update

yarn: fix steamos update flow
kernel: re-enable SND_PCI
2026-04-17 23:26:43 -04:00 · 2026-04-17 23:26:15 -04:00 · 2026-04-17 18:26:21 -04:00 · 2026-04-17 12:33:33 -04:00 · 2026-04-17 00:25:38 -04:00 · 2026-04-16 23:46:13 -04:00
36 changed files with 1538 additions and 821 deletions
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -0,0 +1,38 @@
 name: Build
 on:
  push:
    branches: [main]
 jobs:
  build:
    runs-on: nix
    steps:
      - uses: https://github.com/actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Unlock git-crypt
        run: |
          git-crypt unlock /run/agenix/git-crypt-key-dotfiles
      - name: Build NixOS configuration (yarn)
        run: |
          nix build .#nixosConfigurations.yarn.config.system.build.toplevel -L
      - name: Record yarn store path for pull-update
        continue-on-error: true
        run: |
          mkdir -p /var/lib/dotfiles-deploy
          readlink -f result > /var/lib/dotfiles-deploy/yarn
          nix-store --add-root /var/lib/dotfiles-deploy/yarn-gcroot -r "$(readlink -f result)"
      - name: Build NixOS configuration (mreow)
        run: |
          nix build .#nixosConfigurations.mreow.config.system.build.toplevel -L
      - name: Record mreow store path
        continue-on-error: true
        run: |
          mkdir -p /var/lib/dotfiles-deploy
          readlink -f result > /var/lib/dotfiles-deploy/mreow
          nix-store --add-root /var/lib/dotfiles-deploy/mreow-gcroot -r "$(readlink -f result)"
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
 /result
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -0,0 +1,168 @@
 # AGENTS.md
 ## Project Overview
 NixOS dotfiles for two hosts using Nix flakes + home-manager:
 - **mreow** — Framework 13 AMD AI 300 laptop, niri WM, greetd, swaylock
 - **yarn** — Desktop, Jovian-NixOS (Steam deck mode), impermanence, sddm, pull-based updates from CI
 Secrets in `system/secrets/` and `home-manager/secrets/` are encrypted with git-crypt. **Never read or write files in those directories.**
 ## Build & Deploy Commands
 ```sh
 # Build and apply (default: boot, or pass switch/test/build)
 ./deploy.sh              # nixos-rebuild boot --flake . --use-remote-sudo
 ./deploy.sh switch       # apply immediately
 ./deploy.sh test         # apply without adding boot entry
 ./deploy.sh build        # build only, no activation
 # Build a specific host without deploying
 nix build .#nixosConfigurations.mreow.config.system.build.toplevel -L
 nix build .#nixosConfigurations.yarn.config.system.build.toplevel -L
 # yarn pulls updates automatically on boot from the binary cache.
 # CI builds the yarn closure, records the store path, and Harmonia serves it.
 # To manually trigger the pull on yarn:
 systemctl start pull-update
 # Format all Nix files (uses nixfmt-tree, declared in flake.nix)
 nix fmt
 # Evaluate without building (quick syntax/type check)
 nix eval .#nixosConfigurations.mreow.config.system.build.toplevel --no-build 2>&1 | head -5
 nix eval .#nixosConfigurations.yarn.config.system.build.toplevel --no-build 2>&1 | head -5
 # Update flake inputs
 nix flake update
 nix flake update --input-name nixpkgs   # update a single input
 ```
 There are no tests. Validation is done by building the system configuration (`nix build -L`).
 Always append `-L` to `nix build` for verbose build logs.
 If nix complains a file isn't found, `git add` the file first — Nix flakes only see tracked files.
 ## Repository Structure
 ```
 flake.nix                          # Root flake: inputs, outputs, host definitions
 deploy.sh                          # Wrapper around nixos-rebuild
 system/
  common.nix                       # Shared system config (boot, audio, users, etc.)
  system-mreow.nix                 # Laptop-specific system config
  system-yarn.nix                  # Desktop-specific system config
  networking.nix                   # NetworkManager, DNS
  impermanence.nix                 # Ephemeral root for yarn
  disk_mreow.nix / disk_yarn.nix   # Disko disk layouts
  vm.nix                           # Virtualization (libvirt, waydroid)
  vr.nix / no-rgb.nix / steam.nix  # Feature modules
  secrets/                         # git-crypt encrypted, DO NOT READ
 home-manager/
  home-mreow.nix                   # Laptop home-manager entry point
  home-yarn.nix                    # Desktop home-manager entry point
  gui.nix                          # GUI packages + theming (imports no-gui.nix)
  no-gui.nix                       # CLI tools, dev toolchains, git config
  desktop.nix                      # Desktop environment (niri, dunst, swaylock, noctalia)
  wallpaper.png                    # Shared wallpaper
  progs/                           # One file per program
    fish.nix, alacritty.nix, emacs.nix, helix.nix, niri.nix, ...
    zen/                           # Zen Browser (multi-file: default.nix, ublock.nix, dark-reader.nix)
    opencode.nix                   # AI coding tools config
  util/                            # Helper derivations (blur.nix, inverse_color.nix)
  secrets/                         # git-crypt encrypted, DO NOT READ
 ```
 ## Import Hierarchy
 ```
 flake.nix
 ├─ system/system-{host}.nix → common.nix → networking.nix, vm.nix, steam.nix
 └─ home-manager/home-{host}.nix → gui.nix → no-gui.nix
                                  → desktop.nix → niri.nix, dunst.nix, swaylock.nix, noctalia.nix
 ```
 Adding a new program: create `home-manager/progs/myprog.nix`, import it from the appropriate layer (`gui.nix` for GUI apps, `no-gui.nix` for CLI tools, or `home-{host}.nix` for host-specific).
 ## Nix Code Style
 **Formatter**: `nixfmt-tree` — run `nix fmt` before committing. All style below conforms to what nixfmt-tree produces.
 ### Module Structure
 ```nix
 # Function arguments: destructured attrset, alphabetical-ish, always end with `...`
 { pkgs, lib, inputs, config, ... }:
 # Optional let bindings for local values
 let
  myThing = "value";
 in
 {
  imports = [
    ./other-module.nix
  ];
  # Configuration here
 }
 ```
 ### Conventions
 - **Indentation**: 2 spaces (enforced by nixfmt-tree)
 - **Imports**: relative paths (`./progs/fish.nix`), one per line in a list
 - **Package references**: use `lib.getExe pkgs.foo` for bin paths, not `${pkgs.foo}/bin/foo`
 - **Package lists**: group thematically with comments, use `with pkgs;` or `lib.concatLists` for multiple groups
 - **Unfree packages**: explicitly allowlisted per-file via `nixpkgs.config.allowUnfreePredicate`
 - **Comments**: lowercase, informal, `#` style. Use `# BUG!` or `# TODO!` prefixes for known issues
 - **No trailing commas**: Nix syntax does not support them
 - **Attribute sets**: opening brace on same line, closing brace aligned with the key
 - **Overlays**: imported inline within the module that needs them via `nixpkgs.overlays`
 - **Special args**: passed through `specialArgs` (system) or `extraSpecialArgs` (home-manager) in flake.nix — includes `inputs`, `username`, `hostname`, `niri-package`, `homeDirectory`, `stateVersion`
 ### Patterns Used
 ```nix
 # Package path references
 lib.getExe pkgs.swaylock        # preferred
 "${pkgs.avizo}/bin/volumectl"   # acceptable when lib.getExe doesn't work
 # Conditional/host-specific overrides
 lib.mkForce false               # override inherited values
 lib.mkDefault "value"           # set overridable defaults
 # Helper derivations (see home-manager/util/)
 pkgs.callPackage ../util/blur.nix       # for derivations that take { stdenv, ... }:
 # Combining package lists
 home.packages = with pkgs; lib.concatLists [
  [ pkg1 pkg2 ]   # group 1
  [ pkg3 pkg4 ]   # group 2
  someList         # from let binding
 ];
 ```
 ### Naming
 - **Host configs**: `system-{hostname}.nix`, `home-{hostname}.nix`, `disk_{hostname}.nix`
 - **Program modules**: `progs/{program-name}.nix` (one program per file)
 - **Utility derivations**: `util/{descriptive-name}.nix`
 - **Variables**: `snake_case` or `camelCase` (no strict rule, follow local context)
 ## Key Technical Details
 - **nixpkgs channel**: unstable (`nixos-unstable`)
 - **Secure boot**: lanzaboote with keys extracted from `system/secrets/secureboot.tar`
 - **Disk management**: disko
 - **Privilege escalation**: doas (sudo is disabled), shim at `doas-sudo-shim`
 - **Shell**: fish (bash redirects to fish via `programs.bash.interactiveShellInit`)
 - **Wayland**: niri compositor, xwayland-satellite for X11 compat
 - **Desktop shell**: noctalia-shell (bar, launcher, notifications)
 - **Git**: GPG signing enabled (`signByDefault = true`), default branch `main`
 - **Impermanence** (yarn only): root is ephemeral, `/persistent` holds state, home is bind-mounted
 ## Agent-Specific Instructions
 - If instructed to commit, **disable GPG signing** (`git commit --no-gpg-sign`).
 - Use `nix-shell -p <package>` if a tool is not available in the environment.
 - For `nix build`, always append `-L` for verbose logs.
 - If nix reports a missing file, run `git add <file>` first — flakes only see git-tracked files.
 - Do not read files under `system/secrets/` or `home-manager/secrets/`.
 - Run `nix fmt` after editing any `.nix` file.
 - Validate changes with `nix build .#nixosConfigurations.{host}.config.system.build.toplevel -L`.
--- a/README.md
+++ b/README.md
@@ -18,5 +18,4 @@ There is more that I'm using, but those are the main ones! Read my configs to ge
  - Got my background from [here](https://old.reddit.com/r/celestegame/comments/11dtgwg/all_most_of_the_backgrounds_in_celeste_edited/) and used the command `magick input.png -filter Point -resize 2880x1920! output.png` to upscale it bilinearly
 ## TODO!
 - [ ] further unify desktop and laptop configs
 - [ ] Seperate out common shell utilities into a module or some sort (could be used on other machines)
--- a/flake.lock
+++ b/flake.lock
@@ -12,11 +12,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1771437256,
+        "lastModified": 1776249299,
-        "narHash": "sha256-bLqwib+rtyBRRVBWhMuBXPCL/OThfokA+j6+uH7jDGU=",
+        "narHash": "sha256-Dt9t1TGRmJFc0xVYhttNBD6QsAgHOHCArqGa0AyjrJY=",
        "owner": "numtide",
        "repo": "blueprint",
-        "rev": "06ee7190dc2620ea98af9eb225aa9627b68b0e33",
+        "rev": "56131e8628f173d24a27f6d27c0215eff57e40dd",
        "type": "github"
      },
      "original": {
@@ -46,26 +46,59 @@
        ]
      },
      "locked": {
-        "lastModified": 1770895533,
+        "lastModified": 1776182890,
-        "narHash": "sha256-v3QaK9ugy9bN9RXDnjw0i2OifKmz2NnKM82agtqm/UY=",
+        "narHash": "sha256-+/VOe8XGq5klpU+I19D+3TcaR7o+Cwbq67KNF7mcFak=",
-        "owner": "nix-community",
+        "owner": "Mic92",
        "repo": "bun2nix",
-        "rev": "c843f477b15f51151f8c6bcc886954699440a6e1",
+        "rev": "648d293c51e981aec9cb07ba4268bc19e7a8c575",
        "type": "github"
      },
      "original": {
-        "owner": "nix-community",
+        "owner": "Mic92",
        "ref": "catalog-support",
        "repo": "bun2nix",
        "type": "github"
      }
    },
    "cachyos-kernel": {
      "flake": false,
      "locked": {
        "lastModified": 1776183001,
        "narHash": "sha256-lvLKB5dTqjO1S/YonS9ZyWemEjO6QXtN4D76rYEYy4s=",
        "owner": "CachyOS",
        "repo": "linux-cachyos",
        "rev": "4224303b6d7a50dd1cc3ffa78864050cc9536eec",
        "type": "github"
      },
      "original": {
        "owner": "CachyOS",
        "repo": "linux-cachyos",
        "type": "github"
      }
    },
    "cachyos-kernel-patches": {
      "flake": false,
      "locked": {
        "lastModified": 1776355454,
        "narHash": "sha256-b9Hc0sTxjEzDbphzS9yQqxVha/7bsPIs2cQQQvaG45E=",
        "owner": "CachyOS",
        "repo": "kernel-patches",
        "rev": "b5e029226df5cc30c103651072d49a7af2878202",
        "type": "github"
      },
      "original": {
        "owner": "CachyOS",
        "repo": "kernel-patches",
        "type": "github"
      }
    },
    "crane": {
      "locked": {
-        "lastModified": 1771796463,
+        "lastModified": 1773189535,
-        "narHash": "sha256-9bCDuUzpwJXcHMQYMS1yNuzYMmKO/CCwCexpjWOl62I=",
+        "narHash": "sha256-E1G/Or6MWeP+L6mpQ0iTFLpzSzlpGrITfU2220Gq47g=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "3d3de3313e263e04894f284ac18177bd26169bad",
+        "rev": "6fa2fb4cf4a89ba49fc9dd5a3eb6cde99d388269",
        "type": "github"
      },
      "original": {
@@ -74,28 +107,6 @@
        "type": "github"
      }
    },
    "deploy-rs": {
      "inputs": {
        "flake-compat": "flake-compat",
        "nixpkgs": [
          "nixpkgs"
        ],
        "utils": "utils"
      },
      "locked": {
        "lastModified": 1770019181,
        "narHash": "sha256-hwsYgDnby50JNVpTRYlF3UR/Rrpt01OrxVuryF40CFY=",
        "owner": "serokell",
        "repo": "deploy-rs",
        "rev": "77c906c0ba56aabdbc72041bf9111b565cdd6171",
        "type": "github"
      },
      "original": {
        "owner": "serokell",
        "repo": "deploy-rs",
        "type": "github"
      }
    },
    "disko": {
      "inputs": {
        "nixpkgs": [
@@ -120,11 +131,11 @@
    "doomemacs": {
      "flake": false,
      "locked": {
-        "lastModified": 1773029989,
+        "lastModified": 1776400245,
-        "narHash": "sha256-7TaTwmnyRLIxDcdRKFZrXhomqBFgHwr3GSIhNWLJKH4=",
+        "narHash": "sha256-RuQB1PxazI4DOw3O+rEVU2FPT0vP0Xb+Gp/M6Yqer20=",
        "owner": "doomemacs",
        "repo": "doomemacs",
-        "rev": "dd72eac1971616a6ebe81067cca33b14c148cbcd",
+        "rev": "860a91aaac235701f30b70fdc74259d438818968",
        "type": "github"
      },
      "original": {
@@ -143,11 +154,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1773075553,
+        "lastModified": 1776478519,
-        "narHash": "sha256-gkotfp7ATGhSftWqYZXmig4e4r5R9NLTX/E6InmrYyk=",
+        "narHash": "sha256-4TWCOVYe0iWEKuW7OH93nRI4Z7u68wNT6k9UJn0FZ5w=",
        "owner": "nix-community",
        "repo": "emacs-overlay",
-        "rev": "d7310453099e60245b42bdd372ae417fcf814d0d",
+        "rev": "513e332b074507e1b46992952e7d83f329f2c22c",
        "type": "github"
      },
      "original": {
@@ -156,18 +167,40 @@
        "type": "github"
      }
    },
    "firefox-addons": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
        "lastModified": 1776398575,
        "narHash": "sha256-WArU6WOdWxzbzGqYk4w1Mucg+bw/SCl6MoSp+/cZMio=",
        "owner": "rycee",
        "repo": "nur-expressions",
        "rev": "05815686caf4e3678f5aeb5fd36e567886ab0d30",
        "type": "gitlab"
      },
      "original": {
        "dir": "pkgs/firefox-addons",
        "owner": "rycee",
        "repo": "nur-expressions",
        "type": "gitlab"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1733328505,
+        "lastModified": 1767039857,
-        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
-        "owner": "edolstra",
+        "owner": "NixOS",
        "repo": "flake-compat",
-        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
        "type": "github"
      },
      "original": {
-        "owner": "edolstra",
+        "owner": "NixOS",
        "repo": "flake-compat",
        "type": "github"
      }
@@ -196,11 +229,29 @@
        ]
      },
      "locked": {
-        "lastModified": 1772408722,
+        "lastModified": 1775087534,
-        "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
+        "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
+        "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "type": "github"
      }
    },
    "flake-parts_2": {
      "inputs": {
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
        "lastModified": 1775087534,
        "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
        "type": "github"
      },
      "original": {
@@ -211,7 +262,7 @@
    },
    "flake-utils": {
      "inputs": {
-        "systems": "systems_2"
+        "systems": "systems"
      },
      "locked": {
        "lastModified": 1710146030,
@@ -256,11 +307,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1772985285,
+        "lastModified": 1776454077,
-        "narHash": "sha256-wEEmvfqJcl9J0wyMgMrj1TixOgInBW/6tLPhWGoZE3s=",
+        "narHash": "sha256-7zSUFWsU0+jlD7WB3YAxQ84Z/iJurA5hKPm8EfEyGJk=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "5be5d8245cbc7bc0c09fbb5f38f23f223c543f85",
+        "rev": "565e5349208fe7d0831ef959103c9bafbeac0681",
        "type": "github"
      },
      "original": {
@@ -315,11 +366,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1772824805,
+        "lastModified": 1776428236,
-        "narHash": "sha256-wKzFqaZEMY9u7aWYTLDXbfiIQgW8qs//CjsP90rWK3I=",
+        "narHash": "sha256-+0SyQglnT2xUiyY07155G+O7aUWISELwqtTnfURufRU=",
        "owner": "Jovian-Experiments",
        "repo": "Jovian-NixOS",
-        "rev": "d4eb38b82303760a5cbc0a8d7faf47d735ece5ef",
+        "rev": "eac78fc379ca47f7e21be8539c405e5fb489a857",
        "type": "github"
      },
      "original": {
@@ -361,11 +412,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1772216104,
+        "lastModified": 1776248416,
-        "narHash": "sha256-1TnGN26vnCEQk5m4AavJZxGZTb/6aZyphemRPRwFUfs=",
+        "narHash": "sha256-TC6yzbCAex1pDfqUZv9u8fVm8e17ft5fNrcZ0JRDOIQ=",
        "owner": "nix-community",
        "repo": "lanzaboote",
-        "rev": "dbe5112de965bbbbff9f0729a9789c20a65ab047",
+        "rev": "18e9e64bae15b828c092658335599122a6db939b",
        "type": "github"
      },
      "original": {
@@ -382,15 +433,15 @@
        "nixpkgs": [
          "nixpkgs"
        ],
-        "systems": "systems_3",
+        "systems": "systems_2",
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1773158563,
+        "lastModified": 1776482297,
-        "narHash": "sha256-VPvwW74LAdRnq0aFxft8aSn3dyX7cR4/y34orO1ey0g=",
+        "narHash": "sha256-KmsWPwtbO8vrlH/R9stIun0LKZ4PFSCCEdqWDeLgbTE=",
        "owner": "numtide",
        "repo": "llm-agents.nix",
-        "rev": "1b5bb4ebc886e51cc581eadd7926a47961951a1b",
+        "rev": "66c76393570f8fc4730caa2dc2d2c470fe33a3c9",
        "type": "github"
      },
      "original": {
@@ -413,11 +464,11 @@
        "xwayland-satellite-unstable": "xwayland-satellite-unstable"
      },
      "locked": {
-        "lastModified": 1773054080,
+        "lastModified": 1776435348,
-        "narHash": "sha256-wNuvInrOs6sivWkYoVPc3bLHAoYZ/3L3tBj0VDFNipc=",
+        "narHash": "sha256-qsZnMThxTqxCJZ7DEKu3DD3KjIPcuUBvZ0C9a2uIvaQ=",
        "owner": "sodiboo",
        "repo": "niri-flake",
-        "rev": "2a4de8b0b82d7879dc733cecc7233674441f7087",
+        "rev": "55b5b1fc9481ab267603a1099e5d4b4ebc7394d7",
        "type": "github"
      },
      "original": {
@@ -446,11 +497,11 @@
    "niri-unstable": {
      "flake": false,
      "locked": {
-        "lastModified": 1773048363,
+        "lastModified": 1776432730,
-        "narHash": "sha256-36/JS195C94HUdTWfwYb1mYsorJZ8lj37qXUPcSvRkc=",
+        "narHash": "sha256-Pq1ZVvRGq/IFiFH6vkNwMfZEpWk23NjgGdX50COdj/c=",
        "owner": "YaLTeR",
        "repo": "niri",
-        "rev": "bf142e0b48d9ffc9a776a82585ee37ac35f07f0c",
+        "rev": "c814c656c53ea9d69f5afb45c88f4dc4d25338cd",
        "type": "github"
      },
      "original": {
@@ -459,6 +510,31 @@
        "type": "github"
      }
    },
    "nix-cachyos-kernel": {
      "inputs": {
        "cachyos-kernel": "cachyos-kernel",
        "cachyos-kernel-patches": "cachyos-kernel-patches",
        "flake-compat": "flake-compat_2",
        "flake-parts": "flake-parts_2",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1776386586,
        "narHash": "sha256-eVAUaL/6n8mnmBiPpEVW1NDNVSKLWhYVfycG+P0SvWU=",
        "owner": "xddxdd",
        "repo": "nix-cachyos-kernel",
        "rev": "c65c3faf90ae07bae101c15ef502f0bcb06c5d74",
        "type": "github"
      },
      "original": {
        "owner": "xddxdd",
        "ref": "release",
        "repo": "nix-cachyos-kernel",
        "type": "github"
      }
    },
    "nix-doom-emacs-unstraightened": {
      "inputs": {
        "doomemacs": "doomemacs",
@@ -468,14 +544,14 @@
        "nixpkgs": [
          "nixpkgs"
        ],
-        "systems": "systems_4"
+        "systems": "systems_3"
      },
      "locked": {
-        "lastModified": 1773047055,
+        "lastModified": 1776419397,
-        "narHash": "sha256-KqUtQ/Rn05NPUOU6KwPT5GfZCcH+LNw4zzXVci4HPnc=",
+        "narHash": "sha256-vmWJwNYtQFexLG6r/v8Dlou/5z8FbFCLo3QqZ/stLYQ=",
        "owner": "marienz",
        "repo": "nix-doom-emacs-unstraightened",
-        "rev": "bbb63b1600ac4c26b97fea629323c7fb9859498e",
+        "rev": "7623dd4adbdf5f8a8464ecc5fd089e5c5cb5dada",
        "type": "github"
      },
      "original": {
@@ -523,11 +599,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1772972630,
+        "lastModified": 1775490113,
-        "narHash": "sha256-mUJxsNOrBMNOUJzN0pfdVJ1r2pxeqm9gI/yIKXzVVbk=",
+        "narHash": "sha256-2ZBhDNZZwYkRmefK5XLOusCJHnoeKkoN95hoSGgMxWM=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "3966ce987e1a9a164205ac8259a5fe8a64528f72",
+        "rev": "c775c2772ba56e906cbeb4e0b2db19079ef11ff7",
        "type": "github"
      },
      "original": {
@@ -539,11 +615,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1772963539,
+        "lastModified": 1776169885,
-        "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
+        "narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
+        "rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9",
        "type": "github"
      },
      "original": {
@@ -553,6 +629,21 @@
        "type": "github"
      }
    },
    "nixpkgs-lib": {
      "locked": {
        "lastModified": 1774748309,
        "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
        "rev": "333c4e0545a6da976206c74db8773a1645b5870a",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
        "type": "github"
      }
    },
    "noctalia": {
      "inputs": {
        "nixpkgs": [
@@ -561,11 +652,11 @@
        "noctalia-qs": "noctalia-qs"
      },
      "locked": {
-        "lastModified": 1773080291,
+        "lastModified": 1776302695,
-        "narHash": "sha256-3rJzXUYZOvAP7HvO9Atqm4/vyj96uus7iXNOk1yuvjI=",
+        "narHash": "sha256-xZc9o1JLQpmWn2Dqui323+Tq2Ai4sSdtdvbFZCs4qLo=",
        "owner": "noctalia-dev",
        "repo": "noctalia-shell",
-        "rev": "8be7a34b46d0cd9c615ac39db4efcc4529c67802",
+        "rev": "a7c724181fca5d1aff2d47b18fa733504cfdbda2",
        "type": "github"
      },
      "original": {
@@ -579,14 +670,16 @@
        "nixpkgs": [
          "noctalia",
          "nixpkgs"
-        ]
+        ],
        "systems": "systems_4",
        "treefmt-nix": "treefmt-nix_2"
      },
      "locked": {
-        "lastModified": 1772673824,
+        "lastModified": 1775957204,
-        "narHash": "sha256-TLHXPoELZA6VeuzC1Zpx+MnSsYzrJs+DSieMgfjAOJc=",
+        "narHash": "sha256-d4CVRtAty2GzDYXx4xYQmR+nlOjjKovyprQfZhgLckU=",
        "owner": "noctalia-dev",
        "repo": "noctalia-qs",
-        "rev": "f8531192cd09b9ea2e78d18e9cfc9d3dba498690",
+        "rev": "68e82fe34c68ee839a9c37e3466820e266af0c86",
        "type": "github"
      },
      "original": {
@@ -597,7 +690,7 @@
    },
    "pre-commit": {
      "inputs": {
-        "flake-compat": "flake-compat_2",
+        "flake-compat": "flake-compat",
        "gitignore": "gitignore",
        "nixpkgs": [
          "lanzaboote",
@@ -605,11 +698,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1771858127,
+        "lastModified": 1772893680,
-        "narHash": "sha256-Gtre9YoYl3n25tJH2AoSdjuwcqij5CPxL3U3xysYD08=",
+        "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "49bbbfc218bf3856dfa631cead3b052d78248b83",
+        "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
        "type": "github"
      },
      "original": {
@@ -620,9 +713,9 @@
    },
    "root": {
      "inputs": {
        "deploy-rs": "deploy-rs",
        "disko": "disko",
        "emacs-overlay": "emacs-overlay",
        "firefox-addons": "firefox-addons",
        "home-manager": "home-manager",
        "impermanence": "impermanence",
        "jovian-nixos": "jovian-nixos",
@@ -630,6 +723,7 @@
        "lanzaboote": "lanzaboote",
        "llm-agents": "llm-agents",
        "niri": "niri",
        "nix-cachyos-kernel": "nix-cachyos-kernel",
        "nix-doom-emacs-unstraightened": "nix-doom-emacs-unstraightened",
        "nix-flatpak": "nix-flatpak",
        "nixos-hardware": "nixos-hardware",
@@ -646,11 +740,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1773025773,
+        "lastModified": 1776481912,
-        "narHash": "sha256-Wik8+xApNfldpUFjPmJkPdg0RrvUPSWGIZis+A/0N1w=",
+        "narHash": "sha256-Xq7p+Ex3YHFAd+fFFLOYw2Wv67582X7SAmrEDtIDZQ4=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "3c06fdbbd36ff60386a1e590ee0cd52dcd1892bf",
+        "rev": "e611106c527e8ab0adbb641183cda284411d575c",
        "type": "github"
      },
      "original": {
@@ -706,16 +800,16 @@
    },
    "systems_4": {
      "locked": {
-        "lastModified": 1681028828,
+        "lastModified": 1689347949,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
        "owner": "nix-systems",
-        "repo": "default",
+        "repo": "default-linux",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
-        "repo": "default",
+        "repo": "default-linux",
        "type": "github"
      }
    },
@@ -727,11 +821,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1772660329,
+        "lastModified": 1775636079,
-        "narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=",
+        "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "3710e0e1218041bbad640352a0440114b1e10428",
+        "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
        "type": "github"
      },
      "original": {
@@ -740,21 +834,25 @@
        "type": "github"
      }
    },
-    "utils": {
+    "treefmt-nix_2": {
      "inputs": {
-        "systems": "systems"
+        "nixpkgs": [
          "noctalia",
          "noctalia-qs",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1731533236,
+        "lastModified": 1775636079,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
        "owner": "numtide",
-        "repo": "flake-utils",
+        "repo": "treefmt-nix",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
-        "repo": "flake-utils",
+        "repo": "treefmt-nix",
        "type": "github"
      }
    },
@@ -778,11 +876,11 @@
    "xwayland-satellite-unstable": {
      "flake": false,
      "locked": {
-        "lastModified": 1772429643,
+        "lastModified": 1773622265,
-        "narHash": "sha256-M+bAeCCcjBnVk6w/4dIVvXvpJwOKnXjwi/lDbaN6Yws=",
+        "narHash": "sha256-wToKwH7IgWdGLMSIWksEDs4eumR6UbbsuPQ42r0oTXQ=",
        "owner": "Supreeeme",
        "repo": "xwayland-satellite",
-        "rev": "10f985b84cdbcc3bbf35b3e7e43d1b2a84fa9ce2",
+        "rev": "a879e5e0896a326adc79c474bf457b8b99011027",
        "type": "github"
      },
      "original": {
@@ -801,11 +899,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1772945022,
+        "lastModified": 1776403742,
-        "narHash": "sha256-Fv14NttjL/7xfi6eVwrSEBAyBvDjI00RLiRNqA5apcw=",
+        "narHash": "sha256-ZmGY9XiOsuMS/THsSNkgp2fnc3asXQX/xRrQpWnY9nA=",
        "owner": "0xc000022070",
        "repo": "zen-browser-flake",
-        "rev": "3a6a5ca7fb48cc8fd8183386506a06579d1d79dc",
+        "rev": "ca7077bea5c830470437ea878da2a1940773324c",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -33,6 +33,11 @@
      inputs.home-manager.follows = "home-manager";
    };
    firefox-addons = {
      url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    niri = {
      url = "github:sodiboo/niri-flake";
      inputs.nixpkgs.follows = "nixpkgs";
@@ -58,12 +63,6 @@
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.home-manager.follows = "home-manager";
    };
    deploy-rs = {
      url = "github:serokell/deploy-rs";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    jovian-nixos = {
      url = "github:Jovian-Experiments/Jovian-NixOS";
      inputs.nixpkgs.follows = "nixpkgs";
@@ -74,6 +73,10 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nix-cachyos-kernel = {
      url = "github:xddxdd/nix-cachyos-kernel/release";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    llm-agents = {
      url = "github:numtide/llm-agents.nix";
      inputs.nixpkgs.follows = "nixpkgs";
@@ -92,7 +95,6 @@
      lanzaboote,
      nixos-hardware,
      home-manager,
      deploy-rs,
      jovian-nixos,
      ...
    }@inputs:
@@ -128,6 +130,9 @@
                {
                  # home-manager.useGlobalPkgs = true;
                  home-manager.useUserPackages = true;
                  home-manager.sharedModules = [
                    inputs.zen-browser.homeModules.twilight
                  ];
                  home-manager.extraSpecialArgs = {
                    inherit
                      inputs
@@ -146,14 +151,5 @@
          };
        }
      ) { } hostnames;
      # Deploy-rs configuration for yarn host only
      deploy.nodes.yarn = {
        hostname = "desktop";
        profiles.system = {
          sshUser = "root";
          path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.yarn;
        };
      };
    };
 }
--- a/home-manager/desktop.nix
+++ b/home-manager/desktop.nix
@@ -9,9 +9,6 @@
    # niri wayland compositor
    ./progs/niri.nix
    # statusbar
    # ./progs/eww/eww.nix
    # lockscreen
    ./progs/swaylock.nix
@@ -29,5 +26,4 @@
    # used by /etc/nixos logic to launch niri
    config.programs.niri.package
  ];
 }
--- a/home-manager/gui.nix
+++ b/home-manager/gui.nix
@@ -2,6 +2,7 @@
  pkgs,
  lib,
  inputs,
  config,
  ...
 }:
 {
@@ -12,6 +13,7 @@
    ./progs/emacs.nix
    # ./progs/trezor.nix # - broken
    ./progs/flatpak.nix
    ./progs/zen
  ];
  nixpkgs.config.allowUnfreePredicate =
@@ -34,7 +36,6 @@
      # browsers
      [
        tor-browser
        inputs.zen-browser.packages."${system}".twilight
        grayjay
      ]
@@ -171,7 +172,6 @@
  };
  home.sessionVariables = {
    BROWSER = "zen";
    LD_LIBRARY_PATH = "${pkgs.lib.makeLibraryPath [
      pkgs.stdenv.cc.cc
    ]}";
@@ -188,6 +188,8 @@
      package = pkgs.adw-gtk3;
      name = "adw-gtk3-dark";
    };
    # gtk4 apps use libadwaita natively, no theme package needed
    gtk4.theme = null;
    iconTheme = {
      package = pkgs.adwaita-icon-theme;
      name = "Adwaita";
--- a/home-manager/no-gui.nix
+++ b/home-manager/no-gui.nix
@@ -107,6 +107,11 @@ let
    units
    jq
    # DNS things
    dig
    bun
  ];
 in
@@ -114,7 +119,7 @@ in
  imports = [
    ./progs/fish.nix
    ./progs/helix.nix
-    ./progs/opencode.nix
+    ./progs/pi.nix
    (
      { ... }:
      {
@@ -206,8 +211,6 @@ in
        # power stuff
        powerstat
        nodePackages_latest.nodejs
        yt-dlp
      ]
      rust_pkgs
--- a/home-manager/progs/borg.nix
+++ b/home-manager/progs/borg.nix
@@ -8,7 +8,6 @@
        location = {
          sourceDirectories = (
            map (f: "${homeDirectory}/${f}") [
              ".zen"
              ".local/share/fish"
              ".ssh"
              "Documents"
@@ -16,18 +15,6 @@
              "Pictures"
              "school"
            ]
            ++ (map (f: ".config/Signal/${f}") [
              "stickers.noindex"
              "attachments.noindex"
              "downloads.noindex"
              "drafts.noindex"
              "sql"
              "IndexedDB"
              "Local Storage"
              "SharedStorage"
              "config.json"
              "Preferences"
            ])
          );
          excludeHomeManagerSymlinks = true;
--- a/home-manager/progs/doom.d/config.el
+++ b/home-manager/progs/doom.d/config.el
@@ -82,5 +82,16 @@
  (map! :map undo-fu-mode-map "C-?" #'undo-fu-only-redo))
 ;; Fix SPC p p slowness
 (after! projectile
  (setq projectile-indexing-method 'alien
        projectile-enable-caching nil
        projectile-project-search-path '("~/projects/"))
  (projectile-discover-projects-in-search-path))
 ;; Packages are already natively compiled by Nix; JIT recompilation
 ;; just wastes cycles (and the eln-cache is invalidated on every rebuild anyway)
 (setq native-comp-jit-compilation nil)
 ;; line wrapping
 (visual-line-mode t)
--- a/home-manager/progs/eww/config/eww.scss
+++ b/home-manager/progs/eww/config/eww.scss
@@ -1,109 +0,0 @@
 $background: #1e1e2e;
 $pink: #f5c2e7;
 $lavendar: #b4befe;
 $red: #f38ba8;
 $maroon: #eba0ac;
 $peach: #fab387;
 $yellow: #f9e2af;
 $green: #a6e3a1;
 $text: #cdd6f4;
 $subtext: #a6adc8;
 $surface: #585b70;
 * {
 	color: $text;
 	font-family: CaskaydiaCove Nerd Font Mono;
 	font-weight: 600;
 	font-size: 10pt;
 	padding: 0 1px;
 }
 .red {
 	color: $red;
 }
 .maroon {
 	color: $maroon;
 }
 .peach {
 	color: $peach;
 }
 .yellow {
 	color: $yellow;
 }
 .green {
 	color: $green;
 }
 .lavendar {
 	color: $lavendar;
 }
 .symbol {
 	color: $lavendar;
 	font-size: 20px;
 }
 .button {
 	* {
 		all: unset;
 		margin: 0 5px;
 		font-size: 14pt;
 		transition: color 0.2s ease-in-out;
 	}
 	&:hover * {
 		color: $pink;
 	}
 }
 .bluetooth * {
 	font-size: 10pt;
 	padding: 0 0.3em;
 }
 .padded>*:not(:last-child) {
 	padding: 0 10px;
 	border-right: 1px solid $surface;
 }
 .background {
 	border: 1px solid $pink;
 	background-color: $background;
 	border-radius: 12px;
 	opacity: 0.8;
 }
 scale trough {
 	margin: 0 10px;
 	border: none;
 	background-color: #FFF;
 	min-height: 3px;
 	min-width: 100px;
 	& slider {
 		box-shadow: none;
 		background-image: none;
 		border: none;
 		background-color: $pink;
 		min-width: 5pt;
 		min-height: 5pt;
 		margin: -5pt;
 	}
 	& highlight {
 		border: none;
 		background-color: $lavendar;
 	}
 }
 .clipboard {
 	color: $subtext;
 }
 .time {
 	padding-right: 10px;
 }
--- a/home-manager/progs/eww/config/eww.yuck
+++ b/home-manager/progs/eww/config/eww.yuck
@@ -1 +0,0 @@
 (include "./statusbar.yuck")
--- a/home-manager/progs/eww/config/scripts/currentWindow.sh
+++ b/home-manager/progs/eww/config/scripts/currentWindow.sh
@@ -1,17 +0,0 @@
 #!/usr/bin/env bash
 niri_data=$(niri msg --json focused-window)
 if [[ "$niri_data" == "null" ]]; then
    exit 0
 fi
 name=$(echo "$niri_data" | jq -r '.["app_id"], .["title"]' | tr '\n' ' ' | sed 's/.$//')
 proc_name=$(echo "$name" | head -c 55)
 # TODO! fix this logic, add a '...' at the end
 if [[ "$name" != "$proc_name" ]]; then
    proc_name="$proc_name..."
 fi
 echo "$proc_name"
--- a/home-manager/progs/eww/config/scripts/currentWorkspace.sh
+++ b/home-manager/progs/eww/config/scripts/currentWorkspace.sh
@@ -1,3 +0,0 @@
 #!/usr/bin/env fish
 niri msg --json workspaces | jq -r '.[] | select(.is_focused == true) | .["id"]'
--- a/home-manager/progs/eww/config/scripts/power_bat.rs
+++ b/home-manager/progs/eww/config/scripts/power_bat.rs
@@ -1,58 +0,0 @@
 #!/usr/bin/env rust-script
 use std::{fmt, fs::read_to_string, str::FromStr};
 const BASE_PATH: &str = "/sys/class/power_supply/BAT1/";
 const CURRENT_NOW_PATH: &str = "current_now";
 const VOLTAGE_NOW_PATH: &str = "voltage_now";
 const STATUS_PATH: &str = "status";
 const FACTOR: f32 = 1e6_f32;
 #[derive(Debug)]
 enum Status {
    Charging,
    Discharging,
    NotCharging,
 }
 impl FromStr for Status {
    type Err = &'static str;
    fn from_str(input: &str) -> Result<Status, Self::Err> {
        match input {
            "Charging" => Ok(Status::Charging),
            "Discharging" => Ok(Status::Discharging),
            "Not charging" => Ok(Status::NotCharging),
            _ => Err("unknown state"),
        }
    }
 }
 impl fmt::Display for Status {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        fmt::Debug::fmt(self, f)
    }
 }
 fn fetch_and_trim_into<T: FromStr<Err = impl fmt::Debug>>(path: &str) -> T {
    let mut content = read_to_string(BASE_PATH.to_owned() + path).unwrap();
    content.pop();
    T::from_str(&content).unwrap()
 }
 fn fetch_bat_info(path: &str) -> f32 {
    let value: f32 = fetch_and_trim_into(path);
    value / FACTOR
 }
 fn main() {
    let current_now: f32 = fetch_bat_info(CURRENT_NOW_PATH);
    let voltage_now: f32 = fetch_bat_info(VOLTAGE_NOW_PATH);
    let watts: f32 = current_now * voltage_now;
    let status: Status = fetch_and_trim_into(STATUS_PATH);
    println!(
        "voltage: {:.4}\ncurrent: {:.4}\nwatts: {:.4}\nstatus: {}",
        voltage_now, current_now, watts, status
    );
 }
--- a/home-manager/progs/eww/config/scripts/sound/getSink.sh
+++ b/home-manager/progs/eww/config/scripts/sound/getSink.sh
@@ -1,2 +0,0 @@
 #!/usr/bin/env sh
 wpctl inspect @DEFAULT_SINK@ | grep -E "^  +\* node\.description" | cut -d' ' -f6- | tr -d '"'
--- a/home-manager/progs/eww/config/scripts/sound/getVolume.sh
+++ b/home-manager/progs/eww/config/scripts/sound/getVolume.sh
@@ -1,22 +0,0 @@
 #!/usr/bin/env bash
 output=$(wpctl get-volume @DEFAULT_SINK@ | cut -d' ' -f2- | sed -E 's/\.//g' | sed 's/^0*//g')
 count=$(echo "$output" | awk -F, '{print $1+0}')
 muted=$(echo "$output" | cut -d'[' -f2 | cut -d ']' -f1)
 # if not muted, set to empty string
 if [ "$muted" == "$count" ]; then
  muted=""
 fi
 color="green"
 if ((count > 75)); then color="yellow"; fi
 if ((count > 90)); then color="peach"; fi
 if ((count > 100)); then color="maroon"; fi
 if ((count > 110)); then color="red"; fi
 output="${count}%"
 if [ "$muted" != "" ]; then
  output="${output} [${muted}]"
 fi
 echo "{\"count\":\"${output}\", \"color\":\"${color}\"}"
--- a/home-manager/progs/eww/config/scripts/wifiInfo.zsh
+++ b/home-manager/progs/eww/config/scripts/wifiInfo.zsh
@@ -1,23 +0,0 @@
 #!/usr/bin/env zsh
 export CHARSET=ASCII
 case $1 in
 	name)
 		nmcli -f IN-USE,SSID d w | grep '*' | sed 's/[\* ]//g' | cat
 		exit 0;;
 	strength)
 		str=$(nmcli -f ACTIVE,BARS d w | grep 'yes' | tr -d ' yesno')
 		case ${str: 0:-1} in
 		'****')
 			icon="󰤨"; colour="green";;
 		'***')
 			icon="󰤥"; colour="yellow";;
 		'**')
 			icon="󰤢"; colour="peach";;
 		'*')
 			icon="󰤟"; colour="maroon";;
 		*)
 			icon="󰤯"; colour="red";;
 		esac
 		echo "{\"icon\":\"$icon\",\"colour\":\"$colour\"}"
 		exit 0;;
 esac
--- a/home-manager/progs/eww/config/statusbar.yuck
+++ b/home-manager/progs/eww/config/statusbar.yuck
@@ -1,130 +0,0 @@
 (defwindow statusbar
    :monitor 0
    :stacking "fg"
    :exclusive true
    :geometry (geometry
               :y "0.5%"
               :width "100%"
               :height "24px"
               :anchor "top center")
    (statusbar))
 (defwidget statusbar []
  (centerbox
   (box :space-evenly false :halign 'start' :class 'padded'
        (window-title))
   (time)
   (box :space-evenly false :halign 'end' :class 'padded'
        (brightness-ctl)
        (brightness-ctl-opener)
        (volume)
        (battery)
        (bluetooth)
        (wifi))))
 (defwidget cmd-slider [?symbol value command max color]
           (box :space-evenly false
                (label :text symbol :class "symbol")
                (scale
                 :min 0 :max max
                 :value value
                 :round-digits 0
                 :timeout "200ms"
                 :onchange command)
                (label :text "${value}%" :class color)))
 (defpoll windowtitle :interval "1s" `scripts/currentWindow.sh`)
 (defwidget window-title []
  (label
   :text {windowtitle == "" ? "" : "(${windowtitle})"}))
 (defwidget brightness-ctl []
  (box :visible brightnessctl-open
       (cmd-slider :symbol "󰃠" :value brightness
                   :command `brightnessctl set {}%`
                   :max 101 :color {
                   brightness >= 80 ? "green" :
                   brightness >= 50 ? "yellow" :
                   brightness >= 30 ? "peach" :
                   brightness >= 10 ? "maroon" : "red"
                   })))
 (defpoll brightness :interval "1s" :run-while brightnessctl-open `brightnessctl -m | awk -F, '{print $4+0}'`)
 (defvar brightnessctl-open false)
 (defwidget brightness-ctl-opener []
  (eventbox :class "button"
    (button
      :onclick `${EWW_CMD} update brightnessctl-open=${!brightnessctl-open}`
    "󰃠")))
 (defwidget wifi []
  (eventbox
    :class "button ${wifi-strength.colour}"
    (label
      :text {wifi-strength.icon}
    :tooltip "Connected To: ${wifi-name}")))
 (defpoll wifi-strength :interval "10s" `scripts/wifiInfo.zsh strength`)
 (defpoll wifi-name :interval "1m" `scripts/wifiInfo.zsh name`)
 (defwidget bluetooth []
  (eventbox
    :class "bluetooth button ${ bluetooth-name != "" ? "green" : "lavendar" }"
    :onclick `blueman-manager &`
    (label
    :text "${bluetooth-name} 󰂯")))
 ; `FNR == 1 + head -c 30` so the name doesn't explode the screen
 (defpoll bluetooth-name :interval "10s" `bluetoothctl devices Connected | awk '$1 == "Device" {print $0}' | cut -d' ' -f3-`)
 (defwidget time []
  (box
    :space-evenly false
    :class "time"
    :tooltip {time.long}
    (label :class "yellow" :text {time.hour})
    (label :text ":")
    (label :class "yellow" :text {time.minute})))
 (defpoll time :interval "1s" `date +'{"long":"%a %b %e %H:%M:%S %Z %Y","hour":"%H","minute":"%M"}'`)
 (defpoll powerstats :interval "2s" `power_bat`)
 (defwidget battery []
  (box :space-evenly false
    :tooltip powerstats
    (label
      :text {EWW_BATTERY.BAT1.status == "Charging" ? "󰂄" :
      EWW_BATTERY.BAT1.capacity >= 90 ? "󰁹" :
      EWW_BATTERY.BAT1.capacity >= 80 ? "󰂂" :
      EWW_BATTERY.BAT1.capacity >= 70 ? "󰂁" :
      EWW_BATTERY.BAT1.capacity >= 60 ? "󰂀" :
      EWW_BATTERY.BAT1.capacity >= 50 ? "󰁿" :
      EWW_BATTERY.BAT1.capacity >= 40 ? "󰁾" :
      EWW_BATTERY.BAT1.capacity >= 30 ? "󰁽" :
      EWW_BATTERY.BAT1.capacity >= 20 ? "󰁼" :
      EWW_BATTERY.BAT1.capacity >= 10 ? "󰁻" : "󰁺"
      }
      :class {
      EWW_BATTERY.BAT1.capacity >= 80 ? "green" :
      EWW_BATTERY.BAT1.capacity >= 50 ? "yellow" :
      EWW_BATTERY.BAT1.capacity >= 30 ? "peach" :
      EWW_BATTERY.BAT1.capacity >= 10 ? "maroon" : "red"
    })
    (label :text "${EWW_BATTERY.BAT1.capacity}%" :class "yellow")))
 (defpoll volumevalue :interval "1s" `scripts/sound/getVolume.sh`)
 (defpoll volumesink :interval "1s" `scripts/sound/getSink.sh`)
 (defwidget volume []
  (eventbox :tooltip volumesink
  :onclick `pwvucontrol &`
  (label :text "${volumevalue.count}" :class {volumevalue.color})))
 (defpoll currentworkspace :interval "1s" `scripts/currentWorkspace.sh`)
--- a/home-manager/progs/eww/eww.nix
+++ b/home-manager/progs/eww/eww.nix
@@ -1,40 +0,0 @@
 {
  pkgs,
  lib,
  config,
  ...
 }:
 {
  home.packages = with pkgs; [
    zsh
    bluez
    brightnessctl
    (callPackage ./power_bat.nix { })
  ];
  programs.eww = {
    enable = true;
    configDir = ./config;
  };
  programs.niri.settings.spawn-at-startup = [
    {
      command = [
        (lib.getExe config.programs.eww.package)
        "-c"
        "${config.programs.eww.configDir}"
        "open"
        "statusbar"
      ];
    }
    # swaybg works on more than just sway (sets a wallpaper)
    {
      command = [
        (lib.getExe pkgs.swaybg)
        "-i"
        "${../wallpaper.png}"
      ];
    }
  ];
 }
--- a/home-manager/progs/eww/power_bat.nix
+++ b/home-manager/progs/eww/power_bat.nix
@@ -1,4 +0,0 @@
 { pkgs, lib, ... }:
 pkgs.writeShellScriptBin "power_bat" ''
  exec ${lib.getExe pkgs.rust-script} ${./config/scripts/power_bat.rs} "$@"
 ''
--- a/home-manager/progs/noctalia.nix
+++ b/home-manager/progs/noctalia.nix
@@ -12,6 +12,7 @@
  programs.noctalia-shell = {
    enable = true;
    package = pkgs.noctalia-shell;
    settings = {
      bar = {
        position = "top";
--- a/home-manager/progs/opencode.nix
+++ b/home-manager/progs/opencode.nix
@@ -1,187 +0,0 @@
 {
  config,
  lib,
  pkgs,
  inputs,
  ...
 }:
 let
  # what model should be used in place of haiku?
  haiku-model = "zai-coding-plan/glm-5";
  opus-model = "zai-coding-plan/glm-5";
  ohMyOpencodeConfig = {
    "$schema" =
      "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json";
    agents = {
      sisyphus.model = opus-model;
      sisyphus-junior.model = opus-model;
      oracle.model = opus-model;
      librarian.model = haiku-model;
      explore.model = haiku-model;
      multimodal-looker.model = "openrouter/qwen/qwen3-vl-30b-a3b-thinking";
      prometheus.model = opus-model;
      metis.model = opus-model;
      momus.model = opus-model;
      atlas.model = opus-model;
    };
    categories = {
      visual-engineering.model = "openrouter/google/gemini-3-pro";
      ultrabrain.model = opus-model;
      artistry = {
        model = "openrouter/google/gemini-3-pro";
        variant = "max";
      };
      quick.model = haiku-model;
      deep.model = opus-model;
      writing.model = "openrouter/google/gemini-3-flash-preview";
    };
  };
 in
 {
  home.packages = [
    inputs.llm-agents.packages.${pkgs.stdenv.hostPlatform.system}.oh-my-opencode
    pkgs.playwright-driver.browsers
  ];
  home.sessionVariables = {
    PLAYWRIGHT_BROWSERS_PATH = "${pkgs.playwright-driver.browsers}";
    PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD = "1";
  };
  xdg.configFile."opencode/oh-my-opencode.json".text = builtins.toJSON ohMyOpencodeConfig;
  xdg.configFile."opencode/skills/playwright.md".text =
    let
      browsers = pkgs.playwright-driver.browsers;
      chromiumDir = builtins.head (
        builtins.filter (n: builtins.match "chromium-[0-9]+" n != null) (
          builtins.attrNames browsers.passthru.entries
        )
      );
      chromiumPath = "${browsers}/${chromiumDir}/chrome-linux64/chrome";
    in
    ''
      ---
      name: playwright
      description: "MUST USE for any browser-related tasks. Browser automation via Playwright MCP - verification, browsing, information gathering, web scraping, testing, screenshots, and all browser interactions."
      mcp:
        playwright:
          command: npx
          args:
            - "@playwright/mcp@latest"
            - "--executable-path"
            - "${chromiumPath}"
            - "--user-data-dir"
            - "${config.home.homeDirectory}/.cache/playwright-mcp"
      ---
      # Playwright Browser Automation
      This skill provides browser automation capabilities via the Playwright MCP server.
    '';
  programs.opencode = {
    package = inputs.llm-agents.packages.${pkgs.stdenv.targetPlatform.system}.opencode;
    enable = true;
    rules = ''
      You are an intelligent and observant agent.
      If instructed to commit, disable gpg signing.
      You are on nixOS, if you don't have access to a tool, you can access it via the `nix-shell` command.
      ## Think deeply about everything.
      When given a problem, break it down, abstract it out, understand the fundamentals, then solve it in the real world.
      ## Misc
      For long-running commands, make sure you set the timeout of the Bash tool provided to a larger value.
      Do NOT read secret files. Do not directly read files that are api keys or are contextually sensitive.
      Do NOT run `skill_mcp [mcp_name=playwright, tool_name=browser_install]` as browsers are provided by NixOS via PLAYWRIGHT_BROWSERS_PATH.
      ## Behavior
      Do not be sycophantic in your responses.
      Do not use emojis unless explicitly asked to. This includes in code.
      Use Test Driven Development methodology.
      ## Nix
      For using `nix build` append `-L` to get better visibility into the logs.
      If you get an error that a file can't be found, always try to `git add` the file before trying other troubleshooting steps.
      ## Android UI Interaction Workflow Summary
      1. Taking Screenshots
      adb exec-out screencap -p > /tmp/screen.png
      Captures the current screen state as a PNG image.
      2. Analyzing Screenshots
      I delegate screenshot analysis to an explore agent rather than analyzing images directly:
      mcp_task(subagent_type="explore", prompt="Analyze /tmp/screen.png. What screen is this? What elements are visible?")
      The agent describes the UI, identifies elements, and estimates Y coordinates.
      3. Getting Precise Element Coordinates
      UI Automator dump - extracts the full UI hierarchy as XML:
      adb shell uiautomator dump /sdcard/ui.xml && adb pull /sdcard/ui.xml /tmp/ui.xml
      Then grep for specific elements:
      # Find by text
      grep -oP 'text="Login".*?bounds="[^"]*"' /tmp/ui.xml
      # Find by class
      grep -oP 'class="android.widget.EditText".*?bounds="[^"]*"' /tmp/ui.xml
      Bounds format: [left,top][right,bottom] → tap center: ((left+right)/2, (top+bottom)/2)
      4. Tapping Elements
      adb shell input tap X Y
      Where X, Y are pixel coordinates from the bounds.
      5. Text Input
      adb shell input text "some_text"
      Note: Special characters need escaping (\!, \;, etc.)
      6. Other Gestures
      # Swipe/scroll
      adb shell input swipe startX startY endX endY duration_ms
      # Key events
      adb shell input keyevent KEYCODE_BACK
      adb shell input keyevent KEYCODE_ENTER
      7. WebView Limitation
      - UI Automator can see WebView content if accessibility is enabled
      - Touch events on iframe content (like Cloudflare Turnstile) often fail due to cross-origin isolation
      - Form fields in WebViews work if you get exact bounds from the UI dump
      Typical Flow
      1. Take screenshot → analyze with explore agent (get rough layout)
      2. Dump UI hierarchy → grep for exact element bounds
         - NEVER ASSUME COORDINATES. You must ALWAYS check first.
         - Do this before ANY tap action as elements on the screen may of changed.
      3. Calculate center coordinates from bounds
      4. Tap/interact
      5. Wait → screenshot → verify result
    '';
    settings = {
      theme = "opencode";
      model = opus-model;
      # small model used for titles
      small_model = "openrouter/openai/gpt-oss-20b:free";
      autoshare = false;
      # note: this updates opencode (and plugins like oh-my-opencode) at launch,
      # bypassing the version pinned in flake.lock
      autoupdate = true;
      agent = { };
      plugin = [ "oh-my-opencode" ];
      provider = {
        openrouter = {
          models = {
            "openai/gpt-oss-20b:free" = { };
          };
          options = {
            # TODO! use agenix here instead
            apiKey = "{file:${../secrets/openrouter_api_key}}";
          };
        };
      };
    };
  };
 }
--- a/home-manager/progs/pi.nix
+++ b/home-manager/progs/pi.nix
@@ -0,0 +1,179 @@
 {
  config,
  lib,
  pkgs,
  inputs,
  ...
 }:
 let
  #   sisyphus/oracle/prometheus → default/slow/plan = opus
  #   librarian/explore/quick   → smol/commit = haiku
  ompSettings = {
    modelRoles = {
      default = "anthropic/claude-opus-4-7:high";
      smol = "anthropic/claude-haiku-4-5:low";
      slow = "anthropic/claude-opus-4-7:xhigh";
      plan = "anthropic/claude-opus-4-7:high";
      commit = "anthropic/claude-haiku-4-5:low";
    };
  };
  # provider config — secrets read at eval time via builtins.readFile
  # (omp treats apiKey as env-var-name-or-literal, not a shell command)
  ompModels = {
    providers = {
      openrouter = {
        apiKey = lib.strings.trim (builtins.readFile ../secrets/openrouter_api_key);
      };
      "llama.cpp" = {
        baseUrl = "https://llm.sigkill.computer";
        apiKey = lib.strings.trim (builtins.readFile ../secrets/llama_cpp_api_key);
        api = "openai-responses";
        authHeader = true;
        discovery.type = "llama.cpp";
      };
    };
  };
 in
 {
  home.packages = [
    (inputs.llm-agents.packages.${pkgs.stdenv.hostPlatform.system}.omp.overrideAttrs (old: {
      patches = (old.patches or [ ]) ++ [ ];
    }))
  ];
  # main settings: ~/.omp/agent/config.yml (JSON is valid YAML)
  home.file.".omp/agent/config.yml".text = builtins.toJSON ompSettings;
  # model/provider config: ~/.omp/agent/models.yml
  home.file.".omp/agent/models.yml".text = builtins.toJSON ompModels;
  # global instructions loaded at startup
  home.file.".omp/agent/AGENTS.md".text = ''
    You are an intelligent and observant agent.
    If instructed to commit, disable gpg signing.
    You are on nixOS, if you don't have access to a tool, you can access it via the `nix-shell` command.
    ## Think deeply about everything.
    When given a problem, break it down, abstract it out, understand the fundamentals, then solve it in the real world.
    ## Misc
    For long-running commands, make sure you set the timeout of the Bash tool provided to a larger value.
    Do NOT read secret files. Do not directly read files that are api keys or are contextually sensitive.
    ## Behavior
    Do not be sycophantic in your responses.
    Do not use emojis unless explicitly asked to. This includes in code.
    Use Test Driven Development methodology.
    ## Nix
    For using `nix build` append `-L` to get better visibility into the logs.
    If you get an error that a file can't be found, always try to `git add` the file before trying other troubleshooting steps.
  '';
  home.file.".omp/agent/skills/android-ui/SKILL.md".text = ''
    ---
    name: android-ui
    description: Android UI automation via ADB. Use for any Android device interaction, UI testing, screenshot analysis, element coordinate lookup, and gesture automation.
    ---
    # Android UI
    ## 1. Taking Screenshots
    ```
    adb exec-out screencap -p > /tmp/screen.png
    ```
    Captures the current screen state as a PNG image.
    ## 2. Analyzing Screenshots
    Read the screenshot file to understand the current screen state and identify UI elements.
    ## 3. Getting Precise Element Coordinates
    UI Automator dump - extracts the full UI hierarchy as XML:
    ```
    adb shell uiautomator dump /sdcard/ui.xml && adb pull /sdcard/ui.xml /tmp/ui.xml
    ```
    Then grep for specific elements:
    ```sh
    # Find by text
    grep -oP 'text="Login".*?bounds="[^"]*"' /tmp/ui.xml
    # Find by class
    grep -oP 'class="android.widget.EditText".*?bounds="[^"]*"' /tmp/ui.xml
    ```
    Bounds format: `[left,top][right,bottom]` — tap center: `((left+right)/2, (top+bottom)/2)`
    ## 4. Tapping Elements
    ```
    adb shell input tap X Y
    ```
    Where X, Y are pixel coordinates from the bounds.
    ## 5. Text Input
    ```
    adb shell input text "some_text"
    ```
    Note: Special characters need escaping (`\!`, `\;`, etc.)
    ## 6. Other Gestures
    ```sh
    # Swipe/scroll
    adb shell input swipe startX startY endX endY duration_ms
    # Key events
    adb shell input keyevent KEYCODE_BACK
    adb shell input keyevent KEYCODE_ENTER
    ```
    ## 7. WebView Limitation
    - UI Automator can see WebView content if accessibility is enabled
    - Touch events on iframe content (like Cloudflare Turnstile) often fail due to cross-origin isolation
    - Form fields in WebViews work if you get exact bounds from the UI dump
    ## Typical Flow
    1. Take screenshot → analyze it (get rough layout)
    2. Dump UI hierarchy → grep for exact element bounds
       - NEVER ASSUME COORDINATES. You must ALWAYS check first.
       - Do this before ANY tap action as elements on the screen may have changed.
    3. Calculate center coordinates from bounds
    4. Tap/interact
    5. Wait → screenshot → verify result
  '';
  # omp has a built-in browser tool with NixOS auto-detection,
  # but this skill provides playwright MCP as a supplementary option
  home.file.".omp/agent/skills/playwright/SKILL.md".text =
    let
      browsers = pkgs.playwright-driver.browsers;
      chromiumDir = builtins.head (
        builtins.filter (n: builtins.match "chromium-[0-9]+" n != null) (
          builtins.attrNames browsers.passthru.entries
        )
      );
      chromiumPath = "${browsers}/${chromiumDir}/chrome-linux64/chrome";
    in
    ''
      ---
      name: playwright
      description: Browser automation via Playwright MCP. Use as an alternative to the built-in browser tool for Playwright-specific workflows, testing, and web scraping. Chromium is provided by NixOS.
      ---
      # Playwright
      ## Browser Setup
      Chromium is provided by NixOS. Do NOT attempt to download browsers.
      - Chromium path: `${chromiumPath}`
      - Browsers path: `${browsers}`
      ## Usage
      Launch the Playwright MCP server for browser automation:
      ```bash
      npx @playwright/mcp@latest --executable-path "${chromiumPath}" --user-data-dir "${config.home.homeDirectory}/.cache/playwright-mcp"
      ```
      Set these environment variables if not already set:
      ```bash
      export PLAYWRIGHT_BROWSERS_PATH="${browsers}"
      export PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1
      ```
    '';
 }
--- a/home-manager/progs/zen/dark-reader.nix
+++ b/home-manager/progs/zen/dark-reader.nix
@@ -0,0 +1,164 @@
 # Dark Reader extension settings
 # Addon ID: addon@darkreader.org
 { lib }:
 let
  defaultTheme = {
    mode = 1;
    brightness = 100;
    contrast = 100;
    grayscale = 0;
    sepia = 0;
    useFont = false;
    fontFamily = "Open Sans";
    textStroke = 0;
    engine = "dynamicTheme";
    stylesheet = "";
    darkSchemeBackgroundColor = "#181a1b";
    darkSchemeTextColor = "#e8e6e3";
    lightSchemeBackgroundColor = "#dcdad7";
    lightSchemeTextColor = "#181a1b";
    scrollbarColor = "";
    selectionColor = "auto";
    styleSystemControls = false;
    lightColorScheme = "Default";
    darkColorScheme = "Default";
    immediateModify = false;
  };
  mkCustomTheme =
    {
      url,
      engine ? defaultTheme.engine,
      builtIn ? false,
    }:
    {
      inherit url;
      theme = defaultTheme // {
        inherit engine;
      };
    }
    // lib.optionalAttrs builtIn { inherit builtIn; };
 in
 {
  force = true;
  settings = {
    enabled = true;
    fetchNews = true;
    syncSettings = false;
    syncSitesFixes = false;
    changeBrowserTheme = false;
    enabledByDefault = false;
    enableForPDF = true;
    enableForProtectedPages = false;
    enableContextMenus = false;
    detectDarkTheme = true;
    previewNewDesign = false;
    previewNewestDesign = false;
    theme = defaultTheme;
    enabledFor = [
      "search.nixos.org"
      "quizlet.com"
      "claude.ai"
    ];
    disabledFor = [
      "cinny.envs.net"
      "element.envs.net"
      "mail.proton.me"
      "mail.google.com"
      "www.gardling.com"
      "projects.fivethirtyeight.com"
      "secure.bankofamerica.com"
      "billpay-ui.bankofamerica.com"
      "plus.pearson.com"
      "immich.gardling.com"
      "huggingface.co"
      "session.masteringphysics.com"
      "brainly.com"
      "www.270towin.com"
      "phet.colorado.edu"
      "8042-1.portal.athenahealth.com"
      "torrent.gardling.com"
      "nssb-p.adm.fit.edu"
      "mail.openbenchmarking.org"
      "moneroocean.stream"
      "app.diagrams.net"
      "books.gw-project.org"
      "chat.deepseek.com"
      "n21.ultipro.com"
      "www.egaroucid.nyanyan.dev"
      "bitmagnet.gardling.com"
      "frame.work"
      "www.altcancer.net"
      "jenkins.jpenilla.xyz"
      "soulseek.gardling.com"
      "discord.com"
      "www.lufthansa.com"
      "surveys.hyundaicx.com"
      "www.apple.com"
      "docs.google.com"
      "marcuspork.com"
      "en.akinator.com"
      "www.reddit.com"
      "terra.layoutit.com"
      "www.ebay.com"
      "www.nytimes.com"
      "app.electricitymaps.com"
      "www.revoy.com"
      "kagi.com"
      "www.bhphotovideo.com"
      "survey.stackoverflow.co"
      "www.google.com"
      "en.wikipedia.org"
      "workforcenow.adp.com"
      "app.element.io"
      "www.desmos.com"
      "en.wiktionary.org"
      "dariandean0.github.io"
    ];
    customThemes = [
      (mkCustomTheme {
        url = [ "*.officeapps.live.com" ];
        engine = "cssFilter";
        builtIn = true;
      })
      (mkCustomTheme {
        url = [ "*.sharepoint.com" ];
        engine = "cssFilter";
        builtIn = true;
      })
      (mkCustomTheme {
        url = [ "docs.google.com" ];
        engine = "cssFilter";
        builtIn = true;
      })
      (mkCustomTheme {
        url = [ "onedrive.live.com" ];
        engine = "cssFilter";
        builtIn = true;
      })
      (mkCustomTheme {
        url = [ "huggingface.co" ];
        engine = "svgFilter";
      })
      (mkCustomTheme {
        url = [ "www.last.fm" ];
        engine = "svgFilter";
      })
    ];
    automation = {
      enabled = false;
      mode = "";
      behavior = "OnOff";
    };
    time = {
      activation = "18:00";
      deactivation = "9:00";
    };
  };
 }
--- a/home-manager/progs/zen/default.nix
+++ b/home-manager/progs/zen/default.nix
@@ -0,0 +1,134 @@
 {
  pkgs,
  lib,
  inputs,
  config,
  ...
 }:
 let
  firefox-addons = inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system};
  buildFirefoxXpiAddon =
    inputs.firefox-addons.lib.${pkgs.stdenv.hostPlatform.system}.buildFirefoxXpiAddon;
  hacker-smacker = buildFirefoxXpiAddon {
    pname = "hacker-smacker";
    version = "2.2";
    addonId = "jid1-eo0mcXLTqCkaWA@jetpack";
    url = "https://addons.mozilla.org/firefox/downloads/file/4715262/hacker_smacker-2.2.xpi";
    sha256 = "d28f0597d5c4bae5db712b4875f4104120f7e55e5ea769c44d70996be31cc0d1";
    meta = with lib; {
      homepage = "https://www.hackersmacker.org";
      description = "Highlight (friend) and filter (foe) individual authors on Hacker News";
      license = licenses.mit;
      platforms = platforms.all;
    };
  };
  consumer-rights-wiki = buildFirefoxXpiAddon {
    pname = "consumer-rights-wiki";
    version = "1.0.34";
    addonId = "@crw-extension-firefox";
    url = "https://addons.mozilla.org/firefox/downloads/file/4730448/consumer_rights_wiki-1.0.34.xpi";
    sha256 = "732969ed4d5c7965b6254a1190a82ce4ab0ff44bda2295264eb8a22c452899ea";
    meta = with lib; {
      homepage = "https://github.com/FULU-Foundation/CRW-Extension";
      description = "Shows a popup when the site you're viewing has an article on the Consumer Rights Wiki";
      license = licenses.mit;
      platforms = platforms.all;
    };
  };
  ublockSettings = import ./ublock.nix { inherit lib; };
  darkReaderSettings = import ./dark-reader.nix { inherit lib; };
  redirectorSettings = import ./redirector.nix { inherit lib; };
 in
 {
  programs.zen-browser = {
    enable = true;
    profiles.default = {
      isDefault = true;
      extensions = {
        force = true;
        packages =
          (with firefox-addons; [
            bitwarden
            buster-captcha-solver
            consent-o-matic
            darkreader
            fastforwardteam
            localcdn
            redirector
            refined-github
            return-youtube-dislikes
            search-by-image # reverse image search
            ruffle_rs
            snowflake
            steam-database
            ublock-origin
          ])
          ++ [
            hacker-smacker
            consumer-rights-wiki
          ];
        settings = {
          "uBlock0@raymondhill.net" = ublockSettings;
          "addon@darkreader.org" = darkReaderSettings;
          "redirector@einaregilsson.com" = redirectorSettings;
        };
      };
      search = {
        force = true;
        default = "kagi";
        privateDefault = "ddg";
        order = [
          "kagi"
          "ddg"
          "google"
        ];
        engines = {
          kagi = {
            name = "Kagi";
            urls = [ { template = "https://kagi.com/search?q={searchTerms}"; } ];
            iconMapObj."16" = "https://kagi.com/favicon.ico";
            definedAliases = [ "@k" ];
          };
          google.metaData.alias = "@g";
        };
      };
      settings = {
        "identity.sync.tokenserver.uri" = "https://firefox-sync.sigkill.computer/1.0/sync/1.5";
        # auto-enable extensions on install
        "extensions.autoDisableScopes" = 0;
        # don't sync prefs/addons — we manage them declaratively via nix
        # syncing fights with the declarative config and can cause data loss
        # https://github.com/nix-community/home-manager/issues/6083
        "services.sync.engine.prefs" = false;
        "services.sync.engine.addons" = false;
        # use a separate default search engine in private windows
        "browser.search.separatePrivateDefault.ui.enabled" = true;
        "browser.search.separatePrivateDefault" = true;
        # disable built-in password manager — using bitwarden
        "signon.rememberSignons" = false;
        "signon.autofillForms" = false;
        "signon.management.page.breach-alerts.enabled" = false;
        "signon.formlessCapture.enabled" = false;
        "signon.privateBrowsingCapture.enabled" = false;
        # disable the autocomplete popup on login fields
        "signon.firefoxRelay.feature" = "";
        "signon.generation.enabled" = false;
        # disable passkey/webauthn prompts from the built-in manager
        "security.webauthn.enable_conditional_mediation" = false;
      };
    };
  };
  # Zen ignores XDG and hardcodes ~/.zen — symlink to module-managed path
  home.file.".zen".source = config.lib.file.mkOutOfStoreSymlink "${config.xdg.configHome}/zen";
  home.sessionVariables.BROWSER = "zen";
 }
--- a/home-manager/progs/zen/redirector.nix
+++ b/home-manager/progs/zen/redirector.nix
@@ -0,0 +1,75 @@
 # Redirector extension settings
 # Addon ID: redirector@einaregilsson.com
 #
 # To add a new redirect, just add another mkRedirect call to the list:
 #   (mkRedirect { from = "youtube.com"; to = "invidious.example.com"; description = "YouTube to Invidious"; })
 { lib }:
 let
  # helper to create a redirect rule from a simple domain mapping.
  # handles www. subdomains automatically. for other subdomains
  # (like old.reddit.com), create a separate rule with the full domain.
  mkRedirect =
    {
      from,
      to,
      description,
    }:
    let
      escapedFrom = builtins.replaceStrings [ "." ] [ "\\." ] from;
    in
    {
      inherit description;
      exampleUrl = "https://${from}/example";
      exampleResult = "https://${to}/example";
      error = null;
      includePattern = "^https?://(www\\.)?${escapedFrom}(.*)$";
      excludePattern = "";
      patternDesc = "";
      redirectUrl = "https://${to}$2";
      patternType = "R";
      processMatches = "noProcessing";
      disabled = false;
      grouped = false;
      appliesTo = [ "main_frame" ];
    };
 in
 {
  force = true;
  settings = {
    redirects = [
      (mkRedirect {
        from = "x.com";
        to = "xcancel.com";
        description = "X to xcancel";
      })
      (mkRedirect {
        from = "twitter.com";
        to = "xcancel.com";
        description = "Twitter to xcancel";
      })
      (mkRedirect {
        from = "reddit.com";
        to = "safereddit.com";
        description = "Reddit to Redlib";
      })
      (mkRedirect {
        from = "old.reddit.com";
        to = "safereddit.com";
        description = "Old Reddit to Redlib";
      })
      (mkRedirect {
        from = "new.reddit.com";
        to = "safereddit.com";
        description = "New Reddit to Redlib";
      })
      (mkRedirect {
        from = "np.reddit.com";
        to = "safereddit.com";
        description = "NP Reddit to Redlib";
      })
    ];
    disabled = false;
    logging = false;
    enableNotifications = false;
  };
 }
--- a/home-manager/progs/zen/ublock.nix
+++ b/home-manager/progs/zen/ublock.nix
@@ -0,0 +1,143 @@
 # uBlock Origin extension settings
 # Addon ID: uBlock0@raymondhill.net
 { lib }:
 {
  force = true;
  settings = {
    userSettings = {
      cloudStorageEnabled = true;
      externalLists = builtins.concatStringsSep "\n" [
        "https://abp.oisd.nl/"
        "https://filters.adtidy.org/extension/ublock/filters/3.txt"
        "https://gitflic.ru/project/magnolia1234/bypass-paywalls-clean-filters/blob/raw?file=bpc-paywall-filter.txt"
        "https://raw.githubusercontent.com/DetachHead/ublock-filters/refs/heads/master/list.txt"
        "https://raw.githubusercontent.com/laylavish/uBlockOrigin-HUGE-AI-Blocklist/main/list.txt"
      ];
      importedLists = [
        "https://abp.oisd.nl/"
        "https://filters.adtidy.org/extension/ublock/filters/3.txt"
        "https://gitflic.ru/project/magnolia1234/bypass-paywalls-clean-filters/blob/raw?file=bpc-paywall-filter.txt"
        "https://raw.githubusercontent.com/DetachHead/ublock-filters/refs/heads/master/list.txt"
        "https://raw.githubusercontent.com/laylavish/uBlockOrigin-HUGE-AI-Blocklist/main/list.txt"
      ];
      popupPanelSections = 15;
      prefetchingDisabled = false;
    };
    selectedFilterLists = [
      "user-filters"
      "ublock-filters"
      "ublock-badware"
      "ublock-privacy"
      "ublock-quick-fixes"
      "ublock-unbreak"
      "easylist"
      "adguard-generic"
      "adguard-mobile"
      "easyprivacy"
      "adguard-spyware-url"
      "block-lan"
      "urlhaus-1"
      "curben-phishing"
      "plowe-0"
      "dpollock-0"
      "fanboy-cookiemonster"
      "ublock-cookies-easylist"
      "adguard-cookies"
      "ublock-cookies-adguard"
      "fanboy-social"
      "adguard-social"
      "fanboy-thirdparty_social"
      "easylist-chat"
      "easylist-newsletters"
      "easylist-notifications"
      "easylist-annoyances"
      "adguard-mobile-app-banners"
      "adguard-other-annoyances"
      "adguard-popup-overlays"
      "adguard-widgets"
      "ublock-annoyances"
      "SWE-1"
      "https://filters.adtidy.org/extension/ublock/filters/3.txt"
      "https://gitflic.ru/project/magnolia1234/bypass-paywalls-clean-filters/blob/raw?file=bpc-paywall-filter.txt"
      "https://raw.githubusercontent.com/DetachHead/ublock-filters/refs/heads/master/list.txt"
      "https://raw.githubusercontent.com/laylavish/uBlockOrigin-HUGE-AI-Blocklist/main/list.txt"
      "https://abp.oisd.nl/"
    ];
    whitelist = [
      "chrome-extension-scheme"
      "moz-extension-scheme"
    ];
    dynamicFilteringString = builtins.concatStringsSep "\n" [
      "behind-the-scene * * noop"
      "behind-the-scene * inline-script noop"
      "behind-the-scene * 1p-script noop"
      "behind-the-scene * 3p-script noop"
      "behind-the-scene * 3p-frame noop"
      "behind-the-scene * image noop"
      "behind-the-scene * 3p noop"
    ];
    hostnameSwitchesString = builtins.concatStringsSep "\n" [
      "no-large-media: behind-the-scene false"
      "no-csp-reports: * true"
      "no-scripting: arstechnica.com true"
      "no-scripting: www.phoronix.com true"
      "no-scripting: www.theatlantic.com true"
      "no-scripting: wccftech.com true"
      "no-remote-fonts: www.theverge.com true"
      "no-scripting: www.theverge.com true"
      "no-scripting: gamersnexus.net true"
    ];
    "user-filters" = builtins.concatStringsSep "\n" [
      # Annoying fonts warning because of localCDN
      "docs.google.com##.jfk-butterBar-shown.jfk-butterBar-info.jfk-butterBar"
      # remove phoronix premium ad
      "www.phoronix.com##aside:nth-of-type(3)"
      "www.phoronix.com##aside.widget:nth-of-type(4)"
      # Remove instagram login screen
      "www.instagram.com##.x1nhvcw1.x1oa3qoh.x1qjc9v5.xqjyukv.xdt5ytf.x2lah0s.x1c4vz4f.x1odjw0f.xw2csxc.x1n2onr6.xo71vjh.x5pf9jr.x13lgxp2.x168nmei.x78zum5.xjbqb8w.x9f619"
      "www.instagram.com##.xl56j7k.x1iyjqo2.xdt5ytf.x78zum5.x9f619.x1qjc9v5"
      "www.instagram.com##.x1jfb8zj.x1qrby5j.x1n2onr6.x7ja8zs.x1t2pt76.x1lytzrv.xedcshv.xarpa2k.x3igimt.x12ejxvf.xaigb6o.x1beo9mf.x1h91t0o.x4k7w5x.x1uvtmcs"
      "www.instagram.com##.x1h0vfkc.x13vifvy.xixxii4.x17qophe.xds687c.x1ey2m1c"
      "www.instagram.com##.x1n2onr6.xg6iff7.xippug5.xdt5ytf.x78zum5"
      "www.instagram.com##.xzkaem6.x1n2onr6 > .xjx87ck.x1yqm8si.xfk6m8.xh8yej3.x13vifvy.x1rohswg.xixxii4.x1odjw0f.xw2csxc.x17qophe.x5yr21d.x1pq812k.x1ja2u2z.x9f619"
      # remove github dashboard copilot stuff
      "github.com##copilot-dashboard-entrypoint"
      "github.com##.hide-md.hide-sm.AppHeader-CopilotChat > react-partial-anchor"
      "github.com##react-partial-anchor > .AppHeader-buttonLeft.AppHeader-button.Button--medium.Button--secondary.Button--iconOnly.Button"
      "github.com##.Button.Button--medium.Button--secondary.AppHeader-button--dropdown.AppHeader-buttonRight.AppHeader-button"
      "github.com##.tooltipped-sw.tooltipped.AppHeader-buttonRight.color-fg-muted.AppHeader-button.Button--medium.Button--secondary.Button--iconOnly.Button"
      # github sidebar stuff
      ''github.com##.rounded-2.p-3.color-border-default.border.\<color-bg-default.dashboard-changelog.mb-3''
      "github.com##.mb-5.feed-right-sidebar"
      "app.howthemarketworks.com##div.reveal-overlay:nth-of-type(8)"
      # github copilot chat
      "github.com##.CopilotChatInputPartial-module__inputSection--UWMD6"
      "github.com##.CopilotChatInputPartial-module__inputContainer--EE6LJ"
      # reddit
      ''www.reddit.com##.font-normal > .mt-0.list-none.relative > .s\:rounded-2.bg-transparent.-outline-offset-1.py-2xs.cursor-pointer.hover\:no-underline.hover\:bg-neutral-background-hover.hover\:text-secondary-hover.text-secondary.gap-\[0\.5rem\].px-md.relative.justify-between.flex''
      "www.quora.com##.qu-bg--raised.qu-mb--small.qu-boxShadow--small.qu-borderColor--raised.qu-borderAll.dom_annotate_question_answer_item_0.q-box > div > div > div > div > div.q-box"
      "discord.com##.contentCollapsedWrapper__5f897"
      "www.statista.com###pdfpremiumArrowModal > .vueModal__overlay"
      # The AI summary BS
      ''www.reddit.com##.px-md.pb-\[22px\].pt-md.mt-md.rounded-4.bg-neutral-background-weak.xs\:block.hidden''
      "www.sciencedirect.com##.gXjxP.sc-fHSyaj"
    ];
  };
 }
--- a/home-manager/secrets/llama_cpp_api_key
+++ b/home-manager/secrets/llama_cpp_api_key
--- a/system/common.nix
+++ b/system/common.nix
@@ -1,5 +1,6 @@
 {
  config,
  options,
  pkgs,
  lib,
  username,
@@ -70,17 +71,214 @@
    # optimize the store
    optimise.automatic = true;
    # auto garbage collect old generations
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 30d";
    };
    settings = {
      # enable flakes!
-    settings.experimental-features = [
+      experimental-features = [
        "nix-command"
        "flakes"
      ];
      # Use muffin server as a binary cache
      substituters = [ "https://nix-cache.sigkill.computer" ];
      trusted-public-keys = [
        "nix-cache.sigkill.computer-1:ONtQC9gUjL+2yNgMWB68NudPySXhyzJ7I3ra56/NPgk="
      ];
      netrc-file = "${./secrets/nix-cache-netrc}";
    };
  };
  # cachyos kernel overlay
  nixpkgs.overlays = [ inputs.nix-cachyos-kernel.overlays.default ];
  # kernel options
  boot = {
-    kernelPackages = pkgs.linuxPackages_latest;
+
-    # kernelPackages = pkgs.linuxPackages;
+    # cachyos kernel: bore scheduler, full lto, x86_64-v3 (common to zen 3 + zen 5)
    kernelPackages =
      let
        helpers = pkgs.callPackage "${inputs.nix-cachyos-kernel}/helpers.nix" { };
        kernel = pkgs.cachyosKernels.linux-cachyos-bore-lto.override {
          lto = "full";
          processorOpt = "x86_64-v3";
        };
      in
      helpers.kernelModuleLLVMOverride (pkgs.linuxKernel.packagesFor kernel);
    # disable legacy subsystems neither host will ever use
    kernelPatches = [
      {
        name = "disable-legacy-subsystems";
        patch = null;
        structuredExtraConfig = with lib.kernel; {
          # ancient bus/card standards
          PCMCIA = lib.mkForce no;
          PCCARD = lib.mkForce no;
          PARPORT = lib.mkForce no;
          GAMEPORT = lib.mkForce module;
          FIREWIRE = lib.mkForce no;
          AGP = lib.mkForce no;
          # legacy networking
          ATM = lib.mkForce no;
          FDDI = lib.mkForce no;
          ISDN = lib.mkForce no;
          CAN = lib.mkForce no;
          NFC = lib.mkForce no;
          INFINIBAND = lib.mkForce no;
          # amateur radio (HAMRADIO is the umbrella but these are separate symbols)
          HAMRADIO = lib.mkForce no;
          AX25 = lib.mkForce no;
          NETROM = lib.mkForce no;
          ROSE = lib.mkForce no;
          # dead protocols
          PHONET = lib.mkForce no;
          IEEE802154 = lib.mkForce no;
          "6LOWPAN" = lib.mkForce no;
          NET_9P = lib.mkForce no;
          BATMAN_ADV = lib.mkForce no;
          # tv tuners / digital video broadcasting
          MEDIA_ANALOG_TV_SUPPORT = lib.mkForce no;
          MEDIA_DIGITAL_TV_SUPPORT = lib.mkForce no;
          DVB_CORE = lib.mkForce no;
          # hypervisor guest support (bare metal only)
          HYPERV = lib.mkForce no;
          XEN = lib.mkForce no;
          VMWARE_VMCI = lib.mkForce no;
          VMWARE_BALLOON = lib.mkForce no;
          VMWARE_PVSCSI = lib.mkForce no;
          VMWARE_VMCI_VSOCKETS = lib.mkForce no;
          VMXNET3 = lib.mkForce no;
          DRM_VMWGFX = lib.mkForce no;
          VBOXGUEST = lib.mkForce no;
          VBOXSF_FS = lib.mkForce no;
          # staging drivers (experimental/unmaintained)
          STAGING = lib.mkForce no;
          # SND_PCI stays — SND_HDA_INTEL (AMD HDA audio) lives under it
          ACCESSIBILITY = lib.mkForce no;
          MTD = lib.mkForce no;
          MEDIA_RC_SUPPORT = lib.mkForce no;
          # legacy storage (AHCI for modern SATA is independent)
          ATA_SFF = lib.mkForce no;
          SCSI_LOWLEVEL = lib.mkForce no;
          FUSION = lib.mkForce no;
          # misc legacy
          MOST = lib.mkForce no;
          PPDEV = lib.mkForce no;
          PHANTOM = lib.mkForce no;
          X86_ANDROID_TABLETS = lib.mkForce no;
          # CHROME_PLATFORMS stays — Framework laptops use CrOS EC
          SURFACE_PLATFORMS = lib.mkForce no;
          MCTP = lib.mkForce no;
          GPIB = lib.mkForce no;
          SIOX = lib.mkForce no;
          SLIMBUS = lib.mkForce no;
          WWAN = lib.mkForce no;
          # nvidia gpu
          DRM_NOUVEAU = lib.mkForce no;
          # other gpus not present
          DRM_RADEON = lib.mkForce no;
          DRM_GMA500 = lib.mkForce no;
          DRM_AST = lib.mkForce no;
          DRM_MGAG200 = lib.mkForce no;
          DRM_HISI_HIBMC = lib.mkForce no;
          DRM_APPLETBDRM = lib.mkForce no;
          # intel gpu
          DRM_I915 = lib.mkForce no;
          DRM_XE = lib.mkForce no;
          # intel cpu / platform
          INTEL_IOMMU = lib.mkForce no;
          INTEL_IDLE = lib.mkForce no;
          INTEL_HFI_THERMAL = lib.mkForce no;
          INTEL_TCC_COOLING = lib.mkForce no;
          INTEL_SOC_DTS_THERMAL = lib.mkForce no;
          INTEL_PCH_THERMAL = lib.mkForce no;
          INTEL_POWERCLAMP = lib.mkForce no;
          X86_PKG_TEMP_THERMAL = lib.mkForce no;
          X86_INTEL_LPSS = lib.mkForce no;
          INTEL_MEI = lib.mkForce no;
          INTEL_TH = lib.mkForce no;
          INTEL_VSEC = lib.mkForce no;
          INTEL_IDXD = lib.mkForce no;
          INTEL_IOATDMA = lib.mkForce no;
          EDAC_E752X = lib.mkForce no;
          EDAC_I82975X = lib.mkForce no;
          EDAC_I3000 = lib.mkForce no;
          EDAC_I3200 = lib.mkForce no;
          EDAC_IE31200 = lib.mkForce no;
          EDAC_X38 = lib.mkForce no;
          EDAC_I5400 = lib.mkForce no;
          EDAC_I7CORE = lib.mkForce no;
          EDAC_I5100 = lib.mkForce no;
          EDAC_I7300 = lib.mkForce no;
          EDAC_SBRIDGE = lib.mkForce no;
          EDAC_SKX = lib.mkForce no;
          EDAC_I10NM = lib.mkForce no;
          EDAC_IMH = lib.mkForce no;
          EDAC_PND2 = lib.mkForce no;
          EDAC_IGEN6 = lib.mkForce no;
          # intel audio
          SND_SOC_SOF_INTEL_TOPLEVEL = lib.mkForce no;
          SND_SOC_INTEL_SST_TOPLEVEL = lib.mkForce no;
          # mellanox networking
          MLX4_CORE = lib.mkForce no;
          MLX5_CORE = lib.mkForce no;
          MLXSW_CORE = lib.mkForce no;
          MLX_PLATFORM = lib.mkForce no;
          # fpga
          FPGA = lib.mkForce no;
          # old x86 cpufreq / platform (both systems are modern Zen)
          AMD_NUMA = lib.mkForce no;
          X86_POWERNOW_K8 = lib.mkForce no;
          X86_P4_CLOCKMOD = lib.mkForce no;
          X86_SPEEDSTEP_LIB = lib.mkForce no;
          # cxl (datacenter memory expansion)
          CXL_BUS = lib.mkForce no;
          # embedded SoC peripherals (not present on desktop/laptop)
          INPUT_TOUCHSCREEN = lib.mkForce no;
          INPUT_TABLET = lib.mkForce no;
          INPUT_JOYSTICK = lib.mkForce no;
          MEDIA_PLATFORM_DRIVERS = lib.mkForce no;
          MEDIA_TEST_SUPPORT = lib.mkForce no;
          # deprecated userland compat
          SGETMASK_SYSCALL = lib.mkForce no;
          UID16 = lib.mkForce no;
          X86_X32_ABI = lib.mkForce no;
        };
      }
    ];
    # aes_generic is built-in as of linux 7.0, no longer a loadable module
    initrd.luks.cryptoModules = lib.mkForce (
      lib.filter (m: m != "aes_generic") options.boot.initrd.luks.cryptoModules.default
    );
    # some default initrd modules (ata_piix etc) don't exist with ATA_SFF=n
    initrd.allowMissingModules = true;
    lanzaboote = {
      enable = true;
@@ -127,6 +325,7 @@
      # 1gb huge pages
      "hugepagesz=1G"
      "hugepages=3"
    ];
  };
@@ -169,7 +368,13 @@
    power-profiles-daemon.enable = true;
    # geolocation (uses beacondb.net by default)
-    geoclue2.enable = true;
+    geoclue2 = {
      enable = true;
      appConfig.zen-twilight = {
        isAllowed = true;
        isSystem = false;
      };
    };
  };
  # EST
@@ -206,8 +411,7 @@
  # Enable sound with pipewire.
  services.pulseaudio.enable = false; # pipewire >>>>>>> pulseaudio
-  # BUG! disable rtkit in order to fix mumble: https://github.com/NixOS/nixpkgs/issues/392992#issuecomment-2799867278
+  security.rtkit.enable = true;
  security.rtkit.enable = false;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
--- a/system/networking.nix
+++ b/system/networking.nix
@@ -9,7 +9,7 @@
    networkmanager = {
      enable = true;
-      insertNameservers = [
+      appendNameservers = [
        "1.1.1.1"
        "9.9.9.9"
      ];
--- a/system/secrets/nix-cache-netrc
+++ b/system/secrets/nix-cache-netrc
--- a/system/system-mreow.nix
+++ b/system/system-mreow.nix
@@ -14,12 +14,6 @@
    inputs.nixos-hardware.nixosModules.framework-amd-ai-300-series
  ];
  # Disable PSR, PSR-SU, and Panel Replay to fix display hangs and corruption.
  # Panel Replay requires PSR/PSR-SU to also be disabled to avoid issues.
  # This overrides nixos-hardware's 0x10 with 0x410 (last value wins in kernel cmdline).
  # https://github.com/NixOS/nixos-hardware/pull/1692
  boot.kernelParams = lib.mkAfter [ "amdgpu.dcdebugmask=0x410" ];
  hardware.framework.laptop13.audioEnhancement.rawDeviceName =
    lib.mkDefault "alsa_output.pci-0000_c1_00.6.analog-stereo";
@@ -30,6 +24,29 @@
  # if I move to another lock screen program, i will have to replace `swaylock`
  security.pam.services.swaylock = { };
  # Kernel-level power tuning. These are boot-time / module-load-time settings
  # that power-profiles-daemon (in common.nix) does not manage. ppd handles
  # governor and EPP at runtime; these cover everything else.
  boot.kernelParams = [
    # Disable NMI watchdog. Eliminates periodic perf-counter interrupts
    # across all cores (~1 W). Kernel softlockup watchdog remains active.
    "nmi_watchdog=0"
    # Route kernel work items to already-busy CPUs rather than waking idle
    # ones. Reduces C-state exit frequency -- significant on battery where
    # cores idle often.
    "workqueue.power_efficient=1"
  ];
  boot.kernel.sysctl."kernel.nmi_watchdog" = 0;
  # Power-gate the HDA codec between audio activity. 1-second inactivity
  # timeout; controller powers down fully. Wakes transparently on next
  # audio event -- no audible artifacts on Framework 13 AMD.
  boot.extraModprobeConfig = ''
    options snd_hda_intel power_save=1 power_save_controller=Y
  '';
  # Greetd display manager
  services.greetd = {
    enable = true;
--- a/system/system-yarn.nix
+++ b/system/system-yarn.nix
@@ -64,6 +64,7 @@
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5ZYN6idL/w/mUIfPOH1i+Q/SQXuzAMQUEuWpipx1Pc ci-deploy@muffin"
  ];
  programs.steam = {
@@ -74,12 +75,54 @@
  # LACT (Linux AMDGPU Configuration Tool): https://github.com/ilya-zlobintsev/LACT
  environment.systemPackages = with pkgs; [
    lact
    jovian-stubs
  ];
  systemd.packages = with pkgs; [ lact ];
  systemd.services.lactd.wantedBy = [ "multi-user.target" ];
  systemd.services.lactd.serviceConfig.ExecStartPre = "${lib.getExe pkgs.bash} -c \"sleep 3s\"";
  # root-level service that applies a pending update. Triggered by
  # steamos-update (via systemctl start) when the user accepts an update.
  # Runs as root so it can write the system profile and boot entry.
  systemd.services.pull-update-apply = {
    description = "Apply pending NixOS update pulled from binary cache";
    serviceConfig = {
      Type = "oneshot";
      ExecStart = pkgs.writeShellScript "pull-update-apply" ''
        set -uo pipefail
        export PATH=${
          pkgs.lib.makeBinPath [
            pkgs.curl
            pkgs.coreutils
            pkgs.nix
          ]
        }
        STORE_PATH=$(curl -sf --max-time 30 "https://nix-cache.sigkill.computer/deploy/yarn" || true)
        if [ -z "$STORE_PATH" ]; then
          echo "server unreachable"
          exit 1
        fi
        echo "applying $STORE_PATH"
        nix-store -r "$STORE_PATH" || { echo "fetch failed"; exit 1; }
        nix-env -p /nix/var/nix/profiles/system --set "$STORE_PATH" || { echo "profile set failed"; exit 1; }
        "$STORE_PATH/bin/switch-to-configuration" boot || { echo "boot entry failed"; exit 1; }
        echo "update applied; reboot required"
      '';
    };
  };
  # Allow primary user to start pull-update-apply.service without a password
  security.polkit.extraConfig = ''
    polkit.addRule(function(action, subject) {
      if (action.id == "org.freedesktop.systemd1.manage-units" &&
          action.lookup("unit") == "pull-update-apply.service" &&
          subject.user == "${username}") {
        return polkit.Result.YES;
      }
    });
  '';
  nixpkgs.config.allowUnfreePredicate =
    pkg:
    builtins.elem (lib.getName pkg) [
@@ -95,19 +138,69 @@
  # This prevents Steam from requesting reboots for "system updates"
  # Steam client updates will still work normally
  nixpkgs.overlays = [
-    (final: prev: {
+    (
      final: prev:
      let
        deploy-url = "https://nix-cache.sigkill.computer/deploy/yarn";
        steamos-update-script = final.writeShellScript "steamos-update" ''
          export PATH=${
            final.lib.makeBinPath [
              final.curl
              final.coreutils
              final.systemd
            ]
          }
          STORE_PATH=$(curl -sf --max-time 30 "${deploy-url}" || true)
          if [ -z "$STORE_PATH" ]; then
            >&2 echo "[steamos-update] server unreachable"
            exit 7
          fi
          CURRENT=$(readlink -f /nix/var/nix/profiles/system)
          if [ "$CURRENT" = "$STORE_PATH" ]; then
            >&2 echo "[steamos-update] no update available"
            exit 0
          fi
          # check-only mode: just report that an update exists
          if [ "''${1:-}" = "check" ] || [ "''${1:-}" = "--check-only" ]; then
            >&2 echo "[steamos-update] update available"
            exit 0
          fi
          # apply: trigger the root-running systemd service to install the update
          >&2 echo "[steamos-update] applying update..."
          if systemctl start --wait pull-update-apply.service; then
            >&2 echo "[steamos-update] update installed, reboot to apply"
            exit 0
          else
            >&2 echo "[steamos-update] apply failed; see 'journalctl -u pull-update-apply'"
            exit 1
          fi
        '';
      in
      {
        jovian-stubs = prev.stdenv.mkDerivation {
-        name = "jovian-stubs-no-update";
+          name = "jovian-stubs";
          dontUnpack = true;
          installPhase = ''
            mkdir -p $out/bin
            ln -s ${steamos-update-script} $out/bin/steamos-update
            ln -s ${steamos-update-script} $out/bin/steamos-mandatory-update
-          # steamos-update: always report "no update available" (exit 7)
+            # jupiter-initial-firmware-update: no-op (not a real steam deck)
-          # This disables the kernel mismatch check that triggers reboot prompts
+            cat > $out/bin/jupiter-initial-firmware-update << 'STUB'
          cat > $out/bin/steamos-update << 'STUB'
            #!/bin/sh
-          >&2 echo "[JOVIAN] $0: stub called with: $* (system updates disabled)"
+            exit 0
-          exit 7
+            STUB
            # jupiter-biosupdate: no-op (not a real steam deck)
            cat > $out/bin/jupiter-biosupdate << 'STUB'
            #!/bin/sh
            exit 0
            STUB
            # steamos-reboot: reboot the system
@@ -144,16 +237,24 @@
            exec /run/wrappers/bin/pkexec "$@"
            STUB
-          # sudo: pass through to doas
+            # sudo: strip flags and run the command directly (no escalation).
            # privileged ops are delegated to root systemd services via systemctl.
            cat > $out/bin/sudo << 'STUB'
            #!/bin/sh
-          exec /run/wrappers/bin/doas "$@"
+            while [ $# -gt 0 ]; do
              case "$1" in
                -*) shift ;;
                *) break ;;
              esac
            done
            exec "$@"
            STUB
-          chmod 755 $out/bin/*
+            find $out/bin -type f -exec chmod 755 {} +
          '';
        };
-    })
+      }
    )
  ];
  jovian = {
--- a/system/vr.nix
+++ b/system/vr.nix
@@ -14,10 +14,6 @@
    enable = true;
    openFirewall = true;
    # Write information to /etc/xdg/openxr/1/active_runtime.json, VR applications
    # will automatically read this and work with wivrn
    defaultRuntime = true;
    # Executing it through the systemd service executes WiVRn w/ CAP_SYS_NICE
    # Resulting in no stutters!
    autoStart = true;
Author	SHA1	Message	Date
Simon Gardling	e9a44f677d	update All checks were successful Build / build (push) Successful in 7m2s	2026-04-17 23:26:43 -04:00
Simon Gardling	0c881602e9	yarn: fix steamos update flow	2026-04-17 23:26:15 -04:00
Simon Gardling	7f375e8574	kernel: re-enable SND_PCI All checks were successful Build / build (push) Successful in 1h35m51s	2026-04-17 18:26:21 -04:00
Simon Gardling	577b5eeb77	update All checks were successful Build / build (push) Successful in 1h36m48s	2026-04-17 12:33:33 -04:00
Simon Gardling	91aba32afb	pi: update to claude opus 4.7 All checks were successful Build / build (push) Successful in 4m19s	2026-04-17 00:25:38 -04:00
Simon Gardling	29e71fb127	??!?!?!??! All checks were successful Build / build (push) Successful in 6m25s	2026-04-16 23:46:13 -04:00
Simon Gardling	ff94c3b027	steamos-update: exit 0 not 7 All checks were successful Build / build (push) Successful in 6m14s	2026-04-16 23:05:24 -04:00
Simon Gardling	0b457b83d3	fix build All checks were successful Build / build (push) Successful in 5m49s	2026-04-16 22:53:11 -04:00
Simon Gardling	c23240c529	yarn: move pull-update into steamos-update script Some checks failed Build / build (push) Failing after 1m25s	2026-04-16 22:28:49 -04:00
Simon Gardling	e40929018f	eww: remove All checks were successful Build / build (push) Successful in 1m13s	2026-04-16 18:02:02 -04:00
Simon Gardling	5997c886f6	pull-update: improvement All checks were successful Build / build (push) Successful in 3m0s	2026-04-16 17:43:35 -04:00
Simon Gardling	72d37f57ac	update All checks were successful Build / build (push) Successful in 12m59s	2026-04-16 16:31:49 -04:00
Simon Gardling	0718568bec	pull-update: forgot lib.getExe	2026-04-16 15:03:06 -04:00
Simon Gardling	982cc4aebc	pull-update: use `writeShellApplication` instead	2026-04-16 15:02:08 -04:00
Simon Gardling	d2d25bbdfe	omp: remove patch that didn't work	2026-04-16 14:52:51 -04:00
Simon Gardling	76cdd535c8	gitea workflow: remove notifications All checks were successful Build / build (push) Successful in 3m41s	2026-04-16 13:35:26 -04:00
Simon Gardling	0be90ace43	initrd: fix module loading Some checks failed Build / build (push) Failing after 4m55s	2026-04-16 13:04:22 -04:00
Simon Gardling	13f16fe775	update Some checks failed Build / build (push) Failing after 1h39m57s	2026-04-16 11:15:13 -04:00
Simon Gardling	20df895312	pull-update: update and reboot Some checks failed Build / build (push) Failing after 3m42s	2026-04-16 00:50:13 -04:00
Simon Gardling	4542a5002c	fix pull-update	2026-04-16 00:15:29 -04:00
Simon Gardling	d0d8d5b9d2	ci: prevent gc from deleting	2026-04-15 23:25:45 -04:00
Simon Gardling	21658b7bc0	update Some checks failed Build / build (push) Failing after 1h48m36s	2026-04-15 22:08:59 -04:00
Simon Gardling	56cda525cd	fix gitea workflow Some checks failed Build / build (push) Failing after 2m33s	2026-04-15 22:06:22 -04:00
Simon Gardling	194c66feb4	fix initrd build Some checks failed Build / build (push) Failing after 2m10s	2026-04-15 21:57:04 -04:00
Simon Gardling	7ab17f132e	kernel: compile for x86_64-v3 (common target) Some checks failed Build / build (push) Failing after 12s	2026-04-15 17:33:21 -04:00
Simon Gardling	da1bfbb778	update Some checks failed Build / build (push) Failing after 3h25m51s	2026-04-15 13:32:34 -04:00
Simon Gardling	ec42b906d6	update	2026-04-15 09:31:15 -04:00
Simon Gardling	b050ecc5bf	kernel: enable CHROME_PLATFORMS for framework laptop	2026-04-15 09:30:51 -04:00
Simon Gardling	d2032e517b	yarn: rely on server for updates Some checks failed Build / build (push) Failing after 12s	2026-04-14 20:56:35 -04:00
Simon Gardling	6254f98ca7	kernel: remove more more things	2026-04-14 20:56:24 -04:00
Simon Gardling	09fdd39b00	kernel: remove more things	2026-04-14 20:51:50 -04:00
Simon Gardling	d722329803	kernel: things Some checks failed Build and Deploy / deploy (push) Has been cancelled	2026-04-14 14:11:00 -04:00
Simon Gardling	5529c66e5f	kernel: fix? Some checks failed Build and Deploy / deploy (push) Has been cancelled	2026-04-14 13:44:11 -04:00
Simon Gardling	95af71b0d8	kernel: disable selecting modules Some checks failed Build and Deploy / deploy (push) Failing after 1m55s	2026-04-14 13:38:30 -04:00
Simon Gardling	711b55a042	kernel: fix gameport option Some checks failed Build and Deploy / deploy (push) Failing after 2m38s	2026-04-14 13:32:15 -04:00
Simon Gardling	928eb5ef0a	kernel: disable chromeos platforms Some checks failed Build and Deploy / deploy (push) Failing after 2m47s	2026-04-14 13:25:58 -04:00
Simon Gardling	502ae492a8	zen: fix private window search engine Some checks failed Build and Deploy / deploy (push) Has been cancelled	2026-04-14 13:25:08 -04:00
Simon Gardling	d5bfbf83be	kernel: strip out some things I won't use	2026-04-14 13:24:52 -04:00
Simon Gardling	abb762604d	cachyos kernel Some checks failed Build and Deploy / deploy (push) Failing after 2h24m5s	2026-04-13 22:58:29 -04:00
Simon Gardling	ca4e0d42b3	update Some checks failed Build and Deploy / deploy (push) Has been cancelled	2026-04-13 21:23:42 -04:00
Simon Gardling	c50e056e2a	update Some checks failed Build and Deploy / deploy (push) Failing after 11m22s	2026-04-12 22:15:34 -04:00
Simon Gardling	100f8d6328	update Some checks failed Build and Deploy / deploy (push) Failing after 20m54s	2026-04-11 10:27:17 -04:00
Simon Gardling	a13a7e8887	update Some checks failed Build and Deploy / deploy (push) Failing after 6m24s	2026-04-09 21:49:52 -04:00
Simon Gardling	0a7c24da4e	llm-agents.nix: change was upstreamed Some checks failed Build and Deploy / deploy (push) Failing after 13m45s	2026-04-08 18:12:21 -04:00
Simon Gardling	27096b17be	a	2026-04-08 18:11:37 -04:00
Simon Gardling	3627cb19c6	omp: add fix auth patch (to test) Some checks failed Build and Deploy / deploy (push) Failing after 12m21s	2026-04-08 13:08:30 -04:00
Simon Gardling	0f0429b4b2	llm-agents.nix: use fork that compiles omp from source	2026-04-08 13:04:30 -04:00
Simon Gardling	8485f07c8d	zen: add consumer-rights-wiki addon Some checks failed Build and Deploy / deploy (push) Failing after 3m20s	2026-04-07 23:46:50 -04:00
Simon Gardling	3cee862bd0	re-enable rtkit	2026-04-07 20:53:53 -04:00
Simon Gardling	325e2720ec	borg: remove signal and zen backups (handled by other means Some checks failed Build and Deploy / deploy (push) Failing after 4m2s	2026-04-07 14:31:09 -04:00
Simon Gardling	841195425d	README.md: remove old TODO Some checks failed Build and Deploy / deploy (push) Failing after 1h6m16s	2026-04-07 13:54:29 -04:00
Simon Gardling	269a0c4d27	update Some checks failed Build and Deploy / deploy (push) Failing after 4s	2026-04-07 13:45:43 -04:00
Simon Gardling	08486e25e6	gitea: also build laptop Some checks failed Build and Deploy / deploy (push) Failing after 2s	2026-04-06 14:38:21 -04:00
Simon Gardling	4c04e5b0a2	use my own nix cache Some checks failed Build and Deploy Desktop / deploy (push) Has been cancelled	2026-04-06 14:21:43 -04:00
Simon Gardling	7e571f4986	update Some checks failed Build and Deploy Desktop / deploy (push) Failing after 3s	2026-04-06 13:07:19 -04:00
Simon Gardling	4b73e237cb	pi: specify anthropic for models	2026-04-06 00:57:36 -04:00
Simon Gardling	f96e99ff4d	update Some checks failed Build and Deploy Desktop / deploy (push) Failing after 4s	2026-04-04 01:52:44 -04:00
Simon Gardling	d7dd05e028	remove claude-code and claude-code-bridge	2026-04-04 01:52:24 -04:00
Simon Gardling	5e9e6bcd40	pi: fix llama.cpp provider discovery with auth Some checks failed Build and Deploy Desktop / deploy (push) Failing after 4s Add api, authHeader, and discovery.type fields so omp can discover models via GET /v1/models with the Bearer token.	2026-04-02 18:14:09 -04:00
Simon Gardling	3e35fea183	pi: fix openrouter apiKey, add llama.cpp provider openrouter was broken: !cat + nix store path is not valid omp config. Use builtins.readFile to inline the key at eval time. Add self-hosted llama.cpp provider at llm.sigkill.computer with Bearer token auth.	2026-04-02 17:57:51 -04:00
Simon Gardling	9a3ac53c50	mreow: power stuff	2026-04-02 13:06:59 -04:00
Simon Gardling	84bb728633	update	2026-04-02 12:53:25 -04:00
Simon Gardling	3768e032ba	update	2026-04-02 00:07:24 -04:00
Simon Gardling	07a808271d	Move from opencode to oh-my-pi Some checks failed Build and Deploy Desktop / deploy (push) Failing after 4s	2026-04-01 14:33:44 -04:00
Simon Gardling	302bb599db	update Some checks failed Build and Deploy Desktop / deploy (push) Failing after 2s	2026-04-01 13:25:53 -04:00
Simon Gardling	f77f596222	opencode: move android stuff to android-ui skill	2026-03-31 18:44:08 -04:00
Simon Gardling	1f994ec56c	update Some checks failed Build and Deploy Desktop / deploy (push) Failing after 1h22m20s	2026-03-30 21:50:13 -04:00
Simon Gardling	ffb69b4cbc	ci: add deploy workflow and authorize CI key for yarn - add gitea actions workflow to build and deploy on push to main - authorize CI deploy key for root SSH on desktop - workflow unlocks git-crypt, builds yarn config, deploys if desktop reachable	2026-03-30 17:26:34 -04:00
Simon Gardling	3d60eb121f	update	2026-03-30 13:23:33 -04:00
Simon Gardling	6221e57cab	oh-my-opencode: stop crediting self	2026-03-30 01:50:09 -04:00
Simon Gardling	9ee77c8e3f	wivrn: remove defaultRuntime	2026-03-30 01:13:50 -04:00
Simon Gardling	bbb18cb18b	update	2026-03-29 23:44:35 -04:00
Simon Gardling	5cfb9141e5	update	2026-03-29 15:44:35 -04:00
Simon Gardling	6c7159f09b	Revert "timezone: EST -> PST" This reverts commit `e2dbe841c0`.	2026-03-28 07:11:33 -07:00
Simon Gardling	42de1a722f	update	2026-03-27 22:25:44 -07:00
Simon Gardling	852700fa99	opencode: opencode-claude-bridge update	2026-03-27 18:14:14 -07:00
Simon Gardling	9502abdb29	update	2026-03-27 10:57:27 -07:00
Simon Gardling	e77f28900c	linux kernel: fix 7.0 build	2026-03-26 19:53:06 -07:00
Simon Gardling	1c58f56f26	disable gtk4 themeing	2026-03-26 19:45:46 -07:00
Simon Gardling	8cad7aa618	linux kernel: 6.19.9 -> 7.0-rc4	2026-03-26 19:43:10 -07:00
Simon Gardling	44813681ab	update	2026-03-25 22:08:05 -07:00
Simon Gardling	603445c6ed	opencode: opencode-claude-bridge update	2026-03-24 22:24:37 -07:00
Simon Gardling	fcab26f20e	zen: add redirects to alternative front ends	2026-03-23 08:41:20 -07:00
Simon Gardling	c2720bcb11	.gitignore: add result	2026-03-22 21:09:25 -07:00
Simon Gardling	577d93fd8d	opencode: opencode-claude-auth -> opencode-claude-bridge	2026-03-22 21:09:09 -07:00
Simon Gardling	e2dbe841c0	timezone: EST -> PST	2026-03-22 16:30:12 -07:00
Simon Gardling	36dbe0fc9c	noctalia: use nixpkgs package	2026-03-22 13:02:21 -04:00
Simon Gardling	83fecc3a2a	amdgpu: disable cwsr to work around MES hangs/freezes	2026-03-22 01:55:11 -04:00
Simon Gardling	f65c1dd5c3	nix: enable weekly garbage collection of generations older than 30d	2026-03-22 01:55:05 -04:00
Simon Gardling	7e1b478aec	geoclue2: allow zen-twilight	2026-03-21 19:56:39 -04:00
Simon Gardling	e53e6f16d0	AGENTS.md: init	2026-03-21 19:43:35 -04:00
Simon Gardling	b5c7b15af3	update	2026-03-21 16:03:29 -04:00
Simon Gardling	45e5bf0d9e	doom: disable jit and fix slowness and stale indexing	2026-03-21 15:40:36 -04:00
Simon Gardling	9e741072e8	zen: disable more password manager stuff	2026-03-21 14:04:22 -04:00
Simon Gardling	a63fd81fdc	zen: disable password manager (I use bitwarden)	2026-03-21 13:58:32 -04:00
Simon Gardling	8d965f0314	zen: prevent sync from fighting!	2026-03-21 13:58:10 -04:00
Simon Gardling	e53cd2a74a	zen: dark-reader: disable sync	2026-03-21 13:45:21 -04:00
Simon Gardling	04496da4ba	zen: search: kagi + ddg	2026-03-21 13:40:03 -04:00
Simon Gardling	1fc00ab1a3	zen: overhaul configuration Declaratively configure plugin installation and configuration. Use my own self-hosted sync server.	2026-03-21 13:33:47 -04:00
Simon Gardling	543930921f	networking: fix in-flight wifi (dns) Fixes issue on in-flight wifi where I cannot access the login page. Turns out, `insertNameservers` goes before the delta wifi nameserver, this prevents `wifi.delta.com` from being resolved. So I need to use `appendNameservers` instead.	2026-03-21 12:13:06 -04:00
Simon Gardling	1c3a29dc5b	opencode: fix opencode-claude-auth	2026-03-21 07:06:02 -04:00
Simon Gardling	1a22fd9cdf	update	2026-03-20 14:42:16 -04:00
Simon Gardling	980a90ae04	opencode: fix anthropic again (use claude code creds)	2026-03-20 14:33:58 -04:00
Simon Gardling	1b810ada9d	update: opencode-anthropic-user-agent-plugin	2026-03-20 14:12:34 -04:00
Simon Gardling	b6aca41ff3	opencode: fix opencode plugins and anthropic	2026-03-19 23:40:51 -04:00
Simon Gardling	73059edec7	update	2026-03-19 09:31:58 -04:00
Simon Gardling	44e95981ed	update	2026-03-18 01:29:26 -04:00
Simon Gardling	c73cf3fd7c	update	2026-03-17 14:06:23 -04:00
Simon Gardling	40e759d8eb	update (including nixpkgs)	2026-03-16 15:07:29 -04:00
Simon Gardling	ef45e27ecc	update (except for nixpkgs) nixpkgs doesn't have a cache for nodejs-slim ??? so it tries to build on my machine, and I don't have enough ram I believe	2026-03-15 13:27:18 -04:00
Simon Gardling	525e5a9771	Revert "update" This reverts commit `d6e9511128`.	2026-03-15 13:26:43 -04:00
Simon Gardling	d6e9511128	update	2026-03-13 12:08:19 -04:00
Simon Gardling	5a830ceb32	back to claude	2026-03-12 12:50:27 -04:00
Simon Gardling	1e90496ccc	update	2026-03-12 10:48:30 -04:00
Simon Gardling	3f5019aa05	update	2026-03-12 01:12:58 -04:00
Simon Gardling	963e046a93	opencode: temp fix multimodal-looker	2026-03-11 20:26:05 -04:00
Simon Gardling	886ac5e91d	opencode: fix qwen3-vl-30b-a3b-thinking	2026-03-10 19:14:36 -04:00
Simon Gardling	1ee6356b57	add dig	2026-03-10 14:01:52 -04:00
		`@@ -1,3 +0,0 @@`
			`#!/usr/bin/env fish`

			`niri msg --json workspaces \| jq -r '.[] \| select(.is_focused == true) \| .["id"]'`
		`@@ -1,2 +0,0 @@`
			`#!/usr/bin/env sh`
			`wpctl inspect @DEFAULT_SINK@ \| grep -E "^ +\* node\.description" \| cut -d' ' -f6- \| tr -d '"'`