12 files changed, 78 insertions, 72 deletions

diff --git a/hosts/kaworu/default.nix b/hosts/kaworu/default.nix
index 5056512..940f3fc 100644
--- a/hosts/kaworu/default.nix
+++ b/hosts/kaworu/default.nix
@@ -1,6 +1,6 @@
 # Kaworu
 # System configuration for my desktop
-{...}: {
+_: {
   imports = [
     ./hardware.nix
   ];
diff --git a/hosts/kaworu/hardware.nix b/hosts/kaworu/hardware.nix
index 8b49109..c3c9a57 100644
--- a/hosts/kaworu/hardware.nix
+++ b/hosts/kaworu/hardware.nix
@@ -1,4 +1,4 @@
-{...}: {
+_: {
   # bootloader
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi = {
diff --git a/hosts/shinji/42-logitech-unify-permissions.rules b/hosts/shinji/42-logitech-unify-permissions.rules
deleted file mode 100644
index e52c9b0..0000000
--- a/hosts/shinji/42-logitech-unify-permissions.rules
+++ /dev/null
@@ -1,31 +0,0 @@
-# This rule was added by Solaar.
-#
-# Allows non-root users to have raw access to Logitech devices.
-# Allowing users to write to the device is potentially dangerous
-# because they could perform firmware updates.
-
-ACTION != "add", GOTO="solaar_end"
-SUBSYSTEM != "hidraw", GOTO="solaar_end"
-
-# USB-connected Logitech receivers and devices
-ATTRS{idVendor}=="046d", GOTO="solaar_apply"
-
-# Lenovo nano receiver
-ATTRS{idVendor}=="17ef", ATTRS{idProduct}=="6042", GOTO="solaar_apply"
-
-# Bluetooth-connected Logitech devices
-KERNELS == "0005:046D:*", GOTO="solaar_apply"
-
-GOTO="solaar_end"
-
-LABEL="solaar_apply"
-
-# Allow any seated user to access the receiver.
-# uaccess: modern ACL-enabled udev
-TAG+="uaccess"
-
-# Grant members of the "plugdev" group access to receiver (useful for SSH users)
-#MODE="0660", GROUP="plugdev"
-
-LABEL="solaar_end"
-# vim: ft=udevrules
diff --git a/hosts/shinji/default.nix b/hosts/shinji/default.nix
index 34e84ec..750b22a 100644
--- a/hosts/shinji/default.nix
+++ b/hosts/shinji/default.nix
@@ -1,10 +1,6 @@
 # Shinji
 # System configuration for my laptop
-{
-  lib,
-  pkgs,
-  ...
-}: {
+{pkgs, ...}: {
   imports = [
     ./hardware.nix
     ./sops.nix
@@ -13,9 +9,11 @@
 
   # options
   hostName = "shinji";
+  cores = 16;
   monitors = [
     {
       port = "eDP-1";
+      laptop = true;
       scale = 1.25;
       bitdepth = 10;
     }
@@ -41,18 +39,18 @@
   # set power btn to suspend
   services.logind.settings.Login = {
     HandlePowerKey = "suspend";
-    HandeLidSwitch = "suspend";
-    HandeLidSwitchDocked = "suspend";
   };
 
   # logitech mouse udev
-  services.udev.extraRules = lib.fileContents ./42-logitech-unify-permissions.rules;
+  services.udev.packages = [
+    pkgs.solaar-udev-rules
+  ];
 
   # packages
   environment.systemPackages = with pkgs; [
     # wine
     winetricks
-    wineWowPackages.staging
+    wineWow64Packages.staging
     # android
     android-tools
     scrcpy
@@ -64,8 +62,10 @@
 
   # modules
   apps = {
-    astal.enable = true;
+    caelestia.enable = true;
     hyprlock.enable = true;
+    rofi.enable = true;
+    kanshi.enable = true;
     kitty.enable = true;
   };
   browsers = {
diff --git a/hosts/shinji/hardware.nix b/hosts/shinji/hardware.nix
index a2953be..5a32364 100644
--- a/hosts/shinji/hardware.nix
+++ b/hosts/shinji/hardware.nix
@@ -1,4 +1,15 @@
-{config, ...}: {
+{
+  config,
+  inputs,
+  pkgs,
+  lib,
+  ...
+}: {
+  # external defaults
+  imports = [
+    inputs.nixos-hardware.nixosModules.lenovo-yoga-7-slim-gen8
+  ];
+
   # bootloader
   boot.loader = {
     efi.canTouchEfiVariables = true;
@@ -21,13 +32,10 @@
   boot.initrd.kernelModules = [
     "vfio_pci"
     "vfio"
-    "vfio_iommu_type1"
   ];
   boot.kernelModules = ["kvm-amd"];
   boot.blacklistedKernelModules = ["nouveau"];
-  boot.kernelParams = [
-    "amd_iommu=on"
-  ];
+  boot.kernelParams = [];
   boot.extraModulePackages = [];
   boot.supportedFilesystems = ["ntfs"];
 
@@ -38,8 +46,37 @@
   hardware.enableRedistributableFirmware = true;
   hardware.cpu.amd.updateMicrocode = true;
 
+  # nvidia
+  services.xserver.videoDrivers = ["modesetting" "nvidia"];
+  hardware.nvidia = {
+    modesetting.enable = true;
+    powerManagement = {
+      enable = false;
+      finegrained = false;
+    };
+    prime = {
+      offload = {
+        enable = true;
+        enableOffloadCmd = true;
+      };
+      amdgpuBusId = "PCI:115:0:0";
+      nvidiaBusId = "PCI:1:0:0";
+    };
+    open = true;
+    nvidiaSettings = true;
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+  };
+  unfreePackages = [
+    "nvidia-x11"
+    "nvidia-settings"
+  ];
+
+  # nvidia brokie
+  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_6_18;
+
   # luks device
   boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/ad489bfa-4280-44ea-8ad2-60347b516d60";
+  boot.initrd.luks.devices."swap".device = "/dev/disk/by-uuid/550e638d-eade-4d2f-aa39-c38774c91af3";
 
   # root
   fileSystems."/" = {
@@ -56,6 +93,6 @@
 
   # swap
   swapDevices = [
-    {device = "/dev/disk/by-uuid/57caa02d-8569-43e3-8bf9-09dd6f02b191";}
+    {device = "/dev/disk/by-uuid/8a7ce615-f5c0-4b0c-a9a5-bddf2d6c2ab0";}
   ];
 }
diff --git a/hosts/shinji/secrets.yaml b/hosts/shinji/secrets.yaml
index 35a3277..00ae4ae 100644
--- a/hosts/shinji/secrets.yaml
+++ b/hosts/shinji/secrets.yaml
@@ -3,27 +3,27 @@ sops:
     lastmodified: "2025-08-23T18:29:46Z"
     mac: ENC[AES256_GCM,data:wFWETiGqtmpF87zLdVdDeEgBYHxGMYN9GGWW+wBIK/otcYjoWWdqhFtqVy4t7Xpxs63J6U3dELQUkIiI7voGxoJRMWiK3txNy2GCJUG1eL/XtlrANy6FXDtuRh7bmn/VE23Xhagzz3qAFXElezOLFV7DNCBDrLj0TqfdbN2YzXg=,iv:9WgJDFwhtYl2IRn/r0X3ZrTBAHqQ5ADeDKaBii8nFIw=,tag:PlqRvyIjFbFQxgNYI0cYZg==,type:str]
     pgp:
-        - created_at: "2025-06-22T02:32:57Z"
+        - created_at: "2025-12-20T13:39:42Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hF4D0Q846mnV8HYSAQdAiydHrfiuvIlOIMBqpPWX/05MP5d5gIQjXIyc8tzdsycw
-            ZzzKJKsNh4XZd726Toks0CVF5NZLYLtMyAs8S2huf3gz6cgt3k8MI2qPmaEJMDBQ
-            0lwBjTp5//gCK0YbO76IxvteL+TgiklwJN03ryMl9Mj8JVVMmiBh25PGuxblbi52
-            pEJMVlxJVUxrHQY+XREZKhNp73JLRovZHFDMpSR5TAZxD6ZmtChElk5ofKVFiw==
-            =suGj
+            hF4D0Q846mnV8HYSAQdAPREkd2Tn0GK35m1+gJv/Vm6qhnrysF+ORJZKBGvakQIw
+            UbDN6oAFS0pli2fE2k6ogKUFK5Nnzwc36BNxfzR455YE7zju6rvhOXHw70n+Osn1
+            0lwBWplqmEtmXHTI0hfXrWp/xHPNm4kvU7atggYCXRgbxIcICF/ZOcw4A0qGcwdf
+            kVUczpFcrTmjFyyt6Ho+kbb0zNsGNSz90w+Bc2KCZMSbp28eeN9sUXx5UAHaFQ==
+            =EkCv
             -----END PGP MESSAGE-----
           fp: D9AF0A4209B7C2DE11A884BFACBC553660D9993D
-        - created_at: "2025-06-22T02:32:57Z"
+        - created_at: "2025-12-20T13:39:42Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hF4D/YCJcy0T0DkSAQdA3Vc35wBJSjwWaNbYa2s4wKGsXOnz6ucSk62vnXGxYTUw
-            Y8uSyG6Jf040oEgAixd46s1H30CmT0+Hi6zF7jGweo1yGzEFZ53v+VVusCv2JbI7
-            0lwB7LnU2M6SAkvhr/SJTEVz9Uu/cx6xJnFeGXWXwY6mPN+InOee7UJW3Ffv2n/t
-            7PoojznXONSma2Xc8u3Ywk83jMrKqnNLMEATqnCg/1FZHe8Asr6Lan6KD0U81g==
-            =azav
+            hF4DZWdipPFpD5sSAQdAHnvyhLu0xa0f8xqBzAkJfVuh4WEYc7ExswVa3YFmSCIw
+            z+g56UmObSbn1dpov7afbgCrNxtGWcRz8jyxRk6XyLym8tmq6a0HiX8i2tm/+U4o
+            0lwBd2gzmctSClZoQ04UcgxIKl5aQ1sHwMTcF7kcJ1ivNyqPEKUr8AWuc3JX4c78
+            hHLSwJz44W+3MCTsDnq8KplD773CmFs2fHUQStVi6hLDZZOz09bWwxm6rxoSVg==
+            =WU5H
             -----END PGP MESSAGE-----
-          fp: 2A8A27879715447AEEC59D0C18DCCBE353963394
+          fp: 659C3533EF08B6EB0A81A777E9A11C12771D6185
     unencrypted_suffix: _unencrypted
     version: 3.10.2
diff --git a/hosts/shinji/sops.nix b/hosts/shinji/sops.nix
index a7ede54..9169bbc 100644
--- a/hosts/shinji/sops.nix
+++ b/hosts/shinji/sops.nix
@@ -15,7 +15,7 @@
   sops = {
     defaultSopsFile = ./secrets.yaml;
 
-    gnupg.home = config.homePath + "/.gnupg";
+    gnupg.home = config.homePath + "/.local/share/gnupg";
     gnupg.sshKeyPaths = [];
 
     secrets = {
diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix
index 3d537c7..5560fb4 100644
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@@ -1,6 +1,6 @@
 # Thinkpad
 #System configuration for my thinkpad
-{...}: {
+_: {
   imports = [
     ./hardware.nix
     ./sops.nix
@@ -11,14 +11,15 @@
   hostName = "thinkpad";
   monitors = [
     {
-      name = "eDP-1";
+      port = "eDP-1";
+      laptop = true;
       scale = 1.0;
     }
   ];
 
   # modules
   apps = {
-    astal.enable = true;
+    caelestia.enable = true;
     hyprlock.enable = true;
     kitty.enable = true;
   };
@@ -38,6 +39,7 @@
   # modules
   battery = true;
   bluetooth = true;
+  network = true;
   fingerprint = true;
   tpm = true;
 }
diff --git a/hosts/thinkpad/hardware.nix b/hosts/thinkpad/hardware.nix
index 95f9ffd..109f6c0 100644
--- a/hosts/thinkpad/hardware.nix
+++ b/hosts/thinkpad/hardware.nix
@@ -1,4 +1,4 @@
-{...}: {
+_: {
   # bootloader
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi = {
diff --git a/hosts/thinkpad/sops.nix b/hosts/thinkpad/sops.nix
index a7ede54..9169bbc 100644
--- a/hosts/thinkpad/sops.nix
+++ b/hosts/thinkpad/sops.nix
@@ -15,7 +15,7 @@
   sops = {
     defaultSopsFile = ./secrets.yaml;
 
-    gnupg.home = config.homePath + "/.gnupg";
+    gnupg.home = config.homePath + "/.local/share/gnupg";
     gnupg.sshKeyPaths = [];
 
     secrets = {
diff --git a/hosts/work/default.nix b/hosts/work/default.nix
index 7427945..03ad03a 100644
--- a/hosts/work/default.nix
+++ b/hosts/work/default.nix
@@ -2,9 +2,7 @@
 # System configuration for work vm
 {
   lib,
-  config,
   pkgs,
-  inputs,
   ...
 }: {
   # options
@@ -15,7 +13,7 @@
   # packages
   extraHome = {
     home.packages = with pkgs; [
-      inputs.self.packages.${system}.arcanist
+      arcanist
     ];
 
     programs.git = {
diff --git a/hosts/wsl/default.nix b/hosts/wsl/default.nix
index 3c60f14..f73eb01 100644
--- a/hosts/wsl/default.nix
+++ b/hosts/wsl/default.nix
@@ -25,7 +25,7 @@
       ]))
     gnumake
     texliveFull
-    inputs.self.packages.${system}.arcanist
+    arcanist
   ];
 
   # wsl ssh key