hardware = Path(f"{mnt_dir}/etc/nixos/hardware-configuration.nix").read_text()
    nix_hardware = nix_hardware.replace(
        ";\n}", f';\n  networking.hostId = "{host_id}";' "\n}"
    )
    if encrypt:
        test = [
            f'    "luks-root-pool-{disk.split("/")[-1]}-part2".device = "{disk}-part2";\n'
            for disk in disks
        ]
        encrypted_disks = (
            ";\n  boot.initrd.luks.devices = {\n" f"{''.join(test)}" "  };\n" "}"
        )
        nix_hardware = nix_hardware.replace(";\n}", encrypted_disks)
    Path(f"{mnt_dir}/etc/nixos/hardware-configuration.nix").write_text(nix_hardware)
    run(("nixos-install", "--root", mnt_dir), check=True)  # noqa: S603
-def installer(
+def main() -> None:
    disks: set[str],
    swap_size: int,
    reserve: int,
    encrypt_key: str | None,
 ) -> None:
    """Main."""
    configure_logger("DEBUG")
    logging.info("Starting installation")
    disks = ("/dev/disk/by-id/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",)
    # Set swap size in GB, set to 1 if you don't want swap to take up too much space
    swap_size = 1
    reserve = 0
    encrypt_key = getenv("ENCRYPT_KEY")
    for disk in disks:
        partition_disk(disk, swap_size, reserve)
@@ -281,403 +225,5 @@ def installer(
    logging.info("Installation complete")
 class Cursor:
    def __init__(self):
        self.x_position = 0
        self.y_position = 0
        self.height = 0
        self.width = 0
    def set_height(self, height: int):
        self.height = height
    def set_width(self, width: int):
        self.width = width
    def x_bounce_check(self, cursor: int) -> int:
        cursor = max(0, cursor)
        return min(self.width - 1, cursor)
    def y_bounce_check(self, cursor: int) -> int:
        cursor = max(0, cursor)
        return min(self.height - 1, cursor)
    def set_x(self, x: int):
        self.x_position = self.x_bounce_check(x)
    def set_y(self, y: int):
        self.y_position = self.y_bounce_check(y)
    def get_x(self) -> int:
        return self.x_position
    def get_y(self) -> int:
        return self.y_position
    def move_up(self):
        self.set_y(self.y_position - 1)
    def move_down(self):
        self.set_y(self.y_position + 1)
    def move_left(self):
        self.set_x(self.x_position - 1)
    def move_right(self):
        self.set_x(self.x_position + 1)
    def navigation(self, key: int) -> None:
        action = {
            curses.KEY_DOWN: self.move_down,
            curses.KEY_UP: self.move_up,
            curses.KEY_RIGHT: self.move_right,
            curses.KEY_LEFT: self.move_left,
        }
        action.get(key, lambda: None)()
 class State:
    """State class to store the state of the program."""
    def __init__(self):
        self.key = 0
        self.cursor = Cursor()
        self.swap_size = 0
        self.show_swap_input = False
        self.reserve_size = 0
        self.show_reserve_input = False
        self.selected_device_ids = set()
    def get_selected_devices(self) -> tuple[str]:
        """Get selected devices."""
        return tuple(self.selected_device_ids)
 def get_device(raw_device: str) -> dict[str, str]:
    raw_device_components = raw_device.split(" ")
    return {
        thing.split("=")[0].lower(): thing.split("=")[1].strip('"')
        for thing in raw_device_components
    }
 def get_devices() -> list[dict[str, str]]:
    """Get a list of devices."""
    # --bytes
    raw_devices = bash_wrapper("lsblk --paths --pairs").splitlines()
    return [get_device(raw_device) for raw_device in raw_devices]
 def get_device_id_mapping() -> dict[str, set[str]]:
    """Get a list of device ids.
    Returns:
        list[str]: the list of device ids
    """
    device_ids = bash_wrapper("find /dev/disk/by-id -type l").splitlines()
    device_id_mapping: dict[str, set[str]] = defaultdict(set)
    for device_id in device_ids:
        device = bash_wrapper(f"readlink -f {device_id}").strip()
        device_id_mapping[device].add(device_id)
    return device_id_mapping
 def calculate_device_menu_padding(
    devices: list[dict[str, str]], column: str, padding: int = 0
 ) -> int:
    return max(len(device[column]) for device in devices) + padding
 def draw_device_ids(
    state: State,
    row_number: int,
    menu_start_x: int,
    std_screen: curses.window,
    menu_width: list[int],
    device_ids: set[str],
 ) -> tuple[State, int]:
    for device_id in sorted(device_ids):
        row_number = row_number + 1
        if row_number == state.cursor.get_y() and state.cursor.get_x() in menu_width:
            std_screen.attron(curses.A_BOLD)
            if state.key == ord(" "):
                if device_id not in state.selected_device_ids:
                    state.selected_device_ids.add(device_id)
                else:
                    state.selected_device_ids.remove(device_id)
        if device_id in state.selected_device_ids:
            std_screen.attron(curses.color_pair(7))
        std_screen.addstr(row_number, menu_start_x, f"  {device_id}")
        std_screen.attroff(curses.color_pair(7))
        std_screen.attroff(curses.A_BOLD)
    return state, row_number
 def draw_device_menu(
    std_screen: curses.window,
    devices: list[dict[str, str]],
    device_id_mapping: dict[str, set[str]],
    state: State,
    menu_start_y: int = 0,
    menu_start_x: int = 0,
 ) -> State:
    """draw the device menu and handle user input
    Args:
        std_screen (curses.window): the curses window to draw on
        devices (list[dict[str, str]]): the list of devices to draw
        device_id_mapping (dict[str, set[str]]): the list of device ids to draw
        state (State): the state object to update
        menu_start_y (int, optional): the y position to start drawing the menu. Defaults to 0.
        menu_start_x (int, optional): the x position to start drawing the menu. Defaults to 0.
    Returns:
        State: the updated state object
    """
    padding = 2
    name_padding = calculate_device_menu_padding(devices, "name", padding)
    size_padding = calculate_device_menu_padding(devices, "size", padding)
    type_padding = calculate_device_menu_padding(devices, "type", padding)
    mountpoints_padding = calculate_device_menu_padding(devices, "mountpoints", padding)
    device_header = f"{"Name":{name_padding}}{"Size":{size_padding}}{"Type":{type_padding}}{"Mountpoints":{mountpoints_padding}}"
    menu_width = range(menu_start_x, len(device_header) + menu_start_x)
    std_screen.addstr(menu_start_y, menu_start_x, device_header, curses.color_pair(5))
    devises_list_start = menu_start_y + 1
    row_number = devises_list_start
    for device in devices:
        row_number = row_number + 1
        device_name = device["name"]
        device_row = (
            f"{device_name:{name_padding}}"
            f"{device['size']:{size_padding}}"
            f"{device['type']:{type_padding}}"
            f"{device['mountpoints']:{mountpoints_padding}}"
        )
        std_screen.addstr(row_number, menu_start_x, device_row)
        state, row_number = draw_device_ids(
            state=state,
            row_number=row_number,
            menu_start_x=menu_start_x,
            std_screen=std_screen,
            menu_width=menu_width,
            device_ids=device_id_mapping[device_name],
        )
    return state, row_number
 def debug_menu(std_screen: curses.window, key: int) -> None:
    height, width = std_screen.getmaxyx()
    width_height = "Width: {}, Height: {}".format(width, height)
    std_screen.addstr(height - 4, 0, width_height, curses.color_pair(5))
    key_pressed = f"Last key pressed: {key}"[: width - 1]
    if key == 0:
        key_pressed = "No key press detected..."[: width - 1]
    std_screen.addstr(height - 3, 0, key_pressed)
    for i in range(0, 8):
        std_screen.addstr(height - 2, i * 3, f"{i}██", curses.color_pair(i))
 def status_bar(
    std_screen: curses.window,
    cursor: Cursor,
    width: int,
    height: int,
 ) -> None:
    std_screen.attron(curses.A_REVERSE)
    std_screen.attron(curses.color_pair(3))
    status_bar = (
        f"Press 'q' to exit | STATUS BAR | Pos: {cursor.get_x()}, {cursor.get_y()}"
    )
    std_screen.addstr(height - 1, 0, status_bar)
    std_screen.addstr(height - 1, len(status_bar), " " * (width - len(status_bar) - 1))
    std_screen.attroff(curses.color_pair(3))
    std_screen.attroff(curses.A_REVERSE)
 def set_color() -> None:
    curses.start_color()
    curses.use_default_colors()
    for i in range(0, curses.COLORS):
        curses.init_pair(i + 1, i, -1)
 def get_text_input(std_screen: curses.window, prompt: str, y: int, x: int) -> str:
    curses.echo()
    std_screen.addstr(y, x, prompt)
    input_str = ""
    while True:
        key = std_screen.getch()
        if key == ord("\n"):
            break
        elif key == 27:  # ESC key
            input_str = ""
            break
        elif key in (curses.KEY_BACKSPACE, ord("\b"), 127):
            input_str = input_str[:-1]
            std_screen.addstr(y, x + len(prompt), input_str + " ")
        else:
            input_str += chr(key)
        std_screen.refresh()
    curses.noecho()
    return input_str
 def swap_size_input(
    std_screen: curses.window,
    state: State,
    swap_offset: int,
 ) -> State:
    swap_size_text = "Swap size (GB): "
    std_screen.addstr(swap_offset, 0, f"{swap_size_text}{state.swap_size}")
    if state.key == ord("\n") and state.cursor.get_y() == swap_offset:
        state.show_swap_input = True
    if state.show_swap_input:
        swap_size_str = get_text_input(std_screen, swap_size_text, swap_offset, 0)
        try:
            state.swap_size = int(swap_size_str)
            state.show_swap_input = False
        except ValueError:
            std_screen.addstr(
                swap_offset, 0, "Invalid input. Press any key to continue."
            )
            std_screen.getch()
            state.show_swap_input = False
    return state
 def reserve_size_input(
    std_screen: curses.window,
    state: State,
    reserve_offset: int,
 ) -> State:
    reserve_size_text = "reserve size (GB): "
    std_screen.addstr(reserve_offset, 0, f"{reserve_size_text}{state.reserve_size}")
    if state.key == ord("\n") and state.cursor.get_y() == reserve_offset:
        state.show_reserve_input = True
    if state.show_reserve_input:
        reserve_size_str = get_text_input(
            std_screen, reserve_size_text, reserve_offset, 0
        )
        try:
            state.reserve_size = int(reserve_size_str)
            state.show_reserve_input = False
        except ValueError:
            std_screen.addstr(
                reserve_offset, 0, "Invalid input. Press any key to continue."
            )
            std_screen.getch()
            state.show_reserve_input = False
    return state
 def draw_menu(std_screen: curses.window) -> State:
    """draw the menu and handle user input
    Args:
        std_screen (curses.window): the curses window to draw on
    Returns:
        State: the state object
    """
    # Clear and refresh the screen for a blank canvas
    std_screen.clear()
    std_screen.refresh()
    set_color()
    state = State()
    devices = get_devices()
    device_id_mapping = get_device_id_mapping()
    # Loop where k is the last character pressed
    while state.key != ord("q"):
        std_screen.clear()
        height, width = std_screen.getmaxyx()
        state.cursor.set_height(height)
        state.cursor.set_width(width)
        state.cursor.navigation(state.key)
        state, device_menu_size = draw_device_menu(
            std_screen=std_screen,
            state=state,
            devices=devices,
            device_id_mapping=device_id_mapping,
        )
        swap_offset = device_menu_size + 2
        swap_size_input(
            std_screen=std_screen,
            state=state,
            swap_offset=swap_offset,
        )
        reserve_size_input(
            std_screen=std_screen,
            state=state,
            reserve_offset=swap_offset + 1,
        )
        status_bar(std_screen, state.cursor, width, height)
        debug_menu(std_screen, state.key)
        std_screen.move(state.cursor.get_y(), state.cursor.get_x())
        std_screen.refresh()
        state.key = std_screen.getch()
    return state
 def main() -> None:
    configure_logger("DEBUG")
    state = curses.wrapper(draw_menu)
    encrypt_key = getenv("ENCRYPT_KEY")
    logging.info("installing_nixos")
    logging.info(f"disks: {state.selected_device_ids}")
    logging.info(f"swap_size: {state.swap_size}")
    logging.info(f"reserve: {state.reserve_size}")
    logging.info(f"encrypted: {bool(encrypt_key)}")
    sleep(3)
    installer(
        disks=state.get_selected_devices(),
        swap_size=state.swap_size,
        reserve=state.reserve_size,
        encrypt_key=encrypt_key,
    )
 if __name__ == "__main__":
    main()
--- a/users/gaming/default.nix
+++ b/users/gaming/default.nix
@@ -1,31 +0,0 @@
 {
  pkgs,
  config,
  ...
 }: 
 {
  sops.secrets.gaming_password = {
    sopsFile = ../secrets.yaml;
    neededForUsers = true;
  };
  users = {
    users.gaming = {
      isNormalUser = true;
      hashedPasswordFile = "${config.sops.secrets.gaming_password.path}";
      shell = pkgs.zsh;
      group = "gaming";
      extraGroups =
      [
        "audio"
        "video"
        "users"
      ];
      uid = 1100;
    };
    groups.gaming.gid = 1100;
  };
  home-manager.users.gaming = import ./systems/${config.networking.hostName}.nix; 
 }
--- a/users/gaming/home/firefox.nix
+++ b/users/gaming/home/firefox.nix
@@ -1,251 +0,0 @@
 { inputs, ... }:
 {
  programs.firefox = {
    enable = true;
    profiles.richie = {
      extensions = with inputs.firefox-addons.packages.x86_64-linux; [
        bitwarden
        darkreader
        dearrow
        fastforwardteam
        return-youtube-dislikes
        sponsorblock
        ublock-origin
      ];
      search = {
        force = true;
        default = "Google";
        order = [ "Google" ];
      };
      settings = {
        # Makes Firefox use the PlayStation 5 user agent
        "general.useragent.override" = "Mozilla/5.0 (PlayStation; PlayStation 5/10.01) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15,gzip(gfe),gzip(gfe)";
        # SECTION: FASTFOX
        # GENERAL
        "content.notify.interval" = 100000;
        # GFX
        "gfx.canvas.accelerated.cache-items" = 4096;
        "gfx.canvas.accelerated.cache-size" = 512;
        "gfx.content.skia-font-cache-size" = 20;
        # DISK CACHE
        "browser.cache.jsbc_compression_level" = 3;
        # MEDIA CACHE
        "media.memory_cache_max_size" = 65536;
        "media.cache_readahead_limit" = 7200;
        "media.cache_resume_threshold" = 3600;
        # IMAGE CACHE
        "image.mem.decode_bytes_at_a_time" = 32768;
        # NETWORK
        "network.buffer.cache.size" = 262144;
        "network.buffer.cache.count" = 128;
        "network.http.max-connections" = 1800;
        "network.http.max-persistent-connections-per-server" = 10;
        "network.http.max-urgent-start-excessive-connections-per-host" = 5;
        "network.http.pacing.requests.enabled" = false;
        "network.dnsCacheExpiration" = 3600;
        "network.dns.max_high_priority_threads" = 8;
        "network.ssl_tokens_cache_capacity" = 10240;
        # SPECULATIVE LOADING
        "network.dns.disablePrefetch" = true;
        "network.prefetch-next" = false;
        "network.predictor.enabled" = false;
        # EXPERIMENTAL
        "layout.css.grid-template-masonry-value.enabled" = true;
        "dom.enable_web_task_scheduling" = true;
        "layout.css.has-selector.enabled" = true;
        "dom.security.sanitizer.enabled" = true;
        # SECTION: SECUREFOX
        # TRACKING PROTECTION
        "browser.contentblocking.category" = "strict";
        "urlclassifier.trackingSkipURLs" = "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com";
        "urlclassifier.features.socialtracking.skipURLs" = "*.instagram.com, *.twitter.com, *.twimg.com";
        "network.cookie.sameSite.noneRequiresSecure" = true;
        "browser.download.start_downloads_in_tmp_dir" = true;
        "browser.helperApps.deleteTempFileOnExit" = true;
        "browser.uitour.enabled" = false;
        "privacy.globalprivacycontrol.enabled" = true;
        # OCSP & CERTS / HPKP
        "security.OCSP.enabled" = 0;
        "security.remote_settings.crlite_filters.enabled" = true;
        "security.pki.crlite_mode" = 2;
        # SSL / TLS
        "security.ssl.treat_unsafe_negotiation_as_broken" = true;
        "browser.xul.error_pages.expert_bad_cert" = true;
        "security.tls.enable_0rtt_data" = false;
        # DISK AVOIDANCE
        "browser.privatebrowsing.forceMediaMemoryCache" = true;
        "browser.sessionstore.interval" = 60000;
        # SHUTDOWN & SANITIZING
        "privacy.history.custom" = true;
        # SEARCH / URL BAR
        "browser.search.separatePrivateDefault.ui.enabled" = true;
        "browser.urlbar.update2.engineAliasRefresh" = true;
        # PREF: restore search engine suggestions
        "browser.search.suggest.enabled" = true;
        "browser.urlbar.suggest.quicksuggest.sponsored" = false;
        "browser.urlbar.suggest.quicksuggest.nonsponsored" = false;
        "browser.formfill.enable" = false;
        "security.insecure_connection_text.enabled" = true;
        "security.insecure_connection_text.pbmode.enabled" = true;
        "network.IDN_show_punycode" = true;
        # HTTPS-FIRST POLICY
        "dom.security.https_first" = true;
        "dom.security.https_first_schemeless" = true;
        # PASSWORDS
        "signon.formlessCapture.enabled" = false;
        "signon.rememberSignons" = false;
        "signon.privateBrowsingCapture.enabled" = false;
        "network.auth.subresource-http-auth-allow" = 1;
        "editor.truncate_user_pastes" = false;
        # MIXED CONTENT + CROSS-SITE
        "security.mixed_content.block_display_content" = true;
        "security.mixed_content.upgrade_display_content" = true;
        "security.mixed_content.upgrade_display_content.image" = true;
        "pdfjs.enableScripting" = false;
        "extensions.postDownloadThirdPartyPrompt" = false;
        # HEADERS / REFERERS
        "network.http.referer.XOriginTrimmingPolicy" = 2;
        # CONTAINERS
        "privacy.userContext.ui.enabled" = true;
        # WEBRTC
        "media.peerconnection.ice.proxy_only_if_behind_proxy" = true;
        "media.peerconnection.ice.default_address_only" = true;
        # SAFE BROWSING
        "browser.safebrowsing.downloads.remote.enabled" = false;
        # MOZILLA
        # PREF: allow websites to ask you to receive site notifications
        "permissions.default.desktop-notification" = 0; # allow websites to ask
        # PREF: allow websites to ask you for your location
        "permissions.default.geo" = 0;
        "geo.provider.network.url" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
        "permissions.manager.defaultsUrl" = "";
        "webchannel.allowObject.urlWhitelist" = "";
        # TELEMETRY
        "datareporting.policy.dataSubmissionEnabled" = false;
        "datareporting.healthreport.uploadEnabled" = false;
        "toolkit.telemetry.unified" = false;
        "toolkit.telemetry.enabled" = false;
        "toolkit.telemetry.server" = "data:,";
        "toolkit.telemetry.archive.enabled" = false;
        "toolkit.telemetry.newProfilePing.enabled" = false;
        "toolkit.telemetry.shutdownPingSender.enabled" = false;
        "toolkit.telemetry.updatePing.enabled" = false;
        "toolkit.telemetry.bhrPing.enabled" = false;
        "toolkit.telemetry.firstShutdownPing.enabled" = false;
        "toolkit.telemetry.coverage.opt-out" = true;
        "toolkit.coverage.opt-out" = true;
        "toolkit.coverage.endpoint.base" = "";
        "browser.ping-centre.telemetry" = false;
        "browser.newtabpage.activity-stream.feeds.telemetry" = false;
        "browser.newtabpage.activity-stream.telemetry" = false;
        # EXPERIMENTS
        "app.shield.optoutstudies.enabled" = false;
        "app.normandy.enabled" = false;
        "app.normandy.api_url" = "";
        # CRASH REPORTS
        "breakpad.reportURL" = "";
        "browser.tabs.crashReporting.sendReport" = false;
        "browser.crashReports.unsubmittedCheck.autoSubmit2" = false;
        # DETECTION
        "captivedetect.canonicalURL" = "";
        "network.captive-portal-service.enabled" = false;
        "network.connectivity-service.enabled" = false;
        # SECTION: PESKYFOX
        # MOZILLA UI
        "browser.privatebrowsing.vpnpromourl" = "";
        "extensions.getAddons.showPane" = false;
        "extensions.htmlaboutaddons.recommendations.enabled" = false;
        "browser.discovery.enabled" = false;
        "browser.shell.checkDefaultBrowser" = false;
        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false;
        "browser.preferences.moreFromMozilla" = false;
        "browser.tabs.tabmanager.enabled" = false;
        "browser.aboutConfig.showWarning" = false;
        "browser.aboutwelcome.enabled" = false;
        # THEME ADJUSTMENTS
        "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
        "browser.compactmode.show" = true;
        "browser.display.focus_ring_on_anything" = true;
        "browser.display.focus_ring_style" = 0;
        "browser.display.focus_ring_width" = 0;
        "layout.css.prefers-color-scheme.content-override" = 2;
        # COOKIE BANNER HANDLING
        "cookiebanners.service.mode" = 1;
        "cookiebanners.service.mode.privateBrowsing" = 1;
        # FULLSCREEN NOTICE
        "full-screen-api.transition-duration.enter" = "0 0";
        "full-screen-api.transition-duration.leave" = "0 0";
        "full-screen-api.warning.delay" = -1;
        "full-screen-api.warning.timeout" = 0;
        # URL BAR
        "browser.urlbar.suggest.calculator" = true;
        "browser.urlbar.unitConversion.enabled" = true;
        "browser.urlbar.trending.featureGate" = false;
        # NEW TAB PAGE
        "browser.newtabpage.activity-stream.feeds.topsites" = false;
        "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
        # POCKET
        "extensions.pocket.enabled" = false;
        # DOWNLOADS
        "browser.download.always_ask_before_handling_new_types" = true;
        "browser.download.manager.addToRecentDocs" = false;
        # PDF
        "browser.download.open_pdf_attachments_inline" = true;
        # TAB BEHAVIOR
        "browser.bookmarks.openInTabClosesMenu" = false;
        "browser.menu.showViewImageInfo" = true;
        "findbar.highlightAll" = true;
        "layout.word_select.eat_space_to_next_word" = false;
        # SECTION: MY OVERRIDES
        "browser.startup.homepage" = "https://google.com";
        "identity.fxaccounts.enabled" = false;
        # SECTION SMOOTHFOX
        # OPTION: SHARPEN SCROLLING                                                           *
        "apz.overscroll.enabled" = true; # DEFAULT NON-LINUX
        "mousewheel.min_line_scroll_amount" = 10; # 10-40; adjust this number to your liking; default=5
        "general.smoothScroll.mouseWheel.durationMinMS" = 80; # default=50
        "general.smoothScroll.currentVelocityWeighting" = "0.15"; # default=.25
        "general.smoothScroll.stopDecelerationWeighting" = "0.6"; # default=.4
      };
    };
  };
 }
--- a/users/gaming/home/global.nix
+++ b/users/gaming/home/global.nix
@@ -1,20 +0,0 @@
 { config, ... }:
 {
  imports = [
    ./programs.nix
  ];
  programs = {
    home-manager.enable = true;
    git.enable = true;
  };
  home = {
    username = "gaming";
    homeDirectory = "/home/${config.home.username}";
    stateVersion = "24.05";
    sessionVariables = {
      FLAKE = "$HOME/Projects/dotfiles";
    };
  };
 }
--- a/users/gaming/home/programs.nix
+++ b/users/gaming/home/programs.nix
@@ -1,6 +0,0 @@
 { pkgs, ... }:
 {
  home.packages = with pkgs; [
    wget
  ];
 }
--- a/users/gaming/systems/muninn.nix
+++ b/users/gaming/systems/muninn.nix
@@ -1,6 +0,0 @@
 {
  imports = [
    ../home/global.nix
    ../home/firefox.nix
  ];
 }
--- a/users/richie/default.nix
+++ b/users/richie/default.nix
@@ -5,17 +5,8 @@
 }: let
  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
 in {
  sops.secrets.richie_password = {
    sopsFile = ../secrets.yaml;
    neededForUsers = true;
  };
  users.users.richie = {
    isNormalUser = true;
    hashedPasswordFile = "${config.sops.secrets.richie_password.path}";
    shell = pkgs.zsh;
    group = "richie";
    openssh.authorizedKeys.keys = [
@@ -32,7 +23,6 @@ in {
    ++ ifTheyExist [
      "dialout"
      "docker"
      "hass"
      "libvirtd"
      "networkmanager"
      "plugdev"
--- a/users/richie/home/global.nix
+++ b/users/richie/home/global.nix
@@ -1,20 +1,35 @@
 { config, ... }:
 {
  lib,
  pkgs,
  config,
  ...
 }: {
  imports = [
    ./cli
    ./programs.nix
    ./ssh_config.nix
  ];
  nix = {
    package = lib.mkDefault pkgs.nix;
    settings = {
      experimental-features = [
        "nix-command"
        "flakes"
        "ca-derivations"
      ];
    };
  };
  programs = {
    home-manager.enable = true;
    git.enable = true;
  };
  home = {
-    username = "richie";
+    username = lib.mkDefault "richie";
-    homeDirectory = "/home/${config.home.username}";
+    homeDirectory = lib.mkDefault "/home/${config.home.username}";
-    stateVersion = "24.05";
+    stateVersion = lib.mkDefault "24.05";
    sessionVariables = {
      FLAKE = "$HOME/Projects/dotfiles";
    };
--- a/users/richie/home/gui/default.nix
+++ b/users/richie/home/gui/default.nix
@@ -3,7 +3,6 @@
  imports = [
    ./firefox
    ./vscode
    ./kitty.nix
  ];
  home.packages = with pkgs; [
--- a/users/richie/home/gui/firefox/search_engines.nix
+++ b/users/richie/home/gui/firefox/search_engines.nix
@@ -78,7 +78,7 @@
        }
      ];
      icon = ./github.svg;
-      definedAliases = [ "@g" ];
+      definedAliases = [ "@n" ];
    };
  };
 }
--- a/users/richie/home/gui/kitty.nix
+++ b/users/richie/home/gui/kitty.nix
@@ -1,12 +0,0 @@
 {pkgs, ...}: {
  programs.kitty = {
    enable = true;
    font.name = "IntoneMono Nerd Font";
    settings = {
      allow_remote_control = "no";
      shell = "${pkgs.zsh}/bin/zsh";
      wayland_titlebar_color = "background";
    };
    themeFile = "VSCode_Dark";
  };
 }
--- a/users/richie/home/programs.nix
+++ b/users/richie/home/programs.nix
@@ -14,7 +14,6 @@
    jq
    ncdu
    neofetch
    ouch
    p7zip
    poppler
    rar
@@ -36,7 +35,7 @@
    wget
    # python
    poetry
-    python313
+    python312
    ruff
    # Rust packages
    trunk
--- a/users/richie/home/ssh_config.nix
+++ b/users/richie/home/ssh_config.nix
@@ -36,12 +36,6 @@
        identityFile = "~/.ssh/id_ed25519";
        port = 922;
      };
      muninn = {
        hostname = "192.168.98.52";
        user = "richie";
        identityFile = "~/.ssh/id_ed25519";
        port = 295;
      };      
    };
  };
 }
--- a/users/richie/systems/router.nix
+++ b/users/richie/systems/router.nix
@@ -1,5 +0,0 @@
 {
  imports = [
    ../home/global.nix
  ];
 }
--- a/users/secrets.yaml
+++ b/users/secrets.yaml
@@ -1,58 +0,0 @@
 richie_password: ENC[AES256_GCM,data:DMi3M8aqrQ60APIofr8wJMh+VZ14hLRxz6jWZgzswr0pV/QVSX53ShBFr90ruO3mucOLYv0l+bI31covfqMAhXWBJp9wUgtC2Q==,iv:qgtn30hZfIL4dBnQSLkjbo7zPJA4m9TR0f52sTFc0v4=,tag:ydLbcGyXjv0fE+4b5ECX5w==,type:str]
 gaming_password: ENC[AES256_GCM,data:i692UsQaCOjE4V1y9d8yYDlK+TRMIprCHJkhl1UBZRMqe9a2LTUtmbbn/xlCYQd2tADJvn+dkx1jLfV4CqaqWOj5YSUFfpgsEw==,iv:3Y7hXQcmpzNN7hF+BDvO52uFB4o5D0dHvxemJ0ZoSIM=,tag:zzLGNDVAMCs2GPMqXp2BtQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1u8zj599elqqvcmhxn8zuwrufsz8w8w366d3ayrljjejljt2q45kq8mxw9c
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqR1lUREVMR3hyTTFNZ3U0
            NkFkY202RGtMS0taTjRnOEd4OGlsZ1VORUhFCnIxUlV1eS81N0U1NXpOcWYxSUU0
            WER1cFY3a2lWU01tTUQ2Vk5VK2JmSDAKLS0tIHUxL3F5UWZ2aUwxd2JXZG5ybE9w
            d29oZ1poZU5ZTlgxMmlsVWpoMUtFYjAKdRoXdqxfxyOL++pP0izdUuZngMcF24ne
            OJ6kVJexJF9Hu9InwPeDtRboMhMi01gt6L5a47hOX5FUsi+4HbeVLQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1q47vup0tjhulkg7d6xwmdsgrw64h4ax3la3evzqpxyy4adsmk9fs56qz3y
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBWmJZWDZtWFJaTCtmdVNG
            QkNiK1hFdWlnVFp0ZG01V1A3cFdtU2xGN1NBCm1oeXlLT3NYMC9lZDlHSnJGQUc1
            RnppNjc0QnBqSW5XTWUxZExBMHhORDQKLS0tIHpJNDJBU25COGR2dlg5em5YcGZB
            VTBqRjhZWkdmdVdoa0V0VmIzdm5hbTgKEa9hW6jU538meU2Sm//b7OUBqqjAHHL5
            rluVCSMcrcoVtui0mB8vMoKeh6/n/qRLe38a/puvAj0q/PolN9ZEhA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age13lmqgc3jvkyah5e3vcwmj4s5wsc2akctcga0lpc0x8v8du3fxprqp4ldkv
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBVlp4clVEb3Y4d0hzSEtW
            dUMyb3V1aHlMS0Fvc0lGU3doRjE3SVFrNVdFCkpTQ1k2RTBIb2tzQ3UxajlPSWhY
            ZzkwUWlDYWROZXpHMlFVaTM0MFlpMXcKLS0tIFNUN1QyRk41WkhPblZMbVFXNkZi
            N1RkUVc0N0hIaUs3RXpXTWpDZTBOUXcKgOW6IV1mh3q8NT2Ky9EKlywWBaaCn5ML
            bhfmmvt1Fndh2ys3poxODjNDiow34VxwhS+Ou0HsxsJ7zu7VvmPh0w==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1xzxryqq63x65yuza9lmmkud7crjjxpnkdew070yhx6xn7xe4tdws5twxsv
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnOXR6SWh2SlBWdjZVL3F1
            ckd4N3JKNkkzYWtlRWN2QUFob3FJRkxQU1RNClllMDFMRE80ODROZDR3Y2g0Z2xs
            aXJORTI1azEzbnhJMkZiNmNKZDBsOVUKLS0tIHZjV3BXaG9WVzNzVDZHYVdmOFdM
            S3hZMkgvYkl5Ky9uYmpjVHpFUlMwYTgKIHxHRPMgEAgQNXg5lK2QkdBjMcamlxSp
            HEoT/APYI/NN3V2l7mgfiH/fn2FXGdd3Ct5mqwp25GUYIp45zN3pqA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1ufnewppysaq2wwcl4ugngjz8pfzc5a35yg7luq0qmuqvctajcycs5lf6k4
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXSnNxaDVSbUJ2Y1NSc0hV
            TWhzNzNRWTNhV1BBMFhPeVQ5eHkzb3Bkams4Ck1YdDExcU1WdExEQ0M1VXZpUzBV
            L0xSTENrOEZlOU1XUHNUbEtHbURSK1UKLS0tIEJkaE9QOUdzN1VDbWFTSWd6RkY4
            UzQzWEFtSDJwR201cmZoeXh5T0RmSk0KWLOpw5cWbtnfVP/ISa7n1vZchoD+nxmn
            7yr7igpEIro0Sd238KinOQYswVaT0NHB9p1dSW/mN+aGQliSNLzkDQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-01-07T20:13:43Z"
    mac: ENC[AES256_GCM,data:Q5fmv+MRVYGUQ4j+28CcGWHmgT1178N+haVS9xa0c99OKuPZdfSndAG0QVDhh/jYq+7zXs6zzLtBjB+egkoDfxJXfJOmg3E46UMO3vDHaEcIZD16ZbWJaz4Z/+yabqhDURKtgfGiu4xPv3OtGbwcP5kud17WcHNfY/LT+Y+LSD8=,iv:y3K3kCroIh+RTplUe4tM8B9rbLgIHCbE6FJawngam8Q=,tag:2VTIWlLp4cOwm18BfIlz5g==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.2