fix: Disable GNOME extension version validation

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1758287904,
-        "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
+        "lastModified": 1764350888,
+        "narHash": "sha256-6Rp18zavTlnlZzcoLoBTJMBahL2FycVkw2rAEs3cQvo=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
+        "rev": "2055a08fd0e2fd41318279a5355eb8a161accf26",
         "type": "github"
       },
       "original": {
@@ -79,11 +79,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759853171,
-        "narHash": "sha256-uqbhyXtqMbYIiMqVqUhNdSuh9AEEkiasoK3mIPIVRhk=",
+        "lastModified": 1764304195,
+        "narHash": "sha256-bO7FN/bF6gG7TlZpKAZjO3VvfsLaPFkefeUfJJ7F/7w=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "1a09eb84fa9e33748432a5253102d01251f72d6d",
+        "rev": "86ff0ef506c209bb397849706e85cc3a913cb577",
         "type": "github"
       },
       "original": {
@@ -172,11 +172,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1762111121,
-        "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=",
+        "lastModified": 1764242076,
+        "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4",
+        "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4",
         "type": "github"
       },
       "original": {
@@ -186,6 +186,22 @@
         "type": "github"
       }
     },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1763049705,
+        "narHash": "sha256-A5LS0AJZ1yDPTa2fHxufZN++n8MCmtgrJDtxFxrH4S8=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "3acb677ea67d4c6218f33de0db0955f116b7588c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "disko": "disko",
@@ -195,9 +211,9 @@
         "nix-minecraft": "nix-minecraft",
         "nix-modpack": "nix-modpack",
         "nixpkgs": "nixpkgs",
+        "nixpkgs-stable": "nixpkgs-stable",
         "secrets": "secrets",
-        "sops-nix": "sops-nix",
-        "stable-nixpkgs": "stable-nixpkgs"
+        "sops-nix": "sops-nix"
       }
     },
     "secrets": {
@@ -235,22 +251,6 @@
         "type": "github"
       }
     },
-    "stable-nixpkgs": {
-      "locked": {
-        "lastModified": 1759735786,
-        "narHash": "sha256-a0+h02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "20c4598c84a671783f741e02bf05cbfaf4907cff",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-25.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,

flake.nix

@@ -3,7 +3,7 @@
 
   inputs = {
     # General inputs
-    stable-nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05";
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     home-manager.url = "github:nix-community/home-manager";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";

glue/default.nix

@@ -4,6 +4,10 @@ let
   nixpkgs = inputs.nixpkgs;
   lib = nixpkgs.lib;
 
+  nixpkgs-config = {
+    allowUnfree = true;
+  };
+
   importDir =
     path: fn:
     let
@@ -49,6 +53,13 @@ let
     pkgs = (
       import inputs.nixpkgs {
         inherit system;
+        config = nixpkgs-config;
+      }
+    );
+    stable-pkgs = (
+      import inputs.nixpkgs-stable {
+        inherit system;
+        config = nixpkgs-config;
       }
     );
   });
@@ -118,13 +129,22 @@ let
       nixpkgs.overlays = [ overlay ] ++ inputOverlays;
     };
 
+  nixpkgsModule =
+    { ... }:
+    {
+      nixpkgs.config = nixpkgs-config;
+    };
+
   nixosConfigurations = importDir "${flake}/hosts" (
     attrs:
     lib.mapAttrs (
       name: entry:
+      let
+        pkgs-stable = systemArgs."x86_64-linux".stable-pkgs;
+      in
       lib.nixosSystem {
         specialArgs = {
-          inherit inputs;
+          inherit inputs pkgs-stable;
         };
         modules =
           let
@@ -144,7 +164,7 @@ let
               { ... }:
               {
                 home-manager.extraSpecialArgs = {
-                  inherit inputs;
+                  inherit inputs pkgs-stable;
                 };
                 home-manager.sharedModules = homeModules ++ homeProfiles ++ inputHomeModules;
                 home-manager.useUserPackages = true;
@@ -158,6 +178,7 @@ let
             systemPath
             overlayModule
             usersModule
+            nixpkgsModule
           ]
           ++ nixosModules
           ++ nixosProfiles

hosts/20212060/configuration.nix

@@ -1,4 +1,9 @@
-{ inputs, pkgs, ... }:
+{
+  inputs,
+  pkgs,
+  lib,
+  ...
+}:
 
 {
   # State version
@@ -11,6 +16,7 @@
   users.users.jan.extraGroups = [
     "wheel"
     "wireshark"
+    "podman"
   ];
 
   # Set up kerberos
@@ -24,6 +30,65 @@
     };
   };
 
+  services.netbird = {
+    enable = true;
+  };
+
+  # TODO: Move clatd setup
+
+  # services.clatd = {
+  #   enable = true;
+  #   enableNetworkManagerIntegration = true;
+  # };
+  # networking.networkmanager.settings = {
+  #   connection."ipv6.clat" = "yes";
+  # };
+  networking.networkmanager.package = pkgs.networkmanager.overrideAttrs (
+    final: prev: {
+      src = pkgs.fetchFromGitLab {
+        domain = "gitlab.freedesktop.org";
+        owner = "Mstrodl";
+        repo = "NetworkManager";
+        # rev = "d367285a1fec5167f2fa94af2ea1448b6e21650e";
+        # sha256 = "0BHxuJ6KtFoVxh2Xt0bq4oM3q87QBhtawyMtixz/cPs=";
+        rev = "fa3b0c6ade05a67316520d143608c5bd9963a23c";
+        hash = "sha256-7TENrRDKXMFPWv6oDuBWBYIBrDvNsy/JGtkppMk1oQo=";
+      };
+
+      postPatch = prev.postPatch + ''
+        substituteInPlace meson.build \
+          --replace "find_program('clang'" "find_program('${pkgs.stdenv.cc.targetPrefix}clang'"
+      '';
+
+      hardeningDisable = [
+        "zerocallusedregs"
+        "shadowstack"
+        "pacret"
+      ];
+
+      nativeBuildInputs =
+        prev.nativeBuildInputs
+        ++ (with pkgs; [
+          xdp-tools
+          bpftools
+          buildPackages.llvmPackages.clang
+          buildPackages.llvmPackages.libllvm
+        ]);
+
+      buildInputs =
+        prev.buildInputs
+        ++ (with pkgs; [
+          libbpf
+        ]);
+
+      mesonFlags = prev.mesonFlags ++ [
+        "-Dclat=true"
+        "-Dnbft=false"
+        "-Dbpf-compiler=clang"
+      ];
+    }
+  );
+
   # TODO: Remove once laptop is properly integrated into domain
   programs.ssh = {
     package = pkgs.openssh_gssapi;
@@ -58,6 +123,30 @@
     };
   };
 
+  # Enable flatpak
+  services.flatpak.enable = true;
+
+  # Set up MADD
+  # services.madd-client = {
+  #   enable = true;
+  #   endpoint = "http://localhost:3000";
+  #   interface = "wlp0s20f3";
+  # };
+  # services.madd-server = {
+  #   enable = true;
+  #   settings = {
+  #     bind = "127.0.0.1:3000";
+  #     zone = "lab.bulthuis.dev";
+  #     networks = [ "10.0.0.0/8" ];
+  #     registration_limit = 1;
+  #     dns_server = "127.0.0.1:2053";
+  #     tsig_key_name = "madd";
+  #     tsig_key_file = "/home/jan/Code/MADD/madd.tsig";
+  #     tsig_algorithm = "hmac-sha256";
+  #     data_dir = "/var/lib/madd";
+  #   };
+  # };
+
   # Module setup
   modules = {
     profiles.laptop.enable = true;
@@ -66,4 +155,52 @@
   imports = [
     ./hardware-configuration.nix
   ];
+
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = true;
+    dockerSocket.enable = true;
+    autoPrune.enable = true;
+  };
+
+  environment.systemPackages =
+    let
+      wrapProgram =
+        pkg: bwrapArgs:
+        pkgs.runCommandLocal pkg.name { bwrapArgs = (lib.join " \\\n" bwrapArgs) + " \\"; } ''
+          mkdir -p $out
+
+          # Link all top level folders
+          ln -s ${pkg}/* $out
+
+          # Except for bin
+          rm $out/bin
+          mkdir -p $out/bin
+
+          # Wrap each executable
+          for file in ${pkg}/bin/*; do
+            base=$(basename $file)
+            echo "#!/usr/bin/env bash" > $out/bin/$base
+            echo "exec ${pkgs.bubblewrap}/bin/bwrap \\" >> $out/bin/$base
+            echo "$bwrapArgs" >> $out/bin/$base
+            echo "-- $file \"\$@\"" >> $out/bin/$base
+            chmod +x $out/bin/$base
+          done
+        '';
+      wish = pkgs.writeShellScriptBin "wish" ''
+        env
+        exec ${lib.getExe pkgs.firefox} "$@"
+      '';
+    in
+    [
+      (wrapProgram wish [
+        "--new-session"
+        "--unshare-all"
+        "--clearenv"
+        "--dev /dev"
+        "--proc /proc"
+        "--ro-bind /nix/store /nix/store"
+        "--bind $HOME/Code $HOME/Code"
+      ])
+    ];
 }

hosts/20212060/users/compprog.nix

@@ -0,0 +1,120 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+
+{
+  home.stateVersion = "24.11";
+
+  home.packages = with pkgs; [
+    # Desktop environment
+    gnome-text-editor
+    gnome-calculator
+    gnome-console
+    gnome-logs
+    gnome-system-monitor
+    nautilus
+    adwaita-icon-theme
+    gnome-control-center
+    gnome-shell-extensions
+    glib
+    gnome-menus
+    gtk3.out
+    xdg-user-dirs
+    xdg-user-dirs-gtk
+    cantarell-fonts
+    dejavu_fonts
+    source-code-pro
+    source-sans
+    gnome-session
+    adwaita-fonts
+
+    # Coding tools
+    vim-full
+    nano
+    neovim
+    emacs
+    gedit
+    geany
+    kdePackages.kate
+    vscode
+    python310
+    jdk17
+    gnumake
+    gcc
+    lldb
+    # pypy310
+
+    # Runners
+    (writeShellScriptBin "mygcc" "gcc -std=gnu17 -x c -Wall -O2 -static -pipe -o $1 \"$1.c\" -lm")
+    (writeShellScriptBin "mygpp" "g++ -std=gnu++20 -x c++ -Wall -O2 -static -pipe -o $1 \"$1.cpp\" -lm")
+    (writeShellScriptBin "mypython" "python3 $@")
+    (writeShellScriptBin "myjavac" "javac -encoding UTF-8 -sourcepath . -d . $@")
+    (writeShellScriptBin "mykotlinc" "kotlinc -d . $@")
+  ];
+
+  modules.profiles.gnome.enable = true;
+
+  programs.vscode = {
+    enable = true;
+    mutableExtensionsDir = false;
+    profiles.default = {
+      extensions = with pkgs.vscode-extensions; [
+        ms-vscode.cpptools
+        ms-dotnettools.csharp
+        formulahendry.code-runner
+        vscjava.vscode-java-debug
+        dbaeumer.vscode-eslint
+        redhat.java
+        ms-python.python
+      ];
+    };
+  };
+
+  programs.firefox = {
+    enable = true;
+    package = pkgs.firefox;
+    profiles.default = {
+      settings = {
+        "browser.startup.homepage" = "https://domjudge.bulthuis.dev";
+      };
+      bookmarks = {
+        force = true;
+        settings = [
+          {
+            name = "Sites";
+            toolbar = true;
+            bookmarks = [
+              {
+                name = "C Reference";
+                url = "https://en.cppreference.com/w/c";
+              }
+              {
+                name = "C++ Reference";
+                url = "https://en.cppreference.com/w/cpp";
+              }
+              {
+                name = "Python 3.10 documentation";
+                url = "https://docs.python.org/3.10/download.html";
+              }
+              {
+                name = "Java 17 API Specification";
+                url = "https://docs.oracle.com/en/java/javase/17/docs/api/";
+              }
+              {
+                name = "Kotlin Language Documentation";
+                url = "https://kotlinlang.org/docs/kotlin-reference.pdf";
+              }
+              {
+                name = "DOMjudge Team Manual";
+                url = "https://www.domjudge.org/docs/manual/main/index.html";
+              }
+            ];
+          }
+        ];
+      };
+    };
+  };
+}

hosts/20212060/users/jan.nix

@@ -1,4 +1,5 @@
 {
+  pkgs,
   ...
 }:
 
@@ -6,4 +7,25 @@
   home.stateVersion = "24.11";
 
   modules.profiles.jan.enable = true;
+
+  # home.packages = with pkgs; [
+  #   opencloud-desktop
+  #   code-nautilus
+  #   nautilus-open-in-blackbox
+  # ];
+
+  xdg.desktopEntries = {
+    canvas = {
+      name = "Canvas";
+      type = "Application";
+      exec = "${pkgs.chromium}/bin/chromium --app=\"https://canvas.tue.nl\" --user-data-dir=/home/jan/.local/state/Canvas";
+      settings.StartupWMClass = "chrome-canvas.tue.nl__-Default";
+    };
+    overleaf = {
+      name = "Overleaf";
+      type = "Application";
+      exec = "${pkgs.chromium}/bin/chromium --app=\"https://www.overleaf.com\" --user-data-dir=/home/jan/.local/state/Overleaf";
+      settings.StartupWMClass = "chrome-www.overleaf.com__-Default";
+    };
+  };
 }

hosts/vm-infra/configuration.nix

@@ -18,6 +18,22 @@
   # Setup JOOL NAT64
   networking.jool = {
     enable = true;
-    nat64.default = { };
+    nat64.default = {
+      global.pool6 = "64:ff9b::/96";
+      pool4 = [
+        {
+          protocol = "TCP";
+          prefix = "10.64.0.1/32";
+        }
+        {
+          protocol = "UDP";
+          prefix = "10.64.0.1/32";
+        }
+        {
+          protocol = "ICMP";
+          prefix = "10.64.0.1/32";
+        }
+      ];
+    };
   };
 }

hosts/ws-think/configuration.nix

@@ -0,0 +1,107 @@
+{
+  inputs,
+  pkgs,
+  lib,
+  ...
+}:
+
+{
+  # State version
+  system.stateVersion = "24.05";
+
+  # Machine hostname
+  networking.hostName = "ws-think";
+
+  # Admin users
+  users.users.jan.extraGroups = [
+    "wheel"
+    "wireshark"
+    "podman"
+    "libvirtd"
+  ];
+
+  # Set up kerberos
+  security.krb5 = {
+    enable = true;
+    settings = {
+      libdefaults = {
+        rdns = false;
+      };
+      realms = (inputs.secrets.gewis.krb5Realm);
+    };
+  };
+
+  services.netbird = {
+    enable = true;
+  };
+
+  # SSH X11 forwarding
+  programs.ssh.forwardX11 = true;
+
+  # Enable older samba versions
+  services.samba = {
+    enable = true;
+    settings = {
+      global = {
+        "invalid users" = [ "root" ];
+        "passwd program" = "/run/wrappers/bin/passwd %u";
+        "security" = "user";
+        "client min protocol" = "NT1";
+      };
+    };
+  };
+
+  # TODO: Remove once laptop is properly integrated into domain
+  programs.ssh = {
+    package = pkgs.openssh_gssapi;
+    extraConfig = ''
+      GSSAPIAuthentication yes
+    '';
+  };
+
+  # Enable virtualisation for VMs
+  virtualisation.libvirtd.enable = true;
+  programs.virt-manager.enable = true;
+
+  # Enable wireshark
+  programs.wireshark = {
+    enable = true;
+    dumpcap.enable = true;
+    usbmon.enable = true;
+  };
+
+  # Enable Nix-LD
+  programs.nix-ld = {
+    enable = true;
+  };
+
+  # Set up wstunnel client
+  services.wstunnel = {
+    enable = true;
+    clients.wg-tunnel = {
+      connectTo = "wss://tunnel.bulthuis.dev:443";
+      settings.local-to-remote = [
+        "udp://51820:10.10.40.100:51820"
+      ];
+    };
+  };
+
+  # Enable flatpak
+  services.flatpak.enable = true;
+
+  # Module setup
+  modules = {
+    profiles.laptop.enable = true;
+  };
+
+  # Set up podman
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = true;
+    dockerSocket.enable = true;
+    autoPrune.enable = true;
+  };
+
+  # Set up hardware
+  imports = [ ./hardware-configuration.nix ];
+}

hosts/ws-think/hardware-configuration.nix

@@ -0,0 +1,58 @@
+{ ... }:
+
+{
+  # Machine platform
+  nixpkgs.hostPlatform = "x86_64-linux";
+
+  # Set hostid (required for ZFS)
+  networking.hostId = "deadbeef";
+
+  modules.disko = {
+    enable = true;
+    profile = "ws-think";
+  };
+
+  # Hardware configuration
+  hardware.enableRedistributableFirmware = true;
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "nvme"
+    "usb_storage"
+    "sd_mod"
+    "rtsx_pci_sdmmc"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+  hardware.cpu.intel.updateMicrocode = true;
+
+  # Filesystems
+  fileSystems = {
+    "/" = {
+      device = "tank/root";
+      fsType = "zfs";
+      options = [ "zfsutil" ];
+    };
+
+    "/nix" = {
+      device = "tank/nix";
+      fsType = "zfs";
+      options = [ "zfsutil" ];
+    };
+
+    "/persist" = {
+      device = "tank/persist";
+      fsType = "zfs";
+      options = [ "zfsutil" ];
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/46BF-DE2C";
+      fsType = "vfat";
+      options = [
+        "fmask=0077"
+        "dmask=0077"
+      ];
+    };
+  };
+}

hosts/ws-think/users/jan.nix

@@ -0,0 +1,31 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+  home.stateVersion = "25.11";
+
+  modules.profiles.jan.enable = true;
+
+  # home.packages = with pkgs; [
+  #   opencloud-desktop
+  #   code-nautilus
+  #   nautilus-open-in-blackbox
+  # ];
+
+  xdg.desktopEntries = {
+    canvas = {
+      name = "Canvas";
+      type = "Application";
+      exec = "${pkgs.chromium}/bin/chromium --app=\"https://canvas.tue.nl\" --user-data-dir=/home/jan/.local/state/Canvas";
+      settings.StartupWMClass = "chrome-canvas.tue.nl__-Default";
+    };
+    overleaf = {
+      name = "Overleaf";
+      type = "Application";
+      exec = "${pkgs.chromium}/bin/chromium --app=\"https://www.overleaf.com\" --user-data-dir=/home/jan/.local/state/Overleaf";
+      settings.StartupWMClass = "chrome-www.overleaf.com__-Default";
+    };
+  };
+}

modules/home/desktop/gnome.nix

@@ -18,11 +18,11 @@ in
     # TODO: Enable extensions (declaratively) with dconf
 
     home.pointerCursor = {
+      enable = true;
       name = "capitaine-cursors";
       size = 24;
       package = pkgs.capitaine-cursors;
       gtk.enable = true;
-      x11.enable = true;
     };
 
     home.packages =
@@ -53,16 +53,19 @@ in
         gnome-calendar
 
         # For theming gtk3
-        adw-gtk3
+        # adw-gtk3 # TODO: Do this better, same for morewaita, not sure if it even works
 
         # More icons
-        morewaita-icon-theme
+        # morewaita-icon-theme
       ]
       ++ (with pkgs.gnomeExtensions; [
         gsconnect
         disable-workspace-animation
         wallpaper-slideshow
         media-progress
+        mpris-label
+        pip-on-top
+        rounded-window-corners-reborn
       ]);
 
     # Set up gnome terminal as changing the default terminal is a pain
@@ -75,19 +78,19 @@ in
     };
 
     # Enable and set the gtk themes
-    gtk = {
-      enable = true;
-      gtk3.extraConfig = {
-        gtk-theme-name = "adw-gtk3";
-      };
-      gtk4.extraConfig = {
-        gtk-theme-name = "Adwaita";
-      };
-    };
+    # gtk = {
+    #   enable = true;
+    #   gtk3.extraConfig = {
+    #     gtk-theme-name = "adw-gtk3";
+    #   };
+    #   gtk4.extraConfig = {
+    #     gtk-theme-name = "Adwaita";
+    #   };
+    # };
 
     # Set the theme with dconf
-    dconf.settings."org/gnome/desktop/interface" = {
-      gtk-theme = "adw-gtk3";
-    };
+    # dconf.settings."org/gnome/desktop/interface" = {
+    #   gtk-theme = "adw-gtk3";
+    # };
   };
 }

modules/home/development/mathematica.nix

@@ -9,10 +9,11 @@ with lib;
 let
   cfg = config.modules.mathematica;
 
-  my-mathematica = pkgs.mathematica.override {
+  my-mathematica = pkgs.mathematica.overrideAttrs (old: {
+    force-rebuild = "1";
     # TODO: Just use a generic name for the installer?
     # source = ./Wolfram_14.2.1_LIN_Bndl.sh;
-  };
+  });
 in
 {
   options.modules.mathematica = {
@@ -21,6 +22,7 @@ in
 
   config = mkIf cfg.enable {
     home.packages = [
+      # pkgs.mathematica-cuda
       my-mathematica
     ];
   };

packages/helix.nix

@@ -0,0 +1,82 @@
+{
+  fetchFromGitHub,
+  fetchzip,
+  lib,
+  rustPlatform,
+  git,
+  installShellFiles,
+  versionCheckHook,
+  nix-update-script,
+}:
+
+rustPlatform.buildRustPackage (final: rec {
+  pname = "helix";
+  version = "25.07.1";
+
+  # This release tarball includes source code for the tree-sitter grammars,
+  # which is not ordinarily part of the repository.
+  src = fetchFromGitHub {
+    owner = "helix-editor";
+    repo = "helix";
+    rev = "109c812233e442addccf1739dec4406248bd3244";
+    hash = "sha256-c3fpREWUKGonlmV/aesmyRxbJZQypHgXStR7SwdcCo0=";
+  };
+  grammars = fetchzip {
+    url = "https://github.com/helix-editor/helix/releases/download/${final.version}/helix-${final.version}-source.tar.xz";
+    hash = "sha256-Pj/lfcQXRWqBOTTWt6+Gk61F9F1UmeCYr+26hGdG974=";
+    stripRoot = false;
+  };
+
+  cargoHash = "sha256-g5MfCedLBiz41HMkIHl9NLWiewE8t3H2iRKOuWBmRig=";
+
+  nativeBuildInputs = [
+    git
+    installShellFiles
+  ];
+
+  env.HELIX_DEFAULT_RUNTIME = "${placeholder "out"}/lib/runtime";
+
+  patchPhase = ''
+    # Add the runtime data
+    rm -r runtime
+    cp ${grammars}/languages.toml languages.toml
+    cp -r ${grammars}/runtime runtime
+    chmod -R u+w runtime
+  '';
+
+  postInstall = ''
+    # not needed at runtime
+    rm -r runtime/grammars/sources
+
+    mkdir -p $out/lib
+    cp -r runtime $out/lib
+    installShellCompletion contrib/completion/hx.{bash,fish,zsh}
+    mkdir -p $out/share/{applications,icons/hicolor/256x256/apps}
+    cp contrib/Helix.desktop $out/share/applications
+    cp contrib/helix.png $out/share/icons/hicolor/256x256/apps
+  '';
+
+  nativeInstallCheckInputs = [
+    versionCheckHook
+  ];
+  versionCheckProgram = "${placeholder "out"}/bin/hx";
+  versionCheckProgramArg = "--version";
+  doInstallCheck = true;
+
+  passthru = {
+    updateScript = nix-update-script { };
+  };
+
+  meta = {
+    description = "Post-modern modal text editor";
+    homepage = "https://helix-editor.com";
+    changelog = "https://github.com/helix-editor/helix/blob/${final.version}/CHANGELOG.md";
+    license = lib.licenses.mpl20;
+    mainProgram = "hx";
+    maintainers = with lib.maintainers; [
+      danth
+      yusdacra
+      zowoq
+    ];
+  };
+})

packages/open-stage-control.nix

@@ -0,0 +1,104 @@
+{
+  lib,
+  buildNpmPackage,
+  fetchFromGitHub,
+  makeBinaryWrapper,
+  makeDesktopItem,
+  copyDesktopItems,
+  nodejs_20,
+  electron,
+  python3,
+  nix-update-script,
+}:
+
+buildNpmPackage rec {
+  pname = "open-stage-control";
+  version = "1.29.8";
+
+  src = fetchFromGitHub {
+    owner = "jean-emmanuel";
+    repo = "open-stage-control";
+    rev = "v${version}";
+    hash = "sha256-518KXvNffLOV2aIWlLJcnPzxEbWxYdjWeiDBC1jlecQ=";
+  };
+
+  # Remove some Electron stuff from package.json
+  postPatch = ''
+    sed -i -e '/"electron"\|"electron-installer-debian"/d' package.json
+  '';
+
+  npmDepsHash = "sha256-U4zwYL5URNW0y0W4WvWAVL0hubiiU+2z9F5mDE9l8UU=";
+
+  nodejs = nodejs_20;
+
+  nativeBuildInputs = [
+    copyDesktopItems
+    makeBinaryWrapper
+  ];
+
+  buildInputs = [
+    python3.pkgs.python-rtmidi
+  ];
+
+  doInstallCheck = true;
+
+  makeCacheWritable = true;
+  npmFlags = [
+    "--legacy-peer-deps"
+    "--skip-pkg"
+  ];
+
+  # Override installPhase so we can copy the only directory that matters (app)
+  installPhase = ''
+    runHook preInstall
+
+    # copy built app and node_modules directories
+    mkdir -p $out/lib/node_modules/open-stage-control
+    cp -r app $out/lib/node_modules/open-stage-control/
+
+    # copy icon
+    install -Dm644 resources/images/logo.png $out/share/icons/hicolor/256x256/apps/open-stage-control.png
+    install -Dm644 resources/images/logo.svg $out/share/icons/hicolor/scalable/apps/open-stage-control.svg
+
+    # wrap electron and include python-rtmidi
+    makeWrapper '${electron}/bin/electron' $out/bin/open-stage-control \
+      --inherit-argv0 \
+      --add-flags $out/lib/node_modules/open-stage-control/app \
+      --prefix PYTHONPATH : "$PYTHONPATH" \
+      --prefix PATH : '${lib.makeBinPath [ python3 ]}'
+
+    runHook postInstall
+  '';
+
+  installCheckPhase = ''
+    XDG_CONFIG_HOME="$(mktemp -d)" $out/bin/open-stage-control --help
+  '';
+
+  desktopItems = [
+    (makeDesktopItem {
+      name = "open-stage-control";
+      exec = "open-stage-control";
+      icon = "open-stage-control";
+      desktopName = "Open Stage Control";
+      comment = meta.description;
+      categories = [
+        "Network"
+        "Audio"
+        "AudioVideo"
+        "Midi"
+      ];
+      startupWMClass = "open-stage-control";
+    })
+  ];
+
+  passthru.updateScript = nix-update-script { };
+
+  meta = with lib; {
+    description = "Libre and modular OSC / MIDI controller";
+    homepage = "https://openstagecontrol.ammd.net/";
+    license = licenses.gpl3Only;
+    maintainers = [ ];
+    platforms = platforms.linux;
+    mainProgram = "open-stage-control";
+  };
+}

profiles/disko/ws-think.nix

@@ -0,0 +1,65 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/sda";
+        imageSize = "64G"; # For test VMs
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            zfs = {
+              end = "-16G";
+              content = {
+                type = "zfs";
+                pool = "tank";
+              };
+            };
+            swap = {
+              size = "100%";
+              content = {
+                type = "swap";
+                discardPolicy = "both";
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      tank = {
+        type = "zpool";
+        rootFsOptions = {
+          compression = "zstd";
+        };
+        mountpoint = null;
+        postCreateHook = "zfs snapshot -r tank@blank && zfs hold -r blank tank@blank";
+
+        datasets = {
+          root = {
+            type = "zfs_fs";
+            mountpoint = "/";
+          };
+          nix = {
+            type = "zfs_fs";
+            mountpoint = "/nix";
+          };
+          persist = {
+            type = "zfs_fs";
+            mountpoint = "/persist";
+          };
+        };
+      };
+    };
+  };
+}

profiles/home/gnome.nix

@@ -16,9 +16,15 @@ in
 
   config = mkIf cfg.enable {
     home.packages = with pkgs; [
-      firefox # TODO: Move to dediated module
+      # firefox # TODO: Move to dediated module
     ];
 
+    dconf.settings = {
+      "org/gnome/shell" = {
+        disable-extension-version-validation = true;
+      };
+    };
+
     modules = {
       profiles.base.enable = true;
 

profiles/home/jan.nix

@@ -1,7 +1,9 @@
 {
   pkgs,
+  pkgs-stable,
   lib,
   config,
+  inputs,
   ...
 }:
 
@@ -16,34 +18,141 @@ in
 
   config = mkIf cfg.enable {
     home.packages = with pkgs; [
-      libreoffice-still
+      firefox
+      # inputs.stable-nixpkgs.legacyPackages.${config.nixpkgs.hostPlatform}.libreoffice
+      libreoffice
       remmina
       thunderbird
       signal-desktop
       prusa-slicer
       freecad-wayland
       inkscape
-      ente-auth
+      # ente-auth
+      audacity
       carla
-      winbox
-      whatsapp-for-linux
+      pkgs-stable.winbox
+      # whatsapp-for-linux
+      wasistlos
       discord
       steam
       spotify
-      feishin
+      # feishin
       eduvpn-client
-      river # TODO: Move
       ryubing
       bottles
       prismlauncher
       foliate
       wireshark
       obsidian
-      devenv
-      kicad
+      # devenv
+      # kicad
       vlc
+      authenticator
+
+      podman
+      podman-compose
+
+      gnome-network-displays
+      gnome-logs
     ];
 
+    programs.helix = {
+      enable = true;
+      defaultEditor = true;
+      # settings = {
+      #   theme = {
+      #     light = "adwaita-light";
+      #     dark = "adwaita-dark";
+      #     fallback = "default";
+      #   };
+      # };
+      extraPackages = with pkgs; [
+        bash-language-server # Bash
+        fish-lsp # Fish
+        systemd-lsp # Systemd
+        yaml-language-server # Yaml
+        taplo # Toml
+        nixd # Nix
+        protols # Protobuf
+        dockerfile-language-server # Dockerfile
+        docker-compose-language-service # Docker compose
+
+        clang-tools # C, C++
+        neocmakelsp # Cmake
+        rust-analyzer # Rust
+        lldb # C, C++, Rust
+        zls # Zig
+
+        texlab # Latex
+        tinymist # Typst
+        marksman # Markdown
+        markdown-oxide # Markdown
+        vscode-langservers-extracted # HTML, CSS, JSON, ESLint
+        typescript-language-server # Typescript, Javascript
+        intelephense # PHP
+        vue-language-server # Vue
+
+        ruff # Python
+        basedpyright # Python
+
+        helix-gpt # Copilot
+
+        # texlab # Latex, Bibtex
+        # bibtex-tidy # Bibtex
+        # docker-langserver # Dockerfile
+        # docker-compose-langserver # Docker compose
+        # elixir-ls # Elixir
+        # gopls # Go
+        # golangci-lint-langserver # Go
+        # dlv # Go
+        # haskell-language-server # Haskell
+        # julia # Julia
+        # kotlin-language-server # Kotlin
+        # lua-language-server # Lua
+        # slint-lsp # Slint
+        # tinymist # Typst
+      ];
+      languages = {
+        language-server = {
+          basedpyright = {
+            command = "basedpyright-langserver";
+            args = [ "--stdio" ];
+          };
+          tinymist = {
+            command = "tinymist";
+            config.preview.background = {
+              enabled = true;
+              args = [
+                "--data-plane-host=127.0.0.1:23635"
+                "--invert-colors=never"
+                "--open"
+              ];
+            };
+          };
+        };
+        language = [
+          {
+            name = "python";
+            language-servers = [
+              {
+                name = "basedpyright";
+                except-features = [ "diagnostics" ];
+              }
+              "ruff"
+            ];
+            auto-format = true;
+            formatter = {
+              command = "ruff";
+              args = [
+                "format"
+                "-"
+              ];
+            };
+          }
+        ];
+      };
+    };
+
     modules = {
       profiles.gnome.enable = true;
 
@@ -68,14 +177,14 @@ in
       xpra = {
         enable = true;
         hosts = [
-          "mixer@10.20.60.251"
+          "mixer@10.20.40.100"
         ];
       };
 
       # Development
       # docker.enable = true;
       # matlab.enable = true;
-      mathematica.enable = true;
+      # mathematica.enable = true;
 
       # Languages
       haskell.enable = false;
@@ -84,8 +193,8 @@ in
       rust.enable = true;
       python.enable = true;
       cpp.enable = true;
-      tex.enable = true;
-      jupyter.enable = false;
+      tex.enable = false;
+      jupyter.enable = true;
       go.enable = true;
     };
   };

profiles/nixos/base.nix

@@ -45,9 +45,6 @@ in
       defaultEditor = true;
     };
 
-    # Allow unfree packages
-    nixpkgs.config.allowUnfree = true;
-
     # Enable the usage of flakes
     nix.settings.experimental-features = [
       "nix-command"