chore(flake): bump inputs

spec(eientei): add minecraft greedycraft instance
home(gnome): link monitors.xml
2024-12-14 17:58:40 +08:00 · 2024-12-14 17:47:10 +08:00 · 2024-11-26 22:42:49 +08:00 · 2024-11-22 04:52:45 +08:00 · 2024-11-22 04:48:24 +08:00 · 2024-11-14 11:00:55 +08:00
200 changed files with 7818 additions and 244 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,3 @@
 result-*
 result
 repl-result-*
--- a/faucet/fs/btrfs.nix
+++ b/faucet/fs/btrfs.nix
@ -1,22 +0,0 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.faucet.fs;
 in {
  options.faucet.fs.btrfs = {
    options = mkOption {
      type = with types; listOf str;
      default = [ "noatime" "compress=zstd" ];
      description = "btrfs mount options";
    };
  };
  config = mkIf (cfg.type == "btrfs") {
    fileSystems."/nix" =
    { inherit (cfg.btrfs) options;
      device = "/dev/disk/by-uuid/${cfg.store}";
      fsType = "btrfs";
    };
  };
 }
--- a/faucet/gui/default.nix
+++ b/faucet/gui/default.nix
@ -1,61 +0,0 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.faucet.gui;
 in {
  imports = [
    ./plymouth.nix
    ./greetd.nix
  ];
  options.faucet.gui = {
    enable = mkEnableOption "various setup required for GUI and support software";
    session = mkEnableOption "software required for a graphical session" // { default = true; };
    type = mkOption {
      type = with types; enum [ "intel" "amdgpu" "nvidia" "prime" ];
      description = "type of graphics acceleration used";
    };
    prime = {
      integrated = mkOption {
        type = with types; str;
        default = "i915";
        description = "integrated gpu driver";
      };
    };
  };
  config = mkIf cfg.enable {
    hardware.opengl = {
      enable = true;
      driSupport = true;
      driSupport32Bit = true;
    };
    services.xserver.videoDrivers =
    optional ((cfg.type == "nvidia") || (cfg.type == "prime")) "nvidia" ++
    optional (cfg.type == "amdgpu") "amdgpu";
    # inhibits default display manager
    services.xserver.displayManager.startx.enable = mkDefault true;
    hardware.nvidia = mkIf ((cfg.type == "nvidia") || (cfg.type == "prime")) {
      modesetting.enable = true;
      nvidiaSettings = true;
      prime = mkIf (cfg.type == "prime") {
        offload = {
          enable = true;
          enableOffloadCmd = true;
        };
      };
      powerManagement.enable = false;
      powerManagement.finegrained = false;
      open = true;
    };
    boot.initrd.kernelModules =
    optional (cfg.type == "amdgpu") "amdgpu" ++
    optional (cfg.type == "prime") cfg.prime.integrated;
  };
 }
--- a/faucet/gui/greetd.nix
+++ b/faucet/gui/greetd.nix
@ -1,17 +0,0 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.faucet.gui;
 in mkIf (cfg.enable && cfg.session) {
  programs.regreet = {
    enable = true;
    cageArgs = [ "-s" "-d" "-m" "last" ];
    settings = {
      background.path = ../../share/54345906_p0.jpg;
      gtk.application_prefer_dark_theme = true;
    };
  };
  environment.persistence."/nix/persist/fhs".directories = [ "/var/cache/regreet" ];
 }
--- a/faucet/util/default.nix
+++ b/faucet/util/default.nix
@ -1,17 +0,0 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.faucet.util;
 in {
  options.faucet.util = { };
  config = {
    programs.zsh.enable = true;
    environment.shells = singleton pkgs.zsh;
    environment.systemPackages = with pkgs; [
      pciutils
    ];
  };
 }
--- a/flake.lock
+++ b/flake.lock
@ -1,30 +1,33 @@
 {
  "nodes": {
    "catppuccin": {
      "locked": {
        "lastModified": 1734057772,
        "narHash": "sha256-waF/2Y39JXJ4kG3zawmw1J1GxPHopyoOkJKJhfJ7RBs=",
        "owner": "catppuccin",
        "repo": "nix",
        "rev": "20b6328df20ae45752c81311d225fd47cba32483",
        "type": "github"
      },
      "original": {
        "owner": "catppuccin",
        "repo": "nix",
        "type": "github"
      }
    },
    "crane": {
      "inputs": {
        "flake-compat": [
          "lanzaboote",
          "flake-compat"
        ],
        "flake-utils": [
          "lanzaboote",
          "flake-utils"
        ],
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ],
        "rust-overlay": [
          "lanzaboote",
          "rust-overlay"
        ]
      },
      "locked": {
-        "lastModified": 1681177078,
+        "lastModified": 1717535930,
-        "narHash": "sha256-ZNIjBDou2GOabcpctiQykEQVkI8BDwk7TyvlWlI4myE=",
+        "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "0c9f468ff00576577d83f5019a66c557ede5acf6",
+        "rev": "55e7754ec31dac78980c8be45f8a28e80e370946",
        "type": "github"
      },
      "original": {
@ -36,11 +39,11 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1673956053,
+        "lastModified": 1696426674,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "type": "github"
      },
      "original": {
@ -56,11 +59,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1704152458,
+        "lastModified": 1733312601,
-        "narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=",
+        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "88a2cd8166694ba0b6cb374700799cec53aef527",
+        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
        "type": "github"
      },
      "original": {
@ -77,11 +80,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1680392223,
+        "lastModified": 1717285511,
-        "narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=",
+        "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5",
+        "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
        "type": "github"
      },
      "original": {
@ -95,11 +98,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1701680307,
+        "lastModified": 1731533236,
-        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
@ -113,11 +116,11 @@
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1681202837,
+        "lastModified": 1710146030,
-        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
        "type": "github"
      },
      "original": {
@ -135,11 +138,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1660459072,
+        "lastModified": 1709087332,
-        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
-        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
        "type": "github"
      },
      "original": {
@ -155,11 +158,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1704100519,
+        "lastModified": 1734093295,
-        "narHash": "sha256-SgZC3cxquvwTN07vrYYT9ZkfvuhS5Y1k1F4+AMsuflc=",
+        "narHash": "sha256-hSwgGpcZtdDsk1dnzA0xj5cNaHgN9A99hRF/mxMtwS4=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "6e91c5df192395753d8e6d55a0352109cb559790",
+        "rev": "66c5d8b62818ec4c1edb3e941f55ef78df8141a8",
        "type": "github"
      },
      "original": {
@ -170,11 +173,11 @@
    },
    "impermanence": {
      "locked": {
-        "lastModified": 1703656108,
+        "lastModified": 1731242966,
-        "narHash": "sha256-hCSUqdFJKHHbER8Cenf5JRzjMlBjIdwdftGQsO0xoJs=",
+        "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=",
        "owner": "nix-community",
        "repo": "impermanence",
-        "rev": "033643a45a4a920660ef91caa391fbffb14da466",
+        "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a",
        "type": "github"
      },
      "original": {
@ -184,6 +187,25 @@
        "type": "github"
      }
    },
    "jovian": {
      "inputs": {
        "nix-github-actions": "nix-github-actions",
        "nixpkgs": "nixpkgs"
      },
      "locked": {
        "lastModified": 1734162608,
        "narHash": "sha256-m2AX+3eiVqIK6uO7GbGY7SFnkkYOlR5fQiNI0eRvWOQ=",
        "owner": "Jovian-Experiments",
        "repo": "Jovian-NixOS",
        "rev": "31bdf4c7c91204d65afbde01146deee0259a8fb7",
        "type": "github"
      },
      "original": {
        "owner": "Jovian-Experiments",
        "repo": "Jovian-NixOS",
        "type": "github"
      }
    },
    "lanzaboote": {
      "inputs": {
        "crane": "crane",
@ -197,27 +219,49 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1682802423,
+        "lastModified": 1718178907,
-        "narHash": "sha256-Fb5TeRTdvUlo/5Yi2d+FC8a6KoRLk2h1VE0/peMhWPs=",
+        "narHash": "sha256-eSZyrQ9uoPB9iPQ8Y5H7gAmAgAvCw3InStmU3oEjqsE=",
        "owner": "nix-community",
        "repo": "lanzaboote",
-        "rev": "64b903ca87d18cef2752c19c098af275c6e51d63",
+        "rev": "b627ccd97d0159214cee5c7db1412b75e4be6086",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "v0.3.0",
+        "ref": "v0.4.1",
        "repo": "lanzaboote",
        "type": "github"
      }
    },
    "nix-github-actions": {
      "inputs": {
        "nixpkgs": [
          "jovian",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1729697500,
        "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
        "owner": "zhaofengli",
        "repo": "nix-github-actions",
        "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
        "type": "github"
      },
      "original": {
        "owner": "zhaofengli",
        "ref": "matrix-name",
        "repo": "nix-github-actions",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1703961334,
+        "lastModified": 1733392399,
-        "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
+        "narHash": "sha256-kEsTJTUQfQFIJOcLYFt/RvNxIK653ZkTBIs4DG+cBns=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
+        "rev": "d0797a04b81caeae77bcff10a9dde78bc17f5661",
        "type": "github"
      },
      "original": {
@ -229,30 +273,65 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1678872516,
+        "lastModified": 1710695816,
-        "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
+        "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8",
+        "rev": "614b4613980a522ba49f0d194531beddbb7220d3",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-22.11",
+        "ref": "nixos-23.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1733940404,
        "narHash": "sha256-Pj39hSoUA86ZePPF/UXiYHHM7hMIkios8TYG29kQT4g=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "5d67ea6b4b63378b9c13be21e2ec9d1afc921713",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "plasma-manager": {
      "inputs": {
        "home-manager": [
          "home-manager"
        ],
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1733858086,
        "narHash": "sha256-h2BDIDKiqgMpA6E+mu0RgMGy3FeM6k+EuJ9xgOQ1+zw=",
        "owner": "pjones",
        "repo": "plasma-manager",
        "rev": "7e2010249529931a3848054d5ff0dbf24675ab68",
        "type": "github"
      },
      "original": {
        "owner": "pjones",
        "repo": "plasma-manager",
        "type": "github"
      }
    },
    "pre-commit-hooks-nix": {
      "inputs": {
        "flake-compat": [
          "lanzaboote",
          "flake-compat"
        ],
        "flake-utils": [
          "lanzaboote",
          "flake-utils"
        ],
        "gitignore": "gitignore",
        "nixpkgs": [
          "lanzaboote",
@ -261,11 +340,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1681413034,
+        "lastModified": 1717664902,
-        "narHash": "sha256-/t7OjNQcNkeWeSq/CFLYVBfm+IEnkjoSm9iKvArnUUI=",
+        "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "d3de8f69ca88fb6f8b09e5b598be5ac98d28ede5",
+        "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1",
        "type": "github"
      },
      "original": {
@ -276,12 +355,15 @@
    },
    "root": {
      "inputs": {
        "catppuccin": "catppuccin",
        "flake-parts": "flake-parts",
        "flake-utils": "flake-utils",
        "home-manager": "home-manager",
        "impermanence": "impermanence",
        "jovian": "jovian",
        "lanzaboote": "lanzaboote",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs_2",
        "plasma-manager": "plasma-manager"
      }
    },
    "rust-overlay": {
@ -296,11 +378,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1682129965,
+        "lastModified": 1717813066,
-        "narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=",
+        "narHash": "sha256-wqbRwq3i7g5EHIui0bIi84mdqZ/It1AXBSLJ5tafD28=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "2c417c0460b788328220120c698630947547ee83",
+        "rev": "6dc3e45fe4aee36efeed24d64fc68b1f989d5465",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -3,24 +3,21 @@
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    flake-utils.url = "github:numtide/flake-utils";
-    flake-parts = {
+    flake-parts.url = "github:hercules-ci/flake-parts";
-      url = "github:hercules-ci/flake-parts";
+    flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
      inputs.nixpkgs-lib.follows = "nixpkgs";
    };
    impermanence.url = "github:nix-community/impermanence/master";
    home-manager.url = "github:nix-community/home-manager";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
    plasma-manager.url = "github:pjones/plasma-manager";
    plasma-manager.inputs.nixpkgs.follows = "nixpkgs";
    plasma-manager.inputs.home-manager.follows = "home-manager";
    catppuccin.url = "github:catppuccin/nix";
    lanzaboote.url = "github:nix-community/lanzaboote/v0.4.1";
    lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
-    home-manager = {
+    # steamdeck
-      url = "github:nix-community/home-manager";
+    jovian.url = "github:Jovian-Experiments/Jovian-NixOS";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    lanzaboote = {
      url = "github:nix-community/lanzaboote/v0.3.0";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs = inputs:
--- a/global/acme/default.nix
+++ b/global/acme/default.nix
@ -0,0 +1,20 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.global.acme;
 in {
  options.global.acme = {
    enable = mkEnableOption "ACME SSL certificates";
  };
  config = mkIf cfg.enable {
    security.acme = {
      acceptTerms = true;
      defaults.email = mkDefault "koishi@514fpv.one";
      defaults.group = config.services.nginx.group;
    };
    environment.persistence."/nix/persist/fhs".directories = [ "/var/lib/acme" ];
  };
 }
--- a/global/android/default.nix
+++ b/global/android/default.nix
@ -0,0 +1,17 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.global.android;
 in {
  options.global.android = {
    enable = mkEnableOption "android tools";
  };
  config = mkIf cfg.enable {
    programs.adb.enable = true;
    # allow device access by admin users
    users.adminGroups = [ "adbusers" ];
  };
 }
--- a/global/asusd/default.nix
+++ b/global/asusd/default.nix
@ -0,0 +1,18 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.global.asusd;
 in {
  options.global.asusd = {
    enable = mkEnableOption "ASUS laptop userland support daemon";
  };
  config = mkIf cfg.enable {
    services.asusd.enable = true;
    environment.persistence."/nix/persist/fhs".directories = [
      "/etc/asusd"
    ];
  };
 }
--- a/global/auth/default.nix
+++ b/global/auth/default.nix
@ -2,20 +2,22 @@
 , lib
 , config
 , ... }: with lib; let
-  cfg = config.faucet.auth;
+  cfg = config.global.auth;
  pub = lib.pipe ./pub [
    builtins.readDir
    (lib.filterAttrs (n: ty: ty == "regular"))
    (lib.mapAttrsToList (n: _: builtins.readFile ./pub/${n}))
    (foldr (payload: keys: (splitString "\n" payload) ++ keys) [ ])
    (foldr (candidate: keys: keys ++ (if candidate == "" then [ ] else [ candidate ])) [ ])
  ];
 in {
-  options.faucet.auth = {
+  options.global.auth = {
    enable = mkEnableOption "identity authentication in various software" // { default = true; };
    openssh = {
      enable = mkEnableOption "openssh server";
      password = mkEnableOption "password authentication";
      publicKeys = mkOption {
-        type = with types; listOf str;
+        type = with types; listOf singleLineStr;
        default = pub;
        description = "list of trusted openssh keys";
      };
@ -40,7 +42,7 @@ in {
      settings.PasswordAuthentication = cfg.openssh.password;
    };
-    networking.firewall.allowedTCPPorts = [ ] ++
+    networking.firewall.allowedTCPPorts = [ 1300 ] ++ # utility port
    optional (cfg.openssh.enable && (cfg.openssh.port != null)) cfg.openssh.port;
    environment.persistence."/nix/persist/fhs".directories = [ ] ++
--- a/global/auth/pub/chireiden.pub
+++ b/global/auth/pub/chireiden.pub
--- a/global/auth/pub/eientei.pub
+++ b/global/auth/pub/eientei.pub
@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnhMCGSLMY+QldeCTaRovmfuzKdJsllQy9XinN2JU2z koishi@eientei
--- a/global/auth/pub/hakugyokurou.pub
+++ b/global/auth/pub/hakugyokurou.pub
@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHKCA0/6dsdVyLEgzWt8+u5lWVc0o6A3MY4M2Hf2BT8h koishi@hakugyokurou
--- a/global/auth/pub/koumakyou.pub
+++ b/global/auth/pub/koumakyou.pub
@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINJOoXrfB4D8Vi6HH4E7RqHHIWhPPqEiiOeLRfggW1XZ koishi@koumakyou
--- a/global/auth/pub/reimaden.pub
+++ b/global/auth/pub/reimaden.pub
@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIZq1mD3J1cgWK61okXx3hQSe+5g3UTBfAf4RHkkFVd koishi@reimaden
--- a/global/auth/pub/shinkirou.pub
+++ b/global/auth/pub/shinkirou.pub
@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwV7Z+PDC8ARRj1LxUJlv59gJ3A84LCMMyMSqLtRtuQ koishi@shinkirou
--- a/global/auth/pub/yume.pub
+++ b/global/auth/pub/yume.pub
@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdzq2g13LEyxTZnA0HQ5hMEp4XNh0TOB/KY1bRwjsaq koishi@yume
--- a/global/boot/default.nix
+++ b/global/boot/default.nix
@ -2,12 +2,17 @@
 , lib
 , config
 , ... }: with lib; let
-  cfg = config.faucet.boot;
+  cfg = config.global.boot;
 in {
-  options.faucet.boot = {
+  options.global.boot = {
    enable = mkEnableOption "bootloader installation and maintenance" // { default = true; };
    systemd-boot = mkEnableOption "generation selection via systemd-boot" // { default = !cfg.lanzaboote; };
    lanzaboote = mkEnableOption "secure boot maintenance via lanzaboote";
    memtest = mkOption {
      type = with types; nullOr int;
      default = null;
      description = "memtest passes to perform on boot";
    };
  };
  config = let
@ -20,10 +25,11 @@ in {
      loader.systemd-boot.enable = cfg.systemd-boot;
      loader.efi.canTouchEfiVariables = true;
      tmp.cleanOnBoot = true;
      kernelParams = optional (cfg.memtest != null) "memtest=${toString cfg.memtest}";
    };
    # symlink for sbctl
-    environment.etc.secureboot = mkIf cfg.lanzaboote { source = sbPath; };
+    environment.etc.secureboot.source = sbPath;
-    #environment.systemPackages = optional cfg.lanzaboote pkgs.sbctl;
+    environment.systemPackages = [ pkgs.sbctl ];
  };
 }
--- a/global/default.nix
+++ b/global/default.nix
--- a/global/flatpak/default.nix
+++ b/global/flatpak/default.nix
@ -0,0 +1,17 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.global.flatpak;
 in {
  options.global.flatpak = {
    enable = mkEnableOption "flatpak sandbox";
  };
  config = mkIf cfg.enable {
    services.flatpak.enable = true;
    xdg.portal.enable = true;
    users.home.persist.directories = [ ".local/share/flatpak" ".var" ];
    environment.persistence."/nix/persist/fhs".directories = [ "/var/lib/flatpak" ];
  };
 }
--- a/global/fs/bcachefs.nix
+++ b/global/fs/bcachefs.nix
@ -0,0 +1,22 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.global.fs;
 in {
  options.global.fs.bcachefs = {
    options = mkOption {
      type = with types; listOf str;
      default = [ "noatime" "compression=zstd" ];
      description = "bcachefs mount options";
    };
  };
  config = mkIf (cfg.type == "bcachefs") {
    fileSystems."/nix" =
    { inherit (cfg.bcachefs) options;
      device = "/dev/disk/by-uuid/${cfg.store}";
      fsType = "bcachefs";
    };
  };
 }
--- a/global/fs/default.nix
+++ b/global/fs/default.nix
@ -2,34 +2,36 @@
 , lib
 , config
 , ... }: with lib; let
-  cfg = config.faucet.fs;
+  cfg = config.global.fs;
 in {
  imports = [
    ./ext4.nix
    ./f2fs.nix
    ./xfs.nix
-    #./bcachefs.nix
+    ./bcachefs.nix
-    ./btrfs.nix
+    ./zfs
  ];
-  options.faucet.fs = {
+  options.global.fs = {
    type = mkOption {
-      type = with types; enum [ "ext4" "xfs" "bcachefs" "btrfs" ];
+      type = with types; enum [ "ext4" "f2fs" "xfs" "zfs" "bcachefs" ];
      default = "bcachefs";
      description = "filesystem type to use for persistent state storage";
    };
    store = mkOption {
      type = with types; str;
      default = config.networking.hostName;
      description = "UUID/dataset of nix store backing device";
    };
    esp = {
      enable = mkEnableOption "EFI system partition" // { default = true; };
      uuid = mkOption {
        type = with types; str;
-        default = "cafebabe";
+        default = "CAFE-BABE";
        description = "vfat serial number of EFI system partition";
      };
    };
-    extPersist = {
+    external = {
      enable = mkEnableOption "external persist filesystem";
      # this wraps the standard fileSystems module
      # since some attrs have to be unconditionally set
@ -70,10 +72,15 @@ in {
    { device = "/dev/disk/by-uuid/${cfg.esp.uuid}";
      fsType = "vfat";
    };
-    fileSystems."/nix/persist" = mkIf cfg.extPersist.enable
+    fileSystems."/nix/persist" = mkIf cfg.external.enable
-    { inherit (cfg.extPersist) device fsType options;
+    { inherit (cfg.external) device fsType options;
      neededForBoot = true;
-      depends = "/nix";
+      depends = [ "/nix" ];
    };
    fileSystems."/tmp" =
    { device = "/nix/tmp";
      options = [ "bind" ];
      depends = [ "/nix/tmp" ];
    };
    services.fstrim.enable = mkIf ((cfg.type == "ext4") || (cfg.type == "xfs")) true;
@ -83,5 +90,10 @@ in {
      inherit (cfg.cryptsetup) allowDiscards bypassWorkqueues;
      device = "/dev/disk/by-uuid/${uuid}";
    }) cfg.cryptsetup.uuids);
    environment.persistence."/nix/persist/fhs".files = [ {
      file = "/var/lib/private/mode";
      parentDirectory.mode = "0700";
    } ];
  };
 }
--- a/global/fs/ext4.nix
+++ b/global/fs/ext4.nix
@ -1,10 +1,11 @@
 { lib
 , config
 , ... }: with lib; let
-  cfg = config.faucet.fs;
+  cfg = config.global.fs;
 in mkIf (cfg.type == "ext4") {
  fileSystems."/nix" =
  { device = "/dev/disk/by-uuid/${cfg.store}";
    fsType = "ext4";
    options = [ "noatime" ];
  };
 }
--- a/global/fs/f2fs.nix
+++ b/global/fs/f2fs.nix
@ -0,0 +1,10 @@
 { lib
 , config
 , ... }: with lib; let
  cfg = config.global.fs;
 in mkIf (cfg.type == "f2fs") {
  fileSystems."/nix" =
  { device = "/dev/disk/by-uuid/${cfg.store}";
    fsType = "f2fs";
  };
 }
--- a/global/fs/xfs.nix
+++ b/global/fs/xfs.nix
@ -1,11 +1,12 @@
 { lib
 , config
 , ... }: with lib; let
-  cfg = config.faucet.fs;
+  cfg = config.global.fs;
 in mkIf (cfg.type == "xfs") {
  # NOTE: -m reflink=1
  fileSystems."/nix" =
  { device = "/dev/disk/by-uuid/${cfg.store}";
    fsType = "xfs";
    options = [ "noatime" ];
  };
 }
--- a/global/fs/zfs/alert.nix
+++ b/global/fs/zfs/alert.nix
@ -0,0 +1,122 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.global.fs.zfs.alert;
  backend = {
    text = pkgs.writeShellScript "telegram-text" ''
      set -e
      source ${cfg.secret}
      ${pkgs.curl}/bin/curl -sG \
        --data-urlencode "chat_id=$CHATID" \
        --data-urlencode "text=$ALERT" \
        $CURL_EXTRA_ARGS \
        "https://api.telegram.org/bot$APIKEY/sendMessage"
    '';
    image = pkgs.writeShellScript "telegram-image" ''
      set -e
      source ${cfg.secret}
      ${pkgs.curl}/bin/curl -sG \
        -F "chat_id=$CHATID" \
        -F "caption=$ALERT" \
        -F "photo=@-" \
        $CURL_EXTRA_ARGS \
        "https://api.telegram.org/bot$APIKEY/sendPhoto"
    '';
  };
  zedAlert = pkgs.writeShellScript "zed-alert" ''
    set -e
    export BODY="$(cat)"
    # add tag
    ALERT="$1 #zfs"
    export ALERT
    echo -e "$BODY" | \
    ${pkgs.imagemagick}/bin/convert \
      -size 1500x2000 xc:black \
      -font "${pkgs.freefont_ttf}/share/fonts/truetype/FreeMono.ttf" \
      -pointsize 16 \
      -fill white -annotate +15+80 "@-" \
      -trim -bordercolor "#000" \
      -border 32 +repage \
      png:- | \
    ${backend.image}
  '';
  mdadmAlert = pkgs.writeShellScript "mdadm-alert" ''
    set -e
    EVENT="$1"
    ARRAY="$2"
    DEVICE="$3"
    # fallback alert
    ALERT="$EVENT | $ARRAY | $DEVICE"
    case $EVENT in
      DegradedArray)
        ALERT="Array $ARRAY is in a degraded state"
        ;;
      DeviceDisappeared)
        ALERT="Array $ARRAY disappeared"
        ;;
      Fail)
        ALERT="Array $ARRAY encountered failure of component $DEVICE"
        ;;
      FailSpare)
        ALERT="Array $ARRAY encountered failure of spare component $DEVICE during rebuild"
        ;;
      MoveSpare)
        ALERT="Spare $DEVICE moved to array $ARRAY"
        ;;
      NewArray)
        ALERT="Array $ARRAY appeared"
        ;;
      Rebuild??)
        ALERT="Array $ARRAY rebuild is now $(echo $EVENT | ${pkgs.sedutil}/bin/sed 's/Rebuild//')% complete"
        ;;
      RebuildFinished)
        ALERT="Rebuild of array $ARRAY has concluded"
        ;;
      RebuildStarted)
        ALERT="Rebuild of array $ARRAY has started"
        ;;
      SpareActive)
        ALERT="Spare $DEVICE activated in array $ARRAY"
        ;;
      SparesMissing)
        ALERT="Array $ARRAY missing one or more spares"
        ;;
      TestMessage)
        ALERT="Test message generated for array $ARRAY"
        ;;
    esac
    # add tag
    ALERT="$ALERT #swraid"
    export ALERT
    exec ${backend.text}
  '';
 in mkIf (cfg.secret != null) {
  services.zfs.zed = mkIf cfg.zed {
    settings = {
      ZED_EMAIL_ADDR = [ "root" ];
      ZED_EMAIL_PROG = toString zedAlert;
      ZED_EMAIL_OPTS = "'@SUBJECT@'";
      ZED_NOTIFY_INTERVAL_SECS = 3600;
      ZED_NOTIFY_VERBOSE = false;
      ZED_USE_ENCLOSURE_LEDS = true;
      ZED_SCRUB_AFTER_RESILVER = false;
    };
  };
  global.fs.zfs.split.mdProg = mkIf cfg.swraid (toString mdadmAlert);
 }
--- a/global/fs/zfs/default.nix
+++ b/global/fs/zfs/default.nix
@ -0,0 +1,105 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.global.fs;
 in {
  imports = [
    ./alert.nix
    ./split.nix
    ./replication.nix
  ];
  # -o ashift=12
  # -O encryption=on -O keyformat=passphrase -O keylocation=prompt
  # -O compression=on -O mountpoint=none -O xattr=sa -O acltype=posixacl
  options.global.fs.zfs = {
    alert = {
      zed = mkEnableOption "zfs event alerts" // { default = true; };
      swraid = mkEnableOption "software raid alerts" // { default = true; };
      secret = mkOption {
        type = with types; nullOr str;
        default = null;
        description = "path to alert secrets";
      };
    };
    persist = mkOption {
      type = with types; str;
      default = cfg.store;
      description = ''
        pool for persist dataset
        defaults to nix store dataset
      '';
    };
    mountpoints = mkOption {
      type = with types; attrsOf str;
      description = "zfs dataset mountpoints";
    };
    externalStore = mkEnableOption "external nix store filesystem";
    split = {
      enable = mkEnableOption "zfs state with split nix store";
      mdProg = mkOption {
        type = with types; str;
        default = "/usr/bin/true";
        description = "mdadm PROGRAM config value";
      };
      secret = mkOption {
        type = with types; str;
        description = "UUID of secret filesystem";
      };
      store = mkOption {
        type = with types; str;
        description = "UUID of store filesystem";
      };
    };
    replication = {
      enable = mkEnableOption "zfs replication to remote";
      remote = mkOption {
        type = with types; str;
        description = "remote host as replication destination";
      };
      port = mkOption {
        type = with types; port;
        description = "ssh port of replication target";
        default = 22;
      };
      datasets = mkOption {
        type = with types; listOf str;
        default = [ "persist" "service" "storage" ];
        description = "list of filesystems to perform replication for";
      };
      sendOptions = mkOption {
        type = with types; str;
        default = "w";
        description = "send options for all datasets";
      };
    };
  };
  config = mkIf (cfg.type == "zfs") {
    fileSystems = (mapAttrs (path: dataset: {
      device = "${cfg.zfs.persist}/${dataset}";
      fsType = "zfs";
      options = [ "zfsutil" ];
      # required by impermanence
      neededForBoot = true;
    }) cfg.zfs.mountpoints) // {
      "/nix" = (if !cfg.zfs.externalStore then
        { device = "${cfg.store}/nix";
          fsType = "zfs";
        } else
        { inherit (cfg.external) device fsType options; });
    };
    global.fs.zfs.mountpoints."/nix/persist" = "persist";
    services.zfs.trim.enable = true;
    services.zfs.autoSnapshot.enable = true;
    services.zfs.autoScrub.enable = true;
    boot.zfs.devNodes = mkDefault "/dev/disk/by-partuuid";
    #boot.kernelPackages = mkDefault config.boot.zfs.package.latestCompatibleLinuxPackages;
    global.kernel.lts = mkDefault true;
  };
 }
--- a/global/fs/zfs/replication.nix
+++ b/global/fs/zfs/replication.nix
@ -0,0 +1,30 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.global.fs.zfs.replication;
 in mkIf cfg.enable {
  services.syncoid = {
    enable = mkDefault true;
    interval = mkDefault "daily";
    sshKey = mkDefault "/var/lib/syncoid/.ssh/id_ed25519";
    commonArgs = [
      "--recursive"
      "--mbuffer-size=128M"
      "--delete-target-snapshots"
      "--sshport=${toString cfg.port}"
    ];
    localSourceAllow = mkOptionDefault [ "mount" ];
    commands = (lists.foldr (name: commands: commands // {
      "${config.global.fs.store}/${name}" = {
        inherit (cfg) sendOptions;
        target = "${cfg.remote}/${name}";
      };
    }) { }) cfg.datasets;
  };
  users.users.syncoid.uid = 82;
  users.groups.syncoid.gid = 82;
  environment.persistence."/nix/persist/fhs".directories = [ "/var/lib/syncoid" ];
 }
--- a/global/fs/zfs/split.nix
+++ b/global/fs/zfs/split.nix
@ -0,0 +1,35 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.global.fs.zfs.split;
 in mkIf cfg.enable {
  # unconditionally enable fstrim for xfs and ext4
  services.fstrim.enable = mkDefault true;
  # enable swraid for split raid1 system array
  boot.swraid.enable = mkDefault true;
  boot.swraid.mdadmConf = mkDefault ''
    PROGRAM ${cfg.mdProg}
  '';
  # secret filesystem backed by swraid
  fileSystems."/nix/var/secret" =
  { device = "/dev/disk/by-uuid/${cfg.secret}";
    fsType = "ext4";
    options = [ "noatime" ];
    neededForBoot = true;
    depends = [ "/nix/var" ];
  };
  # external store backed by swraid
  global.fs = {
    zfs.externalStore = mkDefault true;
    external.device = "/dev/disk/by-uuid/${cfg.store}";
    external.fsType = "xfs";
    external.options = [ "noatime" ];
  };
  # import system state pool after encrypted filesystems become available for key loading
  boot.initrd.systemd.services."zfs-import-${config.global.fs.store}".after = [ "sysroot-nix-var-secret.mount" "cryptsetup.target" ];
 }
--- a/global/gpu/default.nix
+++ b/global/gpu/default.nix
@ -0,0 +1,111 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.global.gpu;
  intel = cfg.type == "intel" || (cfg.type == "prime" && config.hardware.nvidia.prime.intelBusId != "");
  amdgpu = cfg.type == "amdgpu" || (cfg.type == "prime" && config.hardware.nvidia.prime.amdgpuBusId != "");
  nvidia = cfg.type == "nvidia" || cfg.type == "prime";
 in {
  imports = [
    ./plymouth.nix
    ./greetd.nix
  ];
  options.global.gpu = {
    enable = mkEnableOption "various setup required for GUI and support software";
    session = mkEnableOption "software required for a graphical session" // { default = true; };
    type = mkOption {
      type = with types; nullOr (enum [ "intel" "amdgpu" "nvidia" "prime" ]);
      default = null;
      description = "type of graphics acceleration used";
    };
    arc = mkOption {
      type = with types; nullOr str;
      default = null;
      description = "intel arc PCI ID if installed, enables toggling the arc before boot";
    };
  };
  config = mkIf cfg.enable {
    hardware.graphics = {
      enable = true;
      enable32Bit = true;
      # https://nixos.wiki/wiki/Accelerated_Video_Playback
      extraPackages = with pkgs; optionals intel [
        intel-media-driver # LIBVA_DRIVER_NAME=iHD
        vaapiIntel         # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
        vaapiVdpau
        libvdpau-va-gl
        intel-compute-runtime
      ] ++
      optional nvidia nvidia-vaapi-driver ++
      optional (cfg.type == "nvidia") vulkan-validation-layers;
    };
    services.xserver = mkIf cfg.session {
      videoDrivers =
      optional nvidia "nvidia" ++
      optional (cfg.type == "amdgpu") "amdgpu";
      # inhibits default display manager
      displayManager.startx.enable = mkDefault true;
    };
    hardware.nvidia = mkIf nvidia {
      modesetting.enable = true;
      nvidiaSettings = true;
      prime = mkIf (cfg.type == "prime") {
        offload = {
          enable = true;
          enableOffloadCmd = true;
        };
      };
      powerManagement.enable = false;
      powerManagement.finegrained = false;
      open = false;
    };
    environment.variables = {
      # work around broken nvidia hw cursor on wayland
      WLR_NO_HARDWARE_CURSORS = mkIf (cfg.type == "nvidia") "1";
      # work around wlroots flickering on pure nvidia
      #WLR_RENDERER = mkIf (cfg.type == "nvidia") "vulkan";
    };
    specialisation.integratedGraphics = mkIf (cfg.type == "prime") {
      configuration = {
        global.gpu.type = mkForce (if intel then "intel" else if amdgpu then "amdgpu" else "prime");
        boot.blacklistedKernelModules = [ "nouveau" ];
      };
    };
    specialisation.withArc = mkIf (cfg.arc != null) {
      configuration = {
        global.gpu.arc = mkForce null;
        powerManagement.cpuFreqGovernor = mkForce "performance";
      };
    };
    boot.initrd.kernelModules =
    optional amdgpu "amdgpu" ++
    optional (intel && cfg.arc == null) "i915" ++
    optionals nvidia [ "nvidia" "nvidia_drm" "nvidia_modeset" "nvidia_uvm" ] ++
    optional (cfg.arc != null) "vfio-pci";
    boot.extraModulePackages = optional nvidia config.boot.kernelPackages.nvidia_x11;
    boot.extraModprobeConfig = mkIf (cfg.arc != null) ''
      softdep drm pre: vfio-pci
      options vfio-pci ids=${cfg.arc}
    '';
    boot.kernelParams =
    optional intel "i915.fastboot=1" ++
    optionals nvidia [ "nvidia_drm.modeset=1" "nvidia_drm.fbdev=1" ];
  };
 }
--- a/global/gpu/greetd.nix
+++ b/global/gpu/greetd.nix
@ -0,0 +1,24 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.global.gpu;
  gui = with cfg; enable && session;
 in mkIf gui {
  programs.regreet = {
    enable = mkDefault true;
    cageArgs = [ "-s" "-d" "-m" "last" ];
    settings = {
      background.path = mkDefault ../../share/54345906_p0.jpg;
      background.fit = "Fill";
      GTK = {
        application_prefer_dark_theme = mkDefault true;
        cursor_theme_name = mkDefault "Bibata-Modern-Classic";
        icon_theme_name = mkDefault "Papirus-Dark";
        theme_name = mkDefault "WhiteSur-Dark";
      };
    };
  };
  environment.persistence."/nix/persist/fhs".directories = [ "/var/cache/regreet" ];
 }
--- a/global/gpu/plymouth.nix
+++ b/global/gpu/plymouth.nix
@ -2,10 +2,11 @@
 , lib
 , config
 , ... }: with lib; let
-  cfg = config.faucet.gui;
+  cfg = config.global.gpu;
-in mkIf cfg.enable {
+  gui = with cfg; enable && session;
 in mkIf gui {
  boot = {
-    loader.timeout = lib.mkDefault 0;
+    loader.timeout = mkDefault 0;
    consoleLogLevel = 0;
    initrd.verbose = false;
    initrd.systemd.enable = true;
@ -13,7 +14,6 @@ in mkIf cfg.enable {
    kernelParams = [
      "quiet"
      "splash"
      "i915.fastboot=1"
      "loglevel=3"
      "rd.systemd.show_status=false"
      "rd.udev.log_level=3"
--- a/global/id/default.nix
+++ b/global/id/default.nix
@ -2,9 +2,9 @@
 , lib
 , config
 , ... }: with lib; let
-  cfg = config.faucet.id;
+  cfg = config.global.id;
 in {
-  options.faucet.id = mkOption {
+  options.global.id = mkOption {
    type = with types; str;
    description = "systemd machine id";
  };
--- a/global/io/default.nix
+++ b/global/io/default.nix
@ -2,41 +2,61 @@
 , lib
 , config
 , ... }: with lib; let
-  cfg = config.faucet.io;
+  cfg = config.global.io;
  gui = with config.global.gpu; enable && session;
 in {
-  options.faucet.io = {
+  options.global.io = {
-    betaflight = mkEnableOption "betaflight udev rules" // { default = true; };
+    betaflight = mkEnableOption "betaflight udev rules" // { default = gui; };
-    bluetooth = mkEnableOption "bluetooth daemons and state persistence" // { default = true; };
+    bluetooth = mkEnableOption "bluetooth daemons and state persistence" // { default = gui; };
-    audio = mkEnableOption "pulseaudio server configuration" // { default = true; };
+    audio = mkEnableOption "pulseaudio server configuration" // { default = gui; };
    coredump = mkEnableOption "save coredumps handled by systemd";
  };
  config = {
-    services.udev.extraRules = "" + (if cfg.betaflight then ''
+    services.udev.extraRules = ''
      # ignore zvols
      KERNEL=="zd*", ENV{UDISKS_IGNORE}="1"
    '' + (if cfg.betaflight then ''
      # DFU (Internal bootloader for STM32 and AT32 MCUs)
      SUBSYSTEM=="usb", ATTRS{idVendor}=="2e3c", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
      SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
    '' else "");
    networking.networkmanager.enable = mkDefault true;
    networking.hosts = {
      "10.5.14.0" = [ "codec" ];
      "10.5.14.1" = [ "redir" ];
      "10.5.14.2" = [ "compat" ];
      "192.168.123.1" = [ "netvm" ];
    };
    networking.firewall.logRefusedConnections = true;
    hardware.bluetooth.enable = mkDefault cfg.bluetooth;
-    hardware.pulseaudio = mkIf cfg.audio {
+    # rtkit is optional but recommended
    security.rtkit.enable = cfg.audio;
    services.pipewire = mkIf cfg.audio {
      enable = true;
-      support32Bit = true;
+      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
      jack.enable = true;
    };
    #nixpkgs.config.pulseaudio = mkIf cfg.audio;
    security.pam.loginLimits = mkIf (!cfg.coredump) (singleton { domain = "*"; item = "core"; type = "hard"; value = "0"; });
    systemd.coredump.extraConfig = mkIf (!cfg.coredump) "Storage=none";
    environment.persistence."/nix/persist/fhs".directories = [
      "/var/log"
      "/var/lib/nixos"
      "/var/lib/systemd/backlight"
    ] ++
    optional config.networking.networkmanager.enable "/etc/NetworkManager/system-connections" ++
    optional cfg.bluetooth "/var/lib/bluetooth" ++
    optional cfg.coredump "/var/lib/systemd/coredump";
    environment.persistence."/nix/persist/fhs".hideMounts = true;
    users.home.persist.directories = [ ] ++
    optional cfg.audio ".local/state/wireplumber";
  };
 }
--- a/global/kernel/default.nix
+++ b/global/kernel/default.nix
@ -2,9 +2,9 @@
 , lib
 , config
 , ... }: with lib; let
-  cfg = config.faucet.kernel;
+  cfg = config.global.kernel;
 in {
-  options.faucet.kernel = {
+  options.global.kernel = {
    enable = mkEnableOption "kernel version and configuration" // { default = true; };
    lts = mkEnableOption "longterm kernel releases";
    sysctl = {
@ -23,6 +23,6 @@ in {
      "kernel.dmesg_restrict" = mkIf cfg.sysctl.harden 1;
      "vm.swappiness" = cfg.sysctl.swappiness;
    };
-    boot.kernelPackages = with pkgs; mkDefault (if cfg.lts then linuxPackages else linuxPackages_latest);
+    boot.kernelPackages = with pkgs; mkOverride 1001 (if cfg.lts then linuxPackages else linuxPackages_latest);
  };
 }
--- a/global/libvirt/default.nix
+++ b/global/libvirt/default.nix
@ -0,0 +1,36 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.global.libvirt;
 in {
  options.global.libvirt = {
    enable = mkEnableOption "libvirt virtualisation daemon" // { default = true; };
  };
  config = mkIf cfg.enable {
    virtualisation.libvirtd = {
      enable = true;
      qemu.runAsRoot = false;
      qemu.swtpm.enable = true;
      # disable as much implicit state as possible
      onBoot = "ignore";
      onShutdown = "shutdown";
      parallelShutdown = 5;
    };
    environment.systemPackages = with pkgs; [ virtiofsd ];
    # USB redirection requires a setuid wrapper
    virtualisation.spiceUSBRedirection.enable = true;
    environment.persistence."/nix/persist/fhs".directories = [
      "/var/lib/libvirt"
    ];
    global.fs.zfs.mountpoints."/nix/persist/service/libvirt" = "service/libvirt";
    # allow management by admin users
    users.adminGroups = [ "libvirtd" ];
  };
 }
--- a/global/lowmem/default.nix
+++ b/global/lowmem/default.nix
@ -0,0 +1,25 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.global.lowmem;
 in {
  options.global.lowmem = {
    enable = mkEnableOption "low memory optimisations";
    swapsize = mkOption {
      type = with types; int;
      default = 8 * 1024;
      description = "automatic swap file size";
    };
  };
  config = mkIf cfg.enable {
    # enables remote nixos-rebuild
    nix.settings.trusted-users = [ "koishi" ];
    swapDevices = [ {
      device = "/nix/persist/secret/swap";
      size = cfg.swapsize;
    } ];
  };
 }
--- a/global/netdata/default.nix
+++ b/global/netdata/default.nix
@ -0,0 +1,52 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.global.netdata;
 in {
  options.global.netdata = {
    enable = mkEnableOption "netdata";
    host = mkOption {
      type = with types; str;
      default = "localhost";
      description = "hostname of netdata web interface";
    };
    addSSL = mkEnableOption "add SSL to netdata proxy";
    useACMEHost = mkOption {
      type = with types; nullOr str;
      default = null;
      description = "existing acme host";
    };
    basicAuthFile = mkOption {
      type = with types; nullOr path;
      default = "/nix/persist/secret/netdata";
      description = "path to passwd file";
    };
  };
  config = mkIf cfg.enable {
    services.netdata = {
      enable = true;
      config = {
        global = {
          "error log" = "syslog";
          "access log" = "none";
          "debug log" = "syslog";
        };
        web."bind to" = "unix:/var/run/netdata/netdata.sock";
      };
    };
    users.users.netdata.uid = 287;
    users.groups.netdata.gid = 287;
    services.nginx.enable = mkDefault true;
    services.nginx.virtualHosts.${cfg.host} = {
      inherit (cfg) addSSL useACMEHost basicAuthFile;
      locations."/".proxyPass = "http://unix:/var/run/netdata/netdata.sock";
    };
    users.users.nginx.extraGroups = [ "netdata" ];
    environment.persistence."/nix/persist/fhs".directories = [ "/var/lib/netdata" ];
  };
 }
--- a/global/oci/default.nix
+++ b/global/oci/default.nix
@ -0,0 +1,21 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.global.oci;
 in {
  options.global.oci = {
    enable = mkEnableOption "oci container runtime";
  };
  config = mkIf cfg.enable {
    virtualisation.podman = {
      enable = true;
      enableNvidia = with config.global.gpu; mkDefault type == "prime" || type == "nvidia";
      dockerCompat = true;
    };
    users.home.persist.directories = [ ".local/share/containers" ];
    environment.persistence."/nix/persist/fhs".directories = [ "/var/lib/containers" ];
  };
 }
--- a/global/virtualbox/default.nix
+++ b/global/virtualbox/default.nix
@ -0,0 +1,34 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.global.virtualbox;
 in {
  options.global.virtualbox = {
    enable = mkEnableOption "virtualbox host (kvm)";
  };
  config = mkIf cfg.enable {
    virtualisation.virtualbox.host = {
      enable = true;
      enableKvm = true;
      enableExtensionPack = true;
      enableHardening = false;
      addNetworkInterface = false;
    };
    # allow virtualbox USB passthrough
    users.adminGroups = [ "vboxusers" ];
    users.home.persist.directories = [
      ".config/VirtualBox"
    ];
    users.homeModules = [ {
      wayland.windowManager.sway.config.window.commands = [
        { criteria.class = "VirtualBox Manager"; command = "floating enable"; }
      ];
    } ];
  };
 }
--- a/home/app/nixos.nix
+++ b/home/app/nixos.nix
@ -0,0 +1,28 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.users;
 in {
  options.users.home.persistApp = {
    files = mkOption {
      type = with types; listOf (oneOf [ str (attrsOf str) ]);
      default = [ ];
    };
    directories = mkOption {
      type = with types; listOf (oneOf [ str (attrsOf str) ]);
      default = [ ];
    };
  };
  config = {
    users.profiles.app = {
      uid = 5800;
      description = "Insecure Applications";
      picture = ../picture/app.png;
    };
    # extra persistence specific to the app user
    environment.persistence."/nix/persist".users.app = cfg.home.persistApp;
  };
 }
--- a/home/auth/home.nix
+++ b/home/auth/home.nix
@ -17,9 +17,21 @@
        # compiled from trusted keys in auth module
        ssh.allowedSignersFile = toString (pkgs.writeText
        "allowed_signers" (foldr (key: folded:
-        folded + "koishi@514fpv.one ${key}") ""
+        folded + "koishi@514fpv.one ${key}\n") ""
        config.passthrough.publicKeys));
      };
    };
  };
  programs.ssh = {
    enable = true;
    matchBlocks = {
      "edge.514fpv.io".port = 8086;
      "sf.514fpv.io".port = 8087;
    };
  };
  wayland.windowManager.sway.config.window.commands = mkIf config.passthrough.gui [
    { criteria.title = "Bitwarden"; command = "floating enable"; }
  ];
 }
--- a/home/auth/nixos.nix
+++ b/home/auth/nixos.nix
@ -2,6 +2,6 @@
 , ... }: {
  # this module passes openssh public keys to home-manager
  users.homeModules = [ {
-    passthrough.publicKeys = config.faucet.auth.openssh.publicKeys;
+    passthrough.publicKeys = config.global.auth.openssh.publicKeys;
  } ];
 }
--- a/home/btop/home.nix
+++ b/home/btop/home.nix
@ -0,0 +1,13 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.passthrough.btop;
 in mkIf cfg.enable {
  programs.btop = {
    enable = true;
    settings = {
      theme_background = false;
    };
  };
 }
--- a/home/btop/nixos.nix
+++ b/home/btop/nixos.nix
@ -0,0 +1,17 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.home.btop;
 in {
  options.home.btop = {
    enable = mkEnableOption "btop" // { default = !config.home.util.minimal; };
  };
  config = {
    users.homeModules = [
      # this module passes gyroflow configuration to home-manager
      { passthrough.btop = cfg; }
    ];
  };
 }
--- a/home/catppuccin/flake.png
+++ b/home/catppuccin/flake.png
--- a/home/catppuccin/gui.nix
+++ b/home/catppuccin/gui.nix
@ -0,0 +1,62 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.passthrough.catppuccin;
  palette = (lib.importJSON "${config.catppuccin.sources.palette}/palette.json").${config.catppuccin.flavor}.colors;
 in mkIf cfg.enable {
  gtk.theme = { inherit (cfg.gtk) package name; };
  qt.style.name = "kvantum";
  qt.platformTheme.name = "kvantum";
  home.pointerCursor = { inherit (cfg.cursor) package name; };
  # sway colour palette override
  wayland.windowManager.sway.config = {
    colors = {
      focused =         { border = "$lavender"; background = "$base"; text = "$text";  indicator = "$rosewater"; childBorder = "$lavender"; };
      focusedInactive = { border = "$overlay0"; background = "$base"; text = "$text";  indicator = "$rosewater"; childBorder = "$overlay0"; };
      unfocused =       { border = "$overlay0"; background = "$base"; text = "$text";  indicator = "$rosewater"; childBorder = "$overlay0"; };
      urgent =          { border = "$peach";    background = "$base"; text = "$peach"; indicator = "$overlay0";  childBorder = "$peach"; };
      placeholder =     { border = "$overlay0"; background = "$base"; text = "$text";  indicator = "$overlay0";  childBorder = "$overlay0"; };
      background =                 "$base";
    };
    bars = mkForce [ {
      colors = {
        background =                   "$base";
        statusline =                   "$text";
        focusedStatusline =            "$text";
        focusedSeparator =             "$base";
        focusedWorkspace =  { border = "$base"; background = "$base"; text = "$green"; };
        activeWorkspace =   { border = "$base"; background = "$base"; text = "$blue"; };
        inactiveWorkspace = { border = "$base"; background = "$base"; text = "$surface1"; };
        urgentWorkspace =   { border = "$base"; background = "$base"; text = "$surface1"; };
        bindingMode =       { border = "$base"; background = "$base"; text = "$surface1"; };
      };
      mode = "dock";
      position = "bottom";
      workspaceButtons = true;
      workspaceNumbers = true;
      statusCommand = "${pkgs.i3status}/bin/i3status";
      fonts = {
        names = [ "monospace" ];
        size = 8.0;
      };
      trayOutput = "primary";
    } ];
    output."*".bg = mkForce "${./flake.png} fill";
    gaps.inner = 12;
    gaps.outer = 5;
    # dodge the status bar
    gaps.bottom = 0;
  };
  # i3status colour palette override
  programs.i3status.general = with palette; {
    color_good = lavender.hex;
    color_degraded = yellow.hex;
    color_bad = red.hex;
  };
 }
--- a/home/catppuccin/home.nix
+++ b/home/catppuccin/home.nix
@ -0,0 +1,9 @@
 {
  catppuccin = {
    enable = true;
    accent = "pink";
    flavor = "mocha";
  };
  imports = [ ./gui.nix ];
 }
--- a/home/catppuccin/nixos.nix
+++ b/home/catppuccin/nixos.nix
@ -0,0 +1,79 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  gui = with config.global.gpu; enable && session;
  cfg = config.home.catppuccin;
 in {
  options.home.catppuccin = {
    enable = mkEnableOption "catppuccin colour scheme" // { default = gui; };
    gtk = {
      package = mkOption {
        type = with types; package;
        default = (pkgs.catppuccin-gtk.overrideAttrs {
          src = pkgs.fetchFromGitHub {
            owner = "catppuccin";
            repo = "gtk";
            rev = "v1.0.3";
            fetchSubmodules = true;
            hash = "sha256-q5/VcFsm3vNEw55zq/vcM11eo456SYE5TQA3g2VQjGc=";
          };
          postUnpack = "";
        }).override {
          accents = [ "pink" ];
          size = "compact";
          #tweaks = [ "rimless" "black" ];
          variant = "mocha";
        };
        description = "catppuccin gtk theme package";
      };
      name = mkOption {
        type = with types; str;
        default = "catppuccin-mocha-pink-compact";
        description = "name of catppuccin gtk theme";
      };
    };
    cursor = {
      package = mkOption {
        type = with types; package;
        default = pkgs.catppuccin-cursors.mochaDark;
        description = "catppuccin cursor theme package";
      };
      name = mkOption {
        type = with types; str;
        default = "catppuccin-mocha-dark-cursors";
        description = "name of catppuccin cursor theme";
      };
    };
  };
  config = {
    users.homeModules = [
      # this module passes catppuccin configuration to home-manager
      { passthrough.catppuccin = cfg; }
    ];
    catppuccin.enable = cfg.enable;
    # gtk and cursor themes
    environment.systemPackages = with cfg; mkIf enable [
      gtk.package cursor.package
    ];
    # override greetd theme
    programs.regreet = mkIf cfg.enable {
      theme = {
        inherit (cfg.gtk) name package;
      };
      cursorTheme = {
        inherit (cfg.cursor) name package;
      };
      settings = {
        background.path = ./solid.png;
      };
    };
  };
 }
--- a/home/catppuccin/solid.png
+++ b/home/catppuccin/solid.png
--- a/home/chrome/home.nix
+++ b/home/chrome/home.nix
@ -0,0 +1,13 @@
 { pkgs
 , lib
 , config
 , ...}: lib.mkIf config.passthrough.gui {
  programs.chromium = {
    enable = true;
    package = pkgs.google-chrome;
    commandLineArgs = [
      "--enable-features=UseOzonePlatform"
      "--ozone-platform=wayland"
    ];
  };
 }
--- a/home/chrome/nixos.nix
+++ b/home/chrome/nixos.nix
@ -0,0 +1,10 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  gui = with config.global.gpu; enable && session;
 in {
  users.home.persist.directories = mkIf gui [ ".config/google-chrome" ];
  security.chromiumSuidSandbox.enable = mkIf gui true;
  environment.sessionVariables.NIXOS_OZONE_WL = "1";
 }
--- a/home/foot/home.nix
+++ b/home/foot/home.nix
@ -0,0 +1,11 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; mkIf config.passthrough.gui {
  programs.foot = {
    enable = true;
    settings.main.term = "xterm-256color";
    settings.main.font = "DejaVu Sans Mono:size=11";
    #settings.colors.alpha = 0.8;
  };
 }
--- a/home/gnome/home.nix
+++ b/home/gnome/home.nix
@ -0,0 +1,11 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.passthrough.gnome;
 in {
  imports = [
    ./impl/home.nix
    ./impl/dconf.nix
  ];
 }
--- a/home/gnome/impl/dconf.nix
+++ b/home/gnome/impl/dconf.nix
@ -0,0 +1,286 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.passthrough.gnome;
  bg = ../../../share/54345906_p0.jpg;
 in mkIf cfg.enable {
  dconf.settings = let
    p = "org/gnome";
    pd = "${p}/desktop";
    ps = "${p}/shell";
    pse = "${ps}/extensions";
    ptl = "${p}/terminal/legacy";
    ptlp = "${ptl}/profiles:";
  in {
    "${pd}/peripherals/mouse".natural-scroll = true;
    "${pd}/peripherals/touchpad".tap-to-click = true;
    "${p}/epiphany".ask-for-default = false;
    "${p}/evolution-data-server".migrated = true;
    "${p}/nautilus/preferences" = {
      default-folder-viewer = "icon-view";
      migrated-gtk-settings = true;
      search-filter-time-type = "last_modified";
    };
    "${pd}/background" = {
      color-shading-type = "solid";
      picture-options = "zoom";
      picture-uri = "file://${bg}";
      picture-uri-dark = "file://${bg}";
      primary-color = "#000000000000";
      secondary-color = "#000000000000";
    };
    "${pd}/interface" = {
      color-scheme = "prefer-dark";
      cursor-theme = "Bibata-Modern-Classic";
      font-antialiasing = "grayscale";
      font-hinting = "slight";
      gtk-theme = "adw-gtk3-dark";
      icon-theme = "Papirus-Dark";
    };
    "${pd}/screensaver" = {
      color-shading-type = "solid";
      lock-enabled = false;
      picture-options = "zoom";
      picture-uri = "file://${bg}";
      primary-color = "#000000000000";
      secondary-color = "#000000000000";
    };
    "${pd}/wm/preferences" = {
      action-double-click-titlebar = "toggle-maximize";
      action-middle-click-titlebar = "minimize";
      button-layout = "close:appmenu";
      resize-with-right-button = true;
    };
    "${pd}/wm/keybindings" = {
      panel-run-dialog = [ ];
      begin-resize = [ "<Super>r" ];
      close = [ "<Shift><Super>q" ];
      minimize = [ "<Super>BackSpace" ];
      move-to-workspace-1 = [ "<Shift><Super>1" ];
      move-to-workspace-2 = [ "<Shift><Super>2" ];
      move-to-workspace-3 = [ "<Shift><Super>3" ];
      move-to-workspace-4 = [ "<Shift><Super>4" ];
      move-to-workspace-left = [ "<Shift><Super>h" ];
      move-to-workspace-right = [ "<Shift><Super>l" ];
      switch-to-workspace-1 = [ "<Super>1" ];
      switch-to-workspace-2 = [ "<Super>2" ];
      switch-to-workspace-3 = [ "<Super>3" ];
      switch-to-workspace-4 = [ "<Super>4" ];
      toggle-maximized = [ "<Super>f" ];
    };
    "${ps}/keybindings" = {
      switch-to-application-1 = [ ];
      switch-to-application-2 = [ ];
      switch-to-application-3 = [ ];
      switch-to-application-4 = [ ];
      switch-to-application-5 = [ ];
      switch-to-application-6 = [ ];
      switch-to-application-7 = [ ];
      switch-to-application-8 = [ ];
      switch-to-application-9 = [ ];
      toggle-application-view = [ "<Super>d" ];
    };
    "${p}/settings-daemon/plugins/media-keys" = {
      custom-keybindings = [
        "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
        "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
      ];
      logout = [ ];
      screensaver = [ "<Control><Alt>l" ];
    };
    "${p}/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
      binding = "<Super>Return";
      command = "kgx";
      name = "Launch console";
    };
    "${p}/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
      binding = "<Super>q";
      command = "google-chrome-stable";
      name = "Launch Google Chrome";
    };
    "${ptlp}" = {
      #default = "95894cfd-82f7-430d-af6e-84d168bc34f5";
      list = [
        "de8a9081-8352-4ce4-9519-5de655ad9361"
        "71a9971e-e829-43a9-9b2f-4565c855d664"
        "5083e06b-024e-46be-9cd2-892b814f1fc8"
        "95894cfd-82f7-430d-af6e-84d168bc34f5"
      ];
    };
    "${ptlp}/:5083e06b-024e-46be-9cd2-892b814f1fc8" = {
      background-color = "#24273a";
      cursor-background-color = "#f4dbd6";
      cursor-colors-set = true;
      cursor-foreground-color = "#24273a";
      foreground-color = "#cad3f5";
      highlight-background-color = "#24273a";
      highlight-colors-set = true;
      highlight-foreground-color = "#5b6078";
      palette = [
        "#494d64" "#ed8796" "#a6da95" "#eed49f"
        "#8aadf4" "#f5bde6" "#8bd5ca" "#b8c0e0"
        "#5b6078" "#ed8796" "#a6da95" "#eed49f"
        "#8aadf4" "#f5bde6" "#8bd5ca" "#a5adcb"
      ];
      use-theme-colors = false;
      visible-name = "Catppuccin Macchiato";
    };
    "${ptlp}/:71a9971e-e829-43a9-9b2f-4565c855d664" = {
      background-color = "#303446";
      cursor-background-color = "#f2d5cf";
      cursor-colors-set = true;
      cursor-foreground-color = "#303446";
      default-size-columns = 150;
      default-size-rows = 35;
      foreground-color = "#c6d0f5";
      highlight-background-color = "#303446";
      highlight-colors-set = true;
      highlight-foreground-color = "#626880";
      palette = [
        "#51576d" "#e78284" "#a6d189" "#e5c890"
        "#8caaee" "#f4b8e4" "#81c8be" "#b5bfe2"
        "#626880" "#e78284" "#a6d189" "#e5c890"
        "#8caaee" "#f4b8e4" "#81c8be" "#a5adce"
      ];
      use-theme-colors = false;
      visible-name = "Catppuccin Frappe";
    };
    "${ptlp}/:95894cfd-82f7-430d-af6e-84d168bc34f5" = {
      background-color = "#1e1e2e";
      cursor-background-color = "#f5e0dc";
      cursor-colors-set = true;
      cursor-foreground-color = "#1e1e2e";
      foreground-color = "#cdd6f4";
      highlight-background-color = "#1e1e2e";
      highlight-colors-set = true;
      highlight-foreground-color = "#585b70";
      palette = [
        "#45475a" "#f38ba8" "#a6e3a1" "#f9e2af"
        "#89b4fa" "#f5c2e7" "#94e2d5" "#bac2de"
        "#585b70" "#f38ba8" "#a6e3a1" "#f9e2af"
        "#89b4fa" "#f5c2e7" "#94e2d5" "#a6adc8"
      ];
      use-theme-colors = false;
      visible-name = "Catppuccin Mocha";
    };
    "${ptlp}/:de8a9081-8352-4ce4-9519-5de655ad9361" = {
      background-color = "#eff1f5";
      cursor-background-color = "#dc8a78";
      cursor-colors-set = true;
      cursor-foreground-color = "#eff1f5";
      foreground-color = "#4c4f69";
      highlight-background-color = "#eff1f5";
      highlight-colors-set = true;
      highlight-foreground-color = "#acb0be";
      palette = [
        "#5c5f77" "#d20f39" "#40a02b" "#df8e1d"
        "#1e66f5" "#ea76cb" "#179299" "#acb0be"
        "#6c6f85" "#d20f39" "#40a02b" "#df8e1d"
        "#1e66f5" "#ea76cb" "#179299" "#bcc0cc"
      ];
      use-theme-colors = false;
      visible-name = "Catppuccin Latte";
    };
    "${ps}" = {
      disabled-extensions = [
        "light-style@gnome-shell-extensions.gcampax.github.com"
        "places-menu@gnome-shell-extensions.gcampax.github.com"
        "windowsNavigator@gnome-shell-extensions.gcampax.github.com"
        "window-list@gnome-shell-extensions.gcampax.github.com"
        "workspace-indicator@gnome-shell-extensions.gcampax.github.com"
        "dash-to-dock@micxgx.gmail.com"
      ];
      enabled-extensions = [
        "user-theme@gnome-shell-extensions.gcampax.github.com"
        "apps-menu@gnome-shell-extensions.gcampax.github.com"
        "drive-menu@gnome-shell-extensions.gcampax.github.com"
        "appindicatorsupport@rgcjonas.gmail.com"
        "dash-to-panel@jderose9.github.com"
        "caffeine@patapon.info"
        "PrivacyMenu@stuarthayhurst"
      ];
      last-selected-power-profile = "performance";
      welcome-dialog-last-shown-version = "45.3";
    };
    #"${pse}/user-theme".name = "catppuccin-mocha-pink-compact";
    "${pse}/caffeine" = {
      screen-blank = "never";
    };
    "${pse}/dash-to-dock" = {
      background-opacity = 0.80000000000000004;
      dash-max-icon-size = 48;
      dock-position = "BOTTOM";
      height-fraction = 0.90000000000000002;
      multi-monitor = false;
      running-indicator-style = "DOTS";
      custom-theme-shrink = true;
    };
    "${pse}/dash-to-panel" = {
      animate-appicon-hover = false;
      animate-appicon-hover-animation-type = "SIMPLE";
      appicon-margin = 0;
      appicon-padding = 4;
      appicon-style= "NORMAL";
      available-monitors = [ 0 ];
      dot-position = "BOTTOM";
      dot-style-focused = "METRO";
      dot-style-unfocused = "DOTS";
      group-apps = true;
      hide-overview-on-startup = true;
      hotkeys-overlay-combo = "TEMPORARILY";
      intellihide = true;
      intellihide-behaviour = "FOCUSED_WINDOWS";
      intellihide-hide-from-windows = true;
      isolate-workspaces = false;
      leftbox-padding = -1;
      overview-click-to-exit = true;
      panel-anchors = ''{"0":"MIDDLE"}'';
      panel-element-positions = ''{"0":[{"element":"showAppsButton","visible":true,"position":"stackedTL"},{"element":"activitiesButton","visible":true,"position":"stackedTL"},{"element":"leftBox","visible":false,"position":"stackedTL"},{"element":"taskbar","visible":true,"position":"centerMonitor"},{"element":"centerBox","visible":true,"position":"stackedBR"},{"element":"rightBox","visible":true,"position":"stackedBR"},{"element":"dateMenu","visible":true,"position":"stackedBR"},{"element":"systemMenu","visible":true,"position":"stackedBR"},{"element":"desktopButton","visible":false,"position":"stackedBR"}]}'';
      panel-lengths = ''{"0":100}'';
      panel-positions = ''{"0":"BOTTOM"}'';
      panel-sizes = ''{"0":42}'';
      primary-monitor = 0;
      secondarymenu-contains-showdetails = true;
      show-showdesktop-hover = true;
      status-icon-padding = -1;
      stockgs-force-hotcorner = false;
      stockgs-keep-dash = false;
      stockgs-keep-top-panel = false;
      stockgs-panelbtn-click-only = false;
      trans-bg-color = "#2a2a2a";
      trans-dynamic-anim-target = 1.0;
      trans-dynamic-behavior = "MAXIMIZED_WINDOWS";
      trans-gradient-bottom-color = "#000000";
      trans-gradient-bottom-opacity = 0.5;
      trans-gradient-top-opacity = 0.0;
      trans-panel-opacity = 0.0;
      trans-use-custom-bg = true;
      trans-use-custom-gradient = true;
      trans-use-custom-opacity = true;
      trans-use-dynamic-opacity = true;
      tray-padding = -1;
      window-preview-title-position = "TOP";
    };
  };
 }
--- a/home/gnome/impl/home.nix
+++ b/home/gnome/impl/home.nix
@ -0,0 +1,32 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.passthrough.gnome;
 in mkIf cfg.enable {
  home.packages =
  with pkgs;
  with gnome;
  with gnomeExtensions; [
    # gtk3 theme
    adw-gtk3
    # gnomeExtensions
    caffeine
    dash-to-panel
    dash-to-dock
    appindicator
    privacy-settings-menu
  ];
  catppuccin.enable = mkForce false;
  home.pointerCursor = mkForce null;
  gtk.enable = false;
  home.persistence."/nix/persist/home/${config.home.username}" = {
    removePrefixDirectory = true;
    files = [
      (if config.specialisation != {} then "gnome/.config/monitors.xml" else "extern/.config/monitors.xml")
    ];
  };
 }
--- a/home/gnome/impl/nixos.nix
+++ b/home/gnome/impl/nixos.nix
@ -0,0 +1,49 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.home.gnome;
 in mkIf cfg.enable {
  global.flatpak.enable = mkDefault true;
  home.catppuccin.enable = mkDefault false;
  catppuccin.enable = false;
  programs.regreet.enable = false;
  services.xserver.enable = true;
  services.xserver.displayManager.startx.enable = false;
  services.xserver.displayManager.gdm.enable = true;
  services.xserver.desktopManager.gnome.enable = true;
  services.udev.packages = with pkgs; [ gnome-settings-daemon ];
  services.hardware.bolt.enable = true;
  xdg.portal.configPackages = with pkgs; [ gnome-session ];
  hardware.pulseaudio.enable = false;
  environment.gnome.excludePackages = (with pkgs; [
    snapshot
    gnome-tour
  ] ++ optionals config.global.flatpak.enable [
    baobab
    simple-scan
    evince
    file-roller
    geary
    loupe
    seahorse
    totem
    epiphany
    gnome-calculator
    gnome-calendar
    gnome-connections
    gnome-font-viewer
    gnome-text-editor
    gnome-characters
    gnome-clocks
    gnome-contacts
    gnome-logs
    gnome-maps
    gnome-music
    gnome-weather
  ]) ++ (with pkgs.gnome; [ ] ++ optionals config.global.flatpak.enable [
  ]);
  users.home.persist.directories = [ ".config/dconf" ];
 }
--- a/home/gnome/nixos.nix
+++ b/home/gnome/nixos.nix
@ -0,0 +1,25 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.home.gnome;
 in {
  imports = [ ./impl/nixos.nix ];
  options.home.gnome = {
    enable = mkEnableOption "GNOME desktop environment";
  };
  config = {
    users.homeModules = [
      # this module passes gnome configuration to home-manager
      { passthrough.gnome = cfg; }
    ];
    specialisation.nognome = with cfg; mkIf enable {
      configuration = {
        home.gnome.enable = mkForce false;
      };
    };
  };
 }
--- a/home/gui/home.nix
+++ b/home/gui/home.nix
@ -0,0 +1,35 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  catppuccin = config.passthrough.catppuccin.enable;
 in {
  config = mkIf config.passthrough.gui {
    # cursor theme
    home.pointerCursor = {
      package = mkDefault pkgs.bibata-cursors;
      name = mkDefault "Bibata-Modern-Classic";
      size = 24;
      x11.enable = true;
      gtk.enable = true;
    };
    # gtk theme
    gtk.theme = mkDefault {
      package = pkgs.whitesur-gtk-theme;
      name = "WhiteSur-Dark";
    };
    # gtk icons
    gtk.iconTheme = mkDefault {
      package = pkgs.papirus-icon-theme;
      name = "Papirus-Dark";
    };
    # unify qt theme
    qt.platformTheme.name = mkDefault "gtk";
    gtk.enable = mkDefault true;
    qt.enable = mkDefault true;
  };
 }
--- a/home/gui/nixos.nix
+++ b/home/gui/nixos.nix
@ -0,0 +1,36 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  gui = with config.global.gpu; enable && session;
  catppuccin = config.home.catppuccin;
 in {
  config = {
    users.homeModules = [
      # this module passes gui configuration to home-manager
      { passthrough.gui = gui; }
    ];
    users.adminGroups = mkIf gui [ "video" ];
    # themes and icons
    environment.systemPackages = with pkgs; mkIf gui ([
      papirus-icon-theme
    ] ++ optionals (!catppuccin.enable) [
      whitesur-gtk-theme
      whitesur-icon-theme
      bibata-cursors
    ]);
    fonts.enableDefaultPackages = mkIf gui true;
    security = mkIf gui {
      polkit.enable = true;
    };
    programs = mkIf gui {
      dconf.enable = true;
    };
    services = mkIf gui {
      blueman.enable = !config.global.flatpak.enable;
    };
  };
 }
--- a/home/gyroflow/home.nix
+++ b/home/gyroflow/home.nix
@ -0,0 +1,13 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.passthrough.gyroflow;
 in mkIf cfg.enable {
  # temporarily gone until regression is fixed
  #home.packages = [ cfg.package ];
  wayland.windowManager.sway.config.window.commands = [
    { criteria.app_id = "xyz.gyroflow.gyroflow"; command = "floating enable"; }
  ];
 }
--- a/home/gyroflow/nixos.nix
+++ b/home/gyroflow/nixos.nix
@ -0,0 +1,26 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.home.gyroflow;
 in {
  options.home.gyroflow = {
    enable = mkEnableOption "gyroflow stabilisation software";
    package = mkOption {
      type = with types; package;
      default = pkgs.gyroflow.overrideAttrs (finalAttrs: previousAttrs: {
        buildInputs = previousAttrs.buildInputs ++ [ pkgs.qt6Packages.qtwayland ];
      });
      description = "gyroflow package";
    };
  };
  config = {
    users.homeModules = [
      # this module passes gyroflow configuration to home-manager
      { passthrough.gyroflow = cfg; }
    ];
    users.home.persist.directories = mkIf cfg.enable [ ".config/Gyroflow" ];
  };
 }
--- a/home/headless/home.nix
+++ b/home/headless/home.nix
@ -0,0 +1,24 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.passthrough.headless;
 in mkIf (cfg.enable != null) {
  wayland.windowManager.sway.config = {
    output = {
      ${cfg.enable}.pos = "0 0";
      HEADLESS-1 = cfg.output;
    };
    startup = [ { command = "swaymsg create_output && swaymsg output HEADLESS-1 disable"; } ];
  };
  home.packages = [ (pkgs.writeShellScriptBin "headless" ''
    swaymsg output HEADLESS-1 enable
    ${pkgs.wayvnc}/bin/wayvnc \
      --output=HEADLESS-1 \
      ${cfg.extraArgs} \
      ${cfg.host} ${toString cfg.port}
    swaymsg output HEADLESS-1 disable
  '') ];
 }
--- a/home/headless/nixos.nix
+++ b/home/headless/nixos.nix
@ -0,0 +1,51 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.home.headless;
 in {
  options.home.headless = {
    enable = mkOption {
      type = with types; nullOr str;
      default = null;
      description = "a headless, remotely viewed sway display";
    };
    output = mkOption {
      type = with types; attrsOf str;
      default = {
        # pixel tablet
        mode = "2560x1600";
        scale = "2";
        pos = "1920 0";
      };
      description = "headless display configuration";
    };
    host = mkOption {
      type = with types; str;
      default = "0.0.0.0";
      description = "wayvnc listen host";
    };
    port = mkOption {
      type = with types; port;
      # utility port
      default = 1300;
      description = "wayvnc listen port";
    };
    extraArgs = mkOption {
      type = with types; str;
      default = "--max-fps=60";
      description = "extra wayvnc args";
    };
  };
  config = {
    users.homeModules = [
      # this module passes headless configuration to home-manager
      { passthrough.headless = cfg; }
    ];
  };
 }
--- a/home/i3status/home.nix
+++ b/home/i3status/home.nix
@ -0,0 +1,77 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; mkIf config.passthrough.gui {
  programs.i3status = {
    enable = true;
    enableDefault = false;
    general.colors = true;
    general.interval = 1;
    modules = {
      "ethernet _first_" = {
        position = 1;
        settings = {
          format_up = "%ip at %speed";
          format_down = "";
        };
      };
      "wireless _first_" = {
        position = 2;
        settings = {
          format_up = ''%ip at %bitrate (\"%essid\"%quality @ %frequency)'';
          format_down = "";
        };
      };
      "disk /nix/persist" = {
        position = 3;
        settings = {
          format = "%avail (%percentage_avail)";
          threshold_type = "percentage_free";
          low_threshold = 25;
        };
      };
      memory = {
        position = 4;
        settings = {
          format = "%used / %total";
          threshold_degraded = "10%";
          threshold_critical = "5%";
          format_degraded = ">>> %used / %total <<<";
        };
      };
      load = {
        position = 5;
        settings = {
          format = "%1min %5min %15min";
          max_threshold =
            removeSuffix "\n" (builtins.readFile (pkgs.runCommandLocal "nproc" { } "nproc > $out"));
        };
      };
      "battery all" = {
        position = 6;
        settings = {
          format = "%status%percentage @ %consumption ~ %remaining";
          format_down = "";
          status_chr = "^";
          status_full = "";
          status_unk = "?";
          status_bat = "";
          last_full_capacity = true;
          threshold_type = "percentage";
          low_threshold = "15";
        };
      };
      "tztime local" = {
        position = 127;
        settings = { format = "%Y-%m-%d %H:%M:%S"; };
      };
    };
  };
 }
--- a/home/imv/home.nix
+++ b/home/imv/home.nix
@ -0,0 +1,6 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; mkIf config.passthrough.gui {
  programs.imv.enable = true;
 }
--- a/home/jetbrains/home.nix
+++ b/home/jetbrains/home.nix
@ -0,0 +1,11 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.passthrough.jetbrains;
 in mkIf cfg.enable {
  home.packages = with pkgs.jetbrains; [ pkgs.go ] ++
    optional cfg.idea idea-community ++
    optional cfg.clion clion ++
    optional cfg.goland goland;
 }
--- a/home/jetbrains/nixos.nix
+++ b/home/jetbrains/nixos.nix
@ -0,0 +1,27 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.home.jetbrains;
 in {
  options.home.jetbrains = {
    enable = mkEnableOption "jetbrains text editor";
    idea = mkEnableOption "intellij idea";
    clion = mkEnableOption "clion ide";
    goland = mkEnableOption "goland ide" // { default = true; };
  };
  config = {
    users.homeModules = [
      # this module passes jetbrains configuration to home-manager
      { passthrough.jetbrains = cfg; }
    ];
    users.home.persist.directories = mkIf cfg.enable [
      "go"
      ".java/.userPrefs"
      ".config/JetBrains"
      ".local/share/JetBrains"
    ];
  };
 }
--- a/home/libreoffice/home.nix
+++ b/home/libreoffice/home.nix
@ -0,0 +1,9 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.passthrough.libreoffice;
  enable = cfg.enable && (cfg.allUsers || (config.home.username == "app"));
 in mkIf enable {
  home.packages = with pkgs; [ libreoffice ];
 }
--- a/home/libreoffice/nixos.nix
+++ b/home/libreoffice/nixos.nix
@ -0,0 +1,22 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.home.libreoffice;
  persist = [ ".config/libreoffice" ];
 in {
  options.home.libreoffice = {
    enable = mkEnableOption "open source office suite";
    allUsers = mkEnableOption "set up for all users";
  };
  config = {
    users.homeModules = [
      # this module passes minecraft configuration to home-manager
      { passthrough.libreoffice = cfg; }
    ];
    users.home.persist.directories = with cfg; mkIf (enable && allUsers) persist;
    users.home.persistApp.directories = with cfg; mkIf (enable && !allUsers) persist;
  };
 }
--- a/home/mako/home.nix
+++ b/home/mako/home.nix
@ -0,0 +1,10 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; mkIf config.passthrough.gui {
  services.mako = {
    enable = true;
    defaultTimeout = 5000;
    anchor = "bottom-center";
  };
 }
--- a/home/minecraft/home.nix
+++ b/home/minecraft/home.nix
@ -0,0 +1,16 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  inherit (config.passthrough) gui;
  cfg = config.passthrough.minecraft;
  enable = cfg.enable && config.home.username == cfg.user;
 in mkIf enable {
  home.packages = with pkgs; [
    jdk8
  ] ++ optional gui prismlauncher;
  wayland.windowManager.sway.config.window.commands = mkIf gui [
    { criteria.app_id = "org.prismlauncher.PrismLauncher"; command = "floating enable"; }
  ];
 }
--- a/home/minecraft/nixos.nix
+++ b/home/minecraft/nixos.nix
@ -0,0 +1,33 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.home.minecraft;
  gui = with config.global.gpu; enable && session;
 in {
  options.home.minecraft = {
    enable = mkEnableOption "minecraft game launcher and jvm";
    user = mkOption {
      type = with types; str;
      default = "minecraft";
      description = "username which minecraft game client runs under";
    };
  };
  config = {
    users.homeModules = [
      # this module passes minecraft configuration to home-manager
      { passthrough.minecraft = cfg; }
    ];
    users.profiles.minecraft = mkIf (cfg.enable && cfg.user == "minecraft") {
      uid = 5801;
      description = "Minecraft";
      picture = ../picture/aux.png;
    };
    environment.persistence."/nix/persist".users.${cfg.user} = mkIf (cfg.enable && gui) {
      directories = [ ".local/share/PrismLauncher" ];
    };
  };
 }
--- a/home/mpv/home.nix
+++ b/home/mpv/home.nix
@ -0,0 +1,14 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; mkIf config.passthrough.gui {
  programs.mpv = {
    enable = true;
    config = {
      hwdec = "auto-safe";
      vo = "gpu";
      profile = "gpu-hq";
      gpu-context = "wayland";
    };
  };
 }
--- a/home/picture/app.png
+++ b/home/picture/app.png
--- a/home/picture/aux.png
+++ b/home/picture/aux.png
--- a/home/picture/koishi.png
+++ b/home/picture/koishi.png
--- a/home/picture/staging.png
+++ b/home/picture/staging.png
--- a/home/plasma/config.nix
+++ b/home/plasma/config.nix
@ -0,0 +1,13 @@
 {
  programs.plasma = {
    workspace = {
      lookAndFeel = "org.kde.breezedark.desktop";
      #clickItemTo = "select";
    };
    configFile = {
      baloofilerc."Basic Settings"."Indexing-Enabled" = false;
      kcminputrc.Libinput."2362"."597"."UNIW0001:00 093A:0255 Touchpad".NaturalScroll = true;
    };
  };
 }
--- a/home/plasma/home.nix
+++ b/home/plasma/home.nix
@ -0,0 +1,51 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.passthrough.plasma;
  image = ../../share/54345906_p0.jpg;
 in mkIf cfg.enable {
  programs.plasma = {
    # https://github.com/pjones/plasma-manager
    enable = true;
    #overrideConfig = true;
    workspace = {
      lookAndFeel = "org.kde.breezedark.desktop";
      wallpaper = image;
    };
    hotkeys.commands = {
      launch-konsole = {
        name = "Launch Konsole";
        key = "Meta+Enter";
        command = "konsole";
      };
    };
    configFile = {
      baloofilerc."Basic Settings"."Indexing-Enabled" = false;
      kscreenlockerrc.Greeter.Wallpaper."org.kde.image".General.Image = image;
      kscreenlockerrc.Greeter.Wallpaper."org.kde.image".General.PreviewImage = image;
    };
  } // cfg.extraConfig;
  home.activation.gtkCleanup = hm.dag.entryAfter [ "writeBoundary" ] ''
    $DRY_RUN_CMD rm -f $HOME/.gtkrc-2.0.old
  '';
  qt.enable = false;
  qt.platformTheme.name = null;
  # gtk theme
  gtk.theme = {
    package = pkgs.kdePackages.breeze-gtk;
    name = "Breeze-Dark";
  };
  # gtk icons
  gtk.iconTheme = {
    package = pkgs.kdePackages.breeze-icons;
    name = "breeze-dark";
  };
 }
--- a/home/plasma/nixos.nix
+++ b/home/plasma/nixos.nix
@ -0,0 +1,52 @@
 { pkgs
 , lib
 , config
 , plasma-manager
 , ... }: with lib; let
  cfg = config.home.plasma;
 in {
  options.home.plasma = {
    enable = mkEnableOption "plasma desktop and configuration";
    specialise = mkEnableOption "enable plasma in a specialisation";
    extraConfig = mkOption {
      type = with types; anything;
      default = { };
      description = "extra plasma-manager configuration";
    };
  };
  config = {
    users.homeModules = [
      # this module passes plasma configuration to home-manager
      { passthrough.plasma = cfg; }
    ];
    users.home.persist.files = mkIf cfg.enable [
      ".config/kwinoutputconfig.json"
    ];
    users.home.persist.directories = mkIf cfg.enable [
      ".local/share/kwalletd"
    ];
    services.desktopManager.plasma6 = mkIf cfg.enable {
      enable = true;
    };
    home-manager.backupFileExtension = mkIf cfg.enable "old";
    home-manager.sharedModules = [
      plasma-manager.homeManagerModules.plasma-manager
    ];
    services.blueman = mkIf cfg.enable {
      enable = mkForce false;
    };
    home = mkIf cfg.enable {
      catppuccin.enable = mkForce false;
    };
    specialisation.plasma = mkIf cfg.specialise {
      configuration.home.plasma.enable = true;
    };
  };
 }
--- a/home/profile.nix
+++ b/home/profile.nix
@ -1,6 +1,7 @@
 { pkgs
 , lib
 , config
 , inputs
 , ... }: with lib; let
  cfg = config.users;
 in {
@ -28,6 +29,11 @@ in {
            default = false;
            description = "enable ssh authorized keys for user";
          };
          picture = mkOption {
            type = with types; nullOr path;
            default = null;
            description = "path to user profile picture";
          };
        };
      });
      description = "preconfigured users with profile options";
@ -67,9 +73,9 @@ in {
      users = mapAttrs (name: opts: {
        inherit (opts) uid;
        description = with opts; mkIf (description != null) description;
-        extraGroups = mkIf opts.admin cfg.adminGroups;
+        extraGroups = [ "dialout" ] ++ optionals opts.admin cfg.adminGroups;
        openssh.authorizedKeys.keys = mkIf (opts.sshLogin && config.services.openssh.enable)
-        config.faucet.auth.openssh.publicKeys;
+        config.global.auth.openssh.publicKeys;
        hashedPasswordFile = "/nix/persist/shadow/${name}";
        shell = pkgs.zsh;
        isNormalUser = mkIf (name != "root") true;
@ -79,8 +85,9 @@ in {
      # base groups
      adminGroups = [
-        "wheel" "dialout" "kvm"
+        "wheel" "kvm"
        "systemd-journal"
        "networkmanager"
      ];
      # base home modules in current directory
@ -124,25 +131,64 @@ in {
      neededForBoot = true;
    }) cfg.profiles;
    global.fs.zfs.mountpoints = mapAttrs'
    (name: opts: nameValuePair
    "/nix/persist/home/${name}"
    "home/${name}")
    (filterAttrs (n: _: n != "root") config.users.profiles);
    home-manager.users = mapAttrs (name: opts: {
-      imports = cfg.homeModules;
+      imports = with inputs; cfg.homeModules ++ [
        impermanence.homeManagerModules.impermanence
        catppuccin.homeManagerModules.catppuccin
      ];
      home.file.".face" = mkIf (opts.picture != null) {
        source = opts.picture;
      };
      home.stateVersion = "23.11";
    }) cfg.profiles;
    system.activationScripts = mapAttrs'
    (name: opts: nameValuePair
    "${name}-profile-icon"
    {
      deps = [ "users" ];
      text = let
        iconDest = "/var/lib/AccountsService/icons/${name}";
        userConf = pkgs.writeText "${name}-config" ''
          [User]
          Session=
          Icon=${iconDest}
          SystemAccount=false
        '';
      in ''
        install -Dm 0444 ${opts.picture} ${iconDest}
        install -Dm 0400 ${userConf} /var/lib/AccountsService/users/${name}
      '';
    })
    (filterAttrs (n: _: n != "root") config.users.profiles);
    # set up standard persistence for users
    # this is registered internally for each software's configuration
    environment.persistence."/nix/persist" = {
-      users = mapAttrs (name: _: cfg.home.persist // {
+      users = (mapAttrs (name: _: cfg.home.persist // {
        # root workaround, ugly but necessary
        # cannot get it properly for the same reason
        # mentioned above in fileSystems
        home = mkIf (name == "root") "/root";
-      }) cfg.profiles;
+      }) cfg.profiles);
      hideMounts = true;
    };
    # enable passwordless sudo
    security.sudo.wheelNeedsPassword = false;
    # enable access in build-vm
    virtualisation.vmVariant = {
      users.users.koishi.password = "passwd";
      users.users.koishi.hashedPasswordFile = mkForce null;
    };
  };
  # this is for home components that need to extend nixos
--- a/home/steam/config.nix
+++ b/home/steam/config.nix
@ -0,0 +1,14 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.home.steam;
 in mkIf cfg.enable {
  hardware.steam-hardware.enable = true;
  networking.firewall = {
    allowedTCPPorts = [ 27015 27036 ];
    allowedUDPPorts = [ 27015 ];
    allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
  };
 }
--- a/home/steam/home.nix
+++ b/home/steam/home.nix
@ -0,0 +1,17 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.passthrough.steam;
  enable = cfg.enable && (cfg.allUsers || (config.home.username == "app"));
  package = config.programs.steam.package;
 in mkIf enable {
  home.packages = with pkgs; [
    cfg.package
    cfg.package.run
  ];
  wayland.windowManager.sway.config.window.commands = [
    { criteria.class = "steam"; command = "floating enable"; }
  ];
 }
--- a/home/steam/nixos.nix
+++ b/home/steam/nixos.nix
@ -0,0 +1,29 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.home.steam;
  persist = [ ".steam" ".local/share/Steam" ];
 in {
  imports = [ ./config.nix ];
  options.home.steam = {
    enable = mkEnableOption "steam software and environment";
    package = mkOption {
      type = with types; package;
      default = config.programs.steam.package;
      description = "steam package";
    };
    allUsers = mkEnableOption "set up for all users";
  };
  config = {
    users.homeModules = [
      # this module passes steam configuration to home-manager
      { passthrough.steam = cfg; }
    ];
    users.home.persist.directories = with cfg; mkIf (enable && allUsers) persist;
    users.home.persistApp.directories = with cfg; mkIf (enable && !allUsers) persist;
  };
 }
--- a/home/sway/home.nix
+++ b/home/sway/home.nix
@ -0,0 +1,48 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; mkIf config.passthrough.gui {
  wayland.windowManager.sway = {
    enable = true;
    wrapperFeatures.base = true;
    wrapperFeatures.gtk = true;
    swaynag.enable = true;
    config = {
      defaultWorkspace = "workspace number 1";
      modifier = "Mod4";
      keybindings = let
        modifier = config.wayland.windowManager.sway.config.modifier;
      in mkOptionDefault {
        XF86MonBrightnessUp = "light -A 5";
        XF86MonBrightnessDown = "light -U 5";
        "Control+Alt+l" = "exec swaylock -f --grace 0";
        "Print" = "exec ${pkgs.grim}/bin/grim - | ${pkgs.wl-clipboard}/bin/wl-copy";
        "${modifier}+Print" = "exec ${pkgs.grim}/bin/grim -g \"$(${pkgs.slurp}/bin/slurp)\" - | ${pkgs.wl-clipboard}/bin/wl-copy";
        "${modifier}+q" = "exec google-chrome-stable";
        "${modifier}+Home" = "exec ${pkgs.pavucontrol}/bin/pavucontrol";
      };
      bars = [ {
        mode = "dock";
        position = "bottom";
        workspaceButtons = true;
        workspaceNumbers = true;
        statusCommand = "${pkgs.i3status}/bin/i3status";
        fonts = {
          names = [ "monospace" ];
          size = 8.0;
        };
        trayOutput = "primary";
        # sets transparency
        colors.background = "00000000";
      } ];
      input."*".natural_scroll = "enabled";
      input."type:touchpad".tap = "enabled";
      output."*".bg = "#000000 solid_color";
    };
  };
 }
--- a/home/sway/nixos.nix
+++ b/home/sway/nixos.nix
@ -0,0 +1,37 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  gui = with config.global.gpu; enable && session;
  nvidia = with config.global.gpu; type == "nvidia" || type == "prime";
 in mkIf gui {
  services.displayManager.sessionPackages = [
    (pkgs.writeTextFile {
      name = "sway-session";
      destination = "/share/wayland-sessions/sway.desktop";
      text = ''
        [Desktop Entry]
        Name=Sway
        Comment=An i3-compatible Wayland compositor
        Exec=${pkgs.writeTextFile {
          name = "sway-wrapper";
          executable = true;
          text = ''
            #!${pkgs.zsh}/bin/zsh
            SHLVL=0
            for profile in ''${(z)NIX_PROFILES}; do
              fpath+=($profile/share/zsh/site-functions $profile/share/zsh/$ZSH_VERSION/functions $profile/share/zsh/vendor-completions)
            done
            exec sway${if nvidia then " --unsupported-gpu" else ""} 2>&1 >> $XDG_CACHE_HOME/sway
          '';
          checkPhase = ''
            ${pkgs.stdenv.shellDryRun} "$target"
          '';
        }}
        Type=Application
      '';
    } // { providedSessions = [ pkgs.sway.meta.mainProgram ]; })
  ];
  programs.light.enable = true;
 }
--- a/home/swayidle/home.nix
+++ b/home/swayidle/home.nix
@ -0,0 +1,24 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; mkIf config.passthrough.gui {
  services.swayidle = let
    sway = config.wayland.windowManager.sway.package;
    swaymsg = "${sway}/bin/swaymsg";
    swaylock = "${config.programs.swaylock.package}/bin/swaylock";
  in {
    enable = true;
    systemdTarget = "sway-session.target";
    timeouts = [
      { timeout = 600; command = "${swaymsg} 'output * dpms off'"; resumeCommand = "${swaymsg} 'output * dpms on'"; }
    ];
    events = [
      { event = "before-sleep"; command = "${swaylock} -f --grace 0"; }
    ];
  };
  # fullscreen as simple idle inhibitor shortcut
  wayland.windowManager.sway.config.window.commands = [
    { criteria.shell = ".*"; command = "inhibit_idle fullscreen"; }
  ];
 }
--- a/home/swaylock/home.nix
+++ b/home/swaylock/home.nix
@ -0,0 +1,24 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; mkIf config.passthrough.gui {
  programs.swaylock = {
    enable = true;
    package = pkgs.swaylock-effects;
    settings = {
      indicator-caps-lock = true;
      font-size = 20;
      ignore-empty-password = true;
      show-failed-attempts = true;
      color = mkDefault "#00000000";
      # Ring
      indicator-radius = 115;
      # Swaylock-effects specific settings
      clock = true;
      timestr = "%r";
      grace = 2;
    };
  };
 }
--- a/home/swaylock/nixos.nix
+++ b/home/swaylock/nixos.nix
@ -0,0 +1,8 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  gui = with config.global.gpu; enable && session;
 in mkIf gui {
  security.pam.services.swaylock = { };
 }
--- a/home/user.nix
+++ b/home/user.nix
@ -5,11 +5,13 @@
      description = "Koishi";
      admin = true;
      sshLogin = true;
      picture = ./picture/koishi.png;
    };
    staging = {
      uid = 1000;
      description = "Staging Environment";
      picture = ./picture/staging.png;
    };
    root.uid = 0;
--- a/home/util/home.nix
+++ b/home/util/home.nix
@ -0,0 +1,33 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.passthrough.util;
 in {
  home.packages = with pkgs; [
    pv file wget e2fsprogs
  ] ++ optionals (!cfg.minimal) [
    tio mbuffer sedutil
    lsscsi zip unzip
    nix-index dnsutils whois
    pciutils usbutils nvme-cli
  ] ++ optionals config.passthrough.gui [
    gtk-engine-murrine
    gnome-themes-extra
    mission-planner
    inav-configurator
    inav-blackbox-tools
    (blhelisuite32.override { workdir = "${config.home.homeDirectory}/.blhelisuite32"; })
  ] ++ optionals (config.passthrough.gui && !config.passthrough.flatpak.enable) [
    xfce.thunar gimp
    jellyfin-media-player
    betaflight-configurator
    expresslrs-configurator
  ];
  wayland.windowManager.sway.config.window.commands = mkIf config.passthrough.gui [
    { criteria.class = "BLHeliSuite32xl"; command = "floating enable"; }
    { criteria.app_id = "thunar"; command = "floating enable"; }
  ];
 }
--- a/home/util/nixos.nix
+++ b/home/util/nixos.nix
@ -0,0 +1,44 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.home.util;
  gui = with config.global.gpu; enable && session;
 in {
  options.home.util = {
    minimal = mkEnableOption "minimal system environment with less packages";
  };
  config = {
    users.homeModules = [
      # this module passes util configuration to home-manager
      { passthrough.util = cfg; }
      # this module passes flatpak configuration to home-manager
      { passthrough.flatpak = config.global.flatpak; }
    ];
    programs.zsh.enable = true;
    environment.shells = singleton pkgs.zsh;
    users.home.persist.directories = [ ] ++
    optionals (!cfg.minimal) [
      ".cache/nix-index"
    ] ++
    optionals gui [
      # mission-planner
      ".local/share/Mission Planner"
      # inav-configurator
      ".config/inav-configurator"
    ] ++
    optionals (gui && !config.global.flatpak.enable) [
      # jellyfin-media-player
      ".config/jellyfin.org"
      ".local/share/jellyfinmediaplayer"
      ".local/share/Jellyfin Media Player"
      # expresslrs-configurator
      ".config/ExpressLRS Configurator"
      # betaflight-configurator
      ".config/betaflight-configurator"
    ];
  };
 }
--- a/home/virt-manager/home.nix
+++ b/home/virt-manager/home.nix
@ -0,0 +1,58 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; mkIf config.passthrough.gui {
  dconf.settings = let
    p = "org/virt-manager/virt-manager";
  in {
    ${p} = {
      xmleditor-enabled = true;
      # swaybar tray doesn't really work
      system-tray = false;
    };
    "${p}/details".show-toolbar = true;
    "${p}/console" = {
      scaling = 0;
      auto-redirect = false;
      resize-guest = 1;
    };
    "${p}/stats" = {
      enable-memory-poll = true;
      enable-disk-poll = true;
      enable-net-poll = true;
    };
    "${p}/vmlist-fields" = {
      host-cpu-usage = true;
      memory-usage = true;
      disk-usage = true;
      network-traffic = true;
    };
    "${p}/new-vm" = {
      firmware = "uefi";
      graphics-type = "system";
    };
    "${p}/confirm" = {
      unapplied-dev = true;
      removedev = true;
      delete-storage = true;
      forcepoweroff = false;
    };
    "${p}/connections" = let
      uri = "qemu:///system";
    in {
      uris = [ uri ];
      autoconnect = [ uri ];
    };
    "${p}/conns/qemu:system".pretty-name = "KVM";
  };
  # floating other than main window
  wayland.windowManager.sway.config.window.commands = [
    { criteria.app_id = "virt-manager"; command = "floating enable"; }
    { criteria.app_id = "virt-manager"; criteria.title = "Virtual Machine Manager"; command = "floating disable"; }
  ];
 }
--- a/home/virt-manager/nixos.nix
+++ b/home/virt-manager/nixos.nix
@ -0,0 +1,8 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  gui = with config.global.gpu; enable && session;
 in mkIf gui {
  programs.virt-manager.enable = true;
 }
--- a/home/vscode/home.nix
+++ b/home/vscode/home.nix
@ -0,0 +1,24 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.passthrough.vscode;
  theme = config.passthrough.catppuccin.enable;
 in mkIf cfg.enable {
  programs.vscode = {
    enable = true;
    mutableExtensionsDir = false;
    enableUpdateCheck = false;
    enableExtensionUpdateCheck = false;
    package = pkgs.vscodium;
    extensions = with pkgs.vscode-extensions; [
      catppuccin.catppuccin-vsc catppuccin.catppuccin-vsc-icons
      bbenoist.nix golang.go rust-lang.rust-analyzer
    ];
    userSettings = {
      "workbench.colorTheme" = mkIf theme "Catppuccin Mocha";
      "workbench.iconTheme" = mkIf theme "catppuccin-mocha";
      "[nix]"."editor.tabSize" = 2;
    };
  };
 }
--- a/home/vscode/nixos.nix
+++ b/home/vscode/nixos.nix
@ -0,0 +1,19 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; let
  cfg = config.home.vscode;
 in {
  options.home.vscode = {
    enable = mkEnableOption "vscode text editor";
  };
  config = {
    users.homeModules = [
      # this module passes vscode configuration to home-manager
      { passthrough.vscode = cfg; }
    ];
    users.home.persist.directories = mkIf cfg.enable [ ".config/VSCodium" ];
  };
 }
--- a/home/wofi/home.nix
+++ b/home/wofi/home.nix
@ -0,0 +1,12 @@
 { pkgs
 , lib
 , config
 , ... }: with lib; mkIf config.passthrough.gui {
  programs.wofi = {
    enable = true;
    settings.mode = "drun";
    settings.allow_images = true;
  };
  wayland.windowManager.sway.config.menu = "wofi -show drun -modi drun";
 }
--- a/package/blhelisuite32/default.nix
+++ b/package/blhelisuite32/default.nix
@ -0,0 +1,92 @@
 { lib
 , libicns
 , p7zip
 , fetchzip
 , stdenvNoCC
 , makeDesktopItem
 , buildFHSUserEnv
 , workdir ? "/tmp/blhelisuite32" }: let
  name = "BLHeliSuite32";
  pname = "blhelisuite32";
  version = "32.10";
  suffix = "1044";
  dist = fetchzip {
    name = "${pname}-dist";
    url = "https://github.com/bitdump/BLHeli/releases/download/Rev${version}/${name}xLinux64_${suffix}.zip";
    hash = "sha256-y4S824s9Ipxb1M1IeD6Lo6k7hmm8CEmPflvhaqZz+84=";
  };
  desktopItem = makeDesktopItem {
    name = pname;
    exec = pname;
    icon = pname;
    comment = "This Application may flash and configure BLHeli_32 based ESCs";
    desktopName = name;
    genericName = "BLHeli for brushless ESC firmware";
  };
  icons = stdenvNoCC.mkDerivation {
    pname = "${pname}-icons";
    inherit version;
    src = fetchzip {
      name = "${pname}-macos";
      url = "https://github.com/bitdump/BLHeli/releases/download/Rev${version}/${name}xm_MacOS64_${suffix}.zip";
      hash = "sha256-StRnrVI8p51vNsTMO1LtaZvENbG7XZ1V/mKHe4pO7kU=";
    };
    nativeBuildInputs = [ libicns p7zip ];
    configurePhase = ''
      7z x *.dmg
    '';
    buildPhase = ''
      icns2png -x ${name}xm_MacOS64_${suffix}/${name}xm.app/Contents/Resources/${name}xm.icns
    '';
    installPhase = ''
      mkdir -p "$out"
      cp -r ${name}*.png "$out"
    '';
  };
  linked = stdenvNoCC.mkDerivation {
    inherit pname version;
    phases = [ "unpackPhase" "patchPhase" "installPhase" ];
    src = dist;
    installPhase = ''
      cp -r . "$out"
      # BLHeliSuite32 tries to write next to its binary
      ln -s ${workdir}/settings $out/Settings
      ln -s ${workdir}/music $out/Music
    '';
  };
 in buildFHSUserEnv {
  inherit pname version;
  targetPkgs = pkgs: (with pkgs; [
    glib libGL curl
    libgcc gtk3
    zlib systemdLibs
  ]);
  extraInstallCommands = let
    mkIconScale = scale:
    "install -m 444 -D ${icons}/${name}xm_${scale}x${scale}x32.png $out/share/icons/hicolor/${scale}x${scale}/apps/${pname}.png";
  in ''
    ${mkIconScale "16"}
    ${mkIconScale "32"}
    ${mkIconScale "64"}
    ${mkIconScale "128"}
    ${mkIconScale "256"}
    ${mkIconScale "512"}
    ${mkIconScale "1024"}
    cp -r ${desktopItem}/share/applications $out/share/
  '';
  runScript = "sh -c '" +
  "mkdir -p ${workdir}/settings && " +
  "mkdir -p ${workdir}/music && " +
  "exec ${linked}/${name}xl'";
 }
--- a/Show more
+++ b/Show more
		`@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnhMCGSLMY+QldeCTaRovmfuzKdJsllQy9XinN2JU2z koishi@eientei`
		`@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHKCA0/6dsdVyLEgzWt8+u5lWVc0o6A3MY4M2Hf2BT8h koishi@hakugyokurou`
		`@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINJOoXrfB4D8Vi6HH4E7RqHHIWhPPqEiiOeLRfggW1XZ koishi@koumakyou`
		`@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIZq1mD3J1cgWK61okXx3hQSe+5g3UTBfAf4RHkkFVd koishi@reimaden`
		`@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwV7Z+PDC8ARRj1LxUJlv59gJ3A84LCMMyMSqLtRtuQ koishi@shinkirou`
		`@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdzq2g13LEyxTZnA0HQ5hMEp4XNh0TOB/KY1bRwjsaq koishi@yume`