chore: initial commit for draft MR

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

.gitignore

@@ -4,3 +4,5 @@ result
 result-*
 
 nixos-efi-vars.fd
+
+home/hosts/work/packages.local.nix

dots/.bin/pomo

@@ -8,19 +8,24 @@ Pomodoro timer
 - Notification on break finish
 """
 
-import os
 import atexit
+import os
 from argparse import ArgumentParser
 from time import sleep
+
 from plyer import notification
 
-POMO_PATH = os.path.join(os.getenv("XDG_DATA_HOME", os.path.expanduser("~/.local/share")), "pomo")
+POMO_PATH = os.path.join(
+    os.getenv("XDG_DATA_HOME", os.path.expanduser("~/.local/share")), "pomo"
+)
+
 
 @atexit.register
 def clear():
     if os.path.exists(POMO_PATH):
         os.remove(POMO_PATH)
 
+
 def format_mins_secs(mins, secs):
     return f"{mins:02d}:{secs:02d}"
 
@@ -34,6 +39,7 @@ def make_countdown():
             os.system(f'echo -n "{time_str}" > {POMO_PATH}')
             sleep(1)
             duration -= 1
+
     return countdown
 
 
@@ -58,21 +64,23 @@ def main(args):
 def handle_signal(signal, frame):
     # Wait for clear to finish
     clear()
-    print('Exiting')
+    print("Exiting")
     exit(0)
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
 
     parser = ArgumentParser()
-    parser.add_argument('-w', '--work-duration', type=int,
+    parser.add_argument(
-                        help='Session duration', default=25)
+        "-w", "--work-duration", type=int, help="Session duration", default=25
-    parser.add_argument('-b', '--break-duration', type=int,
+    )
-                        help='Break duration', default=5)
+    parser.add_argument(
-    parser.add_argument('-r', '--repeats', type=int,
+        "-b", "--break-duration", type=int, help="Break duration", default=5
-                        help='Numer of sessions', default=1)
+    )
-    parser.add_argument('-c', '--clear', action='store_true',
+    parser.add_argument(
-                        help='Clear timer')
+        "-r", "--repeats", type=int, help="Numer of sessions", default=1
+    )
+    parser.add_argument("-c", "--clear", action="store_true", help="Clear timer")
 
     args = parser.parse_args()
 

dots/.bin/r5rs

@@ -2,8 +2,8 @@
 
 session="r5rs"
 
-tmux attach-session -t $session || tmux new-session -s $session \; \
+tmux attach-session -t "$session" || tmux new-session -s "$session" \; \
   split-window -h -t $session \; \
-  send-keys -t 0 "vim" C-m \; \
+  send-keys -t 1 "nvim -c \"set ft=scheme\"" C-m \; \
-  send-keys -t 1 "plt-r5rs --no-prim" C-m \; \
+  send-keys -t 2 "plt-r5rs --no-prim" C-m \; \
-  select-pane -t 0
+  select-pane -t 1

dots/.bin/save-home

@@ -22,4 +22,5 @@ restic -r "$RESTIC_REPOSITORY:$HOSTNAME" backup \
   --one-file-system \
   --files-from="$HOME/.resticinclude" \
   --exclude-file="$HOME/.resticexclude" \
+  --exclude-if-present=".nobackup" \
   --verbose=3

dots/.bin/screen-temperature

@@ -1,12 +1,12 @@
 #!/usr/bin/env python
 
-import sys
 import subprocess
+import sys
 
 DEFAULT_TEMPERATURE = 3500
 
 try:
-    with open('/tmp/temperature', 'r') as temp_file:
+    with open("/tmp/temperature", "r") as temp_file:
         current_temperature = int(temp_file.read())
 except FileNotFoundError:
     current_temperature = DEFAULT_TEMPERATURE
@@ -16,7 +16,8 @@ if len(sys.argv) == 1:
     print(current_temperature)
     sys.exit(0)
 elif len(sys.argv) != 2:
-    print("""
+    print(
+        """
 Usage:
 
   screen-temperature
@@ -27,7 +28,8 @@ Usage:
 
   screen-temperature <+|-><temperature>
       increase or decrease screen temperature by <temperature>
-""")
+"""
+    )
     sys.exit(1)
 
 temperature_change = sys.argv[1]
@@ -41,11 +43,10 @@ else:
 
 try:
     subprocess.run(["redshift", "-O", str(new_temperature), "-P"], check=True)
-    with open('/tmp/temperature', 'w') as temp_file:
+    with open("/tmp/temperature", "w") as temp_file:
-        temp_file.write(str(new_temperature) + '\n')
+        temp_file.write(str(new_temperature) + "\n")
     # Send notification
-    subprocess.run(
+    subprocess.run(["notify-send", str(new_temperature) + "K"])
-        ["notify-send", str(new_temperature) + "K"])
 except subprocess.CalledProcessError:
     print("Error: could not set screen temperature.")
     sys.exit(1)

dots/.bin/taskdeps

@@ -1,144 +0,0 @@
-#!/usr/bin/python
-
-import argparse
-import json
-import subprocess
-from collections import defaultdict
-
-
-def get_task_data():
-    command = (
-        "task +PENDING or +WAITING -COMPLETED -DELETED export | "
-        "jq '[.[] | {uuid: .uuid, id, depends: .depends, description: .description, status: .status }]'"
-    )
-    output = subprocess.check_output(command, shell=True)
-    return json.loads(output)
-
-
-def parse_task_data(data):
-    dependency_graph = defaultdict(list)
-    task_details = {}
-    dependent_tasks = set()
-
-    for task in data:
-        task_id = task["uuid"]
-        task_details[task_id] = {
-            "id": task.get("id", "?"),
-            "description": task.get("description", "No description"),
-            "status": task.get("status", "Unknown status"),
-        }
-        if task["depends"]:
-            for dependency in task["depends"]:
-                dependency_graph[dependency].append(task_id)
-                dependent_tasks.add(task_id)
-
-    root_tasks = set(task_details.keys()) - dependent_tasks
-    return task_details, dependency_graph, root_tasks
-
-
-def get_all_parents(task_id, dependency_graph):
-    return [
-        parent for parent, children in dependency_graph.items() if task_id in children
-    ]
-
-
-def build_ascii_dag(
-    task_id,
-    task_details,
-    dependency_graph,
-    prefix="",
-    is_last=True,
-    show_id=True,
-    visited=None,
-):
-    if visited is None:
-        visited = set()
-
-    if task_id in visited:
-        return [f"{prefix}{'└── ' if is_last else '├── '}... (cycle detected)"]
-
-    visited.add(task_id)
-
-    task_info = task_details[task_id]
-    task_line = f"{prefix}{'└── ' if is_last else '├── '}{task_info['id'] + ': ' if show_id else ''}{task_info['description']} ({task_info['status']})"
-    lines = [task_line]
-
-    children = dependency_graph.get(task_id, [])
-    for idx, child in enumerate(children):
-        child_is_last = idx == len(children) - 1
-        child_prefix = prefix + ("    " if is_last else "│   ")
-        lines.extend(
-            build_ascii_dag(
-                child,
-                task_details,
-                dependency_graph,
-                child_prefix,
-                child_is_last,
-                show_id,
-                visited.copy(),
-            )
-        )
-
-    return lines
-
-
-def render_dependency_dag(task_details, dependency_graph, root_tasks, show_id):
-    dag_lines = []
-    global_visited = set()
-
-    def dfs(task_id, prefix="", is_last=True, visited=None):
-        if visited is None:
-            visited = set()
-
-        if task_id in visited:
-            return
-
-        visited.add(task_id)
-        global_visited.add(task_id)
-
-        task_info = task_details[task_id]
-        task_line = f"{prefix}{'└── ' if is_last else '├── '}{str(task_info['id']) + ': ' if show_id else ''}{task_info['description']} ({task_info['status']})"
-        dag_lines.append(task_line)
-
-        children = dependency_graph.get(task_id, [])
-        for idx, child in enumerate(children):
-            child_is_last = idx == len(children) - 1
-            child_prefix = prefix + ("    " if is_last else "│   ")
-            dfs(child, child_prefix, child_is_last, visited.copy())
-
-    root_tasks_with_children = [
-        root for root in root_tasks if dependency_graph.get(root, [])
-    ]
-    for root in sorted(
-        root_tasks_with_children,
-        key=lambda x: len(dependency_graph.get(x, [])),
-        reverse=True,
-    ):
-        if root not in global_visited:
-            dfs(root)
-            dag_lines.append("")
-
-    return "\n".join(dag_lines).rstrip()
-
-
-def main(args):
-    data = get_task_data()
-    task_details, dependency_graph, root_tasks = parse_task_data(data)
-    ascii_dag = render_dependency_dag(
-        task_details, dependency_graph, root_tasks, show_id=args.show_id
-    )
-    print(ascii_dag)
-
-
-if __name__ == "__main__":
-    parser = argparse.ArgumentParser(
-        description="Generates a task dependency DAG for Taskwarrior tasks."
-    )
-    parser.add_argument(
-        "--show-id",
-        action="store_true",
-        default=False,
-        help="Include task IDs in the output.",
-    )
-    args = parser.parse_args()
-    main(args)

dots/.bin/zk

@@ -1,7 +1,9 @@
 #!/usr/bin/env bash
 
+current_zettel_path="$ZK_PATH/$(cat "$ZK_PATH/current-zettel.txt")"
+
 if [ "$TERM_PROGRAM" = tmux ]; then
-  cd ~/.zk && $EDITOR "$(cat ~/.zk/current-zettel.txt)"
+  cd "$ZK_PATH" && $EDITOR "$current_zettel_path"
 else
   echo 'Not in tmux'
   echo 'Choose an option:'
@@ -18,12 +20,12 @@ else
       else
         # Create session with a window named 'zk' and start nvim
         tmux new-session -s zk -n zk -d
-        tmux send-keys -t zk:zk "cd ~/.zk && $EDITOR \"\$(cat ~/.zk/current-zettel.txt)\"" Enter
+        tmux send-keys -t zk:zk "cd $ZK_PATH && $EDITOR $current_zettel_path" Enter
         tmux attach -t zk
       fi
       ;;
     2)
-      cd ~/.zk && $EDITOR "$(cat ~/.zk/current-zettel.txt)"
+      cd "$ZK_PATH" && $EDITOR "$current_zettel_path"
       ;;
     *)
       echo 'Not opening Zettelkasten'

dots/.config/kitty/kitty.conf

@@ -136,7 +136,7 @@ map f5 goto_tab 5
 map f6 goto_tab 6
 map f7 goto_tab 7
 map f8 goto_tab 8
-map kitty_mod+c new_tab
+# map kitty_mod+c new_tab # FIXME: conflict with 'copy'
 map cmd+t
 map kitty_mod+q
 map cmd+w

dots/.config/nvim/after/plugin/claude-code.nvim.lua

@@ -0,0 +1 @@
+require("claude-code").setup()

dots/.config/nvim/after/plugin/codecompanion.nvim.lua

@@ -1,16 +1,16 @@
-require("codecompanion").setup({
+-- require("codecompanion").setup({
-  extensions = {
+--   extensions = {
-    mcphub = {
+--     mcphub = {
-      callback = "mcphub.extensions.codecompanion",
+--       callback = "mcphub.extensions.codecompanion",
-      opts = {
+--       opts = {
-        make_vars = true,
+--         make_vars = true,
-        make_slash_commands = true,
+--         make_slash_commands = true,
-        show_result_in_chat = true
+--         show_result_in_chat = true
-      }
+--       }
-    }
+--     }
-  },
+--   },
-  strategies = {
+--   strategies = {
-    chat = { adapter = "openai" },
+--     chat = { adapter = "openai" },
-    inline = { adapter = "openai" },
+--     inline = { adapter = "openai" },
-  },
+--   },
-})
+-- })

dots/.config/nvim/after/plugin/conform.lua

@@ -1,6 +1,6 @@
 require("conform").setup({
   format_after_save = {
-    lsp_fallback = false,
+    lsp_fallback = true,
     async = false,
     timeout_ms = 500,
   },
@@ -18,8 +18,8 @@ require("conform").setup({
     nix = { "nixfmt" },
     javascript = { "eslint_d", "eslint", "prettierd", "prettier", stop_after_first = true },
     javascriptreact = { "eslint_d", "eslint", "prettierd", "prettier", stop_after_first = true },
-    json = { "prettierd", "prettier", stop_after_first = true },
+    -- json = { "prettierd", "prettier", stop_after_first = true },
-    jsonc = { "prettierd", "prettier", stop_after_first = true },
+    -- jsonc = { "prettierd", "prettier", stop_after_first = true },
     python = { "isort", "black" },
     svelte = { "eslint_d", "prettierd", "prettier", stop_after_first = true },
     typescript = { "eslint_d", "prettierd", "prettier", stop_after_first = true },

dots/.config/nvim/after/plugin/fidget.nvim.lua

@@ -0,0 +1 @@
+require("fidget").setup()

dots/.config/nvim/after/plugin/formatter.nvim.lua

@@ -0,0 +1,78 @@
+-- require("formatter").setup({
+--   logging = true,
+--   filetype = {
+--     typescriptreact = {
+--       -- prettier
+--       function()
+--         return {
+--           exe = "prettier",
+--           args = { "--stdin-filepath", vim.api.nvim_buf_get_name(0) },
+--           stdin = true,
+--         }
+--       end,
+--     },
+--     typescript = {
+--       -- prettier
+--       function()
+--         return {
+--           exe = "prettier",
+--           args = { "--stdin-filepath", vim.api.nvim_buf_get_name(0) },
+--           stdin = true,
+--         }
+--       end,
+--       -- linter
+--       -- function()
+--       --   return {
+--       --     exe = "eslint",
+--       --     args = {
+--       --       "--stdin-filename",
+--       --       vim.api.nvim_buf_get_name(0),
+--       --       "--fix",
+--       --       "--cache"
+--       --     },
+--       --     stdin = false
+--       --   }
+--       -- end
+--     },
+--     javascript = {
+--       -- prettier
+--       function()
+--         return {
+--           exe = "prettier",
+--           args = { "--stdin-filepath", vim.api.nvim_buf_get_name(0) },
+--           stdin = true,
+--         }
+--       end,
+--     },
+--     javascriptreact = {
+--       -- prettier
+--       function()
+--         return {
+--           exe = "prettier",
+--           args = { "--stdin-filepath", vim.api.nvim_buf_get_name(0) },
+--           stdin = true,
+--         }
+--       end,
+--     },
+--     json = {
+--       -- prettier
+--       function()
+--         return {
+--           exe = "prettier",
+--           args = { "--stdin-filepath", vim.api.nvim_buf_get_name(0) },
+--           stdin = true,
+--         }
+--       end,
+--     },
+--     lua = {
+--       -- luafmt
+--       function()
+--         return {
+--           exe = "luafmt",
+--           args = { "--indent-count", 2, "--stdin" },
+--           stdin = true,
+--         }
+--       end,
+--     },
+--   },
+-- })

dots/.config/nvim/after/plugin/fzf-lua.lua

@@ -5,7 +5,9 @@ fzf.setup({ "max-perf" })
 vim.keymap.set("n", "<leader>f<leader>", fzf.builtin) -- Help
 vim.keymap.set("n", "<leader>fc", fzf.commands)
 vim.keymap.set("n", "<leader>ff", fzf.files)
-vim.keymap.set("n", "<leader>fg", fzf.live_grep_native)
+vim.keymap.set("n", "<leader>fg", function()
+  fzf.live_grep_native({ resume = true })
+end)
 vim.keymap.set("n", "<leader>fb", fzf.buffers)
 vim.keymap.set("n", "<leader>fd", fzf.diagnostics_workspace)
 vim.keymap.set("n", "<leader>fhe", fzf.help_tags)
@@ -13,4 +15,4 @@ vim.keymap.set("n", "<leader>fhi", fzf.search_history)
 vim.keymap.set("n", "<leader>fma", fzf.marks)
 vim.keymap.set("n", "<leader>fma", fzf.man_pages)
 
-vim.keymap.set("i", "<c-f>", fzf.complete_path)
+vim.keymap.set("i", "<c-f>", fzf.complete_file)

dots/.config/nvim/after/plugin/image.nvim.lua

@@ -1,10 +1,10 @@
-require("image").setup({
+-- require("image").setup({
-  backend = "kitty",
+--   backend = "kitty",
-  kitty_method = "normal",
+--   kitty_method = "normal",
-  processor = "magick_cli",
+--   processor = "magick_cli",
-  integrations = {
+--   integrations = {
-    markdown = {
+--     markdown = {
-      filetypes = { "markdown", "pandoc" },
+--       filetypes = { "markdown", "pandoc" },
-    },
+--     },
-  },
+--   },
-})
+-- })

dots/.config/nvim/after/plugin/kubectl.nvim.lua

@@ -0,0 +1 @@
+require("kubectl").setup()

dots/.config/nvim/after/plugin/lspconfig.lua

@@ -17,11 +17,9 @@ local servers = {
       format = false,
     },
   },
-  emmet_language_server = {},
+  -- emmet_language_server = {},
   gdscript = {},
-  helm_ls = {
+  helm_ls = { filetypes = { "helm", "yaml.helm-values" } },
-    filetypes = { "yaml", "helm", "yaml.helm-values" },
-  },
   hls = { filetypes = { "haskell", "lhaskell", "cabal" } },
   html = {},
   jsonls = {
@@ -65,8 +63,26 @@ local servers = {
     },
   },
   -- marksman = {},
-  nixd = {},
+  -- TODO: This completion ain't working yet
+  nixd = {
+    nixpkgs = {
+      expr = "import <nixpkgs> { }",
+    },
+    formatting = {
+      command = { "nixfmt" },
+    },
+    options = {
+      home_manager = {
+        expr = '(builtins.getFlake "/home/hektor/.config/home-manager").homeConfigurations.work.options',
+      },
+    },
+  },
   pyright = {},
+  rust_analyzer = {
+    settings = {
+      ["rust-analyzer"] = {},
+    },
+  },
   -- tsserver = {},
   svelte = {
     plugin = {
@@ -76,48 +92,43 @@ local servers = {
     },
   },
   tailwindcss = {},
-  -- vtsls = {},
+  terraformls = {},
-  ts_ls = {},
+  -- ts_ls = {},
-  -- vtsls = {
+  vtsls = {
-  --   maxTsServerMemory = 16384,
+    maxTsServerMemory = 16384,
-  --   filetypes = {
+    filetypes = {
-  --     "javascript",
+      "javascript",
-  --     "javascriptreact",
+      "javascriptreact",
-  --     "javascript.jsx",
+      "javascript.jsx",
-  --     "typescript",
+      "typescript",
-  --     "typescriptreact",
+      "typescriptreact",
-  --     "typescript.tsx",
+      "typescript.tsx",
-  --   },
+    },
-  --   settings = {
+    settings = {
-  --     complete_function_calls = true,
+      complete_function_calls = true,
-  --     vtsls = {
+      vtsls = {
-  --       enableMoveToFileCodeAction = true,
+        enableMoveToFileCodeAction = true,
-  --       autoUseWorkspaceTsdk = true,
+        autoUseWorkspaceTsdk = true,
-  --       experimental = {
+        experimental = { completion = { enableServerSideFuzzyMatch = true } },
-  --         completion = {
+      },
-  --           enableServerSideFuzzyMatch = true,
+      typescript = {
-  --         },
+        updateImportsOnFileMove = { enabled = "always" },
-  --       },
+        suggest = { completeFunctionCalls = true },
-  --     },
+        inlayHints = {
-  --     typescript = {
+          enumMemberValues = { enabled = true },
-  --       updateImportsOnFileMove = { enabled = "always" },
+          functionLikeReturnTypes = { enabled = true },
-  --       suggest = {
+          parameterNames = { enabled = "literals" },
-  --         completeFunctionCalls = true,
+          parameterTypes = { enabled = true },
-  --       },
+          propertyDeclarationTypes = { enabled = true },
-  --       inlayHints = {
+          variableTypes = { enabled = false },
-  --         enumMemberValues = { enabled = true },
+        },
-  --         functionLikeReturnTypes = { enabled = true },
+      },
-  --         parameterNames = { enabled = "literals" },
+    },
-  --         parameterTypes = { enabled = true },
+  },
-  --         propertyDeclarationTypes = { enabled = true },
-  --         variableTypes = { enabled = false },
-  --       },
-  --     },
-  --   },
-  -- },
   yamlls = {
     settings = {
       yaml = {
+        validate = true,
         schemaStore = {
           -- You must disable built-in schemaStore support if you want to use
           -- this plugin and its advanced options like `ignore`.

dots/.config/nvim/after/plugin/m_taskwarrior_d.nvim.lua

@@ -0,0 +1,9 @@
+require("m_taskwarrior_d").setup()
+
+vim.api.nvim_create_autocmd({ "BufEnter", "BufWritePost" }, {
+  group = vim.api.nvim_create_augroup("TWTask", { clear = true }),
+  pattern = "*.md",
+  callback = function()
+    vim.cmd("TWSyncTasks")
+  end,
+})

dots/.config/nvim/after/plugin/mcphub.nvim.lua

@@ -1 +1 @@
-require("mcphub").setup({})
+-- require("mcphub").setup({})

dots/.config/nvim/after/plugin/nvim-cmp.lua

@@ -62,12 +62,12 @@ cmp.setup({
     ["<CR>"] = c_l,
   }),
   sources = {
-    { name = "copilot",  group_index = 2 },
     { name = "zk" },
+    { name = "copilot", group_index = 2 },
     { name = "nvim_lsp", keyword_length = 8 },
-    { name = "luasnip",  max_item_count = 16 },
+    { name = "luasnip", max_item_count = 16 },
     { name = "path" },
-    { name = "buffer",   max_item_count = 8 },
+    { name = "buffer", max_item_count = 8 },
   },
   window = {
     completion = cmp.config.window.bordered({ border = { "┌", "─", "┐", "│", "┘", "─", "└", "│" } }),

dots/.config/nvim/after/plugin/nvim-lint.lua

@@ -12,8 +12,8 @@ require("lint").linters_by_ft = {
   editorconfig = { "editorconfig-checker" },
   haskell = { "hlint" },
   -- html = { "htmlhint" },
-  -- javascript = { eslint_linter },
+  javascript = { eslint_linter },
-  -- javascriptreact = { eslint_linter },
+  javascriptreact = { eslint_linter },
   gdscript = { "gdlint" },
   latex = { "chktex" },
   -- lua = { "luacheck", "selene" },
@@ -22,10 +22,9 @@ require("lint").linters_by_ft = {
   -- python = { "pylint" },
   sh = { "shellcheck" },
   svelte = { eslint_linter },
-  systemd = { "systemdlint" },
+  typescript = { eslint_linter },
-  -- typescript = { eslint_linter },
+  typescriptreact = { eslint_linter },
-  -- typescriptreact = { eslint_linter },
+  -- yaml = { "yamllint" },
-  yaml = { "yamllint" },
 }
 
 -- TODO: Wouldn't it be possible / nice to only try to load the linters when they are

dots/.config/nvim/after/plugin/obsidian-nvim.lua

@@ -0,0 +1,9 @@
+require("obsidian").setup({
+  legacy_commands = false,
+  workspaces = {
+    {
+      name = "test",
+      path = "~/zk/work",
+    },
+  },
+})

dots/.config/nvim/after/plugin/treesitter.lua

@@ -4,10 +4,13 @@ local keymap = vim.keymap
 local opt = vim.opt
 local treesitter_configs = require("nvim-treesitter.configs")
 
+local nixCatsUtils = require("nixCatsUtils")
+local is_nix = nixCatsUtils.isNixCats
+
 treesitter_configs.setup({
   -- Basically added what I might need from the docs
   -- <https://github.com/nvim-treesitter/nvim-treesitter?tab=readme-ov-file#supported-languages>
-  ensure_installed = {
+  ensure_installed = is_nix and {} or {
     "awk",
     "bash",
     "bibtex",
@@ -86,7 +89,7 @@ treesitter_configs.setup({
     enable = true,
   },
   sync_install = false,
-  auto_install = true,
+  auto_install = not is_nix,
   ignore_install = {},
   modules = {},
   textobjects = {

dots/.config/nvim/after/plugin/wiki.vim.lua

@@ -1,6 +1,6 @@
 vim.cmd([[
-" Change local buffer to directory of current file after the plugin has loaded
+" " Change local buffer to directory of current file after the plugin has loaded
-autocmd VimEnter * lcd %:p:h
+" autocmd VimEnter * lcd %:p:h
 
 " " Override wiki index mapping to also cd into the wiki
 nm <leader>ww <plug>(wiki-index)

dots/.config/nvim/flake.lock

@@ -2,11 +2,11 @@
   "nodes": {
     "nixCats": {
       "locked": {
-        "lastModified": 1763330129,
+        "lastModified": 1765766809,
-        "narHash": "sha256-KbOeWIF52SV53BOeETGO2C5ewaV2Ex9iaXH7G72gOr8=",
+        "narHash": "sha256-3Xp41+Sb1zIzASa1Uu1k1RMUoJ9CGyYb0GtvvpRPBqg=",
         "owner": "BirdeeHub",
         "repo": "nixCats-nvim",
-        "rev": "c81551ed87db2aefab30a12cf7425ff94dc0ad64",
+        "rev": "fe157e3ed69ed14b55ca81f597eac282caed58a2",
         "type": "github"
       },
       "original": {
@@ -17,11 +17,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1763464769,
+        "lastModified": 1765934234,
-        "narHash": "sha256-AJHrsT7VoeQzErpBRlLJM1SODcaayp0joAoEA35yiwM=",
+        "narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "6f374686605df381de8541c072038472a5ea2e2d",
+        "rev": "af84f9d270d404c17699522fab95bbf928a2d92f",
         "type": "github"
       },
       "original": {
@@ -79,14 +79,30 @@
         "type": "github"
       }
     },
+    "plugins-m-taskwarrior-d-nvim": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1764933759,
+        "narHash": "sha256-4lN/ZQTQ7uMcpjePbf2k913Bs9AYYS6da3iZbckA6oI=",
+        "owner": "huantrinh1802",
+        "repo": "m_taskwarrior_d.nvim",
+        "rev": "279d2c8bcd2779500c1bea71fb9249c97cdb503b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "huantrinh1802",
+        "repo": "m_taskwarrior_d.nvim",
+        "type": "github"
+      }
+    },
     "plugins-mcphub-nvim": {
       "flake": false,
       "locked": {
-        "lastModified": 1759035242,
+        "lastModified": 1765628564,
-        "narHash": "sha256-I6EbgY/2sAdtrxtmH0qbAAQvMCHhOsfolJfblV0fXOk=",
+        "narHash": "sha256-nvWqCGRKhbUHsAM/zd+cwFdcoXXxf6EmcCkpN4mElf4=",
         "owner": "ravitemer",
         "repo": "mcphub.nvim",
-        "rev": "8ff40b5edc649959bb7e89d25ae18e055554859a",
+        "rev": "5193329d510a68f1f5bf189960642c925c177a3a",
         "type": "github"
       },
       "original": {
@@ -150,6 +166,7 @@
         "plugins-beancount-nvim": "plugins-beancount-nvim",
         "plugins-crazy-node-movement": "plugins-crazy-node-movement",
         "plugins-helm-ls-nvim": "plugins-helm-ls-nvim",
+        "plugins-m-taskwarrior-d-nvim": "plugins-m-taskwarrior-d-nvim",
         "plugins-mcphub-nvim": "plugins-mcphub-nvim",
         "plugins-nvimkit-nvim": "plugins-nvimkit-nvim",
         "plugins-shipwright-nvim": "plugins-shipwright-nvim",

dots/.config/nvim/flake.nix

@@ -7,6 +7,10 @@
       url = "github:rktjmp/shipwright.nvim";
       flake = false;
     };
+    plugins-m-taskwarrior-d-nvim = {
+      url = "github:huantrinh1802/m_taskwarrior_d.nvim";
+      flake = false;
+    };
     plugins-crazy-node-movement = {
       url = "github:theHamsta/crazy-node-movement";
       flake = false;
@@ -65,14 +69,15 @@
               gawk
               gdtoolkit_4
               isort
-              tree-sitter
-              ormolu
-              nodePackages.prettier
               nixd
               nixfmt
+              nodePackages.prettier
+              ormolu
               prettierd
+              rustfmt
               shellcheck-minimal
               stylua
+              tree-sitter
               vscode-langservers-extracted
             ];
           };
@@ -143,7 +148,11 @@
               copilot-lua
               copilot-cmp
               pkgs.neovimPlugins.helm-ls-nvim
-              pkgs.vimPlugins.kitty-scrollback-nvim
+              kitty-scrollback-nvim
+              fidget-nvim
+              rustaceanvim
+              pkgs.neovimPlugins.m-taskwarrior-d-nvim
+              claude-code-nvim
             ];
           };
 

dots/.config/nvim/ftplugin/dotenv.lua

@@ -0,0 +1 @@
+vim.opt_local.filetype = "sh"

dots/.config/nvim/init.lua

@@ -20,6 +20,7 @@ require("statusline")
 require("diagnostic")
 require("utils")
 require("zk")
+require("skeleton")
 require("reload")
 
 require("paq-setup") -- when not on nixCats

dots/.config/nvim/lua/paq-setup.lua

@@ -34,13 +34,17 @@ require("nixCatsUtils.catPacker").setup({
   { "razak17/tailwind-fold.nvim" },
   { "rmagatti/auto-session" },
   { "kndndrj/nvim-dbee" },
-  { "3rd/image.nvim", build = false },
+  -- { "3rd/image.nvim", build = false },
   { "polarmutex/beancount.nvim" },
-  { "jamesblckwell/nvimkit.nvim" },
+  -- { "jamesblckwell/nvimkit.nvim" },
-  { 'olimorris/codecompanion.nvim' },
+  { "olimorris/codecompanion.nvim" },
-  { "ravitemer/mcphub.nvim",                       build = "pnpm install -g mcp-hub@latest" },
+  { "ravitemer/mcphub.nvim", build = "pnpm install -g mcp-hub@latest" },
   { "zbirenbaum/copilot.lua" },
   { "zbirenbaum/copilot-cmp" },
   { "qvalentin/helm-ls.nvim", ft = "helm" },
+  { "saghen/blink.download" },
+  { "ramilito/kubectl.nvim" },
   { "mikesmithgh/kitty-scrollback.nvim" },
+  { "chrisgrieser/nvim-early-retirement" },
+  { "euclio/vim-markdown-composer" },
 })

dots/.config/nvim/skeletons/shell.nix

@@ -1,6 +1,4 @@
 {
   pkgs ? import <nixpkgs> { },
 }:
-pkgs.mkShell {
+pkgs.mkShell { nativeBuildInputs = with pkgs.buildPackages; [ ]; }
-  nativeBuildInputs = with pkgs.buildPackages; [ ];
-}

dots/.config/nvim/snips/typescriptreact.lua

@@ -0,0 +1,12 @@
+local ls = require("luasnip")
+local s = ls.snippet
+local t = ls.text_node
+local i = ls.insert_node
+
+return {
+  s("preJ", {
+    t("<pre>{JSON.stringify("),
+    i(1, "object"), -- first tab stop
+    t(", null, 2)}</pre>"),
+  }),
+}

dots/.gitconfig

@@ -1,9 +1,11 @@
+[include]
+  path = ~/.gitconfig.email
+
 [core]
   editor = nvim
   excludesfile = ~/.gitignore
 
 [user]
-  email = hektor.misplon@pm.me
   name = Hektor Misplon
   username = hektor
   signingKey = AEB98353B8D72E465C4236435151AF79E723F21C
@@ -76,8 +78,6 @@
 [merge]
   tool = nvimdiff
   conflictstyle = diff3
-[pull]
-  rebase = true
 [diff]
   colorMoved = zebra
 [commit]
@@ -85,3 +85,11 @@
 
 [interactive]
   singleKey = true
+
+[pull]
+  rebase = true
+[rerere]
+  enabled = true
+
+[includeIf "gitdir:~/work/"]
+  path = ~/.gitconfig.work

dots/.gitconfig.email.example

@@ -0,0 +1,2 @@
+[user]
+  email = your.email@example.com

dots/.gitconfig.work

@@ -0,0 +1,13 @@
+[include]
+  path = ~/.gitconfig.work.email
+
+[core]
+  longpaths = true
+
+[user]
+  name = Hektor Misplon
+  username = hektor.misplon
+  signingKey = 1C88BE828184CEE6
+
+[commit]
+  gpgsign = false

dots/.gitconfig.work.email.example

@@ -0,0 +1,2 @@
+[user]
+  email = your.work.email@example.com

flake.lock

@@ -29,11 +29,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1763885608,
+        "lastModified": 1765771449,
-        "narHash": "sha256-eFRbKKMaEHC5EaL7sxfPVFPFsr0Plzx03e1VkJkcsBA=",
+        "narHash": "sha256-ZoHRPmTzwC1ndX3NQB/b/WKtU1WduAJdLI4j8eW/QFM=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "c94982d5890f4ff0737d57ed97503c1c8d40195c",
+        "rev": "5bcf9a2aeb4d361c2ff918a146b3fcc1e136b9ca",
         "type": "gitlab"
       },
       "original": {
@@ -68,16 +68,15 @@
         ]
       },
       "locked": {
-        "lastModified": 1758463745,
+        "lastModified": 1765682243,
-        "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
+        "narHash": "sha256-yeCxFV/905Wr91yKt5zrVvK6O2CVXWRMSrxqlAZnLp0=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
+        "rev": "58bf3ecb2d0bba7bdf363fc8a6c4d49b4d509d03",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-25.05",
         "repo": "home-manager",
         "type": "github"
       }
@@ -85,10 +84,10 @@
     "nix-secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1763919406,
+        "lastModified": 1765747965,
-        "narHash": "sha256-WaGxnH7dm63syPt8E4MXbg4XVxQveXPe+cZu3iPz25w=",
+        "narHash": "sha256-EHZRRC3piD6vKd4hXiqC+CcDUQCOzrH/CNAF9zBqpDQ=",
         "ref": "main",
-        "rev": "4423bf215047474ecb89f4d8ad63a04e734b252a",
+        "rev": "a8e8d953f579939bd72b5f5c6ed332910b598554",
         "shallow": true,
         "type": "git",
         "url": "ssh://git@github.com/hektor/nix-secrets"
@@ -102,11 +101,11 @@
     },
     "nixCats": {
       "locked": {
-        "lastModified": 1763330129,
+        "lastModified": 1765766809,
-        "narHash": "sha256-KbOeWIF52SV53BOeETGO2C5ewaV2Ex9iaXH7G72gOr8=",
+        "narHash": "sha256-3Xp41+Sb1zIzASa1Uu1k1RMUoJ9CGyYb0GtvvpRPBqg=",
         "owner": "BirdeeHub",
         "repo": "nixCats-nvim",
-        "rev": "c81551ed87db2aefab30a12cf7425ff94dc0ad64",
+        "rev": "fe157e3ed69ed14b55ca81f597eac282caed58a2",
         "type": "github"
       },
       "original": {
@@ -138,11 +137,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1762847253,
+        "lastModified": 1764440730,
-        "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=",
+        "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9",
+        "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
         "type": "github"
       },
       "original": {
@@ -154,16 +153,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1763622513,
+        "lastModified": 1765472234,
-        "narHash": "sha256-1jQnuyu82FpiSxowrF/iFK6Toh9BYprfDqfs4BB+19M=",
+        "narHash": "sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c58bc7f5459328e4afac201c5c4feb7c818d604b",
+        "rev": "2fbfb1d73d239d2402a8fe03963e37aab15abe8b",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-25.05",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -177,6 +176,7 @@
         "plugins-beancount-nvim": "plugins-beancount-nvim",
         "plugins-crazy-node-movement": "plugins-crazy-node-movement",
         "plugins-helm-ls-nvim": "plugins-helm-ls-nvim",
+        "plugins-m-taskwarrior-d-nvim": "plugins-m-taskwarrior-d-nvim",
         "plugins-mcphub-nvim": "plugins-mcphub-nvim",
         "plugins-nvimkit-nvim": "plugins-nvimkit-nvim",
         "plugins-shipwright-nvim": "plugins-shipwright-nvim",
@@ -240,14 +240,30 @@
         "type": "github"
       }
     },
+    "plugins-m-taskwarrior-d-nvim": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1764933759,
+        "narHash": "sha256-4lN/ZQTQ7uMcpjePbf2k913Bs9AYYS6da3iZbckA6oI=",
+        "owner": "huantrinh1802",
+        "repo": "m_taskwarrior_d.nvim",
+        "rev": "279d2c8bcd2779500c1bea71fb9249c97cdb503b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "huantrinh1802",
+        "repo": "m_taskwarrior_d.nvim",
+        "type": "github"
+      }
+    },
     "plugins-mcphub-nvim": {
       "flake": false,
       "locked": {
-        "lastModified": 1759035242,
+        "lastModified": 1765628564,
-        "narHash": "sha256-I6EbgY/2sAdtrxtmH0qbAAQvMCHhOsfolJfblV0fXOk=",
+        "narHash": "sha256-nvWqCGRKhbUHsAM/zd+cwFdcoXXxf6EmcCkpN4mElf4=",
         "owner": "ravitemer",
         "repo": "mcphub.nvim",
-        "rev": "8ff40b5edc649959bb7e89d25ae18e055554859a",
+        "rev": "5193329d510a68f1f5bf189960642c925c177a3a",
         "type": "github"
       },
       "original": {
@@ -324,11 +340,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1763870012,
+        "lastModified": 1765684837,
-        "narHash": "sha256-AHxFfIu73SpNLAOZbu/AvpLhZ/Szhx6gRPj9ufZtaZA=",
+        "narHash": "sha256-fJCnsYcpQxxy/wit9EBOK33c0Z9U4D3Tvo3gf2mvHos=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "4e7d74d92398b933cc0e0e25af5b0836efcfdde3",
+        "rev": "94d8af61d8a603d33d1ed3500a33fcf35ae7d3bc",
         "type": "github"
       },
       "original": {

flake.nix

@@ -1,11 +1,10 @@
 {
   inputs = {
     nixpkgs = {
-      url = "github:nixos/nixpkgs?ref=nixos-25.05";
+      url = "github:nixos/nixpkgs/nixos-unstable";
     };
     nixos-hardware = {
       url = "github:NixOS/nixos-hardware/master";
-      inputs.nixpkgs.follows = "nixpkgs";
     };
     disko = {
       url = "github:nix-community/disko/latest";
@@ -20,7 +19,7 @@
       flake = false;
     };
     home-manager = {
-      url = "github:nix-community/home-manager/release-25.05";
+      url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     nixgl = {
@@ -51,6 +50,9 @@
       nvim,
     }@inputs:
     let
+      lib = inputs.nixpkgs.lib;
+      utils = import ./utils { inherit lib; };
+      hostDirNames = utils.dirNames ./hosts;
       system = "x86_64-linux";
       pkgs = import nixpkgs {
         inherit system;
@@ -58,28 +60,21 @@
       };
     in
     {
-      nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; # <https://github.com/nix-community/nixd/blob/main/nixd/docs/configuration.md>
+      nix.nixPath = [
-      nixosConfigurations = {
+        "nixpkgs=${inputs.nixpkgs}"
-        vm = nixpkgs.lib.nixosSystem {
+      ]; # <https://github.com/nix-community/nixd/blob/main/nixd/docs/configuration.md>
-          modules = [ ./hosts/vm ];
+      nixosConfigurations = lib.genAttrs hostDirNames (
+        host:
+        nixpkgs.lib.nixosSystem {
+          modules = [ ./hosts/${host} ];
           specialArgs = { inherit inputs; };
-        };
+        }
-        andromache = nixpkgs.lib.nixosSystem {
+      );
-          modules = [ ./hosts/andromache ];
-          specialArgs = { inherit inputs; };
-        };
-        astyanax = nixpkgs.lib.nixosSystem {
-          modules = [ ./hosts/astyanax ];
-          specialArgs = { inherit inputs; };
-        };
-      };
       homeConfigurations = {
         work = home-manager.lib.homeManagerConfiguration {
           inherit pkgs;
           modules = [ ./home/hosts/work ];
-          extraSpecialArgs = {
+          extraSpecialArgs = { inherit inputs; };
-            inherit inputs;
-          };
         };
       };
     };

home/hosts/andromache/default.nix

@@ -1 +1,83 @@
-import ../astyanax
+{
+  lib,
+  inputs,
+  config,
+  pkgs,
+  ...
+}:
+
+let
+  username = "h";
+in
+{
+  imports = [
+    ../../modules/desktop/niri
+    ../../modules/git.nix
+    ../../modules/k9s.nix
+    (import ../../modules/taskwarrior.nix {
+      inherit config;
+      inherit pkgs;
+    })
+    (import ../../modules/keepassxc.nix { inherit pkgs; })
+    (import ../../modules/anki.nix {
+      inherit config;
+      inherit pkgs;
+    })
+  ];
+
+  home.stateVersion = "25.05";
+  home.username = username;
+  home.homeDirectory = "/home/${username}";
+
+  xdg.userDirs.createDirectories = false;
+  xdg.userDirs.download = "${config.home.homeDirectory}/dl";
+
+  programs = {
+    bash = {
+      enable = true;
+      enableCompletion = true;
+      initExtra = ''
+        for f in /home/${username}/.bashrc.d/*; do
+          [ -f "$f" ] && source "$f"
+        done
+
+        source /home/${username}/.bash_aliases/all
+        source /home/${username}/.bash_aliases/lang-js
+
+        # host-specific config goes here
+        # ...
+
+        export PATH=${../../../dots/.bin}:$PATH
+      '';
+    };
+    firefox = import ../../modules/firefox.nix {
+      inherit inputs;
+      inherit pkgs;
+      inherit config;
+    };
+    fzf = {
+      enable = true;
+      enableBashIntegration = true;
+    };
+    home-manager.enable = true;
+    taskwarrior.config.recurrence = lib.mkForce "on";
+  };
+
+  home.packages = import ../packages.nix {
+    inherit pkgs;
+    inherit config;
+  };
+
+  home.file = {
+    ".inputrc".source = ../../../dots/.inputrc;
+    ".bashrc.d/prompt".source = ../../../dots/.bashrc.d/prompt;
+    ".bashrc.d/editor".source = ../../../dots/.bashrc.d/editor;
+    ".bash_aliases/all".source = ../../../dots/.bash_aliases/all;
+    ".bash_aliases/lang-js".source = ../../../dots/.bash_aliases/lang-js;
+    ".config/kitty/kitty.conf".source = ../../../dots/.config/kitty/kitty.conf;
+    ".config/kitty/themes/zenwritten_light.conf".source =
+      ../../../dots/.config/kitty/themes/zenwritten_light.conf;
+    ".config/kitty/themes/zenwritten_dark.conf".source =
+      ../../../dots/.config/kitty/themes/zenwritten_dark.conf;
+  };
+}

home/hosts/astyanax/default.nix

@@ -10,12 +10,14 @@ let
 in
 {
   imports = [
-    ../../modules/dconf.nix # TODO: Only enable when on Gnome?
+    ../../modules/desktop/niri
     ../../modules/git.nix
+    ../../modules/k9s.nix
     (import ../../modules/taskwarrior.nix {
       inherit config;
       inherit pkgs;
     })
+    (import ../../modules/keepassxc.nix { inherit pkgs; })
   ];
 
   home.stateVersion = "25.05";
@@ -30,12 +32,12 @@ in
       enable = true;
       enableCompletion = true;
       initExtra = ''
-        for f in /home/h/.bashrc.d/*; do
+        for f in /home/${username}/.bashrc.d/*; do
           [ -f "$f" ] && source "$f"
         done
 
-        source /home/h/.bash_aliases/all
+        source /home/${username}/.bash_aliases/all
-        source /home/h/.bash_aliases/lang-js
+        source /home/${username}/.bash_aliases/lang-js
 
         # host-specific config goes here
         # ...
@@ -53,10 +55,9 @@ in
       enableBashIntegration = true;
     };
     home-manager.enable = true;
-    keepassxc = import ../../modules/keepassxc.nix;
   };
 
-  home.packages = import ./packages.nix {
+  home.packages = import ../packages.nix {
     inherit pkgs;
     inherit config;
   };

home/hosts/astyanax/packages.nix

@@ -1,53 +0,0 @@
-{ pkgs, ... }:
-
-with pkgs;
-[
-  bash-completion
-  bash-language-server
-  bat
-  brightnessctl
-  entr
-  eslint_d
-  feh
-  fzf
-  gh
-  git
-  haskell-language-server
-  haskellPackages.pandoc-crossref
-  haskellPackages.hadolint
-  htop
-  jq
-  kitty
-  lua-language-server
-  nixfmt-rfc-style
-  nmap
-  nodejs_24
-  nodePackages.ts-node
-  nvimpager
-  ormolu
-  pandoc
-  parallel
-  pass
-  pnpm
-  ripgrep
-  silver-searcher
-  sops
-  sshfs
-  stylelint
-  svelte-language-server
-  tailwindcss-language-server
-  tldr
-  tmux
-  tmuxp
-  tree
-  tree-sitter
-  typescript-language-server
-  unzip
-  vim-language-server
-  vimPlugins.vim-plug
-  vtsls
-  wget
-  xbanish
-  xclip
-  yaml-language-server
-]

home/hosts/packages.nix

@@ -0,0 +1,36 @@
+{ pkgs, ... }:
+
+with pkgs;
+[
+  bash-completion
+  bat
+  entr
+  feh
+  fzf
+  gh
+  git
+  haskellPackages.pandoc-crossref
+  htop
+  jq
+  kitty
+  nixfmt-rfc-style
+  nmap
+  nodejs_24
+  nvimpager
+  pandoc
+  parallel
+  pass
+  pnpm
+  ripgrep
+  signal-desktop
+  silver-searcher
+  sops
+  sshfs
+  tldr
+  tmux
+  tmuxp
+  tree
+  unzip
+  vimPlugins.vim-plug
+  wget
+]

home/hosts/work/default.nix

@@ -10,38 +10,37 @@ let
 in
 {
   imports = [
-    ../../modules/dconf.nix # TODO: Only enable when on Gnome?
+    ../../modules/dconf.nix
+    ../../modules/git.nix
+    ../../modules/k9s.nix
+    (import ../../modules/keepassxc.nix { inherit pkgs; })
   ];
 
+  nixpkgs.config.allowUnfree = true;
+
   home.stateVersion = "25.05";
   home.username = username;
   home.homeDirectory = "/home/${username}";
 
-  sops = {
+  targets.genericLinux.nixGL = {
-    defaultSopsFile = "${builtins.toString inputs.nix-secrets}/secrets.yaml";
-    defaultSopsFormat = "yaml";
-    age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
-
-    secrets."test" = { };
-  };
-
-  nixGL = {
     packages = inputs.nixgl.packages;
     defaultWrapper = "mesa";
   };
 
   programs = {
-    anki = import ../../modules/anki.nix;
+    # editorconfig.enable = true;
     firefox = import ../../modules/firefox.nix {
       inherit inputs;
       inherit pkgs;
       inherit config;
     };
-    git = import ../../modules/git.nix;
+    gh.enable = true;
-    keepassxc = import ../../modules/keepassxc.nix;
+    kubecolor.enable = true;
   };
+
   home.packages = import ./packages.nix {
-    inherit pkgs;
+    inherit inputs;
     inherit config;
+    inherit pkgs;
   };
 }

home/hosts/work/packages.local.nix

@@ -0,0 +1,98 @@
+{
+  inputs,
+  config,
+  pkgs,
+  ...
+}:
+
+with pkgs;
+[
+  age
+  aider-chat
+  argocd
+  azure-cli
+  bat
+  biome
+  (config.lib.nixGL.wrap bruno)
+  chromium
+  clang
+  claude-code
+  (config.lib.nixGL.wrap code-cursor)
+  curl
+  dconf2nix
+  dive
+  emmet-language-server
+  eslint_d
+  flameshot
+  fluxcd
+  fzf
+  fzf-git-sh
+  git-machete
+  github-copilot-cli
+  glab
+  go
+  hadolint
+  hello
+  helm-ls
+  htop
+  input-leap
+  jira-cli-go
+  jq
+  k3d
+  (config.lib.nixGL.wrap kitty)
+  kubectl
+  kubernetes
+  kubernetes-helm
+  kustomize
+  lua
+  lua-language-server
+  minikube
+  ncspot
+  nil
+  nixd
+  nixfmt-rfc-style
+  # nodejs
+  nodejs_24
+  nvimpager
+  (config.lib.nixGL.wrap obsidian)
+  pavucontrol
+  # pgadmin4
+  prettierd
+  responder
+  ripgrep
+  rust-analyzer
+  rustlings
+  shellcheck
+  (config.lib.nixGL.wrap signal-desktop)
+  silver-searcher
+  sleuthkit
+  spotify
+  starship
+  stylua
+  taskopen
+  taskwarrior3
+  (config.lib.nixGL.wrap teams-for-linux)
+  opentofu
+  sops
+  tldr
+  tmux
+  tree
+  tree-sitter
+  tsx
+  upbound
+  vault-bin
+  (config.lib.nixGL.wrap vscode)
+  vscode-langservers-extracted
+  vtsls
+  yaml-language-server
+  xclip
+  xmage
+  yamllint
+  yarn
+  (python311.withPackages (ppkgs: [
+    ppkgs.plyer
+    ppkgs.dbus-python
+  ]))
+  # flakes
+  inputs.nvim.packages.x86_64-linux.nvim
+]

home/hosts/work/packages.nix

@@ -1,4 +1,19 @@
-{ pkgs, config, ... }:
+{
+  inputs,
+  config,
+  pkgs,
+  ...
+}:
 
-with pkgs;
+let
-[ ]
+  localPackages =
+    if builtins.pathExists ./packages.local.nix then
+      import ./packages.local.nix { inherit inputs config pkgs; }
+    else
+      [ ];
+in
+
+(with pkgs; [
+  inputs.nvim.packages.x86_64-linux.nvim
+])
+++ localPackages

home/modules/anki.nix

@@ -1,3 +1,16 @@
+{ config, pkgs, ... }:
+
 {
-  enable = true;
+  programs.anki = {
+    enable = true;
+    addons = with pkgs.ankiAddons; [
+      anki-connect
+      puppy-reinforcement
+      review-heatmap
+    ];
+    sync = {
+      usernameFile = "${config.sops.secrets."anki_sync_user".path}";
+      keyFile = "${config.sops.secrets."anki_sync_key".path}";
+    };
+  };
 }

home/modules/dconf.nix

@@ -7,5 +7,107 @@
     "org/gnome/desktop/interface" = {
       color-scheme = "prefer-dark";
     };
+
+    "org/gnome/desktop/applications/terminal" = {
+      exec = "kitty";
+      exec-arg = "";
+    };
+
+    "org/gnome/desktop/background" = {
+      color-shading-type = "solid";
+      picture-opacity = 100;
+      picture-options = "zoom";
+      picture-uri = "none";
+      picture-uri-dark = "none";
+      primary-color = "#555555";
+      secondary-color = "#555555";
+      show-desktop-icons = false;
+    };
+
+    # "org/gnome/desktop/input-sources" = {
+    #   sources = [
+    #     (mkTuple [
+    #       "xkb"
+    #       "us"
+    #     ])
+    #   ];
+    #   xkb-options = [ "caps:none" ];
+    # };
+
+    "org/gnome/desktop/wm/keybindings" = {
+      close = [ "<Shift><Super>Delete" ];
+      cycle-group = [ ];
+      cycle-group-backward = [ ];
+      cycle-panels = [ ];
+      cycle-panels-backward = [ ];
+      cycle-windows = [ ];
+      cycle-windows-backward = [ ];
+      maximize = [ "<Super> " ];
+      minimize = [ ];
+      move-to-workspace-1 = [ "<Super><Shift>a" ];
+      move-to-workspace-2 = [ "<Super><Shift>s" ];
+      move-to-workspace-3 = [ "<Super><Shift>d" ];
+      move-to-workspace-4 = [ "<Super><Shift>f" ];
+      move-to-workspace-5 = [ "<Super><Shift>g" ];
+      move-to-workspace-last = [ ];
+      move-to-workspace-left = [ "<Super><Shift>h" ];
+      move-to-workspace-right = [ "<Super><Shift>l" ];
+      panel-run-dialog = [ ];
+      switch-applications = [ "<Super>j" ];
+      switch-applications-backward = [ "<Super>k" ];
+      switch-group = [ ];
+      switch-group-backward = [ ];
+      switch-input-source = [ ];
+      switch-input-source-backward = [ ];
+      switch-panels = [ ];
+      switch-panels-backward = [ ];
+      switch-to-workspace-1 = [ "<Super>a" ];
+      switch-to-workspace-2 = [ "<Super>s" ];
+      switch-to-workspace-3 = [ "<Super>d" ];
+      switch-to-workspace-4 = [ "<Super>f" ];
+      switch-to-workspace-5 = [ "<Super>g" ];
+      switch-to-workspace-last = [ ];
+      switch-to-workspace-left = [ "<Super>h" ];
+      switch-to-workspace-right = [ "<Super>l" ];
+      switch-windows = [ ];
+      switch-windows-backward = [ ];
+      toggle-maximized = [ "<Super>space" ];
+      unmaximize = [ ];
+    };
+
+    "org/gnome/desktop/wm/preferences" = {
+      num-workspaces = 5;
+      workspace-names = [
+        "sh"
+        "www"
+        "dev"
+        "info"
+        "etc"
+      ];
+    };
+
+    "org/gnome/settings-daemon/plugins/media-keys" = {
+      custom-keybindings = [
+        "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
+      ];
+    };
+
+    "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
+      binding = "Print";
+      command = "flameshot gui";
+      name = "flameshot";
+    };
+
+    "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
+      binding = "<Super>Return";
+      command = "kitty";
+      name = "Kitty";
+    };
+
+    "org/gnome/shell/keybindings" = {
+      screenshot = [ "Print" ];
+      toggle-application-view = [ "<Super>p" ];
+      toggle-quick-settings = [ ];
+    };
   };
 }

home/modules/desktop/niri/config.kdl

@@ -0,0 +1,183 @@
+input {
+    touchpad {
+        tap
+        natural-scroll
+    }
+    mouse {
+        accel-profile "flat"
+    }
+}
+
+// NOTE: monitors are managed using `shikane` instead, as I assume this to be
+// too limited for multiple multimonitor configurations. Below is an example
+// for a simple, fixed, vertical dual monitor setup
+
+// output "eDP-1" {
+//   position x=0 y=1440
+// }
+//
+// output "DP-5" {
+//   position x=0 y=0
+// }
+
+layout {
+    gaps 4
+    struts {}
+    center-focused-column "never"
+    preset-column-widths {
+        proportion 0.382
+        proportion 0.618
+        proportion 1.0
+    }
+    default-column-width { }
+    focus-ring {
+        off
+    }
+    border {
+        width 2
+        active-color "#555555"
+        inactive-color "#55555511"
+        urgent-color "#ff0000"
+    }
+    shadow {
+        on
+        softness 32
+        spread 4
+        offset x=0 y=0
+        color "#0007"
+    }
+}
+
+spawn-at-startup "wlsunset -l 51.05 -L 3.72"
+spawn-at-startup "waybar"
+
+hotkey-overlay {
+    skip-at-startup
+}
+
+prefer-no-csd
+
+screenshot-path "~/doc/screenshots/%Y-%m-%d %H-%M-%S.png"
+
+// https://yalter.github.io/niri/Configuration:-Animations
+animations {
+    slowdown 0.66
+}
+
+window-rule {
+    match app-id=r#"firefox$"# title="^Picture-in-Picture$"
+    open-floating true
+}
+
+window-rule {
+    match app-id=r#"^org\.keepassxc\.KeePassXC$"#
+    block-out-from "screen-capture"
+}
+
+window-rule {
+    geometry-corner-radius 0
+    clip-to-geometry true
+}
+
+gestures {
+  hot-corners {
+    off
+  }
+}
+
+binds {
+    Mod+Slash { show-hotkey-overlay; }
+
+    Mod+Return hotkey-overlay-title="Open a Terminal: kitty"     { spawn "kitty"; }
+    Mod+P hotkey-overlay-title="Run an Application: fuzzel"      { spawn "fuzzel"; }
+    Super+Alt+L hotkey-overlay-title="Lock the Screen: swaylock" { spawn "swaylock"; }
+
+    XF86AudioRaiseVolume allow-when-locked=true { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1+"; }
+    XF86AudioLowerVolume allow-when-locked=true { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1-"; }
+    XF86AudioMute        allow-when-locked=true { spawn-sh "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; }
+    XF86AudioMicMute     allow-when-locked=true { spawn-sh "wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle"; }
+
+    Mod+Shift+XF86Display { power-off-monitors; }
+    XF86MonBrightnessUp allow-when-locked=true   { spawn "brightnessctl" "--class=backlight" "set" "+10%"; }
+    XF86MonBrightnessDown allow-when-locked=true { spawn "brightnessctl" "--class=backlight" "set" "10%-"; }
+
+    Mod+O repeat=false            { toggle-overview; }
+    Mod+Delete repeat=false { close-window; }
+
+    Mod+H { focus-column-left; }
+    Mod+J { focus-window-or-workspace-down; }
+    Mod+K { focus-window-or-workspace-up; }
+    Mod+L { focus-column-right; }
+
+    Mod+Shift+H { move-column-left; }
+    Mod+Shift+J { move-window-down-or-to-workspace-down; }
+    Mod+Shift+K { move-window-up-or-to-workspace-up; }
+    Mod+Shift+L { move-column-right; }
+
+    Mod+Home      { focus-column-first; }
+    Mod+End       { focus-column-last; }
+    Mod+Ctrl+Home { move-column-to-first; }
+    Mod+Ctrl+End  { move-column-to-last; }
+
+    Mod+Left        { focus-monitor-left; }
+    Mod+Down        { focus-monitor-down; }
+    Mod+Up          { focus-monitor-up; }
+    Mod+Right       { focus-monitor-right; }
+    Mod+Shift+Left  { move-column-to-monitor-left; }
+    Mod+Shift+Down  { move-column-to-monitor-down; }
+    Mod+Shift+Up    { move-column-to-monitor-up; }
+    Mod+Shift+Right { move-column-to-monitor-right; }
+
+    Mod+Ctrl+Up   { move-workspace-down; }
+    Mod+Ctrl+Down { move-workspace-up; }
+
+    // Mod+WheelScrollDown       cooldown-ms=150 { focus-workspace-down; }
+    // Mod+WheelScrollUp         cooldown-ms=150 { focus-workspace-up; }
+    // Mod+Shift+WheelScrollDown cooldown-ms=150 { move-window-down-or-to-workspace-down; }
+    // Mod+Shift+WheelScrollUp   cooldown-ms=150 { move-window-up-or-to-workspace-up; }
+
+    // Mod+A { focus-workspace 1; }
+    // Mod+S { focus-workspace 2; }
+    // Mod+D { focus-workspace 3; }
+    // Mod+F { focus-workspace 4; }
+    // Mod+Shift+A { move-column-to-workspace 1; }
+    // Mod+Shift+S { move-column-to-workspace 2; }
+    // Mod+Shift+D { move-column-to-workspace 3; }
+    // Mod+Shift+F { move-column-to-workspace 4; }
+
+    Mod+Tab { focus-workspace-previous; }
+
+    Mod+BracketLeft  { consume-or-expel-window-left; }
+    Mod+BracketRight { consume-or-expel-window-right; }
+
+    Mod+Comma  { consume-window-into-column; }
+    Mod+Period { expel-window-from-column; }
+
+    Mod+N       { switch-preset-column-width; }
+    Mod+Shift+N { switch-preset-window-height; }
+    Mod+Ctrl+R  { reset-window-height; }
+
+    Mod+Space       { maximize-column; }
+    Mod+Shift+Space { fullscreen-window; }
+
+    Mod+Escape       { toggle-window-floating; }
+    Mod+Shift+Escape { switch-focus-between-floating-and-tiling; }
+
+    Mod+Ctrl+F { expand-column-to-available-width; }
+
+    Mod+C      { center-column; }
+    Mod+Ctrl+C { center-visible-columns; }
+
+    Mod+Minus       { set-column-width "-10%"; }
+    Mod+Equal       { set-column-width "+10%"; }
+    Mod+Shift+Minus { set-window-height "-10%"; }
+    Mod+Shift+Equal { set-window-height "+10%"; }
+
+    Mod+W { toggle-column-tabbed-display; }
+
+    Print      { screenshot; }
+    Ctrl+Print { screenshot-screen; }
+    Alt+Print  { screenshot-window; }
+
+    Mod+Shift+Delete { quit; }
+}

home/modules/desktop/niri/default.nix

@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ../../fuzzel
+    ../../mako
+    ../../shikane
+    ../../waybar
+  ];
+
+  home = {
+    file.".config/niri/config.kdl".source = ./config.kdl;
+    packages = with pkgs; [
+      wl-clipboard
+      wlsunset
+    ];
+  };
+}

home/modules/firefox.nix

@@ -5,9 +5,6 @@
   nativeMessagingHosts = with pkgs; [
     tridactyl-native
   ];
-  policies = {
-    DefaultDownloadDirectory = "\${home}/dl";
-  };
   profiles = {
     default = {
       settings = {
@@ -57,6 +54,7 @@
     };
   };
   policies = {
+    DefaultDownloadDirectory = "\${home}/dl";
     ExtensionSettings = {
       "jid1-ZAdIEUB7XOzOJw@jetpack" = {
         default_area = "navbar";

home/modules/fuzzel/default.nix

@@ -0,0 +1,28 @@
+{
+  programs.fuzzel = {
+    enable = true;
+    settings = {
+      main = {
+        font = "Iosevka Term SS08";
+        horizontal-pad = 0;
+        vertical-pad = 0;
+      };
+      colors = {
+        background = "ccccccff";
+        text = "111111ff";
+        prompt = "ccccccff";
+        placeholder = "aaaaaaff";
+        input = "111111ff";
+        selection = "eeeeeeff";
+        selection-text = "111111ff";
+        selection-match = "333333ff";
+        counter = "111111ff";
+        border = "111111ff";
+      };
+      border = {
+        width = 2;
+        radius = 0;
+      };
+    };
+  };
+}

home/modules/git.nix

@@ -2,6 +2,7 @@
   programs.git.enable = true;
   home.file = {
     ".gitconfig".source = ../../dots/.gitconfig;
+    ".gitconfig.work".source = ../../dots/.gitconfig.work;
     ".gitignore".source = ../../dots/.gitignore;
   };
 }

home/modules/k9s.nix

@@ -0,0 +1,11 @@
+{
+  programs.k9s = {
+    enable = true;
+    settings.k9s = {
+      ui = {
+        logoless = true;
+        reactive = true;
+      };
+    };
+  };
+}

home/modules/keepassxc.nix

@@ -1,4 +1,11 @@
+{ pkgs, ... }:
+
 {
-  enable = true;
+  programs.keepassxc = {
-  # TODO: https://mynixos.com/home-manager/option/programs.keepassxc.settings
+    enable = true;
+    settings = {
+      Browser.Enabled = true;
+    };
+  };
+  # programs.firefox.nativeMessagingHosts = [ pkgs.keepassxc ]; # FIXME: Resolve 'Access error for config file $HOME/.config/keepassxc/keepassxc.ini' error
 }

home/modules/mako/default.nix

@@ -0,0 +1,5 @@
+{
+  services.mako = {
+    enable = true;
+  };
+}

home/modules/shikane/default.nix

@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+
+{
+  home.packages = with pkgs; [ wdisplays ];
+  services.shikane.enable = true;
+}

home/modules/taskwarrior.nix

@@ -44,7 +44,7 @@
       #     config.sops.secrets."taskwarrior_sync_encryption_secret".path
       #   }";
       # };
-      recurrence = "off"; # TODO: enable only on andromache
+      recurrence = "off";
     };
     extraConfig = "include ${config.sops.templates."taskrc.d/sync".path}";
   };

home/modules/waybar/config.jsonc

@@ -0,0 +1,57 @@
+[
+  {
+    "height": 16,
+    "spacing": 4,
+    "modules-left": ["niri/workspaces"],
+    "modules-right": [
+      "pulseaudio",
+      "memory",
+      "cpu",
+      "network",
+      "clock",
+      "battery",
+    ],
+    "clock": {
+      "format": "W{:%V %d %b %H:%M}",
+      "tooltip-format": "{calendar}",
+      "format-alt": "{:%Y-%m-%d %H:%M:%S}",
+    },
+    "battery": {
+      "bat": "BAT0",
+      "adapter": "ADP1",
+      "interval": 5,
+      "full-at": 99,
+      "states": {
+        "good": 80,
+        "warning": 20,
+        "critical": 10,
+      },
+      "format": "{capacity}%--",
+      "format-charging": "{capacity}%++",
+      "format-plugged": "{capacity}%",
+      "format-alt": "{time} {power}W",
+    },
+    "pulseaudio": {
+      "format": "VOL {volume}%",
+      "format-muted": "muted",
+      "on-click": "pavucontrol",
+    },
+    "memory": {
+      "interval": 2,
+      "format": "RAM {percentage}%",
+      "format-alt": "RAM {used:0.1f}G/{total:0.1f}G",
+    },
+    "cpu": {
+      "interval": 2,
+      "format": "CPU {usage}%",
+      "format-alt": "CPU {avg_frequency}GHz",
+    },
+    "network": {
+      "interval": 5,
+      "format-wifi": "{ifname} {ipaddr} {essid}",
+      "format-ethernet": "{ifname} {ipaddr}",
+      "format-disconnected": "{ifname} disconnected",
+      "tooltip-format": "{ifname}: {ipaddr}/{cidr}",
+    },
+  },
+]

home/modules/waybar/default.nix

@@ -0,0 +1,8 @@
+{
+  programs.waybar = {
+    enable = true;
+  };
+
+  home.file.".config/waybar/config.jsonc".source = ./config.jsonc;
+  home.file.".config/waybar/style.css".source = ./style.css;
+}

home/modules/waybar/style.css

@@ -0,0 +1,56 @@
+* {
+  font-family:
+    Iosevka Term SS08,
+    monospace;
+  font-size: 12px;
+  border-radius: 0px;
+}
+
+.modules-left,
+.modules-center,
+.modules-right {
+  margin: 4px;
+  margin-bottom: 0;
+}
+
+window#waybar {
+  background-color: transparent;
+}
+
+window#waybar.hidden {
+  opacity: 0.2;
+}
+
+#workspaces button {
+  padding: 0;
+  background-color: transparent;
+}
+
+#workspaces button:hover {
+  background: #000000;
+}
+
+#workspaces button.focused,
+#workspaces button.active {
+  background-color: #111111;
+}
+
+#workspaces button.urgent {
+  background-color: #eb4d4b;
+}
+
+#clock,
+#battery,
+#pulseaudio,
+#memory,
+#cpu,
+#network {
+  padding: 0 4px;
+  color: #ffffff;
+  background-color: #111111;
+}
+
+#window,
+#workspaces {
+  margin: 0;
+}

hosts/andromache/default.nix

@@ -8,28 +8,28 @@
 
 let
   username = "h";
+  wolInterfaces = import ./wol-interfaces.nix;
 in
 {
-  system.stateVersion = "25.05";
-
   imports = [
+    ../../modules/common
     inputs.disko.nixosModules.disko
     inputs.sops-nix.nixosModules.sops
     inputs.home-manager.nixosModules.default
     ./hard.nix
-    ../../modules/bootloader.nix
+    ../../modules/boot/bootloader.nix
-    (import ../../modules/disko.zfs-encrypted-root.nix {
+    (import ../../modules/disko/zfs-encrypted-root.nix {
       device = "/dev/nvme1n1";
       inherit lib;
       inherit config;
     })
-    ../../modules/gnome.nix
+    ../../modules/desktops/niri
-    ../../modules/bluetooth.nix
+    ../../modules/bluetooth
     ../../modules/keyboard
-    (import ../../modules/networking.nix { hostName = "andromache"; })
+    (import ../../modules/networking { hostName = "andromache"; })
-    ../../modules/users.nix
+    ../../modules/users
-    ../../modules/audio.nix
+    ../../modules/audio
-    ../../modules/localization.nix
+    ../../modules/localization
     ../../modules/fonts
     ../../modules/ssh/hardened-openssh.nix
     (import ../../modules/secrets {
@@ -37,9 +37,11 @@ in
       inherit inputs;
       inherit config;
     })
+    ../../modules/docker
   ];
 
   secrets.username = username;
+  docker.user = username;
 
   disko.devices = {
     disk.data = {
@@ -76,27 +78,17 @@ in
 
   environment.systemPackages = [ inputs.nvim.packages.x86_64-linux.nvim ];
 
-  nix.settings.experimental-features = [
-    "nix-command"
-    "flakes"
-  ];
-
-  nixpkgs.config.allowUnfree = true;
-
   home-manager = {
     useGlobalPkgs = true;
     useUserPackages = true;
     users.${username} = import ../../home/hosts/andromache {
+      inherit lib;
       inherit inputs;
       inherit config;
       inherit pkgs;
     };
   };
 
-  networking = {
-    hostId = "80eef97e";
-  };
-
   services.xserver = {
     videoDrivers = [ "nvidia" ];
   };
@@ -109,16 +101,18 @@ in
   services.syncthing = {
     enable = true;
     openDefaultPorts = true;
-    folders = {
+    settings = {
-      "/home/${username}/sync" = {
+      devices = {
-        id = "sync";
+        # "device1" = {
-        devices = [ ];
+        #   id = "DEVICE-ID-GOES-HERE";
+        # };
+      };
+      folders = {
+        "/home/${username}/sync" = {
+          id = "sync";
+          devices = [ ];
+        };
       };
-    };
-    devices = {
-      # "device1" = {
-      #   id = "DEVICE-ID-GOES-HERE";
-      # };
     };
   };
 
@@ -126,4 +120,18 @@ in
     enable = true;
     package = pkgs.plocate;
   };
+
+  networking = {
+    # TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id
+    hostId = "80eef97e";
+    interfaces = {
+      eno1 = {
+        wakeOnLan.enable = true;
+        macAddress = wolInterfaces.eno1.macAddress;
+      };
+    };
+    firewall = {
+      allowedUDPPorts = [ 9 ];
+    };
+  };
 }

hosts/andromache/hard.nix

@@ -1,14 +1,29 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
 
 {
-  imports =
+  imports = [
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  ];
 
-  boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "uas" "sd_mod" ];
+  boot.initrd.availableKernelModules = [
+    "vmd"
+    "xhci_pci"
+    "ahci"
+    "nvme"
+    "usbhid"
+    "usb_storage"
+    "uas"
+    "sd_mod"
+  ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];

hosts/andromache/wol-interfaces.nix

@@ -0,0 +1,3 @@
+{
+  eno1.macAddress = "02:68:b3:29:da:98";
+}

hosts/astyanax/default.nix

@@ -8,30 +8,30 @@
 
 let
   username = "h";
-  hostName = "astynanax";
+  hostName = "astyanax";
+  wolInterfaces = import ../andromache/wol-interfaces.nix;
 in
 {
-  system.stateVersion = "25.05";
-
   imports = [
+    ../../modules/common
     inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e14-intel
     inputs.disko.nixosModules.disko
     inputs.sops-nix.nixosModules.sops
     inputs.home-manager.nixosModules.default
     ./hard.nix
-    ../../modules/bootloader.nix
+    ../../modules/boot/bootloader.nix
-    (import ../../modules/disko.zfs-encrypted-root.nix {
+    (import ../../modules/disko/zfs-encrypted-root.nix {
       inherit lib;
       inherit config;
       device = "/dev/nvme0n1";
     })
-    ../../modules/gnome.nix
+    ../../modules/desktops/niri
-    ../../modules/bluetooth.nix
+    ../../modules/bluetooth
     ../../modules/keyboard
-    (import ../../modules/networking.nix { hostName = hostName; })
+    (import ../../modules/networking { hostName = hostName; })
-    ../../modules/users.nix
+    ../../modules/users
-    ../../modules/audio.nix
+    ../../modules/audio
-    ../../modules/localization.nix
+    ../../modules/localization
     ../../modules/fonts
     ../../modules/ssh/hardened-openssh.nix
     (import ../../modules/secrets {
@@ -42,17 +42,36 @@ in
     })
   ];
 
+  hardware = {
+    cpu.intel.updateMicrocode = true;
+    # https://wiki.nixos.org/wiki/Intel_Graphics
+    graphics = {
+      enable = true;
+      extraPackages = with pkgs; [
+        intel-media-driver
+        vpl-gpu-rt
+      ];
+    };
+  };
+
+  # https://wiki.nixos.org/wiki/Intel_Graphics
+  environment.sessionVariables = {
+    LIBVA_DRIVER_NAME = "iHD";
+  };
+
   secrets.username = username;
 
-  environment.systemPackages = [ inputs.nvim.packages.x86_64-linux.nvim ];
+  environment.systemPackages = [
-
+    inputs.nvim.packages.x86_64-linux.nvim
-  nix.settings.experimental-features = [
+    (pkgs.writeShellApplication {
-    "nix-command"
+      name = "wol-andromache";
-    "flakes"
+      runtimeInputs = [ pkgs.wakeonlan ];
+      text = ''
+        wakeonlan ${wolInterfaces.eno1.macAddress}
+      '';
+    })
   ];
 
-  nixpkgs.config.allowUnfree = true;
-
   home-manager = {
     useGlobalPkgs = true;
     useUserPackages = true;
@@ -64,9 +83,12 @@ in
   };
 
   networking = {
+    # TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id
     hostId = "80eef97e";
   };
 
+  services.throttled.enable = false;
+
   services.openssh = {
     enable = true;
     harden = true;

hosts/hecuba/default.nix

@@ -0,0 +1,60 @@
+{ pkgs, ... }:
+
+# Also see <https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud>
+
+{
+  imports = [
+    ./hard.nix
+    ../../modules/common
+    ../../modules/ssh/hardened-openssh.nix
+  ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+  };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "ext4";
+  };
+  swapDevices = [
+    {
+      device = "/dev/disk/by-label/swap";
+    }
+  ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sda";
+
+  users.users = {
+    root.hashedPassword = "!";
+    username = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOXPEhdKOVnb6mkeLLUcFGt+mnUR5pMie17JtjrxwgO h@andromache"
+      ];
+    };
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+
+  networking = {
+    firewall.enable = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    vim
+    git
+  ];
+
+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+  };
+
+  services.openssh = {
+    enable = true;
+    harden = true;
+  };
+}

hosts/hecuba/hard.nix

@@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "ahci"
+    "xhci_pci"
+    "virtio_pci"
+    "virtio_scsi"
+    "sd_mod"
+    "sr_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

hosts/vm/default.nix

@@ -10,21 +10,20 @@ let
   username = "h";
 in
 {
-  system.stateVersion = "25.05";
-
   imports = [
+    ../../modules/common
     inputs.disko.nixosModules.disko
     inputs.sops-nix.nixosModules.sops
     inputs.home-manager.nixosModules.default
     ./hard.nix
     ./disk.nix
-    ../../modules/bootloader.nix
+    ../../modules/boot/bootloader.nix
     ../../modules/keyboard
-    (import ../../modules/networking.nix { hostName = "vm"; })
+    (import ../../modules/networking { hostName = "vm"; })
-    ../../modules/users.nix
+    ../../modules/users
-    ../../modules/audio.nix
+    ../../modules/audio
-    ../../modules/localization.nix
+    ../../modules/localization
-    ../../modules/x.nix
+    ../../modules/x
     ../../modules/fonts
     ../../modules/ssh/hardened-openssh.nix
     (import ../../modules/secrets {
@@ -34,17 +33,10 @@ in
     })
   ];
 
-  secrets.username = "h";
+  secrets.username = username;
 
   environment.systemPackages = [ inputs.nvim.packages.x86_64-linux.nvim ];
 
-  nix.settings.experimental-features = [
-    "nix-command"
-    "flakes"
-  ];
-
-  nixpkgs.config.allowUnfree = true;
-
   disko = {
     devices.disk.main.device = "/dev/vda";
     devices.disk.main.imageName = "nixos-vm";

modules/audio/default.nix

@@ -9,4 +9,5 @@
     alsa.support32Bit = true;
     pulse.enable = true;
   };
+  services.pulseaudio.extraConfig = "load-module module-switch-on-connect";
 }

modules/bluetooth.nix

@@ -1,3 +0,0 @@
-{
-  hardware.bluetooth.enable = true;
-}

modules/bluetooth/default.nix

@@ -0,0 +1,15 @@
+{
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = true;
+    settings = {
+      General = {
+        Experimental = true;
+        FastConnectable = true;
+      };
+      Policy = {
+        AutoEnable = true;
+      };
+    };
+  };
+}

modules/common/default.nix

@@ -0,0 +1,10 @@
+{
+  system.stateVersion = "25.05";
+
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  nixpkgs.config.allowUnfree = true;
+}

modules/desktops/niri/default.nix

@@ -0,0 +1,8 @@
+{
+  programs.niri.enable = true;
+
+  services.dbus.enable = true;
+  xdg = {
+    portal.enable = true;
+  };
+}

modules/docker/default.nix

@@ -0,0 +1,44 @@
+{ config, lib, ... }:
+
+let
+  cfg = config.docker;
+in
+{
+  options.docker = {
+    rootless = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+    };
+    user = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+    };
+  };
+  config = lib.mkMerge [
+    {
+      warnings = lib.flatten [
+        (lib.optional (
+          cfg.rootless && cfg.user != null
+        ) "'virtualisation.docker.user' is ignored when rootless mode is enabled")
+        (lib.optional (
+          !cfg.rootless && cfg.user == null
+        ) "'virtualisation.docker.user' is not set (no user is added to the docker group)")
+      ];
+    }
+    (lib.mkIf cfg.rootless {
+      virtualisation.docker = {
+        enable = false;
+        rootless = {
+          enable = true;
+          setSocketVariable = true;
+        };
+      };
+    })
+    (lib.mkIf (!cfg.rootless && cfg.user != null) {
+      virtualisation.docker = {
+        enable = true;
+      };
+      users.users.${cfg.user}.extraGroups = [ "docker" ];
+    })
+  ];
+}

modules/k3s/default.nix

@@ -0,0 +1,79 @@
+{ pkgs, ... }:
+
+{
+  # TODO: see if this works with podman
+  # TODO: check if docker/podman is enabled
+
+  # Rootless K3S
+
+  # FIXME
+  environment.systemPackages = with pkgs; [
+    k3s
+    rootlesskit
+    slirp4netns
+  ];
+
+  # running K3S on rootless docker was causing the following error: "failed to find cpuset cgroup (v2)" (in `docker logs k3d-lab-server-0` output)
+  #
+  # see <https://docs.k3s.io/advanced#known-issues-with-rootless-mode>
+  # see <https://rootlesscontaine.rs/getting-started/common/cgroup2/>
+  # see <https://discourse.nixos.org/t/declarative-rootless-k3s/49839>
+  systemd.services."user@".serviceConfig.Delegate = "cpu cpuset io memory pids";
+
+  # taken from <https://github.com/k3s-io/k3s/blob/main/k3s-rootless.service> as described in <https://docs.k3s.io/advanced#known-issues-with-rootless-mode#Rootless>
+  systemd.user.services."k3s-rootless" = with pkgs; {
+    path = with pkgs; [
+      "${rootlesskit}"
+      "${slirp4netns}"
+      "${fuse-overlayfs}"
+      "${fuse3}"
+      "/run/wrappers"
+    ];
+    # systemd unit file for k3s (rootless)
+    #
+    # Usage:
+    # - [Optional] Enable cgroup v2 delegation, see https://rootlesscontaine.rs/getting-started/common/cgroup2/ .
+    #   This step is optional, but highly recommended for enabling CPU and memory resource limtitation.
+    #
+    # - Copy this file as `~/.config/systemd/user/k3s-rootless.service`.
+    #   Installing this file as a system-wide service (`/etc/systemd/...`) is not supported.
+    #   Depending on the path of `k3s` binary, you might need to modify the `ExecStart=/usr/local/bin/k3s ...` line of this file.
+    #
+    # - Run `systemctl --user daemon-reload`
+    #
+    # - Run `systemctl --user enable --now k3s-rootless`
+    #
+    # - Run `KUBECONFIG=~/.kube/k3s.yaml kubectl get pods -A`, and make sure the pods are running.
+    #
+    # Troubleshooting:
+    # - See `systemctl --user status k3s-rootless` to check the daemon status
+    # - See `journalctl --user -f -u k3s-rootless` to see the daemon log
+    # - See also https://rootlesscontaine.rs/
+    enable = true;
+    description = "k3s (Rootless)";
+    serviceConfig = {
+      # NOTE: Don't try to run `k3s server --rootless` on a terminal, as it doesn't enable cgroup v2 delegation.
+      # If you really need to try it on a terminal, prepend `systemd-run --user -p Delegate=yes --tty` to create a systemd scope.
+      ExecStart = "${k3s}/bin/k3s server --rootless --snapshotter=fuse-overlayfs";
+      ExecReload = "/run/current-system/sw/bin/kill -s HUP $MAINPID";
+      TimeoutSec = 0;
+      RestartSec = 2;
+      Restart = "always";
+      StartLimitBurst = 3;
+      StartLimitInterval = "60s";
+      LimitNOFILE = "infinity";
+      LimitNPROC = "infinity";
+      LimitCORE = "infinity";
+      TasksMax = "infinity";
+      Delegate = "yes";
+      Type = "simple";
+      KillMode = "mixed";
+    };
+
+    wantedBy = [ "default.target" ];
+  };
+
+  boot.kernel.sysctl = {
+    "net.ipv4.ip_forward" = 1;
+  };
+}

modules/secrets/default.nix

@@ -25,6 +25,10 @@ in
         "taskwarrior_sync_server_url".owner = config.users.users.${cfg.username}.name;
         "taskwarrior_sync_server_client_id".owner = config.users.users.${cfg.username}.name;
         "taskwarrior_sync_encryption_secret".owner = config.users.users.${cfg.username}.name;
+        "email_personal".owner = config.users.users.${cfg.username}.name;
+        "email_work".owner = config.users.users.${cfg.username}.name;
+        "anki_sync_user".owner = config.users.users.${cfg.username}.name;
+        "anki_sync_key".owner = config.users.users.${cfg.username}.name;
       };
 
       templates."taskrc.d/sync" = {
@@ -35,6 +39,24 @@ in
           sync.encryption_secret=${config.sops.placeholder."taskwarrior_sync_encryption_secret"}
         '';
       };
+
+      templates.".gitconfig.email" = {
+        owner = config.users.users.${cfg.username}.name;
+        path = "/home/${cfg.username}/.gitconfig.email";
+        content = ''
+          [user]
+            email = ${config.sops.placeholder."email_personal"}
+        '';
+      };
+
+      templates.".gitconfig.work.email" = {
+        owner = config.users.users.${cfg.username}.name;
+        path = "/home/${cfg.username}/.gitconfig.work.email";
+        content = ''
+          [user]
+            email = ${config.sops.placeholder."email_work"}
+        '';
+      };
     };
   };
 }

modules/ssh/hardened-openssh.nix

@@ -10,6 +10,7 @@ in
     services.openssh.settings = optionalAttrs cfg.harden {
       PermitRootLogin = "no";
       PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
       ChallengeResponseAuthentication = false;
       X11Forwarding = false;
       AllowAgentForwarding = false;

modules/x/default.nix

@@ -4,7 +4,7 @@
   services.xserver.windowManager.xmonad = {
     enable = true;
     enableContribAndExtras = true;
-    config = builtins.readFile ../dots/.xmonad/xmonad.hs;
+    config = builtins.readFile ../../dots/.xmonad/xmonad.hs;
   };
 
   services.xserver = {

utils/default.nix

@@ -0,0 +1,7 @@
+{ lib }:
+
+{
+  dirNames =
+    path:
+    builtins.attrNames (lib.filterAttrs (name: type: type == "directory") (builtins.readDir path));
+}