fixed brendans-system host name

.github/workflows/build_systems.yml

@@ -15,11 +15,10 @@ jobs:
           - "bob"
           - "jeeves"
           - "rhapsody-in-green"
+          - "brendans-system"
     steps:
       - uses: actions/checkout@v4
       - name: Build default package
         run: "nixos-rebuild build --flake ./#${{ matrix.system }}"
       - name: copy to nix-cache
-        env:
-          NIX_SSHOPTS: "-vvvv"
         run: nix copy --to ssh://jeeves .#nixosConfigurations.${{ matrix.system }}.config.system.build.toplevel

.github/workflows/treefmt.yml

@@ -0,0 +1,15 @@
+name: treefmt
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  treefmt:
+    name: nix fmt
+    runs-on: self-hosted
+    steps:
+      - uses: actions/checkout@v4
+      - name: runs treefmt
+        run: "treefmt --ci"

.vscode/settings.json

@@ -42,6 +42,8 @@
     "Compat",
     "contentblocking",
     "cookiebanners",
+    "createdb",
+    "createrole",
     "crlite",
     "cryptsetup",
     "darkreader",
@@ -144,6 +146,7 @@
     "Networkd",
     "networkmanager",
     "newtabpage",
+    "nixfmt",
     "nixos",
     "nixpkgs",
     "nmap",
@@ -231,6 +234,7 @@
     "sysstat",
     "tabmanager",
     "tamasfe",
+    "TCPIP",
     "tiktok",
     "timonwong",
     "tmmworkshop",
@@ -238,6 +242,7 @@
     "topsites",
     "topstories",
     "torrenting",
+    "treefmt",
     "twimg",
     "uaccess",
     "ublock",

common/global/nix.nix

@@ -2,9 +2,11 @@
   inputs,
   lib,
   ...
-}: let
+}:
+let
   flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
-in {
+in
+{
   nix = {
     settings = {
       trusted-users = [

common/global/snapshot_manager.nix

@@ -1,4 +1,10 @@
-{ inputs, pkgs, lib, config, ... }:
+{
+  inputs,
+  pkgs,
+  lib,
+  config,
+  ...
+}:
 let
   cfg = config.services.snapshot_manager;
 in

common/optional/printing.nix

@@ -2,6 +2,9 @@
 {
   services.printing = {
     enable = true;
-    drivers = with pkgs; [ gutenprint hplip ];
+    drivers = with pkgs; [
+      gutenprint
+      hplip
+    ];
   };
 }

common/optional/steam.nix

@@ -1,6 +1,9 @@
 { pkgs, ... }:
 {
-  environment.systemPackages = with pkgs; [mangohud steam-run];
+  environment.systemPackages = with pkgs; [
+    mangohud
+    steam-run
+  ];
   hardware.steam-hardware.enable = true;
 
   programs = {

flake.nix

@@ -49,7 +49,8 @@
     };
   };
 
-  outputs = {
+  outputs =
+    {
       self,
       nixpkgs,
       home-manager,
@@ -57,7 +58,8 @@
       nixos-cosmic,
       sops-nix,
       ...
-  } @ inputs: let
+    }@inputs:
+    let
       inherit (self) outputs;
       lib = nixpkgs.lib // home-manager.lib;
       forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system});
@@ -68,12 +70,13 @@
           config.allowUnfree = true;
         }
       );
-  in {
+    in
+    {
       inherit lib;
       overlays = import ./overlays { inherit inputs outputs; };
 
       devShells = forEachSystem (pkgs: import ./shell.nix { inherit pkgs; });
-    formatter = forEachSystem (pkgs: pkgs.alejandra);
+      formatter = forEachSystem (pkgs: pkgs.treefmt);
 
       nixosConfigurations = {
         bob = lib.nixosSystem {
@@ -94,6 +97,12 @@
           ];
           specialArgs = { inherit inputs outputs; };
         };
+        brendans-system = lib.nixosSystem {
+          modules = [
+            ./systems/brendans-system
+          ];
+          specialArgs = { inherit inputs outputs; };
+        };
       };
     };
 }

overlays/default.nix

@@ -1,4 +1,5 @@
-{inputs, ...}: {
+{ inputs, ... }:
+{
   # When applied, the stable nixpkgs set (declared in the flake inputs) will be accessible through 'pkgs.stable'
   stable = final: _prev: {
     stable = import inputs.nixpkgs-stable {

shell.nix

@@ -1,4 +1,8 @@
-{pkgs ? import <nixpkgs> {}, ...}: {
+{
+  pkgs ? import <nixpkgs> { },
+  ...
+}:
+{
   default = pkgs.mkShell {
     NIX_CONFIG = "extra-experimental-features = nix-command flakes ca-derivations";
     nativeBuildInputs = with pkgs; [

systems/brendans-system/default.nix

@@ -0,0 +1,37 @@
+{
+  imports = [
+    ../../users/brendan
+    ../../common/global
+    ../../common/optional/desktop.nix
+    ../../common/optional/docker.nix
+    ../../common/optional/steam.nix
+    ../../common/optional/systemd-boot.nix
+    ../../common/optional/update.nix
+    ../../common/optional/zerotier.nix
+    ./hardware.nix
+    ./nvidia.nix
+    ./programs.nix
+  ];
+
+  networking = {
+    hostName = "brendans-system";
+    hostId = "7c678a41";
+    firewall.enable = true;
+    networkmanager.enable = true;
+  };
+
+  services = {
+    displayManager = {
+      enable = true;
+      autoLogin = {
+        user = "gaming";
+        enable = true;
+      };
+      defaultSession = "plasma";
+    };
+
+    openssh.ports = [ 262 ];
+  };
+
+  system.stateVersion = "24.05";
+}

systems/brendans-system/hardware.nix

@@ -0,0 +1,69 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "nvme"
+        "xhci_pci"
+        "ahci"
+        "usbhid"
+        "usb_storage"
+        "sd_mod"
+      ];
+      kernelModules = [ ];
+      luks.devices."luks-root-pool-nvme-Samsung_SSD_990_PRO_with_Heatsink_1TB_S73JNJ0X114418B-part2" = {
+        device = "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_with_Heatsink_1TB_S73JNJ0X114418B-part2";
+        bypassWorkqueues = true;
+        allowDiscards = true;
+        keyFileSize = 4096;
+        keyFile = "/dev/disk/by-id/usb-Samsung_Flash_Drive_FIT_0374620080067131-0:0";
+      };
+    };
+    kernelModules = [ "kvm-amd" ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems = {
+    "/" = lib.mkDefault {
+      device = "root_pool/root";
+      fsType = "zfs";
+    };
+
+    "/home" = {
+      device = "root_pool/home";
+      fsType = "zfs";
+    };
+
+    "/var" = {
+      device = "root_pool/var";
+      fsType = "zfs";
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/609D-FF29";
+      fsType = "vfat";
+      options = [
+        "fmask=0077"
+        "dmask=0077"
+      ];
+    };
+  };
+
+  swapDevices = [ ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

systems/brendans-system/nvidia.nix

@@ -0,0 +1,14 @@
+{ config, ... }:
+{
+  services.xserver.videoDrivers = [ "nvidia" ];
+  hardware = {
+    nvidia = {
+      modesetting.enable = true;
+      powerManagement.enable = true;
+      package = config.boot.kernelPackages.nvidiaPackages.beta;
+      nvidiaSettings = true;
+      open = true;
+    };
+    nvidia-container-toolkit.enable = true;
+  };
+}

systems/brendans-system/programs.nix

@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    jellyfin-media-player
+  ];
+}

systems/jeeves/docker/qbit.nix

@@ -3,8 +3,15 @@ let
 in
 {
   networking.firewall = {
-    allowedTCPPorts = [ 6881 8082 29432 ]; 
+    allowedTCPPorts = [
-    allowedUDPPorts = [ 6881 29432 ];
+      6881
+      8082
+      29432
+    ];
+    allowedUDPPorts = [
+      6881
+      29432
+    ];
   };
   virtualisation.oci-containers.containers.qbit = {
     image = "ghcr.io/linuxserver/qbittorrent:5.0.2";

systems/jeeves/docker/qbitvpn.nix

@@ -3,7 +3,11 @@ let
 in
 {
   networking.firewall = {
-    allowedTCPPorts = [ 6882 8081 8118 ];
+    allowedTCPPorts = [
+      6882
+      8081
+      8118
+    ];
     allowedUDPPorts = [ 6882 ];
   };
   virtualisation.oci-containers.containers.qbitvpn = {

systems/jeeves/hardware.nix

@@ -1,4 +1,9 @@
-{ config, lib, modulesPath, ... }:
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
 {
   imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
 
@@ -88,22 +93,32 @@
           bypassWorkqueues = true;
           allowDiscards = true;
         };
-        "luks-storage_pool-wwn-0x5000cca23bc438dd-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bc438dd-part1";
+        "luks-storage_pool-wwn-0x5000cca23bc438dd-part1".device =
-        "luks-storage_pool-wwn-0x5000cca23bd035f5-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bd035f5-part1";
+          "/dev/disk/by-id/wwn-0x5000cca23bc438dd-part1";
-        "luks-storage_pool-wwn-0x5000cca23bd00ad6-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bd00ad6-part1";
+        "luks-storage_pool-wwn-0x5000cca23bd035f5-part1".device =
-        "luks-storage_pool-wwn-0x5000cca23bcf313e-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bcf313e-part1";
+          "/dev/disk/by-id/wwn-0x5000cca23bd035f5-part1";
-        "luks-storage_pool-wwn-0x5000cca23bcdf3b8-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bcdf3b8-part1";
+        "luks-storage_pool-wwn-0x5000cca23bd00ad6-part1".device =
-        "luks-storage_pool-wwn-0x5000cca23bd02746-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bd02746-part1";
+          "/dev/disk/by-id/wwn-0x5000cca23bd00ad6-part1";
-        "luks-storage_pool-wwn-0x5000cca23bcf9f89-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bcf9f89-part1";
+        "luks-storage_pool-wwn-0x5000cca23bcf313e-part1".device =
-        "luks-storage_pool-wwn-0x5000cca23bd00ae9-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bd00ae9-part1";
+          "/dev/disk/by-id/wwn-0x5000cca23bcf313e-part1";
+        "luks-storage_pool-wwn-0x5000cca23bcdf3b8-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bcdf3b8-part1";
+        "luks-storage_pool-wwn-0x5000cca23bd02746-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bd02746-part1";
+        "luks-storage_pool-wwn-0x5000cca23bcf9f89-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bcf9f89-part1";
+        "luks-storage_pool-wwn-0x5000cca23bd00ae9-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca23bd00ae9-part1";
         # Torrenting pool
         "luks-torrenting_pool-wwn-0x500a0751e6c3c01e-part1" = {
           device = "/dev/disk/by-id/wwn-0x500a0751e6c3c01e-part1";
           bypassWorkqueues = true;
           allowDiscards = true;
         };
-        "luks-torrenting_pool-wwn-0x5000cca264f080a3-part1".device = "/dev/disk/by-id/wwn-0x5000cca264f080a3-part1";
+        "luks-torrenting_pool-wwn-0x5000cca264f080a3-part1".device =
-        "luks-torrenting_pool-wwn-0x5000cca298c33ae5-part1".device = "/dev/disk/by-id/wwn-0x5000cca298c33ae5-part1";
+          "/dev/disk/by-id/wwn-0x5000cca264f080a3-part1";
+        "luks-torrenting_pool-wwn-0x5000cca298c33ae5-part1".device =
+          "/dev/disk/by-id/wwn-0x5000cca298c33ae5-part1";
         # cspell:enable
       };
     };
@@ -122,8 +137,8 @@
       fsType = "zfs";
     };
 
-    "/nix" =
+    "/nix" = {
-    { device = "root_pool/nix";
+      device = "root_pool/nix";
       fsType = "zfs";
     };
 

systems/jeeves/networking.nix

@@ -7,32 +7,12 @@
   };
 
   systemd.network = {
-
     enable = true;
-
-    netdevs = {
-      "20-ioit-vlan" = {
-        netdevConfig = {
-          Kind = "vlan";
-          Name = "ioit-vlan";
-        };
-        vlanConfig.Id = 20;
-      };
-      "21-internal-ioit-vlan" = {
-        netdevConfig = {
-          Kind = "vlan";
-          Name = "internal-ioit-vlan";
-        };
-        vlanConfig.Id = 21;
-      };
-    };
-
     networks = {
       "10-1GB_Primary" = {
         matchConfig.Name = "enp98s0f0";
         address = [ "192.168.95.14/24" ];
         routes = [ { Gateway = "192.168.95.1"; } ];
-        vlan = [ "ioit-vlan" "internal-ioit-vlan" ];
         linkConfig.RequiredForOnline = "routable";
       };
       "10-1GB_Secondary" = {
@@ -48,19 +28,6 @@
         matchConfig.Name = "enp97s0f1np1";
         DHCP = "yes";
       };
-      "40-ioit-vlan" = {
-        matchConfig.Name = "ioit-vlan";
-        DHCP = "yes";
     };
-      "41-internal-ioit-vlan" = {
-        matchConfig.Name = "internal-ioit-vlan";
-        DHCP = "yes";
-      };
-    };
-  };
-
-  services.zerotierone = {
-    enable = true;
-    joinNetworks = [ "e4da7455b2ae64ca" ];
   };
 }

systems/jeeves/runners/default.nix

@@ -15,7 +15,6 @@
     groups.github-runners.gid = 601;
   };
 
-
   services.nix_builder.containers = {
     nix-builder-0.enable = true;
     nix-builder-1.enable = true;

systems/jeeves/runners/nix_builder.nix

@@ -7,14 +7,20 @@ let
 in
 {
   options.services.nix_builder.containers = mkOption {
-    type = types.attrsOf (types.submodule ({ name, ... }: {
+    type = types.attrsOf (
+      types.submodule (
+        { name, ... }:
+        {
           options.enable = mkEnableOption "GitHub runner container";
-    }));
+        }
+      )
+    );
     default = { };
     description = "GitHub runner container configurations";
   };
 
-  config.containers = mapAttrs (name: cfg:
+  config.containers = mapAttrs (
+    name: cfg:
     mkIf cfg.enable {
       autoStart = true;
       bindMounts = {
@@ -25,7 +31,14 @@ in
         "/secrets".mountPoint = "${vars.storage_secrets}/services/github-runners/${name}";
         "ssh-keys".mountPoint = "${vars.storage_secrets}/services/github-runners/id_ed25519_github-runners";
       };
-      config = { config, pkgs, lib, ... }: {
+      config =
+        {
+          config,
+          pkgs,
+          lib,
+          ...
+        }:
+        {
           nix.settings = {
             trusted-substituters = [
               "https://cache.nixos.org"
@@ -65,7 +78,12 @@ in
             tokenFile = "${vars.storage_secrets}/services/github-runners/${name}";
             user = "github-runners";
             group = "github-runners";
-            extraPackages = with pkgs; [ nixos-rebuild openssh ];
+            extraPackages = with pkgs; [
+              nixfmt-rfc-style
+              nixos-rebuild
+              openssh
+              treefmt
+            ];
           };
           users = {
             users.github-runners = {

systems/jeeves/services/audiobookshelf.nix

@@ -8,6 +8,7 @@ in
     openFirewall = true;
     host = "192.168.90.40";
   };
-  systemd.services.audiobookshelf.serviceConfig.WorkingDirectory = lib.mkForce "${vars.media_docker_configs}/audiobookshelf";
+  systemd.services.audiobookshelf.serviceConfig.WorkingDirectory =
+    lib.mkForce "${vars.media_docker_configs}/audiobookshelf";
   users.users.audiobookshelf.home = lib.mkForce "${vars.media_docker_configs}/audiobookshelf";
 }

systems/jeeves/services/cloud_flare_tunnel.nix

@@ -15,4 +15,3 @@ in
     };
   };
 }
-

systems/jeeves/services/haproxy.nix

@@ -1,5 +1,8 @@
 {
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
 
   services.haproxy = {
     enable = true;

systems/jeeves/services/home_assistant.nix

@@ -13,7 +13,6 @@ in
           server_host = [
             "192.168.95.14"
             "192.168.90.40"
-            "192.168.98.4"
           ];
           use_x_forwarded_for = true;
           trusted_proxies = "192.168.95.0/24";

systems/jeeves/services/postgress.nix

@@ -0,0 +1,127 @@
+{ pkgs, ... }:
+let
+  vars = import ../vars.nix;
+in
+{
+  networking.firewall.allowedTCPPorts = [ 5432 ];
+
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_17_jit;
+    enableTCPIP = true;
+    enableJIT = true;
+    dataDir = "${vars.media_database}/postgres";
+
+    authentication = pkgs.lib.mkOverride 10 ''
+
+      #type database DBuser origin-address auth-method
+      local all       all     trust
+
+      # ipv4
+      host  all      all     127.0.0.1/32    trust
+      host  all      all     192.168.90.1/24 trust
+
+      # ipv6
+      host all       all     ::1/128         trust
+    '';
+
+    identMap = ''
+      # ArbitraryMapName systemUser DBUser
+        superuser_map      root      postgres
+        superuser_map      postgres  postgres
+        # Let other names login as themselves
+        superuser_map      richie    postgres
+    '';
+    ensureUsers = [
+      {
+        name = "postgres";
+        ensureClauses = {
+          superuser = true;
+          login = true;
+          createrole = true;
+          createdb = true;
+          replication = true;
+        };
+      }
+      {
+        name = "richie";
+        ensureClauses = {
+          superuser = true;
+          login = true;
+          createrole = true;
+          createdb = true;
+          replication = true;
+        };
+      }
+    ];
+    # Thank you NotAShelf
+    # https://github.com/NotAShelf/nyx/blob/d407b4d6e5ab7f60350af61a3d73a62a5e9ac660/modules/core/roles/server/system/services/databases/postgresql.nix#L74
+    settings = {
+      # Connectivity;
+      max_connections = 100;
+      superuser_reserved_connections = 3;
+
+      # Memory Settings;
+      shared_buffers = "1024 MB";
+      work_mem = "32 MB";
+      maintenance_work_mem = "320 MB";
+      huge_pages = "off";
+      effective_cache_size = "2 GB";
+      effective_io_concurrency = 100; # concurrent IO only really activated if OS supports posix_fadvise function;
+      random_page_cost = 1.25; # speed of random disk access relative to sequential access (1.0);
+
+      # Monitoring;
+      shared_preload_libraries = "pg_stat_statements,auto_explain"; # per statement resource usage stats & log explain statements for slow queries
+      track_io_timing = "on"; # measure exact block IO times;
+      track_functions = "pl"; # track execution times of pl-language procedures if any;
+      # Replication;
+      wal_level = "replica"; # consider using at least "replica";
+      max_wal_senders = 0;
+      synchronous_commit = "on";
+
+      # Checkpointing: ;
+      checkpoint_timeout = "15 min";
+      checkpoint_completion_target = 0.9;
+      max_wal_size = "1024 MB";
+      min_wal_size = "512 MB";
+
+      # WAL writing;
+      wal_compression = "on";
+      wal_buffers = -1; # auto-tuned by Postgres till maximum of segment size (16MB by default);
+      wal_writer_delay = "200ms";
+      wal_writer_flush_after = "1MB";
+
+      # Background writer;
+      bgwriter_delay = "200ms";
+      bgwriter_lru_maxpages = 100;
+      bgwriter_lru_multiplier = 2.0;
+      bgwriter_flush_after = 0;
+
+      # Parallel queries: ;
+      max_worker_processes = 6;
+      max_parallel_workers_per_gather = 3;
+      max_parallel_maintenance_workers = 3;
+      max_parallel_workers = 6;
+      parallel_leader_participation = "on";
+
+      # Advanced features ;
+      enable_partitionwise_join = "on";
+      enable_partitionwise_aggregate = "on";
+      jit = "on";
+
+      jit_above_cost = 100000;
+      jit_inline_above_cost = 150000;
+      jit_optimize_above_cost = 500000;
+
+      # log slow queries
+      log_min_duration_statement = 100;
+      "auto_explain.log_min_duration" = 100;
+
+      # logging configuration
+      log_connections = true;
+      log_statement = "all";
+      logging_collector = true;
+      log_disconnections = true;
+    };
+  };
+}

systems/rhapsody-in-green/hardware.nix

@@ -1,4 +1,9 @@
-{ config, lib, modulesPath, ... }:
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
 {
   imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
 

tools/installer.py

@@ -266,7 +266,7 @@ def installer(
 
     if encrypt_key:
         pool_disks = [
-            f'/dev/mapper/luks-root-pool-{disk.split("/")[-1]}-part2' for disk in disks
+            f"/dev/mapper/luks-root-pool-{disk.split('/')[-1]}-part2" for disk in disks
         ]
     else:
         pool_disks = [f"{disk}-part2" for disk in disks]
@@ -448,7 +448,7 @@ def draw_device_menu(
     type_padding = calculate_device_menu_padding(devices, "type", padding)
     mountpoints_padding = calculate_device_menu_padding(devices, "mountpoints", padding)
 
-    device_header = f"{"Name":{name_padding}}{"Size":{size_padding}}{"Type":{type_padding}}{"Mountpoints":{mountpoints_padding}}"
+    device_header = f"{'Name':{name_padding}}{'Size':{size_padding}}{'Type':{type_padding}}{'Mountpoints':{mountpoints_padding}}"
 
     menu_width = range(menu_start_x, len(device_header) + menu_start_x)
 

treefmt.toml

@@ -0,0 +1,14 @@
+# One CLI to format the code tree - https://github.com/numtide/treefmt
+
+[global]
+# Glob patterns of files to exclude
+excludes = [".git/"]
+
+
+[formatter.nixfmt]
+# Formatter to run
+command = "nixfmt"
+# Command-line arguments for the command
+#options = []
+# Glob pattern of files to include
+includes = ["*.nix"]

users/brendan/default.nix

@@ -0,0 +1,49 @@
+{
+  pkgs,
+  config,
+  ...
+}:
+let
+  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+in
+{
+
+  sops.secrets.brendan_password = {
+    sopsFile = ../secrets.yaml;
+    neededForUsers = true;
+  };
+
+  users = {
+    users.brendan = {
+      isNormalUser = true;
+
+      hashedPasswordFile = "${config.sops.secrets.brendan_password.path}";
+
+      shell = pkgs.zsh;
+      group = "brendan";
+      extraGroups =
+        [
+          "audio"
+          "video"
+          "wheel"
+          "users"
+        ]
+        ++ ifTheyExist [
+          "dialout"
+          "docker"
+          "hass"
+          "libvirtd"
+          "networkmanager"
+          "plugdev"
+          "scanner"
+          "uaccess"
+          "wireshark"
+        ];
+      uid = 1001;
+    };
+
+    groups.brendan.gid = 1001;
+  };
+
+  home-manager.users.brendan = import ./systems/${config.networking.hostName}.nix;
+}

users/brendan/home/cli/default.nix

@@ -0,0 +1,9 @@
+{
+  imports = [
+    ./direnv.nix
+    ./git.nix
+    ./zsh.nix
+  ];
+
+  programs.starship.enable = true;
+}

users/brendan/home/cli/direnv.nix

@@ -0,0 +1,8 @@
+{
+
+  programs.direnv = {
+    enable = true;
+    enableZshIntegration = true;
+    nix-direnv.enable = true;
+  };
+}

users/brendan/home/cli/git.nix

@@ -0,0 +1,12 @@
+{
+  programs.git = {
+    enable = true;
+    userEmail = "XXXXXXXXXXXXXXXXX";
+    userName = "XXXXXXXXXXXXXXXXX";
+    extraConfig = {
+      pull.rebase = true;
+      color.ui = true;
+    };
+    lfs.enable = true;
+  };
+}

users/brendan/home/cli/zsh.nix

@@ -0,0 +1,29 @@
+{
+  programs.zsh = {
+    enable = true;
+    syntaxHighlighting.enable = true;
+    history.size = 10000;
+    oh-my-zsh = {
+      enable = true;
+      plugins = [
+        "git"
+        "docker"
+        "docker-compose"
+        "colored-man-pages"
+        "rust"
+        "systemd"
+        "tmux"
+        "ufw"
+        "z"
+      ];
+    };
+    shellAliases = {
+      "lrt" = "eza --icons -lsnew";
+      "ls" = "eza";
+      "ll" = "eza --long --group";
+      "la" = "eza --all";
+
+      "rebuild" = "sudo nixos-rebuild switch --flake /home/brendan/dotfiles#$HOST";
+    };
+  };
+}

users/brendan/home/global.nix

@@ -0,0 +1,21 @@
+{ config, ... }:
+{
+  imports = [
+    ./cli
+    ./programs.nix
+  ];
+
+  programs = {
+    home-manager.enable = true;
+    git.enable = true;
+  };
+
+  home = {
+    username = "brendan";
+    homeDirectory = "/home/${config.home.username}";
+    stateVersion = "24.05";
+    sessionVariables = {
+      FLAKE = "$HOME/dotfiles";
+    };
+  };
+}

users/brendan/home/gui/default.nix

@@ -0,0 +1,28 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ./firefox
+    ./vscode
+  ];
+
+  home.packages = with pkgs; [
+    candy-icons
+    chromium
+    discord-canary
+    gimp
+    gparted
+    mediainfo
+    nemo
+    nemo-fileroller
+    obs-studio
+    obsidian
+    prismlauncher
+    proxychains
+    prusa-slicer
+    signal-desktop
+    sweet-nova
+    util-linux
+    vlc
+    zoom-us
+  ];
+}

users/brendan/home/gui/firefox/default.nix

@@ -0,0 +1,255 @@
+{ inputs, ... }:
+{
+  imports = [ ./search_engines.nix ];
+
+  programs.firefox = {
+    enable = true;
+    profiles.richie = {
+      extensions = with inputs.firefox-addons.packages.x86_64-linux; [
+        bitwarden
+        darkreader
+        dearrow
+        fastforwardteam
+        return-youtube-dislikes
+        sponsorblock
+        ublock-origin
+      ];
+      search = {
+        force = true;
+        default = "kagi";
+        order = [
+          "kagi"
+          "DuckDuckGo"
+          "Google"
+        ];
+      };
+      settings = {
+        # SECTION: FASTFOX
+        # GENERAL
+        "content.notify.interval" = 100000;
+
+        # GFX
+        "gfx.canvas.accelerated.cache-items" = 4096;
+        "gfx.canvas.accelerated.cache-size" = 512;
+        "gfx.content.skia-font-cache-size" = 20;
+
+        # DISK CACHE
+        "browser.cache.jsbc_compression_level" = 3;
+
+        # MEDIA CACHE
+        "media.memory_cache_max_size" = 65536;
+        "media.cache_readahead_limit" = 7200;
+        "media.cache_resume_threshold" = 3600;
+
+        # IMAGE CACHE
+        "image.mem.decode_bytes_at_a_time" = 32768;
+
+        # NETWORK
+        "network.buffer.cache.size" = 262144;
+        "network.buffer.cache.count" = 128;
+        "network.http.max-connections" = 1800;
+        "network.http.max-persistent-connections-per-server" = 10;
+        "network.http.max-urgent-start-excessive-connections-per-host" = 5;
+        "network.http.pacing.requests.enabled" = false;
+        "network.dnsCacheExpiration" = 3600;
+        "network.dns.max_high_priority_threads" = 8;
+        "network.ssl_tokens_cache_capacity" = 10240;
+
+        # SPECULATIVE LOADING
+        "network.dns.disablePrefetch" = true;
+        "network.prefetch-next" = false;
+        "network.predictor.enabled" = false;
+
+        # EXPERIMENTAL
+        "layout.css.grid-template-masonry-value.enabled" = true;
+        "dom.enable_web_task_scheduling" = true;
+        "layout.css.has-selector.enabled" = true;
+        "dom.security.sanitizer.enabled" = true;
+
+        # SECTION: SECUREFOX
+        # TRACKING PROTECTION
+        "browser.contentblocking.category" = "strict";
+        "urlclassifier.trackingSkipURLs" = "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com";
+        "urlclassifier.features.socialtracking.skipURLs" = "*.instagram.com, *.twitter.com, *.twimg.com";
+        "network.cookie.sameSite.noneRequiresSecure" = true;
+        "browser.download.start_downloads_in_tmp_dir" = true;
+        "browser.helperApps.deleteTempFileOnExit" = true;
+        "browser.uitour.enabled" = false;
+        "privacy.globalprivacycontrol.enabled" = true;
+
+        # OCSP & CERTS / HPKP
+        "security.OCSP.enabled" = 0;
+        "security.remote_settings.crlite_filters.enabled" = true;
+        "security.pki.crlite_mode" = 2;
+
+        # SSL / TLS
+        "security.ssl.treat_unsafe_negotiation_as_broken" = true;
+        "browser.xul.error_pages.expert_bad_cert" = true;
+        "security.tls.enable_0rtt_data" = false;
+
+        # DISK AVOIDANCE
+        "browser.privatebrowsing.forceMediaMemoryCache" = true;
+        "browser.sessionstore.interval" = 60000;
+
+        # SHUTDOWN & SANITIZING
+        "privacy.history.custom" = true;
+
+        # SEARCH / URL BAR
+        "browser.search.separatePrivateDefault.ui.enabled" = true;
+        "browser.urlbar.update2.engineAliasRefresh" = true;
+        # PREF: restore search engine suggestions
+        "browser.search.suggest.enabled" = true;
+        "browser.urlbar.suggest.quicksuggest.sponsored" = false;
+        "browser.urlbar.suggest.quicksuggest.nonsponsored" = false;
+        "browser.formfill.enable" = false;
+        "security.insecure_connection_text.enabled" = true;
+        "security.insecure_connection_text.pbmode.enabled" = true;
+        "network.IDN_show_punycode" = true;
+
+        # HTTPS-FIRST POLICY
+        "dom.security.https_first" = true;
+        "dom.security.https_first_schemeless" = true;
+
+        # PASSWORDS
+        "signon.formlessCapture.enabled" = false;
+        "signon.rememberSignons" = false;
+        "signon.privateBrowsingCapture.enabled" = false;
+        "network.auth.subresource-http-auth-allow" = 1;
+        "editor.truncate_user_pastes" = false;
+
+        # MIXED CONTENT + CROSS-SITE
+        "security.mixed_content.block_display_content" = true;
+        "security.mixed_content.upgrade_display_content" = true;
+        "security.mixed_content.upgrade_display_content.image" = true;
+        "pdfjs.enableScripting" = false;
+        "extensions.postDownloadThirdPartyPrompt" = false;
+
+        # HEADERS / REFERERS
+        "network.http.referer.XOriginTrimmingPolicy" = 2;
+
+        # CONTAINERS
+        "privacy.userContext.ui.enabled" = true;
+
+        # WEBRTC
+        "media.peerconnection.ice.proxy_only_if_behind_proxy" = true;
+        "media.peerconnection.ice.default_address_only" = true;
+
+        # SAFE BROWSING
+        "browser.safebrowsing.downloads.remote.enabled" = false;
+
+        # MOZILLA
+        # PREF: allow websites to ask you to receive site notifications
+        "permissions.default.desktop-notification" = 0; # allow websites to ask
+        # PREF: allow websites to ask you for your location
+        "permissions.default.geo" = 0;
+        "geo.provider.network.url" =
+          "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
+        "permissions.manager.defaultsUrl" = "";
+        "webchannel.allowObject.urlWhitelist" = "";
+
+        # TELEMETRY
+        "datareporting.policy.dataSubmissionEnabled" = false;
+        "datareporting.healthreport.uploadEnabled" = false;
+        "toolkit.telemetry.unified" = false;
+        "toolkit.telemetry.enabled" = false;
+        "toolkit.telemetry.server" = "data:,";
+        "toolkit.telemetry.archive.enabled" = false;
+        "toolkit.telemetry.newProfilePing.enabled" = false;
+        "toolkit.telemetry.shutdownPingSender.enabled" = false;
+        "toolkit.telemetry.updatePing.enabled" = false;
+        "toolkit.telemetry.bhrPing.enabled" = false;
+        "toolkit.telemetry.firstShutdownPing.enabled" = false;
+        "toolkit.telemetry.coverage.opt-out" = true;
+        "toolkit.coverage.opt-out" = true;
+        "toolkit.coverage.endpoint.base" = "";
+        "browser.ping-centre.telemetry" = false;
+        "browser.newtabpage.activity-stream.feeds.telemetry" = false;
+        "browser.newtabpage.activity-stream.telemetry" = false;
+
+        # EXPERIMENTS
+        "app.shield.optoutstudies.enabled" = false;
+        "app.normandy.enabled" = false;
+        "app.normandy.api_url" = "";
+
+        # CRASH REPORTS
+        "breakpad.reportURL" = "";
+        "browser.tabs.crashReporting.sendReport" = false;
+        "browser.crashReports.unsubmittedCheck.autoSubmit2" = false;
+
+        # DETECTION
+        "captivedetect.canonicalURL" = "";
+        "network.captive-portal-service.enabled" = false;
+        "network.connectivity-service.enabled" = false;
+
+        # SECTION: PESKYFOX
+        # MOZILLA UI
+        "browser.privatebrowsing.vpnpromourl" = "";
+        "extensions.getAddons.showPane" = false;
+        "extensions.htmlaboutaddons.recommendations.enabled" = false;
+        "browser.discovery.enabled" = false;
+        "browser.shell.checkDefaultBrowser" = false;
+        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
+        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false;
+        "browser.preferences.moreFromMozilla" = false;
+        "browser.tabs.tabmanager.enabled" = false;
+        "browser.aboutConfig.showWarning" = false;
+        "browser.aboutwelcome.enabled" = false;
+
+        # THEME ADJUSTMENTS
+        "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
+        "browser.compactmode.show" = true;
+        "browser.display.focus_ring_on_anything" = true;
+        "browser.display.focus_ring_style" = 0;
+        "browser.display.focus_ring_width" = 0;
+        "layout.css.prefers-color-scheme.content-override" = 2;
+
+        # COOKIE BANNER HANDLING
+        "cookiebanners.service.mode" = 1;
+        "cookiebanners.service.mode.privateBrowsing" = 1;
+
+        # FULLSCREEN NOTICE
+        "full-screen-api.transition-duration.enter" = "0 0";
+        "full-screen-api.transition-duration.leave" = "0 0";
+        "full-screen-api.warning.delay" = -1;
+        "full-screen-api.warning.timeout" = 0;
+
+        # URL BAR
+        "browser.urlbar.suggest.calculator" = true;
+        "browser.urlbar.unitConversion.enabled" = true;
+        "browser.urlbar.trending.featureGate" = false;
+
+        # NEW TAB PAGE
+        "browser.newtabpage.activity-stream.feeds.topsites" = false;
+        "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
+
+        # POCKET
+        "extensions.pocket.enabled" = false;
+
+        # DOWNLOADS
+        "browser.download.always_ask_before_handling_new_types" = true;
+        "browser.download.manager.addToRecentDocs" = false;
+
+        # PDF
+        "browser.download.open_pdf_attachments_inline" = true;
+
+        # TAB BEHAVIOR
+        "browser.bookmarks.openInTabClosesMenu" = false;
+        "browser.menu.showViewImageInfo" = true;
+        "findbar.highlightAll" = true;
+        "layout.word_select.eat_space_to_next_word" = false;
+
+        # SECTION: MY OVERRIDES
+        "browser.startup.homepage" = "https://google.com";
+        "identity.fxaccounts.enabled" = false;
+
+        # SECTION SMOOTHFOX
+        # OPTION: SHARPEN SCROLLING                                                           *
+        "apz.overscroll.enabled" = true; # DEFAULT NON-LINUX
+        "mousewheel.min_line_scroll_amount" = 10; # 10-40; adjust this number to your liking; default=5
+        "general.smoothScroll.mouseWheel.durationMinMS" = 80; # default=50
+        "general.smoothScroll.currentVelocityWeighting" = "0.15"; # default=.25
+        "general.smoothScroll.stopDecelerationWeighting" = "0.6"; # default=.4
+      };
+    };
+  };
+}

users/brendan/home/gui/firefox/github.svg

@@ -0,0 +1,3 @@
+<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M16 0C7.16 0 0 7.16 0 16C0 23.08 4.58 29.06 10.94 31.18C11.74 31.32 12.04 30.84 12.04 30.42C12.04 30.04 12.02 28.78 12.02 27.44C8 28.18 6.96 26.46 6.64 25.56C6.46 25.1 5.68 23.68 5 23.3C4.44 23 3.64 22.26 4.98 22.24C6.24 22.22 7.14 23.4 7.44 23.88C8.88 26.3 11.18 25.62 12.1 25.2C12.24 24.16 12.66 23.46 13.12 23.06C9.56 22.66 5.84 21.28 5.84 15.16C5.84 13.42 6.46 11.98 7.48 10.86C7.32 10.46 6.76 8.82 7.64 6.62C7.64 6.62 8.98 6.2 12.04 8.26C13.32 7.9 14.68 7.72 16.04 7.72C17.4 7.72 18.76 7.9 20.04 8.26C23.1 6.18 24.44 6.62 24.44 6.62C25.32 8.82 24.76 10.46 24.6 10.86C25.62 11.98 26.24 13.4 26.24 15.16C26.24 21.3 22.5 22.66 18.94 23.06C19.52 23.56 20.02 24.52 20.02 26.02C20.02 28.16 20 29.88 20 30.42C20 30.84 20.3 31.34 21.1 31.18C27.42 29.06 32 23.06 32 16C32 7.16 24.84 0 16 0V0Z" fill="white"/>
+</svg>

users/brendan/home/gui/firefox/search_engines.nix

@@ -0,0 +1,84 @@
+{ pkgs, ... }:
+{
+  programs.firefox.profiles.richie.search.engines = {
+    "Nix Options" = {
+      urls = [
+        {
+          template = "https://search.nixos.org/options";
+          params = [
+            {
+              name = "type";
+              value = "packages";
+            }
+            {
+              name = "channel";
+              value = "unstable";
+            }
+            {
+              name = "query";
+              value = "{searchTerms}";
+            }
+          ];
+        }
+      ];
+      icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+      definedAliases = [ "@o" ];
+    };
+    "Nix Packages" = {
+      urls = [
+        {
+          template = "https://search.nixos.org/packages";
+          params = [
+            {
+              name = "type";
+              value = "packages";
+            }
+            {
+              name = "channel";
+              value = "unstable";
+            }
+            {
+              name = "query";
+              value = "{searchTerms}";
+            }
+          ];
+        }
+      ];
+      icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+      definedAliases = [ "@n" ];
+    };
+    "kagi" = {
+      urls = [
+        {
+          template = "https://kagi.com/search?";
+          params = [
+            {
+              name = "q";
+              value = "{searchTerms}";
+            }
+          ];
+        }
+      ];
+      icon = ./kagi.png;
+    };
+    github = {
+      urls = [
+        {
+          template = "https://github.com/search?";
+          params = [
+            {
+              name = "q";
+              value = "{searchTerms}";
+            }
+            {
+              name = "type";
+              value = "code";
+            }
+          ];
+        }
+      ];
+      icon = ./github.svg;
+      definedAliases = [ "@g" ];
+    };
+  };
+}

users/brendan/home/gui/vscode/default.nix

@@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+let
+  vscode_dir = "/home/richie/projects/nix-dotfiles/users/richie/home/gui/vscode";
+in
+{
+  # mutable symlinks to key binds and settings
+  xdg.configFile."Code/User/settings.json".source =
+    config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/settings.json";
+  xdg.configFile."Code/User/keybindings.json".source =
+    config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/keybindings.json";
+
+  home.packages = with pkgs; [ nil ];
+
+  programs.vscode = {
+    enable = true;
+    package = pkgs.vscode;
+    mutableExtensionsDir = true;
+  };
+}

users/brendan/home/gui/vscode/extension_manager.py

@@ -0,0 +1,68 @@
+from subprocess import run
+
+
+def get_installed_extensions():
+    process = run("code --list-extensions".split(), check=True, capture_output=True)
+    return set(process.stdout.decode("utf-8").strip().split("\n"))
+
+
+def main():
+    print("starting vscode extension manager")
+
+    extensions = {
+        # vscode
+        "ms-azuretools.vscode-docker",
+        "ms-vscode-remote.remote-containers",
+        "ms-vscode-remote.remote-ssh-edit",
+        "ms-vscode-remote.remote-ssh",
+        "ms-vscode.hexeditor",
+        "ms-vscode.remote-explorer",
+        "ms-vsliveshare.vsliveshare",
+        "oderwat.indent-rainbow",
+        "usernamehw.errorlens",
+        # git
+        "codezombiech.gitignore",
+        "eamodio.gitlens",
+        "gitHub.vscode-github-actions",
+        # python
+        "charliermarsh.ruff",
+        "ms-python.python",
+        "ms-python.vscode-pylance",
+        "ms-python.debugpy",
+        # rust
+        "rust-lang.rust-analyzer",
+        # MD
+        "davidanson.vscode-markdownlint",
+        "yzhang.markdown-all-in-one",
+        # configs
+        "redhat.vscode-yaml",
+        "tamasfe.even-better-toml",
+        # shell
+        "timonwong.shellcheck",
+        "foxundermoon.shell-format",
+        # nix
+        "jnoortheen.nix-ide",
+        # database
+        "mtxr.sqltools-driver-pg",
+        "mtxr.sqltools",
+        # other
+        "esbenp.prettier-vscode",
+        "mechatroner.rainbow-csv",
+        "streetsidesoftware.code-spell-checker",
+        "supermaven.supermaven",
+    }
+
+    installed_extensions = get_installed_extensions()
+
+    missing_extensions = extensions.difference(installed_extensions)
+    for extension in missing_extensions:
+        run(f"code --install-extension {extension} --force".split(), check=True)
+
+    if extra_extensions := installed_extensions.difference(extensions):
+        print(f"Extra extensions installed: {extra_extensions}")
+
+    print("vscode extension manager finished")
+
+
+if __name__ == "__main__":
+    main()

users/brendan/home/gui/vscode/keybindings.json

@@ -0,0 +1,20 @@
+[
+  {
+    "key": "shift+alt+f",
+    "command": "editor.action.formatDocument",
+    "when": "editorHasDocumentFormattingProvider && editorTextFocus && !editorReadonly && !inCompositeEditor"
+  },
+  {
+    "key": "alt+a d",
+    "command": "cSpell.addWordToWorkspaceSettings"
+  },
+  {
+    "key": "ctrl+shift+`",
+    "command": "workbench.action.createTerminalEditor"
+  },
+  {
+    "key": "ctrl+shift+`",
+    "command": "-workbench.action.terminal.new",
+    "when": "terminalProcessSupported || terminalWebExtensionContributedProfile"
+  }
+]

users/brendan/home/gui/vscode/settings.json

@@ -0,0 +1,71 @@
+{
+  // vscode settings
+  "diffEditor.ignoreTrimWhitespace": false,
+  "editor.formatOnSave": true,
+  "editor.minimap.renderCharacters": false,
+  "editor.minimap.showSlider": "always",
+  "explorer.confirmDelete": false,
+  "explorer.confirmDragAndDrop": false,
+  "explorer.confirmPasteNative": false,
+  "files.autoSave": "afterDelay",
+  "git.autofetch": true,
+  "git.confirmSync": false,
+  "git.fetchOnPull": true,
+  "git.pruneOnFetch": true,
+  "terminal.integrated.scrollback": 10000,
+  "update.mode": "none",
+  "workbench.colorTheme": "Default Dark+",
+
+  // turns off all sounds and announcements
+  "accessibility.signals.terminalCommandFailed": {
+    "sound": "off",
+    "announcement": "off"
+  },
+  "accessibility.signals.terminalQuickFix": {
+    "sound": "off",
+    "announcement": "off"
+  },
+  "accessibility.signals.terminalBell": {
+    "sound": "off",
+    "announcement": "off"
+  },
+
+  // database settings
+  "sqltools.connections": [
+    {
+      "previewLimit": 50,
+      "server": "192.168.90.40",
+      "port": 5432,
+      "askForPassword": true,
+      "driver": "PostgreSQL",
+      "name": "main",
+      "database": "postgres",
+      "username": "richie"
+    }
+  ],
+
+  // formatters
+  "[html]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
+  "[jsonc]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
+  "[markdown]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
+  "[nix]": { "editor.defaultFormatter": "jnoortheen.nix-ide" },
+  "[python]": { "editor.defaultFormatter": "charliermarsh.ruff" },
+  "[yaml]": { "editor.defaultFormatter": "redhat.vscode-yaml" },
+
+  // spell check
+  "cSpell.enabled": true,
+  "cSpell.language": "en,en-US",
+  "cSpell.enableFiletypes": ["bat", "csv", "nix", "toml"],
+  "cSpell.userWords": ["Cahill", "syncthing"],
+
+  // nix
+  "nix.enableLanguageServer": true,
+  "nix.serverPath": "nil",
+
+  // force the use of rust-analyzer from dev shell
+  "rust-analyzer.server.path": "rust-analyzer",
+  "redhat.telemetry.enabled": true,
+  "gitlens.plusFeatures.enabled": false,
+  // new
+  "hediet.vscode-drawio.resizeImages": null
+}

users/brendan/home/programs.nix

@@ -0,0 +1,16 @@
+{ pkgs, ... }:
+{
+  home.packages = with pkgs; [
+    # python
+    poetry
+    python313
+    ruff
+    # nix
+    nix-init
+    nix-output-monitor
+    nix-prefetch
+    nix-tree
+    nixfmt-rfc-style
+    treefmt
+  ];
+}

users/brendan/home/ssh_config.nix

@@ -0,0 +1,41 @@
+{
+  programs.ssh = {
+    enable = true;
+
+    matchBlocks = {
+      jeeves = {
+        hostname = "192.168.90.40";
+        user = "richie";
+        identityFile = "~/.ssh/id_ed25519";
+        port = 629;
+        dynamicForwards = [ { port = 9050; } ];
+      };
+      unlock-jeeves = {
+        hostname = "192.168.95.14";
+        user = "root";
+        identityFile = "~/.ssh/id_ed25519";
+        port = 2222;
+      };
+      jeevesjr = {
+        hostname = "192.168.90.35";
+        user = "richie";
+        identityFile = "~/.ssh/id_ed25519";
+        port = 352;
+        dynamicForwards = [ { port = 9050; } ];
+      };
+      bob = {
+        hostname = "192.168.90.25";
+        user = "richie";
+        identityFile = "~/.ssh/id_ed25519";
+        port = 262;
+        dynamicForwards = [ { port = 9050; } ];
+      };
+      rhapsody-in-green = {
+        hostname = "192.168.90.221";
+        user = "richie";
+        identityFile = "~/.ssh/id_ed25519";
+        port = 922;
+      };
+    };
+  };
+}

users/brendan/systems/brendans-system.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ../home/global.nix
+    ../home/gui
+  ];
+}

users/gaming/default.nix

@@ -16,8 +16,7 @@
 
       shell = pkgs.zsh;
       group = "gaming";
-      extraGroups =
+      extraGroups = [
-      [
         "audio"
         "video"
         "users"

users/gaming/home/firefox.nix

@@ -137,7 +137,8 @@
         "permissions.default.desktop-notification" = 0; # allow websites to ask
         # PREF: allow websites to ask you for your location
         "permissions.default.geo" = 0;
-        "geo.provider.network.url" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
+        "geo.provider.network.url" =
+          "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
         "permissions.manager.defaultsUrl" = "";
         "webchannel.allowObject.urlWhitelist" = "";
 

users/richie/default.nix

@@ -2,9 +2,11 @@
   pkgs,
   config,
   ...
-}: let
+}:
+let
   ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
-in {
+in
+{
 
   sops.secrets.richie_password = {
     sopsFile = ../secrets.yaml;

users/richie/home/gui/firefox/default.nix

@@ -17,7 +17,11 @@
       search = {
         force = true;
         default = "kagi";
-        order = [ "kagi" "DuckDuckGo" "Google" ];
+        order = [
+          "kagi"
+          "DuckDuckGo"
+          "Google"
+        ];
       };
       settings = {
         # SECTION: FASTFOX
@@ -138,7 +142,8 @@
         "permissions.default.desktop-notification" = 0; # allow websites to ask
         # PREF: allow websites to ask you for your location
         "permissions.default.geo" = 0;
-        "geo.provider.network.url" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
+        "geo.provider.network.url" =
+          "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
         "permissions.manager.defaultsUrl" = "";
         "webchannel.allowObject.urlWhitelist" = "";
 

users/richie/home/gui/kitty.nix

@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
   programs.kitty = {
     enable = true;
     font.name = "IntoneMono Nerd Font";

users/richie/home/gui/vscode/default.nix

@@ -4,8 +4,10 @@ let
 in
 {
   # mutable symlinks to key binds and settings
-  xdg.configFile."Code/User/settings.json".source = config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/settings.json";
+  xdg.configFile."Code/User/settings.json".source =
-  xdg.configFile."Code/User/keybindings.json".source = config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/keybindings.json";
+    config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/settings.json";
+  xdg.configFile."Code/User/keybindings.json".source =
+    config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/keybindings.json";
 
   home.packages = with pkgs; [ nil ];
 

users/richie/home/gui/vscode/settings.json

@@ -30,6 +30,20 @@
     "announcement": "off"
   },
 
+  // database settings
+  "sqltools.connections": [
+    {
+      "previewLimit": 50,
+      "server": "192.168.90.40",
+      "port": 5432,
+      "askForPassword": true,
+      "driver": "PostgreSQL",
+      "name": "main",
+      "database": "postgres",
+      "username": "richie"
+    }
+  ],
+
   // formatters
   "[html]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
   "[jsonc]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },

users/richie/home/programs.nix

@@ -50,7 +50,8 @@
     nix-output-monitor
     nix-prefetch
     nix-tree
-    nixpkgs-fmt
+    nixfmt-rfc-style
+    treefmt
     inputs.system_tools.packages.x86_64-linux.default
   ];
 }

users/secrets.yaml

@@ -1,3 +1,4 @@
+brendan_password: ENC[AES256_GCM,data:KGDUpvtRBCdJpT/YyaXGy1v/ijuDrphZ+bceMDonVU7/PGhOt3zv4b9v4lcaA/E+RsTPvp7tOJX99LggSyjNxABkZy9MeOcjJA==,iv:23H9vY5LQXMtrKQCduQ8OMTPsNy52z5KG6bFHvZ95ms=,tag:B3cHKPUCtbib6ew+YtZw6A==,type:str]
 richie_password: ENC[AES256_GCM,data:DMi3M8aqrQ60APIofr8wJMh+VZ14hLRxz6jWZgzswr0pV/QVSX53ShBFr90ruO3mucOLYv0l+bI31covfqMAhXWBJp9wUgtC2Q==,iv:qgtn30hZfIL4dBnQSLkjbo7zPJA4m9TR0f52sTFc0v4=,tag:ydLbcGyXjv0fE+4b5ECX5w==,type:str]
 gaming_password: ENC[AES256_GCM,data:i692UsQaCOjE4V1y9d8yYDlK+TRMIprCHJkhl1UBZRMqe9a2LTUtmbbn/xlCYQd2tADJvn+dkx1jLfV4CqaqWOj5YSUFfpgsEw==,iv:3Y7hXQcmpzNN7hF+BDvO52uFB4o5D0dHvxemJ0ZoSIM=,tag:zzLGNDVAMCs2GPMqXp2BtQ==,type:str]
 sops:
@@ -51,8 +52,8 @@ sops:
             UzQzWEFtSDJwR201cmZoeXh5T0RmSk0KWLOpw5cWbtnfVP/ISa7n1vZchoD+nxmn
             7yr7igpEIro0Sd238KinOQYswVaT0NHB9p1dSW/mN+aGQliSNLzkDQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-07T20:13:43Z"
+    lastmodified: "2025-02-12T02:37:13Z"
-    mac: ENC[AES256_GCM,data:Q5fmv+MRVYGUQ4j+28CcGWHmgT1178N+haVS9xa0c99OKuPZdfSndAG0QVDhh/jYq+7zXs6zzLtBjB+egkoDfxJXfJOmg3E46UMO3vDHaEcIZD16ZbWJaz4Z/+yabqhDURKtgfGiu4xPv3OtGbwcP5kud17WcHNfY/LT+Y+LSD8=,iv:y3K3kCroIh+RTplUe4tM8B9rbLgIHCbE6FJawngam8Q=,tag:2VTIWlLp4cOwm18BfIlz5g==,type:str]
+    mac: ENC[AES256_GCM,data:TJsVuu7sevYmskFKj1V872A5NWZYQm5Ta6Ln6kdRYgJbn23EiGK2qRgI8OrM5RSA8MNXI8ggy5/Z3RiclszsLWMq6qO5rmiCR3ZKkThmeBwImw6kAEfSmwMTmVGAGO4KQcDV3eAyT/Q/kcVByEx72Dp8PsCIpd+Vmn33HCiRsYM=,iv:ndw86ofFW/GIBXe2f3HTRNWE5rD+5CJHsTKvfUkmPEY=,tag:rN76/5TCj90vsp/o4ju0pQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.2
+    version: 3.9.4