wip(lldap): Consultant

2025-02-19 20:30:39 -07:00
parent 7f03bec221 c7b5479388
commit a55aae8568
45 changed files with 3054 additions and 55 deletions
--- a/README.org
+++ b/README.org
@@ -662,6 +662,7 @@ The beloved Faye's Wishsys is an incredibly impressive 3-kloc NixOS config with
 - [cite:@schafer2017advanced]
 - [cite:@bosio2023beautifying]
 - [cite:@zamboni2018beautifying]
+- [cite:@pantůček2024simple]
 - [[https://prelude.emacsredux.com/en/stable/][Emacs Prelude]]
 - [[https://github.com/doomemacs/doomemacs][Doom Emacs]]
 - [[https://cce.whatthefuck.computer/cce][Ryan Rix's Complete Computing Environment]]
--- a/hosts/nixos-testbed/configuration.nix
+++ b/hosts/nixos-testbed/configuration.nix
@@ -5,6 +5,9 @@
    ./disko-config.nix
  ];

+  # TODO: Remove; this is temporary!
+  networking.firewall.allowedTCPPorts = [ 8080 ];
+
  sydnix = {
    filesystemType = "btrfs";

--- a/modules/nixos/deertopia/lldap.nix
+++ b/modules/nixos/deertopia/lldap.nix
@@ -89,11 +89,11 @@ in {
          proxy_cache auth_cache;
          proxy_cache_valid 200 10m;
          proxy_cache_key "$http_authorization$cookie_nginxauth";
-          proxy_set_header X-Ldap-URL "ldap://localhost:${port}";
-          proxy_set_header X-Ldap-BaseDN "cn=people,${base-dn}";
-          proxy_set_header X-Ldap-BindDN "cn=${nginx-bind-user},${base-dn}";
-          proxy_set_header X-Ldap-BindPass "secret123";
-          proxy_set_header X-CookieName "nginxauth";
+          # proxy_set_header X-Ldap-URL "ldap://localhost:${port}";
+          # proxy_set_header X-Ldap-BaseDN "cn=people,${base-dn}";
+          # proxy_set_header X-Ldap-BindDN "cn=${nginx-bind-user},${base-dn}";
+          # proxy_set_header X-Ldap-BindPass "secret123";
+          # proxy_set_header X-CookieName "nginxauth";
          proxy_set_header Cookie nginxauth=$cookie_nginxauth;
        '';
      };
--- a/scripts/ldap-nginx-plumber/.direnv/bin/nix-direnv-reload
+++ b/scripts/ldap-nginx-plumber/.direnv/bin/nix-direnv-reload
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -e
+if [[ ! -d "/persist/dots/scripts/ldap-nginx-plumber" ]]; then
+  echo "Cannot find source directory; Did you move it?"
+  echo "(Looking for "/persist/dots/scripts/ldap-nginx-plumber")"
+  echo 'Cannot force reload with this script - use "direnv reload" manually and then try again'
+  exit 1
+fi
+
+# rebuild the cache forcefully
+_nix_direnv_force_reload=1 direnv exec "/persist/dots/scripts/ldap-nginx-plumber" true
+
+# Update the mtime for .envrc.
+# This will cause direnv to reload again - but without re-building.
+touch "/persist/dots/scripts/ldap-nginx-plumber/.envrc"
+
+# Also update the timestamp of whatever profile_rc we have.
+# This makes sure that we know we are up to date.
+touch -r "/persist/dots/scripts/ldap-nginx-plumber/.envrc" "/persist/dots/scripts/ldap-nginx-plumber/.direnv"/*.rc
--- a/scripts/ldap-nginx-plumber/.direnv/flake-inputs/00h3wlz1w78g0lcpmp8fbd7rbsrd3rj4-source
+++ b/scripts/ldap-nginx-plumber/.direnv/flake-inputs/00h3wlz1w78g0lcpmp8fbd7rbsrd3rj4-source
@@ -0,0 +1 @@
+/nix/store/00h3wlz1w78g0lcpmp8fbd7rbsrd3rj4-source
--- a/scripts/ldap-nginx-plumber/.direnv/flake-inputs/01x5k4nlxcpyd85nnr0b9gm89rm8ff4x-source
+++ b/scripts/ldap-nginx-plumber/.direnv/flake-inputs/01x5k4nlxcpyd85nnr0b9gm89rm8ff4x-source
@@ -0,0 +1 @@
+/nix/store/01x5k4nlxcpyd85nnr0b9gm89rm8ff4x-source
--- a/scripts/ldap-nginx-plumber/.direnv/flake-inputs/60sn02zhawl3kwn0r515zff3h6hg6ydz-source
+++ b/scripts/ldap-nginx-plumber/.direnv/flake-inputs/60sn02zhawl3kwn0r515zff3h6hg6ydz-source
@@ -0,0 +1 @@
+/nix/store/60sn02zhawl3kwn0r515zff3h6hg6ydz-source
--- a/scripts/ldap-nginx-plumber/.direnv/flake-inputs/kdynjy1mbgkdg4p196v9gx6ljpf7q4nk-source
+++ b/scripts/ldap-nginx-plumber/.direnv/flake-inputs/kdynjy1mbgkdg4p196v9gx6ljpf7q4nk-source
@@ -0,0 +1 @@
+/nix/store/kdynjy1mbgkdg4p196v9gx6ljpf7q4nk-source
--- a/scripts/ldap-nginx-plumber/.direnv/flake-inputs/mb39v682m1xmknld5igi9jhwcs2hzygi-source
+++ b/scripts/ldap-nginx-plumber/.direnv/flake-inputs/mb39v682m1xmknld5igi9jhwcs2hzygi-source
@@ -0,0 +1 @@
+/nix/store/mb39v682m1xmknld5igi9jhwcs2hzygi-source
--- a/scripts/ldap-nginx-plumber/.direnv/flake-inputs/ngbb9br4mgjzy8b51a0qdyhlyq9c0mnx-source
+++ b/scripts/ldap-nginx-plumber/.direnv/flake-inputs/ngbb9br4mgjzy8b51a0qdyhlyq9c0mnx-source
@@ -0,0 +1 @@
+/nix/store/ngbb9br4mgjzy8b51a0qdyhlyq9c0mnx-source
--- a/scripts/ldap-nginx-plumber/.direnv/flake-inputs/spa690gs3z1l1zmw4j2jkikva1y6wix4-source
+++ b/scripts/ldap-nginx-plumber/.direnv/flake-inputs/spa690gs3z1l1zmw4j2jkikva1y6wix4-source
@@ -0,0 +1 @@
+/nix/store/spa690gs3z1l1zmw4j2jkikva1y6wix4-source
--- a/scripts/ldap-nginx-plumber/.direnv/flake-inputs/vl10fnq09vj8w8mg04wd5v28wgjhzvvm-source
+++ b/scripts/ldap-nginx-plumber/.direnv/flake-inputs/vl10fnq09vj8w8mg04wd5v28wgjhzvvm-source
@@ -0,0 +1 @@
+/nix/store/vl10fnq09vj8w8mg04wd5v28wgjhzvvm-source
--- a/scripts/ldap-nginx-plumber/.direnv/flake-inputs/wxjsfgkkd93fwqn1g49srpj9gms656wn-source
+++ b/scripts/ldap-nginx-plumber/.direnv/flake-inputs/wxjsfgkkd93fwqn1g49srpj9gms656wn-source
@@ -0,0 +1 @@
+/nix/store/wxjsfgkkd93fwqn1g49srpj9gms656wn-source
--- a/scripts/ldap-nginx-plumber/.direnv/flake-inputs/yj1wxm9hh8610iyzqnz75kvs6xl8j3my-source
+++ b/scripts/ldap-nginx-plumber/.direnv/flake-inputs/yj1wxm9hh8610iyzqnz75kvs6xl8j3my-source
@@ -0,0 +1 @@
+/nix/store/yj1wxm9hh8610iyzqnz75kvs6xl8j3my-source
--- a/scripts/ldap-nginx-plumber/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa
+++ b/scripts/ldap-nginx-plumber/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa
@@ -0,0 +1 @@
+/nix/store/333wlbwbqw13ck7djq0a3wmaik3v9m6l-nix-shell-env
--- a/scripts/ldap-nginx-plumber/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa.rc
+++ b/scripts/ldap-nginx-plumber/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa.rc
--- a/scripts/ldap-nginx-plumber/.envrc
+++ b/scripts/ldap-nginx-plumber/.envrc
@@ -0,0 +1 @@
+use flake
--- a/scripts/ldap-nginx-plumber/.gitignore
+++ b/scripts/ldap-nginx-plumber/.gitignore
@@ -0,0 +1,10 @@
+result
+.nrepl
+.nrepl-port
+.cpcache/
+.cache/
+.lsp/
+.clj-kondo
+.cpcache
+.lsp
+.nrepl
--- a/scripts/ldap-nginx-plumber/bb.edn
+++ b/scripts/ldap-nginx-plumber/bb.edn
@@ -0,0 +1,7 @@
+{:tasks
+ {:requires ([babashka.process :as p])
+  update-lockfile
+  {:doc "Update the clj-nix lockfile"
+   :task (let [r (p/sh {:out :inherit :err :inherit}
+                       "nix run github:jlesquembre/clj-nix#deps-lock")]
+           (System/exit (:exit r)))}}}
--- a/scripts/ldap-nginx-plumber/deps-lock.json
+++ b/scripts/ldap-nginx-plumber/deps-lock.json
@@ -0,0 +1,241 @@
+{
+  "lock-version": 4,
+  "git-deps": [],
+  "mvn-deps": [
+    {
+      "mvn-path": "cider/cider-nrepl/0.50.2/cider-nrepl-0.50.2.jar",
+      "mvn-repo": "https://repo.clojars.org/",
+      "hash": "sha256-tbnqZSyOG3J9fd1m4dapUi+nHjtaQJeLV4a/VC5YJPs="
+    },
+    {
+      "mvn-path": "cider/cider-nrepl/0.50.2/cider-nrepl-0.50.2.pom",
+      "mvn-repo": "https://repo.clojars.org/",
+      "hash": "sha256-pcCaxUODbWDLN1avACS4514owHqNuz4GSCm6trWVADs="
+    },
+    {
+      "mvn-path": "cider/orchard/0.27.2/orchard-0.27.2.jar",
+      "mvn-repo": "https://repo.clojars.org/",
+      "hash": "sha256-Jsgqu5d32ltq8zEWWEA/HJ4fTRedJBxVvbVwHcuNe+E="
+    },
+    {
+      "mvn-path": "cider/orchard/0.27.2/orchard-0.27.2.pom",
+      "mvn-repo": "https://repo.clojars.org/",
+      "hash": "sha256-eUGmk2TB2JzLpi2p+Ge//udJO7t/o339YCaPNt7KFek="
+    },
+    {
+      "mvn-path": "com/unboundid/unboundid-ldapsdk/5.1.1/unboundid-ldapsdk-5.1.1.jar",
+      "mvn-repo": "https://repo1.maven.org/maven2/",
+      "hash": "sha256-pDQyAxsORZLswWwh04LPvdn5jVAvFn9+/oaXq09Efrk="
+    },
+    {
+      "mvn-path": "com/unboundid/unboundid-ldapsdk/5.1.1/unboundid-ldapsdk-5.1.1.pom",
+      "mvn-repo": "https://repo1.maven.org/maven2/",
+      "hash": "sha256-w6xcAY5WK8G4gm92pX0qY7sf0uKzCo8m7dSBPrEvztg="
+    },
+    {
+      "mvn-path": "hiccup/hiccup/2.0.0-RC4/hiccup-2.0.0-RC4.jar",
+      "mvn-repo": "https://repo.clojars.org/",
+      "hash": "sha256-VtAuPgpdoRcPVQRru4WiMAs1JBCTCCpD2/4Uma0wuLo="
+    },
+    {
+      "mvn-path": "hiccup/hiccup/2.0.0-RC4/hiccup-2.0.0-RC4.pom",
+      "mvn-repo": "https://repo.clojars.org/",
+      "hash": "sha256-ORP6o0LGyU6d1wnqWUpTl+JptPAdFPjBRxHBVXxoZH0="
+    },
+    {
+      "mvn-path": "http-kit/http-kit/2.8.0/http-kit-2.8.0.jar",
+      "mvn-repo": "https://repo.clojars.org/",
+      "hash": "sha256-xJbmqG/sRrN0PcOZ7chy4USW2IioTQTByE3qoe0gg60="
+    },
+    {
+      "mvn-path": "http-kit/http-kit/2.8.0/http-kit-2.8.0.pom",
+      "mvn-repo": "https://repo.clojars.org/",
+      "hash": "sha256-RLTLjpPU9rJiwE7Qdx1w3WbnbUXX/HVYIGcaYmVcVDk="
+    },
+    {
+      "mvn-path": "mx/cider/logjam/0.3.0/logjam-0.3.0.jar",
+      "mvn-repo": "https://repo.clojars.org/",
+      "hash": "sha256-h1moSv+GjTrjwDEil7l6psf7j5NUK39llkv5kT9K4J8="
+    },
+    {
+      "mvn-path": "mx/cider/logjam/0.3.0/logjam-0.3.0.pom",
+      "mvn-repo": "https://repo.clojars.org/",
+      "hash": "sha256-k9fFPsmXKX/14Z92LgY8cFtCu8jmbBE/DCbyRWK1D6Q="
+    },
+    {
+      "mvn-path": "nrepl/nrepl/1.1.1/nrepl-1.1.1.jar",
+      "mvn-repo": "https://repo.clojars.org/",
+      "hash": "sha256-P2jHLbYCXN4hKfwc7o5aL9/jYCTo6NAfo04tc3SL2gk="
+    },
+    {
+      "mvn-path": "nrepl/nrepl/1.1.1/nrepl-1.1.1.pom",
+      "mvn-repo": "https://repo.clojars.org/",
+      "hash": "sha256-KayXZRYA/ZpRur3UBfhjhi29S9Zt2sfQ5+vRQGznYwQ="
+    },
+    {
+      "mvn-path": "org/babashka/cli/0.8.62/cli-0.8.62.jar",
+      "mvn-repo": "https://repo.clojars.org/",
+      "hash": "sha256-/Y+i9wLRyvXCgB1D/qnZyZ05p0/jFwe6FYiDyIWlm7E="
+    },
+    {
+      "mvn-path": "org/babashka/cli/0.8.62/cli-0.8.62.pom",
+      "mvn-repo": "https://repo.clojars.org/",
+      "hash": "sha256-O3xHZ+YB2KirU9VMGeECp7XEoomB8WI3Qh9YpoeqMxc="
+    },
+    {
+      "mvn-path": "org/clojars/pntblnk/clj-ldap/0.0.17/clj-ldap-0.0.17.jar",
+      "mvn-repo": "https://repo.clojars.org/",
+      "hash": "sha256-d+ygGVO56kwcrLssTcym1P3PsFmOq3UlqYgkHL025nI="
+    },
+    {
+      "mvn-path": "org/clojars/pntblnk/clj-ldap/0.0.17/clj-ldap-0.0.17.pom",
+      "mvn-repo": "https://repo.clojars.org/",
+      "hash": "sha256-DpL90WPauoqhSf2UH5BFHY2DLo+NtNsWOlToM7LZALw="
+    },
+    {
+      "mvn-path": "org/clojure/clojure/1.10.3/clojure-1.10.3.jar",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-fxJHLa7Y9rUXSYqqKrE6ViR1w+31FHjkWBzHYemJeaM="
+    },
+    {
+      "mvn-path": "org/clojure/clojure/1.10.3/clojure-1.10.3.pom",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-GJwAxDNAdJai+7DsyzeQjJSVXZHq0b5IFWdE7MGBbZQ="
+    },
+    {
+      "mvn-path": "org/clojure/clojure/1.11.0/clojure-1.11.0.jar",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-PiH6daB+yd278bK1A1bPGAcQ0DmN6qT0TpHNYwRVWUc="
+    },
+    {
+      "mvn-path": "org/clojure/clojure/1.11.0/clojure-1.11.0.pom",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-SQjMS0yeYsmoFJb5PLWsb2lBd8xkXc87jOXkkavOHro="
+    },
+    {
+      "mvn-path": "org/clojure/clojure/1.11.1/clojure-1.11.1.jar",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-I4G26UI6tGUVFFWUSQPROlYkPWAGuRlK/Bv0+HEMtN4="
+    },
+    {
+      "mvn-path": "org/clojure/clojure/1.11.1/clojure-1.11.1.pom",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-IMRaGr7b2L4grvk2BQrjGgjBZ0CzL4dAuIOM3pb/y4o="
+    },
+    {
+      "mvn-path": "org/clojure/clojure/1.11.2/clojure-1.11.2.jar",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-iPqZkT1pIs+39kn1xGdQOHfLb8yMwW02948mSAhLqZc="
+    },
+    {
+      "mvn-path": "org/clojure/clojure/1.11.2/clojure-1.11.2.pom",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-FzbP/xCV4dT+/raogrut9ttB7+MV8pbw/aMtt//EExE="
+    },
+    {
+      "mvn-path": "org/clojure/clojure/1.11.3/clojure-1.11.3.jar",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-nDBUCTKOK5boXdK160t1gQxnt2unCuTQ9t3pvPtVsbc="
+    },
+    {
+      "mvn-path": "org/clojure/clojure/1.11.3/clojure-1.11.3.pom",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-DA2+Ge4NKpxXMQzr3dNWRD8NFlFMQmBHsGLjpXwNuK0="
+    },
+    {
+      "mvn-path": "org/clojure/clojure/1.11.4/clojure-1.11.4.jar",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-/H/xtmENDjSUp1zBHvgYEL2kAqwVcBL+TjuJlYbPQTM="
+    },
+    {
+      "mvn-path": "org/clojure/clojure/1.11.4/clojure-1.11.4.pom",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-a6YADmhI+Cw5y5tJqyqmo6Vi9MJNUrMeUZCuZJXwwwk="
+    },
+    {
+      "mvn-path": "org/clojure/clojure/1.12.0/clojure-1.12.0.jar",
+      "mvn-repo": "https://repo1.maven.org/maven2/",
+      "hash": "sha256-xFMzAGRBoFnqn9sTQfxsH0C5IaENzNgmZTEeSKA4R2M="
+    },
+    {
+      "mvn-path": "org/clojure/clojure/1.12.0/clojure-1.12.0.pom",
+      "mvn-repo": "https://repo1.maven.org/maven2/",
+      "hash": "sha256-KfRiqonLl2RXWEGKXwjUwagrc1yW569JgX0WqpuQgVA="
+    },
+    {
+      "mvn-path": "org/clojure/core.specs.alpha/0.2.56/core.specs.alpha-0.2.56.jar",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-/PRCveArBKhj8vzFjuaiowxM8Mlw99q4VjTwq3ERZrY="
+    },
+    {
+      "mvn-path": "org/clojure/core.specs.alpha/0.2.56/core.specs.alpha-0.2.56.pom",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-AarxdIP/HHSCySoHKV1+e8bjszIt9EsptXONAg/wB0A="
+    },
+    {
+      "mvn-path": "org/clojure/core.specs.alpha/0.2.62/core.specs.alpha-0.2.62.jar",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-Bu6owHC75FwVhWfkQ0OWgbyMRukSNBT4G/oyukLWy8g="
+    },
+    {
+      "mvn-path": "org/clojure/core.specs.alpha/0.2.62/core.specs.alpha-0.2.62.pom",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-F3i70Ti9GFkLgFS+nZGdG+toCfhbduXGKFtn1Ad9MA4="
+    },
+    {
+      "mvn-path": "org/clojure/core.specs.alpha/0.4.74/core.specs.alpha-0.4.74.jar",
+      "mvn-repo": "https://repo1.maven.org/maven2/",
+      "hash": "sha256-63OsCM9JuoQMiLpnvu8RM2ylVDM9lAiAjXiUbg/rnds="
+    },
+    {
+      "mvn-path": "org/clojure/core.specs.alpha/0.4.74/core.specs.alpha-0.4.74.pom",
+      "mvn-repo": "https://repo1.maven.org/maven2/",
+      "hash": "sha256-M0EOuKpz1S2Vez3G4KZfOZisBiPL2BPZDDPm5onEJCk="
+    },
+    {
+      "mvn-path": "org/clojure/pom.contrib/0.3.0/pom.contrib-0.3.0.pom",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-fxgrOypUPgV0YL+T/8XpzvasUn3xoTdqfZki6+ee8Rk="
+    },
+    {
+      "mvn-path": "org/clojure/pom.contrib/1.1.0/pom.contrib-1.1.0.pom",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-EOzku1+YKQENwWVh9C67g7ry9HYFtR+RBbkvPKoIlxU="
+    },
+    {
+      "mvn-path": "org/clojure/pom.contrib/1.2.0/pom.contrib-1.2.0.pom",
+      "mvn-repo": "https://repo1.maven.org/maven2/",
+      "hash": "sha256-CRbXpBVYuVAKQnyIb6KYJ6zlJZIGvjrTPmTilvwaYRE="
+    },
+    {
+      "mvn-path": "org/clojure/spec.alpha/0.2.194/spec.alpha-0.2.194.jar",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-z2iZ+YUpjGSxPqEplGrZAo3uja3w6rmuGORVAn04JJw="
+    },
+    {
+      "mvn-path": "org/clojure/spec.alpha/0.2.194/spec.alpha-0.2.194.pom",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-WhHw4eizwFLmUcSYxpRbRNs1Nb8sGHGf3PZd8fiLE+Y="
+    },
+    {
+      "mvn-path": "org/clojure/spec.alpha/0.3.218/spec.alpha-0.3.218.jar",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-Z+yJjrVcZqlXpVJ53YXRN2u5lL2HZosrDeHrO5foquA="
+    },
+    {
+      "mvn-path": "org/clojure/spec.alpha/0.3.218/spec.alpha-0.3.218.pom",
+      "mvn-repo": "https://repo.maven.apache.org/maven2/",
+      "hash": "sha256-bY3hTDrIdXYMX/kJVi/5hzB3AxxquTnxyxOeFp/pB1g="
+    },
+    {
+      "mvn-path": "org/clojure/spec.alpha/0.5.238/spec.alpha-0.5.238.jar",
+      "mvn-repo": "https://repo1.maven.org/maven2/",
+      "hash": "sha256-lM2ZtupjlkHzevSGCmQ7btOZ7lqL5dcXz/C2Y8jXUHc="
+    },
+    {
+      "mvn-path": "org/clojure/spec.alpha/0.5.238/spec.alpha-0.5.238.pom",
+      "mvn-repo": "https://repo1.maven.org/maven2/",
+      "hash": "sha256-PLp+DcwIXEzpLd3/6iJhJP+sF4vnm9A3m1suMKlpy+o="
+    }
+  ]
+}
--- a/scripts/ldap-nginx-plumber/deps.edn
+++ b/scripts/ldap-nginx-plumber/deps.edn
@@ -0,0 +1,13 @@
+{:deps {org.clojure/clojure {:mvn/version "1.12.0"}
+        org.babashka/cli {:mvn/version "0.8.62"}
+        http-kit/http-kit {:mvn/version "2.8.0"}
+        org.clojars.pntblnk/clj-ldap {:mvn/version "0.0.17"}
+        hiccup/hiccup {:mvn/version "2.0.0-RC4"}}
+ :paths ["src"]
+ :aliases
+ {:cider
+  {:extra-deps {cider/cider-nrepl {:mvn/version "0.50.2"}}
+   :main-opts ["-m" "nrepl.cmdline"
+               "--middleware" "[cider.nrepl/cider-middleware]"]}
+  :run
+  {:main-opts ["-m" "ldap-nginx-plumber.main"]}}}
--- a/scripts/ldap-nginx-plumber/flake.lock
+++ b/scripts/ldap-nginx-plumber/flake.lock
@@ -0,0 +1,171 @@
+{
+  "nodes": {
+    "clj-nix": {
+      "inputs": {
+        "devshell": "devshell",
+        "nix-fetcher-data": "nix-fetcher-data",
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1738969798,
+        "narHash": "sha256-yHUAph4easuun343wEEJXC4qsftl9vRy+CqLkORkeKI=",
+        "owner": "jlesquembre",
+        "repo": "clj-nix",
+        "rev": "7b314a06743ef400beb921d3559482741d19bf3f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "jlesquembre",
+        "repo": "clj-nix",
+        "type": "github"
+      }
+    },
+    "devshell": {
+      "inputs": {
+        "nixpkgs": [
+          "clj-nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1728330715,
+        "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
+        "owner": "numtide",
+        "repo": "devshell",
+        "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "devshell",
+        "type": "github"
+      }
+    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1719745305,
+        "narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nix-fetcher-data": {
+      "inputs": {
+        "flake-parts": "flake-parts",
+        "nixpkgs": [
+          "clj-nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1728229178,
+        "narHash": "sha256-p5Fx880uBYstIsbaDYN7sECJT11oHxZQKtHgMAVblWA=",
+        "owner": "jlesquembre",
+        "repo": "nix-fetcher-data",
+        "rev": "f3a73c34d28db49ef90fd7872a142bfe93120e55",
+        "type": "github"
+      },
+      "original": {
+        "owner": "jlesquembre",
+        "repo": "nix-fetcher-data",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1728492678,
+        "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-lib": {
+      "locked": {
+        "lastModified": 1717284937,
+        "narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1739866667,
+        "narHash": "sha256-EO1ygNKZlsAC9avfcwHkKGMsmipUk1Uc0TbrEZpkn64=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "73cf49b8ad837ade2de76f87eb53fc85ed5d4680",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "clj-nix": "clj-nix",
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs_2"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/scripts/ldap-nginx-plumber/flake.nix
+++ b/scripts/ldap-nginx-plumber/flake.nix
@@ -0,0 +1,47 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+    clj-nix.url = "github:jlesquembre/clj-nix";
+  };
+
+  outputs = { self, ... }@inputs:
+    inputs.flake-utils.lib.eachDefaultSystem (system:
+      let pkgs = import inputs.nixpkgs {
+            inherit system;
+            overlays = [
+              inputs.clj-nix.overlays.default
+            ];
+          };
+      in {
+        packages = rec {
+          ldap-nginx-plumber = inputs.clj-nix.lib.mkCljApp {
+            pkgs = inputs.nixpkgs.legacyPackages.${system};
+            modules = [
+              {
+                name = "msyds/ldap-nginx-plumber";
+                version = "1.0.0";
+                main-ns = "ldap-nginx-plumber.main";
+                projectSrc = ./.;
+
+                nativeImage = {
+                  # Disable for faster build times.
+                  # enable = true;
+                };
+              }
+            ];
+          };
+
+          default = ldap-nginx-plumber;
+        };
+
+        devShells.default = pkgs.mkShell {
+          packages = with pkgs; [
+            clojure-lsp
+            cljfmt
+            clojure
+            babashka
+          ];
+        };
+      });
+}
--- a/scripts/ldap-nginx-plumber/src/ldap_nginx_plumber/main.clj
+++ b/scripts/ldap-nginx-plumber/src/ldap_nginx_plumber/main.clj
@@ -0,0 +1,123 @@
+(ns ldap-nginx-plumber.main
+  (:require [clojure.spec.alpha :as spec]
+            [clojure.string :as str]
+            [org.httpkit.server :as http]
+            [clj-ldap.client :as ldap]
+            [babashka.cli :as cli]
+            [clojure.pprint :refer [pprint]])
+  (:import [java.util Base64]
+           [java.nio.charset StandardCharsets])
+  (:gen-class))
+
+(defn- port? [x]
+  (and (nat-int? x)
+       (<= 0 x 65535)))
+
+(def cli-spec
+  {:spec
+   {:port {:coerce :int
+           :desc "Port to listen on"
+           :alias :p
+           :validate port?
+           :require true}
+    :base-dn {:coerce :string
+              :desc "Base DN for LDAP searches"
+              :require true}
+    :ldap-host {:coerce :string
+                :require true}
+    :ldap-port {:coerce :int
+                :validate port?
+                :default 389}
+    :bind-dn {:coerce :string
+              :require true}
+    :bind-password {:coerce :string
+                    :require true}}})
+
+(def ^:dynamic *opts*)
+
+(defonce ldap-connection-pool
+  (atom nil))
+
+(defn- base64->utf8 [base64]
+  (try (-> (.decode (Base64/getDecoder) base64)
+           (String. StandardCharsets/UTF_8))
+       (catch java.lang.IllegalArgumentException _))
+  nil)
+
+(defn- response [status & {:as more}]
+  (apply merge
+         {:status status
+          :headers {"Content-Type" "text/plain"}}
+         more))
+
+(defn- consultant-app [req]
+  (printf "\n%s received request:\n" (.toString (java.util.Date.)))
+  (pprint req)
+  (try
+    (if-let [[_ user pass] (some->> (get-in [req :headers] "Authorization")
+                                    str/lower-case
+                                    (re-matches #"basic ([a-zA-Z0-9+/=]+)")
+                                    second
+                                    base64->utf8
+                                    (re-matches #"([^:]+):(.*)"))]
+      (response 200 :body "yay!")
+      (response
+       401
+       :headers {"WWW-Authenticate" "Basic realm=\"Restricted\""
+                 "Cache-Control" "no-cache"}))
+    (catch Exception e
+      (println "`consultant-app` threw an error:")
+      (prn e)
+      (response 500))))
+
+(defonce consultant-server (atom nil))
+
+(defn- stop-consultant! []
+  (when @consultant-server
+    ;; Graceful shutdown: wait 100ms for existing requests to be finished.
+    ;; :timeout is optional, when no timeout, stop immediately.
+    (http/server-stop! @consultant-server {:timeout 100})
+    (reset! consultant-server nil)))
+
+(defn- start-consultant [& {:keys [port] :as opts}]
+  (binding [*opts* opts]
+    (if @consultant-server
+     (throw (ex-info "Refusing to start the server whilst a previous lingers" {}))
+     (reset! consultant-server
+             (http/run-server #'consultant-app
+                              {:port port
+                               :legacy-return-value? false})))))
+
+(defn- connect-to-ldap
+  [& {:keys [ldap-host ldap-port bind-dn bind-password]}]
+  (reset! ldap-connection-pool
+          (or @ldap-connection-pool
+              (ldap/connect {:host {:address ldap-host
+                                    :port ldap-port}
+                             :max-connections 8
+                             :bind-dn bind-dn
+                             :password bind-password}))))
+
+(defn- main* [& opts]
+  (and (apply connect-to-ldap opts)
+       (apply start-consultant opts)))
+
+(comment
+  (let [ask (let [base-dn "dc=identify,dc=deertopia,dc=net"]
+            (consultant-app {:port 8080 :ldap-host "192.168.68.79" :ldap-port 3890
+                             :base-dn base-dn
+                             :bind-dn (str "uid=nginx-bind-user,ou=people," base-dn)
+                             :bind-password "secret123"}))]
+    (ask {})))
+
+(comment ; Start on :8080
+  (let [base-dn "dc=identify,dc=deertopia,dc=net"]
+    (main* :port 8080 :ldap-host "192.168.68.79" :ldap-port 3890 :base-dn base-dn
+           :bind-dn (str "uid=nginx-bind-user,ou=people," base-dn)
+           :bind-password "secret123")))
+
+(comment ; Shutdown
+  (stop-consultant!))
+
+(defn -main [& args]
+  (main* (cli/parse-opts args cli-spec)))
--- a/users/crumb/programs/direnv.nix
+++ b/users/crumb/programs/direnv.nix
@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # High-speed Nix support.  Note that Lorri has a years-old open issue
+  # preventing it from starting on boot/login correctly.
+  #
+  # Currently unused in favour of nix-direnv.
+
+  # services.lorri.enable = true;
+
+  programs.direnv = {
+    enable = true;
+    nix-direnv.enable = true;
+  };
+}
--- a/users/crumb/programs/emacs.nix
+++ b/users/crumb/programs/emacs.nix
@@ -49,6 +49,7 @@ let
      buildInputs = [
        pkgs.git # Dependency of Straight.el.
        my-aspell
+        pkgs.direnv
      ];
      postBuild = ''
        # The binary called `emacs` is actually a symlink to `emacs-«version»`, so
@@ -61,12 +62,9 @@ let
            --set EMACS_DATA_DIR "${emacsDataDir}" \
            --prefix PATH : "${pkgs.git}/bin" \
            --prefix PATH : "${my-aspell}/bin" \
+            --prefix PATH : "${pkgs.direnv}/bin" \
            --set ASPELL_CONF "dict-dir ${my-aspell}/lib/aspell"
        done
-
-        # HACK: Prevent collision between `emacsWrapper` and the later
-        # `emacsWithPackages` call.
-        # find $out/bin -not -regex '.*/\.?emacs[^/]*' -exec rm {} \;
      '';
      meta = emacsPackage.meta;
      version = emacsPackage.version;
@@ -111,7 +109,6 @@ in {
    };

  home.packages = [
-    # emacsWrapper
    emacsclient-or-emacs
  ] ++ fontPackages;

--- a/users/crumb/programs/emacs/lib/syd-file.el
+++ b/users/crumb/programs/emacs/lib/syd-file.el
@@ -3,6 +3,7 @@
 (require 'syd-prelude)
 (require 'syd-buffers)
 (require 'cl-lib)
+(eval-when-compile (require 'cl-lib))

 (syd-define-stub
 syd/copy-this-file
--- a/users/crumb/programs/emacs/modules/lang/syd-lang-clojure.el
+++ b/users/crumb/programs/emacs/modules/lang/syd-lang-clojure.el
@@ -0,0 +1,91 @@
+;;; syd-lang-clojure.el -*- lexical-binding: t; -*-
+
+(use-package clojure-mode
+  :mode (rx "." (or "clj" "cljs" "edn" "cljc") eol)
+  :config
+  (add-hook 'clojure-mode-hook #'syd-lisp-mode)
+  (dolist (c '(?- ?_ ?? ?! ?+ ?* ?/ ?: ?> ?< ?= ?&))
+    (modify-syntax-entry c "w" clojure-mode-syntax-table)))
+
+(use-package cider
+  :after clojure-mode)
+
+(defun syd-clojure-open-repl (&optional arg type)
+  "Open a Cider REPL for clojure and return the buffer."
+  (interactive "P")
+  ;; TODO: Better error handling
+  ;; type is `clj' for clojure and `cljs' for clojurescript
+  ;; ... with no type specified, assume `clj'.
+  (let ((type (or type 'clj)))
+    (if-let* ((buffer (cider-current-repl type)))
+        (pop-to-buffer buffer)
+      (let ((process (cond ((eq type 'clj) (cider-jack-in-clj arg))
+                           ((eq type 'cljs) (cider-jack-in-cljs arg)))))
+        (message "Starting CIDER server for the first time...")
+        (while (and (process-live-p process)
+                    (not (cider-current-repl type)))
+          (sit-for 1))
+        (message "Starting CIDER server for the first time...done")
+        (pop-to-buffer (cider-current-repl type))))))
+
+(use-package cider-mode
+  :straight nil
+  ;; :after clojure-mode
+  :hook (clojure-mode-local-vars . cider-mode)
+  :init
+  (with-eval-after-load 'clojure-mode
+    (set-repl-handler! '(clojure-mode clojurec-mode)
+      #'syd-clojure-open-repl :persist t)
+    (set-repl-handler! 'clojurescript-mode
+      #'syd-clojure-open-cljs-repl :persist t)
+    (set-eval-handler! '(clojure-mode clojurec-mode clojurescript-mode)
+      #'cider-eval-region))
+  :general
+  (:keymaps 'cider-repl-mode-map
+   :states '(normal insert)
+   "C-k" #'cider-repl-backward-input
+   "C-j" #'cider-repl-forward-input
+   "C-s" #'cider-repl-previous-matching-input)
+  :config
+  (add-hook 'cider-mode-hook #'eldoc-mode)
+  (add-hook 'cider-repl-mode-hook #'syd-lisp-mode)
+  (set-popup-rules!
+    `(("^\\*cider-error*" :ignore t)
+      ("^\\*cider-repl" :quit nil :ttl nil)
+      ("^\\*cider-repl-history" :vslot 2 :ttl nil)
+      (,(rx bol "*cider-cheatsheet*")
+       :width ,(lambda (win)
+                 (with-selected-window win
+                   (enlarge-window (- (min 45 (* 0.2 (frame-width)))
+                                      (window-width))
+                                   t)))
+       :side right :vslot -8 :quit t :select t)
+      (,(rx bol "*cider-doc*")
+       :slot 2 :vslot -8 :quit t :select t)))
+  ;; DEPRECATED: Remove once syd-strategies is working.
+  (syd-add-hook 'clojure-mode-hook
+    (defun syd-clojure-set-handlers-h ()
+      (setq-local syd-lookup-documentation-handlers
+                  (list #'cider-doc))))
+  (general-define-key
+   :keymaps 'cider-mode-map
+   :states '(normal visual motion emacs insert)
+   :major-modes t
+   :prefix syd-localleader-key
+   :non-normal-prefix syd-alt-localleader-key
+   "\"" #'cider-jack-in-cljs
+   "'" #'cider-jack-in-clj
+   "c" #'cider-connect-clj
+   "C" #'cider-connect-cljs
+   "r l" #'cider-load-buffer
+   "r n" #'cider-repl-set-ns
+   "r r" #'cider-ns-refresh
+   "r R" #'cider-restart
+   "r q" #'cider-quit
+   "h c" #'cider-cheatsheet))
+
+;; Give different pairs of delimiters different colours.
+(use-package rainbow-delimiters
+  :hook (clojure-mode . rainbow-delimiters-mode))
+
+(provide 'syd-lang-clojure)
--- a/users/crumb/programs/emacs/modules/lang/syd-lang-emacs-lisp.el
+++ b/users/crumb/programs/emacs/modules/lang/syd-lang-emacs-lisp.el
@@ -68,12 +68,11 @@ to a pop up buffer."

 (add-hook 'emacs-lisp-mode-hook #'syd-lisp-mode)

-(defun syd-emacs-set-handlers-h ()
-  (setq-local syd-lookup-documentation-handlers
-              (list #'syd-emacs-lisp-lookup-documentation)))
-
-(add-hook 'emacs-lisp-mode-hook #'syd-emacs-set-handlers-h)
-(add-hook 'help-mode-hook #'syd-emacs-set-handlers-h)
+  ;; DEPRECATED: Remove once syd-strategies is working.
+(syd-add-hook '(emacs-lisp-mode-hook help-mode-hook)
+  (defun syd-emacs-set-handlers-h ()
+    (setq-local syd-lookup-documentation-handlers
+                (list #'syd-emacs-lisp-lookup-documentation))))

 ;; Semantic highlighting for Elisp.
 (use-package highlight-defined
--- a/users/crumb/programs/emacs/modules/syd-age.el
+++ b/users/crumb/programs/emacs/modules/syd-age.el
@@ -4,7 +4,7 @@
  :hook (on-first-file . age-file-enable)
  :custom
  ((age-program "rage")
-   (age-default-identity "~/private-keys/age/crumb.age")
-   (age-default-recipient "~/public-keys/age/crumb.pub")))
+   (age-default-identity (expand-file-name "~/private-keys/age/crumb.age"))
+   (age-default-recipient (expand-file-name "~/public-keys/age/crumb.pub"))))

 (provide 'syd-age)
--- a/users/crumb/programs/emacs/modules/syd-evil.el
+++ b/users/crumb/programs/emacs/modules/syd-evil.el
@@ -107,35 +107,35 @@ Otherwise, nil."
    ;; It must be updated whenever evil-collection updates theirs.
    (defvar evil-collection-mode-list
      `(2048-game ag alchemist anaconda-mode apropos arc-mode atomic-chrome
-                  auto-package-update beginend bluetooth bm bookmark
-                  (buff-menu "buff-menu") bufler calc calendar cider citre cmake-mode
-                  color-rg comint company compile consult corfu crdt (csv "csv-mode")
-                  (custom cus-edit) cus-theme dape dashboard daemons deadgrep debbugs
-                  debug devdocs dictionary diff-hl diff-mode dired dired-sidebar
-                  disk-usage distel doc-view docker eat ebib ebuku edbi edebug ediff eglot
-                  elpaca ement explain-pause-mode eldoc elfeed elisp-mode elisp-refs
-                  elisp-slime-nav embark emms ,@(if (> emacs-major-version 28) '(emoji))
-                  epa ert eshell eval-sexp-fu evil-mc eww fanyi finder flycheck flymake
-                  forge free-keys geiser ggtags git-timemachine gited gnus go-mode gptel
-                  grep guix hackernews helm help helpful hg-histedit hungry-delete hyrolo
-                  ibuffer (image image-mode) image-dired image+ imenu imenu-list
-                  (indent "indent") indium info ivy js2-mode
-                  ,@(if (>= emacs-major-version 30) '(kmacro)) leetcode lispy lms log-edit
-                  log-view lsp-ui-imenu lua-mode kotlin-mode macrostep man
-                  (magit magit-repos magit-submodule) magit-repos magit-section
-                  magit-todos markdown-mode monky mpc mpdel mu4e mu4e-conversation neotree
-                  newsticker notmuch nov omnisharp org org-present org-roam osx-dictionary
-                  outline p4 (package-menu package) pass (pdf pdf-tools) popup proced
-                  prodigy profiler p-search python quickrun racer racket-describe realgud
-                  reftex replace restclient rg ripgrep rjsx-mode robe rtags ruby-mode
-                  scheme scroll-lock selectrum sh-script
-                  ,@(if (> emacs-major-version 27) '(shortdoc)) simple simple-mpc slime
-                  sly smerge-mode snake so-long speedbar tab-bar tablist tar-mode telega
-                  (term term ansi-term multi-term) tetris thread tide timer-list
-                  transmission trashed tuareg typescript-mode vc-annotate vc-dir vc-git
-                  vdiff vertico view vlf vterm vundo w3m wdired wgrep which-key
-                  with-editor woman xref xwidget yaml-mode youtube-dl zmusic
-                  (ztree ztree-diff)))
+        auto-package-update beginend bluetooth bm bookmark
+        (buff-menu "buff-menu") bufler calc calendar cider citre cmake-mode
+        color-rg comint company compile consult corfu crdt (csv "csv-mode")
+        (custom cus-edit) cus-theme dape dashboard daemons deadgrep debbugs
+        debug devdocs dictionary diff-hl diff-mode dired dired-sidebar
+        disk-usage distel doc-view docker eat ebib ebuku edbi edebug ediff eglot
+        elpaca ement explain-pause-mode eldoc elfeed elisp-mode elisp-refs
+        elisp-slime-nav embark emms ,@(if (> emacs-major-version 28) '(emoji))
+        epa ert eshell eval-sexp-fu evil-mc eww fanyi finder flycheck flymake
+        forge free-keys geiser ggtags git-timemachine gited gnus go-mode gptel
+        grep guix hackernews helm help helpful hg-histedit hungry-delete hyrolo
+        ibuffer (image image-mode) image-dired image+ imenu imenu-list
+        (indent "indent") indium info ivy js2-mode
+        ,@(if (>= emacs-major-version 30) '(kmacro)) leetcode lispy lms log-edit
+        log-view lsp-ui-imenu lua-mode kotlin-mode macrostep man
+        (magit magit-repos magit-submodule) magit-repos magit-section
+        magit-todos markdown-mode monky mpc mpdel mu4e mu4e-conversation neotree
+        newsticker notmuch nov omnisharp org org-present org-roam osx-dictionary
+        outline p4 (package-menu package) pass (pdf pdf-tools) popup proced
+        prodigy profiler p-search python quickrun racer racket-describe realgud
+        reftex replace restclient rg ripgrep rjsx-mode robe rtags ruby-mode
+        scheme scroll-lock selectrum sh-script
+        ,@(if (> emacs-major-version 27) '(shortdoc)) simple simple-mpc slime
+        sly smerge-mode snake so-long speedbar tab-bar tablist tar-mode telega
+        (term term ansi-term multi-term) tetris thread tide timer-list
+        transmission trashed tuareg typescript-mode vc-annotate vc-dir vc-git
+        vdiff vertico view vlf vterm vundo w3m wdired wgrep which-key
+        with-editor woman xref xwidget yaml-mode youtube-dl zmusic
+        (ztree ztree-diff)))

    (cl-defun syd-evil-collection-init (module &key disabled-modules)
      "Initialise evil-collection-MODULE.
@@ -150,14 +150,12 @@ modules."
          (with-demoted-errors "error loading evil-collection: %s"
            (evil-collection-init (list module))))))

-    (defun syd-evil-collection-disable-blacklist-a (fn)
+    ;; Allow binding to ESC.
+    (syd-defadvice syd-evil-collection-disable-blacklist-a (fn)
+      :around #'evil-collection-vterm-toggle-send-escape
      (let (evil-collection-key-blacklist)
        (funcall-interactively fn)))

-    ;; Allow binding to ESC.
-    (advice-add #'evil-collection-vterm-toggle-send-escape
-                :around #'syd-evil-collection-disable-blacklist-a)
-
    ;; These modes belong to packages that Emacs always loads at startup, causing
    ;; evil-collection and it's co-packages to all load immediately.  We avoid
    ;; this by loading them after evil-collection has first loaded...
--- a/users/crumb/programs/emacs/modules/syd-keybinds.el
+++ b/users/crumb/programs/emacs/modules/syd-keybinds.el
@@ -78,7 +78,9 @@
  ;; Project
  (general-def
    :prefix-map 'syd-leader-project-map
-    "C" `("Compile project" . ,#'project-compile))
+    "C" `("Compile project" . ,#'project-compile)
+    "&" `("Async cmd in project root" . ,#'project-async-shell-command)
+    "p" `("Switch project" . ,#'project-switch-project))

  (general-def
    :prefix-map 'syd-leader-help-package-map
--- a/users/crumb/programs/emacs/modules/syd-lang.el
+++ b/users/crumb/programs/emacs/modules/syd-lang.el
@@ -2,6 +2,7 @@
             (file-name-concat user-emacs-directory "modules" "lang"))

 (require 'syd-lang-emacs-lisp)
+(require 'syd-lang-clojure)
 (require 'syd-lang-nix)

 (provide 'syd-lang)
--- a/users/crumb/programs/emacs/modules/syd-org.el
+++ b/users/crumb/programs/emacs/modules/syd-org.el
@@ -2,6 +2,38 @@

 (require 'syd-prose)

+(with-eval-after-load 'org
+  (syd-add-hook 'org-tab-first-hook
+    (defun syd-org-cycle-only-current-subtree-h (&optional arg)
+      "Toggle the local fold at the point, and no deeper.
+`org-cycle's standard behavior is to cycle between three levels: collapsed,
+subtree and whole document. This is slow, especially in larger org buffer. Most
+of the time I just want to peek into the current subtree -- at most, expand
+*only* the current subtree.
+
+All my (performant) foldings needs are met between this and `org-show-subtree'
+(on zO for evil users), and `org-cycle' on shift-TAB if I need it."
+      (interactive "P")
+      (unless (or (eq this-command 'org-shifttab)
+                  (and (bound-and-true-p org-cdlatex-mode)
+                       (or (org-inside-LaTeX-fragment-p)
+                           (org-inside-latex-macro-p))))
+        (save-excursion
+          (org-beginning-of-line)
+          (let (invisible-p)
+            (when (and (org-at-heading-p)
+                       (or org-cycle-open-archived-trees
+                           (not (member org-archive-tag (org-get-tags))))
+                       (or (not arg)
+                           (setq invisible-p
+                                 (memq (get-char-property (line-end-position)
+                                                          'invisible)
+                                       '(outline org-fold-outline)))))
+              (unless invisible-p
+                (setq org-cycle-subtree-status 'subtree))
+              (org-cycle-internal-local)
+              t)))))))
+
 (defun syd-org--init-hacks-h ()
  ;; Open file links in current window, rather than new ones
  (setf (alist-get 'file org-link-frame-setup) #'find-file)
--- a/users/crumb/programs/emacs/modules/syd-projects.el
+++ b/users/crumb/programs/emacs/modules/syd-projects.el
@@ -28,4 +28,29 @@
  ;; `compile-multi-embark-command-map'.
  :config (projection-multi-embark-setup-command-map))

+(use-package skeletor
+  :commands (skeletor-create-project-at skeletor-create-project)
+  :custom ((skeletor-project-directory (expand-file-name "~/src"))
+           (skeletor-completing-read-function #'completing-read))
+  :general (:keymaps 'syd-leader-project-map
+            "n" #'skeletor-create-project
+            "N" #'skeletor-create-project-at)
+  :config
+  (skeletor-define-template "clj-nix"
+    :substitutions
+    '(("__PROJECT-OWNER__" . (lambda ()
+                               (read-no-blanks-input "Project owner: "))))
+    :before-git
+    (lambda (dir)
+      ;; Use underscores instead of hyphens in clj file names.
+      (let ((default-directory (file-name-concat dir "src")))
+        (dolist (f (directory-files "." nil "-" t))
+          (rename-file
+           f
+           (string-replace "-" "_" f))))
+      ;; REVIEW: Is it safe to make this be async?  We require that the command
+      ;; has finished before Git initialises.
+      (skeletor-shell-command "nix run github:jlesquembre/clj-nix#deps-lock"
+                              dir))))
+
 (provide 'syd-projects)
--- a/users/crumb/programs/emacs/modules/syd-tooling.el
+++ b/users/crumb/programs/emacs/modules/syd-tooling.el
@@ -27,4 +27,17 @@
  (set-popup-rule! (rx line-start "*lsp-" (or "help" "install"))
    :size 0.35 :quit t :select nil))

+(use-package envrc
+  ;; REVIEW: Can we load this any later/better?
+  :hook (on-first-file . envrc-global-mode)
+  :general
+  (:prefix-map 'syd-leader-file-env-map
+   "a" #'envrc-allow
+   "r" #'envrc-reload)
+  (:keymaps 'syd-leader-file-map
+   "e" `("Environment" . ,syd-leader-file-env-map))
+  :config
+  (set-popup-rule! (rx "*envrc*")
+    :quit t :ttl 0))
+
 (provide 'syd-tooling)
--- a/users/crumb/programs/emacs/modules/syd-tramp.el
+++ b/users/crumb/programs/emacs/modules/syd-tramp.el
@@ -4,6 +4,7 @@
  (setq tramp-persistency-file-name
        (file-name-concat syd-cache-dir "tramp"))
  (setq tramp-auto-save-directory
-        (file-name-concat syd-cache-dir "tramp-autosave/")))
+        (file-name-concat syd-cache-dir "tramp-autosave/"))
+  (add-to-list 'tramp-remote-path 'tramp-own-remote-path))

 (provide 'syd-tramp)
--- a/users/crumb/programs/emacs/modules/syd-ui.el
+++ b/users/crumb/programs/emacs/modules/syd-ui.el
@@ -64,6 +64,10 @@
  :custom ((display-line-numbers-type 'relative)
           ;; Always ask "y/n"; never "yes/no".
           (use-short-answers t)
+           ;; Scroll compilation buffer to follow output.
+           (compilation-scroll-output t)
+           ;; Allow `fit-window-to-buffer' to make horizontal adjustments.
+           (fit-window-to-buffer-horizontally t)
           ;; I don't like that `grep' asks me to save unsaved files.  It makes
           ;; me think it's about to kill my buffers.
           (grep-save-buffers nil)
@@ -161,6 +165,10 @@ for example when calling `shell'.")
      :quit t)
    ;; Required for :quit t to do anything.
    (evil-set-initial-state 'messages-buffer-mode 'motion)
-    (evil-set-initial-state 'debugger-mode 'normal)))
+    (evil-set-initial-state 'debugger-mode 'normal)
+    (set-popup-rule! shell-command-buffer-name-async
+      :slot -2
+      :modeline nil
+      :ttl nil)))

 (provide 'syd-ui)
--- a/users/crumb/programs/emacs/project-skeletons/clj-nix/.envrc
+++ b/users/crumb/programs/emacs/project-skeletons/clj-nix/.envrc
@@ -0,0 +1 @@
+use flake
--- a/users/crumb/programs/emacs/project-skeletons/clj-nix/.gitignore
+++ b/users/crumb/programs/emacs/project-skeletons/clj-nix/.gitignore
@@ -0,0 +1,11 @@
+result
+.nrepl
+.nrepl-port
+.cpcache/
+.cache/
+.lsp/
+.clj-kondo
+.cpcache
+.lsp
+.nrepl
+.direnv/
--- a/users/crumb/programs/emacs/project-skeletons/clj-nix/bb.edn
+++ b/users/crumb/programs/emacs/project-skeletons/clj-nix/bb.edn
@@ -0,0 +1,7 @@
+{:tasks
+ {:requires ([babashka.process :as p])
+  update-lockfile
+  {:doc "Update the clj-nix lockfile"
+   :task (let [r (p/sh {:out :inherit :err :inherit}
+                       "nix run github:jlesquembre/clj-nix#deps-lock")]
+           (System/exit (:exit r)))}}}
--- a/users/crumb/programs/emacs/project-skeletons/clj-nix/deps.edn
+++ b/users/crumb/programs/emacs/project-skeletons/clj-nix/deps.edn
@@ -0,0 +1,9 @@
+{:deps {org.clojure/clojure {:mvn/version "1.12.0"}}
+ :paths ["src"]
+ :aliases
+ {:cider
+  {:extra-deps {cider/cider-nrepl {:mvn/version "0.50.2"}}
+   :main-opts ["-m" "nrepl.cmdline"
+               "--middleware" "[cider.nrepl/cider-middleware]"]}
+  :run
+  {:main-opts ["-m" "__PROJECT-NAME__.main"]}}}
--- a/users/crumb/programs/emacs/project-skeletons/clj-nix/flake.nix
+++ b/users/crumb/programs/emacs/project-skeletons/clj-nix/flake.nix
@@ -0,0 +1,47 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+    clj-nix.url = "github:jlesquembre/clj-nix";
+  };
+
+  outputs = { self, ... }@inputs:
+    inputs.flake-utils.lib.eachDefaultSystem (system:
+      let pkgs = import inputs.nixpkgs {
+            inherit system;
+            overlays = [
+              inputs.clj-nix.overlays.default
+            ];
+          };
+      in {
+        packages = rec {
+          __PROJECT-NAME__ = inputs.clj-nix.lib.mkCljApp {
+            pkgs = inputs.nixpkgs.legacyPackages.${system};
+            modules = [
+              {
+                name = "__PROJECT-OWNER__/__PROJECT-NAME__";
+                version = "1.0.0";
+                main-ns = "__PROJECT-NAME__.main";
+                projectSrc = ./.;
+
+                nativeImage = {
+                  # Disable for faster build times.
+                  enable = true;
+                };
+              }
+            ];
+          };
+
+          default = __PROJECT-NAME__;
+        };
+
+        devShells.default = pkgs.mkShell {
+          packages = with pkgs; [
+            clojure-lsp
+            cljfmt
+            clojure
+            babashka
+          ];
+        };
+      });
+}
--- a/users/crumb/programs/emacs/project-skeletons/clj-nix/src/PROJECT-NAME/main.clj
+++ b/users/crumb/programs/emacs/project-skeletons/clj-nix/src/PROJECT-NAME/main.clj
@@ -0,0 +1,5 @@
+(ns __PROJECT-NAME__.main
+  (:gen-class))
+
+(defn -main [& args]
+  (println "🦭!"))
--- a/users/crumb/programs/emacs/transient/history.el
+++ b/users/crumb/programs/emacs/transient/history.el
@@ -0,0 +1 @@
+nil
				`@@ -0,0 +1 @@`
				`/nix/store/00h3wlz1w78g0lcpmp8fbd7rbsrd3rj4-source`
				`@@ -0,0 +1 @@`
				`/nix/store/01x5k4nlxcpyd85nnr0b9gm89rm8ff4x-source`
				`@@ -0,0 +1 @@`
				`/nix/store/60sn02zhawl3kwn0r515zff3h6hg6ydz-source`
				`@@ -0,0 +1 @@`
				`/nix/store/kdynjy1mbgkdg4p196v9gx6ljpf7q4nk-source`
				`@@ -0,0 +1 @@`
				`/nix/store/mb39v682m1xmknld5igi9jhwcs2hzygi-source`
				`@@ -0,0 +1 @@`
				`/nix/store/ngbb9br4mgjzy8b51a0qdyhlyq9c0mnx-source`
				`@@ -0,0 +1 @@`
				`/nix/store/spa690gs3z1l1zmw4j2jkikva1y6wix4-source`
				`@@ -0,0 +1 @@`
				`/nix/store/vl10fnq09vj8w8mg04wd5v28wgjhzvvm-source`
				`@@ -0,0 +1 @@`
				`/nix/store/wxjsfgkkd93fwqn1g49srpj9gms656wn-source`
				`@@ -0,0 +1 @@`
				`/nix/store/yj1wxm9hh8610iyzqnz75kvs6xl8j3my-source`