added muninn to ssh_config.nix

this is unnecessarily increasing compile time and is not being used

.github/workflows/kernel_packages_update.sh

@@ -1,24 +0,0 @@
-#!/bin/bash
-
-# Update ZFS package to match the latest supported Linux kernel version
-
-echo "geting latest ZFS version"
-raw_zfs_max_kernel_version=$(curl -s https://raw.githubusercontent.com/openzfs/zfs/master/META | grep Linux-Maximum | cut -d" " -f2)
-
-zfs_max_kernel_version="${raw_zfs_max_kernel_version//./_}"
-
-echo "geting latest ZFS version"
-
-
-if grep "linuxPackages_$zfs_max_kernel_version" systems/common/global/default.nix; then
-    echo "No changes needed"
-    exit 0
-fi
-
-sed -i "s/linuxPackages_6_[0-9]\+/linuxPackages_$zfs_max_kernel_version/" systems/common/global/default.nix
-
-# Commit the changes
-git config user.name "GitHub Actions Bot"
-git config user.email "<>"
-git add systems/common/global/default.nix
-git commit -m "Update Linux kernel and ZFS packages"

.github/workflows/kernel_packages_update.yml

@@ -1,27 +0,0 @@
-name: Kernel Packages Update
-
-on:
-  schedule:
-    - cron: "0 0 * * *"
-  workflow_dispatch:
-
-jobs:
-  create-pull-request:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out repository
-        uses: actions/checkout@v4
-
-      - name: Make changes
-        run: bash ${GITHUB_WORKSPACE}/.github/workflows/kernel_packages_update.sh
-
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          commit-message: Base linuxPackages update
-          title: Base linuxPackages update
-          body: |
-            Update linuxPackages
-          branch: daily-update
-          delete-branch: true

.vscode/settings.json

@@ -60,6 +60,7 @@
     "extest",
     "fastforwardteam",
     "FASTFOX",
+    "ffmpegthumbnailer",
     "filebot",
     "filebrowser",
     "fileroller",
@@ -70,6 +71,7 @@
     "formfill",
     "foxundermoon",
     "FULLSCREEN",
+    "fwupd",
     "fxaccounts",
     "gamemode",
     "gamescope",
@@ -97,6 +99,7 @@
     "isal",
     "jnoortheen",
     "jsbc",
+    "kagi",
     "kuma",
     "levelname",
     "libglvnd",
@@ -122,6 +125,7 @@
     "mountpoints",
     "mousewheel",
     "mtxr",
+    "muninn",
     "ncdu",
     "nemo",
     "neofetch",
@@ -158,8 +162,10 @@
     "pipewire",
     "pkgs",
     "plugdev",
+    "poppler",
     "posixacl",
     "primarycache",
+    "prismlauncher",
     "privatebrowsing",
     "PRIVOXY",
     "prowlarr",
@@ -223,6 +229,7 @@
     "uaccess",
     "ublock",
     "uitour",
+    "unrar",
     "unsubmitted",
     "urlbar",
     "urlclassifier",
@@ -241,6 +248,7 @@
     "Workqueues",
     "xattr",
     "xhci",
+    "yazi",
     "yubikey",
     "yubioath",
     "yzhang",

common/global/default.nix

@@ -2,7 +2,6 @@
   inputs,
   lib,
   outputs,
-  pkgs,
   ...
 }:
 {
@@ -10,6 +9,7 @@
     inputs.home-manager.nixosModules.home-manager
     ./docker.nix
     ./fail2ban.nix
+    ./fonts.nix
     ./libs.nix
     ./locale.nix
     ./nh.nix
@@ -19,10 +19,7 @@
     ./snapshot_manager.nix
   ];
 
-  boot = {
+  boot.tmp.useTmpfs = true;
-    kernelPackages = lib.mkDefault pkgs.linuxPackages_6_10;
-    tmp.useTmpfs = true;
-  };
 
   hardware.enableRedistributableFirmware = true;
 
@@ -32,12 +29,16 @@
     extraSpecialArgs = {inherit inputs outputs;};
   };
 
-  nixpkgs.config.allowUnfree = true;
+  nixpkgs = {
-
+    overlays = builtins.attrValues outputs.overlays;
-  programs = {
+    config = {
-    zsh.enable = true;
+      allowUnfree = true;
-    fish.enable = true;
     };
+  };
+
+  services.fwupd.enable = true;
+
+  programs.zsh.enable = true;
 
   security.auditd.enable = lib.mkDefault true;
 

common/global/fonts.nix

@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+{
+  fonts = {
+    fontconfig.enable = true;
+    enableDefaultPackages = true;
+    packages = with pkgs; [
+      nerdfonts
+    ];
+  };
+}

common/optional/desktop.nix

@@ -1,4 +1,7 @@
 {
+  imports = [
+    ./desktop_kernel.nix
+  ];
   services = {
     desktopManager.plasma6.enable = true;
     xserver = {

common/optional/desktop_kernel.nix

@@ -0,0 +1,7 @@
+{ lib, pkgs, ... }:
+{
+  boot = {
+    kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;
+    zfs.package = pkgs.zfs_unstable;
+  };
+}

flake.lock

@@ -9,11 +9,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1729414746,
+        "lastModified": 1731788701,
-        "narHash": "sha256-B7wGWFjIL6/BllPaTXyp31srxG7+4I0hlsBkL6S8pIM=",
+        "narHash": "sha256-M3AwY7SeSjFZh1XA7zL8roVXiEAvb9BVaGoJZ+1rZM8=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "7bd3068e495e1f430e1a640b5f9ee683e4e5e616",
+        "rev": "9da3f74ac2cba8d812aef5fe16686afa25033b21",
         "type": "gitlab"
       },
       "original": {
@@ -79,11 +79,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1729414726,
+        "lastModified": 1731786860,
-        "narHash": "sha256-Dtmm1OU8Ymiy9hVWn/a2B8DhRYo9Eoyx9veERdOBR4o=",
+        "narHash": "sha256-130gQ5k8kZlxjBEeLpE+SvWFgSOFgQFeZlqIik7KgtQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "fe56302339bb28e3471632379d733547caec8103",
+        "rev": "1bd5616e33c0c54d7a5b37db94160635a9b27aeb",
         "type": "github"
       },
       "original": {
@@ -124,11 +124,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1729388162,
+        "lastModified": 1731712317,
-        "narHash": "sha256-ARCVRKnANfAb1iwGVpNOujXTXsTdyHz80ocFxjpswv8=",
+        "narHash": "sha256-NpkSAwLFTFRZx+C2yL0JCBnjnZQRs8PsWRqZ0S08Bc8=",
         "owner": "lilyinstarlight",
         "repo": "nixos-cosmic",
-        "rev": "1bfff37ff0178721ff4c0a7ed2fb39689b8db796",
+        "rev": "0b0e62252fb3b4e6b0a763190413513be499c026",
         "type": "github"
       },
       "original": {
@@ -139,11 +139,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1729417461,
+        "lastModified": 1731797098,
-        "narHash": "sha256-p0j/sUs7noqZw0W+SEuZXskzOfgOH7yY80ksIM0fCi4=",
+        "narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "8f38d8a4754cf673c2609c4ed399630db87e678b",
+        "rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6",
         "type": "github"
       },
       "original": {
@@ -155,11 +155,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1729256560,
+        "lastModified": 1731676054,
-        "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=",
+        "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0",
+        "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add",
         "type": "github"
       },
       "original": {
@@ -169,13 +169,29 @@
         "type": "github"
       }
     },
+    "nixpkgs-master": {
+      "locked": {
+        "lastModified": 1731799881,
+        "narHash": "sha256-GRlDXqmwJoW3F0Ymn0ETLsxujLD5idvdaDEzIjF5EEs=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "cd43d6867192ddfb98ba106065a89790e2722b3f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "master",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1729181673,
+        "lastModified": 1731386116,
-        "narHash": "sha256-LDiPhQ3l+fBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I=",
+        "narHash": "sha256-lKA770aUmjPHdTaJWnP3yQ9OI1TigenUqVC3wweqZuI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4eb33fe664af7b41a4c446f87d20c9a0a6321fa3",
+        "rev": "689fed12a013f56d4c4d3f612489634267d86529",
         "type": "github"
       },
       "original": {
@@ -187,11 +203,11 @@
     },
     "nixpkgs-stable_2": {
       "locked": {
-        "lastModified": 1729181673,
+        "lastModified": 1731652201,
-        "narHash": "sha256-LDiPhQ3l+fBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I=",
+        "narHash": "sha256-XUO0JKP1hlww0d7mm3kpmIr4hhtR4zicg5Wwes9cPMg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "4eb33fe664af7b41a4c446f87d20c9a0a6321fa3",
+        "rev": "c21b77913ea840f8bcf9adf4c41cecc2abffd38d",
         "type": "github"
       },
       "original": {
@@ -236,6 +252,7 @@
         "nixos-cosmic": "nixos-cosmic",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
+        "nixpkgs-master": "nixpkgs-master",
         "nixpkgs-stable": "nixpkgs-stable_2",
         "system_tools": "system_tools",
         "systems": "systems_3"
@@ -249,11 +266,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1729304879,
+        "lastModified": 1731551344,
-        "narHash": "sha256-H7KGGJUU9BcDNnfXiATBGgs6FJKWQdfftNJS+/v2aMU=",
+        "narHash": "sha256-wr8OOqgw7M1pWfe4W7WA5lErzOVMg3zvrrxx/dy/nPo=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "b259ef799b5ac014604da71ecd92d4a52603ed2d",
+        "rev": "27570abfd3461875f11fc07c9b01c141a6332b4f",
         "type": "github"
       },
       "original": {
@@ -271,11 +288,11 @@
         "poetry2nix": "poetry2nix"
       },
       "locked": {
-        "lastModified": 1729435836,
+        "lastModified": 1731776607,
-        "narHash": "sha256-wDhbznFihvVh8sm93HUAeFDw0t8hoe9RGEyWBMkB4yw=",
+        "narHash": "sha256-+TP6Pg5XiK+xqdR6sFINXogV+jNGywwZwhZ++suRGfU=",
         "owner": "RichieCahill",
         "repo": "system_tools",
-        "rev": "84f9ef479e6561fe1daac304cddf195303d855dc",
+        "rev": "8e448875b49cf2dd02fb413f9175bf67cc27b8f8",
         "type": "github"
       },
       "original": {

flake.nix

@@ -18,6 +18,7 @@
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
+    nixpkgs-master.url = "github:nixos/nixpkgs/master";
     systems.url = "github:nix-systems/default-linux";
 
     nixos-hardware.url = "github:nixos/nixos-hardware/master";
@@ -81,6 +82,10 @@
         modules = [./systems/rhapsody-in-green];
         specialArgs = {inherit inputs outputs;};
       };
+      muninn = lib.nixosSystem {
+        modules = [./systems/muninn];
+        specialArgs = {inherit inputs outputs;};
+      };
     };
   };
 }

overlays/default.nix

@@ -6,4 +6,11 @@
       config.allowUnfree = true;
     };
   };
+  # When applied, the master nixpkgs set (declared in the flake inputs) will be accessible through 'pkgs.master'
+  master = final: _prev: {
+    master = import inputs.nixpkgs-master {
+      system = final.system;
+      config.allowUnfree = true;
+    };
+  };
 }

systems/bob/default.nix

@@ -16,8 +16,9 @@
 
   networking = {
     hostName = "bob";
-    networkmanager.enable = true;
     hostId = "7c678a41";
+    firewall.enable = true;
+    networkmanager.enable = true;
   };
 
   hardware = {

systems/jeeves/default.nix

@@ -30,11 +30,13 @@ in
     nix-serve = {
       enable = true;
       secretKeyFile = "${vars.storage_secrets}/services/nix-cache/cache-priv-key.pem";
+      openFirewall = true;
     };
 
     plex = {
       enable = true;
       dataDir = vars.media_plex;
+      openFirewall = true;
     };
 
     smartd.enable = true;

systems/jeeves/docker/audiobookshelf.nix

@@ -0,0 +1,19 @@
+let
+  vars = import ../vars.nix;
+in
+{
+  virtualisation.oci-containers.containers.audiobookshelf = {
+    image = "ghcr.io/advplyr/audiobookshelf:latest";
+    volumes = [
+      "${vars.media_docker_configs}/audiobookshelf:/config"
+      "${vars.media_docker_configs}/audiobookshelf:/metadata"
+      "${vars.storage_library}/audiobooks:/audiobooks"
+      "${vars.storage_library}/books:/books"
+    ];
+    environment = {
+      TZ = "America/New_York";
+    };
+    extraOptions = [ "--network=web" ];
+    autoStart = true;
+  };
+}

systems/jeeves/docker/grafana.nix

@@ -0,0 +1,12 @@
+let
+  vars = import ../vars.nix;
+in
+{
+  virtualisation.oci-containers.containers.grafana = {
+    image = "grafana/grafana-enterprise:latest";
+    volumes = [ "${vars.media_docker_configs}/grafana:/var/lib/grafana" ];
+    user = "600:600";
+    extraOptions = [ "--network=web" ];
+    autoStart = true;
+  };
+}

systems/jeeves/docker/haproxy.cfg

@@ -30,6 +30,7 @@ frontend ContentSwitching
   acl host_filebrowser  hdr(host) -i filebrowser.tmmworkshop.com
   acl host_grafana  hdr(host) -i grafana.tmmworkshop.com
   acl host_mirror   hdr(host) -i mirror.tmmworkshop.com
+  acl host_photoprism  hdr(host) -i photoprism.tmmworkshop.com
   acl host_uptime_kuma  hdr(host) -i uptimekuma-jeeves.tmmworkshop.com
 
   use_backend audiobookshelf_nodes if host_audiobookshelf
@@ -37,15 +38,16 @@ frontend ContentSwitching
   use_backend filebrowser_nodes  if host_filebrowser
   use_backend grafana_nodes  if host_grafana
   use_backend mirror_nodes   if host_mirror
+  use_backend photoprism_nodes  if host_photoprism
   use_backend uptime_kuma_nodes  if host_uptime_kuma
 
-backend mirror_nodes
+backend audiobookshelf_nodes
   mode http
-  server server arch_mirror:80
+  server server audiobookshelf:80
 
-backend mirror_rsync
+backend cache_nodes
   mode http
-  server server arch_mirror:873
+  server server 192.168.90.40:5000
 
 backend grafana_nodes
   mode http
@@ -55,14 +57,15 @@ backend filebrowser_nodes
   mode http
   server server filebrowser:8080
 
+backend mirror_nodes
+  mode http
+  server server arch_mirror:80
+
+backend photoprism_nodes
+  mode http
+  server server photoprism:2342
+
 backend uptime_kuma_nodes
   mode http
   server server uptime_kuma:3001
 
-backend cache_nodes
-  mode http
-  server server 192.168.90.40:5000
-
-backend audiobookshelf_nodes
-  mode http
-  server server audiobookshelf:80

systems/jeeves/docker/internal.nix

@@ -1,85 +0,0 @@
-let
-  vars = import ../vars.nix;
-in
-{
-  virtualisation.oci-containers.containers = {
-    qbit = {
-      image = "ghcr.io/linuxserver/qbittorrent:latest";
-      ports = [
-        "6881:6881"
-        "6881:6881/udp"
-        "8082:8082"
-        "29432:29432"
-      ];
-      volumes = [
-        "${vars.media_docker_configs}/qbit:/config"
-        "${vars.torrenting_qbit}:/data"
-      ];
-      environment = {
-        PUID = "600";
-        PGID = "100";
-        TZ = "America/New_York";
-        WEBUI_PORT = "8082";
-      };
-      autoStart = true;
-    };
-    qbitvpn = {
-      image = "binhex/arch-qbittorrentvpn:latest";
-      extraOptions = [ "--cap-add=NET_ADMIN" ];
-      ports = [
-        "6882:6881"
-        "6882:6881/udp"
-        "8081:8081"
-        "8118:8118"
-      ];
-      volumes = [
-        "${vars.media_docker_configs}/qbitvpn:/config"
-        "${vars.torrenting_qbitvpn}:/data"
-        "/etc/localtime:/etc/localtime:ro"
-      ];
-      environment = {
-        WEBUI_PORT = "8081";
-        PUID = "600";
-        PGID = "100";
-        VPN_ENABLED = "yes";
-        VPN_CLIENT = "openvpn";
-        STRICT_PORT_FORWARD = "yes";
-        ENABLE_PRIVOXY = "yes";
-        LAN_NETWORK = "192.168.90.0/24";
-        NAME_SERVERS = "1.1.1.1,1.0.0.1";
-        UMASK = "000";
-        DEBUG = "false";
-        DELUGE_DAEMON_LOG_LEVEL = "debug";
-        DELUGE_WEB_LOG_LEVEL = "debug";
-      };
-      environmentFiles = ["${vars.storage_secrets}/docker/qbitvpn"];
-      autoStart = true;
-    };
-    prowlarr = {
-      image = "ghcr.io/linuxserver/prowlarr:latest";
-      ports = [ "9696:9696" ];
-      environment = {
-        PUID = "600";
-        PGID = "100";
-        TZ = "America/New_York";
-      };
-      volumes = [ "${vars.media_docker_configs}/prowlarr:/config" ];
-      autoStart = true;
-    };
-    sonarr = {
-      image = "ghcr.io/linuxserver/sonarr:latest";
-      ports = [ "8989:8989" ];
-      environment = {
-        PUID = "600";
-        PGID = "100";
-        TZ = "America/New_York";
-      };
-      volumes = [
-        "${vars.media_docker_configs}/sonarr:/config"
-        "${vars.storage_plex}/tv:/tv"
-        "${vars.torrenting_qbitvpn}:/data"
-      ];
-      autoStart = true;
-    };
-  };
-}

systems/jeeves/docker/photoprism.nix

@@ -2,12 +2,8 @@ let
   vars = import ../vars.nix;
 in
 {
-
+  virtualisation.oci-containers.containers.photoprism = {
-
-  virtualisation.oci-containers.containers = {
-    photoprism = {
     image = "photoprism/photoprism:latest";
-      ports = [ "2342:2342" ];
     volumes = [ 
       "${vars.media_docker_configs}/photoprism:/photoprism/storage"
       "${vars.storage_photos}/originals:/photoprism/originals"
@@ -41,10 +37,7 @@ in
       PHOTOPRISM_AUTO_IMPORT= "-1";
       PHOTOPRISM_DETECT_NSFW="false";
       PHOTOPRISM_UPLOAD_NSFW="true";
-        PHOTOPRISM_DATABASE_DRIVER="mysql";
+      PHOTOPRISM_DATABASE_DRIVER="sqlite";
-        PHOTOPRISM_DATABASE_SERVER="photoprism_mariadb:3306";
-        PHOTOPRISM_DATABASE_NAME="photoprism";
-        PHOTOPRISM_DATABASE_USER="photoprism";
       PHOTOPRISM_SITE_CAPTION="AI-Powered Photos App";
       PHOTOPRISM_SITE_DESCRIPTION="";
       PHOTOPRISM_SITE_AUTHOR="";
@@ -54,23 +47,7 @@ in
     };
     environmentFiles = ["${vars.storage_secrets}/docker/photoprism"];
     autoStart = true;
-      dependsOn = [ "photoprism_mariadb" ];
     extraOptions = [ "--network=web" ];
   };
-    photoprism_mariadb = {
-      image = "mariadb:11";
-      volumes = [ "${vars.media_database}/photoprism_mariadb:/var/lib/photoprism_mariadb" ];
-      environment = {
-        MARIADB_AUTO_UPGRADE = "1";
-        MARIADB_INITDB_SKIP_TZINFO = "1";
-        MARIADB_DATABASE = "photoprism";
-        MARIADB_USER = "photoprism";
-      };
-      environmentFiles = ["${vars.storage_secrets}/docker/photoprism"];
-      cmd = [ "--innodb-buffer-pool-size=512M" "--transaction-isolation=READ-COMMITTED" "--character-set-server=utf8mb4" "--collation-server=utf8mb4_unicode_ci" "--max-connections=512" "--innodb-rollback-on-timeout=OFF" "--innodb-lock-wait-timeout=120" ];
-      autoStart = true;
-      extraOptions = [ "--network=web" ];
-    };
-  };
 }
 

systems/jeeves/docker/prowlarr.nix

@@ -0,0 +1,17 @@
+let
+  vars = import ../vars.nix;
+in
+{
+  networking.firewall.allowedTCPPorts = [ 9696 ];
+  virtualisation.oci-containers.containers.prowlarr = {
+    image = "ghcr.io/linuxserver/prowlarr:latest";
+    ports = [ "9696:9696" ];
+    environment = {
+      PUID = "600";
+      PGID = "100";
+      TZ = "America/New_York";
+    };
+    volumes = [ "${vars.media_docker_configs}/prowlarr:/config" ];
+    autoStart = true;
+  };
+}

systems/jeeves/docker/qbit.nix

@@ -0,0 +1,29 @@
+let
+  vars = import ../vars.nix;
+in
+{
+  networking.firewall = {
+    allowedTCPPorts = [ 6881 8082 29432 ]; 
+    allowedUDPPorts = [ 6881 ];
+  };
+  virtualisation.oci-containers.containers.qbit = {
+    image = "ghcr.io/linuxserver/qbittorrent:latest";
+    ports = [
+      "6881:6881"
+      "6881:6881/udp"
+      "8082:8082"
+      "29432:29432"
+    ];
+    volumes = [
+      "${vars.media_docker_configs}/qbit:/config"
+      "${vars.torrenting_qbit}:/data"
+    ];
+    environment = {
+      PUID = "600";
+      PGID = "100";
+      TZ = "America/New_York";
+      WEBUI_PORT = "8082";
+    };
+    autoStart = true;
+  };
+}

systems/jeeves/docker/qbitvpn.nix

@@ -0,0 +1,41 @@
+let
+  vars = import ../vars.nix;
+in
+{
+  networking.firewall = {
+    allowedTCPPorts = [ 6882 8081 8118 ];
+    allowedUDPPorts = [ 6882 ];
+  };
+  virtualisation.oci-containers.containers.qbitvpn = {
+    image = "binhex/arch-qbittorrentvpn:latest";
+    extraOptions = [ "--cap-add=NET_ADMIN" ];
+    ports = [
+      "6882:6881"
+      "6882:6881/udp"
+      "8081:8081"
+      "8118:8118"
+    ];
+    volumes = [
+      "${vars.media_docker_configs}/qbitvpn:/config"
+      "${vars.torrenting_qbitvpn}:/data"
+      "/etc/localtime:/etc/localtime:ro"
+    ];
+    environment = {
+      WEBUI_PORT = "8081";
+      PUID = "600";
+      PGID = "100";
+      VPN_ENABLED = "yes";
+      VPN_CLIENT = "openvpn";
+      STRICT_PORT_FORWARD = "yes";
+      ENABLE_PRIVOXY = "yes";
+      LAN_NETWORK = "192.168.90.0/24";
+      NAME_SERVERS = "1.1.1.1,1.0.0.1";
+      UMASK = "000";
+      DEBUG = "false";
+      DELUGE_DAEMON_LOG_LEVEL = "debug";
+      DELUGE_WEB_LOG_LEVEL = "debug";
+    };
+    environmentFiles = ["${vars.storage_secrets}/docker/qbitvpn"];
+    autoStart = true;
+  };
+}

systems/jeeves/docker/reverse_proxy.nix

@@ -3,28 +3,6 @@ let
 in
 {
   virtualisation.oci-containers.containers = {
-    audiobookshelf = {
-      image = "ghcr.io/advplyr/audiobookshelf:latest";
-      ports = [ "13378:80" ];
-      volumes = [
-        "${vars.media_docker_configs}/audiobookshelf:/config"
-        "${vars.media_docker_configs}/audiobookshelf:/metadata"
-        "${vars.storage_library}/audiobooks:/audiobooks"
-        "${vars.storage_library}/books:/books"
-      ];
-      environment = {
-        TZ = "America/New_York";
-      };
-      extraOptions = [ "--network=web" ];
-      autoStart = true;
-    };
-    grafana = {
-      image = "grafana/grafana-enterprise:latest";
-      volumes = [ "${vars.media_docker_configs}/grafana:/var/lib/grafana" ];
-      user = "600:600";
-      extraOptions = [ "--network=web" ];
-      autoStart = true;
-    };
     haproxy = {
       image = "haproxy:latest";
       user = "600:600";
@@ -40,6 +18,7 @@ in
         "audiobookshelf"
         "filebrowser"
         "grafana"
+        "photoprism"
         "uptime_kuma"
       ];
       extraOptions = [ "--network=web" ];

systems/jeeves/docker/sonarr.nix

@@ -0,0 +1,21 @@
+let
+  vars = import ../vars.nix;
+in
+{
+  networking.firewall.allowedTCPPorts = [ 9696 8989 ];
+  virtualisation.oci-containers.containers.sonarr = {
+    image = "ghcr.io/linuxserver/sonarr:latest";
+    ports = [ "8989:8989" ];
+    environment = {
+      PUID = "600";
+      PGID = "100";
+      TZ = "America/New_York";
+    };
+    volumes = [
+      "${vars.media_docker_configs}/sonarr:/config"
+      "${vars.storage_plex}/tv:/tv"
+      "${vars.torrenting_qbitvpn}:/data"
+    ];
+    autoStart = true;
+  };
+}

systems/jeeves/networking.nix

@@ -2,7 +2,7 @@
   networking = {
     hostName = "jeeves";
     hostId = "0e15ce35";
-    firewall.enable = false;
+    firewall.enable = true;
     useNetworkd = true;
   };
 

systems/jeeves/scripts/zfs.sh

@@ -3,16 +3,16 @@
 # zpools
 
 # media
-sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O zstd -m /zfs/media media mirror
+sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O compression=zstd -m /zfs/media media mirror
 sudo zpool add media -o ashift=12 special mirror
 
 # storage
-sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O zstd -m /zfs/storage storage
+sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O compression=zstd -m /zfs/storage storage
 sudo zpool add storage -o ashift=12 special mirror
 sudo zpool add storage -o ashift=12 logs mirror
 
 # torrenting
-sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O zstd -m /zfs/torrenting torrenting
+sudo zpool create -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O compression=zstd -m /zfs/torrenting torrenting
 sudo zpool add torrenting -o ashift=12 special
 
 # media datasets

systems/muninn/default.nix

@@ -0,0 +1,57 @@
+{ pkgs, ... }:
+{
+
+
+  imports = [
+    ../../users/gaming
+    ../../users/richie
+    ../../common/global
+    ../../common/optional/desktop_kernel.nix
+    ../../common/optional/steam.nix
+    ../../common/optional/systemd-boot.nix
+    ./hardware.nix
+  ];
+
+  environment.loginShellInit = ''[[ "$(tty)" = "/dev/tty1" ]] && ${./gamescope.sh}'';
+
+  networking = {
+    hostName = "muninn";
+    hostId = "a43179c5";
+    firewall.enable = true;
+    networkmanager.enable = true;
+  };
+
+  hardware = {
+    pulseaudio.enable = false;
+    bluetooth = {
+      enable = true;
+      powerOnBoot = true;
+    };
+  };
+
+  security.rtkit.enable = true;
+
+  services = {
+    getty.autologinUser = "gaming";
+
+    openssh.ports = [ 295 ];
+
+    printing.enable = true;
+
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+    };
+
+    snapshot_manager.enable = true;
+
+    zfs = {
+      trim.enable = true;
+      autoScrub.enable = true;
+    };
+  };
+
+  system.stateVersion = "24.05";
+}

systems/muninn/gamescope.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -xeuo pipefail
+
+gamescopeArgs=(
+    --adaptive-sync # VRR support
+    --hdr-enabled
+    --rt
+    --steam
+)
+
+steamArgs=(
+    -pipewire-dmabuf
+    -tenfoot
+)
+
+exec gamescope "${gamescopeArgs[@]}" -- steam "${steamArgs[@]}"

systems/muninn/hardware.nix

@@ -0,0 +1,63 @@
+{ config, lib, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "nvme"
+        "xhci_pci"
+        "thunderbolt"
+        "usb_storage"
+        "sd_mod"
+      ];
+      kernelModules = [ ];
+      luks.devices."luks-root-pool-nvme-INTEL_SSDPEKKW256G7_BTPY63820XBH256D-part2" = {
+        device = "/dev/disk/by-id/nvme-INTEL_SSDPEKKW256G7_BTPY63820XBH256D-part2";
+        bypassWorkqueues = true;
+        allowDiscards = true;
+        keyFileSize = 4096;
+        keyFile = "/dev/disk/by-id/usb-SanDisk_Ultra_T_C_4C530001020919102244-0:0";
+      };
+    };
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems = {
+    "/" = lib.mkDefault {
+      device = "root_pool/root";
+      fsType = "zfs";
+    };
+
+    "/home" = {
+      device = "root_pool/home";
+      fsType = "zfs";
+    };
+
+    "/nix" = {
+      device = "root_pool/nix";
+      fsType = "zfs";
+    };
+
+    "/var" = {
+      device = "root_pool/var";
+      fsType = "zfs";
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/12CE-A600";
+      fsType = "vfat";
+      options = [
+        "fmask=0077"
+        "dmask=0077"
+      ];
+    };
+  };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

systems/rhapsody-in-green/default.nix

@@ -15,8 +15,9 @@
 
   networking = {
     hostName = "rhapsody-in-green";
-    networkmanager.enable = true;
     hostId = "6404140d";
+    firewall.enable = true;
+    networkmanager.enable = true;
   };
 
   hardware = {

tools/installer.py

@@ -110,7 +110,6 @@ def create_zfs_pool(pool_disks: Sequence[str], mnt_dir: str) -> None:
         "-O relatime=on "
         "-O xattr=sa "
         "-O mountpoint=none "
-        "-O primarycache=metadata "
         "root_pool "
     )
     if len(pool_disks) == 1:

users/gaming/default.nix

@@ -0,0 +1,24 @@
+{
+  pkgs,
+  config,
+  ...
+}: 
+{
+  users = {
+    users.gaming = {
+      isNormalUser = true;
+      shell = pkgs.zsh;
+      group = "gaming";
+      extraGroups =
+      [
+        "audio"
+        "video"
+        "users"
+      ];
+      uid = 1100;
+    };
+
+    groups.gaming.gid = 1100;
+  };
+  home-manager.users.gaming = import ./systems/${config.networking.hostName}.nix; 
+}

users/gaming/home/firefox.nix

@@ -1,8 +1,4 @@
-{
+{ inputs, ... }:
-  pkgs,
-  inputs,
-  ...
-}:
 {
   programs.firefox = {
     enable = true;
@@ -16,55 +12,11 @@
         sponsorblock
         ublock-origin
       ];
-      search.engines = {
+      search = {
-        "Nix Options" = {
+        force = true;
-          urls = [
+        default = "Google";
-            {
+        order = [ "Google" ];
-              template = "https://search.nixos.org/options";
-              params = [
-                {
-                  name = "type";
-                  value = "packages";
-                }
-                {
-                  name = "channel";
-                  value = "unstable";
-                }
-                {
-                  name = "query";
-                  value = "{searchTerms}";
-                }
-              ];
-            }
-          ];
-          icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
-          definedAliases = [ "@o" ];
       };
-        "Nix Packages" = {
-          urls = [
-            {
-              template = "https://search.nixos.org/packages";
-              params = [
-                {
-                  name = "type";
-                  value = "packages";
-                }
-                {
-                  name = "channel";
-                  value = "unstable";
-                }
-                {
-                  name = "query";
-                  value = "{searchTerms}";
-                }
-              ];
-            }
-          ];
-          icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
-          definedAliases = [ "@n" ];
-        };
-      };
-      search.force = true;
       settings = {
         # SECTION: FASTFOX
         # GENERAL

users/gaming/home/global.nix

@@ -0,0 +1,35 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
+  imports = [
+    ./programs.nix
+  ];
+
+  nix = {
+    package = lib.mkDefault pkgs.nix;
+    settings = {
+      experimental-features = [
+        "nix-command"
+        "flakes"
+        "ca-derivations"
+      ];
+    };
+  };
+
+  programs = {
+    home-manager.enable = true;
+    git.enable = true;
+  };
+
+  home = {
+    username = "gaming";
+    homeDirectory = "/home/${config.home.username}";
+    stateVersion = "24.05";
+    sessionVariables = {
+      FLAKE = "$HOME/Projects/dotfiles";
+    };
+  };
+}

users/gaming/home/programs.nix

@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+  home.packages = with pkgs; [
+    wget
+  ];
+}

users/gaming/systems/muninn.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ../home/global.nix
+    ../home/firefox.nix
+  ];
+}

users/richie/home/cli/default.nix

@@ -1,8 +1,8 @@
 {
   imports = [
+    ./direnv.nix
     ./git.nix
     ./zsh.nix
-    ./direnv.nix
   ];
 
   programs.starship.enable = true;

users/richie/home/global.nix

@@ -27,9 +27,9 @@
   };
 
   home = {
-    username = lib.mkDefault "richie";
+    username = "richie";
-    homeDirectory = lib.mkDefault "/home/${config.home.username}";
+    homeDirectory = "/home/${config.home.username}";
-    stateVersion = lib.mkDefault "24.05";
+    stateVersion = "24.05";
     sessionVariables = {
       FLAKE = "$HOME/Projects/dotfiles";
     };

users/richie/home/gui/default.nix

@@ -1,8 +1,9 @@
 { pkgs, ... }:
 {
   imports = [
-    ./firefox.nix
+    ./firefox
     ./vscode
+    ./kitty.nix
   ];
 
   home.packages = with pkgs; [
@@ -15,6 +16,7 @@
     nemo-fileroller
     obs-studio
     obsidian
+    prismlauncher
     proxychains
     prusa-slicer
     signal-desktop

users/richie/home/gui/firefox/default.nix

@@ -0,0 +1,250 @@
+{ inputs, ... }:
+{
+  imports = [ ./search_engines.nix ];
+
+  programs.firefox = {
+    enable = true;
+    profiles.richie = {
+      extensions = with inputs.firefox-addons.packages.x86_64-linux; [
+        bitwarden
+        darkreader
+        dearrow
+        fastforwardteam
+        return-youtube-dislikes
+        sponsorblock
+        ublock-origin
+      ];
+      search = {
+        force = true;
+        default = "kagi";
+        order = [ "kagi" "DuckDuckGo" "Google" ];
+      };
+      settings = {
+        # SECTION: FASTFOX
+        # GENERAL
+        "content.notify.interval" = 100000;
+
+        # GFX
+        "gfx.canvas.accelerated.cache-items" = 4096;
+        "gfx.canvas.accelerated.cache-size" = 512;
+        "gfx.content.skia-font-cache-size" = 20;
+
+        # DISK CACHE
+        "browser.cache.jsbc_compression_level" = 3;
+
+        # MEDIA CACHE
+        "media.memory_cache_max_size" = 65536;
+        "media.cache_readahead_limit" = 7200;
+        "media.cache_resume_threshold" = 3600;
+
+        # IMAGE CACHE
+        "image.mem.decode_bytes_at_a_time" = 32768;
+
+        # NETWORK
+        "network.buffer.cache.size" = 262144;
+        "network.buffer.cache.count" = 128;
+        "network.http.max-connections" = 1800;
+        "network.http.max-persistent-connections-per-server" = 10;
+        "network.http.max-urgent-start-excessive-connections-per-host" = 5;
+        "network.http.pacing.requests.enabled" = false;
+        "network.dnsCacheExpiration" = 3600;
+        "network.dns.max_high_priority_threads" = 8;
+        "network.ssl_tokens_cache_capacity" = 10240;
+
+        # SPECULATIVE LOADING
+        "network.dns.disablePrefetch" = true;
+        "network.prefetch-next" = false;
+        "network.predictor.enabled" = false;
+
+        # EXPERIMENTAL
+        "layout.css.grid-template-masonry-value.enabled" = true;
+        "dom.enable_web_task_scheduling" = true;
+        "layout.css.has-selector.enabled" = true;
+        "dom.security.sanitizer.enabled" = true;
+
+        # SECTION: SECUREFOX
+        # TRACKING PROTECTION
+        "browser.contentblocking.category" = "strict";
+        "urlclassifier.trackingSkipURLs" = "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com";
+        "urlclassifier.features.socialtracking.skipURLs" = "*.instagram.com, *.twitter.com, *.twimg.com";
+        "network.cookie.sameSite.noneRequiresSecure" = true;
+        "browser.download.start_downloads_in_tmp_dir" = true;
+        "browser.helperApps.deleteTempFileOnExit" = true;
+        "browser.uitour.enabled" = false;
+        "privacy.globalprivacycontrol.enabled" = true;
+
+        # OCSP & CERTS / HPKP
+        "security.OCSP.enabled" = 0;
+        "security.remote_settings.crlite_filters.enabled" = true;
+        "security.pki.crlite_mode" = 2;
+
+        # SSL / TLS
+        "security.ssl.treat_unsafe_negotiation_as_broken" = true;
+        "browser.xul.error_pages.expert_bad_cert" = true;
+        "security.tls.enable_0rtt_data" = false;
+
+        # DISK AVOIDANCE
+        "browser.privatebrowsing.forceMediaMemoryCache" = true;
+        "browser.sessionstore.interval" = 60000;
+
+        # SHUTDOWN & SANITIZING
+        "privacy.history.custom" = true;
+
+        # SEARCH / URL BAR
+        "browser.search.separatePrivateDefault.ui.enabled" = true;
+        "browser.urlbar.update2.engineAliasRefresh" = true;
+        # PREF: restore search engine suggestions
+        "browser.search.suggest.enabled" = true;
+        "browser.urlbar.suggest.quicksuggest.sponsored" = false;
+        "browser.urlbar.suggest.quicksuggest.nonsponsored" = false;
+        "browser.formfill.enable" = false;
+        "security.insecure_connection_text.enabled" = true;
+        "security.insecure_connection_text.pbmode.enabled" = true;
+        "network.IDN_show_punycode" = true;
+
+        # HTTPS-FIRST POLICY
+        "dom.security.https_first" = true;
+        "dom.security.https_first_schemeless" = true;
+
+        # PASSWORDS
+        "signon.formlessCapture.enabled" = false;
+        "signon.rememberSignons" = false;
+        "signon.privateBrowsingCapture.enabled" = false;
+        "network.auth.subresource-http-auth-allow" = 1;
+        "editor.truncate_user_pastes" = false;
+
+        # MIXED CONTENT + CROSS-SITE
+        "security.mixed_content.block_display_content" = true;
+        "security.mixed_content.upgrade_display_content" = true;
+        "security.mixed_content.upgrade_display_content.image" = true;
+        "pdfjs.enableScripting" = false;
+        "extensions.postDownloadThirdPartyPrompt" = false;
+
+        # HEADERS / REFERERS
+        "network.http.referer.XOriginTrimmingPolicy" = 2;
+
+        # CONTAINERS
+        "privacy.userContext.ui.enabled" = true;
+
+        # WEBRTC
+        "media.peerconnection.ice.proxy_only_if_behind_proxy" = true;
+        "media.peerconnection.ice.default_address_only" = true;
+
+        # SAFE BROWSING
+        "browser.safebrowsing.downloads.remote.enabled" = false;
+
+        # MOZILLA
+        # PREF: allow websites to ask you to receive site notifications
+        "permissions.default.desktop-notification" = 0; # allow websites to ask
+        # PREF: allow websites to ask you for your location
+        "permissions.default.geo" = 0;
+        "geo.provider.network.url" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
+        "permissions.manager.defaultsUrl" = "";
+        "webchannel.allowObject.urlWhitelist" = "";
+
+        # TELEMETRY
+        "datareporting.policy.dataSubmissionEnabled" = false;
+        "datareporting.healthreport.uploadEnabled" = false;
+        "toolkit.telemetry.unified" = false;
+        "toolkit.telemetry.enabled" = false;
+        "toolkit.telemetry.server" = "data:,";
+        "toolkit.telemetry.archive.enabled" = false;
+        "toolkit.telemetry.newProfilePing.enabled" = false;
+        "toolkit.telemetry.shutdownPingSender.enabled" = false;
+        "toolkit.telemetry.updatePing.enabled" = false;
+        "toolkit.telemetry.bhrPing.enabled" = false;
+        "toolkit.telemetry.firstShutdownPing.enabled" = false;
+        "toolkit.telemetry.coverage.opt-out" = true;
+        "toolkit.coverage.opt-out" = true;
+        "toolkit.coverage.endpoint.base" = "";
+        "browser.ping-centre.telemetry" = false;
+        "browser.newtabpage.activity-stream.feeds.telemetry" = false;
+        "browser.newtabpage.activity-stream.telemetry" = false;
+
+        # EXPERIMENTS
+        "app.shield.optoutstudies.enabled" = false;
+        "app.normandy.enabled" = false;
+        "app.normandy.api_url" = "";
+
+        # CRASH REPORTS
+        "breakpad.reportURL" = "";
+        "browser.tabs.crashReporting.sendReport" = false;
+        "browser.crashReports.unsubmittedCheck.autoSubmit2" = false;
+
+        # DETECTION
+        "captivedetect.canonicalURL" = "";
+        "network.captive-portal-service.enabled" = false;
+        "network.connectivity-service.enabled" = false;
+
+        # SECTION: PESKYFOX
+        # MOZILLA UI
+        "browser.privatebrowsing.vpnpromourl" = "";
+        "extensions.getAddons.showPane" = false;
+        "extensions.htmlaboutaddons.recommendations.enabled" = false;
+        "browser.discovery.enabled" = false;
+        "browser.shell.checkDefaultBrowser" = false;
+        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
+        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false;
+        "browser.preferences.moreFromMozilla" = false;
+        "browser.tabs.tabmanager.enabled" = false;
+        "browser.aboutConfig.showWarning" = false;
+        "browser.aboutwelcome.enabled" = false;
+
+        # THEME ADJUSTMENTS
+        "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
+        "browser.compactmode.show" = true;
+        "browser.display.focus_ring_on_anything" = true;
+        "browser.display.focus_ring_style" = 0;
+        "browser.display.focus_ring_width" = 0;
+        "layout.css.prefers-color-scheme.content-override" = 2;
+
+        # COOKIE BANNER HANDLING
+        "cookiebanners.service.mode" = 1;
+        "cookiebanners.service.mode.privateBrowsing" = 1;
+
+        # FULLSCREEN NOTICE
+        "full-screen-api.transition-duration.enter" = "0 0";
+        "full-screen-api.transition-duration.leave" = "0 0";
+        "full-screen-api.warning.delay" = -1;
+        "full-screen-api.warning.timeout" = 0;
+
+        # URL BAR
+        "browser.urlbar.suggest.calculator" = true;
+        "browser.urlbar.unitConversion.enabled" = true;
+        "browser.urlbar.trending.featureGate" = false;
+
+        # NEW TAB PAGE
+        "browser.newtabpage.activity-stream.feeds.topsites" = false;
+        "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
+
+        # POCKET
+        "extensions.pocket.enabled" = false;
+
+        # DOWNLOADS
+        "browser.download.always_ask_before_handling_new_types" = true;
+        "browser.download.manager.addToRecentDocs" = false;
+
+        # PDF
+        "browser.download.open_pdf_attachments_inline" = true;
+
+        # TAB BEHAVIOR
+        "browser.bookmarks.openInTabClosesMenu" = false;
+        "browser.menu.showViewImageInfo" = true;
+        "findbar.highlightAll" = true;
+        "layout.word_select.eat_space_to_next_word" = false;
+
+        # SECTION: MY OVERRIDES
+        "browser.startup.homepage" = "https://google.com";
+        "identity.fxaccounts.enabled" = false;
+
+        # SECTION SMOOTHFOX
+        # OPTION: SHARPEN SCROLLING                                                           *
+        "apz.overscroll.enabled" = true; # DEFAULT NON-LINUX
+        "mousewheel.min_line_scroll_amount" = 10; # 10-40; adjust this number to your liking; default=5
+        "general.smoothScroll.mouseWheel.durationMinMS" = 80; # default=50
+        "general.smoothScroll.currentVelocityWeighting" = "0.15"; # default=.25
+        "general.smoothScroll.stopDecelerationWeighting" = "0.6"; # default=.4
+      };
+    };
+  };
+}

users/richie/home/gui/firefox/github.svg

@@ -0,0 +1,3 @@
+<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M16 0C7.16 0 0 7.16 0 16C0 23.08 4.58 29.06 10.94 31.18C11.74 31.32 12.04 30.84 12.04 30.42C12.04 30.04 12.02 28.78 12.02 27.44C8 28.18 6.96 26.46 6.64 25.56C6.46 25.1 5.68 23.68 5 23.3C4.44 23 3.64 22.26 4.98 22.24C6.24 22.22 7.14 23.4 7.44 23.88C8.88 26.3 11.18 25.62 12.1 25.2C12.24 24.16 12.66 23.46 13.12 23.06C9.56 22.66 5.84 21.28 5.84 15.16C5.84 13.42 6.46 11.98 7.48 10.86C7.32 10.46 6.76 8.82 7.64 6.62C7.64 6.62 8.98 6.2 12.04 8.26C13.32 7.9 14.68 7.72 16.04 7.72C17.4 7.72 18.76 7.9 20.04 8.26C23.1 6.18 24.44 6.62 24.44 6.62C25.32 8.82 24.76 10.46 24.6 10.86C25.62 11.98 26.24 13.4 26.24 15.16C26.24 21.3 22.5 22.66 18.94 23.06C19.52 23.56 20.02 24.52 20.02 26.02C20.02 28.16 20 29.88 20 30.42C20 30.84 20.3 31.34 21.1 31.18C27.42 29.06 32 23.06 32 16C32 7.16 24.84 0 16 0V0Z" fill="white"/>
+</svg>

users/richie/home/gui/firefox/search_engines.nix

@@ -0,0 +1,84 @@
+{ pkgs, ... }:
+{
+  programs.firefox.profiles.richie.search.engines = {
+    "Nix Options" = {
+      urls = [
+        {
+          template = "https://search.nixos.org/options";
+          params = [
+            {
+              name = "type";
+              value = "packages";
+            }
+            {
+              name = "channel";
+              value = "unstable";
+            }
+            {
+              name = "query";
+              value = "{searchTerms}";
+            }
+          ];
+        }
+      ];
+      icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+      definedAliases = [ "@o" ];
+    };
+    "Nix Packages" = {
+      urls = [
+        {
+          template = "https://search.nixos.org/packages";
+          params = [
+            {
+              name = "type";
+              value = "packages";
+            }
+            {
+              name = "channel";
+              value = "unstable";
+            }
+            {
+              name = "query";
+              value = "{searchTerms}";
+            }
+          ];
+        }
+      ];
+      icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+      definedAliases = [ "@n" ];
+    };
+    "kagi" = {
+      urls = [
+        {
+          template = "https://kagi.com/search?";
+          params = [
+            {
+              name = "q";
+              value = "{searchTerms}";
+            }
+          ];
+        }
+      ];
+      icon = ./kagi.png;
+    };
+    github = {
+      urls = [
+        {
+          template = "https://github.com/search?";
+          params = [
+            {
+              name = "q";
+              value = "{searchTerms}";
+            }
+            {
+              name = "type";
+              value = "code";
+            }
+          ];
+        }
+      ];
+      icon = ./github.svg;
+      definedAliases = [ "@g" ];
+    };
+  };
+}

users/richie/home/gui/kitty.nix

@@ -0,0 +1,12 @@
+{pkgs, ...}: {
+  programs.kitty = {
+    enable = true;
+    font.name = "IntoneMono Nerd Font";
+    settings = {
+      allow_remote_control = "no";
+      shell = "${pkgs.zsh}/bin/zsh";
+      wayland_titlebar_color = "background";
+    };
+    theme = "VSCode_Dark";
+  };
+}

users/richie/home/programs.nix

@@ -5,14 +5,23 @@
     bat
     btop
     eza
+    fd
+    ffmpegthumbnailer
+    fzf
     git
     gnupg
+    imagemagick
+    jq
     ncdu
     neofetch
+    p7zip
+    poppler
     rar
     ripgrep
     starship
     tmux
+    unzip
+    yazi
     zoxide
     # system info
     hwloc

users/richie/home/ssh_config.nix

@@ -36,6 +36,12 @@
         identityFile = "~/.ssh/id_ed25519";
         port = 922;
       };
+      muninn = {
+        hostname = "192.168.98.52";
+        user = "richie";
+        identityFile = "~/.ssh/id_ed25519";
+        port = 295;
+      };      
     };
   };
 }

users/richie/systems/muninn.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ../home/global.nix
+    ../home/gui
+  ];
+}