Upgrade to Nix 25.11 and migrate configs

Update flake inputs and flake.lock to Nix/nixpkgs and home-manager
release 25.11; bump home.stateVersion and setup script NIXOS_RELEASE.

Migrate git config to new Home Manager layout (programs.git.settings,
aliases under settings.alias), adjust delta config path, and reorganize
SSH into matchBlocks with enableDefaultConfig=false to avoid global
leaks. Simplify snapd session variable handling to avoid recursion.

Misc: tweak Dashy title, replace du-dust->dust and plex-media-player ->
plex-desktop, remove unused hostname arg, and add GitHub Copilot
instructions document.

.github/copilot-instructions.md

@@ -0,0 +1,71 @@
+# GitHub Copilot Instructions
+
+## Project Overview
+
+This repository manages system configurations (dotfiles) using a hybrid approach:
+
+- **Nix (Home Manager):** Manages user environment, CLI tools, and dotfile symlinks.
+- **Ansible:** Manages system-level configurations, services (Docker containers), and secrets.
+- **Python (`dotf`):** A custom CLI wrapper to orchestrate updates and maintenance.
+
+## Architecture
+
+### Nix & Home Manager
+
+- **Entry Point:** `flake.nix` defines `homeConfigurations` for each host (e.g., `mennos-desktop`, `mennos-server`).
+- **Configuration:** `home.nix` is the main module, conditionally importing from `packages/` and `server/` or `workstation/` based on the `isServer` flag.
+- **Packages:** Defined in `packages/{common,server,workstation}/packages.nix`.
+
+### Ansible
+
+- **Playbook:** `ansible/playbook.yml` is the main entry point.
+- **Inventory:** `ansible/inventory.ini` defines host groups (`workstations`, `servers`). All connections are `local`.
+- **Tasks:** Organized in `ansible/tasks/`:
+  - `global/`: Applied to all hosts.
+  - `servers/`: Applied to server hosts.
+  - `workstations/`: Applied to workstation hosts.
+- **Services:** Docker services are defined in `ansible/tasks/servers/services/`.
+
+### CLI Tool (`dotf`)
+
+- **Location:** `bin/dotf` (entry point) and `bin/actions/` (logic).
+- **Purpose:** Abstracts complex `home-manager` and `ansible-playbook` commands.
+
+## Critical Workflows
+
+### Applying Changes
+
+Do not run `home-manager` or `ansible-playbook` directly unless debugging. Use the `dotf` CLI:
+
+- **Update everything:** `dotf update`
+- **Update only Home Manager:** `dotf update --ha`
+- **Update only Ansible:** `dotf update --ansible`
+- **Run specific Ansible tags:** `dotf update --tags <tag_name>` (e.g., `dotf update --tags caddy`)
+
+### Adding Packages
+
+1. Identify if the package is for `common`, `server`, or `workstation`.
+2. Edit the corresponding `packages/<type>/packages.nix`.
+3. Add the package name to the `home.packages` list.
+
+### Adding Services (Servers)
+
+1. Create a new YAML file in `ansible/tasks/servers/services/<service_name>/`.
+2. Define the Docker container and related configuration.
+3. Ensure the task is imported in `ansible/tasks/servers/server.yml` (or the relevant parent file).
+
+## Conventions & Patterns
+
+- **Secrets:** Use 1Password integration. Secrets are fetched via the custom lookup plugin or `op` CLI.
+- **Host-Specific Logic:**
+  - **Nix:** Use the `isServer` argument or check `hostname` in modules.
+  - **Ansible:** Use `when: inventory_hostname in [...]` or group-based imports in `playbook.yml`.
+- **Path References:** Use `{{ playbook_dir }}` in Ansible and relative paths in Nix.
+- **Python Scripts:** Located in `bin/`, use `helpers.functions` for common output formatting (`printfe`).
+
+## Key Files
+
+- `flake.nix`: Host definitions.
+- `home.nix`: Main Home Manager config.
+- `ansible/playbook.yml`: Main Ansible playbook.
+- `bin/actions/update.py`: The update logic implementation.

ansible/tasks/servers/services/dashy/conf.yml.j2

@@ -30,8 +30,7 @@ sections:
         url: https://drive.mvl.sh
         id: 3_1035_nxtcld
         statusCheck: true
-      - title: ComfyUI
+      - title: SD.Next / ComfyUI
-        icon: http://mennos-server:8188/assets/favicon.ico
         url: http://mennos-server:8188
         statusCheckUrl: http://host.docker.internal:8188/api/system_stats
         id: 3_1035_comfyui

config/git.nix

@@ -1,6 +1,5 @@
 {
   config,
-  pkgs,
   lib,
   ...
 }:
@@ -10,14 +9,17 @@
     enable = true;
 
     # Basic configuration
-    userName = "Menno van Leeuwen";
-    userEmail = "menno@vleeuwen.me";
     signing = lib.mkIf (!config.isServer) {
       key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+sKpcREOUjwMMSzEWAso6830wbOi8kUxqpuXWw5gHr";
     };
 
-    # Git settings
+    # Git settings (migrated to `programs.git.settings` for Nix 25.11+)
-    extraConfig = {
+    settings = {
+      user = {
+        name = "Menno van Leeuwen";
+        email = "menno@vleeuwen.me";
+      };
+
       init = {
         defaultBranch = "main";
       };
@@ -108,10 +110,9 @@
       protocol = {
         version = 2;
       };
-    };
 
-    # Git aliases
+      # Git aliases moved under `settings.alias` per Nix 25.11
-    aliases = {
+      alias = {
         # Status and info
         st = "status -sb";
         s = "status";
@@ -196,6 +197,7 @@
         # Ignore
         ignore = "!gi() { curl -sL https://www.toptal.com/developers/gitignore/api/$@ ;}; gi";
       };
+    };
 
     # Global gitignore
     ignores = [
@@ -246,7 +248,7 @@
   };
 
   # Delta for better git diffs
-  programs.git.delta = {
+  programs.delta = {
     enable = true;
     options = {
       features = "decorations";

config/ssh.nix

@@ -3,6 +3,10 @@
 {
   programs.ssh = {
     enable = true;
+    enableDefaultConfig = false;
+
+    matchBlocks = {
+      "*" = {
         compression = true;
         serverAliveInterval = 60;
         serverAliveCountMax = 3;
@@ -11,6 +15,8 @@
         controlPath = "~/.ssh/master-%r@%n:%p";
         controlMaster = "auto";
         controlPersist = "600";
+      };
+    };
 
     # Include custom configs from 1Password (See packages/common/secrets.nix)
     includes = [

flake.lock

@@ -25,32 +25,32 @@
         ]
       },
       "locked": {
-        "lastModified": 1763992789,
+        "lastModified": 1765384171,
-        "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=",
+        "narHash": "sha256-FuFtkJrW1Z7u+3lhzPRau69E0CNjADku1mLQQflUORo=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3",
+        "rev": "44777152652bc9eacf8876976fa72cc77ca8b9d8",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-25.05",
+        "ref": "release-25.11",
         "repo": "home-manager",
         "type": "github"
       }
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1765363881,
+        "lastModified": 1765311797,
-        "narHash": "sha256-3C3xWn8/2Zzr7sxVBmpc1H1QfxjNfta5IMFe3O9ZEPw=",
+        "narHash": "sha256-mSD5Ob7a+T2RNjvPvOA1dkJHGVrNVl8ZOrAwBjKBDQo=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "d2b1213bf5ec5e62d96b003ab4b5cbc42abfc0d0",
+        "rev": "09eb77e94fa25202af8f3e81ddc7353d9970ac1b",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-25.05",
+        "ref": "nixos-25.11",
         "repo": "nixpkgs",
         "type": "github"
       }

flake.nix

@@ -2,9 +2,9 @@
   description = "menno's dotfiles";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
     home-manager = {
-      url = "github:nix-community/home-manager/release-25.05";
+      url = "github:nix-community/home-manager/release-25.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     opnix.url = "github:brizzbuzz/opnix";

home.nix

@@ -45,7 +45,7 @@
     home = {
       username = "menno";
       homeDirectory = "/home/menno";
-      stateVersion = "25.05";
+      stateVersion = "25.11";
       sessionVariables = {
         PATH = "${config.home.homeDirectory}/go/bin:$PATH";
         DOTFILES_PATH = "${config.home.homeDirectory}/.dotfiles";

packages/common/packages.nix

@@ -1,6 +1,5 @@
 {
   pkgs,
-  hostname,
   ...
 }:
 {
@@ -31,7 +30,7 @@
     eza # Modern ls
     bat # Modern cat
     broot # Interactive directory navigator
-    du-dust # Modern du
+    dust # Modern du
     duf # Modern df
     zip
     unzip

packages/workstation/packages.nix

@@ -26,7 +26,7 @@ in
     scrcpy
 
     ## Multimedia
-    plex-media-player
+    plex-desktop
     vlc
 
     ## Astronomy

setup.sh

@@ -4,7 +4,7 @@ set -euo pipefail
 IFS=$'\n\t'
 
 # Constants
-readonly NIXOS_RELEASE="25.05"                                      # Home Manager release version (Must match NixOS version)
+readonly NIXOS_RELEASE="25.11"                                      # Home Manager release version (Must match NixOS version)
 readonly GIT_REPO="https://git.mvl.sh/vleeuwenmenno/dotfiles.git"   # Dotfiles repository URL
 readonly DOTFILES_PATH="${HOME}/.dotfiles"                          # Dotfiles directory
 readonly SETUP_MARKER="${HOME}/.dotfiles-setup"                     # Setup marker file indicates setup has been run

workstation/snapd.nix

@@ -1,17 +1,10 @@
 { config, lib, ... }:
 
-let
-  # Merge our session variable into any existing ones, if present.
-  existingSessionVars = config.home.sessionVariables or {};
-  sessionVars = existingSessionVars // {
-    # Prepend snap desktop dir so snap-provided .desktop files are discovered by desktop environments.
-    # We include `$XDG_DATA_DIRS` to preserve any previously-set value at runtime.
-    XDG_DATA_DIRS = "/var/lib/snapd/desktop:$XDG_DATA_DIRS";
-  };
-in
 {
   config = {
-    # Use mkForce to ensure this module's value takes precedence when modules are merged.
+    # Prepend snap desktop dir so snap-provided .desktop files are discovered by desktop environments.
-    home.sessionVariables = lib.mkForce sessionVars;
+    # We include `$XDG_DATA_DIRS` to preserve any previously-set value at runtime.
+    # Avoid reading `config.home.sessionVariables` here to prevent evaluation recursion.
+    home.sessionVariables.XDG_DATA_DIRS = "/var/lib/snapd/desktop:$XDG_DATA_DIRS";
   };
 }