chore: update flake

modules/nixos/client/lid.nix

@@ -2,9 +2,9 @@
 {
   options.swarselmodules.lid = lib.mkEnableOption "lid config";
   config = lib.mkIf config.swarselmodules.lid {
-    services.logind = {
-      lidSwitch = "suspend";
-      lidSwitchDocked = "ignore";
+    services.logind.settings.Login = {
+      HandleLidSwitch = "suspend";
+      HandleLidSwitchDocked = "ignore";
     };
     services.acpid = {
       enable = true;

modules/nixos/client/nvd-rebuild.nix

@@ -7,12 +7,12 @@
       pkgs.nvd
     ];
 
-    system.activationScripts.diff = {
-      supportsDryActivation = true;
-      text = ''
-        ${pkgs.nvd}/bin/nvd --color=always --nix-bin-dir=${pkgs.nix}/bin diff \
-             /run/current-system "$systemConfig"
-      '';
-    };
+    # system.activationScripts.diff = {
+    #   supportsDryActivation = true;
+    #   text = ''
+    #     ${pkgs.nvd}/bin/nvd --color=always --nix-bin-dir=${pkgs.nix}/bin diff \
+    #          /run/current-system "$systemConfig"
+    #   '';
+    # };
   };
 }

modules/nixos/client/xdg-portal.nix

@@ -4,11 +4,11 @@
   config = lib.mkIf config.swarselmodules.xdg-portal {
     xdg.portal = {
       enable = true;
-      # config = {
-      #   common = {
-      #     default = "wlr";
-      #   };
-      # };
+      config = {
+        common = {
+          default = "wlr";
+        };
+      };
       wlr.enable = true;
       wlr.settings.screencast = {
         output_name = "eDP-1";

modules/nixos/common/settings.nix

@@ -73,13 +73,15 @@ in
             trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
           };
           # extraOptions = ''
-          #   plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins
+          #   plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
           #   extra-builtins-file = ${self + /nix/extra-builtins.nix}
+          # '' + lib.optionalString (!minimal) ''
+          #   !include ${config.sops.secrets.github-api-token.path}
           # '';
           extraOptions = ''
             plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
-              buildInputs = [pkgs.nixVersions.nix_2_28 pkgs.boost];
-              patches = (o.patches or []) ++ ["${self}/nix/nix-plugins.patch"];
+              buildInputs = [config.nix.package pkgs.boost];
+              patches = o.patches or [];
             })}/lib/nix/plugins
             extra-builtins-file = ${self + /nix/extra-builtins.nix}
           '' + lib.optionalString (!minimal) ''

modules/nixos/server/immich.nix

@@ -1,4 +1,4 @@
-{ lib, config, globals, ... }:
+{ lib, pkgs, config, globals, ... }:
 let
   servicePort = 3001;
   serviceUser = "immich";
@@ -19,6 +19,7 @@ in
 
     services.${serviceName} = {
       enable = true;
+      package = pkgs.stable.immich;
       host = "0.0.0.0";
       port = servicePort;
       openFirewall = true;

modules/nixos/server/kanidm.nix

@@ -50,7 +50,7 @@ in
 
     services = {
       ${serviceName} = {
-        package = pkgs.kanidmWithSecretProvisioning;
+        package = pkgs.kanidmWithSecretProvisioning_1_7;
         enableServer = true;
         serverSettings = {
           domain = serviceDomain;

modules/nixos/server/nginx.nix

@@ -20,7 +20,6 @@ in
 
     security.acme = {
       acceptTerms = true;
-      preliminarySelfsigned = false;
       defaults = {
         inherit dnsProvider;
         email = address3;

modules/nixos/server/settings.nix

@@ -15,11 +15,9 @@ in
 
     environment.shellAliases = lib.recursiveUpdate
       {
-        npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
-        nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch;";
-        npiswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
-        nipswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
-        niswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch --impure;";
+        nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;";
+        nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;";
+        ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;";
       }
       config.swarselsystems.shellAliases;
 

modules/nixos/server/shlink.nix

@@ -3,6 +3,7 @@ let
   servicePort = 8081;
   serviceName = "shlink";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceDir = "/var/lib/shlink";
 
   containerRev = "sha256:1a697baca56ab8821783e0ce53eb4fb22e51bb66749ec50581adc0cb6d031d7a";
 
@@ -42,12 +43,23 @@ in
         config.sops.templates.shlink-env.path
       ];
       ports = [ "${builtins.toString servicePort}:${builtins.toString servicePort}" ];
-      volumes = [ ];
+      volumes = [
+        "${serviceDir}/data:/etc/shlink/data"
+      ];
     };
 
+    systemd.tmpfiles.rules = [
+      "d ${serviceDir}/data 0750 1001 root - -"
+      "d ${serviceDir}/data/cache 0750 1001 root - -"
+      "d ${serviceDir}/data/locks 0750 1001 root - -"
+      "d ${serviceDir}/data/log 0750 1001 root - -"
+      "d ${serviceDir}/data/proxies 0750 1001 root - -"
+    ];
+
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
     environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [
+      { directory = serviceDir; }
       { directory = "/var/lib/containers"; }
     ];
 

modules/nixos/server/slink.nix

@@ -65,7 +65,6 @@ in
           locations = {
             "/" = {
               proxyPass = "http://${serviceName}";
-              setOauth2Headers = false;
             };
             "/image" = {
               proxyPass = "http://${serviceName}";