13 files changed, 1646 insertions, 0 deletions

diff --git a/files/CACerts/RyanCA.crt b/files/CACerts/RyanCA.crt
new file mode 100644
index 0000000..7fa09c1
--- /dev/null
+++ b/files/CACerts/RyanCA.crt
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBmDCCAT2gAwIBAgIQIq6m5IB0yZ1181RHpL6jyjAKBggqhkjOPQQDAjAqMQ8w
+DQYDVQQKEwZSeWFuQ0ExFzAVBgNVBAMTDlJ5YW5DQSBSb290IENBMB4XDTIyMTAx
+OTIzMjIxNFoXDTMyMTAxNjIzMjIxNFowKjEPMA0GA1UEChMGUnlhbkNBMRcwFQYD
+VQQDEw5SeWFuQ0EgUm9vdCBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAhR
+Z3X7MTDDzvPAuW9JM8Rn4MU283Y3Wa2a1RiyTxo2XGlEB8HPgfL7MwRccUlCiABl
+zPHkaYUvrjJrq7PjsuejRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG
+AQH/AgEBMB0GA1UdDgQWBBS4/S97d94NQoK+G+Lh9T76LVCxXDAKBggqhkjOPQQD
+AgNJADBGAiEA5WVKjNUN1x4+X17XnD+H5QKLgs+M/mFfyk3yPY1aMtoCIQCnGAu9
+wrKUglPbAPcQ1Qs47qeBubJu5um1v+mi0+MGPg==
+-----END CERTIFICATE-----
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..8905305
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,296 @@
+{
+  "nodes": {
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1781242433,
+        "narHash": "sha256-bchLZZ3sRn740zyvD2icZSnNoTaanN0nw7l6fjVXO+E=",
+        "owner": "nix-darwin",
+        "repo": "nix-darwin",
+        "rev": "aabb2037edfc0f210723b72cd5f528aab5dd3f0b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-darwin",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
+    "determinate": {
+      "inputs": {
+        "determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin",
+        "determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux",
+        "determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux",
+        "nix": "nix",
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1780941588,
+        "narHash": "sha256-cXxaBtTSYEYVtSxw4IH0hPa+p+VFxS0i+66GwxVFk7o=",
+        "rev": "70c28bcdd4dde10d04f39e7accb5738a1f5d5298",
+        "revCount": 421,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.21.1/019ea867-5568-7d03-9579-e943ed6d4cef/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/DeterminateSystems/determinate/3"
+      }
+    },
+    "determinate-nixd-aarch64-darwin": {
+      "flake": false,
+      "locked": {
+        "narHash": "sha256-ctwRrPKWBSFkTqlCHRGz6MHBSWRkbSAEVGoelsxdr2g=",
+        "type": "file",
+        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.21.1/macOS"
+      },
+      "original": {
+        "type": "file",
+        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.21.1/macOS"
+      }
+    },
+    "determinate-nixd-aarch64-linux": {
+      "flake": false,
+      "locked": {
+        "narHash": "sha256-qYFrMN6lSMRYV87D/uK5L2CUBvOpoLZAAfSYXvcp9cc=",
+        "type": "file",
+        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.21.1/aarch64-linux"
+      },
+      "original": {
+        "type": "file",
+        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.21.1/aarch64-linux"
+      }
+    },
+    "determinate-nixd-x86_64-linux": {
+      "flake": false,
+      "locked": {
+        "narHash": "sha256-BxzPf6fT1ekyvD5JA0vvDJOTPtIyjrzVg3Puuo0ftbg=",
+        "type": "file",
+        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.21.1/x86_64-linux"
+      },
+      "original": {
+        "type": "file",
+        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.21.1/x86_64-linux"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "determinate",
+          "nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1748821116,
+        "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=",
+        "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1",
+        "revCount": 377,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1"
+      }
+    },
+    "git-hooks-nix": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "gitignore": [
+          "determinate",
+          "nix"
+        ],
+        "nixpkgs": [
+          "determinate",
+          "nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1747372754,
+        "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
+        "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
+        "revCount": 1026,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1781189114,
+        "narHash": "sha256-5inaamLgUMWy+MOBE9ChF9QAF1o/74LFuHkI0W/9rqc=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "486595d2cf49cfcd649b58a284fa11ac0e34da22",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nix": {
+      "inputs": {
+        "flake-parts": "flake-parts",
+        "git-hooks-nix": "git-hooks-nix",
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-23-11": "nixpkgs-23-11",
+        "nixpkgs-regression": "nixpkgs-regression"
+      },
+      "locked": {
+        "lastModified": 1780939209,
+        "narHash": "sha256-/JuW5C6sWuC836Y9b7hga3ZvhRiY4k4Zs73RRg5KVWM=",
+        "rev": "952beffe9c45ed245d30209d4f17cf1d26654a2a",
+        "revCount": 26044,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.21.1/019ea860-2acd-7680-ae61-10f9574b2694/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1773222311,
+        "narHash": "sha256-BHoB/XpbqoZkVYZCfXJXfkR+GXFqwb/4zbWnOr2cRcU=",
+        "rev": "0590cd39f728e129122770c029970378a79d076a",
+        "revCount": 909248,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2511.909248%2Brev-0590cd39f728e129122770c029970378a79d076a/019ce32b-8ace-7339-b129-cceaa8dd10c6/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2511"
+      }
+    },
+    "nixpkgs-23-11": {
+      "locked": {
+        "lastModified": 1717159533,
+        "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
+        "type": "github"
+      }
+    },
+    "nixpkgs-regression": {
+      "locked": {
+        "lastModified": 1643052045,
+        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1780336545,
+        "narHash": "sha256-vhVhuXzFrIOfcssC/9hDHx7MHzDKjF3keHuREOQqQiQ=",
+        "rev": "4df1b885d76a54e1aa1a318f8d16fd6005b6401f",
+        "revCount": 1008784,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.1008784%2Brev-4df1b885d76a54e1aa1a318f8d16fd6005b6401f/019e8725-c925-7ec1-8f35-3f9effcf169a/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1781229721,
+        "narHash": "sha256-ORvqDbb/LYxiJljGIejapjkc/kJbVote2N1WSb9W45I=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "173d0ad7a974f8543a9ab01d2271b2e290341b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "darwin": "darwin",
+        "determinate": "determinate",
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs_3",
+        "zen-browser": "zen-browser"
+      }
+    },
+    "zen-browser": {
+      "inputs": {
+        "home-manager": [
+          "home-manager"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1781426426,
+        "narHash": "sha256-yzxJMNgv/sLishhCT9G2lm7W9CjHSlXWkfbWC7vfjqc=",
+        "owner": "0xc000022070",
+        "repo": "zen-browser-flake",
+        "rev": "df336067c1a8af3bfce3f0b88b66dc1c57411b4e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "0xc000022070",
+        "repo": "zen-browser-flake",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..71006ec
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,45 @@
+{
+  description = "Example nix-darwin system flake";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+    darwin = {
+      url = "github:nix-darwin/nix-darwin/master";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/3";
+    zen-browser = { # Used exclusively for HM module, Zen is installed via cask
+      url = "github:0xc000022070/zen-browser-flake";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        home-manager.follows = "home-manager";
+      };
+    };
+  };
+
+  outputs = { nixpkgs, home-manager, ... }@inputs: {
+    darwinConfigurations."RyanMac" = inputs.darwin.lib.darwinSystem {
+      system = "aarch64-darwin";
+      specialArgs = { inherit inputs; };
+      modules = [
+        inputs.determinate.darwinModules.default
+        ./hosts/RyanMac/configuration.nix
+        home-manager.darwinModules.home-manager
+        {
+          home-manager.useGlobalPkgs = true;
+          home-manager.useUserPackages = true;
+          home-manager.users.ryan = {
+            imports = [
+              inputs.zen-browser.homeModules.beta
+              ./users/ryan/home.nix
+            ];
+          };
+        }
+      ];
+    };
+  };
+}
diff --git a/hosts/RyanMac/configuration.nix b/hosts/RyanMac/configuration.nix
new file mode 100644
index 0000000..572c534
--- /dev/null
+++ b/hosts/RyanMac/configuration.nix
@@ -0,0 +1,212 @@
+{ pkgs, inputs, ... }:
+let
+  username = "ryan";
+
+  defaultBrowser = "zen";
+
+  pinnedNixpkgs = pkgs.writeText "flake-registry.json" (builtins.toJSON {
+    version = 2;
+    flakes = [
+      {
+        from = { type = "indirect"; id = "nixpkgs"; };
+        to = {
+          type = "path";
+          path = inputs.nixpkgs.outPath;
+          lastModified = inputs.nixpkgs.lastModified;
+          narHash = inputs.nixpkgs.narHash;
+        };
+      }
+    ];
+  });
+
+in {
+  # Define the system's user and home dir location
+  users.users."${username}" = {
+    name = "${username}";
+    home = "/Users/${username}";
+  };
+
+  system.primaryUser = "${username}";
+
+  # Install the /etc/nix/flake-registry.json file we made above
+  environment.etc."nix/flake-registry.json".source = pinnedNixpkgs;
+
+  # Install RyanCA Root
+  security.pki.certificateFiles = [
+    ../../files/CACerts/RyanCA.crt
+  ];
+
+  # Need to disable native nix handling because of Determinate nix
+  determinateNix = {
+    enable = true;
+    customSettings = {
+      flake-registry = "/etc/nix/flake-registry.json";
+    };
+  };
+
+  # Determines the nix-darwin release compatibility
+  system.stateVersion = 6;
+
+  # System profile programs
+  programs = {
+        zsh.enable = true;
+  };
+
+  # Install homebrew casks/apps
+  homebrew = {
+    enable = true;
+
+    onActivation = {
+      cleanup = "zap";
+      extraFlags = [ "--force-cleanup" ];
+    };
+
+    casks = [
+      "utm"
+      "ghostty"
+      "zen"
+    ];
+  };
+
+  # Keyboard shortcuts using skhd
+  services.skhd = {
+    enable = true;
+    skhdConfig = ''
+      alt - d : osascript -e 'tell application "System Events" to key code 49 using {command down}'
+      alt - return : open -na /Applications/Ghostty.app
+    '';
+    };
+
+  # System configuration
+  time.timeZone = "America/New_York";
+
+  system.defaults = {
+    NSGlobalDomain = {
+      # 24 hour time
+      AppleICUForce24HourTime = true;
+
+      # Dark Mode
+      AppleInterfaceStyle = "Dark";
+
+      # Key repeat rate
+      KeyRepeat = 4;
+      InitialKeyRepeat = 30;
+
+      # Swap F1-12 to be default
+      "com.apple.keyboard.fnState" = true;
+
+      # Disable Keyboard bullcrap
+      NSAutomaticCapitalizationEnabled = false;
+      NSAutomaticDashSubstitutionEnabled = false;
+      NSAutomaticPeriodSubstitutionEnabled = false;
+      NSAutomaticQuoteSubstitutionEnabled = false;
+      NSAutomaticSpellingCorrectionEnabled = false;
+      ApplePressAndHoldEnabled = false;
+    };
+
+    # Control center stuff
+    controlcenter = {
+      BatteryShowPercentage = true;
+    };
+
+    # Clock settings
+    menuExtraClock = {
+      Show24Hour = true;
+      ShowDate = 1; # Always
+      ShowDayOfWeek = true;
+      ShowSeconds = true;
+    };
+
+    # Screen capture settings
+    screencapture = {
+      target = "clipboard";
+      type = "png";
+    };
+
+    # finder good settings
+    finder = {
+      AppleShowAllExtensions = true;
+      AppleShowAllFiles = true;
+      ShowPathbar = true;
+      FXEnableExtensionChangeWarning = false;
+      _FXShowPosixPathInTitle = true;
+      NewWindowTarget = "Home";
+      ShowExternalHardDrivesOnDesktop = false;
+      ShowHardDrivesOnDesktop = false;
+      ShowMountedServersOnDesktop = false;
+      ShowRemovableMediaOnDesktop = false;
+      ShowStatusBar = true;
+    };
+
+    # Login Window Settings
+    loginwindow = {
+      GuestEnabled = false;
+      DisableConsoleAccess = true;
+    };
+
+    # dock settings
+    dock = {
+      magnification = true;
+      largesize = 96;
+      tilesize = 32;
+      minimize-to-application = false;
+      orientation = "bottom";
+      autohide = true;
+      persistent-apps = [
+        { app = "/Applications/Zen.app"; }
+        #{ app = "/System/Applications/Launchpad.app"; }
+        { app = "/System/Applications/Messages.app"; }
+        { app = "/System/Applications/Facetime.app"; }
+        { app = "/System/Applications/Calendar.app"; }
+        { app = "/System/Applications/App Store.app"; }
+        { app = "/System/Applications/System Settings.app"; }
+        { app = "/Applications/UTM.app"; }
+      ];
+      persistent-others = [
+        { folder = { path = "/Users/${username}/Downloads"; showas = "grid"; arrangement = "date-created"; }; }
+        { folder = { path = "/Applications"; showas = "grid"; arrangement = "name"; }; }
+      ];
+      show-recents = false;
+    };
+
+    # Custom preferences
+    CustomUserPreferences = {
+      NSGlobalDomain = {
+        # Always show menu bar
+        AppleMenuBarVisibleInFullscreen = true;
+      };
+
+      "com.apple.symbolichotkeys" = {
+        AppleSymbolicHotKeys = {
+          "64" = {
+            enabled = true; # skhd needs this for its shortcut
+          };
+        };
+      };
+    };
+  };
+
+  # Post-Activation scripts
+  system.activationScripts.postActivation.text = ''
+    echo "Configuring NTP servers..."
+    systemsetup -setnetworktimeserver pool.ntp.org > /dev/null 2>&1 || true
+    systemsetup -setusingnetworktime on > /dev/null 2>&1 || true
+
+    ryancasum="$(${pkgs.openssl}/bin/openssl x509 -in "${../../files/CACerts/RyanCA.crt}" -noout -fingerprint -sha1 | sed 's/.*=//; s/://g')"
+    if ! /usr/bin/security find-certificate -a -Z "/Library/Keychains/System.keychain" | tr -d ':' | grep -iq "$ryancasum"; then
+      echo "Installing RyanCA Certificate..."
+      /usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ${../../files/CACerts/RyanCA.crt}
+    fi
+
+    echo "Reloading Preferences DB..."
+    /System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u
+
+    echo "Setting default browser"
+    ${pkgs.defaultbrowser}/bin/defaultbrowser ${defaultBrowser}
+
+    # this is fragile so it goes at the bottom
+    echo "Reloading skhd..."
+    sudo -iu ${username} ${pkgs.skhd}/bin/skhd -r
+  '';
+
+}
diff --git a/users/ryan/aerc/accounts.conf b/users/ryan/aerc/accounts.conf
new file mode 100644
index 0000000..b140dbd
--- /dev/null
+++ b/users/ryan/aerc/accounts.conf
@@ -0,0 +1,24 @@
+[Personal]
+source   = jmap://ryan%40rschanz.org@mail.rschanz.org/jmap/session
+source-cred-cmd = pass emails/personal 2>/dev/null | tr -d '\n'
+outgoing = jmap://
+default  = Inbox
+from     = Ryan Schanzenbacher <ryan@rschanz.org>
+copy-to  = Sent
+signature-file = ~/.config/aerc/signature_personal
+#check-mail = 5m
+aliases = Ryan S <ryan+ritlugdemo@rschanz.org>, Ryan Schanzenbacher <ryan+guixdevel@rschanz.org>
+pgp-self-encrypt = true
+
+[School]
+source  = imaps+oauthbearer://rjs1877%40rit.edu@imap.gmail.com:993?token_endpoint=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Ftoken&client_id=667738788924-0rdfvaq9ijfo1vk4474eb3quf8206h2t.apps.googleusercontent.com&client_secret=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
+source-cred-cmd = pass emails/rit_personal 2>/dev/null | tr -d '\n'
+outgoing = smtps+oauthbearer://rjs1877%40rit.edu@imap.gmail.com:465?token_endpoint=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Ftoken&client_id=667738788924-0rdfvaq9ijfo1vk4474eb3quf8206h2t.apps.googleusercontent.com&client_secret=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
+outgoing-cred-cmd = pass emails/rit_personal 2>/dev/null | tr -d '\n'
+from = Ryan Schanzenbacher <rjs1877@rit.edu>
+signature-file = ~/.config/aerc/signature_rit_personal
+check-mail = 5m
+default = INBOX
+copy-to = [Gmail]/Sent Mail
+pgp-self-encrypt = true
+
diff --git a/users/ryan/aerc/aerc.conf b/users/ryan/aerc/aerc.conf
new file mode 100644
index 0000000..ad54cf7
--- /dev/null
+++ b/users/ryan/aerc/aerc.conf
@@ -0,0 +1,569 @@
+#
+# aerc main configuration
+
+[general]
+#
+# Used as a default path for save operations if no other path is specified.
+# ~ is expanded to the current user home dir.
+#
+default-save-path=~/Downloads/
+
+# If set to "gpg", aerc will use system gpg binary and keystore for all crypto
+# operations. If set to "internal", the internal openpgp keyring will be used.
+# If set to "auto", the system gpg will be preferred unless the internal
+# keyring already exists, in which case the latter will be used.
+#
+# Default: auto
+pgp-provider=gpg
+
+# By default, the file permissions of accounts.conf must be restrictive and
+# only allow reading by the file owner (0600). Set this option to true to
+# ignore this permission check. Use this with care as it may expose your
+# credentials.
+#
+# Default: false
+unsafe-accounts-conf=true # I don't store my creds in this
+
+# Output log messages to specified file. A path starting with ~/ is expanded to
+# the user home dir. When redirecting aerc's output to a file using > shell
+# redirection, this setting is ignored and log messages are printed to stdout.
+#
+#log-file=~/aerc_log
+
+# Only log messages above the specified level to log-file. Supported levels
+# are: trace, debug, info, warn and error. When redirecting aerc's output to
+# a file using > shell redirection, this setting is ignored and the log level
+# is forced to trace.
+#
+# Default: info
+log-level=trace
+
+# Set the $TERM environment variable used for the embedded terminal.
+#
+# Default: xterm-256color
+#term=xterm-256color
+
+# Display OSC8 strings in the embedded terminal
+#
+# Default: false
+#enable-osc8=false
+
+[ui]
+#
+# Describes the format for each row in a mailbox view. This is a comma
+# separated list of column names with an optional align and width suffix. After
+# the column name, one of the '<' (left), ':' (center) or '>' (right) alignment
+# characters can be added (by default, left) followed by an optional width
+# specifier. The width is either an integer representing a fixed number of
+# characters, or a percentage between 1% and 99% representing a fraction of the
+# terminal width. It can also be one of the '*' (auto) or '=' (fit) special
+# width specifiers. Auto width columns will be equally attributed the remaining
+# terminal width. Fit width columns take the width of their contents. If no
+# width specifier is set, '*' is used by default.
+#
+# Default: date<20,name<17,flags>4,subject<*
+#index-columns=date<20,name<17,flags>4,subject<*
+
+spinner = '/,-,\,|'
+
+#
+# Each name in index-columns must have a corresponding column-$name setting.
+# All column-$name settings accept golang text/template syntax. See
+# aerc-templates(7) for available template attributes and functions.
+#
+# Default settings
+#column-date={{.DateAutoFormat .Date.Local}}
+#column-name={{index (.From | names) 0}}
+#column-flags={{.Flags | join ""}}
+#column-subject={{.ThreadPrefix}}{{.Subject}}
+
+#
+# String separator inserted between columns. When the column width specifier is
+# an exact number of characters, the separator is added to it (i.e. the exact
+# width will be fully available for the column contents).
+#
+# Default: "  "
+#column-separator="  "
+
+#
+# See time.Time#Format at https://godoc.org/time#Time.Format
+#
+# Default: 2006-01-02 03:04 PM (ISO 8601 + 12 hour time)
+#timestamp-format=2006-01-02 03:04 PM
+
+#
+# Index-only time format for messages that were received/sent today.
+# If this is not specified, timestamp-format is used instead.
+#
+#this-day-time-format=
+
+#
+# Index-only time format for messages that were received/sent within the last
+# 7 days. If this is not specified, timestamp-format is used instead.
+#
+#this-week-time-format=
+
+#
+# Index-only time format for messages that were received/sent this year.
+# If this is not specified, timestamp-format is used instead.
+#
+#this-year-time-format=
+
+#
+# Width of the sidebar, including the border.
+#
+# Default: 20
+#sidebar-width=20
+
+#
+# Message to display when viewing an empty folder.
+#
+# Default: (no messages)
+#empty-message=(no messages)
+
+# Message to display when no folders exists or are all filtered
+#
+# Default: (no folders)
+#empty-dirlist=(no folders)
+
+# Enable mouse events in the ui, e.g. clicking and scrolling with the mousewheel
+#
+# Default: false
+#mouse-enabled=false
+
+#
+# Ring the bell when new messages are received
+#
+# Default: true
+#new-message-bell=true
+
+#
+# Template to use for Account tab titles
+#
+# Default: {{.Account}}
+#tab-title-account={{.Account}}
+
+# Marker to show before a pinned tab's name.
+#
+# Default: `
+#pinned-tab-marker='`'
+
+# Template for the left side of the directory list.
+# See aerc-templates(7) for all available fields and functions.
+#
+# Default: {{.Folder}}
+#dirlist-left={{.Folder}}
+
+# Template for the right side of the directory list.
+# See aerc-templates(7) for all available fields and functions.
+#
+# Default: {{if .Unread}}{{humanReadable .Unread}}/{{end}}{{if .Exists}}{{humanReadable .Exists}}{{end}}
+#dirlist-right={{if .Unread}}{{humanReadable .Unread}}/{{end}}{{if .Exists}}{{humanReadable .Exists}}{{end}}
+
+# Delay after which the messages are actually listed when entering a directory.
+# This avoids loading messages when skipping over folders and makes the UI more
+# responsive. If you do not want that, set it to 0s.
+#
+# Default: 200ms
+#dirlist-delay=200ms
+
+# Display the directory list as a foldable tree that allows to collapse and
+# expand the folders.
+#
+# Default: false
+#dirlist-tree=false
+
+# If dirlist-tree is enabled, set level at which folders are collapsed by
+# default. Set to 0 to disable.
+#
+# Default: 0
+#dirlist-collapse=0
+
+# List of space-separated criteria to sort the messages by, see *sort*
+# command in *aerc*(1) for reference. Prefixing a criterion with "-r "
+# reverses that criterion.
+#
+# Example: "from -r date"
+#
+#sort=
+
+# Moves to next message when the current message is deleted
+#
+# Default: true
+#next-message-on-delete=true
+
+# Automatically set the "seen" flag when a message is opened in the message
+# viewer.
+#
+# Default: true
+#auto-mark-read=true
+
+# The directories where the stylesets are stored. It takes a colon-separated
+# list of directories. If this is unset or if a styleset cannot be found, the
+# following paths will be used as a fallback in that order:
+#
+#   ${XDG_CONFIG_HOME:-~/.config}/aerc/stylesets
+#   ${XDG_DATA_HOME:-~/.local/share}/aerc/stylesets
+#   /usr/local/share/aerc/stylesets
+#   /usr/share/aerc/stylesets
+#
+#stylesets-dirs=
+
+# Uncomment to use box-drawing characters for vertical and horizontal borders.
+#
+# Default: " "
+#border-char-vertical=" "
+#border-char-horizontal=" "
+
+# Sets the styleset to use for the aerc ui elements.
+#
+# Default: default
+#styleset-name=default
+
+# Activates fuzzy search in commands and their arguments: the typed string is
+# searched in the command or option in any position, and need not be
+# consecutive characters in the command or option.
+#
+# Default: false
+#fuzzy-complete=false
+
+# How long to wait after the last input before auto-completion is triggered.
+#
+# Default: 250ms
+#completion-delay=250ms
+
+# The minimum required characters to allow auto-completion to be triggered after
+# completion-delay.
+#
+# Default: 1
+#completion-min-chars=1
+
+#
+# Global switch for completion popovers
+#
+# Default: true
+#completion-popovers=true
+
+# Uncomment to use UTF-8 symbols to indicate PGP status of messages
+#
+# Default: ASCII
+#icon-unencrypted=
+#icon-encrypted=✔
+#icon-signed=✔
+#icon-signed-encrypted=✔
+#icon-unknown=✘
+#icon-invalid=⚠
+
+# Reverses the order of the message list. By default, the message list is
+# ordered with the newest (highest UID) message on top. Reversing the order
+# will put the oldest (lowest UID) message on top. This can be useful in cases
+# where the backend does not support sorting.
+#
+# Default: false
+#reverse-msglist-order = false
+
+# Reverse display of the mesage threads. Default order is the the intial
+# message is on the top with all the replies being displayed below. The
+# reverse option will put the initial message at the bottom with the
+# replies on top.
+#
+# Default: false
+#reverse-thread-order=false
+
+# Sort the thread siblings according to the sort criteria for the messages. If
+# sort-thread-siblings is false, the thread siblings will be sorted based on
+# the message UID in ascending order. This option is only applicable for
+# client-side threading with a backend that enables sorting. Note that there's
+# a performance impact when sorting is activated.
+#
+# Default: false
+#sort-thread-siblings=false
+
+#[ui:account=Personal]
+#
+# Enable a threaded view of messages. If this is not supported by the backend
+# (IMAP server or notmuch), threads will be built by the client.
+#
+# Default: false
+threading-enabled=true
+
+# Force client-side thread building
+#
+# Default: false
+#force-client-threads=false
+
+# Debounce client-side thread building
+#
+# Default: 50ms
+#client-threads-delay=50ms
+
+[statusline]
+#
+# Describes the format for the status line. This is a comma separated list of
+# column names with an optional align and width suffix. See [ui].index-columns
+# for more details. To completely mute the status line except for push
+# notifications, explicitly set status-columns to an empty string.
+#
+# Default: left<*,center:=,right>*
+#status-columns=left<*,center:=,right>*
+
+#
+# Each name in status-columns must have a corresponding column-$name setting.
+# All column-$name settings accept golang text/template syntax. See
+# aerc-templates(7) for available template attributes and functions.
+#
+# Default settings
+#column-left=[{{.Account}}] {{.StatusInfo}}
+#column-center={{.PendingKeys}}
+#column-right={{.TrayInfo}}
+
+#
+# String separator inserted between columns.
+# See [ui].column-separator for more details.
+#
+#column-separator=" "
+
+# Specifies the separator between grouped statusline elements.
+#
+# Default: " | "
+#separator=" | "
+
+# Defines the mode for displaying the status elements.
+# Options: text, icon
+#
+# Default: text
+#display-mode=text
+
+[viewer]
+#
+# Specifies the pager to use when displaying emails. Note that some filters
+# may add ANSI codes to add color to rendered emails, so you may want to use a
+# pager which supports ANSI codes.
+#
+# Default: less -R
+#pager=less -R
+
+#
+# If an email offers several versions (multipart), you can configure which
+# mimetype to prefer. For example, this can be used to prefer plaintext over
+# html emails.
+#
+# Default: text/plain,text/html
+#alternatives=text/plain,text/html
+
+#
+# Default setting to determine whether to show full headers or only parsed
+# ones in message viewer.
+#
+# Default: false
+#show-headers=false
+
+#
+# Layout of headers when viewing a message. To display multiple headers in the
+# same row, separate them with a pipe, e.g. "From|To". Rows will be hidden if
+# none of their specified headers are present in the message.
+#
+# Default: From|To,Cc|Bcc,Date,Subject
+#header-layout=From|To,Cc|Bcc,Date,Subject
+
+# Whether to always show the mimetype of an email, even when it is just a single part
+#
+# Default: false
+#always-show-mime=false
+
+# Parses and extracts http links when viewing a message. Links can then be
+# accessed with the open-link command.
+#
+# Default: true
+#parse-http-links=true
+
+[compose]
+#
+# Specifies the command to run the editor with. It will be shown in an embedded
+# terminal, though it may also launch a graphical window if the environment
+# supports it. Defaults to $EDITOR, or vi.
+#editor=
+
+# Address book command
+address-book-cmd = sh -c 'abook --mutt-query "%s" | tail -n +2'
+
+#
+# Default header fields to display when composing a message. To display
+# multiple headers in the same row, separate them with a pipe, e.g. "To|From".
+#
+# Default: To|From,Subject
+#header-layout=To|From,Subject
+
+#
+# Specifies the command to be used to tab-complete email addresses. Any
+# occurrence of "%s" in the address-book-cmd will be replaced with what the
+# user has typed so far.
+#
+# The command must output the completions to standard output, one completion
+# per line. Each line must be tab-delimited, with an email address occurring as
+# the first field. Only the email address field is required. The second field,
+# if present, will be treated as the contact name. Additional fields are
+# ignored.
+#
+# This parameter can also be set per account in accounts.conf.
+#address-book-cmd=
+
+# Specifies the command to be used to select attachments. Any occurence of '%s'
+# in the file-picker-cmd will be replaced the argument <arg> to :attach -m
+# <arg>.
+#
+# The command must output the selected files to standard output, one file per
+# line.
+file-picker-cmd=fzf --multi --query=%s
+
+#
+# Allow to address yourself when replying
+#
+# Default: true
+#reply-to-self=true
+
+#
+# Warn before sending an email that matches the specified regexp but does not
+# have any attachments. Leave empty to disable this feature.
+#
+# Uses Go's regexp syntax, documented at https://golang.org/s/re2syntax. The
+# "(?im)" flags are set by default (case-insensitive and multi-line).
+#
+# Example:
+# no-attachment-warning=^[^>]*attach(ed|ment)
+#
+#no-attachment-warning=
+
+#
+# When set, aerc will generate "format=flowed" bodies with a content type of
+# "text/plain; format=flowed" as described in RFC3676. This format is easier to
+# handle for some mailing software, and generally just looks like ordinary
+# text. To actually make use of this format's features, you'll need support in
+# your editor.
+#
+format-flowed=true
+
+[multipart-converters]
+#
+# Converters allow to generate multipart/alternative messages by converting the
+# main text/plain part into any other MIME type. Only exact MIME types are
+# accepted. The commands are invoked with sh -c and are expected to output
+# valid UTF-8 text.
+#
+# Example (obviously, this requires that you write your main text/plain body
+# using the markdown syntax):
+text/html=pandoc --wrap=preserve -f gfm+hard_line_breaks -t html --standalone
+
+[filters]
+#
+# Filters allow you to pipe an email body through a shell command to render
+# certain emails differently, e.g. highlighting them with ANSI escape codes.
+#
+# The commands are invoked with sh -c. The following folders are appended to
+# the system $PATH to allow referencing filters from their name only:
+#
+#   ${XDG_CONFIG_HOME:-~/.config}/aerc/filters
+#   ${XDG_DATA_HOME:-~/.local/share}/aerc/filters
+#   $PREFIX/share/aerc/filters
+#   /usr/share/aerc/filters
+#
+# The following variables are defined in the filter command environment:
+#
+#   AERC_MIME_TYPE      the part MIME type/subtype
+#   AERC_FORMAT         the part content type format= parameter
+#   AERC_FILENAME       the attachment filename (if any)
+#   AERC_SUBJECT        the message Subject header value
+#   AERC_FROM           the message From header value
+#
+# The first filter which matches the email's mimetype will be used, so order
+# them from most to least specific.
+#
+# You can also match on non-mimetypes, by prefixing with the header to match
+# against (non-case-sensitive) and a comma, e.g. subject,text will match a
+# subject which contains "text". Use header,~regex to match against a regex.
+#
+#text/plain=colorize
+#text/calendar=calendar
+message/delivery-status=bat -fn
+message/rfc822=bat -fn
+text/html=pandoc -f html -t plain | bat -fn
+#text/html=html | colorize
+text/*=bat -fn
+application/x-sh=bat -fn -l sh
+#image/*=catimg -w $(tput cols) -
+#subject,~Git(hub|lab)=lolcat -f
+#from,thatguywhodoesnothardwraphismessages=wrap -w 100 | colorize
+
+# This special filter is only used to post-process email headers when
+# [viewer].show-headers=true
+# By default, headers are piped directly into the pager.
+#
+#.headers=bat -fp
+
+[openers]
+#
+# Openers allow you to specify the command to use for the :open and :open-link
+# actions on a per-MIME-type basis. The :open-link URL scheme is used to
+# determine the MIME type as follows: x-scheme-handler/<scheme>.
+#
+# {} is expanded as the temporary filename to be opened. If it is not
+# encountered in the command, the temporary filename will be appened to the end
+# of the command.
+#
+# Like [filters], openers support basic shell globbing. The first opener which
+# matches the part's MIME type (or URL scheme handler MIME type) will be used,
+# so order them from most to least specific.
+#
+# Examples:
+# x-scheme-handler/irc=hexchat
+# x-scheme-handler/http*=firefox
+# text/html=surf -dfgms
+# text/plain=gvim {} +125
+# message/rfc822=thunderbird
+
+[hooks]
+#
+# Hooks are triggered whenever the associated event occurs.
+
+#
+# Executed when a new email arrives in the selected folder
+mail-received=notify-send "$AERC_FROM_NAME" "$AERC_SUBJECT"
+
+#
+# Executed when aerc starts
+#aerc-startup=aerc :terminal calcurse && aerc :next-tab
+
+#
+# Executed when aerc shuts down.
+#aerc-shutdown=
+
+[templates]
+# Templates are used to populate email bodies automatically.
+#
+
+# The directories where the templates are stored. It takes a colon-separated
+# list of directories. If this is unset or if a template cannot be found, the
+# following paths will be used as a fallback in that order:
+#
+#   ${XDG_CONFIG_HOME:-~/.config}/aerc/templates
+#   ${XDG_DATA_HOME:-~/.local/share}/aerc/templates
+#   /usr/local/share/aerc/templates
+#   /usr/share/aerc/templates
+#
+#template-dirs=
+
+# The default template to be used for new messages.
+#
+# default: new_message
+#new-message=new_message
+
+# The default template to be used for quoted replies.
+#
+# default: quoted_reply
+#quoted-reply=quoted_reply
+
+# The default template to be used for forward as body.
+#
+# default: forward_as_body
+#forwards=forward_as_body
+
diff --git a/users/ryan/aerc/binds.conf b/users/ryan/aerc/binds.conf
new file mode 100644
index 0000000..3c1e2d2
--- /dev/null
+++ b/users/ryan/aerc/binds.conf
@@ -0,0 +1,150 @@
+# Binds are of the form <key sequence> = <command to run>
+# To use '=' in a key sequence, substitute it with "Eq": "<Ctrl+Eq>"
+# If you wish to bind #, you can wrap the key sequence in quotes: "#" = quit
+<C-p> = :prev-tab<Enter>
+<C-n> = :next-tab<Enter>
+<C-t> = :term<Enter>
+? = :help keys<Enter>
+
+[messages]
+q = :quit<Enter>
+
+j = :next<Enter>
+<Down> = :next<Enter>
+<C-d> = :next 50%<Enter>
+<C-f> = :next 100%<Enter>
+<PgDn> = :next 100%<Enter>
+
+k = :prev<Enter>
+<Up> = :prev<Enter>
+<C-u> = :prev 50%<Enter>
+<C-b> = :prev 100%<Enter>
+<PgUp> = :prev 100%<Enter>
+g = :select 0<Enter>
+G = :select -1<Enter>
+<C-r> = :read<Enter>
+<C-u> = :unread<Enter>
+
+J = :next-folder<Enter>
+K = :prev-folder<Enter>
+H = :collapse-folder<Enter>
+L = :expand-folder<Enter>
+
+v = :mark -t<Enter>
+V = :mark -v<Enter>
+
+T = :toggle-threads<Enter>
+
+<Enter> = :view<Enter>
+dd = :mv Trash<Enter>
+dg = :mv [Gmail]/Trash<Enter>
+D = :delete<Enter>
+A = :archive year<Enter>
+
+C = :compose<Enter>
+
+rr = :reply -a<Enter>
+rq = :reply -aq<Enter>
+Rr = :reply<Enter>
+Rq = :reply -q<Enter>
+f = :forward -A<Enter>
+
+# Git custom stuff ala Drew Devault
+ga = :pipe -mb git am -3<Enter>
+gp = :term git push<Enter>
+rt = :reply -aTthanks<Enter>
+
+c = :cf<space>
+$ = :term<space>
+! = :term<space>
+| = :pipe<space>
+
+/ = :search<space>
+\ = :filter<space>
+n = :next-result<Enter>
+N = :prev-result<Enter>
+<Esc> = :clear<Enter>
+
+[messages:folder=Drafts]
+<Enter> = :recall<Enter>
+
+[view]
+/ = :toggle-key-passthrough<Enter>/
+q = :close<Enter>
+O = :open<Enter>
+S = :save<space>
+| = :pipe<space>
+D = :delete<Enter>
+dd = :mv Trash<Enter>
+dg = :mv [Gmail]/Trash<Enter>
+A = :archive year<Enter>
+
+<C-l> = :open-link <space>
+
+f = :forward -A<Enter>
+rr = :reply -a<Enter>
+rq = :reply -aq<Enter>
+Rr = :reply<Enter>
+Rq = :reply -q<Enter>
+
+H = :toggle-headers<Enter>
+<C-k> = :prev-part<Enter>
+<C-j> = :next-part<Enter>
+J = :next<Enter>
+K = :prev<Enter>
+
+[view::passthrough]
+$noinherit = true
+$ex = <C-x>
+<Esc> = :toggle-key-passthrough<Enter>
+
+[compose]
+# Keybindings used when the embedded terminal is not selected in the compose
+# view
+$noinherit = true
+$ex = <C-x>
+<C-k> = :prev-field<Enter>
+<C-j> = :next-field<Enter>
+<A-p> = :switch-account -p<Enter>
+<A-n> = :switch-account -n<Enter>
+<tab> = :next-field<Enter>
+<backtab> = :prev-field<Enter>
+<C-p> = :prev-tab<Enter>
+<C-n> = :next-tab<Enter>
+<C-c> = :cc<Enter>
+<C-b> = :bcc<Enter>
+<C-q> = :abort<Enter>
+
+[compose::editor]
+# Keybindings used when the embedded terminal is selected in the compose view
+$noinherit = true
+$ex = <C-x>
+<C-k> = :prev-field<Enter>
+<C-j> = :next-field<Enter>
+<C-p> = :prev-tab<Enter>
+<C-n> = :next-tab<Enter>
+<C-q> = :abort<Enter>
+
+[compose::review]
+# Keybindings used when reviewing a message to be sent
+y = :send<Enter>
+n = :abort<Enter>
+v = :preview<Enter>
+p = :postpone<Enter>
+q = :choose -o d discard abort -o p postpone postpone<Enter>
+e = :edit<Enter>
+a = :attach<space>
+d = :detach<space>
+S = :sign<Enter>
+E = :encrypt<Enter>
+A = :attach-key<Enter>
+C = :multipart text/html<Enter>
+
+[terminal]
+$noinherit = true
+$ex = <C-x>
+<C-q> = :close<Enter>
+
+<C-p> = :prev-tab<Enter>
+<C-n> = :next-tab<Enter>
+
diff --git a/users/ryan/aerc/signature_personal b/users/ryan/aerc/signature_personal
new file mode 100644
index 0000000..d287d98
--- /dev/null
+++ b/users/ryan/aerc/signature_personal
@@ -0,0 +1,4 @@
+-- 
+Best,
+Ryan Schanzenbacher
+
diff --git a/users/ryan/aerc/signature_rit_personal b/users/ryan/aerc/signature_rit_personal
new file mode 100644
index 0000000..e5e0b0a
--- /dev/null
+++ b/users/ryan/aerc/signature_rit_personal
@@ -0,0 +1,6 @@
+-- 
+Best,
+Ryan Schanzenbacher
+Rochester Institute of Technology
+Cybersecurity BS/MS Student
+
diff --git a/users/ryan/aerc/templates/quoted_reply b/users/ryan/aerc/templates/quoted_reply
new file mode 100644
index 0000000..28f9ee8
--- /dev/null
+++ b/users/ryan/aerc/templates/quoted_reply
@@ -0,0 +1,7 @@
+X-Mailer: aerc {{version}}
+
+{{.Signature}}
+
+On {{dateFormat (.OriginalDate | toLocal) "Mon Jan 2, 2006 at 3:04 PM MST"}}, {{(index .OriginalFrom 0).Name}} wrote:
+{{trimSignature .OriginalText | quote}}
+
diff --git a/users/ryan/home.nix b/users/ryan/home.nix
new file mode 100644
index 0000000..9154066
--- /dev/null
+++ b/users/ryan/home.nix
@@ -0,0 +1,126 @@
+{ config, pkgs, ... }:
+
+{
+  # This value determines the Home Manager release that your configuration is
+  # compatible with. This helps avoid breakage when a new Home Manager release
+  # introduces backwards incompatible changes.
+  #
+  # You should not change this value, even if you update Home Manager. If you do
+  # want to update the value, then make sure to first check the Home Manager
+  # release notes.
+  home.stateVersion = "26.05"; # Please read the comment before changing.
+
+  news.display = "silent";
+
+  programs.starship = {
+    enable = true;
+    settings = {
+      add_newline = false;
+      character = {
+        success_symbol = "[➜](bold green)";
+        error_symbol = "[➜](bold red)";
+      };
+      time = {
+        disabled = false;
+        format = "\[ $time \]($style)";
+        time_format = "%T";
+      };
+    };
+  };
+
+  programs.zen-browser = {
+    enable = true;
+    package = null; # managed via homebrew
+    darwinDefaultsId = "app.zen-browser.zen";
+    policies = import ./zen/zenPolicies.nix;
+    profiles.default = import ./zen/zenProfile.nix;
+  };
+
+  programs.eza = {
+    enable = true;
+    enableZshIntegration = true;
+  };
+
+  programs.gpg.enable = true;
+
+  programs.git = {
+    enable = true;
+    signing.signByDefault = true;
+    settings = {
+      user = {
+        name = "Ryan Schanzenbacher";
+        email = "ryan@rschanz.org";
+      };
+      core.pager = "${pkgs.delta}/bin/delta";
+      init.defaultBranch = "main";
+      merge.conflictStyle = "zdiff3";
+      interactive.diffFilter = "${pkgs.delta}/bin/delta --color-only";
+      delta = {
+        navigate = true;
+        side-by-side = true;
+      };
+    };
+  };
+
+  services.gpg-agent = {
+    enable = true;
+    enableSshSupport = true;
+  };
+
+  programs.zsh = {
+    enable = true;
+    initContent = ''
+      export GPG_TTY="$(tty)"
+      export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
+      gpgconf --launch gpg-agent
+      gpg-connect-agent updatestartuptty /bye > /dev/null
+    '';
+    shellAliases = {
+      cat = "bat --paging=never";
+      diff = "delta";
+    };
+  };
+
+  # The home.packages option allows you to install Nix packages into your
+  # environment.
+  home.packages = with pkgs; [
+        neovim
+        git
+        yt-dlp
+        aerc
+        gdu
+        mpv
+        taskwarrior3
+        delta
+        bat
+        pass
+        pandoc
+  ];
+
+  # Home Manager is pretty good at managing dotfiles. The primary way to manage
+  # plain files is through 'home.file'.
+  home.file = {
+    # # Building this configuration will create a copy of 'dotfiles/screenrc' in
+    # # the Nix store. Activating the configuration will then make '~/.screenrc' a
+    # # symlink to the Nix store copy.
+    # ".screenrc".source = dotfiles/screenrc;
+
+    # # You can also set the file content immediately.
+    # ".gradle/gradle.properties".text = ''
+    #   org.gradle.console=verbose
+    #   org.gradle.daemon.idletimeout=3600000
+    # '';
+  };
+
+  xdg.configFile."aerc" = {
+    source = ./aerc;
+    recursive = true;
+  };
+
+  home.sessionVariables = {
+    XDG_CONFIG_HOME = "${config.home.homeDirectory}/.config";
+  };
+
+  # Let Home Manager install and manage itself.
+  programs.home-manager.enable = true;
+}
diff --git a/users/ryan/zen/zenPolicies.nix b/users/ryan/zen/zenPolicies.nix
new file mode 100644
index 0000000..edde27d
--- /dev/null
+++ b/users/ryan/zen/zenPolicies.nix
@@ -0,0 +1,125 @@
+let
+    lock-false = {
+        Value = false;
+        Status = "locked";
+    };
+    lock-true = {
+        Value = true;
+        Status = "locked";
+    };
+in
+{
+    EnableTrackingProtection = {
+        Value = true;
+        Locked = true;
+        Cryptomining = true;
+        Fingerprinting = true;
+        EmailTracking = true;
+    };
+    UserMessaging = {
+        WhatsNew = false;
+        ExtensionRecommendations = false;
+        FeatureRecommendations = false;
+        UrlbarInterventions = false;
+        SkipOnboarding = true;
+        MoreFromMozilla = false;
+        Labs = false;
+        Locked = true;
+    };
+    DisableAppUpdate = true;
+    DisableAccounts = true;
+    DisableFirefoxAccounts = true;
+    DisableFirefoxStudies = true;
+    DisablePocket = true;
+    DisableTelemetry = true;
+    AutofillAddressEnabled = false;
+    AutofillCreditCardEnabled = false;
+    DisableMasterPasswordCreation = true;
+    PasswordManagerEnabled = false;
+    PrimaryPassword = false;
+    OfferToSaveLogins = false;
+    NoDefaultBookmarks = true;
+    OverrideFirstRunPage = "";
+    OverridePostUpdatePage = "";
+    FirefoxHome = {
+        Search = true;
+        TopSites = true;
+        SponsoredTopSites = false;
+        Highlights = false;
+        Pocket = false;
+        SponsoredPocket = false;
+        Snippets = false;
+        Locked = true;
+    };
+    SearchSuggestEnabled = true;
+    FirefoxSuggest = {
+        WebSuggestions = true;
+        SponsoredSuggestions = false;
+        ImproveSuggest = false;
+        Locked = true;
+    };
+    PictureInPicture = lock-true;
+    HardwareAcceleration = true;
+    Certificates = {
+        ImportEnterpriseRoots = true;
+    };
+    ExtensionSettings = {
+    #"*".installation_mode = "blocked";
+    # uBlock Origin
+        "uBlock0@raymondhill.net" = {
+            install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
+            installation_mode = "force_installed";
+        };
+    # Bitwarden
+        "{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
+            install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
+            installation_mode = "normal_installed";
+        };
+    # SponsorBlock
+        "sponsorBlocker@ajay.app" = {
+            install_url = "https://addons.mozilla.org/firefox/downloads/latest/sponsorblock/latest.xpi";
+            installation_mode = "force_installed";
+        };
+    # DeArrow
+        "deArrow@ajay.app" = {
+            install_url = "https://addons.mozilla.org/firefox/downloads/latest/dearrow/latest.xpi";
+            installation_mode = "force_installed";
+        };
+    # Return Youtube Dislike
+        "{762f9885-5a13-4abd-9c77-433dcd38b8fd}" = {
+            install_url = "https://addons.mozilla.org/firefox/downloads/latest/return-youtube-dislikes/latest.xpi";
+            installation_mode = "force_installed";
+        };
+    # Youtube Nonstop
+        "{0d7cafdd-501c-49ca-8ebb-e3341caaa55e}" = {
+            install_url = "https://addons.mozilla.org/firefox/downloads/latest/youtube-nonstop/latest.xpi";
+            installation_mode = "force_installed";
+        };
+    # TamperMonkey
+        "firefox@tampermonkey.net" = {
+            install_url = "https://addons.mozilla.org/firefox/downloads/latest/tampermonkey/latest.xpi";
+            installation_mode = "force_installed";
+        };
+    # Floccus
+        "floccus@handmadeideas.org" = {
+            install_url = "https://addons.mozilla.org/firefox/downloads/latest/floccus/latest.xpi";
+            installation_mode = "force_installed";
+        };
+    # Mailvelope
+        "jid1-AQqSMBYb0a8ADg@jetpack" = {
+            install_url = "https://addons.mozilla.org/firefox/downloads/latest/mailvelope/latest.xpi";
+            installation_mode = "force_installed";
+        };
+    };
+    Preferences = {
+        "xpinstall.whitelist.required" = lock-true;
+        "dom.webgpu.enabled" = lock-true;
+        "media.eme.enabled" = lock-true;
+        "general.autoScroll" = lock-true;
+        "general.smoothScroll" = lock-true;
+        "browser.crashReports.unsubmittedCheck.autoSubmit2" = lock-false;
+        "browser.aboutConfig.showWarning" = lock-false;
+        "media.videocontrols.picture-in-picture.enable-when-switching-tabs.enabled" = lock-true;
+    };
+}
+
diff --git a/users/ryan/zen/zenProfile.nix b/users/ryan/zen/zenProfile.nix
new file mode 100644
index 0000000..d77a906
--- /dev/null
+++ b/users/ryan/zen/zenProfile.nix
@@ -0,0 +1,71 @@
+rec {
+    settings = {
+        "zen.welcome-screen.seen" = true;
+        "zen.urlbar.behavior" = "float";
+        "zen.view.compact.enable-at-startup"= true;
+        "zen.view.use-single-toolbar"= false;
+        "zen.view.window.scheme"= 0;
+    };
+
+    pinsForce = true;
+    pins = {
+        "Discord" = {
+            id = "59d28a80-d185-4dec-92cb-6da549cdfd27";
+            workspace = spaces."Personal".id;
+            url = "https://discord.com/channels/@me";
+            position = 101;
+            isEssential = true;
+        };
+        "RSS" = {
+            id = "0fa25825-01f2-49ce-b8a2-80f1100e782c";
+            workspace = spaces."Personal".id;
+            url = "https://rss.ryan77627.xyz";
+            position = 102;
+            isEssential = true;
+        };
+    };
+
+    spacesForce = true;
+    spaces = {
+        "Personal" = {
+            id = "2392f396-2548-4a20-9fb8-a3e940be4a58";
+            #icon = "";
+            position = 1000;
+            theme = {
+                type = "gradient";
+                colors = [
+                    {
+                    red = 199;
+                    green = 161;
+                    blue = 247;
+                    algorithm = "complementary";
+                    type = "explicit-lightness";
+                    lightness = 80;
+                    #isPrimary = true;
+                    }
+                    # {
+                    # red = 157;
+                    # green = 251;
+                    # blue = 194;
+                    # algorithm = "splitComplimentary";
+                    # type = "explicit-lightness";
+                    # lightness = 80;
+                    # isPrimary = false;
+                    # }
+                    # {
+                    # red = 161;
+                    # green = 243;
+                    # blue = 247;
+                    # algorithm = "splitComplimentary";
+                    # type = "explicit-lightness";
+                    # lightness = 80;
+                    # isPrimary = false;
+                    # }
+                ];
+                opacity = 0.419;
+                texture = 0.3125;
+            };
+        };
+    };
+}
+