Refining modules/nixos/base.nix to make sense for more machines

There is a few additional changes due to typos introduced while working
on other stuff.

.gitattributes

@@ -1 +0,0 @@
-hosts/lithium/semi-secret-vars.nix filter=git-agecrypt diff=git-agecrypt

.gitignore

@@ -0,0 +1,4 @@
+result
+result-*
+localnotes.md
+*.qcow2

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "git.enabled": false
+}

README.md

@@ -5,7 +5,7 @@
 
 ## Overview
 
-This repository maanges **multiple NixOS systems** using a shared modular configuration.
+This repository manages **multiple NixOS systems** using a shared modular configuration.
 It's designed to be **secure, composable, and automated** using modern Nix tooling.
 
 - **Laptop ("neon")**: Portable KVM/Swiss-Army Knife

flake.lock

@@ -1,12 +1,80 @@
 {
   "nodes": {
+    "base16": {
+      "inputs": {
+        "fromYaml": "fromYaml"
+      },
+      "locked": {
+        "lastModified": 1755819240,
+        "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=",
+        "owner": "SenchoPens",
+        "repo": "base16.nix",
+        "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "SenchoPens",
+        "repo": "base16.nix",
+        "type": "github"
+      }
+    },
+    "base16-fish": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1754405784,
+        "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=",
+        "owner": "tomyun",
+        "repo": "base16-fish",
+        "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
+        "type": "github"
+      },
+      "original": {
+        "owner": "tomyun",
+        "repo": "base16-fish",
+        "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
+        "type": "github"
+      }
+    },
+    "base16-helix": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1752979451,
+        "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=",
+        "owner": "tinted-theming",
+        "repo": "base16-helix",
+        "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac",
+        "type": "github"
+      },
+      "original": {
+        "owner": "tinted-theming",
+        "repo": "base16-helix",
+        "type": "github"
+      }
+    },
+    "base16-vim": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1732806396,
+        "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=",
+        "owner": "tinted-theming",
+        "repo": "base16-vim",
+        "rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "tinted-theming",
+        "repo": "base16-vim",
+        "rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
+        "type": "github"
+      }
+    },
     "crane": {
       "locked": {
-        "lastModified": 1731098351,
-        "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
+        "lastModified": 1754269165,
+        "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=",
         "owner": "ipetkov",
         "repo": "crane",
-        "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
+        "rev": "444e81206df3f7d92780680e45858e31d2f07a08",
         "type": "github"
       },
       "original": {
@@ -22,11 +90,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1757508292,
-        "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=",
+        "lastModified": 1762276996,
+        "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a",
+        "rev": "af087d076d3860760b3323f6b583f4d828c1ac17",
         "type": "github"
       },
       "original": {
@@ -35,14 +103,30 @@
         "type": "github"
       }
     },
+    "firefox-gnome-theme": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1758112371,
+        "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=",
+        "owner": "rafaelmardojai",
+        "repo": "firefox-gnome-theme",
+        "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "rafaelmardojai",
+        "repo": "firefox-gnome-theme",
+        "type": "github"
+      }
+    },
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "lastModified": 1747046372,
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
         "type": "github"
       },
       "original": {
@@ -51,6 +135,22 @@
         "type": "github"
       }
     },
+    "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1751685974,
+        "narHash": "sha256-NKw96t+BgHIYzHUjkTK95FqYRVKB8DHpVhefWSz/kTw=",
+        "ref": "refs/heads/main",
+        "rev": "549f2762aebeff29a2e5ece7a7dc0f955281a1d1",
+        "revCount": 92,
+        "type": "git",
+        "url": "https://git.lix.systems/lix-project/flake-compat.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.lix.systems/lix-project/flake-compat.git"
+      }
+    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": [
@@ -59,11 +159,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1730504689,
-        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
+        "lastModified": 1754091436,
+        "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
+        "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd",
         "type": "github"
       },
       "original": {
@@ -72,6 +172,64 @@
         "type": "github"
       }
     },
+    "flake-parts_2": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "nvf",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1760948891,
+        "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-parts_3": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "stylix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1756770412,
+        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "4524271976b625a4a605beefd893f270620fd751",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "fromYaml": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1731966426,
+        "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=",
+        "owner": "SenchoPens",
+        "repo": "fromYaml",
+        "rev": "106af9e2f715e2d828df706c386a685698f3223b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "SenchoPens",
+        "repo": "fromYaml",
+        "type": "github"
+      }
+    },
     "gitignore": {
       "inputs": {
         "nixpkgs": [
@@ -94,6 +252,23 @@
         "type": "github"
       }
     },
+    "gnome-shell": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1748186689,
+        "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=",
+        "owner": "GNOME",
+        "repo": "gnome-shell",
+        "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "GNOME",
+        "ref": "48.2",
+        "repo": "gnome-shell",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -101,11 +276,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1749499854,
-        "narHash": "sha256-V1BgwiX8NjbRreU6LC2EzmuqFSQAHhoSeNlYJyZ40NE=",
+        "lastModified": 1762964643,
+        "narHash": "sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH+PEupBJqM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "1df816c407d3a5090c8496c9b00170af7891f021",
+        "rev": "827f2a23373a774a8805f84ca5344654c31f354b",
         "type": "github"
       },
       "original": {
@@ -126,27 +301,42 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1737639419,
-        "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
+        "lastModified": 1762205063,
+        "narHash": "sha256-If6vQ+KvtKs3ARBO9G3l+4wFSCYtRBrwX1z+I+B61wQ=",
         "owner": "nix-community",
         "repo": "lanzaboote",
-        "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
+        "rev": "88b8a563ff5704f4e8d8e5118fb911fa2110ca05",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "v0.4.2",
+        "ref": "v0.4.3",
         "repo": "lanzaboote",
         "type": "github"
       }
     },
+    "mnw": {
+      "locked": {
+        "lastModified": 1758834834,
+        "narHash": "sha256-Y7IvY4F8vajZyp3WGf+KaiIVwondEkMFkt92Cr9NZmg=",
+        "owner": "Gerg-L",
+        "repo": "mnw",
+        "rev": "cfbc7d1cc832e318d0863a5fc91d940a96034001",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Gerg-L",
+        "repo": "mnw",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1749195551,
-        "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=",
+        "lastModified": 1762847253,
+        "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "4602f7e1d3f197b3cb540d5accf5669121629628",
+        "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9",
         "type": "github"
       },
       "original": {
@@ -157,11 +347,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1749285348,
-        "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=",
+        "lastModified": 1762977756,
+        "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f",
+        "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
         "type": "github"
       },
       "original": {
@@ -171,19 +361,72 @@
         "type": "github"
       }
     },
-    "nixpkgs-stable": {
+    "noctalia": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
       "locked": {
-        "lastModified": 1730741070,
-        "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
+        "lastModified": 1764122160,
+        "narHash": "sha256-JZ51AW7zKgqlZp+oqt3Y7thglv23TPjgG1XiGBFWhr8=",
+        "owner": "noctalia-dev",
+        "repo": "noctalia-shell",
+        "rev": "3c5dfd87db582bf9056d83f41d53b90ba08023c6",
         "type": "github"
       },
       "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.05",
-        "repo": "nixpkgs",
+        "owner": "noctalia-dev",
+        "repo": "noctalia-shell",
+        "type": "github"
+      }
+    },
+    "nur": {
+      "inputs": {
+        "flake-parts": [
+          "stylix",
+          "flake-parts"
+        ],
+        "nixpkgs": [
+          "stylix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1758998580,
+        "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=",
+        "owner": "nix-community",
+        "repo": "NUR",
+        "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "NUR",
+        "type": "github"
+      }
+    },
+    "nvf": {
+      "inputs": {
+        "flake-compat": "flake-compat_2",
+        "flake-parts": "flake-parts_2",
+        "mnw": "mnw",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1762622004,
+        "narHash": "sha256-NpzzgaoMK8aRHnndHWbYNKLcZN0r1y6icCoJvGoBsoE=",
+        "owner": "notashelf",
+        "repo": "nvf",
+        "rev": "09470524a214ed26633ddc2b6ec0c9bf31a8b909",
+        "type": "github"
+      },
+      "original": {
+        "owner": "notashelf",
+        "repo": "nvf",
         "type": "github"
       }
     },
@@ -197,15 +440,14 @@
         "nixpkgs": [
           "lanzaboote",
           "nixpkgs"
-        ],
-        "nixpkgs-stable": "nixpkgs-stable"
+        ]
       },
       "locked": {
-        "lastModified": 1731363552,
-        "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
+        "lastModified": 1750779888,
+        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
+        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
         "type": "github"
       },
       "original": {
@@ -214,6 +456,26 @@
         "type": "github"
       }
     },
+    "quickshell": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1764045583,
+        "narHash": "sha256-W24ReyRrhOKTKIsuAMkY5hnVlCufGoONM79sjUoyQkk=",
+        "owner": "outfoxxed",
+        "repo": "quickshell",
+        "rev": "e9bad67619ee9937a1bbecfc6ad3b4231d2ecdc3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "outfoxxed",
+        "repo": "quickshell",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "disko": "disko",
@@ -221,7 +483,11 @@
         "lanzaboote": "lanzaboote",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
-        "sops-nix": "sops-nix"
+        "noctalia": "noctalia",
+        "nvf": "nvf",
+        "quickshell": "quickshell",
+        "sops-nix": "sops-nix",
+        "stylix": "stylix"
       }
     },
     "rust-overlay": {
@@ -232,11 +498,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1731897198,
-        "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
+        "lastModified": 1761791894,
+        "narHash": "sha256-myRIDh+PxaREz+z9LzbqBJF+SnTFJwkthKDX9zMyddY=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
+        "rev": "59c45eb69d9222a4362673141e00ff77842cd219",
         "type": "github"
       },
       "original": {
@@ -252,11 +518,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747603214,
-        "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
+        "lastModified": 1763069729,
+        "narHash": "sha256-A91a+K0Q9wfdPLwL06e/kbHeAWSzPYy2EGdTDsyfb+s=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
+        "rev": "a2bcd1c25c1d29e22756ccae094032ab4ada2268",
         "type": "github"
       },
       "original": {
@@ -264,6 +530,151 @@
         "repo": "sops-nix",
         "type": "github"
       }
+    },
+    "stylix": {
+      "inputs": {
+        "base16": "base16",
+        "base16-fish": "base16-fish",
+        "base16-helix": "base16-helix",
+        "base16-vim": "base16-vim",
+        "firefox-gnome-theme": "firefox-gnome-theme",
+        "flake-parts": "flake-parts_3",
+        "gnome-shell": "gnome-shell",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nur": "nur",
+        "systems": "systems_2",
+        "tinted-foot": "tinted-foot",
+        "tinted-kitty": "tinted-kitty",
+        "tinted-schemes": "tinted-schemes",
+        "tinted-tmux": "tinted-tmux",
+        "tinted-zed": "tinted-zed"
+      },
+      "locked": {
+        "lastModified": 1762264356,
+        "narHash": "sha256-QVfC53Ri+8n3e7Ujx9kq6all3+TLBRRPRnc6No5qY5w=",
+        "owner": "nix-community",
+        "repo": "stylix",
+        "rev": "647bb8dd96a206a1b79c4fd714affc88b409e10b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "stylix",
+        "type": "github"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "tinted-foot": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1726913040,
+        "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
+        "owner": "tinted-theming",
+        "repo": "tinted-foot",
+        "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "tinted-theming",
+        "repo": "tinted-foot",
+        "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
+        "type": "github"
+      }
+    },
+    "tinted-kitty": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1735730497,
+        "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=",
+        "owner": "tinted-theming",
+        "repo": "tinted-kitty",
+        "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa",
+        "type": "github"
+      },
+      "original": {
+        "owner": "tinted-theming",
+        "repo": "tinted-kitty",
+        "type": "github"
+      }
+    },
+    "tinted-schemes": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1757716333,
+        "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=",
+        "owner": "tinted-theming",
+        "repo": "schemes",
+        "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559",
+        "type": "github"
+      },
+      "original": {
+        "owner": "tinted-theming",
+        "repo": "schemes",
+        "type": "github"
+      }
+    },
+    "tinted-tmux": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1757811970,
+        "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=",
+        "owner": "tinted-theming",
+        "repo": "tinted-tmux",
+        "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "tinted-theming",
+        "repo": "tinted-tmux",
+        "type": "github"
+      }
+    },
+    "tinted-zed": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1757811247,
+        "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=",
+        "owner": "tinted-theming",
+        "repo": "base16-zed",
+        "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "tinted-theming",
+        "repo": "base16-zed",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -5,21 +5,69 @@
     nixos-hardware.url = "github:nixos/nixos-hardware";
     home-manager.url = "github:nix-community/home-manager";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
-    lanzaboote.url = "github:nix-community/lanzaboote/v0.4.2";
+    lanzaboote.url = "github:nix-community/lanzaboote/v0.4.3";
     lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
     sops-nix.url = "github:Mic92/sops-nix";
     sops-nix.inputs.nixpkgs.follows = "nixpkgs";
     disko.url = "github:nix-community/disko";
     disko.inputs.nixpkgs.follows = "nixpkgs";
+    stylix.url = "github:nix-community/stylix";
+    stylix.inputs.nixpkgs.follows = "nixpkgs";
+
+    #obsidian-nvim.url = "github:epwalsh/obsidian.nvim";
+    nvf = {
+      url = "github:notashelf/nvf";
+      inputs.nixpkgs.follows = "nixpkgs";
+      #inputs.obsidian-nvim.follows = "obsidian-nvim";
+    };
+
+    quickshell = {
+      url = "github:outfoxxed/quickshell";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    noctalia = {
+      url = "github:noctalia-dev/noctalia-shell";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.quickshell.follows = "quickshell";
+    };
   };
   # https://nix.dev/tutorials/nix-language.html#named-attribute-set-argument
-  outputs = inputs@{self, nixpkgs, nixos-hardware, home-manager, sops-nix, lanzaboote, disko, ...}:
+  outputs =
+    inputs@{
+      self,
+      nixpkgs,
+      nixos-hardware,
+      home-manager,
+      sops-nix,
+      lanzaboote,
+      disko,
+      stylix,
+      nvf,
+      ...
+    }:
     let
-    mkSystem = (import ./lib {
+      zwLib = import ./lib {
         inherit nixpkgs home-manager inputs;
-    }).mkSystem;
+      };
+      mkSystem = zwLib.mkSystem;
+      mkHome = zwLib.mkHome;
+      mkHomeConfigs = zwLib.mkHomeConfigs;
+
+      # NOTE: Currently these are exclusively user-profiles which use home-manager.
+      # Their home-manager specific declarations are at ../users/${username}/home.nix
+      system = "x86_64-linux"; # TODO: Improve this from only static x86 to dynamic.
+      homeUserProfiles = {
+        jml = mkHome {
+          inherit system; # inputs;
+          username = "jml";
+          extraModules = [ nvf.homeManagerModules.default ];
+        };
+      };
     in
     {
+      lib = {
+        mkSystem = mkSystem;
+      };
       # NOTE: Run `nix flake show` to see what this flake has to offer.
       # TODO: Enable automated formatting with something like numtide/treefmt-nix
       nixosConfigurations = {
@@ -40,7 +88,20 @@
           users = [
             "jml"
           ];
-        extraModules = [];
+          homeUsers = {
+            jml = homeUserProfiles.jml.module;
+          };
+          #extraModules = [ (import ./overlays) ];
+          # NOTE: If I'm using a home-manager configuration on a given host,
+          # I also need to include the relevant modules.
+          # TODO: Can I instead self-reference the homeConfigurations in this flake?
+          extraModules = [
+            stylix.nixosModules.stylix
+          ];
+        };
+        cobalt = mkSystem {
+          hostname = "cobalt";
+          users = [ "jml" ];
         };
         # `nix build .#nixosConfigurations.installIso.config.system.build.isoImage`
         # https://github.com/nix-community/nixos-generators
@@ -49,15 +110,13 @@
           modules = [
             "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
           ];
-        specialArgs = {inherit inputs;};
-      };
-    }; 
-    homeConfigurations = {
-      "jml" = home-manager.lib.homeManagerConfiguration {
-        modules = [
-          ./users/jml/home.nix
-        ];
+          specialArgs = { inherit inputs; };
         };
       };
+
+      # For Debugging: `home-manager build --flake .` or `nix build .#homeConfigurations."jml".activationPackage`
+      # `home-manager switch --flake .#jml`
+      # https://nix-community.github.io/home-manager/options.xhtml
+      homeConfigurations = mkHomeConfigs homeUserProfiles;
     };
 }

git-agecrypt.toml

@@ -1,2 +0,0 @@
-[config]
-"hosts/lithium/semi-secret-vars.nix" = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2SVmZ3iJF/rviKhTgkZOvu1fWr6G29K4u6yaxjZn4H jay@lithium"]

hosts/cobalt/README.md

@@ -0,0 +1,21 @@
+
+Device Specific Hardware Details`
+```shell
+[nix-shell:~]$ lspci -nn
+00:00.0 Host bridge [0600]: Intel Corporation Xeon E3-1200 v6/7th Gen Core Processor Host Bridge/DRAM Registers [8086:5904] (rev 02)
+00:02.0 VGA compatible controller [0300]: Intel Corporation HD Graphics 620 [8086:5916] (rev 02)
+00:04.0 Signal processing controller [1180]: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Thermal Subsystem [8086:1903] (rev 02)
+00:14.0 USB controller [0c03]: Intel Corporation Sunrise Point-LP USB 3.0 xHCI Controller [8086:9d2f] (rev 21)
+00:14.2 Signal processing controller [1180]: Intel Corporation Sunrise Point-LP Thermal subsystem [8086:9d31] (rev 21)
+00:15.0 Signal processing controller [1180]: Intel Corporation Sunrise Point-LP Serial IO I2C Controller #0 [8086:9d60] (rev 21)
+00:15.1 Signal processing controller [1180]: Intel Corporation Sunrise Point-LP Serial IO I2C Controller #1 [8086:9d61] (rev 21)
+00:16.0 Communication controller [0780]: Intel Corporation Sunrise Point-LP CSME HECI #1 [8086:9d3a] (rev 21)
+00:17.0 SATA controller [0106]: Intel Corporation Sunrise Point-LP SATA Controller [AHCI mode] [8086:9d03] (rev 21)
+00:1c.0 PCI bridge [0604]: Intel Corporation Sunrise Point-LP PCI Express Root Port #1 [8086:9d10] (rev f1)
+00:1c.5 PCI bridge [0604]: Intel Corporation Sunrise Point-LP PCI Express Root Port #6 [8086:9d15] (rev f1)
+00:1f.0 ISA bridge [0601]: Intel Corporation Sunrise Point-LP LPC Controller [8086:9d58] (rev 21)
+00:1f.2 Memory controller [0580]: Intel Corporation Sunrise Point-LP PMC [8086:9d21] (rev 21)
+00:1f.3 Audio device [0403]: Intel Corporation Sunrise Point-LP HD Audio [8086:9d71] (rev 21)
+00:1f.4 SMBus [0c05]: Intel Corporation Sunrise Point-LP SMBus [8086:9d23] (rev 21)
+02:00.0 Network controller [0280]: Intel Corporation Wireless 8260 [8086:24f3] (rev 3a)
+```

hosts/cobalt/boot.nix

@@ -0,0 +1,6 @@
+{}:
+{
+  # Default to systemd-boot
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+}

hosts/cobalt/configuration.nix

@@ -0,0 +1,26 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  networking.hostName = "cobalt"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  networking.networkmanager.enable = true;
+
+
+  services.xserver.xkb = {
+    layout = "us";
+    variant = "";
+  };
+
+  fonts.packages = with pkgs; [
+    nerd-fonts.fira-code
+    nerd-fonts.iosevka
+    atkinson-hyperlegible
+  ];
+
+
+  system.stateVersion = "25.05";
+}

hosts/cobalt/default.nix

@@ -0,0 +1,20 @@
+{ inputs, ... }:
+{
+  imports = [
+    ./boot.nix
+    ../../modules/nixos/base.nix
+    ../../modules/nixos/audio.nix
+    #../../modules/nixos/desktop.nix
+    # https://github.com/NixOS/nixos-hardware/blob/master/README.md#using-nix-flakes-support
+    # TODO: This module doesn't exist yet.
+    #inputs.nixos-hardware.nixosModules.asus-zenbook-ux390u
+    /home/jml/Workspace/nixos-hardware/asus/zenbook/ux390ua
+    ./hardware-configuration.nix
+    ./configuration.nix
+    ../../modules/nixos/gaming.nix
+    ../../modules/nixos/desktop/xfce
+    #../../modules/nixos/desktop/niri
+  ];
+
+  zw.gaming.enable = true;
+}

hosts/cobalt/hardware-configuration.nix

@@ -0,0 +1,41 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/959b3c06-58a2-45be-b2d6-275c489c31f8";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/2EC2-D03D";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/0239ee2a-484b-4a17-b1e9-02fd35df851f"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s20f0u1u3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/lithium/README.md

@@ -7,20 +7,29 @@ This is my primary homelab host/NAS, previously powered by TrueNAS Scale/k3s.
 Even with fully declarative Nix/Nixpkgs/NixOS at the end of the day there are
 still some actions that need to be taken manually.
 
-- secrets configuration (both for SOPS and git-agecrypt semi-secrets)
+- secrets configuration for `sops-nix`
 - kanidm user management
 - tailscale auth key
 - jellyfin configuration via web-ui
 
-## Semi-Secrets
+## Secrets and "Private Information"
 
-`semi-secret-vars.nix` is using [git-agecrypt](https://github.com/vlaci/git-agecrypt)
-and following a pattern I discovered here:
- - https://github.com/nyawox/arcanum/blob/4629dfba1bc6d4dd2f4cf45724df81289230b61a/var/README.md
- - https://github.com/vlaci/git-agecrypt
+Originally I had used two providers of secrets, `sops-nix` and `git-agecrypt`,
+and the reasoning for that was, with `git-agecrypt` I could directly encrypt an
+entire `.nix` file, and use it to conceal an arbitrary amount of my nix config.
+The #1 thing I was using it for was hiding details about the domain names that
+power various services. I know that's not real security, and domains aren't
+really private, but server logs prove that not including a domain in a GH repo
+means you get dramatically fewer spurious requests.
 
-Essentially there are some details I won't want exposed in the repository, but
-I do want them available to all my nix modules. The main one being the domain.
+The reason for using `git-agecrypt` against a whole nix file like that was most
+importantly because it allowed me to *just use nix variables*. Compared to the
+invocationss SOPS & `sops-nix` require, it can be a lot more simple for setting
+values like a domain name.
 
-While it's not really a secret in the way a password is, consider this effort a
-mitigation against ddos attacks and automated requests and login attempts.
+Now I'm going all in on `sops-nix` as the exclusive manager of secrets, and
+maintaining a separate flake which contains private nix configuration details.
+There are still issues with this, and now my overall nix config is essentially
+fractured between "flake-A" and "flake-B", which gives me all the same issues
+that any other software project faces with that arrangement. But I dislike
+using `git-agecrypt` even more than I dislike those problems.

hosts/lithium/boot.nix

@@ -0,0 +1,6 @@
+{}:
+{
+  # Default to systemd-boot
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+}

hosts/lithium/configuration.nix

@@ -2,7 +2,6 @@
 {
   sops.defaultSopsFile = ./secrets/common.yaml;
   networking.hostName = "lithium";
-  networking.domain = config.vars.domain;
   environment.systemPackages = with pkgs; [
     zfs
   ];

hosts/lithium/default.nix

@@ -1,11 +1,11 @@
 { inputs, ... }:
 {
   imports = [
+    ./boot.nix
     ../../modules/nixos/base.nix
     inputs.sops-nix.nixosModules.sops
     ./hardware.nix
     ./configuration.nix
-    ./semi-secret-vars.nix
     ./services/caddy.nix
     ./services/tailscale.nix
     ./services/kanidm.nix

hosts/lithium/semi-secret-vars.nix

@@ -1,8 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 rhvgyQ 8V5ehsrqPR8s2joIfdpZRYDQpwH5BXI1GgQ/Qcb/Wg4
-ZKRZkXT0uPbXzuXLsteW31GsKzZy1deUl1GdWeQB+4U
--> "f<f<DW--grease AQ] z5_)RUB7 2>&DjVar
-Lhe9DbPHOqqKQ9HDhJB2xbIkrsxFGm39Yzr1J+ZbJnWYx5FCdGCCIexmv3GJy94t
-
---- qKkjS2aEWavCLldEwi4MUTlDoQuIu9tSRr5yoeZVQhs
-b¾Z~l…ŠU"Uãp­µ¥ vÉñ¿³$?ƒ<EFBFBD>æ;:Z›ÖuÒ…^öËÅŠQ/MBɉf]Ξ)4PYáî-ß…äê«Ü» <EFBFBD>áØŸl¨Á¯&e‡âû2”©ÈOUqXóMD<EFBFBD>SÜä7ÁE¿ð”ÀÉæ&us–¿ð<EFBFBD>ÁU÷#Êdø#Ø‚ÿÀÂWõ9Øãó^k.ÜÝ0áü7«ðhŸ°©s4CRIwUÅa‚ʯMÀw‰i·‡U<EFBFBD>riÿkªb}yVÒÈÜüÏ>©¿rŽ°[ƒÝ8s

hosts/lithium/services/kanidm.nix

@@ -44,7 +44,7 @@ in
   };
 
   services.kanidm = {
-    package = pkgs.kanidmWithSecretProvisioning;
+    package = pkgs.kanidmWithSecretProvisioning_1_7;
     enableServer = true;
     serverSettings = {
       # NOTE: Required to start the server: https://kanidm.github.io/kanidm/stable/server_configuration.html

hosts/neon/boot.nix

@@ -0,0 +1,6 @@
+{}:
+{
+  # Default to systemd-boot
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+}

hosts/neon/default.nix

@@ -1,9 +1,10 @@
 { inputs, ... }:
 {
   imports = [
+    ./boot.nix
     ../../modules/nixos/base.nix
     ../../modules/nixos/audio.nix
-    ../../modules/nixos/desktop.nix
+    ../../modules/nixos/desktop
     # https://github.com/NixOS/nixos-hardware/blob/master/README.md#using-nix-flakes-support
     inputs.nixos-hardware.nixosModules.gpd-pocket-3
      # override from nixos-hardware

hosts/titanium/README.md

@@ -0,0 +1,20 @@
+# titanium
+
+This is my primary workstation / gaming pc.
+It will generally be the most out of sync with the repo, as there will be a lot
+of software I experiment with, which I simply forget to commit here. Everything
+of importance will find it's way to this repo.
+
+## Non-Deterministic Post-Install Steps
+
+Rearrange Monitors in Gnome Display Settings
+
+Use a fido2 key (YubiKey) to decrypt luks
+```bash
+sudo -E -s systemd-cryptenroll --fido2-device=auto /dev/disk/by-partlabel/disk-main-luks
+```
+
+## Installing Remotely
+```bash
+nix run github:nix-community/nixos-anywhere -- --flake .#titanium <ssh-addr>
+```

hosts/titanium/configuration.nix

@@ -6,9 +6,12 @@
   environment.systemPackages = with pkgs; [
     sbctl  # Secure-Boot
     helix nil  # nice for editing '.nix'
-    discord
+    (discord.override { withVencord = true; })
     signal-desktop
     obs-studio
+    halloy  # IRC
+    gimp3
+    nyxt # browser
   ];
   # Hardware Specific programs...
   #programs.ryzen-monitor-ng.enable = true;
@@ -16,5 +19,5 @@
   services.openssh.enable = true;
   services.tailscale.enable = true;
   networking.firewall.trustedInterfaces = [ "tailscale0" ];
-  system.stateVersion = "25.05";
+  system.stateVersion = "25.11";
 }

hosts/titanium/default.nix

@@ -1,17 +1,41 @@
-{ inputs, ... }:
+{ inputs, pkgs, ... }:
+let
+  nixpkgs = inputs.nixpkgs;
+in
 {
   nixpkgs.config.allowUnfree = true;
+  nixpkgs.overlays = (import (../../overlays) {inherit nixpkgs;});
   imports = [
     ../../modules/nixos/base.nix
     ../../modules/nixos/audio.nix
-    ../../modules/nixos/desktop.nix
+    ../../modules/nixos/desktop
     ../../modules/nixos/gaming.nix
     inputs.nixos-hardware.nixosModules.asus-rog-strix-x570e
-    #./hardware.nix
+    ./hardware.nix
     ./configuration.nix
     ./nvidia.nix
+    inputs.lanzaboote.nixosModules.lanzaboote
     ./secure-boot.nix
     inputs.disko.nixosModules.disko
     ./disko.nix
+    ./game-emulation.nix
+    #./meetings.nix
   ];
+
+  zw.gaming.enable = true;
+
+  stylix = {
+    #enable = true;
+    # catppuccin-mocha
+    base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml";
+    # image = ./path.png; polarity = "dark"; # /etc/stylix/palette.html
+    # TODO: Add Atkinson Hyperlegible Next, Mono, and also a good Serif font.
+    # https://search.nixos.org/packages?channel=unstable&show=atkinson-hyperlegible-next&query=atkinson
+    # fonts = {
+    #   serif = {};
+    #   sansSerif = {};
+    #   monospace = {};
+    #   emoji = {};
+    # };
+  };
 }

hosts/titanium/game-emulation.nix

@@ -0,0 +1,59 @@
+{ config, lib, pkgs, ... }:
+let
+  retroarchWithCores = (
+    pkgs.retroarch.withCores (
+      cores: with cores; [
+        # Multi-Emulators
+        mame  # Atari / Nintendo / Sega / etc.
+
+        # Sega
+        genesis-plus-gx  # Sega Genesis
+
+        # Nintendo
+        mesen  # NES
+        bsnes  # Super Nintendo
+        mupen64plus # Nintendo 64 - Maybe simple64 some day.
+        dolphin  # GameCube
+        mgba  # GameBoy / Color / Advance
+        #melonds  # Nintendo DS
+        #citra  # Nintendo 3DS
+
+
+        # Sony
+        swanstation  #duckstation  # PlayStation
+        beetle-psx-hw
+        pcsx2  # PlayStation 2 -- Is actually "LRPS2"
+        #rpcs3  # PlayStation 3
+        ppsspp  # PlayStation Portable
+
+        # Commodore
+        vice-x64  # C64
+      ]
+    )
+  );
+in
+{
+  environment.systemPackages = [
+    retroarchWithCores
+    #pkgs.retroarch-full
+    #pkgs.emulationstation-de
+    pkgs.gnome-bluetooth
+  ];
+
+  hardware.xone.enable = true;  # Xbox Controller Driver
+  hardware.xpadneo.enable = true;  # Xbox Controller Driver
+  hardware.enableAllFirmware = true;
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = true;
+    settings = {
+      General = {
+        Experimental = true;
+        FastConnectable = true;
+      };
+      Policy = {
+        AutoEnable = true;
+      };
+    };
+  };
+}

hosts/titanium/hardware.nix

@@ -8,41 +8,44 @@
     [ (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.systemd.enable = true;
+  #boot.initrd.luks.devices.FOO.crypttabExtraOpts = ["fido2-device=auto"];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-amd" ];
+  # boot.blacklistedKernelModules = [ "nouveau" ];
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/0b3de117-c34f-4cc6-81db-5b84ea46cd51";
+    { #device = "/dev/disk/by-uuid/bac9b4de-d201-4008-9e97-3954417aab65";
       fsType = "btrfs";
       options = [ "subvol=root" ];
     };
 
-  boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/0ccc4028-c27e-4259-ade9-a2b2081722cb";
+  #boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/16b8ccb6-0102-4348-bb1b-d8d68bfb4d23";
+
+  fileSystems."/nix" =
+    { #device = "/dev/disk/by-uuid/bac9b4de-d201-4008-9e97-3954417aab65";
+      fsType = "btrfs";
+      options = [ "subvol=nix" ];
+    };
 
   fileSystems."/.swapvol" =
-    { device = "/dev/disk/by-uuid/0b3de117-c34f-4cc6-81db-5b84ea46cd51";
+    { #device = "/dev/disk/by-uuid/bac9b4de-d201-4008-9e97-3954417aab65";
       fsType = "btrfs";
       options = [ "subvol=swap" ];
     };
 
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/219D-4579";
-      fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
-    };
-
   fileSystems."/home" =
-    { device = "/dev/disk/by-uuid/0b3de117-c34f-4cc6-81db-5b84ea46cd51";
+    { #device = "/dev/disk/by-uuid/bac9b4de-d201-4008-9e97-3954417aab65";
       fsType = "btrfs";
       options = [ "subvol=home" ];
     };
 
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/0b3de117-c34f-4cc6-81db-5b84ea46cd51";
-      fsType = "btrfs";
-      options = [ "subvol=nix" ];
+  fileSystems."/boot" =
+    { #device = "/dev/disk/by-uuid/E076-75D6";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
     };
 
   swapDevices = [ ];
@@ -54,7 +57,7 @@
   networking.useDHCP = lib.mkDefault true;
   # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
   # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

hosts/titanium/meetings.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.zoom-us.enable = true; 
+}

hosts/titanium/nvidia.nix

@@ -14,9 +14,12 @@
   # https://github.com/NixOS/nixpkgs/blob/master/pkgs/os-specific/linux/nvidia-x11/generic.nix#L65
   nixpkgs.config.nvidia.acceptLicense = true;
   hardware.nvidia = {
+    # TODO: Consider legacy drivers.
+    # https://discourse.nixos.org/t/cant-use-nvidia-offload-mode/27791/8
     package = config.boot.kernelPackages.nvidiaPackages.latest;
     modesetting.enable = true;
-    open = true;
+    # Open Source Drivers: https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
+    open = false;
     nvidiaSettings = true;
     powerManagement.enable = false;
     powerManagement.finegrained = false;

hosts/titanium/secure-boot.nix

@@ -1,5 +1,4 @@
-{ pkgs, lib, inputs, ... }: {
-  imports = with inputs; [ lanzaboote.nixosModules.lanzaboote ];
+{ pkgs, lib, ... }: {
   environment.systemPackages = [ pkgs.sbctl ];
   boot.loader.systemd-boot.enable = lib.mkForce false;
   boot.lanzaboote.enable = true;

lib/default.nix

@@ -1,47 +1,113 @@
-{ nixpkgs, home-manager, inputs, ... }:
 {
-  # It's not really that I care about whether a system is a desktop system or
-  # a server system, but moreso that I care about whether a system is headless or not.
-  # I also care about things like if it's darwin, or wsl.
-  mkSystem = {
+  nixpkgs,
+  home-manager,
+  inputs,
+  ...
+}:
+let
+  allOverlays = import (../overlays) { inherit nixpkgs; };
+  getPkgs =
+    system:
+    import nixpkgs {
+      inherit system;
+      overlays = allOverlays;
+    };
+in
+{
+  mkSystem =
+    {
       hostname,
       system ? "x86_64-linux",
-    users ? [],
-    extraModules ? []
+      users ? [ ],
+      extraModules ? [ ],
+      homeUsers ? { },
+      extraSpecialArgs ? { },
     }:
     let
-    hostModule = import ../hosts/${hostname} { inherit inputs; };
-    userModules = map (name:
+      pkgs_with_overlays = import nixpkgs {
+        inherit system;
+        overlays = allOverlays;
+      };
+      hostModule = import ../hosts/${hostname} {
+        inherit inputs;
+        pkgs = pkgs_with_overlays;
+      };
+      userModules = map (
+        name:
         import ../users/${name} {
-        pkgs = nixpkgs.legacyPackages.${system};
+          pkgs = pkgs_with_overlays;
           lib = nixpkgs.lib;
         }
       ) users;
 
-    homeUserNames = builtins.filter (name:
-      builtins.pathExists ../users/${name}/home.nix
-    ) users;
-
-    homeUsers = nixpkgs.lib.listToAttrs (map (name: {
-      name = name;
-      value = import ../users/${name}/home.nix {
-        username = name;
-        pkgs = nixpkgs.legacyPackages.${system};
-        lib = nixpkgs.lib;
-      };
-    }) homeUserNames);
+      formattedHomeUsers = nixpkgs.lib.mapAttrs (username: moduleList: {
+        imports = moduleList;
+      }) homeUsers;
     in
     nixpkgs.lib.nixosSystem {
       inherit system;
-      modules = [ hostModule ]
+      modules = [
+        hostModule
+      ]
       ++ userModules
       ++ extraModules
-        ++ (if homeUserNames != [] then [
+      ++ (
+        if homeUsers != { } then
+          [
             home-manager.nixosModules.home-manager
             {
+              #home-manager.useGlobalPkgs = true;  # NOTE: Incompatible with nixpkgs.{config,overlays}
+              home-manager.useUserPackages = true;
               home-manager.backupFileExtension = "hm-bak";
-            home-manager.users = homeUsers;
+
+              # Directly inject the module lists? (isn't this the problem?)
+              home-manager.users = formattedHomeUsers;
+              home-manager.extraSpecialArgs = { inherit inputs; };
             }
-        ] else []);
+          ]
+        else
+          [ ]
+      );
+      specialArgs = {
+        inherit inputs hostname;
+      }
+      // extraSpecialArgs;
     };
+
+  getUserHomeModule =
+    username: pkgs: inputs:
+    import ../users/${username}/home.nix {
+      inherit username pkgs inputs;
+      lib = nixpkgs.lib;
+    };
+
+  /**
+    This function returns an attribute set { module, config }.
+  */
+  mkHome =
+    {
+      username,
+      system ? "x86_64-linux",
+      extraModules ? [ ],
+    }:
+    let
+      pkgs_with_overlays = getPkgs system;
+      moduleList = [
+        (import ../users/${username}/home.nix {
+          inherit inputs username;
+          pkgs = pkgs_with_overlays;
+          lib = nixpkgs.lib;
+        })
+      ]
+      ++ extraModules;
+    in
+    {
+      module = moduleList;
+      config = home-manager.lib.homeManagerConfiguration {
+        pkgs = pkgs_with_overlays;
+        modules = moduleList;
+      };
+    };
+
+  mkHomeConfigs = userProfiles: nixpkgs.lib.mapAttrs (username: profile: profile.config) userProfiles;
 }

modules/nixos/base.nix

@@ -1,18 +1,23 @@
 { config, pkgs, lib, ... }:
 {
   nixpkgs.config.allowUnfree = true;
+  # TODO: Consider adding a randomized delay.
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 30d";
+  };
   nix.settings = {
+    auto-optimise-store = true;
     experimental-features = [ "nix-command" "flakes" ];
   };
 
-  # Default to systemd-boot
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
   # https://datatracker.ietf.org/doc/html/rfc8375
-  networking.domain = "home.arpa";
+  networking.domain = lib.mkDefault "home.arpa";
 
-  time.timeZone = "America/Chicago";
+  # TODO: Consider enabling automatic-timezoned on laptops that move between TZs
+  time.timeZone = lib.mkDefault "America/Chicago";
+  services.automatic-timezoned.enable = lib.mkDefault false;
 
   i18n.defaultLocale = "en_US.UTF-8";
   i18n.extraLocaleSettings = {
@@ -73,38 +78,39 @@
         ];
         # Render colors
         # TODO: Figure out how to represent those termcap sequences properly.
-        #LESS_TERMCAP_mb=$'\E[1;31m'     # begin bold
-        #LESS_TERMCAP_md=$'\E[1;36m'     # begin blink
-        #LESS_TERMCAP_me=$'\E[0m'        # reset bold/blink
-        #LESS_TERMCAP_so=$'\E[01;44;33m' # begin reverse video
-        #LESS_TERMCAP_se=$'\E[0m'        # reset reverse video
-        #LESS_TERMCAP_us=$'\E[1;32m'     # begin underline
-        #LESS_TERMCAP_ue=$'\E[0m'        # reset underline
+        LESS_TERMCAP_mb="\E[1;31m";     # begin bold
+        LESS_TERMCAP_md="\E[1;36m";     # begin blink
+        LESS_TERMCAP_me="\E[0m";        # reset bold/blink
+        LESS_TERMCAP_so="\E[01;44;33m"; # begin reverse video
+        LESS_TERMCAP_se="\E[0m";        # reset reverse video
+        LESS_TERMCAP_us="\E[1;32m";     # begin underline
+        LESS_TERMCAP_ue="\E[0m";        # reset underline
       };
     };
 
     git.enable = true;
     htop.enable = true;
-    command-not-found.enable = false;
     bat.enable = true;
     bandwhich.enable = true;
 
+    command-not-found.enable = false;
+    #nix-index.enable = true;
+
     nano.enable = false;
     neovim = {
       enable = true;
       defaultEditor = true;
-
       viAlias = true;
       vimAlias = true;
-
-      withRuby = true;
-      withPython3 = true;
-      withNodeJs = true;
-
-      #configure = {};
     };
   };
 
-  # Services running on all machines
-  services.avahi.enable = true;  # zeroconf/mDNS(.local)
+  services.openssh.enable = lib.mkDefault false;
+  # services.openssh = {
+  #   enable = true;
+  #   settings = {
+  #     PasswordAuthentication = false;
+  #     PermitRootLogin = "no";
+  #   };
+  # };
 }

modules/nixos/desktop/calibre.nix

@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+{
+  imports = [];
+
+  options = {
+    zw.calibre = {
+      enable = lib.mkEnableOption "Enable Calibre";
+    };
+  };
+  
+  config = {
+    # NOTE: Without unrar support we can't open ".cbr" files.
+    environment.systemPackages = with pkgs; [
+      calibre
+    ];
+
+    services.udisks2.enable = true; # Required for eReader Support
+  };
+  # NOTE: Consider adding https://github.com/nydragon/calibre-plugins
+  # especially for DeDRM
+}

modules/nixos/desktop/default.nix

@@ -1,11 +1,23 @@
 { pkgs, ... }:
 {
+  imports = [
+    ./calibre.nix
+    ../fonts.nix
+  ];
+
+  # TODO: Add options for enabling/switching between different Desktop Environments.
+  # options = {};
+
+  # NOTE: Calibre is enabled this way because it also needs udisks2 for e-readers
+  # Ideally I move it somewhere else anyway.
+  zw.calibre.enable = true;
+
   environment.systemPackages = with pkgs; [
     yubikey-personalization
     xdg-desktop-portal-gtk
     xdg-desktop-portal-hyprland
     xwayland
-    rofi-wayland
+    rofi
     waybar
     hyprpaper
     kitty # hyprland default term
@@ -31,10 +43,5 @@
   };
   # screen sharing /w hyp 
   services.dbus.enable = true;
-
-  fonts.packages = with pkgs; [
-    nerd-fonts.fira-code
-    nerd-fonts.iosevka
-    atkinson-hyperlegible
-  ];
+  services.avahi.enable = true;  # zeroconf/mDNS(.local)
 }

modules/nixos/desktop/niri/default.nix

@@ -0,0 +1,40 @@
+{ config, lib, pkgs, inputs, ... }:
+{
+  # Opinionated Niri Setup - https://yalter.github.io/niri/Important-Software.html
+  # Consider: https://github.com/sodiboo/niri-flake
+
+  # NOTE: Rather than individual components, I'm going to start with a complete desktop shell if possible.
+  # According to the docs there's a few options: https://yalter.github.io/niri/Getting-Started.html#desktop-environments
+  # LXQt, many parts of XFCE, COSMIC + `cosmic-ext-extra-sessions`
+  # And what I actually want to try out is one of DankMaterialShell or Noctalia
+  programs.niri.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    inputs.noctalia.packages.${system}.default
+    xwayland-satellite
+    fuzzel
+    kitty
+    fastfetch
+  ];
+
+  services.displayManager.sessionPackages = [ pkgs.niri ];
+  programs.niri.package = pkgs.niri;
+
+
+  # Notification Daemon
+  #services.mako.enable = true;
+  #services.mako.settings.default-timeout = 3000;
+  
+  # Portal - https://wiki.archlinux.org/title/XDG_Desktop_Portal#List_of_backends_and_interfaces
+
+  # Authentication Agent (polkit)
+  #security.polkit.enable = lib.mkDefault true;
+
+  # Xwayland
+  # https://github.com/Supreeeme/xwayland-satellite
+  #programs.xwayland.enable = lib.mkDefault true;
+
+  # Screencasting - https://yalter.github.io/niri/Screencasting.html
+  # Needs D-Bus, pipewire, `xdg-desktop-portal-gnome`? Or a portal from the above table with screencasting support
+
+}

modules/nixos/desktop/xfce/default.nix

@@ -0,0 +1,9 @@
+{}:
+{
+  services.displayManager.defaultSession = "xfce";
+  services.xserver.desktopManager = {
+    xterm.enable = false;
+    xfce.enable = true;
+  };
+
+}

modules/nixos/fonts.nix

@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+  fonts.packages = with pkgs; [
+    nerd-fonts.fira-code
+    nerd-fonts.iosevka
+    atkinson-hyperlegible
+  ];
+}

modules/nixos/gaming.nix

@@ -1,9 +1,16 @@
 { config, lib, pkgs, ... }:
 {
+  #imports = [];
+  options = {
+    zw.gaming.enable = lib.mkEnableOption "Enable Gaming";
+  };
+
+  # https://wiki.nixos.org/wiki/Category:Gaming
+  config = lib.mkIf config.zw.gaming.enable {
     environment.systemPackages = with pkgs; [
       mangohud
       protonup-qt
-    lutris
+      lutris  # TODO: Having an issue after flake update
       bottles
       heroic
     ];
@@ -14,4 +21,11 @@
       protontricks.enable = true;
       gamescopeSession.enable = true;
     };
+
+    programs.gamemode.enable = true;
+    programs.gamescope = {
+      enable = true;
+      capSysNice = true;
+    };
+  };
 }

overlays/default.nix

@@ -0,0 +1,40 @@
+{ nixpkgs }:
+  let
+    fixCmake = pkg: pkg.overrideAttrs (old: {
+      cmakeFlakes = (old.cmakeFlags or []) ++ [
+        (nixpkgs.lib.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.10")
+      ];
+    });
+    cmake3Overlay = final: prev:
+      nixpkgs.lib.mapAttrs (
+        n: pkg:
+        pkg.overrideAttrs (old: {
+          cmakeFlags = old.cmakeFlags or [ ] ++ [ (nixpkgs.lib.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.10") ];
+        })
+      ) {
+          inherit (prev) hpipm;
+      };
+    libretroCmake3Overlay = final: prev: {
+      libretro = prev.libretro // {
+        thepowdertoy = prev.libretro.thepowdertoy.overrideAttrs(old: {
+          cmakeFlags = old.cmakeFlags or [ ] ++ [ (nixpkgs.lib.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.10") ];
+        });
+
+        tic80 = prev.libretro.tic80.overrideAttrs(old: {
+          cmakeFlags = old.cmakeFlags or [ ] ++ [ (nixpkgs.lib.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.10") ];
+        });
+
+        citra = prev.libretro.citra.overrideAttrs(old: {
+          cmakeFlags = old.cmakeFlags or [ ] ++ [ (nixpkgs.lib.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.10") ];
+        });
+
+        dolphin = prev.libretro.dolphin.overrideAttrs(old: {
+          cmakeFlags = old.cmakeFlags or [ ] ++ [ (nixpkgs.lib.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.10") ];
+        });
+      };
+    };
+in
+[
+  cmake3Overlay
+  libretroCmake3Overlay
+]

users/jml/default.nix

@@ -1,6 +1,9 @@
 { pkgs, lib, ... }:
 {
   programs.fish.enable = true;
+  environment.systemPackages = [
+    pkgs.home-manager
+  ];
   users.users.jml = {
     shell = pkgs.fish;
     home =

users/jml/home.nix

@@ -1,4 +1,10 @@
-{ username, pkgs, lib, ... }:
+{
+  username,
+  pkgs,
+  lib,
+  inputs,
+  ...
+}:
 {
   nixpkgs.config.allowUnfree = true;
   # The following line is needed if I start using hyprland Home Manager Module
@@ -19,7 +25,9 @@
       else
         abort "Unsupported OS";
   };
-  home.packages = with pkgs; [ ]
+  home.packages =
+    with pkgs;
+    [ ]
     # linux only
     # TODO: Add a test for linux + desktop environment
     ++ (lib.optionals pkgs.stdenv.isLinux [
@@ -49,7 +57,7 @@
 
     # Matrix Chat Apps
     element-desktop.enable = true;
-    nheko.settings = true;
+    #nheko.settings = true;
 
     # Additions from Windows
     obsidian.enable = true;
@@ -65,6 +73,11 @@
     helix.enable = true;
     zoxide.enable = true;
     fd.enable = true;
+
+    difftastic.enable = true;
+    difftastic.git.enable = true;
+    difftastic.git.diffToolMode = true;
+    mergiraf.enable = true;
   };
 
   programs.starship = {
@@ -144,23 +157,379 @@
     };
   };
 
+  # TODO: figure out how to get config.programs.<name>.enable style
+  # internal references inside this file.
+  # There's some quirks with how this is used in lib/default.nix
+  # TODO: Use mergiraf for conflict resolution in jj too.
+  programs.jujutsu = {
+    enable = true;
+    #enableFishIntegration = true;
+    settings = {
+      user = {
+        name = "Jay Looney";
+        email = "jay.m.looney@gmail.com";
+      };
+    };
+  };
+
+  # TODO: Configure Mergiraf
+  # https://mergiraf.org/introduction.html
   programs.git = {
     enable = true;
-    userName = "Jay Looney";
-    userEmail = "jay.m.looney@gmail.com";
-    aliases = {
-      ol = "log --oneline";
+    settings = {
+      user = {
+        name = "Jay Looney";
+        email = "jay.m.looney@gmail.com";
       };
-    ignores = [ "*~" "*.swp" ];
-    extraConfig = {
+
+      # Aliases Inspired by the following:
+      # https://joel-hanson.github.io/posts/05-useful-git-aliases-for-a-productive-workflow/
+      # https://gist.github.com/mwhite/6887990
+      aliases = {
+        la = "!git config -l | grep alias | cut -c 7-";
+        s = "status -s";
+        co = "checkout";
+        cob = "checkout -b";
+        del = "branch -D";
+        ol = "log --oneline";
+
+        br = "branch --format='%(HEAD) %(color:yellow)%(refname:short)%(color:reset) - %(contents:subject) %(color:green)(%(committerdate:relative)) [%(authorname)]' --sort=-committerdate";
+        save = "!git add -A && git commit -m 'chore: commit save point'";
+        undo = "reset HEAD~1 --mixed";
+        done = "!git push origin HEAD";
+        lg = "!git log --pretty=format:\"%C(magenta)%h%Creset -%C(red)%d%Creset %s %C(dim green)(%cr) [%an]\" --abbrev-commit -30";
+        a = "add";
+        ap = "add -p";
+      };
+
       push.default = "simple";
       credential.helper = "cache --timeout=7200";
       init.defaultBranch = "main";
       log.decorate = "full";
       log.date = "iso";
+      # NOTE: Initially diff3 was for me, now it's for me and mergiraf automation.
       merge.conflictStyle = "diff3";
     };
+    # Cribbed from: https://github.com/gitattributes/gitattributes
+    attributes = [
+      # Auto detect files and perform LF normalization
+      "* text=auto"
+      # Documents
+      "*.bibtex text diff=bibtex"
+      "*.doc      diff=astextplain"
+      "*.DOC      diff=astextplain"
+      "*.docx     diff=astextplain"
+      "*.DOCX     diff=astextplain"
+      "*.dot      diff=astextplain"
+      "*.DOT      diff=astextplain"
+      "*.pdf      diff=astextplain"
+      "*.PDF      diff=astextplain"
+      "*.rtf      diff=astextplain"
+      "*.RTF      diff=astextplain"
+      "*.md       text diff=markdown"
+      "*.mdx      text diff=markdown"
+      "*.tex      text diff=tex"
+      "*.adoc     text"
+      "*.textile  text"
+      "*.mustache text"
+      "*.csv      text eol=crlf"
+      "*.tab      text"
+      "*.tsv      text"
+      "*.txt      text"
+      "*.sql      text"
+      "*.epub     diff=astextplain"
+
+      # Graphics
+      "*.png      binary"
+      "*.jpg      binary"
+      "*.jpeg     binary"
+      "*.gif      binary"
+      "*.tif      binary"
+      "*.tiff     binary"
+      "*.ico      binary"
+      # SVG treated as text by default.
+      "*.svg      text"
+      # If you want to treat it as binary,
+      # use the following line instead.
+      # *.svg    binary
+      "*.eps      binary"
+
+      # Scripts
+      "*.bash     text eol=lf"
+      "*.fish     text eol=lf"
+      "*.ksh      text eol=lf"
+      "*.sh       text eol=lf"
+      "*.zsh      text eol=lf"
+      # These are explicitly windows files and should use crlf
+      "*.bat      text eol=crlf"
+      "*.cmd      text eol=crlf"
+      "*.ps1      text eol=crlf"
+
+      # Serialisation
+      "*.json     text"
+      "*.toml     text"
+      "*.xml      text"
+      "*.yaml     text"
+      "*.yml      text"
+
+      # Archives
+      "*.7z       binary"
+      "*.bz       binary"
+      "*.bz2      binary"
+      "*.bzip2    binary"
+      "*.gz       binary"
+      "*.lz       binary"
+      "*.lzma     binary"
+      "*.rar      binary"
+      "*.tar      binary"
+      "*.taz      binary"
+      "*.tbz      binary"
+      "*.tbz2     binary"
+      "*.tgz      binary"
+      "*.tlz      binary"
+      "*.txz      binary"
+      "*.xz       binary"
+      "*.Z        binary"
+      "*.zip      binary"
+      "*.zst      binary"
+
+      # Text files where line endings should be preserved
+      "*.patch    -text"
+
+      # Exclude files from exporting
+      ".gitattributes export-ignore"
+      ".gitignore     export-ignore"
+      ".gitkeep       export-ignore"
+    ];
+    # TODO: Merge Gitignores from here: https://github.com/github/gitignore/tree/main/Global
+    ignores = [
+      "*~"
+      "*.swp"
+    ];
+  };
+
+  programs.emacs = {
+    enable = true;
+    # package = (pkgs.emacs30.pkgs.withPackages (epkgs: [
+    #   epkgs.treesit-grammars.with-grammars (grammars: [
+    #     grammars.tree-sitter-bash
+    #   ])
+    #   epkgs.pretty-sha-path
+    # ]));
+    extraConfig = ''
+      (setq standard-indent 2)
+    '';
+  };
+
+  # TODO: Implement support for at least
+  # Nix, Python, Rust, Golang
+  # TODO: Sort out why TF, `.nix` files tabs are cooked in neovim rn.
+  # It corrects things on document save, but this line for example started with an 8-long tabstop
+  programs.nvf = {
+    enable = true;
+    # When using the Home-Manager Module for nvf, the settings go into the following attribute set.
+    # https://notashelf.github.io/nvf/index.xhtml#sec-hm-flakes
+    settings.vim = {
+      viAlias = true;
+      vimAlias = true;
+
+      # TODO: For some reason spellcheck is having a very difficult time getting
+      # a wordlist.
+      #spellcheck = {
+      #  enable = true;
+      #  programmingWordlist.enable = true;
+      #};
+
+      lsp = {
+        enable = true;
+        formatOnSave = true;
+        lspkind.enable = false;
+        lightbulb.enable = true;
+        lspsaga.enable = false;
+        trouble.enable = true;
+        lspSignature.enable = false;
+        otter-nvim.enable = true;
+        nvim-docs-view.enable = true;
+      };
+
+      languages = {
+        enableDAP = true;
+        enableExtraDiagnostics = true;
+        enableFormat = true;
+        enableTreesitter = true;
+
+        nix = {
+          enable = true;
+          lsp.enable = true;
+          lsp.server = "nixd";
+          extraDiagnostics.enable = true;
+          format.enable = true;
+          format.type = "nixfmt";
+          treesitter.enable = true;
+        };
+        markdown.enable = true;
+        typst.enable = true;
+
+        assembly.enable = true;
+        bash.enable = true;
+        clang.enable = true;
+
+        python.enable = true;
+        rust = {
+          enable = true;
+          # TODO: null_ls is now deprecated.
+          # https://github.com/NotAShelf/nvf/issues/1175
+          # https://github.com/NotAShelf/nvf/blob/main/.github/CONTRIBUTING.md
+          crates.enable = true;
+        };
+        go.enable = true;
+        zig.enable = true;
+
+        ts.enable = true;
+        html.enable = true;
+        css.enable = true;
+        sql.enable = true;
+      };
+
+      visuals = {
+        nvim-scrollbar.enable = true; # Configurable Visual Scrollbar (Can pair with Cursor, ALE, Diagnostics, Gitsigns, and hlslens)
+        nvim-web-devicons.enable = true; # Nerdfont Icons for use by other plugins
+        nvim-cursorline.enable = true; # Highlight Words & Lines on the cursor
+        cinnamon-nvim.enable = true; # Smooth Scrolling for any movement command.
+        fidget-nvim.enable = true; # UI for Notifications & LSP Progress Messages
+
+        highlight-undo.enable = true; # Highlight changed text after any non-insert actions
+        indent-blankline.enable = true; # Indentation Guides
+      };
+
+      statusline = {
+        lualine = {
+          # Fancy Status Line
+          enable = true;
+          theme = "catppuccin";
+        };
       };
 
+      theme = {
+        enable = true;
+        name = "catppuccin";
+        style = "mocha";
+        transparent = false;
+      };
+
+      autopairs.nvim-autopairs.enable = true; # Pair up ", {, (, etc.
+      # blink-cmp is a compiled rust binary while nvim-cmp is a pure lua plugin...
+      autocomplete.blink-cmp.enable = true;
+      # Code Snippets Engine /w support for Lua, VSCode, and SnipMate snippets.
+      snippets.luasnip.enable = true;
+
+      filetree.neo-tree.enable = true; # Filesystem tree sidebar...
+      tabline.nvimBufferline.enable = true; # Shows buffers as tabs at the top.
+      treesitter.context.enable = true;
+      binds = {
+        whichKey.enable = true; # Shows your available keybindings in a popup
+        cheatsheet.enable = true; # Searchable in-editor cheatsheet that uses Telescope
+      };
+      telescope.enable = true; # Fuzzy Finder, central to many other plugins.
+
+      git = {
+        enable = true;
+        gitsigns.enable = true; # Git Info in Buffers + Gutters
+        gitsigns.codeActions.enable = false;
+        neogit.enable = true; # Interactive Git
+      };
+
+      # TODO: Consider switching to `minimap-nvim` for rust-based minimap.
+      # codewindow may be tightly integrated with treesitter though...
+      minimap.codewindow.enable = true;
+      dashboard.alpha.enable = true; # Greeter
+      notify.nvim-notify.enable = true; # Fancy Configurable Notification Manager
+      projects.project-nvim.enable = true;
+
+      utility = {
+        ccc.enable = true; # Color Picker
+        diffview-nvim.enable = true;
+        icon-picker.enable = true;
+        surround.enable = true; # Change Surrounding Delimiter pairs `ysiw)`
+        leetcode-nvim.enable = true; # Allow solving LeetCode problems directly inside neovim
+        multicursors.enable = true; # Edit with multiple cursors simultaneously
+        smart-splits.enable = true; # Split-Pane Management
+        undotree.enable = true; # Undo history visualizer
+        nvim-biscuits.enable = true; # Shows the start of a code block from the bottom
+
+        motion = {
+          # NOTE: https://github.com/smoka7/hop.nvim
+          hop.enable = true; # EasyMotion like, allowing you to jump anywhere in the document with as few keystrokes as possible
+          leap.enable = true; # Jump to anywhere visible
+          # TODO: I sort of hate how precognition injects itself in virtual
+          # lines, but I do like that it can be used to give a reminder.
+          precognition.enable = false; # Helps with discovering motions to navigate your current buffer
+        };
+        images.img-clip.enable = true;
+      };
+
+      # TODO: Get Obsidian Working.
+      notes = {
+        # obsidian.enable = true; # neovim fails to build with this enabled.
+        mind-nvim.enable = true;
+        todo-comments.enable = true;
+      };
+
+      terminal = {
+        toggleterm = {
+          enable = true;
+          lazygit.enable = true;
+        };
+      };
+
+      ui = {
+        borders.enable = true;
+        noice.enable = true;
+        colorizer.enable = true;
+        modes-nvim.enable = false; # this looks terrible with catppuccin
+        illuminate.enable = true;
+        breadcrumbs = {
+          enable = true;
+          navbuddy.enable = true;
+        };
+        smartcolumn = {
+          enable = true;
+          setupOpts.custom_colorcolumn = {
+            nix = "110";
+            ruby = "120";
+            java = "130";
+            go = [
+              "90"
+              "130"
+            ];
+          };
+        };
+        fastaction.enable = true;
+      };
+
+      assistant = {
+        chatgpt.enable = false;
+        copilot = {
+          enable = false;
+          cmp.enable = true;
+        };
+        codecompanion-nvim.enable = false;
+        # avante-nvim.enable = true;
+      };
+
+      session.nvim-session-manager.enable = true; # Save sessions to reopen later
+      gestures.gesture-nvim.enable = false; # mouse gesture support?
+      comments.comment-nvim.enable = true; # Fancy commenting
+      presence.neocord.enable = true; # Discord Rich Presence
+    };
+  };
+
+  programs.vscode = {
+    enable = true;
+    mutableExtensionsDir = true; # mutually exclusive to programs.vscode.profiles
+    # profiles.default.userSettings = {
+    #   "[nix]"."editor.tabSize" = 2;
+    # };
+  };
   # services.podman.enable = true;
 }