Added yq, patchelf

This reverts commit 8b4eeae6b0.

.gitignore

@@ -2,3 +2,4 @@
 **/.*~undo-tree~
 **/.DS_Store
 /result
+/home/result

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "bash-scripts"]
+	path = bash-scripts
+	url = gitea@git.randomctf.com:random936/bash-scripts.git

README.org

@@ -1,9 +1,58 @@
 
-* Dotfiles Repo
+* NixOS Setup for Omen Laptop
+
+Installing the base configuration:
 
-To install these dotfiles, you can use gnu stow. Running the following command will automatically create symlinks for every file in this repo.
 #+begin_src bash
-git clone https://github.com/Random936/dotfiles
+nix-shell -p vim git
-cd dotfiles/
+git clone https://git.randomctf.com/random936/dotfiles
-stow .
+sudo nixos-rebuild switch --flake .#randomctf
 #+end_src
+
+Install home manager and related packages:
+#+begin_src bash
+sudo ./install-homemanager.sh 25.05
+home-manager switch --extra-experimental-features "nix-command flakes" --flake .#random
+#+end_src
+
+** Rbw (Rust Bitwarden) Setup
+
+Before continuing, you will need to login on the [[https://bitwarden.com][Bitwarden]] website to retrieve your API key. This can be found under: Settings > Security > Keys > View API Key.
+
+#+begin_src bash
+# Enter the values it asks for from the Bitwarden view API key window.
+rbw register
+rbw login
+rbw unlock
+#+end_src
+
+** Mail Setup
+
+Setting up ~pass~:
+#+begin_src bash
+gpg --full-generate-key
+# Copy the value from the output above and use it in the command below.
+pass init <GPG_ID>
+#+end_src
+
+Setting up ~protonmail-bridge~:
+
+#+begin_src bash
+systemctl stop --user protonmail-bridge.service
+protonmail-bridge --cli
+cert export ~/.config/protonmail/bridge-v3/
+login # This might take a while.
+info # To get login info. SMTP needs to be added to authinfo.
+exit
+systemctl start --user protonmail-bridge.service
+
+# Add passwords for protonmail bridge.
+pass add "protonmail-bridge" <PASS>
+#+end_src
+
+Setting up ~mu4e~:
+#+begin_src bash
+mu init --maildir=~/.mail --my-address=<email_address>
+mbsync -a
+#+end_src
+

config/ai.nix

@@ -6,42 +6,49 @@
     (import ./networking.nix {
       hostname = "mindforge";
       ip_address = "192.168.100.45";
-      open_ports = [ ];
+      open_ports = [ 80 443 ];
       inherit lib;
     })
   ];
 
   users.users.mindforge = import ./user.nix;
 
-  # Setup drivers for NVIDIA GPU
-  services.xserver = {
-      enable = false;
-      videoDrivers = [ "nvidia" ];
-  };
-
-  hardware = {
-    nvidia = {
-      open = false;
-      modesetting.enable = true;
-      powerManagement.enable = false;
-      powerManagement.finegrained = false;
-      nvidiaSettings = true;
-    };
-
-    graphics = {
-      enable = true;
-      enable32Bit = true;
-    };
-  };
-
-  services.open-webui = {
-      enable = true;
-      host = "0.0.0.0";
-      openFirewall = true;
-  };
-
   services.ollama = {
     enable = true;
-    acceleration = "cuda";
+    host = "0.0.0.0";
+    openFirewall = true;
+    environmentVariables = {
+        OLLAMA_CONTEXT_LENGTH = "8192";
+    };
+  };
+
+  # NGINX Reverse Proxy Setup
+  services.open-webui.enable = true;
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      # Jellyfin
+      "mindforge.randomctf.local" = {
+        extraConfig = ''
+          access_log /var/log/nginx/access.mindforge.log;
+        '';
+
+        locations."/".extraConfig = ''
+          proxy_pass http://localhost:8080/;
+
+          # Add WebSocket support (Necessary for version 0.5.0 and up)
+          proxy_http_version 1.1;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection "upgrade";
+
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+
+          proxy_buffering off;
+        '';
+      };
+    };
   };
 }

config/assets/blackbox.yml

@@ -0,0 +1,14 @@
+modules:
+  icmp:
+    prober: icmp
+  http_2xx:
+    prober: http
+    http:
+      preferred_ip_protocol: ip4
+  http_2xx_tls_no_verify:
+    prober: http
+    http:
+      tls_config:
+        insecure_skip_verify: true
+
+

config/assets/suricata.yaml

@@ -0,0 +1,110 @@
+%YAML 1.1
+---
+vars:
+  address-groups:
+    HOME_NET: "[192.168.100.0/24]"
+    EXTERNAL_NET: "!$HOME_NET"
+    HTTP_SERVERS: "$HOME_NET"
+    SMTP_SERVERS: "$HOME_NET"
+    SQL_SERVERS: "$HOME_NET"
+    DNS_SERVERS: "$HOME_NET"
+    TELNET_SERVERS: "$HOME_NET"
+    AIM_SERVERS: "$EXTERNAL_NET"
+    DC_SERVERS: "$HOME_NET"
+    DNP3_SERVER: "$HOME_NET"
+    DNP3_CLIENT: "$HOME_NET"
+    MODBUS_CLIENT: "$HOME_NET"
+    MODBUS_SERVER: "$HOME_NET"
+    ENIP_CLIENT: "$HOME_NET"
+    ENIP_SERVER: "$HOME_NET"
+  port-groups:
+    HTTP_PORTS: "80"
+    SHELLCODE_PORTS: "!80"
+    ORACLE_PORTS: 1521
+    SSH_PORTS: 22
+    DNP3_PORTS: 20000
+    MODBUS_PORTS: 502
+    FILE_DATA_PORTS: "[$HTTP_PORTS,110,143]"
+    FTP_PORTS: 21
+    GENEVE_PORTS: 6081
+    VXLAN_PORTS: 4789
+    TEREDO_PORTS: 3544
+    SIP_PORTS: "[5060, 5061]"
+
+default-log-dir: /mnt/logs/suricata
+classification-file: /etc/suricata/classification.config
+reference-config-file: /etc/suricata/reference.config
+default-rule-path: /etc/suricata/rules
+rule-files:
+  - suricata.rules
+
+stats:
+  enabled: yes
+
+af-packet:
+  - interface: enp6s19
+    use-mmap: yes
+    tpacket-v3: yes
+    cluster-id: 99
+    cluster-type: cluster_flow
+    defrag: yes
+
+outputs:
+  - fast:
+      enabled: yes
+      filename: fast.log
+      append: yes
+
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve-%Y-%m-%d.json
+      rotate-interval: day
+      types:
+        - alert:
+            tagged-packets: yes
+        - http:
+            extended: yes
+            dump-all-headers: both
+        - http2
+        - dns:
+            enabled: yes
+        - tls:
+            extended: yes
+        - flow
+        - mqtt
+        - ssh
+        - dhcp:
+            enabled: yes
+        - arp:
+            enabled: yes
+        - ldap
+        - quic
+        - sip
+        - rfb
+        - snmp
+        - bittorrent-dht
+        - krb5
+        - dcerpc
+        - ike
+        - tftp
+        - smb
+        - nfs
+        - rdp
+        - ftp
+        - websocket
+        - smtp
+
+  - pcap-log:
+      enabled: no
+      filename: log.pcap
+      limit: 1gb
+      max-files: 200
+
+  - stats:
+      enabled: yes
+      filename: stats.log
+      append: yes
+      totals: yes
+      threads: no
+        

config/darwin.nix

@@ -1,81 +0,0 @@
-{ config, pkgs, lib, ... }: {
-  nix.settings.experimental-features = ["nix-command" "flakes"];
-
-  nixpkgs.config.allowUnfree = true;
-  environment.systemPackages = with pkgs; [
-    git
-  ];
-
-  homebrew = {
-    enable = true;
-    onActivation.cleanup = "zap";
-    taps = [
-      "nikitabobko/tap"
-      "FelixKratz/formulae"
-    ];
-    brews = [
-      "wireguard-tools"
-      "bitwarden-cli"
-      "pinentry-mac"
-      "sketchybar"
-      "coreutils"
-      "watch"
-    ];
-    casks = [
-      "font-hack-nerd-font"
-      "proton-mail-bridge"
-      "scroll-reverser"
-      "instantview"
-      "flameshot"
-      "aerospace"
-      "bitwarden"
-      "tailscale"
-      "wireshark"
-      "firefox"
-      "ghostty"
-      "discord"
-      "barrier"
-      "zoom"
-      "plex"
-      "vlc"
-    ];
-  };
-
-  # Auto upgrade nix package and the daemon service.
-  services.nix-daemon.enable = true;
-  nix.package = pkgs.nix;
-
-  # Extra activation scripts
-  system.activationScripts.extraActivation.text = ''
-  softwareupdate --install-rosetta --agree-to-license
-  '';
-
-  # Keyboard and Mouse
-  system.keyboard = {
-    enableKeyMapping = true;
-    remapCapsLockToEscape = true;
-    swapLeftCommandAndLeftAlt = true;
-  };
-
-  # MacOS Changes
-  system = {
-    startup.chime = false;
-    defaults = {
-      dock.autohide = true;
-      NSGlobalDomain = {
-        "com.apple.mouse.tapBehavior" = 1;
-        _HIHideMenuBar = true;
-      };
-    };
-  };
-
-  # Create /etc/zshrc that loads the nix-darwin environment.
-  programs.zsh.enable = true;
-
-  users.users.jadenmaxwell = {
-    name = "jadenmaxwell";
-    home = "/Users/jadenmaxwell";
-  };
-
-  system.stateVersion = 4;
-}

config/headful.nix

@@ -27,11 +27,10 @@
     # Setup i3 window manager
     windowManager.i3 = {
       enable = true;
-      package = pkgs.i3-gaps;
       extraPackages = with pkgs; [
         rofi
-        polybar
         alacritty
+        polybarFull
         i3lock-fancy
         xautolock
         autorandr
@@ -58,12 +57,6 @@
     enable32Bit = true;
   };
 
-  # Install picom for transparency.
-  services.picom = {
-    enable = true;
-    backend = "glx";
-  };
-
   # Install Thunar
   programs.thunar.enable = true;
   services.gvfs.enable = true;

config/headless.nix

@@ -13,7 +13,9 @@
   services.prometheus.exporters.node = {
       enable = true;
       port = 9002;
-      enabledCollectors = [ "systemd" ];
+      enabledCollectors = [ "systemd" "processes" ];
+      openFirewall = true;
+      firewallFilter = "-s 192.168.100.41 -p tcp -m tcp --dport 9002";
   };
 
   system.stateVersion = "24.05";

config/logging.nix

@@ -1,188 +1,57 @@
 { lib, config, pkgs, inputs, ... }: {
 
   imports = [
+    ./logging/prometheus.nix
+    ./logging/suricata.nix
     ../hardware/logging.nix
     ./headless.nix
     (import ./networking.nix {
         hostname = "r330-logging";
         ip_address = "192.168.100.41";
-        open_ports = [ 3000 9001 ];
+        open_ports = [ 3000 9001 9003 ];
         inherit lib;
     })
+
   ];
 
+  networking.firewall.enable = false;
+
   users.users.logging = import ./user.nix;
 
-  environment.systemPackages = with pkgs; [
-    suricata
-  ];
-
   services.grafana = {
       enable = true;
       settings.server = {
-          http_addr = "0.0.0.0";
+          http_addr = "127.0.0.1";
           http_port = 3000;
-          domain = "logging.randomctf.local";
+          domain = "grafana.randomctf.local";
       };
   };
 
-  services.prometheus = {
+  services.nginx = {
     enable = true;
-    port = 9001;
+    virtualHosts = {
-    scrapeConfigs = [
+      # Grafana
-      {
+      "grafana.randomctf.local" = {
-        job_name = "r330-logging";
+        extraConfig = ''
-        static_configs = [{
+          access_log /var/log/nginx/access.grafana.log;
-          targets = let
+        '';
-            port = toString config.services.prometheus.exporters.node.port;
-          in [
-            "127.0.0.1:${port}"
-            "192.168.100.40:${port}"
-            "192.168.100.42:${port}"
-            "192.168.100.43:${port}"
-          ];
-        }];
-      }
-    ];
-  };
 
-  systemd.services.suricata = {
+        locations."/".extraConfig = ''
-    description = "Suricata IDS/IPS";
+          proxy_set_header Host grafana.randomctf.local;
-    wantedBy = ["multi-user.target"];
+          proxy_pass http://localhost:3000/;
-    serviceConfig = {
+        '';
-      type = "simple";
+      };
-      User = "logging";
+
-      ExecStart = "${pkgs.suricata}/bin/suricata -c /etc/suricata.yaml -i enp6s18";
+      # Prometheus
-      Restart = "on-failure";
+      "prometheus.randomctf.local" = {
-      CapabilityBoundingSet = "CAP_NET_RAW CAP_NET_ADMIN";
+        extraConfig = ''
-      AmbientCapabilities = "CAP_NET_RAW CAP_NET_ADMIN";
+          access_log /var/log/nginx/access.prometheus.log;
+        '';
+
+        locations."/".extraConfig = ''
+          proxy_pass http://localhost:9090/;
+        '';
+      };
     };
   };
-
-  environment.etc."suricata.yaml".source = pkgs.writeTextFile {
-    name = "suricata.yaml";
-    text = ''
-    %YAML 1.1
-    ---
-
-    vars:
-      address-groups:
-        HOME_NET: "[192.168.100.0/24]"
-        EXTERNAL_NET: "!$HOME_NET"
-        HTTP_SERVERS: "$HOME_NET"
-        SMTP_SERVERS: "$HOME_NET"
-        SQL_SERVERS: "$HOME_NET"
-        DNS_SERVERS: "$HOME_NET"
-        TELNET_SERVERS: "$HOME_NET"
-        AIM_SERVERS: "$EXTERNAL_NET"
-        DC_SERVERS: "$HOME_NET"
-        DNP3_SERVER: "$HOME_NET"
-        DNP3_CLIENT: "$HOME_NET"
-        MODBUS_CLIENT: "$HOME_NET"
-        MODBUS_SERVER: "$HOME_NET"
-        ENIP_CLIENT: "$HOME_NET"
-        ENIP_SERVER: "$HOME_NET"
-      port-groups:
-        HTTP_PORTS: "80"
-        SHELLCODE_PORTS: "!80"
-        ORACLE_PORTS: 1521
-        SSH_PORTS: 22
-        DNP3_PORTS: 20000
-        MODBUS_PORTS: 502
-        FILE_DATA_PORTS: "[$HTTP_PORTS,110,143]"
-        FTP_PORTS: 21
-        GENEVE_PORTS: 6081
-        VXLAN_PORTS: 4789
-        TEREDO_PORTS: 3544
-        SIP_PORTS: "[5060, 5061]"
-
-    default-log-dir: /home/logging/logs
-    classification-file: /etc/suricata/classification.config
-    reference-config-file: /etc/suricata/reference.config
-    default-rule-path: /etc/suricata/rules
-    rule-files:
-      - suricata.rules
-
-    stats:
-      enabled: yes
-
-    af-packet:
-      - interface: enp6s18
-        use-mmap: yes
-        tpacket-v3: yes
-        cluster-id: 99
-        cluster-type: cluster_flow
-        defrag: yes
-
-    outputs:
-      - fast:
-          enabled: yes
-          filename: fast.log
-          append: yes
-
-      - eve-log:
-          enabled: yes
-          filetype: regular
-          filename: eve.json
-          types:
-            - alert:
-                tagged-packets: yes
-            - http:
-                extended: yes
-            - http2
-            - dns:
-                enabled: yes
-            - tls:
-                extended: yes
-            - flow
-            - mqtt
-            - ssh
-            - dhcp:
-                enabled: yes
-            - arp:
-                enabled: yes
-            - ldap
-            - quic
-            - sip
-            - rfb
-            - snmp
-            - bittorrent-dht
-            - krb5
-            - dcerpc
-            - ike
-            - tftp
-            - smb
-            - nfs
-            - rdp
-            - ftp
-            - websocket
-            - smtp
-
-      - pcap-log:
-          enabled: yes
-          filename: log.pcap
-          limit: 1gb
-          max-files: 20
-
-      - stats:
-          enabled: yes
-          filename: stats.log
-          append: yes
-          totals: yes
-          threads: no
-            
-    '';
-  };
-
-  environment.etc."suricata/classification.config".text = ''
-  '';
-
-  environment.etc."suricata/reference.config".text = ''
-  '';
-
-  environment.etc."suricata/threshold.config".text = ''
-  '';
-
-  environment.etc."suricata/rules/suricata.rules".text = ''
-  '';
 }

config/logging/prometheus.nix

@@ -0,0 +1,156 @@
+{ lib, config, pkgs, inputs, ... }: {
+  services.prometheus.exporters.blackbox = {
+      enable = true;
+      port = 9003;
+      configFile = ../assets/blackbox.yml;
+  };
+
+  services.prometheus = {
+    enable = true;
+    port = 9090;
+    globalConfig.scrape_interval = "10s";
+    scrapeConfigs = let 
+      node_port = toString config.services.prometheus.exporters.node.port;
+      blackbox_relabel = [
+        {
+          source_labels = [ "__address__" ];
+          target_label  = "__param_target";
+        }
+        {
+          target_label  = "__address__";
+          replacement   = "127.0.0.1:9003";
+        }
+      ];
+    in [
+      {
+        job_name = "node";
+        static_configs = [
+          {
+            targets = [ "127.0.0.1:${node_port}" ];
+            labels.instance = "r330-logging";
+          }
+          {
+            targets = [ "192.168.100.40:${node_port}" ];
+            labels.instance = "r330-media";
+          }
+          {
+            targets = [ "192.168.100.42:${node_port}" ];
+            labels.instance = "sampledb-dev";
+          }
+          {
+            targets = [ "192.168.100.45:${node_port}" ];
+            labels.instance = "mindforge";
+          }
+          {
+            targets = [ "192.168.100.1:9100" ];
+            labels.instance = "GL-MT6000";
+          }
+        ];
+      }
+      {
+        job_name = "blackbox_icmp";
+        metrics_path = "/probe";
+        params = { module = ["icmp"]; };
+        static_configs = [
+          {
+            targets = [ "127.0.0.1" ];
+            labels.instance = "r330-media";
+          }
+          {
+            targets = [ "192.168.100.1" ];
+            labels.instance = "GL-MT6000";
+          }
+          {
+            targets = [ "192.168.100.11" ];
+            labels.instance = "r330-idrac";
+          }
+          {
+            targets = [ "192.168.100.12" ];
+            labels.instance = "r730xd-idrac";
+          }
+          {
+            targets = [ "192.168.100.21" ];
+            labels.instance = "r330-proxmox";
+          }
+          {
+            targets = [ "192.168.100.22" ];
+            labels.instance = "r730xd-proxmox";
+          }
+          {
+            targets = [ "192.168.100.40" ];
+            labels.instance = "r330-media";
+          }
+          {
+            targets = [ "192.168.100.42" ];
+            labels.instance = "sampledb-dev";
+          }
+          {
+            targets = [ "192.168.100.42" ];
+            labels.instance = "sampledb-dev";
+          }
+          {
+            targets = [ "192.168.100.45" ];
+            labels.instance = "mindforge";
+          }
+          {
+            targets = [ "1.1.1.1" ];
+            labels.instance = "Cloudflare";
+          }
+          {
+            targets = [ "8.8.8.8" ];
+            labels.instance = "Google";
+          }
+        ];
+        relabel_configs = blackbox_relabel;
+      }
+      {
+        job_name = "blackbox_http_2xx";
+        metrics_path = "/probe";
+        params = { module = ["http_2xx"]; };
+        static_configs = [
+          {
+              targets = [ "http://192.168.100.40:6011" ];
+              labels.instance = "Qbittorrent";
+          }
+          {
+              targets = [ "http://192.168.100.40:7878" ];
+              labels.instance = "Radarr";
+          }
+          {
+              targets = [ "http://192.168.100.40:8989" ];
+              labels.instance = "Sonarr";
+          }
+          {
+              targets = [ "http://192.168.100.40:9696" ];
+              labels.instance = "Prowlarr";
+          }
+          {
+              targets = [ "https://randomctf.com" ];
+              labels.instance = "RandomCTF.com";
+          }
+          {
+              targets = [ "https://git.randomctf.com" ];
+              labels.instance = "Gitea";
+          }
+          {
+              targets = [ "https://nextcloud.randomctf.com" ];
+              labels.instance = "Nextcloud";
+          }
+        ];
+        relabel_configs = blackbox_relabel;
+      }
+      {
+        job_name = "blackbox_http_2xx_no_verify";
+        metrics_path = "/probe";
+        params = { module = ["http_2xx_tls_no_verify"]; };
+        static_configs = [
+          {
+            targets = [ "https://192.168.100.40:5006" ];
+            labels.instance = "Actual";
+          }
+        ];
+        relabel_configs = blackbox_relabel;
+      }
+    ];
+  };
+}

config/logging/suricata.nix

@@ -0,0 +1,34 @@
+{ lib, config, pkgs, inputs, ... }: {
+
+  environment.systemPackages = with pkgs; [
+    suricata
+  ];
+
+  systemd.services.suricata = {
+    description = "Suricata IDS/IPS";
+    wantedBy = ["multi-user.target"];
+    serviceConfig = {
+      type = "simple";
+      User = "logging";
+      ExecStartPre = "/run/current-system/sw/bin/ip link set enp6s19 up";
+      ExecStart = "${pkgs.suricata}/bin/suricata -c /etc/suricata.yaml -i enp6s19";
+      Restart = "on-failure";
+      CapabilityBoundingSet = "CAP_NET_RAW CAP_NET_ADMIN";
+      AmbientCapabilities = "CAP_NET_RAW CAP_NET_ADMIN";
+    };
+  };
+
+  environment.etc."suricata.yaml".source = ../assets/suricata.yaml;
+
+  environment.etc."suricata/classification.config".text = ''
+  '';
+
+  environment.etc."suricata/reference.config".text = ''
+  '';
+
+  environment.etc."suricata/threshold.config".text = ''
+  '';
+
+  environment.etc."suricata/rules/suricata.rules".text = ''
+  '';
+}

config/media.nix

@@ -34,18 +34,18 @@
     };
   };
 
-  # Plex Setup
+  # Jellyfin Setup
-  services.plex = {
+  services.jellyfin = {
       enable = true;
-      openFirewall = true;
       user = "media";
-      dataDir = "/mnt/media/plex";
+      dataDir = "/mnt/media/jellyfin";
+      cacheDir = "/mnt/media/jellyfin/cache";
   };
 
   # Nextcloud Setup
   services.nextcloud = {
       enable = true;
-      package = pkgs.nextcloud30;
+      package = pkgs.nextcloud32;
       configureRedis = true;
       database.createLocally = true;
       autoUpdateApps.enable = true;
@@ -66,6 +66,13 @@
       };
   };
 
+  services.cron = {
+      enable = true;
+      systemCronJobs = [
+        "*/10 * * * * nextcloud nextcloud-occ preview:pre-generate"
+      ];
+  };
+
   # Gitea
   services.gitea = {
       enable = true;
@@ -73,7 +80,6 @@
       settings = {
           server = {
               ROOT_URL = "https://git.randomctf.com";
-              HTTP_ADDR = "127.0.0.1";
               HTTP_PORT = 3300;
               DOMAIN = "git.randomctf.com";
           };
@@ -104,43 +110,79 @@
     enable = true;
     virtualHosts = {
 
-        # Landing Page (randomctf.com)
+      # Landing Page (randomctf.com)
-        "randomctf.com" = {
+      "randomctf.com" = {
-          enableACME = true;
+        enableACME = true;
-          forceSSL = true;
+        forceSSL = true;
-          root = "/var/www/randomctf.com";
+        default = true;
-        };
+        root = "/var/www/randomctf.com";
+      };
 
-        # Nextcloud
+      # Nextcloud
-        ${config.services.nextcloud.hostName} = {
+      ${config.services.nextcloud.hostName} = {
-          enableACME = true;
+        enableACME = true;
-          forceSSL = true;
+        forceSSL = true;
-        };
+      };
 
-        # Gitea
+      # Jellyfin
-        "git.randomctf.com" = {
+      "media.randomctf.com" = {
-            enableACME = true;
+        enableACME = true;
-            forceSSL = true;
+        forceSSL = true;
 
-            extraConfig = ''
+        extraConfig = ''
-              access_log /var/log/nginx/access.git.log;
+          access_log /var/log/nginx/access.media.log;
-            '';
+        '';
 
-            locations."/".extraConfig = ''
+        locations."/".extraConfig = ''
-              proxy_buffering off;
+          allow 192.168.0.0/16;
-              proxy_pass http://localhost:3300/;
+          allow 10.0.0.0/8;
-            '';
+          allow 172.16.0.0/12;
-        };
+          allow 127.0.0.1;
+          deny all;
+
+          proxy_buffering off;
+          proxy_pass http://localhost:8096/;
+        '';
+      };
+
+      # Kiwix
+      "kiwix.randomctf.com" = {
+        extraConfig = ''
+          access_log /var/log/nginx/access.kiwix.log;
+        '';
+
+        locations."/".extraConfig = ''
+          allow 192.168.0.0/16;
+          allow 10.0.0.0/8;
+          allow 172.16.0.0/12;
+          allow 127.0.0.1;
+          deny all;
+
+          proxy_buffering off;
+          proxy_pass http://localhost:8080/;
+        '';
+      };
+
+      # Gitea
+      "git.randomctf.com" = {
+        enableACME = true;
+        forceSSL = true;
+
+        extraConfig = ''
+          access_log /var/log/nginx/access.git.log;
+        '';
+
+        locations."/".extraConfig = ''
+          proxy_buffering off;
+          proxy_pass http://localhost:3300/;
+        '';
+      };
     };
   };
 
   security.acme = {
     acceptTerms = true;
-    certs = {
+    defaults.email = "admin@randomctf.com";
-        "randomctf.com".email = "admin@randomctf.com";
-        ${config.services.nextcloud.hostName}.email = "admin@randomctf.com";
-        ${config.services.gitea.settings.server.DOMAIN}.email = "admin@randomctf.com";
-    };
   };
 
   # Enable Tailscale

config/networking.nix

@@ -7,6 +7,7 @@ in {
   # Conigure a static IP address.
   networking.useDHCP = false;
   networking.useNetworkd = true;
+  networking.enableIPv6 = false;
 
   # Bug fix
   systemd.services.systemd-networkd-wait-online.enable = lib.mkForce false;
@@ -17,7 +18,7 @@ in {
   };
 
   networking.nameservers = [ gateway_ip ];
-  networking.firewall.allowedTCPPorts = open_ports ++ [9002];
+  networking.firewall.allowedTCPPorts = open_ports;
   networking.interfaces.enp6s18.ipv4.addresses = [
     {
       address = ip_address;

config/omen.nix

@@ -1,4 +1,4 @@
-{ lib, ... }: {
+{ lib, pkgs, ... }: {
 
   imports = [
     ../hardware/omen.nix
@@ -18,7 +18,7 @@
   # Networking
   networking.hostName = "randomctf";
   networking.nameservers = [ "192.168.100.1" "8.8.8.8" "8.8.4.4" ];
-  networking.firewall.allowedTCPPorts = [ 22 24800 ];
+  networking.firewall.allowedTCPPorts = [ 22 5060 24800 ];
 
   # Temporary fix for service failure.
   systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
@@ -52,10 +52,74 @@
   # Ignore laptop lid closing when connected to power.
   services.logind.lidSwitchExternalPower = "ignore";
 
-  # Enable VMWare Workstation
-  virtualisation.vmware.host.enable = true;
-
   # Enable bluetooth
   hardware.bluetooth.enable = true;
   services.blueman.enable = true;
+
+  # System Packages
+  environment.systemPackages = with pkgs; [
+    pinentry-gtk2
+    protonmail-bridge
+    pass
+
+    # For RTL-SDR
+    libusb1
+    rtl-sdr
+    gqrx
+  ];
+
+  # For RTL-SDR
+  hardware.rtl-sdr.enable = true;
+
+  # Setup Pinentry
+  programs.gnupg.agent = {
+    enable = true;
+    pinentryPackage = pkgs.pinentry-gtk2;
+    enableSSHSupport = true;
+  };
+
+  # Setup protonmail bridge
+  systemd.user.services.protonmail-bridge = {
+    description = "Protonmail Bridge";
+    after = [ "network.target" ];
+    wantedBy = [ "default.target" ];
+    path = with pkgs; [
+      pass
+      gnupg
+      pinentry-gtk2
+    ];
+    serviceConfig = {
+      Restart = "always";
+      ExecStart = "${pkgs.protonmail-bridge}/bin/protonmail-bridge --noninteractive";
+    };
+  };
+
+  # Setup environment for binaries that require FHS compliance.
+  programs.nix-ld = {
+    enable = true;
+    libraries = with pkgs; [
+      stdenv.cc.cc.lib
+      libglvnd
+      mesa
+      fontconfig
+      freetype
+      libxkbcommon
+      zlib
+      dbus
+      python3
+      xorg.libX11
+      xorg.libXext
+      xorg.libXrender
+      xorg.libXrandr
+      xorg.libXcursor
+      xorg.libXi
+      xorg.libxcb
+      xorg.xcbutilwm
+      xorg.xcbutil
+      xorg.xcbutilimage
+      xorg.xcbutilkeysyms
+      xorg.xcbutilrenderutil
+      xorg.xcbutilcursor
+    ];
+  };
 }

config/shared.nix

@@ -7,7 +7,7 @@
   nixpkgs.config.allowUnfree = true;
 
   # General setup
-  time.timeZone = "America/Los_Angeles";
+  time.timeZone = "America/New_York";
   i18n.defaultLocale = "en_US.UTF-8";
   i18n.extraLocaleSettings = {
     LC_ADDRESS = "en_US.UTF-8";

config/user.nix

@@ -4,5 +4,5 @@
   isNormalUser = true;
   useDefaultShell = true;
   description = "random";
-  extraGroups = [ "networkmanager" "wheel" "docker" ];
+  extraGroups = [ "networkmanager" "wheel" "docker" "dialout" "plugdev" ];
 }

dotfiles/.config/i3/config

@@ -15,13 +15,14 @@ floating_modifier $mod
 
 # Application hot keys
 bindsym $mod+Return exec "alacritty"
-bindsym $mod+Shift+f exec "firefox"
+bindsym $mod+Shift+b exec "blueman-manager"
+bindsym $mod+Shift+d exec "vesktop"
 bindsym $mod+Shift+e exec "emacsclient -c"
-bindsym $mod+Shift+d exec "discord"
+bindsym $mod+Shift+f exec "brave"
+bindsym $mod+Shift+m exec "proton-mail"
+bindsym $mod+Shift+p exec "rofi-rbw"
+bindsym $mod+Shift+s exec "flameshot gui"
 bindsym $mod+Shift+t exec "thunar"
-bindsym $mod+Shift+p exec "flameshot gui"
-
-# Lock screen with i3lock-fancy
 bindsym $mod+Shift+x exec "i3lock-fancy"
 
 # kill focused window
@@ -43,6 +44,10 @@ bindsym $mod+Shift+k move up
 bindsym $mod+Shift+j move down
 bindsym $mod+Shift+l move right
 
+# move entire workspace
+bindsym $mod+Shift+period move workspace to output right
+bindsym $mod+Shift+comma move workspace to output left
+
 # split in horizontal orientation
 bindsym $mod+semicolon split h
 
@@ -154,9 +159,8 @@ client.focused_inactive #333333 #222222 #888888 #292d2e #eeeeee
 client.unfocused #333333 #222222 #888888 #292d2e #eeeeee
 
 # Auto lock the screen after X minutes
-exec "xautolock -detectsleep -time 3 -locker i3lock-fancy"
+#exec "xautolock -detectsleep -time 30 -locker i3lock-fancy"
 
 # Startup Applications
-exec_always --no-startup-id "$HOME/.screenlayout/launch.sh &" # setup screen layout and wallpapers
+exec --no-startup-id "$HOME/.screenlayout/launch.sh &" # setup screen layout and wallpapers
-exec_always --no-startup-id "$HOME/.scripts/autostart_desktop.sh &" # run autostart desktop apps
+exec --no-startup-id "$HOME/.scripts/autostart_desktop.sh &" # run autostart desktop apps
-exec_always --no-startup-id "killall polybar; polybar" # status bar

dotfiles/.config/polybar/config.ini

@@ -11,6 +11,7 @@ disabled = #707880
 width = 100%
 height = 24pt
 radius = 6
+monitor = ${env:MONITOR:}
 
 ; dpi = 96
 

dotfiles/.config/qutebrowser/config.py

@@ -0,0 +1,15 @@
+import os
+from urllib.request import urlopen
+
+# load your autoconfig, use this, if the rest of your config is empty!
+config.load_autoconfig()
+
+# Set Dark Mode
+config.set("colors.webpage.darkmode.enabled", False)
+config.set("colors.webpage.preferred_color_scheme", "dark")
+
+# Toggle Dark Mode
+config.bind('td', 'config-cycle colors.webpage.darkmode.enabled true false')
+
+# Fix terminal editor
+config.set('editor.command', ['alacritty', '-e', 'nvim', '{file}'])

dotfiles/.emacs.d/config.org

@@ -438,7 +438,7 @@ When installing Vertico, the documentation mentions a few other packages that ad
   :after vertico
   :config
   (jm/leader-keys 
-    "pg" 'consult-grep
+    "pg" 'consult-git-grep
     "pf" 'consult-find))
 #+end_src
 

dotfiles/.emacs.d/functions.org

@@ -48,9 +48,10 @@ Shortcut to goto todays org-roam dailies document.
 
 (defun jm/org-roam-capture-today ()
   (interactive)
-  (jm/org-roam-goto-day 0 t))
+  (jm/org-roam-goto-day 0 t "t")
+  (delete-other-windows))
 
-(defun jm/org-roam-goto-day (days &optional force-capture)
+(defun jm/org-roam-goto-day (days &optional force-capture keys)
   (let* ((base-time
           (if (and (jm/dailies-file-p) (not (eq days 0)))
               (date-to-time (file-name-base (buffer-file-name)))
@@ -61,7 +62,7 @@ Shortcut to goto todays org-roam dailies document.
     (jm/org-roam-refresh-agenda-list)
     (if (and (file-exists-p full-path) (not force-capture))
         (find-file full-path)
-      (org-roam-dailies--capture rel-time))))
+      (org-roam-dailies--capture rel-time nil keys))))
 
 (jm/leader-keys
   "oy" '((lambda () (interactive) (jm/org-roam-goto-day -1)) :which-key "Open/create yesterday's daily notes file")

dotfiles/.emacs.d/lsp.org

@@ -80,8 +80,10 @@ This will include any language server packages and configuration.
 #+begin_src emacs-lisp
 (use-package web-mode
   :defer t
-  :mode "\\.html\\'"
+  :mode ("\\.html\\'" "\\.svelte\\'")
-  :hook (web-mode . lsp-deferred))
+  :hook (web-mode . lsp-deferred)
+  :init
+  (setq web-mode-engines-alist '(("svelte" . "\\.svelte\\'"))))
 #+end_src
 
 ** JavaScript/Typescript
@@ -245,3 +247,4 @@ Nix is the language used by NixOS and the Nix package manager.
   :mode "\\.nix\\'"
   :hook (nix-mode . lsp-deferred))
 #+end_src
+

dotfiles/.emacs.d/org.org

@@ -36,7 +36,7 @@ This installs the org package and creates a setup function to enable/disable cer
 
         ;; Capture templates
         org-capture-templates '(("i" "Inbox" entry (file jm/inbox-file)
-                                 "* TODO %^{Task}\nSCHEDULED: %^t")))
+                                 "* TODO %^{Task}\nDEADLINE: %^t SCHEDULED: %^t")))
 
   (jm/leader-keys
     "oa" '(org-agenda :which-key "Org agenda")
@@ -175,7 +175,9 @@ Org-roam is a plain-text knowledge management system. It brings some of Roam's m
          ("C-c n i" . org-roam-node-insert)
          ("C-c n c" . org-roam-capture)
          ("C-c n o" . org-id-get-create)
-         ("C-c n t" . jm/org-roam-capture-today)
+         ("C-c n y" . org-roam-dailies-capture-yesterday)
+         ("C-c n t" . org-roam-dailies-capture-today)
+         ("C-c n k" . org-roam-dailies-capture-tomorrow)
          ("C-c n r" . jm/org-roam-refresh-agenda-list))
   :config
   ;; Config for org-roam capture templates.

dotfiles/.functions.zsh

@@ -1,40 +1,11 @@
-bw-load() {
+awkuniq() {
-    export BW_SESSION=$(cat $HOME/.bw_session)
+    if [[ "$1" == "-c" ]]; then
-}
+        awk '{ !x[$0]++ } END { for (i in x) print x[i] "\t" i }'
-
+    else
-bw-init() {
+        awk '!x[$0]++'
-    if [ ! bw login --check &>/dev/null ]; then
-        bw login
     fi
-
-    bw sync &>/dev/null || return 1
-    bw-load
-
-    if [[ "$(bw status | jq -rc .status)" == "unlocked" ]]; then
-        return 0
-    fi
-
-    bw unlock --raw > $HOME/.bw_session
-    bw-load
-}
-
-bw-copy() {
-    clipboard_cmd=""
-
-    if [[ "$(uname)" == "Linux" ]]; then
-        clipboard_cmd="xsel --clipboard -i"
-    elif [[ "$(uname)" == "Darwin" ]]; then
-        clipboard_cmd="pbcopy"
-    fi
-
-    bw-load && NODE_OPTIONS="--no-deprecation" bw get password "$1" | eval $clipboard_cmd
-}
-
-bw-clear() {
-    echo -n "" | xsel --clipboard
 }
 
 bw-ssh() {
-    pass=$(bw-load && NODE_OPTIONS="--no-deprecation" bw get password "$1")
+    sshpass -p "$(rbw get "$1")" ssh ${@:2}
-    sshpass -p "$pass" ssh ${@:2}
 }

dotfiles/.screenlayout/launch.sh

@@ -2,9 +2,12 @@
 
 function load_script() {
     if [ -f "$1" ]; then
-        $1
+        bash "$1" &
     fi
 }
 
-load_script "$HOME/.screenlayout/wallpapers.sh" # wallpapers script
+# I guess I have to run this twice? Fixes wallpaper rendering images.
+load_script "$HOME/.screenlayout/wallpapers.sh"
 load_script "$HOME/.screenlayout/layout.sh"
+load_script "$HOME/.screenlayout/wallpapers.sh"
+load_script "$HOME/.screenlayout/polybar.sh"

dotfiles/.screenlayout/polybar.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+if which xrandr; then
+    for m in $(xrandr --query | grep " connected" | cut -d" " -f1); do
+        MONITOR=$m polybar --reload example &
+    done
+else
+    polybar --reload example &
+fi

flake.lock

@@ -1,53 +1,73 @@
 {
   "nodes": {
-    "home-manager": {
+    "home": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1738188574,
+        "lastModified": 1764536451,
-        "narHash": "sha256-I1gh2Ho565SDmbonmzj7sWbEgTXYyERmMT5KwuuaSDo=",
+        "narHash": "sha256-BgtcUkBfItu9/yU14IgUaj4rYOanTOUZjUfBP20/ZB4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "6aa38ffdf77fb4250f5d832fd5a09eb99226fba7",
+        "rev": "3fdd076e08049a9c7a83149b270440d9787d2df5",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "master",
+        "ref": "release-25.11",
         "repo": "home-manager",
         "type": "github"
       }
     },
-    "nix-darwin": {
+    "home-unstable": {
+      "inputs": {
+        "nixpkgs": [
+          "nix-unstable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1764304195,
+        "narHash": "sha256-bO7FN/bF6gG7TlZpKAZjO3VvfsLaPFkefeUfJJ7F/7w=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "86ff0ef506c209bb397849706e85cc3a913cb577",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nix-index-database": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1738033138,
+        "lastModified": 1763870992,
-        "narHash": "sha256-qlIM8A3bdL9c6PexhpS+QyZLO9y/8a3V75HVyJgDE5Q=",
+        "narHash": "sha256-NPyc76Wxmv/vAsXJ8F+/8fXECHYcv2YGSqdiSHp/F/A=",
-        "owner": "LnL7",
+        "owner": "nix-community",
-        "repo": "nix-darwin",
+        "repo": "nix-index-database",
-        "rev": "349a74c66c596ef97ee97b4d80a3ca61227b6120",
+        "rev": "d7423982c7a26586aa237d130b14c8b302c7a367",
         "type": "github"
       },
       "original": {
-        "owner": "LnL7",
+        "owner": "nix-community",
-        "repo": "nix-darwin",
+        "repo": "nix-index-database",
         "type": "github"
       }
     },
-    "nixpkgs": {
+    "nix-unstable": {
       "locked": {
-        "lastModified": 1738021509,
+        "lastModified": 1764242076,
-        "narHash": "sha256-JNUiceGsr7cVBUQxLBF1ILCe99E0qLxsVuet6GsZUuw=",
+        "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "9db269672dbdbb519e0bd3ea24f01506c135e46f",
+        "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4",
         "type": "github"
       },
       "original": {
@@ -57,10 +77,28 @@
         "type": "github"
       }
     },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1764604385,
+        "narHash": "sha256-ssKbRa5FLDX/Kc0dQFUWFRt35UfdNDQD6GxvamdhGQY=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "93488aad5d24df9131cbc0a25aa533dc866af473",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "release-25.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
-        "home-manager": "home-manager",
+        "home": "home",
-        "nix-darwin": "nix-darwin",
+        "home-unstable": "home-unstable",
+        "nix-index-database": "nix-index-database",
+        "nix-unstable": "nix-unstable",
         "nixpkgs": "nixpkgs"
       }
     }

flake.nix

@@ -2,127 +2,91 @@
   description = "Configuration flake for RandomCTF";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:nixos/nixpkgs/release-25.11";
-    home-manager = {
+    home = {
-      url = "github:nix-community/home-manager/master";
+      url = "github:nix-community/home-manager/release-25.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    nix-darwin = {
+    nix-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
-      url = "github:LnL7/nix-darwin";
+    home-unstable = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nix-unstable";
+    };
+
+    nix-index-database = {
+      url = "github:nix-community/nix-index-database";
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
 
-  outputs = { self, nixpkgs, nix-darwin, home-manager, ... } @ inputs: {
+  outputs = { self, nixpkgs, home, nix-unstable, home-unstable, nix-index-database, ... } @ inputs:
+    let
+      mkNixosConfig = hostname: modules: nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        inherit modules;
+      };
 
-    # Nixos Configurations
+      mkHomeConfig = username: modules: home.lib.homeManagerConfiguration {
+        pkgs = import nixpkgs {
+          system = "x86_64-linux";
+        };
 
-    nixosConfigurations.randomctf = nixpkgs.lib.nixosSystem {
+        extraSpecialArgs = {
-      system = "x86_64-linux";
+          inherit inputs;
-      specialArgs = { inherit inputs; };
+          user = username;
-      modules = [
+        };
-        ./config/shared.nix
+
-        ./config/omen.nix
+        inherit modules;
-      ];
+      };
+
+      mkNixosUnstableConfig = hostname: modules: nix-unstable.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        inherit modules;
+      };
+
+      mkHomeUnstableConfig = username: modules: home-unstable.lib.homeManagerConfiguration {
+        pkgs = import nix-unstable {
+          system = "x86_64-linux";
+        };
+
+        extraSpecialArgs = {
+          inherit inputs;
+          user = username;
+        };
+
+        inherit modules;
+      };
+    in {
+
+      # Nixos Configurations
+      nixosConfigurations = {
+        randomctf = mkNixosUnstableConfig "randomctf" [ ./config/shared.nix ./config/omen.nix ];
+        r330-media = mkNixosConfig "r330-media" [ ./config/media.nix ];
+        sampledb-dev = mkNixosConfig "sampledb-dev" [ ./config/sampledb.nix ];
+        r330-logging = mkNixosConfig "r330-logging" [ ./config/logging.nix ];
+        mindforge = mkNixosConfig "mindforge" [ ./config/ai.nix ];
+      };
+
+      # Home-Manager Configurations
+      homeConfigurations = {
+        random = mkHomeUnstableConfig "random" [
+          ./home/headful-nixos.nix
+          ./home/modules/development.nix
+          ./home/modules/gui-apps.nix
+          ./home/modules/hacking.nix
+        ];
+
+        sampledb = mkHomeConfig "sampledb" [
+          ./home/headless-nixos.nix
+          ./home/modules/development.nix
+        ];
+
+        media = mkHomeConfig "media" [ ./home/headless-nixos.nix ];
+        logging = mkHomeConfig "logging" [ ./home/headless-nixos.nix ];
+        mindforge = mkHomeConfig "mindforge" [ ./home/headless-nixos.nix ];
+      };
     };
-
-    nixosConfigurations."r330-media" = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      specialArgs = { inherit inputs; };
-      modules = [
-        ./config/media.nix
-      ];
-    };
-
-    nixosConfigurations."sampledb-dev" = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      specialArgs = { inherit inputs; };
-      modules = [
-        ./config/sampledb.nix
-      ];
-    };
-
-    nixosConfigurations."r330-logging" = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      specialArgs = { inherit inputs; };
-      modules = [
-        ./config/logging.nix
-      ];
-    };
-
-    nixosConfigurations."mindforge" = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      specialArgs = { inherit inputs; };
-      modules = [
-        ./config/ai.nix
-      ];
-    };
-
-
-    # Home-Manager Configurations
-
-    homeConfigurations.random = home-manager.lib.homeManagerConfiguration {
-      pkgs = nixpkgs.legacyPackages."x86_64-linux";
-      extraSpecialArgs.user = "random";
-      modules = [
-        ./home/headful-nixos.nix
-      ];
-    };
-
-    homeConfigurations.media = home-manager.lib.homeManagerConfiguration {
-      pkgs = nixpkgs.legacyPackages."x86_64-linux";
-      extraSpecialArgs.user = "media";
-      modules = [
-        ./home/headless-nixos.nix
-      ];
-    };
-
-    homeConfigurations.sampledb = home-manager.lib.homeManagerConfiguration {
-      pkgs = nixpkgs.legacyPackages."x86_64-linux";
-      extraSpecialArgs.user = "sampledb";
-      modules = [
-        ./home/headless-nixos.nix
-      ];
-    };
-
-    homeConfigurations.logging = home-manager.lib.homeManagerConfiguration {
-      pkgs = nixpkgs.legacyPackages."x86_64-linux";
-      extraSpecialArgs.user = "logging";
-      modules = [
-        ./home/headless-nixos.nix
-      ];
-    };
-
-    homeConfigurations.mindforge = home-manager.lib.homeManagerConfiguration {
-      pkgs = nixpkgs.legacyPackages."x86_64-linux";
-      extraSpecialArgs.user = "mindforge";
-      modules = [
-        ./home/headless-nixos.nix
-      ];
-    };
-
-
-    # Darwin Configuration
-
-    darwinConfigurations."Jadens-MacBook-Air" = nix-darwin.lib.darwinSystem {
-      system = "aarch64-darwin";
-      specialArgs = { inherit inputs; };
-      modules = [
-        ./config/darwin.nix
-        home-manager.darwinModules.home-manager {
-          home-manager.useGlobalPkgs = true;
-          home-manager.useUserPackages = true;
-          home-manager.users.jadenmaxwell = import ./home/darwin.nix;
-        }
-      ];
-    };
-
-    homeConfigurations.jadenmaxwell = home-manager.lib.homeManagerConfiguration {
-      pkgs = nixpkgs.legacyPackages."aarch64-darwin";
-      modules = [
-        ./home/darwin.nix
-      ];
-    };
-  };
 }

hardware/logging.nix

@@ -14,16 +14,21 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/d8ec7c7e-ce95-432c-932d-663dc261c623";
+    { device = "/dev/disk/by-uuid/466b1e73-407e-48de-a2b8-f35f96bef1fd";
       fsType = "ext4";
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/1842-1672";
+    { device = "/dev/disk/by-uuid/0079-63AB";
       fsType = "vfat";
       options = [ "fmask=0022" "dmask=0022" ];
     };
 
+  fileSystems."/mnt/logs" = {
+    device = "/dev/disk/by-uuid/8e8ee0ad-8d74-486f-b33a-ed1294cb3a63";
+    fsType = "ext4";
+  };
+
   swapDevices = [ ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@@ -31,7 +36,7 @@
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
   networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp6s18.useDHCP = lib.mkDefault true;
+  #networking.interfaces.enp6s19.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }

hardware/media.nix

@@ -19,12 +19,12 @@
     };
 
   fileSystems."/mnt/media" =
-    { device = "/dev/disk/by-uuid/b579c911-e74c-4f03-b918-a4e5a6b764ab";
+    { device = "/dev/disk/by-uuid/e9df1e21-553e-43e2-bceb-8a5e274a95b7";
       fsType = "ext4";
     };
 
   fileSystems."/mnt/files" =
-    { device = "/dev/disk/by-uuid/f3a62e58-9556-47d7-b78b-3211f269f4ce";
+    { device = "/dev/disk/by-uuid/efc25f40-0cad-404b-8113-526ad5a30539";
       fsType = "ext4";
     };
 

hardware/omen.nix

@@ -19,16 +19,16 @@
   options snd-hda-intel model=dell-headset-multi
   '';
 
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-uuid/f4f207c5-08d5-4848-920c-76e99280b04c";
+    device = "/dev/disk/by-partlabel/root";
-      fsType = "ext4";
+    fsType = "ext4";
-    };
+  };
 
-  fileSystems."/boot" =
+  fileSystems."/boot" = {
-    { device = "/dev/disk/by-uuid/7F2D-4654";
+    device = "/dev/disk/by-partlabel/EFI";
-      fsType = "vfat";
+    fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
+    options = [ "fmask=0022" "dmask=0022" ];
-    };
+  };
 
   swapDevices = [ ];
 

hardware/sampledb.nix

@@ -13,16 +13,26 @@
   boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
+  fileSystems."/" = {
-    { device = "/dev/disk/by-uuid/8d1d0298-307f-4d9a-84f8-0434fafa0c55";
+    device = "/dev/disk/by-uuid/8d1d0298-307f-4d9a-84f8-0434fafa0c55";
-      fsType = "ext4";
+    fsType = "ext4";
-    };
+  };
 
-  fileSystems."/boot" =
+  fileSystems."/sampledb" = {
-    { device = "/dev/disk/by-uuid/4821-12F7";
+    device = "/dev/disk/by-uuid/7d70bfdb-510f-4f30-969f-d4ac59175719";
-      fsType = "vfat";
+    fsType = "ext4";
-      options = [ "fmask=0022" "dmask=0022" ];
+  };
-    };
+
+  fileSystems."/mnt/archive" = {
+    device = "/dev/disk/by-uuid/66103455-9fcd-4b5b-9735-37b85a51019d";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/4821-12F7";
+    fsType = "vfat";
+    options = [ "fmask=0022" "dmask=0022" ];
+  };
 
   swapDevices = [ ];
 

home/darwin.nix

@@ -1,21 +0,0 @@
-{ pkgs, ... }: {
-  home = {
-    username = "jadenmaxwell";
-    homeDirectory = "/Users/jadenmaxwell";
-  };
-
-  home.packages = with pkgs; [
-    gnupg
-  ];
-
-  imports = [
-    ./shared.nix
-    ./modules/sketchybar.nix
-    ./modules/aerospace.nix
-    ./modules/neovim.nix
-    ./modules/emacs.nix
-    ./modules/zsh.nix
-  ];
-
-  home.file.".config/ghostty/config".source = ../dotfiles/.config/ghostty/config;
-}

home/headful-nixos.nix

@@ -7,56 +7,21 @@
 
   imports = [
     ./shared.nix
-    ./modules/hacking.nix
+    ./modules/utils.nix
+    ./modules/networking.nix
     ./modules/neovim.nix
     ./modules/emacs.nix
-    ./modules/apps.nix
+    ./modules/tmux.nix
     ./modules/zsh.nix
   ];
 
-  home.packages = with pkgs; [
-    feh
-    ncdu
-    dconf
-    docker
-    barrier
-    firefox
-    flameshot
-    traceroute
-    pavucontrol
-    virt-viewer
-    bitwarden-cli
-    wireguard-tools
-    nextcloud-client
-    protonmail-desktop
-    nvtopPackages.full
-  ];
-
   services.emacs.enable = true;
 
-  dconf = {
+  home.packages = with pkgs; [
-    enable = true;
+    wireguard-tools
-    settings = {
+    rbw
-      "org/gnome/desktop/interface" = {
+    rofi-rbw-x11
-        color-scheme = "prefer-dark";
+  ];
-      };
-    };
-  };
-
-  gtk = {
-    enable = true;
-    theme = {
-      name = "Materia-dark";
-      package = pkgs.materia-theme;
-    };
-  };
-
-  programs.obs-studio = {
-    enable = true;
-    plugins = with pkgs.obs-studio-plugins; [
-      obs-backgroundremoval
-    ];
-  };
 
   home.file = {
     ".Xresources".source = ../dotfiles/.Xresources;
@@ -64,6 +29,7 @@
     ".scripts/autostart_desktop.sh".source = ../dotfiles/.scripts/autostart_desktop.sh;
     ".screenlayout/launch.sh".source = ../dotfiles/.screenlayout/launch.sh;
     ".screenlayout/wallpapers.sh".source = ../dotfiles/.screenlayout/wallpapers.sh;
+    ".screenlayout/polybar.sh".source = ../dotfiles/.screenlayout/polybar.sh;
     ".config/i3/config".source = ../dotfiles/.config/i3/config;
     ".config/rofi/config.rasi".source = ../dotfiles/.config/rofi/config.rasi;
     ".config/polybar/config.ini".source = ../dotfiles/.config/polybar/config.ini;

home/headless-nixos.nix

@@ -1,4 +1,4 @@
-{ pkgs, user, ... }: {
+{ user, ... }: {
 
   home = {
     username = "${user}";
@@ -7,13 +7,10 @@
 
   imports = [
     ./shared.nix
+    ./modules/utils.nix
+    ./modules/networking.nix
     ./modules/neovim.nix
+    ./modules/tmux.nix
     ./modules/zsh.nix
   ];
-
-  home.packages = with pkgs; [
-    ncdu
-    traceroute
-    nvtopPackages.full
-  ];
 }

home/modules/apps.nix

@@ -1,10 +0,0 @@
-{pkgs, ... }: {
-    home.packages = with pkgs; [
-      vlc
-      typora
-      zoom-us
-      discord
-      libreoffice
-      bitwarden-desktop
-    ];
-}

home/modules/development.nix

@@ -0,0 +1,24 @@
+{ home, pkgs, ... }: {
+  home.packages = with pkgs; [
+    # C/C++
+    clang
+    gnumake
+    clang-tools
+
+    # Rust
+    rustc
+    cargo
+    cargo-edit
+    cargo-flamegraph
+    rust-analyzer
+
+    # Other
+    python3
+    ansible
+  ];
+
+  # To prevent sysroot errors in rust-analyzer
+  home.sessionVariables = {
+    RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}";
+  };
+}

home/modules/emacs.nix

@@ -1,24 +1,25 @@
 { pkgs, ... }: {
   home.packages = with pkgs; [
     # Build deps
+    nodejs
     cmake
     libtool
 
     # Additional packages for functionality
-    isync
-    ispell
-    texliveFull
     mu
     zip
     unzip
+    isync
+    ispell
+    ledger
+    texliveFull
 
     # Fonts
-    maple-mono
+    maple-mono.truetype
 
     # LSP Servers
     nil
     ccls
-    rust-analyzer
     yaml-language-server
     python3Packages.python-lsp-server
     nodePackages.typescript-language-server
@@ -26,16 +27,9 @@
   ];
 
   programs = {
-    # For integration with shell.nix files
-    direnv = {
-      enable = true;
-      enableZshIntegration = true;
-      nix-direnv.enable = true;
-    };
-
     emacs = {
       enable = true;
-      package = pkgs.emacs29;
+      package = pkgs.emacs30;
       extraPackages = epkgs: with epkgs; [
         mu4e
         vterm
@@ -44,15 +38,4 @@
       ];
     };
   };
-
-  home.file = {
-    ".emacs".source = ../../dotfiles/.emacs;
-    ".emacs.d/config.org".source = ../../dotfiles/.emacs.d/config.org;
-    ".emacs.d/terminal.org".source = ../../dotfiles/.emacs.d/terminal.org;
-    ".emacs.d/functions.org".source = ../../dotfiles/.emacs.d/functions.org;
-    ".emacs.d/email.org".source = ../../dotfiles/.emacs.d/email.org;
-    ".emacs.d/org.org".source = ../../dotfiles/.emacs.d/org.org;
-    ".emacs.d/lsp.org".source = ../../dotfiles/.emacs.d/lsp.org;
-    ".mbsyncrc".source = ../../dotfiles/.mbsyncrc;
-  };
 }

home/modules/gui-apps.nix

@@ -0,0 +1,57 @@
+{pkgs, ... }: {
+  home.packages = with pkgs; [
+    feh
+    vlc
+    dconf
+    brave
+    vesktop
+    zoom-us
+    twinkle
+    audacity
+    flameshot
+    libreoffice
+    pavucontrol
+    easyeffects
+    virt-viewer
+    nextcloud-client
+    protonmail-desktop
+    kdePackages.okular
+  ];
+
+  programs.obs-studio = {
+    enable = true;
+    plugins = with pkgs.obs-studio-plugins; [
+      obs-backgroundremoval
+    ];
+  };
+
+  dconf = {
+    enable = true;
+    settings = {
+      "org/gnome/desktop/interface" = {
+        color-scheme = "prefer-dark";
+      };
+    };
+  };
+
+  gtk = {
+    enable = true;
+    theme = {
+      name = "Materia-dark";
+      package = pkgs.materia-theme;
+    };
+  };
+
+  xdg.mimeApps = {
+    enable = true;
+    defaultApplications = {
+      "text/html" = "brave.desktop";
+      "x-scheme-handler/http" = "brave-browser.desktop";
+      "x-scheme-handler/https" = "brave-browser.desktop";
+      "x-scheme-handler/about" = "brave-browser.desktop";
+      "x-scheme-handler/unknown" = "brave-browser.desktop";
+      "application/pdf" = "okularApplication_pdf.desktop";
+      "text/plain" = "emacsclient.desktop";
+    };
+  };
+}

home/modules/hacking.nix

@@ -1,42 +1,51 @@
 { lib, config, pkgs, ... }: {
   # Hacking specific packages.
-  home.packages = (with pkgs; [
+  home.packages = with pkgs; [
-    gdb
+    # Utilities
-    yara
+    imhex
+    rlwrap
+    openssl
+    inetutils
+
+    # Enumeration
     nmap
-    john
     ffuf
     amass
+    rustscan
+    thc-hydra
+    burpsuite
+    feroxbuster
+
+    # Vulnerability Scanning
     nikto
     nuclei
-    rlwrap
-    sqlmap
     wpscan
-    ghidra
+    sqlmap
-    pwndbg
-    strace
-    strace
-    openssl
-    remmina
-    netexec
-    pwntools
-    openldap
-    rustscan
-    inetutils
-    wireshark
-    thc-hydra
     exploitdb
+
+    # Windows Exploitation
+    samba
+    remmina
+    openldap
     responder
-    burpsuite
     evil-winrm
     cifs-utils
-    feroxbuster
+
+    # Reverse Engineering
+    gdb
+    yara
+    strace
+    ghidra
+    exiftool
+    pwntools
+    flare-floss
+
+    # Wordlists
     (wordlists.override {
       lists = with pkgs; [
         rockyou
         seclists
       ];
     })
-  ]);
+  ];
-
 }

home/modules/networking.nix

@@ -0,0 +1,14 @@
+
+{ pkgs, ... }: {
+  home.packages = with pkgs; [
+    # Network tools
+    dig
+    iftop
+    iperf
+    tcpdump
+    ethtool
+    wireshark
+    traceroute
+  ];
+}
+

home/modules/tmux.nix

@@ -0,0 +1,9 @@
+{ pkgs, lib, config, ... }: let
+  mypkgs = import ../../packages/all-packages.nix { inherit pkgs lib config; };
+in {
+  home.packages = with pkgs; [ tmux ];
+  home.file = {
+    ".tmux/plugins/tpm".source = "${mypkgs.tpm}";
+    ".tmux.conf".source = ../../dotfiles/.tmux.conf;
+  };
+}

home/modules/utils.nix

@@ -0,0 +1,52 @@
+{ pkgs, inputs, ... }: {
+  home.packages = with pkgs; [
+    # Nix specific utilities
+    manix
+    direnv
+    rippkgs
+    nix-tree
+    nix-init
+    patchelf
+
+    # Utilities
+    jq
+    yq
+    bc
+    duf
+    cava
+    ncdu
+    file
+    dysk
+    wget
+    curl
+    btop
+    dive
+    dust
+    timer
+    p7zip
+    yt-dlp
+    ffmpeg
+    sshpass
+    httrack
+    ripgrep
+    openvpn
+    xclicker
+    pciutils
+    fastfetch
+    nvtopPackages.full
+
+    # Encryption Tools
+    #age
+    #cryfs
+  ];
+
+  programs.direnv = {
+    enable = true;
+    enableZshIntegration = true;
+    nix-direnv.enable = true;
+  };
+
+  # Install comma
+  imports = [ inputs.nix-index-database.homeModules.nix-index ];
+  programs.nix-index-database.comma.enable = true;
+}

home/modules/zsh.nix

@@ -4,74 +4,99 @@
     meslo-lgs-nf
   ];
 
-  programs.zsh = {
+  programs = {
-    enable = true;
+    zoxide.enable = true;
-    enableCompletion = true;
+    eza.enable = true;
-    autosuggestion.enable = true;
+    tealdeer = {
-    syntaxHighlighting.enable = true;
-    history.size = 100000000;
-
-    shellAliases = {
-      cd = "z";
-      ls = "eza";
-      awkuniq = "sort | uniq";
-      histogram = "awkuniq -c | sort -nr";
-      json-less = "jq -C . | less -R";
-      csv2json = "python -c 'import csv, json, sys; print(json.dumps([dict(r) for r in csv.DictReader(sys.stdin)]))'";
-
-      # Server user/address aliases
-      r330-idrac = "bw-ssh iDRAC root@192.168.100.11 racadm";
-      r730xd-idrac = "bw-ssh iDRAC root@192.168.100.12 racadm";
-      ideapad = "ssh root@192.168.100.20";
-      r330-proxmox = "ssh root@192.168.100.21";
-      r730xd-proxmox = "ssh root@192.168.100.22";
-      r330-media = "ssh media@192.168.100.40";
-      sampledb-dev = "ssh sampledb@192.168.100.42";
-
-      # Nix Specific aliases
-      update-darwin = "darwin-rebuild switch --flake ~/dotfiles";
-      update-config = "sudo nixos-rebuild switch --flake ~/dotfiles";
-      update-home = "home-manager switch --flake ~/dotfiles";
-      update-all = "update-config && update-home";
-    };
-
-    initExtraBeforeCompInit = ''
-    [[ $TERM == "dumb" ]] && unsetopt zle && PS1='$ ' && return
-    '';
-
-    initExtra = ''
-    export PATH=$PATH:~/.cargo/bin
-    function ..      { cd .. }
-    function ...     { cd ../.. }
-    function ....    { cd ../../.. }
-    function .....   { cd ../../../../.. }
-    function ......  { cd ../../../../../.. }
-    function ....... { cd ../../../../../../.. }
-
-    if [[ "$(uname)" == "Darwin" ]]; then
-        source <(/opt/homebrew/bin/brew shellenv)
-    fi
-    '';
-
-    plugins = [
-      {
-        name = "custom-functions";
-        src = ../../dotfiles;
-        file = ".functions.zsh";
-      }
-      {
-        name = "powerlevel10k-config";
-        src = ../../dotfiles;
-        file = ".p10k.zsh";
-      }
-    ];
-
-    zplug = {
       enable = true;
-      plugins = [
+      settings = {
-        { name = "romkatv/powerlevel10k"; tags = [ as:theme depth:1 ]; }
+        updates.auto_update = true;
-      ];
+      };
     };
+    atuin = {
+      enable = true;
+      enableZshIntegration = true;
+      settings = {
+          enter_accept = false;
+          filter_mode = "host";
+          filter_mode_shell_up_key_binding = "session";
+      };
+    };
+    zsh = {
+      enable = true;
+      enableCompletion = true;
+      autosuggestion.enable = true;
+      syntaxHighlighting.enable = true;
+      history.size = 100000000;
 
+      shellAliases = {
+        cd = "z";
+        ls = "eza";
+        mvi = "mv -t ~/Nextcloud/INBOX";
+        sdb = "sdb-client";
+        open = "xdg-open";
+        reload = "source ~/.zshrc";
+        histogram = "awkuniq -c | sort -nr";
+        start-day = "emacsclient -c -n -e '(jm/org-roam-capture-today)'";
+        json-less = "jq -C . | less -R";
+        csv2json = "python -c 'import csv, json, sys; print(json.dumps([dict(r) for r in csv.DictReader(sys.stdin)]))'";
+
+        # Server user/address aliases
+        r330-idrac = "bw-ssh iDRAC root@192.168.100.11 racadm";
+        r730xd-idrac = "bw-ssh iDRAC root@192.168.100.12 racadm";
+        ideapad = "ssh root@192.168.100.20";
+        r330-proxmox = "ssh root@192.168.100.21";
+        r730xd-proxmox = "ssh root@192.168.100.22";
+        r330-media = "ssh media@192.168.100.40";
+        r330-logging = "ssh logging@192.168.100.41";
+        sampledb-dev = "ssh sampledb@192.168.100.42";
+        mindforge = "ssh mindforge@mindforge.randomctf.local";
+
+        # Nix Specific aliases
+        update-config = "sudo nixos-rebuild switch --flake ~/dotfiles";
+        update-home = "home-manager switch --flake ~/dotfiles";
+        update-all = "update-config && update-home";
+      };
+
+      initContent = ''
+      export PATH=$PATH:~/.cargo/bin
+      function ..      { cd .. }
+      function ...     { cd ../.. }
+      function ....    { cd ../../.. }
+      function .....   { cd ../../../../.. }
+      function ......  { cd ../../../../../.. }
+      function ....... { cd ../../../../../../.. }
+
+      if [[ -n "$SSH_CONNECTION" && "$TERM" == "ghostty" ]]; then
+          export TERM="xterm-256color"
+      fi
+
+      source ~/dotfiles/bash-scripts/aliases.sh
+      '';
+
+      plugins = [
+        {
+          name = "custom-functions";
+          src = ../../dotfiles;
+          file = ".functions.zsh";
+        }
+        {
+          name = "powerlevel10k-config";
+          src = ../../dotfiles;
+          file = ".p10k.zsh";
+        }
+      ];
+
+      zplug = {
+        enable = true;
+        plugins = [
+          { name = "romkatv/powerlevel10k"; tags = [ as:theme depth:1 ]; }
+        ];
+      };
+    };
+  };
+
+  home.file = {
+      ".functions.zsh".source = ../../dotfiles/.functions.zsh;
   };
 }

home/shared.nix

@@ -1,66 +1,22 @@
-{ lib, config, pkgs, ... }:
+{ options, ... }: {
-let
-  mypkgs = import ../packages/all-packages.nix {
-    inherit pkgs lib config;
-  };
-in {
 
   nixpkgs.config.allowUnfree = true;
   fonts.fontconfig.enable = true;
 
-  home.packages = with pkgs; [
-    # Nix specific utilities
-    manix
-    nix-tree
-
-    # Utilities
-    jq
-    bc
-    file
-    wget
-    curl
-    tmux
-    btop
-    iftop
-    p7zip
-    sshpass
-    ripgrep
-    openvpn
-    pciutils
-    fastfetch
-
-    # Network tools
-    dig
-    iperf
-    tcpdump
-
-    # Dev tools
-    clang
-    clang-tools
-    cargo
-    python3
-    gnumake
-    ansible
-  ];
-
   programs = {
     home-manager.enable = true;
-    zoxide.enable = true;
+    git = if builtins.hasAttr "settings" options.programs.git then {
-    eza.enable = true;
+      enable = true;
-    fzf.enable = true;
+      settings.user = {
-
+        name = "Random936";
-    git = {
+        email = "randomdude936@gmail.com";
+      };
+    } else {
       enable = true;
       userName = "Random936";
       userEmail = "randomdude936@gmail.com";
     };
   };
 
-  home.file = {
+  home.stateVersion = "25.05";
-    ".functions.zsh".source = ../dotfiles/.functions.zsh;
-    ".tmux/plugins/tpm".source = "${mypkgs.tpm}";
-    ".tmux.conf".source = ../dotfiles/.tmux.conf;
-  };
-
-  home.stateVersion = "24.05";
 }

packages/all-packages.nix

@@ -1,3 +1,4 @@
 { pkgs, lib, config, ... }: rec {
   tpm = pkgs.callPackage ./tpm {};
+  binaryninja = pkgs.callPackage ./binaryninja {};
 }

packages/binaryninja/default.nix

@@ -0,0 +1,99 @@
+{
+  autoPatchelfHook,
+  copyDesktopItems,
+  dbus,
+  fetchurl,
+  fontconfig,
+  freetype,
+  lib,
+  libGLU,
+  libxkbcommon,
+  makeDesktopItem,
+  stdenv,
+  unzip,
+  wayland,
+  xcbutilimage,
+  xcbutilkeysyms,
+  xcbutilrenderutil,
+  xcbutilwm,
+  openssl,
+  qt6,
+}:
+stdenv.mkDerivation rec {
+  pname = "binaryninja";
+  version = "5.1.8104";
+
+  src = ./binaryninja_linux_stable_personal.zip;
+
+  icon = fetchurl {
+    url = "https://raw.githubusercontent.com/Vector35/binaryninja-api/448f40be71dffa86a6581c3696627ccc1bdf74f2/docs/img/logo.png";
+    hash = "sha256-TzGAAefTknnOBj70IHe64D6VwRKqIDpL4+o9kTw0Mn4=";
+  };
+
+  desktopItems = [
+    (makeDesktopItem {
+      name = "com.vector35.binaryninja";
+      desktopName = "Binary Ninja Personal";
+      comment = "A Reverse Engineering Platform";
+      exec = "binaryninja";
+      icon = "binaryninja";
+      mimeTypes = [
+        "application/x-binaryninja"
+        "x-scheme-handler/binaryninja"
+      ];
+      categories = [ "Utility" ];
+    })
+  ];
+
+  nativeBuildInputs = [
+    unzip
+    autoPatchelfHook
+    copyDesktopItems
+    qt6.wrapQtAppsHook
+  ];
+
+  buildInputs = [
+    dbus
+    fontconfig
+    freetype
+    libGLU
+    libxkbcommon
+    stdenv.cc.cc.lib
+    wayland
+    xcbutilimage
+    xcbutilkeysyms
+    xcbutilrenderutil
+    xcbutilwm
+    openssl
+    qt6.qtbase
+    qt6.qtdeclarative
+    qt6.qtshadertools
+    qt6.qtsvg
+  ];
+
+  installPhase = ''
+    runHook preInstall
+    mkdir -p $out/
+    cp -R . $out/
+
+    mkdir $out/bin
+    ln -s $out/binaryninja $out/bin/binaryninja
+
+    install -Dm644 ${icon} $out/share/icons/hicolor/256x256/apps/binaryninja.png
+
+    runHook postInstall
+  '';
+
+  meta = {
+    changelog = "https://binary.ninja/changelog/#${lib.replaceStrings [ "." ] [ "-" ] version}";
+    description = "Interactive decompiler, disassembler, debugger";
+    homepage = "https://binary.ninja/";
+    license = {
+      fullName = "Binary Ninja Personal Software License";
+      url = "https://docs.binary.ninja/about/license.html#non-commercial-student-license-named";
+      free = false;
+    };
+    mainProgram = "binaryninja";
+    platforms = [ "x86_64-linux" ];
+  };
+}