declare taskwarrior for all NixOS hosts

2025-11-23 19:10:52 +01:00
72 changed files with 301 additions and 1557 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -4,5 +4,3 @@ result
 result-*
 nixos-efi-vars.fd
 home/hosts/work/packages.local.nix
--- a/dots/.bin/pomo
+++ b/dots/.bin/pomo
@@ -8,24 +8,19 @@ Pomodoro timer
 - Notification on break finish
 """
 import atexit
 import os
 import atexit
 from argparse import ArgumentParser
 from time import sleep
 from plyer import notification
-POMO_PATH = os.path.join(
+POMO_PATH = os.path.join(os.getenv("XDG_DATA_HOME", os.path.expanduser("~/.local/share")), "pomo")
    os.getenv("XDG_DATA_HOME", os.path.expanduser("~/.local/share")), "pomo"
 )
@atexit.register
 def clear():
    if os.path.exists(POMO_PATH):
        os.remove(POMO_PATH)
 def format_mins_secs(mins, secs):
    return f"{mins:02d}:{secs:02d}"
@@ -39,7 +34,6 @@ def make_countdown():
            os.system(f'echo -n "{time_str}" > {POMO_PATH}')
            sleep(1)
            duration -= 1
    return countdown
@@ -64,23 +58,21 @@ def main(args):
 def handle_signal(signal, frame):
    # Wait for clear to finish
    clear()
-    print("Exiting")
+    print('Exiting')
    exit(0)
-if __name__ == "__main__":
+if __name__ == '__main__':
    parser = ArgumentParser()
-    parser.add_argument(
+    parser.add_argument('-w', '--work-duration', type=int,
-        "-w", "--work-duration", type=int, help="Session duration", default=25
+                        help='Session duration', default=25)
-    )
+    parser.add_argument('-b', '--break-duration', type=int,
-    parser.add_argument(
+                        help='Break duration', default=5)
-        "-b", "--break-duration", type=int, help="Break duration", default=5
+    parser.add_argument('-r', '--repeats', type=int,
-    )
+                        help='Numer of sessions', default=1)
-    parser.add_argument(
+    parser.add_argument('-c', '--clear', action='store_true',
-        "-r", "--repeats", type=int, help="Numer of sessions", default=1
+                        help='Clear timer')
    )
    parser.add_argument("-c", "--clear", action="store_true", help="Clear timer")
    args = parser.parse_args()
--- a/dots/.bin/r5rs
+++ b/dots/.bin/r5rs
@@ -2,8 +2,8 @@
 session="r5rs"
-tmux attach-session -t "$session" || tmux new-session -s "$session" \; \
+tmux attach-session -t $session || tmux new-session -s $session \; \
  split-window -h -t $session \; \
-  send-keys -t 1 "nvim -c \"set ft=scheme\"" C-m \; \
+  send-keys -t 0 "vim" C-m \; \
-  send-keys -t 2 "plt-r5rs --no-prim" C-m \; \
+  send-keys -t 1 "plt-r5rs --no-prim" C-m \; \
-  select-pane -t 1
+  select-pane -t 0
--- a/dots/.bin/save-home
+++ b/dots/.bin/save-home
@@ -22,5 +22,4 @@ restic -r "$RESTIC_REPOSITORY:$HOSTNAME" backup \
  --one-file-system \
  --files-from="$HOME/.resticinclude" \
  --exclude-file="$HOME/.resticexclude" \
  --exclude-if-present=".nobackup" \
  --verbose=3
--- a/dots/.bin/screen-temperature
+++ b/dots/.bin/screen-temperature
@@ -1,12 +1,12 @@
 #!/usr/bin/env python
 import subprocess
 import sys
 import subprocess
 DEFAULT_TEMPERATURE = 3500
 try:
-    with open("/tmp/temperature", "r") as temp_file:
+    with open('/tmp/temperature', 'r') as temp_file:
        current_temperature = int(temp_file.read())
 except FileNotFoundError:
    current_temperature = DEFAULT_TEMPERATURE
@@ -16,8 +16,7 @@ if len(sys.argv) == 1:
    print(current_temperature)
    sys.exit(0)
 elif len(sys.argv) != 2:
-    print(
+    print("""
        """
 Usage:
  screen-temperature
@@ -28,8 +27,7 @@ Usage:
  screen-temperature <+|-><temperature>
      increase or decrease screen temperature by <temperature>
-"""
+""")
    )
    sys.exit(1)
 temperature_change = sys.argv[1]
@@ -43,10 +41,11 @@ else:
 try:
    subprocess.run(["redshift", "-O", str(new_temperature), "-P"], check=True)
-    with open("/tmp/temperature", "w") as temp_file:
+    with open('/tmp/temperature', 'w') as temp_file:
-        temp_file.write(str(new_temperature) + "\n")
+        temp_file.write(str(new_temperature) + '\n')
    # Send notification
-    subprocess.run(["notify-send", str(new_temperature) + "K"])
+    subprocess.run(
        ["notify-send", str(new_temperature) + "K"])
 except subprocess.CalledProcessError:
    print("Error: could not set screen temperature.")
    sys.exit(1)
--- a/dots/.bin/zk
+++ b/dots/.bin/zk
@@ -1,9 +1,7 @@
 #!/usr/bin/env bash
 current_zettel_path="$ZK_PATH/$(cat "$ZK_PATH/current-zettel.txt")"
 if [ "$TERM_PROGRAM" = tmux ]; then
-  cd "$ZK_PATH" && $EDITOR "$current_zettel_path"
+  cd ~/.zk && $EDITOR "$(cat ~/.zk/current-zettel.txt)"
 else
  echo 'Not in tmux'
  echo 'Choose an option:'
@@ -20,12 +18,12 @@ else
      else
        # Create session with a window named 'zk' and start nvim
        tmux new-session -s zk -n zk -d
-        tmux send-keys -t zk:zk "cd $ZK_PATH && $EDITOR $current_zettel_path" Enter
+        tmux send-keys -t zk:zk "cd ~/.zk && $EDITOR \"\$(cat ~/.zk/current-zettel.txt)\"" Enter
        tmux attach -t zk
      fi
      ;;
    2)
-      cd "$ZK_PATH" && $EDITOR "$current_zettel_path"
+      cd ~/.zk && $EDITOR "$(cat ~/.zk/current-zettel.txt)"
      ;;
    *)
      echo 'Not opening Zettelkasten'
--- a/dots/.config/kitty/kitty.conf
+++ b/dots/.config/kitty/kitty.conf
@@ -136,7 +136,7 @@ map f5 goto_tab 5
 map f6 goto_tab 6
 map f7 goto_tab 7
 map f8 goto_tab 8
-# map kitty_mod+c new_tab # FIXME: conflict with 'copy'
+map kitty_mod+c new_tab
 map cmd+t
 map kitty_mod+q
 map cmd+w
--- a/dots/.config/nvim/after/plugin/claude-code.nvim.lua
+++ b/dots/.config/nvim/after/plugin/claude-code.nvim.lua
@@ -1,61 +0,0 @@
 require("claude-code").setup({
  -- Terminal window settings
  window = {
    split_ratio = 0.3, -- Percentage of screen for the terminal window (height for horizontal, width for vertical splits)
    position = "vertical", -- Position of the window: "botright", "topleft", "vertical", "float", etc.
    enter_insert = true, -- Whether to enter insert mode when opening Claude Code
    hide_numbers = true, -- Hide line numbers in the terminal window
    hide_signcolumn = true, -- Hide the sign column in the terminal window
    -- Floating window configuration (only applies when position = "float")
    float = {
      width = "80%", -- Width: number of columns or percentage string
      height = "80%", -- Height: number of rows or percentage string
      row = "center", -- Row position: number, "center", or percentage string
      col = "center", -- Column position: number, "center", or percentage string
      relative = "editor", -- Relative to: "editor" or "cursor"
      border = "rounded", -- Border style: "none", "single", "double", "rounded", "solid", "shadow"
    },
  },
  -- File refresh settings
  refresh = {
    enable = true, -- Enable file change detection
    updatetime = 100, -- updatetime when Claude Code is active (milliseconds)
    timer_interval = 1000, -- How often to check for file changes (milliseconds)
    show_notifications = true, -- Show notification when files are reloaded
  },
  -- Git project settings
  git = {
    use_git_root = true, -- Set CWD to git root when opening Claude Code (if in git project)
  },
  -- Shell-specific settings
  shell = {
    separator = "&&", -- Command separator used in shell commands
    pushd_cmd = "pushd", -- Command to push directory onto stack (e.g., 'pushd' for bash/zsh, 'enter' for nushell)
    popd_cmd = "popd", -- Command to pop directory from stack (e.g., 'popd' for bash/zsh, 'exit' for nushell)
  },
  -- Command settings
  command = "claude", -- Command used to launch Claude Code
  -- Command variants
  command_variants = {
    -- Conversation management
    continue = "--continue", -- Resume the most recent conversation
    resume = "--resume", -- Display an interactive conversation picker
    -- Output options
    verbose = "--verbose", -- Enable verbose logging with full turn-by-turn output
  },
  -- Keymaps
  keymaps = {
    toggle = {
      normal = "<C-,>", -- Normal mode keymap for toggling Claude Code, false to disable
      terminal = "<C-,>", -- Terminal mode keymap for toggling Claude Code, false to disable
      variants = {
        continue = "<leader>cC", -- Normal mode keymap for Claude Code with continue flag
        verbose = "<leader>cV", -- Normal mode keymap for Claude Code with verbose flag
      },
    },
    window_navigation = true, -- Enable window navigation keymaps (<C-h/j/k/l>)
    scrolling = true, -- Enable scrolling keymaps (<C-f/b>) for page up/down
  },
 })
--- a/dots/.config/nvim/after/plugin/codecompanion.nvim.lua
+++ b/dots/.config/nvim/after/plugin/codecompanion.nvim.lua
@@ -1,22 +1,16 @@
 require("codecompanion").setup({
-  ignore_warnings = true,
+  extensions = {
    mcphub = {
      callback = "mcphub.extensions.codecompanion",
      opts = {
        make_vars = true,
        make_slash_commands = true,
        show_result_in_chat = true
      }
    }
  },
  strategies = {
    chat = { adapter = "openai" },
    inline = { adapter = "openai" },
  },
 })
 -- Load mcphub extension after codecompanion is initialized
 -- and ensure the config structure exists
 local ok, cc_config = pcall(require, "codecompanion.config")
 if ok then
  cc_config.interactions = cc_config.interactions or {}
  cc_config.interactions.chat = cc_config.interactions.chat or {}
  cc_config.interactions.chat.tools = cc_config.interactions.chat.tools or {}
  require("mcphub.extensions.codecompanion").setup({
    make_vars = true,
    make_slash_commands = true,
    show_result_in_chat = true,
  })
 end
--- a/dots/.config/nvim/after/plugin/conform.lua
+++ b/dots/.config/nvim/after/plugin/conform.lua
@@ -13,15 +13,14 @@ require("conform").setup({
    gdscript = { "gdformat" },
    haskell = { "ormolu" },
    html = { "prettierd", "prettier", stop_after_first = true },
    lua = { "stylua" }, -- configured in stylua.toml
    markdown = { "prettierd", "prettier", stop_after_first = true },
    nix = { "nixfmt" },
    javascript = { "eslint_d", "eslint", "prettierd", "prettier", stop_after_first = true },
    javascriptreact = { "eslint_d", "eslint", "prettierd", "prettier", stop_after_first = true },
    json = { "prettierd", "prettier", stop_after_first = true },
    jsonc = { "prettierd", "prettier", stop_after_first = true },
    lua = { "stylua" }, -- configured in stylua.toml
    markdown = { "prettierd", "prettier", stop_after_first = true },
    nix = { "nixfmt" },
    python = { "isort", "black" },
    rust = { "rustfmt", lsp_fallback = "fallback" },
    svelte = { "eslint_d", "prettierd", "prettier", stop_after_first = true },
    typescript = { "eslint_d", "prettierd", "prettier", stop_after_first = true },
    typescriptreact = { "eslint_d", "eslint", "prettierd", "prettier", stop_after_first = true },
--- a/dots/.config/nvim/after/plugin/fidget.nvim.lua
+++ b/dots/.config/nvim/after/plugin/fidget.nvim.lua
@@ -1 +0,0 @@
 require("fidget").setup()
--- a/dots/.config/nvim/after/plugin/m_taskwarrior_d.nvim.lua
+++ b/dots/.config/nvim/after/plugin/m_taskwarrior_d.nvim.lua
@@ -1,9 +0,0 @@
 require("m_taskwarrior_d").setup()
 vim.api.nvim_create_autocmd({ "BufEnter", "BufWritePost" }, {
  group = vim.api.nvim_create_augroup("TWTask", { clear = true }),
  pattern = "*.md",
  callback = function()
    vim.cmd("TWSyncTasks")
  end,
 })
--- a/dots/.config/nvim/after/plugin/tailwind-fold.lua
+++ b/dots/.config/nvim/after/plugin/tailwind-fold.lua
--- a/dots/.config/nvim/after/plugin/treesitter.lua
+++ b/dots/.config/nvim/after/plugin/treesitter.lua
@@ -4,13 +4,10 @@ local keymap = vim.keymap
 local opt = vim.opt
 local treesitter_configs = require("nvim-treesitter.configs")
 local nixCatsUtils = require("nixCatsUtils")
 local is_nix = nixCatsUtils.isNixCats
 treesitter_configs.setup({
  -- Basically added what I might need from the docs
  -- <https://github.com/nvim-treesitter/nvim-treesitter?tab=readme-ov-file#supported-languages>
-  ensure_installed = is_nix and {} or {
+  ensure_installed = {
    "awk",
    "bash",
    "bibtex",
@@ -89,7 +86,7 @@ treesitter_configs.setup({
    enable = true,
  },
  sync_install = false,
-  auto_install = not is_nix,
+  auto_install = true,
  ignore_install = {},
  modules = {},
  textobjects = {
--- a/dots/.config/nvim/flake.lock
+++ b/dots/.config/nvim/flake.lock
@@ -1,52 +1,12 @@
 {
  "nodes": {
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
          "mcp-hub",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1743550720,
        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "type": "github"
      }
    },
    "mcp-hub": {
      "inputs": {
        "flake-parts": "flake-parts",
        "nixpkgs": "nixpkgs"
      },
      "locked": {
        "lastModified": 1755841689,
        "narHash": "sha256-KakvXZf0vjdqzyT+LsAKHEr4GLICGXPmxl1hZ3tI7Yg=",
        "owner": "ravitemer",
        "repo": "mcp-hub",
        "rev": "9c7670a4c341ed3cf738a6242c0fde1cea40bccf",
        "type": "github"
      },
      "original": {
        "owner": "ravitemer",
        "repo": "mcp-hub",
        "type": "github"
      }
    },
    "nixCats": {
      "locked": {
-        "lastModified": 1765766809,
+        "lastModified": 1763330129,
-        "narHash": "sha256-3Xp41+Sb1zIzASa1Uu1k1RMUoJ9CGyYb0GtvvpRPBqg=",
+        "narHash": "sha256-KbOeWIF52SV53BOeETGO2C5ewaV2Ex9iaXH7G72gOr8=",
        "owner": "BirdeeHub",
        "repo": "nixCats-nvim",
-        "rev": "fe157e3ed69ed14b55ca81f597eac282caed58a2",
+        "rev": "c81551ed87db2aefab30a12cf7425ff94dc0ad64",
        "type": "github"
      },
      "original": {
@@ -57,27 +17,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1743689281,
+        "lastModified": 1763464769,
-        "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=",
+        "narHash": "sha256-AJHrsT7VoeQzErpBRlLJM1SODcaayp0joAoEA35yiwM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "2bfc080955153be0be56724be6fa5477b4eefabb",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1766532406,
        "narHash": "sha256-acLU/ag9VEoKkzOD202QASX25nG1eArXg5A0mHjKgxM=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "8142186f001295e5a3239f485c8a49bf2de2695a",
+        "rev": "6f374686605df381de8541c072038472a5ea2e2d",
        "type": "github"
      },
      "original": {
@@ -135,30 +79,14 @@
        "type": "github"
      }
    },
    "plugins-m-taskwarrior-d-nvim": {
      "flake": false,
      "locked": {
        "lastModified": 1764933759,
        "narHash": "sha256-4lN/ZQTQ7uMcpjePbf2k913Bs9AYYS6da3iZbckA6oI=",
        "owner": "huantrinh1802",
        "repo": "m_taskwarrior_d.nvim",
        "rev": "279d2c8bcd2779500c1bea71fb9249c97cdb503b",
        "type": "github"
      },
      "original": {
        "owner": "huantrinh1802",
        "repo": "m_taskwarrior_d.nvim",
        "type": "github"
      }
    },
    "plugins-mcphub-nvim": {
      "flake": false,
      "locked": {
-        "lastModified": 1765628564,
+        "lastModified": 1759035242,
-        "narHash": "sha256-nvWqCGRKhbUHsAM/zd+cwFdcoXXxf6EmcCkpN4mElf4=",
+        "narHash": "sha256-I6EbgY/2sAdtrxtmH0qbAAQvMCHhOsfolJfblV0fXOk=",
        "owner": "ravitemer",
        "repo": "mcphub.nvim",
-        "rev": "5193329d510a68f1f5bf189960642c925c177a3a",
+        "rev": "8ff40b5edc649959bb7e89d25ae18e055554859a",
        "type": "github"
      },
      "original": {
@@ -202,11 +130,11 @@
    "plugins-tailwind-fold-nvim": {
      "flake": false,
      "locked": {
-        "lastModified": 1766077142,
+        "lastModified": 1752559116,
-        "narHash": "sha256-SwcDLlygXUSV/dytPXA5Y45OpUhjnExc8SZg5a8MZ2k=",
+        "narHash": "sha256-8uefZIVsn9USEd6FyiO3m3TRKAS/vigU4t9Tk5ijd3c=",
        "owner": "razak17",
        "repo": "tailwind-fold.nvim",
-        "rev": "e2ba5ee1ca9b74208709fe9d7314b8aa753b26a7",
+        "rev": "d9e7ca11691d252b35795726dff087bf013b2ebf",
        "type": "github"
      },
      "original": {
@@ -217,13 +145,11 @@
    },
    "root": {
      "inputs": {
        "mcp-hub": "mcp-hub",
        "nixCats": "nixCats",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
        "plugins-beancount-nvim": "plugins-beancount-nvim",
        "plugins-crazy-node-movement": "plugins-crazy-node-movement",
        "plugins-helm-ls-nvim": "plugins-helm-ls-nvim",
        "plugins-m-taskwarrior-d-nvim": "plugins-m-taskwarrior-d-nvim",
        "plugins-mcphub-nvim": "plugins-mcphub-nvim",
        "plugins-nvimkit-nvim": "plugins-nvimkit-nvim",
        "plugins-shipwright-nvim": "plugins-shipwright-nvim",
--- a/dots/.config/nvim/flake.nix
+++ b/dots/.config/nvim/flake.nix
@@ -2,16 +2,11 @@
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
    nixCats.url = "github:BirdeeHub/nixCats-nvim";
    mcp-hub.url = "github:ravitemer/mcp-hub";
    plugins-shipwright-nvim = {
      url = "github:rktjmp/shipwright.nvim";
      flake = false;
    };
    plugins-m-taskwarrior-d-nvim = {
      url = "github:huantrinh1802/m_taskwarrior_d.nvim";
      flake = false;
    };
    plugins-crazy-node-movement = {
      url = "github:theHamsta/crazy-node-movement";
      flake = false;
@@ -52,11 +47,8 @@
      forEachSystem = utils.eachSystem nixpkgs.lib.platforms.all;
      extra_pkg_config = { };
-      mkDependencyOverlays = system: [
+      dependencyOverlays = [
        (utils.standardPluginOverlay inputs)
        (final: prev: {
          mcp-hub = inputs.mcp-hub.packages.${system}.default;
        })
      ];
      categoryDefinitions =
@@ -70,22 +62,17 @@
              black
              clang
              clang-tools
              delta
              fd
              gawk
              gdtoolkit_4
              isort
-              mcp-hub
+              tree-sitter
              ormolu
              nodePackages.prettier
              nixd
              nixfmt
              nodePackages.prettier
              nodePackages.typescript-language-server
              ormolu
              prettierd
              rustfmt
              shellcheck-minimal
              stylua
              tree-sitter
              vscode-langservers-extracted
            ];
          };
@@ -156,11 +143,7 @@
              copilot-lua
              copilot-cmp
              pkgs.neovimPlugins.helm-ls-nvim
-              kitty-scrollback-nvim
+              pkgs.vimPlugins.kitty-scrollback-nvim
              fidget-nvim
              rustaceanvim
              pkgs.neovimPlugins.m-taskwarrior-d-nvim
              claude-code-nvim
            ];
          };
@@ -197,7 +180,6 @@
    forEachSystem (
      system:
      let
        dependencyOverlays = mkDependencyOverlays system;
        nixCatsBuilder = utils.baseBuilder luaPath {
          inherit
            nixpkgs
@@ -229,32 +211,31 @@
          moduleNamespace = [ defaultPackageName ];
          inherit
            defaultPackageName
            dependencyOverlays
            luaPath
            categoryDefinitions
            packageDefinitions
            extra_pkg_config
            nixpkgs
            ;
          dependencyOverlays = mkDependencyOverlays;
        };
        homeModule = utils.mkHomeModules {
          moduleNamespace = [ defaultPackageName ];
          inherit
            defaultPackageName
            dependencyOverlays
            luaPath
            categoryDefinitions
            packageDefinitions
            extra_pkg_config
            nixpkgs
            ;
          dependencyOverlays = mkDependencyOverlays;
        };
      in
      {
        overlays = utils.makeOverlays luaPath {
-          inherit nixpkgs extra_pkg_config;
+          inherit nixpkgs dependencyOverlays extra_pkg_config;
          dependencyOverlays = mkDependencyOverlays;
        } categoryDefinitions packageDefinitions defaultPackageName;
        nixosModules.default = nixosModule;
--- a/dots/.config/nvim/init.lua
+++ b/dots/.config/nvim/init.lua
@@ -24,5 +24,6 @@ require("reload")
 require("paq-setup") -- when not on nixCats
-vim.opt.background = "dark"
+-- vim.opt.background = "dark"
 -- vim.opt.laststatus = 3
 vim.opt.laststatus = 3
--- a/dots/.config/nvim/lua/paq-setup.lua
+++ b/dots/.config/nvim/lua/paq-setup.lua
@@ -43,5 +43,4 @@ require("nixCatsUtils.catPacker").setup({
  { "zbirenbaum/copilot-cmp" },
  { "qvalentin/helm-ls.nvim", ft = "helm" },
  { "mikesmithgh/kitty-scrollback.nvim" },
  { "greggh/claude-code.nvim" },
 })
--- a/dots/.config/nvim/skeletons/shell.nix
+++ b/dots/.config/nvim/skeletons/shell.nix
@@ -1,4 +1,6 @@
 {
  pkgs ? import <nixpkgs> { },
 }:
-pkgs.mkShell { nativeBuildInputs = with pkgs.buildPackages; [ ]; }
+pkgs.mkShell {
  nativeBuildInputs = with pkgs.buildPackages; [ ];
 }
--- a/dots/.config/nvim/snips/typescriptreact.lua
+++ b/dots/.config/nvim/snips/typescriptreact.lua
@@ -1,12 +0,0 @@
 local ls = require("luasnip")
 local s = ls.snippet
 local t = ls.text_node
 local i = ls.insert_node
 return {
  s("preJ", {
    t("<pre>{JSON.stringify("),
    i(1, "object"), -- first tab stop
    t(", null, 2)}</pre>"),
  }),
 }
--- a/dots/.gitconfig
+++ b/dots/.gitconfig
@@ -1,11 +1,9 @@
 [include]
  path = ~/.gitconfig.email
 [core]
  editor = nvim
  excludesfile = ~/.gitignore
 [user]
  email = hektor.misplon@pm.me
  name = Hektor Misplon
  username = hektor
  signingKey = AEB98353B8D72E465C4236435151AF79E723F21C
@@ -78,6 +76,8 @@
 [merge]
  tool = nvimdiff
  conflictstyle = diff3
 [pull]
  rebase = true
 [diff]
  colorMoved = zebra
 [commit]
@@ -85,11 +85,3 @@
 [interactive]
  singleKey = true
 [pull]
  rebase = true
 [rerere]
  enabled = true
 [includeIf "gitdir:~/work/"]
  path = ~/.gitconfig.work
--- a/dots/.gitconfig.email.example
+++ b/dots/.gitconfig.email.example
@@ -1,2 +0,0 @@
 [user]
  email = your.email@example.com
--- a/dots/.gitconfig.work
+++ b/dots/.gitconfig.work
@@ -1,13 +0,0 @@
 [include]
  path = ~/.gitconfig.work.email
 [core]
  longpaths = true
 [user]
  name = Hektor Misplon
  username = hektor.misplon
  signingKey = 1C88BE828184CEE6
 [commit]
  gpgsign = false
--- a/dots/.gitconfig.work.email.example
+++ b/dots/.gitconfig.work.email.example
@@ -1,2 +0,0 @@
 [user]
  email = your.work.email@example.com
--- a/flake.lock
+++ b/flake.lock
@@ -29,11 +29,11 @@
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1766046711,
+        "lastModified": 1763885608,
-        "narHash": "sha256-PijxRQcvSgQae3qBdY4+IGMsMFL67N3D7sBJdZxDii4=",
+        "narHash": "sha256-eFRbKKMaEHC5EaL7sxfPVFPFsr0Plzx03e1VkJkcsBA=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "7163ab9a8e64cd29c45e8f93fbc038b12056e6fc",
+        "rev": "c94982d5890f4ff0737d57ed97503c1c8d40195c",
        "type": "gitlab"
      },
      "original": {
@@ -43,28 +43,6 @@
        "type": "gitlab"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
          "nvim",
          "mcp-hub",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1743550720,
        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "type": "github"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems"
@@ -90,45 +68,27 @@
        ]
      },
      "locked": {
-        "lastModified": 1765980955,
+        "lastModified": 1758463745,
-        "narHash": "sha256-rB45jv4uwC90vM9UZ70plfvY/2Kdygs+zlQ07dGQFk4=",
+        "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "89c9508bbe9b40d36b3dc206c2483ef176f15173",
+        "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-25.05",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "mcp-hub": {
      "inputs": {
        "flake-parts": "flake-parts",
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1755841689,
        "narHash": "sha256-KakvXZf0vjdqzyT+LsAKHEr4GLICGXPmxl1hZ3tI7Yg=",
        "owner": "ravitemer",
        "repo": "mcp-hub",
        "rev": "9c7670a4c341ed3cf738a6242c0fde1cea40bccf",
        "type": "github"
      },
      "original": {
        "owner": "ravitemer",
        "repo": "mcp-hub",
        "type": "github"
      }
    },
    "nix-secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1765747965,
+        "lastModified": 1763919406,
-        "narHash": "sha256-EHZRRC3piD6vKd4hXiqC+CcDUQCOzrH/CNAF9zBqpDQ=",
+        "narHash": "sha256-WaGxnH7dm63syPt8E4MXbg4XVxQveXPe+cZu3iPz25w=",
        "ref": "main",
-        "rev": "a8e8d953f579939bd72b5f5c6ed332910b598554",
+        "rev": "4423bf215047474ecb89f4d8ad63a04e734b252a",
        "shallow": true,
        "type": "git",
        "url": "ssh://git@github.com/hektor/nix-secrets"
@@ -142,11 +102,11 @@
    },
    "nixCats": {
      "locked": {
-        "lastModified": 1765766809,
+        "lastModified": 1763330129,
-        "narHash": "sha256-3Xp41+Sb1zIzASa1Uu1k1RMUoJ9CGyYb0GtvvpRPBqg=",
+        "narHash": "sha256-KbOeWIF52SV53BOeETGO2C5ewaV2Ex9iaXH7G72gOr8=",
        "owner": "BirdeeHub",
        "repo": "nixCats-nvim",
-        "rev": "fe157e3ed69ed14b55ca81f597eac282caed58a2",
+        "rev": "c81551ed87db2aefab30a12cf7425ff94dc0ad64",
        "type": "github"
      },
      "original": {
@@ -178,11 +138,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1764440730,
+        "lastModified": 1762847253,
-        "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
+        "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
+        "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9",
        "type": "github"
      },
      "original": {
@@ -194,39 +154,22 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1765779637,
+        "lastModified": 1763622513,
-        "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=",
+        "narHash": "sha256-1jQnuyu82FpiSxowrF/iFK6Toh9BYprfDqfs4BB+19M=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4",
+        "rev": "c58bc7f5459328e4afac201c5c4feb7c818d604b",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-unstable",
+        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1743689281,
        "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "2bfc080955153be0be56724be6fa5477b4eefabb",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nvim": {
      "inputs": {
        "mcp-hub": "mcp-hub",
        "nixCats": "nixCats",
        "nixpkgs": [
          "nixpkgs"
@@ -234,7 +177,6 @@
        "plugins-beancount-nvim": "plugins-beancount-nvim",
        "plugins-crazy-node-movement": "plugins-crazy-node-movement",
        "plugins-helm-ls-nvim": "plugins-helm-ls-nvim",
        "plugins-m-taskwarrior-d-nvim": "plugins-m-taskwarrior-d-nvim",
        "plugins-mcphub-nvim": "plugins-mcphub-nvim",
        "plugins-nvimkit-nvim": "plugins-nvimkit-nvim",
        "plugins-shipwright-nvim": "plugins-shipwright-nvim",
@@ -298,30 +240,14 @@
        "type": "github"
      }
    },
    "plugins-m-taskwarrior-d-nvim": {
      "flake": false,
      "locked": {
        "lastModified": 1764933759,
        "narHash": "sha256-4lN/ZQTQ7uMcpjePbf2k913Bs9AYYS6da3iZbckA6oI=",
        "owner": "huantrinh1802",
        "repo": "m_taskwarrior_d.nvim",
        "rev": "279d2c8bcd2779500c1bea71fb9249c97cdb503b",
        "type": "github"
      },
      "original": {
        "owner": "huantrinh1802",
        "repo": "m_taskwarrior_d.nvim",
        "type": "github"
      }
    },
    "plugins-mcphub-nvim": {
      "flake": false,
      "locked": {
-        "lastModified": 1765628564,
+        "lastModified": 1759035242,
-        "narHash": "sha256-nvWqCGRKhbUHsAM/zd+cwFdcoXXxf6EmcCkpN4mElf4=",
+        "narHash": "sha256-I6EbgY/2sAdtrxtmH0qbAAQvMCHhOsfolJfblV0fXOk=",
        "owner": "ravitemer",
        "repo": "mcphub.nvim",
-        "rev": "5193329d510a68f1f5bf189960642c925c177a3a",
+        "rev": "8ff40b5edc649959bb7e89d25ae18e055554859a",
        "type": "github"
      },
      "original": {
@@ -365,11 +291,11 @@
    "plugins-tailwind-fold-nvim": {
      "flake": false,
      "locked": {
-        "lastModified": 1766077142,
+        "lastModified": 1752559116,
-        "narHash": "sha256-SwcDLlygXUSV/dytPXA5Y45OpUhjnExc8SZg5a8MZ2k=",
+        "narHash": "sha256-8uefZIVsn9USEd6FyiO3m3TRKAS/vigU4t9Tk5ijd3c=",
        "owner": "razak17",
        "repo": "tailwind-fold.nvim",
-        "rev": "e2ba5ee1ca9b74208709fe9d7314b8aa753b26a7",
+        "rev": "d9e7ca11691d252b35795726dff087bf013b2ebf",
        "type": "github"
      },
      "original": {
@@ -398,11 +324,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1765836173,
+        "lastModified": 1763870012,
-        "narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=",
+        "narHash": "sha256-AHxFfIu73SpNLAOZbu/AvpLhZ/Szhx6gRPj9ufZtaZA=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63",
+        "rev": "4e7d74d92398b933cc0e0e25af5b0836efcfdde3",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -1,10 +1,11 @@
 {
  inputs = {
    nixpkgs = {
-      url = "github:nixos/nixpkgs/nixos-unstable";
+      url = "github:nixos/nixpkgs?ref=nixos-25.05";
    };
    nixos-hardware = {
      url = "github:NixOS/nixos-hardware/master";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    disko = {
      url = "github:nix-community/disko/latest";
@@ -19,7 +20,7 @@
      flake = false;
    };
    home-manager = {
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager/release-25.05";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixgl = {
@@ -50,9 +51,6 @@
      nvim,
    }@inputs:
    let
      lib = inputs.nixpkgs.lib;
      utils = import ./utils { inherit lib; };
      hostDirNames = utils.dirNames ./hosts;
      system = "x86_64-linux";
      pkgs = import nixpkgs {
        inherit system;
@@ -60,21 +58,28 @@
      };
    in
    {
-      nix.nixPath = [
+      nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; # <https://github.com/nix-community/nixd/blob/main/nixd/docs/configuration.md>
-        "nixpkgs=${inputs.nixpkgs}"
+      nixosConfigurations = {
-      ]; # <https://github.com/nix-community/nixd/blob/main/nixd/docs/configuration.md>
+        vm = nixpkgs.lib.nixosSystem {
-      nixosConfigurations = lib.genAttrs hostDirNames (
+          modules = [ ./hosts/vm ];
        host:
        nixpkgs.lib.nixosSystem {
          modules = [ ./hosts/${host} ];
          specialArgs = { inherit inputs; };
-        }
+        };
-      );
+        andromache = nixpkgs.lib.nixosSystem {
          modules = [ ./hosts/andromache ];
          specialArgs = { inherit inputs; };
        };
        astyanax = nixpkgs.lib.nixosSystem {
          modules = [ ./hosts/astyanax ];
          specialArgs = { inherit inputs; };
        };
      };
      homeConfigurations = {
        work = home-manager.lib.homeManagerConfiguration {
          inherit pkgs;
          modules = [ ./home/hosts/work ];
-          extraSpecialArgs = { inherit inputs; };
+          extraSpecialArgs = {
            inherit inputs;
          };
        };
      };
    };
--- a/home/hosts/andromache/default.nix
+++ b/home/hosts/andromache/default.nix
@@ -1,83 +1 @@
-{
+import ../astyanax
  lib,
  inputs,
  config,
  pkgs,
  ...
 }:
 let
  username = "h";
 in
 {
  imports = [
    ../../modules/desktop/niri
    ../../modules/git.nix
    ../../modules/k9s.nix
    (import ../../modules/taskwarrior.nix {
      inherit config;
      inherit pkgs;
    })
    (import ../../modules/keepassxc.nix { inherit pkgs; })
    (import ../../modules/anki.nix {
      inherit config;
      inherit pkgs;
    })
  ];
  home.stateVersion = "25.05";
  home.username = username;
  home.homeDirectory = "/home/${username}";
  xdg.userDirs.createDirectories = false;
  xdg.userDirs.download = "${config.home.homeDirectory}/dl";
  programs = {
    bash = {
      enable = true;
      enableCompletion = true;
      initExtra = ''
        for f in /home/${username}/.bashrc.d/*; do
          [ -f "$f" ] && source "$f"
        done
        source /home/${username}/.bash_aliases/all
        source /home/${username}/.bash_aliases/lang-js
        # host-specific config goes here
        # ...
        export PATH=${../../../dots/.bin}:$PATH
      '';
    };
    firefox = import ../../modules/firefox.nix {
      inherit inputs;
      inherit pkgs;
      inherit config;
    };
    fzf = {
      enable = true;
      enableBashIntegration = true;
    };
    home-manager.enable = true;
    taskwarrior.config.recurrence = lib.mkForce "on";
  };
  home.packages = import ../packages.nix {
    inherit pkgs;
    inherit config;
  };
  home.file = {
    ".inputrc".source = ../../../dots/.inputrc;
    ".bashrc.d/prompt".source = ../../../dots/.bashrc.d/prompt;
    ".bashrc.d/editor".source = ../../../dots/.bashrc.d/editor;
    ".bash_aliases/all".source = ../../../dots/.bash_aliases/all;
    ".bash_aliases/lang-js".source = ../../../dots/.bash_aliases/lang-js;
    ".config/kitty/kitty.conf".source = ../../../dots/.config/kitty/kitty.conf;
    ".config/kitty/themes/zenwritten_light.conf".source =
      ../../../dots/.config/kitty/themes/zenwritten_light.conf;
    ".config/kitty/themes/zenwritten_dark.conf".source =
      ../../../dots/.config/kitty/themes/zenwritten_dark.conf;
  };
 }
--- a/home/hosts/astyanax/default.nix
+++ b/home/hosts/astyanax/default.nix
@@ -5,24 +5,19 @@
  ...
 }:
 let
  username = "h";
 in
 {
  imports = [
-    ../../modules/desktop/niri
+    ../../modules/dconf.nix # TODO: Only enable when on Gnome?
    ../../modules/git.nix
    ../../modules/k9s.nix
    (import ../../modules/taskwarrior.nix {
      inherit config;
      inherit pkgs;
    })
    (import ../../modules/keepassxc.nix { inherit pkgs; })
  ];
  home.stateVersion = "25.05";
-  home.username = username;
+  home.username = "h";
-  home.homeDirectory = "/home/${username}";
+  home.homeDirectory = "/home/h";
  xdg.userDirs.createDirectories = false;
  xdg.userDirs.download = "${config.home.homeDirectory}/dl";
@@ -32,12 +27,12 @@ in
      enable = true;
      enableCompletion = true;
      initExtra = ''
-        for f in /home/${username}/.bashrc.d/*; do
+        for f in /home/h/.bashrc.d/*; do
          [ -f "$f" ] && source "$f"
        done
-        source /home/${username}/.bash_aliases/all
+        source /home/h/.bash_aliases/all
-        source /home/${username}/.bash_aliases/lang-js
+        source /home/h/.bash_aliases/lang-js
        # host-specific config goes here
        # ...
@@ -55,9 +50,10 @@ in
      enableBashIntegration = true;
    };
    home-manager.enable = true;
    keepassxc = import ../../modules/keepassxc.nix;
  };
-  home.packages = import ../packages.nix {
+  home.packages = import ./packages.nix {
    inherit pkgs;
    inherit config;
  };
--- a/home/hosts/astyanax/packages.nix
+++ b/home/hosts/astyanax/packages.nix
@@ -0,0 +1,53 @@
 { pkgs, ... }:
 with pkgs;
 [
  bash-completion
  bash-language-server
  bat
  brightnessctl
  entr
  eslint_d
  feh
  fzf
  gh
  git
  haskell-language-server
  haskellPackages.pandoc-crossref
  haskellPackages.hadolint
  htop
  jq
  kitty
  lua-language-server
  nixfmt-rfc-style
  nmap
  nodejs_24
  nodePackages.ts-node
  nvimpager
  ormolu
  pandoc
  parallel
  pass
  pnpm
  ripgrep
  silver-searcher
  sops
  sshfs
  stylelint
  svelte-language-server
  tailwindcss-language-server
  tldr
  tmux
  tmuxp
  tree
  tree-sitter
  typescript-language-server
  unzip
  vim-language-server
  vimPlugins.vim-plug
  vtsls
  wget
  xbanish
  xclip
  yaml-language-server
 ]
--- a/home/hosts/packages.nix
+++ b/home/hosts/packages.nix
@@ -1,36 +0,0 @@
 { pkgs, ... }:
 with pkgs;
 [
  bash-completion
  bat
  entr
  feh
  fzf
  gh
  git
  haskellPackages.pandoc-crossref
  htop
  jq
  kitty
  nixfmt-rfc-style
  nmap
  nodejs_24
  nvimpager
  pandoc
  parallel
  pass
  pnpm
  ripgrep
  signal-desktop
  silver-searcher
  sops
  sshfs
  tldr
  tmux
  tmuxp
  tree
  unzip
  vimPlugins.vim-plug
  wget
 ]
--- a/home/hosts/work/default.nix
+++ b/home/hosts/work/default.nix
@@ -5,42 +5,41 @@
  ...
 }:
 let
  username = "hektor";
 in
 {
  imports = [
-    ../../modules/dconf.nix
+    inputs.sops-nix.homeManagerModules.sops
-    ../../modules/git.nix
+    ../../modules/dconf.nix # TODO: Only enable when on Gnome?
    ../../modules/k9s.nix
    (import ../../modules/keepassxc.nix { inherit pkgs; })
  ];
  nixpkgs.config.allowUnfree = true;
  home.stateVersion = "25.05";
-  home.username = username;
+  home.username = "hektor";
-  home.homeDirectory = "/home/${username}";
+  home.homeDirectory = "/home/hektor";
-  targets.genericLinux.nixGL = {
+  sops = {
    defaultSopsFile = "${builtins.toString inputs.nix-secrets}/secrets.yaml";
    defaultSopsFormat = "yaml";
    age.keyFile = "/home/${config.home.username}/.config/sops/age/keys.txt";
    secrets."test" = { };
  };
  nixGL = {
    packages = inputs.nixgl.packages;
    defaultWrapper = "mesa";
  };
  programs = {
-    # editorconfig.enable = true;
+    anki = import ../../modules/anki.nix;
    firefox = import ../../modules/firefox.nix {
      inherit inputs;
      inherit pkgs;
      inherit config;
    };
-    gh.enable = true;
+    git = import ../../modules/git.nix;
-    kubecolor.enable = true;
+    keepassxc = import ../../modules/keepassxc.nix;
  };
  home.packages = import ./packages.nix {
    inherit inputs;
    inherit config;
    inherit pkgs;
    inherit config;
  };
 }
--- a/home/hosts/work/packages.nix
+++ b/home/hosts/work/packages.nix
@@ -1,19 +1,4 @@
-{
+{ pkgs, config, ... }:
  inputs,
  config,
  pkgs,
  ...
 }:
-let
+with pkgs;
-  localPackages =
+[ ]
    if builtins.pathExists ./packages.local.nix then
      import ./packages.local.nix { inherit inputs config pkgs; }
    else
      [ ];
 in
 (with pkgs; [
  inputs.nvim.packages.x86_64-linux.nvim
 ])
 ++ localPackages
--- a/home/modules/anki.nix
+++ b/home/modules/anki.nix
@@ -1,16 +1,3 @@
 { config, pkgs, ... }:
 {
-  programs.anki = {
+  enable = true;
    enable = true;
    addons = with pkgs.ankiAddons; [
      anki-connect
      puppy-reinforcement
      review-heatmap
    ];
    sync = {
      usernameFile = "${config.sops.secrets."anki_sync_user".path}";
      keyFile = "${config.sops.secrets."anki_sync_key".path}";
    };
  };
 }
--- a/home/modules/dconf.nix
+++ b/home/modules/dconf.nix
@@ -7,107 +7,5 @@
    "org/gnome/desktop/interface" = {
      color-scheme = "prefer-dark";
    };
    "org/gnome/desktop/applications/terminal" = {
      exec = "kitty";
      exec-arg = "";
    };
    "org/gnome/desktop/background" = {
      color-shading-type = "solid";
      picture-opacity = 100;
      picture-options = "zoom";
      picture-uri = "none";
      picture-uri-dark = "none";
      primary-color = "#555555";
      secondary-color = "#555555";
      show-desktop-icons = false;
    };
    # "org/gnome/desktop/input-sources" = {
    #   sources = [
    #     (mkTuple [
    #       "xkb"
    #       "us"
    #     ])
    #   ];
    #   xkb-options = [ "caps:none" ];
    # };
    "org/gnome/desktop/wm/keybindings" = {
      close = [ "<Shift><Super>Delete" ];
      cycle-group = [ ];
      cycle-group-backward = [ ];
      cycle-panels = [ ];
      cycle-panels-backward = [ ];
      cycle-windows = [ ];
      cycle-windows-backward = [ ];
      maximize = [ "<Super> " ];
      minimize = [ ];
      move-to-workspace-1 = [ "<Super><Shift>a" ];
      move-to-workspace-2 = [ "<Super><Shift>s" ];
      move-to-workspace-3 = [ "<Super><Shift>d" ];
      move-to-workspace-4 = [ "<Super><Shift>f" ];
      move-to-workspace-5 = [ "<Super><Shift>g" ];
      move-to-workspace-last = [ ];
      move-to-workspace-left = [ "<Super><Shift>h" ];
      move-to-workspace-right = [ "<Super><Shift>l" ];
      panel-run-dialog = [ ];
      switch-applications = [ "<Super>j" ];
      switch-applications-backward = [ "<Super>k" ];
      switch-group = [ ];
      switch-group-backward = [ ];
      switch-input-source = [ ];
      switch-input-source-backward = [ ];
      switch-panels = [ ];
      switch-panels-backward = [ ];
      switch-to-workspace-1 = [ "<Super>a" ];
      switch-to-workspace-2 = [ "<Super>s" ];
      switch-to-workspace-3 = [ "<Super>d" ];
      switch-to-workspace-4 = [ "<Super>f" ];
      switch-to-workspace-5 = [ "<Super>g" ];
      switch-to-workspace-last = [ ];
      switch-to-workspace-left = [ "<Super>h" ];
      switch-to-workspace-right = [ "<Super>l" ];
      switch-windows = [ ];
      switch-windows-backward = [ ];
      toggle-maximized = [ "<Super>space" ];
      unmaximize = [ ];
    };
    "org/gnome/desktop/wm/preferences" = {
      num-workspaces = 5;
      workspace-names = [
        "sh"
        "www"
        "dev"
        "info"
        "etc"
      ];
    };
    "org/gnome/settings-daemon/plugins/media-keys" = {
      custom-keybindings = [
        "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
      ];
    };
    "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
      binding = "Print";
      command = "flameshot gui";
      name = "flameshot";
    };
    "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
      binding = "<Super>Return";
      command = "kitty";
      name = "Kitty";
    };
    "org/gnome/shell/keybindings" = {
      screenshot = [ "Print" ];
      toggle-application-view = [ "<Super>p" ];
      toggle-quick-settings = [ ];
    };
  };
 }
--- a/home/modules/desktop/niri/config.kdl
+++ b/home/modules/desktop/niri/config.kdl
@@ -1,183 +0,0 @@
 input {
    touchpad {
        tap
        natural-scroll
    }
    mouse {
        accel-profile "flat"
    }
 }
 // NOTE: monitors are managed using `shikane` instead, as I assume this to be
 // too limited for multiple multimonitor configurations. Below is an example
 // for a simple, fixed, vertical dual monitor setup
 // output "eDP-1" {
 //   position x=0 y=1440
 // }
 //
 // output "DP-5" {
 //   position x=0 y=0
 // }
 layout {
    gaps 4
    struts {}
    center-focused-column "never"
    preset-column-widths {
        proportion 0.382
        proportion 0.618
        proportion 1.0
    }
    default-column-width { }
    focus-ring {
        off
    }
    border {
        width 2
        active-color "#555555"
        inactive-color "#55555511"
        urgent-color "#ff0000"
    }
    shadow {
        on
        softness 32
        spread 4
        offset x=0 y=0
        color "#0007"
    }
 }
 spawn-at-startup "wlsunset -l 51.05 -L 3.72"
 spawn-at-startup "waybar"
 hotkey-overlay {
    skip-at-startup
 }
 prefer-no-csd
 screenshot-path "~/doc/screenshots/%Y-%m-%d %H-%M-%S.png"
 // https://yalter.github.io/niri/Configuration:-Animations
 animations {
    slowdown 0.66
 }
 window-rule {
    match app-id=r#"firefox$"# title="^Picture-in-Picture$"
    open-floating true
 }
 window-rule {
    match app-id=r#"^org\.keepassxc\.KeePassXC$"#
    block-out-from "screen-capture"
 }
 window-rule {
    geometry-corner-radius 0
    clip-to-geometry true
 }
 gestures {
  hot-corners {
    off
  }
 }
 binds {
    Mod+Slash { show-hotkey-overlay; }
    Mod+Return hotkey-overlay-title="Open a Terminal: kitty"     { spawn "kitty"; }
    Mod+P hotkey-overlay-title="Run an Application: fuzzel"      { spawn "fuzzel"; }
    Super+Alt+L hotkey-overlay-title="Lock the Screen: swaylock" { spawn "swaylock"; }
    XF86AudioRaiseVolume allow-when-locked=true { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1+"; }
    XF86AudioLowerVolume allow-when-locked=true { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1-"; }
    XF86AudioMute        allow-when-locked=true { spawn-sh "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; }
    XF86AudioMicMute     allow-when-locked=true { spawn-sh "wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle"; }
    Mod+Shift+XF86Display { power-off-monitors; }
    XF86MonBrightnessUp allow-when-locked=true   { spawn "brightnessctl" "--class=backlight" "set" "+10%"; }
    XF86MonBrightnessDown allow-when-locked=true { spawn "brightnessctl" "--class=backlight" "set" "10%-"; }
    Mod+O repeat=false            { toggle-overview; }
    Mod+Delete repeat=false { close-window; }
    Mod+H { focus-column-left; }
    Mod+J { focus-window-or-workspace-down; }
    Mod+K { focus-window-or-workspace-up; }
    Mod+L { focus-column-right; }
    Mod+Shift+H { move-column-left; }
    Mod+Shift+J { move-window-down-or-to-workspace-down; }
    Mod+Shift+K { move-window-up-or-to-workspace-up; }
    Mod+Shift+L { move-column-right; }
    Mod+Home      { focus-column-first; }
    Mod+End       { focus-column-last; }
    Mod+Ctrl+Home { move-column-to-first; }
    Mod+Ctrl+End  { move-column-to-last; }
    Mod+Left        { focus-monitor-left; }
    Mod+Down        { focus-monitor-down; }
    Mod+Up          { focus-monitor-up; }
    Mod+Right       { focus-monitor-right; }
    Mod+Shift+Left  { move-column-to-monitor-left; }
    Mod+Shift+Down  { move-column-to-monitor-down; }
    Mod+Shift+Up    { move-column-to-monitor-up; }
    Mod+Shift+Right { move-column-to-monitor-right; }
    Mod+Ctrl+Up   { move-workspace-down; }
    Mod+Ctrl+Down { move-workspace-up; }
    // Mod+WheelScrollDown       cooldown-ms=150 { focus-workspace-down; }
    // Mod+WheelScrollUp         cooldown-ms=150 { focus-workspace-up; }
    // Mod+Shift+WheelScrollDown cooldown-ms=150 { move-window-down-or-to-workspace-down; }
    // Mod+Shift+WheelScrollUp   cooldown-ms=150 { move-window-up-or-to-workspace-up; }
    // Mod+A { focus-workspace 1; }
    // Mod+S { focus-workspace 2; }
    // Mod+D { focus-workspace 3; }
    // Mod+F { focus-workspace 4; }
    // Mod+Shift+A { move-column-to-workspace 1; }
    // Mod+Shift+S { move-column-to-workspace 2; }
    // Mod+Shift+D { move-column-to-workspace 3; }
    // Mod+Shift+F { move-column-to-workspace 4; }
    Mod+Tab { focus-workspace-previous; }
    Mod+BracketLeft  { consume-or-expel-window-left; }
    Mod+BracketRight { consume-or-expel-window-right; }
    Mod+Comma  { consume-window-into-column; }
    Mod+Period { expel-window-from-column; }
    Mod+N       { switch-preset-column-width; }
    Mod+Shift+N { switch-preset-window-height; }
    Mod+Ctrl+R  { reset-window-height; }
    Mod+Space       { maximize-column; }
    Mod+Shift+Space { fullscreen-window; }
    Mod+Escape       { toggle-window-floating; }
    Mod+Shift+Escape { switch-focus-between-floating-and-tiling; }
    Mod+Ctrl+F { expand-column-to-available-width; }
    Mod+C      { center-column; }
    Mod+Ctrl+C { center-visible-columns; }
    Mod+Minus       { set-column-width "-10%"; }
    Mod+Equal       { set-column-width "+10%"; }
    Mod+Shift+Minus { set-window-height "-10%"; }
    Mod+Shift+Equal { set-window-height "+10%"; }
    Mod+W { toggle-column-tabbed-display; }
    Print      { screenshot; }
    Ctrl+Print { screenshot-screen; }
    Alt+Print  { screenshot-window; }
    Mod+Shift+Delete { quit; }
 }
--- a/home/modules/desktop/niri/default.nix
+++ b/home/modules/desktop/niri/default.nix
@@ -1,18 +0,0 @@
 { pkgs, ... }:
 {
  imports = [
    ../../fuzzel
    ../../mako
    ../../shikane
    ../../waybar
  ];
  home = {
    file.".config/niri/config.kdl".source = ./config.kdl;
    packages = with pkgs; [
      wl-clipboard
      wlsunset
    ];
  };
 }
--- a/home/modules/firefox.nix
+++ b/home/modules/firefox.nix
@@ -5,6 +5,9 @@
  nativeMessagingHosts = with pkgs; [
    tridactyl-native
  ];
  policies = {
    DefaultDownloadDirectory = "\${home}/dl";
  };
  profiles = {
    default = {
      settings = {
@@ -54,7 +57,6 @@
    };
  };
  policies = {
    DefaultDownloadDirectory = "\${home}/dl";
    ExtensionSettings = {
      "jid1-ZAdIEUB7XOzOJw@jetpack" = {
        default_area = "navbar";
--- a/home/modules/fuzzel/default.nix
+++ b/home/modules/fuzzel/default.nix
@@ -1,28 +0,0 @@
 {
  programs.fuzzel = {
    enable = true;
    settings = {
      main = {
        font = "Iosevka Term SS08";
        horizontal-pad = 0;
        vertical-pad = 0;
      };
      colors = {
        background = "ccccccff";
        text = "111111ff";
        prompt = "ccccccff";
        placeholder = "aaaaaaff";
        input = "111111ff";
        selection = "eeeeeeff";
        selection-text = "111111ff";
        selection-match = "333333ff";
        counter = "111111ff";
        border = "111111ff";
      };
      border = {
        width = 2;
        radius = 0;
      };
    };
  };
 }
--- a/home/modules/git.nix
+++ b/home/modules/git.nix
@@ -2,7 +2,6 @@
  programs.git.enable = true;
  home.file = {
    ".gitconfig".source = ../../dots/.gitconfig;
    ".gitconfig.work".source = ../../dots/.gitconfig.work;
    ".gitignore".source = ../../dots/.gitignore;
  };
 }
--- a/home/modules/k9s.nix
+++ b/home/modules/k9s.nix
@@ -1,11 +0,0 @@
 {
  programs.k9s = {
    enable = true;
    settings.k9s = {
      ui = {
        logoless = true;
        reactive = true;
      };
    };
  };
 }
--- a/home/modules/keepassxc.nix
+++ b/home/modules/keepassxc.nix
@@ -1,11 +1,4 @@
 { pkgs, ... }:
 {
-  programs.keepassxc = {
+  enable = true;
-    enable = true;
+  # TODO: https://mynixos.com/home-manager/option/programs.keepassxc.settings
    settings = {
      Browser.Enabled = true;
    };
  };
  # programs.firefox.nativeMessagingHosts = [ pkgs.keepassxc ]; # FIXME: Resolve 'Access error for config file $HOME/.config/keepassxc/keepassxc.ini' error
 }
--- a/home/modules/mako/default.nix
+++ b/home/modules/mako/default.nix
@@ -1,5 +0,0 @@
 {
  services.mako = {
    enable = true;
  };
 }
--- a/home/modules/shikane/default.nix
+++ b/home/modules/shikane/default.nix
@@ -1,6 +0,0 @@
 { pkgs, ... }:
 {
  home.packages = with pkgs; [ wdisplays ];
  services.shikane.enable = true;
 }
--- a/home/modules/taskwarrior.nix
+++ b/home/modules/taskwarrior.nix
@@ -35,17 +35,12 @@
    package = taskwarrior3;
    colorTheme = "dark-256";
    config = {
-      # sync = {
+      sync = {
-      #   server.url = "${builtins.readFile config.sops.secrets."taskwarrior_sync_server_url".path}";
+        server.url = config.sops.secrets."taskwarrior_sync_server_url".path;
-      #   server.client_id = "${builtins.readFile
+        server.client_id = config.sops.secrets."taskwarrior_sync_server_client_id".path;
-      #     config.sops.secrets."taskwarrior_sync_server_client_id".path
+        encryption_secret = config.sops.secrets."taskwarrior_sync_encryption_secret".path;
-      #   }";
+      };
-      #   encryption_secret = "${builtins.readFile
+      recurrence = "off"; # TODO: enable only on andromache
      #     config.sops.secrets."taskwarrior_sync_encryption_secret".path
      #   }";
      # };
      recurrence = "off";
    };
    extraConfig = "include ${config.sops.templates."taskrc.d/sync".path}";
  };
 }
--- a/home/modules/waybar/config.jsonc
+++ b/home/modules/waybar/config.jsonc
@@ -1,57 +0,0 @@
 [
  {
    "height": 16,
    "spacing": 4,
    "modules-left": ["niri/workspaces"],
    "modules-right": [
      "pulseaudio",
      "memory",
      "cpu",
      "network",
      "clock",
      "battery",
    ],
    "clock": {
      "format": "W{:%V %d %b %H:%M}",
      "tooltip-format": "{calendar}",
      "format-alt": "{:%Y-%m-%d %H:%M:%S}",
    },
    "battery": {
      "bat": "BAT0",
      "adapter": "ADP1",
      "interval": 5,
      "full-at": 99,
      "states": {
        "good": 80,
        "warning": 20,
        "critical": 10,
      },
      "format": "{capacity}%--",
      "format-charging": "{capacity}%++",
      "format-plugged": "{capacity}%",
      "format-alt": "{time} {power}W",
    },
    "pulseaudio": {
      "format": "VOL {volume}%",
      "format-muted": "muted",
      "on-click": "pavucontrol",
    },
    "memory": {
      "interval": 2,
      "format": "RAM {percentage}%",
      "format-alt": "RAM {used:0.1f}G/{total:0.1f}G",
    },
    "cpu": {
      "interval": 2,
      "format": "CPU {usage}%",
      "format-alt": "CPU {avg_frequency}GHz",
    },
    "network": {
      "interval": 5,
      "format-wifi": "{ifname} {ipaddr} {essid}",
      "format-ethernet": "{ifname} {ipaddr}",
      "format-disconnected": "{ifname} disconnected",
      "tooltip-format": "{ifname}: {ipaddr}/{cidr}",
    },
  },
 ]
--- a/home/modules/waybar/default.nix
+++ b/home/modules/waybar/default.nix
@@ -1,8 +0,0 @@
 {
  programs.waybar = {
    enable = true;
  };
  home.file.".config/waybar/config.jsonc".source = ./config.jsonc;
  home.file.".config/waybar/style.css".source = ./style.css;
 }
--- a/home/modules/waybar/style.css
+++ b/home/modules/waybar/style.css
@@ -1,56 +0,0 @@
 * {
  font-family:
    Iosevka Term SS08,
    monospace;
  font-size: 12px;
  border-radius: 0px;
 }
 .modules-left,
 .modules-center,
 .modules-right {
  margin: 4px;
  margin-bottom: 0;
 }
 window#waybar {
  background-color: transparent;
 }
 window#waybar.hidden {
  opacity: 0.2;
 }
 #workspaces button {
  padding: 0;
  background-color: transparent;
 }
 #workspaces button:hover {
  background: #000000;
 }
 #workspaces button.focused,
 #workspaces button.active {
  background-color: #111111;
 }
 #workspaces button.urgent {
  background-color: #eb4d4b;
 }
 #clock,
 #battery,
 #pulseaudio,
 #memory,
 #cpu,
 #network {
  padding: 0 4px;
  color: #ffffff;
  background-color: #111111;
 }
 #window,
 #workspaces {
  margin: 0;
 }
--- a/hosts/andromache/default.nix
+++ b/hosts/andromache/default.nix
@@ -6,43 +6,30 @@
  ...
 }:
 let
  username = "h";
  wolInterfaces = import ./wol-interfaces.nix;
 in
 {
  system.stateVersion = "25.05";
  imports = [
    ../../modules/common
    inputs.disko.nixosModules.disko
    inputs.sops-nix.nixosModules.sops
    inputs.home-manager.nixosModules.default
    ./hard.nix
-    ../../modules/boot/bootloader.nix
+    ../../modules/bootloader.nix
-    (import ../../modules/disko/zfs-encrypted-root.nix {
+    (import ../../modules/disko.zfs-encrypted-root.nix {
      device = "/dev/nvme1n1";
      inherit lib;
      inherit config;
    })
-    ../../modules/desktops/niri
+    ../../modules/gnome.nix
-    ../../modules/bluetooth
+    ../../modules/bluetooth.nix
    ../../modules/keyboard
-    (import ../../modules/networking { hostName = "andromache"; })
+    (import ../../modules/networking.nix { hostName = "andromache"; })
-    ../../modules/users
+    ../../modules/users.nix
-    ../../modules/audio
+    ../../modules/audio.nix
-    ../../modules/localization
+    ../../modules/localization.nix
    ../../modules/fonts
    ../../modules/ssh/hardened-openssh.nix
    (import ../../modules/secrets {
      inherit lib;
      inherit inputs;
      inherit config;
    })
    ../../modules/docker
  ];
  secrets.username = username;
  docker.user = username;
  disko.devices = {
    disk.data = {
      type = "disk";
@@ -78,17 +65,27 @@ in
  environment.systemPackages = [ inputs.nvim.packages.x86_64-linux.nvim ];
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];
  nixpkgs.config.allowUnfree = true;
  home-manager = {
    useGlobalPkgs = true;
    useUserPackages = true;
-    users.${username} = import ../../home/hosts/andromache {
+    users.h = import ../../home/hosts/andromache {
      inherit lib;
      inherit inputs;
      inherit config;
      inherit pkgs;
    };
  };
  networking = {
    hostId = "80eef97e";
  };
  services.xserver = {
    videoDrivers = [ "nvidia" ];
  };
@@ -101,37 +98,21 @@ in
  services.syncthing = {
    enable = true;
    openDefaultPorts = true;
-    settings = {
+    folders = {
-      devices = {
+      "/home/h/sync" = {
-        # "device1" = {
+        id = "sync";
-        #   id = "DEVICE-ID-GOES-HERE";
+        devices = [ ];
        # };
      };
      folders = {
        "/home/${username}/sync" = {
          id = "sync";
          devices = [ ];
        };
      };
    };
    devices = {
      # "device1" = {
      #   id = "DEVICE-ID-GOES-HERE";
      # };
    };
  };
  services.locate = {
    enable = true;
    package = pkgs.plocate;
  };
  networking = {
    # TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id
    hostId = "80eef97e";
    interfaces = {
      eno1 = {
        wakeOnLan.enable = true;
        macAddress = wolInterfaces.eno1.macAddress;
      };
    };
    firewall = {
      allowedUDPPorts = [ 9 ];
    };
  };
 }
--- a/hosts/andromache/hard.nix
+++ b/hosts/andromache/hard.nix
@@ -1,29 +1,14 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
+{ config, lib, pkgs, modulesPath, ... }:
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
-  imports = [
+  imports =
-    (modulesPath + "/installer/scan/not-detected.nix")
+    [ (modulesPath + "/installer/scan/not-detected.nix")
-  ];
+    ];
-  boot.initrd.availableKernelModules = [
+  boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "uas" "sd_mod" ];
    "vmd"
    "xhci_pci"
    "ahci"
    "nvme"
    "usbhid"
    "usb_storage"
    "uas"
    "sd_mod"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
--- a/hosts/andromache/wol-interfaces.nix
+++ b/hosts/andromache/wol-interfaces.nix
@@ -1,3 +0,0 @@
 {
  eno1.macAddress = "02:68:b3:29:da:98";
 }
--- a/hosts/astyanax/default.nix
+++ b/hosts/astyanax/default.nix
@@ -6,76 +6,59 @@
  ...
 }:
 let
  username = "h";
  hostName = "astyanax";
  wolInterfaces = import ../andromache/wol-interfaces.nix;
 in
 {
  system.stateVersion = "25.05";
  imports = [
    ../../modules/common
    inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e14-intel
    inputs.disko.nixosModules.disko
    inputs.sops-nix.nixosModules.sops
    inputs.home-manager.nixosModules.default
    ./hard.nix
-    ../../modules/boot/bootloader.nix
+    ../../modules/bootloader.nix
-    (import ../../modules/disko/zfs-encrypted-root.nix {
+    (import ../../modules/disko.zfs-encrypted-root.nix {
      inherit lib;
      inherit config;
      device = "/dev/nvme0n1";
    })
-    ../../modules/desktops/niri
+    ../../modules/gnome.nix
-    ../../modules/bluetooth
+    ../../modules/bluetooth.nix
    ../../modules/keyboard
-    (import ../../modules/networking { hostName = hostName; })
+    (import ../../modules/networking.nix { hostName = "astyanax"; })
-    ../../modules/users
+    ../../modules/users.nix
-    ../../modules/audio
+    ../../modules/audio.nix
-    ../../modules/localization
+    ../../modules/localization.nix
    ../../modules/fonts
    ../../modules/ssh/hardened-openssh.nix
    (import ../../modules/secrets {
      inherit lib;
      inherit inputs;
      inherit config;
      inherit username;
    })
  ];
-  hardware = {
+  sops = {
-    cpu.intel.updateMicrocode = true;
+    validateSopsFiles = false;
-    # https://wiki.nixos.org/wiki/Intel_Graphics
+    defaultSopsFile = "${builtins.toString inputs.nix-secrets}/secrets.yaml";
-    graphics = {
+    defaultSopsFormat = "yaml";
-      enable = true;
+    age.keyFile = "/home/h/.config/sops/age/keys.txt";
-      extraPackages = with pkgs; [
+
-        intel-media-driver
+    secrets = {
-        vpl-gpu-rt
+      "test" = { };
-      ];
+
      "taskwarrior_sync_server_url".owner = config.users.users.h.name;
      "taskwarrior_sync_server_client_id".owner = config.users.users.h.name;
      "taskwarrior_sync_encryption_secret".owner = config.users.users.h.name;
    };
  };
-  # https://wiki.nixos.org/wiki/Intel_Graphics
+  environment.systemPackages = [ inputs.nvim.packages.x86_64-linux.nvim ];
  environment.sessionVariables = {
    LIBVA_DRIVER_NAME = "iHD";
  };
-  secrets.username = username;
+  nix.settings.experimental-features = [
-
+    "nix-command"
-  environment.systemPackages = [
+    "flakes"
    inputs.nvim.packages.x86_64-linux.nvim
    (pkgs.writeShellApplication {
      name = "wol-andromache";
      runtimeInputs = [ pkgs.wakeonlan ];
      text = ''
        wakeonlan ${wolInterfaces.eno1.macAddress}
      '';
    })
  ];
  nixpkgs.config.allowUnfree = true;
  home-manager = {
    useGlobalPkgs = true;
    useUserPackages = true;
-    users.${username} = import ../../home/hosts/astyanax {
+    users.h = import ../../home/hosts/astyanax {
      inherit inputs;
      inherit config;
      inherit pkgs;
@@ -83,12 +66,9 @@ in
  };
  networking = {
    # TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id
    hostId = "80eef97e";
  };
  services.throttled.enable = false;
  services.openssh = {
    enable = true;
    harden = true;
--- a/hosts/hecuba/default.nix
+++ b/hosts/hecuba/default.nix
@@ -1,60 +0,0 @@
 { pkgs, ... }:
 # Also see <https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud>
 {
  imports = [
    ./hard.nix
    ../../modules/common
    ../../modules/ssh/hardened-openssh.nix
  ];
  fileSystems."/" = {
    device = "/dev/disk/by-label/nixos";
    fsType = "ext4";
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-label/boot";
    fsType = "ext4";
  };
  swapDevices = [
    {
      device = "/dev/disk/by-label/swap";
    }
  ];
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";
  users.users = {
    root.hashedPassword = "!";
    username = {
      isNormalUser = true;
      extraGroups = [ "wheel" ];
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOXPEhdKOVnb6mkeLLUcFGt+mnUR5pMie17JtjrxwgO h@andromache"
      ];
    };
  };
  security.sudo.wheelNeedsPassword = false;
  networking = {
    firewall.enable = true;
  };
  environment.systemPackages = with pkgs; [
    vim
    git
  ];
  services.fail2ban = {
    enable = true;
    maxretry = 5;
  };
  services.openssh = {
    enable = true;
    harden = true;
  };
 }
--- a/hosts/hecuba/hard.nix
+++ b/hosts/hecuba/hard.nix
@@ -1,37 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
  boot.initrd.availableKernelModules = [
    "ahci"
    "xhci_pci"
    "virtio_pci"
    "virtio_scsi"
    "sd_mod"
    "sr_mod"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/hosts/vm/default.nix
+++ b/hosts/vm/default.nix
@@ -1,42 +1,39 @@
 {
  lib,
  inputs,
  config,
  pkgs,
  ...
 }:
 let
  username = "h";
 in
 {
  system.stateVersion = "25.05";
  imports = [
-    ../../modules/common
+    inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e14-intel
    inputs.disko.nixosModules.disko
    inputs.sops-nix.nixosModules.sops
    inputs.home-manager.nixosModules.default
    ./hard.nix
    ./disk.nix
-    ../../modules/boot/bootloader.nix
+    ../../modules/bootloader.nix
    ../../modules/keyboard
-    (import ../../modules/networking { hostName = "vm"; })
+    (import ../../modules/networking.nix { hostName = "vm"; })
-    ../../modules/users
+    ../../modules/users.nix
-    ../../modules/audio
+    ../../modules/audio.nix
-    ../../modules/localization
+    ../../modules/localization.nix
-    ../../modules/x
+    ../../modules/x.nix
    ../../modules/fonts
    ../../modules/ssh/hardened-openssh.nix
    (import ../../modules/secrets {
      inherit lib;
      inherit inputs;
      inherit config;
    })
  ];
  secrets.username = username;
  environment.systemPackages = [ inputs.nvim.packages.x86_64-linux.nvim ];
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];
  nixpkgs.config.allowUnfree = true;
  disko = {
    devices.disk.main.device = "/dev/vda";
    devices.disk.main.imageName = "nixos-vm";
@@ -58,7 +55,7 @@ in
  home-manager = {
    useGlobalPkgs = true;
    useUserPackages = true;
-    users.${username} = import ../../home/hosts/vm {
+    users.h = import ../../home/hosts/vm {
      inherit inputs;
      inherit config;
      inherit pkgs;
--- a/modules/audio/default.nix
+++ b/modules/audio/default.nix
@@ -9,5 +9,4 @@
    alsa.support32Bit = true;
    pulse.enable = true;
  };
  services.pulseaudio.extraConfig = "load-module module-switch-on-connect";
 }
--- a/modules/bluetooth.nix
+++ b/modules/bluetooth.nix
@@ -0,0 +1,3 @@
 {
  hardware.bluetooth.enable = true;
 }
--- a/modules/bluetooth/default.nix
+++ b/modules/bluetooth/default.nix
@@ -1,15 +0,0 @@
 {
  hardware.bluetooth = {
    enable = true;
    powerOnBoot = true;
    settings = {
      General = {
        Experimental = true;
        FastConnectable = true;
      };
      Policy = {
        AutoEnable = true;
      };
    };
  };
 }
--- a/modules/boot/bootloader.nix
+++ b/modules/boot/bootloader.nix
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@@ -1,10 +0,0 @@
 {
  system.stateVersion = "25.05";
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];
  nixpkgs.config.allowUnfree = true;
 }
--- a/modules/desktops/niri/default.nix
+++ b/modules/desktops/niri/default.nix
@@ -1,8 +0,0 @@
 {
  programs.niri.enable = true;
  services.dbus.enable = true;
  xdg = {
    portal.enable = true;
  };
 }
--- a/modules/disko.zfs-encrypted-root.nix
+++ b/modules/disko.zfs-encrypted-root.nix
--- a/modules/docker/default.nix
+++ b/modules/docker/default.nix
@@ -1,44 +0,0 @@
 { config, lib, ... }:
 let
  cfg = config.docker;
 in
 {
  options.docker = {
    rootless = lib.mkOption {
      type = lib.types.bool;
      default = false;
    };
    user = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
      default = null;
    };
  };
  config = lib.mkMerge [
    {
      warnings = lib.flatten [
        (lib.optional (
          cfg.rootless && cfg.user != null
        ) "'virtualisation.docker.user' is ignored when rootless mode is enabled")
        (lib.optional (
          !cfg.rootless && cfg.user == null
        ) "'virtualisation.docker.user' is not set (no user is added to the docker group)")
      ];
    }
    (lib.mkIf cfg.rootless {
      virtualisation.docker = {
        enable = false;
        rootless = {
          enable = true;
          setSocketVariable = true;
        };
      };
    })
    (lib.mkIf (!cfg.rootless && cfg.user != null) {
      virtualisation.docker = {
        enable = true;
      };
      users.users.${cfg.user}.extraGroups = [ "docker" ];
    })
  ];
 }
--- a/modules/desktops/gnome.nix
+++ b/modules/desktops/gnome.nix
--- a/modules/k3s/default.nix
+++ b/modules/k3s/default.nix
@@ -1,79 +0,0 @@
 { pkgs, ... }:
 {
  # TODO: see if this works with podman
  # TODO: check if docker/podman is enabled
  # Rootless K3S
  # FIXME
  environment.systemPackages = with pkgs; [
    k3s
    rootlesskit
    slirp4netns
  ];
  # running K3S on rootless docker was causing the following error: "failed to find cpuset cgroup (v2)" (in `docker logs k3d-lab-server-0` output)
  #
  # see <https://docs.k3s.io/advanced#known-issues-with-rootless-mode>
  # see <https://rootlesscontaine.rs/getting-started/common/cgroup2/>
  # see <https://discourse.nixos.org/t/declarative-rootless-k3s/49839>
  systemd.services."user@".serviceConfig.Delegate = "cpu cpuset io memory pids";
  # taken from <https://github.com/k3s-io/k3s/blob/main/k3s-rootless.service> as described in <https://docs.k3s.io/advanced#known-issues-with-rootless-mode#Rootless>
  systemd.user.services."k3s-rootless" = with pkgs; {
    path = with pkgs; [
      "${rootlesskit}"
      "${slirp4netns}"
      "${fuse-overlayfs}"
      "${fuse3}"
      "/run/wrappers"
    ];
    # systemd unit file for k3s (rootless)
    #
    # Usage:
    # - [Optional] Enable cgroup v2 delegation, see https://rootlesscontaine.rs/getting-started/common/cgroup2/ .
    #   This step is optional, but highly recommended for enabling CPU and memory resource limtitation.
    #
    # - Copy this file as `~/.config/systemd/user/k3s-rootless.service`.
    #   Installing this file as a system-wide service (`/etc/systemd/...`) is not supported.
    #   Depending on the path of `k3s` binary, you might need to modify the `ExecStart=/usr/local/bin/k3s ...` line of this file.
    #
    # - Run `systemctl --user daemon-reload`
    #
    # - Run `systemctl --user enable --now k3s-rootless`
    #
    # - Run `KUBECONFIG=~/.kube/k3s.yaml kubectl get pods -A`, and make sure the pods are running.
    #
    # Troubleshooting:
    # - See `systemctl --user status k3s-rootless` to check the daemon status
    # - See `journalctl --user -f -u k3s-rootless` to see the daemon log
    # - See also https://rootlesscontaine.rs/
    enable = true;
    description = "k3s (Rootless)";
    serviceConfig = {
      # NOTE: Don't try to run `k3s server --rootless` on a terminal, as it doesn't enable cgroup v2 delegation.
      # If you really need to try it on a terminal, prepend `systemd-run --user -p Delegate=yes --tty` to create a systemd scope.
      ExecStart = "${k3s}/bin/k3s server --rootless --snapshotter=fuse-overlayfs";
      ExecReload = "/run/current-system/sw/bin/kill -s HUP $MAINPID";
      TimeoutSec = 0;
      RestartSec = 2;
      Restart = "always";
      StartLimitBurst = 3;
      StartLimitInterval = "60s";
      LimitNOFILE = "infinity";
      LimitNPROC = "infinity";
      LimitCORE = "infinity";
      TasksMax = "infinity";
      Delegate = "yes";
      Type = "simple";
      KillMode = "mixed";
    };
    wantedBy = [ "default.target" ];
  };
  boot.kernel.sysctl = {
    "net.ipv4.ip_forward" = 1;
  };
 }
--- a/modules/localization/default.nix
+++ b/modules/localization/default.nix
--- a/modules/networking/default.nix
+++ b/modules/networking/default.nix
--- a/modules/printing/default.nix
+++ b/modules/printing/default.nix
--- a/modules/secrets/default.nix
+++ b/modules/secrets/default.nix
@@ -1,62 +0,0 @@
 {
  lib,
  inputs,
  config,
  ...
 }:
 let
  cfg = config.secrets;
 in
 {
  options = {
    secrets.username = lib.mkOption {
      type = lib.types.str;
    };
  };
  config = {
    sops = {
      validateSopsFiles = false;
      defaultSopsFile = "${builtins.toString inputs.nix-secrets}/secrets.yaml";
      defaultSopsFormat = "yaml";
      age.keyFile = "/home/${cfg.username}/.config/sops/age/keys.txt";
      secrets = {
        "taskwarrior_sync_server_url".owner = config.users.users.${cfg.username}.name;
        "taskwarrior_sync_server_client_id".owner = config.users.users.${cfg.username}.name;
        "taskwarrior_sync_encryption_secret".owner = config.users.users.${cfg.username}.name;
        "email_personal".owner = config.users.users.${cfg.username}.name;
        "email_work".owner = config.users.users.${cfg.username}.name;
        "anki_sync_user".owner = config.users.users.${cfg.username}.name;
        "anki_sync_key".owner = config.users.users.${cfg.username}.name;
      };
      templates."taskrc.d/sync" = {
        owner = config.users.users.${cfg.username}.name;
        content = ''
          sync.server.url=${config.sops.placeholder."taskwarrior_sync_server_url"}
          sync.server.client_id=${config.sops.placeholder."taskwarrior_sync_server_client_id"}
          sync.encryption_secret=${config.sops.placeholder."taskwarrior_sync_encryption_secret"}
        '';
      };
      templates.".gitconfig.email" = {
        owner = config.users.users.${cfg.username}.name;
        path = "/home/${cfg.username}/.gitconfig.email";
        content = ''
          [user]
            email = ${config.sops.placeholder."email_personal"}
        '';
      };
      templates.".gitconfig.work.email" = {
        owner = config.users.users.${cfg.username}.name;
        path = "/home/${cfg.username}/.gitconfig.work.email";
        content = ''
          [user]
            email = ${config.sops.placeholder."email_work"}
        '';
      };
    };
  };
 }
--- a/modules/ssh/hardened-openssh.nix
+++ b/modules/ssh/hardened-openssh.nix
@@ -10,7 +10,6 @@ in
    services.openssh.settings = optionalAttrs cfg.harden {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      ChallengeResponseAuthentication = false;
      X11Forwarding = false;
      AllowAgentForwarding = false;
--- a/modules/users/default.nix
+++ b/modules/users/default.nix
--- a/modules/x/default.nix
+++ b/modules/x/default.nix
@@ -4,7 +4,7 @@
  services.xserver.windowManager.xmonad = {
    enable = true;
    enableContribAndExtras = true;
-    config = builtins.readFile ../../dots/.xmonad/xmonad.hs;
+    config = builtins.readFile ../dots/.xmonad/xmonad.hs;
  };
  services.xserver = {
--- a/utils/default.nix
+++ b/utils/default.nix
@@ -1,7 +0,0 @@
 { lib }:
 {
  dirNames =
    path:
    builtins.attrNames (lib.filterAttrs (name: type: type == "directory") (builtins.readDir path));
 }
		`@@ -1,2 +0,0 @@`
			`[user]`
			`email = your.work.email@example.com`