From dd11a30bf357ffdd873e78484fa2c5cd56c2a90c Mon Sep 17 00:00:00 2001
From: Fern Garden <mail@fern.garden>
Date: Thu, 18 Sep 2025 13:17:06 +0800
Subject: [PATCH 1/4] deploy-rs service

---
 hosts/ornithologist/default.nix | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/hosts/ornithologist/default.nix b/hosts/ornithologist/default.nix
index ae36071..9b00f9a 100644
--- a/hosts/ornithologist/default.nix
+++ b/hosts/ornithologist/default.nix
@@ -7,4 +7,31 @@
 
   # Enable docker.
   flock.docker.enable = true;
+
+  # Deploy NixOS updates once a week.
+  systemd.timers."deploy-rs" = {
+    wantedBy = ["timers.target"];
+    timerConfig = {
+      OnCalendar = "weekly";
+      Persistent = true;
+      Unit = "deploy-rs.service";
+    };
+  };
+
+  systemd.services."deploy-rs" = {
+    path = with pkgs; [openssh git nix deploy-rs];
+    script = ''
+      set -eu
+
+      cd /home/fern/Repositories/flock
+      git pull && nix flake update
+
+      deploy && git commit -m "[ornithologist] Update flake.lock" && git push
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      User = "fern";
+      Group = "users";
+    };
+  };
 }

From b89c9af77e4826250b7970ee5cbfafff05300554 Mon Sep 17 00:00:00 2001
From: Fern Garden <mail@fern.garden>
Date: Fri, 19 Sep 2025 14:23:17 +0800
Subject: [PATCH 2/4] btrfs on muskduck

---
 hosts/muskduck/default.nix | 78 +++++++++++---------------------------
 1 file changed, 23 insertions(+), 55 deletions(-)

diff --git a/hosts/muskduck/default.nix b/hosts/muskduck/default.nix
index f6245fd..bdaeb3e 100644
--- a/hosts/muskduck/default.nix
+++ b/hosts/muskduck/default.nix
@@ -1,70 +1,38 @@
-{lib, ...}:
-with lib; {
+{
   # Kernel modules.
-  boot.initrd.availableKernelModules = [
-    "xhci_pci"
-    "nvme"
-    "usb_storage"
-    "sd_mod"
-  ];
-
+  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
   boot.kernelModules = ["kvm-intel"];
 
-  # Enable lanzaboote & secure boot.
-  boot.initrd.systemd.enable = true;
-  boot.loader.systemd-boot.enable = mkForce false;
-  boot.bootspec.enable = true;
-
-  boot.lanzaboote = {
-    enable = true;
-    pkiBundle = "/var/lib/sbctl";
-    settings.timeout = 0;
-  };
+  # Full disk encryption.
+  boot.initrd.luks.devices."nvme0n1p2_crypt".device = "/dev/disk/by-uuid/7196bd89-099f-4e9e-80e5-3d6d555272b1";
 
   # Root filesystem.
   fileSystems."/" = {
-    device = "/dev/disk/by-uuid/63d79656-aa5b-466a-b369-be5eac3f51ab";
-    fsType = "ext4";
+    device = "/dev/disk/by-uuid/bea34866-903b-460e-abff-c817e06891c7";
+    fsType = "btrfs";
+    options = ["subvol=root"];
   };
 
-  boot.initrd.luks.devices."luks-93fa00bc-777f-4359-bad5-880c29faca0d".device = "/dev/disk/by-uuid/93fa00bc-777f-4359-bad5-880c29faca0d";
-
-  # EFI/boot partition.
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/EBD7-3E1C";
-    fsType = "vfat";
-    options = [
-      "fmask=0077"
-      "dmask=0077"
-    ];
+  # Nix directory.
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/bea34866-903b-460e-abff-c817e06891c7";
+    fsType = "btrfs";
+    options = ["subvol=nix"];
   };
 
-  # Share Music dir.
-  services.samba = {
-    enable = true;
-    openFirewall = true;
-    settings = {
-      global = {
-        "workgroup" = "FLOCK";
-        "server string" = "muskduck";
-        "netbios name" = "muskduck";
-        "security" = "user";
-      };
-      "Music" = {
-        "path" = "/home/fern/Music";
-        "browseable" = "yes";
-        "read only" = "yes";
-        "guest ok" = "no";
-      };
-    };
+  # Home directory.
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/bea34866-903b-460e-abff-c817e06891c7";
+    fsType = "btrfs";
+    options = ["subvol=home"];
   };
 
-  services.samba-wsdd = {
-    enable = true;
-    openFirewall = true;
+  # Swap.
+  fileSystems."/swap" = {
+    device = "/dev/disk/by-uuid/bea34866-903b-460e-abff-c817e06891c7";
+    fsType = "btrfs";
+    options = ["subvol=swap"];
   };
 
-  flock.docker = {
-    enable = true;
-  };
+  swapDevices = [{device = "/swap/swapfile";}];
 }

From 91a194fa52892c818f0f9ee67b8d43c3573bdc57 Mon Sep 17 00:00:00 2001
From: Fern Garden <mail@fern.garden>
Date: Fri, 19 Sep 2025 14:23:28 +0800
Subject: [PATCH 3/4] Specify cups-dymo git rev

---
 packages/cups-dymo/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/cups-dymo/default.nix b/packages/cups-dymo/default.nix
index 30d1f97..13c9466 100644
--- a/packages/cups-dymo/default.nix
+++ b/packages/cups-dymo/default.nix
@@ -9,6 +9,7 @@
 }: let
   srcRoot = fetchgit {
     url = "https://github.com/dymosoftware/Drivers.git";
+    rev = "795a815363a4401a30a1c0ef94f3381186172843";
     hash = "sha256-3fRALvyGYVpDL0HyUnjDi+TDTX9yeQG6LfZtNuv42pY=";
   };
 in

From 6bc0155b77a1f9b607d543252778e342b04fbd2a Mon Sep 17 00:00:00 2001
From: Fern Garden <mail@fern.garden>
Date: Fri, 19 Sep 2025 14:23:33 +0800
Subject: [PATCH 4/4] Switch to librewolf

---
 suites/desktop/default.nix | 5 ++++-
 suites/desktop/home.nix    | 3 ++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/suites/desktop/default.nix b/suites/desktop/default.nix
index 8884a6a..9212650 100755
--- a/suites/desktop/default.nix
+++ b/suites/desktop/default.nix
@@ -249,7 +249,10 @@ with lib; {
   # Install some packages.
   programs = {
     steam.enable = true;
-    firefox.enable = true;
+    firefox = {
+      enable = true;
+      package = pkgs.librewolf;
+    };
   };
 
   environment.systemPackages = with pkgs; [
diff --git a/suites/desktop/home.nix b/suites/desktop/home.nix
index f8c671e..57e3c9f 100644
--- a/suites/desktop/home.nix
+++ b/suites/desktop/home.nix
@@ -31,9 +31,10 @@
     };
   };
 
-  # Firefox settings
+  # Librewolf settings
   programs.firefox = {
     enable = true;
+    package = pkgs.librewolf;
     profiles.default = {};
     profiles.default.settings."identity.sync.tokenserver.uri" = "https://fxsync.fern.garden/1.0/sync/1.5";
   };