misc: initial commit

2024-12-28 19:33:49 -05:00 · 2024-12-28 19:33:49 -05:00 · 964b99b28d
commit 964b99b28d
32 changed files with 1675 additions and 0 deletions
--- a/dev-shell/default.nix
+++ b/dev-shell/default.nix
@ -0,0 +1,21 @@
+{...}: {
+  perSystem = {
+    pkgs,
+    inputs',
+    ...
+  }: {
+    devShells.default = pkgs.mkShell {
+      packages = with pkgs; [
+        just
+        alejandra
+        nixpkgs-fmt
+        nix-tree
+        nix-diff
+        nvd
+        nix-inspect
+        nix-du
+        nix-output-monitor
+      ];
+    };
+  };
+}
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,64 @@
+{
+  "nodes": {
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1735048446,
+        "narHash": "sha256-Tc35Y8H+krA6rZeOIczsaGAtobSSBPqR32AfNTeHDRc=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "3a4de9fa3a78ba7b7170dda6bd8b4cdab87c0b21",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
+    "nixos-facter-modules": {
+      "locked": {
+        "lastModified": 1734596637,
+        "narHash": "sha256-MRqwVAe3gsb88u4ME1UidmZFVCx+FEnoob0zkpO9DMY=",
+        "owner": "numtide",
+        "repo": "nixos-facter-modules",
+        "rev": "536472754982bf03079b4b4e0261838a760587c0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "nixos-facter-modules",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1735268880,
+        "narHash": "sha256-7QEFnKkzD13SPxs+UFR5bUFN2fRw+GlL0am72ZjNre4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "7cc0bff31a3a705d3ac4fdceb030a17239412210",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "disko": "disko",
+        "nixos-facter-modules": "nixos-facter-modules",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,33 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    flake-parts.url = "github:hercules-ci/flake-parts";
+
+    nixos-hardware.url = "github:NixOS/nixos-hardware";
+    disko.url = "github:nix-community/disko";
+    disko.inputs.nixpkgs.follows = "nixpkgs";
+    nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
+
+    home-manager.url = "github:nix-community/home-manager";
+    impermanence.url = "github:nix-community/impermanence";
+    nix-index-database = {
+      url = "github:nix-community/nix-index-database";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    ags.url = "github:Aylur/ags";
+    anyrun.url = "github:Kirottu/anyrun";
+    muse-sounds-manager = {
+      url = "github:thilobillerbeck/muse-sounds-manager-nix/06b0da28c54331d5af73efd2ebf264ce914e5936";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs = inputs @ {flake-parts, ...}:
+    flake-parts.lib.mkFlake {inherit inputs;} {
+      systems = ["x86_64-linux"];
+      imports = [
+        ./systems
+        ./dev-shell
+      ];
+    };
+}
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@ -0,0 +1,26 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp196s0f3u2u3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/home/apps.nix
+++ b/home/apps.nix
@ -0,0 +1,125 @@
+{
+  pkgs,
+  inputs,
+  ...
+}: {
+  imports = [
+    ./apps/firefox.nix
+    ./apps/syncthing.nix
+  ];
+
+  home.packages = [
+    pkgs.pavucontrol
+    pkgs.signal-desktop
+    pkgs.webcord # pkgs.webcord-vencord
+    pkgs.telegram-desktop
+    #pkgs.kdePackages.neochat
+    pkgs.keepassxc
+    #pkgs.blender-hip
+    pkgs.buku
+    pkgs.libreoffice
+    pkgs.darktable
+    pkgs.gimp
+    pkgs.inkscape
+    pkgs.krita
+    pkgs.okular
+    pkgs.localsend
+
+    pkgs.ffmpeg # Generally useful
+
+    # Music
+    #pkgs.feishin # sonixd replacement
+    pkgs.supersonic # Music player by Navidrome author
+    pkgs.sonixd # Music player; desktop app for Navidrome. Replace w/ Feishin when that supports Subsonic API.
+    pkgs.spotube # Use Spotify metadata & user to play from YouTube
+    pkgs.spotify # Proprietary
+    pkgs.strawberry-qt6 # Fork of Clementine
+    pkgs.clementine
+    pkgs.lollypop
+    # muffon https://muffon.netlify.app/
+    pkgs.picard # Edit audio metadata, w/ MusicBrainz integration
+    pkgs.puddletag # Edit audio metadata
+    pkgs.deadbeef-with-plugins
+    # pkgs.tauon
+    pkgs.audacious
+    # pkgs.asunder # Ripping
+    pkgs.cyanrip # Ripping
+    # pkgs.whipper # Ripping
+
+    #pkgs.anki # Dep python3.12-pyqt-6.7.0 doesn't build
+    pkgs.memento # Japanese
+
+    # Documents
+    pkgs.typst # TeX alternative
+    pkgs.tinymist # LSP for Typst
+
+    # Dev
+    pkgs.vscodium # Consider vscodium-fhs
+    #pkgs.jetbrains.rider
+    #pkgs.jetbrains.rust-rover
+    pkgs.helix
+    pkgs.zed-editor
+
+    # Internet
+    pkgs.fragments
+    pkgs.uget # Download manager
+    # From master because PR #290892 is merged but at the time of writing hasn't made it to unstable yet
+    # Need it to solve issue #263764
+    # https://github.com/NixOS/nixpkgs/issues/263764
+    # https://github.com/NixOS/nixpkgs/pull/290892
+    # https://github.com/NixOS/nixpkgs/commit/999e0cf59288584616a241c0d8bb7c3c3f1fb417
+    pkgs.obsidian
+    pkgs.obs-studio
+    pkgs.kdePackages.plasmatube
+    #pkgs.nyxt
+
+    pkgs.mpvScripts.uosc
+    pkgs.mpvScripts.sponsorblock
+
+    pkgs.musescore
+    # inputs.muse-sounds-manager.packages.${pkgs.system}.muse-sounds-manager
+    pkgs.helio-workstation # music editor
+    pkgs.lmms # DAW
+    pkgs.carla # VST host
+    pkgs.yabridge # Windows VST host
+    pkgs.yabridgectl
+    pkgs.surge-XT # VST
+  ];
+
+  programs.imv.enable = true;
+
+  programs.mangohud = {
+    enable = true;
+  };
+
+  programs.mpv.enable = true;
+
+  programs.thunderbird = {
+    enable = true;
+    profiles.default = {
+      isDefault = true;
+    };
+  };
+
+  programs.vscode = {
+    enable = true;
+    package = pkgs.vscodium;
+    enableUpdateCheck = false;
+    userSettings = {
+      "window.menuBarVisibility" = "toggle";
+      "rust-analyzer.server.path" = "rust-analyzer"; # look in env
+
+      # Library sources for rust-analyzer shall be read-only
+      "files.readonlyInclude" = {
+        "**/.cargo/registry/src/**/*.rs" = true;
+        "**/lib/rustlib/src/rust/library/**/*.rs" = true;
+      };
+    };
+    extensions = with pkgs.vscode-extensions; [
+      mkhl.direnv
+      jnoortheen.nix-ide
+    ];
+  };
+
+  programs.zathura.enable = true;
+}
--- a/home/apps/firefox.nix
+++ b/home/apps/firefox.nix
@ -0,0 +1,83 @@
+{
+  lib,
+  pkgs,
+  osConfig,
+  ...
+}: let
+  enablePlasma = osConfig.services.desktopManager.plasma6.enable;
+
+  extension = shortId: uuid: {
+    name = uuid;
+    value = {
+      install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
+      installation_mode = "force_installed";
+    };
+  };
+  oldExtensions = builtins.listToAttrs;
+
+  ext = shortId: {
+    install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
+    installation_mode = "force_installed";
+  };
+  exts = builtins.mapAttrs (_: ext);
+in {
+  programs.firefox = {
+    enable = true;
+    nativeMessagingHosts = [
+      pkgs.tridactyl-native
+    ];
+
+    policies.ExtensionSettings = lib.mkMerge [
+      (oldExtensions [
+        # languagetool?
+        #(extension "tree-style-tab" "treestyletab@piro.sakura.ne.jp")
+        (extension "sidebery" "{3c078156-979c-498b-8990-85f7987dd929}") # has no email id
+        (extension "kagi-search-for-firefox" "search@kagi.com")
+        (extension "ublock-origin" "uBlock0@raymondhill.net")
+        #(extension "umatrix" "uMatrix@raymondhill.net")
+        (extension "privacy-badger17" "jid1-MnnxcxisBPnSXQ@jetpack")
+        (extension "i-dont-care-about-cookies" "jid1-KKzOGWgsW3Ao4Q@jetpack")
+        # (extension "clearurls" "{74145f27-f039-47ce-a470-a662b129930a}") # has no email id
+        (extension "keepassxc-browser" "keepassxc-browser@keepassxc.org")
+        #(extension "bitwarden-password-manager" "{446900e4-71c2-419f-a6a7-df9c091e268b}")
+        #(extension "tabliss" "extension@tabliss.io")
+
+        # (extension "bukubrow" "bukubrow@samhh.com")
+        # (extension "multi-account-containers" "@testpilot-containers")
+        # (extension "rust-search-extension" "{04188724-64d3-497b-a4fd-7caffe6eab29}") # has no email id
+        # (extension "tridactyl-vim" "tridactyl.vim@cmcaine.co.uk")
+        # site-specific
+        # (extension "libredirect" "7esoorv3@alefvanoon.anonaddy.me")
+        (extension "toolkit-for-ynab" "{4F1FB113-D7D8-40AE-A5BA-9300EAEA0F51}") # has no email id
+        (extension "sponsorblock" "sponsorBlocker@ajay.app")
+        # (extension "steam-database" "firefox-extension@steamdb.info")
+      ])
+      # TODO: Can we get this from nixpkgs instead?
+      (lib.mkIf enablePlasma (exts {
+        "plasma-browser-integration@kde.org" = "plasma-integration";
+      }))
+    ];
+    # To add additional extensions, find it on addons.mozilla.org, find
+    # the short ID in the url (like https://addons.mozilla.org/en-US/firefox/addon/!SHORT_ID!/)
+    # Then, download the XPI by filling it in to the install_url template, unzip it,
+    # run `jq .browser_specific_settings.gecko.id manifest.json` or
+    # `jq .applications.gecko.id manifest.json` to get the UUID
+    # You don’t need to get the UUID from the xpi. You can install it then find the UUID in about:debugging#/runtime/this-firefox.
+
+    profiles.default = {
+      settings = {
+        "app.normandy.first_run" = false;
+        "app.shield.optoutstudies.enabled" = false;
+        "app.update.channel" = "default";
+        # "browser.link.open_newwindow" = true;
+        "browser.shell.checkDefaultBrowser" = true;
+        "browser.urlbar.showSearchSuggestionsFirst" = false;
+        "browser.vpn_promo.enabled" = false;
+        # "extensions.activeThemeID" = "firefox-alpenglow@mozilla.org";
+        # "extensions.extensions.activeThemeID" = "firefox-alpenglow@mozilla.org";
+        "extensions.pocket.enabled" = false;
+        "media.ffmpeg.vaapi.enabled" = true;
+      };
+    };
+  };
+}
--- a/home/apps/syncthing.nix
+++ b/home/apps/syncthing.nix
@ -0,0 +1,18 @@
+{
+  lib,
+  pkgs,
+  osConfig,
+  ...
+}: let
+  enablePlasma = osConfig.services.desktopManager.plasma6.enable;
+  enableGnome = osConfig.services.xserver.desktopManager.gnome.enable;
+in {
+  services.syncthing = {
+    enable = true;
+  };
+
+  home.packages = lib.mkMerge [
+    (lib.mkIf enablePlasma [pkgs.syncthingtray-qt6])
+    (lib.mkIf enableGnome [pkgs.gnomeExtensions.syncthing-indicator])
+  ];
+}
--- a/home/default.nix
+++ b/home/default.nix
@ -0,0 +1,103 @@
+{
+  config,
+  pkgs,
+  inputs,
+  osConfig,
+  ...
+}: let
+  variables = {
+    # VISUAL = "emacs";
+    EDITOR = "nvim";
+
+    SSH_ASKPASS_REQUIRE = "prefer";
+    SSH_ASKPASS = "${pkgs.ksshaskpass}/bin/ksshaskpass";
+  };
+in {
+  imports = [
+    ./xdg.nix
+    ./terminal.nix
+    ./desktop.nix
+    # ./emacs.nix
+    ./apps.nix
+  ];
+
+  home.sessionVariables = variables;
+  systemd.user.sessionVariables = variables;
+
+  fonts.fontconfig.enable = true;
+
+  xdg.enable = true;
+
+  home.packages = with pkgs; [
+    noto-fonts-cjk-sans
+    noto-fonts-cjk-serif
+    noto-fonts-color-emoji
+  ];
+
+  programs.git = {
+    enable = true;
+    delta = {
+      enable = true;
+      options = {
+        side-by-side = true;
+      };
+    };
+    # WISH: Figure out difftastic
+    # difftastic.enable = true;
+    # https://difftastic.wilfred.me.uk/git.html
+    # https://tsdh.org/posts/2022-08-01-difftastic-diffing-with-magit.html
+    userEmail = "git@evar.dev";
+    userName = "Evar";
+    extraConfig = {
+      init.defaultBranch = "main";
+
+      # Consider https://jvns.ca/blog/2024/02/16/popular-git-config-options/#pull-ff-only-or-pull-rebase-true
+
+      # Make merge conflicts more readable
+      merge.conflictstyle = "zdiff3";
+
+      rebase.autosquash = true;
+      rebase.autostash = true;
+
+      # Consider https://jvns.ca/blog/2024/02/16/popular-git-config-options/#push-default-simple-push-default-current-push-autosetupremote-true
+
+      # Add whole commit diff in text editor when writing commit message
+      #commit.verbose = true;
+
+      # Remember how merge conflicts were resolved to restore later
+      rerere.enabled = true;
+
+      # Better diffs
+      diff.algorithm = "histogram";
+
+      status.submoduleSummary = true;
+      diff.submodule = "log";
+      submodule.recurse = true;
+
+      merge.keepbackup = false;
+      #merge.tool = "${pkgs.meld}/bin/meld";
+    };
+  };
+
+  # programs.ssh
+  programs.ssh = {
+    enable = true;
+    addKeysToAgent = "1h";
+  };
+  services.ssh-agent.enable = true;
+
+  programs.yt-dlp.enable = true;
+
+  # This value determines the Home Manager release that your
+  # configuration is compatible with. This helps avoid breakage
+  # when a new Home Manager release introduces backwards
+  # incompatible changes.
+  #
+  # You can update Home Manager without changing this value. See
+  # the Home Manager release notes for a list of state version
+  # changes in each release.
+  home.stateVersion = "23.11";
+
+  # Let Home Manager install and manage itself.
+  #programs.home-manager.enable = true;
+}
--- a/home/desktop.nix
+++ b/home/desktop.nix
@ -0,0 +1,30 @@
+{
+  config,
+  options,
+  lib,
+  pkgs,
+  inputs,
+  osConfig,
+  ...
+}: {
+  imports = [
+    ./desktop/shared/wayland.nix
+    ./desktop/hyprland.nix
+    ./desktop/plasma.nix
+  ];
+
+  # my.desktop.hyprland.enable = true;
+  my.desktop.plasma.enable = true;
+
+  programs.foot = {
+    enable = true;
+    settings.main = {
+      shell = "fish";
+      font = "monospace:size=10";
+      app-id = "foot";
+      pad = "10x8 center";
+    };
+    settings.url.osc8-underline = "always";
+    settings.cursor.style = "beam";
+  };
+}
--- a/home/desktop/hyprland.nix
+++ b/home/desktop/hyprland.nix
@ -0,0 +1,172 @@
+{
+  config,
+  lib,
+  pkgs,
+  options,
+  inputs,
+  osConfig,
+  ...
+}: {
+  imports = [
+    inputs.ags.homeManagerModules.default
+    inputs.anyrun.homeManagerModules.default
+  ];
+
+  options.my.desktop.hyprland.enable = lib.mkEnableOption "my Hyprland based desktop environment";
+
+  config = lib.mkIf config.my.desktop.hyprland.enable {
+    my.desktop.wayland = true;
+
+    wayland.windowManager.hyprland = {
+      enable = true;
+      package = osConfig.programs.hyprland.package;
+      extraConfig = ''
+        source=${./hyprland}/hyprland.conf
+      '';
+      systemd.variables = options.wayland.windowManager.hyprland.systemd.variables.default ++ ["XDG_SESSION_TYPE"];
+    };
+
+    services.cliphist = {
+      enable = true;
+      systemdTarget = "hyprland-session.target"; # defaults to graphical-session.target
+    };
+
+    systemd.user.targets.hyprland-session.Unit.Wants = ["plasma-polkit-agent.service"];
+
+    programs.ags = {
+      enable = true;
+      configDir = ./ags;
+    };
+    systemd.user.services.ags = {
+      Unit.Description = "Aylur's Gtk Shell";
+      Unit.PartOf = ["hyprland-session.target"];
+      Install.WantedBy = ["hyprland-session.target"];
+      Service = let
+        app = pkgs.writeShellApplication {
+          name = "ags-wrapped";
+          runtimeInputs = [config.programs.ags.package pkgs.coreutils];
+          text = ''ags "$@"'';
+        };
+      in {
+        # Service = {
+        BusName = "com.github.Aylur.ags.ags";
+        # ExecStart = "${config.programs.ags.package}/bin/ags --config ${config.programs.ags.configDir}/config.js";
+        ExecStart = "${app}/bin/ags-wrapped --config ${config.programs.ags.configDir}/config.js";
+        OOMScoreAdjust = -500;
+      };
+      # TODO: reloadTriggers?
+      # restartTriggers = [ config.programs.ags.configDir ];
+    };
+
+    programs.anyrun = {
+      enable = true;
+      config.plugins = with inputs.anyrun.packages.${pkgs.stdenv.hostPlatform.system}; [
+        applications
+        dictionary
+        # kidex
+        randr
+        rink
+        shell
+        # stdin
+        symbols
+        # translate
+        # websearch
+      ];
+    };
+
+    programs.swaylock = {
+      enable = true;
+      settings = {
+        color = "808080";
+        font-size = 24;
+        indicator-idle-visible = false;
+        indicator-radius = 100;
+        line-color = "ffffff";
+        show-failed-attempts = true;
+      };
+    };
+
+    services.swayidle = let
+      swaylock = "${config.programs.swaylock.package}/bin/swaylock";
+      hyprctl = "${config.wayland.windowManager.hyprland.package}/bin/hyprctl";
+    in {
+      enable = true;
+      systemdTarget = "hyprland-session.target"; # defaults to graphical-session.target
+      extraArgs = [
+        "-w" # Wait for command to finish executing before continuing
+        "idlehint"
+        "300"
+      ];
+      events = [
+        {
+          event = "before-sleep";
+          command = "${swaylock} -f";
+        }
+        # after-resume
+        {
+          event = "lock";
+          command = "${swaylock} -f";
+        }
+        {
+          event = "unlock";
+          command = "kill -s USR1 swaylock";
+        }
+      ];
+      timeouts = [
+        {
+          timeout = 300;
+          command = "${swaylock} -f";
+        } # 300
+        {
+          timeout = 600;
+          command = "${hyprctl} dispatch dpms off";
+          resumeCommand = "${hyprctl} dispatch dpms on";
+        }
+        # { timeout = 900; command = "${pkgs.systemd}/bin/systemctl suspend"; }
+      ];
+    };
+    # TDOD: replace with ags
+    services.swayosd.enable = true;
+
+    services.udiskie.enable = osConfig.services.udisks2.enable;
+
+    systemd.user.services.swww = {
+      Unit.Description = "Animated wallpaper daemon for wayland";
+      Unit.Documentation = ["man:swww(1)"];
+      Unit.PartOf = ["hyprland-session.target"];
+      Install.WantedBy = ["hyprland-session.target"];
+      # Service.ExecStart = "${pkgs.swww}/bin/swww init --no-daemon";
+      Service.ExecStart = let
+        app = pkgs.writeShellApplication {
+          name = "swww-wrapped";
+          runtimeInputs = [pkgs.swww];
+          text = ''
+            swww init --no-daemon
+          '';
+        };
+      in "${app}/bin/swww-wrapped";
+    };
+
+    systemd.user.services.wayvnc = {
+      Unit.Description = "Wayland VNC server";
+      Unit.PartOf = ["graphical-session.target"];
+      Service.ExecStart = "${pkgs.wayvnc}/bin/wayvnc";
+    };
+
+    # Not sure if this should be per desktop
+    services.mpris-proxy.enable = true;
+
+    programs.foot.settings.colors.alpha = 0.6;
+
+    home.packages = [
+      pkgs.swww
+      pkgs.wofi
+      pkgs.polkit-kde-agent
+      pkgs.libsForQt5.qtwayland
+      pkgs.qt6Packages.qtwayland
+      pkgs.grimblast # screenshots on hyprland
+      pkgs.gnome.gnome-system-monitor
+      pkgs.gnome.nautilus
+    ];
+  };
+}
--- a/home/desktop/plasma.nix
+++ b/home/desktop/plasma.nix
@ -0,0 +1,28 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  polonium = pkgs.callPackage ../../pkgs/polonium.nix {};
+in {
+  options.my.desktop.plasma.enable = lib.mkEnableOption "my Plasma based desktop environment";
+
+  config = lib.mkIf config.my.desktop.plasma.enable {
+    my.desktop.wayland = true;
+
+    home.packages = [
+      polonium
+    ];
+
+    programs.firefox.policies.ExtensionSettings = let
+      extension = shortId: {
+        install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
+        installation_mode = "force_installed";
+      };
+    in
+      builtins.mapAttrs (_: extension) {
+        "plasma-browser-integration@kde.org" = "plasma-integration";
+      };
+  };
+}
--- a/home/desktop/shared/wayland.nix
+++ b/home/desktop/shared/wayland.nix
@ -0,0 +1,18 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  variables = {
+    NIXOS_OZONE_WL = "1";
+    STEAM_FORCE_DESKTOPUI_SCALING = "1.5";
+  };
+in {
+  options.my.desktop.wayland = lib.mkEnableOption "my Wayland options";
+
+  config = lib.mkIf config.my.desktop.wayland {
+    home.sessionVariables = variables;
+    systemd.user.sessionVariables = variables;
+  };
+}
--- a/home/terminal.nix
+++ b/home/terminal.nix
@ -0,0 +1,119 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: {
+  imports = [
+    inputs.nix-index-database.hmModules.nix-index
+  ];
+
+  home.packages = [
+    pkgs.file
+    pkgs.pciutils # lspci
+    pkgs.usbutils # lsusb
+
+    pkgs.bottom
+    pkgs.htop
+    pkgs.lsof
+    pkgs.lm_sensors
+    pkgs.amdgpu_top
+    #pkgs.rocmPackages.rocm-smi
+    pkgs.ryzenadj
+    pkgs.powertop
+    pkgs.procs
+
+    pkgs.sshfs
+
+    pkgs.fd
+    pkgs.libqalculate
+    # pkgs.havn # port scanner
+    pkgs.gdu # count code
+    pkgs.tokei # count code
+    pkgs.ov # pager
+    pkgs.zoxide # cd
+    pkgs.dua
+
+    pkgs.unzip
+    pkgs.unrar-wrapper
+    pkgs.p7zip
+    pkgs.atool
+
+    pkgs.fastfetch
+    pkgs.hyfetch
+
+    pkgs.helix # `hx` editor
+    pkgs.jujutsu # `jj` vcs
+  ];
+
+  programs.atuin = {
+    enable = true;
+    settings.update_check = false;
+    settings.enter_accept = true;
+  };
+
+  programs.autojump.enable = true;
+
+  programs.bat.enable = true;
+
+  # maybe move boxxy here?
+
+  programs.broot.enable = true;
+
+  programs.direnv = {
+    enable = true;
+    nix-direnv.enable = true;
+    # Externally located cache
+    stdlib = ''
+      declare -A direnv_layout_dirs
+      direnv_layout_dir() {
+          local hash path
+          echo "''${direnv_layout_dirs[$PWD]:=$(
+              hash="$(sha1sum - <<< "$PWD" | head -c40)"
+              path="''${PWD//[^a-zA-Z0-9]/-}"
+              echo "${config.xdg.cacheHome}/direnv/layouts/''${hash}''${path}"
+          )}"
+      }
+    '';
+  };
+
+  programs.eza = {
+    enable = true;
+    git = true;
+    icons = "auto";
+  };
+
+  programs.fish = {
+    enable = true;
+    functions = {
+      #__fish_command_not_found_handler = {
+      #  body = "__fish_default_command_not_found_handler $argv[1]";
+      #  onEvent = "fish_command_not_found";
+      #};
+    };
+    shellInit = "set fish_greeting";
+  };
+
+  # maybe move git here?
+
+  programs.jq.enable = true;
+
+  programs.nix-index.enable = true;
+  programs.nix-index-database.comma.enable = true;
+
+  programs.ripgrep.enable = true;
+
+  programs.skim.enable = true;
+
+  programs.starship = {
+    enable = true;
+    enableTransience = true;
+    settings.nix_shell.format = "❄️️";
+  };
+
+  # programs.yazi = {
+  #   enable = true;
+  #   settings.preview.cache_dir = "${config.xdg.cacheHome}/thumbnails/yazi";
+  # };
+}
--- a/home/xdg.nix
+++ b/home/xdg.nix
@ -0,0 +1,31 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (config.xdg) stateHome dataHome configHome cacheHome;
+  variables = {
+    # Bash (.bash_history)
+    HISTFILE = "${stateHome}/bash/history";
+
+    # Rust (.cargo)
+    CARGO_HOME = "${dataHome}/cargo";
+    RUSTUP_HOME = "${dataHome}/rustup";
+
+    # GTK2 (.gtkrc-2.0)
+    GTK2_RC_FILES = "${configHome}/gtk-2.0/gtkrc";
+
+    # XCompose (.compose-cache)
+    XCOMPOSECACHE = "${cacheHome}/X11/xcompose";
+
+    # NuGet (.nuget/packages)
+    NUGET_PACKAGES = "${dataHome}/NuGetPackages";
+  };
+in {
+  home.sessionVariables = variables;
+  systemd.user.sessionVariables = variables;
+
+  # Run `xdg-ninja` to check fixable dotfiles
+  home.packages = [pkgs.xdg-ninja];
+}
--- a/nixos/audio/pipewire-low-latency.nix
+++ b/nixos/audio/pipewire-low-latency.nix
@ -0,0 +1,37 @@
+{config, ...}: {
+  assertions = [
+    {
+      assertion = config.services.pipewire.enable;
+      message = "PipeWire must be enabled for low-latency PipeWire";
+    }
+  ];
+
+  services.pipewire.extraConfig = {
+    pipewire."92-low-latency" = {
+      context.properties = {
+        default.clock.rate = 48000;
+        default.clock.quantum = 32;
+        default.clock.min-quantum = 32;
+        default.clock.max-quantum = 32;
+      };
+    };
+    pipewire-pulse."92-low-latency" = {
+      context.modules = [
+        {
+          name = "libpipewire-module-protocol-pulse";
+          args = {
+            pulse.min.req = "32/48000";
+            pulse.default.req = "32/48000";
+            pulse.max.req = "32/48000";
+            pulse.min.quantum = "32/48000";
+            pulse.max.quantum = "32/48000";
+          };
+        }
+      ];
+      stream.properties = {
+        node.latency = "32/48000";
+        resample.quality = 1;
+      };
+    };
+  };
+}
--- a/nixos/audio/pipewire.nix
+++ b/nixos/audio/pipewire.nix
@ -0,0 +1,17 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa = {
+      enable = true;
+      support32Bit = true;
+    };
+    pulse.enable = true;
+    jack.enable = true;
+  };
+}
--- a/nixos/common/flake-support.nix
+++ b/nixos/common/flake-support.nix
@ -0,0 +1,52 @@
+# Configuration for any flake-based NixOS system
+# Try our darndest to get nixpkgs into path & registry properly
+#
+# Maybe write a blog post about it?
+#
+# In theory NixOS 24.05 does this for us?
+# > On flake-based NixOS configurations using nixpkgs.lib.nixosSystem, NixOS will automatically set NIX_PATH and the system-wide flake registry (/etc/nix/registry.json) to point <nixpkgs> and the unqualified flake path nixpkgs to the version of nixpkgs used to build the system.
+# > This makes nix run nixpkgs#hello and nix-build '<nixpkgs>' -A hello work out of the box with no added configuration, reusing dependencies already on the system.
+# > This may be undesirable if nix commands are not going to be run on the built system since it adds nixpkgs to the system closure. For such closure-size-constrained non-interactive systems, this setting should be disabled.
+# > To disable this, set nixpkgs.flake.setNixPath and nixpkgs.flake.setFlakeRegistry to false.
+# https://nixos.org/manual/nixos/unstable/release-notes#sec-release-24.05-highlights
+#
+# Some reading:
+# https://nixos-and-flakes.thiscute.world/best-practices/nix-path-and-flake-registry#custom-nix-path-and-flake-registry-1
+# https://github.com/NixOS/nix/issues/9574
+#
+# https://discourse.nixos.org/t/questions-on-using-nixos-desktop-with-flakes/16285/5
+#
+# I think there are two separate problems.
+#
+# # Getting lookup paths (like <nixpkgs>) to resolve
+#
+# This comment mentions how they work:
+# https://discourse.nixos.org/t/nix-path-is-not-recognized/38404/6
+#
+# # Getting `indirect` flake refs (like "nixpkgs") to resolve
+# · indirect: Indirections through the flake registry. These have the form
+#
+#     | [flake:]<flake-id>(/<rev-or-ref>(/rev)?)?
+#
+#   These perform a lookup of <flake-id> in the flake registry. For example, nixpkgs and nixpkgs/release-20.09 are indirect flake references. The specified rev and/or ref are merged with the entry in
+#   the registry; see nix registry for details.
+{
+  inputs,
+  lib,
+  ...
+}: let
+  inherit (inputs) nixpkgs;
+in {
+  # Enable flake features
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.channel.enable = false; # remove nix-channel related tools & configs, we use flakes instead.
+
+  programs.command-not-found.enable = false; # Doesn't work well past channels
+
+  nix.registry.nixpkgs.flake = nixpkgs;
+  # but NIX_PATH is still used by many useful tools, so we set it to the same value as the one used by this flake.
+  # Make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
+  environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
+  # https://github.com/NixOS/nix/issues/9574
+  nix.settings.nix-path = lib.mkForce "nixpkgs=/etc/nix/inputs/nixpkgs";
+}
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -0,0 +1,167 @@
+{
+  config,
+  options,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}:
+{
+    imports = [ 
+      inputs.disko.nixosModules.disko
+      
+      ./device.nix
+      ./disk-config.nix
+      ./hardware-configuration.nix
+      ./audio/pipewire.nix
+      ./impermanence.nix
+      ./nix-maintenance.nix
+      # ./hardening.nix
+
+      ./desktop/plasma
+      ./tailscale.nix
+
+      ./users.nix
+      ./user-system-config.nix
+    ];
+
+  # Allows referring to this flake by the shorthand `nixos-config`, which lets you do e.g.
+  # nix repl nixos-config 
+  nix.registry.nixos-config.to = {
+    type = "git";
+    url = "file://${config.users.users.evar.home}/dev/nix/config";
+  };
+
+  # In order to catch all logs, we need to mount this early enough in the boot process.
+  fileSystems."/var/log".neededForBoot = true;
+  
+  zramSwap = {
+    enable = true;
+    memoryPercent = 25;
+  };
+
+  # This is not ideal for a laptop.
+  # For solution watch https://github.com/nix-community/impermanence/issues/153
+  time.timeZone = "America/New_York";
+
+  nix.settings = {
+    # unclutters home folder
+    use-xdg-base-directories = true;
+
+    # adding a community binary cache
+    substituters = [
+      "https://nix-community.cachix.org"
+    ];
+    trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+    ];
+  };
+
+  nixpkgs.config.allowUnfreePredicate = pkg:
+    builtins.elem (lib.getName pkg)
+    [
+      "steam"
+      # "steam-original"
+      # "steam-run"
+      "steam-unwrapped"
+      "obsidian"
+      "rider"
+      "rust-rover"
+      "spotify"
+    ];
+
+  # basically agrees to some license stuff
+  hardware.enableRedistributableFirmware = true;
+
+  ### Boot
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.initrd.systemd.enable = true;
+
+  ### Session management
+
+  services.displayManager.autoLogin = {
+    # only if there's any encripted disks
+    enable = config.boot.initrd.luks.devices != {};
+    user = "evar";
+  };
+
+  ### Networking
+
+  networking.networkmanager = {
+    enable = true;
+    # Per https://kokada.dev/blog/an-unordered-list-of-hidden-gems-inside-nixos/
+    # May improve reliability
+    wifi.backend = "iwd";
+  };
+  services.openssh.enable = true;
+
+  ### System software
+
+  environment.systemPackages = [
+    pkgs.git
+    pkgs.gdu
+
+    pkgs.exfatprogs # for mkfs.exfat
+    pkgs.parted # for partprobe
+
+    pkgs.gparted
+
+    # For thinkorswim
+    # TODO: Should be elsewhere
+    pkgs.distrobox
+  ];
+
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = true;
+  };
+
+  programs.adb.enable = true;
+
+  # Miscellaneous
+
+  # helps some things access battery info
+  services.upower.enable = true;
+  # dynamic mounting of connected devices
+  services.udisks2.enable = true;
+  services.printing.enable = true;
+  # service discovery, hostname lookups, etc.
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+    openFirewall = true;
+  };
+  # For the music server
+  networking.firewall.allowedUDPPorts = [
+    # DLNA discovery (SSDP)
+    1900
+  ];
+
+  hardware.bluetooth = {
+    powerOnBoot = true;
+    settings.General.Experimental = "true";
+  };
+  # allows connecting to virtualized directories
+  services.gvfs.enable = true;
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "23.11"; # Did you read the comment?
+}
--- a/nixos/desktop/gnome/default.nix
+++ b/nixos/desktop/gnome/default.nix
@ -0,0 +1,45 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: {
+  services.xserver.enable = true;
+  # services.xserver.displayManager.defaultSession = "gnome";
+  # https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
+  systemd.services."getty@tty1".enable = false;
+  systemd.services."autovt@tty1".enable = false;
+  services.xserver.displayManager.gdm.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
+  hardware.pulseaudio.enable = false;
+  # xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
+  environment.systemPackages = [
+    pkgs.gnomeExtensions.appindicator
+    pkgs.gnomeExtensions.dash-to-dock
+    pkgs.gnomeExtensions.dash-to-panel
+    pkgs.mission-center
+    pkgs.gnome.nautilus
+  ];
+  environment.gnome.excludePackages = [
+    pkgs.gnome-tour
+    pkgs.gnome.cheese # Camera
+    pkgs.gnome.gnome-system-monitor
+    #pkgs.gnome.gnome-music
+    pkgs.gnome.gnome-terminal # Console
+    pkgs.gnome.gnome-contacts
+    pkgs.gedit # Text Editor
+    pkgs.gnome.epiphany # Web
+    pkgs.gnome.geary
+    pkgs.gnome.totem # Videos
+  ];
+  services.udev.packages = [
+    pkgs.gnome.gnome-settings-daemon
+  ];
+
+  services.xserver.desktopManager.gnome.extraGSettingsOverrides = ''
+    [org.gnome.mutter]
+    experimental-features=['scale-monitor-framebuffer']
+  '';
+  services.xserver.desktopManager.gnome.extraGSettingsOverridePackages = [pkgs.gnome.mutter];
+}
--- a/nixos/desktop/hypr/default.nix
+++ b/nixos/desktop/hypr/default.nix
@ -0,0 +1,35 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: {
+  nix.settings = {
+    builders-use-substitutes = true; # unknown, suggested by anyrun
+    substituters = [
+      "https://hyprland.cachix.org"
+      "https://anyrun.cachix.org"
+    ];
+    trusted-public-keys = [
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+      "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
+    ];
+  };
+
+  services.xserver.enable = true;
+  services.xserver.displayManager.defaultSession = "hyprland";
+  # https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
+  systemd.services."getty@tty1".enable = false;
+  systemd.services."autovt@tty1".enable = false;
+  services.xserver.displayManager.gdm.enable = true;
+  security.pam.services.swaylock = {};
+
+  programs.hyprland = {
+    enable = true;
+  };
+
+  xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
+
+  services.blueman.enable = true;
+}
--- a/nixos/desktop/plasma/default.nix
+++ b/nixos/desktop/plasma/default.nix
@ -0,0 +1,20 @@
+{config, lib, pkgs, ...}:
+let
+  autologin = config.services.displayManager.autoLogin.enable;
+in
+{
+  services.displayManager.sddm.enable = true;
+  services.displayManager.sddm.wayland.enable = true;
+  services.desktopManager.plasma6.enable = true;
+
+  programs.dconf.enable = true;
+
+  # The user is expected to have Emacs instead
+  environment.plasma6.excludePackages = with pkgs.kdePackages; [
+    elisa
+  ];
+
+  # https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-2495681146
+  systemd.services."getty@tty1".enable = lib.mkIf autologin false;
+  systemd.services."autovt@tty1".enable = lib.mkIf autologin false;
+}
--- a/nixos/device.nix
+++ b/nixos/device.nix
@ -0,0 +1,62 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: {
+  imports = [
+    inputs.nixos-hardware.nixosModules.framework-16-7040-amd
+  ];
+
+  # Set the Wireless Regulatory Domain
+  # https://github.com/NixOS/nixpkgs/issues/25378
+  boot.extraModprobeConfig = ''
+    options cfg80211 ieee80211_regdom="US"
+  '';
+
+  services.fwupd.enable = true;
+
+  hardware.bluetooth.enable = true;
+
+  boot.kernelPackages =
+    lib.mkIf
+    (lib.versionOlder pkgs.linux.version "6.9")
+    pkgs.linuxPackages_latest;
+
+  # Not needed on NixOS 24.05+
+  # Disable pcr for linux kernel testing 6.9-rc4+
+  # Per https://community.frame.work/t/tracking-framework-16-linux-6-9-0-rc4-rc5-extreme-screen-flickering-anyone-else/49467/44
+  boot.kernelParams = let
+    affectedVersions = ["6.9-rc4" "6.9-rc5" "6.9-rc6"];
+    version = config.boot.kernelPackages.kernel.version;
+    affected = builtins.elem version affectedVersions;
+  in
+    lib.mkIf affected ["amdgpu.dcdebugmask=0x400"];
+
+  environment.systemPackages = lib.mkMerge [
+    (with pkgs; [
+      fw-ectool
+      framework-tool
+    ])
+    # Show EasyEffects status in GNOME
+    (lib.mkIf config.services.xserver.desktopManager.gnome.enable [
+      pkgs.gnomeExtensions.easyeffects-preset-selector
+    ])
+  ];
+
+  # The FWL benefits from modifying its speakers
+  home-manager.sharedModules = [
+    {
+      services.easyeffects.enable = true;
+    }
+  ];
+  # EasyEffects needs this
+  programs.dconf.enable = true;
+
+  # RGB LED Matrix
+  services.hardware.openrgb = {
+    enable = true;
+    package = pkgs.openrgb-with-all-plugins;
+  };
+}
--- a/nixos/disk-config.nix
+++ b/nixos/disk-config.nix
@ -0,0 +1,69 @@
+{
+  # checkout the example folder for how to configure different disko layouts
+  disko.devices = {
+    disk.fw16-2280 = {
+      device = "/dev/disk/by-path/pci-0000:05:00.0-nvme-1";
+      content = {
+        type = "gpt";
+        partitions = {
+          esp = {
+            size = "2G";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+              mountOptions = ["noatime" "fmask=0077" "dmask=0077"];
+            };
+          };
+          cryptall = {
+            size = "100%";
+            content = {
+              type = "luks";
+              name = "all";
+              settings = {
+                # allowDiscards = true;
+                # keyFile = "/tmp/secret.key";
+              };
+              content = {
+                type = "btrfs";
+                extraArgs = ["-f"];
+                subvolumes = {
+                  # System state which should be persistent across reboots and possibly backed up.
+                  "/@nixos-persist" = {
+                    mountpoint = "/persist";
+                    mountOptions = ["noatime" "compress=zstd"];
+                  };
+                  # I’m not so interested in backing up logs but I want them to be preserved across reboots,
+                  # so I’m dedicating a subvolume to logs rather than using the persist subvolume.
+                  "/@nixos-varlog" = {
+                    mountpoint = "/var/log";
+                    mountOptions = ["noatime" "compress=zstd"];
+                  };
+                  # Needs to be persistent but is not worth backing up, as it’s trivial to reconstruct.
+                  "/@nixos-nix" = {
+                    mountpoint = "/nix";
+                    mountOptions = ["noatime" "compress=zstd"];
+                  };
+
+                  "/@data" = {
+                    mountpoint = "/data";
+                    mountOptions = ["noatime" "compress=zstd"];
+                  };
+                  "/@home-evar" = {
+                    mountpoint = "/home/evar";
+                    mountOptions = ["noatime" "compress=zstd"];
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+    nodev."/" = {
+      fsType = "tmpfs";
+      mountOptions = ["size=25%" "mode=755"];
+    };
+  };
+}
--- a/nixos/hardening.nix
+++ b/nixos/hardening.nix
@ -0,0 +1,23 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  nix.settings.allowed-users = ["@wheel"];
+  security.sudo.execWheelOnly = true;
+  services.openssh = {
+    allowSFTP = false;
+    settings = {
+      ChallengeResponseAuthentication = false;
+      PasswordAuthentication = false;
+    };
+    extraConfig = ''
+      AllowTcpForwarding yes
+      X11Forwarding no
+      AllowAgentForwarding no
+      AllowStreamLocalForwarding no
+      AuthenticationMethods publickey
+    '';
+  };
+}
--- a/nixos/hardware-configuration.nix
+++ b/nixos/hardware-configuration.nix
@ -0,0 +1,26 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp196s0f3u2u3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/nixos/impermanence.nix
+++ b/nixos/impermanence.nix
@ -0,0 +1,52 @@
+{
+  inputs,
+  options,
+  ...
+}: {
+  imports = [inputs.impermanence.nixosModules.impermanence];
+
+  # There are bind mounts into here that are important for boot.
+  fileSystems."/persist".neededForBoot = true;
+
+  environment.persistence."/persist" = {
+    hideMounts = true;
+    directories = [
+      "/var/lib/nixos"
+      "/var/lib/bluetooth"
+      "/var/lib/fprint"
+      "/var/lib/upower"
+      "/var/lib/tailscale"
+      "/var/lib/systemd/coredump"
+      "/etc/NetworkManager/system-connections"
+      "/var/lib/iwd" # Known networks and keys
+      {
+        directory = "/var/lib/colord";
+        user = "colord";
+        group = "colord";
+        mode = "u=rwx,g=rx,o=";
+      }
+      # TODO: cups?
+    ];
+    files = [
+      "/etc/machine-id"
+      #{ file = "/var/keys/secret_file"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
+      "/var/lib/NetworkManager/secret_key"
+      "/var/lib/NetworkManager/seen-bssids"
+      "/var/lib/NetworkManager/timestamps"
+    ];
+  };
+
+  # /etc/{passwd,shadow} are not persisted
+  users.mutableUsers = false;
+
+  # Some report issues with impermanence file config for host keys, so just change their location
+  services.openssh.hostKeys =
+    builtins.map
+    (x: x // {path = "/persist" + x.path;})
+    options.services.openssh.hostKeys.default;
+
+  # sudo lecture db is not persisted, turn it off
+  security.sudo.extraConfig = ''
+    Defaults lecture = never
+  '';
+}
--- a/nixos/nix-maintenance.nix
+++ b/nixos/nix-maintenance.nix
@ -0,0 +1,14 @@
+{
+  nix = {
+    settings.auto-optimise-store = true;
+    optimise = {
+      automatic = true;
+      dates = ["weekly"];
+    };
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 14d";
+    };
+  };
+}
--- a/nixos/tailscale.nix
+++ b/nixos/tailscale.nix
@ -0,0 +1,14 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  services.tailscale = {
+    enable = true;
+    openFirewall = true;
+  };
+
+  # Implicitly trust packets routed over Tailscale
+  networking.firewall.trustedInterfaces = [config.services.tailscale.interfaceName];
+}
--- a/nixos/user-system-config.nix
+++ b/nixos/user-system-config.nix
@ -0,0 +1,54 @@
+# Configuration that really wants to be per-user,
+# but can't be defined from Home Manager.
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  networking.firewall = lib.mkMerge [
+    # User-mode Syncthing
+    {
+      allowedTCPPorts = [22000];
+      allowedUDPPorts = [21027 22000];
+    }
+
+    # LocalSend
+    {allowedTCPPorts = [53317];}
+  ];
+
+  environment.systemPackages = lib.mkMerge [
+    [pkgs.ryujinx]
+    [
+      (pkgs.lutris.override {
+        extraLibraries = pkgs: [
+          pkgs.libvdpau
+          pkgs.openal
+          pkgs.speex
+          pkgs.libgudev
+        ];
+      })
+      pkgs.wineWowPackages.waylandFull
+    ]
+    # For gamemode status in GNOME
+    (lib.mkIf (config.services.xserver.desktopManager.gnome.enable) [
+      pkgs.gnomeExtensions.gamemode-indicator-in-system-settings
+    ])
+  ];
+
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true;
+    gamescopeSession.enable = true;
+  };
+  programs.gamemode = {
+    enable = true;
+    enableRenice = true;
+    settings = {
+      general = {
+        softrealtime = "auto";
+        renice = 10;
+      };
+    };
+  };
+}
--- a/nixos/users.nix
+++ b/nixos/users.nix
@ -0,0 +1,44 @@
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [inputs.home-manager.nixosModules.home-manager];
+
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    extraSpecialArgs = {inherit inputs;};
+  };
+
+  # TODO: Remove
+  # Allow root login with same password as primary user
+  users.users.root.hashedPasswordFile = let
+    primaryUser = "evar";
+  in
+    config.users.users.${primaryUser}.hashedPasswordFile;
+
+  users.users.evar = {
+    hashedPassword = "$y$j9T$4TYc8brm3.oJUbkktbbEq/$cTlZRmAVxb2GtttEXSoSGw9y.qm.vUs/yXgwLjlTk46";
+    uid = 1000;
+    isNormalUser = true;
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+      "video"
+      "input"
+      "audio"
+      "adbusers"
+      "uucp"
+      "dialout"
+    ];
+    # openssh.authorizedKeys.keys = [
+    #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINhBR2Kg0VR1+p9jNYmuaaGXTMjHwQSbvmzIjwhOOmNG emily@intras 2022-10-26"
+    # ];
+  };
+  home-manager.users.evar = {
+    imports = [../home];
+  };
+}
--- a/pkgs/polonium.nix
+++ b/pkgs/polonium.nix
@ -0,0 +1,60 @@
+# TODO: replace with nixpkgs version when it has one
+{
+  lib,
+  fetchFromGitHub,
+  buildNpmPackage,
+  plasma5Packages ? null,
+  kdePackages ? null,
+}:
+# how to update:
+# 1. check out the tag for the version in question
+# 2. run `prefetch-npm-deps package-lock.json`
+# 3. update npmDepsHash with the output of the previous step
+let
+  inherit (kdePackages) qtbase;
+in
+  buildNpmPackage {
+    name = "polonium-git";
+    pname = "polonium";
+
+    src = fetchFromGitHub {
+      owner = "zeroxoneafour";
+      repo = "polonium";
+      rev = "83084c9f2bf44a22966c0534726498975183830e";
+      hash = "sha256-kZMq4m4nACRelqgKsZVkmV9qqFw7dcMZHQF9dhdxCbQ=";
+    };
+
+    npmDepsHash = "sha256-kaT3Uyq+/JkmebakG9xQuR4Kjo7vk6BzI1/LffOj/eo=";
+
+    # the installer does a bunch of stuff that fails in our sandbox, so just build here and then we
+    # manually do the install
+    postPatch = ''
+      substituteInPlace Makefile \
+        --replace-fail "build install cleanall" "res src"
+    '';
+
+    nativeBuildInputs = [
+      kdePackages.kpackage
+    ];
+
+    dontNpmBuild = true;
+
+    dontWrapQtApps = true;
+
+    installPhase = ''
+      runHook preInstall
+
+      kpackagetool6 --install pkg --packageroot $out/share/kwin/scripts
+
+      runHook postInstall
+    '';
+
+    env.LANG = "C.UTF-8";
+
+    meta = with lib; {
+      description = "Auto-tiler that uses KWin 6+ tiling functionality";
+      license = licenses.mit;
+      maintainers = with maintainers; [peterhoeg];
+      inherit (kdePackages.kpackage.meta) platforms;
+    };
+  }
--- a/systems/default.nix
+++ b/systems/default.nix
@ -0,0 +1,13 @@
+{inputs, ...}: let
+  inherit (inputs) nixpkgs;
+  inherit (nixpkgs.lib) nixosSystem;
+in {
+  flake.nixosConfigurations.atreus = nixosSystem {
+    specialArgs = {inherit inputs;};
+    modules = [
+      {networking.hostName = "atreus";}
+      ../nixos/common/flake-support.nix
+      ../nixos
+    ];
+  };
+}