about summary refs log tree commit diff
path: root/modules
diff options
context:
space:
mode:
authorazahi <azat@bahawi.net>2024-10-10 03:33:47 +0300
committerazahi <azat@bahawi.net>2024-10-10 03:33:47 +0300
commitc6c9929a090aa8022045514e09ecafd57a954c27 (patch)
tree0a71feedcada203c045f94d01bc2d8b733b067ee /modules
parent2024-08-20 (diff)
2024-10-10
Diffstat (limited to 'modules')
-rw-r--r--modules/common/nix.nix19
-rw-r--r--modules/common/systemd.nix3
-rw-r--r--modules/direnv.nix1
-rw-r--r--modules/editorconfig.nix6
-rw-r--r--modules/emacs/default.nix11
-rw-r--r--modules/emacs/doom/config.el183
-rw-r--r--modules/emacs/doom/init.el1
-rw-r--r--modules/emacs/doom/packages.el13
-rw-r--r--modules/firefox/addons.nix29
-rw-r--r--modules/firefox/default.nix7
-rw-r--r--modules/firefox/userContent.css42
-rw-r--r--modules/git/default.nix4
-rw-r--r--modules/profiles/headful.nix5
-rw-r--r--modules/profiles/headless.nix8
-rw-r--r--modules/sing-box.nix82
-rw-r--r--modules/soju.nix3
-rw-r--r--modules/vscode.nix6
-rw-r--r--modules/wireguard.nix49
18 files changed, 282 insertions, 190 deletions
diff --git a/modules/common/nix.nix b/modules/common/nix.nix
index d1f835c..0ab2888 100644
--- a/modules/common/nix.nix
+++ b/modules/common/nix.nix
@@ -49,7 +49,7 @@ in
           } // configurations // local._module.args
         '';
 
-      programs.bash.shellAliases.nix = "nix --verbose --print-build-logs";
+      programs.bash.shellAliases.nix = "nix --verbose --print-build-logs --no-eval-cache";
     };
 
     nix =
@@ -57,6 +57,8 @@ in
         notSelfInputs = filterAttrs (n: _: n != "self") inputs;
       in
       {
+        package = mkForce pkgs.nix; # Only use stable Nix.
+
         nixPath = mapAttrsToList (n: v: "${n}=${v}") notSelfInputs ++ [
           "nixfiles=${config.my.home}/src/nixfiles"
         ];
@@ -75,15 +77,12 @@ in
             my.username
           ];
 
-          experimental-features = mkForce [
-            "auto-allocate-uids"
-            "cgroups"
-            "fetch-closure"
-            "flakes"
-            "nix-command"
-            "recursive-nix"
-            # "configurable-impure-env"
-            # "pipe-operators"
+          substituters = [
+            "https://cache.tvl.su"
+            "https://nix-community.cachix.org"
+          ];
+          trusted-public-keys = [
+            "cache.tvl.su:kjc6KOMupXc1vHVufJUoDUYeLzbwSr9abcAKdn/U1Jk="
           ];
         };
       };
diff --git a/modules/common/systemd.nix b/modules/common/systemd.nix
index 81df05c..e058ad8 100644
--- a/modules/common/systemd.nix
+++ b/modules/common/systemd.nix
@@ -26,8 +26,7 @@ with lib;
     resolved = {
       llmnr = "false";
       dnsovertls = "opportunistic";
-      domains = mapAttrsToList (_: v: v) my.domain;
-      fallbackDns = map (v: "${v}#dns.quad9.net") dns.const.quad9.default;
+      fallbackDns = dns.const.quad9.default;
     };
 
     journald.extraConfig = ''
diff --git a/modules/direnv.nix b/modules/direnv.nix
index 709a73a..2ab0b3f 100644
--- a/modules/direnv.nix
+++ b/modules/direnv.nix
@@ -10,6 +10,7 @@ in
     hm.programs.direnv = {
       enable = true;
       config.global = {
+        load_dotenv = true;
         strict_env = true;
         warn_timeout = "1h";
       };
diff --git a/modules/editorconfig.nix b/modules/editorconfig.nix
index 5dfe845..e7f55ff 100644
--- a/modules/editorconfig.nix
+++ b/modules/editorconfig.nix
@@ -58,12 +58,6 @@ in
           indent_style = "space";
         };
 
-        # https://github.com/ziglang/zig/wiki/FAQ#why-does-zig-fmt-use-spaces-instead-of-tabs
-        "*.zig" = {
-          indent_size = 4;
-          indent_style = "space";
-        };
-
         "*.{asm,s,S}" = {
           indent_size = 4;
           indent_style = "spaces";
diff --git a/modules/emacs/default.nix b/modules/emacs/default.nix
index eccf179..a182d4c 100644
--- a/modules/emacs/default.nix
+++ b/modules/emacs/default.nix
@@ -125,7 +125,7 @@ in
                       nixfmt # :lang nix :editor format
                       nls # :lang (nickel +lsp)
                       nodePackages.bash-language-server # :lang (sh +lsp)
-                      nodePackages.eslint # :lang (json +lsp)
+                      # nodePackages.eslint # :lang (json +lsp)
                       nodePackages.js-beautify # :lang web
                       nodePackages.prettier # :editor format
                       nodePackages.stylelint # :lang web
@@ -157,8 +157,6 @@ in
                       vscode-langservers-extracted # :lang (json +lsp) (web +lsp)
                       wordnet # :tools (lookup +dictionary +offline)
                       yaml-language-server # :lang (yaml +lsp)
-                      zig # :lang zig :editor format
-                      zls # :lang (zig +lsp)
                       zstd # :emacs undo
                     ];
                   in
@@ -181,8 +179,7 @@ in
                           skk-large-jisyo "${pkgs.skk-dicts}/share/SKK-JISYO.L")
 
                     ;; :editor parinfer
-                    (setq parinfer-rust-auto-download nil
-                          parinfer-rust-library "${pkgs.parinfer-rust-emacs}/lib/libparinfer_rust.so")
+                    (setq parinfer-rust-library "${pkgs.parinfer-rust-emacs}/lib/libparinfer_rust.so")
 
                     ;; :lang (org +roam2) :email mu4e
                     (setq emacsql-sqlite-executable "${getExe pkgs.emacsql-sqlite}")
@@ -202,8 +199,8 @@ in
                 (with config.stylix.fonts; ''
                   (setq doom-font "${monospace.name}-${toString sizes.terminal}"
                         doom-serif-font "${serif.name}-${toString sizes.terminal}"
-                        doom-variable-pitch-font "${sansSerif.name}-${toString sizes.terminal}")
-                        doom-emoji-font "${emoji.name}-${toString sizes.terminal}"
+                        doom-variable-pitch-font "${sansSerif.name}-${toString sizes.terminal}"
+                        doom-emoji-font "${emoji.name}-${toString sizes.terminal}")
                 '')
                 (
                   with config.hm.accounts.email;
diff --git a/modules/emacs/doom/config.el b/modules/emacs/doom/config.el
index 206e5cd..fe3b5b4 100644
--- a/modules/emacs/doom/config.el
+++ b/modules/emacs/doom/config.el
@@ -2,15 +2,15 @@
 ;;; Misc
 ;;
 
-(setq frame-title-format '("GNU Emacs"))
+(setq! frame-title-format '("GNU Emacs"))
 
 (setq-hook! '(prog-mode-hook yaml-mode-hook)
   display-line-numbers-type 'relative
   scroll-margin 10
   hscroll-margin 10)
 
-(setq browse-url-generic-program (executable-find "firefox")
-      browse-url-browser-function 'browse-url-generic)
+(setq! browse-url-generic-program (executable-find "firefox")
+       browse-url-browser-function 'browse-url-generic)
 
 (use-package! xclip
   :config
@@ -19,34 +19,47 @@
         xclip-mode t
         xclip-method 'wl-copy))
 
-(setq migemo-options '("--quiet" "--emacs")
-      skk-show-inline t)
+(setq! migemo-options '("--quiet" "--emacs")
+       skk-show-inline t)
 
 ;;
 ;;; Doom-specific
 ;;
 
-(setq doom-theme 'modus-operandi
-      doom-modeline-icon nil
-      doom-modeline-indent-info t
-      doom-modeline-total-line-number t
-      doom-modeline-height 30)
+(setq! doom-theme 'modus-operandi
+       doom-modeline-icon nil
+       doom-modeline-indent-info t
+       doom-modeline-total-line-number t
+       doom-modeline-height 30)
+
+;;
+;;; TVL
+;;
+
+(use-package! tvl)
 
 ;;
 ;;; Editorconfig
 ;;
 
-(setq +editorconfig-mode-alist '((sh-mode . "sh"))
-      editorconfig-exclude-modes '(lisp-mode
-                                   common-lisp-mode
-                                   emacs-lisp-mode))
+(setq! +editorconfig-mode-alist '((sh-mode . "sh"))
+       ;; It's never a good idea to force specific indentation rules for Lisp,
+       ;; the only rule should be is not to use tabs.
+       editorconfig-exclude-modes '(emacs-lisp-mode
+                                    clojure-mode
+                                    scheme-mode
+                                    lisp-mode
+                                    racket-mode
+                                    fennel-mode
+                                    hy-mode
+                                    dune-mode))
 
 ;;
 ;;; LSP
 ;;
 
-(setq lsp-enable-suggest-server-download nil
-      lsp-modeline-code-actions-enable nil)
+(setq! lsp-enable-suggest-server-download nil
+       lsp-modeline-code-actions-enable nil)
 
 ;;
 ;;; Nix
@@ -66,9 +79,9 @@
 ;;; Go
 ;;
 
-(setq lsp-go-analyses '((unsedvariable . t)
-                        (unusedparams . t)
-                        (unusedwrite . t)))
+(setq! lsp-go-analyses '((unsedvariable . t)
+                         (unusedparams . t)
+                         (unusedwrite . t)))
 
 ;;
 ;;; Org
@@ -79,38 +92,38 @@
 ;; For some reason only using `after!' work here. `setq-hook!' and etc doesn't
 ;; produce expected results.
 (after! org
-  (setq org-todo-keywords '((sequence
-                             "TODO(t)"
-                             "LOOP(r)"
-                             "STRT(s@)"
-                             "WAIT(w@/!)"
-                             "HOLD(h@/!)"
-                             "IDEA(i)"
-                             "PROJ(p)"
-                             "|"
-                             "DONE(d@/!)"
-                             "KILL(k@/!)"))
-        org-todo-keyword-faces '(("STRT" . +org-todo-active)
-                                 ("WAIT" . +org-todo-onhold)
-                                 ("HOLD" . +org-todo-onhold)
-                                 ("PROJ" . +org-todo-project)
-                                 ("KILL" . +org-todo-cancel))
-        org-capture-templates '(("t" "Todo" entry
-                                 (file+headline +org-capture-todo-file "Inbox")
-                                 "* TODO %?\n%i\n%a" :prepend t)
-                                ("n" "Note" entry
-                                 (file+headline +org-capture-notes-file "Inbox")
-                                 "* %u %?\n%i\n%a" :prepend t)
-                                ("j" "Journal" entry
-                                 (file+olp+datetree +org-capture-journal-file)
-                                 "* %U %?\n%i\n%a" :prepend t))))
+  (setq! org-todo-keywords '((sequence
+                              "TODO(t)"
+                              "LOOP(r)"
+                              "STRT(s@)"
+                              "WAIT(w@/!)"
+                              "HOLD(h@/!)"
+                              "IDEA(i)"
+                              "PROJ(p)"
+                              "|"
+                              "DONE(d@/!)"
+                              "KILL(k@/!)"))
+         org-todo-keyword-faces '(("STRT" . +org-todo-active)
+                                  ("WAIT" . +org-todo-onhold)
+                                  ("HOLD" . +org-todo-onhold)
+                                  ("PROJ" . +org-todo-project)
+                                  ("KILL" . +org-todo-cancel))
+         org-capture-templates '(("t" "Todo" entry
+                                  (file+headline +org-capture-todo-file "Inbox")
+                                  "* TODO %?\n%i\n%a" :prepend t)
+                                 ("n" "Note" entry
+                                  (file+headline +org-capture-notes-file "Inbox")
+                                  "* %u %?\n%i\n%a" :prepend t)
+                                 ("j" "Journal" entry
+                                  (file+olp+datetree +org-capture-journal-file)
+                                  "* %U %?\n%i\n%a" :prepend t))))
 
 (add-hook! 'org-mode-hook 'auto-fill-mode)
 
 (setq-hook! 'org-mode-hook fill-column 80)
 
-(setq org-roam-directory "~/doc/roam/"
-      org-roam-db-location (concat org-roam-directory ".db"))
+(setq! org-roam-directory "~/doc/roam/"
+       org-roam-db-location (concat org-roam-directory ".db"))
 
 (use-package! org-roam-ui
   :requires websocket
@@ -132,8 +145,8 @@
 ;;; PlantUML
 ;;
 
-(setq plantuml-default-exec-mode 'executable
-      org-plantuml-exec-mode 'plantuml)
+(setq! plantuml-default-exec-mode 'executable
+       org-plantuml-exec-mode 'plantuml)
 
 ;;
 ;;; Elisp
@@ -142,15 +155,11 @@
 (after! flycheck
   (pushnew! flycheck-disabled-checkers 'emacs-lisp-checkdoc))
 
-;; Turn this off because it leaves face artifacts when changing indentation.
-(add-hook! 'emacs-lisp-mode-hook
-  (highlight-indent-guides-mode -1))
-
 ;;
 ;;; Haskell
 ;;
 
-(setq lsp-haskell-formatting-provider "ormolu")
+(setq! lsp-haskell-formatting-provider "ormolu")
 
 ;;
 ;;; Nickel
@@ -186,38 +195,23 @@
 ;;; Elfeed
 ;;
 
-(setq elfeed-db-directory "~/.elfeed"
-      elfeed-enclosure-default-dir (concat elfeed-db-directory "/enclosures")
-      rmh-elfeed-org-files (list (concat elfeed-db-directory "/index.org"))
-      elfeed-goodies/powerline-default-separator nil
-      elfeed-goodies/entry-pane-size 0.75
-      elfeed-goodies/entry-pane-position 'bottom)
-
-(add-hook! 'elfeed-new-entry-hook
-           '((elfeed-make-tagger
-              :before "2 weeks ago"
-              :remove 'unread)
-             (elfeed-make-tagger
-              :feed-title "SberMarket Tech"
-              :entry-title (not ".*(DevOps|Golang).*")
-              :add 'junk
-              :remove 'unread)
-             (elfeed-make-tagger
-              :feed-title "dotconferences"
-              :entry-title (not ".*dotGo.*")
-              :add 'junk
-              :remove 'unread)))
+(setq! elfeed-db-directory "~/.elfeed"
+       elfeed-enclosure-default-dir (concat elfeed-db-directory "/enclosures")
+       rmh-elfeed-org-files (list (concat elfeed-db-directory "/index.org"))
+       elfeed-goodies/powerline-default-separator nil
+       elfeed-goodies/entry-pane-size 0.75
+       elfeed-goodies/entry-pane-position 'bottom)
 
 ;;
 ;;; mu4e
 ;;
 
 (after! mu4e
-  (setq sendmail-program (executable-find "msmtp")
-        send-mail-function #'smtpmail-send-it
-        message-sendmail-f-is-evil t
-        message-sendmail-extra-arguments '("--read-envelope-from")
-        message-send-mail-function #'message-send-mail-with-sendmail))
+  (setq! sendmail-program (executable-find "msmtp")
+         send-mail-function #'smtpmail-send-it
+         message-sendmail-f-is-evil t
+         message-sendmail-extra-arguments '("--read-envelope-from")
+         message-send-mail-function #'message-send-mail-with-sendmail))
 
 (setq-hook! 'mu4e-main-mode-hook mu4e-update-interval 30)
 
@@ -225,26 +219,25 @@
 ;;; Circe
 ;;
 
-(setq circe-network-options
-      (mapcar (lambda (server)
-                `(,server
-                  :server-buffer-name ,server
-                  :host "azahi.cc"
-                  :port 6697
-                  :tls t
-                  :logging nil
-                  :user ,(concat circe-default-user "/" server)
-                  :pass ,(lambda (&rest _)
-                           (+pass-get-secret "server/soju.shire.net/azahi"))))
-              '("libera" "oftc" "hackint" "rizon")))
+(setq! circe-network-options
+       (mapcar (lambda (server)
+                 `(,server
+                   :server-buffer-name ,server
+                   :host "azahi.cc"
+                   :port 6697
+                   :tls t
+                   :logging nil
+                   :user ,(concat circe-default-user "/" server)
+                   :pass ,(lambda (&rest _)
+                            (+pass-get-secret "server/soju.shire.net/azahi"))))
+               '("libera" "oftc" "hackint" "rizon")))
 
 ;;
 ;;; Sops
 ;;
 
 (use-package! sops
-  :config
-  (global-sops-mode 1))
+  :hook (doom-first-file . global-sops-mode))
 
 ;;
 ;;; Hledger
@@ -256,7 +249,7 @@
   :hook ((hledger-view-mode . hl-line-mode)
          (hledger-view-mode . center-text-for-reading))
   :init
-  (setq hledger-jfile "~/doc/accounting/current.journal")
+  (setq! hledger-jfile "~/doc/accounting/current.journal")
   :config
   (set-company-backend! 'hledger-mode 'hledger-company)
   (add-hook! 'hledger-mode-hook
@@ -272,4 +265,4 @@
                                  (make-local-variable 'compay-idle-delay)
                                  (setq-local company-idle-delay 0.1))))
   :init
-  (setq hledger-input-buffer-height 20))
+  (setq! hledger-input-buffer-height 20))
diff --git a/modules/emacs/doom/init.el b/modules/emacs/doom/init.el
index 5788fcc..b031880 100644
--- a/modules/emacs/doom/init.el
+++ b/modules/emacs/doom/init.el
@@ -83,7 +83,6 @@
        (sh +lsp +tree-sitter)
        web
        (yaml +lsp +tree-sitter)
-       (zig +lsp +tree-sitter)
 
        :email
        mu4e
diff --git a/modules/emacs/doom/packages.el b/modules/emacs/doom/packages.el
index 2edbf1a..0f908df 100644
--- a/modules/emacs/doom/packages.el
+++ b/modules/emacs/doom/packages.el
@@ -1,5 +1,7 @@
 (disable-packages! writegood-mode)
 
+(unpin! (:editor parinfer))
+
 (package! xclip)
 
 (package! org-roam-ui)
@@ -9,12 +11,15 @@
 (package! hledger-mode)
 
 (package! sops
-  :recipe (:type git
-           :host github
+  :recipe (:host github
            :repo "djgoku/sops"))
 
 (unpin! ansible)
 (package! ansible
-  :recipe (:type git
-           :host gitlab
+  :recipe (:host gitlab
            :repo "emacs-ansible/emacs-ansible"))
+
+(package! tvl
+  :recipe (:host nil
+           :repo "https://code.tvl.fyi/depot.git:/tools/emacs-pkgs/tvl.git"
+           :build nil))
diff --git a/modules/firefox/addons.nix b/modules/firefox/addons.nix
index 7537d60..753a413 100644
--- a/modules/firefox/addons.nix
+++ b/modules/firefox/addons.nix
@@ -1,11 +1,14 @@
-{ buildFirefoxXpiAddon, lib }:
+{
+  buildFirefoxXpiAddon,
+  lib,
+}:
 {
   "bitwarden" = buildFirefoxXpiAddon {
     pname = "bitwarden";
-    version = "2024.7.1";
+    version = "2024.9.0";
     addonId = "{446900e4-71c2-419f-a6a7-df9c091e268b}";
-    url = "https://addons.mozilla.org/firefox/downloads/file/4326285/bitwarden_password_manager-2024.7.1.xpi";
-    sha256 = "28c505df3b615f6a3c829afdcff74584ddc5eb1d3fb35f9848c18470fad93772";
+    url = "https://addons.mozilla.org/firefox/downloads/file/4350677/bitwarden_password_manager-2024.9.0.xpi";
+    sha256 = "8c8b97b445fe65cbdd91eda4bd07e8946d6c1b21ac89c771205a3b9225e2ef12";
     meta = with lib; {
       homepage = "https://bitwarden.com";
       description = "At home, at work, or on the go, Bitwarden easily secures all your passwords, passkeys, and sensitive information.";
@@ -51,10 +54,10 @@
   };
   "darkreader" = buildFirefoxXpiAddon {
     pname = "darkreader";
-    version = "4.9.88";
+    version = "4.9.92";
     addonId = "addon@darkreader.org";
-    url = "https://addons.mozilla.org/firefox/downloads/file/4317971/darkreader-4.9.88.xpi";
-    sha256 = "7a965d5880be9fbf8be81a106acd1968263b1acc2db0add580b30f2dd71954b3";
+    url = "https://addons.mozilla.org/firefox/downloads/file/4351387/darkreader-4.9.92.xpi";
+    sha256 = "be55b3ea5bab95743d43823d9290fa820035b89c4d07943b568111d837a98226";
     meta = with lib; {
       homepage = "https://darkreader.org/";
       description = "Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing.";
@@ -120,10 +123,10 @@
   };
   "languagetool" = buildFirefoxXpiAddon {
     pname = "languagetool";
-    version = "8.11.2";
+    version = "8.11.8";
     addonId = "languagetool-webextension@languagetool.org";
-    url = "https://addons.mozilla.org/firefox/downloads/file/4329853/languagetool-8.11.2.xpi";
-    sha256 = "bfac73229d0973370d163cd607ed36ada0aff46d597afee2c334cc58ec431210";
+    url = "https://addons.mozilla.org/firefox/downloads/file/4341696/languagetool-8.11.8.xpi";
+    sha256 = "2f1489f7180303be730ff2b16d6a432d07017c6cffd3fbfc39f37dc809a25fc8";
     meta = with lib; {
       homepage = "https://languagetool.org";
       description = "With this extension you can check text with the free style and grammar checker LanguageTool. It finds many errors that a simple spell checker cannot detect, like mixing up there/their, a/an, or repeating a word.";
@@ -289,10 +292,10 @@
   };
   "violentmonkey" = buildFirefoxXpiAddon {
     pname = "violentmonkey";
-    version = "2.20.0";
+    version = "2.23.0";
     addonId = "{aecec67f-0d10-4fa7-b7c7-609a2db280cf}";
-    url = "https://addons.mozilla.org/firefox/downloads/file/4315769/violentmonkey-2.20.0.xpi";
-    sha256 = "94fe88507ea47e8cc5ca80b76a6aaec44a486dbfd515a03f82f228dc24d49910";
+    url = "https://addons.mozilla.org/firefox/downloads/file/4352761/violentmonkey-2.23.0.xpi";
+    sha256 = "b3eadf855b6093376590aa63ae05933c5812e9515c9acf558550a4f2c78ab49b";
     meta = with lib; {
       homepage = "https://violentmonkey.github.io/";
       description = "Userscript support for browsers, open source.";
diff --git a/modules/firefox/default.nix b/modules/firefox/default.nix
index 7b69da4..c694a7f 100644
--- a/modules/firefox/default.nix
+++ b/modules/firefox/default.nix
@@ -516,6 +516,8 @@ in
               "browser.protections_panel.infoMessage.seen" = true;
               "browser.region.update.region" = "US";
               "browser.search.region" = "US";
+              "browser.search.separatePrivateDefault" = mkForce false;
+              "browser.search.separatePrivateDefault.ui.enabled" = mkForce false;
               "browser.search.update" = false;
               "browser.shell.checkDefaultBrowser" = false;
               "browser.tabs.closeWindowWithLastTab" = true;
@@ -529,6 +531,11 @@ in
               "browser.toolbars.bookmarks.visibility" = "newtab";
               "browser.translations.enable" = false;
               "browser.urlbar.decodeURLsOnCopy" = true;
+              "browser.urlbar.suggest.addons" = false;
+              "browser.urlbar.suggest.bookmark" = true;
+              "browser.urlbar.suggest.engines" = true;
+              "browser.urlbar.suggest.history" = true;
+              "browser.urlbar.suggest.openpage" = true;
               "browser.warnOnQuitShortcut" = false;
               "devtools.everOpened" = true;
               "doh-rollout.home-region" = "US";
diff --git a/modules/firefox/userContent.css b/modules/firefox/userContent.css
index d912e5b..96bb529 100644
--- a/modules/firefox/userContent.css
+++ b/modules/firefox/userContent.css
@@ -58,27 +58,27 @@
 @-moz-document regexp("https?://(.*\.)?github.com.*")
 {
   .color-fg-muted.f6.mt-4, /* GitHub profile guide. */
-    .flex-order-1.flex-md-order-none, /* Follow button. */
-    .js-user-status-item,
-    .protip,
-    .pt-3.mt-3.d-none.d-md-block, /* Profile achievements. */
-    .user-status-circle-badge-container,
-    .user-status-container,
-    a[href^="/account/choose?action=upgrade"],
-    a[href^="/collections"],
-    a[href^="/contact/report-content"],
-    a[href^="/events"],
-    a[href^="/explore"],
-    a[href^="/github-copilot"],
-    a[href^="/organizations/enterprise"],
-    a[href^="/settings/enterprises"],
-    a[href^="/sponsors"],
-    a[href^="/topics"],
-    a[href^="/trending"],
-    a[href^="https://github.com/codespaces"], /* Absolute cringe... */
-    button[data-testid="copilot-popover-button"],
-    details[id^="funding-links-modal"],
-    footer {
+  .flex-order-1.flex-md-order-none, /* Follow button. */
+  .js-user-status-item,
+  .protip,
+  .pt-3.mt-3.d-none.d-md-block, /* Profile achievements. */
+  .user-status-circle-badge-container,
+  .user-status-container,
+  a[href^="/account/choose?action=upgrade"],
+  a[href^="/collections"],
+  a[href^="/contact/report-content"],
+  a[href^="/events"],
+  a[href^="/explore"],
+  a[href^="/github-copilot"],
+  a[href^="/organizations/enterprise"],
+  a[href^="/settings/enterprises"],
+  a[href^="/sponsors"],
+  a[href^="/topics"],
+  a[href^="/trending"],
+  a[href^="https://github.com/codespaces"], /* Absolute cringe... */
+  button[data-testid="copilot-popover-button"],
+  details[id^="funding-links-modal"],
+  footer {
     display: none !important;
   }
 
diff --git a/modules/git/default.nix b/modules/git/default.nix
index eb0021d..27c07c4 100644
--- a/modules/git/default.nix
+++ b/modules/git/default.nix
@@ -73,7 +73,7 @@ in
 
             package = if this.isHeadful then pkgs.gitFull else pkgs.gitMinimal;
 
-            userName = my.fullname;
+            userName = my.username;
             userEmail = my.email;
             signing = {
               inherit (my.pgp) key;
@@ -134,6 +134,7 @@ in
                     "nixca" = "gitlab.nixca.dev";
                     "notabug" = "notabug.org";
                     "opencode" = "opencode.net";
+                    "syndicate" = "git.syndicate-lang.org";
                     "torproject" = "gitlab.torproject.org";
                     "videolan" = "code.videolan.org";
                   };
@@ -192,7 +193,6 @@ in
       {
         ark.directories = [ config.services.gitolite.dataDir ];
 
-        # FIXME Plausible, go-import, custom favicon, etc.
         nixfiles.modules.nginx = {
           enable = true;
           virtualHosts.${domain}.locations = { };
diff --git a/modules/profiles/headful.nix b/modules/profiles/headful.nix
index 9f6bff5..841f56a 100644
--- a/modules/profiles/headful.nix
+++ b/modules/profiles/headful.nix
@@ -50,7 +50,7 @@ in
         '';
 
         packages = with pkgs; [
-          # element-desktop
+          element-desktop
           fd
           imv
           libreoffice-fresh
@@ -125,12 +125,15 @@ in
     environment.systemPackages = with pkgs; [
       arping
       dnsutils
+      eaglemode
       inetutils
       ldns
       lm_sensors
       socat
       tcpdump
       usbutils
+      anki
+      audacity
     ];
 
     my.extraGroups = [
diff --git a/modules/profiles/headless.nix b/modules/profiles/headless.nix
index f739206..5d42df0 100644
--- a/modules/profiles/headless.nix
+++ b/modules/profiles/headless.nix
@@ -30,13 +30,7 @@ in
       ".bash_history".source = config.hm.lib.file.mkOutOfStoreSymlink "/dev/null";
     };
 
-    boot = {
-      # Pin version to prevent any surprises. Try keeping this up-to-date[1]
-      # with the latest LTS release + hardened patches (just in case).
-      #
-      # [1]: https://kernel.org
-      kernelPackages = pkgs.linuxPackages_6_6_hardened; # EOL Dec, 2026
-    };
+    boot.kernelPackages = pkgs.linuxPackages_hardened;
 
     nix = {
       gc = {
diff --git a/modules/sing-box.nix b/modules/sing-box.nix
new file mode 100644
index 0000000..9fc86eb
--- /dev/null
+++ b/modules/sing-box.nix
@@ -0,0 +1,82 @@
+{
+  config,
+  inputs,
+  lib,
+  ...
+}:
+with lib;
+let
+  cfg = config.nixfiles.modules.sing-box;
+in
+{
+  options.nixfiles.modules.sing-box = {
+    enable = mkEnableOption "";
+  };
+
+  config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.enable -> !config.nixfiles.modules.nginx.enable;
+        message = "VLESS requires binding to 443";
+      }
+    ];
+
+    secrets = {
+      sing-box-shadowsocks-password.file = "${inputs.self}/secrets/sing-box-shadowsocks-password";
+      sing-box-shadowsocks-users.file = "${inputs.self}/secrets/sing-box-shadowsocks-users";
+      sing-box-vless-tls.file = "${inputs.self}/secrets/sing-box-vless-tls";
+      sing-box-vless-users.file = "${inputs.self}/secrets/sing-box-vless-users";
+    };
+
+    services.sing-box = {
+      enable = true;
+      settings = {
+        log = {
+          level = "warn";
+          timestamp = false;
+        };
+        inbounds = [
+          {
+            tag = "shadowsocks";
+            type = "shadowsocks";
+            listen = "::";
+            listen_port = 21515;
+            method = "2022-blake3-aes-128-gcm";
+            password = {
+              _secret = config.secrets.sing-box-shadowsocks-password.path;
+              quote = true;
+            };
+            users = {
+              _secret = config.secrets.sing-box-shadowsocks-users.path;
+              quote = false;
+            };
+            multiplex.enabled = true;
+          }
+          {
+            tag = "vless";
+            type = "vless";
+            listen = "::";
+            listen_port = 443;
+            users = {
+              _secret = config.secrets.sing-box-vless-users.path;
+              quote = false;
+            };
+            tls = {
+              _secret = config.secrets.sing-box-vless-tls.path;
+              quote = false;
+            };
+          }
+        ];
+        outbounds = [
+          {
+            type = "direct";
+          }
+        ];
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = map (
+      a: a.listen_port
+    ) config.services.sing-box.settings.inbounds;
+  };
+}
diff --git a/modules/soju.nix b/modules/soju.nix
index 58bb271..2060eca 100644
--- a/modules/soju.nix
+++ b/modules/soju.nix
@@ -2,7 +2,6 @@
   config,
   lib,
   pkgs,
-  this,
   ...
 }:
 with lib;
@@ -16,7 +15,7 @@ in
     address = mkOption {
       description = "Address.";
       type = with types; str;
-      default = this.wireguard.ipv4.address;
+      default = "";
     };
 
     port = mkOption {
diff --git a/modules/vscode.nix b/modules/vscode.nix
index 586a817..393b32f 100644
--- a/modules/vscode.nix
+++ b/modules/vscode.nix
@@ -77,7 +77,6 @@ in
               tamasfe.even-better-toml
               # task.vscode-task
               # vscode-org-mode.org-mode
-              ziglang.vscode-zig
             ]
             ++ optional cfg.vim.enable vscodevim.vim;
 
@@ -228,11 +227,6 @@ in
               useSystemClipboard = true;
             };
 
-            zig.zls = {
-              checkForUpdate = false;
-              path = getExe' pkgs.zls "zls";
-            };
-
             redhat.telemetry.enabled = false;
           };
         };
diff --git a/modules/wireguard.nix b/modules/wireguard.nix
index f408731..8547f70 100644
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@@ -11,6 +11,15 @@ let
   cfg = config.nixfiles.modules.wireguard;
 in
 {
+  disabledModules = [
+    "services/networking/wireguard.nix"
+    "services/networking/wg-quick.nix"
+  ];
+  imports = [
+    "${inputs.nixpkgs-amneziawg}/nixos/modules/services/networking/wireguard.nix"
+    "${inputs.nixpkgs-amneziawg}/nixos/modules/services/networking/wg-quick.nix"
+  ];
+
   options.nixfiles.modules.wireguard = {
     client = {
       enable = mkEnableOption "WireGuard client";
@@ -64,8 +73,8 @@ in
               _: attr: with attr; {
                 inherit (wireguard) publicKey;
                 allowedIPs = with wireguard; [
-                  "${ipv4.address}/32"
                   "${ipv6.address}/128"
+                  "${ipv4.address}/32"
                 ];
               }
             )
@@ -123,11 +132,17 @@ in
       (mkIf cfg.client.enable {
         networking.wg-quick.interfaces.${cfg.interface} = mkMerge [
           (with this.wireguard; {
+            type = "amneziawg";
             privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path;
             address = [
               "${ipv4.address}/16"
               "${ipv6.address}/16"
             ];
+            extraInterfaceConfig = mkIf this.isHeadful ''
+              Jc = 4
+              Jmin = 40
+              Jmax = 70
+            '';
           })
           (with cfg.server; {
             peers = [
@@ -137,21 +152,28 @@ in
                 allowedIPs =
                   if cfg.client.enableTrafficRouting then
                     [
-                      "0.0.0.0/0"
                       "::/0"
+                      "0.0.0.0/0"
                     ]
                   else
                     [
-                      cfg.ipv4.subnet
                       cfg.ipv6.subnet
+                      cfg.ipv4.subnet
                     ];
-                persistentKeepalive = 25;
               }
             ];
             dns = [
-              ipv4.address
               ipv6.address
-            ]; # This assumes that the host has Unbound running.
+              ipv4.address
+            ];
+            postUp =
+              let
+                resolvectl = "${config.systemd.package}/bin/resolvectl";
+              in
+              ''
+                ${resolvectl} dns ${cfg.interface} ${ipv6.address} ${ipv4.address}
+                ${resolvectl} domain ${cfg.interface} ${concatStringsSep " " (mapAttrsToList (_: v: v) my.domain)}
+              '';
           })
         ];
 
@@ -159,9 +181,9 @@ in
           (writeShellApplication {
             name = "wg-toggle";
             runtimeInputs = [
+              amneziawg-tools
               iproute2
               jq
-              wireguard-tools
             ];
             text = ''
               ip46() {
@@ -169,13 +191,13 @@ in
                 sudo ip -6 "$@"
               }
 
-              fwmark=$(sudo wg show ${cfg.interface} fwmark) || exit
+              fwmark=$(sudo awg show ${cfg.interface} fwmark) || exit
               if ip -j rule list lookup "$fwmark" | jq -e 'length > 0' >/dev/null; then
-                  ip46 rule del lookup main suppress_prefixlength 0
-                  ip46 rule del lookup "$fwmark"
+                ip46 rule del lookup main suppress_prefixlength 0
+                ip46 rule del lookup "$fwmark"
               else
-                  ip46 rule add not fwmark "$fwmark" lookup "$fwmark"
-                  ip46 rule add lookup main suppress_prefixlength 0
+                ip46 rule add not fwmark "$fwmark" lookup "$fwmark"
+                ip46 rule add lookup main suppress_prefixlength 0
               fi
             '';
           })
@@ -185,11 +207,12 @@ in
         networking = {
           wireguard = {
             enable = true;
+            type = "amneziawg";
             interfaces.${cfg.interface} = with cfg.server; {
               privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path;
               ips = [
-                "${ipv4.address}/16"
                 "${ipv6.address}/16"
+                "${ipv4.address}/16"
               ];
               listenPort = port;
               inherit peers;

Consider giving Nix/NixOS a try! <3