bump flake

README.md

@@ -0,0 +1,123 @@
+## usage
+
+### install
+
+note: I have not tested the following verbatim.
+
+It *will* erase the contents of /dev/sdX. Use with caution.
+
+1. create usb with minimal NixOS iso
+
+2. boot from usb
+
+3. create partitions
+
+```console
+$ #modern partition table
+$ #WARNING all data on /dev/sdX will be erased. Make sure it is your target
+$ parted /dev/sdX -- mklabel gpt
+$ #make root partition
+$ parted /dev/sdX -- mkpart ESP fat32 1MiB 512MiB
+$ parted /dev/sdX -- set 1 esp on
+$ #create store partition
+$ parted /dev/sdX -- mkpart nix btrfs 512MiB 100GiB
+$ #if your device is in english, use a period rather than a comma
+$ parted /dev/sdX -- mkpart root btrfs 100GiB 199,5GiB
+```
+
+4. create filesystems
+
+```console
+$ #make sure not to get your subvolumes mixed up
+$ #there should be 3, the first boot and the others 99,5GiB each
+$ fdisk -l
+$ #boot partition
+$ mkfs.fat -F 32 /dev/sdX1
+$ #store partition
+$ mkfs.btrfs /dev/sdX2
+$ #root partition
+$ mkfs.btrfs /dev/sdX3
+$ #create root subvolume
+$ btrfs subvolume create /dev/sdX3/root
+```
+
+5. mount filesystems
+
+```console
+$ #note the uuid of your disks
+$ #they will be symlinked to something recognisable
+$ #don't get them mixed up
+$ ls -l /dev/disk/by-uuid
+total 0
+lrwxrwxrwx 1 root root 15 Dez 30 11:31 0e586651-36f4-42b0-99b3-3f0704a894d6 -> ../../sdX2
+lrwxrwxrwx 1 root root 15 Dez 30 11:31 16c93673-4f0e-4010-a7f4-7ccffb20edb7 -> ../../sdX3
+lrwxrwxrwx 1 root root 15 Dez 30 11:31 F425-55BA -> ../../sdX1
+$ #now mount the appropriate filesystems using your uuids; these are mine
+$ mount -o subvol-root /dev/disk/by-uuid/16c93673-4f0e-4010-a7f4-7ccffb20edb7 /mnt
+$ mkdir -p /mnt/{boot,nix}
+$ mount -o umask=077 /dev/disk/by-uuid/F425-55BA /mnt/boot
+$ mount /dev/disk/by-uuid/0e586651-36f4-42b0-99b3-3f0704a894d6 /mnt/nix
+```
+
+6. prepare for installation
+
+```console
+$ mkdir -p /mnt/etc/nixos
+$ nixos-generate-config --root /mnt
+$ cat /mnt/etc/nixos/hardware-configuration.nix
+$ #note the random flags and stuff in hardware-configuration.nix; you might
+$ #want to keep a copy around for the time being
+$ rm /mnt/etc/nixos/*
+$ #connect to the internet
+$ nmtui
+$ git clone https://git.mtgmonkey.net/andromeda/conf /mnt/etc/nixos
+$ cd /mnt/etc/nixos
+$ nix-shell -p tree --command tree
+.
+├── configuration.nix
+├── flake.lock
+├── flake.nix
+├── machines
+│   └── laptop
+│       ├── hardware-configuration.nix
+│       └── machine.nix
+├── README.md
+└── users
+    └── andromeda
+        ├── home.nix
+        └── stylix.nix
+
+5 directories, 8 files
+$ #copy the `laptop` derivation and change all occurences of `laptop` with
+$ #`your-machine` in `flake.nix`
+$ cp machines/laptop machines/your-machine -r
+$ #modify `machines/your-machine/hardware-configuration.nix` by changing the
+$ #uuids to those of your drives
+$ #also copy the flags and stuff from `hardware-configuration.nix` generated
+$ #earlier
+$ #change the hostname in `machines/your-machine/machine.nix` to your liking.
+$ #If you want to pull request to my repo, `hostname` *must* be "your-machine"
+$ #if you want a different user, edit `machines/your-machine/machine.nix` to
+$ #reflect that. Create the file `users/your-user/home.nix` with your home
+$ #manager configuration. Add your user's `impermanence` information in
+$ #`configuration.nix`
+$ #make sure to give your user an initalPassword, otherwise you won't be able
+$ #to log in! Later, use a secrets scheme to have a real password
+$ git add -A
+```
+
+7. install
+
+```console
+$ cd /mnt/etc/nixos
+$ nix flake check
+$ #resolve any errors. You may have forgotten to add things to git, users,
+$ #machines...
+$ nixos-install --no-root-password --flake .#your-machine
+```
+
+8. reboot
+
+```console
+$ systemctl reboot
+```

configuration.nix

@@ -1,88 +0,0 @@
-{
-  lib,
-  machine,
-  ...
-}: {
-  boot.loader = {
-    efi.canTouchEfiVariables = true;
-    systemd-boot.enable = true;
-  };
-  environment.persistence."/nix/persist" = {
-    enable = true;
-    hideMounts = true;
-    directories = [
-      "/var/log"
-      "/var/lib/bluetooth"
-      "/var/lib/nixos"
-      "/var/lib/systemd/coredump"
-      "/etc/NetworkManager/system-connections"
-    ];
-    files = [
-      "/etc/machine-id"
-      "/etc/ly/save.txt"
-    ];
-    users."andromeda" = {
-      directories = [
-        ".backups"
-        ".local/share/Anki2"
-        ".local/share/chat.fluffy.fluffychat"
-        ".local/share/zoxide"
-        ".ssh"
-        "conf"
-        "Downloads"
-        "pp"
-      ];
-      files = [
-        ".bash_history"
-        ".brush_history"
-      ];
-    };
-  };
-  hardware.bluetooth = {
-    enable = true;
-    powerOnBoot = true;
-  };
-  i18n.defaultLocale = "de_DE.UTF-8";
-  networking = {
-    dhcpcd.enable = true;
-    firewall.enable = true;
-    hostName = machine.hostname;
-    networkmanager.enable = true;
-  };
-  nix.settings.experimental-features = [
-    "nix-command"
-    "flakes"
-  ];
-  nixpkgs.config.allowUnfreePredicate = pkg:
-    builtins.elem (lib.getName pkg) [
-      "steam"
-      "steam-original"
-      "steam-unwrapped"
-      "steam-run"
-    ];
-  programs = {
-    noshell.enable = true;
-    steam.enable = true;
-    sway.enable = true;
-  };
-  services = {
-    blueman.enable = true;
-    displayManager = {
-      enable = true;
-      ly.enable = true;
-    };
-    libinput.enable = true;
-    printing.enable = true;
-  };
-  system.stateVersion = "26.05";
-  time.timeZone = "Europe/Berlin";
-  users.users."andromeda" = {
-    isNormalUser = true;
-    description = "andromeda";
-    initialPassword = "password";
-    extraGroups = [
-      "networkmanager"
-      "wheel"
-    ];
-  };
-}

flake.lock

@@ -1,5 +1,28 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": "home-manager",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1762618334,
+        "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "fcdea223397448d35d9b31f798479227e80183f6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
     "base16": {
       "inputs": {
         "fromYaml": "fromYaml"
@@ -68,6 +91,28 @@
         "type": "github"
       }
     },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1744478979,
+        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "firefox-gnome-theme": {
       "flake": false,
       "locked": {
@@ -199,6 +244,27 @@
       }
     },
     "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1745494811,
+        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
@@ -373,7 +439,7 @@
         "nixpkgs": [
           "nixpkgs"
         ],
-        "systems": "systems"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1766596669,
@@ -389,14 +455,36 @@
         "type": "github"
       }
     },
+    "phoenix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1767512451,
+        "narHash": "sha256-ig5p+D8ruePISv0bbU3XUhMg4mOtpvpxYXZBKwanh2g=",
+        "ref": "refs/heads/home-manager",
+        "rev": "5b227c1bd23728d57376fe9009c6e1c5569593e1",
+        "revCount": 2515,
+        "type": "git",
+        "url": "file:///home/andromeda/pp/forks/phoenix"
+      },
+      "original": {
+        "type": "git",
+        "url": "file:///home/andromeda/pp/forks/phoenix"
+      }
+    },
     "root": {
       "inputs": {
-        "home-manager": "home-manager",
+        "agenix": "agenix",
+        "home-manager": "home-manager_2",
         "impermanence": "impermanence",
         "nixpkgs": "nixpkgs",
         "noshell": "noshell",
         "nur": "nur",
         "nvf": "nvf",
+        "phoenix": "phoenix",
         "stylix": "stylix"
       }
     },
@@ -413,7 +501,7 @@
           "nixpkgs"
         ],
         "nur": "nur_2",
-        "systems": "systems_2",
+        "systems": "systems_3",
         "tinted-foot": "tinted-foot",
         "tinted-kitty": "tinted-kitty",
         "tinted-schemes": "tinted-schemes",
@@ -464,6 +552,21 @@
         "type": "github"
       }
     },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "tinted-foot": {
       "flake": false,
       "locked": {

flake.nix

@@ -1,5 +1,9 @@
 {
   inputs = {
+    agenix = {
+      url = "github:ryantm/agenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -18,43 +22,64 @@
       url = "github:notashelf/nvf";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    phoenix = {
+      url = "git+file:///home/andromeda/pp/forks/phoenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     stylix = {
       url = "github:nix-community/stylix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
   outputs = {
+    agenix,
     home-manager,
     impermanence,
     nixpkgs,
     noshell,
     nur,
     nvf,
+    phoenix,
     stylix,
     ...
   }: let
-    laptop = import ./machines/laptop/machine.nix;
+    machines = import ./machines.nix;
-  in {
+    configuration = machine: modules:
-    nixosConfigurations.${laptop.hostname} = nixpkgs.lib.nixosSystem {
+      nixpkgs.lib.nixosSystem {
-      system = laptop.system;
+        system = machine.system;
-      specialArgs = {machine = laptop;};
+        specialArgs = {inherit machine;};
-      modules = [
+        modules =
+          modules
+          ++ [
+            ./machines/${machine.hostname}/configuration.nix
+            ./users.nix
+            ./secrets.nix
+            impermanence.nixosModules.impermanence
+            agenix.nixosModules.default
+          ];
+      };
+    configurationWithHomeManager = machine: (configuration machine
+      [
         home-manager.nixosModules.home-manager
         {
-          nixpkgs.overlays = [nur.overlays.default];
+          nixpkgs.overlays = [
+            agenix.overlays.default
+            nur.overlays.default
+            phoenix.overlays.default
+          ];
           home-manager.useGlobalPkgs = true;
-          home-manager.extraSpecialArgs = {
+          home-manager.extraSpecialArgs = {inherit machine;};
-            machine = laptop;
-          };
           home-manager.users =
             builtins.mapAttrs
             (name: value: value)
             (
-              nixpkgs.legacyPackages.${laptop.system}.lib.genAttrs
+              nixpkgs.legacyPackages.${machine.system}.lib.genAttrs
-              laptop.usernames
+              machine.users
               (
                 name: {
                   imports = [
+                    agenix.homeManagerModules.default
+                    phoenix.homeModules.default
                     stylix.homeModules.stylix
                     nvf.homeManagerModules.default
                     ./users/${name}/home.nix
@@ -63,11 +88,12 @@
               )
             );
         }
-        impermanence.nixosModules.impermanence
         noshell.nixosModules.default
-        ./configuration.nix
+      ]);
-        laptop.hardware-configuration
+  in {
-      ];
+    nixosConfigurations =
-    };
+      builtins.mapAttrs
+      (hostname: value: configurationWithHomeManager value)
+      machines;
   };
 }

machines.nix

@@ -0,0 +1,17 @@
+{
+  lenovo = {
+    hostname = "lenovo";
+    system = "x86_64-linux";
+    users = [
+      "andromeda"
+      "mtgmonkey"
+    ];
+  };
+  "109-199-104-83" = {
+    hostname = "109-199-104-83";
+    system = "x86_64-linux";
+    users = [
+      "mtgmonkey"
+    ];
+  };
+}

machines/109-199-104-83/configuration.nix

@@ -0,0 +1,45 @@
+{
+  config,
+  modulesPath,
+  machine,
+  ...
+}: {
+  system.stateVersion = "25.11";
+  nix.settings.experimental-features = ["flakes" "nix-command"];
+  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
+  fileSystems."/" = {
+    device = "/dev/sda1";
+    fsType = "ext4";
+  };
+  boot.loader.grub.device = "/dev/sda";
+  boot.loader.timeout = 30;
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
+  boot.initrd.kernelModules = ["nvme"];
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = true;
+  networking = {
+    useNetworkd = true;
+    usePredictableInterfaceNames = true;
+    hostName = machine.hostname;
+    domain = "galaxious.de";
+  };
+  systemd.network = {
+    enable = true;
+    networks."40-wan" = {
+      matchConfig.Name = "enx0050565f4fff";
+      address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"];
+      routes = [
+        {
+          Gateway = "109.199.96.1";
+          GatewayOnLink = true;
+        }
+        {Gateway = "fe80::1";}
+      ];
+      dns = ["2620:fe::fe" "9.9.9.9"];
+    };
+  };
+  services.openssh.enable = true;
+  users.mutableUsers = false;
+  users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];
+  programs.noshell.enable = true;
+}

machines/laptop/machine.nix

@@ -1,6 +0,0 @@
-{
-  hostname = "lenovo";
-  usernames = ["andromeda"];
-  system = "x86_64-linux";
-  hardware-configuration = ./hardware-configuration.nix;
-}

machines/lenovo/configuration.nix

@@ -1,17 +1,61 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
 {
   config,
   lib,
-  pkgs,
   modulesPath,
+  machine,
   ...
 }: {
   imports = [
+    ./impermanence.nix
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
-
+  age.secrets = {
+    secret0.file = ../../secrets/secret0.age;
+    secret1.file = ../../secrets/secret1.age;
+  };
+  boot.loader = {
+    efi.canTouchEfiVariables = true;
+    systemd-boot.enable = true;
+  };
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = true;
+  };
+  i18n.defaultLocale = "de_DE.UTF-8";
+  networking = {
+    dhcpcd.enable = true;
+    firewall.enable = true;
+    hostName = machine.hostname;
+    networkmanager.enable = true;
+  };
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+  nixpkgs.config.allowUnfreePredicate = pkg:
+    builtins.elem (lib.getName pkg) [
+      "steam"
+      "steam-original"
+      "steam-unwrapped"
+      "steam-run"
+    ];
+  programs = {
+    noshell.enable = true;
+    steam.enable = true;
+    sway.enable = true;
+  };
+  services = {
+    blueman.enable = true;
+    displayManager = {
+      enable = true;
+      ly.enable = true;
+    };
+    libinput.enable = true;
+    openssh.enable = true;
+    printing.enable = true;
+  };
+  system.stateVersion = "26.05";
+  time.timeZone = "Europe/Berlin";
   boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "sdhci_pci"];
   boot.initrd.kernelModules = [];
   boot.kernelModules = ["kvm-intel"];
@@ -21,7 +65,7 @@
     #device = "none";
     #fsType = "tmpfs";
     #options = ["defaults" "size=60%" "mode=755"];
-    device = "/dev/disk/by-uuid/16c93673-4f0e-4010-a7f4-7ccffb20edb7";
+    device = "/dev/disk/by-uuid/5455cfb4-0efd-4f55-b496-d2cab3f419b7";
     fsType = "btrfs";
     options = ["subvol=root"];
   };
@@ -48,6 +92,12 @@
     done
 
     btrfs subvolume create /btrfs_tmp/root
+    mkdir /btrfs_tmp/root/nix
+    mkdir /btrfs_tmp/root/etc
+    mount ${config.fileSystems."/nix".device} /btrfs_tmp/root/nix
+    cp /btrfs_tmp/root/nix/persist/etc/ssh /btrfs_tmp/root/etc/ssh -r
+    umount /btrfs_tmp/root/nix
+    rm -r /btrfs_tmp/root/nix
     umount /btrfs_tmp
   '';
 

machines/lenovo/impermanence.nix

@@ -0,0 +1,19 @@
+{
+  environment.persistence."/nix/persist" = {
+    enable = true;
+    hideMounts = true;
+    directories = [
+      "/var/log"
+      "/var/lib/bluetooth"
+      "/var/lib/nixos"
+      "/var/lib/systemd/coredump"
+      "/etc/NetworkManager/system-connections"
+      "/etc/ssh"
+      "/etc/ly/custom-sessions"
+    ];
+    files = [
+      "/etc/machine-id"
+      "/etc/ly/save.txt"
+    ];
+  };
+}

pub-keys.nix

@@ -0,0 +1,14 @@
+{
+  age.secrets = {
+    secret0.file = ./secrets/secret0.age;
+    secret1.file = ./secrets/secret1.age;
+    secret2.file = ./secrets/secret2.age;
+  };
+  pub-keys = {
+    ssh = {
+      andromeda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo";
+      lenovo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHG4eqsLTq2os2mxfwhys3BpVnowcJrqt2CbRFzN2pJb root@lenovo";
+      _109-199-104-83 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJe5ol56yC23fivSEKeK4HZQm934ROX46AM7o0aE2hMq root@vmi2998419";
+    };
+  };
+}

secrets.nix

@@ -0,0 +1,10 @@
+{lib, ...}: {
+  imports = [./pub-keys.nix];
+  options = {
+    pub-keys.ssh = lib.mkOption {
+      type = lib.types.attrsOf lib.types.str;
+      default = {};
+      description = "set of public keys as `name = key`";
+    };
+  };
+}

secrets/secret0.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 mT2fyg 4fCTrNibFdjnVfsIbXi6plbd56K8ZDDqtgryXPk2SUA
+vKlbDi+HpyYlSsN39GRh6GRwdHRSjypCEqguOaHPFDM
+-> ssh-ed25519 UHxfvA RqrDa4xJoAy1Gdzvq6Z5eTSNTDtHzUmzRoLC+j+HxiI
++5CohUFSDB9oiLU0T25FKrQrz07DCviVuzZsVcUltOc
+--- SQ5zQx9lL5UdNinOgP6yG5WWiBdhSwFqJVt6u3SNpLA
+<EFBFBD>6<EFBFBD><16><0B><>U<><55><EFBFBD>p<70><EE9087><EFBFBD><EFBFBD>Q<>]<5D>N<EFBFBD>;K;1y<31><79><EFBFBD>

secrets/secrets.nix

@@ -0,0 +1,10 @@
+let
+  pub-keys = (import ../pub-keys.nix).pub-keys;
+  andromeda = pub-keys.ssh.andromeda;
+  lenovo = pub-keys.ssh.lenovo;
+  _109-199-104-83 = pub-keys.ssh._109-199-104-83;
+in {
+  "secret0.age".publicKeys = [andromeda lenovo];
+  "secret1.age".publicKeys = [andromeda lenovo];
+  "secret2.age".publicKeys = [andromeda lenovo _109-199-104-83];
+}

users.nix

@@ -0,0 +1,71 @@
+{
+  config,
+  lib,
+  machine,
+  ...
+}: let
+  machines = import ./machines.nix;
+in {
+  users.users =
+    builtins.mapAttrs
+    (name: value: lib.mkIf (builtins.elem name machine.users) value)
+    {
+      "andromeda" = {
+        isNormalUser = true;
+        description = "andromeda";
+        hashedPasswordFile = builtins.toString config.age.secrets.secret0.path;
+        extraGroups = [
+          "networkmanager"
+          "wheel"
+        ];
+      };
+      "mtgmonkey" = {
+        isNormalUser = true;
+        description = "mtgmonkey";
+        hashedPasswordFile = builtins.toString config.age.secrets.secret1.path;
+        extraGroups = [
+          (lib.mkIf
+            (machine == machines.lenovo)
+            "networkmanager")
+          "wheel"
+        ];
+        openssh.authorizedKeys.keys = [
+          (lib.mkIf
+            (machine == machines."109-199-104-83")
+            config.pub-keys.ssh.andromeda)
+        ];
+      };
+    };
+  environment.persistence."/nix/persist".users = lib.mkIf config.environment.persistence."/nix/persist".enable (
+    builtins.mapAttrs
+    (name: value: lib.mkIf (builtins.elem name machine.users) value)
+    {
+      "andromeda" = {
+        directories = [
+          ".backups"
+          ".local/share/Anki2"
+          ".local/share/chat.fluffy.fluffychat"
+          ".local/share.zoxide"
+          ".ssh"
+          "conf"
+          "Downloads"
+          "pp"
+        ];
+        files = [
+          ".bash_history"
+          ".brush_history"
+        ];
+      };
+      "mtgmonkey" = {
+        directories = [
+          ".local/share/zoxide"
+          ".ssh"
+        ];
+        files = [
+          ".bash_history"
+          ".brush_history"
+        ];
+      };
+    }
+  );
+}

users/andromeda/home.nix

@@ -6,7 +6,17 @@
   ...
 }: let
   background-path = ".config/sway/background.png";
-  sway_config = builtins.toFile "sway_config" ''
+  sway_config =
+    pkgs.substitute
+    {
+      src = ./sway_config;
+      substitutions = [
+        "--replace"
+        "@backgroundImagePath@"
+        "${config.home.homeDirectory}/${background-path}"
+      ];
+    };
+  sway_config' = builtins.toFile "sway_config" ''
     set $mod Mod4
     set $left h
     set $down j
@@ -93,6 +103,7 @@ in {
     stateVersion = "26.05";
     packages = [
       pkgs.acpi
+      pkgs.agenix
       pkgs.alacritty
       pkgs.anki
       pkgs.brightnessctl
@@ -168,15 +179,24 @@ in {
     };
     gh.enable = true;
     home-manager.enable = true;
-    librewolf = {
+    firefox = {
       enable = true;
-      package = pkgs.librewolf.override {
+      profiles."andromeda".name = "andromeda";
-        cfg.enableTridactylNative = true;
+      package = pkgs.withPhoenix pkgs.firefox;
-      };
-      profiles.${config.home.username}.extensions.packages = [
-        pkgs.nur.repos.rycee.firefox-addons.tridactyl
-      ];
     };
+    firefox.phoenix = {
+      enable = true;
+      profiles = ["andromeda"];
+    };
+    #    librewolf = {
+    #      enable = true;
+    #      package = pkgs.librewolf.override {
+    #        cfg.enableTridactylNative = true;
+    #      };
+    #      profiles.${config.home.username}.extensions.packages = [
+    #        pkgs.nur.repos.rycee.firefox-addons.tridactyl
+    #      ];
+    #    };
     lsd.enable = true;
     nvf = {
       enable = true;

users/andromeda/sway_config

@@ -0,0 +1,73 @@
+set $mod Mod4
+set $left h
+set $down j
+set $up k
+set $right l
+set $term alacritty
+set $menu wmenu-run
+set $screenshot grim -g "$(slurp)"
+floating_modifier $mod normal
+
+workspace_layout stacking
+output * bg @backgroundImagePath@ fill
+
+bindsym $mod+Shift+Return exec $term
+bindsym $mod+Shift+d exec $menu
+bindsym $mod+Shift+a exec anki
+bindsym $mod+Shift+q exec firefox
+bindsym $mod+Shift+s exec $screenshot
+
+bindsym $mod+Shift+c kill
+
+bindsym $mod+Shift+r reload
+
+bindsym $mod+Shift+Alt+q exit
+
+bindsym $mod+$left focus left
+bindsym $mod+$down focus down
+bindsym $mod+$up focus up
+bindsym $mod+$right focus right
+
+bindsym $mod+Shift+$left move left
+bindsym $mod+Shift+$down move down
+bindsym $mod+Shift+$up move up
+bindsym $mod+Shift+$right move right
+
+bindsym $mod+1 workspace number 1
+bindsym $mod+2 workspace number 2
+bindsym $mod+3 workspace number 3
+bindsym $mod+4 workspace number 4
+bindsym $mod+5 workspace number 5
+bindsym $mod+6 workspace number 6
+bindsym $mod+7 workspace number 7
+bindsym $mod+8 workspace number 8
+bindsym $mod+9 workspace number 9
+bindsym $mod+0 workspace number 0
+
+bindsym $mod+Shift+1 move container to workspace number 1
+bindsym $mod+Shift+2 move container to workspace number 2
+bindsym $mod+Shift+3 move container to workspace number 3
+bindsym $mod+Shift+4 move container to workspace number 4
+bindsym $mod+Shift+5 move container to workspace number 5
+bindsym $mod+Shift+6 move container to workspace number 6
+bindsym $mod+Shift+7 move container to workspace number 7
+bindsym $mod+Shift+8 move container to workspace number 8
+bindsym $mod+Shift+9 move container to workspace number 9
+bindsym $mod+Shift+0 move container to workspace number 0
+
+bindsym $mod+f fullscreen
+bindsym $mod+Shift+space floating toggle
+bindsym $mod+Shift+minus move scratchpad
+bindsym $mod+minus scratchpad show
+
+bindsym --locked XF86AudioMute exec pactl set-sink-mute \@DEFAULT_SINK@ toggle
+bindsym --locked XF86AudioLowerVolume exec pactl set-sink-volume \@DEFAULT_SINK@ -5%
+bindsym --locked XF86AudioRaiseVolume exec pactl set-sink-volume \@DEFAULT_SINK@ +5%
+bindsym --locked XF86AudioMicMute exec pact set-source-mute \@DEFAULT_SOURCE@ toggle
+bindsym --locked XF86MonBrightnessDown exec brightnessctl set 5%-
+bindsym --locked XF86MonbrightnessUp exec brightnessctl set 5%+
+
+default_border none
+font pango:monospace 0.001
+titlebar_border_thickness 0
+titlebar_padding 0

users/mtgmonkey/home.nix

@@ -0,0 +1,172 @@
+{
+  config,
+  lib,
+  machine,
+  pkgs,
+  ...
+}: {
+  imports = [./stylix.nix];
+  xdg.configFile."shell".source = lib.getExe pkgs.brush;
+  home = {
+    username = "mtgmonkey";
+    homeDirectory = "/home/${config.home.username}";
+    stateVersion = "26.05";
+    packages = [
+      pkgs.acpi
+      pkgs.brightnessctl
+      pkgs.brush
+      pkgs.dust
+      pkgs.fzf
+      pkgs.glow
+      pkgs.jmtpfs
+      pkgs.nix-output-monitor
+      pkgs.ranger
+      pkgs.rip2
+      pkgs.ripgrep
+      pkgs.tree
+      pkgs.zoxide
+    ];
+  };
+  programs = {
+    bash = {
+      enable = true;
+      shellAliases = {
+        neofetch = "fastfetch";
+        ls = lib.mkForce "lsd";
+        ll = lib.mkForce "lsd -l";
+        l = "lsd -la";
+        cd = "z";
+        gg = "git log --oneline --abbrev-commit --all --graph --decorate --color";
+        md = "glow";
+      };
+      bashrcExtra = ''
+        PS1="\u@\h:\w$"
+        eval "$(zoxide init bash)"
+      '';
+    };
+    btop = {
+      enable = true;
+      settings = {
+        theme_background = false;
+        vim_keys = true;
+        rounded_corners = false;
+        graph_symbol = "braille";
+        update_ms = 150;
+        proc_sorting = "cpu lazy";
+        proc_gradient = false;
+        proc_left = true;
+        cpu_single_graph = true;
+        cpu_bottom = true;
+        clock_format = "/user@/host:/uptime@%H:%M";
+        background_update = true;
+        mem_graphs = false;
+        mem_below_net = true;
+        show_swap = false;
+        only_physical = true;
+        show_io_stat = true;
+        io_mode = false;
+        io_graph_combined = false;
+      };
+    };
+    fastfetch.enable = true;
+    git = {
+      enable = true;
+      settings = {
+        user = {
+          name = config.home.username;
+          email = "${config.home.username}@${machine.hostname}";
+        };
+        init.defaultBranch = "master";
+      };
+    };
+    gh.enable = true;
+    home-manager.enable = true;
+    lsd.enable = true;
+    nvf = {
+      enable = true;
+      settings.vim = {
+        autocomplete.nvim-cmp.enable = false;
+        formatter.conform-nvim = {
+          enable = true;
+          setupOpts.format_on_save = {
+            lsp_format = "fallback";
+            timeout_ms = 5000;
+          };
+        };
+        lsp.otter-nvim.enable = true;
+        git.enable = true;
+        keymaps = [
+          {
+            key = "<Down>";
+            mode = ["i" "n" "v" "c"];
+            action = "<NOP>";
+          }
+          {
+            key = "<Up>";
+            mode = ["i" "n" "v" "c"];
+            action = "<NOP>";
+          }
+          {
+            key = "<Left>";
+            mode = ["i" "n" "v" "c"];
+            action = "<NOP>";
+          }
+          {
+            key = "<Right>";
+            mode = ["i" "n" "v" "c"];
+            action = "<NOP>";
+          }
+          {
+            key = "jj";
+            mode = ["i"];
+            action = "<Esc>";
+          }
+          {
+            key = "kk";
+            mode = ["i"];
+            action = "<Esc>";
+          }
+          {
+            key = "jk";
+            mode = ["i"];
+            action = "<Esc>";
+          }
+          {
+            key = "kj";
+            mode = ["i"];
+            action = "<Esc>";
+          }
+          {
+            key = "<Esc>";
+            mode = ["i"];
+            action = "<Nop>";
+          }
+        ];
+        languages = {
+          nix = {
+            enable = true;
+            format.enable = true;
+            lsp.enable = true;
+          };
+          haskell = {
+            enable = true;
+            lsp.enable = true;
+          };
+        };
+        lineNumberMode = "relative";
+        options = {
+          tabstop = 2;
+          shiftwidth = 2;
+          expandtab = true;
+          smarttab = true;
+          foldmethod = "indent";
+          number = true;
+          colorcolumn = "80";
+        };
+        statusline.lualine.enable = true;
+        syntaxHighlighting = true;
+      };
+    };
+    ssh.enable = true;
+  };
+}

users/mtgmonkey/stylix.nix

@@ -0,0 +1,29 @@
+{
+  pkgs,
+  config,
+  ...
+}: {
+  stylix = {
+    enable = true;
+    # rebecca has lavener bkg
+    # tube has dark gray bkg
+    # silk-light is light theme
+    base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-material-dark-hard.yaml";
+    polarity = "dark";
+    fonts = {
+      monospace = {
+        package = pkgs.miracode;
+        name = "Miracode";
+      };
+      serif = config.stylix.fonts.sansSerif;
+      emoji = {
+        package = pkgs.noto-fonts-color-emoji;
+        name = "Noto Color Emoji";
+      };
+      sizes = {
+        applications = 12;
+        terminal = 10;
+      };
+    };
+  };
+}