migrate remaining git.t-juice.club references to code.t-juice.club

Update flake inputs, MCP server URLs, and remove old GitHub Actions
workflows (will be replaced with new CI on Forgejo).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.github/workflows/actions-check.yaml

@@ -1,33 +0,0 @@
-name: Check actions
-on:
-  push:
-    paths:
-      - .github/workflows/*.yaml
-      - .github/workflows/*.yml
-  pull_request:
-    paths:
-      - .github/workflows/*.yaml
-      - .github/workflows/*.yml
-
-jobs:
-  check-actions-actionlint:
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/catthehacker/ubuntu:runner-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v5
-        with:
-          go-version: '1.23'
-      - run: |
-          go install github.com/rhysd/actionlint/cmd/actionlint@latest
-          actionlint .github/workflows/*.yaml
-  check-actions-yamllint:
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/catthehacker/ubuntu:runner-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v5
-      - run: |
-          pipx run yamllint .github/workflows/*.yaml

.github/workflows/flake-check.yaml

@@ -1,14 +0,0 @@
-name: Run nix flake check
-on:
-  push:
-  pull_request:
-
-jobs:
-  flake-check:
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/catthehacker/ubuntu:runner-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: cachix/install-nix-action@v27
-      - run: nix flake check

.github/workflows/flake-update.yaml

@@ -1,36 +0,0 @@
----
-name: Periodic flake update
-on:  # yamllint disable-line rule:truthy
-  schedule:
-    - cron: "0 */2 * * *"
-
-permissions:
-  contents: write
-
-jobs:
-  flake-update:
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/catthehacker/ubuntu:runner-latest
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          ref: master
-      - uses: cachix/install-nix-action@v27
-      - name: configure git
-        env:
-          SSH_PRIVKEY: ${{ secrets.BOT_SSH_PRIVKEY }}
-          SSH_PUBKEY: ${{ secrets.BOT_SSH_PUBKEY }}
-        run: |
-          echo "$SSH_PRIVKEY" > "$RUNNER_TEMP/id_ed25519"
-          echo "$SSH_PUBKEY" > "$RUNNER_TEMP/id_ed25519.pub"
-          chmod -R 0600 "$RUNNER_TEMP/id_ed25519.pub" "$RUNNER_TEMP/id_ed25519"
-          git config --global user.name 'torjus-bot'
-          git config --global user.email 'torjus-bot@git.t-juice.club'
-          git config --global user.signingKey "$RUNNER_TEMP/id_ed25519.pub"
-          git config --global gpg.format ssh
-          git config --global commit.gpgsign true
-      - name: flake update
-        run: nix flake update --commit-lock-file
-      - name: push
-        run: git push

.mcp.json

@@ -2,28 +2,28 @@
   "mcpServers": {
     "nixpkgs-options": {
       "command": "nix",
-      "args": ["run", "git+https://git.t-juice.club/torjus/labmcp#nixpkgs-search", "--", "options", "serve"],
+      "args": ["run", "git+https://code.t-juice.club/torjus/labmcp#nixpkgs-search", "--", "options", "serve"],
       "env": {
         "NIXPKGS_SEARCH_DATABASE": "sqlite:///run/user/1000/labmcp/nixpkgs-search.db"
       }
     },
     "nixpkgs-packages": {
       "command": "nix",
-      "args": ["run", "git+https://git.t-juice.club/torjus/labmcp#nixpkgs-search", "--", "packages", "serve"],
+      "args": ["run", "git+https://code.t-juice.club/torjus/labmcp#nixpkgs-search", "--", "packages", "serve"],
       "env": {
         "NIXPKGS_SEARCH_DATABASE": "sqlite:///run/user/1000/labmcp/nixpkgs-search.db"
       }
     },
     "hm-options": {
       "command": "nix",
-      "args": ["run", "git+https://git.t-juice.club/torjus/labmcp#hm-options", "--", "serve"],
+      "args": ["run", "git+https://code.t-juice.club/torjus/labmcp#hm-options", "--", "serve"],
       "env": {
         "HM_OPTIONS_DATABASE": "sqlite:///run/user/1000/labmcp/hm-options.db"
       }
     },
     "git-explorer": {
       "command": "nix",
-      "args": ["run", "git+https://git.t-juice.club/torjus/labmcp#git-explorer", "--", "serve"],
+      "args": ["run", "git+https://code.t-juice.club/torjus/labmcp#git-explorer", "--", "serve"],
       "env": {
         "GIT_REPO_PATH": "/home/torjus/git/nixos-servers"
       }

.sops.yaml

@@ -23,3 +23,4 @@ creation_rules:
       - age:
         - *admin_torjus
         - *server_magicman
+        - *server_gunter

CLAUDE.md

@@ -24,8 +24,8 @@ nix build .#nixosConfigurations.magicman.config.system.build.toplevel
 nix develop
 ```
 
-If config clearly only affects one host, bulding for just the relevant host is enough.
+If config clearly only affects one host, building for just the relevant host is enough.
-Otherwise, build both.
+Otherwise, build both. **Always ask before building gunter** — it takes a long time.
 
 If moving things around, you can use `nix eval` before and after changes to check that things remain the same.
 ```

docs/gunter-monitor-issues.md

@@ -7,9 +7,11 @@ Two of the four monitors on gunter (desktop) intermittently fail to work on star
 ## System Configuration
 
 - **GPU**: NVIDIA GeForce RTX 3080 Ti
-- **Driver**: NVIDIA open driver 590.48.01 (beta)
+- **Driver**: NVIDIA proprietary driver 590.48.01 (beta)
-- **Kernel**: 6.18.8
+- **Kernel**: 6.18.12
 - **Compositor**: Hyprland
+- **Open driver**: `false` (switched from open to proprietary 2026-02-21)
+- **Initrd nvidia modules**: None (removed 2026-03-03, was bloating initrd to 191MB)
 
 ### Monitor Setup
 
@@ -26,7 +28,7 @@ The GPU only has 3 DisplayPort outputs, so one Samsung monitor is connected to t
 
 ### Kernel Errors
 
-The following errors appear in the kernel log during boot (17-27 seconds after boot start):
+The following errors appear in the kernel log during boot:
 
 ```
 [drm:nv_drm_dev_load [nvidia_drm]] *ERROR* [nvidia-drm] [GPU ID 0x00000100] Failed to add connector for NvKmsKapiDisplay 0x00000800
@@ -37,25 +39,44 @@ The following errors appear in the kernel log during boot (17-27 seconds after b
 
 ### Root Cause Analysis
 
-1. **MST timing issues** - The downstream Samsung monitor isn't ready when the driver tries to enumerate the daisy chain during boot
+1. **MST timing issues** - The downstream Samsung monitor isn't ready when the driver tries to enumerate the daisy chain during boot. The MST topology hasn't been negotiated yet when the driver first probes, regardless of how early or late it loads.
-2. **NVIDIA open driver MST bugs** - The open-source driver (`hardware.nvidia.open = true`) has historically had more MST issues than the proprietary one
+2. **Power sequencing** - The monitors may need more time to negotiate the MST link during cold boot
-3. **Power sequencing** - The monitors may need more time to negotiate the MST link during cold boot
 
-## Potential Solutions
+## Changes Made
 
-1. **Switch to proprietary driver** - Change `hardware.nvidia.open = false` in `hosts/gunter/configuration.nix`
+### 2026-02-21: Switch to proprietary driver + initrd loading
 
-2. **Add boot delay for nvidia-drm** - Add kernel parameter `nvidia-drm.load_on_init=0` to defer initialization
+**Change 1: `hardware.nvidia.open = false`** (previously `true`)
 
-3. **Try different nvidia module options** - Add to `boot.extraModprobeConfig`:
+With the open driver, boot produced 7 errors including flip event timeouts and kernel WARNING stack traces:
-   ```nix
+```
-   options nvidia-drm modeset=1 fbdev=1
+Failed to add connector for NvKmsKapiDisplay 0x00000800
-   options nvidia NVreg_PreserveVideoMemoryAllocations=1
+Failed to get dynamic displays
-   ```
+Flip event timeout on head 0
+Flip event timeout on head 1
+Failed to add encoder for NvKmsKapiDisplay 0x00000001
+WARNING: CPU: 5 PID: 1169 at nvidia-drm/nvidia-drm-crtc.h:328 __nv_drm_handle_flip_event (x2)
+```
 
-4. **Check monitor firmware** - Samsung LS27A600U monitors have had MST firmware updates
+With the proprietary driver, only the 2 MST enumeration errors remain. The flip timeouts and kernel warnings are gone. The driver handles the MST failure much more gracefully.
 
-5. **Reduce link rate during boot** - Lower refresh rate to 60Hz initially to reduce bandwidth requirements
+**Change 2: Load nvidia modules in initrd** (`boot.initrd.kernelModules`)
+
+Without initrd loading, the nvidia driver took ~22 seconds to initialize (11s to first error, 10 more to give up on dynamic displays). During this time monitors lost signal and went to sleep.
+
+With initrd loading, the driver loads and initializes in under 1 second. However, the same two MST errors still occur - the MST topology simply isn't ready yet regardless of timing.
+
+**Result**: Subjectively improved - monitors now typically recover after a single power cycle instead of requiring multiple attempts. The boot process is also faster with no 20+ second black screen hang.
+
+## Remaining Solutions to Try
+
+1. **Display rescan service** - Create a systemd service that triggers the nvidia driver to re-enumerate displays a few seconds after boot. This could auto-detect MST monitors without manual power cycling.
+
+2. **Remove `quiet splash`** from kernel params - Keeps console output active during boot, which maintains an active DP signal through the UEFI-to-kernel transition and may help keep the MST link alive.
+
+3. **Check monitor firmware** - Samsung LS27A600U monitors have had MST firmware updates. Updating could improve MST link negotiation reliability.
+
+4. **Reduce initial link rate** - Lower refresh rate to 60Hz initially to reduce DP bandwidth requirements during MST negotiation, potentially making link training more reliable.
 
 ## Useful Diagnostic Commands
 
@@ -98,7 +119,3 @@ done
 
 - `hosts/gunter/configuration.nix` - NVIDIA driver settings
 - `home/hosts/gunter/default.nix` - Hyprland monitor configuration
-
-## Date Investigated
-
-2025-02-06

docs/magicman-keyboard-luks.md

@@ -0,0 +1,156 @@
+# Magicman: PS/2 Keyboard Broken at LUKS Prompt After BIOS Update
+
+## Issue
+
+After updating the ThinkPad L14 Gen 4 (21H2S3US00) BIOS to version R24ET51W (1.34)
+via `fwupdmgr`, the built-in laptop keyboard no longer works during the LUKS disk
+encryption password prompt. An external USB keyboard must be used to unlock the disk.
+The laptop keyboard works normally after boot.
+
+## Machine Details
+
+- **Model**: Lenovo ThinkPad L14 Gen 4 (21H2S3US00)
+- **BIOS**: R24ET51W (1.34), dated 2025-10-31
+- **EC**: R24HT33W
+- **Date**: 2026-03-06
+
+### What fwupdmgr Installed
+
+- System Firmware: 0.1.12 → 0.1.34
+- UEFI dbx: 20230301 → 20250902
+- KEK CA: 2011 → 2023
+
+## Symptoms
+
+- Laptop keyboard does not respond at the LUKS password prompt (neither systemd nor scripted initrd)
+- USB keyboard works fine at the LUKS prompt
+- Laptop keyboard works immediately after boot (at greetd login)
+- Text typed on the laptop keyboard during LUKS prompt sometimes partially appears
+  at the greetd username field after boot, indicating the keyboard hardware IS generating
+  scancodes that get buffered and flushed later
+
+## Kernel Errors
+
+Every boot shows these errors from the atkbd driver:
+
+```
+atkbd serio0: Failed to deactivate keyboard on isa0060/serio0
+atkbd serio0: Failed to enable keyboard on isa0060/serio0
+input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input0
+atkbd serio0: Spurious ACK on isa0060/serio0. Some program might be trying to access hardware directly.
+```
+
+The keyboard device IS registered despite the errors, and the `kbd` input handler
+binds to it (`Handlers=sysrq kbd leds event6`).
+
+## Root Cause Analysis
+
+The BIOS update changed the PS/2 controller (i8042) initialization behavior. The atkbd
+driver sends a deactivate command (0xF5) during init, which likely succeeds at disabling
+the keyboard even though the ACK times out. The subsequent enable command (0xF4) also
+times out without re-enabling it. The keyboard stays disabled at the hardware level —
+it queues keypresses in its small internal buffer (~16 keys) but doesn't send scancodes
+to the host until something re-enables it during full boot. This is NOT a timing issue —
+leaving the system at the LUKS prompt for several minutes does not fix the keyboard.
+Something specific that happens later in the boot process (likely during switch-root
+when udev re-processes devices) re-enables the keyboard.
+
+## What Was Tried
+
+### Kernel Parameters (none helped)
+
+- `i8042.dumbkbd` — skip keyboard reset during i8042 probe
+- `i8042.nopnp` — don't use PNP to discover controllers
+- `i8042.reset` — force i8042 controller reset
+- `i8042.nomux` — don't probe for MUX
+- `atkbd.reset` — reset keyboard during atkbd init
+- `console=tty1` — explicitly route console I/O to tty1
+- Various combinations of the above
+
+### Initrd Module Loading
+
+- Added `i8042`, `atkbd`, `thinkpad_acpi` to `boot.initrd.kernelModules`
+- `thinkpad_acpi` loads the EC driver early, but didn't help
+
+### Initrd Services
+
+- Created `keyboard-reconnect` systemd service that runs before `systemd-cryptsetup@root.service`
+- Tried `echo reconnect > /sys/bus/serio/devices/serio0/drvctl` — reconnect also fails
+- Tried full module reload: `rmmod atkbd; rmmod i8042; sleep N; modprobe i8042; modprobe atkbd`
+  - Tested with sleep 2 and sleep 8
+  - The reload creates a new serio device (serio2) but initialization fails identically
+
+### Plymouth
+
+- Disabled Plymouth (`boot.plymouth.enable = false`) — no effect
+- Tested `plymouth.enable=0` on kernel command line — no effect
+- Confirmed password agent falls back to `systemd-tty-ask-password-agent` on `/dev/tty1`
+
+### Scripted Initrd
+
+- Switched from systemd initrd to scripted initrd (`boot.initrd.systemd.enable = false`)
+- Uses a completely different password prompt mechanism (shell `read`)
+- Same result — keyboard still doesn't work
+
+### BIOS
+
+- Checked BIOS settings — no relevant keyboard/PS/2 options available
+- `fwupdmgr get-updates` shows no newer BIOS version available
+
+## Planned Fix: TPM + Secure Boot Auto-Unlock
+
+### Approach
+
+Use TPM2-based LUKS unlock with Secure Boot to bypass the keyboard requirement entirely.
+
+- **lanzaboote** — replaces systemd-boot, produces signed Unified Kernel Images (UKIs)
+  that bundle kernel + initrd + cmdline into a single signed EFI binary
+- **Secure Boot** — ensures only signed code can boot, prevents tampering with boot chain
+- **TPM2 unlock** — `systemd-cryptenroll` binds LUKS key to TPM PCR 7 (Secure Boot policy)
+- **Passphrase kept as fallback** — if TPM/Secure Boot state changes, unlock with USB keyboard + password
+
+### Why PCR 7 Only
+
+Binding to PCR 7 alone means kernel/initrd updates (frequent on nixos-unstable) do NOT
+require re-enrollment. PCR 7 only changes when Secure Boot keys or policy change.
+
+Cmdline tampering is prevented by lanzaboote's UKI approach — the cmdline is embedded in
+the signed binary and cannot be edited at the bootloader.
+
+### Setup Steps
+
+1. Install `sbctl` and create Secure Boot signing keys
+2. Put BIOS into Secure Boot "Setup Mode" and enroll custom keys (include Microsoft keys for fwupd)
+3. Enable lanzaboote in NixOS config (replaces systemd-boot)
+4. Rebuild, verify Secure Boot works
+5. Enroll TPM with `systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7`
+
+After setup, `nixos-rebuild switch/boot` works as usual — lanzaboote automatically signs
+each new generation.
+
+### Security Considerations
+
+**Protected against:**
+- Offline disk read (pull SSD, boot USB)
+- Boot chain tampering (unsigned code won't boot)
+- Cmdline editing (locked into signed UKI)
+
+**Remaining attack surface:**
+- Stolen while suspended — disk is decrypted in RAM, only screen lock protects.
+  Consider hibernate instead of suspend (hibernate locks LUKS since RAM is powered off).
+- Network services — system is fully running after boot, exposed services are reachable
+- DMA attacks via Thunderbolt/PCIe — mitigated by IOMMU (should be on by default)
+- Cold boot attacks — exotic, requires freezing RAM
+
+For a stolen-laptop scenario this is solid. The biggest practical risk is theft while
+the laptop is suspended.
+
+### Other Considered Alternatives
+
+- **BIOS update from Lenovo** fixing the PS/2 controller init sequence
+- **Kernel patch** to handle the failed enable more gracefully
+- **TPM + PIN** — not viable due to the same PS/2 keyboard issue at the PIN prompt
+
+## Current Workaround
+
+Use an external USB keyboard to enter the LUKS password at boot.

flake.lock

@@ -1,5 +1,23 @@
 {
   "nodes": {
+    "catppuccin": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1772983749,
+        "narHash": "sha256-IRC/YpTVMDr/lMmWMEc+JU4d+L9z3v38jZuj0jSLaW0=",
+        "owner": "catppuccin",
+        "repo": "nix",
+        "rev": "3594e4c94994515e0e32884dad20ca70ae88fc49",
+        "type": "github"
+      },
+      "original": {
+        "owner": "catppuccin",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
     "ghettoptt": {
       "inputs": {
         "nixpkgs": [
@@ -7,18 +25,18 @@
         ]
       },
       "locked": {
-        "lastModified": 1728602333,
+        "lastModified": 1773164481,
-        "narHash": "sha256-sKbnng/g4ijuKcjShBi7oPxyUrCnMJDDy17U9W/TuMg=",
+        "narHash": "sha256-pAHExVIUqQdnaKniNTdlxheQ/IOU3nTeEV/DRrCc8wg=",
         "ref": "master",
-        "rev": "84fcfdde62de9888d3af8bcb0d7134137b276b55",
+        "rev": "bb7f415c08d6189514dce8c43d69eea6372f0528",
-        "revCount": 23,
+        "revCount": 24,
         "type": "git",
-        "url": "https://git.t-juice.club/torjus/ghettoptt"
+        "url": "https://code.t-juice.club/torjus/ghettoptt"
       },
       "original": {
         "ref": "master",
         "type": "git",
-        "url": "https://git.t-juice.club/torjus/ghettoptt"
+        "url": "https://code.t-juice.club/torjus/ghettoptt"
       }
     },
     "home-manager": {
@@ -28,11 +46,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1770818644,
+        "lastModified": 1772985285,
-        "narHash": "sha256-DYS4jIRpRoKOzJjnR/QqEd/MlT4OZZpt8CrBLv+cjsE=",
+        "narHash": "sha256-wEEmvfqJcl9J0wyMgMrj1TixOgInBW/6tLPhWGoZE3s=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "0acbd1180697de56724821184ad2c3e6e7202cd7",
+        "rev": "5be5d8245cbc7bc0c09fbb5f38f23f223c543f85",
         "type": "github"
       },
       "original": {
@@ -51,18 +69,18 @@
         "uv2nix": "uv2nix"
       },
       "locked": {
-        "lastModified": 1757974387,
+        "lastModified": 1773164725,
-        "narHash": "sha256-vVFZTB3NxJCH91aaAtop3MEZcilPQ273epV1gcnQE4s=",
+        "narHash": "sha256-FNW+hOB6NCEpZt73FPiafLBPfwnSdTJeaGNCN3r+zEQ=",
         "ref": "master",
-        "rev": "b341e613337b87cef7a0f4ea05d677288cafa3fb",
+        "rev": "e5226d3e32180eb59edae6c29053854dda82750c",
-        "revCount": 33,
+        "revCount": 34,
         "type": "git",
-        "url": "https://git.t-juice.club/torjus/huecli"
+        "url": "https://code.t-juice.club/torjus/huecli"
       },
       "original": {
         "ref": "master",
         "type": "git",
-        "url": "https://git.t-juice.club/torjus/huecli"
+        "url": "https://code.t-juice.club/torjus/huecli"
       }
     },
     "natstonotify": {
@@ -72,18 +90,18 @@
         ]
       },
       "locked": {
-        "lastModified": 1739302828,
+        "lastModified": 1773164311,
-        "narHash": "sha256-D6l5tAh1FDpdz9/tQC7kYhFPQzqI1HICwNh7fRejfrw=",
+        "narHash": "sha256-HRR4TBCGp5okWW2eV6vUTYAhUR7I+MNADtlOaIe8fec=",
         "ref": "master",
-        "rev": "bfcf518fe0b2fe19075667f7b22227376d102509",
+        "rev": "7e784076242f4bbcf63a35c14ea752bf7a285d8a",
-        "revCount": 7,
+        "revCount": 8,
         "type": "git",
-        "url": "https://git.t-juice.club/torjus/natstonotify"
+        "url": "https://code.t-juice.club/torjus/natstonotify"
       },
       "original": {
         "ref": "master",
         "type": "git",
-        "url": "https://git.t-juice.club/torjus/natstonotify"
+        "url": "https://code.t-juice.club/torjus/natstonotify"
       }
     },
     "nix-packages": {
@@ -93,31 +111,31 @@
         ]
       },
       "locked": {
-        "lastModified": 1757017925,
+        "lastModified": 1773106737,
-        "narHash": "sha256-QC1SkvyU5nQ32lju2GYK9ozuh/JYWXfWK/T7OC6dVls=",
+        "narHash": "sha256-/XL6Dn+SehMGlXvuKubNMcTk4iq2J75Z5cVO+HkIfDY=",
         "ref": "master",
-        "rev": "7723cb45020e1f561f527779540faa5901d34e4d",
+        "rev": "295b0bf12ec1849564bdaa8fc2cd0f19af1a2715",
-        "revCount": 31,
+        "revCount": 47,
         "type": "git",
-        "url": "https://git.t-juice.club/torjus/nix-packages"
+        "url": "https://code.t-juice.club/torjus/nix-packages"
       },
       "original": {
         "ref": "master",
         "type": "git",
-        "url": "https://git.t-juice.club/torjus/nix-packages"
+        "url": "https://code.t-juice.club/torjus/nix-packages"
       }
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1770562336,
+        "lastModified": 1772773019,
-        "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=",
+        "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
-        "owner": "nixos",
+        "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d6c71932130818840fc8fe9509cf50be8c64634f",
+        "rev": "aca4d95fce4914b3892661bcb80b8087293536c6",
         "type": "github"
       },
       "original": {
-        "owner": "nixos",
+        "owner": "NixOS",
         "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
@@ -139,6 +157,22 @@
         "type": "github"
       }
     },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1772773019,
+        "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "aca4d95fce4914b3892661bcb80b8087293536c6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixprstatus": {
       "inputs": {
         "nixpkgs": [
@@ -149,18 +183,18 @@
         "uv2nix": "uv2nix_2"
       },
       "locked": {
-        "lastModified": 1767871861,
+        "lastModified": 1773164966,
-        "narHash": "sha256-Oh0Y9bTvvMm3JQH/C/8XLCeemgvMDbIgFh1NSYFyINY=",
+        "narHash": "sha256-uwkLjHH6BmNzcF791y9ceUcfZtRu/v0+61d4/TbGLxY=",
         "ref": "master",
-        "rev": "b4e3e6de659bf8c96b84dd47249c71b357dd50c2",
+        "rev": "61c04a87f944cfc93b9f3f2904991c41664e28c5",
-        "revCount": 62,
+        "revCount": 63,
         "type": "git",
-        "url": "https://git.t-juice.club/torjus/nixprstatus"
+        "url": "https://code.t-juice.club/torjus/nixprstatus"
       },
       "original": {
         "ref": "master",
         "type": "git",
-        "url": "https://git.t-juice.club/torjus/nixprstatus"
+        "url": "https://code.t-juice.club/torjus/nixprstatus"
       }
     },
     "pyproject-build-systems": {
@@ -265,12 +299,13 @@
     },
     "root": {
       "inputs": {
+        "catppuccin": "catppuccin",
         "ghettoptt": "ghettoptt",
         "home-manager": "home-manager",
         "huecli": "huecli",
         "natstonotify": "natstonotify",
         "nix-packages": "nix-packages",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
         "nixpkgs-stable": "nixpkgs-stable",
         "nixprstatus": "nixprstatus",
         "sops-nix": "sops-nix"
@@ -283,11 +318,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1770683991,
+        "lastModified": 1772944399,
-        "narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=",
+        "narHash": "sha256-xTzsSd3r5HBeufSZ3fszAn0ldfKctvsYG7tT2YJg5gY=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033",
+        "rev": "c8e69670b316d6788e435a3aa0bda74eb1b82cc0",
         "type": "github"
       },
       "original": {

flake.nix

@@ -13,25 +13,28 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     ghettoptt = {
-      url = "git+https://git.t-juice.club/torjus/ghettoptt?ref=master";
+      url = "git+https://code.t-juice.club/torjus/ghettoptt?ref=master";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     huecli = {
-      url = "git+https://git.t-juice.club/torjus/huecli?ref=master";
+      url = "git+https://code.t-juice.club/torjus/huecli?ref=master";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     nix-packages = {
-      url = "git+https://git.t-juice.club/torjus/nix-packages?ref=master";
+      url = "git+https://code.t-juice.club/torjus/nix-packages?ref=master";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     nixprstatus = {
-      url = "git+https://git.t-juice.club/torjus/nixprstatus?ref=master";
+      url = "git+https://code.t-juice.club/torjus/nixprstatus?ref=master";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     natstonotify = {
-      url = "git+https://git.t-juice.club/torjus/natstonotify?ref=master";
+      url = "git+https://code.t-juice.club/torjus/natstonotify?ref=master";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    catppuccin = {
+      url = "github:catppuccin/nix";
+    };
   };
 
   outputs =
@@ -45,6 +48,7 @@
       huecli,
       natstonotify,
       nix-packages,
+      catppuccin,
       ...
     }@inputs:
     let

home/editor/neovim/default.nix

@@ -16,17 +16,21 @@
         cmp_luasnip
         copilot-cmp
         copilot-lua
-        lsp-zero-nvim
+        gitsigns-nvim
+        indent-blankline-nvim
         lualine-nvim
         luasnip
         nvim-cmp
         nvim-lspconfig
         plenary-nvim
         telescope-nvim
+        telescope-fzf-native-nvim
+        todo-comments-nvim
+        trouble-nvim
         undotree
         vim-floaterm
-        vim-fugitive
         vim-sleuth
+        which-key-nvim
         (nvim-treesitter.withPlugins (p: [
           p.tree-sitter-yaml
           p.tree-sitter-nix
@@ -57,7 +61,7 @@
 
     # LSPs
     gopls
-    pyright
+    basedpyright
     nodePackages.typescript-language-server
     nodePackages.typescript
     nil

home/editor/neovim/keybinds.lua

@@ -1,32 +1,57 @@
 -- Keybinds
-vim.keymap.set("n", "<Leader>ds", vim.diagnostic.open_float, { desc = "Show diagnostic" })
+
+-- Diagnostics
+vim.keymap.set("n", "<leader>ds", vim.diagnostic.open_float, { desc = "Show diagnostic" })
+vim.keymap.set("n", "<leader>dd", '<cmd>Trouble diagnostics toggle<CR>', { desc = "Diagnostics list" })
+vim.keymap.set("n", "<leader>db", '<cmd>Trouble diagnostics toggle filter.buf=0<CR>', { desc = "Buffer diagnostics" })
 
 -- Term
-vim.g.floaterm_keymap_toggle = '<leader>ft'
+vim.g.floaterm_keymap_toggle = '<leader>T'
 
 -- Tabs
-vim.keymap.set('n', '<leader>n', ':tabnew<CR>',
+vim.keymap.set('n', '<leader>tn', ':tabnew<CR>',
-	{ silent = true, desc = '[N]ew tab' })
+	{ silent = true, desc = 'New tab' })
-vim.keymap.set('n', '<leader>p', ':tabnext<CR>',
+vim.keymap.set('n', '<leader>tp', ':tabnext<CR>',
-	{ silent = true, desc = '[p]Next tab' })
+	{ silent = true, desc = 'Next tab' })
-vim.keymap.set('n', '<leader>P', ':tabprev<CR>',
+vim.keymap.set('n', '<leader>tP', ':tabprev<CR>',
-	{ silent = true, desc = '[P]Previous tab' })
+	{ silent = true, desc = 'Previous tab' })
 
 -- Telescope
 vim.keymap.set('n', '<leader>?', require('telescope.builtin').oldfiles,
-	{ desc = '[?] FInd recently opened files' })
+	{ desc = 'Find recently opened files' })
 vim.keymap.set('n', '<leader>ff', require('telescope.builtin').find_files,
-	{ desc = '[F]ind [F]iles' })
+	{ desc = 'Find files' })
-vim.keymap.set('n', '<leader>ff', require('telescope.builtin').find_files,
-	{ desc = '[F]ind [F]iles' })
 vim.keymap.set('n', '<leader>fg', require('telescope.builtin').live_grep,
-	{ desc = '[F]ind by [G]rep' })
+	{ desc = 'Find by grep' })
+vim.keymap.set('n', '<leader>fb', require('telescope.builtin').buffers,
+	{ desc = 'Find buffers' })
+vim.keymap.set('n', '<leader>fd', require('telescope.builtin').diagnostics,
+	{ desc = 'Find diagnostics' })
+vim.keymap.set('n', '<leader>fw', require('telescope.builtin').grep_string,
+	{ desc = 'Find word under cursor' })
 
--- Tabs
+-- Undotree
-vim.keymap.set('n', '<leader>tt', ':tabnew<cr>')
+vim.keymap.set('n', '<leader>u', vim.cmd.UndotreeToggle,
-vim.keymap.set('n', '<leader>tn', ':tabnext<cr>')
+	{ desc = 'Toggle undotree' })
-vim.keymap.set('n', '<leader>tp', ':tabprevious<cr>')
+
+-- Gitsigns
+local gs = require('gitsigns')
+vim.keymap.set('n', ']h', gs.next_hunk, { desc = 'Next git hunk' })
+vim.keymap.set('n', '[h', gs.prev_hunk, { desc = 'Previous git hunk' })
+vim.keymap.set('n', '<leader>gs', gs.stage_hunk, { desc = 'Stage hunk' })
+vim.keymap.set('n', '<leader>gr', gs.reset_hunk, { desc = 'Reset hunk' })
+vim.keymap.set('n', '<leader>gS', gs.stage_buffer, { desc = 'Stage buffer' })
+vim.keymap.set('n', '<leader>gR', gs.reset_buffer, { desc = 'Reset buffer' })
+vim.keymap.set('n', '<leader>gp', gs.preview_hunk, { desc = 'Preview hunk' })
+vim.keymap.set('n', '<leader>gb', gs.blame_line, { desc = 'Blame line' })
+
+-- Todo comments
+vim.keymap.set('n', ']t', function() require('todo-comments').jump_next() end, { desc = 'Next todo comment' })
+vim.keymap.set('n', '[t', function() require('todo-comments').jump_prev() end, { desc = 'Previous todo comment' })
+vim.keymap.set('n', '<leader>ft', '<cmd>TodoTelescope<CR>', { desc = 'Find TODOs' })
 
 -- LSP
-vim.keymap.set('n', 'gD', vim.lsp.buf.declaration)
+vim.keymap.set('n', '<leader>lr', vim.lsp.buf.rename, { desc = 'Rename' })
-vim.keymap.set('n', 'gd', vim.lsp.buf.definition)
+vim.keymap.set('n', '<leader>la', vim.lsp.buf.code_action, { desc = 'Code action' })
+vim.keymap.set('n', '<leader>lf', function() vim.lsp.buf.format({ async = false }) end,
+	{ desc = 'Format' })

home/editor/neovim/plugins.lua

@@ -1,25 +1,13 @@
 -- Plugins
 
--- LSP stuff
+-- Format on save for nix, lua, ts/js
-local lsp_zero = require('lsp-zero')
+vim.api.nvim_create_autocmd("BufWritePre", {
-
+	pattern = { "*.nix", "*.lua", "*.ts", "*.tsx", "*.js" },
-
+	callback = function()
-lsp_zero.on_attach(function(_, bufnr)
+		vim.lsp.buf.format({ async = false, timeout_ms = 10000 })
-	lsp_zero.default_keymaps({ buffer = bufnr })
+	end,
-end)
-
-lsp_zero.format_on_save({
-	format_opts = {
-		async = false,
-		timeout_ms = 10000,
-	},
-	servers = {
-		['gopls'] = { 'go' },
-		['nil_ls'] = { 'nix' },
-		['lua_ls'] = { 'lua' },
-		['ts_ls'] = { 'typescript', 'javascript', 'typescriptreact' },
-	},
 })
+
 -- LSP: go
 vim.lsp.config("gopls", {
 	settings = {
@@ -158,14 +146,12 @@ vim.api.nvim_create_autocmd("LspAttach", {
 	desc = 'LSP: Disable hover capability from Ruff',
 })
 
--- Pyright
+-- Basedpyright
-vim.lsp.config("pyright", {
+vim.lsp.config("basedpyright", {
 	settings = {
-		pyright = {
+		basedpyright = {
 			-- Using Ruff's import organizer
 			disableOrganizeImports = true,
-		},
-		python = {
 			analysis = {
 				-- Ignore all files for analysis to exclusively use Ruff for linting
 				ignore = { '*' },
@@ -173,7 +159,10 @@ vim.lsp.config("pyright", {
 		},
 	},
 })
-vim.lsp.enable({ "pyright" })
+vim.lsp.enable({ "basedpyright" })
+
+-- Gitsigns
+require('gitsigns').setup()
 
 -- Telescope
 require('telescope').setup({
@@ -186,8 +175,9 @@ require('telescope').setup({
 		}
 	},
 })
+require('telescope').load_extension('fzf')
 
--- Tresitter stuff
+-- Treesitter
 require('nvim-treesitter').setup {
 	ensure_installed = {},
 	auto_install = false,
@@ -262,12 +252,12 @@ require('copilot_cmp').setup()
 
 -- Cmp
 local cmp = require('cmp')
-local cmp_action = lsp_zero.cmp_action()
+local luasnip = require('luasnip')
 
 cmp.setup({
 	snippet = {
 		expand = function(args)
-			require('luasnip').lsp_expand(args.body)
+			luasnip.lsp_expand(args.body)
 		end,
 	},
 	mapping = cmp.mapping.preset.insert({
@@ -275,9 +265,25 @@ cmp.setup({
 		['<CR>'] = cmp.mapping.confirm({ select = false }),
 		-- Ctrl+Space to open completion menu
 		['<C-Space>'] = cmp.mapping.complete(),
-		-- Move between snippet placeholders
+		-- Tab to select next item or jump in snippet
-		['<C-f>'] = cmp_action.luasnip_jump_forward(),
+		['<Tab>'] = cmp.mapping(function(fallback)
-		['<C-b>'] = cmp_action.luasnip_jump_backward(),
+			if cmp.visible() then
+				cmp.select_next_item()
+			elseif luasnip.expand_or_jumpable() then
+				luasnip.expand_or_jump()
+			else
+				fallback()
+			end
+		end, { 'i', 's' }),
+		['<S-Tab>'] = cmp.mapping(function(fallback)
+			if cmp.visible() then
+				cmp.select_prev_item()
+			elseif luasnip.jumpable(-1) then
+				luasnip.jump(-1)
+			else
+				fallback()
+			end
+		end, { 'i', 's' }),
 		-- Scroll in completion docs
 		['<C-k>'] = cmp.mapping.scroll_docs(-4),
 		['<C-j>'] = cmp.mapping.scroll_docs(4),
@@ -292,6 +298,29 @@ cmp.setup({
 })
 
 
+-- Indent blankline
+require('ibl').setup()
+
+-- Trouble
+require('trouble').setup({
+	icons = false,
+})
+
+-- Todo comments
+require('todo-comments').setup({
+	signs = false,
+})
+
+-- Which-key
+require('which-key').setup()
+require('which-key').add({
+	{ "<leader>d", group = "Diagnostics" },
+	{ "<leader>f", group = "Find" },
+	{ "<leader>g", group = "Git" },
+	{ "<leader>l", group = "LSP" },
+	{ "<leader>t", group = "Tabs" },
+})
+
 -- Colorscheme
 require('catppuccin').setup {
 }

home/hosts/gunter/default.nix

@@ -17,11 +17,13 @@
       {
         imports = [
           inputs.sops-nix.homeManagerModules.sops
+          inputs.catppuccin.homeModules.catppuccin
           ../../editor/neovim
           ../../hyprland
           ../../packages
           ../../programs/dunst
           ../../programs/git
+          ../../programs/gtk
           ../../programs/firefox
           ../../programs/kitty
           ../../programs/obs-studio
@@ -108,6 +110,8 @@
         };
         programs.home-manager.enable = true;
 
+        services.dunst.settings.global.monitor = "DP-1";
+
         # Custom options
         torjus.home.obs = {
           enable = true;

home/hosts/magicman/default.nix

@@ -17,17 +17,19 @@
       {
         imports = [
           inputs.sops-nix.homeManagerModules.sops
+          inputs.catppuccin.homeModules.catppuccin
           ../../sops
           ../../services/labmcp.nix
           ../../editor/neovim
+          ../../programs/claude-code
           ../../programs/firefox
           ../../programs/tmux
           ../../programs/dunst
           ../../programs/kitty
+          ../../programs/gtk
           ../../programs/rofi
           ../../programs/obs-studio
           ../../programs/vscode
-          ../../programs/pywal
           ../../scripts
           ../../scripts/batlvl.nix
           ../../zsh
@@ -39,6 +41,11 @@
         tmux.enable = true;
         hyprland.enable = true;
         hyprland.monitors = [ "eDP-1,1920x1080@60,0x0,1" ];
+        wayland.windowManager.hyprland.settings = {
+          input.touchpad = {
+            natural_scroll = false;
+          };
+        };
         hyprland.extraKeybinds = [
           # Workspace keybinds
           "$mainMod,1,workspace,1"
@@ -59,6 +66,7 @@
           homeDirectory = "/home/${user}";
           stateVersion = "23.11";
         };
+        services.dunst.settings.global.monitor = "eDP-1";
         torjus.home.obs.enable = true;
         programs.home-manager.enable = true;
       };

home/hyprland/cursor.nix

@@ -9,5 +9,4 @@
     size = 32;
   };
 
-  gtk.enable = true;
 }

home/hyprland/default.nix

@@ -73,7 +73,6 @@ in
       [
         dunst
         hyprpaper
-        rofi
         slurp
         swww
         waybar
@@ -183,7 +182,10 @@ in
           name = "wacom-one-by-wacom-m-pen";
         };
 
-        cursor = optionalAttrs cfg.cursorNoHardware {
+        cursor = {
+          hide_on_key_press = true;
+        }
+        // optionalAttrs cfg.cursorNoHardware {
           no_hardware_cursors = true;
         };
 
@@ -204,6 +206,7 @@ in
           gaps_out = 10;
           border_size = 2;
           layout = "dwindle";
+          resize_on_border = true;
         };
 
         animations = {
@@ -233,10 +236,14 @@ in
         misc = {
           force_default_wallpaper = 0;
           disable_hyprland_logo = true;
+          disable_splash_rendering = true;
+          key_press_enables_dpms = true;
+          mouse_move_enables_dpms = true;
         };
 
         ecosystem = {
           no_update_news = true;
+          no_donation_nag = true;
         };
 
         windowrule = [
@@ -261,8 +268,9 @@ in
           # term
           "$mainMod,Return,exec,$term"
           # rofi
-          "$mainMod,D,exec,rofi-launcher"
+          "$mainMod,D,exec,rofi -show drun"
           "$mainMod,P,exec,rofi-rbw"
+          "$mainMod,E,exec,rofi -show emoji"
           # hyprlock
           "$shiftMainMod,l,exec,${pkgs.hyprlock}/bin/hyprlock"
           # hyprland

home/hyprland/waybar/default.nix

@@ -24,15 +24,9 @@ in
   sops.secrets."radarr_base_url" = { };
   sops.secrets."radarr_api_key" = { };
 
-  xdg.configFile."waybar/macchiato.css" = {
+  catppuccin.waybar = {
-    source =
+    enable = true;
-      pkgs.fetchFromGitHub {
+    flavor = "macchiato";
-        owner = "catppuccin";
-        repo = "waybar";
-        rev = "f74ab1eecf2dcaf22569b396eed53b2b2fbe8aff";
-        sha256 = "WLJMA2X20E5PCPg0ZPtSop0bfmu+pLImP9t8A8V4QK8=";
-      }
-      + "/themes/macchiato.css";
   };
 
   programs.waybar = {
@@ -42,7 +36,6 @@ in
       target = "graphical-session.target";
     };
     style = ''
-      @import "macchiato.css";
       * {
         border: none;
         font-family: "JetbrainsMono Nerd Font";
@@ -137,6 +130,7 @@ in
       #pulseaudio,
       #network,
       #battery,
+      #disk,
       #custom-powermenu,
       #custom-arrhist {
         padding-left: 12px;
@@ -164,6 +158,7 @@ in
             (lib.mkIf (withArrhist) "custom/arrhist")
             "pulseaudio"
             "pulseaudio#microphone"
+            "disk"
             "memory"
             "cpu"
             (lib.mkIf (withBattery) "battery")
@@ -217,6 +212,15 @@ in
             "interval" = 3;
             "format" = " {usage}%";
           };
+          "disk" = {
+            "interval" = 30;
+            "format" = "󰋊 {percentage_used}%";
+            "path" = "/";
+            "tooltip-format" = "{used} / {total}";
+            "states" = {
+              "warning" = 85;
+            };
+          };
           "tray" = {
             "icon-size" = 15;
             "spacing" = 6;

home/packages/default.nix

@@ -30,6 +30,7 @@ in
     kubectl
     lazygit
     lf
+    mdcat
     ncdu
     nvd
     nurl
@@ -56,7 +57,6 @@ in
     alacritty
     discord
     feh
-    krita
     mpv
     mumble
     pamixer
@@ -98,6 +98,7 @@ in
     rust-analyzer
 
     # Homemade shit
+    forgejo-mcp
     ghettoptt
     huecli
     nixprstatus
@@ -115,7 +116,7 @@ in
     (lutris.override {
       extraLibraries = pkgs: [
         nspr
-        xorg.libXdamage
+        libxdamage
       ];
     })
   ];

home/programs/claude-code/default.nix

@@ -1,5 +1,13 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
+let
+  forgejo-mcp-wrapper = pkgs.writeShellScript "forgejo-mcp-wrapper" ''
+    export FORGEJO_ACCESS_TOKEN="$(cat ${config.sops.secrets.forgejo_access_token.path})"
+    exec forgejo-mcp --transport stdio --url https://code.t-juice.club
+  '';
+in
 {
+  sops.secrets."forgejo_access_token" = { };
+
   programs.claude-code = {
     enable = true;
     package = pkgs.claude-code-bin;
@@ -13,6 +21,13 @@
       pr = ./skills/pr;
     };
 
+    mcpServers = {
+      forgejo = {
+        type = "stdio";
+        command = "${forgejo-mcp-wrapper}";
+      };
+    };
+
     settings = {
       model = "opus";
       enabledPlugins = {
@@ -41,11 +56,22 @@
           "Read(**/*.tfvars)"
           "Read(.env)"
           "Read(**/.env)"
-          "Read(./secrets/**)"
-          "Read(.sops.yaml)"
           "Read(~/.ssh/*)"
         ];
       };
+      hooks = {
+        PostToolUse = [
+          {
+            matcher = "EnterPlanMode";
+            hooks = [
+              {
+                type = "command";
+                command = "echo 'A plan is being created. If this session has not been renamed yet, suggest a concise, descriptive session name based on the conversation so far and ask the user to run /rename <suggested-name>.'";
+              }
+            ];
+          }
+        ];
+      };
       statusLine = {
         type = "command";
         command = ''input=$(cat); echo "$(basename "$(echo "$input" | jq -r '.workspace.current_dir')") | $(echo "$input" | jq -r '.model.display_name')"'';

home/programs/dunst/default.nix

@@ -4,6 +4,11 @@
 }:
 
 {
+  catppuccin.dunst = {
+    enable = true;
+    flavor = "macchiato";
+  };
+
   services.dunst = {
     enable = true;
     iconTheme = {
@@ -13,7 +18,7 @@
     settings = {
       global = {
         origin = "top-right";
-        monitor = "4";
+        follow = "none";
         alignment = "left";
         vertical_alignment = "center";
         width = "(0, 400)";
@@ -36,10 +41,8 @@
         history_length = 20;
         always_run_script = true;
         corner_radius = 10;
-        # follow = "mouse";
+        font = "JetBrainsMono Nerd Font 10";
-        font = "Source Sans Pro 10";
+        format = "<b>%s</b>\\n%b";
-        format = "<b>%s</b>\\n%b"; # format = "<span foreground='#f3f4f5'><b>%s %p</b></span>\n%b"
-        frame_color = "#232323";
         frame_width = 1;
         offset = "(15, 15)";
         horizontal_padding = 10;
@@ -61,19 +64,6 @@
       fullscreen_delay_everything = {
         fullscreen = "delay";
       };
-
-      urgency_critical = {
-        background = "#d64e4e";
-        foreground = "#f0e0e0";
-      };
-      urgency_low = {
-        background = "#232323";
-        foreground = "#2596be";
-      };
-      urgency_normal = {
-        background = "#1e1e2a";
-        foreground = "#2596be";
-      };
     };
   };
 }

home/programs/gtk/default.nix

@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+{
+  gtk = {
+    enable = true;
+    theme = {
+      name = "catppuccin-macchiato-blue-standard";
+      package = pkgs.catppuccin-gtk.override {
+        variant = "macchiato";
+        accents = [ "blue" ];
+      };
+    };
+  };
+}

home/programs/obs-studio/default.nix

@@ -30,12 +30,12 @@
           .overrideAttrs
             (
               final: prev: {
-                version = "1.3.3";
+                version = "1.3.6";
                 src = pkgs.fetchFromGitHub {
-                  owner = "royshil";
+                  owner = "occ-ai";
                   repo = "obs-backgroundremoval";
                   rev = final.version;
-                  hash = "sha256-NDe71iDnVcnMilGr5kdbemq8jEKd3WW45tbMwxjqUwo=";
+                  hash = "sha256-2BVcOH7wh1ibHZmaTMmRph/jYchHcCbq8mn9wo4LQOU=";
                 };
                 nativeBuildInputs = prev.nativeBuildInputs ++ [ pkgs.pkg-config ];
                 cmakeFlags = [

home/programs/rofi/config.rasi

@@ -1,17 +0,0 @@
-configuration{
-    modi: "run,drun,window";
-    icon-theme: "Oranchelo";
-    show-icons: true;
-    terminal: "alacritty";
-    drun-display-format: "{icon} {name}";
-    location: 0;
-    disable-history: false;
-    hide-scrollbar: true;
-    display-drun: "   Apps ";
-    display-run: "   Run ";
-    display-window: " 﩯  Window";
-    display-Network: " 󰤨  Network";
-    sidebar-mode: true;
-}
-
-@theme "latte"

home/programs/rofi/default.nix

@@ -1,27 +1,33 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 {
-  xdg.configFile."rofi/config.rasi" = {
+  catppuccin.rofi = {
-    source = ./config.rasi;
+    enable = true;
+    flavor = "macchiato";
   };
 
-  xdg.configFile."rofi/macchiato.rasi" = {
+  programs.rofi = {
-    source =
+    enable = true;
-      pkgs.fetchFromGitHub {
+    terminal = "kitty";
-        owner = "catppuccin";
+    location = "center";
-        repo = "rofi";
+    font = "JetBrains Mono Nerd Font 12";
-        rev = "5350da41a11814f950c3354f090b90d4674a95ce";
+    plugins = [
-        sha256 = "DNorfyl3C4RBclF2KDgwvQQwixpTwSRu7fIvihPN8JY=";
+      pkgs.rofi-emoji
-      }
+      pkgs.rofi-calc
-      + "/basic/.local/share/rofi/themes/catppuccin-macchiato.rasi";
+    ];
+    extraConfig = {
+      modi = "drun,ssh,window,calc,emoji";
+      matching = "fuzzy";
+      show-icons = true;
+      icon-theme = "Oranchelo";
+      drun-display-format = "{icon} {name}";
+      hide-scrollbar = true;
+      disable-history = false;
+      display-drun = "Apps";
+      display-ssh = "SSH";
+      display-window = "Window";
+      display-calc = "Calc";
+      display-emoji = "Emoji";
+      sidebar-mode = true;
     };
-  xdg.configFile."rofi/latte.rasi" = {
-    source =
-      pkgs.fetchFromGitHub {
-        owner = "catppuccin";
-        repo = "rofi";
-        rev = "5350da41a11814f950c3354f090b90d4674a95ce";
-        sha256 = "DNorfyl3C4RBclF2KDgwvQQwixpTwSRu7fIvihPN8JY=";
-      }
-      + "/basic/.local/share/rofi/themes/catppuccin-latte.rasi";
   };
 }

home/scripts/default.nix

@@ -7,10 +7,6 @@
     source = ./hl-no-opacity.sh;
     executable = true;
   };
-  home.file.".local/bin/rofi-launcher" = {
-    source = ./rofi-launcher.sh;
-    executable = true;
-  };
   home.file.".local/bin/randomwp" = {
     source = ./randomwp.sh;
     executable = true;

home/scripts/rofi-launcher.sh

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-rofi \
-    -show drun \
-    -modi run,drun,ssh \
-    -scroll-method 0 \
-    -drun-match-fields all \
-    -drun-display-format "{name}" \
-    -terminal kitty

hosts/gunter/configuration.nix

@@ -31,7 +31,7 @@
       "mt76"
     ];
     # Kernel stuff
-    # kernelPackages = lib.warn "Pinned to kernel 6.12 due to issues" pkgs.linuxPackages_6_12;
+    kernelPackages = lib.warn "Kernel pinned to 6.18 due to nvidia driver incompatibility with 6.19" pkgs.linuxPackages_6_18;
     kernelParams = [ "module_blacklist=amdgpu" ];
 
     kernel.sysctl = {
@@ -86,7 +86,7 @@
     modesetting.enable = true;
     powerManagement.enable = false;
     powerManagement.finegrained = false;
-    open = true;
+    open = false;
     nvidiaSettings = false;
 
     package = config.boot.kernelPackages.nvidiaPackages.beta;

hosts/magicman/configuration.nix

@@ -14,6 +14,10 @@
     "rd.udev.log_level=3"
   ];
 
+  boot.extraModprobeConfig = ''
+    options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
+  '';
+
   boot.loader.systemd-boot.configurationLimit = 3;
 
   boot.initrd.systemd.enable = true;
@@ -28,6 +32,7 @@
 
   # Networking stuff
   networking.hostName = "magicman"; # Define your hostname.
+  networking.networkmanager.wifi.backend = "iwd";
 
   hardware = {
     enableRedistributableFirmware = true;
@@ -84,6 +89,7 @@
     wget
     curl
     git
+    v4l-utils
   ];
 
   # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,

hosts/magicman/hardware-configuration.nix

@@ -21,8 +21,11 @@
     "sdhci_pci"
   ];
   boot.initrd.kernelModules = [ "i915" ];
-  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelModules = [
-  boot.extraModulePackages = [ ];
+    "kvm-intel"
+    "v4l2loopback"
+  ];
+  boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/31b20f4c-24bb-4fd1-9a3e-8ccc19fe3d64";

hosts/magicman/laptop.nix

@@ -3,8 +3,6 @@
   hardware.brillo.enable = true;
   powerManagement.enable = true;
 
-  services.tlp.enable = true;
-
   services.auto-cpufreq = {
     enable = true;
     settings = {

secrets/torjus/secret.yaml

@@ -4,32 +4,37 @@ sonarr_base_url: ENC[AES256_GCM,data:0HiHIX4KcPEE62Ti1fLH230rC1A7xYg=,iv:mkAnl6t
 radarr_api_key: ENC[AES256_GCM,data:Db1ISKTF+m2H1on55/4vdGticfqBdxfIzKHBxC9LAx4=,iv:NhiG4SmsRYIunW1ljFbxeHvRoi9fOVE+9DJn6kmZ6oI=,tag:DoJzo56CW3kJlySYmB8NYQ==,type:str]
 radarr_base_url: ENC[AES256_GCM,data:3UgOPQMblYhm0ysRB6VVosvZToIM5IA=,iv:o/s0bVBrjrma2Df2LlCCFL5Ks80063/4mABc6vzDrYg=,tag:eHKntLPM9yRRkMfIWSpIdg==,type:str]
 nats_nkey: ENC[AES256_GCM,data:TcIDFkFXB1+qfTqLylDI46w4/+Cy9XdXyXS26qCbwDaDoQNaRUsC6dw94mbT37352IWOCypTY0hweA==,iv:DC5GQyIXbNSx/mOLAOWTf5AyeFeViLxbKTMgZEfTEXE=,tag:krxk/dnZ58a8dcuWb7zhnA==,type:str]
+forgejo_access_token: ENC[AES256_GCM,data:5+AXgz03G9AEqhHlX87qdV8o1J2f/v/o59QPe5R8N06A7n4rt1A5eQ==,iv:ns/3F7+yr+bA4cqj6ghNLYyEuT+w+D+ILrKqMGbNQN4=,tag:rYI/497XuYkRmeLjxWaCIg==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnaUlVOWtoRTFvMHljV0Fu
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUzQ0Q3dyZzVUMTJUUFhV
-            TFp2Ym1jcThqbWRjUjdNSnhxRUsrOWl6S3dBCmh0L0YzaXNlRTFHMXFHTGc1T3I2
+            djg5WVNqNVRjeEsxM2lvOGZ4U25OR0VjNFNJCk11bTdVMzdsVyswQWc3enpwWVEz
-            WE03WjJCSlJSV2lmSExTWDBQRnlOcDAKLS0tIFJoeEM5b0IrdWxTRWhvNnd0c3NG
+            bC9GbHV2dnhCTm44RWNNZzNXcjE5MDgKLS0tIHJRZmUwMDU2Si8waWVYS29BZFFJ
-            dENGdjJteFFaQTNFaDgvSGV2UEtyT0EKbdg4atS91rB99l7zKKkfPzKk4T5Mq2x5
+            VDlubEtVOEJabTNWRFVHQ2hiNXJPUTQKdmBIlI4JvAssYHeRzbjp7CbPDsDX1JZ5
-            bX825DPrxauAhvrT7ca/A2OwA4kaFuxPrQGd3VOPAXTVhlbcFgIAdw==
+            TIw79h28sArmRkP5fDlM0D1rALLlbTBsn3KA2D3RZgsUcelFlckIJg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1stlqqspmt5fepyz35udrwr5avf9zuju79f787p26pu2d2j08yqps2q2t2c
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvSEZJWldRcmJ3c1BjbUpT
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3VkpsWTF6cmlIdEROSmcw
-            bmZXSmlHU0hVRTV3SG91bXpiTXhZd1RkY0Y4ClBxc0RabWJmMi8reHZYWnlmK3pC
+            UTE1MzUwZlEwZGoyTUM0M2dQRlF1NExYTFNrCkFBNFFIZ1AyNTlRR2NZaXB3Y1Vj
-            bUw5V2FEV0pZdkZEMTJ5ZDZXWDM2NjgKLS0tIGZ6dEZ4dERYQXFRQTVkRHhycndz
+            Wk9xVmVoM1MweERpUWh1R0FDeFdWT1UKLS0tIHJOQWRZY3NHWmpEL1djY3lnTTZB
-            dkgwQlRrdEp6b2FIVnowaDlUMEZpeHcK2icvVv+UpbcdVErRjjQhlQb6PuluC/K7
+            S2xsR3NESklzNEN5U3RUTElmbnQzSWcKaDJnCgQUjpz6gAVtWJPKykfuflQOyMLq
-            Vy8Rh7dTn++bSEdGidDNGYeUQBrVy2qooq04lQqbeOOrdmXVhTamdA==
+            cmb5ZfKhvrgthByGtS1nN4dhwA8ndUJ31UqiU0xWDdak59ehczoquQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-02-11T19:22:47Z"
+        - recipient: age1whxf34vjdndqzwgm7yyaexdm46gdnv9sf3nal7qqyjr0nyhhndlsrmc0g3
-    mac: ENC[AES256_GCM,data:vd8O5y1GNDTDrlundbNZcGRAQzKLDly4qyxTqRO2JrnDYOqD/vQ8TqRQYiUgGY+5AcgjoLMER8keE8OUmcngN16cbGx1zKTpdqyHb7B2KR7ZfWOjW5kTk5KWM1gLDA4hA2GBEjHFBPGKdcrjURek9MrT+iM+qArbizSjWlKuehc=,iv:cicEnvWynZizJqrUzPIzbJWl6O8uL65Vs7fAYsuqSNA=,tag:l5jBXQfFedVE/VccZh+1qQ==,type:str]
+          enc: |
-    pgp: []
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRU2R0cU1JcGFRRkV2SE1E
+            RFBRWkdESTcveGsvMStZR0Q3bWo3L0FQcENzCjdsOEpCNGk2NjdPMXVUWnhFS3NE
+            WlR0bWxZTGdnakplS0M3S3F0Nm9hQ00KLS0tIFR3amxPWEhiWDZQU2xjUGRHb0xS
+            U2V0bjZ2TUVmS2F3S1dTSnBYTmZsMG8KJTT0r6PYJ/g/J0E/CxyxRfUhtq8KMEJi
+            w5WrsdHrEkukY0OGRG1i8ZeDDV5mR2KejjKoGWQU6cLYa/v+XHevhg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-03-10T01:57:15Z"
+    mac: ENC[AES256_GCM,data:BK1vTAg7I16ztjqlkeXk7fMLGd7cvIzxogVufsRGamA5PpZgZ8PmvFcQH5JSLbEl/cAKPRD5jr9X1fx9Yr4uAwnVBPpkfu4LUb1fOihWgq7W4YqrTLKB2KGJZaTIP/I800bHHqEsyUcgo2DZ4gEDP2X84tR81xGhwkpGyeH0nlY=,iv:9Sj12aEHkYTrkoZ33SxiHhpDiZrXmPKN6972B+NV14Y=,tag:qDZvGgEpELktFRPuL2J98g==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.9.4
+    version: 3.12.1