refactor: update dotfiles paths and remove obsolete configurations

.bashrc

@@ -73,9 +73,10 @@ if [[ $(uname -a) == *"microsoft-standard-WSL2"* ]]; then
 fi
 
 # PATH Manipulation
+export DOTFILES_PATH=$HOME/.dotfiles
 export PATH=$PATH:$HOME/.local/bin
 export PATH=$PATH:$HOME/.cargo/bin
-export PATH=$PATH:$HOME/dotfiles/bin
+export PATH=$PATH:$DOTFILES_PATH/bin
 
 # Add flatpak to XDG_DATA_DIRS
 export XDG_DATA_DIRS=$XDG_DATA_DIRS:/usr/share:/var/lib/flatpak/exports/share:$HOME/.local/share/flatpak/exports/share
@@ -98,9 +99,6 @@ if [ -d "/home/menno/Projects/Work" ]; then
     export TRADAWARE_DEVOPS=true
 fi
 
-# Flutter Web and other tools that require Chrome
-export CHROME_EXECUTABLE=$(which brave-browser)
-
 # 1Password Source Plugin (Assuming bash compatibility)
 if [ -f /home/menno/.config/op/plugins.sh ]; then
     source /home/menno/.config/op/plugins.sh
@@ -121,7 +119,7 @@ if [ -f "$HOME/.nix-profile/etc/profile.d/hm-session-vars.sh" ]; then
 fi
 
 # Source agent-bridge script for 1password
-source $HOME/dotfiles/bin/1password-agent-bridge.sh
+source $DOTFILES_PATH/bin/1password-agent-bridge.sh
 
 # zoxide if available
 if command -v zoxide &> /dev/null; then

.vscode/settings.json

@@ -7,8 +7,8 @@
         "**/.DS_Store": true,
         "**/*.sha256": true,
     },
-    "ansible.python.interpreterPath": "/usr/bin/python",
     "files.associations": {
         "*.yml": "ansible"
-    }
+    },
+    "ansible.python.interpreterPath": "/usr/bin/python3"
 }

bin/1password-agent-bridge.sh

@@ -1,4 +1,4 @@
-source $HOME/dotfiles/bin/helpers/functions.sh
+source $DOTFILES_PATH/bin/helpers/functions.sh
 export SSH_AUTH_SOCK=$HOME/.1password/agent.sock
 
 # Check if is_wsl function returns true, don't continue if we are not on WSL

bin/actions/auto-start.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-source $HOME/dotfiles/bin/helpers/functions.sh
+source $DOTFILES_PATH/bin/helpers/functions.sh
 
 # Define associative array with app_name => command mapping
 declare -A apps=(

bin/actions/hello.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-source $HOME/dotfiles/bin/helpers/functions.sh
+source $HOMEsource $DOTFILES_PATH/bin/helpers/functions.sh
 
 welcome() {
   echo

bin/actions/help.sh

@@ -1,10 +1,10 @@
 #!/usr/bin/env bash
 
-source $HOME/dotfiles/bin/helpers/functions.sh
+source $DOTFILES_PATH/bin/helpers/functions.sh
 
 # Print logo
 logo
 
 # Print help
-cat $HOME/dotfiles/bin/resources/help.txt
+cat $DOTFILES_PATH/bin/resources/help.txt
 println " " "cyan"

bin/actions/secrets.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-source $HOME/dotfiles/bin/helpers/functions.sh
+source $DOTFILES_PATH/bin/helpers/functions.sh
 
 if is_wsl; then
     output=$(op.exe item get "Dotfiles Secrets" --fields password)
@@ -111,8 +111,8 @@ decrypt_folder() {
 
 if [[ "$1" == "decrypt" ]]; then
     printfe "%s\n" "cyan" "Decrypting secrets..."
-    decrypt_folder ~/dotfiles/secrets
+    decrypt_folder $DOTFILES_PATH/secrets
 elif [[ "$1" == "encrypt" ]]; then
     printfe "%s\n" "cyan" "Encrypting secrets..."
-    encrypt_folder ~/dotfiles/secrets
+    encrypt_folder $DOTFILES_PATH/secrets
 fi

bin/actions/update.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-source $HOME/dotfiles/bin/helpers/functions.sh
+source $DOTFILES_PATH/bin/helpers/functions.sh
 
 help() {
   printfe "%s\n" "green" "Usage: upgrade.sh [options]"
@@ -45,14 +45,14 @@ printfe "%s\n" "cyan" "Limiting to $CORES cores with $JOBS jobs."
 
 if [[ "$RUN_HA" == true ]]; then
   printfe "%s\n" "cyan" "Updating Home Manager flake..."
-  cd $HOME/dotfiles/config/home-manager && nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update
+  cd $DOTFILES_PATH/config/home-manager && nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update
 
   if command -v home-manager &> /dev/null; then
     printfe "%s\n" "cyan" "Cleaning old backup files..."
     rm -rf $HOME/.config/mimeapps.list.backup
 
     printfe "%s\n" "cyan" "Upgrading Home Manager packages..."
-    cd $HOME/dotfiles/config/home-manager && NIXPKGS_ALLOW_UNFREE=1 home-manager --extra-experimental-features nix-command --extra-experimental-features flakes switch -b backup --flake .#$HOSTNAME --impure --cores $CORES -j $JOBS
+    cd $DOTFILES_PATH/config/home-manager && NIXPKGS_ALLOW_UNFREE=1 home-manager --extra-experimental-features nix-command --extra-experimental-features flakes switch -b backup --flake .#$HOSTNAME --impure --cores $CORES -j $JOBS
 
     if [[ $? -ne 0 ]]; then
       printfe "%s\n" "red" "Failed to upgrade Home Manager packages."
@@ -76,7 +76,7 @@ if [[ "$RUN_ANSIBLE" == true ]]; then
   fi
   
   printfe "%s\n" "cyan" "Running Ansible playbook..."
-  cd $HOME/dotfiles/config/ansible && ansible-playbook -i $HOME/dotfiles/config/ansible/inventory.ini $HOME/dotfiles/config/ansible/main.yml --extra-vars "hostname=$HOSTNAME" --extra-vars "ansible_user=$USER" --limit $HOSTNAME --ask-become-pass ${ANSIBLE_VERBOSE:+-vvv}
+  cd $DOTFILES_PATH/config/ansible && ansible-playbook -i $DOTFILES_PATH/config/ansible/inventory.ini $DOTFILES_PATH/config/ansible/main.yml --extra-vars "hostname=$HOSTNAME" --extra-vars "ansible_user=$USER" --limit $HOSTNAME --ask-become-pass ${ANSIBLE_VERBOSE:+-vvv}
   
   if [[ $? -ne 0 ]]; then
     printfe "%s\n" "red" "Failed to upgrade Ansible packages."

bin/dotf

@@ -5,7 +5,7 @@ set -euo pipefail
 IFS=$'\n\t'
 
 # Script constants
-readonly DOTFILES_ROOT="$HOME/dotfiles"
+readonly DOTFILES_ROOT="$HOME/.dotfiles"
 readonly DOTFILES_BIN="$DOTFILES_ROOT/bin"
 
 # Source helper functions

bin/helpers/flatpak_packages.sh

@@ -1,55 +0,0 @@
-#!/usr/bin/env bash
-
-source $HOME/dotfiles/bin/helpers/functions.sh
-
-ensure_flatpak_packages_installed() {
-    flatpak_packages=($(ls $HOME/dotfiles/config/flatpaks/ | sed 's/.flatpakref//g'))
-
-    for package in "${flatpak_packages[@]}"; do
-        if ! flatpak list | grep -q $package; then
-            printfe "%s\n" "cyan" "    - Installing $package..."
-            flatpak install -y flathub $package
-
-            if [ $? -eq 0 ]; then
-                printfe "%s\n" "green" "    - $package installed successfully"
-            else
-                printfe "%s\n" "red" "    - $package failed to install"
-            fi
-        else
-            printfe "%s\n" "green" "    - $package is already installed"
-        fi
-    done
-}
-
-print_flatpak_status() {
-    if is_wsl; then
-        printfe "%s\n" "yellow" "Running in WSL, skipping Flatpak packages check."
-        return
-    fi
-
-    printfe "%s" "cyan" "Checking Flatpak packages..."
-    clear_line
-
-    flatpak_packages=($(ls $HOME/dotfiles/config/flatpaks/ | sed 's/.flatpakref//g'))
-
-    count=$(echo $flatpak_packages | wc -w)
-    installed=0
-
-    for package in "${flatpak_packages[@]}"; do
-        if flatpak list | grep -q $package; then
-            installed=$((installed + 1))
-        else
-            if [ "$verbose" = true ]; then
-                printfe "%s\n" "red" "$package is not installed"
-            fi
-        fi
-    done
-
-    printfe "%s" "cyan" "Flatpak"
-    if [ $installed -eq $count ]; then
-        printfe "%s" "green" " $installed/$count "
-    else
-        printfe "%s" "red" " $installed/$count "
-    fi
-    printfe "%s\n" "cyan" "packages installed"
-}

bin/helpers/functions.sh

@@ -22,16 +22,16 @@ logo() {
     fi
 
     # Print if repo is dirty and the count of untracked files, modified files and staged files
-    if [[ $(git -C ~/dotfiles status --porcelain) ]]; then
+    if [[ $(git -C $DOTFILES_PATH status --porcelain) ]]; then
         printfe "%s" "yellow" "dotfiles is dirty "
-        printfe "%s" "red" "[$(git -C ~/dotfiles status --porcelain | grep -c '^??')] untracked "
+        printfe "%s" "red" "[$(git -C $DOTFILES_PATH status --porcelain | grep -c '^??')] untracked "
-        printfe "%s" "yellow" "[$(git -C ~/dotfiles status --porcelain | grep -c '^ M')] modified "
+        printfe "%s" "yellow" "[$(git -C $DOTFILES_PATH status --porcelain | grep -c '^ M')] modified "
-        printfe "%s" "green" "[$(git -C ~/dotfiles status --porcelain | grep -c '^M ')] staged "
+        printfe "%s" "green" "[$(git -C $DOTFILES_PATH status --porcelain | grep -c '^M ')] staged "
     fi
 
-    printfe "%s" "blue" "[$(git -C ~/dotfiles rev-parse --short HEAD)] "
+    printfe "%s" "blue" "[$(git -C $DOTFILES_PATH rev-parse --short HEAD)] "
-    if [[ $(git -C ~/dotfiles log origin/master..HEAD) ]]; then
+    if [[ $(git -C $DOTFILES_PATH log origin/master..HEAD) ]]; then
-        printfe "%s" "yellow" "[!] You have $(git -C ~/dotfiles log origin/master..HEAD --oneline | wc -l | tr -d ' ') commit(s) to push"
+        printfe "%s" "yellow" "[!] You have $(git -C $DOTFILES_PATH log origin/master..HEAD --oneline | wc -l | tr -d ' ') commit(s) to push"
     fi
 
     println "" "normal"

config/ansible/tasks/global/symlinks.yml

@@ -10,11 +10,11 @@
     force: true
     follow: false
   loop:
-    - { src: "~/dotfiles/config/home-manager", dest: "~/.config/home-manager" }
+    - { src: "$DOTFILES_PATH/config/home-manager", dest: "~/.config/home-manager" }
-    - { src: "~/dotfiles/vscode/settings.json", dest: "~/.config/Code/User/settings.json" }
+    - { src: "$DOTFILES_PATH/vscode/settings.json", dest: "~/.config/Code/User/settings.json" }
-    - { src: "~/dotfiles/config/ssh/config", dest: "~/.ssh/config" }
+    - { src: "$DOTFILES_PATH/config/ssh/config", dest: "~/.ssh/config" }
-    - { src: "~/dotfiles/config/ssh/config.d", dest: "~/.ssh/config.d" }
+    - { src: "$DOTFILES_PATH/config/ssh/config.d", dest: "~/.ssh/config.d" }
-    - { src: "~/dotfiles/config/starship.toml", dest: "~/.config/starship.toml" }
+    - { src: "$DOTFILES_PATH/config/starship.toml", dest: "~/.config/starship.toml" }
 
 - name: Create gitconfig symlink
   ansible.builtin.file:
@@ -25,11 +25,11 @@
     follow: false
   vars:
     gitconfig_mapping:
-      mennos-desktop: "~/dotfiles/config/git/gitconfig.linux"
+      mennos-desktop: "$DOTFILES_PATH/config/git/gitconfig.linux"
-      mennos-laptop: "~/dotfiles/config/git/gitconfig.linux"
+      mennos-laptop: "$DOTFILES_PATH/config/git/gitconfig.linux"
-      mennos-server: "~/dotfiles/config/git/gitconfig.mennos-server"
+      mennos-server: "$DOTFILES_PATH/config/git/gitconfig.mennos-server"
-      mennos-vm: "~/dotfiles/config/git/gitconfig.mennos-server"
+      mennos-vm: "$DOTFILES_PATH/config/git/gitconfig.mennos-server"
-      mennos-hobbypc: "~/dotfiles/config/git/gitconfig.linux"
+      mennos-hobbypc: "$DOTFILES_PATH/config/git/gitconfig.linux"
 
 - name: Create SSH authorized_keys symlink
   ansible.builtin.file:
@@ -40,8 +40,8 @@
     follow: false
   vars:
     authorized_keys_mapping:
-      mennos-desktop: "~/dotfiles/config/ssh/authorized_keys/mennos-desktop"
+      mennos-desktop: "$DOTFILES_PATH/config/ssh/authorized_keys/mennos-desktop"
-      mennos-laptop: "~/dotfiles/config/ssh/authorized_keys/mennos-laptop"
+      mennos-laptop: "$DOTFILES_PATH/config/ssh/authorized_keys/mennos-laptop"
-      mennos-server: "~/dotfiles/config/ssh/authorized_keys/mennos-server"
+      mennos-server: "$DOTFILES_PATH/config/ssh/authorized_keys/mennos-server"
-      mennos-vm: "~/dotfiles/config/ssh/authorized_keys/mennos-server"
+      mennos-vm: "$DOTFILES_PATH/config/ssh/authorized_keys/mennos-server"
-      mennos-hobbypc: "~/dotfiles/config/ssh/authorized_keys/mennos-hobbypc"
+      mennos-hobbypc: "$DOTFILES_PATH/config/ssh/authorized_keys/mennos-hobbypc"

config/ansible/tasks/global/tailscale.yml

@@ -1,19 +1,13 @@
-- name: Ensure Tailscale is installed
-  ansible.builtin.package:
-    name: tailscale
-    state: present
-  become: true
-
 - name: Check if Tailscale is installed
-  ansible.builtin.command: tailscale
+  ansible.builtin.command: which tailscale
   register: tailscale_check
   changed_when: false
   failed_when: false
 
-- name: Install Tailscale
+- name: Install Tailscale using curl script
-  ansible.builtin.command: tailscale up
+  ansible.builtin.shell: curl -fsSL https://tailscale.com/install.sh | sh
   args:
-    creates: /var/lib/tailscale/tailscaled.state
+    creates: /usr/bin/tailscale
   when: tailscale_check.rc != 0
   become: true
 

config/ansible/tasks/workstations/1password-zen-browser.yml

@@ -0,0 +1,40 @@
+- name: Check if 1Password is installed
+  ansible.builtin.command: 1password --version
+  register: onepassword_check
+  changed_when: false
+  failed_when: false
+
+- name: Check if 1Password is running anywhere
+  ansible.builtin.command: pgrep 1password
+  register: onepassword_running
+  changed_when: false
+  failed_when: false
+
+- name: Kill any running 1Password instances
+  ansible.builtin.command: pkill 1password
+  when: onepassword_running.stdout != ""
+  changed_when: onepassword_running.stdout != ""
+
+- name: Ensure 1Password custom allowed browsers directory exists
+  ansible.builtin.file:
+    path: /etc/1password
+    state: directory
+    mode: '0755'
+  become: true
+
+- name: Add Zen browser to 1Password custom allowed browsers
+  ansible.builtin.copy:
+    content: |
+      ZenBrowser
+      zen-browser
+      app.zen_browser.zen
+      zen
+    dest: /etc/1password/custom_allowed_browsers
+    owner: root
+    group: root
+    mode: '0755'
+  become: true
+
+- name: If 1Password was running, restart it
+  ansible.builtin.command: screen -dmS 1password 1password
+  when: onepassword_running.stdout != ""

config/ansible/tasks/workstations/1password.yml

@@ -1,43 +0,0 @@
-- name: Import 1Password GPG key (RPM)
-  ansible.builtin.rpm_key:
-    key: https://downloads.1password.com/linux/keys/1password.asc
-    state: present
-  when: ansible_pkg_mgr == "yum" or ansible_pkg_mgr == "dnf"
-
-- name: Import 1Password GPG key (APT)
-  ansible.builtin.apt_key:
-    url: https://downloads.1password.com/linux/keys/1password.asc
-    state: present
-  when: ansible_pkg_mgr == "apt"
-
-- name: Add 1Password repository (RPM)
-  ansible.builtin.copy:
-    content: |
-      [1password]
-      name=1Password Stable Channel
-      baseurl=https://downloads.1password.com/linux/rpm/stable/$basearch
-      enabled=1
-      gpgcheck=1
-      repo_gpgcheck=1
-      gpgkey=https://downloads.1password.com/linux/keys/1password.asc
-    dest: /etc/yum.repos.d/1password.repo
-    mode: '0644'
-  when: ansible_pkg_mgr == "yum" or ansible_pkg_mgr == "dnf"
-
-- name: Add 1Password repository (APT)
-  ansible.builtin.apt_repository:
-    repo: deb [arch=amd64] https://downloads.1password.com/linux/debian stable main
-    state: present
-  when: ansible_pkg_mgr == "apt"
-
-- name: Install 1Password CLI (RPM)
-  ansible.builtin.package:
-    name: 1password-cli
-    state: present
-  when: ansible_pkg_mgr == "yum" or ansible_pkg_mgr == "dnf"
-
-- name: Install 1Password CLI (APT)
-  ansible.builtin.package:
-    name: 1password-cli
-    state: present
-  when: ansible_pkg_mgr == "apt"

config/ansible/tasks/workstations/brave.yml

@@ -1,18 +0,0 @@
-- name: Check if Brave is installed
-  ansible.builtin.command: brave-browser --version
-  register: brave_check
-  changed_when: false
-  failed_when: false
-
-- name: Download Brave Browser install script
-  ansible.builtin.get_url:
-    url: https://dl.brave.com/install.sh
-    dest: /tmp/install_brave.sh
-    mode: '0755'
-  when: brave_check.rc != 0
-
-- name: Install Brave Browser
-  ansible.builtin.command: bash -c 'set -o pipefail && /tmp/install_brave.sh -y'
-  when: brave_check.rc != 0
-  args:
-    creates: /usr/bin/brave-browser

config/ansible/tasks/workstations/flatpaks.yml

@@ -1,3 +1,16 @@
+- name: Check if Flatpak is installed
+  ansible.builtin.command: which flatpak
+  register: flatpak_check
+  changed_when: false
+  failed_when: false
+
+- name: Install Flatpak
+  ansible.builtin.package:
+    name: flatpak
+    state: present
+  become: true
+  when: flatpak_check.rc != 0
+
 - name: Add Flathub remote repository
   community.general.flatpak_remote:
     name: flathub
@@ -14,42 +27,22 @@
   register: system_remotes
   changed_when: false
 
-- name: Get list of user installed Flatpaks
-  ansible.builtin.command: flatpak list --user --app --columns=application
-  register: installed_user_flatpaks
-  changed_when: false
-
-- name: Get list of user remotes
-  ansible.builtin.command: flatpak remote-list --user --columns=name
-  register: user_remotes
-  changed_when: false
-
-
 - name: Define system desired Flatpaks
   ansible.builtin.set_fact:
     desired_system_flatpaks:
       - org.fkoehler.KTailctl
       - com.spotify.Client
       - org.gnome.Extensions
-      - com.tomjwatson.Emote
       - io.github.openhv.OpenHV
-      - com.github.k4zmu2a.spacecadetpinball
       - com.usebottles.bottles
       - io.github.shiftey.Desktop
-      - org.fedoraproject.MediaWriter
       - com.github.tchx84.Flatseal
-      - de.haeckerfelix.Shortwave
-      - io.github.thetumultuousunicornofdarkness.cpu-x
-      - org.gnome.Crosswords
       - com.github.wwmm.easyeffects
       - dev.bragefuglseth.Keypunch
       - org.onlyoffice.desktopeditors
-      - com.jeffser.Alpaca
-      - info.beyondallreason.bar
       - io.gitlab.adhami3310.Impression
       - org.prismlauncher.PrismLauncher
       - io.ente.auth
-      - org.signal.Signal
       - io.github.fastrizwaan.WineZGUI
       - net.davidotek.pupgui2
       - tv.plex.PlexDesktop
@@ -63,35 +56,17 @@
       - page.tesk.Refine
       - io.github.flattool.Ignition
       - io.github.bytezz.IPLookup
-      - com.github.marhkb.Pods
       - io.github.giantpinkrobots.varia
       - io.bassi.Amberol
       - org.gaphor.Gaphor
       - io.github.seadve.Mousai
+      - info.beyondallreason.bar
+      - com.jeffser.Alpaca
 
 - name: Define system desired Flatpak remotes
   ansible.builtin.set_fact:
     desired_system_flatpak_remotes:
       - flathub
-      - fedora
-
-- name: Define user desired Flatpaks
-  ansible.builtin.set_fact:
-    desired_user_flatpaks:
-      - com.discordapp.Discord
-      - io.github.moonlight_mod.moonlight-installer
-
-- name: Define user desired Flatpak remotes
-  ansible.builtin.set_fact:
-    desired_user_flatpak_remotes:
-      - flathub
-
-- name: Add desired user Flatpak remotes
-  community.general.flatpak_remote:
-    name: "{{ item }}"
-    state: present
-    method: user
-  loop: "{{ desired_user_flatpak_remotes }}"
 
 - name: Add desired system Flatpak remotes
   community.general.flatpak_remote:
@@ -100,13 +75,6 @@
     method: system
   loop: "{{ desired_system_flatpak_remotes }}"
 
-- name: Remove undesired user Flatpak remotes
-  community.general.flatpak_remote:
-    name: "{{ item }}"
-    state: absent
-    method: user
-  loop: "{{ user_remotes.stdout_lines | difference(desired_user_flatpak_remotes) }}"
-
 - name: Remove undesired system Flatpak remotes
   community.general.flatpak_remote:
     name: "{{ item }}"
@@ -114,13 +82,6 @@
     method: system
   loop: "{{ system_remotes.stdout_lines | difference(desired_system_flatpak_remotes) }}"
 
-- name: Install desired user Flatpaks
-  community.general.flatpak:
-    name: "{{ item }}"
-    state: present
-    method: user
-  loop: "{{ desired_user_flatpaks }}"
-
 - name: Install/Upgrade Flatpak packages
   community.general.flatpak:
     name: "{{ item }}"
@@ -128,13 +89,6 @@
     method: system
   loop: "{{ desired_system_flatpaks }}"
 
-- name: Remove undesired user Flatpaks
-  community.general.flatpak:
-    name: "{{ item }}"
-    state: absent
-    method: user
-  loop: "{{ installed_user_flatpaks.stdout_lines | difference(desired_user_flatpaks) }}"
-
 - name: Remove undesired system Flatpaks
   community.general.flatpak:
     name: "{{ item }}"

config/ansible/tasks/workstations/snaps.yml

@@ -29,10 +29,18 @@
       - gnome-3-28-1804
       - gnome-3-34-1804
       - gnome-3-38-2004
+      - gnome-42-2204
+      - desktop-security-center
+      - firmware-updater
+      - prompting-client
+      - snap-store
+      - snapd-desktop-integration
 
 - name: Define desired Snaps
   ansible.builtin.set_fact:
     desired_snaps:
+      - name: firefox
+        classic: false
       - name: bitwarden
         classic: false
       - name: bw
@@ -51,7 +59,14 @@
 - name: Remove undesired Snap packages
   ansible.builtin.command: "snap remove {{ item }}"
   become: true
-  loop: "{{ installed_snaps.stdout_lines[1:] | map('split', ' ') | map('first') | difference(desired_snaps | map(attribute='name')) | difference(system_snaps) }}"
+  loop: >-
+    {{
+      installed_snaps.stdout_lines[1:]
+      | map('split', ' ')
+      | map('first')
+      | difference(desired_snaps | map(attribute='name'))
+      | difference(system_snaps)
+    }}
   register: snap_remove
   changed_when: snap_remove.rc == 0
   failed_when:

config/ansible/tasks/workstations/ulauncher.yml

@@ -2,7 +2,7 @@
   ansible.builtin.package:
     name:
       - ulauncher
-      - python3-pytz
+      # - python3-pytz
       - python3-tornado
       - python3-docker
       - python3-requests
@@ -27,7 +27,9 @@
     mode: '0644'
   vars:
     ulauncher_settings:
-      blacklisted-desktop-dirs: "/usr/share/locale:/usr/share/app-install:/usr/share/kservices5:/usr/share/fk5:/usr/share/kservicetypes5:/usr/share/applications/screensavers:/usr/share/kde4:/usr/share/mimelnk"
+      blacklisted-desktop-dirs: >
+        /usr/share/locale:/usr/share/app-install:/usr/share/kservices5:/usr/share/fk5:/usr/share/kservicetypes5:
+        /usr/share/applications/screensavers:/usr/share/kde4:/usr/share/mimelnk
       clear-previous-query: true
       disable-desktop-filters: false
       grab-mouse-pointer: false

config/ansible/tasks/workstations/vscode.yml

@@ -1,9 +1,14 @@
-- name: Import Microsoft GPG key
+- name: Gather OS facts
+  ansible.builtin.setup:
+    filter: ansible_distribution
+  register: os_facts
+
+- name: Import Microsoft GPG key (Fedora)
   ansible.builtin.rpm_key:
     key: https://packages.microsoft.com/keys/microsoft.asc
-    state: present
+  when: os_facts.ansible_facts.ansible_distribution == 'Fedora'
 
-- name: Add VSCode repository
+- name: Add VSCode repository (Fedora)
   ansible.builtin.copy:
     content: |
       [code]
@@ -14,6 +19,19 @@
       gpgkey=https://packages.microsoft.com/keys/microsoft.asc
     dest: /etc/yum.repos.d/vscode.repo
     mode: '0644'
+  when: os_facts.ansible_facts.ansible_distribution == 'Fedora'
+
+- name: Add VSCode repository (Ubuntu/Debian)
+  ansible.builtin.apt_repository:
+    repo: 'deb [arch=amd64] https://packages.microsoft.com/repos/vscode stable main'
+    state: present
+  when: os_facts.ansible_facts.ansible_distribution in ['Ubuntu', 'Debian']
+
+- name: Import Microsoft GPG key (Ubuntu/Debian)
+  ansible.builtin.apt_key:
+    url: https://packages.microsoft.com/keys/microsoft.asc
+    state: present
+  when: os_facts.ansible_facts.ansible_distribution in ['Ubuntu', 'Debian']
 
 - name: Check if VSCode is installed
   ansible.builtin.command: code --version
@@ -21,8 +39,14 @@
   changed_when: false
   failed_when: false
 
-- name: Install VSCode
+- name: Install VSCode (Fedora)
   ansible.builtin.package:
     name: code
     state: present
-  when: vscode_check.rc != 0
+  when: vscode_check.rc != 0 and os_facts.ansible_facts.ansible_distribution == 'Fedora'
+
+- name: Install VSCode (Ubuntu/Debian)
+  ansible.builtin.apt:
+    name: code
+    state: present
+  when: vscode_check.rc != 0 and os_facts.ansible_facts.ansible_distribution in ['Ubuntu', 'Debian']

config/ansible/tasks/workstations/workstation.yml

@@ -11,46 +11,34 @@
   ansible.builtin.import_tasks: tasks/workstations/vscode.yml
   become: true
 
-- name: Include Brave tasks
-  ansible.builtin.import_tasks: tasks/workstations/brave.yml
-  become: true
-
 - name: Include Zen browser tasks
   ansible.builtin.import_tasks: tasks/workstations/zen-browser.yml
+  vars:
+    browser_name: "zen"
+    browser_executable: "zen"
+
+- name: Include 1Password Zen Browser tasks
+  ansible.builtin.import_tasks: tasks/workstations/1password-zen-browser.yml
 
 - name: Include Ulauncher tasks
   ansible.builtin.import_tasks: tasks/workstations/ulauncher.yml
 
-- name: Include 1Password tasks
-  ansible.builtin.import_tasks: tasks/workstations/1password.yml
-  become: true
-
 - name: Ensure common packages are installed
   ansible.builtin.package:
     name:
-      # Flatpak package manager, used for various applications
+      ###### THE FOLLOWING PACKAGES ARE DISABLED DUE TO MISSING ON UBUNTU REPOS ######
-      - flatpak
       # Required by Pano - Clipboard Manager (GNOME Extension)
-      - libgda
+      # - libgda
-      - libgda-sqlite
+      # - libgda-sqlite
       # Required by Bubblemail - Email Notifications (GNOME Extension)
-      - bubblemail
+      # - bubblemail
+      # Steam and it's dependencies
+      # - steam
+      # - steam-devices
+      ################################################################################
       # Statistics HUD for gaming
       - mangohud
-      # Steam and it's dependencies
-      - steam
-      - steam-devices
-      # Missing icons in GNOME Shell (If not working, reset your icon theme with `gsettings reset gsettings reset org.gnome.desktop.interface icon-theme`)
-      - gdk-pixbuf2-modules-extra
-      - adwaita-icon-theme
-      - gnome-icon-theme
       # Used for VSCode Extensions
-      - nodejs20
+      - nodejs
     state: present
   become: true
-
-- name: Regenerate GNOME Icon Cache
-  ansible.builtin.command:
-    cmd: gtk-update-icon-cache /usr/share/icons/gnome
-    creates: /usr/share/icons/gnome/icon-theme.cache
-  become: true

config/ansible/tasks/workstations/zen-browser.yml

@@ -1,14 +1,64 @@
-- name: Check if Zen browser is installed
+- name: Set Zen browser version
-  stat:
+  ansible.builtin.set_fact:
-    path: ~/.local/share/AppImage/ZenBrowser.AppImage
+    zen_browser_version: "1.8.2b"
-  register: zen_browser_installed
 
-- name: Install Zen browser
+- name: Create directory for browser
-  ansible.builtin.command: >
+  ansible.builtin.file:
-    echo "1" | bash <(curl https://updates.zen-browser.app/appimage.sh)
+    path: "/opt/{{ browser_name }}"
-  when: not zen_browser_installed.stat.exists
+    state: directory
+    mode: '0755'
+  become: true
 
-- name: Update Zen browser
+- name: Download Zen browser tarball
-  ansible.builtin.command: >
+  ansible.builtin.get_url:
-    echo "3" | bash <(curl https://updates.zen-browser.app/appimage.sh)
+    url: "https://github.com/zen-browser/desktop/releases/download/{{ zen_browser_version }}/zen.linux-x86_64.tar.xz"
-  when: zen_browser_installed.stat.exists
+    dest: "/tmp/{{ browser_name }}.tar.xz"
+    mode: '0644'
+  become: true
+
+- name: Extract browser tarball
+  ansible.builtin.unarchive:
+    src: "/tmp/{{ browser_name }}.tar.xz"
+    dest: "/opt/{{ browser_name }}"
+    remote_src: true
+    extra_opts: [--strip-components=1]
+  become: true
+
+- name: Create symlink to browser executable
+  ansible.builtin.file:
+    src: "/opt/{{ browser_name }}/{{ browser_executable }}"
+    dest: "/usr/local/bin/{{ browser_name }}"
+    state: link
+  become: true
+
+- name: Create desktop file
+  ansible.builtin.copy:
+    content: |
+      [Desktop Entry]
+      Version=1.0
+      Name=Zen Browser
+      Exec=/usr/local/bin/{{ browser_name }}
+      Icon=/opt/zen/browser/chrome/icons/default/default128.png
+      Type=Application
+      Categories=Network;WebBrowser;
+    dest: "/usr/share/applications/zen.desktop"
+    mode: '0644'
+  become: true
+
+- name: Update desktop database
+  ansible.builtin.command:
+    cmd: update-desktop-database
+    creates: /usr/share/applications/mimeinfo.cache
+  become: true
+
+- name: Make desktop file executable
+  ansible.builtin.file:
+    dest: "/usr/share/applications/zen.desktop"
+    mode: '0755'
+  become: true
+
+- name: Clean up downloaded tarball
+  ansible.builtin.file:
+    path: "/tmp/{{ browser_name }}.tar.xz"
+    state: absent
+  become: true

config/home-manager/flake.lock

@@ -23,11 +23,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1740932899,
+        "lastModified": 1741048562,
-        "narHash": "sha256-F0qDu2egq18M3edJwEOAE+D+VQ+yESK6YWPRQBfOqq8=",
+        "narHash": "sha256-W4YZ3fvWZiFYYyd900kh8P8wU6DHSiwaH0j4+fai1Sk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "1546c45c538633ae40b93e2d14e0bb6fd8f13347",
+        "rev": "6af28b834daca767a7ef99f8a7defa957d0ade6f",
         "type": "github"
       },
       "original": {

config/home-manager/packages/common/bash.nix

@@ -1,6 +1,10 @@
 { config, pkgs, ... }:
+
+let
+  dotfilesPath = builtins.getEnv "DOTFILES_PATH";
+in
 {
-  home.file.".bashrc.extra".source = "${config.home.homeDirectory}/dotfiles/.bashrc";
+  home.file.".bashrc.extra".source = "${dotfilesPath}/.bashrc";
 
   programs.bash = {
     enable = true;

config/home-manager/packages/workstation/brave-search-engines.sh

@@ -1,108 +0,0 @@
-#!/usr/bin/env bash
-
-BRAVE_DIR="$HOME/.config/BraveSoftware/Brave-Browser/Default"
-MAX_ATTEMPTS=30  # Maximum number of seconds to wait
-
-# Function to check if database is locked
-is_db_locked() {
-  local db_file="$1"
-  if lsof "$db_file" >/dev/null 2>&1; then
-    return 0  # true, db is locked
-  else
-    return 1  # false, db is not locked
-  fi
-}
-
-# Check if profile exists
-if [ ! -d "$BRAVE_DIR" ]; then
-  echo "Brave profile directory doesn't exist. Please run Brave at least once."
-  exit 1
-fi
-
-# Check if Web Data exists
-if [ ! -f "$BRAVE_DIR/Web Data" ]; then
-  echo "Web Data file doesn't exist. Please run Brave at least once."
-  exit 1
-fi
-
-# Wait for database to be unlocked
-attempts=0
-while is_db_locked "$BRAVE_DIR/Web Data" && [ $attempts -lt $MAX_ATTEMPTS ]; do
-  echo "Database is locked. Waiting... ($attempts/$MAX_ATTEMPTS)"
-  sleep 1
-  attempts=$((attempts + 1))
-done
-
-if is_db_locked "$BRAVE_DIR/Web Data"; then
-  echo "Database is still locked after $MAX_ATTEMPTS seconds. Please ensure Brave is completely closed and try again."
-  exit 1
-fi
-
-echo "Setting up search engines..."
-
-# Create temporary file for SQL commands
-SQLCOMMANDS=$(mktemp)
-
-cat > $SQLCOMMANDS << 'ENDSQL'
-DELETE FROM keywords WHERE keyword NOT IN ('@bookmarks', '@history');
-
-INSERT INTO keywords (
-  short_name, keyword, favicon_url, url, safe_for_autoreplace, 
-  date_created, usage_count, input_encodings, suggest_url, prepopulate_id, 
-  sync_guid, alternate_urls, last_visited, is_active
-) VALUES 
-(
-  'Brave', ':br', 
-  'https://cdn.search.brave.com/serp/v2/_app/immutable/assets/favicon.acxxetWH.ico',
-  'https://search.brave.com/search?q={searchTerms}&source=desktop',
-  1, 0, 0, 'UTF-8',
-  'https://search.brave.com/api/suggest?q={searchTerms}&rich=true&source=desktop',
-  550, '485bf7d3-0215-45af-87dc-538868000550', '[]', 0, 0
-),
-(
-  'Google', ':gg',
-  'https://www.google.com/images/branding/product/ico/googleg_alldp.ico',
-  '{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:language}{google:prefetchSource}{google:searchClient}{google:sourceId}{google:contextualSearchVersion}ie={inputEncoding}',
-  1, 0, 0, 'UTF-8',
-  '{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:omniboxFocusType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:clientCacheTimeToLive}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}',
-  1, '485bf7d3-0215-45af-87dc-538868000001', '[]', 0, 0
-),
-(
-  'DuckDuckGo', ':dd',
-  'https://duckduckgo.com/favicon.ico',
-  'https://duckduckgo.com/?q={searchTerms}&t=brave',
-  1, 0, 0, 'UTF-8',
-  'https://ac.duckduckgo.com/ac/?q={searchTerms}&type=list',
-  501, '485bf7d3-0215-45af-87dc-538868000501', '[]', 0, 0
-),
-(
-  'NixOS', ':nix',
-  'https://search.nixos.org/favicon.png',
-  'https://search.nixos.org/packages?query={searchTerms}',
-  1, 0, 0, '',
-  '',
-  0, '485bf7d3-0215-45af-87dc-538868000552', '[]', 0, 1
-),
-(
-  'GoLink', ':go',
-  'http://go/favicon.ico',
-  'http://go/{searchTerms}',
-  1, 0, 0, '',
-  '',
-  0, '485bf7d3-0215-45af-87dc-538868000551', '[]', 0, 1
-);
-ENDSQL
-
-# Execute SQL commands
-sqlite3 "$BRAVE_DIR/Web Data" < $SQLCOMMANDS
-
-# Cleanup
-rm $SQLCOMMANDS
-
-echo "Search engines setup completed successfully!"
-
-# Restart Brave if it was running before
-if [ "$BRAVE_WAS_RUNNING" = "1" ]; then
-  echo "Restarting Brave..."
-  brave &> /dev/null &
-fi

config/home-manager/packages/workstation/brave.nix

@@ -1,20 +0,0 @@
-{
-  lib,
-  config,
-  pkgs,
-  ...
-}:
-{
-  # Copy search engine configuration script
-  home.file.".local/bin/brave-search-engines.sh" = {
-    source = ./brave-search-engines.sh;
-    executable = true;
-  };
-
-  # Run search engine configuration script
-  home.activation = {
-    setBraveSearchEngines = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
-      PATH="${pkgs.procps}/bin:${pkgs.sqlite}/bin:$PATH" $HOME/.local/bin/brave-search-engines.sh
-    '';
-  };
-}

config/home-manager/packages/workstation/default.nix

@@ -3,7 +3,6 @@
 let
   files = builtins.removeAttrs (builtins.readDir ./.) [
     "default.nix"
-    "brave-search-engines.sh"
     "ulauncher.nix" # Disabled, since we switched to ansible for this
   ];
 

config/home-manager/packages/workstation/packages.nix

@@ -23,7 +23,6 @@
     gpredict # Satellite tracking
 
     ## Chat Apps
-    betterdiscordctl
     vesktop
 
     ## Multimedia

config/home-manager/workstation/dconf.nix

@@ -5,15 +5,15 @@
     enable = true;
 
     iconTheme = {
-      name = "Adwaita";
+      name = "Yaru";
     };
 
     theme = {
-      name = "Adwaita";
+      name = "Yaru";
     };
 
     cursorTheme = {
-      name = "Adwaita";
+      name = "Yaru";
     };
 
     gtk3.extraConfig = {
@@ -51,7 +51,7 @@
       # add more by listing them with `dconf read /org/gnome/shell/favorite-apps | sed "s/,//g; s/'/\"/g"` then copy pasting the output here
       "org/gnome/shell" = {
         favorite-apps = [
-          "ZenBrowser.desktop"
+          "zen.desktop"
           "org.gnome.Nautilus.desktop"
           "com.spotify.Client.desktop"
           "vesktop.desktop"

config/home-manager/workstation/default-apps.nix

@@ -4,11 +4,11 @@
   xdg.mimeApps = {
     enable = true;
     defaultApplications = {
-      # Brave Browser
+      # default browser
-      "application/xhtml+xml" = [ "ZenBrowser.desktop" ];
+      "application/xhtml+xml" = [ "zen.desktop" ];
-      "text/html" = [ "ZenBrowser.desktop" ];
+      "text/html" = [ "zen.desktop" ];
-      "x-scheme-handler/http" = [ "ZenBrowser.desktop" ];
+      "x-scheme-handler/http" = [ "zen.desktop" ];
-      "x-scheme-handler/https" = [ "ZenBrowser.desktop" ];
+      "x-scheme-handler/https" = [ "zen.desktop" ];
 
       # Geary
       "x-scheme-handler/mailto" = [ "org.gnome.Geary.desktop" ];

config/nixos/common/server.nix

@@ -1,46 +0,0 @@
-{ config, pkgs, ... }:
-{
-  # Install xanmod kernel
-  # boot.kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_stable.zfs;
-
-  services.openssh = {
-    enable = true;
-    ports = [ 400 ];
-    settings = {
-      PasswordAuthentication = false;
-      AllowUsers = [ "menno" ];
-      X11Forwarding = false;
-      PermitRootLogin = "prohibit-password";
-      AllowTCPForwarding = true;
-      AllowAgentForwarding = true;
-      PermitEmptyPasswords = false;
-      PubkeyAuthentication = true;
-    };
-  };
-
-  networking = {
-    firewall = {
-      enable = true;
-
-      # External ports
-      allowedTCPPorts = [
-        ## Portforwarded
-        80 # HTTP
-        443 # HTTPS
-        22 # Git over SSH
-        25565 # Minecraft
-        24454 # Minecraft (Voice Chat)
-        32400 # Plex
-        51820 # WireGuard
-
-        ## Internal services / TailScale
-        400 # SSH
-      ];
-
-      allowedUDPPorts = [
-        51820 # WireGuard
-        25565 # Minecraft
-      ];
-    };
-  };
-}

config/nixos/common/workstation.nix

@@ -1,75 +0,0 @@
-{ pkgs, ... }:
-{
-  # Enable the X11 windowing system.
-  services.xserver.enable = true;
-
-  # Enable the GNOME Desktop Environment.
-  services.xserver.displayManager.gdm.enable = true;
-  services.xserver.desktopManager.gnome.enable = true;
-
-  # Enable the Cosmic Desktop Environment.
-  # services.desktopManager.cosmic.enable = true;
-  # services.displayManager.cosmic-greeter.enable = true;
-
-  # Install xanmod kernel
-  boot.kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_stable;
-
-  environment.systemPackages = with pkgs; [
-    gnome-session
-    xdg-desktop-portal
-    xdg-desktop-portal-gnome
-    xdg-desktop-portal-gtk
-  ];
-
-  # Configure keymap in X11
-  services.xserver.xkb = {
-    layout = "us";
-    variant = "euro";
-  };
-
-  # Enable sound with pipewire.
-  hardware.pulseaudio.enable = false;
-  security.rtkit.enable = true;
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-  };
-
-  # Open ports in the firewall
-  networking.firewall = {
-    enable = true;
-    allowedTCPPorts = [
-      # RDP (Gnome Remote Desktop)
-      3389
-      3390
-      3391
-
-      # SSH
-      400
-    ];
-    allowedUDPPorts = [
-      # RDP (Gnome Remote Desktop)
-      3389
-      3390
-      3391
-    ];
-  };
-
-  # OpenSSH server
-  services.openssh = {
-    enable = true;
-    ports = [ 400 ];
-    settings = {
-      PasswordAuthentication = false;
-      AllowUsers = [ "menno" ];
-      X11Forwarding = true;
-      PermitRootLogin = "prohibit-password";
-      AllowTCPForwarding = true;
-      AllowAgentForwarding = true;
-      PermitEmptyPasswords = false;
-      PubkeyAuthentication = true;
-    };
-  };
-}

config/nixos/configuration.nix

@@ -1,70 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  isServer ? false,
-  isWorkstation ? false,
-  ...
-}:
-{
-  imports =
-    [
-      ./packages/common/default.nix
-      ./users.nix
-      ./hosts.nix
-      ./yubikey.nix
-    ]
-    # Include packages based on whether this is a server or workstation.
-    ++ lib.optional isServer ./packages/server/default.nix
-    ++ lib.optional isWorkstation ./packages/workstation/default.nix;
-
-  # Enable networking
-  networking.networkmanager.enable = true;
-
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
-  # Enable experimental nix-command flakes
-  nix = {
-    package = pkgs.nixVersions.stable;
-    extraOptions = ''
-      experimental-features = nix-command flakes
-    '';
-  };
-
-  # Set your time zone.
-  time.timeZone = "Europe/Amsterdam";
-
-  # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.UTF-8";
-
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "nl_NL.UTF-8";
-    LC_IDENTIFICATION = "nl_NL.UTF-8";
-    LC_MEASUREMENT = "nl_NL.UTF-8";
-    LC_MONETARY = "nl_NL.UTF-8";
-    LC_NAME = "nl_NL.UTF-8";
-    LC_NUMERIC = "nl_NL.UTF-8";
-    LC_PAPER = "nl_NL.UTF-8";
-    LC_TELEPHONE = "nl_NL.UTF-8";
-    LC_TIME = "nl_NL.UTF-8";
-  };
-
-  environment.systemPackages = with pkgs; [
-    tailscale
-    pciutils
-  ];
-
-  services.tailscale.enable = true;
-  security.sudo.extraConfig = ''
-    Defaults env_reset,pwfeedback
-  '';
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "24.11"; # Did you read the comment?
-}

config/nixos/flake.lock

@@ -1,113 +0,0 @@
-{
-  "nodes": {
-    "flake-compat": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1717312683,
-        "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=",
-        "owner": "nix-community",
-        "repo": "flake-compat",
-        "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "nixos-cosmic": {
-      "inputs": {
-        "flake-compat": "flake-compat",
-        "nixpkgs": "nixpkgs",
-        "nixpkgs-stable": "nixpkgs-stable"
-      },
-      "locked": {
-        "lastModified": 1736944949,
-        "narHash": "sha256-rZJtjYBZe5vmanJ/yh5GoZgdISm+EU4iUhG6WD1SwBs=",
-        "owner": "lilyinstarlight",
-        "repo": "nixos-cosmic",
-        "rev": "0dc33f0eb391a1a942a358a01b47f763703d7097",
-        "type": "github"
-      },
-      "original": {
-        "owner": "lilyinstarlight",
-        "repo": "nixos-cosmic",
-        "type": "github"
-      }
-    },
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1736798957,
-        "narHash": "sha256-qwpCtZhSsSNQtK4xYGzMiyEDhkNzOCz/Vfu4oL2ETsQ=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "9abb87b552b7f55ac8916b6fc9e5cb486656a2f3",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1736867362,
-        "narHash": "sha256-i/UJ5I7HoqmFMwZEH6vAvBxOrjjOJNU739lnZnhUln8=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "9c6b49aeac36e2ed73a8c472f1546f6d9cf1addc",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-unstable": {
-      "locked": {
-        "lastModified": 1736798957,
-        "narHash": "sha256-qwpCtZhSsSNQtK4xYGzMiyEDhkNzOCz/Vfu4oL2ETsQ=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "9abb87b552b7f55ac8916b6fc9e5cb486656a2f3",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1736867362,
-        "narHash": "sha256-i/UJ5I7HoqmFMwZEH6vAvBxOrjjOJNU739lnZnhUln8=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "9c6b49aeac36e2ed73a8c472f1546f6d9cf1addc",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-24.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "nixos-cosmic": "nixos-cosmic",
-        "nixpkgs": "nixpkgs_2",
-        "nixpkgs-unstable": "nixpkgs-unstable"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}

config/nixos/flake.nix

@@ -1,81 +0,0 @@
-{
-  description = "menno's dotfiles";
-
-  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-24.11";
-    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
-    nixos-cosmic.url = "github:lilyinstarlight/nixos-cosmic";
-  };
-
-  outputs =
-    {
-      self,
-      nixpkgs,
-      nixpkgs-unstable,
-      nixos-cosmic,
-    }:
-    let
-      system = "x86_64-linux";
-
-      pkgs = import nixpkgs {
-        inherit system;
-        config.allowUnfree = true;
-      };
-
-      pkgs-unstable = import nixpkgs-unstable {
-        inherit system;
-        config.allowUnfree = true;
-      };
-    in
-    {
-      nixosConfigurations = {
-        "mennos-laptop" = nixpkgs.lib.nixosSystem {
-          inherit system;
-          modules = [
-            ./hardware/mennos-laptop.nix
-            ./common/workstation.nix
-            ./configuration.nix
-          ];
-          specialArgs = {
-            inherit
-              pkgs-unstable
-              nixos-cosmic
-              ;
-            isWorkstation = true;
-            isServer = false;
-          };
-        };
-
-        "mennos-gamingpc" = nixpkgs.lib.nixosSystem {
-          inherit system;
-          modules = [
-            ./hardware/mennos-gamingpc.nix
-            ./common/workstation.nix
-            ./configuration.nix
-          ];
-          specialArgs = {
-            inherit
-              pkgs-unstable
-              nixos-cosmic
-              ;
-            isWorkstation = true;
-            isServer = false;
-          };
-        };
-
-        "mennos-server" = nixpkgs.lib.nixosSystem {
-          inherit system;
-          modules = [
-            ./hardware/mennos-server.nix
-            ./common/server.nix
-            ./configuration.nix
-          ];
-          specialArgs = {
-            inherit pkgs-unstable;
-            isWorkstation = false;
-            isServer = true;
-          };
-        };
-      };
-    };
-}

config/nixos/hardware/mennos-gamingpc.nix

@@ -1,57 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
-{
-  imports = [ /etc/nixos/hardware-configuration.nix ];
-  networking.hostName = "mennos-gamingpc";
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/ac5a70cf-4b12-4d02-b5b4-a6eddf4c40b5";
-    fsType = "ext4";
-    options = [ "noatime" ];
-  };
-
-  networking.interfaces.enp8s0.wakeOnLan = {
-    enable = true;
-  };
-
-  # Bootloader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  # Enable Vulkan support for AMD graphics cards
-  hardware.graphics.extraPackages32 = with pkgs.pkgsi686Linux; [ amdvlk ];
-
-  # Swap file (Desktop PC has 48GB of RAM so 8GB swap should be enough)
-  swapDevices = [
-    {
-      device = "/swapfile";
-      size = 8192;
-    }
-  ];
-
-  # Enable graphics
-  hardware.graphics = {
-    enable = true;
-
-    # Enable the latest AMDGPU drivers
-    extraPackages = with pkgs; [
-      amdvlk
-      rocmPackages.clr
-    ];
-  };
-
-  # Add ROCm packages and nvtop
-  environment.systemPackages = with pkgs; [
-    rocmPackages.rocm-smi
-    rocmPackages.clr
-    rocmPackages.rocm-core
-    rocmPackages.hipcc
-    rocmPackages.rocm-device-libs
-    nvtopPackages.amd
-  ];
-}

config/nixos/hardware/mennos-laptop.nix

@@ -1,84 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
-{
-  imports = [ /etc/nixos/hardware-configuration.nix ];
-  networking.hostName = "mennos-laptop";
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/1356cd09-5c55-45b5-8b06-6aadc84cee37";
-    fsType = "ext4";
-    options = [ "noatime" ];
-  };
-
-  # Bootloader
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  # Enable graphics
-  hardware.graphics = {
-    enable = true;
-    extraPackages = with pkgs; [
-      amdvlk
-      rocmPackages.clr
-    ];
-  };
-
-  # Swap file (Laptop has 32GB of RAM so 8GB swap should be enough)
-  swapDevices = [
-    {
-      device = "/swapfile";
-      size = 8192;
-    }
-  ];
-
-  # Load AMD and NVIDIA drivers for Xorg and Wayland
-  services.xserver.videoDrivers = [
-    "nvidia"
-    "amdgpu"
-  ];
-
-  # Monitoring tools
-  environment.systemPackages = with pkgs; [
-    nvtopPackages.nvidia
-    nvtopPackages.amd
-    glxinfo
-    vulkan-tools
-  ];
-
-  hardware.nvidia = {
-    # Enable modesetting
-    modesetting.enable = true;
-
-    # Power management configuration
-    powerManagement = {
-      enable = true;
-      finegrained = false; # Disabled as it requires offload mode
-    };
-
-    # Prime configuration for hybrid graphics
-    prime = {
-      offload = {
-        enable = true;
-        enableOffloadCmd = true;
-      };
-
-      # AMD GPU as primary
-      amdgpuBusId = "PCI:5:0:0";
-      nvidiaBusId = "PCI:1:0:0";
-    };
-
-    open = false;
-    nvidiaSettings = true;
-    package = config.boot.kernelPackages.nvidiaPackages.stable;
-  };
-
-  boot.kernelParams = [
-    "amdgpu.sg_display=0"
-    "nvidia-drm.modeset=1"
-  ];
-}

config/nixos/hardware/mennos-server.nix

@@ -1,64 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
-{
-  imports = [
-    /etc/nixos/hardware-configuration.nix
-    ./mennos-server/zfs.nix
-  ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/dd3fa13c-a1bd-4dc9-bcb4-aee17c7f12d1";
-    fsType = "ext4";
-    options = [ "noatime" ];
-  };
-
-  networking.hostName = "mennos-server";
-  networking.hostId = "64519940";
-
-  # Bootloader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
-  # Load nvidia driver for Xorg and Wayland
-  services.xserver.videoDrivers = [ "nvidia" ];
-
-  # Enable graphics
-  hardware.graphics.enable = true;
-
-  # nvtop, a system monitor for GPUs
-  environment.systemPackages = with pkgs; [ nvtopPackages.nvidia ];
-
-  # Enable NVIDIA Docker support
-  # test with: $ docker run --rm -it --device=nvidia.com/gpu=all ubuntu:latest nvidia-smi
-  hardware.nvidia-container-toolkit.enable = true;
-  virtualisation.docker = {
-    enable = true;
-  };
-
-  # Swap file (Laptop has 64GB of RAM so 16GB swap should be enough)
-  swapDevices = [
-    {
-      device = "/swapfile";
-      size = 16384;
-    }
-  ];
-
-  hardware.nvidia = {
-    modesetting.enable = true;
-    powerManagement.enable = false;
-    powerManagement.finegrained = false;
-    open = false;
-    nvidiaSettings = true;
-
-    # Use the latest driver from the unstable channel
-    package = config.boot.kernelPackages.nvidiaPackages.stable;
-  };
-}

config/nixos/hardware/mennos-server/zfs.nix

@@ -1,147 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  # Create a script to set permissions
-  permissionsScript = pkgs.writeShellScriptBin "set-zfs-permissions" ''
-    # Set default permissions for all service directories
-    find /mnt/services -mindepth 1 -maxdepth 1 -type d \
-      -exec chmod 775 {} \; \
-      -exec chown menno:users {} \;
-
-    # Special cases
-    chmod 774 /mnt/services/golink
-    chown 65532:users /mnt/services/golink
-
-    chmod 754 /mnt/services/torrent
-    chown menno:users /mnt/services/torrent
-
-    chmod 755 /mnt/services/proxy
-    chmod 755 /mnt/services/static-websites
-
-    chown menno:users /mnt/backups
-    chown menno:users /mnt/backups/photos
-    chown menno:users /mnt/backups/services
-    chmod 775 /mnt/backups
-    chmod 775 /mnt/backups/photos
-    chmod 775 /mnt/backups/services
-
-    # Set permissions for other mount points
-    for dir in /mnt/{ai,astrophotography,audiobooks,downloads,ISOs,movies,music,old_backups,photos,stash,tvshows,VMs}; do
-      chmod 755 "$dir"
-      chown menno:users "$dir"
-    done
-  '';
-in
-{
-  environment.systemPackages = with pkgs; [
-    zfs
-    zfstools
-    permissionsScript
-    smartmontools
-  ];
-
-  # Add the permissions service
-  systemd.services.zfs-permissions = {
-    description = "Set ZFS mount permissions";
-
-    # Run after ZFS mounts are available
-    after = [ "zfs.target" ];
-    requires = [ "zfs.target" ];
-
-    # Run on boot and every 6 hours
-    startAt = "*-*-* */6:00:00";
-
-    serviceConfig = {
-      Type = "oneshot";
-      ExecStart = "${permissionsScript}/bin/set-zfs-permissions";
-      User = "root";
-      Group = "root";
-    };
-  };
-
-  # Enable ZFS support
-  boot.supportedFilesystems = [
-    "ntfs"
-    "zfs"
-  ];
-
-  # ZFS system services
-  services.zfs = {
-    autoScrub = {
-      enable = true;
-      interval = "weekly";
-    };
-  };
-
-  # If you want to keep compression settings
-  boot.kernelParams = [
-    "zfs.zfs_compressed_arc_enabled=1" # Enable compressed ARC
-    "zfs.zfs_arc_max=21474836480" # 20 GiB
-  ];
-
-  fileSystems = {
-    # backup ZFS mount points
-    "/mnt/backups/photos" = {
-      device = "backup/photos-duplicati";
-      fsType = "zfs";
-    };
-    "/mnt/backups/services" = {
-      device = "backup/services-duplicati";
-      fsType = "zfs";
-    };
-
-    # datapool ZFS mount points
-    "/mnt/ai" = {
-      device = "datapool/ai";
-      fsType = "zfs";
-    };
-    "/mnt/astrophotography" = {
-      device = "datapool/astro";
-      fsType = "zfs";
-    };
-    "/mnt/audiobooks" = {
-      device = "datapool/audiobooks";
-      fsType = "zfs";
-    };
-    "/mnt/downloads" = {
-      device = "datapool/downloads";
-      fsType = "zfs";
-    };
-    "/mnt/ISOs" = {
-      device = "datapool/isos";
-      fsType = "zfs";
-    };
-    "/mnt/movies" = {
-      device = "datapool/movies";
-      fsType = "zfs";
-    };
-    "/mnt/music" = {
-      device = "datapool/music";
-      fsType = "zfs";
-    };
-    "/mnt/old_backups" = {
-      device = "datapool/old_backups";
-      fsType = "zfs";
-    };
-    "/mnt/photos" = {
-      device = "datapool/photos";
-      fsType = "zfs";
-    };
-    "/mnt/services" = {
-      device = "datapool/services";
-      fsType = "zfs";
-    };
-    "/mnt/stash" = {
-      device = "datapool/stash";
-      fsType = "zfs";
-    };
-    "/mnt/tvshows" = {
-      device = "datapool/tv_shows";
-      fsType = "zfs";
-    };
-    "/mnt/VMs" = {
-      device = "datapool/vms";
-      fsType = "zfs";
-    };
-  };
-}

config/nixos/hosts.nix

@@ -1,11 +0,0 @@
-{ ... }:
-{
-  networking.extraHosts = ''
-    127.0.0.1 subsites.local
-    127.0.0.1 discountoffice.nl.local
-    127.0.0.1 discountoffice.be.local
-    127.0.0.1 fr.discountoffice.be.local
-    127.0.0.1 api.local
-    127.0.0.1 mailpit.local
-  '';
-}

config/nixos/packages/common/default.nix

@@ -1,12 +0,0 @@
-{ pkgs, ... }:
-{
-  imports = [ ./virtualisation.nix ];
-
-  environment.systemPackages = with pkgs; [
-    yubikey-manager
-    trash-cli
-    sqlite # Used for managing SQLite databases (Brave Settings etc.)
-    xcp # Rust implementation of cp/mv command
-    pandoc # Document converter (Markdown, HTML, PDF etc.) (Mostly used for static site generators)
-  ];
-}

config/nixos/packages/common/virtualisation.nix

@@ -1,39 +0,0 @@
-{
-  config,
-  pkgs,
-  pkgs-unstable,
-  ...
-}:
-{
-  boot.kernelModules = [ "kvm-amd" ];
-
-  environment.systemPackages = with pkgs; [
-    qemu
-    OVMF
-  ];
-
-  virtualisation = {
-    docker = {
-      enable = true;
-      package = pkgs-unstable.docker;
-      autoPrune.enable = true;
-      daemon.settings = {
-        "live-restore" = false;
-      };
-    };
-
-    libvirtd = {
-      enable = true;
-
-      qemu = {
-        package = pkgs.qemu;
-        runAsRoot = true;
-        swtpm.enable = true;
-        ovmf = {
-          enable = true;
-          packages = [ pkgs.OVMF.fd ];
-        };
-      };
-    };
-  };
-}

config/nixos/packages/server/default.nix

@@ -1,6 +0,0 @@
-{ config, pkgs, ... }:
-{
-  # Import all the package modules
-  imports = [
-  ];
-}

config/nixos/packages/workstation/1password.nix

@@ -1,25 +0,0 @@
-{ pkgs, pkgs-unstable, ... }:
-{
-  # Enables the 1Password CLI
-  programs._1password = {
-    enable = true;
-  };
-
-  # Enables the 1Password desktop app
-  programs._1password-gui = {
-    enable = true;
-    polkitPolicyOwners = [ "menno" ];
-    package = pkgs-unstable._1password-gui;
-  };
-
-  environment.etc = {
-    "1password/custom_allowed_browsers" = {
-      text = ''
-        firefox
-        brave
-        zen
-      '';
-      mode = "0755";
-    };
-  };
-}

config/nixos/packages/workstation/default.nix

@@ -1,8 +0,0 @@
-{ config, pkgs, ... }:
-{
-  # Import all the package modules
-  imports = [
-    ./flatpak.nix
-    ./1password.nix
-  ];
-}

config/nixos/packages/workstation/flatpak.nix

@@ -1,11 +0,0 @@
-{ pkgs, ... }:
-{
-  services.flatpak.enable = true;
-  systemd.services.flatpak-repo = {
-    wantedBy = [ "multi-user.target" ];
-    path = [ pkgs.flatpak ];
-    script = ''
-      flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
-    '';
-  };
-}

config/nixos/users.nix

@@ -1,21 +0,0 @@
-{ config, pkgs, ... }:
-{
-  users.users.menno = {
-    shell = pkgs.bash;
-    isNormalUser = true;
-    description = "Menno van Leeuwen";
-    extraGroups = [
-      "networkmanager"
-      "wheel"
-      "kvm"
-      "libvirtd"
-      "qemu-libvirtd"
-      "docker"
-      "video"
-      "render"
-      "users"
-      "input"
-      "adbusers"
-    ];
-  };
-}

config/nixos/yubikey.nix

@@ -1,109 +0,0 @@
-{ config, pkgs, ... }:
-let
-  # List of authorized YubiKey serial numbers
-  authorizedKeys = [
-    "10627969"
-    "30079068"
-  ];
-
-  sudo-wrapper = pkgs.writeScriptBin "sudo" ''
-    #!${pkgs.bash}/bin/bash
-
-    # Function to show both terminal and desktop notification
-    notify() {
-      echo "$1" >&2
-      ${pkgs.libnotify}/bin/notify-send -u critical "Sudo Authentication" "$1"
-    }
-
-    # Function to check if any of our authorized YubiKeys are present
-    check_yubikey() {
-      # Get list of connected YubiKeys
-      local keys=$(${pkgs.yubikey-manager}/bin/ykman list 2>/dev/null)
-      
-      # Check if any of our authorized keys are in the list
-      for serial in ${toString authorizedKeys}; do
-        if echo "$keys" | grep -q "$serial"; then
-          return 0  # Found an authorized key
-        fi
-      done
-      return 1  # No authorized keys found
-    }
-
-    # Check if we already have sudo permissions
-    if [ "$EUID" -eq 0 ]; then
-      exec /run/wrappers/bin/sudo "$@"
-    fi
-
-    # Check for YubiKey presence
-    if check_yubikey; then
-      # YubiKey is present, show touch prompt
-      if [ -t 1 ]; then  # Only show terminal message if interactive
-        echo -e "\033[1;34mPlease touch your YubiKey to authenticate...\033[0m" >&2
-      fi
-      ${pkgs.libnotify}/bin/notify-send -u normal \
-        -i security-high \
-        "YubiKey Authentication" \
-        "Please touch your YubiKey to authenticate..."
-    fi
-
-    # Execute sudo with all original arguments
-    # This will fall back to password auth if no YubiKey is present
-    exec /run/wrappers/bin/sudo "$@"
-  '';
-in
-{
-  services.udev.packages = [ pkgs.yubikey-personalization ];
-
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-  };
-
-  environment.systemPackages = with pkgs; [
-    pam_u2f
-    libnotify
-    sudo-wrapper
-  ];
-
-  # Use normal U2F config without trying to modify PAM
-  security.pam.services = {
-    sudo.u2fAuth = true;
-    lock.u2fAuth = true;
-    gnome-screensaver.u2fAuth = true;
-    "polkit-1".u2fAuth = true;
-  };
-
-  # Enable polkit
-  security.polkit.enable = true;
-
-  # Add custom polkit rules for 1Password
-  environment.etc."polkit-1/rules.d/90-1password-yubikey.rules".text = ''
-    polkit.addRule(function(action, subject) {
-      if (action.id == "com.1password.1Password.unlock") {
-        var authtype = subject.local ? "auth_admin_keep" : "auth_admin";
-        return polkit.Result.AUTH_ADMIN;
-      }
-    });
-  '';
-
-  # Make sure polkit is using the right authentication agent
-  services.xserver.displayManager.gdm = {
-    enable = true;
-    autoSuspend = false;
-  };
-
-  # GNOME keyring configuration
-  security.pam.services."gnome-keyring" = {
-    text = ''
-      auth optional pam_u2f.so
-      auth optional pam_unix.so nullok try_first_pass
-      session optional pam_keyinit.so force revoke
-      session optional pam_gnome_keyring.so auto_start
-    '';
-  };
-
-  # Make sure the wrapper sudo is used instead of the system one
-  environment.shellAliases = {
-    sudo = "${sudo-wrapper}/bin/sudo";
-  };
-}

config/ssh/config

@@ -1,5 +1,5 @@
 Host *
-    IdentityFile ~/dotfiles/secrets/ssh_keys/mennos-2025.pem
+    IdentityFile $DOTFILES_PATH/secrets/ssh_keys/mennos-2025.pem
     IdentityAgent ~/.1password/agent.sock
     AddKeysToAgent yes
     ForwardAgent yes

setup.sh

@@ -6,7 +6,7 @@ IFS=$'\n\t'
 # Constants
 readonly NIXOS_RELEASE="24.11"                                      # Home Manager release version (Must match NixOS version)           
 readonly GIT_REPO="https://git.mvl.sh/vleeuwenmenno/dotfiles.git"   # Dotfiles repository URL
-readonly DOTFILES_DIR="${HOME}/dotfiles"                            # Dotfiles directory
+readonly DOTFILES_PATH="${HOME}/.dotfiles"                            # Dotfiles directory
 readonly SETUP_MARKER="${HOME}/.dotfiles-setup"                     # Setup marker file indicates setup has been run
 
 # Color constants
@@ -84,7 +84,7 @@ validate_hostname() {
 update_home_manager_flake() {
     local hostname="$1"
     local isServer="$2"
-    local flake_file="$DOTFILES_DIR/config/home-manager/flake.nix"
+    local flake_file="$DOTFILES_PATH/config/home-manager/flake.nix"
     
     # Create new configuration entry
     local new_config="        \"$hostname\" = home-manager.lib.homeManagerConfiguration {
@@ -157,8 +157,8 @@ setup_symlinks() {
             die "Failed to backup home-manager config"
     fi
 
-    log_info "Linking ~/.config/home-manager to $DOTFILES_DIR/config/home-manager..."
+    log_info "Linking ~/.config/home-manager to $DOTFILES_PATH/config/home-manager..."
-    ln -s "$DOTFILES_DIR/config/home-manager" "$HOME/.config/home-manager" || \
+    ln -s "$DOTFILES_PATH/config/home-manager" "$HOME/.config/home-manager" || \
         die "Failed to create home-manager symlink"
 
     # Verify symlinks
@@ -351,9 +351,9 @@ main() {
     check_prerequisites
 
     # Clone dotfiles if needed
-    if [ ! -d "$DOTFILES_DIR" ]; then
+    if [ ! -d "$DOTFILES_PATH" ]; then
         log_info "Cloning dotfiles repo..."
-        git clone "$GIT_REPO" "$DOTFILES_DIR" || die "Failed to clone dotfiles repository"
+        git clone "$GIT_REPO" "$DOTFILES_PATH" || die "Failed to clone dotfiles repository"
     fi
     
     if [ -n "${1:-}" ]; then
@@ -382,7 +382,12 @@ main() {
     # Get hostname
     local hostname
     hostname=$(cat "$HOME/.hostname") || die "Failed to read hostname"
-    export PATH=$PATH:$HOME/dotfiles/bin
+    export PATH=$PATH:$DOTFILES_PATH/bin
+
+    # Create new .bashrc with exports for initial `dotf update` command
+    echo "export NIXPKGS_ALLOW_INSECURE=1" >> $HOME/.bashrc
+    echo "export DOTFILES_PATH=$DOTFILES_PATH" >> $HOME/.bashrc
+    echo "export PATH=$PATH:$DOTFILES_PATH/bin" >> $HOME/.bashrc
 
     # Create setup marker
     touch "$SETUP_MARKER" || die "Failed to create setup marker"