monthly iso build

adding git and python313 to installeriso
moved installer.py to system_tools
2026-04-21 14:49:10 -04:00 · 2025-02-17 12:07:44 -05:00 · 2025-02-17 11:54:39 -05:00 · 2025-02-15 19:25:08 -05:00 · 2025-02-15 19:25:08 -05:00
67 changed files with 691 additions and 1363 deletions
--- a/.github/workflows/build_systems
+++ b/.github/workflows/build_systems
@@ -0,0 +1,17 @@
+name: build_systems
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches: [main]
+  schedule:
+    - cron: "0 0 1 * *"
+
+jobs:
+  build:
+    name: build-installer-iso
+    runs-on: self-hosted
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build default package
+        run: "nix build .#nixosConfigurations.installer.config.system.build.isoImage"
--- a/.github/workflows/merge_flake_lock_update.yml
+++ b/.github/workflows/merge_flake_lock_update.yml
@@ -1,29 +0,0 @@
-name: merge_flake_lock_update
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 2 * * 6"
-
-jobs:
-  merge:
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: write
-      pull-requests: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: merge_flake_lock_update
-        run: |
-          pr_number=$(gh pr list --state open --author RichieCahill --label flake_lock_update --json number --jq '.[0].number')
-          echo "pr_number=$pr_number" >> $GITHUB_ENV
-          if [ -n "$pr_number" ]; then
-            gh pr merge "$pr_number" --rebase
-          else
-            echo "No open PR found with label flake_lock_update"
-          fi
-        env:
-          GITHUB_TOKEN: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
--- a/.github/workflows/treefmt.yml
+++ b/.github/workflows/treefmt.yml
@@ -1,5 +1,4 @@
 name: treefmt
-
 on:
  workflow_dispatch:
  pull_request:
@@ -12,9 +11,5 @@ jobs:
    runs-on: self-hosted
    steps:
      - uses: actions/checkout@v4
-      - name: get_treefmt_version
-        run: treefmt --version
-      - name: get_nixfmt_version
-        run: nixfmt --version
      - name: runs treefmt
-        run: treefmt --ci $( [ -n "$ACTIONS_RUNNER_DEBUG" ] && echo -vv )
+        run: "treefmt --ci"
--- a/.github/workflows/update-flake-lock.yml
+++ b/.github/workflows/update-flake-lock.yml
@@ -2,7 +2,7 @@ name: update-flake-lock
 on:
  workflow_dispatch:
  schedule:
-    - cron: "0 0 * * 6"
+    - cron: "0 0 * * *"

 jobs:
  lockfile:
@@ -20,4 +20,3 @@ jobs:
          pr-labels: |
            dependencies
            automated
-            flake_lock_update
--- a/.gitignore
+++ b/.gitignore
@@ -165,3 +165,6 @@ test.*

 # syncthing
 .stfolder
+
+# nixos build results
+result
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -51,7 +51,6 @@
    "cryptsetup",
    "cuda",
    "darkreader",
-    "datagrip",
    "datareporting",
    "davidanson",
    "dconf",
@@ -145,7 +144,6 @@
    "maxtime",
    "mechatroner",
    "mediainfo",
-    "mixtral",
    "mklabel",
    "mkpart",
    "modesetting",
@@ -176,9 +174,7 @@
    "OCSP",
    "oderwat",
    "ollama",
-    "ondemand",
    "oneshot",
-    "openwakeword",
    "optimise",
    "optoutstudies",
    "overalljails",
@@ -197,7 +193,6 @@
    "plugdev",
    "poppler",
    "posixacl",
-    "powertop",
    "primarycache",
    "prismlauncher",
    "privatebrowsing",
@@ -268,6 +263,7 @@
    "Tmpfs",
    "topsites",
    "topstories",
+    "torrenting",
    "treefmt",
    "twimg",
    "uaccess",
--- a/common/global/default.nix
+++ b/common/global/default.nix
@@ -52,18 +52,9 @@
    };
  };

-  powerManagement.powertop.enable = lib.mkDefault true;
-
  programs.zsh.enable = true;

-  security = {
-    auditd.enable = lib.mkDefault true;
-    sudo-rs = {
-      enable = true;
-      execWheelOnly = true;
-    };
-    sudo.enable = false;
-  };
+  security.auditd.enable = lib.mkDefault true;

  users.mutableUsers = lib.mkDefault false;

--- a/common/global/locale.nix
+++ b/common/global/locale.nix
@@ -4,7 +4,8 @@
  console.keyMap = lib.mkDefault "us";

  i18n = {
-    defaultLocale = lib.mkDefault "en_US.UTF-8";
+    defaultLocale = lib.mkDefault "en_US.utf8";
+    supportedLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ];
    extraLocaleSettings = lib.mkDefault {
      LC_ADDRESS = "en_US.UTF-8";
      LC_IDENTIFICATION = "en_US.UTF-8";
--- a/common/global/nix.nix
+++ b/common/global/nix.nix
@@ -15,14 +15,17 @@ in
      ];
      trusted-substituters = [
        "https://cache.nixos.org"
+        "https://cache.tmmworkshop.com"
        "https://nix-community.cachix.org"
      ];
      substituters = [
        "https://cache.nixos.org/?priority=2&want-mass-query=true"
+        "https://cache.tmmworkshop.com/?priority=2&want-mass-query=true"
        "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
      ];
      trusted-public-keys = [
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "cache.tmmworkshop.com:jHffkpgbmEdstQPoihJPYW9TQe6jnQbWR2LqkNGV3iA="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      auto-optimise-store = lib.mkDefault true;
--- a/common/optional/desktop.nix
+++ b/common/optional/desktop.nix
@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
  boot = {
-    kernelPackages = pkgs.linuxPackages_6_15;
+    kernelPackages = pkgs.linuxPackages_6_12;
    zfs.package = pkgs.zfs_2_3;
  };

--- a/common/optional/nvidia.nix
+++ b/common/optional/nvidia.nix
@@ -1,7 +1,5 @@
 { config, ... }:
 {
-  nixpkgs.config.cudaSupport = true;
-
  services.xserver.videoDrivers = [ "nvidia" ];
  hardware = {
    nvidia = {
--- a/common/optional/syncthing_base.nix
+++ b/common/optional/syncthing_base.nix
@@ -1,14 +1,13 @@
-{ lib, ... }:
 {
  services.syncthing = {
    enable = true;
    user = "richie";
    overrideDevices = true;
-    overrideFolders = lib.mkDefault true;
+    overrideFolders = true;
    dataDir = "/home/richie/Syncthing";
    configDir = "/home/richie/.config/syncthing";
    settings.devices = {
-      phone.id = "TBRULKD-7DZPGGZ-F6LLB7J-MSO54AY-7KLPBIN-QOFK6PX-W2HBEWI-PHM2CQI"; # cspell:disable-line
+      phone.id = "LTGPLAE-M4ZDJTM-TZ3DJGY-SLLAVWF-CQDVEVS-RGCS75T-GAPZYK3-KUM6LA5"; # cspell:disable-line
      jeeves.id = "ICRHXZW-ECYJCUZ-I4CZ64R-3XRK7CG-LL2HAAK-FGOHD22-BQA4AI6-5OAL6AG"; # cspell:disable-line
      ipad.id = "KI76T3X-SFUGV2L-VSNYTKR-TSIUV5L-SHWD3HE-GQRGRCN-GY4UFMD-CW6Z6AX"; # cspell:disable-line
      bob.id = "CJIAPEJ-VO74RR4-F75VU6M-QNZAMYG-FYUJG7Y-6AT62HJ-355PRPL-PJFETAZ"; # cspell:disable-line
--- a/common/optional/tmmworkshop_cache.nix
+++ b/common/optional/tmmworkshop_cache.nix
@@ -1,7 +0,0 @@
-{
-  nix.settings = {
-    trusted-substituters = [ "http://cache.tmmworkshop.com" ];
-    substituters = [ "http://cache.tmmworkshop.com/?priority=1&want-mass-query=true" ];
-    trusted-public-keys = [ "cache.tmmworkshop.com:jHffkpgbmEdstQPoihJPYW9TQe6jnQbWR2LqkNGV3iA=" ];
-  };
-}
--- a/common/optional/update.nix
+++ b/common/optional/update.nix
@@ -5,7 +5,5 @@
    randomizedDelaySec = "1h";
    persistent = true;
    flake = "github:RichieCahill/dotfiles";
-    allowReboot = true;
-    dates = "Sat *-*-* 06:00:00";
  };
 }
--- a/flake.lock
+++ b/flake.lock
@@ -2,17 +2,18 @@
  "nodes": {
    "firefox-addons": {
      "inputs": {
+        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1753416229,
-        "narHash": "sha256-45s1L4h/6t3M+/ppqow1OFUgfk9jZHsR4jxNgxIWWmM=",
+        "lastModified": 1739396257,
+        "narHash": "sha256-E+xGh25fyBLNo2FYxP4uHkTh4yh1C0AIyYpcVdW3CL0=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "553afee4efb5a7dea03cf654deafacd8fa1004f9",
+        "rev": "f61927ae7c2b28ee9d426114a06f185f4dea4301",
        "type": "gitlab"
      },
      "original": {
@@ -22,6 +23,39 @@
        "type": "gitlab"
      }
    },
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1629284811,
+        "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@@ -29,11 +63,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1753470191,
-        "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=",
+        "lastModified": 1739381933,
+        "narHash": "sha256-4gvobxITgcrNGfwsVG5a46QzQCX89btIYw23p0ilbcc=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6",
+        "rev": "15b59d4191b993ebdfcb1f61b834fced217882ba",
        "type": "github"
      },
      "original": {
@@ -42,13 +76,35 @@
        "type": "github"
      }
    },
+    "nix-github-actions": {
+      "inputs": {
+        "nixpkgs": [
+          "system_tools",
+          "poetry2nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1729742964,
+        "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "type": "github"
+      }
+    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1753122741,
-        "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=",
+        "lastModified": 1738816619,
+        "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=",
        "owner": "nixos",
        "repo": "nixos-hardware",
-        "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22",
+        "rev": "2eccff41bab80839b1d25b303b53d339fbb07087",
        "type": "github"
      },
      "original": {
@@ -60,11 +116,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1753250450,
-        "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=",
+        "lastModified": 1739214665,
+        "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf",
+        "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a",
        "type": "github"
      },
      "original": {
@@ -76,11 +132,11 @@
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1753489269,
-        "narHash": "sha256-Iy/9c6DaxCY9ECCLgpoo+uwY1K5YTmJLU7fSg7JeALk=",
+        "lastModified": 1739399097,
+        "narHash": "sha256-5U1YLh8bENPGtC6j6493qs3lK0PrzZw4omMvJUFOhEI=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "ce6b0611ca70423d97fab2a3f53f61f1fa4ff0a4",
+        "rev": "154a2c1abcea99a98f8b9344dfaba019a28162bd",
        "type": "github"
      },
      "original": {
@@ -106,53 +162,31 @@
        "type": "github"
      }
    },
-    "pyproject-build-systems": {
+    "poetry2nix": {
      "inputs": {
+        "flake-utils": [
+          "system_tools",
+          "flake-utils"
+        ],
+        "nix-github-actions": "nix-github-actions",
        "nixpkgs": [
          "system_tools",
          "nixpkgs"
        ],
-        "pyproject-nix": [
-          "system_tools",
-          "pyproject-nix"
-        ],
-        "uv2nix": [
-          "system_tools",
-          "uv2nix"
-        ]
+        "systems": "systems_2",
+        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1744599653,
-        "narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=",
-        "owner": "pyproject-nix",
-        "repo": "build-system-pkgs",
-        "rev": "7dba6dbc73120e15b558754c26024f6c93015dd7",
+        "lastModified": 1736884309,
+        "narHash": "sha256-eiCqmKl0BIRiYk5/ZhZozwn4/7Km9CWTbc15Cv+VX5k=",
+        "owner": "nix-community",
+        "repo": "poetry2nix",
+        "rev": "75d0515332b7ca269f6d7abfd2c44c47a7cbca7b",
        "type": "github"
      },
      "original": {
-        "owner": "pyproject-nix",
-        "repo": "build-system-pkgs",
-        "type": "github"
-      }
-    },
-    "pyproject-nix": {
-      "inputs": {
-        "nixpkgs": [
-          "system_tools",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1746540146,
-        "narHash": "sha256-QxdHGNpbicIrw5t6U3x+ZxeY/7IEJ6lYbvsjXmcxFIM=",
-        "owner": "pyproject-nix",
-        "repo": "pyproject.nix",
-        "rev": "e09c10c24ebb955125fda449939bfba664c467fd",
-        "type": "github"
-      },
-      "original": {
-        "owner": "pyproject-nix",
-        "repo": "pyproject.nix",
+        "owner": "nix-community",
+        "repo": "poetry2nix",
        "type": "github"
      }
    },
@@ -166,7 +200,7 @@
        "nixpkgs-stable": "nixpkgs-stable",
        "sops-nix": "sops-nix",
        "system_tools": "system_tools",
-        "systems": "systems"
+        "systems": "systems_3"
      }
    },
    "sops-nix": {
@@ -176,11 +210,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752544651,
-        "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=",
+        "lastModified": 1739262228,
+        "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "2c8def626f54708a9c38a5861866660395bb3461",
+        "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
        "type": "github"
      },
      "original": {
@@ -191,19 +225,18 @@
    },
    "system_tools": {
      "inputs": {
+        "flake-utils": "flake-utils_2",
        "nixpkgs": [
          "nixpkgs"
        ],
-        "pyproject-build-systems": "pyproject-build-systems",
-        "pyproject-nix": "pyproject-nix",
-        "uv2nix": "uv2nix"
+        "poetry2nix": "poetry2nix"
      },
      "locked": {
-        "lastModified": 1747501237,
-        "narHash": "sha256-woyaUwmZurfNTXBEFM6M7ueSd/Udixs+4DUInhL835c=",
+        "lastModified": 1739664204,
+        "narHash": "sha256-uzT5hQstNHJvdPPqdSiznxPXL3qCaKQ+DmMnx6IpIYk=",
        "owner": "RichieCahill",
        "repo": "system_tools",
-        "rev": "68ab5d1c17ac3fe2487f73dbbb4848bd2291139e",
+        "rev": "b36dd59fedeba140175590bfcab2ba22049dfc93",
        "type": "github"
      },
      "original": {
@@ -213,6 +246,36 @@
      }
    },
    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_3": {
      "locked": {
        "lastModified": 1689347949,
        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -227,28 +290,25 @@
        "type": "github"
      }
    },
-    "uv2nix": {
+    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
          "system_tools",
+          "poetry2nix",
          "nixpkgs"
-        ],
-        "pyproject-nix": [
-          "system_tools",
-          "pyproject-nix"
        ]
      },
      "locked": {
-        "lastModified": 1747441483,
-        "narHash": "sha256-W8BFXk5R0TuJcjIhcGoMpSOaIufGXpizK0pm+uTqynA=",
-        "owner": "pyproject-nix",
-        "repo": "uv2nix",
-        "rev": "582024dc64663e9f88d467c2f7f7b20d278349de",
+        "lastModified": 1730120726,
+        "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15",
        "type": "github"
      },
      "original": {
-        "owner": "pyproject-nix",
-        "repo": "uv2nix",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
        "type": "github"
      }
    }
--- a/flake.nix
+++ b/flake.nix
@@ -4,10 +4,12 @@
  nixConfig = {
    extra-substituters = [
      "https://cache.nixos.org/?priority=2&want-mass-query=true"
+      "https://cache.tmmworkshop.com/?priority=2&want-mass-query=true"
      "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
    ];
    extra-trusted-public-keys = [
      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" # cspell:disable-line
+      "cache.tmmworkshop.com:jHffkpgbmEdstQPoihJPYW9TQe6jnQbWR2LqkNGV3iA=" # cspell:disable-line
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" # cspell:disable-line
      "cache-nix-dot:Od9KN34LXc6Lu7y1ozzV1kIXZa8coClozgth/SYE7dU=" # cspell:disable-line
    ];
@@ -89,6 +91,12 @@
          ];
          specialArgs = { inherit inputs outputs; };
        };
+        installer = lib.nixosSystem {
+          modules = [
+            ./systems/installer
+          ];
+          specialArgs = { inherit inputs outputs; };
+        };
      };
    };
 }
--- a/systems/bob/default.nix
+++ b/systems/bob/default.nix
@@ -37,8 +37,6 @@
    };

    openssh.ports = [ 262 ];
-
-    snapshot_manager.path = ./snapshot_config.toml;
  };

  system.stateVersion = "24.05";
--- a/systems/bob/hardware.nix
+++ b/systems/bob/hardware.nix
@@ -28,7 +28,6 @@
        allowDiscards = true;
        keyFileSize = 4096;
        keyFile = "/dev/disk/by-id/usb-Samsung_Flash_Drive_FIT_0374620080067131-0:0";
-        fallbackToPassword = true;
      };
    };
    kernelModules = [ "kvm-amd" ];
@@ -51,11 +50,6 @@
      fsType = "zfs";
    };

-    "/zfs/models" = {
-      device = "root_pool/models";
-      fsType = "zfs";
-    };
-
    "/boot" = {
      device = "/dev/disk/by-uuid/609D-FF29";
      fsType = "vfat";
--- a/systems/bob/llms.nix
+++ b/systems/bob/llms.nix
@@ -1,28 +1,24 @@
 {
  services = {
    ollama = {
-      user = "ollama";
      enable = true;
      loadModels = [
        "codellama:7b"
+        "deepseek-r1:1.5b"
+        "deepseek-r1:7b"
        "deepseek-r1:8b"
        "deepseek-r1:14b"
        "deepseek-r1:32b"
        "llama3.2:3b"
-        "llama2-uncensored:7b"
        "mistral-nemo:12b"
-        "dolphin-mixtral:8x7b"
-        "qwq:32b"
-        "Qihoo360-Light-R1-32B"
      ];
-      models = "/zfs/models";
      acceleration = "cuda";
      openFirewall = true;
    };
-    # open-webui = {
-    #   enable = true;
-    #   openFirewall = true;
-    #   host = "0.0.0.0";
-    # };
+    open-webui = {
+      enable = true;
+      openFirewall = true;
+      host = "192.168.90.25";
+    };
  };
 }
--- a/systems/bob/snapshot_config.toml
+++ b/systems/bob/snapshot_config.toml
@@ -1,29 +0,0 @@
-["default"]
-15_min = 8
-hourly = 24
-daily = 0
-monthly = 0
-
-["root_pool/home"]
-15_min = 8
-hourly = 12
-daily = 1
-monthly = 0
-
-["root_pool/root"]
-15_min = 8
-hourly = 24
-daily = 0
-monthly = 0
-
-["root_pool/nix"]
-15_min = 4
-hourly = 0
-daily = 0
-monthly = 0
-
-["root_pool/models"]
-15_min = 4
-hourly = 24
-daily = 0
-monthly = 0
--- a/systems/installer/default.nix
+++ b/systems/installer/default.nix
@@ -0,0 +1,24 @@
+{
+  inputs,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+{
+  imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ];
+
+  environment.systemPackages = with pkgs; [
+    git
+    python313
+    inputs.system_tools.packages.x86_64-linux.default
+  ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+  systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYZFsc9CSH03ZUP7y81AHwSyjLwFmcshVFCyxDcYhBT rhapsody-in-green" # cspell:disable-line
+  ];
+}
--- a/systems/jeeves/default.nix
+++ b/systems/jeeves/default.nix
@@ -5,18 +5,22 @@
    ../../common/optional/docker.nix
    ../../common/optional/ssh_decrypt.nix
    ../../common/optional/syncthing_base.nix
-    ../../common/optional/update.nix
    ../../common/optional/zerotier.nix
    ./docker
    ./services
    ./hardware.nix
    ./networking.nix
-    ./nvidia.nix
    ./programs.nix
    ./runners
    ./syncthing.nix
  ];

+  boot.zfs.extraPools = [
+    "media"
+    "storage"
+    "torrenting"
+  ];
+
  services = {
    openssh.ports = [ 629 ];

--- a/systems/jeeves/docker/great_cloud_of_witnesses.nix
+++ b/systems/jeeves/docker/great_cloud_of_witnesses.nix
@@ -1,61 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-
-let
-  vars = import ../vars.nix;
-in
-{
-
-  # environment.systemPackages = with pkgs; [ php.withExtensions ({ all, ... }: [ all.pdo_pgsql ]) ];
-
-  services.httpd = {
-    enable = true;
-    adminAddr = "webmaster@localhost";
-
-    enablePHP = true;
-    phpPackage = pkgs.php.withExtensions (
-      { enabled, all }:
-      enabled
-      ++ [
-        all.pdo
-        all.pdo_pgsql
-      ]
-    );
-    extraModules = [ "rewrite" ];
-    virtualHosts.great_cloud_of_witnesses = {
-      hostName = "localhost";
-      listen = [
-        {
-          ip = "*";
-          port = 8092;
-        }
-
-      ];
-      documentRoot = "${vars.services}/great_cloud_of_witnesses";
-      extraConfig = ''
-        <Directory "${vars.services}/great_cloud_of_witnesses">
-          AllowOverride All
-          Require all granted
-        </Directory>
-      '';
-    };
-  };
-
-  sops.secrets.gcw_password = {
-    sopsFile = ../../../users/secrets.yaml;
-    neededForUsers = true;
-  };
-
-  users = {
-    users.gcw = {
-      isSystemUser = true;
-      hashedPasswordFile = config.sops.secrets.gcw_password.path;
-      group = "gcw";
-    };
-    groups.gcw = { };
-  };
-}
--- a/systems/jeeves/docker/qbit.nix
+++ b/systems/jeeves/docker/qbit.nix
@@ -0,0 +1,36 @@
+let
+  vars = import ../vars.nix;
+in
+{
+  networking.firewall = {
+    allowedTCPPorts = [
+      6881
+      8082
+      29432
+    ];
+    allowedUDPPorts = [
+      6881
+      29432
+    ];
+  };
+  virtualisation.oci-containers.containers.qbit = {
+    image = "ghcr.io/linuxserver/qbittorrent:5.0.2";
+    ports = [
+      "6881:6881"
+      "6881:6881/udp"
+      "8082:8082"
+      "29432:29432"
+    ];
+    volumes = [
+      "${vars.media_docker_configs}/qbit:/config"
+      "${vars.torrenting_qbit}:/data"
+    ];
+    environment = {
+      PUID = "600";
+      PGID = "100";
+      TZ = "America/New_York";
+      WEBUI_PORT = "8082";
+    };
+    autoStart = true;
+  };
+}
--- a/systems/jeeves/docker/qbitvpn.nix
+++ b/systems/jeeves/docker/qbitvpn.nix
@@ -21,9 +21,8 @@ in
      "8118:8118"
    ];
    volumes = [
-      "${vars.docker_configs}/qbitvpn:/config"
-      "${vars.qbitvpn}:/data"
-      "${vars.qbitvpn_scratch}:/data/incomplete"
+      "${vars.media_docker_configs}/qbitvpn:/config"
+      "${vars.torrenting_qbitvpn}:/data"
      "/etc/localtime:/etc/localtime:ro"
    ];
    environment = {
@@ -41,7 +40,7 @@ in
      DELUGE_DAEMON_LOG_LEVEL = "debug";
      DELUGE_WEB_LOG_LEVEL = "debug";
    };
-    environmentFiles = [ "${vars.secrets}/docker/qbitvpn" ];
+    environmentFiles = [ "${vars.storage_secrets}/docker/qbitvpn" ];
    autoStart = true;
  };
 }
--- a/systems/jeeves/docker/share.nix
+++ b/systems/jeeves/docker/share.nix
@@ -7,7 +7,7 @@ in
    ports = [ "8091:80" ];
    volumes = [
      "${../../../common/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/"
-      "${vars.share}:/data"
+      "${vars.media_share}:/data"
    ];
    extraOptions = [ "--network=web" ];
    autoStart = true;
--- a/systems/jeeves/docker/uptime_kuma.nix
+++ b/systems/jeeves/docker/uptime_kuma.nix
@@ -0,0 +1,17 @@
+let
+  vars = import ../vars.nix;
+in
+{
+  virtualisation.oci-containers.containers = {
+    uptime_kuma = {
+      ports = [ "3001:3001" ];
+      image = "louislam/uptime-kuma:1.23.16-debian";
+      volumes = [
+        "${vars.media_docker_configs}/uptime_kuma:/app/data"
+        "/var/run/docker.sock:/var/run/docker.sock"
+      ];
+      extraOptions = [ "--network=web" ];
+      autoStart = true;
+    };
+  };
+}
--- a/systems/jeeves/hardware.nix
+++ b/systems/jeeves/hardware.nix
@@ -4,21 +4,6 @@
  modulesPath,
  ...
 }:
-let
-  makeLuksDevice = device: {
-    inherit device;
-    keyFileSize = 4096;
-    keyFile = "/dev/disk/by-id/usb-XIAO_USB_Drive_24587CE29074-0:0";
-    fallbackToPassword = true;
-  };
-  makeLuksSSD =
-    device:
-    (makeLuksDevice device)
-    // {
-      bypassWorkqueues = true;
-      allowDiscards = true;
-    };
-in
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

@@ -56,51 +41,87 @@ in
      luks.devices = {
        # cspell:disable
        # Root pool
-        "luks-root-pool-wwn-0x55cd2e4150f01519-part2" =
-          makeLuksSSD "/dev/disk/by-id/wwn-0x55cd2e4150f01519-part2";
-        "luks-root-pool-wwn-0x55cd2e4150f01556-part2" =
-          makeLuksSSD "/dev/disk/by-id/wwn-0x55cd2e4150f01556-part2";
-
+        "luks-root-pool-wwn-0x55cd2e4150f01519-part2" = {
+          device = "/dev/disk/by-id/wwn-0x55cd2e4150f01519-part2";
+          bypassWorkqueues = true;
+          allowDiscards = true;
+        };
+        "luks-root-pool-wwn-0x55cd2e4150f01556-part2" = {
+          device = "/dev/disk/by-id/wwn-0x55cd2e4150f01556-part2";
+          bypassWorkqueues = true;
+          allowDiscards = true;
+        };
        # Media pool
-        "luks-media_pool-nvme-INTEL_SSDPEK1A118GA_BTOC14120V2J118B-part1" =
-          makeLuksSSD "/dev/disk/by-id/nvme-INTEL_SSDPEK1A118GA_BTOC14120V2J118B-part1";
-        "luks-media_pool-nvme-INTEL_SSDPEK1A118GA_BTOC14120WAG118B-part1" =
-          makeLuksSSD "/dev/disk/by-id/nvme-INTEL_SSDPEK1A118GA_BTOC14120WAG118B-part1";
-        "luks-media_pool-nvme-INTEL_SSDPE2ME012T4_CVMD5130000G1P2HGN-part1" =
-          makeLuksSSD "/dev/disk/by-id/nvme-INTEL_SSDPE2ME012T4_CVMD5130000G1P2HGN-part1";
-        "luks-media_pool-nvme-INTEL_SSDPE2ME012T4_CVMD5130000U1P2HGN-part1" =
-          makeLuksSSD "/dev/disk/by-id/nvme-INTEL_SSDPE2ME012T4_CVMD5130000U1P2HGN-part1";
-
-        # Scratch pool
-        "luks-scratch-pool-ata-CT480BX500SSD1_2314E6C3C01C-part1" =
-          makeLuksSSD "/dev/disk/by-id/ata-CT480BX500SSD1_2314E6C3C01C-part1";
-        "luks-scratch-pool-ata-CT480BX500SSD1_2314E6C3C01E-part1" =
-          makeLuksSSD "/dev/disk/by-id/ata-CT480BX500SSD1_2314E6C3C01E-part1";
-
+        "luks-media_pool-nvme-INTEL_SSDPEK1A118GA_BTOC14120V2J118B-part1" = {
+          device = "/dev/disk/by-id/nvme-INTEL_SSDPEK1A118GA_BTOC14120V2J118B-part1";
+          bypassWorkqueues = true;
+          allowDiscards = true;
+        };
+        "luks-media_pool-nvme-INTEL_SSDPEK1A118GA_BTOC14120WAG118B-part1" = {
+          device = "/dev/disk/by-id/nvme-INTEL_SSDPEK1A118GA_BTOC14120WAG118B-part1";
+          bypassWorkqueues = true;
+          allowDiscards = true;
+        };
+        "luks-media_pool-nvme-INTEL_SSDPE2ME012T4_CVMD5130000G1P2HGN-part1" = {
+          device = "/dev/disk/by-id/nvme-INTEL_SSDPE2ME012T4_CVMD5130000G1P2HGN-part1";
+          bypassWorkqueues = true;
+          allowDiscards = true;
+        };
+        "luks-media_pool-nvme-INTEL_SSDPE2ME012T4_CVMD5130000U1P2HGN-part1" = {
+          device = "/dev/disk/by-id/nvme-INTEL_SSDPE2ME012T4_CVMD5130000U1P2HGN-part1";
+          bypassWorkqueues = true;
+          allowDiscards = true;
+        };
        # Storage pool
-        "luks-storage_pool-nvme-Samsung_SSD_970_EVO_Plus_2TB_S6S2NS0T834822N-part1" =
-          makeLuksSSD "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_2TB_S6S2NS0T834822N-part1";
-        "luks-storage_pool-nvme-Samsung_SSD_970_EVO_Plus_2TB_S6S2NS0T834817F-part1" =
-          makeLuksSSD "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_2TB_S6S2NS0T834817F-part1";
-        "luks-storage_pool-nvme-INTEL_MEMPEK1W016GA_PHBT828104DF016D-part1" =
-          makeLuksSSD "/dev/disk/by-id/nvme-INTEL_MEMPEK1W016GA_PHBT828104DF016D-part1";
-        "luks-storage_pool-nvme-INTEL_MEMPEK1W016GA_PHBT828105A8016D-part1" =
-          makeLuksSSD "/dev/disk/by-id/nvme-INTEL_MEMPEK1W016GA_PHBT828105A8016D-part1";
-        "luks-storage_pool-wwn-0x5000cca23bc438dd-part1" =
-          makeLuksDevice "/dev/disk/by-id/wwn-0x5000cca23bc438dd-part1";
-        "luks-storage_pool-wwn-0x5000cca23bd035f5-part1" =
-          makeLuksDevice "/dev/disk/by-id/wwn-0x5000cca23bd035f5-part1";
-        "luks-storage_pool-wwn-0x5000cca23bd00ad6-part1" =
-          makeLuksDevice "/dev/disk/by-id/wwn-0x5000cca23bd00ad6-part1";
+        "luks-storage_pool-nvme-Samsung_SSD_970_EVO_Plus_2TB_S6S2NS0T834822N-part1" = {
+          device = "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_2TB_S6S2NS0T834822N-part1";
+          bypassWorkqueues = true;
+          allowDiscards = true;
+        };
+        "luks-storage_pool-nvme-Samsung_SSD_970_EVO_Plus_2TB_S6S2NS0T834817F-part1" = {
+          device = "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_2TB_S6S2NS0T834817F-part1";
+          bypassWorkqueues = true;
+          allowDiscards = true;
+        };
+        "luks-storage_pool-nvme-INTEL_MEMPEK1W016GA_PHBT828104DF016D-part1" = {
+          device = "/dev/disk/by-id/nvme-INTEL_MEMPEK1W016GA_PHBT828104DF016D-part1";
+          bypassWorkqueues = true;
+          allowDiscards = true;
+        };
+        "luks-storage_pool-nvme-INTEL_MEMPEK1W016GA_PHBT828105A8016D-part1" = {
+          device = "/dev/disk/by-id/nvme-INTEL_MEMPEK1W016GA_PHBT828105A8016D-part1";
+          bypassWorkqueues = true;
+          allowDiscards = true;
+        };
+        "luks-storage_pool-wwn-0x5000cca23bc438dd-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bc438dd-part1";
+        "luks-storage_pool-wwn-0x5000cca23bd035f5-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bd035f5-part1";
+        "luks-storage_pool-wwn-0x5000cca23bd00ad6-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bd00ad6-part1";
+        "luks-storage_pool-wwn-0x5000cca23bcf313e-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bcf313e-part1";
+        "luks-storage_pool-wwn-0x5000cca23bcdf3b8-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bcdf3b8-part1";
+        "luks-storage_pool-wwn-0x5000cca23bd02746-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bd02746-part1";
+        "luks-storage_pool-wwn-0x5000cca23bcf9f89-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bcf9f89-part1";
+        "luks-storage_pool-wwn-0x5000cca23bd00ae9-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bd00ae9-part1";
+        # Torrenting pool
+        "luks-torrenting_pool-wwn-0x500a0751e6c3c01e-part1" = {
+          device = "/dev/disk/by-id/wwn-0x500a0751e6c3c01e-part1";
+          bypassWorkqueues = true;
+          allowDiscards = true;
+        };
+        "luks-torrenting_pool-wwn-0x5000cca264f080a3-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca264f080a3-part1";
+        "luks-torrenting_pool-wwn-0x5000cca298c33ae5-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca298c33ae5-part1";
+        # cspell:enable
      };
    };
-
-    zfs.extraPools = [
-      "media"
-      "scratch"
-      "storage"
-    ];
-
    kernelModules = [ "kvm-amd" ];
    extraModulePackages = [ ];
  };
--- a/systems/jeeves/networking.nix
+++ b/systems/jeeves/networking.nix
@@ -11,8 +11,8 @@
    networks = {
      "10-1GB_Primary" = {
        matchConfig.Name = "enp98s0f0";
-        address = [ "192.168.99.14/24" ];
-        routes = [ { Gateway = "192.168.99.1"; } ];
+        address = [ "192.168.95.14/24" ];
+        routes = [ { Gateway = "192.168.95.1"; } ];
        linkConfig.RequiredForOnline = "routable";
      };
      "10-1GB_Secondary" = {
--- a/systems/jeeves/nvidia.nix
+++ b/systems/jeeves/nvidia.nix
@@ -1,16 +0,0 @@
-{ config, ... }:
-{
-  nixpkgs.config.cudaSupport = true;
-
-  services.xserver.videoDrivers = [ "nvidia" ];
-  hardware = {
-    nvidia = {
-      modesetting.enable = true;
-      powerManagement.enable = true;
-      package = config.boot.kernelPackages.nvidiaPackages.beta;
-      nvidiaSettings = true;
-      open = false;
-    };
-    nvidia-container-toolkit.enable = true;
-  };
-}
--- a/systems/jeeves/runners/nix_builder.nix
+++ b/systems/jeeves/runners/nix_builder.nix
@@ -28,8 +28,8 @@ in
          mountPoint = "/zfs/media/github-runners/${name}";
          isReadOnly = false;
        };
-        "/secrets".mountPoint = "${vars.secrets}/services/github-runners/${name}";
-        "ssh-keys".mountPoint = "${vars.secrets}/services/github-runners/id_ed25519_github-runners";
+        "/secrets".mountPoint = "${vars.storage_secrets}/services/github-runners/${name}";
+        "ssh-keys".mountPoint = "${vars.storage_secrets}/services/github-runners/id_ed25519_github-runners";
      };
      config =
        {
@@ -64,8 +64,8 @@ in
            Host jeeves
              Port 629
              User github-runners
-              HostName 192.168.99.14
-              IdentityFile ${vars.secrets}/services/github-runners/id_ed25519_github-runners
+              HostName 192.168.95.14
+              IdentityFile ${vars.storage_secrets}/services/github-runners/id_ed25519_github-runners
              StrictHostKeyChecking no
              UserKnownHostsFile /dev/null
          '';
@@ -75,7 +75,7 @@ in
            workDir = "/zfs/media/github-runners/${name}";
            url = "https://github.com/RichieCahill/dotfiles";
            extraLabels = [ "nixos" ];
-            tokenFile = "${vars.secrets}/services/github-runners/${name}";
+            tokenFile = "${vars.storage_secrets}/services/github-runners/${name}";
            user = "github-runners";
            group = "github-runners";
            extraPackages = with pkgs; [
--- a/systems/jeeves/scripts/zfs.sh
+++ b/systems/jeeves/scripts/zfs.sh
@@ -11,11 +11,13 @@ sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=aut
 sudo zpool add storage -o ashift=12 special mirror
 sudo zpool add storage -o ashift=12 logs mirror

-# scratch
-sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O compression=zstd -m /zfs/scratch scratch
+# torrenting
+sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O compression=zstd -m /zfs/torrenting torrenting
+sudo zpool add torrenting -o ashift=12 special

 # media datasets
 sudo zfs create -o compression=zstd-9 media/docker
+sudo zfs create -o recordsize=1M -o compression=zstd-19 media/library
 sudo zfs create -o compression=zstd-9 -o sync=disabled media/github-runners
 sudo zfs create -o copies=3 media/notes
 sudo zfs create -o compression=zstd-9 media/plex
@@ -24,10 +26,6 @@ sudo zfs create -o compression=zstd-19 media/home_assistant
 sudo zfs create -o exec=off media/share
 sudo zfs create -o recordsize=16k -o primarycache=metadata -o mountpoint=/zfs/media/database/postgres media/postgres

-# scratch datasets
-sudo zfs create -o recordsize=16k -o sync=disabled scratch/qbitvpn
-sudo zfs create -o recordsize=16k -o sync=disabled scratch/transmission
-
 # storage datasets
 sudo zfs create -o recordsize=1M -o compression=zstd-19 storage/archive
 sudo zfs create -o compression=zstd-19 storage/main
@@ -35,6 +33,7 @@ sudo zfs create -o recordsize=16K -o compression=zstd-19 -o copies=2 storage/pho
 sudo zfs create -o recordsize=1M -o compression=zstd-19 storage/plex
 sudo zfs create -o compression=zstd-19 -o copies=3 storage/secrets
 sudo zfs create -o compression=zstd-19 storage/syncthing
-sudo zfs create -o recordsize=1M -o compression=zstd-9 -o exec=off -o sync=disabled storage/qbitvpn
-sudo zfs create -o recordsize=1M -o compression=zstd-9 -o exec=off -o sync=disabled storage/transmission
-sudo zfs create -o recordsize=1M -o compression=zstd-19 storage/library
+
+# torrenting datasets
+sudo zfs create -o recordsize=16K -o exec=off -o sync=disabled torrenting/qbit
+sudo zfs create -o recordsize=16K -o exec=off -o sync=disabled torrenting/qbitvpn
--- a/systems/jeeves/services/audiobookshelf.nix
+++ b/systems/jeeves/services/audiobookshelf.nix
@@ -5,6 +5,6 @@ in
 {
  services.audiobookshelf.enable = true;
  systemd.services.audiobookshelf.serviceConfig.WorkingDirectory =
-    lib.mkForce "${vars.docker_configs}/audiobookshelf";
-  users.users.audiobookshelf.home = lib.mkForce "${vars.docker_configs}/audiobookshelf";
+    lib.mkForce "${vars.media_docker_configs}/audiobookshelf";
+  users.users.audiobookshelf.home = lib.mkForce "${vars.media_docker_configs}/audiobookshelf";
 }
--- a/systems/jeeves/services/cloud_flare_tunnel.nix
+++ b/systems/jeeves/services/cloud_flare_tunnel.nix
@@ -9,7 +9,7 @@ in
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      Type = "simple";
-      EnvironmentFile = "${vars.secrets}/docker/cloud_flare_tunnel";
+      EnvironmentFile = "${vars.storage_secrets}/docker/cloud_flare_tunnel";
      ExecStart = "${pkgs.cloudflared}/bin/cloudflared --no-autoupdate tunnel run";
      Restart = "on-failure";
    };
--- a/systems/jeeves/services/duckdns.nix
+++ b/systems/jeeves/services/duckdns.nix
@@ -0,0 +1,10 @@
+let
+  vars = import ../vars.nix;
+in
+{
+  services.duckdns = {
+    enable = true;
+    tokenFile = "${vars.storage_secrets}/services/duckdns/token";
+    domainsFile = "${vars.storage_secrets}/services/duckdns/domains";
+  };
+}
--- a/systems/jeeves/services/filebrowser.nix
+++ b/systems/jeeves/services/filebrowser.nix
@@ -14,7 +14,7 @@ in
      Type = "simple";
      User = "richie";
      Group = "users";
-      ExecStart = "${pkgs.filebrowser}/bin/filebrowser --root=/zfs --address=0.0.0.0 --database=${vars.docker_configs}/filebrowser/filebrowser.db";
+      ExecStart = "${pkgs.filebrowser}/bin/filebrowser --root=/zfs --address=0.0.0.0 --database=${vars.media_docker_configs}/filebrowser/filebrowser.db";
      Restart = "on-failure";
    };
  };
--- a/systems/jeeves/services/haproxy.cfg
+++ b/systems/jeeves/services/haproxy.cfg
@@ -31,7 +31,7 @@ frontend ContentSwitching
  acl host_homeassistant  hdr(host) -i homeassistant.tmmworkshop.com
  acl host_jellyfin  hdr(host) -i jellyfin.tmmworkshop.com
  acl host_share  hdr(host) -i share.tmmworkshop.com
-  acl host_gcw  hdr(host) -i gcw.tmmworkshop.com
+  acl host_uptime_kuma  hdr(host) -i uptimekuma-jeeves.tmmworkshop.com

  use_backend audiobookshelf_nodes if host_audiobookshelf
  use_backend cache_nodes  if host_cache
@@ -39,7 +39,7 @@ frontend ContentSwitching
  use_backend homeassistant_nodes  if host_homeassistant
  use_backend jellyfin if host_jellyfin
  use_backend share_nodes  if host_share
-  use_backend gcw_nodes  if host_gcw
+  use_backend uptime_kuma_nodes  if host_uptime_kuma

 backend audiobookshelf_nodes
  mode http
@@ -68,6 +68,6 @@ backend share_nodes
  mode http
  server server 127.0.0.1:8091

-backend gcw_nodes
+backend uptime_kuma_nodes
  mode http
-  server server 127.0.0.1:8092
+  server server 127.0.0.1:3001
--- a/systems/jeeves/services/home_assistant.nix
+++ b/systems/jeeves/services/home_assistant.nix
@@ -2,24 +2,16 @@ let
  vars = import ../vars.nix;
 in
 {
-  users = {
-    users.hass = {
-      isSystemUser = true;
-      group = "hass";
-    };
-    groups.hass = { };
-  };
-
  services = {
    home-assistant = {
      enable = true;
      openFirewall = true;
-      configDir = vars.home_assistant;
+      configDir = vars.media_home_assistant;
      config = {
        http = {
          server_port = 8123;
          server_host = [
-            "192.168.99.14"
+            "192.168.95.14"
            "192.168.90.40"
            "127.0.0.1"
          ];
@@ -31,12 +23,6 @@ in
          unit_system = "us_customary";
          temperature_unit = "F";
        };
-        recorder = {
-          db_url = "postgresql://@/hass";
-          auto_purge = true;
-          purge_keep_days = 3650;
-          db_retry_wait = 15;
-        };
        assist_pipeline = { };
        backup = { };
        bluetooth = { };
--- a/systems/jeeves/services/jellyfin.nix
+++ b/systems/jeeves/services/jellyfin.nix
@@ -5,6 +5,6 @@ in
  services.jellyfin = {
    enable = true;
    openFirewall = true;
-    dataDir = "${vars.services}/jellyfin";
+    dataDir = "${vars.media_services}/jellyfin";
  };
 }
--- a/systems/jeeves/services/nix_serve.nix
+++ b/systems/jeeves/services/nix_serve.nix
@@ -4,7 +4,7 @@ in
 {
  services.nix-serve = {
    enable = true;
-    secretKeyFile = "${vars.secrets}/services/nix-cache/cache-priv-key.pem";
+    secretKeyFile = "${vars.storage_secrets}/services/nix-cache/cache-priv-key.pem";
    openFirewall = true;
  };
 }
--- a/systems/jeeves/services/postgress.nix
+++ b/systems/jeeves/services/postgress.nix
@@ -10,44 +10,19 @@ in
    package = pkgs.postgresql_17_jit;
    enableTCPIP = true;
    enableJIT = true;
-    dataDir = "${vars.database}/postgres";
+    dataDir = "${vars.media_database}/postgres";

    authentication = pkgs.lib.mkOverride 10 ''

-      # admins
-      local all  postgres   trust
-      host  all  postgres   127.0.0.1/32    trust
-      host  all  postgres   ::1/128         trust 
-
-      local all  richie   trust
-      host  all  richie   127.0.0.1/32    trust
-      host  all  richie   ::1/128         trust
-      host  all  richie   192.168.90.1/24 trust
-      host  all  richie   192.168.99.1/24 trust
-
-
      #type database DBuser origin-address auth-method
-      local hass     hass     trust
+      local all       all     trust

      # ipv4
-      host  hass     hass     192.168.90.1/24 trust
-      host  hass     hass     127.0.0.1/32 trust
+      host  all      all     127.0.0.1/32    trust
+      host  all      all     192.168.90.1/24 trust

      # ipv6
-      host hass      hass     ::1/128         trust
-
-      # megan
-      host  megan    megan    192.168.90.1/24 trust
-      host  megan    megan    127.0.0.1/32 trust
-
-      host  gcw      megan    192.168.90.1/24 trust
-      host  gcw      megan    127.0.0.1/32 trust
-
-      # gcw
-      local gcw      gcw      trust
-      host  gcw      gcw      192.168.90.1/24 trust
-      host  gcw      gcw      127.0.0.1/32 trust
-
+      host all       all     ::1/128         trust
    '';

    identMap = ''
@@ -56,7 +31,6 @@ in
        superuser_map      postgres  postgres
        # Let other names login as themselves
        superuser_map      richie    postgres
-        superuser_map      hass      hass
    '';
    ensureUsers = [
      {
@@ -71,7 +45,6 @@ in
      }
      {
        name = "richie";
-        ensureDBOwnership = true;
        ensureClauses = {
          superuser = true;
          login = true;
@@ -80,44 +53,6 @@ in
          replication = true;
        };
      }
-      {
-        name = "hass";
-        ensureDBOwnership = true;
-        ensureClauses = {
-          login = true;
-          createrole = true;
-          createdb = true;
-          replication = true;
-        };
-      }
-      {
-        name = "megan";
-        ensureDBOwnership = true;
-        ensureClauses = {
-          login = true;
-          createrole = true;
-          createdb = true;
-          replication = true;
-        };
-      }
-      {
-        name = "gcw";
-        ensureDBOwnership = true;
-        ensureClauses = {
-          login = true;
-          createrole = true;
-          createdb = true;
-          replication = true;
-        };
-      }
-    ];
-    ensureDatabases = [
-      "gcw"
-      "hass"
-      "megan"
-      "mxr_dev"
-      "mxr_prod"
-      "richie"
    ];
    # Thank you NotAShelf
    # https://github.com/NotAShelf/nyx/blob/d407b4d6e5ab7f60350af61a3d73a62a5e9ac660/modules/core/roles/server/system/services/databases/postgresql.nix#L74
--- a/systems/jeeves/services/systemd.nix
+++ b/systems/jeeves/services/systemd.nix
@@ -23,7 +23,7 @@ in
        description = "validates startup";
        path = [ pkgs.zfs ];
        serviceConfig = {
-          EnvironmentFile = "${vars.secrets}/services/server-validation";
+          EnvironmentFile = "${vars.storage_secrets}/services/server-validation";
          Type = "oneshot";
          ExecStart = "${inputs.system_tools.packages.x86_64-linux.default}/bin/validate_system --config-file='${./validate_system.toml}'";
        };
--- a/systems/jeeves/services/transmission.nix
+++ b/systems/jeeves/services/transmission.nix
@@ -1,32 +0,0 @@
-{ pkgs, ... }:
-let
-  vars = import ../vars.nix;
-in
-{
-  services.transmission = {
-    enable = true;
-    package = pkgs.transmission_4;
-    webHome = pkgs.flood-for-transmission;
-    home = "${vars.services}/transmission";
-    openPeerPorts = true;
-    openRPCPort = true;
-    downloadDirPermissions = "770";
-    settings = {
-      bind-address-ipv4 = "192.168.99.14";
-      cache-size-mb = 0;
-      download-dir = "${vars.transmission}/complete";
-      download-queue-enabled = false;
-      incomplete-dir = "${vars.transmission_scratch}/incomplete";
-      incomplete-dir-enabled = true;
-      message-level = 3;
-      peer-port = 51413;
-      rpc-bind-address = "0.0.0.0";
-      rpc-host-whitelist = "127.0.0.1,192.168.90.40";
-      rpc-host-whitelist-enabled = true;
-      rpc-port = 9091;
-      rpc-whitelist-enabled = true;
-      rpc-whitelist = "127.0.0.1,192.168.90.49";
-      seed-queue-enabled = false;
-    };
-  };
-}
--- a/systems/jeeves/services/validate_system.toml
+++ b/systems/jeeves/services/validate_system.toml
@@ -1,9 +1,11 @@
-zpool = ["root_pool", "storage", "media"]
+zpool = ["root_pool", "storage", "torrenting", "media"]
 services = [
    "audiobookshelf",
    "cloud_flare_tunnel",
    "haproxy",
+    "docker-qbit",
    "docker-qbitvpn",
+    "docker-uptime_kuma",
    "docker",
    "filebrowser",
    "home-assistant",
--- a/systems/jeeves/syncthing.nix
+++ b/systems/jeeves/syncthing.nix
@@ -5,7 +5,6 @@ in
  networking.firewall.allowedTCPPorts = [ 8384 ];

  services.syncthing = {
-    overrideFolders = false;
    guiAddress = "192.168.90.40:8384";
    settings = {
      devices.davids-server.id = "7GXTDGR-AOXFW2O-K6J7NM3-XYZNRRW-AKHAFWM-GBOWUPQ-OA6JIWD-ER7RDQL"; # cspell:disable-line
@@ -20,7 +19,7 @@ in
        };
        "notes" = {
          id = "l62ul-lpweo"; # cspell:disable-line
-          path = vars.notes;
+          path = vars.media_notes;
          devices = [
            "rhapsody-in-green"
            "davids-server"
@@ -29,7 +28,7 @@ in
        };
        "important" = {
          id = "4ckma-gtshs"; # cspell:disable-line
-          path = "${vars.syncthing}/important";
+          path = "${vars.storage_syncthing}/important";
          devices = [
            "bob"
            "rhapsody-in-green"
@@ -39,7 +38,7 @@ in
        };
        "music" = {
          id = "vprc5-3azqc"; # cspell:disable-line
-          path = "${vars.syncthing}/music";
+          path = "${vars.storage_syncthing}/music";
          devices = [
            "bob"
            "rhapsody-in-green"
@@ -50,14 +49,14 @@ in
        };
        "projects" = {
          id = "vyma6-lqqrz"; # cspell:disable-line
-          path = "${vars.syncthing}/projects";
+          path = "${vars.storage_syncthing}/projects";
          devices = [
            "rhapsody-in-green"
          ];
          fsWatcherEnabled = true;
        };
        "rhapsody-in-green_temp" = {
-          path = "${vars.syncthing}/rhapsody-in-green_temp";
+          path = "${vars.storage_syncthing}/rhapsody-in-green_temp";
          devices = [
            "rhapsody-in-green"
          ];
@@ -72,7 +71,7 @@ in
          fsWatcherEnabled = true;
        };
        "backup" = {
-          path = "${vars.syncthing}/backup";
+          path = "${vars.storage_syncthing}/backup";
          devices = [
            "davids-server"
          ];
@@ -81,7 +80,7 @@ in
        #
        "davids-backup1" = {
          id = "8229p-8z3tm"; # cspell:disable-line
-          path = "${vars.syncthing}/davids_backups/1";
+          path = "${vars.storage_syncthing}/davids_backups/1";
          devices = [
            "davids-server"
          ];
@@ -90,7 +89,7 @@ in
        };
        "davids-backup2" = {
          id = "iciw3-dp6ao"; # cspell:disable-line
-          path = "${vars.syncthing}/davids_backups/2";
+          path = "${vars.storage_syncthing}/davids_backups/2";
          devices = [
            "davids-server"
          ];
@@ -99,7 +98,7 @@ in
        };
        "davids-backup3" = {
          id = "9si6m-bnkjb"; # cspell:disable-line
-          path = "${vars.syncthing}/davids_backups/3";
+          path = "${vars.storage_syncthing}/davids_backups/3";
          devices = [
            "davids-server"
          ];
@@ -108,7 +107,7 @@ in
        };
        "davids-backup4" = {
          id = "qjyfy-uupj4"; # cspell:disable-line
-          path = "${vars.syncthing}/davids_backups/4";
+          path = "${vars.storage_syncthing}/davids_backups/4";
          devices = [
            "davids-server"
          ];
@@ -117,7 +116,7 @@ in
        };
        "davids-backup5" = {
          id = "fm4h5-emsu2"; # cspell:disable-line
-          path = "${vars.syncthing}/davids_backups/5";
+          path = "${vars.storage_syncthing}/davids_backups/5";
          devices = [
            "davids-server"
          ];
--- a/systems/jeeves/vars.nix
+++ b/systems/jeeves/vars.nix
@@ -1,21 +1,28 @@
 let
  zfs_media = "/zfs/media";
  zfs_storage = "/zfs/storage";
-  zfs_scratch = "/zfs/scratch";
+  zfs_torrenting = "/zfs/torrenting";
 in
 {
-  inherit zfs_media zfs_storage zfs_scratch;
-  database = "${zfs_media}/database";
-  docker = "${zfs_media}/docker";
-  docker_configs = "${zfs_media}/docker/configs";
-  home_assistant = "${zfs_media}/home_assistant";
-  notes = "${zfs_media}/notes";
-  qbitvpn = "${zfs_storage}/qbitvpn";
-  qbitvpn_scratch = "${zfs_scratch}/qbitvpn";
-  secrets = "${zfs_storage}/secrets";
-  services = "${zfs_media}/services";
-  share = "${zfs_media}/share";
-  syncthing = "${zfs_storage}/syncthing";
-  transmission = "${zfs_storage}/transmission";
-  transmission_scratch = "${zfs_scratch}/transmission";
+  inherit zfs_media zfs_storage zfs_torrenting;
+  # media
+  media_database = "${zfs_media}/database";
+  media_docker = "${zfs_media}/docker";
+  media_docker_configs = "${zfs_media}/docker/configs";
+  media_mirror = "${zfs_media}/mirror";
+  media_share = "${zfs_media}/share";
+  media_services = "${zfs_media}/services";
+  media_notes = "${zfs_media}/notes";
+  media_plex = "${zfs_media}/plex";
+  media_home_assistant = "${zfs_media}/home_assistant";
+  # storage
+  storage_main = "${zfs_storage}/main";
+  storage_photos = "${zfs_storage}/photos";
+  storage_plex = "${zfs_storage}/plex";
+  storage_secrets = "${zfs_storage}/secrets";
+  storage_syncthing = "${zfs_storage}/syncthing";
+  storage_library = "${zfs_storage}/library";
+  # torrenting
+  torrenting_qbit = "${zfs_torrenting}/qbit";
+  torrenting_qbitvpn = "${zfs_torrenting}/qbitvpn";
 }
--- a/tools/installer.py
+++ b/tools/installer.py
@@ -1,682 +0,0 @@
-"""Install NixOS on a ZFS pool."""
-
-from __future__ import annotations
-
-import curses
-import logging
-import sys
-from collections import defaultdict
-from os import getenv
-from pathlib import Path
-from random import getrandbits
-from subprocess import PIPE, Popen, run
-from time import sleep
-from typing import TYPE_CHECKING
-
-if TYPE_CHECKING:
-    from collections.abc import Sequence
-
-
-def configure_logger(level: str = "INFO") -> None:
-    """Configure the logger.
-    Args:
-        level (str, optional): The logging level. Defaults to "INFO".
-    """
-    logging.basicConfig(
-        level=level,
-        datefmt="%Y-%m-%dT%H:%M:%S%z",
-        format="%(asctime)s %(levelname)s %(filename)s:%(lineno)d - %(message)s",
-        handlers=[logging.StreamHandler(sys.stdout)],
-    )
-
-
-def bash_wrapper(command: str) -> str:
-    """Execute a bash command and capture the output.
-    Args:
-        command (str): The bash command to be executed.
-    Returns:
-        Tuple[str, int]: A tuple containing the output of the command (stdout) as a string,
-        the error output (stderr) as a string (optional), and the return code as an integer.
-    """
-    logging.debug(f"running {command=}")
-    # This is a acceptable risk
-    process = Popen(command.split(), stdout=PIPE, stderr=PIPE)  # noqa: S603
-    output, _ = process.communicate()
-    if process.returncode != 0:
-        error = f"Failed to run command {command=} return code {process.returncode=}"
-        raise RuntimeError(error)
-
-    return output.decode()
-
-
-def partition_disk(disk: str, swap_size: int, reserve: int = 0) -> None:
-    """Partition a disk.
-    Args:
-        disk (str): The disk to partition.
-        swap_size (int): The size of the swap partition in GB.
-            minimum value is 1.
-        reserve (int, optional): The size of the reserve partition in GB. Defaults to 0.
-            minimum value is 0.
-    """
-    logging.info(f"partitioning {disk=}")
-    swap_size = max(swap_size, 1)
-    reserve = max(reserve, 0)
-
-    bash_wrapper(f"blkdiscard -f {disk}")
-
-    if reserve > 0:
-        msg = f"Creating swap partition on {disk=} with size {swap_size=}GiB and reserve {reserve=}GiB"
-        logging.info(msg)
-
-        swap_start = swap_size + reserve
-        swap_partition = f"mkpart swap -{swap_start}GiB -{reserve}GiB "
-    else:
-        logging.info(f"Creating swap partition on {disk=} with size {swap_size=}GiB")
-        swap_start = swap_size
-        swap_partition = f"mkpart swap -{swap_start}GiB 100% "
-
-    logging.debug(f"{swap_partition=}")
-
-    create_partitions = (
-        f"parted --script --align=optimal {disk} -- "
-        "mklabel gpt "
-        "mkpart EFI 1MiB 4GiB "
-        f"mkpart root_pool 4GiB -{swap_start}GiB "
-        f"{swap_partition}"
-        "set 1 esp on"
-    )
-    bash_wrapper(create_partitions)
-
-    logging.info(f"{disk=} successfully partitioned")
-
-
-def create_zfs_pool(pool_disks: Sequence[str], mnt_dir: str) -> None:
-    """Create a ZFS pool.
-    Args:
-        disks (Sequence[str]): A tuple of disks to use for the pool.
-        mnt_dir (str): The mount directory.
-    """
-    if len(pool_disks) <= 0:
-        error = "disks must be a tuple of at least length 1"
-        raise ValueError(error)
-
-    zpool_create = (
-        "zpool create "
-        "-o ashift=12 "
-        "-o autotrim=on "
-        f"-R {mnt_dir} "
-        "-O acltype=posixacl "
-        "-O canmount=off "
-        "-O dnodesize=auto "
-        "-O normalization=formD "
-        "-O relatime=on "
-        "-O xattr=sa "
-        "-O mountpoint=legacy "
-        "-O compression=zstd "
-        "-O atime=off "
-        "root_pool "
-    )
-    if len(pool_disks) == 1:
-        zpool_create += pool_disks[0]
-    else:
-        zpool_create += "mirror "
-        zpool_create += " ".join(pool_disks)
-
-    bash_wrapper(zpool_create)
-    zpools = bash_wrapper("zpool list -o name")
-    if "root_pool" not in zpools.splitlines():
-        logging.critical("Failed to create root_pool")
-        sys.exit(1)
-
-
-def create_zfs_datasets() -> None:
-    """Create ZFS datasets."""
-
-    bash_wrapper("zfs create -o canmount=noauto -o reservation=10G root_pool/root")
-    bash_wrapper("zfs create root_pool/home")
-    bash_wrapper("zfs create root_pool/var -o reservation=1G")
-    bash_wrapper("zfs create -o compression=zstd-9 -o reservation=10G root_pool/nix")
-    datasets = bash_wrapper("zfs list -o name")
-
-    expected_datasets = {
-        "root_pool/root",
-        "root_pool/home",
-        "root_pool/var",
-        "root_pool/nix",
-    }
-    missing_datasets = expected_datasets.difference(datasets.splitlines())
-    if missing_datasets:
-        logging.critical(f"Failed to create pools {missing_datasets}")
-        sys.exit(1)
-
-
-def get_cpu_manufacturer() -> str:
-    """Get the CPU manufacturer."""
-    output = bash_wrapper("cat /proc/cpuinfo")
-
-    id_vendor = {"AuthenticAMD": "amd", "GenuineIntel": "intel"}
-
-    for line in output.splitlines():
-        if "vendor_id" in line:
-            return id_vendor[line.split(": ")[1].strip()]
-
-
-def get_boot_drive_id(disk: str) -> str:
-    """Get the boot drive ID."""
-    output = bash_wrapper(f"lsblk -o UUID {disk}-part1")
-    return output.splitlines()[1]
-
-
-def create_nix_hardware_file(mnt_dir: str, disks: Sequence[str], encrypt: bool) -> None:
-    """Create a NixOS hardware file."""
-
-    cpu_manufacturer = get_cpu_manufacturer()
-
-    devices = ""
-    if encrypt:
-        disk = disks[0]
-
-        devices = (
-            f'     luks.devices."luks-root-pool-{disk.split("/")[-1]}-part2"'
-            "= {\n"
-            f'        device = "{disk}-part2";\n'
-            "        bypassWorkqueues = true;\n"
-            "        allowDiscards = true;\n"
-            "      };\n"
-        )
-
-    host_id = format(getrandbits(32), "08x")
-
-    nix_hardware = (
-        "{ config, lib, modulesPath, ... }:\n"
-        "{\n"
-        '  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];\n\n'
-        "  boot = {\n"
-        "    initrd = {\n"
-        '      availableKernelModules = [ \n        "ahci"\n        "ehci_pci"\n        "nvme"\n        "sd_mod"\n        "usb_storage"\n        "usbhid"\n        "xhci_pci"\n      ];\n'
-        "      kernelModules = [ ];\n"
-        f" {devices}"
-        "    };\n"
-        f'    kernelModules = [ "kvm-{cpu_manufacturer}" ];\n'
-        "    extraModulePackages = [ ];\n"
-        "  };\n\n"
-        "  fileSystems = {\n"
-        '    "/" = lib.mkDefault {\n      device = "root_pool/root";\n      fsType = "zfs";\n    };\n\n'
-        '    "/home" = {\n      device = "root_pool/home";\n      fsType = "zfs";\n    };\n\n'
-        '    "/var" = {\n      device = "root_pool/var";\n      fsType = "zfs";\n    };\n\n'
-        '    "/nix" = {\n      device = "root_pool/nix";\n      fsType = "zfs";\n    };\n\n'
-        '    "/boot" = {\n'
-        f'      device = "/dev/disk/by-uuid/{get_boot_drive_id(disks[0])}";\n'
-        '      fsType = "vfat";\n      options = [\n        "fmask=0077"\n        "dmask=0077"\n      ];\n    };\n  };\n\n'
-        "  swapDevices = [ ];\n\n"
-        "  networking.useDHCP = lib.mkDefault true;\n\n"
-        '  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";\n'
-        f"  hardware.cpu.{cpu_manufacturer}.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;\n"
-        f'  networking.hostId = "{host_id}";\n'
-        "}\n"
-    )
-
-    Path(f"{mnt_dir}/etc/nixos/hardware-configuration.nix").write_text(nix_hardware)
-
-
-def install_nixos(mnt_dir: str, disks: Sequence[str], encrypt: bool) -> None:
-    """Install NixOS."""
-    bash_wrapper(f"mount -o X-mount.mkdir -t zfs root_pool/root {mnt_dir}")
-    bash_wrapper(f"mount -o X-mount.mkdir -t zfs root_pool/home {mnt_dir}/home")
-    bash_wrapper(f"mount -o X-mount.mkdir -t zfs root_pool/var {mnt_dir}/var")
-    bash_wrapper(f"mount -o X-mount.mkdir -t zfs root_pool/nix {mnt_dir}/nix")
-
-    for disk in disks:
-        bash_wrapper(f"mkfs.vfat -n EFI {disk}-part1")
-
-    # set up mirroring afterwards if more than one disk
-    boot_partition = f"mount -t vfat -o fmask=0077,dmask=0077,iocharset=iso8859-1,X-mount.mkdir {disks[0]}-part1 {mnt_dir}/boot"
-    bash_wrapper(boot_partition)
-
-    bash_wrapper(f"nixos-generate-config --root {mnt_dir}")
-
-    create_nix_hardware_file(mnt_dir, disks, encrypt)
-
-    run(("nixos-install", "--root", mnt_dir), check=True)  # noqa: S603
-
-
-def installer(
-    disks: set[str],
-    swap_size: int,
-    reserve: int,
-    encrypt_key: str | None,
-) -> None:
-    """Main."""
-    logging.info("Starting installation")
-
-    for disk in disks:
-        partition_disk(disk, swap_size, reserve)
-
-        if encrypt_key:
-            sleep(1)
-            for command in (
-                f'printf "{encrypt_key}" | cryptsetup luksFormat --type luks2 {disk}-part2 -',
-                f'printf "{encrypt_key}" | cryptsetup luksOpen {disk}-part2 luks-root-pool-{disk.split("/")[-1]}-part2 -',
-            ):
-                run(command, shell=True, check=True)
-
-    mnt_dir = "/tmp/nix_install"  # noqa: S108
-
-    Path(mnt_dir).mkdir(parents=True, exist_ok=True)
-
-    if encrypt_key:
-        pool_disks = [
-            f"/dev/mapper/luks-root-pool-{disk.split('/')[-1]}-part2" for disk in disks
-        ]
-    else:
-        pool_disks = [f"{disk}-part2" for disk in disks]
-
-    create_zfs_pool(pool_disks, mnt_dir)
-
-    create_zfs_datasets()
-
-    install_nixos(mnt_dir, disks, encrypt_key)
-
-    logging.info("Installation complete")
-
-
-class Cursor:
-    def __init__(self):
-        self.x_position = 0
-        self.y_position = 0
-        self.height = 0
-        self.width = 0
-
-    def set_height(self, height: int):
-        self.height = height
-
-    def set_width(self, width: int):
-        self.width = width
-
-    def x_bounce_check(self, cursor: int) -> int:
-        cursor = max(0, cursor)
-        return min(self.width - 1, cursor)
-
-    def y_bounce_check(self, cursor: int) -> int:
-        cursor = max(0, cursor)
-        return min(self.height - 1, cursor)
-
-    def set_x(self, x: int):
-        self.x_position = self.x_bounce_check(x)
-
-    def set_y(self, y: int):
-        self.y_position = self.y_bounce_check(y)
-
-    def get_x(self) -> int:
-        return self.x_position
-
-    def get_y(self) -> int:
-        return self.y_position
-
-    def move_up(self):
-        self.set_y(self.y_position - 1)
-
-    def move_down(self):
-        self.set_y(self.y_position + 1)
-
-    def move_left(self):
-        self.set_x(self.x_position - 1)
-
-    def move_right(self):
-        self.set_x(self.x_position + 1)
-
-    def navigation(self, key: int) -> None:
-        action = {
-            curses.KEY_DOWN: self.move_down,
-            curses.KEY_UP: self.move_up,
-            curses.KEY_RIGHT: self.move_right,
-            curses.KEY_LEFT: self.move_left,
-        }
-
-        action.get(key, lambda: None)()
-
-
-class State:
-    """State class to store the state of the program."""
-
-    def __init__(self):
-        self.key = 0
-        self.cursor = Cursor()
-
-        self.swap_size = 0
-        self.show_swap_input = False
-
-        self.reserve_size = 0
-        self.show_reserve_input = False
-
-        self.selected_device_ids = set()
-
-    def get_selected_devices(self) -> tuple[str]:
-        """Get selected devices."""
-        return tuple(self.selected_device_ids)
-
-
-def get_device(raw_device: str) -> dict[str, str]:
-    raw_device_components = raw_device.split(" ")
-    return {
-        thing.split("=")[0].lower(): thing.split("=")[1].strip('"')
-        for thing in raw_device_components
-    }
-
-
-def get_devices() -> list[dict[str, str]]:
-    """Get a list of devices."""
-    # --bytes
-    raw_devices = bash_wrapper("lsblk --paths --pairs").splitlines()
-    return [get_device(raw_device) for raw_device in raw_devices]
-
-
-def get_device_id_mapping() -> dict[str, set[str]]:
-    """Get a list of device ids.
-    Returns:
-        list[str]: the list of device ids
-    """
-    device_ids = bash_wrapper("find /dev/disk/by-id -type l").splitlines()
-
-    device_id_mapping: dict[str, set[str]] = defaultdict(set)
-
-    for device_id in device_ids:
-        device = bash_wrapper(f"readlink -f {device_id}").strip()
-        device_id_mapping[device].add(device_id)
-
-    return device_id_mapping
-
-
-def calculate_device_menu_padding(
-    devices: list[dict[str, str]], column: str, padding: int = 0
-) -> int:
-    return max(len(device[column]) for device in devices) + padding
-
-
-def draw_device_ids(
-    state: State,
-    row_number: int,
-    menu_start_x: int,
-    std_screen: curses.window,
-    menu_width: list[int],
-    device_ids: set[str],
-) -> tuple[State, int]:
-    for device_id in sorted(device_ids):
-        row_number = row_number + 1
-        if row_number == state.cursor.get_y() and state.cursor.get_x() in menu_width:
-            std_screen.attron(curses.A_BOLD)
-            if state.key == ord(" "):
-                if device_id not in state.selected_device_ids:
-                    state.selected_device_ids.add(device_id)
-                else:
-                    state.selected_device_ids.remove(device_id)
-
-        if device_id in state.selected_device_ids:
-            std_screen.attron(curses.color_pair(7))
-
-        std_screen.addstr(row_number, menu_start_x, f"  {device_id}")
-
-        std_screen.attroff(curses.color_pair(7))
-        std_screen.attroff(curses.A_BOLD)
-
-    return state, row_number
-
-
-def draw_device_menu(
-    std_screen: curses.window,
-    devices: list[dict[str, str]],
-    device_id_mapping: dict[str, set[str]],
-    state: State,
-    menu_start_y: int = 0,
-    menu_start_x: int = 0,
-) -> State:
-    """draw the device menu and handle user input
-    Args:
-        std_screen (curses.window): the curses window to draw on
-        devices (list[dict[str, str]]): the list of devices to draw
-        device_id_mapping (dict[str, set[str]]): the list of device ids to draw
-        state (State): the state object to update
-        menu_start_y (int, optional): the y position to start drawing the menu. Defaults to 0.
-        menu_start_x (int, optional): the x position to start drawing the menu. Defaults to 0.
-    Returns:
-        State: the updated state object
-    """
-    padding = 2
-
-    name_padding = calculate_device_menu_padding(devices, "name", padding)
-    size_padding = calculate_device_menu_padding(devices, "size", padding)
-    type_padding = calculate_device_menu_padding(devices, "type", padding)
-    mountpoints_padding = calculate_device_menu_padding(devices, "mountpoints", padding)
-
-    device_header = f"{'Name':{name_padding}}{'Size':{size_padding}}{'Type':{type_padding}}{'Mountpoints':{mountpoints_padding}}"
-
-    menu_width = range(menu_start_x, len(device_header) + menu_start_x)
-
-    std_screen.addstr(menu_start_y, menu_start_x, device_header, curses.color_pair(5))
-    devises_list_start = menu_start_y + 1
-
-    row_number = devises_list_start
-
-    for device in devices:
-        row_number = row_number + 1
-        device_name = device["name"]
-        device_row = (
-            f"{device_name:{name_padding}}"
-            f"{device['size']:{size_padding}}"
-            f"{device['type']:{type_padding}}"
-            f"{device['mountpoints']:{mountpoints_padding}}"
-        )
-        std_screen.addstr(row_number, menu_start_x, device_row)
-
-        state, row_number = draw_device_ids(
-            state=state,
-            row_number=row_number,
-            menu_start_x=menu_start_x,
-            std_screen=std_screen,
-            menu_width=menu_width,
-            device_ids=device_id_mapping[device_name],
-        )
-
-    return state, row_number
-
-
-def debug_menu(std_screen: curses.window, key: int) -> None:
-    height, width = std_screen.getmaxyx()
-    width_height = "Width: {}, Height: {}".format(width, height)
-    std_screen.addstr(height - 4, 0, width_height, curses.color_pair(5))
-
-    key_pressed = f"Last key pressed: {key}"[: width - 1]
-    if key == 0:
-        key_pressed = "No key press detected..."[: width - 1]
-    std_screen.addstr(height - 3, 0, key_pressed)
-
-    for i in range(0, 8):
-        std_screen.addstr(height - 2, i * 3, f"{i}██", curses.color_pair(i))
-
-
-def status_bar(
-    std_screen: curses.window,
-    cursor: Cursor,
-    width: int,
-    height: int,
-) -> None:
-    std_screen.attron(curses.A_REVERSE)
-    std_screen.attron(curses.color_pair(3))
-
-    status_bar = (
-        f"Press 'q' to exit | STATUS BAR | Pos: {cursor.get_x()}, {cursor.get_y()}"
-    )
-    std_screen.addstr(height - 1, 0, status_bar)
-    std_screen.addstr(height - 1, len(status_bar), " " * (width - len(status_bar) - 1))
-
-    std_screen.attroff(curses.color_pair(3))
-    std_screen.attroff(curses.A_REVERSE)
-
-
-def set_color() -> None:
-    curses.start_color()
-    curses.use_default_colors()
-    for i in range(0, curses.COLORS):
-        curses.init_pair(i + 1, i, -1)
-
-
-def get_text_input(std_screen: curses.window, prompt: str, y: int, x: int) -> str:
-    curses.echo()
-    std_screen.addstr(y, x, prompt)
-    input_str = ""
-    while True:
-        key = std_screen.getch()
-        if key == ord("\n"):
-            break
-        elif key == 27:  # ESC key
-            input_str = ""
-            break
-        elif key in (curses.KEY_BACKSPACE, ord("\b"), 127):
-            input_str = input_str[:-1]
-            std_screen.addstr(y, x + len(prompt), input_str + " ")
-        else:
-            input_str += chr(key)
-        std_screen.refresh()
-    curses.noecho()
-    return input_str
-
-
-def swap_size_input(
-    std_screen: curses.window,
-    state: State,
-    swap_offset: int,
-) -> State:
-    swap_size_text = "Swap size (GB): "
-    std_screen.addstr(swap_offset, 0, f"{swap_size_text}{state.swap_size}")
-    if state.key == ord("\n") and state.cursor.get_y() == swap_offset:
-        state.show_swap_input = True
-
-    if state.show_swap_input:
-        swap_size_str = get_text_input(std_screen, swap_size_text, swap_offset, 0)
-        try:
-            state.swap_size = int(swap_size_str)
-            state.show_swap_input = False
-        except ValueError:
-            std_screen.addstr(
-                swap_offset, 0, "Invalid input. Press any key to continue."
-            )
-            std_screen.getch()
-            state.show_swap_input = False
-
-    return state
-
-
-def reserve_size_input(
-    std_screen: curses.window,
-    state: State,
-    reserve_offset: int,
-) -> State:
-    reserve_size_text = "reserve size (GB): "
-    std_screen.addstr(reserve_offset, 0, f"{reserve_size_text}{state.reserve_size}")
-    if state.key == ord("\n") and state.cursor.get_y() == reserve_offset:
-        state.show_reserve_input = True
-
-    if state.show_reserve_input:
-        reserve_size_str = get_text_input(
-            std_screen, reserve_size_text, reserve_offset, 0
-        )
-        try:
-            state.reserve_size = int(reserve_size_str)
-            state.show_reserve_input = False
-        except ValueError:
-            std_screen.addstr(
-                reserve_offset, 0, "Invalid input. Press any key to continue."
-            )
-            std_screen.getch()
-            state.show_reserve_input = False
-
-    return state
-
-
-def draw_menu(std_screen: curses.window) -> State:
-    """draw the menu and handle user input
-    Args:
-        std_screen (curses.window): the curses window to draw on
-    Returns:
-        State: the state object
-    """
-    # Clear and refresh the screen for a blank canvas
-    std_screen.clear()
-    std_screen.refresh()
-
-    set_color()
-
-    state = State()
-
-    devices = get_devices()
-
-    device_id_mapping = get_device_id_mapping()
-
-    # Loop where k is the last character pressed
-    while state.key != ord("q"):
-        std_screen.clear()
-        height, width = std_screen.getmaxyx()
-
-        state.cursor.set_height(height)
-        state.cursor.set_width(width)
-
-        state.cursor.navigation(state.key)
-
-        state, device_menu_size = draw_device_menu(
-            std_screen=std_screen,
-            state=state,
-            devices=devices,
-            device_id_mapping=device_id_mapping,
-        )
-
-        swap_offset = device_menu_size + 2
-
-        swap_size_input(
-            std_screen=std_screen,
-            state=state,
-            swap_offset=swap_offset,
-        )
-        reserve_size_input(
-            std_screen=std_screen,
-            state=state,
-            reserve_offset=swap_offset + 1,
-        )
-
-        status_bar(std_screen, state.cursor, width, height)
-
-        debug_menu(std_screen, state.key)
-
-        std_screen.move(state.cursor.get_y(), state.cursor.get_x())
-
-        std_screen.refresh()
-
-        state.key = std_screen.getch()
-
-    return state
-
-
-def main() -> None:
-    configure_logger("DEBUG")
-
-    state = curses.wrapper(draw_menu)
-
-    encrypt_key = getenv("ENCRYPT_KEY")
-
-    logging.info("installing_nixos")
-    logging.info(f"disks: {state.selected_device_ids}")
-    logging.info(f"swap_size: {state.swap_size}")
-    logging.info(f"reserve: {state.reserve_size}")
-    logging.info(f"encrypted: {bool(encrypt_key)}")
-
-    sleep(3)
-
-    installer(
-        disks=state.get_selected_devices(),
-        swap_size=state.swap_size,
-        reserve=state.reserve_size,
-        encrypt_key=encrypt_key,
-    )
-
-
-if __name__ == "__main__":
-    main()
--- a/users/gaming/home/firefox.nix
+++ b/users/gaming/home/firefox.nix
@@ -0,0 +1,250 @@
+{ inputs, ... }:
+{
+  programs.firefox = {
+    enable = true;
+    profiles.richie = {
+      extensions = with inputs.firefox-addons.packages.x86_64-linux; [
+        bitwarden
+        darkreader
+        dearrow
+        fastforwardteam
+        return-youtube-dislikes
+        sponsorblock
+        ublock-origin
+      ];
+      search = {
+        force = true;
+        default = "Google";
+        order = [ "Google" ];
+      };
+      settings = {
+
+        # SECTION: FASTFOX
+        # GENERAL
+        "content.notify.interval" = 100000;
+
+        # GFX
+        "gfx.canvas.accelerated.cache-items" = 4096;
+        "gfx.canvas.accelerated.cache-size" = 512;
+        "gfx.content.skia-font-cache-size" = 20;
+
+        # DISK CACHE
+        "browser.cache.jsbc_compression_level" = 3;
+
+        # MEDIA CACHE
+        "media.memory_cache_max_size" = 65536;
+        "media.cache_readahead_limit" = 7200;
+        "media.cache_resume_threshold" = 3600;
+
+        # IMAGE CACHE
+        "image.mem.decode_bytes_at_a_time" = 32768;
+
+        # NETWORK
+        "network.buffer.cache.size" = 262144;
+        "network.buffer.cache.count" = 128;
+        "network.http.max-connections" = 1800;
+        "network.http.max-persistent-connections-per-server" = 10;
+        "network.http.max-urgent-start-excessive-connections-per-host" = 5;
+        "network.http.pacing.requests.enabled" = false;
+        "network.dnsCacheExpiration" = 3600;
+        "network.dns.max_high_priority_threads" = 8;
+        "network.ssl_tokens_cache_capacity" = 10240;
+
+        # SPECULATIVE LOADING
+        "network.dns.disablePrefetch" = true;
+        "network.prefetch-next" = false;
+        "network.predictor.enabled" = false;
+
+        # EXPERIMENTAL
+        "layout.css.grid-template-masonry-value.enabled" = true;
+        "dom.enable_web_task_scheduling" = true;
+        "layout.css.has-selector.enabled" = true;
+        "dom.security.sanitizer.enabled" = true;
+
+        # SECTION: SECUREFOX
+        # TRACKING PROTECTION
+        "browser.contentblocking.category" = "strict";
+        "urlclassifier.trackingSkipURLs" = "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com";
+        "urlclassifier.features.socialtracking.skipURLs" = "*.instagram.com, *.twitter.com, *.twimg.com";
+        "network.cookie.sameSite.noneRequiresSecure" = true;
+        "browser.download.start_downloads_in_tmp_dir" = true;
+        "browser.helperApps.deleteTempFileOnExit" = true;
+        "browser.uitour.enabled" = false;
+        "privacy.globalprivacycontrol.enabled" = true;
+
+        # OCSP & CERTS / HPKP
+        "security.OCSP.enabled" = 0;
+        "security.remote_settings.crlite_filters.enabled" = true;
+        "security.pki.crlite_mode" = 2;
+
+        # SSL / TLS
+        "security.ssl.treat_unsafe_negotiation_as_broken" = true;
+        "browser.xul.error_pages.expert_bad_cert" = true;
+        "security.tls.enable_0rtt_data" = false;
+
+        # DISK AVOIDANCE
+        "browser.privatebrowsing.forceMediaMemoryCache" = true;
+        "browser.sessionstore.interval" = 60000;
+
+        # SHUTDOWN & SANITIZING
+        "privacy.history.custom" = true;
+
+        # SEARCH / URL BAR
+        "browser.search.separatePrivateDefault.ui.enabled" = true;
+        "browser.urlbar.update2.engineAliasRefresh" = true;
+        # PREF: restore search engine suggestions
+        "browser.search.suggest.enabled" = true;
+        "browser.urlbar.suggest.quicksuggest.sponsored" = false;
+        "browser.urlbar.suggest.quicksuggest.nonsponsored" = false;
+        "browser.formfill.enable" = false;
+        "security.insecure_connection_text.enabled" = true;
+        "security.insecure_connection_text.pbmode.enabled" = true;
+        "network.IDN_show_punycode" = true;
+
+        # HTTPS-FIRST POLICY
+        "dom.security.https_first" = true;
+        "dom.security.https_first_schemeless" = true;
+
+        # PASSWORDS
+        "signon.formlessCapture.enabled" = false;
+        "signon.rememberSignons" = false;
+        "signon.privateBrowsingCapture.enabled" = false;
+        "network.auth.subresource-http-auth-allow" = 1;
+        "editor.truncate_user_pastes" = false;
+
+        # MIXED CONTENT + CROSS-SITE
+        "security.mixed_content.block_display_content" = true;
+        "security.mixed_content.upgrade_display_content" = true;
+        "security.mixed_content.upgrade_display_content.image" = true;
+        "pdfjs.enableScripting" = false;
+        "extensions.postDownloadThirdPartyPrompt" = false;
+
+        # HEADERS / REFERERS
+        "network.http.referer.XOriginTrimmingPolicy" = 2;
+
+        # CONTAINERS
+        "privacy.userContext.ui.enabled" = true;
+
+        # WEBRTC
+        "media.peerconnection.ice.proxy_only_if_behind_proxy" = true;
+        "media.peerconnection.ice.default_address_only" = true;
+
+        # SAFE BROWSING
+        "browser.safebrowsing.downloads.remote.enabled" = false;
+
+        # MOZILLA
+        # PREF: allow websites to ask you to receive site notifications
+        "permissions.default.desktop-notification" = 0; # allow websites to ask
+        # PREF: allow websites to ask you for your location
+        "permissions.default.geo" = 0;
+        "geo.provider.network.url" =
+          "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
+        "permissions.manager.defaultsUrl" = "";
+        "webchannel.allowObject.urlWhitelist" = "";
+
+        # TELEMETRY
+        "datareporting.policy.dataSubmissionEnabled" = false;
+        "datareporting.healthreport.uploadEnabled" = false;
+        "toolkit.telemetry.unified" = false;
+        "toolkit.telemetry.enabled" = false;
+        "toolkit.telemetry.server" = "data:,";
+        "toolkit.telemetry.archive.enabled" = false;
+        "toolkit.telemetry.newProfilePing.enabled" = false;
+        "toolkit.telemetry.shutdownPingSender.enabled" = false;
+        "toolkit.telemetry.updatePing.enabled" = false;
+        "toolkit.telemetry.bhrPing.enabled" = false;
+        "toolkit.telemetry.firstShutdownPing.enabled" = false;
+        "toolkit.telemetry.coverage.opt-out" = true;
+        "toolkit.coverage.opt-out" = true;
+        "toolkit.coverage.endpoint.base" = "";
+        "browser.ping-centre.telemetry" = false;
+        "browser.newtabpage.activity-stream.feeds.telemetry" = false;
+        "browser.newtabpage.activity-stream.telemetry" = false;
+
+        # EXPERIMENTS
+        "app.shield.optoutstudies.enabled" = false;
+        "app.normandy.enabled" = false;
+        "app.normandy.api_url" = "";
+
+        # CRASH REPORTS
+        "breakpad.reportURL" = "";
+        "browser.tabs.crashReporting.sendReport" = false;
+        "browser.crashReports.unsubmittedCheck.autoSubmit2" = false;
+
+        # DETECTION
+        "captivedetect.canonicalURL" = "";
+        "network.captive-portal-service.enabled" = false;
+        "network.connectivity-service.enabled" = false;
+
+        # SECTION: PESKYFOX
+        # MOZILLA UI
+        "browser.privatebrowsing.vpnpromourl" = "";
+        "extensions.getAddons.showPane" = false;
+        "extensions.htmlaboutaddons.recommendations.enabled" = false;
+        "browser.discovery.enabled" = false;
+        "browser.shell.checkDefaultBrowser" = false;
+        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
+        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false;
+        "browser.preferences.moreFromMozilla" = false;
+        "browser.tabs.tabmanager.enabled" = false;
+        "browser.aboutConfig.showWarning" = false;
+        "browser.aboutwelcome.enabled" = false;
+
+        # THEME ADJUSTMENTS
+        "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
+        "browser.compactmode.show" = true;
+        "browser.display.focus_ring_on_anything" = true;
+        "browser.display.focus_ring_style" = 0;
+        "browser.display.focus_ring_width" = 0;
+        "layout.css.prefers-color-scheme.content-override" = 2;
+
+        # COOKIE BANNER HANDLING
+        "cookiebanners.service.mode" = 1;
+        "cookiebanners.service.mode.privateBrowsing" = 1;
+
+        # FULLSCREEN NOTICE
+        "full-screen-api.transition-duration.enter" = "0 0";
+        "full-screen-api.transition-duration.leave" = "0 0";
+        "full-screen-api.warning.delay" = -1;
+        "full-screen-api.warning.timeout" = 0;
+
+        # URL BAR
+        "browser.urlbar.suggest.calculator" = true;
+        "browser.urlbar.unitConversion.enabled" = true;
+        "browser.urlbar.trending.featureGate" = false;
+
+        # NEW TAB PAGE
+        "browser.newtabpage.activity-stream.feeds.topsites" = false;
+        "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
+
+        # POCKET
+        "extensions.pocket.enabled" = false;
+
+        # DOWNLOADS
+        "browser.download.always_ask_before_handling_new_types" = true;
+        "browser.download.manager.addToRecentDocs" = false;
+
+        # PDF
+        "browser.download.open_pdf_attachments_inline" = true;
+
+        # TAB BEHAVIOR
+        "browser.bookmarks.openInTabClosesMenu" = false;
+        "browser.menu.showViewImageInfo" = true;
+        "findbar.highlightAll" = true;
+        "layout.word_select.eat_space_to_next_word" = false;
+
+        # SECTION: MY OVERRIDES
+        "browser.startup.homepage" = "https://google.com";
+        "identity.fxaccounts.enabled" = false;
+
+        # SECTION SMOOTHFOX
+        # OPTION: SHARPEN SCROLLING                                                           *
+        "apz.overscroll.enabled" = true; # DEFAULT NON-LINUX
+        "mousewheel.min_line_scroll_amount" = 10; # 10-40; adjust this number to your liking; default=5
+        "general.smoothScroll.mouseWheel.durationMinMS" = 80; # default=50
+        "general.smoothScroll.currentVelocityWeighting" = "0.15"; # default=.25
+        "general.smoothScroll.stopDecelerationWeighting" = "0.6"; # default=.4
+      };
+    };
+  };
+}
--- a/users/gaming/home/programs.nix
+++ b/users/gaming/home/programs.nix
@@ -2,7 +2,5 @@
 {
  home.packages = with pkgs; [
    chromium
-    vscode
-    firefox
  ];
 }
--- a/users/gaming/systems/bob.nix
+++ b/users/gaming/systems/bob.nix
@@ -1,5 +1,6 @@
 {
  imports = [
    ../home/global.nix
+    ../home/firefox.nix
  ];
 }
--- a/users/megan/default.nix
+++ b/users/megan/default.nix
@@ -1,30 +0,0 @@
-{
-  pkgs,
-  config,
-  ...
-}:
-{
-  sops.secrets.megan_password = {
-    sopsFile = ../secrets.yaml;
-    neededForUsers = true;
-  };
-
-  users = {
-    users.megan = {
-      isNormalUser = true;
-      hashedPasswordFile = "${config.sops.secrets.megan_password.path}";
-
-      shell = pkgs.zsh;
-      group = "megan";
-      extraGroups = [
-        "audio"
-        "video"
-        "users"
-      ];
-      uid = 1101;
-    };
-
-    groups.megan.gid = 1101;
-  };
-  home-manager.users.megan = import ./systems/${config.networking.hostName}.nix;
-}
--- a/users/megan/home/cli/default.nix
+++ b/users/megan/home/cli/default.nix
@@ -1,9 +0,0 @@
-{
-  imports = [
-    ./direnv.nix
-    ./git.nix
-    ./zsh.nix
-  ];
-
-  programs.starship.enable = true;
-}
--- a/users/megan/home/cli/direnv.nix
+++ b/users/megan/home/cli/direnv.nix
@@ -1,8 +0,0 @@
-{
-
-  programs.direnv = {
-    enable = true;
-    enableZshIntegration = true;
-    nix-direnv.enable = true;
-  };
-}
--- a/users/megan/home/cli/git.nix
+++ b/users/megan/home/cli/git.nix
@@ -1,12 +0,0 @@
-{
-  programs.git = {
-    enable = true;
-    userEmail = "mousikos112@gmail.com";
-    userName = "megan";
-    extraConfig = {
-      pull.rebase = true;
-      color.ui = true;
-    };
-    lfs.enable = true;
-  };
-}
--- a/users/megan/home/cli/zsh.nix
+++ b/users/megan/home/cli/zsh.nix
@@ -1,31 +0,0 @@
-{
-  programs.zsh = {
-    enable = true;
-    syntaxHighlighting.enable = true;
-    history.size = 10000;
-    oh-my-zsh = {
-      enable = true;
-      plugins = [
-        "git"
-        "docker"
-        "docker-compose"
-        "colored-man-pages"
-        "rust"
-        "systemd"
-        "tmux"
-        "ufw"
-        "z"
-      ];
-    };
-    shellAliases = {
-      "lrt" = "eza --icons -lsnew";
-      "ls" = "eza";
-      "ll" = "eza --long --group";
-      "la" = "eza --all";
-
-      "rspace" = "'for f in *\ *; do mv \"$f\" \"\${f// /_}\"; done'";
-      "rebuild" = "sudo nixos-rebuild switch --flake /home/richie/dotfiles#$HOST";
-      "nix-test" = "nixos-rebuild test --flake /home/richie/dotfiles";
-    };
-  };
-}
--- a/users/megan/home/global.nix
+++ b/users/megan/home/global.nix
@@ -1,18 +0,0 @@
-{ config, ... }:
-{
-  imports = [
-    ./cli
-    ./programs.nix
-  ];
-
-  programs = {
-    home-manager.enable = true;
-    git.enable = true;
-  };
-
-  home = {
-    username = "megan";
-    homeDirectory = "/home/${config.home.username}";
-    stateVersion = "24.05";
-  };
-}
--- a/users/megan/home/programs.nix
+++ b/users/megan/home/programs.nix
@@ -1,42 +0,0 @@
-{ pkgs, ... }:
-{
-  home.packages = with pkgs; [
-    # cli
-    bat
-    btop
-    eza
-    fd
-    ffmpegthumbnailer
-    fzf
-    git
-    gnupg
-    imagemagick
-    jq
-    ncdu
-    neofetch
-    ouch
-    p7zip
-    poppler
-    rar
-    ripgrep
-    starship
-    tmux
-    unzip
-    yazi
-    zoxide
-    # system info
-    hwloc
-    lynis
-    pciutils
-    smartmontools
-    usbutils
-    # networking
-    iperf3
-    nmap
-    wget
-    # python
-    poetry
-    python313
-    ruff
-  ];
-}
--- a/users/megan/systems/jeeves.nix
+++ b/users/megan/systems/jeeves.nix
@@ -1,5 +0,0 @@
-{
-  imports = [
-    ../home/global.nix
-  ];
-}
--- a/users/richie/default.nix
+++ b/users/richie/default.nix
@@ -39,7 +39,6 @@ in
          "networkmanager"
          "plugdev"
          "scanner"
-          "transmission"
          "uaccess"
          "wireshark"
        ];
--- a/users/richie/home/cli/zsh.nix
+++ b/users/richie/home/cli/zsh.nix
@@ -23,9 +23,9 @@
      "ll" = "eza --long --group";
      "la" = "eza --all";

-      "rebuild" = "sudo nixos-rebuild switch --flake $HOME/dotfiles#$HOST";
-      "rebuild_backup" =
-        "sudo nixos-rebuild switch --flake $HOME/dotfiles#$HOST --option substituters 'https://nix-community.cachix.org' --option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY='";
+      "rspace" = "'for f in *\ *; do mv \"$f\" \"\${f// /_}\"; done'";
+      "rebuild" = "sudo nixos-rebuild switch --flake /home/richie/dotfiles#$HOST";
+      "build_iso" = "nix build .#nixosConfigurations.installer.config.system.build.isoImage";
    };
  };
 }
--- a/users/richie/home/gui/default.nix
+++ b/users/richie/home/gui/default.nix
@@ -12,7 +12,6 @@
    discord-canary
    gimp
    gparted
-    # jetbrains.datagrip
    mediainfo
    nemo
    nemo-fileroller
--- a/users/richie/home/gui/firefox/default.nix
+++ b/users/richie/home/gui/firefox/default.nix
@@ -5,7 +5,7 @@
  programs.firefox = {
    enable = true;
    profiles.richie = {
-      extensions.packages = with inputs.firefox-addons.packages.x86_64-linux; [
+      extensions = with inputs.firefox-addons.packages.x86_64-linux; [
        bitwarden
        darkreader
        dearrow
@@ -19,8 +19,8 @@
        default = "kagi";
        order = [
          "kagi"
-          "ddg"
-          "google"
+          "DuckDuckGo"
+          "Google"
        ];
      };
      settings = {
--- a/users/richie/home/gui/vscode/default.nix
+++ b/users/richie/home/gui/vscode/default.nix
@@ -1,6 +1,6 @@
 { config, pkgs, ... }:
 let
-  vscode_dir = "/home/richie/dotfiles/users/richie/home/gui/vscode";
+  vscode_dir = "/home/richie/projects/nix-dotfiles/users/richie/home/gui/vscode";
 in
 {
  # mutable symlinks to key binds and settings
--- a/users/richie/home/gui/vscode/settings.json
+++ b/users/richie/home/gui/vscode/settings.json
@@ -15,7 +15,6 @@
  "terminal.integrated.scrollback": 10000,
  "update.mode": "none",
  "workbench.colorTheme": "Default Dark+",
-  "workbench.secondarySideBar.showLabels": false,

  // turns off all sounds and announcements
  "accessibility.signals.terminalCommandFailed": {
@@ -48,7 +47,6 @@
  // formatters
  "[html]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
  "[jsonc]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
-  "[json]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
  "[markdown]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
  "[nix]": { "editor.defaultFormatter": "jnoortheen.nix-ide" },
  "[python]": { "editor.defaultFormatter": "charliermarsh.ruff" },
@@ -64,9 +62,6 @@
  "nix.enableLanguageServer": true,
  "nix.serverPath": "nil",

-  // python tools
-  "mypy.runUsingActiveInterpreter": true,
-
  // force the use of rust-analyzer from dev shell
  "rust-analyzer.server.path": "rust-analyzer",
  "redhat.telemetry.enabled": true,
--- a/users/richie/home/programs.nix
+++ b/users/richie/home/programs.nix
@@ -38,7 +38,6 @@
    poetry
    python313
    ruff
-    uv
    # Rust packages
    trunk
    wasm-pack
--- a/users/richie/home/ssh_config.nix
+++ b/users/richie/home/ssh_config.nix
@@ -11,7 +11,7 @@
        dynamicForwards = [ { port = 9050; } ];
      };
      unlock-jeeves = {
-        hostname = "192.168.99.14";
+        hostname = "192.168.95.14";
        user = "root";
        identityFile = "~/.ssh/id_ed25519";
        port = 2222;
--- a/users/secrets.yaml
+++ b/users/secrets.yaml
@@ -1,8 +1,10 @@
 richie_password: ENC[AES256_GCM,data:DMi3M8aqrQ60APIofr8wJMh+VZ14hLRxz6jWZgzswr0pV/QVSX53ShBFr90ruO3mucOLYv0l+bI31covfqMAhXWBJp9wUgtC2Q==,iv:qgtn30hZfIL4dBnQSLkjbo7zPJA4m9TR0f52sTFc0v4=,tag:ydLbcGyXjv0fE+4b5ECX5w==,type:str]
 gaming_password: ENC[AES256_GCM,data:i692UsQaCOjE4V1y9d8yYDlK+TRMIprCHJkhl1UBZRMqe9a2LTUtmbbn/xlCYQd2tADJvn+dkx1jLfV4CqaqWOj5YSUFfpgsEw==,iv:3Y7hXQcmpzNN7hF+BDvO52uFB4o5D0dHvxemJ0ZoSIM=,tag:zzLGNDVAMCs2GPMqXp2BtQ==,type:str]
-megan_password: ENC[AES256_GCM,data:Udrs9OWFI2TDM1yxRwfy7uiONh1G3Mr9HabwpmRykp1Xw9KK+q245nxN7QQbR0AiTCyyyivhn6GB2+DvBBY/6UrN5iGs+LaXgg==,iv:n02HzE8jvWM5xDfaPB9BHxtfoAZQ/Tk80XuySY2NyoU=,tag:L9wPVy7zt6mp09qWhzdLpg==,type:str]
-gcw_password: ENC[AES256_GCM,data:T5CliWyyw4igunGRokOW7dNTOQ7DbOhM4gLa8YN4gbVLEVU7n3jxAVF9Uy9zM7LBBqdLvyXnqGzC1HBSBmE+pKBV7YIN3aQkng==,iv:SLq4aeLHdwfq0+A4N6UO4Dz7oBoC0ZDKBr74hheHQFw=,tag:4a71PZcyzoWjOmYEPx07ag==,type:str]
 sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
    age:
        - recipient: age1u8zj599elqqvcmhxn8zuwrufsz8w8w366d3ayrljjejljt2q45kq8mxw9c
          enc: |
@@ -49,7 +51,8 @@ sops:
            UzQzWEFtSDJwR201cmZoeXh5T0RmSk0KWLOpw5cWbtnfVP/ISa7n1vZchoD+nxmn
            7yr7igpEIro0Sd238KinOQYswVaT0NHB9p1dSW/mN+aGQliSNLzkDQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-06-05T00:52:15Z"
-    mac: ENC[AES256_GCM,data:FVj9SmI6uq5ujIX3NwFSLcappRIX0K1U/GXks4Wj0gJH//Tqo5Ur07+WdE5JNmHdS1gXW34RhzFmEbQ9KR2OoP8cfTG+a7qCftzEQbV5aBBEMxstsl48TLtRTwRuSrEnVOHh/0EfFOkXTUO/rVS4jDmd57eAB6OBJQePQk+P+0Q=,iv:P1aeFC+6xG4Koph0Dynwek/861OsH1asui3qtpu1JUI=,tag:1RYayU758c+yAULOgQuWgw==,type:str]
+    lastmodified: "2025-01-07T20:13:43Z"
+    mac: ENC[AES256_GCM,data:Q5fmv+MRVYGUQ4j+28CcGWHmgT1178N+haVS9xa0c99OKuPZdfSndAG0QVDhh/jYq+7zXs6zzLtBjB+egkoDfxJXfJOmg3E46UMO3vDHaEcIZD16ZbWJaz4Z/+yabqhDURKtgfGiu4xPv3OtGbwcP5kud17WcHNfY/LT+Y+LSD8=,iv:y3K3kCroIh+RTplUe4tM8B9rbLgIHCbE6FJawngam8Q=,tag:2VTIWlLp4cOwm18BfIlz5g==,type:str]
+    pgp: []
    unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.9.2
Author	SHA1	Message	Date
Richie Cahill	d2bd57aa16	monthly iso build	2025-02-17 12:07:44 -05:00
Richie Cahill	698f571961	adding git and python313 to installeriso	2025-02-17 11:54:39 -05:00
Richie Cahill	11a84e06e8	moved installer.py to system_tools	2025-02-15 19:25:08 -05:00
Richie Cahill	43b582fb33	creating a custom installer iso	2025-02-15 19:25:08 -05:00