Added saleae logic analyzer udev rules

Added saleae logic analyzer
Remove lingering comment
2025-12-31 03:24:19 +00:00 · 2025-12-14 22:37:46 -08:00 · 2025-12-14 21:58:34 -08:00 · 2025-12-13 16:36:13 -08:00 · 2025-12-13 16:35:03 -08:00 · 2025-12-13 16:34:13 -08:00
94 changed files with 3103 additions and 97 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -0,0 +1,60 @@
+keys:
+  - &admin_users:
+    - &caperren       age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
+  - &systems:
+    - &personal:
+      - &cap_slim7    age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
+      - &cap_nr200p   age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
+    - &cluster:
+      - &cap_clust_01 age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
+      - &cap_clust_02 age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
+      - &cap_clust_03 age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
+      - &cap_clust_04 age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
+      - &cap_clust_05 age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
+      - &cap_clust_06 age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
+      - &cap_clust_07 age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
+      - &cap_clust_08 age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
+      - &cap_clust_09 age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
+creation_rules:
+  - path_regex: users/caperren/secrets/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+      - age:
+          - *caperren
+          - *cap_slim7
+          - *cap_nr200p
+  - path_regex: secrets/default.yaml$
+    key_groups:
+      - age:
+          - *caperren
+          - *cap_slim7
+          - *cap_nr200p
+          - *cap_clust_01
+          - *cap_clust_02
+          - *cap_clust_03
+          - *cap_clust_04
+          - *cap_clust_05
+          - *cap_clust_06
+          - *cap_clust_07
+          - *cap_clust_08
+          - *cap_clust_09
+  - path_regex: secrets/cluster.yaml$
+    key_groups:
+      - age:
+          - *caperren
+          - *cap_slim7
+          - *cap_nr200p
+          - *cap_clust_01
+          - *cap_clust_02
+          - *cap_clust_03
+          - *cap_clust_04
+          - *cap_clust_05
+          - *cap_clust_06
+          - *cap_clust_07
+          - *cap_clust_08
+          - *cap_clust_09
+  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+      - age:
+          - *caperren
+          - *cap_slim7
+          - *cap_nr200p
--- a/flake.nix
+++ b/flake.nix
@@ -2,11 +2,16 @@
  description = "Nixos config flake";

  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";

+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    home-manager = {
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager/release-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
@@ -15,19 +20,100 @@
    {
      self,
      nixpkgs,
+      sops-nix,
      home-manager,
      nixos-hardware,
      ...
    }@inputs:
    {
+      nixosConfigurations.cap-clust-01 = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          ./hosts/cap-clust-01/configuration.nix
+          sops-nix.nixosModules.sops
+          inputs.home-manager.nixosModules.default
+        ];
+      };
+      nixosConfigurations.cap-clust-02 = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          ./hosts/cap-clust-02/configuration.nix
+          sops-nix.nixosModules.sops
+          inputs.home-manager.nixosModules.default
+        ];
+      };
+      nixosConfigurations.cap-clust-03 = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          ./hosts/cap-clust-03/configuration.nix
+          sops-nix.nixosModules.sops
+          inputs.home-manager.nixosModules.default
+        ];
+      };
+      nixosConfigurations.cap-clust-04 = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          ./hosts/cap-clust-04/configuration.nix
+          sops-nix.nixosModules.sops
+          inputs.home-manager.nixosModules.default
+        ];
+      };
+      nixosConfigurations.cap-clust-05 = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          ./hosts/cap-clust-05/configuration.nix
+          sops-nix.nixosModules.sops
+          inputs.home-manager.nixosModules.default
+        ];
+      };
+      nixosConfigurations.cap-clust-06 = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          ./hosts/cap-clust-06/configuration.nix
+          sops-nix.nixosModules.sops
+          inputs.home-manager.nixosModules.default
+        ];
+      };
+      nixosConfigurations.cap-clust-07 = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          ./hosts/cap-clust-07/configuration.nix
+          sops-nix.nixosModules.sops
+          inputs.home-manager.nixosModules.default
+        ];
+      };
+      nixosConfigurations.cap-clust-08 = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          ./hosts/cap-clust-08/configuration.nix
+          sops-nix.nixosModules.sops
+          inputs.home-manager.nixosModules.default
+        ];
+      };
+      nixosConfigurations.cap-clust-09 = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          ./hosts/cap-clust-09/configuration.nix
+          sops-nix.nixosModules.sops
+          inputs.home-manager.nixosModules.default
+        ];
+      };

      nixosConfigurations.cap-slim7 = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
-        specialArgs = {
-          inherit inputs;
-        };
+        specialArgs = { inherit inputs; };
        modules = [
          ./hosts/cap-slim7/configuration.nix
+          sops-nix.nixosModules.sops
          inputs.home-manager.nixosModules.default
          nixos-hardware.nixosModules.lenovo-legion-16arha7
        ];
@@ -35,9 +121,11 @@

      nixosConfigurations.cap-nr200p = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
        modules = [
          ./hosts/cap-nr200p/configuration.nix
          inputs.home-manager.nixosModules.default
+          sops-nix.nixosModules.sops
        ];
      };
    };
--- a/hosts/cap-clust-01/configuration.nix
+++ b/hosts/cap-clust-01/configuration.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    # Hardware Scan
+    ./hardware-configuration.nix
+
+    # Host Groups
+    ../../modules/host-groups/cluster.nix
+
+    # Application Groups
+    ../../modules/application-groups/k3s-primary.nix
+  ];
+
+  networking.hostName = "cap-clust-01";
+}
--- a/hosts/cap-clust-01/hardware-configuration.nix
+++ b/hosts/cap-clust-01/hardware-configuration.nix
@@ -0,0 +1,52 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "ehci_pci"
+    "usb_storage"
+    "usbhid"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [
+    "kvm-amd"
+    "amdgpu"
+  ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/0028a3af-8470-46c2-81ca-6d9be16a6236";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/C389-7B6B";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/2b063ac4-54ee-4b16-b766-9c470733995c"; }
+  ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/cap-clust-02/configuration.nix
+++ b/hosts/cap-clust-02/configuration.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    # Hardware Scan
+    ./hardware-configuration.nix
+
+    # Host Groups
+    ../../modules/host-groups/cluster.nix
+
+    # Application Groups
+    ../../modules/application-groups/k3s-secondary.nix
+  ];
+
+  networking.hostName = "cap-clust-02";
+}
--- a/hosts/cap-clust-02/hardware-configuration.nix
+++ b/hosts/cap-clust-02/hardware-configuration.nix
@@ -0,0 +1,52 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "ehci_pci"
+    "usb_storage"
+    "usbhid"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [
+    "kvm-amd"
+    "amdgpu"
+  ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/9fcf291d-2576-44b4-bcba-98e40305e531";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/7727-439F";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/56f2d727-03c5-4aef-9871-217bf98cdbb4"; }
+  ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/cap-clust-03/configuration.nix
+++ b/hosts/cap-clust-03/configuration.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    # Hardware Scan
+    ./hardware-configuration.nix
+
+    # Host Groups
+    ../../modules/host-groups/cluster.nix
+
+    # Application Groups
+    ../../modules/application-groups/k3s-secondary.nix
+  ];
+
+  networking.hostName = "cap-clust-03";
+}
--- a/hosts/cap-clust-03/hardware-configuration.nix
+++ b/hosts/cap-clust-03/hardware-configuration.nix
@@ -0,0 +1,52 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "ehci_pci"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [
+    "kvm-amd"
+    "amdgpu"
+  ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/c2cfd56f-0090-45eb-a239-068fdadd2fd4";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/C3CF-3854";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/e60a5ced-d01e-4613-afba-9b445bc43097"; }
+  ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/cap-clust-04/configuration.nix
+++ b/hosts/cap-clust-04/configuration.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    # Hardware Scan
+    ./hardware-configuration.nix
+
+    # Host Groups
+    ../../modules/host-groups/cluster.nix
+  ];
+
+  networking.hostName = "cap-clust-04";
+}
--- a/hosts/cap-clust-04/hardware-configuration.nix
+++ b/hosts/cap-clust-04/hardware-configuration.nix
@@ -0,0 +1,52 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "ehci_pci"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [
+    "kvm-amd"
+    "amdgpu"
+  ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/b9c79a2f-8c6a-4f86-8562-b2f882992e95";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/EF0B-C66E";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/9a123c08-cc9b-4516-a158-b274e9b399c3"; }
+  ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/cap-clust-05/configuration.nix
+++ b/hosts/cap-clust-05/configuration.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    # Hardware Scan
+    ./hardware-configuration.nix
+
+    # Host Groups
+    ../../modules/host-groups/cluster.nix
+  ];
+
+  networking.hostName = "cap-clust-05";
+}
--- a/hosts/cap-clust-05/hardware-configuration.nix
+++ b/hosts/cap-clust-05/hardware-configuration.nix
@@ -0,0 +1,52 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "ehci_pci"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [
+    "kvm-amd"
+    "amdgpu"
+  ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/51ce9236-fe8c-49bc-bb90-1e582d163d04";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/FF5C-EB30";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/1d24fd7d-c958-44ad-bb28-c394f3d56a6b"; }
+  ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/cap-clust-06/configuration.nix
+++ b/hosts/cap-clust-06/configuration.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    # Hardware Scan
+    ./hardware-configuration.nix
+
+    # Host Groups
+    ../../modules/host-groups/cluster.nix
+  ];
+
+  networking.hostName = "cap-clust-06";
+}
--- a/hosts/cap-clust-06/hardware-configuration.nix
+++ b/hosts/cap-clust-06/hardware-configuration.nix
@@ -0,0 +1,52 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "ehci_pci"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [
+    "kvm-amd"
+    "amdgpu"
+  ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/8cf14e41-2af7-4bbd-89e2-90f5d04601b8";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/33C3-BB59";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/262fa61f-4beb-4822-ace6-bb15c62b2cca"; }
+  ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/cap-clust-07/configuration.nix
+++ b/hosts/cap-clust-07/configuration.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    # Hardware Scan
+    ./hardware-configuration.nix
+
+    # Host Groups
+    ../../modules/host-groups/cluster.nix
+  ];
+
+  networking.hostName = "cap-clust-07";
+}
--- a/hosts/cap-clust-07/hardware-configuration.nix
+++ b/hosts/cap-clust-07/hardware-configuration.nix
@@ -0,0 +1,52 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "ehci_pci"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [
+    "kvm-amd"
+    "amdgpu"
+  ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/ad88a1b0-c98e-4a95-9fb3-3299169c952b";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/73CA-8E6D";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/c6139db9-2a9d-400a-b8a8-c8f77c5713ca"; }
+  ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/cap-clust-08/configuration.nix
+++ b/hosts/cap-clust-08/configuration.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    # Hardware Scan
+    ./hardware-configuration.nix
+
+    # Host Groups
+    ../../modules/host-groups/cluster.nix
+  ];
+
+  networking.hostName = "cap-clust-08";
+}
--- a/hosts/cap-clust-08/hardware-configuration.nix
+++ b/hosts/cap-clust-08/hardware-configuration.nix
@@ -0,0 +1,52 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "ehci_pci"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [
+    "kvm-amd"
+    "amdgpu"
+  ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/deed37a4-4d5a-465c-93e6-1b7b216e0a1c";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/3ABB-C794";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/6a99a895-a58c-43d2-8b62-02e3c915f46c"; }
+  ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/cap-clust-09/configuration.nix
+++ b/hosts/cap-clust-09/configuration.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    # Hardware Scan
+    ./hardware-configuration.nix
+
+    # Host Groups
+    ../../modules/host-groups/cluster.nix
+  ];
+
+  networking.hostName = "cap-clust-09";
+}
--- a/hosts/cap-clust-09/hardware-configuration.nix
+++ b/hosts/cap-clust-09/hardware-configuration.nix
@@ -0,0 +1,33 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" "amdgpu" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/affec1c2-bf7c-499e-80a6-6615fd163e1a";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/9E1A-C3DA";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/a17f3a16-78fb-494d-8319-89e31e1defae"; }
+    ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/modules/application-groups/android.nix
+++ b/modules/application-groups/android.nix
@@ -1,5 +1,4 @@
 { config, pkgs, ... }:
 {
  programs.adb.enable = true;
-  virtualisation.waydroid.enable = true;
 }
--- a/modules/application-groups/gaming.nix
+++ b/modules/application-groups/gaming.nix
@@ -27,6 +27,7 @@
  environment.systemPackages = with pkgs; [
    bs-manager
    heroic
+    itch
    monado
  ];
 }
--- a/modules/application-groups/k3s-primary.nix
+++ b/modules/application-groups/k3s-primary.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+{
+  sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml;
+
+  services.k3s = {
+    enable = true;
+    role = "server";
+    tokenFile = config.sops.secrets.k3s_token.path;
+    clusterInit = true;
+  };
+}
--- a/modules/application-groups/k3s-secondary.nix
+++ b/modules/application-groups/k3s-secondary.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+{
+  sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml;
+
+  services.k3s = {
+    enable = true;
+    role = "server"; # Or "agent" for worker only nodes
+    tokenFile = config.sops.secrets.k3s_token.path;
+    serverAddr = "https://cap-clust-01:6443";
+  };
+}
--- a/modules/application-groups/media-creation.nix
+++ b/modules/application-groups/media-creation.nix
@@ -4,7 +4,8 @@
    audacity
    darktable
    inkscape
-    kdePackages.kdenlive
+    # kdePackages.kdenlive  # <- Build Failure
    obs-studio
+    pinta
  ];
 }
--- a/modules/application-groups/media.nix
+++ b/modules/application-groups/media.nix
@@ -27,6 +27,8 @@

  environment.systemPackages = with pkgs; [
    glava
+    gimp
+    imv
    plex-desktop
    projectm_3
    sox
--- a/modules/application-groups/pcb-design.nix
+++ b/modules/application-groups/pcb-design.nix
@@ -2,7 +2,18 @@
 {
  environment.systemPackages = with pkgs; [
    kicad
-    #pcb2gcode
+    pcb2gcode
+    saleae-logic-2
  ];

+  services.udev.extraRules = ''
+    # Saleae Logic Analyzers
+    SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTR{idVendor}=="0925", ATTR{idProduct}=="3881", MODE="0666"
+    SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTR{idVendor}=="21a9", ATTR{idProduct}=="1001", MODE="0666"
+    SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTR{idVendor}=="21a9", ATTR{idProduct}=="1003", MODE="0666"
+    SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTR{idVendor}=="21a9", ATTR{idProduct}=="1004", MODE="0666"
+    SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTR{idVendor}=="21a9", ATTR{idProduct}=="1005", MODE="0666"
+    SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTR{idVendor}=="21a9", ATTR{idProduct}=="1006", MODE="0666"
+  '';
+
 }
--- a/modules/application-groups/programming.nix
+++ b/modules/application-groups/programming.nix
@@ -1,19 +1,4 @@
 { config, pkgs, ... }:
-let
-  jetbrainsToolboxDesktopEntry = pkgs.writeTextFile {
-    name = "jetbrains-toolbox-desktop";
-    destination = "/share/applications/jetbrains-toolbox.desktop";
-    text = ''
-      [Desktop Entry]
-      Type=Application
-      Name=JetBrains Toolbox
-      Exec=jetbrains-toolbox
-      Icon=jetbrains-toolbox
-      Terminal=false
-      Categories=Development;IDE;
-    '';
-  };
-in
 {
  environment.systemPackages = with pkgs; [
    arduino-ide
@@ -21,7 +6,6 @@ in
    gcc
    gnumake
    jetbrains-toolbox
-    jetbrainsToolboxDesktopEntry
    nix-update
    nixfmt-rfc-style
    nixos-generators
--- a/modules/application-groups/system-utilities-cluster.nix
+++ b/modules/application-groups/system-utilities-cluster.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, ... }:
+{
+
+  services.glances.enable = true;
+  services.openssh.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    btop
+    dnsutils
+    git
+    htop
+    iftop
+    iotop
+    killall
+    kitty
+    ncdu
+    networkmanager
+    nmap
+    nvtopPackages.full
+    pciutils
+    unzip
+    usbutils
+    util-linux
+    wget
+  ];
+}
--- a/modules/application-groups/system-utilities.nix
+++ b/modules/application-groups/system-utilities.nix
@@ -1,27 +1,28 @@
 { config, pkgs, ... }:
 {
+  hardware.keyboard.qmk.enable = true;
+  hardware.logitech.wireless.enable = true;
+  hardware.logitech.wireless.enableGraphical = true;
+
+  programs.ssh.startAgent = true;
  programs.thunar.enable = true;
  programs.thunar.plugins = with pkgs.xfce; [
    thunar-archive-plugin
    thunar-volman
  ];
-  services.gvfs.enable = true; # Mount, trash, and other functionalities
-  services.tumbler.enable = true; # Thumbnail support for images
-
  programs.ydotool.enable = true;

+  services.glances.enable = true;
+  services.gvfs.enable = true; # Mount, trash, and other functionalities
+  services.hardware.openrgb.enable = true;
  services.openssh.enable = true;
  services.printing.enable = true;
-
-  hardware.logitech.wireless.enable = true;
-  hardware.logitech.wireless.enableGraphical = true;
-  hardware.keyboard.qmk.enable = true;
-
-  services.hardware.openrgb.enable = true;
+  services.tumbler.enable = true; # Thumbnail support for images

  environment.systemPackages = with pkgs; [
-    btop
+    btop-cuda
    desktop-file-utils
+    dmidecode
    dnsutils
    ffmpeg-full
    git
@@ -31,9 +32,13 @@
    imagemagick
    iotop
    jq
+    k3s
+    kdePackages.qt6ct
    killall
    kitty
+    swappy
    lf
+    mesa-demos
    minicom
    ncdu
    networkmanager
@@ -54,6 +59,7 @@
    usbutils
    util-linux
    wget
+    xev
    xfce.mousepad
  ];

--- a/modules/application-groups/virtualization.nix
+++ b/modules/application-groups/virtualization.nix
@@ -1,12 +1,10 @@
 { config, pkgs, ... }:
 {
-  virtualisation.podman = {
-    enable = true;
-    dockerCompat = true;
+
+  virtualisation.docker.enable = true;
+  virtualisation.containers.policy = {
+    default = [ { type = "insecureAcceptAnything"; } ];
+
  };

-  environment.systemPackages = with pkgs; [
-    distrobox
-  ];
-
 }
--- a/modules/host-groups/cluster.nix
+++ b/modules/host-groups/cluster.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    # Users
+    ../../users/cluster-admin/cluster-admin.nix
+
+    # System Configuration
+    ../system/cpu-amd.nix
+    ../system/fonts.nix
+    ../system/git-auto-rebuild.nix
+    ../system/gpu-amd.nix
+    ../system/home-manager-settings.nix
+    ../system/internationalization.nix
+    ../system/networking.nix
+    ../system/nix-settings.nix
+    ../system/security.nix
+    ../system/systemd-boot.nix
+
+    # Application Groups
+    ../application-groups/system-utilities-cluster.nix
+  ];
+
+  time.timeZone = "America/Los_Angeles";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
+}
--- a/modules/system/fonts.nix
+++ b/modules/system/fonts.nix
@@ -13,7 +13,7 @@

  fonts.packages = with pkgs; [
    noto-fonts
-    noto-fonts-emoji
+    noto-fonts-color-emoji
    liberation_ttf
    fira-code
    fira-code-symbols
--- a/modules/system/git-auto-rebuild.nix
+++ b/modules/system/git-auto-rebuild.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+{
+  systemd.services.git-auto-rebuild = {
+    enable = true;
+    after = [ "network.target" ];
+    description = "Rebuilds the git repo at /etc/nixos if there are changes in the currently checked out branch";
+    #        startAt = "*:0/1";
+
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = ''${pkgs.bash}/bin/bash -c "cd /etc/nixos && ${pkgs.git}/bin/git pull && ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --flake #$(${pkgs.hostname}/bin/hostname)"'';
+    };
+    environment =
+      config.nix.envVars
+      // {
+        inherit (config.environment.sessionVariables) NIX_PATH;
+        HOME = "/root";
+      }
+      // config.networking.proxy.envVars;
+    path = with pkgs; [
+      bash
+      coreutils
+      gnutar
+      hostname
+      xz.bin
+      gzip
+      gitMinimal
+      config.nix.package.out
+      config.programs.ssh.package
+    ];
+  };
+
+}
--- a/modules/system/gpu-amd.nix
+++ b/modules/system/gpu-amd.nix
@@ -1,5 +1,11 @@
 { config, pkgs, ... }:
 {
-  services.xserver.videoDrivers = [ "amdgpu" ];
+  hardware.graphics = {
+    enable = true;
+    enable32Bit = true;
+  };

+  nixpkgs.config.rocmSupport = true;
+
+  services.xserver.videoDrivers = [ "amdgpu" ];
 }
--- a/modules/system/home-manager-settings.nix
+++ b/modules/system/home-manager-settings.nix
@@ -1,5 +1,11 @@
-{ config, pkgs, ... }:
+{ inputs, ... }:
 {
-    home-manager.useGlobalPkgs = true;
-    home-manager.backupFileExtension = "bkp";
-}
+  home-manager = {
+    useGlobalPkgs = true;
+    backupFileExtension = "bkp";
+    sharedModules = [
+      inputs.sops-nix.homeManagerModules.sops
+    ];
+  };
+
+}
--- a/modules/system/hyprland.nix
+++ b/modules/system/hyprland.nix
@@ -1,35 +1,32 @@
 { config, pkgs, ... }:
 {
-  programs.hyprland = {
-    enable = true;
-    xwayland.enable = true;
-  };
-
-  services.displayManager.gdm = {
-    enable = true;
-    wayland = true;
-  };
-
-  services.xserver = {
-    enable = true;
-  };

  hardware.graphics = {
    enable = true;
    enable32Bit = true;
  };

+  programs.hyprland = {
+    enable = true;
+    xwayland.enable = true;
+  };
+  programs.hyprlock.enable = true;
+  programs.waybar.enable = true;
+
+  services.displayManager.gdm = {
+    enable = true;
+    wayland = true;
+  };
+  services.hypridle.enable = true;
+  services.xserver.enable = true;
+
  xdg.portal.enable = true;
  xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];

-  programs.hyprlock.enable = true;
-  programs.waybar.enable = true;
-  services.hypridle.enable = true;
-
  environment.systemPackages = with pkgs; [
    arandr
+    bemenu
    dunst
-    flameshot
    grim
    hyprpaper
    hyprpicker
@@ -43,7 +40,7 @@
    swayimg
    wl-clipboard
    wlogout
-    bemenu
+
  ];

 }
--- a/modules/system/nix-settings.nix
+++ b/modules/system/nix-settings.nix
@@ -23,9 +23,14 @@
  programs.bash.shellAliases = {
    # Nix rebuild, switch
    nrs = "bash -c \"cd /etc/nixos && sudo nixos-rebuild switch --flake .#$(hostname) ; exit\"";
+    # with tracing
+    tnrs = "bash -c \"cd /etc/nixos && sudo nixos-rebuild switch --show-trace --flake .#$(hostname) ; exit\"";
+

    # Nix flake update, rebuild, switch
    nus = "bash -c \"cd /etc/nixos && sudo nix flake update && sudo nixos-rebuild switch --flake .#$(hostname) ; exit\"";
+    # with tracing
+    tnus = "bash -c \"cd /etc/nixos && sudo nix flake update && sudo nixos-rebuild switch --show-trace --flake .#$(hostname) ; exit\"";

    # Special cleanup, needed when efi partition runs out of space. Deletes all but the last five generations.
    # Remember to make that partition bigger in the future...
--- a/modules/system/security.nix
+++ b/modules/system/security.nix
@@ -1,20 +1,57 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
+  environment.systemPackages = with pkgs; [
+    sops
+    age
+  ];
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+    defaultSopsFile = ../../secrets/default.yaml;
+  };
+
  security.sudo = {
    enable = true;
    extraRules = [
      {
+        groups = [ "wheel" ];
        commands = [
          {
-            command = "${pkgs.systemd}/bin/reboot";
+            command = "${config.system.path}/bin/reboot";
            options = [ "NOPASSWD" ];
          }
          {
-            command = "${pkgs.systemd}/bin/poweroff";
+            command = "${config.system.path}/bin/poweroff";
            options = [ "NOPASSWD" ];
          }
        ];
-        groups = [ "wheel" ];
+      }
+      {
+        users = [ "cluster-admin" ];
+        commands = [
+          {
+            command = "${config.system.path}/bin/systemctl start git-auto-rebuild.service";
+            options = [ "NOPASSWD" ];
+          }
+          {
+            command = "${config.system.path}/bin/systemctl stop git-auto-rebuild.service";
+            options = [ "NOPASSWD" ];
+          }
+
+        ];
+      }
+      {
+        users = [ "caperren" ];
+        commands = [
+          {
+            command = "${config.system.path}/bin/nvtop";
+            options = [
+              "NOPASSWD"
+              "SETENV"
+            ];
+          }
+        ];
+
      }
    ];
  };
--- a/secrets/cluster.yaml
+++ b/secrets/cluster.yaml
@@ -0,0 +1,115 @@
+k3s_token: ENC[AES256_GCM,data:UANQ7DzasppB8ZPtGY9wR9lhU+VpTjJE,iv:cvEiUt7zG4Joyd1gkaqi848ES7aPf7VoYc4zDwLKEDQ=,tag:j4EU/srhEL0+nQGhETuerA==,type:str]
+sops:
+    age:
+        - recipient: age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTWNzM0RMMXpDZnZHSEFz
+            U01jN1FPTFJ6YzBMQlhQMEpSZ0NTNCtteWk4CmhyU1ZTeE1wMzAxRWszS0NKeVpL
+            dmw3TGlvdG80TVVXUWVTYTVHMzcwajgKLS0tIFMraXVmTS9zSkFzRGZjZlhzR1lj
+            eDRubW5hWnQzdjVzRytWTW44Y2xoU2MKA2yvOK0DfKSj6U7094a9+4t7E6nFGD+5
+            p8XlMAkroS8RhdwBi//xn5I05/iJMKJikaeclvsNlvLV5b/GkCE3nw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5RzZSTFNPMkprTk00SjBv
+            WTdvcVFuU0hPZ2hteWsrOXp3TTlGdXBvb1FRCjlCbitacFJpV1l3YXMvU0xMMm5Q
+            TjJwR3JtQk9Rbmc1S2J5OVF0WXBRQ1EKLS0tIHBHdzFlN21FZHFoRjc3cHlSZ2FK
+            YnBOOU5Bejl6MjB6MDliZWpPeTdFRncKRXH8gKhKVcSxja+dhIrPBNeeV8rJatSJ
+            +ZlHQL3109Ya/V6Aq9AtEypmLld9Ech7AGMCePNLYvc6DYkDE9bJDA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eFE4bWRPQitrVDN4Y21J
+            TUJyd214L1JMazNiUzJEb29FTmRORkJmR1QwCjIrVzZ5WllDbGNCd1c0Q09XVDFm
+            UjhudDNCZ1BWSmpmbHkvWjROMnpkb3cKLS0tIFhzdlpiTFRPMFM5Nm1DcVN3djVB
+            SWZtVWNvRVdweWVxZVlQL1k1QVdESXMKc6OdFAyEvxhf5xyBFfiZajgUkwlfMMMJ
+            4KqoZGTmh+4GTedJDAKClKce1TEQTKrf1ePP+5HhcSKOoPTolMh/Sw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUUt4ZCtrU2djKzRkN2h2
+            bHpVSk15M2lTVjRrTi9aVmpETjV3UUN6TWlrCk5rdytrYWoxTmJDQmJITVRMa0ZV
+            UGc3dzhsQlM3T29BenY4VlRqbmdvd2sKLS0tIE9HVmxBMnZOMnUvdFcyNGRjTm1o
+            V29UVXRKWUhERkYwZ0NsOUZna1ErcWsK3ya1FW0WPKrZ4gMVx9M1eAgj6lQiv++M
+            TSZmVJfUMyV1OATtg3MSDFqsppN/i7+aQAP2D0G1fzG30/1qYwCsHA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMQUVpUW5CTEFGUVlSeVJa
+            QVNpUE9uaFV0eWxyQjhjcUFXOTVqN1JwTm1vCmE5dmVuZnFpeWRXbnh4V0J6eHF2
+            R3l5ZFhTSitzSnFYbXEvbGoyY2R6WFEKLS0tIEwwWWcydmhPdW1wL083NVJncmF3
+            U3lPYm9EZFRUWVhualFNZHhVU1JlQzgKsc4y+hfdGB3WW+NpzvA0RH54Zc46j3zt
+            2Pak/SdxiMnHfF0cw9EP/xrGJ15IUUWvDmRu+om0fEMjg+OBOKLXXQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmamp3Uk40ZGRJQW1MUVJS
+            SUlabWx3Zkd1b0xLMFQ5Y3hUelk1RU1HYW5FCnQ4bG5qRnhQRnlmTm13WXdYUWg5
+            ZUVvRlRaN0NSSWhJV002N2pBL28yQXcKLS0tIEQ3bmJnUHNEUThvM2MvQUlDaUV3
+            ZXd2T1RmM0l4YzZKaGkrRXc4VXBRVnMKnCp42FU0vQOb9VN/+DbsmNHvZc8lH+Rh
+            skZvMvTHgpMWTdhHYFWub+CIXZfUrJfy/vSWBvDw6c81r4p1l+Jyfw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNHNsYjJoTlhRcUJ5UnZw
+            eU9tVW9zVW5XRFR2ZUNaKzlieUNmdDNCS1JFCjVJaGoxdFArU09GMXpYMVdZaVk0
+            TXpKUHo1cEdXZnpCNXpyRHJnYmRldWMKLS0tIFBnSktZWmp3M2NJbVAwTy94bnVx
+            YVlwaEZ0Z09aNFo0OCt1dUxpYzdiZEUKDHKAZYVC9ON48i9p5DZDopgm9afSg069
+            m3mq5d+aBZIrnSdwgIuvyPJH+L8clIUXcJ47QH9ML/4MsFk+d4xvpA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0bm15TmhpRXg5V05qWmRn
+            UExicGhXZ0ZWNUxPTUM3OEV2U1JveGRUQ1RVCkpaMXZwVUxiT0pQRkFFSjBMRnFw
+            RnJJalBrSTR5V3IvUnU2a2hWSmM0ajAKLS0tIDJ6ZWpiVlBBdDBxWnhZT2lyRi81
+            dCtqV1ZwQVlHWFgvTkN4eTZmSG5XMzgKKAPm8crJXBvCAIgTCcpLBi74Fq/AT7Uo
+            SREKHWpC3pLtNyfgHuEhm3lCYmyZyxTsZFd/2ezAjqtQZAf29EEUjg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbVhvQlZDWXhmMXpnaDBk
+            YUFwMkhwRDlkMXhjS1NJSVR3QWhBNDY2c0VFCklMaTBaKzQvRjdLQjFlelpkY2Ra
+            R0E3NjNVV1pPOG02WnhLdHhqRytPdlkKLS0tIFBFQlpWL0FEUWNGOThzNW1RdG9S
+            V2lSdVpweWZKM3VYZ01hclV4ZENZbTQKMQ3/EZk82q4oGnFJb49+X5uQzuTji8qV
+            K61/vy40g/1f8wgpJwjvGCHx7VyzsBp4lhXiLODMIW6ubp5kAU4r9A==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVVJSRmZucDc1Vk5HZ0py
+            NS9BcDlLRkpyYitmd0hZdlVOaFgxS3JyR1ZJCkVBajVBTjlWamNMNFYza2xWaitx
+            V2loazBmaE5kVWRoVWwvR2NQa3Mwb1EKLS0tIFZYNGNRc00rUGlDT2tGUFlCcDc3
+            aFB3SmpjVFVBc3lPWmMyM29URHpaUzQKguiKNjvJayezQ2tAqmFSgA8tY/6tx1Pb
+            OeB5cBtSyXfdZhL8HGYAqiIph9zbO3NId7icJsZ11YTW6XHHr1P7gw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1aDJ5UkM1WENoUDZOUld3
+            ZXpTdWJjQzVhNEI4RGs4UlhyVytBcmcwbUdBCkxhNnlzSm5yS21zVVNoSmc3VmJF
+            REE1YXpFSWtPcVhzMnFGckpLZUxQR2cKLS0tIE5DWGFKNUxRZnpFNGpMS0xxVVhq
+            OWIwRXBXMmxHN09pZVcyNElQZVhFWUUKAN0Yd2/RB0ZjE0BGZnVY+bCSEQXVpZrS
+            DwsxXlldtJLVebLxthPaXcPI4UmUFYSPFYWDPijjxQ7gbRYnOsV1eA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNaVNQeVd3c0JKakhEWWE0
+            ZDNjUitGaUVxM3h0UjF4Z2ZVR0w2L2xKTlRzCjhVVERodmpFVXF6Tnp5N011Tk9J
+            TVR2akpwRlBKOEs0T3loa0p1cGU5c1EKLS0tIEh5TGYrZ0c3MjQ0bDlsb3J6UGls
+            VWRsQy9BeU1rTmUxd0xwZHA2MjMrZmcKPI2g7B4Ylmbq1Z6WHAhdDx43oB/OeIKY
+            MKpwZ985JUrxwwiM0UC9DfNYaM9ScUf4l3qHFPHjh+N899rf7nW3zA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-12-13T09:05:22Z"
+    mac: ENC[AES256_GCM,data:Jg/J4ulZtAI7Kfeb8/ccmG3hV+2TF/5kTcwNRr6llVORVBZ0cGeJz5TvhqwHsSf3TRwgzS50RHWtbJ//TadWrYbf+EInV92mT+ybVO/p6ek0jiqRV9Kto697YnjjtMG1uJcIazWhShT4UTg6PNlAtRzBA3759tnw2aj0hCNH9QE=,iv:hu1m3GdLiwyVZDrlh/p63hGCaJgXIHuVnxzPKskj9Io=,tag:NW+d9m+eTgkb9Uea5aurSw==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
--- a/secrets/default.yaml
+++ b/secrets/default.yaml
@@ -0,0 +1,115 @@
+default: ENC[AES256_GCM,data:hblL4UM//g==,iv:pu+XlfdZl8XZFk16iwV5juImHosUfOhZJ54UAzi9iwo=,tag:8h2ybkmNoqUT85L2JfXLrA==,type:str]
+sops:
+    age:
+        - recipient: age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJWUtjYmxwWVJtekY5RTcz
+            Yno1M0Z6RnRYRkowRmVWMWVTNWRTc0RWWWprCjlRZ0dVYnkzaU1CTmljR2VxVDZX
+            a1lzNUNCb0FrdGhvcUV1NTUxa0RRMG8KLS0tIG9PVWMzbHA4Q2YrbTQ2cWFpTU1F
+            NE9TN3QyNEZEM1BoeFFSRHZqUmF0TlkKSvm5PXarwX2/034Y2LThEVQWgGm4emWU
+            abvCD566vlA+MZdRx0CUo1S8xqXDse9inAwroPs3nZ2TabtvCAqNGA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Y2J5a1V5Q1U0eVZPOGlB
+            R2dBcElMQ0kwQUJCTkJuT0J2Tm9ETVlNcUYwCm0wbndXdFBZUllRZm5zdEVEczl4
+            b1NYVXFqVlhTb0R5YTZSUnBlMGNYSkUKLS0tIGJXOUNYV0NNZUlnd3I2OUhjSCs0
+            QzA3SXcwQmI4WE5qTElVWFhmRVhyN28KE2br0ZBj8dUep8O6hf0W1mrOXTDhTq/X
+            xR6zx93tpGdqg+jT0BS+7GMaxj4jM5VMmrTYQrIZc0g9ah34AbFT6g==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQzl1MWtYczd5aEpacFNZ
+            elpwaC90d2xTWUFJeGdMTjkxSVhZTUU4a3hnCnFOZ1ViS0hqbW45aU0vajh5NjVv
+            VmNYcmNGT21lMDl4QnljOS9oSHNpTjAKLS0tIGpndTNQU21PSVU1UzErTjFtOVYw
+            ZU1IRWdacUtKeEloQjM0TFU3Q1A0OUkKiFY+UfTgGtPuQBuHfmRKEVV6nyi7ggLT
+            x81Gl5COm0zCuXJuQw5FQutFXnYRC/9ndlNpO1HmrDHnEDp1osdNqg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSUnFJVWNYYlNLSk1xbFYy
+            WGlBYzZHYVc5USt2eXNKdzlabWhYMWExZTFvCmZTeTJxWVhISWt5cjBwT3gvcnJ6
+            QzNRL0lFUGcraURLVnBGQXpXUzFiVG8KLS0tIEpobkwvaHBRU0FjQ3NIWDc2bWRj
+            ZWpwYURSc2dGTzJGaWgrWDRKZlRDZzQK0BZeC4JAbP8sHVy48O5rTyojRIkL8SUe
+            JPTYEa/wIDWOgp9Kkxa6QwVMr061pdEnIF6pal2efJjtvS0Q8JaegQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVzUwSkQrTGhBQ1VVR25D
+            ZU5BY1NnUVVhVTJ2VUxPTWpqVXNhQWhpc0dnCk5EQ3JYdmUvQWo3QzdqcXVaN2Q4
+            ODFIeVhZWFAwV0hvUm5UTyt3VEZ3NFUKLS0tIElZL2NqQTY0dGJzVjJNWEh2U0pp
+            Nk94MldCTnZQRG00S1NGZWlsbmxLencKkeUHuYFIwQYdAAwfBcJ4F/1oR8mQfK9t
+            ka9WdGJZ+w2UDU0zOdkaD01lnqHenV/MhkzQ+SYnFEETDNLWt+OkwQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdktET3FCUmw2TVhSWXcv
+            MTlHYlR2KzhPS2ZrdHA5ekcxZVZSc1JNM3lVCndQZUFKTFJFZG1GVWJvWllobGJU
+            eERoSmFMZWh5ZmZHM3Z3UWc5aVpab0EKLS0tIFIrdkdyaHg1NFVpM1JGWlBSWWpu
+            N0Q4YzZCbmd6bUc0U3FaZ3lLNUJOTXMKHC/emqz88i9dq+rWaw7Lh92pdu2D1aDD
+            K7G4d5AgRuSZxPWxwQMGTsCS3arsex0KrxdWE2ksZYTwVdi5CU3zTA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM1BWd08zNFNPdTlUa1Vt
+            TzBJcDNIbHl3aXFUMXpkMmE1ajVwVFcrUVZBCkFDUnEyRktNRDlLdmFZT3Y0cVNT
+            UCtQQmhjT2hvbWdSOGh1WkMxcFFBWGMKLS0tIE1NQ3AraGVxVUxvZUVDOC9NY2xE
+            UHJZOWp6RmU2SFR4bU5hTDJnbHo5Rk0K/6Loz0GabBTy1VxePYwiuDtFCiDniGTv
+            RP7SKgMbN0SUjeaXwTmksC9DmfhWzXwDJqh/n/cNrtE2yuKR2AGzQA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6d1lFaGxEOElxYjBVV2w5
+            dVJyUnNveklTbXJQSzA4UlVHYTlWZUUyVlIwCnRwS1RTejAzNllHdWVaYU5tZXhq
+            bzZVcnpjYXBhWFFnWjY1cFhQZ0JuZ3cKLS0tIE1zYWlJTTV2VWRma2JjWlRZZ2Ro
+            NitqbEFuUENKaDZWY2dVRU9tWUF4b1kKAZAVyohLFZPMC0O6AF7GUXaE/8Q9bF2s
+            o1rS/8Cg0KqmalQ992wSMjUj1Z0y+najuaF6Kp9r2Q+6b9IVe7HQFA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzN01Db01QMVdudC9idjBm
+            N3B4a3hUR2ZNYUQzL3RVVlQvelFFNUZFTlhFCnpaMDFpcVpkcThFanJRcEVxOFNP
+            cC9xL29MVTd0R1FUQzMzazVoNDUvMkkKLS0tIEVYRTlZSkVUcmZIVWJ2dmlBVGxq
+            R0E2MmdSZDFPTG9WMmhzT0dRYWRkclkK6Hg6rNuEhWb1PLA8z5l2YPDBMXxo0VwA
+            GrpQjbrcFKXTxOpi9FU5m1Dy0HSkEkUnmcFiVr98g6xJwWQjp9Xduw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQ0tJRDYzMDQvdVBDZ1ZD
+            NjJyc2x4NFhhd3oycjRxSFZhaHZTN25kc1NFCldvMy9IWUNadzRNWFh0QVQrczhB
+            aFhyd1d3cWlad3RCWVN0VWQzNkU5eWsKLS0tIDZSbmxLbnNTYmJhL0l6L1JwRWFN
+            ZUQ4cVlyL3VYQ0RFdHgvalFnWnU1Z1EKTkQZ14qvVykxfkD1smBd7aXzqji4sUGi
+            dI0PoKWAy4rqVbNMsNTOutNk8KMxJG+d9Qw947W2O7fA2XIY7/hnug==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiQnNCR2w4YjlzUSt5bDE3
+            c0VMWmQ4M00zMVErd21DYnlPb0JtelFDeml3CjNGV1ZJMVZOTFNpT1RSc3FXV0No
+            d25GUGVzTi9WWlVDeWRzd3BDOXNHb1UKLS0tIHFVdVRRb2l4YjlaY0NlUFpiRmxs
+            aE91WkxSYittL2Y5aWZBUFpYS0tzR28KK7B4TLpgtcRj8zttl/oHaYuedm2r8LDd
+            6C/cMrD+hQEb45OiDcn4V1L444vwbAZJvzgoiQWem6+1Wvepqe+P0A==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbjJKSGlLbFBCd011bHBG
+            emM4MVJCKy9UejY3M0E4VWFKTDFUeGZQQkVFCk1ZTkpUYm5adVZOU1hpR0xqOUdi
+            ZXppQ3lFdlBxQWdRdW9TbUFkcDJFbG8KLS0tIEhycFp1WGRCVUxBVzJRamptYnli
+            dW1YMTBIa202Tkp3WC9KRUhTckFCMUEKgUhihP1CN+kNOcbtfsr/gofI0tVzMVwo
+            4aQPOxmvp3gyKdvPtUUTxJ3QrZ3laAHcVmsxPjEPnaAjfmGSUZh/YQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-12-13T11:02:46Z"
+    mac: ENC[AES256_GCM,data:roAByCemPPNz6kkAX1nOL/TU3p2Jv67paQKlouek40FEf5cwVRMmygKDhs1vV8ZO4Ot0xGjXwiq+ylD0aSzbzvdcD/gG+cZ67XpqcW7CQMMtCrQ3Rt+U7q4rxyUeR55VxJdusjwtPp8qPVutKNJlebOUdBgaSKzDzwbnRppDUxk=,iv:PZVwlU3uUO+hHisHaoQAAfcBR2jlB0UHSU7ZFRXYfPo=,tag:0hPLfuSoSLRR1LiOWHFpfQ==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0
--- a/users/caperren/caperren.nix
+++ b/users/caperren/caperren.nix
@@ -2,6 +2,8 @@
 let
  hyprlandConfigPath = ./. + "/dotfiles/hyprland/${config.networking.hostName}";
  kanshiConfigPath = ./. + "/dotfiles/kanshi/${config.networking.hostName}";
+  sshDesktopPubkey = builtins.readFile ./pubkeys/cap-nr200p.pub;
+  sshLaptopPubkey = builtins.readFile ./pubkeys/cap-slim7.pub;
  spotifyPlayerAppTomlTextTemplate = builtins.readFile ./dotfiles/spotify-player/app.toml;
  spotifyPlayerAppTomlText =
    builtins.replaceStrings [ "{{hostname}}" ] [ config.networking.hostName ]
@@ -13,12 +15,18 @@ in
    isNormalUser = true;
    description = "Corwin Perren";
    extraGroups = [
-      "networkmanager"
-      "wheel"
-      "input"
-      "dialout"
-      "plugdev"
      "adbusers"
+      "dialout"
+      "docker"
+      "input"
+      "networkmanager"
+      "plugdev"
+      "podman"
+      "wheel"
+    ];
+    openssh.authorizedKeys.keys = [
+      sshDesktopPubkey
+      sshLaptopPubkey
    ];
  };

@@ -39,30 +47,68 @@ in
      };

    };
-
+    programs.bash.enable = true;
    programs.bemenu.enable = true;

    programs.kitty = {
+      enable = true;
      font.name = "JetBrains Mono";
+      settings = {
+        allow_remote_control = true;
+      };
    };

+    # Assets/scripts
+    home.file.".config/streamdeck-ui/icons".source = ./dotfiles/streamdeck/icons;
+    home.file.".config/hypr/scripts".source = ./dotfiles/.config/hypr/scripts;
+
    # Application config files
+    home.file.".config/containers/policy.json".source = ./dotfiles/.config/containers/policy.json;
+    home.file.".config/glances/glances.conf".source = ./dotfiles/.config/glances/glances.conf;
    home.file.".config/hypr/hypridle.conf".source = ./dotfiles/hypridle/hypridle.conf;
    home.file.".config/hypr/hyprpaper.conf".source = ./dotfiles/hyprpaper/hyprpaper.conf;
-    home.file.".config/hypr/backgrounds/black.png".source = ./dotfiles/hyprpaper/black.png;
+    home.file.".config/hypr/backgrounds/black.png".source = ./dotfiles/hyprpaper/backgrounds/black.png;
    home.file.".config/hypr/hyprland-common.conf".source = ./dotfiles/hyprland/hyprland-common.conf;
    home.file.".config/hypr/hyprland.conf".source = hyprlandConfigPath + "/hyprland.conf";
    home.file.".config/kanshi/config".source = kanshiConfigPath + "/config";
+    home.file.".config/streamdeck-ui/.streamdeck_ui_link.json" = {
+      source = ./dotfiles/streamdeck/.streamdeck_ui.json;
+      # Copy the symlinked version to its final location, otherwise it has no write permissions
+      # on the config file, which breaks the entire app
+      onChange = ''
+        cat ~/.config/streamdeck-ui/.streamdeck_ui_link.json > ~/.streamdeck_ui.json
+        chmod 600 ~/.streamdeck_ui.json
+      '';
+      force = true;
+    };
    home.file.".config/spotify-player/app.toml".text = spotifyPlayerAppTomlText;
    home.file.".config/waybar/config".source = waybarConfigPath + "/config";
    home.file.".config/waybar/style.css".source = ./dotfiles/waybar/style.css;
    home.file.".config/wlogout/layout".source = ./dotfiles/wlogout/layout;

    # Desktop entry files so bemenu can find them
-    home.file.".local/share/glava.desktop".source = ./dotfiles/.local/share/glava.desktop;
-    home.file.".local/share/spotify-player.desktop".source =
-      ./dotfiles/.local/share/spotify-player.desktop;
+    home.file.".local/share/applications/alltop.desktop".source =
+      ./dotfiles/.local/share/applications/alltop.desktop;
+    home.file.".local/share/applications/glava.desktop".source =
+      ./dotfiles/.local/share/applications/glava.desktop;
+    home.file.".local/share/applications/phonerdp.desktop".source =
+      ./dotfiles/.local/share/applications/phonerdp.desktop;
+    home.file.".local/share/applications/spotify-player.desktop".source =
+      ./dotfiles/.local/share/applications/spotify-player.desktop;

+    # Custom bash aliases
+    home.shellAliases = {
+      # Phone remote desktop over usb (adb), with some default flags I want
+      phonerdp = "scrcpy --no-audio --orientation=0 --turn-screen-off --stay-awake --power-off-on-close";
+
+      # Streamdeck isn't easy to manually edit, so make a save command to copy any updates to the repo
+      savestreamdeck = "cp ~/.streamdeck_ui.json ~/.nixos-configs/users/caperren/dotfiles/streamdeck/.streamdeck_ui.json";
+
+      # Nice to have an alias if I ever want to launch this from cmdline, or see the dbus help string
+      screenshot = "~/.config/hypr/scripts/screenshot.sh";
+    };
+
+    # Theming
    gtk = {
      enable = true;

@@ -84,6 +130,9 @@ in
      font.name = "JetBrains Mono 11";
    };

+    home.sessionPath = [
+      "$HOME/.local/share"
+    ];
    home.sessionVariables = {
      GTK_THEME = "Adwaita-dark";
    };
@@ -92,6 +141,10 @@ in
      enable = true;
      defaultApplications = {
        "application/pdf" = [ "okularApplication_pdf.desktop" ];
+        "x-scheme-handler/http" = [ "firefox.desktop" ];
+        "x-scheme-handler/https" = [ "firefox.desktop" ];
+        "text/html" = [ "firefox.desktop" ];
+        "image/*" = [ "imv.desktop" ];
      };
    };

--- a/users/caperren/dotfiles/.config/containers/policy.json
+++ b/users/caperren/dotfiles/.config/containers/policy.json
@@ -0,0 +1,7 @@
+{
+    "default": [
+        {
+            "type": "insecureAcceptAnything"
+        }
+    ]
+}
--- a/users/caperren/dotfiles/.config/glances/glances.conf
+++ b/users/caperren/dotfiles/.config/glances/glances.conf
@@ -0,0 +1,44 @@
+##############################################################################
+# Custom Glances Configuration Overrides
+##############################################################################
+[global]
+# Managed by NixOS configs
+check_update=false
+
+[percpu]
+# All of my systems are 16 core
+max_cpu_display=16
+
+[ip]
+# Useful for validating vpn connectivity
+public_disabled=False
+public_refresh_interval=300
+public_api=https://ipv4.ipleak.net/json/
+public_field=ip
+public_template={continent_code}/{country_code}/{region_code}/{city_name}/{isp_name}
+
+[diskio]
+# Don't care about loop devices
+hide=loop.*,/dev/loop.*
+
+[smart]
+disable=False
+
+[fs]
+# Nix store is duplicate of / on NixOS
+hide=/nix/store
+
+# Leaving this all commented for now as it doesn't like large number of files
+#[folders]
+# Home overview is helpful
+#folder_1_path=/home/caperren
+#folder_1_refresh=120
+# Steam is normally the largest
+#folder_2_path=/home/caperren/.local/share/Steam
+#folder_2_refresh=120
+# Then Downloads next
+#folder_3_path=/home/caperren/Downloads
+#folder_3_refresh=120
+# With code generally coming last
+#folder_4_path=/home/caperren/code
+#folder_4_refresh=120
--- a/users/caperren/dotfiles/.config/hypr/scripts/screenshot.sh
+++ b/users/caperren/dotfiles/.config/hypr/scripts/screenshot.sh
@@ -0,0 +1,116 @@
+#!/usr/bin/env bash
+
+# Unashamedly taken from: https://www.reddit.com/r/hyprland/comments/13ivh0c/comment/jkgk65k
+# Small edits made for my particular needs
+
+# Flags:
+
+# r: region
+# s: screen
+#
+# c: clipboard
+# f: file
+# i: interactive
+
+# p: pixel
+
+# Example hyprland bindings
+#bind = CTRL, SUPER, ALT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh
+#bind = , PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rc
+#bind = SUPER, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rf
+#bind = CTRL, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh ri
+#bind = SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sc
+#bind = SUPER SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sf
+#bind = CTRL SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh si
+#bind = ALT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh p
+
+screenshotPath=~/Pictures/screenshots
+
+hyprpicker_launch(){
+  # Start hyprpicker with screen render (freeze), no fancy, no zoom
+  # We're just using this to lock the screen in place for grim ingest
+  hyprpicker -r -n -z -d >/dev/null 2>&1 &
+  sleep 0.5
+}
+
+hyprpicker_kill(){
+  killall hyprpicker >/dev/null 2>&1
+}
+
+trap hyprpicker_kill EXIT
+
+generate_filename(){
+  # Make sure screenshots path exists first
+  if [ ! -d "$screenshotPath" ]; then
+    mkdir -p "$screenshotPath"
+  fi
+
+  echo "$screenshotPath/$(date +%Y-%m-%d_%H-%M-%S).png"
+}
+
+active_screen_grim_region(){
+  hyprctl -j monitors | jq -r '.[] | select(.focused) | "\(.x),\(.y) \(.width)x\(.height)"' -
+}
+
+grim_from_region() {
+  local filename="${1:-}"
+  local region="${2:-}"
+
+  hyprpicker_launch
+
+  # Get region of screen to capture, if not passed in
+  if [ -z "$region" ]; then
+    region=$(slurp -b '#000000b0' -c '#00000000') || exit 1
+  fi
+
+  # Start grim while screen is still frozen, kill hyprpicker, and pass through data
+  if [ -z "$filename" ]; then
+    grim -g "$region" - | {
+      hyprpicker_kill || true
+      cat
+    }
+  else
+    grim -g "$region" "$filename" | {
+      hyprpicker_kill || true
+      cat
+    }
+  fi
+}
+
+if [[ $1 == rc ]]; then
+    grim_from_region | wl-copy
+    notify-send 'Copied to Clipboard' Screenshot
+
+elif [[ $1 == rf ]]; then
+    grim_from_region "$(generate_filename)"
+    notify-send 'Screenshot Taken' "$filename"
+
+elif [[ $1 == ri ]]; then
+    grim_from_region | swappy -f - -o "$(generate_filename)"
+
+elif [[ $1 == sc ]]; then
+    grim_from_region "" "$(active_screen_grim_region)" | wl-copy
+    notify-send 'Copied to Clipboard' Screenshot
+
+elif [[ $1 == sf ]]; then
+    grim_from_region "$(generate_filename)" "$(active_screen_grim_region)"
+    notify-send 'Screenshot Taken' "$filename"
+
+elif [[ $1 == si ]]; then
+    grim_from_region "" "$(active_screen_grim_region)" | swappy -f - -o "$(generate_filename)"
+
+elif [[ $1 == p ]]; then
+    color=$(hyprpicker -a -r)
+    wl-copy "$color"
+    notify-send 'Copied to Clipboard' "$color"
+
+else
+  notify-send 'Screenshot Shortcuts' "Print:\t\t\tRegion to clip
+Super+Print:\t\tRegion to file
+Ctrl+Print:\t\tRegion to editor
+Shift+Print:\t\t\Screen to clip
+Shift+Super+Print:\tScreen to file
+Ctrl+Shift+Print:\tScreen to editor
+Alt+Print:\t\tColor picker to clip" -t 20000
+
+fi
--- a/users/caperren/dotfiles/.local/share/applications/alltop.desktop
+++ b/users/caperren/dotfiles/.local/share/applications/alltop.desktop
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Type=Application
+Name=All Top
+Exec=bash -c "kitty --single-instance --detach bash -c 'kitten @ launch --type=window --title btop btop ; kitten @ launch --type=window --title nvtop nvtop'"
+Icon=alltop
+Terminal=false
+Categories=Utilities;
--- a/users/caperren/dotfiles/.local/share/applications/glava.desktop
+++ b/users/caperren/dotfiles/.local/share/applications/glava.desktop
--- a/users/caperren/dotfiles/.local/share/applications/phonerdp.desktop
+++ b/users/caperren/dotfiles/.local/share/applications/phonerdp.desktop
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Type=Application
+Name=Phone RDP
+Exec=bash -c "scrcpy --no-audio --orientation=0 --turn-screen-off --stay-awake --power-off-on-close"
+Icon=phonerdp
+Terminal=false
+Categories=Utilities;
--- a/users/caperren/dotfiles/.local/share/applications/spotify-player.desktop
+++ b/users/caperren/dotfiles/.local/share/applications/spotify-player.desktop
--- a/users/caperren/dotfiles/hyprland/cap-slim7/hyprland.conf
+++ b/users/caperren/dotfiles/hyprland/cap-slim7/hyprland.conf
@@ -6,4 +6,7 @@ source = ~/.config/hypr/hyprland-common.conf

 # Application launch
 exec-once = brightnessctl -sd platform::kbd_backlight set 1
-exec-once = brightnessctl -s set 30%
+exec-once = brightnessctl -s set 30%
+
+# Privacy
+exec-once = sleep 10 && ls /dev/video1 &> /dev/null && notify-send "Laptop Webcam Enabled" "Please disable if not being used." -t 20000
--- a/users/caperren/dotfiles/hyprland/hyprland-common.conf
+++ b/users/caperren/dotfiles/hyprland/hyprland-common.conf
@@ -4,11 +4,11 @@ monitor=,preferred,auto,1
 # Set programs that you use
 $terminal = kitty
 $fileManager = thunar
-$menu = bemenu-run
+$menu = j4-dmenu-desktop --dmenu='bemenu --ignorecase --line-height 22 --hf "##10AC25" --ff "##10AC25" --tf "##10AC25"' --term='kitty'

 # Some default env vars
 env = XCURSOR_SIZE,24
-env = QT_QPA_PLATFORMTHEME,qt5ct # change to qt6ct if you have that
+env = QT_QPA_PLATFORMTHEME,qt6ct

 input {
    kb_layout = us
@@ -83,14 +83,13 @@ windowrulev2 = suppressevent maximize, class:.* # You'll probably like this.

 $mainMod = SUPER

-bind = $mainMod, T, exec, $terminal
-bind = $mainMod, C, killactive,
-
 # Launch terminal
+bind = $mainMod, T, exec, $terminal
 bind = SHIFT_SUPER, Return, exec, $terminal

 # Close active window
 bind = $mainMod, Shift+q, killactive,
+bind = $mainMod, C, killactive,

 bind = $mainMod, M, exit,
 bind = $mainMod, E, exec, $fileManager
@@ -157,6 +156,20 @@ bindl=, XF86AudioNext, exec, playerctl next
 bind = ,XF86MonBrightnessDown, exec, brightnessctl s 1%-
 bind = ,XF86MonBrightnessUp, exec, brightnessctl s +1%

+# Screenshots
+bind = , PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rc
+bind = SUPER, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rf
+bind = CTRL, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh ri
+bind = SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sc
+bind = SUPER_SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sf
+bind = CTRL_SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh si
+bind = ALT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh p
+
+
+# Jetbrains window rules
+# Prevent initial focus for JetBrains popups
+windowrulev2 = noinitialfocus, class:^jetbrains-.*$, floating:1, title:^$|^\s$|^win\d+$
+
 # Application launch
 exec-once = kanshi  # Automatically handles display configurations
 exec-once = ydotoold  # Autoclicker/autokeyboard for automation
@@ -170,4 +183,9 @@ exec-once = waybar  # Wayland specific status bar
 exec-once = sleep 5 && nm-applet  # Traditional notifications area
 exec-once = sleep 5 && blueman-applet  # Traditional bluetooth management tool
 exec-once = sleep 5 && streamdeck -n  # Streamdeck management tool
-exec-once = sleep 5 && Telegram -startintray  # Gotta keep in touch with peeps
+exec-once = sleep 5 && solaar --window=hide  # Logitech device management and battery
+
+exec-once = sleep 5 && Telegram -startintray  # Gotta keep in touch with peeps
+
+exec-once = sleep 10 && itch  # More fun games
+exec-once = sleep 15 && hyprctl dispatch closewindow 'title:itch'  # Hacky solution to single-shot "windowrule"
--- a/users/caperren/dotfiles/hyprpaper/backgrounds/1.jpg
+++ b/users/caperren/dotfiles/hyprpaper/backgrounds/1.jpg
--- a/users/caperren/dotfiles/hyprpaper/backgrounds/2.jpg
+++ b/users/caperren/dotfiles/hyprpaper/backgrounds/2.jpg
--- a/users/caperren/dotfiles/hyprpaper/backgrounds/black.png
+++ b/users/caperren/dotfiles/hyprpaper/backgrounds/black.png
--- a/users/caperren/dotfiles/kanshi/cap-slim7/config
+++ b/users/caperren/dotfiles/kanshi/cap-slim7/config
@@ -5,22 +5,17 @@ profile builtin_only {
 }

 profile bedroom_desk {
-    # Top left to right
+    ##### Top left to right
    output "Dell Inc. DELL P2411H F8NDP11G0DVU" enable position 0,1280
    output "Acer Technologies CB292CU 2217018D42410" enable position 1920,0 transform 90
-    output "DLOGIC Ltd. No Monitor USB_601e-21H1" enable position 3000,1280
-    # output "DLOGIC Ltd. No Monitor USB_601e-21H1" mode --custom 1920x1080@60Hz enable position 3000,1280
+    output "Dell Inc. DELL P2411H F8NDP097114U" enable position 3000,1280

-    # Bottom left to right
+    ##### Bottom left to right
    output "Aculab Ltd Digital Unknown" enable transform 270 position 0,2360
+    # Primary monitor, which wayland doesn't have a concept of
    output "Hewlett Packard HP Z27n CNK7311DRR" enable position 1440,2560
    output "Aculab Ltd QHD270 Unknown" enable transform 90 position 4000,2360

-    # Far bottom right (laptop itself)
+    ##### Far bottom right (laptop itself)
    output "BOE 0x0A9B Unknown" enable position 5440,2360 adaptive_sync on
 }
-
-profile scotts_apartment_tv {
-    output "BOE 0x0A9B Unknown" enable mode 2560x1600@165Hz position 0,0 adaptive_sync on
-    output "Hisense Electric Co., Ltd. HISENSE 0x00000001" enable mode 1920x1080@60Hz position 2560,0
-}
--- a/users/caperren/dotfiles/streamdeck/.streamdeck_ui.json
+++ b/users/caperren/dotfiles/streamdeck/.streamdeck_ui.json
--- a/users/caperren/dotfiles/streamdeck/icons/btop-logo.png
+++ b/users/caperren/dotfiles/streamdeck/icons/btop-logo.png
--- a/users/caperren/dotfiles/streamdeck/icons/chart-simple-solid-full.png
+++ b/users/caperren/dotfiles/streamdeck/icons/chart-simple-solid-full.png
--- a/users/caperren/dotfiles/streamdeck/icons/cogs-solid.png
+++ b/users/caperren/dotfiles/streamdeck/icons/cogs-solid.png
--- a/users/caperren/dotfiles/streamdeck/icons/discord-logo.png
+++ b/users/caperren/dotfiles/streamdeck/icons/discord-logo.png
--- a/users/caperren/dotfiles/streamdeck/icons/expand-solid.png
+++ b/users/caperren/dotfiles/streamdeck/icons/expand-solid.png
--- a/users/caperren/dotfiles/streamdeck/icons/firefox-logo.png
+++ b/users/caperren/dotfiles/streamdeck/icons/firefox-logo.png
--- a/users/caperren/dotfiles/streamdeck/icons/glances-logo.png
+++ b/users/caperren/dotfiles/streamdeck/icons/glances-logo.png
--- a/users/caperren/dotfiles/streamdeck/icons/glava-standin-icon.png
+++ b/users/caperren/dotfiles/streamdeck/icons/glava-standin-icon.png
--- a/users/caperren/dotfiles/streamdeck/icons/jetbrains-toolbox-icon.png
+++ b/users/caperren/dotfiles/streamdeck/icons/jetbrains-toolbox-icon.png
--- a/users/caperren/dotfiles/streamdeck/icons/kitty-logo.png
+++ b/users/caperren/dotfiles/streamdeck/icons/kitty-logo.png
--- a/users/caperren/dotfiles/streamdeck/icons/long-arrow-alt-down-solid.png
+++ b/users/caperren/dotfiles/streamdeck/icons/long-arrow-alt-down-solid.png
--- a/users/caperren/dotfiles/streamdeck/icons/long-arrow-alt-left-solid.png
+++ b/users/caperren/dotfiles/streamdeck/icons/long-arrow-alt-left-solid.png
--- a/users/caperren/dotfiles/streamdeck/icons/long-arrow-alt-up-solid.png
+++ b/users/caperren/dotfiles/streamdeck/icons/long-arrow-alt-up-solid.png
--- a/users/caperren/dotfiles/streamdeck/icons/microphone-slash-solid-red.png
+++ b/users/caperren/dotfiles/streamdeck/icons/microphone-slash-solid-red.png
--- a/users/caperren/dotfiles/streamdeck/icons/microphone-slash-solid.png
+++ b/users/caperren/dotfiles/streamdeck/icons/microphone-slash-solid.png
--- a/users/caperren/dotfiles/streamdeck/icons/microphone-solid.png
+++ b/users/caperren/dotfiles/streamdeck/icons/microphone-solid.png
--- a/users/caperren/dotfiles/streamdeck/icons/obsidian-logo.png
+++ b/users/caperren/dotfiles/streamdeck/icons/obsidian-logo.png
--- a/users/caperren/dotfiles/streamdeck/icons/power-off-solid-red.png
+++ b/users/caperren/dotfiles/streamdeck/icons/power-off-solid-red.png
--- a/users/caperren/dotfiles/streamdeck/icons/retweet-solid-red.png
+++ b/users/caperren/dotfiles/streamdeck/icons/retweet-solid-red.png
--- a/users/caperren/dotfiles/streamdeck/icons/slash-arrow-down-long-solid-full.png
+++ b/users/caperren/dotfiles/streamdeck/icons/slash-arrow-down-long-solid-full.png
--- a/users/caperren/dotfiles/streamdeck/icons/slash-arrow-up-long-solid-full.png
+++ b/users/caperren/dotfiles/streamdeck/icons/slash-arrow-up-long-solid-full.png
--- a/users/caperren/dotfiles/streamdeck/icons/slash-solid-full.png
+++ b/users/caperren/dotfiles/streamdeck/icons/slash-solid-full.png
--- a/users/caperren/dotfiles/streamdeck/icons/spotify-logo.png
+++ b/users/caperren/dotfiles/streamdeck/icons/spotify-logo.png
--- a/users/caperren/dotfiles/streamdeck/icons/steam_logo.png
+++ b/users/caperren/dotfiles/streamdeck/icons/steam_logo.png
--- a/users/caperren/dotfiles/streamdeck/icons/telegram-logo.png
+++ b/users/caperren/dotfiles/streamdeck/icons/telegram-logo.png
--- a/users/caperren/dotfiles/streamdeck/icons/thunar-icon.png
+++ b/users/caperren/dotfiles/streamdeck/icons/thunar-icon.png
--- a/users/caperren/dotfiles/streamdeck/icons/unifi-camera-logo.png
+++ b/users/caperren/dotfiles/streamdeck/icons/unifi-camera-logo.png
--- a/users/caperren/dotfiles/streamdeck/icons/unifi-protect-logo.png
+++ b/users/caperren/dotfiles/streamdeck/icons/unifi-protect-logo.png
--- a/users/caperren/dotfiles/streamdeck/icons/video-solid-full.png
+++ b/users/caperren/dotfiles/streamdeck/icons/video-solid-full.png
--- a/users/caperren/dotfiles/streamdeck/icons/volume-down-solid.png
+++ b/users/caperren/dotfiles/streamdeck/icons/volume-down-solid.png
--- a/users/caperren/dotfiles/streamdeck/icons/volume-mute-solid-red.png
+++ b/users/caperren/dotfiles/streamdeck/icons/volume-mute-solid-red.png
--- a/users/caperren/dotfiles/streamdeck/icons/volume-mute-solid.png
+++ b/users/caperren/dotfiles/streamdeck/icons/volume-mute-solid.png
--- a/users/caperren/dotfiles/streamdeck/icons/volume-up-solid.png
+++ b/users/caperren/dotfiles/streamdeck/icons/volume-up-solid.png
--- a/users/caperren/dotfiles/streamdeck/icons/window-close-regular-red.png
+++ b/users/caperren/dotfiles/streamdeck/icons/window-close-regular-red.png
--- a/users/caperren/dotfiles/streamdeck/icons/window-close-regular-white.png
+++ b/users/caperren/dotfiles/streamdeck/icons/window-close-regular-white.png
--- a/users/caperren/pubkeys/cap-nr200p.pub
+++ b/users/caperren/pubkeys/cap-nr200p.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILb5YZG6wCmqoevSHsP9f9eix3iugntBFy9hf/gkGb5v caperren@cap-nr200p
--- a/users/caperren/pubkeys/cap-slim7.pub
+++ b/users/caperren/pubkeys/cap-slim7.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKn/grpCtACdsrw1ocTBsf2Mc6hUZHNwvuZPk8K4UJ3p caperren@cap-slim7
--- a/users/cluster-admin/cluster-admin.nix
+++ b/users/cluster-admin/cluster-admin.nix
@@ -0,0 +1,44 @@
+{ config, pkgs, ... }:
+let
+  sshCaperrenDesktopPubkey = builtins.readFile ../caperren/pubkeys/cap-nr200p.pub;
+  sshCaperrenLaptopPubkey = builtins.readFile ../caperren/pubkeys/cap-slim7.pub;
+in
+{
+  users.users.cluster-admin = {
+    initialPassword = "changeme";
+    isNormalUser = true;
+    description = "Cluster Admin";
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+    ];
+    openssh.authorizedKeys.keys = [
+      sshCaperrenDesktopPubkey
+      sshCaperrenLaptopPubkey
+    ];
+  };
+
+  home-manager.users.cluster-admin = {
+    home.username = "cluster-admin";
+    home.homeDirectory = "/home/cluster-admin";
+    home.stateVersion = "25.05";
+
+    home.packages = with pkgs; [ ];
+
+    programs.bash.enable = true;
+
+    programs.git = {
+      enable = true;
+      settings.user = {
+        name = "Corwin Perren";
+        email = "caperren@gmail.com";
+      };
+
+    };
+
+    programs.kitty = {
+      enable = true;
+      font.name = "JetBrains Mono";
+    };
+  };
+}
Author	SHA1	Message	Date
Corwin Perren	5741ad3201	Added saleae logic analyzer udev rules	2025-12-14 22:37:46 -08:00
Corwin Perren	0124960481	Added saleae logic analyzer	2025-12-14 21:58:34 -08:00
Corwin Perren	3ccb462ae4	Remove lingering comment	2025-12-13 16:36:13 -08:00
Corwin Perren	4b886de443	Merge pull request #24 from caperren/working-branch Remove home-manager ssh config for now due to bad default permissions	2025-12-13 16:35:03 -08:00
Corwin Perren	6d8ec5e01c	Remove home-manager ssh config for now	2025-12-13 16:34:13 -08:00
Corwin Perren	4dd1207568	Merge pull request #23 from caperren/sops-testing sops-nix functional, and providing encrypted token for test cluster	2025-12-13 16:22:29 -08:00
Corwin Perren	1fe9c9c9cf	Secondaries need to inherit secondary config	2025-12-13 15:56:29 -08:00
Corwin Perren	d72c3d4e56	Re-enable secondaries	2025-12-13 15:28:48 -08:00
Corwin Perren	307cf5108c	Re-enable nix rebuild service for cluster	2025-12-13 15:23:24 -08:00
Corwin Perren	b110daed58	Re-enable primary server	2025-12-13 15:09:38 -08:00
Corwin Perren	180d6cf1b0	Reset cluster for change to sops-nix managed token	2025-12-13 15:06:11 -08:00
Corwin Perren	b3fd29faef	Fixed home manager inputs, and got sops-nix working for all current hosts	2025-12-13 14:54:15 -08:00
Corwin Perren	a3837016ae	Fixed sops config	2025-12-13 03:03:38 -08:00
Corwin Perren	d40951b6a8	Actually commit default.yaml	2025-12-13 02:36:59 -08:00
Corwin Perren	ade7bdd892	Add default.yaml for sops and set as such	2025-12-13 02:36:20 -08:00
Corwin Perren	420513c859	Had to run sops updatekeys to add new hosts	2025-12-13 02:31:36 -08:00
Corwin Perren	35c0153da9	Temporarily remove git autorebuild	2025-12-13 02:26:00 -08:00
Corwin Perren	154a177a51	Huh, guess it has to be relative	2025-12-13 02:21:29 -08:00
Corwin Perren	439d48d1bf	Absolute secrets path	2025-12-13 02:19:41 -08:00
Corwin Perren	71b9956ecd	Remove home manager sops for now	2025-12-13 02:17:15 -08:00
Corwin Perren	2b77870bda	Add config import	2025-12-13 02:05:26 -08:00
Corwin Perren	c65056be55	Import config for home manager settings	2025-12-13 01:59:07 -08:00
Corwin Perren	353135a2d9	Initial keys, and basic token file for sops cluster testing	2025-12-13 01:55:25 -08:00
Corwin Perren	c360755253	Add mesa-demos for glx testing, tweak to streamdeck for btop	2025-12-11 17:15:41 -08:00
Corwin Perren	8681caca01	Some comments	2025-12-10 10:37:04 -08:00
Corwin Perren	80e3eccd32	Small webcam privacy warning for laptop	2025-12-10 10:17:47 -08:00
Corwin Perren	3ceb749239	Start testing k3s	2025-12-10 10:17:44 -08:00
Corwin Perren	b16e7664b0	Merge pull request #22 from caperren/working-branch Added changes for homelab cube cluster, no longer using unstable branch for packages, improved sudoers entries	2025-12-07 21:38:03 -08:00
Corwin Perren	81d7174bdf	Put ncdu back, and enable ssh agent	2025-12-07 21:29:46 -08:00
Corwin Perren	8c284cc708	Final test	2025-12-07 21:15:01 -08:00
Corwin Perren	1fa619b95f	Revert to using system config path	2025-12-07 21:09:20 -08:00
Corwin Perren	0bfc3792be	Try current system path instead	2025-12-07 21:04:33 -08:00
Corwin Perren	df2327bfc0	Missing config import	2025-12-07 21:00:59 -08:00
Corwin Perren	28fbea14f6	Use system path config for sudoers changes	2025-12-07 20:59:19 -08:00
Corwin Perren	7611e586c8	Just make auto-rebuild passwordless for the cluster-admin	2025-12-07 20:54:39 -08:00
Corwin Perren	a8e001ebb1	Testing service	2025-12-07 20:45:18 -08:00
Corwin Perren	8d6736598e	Remove escape char	2025-12-07 20:40:41 -08:00
Corwin Perren	3fc2f34991	Switch to system config rebuild	2025-12-07 20:38:59 -08:00
Corwin Perren	0d9db0fd89	Add more paths	2025-12-07 20:35:41 -08:00
Corwin Perren	6e6ba6c71f	Flip quote styles	2025-12-07 20:31:32 -08:00
Corwin Perren	e797745a62	Copy settings from nix auto-upgrade	2025-12-07 20:26:55 -08:00
Corwin Perren	b2cfd98331	Remove double single-quote	2025-12-07 20:12:07 -08:00
Corwin Perren	4b0011d221	Command, not commands	2025-12-07 20:11:03 -08:00
Corwin Perren	6f852032c9	Seperate commands	2025-12-07 20:10:06 -08:00
Corwin Perren	90a55fab87	Double single quote	2025-12-07 20:08:26 -08:00
Corwin Perren	89b373db53	Allow git-auto-rebuild without password for admins	2025-12-07 20:06:26 -08:00
Corwin Perren	5d041ac5c7	Switch to packages definition	2025-12-07 19:58:48 -08:00
Corwin Perren	54bb3cb054	No auto-start	2025-12-07 19:54:46 -08:00
Corwin Perren	4b9374f753	Full paths for everything	2025-12-07 19:52:33 -08:00
Corwin Perren	9cd5470c55	Missing cd	2025-12-07 19:51:25 -08:00
Corwin Perren	561c632289	Switch to shell command and add git pull	2025-12-07 19:49:33 -08:00
Corwin Perren	40b6bde6a4	Misspelling	2025-12-07 19:47:58 -08:00
Corwin Perren	8c4de5f015	Testing git auto-rebuild for cluster	2025-12-07 19:45:59 -08:00
Corwin Perren	0d65e64e34	Remove kdenlive for build failure	2025-12-07 18:39:19 -08:00
Corwin Perren	9191d2c954	Add slim7 pubkey for ssh	2025-12-07 18:36:52 -08:00
Corwin Perren	f6387b341f	Fix clust-09 hardware	2025-12-07 18:20:20 -08:00
Corwin Perren	246c71dc43	Fix clust-08 hardware	2025-12-07 18:16:17 -08:00
Corwin Perren	1c944019f4	Add configs for other cluster hosts	2025-12-07 17:44:32 -08:00
Corwin Perren	dbd85672a3	Deduplicate cluster config	2025-12-07 17:28:12 -08:00
Corwin Perren	6cbde55575	Add cap-clust-01 to test	2025-12-07 17:04:34 -08:00
Corwin Perren	4fe3ce49e6	Add pubkeys for ssh on caperren and cluster admin from caperren account	2025-12-07 16:58:02 -08:00
Corwin Perren	e717edc177	Add cluster host definitions, cluster utilities, and admin, switch nixpkgs to stable	2025-12-07 16:46:54 -08:00
Corwin Perren	af7b1d1b63	Add solaar autostart	2025-12-07 15:49:10 -08:00
Corwin Perren	23cf49aec7	Merge pull request #21 from caperren/working-branch Virtualization configs, no waydroid, new work desk monitor, itch for games, new camera dashboard url, utils	2025-12-05 01:14:06 -08:00
Corwin Perren	c23b3eae53	Comments	2025-12-05 01:13:14 -08:00
Corwin Perren	b6a769c4fa	Replaced old broken lg monitor with equivalent and working dell	2025-12-05 01:09:26 -08:00
Corwin Perren	447ad9e125	Re-enable pcb2gcode, make itch window autoclose after startup since the application setting for it doesn't work, update monitoring dashboard url for streamdeck	2025-12-04 14:11:26 -08:00
Corwin Perren	1f27c34b09	Add dmidecode	2025-11-19 23:18:54 -08:00
Corwin Perren	379f039591	Autolaunch itch	2025-11-16 12:10:42 -08:00
Corwin Perren	05b706e37f	Switched to docker for virtualization, added itch games launcher	2025-11-14 15:17:27 -08:00
Corwin Perren	3392366413	Added virtualization container policy config	2025-11-07 15:41:57 -08:00
Corwin Perren	85e1ecd46a	Removed waydroid, enabled docker socket compat and added self to group, default to shutting phone screen off on rdp disconnect	2025-11-07 15:23:10 -08:00
Corwin Perren	b1376e1cea	Merge pull request #20 from caperren/working-branch Working branch	2025-11-07 15:04:45 -08:00
Corwin Perren	3f83fc9d57	Also make phone stay awake in rdp mode	2025-11-07 15:04:14 -08:00
Corwin Perren	f536cea5c3	Skip fullscreen option on phonerdp	2025-11-07 14:59:57 -08:00
Corwin Perren	3d5c6a443b	Added phonerdp desktop entry	2025-11-07 14:58:10 -08:00
Corwin Perren	283f9ad213	Re-enabled nvtop, nopasswd for nvtop, properly enable kitty with remote control, streamdeck now uses alltop, alltop desktop entry, j4-dmenu-desktop as wrapper for bemenu so that desktop entries show, fixed desktop entry location	2025-11-07 14:55:22 -08:00
Corwin Perren	513cf526d8	Added pinta for quick cropping and rotating of images	2025-11-06 17:40:00 -08:00
Corwin Perren	069de41562	Added quick command and desktop file to start an abd screen mirroring session for my android phone	2025-11-05 11:48:16 -08:00
Corwin Perren	5bf0216460	Switched flameshot for custom grim/wl-copy/swappy pipeline, new printscr shortcuts, minor refactoring of some modules, spotify_player swap for streamdeck, new area for hyprland scripts	2025-11-03 20:58:20 -08:00
Corwin Perren	62a324a746	Merge pull request #19 from caperren/working-branch Fix kitty accidentally launching glances	2025-10-31 20:06:19 -07:00
Corwin Perren	e380f07018	Fix kitty accidentally launching glances	2025-10-31 20:05:23 -07:00
Corwin Perren	424a74773f	Merge pull request #18 from caperren/working-branch General cleanup and refactoring, added glances with config, managed streamdeck config and created new ui for it	2025-10-31 19:59:53 -07:00
Corwin Perren	064a996b73	Added gimp, removed glances desktop, created new managed streamdeck config with logos	2025-10-31 19:58:39 -07:00
Corwin Perren	20e338c380	Added streamdeck config and icons to home-manager, moved jetbrains toolbox desktop entry to dotfiles	2025-10-31 16:23:55 -07:00
Corwin Perren	57b5471d58	Added glances as all-in-one system monitor, initial config, desktop entry	2025-10-31 14:51:27 -07:00
Corwin Perren	c53b236d5b	Merge pull request #17 from caperren/working-branch Revert nrs alias usage, add imv viewer and set as default	2025-10-31 12:43:27 -07:00
Corwin Perren	aa5037b107	Add imv viewer, set as default	2025-10-31 12:41:25 -07:00
Corwin Perren	1de9399021	Reverted nrs alias usage	2025-10-31 01:34:28 -07:00
Corwin Perren	5748f4b2e7	Merge pull request #16 from caperren/working-branch Trace versions of rebuild and update commands, fixes, firefox as default web handler	2025-10-30 11:01:52 -07:00
Corwin Perren	8a573b1726	Added trace versions of nix rebuild and update, fixed a font name that was changed, commented nvtop for failing build, switched btop to cuda variant	2025-10-30 10:57:17 -07:00
Corwin Perren	6d59c86b02	Make firefox default web link application, added new potential background	2025-10-29 20:49:37 -07:00
Corwin Perren	f3843fd686	Merge pull request #15 from caperren/working-branch Added qt5ct, xev, added theming to bemenu, new background (unused), b…	2025-10-28 10:00:17 -07:00
Corwin Perren	e71e9c7a1d	Added qt5ct, xev, added theming to bemenu, new background (unused), background folder refactor	2025-10-28 09:59:30 -07:00
				`@@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILb5YZG6wCmqoevSHsP9f9eix3iugntBFy9hf/gkGb5v caperren@cap-nr200p`
				`@@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKn/grpCtACdsrw1ocTBsf2Mc6hUZHNwvuZPk8K4UJ3p caperren@cap-slim7`