diff --git a/SwarselSystems.org b/SwarselSystems.org index a1f9aa1..ba1d5a3 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -1738,7 +1738,9 @@ A short overview over each input and what it does: smallpkgs.url = "github:nixos/nixpkgs/08fcb0dcb59df0344652b38ea6326a2d8271baff?narHash=sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc%3D&shallow=1"; nixpkgs-dev.url = "github:Swarsel/nixpkgs/main"; nixpkgs-bisect.url = "github:nixos/nixpkgs/master"; - nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version + nixpkgs-update.url = "github:r-ryantm/nixpkgs/auto-update/oauth2-proxy"; + # nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version + nixpkgs-kernel.url = "github:nixos/nixpkgs/dd9b079222d43e1943b6ebd802f04fd959dc8e61?narHash=sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE%3D"; #specifically pinned for kernel version nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11"; nixpkgs-oddlama.url = "github:oddlama/nixpkgs/update/firezone-server"; nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05"; @@ -1780,7 +1782,8 @@ A short overview over each input and what it does: systems.url = "github:nix-systems/default"; nur.url = "github:nix-community/NUR"; nixgl.url = "github:guibou/nixGL"; - stylix.url = "github:danth/stylix"; + # stylix.url = "github:danth/stylix"; + stylix.url = "github:Swarsel/stylix"; sops.url = "github:Mic92/sops-nix"; lanzaboote.url = "github:nix-community/lanzaboote"; nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05"; @@ -1797,6 +1800,7 @@ A short overview over each input and what it does: flake-parts.url = "github:hercules-ci/flake-parts"; devshell.url = "github:numtide/devshell"; spicetify-nix.url = "github:Gerg-l/spicetify-nix"; + # spicetify-nix.url = "github:Swarsel/spicetify-nix"; niri-flake.url = "github:sodiboo/niri-flake"; nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main"; microvm.url = "github:astro/microvm.nix"; @@ -3366,7 +3370,7 @@ This is an improvement to what I did earlier, where I did not use =nixos-generat packages = { # nix build --print-out-paths --no-link .#live-iso live-iso = inputs.nixos-generators.nixosGenerate { - inherit pkgs; + inherit pkgs system; specialArgs = { inherit self; }; modules = [ inputs.home-manager.nixosModules.home-manager @@ -3899,7 +3903,8 @@ This system is built with support for arm emulation, so it can build configurati # ''; boot = { - kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages; + # kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages; + kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages_latest; # kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; binfmt.emulatedSystems = [ "aarch64-linux" ]; initrd = { @@ -10926,31 +10931,30 @@ When a program does not work, start with =nix-ldd =. This will tell you pipewire pixman speex - # stable.cc.cc - stable25_05.steam-fhsenv-without-steam + steam-fhsenv-without-steam systemd tbb vulkan-loader - xorg.libICE - xorg.libSM - xorg.libX11 - xorg.libXScrnSaver - xorg.libXcomposite - xorg.libXcursor - xorg.libXdamage - xorg.libXext - xorg.libXfixes - xorg.libXft - xorg.libXi - xorg.libXinerama - xorg.libXmu - xorg.libXrandr - xorg.libXrender - xorg.libXt - xorg.libXtst - xorg.libXxf86vm - xorg.libxcb - xorg.libxshmfence + libice + libsm + libx11 + libxscrnsaver + libxcomposite + libxcursor + libxdamage + libxext + libxfixes + libxft + libxi + libxinerama + libxmu + libxrandr + libxrender + libxt + libxtst + libxxf86vm + libxcb + libxshmfence zlib ]; }; @@ -12934,7 +12938,7 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin Kavita is the service I use for my library management. It seems more tailored towards comics/graphic novels, but still I prefer its interface to what calibre offers. #+begin_src nix-ts :tangle modules/nixos/server/kavita.nix - { self, lib, config, pkgs, globals, dns, confLib, ... }: + { lib, config, globals, dns, confLib, ... }: let inherit (config.swarselsystems) sopsFile; @@ -12944,9 +12948,6 @@ Kavita is the service I use for my library management. It seems more tailored to { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; config = lib.mkIf config.swarselmodules.server.${serviceName} { - environment.systemPackages = with pkgs; [ - calibre - ]; users = { persistentIds.kavita = confLib.mkIds 995; @@ -13966,7 +13967,7 @@ My file server. I aim to decomission this as soon as I can, however, I need a re inherit (confLib.gen { name = "nextcloud"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6; inherit (confLib.static) isHome dnsServer webProxy homeWebProxy homeServiceAddress nginxAccessRules; - nextcloudVersion = "32"; + nextcloudVersion = "33"; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -14148,139 +14149,140 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= gotenbergPort = 3002; kanidmDomain = globals.services.kanidm.domain; in - { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { - users = { - persistentIds = { - redis-paperless = confLib.mkIds 975; - }; - users.${serviceUser} = { - extraGroups = [ "users" ]; - }; - }; - - sops.secrets = { - paperless-admin-pw = { inherit sopsFile; owner = serviceUser; }; - kanidm-paperless-client = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - }; - - # networking.firewall.allowedTCPPorts = [ servicePort ]; - - globals = { - networks = { - ${webProxyIf}.hosts = lib.mkIf isProxied { - ${config.node.name}.firewallRuleForNode.${webProxy}.allowedTCPPorts = [ servicePort ]; + users = { + persistentIds = { + redis-paperless = confLib.mkIds 975; }; - ${homeProxyIf}.hosts = lib.mkIf isHome { - ${config.node.name}.firewallRuleForNode.${homeWebProxy}.allowedTCPPorts = [ servicePort ]; + users.${serviceUser} = { + extraGroups = [ "users" ]; }; }; - services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6 isHome serviceAddress; - homeServiceAddress = lib.mkIf isHome homeServiceAddress; + + sops.secrets = { + paperless-admin-pw = { inherit sopsFile; owner = serviceUser; }; + kanidm-paperless-client = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; }; - }; - environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM { - directories = [ - { directory = "/var/lib/${serviceName}"; user = serviceUser; group = serviceGroup; } - { directory = "/var/lib/redis-${serviceName}"; user = "redis-${serviceUser}"; group = "redis-${serviceGroup}"; } - { directory = "/var/lib/private/tika"; } - { directory = "/var/cache/${serviceName}"; user = serviceUser; group = serviceGroup; } - { directory = "/var/cache/private/tika"; } - ]; - }; + # networking.firewall.allowedTCPPorts = [ servicePort ]; - services = { - ${serviceName} = { - enable = true; - mediaDir = "/storage/Documents/${serviceName}"; - dataDir = "/var/lib/${serviceName}"; - user = serviceUser; - port = servicePort; - passwordFile = config.sops.secrets.paperless-admin-pw.path; - address = "0.0.0.0"; - settings = { - PAPERLESS_OCR_LANGUAGE = "deu+eng"; - PAPERLESS_URL = "https://${serviceDomain}"; - PAPERLESS_OCR_USER_ARGS = builtins.toJSON { - optimize = 1; - invalidate_digital_signatures = true; - pdfa_image_compression = "lossless"; + globals = { + networks = { + ${webProxyIf}.hosts = lib.mkIf isProxied { + ${config.node.name}.firewallRuleForNode.${webProxy}.allowedTCPPorts = [ servicePort ]; }; - PAPERLESS_TIKA_ENABLED = "true"; - PAPERLESS_TIKA_ENDPOINT = "http://localhost:${builtins.toString tikaPort}"; - PAPERLESS_TIKA_GOTENBERG_ENDPOINT = "http://localhost:${builtins.toString gotenbergPort}"; - PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect"; - PAPERLESS_SOCIALACCOUNT_PROVIDERS = builtins.toJSON { - openid_connect = { - OAUTH_PKCE_ENABLED = "True"; - APPS = [ - rec { - provider_id = "kanidm"; - name = "Kanidm"; - client_id = "paperless"; - # secret will be added by paperless-web.service (see below) - #secret = ""; - settings.server_url = "https://${kanidmDomain}/oauth2/openid/${client_id}/.well-known/openid-configuration"; - } - ]; + ${homeProxyIf}.hosts = lib.mkIf isHome { + ${config.node.name}.firewallRuleForNode.${homeWebProxy}.allowedTCPPorts = [ servicePort ]; + }; + }; + services.${serviceName} = { + domain = serviceDomain; + inherit proxyAddress4 proxyAddress6 isHome serviceAddress; + homeServiceAddress = lib.mkIf isHome homeServiceAddress; + }; + }; + + environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM { + directories = [ + { directory = "/var/lib/${serviceName}"; user = serviceUser; group = serviceGroup; } + { directory = "/var/lib/redis-${serviceName}"; user = "redis-${serviceUser}"; group = "redis-${serviceGroup}"; } + { directory = "/var/lib/private/tika"; } + { directory = "/var/cache/${serviceName}"; user = serviceUser; group = serviceGroup; } + { directory = "/var/cache/private/tika"; } + ]; + }; + + services = { + ${serviceName} = { + enable = true; + mediaDir = "/storage/Documents/${serviceName}"; + dataDir = "/var/lib/${serviceName}"; + user = serviceUser; + port = servicePort; + passwordFile = config.sops.secrets.paperless-admin-pw.path; + address = "0.0.0.0"; + settings = { + PAPERLESS_OCR_LANGUAGE = "deu+eng"; + PAPERLESS_URL = "https://${serviceDomain}"; + PAPERLESS_OCR_USER_ARGS = builtins.toJSON { + optimize = 1; + invalidate_digital_signatures = true; + pdfa_image_compression = "lossless"; + }; + PAPERLESS_TIKA_ENABLED = "true"; + PAPERLESS_TIKA_ENDPOINT = "http://localhost:${builtins.toString tikaPort}"; + PAPERLESS_TIKA_GOTENBERG_ENDPOINT = "http://localhost:${builtins.toString gotenbergPort}"; + PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect"; + PAPERLESS_SOCIALACCOUNT_PROVIDERS = builtins.toJSON { + openid_connect = { + OAUTH_PKCE_ENABLED = "True"; + APPS = [ + rec { + provider_id = "kanidm"; + name = "Kanidm"; + client_id = "paperless"; + # secret will be added by paperless-web.service (see below) + #secret = ""; + settings.server_url = "https://${kanidmDomain}/oauth2/openid/${client_id}/.well-known/openid-configuration"; + } + ]; + }; }; }; }; + + tika = { + enable = true; + port = tikaPort; + openFirewall = false; + listenAddress = "127.0.0.1"; + enableOcr = true; + }; + + gotenberg = { + enable = true; + package = pkgs.gotenberg; + libreoffice.package = pkgs.libreoffice; + port = gotenbergPort; + bindIP = "127.0.0.1"; + timeout = "600s"; + chromium.package = pkgs.chromium; + }; }; - tika = { - enable = true; - port = tikaPort; - openFirewall = false; - listenAddress = "127.0.0.1"; - enableOcr = true; - }; - gotenberg = { - enable = true; - package = pkgs.stable.gotenberg; - port = gotenbergPort; - bindIP = "127.0.0.1"; - timeout = "600s"; - chromium.package = pkgs.stable.chromium; - }; - }; - - - # Add secret to PAPERLESS_SOCIALACCOUNT_PROVIDERS - systemd.services.paperless-web.script = lib.mkBefore '' - oidcSecret=$(< ${config.sops.secrets.kanidm-paperless-client.path}) + # Add secret to PAPERLESS_SOCIALACCOUNT_PROVIDERS + systemd.services.paperless-web.script = lib.mkBefore '' + oidcSecret=$(< ${config.sops.secrets.kanidm-paperless-client.path}) export PAPERLESS_SOCIALACCOUNT_PROVIDERS=$( ${pkgs.jq}/bin/jq <<< "$PAPERLESS_SOCIALACCOUNT_PROVIDERS" \ --compact-output \ --arg oidcSecret "$oidcSecret" '.openid_connect.APPS.[0].secret = $oidcSecret' ) - ''; + ''; - nodes = - let - extraConfigLoc = '' - proxy_connect_timeout 300; + nodes = + let + extraConfigLoc = '' + proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; send_timeout 300; - ''; - in - { - ${dnsServer}.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; - }; - ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceDomain serviceName extraConfigLoc; maxBody = 0; }; - ${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceDomain serviceName extraConfigLoc; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; }); - }; + ''; + in + { + ${dnsServer}.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { + "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; + }; + ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceDomain serviceName extraConfigLoc; maxBody = 0; }; + ${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceDomain serviceName extraConfigLoc; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; }); + }; - }; - } + }; + } #+end_src **** transmission @@ -14930,7 +14932,9 @@ This section exposes several metrics that I use to check the health of my server analytics.reporting_enabled = false; users.allow_sign_up = false; security = { - admin_password = "$__file{/run/secrets/grafana-admin-pw}"; + # admin_password = "$__file{/run/secrets/grafana-admin-pw}"; + disable_initial_admin_creation = true; + secret_key = "$__file{${config.sops.secrets.grafana-admin-pw.path}}"; cookie_secure = true; disable_gravatar = true; }; @@ -15622,89 +15626,89 @@ kanidm person credential create-reset-token else "${keyPathBase}"; in - { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { - users = { - persistentIds = { - kanidm = confLib.mkIds 984; - }; - users.${serviceUser} = { - group = serviceGroup; - isSystemUser = true; - }; - - groups.${serviceGroup} = { }; - }; - - sops = { - secrets = { - "kanidm-self-signed-crt" = { sopsFile = certsSopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-self-signed-key" = { sopsFile = certsSopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-admin-pw" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-idm-admin-pw" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-immich" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-paperless" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-forgejo" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-grafana" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-nextcloud" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-freshrss" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - "kanidm-oauth2-proxy" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; - }; - }; - - # networking.firewall.allowedTCPPorts = [ servicePort ]; - - globals = { - general.idmServer = config.node.name; - networks = { - ${webProxyIf}.hosts = lib.mkIf isProxied { - ${config.node.name}.firewallRuleForNode.${webProxy}.allowedTCPPorts = [ servicePort ]; + users = { + persistentIds = { + kanidm = confLib.mkIds 984; }; - ${homeProxyIf}.hosts = lib.mkIf isHome { - ${config.node.name}.firewallRuleForNode.${homeWebProxy}.allowedTCPPorts = [ servicePort ]; - }; - }; - services.${serviceName} = { - domain = serviceDomain; - inherit proxyAddress4 proxyAddress6 isHome serviceAddress; - homeServiceAddress = lib.mkIf isHome homeServiceAddress; - }; - }; - - environment.persistence = { - "/persist" = lib.mkIf config.swarselsystems.isImpermanence { - files = [ - certPathBase - keyPathBase - ]; - }; - - "/state" = lib.mkIf config.swarselsystems.isMicroVM { - directories = [{ directory = "/var/lib/${serviceName}"; user = serviceUser; group = serviceGroup; }]; - }; - }; - - systemd.services = { - "generateSSLCert-${serviceName}" = - let - daysValid = 3650; - renewBeforeDays = 365; - in - { - before = [ "${serviceName}.service" ]; - requiredBy = [ "${serviceName}.service" ]; - after = [ "local-fs.target" ]; - requires = [ "local-fs.target" ]; - - serviceConfig = { - Type = "oneshot"; + users.${serviceUser} = { + group = serviceGroup; + isSystemUser = true; }; - script = '' - set -eu + groups.${serviceGroup} = { }; + }; + + sops = { + secrets = { + "kanidm-self-signed-crt" = { sopsFile = certsSopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-self-signed-key" = { sopsFile = certsSopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-admin-pw" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-idm-admin-pw" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-immich" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-paperless" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-forgejo" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-grafana" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-nextcloud" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-freshrss" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + "kanidm-oauth2-proxy" = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; + }; + }; + + # networking.firewall.allowedTCPPorts = [ servicePort ]; + + globals = { + general.idmServer = config.node.name; + networks = { + ${webProxyIf}.hosts = lib.mkIf isProxied { + ${config.node.name}.firewallRuleForNode.${webProxy}.allowedTCPPorts = [ servicePort ]; + }; + ${homeProxyIf}.hosts = lib.mkIf isHome { + ${config.node.name}.firewallRuleForNode.${homeWebProxy}.allowedTCPPorts = [ servicePort ]; + }; + }; + services.${serviceName} = { + domain = serviceDomain; + inherit proxyAddress4 proxyAddress6 isHome serviceAddress; + homeServiceAddress = lib.mkIf isHome homeServiceAddress; + }; + }; + + environment.persistence = { + "/persist" = lib.mkIf config.swarselsystems.isImpermanence { + files = [ + certPathBase + keyPathBase + ]; + }; + + "/state" = lib.mkIf config.swarselsystems.isMicroVM { + directories = [{ directory = "/var/lib/${serviceName}"; user = serviceUser; group = serviceGroup; }]; + }; + }; + + systemd.services = { + "generateSSLCert-${serviceName}" = + let + daysValid = 3650; + renewBeforeDays = 365; + in + { + before = [ "${serviceName}.service" ]; + requiredBy = [ "${serviceName}.service" ]; + after = [ "local-fs.target" ]; + requires = [ "local-fs.target" ]; + + serviceConfig = { + Type = "oneshot"; + }; + + script = '' + set -eu ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir} ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""} @@ -15738,265 +15742,270 @@ kanidm person credential create-reset-token chmod 0600 "${keyPath}" chown ${serviceUser}:${serviceGroup} "${certPath}" "${keyPath}" fi - ''; - }; - kanidm = { - environment.KANIDM_TRUST_X_FORWARD_FOR = "true"; - serviceConfig.RestartSec = "30"; - }; - }; - - - - # system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { - # deps = [ "generateSSLCert-${serviceName}" "users" "groups" ]; - # }; - # system.activationScripts."generateSSLCert-${serviceName}" = - # let - # daysValid = 3650; - # renewBeforeDays = 365; - # in - # { - # text = '' - # set -eu - - # ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir} - # ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""} - # ${pkgs.coreutils}/bin/install -d -m 0750 ${privateDir} - # ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0750 /persist${privateDir}" else ""} - - # need_gen=0 - # if [ ! -f "${certPathBase}" ] || [ ! -f "${keyPathBase}" ]; then - # need_gen=1 - # else - # enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPathBase}" | cut -d= -f2)" - # end_epoch="$(${pkgs.coreutils}/bin/date -d "$enddate" +%s)" - # now_epoch="$(${pkgs.coreutils}/bin/date +%s)" - # seconds_left=$(( end_epoch - now_epoch )) - # days_left=$(( seconds_left / 86400 )) - # if [ "$days_left" -lt ${toString renewBeforeDays} ]; then - # need_gen=1 - # fi - # fi - - # if [ "$need_gen" -eq 1 ]; then - # ${pkgs.openssl}/bin/openssl req -x509 -nodes -days ${toString daysValid} -newkey rsa:4096 -sha256 \ - # -keyout "${keyPath}" \ - # -out "${certPath}" \ - # -subj "/CN=${serviceDomain}" \ - # -addext "subjectAltName=DNS:${serviceDomain}" - - # chmod 0644 "${certPath}" - # chmod 0600 "${keyPath}" - # chown ${serviceUser}:${serviceGroup} "${certPath}" "${keyPath}" - # fi - # ''; - # deps = [ - # "etc" - # (lib.mkIf config.swarselsystems.isImpermanence "specialfs") - # ]; - # }; - - services = { - ${serviceName} = { - package = pkgs.kanidmWithSecretProvisioning_1_8; - enableServer = true; - serverSettings = { - domain = serviceDomain; - origin = "https://${serviceDomain}"; - # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path; - tls_chain = certPathBase; - # tls_key = config.sops.secrets.kanidm-self-signed-key.path; - tls_key = keyPathBase; - bindaddress = "0.0.0.0:${toString servicePort}"; - # trust_x_forward_for = true; + ''; + }; + kanidm = { + environment.KANIDM_TRUST_X_FORWARD_FOR = "true"; + serviceConfig.RestartSec = "30"; }; - enableClient = true; - clientSettings = { - uri = config.services.kanidm.serverSettings.origin; - verify_ca = true; - verify_hostnames = true; - }; - provision = { - enable = true; - adminPasswordFile = config.sops.secrets.kanidm-admin-pw.path; - idmAdminPasswordFile = config.sops.secrets.kanidm-idm-admin-pw.path; - groups = { - "immich.access" = { }; - "paperless.access" = { }; - "forgejo.access" = { }; - "forgejo.admins" = { }; - "grafana.access" = { }; - "grafana.editors" = { }; - "grafana.admins" = { }; - "grafana.server-admins" = { }; - "nextcloud.access" = { }; - "nextcloud.admins" = { }; - "navidrome.access" = { }; - "freshrss.access" = { }; - "firefly.access" = { }; - "radicale.access" = { }; - "slink.access" = { }; - "opkssh.access" = { }; - "adguardhome.access" = { }; + }; + + + + # system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { + # deps = [ "generateSSLCert-${serviceName}" "users" "groups" ]; + # }; + # system.activationScripts."generateSSLCert-${serviceName}" = + # let + # daysValid = 3650; + # renewBeforeDays = 365; + # in + # { + # text = '' + # set -eu + + # ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir} + # ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""} + # ${pkgs.coreutils}/bin/install -d -m 0750 ${privateDir} + # ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0750 /persist${privateDir}" else ""} + + # need_gen=0 + # if [ ! -f "${certPathBase}" ] || [ ! -f "${keyPathBase}" ]; then + # need_gen=1 + # else + # enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPathBase}" | cut -d= -f2)" + # end_epoch="$(${pkgs.coreutils}/bin/date -d "$enddate" +%s)" + # now_epoch="$(${pkgs.coreutils}/bin/date +%s)" + # seconds_left=$(( end_epoch - now_epoch )) + # days_left=$(( seconds_left / 86400 )) + # if [ "$days_left" -lt ${toString renewBeforeDays} ]; then + # need_gen=1 + # fi + # fi + + # if [ "$need_gen" -eq 1 ]; then + # ${pkgs.openssl}/bin/openssl req -x509 -nodes -days ${toString daysValid} -newkey rsa:4096 -sha256 \ + # -keyout "${keyPath}" \ + # -out "${certPath}" \ + # -subj "/CN=${serviceDomain}" \ + # -addext "subjectAltName=DNS:${serviceDomain}" + + # chmod 0644 "${certPath}" + # chmod 0600 "${keyPath}" + # chown ${serviceUser}:${serviceGroup} "${certPath}" "${keyPath}" + # fi + # ''; + # deps = [ + # "etc" + # (lib.mkIf config.swarselsystems.isImpermanence "specialfs") + # ]; + # }; + + services = { + ${serviceName} = { + package = pkgs.kanidmWithSecretProvisioning_1_9; + server = { + enable = true; + settings = { + domain = serviceDomain; + origin = "https://${serviceDomain}"; + # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path; + tls_chain = certPathBase; + # tls_key = config.sops.secrets.kanidm-self-signed-key.path; + tls_key = keyPathBase; + bindaddress = "0.0.0.0:${toString servicePort}"; + # trust_x_forward_for = true; + }; }; + client = { + enable = true; + settings = { + uri = config.services.kanidm.server.settings.origin; + verify_ca = true; + verify_hostnames = true; + }; + }; + provision = { + enable = true; + adminPasswordFile = config.sops.secrets.kanidm-admin-pw.path; + idmAdminPasswordFile = config.sops.secrets.kanidm-idm-admin-pw.path; + groups = { + "immich.access" = { }; + "paperless.access" = { }; + "forgejo.access" = { }; + "forgejo.admins" = { }; + "grafana.access" = { }; + "grafana.editors" = { }; + "grafana.admins" = { }; + "grafana.server-admins" = { }; + "nextcloud.access" = { }; + "nextcloud.admins" = { }; + "navidrome.access" = { }; + "freshrss.access" = { }; + "firefly.access" = { }; + "radicale.access" = { }; + "slink.access" = { }; + "opkssh.access" = { }; + "adguardhome.access" = { }; + }; - inherit (config.repo.secrets.local) persons; + inherit (config.repo.secrets.local) persons; - systems = { - oauth2 = { - immich = { - displayName = "Immich"; - originUrl = [ - "https://${immichDomain}/auth/login" - "https://${immichDomain}/user-settings" - "app.immich:///oauth-callback" - "https://${immichDomain}/api/oauth/mobile-redirect" - ]; - originLanding = "https://${immichDomain}/"; - basicSecretFile = config.sops.secrets.kanidm-immich.path; - preferShortUsername = true; - enableLegacyCrypto = true; # can use RS256 / HS256, not ES256 - scopeMaps."immich.access" = [ - "openid" - "email" - "profile" - ]; - }; - paperless = { - displayName = "Paperless"; - originUrl = "https://${paperlessDomain}/accounts/oidc/kanidm/login/callback/"; - originLanding = "https://${paperlessDomain}/"; - basicSecretFile = config.sops.secrets.kanidm-paperless.path; - preferShortUsername = true; - scopeMaps."paperless.access" = [ - "openid" - "email" - "profile" - ]; - }; - forgejo = { - displayName = "Forgejo"; - originUrl = "https://${forgejoDomain}/user/oauth2/kanidm/callback"; - originLanding = "https://${forgejoDomain}/"; - basicSecretFile = config.sops.secrets.kanidm-forgejo.path; - scopeMaps."forgejo.access" = [ - "openid" - "email" - "profile" - ]; - # XXX: PKCE is currently not supported by gitea/forgejo, - # see https://github.com/go-gitea/gitea/issues/21376. - allowInsecureClientDisablePkce = true; - preferShortUsername = true; - claimMaps.groups = { - joinType = "array"; - valuesByGroup."forgejo.admins" = [ "admin" ]; + systems = { + oauth2 = { + immich = { + displayName = "Immich"; + originUrl = [ + "https://${immichDomain}/auth/login" + "https://${immichDomain}/user-settings" + "app.immich:///oauth-callback" + "https://${immichDomain}/api/oauth/mobile-redirect" + ]; + originLanding = "https://${immichDomain}/"; + basicSecretFile = config.sops.secrets.kanidm-immich.path; + preferShortUsername = true; + enableLegacyCrypto = true; # can use RS256 / HS256, not ES256 + scopeMaps."immich.access" = [ + "openid" + "email" + "profile" + ]; }; - }; - grafana = { - displayName = "Grafana"; - originUrl = "https://${grafanaDomain}/login/generic_oauth"; - originLanding = "https://${grafanaDomain}/"; - basicSecretFile = config.sops.secrets.kanidm-grafana.path; - preferShortUsername = true; - scopeMaps."grafana.access" = [ - "openid" - "email" - "profile" - ]; - claimMaps.groups = { - joinType = "array"; - valuesByGroup = { - "grafana.editors" = [ "editor" ]; - "grafana.admins" = [ "admin" ]; - "grafana.server-admins" = [ "server_admin" ]; + paperless = { + displayName = "Paperless"; + originUrl = "https://${paperlessDomain}/accounts/oidc/kanidm/login/callback/"; + originLanding = "https://${paperlessDomain}/"; + basicSecretFile = config.sops.secrets.kanidm-paperless.path; + preferShortUsername = true; + scopeMaps."paperless.access" = [ + "openid" + "email" + "profile" + ]; + }; + forgejo = { + displayName = "Forgejo"; + originUrl = "https://${forgejoDomain}/user/oauth2/kanidm/callback"; + originLanding = "https://${forgejoDomain}/"; + basicSecretFile = config.sops.secrets.kanidm-forgejo.path; + scopeMaps."forgejo.access" = [ + "openid" + "email" + "profile" + ]; + # XXX: PKCE is currently not supported by gitea/forgejo, + # see https://github.com/go-gitea/gitea/issues/21376. + allowInsecureClientDisablePkce = true; + preferShortUsername = true; + claimMaps.groups = { + joinType = "array"; + valuesByGroup."forgejo.admins" = [ "admin" ]; }; }; - }; - nextcloud = { - displayName = "Nextcloud"; - originUrl = " https://${nextcloudDomain}/apps/sociallogin/custom_oidc/kanidm"; - originLanding = "https://${nextcloudDomain}/"; - basicSecretFile = config.sops.secrets.kanidm-nextcloud.path; - allowInsecureClientDisablePkce = true; - scopeMaps."nextcloud.access" = [ - "openid" - "email" - "profile" - ]; - preferShortUsername = true; - claimMaps.groups = { - joinType = "array"; - valuesByGroup = { - "nextcloud.admins" = [ "admin" ]; + grafana = { + displayName = "Grafana"; + originUrl = "https://${grafanaDomain}/login/generic_oauth"; + originLanding = "https://${grafanaDomain}/"; + basicSecretFile = config.sops.secrets.kanidm-grafana.path; + preferShortUsername = true; + scopeMaps."grafana.access" = [ + "openid" + "email" + "profile" + ]; + claimMaps.groups = { + joinType = "array"; + valuesByGroup = { + "grafana.editors" = [ "editor" ]; + "grafana.admins" = [ "admin" ]; + "grafana.server-admins" = [ "server_admin" ]; + }; }; }; - }; - opkssh = { - displayName = "OPKSSH"; - originUrl = [ - "http://localhost:3000" - "http://localhost:3000/login-callback" - "http://localhost:10001/login-callback" - "http://localhost:11110/login-callback" - ]; - originLanding = "http://localhost:3000"; - public = true; - enableLocalhostRedirects = true; - scopeMaps."opkssh.access" = [ - "openid" - "email" - "profile" - ]; - }; - oauth2-proxy = { - displayName = "Oauth2-Proxy"; - originUrl = "https://${oauth2ProxyDomain}/oauth2/callback"; - originLanding = "https://${oauth2ProxyDomain}/"; - basicSecretFile = config.sops.secrets.kanidm-oauth2-proxy.path; - scopeMaps = { - "freshrss.access" = [ + nextcloud = { + displayName = "Nextcloud"; + originUrl = " https://${nextcloudDomain}/apps/sociallogin/custom_oidc/kanidm"; + originLanding = "https://${nextcloudDomain}/"; + basicSecretFile = config.sops.secrets.kanidm-nextcloud.path; + allowInsecureClientDisablePkce = true; + scopeMaps."nextcloud.access" = [ "openid" "email" "profile" ]; - "navidrome.access" = [ - "openid" - "email" - "profile" + preferShortUsername = true; + claimMaps.groups = { + joinType = "array"; + valuesByGroup = { + "nextcloud.admins" = [ "admin" ]; + }; + }; + }; + opkssh = { + displayName = "OPKSSH"; + originUrl = [ + "http://localhost:3000" + "http://localhost:3000/login-callback" + "http://localhost:10001/login-callback" + "http://localhost:11110/login-callback" ]; - "firefly.access" = [ - "openid" - "email" - "profile" - ]; - "radicale.access" = [ - "openid" - "email" - "profile" - ]; - "slink.access" = [ - "openid" - "email" - "profile" - ]; - "adguardhome.access" = [ + originLanding = "http://localhost:3000"; + public = true; + enableLocalhostRedirects = true; + scopeMaps."opkssh.access" = [ "openid" "email" "profile" ]; }; - preferShortUsername = true; - claimMaps.groups = { - joinType = "array"; - valuesByGroup = { - "freshrss.access" = [ "ttrss_access" ]; - "navidrome.access" = [ "navidrome_access" ]; - "firefly.access" = [ "firefly_access" ]; - "radicale.access" = [ "radicale_access" ]; - "slink.access" = [ "slink_access" ]; - "adguardhome.access" = [ "adguardhome_access" ]; + oauth2-proxy = { + displayName = "Oauth2-Proxy"; + originUrl = "https://${oauth2ProxyDomain}/oauth2/callback"; + originLanding = "https://${oauth2ProxyDomain}/"; + basicSecretFile = config.sops.secrets.kanidm-oauth2-proxy.path; + scopeMaps = { + "freshrss.access" = [ + "openid" + "email" + "profile" + ]; + "navidrome.access" = [ + "openid" + "email" + "profile" + ]; + "firefly.access" = [ + "openid" + "email" + "profile" + ]; + "radicale.access" = [ + "openid" + "email" + "profile" + ]; + "slink.access" = [ + "openid" + "email" + "profile" + ]; + "adguardhome.access" = [ + "openid" + "email" + "profile" + ]; + }; + preferShortUsername = true; + claimMaps.groups = { + joinType = "array"; + valuesByGroup = { + "freshrss.access" = [ "ttrss_access" ]; + "navidrome.access" = [ "navidrome_access" ]; + "firefly.access" = [ "firefly_access" ]; + "radicale.access" = [ "radicale_access" ]; + "slink.access" = [ "slink_access" ]; + "adguardhome.access" = [ "adguardhome_access" ]; + }; }; }; }; @@ -16004,24 +16013,23 @@ kanidm person credential create-reset-token }; }; }; - }; - nodes = let - extraConfig = '' - allow ${globals.networks.home-lan.vlans.services.cidrv4}; + nodes = let + extraConfig = '' + allow ${globals.networks.home-lan.vlans.services.cidrv4}; allow ${globals.networks.home-lan.vlans.services.cidrv6}; - ''; - in { - ${dnsServer}.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { - "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; + ''; + in { + ${dnsServer}.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = { + "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; + }; + ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceDomain serviceName; protocol = "https"; noSslVerify = true; }; + ${homeWebProxy}.services.nginx = confLib.genNginx { inherit servicePort serviceDomain serviceName; protocol = "https"; noSslVerify = true; extraConfig = extraConfig + nginxAccessRules; serviceAddress = homeServiceAddress; }; }; - ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceDomain serviceName; protocol = "https"; noSslVerify = true; }; - ${homeWebProxy}.services.nginx = confLib.genNginx { inherit servicePort serviceDomain serviceName; protocol = "https"; noSslVerify = true; extraConfig = extraConfig + nginxAccessRules; serviceAddress = homeServiceAddress; }; - }; - }; - } + }; + } #+end_src **** oauth2-proxy @@ -16205,9 +16213,9 @@ This can be used to add OIDC in a way to services that do not support it nativel domain = ".${mainDomain}"; secure = true; expire = "900m"; - secret = null; # set by service EnvironmentFile + secretFile = null; }; - clientSecret = null; # set by service EnvironmentFile + clientSecretFile = null; reverseProxy = true; httpAddress = "0.0.0.0:${builtins.toString servicePort}"; redirectURL = "https://${serviceDomain}/oauth2/callback"; @@ -18341,7 +18349,7 @@ When changing the hashed passwords, =dovecot= needs to be restarted manually, it }; # the rest of the ports are managed by snm - networking.firewall.allowedTCPPorts = [ 80 servicePort ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx = { virtualHosts = { @@ -18372,8 +18380,8 @@ When changing the hashed passwords, =dovecot= needs to be restarted manually, it "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host endpointAddress4 endpointAddress6; "${globals.services.roundcube.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; }; - ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; }; - ${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; }); + ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; }; + ${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; }); }; }; @@ -20851,7 +20859,6 @@ This holds packages that I can use as provided, or with small modifications (as picard-tools audacity sox - # stable.feishin # does not work with oauth2-proxy calibre # printing @@ -21522,6 +21529,10 @@ This section is for programs that require no further configuration. zsh Integrat ]; }; }; + + home.sessionVariables = { + _ZO_EXCLUDE_DIRS = "$HOME:$HOME/.ansible/*:$HOME/test/*:/persist"; + }; }; } #+end_src @@ -25863,7 +25874,7 @@ This service changes the screen hue at night. I am not sure if that really does reduceMotion = true; spacebarRatesCard = true; # videoDriver = "opengl"; - sync = { + profiles."User 1".sync = { autoSync = false; # sync on profile close will delay system shutdown syncMedia = true; autoSyncMediaMinutes = 5; @@ -27333,7 +27344,10 @@ When setting up a new machine: prometheus.cli tigervnc # openstackclient + step-cli + vscode-fhs + copilot-cli antigravity @@ -27457,7 +27471,7 @@ When setting up a new machine: programs = let - inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail clouds; + inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 clouds; in { openstackclient = { @@ -27478,7 +27492,8 @@ When setting up a new machine: # }; # }; }; - git.settings.user.email = lib.mkForce gitMail; + # this is no longer needed since moving away from bitbucket + # git.settings.user.email = lib.mkForce gitMail; zsh = { shellAliases = { @@ -28274,17 +28289,20 @@ This is where the theme for the whole OS is defined. Originally, this noweb-ref In short, the options defined here are passed to the modules systems using =_modules.args= - they can then be used by passing =vars= as an attribute in the input attribute set of a modules system file (=basically all files in this configuration) #+begin_src nix-ts :noweb yes :tangle modules/shared/vars.nix - { self, lib, pkgs, ... }: + { self, pkgs, ... }: { _module.args = { vars = rec { waylandSessionVariables = { - SDL_VIDEODRIVER = "wayland"; - QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; - QT_QPA_PLATFORM = "wayland-egl"; ANKI_WAYLAND = "1"; - OBSIDIAN_USE_WAYLAND = "1"; MOZ_ENABLE_WAYLAND = "1"; + MOZ_WEBRENDER = "1"; + NIXOS_OZONE_WL = "1"; + OBSIDIAN_USE_WAYLAND = "1"; + QT_QPA_PLATFORM = "wayland-egl"; + QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; + SDL_VIDEODRIVER = "wayland"; + _JAVA_AWT_WM_NONREPARENTING = "1"; }; waylandExports = @@ -28370,28 +28388,28 @@ In short, the options defined here are passed to the modules systems using =_mod noscript # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut - (buildFirefoxXpiAddon { - pname = "shortkeys"; - version = "4.0.2"; - addonId = "Shortkeys@Shortkeys.com"; - url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; - sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; - meta = with lib; - { - description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; - mozPermissions = [ - "tabs" - "downloads" - "clipboardWrite" - "browsingData" - "storage" - "bookmarks" - "sessions" - "" - ]; - platforms = platforms.all; - }; - }) + # (buildFirefoxXpiAddon { + # pname = "shortkeys"; + # version = "4.0.2"; + # addonId = "Shortkeys@Shortkeys.com"; + # url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; + # sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; + # meta = with lib; + # { + # description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; + # mozPermissions = [ + # "tabs" + # "downloads" + # "clipboardWrite" + # "browsingData" + # "storage" + # "bookmarks" + # "sessions" + # "" + # ]; + # platforms = platforms.all; + # }; + # }) ]; }; @@ -31136,8 +31154,8 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a security = lib.mkDefault true; sops = lib.mkDefault true; stylix = lib.mkDefault true; - sway = lib.mkDefault true; - swayosd = lib.mkDefault true; + sway = lib.mkDefault false; # niri + swayosd = lib.mkDefault false; # niri syncthing = lib.mkDefault true; systemdTimeout = lib.mkDefault true; time = lib.mkDefault true; @@ -31211,48 +31229,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a { options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; config = lib.mkIf config.swarselprofiles.hotel { + swarselprofiles.personal = true; swarselmodules = { - packages = lib.mkForce true; - general = lib.mkForce true; - home-manager = lib.mkForce true; - xserver = lib.mkForce true; - users = lib.mkForce true; - sops = lib.mkForce true; - env = lib.mkForce true; - security = lib.mkForce true; - systemdTimeout = lib.mkForce true; - hardware = lib.mkForce true; - pulseaudio = lib.mkForce true; - pipewire = lib.mkForce true; - network = lib.mkForce true; - time = lib.mkForce true; - stylix = lib.mkForce true; - programs = lib.mkForce true; - zsh = lib.mkForce true; - syncthing = lib.mkForce true; - blueman = lib.mkForce true; - networkDevices = lib.mkForce true; - gvfs = lib.mkForce true; - interceptionTools = lib.mkForce true; - swayosd = lib.mkForce true; - ppd = lib.mkForce true; - yubikey = lib.mkForce false; - ledger = lib.mkForce true; - keyboards = lib.mkForce true; - login = lib.mkForce true; - nix-ld = lib.mkForce true; - impermanence = lib.mkForce true; - nvd = lib.mkForce true; - gnome-keyring = lib.mkForce true; - sway = lib.mkForce true; - xdg-portal = lib.mkForce true; - distrobox = lib.mkForce true; - appimage = lib.mkForce true; - lid = lib.mkForce true; - lowBattery = lib.mkForce true; - lanzaboote = lib.mkForce true; - autologin = lib.mkForce true; - nftables = lib.mkDefault true; + yubikey = false; }; }; @@ -31393,8 +31372,8 @@ This holds modules that are to be used on most hosts. These are also the most im anki-tray = lib.mkDefault true; attic-store-push = lib.mkDefault true; atuin = lib.mkDefault true; - autotiling = lib.mkDefault true; - batsignal = lib.mkDefault true; + autotiling = lib.mkDefault false; # niri + batsignal = lib.mkDefault false; # niri blueman-applet = lib.mkDefault true; desktop = lib.mkDefault true; direnv = lib.mkDefault true; @@ -31406,17 +31385,18 @@ This holds modules that are to be used on most hosts. These are also the most im firefox = lib.mkDefault true; firezone-tray = lib.mkDefault true; fuzzel = lib.mkDefault true; - gammastep = lib.mkDefault true; + gammastep = lib.mkDefault false; # niri general = lib.mkDefault true; git = lib.mkDefault true; gnome-keyring = lib.mkDefault true; gpgagent = lib.mkDefault true; hexchat = lib.mkDefault true; - kanshi = lib.mkDefault true; + kanshi = lib.mkDefault false; # niri kdeconnect = lib.mkDefault true; kitty = lib.mkDefault true; + khal = lib.mkDefault true; mail = lib.mkDefault true; - mako = lib.mkDefault true; + mako = lib.mkDefault false; # niri nix-index = lib.mkDefault true; nixgl = lib.mkDefault true; nix-your-shell = lib.mkDefault true; @@ -31435,9 +31415,9 @@ This holds modules that are to be used on most hosts. These are also the most im ssh = lib.mkDefault true; starship = lib.mkDefault true; stylix = lib.mkDefault true; - sway = lib.mkDefault true; + sway = lib.mkDefault false; # niri swayidle = lib.mkDefault true; - swaylock = lib.mkDefault true; + swaylock = lib.mkDefault false; # niri swayosd = lib.mkDefault true; symlink = lib.mkDefault true; tmux = lib.mkDefault true; @@ -31529,41 +31509,15 @@ This holds modules that are to be used on most hosts. These are also the most im { options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; config = lib.mkIf config.swarselprofiles.hotel { + swarselprofiles.personal = true; swarselmodules = { - packages = lib.mkForce true; - ownpackages = lib.mkForce true; - general = lib.mkForce true; - nixgl = lib.mkForce true; - sops = lib.mkForce true; yubikey = lib.mkForce false; - ssh = lib.mkForce true; - stylix = lib.mkForce true; - desktop = lib.mkForce true; - symlink = lib.mkForce true; + ssh = lib.mkForce false; env = lib.mkForce false; - programs = lib.mkForce true; - nix-index = lib.mkForce true; - direnv = lib.mkForce true; - eza = lib.mkForce true; git = lib.mkForce false; - fuzzel = lib.mkForce true; - starship = lib.mkForce true; - kitty = lib.mkForce true; - zsh = lib.mkForce true; - zellij = lib.mkForce true; - tmux = lib.mkForce true; mail = lib.mkForce false; - emacs = lib.mkForce true; - waybar = lib.mkForce true; - firefox = lib.mkForce true; - gnome-keyring = lib.mkForce true; - kdeconnect = lib.mkForce true; - mako = lib.mkForce true; - swayosd = lib.mkForce true; - yubikeytouch = lib.mkForce true; - sway = lib.mkForce true; - kanshi = lib.mkForce true; - gpgagent = lib.mkForce true; + emacs = lib.mkForce false; + obsidian = lib.mkForce false; gammastep = lib.mkForce false; }; }; diff --git a/flake.lock b/flake.lock index 48c0b34..6fff583 100644 --- a/flake.lock +++ b/flake.lock @@ -101,11 +101,11 @@ }, "crane": { "locked": { - "lastModified": 1769287525, - "narHash": "sha256-gABuYA6BzoRMLuPaeO5p7SLrpd4qExgkwEmYaYQY4bM=", + "lastModified": 1771796463, + "narHash": "sha256-9bCDuUzpwJXcHMQYMS1yNuzYMmKO/CCwCexpjWOl62I=", "owner": "ipetkov", "repo": "crane", - "rev": "0314e365877a85c9e5758f9ea77a9972afbb4c21", + "rev": "3d3de3313e263e04894f284ac18177bd26169bad", "type": "github" }, "original": { @@ -116,7 +116,7 @@ }, "crane_2": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_5", "flake-utils": "flake-utils_4", "nixpkgs": [ "nixos-extra-modules", @@ -250,11 +250,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1769524058, - "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", + "lastModified": 1772420042, + "narHash": "sha256-naZz40TUFMa0E0CutvwWsSPhgD5JldyTUDEgP9ADpfU=", "owner": "nix-community", "repo": "disko", - "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", + "rev": "5af7af10f14706e4095bd6bc0d9373eb097283c6", "type": "github" }, "original": { @@ -322,11 +322,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1770111667, - "narHash": "sha256-jCWQIveEsr5IKgVnSlMVJCpymifY5pfqTaLJR1CBp0g=", + "lastModified": 1772444130, + "narHash": "sha256-z0Qb935EOAxuQlMpL5FkM/cDERrHNNqNVvUG+f2M7d0=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "3fe6048ddd9ee1bc0784bdab23da0f5e6911f73b", + "rev": "f99d61b5ee1831be80ef1369846493251f04a12f", "type": "github" }, "original": { @@ -337,7 +337,7 @@ }, "fenix": { "inputs": { - "nixpkgs": "nixpkgs_15", + "nixpkgs": "nixpkgs_16", "rust-analyzer-src": "rust-analyzer-src" }, "locked": { @@ -389,15 +389,15 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { - "owner": "edolstra", + "owner": "NixOS", "repo": "flake-compat", "type": "github" } @@ -405,11 +405,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -435,6 +435,22 @@ } }, "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_6": { "flake": false, "locked": { "lastModified": 1696426674, @@ -450,7 +466,7 @@ "type": "github" } }, - "flake-compat_6": { + "flake-compat_7": { "flake": false, "locked": { "lastModified": 1767039857, @@ -466,18 +482,34 @@ "type": "github" } }, - "flake-compat_7": { + "flake-compat_8": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", - "owner": "edolstra", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { - "owner": "edolstra", + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_9": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", "repo": "flake-compat", "type": "github" } @@ -486,6 +518,24 @@ "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, + "locked": { + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" + }, "locked": { "lastModified": 1769996383, "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", @@ -500,9 +550,9 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_3": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" + "nixpkgs-lib": "nixpkgs-lib_3" }, "locked": { "lastModified": 1765835352, @@ -518,9 +568,9 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_4": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_3" + "nixpkgs-lib": "nixpkgs-lib_4" }, "locked": { "lastModified": 1738453229, @@ -536,9 +586,27 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_5": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_4" + "nixpkgs-lib": "nixpkgs-lib_5" + }, + "locked": { + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_6": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_6" }, "locked": { "lastModified": 1719994518, @@ -553,7 +621,7 @@ "type": "indirect" } }, - "flake-parts_5": { + "flake-parts_7": { "inputs": { "nixpkgs-lib": [ "nur", @@ -574,7 +642,7 @@ "type": "github" } }, - "flake-parts_6": { + "flake-parts_8": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -595,9 +663,9 @@ "type": "github" } }, - "flake-parts_7": { + "flake-parts_9": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_5" + "nixpkgs-lib": "nixpkgs-lib_7" }, "locked": { "lastModified": 1759362264, @@ -734,18 +802,64 @@ "simple-nixos-mailserver", "flake-compat" ], - "gitignore": "gitignore_4", + "gitignore": "gitignore_6", "nixpkgs": [ "simple-nixos-mailserver", "nixpkgs" ] }, "locked": { - "lastModified": 1763988335, - "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=", + "lastModified": 1769939035, + "narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce", + "rev": "a8ca480175326551d6c4121498316261cbb5b260", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks-nix": { + "inputs": { + "flake-compat": "flake-compat_2", + "gitignore": "gitignore_2", + "nixpkgs": [ + "niritiling", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1771858127, + "narHash": "sha256-Gtre9YoYl3n25tJH2AoSdjuwcqij5CPxL3U3xysYD08=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "49bbbfc218bf3856dfa631cead3b052d78248b83", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks-nix_2": { + "inputs": { + "flake-compat": "flake-compat_7", + "gitignore": "gitignore_4", + "nixpkgs": [ + "noctoggle", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1771858127, + "narHash": "sha256-Gtre9YoYl3n25tJH2AoSdjuwcqij5CPxL3U3xysYD08=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "49bbbfc218bf3856dfa631cead3b052d78248b83", "type": "github" }, "original": { @@ -779,8 +893,8 @@ "gitignore_2": { "inputs": { "nixpkgs": [ - "nixos-extra-modules", - "pre-commit-hooks", + "niritiling", + "git-hooks-nix", "nixpkgs" ] }, @@ -801,6 +915,7 @@ "gitignore_3": { "inputs": { "nixpkgs": [ + "nixos-extra-modules", "pre-commit-hooks", "nixpkgs" ] @@ -820,6 +935,49 @@ } }, "gitignore_4": { + "inputs": { + "nixpkgs": [ + "noctoggle", + "git-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_5": { + "inputs": { + "nixpkgs": [ + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_6": { "inputs": { "nixpkgs": [ "simple-nixos-mailserver", @@ -891,11 +1049,11 @@ ] }, "locked": { - "lastModified": 1769978395, - "narHash": "sha256-gj1yP3spUb1vGtaF5qPhshd2j0cg4xf51pklDsIm19Q=", + "lastModified": 1772380461, + "narHash": "sha256-O3ukj3Bb3V0Tiy/4LUfLlBpWypJ9P0JeUgsKl2nmZZY=", "owner": "nix-community", "repo": "home-manager", - "rev": "984708c34d3495a518e6ab6b8633469bbca2f77a", + "rev": "f140aa04d7d14f8a50ab27f3691b5766b17ae961", "type": "github" }, "original": { @@ -1019,11 +1177,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1769949118, - "narHash": "sha256-Ue9kYZenqMw9yHGFnBpoWxQqhs2tlH/el4AxKVicXBE=", + "lastModified": 1772216104, + "narHash": "sha256-1TnGN26vnCEQk5m4AavJZxGZTb/6aZyphemRPRwFUfs=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "0be0641613a13323a61a6406c46b6f28b8894395", + "rev": "dbe5112de965bbbbff9f0729a9789c20a65ab047", "type": "github" }, "original": { @@ -1038,11 +1196,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1769907691, - "narHash": "sha256-9OwKfEJMR8cxwDqKoJywdWa0LIcMGYZitMSsvAjAsMs=", + "lastModified": 1772338235, + "narHash": "sha256-9XcwtSIL/c+pkC3SBNuxCJuSktFOBV1TLvvkhekyB8I=", "owner": "astro", "repo": "microvm.nix", - "rev": "f9bf64e6e53ef21603cc65fd2d285c68184d0917", + "rev": "9d1ff9b53532908a5eba7707931c9093508b6b92", "type": "github" }, "original": { @@ -1122,11 +1280,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1769980417, - "narHash": "sha256-BOxPHApuXJE0wFKaDK811u5Ihvn4gnsXhCABo0O/u/Q=", + "lastModified": 1772433239, + "narHash": "sha256-5pPusMALo7ZYEoW/iHUxK7rLk3Kg8sJ8Sdf7IcfK5HA=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "ca6c544ca6a737bdb32676046bf98aca11f8f13d", + "rev": "c56af55f5563f7c7043ed45ed2566a69a638448d", "type": "github" }, "original": { @@ -1155,11 +1313,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1769577126, - "narHash": "sha256-v9vz9Rj4MGwPuhGELdvpRKl2HH+xvkgat6VwL0L86Fg=", + "lastModified": 1772207631, + "narHash": "sha256-Jkkg+KqshFO3CbTszVVpkKN2AOObYz+wMsM3ONo1z5g=", "owner": "YaLTeR", "repo": "niri", - "rev": "f30db163b5748e8cf95c05aba77d0d3736f40543", + "rev": "e708f546153f74acf33eb183b3b2992587a701e5", "type": "github" }, "original": { @@ -1168,6 +1326,27 @@ "type": "github" } }, + "niritiling": { + "inputs": { + "flake-parts": "flake-parts_2", + "git-hooks-nix": "git-hooks-nix", + "nixpkgs": "nixpkgs_9", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1772501846, + "narHash": "sha256-8ENdwZocIcoBLVZdMkH0g3AioA/9eblpbNVSXrKvFdQ=", + "owner": "Swarsel", + "repo": "niritiling", + "rev": "6238840d8c85937e54c23fb8acf37c7274b9082d", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "repo": "niritiling", + "type": "github" + } + }, "nix": { "flake": false, "locked": { @@ -1187,14 +1366,14 @@ }, "nix-darwin": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1768764703, - "narHash": "sha256-5ulSDyOG1U+1sJhkJHYsUOWEsmtLl97O0NTVMvgIVyc=", + "lastModified": 1772379624, + "narHash": "sha256-NG9LLTWlz4YiaTAiRGChbrzbVxBfX+Auq4Ab/SWmk4A=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "0fc4e7ac670a0ed874abacf73c4b072a6a58064b", + "rev": "52d061516108769656a8bd9c6e811c677ec5b462", "type": "github" }, "original": { @@ -1250,11 +1429,11 @@ ] }, "locked": { - "lastModified": 1765267181, - "narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=", + "lastModified": 1772341813, + "narHash": "sha256-/PQ0ubBCMj/MVCWEI/XMStn55a8dIKsvztj4ZVLvUrQ=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f", + "rev": "a2051ff239ce2e8a0148fa7a152903d9a78e854f", "type": "github" }, "original": { @@ -1265,16 +1444,16 @@ }, "nix-minecraft": { "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_10", + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_11", "systems": "systems" }, "locked": { - "lastModified": 1770000653, - "narHash": "sha256-QO/twGynxjOSUDtxbqJLshc/Q5/wImLH5O6KV2p9eoE=", + "lastModified": 1772334875, + "narHash": "sha256-AveYVY2plEJ62Br6iAd4fB5PDYyjJoTEmgdWRV3m+Vo=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "6a2ddb643aaf7949caa6158e718c5efc3dda7dc1", + "rev": "a852ac73a4f9bf8270bdac90a72a28fef5df846b", "type": "github" }, "original": { @@ -1287,7 +1466,7 @@ "inputs": { "home-manager": "home-manager_3", "nix-formatter-pack": "nix-formatter-pack", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_12", "nixpkgs-docs": "nixpkgs-docs", "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap", "nmd": "nmd_2" @@ -1309,15 +1488,15 @@ }, "nix-topology": { "inputs": { - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_12" + "flake-parts": "flake-parts_3", + "nixpkgs": "nixpkgs_13" }, "locked": { - "lastModified": 1769983422, - "narHash": "sha256-/zQdD8Aogh16eD5lgFokRMA0EYCm5uQITKCA90/01Oo=", + "lastModified": 1771963727, + "narHash": "sha256-gFyFAFYYoNsvd6heI0XtDMIa4pnykjwDljS7dQm45uE=", "owner": "oddlama", "repo": "nix-topology", - "rev": "20b5c5c698d45cc0f950889b3f6379ced5ce9c4a", + "rev": "b493b9b970388d79129ce1a92a6b060c9305386f", "type": "github" }, "original": { @@ -1364,7 +1543,7 @@ "nixgl": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_13" + "nixpkgs": "nixpkgs_14" }, "locked": { "lastModified": 1762090880, @@ -1398,8 +1577,8 @@ "nixos-extra-modules": { "inputs": { "devshell": "devshell_2", - "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_14", + "flake-parts": "flake-parts_4", + "nixpkgs": "nixpkgs_15", "nixt": "nixt", "pre-commit-hooks": "pre-commit-hooks" }, @@ -1441,11 +1620,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1769302137, - "narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=", + "lastModified": 1771969195, + "narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8", + "rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e", "type": "github" }, "original": { @@ -1478,14 +1657,14 @@ "nixos-nftables-firewall": { "inputs": { "dependencyDagOfSubmodule": "dependencyDagOfSubmodule", - "nixpkgs": "nixpkgs_16" + "nixpkgs": "nixpkgs_17" }, "locked": { - "lastModified": 1715521768, - "narHash": "sha256-BQkkBqDemoPRd2a4G94I9w9fNE0IxWtVsQ9SalnNqCQ=", + "lastModified": 1771368654, + "narHash": "sha256-k+O9zSfzT+hkY9Whk/6wczIxr9ULGUt//UvJDcH5jCo=", "owner": "thelegy", "repo": "nixos-nftables-firewall", - "rev": "2c5a19966b4dfc5ca92df7eb250c68f90be653c8", + "rev": "904b533798d8236c129f5a85076c0af1e5cdf8a0", "type": "github" }, "original": { @@ -1546,11 +1725,11 @@ }, "nixpkgs-bisect": { "locked": { - "lastModified": 1770036759, - "narHash": "sha256-DJCFJPCTYWb+fVucckjAEvgd1Hjhe5stYT0vDPfMFpE=", + "lastModified": 1772456869, + "narHash": "sha256-dpJZDTBrJsVk5OPclGEx9UEkd07TCebPXpaOtQgbgDo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2b10a50ae3da5b008025eefa9a440d95559bccde", + "rev": "7b25dc29ae2eb0e095ed0f9e9f1e3c1beda2dedc", "type": "github" }, "original": { @@ -1610,22 +1789,37 @@ }, "nixpkgs-kernel": { "locked": { - "lastModified": 1748026106, - "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", - "owner": "NixOS", + "lastModified": 1772198003, + "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", "type": "github" }, "original": { - "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", - "owner": "NixOS", + "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", "type": "github" } }, "nixpkgs-lib": { + "locked": { + "lastModified": 1772328832, + "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_2": { "locked": { "lastModified": 1769909678, "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", @@ -1640,7 +1834,7 @@ "type": "github" } }, - "nixpkgs-lib_2": { + "nixpkgs-lib_3": { "locked": { "lastModified": 1765674936, "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", @@ -1655,7 +1849,7 @@ "type": "github" } }, - "nixpkgs-lib_3": { + "nixpkgs-lib_4": { "locked": { "lastModified": 1738452942, "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=", @@ -1667,7 +1861,22 @@ "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" } }, - "nixpkgs-lib_4": { + "nixpkgs-lib_5": { + "locked": { + "lastModified": 1769909678, + "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "72716169fe93074c333e8d0173151350670b824c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_6": { "locked": { "lastModified": 1719876945, "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", @@ -1679,7 +1888,7 @@ "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" } }, - "nixpkgs-lib_5": { + "nixpkgs-lib_7": { "locked": { "lastModified": 1754788789, "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", @@ -1776,11 +1985,11 @@ }, "nixpkgs-stable25_11": { "locked": { - "lastModified": 1769900590, - "narHash": "sha256-I7Lmgj3owOTBGuauy9FL6qdpeK2umDoe07lM4V+PnyA=", + "lastModified": 1772047000, + "narHash": "sha256-7DaQVv4R97cii/Qdfy4tmDZMB2xxtyIvNGSwXBBhSmo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "41e216c0ca66c83b12ab7a98cc326b5db01db646", + "rev": "1267bb4920d0fc06ea916734c11b0bf004bbe17e", "type": "github" }, "original": { @@ -1792,11 +2001,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1769900590, - "narHash": "sha256-I7Lmgj3owOTBGuauy9FL6qdpeK2umDoe07lM4V+PnyA=", + "lastModified": 1772047000, + "narHash": "sha256-7DaQVv4R97cii/Qdfy4tmDZMB2xxtyIvNGSwXBBhSmo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "41e216c0ca66c83b12ab7a98cc326b5db01db646", + "rev": "1267bb4920d0fc06ea916734c11b0bf004bbe17e", "type": "github" }, "original": { @@ -1808,11 +2017,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1769900590, - "narHash": "sha256-I7Lmgj3owOTBGuauy9FL6qdpeK2umDoe07lM4V+PnyA=", + "lastModified": 1772047000, + "narHash": "sha256-7DaQVv4R97cii/Qdfy4tmDZMB2xxtyIvNGSwXBBhSmo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "41e216c0ca66c83b12ab7a98cc326b5db01db646", + "rev": "1267bb4920d0fc06ea916734c11b0bf004bbe17e", "type": "github" }, "original": { @@ -1822,325 +2031,23 @@ "type": "github" } }, + "nixpkgs-update": { + "locked": { + "lastModified": 1772366254, + "narHash": "sha256-BEyksEod87WtnABqiwpqEpRbkpnZcdgnja8hWLajF6w=", + "owner": "r-ryantm", + "repo": "nixpkgs", + "rev": "b11492b3f4f5d1b1fd2a0cf05c0ebf90412c1086", + "type": "github" + }, + "original": { + "owner": "r-ryantm", + "ref": "auto-update/oauth2-proxy", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_10": { - "locked": { - "lastModified": 1769461804, - "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1708172716, - "narHash": "sha256-3M94oln0b61m3dUmLyECCA9hYAHXZEszM4saE3CmQO4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5d874ac46894c896119bce68e758e9e80bdb28f1", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_12": { - "locked": { - "lastModified": 1766651565, - "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_13": { - "locked": { - "lastModified": 1746378225, - "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "93e8cdce7afc64297cfec447c311470788131cd9", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_14": { - "locked": { - "lastModified": 1737885589, - "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_15": { - "locked": { - "lastModified": 1677063315, - "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "988cc958c57ce4350ec248d2d53087777f9e1949", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_16": { - "locked": { - "lastModified": 1692638711, - "narHash": "sha256-J0LgSFgJVGCC1+j5R2QndadWI1oumusg6hCtYAzLID4=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "91a22f76cd1716f9d0149e8a5c68424bb691de15", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_17": { - "locked": { - "lastModified": 1769789167, - "narHash": "sha256-kKB3bqYJU5nzYeIROI82Ef9VtTbu4uA3YydSk/Bioa8=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "62c8382960464ceb98ea593cb8321a2cf8f9e3e5", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_18": { - "locked": { - "lastModified": 1720957393, - "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_19": { - "locked": { - "lastModified": 1769789167, - "narHash": "sha256-kKB3bqYJU5nzYeIROI82Ef9VtTbu4uA3YydSk/Bioa8=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "62c8382960464ceb98ea593cb8321a2cf8f9e3e5", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1769330179, - "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_20": { - "locked": { - "lastModified": 1767892417, - "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_21": { - "locked": { - "lastModified": 1764947035, - "narHash": "sha256-EYHSjVM4Ox4lvCXUMiKKs2vETUSL5mx+J2FfutM7T9w=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a672be65651c80d3f592a89b3945466584a22069", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_22": { - "locked": { - "lastModified": 1764374374, - "narHash": "sha256-naS7hg/D1yLKSZoENx9gvsPLFiNEOTcqamJSu0OEvCA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "6a49303095abc094ee77dc243a9e351b642e8e75", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_23": { - "locked": { - "lastModified": 1769740369, - "narHash": "sha256-xKPyJoMoXfXpDM5DFDZDsi9PHArf2k5BJjvReYXoFpM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "6308c3b21396534d8aaeac46179c14c439a89b8a", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_24": { - "locked": { - "lastModified": 1769461804, - "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_25": { - "locked": { - "lastModified": 1767767207, - "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_26": { - "locked": { - "lastModified": 1759733170, - "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "8913c168d1c56dc49a7718685968f38752171c3b", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_27": { - "locked": { - "lastModified": 1767364772, - "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_28": { - "locked": { - "lastModified": 1742268799, - "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "da044451c6a70518db5b730fe277b70f494188f1", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_29": { "locked": { "lastModified": 1765934234, "narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=", @@ -2156,13 +2063,44 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_11": { "locked": { - "lastModified": 1770019141, - "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_12": { + "locked": { + "lastModified": 1708172716, + "narHash": "sha256-3M94oln0b61m3dUmLyECCA9hYAHXZEszM4saE3CmQO4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137", + "rev": "5d874ac46894c896119bce68e758e9e80bdb28f1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_13": { + "locked": { + "lastModified": 1766651565, + "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539", "type": "github" }, "original": { @@ -2172,6 +2110,322 @@ "type": "github" } }, + "nixpkgs_14": { + "locked": { + "lastModified": 1746378225, + "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "93e8cdce7afc64297cfec447c311470788131cd9", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_15": { + "locked": { + "lastModified": 1737885589, + "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_16": { + "locked": { + "lastModified": 1677063315, + "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "988cc958c57ce4350ec248d2d53087777f9e1949", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_17": { + "locked": { + "lastModified": 1771008912, + "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a82ccc39b39b621151d6732718e3e250109076fa", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_18": { + "locked": { + "lastModified": 1772198003, + "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_19": { + "locked": { + "lastModified": 1771848320, + "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2fc6539b481e1d2569f25f8799236694180c0993", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1772173633, + "narHash": "sha256-MOH58F4AIbCkh6qlQcwMycyk5SWvsqnS/TCfnqDlpj4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c0f3d81a7ddbc2b1332be0d8481a672b4f6004d6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_20": { + "locked": { + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_21": { + "locked": { + "lastModified": 1772198003, + "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_22": { + "locked": { + "lastModified": 1767892417, + "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_23": { + "locked": { + "lastModified": 1770073757, + "narHash": "sha256-Vy+G+F+3E/Tl+GMNgiHl9Pah2DgShmIUBJXmbiQPHbI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "47472570b1e607482890801aeaf29bfb749884f6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_24": { + "locked": { + "lastModified": 1770650459, + "narHash": "sha256-hGeOnueXorzwDD1V9ldZr+y+zad4SNyqMnQsa/mIlvI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fff0554c67696d76a0cdd9cfe14403fbdbf1f378", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_25": { + "locked": { + "lastModified": 1772173633, + "narHash": "sha256-MOH58F4AIbCkh6qlQcwMycyk5SWvsqnS/TCfnqDlpj4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c0f3d81a7ddbc2b1332be0d8481a672b4f6004d6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_26": { + "locked": { + "lastModified": 1772198003, + "narHash": "sha256-UCaQQ8zmHUocQIgCl+53Jj6NuwqrVKtmv7obE9r6wnw=", + "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", + "type": "tarball", + "url": "https://releases.nixos.org/nixos/unstable/nixos-26.05pre955442.dd9b079222d4/nixexprs.tar.xz" + }, + "original": { + "type": "tarball", + "url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz" + } + }, + "nixpkgs_27": { + "locked": { + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_28": { + "locked": { + "lastModified": 1759733170, + "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "8913c168d1c56dc49a7718685968f38752171c3b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_29": { + "locked": { + "lastModified": 1770107345, + "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "4533d9293756b63904b7238acb84ac8fe4c8c2c4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1772198003, + "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_30": { + "locked": { + "lastModified": 1742268799, + "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "da044451c6a70518db5b730fe277b70f494188f1", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_31": { + "locked": { + "lastModified": 1765934234, + "narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "af84f9d270d404c17699522fab95bbf928a2d92f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_4": { "locked": { "lastModified": 1759652726, @@ -2206,11 +2460,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1769170682, - "narHash": "sha256-oMmN1lVQU0F0W2k6OI3bgdzp2YOHWYUAw79qzDSjenU=", + "lastModified": 1771848320, + "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c5296fdd05cfa2c187990dd909864da9658df755", + "rev": "2fc6539b481e1d2569f25f8799236694180c0993", "type": "github" }, "original": { @@ -2238,11 +2492,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1769789167, - "narHash": "sha256-kKB3bqYJU5nzYeIROI82Ef9VtTbu4uA3YydSk/Bioa8=", + "lastModified": 1772198003, + "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "62c8382960464ceb98ea593cb8321a2cf8f9e3e5", + "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", "type": "github" }, "original": { @@ -2254,23 +2508,23 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1765934234, - "narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=", + "lastModified": 1771848320, + "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "af84f9d270d404c17699522fab95bbf928a2d92f", + "rev": "2fc6539b481e1d2569f25f8799236694180c0993", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixt": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "nixpkgs": [ "nixos-extra-modules", "nixpkgs" @@ -2350,14 +2604,15 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ] + ], + "noctalia-qs": "noctalia-qs" }, "locked": { - "lastModified": 1770217681, - "narHash": "sha256-gMJRIJiZFBe7Bwrwo2cz7YAxV0OiAVQMcmp8fY/YDPg=", + "lastModified": 1772453415, + "narHash": "sha256-8TCMSFCBZdutKryFKX72GOb/NWL9/vB5rswgWXV/EuM=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "91d07e9279aa9394427289f4b5dff959fbf779fb", + "rev": "8ebf2bf33220c62f3c5e937a318eceb25dd17228", "type": "github" }, "original": { @@ -2366,6 +2621,49 @@ "type": "github" } }, + "noctalia-qs": { + "inputs": { + "nixpkgs": [ + "noctalia", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772227064, + "narHash": "sha256-f821ZSoGpa/aXrWq0gPpea9qBnX8KDyavGKkptz2Mog=", + "owner": "noctalia-dev", + "repo": "noctalia-qs", + "rev": "0741d27d2f7db567270f139c5d1684614ecf9863", + "type": "github" + }, + "original": { + "owner": "noctalia-dev", + "repo": "noctalia-qs", + "type": "github" + } + }, + "noctoggle": { + "inputs": { + "flake-parts": "flake-parts_5", + "git-hooks-nix": "git-hooks-nix_2", + "nixpkgs": "nixpkgs_19", + "treefmt-nix": "treefmt-nix_2" + }, + "locked": { + "lastModified": 1772055992, + "narHash": "sha256-mruNKGSrxVJERkhMoFAIJv7McUu3LcdUkO1/sGu7nE4=", + "ref": "main", + "rev": "36f2784de08f8471a7227095c5c91d906f5614ba", + "revCount": 1, + "type": "git", + "url": "ssh://git@github.com/Swarsel/noctoggle.git" + }, + "original": { + "ref": "main", + "type": "git", + "url": "ssh://git@github.com/Swarsel/noctoggle.git" + } + }, "nosys": { "locked": { "lastModified": 1668010795, @@ -2383,8 +2681,8 @@ }, "nswitch-rcm-nix": { "inputs": { - "flake-parts": "flake-parts_4", - "nixpkgs": "nixpkgs_18" + "flake-parts": "flake-parts_6", + "nixpkgs": "nixpkgs_20" }, "locked": { "lastModified": 1721304043, @@ -2402,15 +2700,15 @@ }, "nur": { "inputs": { - "flake-parts": "flake-parts_5", - "nixpkgs": "nixpkgs_19" + "flake-parts": "flake-parts_7", + "nixpkgs": "nixpkgs_21" }, "locked": { - "lastModified": 1770037177, - "narHash": "sha256-a94+hfIuDFmV1z/+/6M0+O8ZuJsjWzCr7XMS4Poesws=", + "lastModified": 1772457611, + "narHash": "sha256-kqmCdDMGk7zn6c0Sh2T3peyWPCbotMVp0FoWS+I2ISs=", "owner": "nix-community", "repo": "NUR", - "rev": "b44e611bc73349f5ff9d85169f73de76d75cd6de", + "rev": "3b63a4c22748d5d0e9052c67f455cb138051ac33", "type": "github" }, "original": { @@ -2561,14 +2859,14 @@ "pia": { "inputs": { "flake-utils": "flake-utils_5", - "nixpkgs": "nixpkgs_20" + "nixpkgs": "nixpkgs_22" }, "locked": { - "lastModified": 1769674747, - "narHash": "sha256-fj6i2Xay3Jz8MJHcPiJslsL+YHh2JzaJtWr7rA0ckgY=", + "lastModified": 1772467409, + "narHash": "sha256-nNLIwuo2Za2yZBsW2CHIrqHyJro8PArqBz4AwKemtQ0=", "owner": "Swarsel", "repo": "pia.nix", - "rev": "7b56baf2300e49bb05d7e24f2fcd5d8ce4a40143", + "rev": "54e821537aeba6a757c23e65e3ee2cdf0c4e9702", "type": "github" }, "original": { @@ -2588,11 +2886,11 @@ ] }, "locked": { - "lastModified": 1769069492, - "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", + "lastModified": 1771858127, + "narHash": "sha256-Gtre9YoYl3n25tJH2AoSdjuwcqij5CPxL3U3xysYD08=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", + "rev": "49bbbfc218bf3856dfa631cead3b052d78248b83", "type": "github" }, "original": { @@ -2603,8 +2901,8 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_5", - "gitignore": "gitignore_2", + "flake-compat": "flake-compat_6", + "gitignore": "gitignore_3", "nixpkgs": [ "nixos-extra-modules", "nixpkgs" @@ -2626,16 +2924,16 @@ }, "pre-commit-hooks_2": { "inputs": { - "flake-compat": "flake-compat_6", - "gitignore": "gitignore_3", - "nixpkgs": "nixpkgs_21" + "flake-compat": "flake-compat_8", + "gitignore": "gitignore_5", + "nixpkgs": "nixpkgs_23" }, "locked": { - "lastModified": 1769939035, - "narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=", + "lastModified": 1772024342, + "narHash": "sha256-+eXlIc4/7dE6EcPs9a2DaSY3fTA9AE526hGqkNID3Wg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "a8ca480175326551d6c4121498316261cbb5b260", + "rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476", "type": "github" }, "original": { @@ -2657,6 +2955,7 @@ "lanzaboote": "lanzaboote", "microvm": "microvm", "niri-flake": "niri-flake", + "niritiling": "niritiling", "nix-darwin": "nix-darwin", "nix-eval-jobs": "nix-eval-jobs", "nix-index-database": "nix-index-database", @@ -2669,7 +2968,7 @@ "nixos-hardware": "nixos-hardware", "nixos-images": "nixos-images", "nixos-nftables-firewall": "nixos-nftables-firewall", - "nixpkgs": "nixpkgs_17", + "nixpkgs": "nixpkgs_18", "nixpkgs-bisect": "nixpkgs-bisect", "nixpkgs-dev": "nixpkgs-dev", "nixpkgs-kernel": "nixpkgs-kernel", @@ -2679,7 +2978,9 @@ "nixpkgs-stable24_11": "nixpkgs-stable24_11", "nixpkgs-stable25_05": "nixpkgs-stable25_05", "nixpkgs-stable25_11": "nixpkgs-stable25_11", + "nixpkgs-update": "nixpkgs-update", "noctalia": "noctalia", + "noctoggle": "noctoggle", "nswitch-rcm-nix": "nswitch-rcm-nix", "nur": "nur", "pia": "pia", @@ -2692,7 +2993,7 @@ "swarsel-nix": "swarsel-nix", "systems": "systems_7", "topologyPrivate": "topologyPrivate", - "treefmt-nix": "treefmt-nix", + "treefmt-nix": "treefmt-nix_3", "vbc-nix": "vbc-nix", "zjstatus": "zjstatus" } @@ -2722,11 +3023,11 @@ ] }, "locked": { - "lastModified": 1769309768, - "narHash": "sha256-AbOIlNO+JoqRJkK1VrnDXhxuX6CrdtIu2hSuy4pxi3g=", + "lastModified": 1771988922, + "narHash": "sha256-Fc6FHXtfEkLtuVJzd0B6tFYMhmcPLuxr90rWfb/2jtQ=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "140c9dc582cb73ada2d63a2180524fcaa744fad5", + "rev": "f4443dc3f0b6c5e6b77d923156943ce816d1fcb9", "type": "github" }, "original": { @@ -2808,16 +3109,16 @@ "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_7", + "flake-compat": "flake-compat_9", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_22" + "nixpkgs": "nixpkgs_24" }, "locked": { - "lastModified": 1766321686, - "narHash": "sha256-icOWbnD977HXhveirqA10zoqvErczVs3NKx8Bj+ikHY=", + "lastModified": 1772064816, + "narHash": "sha256-ks1D9Rtmopd5F/8ENjEUJpSYYMxv603/v6TRen9Hq54=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "7d433bf89882f61621f95082e90a4ab91eb0bdd3", + "rev": "ea4dc17f4bc0f65eed082fa394509e4543072b56", "type": "gitlab" }, "original": { @@ -2846,14 +3147,14 @@ }, "sops": { "inputs": { - "nixpkgs": "nixpkgs_23" + "nixpkgs": "nixpkgs_25" }, "locked": { - "lastModified": 1769921679, - "narHash": "sha256-twBMKGQvaztZQxFxbZnkg7y/50BW9yjtCBWwdjtOZew=", + "lastModified": 1772401007, + "narHash": "sha256-YHykQg0h9hrlZGpMcywnaFzQ1Kn/5YNCCOSaaAl6z7Q=", "owner": "Mic92", "repo": "sops-nix", - "rev": "1e89149dcfc229e7e2ae24a8030f124a31e4f24f", + "rev": "d8be5ea4cd3bc363492ab5bc6e874ccdc5465fe4", "type": "github" }, "original": { @@ -2880,15 +3181,15 @@ }, "spicetify-nix": { "inputs": { - "nixpkgs": "nixpkgs_24", + "nixpkgs": "nixpkgs_26", "systems": "systems_4" }, "locked": { - "lastModified": 1769986820, - "narHash": "sha256-O9OQ44dk9TJdtRIG828DUI54XdkfZET7AlN1RgTsPis=", + "lastModified": 1772494187, + "narHash": "sha256-6ksgNAFXVK+Cg/6ww7bB2nJUPZlnS75UwZC7G+L03EE=", "owner": "Gerg-l", "repo": "spicetify-nix", - "rev": "68de6434cfaa8983f3775b858b8b76e7c5dbd29c", + "rev": "915ab06b046d05613041780c575c62a32fe67cea", "type": "github" }, "original": { @@ -2982,9 +3283,9 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_6", + "flake-parts": "flake-parts_8", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_25", + "nixpkgs": "nixpkgs_27", "nur": "nur_2", "systems": "systems_5", "tinted-foot": "tinted-foot", @@ -2994,23 +3295,23 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1769978605, - "narHash": "sha256-Vjniae6HHJCb9xZLeUOP15aRQXSZuKeeaZFM+gRDCgo=", - "owner": "danth", + "lastModified": 1772019936, + "narHash": "sha256-KFfKOAKO3NUgK+Io7h9xdtgeKT8yM/+eDrFXT4XXMwg=", + "owner": "Swarsel", "repo": "stylix", - "rev": "ce22070ec5ce6169a6841da31baea33ce930ed38", + "rev": "a3026016be22b2b50c774451e515f640a8e14ae6", "type": "github" }, "original": { - "owner": "danth", + "owner": "Swarsel", "repo": "stylix", "type": "github" } }, "swarsel-nix": { "inputs": { - "flake-parts": "flake-parts_7", - "nixpkgs": "nixpkgs_26", + "flake-parts": "flake-parts_9", + "nixpkgs": "nixpkgs_28", "systems": "systems_6" }, "locked": { @@ -3257,14 +3558,56 @@ }, "treefmt-nix": { "inputs": { - "nixpkgs": "nixpkgs_27" + "nixpkgs": [ + "niritiling", + "nixpkgs" + ] }, "locked": { - "lastModified": 1769691507, - "narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=", + "lastModified": 1770228511, + "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b", + "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { + "inputs": { + "nixpkgs": [ + "noctoggle", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1770228511, + "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_3": { + "inputs": { + "nixpkgs": "nixpkgs_29" + }, + "locked": { + "lastModified": 1770228511, + "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", "type": "github" }, "original": { @@ -3275,15 +3618,15 @@ }, "vbc-nix": { "inputs": { - "nixpkgs": "nixpkgs_28", + "nixpkgs": "nixpkgs_30", "systems": "systems_8" }, "locked": { - "lastModified": 1742477270, - "narHash": "sha256-u78SeVemHqEkN6J+PieL1Kymu+n7LWiTPrUXNd+uePA=", + "lastModified": 1772450324, + "narHash": "sha256-WVmVk/wBPq2MXKKOBdoRM0i+0o7Lx+mNQk5I/fUA1eo=", "ref": "main", - "rev": "0525ad64e2729077ed2cf313d2022e8b8c51153f", - "revCount": 2, + "rev": "cf687d4f2b9a3dd69de99555f5511ede05254919", + "revCount": 7, "type": "git", "url": "ssh://git@github.com/vbc-it/vbc-nix.git" }, @@ -3313,11 +3656,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1769713942, - "narHash": "sha256-0BtCSO2qzYK/akRDsERqRVLknCYD3FYErc+szreSHUo=", + "lastModified": 1772429643, + "narHash": "sha256-M+bAeCCcjBnVk6w/4dIVvXvpJwOKnXjwi/lDbaN6Yws=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "37ec78ee26e158b71f42e113e0e7dd9d5eb6bdb0", + "rev": "10f985b84cdbcc3bbf35b3e7e43d1b2a84fa9ce2", "type": "github" }, "original": { @@ -3353,15 +3696,15 @@ "inputs": { "crane": "crane_3", "flake-utils": "flake-utils_6", - "nixpkgs": "nixpkgs_29", + "nixpkgs": "nixpkgs_31", "rust-overlay": "rust-overlay_3" }, "locked": { - "lastModified": 1766016463, - "narHash": "sha256-aWp608krMtk5I+c3GXyuHkb6ugah40cBI0R52fNqMiI=", + "lastModified": 1771148613, + "narHash": "sha256-nLzdw8jskekSRrunxBDCA0NCHr/2aJjcXqZ1Fcqm5eY=", "owner": "dj95", "repo": "zjstatus", - "rev": "9a4b88fdceee8eb2b8c28111c53e94254d61c994", + "rev": "7a039f56da80681408454d6e175fde3f54b9e592", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 5edec40..df97da6 100644 --- a/flake.nix +++ b/flake.nix @@ -28,7 +28,9 @@ smallpkgs.url = "github:nixos/nixpkgs/08fcb0dcb59df0344652b38ea6326a2d8271baff?narHash=sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc%3D&shallow=1"; nixpkgs-dev.url = "github:Swarsel/nixpkgs/main"; nixpkgs-bisect.url = "github:nixos/nixpkgs/master"; - nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version + nixpkgs-update.url = "github:r-ryantm/nixpkgs/auto-update/oauth2-proxy"; + # nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version + nixpkgs-kernel.url = "github:nixos/nixpkgs/dd9b079222d43e1943b6ebd802f04fd959dc8e61?narHash=sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE%3D"; #specifically pinned for kernel version nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11"; nixpkgs-oddlama.url = "github:oddlama/nixpkgs/update/firezone-server"; nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05"; @@ -70,7 +72,8 @@ systems.url = "github:nix-systems/default"; nur.url = "github:nix-community/NUR"; nixgl.url = "github:guibou/nixGL"; - stylix.url = "github:danth/stylix"; + # stylix.url = "github:danth/stylix"; + stylix.url = "github:Swarsel/stylix"; sops.url = "github:Mic92/sops-nix"; lanzaboote.url = "github:nix-community/lanzaboote"; nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05"; @@ -87,6 +90,7 @@ flake-parts.url = "github:hercules-ci/flake-parts"; devshell.url = "github:numtide/devshell"; spicetify-nix.url = "github:Gerg-l/spicetify-nix"; + # spicetify-nix.url = "github:Swarsel/spicetify-nix"; niri-flake.url = "github:sodiboo/niri-flake"; nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main"; microvm.url = "github:astro/microvm.nix"; diff --git a/hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix b/hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix index 9b873c8..02fb151 100644 --- a/hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix +++ b/hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix @@ -22,7 +22,8 @@ # ''; boot = { - kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages; + # kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages; + kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages_latest; # kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; binfmt.emulatedSystems = [ "aarch64-linux" ]; initrd = { diff --git a/modules/home/common/anki.nix b/modules/home/common/anki.nix index d8d13fc..e757c2e 100644 --- a/modules/home/common/anki.nix +++ b/modules/home/common/anki.nix @@ -18,7 +18,7 @@ in reduceMotion = true; spacebarRatesCard = true; # videoDriver = "opengl"; - sync = { + profiles."User 1".sync = { autoSync = false; # sync on profile close will delay system shutdown syncMedia = true; autoSyncMediaMinutes = 5; diff --git a/modules/home/common/programs.nix b/modules/home/common/programs.nix index 8a95b1d..d363b9e 100644 --- a/modules/home/common/programs.nix +++ b/modules/home/common/programs.nix @@ -87,5 +87,9 @@ ]; }; }; + + home.sessionVariables = { + _ZO_EXCLUDE_DIRS = "$HOME:$HOME/.ansible/*:$HOME/test/*:/persist"; + }; }; } diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index 42d0caf..e1f24fe 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -21,7 +21,10 @@ in prometheus.cli tigervnc # openstackclient + step-cli + vscode-fhs + copilot-cli antigravity @@ -145,7 +148,7 @@ in programs = let - inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail clouds; + inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 clouds; in { openstackclient = { @@ -166,7 +169,8 @@ in # }; # }; }; - git.settings.user.email = lib.mkForce gitMail; + # this is no longer needed since moving away from bitbucket + # git.settings.user.email = lib.mkForce gitMail; zsh = { shellAliases = { diff --git a/modules/nixos/client/nix-ld.nix b/modules/nixos/client/nix-ld.nix index fa88cf4..3e61505 100644 --- a/modules/nixos/client/nix-ld.nix +++ b/modules/nixos/client/nix-ld.nix @@ -86,26 +86,26 @@ systemd tbb vulkan-loader - xorg.libICE - xorg.libSM - xorg.libX11 - xorg.libXScrnSaver - xorg.libXcomposite - xorg.libXcursor - xorg.libXdamage - xorg.libXext - xorg.libXfixes - xorg.libXft - xorg.libXi - xorg.libXinerama - xorg.libXmu - xorg.libXrandr - xorg.libXrender - xorg.libXt - xorg.libXtst - xorg.libXxf86vm - xorg.libxcb - xorg.libxshmfence + libice + libsm + libx11 + libxscrnsaver + libxcomposite + libxcursor + libxdamage + libxext + libxfixes + libxft + libxi + libxinerama + libxmu + libxrandr + libxrender + libxt + libxtst + libxxf86vm + libxcb + libxshmfence zlib ]; }; diff --git a/modules/nixos/client/packages.nix b/modules/nixos/client/packages.nix index f52bfd4..1d9ee61 100644 --- a/modules/nixos/client/packages.nix +++ b/modules/nixos/client/packages.nix @@ -16,6 +16,7 @@ pcsc-tools pcscliteWithPolkit.out + # ledger packages ledger-live-desktop diff --git a/modules/nixos/common/home-manager-secrets.nix b/modules/nixos/common/home-manager-secrets.nix index fd71be5..ef4d8a3 100644 --- a/modules/nixos/common/home-manager-secrets.nix +++ b/modules/nixos/common/home-manager-secrets.nix @@ -29,6 +29,8 @@ in github-forge-token = { owner = mainUser; }; }) // (lib.optionalAttrs (modules ? optional-work) { harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; }; + }) // (lib.optionalAttrs (modules ? optional-noctalia) { + radicale-token = { owner = mainUser; }; }) // (lib.optionalAttrs modules.anki { anki-user = { owner = mainUser; }; anki-pw = { owner = mainUser; }; diff --git a/modules/nixos/server/kanidm.nix b/modules/nixos/server/kanidm.nix index 85bb5ff..c61b115 100644 --- a/modules/nixos/server/kanidm.nix +++ b/modules/nixos/server/kanidm.nix @@ -110,7 +110,7 @@ in }; script = '' - set -eu + set -eu ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir} ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""} @@ -205,23 +205,27 @@ in services = { ${serviceName} = { - package = pkgs.kanidmWithSecretProvisioning_1_8; - enableServer = true; - serverSettings = { - domain = serviceDomain; - origin = "https://${serviceDomain}"; - # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path; - tls_chain = certPathBase; - # tls_key = config.sops.secrets.kanidm-self-signed-key.path; - tls_key = keyPathBase; - bindaddress = "0.0.0.0:${toString servicePort}"; - # trust_x_forward_for = true; + package = pkgs.kanidmWithSecretProvisioning_1_9; + server = { + enable = true; + settings = { + domain = serviceDomain; + origin = "https://${serviceDomain}"; + # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path; + tls_chain = certPathBase; + # tls_key = config.sops.secrets.kanidm-self-signed-key.path; + tls_key = keyPathBase; + bindaddress = "0.0.0.0:${toString servicePort}"; + # trust_x_forward_for = true; + }; }; - enableClient = true; - clientSettings = { - uri = config.services.kanidm.serverSettings.origin; - verify_ca = true; - verify_hostnames = true; + client = { + enable = true; + settings = { + uri = config.services.kanidm.server.settings.origin; + verify_ca = true; + verify_hostnames = true; + }; }; provision = { enable = true; @@ -416,7 +420,7 @@ in nodes = let extraConfig = '' - allow ${globals.networks.home-lan.vlans.services.cidrv4}; + allow ${globals.networks.home-lan.vlans.services.cidrv4}; allow ${globals.networks.home-lan.vlans.services.cidrv6}; ''; in diff --git a/modules/nixos/server/kavita.nix b/modules/nixos/server/kavita.nix index b058077..b2d3d8f 100644 --- a/modules/nixos/server/kavita.nix +++ b/modules/nixos/server/kavita.nix @@ -1,4 +1,4 @@ -{ self, lib, config, pkgs, globals, dns, confLib, ... }: +{ lib, config, globals, dns, confLib, ... }: let inherit (config.swarselsystems) sopsFile; @@ -8,9 +8,6 @@ in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; config = lib.mkIf config.swarselmodules.server.${serviceName} { - environment.systemPackages = with pkgs; [ - calibre - ]; users = { persistentIds.kavita = confLib.mkIds 995; diff --git a/modules/nixos/server/mailserver.nix b/modules/nixos/server/mailserver.nix index 38996ea..255b60e 100644 --- a/modules/nixos/server/mailserver.nix +++ b/modules/nixos/server/mailserver.nix @@ -1,7 +1,7 @@ { self, lib, config, globals, dns, confLib, ... }: let inherit (config.swarselsystems) sopsFile; - inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 80; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceAddress serviceDomain proxyAddress4 proxyAddress6; + inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 443; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceAddress serviceDomain proxyAddress4 proxyAddress6; inherit (confLib.static) isHome webProxy homeWebProxy dnsServer homeServiceAddress nginxAccessRules; inherit (config.repo.secrets.local.mailserver) user1 alias1_1 alias1_2 alias1_3 alias1_4 user2 alias2_1 alias2_2 alias2_3 user3; baseDomain = globals.domains.main; @@ -127,7 +127,7 @@ in }; # the rest of the ports are managed by snm - networking.firewall.allowedTCPPorts = [ 80 servicePort ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx = { virtualHosts = { @@ -158,8 +158,8 @@ in "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host endpointAddress4 endpointAddress6; "${globals.services.roundcube.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; }; - ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; }; - ${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; }); + ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; }; + ${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; }); }; }; diff --git a/modules/nixos/server/monitoring.nix b/modules/nixos/server/monitoring.nix index 95a634a..b47001f 100644 --- a/modules/nixos/server/monitoring.nix +++ b/modules/nixos/server/monitoring.nix @@ -124,7 +124,9 @@ in analytics.reporting_enabled = false; users.allow_sign_up = false; security = { - admin_password = "$__file{/run/secrets/grafana-admin-pw}"; + # admin_password = "$__file{/run/secrets/grafana-admin-pw}"; + disable_initial_admin_creation = true; + secret_key = "$__file{${config.sops.secrets.grafana-admin-pw.path}}"; cookie_secure = true; disable_gravatar = true; }; diff --git a/modules/nixos/server/navidrome.nix b/modules/nixos/server/navidrome.nix index 0374395..c2e9d29 100644 --- a/modules/nixos/server/navidrome.nix +++ b/modules/nixos/server/navidrome.nix @@ -82,7 +82,6 @@ in services.${serviceName} = { enable = true; - # openFirewall = true; settings = { LogLevel = "debug"; Address = "0.0.0.0"; diff --git a/modules/nixos/server/nextcloud.nix b/modules/nixos/server/nextcloud.nix index 0f84490..9846c1d 100644 --- a/modules/nixos/server/nextcloud.nix +++ b/modules/nixos/server/nextcloud.nix @@ -5,7 +5,7 @@ let inherit (confLib.gen { name = "nextcloud"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6; inherit (confLib.static) isHome dnsServer webProxy homeWebProxy homeServiceAddress nginxAccessRules; - nextcloudVersion = "32"; + nextcloudVersion = "33"; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; diff --git a/modules/nixos/server/paperless.nix b/modules/nixos/server/paperless.nix index 58a45c6..7baae06 100644 --- a/modules/nixos/server/paperless.nix +++ b/modules/nixos/server/paperless.nix @@ -104,6 +104,7 @@ in gotenberg = { enable = true; package = pkgs.gotenberg; + libreoffice.package = pkgs.libreoffice; port = gotenbergPort; bindIP = "127.0.0.1"; timeout = "600s"; @@ -114,7 +115,7 @@ in # Add secret to PAPERLESS_SOCIALACCOUNT_PROVIDERS systemd.services.paperless-web.script = lib.mkBefore '' - oidcSecret=$(< ${config.sops.secrets.kanidm-paperless-client.path}) + oidcSecret=$(< ${config.sops.secrets.kanidm-paperless-client.path}) export PAPERLESS_SOCIALACCOUNT_PROVIDERS=$( ${pkgs.jq}/bin/jq <<< "$PAPERLESS_SOCIALACCOUNT_PROVIDERS" \ --compact-output \ @@ -125,7 +126,7 @@ in nodes = let extraConfigLoc = '' - proxy_connect_timeout 300; + proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; send_timeout 300; diff --git a/modules/shared/vars.nix b/modules/shared/vars.nix index 94f9993..ce25ff7 100644 --- a/modules/shared/vars.nix +++ b/modules/shared/vars.nix @@ -1,14 +1,17 @@ -{ self, lib, pkgs, ... }: +{ self, pkgs, ... }: { _module.args = { vars = rec { waylandSessionVariables = { - SDL_VIDEODRIVER = "wayland"; - QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; - QT_QPA_PLATFORM = "wayland-egl"; ANKI_WAYLAND = "1"; - OBSIDIAN_USE_WAYLAND = "1"; MOZ_ENABLE_WAYLAND = "1"; + MOZ_WEBRENDER = "1"; + NIXOS_OZONE_WL = "1"; + OBSIDIAN_USE_WAYLAND = "1"; + QT_QPA_PLATFORM = "wayland-egl"; + QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; + SDL_VIDEODRIVER = "wayland"; + _JAVA_AWT_WM_NONREPARENTING = "1"; }; waylandExports = @@ -94,28 +97,28 @@ noscript # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut - (buildFirefoxXpiAddon { - pname = "shortkeys"; - version = "4.0.2"; - addonId = "Shortkeys@Shortkeys.com"; - url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; - sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; - meta = with lib; - { - description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; - mozPermissions = [ - "tabs" - "downloads" - "clipboardWrite" - "browsingData" - "storage" - "bookmarks" - "sessions" - "" - ]; - platforms = platforms.all; - }; - }) + # (buildFirefoxXpiAddon { + # pname = "shortkeys"; + # version = "4.0.2"; + # addonId = "Shortkeys@Shortkeys.com"; + # url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; + # sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; + # meta = with lib; + # { + # description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; + # mozPermissions = [ + # "tabs" + # "downloads" + # "clipboardWrite" + # "browsingData" + # "storage" + # "bookmarks" + # "sessions" + # "" + # ]; + # platforms = platforms.all; + # }; + # }) ]; }; diff --git a/nix/iso.nix b/nix/iso.nix index d2c993c..100d480 100644 --- a/nix/iso.nix +++ b/nix/iso.nix @@ -5,7 +5,7 @@ packages = { # nix build --print-out-paths --no-link .#live-iso live-iso = inputs.nixos-generators.nixosGenerate { - inherit pkgs; + inherit pkgs system; specialArgs = { inherit self; }; modules = [ inputs.home-manager.nixosModules.home-manager diff --git a/profiles/home/hotel/default.nix b/profiles/home/hotel/default.nix index e6d7105..8a81bcb 100644 --- a/profiles/home/hotel/default.nix +++ b/profiles/home/hotel/default.nix @@ -2,41 +2,15 @@ { options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; config = lib.mkIf config.swarselprofiles.hotel { + swarselprofiles.personal = true; swarselmodules = { - packages = lib.mkForce true; - ownpackages = lib.mkForce true; - general = lib.mkForce true; - nixgl = lib.mkForce true; - sops = lib.mkForce true; yubikey = lib.mkForce false; - ssh = lib.mkForce true; - stylix = lib.mkForce true; - desktop = lib.mkForce true; - symlink = lib.mkForce true; + ssh = lib.mkForce false; env = lib.mkForce false; - programs = lib.mkForce true; - nix-index = lib.mkForce true; - direnv = lib.mkForce true; - eza = lib.mkForce true; git = lib.mkForce false; - fuzzel = lib.mkForce true; - starship = lib.mkForce true; - kitty = lib.mkForce true; - zsh = lib.mkForce true; - zellij = lib.mkForce true; - tmux = lib.mkForce true; mail = lib.mkForce false; - emacs = lib.mkForce true; - waybar = lib.mkForce true; - firefox = lib.mkForce true; - gnome-keyring = lib.mkForce true; - kdeconnect = lib.mkForce true; - mako = lib.mkForce true; - swayosd = lib.mkForce true; - yubikeytouch = lib.mkForce true; - sway = lib.mkForce true; - kanshi = lib.mkForce true; - gpgagent = lib.mkForce true; + emacs = lib.mkForce false; + obsidian = lib.mkForce false; gammastep = lib.mkForce false; }; }; diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix index 5ba1104..16dfec5 100644 --- a/profiles/home/personal/default.nix +++ b/profiles/home/personal/default.nix @@ -7,8 +7,8 @@ anki-tray = lib.mkDefault true; attic-store-push = lib.mkDefault true; atuin = lib.mkDefault true; - autotiling = lib.mkDefault true; - batsignal = lib.mkDefault true; + autotiling = lib.mkDefault false; # niri + batsignal = lib.mkDefault false; # niri blueman-applet = lib.mkDefault true; desktop = lib.mkDefault true; direnv = lib.mkDefault true; @@ -20,17 +20,18 @@ firefox = lib.mkDefault true; firezone-tray = lib.mkDefault true; fuzzel = lib.mkDefault true; - gammastep = lib.mkDefault true; + gammastep = lib.mkDefault false; # niri general = lib.mkDefault true; git = lib.mkDefault true; gnome-keyring = lib.mkDefault true; gpgagent = lib.mkDefault true; hexchat = lib.mkDefault true; - kanshi = lib.mkDefault true; + kanshi = lib.mkDefault false; # niri kdeconnect = lib.mkDefault true; kitty = lib.mkDefault true; + khal = lib.mkDefault true; mail = lib.mkDefault true; - mako = lib.mkDefault true; + mako = lib.mkDefault false; # niri nix-index = lib.mkDefault true; nixgl = lib.mkDefault true; nix-your-shell = lib.mkDefault true; @@ -49,9 +50,9 @@ ssh = lib.mkDefault true; starship = lib.mkDefault true; stylix = lib.mkDefault true; - sway = lib.mkDefault true; + sway = lib.mkDefault false; # niri swayidle = lib.mkDefault true; - swaylock = lib.mkDefault true; + swaylock = lib.mkDefault false; # niri swayosd = lib.mkDefault true; symlink = lib.mkDefault true; tmux = lib.mkDefault true; diff --git a/profiles/nixos/hotel/default.nix b/profiles/nixos/hotel/default.nix index 00952f4..7759055 100644 --- a/profiles/nixos/hotel/default.nix +++ b/profiles/nixos/hotel/default.nix @@ -2,48 +2,9 @@ { options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; config = lib.mkIf config.swarselprofiles.hotel { + swarselprofiles.personal = true; swarselmodules = { - packages = lib.mkForce true; - general = lib.mkForce true; - home-manager = lib.mkForce true; - xserver = lib.mkForce true; - users = lib.mkForce true; - sops = lib.mkForce true; - env = lib.mkForce true; - security = lib.mkForce true; - systemdTimeout = lib.mkForce true; - hardware = lib.mkForce true; - pulseaudio = lib.mkForce true; - pipewire = lib.mkForce true; - network = lib.mkForce true; - time = lib.mkForce true; - stylix = lib.mkForce true; - programs = lib.mkForce true; - zsh = lib.mkForce true; - syncthing = lib.mkForce true; - blueman = lib.mkForce true; - networkDevices = lib.mkForce true; - gvfs = lib.mkForce true; - interceptionTools = lib.mkForce true; - swayosd = lib.mkForce true; - ppd = lib.mkForce true; - yubikey = lib.mkForce false; - ledger = lib.mkForce true; - keyboards = lib.mkForce true; - login = lib.mkForce true; - nix-ld = lib.mkForce true; - impermanence = lib.mkForce true; - nvd = lib.mkForce true; - gnome-keyring = lib.mkForce true; - sway = lib.mkForce true; - xdg-portal = lib.mkForce true; - distrobox = lib.mkForce true; - appimage = lib.mkForce true; - lid = lib.mkForce true; - lowBattery = lib.mkForce true; - lanzaboote = lib.mkForce true; - autologin = lib.mkForce true; - nftables = lib.mkDefault true; + yubikey = false; }; }; diff --git a/profiles/nixos/personal/default.nix b/profiles/nixos/personal/default.nix index 04858c0..4539a7c 100644 --- a/profiles/nixos/personal/default.nix +++ b/profiles/nixos/personal/default.nix @@ -41,8 +41,8 @@ security = lib.mkDefault true; sops = lib.mkDefault true; stylix = lib.mkDefault true; - sway = lib.mkDefault true; - swayosd = lib.mkDefault true; + sway = lib.mkDefault false; # niri + swayosd = lib.mkDefault false; # niri syncthing = lib.mkDefault true; systemdTimeout = lib.mkDefault true; time = lib.mkDefault true; diff --git a/secrets/repo/common.yaml b/secrets/repo/common.yaml index 353b941..536dedd 100644 --- a/secrets/repo/common.yaml +++ b/secrets/repo/common.yaml @@ -31,6 +31,8 @@ github-nixpkgs-review-token: ENC[AES256_GCM,data:/4ssZAEwEc9fZeR69GCvLMm4eRv4uab #ENC[AES256_GCM,data:PI5MX6PgK1y0lqyoYA0=,iv:25UAvFaANHFD04GRafGlCzOc5h+15YPtSES2z2tmpXw=,tag:+XLwQ01+AtGWjtsSQhQ1AQ==,type:comment] anki-user: ENC[AES256_GCM,data:WoGaNDAHFw==,iv:ZSjHfKMIjlgOuvGl7hVxJc1fE80nfxxXYLgsKangBCs=,tag:UP8ZI7gzOrJJjNDHovIkyg==,type:str] anki-pw: ENC[AES256_GCM,data:z2SCsSvZIqN2/2VK1EdmcAnl42x5A15PAiK932k3n50Vj1jczGRoSw==,iv:keQCutY4vizVzu5YzPBJLgDLveYDb2VGeEnYmO7CeQw=,tag:KGplFfC5xktNAOTbIlt+Tg==,type:str] +#ENC[AES256_GCM,data:mjwlHRe0Rx9p83eK/LGR,iv:KclQ4xwJMH5HJ9AcmglOCvFIBP6WyEJLyencUdDpzt0=,tag:nRhwhIRPUNmhSZM7ZzUfFA==,type:comment] +radicale-token: ENC[AES256_GCM,data:WEL8Z3gOs/7MAQQ=,iv:osgMVisr/03I+IHI+3jLIn8p5dnZwyja3lQUi+wcH5g=,tag:F1yzI0rZS4sON6T9TuuG9A==,type:str] #ENC[AES256_GCM,data:veUC1sj6BSqHBA==,iv:L36lv9aQ38/WEaIccQDgOw2PB9U9k/t8x00wIw2Y858=,tag:3s2LBCwGzYpUk8WBj70UGQ==,type:comment] attic-cache-key: ENC[AES256_GCM,data:2Xw8YX6wiQg2yb2pbZ/UowmzUdhtb2iRTVZZD2ypGaiwhI3mteG3qUgQm1oCz0bp+5jip6+kVzt576qVbUGim/m+dUZYU6mqm64/78bfuTvd/UBlJnmjNtWE2ILjnP+M4EodzbYlBlxwGhFS28wrVOHo77rzbcrPJEwZiqIzSgGIWKdNzzo5AXL2b1lKAngXO6Bi5Jc9W4lkTVFJ/Ixh6aOoHpq9TzsHHx2Aak22969pnxmFFpXKof4eiNGnoGBZDAr8pC7oSwVqDYbZwxH1ulRq863KVQkve+HBR2JJLAQjYHHUJJGhJG9jWYT03WjBNHwIDMTTvC9Fiw9Cr0TG0B8Bxwm3dhgLirjUyLOiST2CbDxxld1M8DJFkBwrih6hMJXmJw8Dlqy/D+3EZXT947BI8ythYjuL3jIHHQhUjfEf+sLdqPSngHolAAKqKE84Xv2FDn2wXGwe8UY3NMmIeaWYZsyDu77KnQR2R+6TuJTOw6vOdDoUJ55YRPdb9UR186b+TiSrP0SZOujoSYGs9dattEvN3XKlm3cQztB9UygmdEk/stDZ/CJIRUNXsu46o1nR5FWPkgoW91Fzxs00QgQMpYlnXM2CWknYMSHL45t0BYA7yuFwq9MYNUK/vrdCr3mtHxA6R28HajDUWoZA6uS+DF/i1nF79sYfam7SdKNCqu2r/1CGLblHQwKT27HmrTCXdjeLqe+Yv7sJzlEbV+sKD+ccW8jI4NZRjCbVJVKydK23YWj94NEt/M2rtxzV30XKw8GClqsdEF+v4nu48oB894RPZCy9qQjaFHnqYpiqSa0oXluiQQmRfA0jtQLRTXN5ri7U/GtfH1za179MFWwMorRMK6qdTt3pi8Fie4UgzGyGq6CugN8HxeMNl70pPVIKjGNO8Npezk6T3YDUpB3/OGY56jhSYxIEadBvW9CqDS7al7zEKgD1wx1gzT2mQh60H2B/InWg9p96qOqVEQxOFDklxlcnygLu3z7Y0mAds/HXOJJnJbagjfxVi+qROOtVrR5y/kySR0pM9Syk8GvqdtRct7qorONAV/yonarEgz+eEFj10kderSsPdz1sgiYe93VLmPp07cdVsUsaDtLW8gXafc3aWOZ8JIkSUhYDbR49pf2bTeoMDoyi9d6pgLr+cJGQbJC/1LmsAIqOQ7WPiTeAZG2lStNf3bwClpUuL0t78UabZyNzJJN5TFDZqGkwXlaJmQ==,iv:6sa44WnyrXW3KQHdGIKuiGWwqp3qtQu4Q9RSXA45PYs=,tag:MbtS4Xx5K8O3mFAlriuuIA==,type:str] #ENC[AES256_GCM,data:KCqwghIJ8tlGFxMt94svo6285cA1YRbYoeivx6A=,iv:qlZCGrCn5fU1xPQF9wfOMarU6Z7oa3mLtd1LzVzMbuI=,tag:Qq5lBtUsd3lQMx6ffk+kzQ==,type:comment] @@ -353,8 +355,8 @@ sops: OVRuazF6YzBRckJQdVlJZWZrbThyZGsKxMDtLfQDPiHN934xE98if3cFHLwFpNdm /RGFLObFn2saTI86D83xmmjgjeosxPX47JvGHyzCHSVeA8Hd+Qp93A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-23T01:11:36Z" - mac: ENC[AES256_GCM,data:e0WoFBQSR5q3GOQ+GMJGBd4lNBAMqlnVjtUq3snxrdvcytb9YvKnoYQH+GjbdGIiqrND8pOVnZt34AjkR8YfpWe+VrkP3Vj/3l+1GjF1XIHbzBNKOQHdYPSVsH2NZwftcAdphbStf3GTlb+b+cpTn4a9Y4pTNGVoOaOA1tBr8bM=,iv:sPXktitTNMkBhHr6E/QRZCVKrgyED9/o9hiivbObACI=,tag:tTNr4UEf92UrtI0Jvi5o3g==,type:str] + lastmodified: "2026-02-26T10:38:07Z" + mac: ENC[AES256_GCM,data:pxaR0X3f5oiCwnrr8jjs8mQDWbjuUkNpFoyQxaC61rRnoLvbkEzxSxmI0zDv2VEcua4Eqfoj7Q4H+qcsR5tM3SjPc0KuYE5eFW4RDv+FIr+XA9om3B4uMy+bIleSvSXroBD+1bLhzJsacudjBpVA6r+INrZKvtjO+L16nNylTSc=,iv:CgOc3ht5zwZGEoxJF6d9ZMwiiNQ2fcnLVFxUxJs6pHY=,tag:4JZgLJlyTbqacIHryciPFg==,type:str] pgp: - created_at: "2026-01-12T22:05:05Z" enc: |- @@ -388,4 +390,4 @@ sops: -----END PGP MESSAGE----- fp: 4BE7925262289B476DBBC17B76FD3810215AE097 unencrypted_suffix: _unencrypted - version: 3.11.0 + version: 3.12.0 diff --git a/secrets/repo/pii.nix.enc b/secrets/repo/pii.nix.enc index 28718d0..c0a80f7 100644 --- a/secrets/repo/pii.nix.enc +++ b/secrets/repo/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:Eqs7gGYCuy/iov/MHj0j5xV1qlikWscrHotmtIxn//B44VPsN9WKyJMQRfAT/iLeexzRaOiveyJPt36L/BnZWEUQ3pnFn6G0pGvMD98qSqoxaR3WPZ/lI71Okf+MenTthZzWI/hdc13pa83rX/lchv2YKcyy4mHyVb/+ochLpYRLEgRXG6+Pc2D1t090A1nHsC67HNwW4BPgtgYEr3DBRVyoji+H/q7q1h3BVZ12wPpScqR7A+f8RRuuKmUOHkGtf0vO0JFvW0ulz2DS12LvmnBCaFO2MKd+aD9nnOa1iQpr9Pg9Shp92oeXdOZ53xEfNCFaNWKLygUF4+ApG/CGb0xhUL5VQ3aYlOLoYrbiO0T4F7IQzT6R7JTHT7F2Ox72PdhXCIYE3ZZcKFkpmjaGkiExiMlFuIHoa6HziK/WFiCmjBOzavuh0lJgzgFDBuMygIlIALNtmPW0xJCzv2lhGJDprCq87zX4oIWFYX3wEqgt5PTMBJjRRM5XNZgC9MPpYx3cD6zC6dMkjv+WZZcqGaD9dZSxVDMuwhgaSDhneYuGTqjeYMsmRIBQ5c7p9EK55quDxwiDySpNH9QxBzGwmJEWiM2XbGHRmLHkqmD+t+BeK54Vd1os6aziivnOM8+2aAt0PI92dWTsAKbwot0EeEXsPsymM2X2936fIbg+Ut+abM8Eb1OJdEvMSSu0Gxw2hVTS0ErJ7kN0gDhyd2eGhQJrF+s/EmUdneIOqVw+7KHOJ6SsyZdE0ZA2hRvqiwyDIEkafTsN2nZ3fVoBc2aMVjl8fIUAp5x0ZMnR6PHI6Fk5yEJk3Qi5dgIVEl051/2AbiPHtd96+wkzFLZ26xzfYK3kwQSPrPGwpt3VHXJDo0UXr5SoWmcVpRwGCnQw1Qw1IIrp82/FC3Emjpf3G8KdFHKHv+2TTXm8qw/d+Iw1ovzgRqYcmDMePARxmvfCaTn+Tvn64070pyUGMPuLxr3EWG6DeKCei2z5IGV3CiUit+p1iWygESv7WI38gVGwA8JNvT2AMs8zVAQNSU/sOG9VO0pRwDMUOGYNCUkxaZpV4+XQIk92neEZqBPhvkYKOeSeHlZ5N7LPpq0YtwFTu2GNN3ssSgJmW2iPIwX0Xcxb6BQ9YzSzVbqci8rR8NeK1abtWhobdp6quYnygWRYwhMR4DF3t2MC/P2OZ25higDWpm5emDCa0lrpXtfrK6WO1IMEq1ZCCPFzo6CthL4zrHvX5ZD7iQZE5zERCCHOIkaRfI2UXGnwHmXSFnu1pCDwhiOEUbkvEw6mzpK6qq2ztUEhHfUDy//8cFh50PHlU4S0V35m6VqaEAX86p2RQDMbFcS4O5niOmTI2dQqVQFylyvUqRTPELo6nHWjDvBfVp0MCmZd5D7ZmLogDGsRi8T/WxoEGcAph5R3RnUEQenY/HOttYWcrmJeU6TRMC2sNNKtPkgYtvHZevFqWDF9m+KC4n5LwOR3z7avGpHuQEaCvMbQwfDhAEDHP9Awe3so67yDEKZoOZR88rvuee/1sbmUsAOXDTeipAKR1JqEKPgesi/6716Uezcu2cZz+R7WSv8OsxRgoXNswdN23F+C/w0oHyS/jbWoLZmpfWcprS4EmgUwUjEcGgrR3jy5cYBiuwtc8OhnHDEEfnd0b/V1iZKfFHewhyKFnOV94kcU+oFAweWZMrzS7F4FwY57UQ5DX83NDiT0SpQ69mS06GTtsz8nccUbrBm2v3lXW4tbIbccEEB7SdDmRx7uoRN5hAMLemw5gsJzK80zTZd9fYP89HH7QZ7jDKCPJUfVwqDbze3bWEUgmU9wUlES/BDBXB37pLXk3aTYqTUtsb6YsLcmw2aZEwNN5W9xsHtRcYx/sVZKPDxH9CVE0I890uism3sjOnOG+e8a5pp1O5ngkMs//y7vJ/wn/z/0kqx/ucuqEGvFaZ/dXjnUfCDbu4X2dcN6crmawykkEsKe4/hAuPBHBP4ld5H3NmWlvZMw5ZCo6VHffWi3UGZFqinLkeD62fS4iaCzIldfV2i6ltfBvVSw5cxwo8DD4l2C1Nb72bdI4vuVo86tZ89U+WlLd90OIeOzGFf7XEYRLFI6mCAkwJ1O1xG+sVtQDsPE0FphXc9Cr3CvcVjEU2JobrZuJqZiG5qKo4zSYwaH4nHUawo53lINnZlkAik4E0IGYLofAWwPOZ4yXpV+x92RRFrBmAUWYRpZggbATZwURnDy0H5DXjUmUHAQZbOiMWTapY3oKqFVROULjLmsU/0AULRNSIddcP1HTLFc2d9pb5rniauZ5VRnDSYmnVhUALAkwbCfZg0lcVNKr2YFNchYSFBdlzIR7GSZIGK5LlQ9yLW+tcy/lXN1lj7wG3oxay3QKcus5ZLmA/kFDRxSfV814eoQxBwW+mtAo63OzOdoKJd8Wd97gLZVBYOrmtEj7+nzeWIdocG5TCJ8f/B+oMtaRXcCaFNeov1qIg4JSju5og3u1Qd/ccufeQhvzkG0oAGjUswOp5U9TBxmjUFXPbLsUycXm2VjNIYJr0X6hKh9hTOGWiybLQOuyHvRk2b0L51nmLcLsE68diSk/mKc0hiSMt6nTbF6E8jdwcoDEqd3JwkgtSNzGxF/0PGRntoaIKB/60+o3e0p+0g9a0f10no+8wvjvGxrQMHRjIeCqeJ5sN4+gnpRcWB9bDgWdHgpSB/UtJDO+URDdDayIwF6JZFqwvrOj2WQZhfLFhaC1q0rV8X1zjIYNifGItS6fugPvboJuovK9UyGU1V7GbzT7m//dwzQEtHDePbRNw5rZStkgOp543uxOc4Uw1uvh2sipynZIpGHbAekae+N/x+Q0014U8fWp4ALxeMQZBIzCg7HUSvJj8o9X0zBbHBsSWro+yEC3kiigjTdl64yGm1cunpOZPBs4i2U/CYZW4Ny+IMqspdG2IEKmYWlvSEz00k+zslq2JFJsZEwDlL83Ws2ZeU54eeftlYHWFVpbjfugO4dWVCDO/nGKjAldva1MvniABLf2kv3m0JuQPPH8in/MLpCd82wgFaFLGVB70gGvpplKsj3E1Hx2uQ6xt2FCLIUyFyxbwxo8iX+HAASOsDmIaSIu1QSviy2zZ2o1hO5YrAeaUVr2as9fVUuOGnDXT65OqyEUYUhVMf32QX/5XnYDoBoj88wl3q8Jqw4MCv4oypUbTseZDmx3pIoumaWnir6m3b46yEBYR/F7rJ9h8Cy1w0xe/ayJmd8tVvImGdI3i47B/SbbdbCkoLVuvNRE7dij1u17v+YvkJKWnF11K4aRDHWPKavDh4XeWjBgZeKTTMAWFqUbgJZ25IwUlvmvFRhY4s160IssWP7iIAa/3z+zAa0b5xoNp16XvZV1s2a2XkkrE9AxJ8WdCD7Ai4qCbDUaLkZt2RH8qmxZCKZK1H/oBeZHHIkN/HjTWFYS2SIZs9PAFCKWJR0+ThXJdHv5YnZ9BsWiO/iE24k6COsZdoXODwkTG6QiNQEZEJKozJmrBwE9Y+15nGTgb1YoN37LYe+T36kk9aC2Dxn0ktLihDyCqubgbVV16C/9Xq7bvhrKODyknDNhYGVysA9xzqzNjjyS1YoP8m7sIHj4vokXmfb9DIrOmE0Q5qGveAv9larXwbwj0K5SOqqpfe7OwQOYTRse2TlenZ9GENN18aS6APBi66u8uOb0a0nQoUE4j+/PjzybMmKSH+J9rXI+Y2vvG8XqyhIYY+YuiajKjkN/t7AGF/nZ3Y66ei9H4KZwsl8MtJT4Vnqe116XxsIO9dR7sTq0MxIMyabYmFIhPxUdnf+sXneVttaINCacuYrxXakLRPW6yAoqgaUcehmkR+TgSBr4138rC9hRzXVz4WsL3VgtceHTUNugnHfrjsrJJvvepDi2/BA3rkblA0TiSpOnGrLgXZIRA1FRFPd74cZIQ3Z2jK9OAXyBuAQpM1I0JrX5/YVWn22luDQcyD90JLzSRQPB/kZ0KA6ifR7AcVYrk9LdWWgr5dAxJZn4mniJs8DycDSlba6mkKOeCLiEeZGLrRXSnzkebNZxR+cnQwRRTZRP+w0yS07cGuangHf6PsBBpIx5eShyGdtnRM+xTQcJtnjXgE/pVnpXsU4CgXUbuVBhdnevSpP8s+sCFdXxMSxdPeSwtDahwn13OnQb5a+aHhG9+N+R8UkzC9drld+YmLhtbTgMzklHIUDQ+CRfjvBf91g+y3TAjF2SEPnfbLXdCIRmESbakdqP8MWRNVwTt18yLDwmrLqvvQ+FJ7YLZ9I73ID0mCfyELZ112Ti7rlhcAfWBQKhCl/JFzPmlXO2GbqPEhbX2zP9igJgrWNw7hinsnR5YP0jXypxyPW7/btxxPBQSzF6rweFUclwfyxdZ7K3J05EEYrzsvRRb1EuGh4UoVwUiazifzbYaiqB9eRXeU66VTRcHW8RMQdLiiNfTTDe6uPWGbk2y59Vv/wXccQ+zXfq4IMz10UmhnT0aNLSBH4M8J073bjyADlsekn7NEWCtN9BNI7wQlnePK9PPrUR5AOQqeZ3JBMeESovDA/YcPjiMfZMvgUcRj4SXdsGDiPkKuRtFQC8SdznaZRJsd/WGGVyLVKo4sMk3z3G/rT+acWJzSFYF9L/2F3WAo2OF9AbTWoLkjyR3hrE3xh0qBBWljAQjE9nWcdKOJbqX5tS0ewDYcK3fn7fx8Qpzf1QugXj+rv7T8rrTa2dgcdd8mjayD8l/4nCXQQnoNC3rncg95faPofIwsQFJSBp8EaSFtNKvewqEfhok67fjECaR6DkJ97b35yFbJ4maObyzYtpkTCq2k/r83cFl51TOpy8SreruUmZIvE5xlIzv1MOos0Uain6mZ04s3VKgn+/af71YP7KZDO36R9cZc5VZ/Z9ZHdYMqbFi/iCriEwBKsF5cDA5rz4sH7qe3vKJCRBgelmL3AWCynw4BmPw8gEu/aZYXnSDfcLitbMkHuKKDnnGk0iihH5QksJiVTDDcnGDacLCTlJ2JV29DiUc9deXrRz1rjHMpdgLLxkkTRdu/U8LNETk4Se2zVgQuSzT2Z6LPB9R0HiljDH0MclRJNiM0aLHQPXgEB/tbHWzw5ltUtOrVzrHtNFl6linnWt/tCRWFHAK9fllTbozDiIWNJMrr0+laCr6/YUjCGay3FLjBEyzAIl+qhMryIhYURqWSWSnUl0UYeMgkryBbFBBnCjYzKk8eu+bR4ilzzA83PgyJW59nuslMfGLEKBcIJ6Lk5LioNUdyQym/mwoQlK94LbfMMCe1Xk6mhifvank+jXnsFs4y8Fjkk4/q+bIec41jJHLo+EOlWTCFs2kdvh/dR+Q1g9DwBFiUHJC9/Le0AbDsdxoO+P2D8ZcPEVD2VyiMJa9BPeetpApzJo0ykgpiA46j0JP9boBH9xvS8Vumet6Maa+KrOdrl0dfwcTrdqaPreeHTfUXur23ljIdzyrwxVSr4gpqDFN5QsfuypltjRRG2UKal6C2a3dJe+gq7g4xvqXJQrCQuC91qSpmQGxG8bdP86e0Hg1feZ96lM6wCGnivtNHkDq3e8O5be0a0SVopIDWZuUMzMBTpXEe8dATmKZpaAtiJ6Trg9BXDtsMWG9cSQ0uNk7PwnFjwmjG1pov1nClQ+TR3M9DJrrUs9Tnemf1sYNypFNF6bRy+wq2dDgl+JIIAMun7XMY4Tgn3u+gfEcrsrBqBVlxQo8FTM3RFb2jrM3YjEY2LeqlVRnQ5BKj0eHJTUXbmMBiZV4ijq/o8I/oVRlkqy9MOxsM48TgK0DZyAx1adOmaFHZx5NJagcfHbanzUN+qjqJeO1LL2z4K0w8bxcz3WlidJtuv/ii8M7rzeHNQmC5qFgkHMuAJ/k/KTg4uxRy6UFRQsBAbUgZi2iXe8Ca3RN3Rg9/sY7U5v1SrRV+9tNa9iiisVoxDYv1GYdsRbtIly6uyhfw6Vzxe1RzA+PtlWtDUXkBj9cm8l/UvhZ8j2ZLVstno/fOjc+zyNUSZekHriZSrKrcYJHJrKx/o7CTAr2jMRHBac3fstypc+t5xRVW5afDHbdgDVsEna7dXZIogG47yacmlDP6Wtra9SiJjJbIsT48dGMs/cBPJ0LAb0l2d6jFXU8nUdNBovULuSGsENeVdSEkZ1eEcVg3duSEAllX9x0ArJVCjqRa49qQyBesbePHhVrkAFRdMB4OijJsNPPOOI69OrX4YRrUZzzcjcEUPHQwSgGwzZQRnuS7UAwq68Hq3kpm7OXjgyBaziG4/QxeGPESlMXUZHQCUnFI5aHooQGnWbtMlgwtKZQC5Vt45vJUTfMRQmvbPhQsmeOF04U3J2gilsdoeEU+0iZ4ogZkbA3u8eMDSWniNCjq0J2OV+ru2PQ/+BVbY3asURfOKe9YO3LKGzkFZqkIGE7KeowgLUUGOEEVIT/DS2iITuLTsM1hXlzDTmofzXl3LTJmV4i2PO/QFRD/lKoJJSjd+Gv/nOaFogieIryn2w6QmGbceSYm+sLpz1ZNiWdgJqLhS44JXjaL9Gx7i19arf2MpbLt8+IbnLnmY239VDLMUXyxzspPFtOPosd45ufodT7BCqEvEXiWHbqinEWX2bXqVGhe3i8fBZoyrBrsFTDHBKbKrKaDKZ2jz/4tcMGWoLJ2WZ3gGmQyhNxxcDndzTg2xN1K8INPns5oiSpBWy8/7K1xOlVcfZsvKHxcDaDUtCDmj4Ha7DXqEWTyXKLv+BkVBgoATw02FhjCbSmyBGsE4LvuS6GyIAXBjIx3chrKg7jKga3VbeGaoHwbvn0j3+PTvuU2/48gdnJJhDHTYOjXiKVJyEdeQA0xIGtNaocSIvV9c1/qAizcMLfViwGdSGdLYX9pG+i2tbKqq0g+SXY+QZSg0et+NIprghiEIfDyWqN/loGkHVZmeFGC6SCEss6coYwQKFR9mPGzeACIf8LIg0N1J8yFTn4S6GHonoIfYATQ4z8e2aT4CrREDFX06gwi03uATZHisjni2Le1sAbzQ/03I6p7lbFaS6OrYM3copQvdcNRde+n19Kp8rqo8JIPQzecprz4xETVjb3HuK1Pza+IYVCwaFvz407TgqAQ4A04Gdv/q/D8pRIoa/IN1tEnZ5y2XPLFS+LA/AExZCwQAZ8dDV2Pf1mxRsE754Z6n+m7BH1bLXmiPp2o3sjRfY1gjedxEHhSCJotGodD46tFdLdcItVyIdsARvBzUCrB9cHiSvx9NuxE55UTk6lD5ORHv7VPgplu0WBV3fXx6FVbZX8d5aq1yhBc2dalrntmHrtq4DAaf4tUQp1N0vsRJQiIKG9WNWpWnk2lsN5UueEJjFIVCNDVcAkqBLtyMTG1JOnPvHEdsLPMQdk6TKmb/t1jLuGOew3iGdZN1YQFV1TV371YEGgW4dTul4pPlEqUn7HzO12wZzeAZh0izA7oC0tscoOXo70hBql06KU1IGtyIs/5+VgpliVLsXj0f9W1CVZFapS21PhPM8iHa1opoQ6kXcsoFUdfxBOubn+YqBSbV5HvJbYP2Iwhhe/xYKLTpfhzLTJZoFoHFpqpKTn4iepNokCwx7p4x0DHRXl8gdxUWi842neBOVcRE+HzuOMghb5GlBP8UOjLfLXcJiGyHxbSt5AlkBTlPLMT8Pm4Qqk/wa4MkYRl3fzCmfM/CoFq+Sut73KnWowHLxEzAfQ+j9R0s3H4w8S95cenjl5yivpBJQFpHZFAxTxHFfbfBe6NxsHDUY5Zx6Lhhfgn1q+2hC2i6w5v3zXKWVpB8RpXL5tUGOE7C6Uy42AawRx0RuG7I8zOOf/Iuo8YY6hetZDxeQbI6fZ5+CHeWar8Kq9WDXWJVpy1ZYk3WxYISH1q52hYSuUcjr055e5dkn/XXHmwNSyfX2upq9Of9GKn4QGxvzdPoUyBusLrRJmc0Wgl9ajXpg4FRisog5cprprtj8sddEXKNV41P+3TNE4/QjE0QIIZUReqjefMTFeQSy+g22v6Y6nTkjBcam7ySmi1OL4d2hcJnsxuF4F2IbRB77FfEWVmoUXgQALiI7xUtd44pV3xABxDkTMkZoX6bD+zrO5rv1QKzykRvI5z9jWMgineJSEUtPgGkG6BvYvrI47JDdkEC4UcXpofGiC25gcUwHTmF6LDsc95qY+B/svuDgbc4L98+UXVaACHO+fGhDOnihWi4T7LQhE/XMH9XK72RdwumtSZcGWRRgzeBwYk9ZQpOoQhsw0V/oC+2FAinK4a4KPwnnmfm9h2TXQN4+gs/sEfEt7iJ0UzY2cUrClnYQv/4zW/P4tj4rLBo2ctVH8kbFs7xLDFbPSrORI3VrAAaBz6OIbGJOc9EQMq4Al9nJhCbpqRsdx1SJCFtKBw8Jo9fS/VLQFw3qXTRojNgKB78CmIef0XlBplGhDadZprBW/bqML1cOgSV3+veBqMj+YdvxuGOlOBkrh4D+YTTymnEFyFTgZNSlYJZYDCDUK7HD9H3ivJo+mm05EzUcQDq8G5AY7Cyzc3KSoC4Mm9e9TGwmbieg7v1cn63nk9/FPrQ9oA8Mk4wt28vSGsbTLHit9uItJvToZMFjU78hQs4AWl1540l84PER9BFY2RJ3BLUqaRkexOa5QKEq/bmZPH3/Q09NZgrgb3y/LeC4QTow8xNttQrHkH9rda2MrjQNmx/ORZEATuyAlI52FCI8tnsQo9nx6ozMc56d6/VMoh/DCJn7fwE8XdrfW9JZPnuYYcyCjFDS4TdVqf+AlD3rUzWE5jVDtejKvGL3DbgPMfhI5oTlyoX1SPm1BqGZYADBQdtsF/Rbgdgg3RuV2nscbPgEjuuIk3UQGRGi5tdRe078LGV+wU8rKZaNZW7/gCW9qn/eZD4PTgNO3G0HWbh1RuOm55PknVKZQJEcap7rgKUJNptVuB3xq9Mu88Z3Z6H/u/4tFImiDlBwAFwAIbgAMuWeS9mrc7zvXuwdRYJlnjZ4UUeYCZruc+IcnvNQU6fRa6eiEkMQQFNOUhAjnqd0ZPJwBnQwg05RqnZ9GWl7m4XoxErEYlydzUQukxZ28hubkbuWiYzIMB5/VX4weUS+izuqglJV3MiXDVHZUtjiZdHOrUGIzpsb38VsIHmCKcbeD9EcCLLZmXLKkEQ+KtHmtn+W/4bTrXw6jFozsekbZHWv1jyLgkGXyfXK/5sbDFD43ZJwl2yLBgPhJN6Kd+5XxeinQmhm7WvwOLRqwtLn/M6+K/VuFX90DDXaKxs1ZkWdJzXEbyYaiszbjX+VzqUlF8vp2Us60lU4KtWImSQy5+swuYbba3y89mwtOHRhvwK71StvF/ugkQD7wnF78yYgyjfgV/BEK5loCUb5EnkkJtyHYuomKvJDd0/dOfHzzaW2p2+IWO146EW9VjsSzDVfqQ/Nrj+PD/CPg49txt1MHCa4oEWOTcPyz89IXAqyyCY20PtjqJ5raU5UBy5CuqOlH6RRIDcXDzexq6vjIizHFBC9JTXbg0fskqOFlk9x8/D3W15L8PBJsaz3CttOEXhuw408WwGzlY4EDKWJeFgMHA6lGcxxkPnJ290WpPl7lVRXQKDxPyxlSflmKuoduvBV8bUlgQ9eP5fhwcNJA7A+trEYwIAHctJV6QtXo04mm76bZw2ZsBX+29TdbyTkznHyuyA6hcy4pSiudmZsPYUhxSMEpHJ+Ksvf2kEph91acH1wy87jpn6tFr5iuP+c572ScB/4ywjhLHBUkgGRYLeDxbzs5UCB56YauLZCnCu9/gLuSpyfzfWBNBac9sZgA1M/byOqBhZDxGoqwm9YbU9zE54tM3aXJrnqrBR3QQPTnCFJfn7GiO+SMTuqYbgRU0mHhHecT7iF8YoiFAUOuNi4/tTfNcyE0wc6uVQa/fjPbpXQ0hGRtSJBqZcOhAhMmLXg7LJjBNsp2mEe6VVFZ36G5ZmuMJ0DqwGMNuSWlQye/iJnSFc+ER9oLCqgALvjF1wqk4BOudUOFjcDI+CVTtVEeG5uum4cq+OQEN2UVj317GkU6Vj6GkQf7tkTsHRv4d3o961+rCpYfDT8CwKZC4yTP+bPisJowz8KmU+LkbP2nQ=,iv:oqiozntlZYeny0E4IoTfavXZuDMs8cKzeiMlxcNbFiM=,tag:gAX9pe7rmiJYhBFpLFVtYw==,type:str]", + "data": "ENC[AES256_GCM,data:8ROtPL0Sy/k8bps+bhGLZJoUrnYPF8oNzAO8b2livFuK0C5iuk0RlRqlNi5DOhBcY2GEfG2KT+6hxVTYaHFFpmDUbetj1NqAk1BbdkJxWE9pK5n746om681ObjjZOmlzutMYnj7t4FBOaDkPj70rYx3K6fpppPjtixHgWlkDeKpgN7ng3CyLXNTpOkZenrdAUqrePYwE8uKCUBPP8mNbJygDSaigZryfwaHk7XZ5oBP+QSbcI6e3T1BqbjSHfMa0ZqC8i82EbmmZoGbDM+s6lmqoWIyUDtnRxeAX0qcTlPB6PieK9Xq64aeEaZSUVrhyX5jNW09SiXrJ6V4LvBEdIBzz03UkTtFzWh8VtYGiP6TIBjQm1HaTInAE4YCiYgoEJfiqVv8qxp7XWaBCFtD7YTviEcqFEwYuKRFN91ICAaHdGCIDRWYQTxaOqdL+GX8SbhE6q421Ry+vx347ofXICMKGkYPB6xpSv8efBDC7t9fXnQPIyHUHdsGylZdiZdPuHUG9Cen+sxvuEBsi4LQMqbIGXFep+/NloWprtbTS4ZlqeyWEEHWwtLuJNalF8UPc44ETUDjEo3VNJvKBPeGYozQbEfftcXcbVuDhAXQLjTdacSTLwmI4cnFXF7dfmgLlaNAu3tirzxQs+ZcZMsD+jBUGX9b4h+KwQt/pSSq1cnpG5+nl8A3LMsYAvJZ/bm/IZmsSStM0afTW2Zf3ng2WKnrpoT7p0sYm0gkaaqY11oLyR1FqEZxl+nMj9HNaic8voTQgDY6nPESa8LTCvD25lt3rqeW/x29qYqontpQIqht2/y4KMaUWkw8wH6nK+wWnP2r9x6NYZvRyQ9jHiHtcv3ypnhhD/kV2ld03EbsWaqaN/plBKxKyGI1DnlYbf64Y5JaNOkLJfHy5XgH227AbgdBIC1dxH4tV/VWb/3p9t+vPXXI9jPsjegalXrS8MhwDMnodQQdwu9gjmhToPUiLvg0oL6AoKD3zbs0+gqA5u6O4DdI+5Fu7rN/T71FFB+PkPsh7jWgR87/2O+oxqMIXEy3gadk0CkEvOoyR258nRyUGFU1XXXHfibWe1v5+kCkxkYmgplOwr+ID8++zgTQ2elTAsPDQO4VxBKpOKHm4suUK7ljIHVr/NuA5JHdnmrqdhBngkESRDBaCAcypv3UVbgh86JAD5k2E5Wj7/o78wKz49m533KNd66lNzXTqNBiwW+hhy/DW22G8lsfL2cw+mwi8p28TKmXsTWPYbRtRSmVhc/swzy1/X3/N/hY8ylo7dOjftSPe/Ilp2cBeUKVAwQWn3AcuorMe5rKyj5qKSf5TyoO5eLm50hbRtJ+YzoPG8He9lSz+rdC3cAFry753sJgzvZm2cUcRwe1+LRSVPiqSodoYjn55YzmTpF5YhYU2tdNvBTi3L5aZo4hcoIyDy9/DQueEQyAV+6alIPpKTwQENrnLWH296GKYmZV+bO5JJOCHucrTweJ8BMGDcfFqPQM+u/yIBwYqLWJYD/q9zgqG6siQeqkNMP4jthmk2g0LY93sTpdfgGMOMhaQpE3gcwxKpvkLZ836nt7PU8brI7QTG77U8yZtLS8vEv98scey2YbrlVQYoNUn5SrBRdXJ2m+TlxU4zqetD0ksxDBJO7MR5IeW6575XlS6ql744XyX8NqLq2VhjQd2eScXWRxWkHLzmSjasLtHUui9jpFRv5LzMNbBtzZlkZ3bKQAehPBIWxjiAHb4kWCa+2gJHoTh+dg7kmBaqvQkZGJThnL4aBbxtdTWPEFnOSNMWHLHk0MsLK5jmaQzo8VMO28cDBy+wXRjFb25dlCC6pm74upw5CFiiWyKX0v0gvIsHD35gNNOA5qIEkaI58ENlRCvj4VrFtufWfdR1L6YorTp1Q3RSXaeo/rh/1hLqdxQ1xIhCjk2IfCkV/Lw/uY0b2gwzx5dupOKJBnaP1nQpt0Mkloc/p3IR9uAiTjbggIBJtlAFVG+71MWiHPUU2UcklrQqz1HWyGL5vFT1RTxU2H76E67yziZLTpKwzI0LWpNLRH7wLiMLl8Ax24kCm3N+KuryDqG+BrU2Z4cww1IYb9LCPl1DoW1JnEmT4JLQQvMC9D5VkEhHXJu79AYY+LAWHtjii6qnw1kPf3euBLYrptriiqE4OUiMdOK87vgcuqLriGI3APjeUoKYTgskuSThiQZuLyfn0ttCLHywVzpexXa1mAzHIGUSRxxNc3NiLabtMefUPfzghSMarN/M8lEyxZGyPt3+qonqUCUg9HiULznsuw3fHbAG1GaQGNFZTC2Hxx9PanPCahrN6MHNqVCQuUvkHPogGkoSetGJzNCLxVt1LHMa3vW9LMHnQbjyp+14Gdpls1VvA48NvmjFPxH4+JnRAh+r/JnUfqJTwtTDmwsEFfxcrvdrxSTGe9GsNMCnA2/4aw89aeTwc3TzhkcmNHaDOt57Ry+4Sw2Zh/oefqP/E7a27NtBSGblhcs5I/RCeWgvpq26qdV+PMaFobavD+VSK1RU4W7os2xeWZApD2HkcJQOgIW8YykO+mCWfziNTcuRVY2llOFFHUgmEvLOSp4roJTNiWrfwY1gK7ieT/fXILlYh8BzdQb3c1q6F140rwdVOvHs3FlU/uRQlWzI0Ym6F3WX1b8Jytyp8pVIYFJnaE4astzTMpam6pXDpC8rlILulgzdxZom9h+Sy2dUtMKbvWSd6GyMi+gotheqNfQdEkBOaamQ0b/mcbB0g417eWi2NQ/u/MsIfjbzEGryVLpOMHhb8JXpMiB/ektIhsLxL9Kw+GZuckP/DpaBQjeXybWnDUIcVdJlH4bc3SroTPLFeDb49YzE9huj8a12+lbDDHH9NqqUlJ3HkHnWIdZ6TsANliBO9wK0wDPoqW2AbjtNhYUIIr7iSio2nMzFw9hi1qofts+a4CiGDo/35nsZJLffqlVv/ofPTo2Ndz+WLLlLydszUwvHkV+3I9JZBgpoloDnIdvF93VFSZ7nhTRP7Ho8fIvNTN5qFwnCl4DIKeYh2R24cyKhdjbiIJnzCQZMV8cmAoN3S1TTnKkzQxFXHeZ65zzPFBR1IUPJseM9l/devHCOku1ORllEqNh/VNJzGn2kdSyUVzrnqnb70mbJ/v6HEsgUBkmC3eQk/7yFIAc9y3KOPCKmn29i7xcC1w4sn+gq5FP4/qizZ7J7qfL4eEY6BOM/fHp91EqA5Ce4QNYHEUEcp9yjQtD3mPnfzdlGEsEQUVokmMrlKHDLJ6yX45lRB8x5b+ZJbMiB5slMKiEByIgjXdKESy0pIH1gIuNmrrqs+4uy5FhlU464qL9VQ67AJ/9hUvKZKWnWV4dze3nB8nLiVXKJmzlKjSZSKOkEdhrUSw4OHGN0ZMvksmMjFrWAxSDp681EGcLsWQYm0PXolAG8+w3VPrk3ryYZUjY5h6ig7Gf2coDVIfEXGjGotMZFDwzDYY/6mDJ36B8YcT9EXlpzijiY3ofMtregalTKmbXf3q57vM+s28FLktFlt9tZ5tajOjjU+w7CTrt9+NxGiH1MJemHPjNj9LqQfBZSzb02OWoydBSvVPtQdeKk8adeBloDtA/uG43DLz1cdASdjeB9hxIk/P6f1+KXh8/IZK2eaV8e/RCpUS6yYj1Mpkn4wbwaFU6nPqUEMNnpXwZim7XUa6NEijB1fUYqByGEXGyE/kOcaZFvTmfHvrjlFxlRO7klmPGmrR/ypdADV7wzFCCgJIs97QVo4W3BFy/5IJ0QYCbW8M0nUD0TxHh1XYn3nA0TY6FIdUwzIyxTMzvbwujJjxgU5QbKlQk23D0u6J6if3uwgNEptqCMfM2G4EyGiJl8OMrmN8wwahTwOCuR1svzw/ZwnRVcdoo55weYof7V12qJj7Wmyz9JwXFqtzc0e4D148gSnNvENJEsLmOOSZ/jxBNDG08RALf9gFrdsEDjc8T0QLlT19r4AI/lYmDMHLjMrHNRK07wxyeLUQUOO4aqR+vBaEh45OoegtfyVSKFw34IQYd7VHpJ7Oh8trEe21QBiy43jeWPW/DZNb7UeWa6GVQxHWqEUWpjqSJKECp6+SLvtR7WPgirgEPREHdn9Q4P/hIOIDG3/6BK+o52Zb+gxpdfVlIk7RpmAQHqlI9bI8UWzHKQIbaZNWMOItcXJmGk5DH+rtFEy9po9/aCK9hTWd8jWO/4hkPfj+3iIz5JvXy6exgp3Sj5M5qLWqVMBNPLXXjJpc/cJn15nYpv3NdDpjeOZY3J6XzcMrXM3MSPXayXrZQz7AtebPBNLd/MaYxW0ftCHx85rVh7VnTXUfqcBUfyF0vDMST5r5i98JDmhTm48m2MCdg5wDfZcti4veEaPChBDSsKxWDbLp9fIgoRinlWa0xCe/epMHkkYcKlo6bF9jrTnnAqcRYks+YJm/WdQcUoDzZkwvivUHDxtKcl2kNfV1mMPjzyFvFeRslyhOKjqGLZt2E5vLSMehMgQfAd/LYdlN1thEwRTbZBl36vkfWCMq/3wX5R5sH01AqyZxCOaL8y7fIa0ua4UWjSAwqIItj/HmnpQ8GawFWxP6GyWBw17IpHoDgcBHC209fEhmTqIlZd2wum8fd40TNMJnLI4HRb0xMds+au81KurckhIiPj9pJ/S26n3qNkgT2BpfVBF1ef6eOkbio6lL4Jv4D+BzXZVGG8LfNGDn26J+DiuhIaJ07pe8GtH1RSSKoSnPQDqG4YzOeMMKoxDH+3qNgHt5xi9RxrzgTAY0nZQ0oTuaq80pkQtBe0QwqXzx+UkPpQe1MjkP7gEtg/9SqAc0PsJU67kZbSQBpj1n5KB+dI39ZVqYYnX/ESZjSVwRKwvxRdnO20nYTN3gLBMs9IJGS2Pv/w+jqc7bHkAERk6lHXDjp7M/ZBH+vCgwZzCg85re+Oe2WSuoyQx4wcDo1R6z8V3L47xAOsBmLq+Q3JHh323loT65wsmFq2Kf3mrwvb3H1I79oIpZmiVGxjPsqIKuUJfqMOxJfndANfCGffSMSGeQEu/WidLElOsKi/uuzN0lLHe7iZ9D2po50a1KDvhKqxOzmX2vxBuMJ2d8CVgVHT5rEN91NT0L9ls7xxKOqLcG3MOv8rPkUDjCJ4jg8GV8XEd3tXkrjKfpORE2IbY6NRvcdY8/qVhymAOanVO7LINkDKHnwtuZUh8sJhQQZ4GYfhYePY+okjwAnVzWO1H8b1Qnz43YMhN3Dp1hUU+kRs+ek6uTUQHb6+LvSRJp/oZGLEZqNiwJv/OnGqNWDnnw6/O2ruvUFryK3RRtHPfycLHgyYuRQxxMoBSDtAx2xYg6JX0I1gwhSAssi1MXRacigEO7jLmGGEJaB4iQQKY1UZUtHmh3f6nFk6ADGIU29iuC5t7PqKQ1Kbw/c9QS9bP+bGtA8wInM+TzAYPSXIMoAKQAA6ldLnSo0SLfYgqiv8ClEdu0Maqh+5z4Z7H1qdCj64ytkGL1F8NoVVELeqt26DmJyzETJL1LpX1laM17hXJYQHe8LSpOgIHOxifV70cW/KSpcBvKaQxe4v5JOugBd4H+P+GZbC0/3cZ24gQYFsBDmg4/MRGFrmG83C4qWskGvpXvYEf1j/QpmrEIvdMOLayb9+FvZioTzZJSr8n5MBnuuCNtS83XAfJJ2+QWL6CT06NmaueK4AXVBFj8Rxqe50dP6pjBjeIX8q1Gq4O4trtmgZZ0JIHeeghO4xA/SfrKFu4q37MoKC+N2bz6cjAVZmtcYXSK0pymVy3uCzxsE5JUI42aXceXgRg6mcod39QrEBuIP9MqJVzQ2CAk+ytR3RDxBQKk//GwkNHjdT4t38gMMBr6r4hKgFk91KznHa/F4X3Ro2+Vj6TGzflmx1KKfhqmjy6xQ0AhfE+GlJZTHgUgTNU2g7UjDrrhbLCTdCwyQFAQWdzx5Ha+IVgiX4Lj07qLToJOixtVkWb1FHaDtJKGrG0DRvfVkAg4BQ+OvNr3xWnlMsgp8p6fH5Ba2GIRTtJrux9qb4plITNGrwoypNmvWTY3aoMcTy6zzyGlfV5X96ijqQiR148Rx79zcLnjx5u/oKvPso2KxOtO6wtHP7LDWicv8OBGcqrU5E2LvdXI80bUzN6+3XRqPkb7Hl0xCcq3NUuSbpVb7ocuGFJKIReLykdIrLNQi9DMwaqgEiq/+dbi0jbZ8RP4sDvUAuucXmVq9kOtCQVXZ3i4L0I6TyKclOoUPy5KkKArS4AgeX5iwNLKkLkoPIoN5MNqZGH+4TF3M0LTvAidMYqBgQ4fivDKQsLj4mY3sio38xo0qmpkGvzkaSmynJx9mGuL425Sz//FuWtqKaQENUxvN3VsPIFkIaxpu11P3Dlccfu7N5gbMq6132l4fTZKqDcvlPKxZVbdkxP+xl43xzIrwqPgW/gIGOIF1lmG9UT9f5qqLIIn73lRqRLIuPeBkFRujmju8DhVN72YexNfe9aJYDM+0mvwV798enmxKkP0JFDBaUwIeZyQwYT4oPAmzjU4X0eXse/JHOL5d4cAcsYJFAcKFJMtRraxDVKWgcSS7YsZzKxZ/K5jGy2aWFvdq3a/i/lG0m56ZVR3KH8uv4aa+AbSY7RHGnjx0gaCOiS1nDMklWgxOsNuUXuB5QxHQwGYvjT+Ugs0Yx44THZ+S/idzSeQVemOY79uKc3D0UvChVe1JJFKo/CMdqCP8eyGWUX8XTU26D2FGPzYwrddceEeOrlSu3TUmX0Zc+sW6LK+6gWGEe2WXpbbuP27rxqym/480IaJS3S8pMJmKtfW2uCKQ1HswXtUAvTmCFQQ3fvwH9L1Sjz/dA6pFRwWotjP0UZck5lOr9Y0Wp19axxjMY5ElsAwpbKfBAgSsOEath/0Ied5Wov6DhHdgVvHhKc12lbQbyPGPOdKARnt/0t4akVurVdIWQ4WtX1LutJ1d6A+LSIya63Xsi+A7ftR4KKbcsyzJ+Tr4tWdWK1hvVBV6DQxQ4wsLS2c5m90hDS4+sQhy6s2pr5bmZyD79Yh6VsFWLTGM21oDPDkSNQmr+MrPj6MXo2byNHHYWGzioTZvUypBvSZJrNk6414xO1mgNHdmFbXgs+aOs6MEJ7KrSoMN66YXTo2Se90zpuaYqNlUD0S0kIdXAlVd9Or+tOay//5juciG0YPZBoU6NnUt1Z9VipHPxh9XbIZbzLMDC2oeCk40cjvWLvTDUh0G75vrjD/VP2Q6XIuJTyyUbKaiUfHb6tzdxR0dv1YolPo1Vnsza2nvd9YyyHGfSTGHc0+jJMm6kHdayDYplFVORM5ZVGphFoOnngO8orBLDwxZZkUF1i3mbYrK1Aul0enNJWdMbT4tSxsSZW/YpeZFS8YF7V9H85ky3EwEUFzf+OdQ3pL6mkRsNWlMVDGU+P3hNmhZOjIn/zkW4T0yq9i9mFSJCyjoRsBfvJt2OiocS6QnHXh5TyqdGmdL8n7gtLAQkKd7JpmpQST2coroaVIQwBVJTfNvymBDqvM+EGF/+uj5prVAKIs5xuLXXh7rYpordG+snsj9QGUhxFAqAWa9WzG+gTJfxBiDvS4N4ebt1/2VnSDxsrj6LwxjM0T4b/LhZ4uESWKBHr8qxM4DdQ1c3XtNY6uZrjY8GpFBqOq9OUlTUEHKrpUnVPrBsCkA8EiitC1deHwbZyQ116fT7o1RVY9dLLjmhPxiAqO7SliDafCBSw4iwHZUlKtTSdszPrygLGjW+/Xbln8gMNxP/3UkCN8dhd3Ktt+DXWqBASYG44l/NyDd8HJLtpK6OgFVRKjoKBW6YhL7Knif9kM+TF/q9vNbdTvTIG94/FE4Iefx8JwQcgT2nWx7Z4hCOIRe1Gcbx2FTOe5AbV+xrrXjPFXP2uj/rHJImumkSabZ0tDiUdM4ILIuo2ht/0EUZZlk01GyXji2WSuqSPZpDERY+q4D2Myf/XNzmefIIUnn/rHt1HBXgkJN+OywuJDmNA1aV0uTABYG4wygUaOCqZtyDZviYP+ApLYn1bunjaNPkBP9Gw7kIGP4yoqtbD24Zp1+g8LKB8N3H3OPtkIDUhzGP4cvAtpm1ncWfitengtMLIY4Iads9oUG925CCUpesL0G+fHqNLDS0NOXvHXkkCFVRfqoxHiszfTJtS4Us5Hy8T2jqJrLYl/vJur62t6fUKAQdowpvha7/Z6azG9jEHdAkWmBU4qxtwrd6yDoWbeveqgo9EHoYx5Qf251aRSutSWTqtB/q9XFy77GsPTKwxy3/JeGPUfmyNFa6wNqOaqBC4JXpYvDSUVKBfBkhkW0fBm2kHrtzkHqoYALM3YECwKK5L2c1cn0lh+7f5YAS27wW6aEX4qkvBrgRT0S/wHGydtDQjbhwAPTbpkH0a6n/t4Tmv4mhPeO1rRimiYLzfzE5JtkJWSRFQB7+J6fKam6bzR22dt55bBUPtm4IPYBuYD0Uz9pCmmi1ZljTQZHFuri4qv+6QqLGX3KoQdYrVRtz3VavXEN/nzjIEegEEirgXr77mKzzjhB9y5DItSosW2Y6rQYtXLZo7oFaK9C5acSD2DFZkcBAhfcYCqhlyGAGXFdebG2lqlqY28mPlRH7eIyZK9mMMolz3bg/jacuinCTybcsZMWU/HN+pq99w+8vj6nwXRpDbYnb2iDCXD31yAKwYLb732rR+kGOkjZf7544mgxQbdIAG/kwK+5sv+oOYgN8avL/XDv0Q30rQUaQG0hfdg+mUAJfZwHfJ55KXL0LHY9IYlBatZh7LovU7Fsklm4H1WhHdHguFoUrsr6ZPDGadSclfcYlD1VhTNdCQwKSxUqP+3UjbOmLx04skBr3sEsYRdr8JQFURjXcOcHj1QA01VQV9fYCS4pmcczd1NNcHPKk4uliqMEELhtDwGj7iaGAushi/U6dZey4Voq9JXOv9G4Rd+lbKUBnTDNqx0zXZaEiSnh19egbRvUjy+dWSNHPiDlMlAx3HGlZ9PmIxj4CJL81fFUfIQUq+Jhw7Tx5rM+QZdZ/W99jg2HF7Lx4GwdP8FBo6qZEFuGRo7yEmJg4Pc7ltzVCy7C0pYeVucFSpUwNwtpvB6r3z4ATo44ge1wsaT71A28vCJcvynXQ/PEjsitnq6iDbPSFXfd1AI3ivnZw62vwF1Y15c/jr2MUHcUQmqKw9mmU3VClxIHcDQGKiNVQ4bY4vNjsrYxQrRWz1aYS2NnIi6qHgXBad59tF1ZGfW6fS6zB9xl6mW+Wa+cz4O7SGxO+oawGoHHEIGBUQSPCZIPp2feyMUuAMR9vKfr2Vkxdn4BdZNkJLrbiBNYj0pLFFG2arGDGVE9+VCvc8AwEZ60xhQ1XZ60/u63UGvlGoH7Bj0kCmlszOiaWjmAbHihb91YCzmZqhMxC1OckM5X3pJfsHQ1eWERv9ZMPODr+VzN9ZOiFRbaPzAoi7yBXTcHF5F/UGwrukf0MsdOWS8xJw537v1QPbdjlVkID88LNgaWPevAM09zqLRgPC+onZb3SdRJPcKscIJ4cvRGPwpAl5vbbs90lY4NhP6as5rsmVECVAhWqMn00b2aozdDpnfxyj7s7m+RiPEG08QxQUx95OUBcTfJfb/hUmpXoTR4st8dTBCsjXwoQOpFam558iri4QYcULuOPw/LZCK0s5etlF+OFqPL9hXs3Q9IteyYmfRanJnMYD37kwa5Aa27Y69X/1ghtJpAjVLVbhjN40cGJVG5MOUfzp8FvfdXV12CsJLTNmIqja1ZE9jiBYXjWujcbsDbr2hyj5Q7utEgUgFkKnryQPSjm0KFMbw/C6Ax9T7c03kRJWKwQI9FLVV9blFf0locklqwHFitpuFjTPpgzyVfM1Bg3aE6p4Pg991bHVWVu/tRmkyjcaZCVEhQCu66enP7aRlNaNucnr62LAb/HmUR0gu8auytQtAJ4vN/VT1j5pukpwG1ZSDp+cze8AZ28cntU879hAYazOE2BQ6T9l4ILeVAsyZG+6P6xRl/pIrGkEz19XzNWPb/z3EuTf0ynYrAH/hN8ua3OZIUzYiTJGOqbVwOvI4virlFUJoGVjYe9fe1rIWBJYKVqPNuoyiJfV53I26WfLBJColMPwGshpTYaJ3oDFLt+rNRjSd/BV1G08G7H8b8oSxXjOjLChtEsi/+SqhCZV0U9f4f0hOWXdRMABNdy3tM5FZKvQ+dhC16aHOnU2eiB2NJFVkQEGAhybaScXDG0KYw3Q==,iv:N2G9kKRYjlzEgb9C0YHcxEK//0mPGDiFR2aejDvIOOk=,tag:riaKsVBUIm796ft4wd6+ZA==,type:str]", "sops": { "age": [ { @@ -143,8 +143,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpYWx1Yy9aNEpnbTdnMmR4\nK1hNTXkrSUVMaE9wR2xTbFVwYzJVVnpQZ1dJCnlKQ2FMa20wUy9nVlFTVmI3WEdu\nMDdIUjVjRCtBVXJzOEVLWHNFTWNkNjgKLS0tIDZiNkVzSzFRa2J6bTFIcFRMemRQ\nOFdPb0xEV2pVVUdsdmFNNGQ5d3hOc2sKeR3NUDYRGDCywMfylXpbo+FOPdtNKkKA\nVffrmB7VKnL+jhKOCjgYeLpSzAQFa3L8QZ9R1xYHa/AmlnEk3IMEBw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-02-06T21:14:11Z", - "mac": "ENC[AES256_GCM,data:7wpdf7B03R8F3Mj2zNApsTX4EDxiuxOHGg+BvnI4Vdg920b02dpvcsP1wkhr1EIew4dR6yxjk14Y69szRRdIqlfgQJF5WXTjsxaU/WuJYwOyylf4uOBZt/l2oiDl1/TsIq+vKNn6NgiHV1/PhYXBz5y2GxAcM1KIc9aBxD6b+G4=,iv:I/qa1KZ93a9gJXxRTjUtBRi7f7LiPvhZXgMBq9Eik/4=,tag:P0VtDXxBG2W7y6xUb2ehig==,type:str]", + "lastmodified": "2026-02-26T10:37:56Z", + "mac": "ENC[AES256_GCM,data:b0uFWyegt9+44xGMbSkWZeQetdv3fcsUWZAHZoQfTHdFZVwOTHq3SpAjTm05I7BLS3ea1PibO0sreJBHO5W/jQXRlliQsn/SODCgIIQnbeRUHj1e1jeJmvPnL1fChufa52tQJmXT0RryatMMU+VSzuprUwE8NVlcRc76fJJ/EU0=,iv:HVhjsDfA2+QonsgElN+LBf12Za4Uo31IBNkRS+VOJxM=,tag:91BOs/2iAFUEEARI9+5zAA==,type:str]", "pgp": [ { "created_at": "2026-01-12T22:05:07Z", @@ -153,6 +153,6 @@ } ], "unencrypted_suffix": "_unencrypted", - "version": "3.11.0" + "version": "3.12.0" } }