From 796bdd1a421073356a32cace05cb12c1ed4fb53a Mon Sep 17 00:00:00 2001
From: Jimbo <jimbo@jimbosfiles.com>
Date: Mon, 7 Oct 2024 15:11:45 -0400
Subject: [PATCH 01/11] Add Luks protection to Desktop, switch to BTRFS

---
 .../JimDesktop/hardware-configuration.nix     | 48 ++++++++++++++-----
 1 file changed, 36 insertions(+), 12 deletions(-)

diff --git a/system/hosts/JimDesktop/hardware-configuration.nix b/system/hosts/JimDesktop/hardware-configuration.nix
index 8dfaf0bb..7e621d95 100644
--- a/system/hosts/JimDesktop/hardware-configuration.nix
+++ b/system/hosts/JimDesktop/hardware-configuration.nix
@@ -48,6 +48,13 @@ in {
 	"vfio_iommu_type1"
 	"kvm-amd"
       ];
+      luks.devices = {
+        "crypt-ssd" = {
+          device = "/dev/disk/by-uuid/52110c74-19b6-40ef-9710-e6c9b157005f";
+          preLVM = true;
+          allowDiscards = true;
+        };
+      };
     };
   };
 
@@ -61,48 +68,65 @@ in {
   # Mount everything as necessary
   fileSystems = {
     "/" = {
-      device = "/dev/disk/by-uuid/f0786b07-8303-416f-87ff-276bfd696387";
-      fsType = "bcachefs";
+      device = "/dev/disk/by-uuid/bbfed7d1-62f2-4d8e-b63f-7f6ec932105b";
+      fsType = "btrfs";
+      options = [ "subvol=@" "noatime" "nodiratime" "discard" ];
+    };
+    "/home" = {
+      device = "/dev/disk/by-uuid/bbfed7d1-62f2-4d8e-b63f-7f6ec932105b";
+      fsType = "btrfs";
+      options = [ "subvol=@home" "noatime" "nodiratime" "discard" ];
+    };
+    "/nix" = {
+      device = "/dev/disk/by-uuid/bbfed7d1-62f2-4d8e-b63f-7f6ec932105b";
+      fsType = "btrfs";
+      options = [ "subvol=@nix" "noatime" "nodiratime" "discard" ];
+    };
+    "/var" = {
+      device = "/dev/disk/by-uuid/bbfed7d1-62f2-4d8e-b63f-7f6ec932105b";
+      fsType = "btrfs";
+      options = [ "subvol=@var" "noatime" "nodiratime" "discard" ];
     };
     "/boot" = {
-      device = "/dev/disk/by-uuid/EF6D-9009";
+      device = "/dev/disk/by-uuid/3B4A-76C9";
       fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
     };
     "/etc/libvirt" = {
       device = "/dev/disk/by-label/Qemu";
-      options = ["nosuid" "nodev" "nofail"];
+      options = [ "nosuid" "nodev" "nofail" ];
     };
     "/var/lib/libvirt" = {
-      depends = ["/etc/libvirt"];
+      depends = [ "/etc/libvirt" ];
       device = "/etc/libvirt/varlibvirt";
-      options = ["bind" "rw"];
+      options = [ "bind" "rw" ];
     };
     "/mnt/Linux1" = {
       device = "/dev/disk/by-label/Linux1";
-      options = ["nosuid" "nodev" "nofail" "x-gvfs-show"];
+      options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ];
     };
     "/mnt/Linux2" = {
       device = "/dev/disk/by-label/Linux2";
-      options = ["nosuid" "nodev" "nofail" "x-gvfs-show"];
+      options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ];
     };
     "/mnt/Windows1" = {
       device = "/dev/disk/by-label/Windows1";
-      options = ["nosuid" "nodev" "noauto"];
+      options = [ "nosuid" "nodev" "noauto" ];
     };
     "/mnt/Windows2" = {
       device = "/dev/disk/by-label/Windows2";
-      options = ["nosuid" "nodev" "noauto"];
+      options = [ "nosuid" "nodev" "noauto" ];
     };
     "/home/jimbo/JimboNFS" = {
       device = "${outputs.ips.server}:/export/JimboNFS";
       fsType = "nfs4";
-      options = ["x-systemd.automount" "_netdev" "nofail" "noauto"];
+      options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ];
     };
   };
 
   # Set the swap partition
   swapDevices = [
-    {device = "/dev/disk/by-uuid/2e4c5120-716d-4cdc-84a0-c9e6391760db";}
+    { device = "/dev/disk/by-uuid/1a6a68d0-8ae7-4836-a585-b708597937a1"; }
   ];
 
   # Enables DHCP on each ethernet and wireless interface.

From 121653cf1e6ae5e2f523bfa1d8c05ceb3662ab27 Mon Sep 17 00:00:00 2001
From: Jimbo <jimbo@jimbosfiles.com>
Date: Mon, 7 Oct 2024 23:05:46 -0400
Subject: [PATCH 02/11] Add changes for secure boot and how mounts happen

---
 flake.lock                                    | 219 +++++++++++++++++-
 flake.nix                                     |   8 +
 system/hosts/JimDesktop/configuration.nix     |   2 +-
 .../JimDesktop/hardware-configuration.nix     |  53 +++--
 system/modules/lanzaboote.nix                 |   6 +
 5 files changed, 261 insertions(+), 27 deletions(-)
 create mode 100644 system/modules/lanzaboote.nix

diff --git a/flake.lock b/flake.lock
index 5081499a..98ba8698 100644
--- a/flake.lock
+++ b/flake.lock
@@ -33,6 +33,27 @@
         "type": "gitlab"
       }
     },
+    "crane": {
+      "inputs": {
+        "nixpkgs": [
+          "lanzaboote",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1717535930,
+        "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=",
+        "owner": "ipetkov",
+        "repo": "crane",
+        "rev": "55e7754ec31dac78980c8be45f8a28e80e370946",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ipetkov",
+        "repo": "crane",
+        "type": "github"
+      }
+    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -50,6 +71,22 @@
       }
     },
     "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-compat_3": {
       "flake": false,
       "locked": {
         "lastModified": 1673956053,
@@ -65,9 +102,48 @@
         "type": "github"
       }
     },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "lanzaboote",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1717285511,
+        "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "inputs": {
-        "systems": "systems_2"
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_3"
       },
       "locked": {
         "lastModified": 1681202837,
@@ -83,6 +159,28 @@
         "type": "github"
       }
     },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "lanzaboote",
+          "pre-commit-hooks-nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1709087332,
+        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
     "hardware": {
       "locked": {
         "lastModified": 1727665282,
@@ -120,10 +218,37 @@
         "type": "github"
       }
     },
+    "lanzaboote": {
+      "inputs": {
+        "crane": "crane",
+        "flake-compat": "flake-compat",
+        "flake-parts": "flake-parts",
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "pre-commit-hooks-nix": "pre-commit-hooks-nix",
+        "rust-overlay": "rust-overlay"
+      },
+      "locked": {
+        "lastModified": 1718178907,
+        "narHash": "sha256-eSZyrQ9uoPB9iPQ8Y5H7gAmAgAvCw3InStmU3oEjqsE=",
+        "owner": "nix-community",
+        "repo": "lanzaboote",
+        "rev": "b627ccd97d0159214cee5c7db1412b75e4be6086",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "v0.4.1",
+        "repo": "lanzaboote",
+        "type": "github"
+      }
+    },
     "mailserver": {
       "inputs": {
         "blobs": "blobs",
-        "flake-compat": "flake-compat",
+        "flake-compat": "flake-compat_2",
         "nixpkgs": "nixpkgs_2",
         "nixpkgs-24_05": "nixpkgs-24_05",
         "utils": "utils"
@@ -145,8 +270,8 @@
     },
     "minecraft": {
       "inputs": {
-        "flake-compat": "flake-compat_2",
-        "flake-utils": "flake-utils",
+        "flake-compat": "flake-compat_3",
+        "flake-utils": "flake-utils_2",
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
@@ -192,6 +317,22 @@
         "type": "indirect"
       }
     },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1710695816,
+        "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "614b4613980a522ba49f0d194531beddbb7220d3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs-unstable": {
       "locked": {
         "lastModified": 1727348695,
@@ -270,11 +411,39 @@
         "type": "github"
       }
     },
+    "pre-commit-hooks-nix": {
+      "inputs": {
+        "flake-compat": [
+          "lanzaboote",
+          "flake-compat"
+        ],
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "lanzaboote",
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1717664902,
+        "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "blender-bin": "blender-bin",
         "hardware": "hardware",
         "home-manager": "home-manager",
+        "lanzaboote": "lanzaboote",
         "mailserver": "mailserver",
         "minecraft": "minecraft",
         "nixpkgs": "nixpkgs_4",
@@ -282,6 +451,31 @@
         "nur": "nur"
       }
     },
+    "rust-overlay": {
+      "inputs": {
+        "flake-utils": [
+          "lanzaboote",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "lanzaboote",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1717813066,
+        "narHash": "sha256-wqbRwq3i7g5EHIui0bIi84mdqZ/It1AXBSLJ5tafD28=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "6dc3e45fe4aee36efeed24d64fc68b1f989d5465",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,
@@ -312,9 +506,24 @@
         "type": "github"
       }
     },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "utils": {
       "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1709126324,
diff --git a/flake.nix b/flake.nix
index 0b46cb35..e3138629 100644
--- a/flake.nix
+++ b/flake.nix
@@ -11,6 +11,12 @@
     minecraft.url = "github:Infinidoge/nix-minecraft";
     hardware.url = "github:nixos/nixos-hardware/master";
 
+    # Secure boot
+    lanzaboote = {
+      url = "github:nix-community/lanzaboote/v0.4.1";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     # Home manager
     home-manager = {
       url = "github:nix-community/home-manager/release-24.05";
@@ -26,6 +32,7 @@
     mailserver,
     blender-bin,
     hardware,
+    lanzaboote,
     home-manager,
     ...
   } @inputs: let
@@ -56,6 +63,7 @@
         specialArgs = {inherit inputs outputs;};
         modules = [
           ./system/hosts/JimDesktop/configuration.nix
+	  lanzaboote.nixosModules.lanzaboote
         ];
       };
       JimServer = nixpkgs.lib.nixosSystem {
diff --git a/system/hosts/JimDesktop/configuration.nix b/system/hosts/JimDesktop/configuration.nix
index 3e53a5c3..ce9c0e9a 100644
--- a/system/hosts/JimDesktop/configuration.nix
+++ b/system/hosts/JimDesktop/configuration.nix
@@ -24,7 +24,7 @@
 
     # Hardware
     ./hardware-configuration.nix
-    ./../../modules/systemdboot.nix
+    ./../../modules/lanzaboote.nix
     ./../../modules/opengl.nix
     ./../../modules/filesystems.nix
     ./../../modules/nvidia.nix
diff --git a/system/hosts/JimDesktop/hardware-configuration.nix b/system/hosts/JimDesktop/hardware-configuration.nix
index 7e621d95..7dc5a62a 100644
--- a/system/hosts/JimDesktop/hardware-configuration.nix
+++ b/system/hosts/JimDesktop/hardware-configuration.nix
@@ -22,9 +22,7 @@ in {
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  # Set all boot options
   boot = {
-    # Set a kernel version and load/blacklist drivers    
     kernelPackages = pkgs.unstable.linuxPackages_zen;    
     blacklistedKernelModules = [
       "pcspkr"
@@ -48,6 +46,9 @@ in {
 	"vfio_iommu_type1"
 	"kvm-amd"
       ];
+
+      # Encryption and TPM
+      systemd.enable = true;
       luks.devices = {
         "crypt-ssd" = {
           device = "/dev/disk/by-uuid/52110c74-19b6-40ef-9710-e6c9b157005f";
@@ -61,7 +62,7 @@ in {
   # Additional entry to boot from the second GPU
   specialisation = {
     gputwo.configuration = {
-      boot.kernelParams = commonKernelParams ++ ["vfio-pci.ids=10de:2504,10de:228e"];
+      boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ];
     };
   };
 
@@ -92,8 +93,33 @@ in {
       fsType = "vfat";
       options = [ "fmask=0022" "dmask=0022" ];
     };
+
+    # Games and such
+    "/mnt/Linux1" = {
+      device = "/dev/disk/by-uuid/b2901f8c-ffda-4b88-bb63-a9ea0c96ccb4";
+      options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ];
+    };
+    "/mnt/Linux2" = {
+      device = "/dev/disk/by-uuid/f08e4f38-162c-402f-ba2a-5925151b78bf";
+      options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ];
+    };
+    "/mnt/Windows1" = {
+      device = "/dev/disk/by-uuid/10BC97B2BC979138";
+      options = [ "nosuid" "nodev" "noauto" ];
+    };
+    "/mnt/Windows2" = {
+      device = "/dev/disk/by-uuid/0A5A3420237C863A";
+      options = [ "nosuid" "nodev" "noauto" ];
+    };
+
+    # Miscellaneous mounts
     "/etc/libvirt" = {
-      device = "/dev/disk/by-label/Qemu";
+      device = "/dev/disk/by-uuid/f18a0302-9914-471d-828c-85ab1a67a8be";
+      options = [ "nosuid" "nodev" "nofail" ];
+    };
+    "/etc/libvirt/VMs/Bulk" = {
+      depends = [ "/etc/libvirt" ];
+      device = "/dev/disk/by-uuid/3eb36c3e-81ac-4281-89f0-c89242d88dd6";
       options = [ "nosuid" "nodev" "nofail" ];
     };
     "/var/lib/libvirt" = {
@@ -101,22 +127,8 @@ in {
       device = "/etc/libvirt/varlibvirt";
       options = [ "bind" "rw" ];
     };
-    "/mnt/Linux1" = {
-      device = "/dev/disk/by-label/Linux1";
-      options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ];
-    };
-    "/mnt/Linux2" = {
-      device = "/dev/disk/by-label/Linux2";
-      options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ];
-    };
-    "/mnt/Windows1" = {
-      device = "/dev/disk/by-label/Windows1";
-      options = [ "nosuid" "nodev" "noauto" ];
-    };
-    "/mnt/Windows2" = {
-      device = "/dev/disk/by-label/Windows2";
-      options = [ "nosuid" "nodev" "noauto" ];
-    };
+
+    # Network mounts
     "/home/jimbo/JimboNFS" = {
       device = "${outputs.ips.server}:/export/JimboNFS";
       fsType = "nfs4";
@@ -131,7 +143,6 @@ in {
 
   # Enables DHCP on each ethernet and wireless interface.
   networking.useDHCP = lib.mkDefault true;
-
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
diff --git a/system/modules/lanzaboote.nix b/system/modules/lanzaboote.nix
new file mode 100644
index 00000000..26dcb018
--- /dev/null
+++ b/system/modules/lanzaboote.nix
@@ -0,0 +1,6 @@
+{
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/etc/secureboot";
+  };
+}

From 343011019ababe547b95795e76c17d666647030e Mon Sep 17 00:00:00 2001
From: Jimbo <jimbo@jimbosfiles.com>
Date: Tue, 8 Oct 2024 12:31:45 -0400
Subject: [PATCH 03/11] Update secrets against new install

---
 extras/secrets.nix | Bin 3017 -> 3017 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/extras/secrets.nix b/extras/secrets.nix
index 0d7d38b1ef48744424b619af3817ec86056dafdc..431f37f54f2fd371673409f44d03db2a51f47239 100644
GIT binary patch
literal 3017
zcmZQ@_Y83kiVO&0sPM7fZ202B&aXiWEjbKtt9bojJ?s%IFyYtlz_!AIGI^HsN%NeX
zPCYuAJ4>*8`<tx8XJ&3Wsn0d<65q#7ECGjK-ngl;PI!}+_i7)W<eU{nj~BKs`uJ&`
z=zg9G`-V_!->lH`2(cw6{Bs5N?mVz;!SAU{cVq<`PvWt=7jMq~^>Vkyi8aMlM~*e_
z-R?WV{$p~{#p}__CdH{$wruEFGGXV-lfrH<txkz0pL7;#+a0nkx6b{Id;Y;sh4C|0
z6}Nr4%@Yzk$G+Q)iRID0naf_Kw9a9j#dhw8`K!y-{pQTEb2yiFC2MOkEl_^1T_zy^
z=l|mvg&Q~PZaJ)od~<Ml^Zw+ltO9nY-O9<j{hI=6Pt9Bz<FUf&`P1jW4&Iu>^fFyi
z%!gNS{+$;uTS8WCiIUjnDDD_0^}N_B?<_Zqy!X`9rxzbyFg3|l6y|EuUjOsJY~x>h
zieK5==jmJ%_H$Sx5Y<)o@K`Lz_Pp0pyLX<fo$~nBoM-BKllh{|Gp{~aToXC5b7Q5+
z6V(~_>fam<zugmRaAd3AzKthW$iLax@c3ah@9td*zl2@e4MTM|FD`U{^6<%1w~qIw
zEf;s}dv3UMrSDOGFQbaDk`L4U3U-FCbbWlnG}da(q|>UJcOTvpc)5L>+TyiS?Ca;h
zbmv{geeApVK90#p!~Pq+Hm=mzcz*saA?swdH6`j*Y-MtH)=c{NKr-k*|C2QCt(+RF
zdoxuhmk2GlZCkk`^NiiGI~SUFZSVMWv9f(m_Pmt*&>O2l{g!mwe%hP&eO||#oxF;3
zbB$w#JhK;k5m|6Q>i+Evxp<CQ{{`}UjZ1c|y%b-O^w};XaNY*p8=qx0-vxhIH{qdl
z_cpaUjqkT4cW=zl*XW;l>%-%yt<&{q&ComhXvIF3tvrVHOOiL#^VB~%`szX4f)l^}
z?gw(3OghW^ayDD~v@;1$vJAJqSdrD2TIe>zz^3J)hptM*$~imjKc8CDd~X7GOBe(1
zE<=I!z77vosjT{5$@j0>v8%+YVSU{5t%gR^-#6+gx!qXGH2a~c_iK*J4V#{M7xKwl
za&oA(REc$a)S8E!I+dwZn42!L|M~s*w_cg9+ODvy{OH%9{_325=F8E-o~G#=x-@_N
zw}0E=?-yUBE9|Fi?UpDOCLg_0>7Z5dp5CWSDTe<tm(6Y2Q*vW@{ce$f&S$2juTSQl
zId=2l*~s~a3Pp}^hxDy2Iydv(iBF1dJadK4uIBkv{j+3ex{h`0|B7c1Z@GWAu24P1
zA+wNIEy9j%!l|JB>zZ!<3=%Q!y!7334v(^V{(;6N4ewsQ->dlDns<Y5`<HF^4?6u{
z{rEJas(*$>@I%FaQ+_Tr-CMkQ!!gl|lb=rGjGW4PG~f9R>+(m!FIzvbeXzAus48D>
zv-9P`3A{U}I&~^#Gu3}TUAs*^Lha-dw+&wJjdc!92%c?|_d7rHVuG0l*GYc)n<gi}
z)cf*VJ!#!85YLqG)O}6Bg!7LrH@8l3yubU1(1V!8-%g553}HJkfu&VI#CqP*TfIsW
z(qa?ue%w4G>+_NybE}vSN<L;`*>2DCws-y=U+c+?(Q4(-wzl2Oh<?_(_sEV7Z+a5K
zmN6Zw^-EL;-6HW+G4s^HL$m$VvK~ELwk2ij?1}o!0{RAyL5dgNdU`H?-Dqy1oZwK-
zRNQgrMAj2I#lBm12{Ru|;%ttI65V)_=?3eMt``S*J_=o}&P`sDw~Xb~PK8}1kMFH1
zas4m4ilMbI=(*I*ePWIKD(1YMn(+1~%i7D%FBdKB-*wzw<A1^lzKt!HmW6SJ&wFzE
zPW;2#Gal-W)>kX*Li_Ld7^Yv^9@N*n_QK>Nmu<{drZX_GZhkMkVU`B_a>pm_iLZ0s
zH|>p^Xs!8cW~k!cACprj8Gn$t<MyZEnX$(5w?dnj@^|LdW-dGK-Txr(<L-ny!NpJR
z%<wu8t2<FO{?PS|jiz>!9?9jZ#d_X)=d52Sk-6;X6oyqo_gp1E6nJL3PhP)uBjeuN
z@mKHhKJQrZ@W~U!lKt;$8~k?V>Pc})?b#qD)YWZT`SpeP(>yIJ5srvc{SU-vdAle%
z1WumSaC`2>qSC_$ZIn|jLY@6;qs8{GcbMKcbCbsM*$?)H%$e_T`~0HDBh^#Ns>}Ya
z?0=%ZPp>od^83fSU+oL_ZjzVJyZNZi#oFH1BX`P^MH+Lu-UYlcVV?doh{5UX&r=yc
zz02<VlrW~HW$j#$6>2j7<6PSl2J`m$mUH?B9Jfddj25@3{v*_*H21P$TkGKmM>Dd;
zwXG7|^Uhg4c=t7Ap5ncaOWim6?Wk2|nWy{wUGVoRuhX_yPsbly{_DrohzAM5ksl;i
z>~MRprh4mQ;w3-b!Y4~M3%Y52`n)IlTFSczJ@<dJI_z8&eIa?dyWN8cm$aWw*mBx;
z;ZFV76P!2L(ti7@U9Rg+DfgGz+?u{%X40z*c{ioom_KNAZQdec&g-aKb3t~VN&4O=
zAG(TFudeZ7|CsxgV`2Zidqs9>#=K40t^p?s^8aVbTD}V7Y)W@pDtF*9+YUp{ZJ*xs
zv(E9K7&xQy$Cm2p6P@3`YtAp-Ai+}EGyC@j?(^+B3-%?fu-)z#Q1f(K)2ul*BI+BJ
z)7z&lzPt95twMv8nJQ0-<)7cOE0p=!PHzk_xNQ4#(%i1+s@KnKTfVA_`Qyy+kORl|
zb6#q2w%RLotn<XNz22VHW@21|<_{cR?(5+(V^{gs(X_2TkRwx#%k2B9?5Dru!l!r%
zcRjyq=laOC)n{L3gnZ~Kf4jfTK1<*K5K|0&&U?sr`&s>aj5^}7wXs+BTz?d)%a}Z6
zUWdY*gsN)kD~}G}bog?Jqx;0u8=3-THv<_?UlUts;(pJtbYuHXfts1VrxeRJf6&Z+
zuytn5=E+>m({3zbuNM}W*?K#==vJ4IzWq!s{{1zsTkjvZ68M)T-m|AHQp;CE_4yC!
zYeza1_wHo0Rt}1_eWBtUa(q>c$?b{UYwgW1dRl)KkCj^cY$MZ|Y5#btZ#w7jnOMAc
zZt73}%dPk?^zh@9?md+n(vx<bS@<*Uj>oRKA7!^$<=p?aPf5pBmcyg(p8k*LlWOj>
zX}&1z*#6v@t336u#;=uHW*<Xuw)0fQc)wcUSaQ!`fuy|a(Wh2t{=abdb1LyOOiJC$
zzcE17`Gneoe}VC)c^!XZOq;cmo$S|0y-K>7w^hB-<fqWm@=1qx3l+Nv2G}3a`SbLI
zTg{7v_1AWk<zC8F+#MGEO36Uu{j{WiGmnO^>RHHa5^|{4jwLWQhvT+zO-t7H?N@HC
znfGq-^PMflJTqBjw>{5^*v@{g@|UrkhhMMHuTyM4+@DP9%#mAg_S@CD5v82}=Ud55
zzP+f5nZ-eFQts86{heRl)d_j}oA0?CZT>R9`p6fiY}4E)i^HVU!hSXeZ1R_M|9Cm#
zuA_RBTF|N4%?uX=b2Vn>L`R;!_So5=Nh#el_||vsb#X0ULSFxO>&s-e|KHehRdd^f
z)*zd?TYJtY$2L_&+NOG+vUFT8o2V~Vt+Xjg)wR-iLG`9BlHatlPyYRp*}v3xwXwHt
zQ<V0OErEQlBC1XO+RqmkH!R)fIPFV{{7k2^4hydfH=EKsz0W1jKCQV|Xv?0;uR<|V
zK{=k6xwdbz$cc*x6;59CV!m^Duk!6jJp%hXDr{IBuWo)KqOr?8$7}C&UFRPn&;AR=
z%Jk)~JbO#wI7`{N3f-Fy7uO337VYwg;(abAJa0|-6KA&@IiGVoZ~m+jsg2k#@}*_%
z&GOS*%oJu7mvo;@=3qT^&8I@*fum8;&%;emgack)EOEM;5*_nVHA3NT-#3nF`y;D_
zN?zP_=HmU>^m);v+H+~M3QIYyvgX)Z^ga8edR2kPa(&F-CbeBEn~&ewtou)H;mRqy
z9*2b0r%1f**4Var<;3Q)tA!@3PUr`(oY?Zt=2B1V=QGo19=<zw@|(P5^?JjdFZNdW
za<a!*8TCjPN#_Kq9}F`8Rp4$p^ZBJtUZD?7CEH)|KKi-zyc&;y-s$R?lZN@NGjtga
zhP;_8@}yihYR$tosrX0gKGzzx8TMa#x!%h(dXGssdtuT|%Sn%Gx0?yq-hX5?lmF~e
OE{6#3Sxt?%axwuGQrT$$

literal 3017
zcmZQ@_Y83kiVO&02%lb=x9jv2!{h_Em%RKYERrbjOkhnn6O-<#4YDEn%$6So9?Yw9
z&Ak3EJS_3gyBo7pcBPlcZqIFAwR_hG--V{^&DyrD3!)D$V>*y1u;s7jRBg{TEv>Mt
zcl%y#SCMb{oMBVfWV2-9y(s+`JNAEP^#1LlEqG+5RKa)6wqow;m#ojXZ|2gSS!#ar
z%WvyD)r+^-7hL`%?(WzqA@tPIpt=8lC*M<!BSw?0r^KH)wa%Vz?Habrt(T{X<cXda
zERx(Ju{}b3bA}X?hrgfl#-BMKc6l_t%V+TMPvrjXCuJu+`E#<WsY2qzS-qhz8_z^G
z{rEAxHSo%bl*K-xDGmkmrk=YyscT2lJ1>@P`bMW414Jh-_$d1Jwris^t5)~_M6Tm&
zW+!qL*`NK}yC`jQ;+@xKdtQW?upaB*BfR0_jVn_Wv;%)><i0AbQ)}2*B)2{KpR0Mo
z3r0EJ0Q1KF)6H_*Wbb6@%*vMbNfkMmeR+Rg8O!5u-5C?I`5PB}ZQPeuyw&8&tW{3k
zExmWI^1a+Vean(_$BzVT*3pvw_wbO*Z?jz0L;*)G!?gb7VClza%d~%<Q5R!+nQvtM
z&0$yUAywb4GtPY6cEa`=Q};cqD=+`ctSL$3aO?jYa^EXuMxy^drcLF!u33A3?Jmvf
z&OF7|*?fOL=Zn9W8GiSxEzVHgaX9JtomRnfWy+FrrEO;=3;%6cWhTFE^(iBT16o&B
zM{tIm?fsqFc(ne&7o|DZ^Sp1g&sMJbt|rnG9Tu1Kkx$gYuXbm+!~aKld|P|p&;1>H
z?u}`L>0bY?t1rz%XLYV-K6~=>o+gW=TdG@Y<|$08-I7}-bgPB!aR=Kq<IcstA5Pl-
zHY^r+*KmxBk74unhNrij&822H#OoA&JgF%+UH|Ie@(rE~wtbKFxb3%Z-Qyi8=eh-I
zYv&%Dvw4@-jG)-<<sJcx|4iZ2-Rog<_WbcCB>}w#{a1g@#a3<dxOF%B{;fNE-!pz(
zoEIOhx#-)0zltj>G*3k{7xOF>O04j|C^qxdIsXUDS{_;VR^C|rDD=)%j`v1?=7gx;
z`~G3ROzIll(?1zXKkwsdojog|*L}5v?-l2}n}u&TC;OFYtWuDAP@QKh|6_mjtA|OO
zIJh{?XDaoy_J8~K^ZEM%H^~5}p6XMIC)GB-ntbHOLKo95_qSZ-oxoJC)Hr3z8>^)&
zqF(>3G<ToMyf!9N*5J<lTO|`(B~`2D>^oW%QBcQvXKMX}EpAHI1tHm5aU3frcg)Ey
zzxn6;&fAvl_t~Zey|=bK{_6FztDA~v$LnpK=lspmzCuE;Cz-!{0f#>0zs|Vx{CpBd
zOYdt=XuEdOs=KskO=s?-*md6u+P1i=#<5M1PMuY{(revIC&!#UWy`~oFVxh|{}Qm>
zGtS2+IwvcC=IZ13UIeUdVYs(>!7o=&i&GW~vQ{e=cWw(86OZ4~X6?Re(v*qQX30)Z
zmz~FTga7@?`=?%SU6-@LL_h7F!0sn^jk^E*@%UjF-OQ%uqnb4%#P2vuL?)+Il0=bV
zWUz1Pf(tIYJ+n5Y++VY5@2&M0_rK42sPJ>nlzm5DE&W}0M2+Rb-xnfzyMnKlOuWf%
zILWJ)zjmwP#3OZ`&pkUIHI+qqK9^DS|KobVeEY4XN6S-kax_={_pMcTZ~ecn_0jHz
zc^r?ntL%H0VA(gDx9xQsXIA_cUGEEGf+;Wa7dePch?{fC=i~Hj)q~p8`O_TCWm&ej
z=;Ys6Qms0NVN=$s2Zz6P%sfz|S(SZJ<*{sB#LBH+N`V||a$?<cRG;*m{dV?>^V^ea
z-luH)xAk8Z>*v1`Rt@q#DYo+S6Drg@l)bfd@)fO2!_Mfv=aX3aG2hqz<4NX|>2)3%
z+jh<OdS3A-R_>FIK@;cp?OJ;~YBfA<Z&kfLa<*lypo`mt3#tN2g6@5{SN{B+`@!s<
z@R2<+@9tgXX7IliSJ~jX^|jrS=lV;YX&Yp^Jf0jPaN_@Y>E|bZ8{bplS$gE!1$~ic
z3=5lIr|xaJ^TcDOTG&3h`JJmP^v!m(`_9UH!S&W8dW{BuXw^#{hr7*UQhOrb{Y>%@
z{-vHX<IUryWB>Ex)1QCtsOBgwm9qQNa`?`IP2uMrym+1Nza_4huT*KS`91$Co+%-p
z46og7sIlL*cl9aerVghmpDr(+&pnsb$YjE#Fv~q^?|H%mB6hsCJ+boowmqC;u9y1H
zP2fwHdUej_s{fS(528Q)<>*NljaypJ9lS_jjX`FD<b0LADH{``Uqyb{)A?*kP0H&^
z{yDAJn5VA06&~I0uCn=tdrBy4*ol>r@4vlO)LZ$>vgBp*_Ny|cLFtQU`)d8~UwM5+
z-G-0fgP*Nr5MFN)bWF}PE_qRl=dGet>v--*FY3}%1n>S|a4h=labBL*ziXz|BrcGN
zwinv}soYfk|3*Rmr?WQY-+k7?DQc8*<V#;XV?-Fs8uO1irH-{TJhB`gq;2?gFXUF|
zN`AX{jNa!n`1V=2a9L@t)wu7d-SqfbKwogs6_!Uu3)S?^Q=a^FG*_Lx?{Or{7x&z@
zx<#*kF6Pd)T6rcUVFug%yGo`<L@$)jKW}08rf%tr3$udwru4?`Jilps$H@fS6R`#>
zwKlz5D`4T3XQiZf$&<_bj|!WXyZc+!U#9QgtDI#@3Mn!Adr99)bVqzgUS`X=;C?5r
z4c2S+X=KgaP;zUj;DwLh>*T)~m;KN@?E1UZa#_{OT^G8Y7hJ3kRtVAEsdFziTt6u8
z59_5%p=Qrc|5iKqEqeBK!TLtWb1T`;if>Grx52qgcfVTMn`s-u)F1dwGP=fo&dTGZ
z^|Z_T4N991RSBJ~h}_wx;B`99v_J6Kt_ROn`O27d6))*!(@#59J0sZqXlnK<<HX&8
zKb{%>IH~iwRqpkb@<lGM^X^%`+_2GAdB&PQwpSm|o?+FU+<CKH?&Y@Yh3^b`5^DFZ
z`F}W5iLJ9cMqhGeSC_t1ik`)5vmd?X%Y6l%THn{NtKsimx#mm4b6Ky?EZp@wlDBx@
zT*UB2L(+%CZ+Yp;lb_4u%k@pU_=Du%K9p6p?N?5)ny_@W=ShwCH@?5CUeeqX{E6Et
zO;ut3#mm1Gs~dJ7eH(Rm`oZvtzw6d)h`#q|%G{TGG=lydov=dwtYfWk;2ZthhF%u~
zw)URh#}mb{Z2rUPvcDI_a2E&gr`^|laP8)VitqEq-@R#1_@cV7>Rz1rm+Xj%qK|$_
zp4gY;6}C|6=<0awi9dJslnGv{(--H^dB5F$-rB(MKiyw?+4MC|?Z3Q%C9=0s{7lqy
z^H+N;sxxvKKXxX`y_{`h7geyQ^YOD&yA2-wnh^a$q5bNNg#Lh7U9p;=+f%Yz+T$j9
zcb_tSR=!2_c-{-<qZ*8FuO7J&l_-$@=(g30y26cbVpIQLm^?}T<(k!YGr~5^erT{n
zvyFG!4cRS)i}Y;2t?lpQ-Y@^}|Ju`M&wB5hW_D>)0HcoTaz!g<Q~x#Wr}?!HZ_)Tu
z_G}iLc|=$Bp)$!&pE6T?Z6&UJIQF_M`Do&U?8jBxMJ~%K#Qjg>?YnBaZRg<`UF;!m
zsvE9wac;=UVY(Dz%sR8Q?E1?8te#P~G~b7XepRU6DX_U@ai8+vRlAI?y#2XGX3C|x
zyp~?~r*G-bUflSe*Fmdx&JTmjXCGEL^i2x7vVOy)V|7};RnjU-?mg&I@rvDVb1>?3
zhqS?z$$u_hocKNR>fCuQZL-c!cuZx&{}gY_ox*job?T@32?yVarFvBLl+K?x_2%Q3
z@3dl<X7A@$3jV6h((A?RbV1tZ^Y1(_AyeaqoaV00?mqed?Jsyph<(UpcqbNGA84c<
z+;?W`s$YWJm!*9SnKEN>!x@IO)${rULY4Y^!#WlOZQdBe&2!>g^}@fBx3ppdS~Bt;
zeyWU5Y-rs%C*bMR4NI=*8v94@J^g^^_sf%0eAy1fGc(=3(mBobv^e|9)z9+fqolfK
zcs{>!@4>Rt5b=!J>HG=1{CXxoOfAnkdFgqe>UrMQx4YZ-UtJ>hR$`;lbG=DjG9O&;
z1bHYst1whf_&WW#n(-GIAE5`+&&=PumgzHJN2kf&t(jb{=C8cN4pf>SIS{@q_(l7d
QzHOJboVE^F+j3G20L%L8h5!Hn


From 205b262c181a86bca3270e9a6b10556e2d7d1632 Mon Sep 17 00:00:00 2001
From: Jimbo <jimbo@jimbosfiles.com>
Date: Tue, 8 Oct 2024 12:37:40 -0400
Subject: [PATCH 04/11] Change the boot config for server

---
 system/hosts/JimServer/configuration.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system/hosts/JimServer/configuration.nix b/system/hosts/JimServer/configuration.nix
index 0622a838..29a926ce 100644
--- a/system/hosts/JimServer/configuration.nix
+++ b/system/hosts/JimServer/configuration.nix
@@ -15,7 +15,7 @@
 
     # Hardware
     ./hardware-configuration.nix
-    ./../../hardware/systemdboot.nix
+    ./../../modules/systemdboot.nix
 
     # Services
     ./../../services/openssh.nix

From 8bd5d3c0c829b54fe4b1913e7827eba944a46296 Mon Sep 17 00:00:00 2001
From: Jimbo <jimbo@jimbosfiles.com>
Date: Fri, 11 Oct 2024 22:22:24 -0400
Subject: [PATCH 05/11] Modify flake slightly idk

---
 flake.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/flake.nix b/flake.nix
index e3138629..aa396979 100644
--- a/flake.nix
+++ b/flake.nix
@@ -47,7 +47,9 @@
     packages = forAllSystems (system: import ./extras/pkgs nixpkgs.legacyPackages.${system});
 
     # Your custom packages and modifications, exported as overlays
-    overlays = import ./extras/overlays.nix {inherit inputs;};
+    overlays = [
+      (import ./extras/overlays.nix {inherit inputs;})
+    ];
 
     # Variables defined so they can be accessed globally
     secrets = import ./extras/secrets.nix;

From ef085e32f15d0eac19e4222497cf766c24491966 Mon Sep 17 00:00:00 2001
From: Jimbo <jimjam4real@gmail.com>
Date: Fri, 11 Oct 2024 22:22:46 -0400
Subject: [PATCH 06/11] Update velocity

---
 system/server/firewall.nix                   | 1 +
 system/server/minecraft/servers/velocity.nix | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/system/server/firewall.nix b/system/server/firewall.nix
index a5a4184f..9ddf789f 100644
--- a/system/server/firewall.nix
+++ b/system/server/firewall.nix
@@ -27,6 +27,7 @@
               type nat hook prerouting priority dstnat; policy accept;
               tcp dport 2211 dnat to ${outputs.ips.pc}:22 comment "SSH to PC"
               tcp dport 2233 dnat to ${outputs.ips.wgSpan}.3:22 comment "SSH to Oracle VM"
+              tcp dport 2255 dnat to ${outputs.ips.vm}:22 comment "SSH to VM"
               
               udp dport { 27005, 27015, 7777 } dnat to ${outputs.ips.pc} comment "PC Hosted Games"
               
diff --git a/system/server/minecraft/servers/velocity.nix b/system/server/minecraft/servers/velocity.nix
index 6db38c26..b02b657d 100644
--- a/system/server/minecraft/servers/velocity.nix
+++ b/system/server/minecraft/servers/velocity.nix
@@ -7,12 +7,12 @@ in {
     jvmOpts = "-Xmx512M";
     symlinks = {
       "plugins/Geyser.jar" = builtins.fetchurl {
-        url = "https://download.geysermc.org/v2/projects/geyser/versions/2.4.2/builds/660/downloads/velocity";
-        sha256 = "09z938v6xrgbiba8rxgi7cdh3xxkv9fdampy15k6fmwddmj9y4a2";
+        url = "https://download.geysermc.org/v2/projects/geyser/versions/2.4.3/builds/688/downloads/velocity";
+        sha256 = "0gmsr2pspjklnshrrm7ril8c669gsac4v9ck4n6j85p0dp6aizql";
       };
       "plugins/Floodgate.jar" = builtins.fetchurl {
-        url = "https://download.geysermc.org/v2/projects/floodgate/versions/2.2.3/builds/109/downloads/velocity";
-        sha256 = "1hxdf38qzpzdnyn2gn1152fyd54bi37i0ayc82dgcjf0qrcbmv0c";
+        url = "https://download.geysermc.org/v2/projects/floodgate/versions/2.2.3/builds/112/downloads/velocity";
+        sha256 = "1cbb9qdlk9nw2q1vchq4fq553qxqi49268pg46b426wsa1yxjqa9";
       };
       "plugins/LuckPerms.jar" = builtins.fetchurl {
         url = "https://download.luckperms.net/1556/velocity/LuckPerms-Velocity-5.4.141.jar";

From 300c954fd7a19a3dca4d67f93b4f64dd6e979a05 Mon Sep 17 00:00:00 2001
From: Jimbo <jimbo@jimbosfiles.com>
Date: Fri, 11 Oct 2024 22:33:59 -0400
Subject: [PATCH 07/11] undo breaking change

---
 flake.nix | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/flake.nix b/flake.nix
index aa396979..e3138629 100644
--- a/flake.nix
+++ b/flake.nix
@@ -47,9 +47,7 @@
     packages = forAllSystems (system: import ./extras/pkgs nixpkgs.legacyPackages.${system});
 
     # Your custom packages and modifications, exported as overlays
-    overlays = [
-      (import ./extras/overlays.nix {inherit inputs;})
-    ];
+    overlays = import ./extras/overlays.nix {inherit inputs;};
 
     # Variables defined so they can be accessed globally
     secrets = import ./extras/secrets.nix;

From c380052b0cc21eada534f8d2d71da4915ca18fe2 Mon Sep 17 00:00:00 2001
From: Jimbo <jimbo@jimbosfiles.com>
Date: Sat, 12 Oct 2024 17:35:29 -0400
Subject: [PATCH 08/11] Move fonts config into home-manager

---
 flake.nix                                 |  2 +-
 home/hosts/JimDesktop/home.nix            |  1 +
 home/hosts/JimLenovo/home.nix             |  1 +
 home/hosts/JimPine/home.nix               |  1 +
 home/misc/fonts.nix                       | 19 +++++++++++++++++++
 system/desktop/fonts.nix                  | 14 --------------
 system/hosts/JimDesktop/configuration.nix |  1 -
 system/hosts/JimLenovo/configuration.nix  |  1 -
 system/hosts/JimPine/configuration.nix    |  1 -
 9 files changed, 23 insertions(+), 18 deletions(-)
 create mode 100644 home/misc/fonts.nix
 delete mode 100644 system/desktop/fonts.nix

diff --git a/flake.nix b/flake.nix
index e3138629..6ac9fbb6 100644
--- a/flake.nix
+++ b/flake.nix
@@ -47,7 +47,7 @@
     packages = forAllSystems (system: import ./extras/pkgs nixpkgs.legacyPackages.${system});
 
     # Your custom packages and modifications, exported as overlays
-    overlays = import ./extras/overlays.nix {inherit inputs;};
+    overlays = import ./extras/overlays.nix { inherit inputs; };
 
     # Variables defined so they can be accessed globally
     secrets = import ./extras/secrets.nix;
diff --git a/home/hosts/JimDesktop/home.nix b/home/hosts/JimDesktop/home.nix
index 30550403..8f213a9a 100644
--- a/home/hosts/JimDesktop/home.nix
+++ b/home/hosts/JimDesktop/home.nix
@@ -7,6 +7,7 @@
 
     # GUI Apps
     ./../../misc/guifiles.nix
+    ./../../misc/fonts.nix
     ./../../sway/sway.nix
     ./../../sway/swaylock.nix
     ./../../programs/gtk.nix
diff --git a/home/hosts/JimLenovo/home.nix b/home/hosts/JimLenovo/home.nix
index 007f7867..a2090db1 100644
--- a/home/hosts/JimLenovo/home.nix
+++ b/home/hosts/JimLenovo/home.nix
@@ -7,6 +7,7 @@
 
     # GUI Apps
     ./../../misc/guifiles.nix
+    ./../../misc/fonts.nix
     ./../../sway/sway.nix
     ./../../sway/swaylock.nix
     ./../../programs/gtk.nix
diff --git a/home/hosts/JimPine/home.nix b/home/hosts/JimPine/home.nix
index ba5e93b2..809906ca 100644
--- a/home/hosts/JimPine/home.nix
+++ b/home/hosts/JimPine/home.nix
@@ -7,6 +7,7 @@
 
     # GUI Apps
     ./../../misc/guifiles.nix
+    ./../../misc/fonts.nix
     ./../../sway/sway.nix
     ./../../sway/swaylock.nix
     ./../../programs/gtk.nix
diff --git a/home/misc/fonts.nix b/home/misc/fonts.nix
new file mode 100644
index 00000000..d6ef4f7b
--- /dev/null
+++ b/home/misc/fonts.nix
@@ -0,0 +1,19 @@
+{ pkgs, ... }: {
+  home.packages = with pkgs; [
+    liberation_ttf
+    twitter-color-emoji
+    noto-fonts
+    sarasa-gothic
+    ubuntu_font_family
+    (nerdfonts.override { fonts = [ "UbuntuMono" ]; })
+  ];
+
+  fonts.fontconfig = {
+    enable = true;
+    defaultFonts = {
+      sansSerif = [ "Ubuntu" ];
+      monospace = [ "UbuntuMono Nerd Font Mono" ];
+      emoji = [ "Twitter Color Emoji" ];
+    };
+  };
+}
diff --git a/system/desktop/fonts.nix b/system/desktop/fonts.nix
deleted file mode 100644
index e38a9094..00000000
--- a/system/desktop/fonts.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{pkgs, ...}: {
-  # Fonts
-  fonts = {
-    packages = with pkgs; [
-      liberation_ttf
-      twitter-color-emoji
-      noto-fonts
-      sarasa-gothic
-      ubuntu_font_family
-      (nerdfonts.override {fonts = ["UbuntuMono"];})
-    ];
-    fontconfig.defaultFonts.emoji = ["Twitter Color Emoji"];
-  };
-}
diff --git a/system/hosts/JimDesktop/configuration.nix b/system/hosts/JimDesktop/configuration.nix
index ce9c0e9a..1308fdca 100644
--- a/system/hosts/JimDesktop/configuration.nix
+++ b/system/hosts/JimDesktop/configuration.nix
@@ -16,7 +16,6 @@
     ./../../desktop/pipewire.nix
     ./../../desktop/bluetooth.nix
     ./../../desktop/firewall.nix
-    ./../../desktop/fonts.nix
     ./../../desktop/qt.nix
 
     # Modules
diff --git a/system/hosts/JimLenovo/configuration.nix b/system/hosts/JimLenovo/configuration.nix
index a5439344..4b975b43 100644
--- a/system/hosts/JimLenovo/configuration.nix
+++ b/system/hosts/JimLenovo/configuration.nix
@@ -16,7 +16,6 @@
     ./../../desktop/pipewire.nix
     ./../../desktop/bluetooth.nix
     ./../../desktop/firewall.nix
-    ./../../desktop/fonts.nix
     ./../../desktop/qt.nix
 
     # Laptop/Portable only
diff --git a/system/hosts/JimPine/configuration.nix b/system/hosts/JimPine/configuration.nix
index 797a8f03..c7df43b4 100644
--- a/system/hosts/JimPine/configuration.nix
+++ b/system/hosts/JimPine/configuration.nix
@@ -15,7 +15,6 @@
     ./../../desktop/pipewire.nix
     ./../../desktop/bluetooth.nix
     ./../../desktop/firewall.nix
-    ./../../desktop/fonts.nix
     ./../../desktop/qt.nix
     ./../../desktop/wireguard.nix
 

From c3193845a4c16139297cecbc23ae40e60ea1f9e6 Mon Sep 17 00:00:00 2001
From: Jimbo <jimbo@jimbosfiles.com>
Date: Sat, 12 Oct 2024 21:14:55 -0400
Subject: [PATCH 09/11] Simplify flake with variables

---
 flake.nix | 112 ++++++++++++++++++------------------------------------
 1 file changed, 38 insertions(+), 74 deletions(-)

diff --git a/flake.nix b/flake.nix
index 6ac9fbb6..de700c60 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,7 +2,6 @@
   description = "Jimbo's systems as a flake";
 
   inputs = {
-    # Nixpkgs
     nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
     nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
     nur.url = "github:nix-community/NUR";
@@ -37,15 +36,16 @@
     ...
   } @inputs: let
     inherit (self) outputs;
-    forAllSystems = nixpkgs.lib.genAttrs [
-      "aarch64-linux" 
-      "x86_64-linux"
-    ];
+    mkNixos = modules: nixpkgs.lib.nixosSystem {
+      inherit modules;
+      specialArgs = { inherit inputs outputs; };
+    };
+    
+    mkHome = modules: pkgs: home-manager.lib.homeManagerConfiguration {
+      inherit modules pkgs;
+      extraSpecialArgs = { inherit inputs outputs; };
+    };
   in rec {
-    # Your custom packages
-    # Accessible through 'nix build', 'nix shell', etc
-    packages = forAllSystems (system: import ./extras/pkgs nixpkgs.legacyPackages.${system});
-
     # Your custom packages and modifications, exported as overlays
     overlays = import ./extras/overlays.nix { inherit inputs; };
 
@@ -59,76 +59,40 @@
 
     # NixOS config entrypoint, use 'nixos-rebuild --flake .#your-hostname'
     nixosConfigurations = {
-      JimDesktop = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
-        modules = [
-          ./system/hosts/JimDesktop/configuration.nix
-	  lanzaboote.nixosModules.lanzaboote
-        ];
-      };
-      JimServer = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
-        modules = [
-          ./system/hosts/JimServer/configuration.nix
-	  mailserver.nixosModule
-        ];
-      };
-      JimPine = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
-        modules = [
-          ./system/hosts/JimPine/configuration.nix
-	  hardware.nixosModules.pine64-pinebook-pro
-        ];
-      };
-      JimLenovo = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
-        modules = [
-          ./system/hosts/JimLenovo/configuration.nix
-        ];
-      };
+      JimDesktop = mkNixos [
+        ./system/hosts/JimDesktop/configuration.nix
+        lanzaboote.nixosModules.lanzaboote
+      ];
+      JimServer = mkNixos [
+        ./system/hosts/JimServer/configuration.nix
+        mailserver.nixosModule
+      ];
+      JimPine = mkNixos [
+        ./system/hosts/JimPine/configuration.nix
+        hardware.nixosModules.pine64-pinebook-pro
+      ];
     };
 
     # Home-manager configuration, use 'home-manager --flake .#your-username@your-hostname'
     homeConfigurations = {
-      "jimbo@JimDesktop" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
-        extraSpecialArgs = {inherit inputs outputs;};
-        modules = [
-          ./home/hosts/JimDesktop/home.nix
-	  nur.nixosModules.nur
-        ];
-      };
-      "jimbo@JimServer" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
-        extraSpecialArgs = {inherit inputs outputs;};
-        modules = [
-          ./home/hosts/JimServer/home.nix
-        ];
-      };
-      "jimbo@JimPine" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.aarch64-linux;
-        extraSpecialArgs = {inherit inputs outputs;};
-        modules = [
-          ./home/hosts/JimPine/home.nix
-	  nur.nixosModules.nur
-        ];
-      };
-      "jimbo@JimLenovo" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
-        extraSpecialArgs = {inherit inputs outputs;};
-        modules = [
-          ./home/hosts/JimLenovo/home.nix
-	  nur.nixosModules.nur
-        ];
-      };
+      "jimbo@JimDesktop" = mkHome [
+        ./home/hosts/JimDesktop/home.nix
+        nur.nixosModules.nur
+      ] nixpkgs.legacyPackages."x86_64-linux";
+
+      "jimbo@JimServer" = mkHome [
+        ./home/hosts/JimServer/home.nix
+      ] nixpkgs.legacyPackages.x86_64-linux;
+
+      "jimbo@JimPine" = mkHome [
+        ./home/hosts/JimPine/home.nix
+        nur.nixosModules.nur
+      ] nixpkgs.legacyPackages.aarch64-linux;
+
       # Derivation for ssh envrionments on other people's servers
-      "jimbo@JimTerminal" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
-        extraSpecialArgs = {inherit inputs outputs;};
-        modules = [
-          ./home/hosts/JimTerminal/home.nix
-        ];
-      };
+      "jimbo@JimTerminal" = mkHome [
+        ./home/hosts/JimTerminal/home.nix
+      ] nixpkgs.legacyPackages.x86_64-linux;
     };
   };
 }

From 2e7f9a1f3eeedae3dcfccdcb8c5884b6996f8267 Mon Sep 17 00:00:00 2001
From: Jimbo <jimbo@jimbosfiles.com>
Date: Sun, 13 Oct 2024 02:08:29 -0400
Subject: [PATCH 10/11] Update the flake again with some minor details

---
 extras/overlays.nix |  2 +-
 flake.lock          | 36 ++++++++++++++++++------------------
 flake.nix           | 21 ++++++++++-----------
 3 files changed, 29 insertions(+), 30 deletions(-)

diff --git a/extras/overlays.nix b/extras/overlays.nix
index f048cce1..fe3e0196 100644
--- a/extras/overlays.nix
+++ b/extras/overlays.nix
@@ -9,7 +9,7 @@
   });
   
   finalprev = (final: prev: {
-    unstable = import inputs.nixpkgs-unstable {
+    unstable = import inputs.unstable {
       system = final.system;
       config.allowUnfree = true;
     };
diff --git a/flake.lock b/flake.lock
index 98ba8698..5cf5787e 100644
--- a/flake.lock
+++ b/flake.lock
@@ -333,22 +333,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-unstable": {
-      "locked": {
-        "lastModified": 1727348695,
-        "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixpkgs_2": {
       "locked": {
         "lastModified": 1717602782,
@@ -447,8 +431,8 @@
         "mailserver": "mailserver",
         "minecraft": "minecraft",
         "nixpkgs": "nixpkgs_4",
-        "nixpkgs-unstable": "nixpkgs-unstable",
-        "nur": "nur"
+        "nur": "nur",
+        "unstable": "unstable"
       }
     },
     "rust-overlay": {
@@ -521,6 +505,22 @@
         "type": "github"
       }
     },
+    "unstable": {
+      "locked": {
+        "lastModified": 1728492678,
+        "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "utils": {
       "inputs": {
         "systems": "systems_2"
diff --git a/flake.nix b/flake.nix
index de700c60..4afae918 100644
--- a/flake.nix
+++ b/flake.nix
@@ -3,7 +3,7 @@
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
-    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+    unstable.url = "github:nixos/nixpkgs/nixos-unstable";
     nur.url = "github:nix-community/NUR";
     mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
     blender-bin.url = "https://flakehub.com/f/edolstra/blender-bin/1.0.8.tar.gz";
@@ -26,7 +26,7 @@
   outputs = {
     self,
     nixpkgs,
-    nixpkgs-unstable,
+    unstable,
     nur,
     mailserver,
     blender-bin,
@@ -34,18 +34,17 @@
     lanzaboote,
     home-manager,
     ...
-  } @inputs: let
-    inherit (self) outputs;
+  }@inputs: let
     mkNixos = modules: nixpkgs.lib.nixosSystem {
       inherit modules;
-      specialArgs = { inherit inputs outputs; };
+      specialArgs = { inherit (self) inputs outputs; };
     };
     
     mkHome = modules: pkgs: home-manager.lib.homeManagerConfiguration {
       inherit modules pkgs;
-      extraSpecialArgs = { inherit inputs outputs; };
+      extraSpecialArgs = { inherit (self) inputs outputs; };
     };
-  in rec {
+  in {
     # Your custom packages and modifications, exported as overlays
     overlays = import ./extras/overlays.nix { inherit inputs; };
 
@@ -57,7 +56,7 @@
     look = import ./extras/look.nix;
     ws = import ./extras/workspaces.nix;
 
-    # NixOS config entrypoint, use 'nixos-rebuild --flake .#your-hostname'
+    # NixOS configuration: 'nixos-rebuild --flake .#hostname'
     nixosConfigurations = {
       JimDesktop = mkNixos [
         ./system/hosts/JimDesktop/configuration.nix
@@ -73,12 +72,12 @@
       ];
     };
 
-    # Home-manager configuration, use 'home-manager --flake .#your-username@your-hostname'
+    # Home-manager configuration: 'home-manager --flake .#username@hostname'
     homeConfigurations = {
       "jimbo@JimDesktop" = mkHome [
         ./home/hosts/JimDesktop/home.nix
         nur.nixosModules.nur
-      ] nixpkgs.legacyPackages."x86_64-linux";
+      ] nixpkgs.legacyPackages.x86_64-linux;
 
       "jimbo@JimServer" = mkHome [
         ./home/hosts/JimServer/home.nix
@@ -89,7 +88,7 @@
         nur.nixosModules.nur
       ] nixpkgs.legacyPackages.aarch64-linux;
 
-      # Derivation for ssh envrionments on other people's servers
+      # Profile for ssh envrionments on different non-root systems
       "jimbo@JimTerminal" = mkHome [
         ./home/hosts/JimTerminal/home.nix
       ] nixpkgs.legacyPackages.x86_64-linux;

From 4d7bd7ecfa72601a7367ae3d31fcc1e41cfd5ea0 Mon Sep 17 00:00:00 2001
From: Jimbo <jimbo@jimbosfiles.com>
Date: Sun, 13 Oct 2024 11:56:39 -0400
Subject: [PATCH 11/11] Update Blender flake

---
 flake.lock         |  2 +-
 flake.nix          |  2 +-
 home/utils/zsh.nix | 17 ++++++++---------
 3 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/flake.lock b/flake.lock
index 5cf5787e..2c9a6df4 100644
--- a/flake.lock
+++ b/flake.lock
@@ -14,7 +14,7 @@
       },
       "original": {
         "type": "tarball",
-        "url": "https://flakehub.com/f/edolstra/blender-bin/1.0.8.tar.gz"
+        "url": "https://flakehub.com/f/edolstra/blender-bin/1.0.9.tar.gz"
       }
     },
     "blobs": {
diff --git a/flake.nix b/flake.nix
index 4afae918..46806529 100644
--- a/flake.nix
+++ b/flake.nix
@@ -6,7 +6,7 @@
     unstable.url = "github:nixos/nixpkgs/nixos-unstable";
     nur.url = "github:nix-community/NUR";
     mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
-    blender-bin.url = "https://flakehub.com/f/edolstra/blender-bin/1.0.8.tar.gz";
+    blender-bin.url = "https://flakehub.com/f/edolstra/blender-bin/1.0.9.tar.gz";
     minecraft.url = "github:Infinidoge/nix-minecraft";
     hardware.url = "github:nixos/nixos-hardware/master";
 
diff --git a/home/utils/zsh.nix b/home/utils/zsh.nix
index f619a520..0613ca9f 100644
--- a/home/utils/zsh.nix
+++ b/home/utils/zsh.nix
@@ -1,4 +1,4 @@
-{pkgs, config, outputs, ...}: {
+{ pkgs, config, ... }: {
   programs.zsh = {
     enable = true;
     autosuggestion.enable = true;
@@ -9,19 +9,18 @@
       plugins = ["git"];
     };
     shellAliases = {
-      # NixOS aliases
-      nixcfg = "${outputs.cmd.nixcfg}";
-      nixclean = "${outputs.cmd.auth} nix-store --gc; nix-collect-garbage -d";
-      nixpurge = "${outputs.cmd.auth} nix-collect-garbage --delete-old";
-      nixoptimize = "${outputs.cmd.auth} nix store optimise";
-
       # Flake commands
-      flakedate = "${outputs.cmd.auth} nix flake update /etc/nixos";
-      sysswitch = "${outputs.cmd.auth} nixos-rebuild switch --flake /etc/nixos";
+      flakedate = "doas nix flake update /etc/nixos";
+      sysswitch = "doas nixos-rebuild switch --flake /etc/nixos";
       homeswitch = "home-manager switch --flake /etc/nixos";
       nixswitch = "sysswitch; homeswitch";
       nixdate = "flakedate && sysswitch; homeswitch";
 
+      # NixOS aliases
+      nixclean = "doas nix-store --gc; nix-collect-garbage -d";
+      nixpurge = "doas nix-collect-garbage --delete-old";
+      nixoptimize = "doas nix store optimise";
+
       # Shortcut aliases
       neo = "clear && fastfetch";
       ip = "ip -c";