refactor(home/work): improve configuration structure

- Add nixpkgs.config.allowUnfree setting
- Fix nixGL configuration path to targets.genericLinux.nixGL
- Remove redundant anki program import (now in modules)
- Enable gh and kubecolor programs
- Pass inputs to packages.nix for flake package access

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

CLAUDE.md

@@ -0,0 +1,159 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with
+code in this repository.
+
+## Overview
+
+This is a NixOS flake-based configuration repository managing both system
+configurations (NixOS) and user environments (home-manager). The repository
+follows a modular architecture with separate host configurations for physical
+machines, VMs, and standalone home-manager setups.
+
+## Essential Commands
+
+### Building and Testing
+
+```bash
+# Build a NixOS system configuration
+nix build -L '.#nixosConfigurations.<hostname>.config.system.build.toplevel'
+
+# Build and run a VM with disko
+nix build -L '.#nixosConfigurations.vm.config.system.build.vmWithDisko'
+./result/bin/disko-vm
+
+# Build home-manager configuration
+nix build -L '.#homeConfigurations.work.activationPackage'
+
+# Build the custom neovim package
+nix build -L '.#nvim.packages.x86_64-linux.nvim'
+```
+
+### Development
+
+```bash
+# Update flake inputs
+nix flake update
+
+# Check flake for errors
+nix flake check
+
+# Show flake outputs
+nix flake show
+
+# Enter development shell for neovim
+cd dots/.config/nvim && nix develop
+```
+
+## Architecture
+
+### Repository Structure
+
+The repository is organized into distinct layers:
+
+- **`flake.nix`**: Root flake defining inputs and outputs. Uses `utils.dirNames` to automatically discover host directories.
+- **`hosts/`**: NixOS system configurations (andromache, astyanax, vm). Each host has its own directory with `default.nix` and hardware configuration.
+- **`home/`**: home-manager configurations, split into `hosts/` (per-host configs) and `modules/` (reusable user-level modules).
+- **`modules/`**: Reusable NixOS modules for system-level configuration (audio, networking, fonts, etc.).
+- **`dots/`**: Dotfiles and configurations, including a complete neovim flake at `dots/.config/nvim/`.
+- **`utils/`**: Helper functions like `dirNames` for discovering directories.
+
+### Key Architectural Patterns
+
+**Host Discovery**: The flake uses `lib.genAttrs hostDirNames` to automatically
+generate `nixosConfigurations` from directories in `hosts/`. Adding a new host
+only requires creating a directory with a `default.nix`.
+
+**Secrets Management**: Uses sops-nix with age encryption. Secrets are stored
+in a separate private repository (`nix-secrets`) referenced as a flake input.
+The `modules/secrets/default.nix` module provides options and templates for
+injecting secrets into configurations.
+
+**Disk Management**: Uses disko for declarative disk partitioning. The
+`modules/disko.zfs-encrypted-root.nix` module provides a reusable ZFS-on-root
+setup with encryption, taking a `device` parameter.
+
+**Neovim as Flake**: The neovim configuration at `dots/.config/nvim/` is a
+standalone flake using nixCats. It's referenced as a flake input in the root
+and included in system packages. This allows independent development and
+version control.
+
+**Home Manager Integration**: Each NixOS host can include home-manager
+configuration through `home-manager.users.<username>`, which imports from
+`home/hosts/<hostname>`. Standalone home-manager configurations (like `work`)
+are also available for non-NixOS systems.
+
+**Module Parameterization**: Modules like `networking.nix` and
+`secrets/default.nix` accept parameters and expose options, making them
+reusable across hosts with different settings.
+
+### Input Dependencies
+
+- **nixpkgs**: Main package source (nixos-unstable)
+- **nixos-hardware**: Hardware-specific configurations
+- **disko**: Declarative disk partitioning
+- **sops-nix**: Secrets management with age/sops
+- **nix-secrets**: Private repository with encrypted secrets (git+ssh)
+- **home-manager**: User environment management
+- **nixgl**: OpenGL wrapper for non-NixOS systems
+- **firefox-addons**: Firefox extension packages
+- **nvim**: Local flake at `dots/.config/nvim/`
+
+## Working with Hosts
+
+### Adding a New NixOS Host
+
+1. Create a new directory in `hosts/<hostname>/`
+2. Add `default.nix` with imports and host-specific configuration
+3. Add `hard.nix` for hardware configuration (generated by nixos-generate-config)
+4. The host will automatically be discovered by the flake
+
+### Adding a New Home Manager Host
+
+1. Create directory in `home/hosts/<hostname>/`
+2. Add `default.nix` importing desired modules from `home/modules/`
+3. For standalone (non-NixOS) configs, add entry to `homeConfigurations` in root `flake.nix`
+
+## Secrets Workflow
+
+Secrets are managed with sops-nix and stored in the private `nix-secrets` repository:
+
+1. Secrets are encrypted with age using keys at `~/.config/sops/age/keys.txt`
+2. The `modules/secrets/default.nix` module reads from `${nix-secrets}/secrets.yaml`
+3. Secrets are exposed as files in `/run/secrets/` with proper ownership
+4. Templates can combine multiple secrets (see taskwarrior sync configuration)
+
+## Common Patterns
+
+### Import Patterns
+
+Modules use different import patterns based on their needs:
+
+```nix
+# Simple module (no parameters)
+imports = [ ../../modules/audio.nix ];
+
+# Parameterized module (function call)
+imports = [ (import ../../modules/networking.nix { hostName = "andromache"; }) ];
+
+# Module with all parameters
+imports = [
+  (import ../../modules/secrets {
+    inherit lib inputs config;
+  })
+];
+```
+
+### Special Args
+
+- `inputs`: Flake inputs, passed as `specialArgs` to NixOS and `extraSpecialArgs` to home-manager
+- `lib`, `config`, `pkgs`: Standard NixOS/home-manager module arguments
+
+### Username Handling
+
+Each host defines a `username` variable (either "h" or "hektor") used for:
+
+- User creation in NixOS
+- Home directory paths
+- Secrets ownership
+- Home-manager configuration

dots/.bin/pomo

@@ -8,24 +8,19 @@ Pomodoro timer
 - Notification on break finish
 """
 
-import atexit
 import os
+import atexit
 from argparse import ArgumentParser
 from time import sleep
-
 from plyer import notification
 
-POMO_PATH = os.path.join(
+POMO_PATH = os.path.join(os.getenv("XDG_DATA_HOME", os.path.expanduser("~/.local/share")), "pomo")
-    os.getenv("XDG_DATA_HOME", os.path.expanduser("~/.local/share")), "pomo"
-)
-
 
 @atexit.register
 def clear():
     if os.path.exists(POMO_PATH):
         os.remove(POMO_PATH)
 
-
 def format_mins_secs(mins, secs):
     return f"{mins:02d}:{secs:02d}"
 
@@ -39,7 +34,6 @@ def make_countdown():
             os.system(f'echo -n "{time_str}" > {POMO_PATH}')
             sleep(1)
             duration -= 1
-
     return countdown
 
 
@@ -64,23 +58,21 @@ def main(args):
 def handle_signal(signal, frame):
     # Wait for clear to finish
     clear()
-    print("Exiting")
+    print('Exiting')
     exit(0)
 
 
-if __name__ == "__main__":
+if __name__ == '__main__':
 
     parser = ArgumentParser()
-    parser.add_argument(
+    parser.add_argument('-w', '--work-duration', type=int,
-        "-w", "--work-duration", type=int, help="Session duration", default=25
+                        help='Session duration', default=25)
-    )
+    parser.add_argument('-b', '--break-duration', type=int,
-    parser.add_argument(
+                        help='Break duration', default=5)
-        "-b", "--break-duration", type=int, help="Break duration", default=5
+    parser.add_argument('-r', '--repeats', type=int,
-    )
+                        help='Numer of sessions', default=1)
-    parser.add_argument(
+    parser.add_argument('-c', '--clear', action='store_true',
-        "-r", "--repeats", type=int, help="Numer of sessions", default=1
+                        help='Clear timer')
-    )
-    parser.add_argument("-c", "--clear", action="store_true", help="Clear timer")
 
     args = parser.parse_args()
 

dots/.bin/r5rs

@@ -2,8 +2,8 @@
 
 session="r5rs"
 
-tmux attach-session -t "$session" || tmux new-session -s "$session" \; \
+tmux attach-session -t $session || tmux new-session -s $session \; \
   split-window -h -t $session \; \
-  send-keys -t 1 "nvim -c \"set ft=scheme\"" C-m \; \
+  send-keys -t 0 "vim" C-m \; \
-  send-keys -t 2 "plt-r5rs --no-prim" C-m \; \
+  send-keys -t 1 "plt-r5rs --no-prim" C-m \; \
-  select-pane -t 1
+  select-pane -t 0

dots/.bin/save-home

@@ -22,5 +22,4 @@ restic -r "$RESTIC_REPOSITORY:$HOSTNAME" backup \
   --one-file-system \
   --files-from="$HOME/.resticinclude" \
   --exclude-file="$HOME/.resticexclude" \
-  --exclude-if-present=".nobackup" \
   --verbose=3

dots/.bin/screen-temperature

@@ -1,12 +1,12 @@
 #!/usr/bin/env python
 
-import subprocess
 import sys
+import subprocess
 
 DEFAULT_TEMPERATURE = 3500
 
 try:
-    with open("/tmp/temperature", "r") as temp_file:
+    with open('/tmp/temperature', 'r') as temp_file:
         current_temperature = int(temp_file.read())
 except FileNotFoundError:
     current_temperature = DEFAULT_TEMPERATURE
@@ -16,8 +16,7 @@ if len(sys.argv) == 1:
     print(current_temperature)
     sys.exit(0)
 elif len(sys.argv) != 2:
-    print(
+    print("""
-        """
 Usage:
 
   screen-temperature
@@ -28,8 +27,7 @@ Usage:
 
   screen-temperature <+|-><temperature>
       increase or decrease screen temperature by <temperature>
-"""
+""")
-    )
     sys.exit(1)
 
 temperature_change = sys.argv[1]
@@ -43,10 +41,11 @@ else:
 
 try:
     subprocess.run(["redshift", "-O", str(new_temperature), "-P"], check=True)
-    with open("/tmp/temperature", "w") as temp_file:
+    with open('/tmp/temperature', 'w') as temp_file:
-        temp_file.write(str(new_temperature) + "\n")
+        temp_file.write(str(new_temperature) + '\n')
     # Send notification
-    subprocess.run(["notify-send", str(new_temperature) + "K"])
+    subprocess.run(
+        ["notify-send", str(new_temperature) + "K"])
 except subprocess.CalledProcessError:
     print("Error: could not set screen temperature.")
     sys.exit(1)

dots/.bin/zk

@@ -1,9 +1,7 @@
 #!/usr/bin/env bash
 
-current_zettel_path="$ZK_PATH/$(cat "$ZK_PATH/current-zettel.txt")"
-
 if [ "$TERM_PROGRAM" = tmux ]; then
-  cd "$ZK_PATH" && $EDITOR "$current_zettel_path"
+  cd ~/.zk && $EDITOR "$(cat ~/.zk/current-zettel.txt)"
 else
   echo 'Not in tmux'
   echo 'Choose an option:'
@@ -20,12 +18,12 @@ else
       else
         # Create session with a window named 'zk' and start nvim
         tmux new-session -s zk -n zk -d
-        tmux send-keys -t zk:zk "cd $ZK_PATH && $EDITOR $current_zettel_path" Enter
+        tmux send-keys -t zk:zk "cd ~/.zk && $EDITOR \"\$(cat ~/.zk/current-zettel.txt)\"" Enter
         tmux attach -t zk
       fi
       ;;
     2)
-      cd "$ZK_PATH" && $EDITOR "$current_zettel_path"
+      cd ~/.zk && $EDITOR "$(cat ~/.zk/current-zettel.txt)"
       ;;
     *)
       echo 'Not opening Zettelkasten'

dots/.config/kitty/kitty.conf

@@ -136,7 +136,7 @@ map f5 goto_tab 5
 map f6 goto_tab 6
 map f7 goto_tab 7
 map f8 goto_tab 8
-# map kitty_mod+c new_tab # FIXME: conflict with 'copy'
+map kitty_mod+c new_tab
 map cmd+t
 map kitty_mod+q
 map cmd+w

dots/.config/nvim/after/plugin/claude-code.nvim.lua

@@ -1,61 +0,0 @@
-require("claude-code").setup({
-  -- Terminal window settings
-  window = {
-    split_ratio = 0.3, -- Percentage of screen for the terminal window (height for horizontal, width for vertical splits)
-    position = "vertical", -- Position of the window: "botright", "topleft", "vertical", "float", etc.
-    enter_insert = true, -- Whether to enter insert mode when opening Claude Code
-    hide_numbers = true, -- Hide line numbers in the terminal window
-    hide_signcolumn = true, -- Hide the sign column in the terminal window
-
-    -- Floating window configuration (only applies when position = "float")
-    float = {
-      width = "80%", -- Width: number of columns or percentage string
-      height = "80%", -- Height: number of rows or percentage string
-      row = "center", -- Row position: number, "center", or percentage string
-      col = "center", -- Column position: number, "center", or percentage string
-      relative = "editor", -- Relative to: "editor" or "cursor"
-      border = "rounded", -- Border style: "none", "single", "double", "rounded", "solid", "shadow"
-    },
-  },
-  -- File refresh settings
-  refresh = {
-    enable = true, -- Enable file change detection
-    updatetime = 100, -- updatetime when Claude Code is active (milliseconds)
-    timer_interval = 1000, -- How often to check for file changes (milliseconds)
-    show_notifications = true, -- Show notification when files are reloaded
-  },
-  -- Git project settings
-  git = {
-    use_git_root = true, -- Set CWD to git root when opening Claude Code (if in git project)
-  },
-  -- Shell-specific settings
-  shell = {
-    separator = "&&", -- Command separator used in shell commands
-    pushd_cmd = "pushd", -- Command to push directory onto stack (e.g., 'pushd' for bash/zsh, 'enter' for nushell)
-    popd_cmd = "popd", -- Command to pop directory from stack (e.g., 'popd' for bash/zsh, 'exit' for nushell)
-  },
-  -- Command settings
-  command = "claude", -- Command used to launch Claude Code
-  -- Command variants
-  command_variants = {
-    -- Conversation management
-    continue = "--continue", -- Resume the most recent conversation
-    resume = "--resume", -- Display an interactive conversation picker
-
-    -- Output options
-    verbose = "--verbose", -- Enable verbose logging with full turn-by-turn output
-  },
-  -- Keymaps
-  keymaps = {
-    toggle = {
-      normal = "<C-,>", -- Normal mode keymap for toggling Claude Code, false to disable
-      terminal = "<C-,>", -- Terminal mode keymap for toggling Claude Code, false to disable
-      variants = {
-        continue = "<leader>cC", -- Normal mode keymap for Claude Code with continue flag
-        verbose = "<leader>cV", -- Normal mode keymap for Claude Code with verbose flag
-      },
-    },
-    window_navigation = true, -- Enable window navigation keymaps (<C-h/j/k/l>)
-    scrolling = true, -- Enable scrolling keymaps (<C-f/b>) for page up/down
-  },
-})

dots/.config/nvim/after/plugin/codecompanion.nvim.lua

@@ -1,22 +1,16 @@
 require("codecompanion").setup({
-  ignore_warnings = true,
+  extensions = {
+    mcphub = {
+      callback = "mcphub.extensions.codecompanion",
+      opts = {
+        make_vars = true,
+        make_slash_commands = true,
+        show_result_in_chat = true
+      }
+    }
+  },
   strategies = {
     chat = { adapter = "openai" },
     inline = { adapter = "openai" },
   },
 })
-
--- Load mcphub extension after codecompanion is initialized
--- and ensure the config structure exists
-local ok, cc_config = pcall(require, "codecompanion.config")
-if ok then
-  cc_config.interactions = cc_config.interactions or {}
-  cc_config.interactions.chat = cc_config.interactions.chat or {}
-  cc_config.interactions.chat.tools = cc_config.interactions.chat.tools or {}
-
-  require("mcphub.extensions.codecompanion").setup({
-    make_vars = true,
-    make_slash_commands = true,
-    show_result_in_chat = true,
-  })
-end

dots/.config/nvim/after/plugin/conform.lua

@@ -13,15 +13,14 @@ require("conform").setup({
     gdscript = { "gdformat" },
     haskell = { "ormolu" },
     html = { "prettierd", "prettier", stop_after_first = true },
+    lua = { "stylua" }, -- configured in stylua.toml
+    markdown = { "prettierd", "prettier", stop_after_first = true },
+    nix = { "nixfmt" },
     javascript = { "eslint_d", "eslint", "prettierd", "prettier", stop_after_first = true },
     javascriptreact = { "eslint_d", "eslint", "prettierd", "prettier", stop_after_first = true },
     json = { "prettierd", "prettier", stop_after_first = true },
     jsonc = { "prettierd", "prettier", stop_after_first = true },
-    lua = { "stylua" }, -- configured in stylua.toml
-    markdown = { "prettierd", "prettier", stop_after_first = true },
-    nix = { "nixfmt" },
     python = { "isort", "black" },
-    rust = { "rustfmt", lsp_fallback = "fallback" },
     svelte = { "eslint_d", "prettierd", "prettier", stop_after_first = true },
     typescript = { "eslint_d", "prettierd", "prettier", stop_after_first = true },
     typescriptreact = { "eslint_d", "eslint", "prettierd", "prettier", stop_after_first = true },

dots/.config/nvim/after/plugin/fidget.nvim.lua

@@ -1 +0,0 @@
-require("fidget").setup()

dots/.config/nvim/after/plugin/m_taskwarrior_d.nvim.lua

@@ -1,9 +0,0 @@
-require("m_taskwarrior_d").setup()
-
-vim.api.nvim_create_autocmd({ "BufEnter", "BufWritePost" }, {
-  group = vim.api.nvim_create_augroup("TWTask", { clear = true }),
-  pattern = "*.md",
-  callback = function()
-    vim.cmd("TWSyncTasks")
-  end,
-})

dots/.config/nvim/after/plugin/treesitter.lua

@@ -4,13 +4,10 @@ local keymap = vim.keymap
 local opt = vim.opt
 local treesitter_configs = require("nvim-treesitter.configs")
 
-local nixCatsUtils = require("nixCatsUtils")
-local is_nix = nixCatsUtils.isNixCats
-
 treesitter_configs.setup({
   -- Basically added what I might need from the docs
   -- <https://github.com/nvim-treesitter/nvim-treesitter?tab=readme-ov-file#supported-languages>
-  ensure_installed = is_nix and {} or {
+  ensure_installed = {
     "awk",
     "bash",
     "bibtex",
@@ -89,7 +86,7 @@ treesitter_configs.setup({
     enable = true,
   },
   sync_install = false,
-  auto_install = not is_nix,
+  auto_install = true,
   ignore_install = {},
   modules = {},
   textobjects = {

dots/.config/nvim/flake.lock

@@ -1,52 +1,12 @@
 {
   "nodes": {
-    "flake-parts": {
-      "inputs": {
-        "nixpkgs-lib": [
-          "mcp-hub",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1743550720,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "type": "github"
-      }
-    },
-    "mcp-hub": {
-      "inputs": {
-        "flake-parts": "flake-parts",
-        "nixpkgs": "nixpkgs"
-      },
-      "locked": {
-        "lastModified": 1755841689,
-        "narHash": "sha256-KakvXZf0vjdqzyT+LsAKHEr4GLICGXPmxl1hZ3tI7Yg=",
-        "owner": "ravitemer",
-        "repo": "mcp-hub",
-        "rev": "9c7670a4c341ed3cf738a6242c0fde1cea40bccf",
-        "type": "github"
-      },
-      "original": {
-        "owner": "ravitemer",
-        "repo": "mcp-hub",
-        "type": "github"
-      }
-    },
     "nixCats": {
       "locked": {
-        "lastModified": 1765766809,
+        "lastModified": 1764009888,
-        "narHash": "sha256-3Xp41+Sb1zIzASa1Uu1k1RMUoJ9CGyYb0GtvvpRPBqg=",
+        "narHash": "sha256-hJekfTiW1792txgRSM4LcHnz1lDSY87LYbsJEn2V378=",
         "owner": "BirdeeHub",
         "repo": "nixCats-nvim",
-        "rev": "fe157e3ed69ed14b55ca81f597eac282caed58a2",
+        "rev": "16ac3281f322ea15d39843829e42a44d22da3715",
         "type": "github"
       },
       "original": {
@@ -57,27 +17,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1743689281,
+        "lastModified": 1764230294,
-        "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=",
+        "narHash": "sha256-Z63xl5Scj3Y/zRBPAWq1eT68n2wBWGCIEF4waZ0bQBE=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "2bfc080955153be0be56724be6fa5477b4eefabb",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1766532406,
-        "narHash": "sha256-acLU/ag9VEoKkzOD202QASX25nG1eArXg5A0mHjKgxM=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "8142186f001295e5a3239f485c8a49bf2de2695a",
+        "rev": "0d59e0290eefe0f12512043842d7096c4070f30e",
         "type": "github"
       },
       "original": {
@@ -135,30 +79,14 @@
         "type": "github"
       }
     },
-    "plugins-m-taskwarrior-d-nvim": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1764933759,
-        "narHash": "sha256-4lN/ZQTQ7uMcpjePbf2k913Bs9AYYS6da3iZbckA6oI=",
-        "owner": "huantrinh1802",
-        "repo": "m_taskwarrior_d.nvim",
-        "rev": "279d2c8bcd2779500c1bea71fb9249c97cdb503b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "huantrinh1802",
-        "repo": "m_taskwarrior_d.nvim",
-        "type": "github"
-      }
-    },
     "plugins-mcphub-nvim": {
       "flake": false,
       "locked": {
-        "lastModified": 1765628564,
+        "lastModified": 1759035242,
-        "narHash": "sha256-nvWqCGRKhbUHsAM/zd+cwFdcoXXxf6EmcCkpN4mElf4=",
+        "narHash": "sha256-I6EbgY/2sAdtrxtmH0qbAAQvMCHhOsfolJfblV0fXOk=",
         "owner": "ravitemer",
         "repo": "mcphub.nvim",
-        "rev": "5193329d510a68f1f5bf189960642c925c177a3a",
+        "rev": "8ff40b5edc649959bb7e89d25ae18e055554859a",
         "type": "github"
       },
       "original": {
@@ -202,11 +130,11 @@
     "plugins-tailwind-fold-nvim": {
       "flake": false,
       "locked": {
-        "lastModified": 1766077142,
+        "lastModified": 1752559116,
-        "narHash": "sha256-SwcDLlygXUSV/dytPXA5Y45OpUhjnExc8SZg5a8MZ2k=",
+        "narHash": "sha256-8uefZIVsn9USEd6FyiO3m3TRKAS/vigU4t9Tk5ijd3c=",
         "owner": "razak17",
         "repo": "tailwind-fold.nvim",
-        "rev": "e2ba5ee1ca9b74208709fe9d7314b8aa753b26a7",
+        "rev": "d9e7ca11691d252b35795726dff087bf013b2ebf",
         "type": "github"
       },
       "original": {
@@ -217,13 +145,11 @@
     },
     "root": {
       "inputs": {
-        "mcp-hub": "mcp-hub",
         "nixCats": "nixCats",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
         "plugins-beancount-nvim": "plugins-beancount-nvim",
         "plugins-crazy-node-movement": "plugins-crazy-node-movement",
         "plugins-helm-ls-nvim": "plugins-helm-ls-nvim",
-        "plugins-m-taskwarrior-d-nvim": "plugins-m-taskwarrior-d-nvim",
         "plugins-mcphub-nvim": "plugins-mcphub-nvim",
         "plugins-nvimkit-nvim": "plugins-nvimkit-nvim",
         "plugins-shipwright-nvim": "plugins-shipwright-nvim",

dots/.config/nvim/flake.nix

@@ -2,16 +2,11 @@
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
     nixCats.url = "github:BirdeeHub/nixCats-nvim";
-    mcp-hub.url = "github:ravitemer/mcp-hub";
 
     plugins-shipwright-nvim = {
       url = "github:rktjmp/shipwright.nvim";
       flake = false;
     };
-    plugins-m-taskwarrior-d-nvim = {
-      url = "github:huantrinh1802/m_taskwarrior_d.nvim";
-      flake = false;
-    };
     plugins-crazy-node-movement = {
       url = "github:theHamsta/crazy-node-movement";
       flake = false;
@@ -52,68 +47,33 @@
       forEachSystem = utils.eachSystem nixpkgs.lib.platforms.all;
       extra_pkg_config = { };
 
-      mkDependencyOverlays = system: [
+      dependencyOverlays = [ (utils.standardPluginOverlay inputs) ];
-        (utils.standardPluginOverlay inputs)
-        (final: prev: {
-          mcp-hub = inputs.mcp-hub.packages.${system}.default;
-        })
-      ];
 
       categoryDefinitions =
-        {
+        { pkgs, ... }:
-          pkgs,
-          ...
-        }:
         {
           lspsAndRuntimeDeps = with pkgs; {
             general = [
               black
               clang
               clang-tools
-              delta
-              fd
               gawk
               gdtoolkit_4
               isort
-              mcp-hub
+              tree-sitter
+              ormolu
+              nodePackages.prettier
               nixd
               nixfmt
-              nodePackages.prettier
-              nodePackages.typescript-language-server
-              ormolu
               prettierd
-              rustfmt
               shellcheck-minimal
               stylua
-              tree-sitter
               vscode-langservers-extracted
             ];
           };
 
           startupPlugins = {
             general = with pkgs.vimPlugins; [
-              ## plug
-              vim-plug
-              vim-sandwich
-              context_filetype-vim
-              editorconfig-vim
-              vim-snippets
-              unicode-vim
-              vim-css-color
-              quarto-nvim
-              vimtex
-              wiki-vim
-              vim-pandoc
-              vim-pandoc-syntax
-              # TODO: ferrine/md-img-paste.vim
-              # TODO: supercollider/scvim
-              # TODO: tidalcycles/vim-tidal
-              vim-glsl
-              # TODO: timtro/glslView-nvim
-              # TODO: sirtaj/vim-openscad
-              jupytext-nvim
-              vim-openscad
-              ## paq
               eyeliner-nvim
               fzf-lua
               ltex_extra-nvim
@@ -151,22 +111,18 @@
               image-nvim
               pkgs.neovimPlugins.beancount-nvim
               pkgs.neovimPlugins.nvimkit-nvim
-              codecompanion-nvim
+              # codecompanion-nvim
               pkgs.neovimPlugins.mcphub-nvim
               copilot-lua
               copilot-cmp
               pkgs.neovimPlugins.helm-ls-nvim
               kitty-scrollback-nvim
-              fidget-nvim
+              obsidian-nvim
-              rustaceanvim
-              pkgs.neovimPlugins.m-taskwarrior-d-nvim
-              claude-code-nvim
             ];
           };
 
           optionalPlugins = {
-            general = with pkgs.vimPlugins; [
+            general = with pkgs.vimPlugins; [ ];
-            ];
           };
 
           sharedLibraries = {
@@ -192,12 +148,11 @@
           };
       };
       defaultPackageName = "nvim";
-    in
 
+    in
     forEachSystem (
       system:
       let
-        dependencyOverlays = mkDependencyOverlays system;
         nixCatsBuilder = utils.baseBuilder luaPath {
           inherit
             nixpkgs
@@ -217,7 +172,7 @@
             name = defaultPackageName;
             packages = [ defaultPackage ];
             inputsFrom = [ ];
-            shellHook = '''';
+            shellHook = "";
           };
         };
 
@@ -229,32 +184,31 @@
           moduleNamespace = [ defaultPackageName ];
           inherit
             defaultPackageName
+            dependencyOverlays
             luaPath
             categoryDefinitions
             packageDefinitions
             extra_pkg_config
             nixpkgs
             ;
-          dependencyOverlays = mkDependencyOverlays;
         };
         homeModule = utils.mkHomeModules {
           moduleNamespace = [ defaultPackageName ];
           inherit
             defaultPackageName
+            dependencyOverlays
             luaPath
             categoryDefinitions
             packageDefinitions
             extra_pkg_config
             nixpkgs
             ;
-          dependencyOverlays = mkDependencyOverlays;
         };
       in
       {
 
         overlays = utils.makeOverlays luaPath {
-          inherit nixpkgs extra_pkg_config;
+          inherit nixpkgs dependencyOverlays extra_pkg_config;
-          dependencyOverlays = mkDependencyOverlays;
         } categoryDefinitions packageDefinitions defaultPackageName;
 
         nixosModules.default = nixosModule;

dots/.config/nvim/lua/paq-setup.lua

@@ -43,5 +43,4 @@ require("nixCatsUtils.catPacker").setup({
   { "zbirenbaum/copilot-cmp" },
   { "qvalentin/helm-ls.nvim", ft = "helm" },
   { "mikesmithgh/kitty-scrollback.nvim" },
-  { "greggh/claude-code.nvim" },
 })

flake.lock

@@ -29,11 +29,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1766046711,
+        "lastModified": 1764561884,
-        "narHash": "sha256-PijxRQcvSgQae3qBdY4+IGMsMFL67N3D7sBJdZxDii4=",
+        "narHash": "sha256-vQ3iFPPhxsLqV3c5kgmYP53mVD6id6gsP0tN+oTmqok=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "7163ab9a8e64cd29c45e8f93fbc038b12056e6fc",
+        "rev": "aba4621459aec251d90d6452e3495b58a8a5e185",
         "type": "gitlab"
       },
       "original": {
@@ -43,28 +43,6 @@
         "type": "gitlab"
       }
     },
-    "flake-parts": {
-      "inputs": {
-        "nixpkgs-lib": [
-          "nvim",
-          "mcp-hub",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1743550720,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "type": "github"
-      }
-    },
     "flake-utils": {
       "inputs": {
         "systems": "systems"
@@ -90,11 +68,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1765980955,
+        "lastModified": 1764544324,
-        "narHash": "sha256-rB45jv4uwC90vM9UZ70plfvY/2Kdygs+zlQ07dGQFk4=",
+        "narHash": "sha256-GVBGjO7UsmzLrlOJV8NlKSxukHaHencrJqWkCA6FkqI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "89c9508bbe9b40d36b3dc206c2483ef176f15173",
+        "rev": "e4e25a8c310fa45f2a8339c7972dc43d2845a612",
         "type": "github"
       },
       "original": {
@@ -103,32 +81,13 @@
         "type": "github"
       }
     },
-    "mcp-hub": {
-      "inputs": {
-        "flake-parts": "flake-parts",
-        "nixpkgs": "nixpkgs_2"
-      },
-      "locked": {
-        "lastModified": 1755841689,
-        "narHash": "sha256-KakvXZf0vjdqzyT+LsAKHEr4GLICGXPmxl1hZ3tI7Yg=",
-        "owner": "ravitemer",
-        "repo": "mcp-hub",
-        "rev": "9c7670a4c341ed3cf738a6242c0fde1cea40bccf",
-        "type": "github"
-      },
-      "original": {
-        "owner": "ravitemer",
-        "repo": "mcp-hub",
-        "type": "github"
-      }
-    },
     "nix-secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1765747965,
+        "lastModified": 1764371082,
-        "narHash": "sha256-EHZRRC3piD6vKd4hXiqC+CcDUQCOzrH/CNAF9zBqpDQ=",
+        "narHash": "sha256-yxFxEKXFuXFyFIDZY1gla2OyuqcIE3uT8KDDgTmm3cE=",
         "ref": "main",
-        "rev": "a8e8d953f579939bd72b5f5c6ed332910b598554",
+        "rev": "b9c2ce32cc4c95d7ff01372faea2668407ef8d27",
         "shallow": true,
         "type": "git",
         "url": "ssh://git@github.com/hektor/nix-secrets"
@@ -142,11 +101,11 @@
     },
     "nixCats": {
       "locked": {
-        "lastModified": 1765766809,
+        "lastModified": 1764009888,
-        "narHash": "sha256-3Xp41+Sb1zIzASa1Uu1k1RMUoJ9CGyYb0GtvvpRPBqg=",
+        "narHash": "sha256-hJekfTiW1792txgRSM4LcHnz1lDSY87LYbsJEn2V378=",
         "owner": "BirdeeHub",
         "repo": "nixCats-nvim",
-        "rev": "fe157e3ed69ed14b55ca81f597eac282caed58a2",
+        "rev": "16ac3281f322ea15d39843829e42a44d22da3715",
         "type": "github"
       },
       "original": {
@@ -194,11 +153,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1765779637,
+        "lastModified": 1764517877,
-        "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=",
+        "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4",
+        "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c",
         "type": "github"
       },
       "original": {
@@ -208,25 +167,8 @@
         "type": "github"
       }
     },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1743689281,
-        "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "2bfc080955153be0be56724be6fa5477b4eefabb",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nvim": {
       "inputs": {
-        "mcp-hub": "mcp-hub",
         "nixCats": "nixCats",
         "nixpkgs": [
           "nixpkgs"
@@ -234,7 +176,6 @@
         "plugins-beancount-nvim": "plugins-beancount-nvim",
         "plugins-crazy-node-movement": "plugins-crazy-node-movement",
         "plugins-helm-ls-nvim": "plugins-helm-ls-nvim",
-        "plugins-m-taskwarrior-d-nvim": "plugins-m-taskwarrior-d-nvim",
         "plugins-mcphub-nvim": "plugins-mcphub-nvim",
         "plugins-nvimkit-nvim": "plugins-nvimkit-nvim",
         "plugins-shipwright-nvim": "plugins-shipwright-nvim",
@@ -298,30 +239,14 @@
         "type": "github"
       }
     },
-    "plugins-m-taskwarrior-d-nvim": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1764933759,
-        "narHash": "sha256-4lN/ZQTQ7uMcpjePbf2k913Bs9AYYS6da3iZbckA6oI=",
-        "owner": "huantrinh1802",
-        "repo": "m_taskwarrior_d.nvim",
-        "rev": "279d2c8bcd2779500c1bea71fb9249c97cdb503b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "huantrinh1802",
-        "repo": "m_taskwarrior_d.nvim",
-        "type": "github"
-      }
-    },
     "plugins-mcphub-nvim": {
       "flake": false,
       "locked": {
-        "lastModified": 1765628564,
+        "lastModified": 1759035242,
-        "narHash": "sha256-nvWqCGRKhbUHsAM/zd+cwFdcoXXxf6EmcCkpN4mElf4=",
+        "narHash": "sha256-I6EbgY/2sAdtrxtmH0qbAAQvMCHhOsfolJfblV0fXOk=",
         "owner": "ravitemer",
         "repo": "mcphub.nvim",
-        "rev": "5193329d510a68f1f5bf189960642c925c177a3a",
+        "rev": "8ff40b5edc649959bb7e89d25ae18e055554859a",
         "type": "github"
       },
       "original": {
@@ -365,11 +290,11 @@
     "plugins-tailwind-fold-nvim": {
       "flake": false,
       "locked": {
-        "lastModified": 1766077142,
+        "lastModified": 1752559116,
-        "narHash": "sha256-SwcDLlygXUSV/dytPXA5Y45OpUhjnExc8SZg5a8MZ2k=",
+        "narHash": "sha256-8uefZIVsn9USEd6FyiO3m3TRKAS/vigU4t9Tk5ijd3c=",
         "owner": "razak17",
         "repo": "tailwind-fold.nvim",
-        "rev": "e2ba5ee1ca9b74208709fe9d7314b8aa753b26a7",
+        "rev": "d9e7ca11691d252b35795726dff087bf013b2ebf",
         "type": "github"
       },
       "original": {
@@ -398,11 +323,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1765836173,
+        "lastModified": 1764483358,
-        "narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=",
+        "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63",
+        "rev": "5aca6ff67264321d47856a2ed183729271107c9c",
         "type": "github"
       },
       "original": {

flake.nix

@@ -5,6 +5,7 @@
     };
     nixos-hardware = {
       url = "github:NixOS/nixos-hardware/master";
+      inputs.nixpkgs.follows = "nixpkgs";
     };
     disko = {
       url = "github:nix-community/disko/latest";

home/hosts/andromache/default.nix

@@ -6,78 +6,14 @@
   ...
 }:
 
-let
-  username = "h";
-in
 {
   imports = [
-    ../../modules/desktop/niri
+    (import ../astyanax {
-    ../../modules/git.nix
+      inherit inputs;
-    ../../modules/k9s.nix
-    (import ../../modules/taskwarrior.nix {
-      inherit config;
-      inherit pkgs;
-    })
-    (import ../../modules/keepassxc.nix { inherit pkgs; })
-    (import ../../modules/anki.nix {
       inherit config;
       inherit pkgs;
     })
   ];
 
-  home.stateVersion = "25.05";
+  programs.taskwarrior.config.recurrence = lib.mkForce "on";
-  home.username = username;
-  home.homeDirectory = "/home/${username}";
-
-  xdg.userDirs.createDirectories = false;
-  xdg.userDirs.download = "${config.home.homeDirectory}/dl";
-
-  programs = {
-    bash = {
-      enable = true;
-      enableCompletion = true;
-      initExtra = ''
-        for f in /home/${username}/.bashrc.d/*; do
-          [ -f "$f" ] && source "$f"
-        done
-
-        source /home/${username}/.bash_aliases/all
-        source /home/${username}/.bash_aliases/lang-js
-
-        # host-specific config goes here
-        # ...
-
-        export PATH=${../../../dots/.bin}:$PATH
-      '';
-    };
-    firefox = import ../../modules/firefox.nix {
-      inherit inputs;
-      inherit pkgs;
-      inherit config;
-    };
-    fzf = {
-      enable = true;
-      enableBashIntegration = true;
-    };
-    home-manager.enable = true;
-    taskwarrior.config.recurrence = lib.mkForce "on";
-  };
-
-  home.packages = import ../packages.nix {
-    inherit pkgs;
-    inherit config;
-  };
-
-  home.file = {
-    ".inputrc".source = ../../../dots/.inputrc;
-    ".bashrc.d/prompt".source = ../../../dots/.bashrc.d/prompt;
-    ".bashrc.d/editor".source = ../../../dots/.bashrc.d/editor;
-    ".bash_aliases/all".source = ../../../dots/.bash_aliases/all;
-    ".bash_aliases/lang-js".source = ../../../dots/.bash_aliases/lang-js;
-    ".config/kitty/kitty.conf".source = ../../../dots/.config/kitty/kitty.conf;
-    ".config/kitty/themes/zenwritten_light.conf".source =
-      ../../../dots/.config/kitty/themes/zenwritten_light.conf;
-    ".config/kitty/themes/zenwritten_dark.conf".source =
-      ../../../dots/.config/kitty/themes/zenwritten_dark.conf;
-  };
 }

home/hosts/astyanax/default.nix

@@ -10,14 +10,13 @@ let
 in
 {
   imports = [
-    ../../modules/desktop/niri
+    ../../modules/dconf.nix # TODO: Only enable when on Gnome?
     ../../modules/git.nix
     ../../modules/k9s.nix
     (import ../../modules/taskwarrior.nix {
       inherit config;
       inherit pkgs;
     })
-    (import ../../modules/keepassxc.nix { inherit pkgs; })
   ];
 
   home.stateVersion = "25.05";
@@ -32,12 +31,12 @@ in
       enable = true;
       enableCompletion = true;
       initExtra = ''
-        for f in /home/${username}/.bashrc.d/*; do
+        for f in /home/h/.bashrc.d/*; do
           [ -f "$f" ] && source "$f"
         done
 
-        source /home/${username}/.bash_aliases/all
+        source /home/h/.bash_aliases/all
-        source /home/${username}/.bash_aliases/lang-js
+        source /home/h/.bash_aliases/lang-js
 
         # host-specific config goes here
         # ...
@@ -55,9 +54,10 @@ in
       enableBashIntegration = true;
     };
     home-manager.enable = true;
+    keepassxc = import ../../modules/keepassxc.nix;
   };
 
-  home.packages = import ../packages.nix {
+  home.packages = import ./packages.nix {
     inherit pkgs;
     inherit config;
   };

home/hosts/astyanax/packages.nix

@@ -3,34 +3,50 @@
 with pkgs;
 [
   bash-completion
+  bash-language-server
   bat
+  brightnessctl
   entr
+  eslint_d
   feh
   fzf
   gh
   git
+  haskell-language-server
   haskellPackages.pandoc-crossref
+  haskellPackages.hadolint
   htop
   jq
   kitty
+  lua-language-server
   nixfmt-rfc-style
   nmap
   nodejs_24
   nvimpager
+  ormolu
   pandoc
   parallel
   pass
   pnpm
   ripgrep
-  signal-desktop
   silver-searcher
   sops
   sshfs
+  stylelint
+  svelte-language-server
+  tailwindcss-language-server
   tldr
   tmux
   tmuxp
   tree
+  tree-sitter
+  typescript-language-server
   unzip
+  vim-language-server
   vimPlugins.vim-plug
+  vtsls
   wget
+  xbanish
+  xclip
+  yaml-language-server
 ]

home/hosts/work/default.nix

@@ -13,7 +13,6 @@ in
     ../../modules/dconf.nix
     ../../modules/git.nix
     ../../modules/k9s.nix
-    (import ../../modules/keepassxc.nix { inherit pkgs; })
   ];
 
   nixpkgs.config.allowUnfree = true;
@@ -35,6 +34,7 @@ in
       inherit config;
     };
     gh.enable = true;
+    keepassxc = import ../../modules/keepassxc.nix;
     kubecolor.enable = true;
   };
 

home/modules/anki.nix

@@ -1,16 +1,6 @@
-{ config, pkgs, ... }:
-
 {
-  programs.anki = {
+  enable = true;
-    enable = true;
+  # sync = {
-    addons = with pkgs.ankiAddons; [
+  #   username = config.sops.secrets."email/personal".path;
-      anki-connect
+  # };
-      puppy-reinforcement
-      review-heatmap
-    ];
-    sync = {
-      usernameFile = "${config.sops.secrets."anki_sync_user".path}";
-      keyFile = "${config.sops.secrets."anki_sync_key".path}";
-    };
-  };
 }

home/modules/desktop/niri/config.kdl

@@ -1,183 +0,0 @@
-input {
-    touchpad {
-        tap
-        natural-scroll
-    }
-    mouse {
-        accel-profile "flat"
-    }
-}
-
-// NOTE: monitors are managed using `shikane` instead, as I assume this to be
-// too limited for multiple multimonitor configurations. Below is an example
-// for a simple, fixed, vertical dual monitor setup
-
-// output "eDP-1" {
-//   position x=0 y=1440
-// }
-//
-// output "DP-5" {
-//   position x=0 y=0
-// }
-
-layout {
-    gaps 4
-    struts {}
-    center-focused-column "never"
-    preset-column-widths {
-        proportion 0.382
-        proportion 0.618
-        proportion 1.0
-    }
-    default-column-width { }
-    focus-ring {
-        off
-    }
-    border {
-        width 2
-        active-color "#555555"
-        inactive-color "#55555511"
-        urgent-color "#ff0000"
-    }
-    shadow {
-        on
-        softness 32
-        spread 4
-        offset x=0 y=0
-        color "#0007"
-    }
-}
-
-spawn-at-startup "wlsunset -l 51.05 -L 3.72"
-spawn-at-startup "waybar"
-
-hotkey-overlay {
-    skip-at-startup
-}
-
-prefer-no-csd
-
-screenshot-path "~/doc/screenshots/%Y-%m-%d %H-%M-%S.png"
-
-// https://yalter.github.io/niri/Configuration:-Animations
-animations {
-    slowdown 0.66
-}
-
-window-rule {
-    match app-id=r#"firefox$"# title="^Picture-in-Picture$"
-    open-floating true
-}
-
-window-rule {
-    match app-id=r#"^org\.keepassxc\.KeePassXC$"#
-    block-out-from "screen-capture"
-}
-
-window-rule {
-    geometry-corner-radius 0
-    clip-to-geometry true
-}
-
-gestures {
-  hot-corners {
-    off
-  }
-}
-
-binds {
-    Mod+Slash { show-hotkey-overlay; }
-
-    Mod+Return hotkey-overlay-title="Open a Terminal: kitty"     { spawn "kitty"; }
-    Mod+P hotkey-overlay-title="Run an Application: fuzzel"      { spawn "fuzzel"; }
-    Super+Alt+L hotkey-overlay-title="Lock the Screen: swaylock" { spawn "swaylock"; }
-
-    XF86AudioRaiseVolume allow-when-locked=true { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1+"; }
-    XF86AudioLowerVolume allow-when-locked=true { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1-"; }
-    XF86AudioMute        allow-when-locked=true { spawn-sh "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; }
-    XF86AudioMicMute     allow-when-locked=true { spawn-sh "wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle"; }
-
-    Mod+Shift+XF86Display { power-off-monitors; }
-    XF86MonBrightnessUp allow-when-locked=true   { spawn "brightnessctl" "--class=backlight" "set" "+10%"; }
-    XF86MonBrightnessDown allow-when-locked=true { spawn "brightnessctl" "--class=backlight" "set" "10%-"; }
-
-    Mod+O repeat=false            { toggle-overview; }
-    Mod+Delete repeat=false { close-window; }
-
-    Mod+H { focus-column-left; }
-    Mod+J { focus-window-or-workspace-down; }
-    Mod+K { focus-window-or-workspace-up; }
-    Mod+L { focus-column-right; }
-
-    Mod+Shift+H { move-column-left; }
-    Mod+Shift+J { move-window-down-or-to-workspace-down; }
-    Mod+Shift+K { move-window-up-or-to-workspace-up; }
-    Mod+Shift+L { move-column-right; }
-
-    Mod+Home      { focus-column-first; }
-    Mod+End       { focus-column-last; }
-    Mod+Ctrl+Home { move-column-to-first; }
-    Mod+Ctrl+End  { move-column-to-last; }
-
-    Mod+Left        { focus-monitor-left; }
-    Mod+Down        { focus-monitor-down; }
-    Mod+Up          { focus-monitor-up; }
-    Mod+Right       { focus-monitor-right; }
-    Mod+Shift+Left  { move-column-to-monitor-left; }
-    Mod+Shift+Down  { move-column-to-monitor-down; }
-    Mod+Shift+Up    { move-column-to-monitor-up; }
-    Mod+Shift+Right { move-column-to-monitor-right; }
-
-    Mod+Ctrl+Up   { move-workspace-down; }
-    Mod+Ctrl+Down { move-workspace-up; }
-
-    // Mod+WheelScrollDown       cooldown-ms=150 { focus-workspace-down; }
-    // Mod+WheelScrollUp         cooldown-ms=150 { focus-workspace-up; }
-    // Mod+Shift+WheelScrollDown cooldown-ms=150 { move-window-down-or-to-workspace-down; }
-    // Mod+Shift+WheelScrollUp   cooldown-ms=150 { move-window-up-or-to-workspace-up; }
-
-    // Mod+A { focus-workspace 1; }
-    // Mod+S { focus-workspace 2; }
-    // Mod+D { focus-workspace 3; }
-    // Mod+F { focus-workspace 4; }
-    // Mod+Shift+A { move-column-to-workspace 1; }
-    // Mod+Shift+S { move-column-to-workspace 2; }
-    // Mod+Shift+D { move-column-to-workspace 3; }
-    // Mod+Shift+F { move-column-to-workspace 4; }
-
-    Mod+Tab { focus-workspace-previous; }
-
-    Mod+BracketLeft  { consume-or-expel-window-left; }
-    Mod+BracketRight { consume-or-expel-window-right; }
-
-    Mod+Comma  { consume-window-into-column; }
-    Mod+Period { expel-window-from-column; }
-
-    Mod+N       { switch-preset-column-width; }
-    Mod+Shift+N { switch-preset-window-height; }
-    Mod+Ctrl+R  { reset-window-height; }
-
-    Mod+Space       { maximize-column; }
-    Mod+Shift+Space { fullscreen-window; }
-
-    Mod+Escape       { toggle-window-floating; }
-    Mod+Shift+Escape { switch-focus-between-floating-and-tiling; }
-
-    Mod+Ctrl+F { expand-column-to-available-width; }
-
-    Mod+C      { center-column; }
-    Mod+Ctrl+C { center-visible-columns; }
-
-    Mod+Minus       { set-column-width "-10%"; }
-    Mod+Equal       { set-column-width "+10%"; }
-    Mod+Shift+Minus { set-window-height "-10%"; }
-    Mod+Shift+Equal { set-window-height "+10%"; }
-
-    Mod+W { toggle-column-tabbed-display; }
-
-    Print      { screenshot; }
-    Ctrl+Print { screenshot-screen; }
-    Alt+Print  { screenshot-window; }
-
-    Mod+Shift+Delete { quit; }
-}

home/modules/desktop/niri/default.nix

@@ -1,18 +0,0 @@
-{ pkgs, ... }:
-
-{
-  imports = [
-    ../../fuzzel
-    ../../mako
-    ../../shikane
-    ../../waybar
-  ];
-
-  home = {
-    file.".config/niri/config.kdl".source = ./config.kdl;
-    packages = with pkgs; [
-      wl-clipboard
-      wlsunset
-    ];
-  };
-}

home/modules/firefox.nix

@@ -5,6 +5,9 @@
   nativeMessagingHosts = with pkgs; [
     tridactyl-native
   ];
+  policies = {
+    DefaultDownloadDirectory = "\${home}/dl";
+  };
   profiles = {
     default = {
       settings = {
@@ -54,7 +57,6 @@
     };
   };
   policies = {
-    DefaultDownloadDirectory = "\${home}/dl";
     ExtensionSettings = {
       "jid1-ZAdIEUB7XOzOJw@jetpack" = {
         default_area = "navbar";

home/modules/fuzzel/default.nix

@@ -1,28 +0,0 @@
-{
-  programs.fuzzel = {
-    enable = true;
-    settings = {
-      main = {
-        font = "Iosevka Term SS08";
-        horizontal-pad = 0;
-        vertical-pad = 0;
-      };
-      colors = {
-        background = "ccccccff";
-        text = "111111ff";
-        prompt = "ccccccff";
-        placeholder = "aaaaaaff";
-        input = "111111ff";
-        selection = "eeeeeeff";
-        selection-text = "111111ff";
-        selection-match = "333333ff";
-        counter = "111111ff";
-        border = "111111ff";
-      };
-      border = {
-        width = 2;
-        radius = 0;
-      };
-    };
-  };
-}

home/modules/keepassxc.nix

@@ -1,11 +1,4 @@
-{ pkgs, ... }:
-
 {
-  programs.keepassxc = {
+  enable = true;
-    enable = true;
+  # TODO: https://mynixos.com/home-manager/option/programs.keepassxc.settings
-    settings = {
-      Browser.Enabled = true;
-    };
-  };
-  # programs.firefox.nativeMessagingHosts = [ pkgs.keepassxc ]; # FIXME: Resolve 'Access error for config file $HOME/.config/keepassxc/keepassxc.ini' error
 }

home/modules/mako/default.nix

@@ -1,5 +0,0 @@
-{
-  services.mako = {
-    enable = true;
-  };
-}

home/modules/shikane/default.nix

@@ -1,6 +0,0 @@
-{ pkgs, ... }:
-
-{
-  home.packages = with pkgs; [ wdisplays ];
-  services.shikane.enable = true;
-}

home/modules/waybar/config.jsonc

@@ -1,57 +0,0 @@
-[
-  {
-    "height": 16,
-    "spacing": 4,
-    "modules-left": ["niri/workspaces"],
-    "modules-right": [
-      "pulseaudio",
-      "memory",
-      "cpu",
-      "network",
-      "clock",
-      "battery",
-    ],
-    "clock": {
-      "format": "W{:%V %d %b %H:%M}",
-      "tooltip-format": "{calendar}",
-      "format-alt": "{:%Y-%m-%d %H:%M:%S}",
-    },
-    "battery": {
-      "bat": "BAT0",
-      "adapter": "ADP1",
-      "interval": 5,
-      "full-at": 99,
-      "states": {
-        "good": 80,
-        "warning": 20,
-        "critical": 10,
-      },
-      "format": "{capacity}%--",
-      "format-charging": "{capacity}%++",
-      "format-plugged": "{capacity}%",
-      "format-alt": "{time} {power}W",
-    },
-    "pulseaudio": {
-      "format": "VOL {volume}%",
-      "format-muted": "muted",
-      "on-click": "pavucontrol",
-    },
-    "memory": {
-      "interval": 2,
-      "format": "RAM {percentage}%",
-      "format-alt": "RAM {used:0.1f}G/{total:0.1f}G",
-    },
-    "cpu": {
-      "interval": 2,
-      "format": "CPU {usage}%",
-      "format-alt": "CPU {avg_frequency}GHz",
-    },
-    "network": {
-      "interval": 5,
-      "format-wifi": "{ifname} {ipaddr} {essid}",
-      "format-ethernet": "{ifname} {ipaddr}",
-      "format-disconnected": "{ifname} disconnected",
-      "tooltip-format": "{ifname}: {ipaddr}/{cidr}",
-    },
-  },
-]

home/modules/waybar/default.nix

@@ -1,8 +0,0 @@
-{
-  programs.waybar = {
-    enable = true;
-  };
-
-  home.file.".config/waybar/config.jsonc".source = ./config.jsonc;
-  home.file.".config/waybar/style.css".source = ./style.css;
-}

home/modules/waybar/style.css

@@ -1,56 +0,0 @@
-* {
-  font-family:
-    Iosevka Term SS08,
-    monospace;
-  font-size: 12px;
-  border-radius: 0px;
-}
-
-.modules-left,
-.modules-center,
-.modules-right {
-  margin: 4px;
-  margin-bottom: 0;
-}
-
-window#waybar {
-  background-color: transparent;
-}
-
-window#waybar.hidden {
-  opacity: 0.2;
-}
-
-#workspaces button {
-  padding: 0;
-  background-color: transparent;
-}
-
-#workspaces button:hover {
-  background: #000000;
-}
-
-#workspaces button.focused,
-#workspaces button.active {
-  background-color: #111111;
-}
-
-#workspaces button.urgent {
-  background-color: #eb4d4b;
-}
-
-#clock,
-#battery,
-#pulseaudio,
-#memory,
-#cpu,
-#network {
-  padding: 0 4px;
-  color: #ffffff;
-  background-color: #111111;
-}
-
-#window,
-#workspaces {
-  margin: 0;
-}

hosts/andromache/default.nix

@@ -8,28 +8,27 @@
 
 let
   username = "h";
-  wolInterfaces = import ./wol-interfaces.nix;
 in
 {
   imports = [
-    ../../modules/common
+    ../../modules/common.nix
     inputs.disko.nixosModules.disko
     inputs.sops-nix.nixosModules.sops
     inputs.home-manager.nixosModules.default
     ./hard.nix
-    ../../modules/boot/bootloader.nix
+    ../../modules/bootloader.nix
-    (import ../../modules/disko/zfs-encrypted-root.nix {
+    (import ../../modules/disko.zfs-encrypted-root.nix {
       device = "/dev/nvme1n1";
       inherit lib;
       inherit config;
     })
-    ../../modules/desktops/niri
+    ../../modules/gnome.nix
-    ../../modules/bluetooth
+    ../../modules/bluetooth.nix
     ../../modules/keyboard
-    (import ../../modules/networking { hostName = "andromache"; })
+    (import ../../modules/networking.nix { hostName = "andromache"; })
-    ../../modules/users
+    ../../modules/users.nix
-    ../../modules/audio
+    ../../modules/audio.nix
-    ../../modules/localization
+    ../../modules/localization.nix
     ../../modules/fonts
     ../../modules/ssh/hardened-openssh.nix
     (import ../../modules/secrets {
@@ -37,11 +36,10 @@ in
       inherit inputs;
       inherit config;
     })
-    ../../modules/docker
+    ../../modules/docker.nix
   ];
 
   secrets.username = username;
-  docker.user = username;
 
   disko.devices = {
     disk.data = {
@@ -89,6 +87,10 @@ in
     };
   };
 
+  networking = {
+    hostId = "80eef97e";
+  };
+
   services.xserver = {
     videoDrivers = [ "nvidia" ];
   };
@@ -101,19 +103,17 @@ in
   services.syncthing = {
     enable = true;
     openDefaultPorts = true;
-    settings = {
+    folders = {
-      devices = {
+      "/home/${username}/sync" = {
-        # "device1" = {
+        id = "sync";
-        #   id = "DEVICE-ID-GOES-HERE";
+        devices = [ ];
-        # };
-      };
-      folders = {
-        "/home/${username}/sync" = {
-          id = "sync";
-          devices = [ ];
-        };
       };
     };
+    devices = {
+      # "device1" = {
+      #   id = "DEVICE-ID-GOES-HERE";
+      # };
+    };
   };
 
   services.locate = {
@@ -122,12 +122,9 @@ in
   };
 
   networking = {
-    # TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id
-    hostId = "80eef97e";
     interfaces = {
       eno1 = {
         wakeOnLan.enable = true;
-        macAddress = wolInterfaces.eno1.macAddress;
       };
     };
     firewall = {

hosts/andromache/wol-interfaces.nix

@@ -1,3 +0,0 @@
-{
-  eno1.macAddress = "02:68:b3:29:da:98";
-}

hosts/astyanax/default.nix

@@ -9,29 +9,28 @@
 let
   username = "h";
   hostName = "astyanax";
-  wolInterfaces = import ../andromache/wol-interfaces.nix;
 in
 {
   imports = [
-    ../../modules/common
+    ../../modules/common.nix
     inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e14-intel
     inputs.disko.nixosModules.disko
     inputs.sops-nix.nixosModules.sops
     inputs.home-manager.nixosModules.default
     ./hard.nix
-    ../../modules/boot/bootloader.nix
+    ../../modules/bootloader.nix
-    (import ../../modules/disko/zfs-encrypted-root.nix {
+    (import ../../modules/disko.zfs-encrypted-root.nix {
       inherit lib;
       inherit config;
       device = "/dev/nvme0n1";
     })
-    ../../modules/desktops/niri
+    ../../modules/gnome.nix
-    ../../modules/bluetooth
+    ../../modules/bluetooth.nix
     ../../modules/keyboard
-    (import ../../modules/networking { hostName = hostName; })
+    (import ../../modules/networking.nix { hostName = hostName; })
-    ../../modules/users
+    ../../modules/users.nix
-    ../../modules/audio
+    ../../modules/audio.nix
-    ../../modules/localization
+    ../../modules/localization.nix
     ../../modules/fonts
     ../../modules/ssh/hardened-openssh.nix
     (import ../../modules/secrets {
@@ -42,35 +41,9 @@ in
     })
   ];
 
-  hardware = {
-    cpu.intel.updateMicrocode = true;
-    # https://wiki.nixos.org/wiki/Intel_Graphics
-    graphics = {
-      enable = true;
-      extraPackages = with pkgs; [
-        intel-media-driver
-        vpl-gpu-rt
-      ];
-    };
-  };
-
-  # https://wiki.nixos.org/wiki/Intel_Graphics
-  environment.sessionVariables = {
-    LIBVA_DRIVER_NAME = "iHD";
-  };
-
   secrets.username = username;
 
-  environment.systemPackages = [
+  environment.systemPackages = [ inputs.nvim.packages.x86_64-linux.nvim ];
-    inputs.nvim.packages.x86_64-linux.nvim
-    (pkgs.writeShellApplication {
-      name = "wol-andromache";
-      runtimeInputs = [ pkgs.wakeonlan ];
-      text = ''
-        wakeonlan ${wolInterfaces.eno1.macAddress}
-      '';
-    })
-  ];
 
   home-manager = {
     useGlobalPkgs = true;
@@ -83,12 +56,9 @@ in
   };
 
   networking = {
-    # TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id
     hostId = "80eef97e";
   };
 
-  services.throttled.enable = false;
-
   services.openssh = {
     enable = true;
     harden = true;

hosts/hecuba/default.nix

@@ -1,60 +0,0 @@
-{ pkgs, ... }:
-
-# Also see <https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud>
-
-{
-  imports = [
-    ./hard.nix
-    ../../modules/common
-    ../../modules/ssh/hardened-openssh.nix
-  ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-label/nixos";
-    fsType = "ext4";
-  };
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-label/boot";
-    fsType = "ext4";
-  };
-  swapDevices = [
-    {
-      device = "/dev/disk/by-label/swap";
-    }
-  ];
-
-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/sda";
-
-  users.users = {
-    root.hashedPassword = "!";
-    username = {
-      isNormalUser = true;
-      extraGroups = [ "wheel" ];
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOXPEhdKOVnb6mkeLLUcFGt+mnUR5pMie17JtjrxwgO h@andromache"
-      ];
-    };
-  };
-
-  security.sudo.wheelNeedsPassword = false;
-
-  networking = {
-    firewall.enable = true;
-  };
-
-  environment.systemPackages = with pkgs; [
-    vim
-    git
-  ];
-
-  services.fail2ban = {
-    enable = true;
-    maxretry = 5;
-  };
-
-  services.openssh = {
-    enable = true;
-    harden = true;
-  };
-}

hosts/hecuba/hard.nix

@@ -1,37 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
-
-{
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
-
-  boot.initrd.availableKernelModules = [
-    "ahci"
-    "xhci_pci"
-    "virtio_pci"
-    "virtio_scsi"
-    "sd_mod"
-    "sr_mod"
-  ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-}

hosts/vm/default.nix

@@ -11,19 +11,19 @@ let
 in
 {
   imports = [
-    ../../modules/common
+    ../../modules/common.nix
     inputs.disko.nixosModules.disko
     inputs.sops-nix.nixosModules.sops
     inputs.home-manager.nixosModules.default
     ./hard.nix
     ./disk.nix
-    ../../modules/boot/bootloader.nix
+    ../../modules/bootloader.nix
     ../../modules/keyboard
-    (import ../../modules/networking { hostName = "vm"; })
+    (import ../../modules/networking.nix { hostName = "vm"; })
-    ../../modules/users
+    ../../modules/users.nix
-    ../../modules/audio
+    ../../modules/audio.nix
-    ../../modules/localization
+    ../../modules/localization.nix
-    ../../modules/x
+    ../../modules/x.nix
     ../../modules/fonts
     ../../modules/ssh/hardened-openssh.nix
     (import ../../modules/secrets {
@@ -33,7 +33,7 @@ in
     })
   ];
 
-  secrets.username = username;
+  secrets.username = "h";
 
   environment.systemPackages = [ inputs.nvim.packages.x86_64-linux.nvim ];
 

modules/audio.nix

@@ -9,5 +9,4 @@
     alsa.support32Bit = true;
     pulse.enable = true;
   };
-  services.pulseaudio.extraConfig = "load-module module-switch-on-connect";
 }

modules/bluetooth.nix

@@ -0,0 +1,3 @@
+{
+  hardware.bluetooth.enable = true;
+}

modules/bluetooth/default.nix

@@ -1,15 +0,0 @@
-{
-  hardware.bluetooth = {
-    enable = true;
-    powerOnBoot = true;
-    settings = {
-      General = {
-        Experimental = true;
-        FastConnectable = true;
-      };
-      Policy = {
-        AutoEnable = true;
-      };
-    };
-  };
-}

modules/desktops/niri/default.nix

@@ -1,8 +0,0 @@
-{
-  programs.niri.enable = true;
-
-  services.dbus.enable = true;
-  xdg = {
-    portal.enable = true;
-  };
-}

modules/docker.nix

@@ -0,0 +1,9 @@
+{
+  virtualisation.docker = {
+    enable = false;
+    rootless = {
+      enable = true;
+      setSocketVariable = true;
+    };
+  };
+}

modules/docker/default.nix

@@ -1,44 +0,0 @@
-{ config, lib, ... }:
-
-let
-  cfg = config.docker;
-in
-{
-  options.docker = {
-    rootless = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-    };
-    user = lib.mkOption {
-      type = lib.types.nullOr lib.types.str;
-      default = null;
-    };
-  };
-  config = lib.mkMerge [
-    {
-      warnings = lib.flatten [
-        (lib.optional (
-          cfg.rootless && cfg.user != null
-        ) "'virtualisation.docker.user' is ignored when rootless mode is enabled")
-        (lib.optional (
-          !cfg.rootless && cfg.user == null
-        ) "'virtualisation.docker.user' is not set (no user is added to the docker group)")
-      ];
-    }
-    (lib.mkIf cfg.rootless {
-      virtualisation.docker = {
-        enable = false;
-        rootless = {
-          enable = true;
-          setSocketVariable = true;
-        };
-      };
-    })
-    (lib.mkIf (!cfg.rootless && cfg.user != null) {
-      virtualisation.docker = {
-        enable = true;
-      };
-      users.users.${cfg.user}.extraGroups = [ "docker" ];
-    })
-  ];
-}

modules/k3s/default.nix

@@ -1,79 +0,0 @@
-{ pkgs, ... }:
-
-{
-  # TODO: see if this works with podman
-  # TODO: check if docker/podman is enabled
-
-  # Rootless K3S
-
-  # FIXME
-  environment.systemPackages = with pkgs; [
-    k3s
-    rootlesskit
-    slirp4netns
-  ];
-
-  # running K3S on rootless docker was causing the following error: "failed to find cpuset cgroup (v2)" (in `docker logs k3d-lab-server-0` output)
-  #
-  # see <https://docs.k3s.io/advanced#known-issues-with-rootless-mode>
-  # see <https://rootlesscontaine.rs/getting-started/common/cgroup2/>
-  # see <https://discourse.nixos.org/t/declarative-rootless-k3s/49839>
-  systemd.services."user@".serviceConfig.Delegate = "cpu cpuset io memory pids";
-
-  # taken from <https://github.com/k3s-io/k3s/blob/main/k3s-rootless.service> as described in <https://docs.k3s.io/advanced#known-issues-with-rootless-mode#Rootless>
-  systemd.user.services."k3s-rootless" = with pkgs; {
-    path = with pkgs; [
-      "${rootlesskit}"
-      "${slirp4netns}"
-      "${fuse-overlayfs}"
-      "${fuse3}"
-      "/run/wrappers"
-    ];
-    # systemd unit file for k3s (rootless)
-    #
-    # Usage:
-    # - [Optional] Enable cgroup v2 delegation, see https://rootlesscontaine.rs/getting-started/common/cgroup2/ .
-    #   This step is optional, but highly recommended for enabling CPU and memory resource limtitation.
-    #
-    # - Copy this file as `~/.config/systemd/user/k3s-rootless.service`.
-    #   Installing this file as a system-wide service (`/etc/systemd/...`) is not supported.
-    #   Depending on the path of `k3s` binary, you might need to modify the `ExecStart=/usr/local/bin/k3s ...` line of this file.
-    #
-    # - Run `systemctl --user daemon-reload`
-    #
-    # - Run `systemctl --user enable --now k3s-rootless`
-    #
-    # - Run `KUBECONFIG=~/.kube/k3s.yaml kubectl get pods -A`, and make sure the pods are running.
-    #
-    # Troubleshooting:
-    # - See `systemctl --user status k3s-rootless` to check the daemon status
-    # - See `journalctl --user -f -u k3s-rootless` to see the daemon log
-    # - See also https://rootlesscontaine.rs/
-    enable = true;
-    description = "k3s (Rootless)";
-    serviceConfig = {
-      # NOTE: Don't try to run `k3s server --rootless` on a terminal, as it doesn't enable cgroup v2 delegation.
-      # If you really need to try it on a terminal, prepend `systemd-run --user -p Delegate=yes --tty` to create a systemd scope.
-      ExecStart = "${k3s}/bin/k3s server --rootless --snapshotter=fuse-overlayfs";
-      ExecReload = "/run/current-system/sw/bin/kill -s HUP $MAINPID";
-      TimeoutSec = 0;
-      RestartSec = 2;
-      Restart = "always";
-      StartLimitBurst = 3;
-      StartLimitInterval = "60s";
-      LimitNOFILE = "infinity";
-      LimitNPROC = "infinity";
-      LimitCORE = "infinity";
-      TasksMax = "infinity";
-      Delegate = "yes";
-      Type = "simple";
-      KillMode = "mixed";
-    };
-
-    wantedBy = [ "default.target" ];
-  };
-
-  boot.kernel.sysctl = {
-    "net.ipv4.ip_forward" = 1;
-  };
-}

modules/secrets/default.nix

@@ -27,8 +27,6 @@ in
         "taskwarrior_sync_encryption_secret".owner = config.users.users.${cfg.username}.name;
         "email_personal".owner = config.users.users.${cfg.username}.name;
         "email_work".owner = config.users.users.${cfg.username}.name;
-        "anki_sync_user".owner = config.users.users.${cfg.username}.name;
-        "anki_sync_key".owner = config.users.users.${cfg.username}.name;
       };
 
       templates."taskrc.d/sync" = {

modules/ssh/hardened-openssh.nix

@@ -10,7 +10,6 @@ in
     services.openssh.settings = optionalAttrs cfg.harden {
       PermitRootLogin = "no";
       PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
       ChallengeResponseAuthentication = false;
       X11Forwarding = false;
       AllowAgentForwarding = false;

modules/x.nix

@@ -4,7 +4,7 @@
   services.xserver.windowManager.xmonad = {
     enable = true;
     enableContribAndExtras = true;
-    config = builtins.readFile ../../dots/.xmonad/xmonad.hs;
+    config = builtins.readFile ../dots/.xmonad/xmonad.hs;
   };
 
   services.xserver = {