Add Copilot instructions, update flake.lock, and enhance Nix configurations

- Introduced Copilot instructions for better project understanding.
- Updated flake.lock with new dependency revisions and hashes.
- Modified zen.nix to include tracking protection and native messaging hosts.
- Added godot.nix for Godot language support in VSCode.
- Enhanced kde.nix with additional system packages and session variables.
- Created thunderbolt.nix to enable Thunderbolt services.
- Updated Bellerophon default.nix to include thunderbolt.nix.
- Adjusted hardware-configuration.nix to include new kernel modules and parameters.

.github/copilot-instructions.md

@@ -0,0 +1,43 @@
+# Copilot Instructions for EmergentMind's Nix-Config
+
+## Project Overview
+- This is a modular, flake-based NixOS configuration system, designed for multi-host, multi-user, and reproducible setups.
+- Major directories:
+  - `hosts/`: Per-host NixOS configs (e.g., `hosts/nixos/Bellerophon/`).
+  - `home/`: Per-user Home Manager configs.
+  - `modules/`: Reusable NixOS and Home Manager modules, auto-imported via `lib.custom.scanPaths`.
+  - `overlays/`, `pkgs/`: Custom packages and overlays.
+  - `nixos-installer/`: Standalone flake for bootstrapping new hosts, with its own README and workflows.
+  - `docs/`: Project documentation, including secrets management.
+  - `scripts/`: Helper scripts for bootstrap, rebuild, sops, etc.
+
+## Key Patterns & Conventions
+- **Imports**: Use `lib.custom.relativeToRoot` and `lib.custom.scanPaths` for DRY, recursive module imports.
+- **Host/Module Structure**: Each host and user has a directory with a `default.nix` as entrypoint. Common/optional configs are split for clarity.
+- **Disk Layout**: Disk setup is handled by `disko` modules, with per-host overrides for device and swap.
+- **Secrets**: Secrets are managed via a private `nix-secrets` repo and sops-nix. See `docs/secretsmgmt.md` and `nixos-installer/README.md` for details.
+- **VSCode/Language Support**: Language-specific VSCode configs live in `home/panotaka/common/optional/coding/vscode/languages/` and are imported via the main VSCode module.
+
+## Developer Workflows
+- **Build & Rebuild**: Use `just rebuild` (runs pre/post hooks, see `justfile`). For full checks: `just rebuild-full` or `just check`.
+- **ISO Generation**: `just iso` builds a custom NixOS installer ISO.
+- **Secrets**: Use `just rekey`, `just sops-add-creation-rules`, and related commands for sops/age key management.
+- **Sync/Deploy**: Use `just sync` and `just build-host` for remote deployment.
+- **Testing**: Tests live in `tests/` and use `bats`.
+
+## Integration Points
+- **External**: Relies on `nix-secrets` (private), sops-nix, disko, stylix, nix4vscode, and nixos-hardware modules.
+- **Cross-Component**: Host configs import common modules and optional features via mapped imports. Home Manager and NixOS modules are kept separate but coordinated.
+
+## Examples
+- To add a new host: copy an existing host dir in `hosts/nixos/`, update disk and user settings, and add secrets as per `nixos-installer/README.md`.
+- To add a new language to VSCode: add a `.nix` file to `vscode/languages/` and import it in the main VSCode module.
+- To update secrets: run `just rekey` and follow the documented workflow.
+
+## References
+- See `README.md`, `nixos-installer/README.md`, and `docs/secretsmgmt.md` for deep dives on architecture and workflows.
+- For module patterns, see `modules/` and `hosts/common/core/`.
+
+---
+
+If you are unsure about a workflow or pattern, check the referenced docs or ask for clarification in your PR.

flake.lock

@@ -108,11 +108,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1753960904,
+        "lastModified": 1754418859,
-        "narHash": "sha256-TmE3Js0sfe6k+QHxfSjlHUvGsZA1ULTHhdS/QRub7CY=",
+        "narHash": "sha256-6fnM9o5RIG3OtuBF0yhQMECtqzc5pXAc1uSkVaffy58=",
         "owner": "cachix",
         "repo": "devenv",
-        "rev": "820d57bd5494201af2205bf84b231cce1190471c",
+        "rev": "e13cd53579f6a0f441ac09230178dccb3008dd36",
         "type": "github"
       },
       "original": {
@@ -176,11 +176,11 @@
     "flake-compat_2": {
       "flake": false,
       "locked": {
-        "lastModified": 1696426674,
+        "lastModified": 1747046372,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
         "type": "github"
       },
       "original": {
@@ -336,11 +336,11 @@
     },
     "hardware": {
       "locked": {
-        "lastModified": 1753122741,
+        "lastModified": 1754316476,
-        "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=",
+        "narHash": "sha256-Ry1gd1BQrNVJJfT11cpVP0FY8XFMx4DJV2IDp01CH9w=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22",
+        "rev": "9368056b73efb46eb14fd4667b99e0f81b805f28",
         "type": "github"
       },
       "original": {
@@ -435,11 +435,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1753928075,
+        "lastModified": 1754446571,
-        "narHash": "sha256-GiYailXbRD+Mb42lC6ExUIbut6D+bK1rKp6WPR7No3o=",
+        "narHash": "sha256-f+Shs8gU0AhN3Q0N1dycqossDqUGQWVaR65ILFo9hNY=",
         "owner": "nix-community",
         "repo": "nix4vscode",
-        "rev": "2eb803b3f2ef728a509559c7512b961f546cd077",
+        "rev": "b6ee5ce110217325d059222e87e471577effbc3c",
         "type": "github"
       },
       "original": {
@@ -450,11 +450,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1753122741,
+        "lastModified": 1754316476,
-        "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=",
+        "narHash": "sha256-Ry1gd1BQrNVJJfT11cpVP0FY8XFMx4DJV2IDp01CH9w=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22",
+        "rev": "9368056b73efb46eb14fd4667b99e0f81b805f28",
         "type": "github"
       },
       "original": {
@@ -514,11 +514,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1753694789,
+        "lastModified": 1754214453,
-        "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
+        "narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
+        "rev": "5b09dc45f24cf32316283e62aec81ffee3c3e376",
         "type": "github"
       },
       "original": {
@@ -530,11 +530,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1753749649,
+        "lastModified": 1754292888,
-        "narHash": "sha256-+jkEZxs7bfOKfBIk430K+tK9IvXlwzqQQnppC2ZKFj4=",
+        "narHash": "sha256-1ziydHSiDuSnaiPzCQh1mRFBsM2d2yRX9I+5OPGEmIE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1f08a4df998e21f4e8be8fb6fbf61d11a1a5076a",
+        "rev": "ce01daebf8489ba97bd1609d185ea276efdeb121",
         "type": "github"
       },
       "original": {
@@ -579,11 +579,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750779888,
+        "lastModified": 1754416808,
-        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
+        "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
+        "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864",
         "type": "github"
       },
       "original": {
@@ -631,11 +631,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1753921619,
+        "lastModified": 1753979771,
-        "narHash": "sha256-XAXQZYm/Cyj2PYER+N6K0YlkZsBF5sPpYoylQLLE6d0=",
+        "narHash": "sha256-MdMdQymbivEWWkC5HqeLYtP8FYu0SqiSpiRlyw9Fm3Y=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "3e500983c46d88ab36aa2f971bca13cba966a011",
+        "rev": "5b81b0c4fbab3517b39d63f493760d33287150ad",
         "type": "github"
       },
       "original": {
@@ -789,11 +789,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753933355,
+        "lastModified": 1754458246,
-        "narHash": "sha256-4QxMcKS6oc+cG8efwwAin4M+YOokBak1dVS8u5P3b5M=",
+        "narHash": "sha256-6fvYurXcdg+AC7IBoLEgRIU3GXMaAaVwnteKk9OKBBM=",
         "owner": "0xc000022070",
         "repo": "zen-browser-flake",
-        "rev": "fa795a139a8c92b140bc21f11f61da1c97ad5b1d",
+        "rev": "f806c5bfd831b8f9333b31f45b85b711025ba3de",
         "type": "github"
       },
       "original": {

home/panotaka/common/optional/browsers/zen.nix

@@ -1,9 +1,13 @@
-{inputs, ...}: {
+{
+  inputs,
+  pkgs,
+  ...
+}: {
   # home.nix
   imports = [
     inputs.zen-browser.homeModules.beta
-    # or inputs.zen-browser.homeModules.twilight
+    # inputs.zen-browser.homeModules.twilight
-    # or inputs.zen-browser.homeModules.twilight-official
+    # inputs.zen-browser.homeModules.twilight-official
   ];
 
   programs.zen-browser = {
@@ -19,6 +23,13 @@
       DontCheckDefaultBrowser = true;
       NoDefaultBookmarks = true;
       OfferToSaveLogins = false;
+      EnableTrackingProtection = {
+        Value = true;
+        Locked = true;
+        Cryptomining = true;
+        Fingerprinting = true;
+      };
     };
+    nativeMessagingHosts = [pkgs.firefoxpwa];
   };
 }

home/panotaka/common/optional/coding/vscode/languages/godot.nix

@@ -0,0 +1,16 @@
+{pkgs, ...}: {
+  programs.vscode = {
+    extensions = pkgs.nix4vscode.forVscode [
+      # Godot language support
+      "geequlim.godot-tools"
+    ];
+    userSettings = {
+      # Add Godot-specific settings here
+    };
+  };
+
+  # Additional packages for Godot development
+  home.packages = with pkgs; [
+    godot
+  ];
+}

hosts/common/optional/kde.nix

@@ -1,5 +1,7 @@
-{
+{pkgs, ...}: {
   services.desktopManager.plasma6.enable = true;
   environment.sessionVariables.GTK_USE_PORTAL = "1";
   environment.sessionVariables.NIXOS_OZONE_WL = "1";
+  environment.sessionVariables.KWIN_DRM_PREFER_COLOR_DEPTH = "24";
+  environment.systemPackages = with pkgs.kdePackages; [plasma-thunderbolt sddm-kcm];
 }

hosts/common/optional/thunderbolt.nix

@@ -0,0 +1,8 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  services.hardware.bolt.enable = true;
+}

hosts/nixos/Bellerophon/default.nix

@@ -69,6 +69,7 @@
       # The following are for example sake only and are not necessarily required.
       #"hosts/common/optional/services/openssh.nix" # allow remote SSH access
       "hosts/common/optional/services/bluetooth.nix"
+      "hosts/common/optional/thunderbolt.nix"
       "hosts/common/optional/services/ollama.nix"
       "hosts/common/optional/services/docker.nix"
       "hosts/common/optional/services/tailscale.nix"

hosts/nixos/Bellerophon/hardware-configuration.nix

@@ -14,7 +14,8 @@
 
   boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "vmd" "nvme" "usbhid"];
   boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
+  boot.kernelModules = ["kvm-intel" "evdi"];
+  boot.kernelParams = ["i915.enable_psr=0"];
   boot.kernelPatches = [
     /*
        {
@@ -39,9 +40,9 @@
     sof-firmware
 
     #rotation stuff
-    pkgs.gnome-monitor-config
+    gnome-monitor-config
-    pkgs.usbutils
+    usbutils
-    pkgs.inotify-tools
+    inotify-tools
-    pkgs.kdePackages.libkscreen
+    kdePackages.libkscreen
   ];
 }