make sure poetry2nix is overlayed from its repo

update my custom keyboard stuff to use xkb
always prefer external monitor in cce/refresh-display-scale
2023-12-17 16:04:26 -08:00 · 2023-12-17 16:03:34 -08:00 · 2023-12-17 16:03:18 -08:00 · 2023-12-17 16:02:54 -08:00 · 2023-12-07 17:57:24 -08:00 · 2023-12-01 11:26:47 -08:00
71 changed files with 212 additions and 184 deletions
--- a/akkoma.org
+++ b/akkoma.org
@ -3,7 +3,7 @@
 :ROAM_REFS: https://akkoma.dev/AkkomaGang/akkoma https://akkoma.social/
 :END:
 #+TITLE: Self-Hosting on the Fediverse with Akkoma
-#+FILETAGS: :Project:Akkoma Social:
+#+FILETAGS: :Akkoma Social:
 #+ARCOLOGY_KEY: cce/akkoma

 Akkoma is a [[id:62538db5-d94a-47c3-9998-086ded91fd88][Fediverse]]/[[id:activitypub][ActivityPub]] server forked from [[roam:Pleroma]] written in [[id:cce/elixir][Elixir]], supporting the [[id:339daa8c-cc01-4654-aa89-330a4e62aafa][Mastodon Server]] API. This is a light-weight thing and I intend to self-publish to the Fediverse with an instance running on [[id:20211120T220054.226284][The Wobserver]].
@ -28,7 +28,7 @@ The configuration interface in NixOS is nicer but also quite complicated. I have

 It's not super complicated but we'll break it up in to multiple imports so that I can explain what is going on a bit:

-#+ARROYO_NIXOS_ROLE: server
+#+ARROYO_SYSTEM_ROLE: server
 #+ARROYO_NIXOS_MODULE: nixos/akkoma.nix

 =myAkkoma= carries an [[https://akkoma.dev/AkkomaGang/akkoma/commit/af7c3fab98f4f5d1fa541035fd8b2821e0abb77b][unreleased patch]] to skip over the Pleroma observability rules -- i need to fix the [[id:20220101T190353.843667][Wobservability]] section below to use this anyways, but I couldn't turn off the observability rules because they were in the DB configuration. Oughtta make sure I move that stuff out in to =config.exs= fairly often.
@ -113,6 +113,12 @@ ref [[https://docs.akkoma.dev/stable/configuration/cheatsheet/][Configuration Ch
      username = config.services.akkoma.user;
      database = "akkoma";
      hostname = "localhost";
+      timeout = 30000;
+
+      prepare = (pkgs.formats.elixirConf { }).lib.mkRaw ":named";
+      parameters = {
+        plan_cache_mode = "force_custom_plan";
+      };
    };

    ":pleroma".":configurable_from_database" = true;
@ -435,9 +441,9 @@ And this is installed, like so:

 ** Enable =meilisearch= for Full Text Search of Toots

-The Postgres FTS in Pleroma seemed like it worked better than the one in Akkoma? Very strange, to me.
+The Postgres FTS in Pleroma seemed like it worked better than the one in Akkoma? Very strange, to me. =meilisearch= is an elasticsearch-alike that is hopefully less shitty than elasticsearch.

-Anyways, this is configured based on [[https://docs.akkoma.dev/stable/configuration/search/#meilisearch][the docs]], and Akkoma's secret handling...
+This is configured based on [[https://docs.akkoma.dev/stable/configuration/search/#meilisearch][the docs]], and Akkoma's secret handling...

 #+begin_src nix :tangle ~/arroyo-nix/nixos/akkoma-search.nix
 { config, pkgs, lib, ... }:
@ -462,6 +468,14 @@ Anyways, this is configured based on [[https://docs.akkoma.dev/stable/configurat
 }
 #+end_src

+Okay so I updated my NixOS from 23.05 to 23.11 today and Meilisearch failed to start because the DB is incompatible between versions. You need a running instance to =curl= the dump endpoint, update, and then reimport. I decided to blow away the DB instead and reindex:
+
+- =rm /var/lib/meilisearch/*=
+- =systemctl start meilisearch=, look in the journal to see what the new master key is
+- =pleroma_ctl search.meilisearch show-keys $THE_ADMIN_KEY= and take the "use for all operations" key and stick it in =/srv/akkoma/meilisearch_key= or whatever
+- =systemctl restart akkoma-config && systemctl restart akkoma= to bring the secret in to the configuration
+- =pleroma_ctl search.meilisearch index=
+
 ** NEXT Akkoma Moderation Rules

 the new [[https://docs.akkoma.dev/stable-docs/configuration/mrf/][Message Rewrite Facility]] x [[https://fediblock.neocities.org/][fediblock]] dropped. I don't see a lot of this stuff and part of me thinks that having it boosted in to my TWKN or even home timeline is a great signal that I should be unfollowing whoever is bringing the filth in to my instance, but also I want to respect my own sanity.
--- a/appearance.org
+++ b/appearance.org
@ -115,14 +115,14 @@ This calculates the DPI of external displays, assuming they report their physica
 (defun cce/refresh-display-scale ()
  (interactive)
  (cond ((not (cce/has-display-frames)) nil)
-        ((equal (system-name) "window-smoke") (cce/set-font-scale 110))
-        ((equal (system-name) "rose-quine") (cce/set-font-scale 125))
        ((cce/external-display-connected) (-> (cce/external-display-dpis)
                                              (first)
                                              (cdr)
-                                              (* 0.80)
                                              (floor)
                                              (cce/set-font-scale)))
+        ((equal (system-name) "window-smoke") (cce/set-font-scale 110))
+        ((equal (system-name) "rose-quine") (cce/set-font-scale 125))
+        ((equal (system-name) "virtuous-cassette") (cce/set-font-scale 125))
        ((equal (system-name) "tres-ebow") (cce/set-font-scale 125))
        ((equal (system-name) "solitary-living") (cce/set-font-scale 105))
        ((equal (system-name) "MeadowCrush") (cce/set-font-scale 110))
@ -137,8 +137,8 @@ This calculates the DPI of external displays, assuming they report their physica

 I use [[id:cce/vulfpeck_fonts_are_fun][Vulfpeck Fonts]], mostly, but have some other "standard" free fonts installed. 

-#+ARROYO_NIXOS_ROLE: endpoint
-#+ARROYO_NIXOS_ROLE: settop
+#+ARROYO_SYSTEM_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: settop
 #+ARROYO_NIXOS_MODULE: nixos/fonts.nix
 #+begin_src nix :tangle ~/arroyo-nix/nixos/fonts.nix
 { pkgs, lib, ... }:
@ -147,7 +147,7 @@ I use [[id:cce/vulfpeck_fonts_are_fun][Vulfpeck Fonts]], mostly, but have some o
  fonts = {
    fontDir.enable = true;
    fontconfig.enable = true;
-    fonts = [
+    packages = [
      pkgs.noto-fonts
      pkgs.noto-fonts-cjk
      (pkgs.nerdfonts.override {
--- a/applications_i_use.org
+++ b/applications_i_use.org
@ -158,7 +158,7 @@ Some of the things I need are =setuid= root or otherwise need to be installed in

 I only install these on my laptops.

-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint
 #+ARROYO_NIXOS_MODULE: nixos/applications.nix
 #+begin_src nix :tangle ~/arroyo-nix/nixos/applications.nix
 { pkgs, ... }:
--- a/backups.org
+++ b/backups.org
@ -7,7 +7,7 @@

 #+AUTO_TANGLE: t
 #+ARROYO_NIXOS_MODULE: nixos/restic.nix
-#+ARROYO_NIXOS_ROLE: server
+#+ARROYO_SYSTEM_ROLE: server

 #+ARCOLOGY_KEY: cce/backups
 #+ARCOLOGY_ALLOW_CRAWL: t
--- a/beets.org
+++ b/beets.org
@ -4,7 +4,6 @@
 :END:
 #+TITLE: Music Library Management with beets
 #+ARCOLOGY_KEY: cce/beets
-#+filetags: :Project:
 #+AUTO_TANGLE: t
 #+ARROYO_MODULE_WANTS: cce/configure_packaging.org
 #+ARCOLOGY_ALLOW_CRAWL: t
@ -39,7 +38,7 @@ in {
 #+end_src

 #+ARROYO_HOME_MODULE: hm/beets.nix
-#+ARROYO_NIXOS_EXCLUDE: droid
+#+ARROYO_SYSTEM_EXCLUDE: droid

 * DONE check up on [[https://github.com/NixOS/nixpkgs/pull/172032#issuecomment-1137987507][nixpkgs]] comment about copyartifacts plugin
 SCHEDULED: <2022-05-27 Fri>
--- a/bitwarden-passwords.org
+++ b/bitwarden-passwords.org
@ -3,7 +3,6 @@
 :ROAM_ALIASES: Bitwarden
 :END:
 #+TITLE: Bitwarden on NixOS/Home Manager
-#+filetags: :Project:

 #+ARCOLOGY_KEY: cce/bitwarden
 #+ARCOLOGY_ALLOW_CRAWL: t
@ -13,7 +12,7 @@ I used [[id:cce/the_standard_unix_password_manager][The Standard UNIX Password M
 * Bitwarden CLI client on [[id:cce/my_nixos_configuration][Endpoint Configuration]]

 #+ARROYO_HOME_MODULE: hm/bitwarden.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint
 #+ARROYO_EMACS_MODULE: bitwarden

 #+begin_src nix :tangle ~/arroyo-nix/hm/bitwarden.nix
--- a/cce-nixpath.org
+++ b/cce-nixpath.org
@ -93,7 +93,7 @@ But I still cannot "simply" update my system channels and deploy! In theory I co
 And so what if I just make my single-admin systems use the =nixpkgs= i already have cloned?

 #+ARROYO_NIXOS_MODULE: nixos/nix-path.nix
-#+ARROYO_NIXOS_EXCLUDE: droid
+#+ARROYO_SYSTEM_EXCLUDE: droid
 #+AUTO_TANGLE: t

 #+begin_src nix :tangle ~/arroyo-nix/nixos/nix-path.nix
@ -156,13 +156,13 @@ Updating the Nixpkgs checkout can be by invoking something like =cce/update-nixp
  (let ((path "/home/rrix/Code/nixpkgs/"))
    (with-current-buffer (find-file-noselect path)
      (let* ((channel-status (split-string
-                              (plz 'get "https://channels.nix.gsc.io/nixos-23.05/latest")
+                              (plz 'get "https://channels.nix.gsc.io/nixos-23.11/latest")
                              " "))
             (nixpkgs-unstable-ts (string-to-number (second channel-status)))
             (nixpkgs-unstable (first channel-status)))
        (shell-command "git fetch --all")
        ;; (magit-fetch-all nil)
-        (magit-merge-plain "origin/nixos-23.05")
+        (magit-merge-plain "origin/nixos-23.11")
        (message "updated nixpkgs checkout to %s"
                 (format-time-string "%c" nixpkgs-unstable-ts))))))
 (provide 'cce/nixpkgs)
--- a/clight.org
+++ b/clight.org
@ -11,7 +11,7 @@
 [[https://github.com/FedeDP/Clight][Clight]] is software which tints a Linux computer display to remove blue light from the light spectrum and adjusts the brightness based on webcam or light sensor state. Various qualities of science is out on whether this helps you sleep, but it's valuable to me to match the light temperature of my display match that of my lights, and I find that warmer lights cause less strain. Additionally, Clight lets me scale down the backlight volume and the gamma ramps. I run it simply as a SystemD User Service.

 #+ARROYO_NIXOS_MODULE: nixos/clight.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint
 #+begin_src nix :tangle ~/arroyo-nix/nixos/clight.nix
 { ... }:

--- a/configure_packaging.org
+++ b/configure_packaging.org
@ -2,17 +2,15 @@
 :ID:       cce/configure_packaging
 :END:
 #+TITLE: Configure Packaging
+#+filetags: :CCE:
+
 #+PROPERTY: header-args            :mkdirp yes :results none
 #+PROPERTY: header-args:emacs-lisp :tangle packaging.el
 #+PROPERTY: header-args:yaml       :tangle roles/endpoint/tasks/packaging.yml
+
 #+ARCOLOGY_KEY: cce/packaging
-#+CCE_PREDICATE: t
-#+ARROYO_EMACS_MODULE: packaging
-#+CCE_ANSIBLE: packaging
-#+CCE_PRIORITY: 00
-#+filetags: :CCE:
-#+ARROYO_MODULE_WANTS: cce/configure_packaging.org
 #+ARCOLOGY_ALLOW_CRAWL: t
+#+ARROYO_EMACS_MODULE: packaging

 This is the package manager configuration for [[id:cce/cce][CCE: The Complete Computing Environment]]

--- a/cups_setup.org
+++ b/cups_setup.org
@ -4,10 +4,9 @@
 :ROAM_REFS: https://www.pcmag.com/reviews/brother-dcp-l2550dw
 :END:
 #+TITLE: My Brother Printer and CUPS Setup
-#+filetags: :Project:

 #+ARROYO_NIXOS_MODULE: nixos/cups.nix
-#+ARROYO_NIXOS_EXCLUDE: droid
+#+ARROYO_SYSTEM_EXCLUDE: droid
 #+AUTO_TANGLE: t

 #+ARCOLOGY_KEY: cce/cups-setup-dcp-l2550dw
--- a/custom-keyboard-layout.org
+++ b/custom-keyboard-layout.org
@ -4,77 +4,57 @@
 :END:
 #+title: My Custom Keyboard Layout

+#+ARCOLOGY_KEY: cce/xkb-layout
+#+ARCOLOGY_ALLOW_CRAWL: t
+
+#+ARROYO_NIXOS_MODULE: nixos/xmodmap.nix
+#+ARROYO_SYSTEM_ROLE: endpoint
+#+AUTO_TANGLE: t
+
 It seems silly to me that such "valuable" keyboard real-estate on the default QWERTY is left to =<>=; I rebind them instead to =!?= and shift things around to fill the gaps:

 - Shift + comma produces an exclamation point
 - Shift + period produces a question mark
 - Shift + slash produces a backslash
-
 - Shift + 1 produces a less-than mark
 - Shift + backslash produces a greater-than mark

-On my custom keyboards, these are put in reasonable places, hitting Shift + NUMBER is not something I am looking to do, as I have a dedicated symbol layer. This isn't universal, however. By default, Shift + Backslash produces a pipe character, which is also in my symbol layer. And so hitting 
+On my custom keyboards, these are put in reasonable places, hitting Shift + NUMBER is not something I am looking to do, as I have a dedicated symbol layer. This isn't universal, however. By default, Shift + Backslash produces a pipe character, which is also in my [[id:cce/keyboardio_atreus][Keyboardio Atreus]]'s symbol layer.

-I use =xmodmap= to make some changes to my keyboard layout. I'd like to use =xkbmap= instead but changing my map causes [[id:c75d20e6-8888-4c5a-ac97-5997e2f1c711][nixpkgs]] to compile xwayland and kwin and a bunch of other necessities, so I use xxmodmap for now. Specifically, I run =systemctl --user start fixup-punctuation-xmodmap= whenever my keyboards are changed.
-
-#+begin_src shell :tangle ~/arroyo-nix/files/Xmodmap :comments none
-keycode 10 = 1 less 
-keycode 51 = bar greater 
-
-keycode 60 = period question
-keycode 59 = comma exclam
-keycode 61 = slash backslash
-#+end_src
-
-#+results:
-
-#+ARROYO_NIXOS_MODULE: nixos/xmodmap.nix
-#+ARROYO_NIXOS_ROLE: endpoint
 #+begin_src nix :tangle ~/arroyo-nix/nixos/xmodmap.nix
 { pkgs, ... }:

-{
+let
+  punctFile = pkgs.writeText "punctuations.xkb" ''
+    default partial alphanumeric_keys modifier_keys
+    xkb_symbols "rr_punctuations" {
+        include "pc+us(basic)+inet(evdev)"
+
+        name[Group1]= "US ASCII, punctuation swap";
+
+        key <AE01> {[      1,      less ]};
+        key <BKSL> {[    bar,   greater ]};
+        key <AB08> {[  comma,    exclam ]};
+        key <AB09> {[ period,  question ]};
+        key <AB10> {[  slash, backslash ]};
+    };
+  '';
+in {
  # load shift-sign changes
-  services.xserver.displayManager.sessionCommands = "${pkgs.xorg.xmodmap}/bin/xmodmap ${../files/Xmodmap}";
-  systemd.user.services.fixup-punctuation-xmodmap = {
-    description = "Apply XModmap configuration";
-    wantedBy = ["post-resume.target"];
-    after = ["post-resume.target"];
-    script = ''
-      sleep 1
-      ${pkgs.xorg.xmodmap}/bin/xmodmap ${../files/Xmodmap}
-    '';
-    serviceConfig.Type = "oneshot";
+  # services.xserver.displayManager.sessionCommands = "${pkgs.xorg.xkbcomp}/bin/xkbcomp ${compiledLayout} $DISPLAY";
+  services.xserver.xkb = {
+    model = "pc104";
+    layout = "punctual";
+    # xkbVariant = "";
+    # options = "ctrl:nocaps";
+    extraLayouts = {
+      punctual = {
+        description = "Shift ,. become !?";
+        languages = [ "eng" ];
+        symbolsFile = punctFile;
+      };
+    };
  };
-  # this causes a bunch of kde shit to be compiled from source, ugh.
-  # services.xserver.extraLayouts.punctuation = {
-  #   description = "swap around punctuations";
-  #   languages = [ "us" ];
-  #   symbolsFile = pkgs.writeText "punctuations.symbols" ''
-  #     xkb_symbols "punctuations" {
-  #         name[Group1]= "US ASCII, punctuation swap";
-  #         include "pc+inet(evdev)"
-  #         include "us(basic)"
-  #     
-  #         key <AE01> { [      1,      less ] };
-  #         key <BKSL> { [    bar,   greater ] };
-  #         key <AB08> { [  comma,    exclam ] };
-  #         key <AB09> { [ period,  question ] };
-  #         key <AB10> { [  slash, backslash ] };
-  #     };
-  #     '';
-  # };
-  # services.xserver.layout = "punctuation";
-  # services.xserver.xkbModel = "punctuation";
-
-  # this doesn't work at all...
-  # services.xserver.extraLayouts = {
-    #   rrix = {
-#     description = "US QWERTY but with some punctuation changes";
-  #     languages = [ "en" ];
-  #     symbolsFile = ../../../server-0.xkb;
-  #   };
-  # };
-
+  console.useXkbConfig = true;
 }
 #+end_src
--- a/datasette-dogsheep.org
+++ b/datasette-dogsheep.org
@ -4,7 +4,7 @@
 :ROAM_ALIASES: Datasette
 :END:
 #+title: Datasette: An open source multi-tool for exploring and publishing data
-#+filetags: :Project:Archive:CCE:Development:Tools:
+#+filetags: :Archive:CCE:Development:Tools:
 #+AUTO_TANGLE: t
 #+ARCOLOGY_KEY: cce/datasette
 #+ARCOLOGY_ALLOW_CRAWL: t
@ -111,7 +111,7 @@ python.pkgs.buildPythonPackage {
 Use these in [[id:cce/home-manager][home-manager]] like so:

 #+ARROYO_HOME_MODULE: hm/datasette.nix 
-#+ARROYO_NIXOS_EXCLUDE: droid
+#+ARROYO_SYSTEM_EXCLUDE: droid

 #+begin_src nix :tangle ~/arroyo-nix/hm/datasette.nix
 { pkgs, ... }:
--- a/declarative_kde_config.org
+++ b/declarative_kde_config.org
@ -3,7 +3,7 @@
 :ROAM_ALIASES: "Declarative KDE Shortcuts" "declarative kwriteconfig5"
 :END:
 #+TITLE: Declarative KDE Configuration with Home Manager
-#+filetags: :Project:CCE:KDE:Development:
+#+filetags: :CCE:KDE:Development:

 #+ARCOLOGY_KEY: cce/declarative-kwriteconfig5

@ -40,7 +40,7 @@ config.lib.dag.entryAfter [ "writeBoundary" ]
 this can be invoked like so by feeding it a set shaped like =[file,[group,[key, value]]]=, it only naively stringifys values so be careful. It's also available in [[id:20221021T115008.329657][Arroyo Nix]] =lib/= as =pkgs.lib.mkKwriteConfig5=

 #+ARROYO_HOME_MODULE: hm/kde-config-basics.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint

 #+begin_src nix :tangle ~/arroyo-nix/hm/kde-config-basics.nix :noweb yes
 { pkgs, config, ... }:
--- a/direnv.org
+++ b/direnv.org
@ -49,8 +49,8 @@ Anyways it has an [[id:cce/emacs][Emacs]] package which works really well and re
 #+end_src

 #+ARROYO_NIXOS_MODULE: nixos/direnv.nix
-#+ARROYO_NIXOS_ROLE:   endpoint
-#+ARROYO_NIXOS_ROLE:   droid
+#+ARROYO_SYSTEM_ROLE:   endpoint
+#+ARROYO_SYSTEM_ROLE:   droid
 #+begin_src nix :tangle ~/arroyo-nix/nixos/direnv.nix
 { ... }: {
  nix.extraOptions = ''
@ -86,7 +86,8 @@ One of the issues of doing [[id:cce/literate_programming][Literate Programming w
           (file-name (buffer-file-name buffer))
           (arroyo-maybe (when (and file-name
                                    (equal (file-name-extension file-name) "org"))
-                           (arroyo-db-get "ARROYO_DIRENV_DIR" (expand-file-name file-name))))
+                           (car
+                            (arroyo-db-get "ARROYO_DIRENV_DIR" (expand-file-name file-name)))))
           (buffer-directory
            (cond (arroyo-maybe
                   arroyo-maybe)
--- a/drawingbot-v3.org
+++ b/drawingbot-v3.org
@ -18,7 +18,7 @@ DrawingBotV3 is a software for converting images to line drawings for Plotters /
 :END:

 #+ARROYO_HOME_MODULE: hm/drawingbot.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint
 #+AUTO_TANGLE: t

 DrawingBot uses JavaFX and is distributed as a JAR, rpm, deb, windows... The Premium version is just shoved in to my [[id:cce/syncthing][Syncthing]] directory and is provided in an override in [[id:20221021T121120.541960][rixpkgs]]. It should work just fine with the free/libre version which is =lib.license.gplv3=, but I use the proprietary version.
--- a/feed2toot.org
+++ b/feed2toot.org
@ -4,7 +4,7 @@
 :ROAM_REFS: https://gitlab.com/chaica/feed2toot https://feed2toot.readthedocs.io/en/latest/
 :END:
 #+TITLE: Posting Arcology Feeds to the Fediverse Automatically with feed2toot (deprecated)
-#+filetags: :Project:CCE:Fediverse:
+#+filetags: :CCE:Fediverse:

 #+ARCOLOGY_KEY: arcology/feed2toot
 #+ARCOLOGY_ALLOW_CRAWL: t
@ -120,7 +120,7 @@ So I have a few [[id:20211219T144255.001827][Arcology Sites]], each of these nee
 =feed2toot= operates with [[https://feed2toot.readthedocs.io/en/latest/configure.html#create-feed2toot-configuration][INI configuration files]] and luckily enough =nixpkgs= includes a way to convert =attrsets= to =ini= files in =lib.generators.toINI=; this is wrapped in a function which takes the basic per-instance configuration details including the uri-list which are generated above and then creates a [[roam:SystemD]] service manifest and timer to poll the site and post the toots. Easy peazy.

 ,#+ARROYO_NIXOS_MODULE: nixos/feed2toot.nix
-,#+ARROYO_NIXOS_ROLE: server
+,#+ARROYO_SYSTEM_ROLE: server

 #+begin_src nix :tangle ~/arroyo-nix/nixos/feed2toot.nix :noweb yes
 { pkgs, lib, config, ... }:
--- a/feediverse.org
+++ b/feediverse.org
@ -326,7 +326,7 @@ in myPy.env
 Okay, with the configuration file generated and then copied on to the server (since it's mutated by the script...), I shove it in to the [[id:20221021T150631.404359][Arroyo Nix]] index and then set up an [[id:arroyo/nixos][Arroyo NixOS]] module to set up a service account and run it with a SystemD timer. This will be pretty straightforward if you've seen NixOS before.

 #+ARROYO_NIXOS_MODULE: nixos/feediverse.nix
-#+ARROYO_NIXOS_ROLE: server
+#+ARROYO_SYSTEM_ROLE: server

 #+begin_src nix :tangle ~/arroyo-nix/nixos/feediverse.nix
 { pkgs, lib, config, ... }:
--- a/firefox_nix.org
+++ b/firefox_nix.org
@ -5,11 +5,11 @@
 #+TITLE: Managing Firefox with Nix home-manager
 #+ARCOLOGY_KEY: cce/firefox-nix
 #+AUTO_TANGLE: t
-#+filetags: :Project:CCE:
+#+filetags: :CCE:

 #+CCE_PRIORITY: 50
 #+ARROYO_HOME_MODULE: hm/firefox.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint
 #+ARCOLOGY_ALLOW_CRAWL: t

 This [[id:09779ac0-4d5f-40db-a340-49595c717e03][noweb]] document constructs a customized [[id:cce/a_basic_firefox_installation][Firefox]] installation:
@ -95,10 +95,8 @@ pkgs.wrapFirefox pkgs.firefox-unwrapped {
  extraNativeMessagingHosts = [
    pkgs.plasma5Packages.plasma-browser-integration
    pkgs.browserpass
+    pkgs.tridactyl-native
  ];
-  cfg = {
-    enableTridactylNative = true;
-  };
  extraPolicies = {
    DisableFirefoxStudies = true;
    DisablePocket = true;
--- a/gitea.org
+++ b/gitea.org
@ -5,7 +5,7 @@
 #+FILETAGS: :CCE:NixOS:Wobserver:

 #+ARROYO_NIXOS_MODULE: nixos/gitea.nix
-#+ARROYO_NIXOS_ROLE: server
+#+ARROYO_SYSTEM_ROLE: server

 #+AUTO_TANGLE: t

--- a/gnupg_configuration.org
+++ b/gnupg_configuration.org
@ -53,7 +53,7 @@ This is for [[id:cce/home-manager][home-manager]]:
 This is for PAM in [[id:cce/my_nixos_configuration][My NixOS configuration]]:

 #+ARROYO_NIXOS_MODULE: nixos/gnupg-pam.nix
-#+ARROYO_NIXOS_EXCLUDE: waterboy
+#+ARROYO_SYSTEM_EXCLUDE: waterboy
 #+begin_src nix :tangle ~/arroyo-nix/nixos/gnupg-pam.nix
 { pkgs, ... }:

--- a/gnus.org
+++ b/gnus.org
@ -11,7 +11,7 @@
 #+ARCOLOGY_KEY: cce/gnus
 #+CCE_ANSIBLE: gnus
 #+CCE_PRIORITY: 70
-#+filetags: :Project:CCE:
+#+filetags: :CCE:
 #+ARCOLOGY_ALLOW_CRAWL: t

 From the Gnus website:
@ -164,7 +164,7 @@ auth_mechanisms = anonymous
 That configuration file is stashed in my system-path with [[id:cce/home-manager][home-manager]] in a wrapper called =dovecot-local-imap=:

 #+ARROYO_HOME_MODULE: hm/dovecot-shell-access.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint
 #+begin_src nix :tangle ~/arroyo-nix/hm/dovecot-shell-access.nix
 {pkgs, config, ...}:

--- a/home-manager.org
+++ b/home-manager.org
@ -3,7 +3,7 @@
 :ROAM_ALIASES: home-manager "Nix Home Manager"
 :END:
 #+TITLE: Generate a Dynamic Home Manager Configuration
-#+filetags: :Project:CCE:
+#+filetags: :CCE:
 #+ARROYO_MODULE_WANTS: 	arroyo/arroyo.org

 #+PROPERTY: header-args            :mkdirp yes 
@ -13,7 +13,7 @@
 #+ARCOLOGY_ALLOW_CRAWL: t

 #+ARROYO_EMACS_MODULE: home-manager
-#+ARROYO_NIXOS_EXCLUDE: waterboy
+#+ARROYO_SYSTEM_EXCLUDE: waterboy

 #+AUTO_TANGLE: t

--- a/i3wm-kde.org
+++ b/i3wm-kde.org
@ -24,7 +24,7 @@ Since I am de-programming myself from [[id:cce/exwm][EXWM]] right now, thinking

 This is an [[id:arroyo/home-manager][Arroyo Home Manager]] module:
 #+ARROYO_HOME_MODULE: hm/i3wm.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint

 #+begin_src nix :tangle ~/arroyo-nix/hm/i3wm.nix :noweb yes
 { config, pkgs, callPackage, ... }:
--- a/jellyfin.org
+++ b/jellyfin.org
@ -4,7 +4,7 @@
 #+TITLE: Jellyfin on the Wobserver

 #+ARROYO_NIXOS_MODULE: nixos/jellyfin.nix
-#+ARROYO_NIXOS_ROLE: server
+#+ARROYO_SYSTEM_ROLE: server
 #+AUTO_TANGLE: t

 #+begin_src nix :tangle ~/arroyo-nix/nixos/jellyfin.nix
--- a/kde-base.org
+++ b/kde-base.org
@ -49,7 +49,7 @@ This is the bare-minimum for me; most of the applications are arbitrarily manage
 I customize my KDE installation a fair bit both within [[id:cce/home-manager][home-manager]] and without. Consider in particular setting up dynamic keybindings with [[id:20220208T202524.889588][A simple invocation]] of [[id:20220208T211139.833662][Declarative KDE Defaults]] or [[id:20220517T150556.220165][default/preferred desktop shortcuts]].

 #+ARROYO_NIXOS_MODULE: nixos/kde.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint
 #+begin_src nix :tangle ~/arroyo-nix/nixos/kde.nix
 { pkgs, ... }:
 {
--- a/kde-lockscreen-feh-bg.org
+++ b/kde-lockscreen-feh-bg.org
@ -55,7 +55,7 @@ grep -Fx -v <( \

 It can be installed in to [[id:cce/home-manager][home-manager]] with a [[roam:SystemD]] timer, too

-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint
 #+ARROYO_HOME_MODULE: hm/fehbg.nix
 #+AUTO_TANGLE: t

--- a/matrix-feedbot.org
+++ b/matrix-feedbot.org
@ -3,13 +3,12 @@
 :ROAM_ALIASES: "Matrix Feedbot"
 :END:
 #+TITLE: RSS Feed Bot Posting to Matrix.org
-#+filetags: :Project:

 #+ARCOLOGY_KEY: cce/matrix-feedbot
 #+ARDCOLOGY_ALLOW_CRAWL: t

 #+ARROYO_NIXOS_MODULE: nixos/feedbot.nix
-#+ARROYO_NIXOS_ROLE: server
+#+ARROYO_SYSTEM_ROLE: server

 This is the sibling of [[id:20230125T143144.011175][Feediverse]], it's a small [[id:matrix_org_ecosystem][Matrix.org]] client which uses [[id:cce/python][Python]]'s =feedparser= library to post RSS and Atom feeds to a Matrix room. I used to run this myself and a few years ago I moved to Matrix's hosted "Neb" Bot solution since it could be configured by others. Well, they went and [[https://github.com/matrix-org/matrix-hookshot/issues/686][goofed it up]] and rather than make every feed I care about adhere 100% to a brittle parser, we'll go back to a known-working solution.

--- a/matrix.org
+++ b/matrix.org
@ -3,7 +3,7 @@
 :ROAM_ALIASES: "Matrix on the Wobserver" "Matrix Server"
 :END:
 #+TITLE: Matrix Synapse
-#+FILETAGS: :Project:CCE:Wobserver:
+#+FILETAGS: :CCE:Wobserver:

 #+ARCOLOGY_ALLOW_CRAWL: t
 #+ARCOLOGY_KEY: cce/wobserver/matrix
@ -20,7 +20,7 @@ I've been in the [[id:matrix_org_ecosystem][Matrix.org Ecosystem]] for a while a
 This is an [[id:arroyo/nixos][Arroyo NixOS]] module used in [[id:20211120T220054.226284][My Wobserver Configuration]].

 #+ARROYO_NIXOS_MODULE: nixos/matrix.nix
-#+ARROYO_NIXOS_ROLE: server
+#+ARROYO_SYSTEM_ROLE: server

 #+begin_src nix :tangle ~/arroyo-nix/nixos/matrix.nix
 { ... }:
@ -74,6 +74,8 @@ in {
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Host $host;
+      proxy_connect_timeout 600s;
+      proxy_read_timeout 600s;
    '';

    locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
@ -114,6 +116,8 @@ in {
        allowed_liftetime_max = "1y";
      };

+      presence.enabled = false;
+
      thumbnail_sizes = [
        { width = 24;
          height = 24;
--- a/mbsync.org
+++ b/mbsync.org
@ -32,7 +32,7 @@ But it's fast and works and so I'll try to use it again. I have a tiered archite
 Here's the one for getting things from my server to my laptop. Most folks who set up a personal mail cache will configure Dovecot on the server to listen on a port, and set up authentication and firewalling and bla bla bla. Even if you have a VPN and manage to make sure your IMAP server is only on that VPN, you have to set up a password database or some other sort of authentication strategy, fucken sucks. Instead, I build my security on top of my [[id:cce/ssh_configuration][SSH Configuration]][fn:2:(admittedly, my SSH configuration should be refreshed)], by establishing an SSH tunnel which executes the built-in =imap= library executable, which provides a locally-authenticated dovecot session over standard input/output.

 #+ARROYO_HOME_MODULE: hm/mbsync-endpoint.nix 
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint

 #+begin_src nix :tangle ~/arroyo-nix/hm/mbsync-endpoint.nix
 { config, pkgs, ... }:
--- a/morph.org
+++ b/morph.org
@ -65,7 +65,7 @@ My laptops are installed through my [[id:cce/nixos_automatic_partitioning_instal

 #+begin_src nix :tangle ~/arroyo-nix/networks/endpoints.nix
 let
-  pkgs = import <nixpkgs> {};
+  pkgs = import <nixpkgs> { allowUnfree = true; };
  allNetworks = pkgs.lib.importTOML ./hosts.toml;
  mkNetwork = import ./mkNetwork.nix { inherit pkgs; networks = allNetworks; };
 in mkNetwork "endpoints"
@ -192,7 +192,7 @@ Window Smoke is my desktop. It runs my [[id:cce/my_nixos_configuration][Endpoint
 {
  imports = [ ./hardware-configuration.nix ../../roles/desktop ];

-  boot.enableVFIO = true;
+  boot.enableVFIO = false;

  networking.hostName = "window-smoke";
  system.stateVersion = "22.11"; # 
@ -379,7 +379,7 @@ Meadow Crush is my [[id:6834cb8f-319f-4dd9-bade-2521417f584b][GPD Pocket 2]]; I

 #+begin_src nix :tangle ~/arroyo-nix/networks/settop.nix :mkdirp yes
 let
-  pkgs = import <nixpkgs> {};
+  pkgs = import <nixpkgs> { allowUnfree = true; };
  allNetworks = pkgs.lib.importTOML ./hosts.toml;
  mkNetwork = import ./mkNetwork.nix { inherit pkgs; networks = allNetworks; };
 in mkNetwork "settop"
@ -480,7 +480,7 @@ Tres Ebow is my Thinkpad Yoga gen 3 -- a decent 2-in-1 with [[id:25942086-23fa-4

 #+begin_src nix :tangle ~/arroyo-nix/networks/wobserver.nix :mkdirp yes
 let
-  pkgs = import <nixpkgs> {};
+  pkgs = import <nixpkgs> { allowUnfree = true; };
  allNetworks = pkgs.lib.importTOML ./hosts.toml;
  mkNetwork = import ./mkNetwork.nix { inherit pkgs; networks = allNetworks; };
 in mkNetwork "wobserver"
@ -600,11 +600,15 @@ Last Bank is my [[id:20230429T140217.184029][New Homelab Build]], a living-room
 { lib, config, ... }:

 {
+  imports = [ ../../roles/desktop ];
+
+  boot.enableVFIO = true;
+
  networking.hostName = "last-bank";
  system.stateVersion = "23.05";

  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/sda";
+  boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5000c5005d11c7e4";
  services.tailscale.authKey = "tskey-auth-kzWZMt1CNTRL-48JC1bwTin5b1crXxBcti5Qru3zf8wC3";

  networking.hostId = "56c334f2"; # required for zfs use
--- a/mpd.org
+++ b/mpd.org
@ -4,7 +4,6 @@
 :ROAM_ALIASES: MPD
 :END:
 #+TITLE: Listening to Music with MPD
-#+filetags: :Project:
 #+ARROYO_MODULE_WANTS: 	cce/configure_packaging.org
 #+AUTO_TANGLE: t
 #+ARCOLOGY_KEY: cce/mpd
@ -15,7 +14,7 @@
 * MPD and Client Setup

 #+ARROYO_HOME_MODULE: hm/mpd.nix 
-#+ARROYO_NIXOS_EXCLUDE: waterboy
+#+ARROYO_SYSTEM_EXCLUDE: waterboy

 #+begin_src nix :tangle ~/arroyo-nix/hm/mpd.nix
 { config, pkgs, ... }:
@ -90,7 +89,7 @@
 Mopidy is an extensible music server written in Python. It's mostly designed to provide an easy hardware jukebox for Spotify or whatever crappy web service you want to use. I use it for Bandcamp, mainly. There is [[id:c75d20e6-8888-4c5a-ac97-5997e2f1c711][NixOS]] module support for it so I enable it in [[id:cce/my_nixos_configuration][My NixOS configuration]]. I want to use it for Youtube Music but this doesn't work reliably because they're fucking cops, though...

 #+ARROYO_NIXOS_MODULE: nixos/mopidy.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint

 #+begin_src nix :tangle ~/arroyo-nix/nixos/mopidy.nix :noweb yes
 { pkgs, ...}:
--- a/my_nixos_configuration.org
+++ b/my_nixos_configuration.org
@ -3,7 +3,7 @@
 :ROAM_ALIASES: "Endpoint Configuration" configuration.nix
 :END:
 #+TITLE: My NixOS configuration
-#+filetags: :Project:CCE:
+#+filetags: :CCE:

 #+ARCOLOGY_KEY: cce/nix-configuration
 #+ARCOLOGY_ALLOW_CRAWL: t
@ -63,6 +63,7 @@ Here the strings are basically just taken out of [[id:arroyo/nixos][Arroyo NixOS
 ../../nixos/nixos-builder.nix
 ../../nixos/nixpkgs.nix
 ../../nixos/nm-online.nix
+../../nixos/poetry2nix.nix
 ../../nixos/printing.nix
 ../../nixos/rixpkgs.nix
 ../../nixos/rrix.nix
@ -98,9 +99,9 @@ https://github.com/NixOS/nixpkgs/blob/nixos-21.05/pkgs/data/fonts/nerdfonts/shas
 :ID:       20210918T182641.010754
 :END:

-,#+ARROYO_NIXOS_ROLE: endpoint
-,#+ARROYO_NIXOS_ROLE: settop
-,#+ARROYO_NIXOS_EXCLUDE: server
+,#+ARROYO_SYSTEM_ROLE: endpoint
+,#+ARROYO_SYSTEM_ROLE: settop
+,#+ARROYO_SYSTEM_EXCLUDE: server
 ,#+ARROYO_NIXOS_MODULE: nixos/nixos-wireguard.nix

 #+NAME: wireguard_support
--- a/nextcloud.org
+++ b/nextcloud.org
@ -8,7 +8,7 @@

 #+AUTO_TANGLE: t
 #+ARROYO_NIXOS_MODULE: nixos/nextcloud.nix
-#+ARROYO_NIXOS_ROLE: server
+#+ARROYO_SYSTEM_ROLE: server

 Nextcloud is a self hosted personal information server. Think of it like Google Workspace or Office365 but self-hosted and lower-quality. I use it to share files with friends over [[roam:WebDAV]] and NC's easy link-sharing feature, I use it to sync my calendar and contacts with my phone and in to [[id:1fb8fb45-fac5-4449-a347-d55118bb377e][org-mode]] with [[id:e118bfda-4bb3-4e8d-a8de-83b4860df565][org-caldav]].

--- a/nginx.org
+++ b/nginx.org
@ -12,7 +12,7 @@
 Nginx is fine, I guess. I use it to host my sites and proxy my apps. This is the default configuration, follow [[elisp:(org-roam-buffer-toggle)][backlinks]] for site configurations.

 #+ARROYO_NIXOS_MODULE: nixos/nginx.nix
-#+ARROYO_NIXOS_ROLE: server
+#+ARROYO_SYSTEM_ROLE: server

 #+begin_src nix :tangle ~/arroyo-nix/nixos/nginx.nix :noweb yes
 { pkgs, ... }:
--- a/nix-on-droid.org
+++ b/nix-on-droid.org
@ -106,8 +106,8 @@ hm/ssh_client.nix
 Based on the [[https://github.com/t184256/nix-on-droid/wiki/Use-a-remote-builder-with-qemu][Nix On Droid wiki examples]]:

 #+ARROYO_NIXOS_MODULE: nixos/nixos-builder.nix
-#+ARROYO_NIXOS_ROLE: endpoint
-#+ARROYO_NIXOS_ROLE: server
+#+ARROYO_SYSTEM_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: server

 [[id:20211029T115928.954970][Virtuous Cassette]] is set up with a =builder= user and =aarch64= =binfmt= emulation:

--- a/nix-update.org
+++ b/nix-update.org
@ -17,6 +17,7 @@ Bind nix-update-fetch to a key (I use C-. u), and then you can very easily updat

 #+ARROYO_EMACS_MODULE: nix-update
 #+ARROYO_HOME_MODULE: hm/nix-update.nix
+#+ARROYO_MODULE_WANTS: cce/nixos.org

 I've extended it to ignore =builtins.fetchGit= blocks and iterate over the entire document:

--- a/nixos-audio.org
+++ b/nixos-audio.org
@ -9,8 +9,8 @@ I use [[https://pipewire.org/][PipeWire]] because it implements [[id:jack_audio_

 #+ARCOLOGY_KEY: cce/audio
 #+ARROYO_NIXOS_MODULE: nixos/audio.nix
-#+ARROYO_NIXOS_ROLE: endpoint
-#+ARROYO_NIXOS_ROLE: settop
+#+ARROYO_SYSTEM_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: settop
 #+ARROYO_HOME_MODULE: hm/audio.nix
 #+ARCOLOGY_ALLOW_CRAWL: t

--- a/nixos-boot.org
+++ b/nixos-boot.org
@ -7,7 +7,7 @@
 Just use =systemd-boot= and UEFI. Use plymouth. 

 #+ARROYO_NIXOS_MODULE: nixos/boot.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint

 #+begin_src nix :tangle ~/arroyo-nix/nixos/boot.nix
 { lib, pkgs, ... }:
--- a/nixos-laptop-framework.org
+++ b/nixos-laptop-framework.org
@ -22,7 +22,7 @@ The only other thing to consider is to make sure the kernel is new enough to sup
 This can't just be blindly included in all my endpoints since it defines kernel params, but here's how it could be: 

 : #+ARROYO_NIXOS_MODULE: nixos/framework-laptop.nix
-: #+ARROYO_NIXOS_ROLE: endpoint
+: #+ARROYO_SYSTEM_ROLE: endpoint

 It's actually just included directly in the [[id:20211029T115928.954970][Virtuous Cassette]] morph host manifest.

--- a/nixos-laptop.org
+++ b/nixos-laptop.org
@ -7,10 +7,10 @@ Bits and Bobbins not worth showing anywhere else. This will need a =mkIf= if I e

 #+ARROYO_NIXOS_MODULE: nixos/laptop.nix
 #+AUTO_TANGLE: t
-#+ARROYO_NIXOS_ROLE: endpoint
-#+ARROYO_NIXOS_ROLE: settop
+#+ARROYO_SYSTEM_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: settop
 #+begin_src nix :tangle ~/arroyo-nix/nixos/laptop.nix
-{ lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:

 {
  powerManagement.enable = true;
@ -76,4 +76,4 @@ Bits and Bobbins not worth showing anywhere else. This will need a =mkIf= if I e
 #+end_src

 My [[id:20220131T152041.472624][NixOS Set Top Box]] is a laptop right now.
-#+ARROYO_NIXOS_ROLE: settop
+#+ARROYO_SYSTEM_ROLE: settop
--- a/nixos-settop.org
+++ b/nixos-settop.org
@ -124,7 +124,7 @@ rec {
 :END:

 #+ARROYO_NIXOS_MODULE: nixos/settop.nix
-#+ARROYO_NIXOS_ROLE: settop
+#+ARROYO_SYSTEM_ROLE: settop

 #+begin_src nix :tangle ~/arroyo-nix/nixos/settop.nix :mkdirp yes 
 { pkgs, ... }:
--- a/nixos-wobserver.org
+++ b/nixos-wobserver.org
@ -3,7 +3,7 @@
 :ROAM_ALIASES: Wobserver
 :END:
 #+title: The Wobserver
-#+filetags: :Project:Wobserver:Development:
+#+filetags: :Wobserver:Development:

 #+ARCOLOGY_KEY: cce/wobserver
 #+ARCOLOGY_ALLOW_CRAWL: t
@ -98,6 +98,7 @@ rec {
 ../../nixos/nixos-builder.nix
 ../../nixos/nixpkgs.nix
 ../../nixos/paperless.nix
+../../nixos/poetry2nix.nix
 ../../nixos/postgresql.nix
 ../../nixos/restic.nix
 ../../nixos/rixpkgs.nix
@ -246,7 +247,7 @@ Right now I develop in qemu.
 [[shell:nix-build '<nixpkgs/nixos>' -A vm --arg configuration nixlib/roles/server/default.nix &][build the VM]] then [[shell:result/bin/run-nixos-vm &][run the VM]]

 ,#+ARROYO_NIXOS_MODULE: nixos/qemu-vm.nix
-,#+ARROYO_NIXOS_ROLE: server
+,#+ARROYO_SYSTEM_ROLE: server

 #+begin_src nix :tangle ~/arroyo-nix/nixos/qemu-vm.nix
 { ... }:
--- a/nixos.org
+++ b/nixos.org
@ -122,7 +122,7 @@ if [ -e /home/rrix/.nix-profile/etc/profile.d/nix.sh ]; then . /home/rrix/.nix-p
  nix.settings.extra-experimental-features = [ "flakes" "nix-command" ];

  # hahaha! yes
-  nixpkgs.config = { allowUnfree = true; };
+  # nixpkgs.config = { allowUnfree = true; };

  environment.systemPackages = with pkgs; [
    nix-tree
--- a/org-roam.org
+++ b/org-roam.org
@ -10,6 +10,8 @@
 #+ARROYO_MODULE_WANTS: 	cce/org_mode_installation.org
 #+ARROYO_MODULE_WANTS: 	cce/configure_packaging.org
 #+ARROYO_MODULE_WANTS: 	cce/evil_mode.org
+#+ARROYO_EMACS_MODULE: org-roam
+#+ARROYO_HOME_MODULE: hm/org-roam.nix

 #+PROPERTY: header-args            :mkdirp yes :results none
 #+PROPERTY: header-args:emacs-lisp :tangle org-roam.el
@ -31,7 +33,6 @@ org-roam = epkgs.melpaPackages.org-roam.overrideAttrs(old: {

 I unconditionally need sqlite3 installed in my [[id:cce/home-manager][home-manager]]:

-#+ARROYO_HOME_MODULE: hm/org-roam.nix
 #+begin_src nix :tangle ~/arroyo-nix/hm/org-roam.nix
 {pkgs, ...}:
 {
@ -41,7 +42,6 @@ I unconditionally need sqlite3 installed in my [[id:cce/home-manager][home-manag

 My =org-roam= configuration is basically pedestrian, I can hit =<SPC>r= to get to the =org-roam-prefix-map= keymap below which includes all the sort of functions I would want to perform on a node or to browse to a new one. Pressing =M-.= in insert mode will allow me to quickly link to any roam node.

-#+ARROYO_EMACS_MODULE: org-roam
 #+begin_src emacs-lisp
 ; (use-package emacsql-sqlite3)
 (use-package buttercup)
--- a/org_protocol.org
+++ b/org_protocol.org
@ -3,7 +3,7 @@
 :ROAM_ALIASES: "an example of using makeDesktopItem nix derivation" org-protocol org-roam-protocol
 :END:
 #+TITLE: org-protocol to quickly annotate web pages
-#+filetags: :Project:CCE:
+#+filetags: :CCE:

 #+PROPERTY: header-args            :mkdirp yes :results none
 #+PROPERTY: header-args:yaml       :tangle roles/endpoint/tasks/org-protocol.yml
@ -14,7 +14,7 @@

 #+ARROYO_MODULE_WANTS: cce/org-roam.org
 #+ARROYO_HOME_MODULE: hm/org-protocol.nix
-#+ARROYO_NIXOS_EXCLUDE: droid
+#+ARROYO_SYSTEM_EXCLUDE: droid
 #+ARROYO_EMACS_MODULE: org-protocol


--- a/paperless.org
+++ b/paperless.org
@ -25,7 +25,7 @@ It does a lot of heavy-lifting to automatically extract dates and tags from scan
 I wanted to run this on [[id:cce/wobserver/postgres][PostgreSQL]] but the =SystemD= hardening in the [[id:c75d20e6-8888-4c5a-ac97-5997e2f1c711][nixpkgs]] [[id:c75d20e6-8888-4c5a-ac97-5997e2f1c711][NixOS]] module locks it down so much that I couldn't get a =[::1]:5432= connection from the task queues since it thinks they should operate offline. We could eventually munge that but [[id:af26243e-3551-4eeb-8377-2caa56166d24][SQLite is not a toy database]] and this is a borderline toy app, as long as I'm the only one using it.

 #+ARROYO_NIXOS_MODULE: nixos/paperless.nix
-#+ARROYO_NIXOS_ROLE: server
+#+ARROYO_SYSTEM_ROLE: server


 #+begin_src nix :tangle ~/arroyo-nix/nixos/paperless.nix
--- a/picom.org
+++ b/picom.org
@ -12,7 +12,7 @@
 #+ARROYO_EMACS_MODULE: exwm-xcompmgr
 #+ARROYO_MODULE_WANTS: 	cce/exwm.org
 #+ARROYO_HOME_MODULE: hm/picom.nix 
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint
 #+ARCOLOGY_ALLOW_CRAWL: t

 #+begin_src emacs-lisp
--- a/postgresql.org
+++ b/postgresql.org
@ -3,7 +3,7 @@
 :ROAM_ALIASES: PostgreSQL Postgres
 :END:
 #+title: PostgreSQL on the Wobserver
-#+FILETAGS: :Project:Wobserver:CCE:
+#+FILETAGS: :Wobserver:CCE:

 #+ARCOLOGY_KEY: cce/postgres
 #+ARCOLOGY_ALLOW_CRAWL: t
@ -11,7 +11,7 @@
 My go-to multi-write database server is postgres. I like how it has JSON columns and indexes in a (somewhat) ergonomic form. This is a pretty basic setup.

 #+ARROYO_NIXOS_MODULE: nixos/postgresql.nix
-#+ARROYO_NIXOS_ROLE: server
+#+ARROYO_SYSTEM_ROLE: server

 #+begin_src nix :tangle ~/arroyo-nix/nixos/postgresql.nix
 { pkgs, ... }:
--- a/printing.org
+++ b/printing.org
@ -8,7 +8,7 @@

 Mostly just lifted from [[https://nixos.wiki/wiki/Printing][NixOS Wiki]] to integrate with [[id:arroyo/nixos][Arroyo NixOS]] through [[id:cce/my_nixos_configuration][My NixOS configuration]]

-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint
 #+ARROYO_NIXOS_MODULE: nixos/printing.nix

 #+begin_src nix :tangle ~/arroyo-nix/nixos/printing.nix
--- a/public_keys.org
+++ b/public_keys.org
@ -16,7 +16,7 @@ This [[id:cce/cce][CCE]] module describes my user and SSH keys for [[id:cce/my_n
 #+end_src

 #+ARROYO_NIXOS_MODULE: nixos/rrix.nix
-#+ARROYO_NIXOS_EXCLUDE: droid
+#+ARROYO_SYSTEM_EXCLUDE: droid

 #+begin_src nix :tangle ~/arroyo-nix/nixos/rrix.nix
 { pkgs, ... }:
--- a/python.org
+++ b/python.org
@ -29,7 +29,7 @@ Python is a high-level interpreted [[id:355d3395-3ce1-4d75-8e08-f4c43e8ce518][Pr
 In the CCE, Python programming is done using =pyright= in the [[id:cce/emacs_and_the_language_server_protocol][LSP]].

 #+ARROYO_HOME_MODULE: hm/python.nix
-#+ARROYO_NIXOS_EXCLUDE: waterboy
+#+ARROYO_SYSTEM_EXCLUDE: waterboy
 #+begin_src nix :tangle ~/arroyo-nix/hm/python.nix
 { pkgs, lib, ... }:

@ -40,6 +40,21 @@ In the CCE, Python programming is done using =pyright= in the [[id:cce/emacs_and
 }
 #+end_src

+And I need to pull in =poetry2nix= in to my system using an overlay because the [[id:c75d20e6-8888-4c5a-ac97-5997e2f1c711][nixpkgs]] folks don't think it should be vendored. It's kept updated in my [[id:cce/version_pins][Nix Version Pins]] file.
+
+#+ARROYO_NIXOS_MODULE: nixos/poetry2nix.nix
+
+#+begin_src nix :tangle ~/arroyo-nix/nixos/poetry2nix.nix
+{ ... }:
+
+let poetry2nix = (import ../versions.nix {}).poetry2nix null;
+in {
+  nixpkgs.overlays = [
+    (import "${poetry2nix}/overlay.nix")
+  ];
+}
+#+end_src
+
 #+begin_src emacs-lisp 
 (use-package lsp-pyright
  :after (python-mode lsp)
--- a/ruby_on_rails.org
+++ b/ruby_on_rails.org
@ -48,7 +48,7 @@ I use [[https://github.com/dgutov/robe][Robe]] for ruby development, rather than
 I use a tool called [[https://github.com/nix-community/bundix][Bundix]] which generates a [[id:c75d20e6-8888-4c5a-ac97-5997e2f1c711][Nix]] derivation of a =Gemfile.lock= which can be used in =nix-shell=.

 #+ARROYO_HOME_MODULE: hm/ruby.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint
 #+begin_src nix :tangle ~/arroyo-nix/hm/ruby.nix
 { pkgs, ... }:

--- a/sending_mail_in_gnus.org
+++ b/sending_mail_in_gnus.org
@ -14,7 +14,7 @@

 #+ARROYO_MODULE_WANTS: 	cce/gnus.org
 #+ARROYO_EMACS_MODULE: msmtp
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint
 #+ARROYO_HOME_MODULE: hm/msmtp.nix

 #+begin_src emacs-lisp :exports none
--- a/shared_cce_helpers.org
+++ b/shared_cce_helpers.org
@ -83,7 +83,6 @@ vdirsyncer-config.txt
 :END:

 #+ARROYO_EMACS_MODULE: cce-common
-#+ARROYO_MODULE_WANTED: cce/cce.org

 These are simple predicate functions which can be used in the =CCE_PREDICATE=:

--- a/syncthing-tray.org
+++ b/syncthing-tray.org
@ -12,7 +12,7 @@ A shortcoming of the [[id:arroyo/arroyo][Arroyo Systems Management]] data model
 So this is the tray module for [[id:cce/syncthing][Syncthing]] which is installed in [[id:cce/my_nixos_configuration][My NixOS configuration]] for endpoints.

 #+ARROYO_HOME_MODULE: hm/syncthing-tray.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint
 #+AUTO_TANGLE: t

 #+begin_src nix :tangle ~/arroyo-nix/hm/syncthing-tray.nix
--- a/syncthing.org
+++ b/syncthing.org
@ -31,7 +31,7 @@ This is straightforward; [[id:20230220T220556.588418][Syncthing Tray]] is instal
 I poke a hole in the firewall in [[id:cce/my_nixos_configuration][My NixOS configuration]]:

 #+ARROYO_NIXOS_MODULE: nixos/syncthing.nix
-#+ARROYO_NIXOS_EXCLUDE: droid
+#+ARROYO_SYSTEM_EXCLUDE: droid
 #+begin_src nix :tangle ~/arroyo-nix/nixos/syncthing.nix
 { ... }:
 {
--- a/tabfs.org
+++ b/tabfs.org
@ -3,10 +3,9 @@
 :ROAM_REFS: https://omar.website/tabfs/
 :END:
 #+TITLE: TabFS
-#+filetags: :Project:

 #+ARROYO_HOME_MODULE: hm/tabfs.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint
 #+ARCOLOGY_KEY: cce/tabfs
 #+ARCOLOGY_ALLOW_CRAWL: t
 #+AUTO_TANGLE: t
--- a/the_standard_unix_password_manager.org
+++ b/the_standard_unix_password_manager.org
@ -21,8 +21,8 @@

 #+ARROYO_EMACS_MODULE: pass
 #+ARROYO_HOME_MODULE: hm/pass.nix
-#+ARROYO_NIXOS_EXCLUDE: waterboy
-#+ARROYO_NIXOS_EXCLUDE: droid
+#+ARROYO_SYSTEM_EXCLUDE: waterboy
+#+ARROYO_SYSTEM_EXCLUDE: droid

 #+begin_src emacs-lisp
 (provide 'cce/pass)
--- a/tt-rss.org
+++ b/tt-rss.org
@ -5,7 +5,7 @@
 #+TITLE: Tiny-Tiny RSS

 #+ARROYO_NIXOS_MODULE: nixos/ttrss.nix
-#+ARROYO_NIXOS_ROLE: server
+#+ARROYO_SYSTEM_ROLE: server
 #+AUTO_TANGLE: t

 #+begin_src nix :tangle ~/arroyo-nix/nixos/ttrss.nix
--- a/underscores-syntax-table.org
+++ b/underscores-syntax-table.org
@ -3,7 +3,6 @@
 :END:
 #+TITLE: In Emacs Underscores should be part of words
 #+filetags: :CCE:
-#+ARROYO_MODULE_WANTS: 	cce/cce.org

 #+PROPERTY: header-args            :mkdirp yes :results none
 #+PROPERTY: header-args:emacs-lisp :tangle underscores-syntax-table.el
--- a/using_yubikey_as_a_gpg_key.org
+++ b/using_yubikey_as_a_gpg_key.org
@ -37,7 +37,7 @@ install a udev rule to make sure they are properly owned.
 and in [[id:cce/my_nixos_configuration][My NixOS configuration]] this is simple:

 #+ARROYO_NIXOS_MODULE: nixos/yubikey.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint
 #+begin_src nix :tangle ~/arroyo-nix/nixos/yubikey.nix
 { pkgs, ... }:
 {
--- a/vaultwarden.org
+++ b/vaultwarden.org
@ -14,7 +14,7 @@ This is all pretty basic, set up a [[id:cce/wobserver/postgres][PostgreSQL]] DB,
 I also had to set up =SMTP= configuration to activate my user ... Eventually [[id:20211120T220054.226284][The Wobserver]] needs to support sending mails like this through AWS or SendGrid or something, but for now I just set up a [[roam:Fastmail]] app-password for my account and shoved those in the DB. Yikes.

 #+ARROYO_NIXOS_MODULE: nixos/vaultwarden.nix
-#+ARROYO_NIXOS_ROLE: server
+#+ARROYO_SYSTEM_ROLE: server
 #+AUTO_TANGLE: t

 #+begin_src nix :tangle ~/arroyo-nix/nixos/vaultwarden.nix
--- a/version_pins.org
+++ b/version_pins.org
@ -96,6 +96,7 @@ CLOCK: [2022-12-20 Tue 10:26]--[2022-12-20 Tue 13:15] =>  2:49
 {
  <<homeManager>>
  <<emacsOverlay>>
+  <<poetry2nix>>
  <<nixpkgs>>

  <<nixgl>>
@ -130,11 +131,11 @@ Right now I am running off a branch of [[id:c75d20e6-8888-4c5a-ac97-5997e2f1c711

 ** Update [[id:cce/home-manager][home-manager]] by hand

-#+CALL: prefetch-git-rev(REPO="nix-community/home-manager", BRANCH="release-23.05")
+#+CALL: prefetch-git-rev(REPO="nix-community/home-manager", BRANCH="release-23.11")

 #+NAME: prefetch-hm
 #+results: 
-: "28535c3a34d79071f2ccb68671971ce0c0984d7e"
+: "aeb2232d7a32530d3448318790534d196bf9427a"

 #+begin_src nix :noweb-ref homeManager :noweb yes
 homeManager = _: builtins.fetchGit {
@ -170,6 +171,24 @@ emacsOverlay = _: builtins.fetchGit {
 emacsOverlay = _: /home/rrix/Code/emacs-overlay;
 #+end_src

+** Update =poetry2nix= overlay
+
+#+CALL: prefetch-git-rev(REPO="nix-community/poetry2nix", BRANCH="master")
+
+#+NAME: prefetch-p2n
+#+results:
+: "0b2bff39e9bd4e6db3208e09c276ca83a063b370"
+
+#+NAME: poetry2nix
+#+begin_src nix :noweb yes 
+poetry2nix = _: builtins.fetchGit {
+  url = "https://github.com/nix-community/poetry2nix/";
+  rev =
+   <<prefetch-p2n()>>
+  ;
+};
+#+end_src
+
 ** [[id:mastodon_in_emacs][mastodon]] in Emacs ->

 builds from https://codeberg.org/martianh/mastodon.el/commits/branch/main
--- a/vpype-vsketch.org
+++ b/vpype-vsketch.org
@ -2,7 +2,6 @@
 :ID:       20220506T155821.572980
 :END:
 #+title: Back on to the Plotter Train with vsketch
-#+filetags: :Project:
 #+AUTO_TANGLE: t

 * What are =vsketch= and =vpype=
@ -695,7 +694,7 @@ buildPythonPackage rec {
 With the packages crammed in to Arroyo using an overlay, it's easy enough to add these in:

 #+ARROYO_HOME_MODULE: hm/vsketch.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint
 #+begin_src nix :tangle ~/arroyo-nix/hm/vsketch.nix
 { pkgs, ... }:

--- a/vulfpeck_fonts_are_fun.org
+++ b/vulfpeck_fonts_are_fun.org
@ -90,7 +90,7 @@ stdenv.mkDerivation {
 I configure [[id:cce/my_nixos_configuration][My NixOS]] to use Vulfpeck fonts where I can, and fall back to the [[id:cce/fonts][free fonts]] otherwise:

 #+ARROYO_NIXOS_MODULE: nixos/vulfpeck.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint
 #+begin_src nix :tangle ~/arroyo-nix/nixos/vulfpeck.nix
 { pkgs, ... }:

@ -102,7 +102,7 @@ in
  fonts = {
    fontconfig.defaultFonts.monospace = ["Vulf Mono" "Deja Vu Sans Mono" "Noto Color Emoji" ];
    fontconfig.defaultFonts.sansSerif = ["Vulf Sans" "Deja Vu Sans" "Noto Color Emoji" ];
-    fonts = [ vulf_mono vulf_sans ];
+    packages = [ vulf_mono vulf_sans ];
  };
 }
 #+end_src
--- a/waydroid.org
+++ b/waydroid.org
@ -6,7 +6,7 @@
 #+TITLE: Waydroid on NixOS is pretty simple

 #+ARROYO_NIXOS_MODULE: nixos/waydroid.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint

 #+begin_src nix :tangle ~/arroyo-nix/nixos/waydroid.nix
 { pkgs, ... }:
--- a/wobserver-docker.org
+++ b/wobserver-docker.org
@ -9,7 +9,7 @@ I don't really *want* to use [[roam:Docker]], but it's the most-supported way to
 The =htpasswd= file was generated locally and then copied to the server so that it doesn't make it in to any =nix store=... It has to be done with =apacheHttpd='s =htpasswd= like so: =sudo -u docker-registry htpasswd -B /srv/docker-registry/htpasswd rrix=.

 #+ARROYO_NIXOS_MODULE: nixos/wobserver-docker.nix
-#+ARROYO_NIXOS_ROLE: server
+#+ARROYO_SYSTEM_ROLE: server
 #+AUTO_TANGLE: t

 #+begin_src nix :tangle ~/arroyo-nix/nixos/wobserver-docker.nix
@ -32,6 +32,7 @@ in{
    storagePath = "/srv/docker-registry/";
    extraConfig = {
      auth.htpasswd = {
+        # sudo htpasswd -B /srv/docker-registry/htpasswd rrix
        realm = "basic-realm";
        path = "/srv/docker-registry/htpasswd";
      };
--- a/wobserver-observability.org
+++ b/wobserver-observability.org
@ -3,7 +3,7 @@
 :ROAM_ALIASES: Wobservability
 :END:
 #+title: Wobserver Observability
-#+filetags: :Project:Wobserver:Development:
+#+filetags: :Wobserver:Development:

 #+ARCOLOGY_ALLOW_CRAWL: t
 #+ARCOLOGY_KEY: cce/wobserver/observability
@ -11,7 +11,7 @@
 #+AUTO_TANGLE: t

 #+ARROYO_NIXOS_MODULE: nixos/wobservability.nix
-#+ARROYO_NIXOS_ROLE: server
+#+ARROYO_SYSTEM_ROLE: server

 It is critical that the [[id:20211120T220054.226284][Wobserver]] can be "self-healing" -- not that all faults can be automatically fixed, but that with a human in the loop all common failure modes can be managed and normal operation can be maintained.

--- a/xmonad.org
+++ b/xmonad.org
@ -203,7 +203,7 @@ checkIsDesktop = isInProperty "_NET_WM_WINDOW_TYPE" "_NET_WM_WINDOW_TYPE_DESKTOP
 * [[id:cce/home-manager][home-manager]] configuration

 #+ARROYO_HOME_MODULE: hm/xmonad.nix
-#+ARROYO_NIXOS_ROLE: endpoint
+#+ARROYO_SYSTEM_ROLE: endpoint

 #+begin_src nix :tangle ~/arroyo-nix/hm/xmonad.nix :noweb yes
 { pkgs, config, ... }:
--- a/zfs-5_15-un-broken.org
+++ b/zfs-5_15-un-broken.org
@ -18,8 +18,8 @@ There has been a PR merged into zfs' master (openzfs/zfs#12824) claiming support
 This 5.15 is safe and pending an update so i'll include this workaround is required for [[id:cce/cce][CCE]] on [[id:20211030T172526.854851][NixOS on the Framework Laptop]]:

 ,#+ARROYO_NIXOS_MODULE: nixos/linux_zfs_5_15_broken.nix
-,#+ARROYO_NIXOS_ROLE: settop
-,#+ARROYO_NIXOS_ROLE: endpoint
+,#+ARROYO_SYSTEM_ROLE: settop
+,#+ARROYO_SYSTEM_ROLE: endpoint
 #+begin_src nix :tangle ~/arroyo-nix/nixos/linux_zfs_5_15_broken.nix
 { pkgs, ... }:

--- a/zfs-config.org
+++ b/zfs-config.org
@ -8,8 +8,8 @@
 #+ARCOLOGY_ALLOW_CRAWL: t

 #+ARROYO_NIXOS_MODULE: nixos/zfs.nix
-#+ARROYO_NIXOS_EXCLUDE: waterboy
-#+ARROYO_NIXOS_EXCLUDE: droid
+#+ARROYO_SYSTEM_EXCLUDE: waterboy
+#+ARROYO_SYSTEM_EXCLUDE: droid

 This stuff is pretty straightforward. I set up automatic snapshots, and SSD TRIM and scrubbing:
Author	SHA1	Message	Date
Ryan Rix	45e78312bf	make sure poetry2nix is overlayed from its repo	2023-12-17 16:04:26 -08:00
Ryan Rix	6772222d31	update my custom keyboard stuff to use xkb	2023-12-17 16:03:34 -08:00
Ryan Rix	d1e5957a48	always prefer external monitor in cce/refresh-display-scale	2023-12-17 16:03:18 -08:00
Ryan Rix	a8b2844645	update keyword names	2023-12-17 16:02:54 -08:00
Ryan Rix	2771d93cdd	move from xmodmap to xkbmap, this was a huge pain	2023-12-07 17:57:24 -08:00
Ryan Rix	ad719b1e72	my server is doing VFIO stuff, sometimes....	2023-12-01 11:26:47 -08:00
Ryan Rix	856bb7fe4a	have to define allowUnfree when nixpkgs is imported instead of using nixpkgs.config.......	2023-12-01 11:25:28 -08:00
Ryan Rix	d276c77456	fix direnv-arroyo integration	2023-12-01 11:25:28 -08:00
Ryan Rix	268c3ee19b	include pleroma perf	2023-12-01 11:25:28 -08:00
Ryan Rix	4d17c45a4a	meilisearch reindex	2023-12-01 11:25:28 -08:00
Ryan Rix	1df0cac765	23.05 -> 23.11	2023-12-01 11:25:28 -08:00