split waybar into multiple files

2025-10-06 21:29:04 +02:00 · 2025-10-06 21:29:04 +02:00 · 7cff7f09c3
commit 7cff7f09c3
parent 53c7532351
29 changed files with 953 additions and 617 deletions
--- a/flake.lock
+++ b/flake.lock
@ -16,11 +16,11 @@
        "uv2nix": "uv2nix"
      },
      "locked": {
-        "lastModified": 1757676906,
+        "lastModified": 1759322529,
-        "narHash": "sha256-2Zbde5orbGsYdzroe51P1AW8pFMCNyqHgLjmHYJvOmE=",
+        "narHash": "sha256-yiv/g/tiJI3PI95F7vhTnaf1TDsIkFLrmmFTjWfb6pQ=",
        "owner": "nix-community",
        "repo": "authentik-nix",
-        "rev": "04db807ac00ba6d62808ffab18b3b6d500b6f7cb",
+        "rev": "69fac057b2e553ee17c9a09b822d735823d65a6c",
        "type": "github"
      },
      "original": {
@ -32,16 +32,16 @@
    "authentik-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1755873658,
+        "lastModified": 1759190535,
-        "narHash": "sha256-5l1g55b0xozGg0NaZFimiO5JbHGcudaNSEn1/XsweaU=",
+        "narHash": "sha256-pIzDaoDWc58cY/XhsyweCwc4dfRvkaT/zqsV1gDSnCI=",
        "owner": "goauthentik",
        "repo": "authentik",
-        "rev": "dd7c6b29d950664deadbcf5390272619a8bf9a5e",
+        "rev": "8d3a289d12c7de2f244c76493af7880f70d08af2",
        "type": "github"
      },
      "original": {
        "owner": "goauthentik",
-        "ref": "version/2025.8.1",
+        "ref": "version/2025.8.4",
        "repo": "authentik",
        "type": "github"
      }
@ -98,11 +98,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1754487366,
+        "lastModified": 1756770412,
-        "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
+        "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
+        "rev": "4524271976b625a4a605beefd893f270620fd751",
        "type": "github"
      },
      "original": {
@ -222,11 +222,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1757982959,
+        "lastModified": 1759759529,
-        "narHash": "sha256-b2a0ikawsIBcqwM05mv4tjsn0YfptAEcdEcTNhOD8Pk=",
+        "narHash": "sha256-t+fUXdpBv3r/nhciqJpkALCWdXGIeGfUshm1KfC69KM=",
        "owner": "helix-editor",
        "repo": "helix",
-        "rev": "c0921202a0a9f9e3003a845824d3365e2f08467f",
+        "rev": "c599e4e7ee5222692c6c2a2de1edc1994afb39ee",
        "type": "github"
      },
      "original": {
@ -242,11 +242,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1757997814,
+        "lastModified": 1759761710,
-        "narHash": "sha256-F+1aoG+3NH4jDDEmhnDUReISyq6kQBBuktTUqCUWSiw=",
+        "narHash": "sha256-6ZG7VZZsbg39gtziGSvCJKurhIahIuiCn+W6TGB5kOU=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "5820376beb804de9acf07debaaff1ac84728b708",
+        "rev": "929535c3082afdf0b18afec5ea1ef14d7689ff1c",
        "type": "github"
      },
      "original": {
@ -343,11 +343,11 @@
    "mobile-nixos": {
      "flake": false,
      "locked": {
-        "lastModified": 1757174863,
+        "lastModified": 1759261417,
-        "narHash": "sha256-PFu4TTHm/GSbrBBl6waxSNyQfpMoC4YkL1RMXkb2gyE=",
+        "narHash": "sha256-TjuoBb8+isL3KTdGgtYh90XPyeUMFbgNAOG9l23CB3A=",
        "owner": "mobile-nixos",
        "repo": "mobile-nixos",
-        "rev": "c3164daaf62a81d0c4bfab67e6763a4319212557",
+        "rev": "e6f6d527bf6abf94dd52fbba3143a720cef96431",
        "type": "github"
      },
      "original": {
@ -359,11 +359,11 @@
    "mtxclient": {
      "flake": false,
      "locked": {
-        "lastModified": 1754164950,
+        "lastModified": 1758395358,
-        "narHash": "sha256-v/TaaGrCO3M86pF1P0O25iN0+s2t84iPKhgOtxZT0wQ=",
+        "narHash": "sha256-zxpvRDKpp8sWSmf/xLgoHDWMzmdkQenZepXg+CoGtcg=",
        "owner": "Nheko-Reborn",
        "repo": "mtxclient",
-        "rev": "fa181521c2300d57ac4d3a833a059317b1ea6dc3",
+        "rev": "d6f10427d1c5e5b1a45f426274f8d2e8dd0b64be",
        "type": "github"
      },
      "original": {
@ -422,11 +422,11 @@
        "rust-overlay": "rust-overlay_3"
      },
      "locked": {
-        "lastModified": 1758000903,
+        "lastModified": 1759395653,
-        "narHash": "sha256-FyfB40rl2mbRGIvF2/6Iwv9xHDxOmhaE1MhlV6Efsg4=",
+        "narHash": "sha256-sv9J1z6CrTPf9lRJLyCN90fZVdQz7LFeX7pIlInH8BQ=",
        "owner": "YaLTeR",
        "repo": "niri",
-        "rev": "c30e5c91851d77d48ff2120f0e710501b19d61b4",
+        "rev": "ba6e5e082a79901dc89b0d49c5da1b769d652aec",
        "type": "github"
      },
      "original": {
@ -437,11 +437,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1757943327,
+        "lastModified": 1759582739,
-        "narHash": "sha256-w6cDExPBqbq7fTLo4dZ1ozDGeq3yV6dSN4n/sAaS6OM=",
+        "narHash": "sha256-spZegilADH0q5OngM86u6NmXxduCNv5eX9vCiUPhOYc=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "67a709cfe5d0643dafd798b0b613ed579de8be05",
+        "rev": "3441b5242af7577230a78ffb03542add264179ab",
        "type": "github"
      },
      "original": {
@ -453,11 +453,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1757745802,
+        "lastModified": 1759381078,
-        "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
+        "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1",
+        "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
        "type": "github"
      },
      "original": {
@ -469,11 +469,11 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1753579242,
+        "lastModified": 1754788789,
-        "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=",
+        "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e",
+        "rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
        "type": "github"
      },
      "original": {
@ -484,11 +484,11 @@
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1758007619,
+        "lastModified": 1759769540,
-        "narHash": "sha256-ADv63t4pEj5zhTAggwzyCbSpQosDtxKy0qg9cB9a1Eo=",
+        "narHash": "sha256-s77ilbEVvMAjxjjWStsExk1vzBXCPsnQa1tKjGYo85M=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "64334fda8d632bec7c80c9bef668ad9633a8dd64",
+        "rev": "dbe62f817c129a464d33bbae02bb36fb04871fa6",
        "type": "github"
      },
      "original": {
@ -557,11 +557,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1756087852,
+        "lastModified": 1757296493,
-        "narHash": "sha256-4jc3JDQt75fYXFrglgqyzF6C6zLU0QGLymzian4aP+U=",
+        "narHash": "sha256-6nzSZl28IwH2Vx8YSmd3t6TREHpDbKlDPK+dq1LKIZQ=",
        "owner": "pyproject-nix",
        "repo": "build-system-pkgs",
-        "rev": "6edb3ae27395cd88be3d64b732d1539957dad59c",
+        "rev": "5b8e37fe0077db5c1df3a5ee90a651345f085d38",
        "type": "github"
      },
      "original": {
@ -578,11 +578,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1756395552,
+        "lastModified": 1757246327,
-        "narHash": "sha256-5aJM14MpoLk2cdZAetu60OkLQrtFLWTICAyn1EP7ZpM=",
+        "narHash": "sha256-6pNlGhwOIMfhe/RLjHdpXveKS4FyLHvlGe+KtjDild4=",
        "owner": "pyproject-nix",
        "repo": "pyproject.nix",
-        "rev": "030dffc235dcf240d918c651c78dc5f158067b51",
+        "rev": "8d77f342d66ad1601cdb9d97e9388b69f64d4c8e",
        "type": "github"
      },
      "original": {
@ -620,11 +620,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1740623427,
+        "lastModified": 1759631821,
-        "narHash": "sha256-3SdPQrZoa4odlScFDUHd4CUPQ/R1gtH4Mq9u8CBiK8M=",
+        "narHash": "sha256-V8A1L0FaU/aSXZ1QNJScxC12uP4hANeRBgI4YdhHeRM=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "d342e8b5fd88421ff982f383c853f0fc78a847ab",
+        "rev": "1d7cbdaad90f8a5255a89a6eddd8af24dc89cafe",
        "type": "github"
      },
      "original": {
@ -662,11 +662,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752374969,
+        "lastModified": 1757989933,
-        "narHash": "sha256-Ky3ynEkJXih7mvWyt9DWoiSiZGqPeHLU1tlBU4b0mcc=",
+        "narHash": "sha256-9cpKYWWPCFhgwQTww8S94rTXgg8Q8ydFv9fXM6I8xQM=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "75fb000638e6d0f57cb1e8b7a4550cbdd8c76f1d",
+        "rev": "8249aa3442fb9b45e615a35f39eca2fe5510d7c3",
        "type": "github"
      },
      "original": {
@ -703,11 +703,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758007585,
+        "lastModified": 1759635238,
-        "narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=",
+        "narHash": "sha256-UvzKi02LMFP74csFfwLPAZ0mrE7k6EiYaKecplyX9Qk=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139",
+        "rev": "6e5a38e08a2c31ae687504196a230ae00ea95133",
        "type": "github"
      },
      "original": {
@ -795,11 +795,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1756466761,
+        "lastModified": 1757925761,
-        "narHash": "sha256-ALXRHIMXQ4qVNfCbcWykC23MjMwUoHn9BreoBfqmq0Y=",
+        "narHash": "sha256-7Hwz0vfHuFqCo5v7Q07GQgLBWuPvZCuf/5/pk4NoADg=",
        "owner": "pyproject-nix",
        "repo": "uv2nix",
-        "rev": "0529e6d8227517205afcd1b37eee3088db745730",
+        "rev": "780494c40895bb7419a73d942bee326291e80b3b",
        "type": "github"
      },
      "original": {
@ -817,11 +817,11 @@
        "rust-overlay": "rust-overlay_4"
      },
      "locked": {
-        "lastModified": 1757179758,
+        "lastModified": 1759707084,
-        "narHash": "sha256-TIvyWzRt1miQj6Cf5Wy8Qz43XIZX7c4vTVwRLAT5S4Y=",
+        "narHash": "sha256-0pkftKs6/LReNvxw7DVTN2AJEheZVgyeK0Aarbagi70=",
        "owner": "Supreeeme",
        "repo": "xwayland-satellite",
-        "rev": "970728d0d9d1eada342bb8860af214b601139e58",
+        "rev": "a9188e70bd748118b4d56a529871b9de5adb9988",
        "type": "github"
      },
      "original": {
@ -838,11 +838,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1757999874,
+        "lastModified": 1759724568,
-        "narHash": "sha256-kgV3ms4hR86tIxaNAYJI8NNgkmEygN+JwkXCPAx2P2U=",
+        "narHash": "sha256-i/+YcMMMFXeUKWbR683eoxyz+4Jcb01MHVCjj6OHl0Y=",
        "owner": "0xc000022070",
        "repo": "zen-browser-flake",
-        "rev": "7dcbd22ca3943e4cfb3122f96cf515f028b3236a",
+        "rev": "b63e1644c96baaaccb78f8d3101f39fbfee733cb",
        "type": "github"
      },
      "original": {
--- a/hm-modules/firefox.nix
+++ b/hm-modules/firefox.nix
@ -42,12 +42,28 @@ in
            moz = name: "https://addons.mozilla.org/firefox/downloads/latest/${name}/latest.xpi";
          in
          {
            "{d07ccf11-c0cd-4938-a265-2a4d6ad01189}" = {
              # web archives
              default_area = "navbar";
              install_url = moz "view_page_archive";
              installation_mode = "force_installed";
              private_browsing = true;
            };
            "de_DE@dicts.j3e.de" = {
              install_url = moz "german_dictionary_de_de_for_sp";
            };
            "uBlock0@raymondhill.net" = {
              default_area = "menupanel";
              install_url = moz "ublock-origin";
              installation_mode = "force_installed";
              private_browsing = true;
            };
            "uMatrix@raymondhill.net" = {
              default_area = "menupanel";
              install_url = moz "umatrix";
              installation_mode = "force_installed";
              private_browsing = true;
            };
            "vimium-c@gdh1995.cn" = {
              default_area = "navbar";
              install_url = moz "vimium-c";
@ -154,10 +170,21 @@ in
          "privacy.trackingprotection.enabled" = true;
          "privacy.trackingprotection.socialtracking.enabled" = true;
          "privacy.trackingprotection.emailtracking.enabled" = true;
          "privacy.fingerprintingProtection" = true;
          "privacy.clearOnShutdown_v2.formdata" = true;
          "privacy.history.custom" = true;
          "privacy.query_stripping.enabled" = true;
          "extensions.formautofill.addresses.enabled" = false;
          "extensions.formautofill.creditCards.enabled" = false;
          "zen.view.use-single-toolbar" = false;
          "zen.welcome-screen.seen" = true;
          "browser.translations.neverTranslateLanguages" = "de";
          "dom.security.https_only_mode" = true;
          "dom.security.https_only_mode_ever_enabled" = true;
          # things ripped from https://github.com/yokoffing/Betterfox/blob/main/Fastfox.js
          "media.memory_cache_max_size" = 65536;
          "media.cache_readahead_limit" = 7200;
@ -225,6 +252,13 @@ in
                ];
                url = "https://nixos.org/manual/nixos/stable/#sec-option-declarations";
              }
              {
                name = "Home Manager Options";
                tags = [
                  "nix"
                ];
                url = "https://nix-community.github.io/home-manager/options.xhtml";
              }
              {
                name = "homepage";
                url = "https://nixos.org/";
@ -244,6 +278,34 @@ in
        extensions.force = true;
        extensions.settings = {
          "{d07ccf11-c0cd-4938-a265-2a4d6ad01189}".settings = {
            engines = [
              "archiveIs"
              "archiveOrg"
              "archiveOrgAll"
              "yandex"
              "archiveIsAll"
              "memento"
              "permacc"
              "megalodon"
              "ghostarchive"
              "webcite"
            ];
            menuItems = [
              "openCurrentDoc_1"
              "sep_1"
              "search_allEngines_1"
              "sep_2"
              "search_archiveIs_1"
              "search_archiveOrg_1"
              "search_yandex_1"
              "search_memento_1"
              "search_permacc_1"
              "search_megalodon_1"
              "search_ghostarchive_1"
              "search_webcite_1"
            ];
          };
          "vimium-c@gdh1995.cn".settings = {
            searchEngines = ''
              g|go|gg|google|Google: https://www.google.com/search?q=%s \\
--- a/hm-modules/helix.nix
+++ b/hm-modules/helix.nix
@ -1,4 +1,10 @@
-{ pkgs, config, lib, inputs, ... }:
+{
  pkgs,
  config,
  lib,
  inputs,
  ...
 }:
 with lib;
 let
  cfg = config.xyno.helix;
@ -7,7 +13,9 @@ in
  options.xyno.helix.enable = mkOption { default = false; };
  options.xyno.helix.withLargeLSPs = mkOption { default = false; };
  config = mkIf cfg.enable {
-    home.packages = with pkgs; [
+    home.packages =
      with pkgs;
      [
        nixpkgs-fmt
        # omnisharp-roslyn
        ## ts
@ -18,13 +26,15 @@ in
        # ruff-lsp
        # nodePackages_latest.pyright
        # inputs.csharp-language-server.packages.${pkgs.system}.csharp-language-server
-    ] ++ (optionals cfg.withLargeLSPs [
+      ]
      ++ (optionals cfg.withLargeLSPs [
        netcoredbg
        nodePackages_latest.typescript-language-server
        nodePackages_latest.vscode-langservers-extracted
        typescript
        jsonnet-language-server
        jsonnet
        lazygit
      ]);
    programs.helix = {
@ -94,6 +104,13 @@ in
        keys = {
          normal = {
            space."=" = ":fmt";
            "C-g" =
              ":sh tmux popup -d \"#{pane_current_path}\" -xC -yC -w80%% -h80%% -E lazygit";
            "C-t" = ":sh tmux split-window -v -l '35%%'";
            "C-h" = ":sh tmux select-pane -t '{left-of}'";
            "C-l" = ":sh tmux select-pane -t '{right-of}'";
            "C-j" = ":sh tmux select-pane -t '{down-of}'";
            "C-k" = ":sh tmux select-pane -t '{up-of}'";
            # smart tab++
            tab = "move_parent_node_end";
@ -110,13 +127,15 @@ in
          };
        };
      };
      languages = {
        language-server.pyright.config.python.analysis.typeCheckingMode = "basic";
        language-server.ruff = {
          command = "ruff-lsp";
-          config.settings.args = [ "--ignore" "E501" ];
+          config.settings.args = [
            "--ignore"
            "E501"
          ];
        };
        language-server.csharp = {
          command = "csharp-language-server";
@ -125,22 +144,40 @@ in
          (map
            (x: {
              name = x;
-              language-servers = [ "typescript-language-server" "eslint" ];
+              language-servers = [
                "typescript-language-server"
                "eslint"
              ];
              #formatter = { command = "dprint"; args = [ "fmt" "--stdin" x ]; };
              # formatter = { command = "prettier"; args = [ "--parser" "typescript" ]; };
-            }) [ "typescript" "javascript" "jsx" "tsx" ])
+            })
            [
              "typescript"
              "javascript"
              "jsx"
              "tsx"
            ]
          )
          {
            name = "nix";
-            formatter = { command = "nixpkgs-fmt"; };
+            formatter = {
              command = "nixpkgs-fmt";
            };
          }
          {
            name = "python";
-            language-servers = [ "pyright" "ruff" ];
+            language-servers = [
              "pyright"
              "ruff"
            ];
          }
          {
            name = "c-sharp";
            language-servers = [ "csharp" ];
-            formatter = { command = "dotnet"; args = [ "csharpier" ]; };
+            formatter = {
              command = "dotnet";
              args = [ "csharpier" ];
            };
          }
        ];
--- a/instances/ds9/services/woodpecker.nix
+++ b/instances/ds9/services/woodpecker.nix
@ -52,7 +52,7 @@
      WOODPECKER_SERVER = "[::1]:19000";
      WOODPECKER_BACKEND = "docker";
      WOODPECKER_MAX_WORKFLOWS = 4;
-      DOCKER_HOST = "unix:///run/podman/podman.sock";
+      DOCKER_HOST = "unix:///run/podman/podman.sock"; # the woodpecker can have a little podman. as a treat
    };
    environmentFile = [
      config.sops.secrets."woodpecker/agent_secret".path
--- a/instances/theseus/configuration.nix
+++ b/instances/theseus/configuration.nix
@ -15,7 +15,10 @@ in
  nixpkgs.system = "x86_64-linux";
  imports = [ ./hardware-configuration.nix ];
  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-  services.fido2-hid-bridge.enable = true;
+
  # TODO: remove when turning on impermanence
  sops.gnupg.sshKeyPaths = [ "/etc/ssh/ssh_host_rsa_key" ];
  home-manager.users.${config.xyno.system.user.name} = (
    { ... }:
    {
@ -25,8 +28,6 @@ in
  nixpkgs.config.permittedInsecurePackages = [
    "olm-3.2.16"
  ];
  services.vsmartcard-vpcd.enable = true;
  hardware.gpgSmartcards.enable = true;
  networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 35963 ];
  security.wrappers.unfuck-wifi = {
    owner = "root";
@ -47,7 +48,7 @@ in
    pandoc
    tectonic
    rquickshare
-    supersonic
+    supersonic-wayland
    nheko
    anki-bin
    gimp3
@ -59,10 +60,15 @@ in
    pencil2d
    python311Packages.brother-ql
    ptouch-print
    hledger
  ];
  environment.variables."LEDGER_FILE" = "~/docs/hledger/main.journal";
  time.timeZone = "Europe/Berlin";
  # orcaslicer
  networking.firewall.allowedTCPPorts = [
    1880
    2021
@ -77,6 +83,7 @@ in
  xyno.common.enable = true;
  xyno.desktop.common-programs.enable = true;
  xyno.hardware.kmonad.enable = true;
  xyno.hardware.smartcard.enable = true;
  xyno.presets.cli.enable = true;
  xyno.presets.gui.enable = true;
  xyno.presets.development.enable = true;
--- a/instances/theseus/default.nix
+++ b/instances/theseus/default.nix
@ -1,6 +1,7 @@
 {
  modules = [ ./configuration.nix ];
  hostName = "theseus";
  sopsKey = "4019fd893bba15618c2f93a38ef418ce360bc418";
  wg = {
    pubKey = "";
  };
--- a/instances/theseus/hardware-configuration.nix
+++ b/instances/theseus/hardware-configuration.nix
@ -60,9 +60,11 @@
    ];
  };
-  swapDevices = [
+  # swapDevices = [
-    { device = "/dev/disk/by-uuid/96c380b3-4498-4eb8-8a18-5eebe2a41428"; }
+  #   { device = "/dev/disk/by-uuid/96c380b3-4498-4eb8-8a18-5eebe2a41428"; }
-  ];
+  # ];
  zramSwap.enable = true;
  zramSwap.writebackDevice = "/dev/disk/by-uuid/96c380b3-4498-4eb8-8a18-5eebe2a41428";
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
--- a/modules/cli/fish.nix
+++ b/modules/cli/fish.nix
@ -13,7 +13,7 @@ in
    programs.bash = {
      # auto spawn fish if interactive
      interactiveShellInit = ''
-        if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
+        if [[ ($(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING}) || -n "$IN_NIX_SHELL"  ]]
        then
          shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
          exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
@ -26,8 +26,11 @@ in
      fzf # needed for reverse history search
    ];
    programs.direnv.enableFishIntegration = true;
    programs.fish.generateCompletions = true;
    programs.fish.interactiveShellInit = ''
      set -g fish_key_bindings fish_vi_key_bindings
      function fish_greeting
      end
      function y
      	set tmp (mktemp -t "yazi-cwd.XXXXXX")
      	yazi $argv --cwd-file="$tmp"
--- a/modules/cli/tmux.nix
+++ b/modules/cli/tmux.nix
@ -17,15 +17,17 @@ in
      historyLimit = 10000;
      plugins = with pkgs.tmuxPlugins; [
        vim-tmux-navigator
        gruvbox
      ];
      escapeTime = 0;
      terminal = "tmux-256color";
      # newSession = true;
      extraConfig = ''
        set -sg escape-time 0 # makes vim esc usable
        new-session -s main
        bind-key -n C-e send-prefix
        bind '"' split-window -c "#{pane_current_path}"
        bind % split-window -h -c "#{pane_current_path}"
        bind c new-window -c "#{pane_current_path}"
        # set-option -g default-terminal "tmux-256color"
        # set -as terminal-overrides ',xterm*:Tc:sitm=\E[3m'
      '';
    };
--- a/modules/desktop/foot.nix
+++ b/modules/desktop/foot.nix
@ -29,7 +29,8 @@ in
      theme = "gruvbox-dark";
      settings = {
        main = {
-          font = "JetBrainsMono Nerd Font:size=11";
+          font = "JetBrainsMono Nerd Font:size=11, Noto Color Emoji:size=10";
          term = "foot";
        };
        scrollback = {
          lines = 100000;
--- a/modules/desktop/niri.nix
+++ b/modules/desktop/niri.nix
@ -102,8 +102,9 @@ in
      binds {
        Mod+D { spawn "${cfg.launcher}"; }
        Mod+Alt+L { spawn "lock"; }
-        Mod+T { spawn "${cfg.term}"; }
+        Mod+T { spawn "${cfg.term}" "tmux" "new-session" "-t" "main"; }
-        Mod+Y { spawn "${cfg.term}" "--app-id" "floating-alacritty" "yazi"; }
+        Mod+Shift+T { spawn "${cfg.term}"; }
        Mod+Y { spawn "${cfg.term}" "--app-id" "floating-alacritty" "-W" "120x37" "yazi"; }
        Mod+P { spawn "keepassxc"; }
        Mod+S { spawn "qalculate-qt"; }
        Mod+Shift+N { spawn "makoctl" "dismiss" "-a"; }
@ -417,7 +418,7 @@ in
        keyboard {
          xkb {
            layout "eu"
-            // options "compose:lalt"
+            options "compose:caps,mod_led:compose"
          }
        }
        touchpad {
--- a/modules/desktop/waybar.nix
+++ b/modules/desktop/waybar.nix
@ -1,451 +0,0 @@
 {
  pkgs,
  config,
  lib,
  ...
 }:
 let
  cfg = config.xyno.desktop.waybar;
  json = pkgs.formats.json { };
  waybarCfg = {
    layer = "top";
    position = "top";
    height = 20;
    modules-left =
      (lib.optionals (cfg.mode == "river") [
        "river/tags"
        "river/layout"
        "river/window"
      ])
      ++ (lib.optionals (cfg.mode == "niri") [
        "niri/workspaces"
        "niri/window"
      ]);
    modules-right = [
      "tray"
      "idle_inhibitor"
      "wireplumber"
      "battery"
      "power-profiles-daemon"
      "backlight"
      "temperature"
      "cpu"
      "memory"
      "disk"
      "network"
      "clock"
    ];
    "power-profiles-daemon" = {
      format = "{icon} ";
      tooltip-format = "Power profile: {profile}\nDriver: {driver}";
      tooltip = true;
      format-icons = {
        "default" = "";
        "performance" = "";
        "balanced" = "";
        "power-saver" = "";
      };
    };
    "river/window" = {
      max-length = 40;
    };
    "niri/window" = {
      max-length = 80;
    };
    wireplumber = {
      "format" = "{icon}   {volume:.2f} dB";
      "format-muted" = "   -inf dB";
      # "on-click" = "${pkgs.pwvucontrol}/bin/pwvucontrol";
      "on-click" = "${pkgs.pavucontrol}/bin/pavucontrol";
      "on-click-right" = "${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
      "on-scroll-up" = "${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ -l 1 1%+";
      "on-scroll-down" = "${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ -l 1 1%-";
      "format-icons" = [
        ""
        ""
        ""
      ];
    };
    "backlight" = {
      "device" = "amdgpu_bl1";
      "format" = "{icon}  {percent}%";
      "format-icons" = [
        "󰃚"
        "󰃛"
        "󰃜"
        "󰃝"
        "󰃞"
        "󰃟"
        "󰃠"
      ];
      "on-scroll-up" = "${pkgs.light}/bin/light -A 5";
      "on-scroll-down" = "${pkgs.light}/bin/light -U 5";
    };
    "idle_inhibitor" = {
      format = "{icon} ";
      format-icons = {
        "activated" = "󰅶";
        "deactivated" = "󰾪";
      };
    };
    battery = {
      "states" = {
        "warning" = 30;
        "critical" = 15;
      };
      "format" = "{icon}   {capacity}%";
      "format-icons" = [
        ""
        ""
        ""
        ""
        ""
      ];
      "tooltip-format" = "Capacity: {capacity}%\nPower Draw: {power:0.2f}W\n{timeTo}\nCycles: {cycles}";
      "max-length" = 25;
    };
    "cpu" = {
      "interval" = 10;
      "format" = "   {:0.0f}%";
      "max-length" = 10;
    };
    "temperature" = {
      "format" = " {temperatureC}°C";
    };
    memory = {
      interval = 30;
      format = "  {used:0.0f}/{total:0.0f}GB";
    };
    clock = {
      interval = 1;
      format = "{:%a %Y-%m-%dT%H:%M:%S%z}";
      "tooltip-format" = "<tt><small>{calendar}</small></tt>";
      "calendar" = {
        "mode" = "year";
        "mode-mon-col" = 3;
        "weeks-pos" = "right";
        "on-scroll" = 1;
        "format" = {
          "months" = "<span color='#ffead3'><b>{}</b></span>";
          "days" = "<span color='#ecc6d9'><b>{}</b></span>";
          "weeks" = "<span color='#99ffdd'><b>W{}</b></span>";
          "weekdays" = "<span color='#ffcc66'><b>{}</b></span>";
          "today" = "<span color='#ff6699'><b><u>{}</u></b></span>";
        };
      };
      "actions" = {
        "on-click-right" = "mode";
        "on-scroll-up" = "shift_up";
        "on-scroll-down" = "shift_down";
      };
    };
    disk = {
      format = "󰋊  {specific_used:0.1f}/{specific_total:0.1f}TB";
      unit = "TB";
      path = "/";
    };
    "network" = {
      "on-click" =
        "${pkgs.alacritty}/bin/alacritty --class floating-alacritty -e ${pkgs.impala}/bin/impala";
      "format" = "{ifname}";
      "format-wifi" = "󰖩  {essid}";
      "format-ethernet" = "󰈀  {ifname}";
      "format-disconnected" = "󰖪 ";
      "tooltip-format" = "{ifname} via {gwaddr}\n{ipaddr}/{cidr}";
      "tooltip-format-wifi" = "{essid} ({signaldBm} dBm) {frequency} GHz\n{ipaddr}/{cidr}";
      "tooltip-format-ethernet" = "{ifname}\n{ipaddr}/{cidr}";
      "tooltip-format-disconnected" = "Disconnected";
      "max-length" = 50;
    };
  };
  waybarCfgFile = json.generate "waybar-config.json" waybarCfg;
  waybarStyleCss = ''
    * {
        /* `otf-font-awesome` is required to be installed for icons */
        font-family: "Source Sans 3";
        font-size: 11px;
    }
    window#waybar {
        color: #a89984;
        background-color: #1d2021;
    }
    window#waybar.hidden {
        opacity: 0.2;
    }
    /*
    window#waybar.empty {
        background-color: transparent;
    }
    window#waybar.solo {
        background-color: #FFFFFF;
    }
    */
    /*window#waybar.termite {
        background-color: #3F3F3F;
    }
    window#waybar.chromium {
        background-color: #000000;
        border: none;
    }*/
    #workspaces button {
        padding: 0 2px;
        background-color: #1d2021;
        color: #ebdbb2;
        /* Use box-shadow instead of border so the text isn't offset */
        box-shadow: inset 0 -3px transparent;
        /* Avoid rounded borders under each workspace name */
        border: none;
        border-radius: 0;
    }
    /* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
    #workspaces button:hover {
        background: rgba(0, 0, 0, 0.2);
    /*    box-shadow: inset 0 -3px #fbf1c7;
    */
        background-color: #3c3836;
    }
    #workspaces button.focused {
    /*    box-shadow: inset 0 -3px #fbf1c7;
    */
        background-color: #3c3836;
        color: #ebdbb2;
    }
    #workspaces button.occupied {
        color: #d3869b;
    }
    #workspaces button.urgent {
        background-color: #cc241d;
        color: #ebdbb2;
    }
    #mode {
        background-color: #64727D;
        border-bottom: 3px solid #fbf1c7;
    }
    #clock,
    #battery,
    #cpu,
    #memory,
    #disk,
    #temperature,
    #backlight,
    #network,
    #pulseaudio,
    #custom-media,
    #tray,
    #mode,
    #idle_inhibitor,
    #custom-poweroff,
    #custom-suspend,
    #mpd {
        padding: 0 2px;
        background-color: #1d2021;
        color: #ebdbb2;
    }
    #window,
    #workspaces,
    #tags  {
        margin: 0 2px;
    }
    /* If workspaces is the leftmost module, omit left margin */
    .modules-left > widget:first-child > #workspaces {
        margin-left: 0;
    }
    /* If workspaces is the rightmost module, omit right margin */
    .modules-right > widget:last-child > #workspaces {
        margin-right: 0;
    }
    #battery {
        color: #d3869b;
    }
    #battery.charging, #battery.plugged {
        color: #98971a;
    }
    @keyframes blink {
        to {
            background-color: #fbf1c7;
            color: #df3f71;
        }
    }
    #battery.critical:not(.charging) {
        background-color: #1d2021;
        color: #d3869b;
        animation-name: blink;
        animation-duration: 0.5s;
        animation-timing-function: linear;
        animation-iteration-count: infinite;
        animation-direction: alternate;
    }
    label:focus {
        background-color: #000000;
    }
    #backlight {
        color: #458588;
    }
    #temperature {
        color: #fabd2f;
    }
    #temperature.critical {
        background-color: #fbf1c7;
        color: #b57614;
    }
    #memory {
        color: #FCF434; /* enby yellow */
    }
    #disk {
        color: #FFFFFF; /* enby white */
    }
    #network {
        color: #b8bb26; /* enby green */
    }
    #clock {
        color: #9C59D1; /* enby purple */
        /*color: #2C2C2C; enby black */
    }
    #network.disconnected {
        background-color: #fbf1c7;
        color: #9d0006;
    }
    #wireplumber {
        color: #fe8019;
    }
    #tray {
    }
    #tray > .needs-attention {
        background-color: #fbf1c7;
        color: #3c3836;
    }
    #idle_inhibitor {
        background-color: #1d2021;
        color: #ebdbb2;
    }
    #idle_inhibitor.activated {
        background-color: #fbf1c7;
        color: #3c3836;
    }
    #custom-media {
        background-color: #66cc99;
        color: #2a5c45;
        min-width: 100px;
    }
    #custom-media.custom-spotify {
        background-color: #66cc99;
    }
    #custom-media.custom-vlc {
        background-color: #ffa000;
    }
    #mpd {
        background-color: #66cc99;
        color: #2a5c45;
    }
    #mpd.disconnected {
        background-color: #f53c3c;
    }
    #mpd.stopped {
        background-color: #90b1b1;
    }
    #mpd.paused {
        background-color: #51a37a;
    }
    #language {
        background: #00b093;
        color: #740864;
        padding: 0 5px;
        margin: 0 5px;
        min-width: 16px;
    }
    #keyboard-state {
        background: #97e1ad;
        color: #000000;
        padding: 0 0px;
        margin: 0 5px;
        min-width: 16px;
    }
    #keyboard-state > label {
        padding: 0 5px;
    }
    #keyboard-state > label.locked {
        background: rgba(0, 0, 0, 0.2);
    }
  '';
  waybarCssFile = pkgs.writeText "waybar.css" waybarStyleCss;
 in
 {
  options.xyno.desktop.waybar.enable = lib.mkEnableOption "enable mako notification daemon";
  options.xyno.desktop.waybar.wantedBy = lib.mkOption {
    type = lib.types.str;
    default = "niri.service";
  };
  options.xyno.desktop.waybar.package = lib.mkOption {
    type = lib.types.package;
    default = pkgs.unstable.waybar;
  };
  options.xyno.desktop.waybar.mode = lib.mkOption {
    type = lib.types.str;
    default = "niri";
  };
  config = lib.mkIf cfg.enable {
    programs.waybar.enable = true;
    programs.waybar.package = cfg.package.overrideAttrs (super: {
      # version = super.version + "-patched";
      patches = [
        ./waybar-wireplumber-db.patch
      ];
    });
    programs.light.enable = true;
    systemd.user.services.waybar.wantedBy = lib.mkForce [ cfg.wantedBy ];
    systemd.user.services.waybar.restartTriggers = [
      waybarCfgFile
      waybarCssFile
    ];
    environment.etc."xdg/waybar/config".source = waybarCfgFile;
    environment.etc."xdg/waybar/style.css".source = waybarCssFile;
  };
 }
--- a/modules/desktop/waybar/cal.nix
+++ b/modules/desktop/waybar/cal.nix
@ -0,0 +1,93 @@
 {
  pkgs,
  config,
  lib,
  ...
 }:
 with lib;
 let
  calwatcher =
    (pkgs.writeShellApplication {
      name = "calwatcher";
      runtimeInputs = [
        pkgs.inotify-tools
        pkgs.khal
        pkgs.jq
      ];
      text = ''
         # in parts ripped from https://git.sr.ht/~whynothugo/dotfiles/tree/3768ec57/item/home/.local/lib/waybar-khal
         render() {
          # Find events starting in two minutes.
          # So if my current event ends in two minutes and another one starts, the
          # widget is already updated with what's upcoming.
          SINCE="$(date -d 'now +2 min' '+%FT%H:%M:%S')"
          UNTIL="1d"
          EVENT="$(
            khal list "$SINCE" "$UNTIL" \
              --day-format 'SKIPME' \
              --format "{start-end-time-style} {title:.31}{repeat-symbol}" |
              grep -v SKIPME |  # filter out headers
              grep -v -P '↦|↔ |⇥' |  # filter out continuing all day events
              grep -v '^ ' |  # exclude full-day events
              head -n 1  # show just the first
          )"
          if [ -z "$EVENT" ]; then
            TEXT="  (nothing upcoming)"
            CLASS="no-event"
          else
            TEXT="  $EVENT"
            CLASS="event"
          fi
          jq --compact-output \
            --null-input \
            --arg text "$TEXT" \
            --arg class "$CLASS" \
            --arg tooltip "$(khal list today 7d --day-format '<span color="#ffead3"><b>{name} {date-long}</b></span>')" \
            '{"text": $text, "class": $class, "tooltip": $tooltip}'
        }
        render # Render once for initial state.
        # In order to make sure events are updated as time passes, this re-renderes
        # every two minutes. That aside, whenever a calendar event changes, we alreays
        # re-render immediately.
        #
        # It would be ideal to determine _when_ the current event ends, and set the
        # timeout accordinly. That would require parsing khal's output a bit more.
        while true; do
          (inotifywait \
            --event modify \
            --event create \
            --event delete \
            --event close_write \
            --event moved_to \
            --event move \
            --monitor \
            --timeout 120 \
            --recursive \
            "$HOME/.calendars" 2> /dev/null) || true | \
            while read -r _; do
              render
              timeout 3 cat || true # debounce for 3s, https://stackoverflow.com/a/69945839
            done
        done
      '';
    })
    + "/bin/calwatcher";
 in
 lib.mkIf (config.xyno.user-services.khal.enable) {
  xyno.desktop.waybar.config = {
    "custom/cal" = {
      exec = calwatcher;
      restart-interval = 5;
      return-type = "json";
      "on-click" = "${pkgs.foot}/bin/footclient --app-id floating-alacritty ${pkgs.khal}/bin/ikhal";
    };
    modules-right = mkOrder 1999 [ "custom/cal" ]; # left of clock, right of everything else
  };
 }
--- a/modules/desktop/waybar/default.nix
+++ b/modules/desktop/waybar/default.nix
@ -0,0 +1,250 @@
 {
  pkgs,
  config,
  lib,
  ...
 }:
 with lib;
 let
  cfg = config.xyno.desktop.waybar;
  json = pkgs.formats.json { };
 in
 {
  options.xyno.desktop.waybar.enable = mkEnableOption "enable mako notification daemon";
  options.xyno.desktop.waybar.wantedBy = mkOption {
    type = types.str;
    default = "niri.service";
  };
  options.xyno.desktop.waybar.package = mkOption {
    type = types.package;
    default = pkgs.unstable.waybar;
  };
  options.xyno.desktop.waybar.config = mkOption {
    type = json.type;
    default = { modules-left = []; modules-right = []; };
  };
  options.xyno.desktop.waybar.style = mkOption {
    type = types.lines;
    default = "";
  };
  imports = [
    ./cal.nix
    ./kmonad.nix
    ./laptop.nix
    ./niri.nix
  ];
  config = mkIf cfg.enable {
    programs.waybar.enable = true;
    programs.waybar.package = cfg.package.overrideAttrs (super: {
      # version = super.version + "-patched";
      patches = [
        ./waybar-wireplumber-db.patch
      ];
    });
    systemd.user.services.waybar.wantedBy = mkForce [ cfg.wantedBy ];
    environment.etc."xdg/waybar/config".source = json.generate "waybar-config.json" cfg.config;
    environment.etc."xdg/waybar/style.css".source = pkgs.writeText "waybar.css" cfg.style;
    xyno.desktop.waybar.config = {
      layer = "top";
      position = "top";
      height = 20;
      modules-right = mkMerge [
        (mkBefore [
          "tray"
          "idle_inhibitor"
          "wireplumber"
        ])
        (mkAfter [
          "temperature"
          "cpu"
          "memory"
          "disk"
          "network"
        ])
        (mkOrder 2000 [ "clock" ])
      ];
      wireplumber = {
        "format" = "{icon}   {volume:.2f} dB";
        "format-muted" = "   -inf dB";
        # "on-click" = "${pkgs.pwvucontrol}/bin/pwvucontrol";
        "on-click" = "${pkgs.pavucontrol}/bin/pavucontrol";
        "on-click-right" = "${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
        "on-scroll-up" = "${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ -l 1 1%+";
        "on-scroll-down" = "${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ -l 1 1%-";
        "format-icons" = [
          ""
          ""
          ""
        ];
      };
      "idle_inhibitor" = {
        format = "{icon} ";
        format-icons = {
          "activated" = "󰅶";
          "deactivated" = "󰾪";
        };
      };
      "cpu" = {
        "interval" = 10;
        "format" = "   {:0.0f}%";
        "max-length" = 10;
      };
      "temperature" = {
        "format" = " {temperatureC}°C";
      };
      memory = {
        interval = 30;
        format = "  {used:0.0f}/{total:0.0f}GB";
      };
      clock = {
        interval = 1;
        format = "{:%a %Y-%m-%dT%H:%M:%S%z}";
        "tooltip-format" = "<tt><small>{calendar}</small></tt>";
        "calendar" = {
          "mode" = "year";
          "mode-mon-col" = 3;
          "weeks-pos" = "right";
          "on-scroll" = 1;
          "format" = {
            "months" = "<span color='#ffead3'><b>{}</b></span>";
            "days" = "<span color='#ecc6d9'><b>{}</b></span>";
            "weeks" = "<span color='#99ffdd'><b>W{}</b></span>";
            "weekdays" = "<span color='#ffcc66'><b>{}</b></span>";
            "today" = "<span color='#ff6699'><b><u>{}</u></b></span>";
          };
        };
        "actions" = {
          "on-click-right" = "mode";
          "on-scroll-up" = "shift_up";
          "on-scroll-down" = "shift_down";
        };
      };
      disk = {
        format = "󰋊  {specific_used:0.1f}/{specific_total:0.1f}TB";
        unit = "TB";
        path = "/";
      };
      "network" = {
        "on-click" = "${pkgs.foot}/bin/footclient --app-id floating-alacritty ${pkgs.impala}/bin/impala";
        "format" = "{ifname}";
        "format-wifi" = "󰖩  {essid}";
        "format-ethernet" = "󰈀  {ifname}";
        "format-disconnected" = "󰖪 ";
        "tooltip-format" = "{ifname} via {gwaddr}\n{ipaddr}/{cidr}";
        "tooltip-format-wifi" = "{essid} ({signaldBm} dBm) {frequency} GHz\n{ipaddr}/{cidr}";
        "tooltip-format-ethernet" = "{ifname}\n{ipaddr}/{cidr}";
        "tooltip-format-disconnected" = "Disconnected";
        "max-length" = 50;
      };
    };
    xyno.desktop.waybar.style = ''
      * {
          /* `otf-font-awesome` is required to be installed for icons */
          font-family: "Source Sans 3";
          font-size: 11px;
      }
      window#waybar {
          color: #a89984;
          background-color: #1d2021;
      }
      window#waybar.hidden {
          opacity: 0.2;
      }
      /*
      window#waybar.empty {
          background-color: transparent;
      }
      window#waybar.solo {
          background-color: #FFFFFF;
      }
      */
      /*window#waybar.termite {
          background-color: #3F3F3F;
      }
      window#waybar.chromium {
          background-color: #000000;
          border: none;
      }*/
      #clock,
      #battery,
      #cpu,
      #memory,
      #disk,
      #temperature,
      #backlight,
      #network,
      #pulseaudio,
      #tray,
      #mode,
      #idle_inhibitor,
      #mpd {
          padding: 0 2px;
          background-color: #1d2021;
          color: #ebdbb2;
      }
      label:focus {
          background-color: #000000;
      }
      #temperature {
          color: #fabd2f;
      }
      #temperature.critical {
          background-color: #fbf1c7;
          color: #b57614;
      }
      #memory {
          color: #FCF434; /* enby yellow */
      }
      #disk {
          color: #FFFFFF; /* enby white */
      }
      #network {
          color: #b8bb26; /* enby green */
      }
      #clock {
          color: #9C59D1; /* enby purple */
          /*color: #2C2C2C; enby black */
      }
      #network.disconnected {
          background-color: #fbf1c7;
          color: #9d0006;
      }
      #wireplumber {
          color: #fe8019;
      }
      #tray > .needs-attention {
          background-color: #fbf1c7;
          color: #3c3836;
      }
      #idle_inhibitor {
          background-color: #1d2021;
          color: #ebdbb2;
      }
      #idle_inhibitor.activated {
          background-color: #fbf1c7;
          color: #3c3836;
      }
    '';
  };
 }
--- a/modules/desktop/waybar/kmonad.nix
+++ b/modules/desktop/waybar/kmonad.nix
@ -0,0 +1,35 @@
 {
  pkgs,
  config,
  lib,
  ...
 }:
 with lib;
 mkIf (config.xyno.hardware.kmonad.enable) {
  xyno.desktop.waybar.config = {
    "custom/kmonad" = {
      exec =
        (pkgs.writeShellApplication {
          name = "kmonad-layer-watcher";
          runtimeInputs = [ pkgs.inotify-tools ];
          text = ''
            cat /tmp/kmonad-layer;
            while inotifywait -qq -e modify /tmp/kmonad-layer; do
              cat /tmp/kmonad-layer;
            done  
          '';
        })
        + "/bin/kmonad-layer-watcher";
      restart-interval = 5;
    };
    modules-left = mkBefore [ "custom/kmonad" ];
  };
  xyno.desktop.waybar.style = ''
    #custom-kmonad {
        color: #84929D;
        margin-left: 4px;
        border-bottom: 3px solid #fbf1c7;
    }
  '';
 }
--- a/modules/desktop/waybar/laptop.nix
+++ b/modules/desktop/waybar/laptop.nix
@ -0,0 +1,87 @@
 {
  pkgs,
  config,
  lib,
  ...
 }:
 lib.mkIf (true) {
  xyno.desktop.waybar.config = {
    battery = {
      "states" = {
        "warning" = 30;
        "critical" = 15;
      };
      "format" = "{icon}   {capacity}%";
      "format-icons" = [
        ""
        ""
        ""
        ""
        ""
      ];
      "tooltip-format" = "Capacity: {capacity}%\nPower Draw: {power:0.2f}W\n{timeTo}\nCycles: {cycles}";
      "max-length" = 25;
    };
    backlight = {
      "device" = "amdgpu_bl1";
      "format" = "{icon}  {percent}%";
      "format-icons" = [
        "󰃚"
        "󰃛"
        "󰃜"
        "󰃝"
        "󰃞"
        "󰃟"
        "󰃠"
      ];
      "on-scroll-up" = "${pkgs.light}/bin/light -A 5";
      "on-scroll-down" = "${pkgs.light}/bin/light -U 5";
    };
    "power-profiles-daemon" = {
      format = "{icon} ";
      tooltip-format = "Power profile: {profile}\nDriver: {driver}";
      tooltip = true;
      format-icons = {
        "default" = "";
        "performance" = "";
        "balanced" = "";
        "power-saver" = "";
      };
    };
    modules-right = [
      "battery"
      "power-profiles-daemon"
      "backlight"
    ];
  };
  programs.light.enable = true;
  xyno.desktop.waybar.style = ''
    #battery {
        color: #d3869b;
    }
    #battery.critical:not(.charging) {
        background-color: #1d2021;
        animation-name: blink;
        animation-duration: 0.5s;
        animation-timing-function: linear;
        animation-iteration-count: infinite;
        animation-direction: alternate;
    }
      @keyframes blink {
          to {
              background-color: #fbf1c7;
              color: #df3f71;
          }
      }
    #battery.critical:not(.charging) {
        background-color: #1d2021;
    }
    #battery.charging, #battery.plugged {
        color: #98971a;
    }
    #backlight {
        color: #458588;
    }
  '';
 }
--- a/modules/desktop/waybar/niri.nix
+++ b/modules/desktop/waybar/niri.nix
@ -0,0 +1,71 @@
 {
  pkgs,
  config,
  lib,
  ...
 }:
 with lib;
 mkIf (config.xyno.desktop.niri.enable) {
  xyno.desktop.waybar.config = {
    "niri/window" = {
      max-length = 80;
    };
    modules-left = [
      "niri/workspaces"
      "niri/window"
    ];
  };
  xyno.desktop.waybar.style = ''
    #window,
    #workspaces,
    #tags  {
        margin: 0 2px;
    }
    /* If workspaces is the leftmost module, omit left margin */
    .modules-left > widget:first-child > #workspaces {
        margin-left: 0;
    }
    /* If workspaces is the rightmost module, omit right margin */
    .modules-right > widget:last-child > #workspaces {
        margin-right: 0;
    }
    #workspaces button {
        padding: 0 2px;
        background-color: #1d2021;
        color: #ebdbb2;
        /* Use box-shadow instead of border so the text isn't offset */
        box-shadow: inset 0 -3px transparent;
        /* Avoid rounded borders under each workspace name */
        border: none;
        border-radius: 0;
    }
    /* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
    #workspaces button:hover {
        background: rgba(0, 0, 0, 0.2);
    /*    box-shadow: inset 0 -3px #fbf1c7;
    */
        background-color: #3c3836;
    }
    #workspaces button.focused {
    /*    box-shadow: inset 0 -3px #fbf1c7;
    */
        background-color: #3c3836;
        color: #ebdbb2;
    }
    #workspaces button.occupied {
        color: #d3869b;
    }
    #workspaces button.urgent {
        background-color: #cc241d;
        color: #ebdbb2;
    }
  '';
 }
--- a/modules/desktop/waybar/waybar-wireplumber-db.patch
+++ b/modules/desktop/waybar/waybar-wireplumber-db.patch
--- a/modules/hardware/kmonad.nix
+++ b/modules/hardware/kmonad.nix
@ -10,8 +10,10 @@ in
 {
  options.xyno.hardware.kmonad.enable = lib.mkEnableOption "kmonad with xynos brain damage";
  config = lib.mkIf cfg.enable {
    services.kmonad = {
      enable = true;
      extraArgs = [ "-c" ];
      keyboards = {
        krane = {
          device = "/dev/input/by-id/usb-Google_Inc._Hammer_440041001157415636313920-event-kbd";
@ -20,6 +22,7 @@ in
        builtin = {
          device = "/dev/input/by-path/platform-i8042-serio-0-event-kbd";
          config = builtins.readFile ./kmonad/builtin.kbd;
        };
        k70-office = {
          device = "/dev/input/by-id/usb-Corsair_CORSAIR_K70_CORE_RGB_TKL_Mechanical_Gaming_Keyboard_599A4D472DCAC05584072AFB922E3BFB-event-kbd";
--- a/modules/hardware/kmonad/builtin.kbd
+++ b/modules/hardware/kmonad/builtin.kbd
@ -25,65 +25,24 @@
 )
 (defalias
-  ext  (layer-toggle extend) ;; Bind 'ext' to the Extend Layer
+ qwerty-enter (tap-macro (cmd-button "echo qwerty > /tmp/kmonad-layer") (layer-switch qwerty))
-)
+ qwerty-exit (tap-macro (cmd-button "echo colemak > /tmp/kmonad-layer") (layer-switch colemak-dh))
 (defalias
  cpy C-c
  pst C-v
  cut C-x
  udo C-z
  all C-a
  fnd C-f
  bk Back
  fw Forward
 )
 (defalias
 num (layer-toggle num)
 )
 (deflayer colemak-dh
-  esc     f1   f2   f3   f4   f5   f6   f7   f8   f9   f10  f11  f12   
+  caps    f1   f2   f3   f4   f5   f6   f7   f8   f9   f10  f11  f12   
  grv      1    2    3    4    5    6    7    8    9    0    -    =    bspc
  tab      q    w    f    p    b    j    l    u    y    ;    [    ]
  esc     (tap-hold-next-release 200 a lctrl)    (tap-hold-next-release 200 r ralt)    (tap-hold-next-release 200 s lmet)    t    g    m    n    (tap-hold-next-release 200 e rmet)    (tap-hold-next-release 200 i lalt)    (tap-hold-next-release 200 o rctrl)    '    \\   ret
  lsft  z    x    c    d    v    102d k    h    ,    .    /    rsft
-  lctl     lmet lalt           spc            ralt rmet _    _
+  lctl     lmet lalt           spc            ralt _    @qwerty-enter @qwerty-enter 
 )
-(deflayer num
+
 (deflayer qwerty
  esc     f1   f2   f3   f4   f5   f6   f7   f8   f9   f10  f11  f12
  grv     1    2    3    4    5    6    7    8    9    0    -    =    bspc
-  tab      q    w    f    p    b    j    l    u    y    ;    [    ]
+  tab     q    w    e    r    t    y    u    i    o    p    [    ]
-  esc      1    2    3    4    5    6    7    8    9    0    '    \\   ret
+  caps    a    s    d    f    g    h    j    k    l    ;    '    \   ret
-  lsft  z    x    c    d    v    102d k    h    ,    .    /    rsft
+  lsft 102d z    x    c    v    b    n    m    ,    .    /    rsft
-  lctl     lmet lalt           spc            ralt rmet _    _
+  lctl    lmet lalt           spc            ralt rmet @qwerty-exit  @qwerty-exit 
 )
 (deflayer colemak-dhk
  esc     f1   f2   f3   f4   f5   f6   f7   f8   f9   f10  f11  f12
  grv      1    2    3    4    5    6    7    8    9    0    -    =    bspc
  tab      q    w    f    p    b    j    l    u    y    ;    [    ]
  @ext     a    r    s    t    g    k    n    e    i    o    '    \\   ret
  lsft  z    x    c    d    v    102d m    h    ,    .    /    rsft
  lctl     lmet lalt           spc            ralt rmet _    _
 )
 (deflayer extend
  _        play rewind previoussong nextsong ejectcd refresh brdn brup www mail prog1 prog2
  _        f1   f2   f3   f4   f5   f6   f7   f8   f9  f10   f11  f12  _
  _        esc  @bk  @fnd @fw  ins  pgup home up   end  menu prnt slck
  _        lalt lmet lsft lctl ralt pgdn lft  down rght del  caps _    _
  _     @udo @cut @cpy  tab  @pst _   pgdn bks  lsft lctl comp _
  _        _    _              ret            _    _    _    _
 )
 (deflayer empty
  _        _    _    _    _    _    _    _    _    _    _    _    _    
  _        _    _    _    _    _    _    _    _    _    _    _    _    _
  _        _    _    _    _    _    _    _    _    _    _    _    _ 
  _        _    _    _    _    _    _    _    _    _    _    _    _    _ 
  _    _     _    _    _    _    _    _    _    _    _    _    _ 
  _        _    _              _              _    _    _    _
 )
--- a/modules/hardware/smartcard.nix
+++ b/modules/hardware/smartcard.nix
@ -0,0 +1,20 @@
 {
  pkgs,
  lib,
  config,
  ...
 }:
 let
  cfg = config.xyno.hardware.smartcard;
 in
 {
  options.xyno.hardware.smartcard.enable =
    lib.mkEnableOption "enable stuff needed for smartcards to work right";
  config = lib.mkIf cfg.enable {
    services.vsmartcard-vpcd.enable = true;
    hardware.gpgSmartcards.enable = true;
    services.fido2-hid-bridge.enable = true;
    services.pcscd.enable = true;
  };
 }
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@ -1,6 +1,7 @@
 [
  ./cli/fish.nix
  ./cli/starship.nix
  ./cli/tmux.nix
  ./desktop/audio.nix
  ./desktop/common-programs.nix
  ./desktop/easyeffects.nix
@ -11,9 +12,10 @@
  ./desktop/niri.nix
  ./desktop/shikane.nix
  ./desktop/swayidle.nix
-  ./desktop/waybar.nix
+  ./desktop/waybar
  ./desktop/wpaperd.nix
  ./hardware/kmonad.nix
  ./hardware/smartcard.nix
  ./networking/networkd.nix
  ./presets/cli.nix
  ./presets/common.nix
@ -27,6 +29,7 @@
  ./services/wireguard.nix
  ./system/impermanence.nix
  ./system/user.nix
  ./user-services/khal.nix
  ./user-services/syncthing.nix
  ./to-upstream/fido2-hid-bridge.nix
 ]
--- a/modules/presets/cli.nix
+++ b/modules/presets/cli.nix
@ -24,6 +24,7 @@ in
    xyno.cli.fish.enable = true;
    xyno.cli.starship.enable = true;
    xyno.cli.tmux.enable = true;
    security.sudo.enable = false;
    i18n.defaultLocale = "en_US.UTF-8";
@ -71,10 +72,32 @@ in
    # https://github.com/NixOS/nixpkgs/issues/361592 needed for run0
    security.pam.services.systemd-run0 = { };
    programs.tmux.enable = true;
    programs.yazi = {
      enable = true;
      initLua = pkgs.writeText "yazi-init.lua" ''
        function Linemode:size_and_mtime()
        	local time = math.floor(self._file.cha.mtime or 0)
        	if time == 0 then
        		time = ""
        	elseif os.date("%Y", time) == os.date("%Y") then
        		time = os.date("%b %d %H:%M", time)
        	else
        		time = os.date("%b %d  %Y", time)
        	end
        	local size = self._file:size()
        	return string.format("%s %s", size and ya.readable_size(size) or "-", time)
        end
      '';
      settings.yazi = {
        mgr = {
          sort_by = "mtime";
          linemode = "size_and_mtime";
          sort_reverse = true;
          sort_dir_first = true;
        };
      };
    };
    services.pcscd.enable = true;
@ -92,6 +115,7 @@ in
      bottom
      curl
      croc
      comma
      dig
      fd
      ffmpeg
@ -110,7 +134,8 @@ in
      pv
      ripgrep
      w3m
-      yt-dlp
+      unstable.yt-dlp
      gallery-dl
      p7zip
      ncdu
    ];
@ -121,7 +146,7 @@ in
    environment.shellAliases = {
      l = "ls -alh";
-      n = "yazi";
+      n = "y";
      gc = "git commit -v";
      gpl = "git pull";
      gd = "git diff";
--- a/modules/presets/development.nix
+++ b/modules/presets/development.nix
@ -25,7 +25,7 @@ in
    virtualisation.podman.enable = true;
    environment.systemPackages = with pkgs; [
-      unstable.jetbrains.rider
+      jetbrains.rider
      # android-studio
      nixpkgs-manual
      nixpkgs-manual.lib-docs
--- a/modules/presets/gui.nix
+++ b/modules/presets/gui.nix
@ -22,6 +22,7 @@ in
    ];
    xyno.desktop.niri.enable = true;
    xyno.desktop.audio.enable = mkDefault true;
    xyno.user-services.khal.enable = true;
    boot.kernelPackages = mkDefault pkgs.linuxPackages_zen;
    security.soteria.enable = true;
    security.rtkit.enable = true;
@ -44,7 +45,7 @@ in
    };
    programs.yazi = {
-      settings.keymap.manager.prepend_keymap = [
+      settings.keymap.mgr.prepend_keymap = [
        {
          on = "y";
          run = [
--- a/modules/user-services/khal.nix
+++ b/modules/user-services/khal.nix
@ -0,0 +1,63 @@
 {
  pkgs,
  config,
  lib,
  ...
 }:
 let
  cfg = config.xyno.user-services.khal;
 in
 {
  options.xyno.user-services.khal.enable = lib.mkEnableOption "enable khal and vdirsyncer";
  options.xyno.user-services.khal.wantedBy = lib.mkOption {
    type = lib.types.str;
    default = "niri.service";
  };
  config = lib.mkIf cfg.enable {
    environment.systemPackages = [
      pkgs.khal
      pkgs.vdirsyncer
    ];
    systemd.packages = [ pkgs.vdirsyncer ];
    environment.etc."xdg/khal/config".text = ''
      [locale]
      weeknumbers = right
      timeformat = "%H:%M"
      longdatetimeformat = "%Y-%m-%dT%H:%M:%S"
      datetimeformat = "%Y-%m-%dT%H:%M:%S"
      dateformat = "%Y-%m-%d"
      longdateformat = "%Y-%m-%d"
      [calendars]
      [[calendars]]
      path = ~/.calendars/*
      type = discover
    '';
    systemd.user.services.vdirsyncer = {
      environment.VDIRSYNCER_CONFIG = config.sops.secrets."vdirsyncer".path;
      unitConfig = {
        After = "network-online.target";
        Wants = "network-online.target";
      };
      serviceConfig = {
        Type = "oneshot";
      };
      script = ''
        ${pkgs.vdirsyncer}/bin/vdirsyncer metasync
        ${pkgs.vdirsyncer}/bin/vdirsyncer sync
      '';
    };
    systemd.user.timers.vdirsyncer = {
      wantedBy = [ cfg.wantedBy "timers.target" ];
      timerConfig = {
        OnCalendar = "*:0/15:00";
        Unit = "vdirsyncer.service";
      };
    };
    environment.sessionVariables.VDIRSYNCER_CONFIG = config.sops.secrets."vdirsyncer".path;
    sops.secrets."vdirsyncer" = {
      sopsFile = ../../secrets/desktop/calendar.yaml;
      group = "users";
      owner = config.xyno.system.user.name;
    };
  };
 }
--- a/overlays/default.nix
+++ b/overlays/default.nix
@ -8,7 +8,7 @@ inputs: self: super: {
  nheko = super.nheko.overrideAttrs (old: {
    version = "git-${builtins.substring 0 8 inputs.nheko.rev}-patched";
    src = inputs.nheko;
-    patches = (old.patches or [ ]) ++ [
+    patches = [
      (self.fetchpatch2 {
        url = "https://github.com/Nheko-Reborn/nheko/pull/1838/commits/c9f1a449d825d5879735f95ebfb0c7acec101226.patch";
        hash = "sha256-RhyP8HrGtT6gYMc9mI4I8snrHCN8f0YYzFbAoMKweyc=";
@ -28,4 +28,15 @@ inputs: self: super: {
  python-uhid = super.callPackage ../packages/uhid.nix {};
  caddy-desec = super.callPackage ../packages/caddy-desec.nix {};
  # todo: remove on next supersonic release
  supersonic-wayland = super.supersonic-wayland.overrideAttrs (old: {
    patches = (if old?patches then old.patches else []) ++ [
      (self.fetchpatch2 {
        url = "https://github.com/dweymouth/supersonic/commit/ee742cf34ef7225d345c16354d9c21d72a41bf4a.patch";
        hash = "sha256-kSeEbzrfJ4Pe8JC4rIWlSmADOcjrCRBNWlcO8VfVnn4=";
      })
    ];
    vendorHash = "sha256-Sh3PxRwb6ElSeWzdvIQ+nD9VVGlpUDwxG7nAoGWPTRQ=";
  });
 }
--- a/secrets/desktop/calendar.yaml
+++ b/secrets/desktop/calendar.yaml
@ -0,0 +1,40 @@
 vdirsyncer: ENC[AES256_GCM,data:4UoJJ86MMYWiwdQTcpgTayVMkASjrXCZgQHfm9m1OMEmHvOLhejlp6snz+nD0D8W1uA30KQPVRzP2ICtEgetOm70KaMXQkk22qtzCxkPZcZNk62K7zT7AB84CPfdwJNXEFw9d4SXQvvhyL1DEyp//yPs9oYiRtENwaPDWTw1FZkJpw85jniPGrUGekDNao/4TGxFLH6AWoYVmXokRlfFwee7BwG/5+5A16+IFk3Le2VhGlLAqz74DaJcC3k6q7HM1vx51IV/aZX5KszVOfFnmQgNKieV1zMkwMEXaMgWopnzlnhKscFbWov6mcVa3tdFLDFTwyjCbWpShcGUyXOEzhmhyapfhCrJeqItM/iuXVkldzVkW6pHWA4rNLNzzssYw0L8W4+IfhCq+NN1sExHoZIE+EfBMi48jI6beuMCYQ3FX9mV+Y0HopSV00lI1rQv5WZzPXxhKMAd6nWUtVtYdVERaB8mozm0ItCVRwtLuW9cUwNSfz4dIcHaRkllgAOmVF/P1rGE4xzVUJcgMefbKNLjdakt2CjYMMou8AwrIDl3hedqqdvbhlMqkzOYyGT7Dq0RS3FExW4ozJcLCPiYl9H5MfMl9C0Ye5kU6ejxD+z70fS6evX5CM5kHlEyDBB+5UnNHorCQhVhlIjv6cHMLUlpWsur39zsegGwTQuG06xk3hDiwUy5SgXD9YWDTOJDxxxRl328ihs2tyK6i7m47MLJqh1LZnZZOaTogh24NVCd+r0Se6xAzQr3cvijgVLi3XAZuhSbisU3dE/pw/17eJUY9MzP+DvY5+u4FFATLoi6BZKDv4ZM34BIxIa626b/Q6/dYQT1dzHCcIn6/cv9lnLQE33joj4tEFGA5oLCgXb/Y7kVmrQg6aAFVLuOLfvlA61pwPDX5hQPZVc2Hom/j7OGhvNoE27rNlMkeiWvkR1i0z5jeZpcgqWlJYR9Ny++fMeI2t1o9u6WKUeTRGKfdu+UCJlgD1U/yc86bE/3rXPmi6OV/enxCLMHVtczWSjd2NW4LTzG50LVnipUGYXhsS53tx2aHQHBtZDjoo4zTTlDlpXHg95J2toxJI3gnXNqdPnK0BUQCeREKn8l7Ckj8GPoo+y6nf40EMT9BQZisZYSrW6wjetC7v0igqRgPPvrAoidnVTH6PVByQRdlRbH/PBa6QcANz9wBbL8RD8DX8wvMY0qZZLgM+0KlicIeHrhaGiALKl2jn0AxbjlV5CMf7ZxDDJT/hGq1UUp2VQ1Nmauj87aLBqNWFRxHYMr0mnFPcNpYkKyvHx1KjZYCdTQn8CZ1GVC7XVcdPZk/F3znPN8dNWzoin80sWNRdjkO8mtARmq8k+cuGhbQ4l4J+3b3AsXH6/zmSoGud/cG6WDd811O30K/9qqpnzeHLFJXueU5rerCzYZJseDHWpOhdEDxYPl0eVzfL+VAMXEJgwnJ3iLKWDm7HvKtfWWIzckQJ56eQcFGmALAc1MBxrpEghCZ0pikm3gv1aGOwrB94i8he1ssasSMDg4VFTY2kAt0Kbph59ewkEWoMLIfsOWvAP/TBGZt23yh4wSNgKJPqUutTYHJ5rUal6afcY4ZPdJFxFwPeRxpxAhqInu0jJCCJbVtucj3tVkqMla/MBKk1Os1n5Ge7GJfog=,iv:xWlbxnn7Pgc88J6dFGrhRywXo6MekfSXbLQp3rKSI4k=,tag:c+7ebUU4BsCJFO1aqyN4Tw==,type:str]
 sops:
    lastmodified: "2025-10-06T17:49:51Z"
    mac: ENC[AES256_GCM,data:5vEUwE8lHVj0GSgoD7G7YKWq0O3Isz7gLDjn7+wYjcGDB2JhcFcuBECtXB24VbcAYjf0ARKZiZwdVqdXfEXyWtHErBhNlCVX3JAHQx/jx6v7x6/8XbDDvuSf7oUXHJ0NOQWpn656nsvIi3pD5F4k1uDixNW6pLPZodp14y4sdFU=,iv:2Tn/l1nWSrWdu6WTHqhpEXQxfKHpJeqKN9Drzcx91kg=,tag:V8hd6IKPlgeE+SFRCOPmGQ==,type:str]
    pgp:
        - created_at: "2025-10-06T16:51:38Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
            hL4DAAAAAAAAAAASBAMEAHAJzr07bCD9inqyANqbuf6JlJIgd6yH4bA3xe8zZJC8
            tGWUMVlZJwsuAyGeAlsQvaHzg6ce/sowI6rgqPiXd2Bea0VY5pTIrbKUi5uxq/sK
            HeUCZPPCdvaR45Bbkf+GTrvCjOrMJRcaLqG+Sgzy4hKdWkdNwRoVQeqk2JHJsVEw
            zfVOwBd+rMHQ7CsUHgHSDvTh7BtUYDS0S65gR7VNh+yk9pod0J+PXNY+nqyBcqPu
            0l4Bdxo2Y2cg9GQiSL6ZGW7Dp6OtkF5CDwk7RmU26pA46OePtN21eiCiFQ6yg25n
            AYXsBdqeH3580/Vety6MWSZZIaLtVaIPabGHpiKv+tVjzTkrF/2lHUKpDhoQ5Sye
            =oEYU
            -----END PGP MESSAGE-----
          fp: 0D98D5964AC8BB1CA034CE4EC456133700066642
        - created_at: "2025-10-06T16:51:38Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
            hQIMAwAAAAAAAAAAARAAlCZXnkzHGj0bUqBzOzxBX3neGc6pyQQUyGEQfAUw40m9
            6zxzYyXIwAaYOWpFjU5nwVuLpIImv63N55VLXejlk0IyT7yOcY/XlUdZ5gITX19J
            uCCdEAAr4S4cbW9bul9URNAQyKI9FFqWXfrq1zzFTRlMODBECkjTbTlrr9yggB4v
            BCCx6WqIAbmGAyXSTPMroat6pnv+x3VUd3VOeWEsmSL3qG3tqbWZc2Y061b3d9oA
            uykKKcwhgNv9ubZ+qLh1Szw7NLIAVAxVDFc3iugTeu7PkleQYGXlSagZOWw/EkAt
            wsqxsgccqFwb1DjHUwcaz48raylcCNIhKRtINGbYlNIHtFRIc1rTHwn4l344zwQp
            CjxiWXxhwW42eoHYLt3b//EmOhWOasbRlg6LT3Wz01jBylahuqjDaAgQjOHPLUvO
            v9/TbAIsmb7zrnoT4bISgbrPbO2hPETR9N1tVmgR1w58hrX455Uo3f4O8FY7TMVB
            9A+8+Pg5WKANKxyws4TyM3xZfSuxOIZgaI3IwZ6/7eiVcaz5aCEbt22MjzuwsCgQ
            N1/Jld0VJGeg9jDChFgGF9YUelheyBAiuSx4G0+NA4ir6H/MbK2Ej5zUDJec4Fd7
            eqxFxcxWJxVtSMKZy+LmCRoe2gJRXFh86qXwkGJEIKBFfuQk7EF7KgUnf32AQwfS
            WAHRf/20A+2kTjAmumVOHOY3PD3pS6fvQVwr0yliYQeYVJP8eUjRgjHuPaRwp9FQ
            4NlTKfVQGyyvoB1z8I0bMTVa1pkZhLs5dI290uk124LeQG6A93w+ajQ=
            =VFO8
            -----END PGP MESSAGE-----
          fp: 4019fd893bba15618c2f93a38ef418ce360bc418
    unencrypted_suffix: _unencrypted
    version: 3.11.0
--- a/sops.nix
+++ b/sops.nix
@ -11,10 +11,15 @@ let
  adminKeys = [
    "0D98D5964AC8BB1CA034CE4EC456133700066642" # xyno main gpg key
  ];
-  keysPerHost = (mapAttrs (n: v: (toList v.sopsKey)) (
+  keysPerHost = (
-    filterAttrs (n: v: v ? sopsKey) instanceConfigs
+    mapAttrs (n: v: (toList v.sopsKey)) (filterAttrs (n: v: v ? sopsKey) instanceConfigs)
-  ));
+  );
  desktopHostNames = [ "theseus" ];
  hostKeys = flatten (attrValues keysPerHost);
  desktopKeys = flatten (
    attrValues (filterAttrs (n: v: any (x: x == n) desktopHostNames) keysPerHost)
  );
  sopsCfg = {
    keys = adminKeys ++ hostKeys;
@ -23,6 +28,10 @@ let
        path_regex = "secrets/[^/]+\.(yaml|json|env|ini)$";
        key_groups = [ { pgp = adminKeys ++ hostKeys; } ];
      }
      {
        path_regex = "secrets/desktop/[^/]+\.(yaml|json|env|ini)$";
        key_groups = [ { pgp = adminKeys ++ desktopKeys; } ];
      }
    ]
    ++ (mapAttrsToList (n: v: {
      # path_regex = "instances/${n}/secrets/[^/]+\.(yaml|json|env|ini)$";
@ -33,4 +42,5 @@ let
  };
  sopsCfgFile = writeText ".sops.yaml" (builtins.toJSON sopsCfg);
-in sopsCfgFile
+in
 sopsCfgFile